I'm agree, a good begining would be comment out all modules you're not
using. The instances of the modules are in sites-enabled/default and
sites-enabled/inner-tunnel (for peap and ttls).
-
--- Donb't worry, it will be done soon (as soon as the week starts again ). i
really want to figure it
Yes, Alan, we already now that thedefault config do works! my mind: freeradius
(in our case, sergio and me) is correctly configured. But, we encounterd a
problem showing no error message. so to make the log slimmer, why not
deactivate some non mandatory module in our scenario?? so the output
problem out .
- Message d'origine
De : Alan DeKok [EMAIL PROTECTED]
À : FreeRadius users mailing list freeradius-users@lists.freeradius.org
Envoyé le : Dimanche, 27 Juillet 2008, 19h42mn 23s
Objet : Re: Re : cert bootstrap bug? (was Re: definitively, I have a problem
with eap-tls)
Reveal MAP
thanx for responding dude. let's take a look at this part of log!
(remember too that i am a new linux, many thing are still chinese for
me)
i agree, my certificate are OK to do EAP in general
my coments are the red lines :
my mschap module config is:
--
mschap {
use_mppe =
debug file it seems so...
See earlier posts with subject: PEAP or TTLS and Microsoft Vista.
Sex, 2008-07-25 às 17:10 +, Reveal MAP escreveu:
installing ca.der and putting user pass into client machine, the
authentication doesn't work?
-- no, it doesn't!
you only need
hmm... it's true i didn't test authentication with another laptop! i will! and
i will too with secureW2 instead ofXP built-in wireless manager, and see!!
see the logf there: http://tinypaste.com/5b99b
Your problem is nothing to do with certificates. The PEAP tunnel gets
setup correctly, the
e: Re : cert bootstrap bug? (was Re: definitively, I have a problem with
eap-tls)
http://tinypaste.com/5b99b = Radiusd -X output.
[snip]
rlm_pap: WARNING! No known good password found for the user. Authentication
may fail because of this.//Normal, i am not willing to do
HOW TO FIX THE PROBLEM OF THE ISSUER of clients certificates in default
configuration?
- this bug is suspected to make i can't do EAP-PEAP and affect the CRL
management too. it's a real problem
- Message d'origine
De : Alan DeKok [EMAIL PROTECTED]
À : FreeRadius users mailing list
d'origine
De : Sergio [EMAIL PROTECTED]
À : FreeRadius users mailing list freeradius-users@lists.freeradius.org
Envoyé le : Vendredi, 25 Juillet 2008, 13h20mn 54s
Objet : Re: Re : cert bootstrap bug? (was Re: definitively, I have a problem
with eap-tls)
Reveal MAP escribió:
HOW TO FIX THE PROBLEM
installing ca.der and putting user pass into client machine, the
authentication doesn't work?
-- no, it doesn't!
you only need ca.der but, if you have an active directory like LDAP,
check if your comunication with AD server also have tls authentication.
Into ldap module you can
that?
Reveal MAP wrote:
f you want to authenticate PEAP users via SQL (which you seem
to be saying), then don't configure the mschap module to use ntlm_auth.
my mistake: i didn't know...
Huh? You are aware that AD is not the same as SQL?
back to Users based on AD.
...
in etc/raddb/module
(with server extension) is missing on the
client, could it interfer in EAP-PEAP authentication success?
thank you
- Message d'origine
De : Reveal MAP [EMAIL PROTECTED]
À : FreeRadius users mailing list freeradius-users@lists.freeradius.org
Envoyé le : Mardi, 22 Juillet 2008, 12h02mn 26s
Objet
Ok,
does someone find normal that EAP-TLS authentication works and not EAP-PEAP?
- it is sure, it is not a question of certificate. Alan said someday that that
NAS is broken. He might be true, but maybe i missed something in the
configuration, but where?
- it reminds me a question and i don't
Re hello:
Now i am trying to authenticate via PEAP a user existing onmy sql database:
the output is too long, mailing list parameters won't accept it. i post part of
the output that seem to give the point of misconfiguration. if it is not
sufficient, please let me know, and i will find a way
@lists.freeradius.org
Envoyé le : Samedi, 19 Juillet 2008, 17h19mn 58s
Objet : Re: Re : Re : EAP-TLS OK - EAP-PEAP KO!! why that?
Reveal MAP wrote:
Now i am trying to authenticate via PEAP a user existing onmy sql database:
The debug log doesn't show that.
the output is too long, mailing list parameters
: Alan DeKok [EMAIL PROTECTED]
À : FreeRadius users mailing list freeradius-users@lists.freeradius.org
Envoyé le : Samedi, 19 Juillet 2008, 18h07mn 43s
Objet : Re: Re : Re : Re : EAP-TLS OK - EAP-PEAP KO!! why that?
