NdK wrote:
Il 20/01/2012 21:46, Alan DeKok ha scritto:
Yeah, I've gone and fixed that. git is nice for updating web pages.
Still there's Then, fine the mschap module. s/fine/find/ :)
Fixed, thanks.
BTW, in a real AD setup, with AD servers used as DNS, there should be no
need to setup
Thanks ndk and alan I lll give it a fresh try to the testbed. I have
already deleted the DEFAULT entry from the users file and updated mschap as
indicated. I think what might be forcing NTLM_AUTH is an entry which i made
to the authorize section of default file after which ntlm_auth strated to
Hi
I did my tests and after removing that custom block of authorize section
the following is the output.
rad_recv: Access-Request packet from host 127.0.0.1 port 54347, id=2,
length=57
User-Name = 01546
User-Password =
NAS-IP-Address = 192.168.0.99
Il 20/01/2012 21:46, Alan DeKok ha scritto:
Yeah, I've gone and fixed that. git is nice for updating web pages.
Uh... forgot... When using ntlm_auth with a password, --request-nt-key
seems to have no effect. Tested in different distros.
BYtE,
Diego.
-
List info/subscribe/unsubscribe? See
hi Fajar
I did read the replies as well as Alan's page. Being a newbie to FR i
actually started with that only.
On Sat, Jan 21, 2012 at 7:44 PM, Fajar A. Nugraha l...@fajar.net wrote:
Did you REALLY read the replies sent to this list?
Did you REALLY read Alan's page,
Dhiraj Gaur wrote:
The version of radtest on my system doesnt support the -t option, hence
even after doing radtest -h I could not find anything.
Upgrade. It really helps.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
On Sat, Jan 21, 2012 at 11:14 PM, Dhiraj Gaur dhiraj.g...@gmail.com wrote:
The version of radtest on my system doesnt support the -t option, hence even
after doing radtest -h I could not find anything. I settled for jradius
client to achieve the same effect already.
It doesn't really matter
Hi
I have been trying to implement radius authetication server at my
workplace. The idea is to have all wifi access points authenticate against
a radius server.
The radius server needs to pass authentication to a backend Active
Directory server. I have been sucessful in authenticating wifi users
Dhiraj Gaur wrote:
I have been trying to implement radius authetication server at my
workplace. The idea is to have all wifi access points authenticate
against a radius server.
That is a common deployment, and should be easy to do.
The radius server needs to pass authentication to a
HI Alan
Thanks for the reply. I already followed your site and was able to make
ntlm_auth work. For MS-CHAP the AD page of your site says
Start the server and use a test client to send an MS-CHAP authentication
request. The radclient cannot currently be used to send this request,
unfortunately,
Il 20/01/2012 17:17, Dhiraj Gaur ha scritto:
Thanks for the reply. I already followed your site and was able to make
ntlm_auth work. For MS-CHAP the AD page of your site says
Start the server and use a test client to send an MS-CHAP
authentication request. The |radclient| cannot currently
Dhiraj Gaur wrote:
rt the server and use a test client to send an MS-CHAP
authentication request. The |radclient| cannot currently be used to send
this request, unfortunately, which makes testing a little difficult If
everything goes well, you should see the server returning an
Access-Accept
Il 20/01/2012 19:44, Alan DeKok ha scritto:
The radclient program has since been updated.
Then it could be better to update that page, since it's the reference
for all newbies that try to make it work.
You hard-coded it to *always* do NTLM authentication, using the PAP
credentials. Then
NdK wrote:
The radclient program has since been updated.
Then it could be better to update that page, since it's the reference
for all newbies that try to make it work.
Yeah, I've gone and fixed that. git is nice for updating web pages.
It *should* work is more correct :(
There still
OK,
Just to recap, I'm working on setting Freeradius up to authenticate users to
our wireless network. We want to use PEAP-MSCHAPv2 and authenticate against
Active Directory. I'm using samba and ntlm_auth.
Versions:freeradius2-2.1.7-7.el5 and samba3.0.33-3.29
Needless to say it's failing.
