Re: XP auth + PEAP (debik)
these config file work for me with unix,tls,ttls and pap only.. tell me if you found anything that can we share __ Yahoo! DSL Something to write home about. Just $16.99/mo. or less. dsl.yahoo.com - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: radius server reply
On Wed, 7 Dec 2005, Alan DeKok wrote: Dinil Divakaran <[EMAIL PROTECTED]> wrote: ... for a user in the users file. But, unfortunately there are no user-defined attributes that are permitted ! Huh? What do you mean by that? I want the client to send one attribute and the server should check and reply with a matching entry - not the ones already used by radius. To be more specific, the client will send a `key' to the server, the server should check (may be in a table) for the `key', and if found reply with another `key' to the client (very much similar to lookup function). I believe this `key' has to be an attribute if it has to be sent. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: radius server reply
Dinil Divakaran <[EMAIL PROTECTED]> wrote: > ... for a user in the users file. But, unfortunately there are no > user-defined attributes that are permitted ! Huh? What do you mean by that? Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Configuring freeRADIUS and NAS
Madhuraka Godahewa <[EMAIL PROTECTED]> wrote: > Is this a problem with the configuration of the NAS or is it a limitation of > the NAS? It's probably a limitation of the NAS. I have a Linksys WRT54G myself, but I've never spent much time trying more complicated configurations. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: attrs file
Chuck <[EMAIL PROTECTED]> wrote: > I have a need on one of my radius servers to pass every reply attribute my > realms I proxy for send up to me regardless of what they are. I then pass > these replies upstream. Everything I read describing the default 'realm' in > the attrs file mention adding attributes I want to pass on. However in this > one instance I would have to list every dictionary attribute. Is there not a > way to tell radius to pass everything, maybe with a * on a single line or > maybe nothing in the default section? Or must I list every single one? Don't use the "attrs" module. The default in the server is to pass all of the attributes. The attrs module filters out attributes. Alan Dekok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
radius server reply
Greetings !! I am using freeradius 1.0.4 server. I am trying to achieve the following. The radius client is supposed to send username, password and a text (say, abc). The server is supposed to authenticate using the system /etc/passwd and shadow (which it does currently). Apart from this the server should take the text and find another matching text (abc -> xyz). If such a matching entry exists, the radius server should send the matching text (xyz, here) along with the Access packet, or else it should send Access Reject packet. This can be achieved if we are able to define new attributes (like `Framed-IP-Address'), in which case we can add an entry Check-Item="abc", Reply-Item="xyz" for a user in the users file. But, unfortunately there are no user-defined attributes that are permitted ! Is there any other way to get this done ? Thanks in advance. - Dinil - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Configuring freeRADIUS and NAS
Hi All, First of all, let me thank for all those, who helped me to configure the freeRADIUS server. I have installed freeRADIUS 1.0.5 recently and configured it. I tested the server using RADIUS Test Client utility from IEA Software and it works well (both for authentication and accounting). Then, I configured a LinkSys WRT54G as a NAS and I configure it to make use of the freeRADIUS server to authenticate users. Now I can connect to the network using an XP Supplicant through the LinkSys WRT54G after authenticating through the RADIUS server (using PEAP). Now, I have a problem with the Session-Timeout attribute. With the Access- Accept packet, I send the Session-Timeout and Terminate-Action attributes to the NAS, but the NAS does not terminate the session as specified in the Session- Terminate parameter. And the NAS does not send any Account-Start or Account- Stop packets to the RADIUS server. Is this a problem with the configuration of the NAS or is it a limitation of the NAS? Have any body tried using LinkSys WRT54G as the NAS to do RADIUS accounting? I use the orginal firmware, which comes with the WRT54G. Thanking You., Madhuraka Godahewa Telecommunications Engineer Research and Development Unit Electroteks Global Networks (Pvt.) Ltd. Mobile: + 94-777-647055 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
attrs file
I have a need on one of my radius servers to pass every reply attribute my realms I proxy for send up to me regardless of what they are. I then pass these replies upstream. Everything I read describing the default 'realm' in the attrs file mention adding attributes I want to pass on. However in this one instance I would have to list every dictionary attribute. Is there not a way to tell radius to pass everything, maybe with a * on a single line or maybe nothing in the default section? Or must I list every single one? -- Chuck - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Question about AcctUniqueID
Hello all,
I read the docs and hunted down some messages from this list about it.
Here is what is in my radiusd.conf on both servers:
acct_unique {
key = "User-Name, Acct-Session-Id, NAS-IP-Address,
Client-IP-Address, NAS-Port-Id"
}
(forgive the line wrap)
I noticed this in my radacct table:
*** 1. row ***
RadAcctId: 13988509
AcctSessionId: 0B80
AcctUniqueId: 00eff1fb2a906db0
UserName: [EMAIL PROTECTED]
Realm: bluefrognet.net
NASIPAddress: 192.168.1.210
NASPortId: 127
NASPortType: Async
AcctStartTime: 2005-08-30 08:52:54
AcctStopTime: 2005-08-30 08:55:14
AcctSessionTime: 135
AcctAuthentic: RADIUS
ConnectInfo_start:
ConnectInfo_stop: 26400/24000 V34=2B/V44/LAPM
AcctInputOctets: 31080
AcctOutputOctets: 118434
CalledStationId: ##
CallingStationId: ##
AcctTerminateCause: User-Request
ServiceType: Framed-User
FramedProtocol: PPP
FramedIPAddress: 192.168.100.101
AcctStartDelay: 0
AcctStopDelay: 5
*** 2. row ***
RadAcctId: 16960699
AcctSessionId: 0B80
AcctUniqueId: 00eff1fb2a906db0
UserName: [EMAIL PROTECTED]
Realm: bluefrognet.net
NASIPAddress: 192.168.1.210
NASPortId: 144
NASPortType: Async
AcctStartTime: 2005-12-05 08:54:43
AcctStopTime: 2005-12-05 09:11:08
AcctSessionTime: 986
AcctAuthentic: RADIUS
ConnectInfo_start: 4/26400 V90/V42bis/LAPM =285
ConnectInfo_stop: 26400 V34=2B/V44/LAPM =2826400/2
AcctInputOctets: 184798
AcctOutputOctets: 1271017
CalledStationId: ##
CallingStationId: ##
AcctTerminateCause: User-Request
ServiceType: Framed-User
FramedProtocol: PPP
FramedIPAddress: 192.168.100.66
AcctStartDelay: 0
AcctStopDelay: 0
2 rows in set (0.03 sec)
I have obviously obfuscated some of the data, but I kept it sane to the
original.
The part that has me puzzled is the NASPortId (I didn't change that in
the data above). I assume that is the same as NAS-Port-ID in the key
above, but FreeRADIUS has created identical AcctUniqueId's with diff ports.
I am using 0.9.3 at the moment. I am working on uprading, but was
wondering if this is a bug, or something that I may have missed in the
ChangeLog, or am I missing something else?
Thanks!
