K. Suresh wrote:
Has anyone tried FedoraDS with FreeRadius?
It's a LDAP directory. It should work.
Vladimir
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
[EMAIL PROTECTED] wrote:
i want to configure freeradius with hardware adsl router ... could you
sugest me some?
i've got linksys wag54g which doesnt support pure radius but WPA radius..
is it posible to make them work together with my freeradius server?
Yes. WPA RADIUS is so called WPA
François Dagorn wrote:
I'm trying to configure a secured Wireless network, so I want to use
EAP/PEAP/LDAP for
authentication and then try WPA to crypt sessions. As a beginner, I'm
doing that step
by step. So I've done the following :
- set up a freeradius server and test it with a simple
Sebastian Mauer wrote:
Is it really not possible to do PEAP (w. MSCHAPv2) when I have NT-Hashes
in the Directory? My target is to use LDAP as authentication source for
my UNIX Workstations (trough pam_ldap), my Windows Workstations (trough
Samba accessing LDAP, therefor I have the NT-Hashes in
Frank Bonnet wrote:
Thanks for your answer, how to tell freeradius no to use this attribute
do I have to set it to NULL ? do I have to comment the line ?
You can simply put uid for the accessattribute so as long as the user
has a uid they'll be allowed access.
Vladimir
-
List
Cian Phillips wrote:
rlm_ldap: performing search in cn=users,dc=cca,dc=edu, with filter
(uid=cian)
rlm_ldap: checking if remote access for cian is allowed by uidNumber
rlm_ldap: looking for check items in directory...
rlm_ldap: looking for reply items in directory...
rlm_ldap: user cian
Cian Phillips wrote:
If you have any tips or good links for up to date information on how
to set freeradius up to talk to a Cisco WAP I could use the help. grin
I have a howto on LDAP and FreeRADIUS at
http://vuksan.com/linux/dot1x/802-1x-LDAP.html
I have successfully used it for WPA with
Florian Prester wrote:
ist it possible to authenticate an user with eap-ttls using PAP with
an Crypt-Password?
The Crypt-Password is obtained by an LDAP-Server.
I can do eap-ttls using MD5/PAP with an cleartext Password.
Yes you can, however you have to configure your clients to use
Allan Borman wrote:
I have put together a freeradius server to authenticate users existing
on our oracle LDAP directory. The issue that I have is getting the
passowrd from oracle. I can probe the LDAP, get a user authorized and
fallback to the default for the passowrd check which is the
Allan Borman wrote:
Hi Valdimir,
Thanks for the reply. Would it help if I send you the debug info on the
RADIUS. If you are interested let me know.
I don't think that would help any. First of all you have to make sure
that LDAP is providing the right information before you try to get it
melvin wrote:
Does anyone knows if Linksys WRT54G wireless router supports
FreeRadius with EAP-TTLS?
Yes it does. It supports both EAP-TTLS and PEAP.
Vladimir
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
melvin wrote:
rad_recv: Access-Request packet from host 192.168.84.11:2048, id=0,
length=125
User-Name = melvin
NAS-IP-Address = 192.168.84.11
Called-Station-Id = 000f66005feb
Calling-Station-Id = 0012f075e7b3
NAS-Identifier = 000f66005feb
NAS-Port =
[EMAIL PROTECTED] wrote:
To make life easy...
I want WPA-EAP authentication working, but I want the authentication be against
the Linux username and its password.
Is this possible? Guides and tips welcome
It is possible however only with EAP-TTLS and PAP inner tunnel
authentication. Set up
melvin wrote:
LDAP does provide some authentication -- through the 'BIND' statement.
Incidentally, this is how the FreeRadius rlm_ldap module chooses to
authenticate against an LDAP entry... it attempts to 'bind' to it,
passing
the username and password to LDAP.
I have successfully
Florin Andrei wrote:
To be more precise, authentication happens during the LDAP Bind request.
Subsequent searches are irrelevant.
Can freeradius do the same? I.e., wait for a username / password request
from a client, bind to the LDAP server using the supplied password (and
passing the
[EMAIL PROTECTED] wrote:
I am trying to do EAP-PEAP, using FreeRadius 1.0.4. Here are the debug logs,
at the breaking points:
It doesn't appear you are sending the whole log. There should be another
section where the user is being authorized against the SQL database. It
appears your
[EMAIL PROTECTED] wrote:
When using NT-Password, I was noticing that the sql authorization phase
would not return OK. Switching it to User-Password seemed to fix that
(albeit not correctly). I have switched radcheck back to using Attributes
of NT-Password.
Make sure you have both NT-Password
[EMAIL PROTECTED] wrote:
My problem with TTLS, is that for what I can tell, Microsoft has no
native support for TTLS. Only PEAP.
If someone can tell me of another method for doing a TLS tunnel, with no
client certificate neeed, and use Crypt passwords, I would be very happy!
That is
Jefri bin Dahari wrote:
I have Freeradius running where wireless users authenticate using
EAP/TLS. Now, I would like to use the same server to authenticate
wired users using EAP/MD5 on Cisco switch 3750 but it doesn't work.
