Re: Segfault in radrelay on FR 1.0.1

2004-09-26 Thread Kevin Bonner 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On Friday 24 September 2004 14:33, Alan DeKok wrote:
> Kevin Bonner <[EMAIL PROTECTED]> wrote:
> > I sent radrelay a TERM and saw that there were a few records left in the
> > detail file that needed to be pushed.  Installed version 1.0.1, and
> > radrelay kept segfaulting when trying to start.  Running through gdb, I
> > tracked it down to an invalid entry in the radrelay detail file.
>
>   What part of radrelay failed?  Is there a patch to fix the problem?

(gdb) bt
#0  0x0804a0b9 in read_one (fp=0x8868aa0, r_req=0x8064760) at radrelay.c:287
#1  0x0804aaa8 in loop (r_args=0xfef58df0) at radrelay.c:605
#2  0x0804b9bd in main (argc=2, argv=0xfef593e0) at radrelay.c:1003

Haven't attempted a patch to fix this yet, but I'll setup a test environment 
tomorrow and come up with something.

Kevin Bonner
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.2.4 (GNU/Linux)

iD8DBQFBVyim/9i/ml3OBYMRAvzrAJ9jMo1ODbSO/c4finWynOP4Eh7MMwCdGhRt
pnops2QTuwS77vN41Ozlu8o=
=OJJ6
-END PGP SIGNATURE-

-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Authenticating Wifi and users

2004-09-26 Thread Alan DeKok 
"Stefan B. Jonsson" <[EMAIL PROTECTED]> wrote:
> >   But why use a VPN?  Why not just use EAP-TTLS, or EAP-PEAP?
> >
> Then some clients are needed for every user but XP users ?

  Linux people can use xsupplicant.

  Alan DeKok.

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

RE: Is there some kind of trick to make Cisco LEAP work???

2004-09-26 Thread James Munroe 
Hello Folks,

All I can say is WOW!  Too be quite honest I had given up on making
FreeRadius work with Cisco's WDS and WLSE.  In my particular situation we
also had a licensed Cisco ACS 3.x (now 3.3) server however, we weren't
particularly happy about exposing it to an untrusted Wi-fi network
considering it also provides authentication services to the rest of our
network resources.  That's were I saw FreeRadius as an excellent fit.

To update my original post I had gotten LEAP to work with clients
(after the fact).  My problem was I fooled with trying to get WDS LEAP
functioning with a WLSE to the point that I could no longer see the "forest
for the trees".  Hence I jumped to the conclusion that LEAP support was just
screwed in FreeRadius! :-(  After a fresh configuration from the AP's up to
FreeRadius I had gotten LEAP to work for authenticating users.

I would like to thank everyone for their efforts, especially Richard
Timsit his diagnostic efforts and posting of the necessary patches.
FreeRadius is an excellent product that in my opinion rivals any commercial
package available today (a webmin module for a GUI might be a nice addition
;-)).  Now, it's back to the R&D cycle for me to test WDS-WLSE LEAP
functionality again.

Thank You All for your help, insight, and time!

Jim



-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Richard
Timsit
Sent: Tuesday, September 07, 2004 11:54 AM
To: [EMAIL PROTECTED]
Subject: Re: Is there some kind of trick to make Cisco LEAP work???

> Richard,
> 
> Thanks for that input, it sounds very straightforward to me.  I'll try 
> your patches on Tuesday (Monday is a holiday here).  Have you brought 
> this up with Cisco?  If not, I will open a case next week.  I'd like 
> to know whether Cisco's leap/eap developers intended for the ID to not
> increment-- or whether they've made a mistake against their own 
> standard.
> 

Ok, nice if you open a case to Cisco. Their leap-software of WLSE is buggy,
(not the same as their access points) :-)
 
> I'd like to use the same freeradius server for WLSE/APs as for other 
> non-LEAP clients, such as TLS/PEAP.  Since your patch to rlm_eap.c 
> should only kick in when  reply->type.type == PW_EAP_LEAP, there 
> should be no problem, wouldn't you say?
> 

Ok, if you have only non-LEAP clients. But you need to path every new relese
of freeradius you need...

Bests regards.



   +--+
   | ???  |
   |{O-O}  Richard Timsit |
   |  ^_   SIC STI|
   |/ T \_ EPFL Lausanne  |
   |   '` I   "1015 Ecublens,SUISSE   |
   |  M(021) 693 22 35|
   | | |   [EMAIL PROTECTED] |
   | I I  |
   +--+



-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html


-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Authenticating Wifi and users

2004-09-26 Thread Stefan B. Jonsson 
Ãann Laugardagur 25 september 2004 18:31.skrifaÃi Alan DeKok:
> "Stefan B. Jonsson" <[EMAIL PROTECTED]> wrote:
> > I'm trying to configure the following scenario for a school network, this
> > has taken too long and lots of reading with out resault.
>
>   You're probably focussing on a solution, rather than the problem.
>
> > Macaddress is verified through Freeradius looking up in LDAP server to
> > give WiFi access
>
>   That can be done.  Are you planning on using *only* MAC address to
> grant users access to the network?  I would not recommend doing that.
My idea is to open wifi connection to VPN server using the Macaddress
>
> > Then user is authenticated on PPTP VPN again towards the LDAP using
> > Freeradius
>
>   If the VPN client supports RADIUS authentication, yes.
I am using Poptp server on Linux that uses built in Win VPN (this is more 
access restricion than security)
>
>   But why use a VPN?  Why not just use EAP-TTLS, or EAP-PEAP?
>
Then some clients are needed for every user but XP users ? 
>   Alan DeKok.
>
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html

-- 

StefÃn B. JÃnsson

-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html