Tekán Dávid wrote:
> Don't want to store cleartext password, so i created for every user an
> NT-Password as well beyond the MD5-Password, and it appears in the sql
> database as well (also checked the queries when it queries the
> rad_check table, it's there in the response as well).
You need t
Hi All!
I'm trying to set up a radius server to guide our users network usage.
We have wifi as well, so i want to expand it to the wifi as well
(using WPA2 Enterprise). To autenticate users connecting the network
by ethernet cable, i use the latest coovachilli.
I've set up radius and coovachilli o
> > > helpful
> > > part:
> > >
> > > "WARNING: Unprintable characters in the password. Double-check
> > > the shared secret on the server and the NAS!"
> > >
> > > How about doing exactly
ak:
> > > Hello Friends,
> > >
> > > I met a issue regarding password/authentication with FreeRadius,
> > Could
> > > anybody help for the issue, Thanks!
> > >
> > > User-Password = "?\210\365@\263\t\306\34
Hi,
>User-Password = "?\210\365@\263\t\306\343\243iT?\311C\t\002"
incorrect shared secret...and the radius -X log will show that too - with info
saying to check the shared secret
I take it your radiusclient and freeradius are running on the same box
- which is why you are only using 'localh
body help for the issue, Thanks!
> > >
> > > User-Password = "?\210\365@\263\t\306\343\243iT?\311C\t\002"
> > >
> > > [pap] WARNING! No "known good" password found for the user.
> > > Authentication m
for the issue, Thanks!
> >
> > User-Password = "?\210\365@\263\t\306\343\243iT?\311C\t\002"
> >
> > [pap] WARNING! No "known good" password found for the user.
> > Authentication may fail because of this.
> > ++[pap
tication may fail because of this.
> > ++[pap] returns noop
> > ERROR: No authenticate method (Auth-Type) found for the request:
> > Rejecting the user
> >
> > The details in below mails.
> >
> > Regards,
> > Charles
> >
> > Forwarded
r the user.
> Authentication may fail because of this.
> ++[pap] returns noop
> ERROR: No authenticate method (Auth-Type) found for the request:
> Rejecting the user
>
> The details in below mails.
>
> Regards,
> Charles
>
> Forwarded conversation
> Subject: *Au
ause of this.
++[pap] returns noop
ERROR: No authenticate method (Auth-Type) found for the request: Rejecting
the user
The details in below mails.
Regards,
Charles
Forwarded conversation
Subject: Authentication failure issue
From: *fieldpeak*
Date: 2011/8/4
Jenny Liew wrote:
> However, when I tried to run radlogin command, i kept getting this
> output on my client side;
What is "radlogin" ?
> when I run radexample, I did get successful authentication with the
> username and password. However, when i tried to run radacct, my client
> seems that sto
ever, when I tried to run radlogin command, i kept getting this output on
my client side;
Radius: authentication failure
local: authentication failure
when I run radexample, I did get successful authentication with the username
and password. However, when i tried to run radacct, my client seems
Hi,
> I am using freeradius-server-2.1.4. I changed only the below files
>
> Users
>
> "iss" Auth-Type := Local, User-Password == "iss123"
dont set Auth-Type and change the Password entry. should be
"iss" Cleartext-Password := "iss123"
alan
-
List info/subscribe/unsubscribe? See http://www.f
Am 21.07.2009 um 11:04 schrieb Vamsi Krishna Valiveti:
Hi,
I am using freeradius-server-2.1.4. I changed only the below files
Users
"iss" Auth-Type := Local, User-Password == "iss123"
Try to use
Cleartext-Password := "iss123"
Passwords must be assigned ( := ) not compared ( == ).
Also
Hi,
I am using freeradius-server-2.1.4. I changed only the below files
Users
"iss" Auth-Type := Local, User-Password == "iss123"
Clients.conf
client 13.0.0.5 {
secret = AricentRadius
shortname = fs
nastype = other
With the above changes I am getting error marked RED . Please he
Problem solved! It was a routing problem... the APs are on a different
subnet as the RADIUS server. Their default gateways were set to the correct
host, that's why they could talk to the RADIUS server. The problem is, that
recently we added a ppp connection to the server, which overwrote the
defaul
It's getting even more interesting: using the same configuration, but with
another access point (same model and firmware version): works flawlessly.