--
Dennis Skinner
Systems Administrator
BlueFrog Internet
http://www.bluefrog.com
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: OS Update broke FR - rlm_exec-1.0.0.so not found
Thanks, Alan. FYI - more research on the topic, I did an ldd on the rlm_exec file: On a freeradius box I have which is working, I did: radius1:/usr/lib/freeradius # ldd rlm_exec-1.0.0.so linux-gate.so.1 => (0xe000) libnsl.so.1 => /lib/libnsl.so.1 (0x40018000) libresolv.so.2 => /lib/libresolv.so.2 (0x4002f000) libpthread.so.0 => /lib/tls/libpthread.so.0 (0x40042000) libcrypto.so.0.9.7 => /usr/lib/libcrypto.so.0.9.7 (0x40054000) libssl.so.0.9.7 => /usr/lib/libssl.so.0.9.7 (0x40145000) libc.so.6 => /lib/tls/libc.so.6 (0x40175000) /lib/ld-linux.so.2 => /lib/ld-linux.so.2 (0x8000) libdl.so.2 => /lib/libdl.so.2 (0x4028b000) Then on the radius box I updated and broke I did: radius2:/usr/lib/freeradius # ldd rlm_exec-1.0.0.so linux-gate.so.1 => (0xe000) libnsl.so.1 => /lib/libnsl.so.1 (0x55577000) libresolv.so.2 => /lib/libresolv.so.2 (0x5558e000) libpthread.so.0 => /lib/tls/libpthread.so.0 (0x555a1000) libcrypto.so.0.9.7 => /usr/lib/libcrypto.so.0.9.7 (0x555b3000) libssl.so.0.9.7 => /usr/lib/libssl.so.0.9.7 (0x556a4000) libc.so.6 => /lib/tls/libc.so.6 (0x556d4000) /lib/ld-linux.so.2 => /lib/ld-linux.so.2 (0x56555000) libdl.so.2 => /lib/libdl.so.2 (0x557ea000) I hunted down and verified that every library that was pointed to by rlm_exec indeed existed on the file system. On both systems, they had everything except both had no linux-gate.so.1. But then radius1 works fine and it shows the same paths and library existence as the radius2 box which fails. Also, googling linux-gate.so.1 I saw: "What is linux-gate.so.1?": http://www.trilithium.com/johan/2005/08/ linux-gate/ and http://kerneltrap.org/node/3405 The first link explains that an ldd report of linux-gate.so.1 that doesn't point to a file/path is normal in recent kernels and goes into detail of what it is. In any case, it's not a problem. After verifying that every library that is pointed to by rlm_exec-1.0.0.so actually exists on both the machine that works fine and the one that doesn't, I understand a little more but don't see what the problem is. There's something else bizarre going on...or perhaps I still need to run ldd on each of the dependent libraries - maybe there's one in that tree of dependencies that's missing. I'll also try going to 1.0.5. Thanks, Landon - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: dictionary: adding MONTHLY-TIME-LIMIT
don james" <[EMAIL PROTECTED]> wrote: > Thanks for your help. I've read all of the docs that I could find. I > subscribe to the O'Reilly online books and haven't been able to find much > there. > > I am willing to read all of the docs extant. Ok... WHY do you want to create that dictionary entry? It shouldn't be necessary. If you DO want to create that entry, read /etc/raddb/dictionary, it contains examples. If you DON'T understand those examples, ask DETAILED questions. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: dictionary: adding MONTHLY-TIME-LIMIT
I can only agree with Lewis Bergman. And believe me - I am subscribe to many mailing lists - and on this one, you get help from really good and competent people ( like developers of the software ). Such "support" you don't even get when you buy software !! In the name of all members of this list - please be polite and do NOT overreact to some posts. It is understandable that you come here when you need to get your questions answered ( read - desperate ;) in my case ), but stay calm and polite and everything will work out.. trust me... Regards, Edvin PS: sorry for this off topic mail ! -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Lewis Bergman Sent: Mittwoch, 07. Dezember 2005 00:45 To: FreeRadius users mailing list Subject: Re: dictionary: adding MONTHLY-TIME-LIMIT don james wrote: > Oh, yeah, right. It may as well be written in Greek. Thanks for nothing. You are sure to get many helpful responses now. If you read it and don't understand what you read, then why not post what is confusing you? You might as well go buy the O'Rielly RADIUS book now. Your not likely to get much help anywhere else with that attitude of yours. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: OS Update broke FR - rlm_exec-1.0.0.so not found
Landon Cox <[EMAIL PROTECTED]> wrote: > radiusd: entering modules setup > Module: Library search path is /usr/lib/freeradius > radiusd.conf[1367] Failed to link to module 'rlm_exec': /usr/lib/ > freeradius/rlm_exec-1.0.0.so: cannot open shared object file: No such > file or directory Yeah, it's bug in libltdl. Some library needed by rlm_exec is no longer on the system, so rather than printing out the name of *that* library, it says "failed to load rlm_exec". > So, that's one question - what is not being found? No idea. and it may be difficult to find out. > I've seen numerous references to this exact linkage error on various > freeradius lists as well as have seen it on lists for various > architectures and *nix's, not just x86/SuSE Linux. However, there is > typically no response given to fix the problem except to rebuild FR > with no shared libraries Or, just re-build the server. In your case, I'm not surprised that upgrading the OS broke applications. In any case, you *should* be running 1.0.5. There are no functionality differences between it and 1.0.0, but there are a number of bug fixes. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: dictionary: adding MONTHLY-TIME-LIMIT
Hi Alan, Thanks for your help. I've read all of the docs that I could find. I subscribe to the O'Reilly online books and haven't been able to find much there. I am willing to read all of the docs extant. Sincerely, Don James Tuesday, December 6, 2005Tue, 6 Dec 2005 18:43:50 -050017:43-060018:43- [EMAIL PROTECTED] [EMAIL PROTECTED] >"don james" <[EMAIL PROTECTED]> wrote: >> Oh, yeah, right. It may as well be written in Greek. Thanks for nothing. > > If you want a perfect answer, see: > >http://www.freeradius.org/business/ > > I'm sure if you pay someone they'll tell you what you need to do. > > If you're not willing to spend the time to read the docs, and you're >not willing to pay anyone, good luck solving the problem. > > I wish you the best. > > Alan DeKok. > >- >List info/subscribe/unsubscribe? See http://www.freeradius.org/list/ users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: IPv6 Support
> > > I don.t try Freeradius with IPv6 yet, but I have doubts with IPv6 > > Freeradius functioning. > > Why? Because I didn't arrange a machine for test it yet :) > > > Did the communications between NAS and Freeradius, in IPv6 only > networks, > > are made only with IPv6 packets (Access request packets, etc.)? > > Uh... you're asking if non-IPv6 packets are sent in an IPv6-only > network. > > That makes *no* sense. No, I wanted an IPv6 only, but I wasn't sure if Freeradius was communicating with NAS in IPv6 only packets, or if it was encapsulating IPv6 attributes (RFC 3162) over IPv4 packets. > > > Or did the IPv6 attributes (NAS-IPv6-Address, etc.) are encapsulated in > > IPv4 packets? > > Read the RFC's. The data in a RADIUS packet is completely > independent of the IPv4 or IPv6 transport. I already red the RFC 3162, and I think that was the idea, but I asked to the list this questions to had sure. Good, that means that it works with packets in both network protocols, depending of NAS support. > > Alan DeKok. > Thanks for the help, and I will try that when I will have opportunity. Regards, Paulo Ferreira - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: dictionary: adding MONTHLY-TIME-LIMIT
don james wrote: Oh, yeah, right. It may as well be written in Greek. Thanks for nothing. You are sure to get many helpful responses now. If you read it and don't understand what you read, then why not post what is confusing you? You might as well go buy the O'Rielly RADIUS book now. Your not likely to get much help anywhere else with that attitude of yours. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: dictionary: adding MONTHLY-TIME-LIMIT
"don james" <[EMAIL PROTECTED]> wrote: > Oh, yeah, right. It may as well be written in Greek. Thanks for nothing. If you want a perfect answer, see: http://www.freeradius.org/business/ I'm sure if you pay someone they'll tell you what you need to do. If you're not willing to spend the time to read the docs, and you're not willing to pay anyone, good luck solving the problem. I wish you the best. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
OS Update broke FR - rlm_exec-1.0.0.so not found
Hi FR community, I've been running FR on an updated (recently fully patched apps) SuSE 9.2 (kernel 2.6.8-24-default) I was successfully running an earlier version of FR and when I decided to do an update of FR through SuSE's online update, FR will no longer come up and fails with a dynamic link error: radiusd: entering modules setup Module: Library search path is /usr/lib/freeradius radiusd.conf[1367] Failed to link to module 'rlm_exec': /usr/lib/ freeradius/rlm_exec-1.0.0.so: cannot open shared object file: No such file or directory radius2:/home/lcox # ls /usr/lib/freeradius/rlm_exec-1* /usr/lib/freeradius/rlm_exec-1.0.0.la /usr/lib/freeradius/ rlm_exec-1.0.0.so As you can see, my /usr/lib/freeradius directory does have the .so file, but I can't tell from the output if rlm_exec is dependent upon some other file that is not found or the dynamic linker can't find rlm_exec-1.0.0.so. So, that's one question - what is not being found? Sounds obvious, except that I have the exact .so filename in the library search path. SuSE Yast claims it has installed FR 1.0.0-5.6. A radiusd -v produces: radiusd: FreeRADIUS Version 1.0.0, for host , built on May 30 2005 at 21:02:41 Copyright (C) 2000-2003 The FreeRADIUS server project. I've seen numerous references to this exact linkage error on various freeradius lists as well as have seen it on lists for various architectures and *nix's, not just x86/SuSE Linux. However, there is typically no response given to fix the problem except to rebuild FR with no shared libraries and even in those cases, the build often seems to break later leaving the admin stuck further down the line. Is there a known solution to what seems like a relatively common problem of rlm_exec dynamic linkage issues? What am I missing and what needs to be done to cause this to work with the shared .so lib file vs having to rebuild it with static libs? Thanks in advance for any help or direction. Landon (Full text of -X output follows) radius2:/home/lcox # /usr/sbin/radiusd -X Starting - reading configuration files ... reread_config: reading radiusd.conf Config: including file: /etc/raddb/proxy.conf Config: including file: /etc/raddb/clients.conf Config: including file: /etc/raddb/snmp.conf Config: including file: /etc/raddb/eap.conf Config: including file: /etc/raddb/sql.conf main: prefix = "/usr" main: localstatedir = "/var" main: logdir = "/var/log/radius" main: libdir = "/usr/lib/freeradius" main: radacctdir = "/var/log/radius/radacct" main: hostname_lookups = no main: max_request_time = 30 main: cleanup_delay = 5 main: max_requests = 1024 main: delete_blocked_requests = 0 main: port = 0 main: allow_core_dumps = no main: log_stripped_names = no main: log_file = "/var/log/radius/radius.log" main: log_auth = yes main: log_auth_badpass = yes main: log_auth_goodpass = yes main: pidfile = "/var/run/radiusd/radiusd.pid" main: user = "radiusd" main: group = "radiusd" main: usercollide = no main: lower_user = "no" main: lower_pass = "no" main: nospace_user = "no" main: nospace_pass = "no" main: checkrad = "/usr/sbin/checkrad" main: proxy_requests = yes proxy: retry_delay = 5 proxy: retry_count = 3 proxy: synchronous = no proxy: default_fallback = yes proxy: dead_time = 120 proxy: post_proxy_authorize = yes proxy: wake_all_if_all_dead = no security: max_attributes = 200 security: reject_delay = 1 security: status_server = no main: debug_level = 0 read_config_files: reading dictionary read_config_files: reading naslist read_config_files: reading clients read_config_files: reading realms radiusd: entering modules setup Module: Library search path is /usr/lib/freeradius radiusd.conf[1367] Failed to link to module 'rlm_exec': /usr/lib/ freeradius/rlm_exec-1.0.0.so: cannot open shared object file: No such file or directory radius2:/home/lcox # ls /usr/lib/freeradius/rlm_exec-1* /usr/lib/freeradius/rlm_exec-1.0.0.la /usr/lib/freeradius/ rlm_exec-1.0.0.so - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: dictionary: adding MONTHLY-TIME-LIMIT
Oh, yeah, right. It may as well be written in Greek. Thanks for nothing. Tuesday, December 6, 2005Tue, 6 Dec 2005 18:04:06 -050017:04-060018:04- [EMAIL PROTECTED] [EMAIL PROTECTED] >"don james" <[EMAIL PROTECTED]> wrote: >> Exactly how do I add this to the freeradius dictionary? > >$ man dictionary > > Alan DeKok. >- >List info/subscribe/unsubscribe? See http://www.freeradius.org/list/ users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: dictionary: adding MONTHLY-TIME-LIMIT
"don james" <[EMAIL PROTECTED]> wrote: > Exactly how do I add this to the freeradius dictionary? $ man dictionary Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
dictionary: adding MONTHLY-TIME-LIMIT
Hi, I am trying to add MONTHLY-TIME-LIMIT to the freeradius dictionary. I will be using this parameter in the radreply table of the freeradius database. Exactly how do I add this to the freeradius dictionary? Sincerely, Don James - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: RADIUS Auth-Type
Yes, Phil suggested that earlier. Looking into it now..thanks -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Alan DeKok "Bohannan, Chad W" <[EMAIL PROTECTED]> wrote: > .so is there not a way to have FR proxy request out to the AD > server? AD doesn't do RADIUS, so FreeRADIUS can't proxy requests to it. Terminology matters. If you want to authenticate PAP from FreeRADIUS to AD, use the LDAP module in the "authenticate" section. it will work. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: RADIUS Auth-Type
Alan DeKok wrote: "Bohannan, Chad W" <[EMAIL PROTECTED]> wrote: .so is there not a way to have FR proxy request out to the AD server? AD doesn't do RADIUS, so FreeRADIUS can't proxy requests to it. Terminology matters. If you want to authenticate PAP from FreeRADIUS to AD, use the LDAP module in the "authenticate" section. it will work. Alternatively (and a bit easier IMHO), proxy to IAS running on the Windows box. josh. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: IPv6 Support
> I don.t try Freeradius with IPv6 yet, but I have doubts with IPv6 > Freeradius functioning. Why? > Did the communications between NAS and Freeradius, in IPv6 only networks, > are made only with IPv6 packets (Access request packets, etc.)? Uh... you're asking if non-IPv6 packets are sent in an IPv6-only network. That makes *no* sense. > Or did the IPv6 attributes (NAS-IPv6-Address, etc.) are encapsulated in > IPv4 packets? Read the RFC's. The data in a RADIUS packet is completely independent of the IPv4 or IPv6 transport. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: rlm_counter
"Lisa Casey" <[EMAIL PROTECTED]> wrote: > I have Freeradius 1.01 on FreeBSD 5.3. Two questions: *please* upgrade to 1.0.5. > 1) Is there a way to show which modules are currently installed? $ ls /path/to/libs/rlm_* > 2) I want to use the rlm_counter module. So I went to > /usr/ports/distfiles/freeradius-1.0.1/src/modules/rlm_counter and did a > ./configure. That went OK, no errors. You have to configure the server from the top. You CANNOT go into a subdirectory and run configuree like that. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: RADIUS Auth-Type
"Bohannan, Chad W" <[EMAIL PROTECTED]> wrote: > .so is there not a way to have FR proxy request out to the AD > server? AD doesn't do RADIUS, so FreeRADIUS can't proxy requests to it. Terminology matters. If you want to authenticate PAP from FreeRADIUS to AD, use the LDAP module in the "authenticate" section. it will work. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: IPv6 Support
Hi, it's me again with IPv6 questions :) I don.t try Freeradius with IPv6 yet, but I have doubts with IPv6 Freeradius functioning. My questions are: Did the communications between NAS and Freeradius, in IPv6 only networks, are made only with IPv6 packets (Access request packets, etc.)? Or did the IPv6 attributes (NAS-IPv6-Address, etc.) are encapsulated in IPv4 packets? Hi have these doubts, if anyone could help me, I thaks. Thanks in advance, Paulo Ferreira > -Mensagem original- > De: [EMAIL PROTECTED] [mailto:freeradius- > [EMAIL PROTECTED] Em nome de Nicolas Baradakis > Enviada: sexta-feira, 2 de Dezembro de 2005 12:03 > Para: FreeRadius users mailing list > Assunto: Re: IPv6 Support > > Paulo Alexandre Caceres Ferreira wrote: > > > How I can test IPv6 Freeradius authentication? > > You know any IPv6 RADIUS client to interact with Freeradius and perform > an > > IPv6 authentication? > > There is a program called "radclient" in the FreeRADIUS source tree. > > -- > Nicolas Baradakis - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Dialupadmin wont connect to mysql
Hello, I've got Dialupadmin running however when I click through the various menus it keeps telling me that it cannot connect to sql database. This is no surprise to me as I have not setup anything on the mysql side of things for dialupadmin nor have I told dialupadmin what user and password to connect with. My question is where do I go to set the database options? And what, if any, database items do I need to create on the mysql side for it to work? Thanks, Sean. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
(no subject)
I'm using FreeRadius (with mysql) to authenticate VPN users on a PIX. I have multiple vpngroups setup on the PIX and want to be able to assign users in the radius database to specific vpngroups on the PIX. For instance, I have a username 'bob' in radcheck (mysql). Bob can use any valid vpngroup (setup on the PIX) and then authenticate (via radius) with his 'bob' username and successfully connect. -- not exactly what I had in mind. Bob should only be able to connect to vpngroup 'usersvpn' and not 'adminsvpn'. I figured there must be an attribute to get this to work? Anyone have any success doing this with a PIX in the picture? __ Yahoo! DSL Something to write home about. Just $16.99/mo. or less. dsl.yahoo.com - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: RADIUS Auth-Type
Bohannan, Chad W wrote: You cannot set the Auth-Type to "MS-CHAP" and have it work unless the MS-CHAP challenge and response are in the radius request, which means the NAS has to add them. - .so is there not a way to have FR proxy request out to the AD server? There is not an obvious easy way of using the "ntlm_auth" helper with the plaintext user/password in PAP, though it may be possible using the "exec" module. PAP requests can be authenticated by doing an LDAP simple bind to an AD server I believe (I've never done it). The "doc/rlm_ldap" file seems to describe most of what's required: """When rlm_ldap has found the DN corresponding to the username provided in the access-request (all this happens in the authorize section) it will add an Ldap-UserDN attribute in the check items list containing that DN. The attribute will be searched for in the authenticate section and if present will be used for authentication (ldap bind with the user DN/password). Otherwise...""" Which sounds to me like you should be able to put an (appropriately configured) "ldap" in authorize and authenticate and it will just work(tm). One thing I do know is that AD REQUIRES that you bind as some user (e.g. a service account) first before searching for the actual user. Most likely an appropriate config for you would look like the default config with appropriate entries, and an "identiay" and "password" defined (and probably with access_attr commented out). But I haven't use it. That said, there are a lot of recent posts about AD and LDAP, so one of them may contain fuller details. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: XP auth + PEAP (debik)
