Hi list,
I just tried to upgrade FreeRADIUS to the latest version from git. My goal is
to get the passchange feature working in the mschap module.
I am unable to get ntlm_auth to work in mschap.
debug output,
---
Debug: (0) mschap : expand: '--nt-response=%{%{mschap:NT-Response}:-00}' ->
'--
On Sun, Apr 28, 2013 at 1:31 AM, Andres wrote:
> Thank you all for your replays,
>
> I used SLES 11 freeradius standard package and it was too old,
> and it was my mistake and took a few days off my life.
> Hopefully someone else does not make the same mistake
If all you need is mschap test funct
Thank you all for your replays,
I used SLES 11 freeradius standard package and it was too old,
and it was my mistake and took a few days off my life.
Hopefully someone else does not make the same mistake
Andres
2013/4/27 Alan DeKok
> Andres wrote:
> > FreeRADIUS server Version: 2.1.1-7.16.
Andres wrote:
> FreeRADIUS server Version: 2.1.1-7.16.1
> also installed freeradius-server-libs and utils
Why? That version is SEVEN YEARS old.
Upgrade. Really.
And you're using a version of radclient which doesn't support mschap.
So... why are you trying to use mschap?
We presume
Hi,
>FreeRADIUS server Version: 2.1.1-7.16.1
>also installed freeradius-server-libs and utils
>FreeRADIUS server and libs and utils was installed via Yast.
>radius:/etc # radclient -v
>radclient: $Id$ built on Jan 22 2013 at 23:55:37
>#
># Version: $Id$
>#
>
Hi,
I have done clean SLES11 install
FreeRADIUS server Version: 2.1.1-7.16.1
also installed freeradius-server-libs and utils
FreeRADIUS server and libs and utils was installed via Yast.
radius:/etc # radclient -v
radclient: $Id$ built on Jan 22 2013 at 23:55:37
#
# Version: $Id$
#
pre
Hi,
what version of FreeRADIUS? are you sure you arent running old copies of
radclient/radtest
ie you THINK you can do "-t mschap" but the wrapper or binary doesnt
radclient -v ?
which radtest
then cat the resulting file.
alan
-
List info/subscribe/unsubscribe? See http://www.freeradius.o
host name is radius
ip 10.58.5.58
Full Domain host name: radius.mydomain.com radius
..
resolv.conf
search mydomain.com
nameserver 10.58.5.39
nameserver 10.58.5.45
/etc/hosts
127.0.0.1 localhost
# special IPv6 addresses
::1 localhost ipv6-localhost ipv6-loopba
whats the hostname of ur system ?
On Fri, Apr 26, 2013 at 6:30 PM, Andres wrote:
> this way looks my hosts file:
>
> # IP-Address Full-Qualified-Hostname Short-Hostname
> #
>
> 127.0.0.1 localhost
>
> # special IPv6 addresses
> ::1 localhost ipv6-localhost ipv6-loopback
>
> f
Andres wrote:
> this way looks my hosts file:
Well... something is wrong with DNS on your system.
The only advantage to using radtest is that it's simpler than
radclient. But it's just a wrapper around radclient. You can edit
radtest to remove the DNS lookups, or write your own wrapper whic
this way looks my hosts file:
# IP-Address Full-Qualified-Hostname Short-Hostname
#
127.0.0.1 localhost
# special IPv6 addresses
::1 localhost ipv6-localhost ipv6-loopback
fe00::0 ipv6-localnet
ff00::0 ipv6-mcastprefix
ff02::1 ipv6-allnodes
ff02::2
Most likely your host file didnt have entry of your domain name,
dump your hostname and /etc/hosts file here and then we can comment better
On Thu, Apr 25, 2013 at 10:52 PM, Andres wrote:
> Hello All,
>
> I'm trying to test mschap with radtest but it gives me strange error
> message.
> I've trie
Hello All,
I'm trying to test mschap with radtest but it gives me strange error
message.
I've tried to solve it several days, but had no success.
I'm using syntax like that:
$ radtest -t mschap user password 127.0.0.1 0 secret
radclient : Failed to find IP address for host user: Success
radcl
Am 10.09.2010 um 16:18 schrieb Denis Iskandarov:
[...]
Also one newbie question about this mailing list: How should i answer
on answers of my thread? Put Re:Re: in the beginning ?
One "Re:" is enough.
(If somebody really wants to see threads' hierachies, he should use an
email program tha
Thanks too all of You !
It worked!!!
I saw all the documentations on freeradius, different howtos and forum
threads, but didn't saw this option.
why people didn't wrote about this.
Also one newbie question about this mailing list: How should i answer
on answers of my thread? Put Re:Re: in
On 09/10/2010 09:18 AM, Denis Iskandarov wrote:
You have deleted the output which is needed to help you.
