Re: 802.1x Issue
I haven't tested it, but I found XSupplicant (http://open1x.sourceforge.net/), and it seems to enable 802.11x authentication with PAP, even on e.g. Windows XP Home machines that don't support 802.11x out of the box. That's what they say anyway. Le 30/11/2012 17:23, Brekler Custodio a écrit : Is there any way a Microsoft Notebook authenticate using MD5 or PAP ? By default is only EAP (PEAP) or card/certificate, i need to know if there is anything you guys know that makes windows works on PAP or MD5... Im searching on internet right now to see if i can find, anyways i leave the question open here to anyone who knows. signature.asc Description: OpenPGP digital signature - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Newbie question about rlm_exec usage
I don't know if I understand the process correctly : as far as I understand, an authentication request is handled successively by the listed modules in the authorize {} section, right ? So, now that I figured that I have to use PAP as phase2, I can have the cleartext password. But I don't know how I can provide it to the PAP module : it complains that no known good password had been found for the user. What should my executed program return to say that the user is granted access ? Le 23/11/2012 21:28, Hoggins! a écrit : OK, that explains a lot. I guess I need to find a method that lets the Cleartext-Password go through. I don't know how to do this, actually, as our passwords are now stored hashed. Any hint? signature.asc Description: OpenPGP digital signature - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Newbie question about rlm_exec usage
Hello everyone, We're facing an issue with rlm_exec, or at least Ithink our problem comes from there. We use FreeRADIUS for a Wifi access point. We userlm_sql, and our clients authenticate using 802.1x, with a certificate and a pair of login/password credentials. Everything works just fine, and we just had to customize a little bit the SQL queries to match our shared tables. Now, we would like to use another way of authorizing our users on our Wifi network. Basically, a script should be called by FreeRADIUS, and the result of the script would determine whether the user is granted access or not.To be precise, the script uses a curl callwith POST parameters (over an SSL connexion), andthe returned result happens to be the authentication request result. The script works perfectly, exiting with the correct error code, according to what it should return. Yay ! So we just replaced the line sql in the authorize { } with a curl line, curl being a module we created, copying the echo module. Alas, it does not work, and mschap complains about the absence of Cleartext-Password. So before posting a lotof debug info and our scripts, does this procedure seem ok to you ? Thanks in advance, Hoggins! signature.asc Description: OpenPGP digital signature - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Newbie question about rlm_exec usage
OK, that explains a lot. I guess I need to find a method that lets the Cleartext-Password go through. I don't know how to do this, actually, as our passwords are now stored hashed. Any hint? Le 23/11/2012 19:18, Alan Buxey a écrit : eg if using PEAP, the client never sends a password, instead its challenge-response which works because the SQL contains a copy of the password so MSCHAP can derive an agreement signature.asc Description: OpenPGP digital signature - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Two radius server on same machine
Hello. If I'm right, there's a 2.x.x feature that allows to run several virtual servers on the same machine. So you can configure the same service to listen on different ports and to behave differently. I believe it is well documented, though. Nataniel Klug a écrit : Hello all, I am trying to find some info about running two freeradius servers (on different ports) in the same machine. Can someone help me? I couldn't find any info... - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: MySQL connection over SSL possible?
Hello, I assume that data integrity and secrecy is vital for you, between your RADIUS server and your MySQL server. Why not creating an IPSEC tunnel between the two ones ? It doesn't require any programming skills, and it's fully secure if it is well set. It might be any encrypted VPN system, by the way. IPSEC is just an example. Hoggins! Alan DeKok a écrit : Anders Holm wrote: So, that's a yes .. :) Yes. rlm_sql_mysql is the driver, and I'd rather not have my own version running, but would love to see that rolled in, if possible. My only problem with creating a patch and send it in is more that I am not a coder really. I'd be more likely to create more problems then I'd solve .. ;) There are other options. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Listen port problem
{ with_ntdomain_hack = no } Module: Checking authorize {...} for more modules to load Module: Linked to module rlm_preprocess Module: Instantiating preprocess preprocess { huntgroups = /etc/raddb//huntgroups hints = /etc/raddb//hints with_ascend_hack = no ascend_channels_per_line = 23 with_ntdomain_hack = no with_specialix_jetstream_hack = no with_cisco_vsa_hack = no with_alvarion_vsa_hack = no } Module: Linked to module rlm_realm Module: Instantiating suffix realm suffix { format = suffix delimiter = @ ignore_default = no ignore_null = no } Module: Linked to module rlm_files Module: Instantiating files files { usersfile = /etc/raddb//users acctusersfile = /etc/raddb//acct_users preproxy_usersfile = /etc/raddb//preproxy_users compat = no } Module: Checking preacct {...} for more modules to load Module: Linked to module rlm_acct_unique Module: Instantiating acct_unique acct_unique { key = User-Name, Acct-Session-Id, NAS-IP-Address, Client-IP-Address, NAS-Port } Module: Checking accounting {...