Re: freeradius ldap auth sort of working ?
On 1 Jul 2013, at 12:27, Horatiu Nimigean horatiu.nimig...@ddnet.ro wrote: Greetings. I have a problem with freeradius using ldap to auth, here are my system specs: Centos 6 64bit freeradius installed from repo rpm -qa | grep -i freeradius freeradius-ldap-2.1.12-4.el6_3.x86_64 freeradius-2.1.12-4.el6_3.x86_64 freeradius-utils-2.1.12-4.el6_3.x86_64 ldap already up and running, on localhost. everything is local btw, there are no remote services and ldap is (test environment) accepting unsecured connections. rpm -qa | grep -i openld openldap-devel-2.4.23-32.el6_4.1.x86_64 openldap-clients-2.4.23-32.el6_4.1.x86_64 openldap-servers-2.4.23-32.el6_4.1.x86_64 openldap-2.4.23-32.el6_4.1.x86_64 radtest fails radtest testuser_1 letmein_1 localhost 2 testing123 Sending Access-Request of id 214 to 127.0.0.1 port 1812 User-Name = testuser_1 User-Password = letmein_1 NAS-IP-Address = 127.0.0.1 NAS-Port = 2 Message-Authenticator = 0x rad_recv: Access-Reject packet from host 127.0.0.1 port 1812, id=214, length=20 and this is the output from radius (ran as radiusd -X) http://pastebin.com/MT0txW2c i don't understand. it auths but then it doesn't.. the final result is not successful Thanks in advance, No. Your admin user managed to bind and retrieve credentials for your user, your user bind never succeeded. Seeing as you have access to the crypt hash of the user's password you should use PAP to do authentication. Set set_auth_type = no in modules/ldap. and make sure 'pap' is listed in authorize. If the password you're using in radtest is correct, this will work. If it isn't then authentication will continue to fail. -Arran Arran Cudbard-Bell a.cudba...@freeradius.org FreeRADIUS Development Team - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: freeradius ldap auth sort of working ?
Hi,
and this is the output from radius (ran as radiusd -X)
http://pastebin.com/MT0txW2c
please post to the list - avoids more work at this end.
the output shows this:
Found Auth-Type = LDAP
# Executing group from file /etc/raddb/sites-enabled/default
+- entering group LDAP {...}
[ldap] login attempt by testuser_1 with password letmein_1
[ldap] user DN: uid=testuser_1,ou=People,dc=vps03,dc=local
[ldap] (re)connect to 127.0.0.1:389, authentication 1
[ldap] bind as uid=testuser_1,ou=People,dc=vps03,dc=local/letmein_1 to
127.0.0.1:389
[ldap] waiting for bind result ...
[ldap] Bind failed with invalid credentials
++[ldap] returns reject
i don't understand. it auths but then it doesn't.. the final result
is not successful
it does a SEARCH for authorization. finds some details...then it checks
authentication...and doesnt work. verify that you can connect/verify
with this user/password combo. LDAP is not an authentication method..its
just an oracle of data really
alan
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Freeradius + LDAP auth
HI Paulo,
Thanks for u reply, see below my authenticate and authorize session.
authorize {
preprocess
mschap
ldap
}
authenticate {
Auth-Type LDAP {
ldap
}
Auth-Type MS-CHAP {
mschap
}
}
2010/11/23 Paulo Maia phc.m...@gmail.com
Show us your authorize and authenticate session . I had a problem like that
once
Regards ,
On Tue, Nov 23, 2010 at 9:49 AM, Old Eduardo oldedua...@gmail.com wrote:
sorry alan, i understand need to read debug.
But, i see secret in clients and my test radtest user pass ip 0 secret is
corretly.
And my other doubt is in auth type = Local, why local if i put auth type
LDAP in configuration? Only get local ...
Realy sorry for this, but need u help.
Regards,
2010/11/23 Alan DeKok al...@deployingradius.com
Old Eduardo wrote:
but i try to configure this in few weeks and no get sucess.
Ask questions earlier.
Or, read the debug output.
Tue Nov 23 07:37:24 2010 : Debug: WARNING: Unprintable characters in
the password.Double-check the shared secret on the server and the
NAS!
That message seems pretty clear.
Alan DeKok.
-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
--
Old Eduardo ...
make a difference ...
-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
--
Old Eduardo ...
make a difference ...
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Freeradius + LDAP auth
What auth method u're trying to use ?
EAP/PEAP ?
Regards ,
On Wed, Nov 24, 2010 at 7:52 AM, Old Eduardo oldedua...@gmail.com wrote:
HI Paulo,
Thanks for u reply, see below my authenticate and authorize session.
authorize {
preprocess
mschap
ldap
}
authenticate {
Auth-Type LDAP {
ldap
}
Auth-Type MS-CHAP {
mschap
}
}
2010/11/23 Paulo Maia phc.m...@gmail.com
Show us your authorize and authenticate session . I had a problem like that
once
Regards ,
On Tue, Nov 23, 2010 at 9:49 AM, Old Eduardo oldedua...@gmail.comwrote:
sorry alan, i understand need to read debug.
But, i see secret in clients and my test radtest user pass ip 0 secret is
corretly.
And my other doubt is in auth type = Local, why local if i put auth type
LDAP in configuration? Only get local ...
Realy sorry for this, but need u help.
Regards,
2010/11/23 Alan DeKok al...@deployingradius.com
Old Eduardo wrote:
but i try to configure this in few weeks and no get sucess.
Ask questions earlier.
Or, read the debug output.
Tue Nov 23 07:37:24 2010 : Debug: WARNING: Unprintable characters in
the password.Double-check the shared secret on the server and the
NAS!
That message seems pretty clear.
Alan DeKok.
-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
--
Old Eduardo ...
make a difference ...
-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
--
Old Eduardo ...
make a difference ...
-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Freeradius + LDAP auth
where i define this? eap.conf?
sorry, newbie with freeradius.
