Anders Holm escribió:
[snip]
rlm_pap: WARNING! No known good password found for the user.
Authentication may fail because of this. //Normal, i am not
willing to do PAP but mschapv2
me If you’re not using a module, disable it. All it’ll do is add
latency, delays and
Sergio wrote:
I'm agree, a good begining would be comment out all modules you're not
using. The instances of the modules are in sites-enabled/default and
sites-enabled/inner-tunnel (for peap and ttls).
For debugging... no. The default configuration file WORKS in the
widest possible set of
I'm agree, a good begining would be comment out all modules you're not
using. The instances of the modules are in sites-enabled/default and
sites-enabled/inner-tunnel (for peap and ttls).
-
--- Donb't worry, it will be done soon (as soon as the week starts again ). i
really want to figure it
the
certificatuion chain!!!
thanx a lot
- Message d'origine
De : Alan DeKok [EMAIL PROTECTED]
À : FreeRadius users mailing list freeradius-users@lists.freeradius.org
Envoyé le : Dimanche, 27 Juillet 2008, 8h51mn 35s
Objet : Re: Re : cert bootstrap bug? (was Re: definitively, I have a problem
Reveal MAP wrote:
Yes, Alan, we already now that thedefault config do works! my mind:
freeradius (in our case, sergio and me) is correctly configured. But, we
encounterd a problem showing no error message. so to make the log
slimmer, why not deactivate some non mandatory module in our
problem out .
- Message d'origine
De : Alan DeKok [EMAIL PROTECTED]
À : FreeRadius users mailing list freeradius-users@lists.freeradius.org
Envoyé le : Dimanche, 27 Juillet 2008, 19h42mn 23s
Objet : Re: Re : cert bootstrap bug? (was Re: definitively, I have a problem
with eap-tls)
Reveal MAP
Reveal MAP wrote:
now we know what not to do at all. we are still wondering what we have
to do.
Use a client that isn't broken. Sorry. Try SecureW2.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Reveal MAP escribió:
installing ca.der and putting user pass into client machine, the
authentication doesn't work?
-- no, it doesn't!
you only need ca.der but, if you have an active directory like LDAP,
check if your comunication with AD server also have tls authentication.
Into ldap
see the logf there: http://tinypaste.com/5b99b
Your problem is nothing to do with certificates. The PEAP tunnel gets
setup correctly, the MS-CHAP client-server auth succeeds, but the final
server-client (mutual) auth appears to fail.
This could be for a number of reasons, but it's a
thanx for responding dude. let's take a look at this part of log!
(remember too that i am a new linux, many thing are still chinese for
me)
i agree, my certificate are OK to do EAP in general
my coments are the red lines :
my mschap module config is:
--
mschap {
use_mppe =
PROTECTED]
À : FreeRadius users mailing list freeradius-users@lists.freeradius.org
Envoyé le : Vendredi, 25 Juillet 2008, 20h51mn 58s
Objet : Re : Re : cert bootstrap bug? (was Re: definitively, I have a problem
with eap-tls)
Are you using vista supplicant? By reading the last lines of your radius
[snip]
rlm_pap: WARNING! No known good password found for the user. Authentication
may fail because of this.//Normal, i am not willing to do
PAP but mschapv2
me If you¹re not using a module, disable it. All it¹ll do is add latency,
delays and unnecessary log
hmm... it's true i didn't test authentication with another laptop! i will! and
i will too with secureW2 instead ofXP built-in wireless manager, and see!!
see the logf there: http://tinypaste.com/5b99b
Your problem is nothing to do with certificates. The PEAP tunnel gets
setup correctly, the
e: Re : cert bootstrap bug? (was Re: definitively, I have a problem with
eap-tls)
http://tinypaste.com/5b99b = Radiusd -X output.
[snip]
rlm_pap: WARNING! No known good password found for the user. Authentication
may fail because of this.//Normal, i am not willing to do
On Thu, Jul 24, 2008 at 09:14:54PM +0200, Alan DeKok wrote:
Phil Mayers wrote:
Alan - it does look to my untrained eye as if the client.crt Makefile
target in /etc/raddb/certs is signing the client key with the server
key. Is this intentional, or a bug?
It's intentional. It's a perfectly
freeradius-users@lists.freeradius.org
Envoyé le : Jeudi, 24 Juillet 2008, 19h54mn 32s
Objet : Re: cert bootstrap bug? (was Re: definitively, I have a problem with
eap-tls)
Sergio wrote:
But the debug I posted shows that radius doesn't recognize the issuer of
client cert using default certs
: FreeRadius users mailing list freeradius-users@lists.freeradius.org
Envoyé le : Jeudi, 24 Juillet 2008, 19h54mn 32s
Objet : Re: cert bootstrap bug? (was Re: definitively, I have a
problem with eap-tls)
Sergio wrote:
But the debug I posted shows that radius doesn't recognize the issuer of
client cert
d'origine
De : Sergio [EMAIL PROTECTED]
À : FreeRadius users mailing list freeradius-users@lists.freeradius.org
Envoyé le : Vendredi, 25 Juillet 2008, 13h20mn 54s
Objet : Re: Re : cert bootstrap bug? (was Re: definitively, I have a problem
with eap-tls)
Reveal MAP escribió:
HOW TO FIX THE PROBLEM
open!
- Message d'origine
De : Sergio [EMAIL PROTECTED]
À : FreeRadius users mailing list freeradius-users@lists.freeradius.org
Envoyé le : Vendredi, 25 Juillet 2008, 13h20mn 54s
Objet : Re: Re : cert bootstrap bug? (was Re: definitively, I have a
problem with eap-tls)
Reveal MAP
installing ca.der and putting user pass into client machine, the
authentication doesn't work?
-- no, it doesn't!
you only need ca.der but, if you have an active directory like LDAP,
check if your comunication with AD server also have tls authentication.
Into ldap module you can
Are you using vista supplicant? By reading the last lines of your radius
debug file it seems so...
See earlier posts with subject: PEAP or TTLS and Microsoft Vista.
Sex, 2008-07-25 às 17:10 +, Reveal MAP escreveu:
installing ca.der and putting user pass into client machine, the
nf-vale escribió:
Are you using vista supplicant? By reading the last lines of your radius
debug file it seems so...
See earlier posts with subject: PEAP or TTLS and Microsoft Vista.
Sex, 2008-07-25 às 17:10 +, Reveal MAP escreveu:
installing ca.der and putting user pass into
Phil Mayers wrote:
Alan - it does look to my untrained eye as if the client.crt Makefile
target in /etc/raddb/certs is signing the client key with the server
key. Is this intentional, or a bug?
It's intentional. It's a perfectly valid use of certificate chains.
The idea is that you have
Alan DeKok escribió:
Phil Mayers wrote:
Alan - it does look to my untrained eye as if the client.crt Makefile
target in /etc/raddb/certs is signing the client key with the server
key. Is this intentional, or a bug?
It's intentional. It's a perfectly valid use of certificate chains.
Alan DeKok escribió:
Phil Mayers wrote:
Alan - it does look to my untrained eye as if the client.crt Makefile
target in /etc/raddb/certs is signing the client key with the server
key. Is this intentional, or a bug?
It's intentional. It's a perfectly valid use of certificate chains.
25 matches
Mail list logo