Re: Lotus Notes Encryption
Hi, But then again, when I tested it out, it only works locally with linux platforms but when I tried to test it with the wifi router and windows clients, it didn't. That's because your Windows clients use PEAP. PEAP encrypts the user's password, while Notes encrypts it in a different, and incompatible way. Due to that, PEAP and Notes *will not work*. You could possibly remedy this with a windows client that speaks TTLS-PAP instead. But that's extra software to install and may or may not be practical for you. Greetings, Stefan Winter Here is my debug: rad_recv: Access-Request packet from host 10.96.100.205 port 1400, id=0, length=143 User-Name = kim.almarez NAS-IP-Address = 10.96.100.205 Called-Station-Id = 0014bf8abbc5 Calling-Station-Id = 002682a0ed7d NAS-Identifier = 0014bf8abbc5 NAS-Port = 48 Framed-MTU = 1400 State = 0x12d80ee013da174ed007cbe32dab339b NAS-Port-Type = Wireless-802.11 EAP-Message = 0x020200061900 Message-Authenticator = 0xed627311a6a1881b5ccc49e9a637dbb5 +- entering group authorize {...} ++[preprocess] returns ok ++[chap] returns noop [suffix] No '@' in User-Name = kim.almarez, looking up realm NULL [suffix] No such realm NULL ++[suffix] returns noop [eap] EAP packet type response id 2 length 6 [eap] Continuing tunnel setup. ++[eap] returns ok Found Auth-Type = EAP +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/peap [eap] processing type peap [peap] processing EAP-TLS [peap] Received TLS ACK [peap] ACK handshake fragment handler [peap] eaptls_verify returned 1 [peap] eaptls_process returned 13 [peap] EAPTLS_HANDLED ++[eap] returns handled Sending Access-Challenge of id 0 to 10.96.100.205 port 1400 EAP-Message = 0x010303fc1940a5300d06092a864886f70d010105050030818e310b3009060355040613025048310f300d060355040813064d616e696c61310e300c0603550407130550617361793111300f060355040a1308534d205072696d653123302106092a864886f70d0109011614706572657a2e32726f6e40676d61696c2e636f6d312630240603550403131d4578616d706c6520436572746966696361746520417574686f72697479301e170d3130303830353231343433315a170d3131303830353231343433315a30818e310b3009060355040613025048310f300d060355040813064d616e696c61310e300c0603550407130550617361793111300f06 EAP-Message = 0x0355040a1308534d205072696d653123302106092a864886f70d0109011614706572657a2e32726f6e40676d61696c2e636f6d312630240603550403131d4578616d706c6520436572746966696361746520417574686f7269747930820122300d06092a864886f70d01010105000382010f003082010a0282010100c377b277cfce89da192b6975f0e2c6f2860fd64da3fd80309a1ea8bb2ef91fa0d004899dfb920f5bd5bba909cc537b86d0ac729985a36c6c7bb562a02aeb6cbbadbd25c73240631e24c7bc66d8bcc423848426c6094bebdca51e781a251f99361eb4885aaa88541eabb41ccf08250ccfa82eb3f18b3ba6025f53e1994f0e9a5f81 EAP-Message = 0x96ab436778d1b5b28ffa1d177836b9584f8228ae3f38eb1b255e5ecc9ffdb5fd5f41ed8f88d07fb1865be3b978d27fd8f5de8a5f66814c415f2f81948713e5475d61ff81076a6c12afd11a2b4efb8114e2dee083866a63775065a83aecaa60f96d32d41db2651e6523d1dda4968768503b77957ed302e70148af04bea6b33d0203010001a381f63081f3301d0603551d0e04160414eb114a719ea71a316c157f42cb959cbe3d7ad1453081c30603551d230481bb3081b88014eb114a719ea71a316c157f42cb959cbe3d7ad145a18194a4819130818e310b3009060355040613025048310f300d060355040813064d616e696c61310e300c0603550407 EAP-Message = 0x130550617361793111300f060355040a1308534d205072696d653123302106092a864886f70d0109011614706572657a2e32726f6e40676d61696c2e636f6d312630240603550403131d4578616d706c6520436572746966696361746520417574686f72697479820900e6d6f0b5c23c70a5300c0603551d13040530030101ff300d06092a864886f70d01010505000382010100560f8590dfda5419fd715a32a3c02c7dfea64b4f7ab3f1d76173a6206a9919d372f97837051eba6b10fa29e2f813863875f2f260ce5e7935ddc4267fb7b6230d9c2b4cdaaf825e25b4910d895ed0355c1860eb0cb62961ee54228efe26aa5315820139132002a30d07 EAP-Message = 0xbd4b27e772945483 Message-Authenticator = 0x State = 0x12d80ee010db174ed007cbe32dab339b Finished request 2. Going to the next request Waking up in 4.9 seconds. rad_recv: Access-Request packet from host 10.96.100.205 port 1402, id=0, length=143 User-Name = kim.almarez NAS-IP-Address = 10.96.100.205 Called-Station-Id = 0014bf8abbc5 Calling-Station-Id = 002682a0ed7d NAS-Identifier = 0014bf8abbc5 NAS-Port = 48 Framed-MTU = 1400 State = 0x12d80ee010db174ed007cbe32dab339b NAS-Port-Type = Wireless-802.11 EAP-Message = 0x020300061900 Message-Authenticator = 0xdd9bb4604cc491e52d93993ef5295629 +- entering group authorize {...} ++[preprocess] returns ok ++[chap] returns noop [suffix] No '@' in User-Name = kim.almarez, looking up realm NULL [suffix] No such realm NULL ++[suffix] returns noop [eap] EAP packet type response id 3 length 6 [eap] Continuing tunnel setup. ++[eap] returns ok Found
