Hi,
I am facing some issues with 802.1x EAP-TLS Authentication.
Please suggest any document which can help in better understanding on TLS
Authentication.
Thanks.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
wrote:
Hi,
I am facing some issues with 802.1x EAP-TLS Authentication.
Please suggest any document which can help in better understanding on TLS
Authentication.
Thanks.
-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
--
Best Regards
Muhammad Nadeem
hi list,
i want to authenticate windows 7 computers with tls certificates.
the certs have the special windows OIDs, but i still get the error from below.
on the website http://wiki.freeradius.org/Certificate_Compatibility there is
only winxp mentioned.
is there maybe any difference with windows
Hi
On Wed, Apr 04, 2012 at 01:47:54PM +0200, Christian Bösch wrote:
the certs have the special windows OIDs, but i still get the error from below.
The oids are only one reason for that error, but it is a very
common reason for this issue. The basic problem is that, for some
reason, Windows gave
why?
really, why? wat purpose does testing these dates have - you really think
your current infrastructure, and techologies such as 802.1X are going
to be around in the same format in even 20 years time?
No, of course not:)
This is my curiosity led me to test such date.
Victor Guk wrote:
I tried on a 64 bit computer. The same result.
Ask the OpenSSL people why their library can't handle dates after 2050.
FreeRADIUS can't handle dates after 2038, due to 32-bit limitations of
the timestamp in RADIUS.
Alan DeKok.
-
List info/subscribe/unsubscribe? See
Hello
I have SLES 11 SP1(64bit), freeradius 2.1.12 and openssl 0.9.8r.
I set up authentication with EAP/TLS.
Server and client certificates are valid until 3011 year. Here they are:
Certificate Details:
Serial Number: 1 (0x1)
Validity
Not Before: Dec 5 07:05:02 2011 GMT
Not After : Apr 7
On 12/05/2011 08:25 AM, Victor Guk wrote:
[tls] TLS 1.0 Handshake [length 0249], Certificate
-- verify error:num=9:certificate is not yet valid
[tls] TLS 1.0 Alert [length 0002], fatal bad_certificate
TLS Alert write:fatal:bad certificate
This error comes from within OpenSSL. FreeRADIUS
hi,
why?
really, why? wat purpose does testing these dates have - you really think
your current infrastructure, and techologies such as 802.1X are going
to be around in the same format in even 20 years time?
anywayI'm guessing these are 32 bit server and client OS ?
you may find, in that
Hi,
why?
really, why? wat purpose does testing these dates have - you really think
your current infrastructure, and techologies such as 802.1X are going
to be around in the same format in even 20 years time?
To be honest, I'm thinking of a similar thing. Given how painful a CA
rollover can
This error comes from within OpenSSL. FreeRADIUS just does what OpenSSL
tells it.
Can you verify the cert with the openssl verify ... test command? e.g.
try this:
openssl verify -CAfile ca.pem -purpose sslserver server.pem
freeradius:/usr/local/CA # openssl verify -CAfile cacert.pem
Hi All,
I am using Freeradius 2.1.0
PEAP/TTLS is working fine and I am facing problem in TLS
authentication. I am able to generate certificate but while connecting it
throws Authentication error.
Can some one send me client.cnf and server.cnf. Also let me
know whether installing
Hi,
Can anyone please give some solution or idea to debug it.
Regards
Senthil
On Mon, Apr 11, 2011 at 5:57 PM, senthil kumar mail...@gmail.com wrote:
Hi Alan,
Any solution or debug to this problem.
Please let me know.
Regards
Senthil
On Fri, Apr 8, 2011 at 1:43
Hi Alan,
Any solution or debug to this problem.
Please let me know.
Regards
Senthil
On Fri, Apr 8, 2011 at 1:43 PM, senthil kumar mail...@gmail.com wrote:
Hi Alan,
Earlier I have faced the same problem and after changing Make file it
was working fine.
Now
Hi All,
I am using Freeradius 2.1.0
PEAP/TTLS is working fine and I am facing problem in TLS
authentication. I am able to generate certificate but while connecting it
throws Authentication error.
Please let me know how to debug it.
rad_recv: Access-Request packet from host
senthil kumar wrote:
I am using Freeradius 2.1.0
PEAP/TTLS is working fine and I am facing problem in TLS
authentication. I am able to generate certificate but while connecting
it throws Authentication error.
