Re: freeradius ldap auth sort of working ?
On 1 Jul 2013, at 12:27, Horatiu Nimigean horatiu.nimig...@ddnet.ro wrote: Greetings. I have a problem with freeradius using ldap to auth, here are my system specs: Centos 6 64bit freeradius installed from repo rpm -qa | grep -i freeradius freeradius-ldap-2.1.12-4.el6_3.x86_64 freeradius-2.1.12-4.el6_3.x86_64 freeradius-utils-2.1.12-4.el6_3.x86_64 ldap already up and running, on localhost. everything is local btw, there are no remote services and ldap is (test environment) accepting unsecured connections. rpm -qa | grep -i openld openldap-devel-2.4.23-32.el6_4.1.x86_64 openldap-clients-2.4.23-32.el6_4.1.x86_64 openldap-servers-2.4.23-32.el6_4.1.x86_64 openldap-2.4.23-32.el6_4.1.x86_64 radtest fails radtest testuser_1 letmein_1 localhost 2 testing123 Sending Access-Request of id 214 to 127.0.0.1 port 1812 User-Name = testuser_1 User-Password = letmein_1 NAS-IP-Address = 127.0.0.1 NAS-Port = 2 Message-Authenticator = 0x rad_recv: Access-Reject packet from host 127.0.0.1 port 1812, id=214, length=20 and this is the output from radius (ran as radiusd -X) http://pastebin.com/MT0txW2c i don't understand. it auths but then it doesn't.. the final result is not successful Thanks in advance, No. Your admin user managed to bind and retrieve credentials for your user, your user bind never succeeded. Seeing as you have access to the crypt hash of the user's password you should use PAP to do authentication. Set set_auth_type = no in modules/ldap. and make sure 'pap' is listed in authorize. If the password you're using in radtest is correct, this will work. If it isn't then authentication will continue to fail. -Arran Arran Cudbard-Bell a.cudba...@freeradius.org FreeRADIUS Development Team - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: freeradius ldap auth sort of working ?
Hi, and this is the output from radius (ran as radiusd -X) http://pastebin.com/MT0txW2c please post to the list - avoids more work at this end. the output shows this: Found Auth-Type = LDAP # Executing group from file /etc/raddb/sites-enabled/default +- entering group LDAP {...} [ldap] login attempt by testuser_1 with password letmein_1 [ldap] user DN: uid=testuser_1,ou=People,dc=vps03,dc=local [ldap] (re)connect to 127.0.0.1:389, authentication 1 [ldap] bind as uid=testuser_1,ou=People,dc=vps03,dc=local/letmein_1 to 127.0.0.1:389 [ldap] waiting for bind result ... [ldap] Bind failed with invalid credentials ++[ldap] returns reject i don't understand. it auths but then it doesn't.. the final result is not successful it does a SEARCH for authorization. finds some details...then it checks authentication...and doesnt work. verify that you can connect/verify with this user/password combo. LDAP is not an authentication method..its just an oracle of data really alan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Freeradius + LDAP auth
HI Paulo, Thanks for u reply, see below my authenticate and authorize session. authorize { preprocess mschap ldap } authenticate { Auth-Type LDAP { ldap } Auth-Type MS-CHAP { mschap } } 2010/11/23 Paulo Maia phc.m...@gmail.com Show us your authorize and authenticate session . I had a problem like that once Regards , On Tue, Nov 23, 2010 at 9:49 AM, Old Eduardo oldedua...@gmail.com wrote: sorry alan, i understand need to read debug. But, i see secret in clients and my test radtest user pass ip 0 secret is corretly. And my other doubt is in auth type = Local, why local if i put auth type LDAP in configuration? Only get local ... Realy sorry for this, but need u help. Regards, 2010/11/23 Alan DeKok al...@deployingradius.com Old Eduardo wrote: but i try to configure this in few weeks and no get sucess. Ask questions earlier. Or, read the debug output. Tue Nov 23 07:37:24 2010 : Debug: WARNING: Unprintable characters in the password.Double-check the shared secret on the server and the NAS! That message seems pretty clear. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- Old Eduardo ... make a difference ... - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- Old Eduardo ... make a difference ... - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Freeradius + LDAP auth
What auth method u're trying to use ? EAP/PEAP ? Regards , On Wed, Nov 24, 2010 at 7:52 AM, Old Eduardo oldedua...@gmail.com wrote: HI Paulo, Thanks for u reply, see below my authenticate and authorize session. authorize { preprocess mschap ldap } authenticate { Auth-Type LDAP { ldap } Auth-Type MS-CHAP { mschap } } 2010/11/23 Paulo Maia phc.m...@gmail.com Show us your authorize and authenticate session . I had a problem like that once Regards , On Tue, Nov 23, 2010 at 9:49 AM, Old Eduardo oldedua...@gmail.comwrote: sorry alan, i understand need to read debug. But, i see secret in clients and my test radtest user pass ip 0 secret is corretly. And my other doubt is in auth type = Local, why local if i put auth type LDAP in configuration? Only get local ... Realy sorry for this, but need u help. Regards, 2010/11/23 Alan DeKok al...@deployingradius.com Old Eduardo wrote: but i try to configure this in few weeks and no get sucess. Ask questions earlier. Or, read the debug output. Tue Nov 23 07:37:24 2010 : Debug: WARNING: Unprintable characters in the password.Double-check the shared secret on the server and the NAS! That message seems pretty clear. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- Old Eduardo ... make a difference ... - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- Old Eduardo ... make a difference ... - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Freeradius + LDAP auth
