On Apr 6, 2009, at 3:49 PM, john wrote:
On Sat, Apr 4, 2009 at 1:16 AM, a.l.m.bu...@lboro.ac.uk wrote:
The howto you sent me says If all goes well, you should see
authentication succeeding (NT_STATUS_OK). You should also see the
NT_KEY output, which is needed in order for FreeRADIUS to
On Apr 8, 2009, at 10:07 AM, Mike Loosbrock wrote:
We run Debian, and we currently have our samba packages pinned at
version 2:3.0.30-3 due to this issue:
http://lists.freeradius.org/pipermail/freeradius-users/2009-February/msg00289.html
List,
I'd be willing to report this bug to the Samba
We run Debian, and we currently have our samba packages pinned at version
2:3.0.30-3 due to this issue:
http://lists.freeradius.org/pipermail/freeradius-users/2009-February/msg00289.html
See the Debain APT manual for information on package pinning.
Thanks Mike! I'll look into this a bit
On Apr 8, 2009, at 11:28 AM, john wrote:
Can you suggest a way to test the cert?
Well, you can use the openssl utility to see what your server
certificate contains:
$ openssl x509 -text -in server-cert-file
Wireshark tells me that my 3Com 3226 switch is sending an eap reject
On Sat, Apr 4, 2009 at 1:16 AM, a.l.m.bu...@lboro.ac.uk wrote:
Hi,
The howto you sent me says If all goes well, you should see
authentication succeeding (NT_STATUS_OK). You should also see the
NT_KEY output, which is needed in order for FreeRADIUS to perform
MS-CHAP authentication. I (0x0)
Hi,
The howto you sent me says If all goes well, you should see
authentication succeeding (NT_STATUS_OK). You should also see the
NT_KEY output, which is needed in order for FreeRADIUS to perform
MS-CHAP authentication. I (0x0) the output being referred to or is
something missing here?
what
Let's not. Updated howto is on:
http://deployingradius.com/documents/configuration/active_directory.html
Thanks for the updated howto.
I followed and it and can successfully complete every step except the
last, (e.g. the one where I must use a windows client to send an
MS-CHAP
Hello all,
I've been at this for two full days with no luck so I hope that folks
here will take me under their wing. :-
I am trying to setup freeradius so that hosts running windows XP/SP2
can be authenticated via .1x. when plugged in to a 3Com 3226 switch.
The freeradius server version is
I am trying to setup freeradius so that hosts running windows XP/SP2
can be authenticated via .1x. when plugged in to a 3Com 3226 switch.
The freeradius server version is 2.1.4, built from source, I added SSL
libraries since Debian's deb for freeradius doesn't ship with them. My
server is running
on this VLAN. Any
idea ?
Thanks,
Frad
--
View this message in context:
http://www.nabble.com/Retrieve-an-user-attribute-from-AD-for-vlan-assignment-in-PEAP-auth-tp22720035p22720035.html
Sent from the FreeRadius - User mailing list archive at Nabble.com.
-
List info/subscribe/unsubscribe? See http
I am configuring a freeradius server with authentication PEAP/Mschap with an
Active Directory. The authentication works :)
There is my question:
I have on my AD an attribute for each user such as vlanId = 12 and I would
like to get this value to assign the user authenticated on this VLAN. Any
idea
Hi,
I need help/advise with te following scenario:
1. I have a freeradius server, this server is not part of Active Directory
Domain, server is able to perform ldapsearch for user account.
2. the workstation is a windows 2000 pc, need to be authenticated thru Cisco
catalyst switch to the
Windows 2000 is not supported, only windows XP
On 4/4/07, wenny wang [EMAIL PROTECTED] wrote:
Hi,
I need help/advise with te following scenario:
1. I have a freeradius server, this server is not part of Active Directory
Domain, server is able to perform ldapsearch for user account.
2. the
1) Microsoft LDAP isn't like normal ldap, you don't get access to the
password. To have freeradius touch the password at any point, it needs to
be on the domain and do a ntlm_auth instead of ldap.
On 4/4/07, wenny wang [EMAIL PROTECTED] wrote:
Hi,
I need help/advise with te following
When generating certificates for use by FreeRadius EAP-TLS, there is an
extension which is to be added to the certificate in order for the client to be
able to validate the certificate against a root CA certificate. If such
extension is not present in your FreeRadius certificate, the auth
Hi,
Freeradius. I still get the same error message on startup regarding no
file for TLS.
I have searched the Debian site, the Freeradius site, and the web in
general and cannot seem to find out how to fix this.
Does anyone know?
How should we? You don't even tell us what the error is.