Hi,
I've pasted my debug output into the web tool and it picks out the following
in red
security {
max_attributes = 200
reject_delay = 1 (This line in red)
status_server = yes
}
(all in red)
Module: Instantiating attr_filter.access_reject
attr_filter
+mark.holmes=nuffield.ox.ac...@lists.freeradius.org]
On Behalf Of Alan Buxey
Sent: 12 October 2010 10:41
To: FreeRadius users mailing list
Subject: Re: Problem with MSCHAP
Hi,
I've pasted my debug output into the web tool and it picks out the following
in red
security {
max_attributes = 200
...@lists.freeradius.org]
On Behalf Of Mark Holmes
Sent: 12 October 2010 11:25
To: FreeRadius users mailing list
Subject: RE: Problem with MSCHAP
Alan,
Thanks for your reply.
how are you testing this - a real client, command line tool etc? when you run
it in full
debug mode - and you arent helping
a problem with mschap somewhere
Also
[suffix] Looking up realm mydomain.ox.ac.uk for User-Name =
firstname.lastn...@mydomain.ox.ac.uk
[suffix] No such realm mydomain.ox.ac.uk
However I'm not sure I need to worry about that bit - at the moment this is
just a single, stand alone RADIUS server so
On 08/10/10 14:24, Mark Holmes wrote:
and I see the server returns Access-Accept.
Firstly, don't set Auth-Type. It's almost always the wrong thing to do.
Secondly, this is just testing PAP i.e. plain username/password auth.
Wireless typically uses 802.1x via EAP.
I then configure
[peap] Received EAP-TLV response.
[peap] Had sent TLV failure. User was rejected earlier in this session.
You need to look earlier in your debug output to see why it was rejected
(that's what this error message means)
-
List info/subscribe/unsubscribe? See
Hi,
I'm new to freeradius, I'm working on setting it up to authenticate users to
our wireless network. We want to use PEAP-MSCHAPv2 and authenticate against
Active Directory. I'm using samba and ntlm_auth.
okay - a fairly standard setup for modern 802.1X
Versions:freeradius2-2.1.7-7.el5
All,
Many thanks for the replies.
Firstly, don't set Auth-Type. It's almost always the wrong thing to do.
Sure - I set that just to test the AD auth was working, and removed it again
prior to configuring mschap.
EAP is a multi-pass protocol; there will be 4-8 requests, and the actual
Mark Holmes wrote:
I wasn't sure about posting the whole lot to this list as it runs to quite a
few lines so posted it here
http://www.nuffield.ox.ac.uk/scratch/logfile.txt
Cut paste that into the form on this page:
http://networkradius.com/freeradius.html
Then, look for red /
do you REALLY want to accept what the user puts in as the gospel truth? ie,
I wouldnt be comfirtable
taking the user-supplied domain for the ntlm_auth - I'd set it manually (if it
really was a local user!)
Good point.
Our existing setup uses IAS, and is configured to expect the domain to be
Lukasz Lacinski wrote:
Below is my previous e-mail, but with output from freeradius in format easier
to read.
I use ntlm_auth in mschapv2 (freeradius 20070409) by the following line in
radiusd.conf:
ntlm_auth = /usr/local/eduroam/progs/ntlm/ntlm_auth.pl --request-nt-key
Alan DeKok wrote:
I've committed a fix to CVS head. Please re-test.
OK. I'm going to test it as soon as possible.
It means when SIGSEGV will not be so fast ;-)
Listening on authentication address * port 1812
Listening on accounting address * port 1813
Listening on proxy address * port
Hello,
I use ntlm_auth in mschapv2 (freeradius 20070409) by the following line in
radiusd.conf:
ntlm_auth = /usr/local/eduroam/progs/ntlm/ntlm_auth.pl --request-nt-key
--username=%{Stripped-User-Name:-%{User-Name:-None}}
--challenge=%{mschap:Challenge:-00}
--nt-response=%{mschap:NT-Response:-00}
Below is my previous e-mail, but with output from freeradius in format easier
to read.
I use ntlm_auth in mschapv2 (freeradius 20070409) by the following line in
radiusd.conf:
ntlm_auth = /usr/local/eduroam/progs/ntlm/ntlm_auth.pl --request-nt-key
29 matches
Mail list logo