There are only two differences between the setups:
- In the test environment, the AP is located near to the test machine (it
was placed about 5-6 mete
2009/6/11 Matthieu Lazaro
> !
> eap profile < Profile Name>
> method mschapv2
> !
>
I don't have the lines above in my config. Does this have any influence on
the way the AP proxies radius packets? I think, this is only relevant if the
AP authenticates using its own database, right?
-
List info
Hi,
> It really is an AP issue. Using another AP (SMC WEBT-G) with the same Radius
> config works... Both Windows XP and Ubuntu connects successfully, no matter
> if I set certificate validation on or off... Anyway, there are two EAP
> setting which is supported by the Cisco AP: Open mode with EAP
kissg a écrit :
>
>
> It really is an AP issue. Using another AP (SMC WEBT-G) with the same
> Radius config works... Both Windows XP and Ubuntu connects
> successfully, no matter if I set certificate validation on or off...
> Anyway, there are two EAP setting which is supported by the Cisco AP:
>
2009/6/10 Diego Martín Capello
> Hi alan,
> > Hi,
> >
> >
> > self-signed are perfectly fine - but you need to ensure that the CA
> > used is installed onto the client!
> >
> > you should *never* run an EAP client without certificate validation
>
> I agree with you, but this is only for testing p
Hi alan,
> Hi,
>
>
> self-signed are perfectly fine - but you need to ensure that the CA
> used is installed onto the client!
>
> you should *never* run an EAP client without certificate validation
I agree with you, but this is only for testing purposes. Each client is
responsible for the configur
Hi,
> I think you are using sef-signed ssl certificates in the freeradius server
> and the windows XP client is trying to "validate" them; if that is right
> try to configure windows xp client to not to validate them. Best regards
> and sorry for my english!
self-signed are perfectly fine - but y
>> Follow the instructions on my web site: http://deployingradius.com
>> It has a step by step guide to get EAP working. Follow the guide. It
>> *will* work.
>>
>> Alan DeKok.
>> -
>> List info/subscribe/unsubscribe? See
>> http://www.freeradius.org/list/users.html
>>
>
> Thanks, I'm going t
@lists.freeradius.org]
On Behalf Of kissg
Sent: Wednesday, June 10, 2009 10:12 AM
To: FreeRadius users mailing list
Subject: Re: Authentication failure - PEAP - MS-CHAPv2
Follow the instructions on my web site: http://deployingradius.com
It has a step by step guide to get EAP working. Follow
> Follow the instructions on my web site: http://deployingradius.com
>
> It has a step by step guide to get EAP working. Follow the guide. It
> *will* work.
>
> Alan DeKok.
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
>
Thanks, I'm going to try it. An
Hi,
> I'm not able to do that now. I only saw two interesting things in the
no debug = no help :-|
you might want to try the latest 2.1.6 as the bootstrap EAP ing got
a bit cleaner - are you using EAP-PEAP or are you putting client certs
on the windows and actually using EAP-TLS ? following the
kissg wrote:
> The strange thing is, that the same happens, if I try to connect from
> the Ubuntu client. I've set the AP to WPA-PSK now, but it would be nice
> if we could use PEAP, as it is more secure (security plays an important
> role on this network, as there is a hotspot system configured on
The strange thing is, that the same happens, if I try to connect from the
Ubuntu client. I've set the AP to WPA-PSK now, but it would be nice if we
could use PEAP, as it is more secure (security plays an important role on
this network, as there is a hotspot system configured on these APs). The
main
kissg wrote:
> I'm not able to do that now. I only saw two interesting things in the
> output: a warning message about the LDAP directory, but that's okay,
> because there are no clear text passwords, only NT-hashed ones. The
> output tells me, that the user is authorized for access.
> Then, the EA
I'm not able to do that now. I only saw two interesting things in the
output: a warning message about the LDAP directory, but that's okay, because
there are no clear text passwords, only NT-hashed ones. The output tells me,
that the user is authorized for access.
Then, the EAP conversation starts,
> I'm having a strange issue with FreeRADIUS 2.1.4, using a configuration
> with
> the following items:
>
> - Cisco Aironet 1130AG access point
> - Ubuntu-based server with FreeRADIUS and OpenLDAP
> - Client machines (Windows XP SP2, Ubuntu 9.04)
>
> The issue I have is, that I don't get a response
Dear List,
I'm having a strange issue with FreeRADIUS 2.1.4, using a configuration with
the following items:
- Cisco Aironet 1130AG access point
- Ubuntu-based server with FreeRADIUS and OpenLDAP
- Client machines (Windows XP SP2, Ubuntu 9.04)
The issue I have is, that I don't get a response fro
Thanks a lot Alan. It worked.