PROTECTED]; freeradius-users@lists.freeradius.org
Cc :
Subject : RE: Re: PEAP Auth
Hi,
Freeradius. I still get the same error message on startup regarding no
file for TLS.
I have searched the Debian site, the Freeradius site, and the web in
general and cannot seem to find out how
Scott Hughes [EMAIL PROTECTED] wrote:
rlm_eap: Failed to link EAP-Type/tls: rlm_eap_tls.so: cannot open shared
object file: No such file or directory radiusd.conf[9]: eap: Module
instantiation failed.
If you're running debian, re-build the server from source. See the
debian directory.
Hi!
rlm_eap: Failed to link EAP-Type/tls: rlm_eap_tls.so: cannot open shared
object file: No such file or directory radiusd.conf[9]: eap: Module
instantiation failed.
Ah, thank you. That's much more enlightening. For some reason the TLS module
was not compiled and installed.
There was some
On Thu, Jun 22, 2006 at 11:29:39AM -0500, Scott Hughes said:
The exact error is:
rlm_eap: Failed to link EAP-Type/tls: rlm_eap_tls.so: cannot open
shared object file: No such file or directory radiusd.conf[9]: eap:
Module instantiation failed.
I assume this is Debian, since you said you
Title: Message
Hello,
I am attempting to
use the latest Debian build with Freeradius and cannot seem to get PEAP/TLS/TTLS
to work. I have even gone as far as reloading the box fresh and installing
the sources of OpenSSL and then Freeradius. I still get the same error
message on startup
thanks for the help until now!
I have another problem on freeradius, related to PEAP.
The MSCHAP module needs a couple user-pw to perform
authentication... and in the radiusd log I can read
that is not possible to retrieve a NT-password or
NL-password.
But I don't want to use such thing (I read
Gandalf the Gray [EMAIL PROTECTED] wrote:
I would like to submit user and password to my LDAP
server, and this one have to check the right
relationship!
LDAP is a database, not an authentication server.
FreeRADIUS is an authentication server.
Now: is it possible to tell MSCHAP to use
--- Alan DeKok [EMAIL PROTECTED] wrote:
Gandalf the Gray [EMAIL PROTECTED] wrote:
It seems no EAP-challenge is really going on.
this is the output from tre radius server after a
try
made by AEGIS client under windows XP, with PEAP
MSCHAPv2.
The AEGIS client works with FreeRADIUS.
I changed the settings of the AP, allowing Aironet
Extensions and the result is a little different, now
TLS is performed, but it still doesn't work fine...
rad_recv: Access-Request packet from host
192.168.127.36:21646, id=158, length=145
User-Name = fresh
Framed-MTU = 1400
Gandalf the Gray [EMAIL PROTECTED] wrote:
I checked and set a single IP address on my freeradius
server.
But it seems always the same result...
this is my log by radiusd -X:
...
Which shows that the client is sending a duplicate request to the
server. i.e. the client is probably never
Hi, I'm new on this mailing list, please help me
clearly.
I need to build a Wireless-net based on Freeradius as
authentication server, a Cisco aironet 1200 AP, and
WPA with TKIP encryption.
I need to use TTLS or PEAP, for they allow users to
don't user their own certificates, to make connection
I forgot to explain the real problem!
I cannot authenticate any user, try to connect to my
network through a supplicant, both from Windows and
from WPA-supplicant under Linux.
It seems no EAP-challenge is really going on.
this is the output from tre radius server after a try
made by AEGIS client
I forgot to explain the real problem!
I cannot authenticate any user, try to connect to my
network through a supplicant, both from Windows and
from WPA-supplicant under Linux.
It seems no EAP-challenge is really going on.
this is the output from tre radius server after a try
made by AEGIS client
Gandalf the Gray [EMAIL PROTECTED] wrote:
It seems no EAP-challenge is really going on.
this is the output from tre radius server after a try
made by AEGIS client under windows XP, with PEAP
MSCHAPv2.
The AEGIS client works with FreeRADIUS.
What the debug log shows Is that the client is
Daniel Davidson [EMAIL PROTECTED] wrote:
while looking at the radiusd.conf file, I noticed that the ldap area
said something about that to use the sambaNTPassword field that it has
to start with a 0x. Does this mean that in LDAP that this value must be
stored as:
sambaNTPassword:
It never gives one with this configuration, it just keeps repeating the
same request over and over again, never accepting or rejecting after the
Access-Challenge is sent back to the access point.
Dan
On Thu, 2004-11-04 at 10:48, Alan DeKok wrote:
Daniel Davidson [EMAIL PROTECTED] wrote:
Are you sure that you have the CA certificate you're using with
FreeRADIUS installed on the XP system you're using as a supplicant?
