Re: Problems with 802.1x auth and Windows domain logon

PEAP gives the opportunity to solve this problem, but maybe there's an option in the windows 802.1x client that, if checked, passes the logon information...I thinks it's like Use computer information if available(?). Hope this helps... Michael Schwartzkopff wrote: we set up a system for 802.1x

EAP-LEAP failure

Hello! I'm trying to restrict client access to my access point by radius using EAP. It seems to work fine up tp Stage 4, where it sends Access-Challenge. After that everything seems to fail. I've included a dump of radius chat, radiusd debug output and my radiusd.conf Thanks in advance for any

Re: FreeRADIUS + MySQL +EAP-TLS

So, it will reject users that is not in the /etc/raddb/users file? Regards, ro0ot NGUYEN Tuan Anh wrote: It works!! Thank you very much Artur!! Ciao Artur Hecker wrote: hi ok, that's a bit messy though. take a look at the mysql config and the queries mentioned in the sql.conf file. see also the

Re: FreeRADIUS + MySQL +EAP-TLS

It works!! Thank you very much Artur!! Ciao Artur Hecker wrote: hi ok, that's a bit messy though. take a look at the mysql config and the queries mentioned in the sql.conf file. see also the default profile. play with it and its options and add an Auth-Type := Reject to the default profile.

Re: FreeRADIUS and mschapv2 problems

On Thu, May 27, 2004 at 09:36:18PM -0500, Michael Griego wrote: Try the attached patch to the sha1.c file and see if that takes care of the problem. I've been working and coding on this all night, and I might have an answer. Seems that endianess isn't an issue - more probably the SHA1 code and

peap and xp client

hi i m trying to configure peap with xp clients i ve differents problems : first when i click properties for peap for a dell true mobile i have an error of windows ( explorer.exe send to microsoft etc ) if someone has had this problem ( i have all the services packs and hotfixes ) seconf

Re: rlm_eap_leap: No User-Password or NT-Password configured for this user

On Thu, 27 May 2004, Joseph Silvin wrote: Hi, I am not putting the brackets. It is coming automatically. So use rlm_attr_rewrite to cut them off. Also, just check this link and tell me does it have any bearing on what we are trying to achieve.

Re: Help with Counter module

On Thu, 27 May 2004, Jean-Marie GUILLEMOT wrote: Hello everybody, I'm using Freeradius 0.9.3 on a RedHat 7.3. I'm trying to make a kind of hot spot thanks to the counter module of freeradius. I want people to authenticate one time for a defined amount of seconds (120 in my example).

Re: FreeRADIUS + MySQL +EAP-TLS

Hi ro0ot, Actually, I don't use users files, all users' information is kept in MySQL, the serveur will send a Acess-reject if the user is not in the DataBase Regards, ro0ot wrote: So, it will reject users that is not in the /etc/raddb/users file? Regards, ro0ot NGUYEN Tuan Anh wrote: It works!!

Re: rlm_eap_leap: No User-Password or NT-Password configured for this user

Kostas Kalevras

how to change xp client using peap

I'm having problems to change the user in windows xp. I tried peap the first time with a correct user and everything was fine but now I want to do a prove with another user but I'm not prompted anymore to intro a new one and it uses the previous one all the time(and I have reconfigured the

Re: how to change xp client using peap

I'm having problems to change the user in windows xp. I tried peap the first time with a correct user and everything was fine but now I want to do a prove with another user but I'm not prompted anymore to intro a new one and it uses the previous one all the time(and I have reconfigured the

Re: Freeradius + Mysql Issues!

Hi, Thanks, I change my value to "jujai" but it still give me the same error! Any Suggestion? Regards AlexanderKiran [EMAIL PROTECTED] wrote: You need to have "jujai" in your table.--- Alexander Khoo <[EMAIL PROTECTED]>wrote: Hi all, My goal is to use Freeradius with the sql module for

Re: Freeradius + Mysql Issues!

