Re: FreeRadius/PEAP

2005-10-13 Thread Yuri Francalacci 
I have everything working with the users file.
Josh, do you think if I have sambaNTpassword attribute in my ldap (I use ldap for authenticating users) with the ntlm credential it could work?
Yuri
On 10/13/05, Josh Howlett [EMAIL PROTECTED] wrote:
James,MSChapv2 needs plaintext or NTLM credentials. You won't be able to dowhat you're trying. It works with users file because you specify the
plaintext.josh.James Taylor wrote: Hi, I am trying to secure my wireless connections using PEAP-TLS MSChapv2 to authenticate users against my Linux /etc/shadow; /etc/password/; and
 /etc/group files.I would like to use PAM but UNIX will work too.I do not want to use the USERS file as it stores passwords in clear text and that is what we are trying to avoid.
 All my tests conclude that this functionality will not work.I am able to Auth just fine using the USERS file with a username and password. Any info or direction would be greatly appreciated.
 Thank you James  - List info/subscribe/unsubscribe? See 
http://www.freeradius.org/list/users.html-List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
-- Yuri Francalacci[EMAIL PROTECTED] 
- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Value of Calling-station-id on ethernet

2005-10-11 Thread Yuri Francalacci 
Normally is the ip address.
Yuri
Jonathan De Graeve wrote:

Is this value the mac or the ip address on Ethernet networks.

I need to know since I'm programming a radiusclient.

J.

--
Jonathan De Graeve
Network/System Administrator
Imelda vzw
Informatica Dienst
015/50.52.98
[EMAIL PROTECTED]



- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

  


- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

freeradius + peap + ldap

2005-10-10 Thread Yuri Francalacci 
Hi,
I have this environment: WinXP PEAP wireless client + linksys AP +
freeradius 1.0.5 + openldap (with kerberos password) and I would like
to setup the 802.1x peap authentication. Everything works well if I use
users file for authenticating wireless client, but if I use ldap users,
clients are not authenticated. My password attribute is UserPassword 
The error is (I suppose) here:
--modcall: entering group authenticate for request 6
 rlm_eap: Request found, released from the list
 rlm_eap: EAP/mschapv2
 rlm_eap: processing type mschapv2
 Processing the authenticate section of radiusd.conf
modcall: entering group Auth-Type for request 6
 rlm_mschap: Told to do MS-CHAPv2 for yuri with NT-Password
 rlm_mschap: FAILED: MS-CHAP2-Response is incorrect
 modcall[authenticate]: module mschap returns reject for request 6
modcall: group Auth-Type returns reject for request 6
--

Does anyone has a working configuration that looks like (more or less) mine?

--- radiusd.conf --  mschap section
mschap {
  authtype = MS-CHAP
  use_mppe = no
#  require_encryption = yes
#  require_strong = yes
  with_ntdomain_hack = no
}

Thanks, Yuri



- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: 802.1x client question

2005-10-10 Thread Yuri Francalacci 

On 10/10/05, Michael Schwartzkopff [EMAIL PROTECTED] wrote:
Am Montag, 10. Oktober 2005 22:08 schrieb Adam KOSA: Hi All, this question may be off-topic, but the windows list i was asking could
 not help. i set up a 802.1x wired authentication in an ethernet network, with all of the following: eap-tls, eap-md5, eap-peap, with freeradius. everything is working great except one thing: 2k and xp is not able to
 cache the authentication info.with the certificate, the most i could achieve that when logging on, the auth is automatic.but no network until i log on. this is not a radius problem, since the radius and the authentication
 process is working great.the reason i'm writing is maybe some of you have solved this problem and could help me please.how am i supposed to configure the client to remember the password?I'm open to any
 solution, even to forget eap-* and use something less secure. thanks AdamForget M$. Windooze is not able to do authentication BEFORE logon. Only afterlogon the possibilty to authenticate to the network exists. So much to the
logic of M$.Use some 3rd party tool. I had good experience with Meetinghouse 801.1xclient.-List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Alan,
maybethis behaviour is normal becauseyou want to use a user authentication (you should provide you username and you pwd). However, somewhere in the network card configuration there is a flag that looks like use computer name to authenticate that should be used when no username/pwd pairs are available.

I hope this could help you.
I'm trying to setup this environment (more or less) too, but I have found some problems in mschap module attempting to authenticate a wireless client using PEAP. Could you tell me something about the configuration you use?

Thanks,
Yuri
- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html