Hi,
> so my question is, if the certificate (with server extension) is missing on
> the client, could it interfer in EAP-PEAP authentication success?
yes.
you need a RADIUS cert with the extensions...and if doing proper
PEAP, you need the CA installed on the client too - with 'validate
server
UTH authenticate successfully against AD, same with winbind. and EAP-TLS
runs Ok
thank you
- Message d'origine
De : Alan DeKok <[EMAIL PROTECTED]>
À : FreeRadius users mailing list
Envoyé le : Samedi, 19 Juillet 2008, 19h05mn 33s
Objet : Re: Re : Re : Re : Re : EAP-TLS
same with winbind. and EAP-TLS
runs Ok
thank you
- Message d'origine
De : Alan DeKok <[EMAIL PROTECTED]>
À : FreeRadius users mailing list
Envoyé le : Samedi, 19 Juillet 2008, 19h05mn 33s
Objet : Re: Re : Re : Re : Re : EAP-TLS OK - EAP-PEAP KO!! why that?
Reveal MAP wrote
Reveal MAP wrote:
>> "f you want to authenticate PEAP users via SQL (which you seem
>> to be saying), then don't configure the mschap module to use ntlm_auth."
>
> my mistake: i didn't know...
Huh? You are aware that AD is not the same as SQL?
> back to Users based on AD.
>...
> in etc/raddb/
--
- Message d'origine
De : Alan DeKok <[EMAIL PROTECTED]>
À : FreeRadius users mailing list
Envoyé le : Samedi, 19 Juillet 2008, 18h07mn 43s
Objet : Re: Re : Re : Re : EAP-TLS OK - EAP-PEAP KO!! why that?
Reveal MAP wrote:
> user=maman
> passwd= ma
Reveal MAP wrote:
> user=maman
> passwd= maman
> is a sql based user.
>
> trying peap with sql based user give error message,
Which... is what? Is it a secret?
> but trying it with
> Ad_based user give no error message, just don't connect...
FreeRADIUS gives no error message? Or the clie
- Message d'origine ----
De : Alan DeKok <[EMAIL PROTECTED]>
À : FreeRadius users mailing list
Envoyé le : Samedi, 19 Juillet 2008, 17h19mn 58s
Objet : Re: Re : Re : EAP-TLS OK - EAP-PEAP KO!! why that?
Reveal MAP wrote:
> Now i am trying to authenticate via PEAP a user existing
#x27;', acctstopdelay
= '0', connectinfo_stop = 'CONNECT 54Mbps 802.11g'
WHERE acctsessionid = '0000-00000007' AND username =
'testuser01' AND nasipaddress = '10.10.44.2
Reveal MAP wrote:
> Now i am trying to authenticate via PEAP a user existing onmy sql database:
The debug log doesn't show that.
> the output is too long, mailing list parameters won't accept it. i post
> part of the output that seem to give the point of misconfiguration. if
> it is not suffici
Re hello:
Now i am trying to authenticate via PEAP a user existing onmy sql database:
the output is too long, mailing list parameters won't accept it. i post part of
the output that seem to give the point of misconfiguration. if it is not
sufficient, please let me know, and i will find a way to
Reveal MAP wrote:
> does someone find normal that EAP-TLS authentication works and not EAP-PEAP?
It depends on how you configure the system.
> I called a SSID "TLS" where security is "WPA Enterprise". it expet users
> to be authenticated via FREERADIUS to be allowed on the network.
> so i use a
know it's not school here but realize that it's not easy to surround
alone. thank your for your explanation and your time!
- Message d'origine
De : Ivan Kalik <[EMAIL PROTECTED]>
À : FreeRadius users mailing list
Envoyé le : Vendredi, 18 Juillet 2008, 20h00mn 31s
Ob
> Module: Instantiating eap-mschapv2
> mschapv2 {
>with_ntdomain_hack = no//i set "yes in /etc/raddb/module/mschap
> for this
> but still stay on "no"
> }
Because this is from eap.conf.
Ivan Kalik
Kalik Informatika ISP
-
L
Module: Linked to sub-module rlm_eap_peap
Module: Instantiating eap-peap
peap {
default_eap_type = "mschapv2"
copy_request_to_tunnel = yes
use_tunneled_reply = yes
proxy_tunneled_request_as_eap = yes
}
Module: Linked to sub-module rlm_eap_mschapv2
Module: In
Hi,
on your command line
locate winbind_privileged
it'll usually be /var/cache/samba/
cd /var/cache/samba/
chgrp radiusd winbind_priviledged (if you run radius as group radiusd)
restart freeradius
i dont see how the error/debug output could be any clearer
alan
-
List info/subscribe/unsub
true!
there was a great problem with winbindwhich did'n want to run. I had to rename
winbindd_priviledged to make it work.
so now, the previous error:
---
rlm_mschap: No Cleartext-Password configured. Cannot create LM-Password.
rlm_mschap: No Cl
> rlm_mschap: Told to do MS-CHAPv2 for glouglou with NT-Password
>expand: --username=%{mschap:User-Name} -> --username=glouglou
> mschap2: 14
>expand: --challenge=%{mschap:Challenge:-00} ->
> --challenge=91426d1805c9df8e
>expand: --nt-response=%{mschap:NT-Response:-00} ->
>i am not sure, but it might be: the fact that peap needs user/password and i
>just sent username...
No. Password is in the EAP-Message.
>
>or that realm is null...
Not very likely to be a problem.
>
>i read the entire output and am still no sure. anyway, i'll check it as soon
>as i will be
well...
i am not sure, but it might be: the fact that peap needs user/password and i
just sent username...
or that realm is null...
i read the entire output and am still no sure. anyway, i'll check it as soon as
i will be in front of the machine again!
thank you
-
- Message d'ori
rlm_eap_peap: Session established. Decoding tunneled attributes.
rlm_eap_peap: Received EAP-TLV response.
rlm_eap_peap: Had sent TLV failure. User was rejected earlier in
this session.
Read the *whole* debug output; somewhere further up will be the reason
the user was rejected.
-
Lis
20 matches
Mail list logo