Could you sent me your configs. A would like to lokk how you use other authentication. - Original Message - From: "mat yuh" <[EMAIL PROTECTED]> To: Sent: Tuesday, December 06, 2005 10:50 AM Subject: Re: XP auth + PEAP (debik) i'm also have a problem to make PEAP works with XP SP2.The PAP, EAP-tls, EAP-ttls work very well.i realise that freeradius gives me this error : rlm_mschap: No User-Password configured. Cannot create LM-Password. rlm_mschap: No User-Password configured. Cannot create NT-Password. rlm_mschap: Told to do MS-CHAPv2 for nurah with NT-Password rlm_mschap: FAILED: No NT/LM-Password. Cannot perform authentication. rlm_mschap: FAILED: MS-CHAP2-Response is incorrect modcall[authenticate]: module "mschap" returns reject for request 6 modcall: leaving group MS-CHAP (returns reject) for request 6 i do read the maillist and search on google but cant make XP SP2 Work with PEAP. i'm using several NAS such as SMC BARRICADE 2804WBR and Linksys WRT54G. i do configure default_eap_type = peap in eap.conf and have a plain text password in users file : nurah User-Password == "mypasswd" ** i make a new users file and put nurah user only in it here is my complete debug message : --- Initializing the thread pool... Listening on authentication address * port 1812 Listening on accounting address * port 1813 Listening on proxy address * port 1814 Ready to process requests. Nothing to do. Sleeping until we see a request. Processing the authorize section of radiusd.conf modcall: entering group authorize for request 0 modcall[authorize]: module "preprocess" returns ok for request 0 modcall[authorize]: module "chap" returns noop for request 0 modcall[authorize]: module "mschap" returns noop for request 0 modcall[authorize]: module "chap" returns noop for request 0 modcall[authorize]: module "unix" returns updated for request 0 rlm_realm: No '@' in User-Name = "nurah", looking up realm NULL rlm_realm: No such realm "NULL" modcall[authorize]: module "suffix" returns noop for request 0 rlm_eap: EAP packet type response id 7 length 10 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 0 users: Matched entry nurah at line 9 modcall[authorize]: module "files" returns ok for request 0 modcall[authorize]: module "expiration" returns noop for request 0 modcall[authorize]: module "logintime" returns noop for request 0 rlm_pap: Found existing Auth-Type, not changing it. modcall[authorize]: module "pap" returns noop for request 0 modcall: leaving group authorize (returns updated) for request 0 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 0 rlm_eap: EAP Identity rlm_eap: processing type tls rlm_eap_tls: Initiate rlm_eap_tls: Start returned 1 modcall[authenticate]: module "eap" returns handled for request 0 modcall: leaving group authenticate (returns handled) for request 0 Finished request 0 Going to the next request --- Walking the entire request list --- Waking up in 5 seconds... Processing the authorize section of radiusd.conf modcall: entering group authorize for request 1 modcall[authorize]: module "preprocess" returns ok for request 1 modcall[authorize]: module "chap" returns noop for request 1 modcall[authorize]: module "mschap" returns noop for request 1 modcall[authorize]: module "chap" returns noop for request 1 modcall[authorize]: module "unix" returns updated for request 1 rlm_realm: No '@' in User-Name = "nurah", looking up realm NULL rlm_realm: No such realm "NULL" modcall[authorize]: module "suffix" returns noop for request 1 rlm_eap: EAP packet type response id 8 length 65 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 1 users: Matched entry nurah at line 9 modcall[authorize]: module "files" returns ok for request 1 modcall[authorize]: module "expiration" returns noop for request 1 modcall[authorize]: module "logintime" returns noop for request 1 rlm_pap: Found existing Auth-Type, not changing it. modcall[authorize]: module "pap" returns noop for request 1 modcall: leaving group authorize (returns updated) for request 1 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 1 rlm_eap: Request found, released from the list rlm_eap: EAP/peap rlm_eap: processing type peap rlm_eap_peap: Authenticate rlm_eap_tls: processing TLS rlm_eap_tls: Length Included eaptls_verify returned 11 (other): before/accept initialization TLS_accept: before/accept initialization rlm_eap_tls: <<< TLS 1.0 Handshake [length 0032], ClientHello TLS_accept: SSLv3 read client hello A rlm_eap_tls: >>> TLS 1.0 Handshake [length 004a], ServerHello TLS_accept:
rlm_counter
Hi, I have Freeradius 1.01 on FreeBSD 5.3. Two questions: 1) Is there a way to show which modules are currently installed? 2) I want to use the rlm_counter module. So I went to /usr/ports/distfiles/freeradius-1.0.1/src/modules/rlm_counter and did a ./configure. That went OK, no errors. I next typed make with the following result: radius# make "../rules.mak", line 65: Missing dependency operator Error expanding embedded variable. I did some googling and found a suggestion that I probably should use gmake on FreeBSD. That bombed also: radius# gmake ../rules.mak:137: warning: overriding commands for target `clean' /usr/ports/distfiles/freeradius-1.0.1/src/main/00-OLD/Make.inc:107: warning: ignoring old commands for target `clean' ../rules.mak:157: warning: overriding commands for target `install' /usr/ports/distfiles/freeradius-1.0.1/src/main/00-OLD/Make.inc:111: warning: ignoring old commands for target `install' gmake: *** No rule to make target `radiusd.c', needed by `radiusd.o'. Stop. radius# gmake rlm_counter ../rules.mak:137: warning: overriding commands for target `clean' /usr/ports/distfiles/freeradius-1.0.1/src/main/00-OLD/Make.inc:107: warning: ignoring old commands for target `clean' ../rules.mak:157: warning: overriding commands for target `install' /usr/ports/distfiles/freeradius-1.0.1/src/main/00-OLD/Make.inc:111: warning: ignoring old commands for target `install' cc -I../../include -I/usr/local/include/ -c rlm_counter.c -o rlm_counter.o rlm_counter.c:26:22: autoconf.h: No such file or directory In file included from rlm_counter.c:27: ../../include/libradius.h:12:22: autoconf.h: No such file or directory In file included from ../../include/libradius.h:59, from rlm_counter.c:27: ../../include/sha1.h:15: error: syntax error before "uint32_t" ../../include/sha1.h:20: error: syntax error before "state" ../../include/sha1.h:22: error: syntax error before '*' token ../../include/sha1.h:23: error: syntax error before "digest" ../../include/sha1.h:29: error: syntax error before "digest" ../../include/sha1.h:34: error: syntax error before "mk" In file included from ../../include/libradius.h:60, from rlm_counter.c:27: ../../include/md4.h:72: error: syntax error before "uint32_t" ../../include/md4.h:81: error: syntax error before '*' token ../../include/md4.h:83: error: syntax error before '[' token ../../include/md4.h:85: error: syntax error before '[' token In file included from rlm_counter.c:27: ../../include/libradius.h:100: error: syntax error before "uint8_t" ../../include/libradius.h:138: error: syntax error before "uint32_t" ../../include/libradius.h:140: error: syntax error before "uint8_t" ../../include/libradius.h:156: error: syntax error before "uint32_t" ../../include/libradius.h:162: error: syntax error before "uint8_t" ../../include/libradius.h:165: error: syntax error before "uint8_t" ../../include/libradius.h:221: error: syntax error before '*' token ../../include/libradius.h:244: error: syntax error before '*' token ../../include/libradius.h:288: error: syntax error before "uint32_t" ../../include/libradius.h:289: error: syntax error before "ip_getaddr" ../../include/libradius.h:289: warning: data definition has no type or storage class ../../include/libradius.h:290: error: syntax error before "uint32_t" ../../include/libradius.h:291: error: syntax error before "ip_addr" ../../include/libradius.h:291: warning: data definition has no type or storage class ../../include/libradius.h:292: error: syntax error before "uint8_t" ../../include/libradius.h:293: error: syntax error before '*' token ../../include/libradius.h:293: error: syntax error before "uint8_t" ../../include/libradius.h:293: warning: data definition has no type or storage class ../../include/libradius.h:318: error: syntax error before "uint32_t" ../../include/libradius.h:328: error: syntax error before "lrad_rand" ../../include/libradius.h:328: warning: data definition has no type or storage class In file included from rlm_counter.c:34: ../../include/radiusd.h:11:22: radpaths.h: No such file or directory In file included from rlm_counter.c:34: ../../include/radiusd.h:26: error: syntax error before "child_pid_t" ../../include/radiusd.h:26: warning: data definition has no type or storage class In file included from ../../include/radiusd.h:38, from rlm_counter.c:34: ../../include/missing.h:12: error: conflicting types for 'strncasecmp' /usr/include/strings.h:53: error: previous declaration of 'strncasecmp' was here ../../include/missing.h:12: error: conflicting types for 'strncasecmp' /usr/include/strings.h:53: error: previous declaration of 'strncasecmp' was here ../../include/missing.h:16: error: conflicting types for 'strcasecmp' /usr/include/strings.h:52: error: previous declaration of 'strcasecmp' was here ../../include/missing.h:16: error: conflicting types for 'strcasecmp' /usr/include/strings.h:52: error: previous declaration of 'strcasecmp' was here In file included
Freeradius wont retry to connect SQL
Hello. I’m using freeradius 1.0.5. I have 3 radiusd running on the same machine (a radiusd connects to mysql, the other two, connects to SQL using unixODBC 2.2.4-11 and freetds 0.61-6.2). Everything works fine until I stop the SQL server. The radiusd won’t try to re-connect to SQL and I get the following error on my radiusd log file: Mon Dec 5 19:36:21 2005 : Error: rlm_sql_unixodbc: '0 ' Mon Dec 5 19:36:21 2005 : Error: rlm_sql_getvpdata: database query error Mon Dec 5 19:36:21 2005 : Error: rlm_sql (mssql): SQL query error; rejecting user Mon Dec 5 19:36:24 2005 : Error: Discarding duplicate request from client MikroTik:1169 - ID: 178 due to unfinished request 164 Any idea?. Thanks in advance. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
dictionary: adding MONTHLY-TIME-LIMIT
Hi, I am trying to add MONTHLY-TIME-LIMIT to the freeradius dictionary. I will be using this parameter in the radreply table of the freeradius database. Exactly how do I add this to the freeradius dictionary? Sincerely, Don James - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: RADIUS Auth-Type
>>You cannot set the Auth-Type to "MS-CHAP" and have it work unless the >>MS-CHAP challenge and response are in the radius request, which means >>the NAS has to add them. - .so is there not a way to have FR proxy request out to the AD server? - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: XP auth + PEAP
debik.. can you attach me your eap.conf, radiusd.conf,clients.conf and users? but please remove first your password and certs passwd:) i just need to compare the config files with mine.thank you --- debik <[EMAIL PROTECTED]> wrote: > I don't have DHCP server. > I think it's radius fault. because when i shot down > the radius option on NAS > (Dlink 900AP+) then the connection and network is > allright. > > - Original Message - > From: "xav guerin" <[EMAIL PROTECTED]> > To: "FreeRadius users mailing list" > > Sent: Tuesday, December 06, 2005 2:18 PM > Subject: Re: XP auth + PEAP > > > > So it's not a freeradius problem. > > Check your network settings (NAS > config,IP,netmask, dhcp servers,...) > > > > 2005/12/6, debik <[EMAIL PROTECTED]>: > > > >> Sending Access-Accept of id 56 to > 192.168.0.20:1206 > >> MS-MPPE-Recv-Key = > >> > 0xb77d91b85373992858a401f5c10221d07cb98ff5a27df64e28d42d1fd90b78ba > >> MS-MPPE-Send-Key = > >> > 0x3225b819a201a32e2d56693c1a3183196b2693be1017cf2c8a3679a9d6ec9c82 > >> EAP-Message = 0x03090004 > >> Message-Authenticator = > 0x > >> User-Name = "debik" > >> Finished request 8 > >> Going to the next request > >> > >> - > >> > >> So as you can se everything seems to be allright > . > >> > >> Am i right ??? > > > > - > > List info/subscribe/unsubscribe? See > > http://www.freeradius.org/list/users.html > > - > List info/subscribe/unsubscribe? See > http://www.freeradius.org/list/users.html > __ Yahoo! DSL Something to write home about. Just $16.99/mo. or less. dsl.yahoo.com - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: freeradius + LAN + auth + bandwidth (+ PPPOE?)
