Hi,
my question is what IE/AVP in RADIUS Access-Request identifies the Request as
an EAP-SIM request ?
/TM
--
GRATIS! Movie-FLAT mit über 300 Videos.
Jetzt freischalten unter http://portal.gmx.net/de/go/maxdome
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
t...@kalik.net wrote:
Permissions are now 600 for client.[pem|key] and [ca|server].pem (still
using ca and also server certificate on client), but the result is
similar.
Does it still say unknown ca or something else? If it's something else
you need to poost a new debug. If it's still the
t...@kalik.net wrote:
t...@kalik.net wrote:
Also tried modify wpa_supplicant conf:
- ca_cert=ca.pem
+ ca_cert=server.pem
But with the same result.
Because the path is wrong, ie. certificate is not there. Put the correct
path to where you have imported the certificate.
Ivan Kalik
-
t...@kalik.net wrote:
Also tried modify wpa_supplicant conf:
- ca_cert=ca.pem
+ ca_cert=server.pem
But with the same result.
Because the path is wrong, ie. certificate is not there. Put the correct
path to where you have imported the certificate.
Ivan Kalik
-
List
Paul Ryszka wrote:
On Mon, 2009-11-23 at 20:37 +0100, Tomas Pelka wrote:
t...@kalik.net wrote:
Also tried modify wpa_supplicant conf:
- ca_cert=ca.pem
+ ca_cert=server.pem
But with the same result.
Because the path is wrong, ie. certificate is not there. Put the correct
path to where you
t...@kalik.net wrote:
So the problem is in certificate:
[tls] TLS 1.0 Handshake [length 038d], Certificate
-- verify error:num=20:unable to get local issuer certificate
[tls] TLS 1.0 Alert [length 0002], fatal unknown_ca
That means that you haven't imported self-signed ca certificate
t...@kalik.net wrote:
Alan DeKok wrote:
Tomas Pelka wrote:
have a problem with advanced EAP authentication methods including
PEAP, EAP-TLS, EAP-TTLS-MD5/MSCHAPV2.
I wouldn't call them advanced...
Certs was created with the makefile included in freeradius sources.
All my experiments
Tomas Pelka wrote:
t...@kalik.net wrote:
Alan DeKok wrote:
Tomas Pelka wrote:
have a problem with advanced EAP authentication methods including
PEAP, EAP-TLS, EAP-TTLS-MD5/MSCHAPV2.
I wouldn't call them advanced...
Certs was created with the makefile included in freeradius sources.
All
Alan DeKok wrote:
Tomas Pelka wrote:
have a problem with advanced EAP authentication methods including
PEAP, EAP-TLS, EAP-TTLS-MD5/MSCHAPV2.
I wouldn't call them advanced...
Certs was created with the makefile included in freeradius sources.
All my experiments ending
On 11/17/2009 11:25 PM, Alan Buxey wrote:
hi,
its not a peap/ttls/eap problem - its a problem with linking
to your SQL libraries. i guess you want to use postgresql?
have you got the psqgl devel libraries etc installed?
and 2.0.4 is very very old now
alan
-
List info/subscribe/unsubscribe?
Hi guys,
have some problems with compiling freeradius with eap-tls/peap/ttls support.
configure running:
./configure --prefix=/usr \
--exec-prefix=/usr \
--mandir=$(mandir) \
--sysconfdir=/etc \
--libdir=$(libdir) \
--datadir=/usr/share
is - is there a way to accomplish this with existing
FreeRADIUS modules, or do I need to implement my own module to do this
?
Thank you !
/ Tomas
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
'.
Excellent, thank you, works like a charm ! Didn't even have to upgrade
the radius server, it works on the existing 2.0.5 installation with no
problems.
Many thanks for your help !
/ Tomas
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Dear all,
I'd appreciate if somebody could please explain me the meaning of
certificates. I had a look at certs/README, but some things are still
unclear.