where i define this? eap.conf? sorry, newbie with freeradius. 2010/11/24 Paulo Maia phc.m...@gmail.com What auth method u're trying to use ? EAP/PEAP ? Regards , On Wed, Nov 24, 2010 at 7:52 AM, Old Eduardo oldedua...@gmail.com wrote: HI Paulo, Thanks for u reply, see below my authenticate and authorize session. authorize { preprocess mschap ldap } authenticate { Auth-Type LDAP { ldap } Auth-Type MS-CHAP { mschap } } 2010/11/23 Paulo Maia phc.m...@gmail.com Show us your authorize and authenticate session . I had a problem like that once Regards , On Tue, Nov 23, 2010 at 9:49 AM, Old Eduardo oldedua...@gmail.comwrote: sorry alan, i understand need to read debug. But, i see secret in clients and my test radtest user pass ip 0 secret is corretly. And my other doubt is in auth type = Local, why local if i put auth type LDAP in configuration? Only get local ... Realy sorry for this, but need u help. Regards, 2010/11/23 Alan DeKok al...@deployingradius.com Old Eduardo wrote: but i try to configure this in few weeks and no get sucess. Ask questions earlier. Or, read the debug output. Tue Nov 23 07:37:24 2010 : Debug: WARNING: Unprintable characters in the password.Double-check the shared secret on the server and the NAS! That message seems pretty clear. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- Old Eduardo ... make a difference ... - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- Old Eduardo ... make a difference ... - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- Old Eduardo ... make a difference ... - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Freeradius + LDAP auth
ok i found this. sites-enabled/default eap auth mode. 2010/11/24 Paulo Maia phc.m...@gmail.com What auth method u're trying to use ? EAP/PEAP ? Regards , On Wed, Nov 24, 2010 at 7:52 AM, Old Eduardo oldedua...@gmail.com wrote: HI Paulo, Thanks for u reply, see below my authenticate and authorize session. authorize { preprocess mschap ldap } authenticate { Auth-Type LDAP { ldap } Auth-Type MS-CHAP { mschap } } 2010/11/23 Paulo Maia phc.m...@gmail.com Show us your authorize and authenticate session . I had a problem like that once Regards , On Tue, Nov 23, 2010 at 9:49 AM, Old Eduardo oldedua...@gmail.comwrote: sorry alan, i understand need to read debug. But, i see secret in clients and my test radtest user pass ip 0 secret is corretly. And my other doubt is in auth type = Local, why local if i put auth type LDAP in configuration? Only get local ... Realy sorry for this, but need u help. Regards, 2010/11/23 Alan DeKok al...@deployingradius.com Old Eduardo wrote: but i try to configure this in few weeks and no get sucess. Ask questions earlier. Or, read the debug output. Tue Nov 23 07:37:24 2010 : Debug: WARNING: Unprintable characters in the password.Double-check the shared secret on the server and the NAS! That message seems pretty clear. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- Old Eduardo ... make a difference ... - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- Old Eduardo ... make a difference ... - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- Old Eduardo ... make a difference ... - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Freeradius + LDAP auth
yes . but i have to include in your authorize and authenticate sessions . What kind of auth ure trying to get ? Regards , On Wed, Nov 24, 2010 at 8:43 AM, Old Eduardo oldedua...@gmail.com wrote: where i define this? eap.conf? sorry, newbie with freeradius. 2010/11/24 Paulo Maia phc.m...@gmail.com What auth method u're trying to use ? EAP/PEAP ? Regards , On Wed, Nov 24, 2010 at 7:52 AM, Old Eduardo oldedua...@gmail.comwrote: HI Paulo, Thanks for u reply, see below my authenticate and authorize session. authorize { preprocess mschap ldap } authenticate { Auth-Type LDAP { ldap } Auth-Type MS-CHAP { mschap } } 2010/11/23 Paulo Maia phc.m...@gmail.com Show us your authorize and authenticate session . I had a problem like that once Regards , On Tue, Nov 23, 2010 at 9:49 AM, Old Eduardo oldedua...@gmail.comwrote: sorry alan, i understand need to read debug. But, i see secret in clients and my test radtest user pass ip 0 secret is corretly. And my other doubt is in auth type = Local, why local if i put auth type LDAP in configuration? Only get local ... Realy sorry for this, but need u help. Regards, 2010/11/23 Alan DeKok al...@deployingradius.com Old Eduardo wrote: but i try to configure this in few weeks and no get sucess. Ask questions earlier. Or, read the debug output. Tue Nov 23 07:37:24 2010 : Debug: WARNING: Unprintable characters in the password.Double-check the shared secret on the server and the NAS! That message seems pretty clear. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- Old Eduardo ... make a difference ... - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- Old Eduardo ... make a difference ... - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- Old Eduardo ... make a difference ... - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Freeradius + LDAP auth