Found Auth-Type = MSCHAP
+- entering group MS-CHAP {...}
[mschap] No Cleartext-Password configured. Cannot create LM-Password.
[mschap] No Cleartext-Password configured. Cannot create NT
Denis Iskandarov wrote:
> Sorry i didn't understand you. which good known password ?I'm using
> daloRADIUS. and while creating user i appended cleartext password :=
> to it:
> Here is output of radcheck table:
Yes...
> It's almost same string as in users text conf, but in mysql table form.
> So
> You have deleted the output which is needed to help you.
>
>> Found Auth-Type = MSCHAP
>> +- entering group MS-CHAP {...}
>> [mschap] No Cleartext-Password configured. Cannot create LM-Password.
>> [mschap] No Cleartext-Password configured. Cannot create NT-Password.
>
> So... you haven't tol
Denis Iskandarov wrote:
> used for 802.1x EAP-TLS and EAP-TTLS (maybe for peap in future as
> well) with Ubiquiti and Mikrotik network equipment
>
> setup works perfectly without sql with text conf files.
> when creating user in sql getting next error:
> (Output omitted)
You have deleted the ou
My setup:
CentOS 5.5 x32
freeradius2-2.1.7-7.el5
mysql-5.0.77-4.el5_5.3
daloRADIUS 0.9-8 SVN (0.9.-9)
used for 802.1x EAP-TLS and EAP-TTLS (maybe for peap in future as
well) with Ubiquiti and Mikrotik network equipment
setup works perfectly without sql with text conf files.
when creating user in
Found!
I've updated from 2.1.1 to 2.1.7 and with Stripped-User-Name now
everithing is right.
On 22/ott/2009, at 11:27, Paolo Barbato wrote:
I forgot to mention that I've used also
ntlm_auth = "/usr/bin/ntlm_auth --request-nt-key --username=%
{Stripped-User-Name:-%{User-Name:-None}} --cha
I forgot to mention that I've used also
ntlm_auth = "/usr/bin/ntlm_auth --request-nt-key --username=%{Stripped-
User-Name:-%{User-Name:-None}} --challenge=%{mschap:Challenge:-00} --
nt-response=%{mschap:NT-Response:-00}"
but nothing changed.
On 22/ott/2009, at 11:12, Ivan Kalik wrote:
I'v
> I've configured freeradius to authenticate local users with our AD.
>
> When I use simple username "barbato" it works perfectly, but if I use
> barb...@igi.cnr.it
> it fails.
>
> From log it seems that it's not stripped the realm/domain part after @:
>
> [mschapv2] +- entering group MS-CHAP {.
I've configured freeradius to authenticate local users with our AD.
When I use simple username "barbato" it works perfectly, but if I use barb...@igi.cnr.it
it fails.
From log it seems that it's not stripped the realm/domain part after @:
[mschapv2] +- entering group MS-CHAP {...}
[mschap] T
Grooz, Marc (regio iT) wrote:
> but in case 3 without automatich login and username in in lowercase it
> work's.
Go ask Active Directory why.
The debug log you posted shows FreeRADIUS running ntlm_auth with the
correct arguments, and ntlm_auth returning an error. So FreeRADIUS has
no contr
Hello Alan,
but in case 3 without automatich login and username in in lowercase it
work's.
>Grooz, Marc (regio iT) wrote:
>> 1. If we auth a ActiveDirectory User with automatic sending of
>> username and password to our wlan everthing is OK. No lan-cabel is
>> connected. In my case the Username
Grooz, Marc (regio iT) wrote:
> 1. If we auth a ActiveDirectory User with automatic sending of username
> and password to our wlan everthing is OK. No lan-cabel is connected. In
> my case the Username is DOMAIN\\GroozMarc.
>
> 2. If we auth the same user with a lan-cabel connected. the auth fails.
Hello,
can some please help.
Hello,
we have a strange problem with the PEAP MSCHAP authentication truh WLAN.
We use freeradius 1.1.7 on debian etch.
1. If we auth a ActiveDirectory User with automatic sending of username
and password to our wlan everthing is OK. No lan-cabel is connected. In
my
Hello,
we have a strange problem with the PEAP MSCHAP authentication truh WLAN.
We use freeradius 1.1.7 on debian etch.
1. If we auth a ActiveDirectory User with automatic sending of username
and password to our wlan everthing is OK. No lan-cabel is connected. In
my case the Username is DOMAIN\\G
I have configured freeradius from scratch using the 802.1x HOWTO by Lars
Strand but I must have (not) done something. I have been looking over it for
two days and can't find where the problem lies. When I try to authenticate
it goes through TLS OK but when it comes time to check the password it
fai
30 matches
Mail list logo
