Stefan Winter wrote:
> For the built-in supplicant in XP/Vista: it generally sucks. There is the
> new "Wireless Native API" that is supposed to allow scripted auto-setups of
> 802.1X settings for an SSID, but we haven't tested if that's really
> practical. If you can find a student to code on t
nikitha george wrote:
> Alan,
> I tried with the configuration you had given below, but it does not
> work out. Still radius server is accepting TLS method.
And debug mode says ?
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Alan,
I tried with the configuration you had given below, but it does not work
out. Still radius server is accepting TLS method.
Thanks,
Nikitha
On 1/9/08, Alan DeKok <[EMAIL PROTECTED]> wrote:
>
> nikitha george wrote:
> > Hi,
> > I want to enable only TTLS authentication and if the client is
>
> however, this puts the security on the client end...and they'll still
> get a connection with the proper server even if they've ommitted
> all the checks. this is bad generally - you need to have a way
> of the server checking that these client settings are enforced.
> oh well. I guess thats wh
David Wood wrote:
> I am about to start working on an update of that port to 2.0.0 - and it
> will likely be renamed net/freeradius2 at the same time, as it's no
> longer a development version. My part of this isn't likely to take too
> long (hopefully <12 hours to submit the FreeBSD PR barring une
...
>rlm_ldap: Added password {SSHA}F8XliBuxscoShNf0k7RxlC7niB7ISswp in check
items
...
>rlm_eap_md5: User-Password is required for EAP-MD5 authentication
...
You can't use encrypted passwords with EAP-MD5.
http://deployingradius.com/documents/protocols/compatibility.html
Ivan Kalik
Kalik Inf
Yes.
Ivan Kalik
Kalik Informatika ISP
Dana 10/1/2008, "[EMAIL PROTECTED]" <[EMAIL PROTECTED]> piše:
>Is it possible to authenticate with radius and the have ISC DHCP hand out
>out an IP (etc)?
>
>
>-
>List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>
>
-
List inf
hi,
known SNMP issues with 64bit and that version of SNMP.
you will need to follow the debug instructions to help debug
alan
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Hi,
> Hi,
> I can't still figure it out why I can't access from Linux clients.
> I use version 1.1.7 of freeradius. Linux client is a Fedora 8 system.
what is the linux client config?
i see the following in your debug
rlm_eap: Request found, released from the list
rlm_eap: EAP/md5
rlm_eap:
Hi,
I can't still figure it out why I can't access from Linux clients.
I use version 1.1.7 of freeradius. Linux client is a Fedora 8 system.
I use Freeradius+eap+ttls. Users accounts are stored in a LDAP server.
My eap.conf is:
eap {
default_eap_type = ttls
timer
this is the log
[smux_accept] accepted fd 12 from 127.0.0.1:57180
Jan 10 20:38:26 RADIUS-1-A snmpd[32488]: refused smux peer: oid
SNMPv2-SMI::enterprises.3317.1.3.1, descr radiusd
Jan 10 20:38:26 RADIUS-1-A snmpd[32488]: [smux_accept] accepted fd 12
from 127.0.0.1:57181
Jan 10 20:38:26 RADIUS-1
Hi,
> Oh, it exists. It's called subject_match within a network { } stanza of
> wpa_supplicant, and all the Windows supplicants I've seen so far allow you
> set your expectations on the server name. It's turned off by default though.
agreed. it is there.
however, this puts the security on the
On Thu 10 Jan 2008, Alan T DeKok wrote:
> January 10, 2007 - Version 2.0.0 has been released.
>
> We are pleased to announce that Version 2.0.0 has been released.
> This version is a tremendous step forward in functionality for the server.
openSUSE, SLES, Fedora and Mandriva rpms of FreeRADI
On Thursday 10 January 2008 08:41:30 Amr el-Saeed wrote:
> but every time i wanted to snmpwalk from the radius i got that error "
> RADIUS-AUTH-SERVER-MIB::radiusMIB = No Such Object available on this
> agent at this OID "
>
> the command i execute is " snmpwalk -v2c -c testsnmp -m
> /etc/raddb/RA
Is it possible to authenticate with radius and the have ISC DHCP hand out
out an IP (etc)?
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
hi,
congratulations, and thank you very much for all the work you put on
freeradius.
cheers,
pedro
--
"you don't code php. you merely edit it until it works." - merlyn
Information in this email including any attachments may be privileged,
confidential and is intended exclusively for the a
Hi all,
In message <[EMAIL PROTECTED]>, Mother
<[EMAIL PROTECTED]> writes
Alan T DeKok wrote:
January 10, 2007 - Version 2.0.0 has been released.
We are pleased to announce that Version 2.0.0 has been
released.
This version is a tremendous step forward in functionality for the server.
Mother wrote:
> This is great news Alan! Any idea if a *BSD port is going to be released
> for it soon?
The ports should be updated at some point...
One goal of 2.0 was to be backwards compatible with 1.1.x as much as
possible. So in *most* cases that I'm aware of, the old configuration
fil
John Horne wrote:
> It seems that the bzip2 file of the new version 2.0.0 is actually a gzip
> file:
Fixed, thanks.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
congrats guys.
On 10/01/2008, Matt Garretson <[EMAIL PROTECTED]> wrote:
>
> Alan T DeKok wrote:
> > January 10, 2007 - Version 2.0.0 has been released.
>
>
> Congratulations, and thanks for all your hard work on FreeRADIUS!
>
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/l
Alan T DeKok wrote:
> January 10, 2007 - Version 2.0.0 has been released.
Congratulations, and thanks for all your hard work on FreeRADIUS!
