Re: FreeRadius/PEAP
I have everything working with the users file. Josh, do you think if I have sambaNTpassword attribute in my ldap (I use ldap for authenticating users) with the ntlm credential it could work? Yuri On 10/13/05, Josh Howlett [EMAIL PROTECTED] wrote: James,MSChapv2 needs plaintext or NTLM credentials. You won't be able to dowhat you're trying. It works with users file because you specify the plaintext.josh.James Taylor wrote: Hi, I am trying to secure my wireless connections using PEAP-TLS MSChapv2 to authenticate users against my Linux /etc/shadow; /etc/password/; and /etc/group files.I would like to use PAM but UNIX will work too.I do not want to use the USERS file as it stores passwords in clear text and that is what we are trying to avoid. All my tests conclude that this functionality will not work.I am able to Auth just fine using the USERS file with a username and password. Any info or direction would be greatly appreciated. Thank you James - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html-List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- Yuri Francalacci[EMAIL PROTECTED] - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Value of Calling-station-id on ethernet
Normally is the ip address. Yuri Jonathan De Graeve wrote: Is this value the mac or the ip address on Ethernet networks. I need to know since I'm programming a radiusclient. J. -- Jonathan De Graeve Network/System Administrator Imelda vzw Informatica Dienst 015/50.52.98 [EMAIL PROTECTED] - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
freeradius + peap + ldap
Hi, I have this environment: WinXP PEAP wireless client + linksys AP + freeradius 1.0.5 + openldap (with kerberos password) and I would like to setup the 802.1x peap authentication. Everything works well if I use users file for authenticating wireless client, but if I use ldap users, clients are not authenticated. My password attribute is UserPassword The error is (I suppose) here: --modcall: entering group authenticate for request 6 rlm_eap: Request found, released from the list rlm_eap: EAP/mschapv2 rlm_eap: processing type mschapv2 Processing the authenticate section of radiusd.conf modcall: entering group Auth-Type for request 6 rlm_mschap: Told to do MS-CHAPv2 for yuri with NT-Password rlm_mschap: FAILED: MS-CHAP2-Response is incorrect modcall[authenticate]: module mschap returns reject for request 6 modcall: group Auth-Type returns reject for request 6 -- Does anyone has a working configuration that looks like (more or less) mine? --- radiusd.conf -- mschap section mschap { authtype = MS-CHAP use_mppe = no # require_encryption = yes # require_strong = yes with_ntdomain_hack = no } Thanks, Yuri - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: 802.1x client question
On 10/10/05, Michael Schwartzkopff [EMAIL PROTECTED] wrote: Am Montag, 10. Oktober 2005 22:08 schrieb Adam KOSA: Hi All, this question may be off-topic, but the windows list i was asking could not help. i set up a 802.1x wired authentication in an ethernet network, with all of the following: eap-tls, eap-md5, eap-peap, with freeradius. everything is working great except one thing: 2k and xp is not able to cache the authentication info.with the certificate, the most i could achieve that when logging on, the auth is automatic.but no network until i log on. this is not a radius problem, since the radius and the authentication process is working great.the reason i'm writing is maybe some of you have solved this problem and could help me please.how am i supposed to configure the client to remember the password?I'm open to any solution, even to forget eap-* and use something less secure. thanks AdamForget M$. Windooze is not able to do authentication BEFORE logon. Only afterlogon the possibilty to authenticate to the network exists. So much to the logic of M$.Use some 3rd party tool. I had good experience with Meetinghouse 801.1xclient.-List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html Alan, maybethis behaviour is normal becauseyou want to use a user authentication (you should provide you username and you pwd). However, somewhere in the network card configuration there is a flag that looks like use computer name to authenticate that should be used when no username/pwd pairs are available. I hope this could help you. I'm trying to setup this environment (more or less) too, but I have found some problems in mschap module attempting to authenticate a wireless client using PEAP. Could you tell me something about the configuration you use? Thanks, Yuri - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html