NdK wrote:
> Il 20/01/2012 21:46, Alan DeKok ha scritto:
>
>> Yeah, I've gone and fixed that. "git" is nice for updating web pages.
> Still there's "Then, fine the mschap module". s/fine/find/ :)
Fixed, thanks.
> BTW, in a real AD setup, with AD servers used as DNS, there should be no
> nee
On Sat, Jan 21, 2012 at 11:14 PM, Dhiraj Gaur wrote:
> The version of radtest on my system doesnt support the -t option, hence even
> after doing radtest -h I could not find anything. I settled for jradius
> client to achieve the same effect already.
It doesn't really matter which client you us
Dhiraj Gaur wrote:
> The version of radtest on my system doesnt support the -t option, hence
> even after doing radtest -h I could not find anything.
Upgrade. It really helps.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
hi Fajar
I did read the replies as well as Alan's page. Being a newbie to FR i
actually started with that only.
On Sat, Jan 21, 2012 at 7:44 PM, Fajar A. Nugraha wrote:
> Did you REALLY read the replies sent to this list?
> Did you REALLY read Alan's page,
> http://deployingradius.com/documents/
Il 20/01/2012 21:46, Alan DeKok ha scritto:
> Yeah, I've gone and fixed that. "git" is nice for updating web pages.
Uh... forgot... When using ntlm_auth with a password, --request-nt-key
seems to have no effect. Tested in different distros.
BYtE,
Diego.
-
List info/subscribe/unsubscribe? See
Il 20/01/2012 21:46, Alan DeKok ha scritto:
> Yeah, I've gone and fixed that. "git" is nice for updating web pages.
Still there's "Then, fine the mschap module". s/fine/find/ :)
BTW, in a real AD setup, with AD servers used as DNS, there should be no
need to setup /etc/krb5.conf: samba can aut
On Sat, Jan 21, 2012 at 8:58 PM, Dhiraj Gaur wrote:
> rad_recv: Access-Request packet from host 127.0.0.1 port 54347, id=2,
> length=57
>
> User-Name = "01546"
> User-Password = ""
The presence of User-Password means you're still using pap.
> Sat Jan 21 19:21:08 2012 :
Hi
I did my tests and after removing that custom block of authorize section
the following is the output.
rad_recv: Access-Request packet from host 127.0.0.1 port 54347, id=2,
length=57
User-Name = "01546"
User-Password = ""
NAS-IP-Address = 192.168.0.99
NAS-
Thanks ndk and alan I lll give it a fresh try to the testbed. I have
already deleted the DEFAULT entry from the users file and updated mschap as
indicated. I think what might be forcing NTLM_AUTH is an entry which i made
to the authorize section of default file after which ntlm_auth strated to
work
NdK wrote:
>> The radclient program has since been updated.
> Then it could be better to update that page, since it's the reference
> for all newbies that try to make it work.
Yeah, I've gone and fixed that. "git" is nice for updating web pages.
> "It *should* work" is more correct :(
> Ther
Il 20/01/2012 19:44, Alan DeKok ha scritto:
> The radclient program has since been updated.
Then it could be better to update that page, since it's the reference
for all newbies that try to make it work.
> You hard-coded it to *always* do NTLM authentication, using the PAP
> credentials. The
Dhiraj Gaur wrote:
rt the server and use a test client to send an MS-CHAP
> authentication request. The |radclient| cannot currently be used to send
> this request, unfortunately, which makes testing a little difficult If
> everything goes well, you should see the server returning an
> Access-Accep
Il 20/01/2012 17:17, Dhiraj Gaur ha scritto:
> Thanks for the reply. I already followed your site and was able to make
> ntlm_auth work. For MS-CHAP the AD page of your site says
>
> "Start the server and use a test client to send an MS-CHAP
> authentication request. The |radclient| cannot curren
HI Alan
Thanks for the reply. I already followed your site and was able to make
ntlm_auth work. For MS-CHAP the AD page of your site says
"Start the server and use a test client to send an MS-CHAP authentication
request. The radclient cannot currently be used to send this request,
unfortunately, w
Dhiraj Gaur wrote:
> I have been trying to implement radius authetication server at my
> workplace. The idea is to have all wifi access points authenticate
> against a radius server.
That is a common deployment, and should be easy to do.
