mel wrote:
In that case, something is *really* wrong with my setup and I have no
idea why. I can only authenticate if the password in OpenLDAP is
cleartext, but never if it's hashed. debug output, radiud.conf (modules
ldap section), sites-enable/default follows.
I managed to get the
mel wrote:
In that case, something is *really* wrong with my setup and I have no
idea why. I can only authenticate if the password in OpenLDAP is
cleartext, but never if it's hashed. debug output, radiud.conf (modules
ldap section), sites-enable/default follows.
You have edited the
Hi,
authorize {
preprocess
ldap
chap
mschap
suffix
eap
#files
}
See? You edited that. A lot. And broke it.
You got that right - I've accidently/intentionally (I can't remember
which) deleted pap. My bad.
I have *no* idea why so many people install the
mel wrote:
I've managed to setup FreeRadius with OpenLDAP. The passwords however,
are hashed (e.g. {SHA}) in LDAP. Authenticating directly to LDAP
works, but it failed with Freeradius.
What does that mean?
If the password is in plain-text,
authentication is successful.
Well, yes.
Hi,
FreeRADIUS does that automatically... IF it receives a password in the
Access-Request. If it doesn't receive a password in the Access-Request,
what you want to do is impossible.
See the web page for more explanations.
A bit clearer now. So you're saying that I should use:
radtest
mel wrote:
A bit clearer now. So you're saying that I should use:
radtest testuser {SHA}... radiusserver 0 secret
No. The *client* is not the *server*. The client sends a clear-text
password to the server. The server looks up the user in a database, and
(perhaps) finds a SHA hashed
Alan DeKok wrote:
password to the server. The server looks up the user in a database, and
(perhaps) finds a SHA hashed password. The server then SHA hashes the
password supplied by the client, and compares it to the SHA password
from the database.
In that case, something is *really* wrong
On Monday 02 January 2006 05:46, [EMAIL PROTECTED] wrote:
Here is my problem:
When I start the radtest binary:
radtest test supersecret localhost 2 testing123
rad_recv: Access-Reject packet from host 127.0.0.1:1812, id=45,
length=20
You have set your server to do EAP.
Hi,
I would say that you can't test direcly your EAP auth using radtest because
radtest doesn't send a EAP-Message into its requests. You have two choices
here, use radclient with correct params to test EAP ou take a real windows
clients and configure auth to be EAP.
Regards,
--
Sebastien Cantos
On Monday 02 January 2006 10:11, Robert WAKIM wrote:
Thanks for the answer, I've tried radeapclient but it keeps segfaulting.
I've browsed google to find a windows eap-md5 test client without any
success.
Sorry, I can't help with radeapclient.
Do you have any advices on how to test the
10 matches
Mail list logo