It works ? On Wed, Nov 24, 2010 at 8:47 AM, Old Eduardo oldedua...@gmail.com wrote: ok i found this. sites-enabled/default eap auth mode. 2010/11/24 Paulo Maia phc.m...@gmail.com What auth method u're trying to use ? EAP/PEAP ? Regards , On Wed, Nov 24, 2010 at 7:52 AM, Old Eduardo oldedua...@gmail.comwrote: HI Paulo, Thanks for u reply, see below my authenticate and authorize session. authorize { preprocess mschap ldap } authenticate { Auth-Type LDAP { ldap } Auth-Type MS-CHAP { mschap } } 2010/11/23 Paulo Maia phc.m...@gmail.com Show us your authorize and authenticate session . I had a problem like that once Regards , On Tue, Nov 23, 2010 at 9:49 AM, Old Eduardo oldedua...@gmail.comwrote: sorry alan, i understand need to read debug. But, i see secret in clients and my test radtest user pass ip 0 secret is corretly. And my other doubt is in auth type = Local, why local if i put auth type LDAP in configuration? Only get local ... Realy sorry for this, but need u help. Regards, 2010/11/23 Alan DeKok al...@deployingradius.com Old Eduardo wrote: but i try to configure this in few weeks and no get sucess. Ask questions earlier. Or, read the debug output. Tue Nov 23 07:37:24 2010 : Debug: WARNING: Unprintable characters in the password.Double-check the shared secret on the server and the NAS! That message seems pretty clear. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- Old Eduardo ... make a difference ... - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- Old Eduardo ... make a difference ... - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- Old Eduardo ... make a difference ... - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Freeradius + LDAP auth
I read in many sites, for get ldap auth need mschap, its true? i try mschap. 2010/11/24 Paulo Maia phc.m...@gmail.com yes . but i have to include in your authorize and authenticate sessions . What kind of auth ure trying to get ? Regards , On Wed, Nov 24, 2010 at 8:43 AM, Old Eduardo oldedua...@gmail.com wrote: where i define this? eap.conf? sorry, newbie with freeradius. 2010/11/24 Paulo Maia phc.m...@gmail.com What auth method u're trying to use ? EAP/PEAP ? Regards , On Wed, Nov 24, 2010 at 7:52 AM, Old Eduardo oldedua...@gmail.comwrote: HI Paulo, Thanks for u reply, see below my authenticate and authorize session. authorize { preprocess mschap ldap } authenticate { Auth-Type LDAP { ldap } Auth-Type MS-CHAP { mschap } } 2010/11/23 Paulo Maia phc.m...@gmail.com Show us your authorize and authenticate session . I had a problem like that once Regards , On Tue, Nov 23, 2010 at 9:49 AM, Old Eduardo oldedua...@gmail.comwrote: sorry alan, i understand need to read debug. But, i see secret in clients and my test radtest user pass ip 0 secret is corretly. And my other doubt is in auth type = Local, why local if i put auth type LDAP in configuration? Only get local ... Realy sorry for this, but need u help. Regards, 2010/11/23 Alan DeKok al...@deployingradius.com Old Eduardo wrote: but i try to configure this in few weeks and no get sucess. Ask questions earlier. Or, read the debug output. Tue Nov 23 07:37:24 2010 : Debug: WARNING: Unprintable characters in the password.Double-check the shared secret on the server and the NAS! That message seems pretty clear. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- Old Eduardo ... make a difference ... - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- Old Eduardo ... make a difference ... - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- Old Eduardo ... make a difference ... - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- Old Eduardo ... make a difference ... - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Freeradius + LDAP auth
no :( in debug only appears auth type Local see: Wed Nov 24 08:30:54 2010 : Debug: +- entering group authorize Wed Nov 24 08:30:54 2010 : Debug: modsingle[authorize]: calling preprocess (rlm_preprocess) for request 0 Wed Nov 24 08:30:54 2010 : Debug: modsingle[authorize]: returned from preprocess (rlm_preprocess) for request 0 Wed Nov 24 08:30:54 2010 : Debug: ++[preprocess] returns ok Wed Nov 24 08:30:54 2010 : Debug: modsingle[authorize]: calling mschap (rlm_mschap) for request 0 Wed Nov 24 08:30:54 2010 : Debug: modsingle[authorize]: returned from mschap (rlm_mschap) for request 0 Wed Nov 24 08:30:54 2010 : Debug: ++[mschap] returns noop Wed Nov 24 08:30:54 2010 : Debug: modsingle[authorize]: calling ldap (rlm_ldap) for request 0 Wed Nov 24 08:30:54 2010 : Debug: rlm_ldap: - authorize Wed Nov 24 08:30:54 2010 : Debug: rlm_ldap: performing user authorization for ipe-dp Wed Nov 24 08:30:54 2010 : Debug: WARNING: Deprecated conditional expansion :-. See man unlang for details Wed Nov 24 08:30:54 2010 : Debug: expand: (uid=%{Stripped-User-Name:-%{User-Name}}) - (uid=ipe-dp) Wed Nov 24 08:30:54 2010 : Debug: expand: dc=policiacivil,dc=rs,dc=gov,dc=br - dc=policiacivil,dc=rs,dc=gov,dc=br Wed Nov 24 08:30:54 2010 : Debug: rlm_ldap: ldap_get_conn: Checking Id: 0 Wed Nov 24 08:30:54 2010 : Debug: rlm_ldap: ldap_get_conn: Got Id: 0 Wed Nov 24 08:30:54 2010 : Debug: rlm_ldap: attempting LDAP reconnection Wed Nov 24 08:30:54 2010 : Debug: rlm_ldap: (re)connect to ldap.intra proxy.intra localhost:389, authentication 0 Wed Nov 24 08:30:54 2010 : Debug: rlm_ldap: bind as uid=vpnpptp,ou=sistemas,dc=policiacivil,dc=rs,dc=gov,dc=br/dfjk129!