coova-chilli + freeradius + kerberos

2011-08-02 Thread Massimiliano Tommasi
Hi All, is it possible to send the password from coova-chilli(for example) as CHAP or MSCHAPv2 format to authenticate the clients on Kerberos through FreeRADIUS? Is it possible to do it without plain-text password? Let me know, please. Max - List info/subscribe/unsubscribe? See http://www.freera

Re: chilli + freeradius + opendirectory

2011-07-28 Thread Massimiliano Tommasi
7;t happend :( Isn't enough PAP, Alan? Do you have any idea, where it's the mistake? Thanks Max Il 28/07/11 18.30, Alan DeKok ha scritto: > Massimiliano Tommasi wrote: >> If I'm right, I'm able to convert the password to plain-text after >> chilli and before r

Re: chilli + freeradius + opendirectory

2011-07-28 Thread Massimiliano Tommasi
I forgot to say that LDAP is on MAC OSX, so it's Opendirectory, not the standard OPENLDAP... WEB.CLIENT<-->CHILLI<-->FREERADIUS<-->OPENDIRECTORY With radtest it works amazingly but not passing to chilli :( Regards. > Hi, > I'm moving step by step to get my system working... > My architecture i

chilli + freeradius + opendirectory

2011-07-28 Thread Massimiliano Tommasi
Hi, I'm moving step by step to get my system working... My architecture is: WEB.CLIENT<--->CHILLI(captive.portal)<--->FREERADIUS<--->OPENLDAP My problem now is between chilli and opendirectory THRU freeradius. Chilli supports chap or pap. I'm not able to use chap because, it's not compatible with o

Re: FreeRadius and MacOsx (LDAP vs Kerberos)

2011-07-27 Thread Massimiliano Tommasi
You are right, Alan. I hoped there was a solution to this but evidently it's not possible. The only way is to disable the chap on the client-side. Regards, Max Il 27/07/11 17.14, Alan DeKok ha scritto: > Massimiliano Tommasi wrote: >> I got the first step..., FreeRadius and Ope

Re: FreeRadius and MacOsx (LDAP vs Kerberos)

2011-07-27 Thread Massimiliano Tommasi
to 192.168.58.126 port 55684 Waking up in 4.9 seconds. Cleaning up request 10 ID 4 with timestamp +1898 Ready to process requests. I have some doubt on the Apple side.., is the server asking for clear password on the apple side? I hope you can help me, one more time. Cheers, Max Il 27/07/11 1

Re: FreeRadius and MacOsx (LDAP vs Kerberos)

2011-07-27 Thread Massimiliano Tommasi
That's working, Alan. Thanks. Max Il 27/07/11 14.54, Alan DeKok ha scritto: > Massimiliano Tommasi wrote: >> You are pretty right ;) >> I have just recompiled freeradius with that module, which I need... >> It seems to be what I need but ... I notice a lack of docume

Re: FreeRadius and MacOsx (LDAP vs Kerberos)

2011-07-26 Thread Massimiliano Tommasi
, Alan DeKok ha scritto: > Massimiliano Tommasi wrote: >> I tested everything with OpenLDAP on Linux but my "real world", in this >> case, is OpenLDAP on MAC OSX Server (open-directory) an it seems to be >> pretty different. > > See rlm_opendirectory. I

FreeRadius and MacOsx (LDAP vs Kerberos)

2011-07-26 Thread Massimiliano Tommasi
Hello guys, I spent many days testing and working with free-radius and LDAP. I got my app, was working authenticating on my LDAP thru FreeRadius, i seed to be what I was looking for... BUT I tested everything with OpenLDAP on Linux but my "real world", in this case, is OpenLDAP on MAC OSX Server (o

Re: FreeRadius - LDAP

2011-07-20 Thread Massimiliano Tommasi
Syntax of 2.x is really is quite different from 1.y _ That was my problem, thanks an regards. Max Il 20/07/11 18.07, u...@3.am ha scritto: > > You're using LDAP with POSIX type users, including shadow passwords. I'm > pretty > sure this means you cannot use CHAP on the client end, but must use

Re: FreeRadius - LDAP

2011-07-20 Thread Massimiliano Tommasi
client side >> >> Sending Access-Request of id 207 to 127.0.0.1 port 1812 >> User-Name = "ldapuser" >> User-Password = "MTIxMjEyIA==" >> NAS-IP-Address = 127.0.0.1 >> NAS-Port = 2 >> rad_recv: Access-Reject packet fro