2010/11/24 Paulo Maia phc.m...@gmail.com
What auth method u're trying to use ?
EAP/PEAP ?
Regards ,
On Wed, Nov 24, 2010 at 7:52 AM, Old Eduardo oldedua...@gmail.com wrote:
HI Paulo,
Thanks for u reply, see below my authenticate and authorize session.
authorize {
preprocess
mschap
ldap
}
authenticate {
Auth-Type LDAP {
ldap
}
Auth-Type MS-CHAP {
mschap
}
}
2010/11/23 Paulo Maia phc.m...@gmail.com
Show us your authorize and authenticate session . I had a problem like
that once
Regards ,
On Tue, Nov 23, 2010 at 9:49 AM, Old Eduardo oldedua...@gmail.comwrote:
sorry alan, i understand need to read debug.
But, i see secret in clients and my test radtest user pass ip 0 secret
is corretly.
And my other doubt is in auth type = Local, why local if i put auth type
LDAP in configuration? Only get local ...
Realy sorry for this, but need u help.
Regards,
2010/11/23 Alan DeKok al...@deployingradius.com
Old Eduardo wrote:
but i try to configure this in few weeks and no get sucess.
Ask questions earlier.
Or, read the debug output.
Tue Nov 23 07:37:24 2010 : Debug: WARNING: Unprintable characters
in
the password.Double-check the shared secret on the server and the
NAS!
That message seems pretty clear.
Alan DeKok.
-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
--
Old Eduardo ...
make a difference ...
-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
--
Old Eduardo ...
make a difference ...
-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
--
Old Eduardo ...
make a difference ...
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Freeradius + LDAP auth
ok i found this.
sites-enabled/default
eap auth mode.
2010/11/24 Paulo Maia phc.m...@gmail.com
What auth method u're trying to use ?
EAP/PEAP ?
Regards ,
On Wed, Nov 24, 2010 at 7:52 AM, Old Eduardo oldedua...@gmail.com wrote:
HI Paulo,
Thanks for u reply, see below my authenticate and authorize session.
authorize {
preprocess
mschap
ldap
}
authenticate {
Auth-Type LDAP {
ldap
}
Auth-Type MS-CHAP {
mschap
}
}
2010/11/23 Paulo Maia phc.m...@gmail.com
Show us your authorize and authenticate session . I had a problem like
that once
Regards ,
On Tue, Nov 23, 2010 at 9:49 AM, Old Eduardo oldedua...@gmail.comwrote:
sorry alan, i understand need to read debug.
But, i see secret in clients and my test radtest user pass ip 0 secret
is corretly.
And my other doubt is in auth type = Local, why local if i put auth type
LDAP in configuration? Only get local ...
Realy sorry for this, but need u help.
Regards,
2010/11/23 Alan DeKok al...@deployingradius.com
Old Eduardo wrote:
but i try to configure this in few weeks and no get sucess.
Ask questions earlier.
Or, read the debug output.
Tue Nov 23 07:37:24 2010 : Debug: WARNING: Unprintable characters
in
the password.Double-check the shared secret on the server and the
NAS!
That message seems pretty clear.
Alan DeKok.
-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
--
Old Eduardo ...
make a difference ...
-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
--
Old Eduardo ...
make a difference ...
-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
--
Old Eduardo ...
make a difference ...
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Freeradius + LDAP auth
yes . but i have to include in your authorize and authenticate sessions .
What kind of auth ure trying to get ?
Regards ,
On Wed, Nov 24, 2010 at 8:43 AM, Old Eduardo oldedua...@gmail.com wrote:
where i define this? eap.conf?
sorry, newbie with freeradius.
2010/11/24 Paulo Maia phc.m...@gmail.com
What auth method u're trying to use ?
EAP/PEAP ?
Regards ,
On Wed, Nov 24, 2010 at 7:52 AM, Old Eduardo oldedua...@gmail.comwrote:
HI Paulo,
Thanks for u reply, see below my authenticate and authorize session.
authorize {
preprocess
mschap
ldap
}
authenticate {
Auth-Type LDAP {
ldap
}
Auth-Type MS-CHAP {
mschap
}
}
2010/11/23 Paulo Maia phc.m...@gmail.com
Show us your authorize and authenticate session . I had a problem like
that once
Regards ,
On Tue, Nov 23, 2010 at 9:49 AM, Old Eduardo oldedua...@gmail.comwrote:
sorry alan, i understand need to read debug.
But, i see secret in clients and my test radtest user pass ip 0 secret
is corretly.
And my other doubt is in auth type = Local, why local if i put auth
type LDAP in configuration? Only get local ...
Realy sorry for this, but need u help.
Regards,
2010/11/23 Alan DeKok al...@deployingradius.com
Old Eduardo wrote:
but i try to configure this in few weeks and no get sucess.
Ask questions earlier.
Or, read the debug output.
Tue Nov 23 07:37:24 2010 : Debug: WARNING: Unprintable characters
in
the password.Double-check the shared secret on the server and
the NAS!
That message seems pretty clear.
Alan DeKok.
-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
--
Old Eduardo ...
make a difference ...
-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
--
Old Eduardo ...
make a difference ...
-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
--
Old Eduardo ...
make a difference ...
-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Freeradius + LDAP auth
It works ?
On Wed, Nov 24, 2010 at 8:47 AM, Old Eduardo oldedua...@gmail.com wrote:
ok i found this.
sites-enabled/default
eap auth mode.
2010/11/24 Paulo Maia phc.m...@gmail.com
What auth method u're trying to use ?
EAP/PEAP ?
Regards ,
On Wed, Nov 24, 2010 at 7:52 AM, Old Eduardo oldedua...@gmail.comwrote:
HI Paulo,
Thanks for u reply, see below my authenticate and authorize session.
authorize {
preprocess
mschap
ldap
}
authenticate {
Auth-Type LDAP {
ldap
}
Auth-Type MS-CHAP {
mschap
}
}
2010/11/23 Paulo Maia phc.m...@gmail.com
Show us your authorize and authenticate session . I had a problem like
that once
Regards ,
On Tue, Nov 23, 2010 at 9:49 AM, Old Eduardo oldedua...@gmail.comwrote:
sorry alan, i understand need to read debug.
