PEAP Authentication Failing with JetDirect 680n

2004-11-18 Thread Hugo Chasqueira 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1



I have freeradius configured to do PEAP and EAP-TTLS, searching the user data
in LDAP. All is working well, except one device, a wireless network printer
that refuses to authenticate. The freeradius debug output is attached.

Does anyone have any idea? I'm stumped by the 'Got something weird' message...


- --

Hugo Chasqueira

Public Key:
http://www.fcee.ucp.pt/docentes/url/hbc/pubkey.txt



-BEGIN PGP SIGNATURE-
Version: GnuPG v1.2.4 (GNU/Linux)

iD8DBQFBnO09jFeRi4vRS4IRAtaDAJ4kfGMZrCDOWNTXuHkGUpLnZQNBlACfbFB2
r+nciB8Am4fdzvfAtzZ9uIs=
=ZRlH
-END PGP SIGNATURE-
rad_recv: Access-Request packet from host 172.17.0.2:21656, id=202, length=131
User-Name = "impressoras"
Framed-MTU = 1400
Called-Station-Id = "000e.83df.54e0"
Calling-Station-Id = "000e.7f3a.bf7b"
Message-Authenticator = 0x22593e6002c7c256b8041ed4ff07b523
EAP-Message = 0x0202001001696d70726573736f726173
NAS-Port-Type = Wireless-802.11
NAS-Port = 370
Service-Type = Framed-User
NAS-IP-Address = 172.17.0.2
  Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 150
  modcall[authorize]: module "preprocess" returns ok for request 150
  modcall[authorize]: module "chap" returns noop for request 150
  modcall[authorize]: module "mschap" returns noop for request 150
rlm_realm: No '@' in User-Name = "impressoras", looking up realm NULL
rlm_realm: Found realm "NULL"
rlm_realm: Adding Stripped-User-Name = "impressoras"
rlm_realm: Proxying request from user impressoras to realm NULL
rlm_realm: Adding Realm = "NULL"
rlm_realm: Authentication realm is LOCAL.
  modcall[authorize]: module "suffix" returns noop for request 150
rlm_realm: Request already proxied.  Ignoring.
  modcall[authorize]: module "ntdomain" returns noop for request 150
  rlm_eap: EAP packet type response id 2 length 16
  rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
  modcall[authorize]: module "eap" returns updated for request 150
rlm_ldap: - authorize
rlm_ldap: performing user authorization for impressoras
radius_xlat:  '(uid=impressoras)'
radius_xlat:  'dc=ucp,dc=pt'
rlm_ldap: ldap_get_conn: Checking Id: 0
rlm_ldap: ldap_get_conn: Got Id: 0
rlm_ldap: performing search in dc=ucp,dc=pt, with filter (uid=impressoras)
rlm_ldap: looking for check items in directory...
rlm_ldap: Adding acctFlags as SMB-Account-CTRL-TEXT, value [UX & op=21
rlm_ldap: Adding ntPassword as NT-Password, value 
BB4C23CC9852DA1DDF3A750EE4A1B2D6 & op=21
rlm_ldap: Adding lmPassword as LM-Password, value 
210AB2216E60A5FC985E1393CED001C9 & op=21
rlm_ldap: looking for reply items in directory...
rlm_ldap: user impressoras authorized to use remote access
rlm_ldap: ldap_release_conn: Release Id: 0
  modcall[authorize]: module "ldap" returns ok for request 150
modcall: group authorize returns updated for request 150
  rad_check_password:  Found Auth-Type EAP
auth: type "EAP"
  Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 150
  rlm_eap: EAP Identity
  rlm_eap: processing type tls
  rlm_eap_tls: Initiate
  rlm_eap_tls: Start returned 1
  modcall[authenticate]: module "eap" returns handled for request 150
modcall: group authenticate returns handled for request 150
Sending Access-Challenge of id 202 to 172.17.0.2:21656
EAP-Message = 0x010300061920
Message-Authenticator = 0x
State = 0xd7f17d64474b7ef6783758e8fa710f28
Finished request 150
Going to the next request
--- Walking the entire request list ---
Waking up in 6 seconds...
rad_recv: Access-Request packet from host 172.17.0.2:21656, id=203, length=199
User-Name = "impressoras"
Framed-MTU = 1400
Called-Station-Id = "000e.83df.54e0"
Calling-Station-Id = "000e.7f3a.bf7b"
Message-Authenticator = 0x0b4dc6f72fc4fe910e1c8ce3323d7713
EAP-Message = 
0x02030042198000381603010033012f03010567fbaa172dd22a046dd101f70daeefd92afcd35a35f58cbecc6cda879508000a0005000400090100
NAS-Port-Type = Wireless-802.11
NAS-Port = 370
State = 0xd7f17d64474b7ef6783758e8fa710f28
Service-Type = Framed-User
NAS-IP-Address = 172.17.0.2
  Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 151
  modcall[authorize]: module "preprocess" returns ok for request 151
  modcall[authorize]: module "chap" returns noop for request 151
  modcall[authorize]: module "mschap" returns noop for request 151
rlm_realm: No '@' in User-Name = "impressor