The log shows it doesn't do EAP authentication as shown below.
Galát Bence wrote:
I have a simple question. Can I use Freeradius to authenticate Lan
clients (Windows/Linux) ? The clients connected to an AP over Lan,
that's in client mode, and this AP is connected by another AP (set in
normal AP mode) to the Freeradius server. Is it possible?
You
alfonso celestino wrote:
Thanks very much Alan,
Now, I have a doubt.
I am using EAP-TTLS to authenticate users 802.11, I
need to add my users in the users file like that:
User1 User-Password == passwd1
User2 User-Password == passwd2
But instead of storing in users file I would like to
do
Fahim wrote:
Having spent whole last fortnight trying to configure Freeradius
module given here with LDAP Agent running on my eDir8.7.3.6 on Netware
5.1, using iManager 2.5, I am almost there but seemingly stuck with
something vital. Ihave done everything as mentioned by Novell Admin
guide
[EMAIL PROTECTED] wrote:
Hello all! I would like to know if anyone has gotten freeradius to work
with eDirectory (LDAP)? We are using freeradius 0.93 (ships with sles9)
and want our wireless users to authenticate to the eDirectory box. I
changed the radiusd.config file at the ldap entry.
Ekkehard Burkon wrote:
did anyone successfully authenticate against a Mac OS X
servers Open Directory?
I need it for 802.1x/WPA.
Are there any docs on the web?
OpenDirectory is an OpenLDAP hack so OpenLDAP docs should work. Please
check out
Vittore Zen wrote:
I'm using freeradius (+mysql) in a wireless infrastructure with a
dozen of linksys WAP54G access point (using AES).
Authentication is PEAP with mschapv2.
All go right when use Windows clients but no response using Mac Os X
clients.
Any ideas? Someone says me that MacOsX use
Radius wrote:
Does anyone have any links or on-line examples that show how to
use FreeRadius to do 802.1x authentication?
Go to www.freeradius.org and first page shows a link for 802.1x HOWTO
http://www.gnist.org/~lars/courses/04thales/8021X-HOWTO.html
Vladimir
-
List
Schoggins, George wrote:
I cannot get the 802.1x to work on the cisco. It works for local
management but will not send a request when doing 802.1x. Does anyone
have the config I should use on the cisco and the radius to make this
work? Thanks in advance
Please read
Matt McFarlane wrote:
Totally new to radius. I've installed freeradius 1.02 --with-edir on Suse 9. Attempting to use 802.1X auth from wireless user behind HP 420 AP using WinXP to an eDir tree via LDAP. When I use radtest the bind is successful. However when using the 802.1X supplicant I get
Christian Zawada wrote:
password_attribute = userPassword
Set up seems right. You could try commenting out the line above and
making sure you have following line in ldap.attrmap file
checkItem User-Password userPassword
That works for me.
Vladimir
-
List
Achim Friedland wrote:
I configured my iBook for the airport the same way like for the CISCO
AP, so I don't think it's a problem at the client. I'm using
freeradius-1.0.2 on debian unstable from tarball because of the
strange tls-bindings in the offical debian package...
When I try to
CHui wrote:
I would like to know if anyone has a work around to support PEAP (ms
chap v2) client access authenticate against a LDAP server with bind
operation. Currently, retrieving clear text password from LDAP is
not an option.
No this is not possible. Only way you can authenticate via
I would like to know if anyone has a work around to support PEAP (ms
chap v2) client access authenticate against a LDAP server with bind
operation. Currently, retrieving clear text password from LDAP is
not an option.
This is how I got it going
Douglas G. Phillips wrote:
Here is a sample of the password that is being passed:
User-Password = \240d\351E\3737\025\022\0227,(rest removed)
This may imply that your shared secret is incorrect. Please verify that
RADIUS shared secret on Cisco 5350 and shared secret for that particular
IP in
Galvao Rezende wrote:
problems with 802.1x - EAP-TLS
I'm having trouble at authentication using radius, openssl and
EAP-TLS, using AP CISCO 350 Series. Look at radius output.
It doesn't appear that is the whole output. There is no Reject message
that I can see.
Vladimir
-
List
Galvao Rezende wrote:
eaptls_process returned 7
rlm_eap_tls: Received unexpected tunneled data after successful handshake.
You need to investigate following. You may want to re-do certificates.
Vladimir
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
dssd dsfdsfdsf wrote:
good morning
i hope you can resolve my problem
peap works without ldap but when i use ldap whith peap, it doesn' work!!
in the file users for peap (when i don't use ldap)
robert Auth-Type:=EAP, User-Password ==azertyui
in the file users i replace this line by
robert
I have a set up with LDAP backend and a Chillispot run unencrypted
network and WPA running off a WRT54G wireless router. Accounting works
like a champ coming from the Chillispot network however it doesn't work
at all coming from WRT54G. I look through the debug logs and I notice
that
Sergey Guriev wrote:
Im' using freeradius 1.02 (under linux), Cisco AiroNet 1230B and PC-station
under Win-XP. And I have some problem with authorization.