Please let me know how to debug it.
*Read* the debug log.
Hi Alan,
Earlier I have faced the same problem and after changing Make file it
was working fine.
Now certificate got expired and I tried to generate new certificate.
Problem is I am not able to connect with the new certificate.
So please let me know how to solve this problem.
Hi All,
I am using Freeradius 2.1.0
PEAP/TTLS is working fine and I am facing problem in TLS
authentication. I am able to generate certificate but while connecting it
throws Authentication error.
Please let me know how to debug it.
rad_recv: Access-Request packet from host
Terry Simons wrote:
I'm running into an issue where FreeRADIUS allows an invalid certificate (one
not signed by my configured CA) to successfully authenticate to EAP-TLS.
Well... the code which prints the error verify error:num=20: is in
the verify certificate callback function. It's
Hi,
I'm running into an issue where FreeRADIUS allows an invalid certificate (one
not signed by my configured CA) to successfully authenticate to EAP-TLS.
There's a message in the log that clearly indicates that the CA wasn't found
(-- verify error:num=20:unable to get local issuer
SEELEMANN, Sven wrote:
I've been trying to migrate the FreeRadius server from 1.1.8 to the
latest (stable) release (2.1.9 at the last try, 2.1.8 before that).
The configurations should be largely similar. i.e. minimal changes
should be required.
I'm
using EAP TLS to authenticate modem
Hi,
I've been trying to migrate the FreeRadius server from 1.1.8 to the
latest (stable) release (2.1.9 at the last try, 2.1.8 before that). I'm
using EAP TLS to authenticate modem connection to our DSLAM (using 2 way
authentication). The 1.1.8 server has no trouble performing the task,
Hi
I have copied MAKE file from the 2.1.8 pre version.But not able to generate
certificates.
When I try to run ./bootstrap , it throws error related to MAKE.in file
Please let me know the procedure to generate a certificate.
Regards
Senthil
On Wed, Dec 9, 2009 at 1:00 AM, t...@kalik.net
I have copied MAKE file from the 2.1.8 pre version.But not able to
generate
certificates.
When I try to run ./bootstrap , it throws error related to MAKE.in file
Please let me know the procedure to generate a certificate.
Read the README file in certs directory.
Ivan Kalik
-
List
Where I could get the makefile v.2.1.8-pre
Probably it also solves the problem that I have.
regards,
Fernando.
t...@kalik.net wrote:
Below is the complete Log..
Please let me know how to solve/debug it..
[tls] Done initial handshake
[tls] TLS 1.0 Alert [length 0002],
Fernando Calvelo Vazquez wrote:
Where I could get the makefile v.2.1.8-pre
Probably it also solves the problem that I have.
http://git.freeradius.org/pre/
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Actually I copied the file from /usr/share/doc/freeradius/examples/certs
folder
But I didnt change any in MAKE file
Is there anyother way to debug it???
On Tue, Dec 8, 2009 at 3:40 AM, t...@kalik.net wrote:
Below is the complete Log..
Please let me know how to solve/debug
Where I could get the makefile v.2.1.8-pre
Probably it also solves the problem that I have.
Get the whole thing and take what you want:
http://git.freeradius.org/pre/
Ivan Kalik
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Where I could get the makefile v.2.1.8-pre
Probably it also solves the problem that I have.
PS. I would take the whole certs directory.
Ivan Kalik
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Actually I copied the file from /usr/share/doc/freeradius/examples/certs
folder
But I didnt change any in MAKE file
From which version? 2.1.7 or 2.1.8? 2.1.8 has the new Makefile which signs
client certificates with ca certificate.
Is there anyother way to debug it???
That's openSSL stuff.
Hi All,
Below is the complete Log..
Please let me know how to solve/debug it..
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 192.168.1.1 port 4991, id=2,
length=144
User-Name = maemo
NAS-IP-Address = 192.168.1.1
Called-Station-Id = 0023692c6f74
Below is the complete Log..
Please let me know how to solve/debug it..
[tls] Done initial handshake
[tls] TLS 1.0 Alert [length 0002], warning bad_certificate
TLS Alert read:warning:bad certificate
It's adifferent error. Quite clear what is wrong. Did you try to alter
Iam using Freeeadius 2.1.0. The setup is working fine with EAP-TTLS,
PEAP
method.But for EAP TLS, it gives the below error..