Re: LDAP (continued...)

2004-09-10 Thread Hugo Chasqueira 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1


OlÃ

On Thursday 09 September 2004 19:06, Hugo Sousa wrote:
> My Windows 2000 domain is "office.netsystems.pt". The user I'm using is
> administrator.
>
> Is this wrong?
>
>
> Â Â Â ldap {
> Â Â Â Â Â Â Â Â server = "192.168.2.1"
> Â Â Â Â Â Â Â Â identity = "cn=administrator,dc=office,dc=netsystems,dc=pt"
> Â Â Â Â Â Â Â Â password = "password"
> Â Â Â Â Â Â Â Â basedn = "dc=office,dc=netsystems,dc=PT"
> Â Â Â Â Â Â Â Â filter = "(uid=%{Stripped-User-Name:-%{User-Name}})"
> Â Â Â Â Â Â Â Â # base_filter = "(objectclass=radiusprofile)"
> (â)
> }

Try "cn=administrator,cn=users,dc=office,dc=netsystems,dc=pt" as the
administrator DN (identity).


- --

Hugo Chasqueira

Public Key:
http://search.keyserver.net:11371/pks/lookup?op=get&search=0x8BD14B82


-BEGIN PGP SIGNATURE-
Version: GnuPG v1.2.4 (GNU/Linux)

iD8DBQFBQXVOjFeRi4vRS4IRAv6XAKCXemyYxEHFAyQOtq8eDASJNZEZeACfRInJ
eLbIsU7F/JZjlE4233PoWUg=
=AJIa
-END PGP SIGNATURE-

Freeradius capabilities

2004-06-02 Thread Hugo Chasqueira 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1


(Please ignore any duplicates of this message)

Hi,

Someone is confronting me to choose between freeradius and another radius
server.

They claim the other radius server works better than freeradius. Their claims
are the following:

* Freeradius doesn't allow using Microsoft Active Directory as a source of
user data.
* Freeradius doesn't support PEAP (used by Windows XP SP1).
* Freeradius doesn't support EAP/TTLS (with PAP) using Alfa Ariss Windows
Supplicant.

I don't think these claims are correct, i've stopped experimenting with
freeradius since version 0.9.3.

Can anyone tell me if any of this claims are true?


- --

Hugo Chasqueira

Public Key:
http://search.keyserver.net:11371/pks/lookup?op=get&search=0x8BD14B82


-BEGIN PGP SIGNATURE-
Version: GnuPG v1.2.4 (GNU/Linux)

iD8DBQFAveRmjFeRi4vRS4IRAgQCAKCU37FhdrQu7YUTwqBsiSFAalXj3gCeOSrT
7GDCWMs1SvwJCpBUxvc/n7s=
=OkUx
-END PGP SIGNATURE-

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html