Hi, I was sorry but i really do not know what u trying to say. Can expain in more detail. apprrciate you can do that. AlexanderAlan DeKok [EMAIL PROTECTED] wrote: Alexander Khoo <[EMAIL PROTECTED]>wrote: auth: type "System" modcall: entering group authenticate for request 0

Problem to username and password

Hello. I´ve got a serious problem with customers connection the freeradius- server with username an password. We are using a MAX2000 and freeradius. Connection-profiles configured on freeradius with CLID a working very well. Only those with username and passwort are making trouble: Here is

Re: Freeradius + Mysql Issues!

Hi, I was sorry but i really do not know what u trying to say. Can expain in more detail. apprrciate you can do that. Use a usual unix login/password to authenticate on Radius, and this password is in /etc/passwd. Fred Alexander Alan DeKok [EMAIL PROTECTED] wrote: Alexander Khoo

Re: clients.conf

Hi, How should I configure the clients.conf if I would like that each nas, which want to connect to my Radius can do it. Beacuse they have dinamic ip address, so I can't set this in the clients.conf. Maybe you can use hostname and dns resover.. client 0.0.0.0{ secret= mysecret } any

Re: how to change xp client using peap

I had that problem too. Typical for Microsoft isn't it. Always doing you a favour. I worked around this by rechecking the automatically use my windows login checkbox and then unchecking it again. I hope this helps. -Barry BLANCA FERRERO RODRIGUEZ wrote: I'm having problems to change the

Re: how to change xp client using peap

There's a Microsoft KB article on this. I can't remember the title offhand, though. It tells you which registry entry to delete in order to force the eapol client to re-ask for credentials. --Mike On Fri, 2004-05-28 at 07:38, Barry Stewart wrote: I had that problem too. Typical for

xp/2000 does not send the machine certificate

hi all, i'm using freeradius with EAP-TLS and windows clients ( xp/2000). with the user certificates i have no problem but with the machine certificate there is no tls-handshake. i installed the certificate in the local computer store and the certificate CN match the FQDN . i think the reason

Re: xp/2000 does not send the machine certificate

Hi, Sorry, I can't help you, but maybe you can help me, what answer your windows 2k send to the A.P EAP request Identity packet ? Thx Fred hi all, i'm using freeradius with EAP-TLS and windows clients ( xp/2000). with the user certificates i have no problem but with the machine certificate

EAP-SIM relocation error

Hallo, i'm using the last cvs copy of radiusd annd i get the following error message when eap-sim request reaches the freeradius server: --LOG START rad_recv: Access-Request packet from host 192.168.192.168:6001, id=1, length=142

Re: how to change xp client using peap

- Mensaje original - De: Michael Griego [EMAIL PROTECTED] Fecha: Viernes, Mayo 28, 2004 2:48 pm Asunto: Re: how to change xp client using peap There's a Microsoft KB article on this. I can't remember the title offhand, though. It tells you which registry entry to delete in order to

Re: EAP-SIM relocation error

Hallo, some more information: $ nm /usr/lib/rlm_eap_sim-1.0.0-pre0.so 2a3c A _DYNAMIC 2b44 A _GLOBAL_OFFSET_TABLE_ w _Jv_RegisterClasses 2a2c d __CTOR_END__ 2a28 d __CTOR_LIST__ 2a34 d __DTOR_END__ 2a30 d __DTOR_LIST__ 1a24 r __FRAME_END__ 2a38 d

Help to a student on final exam paper

Hi group Im new to linux and RADIUS and have a few questions regarding configuring my radius server I have installed Cistron Radius 1.6.6 on my redhat 9.0 machine. My goal is to authenticate all users on a wireless 802.1x network, and here are the specs. Router: 10.10.0.1 Gateway(Clark

Re: Help to a student on final exam paper

Hi group Im new to linux and RADIUS and have a few questions regarding configuring my radius server I have installed Cistron Radius 1.6.6 on my redhat 9.0 machine. My goal is to authenticate all users on a wireless 802.1x network, and here are the specs. Router: 10.10.0.1 Gateway(Clark