As far as I know there are 3 types of certificates on FreeRADIUS:
* ROOT CA
* Server
* Client
What is the purpose of
User-Name = AD\\tomas
Service-Type = Framed-User
Framed-Protocol = PPP
NAS-Port = 1
NAS-Port-Type = Ethernet
NAS-Port-Id = 1
Called-Station-Id = 00-11-0a-fe-a9-3f
Calling-Station-Id = 00-17-a4-4e-77-47
Connect-Info = CONNECT Ethernet
about the hack.
[mschap] Told to do MS-CHAPv2 for AD\tomas with NT-Password
[mschap] FAILED: MS-CHAP2-Response is incorrect
++[mschap] returns reject
And it isn't using ntlm_auth.
You have an updated manual (relevant to freeradius 2.x) at:
http://deployingradius.com/documents
On Thu, 2009-02-19 at 13:34 +0100, t...@kalik.net wrote:
I am not sure what the problem is from your description. If it's
complaining about the domain try using alternative for username -
%{mschap:User-Name}. That is documented above the ntlm_auth line in
mschap module. Try and see if that
On Thu, 2009-02-19 at 10:23 -0600, Mike Loosbrock wrote:
Tomas, it sounds like you want the following behavior:
1.) machine boots up
2.) machine 802.1x authenticates, opening switch port for AD
communication
3.) user enters credentials into OS login screen
4.) machine authenticates user
, or should I start again and
not use likewise-open at all?
Thanks for your help!
Tomas
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Thanks for that, I'll get samba and winbind working from freeradius
wiki.
Cheers,
Tomas
On Wed, 2009-02-18 at 08:54 -0600, Danner, Mearl wrote:
Install samba and winbind. That's the proper way to pass auth to AD.
Forget likewise-open.
It works quite well the way that's documented
Dear list,
I'm new to the whole radius deal, so please excuse me if this sounds
stupid/easy to you...
I'm trying to setup freeradius system which would authenticate windows
users. I'm not going for all bells and whistles at this point and only
use users file for testing. I have following in my
for OpenSSL library
files
do I need to specify where are openssl includes and libraries? Or do I
need full version of openssl?
cheers,
Tomas
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
On Mon, 2009-01-19 at 14:12 +0100, Alan DeKok wrote:
You need the libssl-dev package.
And then re-build re-install the server.
Alan DeKok.
Alan,
Thanks for your mail. I have installed libssl-dev package:
r...@radius:/home/radius/sbin# dpkg -l | grep ssl
ii libssl-dev
. I'll be back with problems when I
start making this work with active directory (:
thanks
Tomas
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Tomas D wrote:
I'm trying to fetch radius from git and install it on my ubuntu server.
I'm having some issues compiling radius...
Here's what I'm doing;
...
frs_dhcp.c:183: error: 'RAD_LISTEN_DHCP' undeclared here (not in a
function)
OK. The module didn't have the appropriate wrappers
Hi, All
I am about to compile per (freeradius 2.1.1 server) INSTALL doc on my
Debian Lenny-AMD64 uptodate system. I have seen Debian put things in
non-standard places. Are there any gotcha's I should be aware of
--
What else should I read first?
Hi, I have compled my radius from the
Hi,
I'm trying to fetch radius from git and install it on my ubuntu server.
I'm having some issues compiling radius...
Here's what I'm doing;
get
[EMAIL PROTECTED]:~# git clone git://git.freeradius.org/freeradius-server.git
radiusd
Initialized empty Git repository in /root/radiusd/.git/
Hi Federico!
Check default radiusd.conf and search for realm and suffix. It
looks like you're not calling rlm_realm in authorize.
th.
On 7/11/07, Federico Giannici [EMAIL PROTECTED] wrote:
We have a working FreeRADIUS 1.1.4 running since a lot of months.
Now we have to proxy the requests
Hi Alan!
On 7/5/07, Alan DeKok [EMAIL PROTECTED] wrote:
George Beitis wrote:
... I will use a policy engine to do that
and i want to overwrite the final decision if the user is not authorized
based on my policy.
Is postauth the right place to do this?
Yes.
