Re: Ignoring EAP-Type/tls because we do not have OpenSSL, support.
Hi David and Alexander... thank you, so much... I've tried your tips, but it didn't work... # dpkg -l |grep freeradius ii freeradius 2.1.9+gita high-performance and highly configurable R ii freeradius-common 2.1.9+gitFreeRADIUS common files ii freeradius-dialupadmin 2.1.9+gitset of PHP scripts for administering a FreeR ii freeradius-ldap 2.1.9+gitLDAP module for FreeRADIUS server ii freeradius-utils 2.1.9+gitFreeRADIUS client utilities ii libfreeradius-dev 2.1.9+gitFreeRADIUS shared library development files ii libfreeradius2 2.1.9+gitFreeRADIUS shared library # dpkg -l |grep libssl ii libssl-dev 0.9.8g-15+lenny8 SSL development libraries, header files and ii libssl0.9.8 0.9.8g-15+lenny8 SSL shared libraries # freeradius -v freeradius: FreeRADIUS Version 2.1.9, for host i486-pc-linux-gnu, built on Sep 13 2010 at 09:40:57 Copyright (C) 1999-2009 The FreeRADIUS server project and contributors. The messages keep appearing Ignoring EAP-Type/tls because we do not have OpenSSL support. Ignoring EAP-Type/ttls because we do not have OpenSSL support. Ignoring EAP-Type/peap because we do not have OpenSSL support. Thanks Douglas - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Ignoring EAP-Type/tls because we do not have OpenSSL support.
Hi, In #freeradius -X, I have those messages: Ignoring EAP-Type/tls because we do not have OpenSSL support. Ignoring EAP-Type/ttls because we do not have OpenSSL support. Ignoring EAP-Type/peap because we do not have OpenSSL support. I've researched on the subject, but I didn't find anything. Linux Debian Lenny Freeradius 2.0.4 Thanks Douglas - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Freeradius-Users Digest, Vol 65, Issue 43
Thanks for all, but it didn't work... #dpkg -l |grep freer ii freeradius 2.1.8+dfsg-1~bpo50+1 a high-performance and highly configurable R ii freeradius-common 2.1.8+dfsg-1~bpo50+1 FreeRADIUS common files ii freeradius-dialupadmin 2.1.8+dfsg-1~bpo50+1 set of PHP scripts for administering a FreeR ii freeradius-ldap 2.1.8+dfsg-1~bpo50+1 LDAP module for FreeRADIUS server ii freeradius-mysql 2.1.8+dfsg-1~bpo50+1 MySQL module for FreeRADIUS server ii freeradius-postgresql 2.1.8+dfsg-1~bpo50+1 PostgreSQL module for FreeRADIUS server ii freeradius-utils 2.1.8+dfsg-1~bpo50+1 FreeRADIUS client utilities ii libfreeradius-dev 2.1.8+dfsg-1~bpo50+1 FreeRADIUS shared library development files ii libfreeradius2 2.1.8+dfsg-1~bpo50+1 FreeRADIUS shared library # freeradius -v freeradius: FreeRADIUS Version 2.1.8, for host i486-pc-linux-gnu, built on Jan 3 2010 at 15:51:52 Copyright (C) 1999-2009 The FreeRADIUS server project and contributors. The messages keep appearing Ignoring EAP-Type/tls because we do not have OpenSSL support. Ignoring EAP-Type/ttls because we do not have OpenSSL support. Ignoring EAP-Type/peap because we do not have OpenSSL support. Thanks Douglas - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Freeradius + LDAP Group check
Hello! I'm trying to modify a working configuration to add one more authentication service in FreeRadius. I already have one configuration to authenticate users in ldap to use wireless network. See the radiusd.conf: radiusd.conf prefix = /usr exec_prefix = /usr sysconfdir = /etc localstatedir = /var sbindir = /usr/sbin logdir = /var/log/freeradius raddbdir = /etc/freeradius radacctdir = ${logdir}/radacct confdir = ${raddbdir} run_dir = ${localstatedir}/run pidfile = /var/run/freeradius/freeradius.pid user = freerad group = freerad listen { ipaddr = * port = 0 type = auth } listen { ipaddr = * port = 0 type = acct } thread pool { start_servers = 1 max_servers = 4 min_spare_servers = 1 max_spare_servers = 3 max_requests_per_server = 0 } $INCLUDE ${confdir}/clients.conf modules { pap { encryption_scheme = clear } chap { authtype = CHAP } $INCLUDE ${confdir}/eap.conf mschap { authtype = MS-CHAP with_ntdomain_hack = yes } mschapv2 { } files { usersfile = ${confdir}/users compat = no } ldap ldap_1x { server = 127.0.0.1 identity = cn=Manager,dc=company,dc=com,dc=br password = XX basedn = ou=Users,dc=company,dc=com,dc=br start_tls = no access_attr = uid dictionary_mapping = ${raddbdir}/ldap.attrmap authtype = ldap ldap_connections_number = 5 timeout = 4 timelimit = 3 net_timeout = 1 } } authorize { pap files mschap ldap_1x eap } authenticate { Auth-Type PAP { pap } Auth-Type MS-CHAP { mschap } Auth-Type PPP { ldap_1x } eap } log { destination = files file = /var/log/freeradius/radius.log syslog_facility = daemon stripped_names = no auth = yes auth_badpass = no auth_goodpass = no } and, the users file: users DEFAULT Auth-Type := MS-CHAP DEFAULT Hint == CSLIP Framed-Protocol = SLIP, Framed-Compression = Van-Jacobson-TCP-IP DEFAULT Hint == SLIP Framed-Protocol = SLIP This is enough to provide access to users in wireless network. I need to add a Radius Auth in Ldap to Switches devices with Group Check. The users are in cn=TacAdm,ou=Groups,dc=company,dc=com,dc=br I already tryed to add a new module called ldap ldap_switch { ... } and many instances like groupmembership_filter, groupname_attribute, filter, base_filter, access_attr, groupmembership_attribute, but nothing do the group check in ldap! What do I need to this checking group works and maintain the wireless configuration working well? Thanks! Douglas - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html