Here parts of my configs:
users:
-
ttt Password ==
I believe this should be User-Password ==
Vladimir
-
Sergey Guriev wrote:
3 2005 09:48 Vladimir Vuksan :
I believe this should be User-Password ==
I made it and User-Password and Password - no change
The log contains something peculiar ie.
rad_recv: Access-Request packet from host 80.243.64.30:14123, id=138,
length=142
I have updated my HOWTO on using OpenLDAP as a authentication backend
for FreeRADIUS. New additions are
* ChilliSpot setup
* Using wpa_supplicant for 802.1x wired authentication
* Dynamically assigning VLANs on Cisco switches
* Other minor things
Please check out
Tim Boneko wrote:
That still doesn't tell us whether you configured SoftAP to use the
RADIUS server ? SoftAP is only the AP piece but not the RADIUS server
itself. You have to point to FreeRADIUS instance you are using.
That seems to be the part i am missing. How do i do that? Is it a
Victor M. Polukcht wrote:
Is there any ability to authentificate Wireless Users with login and
password using Freeradius?
I use freeradius now for dialup and voip users. But now also need
somehow to auth wireless users (we have some hotspots). As i got i
need to configure PEAP. May be there
Tim Boneko wrote:
A silly question, perhaps, but you *did* configure you wireless AP to
actually *use* the RADIUS server, did you not?
OW! Damn, i forgot to mention that the AP _is_ the Radius server...
sorry, my fault. It?s a SoftAP.
That still doesn't tell us whether you configured
Sebastian Mauer wrote:
Thanks for that answer, but lately I found out some more. The Password
*is *as clear/plain-text in the LDAP and the authentication works when
using EAP-TTLS with GTC or MSCHAPv2 for example. It's only not working
when using PEAP as EAP-flavour and this is what's confusing me
I have written up a short HOWTO on using OS X to connect via TTLS+PAP.
You can find the necessary client config at
http://vuksan.com/linux/dot1x/os-x-ttls-pap.html
Configuration on the RADIUS side is similar to
http://vuksan.com/linux/dot1x/802-1x-LDAP.html
Just make sure you have TLS and TTLS
Alan DeKok wrote:
Vladimir testuser [EMAIL PROTECTED] wrote:
Great. So how do I configure it :-) to use LDAP CRYPT or MD5 hashes.
Read the documentation and the sample configuration files.
TTLS + PAP is *REALLY* TTLS + PAP. Configure PAP, configure TTLS,
and TTLS + PAP will work.
Alan DeKok wrote:
1) The tunneled session is MS-CHAP, not PAP. The server is telling
you this in the debug messages! I don't understand why you are asking
about TTLS + PAP when you're using TTLS + MSCHAP. Please do not post
misleading messages to the list.
I did not intend to mislead
In one of the old messages David Hart said
http://lists.cistron.nl/pipermail/freeradius-users/2004-September/036112.html
Hmm... We can do that already. Just use EAP-TTLS/PAP and have
freeradius authenticate via an LDAP bind rather than a password compare.
It works great for me.
I would
Alan DeKok wrote:
Configure certificates for EAP-TLS. See raddb/eap.conf, eap{}
section, tls{} subsection. Also uncomment ttls{} section. Run
scripts/certs.sh (and read it).
After that, configure a plain-text password. EAP-TTLS with tunneled
PAP, CHAP, MS-CHAP, EAP-MSCHAPv2, and EAP-GTC will
Alan DeKok wrote:
After that, configure a plain-text password. EAP-TTLS with tunneled
PAP, CHAP, MS-CHAP, EAP-MSCHAPv2, and EAP-GTC will work.
But shouldn't FreeRADIUS be able to extract username and password from
PAP packet and check those credentials by binding to LDAP ?
sigh
Michael Schwartzkopff wrote:
Thanks for help but my switch doesn't know this command. Is it possible
that the IOS 12.1(11)EA VLAN Assignment with 802.1x not supported?
Yes. Be careful with the IOS versions. Older versions do not have this feature
implemented. You have to install a quite new
I have set up FreeRADIUS with PEAP. I tried logging in with a Mac OS X
client however it keeps telling me
eapolclient[4468]: eapmschapv2_success_request: invalid server auth
response
What is confusing is that rlm_eap_peap returns SUCCESS.
modcall: group authenticate returns ok for request 15
TAYLAN KIRAN wrote:
We are trying to auhtenticate our XP users with EAP-TTLS. we enabled
EAP-TTLS support with securew2
product. our users are on Edirectory via ldap. We have enterasys
switches.
when switches authenticate users they should receive the following
string to set port policy.
Chan Min Wai wrote:
Vladimir wrote:
I am trying to get 802.1x authentication going for wired clients on our
LAN. I have been successul in using local password database to
authenticate 802.1x users however I haven't been able to get it going
with LDAP. Version of FreeRadius is Debian packaged
54 matches
Mail list logo