@ to ldap.intra proxy.intra localhost:389 Wed Nov 24 08:30:54 2010 : Debug: rlm_ldap: waiting for bind result ... Wed Nov 24 08:30:54 2010 : Debug: rlm_ldap: Bind was successful Wed Nov 24 08:30:54 2010 : Debug: rlm_ldap: performing search in dc=policiacivil,dc=rs,dc=gov,dc=br, with filter (uid=ipe-dp) Wed Nov 24 08:30:54 2010 : Debug: rlm_ldap: Added User-Password = {SSHA}dd3MzvDRyDeyeuDkPTy391H3FX2vynZl in check items Wed Nov 24 08:30:54 2010 : Debug: rlm_ldap: No default NMAS login sequence Wed Nov 24 08:30:54 2010 : Debug: rlm_ldap: looking for check items in directory... Wed Nov 24 08:30:54 2010 : Debug: rlm_ldap: LDAP attribute userpassword as RADIUS attribute Cleartext-Password == {SSHA}dd3MzvDRyDeyeuDkPTy391H3FX2vynZl Wed Nov 24 08:30:54 2010 : Debug: rlm_ldap: LDAP attribute sambaNtPassword as RADIUS attribute NT-Password == 0x3244413944423342333039463632333434374232384536393635374142333642 Wed Nov 24 08:30:54 2010 : Debug: rlm_ldap: LDAP attribute sambaLmPassword as RADIUS attribute LM-Password == 0x3845433036323546444141393630353041414433423433354235313430344545 Wed Nov 24 08:30:54 2010 : Debug: rlm_ldap: looking for reply items in directory... Wed Nov 24 08:30:54 2010 : Debug: rlm_ldap: user ipe-dp authorized to use remote access Wed Nov 24 08:30:54 2010 : Debug: rlm_ldap: ldap_release_conn: Release Id: 0 Wed Nov 24 08:30:54 2010 : Debug: modsingle[authorize]: returned from ldap (rlm_ldap) for request 0 Wed Nov 24 08:30:54 2010 : Debug: ++[ldap] returns ok Wed Nov 24 08:30:54 2010 : Debug: auth: type Local Wed Nov 24 08:30:54 2010 : Debug: auth: user supplied User-Password does NOT match local User-Password Wed Nov 24 08:30:54 2010 : Debug: auth: Failed to validate the user. Wed Nov 24 08:30:54 2010 : Auth: Login incorrect: [ipe-dp/\367ҿb5�?\327H6*c\244:\301\245] (from client localhost port 0) Wed Nov 24 08:30:54 2010 : Debug: WARNING: Unprintable characters in the password.Double-check the shared secret on the server and the NAS! Wed Nov 24 08:30:54 2010 : Debug: Delaying reject of request 0 for 1 seconds Wed Nov 24 08:30:54 2010 : Debug: Going to the next request Wed Nov 24 08:30:54 2010 : Debug: Waking up in 0.9 seconds. Wed Nov 24 08:30:55 2010 : Debug: Sending delayed reject for request 0 Sending Access-Reject of id 78 to 127.0.0.1 port 58611 Wed Nov 24 08:30:55 2010 : Debug: Waking up in 4.9 seconds. rad_recv: Access-Reject packet from host 127.0.0.1 port 1812, id=78, length=20 rad_verify: Received Access-Reject packet from client 127.0.0.1 port 1812 with invalid signature (err=2)! (Shared secret is incorrect.) ^Cdebian:/etc/freeradius/sites-enabled# Wed Nov 24 08:31:00 2010 : Debug: Cleaning up request 0 ID 78 with timestamp +5 ty for u help. 2010/11/24 Paulo Maia phc.m...@gmail.com It works ? On Wed, Nov 24, 2010 at 8:47 AM, Old Eduardo oldedua...@gmail.com wrote: ok i found this. sites-enabled/default eap auth mode. 2010/11/24 Paulo Maia phc.m...@gmail.com What auth method u're trying to use ? EAP/PEAP ? Regards , On Wed, Nov 24, 2010 at 7:52 AM, Old Eduardo oldedua...@gmail.comwrote: HI Paulo, Thanks for u reply, see below my authenticate and authorize session. authorize { preprocess mschap ldap } authenticate { Auth-Type LDAP { ldap }
Re: Freeradius + LDAP auth
Do u have NT e LM passowrd attributes in ur LDAP database ? coz if u do u could try to use EAP/PEAP . Its easier for windows clients . Regards , On Wed, Nov 24, 2010 at 9:26 AM, Old Eduardo oldedua...@gmail.com wrote: I read in many sites, for get ldap auth need mschap, its true? i try mschap. 2010/11/24 Paulo Maia phc.m...@gmail.com yes . but i have to include in your authorize and authenticate sessions . What kind of auth ure trying to get ? Regards , On Wed, Nov 24, 2010 at 8:43 AM, Old Eduardo oldedua...@gmail.comwrote: where i define this? eap.conf? sorry, newbie with freeradius. 2010/11/24 Paulo Maia phc.m...@gmail.com What auth method u're trying to use ? EAP/PEAP ? Regards , On Wed, Nov 24, 2010 at 7:52 AM, Old Eduardo oldedua...@gmail.comwrote: HI Paulo, Thanks for u reply, see below my authenticate and authorize session. authorize { preprocess mschap ldap } authenticate { Auth-Type LDAP { ldap } Auth-Type MS-CHAP { mschap } } 2010/11/23 Paulo Maia phc.m...@gmail.com Show us your authorize and authenticate session . I had a problem like that once Regards , On Tue, Nov 23, 2010 at 9:49 AM, Old Eduardo oldedua...