Please let me know how to solve..
[eap] Handler failed in EAP/tls
[eap] Failed in EAP select
++[eap] returns invalid
Failed to authenticate the user.
Well,
Hi,
Iam using Freeeadius 2.1.0. The setup is working fine with EAP-TTLS, PEAP
method.But for EAP TLS, it gives the below error..
Please let me know how to solve..
[eap] Handler failed in EAP/tls
[eap] Failed in EAP select
++[eap] returns invalid
Failed to authenticate the user.
Regards
Hi,
I'm trying to establish a EAP/TLS authentication. The certificates are
created by the freeradius scripts. rad_eap_test v0.22 is used for
testing. Somehow the authentication request runs into to timeout, but I
can't see what's wrong. Any suggestions ?
# ~/rad_eap_test -S testing123 -u wied
Hi,
I got a little further in using eapol_test. Now the radius server
reports the following.
FreeRADIUS Version 2.1.3, for host i486-pc-linux-gnu, built on Feb 25
2009 at 14:17:43
Copyright (C) 1999-2008 The FreeRADIUS server project and contributors.
There is NO warranty; not even for
Wiedemann, Joerg wrote:
I got a little further in using eapol_test. Now the radius server
reports the following.
There is a lot... but reading it for error and failure doesn't
hurt, either.
...
[tls] TLS 1.0 Handshake [length 0382], Certificate
-- verify error:num=20:unable to get local
I got a little further in using eapol_test. Now the radius server
reports the following.
...
[tls] TLS 1.0 Handshake [length 0382], Certificate
-- verify error:num=20:unable to get local issuer certificate
[tls] TLS 1.0 Alert [length 0002], fatal unknown_ca
TLS Alert write:fatal:unknown CA
Hi FreeRADIUS user community
I'm in search for some ideas for the following situation:
Given are several WLANS controlled by a Siemens Hipath C2400 WLAN
Controller with Siemens APs. The controller provides different WLANs
identified by different ESSIDs. All WLAN Clients use IEEE802.1x
Am Mittwoch, 1. April 2009 13:43:30 schrieb Ulf Leichsenring:
Hi FreeRADIUS user community
I'm in search for some ideas for the following situation:
Given are several WLANS controlled by a Siemens Hipath C2400 WLAN
Controller with Siemens APs. The controller provides different WLANs
I know, the Siemens controller is able to send the ESSID the device is
trying to connect inside the RADIUS request as vendor specific attribute.
And what VSA would it be? If you can find that attribute in the
dictionaries - it is possible. If you can't - you can add it yourself
to
Michael Schwartzkopff schrieb:
1) Upgrade to an actual version of FR. 2.1.4 should do.
2) Edit your dictionary so that your FR understands the Siemens vendor spec
attributes.
3) create a unlang (only FR version 2!) config to also check for the new
essid
attribute and according group
t...@kalik.net schrieb:
And what VSA would it be? If you can find that attribute in the
dictionaries - it is possible. If you can't - you can add it yourself
to raddb/dictionary. It would be better to get the dictionary from
Siemens and post it to this list so it can be included in freeradius
Hello all,
I'm relatively new with freeradius. I got freeradius running fine as aaa
server and want to extend t authenticate my wireless.
I'm testing with a linksys wrt54g ap.
I've done a lot of reading on how to configure eap/tls but for some
reason I can't get it to work. Can anybody give
So, you should probably create a new certificate with a certified CA or a
correct own CA. Install openssl and follow a howto on creating new
certificates. Make sure you match Common Name to server.domainname
Furthermore change certificate options (like password) in eap.conf.
gr, jelle
Oh, and when using TLS, install client certificate on client.
2008/6/15 Jelle Langbroek [EMAIL PROTECTED]:
So, you should probably create a new certificate with a certified CA or a
correct own CA. Install openssl and follow a howto on creating new
certificates. Make sure you match Common Name
I'm happy to be wrong about this, but in my experience, this parameter:
-CApath ca.pem
Needs to be an actual path, not a PEM CA file, where you have performed
these steps:
download certificate authority cert in PEM format
run c_rehash . (openssl script)
On Thu, May 15, 2008 at 10:37 AM,
Hi All,
I am trying to use authenticate one embedded WLAN device with using
freeRadius server 2.0.4
I have radiusd.conf,client.conf files as per my configuration.
