On Mon, Dec 12, 2011 at 6:30 PM, Ryan Garland she...@gmail.com wrote:
Thanks for the response, Alan.
It turns out part of my issue was certificate related. This has been
resolved, but eapol_test continues to fail for a different reason.
However, I am having trouble determining a fix.
On Tue, Dec 13, 2011 at 9:37 AM, Ryan Garland she...@gmail.com wrote:
[eap] EAP/md5
[eap] processing type md5
rlm_eap_md5: Cleartext-Password is required for EAP-MD5 authentication
[eap] Handler failed in EAP/md5
[eap] Failed in EAP select
++[eap] returns invalid
Failed to authenticate the
On Mon, Dec 12, 2011 at 7:12 PM, Fajar A. Nugraha l...@fajar.net wrote:
On Tue, Dec 13, 2011 at 9:37 AM, Ryan Garland she...@gmail.com wrote:
Sorry, I should have been more clear.
I'm not sure what my options are with regards to Cleartext-Password
and using EAP-MD5, if that is indeed what is
On Tue, Dec 13, 2011 at 11:34 AM, Ryan Garland she...@gmail.com wrote:
However, my original problem persists. My supplicant continues not to
respond to the FreeRADIUS Access-Challenge.
Keep in mind I am using the same .mobileconfig on my OS X Lion machine
and my iPhone 4S (IOS 5) and
Ryan Garland wrote:
I get a Warning message from FreeRADIUS indicating that EAP did not
complete. The message directs me to a Certificate Compatibility page on
the FR wiki, but unfortunately that points a lot of fingers at Windows,
which my laptop is not running.
Whether it's windows or
On 06/19/2010 01:03 PM, Alan DeKok wrote:
John Dennis wrote:
On 06/18/2010 04:03 PM, Kyle Plimack wrote:
So how do I get pap to do it?
If you're asking how to you get pap to do mschap then that's a
nonsensical question.
Here is how things work:
http://wiki.freeradius.org/Concepts
Nice
Kyle Plimack wrote:
I’m getting the following error now
Any thoughts on correcting this winbind error?
See the winbind documentation?
You can try running ntlm_auth from the command line. If it doesn't
work there, no amount of poking FreeRADIUS will make it work.
You can also try seeing
John Dennis wrote:
On 06/18/2010 04:03 PM, Kyle Plimack wrote:
So how do I get pap to do it?
If you're asking how to you get pap to do mschap then that's a
nonsensical question.
Here is how things work:
http://wiki.freeradius.org/Concepts
Nice discussion, thanks.
Alan DeKok.
-
List
Kyle Plimack wrote:
I have pap working (i.e. I ran radtest and got an access-accept).
I don’t want to configure certs on each of my hosts for each of my
clients, so I’d like to use PEAP/msChapV2 so that dot1x clients are
prompted for and username/password.
According the the
On 06/18/2010 02:01 AM, Alan DeKok wrote:
Kyle Plimack wrote:
I have pap working (i.e. I ran radtest and got an access-accept).
I don’t want to configure certs on each of my hosts for each of my
clients, so I’d like to use PEAP/msChapV2 so that dot1x clients are
prompted for and
Doing an ldapsearch put me on the right track, I had created a user 'radiusd',
but that user did not have the rights to request the userPassword.
The error I am getting now is:
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap]
Kyle Plimack wrote:
I added an entry to ldap.attrmap, “checkItem Cleartext-Password
userPassword”
The Password is not cleartext, but I read somewhere that radius is
supposed to figure that out automatically from a header. This is what
is returned:
rlm_ldap: userPassword -
So how do I get pap to do it?
On 6/18/10 12:50 PM, Alan DeKok al...@deployingradius.com wrote:
Kyle Plimack wrote:
I added an entry to ldap.attrmap, checkItem Cleartext-Password
userPassword
The Password is not cleartext, but I read somewhere that radius is
supposed to figure that out
On 06/18/2010 02:11 PM, Kyle Plimack wrote:
Doing an ldapsearch put me on the right track, I had created a user
‘radiusd’, but that user did not have the rights to request the
userPassword.
The error I am getting now is:
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] Request
Kyle Plimack wrote:
So how do I get pap to do it?
To do what?
