Hi,
I've followed the directions to disable certificate checking on Windows
why? just ensure that the CA for the radius server is installed on the windows
machine - it needs to go into the trusted certs store, not just into personal
store.
alan
-
List info/subscribe/unsubscribe? See
Forgot to add the log:
rad_recv: Access-Request packet from host 192.168.100.31 port 2052, id=2,
length=123
User-Name = brian
NAS-IP-Address = 192.168.100.31
Called-Station-Id = 00259c5266d8
Calling-Station-Id = 00225f72869d
NAS-Identifier = 00259c5266d8
NAS-Port = 41
McCann, Brian wrote:
Hi all. I'm sure some of you are right away thinking not this again, since
this is probably something very simple, but I cannot figure this out. I've
got an XP SP3 client, a Windows 7 SP1 client, and an iPad all trying to sign
in to a WPA2 wireless network, that I
shirkavand wrote:
I have into radcheck table the next user created:
1 | sqltest | Cleartext-Password | := | testpwd
Dont know what i get the No Cleartext-Password configured error too.
Does PAP work?
Did you configure the sql module?
Is the PEAP request for user sqltest?
If you
Hi there,
Thanks for your help.
Does PAP work?
OK as i understand (correct me if i am wrong) no matter if I use MySql or
users.cof file for validating the users, if i execute:
*$radtest sqltest testpwd localhost 1812 testing123*
and the message i get is ( from both, the server terminal
Hi,
5- Then uncommented the sql line for the following sections in the
/etc/freeradius/sites/enabled/default file:
a) authorize
b) accounting
c) session
d) post-auth
6- Ran a radtest, and everyhtin worked fine
ouch. so close!
when you are doing EAP from windows, the
Hi there,
Thank you very much. It worked like a charm.
Cheers,
Shirkavand
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
I have into radcheck table the next user created:
1 | sqltest | Cleartext-Password | := | testpwd
Dont know what i get the No Cleartext-Password configured error too.
Cheers
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Doc Phillips wrote:
I'm trying to prevent rogue devices from connecting to production and
obviously only allow valid users devices. The current setup states
members of domain computers or domain users are allowed to auth against
the radius server. Do you know if its possible through
On Tue, Oct 20, 2009 at 2:46 AM, Alan DeKok al...@deployingradius.comwrote:
Doc Phillips wrote:
I'm trying to prevent rogue devices from connecting to production and
obviously only allow valid users devices. The current setup states
members of domain computers or domain users are allowed
Doc Phillips wrote:
I was thinking something along the lines of
--require-membership-of=domain\\ computers
--require-membership-of=domain\\ users. You can only access the
network if you're logging on from a valid machine with valid
credentials. Does that make sense or am I totally off?
--- On Sun, 10/18/09, Alan Buxey a.l.m.bu...@lboro.ac.uk wrote:
XP caches successful connections - Vista does too IIRC so
I'm not
sure why you are seeing different behaviour.. anyhow..you
can clear
the credentials by blatting a registry on eg logout or
login.
OK, thanks for the
Hello,
I tried asking the post with no response but was hoping you could assist in
my search. I'm currently running a M$ implementation of radius (IAS) for a
small number of users/computers (roughly 300 users and 700 devices all
microsoft based).
I'm trying to prevent rogue devices from
why XP re-authenticates automatically and how to disable it?
b
It's made that way. Why? Ask Microdoft. You can't disale it. You can
remove cached credentials by hacking the registry - search Microsoft
knowldgebase if you want to know how.
why Vista doesn't behave the same way?
Because people
hi,
XP caches successful connections - Vista does too IIRC so I'm not
sure why you are seeing different behaviour.. anyhow..you can clear
the credentials by blatting a registry on eg logout or login.
the RADIUS server wont see the difference between std login and
cached login as the client sends
Alan Buxey wrote:
hi,
XP caches successful connections - Vista does too IIRC so I'm not
sure why you are seeing different behaviour.. anyhow..you can clear
the credentials by blatting a registry on eg logout or login.
the RADIUS server wont see the difference between std login and
cached
The windows supplicant should remove cached credentials if you return an
EAP-Failure before the
EAP type is negotiated.