But, i see secret in clients and my test radtest user pass ip 0 secret
is corretly.
And my other doubt is in auth type = Local, why local if i put auth
type LDAP in configuration? Only get local ...
Realy sorry for this, but need u help.
Regards,
2010/11/23 Alan DeKok al...@deployingradius.com
Old Eduardo wrote:
but i try to configure this in few weeks and no get sucess.
Ask questions earlier.
Or, read the debug output.
Tue Nov 23 07:37:24 2010 : Debug: WARNING: Unprintable characters
in
the password.Double-check the shared secret on the server and
the NAS!
That message seems pretty clear.
Alan DeKok.
-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
--
Old Eduardo ...
make a difference ...
-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
--
Old Eduardo ...
make a difference ...
-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
--
Old Eduardo ...
make a difference ...
-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Freeradius + LDAP auth
I read in many sites, for get ldap auth need mschap, its true?
i try mschap.
2010/11/24 Paulo Maia phc.m...@gmail.com
yes . but i have to include in your authorize and authenticate sessions .
What kind of auth ure trying to get ?
Regards ,
On Wed, Nov 24, 2010 at 8:43 AM, Old Eduardo oldedua...@gmail.com wrote:
where i define this? eap.conf?
sorry, newbie with freeradius.
2010/11/24 Paulo Maia phc.m...@gmail.com
What auth method u're trying to use ?
EAP/PEAP ?
Regards ,
On Wed, Nov 24, 2010 at 7:52 AM, Old Eduardo oldedua...@gmail.comwrote:
HI Paulo,
Thanks for u reply, see below my authenticate and authorize session.
authorize {
preprocess
mschap
ldap
}
authenticate {
Auth-Type LDAP {
ldap
}
Auth-Type MS-CHAP {
mschap
}
}
2010/11/23 Paulo Maia phc.m...@gmail.com
Show us your authorize and authenticate session . I had a problem like
that once
Regards ,
On Tue, Nov 23, 2010 at 9:49 AM, Old Eduardo oldedua...@gmail.comwrote:
sorry alan, i understand need to read debug.
But, i see secret in clients and my test radtest user pass ip 0 secret
is corretly.
And my other doubt is in auth type = Local, why local if i put auth
type LDAP in configuration? Only get local ...
Realy sorry for this, but need u help.
Regards,
2010/11/23 Alan DeKok al...@deployingradius.com
Old Eduardo wrote:
but i try to configure this in few weeks and no get sucess.
Ask questions earlier.
Or, read the debug output.
Tue Nov 23 07:37:24 2010 : Debug: WARNING: Unprintable characters
in
the password.Double-check the shared secret on the server and
the NAS!
That message seems pretty clear.
Alan DeKok.
-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
--
Old Eduardo ...
make a difference ...
-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
--
Old Eduardo ...
make a difference ...
-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
--
Old Eduardo ...
make a difference ...
-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
--
Old Eduardo ...
make a difference ...
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Freeradius + LDAP auth
no :(
in debug only appears auth type Local
see:
Wed Nov 24 08:30:54 2010 : Debug: +- entering group authorize
Wed Nov 24 08:30:54 2010 : Debug: modsingle[authorize]: calling preprocess
(rlm_preprocess) for request 0
Wed Nov 24 08:30:54 2010 : Debug: modsingle[authorize]: returned from
preprocess (rlm_preprocess) for request 0
Wed Nov 24 08:30:54 2010 : Debug: ++[preprocess] returns ok
Wed Nov 24 08:30:54 2010 : Debug: modsingle[authorize]: calling mschap
(rlm_mschap) for request 0
Wed Nov 24 08:30:54 2010 : Debug: modsingle[authorize]: returned from
mschap (rlm_mschap) for request 0
Wed Nov 24 08:30:54 2010 : Debug: ++[mschap] returns noop
Wed Nov 24 08:30:54 2010 : Debug: modsingle[authorize]: calling ldap
(rlm_ldap) for request 0
Wed Nov 24 08:30:54 2010 : Debug: rlm_ldap: - authorize
Wed Nov 24 08:30:54 2010 : Debug: rlm_ldap: performing user authorization
for ipe-dp
Wed Nov 24 08:30:54 2010 : Debug: WARNING: Deprecated conditional expansion
:-. See man unlang for details
Wed Nov 24 08:30:54 2010 : Debug: expand:
(uid=%{Stripped-User-Name:-%{User-Name}}) - (uid=ipe-dp)
Wed Nov 24 08:30:54 2010 : Debug: expand:
dc=policiacivil,dc=rs,dc=gov,dc=br - dc=policiacivil,dc=rs,dc=gov,dc=br
Wed Nov 24 08:30:54 2010 : Debug: rlm_ldap: ldap_get_conn: Checking Id: 0
Wed Nov 24 08:30:54 2010 : Debug: rlm_ldap: ldap_get_conn: Got Id: 0
Wed Nov 24 08:30:54 2010 : Debug: rlm_ldap: attempting LDAP reconnection
Wed Nov 24 08:30:54 2010 : Debug: rlm_ldap: (re)connect to ldap.intra
proxy.intra localhost:389, authentication 0
Wed Nov 24 08:30:54 2010 : Debug: rlm_ldap: bind as
uid=vpnpptp,ou=sistemas,dc=policiacivil,dc=rs,dc=gov,dc=br/dfjk129!@ to
ldap.intra proxy.intra localhost:389
Wed Nov 24 08:30:54 2010 : Debug: rlm_ldap: waiting for bind result ...