Reveal MAP wrote:
user=maman
passwd= maman
is a sql based user.
trying peap
true!
there was a great problem with winbindwhich did'n want to run. I had to rename
winbindd_priviledged to make it work.
so now, the previous error:
---
rlm_mschap: No Cleartext-Password configured. Cannot create LM-Password.
rlm_mschap: No
Why could EAP-TLS run OK and not EAP-PEAP, giving a message like that:
rlm_eap_peap: Received EAP-TLV response.
below is the entire output.
Thanx for the response!!
---
rad_recv: Access-Request packet from host 10.10.44.246 port 1027, id=99,
length=194
, 6h21mn 00s
Objet : Re: silly question of framed IP address
Reveal MAP wrote:
I wonder if the attribute 8 (framed Ip address) of RADIUS acts like a
dhcp server, giving the IP to the supplicant or just verify/compare if
is conform to the Anthentication request ??
The Framed-IP-Address assigns IP
d'origine
De : Reveal MAP [EMAIL PROTECTED]
À : Freeradius Mailing-List freeradius-users@lists.freeradius.org
Envoyé le : Jeudi, 17 Juillet 2008, 12h35mn 15s
Objet : EAP-TLS OK - EAP-PEAP KO!! why that?
Why could EAP-TLS run OK and not EAP-PEAP, giving a message like that:
rlm_eap_peap: Received
Hello!
I read this doc
http://www.cisco.com/en/US/docs/ios/12_1t/12_1t5/feature/guide/dtrattr8.html
and don't really understand. maybe cause of english style so i am expecting for
an answer here:
I wonder if the attribute 8 (framed Ip address) of RADIUS acts like a dhcp
server, giving the IP
Hello list!
after
i succeed creating my CA, (thanks a lot sergio), i encounter a new
problem with Active Directory integration! i succeded it with help of
this mailing list a couple of week ago, but in FR-2.0.2.
Now i use FR-2.0.5.
I
followed the HOWTO, so ntlm_auth and winbind authenticate
with mschap (or real peap user). BTW that's not the entire output of
RADIUSD -X. It's radtest output.
Ivan Kalik
Kalik Informatika ISP
Dana 15/7/2008, Reveal MAP [EMAIL PROTECTED] piše:
Hello list!
after
i succeed creating my CA, (thanks a lot sergio), i encounter a new
problem with Active Directory
hi,
I use freeradius 2.0.5 and openSUSE 10.3
i ran bootstrap script + make client.pem, make.client.p12,
- I imported ca.der on my xp laptop, located at the CA Authorithy containeer.
I imported server.p12 too (just to verify the signature) and everything is Ok
- But when i import client.p12,
[EMAIL PROTECTED]
À : FreeRadius users mailing list freeradius-users@lists.freeradius.org
Envoyé le : Dimanche, 13 Juillet 2008, 16h09mn 34s
Objet : Re: certificate client.* non valid on windows XP
Reveal MAP escribió:
hi,
I use freeradius 2.0.5 and openSUSE 10.3
i ran bootstrap script + make
client.* non valid on windows XP
Reveal MAP escribió:
Thank you Sergio for your answer.
- windows says too that one of the certificate authority seems to not
be able to deliver certificate or can't be used as final entity...
so, I tried what you said: install Server.p12 as intermediate CAr
valid on windows XP
Reveal MAP escribió:
Installing ca.der, server.crt and client.crt, i obtain exactly the
same result!!
- Message d'origine
De : Sergio [EMAIL PROTECTED]
À : FreeRadius users mailing list freeradius-users@lists.freeradius.org
Envoyé le : Dimanche, 13 Juillet 2008
Hi all,
running radiusd -X i have that error at the end of the output:
--
--
Thank you, i found them
Please see raddb/certs. There are documentation files, example files,
and scripts used to create all of the other files in that directory.
I just would like someone to give me the lines, how to create
the result of ntlm_auth in command line:
--
aaa:/var/lib/samba #ntlm_auth --username glouglou --domain pluton
password:
NT_STATUS_OK: Success (0x0)
aaa:/var/lib/samba #
I am Sorry,
I have a little problem with english, and i know it might be annoying for you!
but i am not sure to understand what you are adcing me right now.
1- um.. using mschap:User-Name
(how can i do that? in radiusd.conf, mschap section? or in ntlm_ath
configuration files?)
2-
Oh!!
Lol, I read it but didn't find so ovious to understood (in chinese )
it works very well! thanks to Ivan Ivan and Alan for helping, and um ... brb
for the next episode !
- Message d'origine
De : Ivan Kalik [EMAIL PROTECTED]
À : FreeRadius users mailing list
32 matches
Mail list logo