Re: Lotus Notes Encryption
Thanks for the quick response Stefan. Regarding with practicality issues, its not a problem. I want to try all the possibility for me to be able to make this work. Due to that, PEAP and Notes *will not work*. You could possibly remedy this with a windows client that speaks TTLS-PAP instead. But that's extra software to install and may or may not be practical for you. I'm not familiar with the TTLS-PAP protocol and using PAP for authentication might make my server not work again with regards to LDAP, but still I want to give it a try. And also what are these softwares that will help me work this TTLS-PAP protocol? -- View this message in context: http://old.nabble.com/Lotus-Notes-Encryption-tp29449703p29478963.html Sent from the FreeRadius - User mailing list archive at Nabble.com. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Freeradius + WPA2 + Windows Client
I have configured a Freeradius 2 server that authenticates on ldap for wireless network connection. While testing, the radtest sends access-accept locally with linux platforms but when I try to test it using the router, it fails. The error in the debug shows: [mschapv2] WARNING: Unknown value specified for Auth-Type. Cannot perform requested action. I've used peap and ttls as default eap type but it goes with the same error. I really need help for this matter. -- View this message in context: http://old.nabble.com/Freeradius-%2B-WPA2-%2B-Windows-Client-tp29479107p29479107.html Sent from the FreeRadius - User mailing list archive at Nabble.com. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Freeradius + WPA2 + Windows Client
rrperez wrote: The error in the debug shows: [mschapv2] WARNING: Unknown value specified for Auth-Type. Cannot perform requested action. You edited the default configuration and broke it. Don't do that. I've used peap and ttls as default eap type but it goes with the same error. I really need help for this matter. Stop breaking the configuration. It's really not that hard to get the server up and running. Most of the problems you're running into are because you're destroying the configuration, creating problems for yourself, and then asking us to help you fix them. The best help we can offer is to tell you: stop breaking the configuration. I have no idea what you think you're doing, but stop it. It's wasting your time, and ours. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Lotus Notes Encryption
Hi, google for supplicant TTLS-PAP. There are numerous products for numerous platforms. Stefan Am 19.08.2010 08:38, schrieb rrperez: Thanks for the quick response Stefan. Regarding with practicality issues, its not a problem. I want to try all the possibility for me to be able to make this work. Due to that, PEAP and Notes *will not work*. You could possibly remedy this with a windows client that speaks TTLS-PAP instead. But that's extra software to install and may or may not be practical for you. I'm not familiar with the TTLS-PAP protocol and using PAP for authentication might make my server not work again with regards to LDAP, but still I want to give it a try. And also what are these softwares that will help me work this TTLS-PAP protocol? -- Stefan WINTER Ingenieur de Recherche Fondation RESTENA - Réseau Téléinformatique de l'Education Nationale et de la Recherche 6, rue Richard Coudenhove-Kalergi L-1359 Luxembourg Tel: +352 424409 1 Fax: +352 422473 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Lotus Notes Encryption