Wed Nov 24 08:30:54 2010 : Debug: rlm_ldap: Bind was successful
Wed Nov 24 08:30:54 2010 : Debug: rlm_ldap: performing search in
dc=policiacivil,dc=rs,dc=gov,dc=br, with filter (uid=ipe-dp)
Wed Nov 24 08:30:54 2010 : Debug: rlm_ldap: Added User-Password =
{SSHA}dd3MzvDRyDeyeuDkPTy391H3FX2vynZl in check items
Wed Nov 24 08:30:54 2010 : Debug: rlm_ldap: No default NMAS login sequence
Wed Nov 24 08:30:54 2010 : Debug: rlm_ldap: looking for check items in
directory...
Wed Nov 24 08:30:54 2010 : Debug: rlm_ldap: LDAP attribute userpassword as
RADIUS attribute Cleartext-Password ==
{SSHA}dd3MzvDRyDeyeuDkPTy391H3FX2vynZl
Wed Nov 24 08:30:54 2010 : Debug: rlm_ldap: LDAP attribute sambaNtPassword
as RADIUS attribute NT-Password ==
0x3244413944423342333039463632333434374232384536393635374142333642
Wed Nov 24 08:30:54 2010 : Debug: rlm_ldap: LDAP attribute sambaLmPassword
as RADIUS attribute LM-Password ==
0x3845433036323546444141393630353041414433423433354235313430344545
Wed Nov 24 08:30:54 2010 : Debug: rlm_ldap: looking for reply items in
directory...
Wed Nov 24 08:30:54 2010 : Debug: rlm_ldap: user ipe-dp authorized to use
remote access
Wed Nov 24 08:30:54 2010 : Debug: rlm_ldap: ldap_release_conn: Release Id: 0
Wed Nov 24 08:30:54 2010 : Debug: modsingle[authorize]: returned from ldap
(rlm_ldap) for request 0
Wed Nov 24 08:30:54 2010 : Debug: ++[ldap] returns ok
Wed Nov 24 08:30:54 2010 : Debug: auth: type Local
Wed Nov 24 08:30:54 2010 : Debug: auth: user supplied User-Password does NOT
match local User-Password
Wed Nov 24 08:30:54 2010 : Debug: auth: Failed to validate the user.
Wed Nov 24 08:30:54 2010 : Auth: Login incorrect:
[ipe-dp/\367ҿb5�?\327H6*c\244:\301\245] (from client localhost port 0)
Wed Nov 24 08:30:54 2010 : Debug: WARNING: Unprintable characters in the
password.Double-check the shared secret on the server and the NAS!
Wed Nov 24 08:30:54 2010 : Debug: Delaying reject of request 0 for 1 seconds
Wed Nov 24 08:30:54 2010 : Debug: Going to the next request
Wed Nov 24 08:30:54 2010 : Debug: Waking up in 0.9 seconds.
Wed Nov 24 08:30:55 2010 : Debug: Sending delayed reject for request 0
Sending Access-Reject of id 78 to 127.0.0.1 port 58611
Wed Nov 24 08:30:55 2010 : Debug: Waking up in 4.9 seconds.
rad_recv: Access-Reject packet from host 127.0.0.1 port 1812, id=78,
length=20
rad_verify: Received Access-Reject packet from client 127.0.0.1 port 1812
with invalid signature (err=2)! (Shared secret is incorrect.)
^Cdebian:/etc/freeradius/sites-enabled# Wed Nov 24 08:31:00 2010 : Debug:
Cleaning up request 0 ID 78 with timestamp +5
ty for u help.
2010/11/24 Paulo Maia phc.m...@gmail.com
It works ?
On Wed, Nov 24, 2010 at 8:47 AM, Old Eduardo oldedua...@gmail.com wrote:
ok i found this.
sites-enabled/default
eap auth mode.
2010/11/24 Paulo Maia phc.m...@gmail.com
What auth method u're trying to use ?
EAP/PEAP ?
Regards ,
On Wed, Nov 24, 2010 at 7:52 AM, Old Eduardo oldedua...@gmail.comwrote:
HI Paulo,
Thanks for u reply, see below my authenticate and authorize session.
authorize {
preprocess
mschap
ldap
}
authenticate {
Auth-Type LDAP {
ldap
}
Re: Freeradius + LDAP auth
Do u have NT e LM passowrd attributes in ur LDAP database ? coz if u do u
could try to use EAP/PEAP .
Its easier for windows clients .
Regards ,
On Wed, Nov 24, 2010 at 9:26 AM, Old Eduardo oldedua...@gmail.com wrote:
I read in many sites, for get ldap auth need mschap, its true?
i try mschap.
2010/11/24 Paulo Maia phc.m...@gmail.com
yes . but i have to include in your authorize and authenticate sessions .
What kind of auth ure trying to get ?
Regards ,
On Wed, Nov 24, 2010 at 8:43 AM, Old Eduardo oldedua...@gmail.comwrote:
where i define this? eap.conf?
sorry, newbie with freeradius.
2010/11/24 Paulo Maia phc.m...@gmail.com
What auth method u're trying to use ?
EAP/PEAP ?
Regards ,
On Wed, Nov 24, 2010 at 7:52 AM, Old Eduardo oldedua...@gmail.comwrote:
HI Paulo,
Thanks for u reply, see below my authenticate and authorize session.
authorize {
preprocess
mschap
ldap
}
authenticate {
Auth-Type LDAP {
ldap
}
Auth-Type MS-CHAP {
mschap
}
}
2010/11/23 Paulo Maia phc.m...@gmail.com
Show us your authorize and authenticate session . I had a problem like
that once
Regards ,
On Tue, Nov 23, 2010 at 9:49 AM, Old Eduardo oldedua...@gmail.comwrote:
sorry alan, i understand need to read debug.
But, i see secret in clients and my test radtest user pass ip 0
secret is corretly.
And my other doubt is in auth type = Local, why local if i put auth
type LDAP in configuration? Only get local ...
Realy sorry for this, but need u help.
Regards,
2010/11/23 Alan DeKok al...@deployingradius.com
Old Eduardo wrote:
but i try to configure this in few weeks and no get sucess.