This could be a symptom of XP not recognizing the signer of the
certificate presented in the 802.1x conversation and refusing to
continue authentication.
FYI, here,
Thanks for the info, now we are getting somewhere I just have unchecked
the validate server certificate area for now. Now I am getting a
rejection. Any ideas?
thanks again for the help,
Dan
rad_recv: Access-Request packet from host 128.174.124.2:1024, id=0,
length=224
User-Name =
Daniel Davidson [EMAIL PROTECTED] wrote:
Thanks for the info, now we are getting somewhere I just have unchecked
the validate server certificate area for now. Now I am getting a
rejection. Any ideas?
You said you were storing the passwords in LDAP, but the debug log
doesn't show the LDAP
I uncommented and did appropriate changes (below) to the ldap section of
the modules area. What else needs done? I am deleting the commented
lines.
Dan
ldap {
server = lap server's real name
basedn = ou=People,dc=igb,dc=uiuc,dc=edu
filter
I uncommented and did appropriate changes (below) to the ldap section of
the modules area. What else needs done? I am deleting the commented
lines.
Un-comment other references to ldap in radiusd.conf.
At least in the authorize section.
Alan DeKok.
-
List info/subscribe/unsubscribe?
That did it, thanks everyone,
Dan
On Thu, 2004-11-04 at 12:49, Alan DeKok wrote:
I uncommented and did appropriate changes (below) to the ldap section of
the modules area. What else needs done? I am deleting the commented
lines.
Un-comment other references to ldap in radiusd.conf.
What should default Auth-type be set to then? Right now I am getting a:
auth: No authenticate method (Auth-Type) configuration found for the
request: Rejecting the user
error message from the daemon.
thanks again,
Dan
On Tue, 2004-11-02 at 17:10, Alan DeKok wrote:
Daniel Davidson [EMAIL
Daniel Davidson [EMAIL PROTECTED] wrote:
What should default Auth-type be set to then? Right now I am getting a:
auth: No authenticate method (Auth-Type) configuration found for the
request: Rejecting the user
error message from the daemon.
Then you've edited the default radiusd.conf
Daniel Davidson [EMAIL PROTECTED] wrote:
I am sure this has been answered many times, but I cannot find it. I
keep getting Login incorrect: [danield/no User-Password attribute]
errors and I cannot figure out where the problem is I realize there is
some stuff I can take out, but I Here is the
So is there a way to have users authorize themselves with an LDAP
server, and what is the process for doing that? Use PAM and set the
system up to have PAM auth against LDAP?
Dan
On Tue, 2004-11-02 at 09:40, Alan DeKok wrote:
Daniel Davidson [EMAIL PROTECTED] wrote:
I am sure this has been
Daniel Davidson [EMAIL PROTECTED] wrote:
So is there a way to have users authorize themselves with an LDAP
server, and what is the process for doing that? Use PAM and set the
system up to have PAM auth against LDAP?
No. You already have authorization being done via LDAP.
What I said was
Probably a stupid question, but I assume you mean that in the users file
I do not set it to:
DEFAULT Auth-type := LDAP
and in the authenticate {} area of radiusd.conf the ldap areas should be
commented out.
Is this correct and what should the proper settings be to get this done?
thanks,
Dan
Daniel Davidson [EMAIL PROTECTED] wrote:
Probably a stupid question, but I assume you mean that in the users file
I do not set it to:
DEFAULT Auth-type := LDAP
and in the authenticate {} area of radiusd.conf the ldap areas should be
commented out.
Yes.
Is this correct and what should
atul dhingra [EMAIL PROTECTED] wrote:
Please find below the gdb output, would appreciate your comments:
...
(gdb) bt
#0 0x401420d7 in BIO_read () from /lib/libcrypto.so.0.9.7
#1 0x40290ffe in tls_handshake_send (ssn=0x40290798) at tls.c:230
Look at the parameters passed by that line of
So you're still getting the core dump. Let me guess... you have two
versions of OpenSSL installed, and you built the server without using
--disable-shared.
Fix one of those two problems, and it will work.
Alan DeKok.
I am still getting the same dump, I have used --disable-shared while
atul dhingra [EMAIL PROTECTED] wrote:
I am still getting the same dump, I have used --disable-shared while
building the radius server
Would appreciate your comments
shrug gdb and/or valgrind.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Hello,
Following is the crux of what I am stuck on now:
I am trying to use freeradius for xp clients,
I get following messages when trying to use peap as default eap type (full
log attched) :
First i recieve all the success logs as follows:
...truncated...
TLS_accept: SSLv3 write
49 matches
Mail list logo