On Thu, Aug 19, 2010 at 6:38 PM, rrperez rrpe...@apc.edu.ph wrote: Thanks for the quick response Stefan. Regarding with practicality issues, its not a problem. I want to try all the possibility for me to be able to make this work. Due to that, PEAP and Notes *will not work*. You could possibly remedy this with a windows client that speaks TTLS-PAP instead. But that's extra software to install and may or may not be practical for you. I'm not familiar with the TTLS-PAP protocol and using PAP for authentication might make my server not work again with regards to LDAP, but still I want to give it a try. And also what are these softwares that will help me work this TTLS-PAP protocol? It means that your clients will send the password to the radius server in cleartext rather than PEAP encrypting them. There isn't any way to authenticate against your Notes box with anything other than a cleartext password. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Freeradius + WPA2 + Windows Client
Thanks for the response Alan, I just commented out the pap and uncomment the ldap in the default and like I said, it is working fine but with windows client, it fails the authentication protocol which is mschapv2. My configuration is about freeradius authenticating its users from a domino ldap directory. If I uncomment the pap in the default, the server will perform pap authentication instead of ldap. I want an ldap authentication rather than pap because it is only the possible way for me to authenticate in the domino ldap. By using this method, doing radtest on linux platforms within local network works. But with windows clients n the wireless authentication fails because it uses EAP-MSCHAPv2. (This is also the same if I use pap authentication) I just want to know if there are any EAP protocol aside from MSCHAPv2 that will work on windows clients? -- View this message in context: http://old.nabble.com/Freeradius-%2B-WPA2-%2B-Windows-Client-tp29479107p29479260.html Sent from the FreeRadius - User mailing list archive at Nabble.com. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Encountering error when using radius -X
kartik dadwal wrote: Hi, I have ubuntu 9.10. Can you please tell me 1)Before running radius -X what all steps should be completed? 2)what should be the subdirectory structure for freeradius and where it should be formed in the directory structure? 3)which sub directory should I give the radius -X command. Before to try to give answers, do you really need to compile your own radius from sources ? Now you know that with radius binary .deb package, radius config is in /etc/freeradius directory. Can you consider to forget sources you downloaded ? If you can't, i never used the way you are following. You'll have to consided depends. And i have not enough time to try your way on a box. On Wed, Aug 18, 2010 at 7:05 AM, Fabien COMBERNOUS fcombern...@kezia.com mailto:fcombern...@kezia.com wrote: In general you can get the list of the files from a deb package with the command line : $ dpkg -L name of the package Here we have : $ dpkg -L freeradius | grep etc /etc /etc/pam.d /etc/pam.d/radiusd /etc/init.d /etc/init.d/freeradius /etc/freeradius -- *Fabien COMBERNOUS* /unix system engineer/ www.kezia.com http://www.kezia.com/ *Tel: +33 (0) 467 992 986* Kezia Group - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Lotus Notes Encryption
Thanks for the quick response Peter, It means that your clients will send the password to the radius server in cleartext rather than PEAP encrypting them. There isn't any way to authenticate against your Notes box with anything other than a cleartext password. I somewhat understand what your pointing at, but I don't know how to do this. My goal is to authenticate the users stored in notes ldap for my wireless network. Is it possible for me to do this? -- View this message in context: http://old.nabble.com/Lotus-Notes-Encryption-tp29449703p29479316.html Sent from the FreeRadius - User mailing list archive at Nabble.com. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Freeradius + WPA2 + Windows Client
