Hi Lionel!!!
I have a problem (how always). I have installed two versions of freeradius.
With the following radiusd.conf, freeradius 0.9.3 runs ok with TLS (TTLS is
not supported with this version of freeradius)
BUT with same radiusd.conf (not exactly the same, with the prefix changed),
freeradius-snaphot-20040216, TLS don't run ok. I don't understand why? (TTLS
is supported with this version but I have a problem: "auth: Failed to
validate the user."
So, my first problem now is TLS under freeradius-snapshot-20040216, do you
have any idea?????
freeradius-snapshot-20040216 logs
-------------------------------------
rad_recv: Access-Request packet from host 192.168.49.252:1229, id=90,
length=146 User-Name = "001122334455"
NAS-IP-Address = 192.168.49.252
NAS-Port = 0
Called-Station-Id = "00-80-C8-01-01-55"
Calling-Station-Id = "00-0B-46-26-1B-E2"
NAS-Identifier = "DWL-1000AP+"
Framed-MTU = 1380
NAS-Port-Type = Wireless-802.11
EAP-Message = 0x0201001101303031313232333334343535
Message-Authenticator = 0xb2dfd83cf36fc223a2a5326d6b528259
modcall: entering group authorize for request 2
modcall[authorize]: module "preprocess" returns ok for request 2
rlm_ldap: - authorize
rlm_ldap: performing user authorization for 001122334455
radius_xlat: '(uid=001122334455)'
radius_xlat: 'ou=Wireless,dc=sgi,dc=es'
ldap_get_conn: Got Id: 0
rlm_ldap: performing search in ou=Wireless,dc=sgi,dc=es, with filter
(uid=001122334455)
rlm_ldap: looking for check items in directory...
rlm_ldap: Adding radiusExpiration as Expiration, value 08 & op=21
rlm_ldap: Adding radiusAuthType as Auth-Type, value EAP & op=21
rlm_ldap: looking for reply items in directory...
rlm_ldap: user 001122334455 authorized to use remote access
ldap_release_conn: Release Id: 0
modcall[authorize]: module "ldap" returns ok for request 2
modcall: group authorize returns ok for request 2
auth: Failed to validate the user.
radiusd.conf (freeradius0.9.3. AND freeradius-snapshot-20040216)
--------------------------------------------------------------------------
eap {
default_eap_type = tls
timer_expire = 60
ignore_unknown_eap_types = no
md5 {
}
leap {
}
tls {
private_key_password = izadisan
private_key_file = /usr/local/openssl/ssl/certs/server/server.pem
certificate_file = /usr/local/openssl/ssl/certs/server/server.pem
CA_file = /usr/local/openssl/ssl/certs/ca/ca.pem
dh_file = /usr/local/openssl/ssl/certs/dh
random_file = /usr/local/openssl/ssl/certs/random
fragment_size = 1024
include_length = yes
}
#ttls {
# default_eap_type=md5
# copy_request_to_tunnel = no
# use_tunneled_reply=no
#}
#peap {
# default_eap_type=mschapv2
#}
#mschapv2 {
#}
}
Jos� Luis Solano
SGI - Soluciones Globales Internet S.A.
Delegaci�n Regional Sur
[EMAIL PROTECTED]
(+34) 954.088.060
----- Original Message -----
From: "Lionel Gavage" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Tuesday, February 17, 2004 3:56 PM
Subject: RE: Alfa&Ariss Client Heeeeeeeeeeeeelp!!!!!!!
> I know but the problem is with LDAP module. Without LDAP module all work
> fine.
> I use PAP with SecureW2 but if i use the LDAP module it doesn't work.
>
> Lionel Gavage
>
> -----Message d'origine-----
> De : [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] la part de Rok
> Papez
> Envoye : mardi 17 fevrier 2004 15:29
> A : [EMAIL PROTECTED]
> Objet : Re: Alfa&Ariss Client Heeeeeeeeeeeeelp!!!!!!!
>
>
> Hello Lionel.
>
> Lionel Gavage wrote:
>
> > I've the same problem. Without LDAP it works.
> > However LDAP server returns OK for the validation of the user ...
> > I don't reach to correct this problem :(
> >
> >
> > Lionel Gavage
> >
> > -----Message d'origine-----
>
> > mschapv2 {
> > }
>
> SecureW2 supports only PAP, not MS-CHAP.
>
> --
> best regards,
> Rok Papez.
>
> P.S.: It doesn't help to scream "help" in the subject. Just enter a sane
> topic.
>
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
>
>
> -
> List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
>
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