@gmail.comwrote: sorry alan, i understand need to read debug. But, i see secret in clients and my test radtest user pass ip 0 secret is corretly. And my other doubt is in auth type = Local, why local if i put auth type LDAP in configuration? Only get local ... Realy sorry for this, but need u help. Regards, 2010/11/23 Alan DeKok al...@deployingradius.com Old Eduardo wrote: but i try to configure this in few weeks and no get sucess. Ask questions earlier. Or, read the debug output. Tue Nov 23 07:37:24 2010 : Debug: WARNING: Unprintable characters in the password.Double-check the shared secret on the server and the NAS! That message seems pretty clear. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- Old Eduardo ... make a difference ... - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- Old Eduardo ... make a difference ... - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- Old Eduardo ... make a difference ... - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- Old Eduardo ... make a difference ... - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Freeradius + LDAP auth
comment everything the users file . Brasileiro mano ? On Wed, Nov 24, 2010 at 9:31 AM, Old Eduardo oldedua...@gmail.com wrote: no :( in debug only appears auth type Local see: Wed Nov 24 08:30:54 2010 : Debug: +- entering group authorize Wed Nov 24 08:30:54 2010 : Debug: modsingle[authorize]: calling preprocess (rlm_preprocess) for request 0 Wed Nov 24 08:30:54 2010 : Debug: modsingle[authorize]: returned from preprocess (rlm_preprocess) for request 0 Wed Nov 24 08:30:54 2010 : Debug: ++[preprocess] returns ok Wed Nov 24 08:30:54 2010 : Debug: modsingle[authorize]: calling mschap (rlm_mschap) for request 0 Wed Nov 24 08:30:54 2010 : Debug: modsingle[authorize]: returned from mschap (rlm_mschap) for request 0 Wed Nov 24 08:30:54 2010 : Debug: ++[mschap] returns noop Wed Nov 24 08:30:54 2010 : Debug: modsingle[authorize]: calling ldap (rlm_ldap) for request 0 Wed Nov 24 08:30:54 2010 : Debug: rlm_ldap: - authorize Wed Nov 24 08:30:54 2010 : Debug: rlm_ldap: performing user authorization for ipe-dp Wed Nov 24 08:30:54 2010 : Debug: WARNING: Deprecated conditional expansion :-. See man unlang for details Wed Nov 24 08:30:54 2010 : Debug: expand: (uid=%{Stripped-User-Name:-%{User-Name}}) - (uid=ipe-dp) Wed Nov 24 08:30:54 2010 : Debug: expand: dc=policiacivil,dc=rs,dc=gov,dc=br - dc=policiacivil,dc=rs,dc=gov,dc=br Wed Nov 24 08:30:54 2010 : Debug: rlm_ldap: ldap_get_conn: Checking Id: 0 Wed Nov 24 08:30:54 2010 : Debug: rlm_ldap: ldap_get_conn: Got Id: 0 Wed Nov 24 08:30:54 2010 : Debug: rlm_ldap: attempting LDAP reconnection Wed Nov 24 08:30:54 2010 : Debug: rlm_ldap: (re)connect to ldap.intra proxy.intra localhost:389, authentication 0 Wed Nov 24 08:30:54 2010 : Debug: rlm_ldap: bind as uid=vpnpptp,ou=sistemas,dc=policiacivil,dc=rs,dc=gov,dc=br/dfjk129!@ to ldap.intra proxy.intra localhost:389 Wed Nov 24 08:30:54 2010 : Debug: rlm_ldap: waiting for bind result ... Wed Nov 24 08:30:54 2010 : Debug: rlm_ldap: Bind was successful Wed Nov 24 08:30:54 2010 : Debug: rlm_ldap: performing search in dc=policiacivil,dc=rs,dc=gov,dc=br, with filter (uid=ipe-dp) Wed Nov 24 08:30:54 2010 : Debug: rlm_ldap: Added User-Password = {SSHA}dd3MzvDRyDeyeuDkPTy391H3FX2vynZl in check items Wed Nov 24 08:30:54 2010 : Debug: rlm_ldap: No default NMAS login sequence Wed Nov 24 08:30:54 2010 : Debug: rlm_ldap: looking for check items in directory... Wed Nov 24 08:30:54 2010 : Debug: rlm_ldap: LDAP attribute userpassword as RADIUS attribute Cleartext-Password == {SSHA}dd3MzvDRyDeyeuDkPTy391H3FX2vynZl Wed Nov 24 08:30:54 2010 : Debug: rlm_ldap: LDAP attribute sambaNtPassword as RADIUS attribute NT-Password == 0x3244413944423342333039463632333434374232384536393635374142333642 Wed Nov 24 08:30:54 2010 : Debug: rlm_ldap: LDAP attribute sambaLmPassword as RADIUS attribute LM-Password == 0x3845433036323546444141393630353041414433423433354235313430344545 Wed Nov 24 08:30:54 2010 : Debug: rlm_ldap: looking for reply items in directory... Wed Nov 24 08:30:54 2010 : Debug: rlm_ldap: user ipe-dp authorized to use remote access Wed Nov 24 08:30:54 2010 : Debug: rlm_ldap: ldap_release_conn: Release Id: 0 Wed Nov 24 08:30:54 2010 : Debug: modsingle[authorize]: returned from ldap (rlm_ldap) for request 0 Wed Nov 24 08:30:54 2010 : Debug: ++[ldap] returns ok Wed Nov 24 08:30:54 2010 : Debug: auth: type Local Wed Nov 24 08:30:54 2010 : Debug: auth: user supplied User-Password does NOT match local User-Password Wed Nov 24 08:30:54 2010 : Debug: auth: Failed to validate the user. Wed Nov 24 08:30:54 2010 : Auth: Login incorrect: [ipe-dp/\367ҿb5�?\327H6*c\244:\301\245] (from client localhost port 0) Wed Nov 24 08:30:54 2010 : Debug: WARNING: Unprintable characters in the password.Double-check the shared secret on the server and the NAS! Wed Nov 24 08:30:54 2010 : Debug: Delaying reject of request 0 for 1 seconds Wed Nov 24 08:30:54 2010 : Debug: Going to the next request Wed Nov 24 08:30:54 2010 : Debug: Waking up in 0.9 seconds. Wed Nov 24 08:30:55 2010 : Debug: Sending delayed reject for request 0 Sending Access-Reject of id 78 to 127.0.0.1 port 58611 Wed Nov 24 08:30:55 2010 : Debug: Waking up in 4.9 seconds. rad_recv: Access-Reject packet from host 127.0.0.1 port 1812, id=78, length=20 rad_verify: Received Access-Reject packet from client 127.0.0.1 port 1812 with invalid signature (err=2)! (Shared secret is incorrect.) ^Cdebian:/etc/freeradius/sites-enabled# Wed Nov 24 08:31:00 2010 : Debug: Cleaning up request 0 ID 78 with timestamp +5 ty for u help. 2010/11/24 Paulo Maia phc.m...@gmail.com It works ? On Wed, Nov 24, 2010 at 8:47 AM, Old Eduardo oldedua...@gmail.comwrote: ok i found this. sites-enabled/default eap auth mode. 2010/11/24 Paulo Maia phc.m...@gmail.com What auth method u're trying to use ? EAP/PEAP ? Regards , On Wed, Nov 24, 2010 at 7:52 AM, Old Eduardo oldedua...@gmail.comwrote: HI Paulo, Thanks for u