rrperez wrote: I just commented out the pap and uncomment the ldap in the default and like I said, it is working fine but with windows client, it fails the authentication protocol which is mschapv2. Nonsense. The output you posted showed an mschapv2 module. There is *no* such module in the default server configuration. I don't think you're intentionally misleading us. I *do* think you're not paying attention to what you're doing, and you're not paying attention to the messages on this list. My configuration is about freeradius authenticating its users from a domino ldap directory. If I uncomment the pap in the default, the server will perform pap authentication instead of ldap. I want an ldap authentication rather than pap because it is only the possible way for me to authenticate in the domino ldap. You've said that lots. Repeating yourself like that is another sign that you're not paying attention. By using this method, doing radtest on linux platforms within local network works. But with windows clients n the wireless authentication fails because it uses EAP-MSCHAPv2. (This is also the same if I use pap authentication) I just want to know if there are any EAP protocol aside from MSCHAPv2 that will work on windows clients? Read the messages on this list. Your questions have been asked, and answered many times. Now stop asking questions. *All* of the questions you've asked have been answered already. Go back and read the responses. If you keep asking the same questions, you will be admitting that you're not reading the responses, and that you're wasting everyones time. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Lotus Notes Encryption
On Thu, Aug 19, 2010 at 7:42 PM, rrperez rrpe...@apc.edu.ph wrote: Thanks for the quick response Peter, It means that your clients will send the password to the radius server in cleartext rather than PEAP encrypting them. There isn't any way to authenticate against your Notes box with anything other than a cleartext password. I somewhat understand what your pointing at, but I don't know how to do this. My goal is to authenticate the users stored in notes ldap for my wireless network. Is it possible for me to do this? Yes, I think Stefan more than answered the process you will need to take: google for supplicant TTLS-PAP. There are numerous products for numerous platforms. It will mean that you will need to change your clients to get it working (installing a different supplicant rather than the standard windows one), and that the clients will talk to the access point over SSL (TTLS) but since it's using PAP the password is sent not hashed or encrypted. So then when the NAS (Wireless access point) talks to FreeRadius and sends the password not encrypted or hashed. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Lotus Notes Encryption
Hi, It will mean that you will need to change your clients to get it working (installing a different supplicant rather than the standard windows one), and that the clients will talk to the access point over SSL (TTLS) but since it's using PAP the password is sent not hashed or encrypted. So then when the NAS (Wireless access point) talks to FreeRadius and sends the password not encrypted or hashed. Uh, that last part is not true. The NAS doesn't see or transmit any passwords in the clear. The TLS tunnel spans from the client to the RADIUS server. The RADIUS server will then see the clear-text password, *no one else*. It's a popular urban legend that TTLS sends clear text passwords, but it's not true. Stefan -- Stefan WINTER Ingenieur de Recherche Fondation RESTENA - Réseau Téléinformatique de l'Education Nationale et de la Recherche 6, rue Richard Coudenhove-Kalergi L-1359 Luxembourg Tel: +352 424409 1 Fax: +352 422473 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Freeradius + WPA2 + Windows Client