I have created certificates using bootstrap script.Values in
ca.cnf,client.cnf and server.cnf have been modified accordingly.
I have
Hello,
anyone has used eToken Aladdin 64k with EAP-TLS authentication
using wpa_supplicant ?
thank you
Rick
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Hi:
I run FreeRADIUS 2.0 for EAP-TLS authentication on my wireless network,
it works fine in my test setup but there are some pieces missing I can't
figure out:
1. I'd like to add support for more than one root certificate
2. I'd like to log the certificate's distinguished name
3. I'd like
No. But you can create a script that monitors accounting data and alerts
you when there are multiple CallingStationIds per username. You can then
ban those users (CRL) or discipline them in any way you see fit.
Ivan Kalik
Kalik Informatika ISP
Dana 14/12/2007, [EMAIL PROTECTED] [EMAIL
HI
I am using EAP_TLS authentication ie certificate based authentication with
free radius.The setup is working fine .
I have one query.Is there any way to lock the client certificate to a
particular laptop MAC address so that the certificate cannot be used in another
machine..Is there any
You are setting up Auth-Type System. Post the entry in users file:
users: Matched entry dkupis at line 1
Ivan Kalik
Kalik Informatika ISP
Dana 12/10/2007, Dorota Kupis [EMAIL PROTECTED] piše:
Hello,
I'm not familiar with freeradius yet. I read some HOWTOs and I do try to
make wireless
Hi,
I do post users
thanks
dkupis Auth-Type := system
Service-Type = NAS-Prompt-User,
cisco-avpair == shell:priv-lvl=15,
idle-timeout = 1800
okay. from this it looks like your attempting to configure FR to do some
form of Cisco device login authentication. is the
Hi,
I'm not familiar with freeradius yet. I read some HOWTOs and I do try to
make wireless Windows XP talk to Radius server. I have an AP 1131. I
have managed to make this configuration work with cisco ACS in the past,
so AP part should be OK.
you're authenticating, or trying to, from the
/eap tls authentication
You are setting up Auth-Type System. Post the entry in users file:
users: Matched entry dkupis at line 1
Ivan Kalik
Kalik Informatika ISP
Dana 12/10/2007, Dorota Kupis [EMAIL PROTECTED] piše:
Hello,
I'm not familiar with freeradius yet. I read some HOWTOs and I do
1.1.3
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED]
Sent: Friday, October 12, 2007 12:50 PM
To: FreeRadius users mailing list
Subject: RE: peap/eap tls authentication
You are using an old version of the server. Which one? Why don't
the server in normal
mode.Regards AnoopMessage: 2 Date: Tue, 11 Sep 2007
10:39:38 +0200 (CEST) From: inelec communicationSubject: RE : LOGs of
eap-tls authentication (inelec communication) To: FreeRadius users mailing
list Message-ID: [EMAIL PROTECTED] Content-Type
[EMAIL PROTECTED]
Subject: RE : LOGs of eap-tls authentication
To: FreeRadius users mailing list
freeradius-users@lists.freeradius.org
Message-ID: [EMAIL PROTECTED]
Content-Type: text/plain; charset=\iso-8859-1\
hello,
To restart the radius I knew only one command which is service
On Thu, 2007-09-13 at 14:40 +0500, [EMAIL PROTECTED] wrote:
hi
I am not able to start server by service radiusd restart command/.
I used to start by simply typing radiusd command
Pls anyone no the command to stop the server
If you are on Unix, radiusd is just an ordinary process, which
: RE : LOGs of eap-tls authentication
To: FreeRadius users mailing list
Hi
Please find my result.The authentication is working well.The problem is logs
are not in radius.log file.
[EMAIL PROTECTED] fr1.1.7]# cat successlog
Message-Authenticator = 0x96080298cf8084c0a353d72c9e82a3aa
radiusd restart; doing that you are in
normal mode and you can do your wlan loging without any problem and you get
your log.
regards
[EMAIL PROTECTED] a écrit :
Message: 3 Date: Mon, 10 Sep 2007 10:23:19 +0200 (CEST) From: inelec
communicationSubject: RE : LOGs of eap-tls
mode.