Re: Freeradius + LDAP auth
Old Eduardo wrote: no :( in debug only appears auth type Local Stop wasting your time. You have NOT configured the server correctly, and you have NOT followed instructions on this list. see: Wed Nov 24 08:30:54 2010 : Debug: +- entering group authorize You've used radiusd -Xx. The FAQ, INSTALL, man page, and messages daily on this list say to use radiusd -X. This should be easy to do. Wed Nov 24 08:30:54 2010 : Debug: rlm_ldap: LDAP attribute userpassword as RADIUS attribute Cleartext-Password == {SSHA}dd3MzvDRyDeyeuDkPTy391H3FX2vynZl This is wrong on many, many, levels. The password is a SSHA password, not a Cleartext-Password. You've edited the ldap.attrmap file to add the *wrong* information in it. Wed Nov 24 08:30:54 2010 : Debug: auth: type Local Wed Nov 24 08:30:54 2010 : Debug: auth: user supplied User-Password does NOT match local User-Password Given your broken configuration, this is to be expected. Wed Nov 24 08:30:54 2010 : Debug: auth: Failed to validate the user. Wed Nov 24 08:30:54 2010 : Auth: Login incorrect: [ipe-dp/\367ҿb5�?\327H6*c\244:\301\245] (from client localhost port 0) Wed Nov 24 08:30:54 2010 : Debug: WARNING: Unprintable characters in the password.Double-check the shared secret on the server and the NAS! You were told to fix this problem. Read the error message. It's not hard to understand. Until you fix your system, authentication will *always* fail. The cause of the problem is simple and obvious. Even worse, you've been told how to fix it. So far, you've refused to follow instructions. If you're not going to follow the instructions given on this list, there is *no* reason to ask questions here. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Freeradius + LDAP auth
yes i have. 2010/11/24 Paulo Maia phc.m...@gmail.com Do u have NT e LM passowrd attributes in ur LDAP database ? coz if u do u could try to use EAP/PEAP . Its easier for windows clients . Regards , On Wed, Nov 24, 2010 at 9:26 AM, Old Eduardo oldedua...@gmail.com wrote: I read in many sites, for get ldap auth need mschap, its true? i try mschap. 2010/11/24 Paulo Maia phc.m...@gmail.com yes . but i have to include in your authorize and authenticate sessions . What kind of auth ure trying to get ? Regards , On Wed, Nov 24, 2010 at 8:43 AM, Old Eduardo oldedua...@gmail.comwrote: where i define this? eap.conf? sorry, newbie with freeradius. 2010/11/24 Paulo Maia phc.m...@gmail.com What auth method u're trying to use ? EAP/PEAP ? Regards , On Wed, Nov 24, 2010 at 7:52 AM, Old Eduardo oldedua...@gmail.comwrote: HI Paulo, Thanks for u reply, see below my authenticate and authorize session. authorize { preprocess mschap ldap } authenticate { Auth-Type LDAP { ldap } Auth-Type MS-CHAP { mschap } } 2010/11/23 Paulo Maia phc.m...@gmail.com Show us your authorize and authenticate session . I had a problem like that once Regards , On Tue, Nov 23, 2010 at 9:49 AM, Old Eduardo oldedua...@gmail.comwrote: sorry alan, i understand need to read debug. But, i see secret in clients and my test radtest user pass ip 0 secret is corretly. And my other doubt is in auth type = Local, why local if i put auth type LDAP in configuration? Only get local ... Realy sorry for this, but need u help. Regards, 2010/11/23 Alan DeKok al...@deployingradius.com Old Eduardo wrote: but i try to configure this in few weeks and no get sucess. Ask questions earlier. Or, read the debug output. Tue Nov 23 07:37:24 2010 : Debug: WARNING: Unprintable characters in the password.Double-check the shared secret on the server and the NAS! That message seems pretty clear. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- Old Eduardo ... make a difference ... - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- Old Eduardo ... make a difference ... - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- Old Eduardo ... make a difference ... - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- Old Eduardo ... make a difference ... - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- Old Eduardo ... make a difference ... - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Freeradius + LDAP auth
Paulo Maia wrote: comment everything the users file . Wrong answers make life difficult for everyone. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Freeradius + LDAP auth
