Hi,
> so my question is, if the certificate (with server extension) is missing on
> the client, could it interfer in EAP-PEAP authentication success?
yes.
you need a RADIUS cert with the extensions...and if doing proper
PEAP, you need the CA installed on the client too - with 'validate
server
same with winbind. and EAP-TLS
runs Ok
thank you
- Message d'origine
De : Alan DeKok <[EMAIL PROTECTED]>
À : FreeRadius users mailing list
Envoyé le : Samedi, 19 Juillet 2008, 19h05mn 33s
Objet : Re: Re : Re : Re : Re : EAP-TLS OK - EAP-PEAP KO!! why that?
Reveal MAP wrote
Reveal MAP wrote:
>> "f you want to authenticate PEAP users via SQL (which you seem
>> to be saying), then don't configure the mschap module to use ntlm_auth."
>
> my mistake: i didn't know...
Huh? You are aware that AD is not the same as SQL?
> back to Users based on AD.
>...
> in etc/raddb/
--
- Message d'origine
De : Alan DeKok <[EMAIL PROTECTED]>
À : FreeRadius users mailing list
Envoyé le : Samedi, 19 Juillet 2008, 18h07mn 43s
Objet : Re: Re : Re : Re : EAP-TLS OK - EAP-PEAP KO!! why that?
Reveal MAP wrote:
> user=maman
> passwd= ma
Reveal MAP wrote:
> user=maman
> passwd= maman
> is a sql based user.
>
> trying peap with sql based user give error message,
Which... is what? Is it a secret?
> but trying it with
> Ad_based user give no error message, just don't connect...
FreeRADIUS gives no error message? Or the clie
- Message d'origine ----
De : Alan DeKok <[EMAIL PROTECTED]>
À : FreeRadius users mailing list
Envoyé le : Samedi, 19 Juillet 2008, 17h19mn 58s
Objet : Re: Re : Re : EAP-TLS OK - EAP-PEAP KO!! why that?
Reveal MAP wrote:
> Now i am trying to authenticate via PEAP a user existing
#x27;', acctstopdelay
= '0', connectinfo_stop = 'CONNECT 54Mbps 802.11g'
WHERE acctsessionid = '0000-00000007' AND username =
'testuser01' AND nasipaddress = '10.10.44.2
Reveal MAP wrote:
> Now i am trying to authenticate via PEAP a user existing onmy sql database:
The debug log doesn't show that.
> the output is too long, mailing list parameters won't accept it. i post
> part of the output that seem to give the point of misconfiguration. if
> it is not suffici
Re hello:
Now i am trying to authenticate via PEAP a user existing onmy sql database:
the output is too long, mailing list parameters won't accept it. i post part of
the output that seem to give the point of misconfiguration. if it is not
sufficient, please let me know, and i will find a way to
Reveal MAP wrote:
> does someone find normal that EAP-TLS authentication works and not EAP-PEAP?
It depends on how you configure the system.
> I called a SSID "TLS" where security is "WPA Enterprise". it expet users
> to be authenticated via FREERADIUS to be allowed on the network.
> so i use a
> Module: Instantiating eap-mschapv2
> mschapv2 {
>with_ntdomain_hack = no//i set "yes in /etc/raddb/module/mschap
> for this
> but still stay on "no"
> }
Because this is from eap.conf.
Ivan Kalik
Kalik Informatika ISP
-
L
Hi,
on your command line
locate winbind_privileged
it'll usually be /var/cache/samba/
cd /var/cache/samba/
chgrp radiusd winbind_priviledged (if you run radius as group radiusd)
restart freeradius
i dont see how the error/debug output could be any clearer
alan
-
List info/subscribe/unsub
> rlm_mschap: Told to do MS-CHAPv2 for glouglou with NT-Password
>expand: --username=%{mschap:User-Name} -> --username=glouglou
> mschap2: 14
>expand: --challenge=%{mschap:Challenge:-00} ->
> --challenge=91426d1805c9df8e
>expand: --nt-response=%{mschap:NT-Response:-00} ->
>i am not sure, but it might be: the fact that peap needs user/password and i
>just sent username...
No. Password is in the EAP-Message.
>
>or that realm is null...
Not very likely to be a problem.
>
>i read the entire output and am still no sure. anyway, i'll check it as soon
>as i will be
14 matches
Mail list logo