bypassing tls certificates
Hi, [EMAIL PROTECTED] wrote: Oh, by the way, may be this is a little off-topic but can I authenticate windows xp users through peap without using a certificate? you COULD decide not to trust or check any certificate. nasty though. Radius says peap needs tls for windows xp authentication. And tls requires valid certificates. But how can I bypass certificate checking? or can I just configure it without certificates? Radius rejects my authentication requests and I guess it is because of certificates. Is it possible? Thanks. Onur. - Finding fabulous fares is fun. Let Yahoo! FareChase search your favorite travel sites to find flight and hotel bargains.- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Radius says client is unknown.
Hello, I have configured freeRadius server and a Cisco AP350. When I run the server in debug mode, it prints 'unknown client', although the client is explicitely defined in clients.conf. Output is: rad_recv: Access-Request packet from host 10.2.8.150:1058, id=31, length=143 Ignoring request from unknown client 10.2.8.150:1058 --- Walking the entire request list --- Nothing to do. Sleeping until we see a request. clients.conf entity is: client 10.2.8.150 { secret = testing123 shortname = tnl2-network } Any idea on what's wrong? Regards, Onur. - Cheap Talk? Check out Yahoo! Messenger's low PC-to-Phone call rates.- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Radius says client is unknown.
Yes, I restarted it several times. 10.2.8.150 is the AP's address. I guess there is nothing wrong with the AP. Just a moment ago, I noticed that I can't start radiusd daemon with 'service radiusd start' command. It gives the following error: [EMAIL PROTECTED] raddb]# service radiusd start Starting RADIUS server: Tue Feb 27 21:44:38 2007 : Info: Starting - reading configuration files ... 6490:error:0906D06C:PEM routines:PEM_read_bio:no start line:pem_lib.c:632:Expecting: CERTIFICATE 6490:error:0906D06C:PEM routines:PEM_read_bio:no start line:pem_lib.c:632:Expecting: CERTIFICATE 6490:error:140AD009:SSL routines:SSL_CTX_use_certificate_file:PEM lib:ssl_rsa.c:534: [FAILED] But I can start it with 'radiusd -X' Can the prooblem be related to that? By the way, I have signed a new certificate to be used in radius. But it seems okay. Thanks for any help, Onur. [EMAIL PROTECTED] wrote: Hi, Hello, I have configured freeRadius server and a Cisco AP350. When I run the server in debug mode, it prints 'unknown client', although the client is explicitely defined in clients.conf. Output is: rad_recv: Access-Request packet from host 10.2.8.150:1058, id=31, length=143 Ignoring request from unknown client 10.2.8.150:1058 --- Walking the entire request list --- Nothing to do. Sleeping until we see a request. clients.conf entity is: client 10.2.8.150 { secret = testing123 shortname = tnl2-network } Any idea on what's wrong? have you restarted FreeRADIUS after adding it to clients.conf? alan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - Food fight? Enjoy some healthy debate in the Yahoo! Answers Food Drink QA.- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Radius says client is unknown.
I used CA.all script to create certificates and ran it as root. I also run radiusd as root. What do the error codes mean? (6490:error) Oh, by the way, may be this is a little off-topic but can I authenticate windows xp users through peap without using a certificate? Regards, Onur. Kevin Bonner [EMAIL PROTECTED] wrote: On Tuesday 27 February 2007 14:47, M. Onur ERGiN wrote: Just a moment ago, I noticed that I can't start radiusd daemon with 'service radiusd start' command. It gives the following error: [EMAIL PROTECTED] raddb]# service radiusd start Starting RADIUS server: Tue Feb 27 21:44:38 2007 : Info: Starting - reading configuration files ... 6490:error:0906D06C:PEM routines:PEM_read_bio:no start line:pem_lib.c:632:Expecting: CERTIFICATE 6490:error:0906D06C:PEM routines:PEM_read_bio:no start line:pem_lib.c:632:Expecting: CERTIFICATE 6490:error:140AD009:SSL routines:SSL_CTX_use_certificate_file:PEM lib:ssl_rsa.c:534: [FAILED] But I can start it with 'radiusd -X' Can the prooblem be related to that? By the way, I have signed a new certificate to be used in radius. But it seems okay. Thanks for any help, Onur. Sounds like a permissions issue to me. Check the user/group that is configured in radiusd.conf, then verify that the user can read the certificates and config files. Kevin Bonner - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - TV dinner still cooling? Check out Tonight's Picks on Yahoo! TV.- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: Radius says client is unknown.
:) thank you. how confusing it is: I have both radiusd.conf under /etc/raddb and under /usr/local/etc/raddb .. The correct one is that under /usr/ I don't know why but when I type something wrong into the one under /etc/raddb; radiusd still returns error. May be I must remove everything and reinstall freeradius from the beginning. Then let me ask one more question; Now I can send my user/password over my AP. but I receive access-reject and it says: rad_check_password: Found Auth-Type Local auth: type Local auth: No User-Password or CHAP-Password attribute in the request auth: Failed to validate the user. Delaying request 0 for 1 seconds Finished request 0 Can it be my certificate again? I edited eap.conf so that it includes default_eap_type = peap peap { default_eap_type = mschapv2 } and I uncommented the default certificate lines under tls{..} Best regards, Onur. King, Michael [EMAIL PROTECTED] wrote: Simple question Is the config file your ediiting the one that Freeradius is using? (I've done this before) Us the locate radiusd.conf and see all the instances. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - Looking for earth-friendly autos? Browse Top Cars by Green Rating at Yahoo! Autos' Green Center. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Newbie question
Hello, I am pretty new to radius.. I have installed the latest version on Fedora Core 5. I configured my AP. But now, I can't figure out how will the wireless clients authenticate. How will they enter their username/passwords? Thanks, Onur. - Looking for earth-friendly autos? Browse Top Cars by Green Rating at Yahoo! Autos' Green Center. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Newbie question
When I run radiusd, it says it is running properly, but I check with netstat -n and I don't see anything listenning on port 1812. The port setting in the configuration file is '0' (which is I think 1812 by default). Is this normal? I don't think my ap can access to radius server.. Regards, Onur. Phil Mayers [EMAIL PROTECTED] wrote: M. Onur ERGiN wrote: Hello, I am pretty new to radius.. I have installed the latest version on Fedora Core 5. I configured my AP. But now, I can't figure out how will the wireless clients authenticate. How will they enter their username/passwords? This is not a radius question. Wireless clients running 802.1x will have some software (known as a supplicant) built in, which prompts for the username/password and execute the EAP traffic exchange to the AP (which is forwarded to the radius server by the AP) I suggest you do some reading on 802.1x on wireless. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - Don't get soaked. Take a quick peak at the forecast with theYahoo! Search weather shortcut.- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html