Re: Freeradius+PAM+LDAP

Bill Thompson [EMAIL PROTECTED] wrote: I actually have the system working, but with one show stopping problem. I am able to authenticate through PAM, but certain attributes such as FilterId, SessionTimeout, and IdleTimeout are not being passed from PAM to radius. Why would they *ever* be

Re: FreeRADIUS and mschapv2 problems

On Thu, May 27, 2004 at 05:03:26PM -0400, Alan DeKok wrote: You can then run it on two machines, use 'grep' to pull out the MSCHAP lines from the debug log, and then use 'diff' to see where they differ. This will let you track down where the problem occurs. I've traced the bug down to SHA1

Re: FreeRADIUS + MySQL +EAP-TLS

ro0ot [EMAIL PROTECTED] wrote: So, it will reject users that is not in the /etc/raddb/users file? No. If that was true, then people using SQL + users wouldn't be able to use SQL. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: FreeRADIUS and mschapv2 problems

Dinko Korunic [EMAIL PROTECTED] wrote: I've been working and coding on this all night, and I might have an answer. Seems that endianess isn't an issue - more probably the SHA1 code and macros, which confuse gcc (3.3, 2.95, etc.) on Alpha architecture. Ah. That's why it works fine on

Re: Problem to username and password

Markus Ebel [EMAIL PROTECTED] wrote: I've got a serious problem with customers connection the freeradius- server with username an password. I'll say. You're trying to authenticate users, but you haven't told FreeRADIUS what their password is. modcall: entering group Auth-Type rlm_chap:

Re: EAP-SIM relocation error

Simeon Penev [EMAIL PROTECTED] wrote: radiusd: error while loading shared libraries: /usr/lib/rlm_eap_sim-1.0.0-pre0.so: undefined symbol: map_eapsim_basictypes Try statically linking the server. $ ./configure --disable-shared $ make $ make install This issue happens mainly on certain

web based account administration (freeradius+MySQL)

sorry for off-topic postings..a thought of a commercial break perhaps check this out... http://212.165.141.4/sell/test.htm interested? pls. let me know your thoughts. thank you. :) //milver - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

mysql failover

hi everybody, is there a way to configure freeradius to NOT answer to a NAS if the mysql-backend is down, so that the nas can switch to the next secondary configured freeradius server with its own mysql-backend? i tested freeradius and shutted down the mysqlserver, the request from the nas came

fail-over configration

Hi,all. (B (BI want to set up freeradius which use users file and sql database for (Buser authenticating. (B (BBut I can not set up well. (BCan I set up freeradius as follow? (B (B (B1.Checking users file (B If the User-Name is found,check the User-Password. (B if the User-Password

Re: EAP-SIM relocation error

Hi, after running configure --prefix=/usr/local/raddb --with-experimental-modules --disable-shared i get the following error message: rm -f .libs/radiusdS.c .libs/radiusd.nm .libs/radiusd.nmS .libs/radiusd.nmT gcc .libs/radiusdS.o -g -O2 -D_REENTRANT -D_POSIX_PTHREAD_SEMANTICS

Re: EAP-SIM relocation error

On Fri, May 28, 2004 at 03:53:21PM +0200, Simeon Penev wrote: Hallo, i'm using the last cvs copy of radiusd annd i get the following error message when eap-sim request reaches the freeradius server: --LOG START rad_recv:

Re: EAP-SIM relocation error

Hi, my system is fedora core 2. The libtool has version 1.5.6-1. Actually i had the problem on fedora core 1 too (libtool-libs-1.5-8.i386). Regards, Simeon Am Friday 28 May 2004 17:42 schrieb Paul Hampson: On Fri, May 28, 2004 at 03:53:21PM +0200, Simeon Penev wrote: Hallo, i'm using the

Re: EAP-SIM relocation error

On Sat, May 29, 2004 at 01:42:03AM +1000, Paul Hampson wrote: If so, this is a known problem due to a change in how libltdl loads shared libraries. See FreeRADIUS bug #75. If you're using Debian, get a copy of libltdl3 1.5.2-1 and see if it fixes the problem. Also see Debian bug #244578