Regards
Anoop
Message: 2
Date: Tue, 11 Sep 2007 10:39:38 +0200 (CEST)
From: inelec communication [EMAIL PROTECTED]
Subject: RE : LOGs of eap-tls authentication (inelec communication)
To: FreeRadius users mailing list
freeradius-users@lists.freeradius.org
Message-ID: [EMAIL
hello,
running radius in debug mode doesn't give any log file ,i meen it doesn't
give logs in radiusd.log ; if you give me your result when you have rubn
radiusd -X -A perhaps i can help
regards
[EMAIL PROTECTED] a écrit :
Hi 1 I am using eap-tls authentication.My setup is
Message: 3
Date: Mon, 10 Sep 2007 10:23:19 +0200 (CEST)
From: inelec communication [EMAIL PROTECTED]
Subject: RE : LOGs of eap-tls authentication
To: FreeRadius users mailing list
Hi
Please find my result.The authentication is working well.The problem is logs
are not in radius.log file
Hi
1 I am using eap-tls authentication.My setup is working well with
certificates.
I am unable to get logs of user login ok or denied in the radius.log file
[EMAIL PROTECTED] sbin]# radiusd -X -A
Starting - reading configuration files ...
reread_config: reading radiusd.conf
Config:
Hello,
I'm using radius server and and linksys access point configured to use
radius security mode and windows xp in my laptop as wlan client configured like
that:
network authentication: open
data encryption: WEP
enable IEEE 802.1x authentication for this NW
EAP type: smartcard or
Hello,
I'm using radius server and and linksys access point configured to use radius
security mode and windows xp in my laptop as wlan client configured like that:
network authentication: open
data encryption: WEP
enable IEEE 802.1x authentication for this NW
EAP type: smartcard or other
Govardhana K N wrote:
I was trying to configure EAP with TLS/TTlS. After enabling TLS/TTLS in
eap.conf, I tried sending an Radius Access-Request with EAP-Identitye
response. The Server is crashing becoz of segmentation fault. The debug
lod from the server is given below.
See doc/bugs
The
Hi,
I was trying to configure EAP with TLS/TTlS. After enabling TLS/TTLS in
eap.conf, I tried sending an Radius Access-Request with EAP-Identitye
response. The Server is crashing becoz of segmentation fault. The debug lod
from the server is given below.
[EMAIL PROTECTED] wrote:
Everything is working fine.But the logs are not coming when user
authenticates.
What logs? Accounting?
If so, see the FAQ.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Dear Alan
I have been using Navis radius.Now i decided to move to free radius.In the
navis radius there is a log file .So it will be shown as \Username\ login ok
or \user login failed due to..\
So these logs will be very helpful for troubleshooting.
In free radius thers is no log
I have been using Navis radius.Now i decided to move to free radius.In
the navis radius there is a log file .So it will be shown as \Username\
login ok or \user login failed due to..\ So these logs will be very
helpful for troubleshooting.
In free radius thers is no log file is
Message: 6
Date: Fri, 13 Jul 2007 14:25:43 +0200
From: Alan DeKok [EMAIL PROTECTED]
Subject: Re: EAP-TLS authentication (Alan DeKok)
To: FreeRadius users mailing list
freeradius-users@lists.freeradius.org
Hi
Everything is working fine.But the logs are not coming when user
authenticates
-users@lists.freeradius.org
Envoyé le : Lundi, 16 Juillet 2007, 11h41mn 05s
Objet : Re: EAP-TLS authentication
Dear Alan
I have been using Navis radius.Now i decided to move to free radius.In the
navis radius there is a log file .So it will be shown as \Username\ login ok
or \user login failed
. FreeRadius and User-Password from Cisco Device
([EMAIL PROTECTED])
2. How to configure EAP Identity in 1.1.3 (Govardhana K N)
3. Re: FreeRadius and User-Password from Cisco Device (Stefan
Winter)
4. Re : EAP-TLS authentication (Eshun Benjamin
Perhaps because of this:
main: log_auth = no
Ivan Kalik
Kalik Informatika ISP
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
pls find the attached
n: lower_user = \no\
main: lower_pass = \no\
main: nospace_user = \no\
main: nospace_pass = \no\
main: checkrad = \/usr/local/sbin/checkrad\
main: proxy_requests = yes
proxy: retry_delay = 5
proxy: retry_count = 3
proxy: synchronous = no
proxy: default_fallback =
[EMAIL PROTECTED] wrote:
pls find the attached
...