You can use Mikrotik as a PPPoE server. --- TwoMan <[EMAIL PROTECTED]> wrote: > Hi All, > > I would like to use radius to authenticate our users (using desktop pcs) > on our lan, and give them access to internet based on their > authentication data. (to give them bandwidth). I am planning it using a > pppoe server, and then our users will use a pppoe client (eg. rasppoe) > to make the connection. Clients can be linux,w9x,w2k,wxp > Is it a good plan? :) If there's a better solution, could You tell me > what it is? > Which pppoe server is good enough to use for large number of users? (eg. > Roaring Pengiuns' RP-PPPoE server?) > How can I control their bandwidth? > > I could successfully install freeradius wisth myql backend, and I can > use this to authenticate our wifi users, so, the basics of freeradius is > ok. But this time I have to authenticate lan users with oridnary > ethernet network card. > > Thx > > TM > - > List info/subscribe/unsubscribe? See > http://www.freeradius.org/list/users.html > Julius Igugu SouthWork Co. Ltd. __ Yahoo! DSL Something to write home about. Just $16.99/mo. or less. dsl.yahoo.com - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: XP auth + PEAP (debik)
i'm put in the users file like :- nurah User-Password := "mypasswd" the problem still exist.. failed to connect rlm_mschap: No User-Password configured. Cannot create LM-Password. rlm_mschap: No User-Password configured. Cannot create NT-Password. rlm_mschap: Told to do MS-CHAPv2 for nurah with NT-Password rlm_mschap: FAILED: No NT/LM-Password. Cannot perform authentication. rlm_mschap: FAILED: MS-CHAP2-Response is incorrect modcall[authenticate]: module "mschap" returns reject for request 6 when i put in the users file like this :- nurah EAP-Type := PEAP, User-Password := "mypasswd" that message gone... but still failed to authenticate thank you for replying.. --- Alan DeKok <[EMAIL PROTECTED]> wrote: > mat yuh <[EMAIL PROTECTED]> wrote: > > nurah User-Password == "mypasswd" > > Use := instead of ==, and it will work. > > Alan DeKok. > - > List info/subscribe/unsubscribe? See > http://www.freeradius.org/list/users.html > __ Yahoo! DSL Something to write home about. Just $16.99/mo. or less. dsl.yahoo.com - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: persistent ldap connection
Alexei Vasilyev <[EMAIL PROTECTED]> wrote: > How can I configure freeradius to reconnect to LDAP for each request? Source code changes to rlm_ldap. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: XP auth + PEAP (debik)
mat yuh <[EMAIL PROTECTED]> wrote: > nurah User-Password == "mypasswd" Use := instead of ==, and it will work. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: XP auth + PEAP
I don't have DHCP server. I think it's radius fault. because when i shot down the radius option on NAS (Dlink 900AP+) then the connection and network is allright. - Original Message - From: "xav guerin" <[EMAIL PROTECTED]> To: "FreeRadius users mailing list" Sent: Tuesday, December 06, 2005 2:18 PM Subject: Re: XP auth + PEAP So it's not a freeradius problem. Check your network settings (NAS config,IP,netmask, dhcp servers,...) 2005/12/6, debik <[EMAIL PROTECTED]>: Sending Access-Accept of id 56 to 192.168.0.20:1206 MS-MPPE-Recv-Key = 0xb77d91b85373992858a401f5c10221d07cb98ff5a27df64e28d42d1fd90b78ba MS-MPPE-Send-Key = 0x3225b819a201a32e2d56693c1a3183196b2693be1017cf2c8a3679a9d6ec9c82 EAP-Message = 0x03090004 Message-Authenticator = 0x User-Name = "debik" Finished request 8 Going to the next request - So as you can se everything seems to be allright . Am i right ??? - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: XP auth + PEAP
So it's not a freeradius problem. Check your network settings (NAS config,IP,netmask, dhcp servers,...) 2005/12/6, debik <[EMAIL PROTECTED]>: > Sending Access-Accept of id 56 to 192.168.0.20:1206 > MS-MPPE-Recv-Key = > 0xb77d91b85373992858a401f5c10221d07cb98ff5a27df64e28d42d1fd90b78ba > MS-MPPE-Send-Key = > 0x3225b819a201a32e2d56693c1a3183196b2693be1017cf2c8a3679a9d6ec9c82 > EAP-Message = 0x03090004 > Message-Authenticator = 0x > User-Name = "debik" > Finished request 8 > Going to the next request > > - > > So as you can se everything seems to be allright . > > Am i right ??? - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: XP auth + PEAP (debik)
I think you should replace "==" by ":=" . this conf should work: nurah User-Password=="password" EAP-Type := PEAP 2005/12/6, mat yuh <[EMAIL PROTECTED]>: > i put this in users file but still failed.. same > problem " rlm_mschap: FAILED: No NT/LM-Password". > > > nurahEAP-Type == PEAP,User-Password=="mypasswd" > > > --- xav guerin <[EMAIL PROTECTED]> wrote: > > > It's in radius in module configuration for mschap > > (just before ldap > > module), but your config is correct from this point > > of view (it's > > commented out). > > Did you try EAP-Type := PEAP in the users file ? > > > > 2005/12/6, mat yuh <[EMAIL PROTECTED]>: > > > here is my radiusd.conf > > > > > > --- xav guerin <[EMAIL PROTECTED]> wrote: > > > > > > > If you use users file with a User-Password, you > > > > don't have to use ntlm > > > > in MSCHAP config because it's only here to deal > > with > > > > a Windows domain > > > > Controller. > > > > > > > > 2005/12/6, mat yuh <[EMAIL PROTECTED]>: > > > > > > > > > rlm_mschap: FAILED: No NT/LM-Password. Cannot > > > > perform > > > > > authentication. > > > > > > > > > > i do > > > > > configure default_eap_type = peap in eap.conf > > and > > > > have > > > > > a plain text password in users file : > > > > > > > > > > nurah User-Password == "mypasswd" > > > > > > > > Here is another problem : > > > > You're trying to use a user cert, setting > > EAP-Type > > > > to PEAP in users > > > > may solves it. > > > > > > > > HTH > > > > > > > > > rlm_eap_tls: Length Included > > > > > eaptls_verify returned 11 > > > > > (other): before/accept initialization > > > > > TLS_accept: before/accept initialization > > > > > rlm_eap_tls: <<< TLS 1.0 Handshake [length > > > > 0032], > > > > > ClientHello > > > > > TLS_accept: SSLv3 read client hello A > > > > > rlm_eap_tls: >>> TLS 1.0 Handshake [length > > > > 004a], > > > > > ServerHello > > > > > TLS_accept: SSLv3 write server hello A > > > > > rlm_eap_tls: >>> TLS 1.0 Handshake [length > > > > 06cc], > > > > > Certificate > > > > > TLS_accept: SSLv3 write certificate A > > > > > rlm_eap_tls: >>> TLS 1.0 Handshake [length > > > > 0004], > > > > > ServerHelloDone > > > > > TLS_accept: SSLv3 write server done A > > > > > TLS_accept: SSLv3 flush data > > > > > TLS_accept:error in SSLv3 read client > > > > certificate > > > > > A > > > > > > > > - > > > > List info/subscribe/unsubscribe? See > > > > http://www.freeradius.org/list/users.html > > > > > > > > > > > > > > > > __ > > > Yahoo! DSL – Something to write home about. > > > Just $16.99/mo. or less. > > > dsl.yahoo.com > > > > > > > > > - > > > List info/subscribe/unsubscribe? See > > http://www.freeradius.org/list/users.html > > > > > > > > > > > > > - > > List info/subscribe/unsubscribe? See > > http://www.freeradius.org/list/users.html > > > > > > > __ > Yahoo! DSL – Something to write home about. > Just $16.99/mo. or less. > dsl.yahoo.com > > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html > - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: XP auth + PEAP
When i try to connect i have something like this: rad_recv: Access-Request packet from host 192.168.0.20:1206, id=43, length=126 User-Name = "debik" NAS-IP-Address = 192.168.0.20 NAS-Port = 0 Called-Station-Id = "00-0D-88-F2-69-0E" Calling-Station-Id = "00-0F-CB-B0-06-86" NAS-Identifier = "dlink" Framed-MTU = 1380 NAS-Port-Type = Wireless-802.11 EAP-Message = 0x0201000a01646562696b Message-Authenticator = 0xf5b2e3caa43cb0ff7c3bd6d54d15be73 Processing the authorize section of radiusd.conf modcall: entering group authorize for request 0 modcall[authorize]: module "preprocess" returns ok for request 0 modcall[authorize]: module "chap" returns noop for request 0 modcall[authorize]: module "mschap" returns noop for request 0 rlm_realm: No '@' in User-Name = "debik", looking up realm NULL rlm_realm: No such realm "NULL" modcall[authorize]: module "suffix" returns noop for request 0 rlm_eap: EAP packet type response id 1 length 10 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 0 users: Matched debik at 1 modcall[authorize]: module "files" returns ok for request 0 modcall: group authorize returns updated for request 0 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 0 rlm_eap: EAP Identity rlm_eap: processing type tls rlm_eap_tls: Initiate rlm_eap_tls: Start returned 1 modcall[authenticate]: module "eap" returns handled for request 0 modcall: group authenticate returns handled for request 0 Sending Access-Challenge of id 48 to 192.168.0.20:1206 EAP-Message = 0x010200061920 Message-Authenticator = 0x State = 0xd409266b7b84fd964331bed3eeaa28e7 Finished request 0 Going to the next request --- Walking the entire request list --- Waking up in 6 seconds... rad_recv: Access-Request packet from host 192.168.0.20:1206, id=49, length=214 User-Name = "debik" NAS-IP-Address = 192.168.0.20 NAS-Port = 0 Called-Station-Id = "00-0D-88-F2-69-0E" Calling-Station-Id = "00-0F-CB-B0-06-86" NAS-Identifier = "dlink" Framed-MTU = 1380 NAS-Port-Type = Wireless-802.11 EAP-Message = 0x02020050198000461603010041013d030143958782e70aee5659c0bfe7eb0584cec3c2aba075e8a56625bc53f97bea5c341600040005000a0009006400 62000300060013001200630100 State = 0xd409266b7b84fd964331bed3eeaa28e7 Message-Authenticator = 0x9a3362a24be687fbdafad2133f24ea4e Processing the authorize section of radiusd.conf modcall: entering group authorize for request 1 modcall[authorize]: module "preprocess" returns ok for request 1 modcall[authorize]: module "chap" returns noop for request 1 modcall[authorize]: module "mschap" returns noop for request 1 rlm_realm: No '@' in User-Name = "debik", looking up realm NULL rlm_realm: No such realm "NULL" modcall[authorize]: module "suffix" returns noop for request 1 rlm_eap: EAP packet type response id 2 length 80 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 1 users: Matched debik at 1 modcall[authorize]: module "files" returns ok for request 1 modcall: group authorize returns updated for request 1 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 1 rlm_eap: Request found, released from the list rlm_eap: EAP/peap rlm_eap: processing type peap rlm_eap_peap: Authenticate rlm_eap_tls: processing TLS rlm_eap_tls: Length Included eaptls_verify returned 11 (other): before/accept initialization TLS_accept: before/accept initialization rlm_eap_tls: <<< TLS 1.0 Handshake [length 0041], ClientHello TLS_accept: SSLv3 read client hello A rlm_eap_tls: >>> TLS 1.0 Handshake [length 004a], ServerHello TLS_accept: SSLv3 write server hello A rlm_eap_tls: >>> TLS 1.0 Handshake [length 0589], Certificate TLS_accept: SSLv3 write certificate A rlm_eap_tls: >>> TLS 1.0 Handshake [length 0004], ServerHelloDone TLS_accept: SSLv3 write server done A TLS_accept: SSLv3 flush data TLS_accept:error in SSLv3 read client certificate A In SSL Handshake Phase In SSL Accept mode eaptls_process returned 13 rlm_eap_peap: EAPTLS_HANDLED modcall[authenticate]: module "eap" returns handled for request 1 modcall: group authenticate returns handled for request 1 Sending Access-Challenge of id 49 to 192.168.0.20:1206 EAP-Message = 0x0103040a19c005e6160301004a0246030143958528b6f0e8b16fbb2f8683d68f408394292ac7e827a85fc26fcbff876995208e832c8ad766b0b6d131231d61 d7c64bfa5b8fedc936807e160a24dbb3064c3100040016030105890b00058500058200025c30820258308201c1020900c59f08c38d6114ab300d06092a864886f70d01010405003068
RE: 802.1x ldap tls
Hi list, just to share my solution. Now I've both TTLS+PAP+LDAP and PEAP+MSCHAP+LDAP work. My LDAP server lives on CommunigatePro, and store password in various mode. This is not a problem for bind operation (TTLS+PAP), but have to be configured specifically for ldap search, method used by PEAP+MSCHAP. So problem didn't live in Freeradius. Regards, Paolo. Still in trouble. I've verified differences from TTLS+PAP+LDAP that works, and PEAP+MSCHAP+LDAP that doesn't work. I've also verified log from LDAP server. It seems that a succesful bind occurs only with TTLS+PAP+LDAP, but not occurs with PEAP so authentication fails. My LDAP store really clear-text password, but PEAP+MSCHAP seems doesn't care ! Some more hints ? Regards, Paolo. Since my LDAP store all passwords in clear-text, how can I force such way, instead of NT/LM-Password check? Regards, Paolo. Hi, as it says rlm_mschap: No User-Password configured. Cannot create LM-Password. rlm_mschap: No User-Password configured. Cannot create NT-Password. rlm_mschap: Told to do MS-CHAPv2 for myRfx with NT-Password rlm_mschap: FAILED: No NT/LM-Password. Cannot perform authentication. rlm_mschap: FAILED: MS-CHAP2-Response is incorrect modcall[authenticate]: module "mschap" returns reject for request 9 you will need a clear-text password or a NT/LM password hash to be in your LDAP directory. Then you have to map that attribute ( for example sambaNTPassword ) to User-Password. You are trying to do MSCHAP but there is simply no defined password for this authorization type. Regards, Edvin -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Paolo Barbato Sent: Donnerstag, 01. Dezember 2005 09:48 To: freeradius-users@lists.freeradius.org Subject: 802.1x ldap tls Hi list, yes I know that this question has been discussed so many times but, still I'm in trouble. I've set up freeradius in order to authenticate+authorize Cisco NAS of Aironet. I've successfully connected PC/MAC wireless clients using TTLS+PAP with in backend and LDAP DB. Problem arise when I try to make the same with TLS, I mean PEAP+MSCHAP and LDAP DB. THis doesn't works. If I set a local user in users file, that is good, but if I try a LDAP user nothing come. LDAP store plain password. Some hints ? Here, some extracts from log: rlm_ldap: - authorize rlm_ldap: performing user authorization for myRfx radius_xlat: '(uid=myRfx)' radius_xlat: 'o=Consorzio RFX' rlm_ldap: ldap_get_conn: Checking Id: 0 rlm_ldap: ldap_get_conn: Got Id: 0 rlm_ldap: performing search in o=Consorzio RFX, with filter (uid=myRfx) rlm_ldap: looking for check items in directory... rlm_ldap: looking for reply items in directory... rlm_ldap: user myRfx authorized to use remote access rlm_ldap: ldap_release_conn: Release Id: 0 modcall[authorize]: module "ldap" returns ok for request 9 modcall: group authorize returns updated for request 9 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 9 rlm_eap: Request found, released from the list rlm_eap: EAP/mschapv2 rlm_eap: processing type mschapv2 Processing the authenticate section of radiusd.conf modcall: entering group Auth-Type for request 9 rlm_mschap: No User-Password configured. Cannot create LM-Password. rlm_mschap: No User-Password configured. Cannot create NT-Password. rlm_mschap: Told to do MS-CHAPv2 for myRfx with NT-Password rlm_mschap: FAILED: No NT/LM-Password. Cannot perform authentication. rlm_mschap: FAILED: MS-CHAP2-Response is incorrect modcall[authenticate]: module "mschap" returns reject for request 9 modcall: group Auth-Type returns reject for request 9 rlm_eap: Freeing handler modcall[authenticate]: module "eap" returns reject for request 9 modcall: group authenticate returns reject for request 9 auth: Failed to validate the user. Login incorrect: [myRfx/] (from client localhost port 0) PEAP: Got tunneled reply RADIUS code 3 MS-CHAP-Error = "\tE=691 R=1" EAP-Message = 0x04090004 Message-Authenticator = 0x PEAP: Processing from tunneled session code 0x9db3b30 3 MS-CHAP-Error = "\tE=691 R=1" EAP-Message = 0x04090004 Message-Authenticator = 0x PEAP: Tunneled authentication was rejected. rlm_eap_peap: FAILURE modcall[authenticate]: module "eap" returns handled for request 9 modcall: group authenticate returns handled for request 9 Sending Access-Challenge of id 239 to 150.178.33.150:1645 EAP-Message = 0x010a002a1900170301001f1daf025ff66ee7cba51f42762f540bf78052e745788d4144c970 5681d67359 Message-Authenticator = 0x State = 0x2846493df32aa5a3d90a7d4d8c3b4867 Finished request 9 Going to the next request --- Walking the entire request li
Re: XP auth + PEAP
When i try to connect i have something like this: - Original Message - From: "Zoltan A. Ori" <[EMAIL PROTECTED]> To: "FreeRadius users mailing list" Sent: Tuesday, December 06, 2005 1:10 PM Subject: Re: XP auth + PEAP On Tuesday 06 December 2005 04:10, debik wrote: The problem is that i connect to the netowrk but i don't se the network. Ican't not ping any hosts. And what have you done to troubleshoot your connection? You must check your network. If the supplicant connects as you say, then either the network information you've given it is unusable or the NAS is not forwarding traffic. Everything will do what you tell it to do. It's basic network stuff and not for the FreeRADIUS mailing list. When connected, check your supplicant (Windows XP SP2, this is *not* the client). Look at the detailed status of the connection. Is the address, subnet mask, gateway usable on your network? Check the NAS (*this* is the client, not your Windows PC). Is it in agreement that the supplicant is authenticated and ready to forward traffic? Those are questions to ask yourself and check. We don't need to know the answers. You do. There is nothing anyone on this list can do to help you if all you can give are vague, general statements of your problem. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html __ NOD32 Informacje 1.1312 (20051205) __ Wiadomosc zostala sprawdzona przez System Antywirusowy NOD32 http://www.nod32.com lub http://www.nod32.pl - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: XP auth + PEAP
