Re: Ignoring EAP-Type/tls because we do not have OpenSSL, support.

2010-09-13 Thread Douglas Caro 

Hi David and Alexander... thank you, so much...

I've tried your tips, but it didn't work...


# dpkg -l |grep freeradius
ii  freeradius   
2.1.9+gita high-performance and highly 
configurable R
ii  freeradius-common
2.1.9+gitFreeRADIUS common files
ii  freeradius-dialupadmin   
2.1.9+gitset of PHP scripts for 
administering a FreeR
ii  freeradius-ldap  
2.1.9+gitLDAP module for FreeRADIUS server
ii  freeradius-utils 
2.1.9+gitFreeRADIUS client utilities
ii  libfreeradius-dev
2.1.9+gitFreeRADIUS shared library 
development files
ii  libfreeradius2   
2.1.9+gitFreeRADIUS shared library


# dpkg -l |grep libssl
ii  libssl-dev   
0.9.8g-15+lenny8 SSL development libraries, header 
files and
ii  libssl0.9.8  
0.9.8g-15+lenny8 SSL shared libraries


# freeradius -v
freeradius: FreeRADIUS Version 2.1.9, for host i486-pc-linux-gnu, built 
on Sep 13 2010 at 09:40:57

Copyright (C) 1999-2009 The FreeRADIUS server project and contributors.

The messages keep appearing
Ignoring EAP-Type/tls because we do not have OpenSSL support.
Ignoring EAP-Type/ttls because we do not have OpenSSL support.
Ignoring EAP-Type/peap because we do not have OpenSSL support.

Thanks
Douglas
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Ignoring EAP-Type/tls because we do not have OpenSSL support.

2010-09-10 Thread Douglas Caro 

Hi,

In #freeradius -X, I have those messages:

Ignoring EAP-Type/tls because we do not have OpenSSL support.
Ignoring EAP-Type/ttls because we do not have OpenSSL support.
Ignoring EAP-Type/peap because we do not have OpenSSL support.

I've researched on the subject, but I didn't find anything.

Linux Debian Lenny
Freeradius 2.0.4

Thanks
Douglas
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Freeradius-Users Digest, Vol 65, Issue 43

2010-09-10 Thread Douglas Caro 

Thanks for all, but it didn't work...

#dpkg -l |grep freer
ii  freeradius   
2.1.8+dfsg-1~bpo50+1 a high-performance and highly 
configurable R
ii  freeradius-common
2.1.8+dfsg-1~bpo50+1 FreeRADIUS common files
ii  freeradius-dialupadmin   
2.1.8+dfsg-1~bpo50+1 set of PHP scripts for 
administering a FreeR
ii  freeradius-ldap  
2.1.8+dfsg-1~bpo50+1 LDAP module for FreeRADIUS server
ii  freeradius-mysql 
2.1.8+dfsg-1~bpo50+1 MySQL module for FreeRADIUS server
ii  freeradius-postgresql
2.1.8+dfsg-1~bpo50+1 PostgreSQL module for FreeRADIUS server
ii  freeradius-utils 
2.1.8+dfsg-1~bpo50+1 FreeRADIUS client utilities
ii  libfreeradius-dev
2.1.8+dfsg-1~bpo50+1 FreeRADIUS shared library 
development files
ii  libfreeradius2   
2.1.8+dfsg-1~bpo50+1 FreeRADIUS shared library


# freeradius -v
freeradius: FreeRADIUS Version 2.1.8, for host i486-pc-linux-gnu, built 
on Jan  3 2010 at 15:51:52

Copyright (C) 1999-2009 The FreeRADIUS server project and contributors.

The messages keep appearing
Ignoring EAP-Type/tls because we do not have OpenSSL support.
Ignoring EAP-Type/ttls because we do not have OpenSSL support.
Ignoring EAP-Type/peap because we do not have OpenSSL support.

Thanks
Douglas

-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Freeradius + LDAP Group check

2010-08-18 Thread Douglas Caro 

Hello!

I'm trying to modify a working configuration to add one more 
authentication service in FreeRadius.


I already have one configuration to authenticate users in ldap to use 
wireless network. See the radiusd.conf:



radiusd.conf

prefix = /usr
exec_prefix = /usr
sysconfdir = /etc
localstatedir = /var
sbindir = /usr/sbin
logdir = /var/log/freeradius
raddbdir = /etc/freeradius
radacctdir = ${logdir}/radacct
confdir = ${raddbdir}
run_dir = ${localstatedir}/run
pidfile = /var/run/freeradius/freeradius.pid
user = freerad
group = freerad

listen {
 ipaddr = *
 port = 0
 type = auth
}

listen {
 ipaddr = *
 port = 0
 type = acct
}

thread pool {
 start_servers = 1
 max_servers = 4
 min_spare_servers = 1
 max_spare_servers = 3
 max_requests_per_server = 0
}

$INCLUDE ${confdir}/clients.conf

modules {
 pap {
encryption_scheme = clear
 }
 chap {
authtype = CHAP
 }
 $INCLUDE ${confdir}/eap.conf
 mschap {
authtype = MS-CHAP
with_ntdomain_hack = yes
 }
 mschapv2 {
 }
 files {
usersfile = ${confdir}/users
compat = no
 }
  ldap ldap_1x {
  server = 127.0.0.1
  identity = cn=Manager,dc=company,dc=com,dc=br
  password = XX
  basedn = ou=Users,dc=company,dc=com,dc=br
  start_tls = no
  access_attr = uid
  dictionary_mapping = ${raddbdir}/ldap.attrmap
  authtype = ldap
  ldap_connections_number = 5
  timeout = 4
  timelimit = 3
  net_timeout = 1
  }
}
authorize {
 pap
 files
 mschap
 ldap_1x
 eap
}
authenticate {
  Auth-Type PAP {
  pap
  }
  Auth-Type MS-CHAP {
  mschap
  }
  Auth-Type PPP {
  ldap_1x
  }

  eap
}
log {
  destination = files
  file = /var/log/freeradius/radius.log
  syslog_facility = daemon
  stripped_names = no
  auth = yes
  auth_badpass = no
  auth_goodpass = no
}


and, the users file:

users

DEFAULT Auth-Type := MS-CHAP

DEFAULT Hint == CSLIP
  Framed-Protocol = SLIP,
  Framed-Compression = Van-Jacobson-TCP-IP

DEFAULT Hint == SLIP
  Framed-Protocol = SLIP


This is enough to provide access to users in wireless network.

I need to add a Radius Auth in Ldap to Switches devices with Group Check.
The users are in cn=TacAdm,ou=Groups,dc=company,dc=com,dc=br

I already tryed to add a new module called

ldap ldap_switch {
...
}

and many instances like groupmembership_filter, groupname_attribute, 
filter, base_filter, access_attr, groupmembership_attribute, but nothing 
do the group check in ldap!


What do I need to this checking group works and maintain the wireless 
configuration working well?


Thanks!
Douglas
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html