Ask questions earlier.
Or, read the debug output.
Tue Nov 23 07:37:24 2010 : Debug: WARNING: Unprintable
characters in
the password.Double-check the shared secret on the server and
the NAS!
That message seems pretty clear.
Alan DeKok.
-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
--
Old Eduardo ...
make a difference ...
-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
--
Old Eduardo ...
make a difference ...
-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
--
Old Eduardo ...
make a difference ...
-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
--
Old Eduardo ...
make a difference ...
-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Freeradius + LDAP auth
comment everything the users file .
Brasileiro mano ?
On Wed, Nov 24, 2010 at 9:31 AM, Old Eduardo oldedua...@gmail.com wrote:
no :(
in debug only appears auth type Local
see:
Wed Nov 24 08:30:54 2010 : Debug: +- entering group authorize
Wed Nov 24 08:30:54 2010 : Debug: modsingle[authorize]: calling
preprocess (rlm_preprocess) for request 0
Wed Nov 24 08:30:54 2010 : Debug: modsingle[authorize]: returned from
preprocess (rlm_preprocess) for request 0
Wed Nov 24 08:30:54 2010 : Debug: ++[preprocess] returns ok
Wed Nov 24 08:30:54 2010 : Debug: modsingle[authorize]: calling mschap
(rlm_mschap) for request 0
Wed Nov 24 08:30:54 2010 : Debug: modsingle[authorize]: returned from
mschap (rlm_mschap) for request 0
Wed Nov 24 08:30:54 2010 : Debug: ++[mschap] returns noop
Wed Nov 24 08:30:54 2010 : Debug: modsingle[authorize]: calling ldap
(rlm_ldap) for request 0
Wed Nov 24 08:30:54 2010 : Debug: rlm_ldap: - authorize
Wed Nov 24 08:30:54 2010 : Debug: rlm_ldap: performing user authorization
for ipe-dp
Wed Nov 24 08:30:54 2010 : Debug: WARNING: Deprecated conditional expansion
:-. See man unlang for details
Wed Nov 24 08:30:54 2010 : Debug: expand:
(uid=%{Stripped-User-Name:-%{User-Name}}) - (uid=ipe-dp)
Wed Nov 24 08:30:54 2010 : Debug: expand:
dc=policiacivil,dc=rs,dc=gov,dc=br - dc=policiacivil,dc=rs,dc=gov,dc=br
Wed Nov 24 08:30:54 2010 : Debug: rlm_ldap: ldap_get_conn: Checking Id: 0
Wed Nov 24 08:30:54 2010 : Debug: rlm_ldap: ldap_get_conn: Got Id: 0
Wed Nov 24 08:30:54 2010 : Debug: rlm_ldap: attempting LDAP reconnection
Wed Nov 24 08:30:54 2010 : Debug: rlm_ldap: (re)connect to ldap.intra
proxy.intra localhost:389, authentication 0
Wed Nov 24 08:30:54 2010 : Debug: rlm_ldap: bind as
uid=vpnpptp,ou=sistemas,dc=policiacivil,dc=rs,dc=gov,dc=br/dfjk129!@ to
ldap.intra proxy.intra localhost:389
Wed Nov 24 08:30:54 2010 : Debug: rlm_ldap: waiting for bind result ...
Wed Nov 24 08:30:54 2010 : Debug: rlm_ldap: Bind was successful
Wed Nov 24 08:30:54 2010 : Debug: rlm_ldap: performing search in
dc=policiacivil,dc=rs,dc=gov,dc=br, with filter (uid=ipe-dp)
Wed Nov 24 08:30:54 2010 : Debug: rlm_ldap: Added User-Password =
{SSHA}dd3MzvDRyDeyeuDkPTy391H3FX2vynZl in check items
Wed Nov 24 08:30:54 2010 : Debug: rlm_ldap: No default NMAS login sequence
Wed Nov 24 08:30:54 2010 : Debug: rlm_ldap: looking for check items in
directory...
Wed Nov 24 08:30:54 2010 : Debug: rlm_ldap: LDAP attribute userpassword as
RADIUS attribute Cleartext-Password ==
{SSHA}dd3MzvDRyDeyeuDkPTy391H3FX2vynZl
Wed Nov 24 08:30:54 2010 : Debug: rlm_ldap: LDAP attribute sambaNtPassword
as RADIUS attribute NT-Password ==
0x3244413944423342333039463632333434374232384536393635374142333642
Wed Nov 24 08:30:54 2010 : Debug: rlm_ldap: LDAP attribute sambaLmPassword
as RADIUS attribute LM-Password ==
0x3845433036323546444141393630353041414433423433354235313430344545
Wed Nov 24 08:30:54 2010 : Debug: rlm_ldap: looking for reply items in
directory...
Wed Nov 24 08:30:54 2010 : Debug: rlm_ldap: user ipe-dp authorized to use
remote access
Wed Nov 24 08:30:54 2010 : Debug: rlm_ldap: ldap_release_conn: Release Id:
0
Wed Nov 24 08:30:54 2010 : Debug: modsingle[authorize]: returned from
ldap (rlm_ldap) for request 0
Wed Nov 24 08:30:54 2010 : Debug: ++[ldap] returns ok
Wed Nov 24 08:30:54 2010 : Debug: auth: type Local
Wed Nov 24 08:30:54 2010 : Debug: auth: user supplied User-Password does
NOT match local User-Password
Wed Nov 24 08:30:54 2010 : Debug: auth: Failed to validate the user.
Wed Nov 24 08:30:54 2010 : Auth: Login incorrect:
[ipe-dp/\367ҿb5�?\327H6*c\244:\301\245] (from client localhost port 0)
Wed Nov 24 08:30:54 2010 : Debug: WARNING: Unprintable characters in the
password.Double-check the shared secret on the server and the NAS!
Wed Nov 24 08:30:54 2010 : Debug: Delaying reject of request 0 for 1
seconds
Wed Nov 24 08:30:54 2010 : Debug: Going to the next request
Wed Nov 24 08:30:54 2010 : Debug: Waking up in 0.9 seconds.