But you can't turn a
On 7/6/07, George Beitis [EMAIL PROTECTED] wrote:
you actually made a very good point :) I didn't realize there was an
authorize part in the work flow of freeradius. That would be before
postauth, are there any other steps after authorize and before post auth?
For (non-proxied)
On 7/6/07, George Beitis [EMAIL PROTECTED] wrote:
for proxied ones would the last 2 remain the same?
No.
authorize
pre-proxy
post-proxy
post-auth
th.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Hi Alan!
On 7/6/07, Alan DeKok [EMAIL PROTECTED] wrote:
Isn't authorize better place for that? Even name suggests
authorization should be done there... ;)
No. authorize is run before authentication for historical reasons.
Yes I do understand authorize is run before authenticate and I
On 6/22/07, Stefan Winter [EMAIL PROTECTED] wrote:
attempting to kill a running radsql with ^C doesn't do anything, and kill'ing
it with TERM doesn't impress it either on my system. I had to send KILL to
get rid of it. Is this intentional?
I remember hitting similar problem, when experimenting
On 6/20/07, Andrew Long [EMAIL PROTECTED] wrote:
[EMAIL PROTECTED] SPECS]# rpmbuild -bb freeradius.spec
error: Failed build dependencies:
libtool-ltdl-devel is needed by freeradius-1.1.6-0.i386
On Cent 4.4 there is no libtool-ltdl or devel package.
Edit .spec file and remove
On 6/12/07, lisa laam [EMAIL PROTECTED] wrote:
*** Warning: Linking the shared library rlm_perl.la against the
*** static library
/usr/lib/perl/5.8/auto/DynaLoader/DynaLoader.a is not
portable!
gcc -shared .libs/rlm_perl.o -Wl,--rpath
-Wl,/home/ouahiba/download/freeradius-
Hi!
I have a question regarding proxy failover in FreeRadius 1.x. Proxy
code chooses first active home server for realm and send packet to
that one. If no reply is received after configured number of retries,
request is rejected, other servers are *not* tried. Does version 2.0
have the same
HI Alan!
On 5/27/07, Alan Dekok [EMAIL PROTECTED] wrote:
That's not what the documentation says. It says that a request will
be rejected once it has timed out. If the home server is marked dead
while the request is still alive, AND the NAS retransmits, then the
request will be sent to
On 5/22/07, Ashraf Al-Basti [EMAIL PROTECTED] wrote:
Dear All,
this is what i have,
rlm_sql (sql): Could not link driver rlm_sql_oracle: rlm_sql_oracle.so:
cannot open shared object file: No such file or directory
rlm_sql (sql): Make sure it (and all its dependent libraries!) are in the
On 4/19/07, John Butala [EMAIL PROTECTED] wrote:
We would like to use FreeRADIUS (acting as a proxy server) to set the
Primary-DNS-Server and Secondary-DNS-server attributes in the auth
response to the RADIUS client only if these attributes are not provied
by the end RADIUS server (which we
On 3/18/07, Markus Krause [EMAIL PROTECTED] wrote:
i am writing a perl script to authorize and authenticate users.
authorization works (so the script itself works and seems to be used
by freeradius as expected) but as i do not know how to define the
Auth-Type with the perl script i get the
On 3/15/07, Paul Goodman [EMAIL PROTECTED] wrote:
I am trying to compile the pam_radius-1.3.16 modules on a Solaris 10 system,
but when I run make, I get the following error:
gcc -Wall -fPIC -c pam_radius_auth.c -o pam_radius_auth.o
In file included from pam_radius_auth.h:23,
On 3/15/07, Chris Moody [EMAIL PROTECTED] wrote:
Greetings all,
I am trying to create an RPM of Freeradius 1.1.5 for a Fedora Core 6
install, and following the instructions in the Wiki, the build process
dies with this at the end:
c/include -Ilibeap -c rlm_eap.c -fPIC -DPIC -o
On Mon, Feb 19, 2007 at 02:01:53PM -0500, Kevin Bonner wrote:
On Monday 19 February 2007 13:13, Andrew Long wrote:
freeradius 1.4 on CentOS 4.4
How can I verify the number of threads? I only see one process with
ps aux | grep radiusd
I could have sworn I used to see each thread with
Hi all!