Re: FreeRADIUS and mschapv2 problems

On Fri, May 28, 2004 at 05:05:04PM +0200, Dinko Korunic wrote: void SHA1Final(uint8_t *out, void* ctx); uint32_t rol(uint32_t value, uint32_t bits); Doh. Sorry, I've missed that you've added SHA1FinalNoLen() as SHA1-M implementation of FIPS 186-2 Appendix 3.3 in recent CVS sha1. Here's the

LDAP Authentication (MS Windows AD)

It seems that this should not be so hard; I am sure I am making a stupid mistake somewhere, but I just don't see it. I am attempting to set up freeradius 0.9.3 (redhat) to use (initially) one of several Windows 2003 AD for authentication. I am, however, unable to get the first one to work. I

Re: EAP-LEAP failure

Jens Riecken [EMAIL PROTECTED] wrote: modcall: entering group authenticate for request 1 rlm_eap: EAP packet type notification id 1 length 42 rlm_eap: EAP Start not found rlm_eap: Request found, released from the list rlm_eap: EAP_TYPE - leap rlm_eap: processing type leap

Re: web based account administration (freeradius+MySQL)

Yes I am interested in your app. What are the details? Is it complete, is it commercial or free? Are you looking for testers? Original Message From: Milver S. Nisay [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Friday, May 28, 2004 10:28 AM Subject: web based account administration

Re: FreeRADIUS and mschapv2 problems

Dinko Korunic [EMAIL PROTECTED] wrote: Here's the updated version - which is working well according to test vectors I've got from your old code. I hope I didn't break EAP-SIM :) I've just commited an update to the existing SHA1 code. I realized that I had hacked md4/md5, to use uint32_t

Re: LDAP Authentication (MS Windows AD)

Is CN=User\\, Asteroid,OU=System Accounts... a valid user with read access to AD? It seems that this should not be so hard; I am sure I am making a stupid mistake somewhere, but I just don't see it. I am attempting to set up freeradius 0.9.3 (redhat) to use (initially) one of several

Re: EAP-SIM relocation error

On Fri, May 28, 2004 at 06:09:19PM +0200, Simeon Penev wrote: my system is fedora core 2. The libtool has version 1.5.6-1. Actually i had the problem on fedora core 1 too (libtool-libs-1.5-8.i386). Try it now, using a snapshot which has src/modules/rlm_eap/types/rlm_eap_sim/Makefile.in v1.2 in

Re: FreeRADIUS and mschapv2 problems

On Fri, May 28, 2004 at 01:08:26PM -0400, Alan DeKok wrote: The new code passes my tests, and should pass yours, too. Yeps, works. It looks a bit messy, though, but works for both padded and unpadded outputs for test vectors. Excellent, I'm glad that's fixed. -- | |--..-. Dinko

Re: LDAP Authentication (MS Windows AD)

Thanks for the reply. Yes, it is a goofy name, but I am told it does have read access on AD (it is in the 'domain user' group). From: Dustin Doris [EMAIL PROTECTED] on Fri, 28 May 2004 13:16:20 -0400 Is CN=User\\, Asteroid,OU=System Accounts... a valid user with read access to AD? It

radius - ldap - extreme networks

hello i need access for my user form switch extreme networks wireless, but extreme only use radius server, and i need use my LDAP server for validation on my users. the free radius recibe calls from extreme switch but the radius recibe EAP signal. follow text auth: type EAP modcall: entering

RE: Need Assistance please

Alan, the User Change Password Administrator etc., are already part of the LDAP schema (under the attribute securityRole) e.g. Uid=testuser Attribute Value securityRoleUsers Alan DeKok wrote: The value should have the operator in it. e.g.

Radius and SSHD

Hi I am running freeradius 0.9.3 on RH 9. Authentication works fine using the radtest tool. But when I try to set authentication for sshd located under /etc.pam.d/sshd as per the documentation give in the site, freeradius just fails to authenticate. pam module is also installed under the