Sorry for the inconvenience Alan, I'm just a student and currently studying/exploring radius servers. Now I changed all the configuration back to default and make the some configuration to make ldap works. Here is the debug and it is quite different from the previous one: rad_recv: Access-Request packet from host 10.96.100.205 port 1494, id=0, length=143 User-Name = kim.almarez NAS-IP-Address = 10.96.100.205 Called-Station-Id = 0014bf8abbc5 Calling-Station-Id = 002682a0ed7d NAS-Identifier = 0014bf8abbc5 NAS-Port = 48 Framed-MTU = 1400 State = 0x37e5184d33e0019d0fd828625cb2b12f NAS-Port-Type = Wireless-802.11 EAP-Message = 0x020500061900 Message-Authenticator = 0xcffe22481a4058a92af0247cdbeb03ec +- entering group authorize {...} ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop [suffix] No '@' in User-Name = kim.almarez, looking up realm NULL [suffix] No such realm NULL ++[suffix] returns noop [eap] EAP packet type response id 5 length 6 [eap] Continuing tunnel setup. ++[eap] returns ok Found Auth-Type = EAP +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/peap [eap] processing type peap [peap] processing EAP-TLS [peap] Received TLS ACK [peap] ACK handshake is finished [peap] eaptls_verify returned 3 [peap] eaptls_process returned 3 [peap] EAPTLS_SUCCESS ++[eap] returns handled Sending Access-Challenge of id 0 to 10.96.100.205 port 1494 EAP-Message = 0x0106002b1900170301002091954e9ec07cc3ca9afa609b287aea0248a1a1fbb2fe6ad3ccf1ea09fba06e11 Message-Authenticator = 0x State = 0x37e5184d32e3019d0fd828625cb2b12f Finished request 6. Going to the next request Waking up in 4.7 seconds. rad_recv: Access-Request packet from host 10.96.100.205 port 1496, id=0, length=196 User-Name = kim.almarez NAS-IP-Address = 10.96.100.205 Called-Station-Id = 0014bf8abbc5 Calling-Station-Id = 002682a0ed7d NAS-Identifier = 0014bf8abbc5 NAS-Port = 48 Framed-MTU = 1400 State = 0x37e5184d32e3019d0fd828625cb2b12f NAS-Port-Type = Wireless-802.11 EAP-Message = 0x0206003b19001703010030b116207fd585e2b669e3f77de44fc303752534eacf129c6be70a929f6c0f467eac807a801d321cd3fbee1078fefb5fcc Message-Authenticator = 0xa31d5cd12cca50d02ad850f9eb1f0ff8 +- entering group authorize {...} ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop [suffix] No '@' in User-Name = kim.almarez, looking up realm NULL [suffix] No such realm NULL ++[suffix] returns noop [eap] EAP packet type response id 6 length 59 [eap] Continuing tunnel setup. ++[eap] returns ok Found Auth-Type = EAP +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/peap [eap] processing type peap [peap] processing EAP-TLS [peap] eaptls_verify returned 7 [peap] Done initial handshake [peap] eaptls_process returned 7 [peap] EAPTLS_OK [peap] Session established. Decoding tunneled attributes. [peap] Identity - kim.almarez [peap] Got tunneled request EAP-Message = 0x02060010016b696d2e616c6d6172657a server { PEAP: Got tunneled identity of kim.almarez PEAP: Setting default EAP type for tunneled EAP session. PEAP: Setting User-Name to kim.almarez Sending tunneled request EAP-Message = 0x02060010016b696d2e616c6d6172657a FreeRADIUS-Proxied-To = 127.0.0.1 User-Name = kim.almarez server inner-tunnel { +- entering group authorize {...} ++[chap] returns noop ++[mschap] returns noop ++[unix] returns notfound [suffix] No '@' in User-Name = kim.almarez, looking up realm NULL [suffix] No such realm NULL ++[suffix] returns noop ++[control] returns noop [eap] EAP packet type response id 6 length 16 [eap] No EAP Start, assuming it's an on-going EAP conversation ++[eap] returns updated ++[files] returns noop [ldap] performing user authorization for kim.almarez [ldap] expand: %{Stripped-User-Name} - [ldap] expand: %{User-Name} - kim.almarez [ldap] expand: (uid=%{%{Stripped-User-Name}:-%{User-Name}}) - (uid=kim.almarez) [ldap] expand: O=SMPRIME - O=SMPRIME rlm_ldap: ldap_get_conn: Checking Id: 0 rlm_ldap: ldap_get_conn: Got Id: 0 rlm_ldap: performing search in O=SMPRIME, with filter (uid=kim.almarez) [ldap] looking for check items in directory... [ldap] looking for reply items in directory... WARNING: No known good password was found in LDAP. Are you sure that the user is configured correctly? [ldap] user kim.almarez authorized to use remote access rlm_ldap: ldap_release_conn: Release Id: 0 ++[ldap] returns ok ++[expiration] returns noop ++[logintime] returns noop ++[pap] returns noop Found Auth-Type = EAP +- entering group authenticate {...} [eap] EAP Identity [eap] processing type mschapv2 rlm_eap_mschapv2: Issuing Challenge ++[eap] returns handled } # server inner-tunnel [peap] Got tunneled reply code 11
Re: Lotus Notes Encryption
