Re: Cisco AP, FreeRADIUS and Fedora Directory Server
I'm not sure that how will RADIUS server know to check password against LDAP server while EAP is in place? It doesn't. Does this mean that EAP plugin only checks users file to authenticate users with their passwords? Mustafa - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Cisco AP, FreeRADIUS and Fedora Directory Server
It's not so much EAP in general, but the PEAP (i.e. MSCHAPv2 part). However search this list's archive, see documentation etc. and the pertinent parts of the server's debug output you still chose not to provide here. regards K. Hoercher Is there a way to get clear password after PEAP plugin has processed EAP message and gained password to check against users file? Mustafa - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Cisco AP, FreeRADIUS and Fedora Directory Server
=?ISO-8859-2?Q?Mustafa_=AAenay?= [EMAIL PROTECTED] wrote: Does this mean that EAP plugin only checks users file to authenticate users with their passwords? No. It means that EAP doesn't supply a password, so it doesn't exist, and can't be checked against LDAP. Alan DeKok. -- http://deployingradius.com - The web site of the book http://deployingradius.com/blog/ - The blog - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Cisco AP, FreeRADIUS and Fedora Directory Server
=?ISO-8859-2?Q?Mustafa_=AAenay?= [EMAIL PROTECTED] wrote: Same password works when binding to LDAP server from different client applications, sucha as GQ. So I'm pretty sure that password is correct. That doesn't matter. Read ALL OF THE DEBUGGING LOG. IT WILL TELL YOU WHAT IS GOING ON. If you DO NOT read it, you WILL NOT solve the problem. I'm not sure that how will RADIUS server know to check password against LDAP server while EAP is in place? It doesn't. Alan DeKok. -- http://deployingradius.com - The web site of the book http://deployingradius.com/blog/ - The blog - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Cisco AP, FreeRADIUS and Fedora Directory Server
Hm, well, sort of, as you get: rlm_eap_peap: Session established. Decoding tunneled attributes. rlm_eap_peap: Received EAP-TLV response. rlm_eap_peap: Tunneled data is valid. rlm_eap_peap: Had sent TLV failure. User was rejcted rejected earlier in this session. Probably wrong password. One cannot really be sure as you left out those earlier in this session parts of the _full_ debug output. Same password works when binding to LDAP server from different client applications, sucha as GQ. So I'm pretty sure that password is correct. I'm not sure that how will RADIUS server know to check password against LDAP server while EAP is in place? - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Cisco AP, FreeRADIUS and Fedora Directory Server
On 10/16/06, Mustafa Şenay [EMAIL PROTECTED] wrote: Same password works when binding to LDAP server from different client applications, sucha as GQ. So I'm pretty sure that password is correct. That doesn't mean it works for PEAP too (probably not). See below. I'm not sure that how will RADIUS server know to check password against LDAP server while EAP is in place? It's not so much EAP in general, but the PEAP (i.e. MSCHAPv2 part). However search this list's archive, see documentation etc. and the pertinent parts of the server's debug output you still chose not to provide here. regards K. Hoercher - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Cisco AP, FreeRADIUS and Fedora Directory Server
Hi, On 10/15/06, Mustafa Şenay [EMAIL PROTECTED] wrote: according to ldap_howto found in freeradius documentation. I managed to authorize users but authentication doesn't work. Here is the log of Hm, well, sort of, as you get: rlm_eap_peap: Session established. Decoding tunneled attributes. rlm_eap_peap: Received EAP-TLV response. rlm_eap_peap: Tunneled data is valid. rlm_eap_peap: Had sent TLV failure. User was rejcted rejected earlier in this session. Probably wrong password. One cannot really be sure as you left out those earlier in this session parts of the _full_ debug output. regards K. Hoercher - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html