* EAP Method
signature.asc
Description: OpenPGP digital signature
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
2005/9/11, Alan DeKok [EMAIL PROTECTED]:
You don't. DHCP *is* another protocol. It has *nothing* to do with RADIUS.
ok, thanks for your answer,
I'll try to install pppoe.
--
Pawel volfen Malkowski
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Pawel Malkowski [EMAIL PROTECTED] wrote:
I'm a new Radius Server user, yet I have slight problem with the
configuration. I've managed to configure Radius so that it authorizes
users from LDAP Oracle database. My problem is that I don't know how to
configure Windows (client) so that it gets
Alan DeKok napisał(a):
You don't say what authentication protocol you're using.
If you're using EAP, RADIUS doesn't hand out IP addresses. You need
DHCP for that.
Alan DeKok.
OK I'm using eap, but could you tell me what protocol should I use? I
don't know how to configure dhcp for
Pawel Malkowski [EMAIL PROTECTED] wrote:
OK I'm using eap, but could you tell me what protocol should I use? I
don't know how to configure dhcp for radius.
You don't. DHCP *is* another protocol. It has *nothing* to do with RADIUS.
Alan DeKok.
-
List info/subscribe/unsubscribe? See
-Original Message-From:
[EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of
Jérémy CluzelSent: 02 September 2005 00:37To:
freeradius-users@lists.freeradius.orgSubject: RE: Windows Client
Authentification bevore Domain logonHi Guy,Do you
know working supplicants with a GINA
Things to look for for machine auth:
* SP2 or at least KB826942 loaded
* AuthMode key set to 2
* certs + ca loaded into machine store
* certs with the correct attributes + the magic attribute I've mentioned before
* make sure you select the correct CA in Validate server certificate section
* send
Le 31 août 05 à 18:53, Alan DeKok a écrit :
=?ISO-8859-1?Q?J=E9r=E9my_Cluzel?= [EMAIL PROTECTED] wrote:
Sorry, but I didn't find any references of this OID in the
creation scripts in the scripts directory (Ca.all, CA.certs...).
The only OID added seem to be 1.3.6.1.5.5.7.3.1 and
-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On
Behalf Of Marc-Henri Boisis-delavaud
Sent: 01 September 2005 15:19
To: FreeRadius users mailing list
Subject: Re: Windows Client Authentification bevore Domain logon
Le 31 août 05 à 18:53, Alan DeKok a écrit :
=?ISO-8859-1?Q?J
Please use correct terminology.
It's AUTHENTICATION, not authentification!
To authenticate = authentication
To authorize = authorization
To account = accounting
To identify = identification
--
Groeten, Regards, Salutations,
Thor Spruyt
M: +32 (0)475 67 22 65
E: [EMAIL PROTECTED]
W:
Hi Guy,
Do you know working supplicants with a GINA module ? aegis ? secureW2 ?
Regards,
Jeremy
[EMAIL PROTECTED] a crit:
Date: Thu, 1 Sep 2005 17:10:14 +0100
From: "Guy Davies" [EMAIL PROTECTED]
Subject: RE: Windows Client Authentification bevore Domain logon
To: "F
check this out Jeremy
http://www.linuxjournal.com/article/8095
On Wed, 2005-08-31 at 14:22 +0200, Jérémy Cluzel wrote:
Sorry, but I didn't find any references of this OID in the creation scripts
in the scripts directory (Ca.all, CA.certs...).
The only OID added seem to be 1.3.6.1.5.5.7.3.1
System pocztowy Galtex S.A. informuje, iz Twoja wiadomosc zostala dostarczona
Wiadomosc wygenerowana automatycznie przez system pocztowy uzytkownika belskia
Prosze na ta wiadomosc nie odpowiadac.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Thanks for the answert Alan, but what do you mean that it should be made more prominent in EAP-Conf? Could you give me detailed instructions how i can get this OID to my certificates?ArminFreeRadius users mailing list freeradius-users@lists.freeradius.org schrieb am 25.08.05 17:35:11:Ben Walding
Armin,
At 15:40 24/08/05, you wrote:
Ok, the hole day i tried to get it to work but this time when i install
the certificate as a machine zertifikate the radius authentifikation log
ends up with this log below.