Thanks for the quick response Peter and Stefan, Can you specifically tell me what do I need to make this TTLS-PAP? I have windows clients so do I need to download supplicant for windows? -- View this message in context: http://old.nabble.com/Lotus-Notes-Encryption-tp29449703p29479742.html Sent from the FreeRadius - User mailing list archive at Nabble.com. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Freeradius + WPA2 + Windows Client
On Thu, Aug 19, 2010 at 3:42 PM, rrperez rrpe...@apc.edu.ph wrote: Sorry for the inconvenience Alan, I'm just a student and currently studying/exploring radius servers. You seem to be selectively ignoring some sugesstions though. It's fine if you REALLY know what you're doing, but this does not seem to be the case. Now I changed all the configuration back to default and make the some configuration to make ldap works. Here is the debug and it is quite different from the previous one: Here's some things you need to take note of: (1) If you configure clients to use PEAPv0/EAP-MSCHAPv2 (or sometimes refered to as PEAP only), it does not supply plain-text/cleartext password (2) authenticating to Lotus Domino requires that you supply plain-text password, since Lotus stores password using some propietary hash/encryption (3) One of the EAP methods that can send plain-text password is PEAP-GTC (others on this list have suggested TTLS-PAP) (4) Windows by itself does not support PEAP-GTC or TTLS-PAP (5) Thus, you need third-party supplicant to have Windows be able to use EAP methods which sends cleartext password. Does this make sense so far? Have you use any third-party supplicant and configure them to do either PEAP-GTC or TTLS-PAP? If yes, the password that you typed when authenticating should show up in the debug log (which doesn't seem to be the case). See http://wiki.freeradius.org/Extensible_Authentication_Protocol http://lists.freeradius.org/pipermail/freeradius-users/2010-August/msg00297.html Commercial supplicant is also available: http://www.ciscosystems.com/en/US/products/ps7034/products_configuration_example09186a0080734afc.shtml -- Fajar - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Lotus Notes Encryption
Hi, I have windows clients so do I need to download supplicant for windows? Open1X or SecureW2 are 2 quick options for you. the first one is free. alan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Runtime-Change of Reply-Message or Group-Membership
Hello! I have the following situation: If a user has some special attributes which I can check for example in the authorize section (eg. user is in baduser-Table), I would need to change the reply message once for the actual dialin-session. I think changing his usergroup-memberhip for the actual session would be the best way for doing that. So is there a way to temporarily change the usergroup for the reply-message in runtime? Best regards, Christian Kneissl O?. Ferngas Netz GmbH, Sitz Linz, FN 293793 z (LG Linz) Diese Nachricht ist vertraulich und nur f?r den/die Adressaten bestimmt. Falls Sie diese Nachricht irrt?mlich erhalten haben, verst?ndigen Sie bitte den Absender und l?schen Sie diese Nachricht sowie s?mtliche Anh?nge. Gem?? dem Telekommunikationsgesetz 2003 ist eine Weiterleitung an Unbefugte und/oder die Verwendung f?r irgendwelche Zwecke verboten. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
freeradius pap ldap
hi, i'm newbie on freeradius and i have some problems to configure my freeradius-2.1.9. i sucessfully configured my freeradius to authenticate using a mysql database, but i can't make it authenticate using a openLDAP server, i need to make my 3com 5800G switches to authenticate on freeradius server using macbased auth, if somebody have some experience with that or some documentation i'll appreciate. thanks - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Flaky AP or borked Config? EAP-PEAP