} for more modules to load Module: Linked to module rlm_detail Module: Instantiating detail detail { detailfile = /var/log/radius/radacct/%{Client-IP-Address}/detail-%Y%m%d header = %t detailperm = 384 dirperm = 493 locking = no log_packet_header = no } Module: Linked to module rlm_radutmp Module: Instantiating radutmp radutmp { filename = /var/log/radius/radutmp username = %{User-Name} case_sensitive = yes check_with_nas = yes perm = 384 callerid = yes } Module: Linked to module rlm_attr_filter Module: Instantiating attr_filter.accounting_response attr_filter attr_filter.accounting_response { attrsfile = /etc/raddb//attrs.accounting_response key = %{User-Name} } Module: Checking session {...} for more modules to load Module: Checking post-proxy {...} for more modules to load Module: Checking post-auth {...} for more modules to load Module: Instantiating attr_filter.access_reject attr_filter attr_filter.access_reject { attrsfile = /etc/raddb//attrs.access_reject key = %{User-Name} } } } radiusd: Opening IP addresses and Ports listen { type = auth ipaddr = * port = 0 } listen { type = acct ipaddr = * port = 0 } main { snmp = no smux_password = snmp_write_access = no } Listening on authentication address * port 45632 Listening on accounting address * port 36936 Ready to process requests. I don't really understand why it does that. I checked if there wasn't any other program that would have listened on 1812 before radius. Do you have an idea ? Thanks in advance, Hoggins! - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Listen port problem
Thanks, I'm already rebuilding from source, see what I can get. Specifying the ports in the radiusd.conf doesn't solve the problem. Very weird. Alan DeKok a écrit : Hoggins! wrote: I have a strange problem since I updated my freeradius from 1.x to 2.x, from a simple rpm update. It binds to random ports ! Weird. Either re-build yourself from source, or just specify the ports in radiusd.conf. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: FreeRADIUS 2 not listening on right port
Hi, Exact same problem here... Really thinking about reverting to v1.x Casartello, Thomas a écrit : I tried hardcoding them in the listen section. Same result. Thomas E. Casartello, Jr. Infrastructure Technician Linux Specialist Department of Information Technology Westfield State College Wilson 105-A (413) 572-8245 E-Mail: [EMAIL PROTECTED] Red Hat Certified Technician (RHCT) -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] .org] On Behalf Of Alan DeKok Sent: Thursday, May 15, 2008 2:16 PM To: FreeRadius users mailing list Subject: Re: FreeRADIUS 2 not listening on right port Casartello, Thomas wrote: Compiling from source did NOT solve the problem. It looks like Fedora is broken. The server code does this: if (port == 0) { call system function to look up radius port in /etc/services if (found ) { port = port found in /etc/services } else { port = 1812 } } The only way I can see it choosing random ports is if the lookup in /etc/services returns found, with a random port. I suggest hard-coding the port numbers (1812/1813) into the listen sections. Maybe also see if 'radius and radacct are defined in /etc/services. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: FreeRADIUS 2 not listening on right port
I'm running FC9, by the way... maybe that explains this sudden amount of same problems, since the FC9 release was on tuesday. Casartello, Thomas a écrit : I tried hardcoding them in the listen section. Same result. Thomas E. Casartello, Jr. Infrastructure Technician Linux Specialist Department of Information Technology Westfield State College Wilson 105-A (413) 572-8245 E-Mail: [EMAIL PROTECTED] Red Hat Certified Technician (RHCT) -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] .org] On Behalf Of Alan DeKok Sent: Thursday, May 15, 2008 2:16 PM To: FreeRadius users mailing list Subject: Re: FreeRADIUS 2 not listening on right port Casartello, Thomas wrote: Compiling from source did NOT solve the problem. It looks like Fedora is broken. The server code does this: if (port == 0) { call system function to look up radius port in /etc/services if (found ) { port = port found in /etc/services } else { port = 1812 } } The only way I can see it choosing random ports is if the lookup in /etc/services returns found, with a random port. I suggest hard-coding the port numbers (1812/1813) into the listen sections. Maybe also see if 'radius and radacct are defined in /etc/services. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: FreeRADIUS 2 not listening on right port
Shouldn't the maintainer of the specific FC9 freeradius package be aware of this critical issue ? I guess a newer release is for very soon. Casartello, Thomas a écrit : Fedora 9 did do a pretty big gcc version jump. Fedora 8 used 4.1.2, while 9 uses 4.3.0. BTW I tested it in Fedora 8 and it worked fine, so it's definitely a 9 issue. Thomas E. Casartello, Jr. Infrastructure Technician Linux Specialist Department of Information Technology Westfield State College Wilson 105-A (413) 572-8245 E-Mail: [EMAIL PROTECTED] Red Hat Certified Technician (RHCT) -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] .org] On Behalf Of Alan DeKok Sent: Thursday, May 15, 2008 4:22 PM To: FreeRadius users mailing list Subject: Re: FreeRADIUS 2 not listening on right port Hoggins! wrote: I'm running FC9, by the way... maybe that explains this sudden amount of same problems, since the FC9 release was on tuesday. Maybe someone running FC9 could try debugging the problem. I haven't run a redhat-based system for *years*. Since this works on every other system on the planet, it sounds *very* much like an issue in FC9. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html