On Tuesday 06 December 2005 04:10, debik wrote: > The problem is that i connect to the netowrk but i don't se the network. > Ican't not ping any hosts. And what have you done to troubleshoot your connection? You must check your network. If the supplicant connects as you say, then either the network information you've given it is unusable or the NAS is not forwarding traffic. Everything will do what you tell it to do. It's basic network stuff and not for the FreeRADIUS mailing list. When connected, check your supplicant (Windows XP SP2, this is *not* the client). Look at the detailed status of the connection. Is the address, subnet mask, gateway usable on your network? Check the NAS (*this* is the client, not your Windows PC). Is it in agreement that the supplicant is authenticated and ready to forward traffic? Those are questions to ask yourself and check. We don't need to know the answers. You do. There is nothing anyone on this list can do to help you if all you can give are vague, general statements of your problem. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: XP auth + PEAP (debik)
i put this in users file but still failed.. same problem " rlm_mschap: FAILED: No NT/LM-Password". nurahEAP-Type == PEAP,User-Password=="mypasswd" --- xav guerin <[EMAIL PROTECTED]> wrote: > It's in radius in module configuration for mschap > (just before ldap > module), but your config is correct from this point > of view (it's > commented out). > Did you try EAP-Type := PEAP in the users file ? > > 2005/12/6, mat yuh <[EMAIL PROTECTED]>: > > here is my radiusd.conf > > > > --- xav guerin <[EMAIL PROTECTED]> wrote: > > > > > If you use users file with a User-Password, you > > > don't have to use ntlm > > > in MSCHAP config because it's only here to deal > with > > > a Windows domain > > > Controller. > > > > > > 2005/12/6, mat yuh <[EMAIL PROTECTED]>: > > > > > > > rlm_mschap: FAILED: No NT/LM-Password. Cannot > > > perform > > > > authentication. > > > > > > > > i do > > > > configure default_eap_type = peap in eap.conf > and > > > have > > > > a plain text password in users file : > > > > > > > > nurah User-Password == "mypasswd" > > > > > > Here is another problem : > > > You're trying to use a user cert, setting > EAP-Type > > > to PEAP in users > > > may solves it. > > > > > > HTH > > > > > > > rlm_eap_tls: Length Included > > > > eaptls_verify returned 11 > > > > (other): before/accept initialization > > > > TLS_accept: before/accept initialization > > > > rlm_eap_tls: <<< TLS 1.0 Handshake [length > > > 0032], > > > > ClientHello > > > > TLS_accept: SSLv3 read client hello A > > > > rlm_eap_tls: >>> TLS 1.0 Handshake [length > > > 004a], > > > > ServerHello > > > > TLS_accept: SSLv3 write server hello A > > > > rlm_eap_tls: >>> TLS 1.0 Handshake [length > > > 06cc], > > > > Certificate > > > > TLS_accept: SSLv3 write certificate A > > > > rlm_eap_tls: >>> TLS 1.0 Handshake [length > > > 0004], > > > > ServerHelloDone > > > > TLS_accept: SSLv3 write server done A > > > > TLS_accept: SSLv3 flush data > > > > TLS_accept:error in SSLv3 read client > > > certificate > > > > A > > > > > > - > > > List info/subscribe/unsubscribe? See > > > http://www.freeradius.org/list/users.html > > > > > > > > > > > __ > > Yahoo! DSL Something to write home about. > > Just $16.99/mo. or less. > > dsl.yahoo.com > > > > > > - > > List info/subscribe/unsubscribe? See > http://www.freeradius.org/list/users.html > > > > > > > > - > List info/subscribe/unsubscribe? See > http://www.freeradius.org/list/users.html > __ Yahoo! DSL Something to write home about. Just $16.99/mo. or less. dsl.yahoo.com - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: XP auth + PEAP (debik)
It's in radius in module configuration for mschap (just before ldap module), but your config is correct from this point of view (it's commented out). Did you try EAP-Type := PEAP in the users file ? 2005/12/6, mat yuh <[EMAIL PROTECTED]>: > here is my radiusd.conf > > --- xav guerin <[EMAIL PROTECTED]> wrote: > > > If you use users file with a User-Password, you > > don't have to use ntlm > > in MSCHAP config because it's only here to deal with > > a Windows domain > > Controller. > > > > 2005/12/6, mat yuh <[EMAIL PROTECTED]>: > > > > > rlm_mschap: FAILED: No NT/LM-Password. Cannot > > perform > > > authentication. > > > > > > i do > > > configure default_eap_type = peap in eap.conf and > > have > > > a plain text password in users file : > > > > > > nurah User-Password == "mypasswd" > > > > Here is another problem : > > You're trying to use a user cert, setting EAP-Type > > to PEAP in users > > may solves it. > > > > HTH > > > > > rlm_eap_tls: Length Included > > > eaptls_verify returned 11 > > > (other): before/accept initialization > > > TLS_accept: before/accept initialization > > > rlm_eap_tls: <<< TLS 1.0 Handshake [length > > 0032], > > > ClientHello > > > TLS_accept: SSLv3 read client hello A > > > rlm_eap_tls: >>> TLS 1.0 Handshake [length > > 004a], > > > ServerHello > > > TLS_accept: SSLv3 write server hello A > > > rlm_eap_tls: >>> TLS 1.0 Handshake [length > > 06cc], > > > Certificate > > > TLS_accept: SSLv3 write certificate A > > > rlm_eap_tls: >>> TLS 1.0 Handshake [length > > 0004], > > > ServerHelloDone > > > TLS_accept: SSLv3 write server done A > > > TLS_accept: SSLv3 flush data > > > TLS_accept:error in SSLv3 read client > > certificate > > > A > > > > - > > List info/subscribe/unsubscribe? See > > http://www.freeradius.org/list/users.html > > > > > > __ > Yahoo! DSL – Something to write home about. > Just $16.99/mo. or less. > dsl.yahoo.com > > > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html > > > - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
freeradius + LAN + auth + bandwidth (+ PPPOE?)
Hi All, I would like to use radius to authenticate our users (using desktop pcs) on our lan, and give them access to internet based on their authentication data. (to give them bandwidth). I am planning it using a pppoe server, and then our users will use a pppoe client (eg. rasppoe) to make the connection. Clients can be linux,w9x,w2k,wxp Is it a good plan? :) If there's a better solution, could You tell me what it is? Which pppoe server is good enough to use for large number of users? (eg. Roaring Pengiuns' RP-PPPoE server?) How can I control their bandwidth? I could successfully install freeradius wisth myql backend, and I can use this to authenticate our wifi users, so, the basics of freeradius is ok. But this time I have to authenticate lan users with oridnary ethernet network card. Thx TM - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: XP auth + PEAP (debik)
thanks xav for answering.. how to disable ntlm for MSCHAP?is it in radiusd.conf? --- xav guerin <[EMAIL PROTECTED]> wrote: > If you use users file with a User-Password, you > don't have to use ntlm > in MSCHAP config because it's only here to deal with > a Windows domain > Controller. > > 2005/12/6, mat yuh <[EMAIL PROTECTED]>: > > > rlm_mschap: FAILED: No NT/LM-Password. Cannot > perform > > authentication. > > > > i do > > configure default_eap_type = peap in eap.conf and > have > > a plain text password in users file : > > > > nurah User-Password == "mypasswd" > > Here is another problem : > You're trying to use a user cert, setting EAP-Type > to PEAP in users > may solves it. > > HTH > > > rlm_eap_tls: Length Included > > eaptls_verify returned 11 > > (other): before/accept initialization > > TLS_accept: before/accept initialization > > rlm_eap_tls: <<< TLS 1.0 Handshake [length > 0032], > > ClientHello > > TLS_accept: SSLv3 read client hello A > > rlm_eap_tls: >>> TLS 1.0 Handshake [length > 004a], > > ServerHello > > TLS_accept: SSLv3 write server hello A > > rlm_eap_tls: >>> TLS 1.0 Handshake [length > 06cc], > > Certificate > > TLS_accept: SSLv3 write certificate A > > rlm_eap_tls: >>> TLS 1.0 Handshake [length > 0004], > > ServerHelloDone > > TLS_accept: SSLv3 write server done A > > TLS_accept: SSLv3 flush data > > TLS_accept:error in SSLv3 read client > certificate > > A > > - > List info/subscribe/unsubscribe? See > http://www.freeradius.org/list/users.html > __ Yahoo! DSL Something to write home about. Just $16.99/mo. or less. dsl.yahoo.com - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: XP auth + PEAP (debik)
If you use users file with a User-Password, you don't have to use ntlm in MSCHAP config because it's only here to deal with a Windows domain Controller. 2005/12/6, mat yuh <[EMAIL PROTECTED]>: > rlm_mschap: FAILED: No NT/LM-Password. Cannot perform > authentication. > > i do > configure default_eap_type = peap in eap.conf and have > a plain text password in users file : > > nurah User-Password == "mypasswd" Here is another problem : You're trying to use a user cert, setting EAP-Type to PEAP in users may solves it. HTH > rlm_eap_tls: Length Included > eaptls_verify returned 11 > (other): before/accept initialization > TLS_accept: before/accept initialization > rlm_eap_tls: <<< TLS 1.0 Handshake [length 0032], > ClientHello > TLS_accept: SSLv3 read client hello A > rlm_eap_tls: >>> TLS 1.0 Handshake [length 004a], > ServerHello > TLS_accept: SSLv3 write server hello A > rlm_eap_tls: >>> TLS 1.0 Handshake [length 06cc], > Certificate > TLS_accept: SSLv3 write certificate A > rlm_eap_tls: >>> TLS 1.0 Handshake [length 0004], > ServerHelloDone > TLS_accept: SSLv3 write server done A > TLS_accept: SSLv3 flush data > TLS_accept:error in SSLv3 read client certificate > A - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: XP auth + PEAP (debik)