Wed Nov 24 08:30:55 2010 : Debug: Sending delayed reject for request 0
Sending Access-Reject of id 78 to 127.0.0.1 port 58611
Wed Nov 24 08:30:55 2010 : Debug: Waking up in 4.9 seconds.
rad_recv: Access-Reject packet from host 127.0.0.1 port 1812, id=78,
length=20
rad_verify: Received Access-Reject packet from client 127.0.0.1 port 1812
with invalid signature (err=2)! (Shared secret is incorrect.)
^Cdebian:/etc/freeradius/sites-enabled# Wed Nov 24 08:31:00 2010 : Debug:
Cleaning up request 0 ID 78 with timestamp +5
ty for u help.
2010/11/24 Paulo Maia phc.m...@gmail.com
It works ?
On Wed, Nov 24, 2010 at 8:47 AM, Old Eduardo oldedua...@gmail.comwrote:
ok i found this.
sites-enabled/default
eap auth mode.
2010/11/24 Paulo Maia phc.m...@gmail.com
What auth method u're trying to use ?
EAP/PEAP ?
Regards ,
On Wed, Nov 24, 2010 at 7:52 AM, Old Eduardo oldedua...@gmail.comwrote:
HI Paulo,
Thanks for u
Re: Freeradius + LDAP auth
Old Eduardo wrote:
no :(
in debug only appears auth type Local
Stop wasting your time.
You have NOT configured the server correctly, and you have NOT
followed instructions on this list.
see:
Wed Nov 24 08:30:54 2010 : Debug: +- entering group authorize
You've used radiusd -Xx. The FAQ, INSTALL, man page, and messages
daily on this list say to use radiusd -X. This should be easy to do.
Wed Nov 24 08:30:54 2010 : Debug: rlm_ldap: LDAP attribute userpassword
as RADIUS attribute Cleartext-Password ==
{SSHA}dd3MzvDRyDeyeuDkPTy391H3FX2vynZl
This is wrong on many, many, levels. The password is a SSHA password,
not a Cleartext-Password. You've edited the ldap.attrmap file to add
the *wrong* information in it.
Wed Nov 24 08:30:54 2010 : Debug: auth: type Local
Wed Nov 24 08:30:54 2010 : Debug: auth: user supplied User-Password does
NOT match local User-Password
Given your broken configuration, this is to be expected.
Wed Nov 24 08:30:54 2010 : Debug: auth: Failed to validate the user.
Wed Nov 24 08:30:54 2010 : Auth: Login incorrect:
[ipe-dp/\367ҿb5�?\327H6*c\244:\301\245] (from client localhost port 0)
Wed Nov 24 08:30:54 2010 : Debug: WARNING: Unprintable characters in
the password.Double-check the shared secret on the server and the NAS!
You were told to fix this problem. Read the error message. It's not
hard to understand.
Until you fix your system, authentication will *always* fail.
The cause of the problem is simple and obvious. Even worse, you've
been told how to fix it. So far, you've refused to follow instructions.
If you're not going to follow the instructions given on this list,
there is *no* reason to ask questions here.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Freeradius + LDAP auth
yes i have.
2010/11/24 Paulo Maia phc.m...@gmail.com
Do u have NT e LM passowrd attributes in ur LDAP database ? coz if u do u
could try to use EAP/PEAP .
Its easier for windows clients .
Regards ,
On Wed, Nov 24, 2010 at 9:26 AM, Old Eduardo oldedua...@gmail.com wrote:
I read in many sites, for get ldap auth need mschap, its true?
i try mschap.
2010/11/24 Paulo Maia phc.m...@gmail.com
yes . but i have to include in your authorize and authenticate sessions .
What kind of auth ure trying to get ?
Regards ,
On Wed, Nov 24, 2010 at 8:43 AM, Old Eduardo oldedua...@gmail.comwrote:
where i define this? eap.conf?
sorry, newbie with freeradius.
2010/11/24 Paulo Maia phc.m...@gmail.com
What auth method u're trying to use ?
EAP/PEAP ?
Regards ,
On Wed, Nov 24, 2010 at 7:52 AM, Old Eduardo oldedua...@gmail.comwrote:
HI Paulo,
Thanks for u reply, see below my authenticate and authorize session.
authorize {
preprocess
mschap
ldap
}
authenticate {
Auth-Type LDAP {
ldap
}
Auth-Type MS-CHAP {
mschap
}
}
2010/11/23 Paulo Maia phc.m...@gmail.com
Show us your authorize and authenticate session . I had a problem like
that once
Regards ,
On Tue, Nov 23, 2010 at 9:49 AM, Old Eduardo
oldedua...@gmail.comwrote:
sorry alan, i understand need to read debug.
But, i see secret in clients and my test radtest user pass ip 0
secret is corretly.
And my other doubt is in auth type = Local, why local if i put auth
type LDAP in configuration? Only get local ...
Realy sorry for this, but need u help.
Regards,
2010/11/23 Alan DeKok al...@deployingradius.com
Old Eduardo wrote:
but i try to configure this in few weeks and no get sucess.
Ask questions earlier.
Or, read the debug output.
Tue Nov 23 07:37:24 2010 : Debug: WARNING: Unprintable
characters in
the password.Double-check the shared secret on the server and
the NAS!
That message seems pretty clear.
Alan DeKok.
-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
--
Old Eduardo ...
make a difference ...
-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
--
Old Eduardo ...
make a difference ...
-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
--
Old Eduardo ...
make a difference ...
-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
--
Old Eduardo ...
make a difference ...
-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
--
Old Eduardo ...
make a difference ...
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Freeradius + LDAP auth
Paulo Maia wrote: comment everything the users file . Wrong answers make life difficult for everyone. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Freeradius + LDAP auth
Opa e ae blz?