(echo 'User-Name="userX"'; echo 'CHAP-Password="secretpass"') |
/usr/local/bin/radclient -x 192.168.11.94:1812 auth testing123
Sending Access-Request of id 85 to 192.168.11.94 port 1812
User-Name = "userX"
CHAP-Password = 0x5514442c350a2fbb54e47ee2d499
Sudarshan Soma wrote:
> Hi,
> Iam trying to understand CHALLENGE RESPONSE behaviour. I have tried to
> use CHAP protocol and issued the following.
> echo 'User-Name="userX"'; echo 'CHAP-Password="stealme"' |
> /usr/local/bin/radclient -x 192.168.11.94:1812 auth testing12
>
> It gives me the follo
Hi,
Iam trying to understand CHALLENGE RESPONSE behaviour. I have tried to
use CHAP protocol and issued the following.
echo 'User-Name="userX"'; echo 'CHAP-Password="stealme"' |
/usr/local/bin/radclient -x 192.168.11.94:1812 auth testing12
It gives me the following error:
User-Name="userX"
Sendin
1. Secret is different (probability 99%)
2. MD5 libraries on the client or the server are broken
I would delete the secret on the server and the client and type in
another one. If that doesn't work then you will need to fix the MD5
calculations. If it's the server you will get this problem with ev
Hi,
I'm using Freeradius 1.1.6 inside a Solaris 10 zone and compiled
it from vanilla sources. I configured rlm_ldap since the
usernames and cleartext-passwords are stored in an LDAP
directory and it works just fine for applications like Cisco-VPN
or 802.1X EAP-TTLS. Now I wanted to set up the
"Abey Thomas" <[EMAIL PROTECTED]> wrote:
> However in the same setup when I try to get the port authenticated for the
> WinXP client
> using EAP-MD5 it is being rejected
You've listed "ldap" before "eap" in the "authorize" section. Don't
do that. The default config has them in the other order
Thanks Alan . I did EAP and telnet works fine!I have set up the freeradius and using lotus notes LDAP I am able to get authenticated for a TELNET session with CISCO 2950.However in the same setup when I try to get the port authenticated for the WinXP client
using EAP-MD5 it is being rejected Help
"Abey Thomas" <[EMAIL PROTECTED]> wrote:
> I am facing problems with Ldap and freeradius on RedHat linux AS 4. I can
> sucessfully authenticate with windows xp machines with freeradius local
> "users" file and md5 using cisco 2950. Radtest is successful for the
> ldapusers, but the radius -X shows
Hi all,I am facing problems with Ldap and freeradius on RedHat
linux AS 4. I can sucessfully authenticate with windows xp machines
with freeradius local "users" file and md5 using cisco 2950. Radtest
is successful for the ldapusers, but the radius -X shows "rlm_ldap:
Attribute "User-Password" is r
Jon <[EMAIL PROTECTED]> wrote:
>rlm_eap: EAP/mschapv2
>rlm_eap: processing type mschapv2
>ERROR: Unknown value specified for Auth-Type. Cannot perform
> requested action.
You deleted the "mschap" entry from the "authenticate" section.
Don't do that. The default configuration wo
here is [most] of the -X -A output
rlm_eap: EAP packet type response id 4 length 192
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 4
modcall: group authorize returns updated for request 4
rad_check_password:
hi everybody, i'm using debian sarge kernel 2.6.13, openssl 0.9.8a, hostapd
0.5.1, freeradius 1.0.5, madwifi-ng-r1406, i want to use eap-tls in my wlan
and over my own ap over linux. so i can install and configure all programs
(except hostapd, so instead compile myself i installed it from .deb f
Thanks. That helps. It is working now.
Regards,
-Sayantan.