i'm also have a problem to make PEAP works with XP SP2.The PAP, EAP-tls, EAP-ttls work very well.i realise that freeradius gives me this error : rlm_mschap: No User-Password configured. Cannot create LM-Password. rlm_mschap: No User-Password configured. Cannot create NT-Password. rlm_mschap: Told to do MS-CHAPv2 for nurah with NT-Password rlm_mschap: FAILED: No NT/LM-Password. Cannot perform authentication. rlm_mschap: FAILED: MS-CHAP2-Response is incorrect modcall[authenticate]: module "mschap" returns reject for request 6 modcall: leaving group MS-CHAP (returns reject) for request 6 i do read the maillist and search on google but cant make XP SP2 Work with PEAP. i'm using several NAS such as SMC BARRICADE 2804WBR and Linksys WRT54G. i do configure default_eap_type = peap in eap.conf and have a plain text password in users file : nurah User-Password == "mypasswd" ** i make a new users file and put nurah user only in it here is my complete debug message : --- Initializing the thread pool... Listening on authentication address * port 1812 Listening on accounting address * port 1813 Listening on proxy address * port 1814 Ready to process requests. Nothing to do. Sleeping until we see a request. Processing the authorize section of radiusd.conf modcall: entering group authorize for request 0 modcall[authorize]: module "preprocess" returns ok for request 0 modcall[authorize]: module "chap" returns noop for request 0 modcall[authorize]: module "mschap" returns noop for request 0 modcall[authorize]: module "chap" returns noop for request 0 modcall[authorize]: module "unix" returns updated for request 0 rlm_realm: No '@' in User-Name = "nurah", looking up realm NULL rlm_realm: No such realm "NULL" modcall[authorize]: module "suffix" returns noop for request 0 rlm_eap: EAP packet type response id 7 length 10 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 0 users: Matched entry nurah at line 9 modcall[authorize]: module "files" returns ok for request 0 modcall[authorize]: module "expiration" returns noop for request 0 modcall[authorize]: module "logintime" returns noop for request 0 rlm_pap: Found existing Auth-Type, not changing it. modcall[authorize]: module "pap" returns noop for request 0 modcall: leaving group authorize (returns updated) for request 0 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 0 rlm_eap: EAP Identity rlm_eap: processing type tls rlm_eap_tls: Initiate rlm_eap_tls: Start returned 1 modcall[authenticate]: module "eap" returns handled for request 0 modcall: leaving group authenticate (returns handled) for request 0 Finished request 0 Going to the next request --- Walking the entire request list --- Waking up in 5 seconds... Processing the authorize section of radiusd.conf modcall: entering group authorize for request 1 modcall[authorize]: module "preprocess" returns ok for request 1 modcall[authorize]: module "chap" returns noop for request 1 modcall[authorize]: module "mschap" returns noop for request 1 modcall[authorize]: module "chap" returns noop for request 1 modcall[authorize]: module "unix" returns updated for request 1 rlm_realm: No '@' in User-Name = "nurah", looking up realm NULL rlm_realm: No such realm "NULL" modcall[authorize]: module "suffix" returns noop for request 1 rlm_eap: EAP packet type response id 8 length 65 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 1 users: Matched entry nurah at line 9 modcall[authorize]: module "files" returns ok for request 1 modcall[authorize]: module "expiration" returns noop for request 1 modcall[authorize]: module "logintime" returns noop for request 1 rlm_pap: Found existing Auth-Type, not changing it. modcall[authorize]: module "pap" returns noop for request 1 modcall: leaving group authorize (returns updated) for request 1 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 1 rlm_eap: Request found, released from the list rlm_eap: EAP/peap rlm_eap: processing type peap rlm_eap_peap: Authenticate rlm_eap_tls: processing TLS rlm_eap_tls: Length Included eaptls_verify returned 11 (other): before/accept initialization TLS_accept: before/accept initialization rlm_eap_tls: <<< TLS 1.0 Handshake [length 0032], ClientHello TLS_accept: SSLv3 read client hello A rlm_eap_tls: >>> TLS 1.0 Handshake [length 004a], ServerHello TLS_accept: SSLv3 write server hello A rlm_eap_tls: >>> TLS 1.0 Handshake [length 06cc], Certificate TLS_accept: SSLv3 write certificate A rlm_eap_tls: >>> TLS 1.0 Handshake [l
Re: XP auth + PEAP
I can't give you a correct answer if you don't explain exactly what happen. When you say you connect to the network, do you mean FR sends an Access-Accept or is a windows message? (configuration and logs will help us) How do you assign an IP address to your client (static ?, DHCP ?) 2005/12/6, debik <[EMAIL PROTECTED]>: > > The problem is that i connect to the netowrk but i don't se the network. > Ican't not ping any hosts. > > - Original Message - > From: xav guerin > To: FreeRadius users mailing list > > Sent: Tuesday, December 06, 2005 9:59 AM > Subject: Re: XP auth + PEAP > > He means (please correct me if I'm wrong) that it works with Win XP SP2 > native client and with others clients like Odyssey or AEGIS. > > Answer to your first question is yes, but we can't help you much more if you > don't explain what's your problem. > > > > 2005/12/6, debik <[EMAIL PROTECTED]>: > > What do you mean ?? > > - Original Message - > > From: "King, Michael" <[EMAIL PROTECTED]> > > To: "FreeRadius users mailing list" < > freeradius-users@lists.freeradius.org> > > Sent: Tuesday, December 06, 2005 5:45 AM > > Subject: RE: XP auth + PEAP > > > > > > > Several clients > > > > > > > > > > > > > > > > > > > > > From: [EMAIL PROTECTED] > > > [mailto:[EMAIL PROTECTED] ] > On Behalf Of > > > debik > > > Sent: Monday, December 05, 2005 6:30 PM > > > To: FreeRadius users mailing list > > > Subject: XP auth + PEAP > > > > > > > > > Have enybody connect the client running Windows XP SP2 to the > > > radius server with peap auth ??? > > > > > > > > > - > > > List info/subscribe/unsubscribe? See > > > http://www.freeradius.org/list/users.html > > > > > > __ NOD32 Informacje 1.1312 (20051205) __ > > > > > > Wiadomosc zostala sprawdzona przez System Antywirusowy NOD32 > > > http://www.nod32.com lub http://www.nod32.pl > > > > > > > > > > - > > List info/subscribe/unsubscribe? See > http://www.freeradius.org/list/users.html > > > > > > > > > - > List info/subscribe/unsubscribe? See > http://www.freeradius.org/list/users.html > > > - > List info/subscribe/unsubscribe? See > http://www.freeradius.org/list/users.html > > - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: XP auth + PEAP
The problem is that i connect to the netowrk but i don't se the network. Ican't not ping any hosts. - Original Message - From: xav guerin To: FreeRadius users mailing list Sent: Tuesday, December 06, 2005 9:59 AM Subject: Re: XP auth + PEAP He means (please correct me if I'm wrong) that it works with Win XP SP2 native client and with others clients like Odyssey or AEGIS.Answer to your first question is yes, but we can't help you much more if you don't explain what's your problem. 2005/12/6, debik <[EMAIL PROTECTED]>: What do you mean ??- Original Message -From: "King, Michael" <[EMAIL PROTECTED]>To: "FreeRadius users mailing list" < freeradius-users@lists.freeradius.org>Sent: Tuesday, December 06, 2005 5:45 AMSubject: RE: XP auth + PEAP> Several clients> >> From: [EMAIL PROTECTED]> [mailto:[EMAIL PROTECTED] ] On Behalf Of> debik> Sent: Monday, December 05, 2005 6:30 PM> To: FreeRadius users mailing list> Subject: XP auth + PEAP>>> Have enybody connect the client running Windows XP SP2 to the > radius server with peap auth ???>>> -> List info/subscribe/unsubscribe? See> http://www.freeradius.org/list/users.html>> __ NOD32 Informacje 1.1312 (20051205) __>> Wiadomosc zostala sprawdzona przez System Antywirusowy NOD32> http://www.nod32.com lub http://www.nod32.pl>>-List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: XP auth + PEAP
He means (please correct me if I'm wrong) that it works with Win XP SP2 native client and with others clients like Odyssey or AEGIS. Answer to your first question is yes, but we can't help you much more if you don't explain what's your problem. 2005/12/6, debik <[EMAIL PROTECTED]>: What do you mean ??- Original Message -From: "King, Michael" <[EMAIL PROTECTED]>To: "FreeRadius users mailing list" < freeradius-users@lists.freeradius.org>Sent: Tuesday, December 06, 2005 5:45 AMSubject: RE: XP auth + PEAP> Several clients> >> From: [EMAIL PROTECTED]> [mailto:[EMAIL PROTECTED] ] On Behalf Of> debik> Sent: Monday, December 05, 2005 6:30 PM> To: FreeRadius users mailing list> Subject: XP auth + PEAP>>> Have enybody connect the client running Windows XP SP2 to the > radius server with peap auth ???>>> -> List info/subscribe/unsubscribe? See> http://www.freeradius.org/list/users.html >> __ NOD32 Informacje 1.1312 (20051205) __>> Wiadomosc zostala sprawdzona przez System Antywirusowy NOD32> http://www.nod32.com lub http://www.nod32.pl>>-List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