If you're asking why PAP works, go read the table. It's not hard.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
That has to go in the wiki somewhere. That's possibly the best explanation of
how FreeRADIUS processes requests I've ever heard... :)
-Arran
On Jun 18, 2010, at 1:50 PM, John Dennis wrote:
On 06/18/2010 04:03 PM, Kyle Plimack wrote:
So how do I get pap to do it?
If you're asking how to you
So I gave in and connected radius to my active directory (which we wish we
could get rid of).
I'm getting the following error now
Any thoughts on correcting this winbind error?
[mschapv2] +- entering group MS-CHAP {...}
[mschap] NT Domain delimeter found, should we have enabled
check this out
http://www.clearfoundation.com/docs/howtos/setting_up_freeradius2_to_use_ldap
Kyle Plimack wrote:
I’m trying to use ldap to authorize/authenticate my users into the
wireless network using 802.1x.
I just created a fresh installation of freeradius 2.1.7. We use Centos
Kyle Plimack wrote:
I’ve read a lot of threads and looked at the protocol / encryption
compatibility chart, but I’ve never seen someone say, “this is the
solution”.
1) get PAP working against LDAP
2) follow the EAP guide (deployingradius.com) to get EAP working
3) configure ldap in the
On 06/17/2010 11:57 AM, Kyle Plimack wrote:
I’m trying to use ldap to authorize/authenticate my users into the
wireless network using 802.1x.
I just created a fresh installation of freeradius 2.1.7. We use Centos
Directory Server (aka red had dir. Srv / fedora dir.srv), not openLdap.
You
I have pap working (i.e. I ran radtest and got an access-accept).
I don't want to configure certs on each of my hosts for each of my clients, so
I'd like to use PEAP/msChapV2 so that dot1x clients are prompted for and
username/password.
According the the deployingradius.com guide, once pap is
On Fri, Jun 18, 2010 at 7:44 AM, Kyle Plimack kplim...@videoegg.com wrote:
I have pap working (i.e. I ran radtest and got an access-accept).
I don’t want to configure certs on each of my hosts for each of my clients,
so I’d like to use PEAP/msChapV2 so that dot1x clients are prompted for and
i have a configuration that works.
Using 802.1x Eap-ttls (pap) and a OpenLdap for user authentication.
It works.
But this lines inside radius.conf make me confused.
# Uncomment it if you want to use ldap for authentication
#
# Note that this means check plain-text password
Arjuna Scagnetto wrote:
i have a configuration that works.
Using 802.1x Eap-ttls (pap) and a OpenLdap for user authentication.
It works.
Because the inner tunnel session is PAP.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Cian Phillips wrote:
rlm_ldap: performing search in cn=users,dc=cca,dc=edu, with filter
(uid=cian)
rlm_ldap: checking if remote access for cian is allowed by uidNumber
rlm_ldap: looking for check items in directory...
rlm_ldap: looking for reply items in directory...
rlm_ldap: user cian
client to the AP I get
error messages about User-Password being required and the Access-
Request packet does not have the User-Password attribute.
Many of the settings are the default. The settings I have changed
have been from several online tutorials none of which talked about
both 802.1x
Cian Phillips wrote:
Many of the settings are the default. The settings I have changed
have been from several online tutorials none of which talked about
both 802.1x and LDAP.
Seems to me you didn't search well enough...
http://www.google.com/search?hl=nlq=freeradius+802.1x+ldap+howto
PROTECTED]
On Aug 19, 2005, at 10:30 AM, Thor Spruyt wrote:
Cian Phillips wrote:
Many of the settings are the default. The settings I have changed
have been from several online tutorials none of which talked about
both 802.1x and LDAP.
Seems to me you didn't search well enough...
http
Cian Phillips [EMAIL PROTECTED] wrote:
With each of these I still have the problem where the Access-Request
packet doesn't contain a User-Password attribute. I am guessing that
there is something very fundamental that I am not understanding..
like there isn't supposed to be a
FreeRadius users mailing list freeradius-users@lists.freeradius.org on
August 19, 2005 at 10:54 -0800 wrote:
With each of these I still have the problem where the Access-Request
packet doesn't contain a User-Password attribute. I am guessing that
there is something very fundamental that I am
30 matches
Mail list logo