bypassing tls certificates
Hi, [EMAIL PROTECTED] wrote: Oh, by the way, may be this is a little off-topic but can I authenticate windows xp users through peap without using a certificate? you COULD decide not to trust or check any certificate. nasty though. Radius says peap needs tls for windows xp authentication. And tls requires valid certificates. But how can I bypass certificate checking? or can I just configure it without certificates? Radius rejects my authentication requests and I guess it is because of certificates. Is it possible? Thanks. Onur. - Finding fabulous fares is fun. Let Yahoo! FareChase search your favorite travel sites to find flight and hotel bargains.- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Radius says client is unknown.
Hello,
I have configured freeRadius server and a Cisco AP350. When I run the server in
debug mode, it prints 'unknown client', although the client is explicitely
defined in clients.conf.
Output is:
rad_recv: Access-Request packet from host 10.2.8.150:1058, id=31, length=143
Ignoring request from unknown client 10.2.8.150:1058
--- Walking the entire request list ---
Nothing to do. Sleeping until we see a request.
clients.conf entity is:
client 10.2.8.150 {
secret = testing123
shortname = tnl2-network
}
Any idea on what's wrong?
Regards,
Onur.
-
Cheap Talk? Check out Yahoo! Messenger's low PC-to-Phone call rates.-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Radius says client is unknown.
Yes, I restarted it several times. 10.2.8.150 is the AP's address. I guess
there is nothing wrong with the AP.
Just a moment ago, I noticed that I can't start radiusd daemon with 'service
radiusd start' command. It gives the following error:
[EMAIL PROTECTED] raddb]# service radiusd start
Starting RADIUS server: Tue Feb 27 21:44:38 2007 : Info: Starting - reading
configuration files ...
6490:error:0906D06C:PEM routines:PEM_read_bio:no start
line:pem_lib.c:632:Expecting: CERTIFICATE
6490:error:0906D06C:PEM routines:PEM_read_bio:no start
line:pem_lib.c:632:Expecting: CERTIFICATE
6490:error:140AD009:SSL routines:SSL_CTX_use_certificate_file:PEM
lib:ssl_rsa.c:534:
[FAILED]
But I can start it with 'radiusd -X'
Can the prooblem be related to that? By the way, I have signed a new
certificate to be used in radius. But it seems okay.
Thanks for any help,
Onur.
[EMAIL PROTECTED] wrote: Hi,
Hello,
I have configured freeRadius server and a Cisco AP350. When I run the server
in debug mode, it prints 'unknown client', although the client is explicitely
defined in clients.conf.
Output is:
rad_recv: Access-Request packet from host 10.2.8.150:1058, id=31, length=143
Ignoring request from unknown client 10.2.8.150:1058
--- Walking the entire request list ---
Nothing to do. Sleeping until we see a request.
clients.conf entity is:
client 10.2.8.150 {
secret = testing123
shortname = tnl2-network
}
Any idea on what's wrong?
have you restarted FreeRADIUS after adding it to clients.conf?
alan
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
-
Food fight? Enjoy some healthy debate
in the Yahoo! Answers Food Drink QA.-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Radius says client is unknown.
I used CA.all script to create certificates and ran it as root. I also run radiusd as root. What do the error codes mean? (6490:error) Oh, by the way, may be this is a little off-topic but can I authenticate windows xp users through peap without using a certificate? Regards, Onur. Kevin Bonner [EMAIL PROTECTED] wrote: On Tuesday 27 February 2007 14:47, M. Onur ERGiN wrote: Just a moment ago, I noticed that I can't start radiusd daemon with 'service radiusd start' command. It gives the following error: [EMAIL PROTECTED] raddb]# service radiusd start Starting RADIUS server: Tue Feb 27 21:44:38 2007 : Info: Starting - reading configuration files ... 6490:error:0906D06C:PEM routines:PEM_read_bio:no start line:pem_lib.c:632:Expecting: CERTIFICATE 6490:error:0906D06C:PEM routines:PEM_read_bio:no start line:pem_lib.c:632:Expecting: CERTIFICATE 6490:error:140AD009:SSL routines:SSL_CTX_use_certificate_file:PEM lib:ssl_rsa.c:534: [FAILED] But I can start it with 'radiusd -X' Can the prooblem be related to that? By the way, I have signed a new certificate to be used in radius. But it seems okay. Thanks for any help, Onur. Sounds like a permissions issue to me. Check the user/group that is configured in radiusd.conf, then verify that the user can read the certificates and config files. Kevin Bonner - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - TV dinner still cooling? Check out Tonight's Picks on Yahoo! TV.- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: Radius says client is unknown.
:) thank you. how confusing it is: I have both radiusd.conf under /etc/raddb
and under /usr/local/etc/raddb .. The correct one is that under /usr/ I
don't know why but when I type something wrong into the one under /etc/raddb;
radiusd still returns error. May be I must remove everything and reinstall
freeradius from the beginning.
Then let me ask one more question;
Now I can send my user/password over my AP. but I receive access-reject and it
says:
rad_check_password: Found Auth-Type Local
auth: type Local
auth: No User-Password or CHAP-Password attribute in the request
auth: Failed to validate the user.
Delaying request 0 for 1 seconds
Finished request 0
Can it be my certificate again? I edited eap.conf so that it includes
default_eap_type = peap
peap {
default_eap_type = mschapv2
}
and I uncommented the default certificate lines under tls{..}
Best regards,
Onur.
King, Michael [EMAIL PROTECTED] wrote: Simple question
Is the config file your ediiting the one that Freeradius is using?
(I've done this before)
Us the locate radiusd.conf and see all the instances.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
-
Looking for earth-friendly autos?
Browse Top Cars by Green Rating at Yahoo! Autos' Green Center. -
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Newbie question
Hello, I am pretty new to radius.. I have installed the latest version on Fedora Core 5. I configured my AP. But now, I can't figure out how will the wireless clients authenticate. How will they enter their username/passwords? Thanks, Onur. - Looking for earth-friendly autos? Browse Top Cars by Green Rating at Yahoo! Autos' Green Center. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Newbie question
When I run radiusd, it says it is running properly, but I check with netstat -n and I don't see anything listenning on port 1812. The port setting in the configuration file is '0' (which is I think 1812 by default). Is this normal? I don't think my ap can access to radius server.. Regards, Onur. Phil Mayers [EMAIL PROTECTED] wrote: M. Onur ERGiN wrote: Hello, I am pretty new to radius.. I have installed the latest version on Fedora Core 5. I configured my AP. But now, I can't figure out how will the wireless clients authenticate. How will they enter their username/passwords? This is not a radius question. Wireless clients running 802.1x will have some software (known as a supplicant) built in, which prompts for the username/password and execute the EAP traffic exchange to the AP (which is forwarded to the radius server by the AP) I suggest you do some reading on 802.1x on wireless. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - Don't get soaked. Take a quick peak at the forecast with theYahoo! Search weather shortcut.- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