The Certificates where generated with openssl and all works fine as User
I also found using machine certificates to be hit and miss (some
machines they'd be picked up, others they wouldn't - all XP SP2 with
appropriate patches).
And then I stumbled on this
http://lists.cistron.nl/pipermail/freeradius-users/2004-July/034141.html
1.3.6.1.4.1.311.17.2
After I started
Hi, i found this thred yesterday and tried it out to add this OID but it had no effekt...OK maybe i made somthing wrong. Could you describe how you added this oid to your machine zertifikate? Today i built completely new root,server and client certificates depending on the article in
System pocztowy Galtex S.A. informuje, iz Twoja wiadomosc zostala dostarczona
Wiadomosc wygenerowana automatycznie przez system pocztowy uzytkownika belskia
Prosze na ta wiadomosc nie odpowiadac.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Ben Walding [EMAIL PROTECTED] wrote:
And then I stumbled on this
http://lists.cistron.nl/pipermail/freeradius-users/2004-July/034141.html
1.3.6.1.4.1.311.17.2
After I started adding that OID to my machine certs, everything
started working wonderfully.
That OID is added by the cert
At 12:49 23/08/05, you wrote:
Hi, thanks for your email!
Ok, i tried it out but i have some problems. If i use the DWORT String you
sent me it has no efekkt. I found an other DWORT Key which Sounds
AuthMode and with this DWORT he only tries to authentificate with the
machine account. Maybe
Ok, the hole day i tried to get it to work but this time when i install the certificate as a machine zertifikate the radius authentifikation log ends up with this log below.The Certificates where generated with openssl and all works fine as User certificates but not as computer zertificate. I set
System pocztowy Galtex S.A. informuje, iz Twoja wiadomosc zostala dostarczona
Wiadomosc wygenerowana automatycznie przez system pocztowy uzytkownika belskia
Prosze na ta wiadomosc nie odpowiadac.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
You may need to add some extra configuration to your hints file:
# Wireless XP devices prefix the user name with host/
DEFAULT Prefix == host/
Hint = Wireless-Workstation
As far as I understand it, that will chop the host/ off for certain
types of processing. I'm sure Alan will brutally
At 16:26 22/08/05, you wrote:
Hi, i sucessfully installed a Radius authentificated Network with EAP-TLS
Authentifikation. But I cant get logon to my Domain Controller when
themachines boot up.. Ok, I know this Problem is not new, but is there any
chance to solve this problem without additional
Hi, thanks for your email!Ok, i tried it out but i have some problems. If i use the DWORT String you sent me it has no efekkt. I found an other DWORT Key which Sounds "AuthMode" and with this DWORT he only tries to authentificate with the machine account. Maybe you have made a typing mistake in
System pocztowy Galtex S.A. informuje, iz Twoja wiadomosc zostala odebrana
Wiadomosc wygenerowana automatycznie przez system pocztowy uzytkownika belskia
Prosze na ta wiadomosc nie odpowiadac.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
=?iso-8859-1?Q?Kr=E4mer_Armin?= [EMAIL PROTECTED] wrote:
Hi, i sucessfully installed a Radius authentificated Network with EAP-TLS
Authentifikation. But I cant get logon to my Domain Controller when
themachines boot up.. Ok, I know this Problem is not new, but is there any
chance to solve this
--- Larry Wade [EMAIL PROTECTED] wrote:
Does anyone know of an open source client for Windows 2000 or XP? I
don't want to spend $50 per client, the cost of Funk's Odyssey client
For what? 802.1x? See SecureW2
=
Julius Igugu
SouthWork Co. Ltd.
http://wire.cs.nthu.edu.tw/wire1x/
On Tuesday 27 July 2004 22:19, Larry Wade wrote:
Does anyone know of an open source client for Windows 2000 or XP? I
don't want to spend $50 per client, the cost of Funk's Odyssey client
-
List info/subscribe/unsubscribe? See
http://wire.cs.nthu.edu.tw/wire1x/
I tried it some time ago with eap-md5 and W98 and it worked as
advertised. Crude then, but it has seen quite a bit of development
since then. I can't offer and recent experience.
Alternatively, ZyXEL offers free Odyssey and Meetinghouse supplicants,
keyed
46 matches
Mail list logo