Re: freeradius 2.1.6 ldap + mschapv2 to authenticate
Christopher Sheldon wrote: Does anyone else who subscribes to the list specifically read every email Alan sends just to chuckle at him berating the poor, confused people seeking help? My unhelpful comments are directed at the people who don't read (a) the documentation I already wrote, or (b) the debugging messages I already wrote. Perhaps you could take over the role of cut paste master, where you would cut and paste the existing documentation onto this list for certain people. Failing that, perhaps you could try another method of positive contribution that doesn't involve complaining about me. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: freeradius 2.1.6 ldap + mschapv2 to authenticate
daverum...@boothcreek.com wrote: So funny you say that, I was just talking about that with a co worker. I almost find myself searching for his emails and thinking that poor person who is looking for help. Asking people to read the debug log, as suggested in the FAQ, README, INSTALL, man page, every single howto, and daily on this list? For shame. It's really quite simple. It's a choice. People DON'T read the documentation. They DON'T follow instructions. They DON'T read the debug log. But they get incensed when they get told to read it, and they get incensed when told to follow instructions. Happily, there is a solution. Along with Christopher, you're now the new cut paste master. Please spend a few short hours every day answering questions on this list by cutting pasting answers from the existing documentation. Also, you will need to explain to people that they should run the server in debugging mode. Feel free to *continue* explaining why this is necessary after they have gotten angry at you for not immediately solving their problem. Complaining about *my* behavior is not an option until you've contributed something to the project. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: freeradius 2.1.6 ldap + mschapv2 to authenticate
Alan often replies immediately with useful information, often for questions which are constantly repeated. I'm personally impressed with his tireless dedication, not only in being one of the primary help desk roles but also in developing the software, both of which you're getting for *free*. I think Alan (and some others) deserve a note of thanks from this community. Folks, get real, this is open source. That means it's a community of volunteers. In open source if you think something is deficient your job is to step up to the plate and contribute for the betterment of everyone. But if instead you feel you need to complain and not contribute then please walk away. John - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: freeradius 2.1.6 ldap + mschapv2 to authenticate
-Original Message- From: freeradius-users- bounces+jmdanner=samford@lists.freeradius.org [mailto:freeradius- users-bounces+jmdanner=samford@lists.freeradius.org] On Behalf Of John Dennis Sent: Thursday, June 25, 2009 8:54 AM To: FreeRadius users mailing list Subject: Re: freeradius 2.1.6 ldap + mschapv2 to authenticate Alan often replies immediately with useful information, often for questions which are constantly repeated. I'm personally impressed with his tireless dedication, not only in being one of the primary help desk roles but also in developing the software, both of which you're getting for *free*. I think Alan (and some others) deserve a note of thanks from this community. Folks, get real, this is open source. That means it's a community of volunteers. In open source if you think something is deficient your job is to step up to the plate and contribute for the betterment of everyone. But if instead you feel you need to complain and not contribute then please walk away. John - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html I agree wholeheartedly. The documentation is more than adequate. Surprising how much you'll learn by reading it. If you'd prefer Alan spend time answering already answered questions rather than refining/developing freeradius Mearl - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: freeradius 2.1.6 ldap + mschapv2 to authenticate
jpablorp wrote: I replace eap.conf with the Default eap.conf file and this is my debug: Where you have *deleted* the real cause of the error. [peap] Had sent TLV failure. User was rejected earlier in this session. Look EARLIER in the debug log for the failure. It's really not hard. Look for words like reject, or fail, or error. The messages will tell you what is wrong, and why. All you need to do is read them. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: freeradius 2.1.6 ldap + mschapv2 to authenticate
Thanks for your help. I'm pretty new on freeradius. I've been read many how's to, but only in this post I've discovered many things. Alan DeKok-2 wrote: jpablorp wrote: I replace eap.conf with the Default eap.conf file and this is my debug: Where you have *deleted* the real cause of the error. [peap] Had sent TLV failure. User was rejected earlier in this session. Look EARLIER in the debug log for the failure. It's really not hard. Look for words like reject, or fail, or error. The messages will tell you what is wrong, and why. All you need to do is read them. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- View this message in context: http://www.nabble.com/freeradius-2.1.6-ldap-%2B-mschapv2-to-authenticate-tp24167333p24187153.html Sent from the FreeRadius - User mailing list archive at Nabble.com. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: freeradius 2.1.6 ldap + mschapv2 to authenticate