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Hi,
It seems that the bzip2 file of the new version 2.0.0 is actually a gzip
file:
freeradius-server-2.0.0.tar.bz2: gzip compressed data, from Unix, last
modified: Thu Jan 10 13:33:14 2008
I downloaded this from the main FreeRADIUS web site. Just something to
be aware of :-)
John.
--
--
Alan T DeKok wrote:
January 10, 2007 - Version 2.0.0 has been released.
We are pleased to announce that Version 2.0.0 has been released.
This version is a tremendous step forward in functionality for the server.
See http://freeradius.org for more information, including downloads,
and maj
Hi,
> I don't recall seeing that, to be honest. wpa_supplicant doesn't have
> that, and Windows doesn't have it. They both have a "validate server
> certificate" checkbox, but that only checks the CA chain, NOT the CN.
Oh, it exists. It's called subject_match within a network { } stanza of
w
Alan T DeKok wrote:
January 10, 2007 - Version 2.0.0 has been released.
We are pleased to announce that Version 2.0.0 has been released.
This version is a tremendous step forward in functionality for the server.
This is great news Alan! Any idea if a *BSD port is going to be released
for
Stefan Winter wrote on 10.01.2008 15:51:
> Hi,
>
>> If the supplicant is not configured that strictly, at the end of the day it
>> does not matter if you rolled your own self-signed RADIUS server cert or
>> you have a cert with its root CA pre-installed.
>
> Actually, It's not quite the same: if
Reimer Karlsen-Masur, DFN-CERT wrote:
> Actually we were talking about server side config.
Yes. The server has been updated simplify configurations without
EAP-TLS, and to document the issues involved in certificates.
> Looking at the supplicant, the user strongly should enter a fully qualifie
Hi,
> If the supplicant is not configured that strictly, at the end of the day it
> does not matter if you rolled your own self-signed RADIUS server cert or
> you have a cert with its root CA pre-installed.
Actually, It's not quite the same: if the user at least managed to enable to
CA checking,
You haven't posted the debug output. Post one that has both access and
accounting requests for the same user.
Ivan Kalik
Kalik Informatika ISP
Dana 10/1/2008, "Jayaraman Balasubramanian"
<[EMAIL PROTECTED]> piše:
>Hi
>
>I have configured the Free Radius Server to work as proxy radius server wit
[EMAIL PROTECTED] wrote on 10.01.2008 14:53:
> Hi,
>
>> RADIUS certificates for EAP should ALMOST ALWAYS be self-signed. That
>> means that no one else can successfully convince the users to send them
>> the passwords.
>
> seconded/thirded. as UK eduroam support I agree that such a closed-lo
January 10, 2007 - Version 2.0.0 has been released.
We are pleased to announce that Version 2.0.0 has been released.
This version is a tremendous step forward in functionality for the server.
See http://freeradius.org for more information, including downloads,
and major updates to the web
Hi
I have configured the Free Radius Server to work as proxy radius server with
the following in the proxy.conf
realm NULL {
type = radius
authhost = 100.100.0.2:1812
accthost = 100.100.0.2:1813
secret = testing123
}
All the other conf files are configured properly. AM getting the
Hi,
> RADIUS certificates for EAP should ALMOST ALWAYS be self-signed. That
> means that no one else can successfully convince the users to send them
> the passwords.
seconded/thirded. as UK eduroam support I agree that such a closed-loop
system provides a better protection. though more conf
Dear All,
I have freeradius-1.1.7-1.
it was installed on RHEL 3
SNMP net-snmp-5.0.9-2.30E.22
every thing was going OK
i just installed RHEL 564-bit
recompiled the freeradius on the new OS and reinstall
the radius is working Ok
i have SNMP version net-snmp-5.3.1-19.el5
but every time i
> No. You are saying that the supplicant should trust those root CA's
> for ALL authentication.
>
> i.e. you have a certificate for "example.com", signed by Verisign.
> The supplicant is configured to trust the verisign-signed certificates,
> because that's what you have.
>
> Now *anyone* wh
Reimer Karlsen-Masur, DFN-CERT wrote:
> Whereas IMO the SSL cert of the RADIUS server should be issued by a CA which
> has its root CA certificate preinstalled in the standard certificate stores...
No. You are saying that the supplicant should trust those root CA's
for ALL authentication.
i.
Alan DeKok wrote on 10.01.2008 11:26:
> Reimer Karlsen-Masur, DFN-CERT wrote:
>> This is definitely more elegant than my suggestion but I found that many
>> FreeRADIUS admins get confused by the
>>
>> CA_file
>> CA_path
>>
>> options. They think that they need to place the CA chain from *their
>>
On Thu 10 Jan 2008, mohsen rahmanian wrote:
> > > I install freeradius-1.1.7-7.1.i386.rpm few days ago, When I try to
> > > install, upgrade or remove freeradius-1.1.7-7.1.i386.rpm get this
> > > error:
> > >
> > > /var/tmp/rpm-tmp.25681: line 1: fg: no job control
> > > error: %postun( freeradius-
Reimer Karlsen-Masur, DFN-CERT wrote:
> This is definitely more elegant than my suggestion but I found that many
> FreeRADIUS admins get confused by the
>
> CA_file
> CA_path
>
> options. They think that they need to place the CA chain from *their
> FreeRADIUS servers SSL certificate* in the file
This is definitely more elegant than my suggestion but I found that many
FreeRADIUS admins get confused by the
CA_file
CA_path
options. They think that they need to place the CA chain from *their
FreeRADIUS servers SSL certificate* in the file/directory specified in above
options. But by doing so
Sourav Chakraborty wrote:
> Hi Everyone,
>
> We are tring to add our own VSA to the Access-Accept message sent out
> by FreeRADIUS server.Can you please outline the steps as to how this
> can be done?We require this urgently.
Create a dictionary. Tell FreeRADIUS to use it. Then, configure it
41 matches
Mail list logo