This is the manufacturer of the broken AP http://skypilot.trilliantinc.com/ Skypilot was an indie manufacturer, recently purchased by trilliant. not sure who makes their hardware now- the tdm, one radio-many antennas approach has worked well for my muni mesh. they used to have a forum where i whined about the lack of EAP-TLS support to no avail, i think the forum is dead since the trilliant purchase. wireless security, 802.1x mentioned in these docs: http://skypilot.trilliantinc.com/pdf/wp_WirelessSecurity.pdf http://skypilot.trilliantinc.com/pdf/ds_SkyExtenderPlus.pdf only mention i could find specifically excluding EAP-TLS method is here, on page 25: http://skypilot.trilliantinc.com/support/documents/SkyAccess_DualBand_Installation_Guide.pdf Nolan On 8/18/2010 at 5:34 PM, in message 4c6c7c0d.7030...@deployingradius.com, Alan DeKok al...@deployingradius.com wrote: David Mitton wrote: Apart from the OP's particular problem, you can be assured that there are APs that unfortunately do care about the EAP method in use. We should put a list of them on the Wiki as broken APs. It's ridiculous for them to be inspecting the EAP transport later. Certainly EAP-TLS should be supported, as it's one of the only 5 EAP methods tested by the WiFi Alliance. But perhaps you missed my presentation: http://www.ietf.org/proceedings/66/slides/emu-4/sld1.htm I didn't make it to that IETF. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Flaky AP or borked Config? EAP-PEAP
Nolan King wrote: This is the manufacturer of the broken AP http://skypilot.trilliantinc.com/ Skypilot was an indie manufacturer, recently purchased by trilliant. not sure who makes their hardware now- the tdm, one radio-many antennas approach has worked well for my muni mesh. they used to have a forum where i whined about the lack of EAP-TLS support to no avail, i think the forum is dead since the trilliant purchase. wireless security, 802.1x mentioned in these docs: http://skypilot.trilliantinc.com/pdf/wp_WirelessSecurity.pdf http://skypilot.trilliantinc.com/pdf/ds_SkyExtenderPlus.pdf only mention i could find specifically excluding EAP-TLS method is here, on page 25: http://skypilot.trilliantinc.com/support/documents/SkyAccess_DualBand_Installation_Guide.pdf It takes a special kind of dedication to make PEAP work, but to break EAP-TLS. i.e. you have to write *extra* code in the AP to look for EAP-TLS. Then, you have to do something different from PEAP. If the AP manufacturer instead supported EAP (*any* kind), then PEAP would work. TTLS would work. TLS would work. EAP-FAST would work. I've seen RADIUS servers that do this kind of thing (Merit). It's good for everyone that no one uses those products any more. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Using unlang to control ldap module
Is there a way I can conditionally change the config items in the ldap module, so that if NAS-Port-Type = Wireless then access_attr = X -John - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Lotus Notes Encryption
Thanks for the response Alan, I have downloaded Open1x in my windows client, but I don't know how to configure it... -- View this message in context: http://old.nabble.com/Lotus-Notes-Encryption-tp29449703p29488293.html Sent from the FreeRadius - User mailing list archive at Nabble.com. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Freeradius + WPA2 + Windows Client
Thanks for this response Fajar, It definitely make sense, now I'm trying to install Open1x, but I can't find a manual on how to configure this. Do you know some references that can help me configuring Open1x? -- View this message in context: http://old.nabble.com/Freeradius-%2B-WPA2-%2B-Windows-Client-tp29479107p29488375.html Sent from the FreeRadius - User mailing list archive at Nabble.com. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Supplicant for Windows (XP, Vista and W7)
Hi, Does anyone knows a supplicant that might work on windows platforms such as XP, Vista and Windows 7? -- View this message in context: http://old.nabble.com/Supplicant-for-Windows-%28XP%2C-Vista-and-W7%29-tp29488428p29488428.html Sent from the FreeRadius - User mailing list archive at Nabble.com. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Supplicant for Windows (XP, Vista and W7)
Windows includes a supplicant that does a number of things. Could you be a bit more specific in what functionality you are looking for? Dave. On 8/19/2010 11:22 PM, rrperez wrote: Hi, Does anyone knows a supplicant that might work on windows platforms such as XP, Vista and Windows 7? -- - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html