Vou fazer isso amanha, te mandei para teu email todo o diretorio do
freeradius para voce dar uma olhada nos confs, estou ha 3 semanas tentando
fazer essa implementacao e nao consigo cara.
amanha de manha vou la tentar denovo.
obrigado pela forca.
2010/11/24 Paulo Maia phc.m...@gmail.com
comment everything the users file .
Brasileiro mano ?
On Wed, Nov 24, 2010 at 9:31 AM, Old Eduardo oldedua...@gmail.com wrote:
no :(
in debug only appears auth type Local
see:
Wed Nov 24 08:30:54 2010 : Debug: +- entering group authorize
Wed Nov 24 08:30:54 2010 : Debug: modsingle[authorize]: calling
preprocess (rlm_preprocess) for request 0
Wed Nov 24 08:30:54 2010 : Debug: modsingle[authorize]: returned from
preprocess (rlm_preprocess) for request 0
Wed Nov 24 08:30:54 2010 : Debug: ++[preprocess] returns ok
Wed Nov 24 08:30:54 2010 : Debug: modsingle[authorize]: calling mschap
(rlm_mschap) for request 0
Wed Nov 24 08:30:54 2010 : Debug: modsingle[authorize]: returned from
mschap (rlm_mschap) for request 0
Wed Nov 24 08:30:54 2010 : Debug: ++[mschap] returns noop
Wed Nov 24 08:30:54 2010 : Debug: modsingle[authorize]: calling ldap
(rlm_ldap) for request 0
Wed Nov 24 08:30:54 2010 : Debug: rlm_ldap: - authorize
Wed Nov 24 08:30:54 2010 : Debug: rlm_ldap: performing user authorization
for ipe-dp
Wed Nov 24 08:30:54 2010 : Debug: WARNING: Deprecated conditional
expansion :-. See man unlang for details
Wed Nov 24 08:30:54 2010 : Debug: expand:
(uid=%{Stripped-User-Name:-%{User-Name}}) - (uid=ipe-dp)
Wed Nov 24 08:30:54 2010 : Debug: expand:
dc=policiacivil,dc=rs,dc=gov,dc=br - dc=policiacivil,dc=rs,dc=gov,dc=br
Wed Nov 24 08:30:54 2010 : Debug: rlm_ldap: ldap_get_conn: Checking Id: 0
Wed Nov 24 08:30:54 2010 : Debug: rlm_ldap: ldap_get_conn: Got Id: 0
Wed Nov 24 08:30:54 2010 : Debug: rlm_ldap: attempting LDAP reconnection
Wed Nov 24 08:30:54 2010 : Debug: rlm_ldap: (re)connect to ldap.intra
proxy.intra localhost:389, authentication 0
Wed Nov 24 08:30:54 2010 : Debug: rlm_ldap: bind as
uid=vpnpptp,ou=sistemas,dc=policiacivil,dc=rs,dc=gov,dc=br/dfjk129!@ to
ldap.intra proxy.intra localhost:389
Wed Nov 24 08:30:54 2010 : Debug: rlm_ldap: waiting for bind result ...
Wed Nov 24 08:30:54 2010 : Debug: rlm_ldap: Bind was successful
Wed Nov 24 08:30:54 2010 : Debug: rlm_ldap: performing search in
dc=policiacivil,dc=rs,dc=gov,dc=br, with filter (uid=ipe-dp)
Wed Nov 24 08:30:54 2010 : Debug: rlm_ldap: Added User-Password =
{SSHA}dd3MzvDRyDeyeuDkPTy391H3FX2vynZl in check items
Wed Nov 24 08:30:54 2010 : Debug: rlm_ldap: No default NMAS login sequence
Wed Nov 24 08:30:54 2010 : Debug: rlm_ldap: looking for check items in
directory...
Wed Nov 24 08:30:54 2010 : Debug: rlm_ldap: LDAP attribute userpassword as
RADIUS attribute Cleartext-Password ==
{SSHA}dd3MzvDRyDeyeuDkPTy391H3FX2vynZl
Wed Nov 24 08:30:54 2010 : Debug: rlm_ldap: LDAP attribute sambaNtPassword
as RADIUS attribute NT-Password ==
0x3244413944423342333039463632333434374232384536393635374142333642
Wed Nov 24 08:30:54 2010 : Debug: rlm_ldap: LDAP attribute sambaLmPassword
as RADIUS attribute LM-Password ==
0x3845433036323546444141393630353041414433423433354235313430344545
Wed Nov 24 08:30:54 2010 : Debug: rlm_ldap: looking for reply items in
directory...
Wed Nov 24 08:30:54 2010 : Debug: rlm_ldap: user ipe-dp authorized to use
remote access
Wed Nov 24 08:30:54 2010 : Debug: rlm_ldap: ldap_release_conn: Release Id:
0
Wed Nov 24 08:30:54 2010 : Debug: modsingle[authorize]: returned from
ldap (rlm_ldap) for request 0
Wed Nov 24 08:30:54 2010 : Debug: ++[ldap] returns ok
Wed Nov 24 08:30:54 2010 : Debug: auth: type Local
Wed Nov 24 08:30:54 2010 : Debug: auth: user supplied User-Password does
NOT match local User-Password
Wed Nov 24 08:30:54 2010 : Debug: auth: Failed to validate the user.
Wed Nov 24 08:30:54 2010 : Auth: Login incorrect:
[ipe-dp/\367ҿb5�?\327H6*c\244:\301\245] (from client localhost port 0)
Wed Nov 24 08:30:54 2010 : Debug: WARNING: Unprintable characters in the
password.Double-check the shared secret on the server and the NAS!
Wed Nov 24 08:30:54 2010 : Debug: Delaying reject of request 0 for 1
seconds
Wed Nov 24 08:30:54 2010 : Debug: Going to the next request
Wed Nov 24 08:30:54 2010 : Debug: Waking up in 0.9 seconds.