Does anyone else who subscribes to the list specifically read every email Alan sends just to chuckle at him berating the poor, confused people seeking help? It's like reality TV. ;-) Chris. Alan DeKok wrote: jpablorp wrote: I replace eap.conf with the Default eap.conf file and this is my debug: Where you have *deleted* the real cause of the error. [peap] Had sent TLV failure. User was rejected earlier in this session. Look EARLIER in the debug log for the failure. It's really not hard. Look for words like reject, or fail, or error. The messages will tell you what is wrong, and why. All you need to do is read them. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: freeradius 2.1.6 ldap + mschapv2 to authenticate
Chris, So funny you say that, I was just talking about that with a co worker. I almost find myself searching for his emails and thinking that poor person who is looking for help. I hope to post a link giving exact details on how to do auth with ldap using freeradius 2. I also plan to add how to do group auth with unlang. So tired of finding bits and pieces and no one quite giving a how to do in this mailing list. --Original Message-- From: Christopher Sheldon Sender: freeradius-users-bounces+daverummel=boothcreek@lists.freeradius.org To: FreeRadius users mailing list ReplyTo: FreeRadius users mailing list Subject: Re: freeradius 2.1.6 ldap + mschapv2 to authenticate Sent: Jun 24, 2009 5:36 PM Does anyone else who subscribes to the list specifically read every email Alan sends just to chuckle at him berating the poor, confused people seeking help? It's like reality TV. ;-) Chris. Alan DeKok wrote: jpablorp wrote: I replace eap.conf with the Default eap.conf file and this is my debug: Where you have *deleted* the real cause of the error. [peap] Had sent TLV failure. User was rejected earlier in this session. Look EARLIER in the debug log for the failure. It's really not hard. Look for words like reject, or fail, or error. The messages will tell you what is wrong, and why. All you need to do is read them. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html Sent on the Now Network� from my Sprint® BlackBerry - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: freeradius 2.1.6 ldap + mschapv2 to authenticate
We should start collecting the Best of Alan posts. Any nominations? Tim -Original Message- From: freeradius-users- bounces+tim.sylvester=networkradius@lists.freeradius.org [mailto:freeradius-users- bounces+tim.sylvester=networkradius@lists.freeradius.org] On Behalf Of daverum...@boothcreek.com Sent: Wednesday, June 24, 2009 7:56 PM To: FreeRadius users mailing list Subject: Re: freeradius 2.1.6 ldap + mschapv2 to authenticate Chris, So funny you say that, I was just talking about that with a co worker. I almost find myself searching for his emails and thinking that poor person who is looking for help. I hope to post a link giving exact details on how to do auth with ldap using freeradius 2. I also plan to add how to do group auth with unlang. So tired of finding bits and pieces and no one quite giving a how to do in this mailing list. --Original Message-- From: Christopher Sheldon Sender: freeradius-users- bounces+daverummel=boothcreek@lists.freeradius.org To: FreeRadius users mailing list ReplyTo: FreeRadius users mailing list Subject: Re: freeradius 2.1.6 ldap + mschapv2 to authenticate Sent: Jun 24, 2009 5:36 PM Does anyone else who subscribes to the list specifically read every email Alan sends just to chuckle at him berating the poor, confused people seeking help? It's like reality TV. ;-) Chris. Alan DeKok wrote: jpablorp wrote: I replace eap.conf with the Default eap.conf file and this is my debug: Where you have *deleted* the real cause of the error. [peap] Had sent TLV failure. User was rejected earlier in this session. Look EARLIER in the debug log for the failure. It's really not hard. Look for words like reject, or fail, or error. The messages will tell you what is wrong, and why. All you need to do is read them. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html Sent on the Now Network from my Sprint® BlackBerry - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: freeradius 2.1.6 ldap + mschapv2 to authenticate
I've trying to setup a freeradius 2.1.6 with Ldap and mschapv2 to authenticate. when I send test from my console, this works fine. But when I try to connect. I don't know what I'm missing. here is my radiusd.conf: Why did you find it necessary to butcher default configuration? Use default radiusd.conf, configure ldap in modules (raddb/modules/ldap) and watch it work. Ivan Kalik Kalik Informatika ISP - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: freeradius 2.1.6 ldap + mschapv2 to authenticate
Thanks for your response.
Now I'm using the defaults files and configure the access in modules
(raddb/modules/ldap).