Opa e ae blz? Vou fazer isso amanha, te mandei para teu email todo o diretorio do freeradius para voce dar uma olhada nos confs, estou ha 3 semanas tentando fazer essa implementacao e nao consigo cara. amanha de manha vou la tentar denovo. obrigado pela forca. 2010/11/24 Paulo Maia phc.m...@gmail.com comment everything the users file . Brasileiro mano ? On Wed, Nov 24, 2010 at 9:31 AM, Old Eduardo oldedua...@gmail.com wrote: no :( in debug only appears auth type Local see: Wed Nov 24 08:30:54 2010 : Debug: +- entering group authorize Wed Nov 24 08:30:54 2010 : Debug: modsingle[authorize]: calling preprocess (rlm_preprocess) for request 0 Wed Nov 24 08:30:54 2010 : Debug: modsingle[authorize]: returned from preprocess (rlm_preprocess) for request 0 Wed Nov 24 08:30:54 2010 : Debug: ++[preprocess] returns ok Wed Nov 24 08:30:54 2010 : Debug: modsingle[authorize]: calling mschap (rlm_mschap) for request 0 Wed Nov 24 08:30:54 2010 : Debug: modsingle[authorize]: returned from mschap (rlm_mschap) for request 0 Wed Nov 24 08:30:54 2010 : Debug: ++[mschap] returns noop Wed Nov 24 08:30:54 2010 : Debug: modsingle[authorize]: calling ldap (rlm_ldap) for request 0 Wed Nov 24 08:30:54 2010 : Debug: rlm_ldap: - authorize Wed Nov 24 08:30:54 2010 : Debug: rlm_ldap: performing user authorization for ipe-dp Wed Nov 24 08:30:54 2010 : Debug: WARNING: Deprecated conditional expansion :-. See man unlang for details Wed Nov 24 08:30:54 2010 : Debug: expand: (uid=%{Stripped-User-Name:-%{User-Name}}) - (uid=ipe-dp) Wed Nov 24 08:30:54 2010 : Debug: expand: dc=policiacivil,dc=rs,dc=gov,dc=br - dc=policiacivil,dc=rs,dc=gov,dc=br Wed Nov 24 08:30:54 2010 : Debug: rlm_ldap: ldap_get_conn: Checking Id: 0 Wed Nov 24 08:30:54 2010 : Debug: rlm_ldap: ldap_get_conn: Got Id: 0 Wed Nov 24 08:30:54 2010 : Debug: rlm_ldap: attempting LDAP reconnection Wed Nov 24 08:30:54 2010 : Debug: rlm_ldap: (re)connect to ldap.intra proxy.intra localhost:389, authentication 0 Wed Nov 24 08:30:54 2010 : Debug: rlm_ldap: bind as uid=vpnpptp,ou=sistemas,dc=policiacivil,dc=rs,dc=gov,dc=br/dfjk129!@ to ldap.intra proxy.intra localhost:389 Wed Nov 24 08:30:54 2010 : Debug: rlm_ldap: waiting for bind result ... Wed Nov 24 08:30:54 2010 : Debug: rlm_ldap: Bind was successful Wed Nov 24 08:30:54 2010 : Debug: rlm_ldap: performing search in dc=policiacivil,dc=rs,dc=gov,dc=br, with filter (uid=ipe-dp) Wed Nov 24 08:30:54 2010 : Debug: rlm_ldap: Added User-Password = {SSHA}dd3MzvDRyDeyeuDkPTy391H3FX2vynZl in check items Wed Nov 24 08:30:54 2010 : Debug: rlm_ldap: No default NMAS login sequence Wed Nov 24 08:30:54 2010 : Debug: rlm_ldap: looking for check items in directory... Wed Nov 24 08:30:54 2010 : Debug: rlm_ldap: LDAP attribute userpassword as RADIUS attribute Cleartext-Password == {SSHA}dd3MzvDRyDeyeuDkPTy391H3FX2vynZl Wed Nov 24 08:30:54 2010 : Debug: rlm_ldap: LDAP attribute sambaNtPassword as RADIUS attribute NT-Password == 0x3244413944423342333039463632333434374232384536393635374142333642 Wed Nov 24 08:30:54 2010 : Debug: rlm_ldap: LDAP attribute sambaLmPassword as RADIUS attribute LM-Password == 0x3845433036323546444141393630353041414433423433354235313430344545 Wed Nov 24 08:30:54 2010 : Debug: rlm_ldap: looking for reply items in directory... Wed Nov 24 08:30:54 2010 : Debug: rlm_ldap: user ipe-dp authorized to use remote access Wed Nov 24 08:30:54 2010 : Debug: rlm_ldap: ldap_release_conn: Release Id: 0 Wed Nov 24 08:30:54 2010 : Debug: modsingle[authorize]: returned from ldap (rlm_ldap) for request 0 Wed Nov 24 08:30:54 2010 : Debug: ++[ldap] returns ok Wed Nov 24 08:30:54 2010 : Debug: auth: type Local Wed Nov 24 08:30:54 2010 : Debug: auth: user supplied User-Password does NOT match local User-Password Wed Nov 24 08:30:54 2010 : Debug: auth: Failed to validate the user. Wed Nov 24 08:30:54 2010 : Auth: Login incorrect: [ipe-dp/\367ҿb5�?\327H6*c\244:\301\245] (from client localhost port 0) Wed Nov 24 08:30:54 2010 : Debug: WARNING: Unprintable characters in the password.Double-check the shared secret on the server and the NAS! Wed Nov 24 08:30:54 2010 : Debug: Delaying reject of request 0 for 1 seconds Wed Nov 24 08:30:54 2010 : Debug: Going to the next request Wed Nov 24 08:30:54 2010 : Debug: Waking up in 0.9 seconds. Wed Nov 24 08:30:55 2010 : Debug: Sending delayed reject for request 0 Sending Access-Reject of id 78 to 127.0.0.1 port 58611 Wed Nov 24 08:30:55 2010 : Debug: Waking up in 4.9 seconds. rad_recv: Access-Reject packet from host 127.0.0.1 port 1812, id=78, length=20 rad_verify: Received Access-Reject packet from client 127.0.0.1 port 1812 with invalid signature (err=2)! (Shared secret is incorrect.) ^Cdebian:/etc/freeradius/sites-enabled# Wed Nov 24 08:31:00 2010 : Debug: Cleaning up request 0 ID 78 with timestamp +5 ty for u help. 2010/11/24 Paulo Maia phc.m...@gmail.com It works ? On Wed, Nov 24, 2010 at 8:47
Re: Freeradius + LDAP auth
Old Eduardo wrote: but i try to configure this in few weeks and no get sucess. Ask questions earlier. Or, read the debug output. Tue Nov 23 07:37:24 2010 : Debug: WARNING: Unprintable characters in the password.Double-check the shared secret on the server and the NAS! That message seems pretty clear. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Freeradius + LDAP auth