Wed Nov 24 08:30:55 2010 : Debug: Sending delayed reject for request 0
Sending Access-Reject of id 78 to 127.0.0.1 port 58611
Wed Nov 24 08:30:55 2010 : Debug: Waking up in 4.9 seconds.
rad_recv: Access-Reject packet from host 127.0.0.1 port 1812, id=78,
length=20
rad_verify: Received Access-Reject packet from client 127.0.0.1 port 1812
with invalid signature (err=2)! (Shared secret is incorrect.)
^Cdebian:/etc/freeradius/sites-enabled# Wed Nov 24 08:31:00 2010 : Debug:
Cleaning up request 0 ID 78 with timestamp +5
ty for u help.
2010/11/24 Paulo Maia phc.m...@gmail.com
It works ?
On Wed, Nov 24, 2010 at 8:47
Re: Freeradius + LDAP auth
Old Eduardo wrote: but i try to configure this in few weeks and no get sucess. Ask questions earlier. Or, read the debug output. Tue Nov 23 07:37:24 2010 : Debug: WARNING: Unprintable characters in the password.Double-check the shared secret on the server and the NAS! That message seems pretty clear. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Freeradius + LDAP auth
sorry alan, i understand need to read debug. But, i see secret in clients and my test radtest user pass ip 0 secret is corretly. And my other doubt is in auth type = Local, why local if i put auth type LDAP in configuration? Only get local ... Realy sorry for this, but need u help. Regards, 2010/11/23 Alan DeKok al...@deployingradius.com Old Eduardo wrote: but i try to configure this in few weeks and no get sucess. Ask questions earlier. Or, read the debug output. Tue Nov 23 07:37:24 2010 : Debug: WARNING: Unprintable characters in the password.Double-check the shared secret on the server and the NAS! That message seems pretty clear. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- Old Eduardo ... make a difference ... - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Freeradius + LDAP auth
Show us your authorize and authenticate session . I had a problem like that once Regards , On Tue, Nov 23, 2010 at 9:49 AM, Old Eduardo oldedua...@gmail.com wrote: sorry alan, i understand need to read debug. But, i see secret in clients and my test radtest user pass ip 0 secret is corretly. And my other doubt is in auth type = Local, why local if i put auth type LDAP in configuration? Only get local ... Realy sorry for this, but need u help. Regards, 2010/11/23 Alan DeKok al...@deployingradius.com Old Eduardo wrote: but i try to configure this in few weeks and no get sucess. Ask questions earlier. Or, read the debug output. Tue Nov 23 07:37:24 2010 : Debug: WARNING: Unprintable characters in the password.Double-check the shared secret on the server and the NAS! That message seems pretty clear. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- Old Eduardo ... make a difference ... - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Freeradius + LDAP auth
Old Eduardo wrote: sorry alan, i understand need to read debug. But, i see secret in clients and my test radtest user pass ip 0 secret is corretly. That uses a *different* secret, as the packet is coming from a different IP address. i.e. you can either fix the secret as suggested by the message and my emails, or you can *not* fix the secret, and continue to have problems. And my other doubt is in auth type = Local, why local if i put auth type LDAP in configuration? Only get local ... The debug log should make this clear. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: freeRadius LDAP auth using WPA-EAP on 802.11
Hello, How do I fix the supplicant problem, Suggested by you? José Campos -Mensagem original- De: freeradius-users-bounces+jjscampos=gmail@lists.freeradius.org [mailto:freeradius-users-bounces+jjscampos=gmail@lists.freeradius.org] Em nome de Alan DeKok Enviada: quinta-feira, 28 de Janeiro de 2010 20:24 Para: FreeRadius users mailing list Assunto: Re: freeRadius LDAP auth using WPA-EAP on 802.11 José Campos wrote: I have my AP configure to use WPA-EAP and pointing to my radius server. [eap] processing type md5 You can't use EAP-MD5 for wireless. rlm_eap_md5: Issuing Challenge ++[eap] returns handled Sending Access-Challenge of id 0 to 192.168.70.70 port 1026 EAP-Message = 0x010100160410f14661baee3d7327186dd431deff0370 Message-Authenticator = 0x State = 0x38f703bb38f607a3224364ff73a6f80d Finished request 1. If the supplicant never responds to that, then the supplicant is broken. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: freeRadius LDAP auth using WPA-EAP on 802.11
José Campos wrote: What do you sugest. Diable md5 on eap or not using eap? Use an EAP method that works with an AP: PEAP, TTLS, ... Sorry, I'm not very familiar with this subject. Can't I still use WPA-EAP on my AP? Yes... there are millions of people using that. It's not hard. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: freeRadius LDAP auth using WPA-EAP on 802.11
Sorry bother you once more. Can you please specify which files and option must I change exactly... José Campos -Mensagem original- De: freeradius-users-bounces+jjscampos=gmail@lists.freeradius.org [mailto:freeradius-users-bounces+jjscampos=gmail@lists.freeradius.org] Em nome de Alan DeKok Enviada: sexta-feira, 29 de Janeiro de 2010 11:51 Para: FreeRadius users mailing list Assunto: Re: freeRadius LDAP auth using WPA-EAP on 802.11 José Campos wrote: What do you sugest. Diable md5 on eap or not using eap? Use an EAP method that works with an AP: PEAP, TTLS, ... Sorry, I'm not very familiar with this subject. Can't I still use WPA-EAP on my AP? Yes... there are millions of people using that. It's not hard. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: freeRadius LDAP auth using WPA-EAP on 802.11
José Campos wrote: I have my AP configure to use WPA-EAP and pointing to my radius server. [eap] processing type md5 You can't use EAP-MD5 for wireless. rlm_eap_md5: Issuing Challenge ++[eap] returns handled Sending Access-Challenge of id 0 to 192.168.70.70 port 1026 EAP-Message = 0x010100160410f14661baee3d7327186dd431deff0370 Message-Authenticator = 0x State = 0x38f703bb38f607a3224364ff73a6f80d Finished request 1. If the supplicant never responds to that, then the supplicant is broken. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