Now seems like the solution is closer,
When I test this appear in my server in debug mode:
[ldap] No default NMAS login sequence
[ldap] looking for check items in directory...
[ldap] looking for reply items in directory...
WARNING: No known good password was found in LDAP. Are you sure that the
user is configured correctly?
[ldap] user user authorized to use remote access
rlm_ldap: ldap_release_conn: Release Id: 0
++[ldap] returns ok
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP NAK
[eap] NAK asked for unsupported type 25
[eap] No common EAP types found.
[eap] Failed in EAP select
++[eap] returns invalid
Failed to authenticate the user.
Delaying reject of request 2 for 1 seconds
Going to the next request
Waking up in 0.9 seconds.
Sending delayed reject for request 2
Sending Access-Reject of id 189 to 10.14.56.33 port 32768
EAP-Message = 0x040c0004
Message-Authenticator = 0x
Waking up in 3.9 seconds.
Cleaning up request 1 ID 188 with timestamp +30
Waking up in 1.0 seconds.
Cleaning up request 2 ID 189 with timestamp +30
Ready to process requests.
I think is problem on mi eap.conf file but I'm no sure what exactly I have
to do.
Any idea?
Ivan Kalik wrote:
I've trying to setup a freeradius 2.1.6 with Ldap and mschapv2 to
authenticate.
when I send test from my console, this works fine.
But when I try to connect.
I don't know what I'm missing.
here is my radiusd.conf:
Why did you find it necessary to butcher default configuration? Use
default radiusd.conf, configure ldap in modules (raddb/modules/ldap) and
watch it work.
Ivan Kalik
Kalik Informatika ISP
-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
--
View this message in context:
http://www.nabble.com/freeradius-2.1.6-ldap-%2B-mschapv2-to-authenticate-tp24167333p24170971.html
Sent from the FreeRadius - User mailing list archive at Nabble.com.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: freeradius 2.1.6 ldap + mschapv2 to authenticate
Thanks for your response. Now I'm using the defaults files and configure the access in modules (raddb/modules/ldap). Now seems like the solution is closer, When I test this appear in my server in debug mode: ... [eap] EAP NAK [eap] NAK asked for unsupported type 25 [eap] No common EAP types found. Well, type 25 is PEAP, and that is defined in eap.conf by default. As are a few others. I think is problem on mi eap.conf file but I'm no sure what exactly I have to do. Any idea? Have you done some strange things to eap.conf or are you using the default one? Default configuration works. Ivan Kalik Kalik Informatika ISP - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: freeradius 2.1.6 ldap + mschapv2 to authenticate
Ivan Kalik wrote:
Have you done some strange things to eap.conf or are you using the default
one? Default configuration works.
I replace eap.conf with the Default eap.conf file
and this is my debug:
++[ldap] returns ok
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
[peap] eaptls_verify returned 7
[peap] Done initial handshake
[peap] eaptls_process returned 7
[peap] EAPTLS_OK
[peap] Session established. Decoding tunneled attributes.
[peap] Received EAP-TLV response.
[peap] Had sent TLV failure. User was rejected earlier in this session.
[eap] Handler failed in EAP/peap
[eap] Failed in EAP select
++[eap] returns invalid
Failed to authenticate the user.
Delaying reject of request 9 for 1 seconds
Going to the next request
Waking up in 0.9 seconds.
Sending delayed reject for request 9
Sending Access-Reject of id 198 to 10.14.56.33 port 32768
EAP-Message = 0x040d0004
Message-Authenticator = 0x
Waking up in 3.6 seconds.
Cleaning up request 1 ID 190 with timestamp +51
Cleaning up request 2 ID 191 with timestamp +51
Cleaning up request 3 ID 192 with timestamp +51
Cleaning up request 4 ID 193 with timestamp +51
Cleaning up request 5 ID 194 with timestamp +51
Cleaning up request 6 ID 195 with timestamp +51
Cleaning up request 7 ID 196 with timestamp +51
Cleaning up request 8 ID 197 with timestamp +51
Waking up in 1.0 seconds.
Cleaning up request 9 ID 198 with timestamp +51
I'm missing something?
--
View this message in context:
http://www.nabble.com/freeradius-2.1.6-ldap-%2B-mschapv2-to-authenticate-tp24167333p24173891.html
Sent from the FreeRadius - User mailing list archive at Nabble.com.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