I've come across an issue with verification of {SSHA} encrypted passwords
in FreeRadius 1.1.4. Verification fails for correct passwords. I've
managed to track problem through normify() to base64_decode() function in
rlm_pap.c. This seems to be a culprit:
if (src[length] != '=')
On Sun, Feb 04, 2007 at 01:20:17PM +0100, Federico Giannici wrote:
Unfortunately it works with PAP only!
With CHAP it gives me rlm_chap: Clear text password not available...
Any suggestion?
You may try to stick with User-Password for now, it's still recognized by
rlm_pap. CVS version of
Hi all!
Default attrs file used by rlm_attr_filter contains following DEFAULT
section:
DEFAULT
Service-Type == Framed-User,
Service-Type == Login-User,
Login-Service == Telnet,
Login-Service == Rlogin,
Login-Service == TCP-Clear,
[ ... ]
Framed-Protocol == PPP,
On Wed, Jan 10, 2007 at 05:49:59PM +0100, [EMAIL PROTECTED] wrote:
i'm using freeradius 1.0.1 from Red Hat entreprise 4.
You SHOULD upgrade:
http://freeradius.org/security.html
does not Red Hat supply any security patch with the OS support ?
Yes, they do. Release 1.0.1-3.RHEL4.3
Hi Alan!
Thanks for reply.
On Wed, Jan 10, 2007 at 09:32:37AM -0500, Alan DeKok wrote:
Could you check the code in the CVS head? It was updated
significantly, to clarify some of these issues. I think it may work a
little better.
I have not tried latest CVS code yet, but I have read it.
On Thu, Jan 01, 1970 at 12:00:00AM +, Alan DeKok wrote:
Version 1.1.4 has been released, with a few notable improvements.
Is there good reason for not updating rlm_perl? Version in 1.1.4 is
1.13.4.7 2006/04/27 (same as in 1.1.3 and 1.1.2), even though CVS
contains version 1.45 2006/12/04
HOW CAN I USE IP POOLS WITH FREERADIUS, MY NAS is a cisco Linksys WRT54Gnow im working with freeradius 1.1.3 and mysql 5.02in ubuntu drapper and is working fine, i have my users stored in the radcheck table, but iwant to dividethe users in two groups and assing a different range of ip pools to
this is the example of my dhcpd.conf
im using dhcp3 for ubuntu and freeradius 1.1.3 , here for example I have two ip pools one for users that belong to the group A and another one for the rest of the users, the class name is "A", here im using the MAC address to divide users, all the MACs with
pool A or B depending if the user belongs to the group A or B
how can i work with mysql and dhcp3???help me please
eduardo
I.S.C Tomas Eduardo Lotina Ramosthe Love is the base of the world, and its only hope..Ya tienes la ultima versión de Messenger: Windows Live Messenger en Prodigy/MSN (V.8) Haz
pool A or B depending if the user belongs to the group A or B
how can i work with mysql and dhcp3???help me please
eduardo
I.S.C Tomas Eduardo Lotina Ramosthe Love is the base of the world, and its only hope..Crea tu Space y compartelo con quién tu quieras Haz clic aquí Windows Live Spaces en
HELP PLEASE
hello i need help, if somebody can help me please do it =)
ihave a freeradius server v1.1.3 with mysql 5.0.22 runningin ubuntu drapper , both having comunication, i have an access point cisco which one is working with freeradius server excellent, the authentication is throught the
I'm using freeradius 1.0.2 with ldaps. I had the same problem
(freeradius crash) due, I think, to a bug in openldap or openssl
libraries. Now I have it working with stunnel to add the ssl layer.
Jose T.
Roberto S. G. wrote:
Hi,
I'm trying to configure freeradius (1.0.1) to use an ldaps
, and will hopefully
support returning the correct Session-Timeout attribute.
I hope this helps someone out there.
Regards
/tomas
wire.less.dk
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
56 matches
Mail list logo