Hi Alan, Mak:
I tried the patch on both freeRADIUS 1.1.2 and freeRADIUS 1.1.3 - had
seen similar problems with wpa-supplicant and freeRADIUS with
EAP-TTLS/MS-CHAPv2 and hence had to enable wpa_workaround flag to get
past the issue... (which was incorrect)
But Mak's patch resolves the issue and now
RFCs for 3GPP/3GPP2 only some of them are possible in certain type of responses. Thx.Regards, Mohammed. Date: Thu, 30 Mar 2006 14:06:02 -0800 (PST)From: Mohammed Petiwala <[EMAIL PROTECTED]>Subject: VSA and other attributes in Access-AcceptTo: freeradius-users@lists.freeradius.o
Hi: First thanks to the freeRADIUS team - this is one of the most flexibile and powerful AAA available...I've 2 questions: 1. I've set up my clients to authenticate using EAP-TTLS with MSCHAPv2 as the inner authentication protocol. This works fine with the wpa_suppicant with intel 2200b/g a
Hi:
Based on the error message - check whether your
clients.conf file has local host 127.0.0.1 setup as a
valid client and also check the shared-secret used is
the correct
client 127.0.0.1 {
secret = omeya
shortname = spacecable
nastype = other
}
hi bilal:
you could do this in 2 ways:
1. in the eap.conf file in the tls section
tls {
rsa_key_exchange = yes
dh_key_exchange = no
rsa_key_length = 1024
dh_key_length = 1024
Hi Nelson:
check the rlm_eap_tls.h/.c and the eap_tls.c/.h files
in the your radius 1.0.0-pre3 1.0.0 release
./src/modules/rlm_eap/types/rlm_eap_tls/ folder in the
distro.
the rlm_eap_tls.c file has a function to initialize
the ssl/tls context params (certs, keys, trusts,
etc.) that are used globa
Hi Nelson/Alan:
the problem seems to be the issue with freeRADIUS not
able to authenticate certificate chains of length
greater than 2.
In Nelson's case the cert chain is CA->RA->user-cert
so Nelson will have to apply the patch 112 in
bugs.freeradius.org and refer to my email on using
freeradius w
Hi Joey:
Could you please provide more details on this find and
how it gets triggered (test scenario, conditions,
example config). If your find is valid (per feedback
from freeRADIUS authors then this serious flaw should
be patched asap!)
Thanks.
Regards,
Mohammed.
Mohammed H. Petiwala
Senior Sta
Hi Trevor:
why are you trying to use the attr_rewrite stuff for
proxying.
The simpler approach is to use the proxy.conf
and
use the 'strip' option
for e.g.
realm mydomain.net {
type= radius
authhost= anotherserver.mydomain.net
accthost= anothers
Hi:
I am interested in using the CRL feature in the R1.0.0
freeRADIUS release.
The documentation/comments in the radiusd.conf file
are the only piece I was able to get out.
Is there any other documentation on this feature in
the freeRADIUS release.
We are using CISCO ACS server as well as the MS IA
Hi Gopal:
I am copying this email to the freeRADIUS community to
see if more people can help you with this:
here are my 2 cents...
you'll need to have your own certificates - normally
the organization has mandates on what type of
certificates to use and stuff, we have our own CA that
issues certifi
hi ester:
we use freeradius.1.0.0-pre3 for our internal testing
and i haven't seen this problem.
but i've seen similar problems in prior release. some
pointers that COULD help (try it out what's the
harm!!)
1. do a 'make distclean' and then reconfigure with the
prefix you use openssl lib and includ
Hi:
Currently the freeRADIUS server (including R1.0.0
pre-3) doesn't support sending server certificate
chains during the SERVER-HELLO handshake to the
EAP-TLS client/supplicant.
This patch allows freeRADIUS to have certificate chain
of depth greater than 2 in the server/aaa certificate.
This patch
Hi I've seen this error releated to kerberos when
building freeRADIUS on a red hat fedora 2 core (could
also occur on a fedora 1 core).
you need to locate the location of com_err.h file
(it's located in a different directory path in this
particular distribution) and once you do that it
should solve
Hi Alan:
If someone can get this working (n-tier cert chain authentication - can it be added as a patch to freeRADIUS) or be made as part of the release 1.0.0 (if done in the release time-frame)
Thanks.
Regards,
Mohammed.
Alan DeKok <[EMAIL PROTECTED]> wrote:
Mohammed Petiwala &
Hi:
I am using freeRADIUS (0.9.3 on linux with openssl ) for EAP-TLS authentication using our in-house supplicant, we are currently using 3-tier cert chains and have been using it quite successfully for TLS authentication with OpenSSL but when we try to use these same 3-tier certs for EAP-TLS rad
16 matches
Mail list logo