sorry alan, i understand need to read debug. But, i see secret in clients and my test radtest user pass ip 0 secret is corretly. And my other doubt is in auth type = Local, why local if i put auth type LDAP in configuration? Only get local ... Realy sorry for this, but need u help. Regards, 2010/11/23 Alan DeKok al...@deployingradius.com Old Eduardo wrote: but i try to configure this in few weeks and no get sucess. Ask questions earlier. Or, read the debug output. Tue Nov 23 07:37:24 2010 : Debug: WARNING: Unprintable characters in the password.Double-check the shared secret on the server and the NAS! That message seems pretty clear. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- Old Eduardo ... make a difference ... - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Freeradius + LDAP auth
Show us your authorize and authenticate session . I had a problem like that once Regards , On Tue, Nov 23, 2010 at 9:49 AM, Old Eduardo oldedua...@gmail.com wrote: sorry alan, i understand need to read debug. But, i see secret in clients and my test radtest user pass ip 0 secret is corretly. And my other doubt is in auth type = Local, why local if i put auth type LDAP in configuration? Only get local ... Realy sorry for this, but need u help. Regards, 2010/11/23 Alan DeKok al...@deployingradius.com Old Eduardo wrote: but i try to configure this in few weeks and no get sucess. Ask questions earlier. Or, read the debug output. Tue Nov 23 07:37:24 2010 : Debug: WARNING: Unprintable characters in the password.Double-check the shared secret on the server and the NAS! That message seems pretty clear. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- Old Eduardo ... make a difference ... - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Freeradius + LDAP auth
Old Eduardo wrote: sorry alan, i understand need to read debug. But, i see secret in clients and my test radtest user pass ip 0 secret is corretly. That uses a *different* secret, as the packet is coming from a different IP address. i.e. you can either fix the secret as suggested by the message and my emails, or you can *not* fix the secret, and continue to have problems. And my other doubt is in auth type = Local, why local if i put auth type LDAP in configuration? Only get local ... The debug log should make this clear. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: freeRadius LDAP auth using WPA-EAP on 802.11
Hello, How do I fix the supplicant problem, Suggested by you? José Campos -Mensagem original- De: freeradius-users-bounces+jjscampos=gmail@lists.freeradius.org [mailto:freeradius-users-bounces+jjscampos=gmail@lists.freeradius.org] Em nome de Alan DeKok Enviada: quinta-feira, 28 de Janeiro de 2010 20:24 Para: FreeRadius users mailing list Assunto: Re: freeRadius LDAP auth using WPA-EAP on 802.11 José Campos wrote: I have my AP configure to use WPA-EAP and pointing to my radius server. [eap] processing type md5 You can't use EAP-MD5 for wireless. rlm_eap_md5: Issuing Challenge ++[eap] returns handled Sending Access-Challenge of id 0 to 192.168.70.70 port 1026 EAP-Message = 0x010100160410f14661baee3d7327186dd431deff0370 Message-Authenticator = 0x State = 0x38f703bb38f607a3224364ff73a6f80d Finished request 1. If the supplicant never responds to that, then the supplicant is broken. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: freeRadius LDAP auth using WPA-EAP on 802.11
José Campos wrote: What do you sugest. Diable md5 on eap or not using eap? Use an EAP method that works with an AP: PEAP, TTLS, ... Sorry, I'm not very familiar with this subject. Can't I still use WPA-EAP on my AP? Yes... there are millions of people using that. It's not hard. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: freeRadius LDAP auth using WPA-EAP on 802.11
Sorry bother you once more. Can you please specify which files and option must I change exactly... José Campos -Mensagem original- De: freeradius-users-bounces+jjscampos=gmail@lists.freeradius.org [mailto:freeradius-users-bounces+jjscampos=gmail@lists.freeradius.org] Em nome de Alan DeKok Enviada: sexta-feira, 29 de Janeiro de 2010 11:51 Para: FreeRadius users mailing list Assunto: Re: freeRadius LDAP auth using WPA-EAP on 802.11 José Campos wrote: What do you sugest. Diable md5 on eap or not using eap? Use an EAP method that works with an AP: PEAP, TTLS, ... Sorry, I'm not very familiar with this subject. Can't I still use WPA-EAP on my AP? Yes... there are millions of people using that. It's not hard. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: freeRadius LDAP auth using WPA-EAP on 802.11
José Campos wrote: I have my AP configure to use WPA-EAP and pointing to my radius server. [eap] processing type md5 You can't use EAP-MD5 for wireless. rlm_eap_md5: Issuing Challenge ++[eap] returns handled Sending Access-Challenge of id 0 to 192.168.70.70 port 1026 EAP-Message = 0x010100160410f14661baee3d7327186dd431deff0370 Message-Authenticator = 0x State = 0x38f703bb38f607a3224364ff73a6f80d Finished request 1. If the supplicant never responds to that, then the supplicant is broken. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html