>>> On Mon, Jan 23, 2006 at 5:45 pm, in message
<[EMAIL PROTECTED]>,
[EMAIL PROTECTED] wrote:
> Sayantan Bhowmick wrote:
>> Hi ,
>> I am trying to do PEAP MSCHAPv2 authentication. I am using
>> FreeRADIUS version 1.1.0 on Suse 9.0 an
Sayantan Bhowmick wrote:
Hi ,
I am trying to do PEAP MSCHAPv2 authentication. I am using
FreeRADIUS version 1.1.0 on Suse 9.0 and WinXP as the Suplicant. When I
select "Automatically use my Windows Logon name and password
(and domain if any)" in the network properties, WinXP tries to login a
Hi ,
I am trying to do PEAP MSCHAPv2 authentication. I am using
FreeRADIUS version 1.1.0 on Suse 9.0 and WinXP as the Suplicant. When I
select "Automatically use my Windows Logon name and password
(and domain if any)" in the network properties, WinXP tries to login as
domain-name\\user-name. I
Luca Corti <[EMAIL PROTECTED]> wrote:
> > Use :=, not ==.
>
> Just for User-Password?
Yes. See the rlm_sql documentation.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
On Thu, 2005-10-20 at 09:17 +0200, Luca Corti wrote:
> On Wed, 2005-10-19 at 19:28 -0400, Alan DeKok wrote:
> > > +-+-+---+--++
> > > | id | UserName| Attribute | Value| op |
> > > +-+-+---+--++
On Wed, 2005-10-19 at 19:28 -0400, Alan DeKok wrote:
> > +-+-+---+--++
> > | id | UserName| Attribute | Value| op |
> > +-+-+---+--++
> > | 376 | [EMAIL PROTECTED] | User-Password | password | =
Luca Corti <[EMAIL PROTECTED]> wrote:
> mysql> SELECT id,UserName,Attribute,Value,op FROM radcheck WHERE
> Username = '[EMAIL PROTECTED]' ORDER BY id;
> +-+-+---+--++
> | id | UserName| Attribute | Value| op |
> +-+-+-
On Wed, 2005-10-19 at 17:34 -0400, Kevin Bonner wrote:
> Run in debug mode. Look at the queries that are being run and try to run
> them
> by hand to see what is returned by MySQL. Without more debug output, it is
> difficult to know what is happening.
Please see the debug output I've just po
On Wed, 2005-10-19 at 00:10 +0200, Luca Corti wrote:
I've done further debugging on this with 'radiusd -X', here's what I
get:
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 1
modcall[authorize]: module "chap" returns noop for request 1
modca
On Tuesday 18 October 2005 18:10, Luca Corti wrote:
> Hello,
>
> I've setup a simple freeradius server to authenticate two local realms,
> one stripped (no @realm suffix, let's call it myrealm) and the other
> with @suffix (let's call it otherrealm.com). I use the rlm_sql module to
> auth against a
Hello,
I've setup a simple freeradius server to authenticate two local realms,
one stripped (no @realm suffix, let's call it myrealm) and the other
with @suffix (let's call it otherrealm.com). I use the rlm_sql module to
auth against a MySQL backend.
I'm using radtest to do inital server testing
Alan DeKok wrote:
>dilip simha <[EMAIL PROTECTED]> wrote:
>
>>i have problems using chap with my radius server(FreeRADIUS Version
>>1.0.4). please help me out..
>>
>>my users file on radius server:
>>
>>simha Auth-Type := CHAP , CHAP-Password == "hello"
>
>
> This is wrong. Use "User-Password
dilip simha <[EMAIL PROTECTED]> wrote:
> i have problems using chap with my radius server(FreeRADIUS Version
> 1.0.4). please help me out..
>
> my users file on radius server:
>
> simha Auth-Type := CHAP , CHAP-Password == "hello"
This is wrong. Use "User-Password := ...", not "CHAP-Passwor
hi,
i have problems using chap with my radius server(FreeRADIUS Version
1.0.4). please help me out..
my users file on radius server:
simha Auth-Type := CHAP , CHAP-Password == "hello"
on the packet from radclient:
User-Name = "simha" , CHAP-Password =
"40c567281480e959747ddd9ea7589015" , CHAP
This is my radiusd.conf and startup messages to go along with what I sent
in part 1.
I stripped the comments out so it would not bounce.
Bruce
radiusd.conf
Description: Binary data
[EMAIL PROTECTED] raddb]# Starting - reading configuration files ...
reread_config: reading radiusd.conf
Config:
In reading the archived files on the user that reported the problems with
no User-Password and MD5 challenge problem I saw where Alan said (multiple
times) do not specify an Auth-Type. I had originally read that to mean in
the radiusd.conf. Then a light came on while driving home. He means
anywh
61 matches
Mail list logo