> The radius server needs to pass authentication to a bac
...@lists.freeradius.org]
On Behalf Of Mark Holmes
Sent: 12 October 2010 11:25
To: FreeRadius users mailing list
Subject: RE: Problem with MSCHAP
Alan,
Thanks for your reply.
>how are you testing this - a real client, command line tool etc? when you run
>it in full
>debug mode - and you aren
s.freeradius.org
[mailto:freeradius-users-bounces+mark.holmes=nuffield.ox.ac...@lists.freeradius.org]
On Behalf Of Alan Buxey
Sent: 12 October 2010 10:41
To: FreeRadius users mailing list
Subject: Re: Problem with MSCHAP
Hi,
> I've pasted my debug output into the web t
Hi,
> I've pasted my debug output into the web tool and it picks out the following
> in red
>
> security {
> max_attributes = 200
> reject_delay = 1 (This line in red)
> status_server = yes
> }
>
>
> (all in red)
> Module: Instantiating attr_filter.access_reject
> at
OK,
Just to recap, I'm working on setting Freeradius up to authenticate users to
our wireless network. We want to use PEAP-MSCHAPv2 and authenticate against
Active Directory. I'm using samba and ntlm_auth.
Versions:freeradius2-2.1.7-7.el5 and samba3.0.33-3.29
Needless to say it's failing.
I
>do you REALLY want to accept what the >user puts in as the gospel truth? ie,
>I >wouldnt be comfirtable
taking the user-supplied domain for the >ntlm_auth - I'd set it manually (if it
really >was a local user!)
Good point.
Our existing setup uses IAS, and is configured to expect the domain to
Mark Holmes wrote:
> I wasn't sure about posting the whole lot to this list as it runs to quite a
> few lines so posted it here
>
> http://www.nuffield.ox.ac.uk/scratch/logfile.txt
Cut & paste that into the form on this page:
http://networkradius.com/freeradius.html
Then, look for red / y
All,
Many thanks for the replies.
> Firstly, don't set Auth-Type. It's almost always the wrong thing to do.
Sure - I set that just to test the AD auth was working, and removed it again
prior to configuring mschap.
>EAP is a multi-pass protocol; there will be 4-8 requests, and the actual
>MS-C
Hi,
> I'm new to freeradius, I'm working on setting it up to authenticate users to
> our wireless network. We want to use PEAP-MSCHAPv2 and authenticate against
> Active Directory. I'm using samba and ntlm_auth.
okay - a fairly standard setup for modern 802.1X
> Versions:freeradius2-2.1.7-7.
> [peap] Received EAP-TLV response.
> [peap] Had sent TLV failure. User was rejected earlier in this session.
You need to look earlier in your debug output to see why it was rejected
(that's what this error message means)
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/us
On 08/10/10 14:24, Mark Holmes wrote:
and I see the server returns Access-Accept.
Firstly, don't set Auth-Type. It's almost always the wrong thing to do.
Secondly, this is just testing PAP i.e. plain username/password auth.
Wireless typically uses 802.1x via EAP.
I then configure MS-CHAP
Lukasz Lacinski wrote:
> Alan DeKok wrote:
>> I've committed a fix to CVS head. Please re-test.
>>
> OK. I'm going to test it as soon as possible.
> It means when SIGSEGV will not be so fast ;-)
Some of the data structures in the server have changed, which means
you need to be sure that th
Alan DeKok wrote:
> I've committed a fix to CVS head. Please re-test.
>
OK. I'm going to test it as soon as possible.
It means when SIGSEGV will not be so fast ;-)
Listening on authentication address * port 1812
Listening on accounting address * port 1813
Listening on proxy address * port 1
Lukasz Lacinski wrote:
> Below is my previous e-mail, but with output from freeradius in format easier
> to read.
>
> I use ntlm_auth in mschapv2 (freeradius 20070409) by the following line in
> radiusd.conf:
> ntlm_auth = "/usr/local/eduroam/progs/ntlm/ntlm_auth.pl --request-nt-key
> --usernam
Below is my previous e-mail, but with output from freeradius in format easier
to read.
I use ntlm_auth in mschapv2 (freeradius 20070409) by the following line in
radiusd.conf:
ntlm_auth = "/usr/local/eduroam/progs/ntlm/ntlm_auth.pl --request-nt-key
--username=%{Stripped-User-Name:-%{User-Name:-
29 matches
Mail list logo