Alexandre Chapellon wrote:
then could you point me to the place where you get the oracle libs stuff?
I've always just built with whatever libraries Oracle put on the
system. i.e. it was pre-installed at customer sites.
I'd suggest rooting through the libraries to find out where the
failing
Adam W. Sewell wrote:
I am using PEAP/MsChapv2.
Exactly. There are multiple packet exchanges as part of one PEAP
authentication.
I am using a perl script to authorize the user access to the network based on
some information that is pulled out of a database via our perl script. This
part
Hi,
Which explains what's going on. PEAP is really two things: an outer
TLS session, and inner EAP-MSCHAPv2 authentication. So there are *two*
streams of RADIUS packets. One that sets up the tunnel, and one that
does the authentication inside of the tunnel.
yep - so if you only want to
Alan DeKok wrote:
Andrew Hood wrote:
Pardon me if I've missed something, but as far as I can tell the server
cert isn't authorised to sign client certs, so I can't see how it could
work. The CA can sign client certs.
There can be multiple levels of CA's. Verisign, your company, the
However, there may be multiple servers, each with its own cert. Why
should a client cert be signed by one server when it may be used with
other servers?
(radius) Server certificate doesn't have to be unique. You can copy the
same certificate to all the radius servers that will be accepting
Andrew Hood escribió:
Alan DeKok wrote:
Andrew Hood wrote:
Pardon me if I've missed something, but as far as I can tell the server
cert isn't authorised to sign client certs, so I can't see how it could
work. The CA can sign client certs.
There can be multiple levels of
-
# You can use any policy here. e.g. Check NAS-Identifier,
# and define a shared secret by NAS-Identifier, rather than
-
How do I get hold of the
Ivan Kalik escribió:
However, there may be multiple servers, each with its own cert. Why
should a client cert be signed by one server when it may be used with
other servers?
(radius) Server certificate doesn't have to be unique. You can copy the
same certificate to all the radius servers
FreeRADIUS Version 2.0.5, for host i686-pc-linux-gnu, built on Jul 21 2008
at 15:35:42
Copyright (C) 1999-2008 The FreeRADIUS server project and contributors.
There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A
PARTICULAR PURPOSE.
You may redistribute copies of FreeRADIUS under the
rad_recv: Access-Request packet from host 127.0.0.1 port 1029, id=10,
length=56
User-Name = John
User-Password = hello
NAS-IP-Address = 192.168.1.131
NAS-Port = 1
+- entering group authorize
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
do not use
*Auth-Type :=System,*
dont use Auth-Type at all.
2008/8/22 Syed Anwarul Hasan [EMAIL PROTECTED]
FreeRADIUS Version 2.0.5, for host i686-pc-linux-gnu, built on Jul 21 2008
at 15:35:42
Copyright (C) 1999-2008 The FreeRADIUS server project and contributors.
There is NO warranty; not
Hello,
I have an older eMac in my lab I am using to test the PAM module
(pam_radius-1.3.17) and have been able to compile by changing the
Makefile to use:
gcc -bundle pam_radius_auth.o md5.o -lpam -lc -o pam_radius_auth.so
for the final linking of the shared object. The resulting .so seems to
Thank you *Ivan* for your help and exact advice. I was able to debug and
able to do user Authentication as you said.
I once again thanks FreeRadius OpenSource Community for helping people with
their Questions.
SYED
On Fri, Aug 22, 2008 at 4:14 PM, orion [EMAIL PROTECTED] wrote:
do not use
Am 22.08.2008 um 18:26 schrieb Alex Coco:
Hello,
I have an older eMac in my lab I am using to test the PAM module
(pam_radius-1.3.17) and have been able to compile by changing the
Makefile to use:
gcc -bundle pam_radius_auth.o md5.o -lpam -lc -o pam_radius_auth.so
[...]
Any suggestions
Nevermind,
I was on the right track, in md5.c I had to:
#define HIGHFIRST
I suspect on an intel Mac I won't have to.
AGC
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Hi,
Can any body respond to my earlier requst please.
regards,
Venkat
- Forwarded Message -
From: Venkata LK Mula
To:
Subject: Certificate problem on Windows XP clinet ...
Date: Thu, 21 Aug 2008 00:33:26 +0530
Hi,
Regarding the above mentioned subject, we are facing
We have a freeradius instance that talks to the world, and proxies
requests to a back end server that does token authentication via the
otp module. This all works fine. What we need is something we can do
when a user forgets or loses their card. We thought to use S/key for
this. To that end, I
Greg Woods wrote:
We have a freeradius instance that talks to the world, and proxies
requests to a back end server that does token authentication via the
otp module. This all works fine. What we need is something we can do
when a user forgets or loses their card. We thought to use S/key for
On Fri, 2008-08-22 at 20:25 +0200, Alan DeKok wrote:
Greg Woods wrote:
I have to find a
way to specify in the front end proxy on a per-user basis which back end
server should be used.
