Quoting Matthew Newton :
For what it's worth, rolling your own FreeRADIUS packages for
Debian is trivial.
http://wiki.freeradius.org/building/Build#Building-Debian-packages
Right you are! Very good indeed. Sure beats installing directly from
source. Now I've got the latest version and it's
Quoting Iliya Peregoudov :
From http://wiki.freeradius.org/modules/Rlm_krb5:
"Make sure the keytab is readable by the user that is used to run radiusd..."
On 27.03.2013 7:09, Jaap Winius wrote:
rlm_krb5: verify_krb_v5_tgt: host key not found : Permission denied
You're right
Quoting Alan Buxey :
... I wonder if your server has been built with kerberos support?
Indeed it has. The machine in question not only runs Freeradius, but
also the Kerberos KDC, kadmin server and Kerberos client software.
That all works, and it still works with Freeradius as long as I use
Quoting Phil Mayers :
... you should be using 2.2.0 or 2.2.1 when it's release, as the
2.1.10/11/12 releasea have a known security issue.
I'll be sure to install 2.2.x as soon as a Debian package becomes
available for it, but for now I'm going to stick with 2.1.x.
I see from the (limited)
Hi folks,
Recently my server received an in-place upgrade from Debian squeeze to
wheezy (still testing). Along with that, freeradius was upgraded from
version 2.1.10 to 2.1.12, but as a result it no longer works.
The problem is that I use "DEFAULT Auth-Type = krb5" in /etc/freeradius/
users, and
Quoting a.l.m.bu...@lboro.ac.uk:
you might want to look into 'eduroam CAT' tool - as your NREN
federation/eduroam people about it.
Thanks very much! I'll look into it.
whoa re your instructions aimed at? I worry a great deal about them
because you arent telling them to install/verify a CA or
Quoting a.l.m.bu...@lboro.ac.uk:
SSL certs can be in various formats. Ones that are 'usable'
depends on the underlying code, but the useful types are
usually PEM, DER (also known as CER) and P12these are
all active certs. CSR is a certificate signing request file
and isn't a valid cert for c
Hi folks,
My WPA2-Enterprise configuration with Freeradius 2.1.0, EAP-TLS and
4096-bit SHA-1 certificates works great with wpaspplicant on Linux,
but can anyone help me understand how to get this to work for OS X
(Lion) clients?
My Linux client uses a copy of the ca.pem file to establish
Quoting Phil Mayers :
Your client is doing EAP-TTLS/EAP-MD5.
You have two choices:
1. Reconfigure the client to do EAP-TTLS/PAP, which PAM will be
able to authenticate
2. Stop using PAM, and provide the server with the client
credentials in a form compatible with your EAP-type (see 1st U
Quoting Alan DeKok :
No. You can't turn off EAP. The client is sending EAP to the server.
You need to change the client. And likely you can't, because it
*needs* to do EAP.
Indeed, the key_mgmt attribute in my wpa_supplicant.conf is set to
WPA-EAP and it looks like that's my only option.
Quoting Alan DeKok :
You can't use PAM and EAP-MD5 together. It's impossible.
That sounds like important information! To turn off EAP, I commented
out all of the lines related to EAP in
/etc/freeradius/sites-enabled/default and in
/etc/freeradius/sites-enabled/inner-tunnel. Unfortunatel
Quoting Deepti kulkarni :
Try by adding
jwinius Auth-Type = pam
Cleartext-Password := xxx
Thanks for your reply, but that makes virtually no difference. The
result is the same and freeradius' debug output only changes slightly:
Hi folks,
Having managed to get freeradius 2.10 to run on Debian squeeze with a
username and password defined in /etc/freeradius/users, I was hoping
to take a step forward by getting it to authenticate users through
PAM. But, that's not working out as I had hoped.
Could sombody please tel
13 matches
Mail list logo