Use groups, or *something* else.
I can't find any information on groups except for the chroot group
hello friends!
solved the problem we had, I did a test and works well, but now every time
the user wants to connect I get this error in the logs:
Thu Aug 21 11:14:56 2008 : Info: rlm_eap_md5: Issuing Challenge
Thu Aug 21 11:14:56 2008 : Error: TLS_accept:error in SSLv3 read client
Greg Woods wrote:
I can't find any information on groups except for the chroot group and
huntgroups, and neither of those appears to be related to what I'm
trying to do. I grepped all the config files and there's no man 5
groups. Can you point me to the documentation on groups?
Use *any*
Johan Meiring wrote:
Have you had any luck with the poking ??
It's a bit more work than I thought. I'm currently looking at a few
other interesting features for the next version.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
On Fri, 2008-08-22 at 22:48 +0200, Alan DeKok wrote:
See man rlm_passwd for an example.
Thank you. That was the pointer I needed.
No... where do *you* want to store the information about which user
belongs in which group.
Anywhere that works. In other words, I'll write scripts to modify
An SQL server isn't too hard to set up and get going. Plus any decent
scripting language has modules making it dirt simple to manage the
user base ... Try it...
//Anders
Sent from my iPhone
On 22 Aug 2008, at 22:23, Greg Woods [EMAIL PROTECTED] wrote:
On Fri, 2008-08-22 at 22:48 +0200,
Greg Woods wrote:
and that works right off the bat. There were other reasons why it might
have been nice to set the realm based on the user name; we're a research
institution, meaning that the groups here have a relatively high degree
of autonomy with little central control. It might have been
I apologize in advance if this question is answered in the
documentation, but if it is, I haven't been able to find it.
I have the following setup:
- Client daemon running on host A
- FreeRADIUS 2.0.4 server running on host A proxying auth requests
- Two Remote RADIUS servers serving
You should post bit more of the debug. What EAP method is this?
Ivan Kalik
Kalik Informatika ISP
Dana 22/8/2008, Martin Silvero [EMAIL PROTECTED] piše:
hello friends!
solved the problem we had, I did a test and works well, but now every time
the user wants to connect I get this error in the
How? What do you think we know about network Roaming test2 setup?
Ivan Kalik
Kalik Informatika ISP
Dana 22/8/2008, Venkata LK Mula [EMAIL PROTECTED] piše:
Hi,
Can any body respond to my earlier requst please.
regards,
Venkat
- Forwarded Message -
From: Venkata LK Mula
To:
Hello gurus.
Is me again :), trying to authenticate local users to the switch through
freeradius 2.0.5, but no success with 3Com 4500/5500.
My users file has:
admin Cleartext-Password := X
Framed-IP-Address = %{Framed-IP-Address},
3Com-User-Access-Level =
Hi Ivan,
network Roaming test2 in which Roaming test2 is the
SSID.
regards,
Venkat
- Original Message -
From: Ivan Kalik [EMAIL PROTECTED]
To: FreeRadius users mailing list
freeradius-users@lists.freeradius.org
Subject: Re: Fwd: Certificate problem on Windows XP clinet
..
Date: Sat, 23
Hi Ivan,
network Roaming test2 in which Roaming test2 is the
SSID.
regards,
Venkat
- Original Message -
From: Venkata LK Mula
To: FreeRadius users mailing list
Subject: Re: Fwd: Certificate problem on Windows XP clinet
..
Date: Sat, 23 Aug 2008 08:31:01 +0530
Hi Ivan,
I found some posts online in the Devel group about 'radsniff'. This sounds like
a great idea, but I can't find any more documentation on it in the user groups
or in the man pages, other than some complaints about bugs. Is this ready to
use yet? I'm not getting anything from it (I'm problably
Lemaster, Rob wrote:
I found some posts online in the Devel group about 'radsniff'. This sounds
like a great idea, but I can't find any more documentation on it in the user
groups or in the man pages, other than some complaints about bugs. Is this
ready to use yet? I'm not getting anything
Oxiel wrote:
Is me again :), trying to authenticate local users to the switch through
freeradius 2.0.5, but no success with 3Com 4500/5500.
See the switch documentation for which attributes it needs in the
Access-Accept to give local administrator access.
Service-Type = Login-User
Aaron Spanik wrote:
Recently, however, there has been reason to suspect that the two remote
RADIUS servers are behaving inconsistently with each other (i.e. auth
fails on one and then immediately succeeds on the other).
Unfortunately, I have zero access to the remote RADIUS servers and
Andrew Hood wrote:
That's what Sergio seemed to be getting at in changing with the Makefile
to have a CA rather than the server sign the client cert. Is that the
better way?
It's a different way. The question you want to ask is if the *CA*
issues client certificates, or if the *server*
36 matches
Mail list logo