Sending Access-Accept of id 4 to 192.168.0.50 port 1026
The RADIUS server thinks everything is OK.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
[EMAIL PROTECTED] wrote:
Hi
I have a set up of 802.1x authentication with free radius server .I am
using EAP_TLS certificate based authentication.The certificates i generated
was using OPENSSL tool.The setup is working fine.
In my log file no logs are displaying.Pls help.
pls find
Hi
I have a set up of 802.1x authentication with free radius server .I am using
EAP_TLS certificate based authentication.The certificates i generated was using
OPENSSL tool.The setup is working fine.
In my log file no logs are displaying.Pls help.
pls find the server in debug mode
[EMAIL
in navisradius i uesd to do that in EAP_TLS thats why i
asked.
Regards
Anoop
--
Message: 5
Date: Tue, 29 May 2007 09:42:52 +0100
From: [EMAIL PROTECTED]
Subject: Re: log file for free radius 1.1.6 eap-tls authentication
To: \FreeRadius users mailing list\
freeradius-users@lists.freeradius.org
1. RE: Gigaword support ([EMAIL PROTECTED])
2. Re : Multiple server certificates in EAP-TLS or EAP-TTLS
(Eshun Benjamin)
3. Re: log file for free radius 1.1.6 eap-tls authentication
([EMAIL PROTECTED])
4. problem in autehtication with EAP-MD5 (shantanu choudhary)
Hi
From: [EMAIL PROTECTED]
Subject: Re: log file for free radius 1.1.6 eap-tls authentication
To: \FreeRadius users mailing list\
freeradius-users@lists.freeradius.org
Message-ID: [EMAIL PROTECTED]
Content-Type: text/plain; charset=ISO-8859-2
This is EAP-TLS. This user has a valid user
Hi all
I have two quieres
1
I have changed the log_auth= yes
Still i am not able to get logs.Pls find my configs
prefix = /usr/local
exec_prefix = ${prefix}
sysconfdir = /etc
localstatedir = ${prefix}/var
sbindir = ${exec_prefix}/sbin
logdir = /usr/local/var/log/radius
raddbdir =
Post the radiusd -X output of user not in users file being accepted.
Ivan Kalik
Kalik Informatika ISP
Dana 28/5/2007, [EMAIL PROTECTED] [EMAIL PROTECTED] piše:
Hi all
I have two quieres
1
I have changed the log_auth= yes
Still i am not able to get logs.Pls find my configs
prefix =
]#
Message: 5
Date: Mon, 28 May 2007 12:08:21 +0100
From: [EMAIL PROTECTED]
Subject: Re: log file for free radius 1.1.6 eap-tls authentication
To: \FreeRadius users mailing list\
freeradius-users@lists.freeradius.org
Message-ID: [EMAIL PROTECTED]
Content-Type: text/plain; charset=ISO-8859
PROTECTED] sbin]#
Message: 5
Date: Mon, 28 May 2007 12:08:21 +0100
From: [EMAIL PROTECTED]
Subject: Re: log file for free radius 1.1.6 eap-tls authentication
To: \FreeRadius users mailing list\
freeradius-users@lists.freeradius.org
Message-ID: [EMAIL PROTECTED]
Content-Type: text/plain
are not happening.In config changes required to get the same?
Regards
Anoop
Message: 2
Date: Mon, 28 May 2007 15:07:06 +0100
From: [EMAIL PROTECTED]
Subject: Re: log file for free radius 1.1.6 eap-tls authentication
To: \FreeRadius users mailing list\
freeradius-users@lists.freeradius.org
Default radiusd.conf:
# Log authentication requests to the log file.
#
# allowed values: {no, yes}
#
log_auth = no
Change it to yes.
Ivan Kalik
Kalik Informatika ISP
Dana 24/5/2007, Anoop [EMAIL PROTECTED] piše:
Hi
I am using free raidus 1.1.6 with eap-tls authentication.The whole set
Hi
I am using free raidus 1.1.6 with eap-tls authentication.The whole set
up is working fine.
But i am not getting any logs .like user login ok..login filef etc
Pls giude me
How will i get logs and wat configurtion i need to do in the
configuration files.
Regards
Anoop
**
CRL's are not the best way to conduct authorization for EAP-TLS,
their control is too coarse when the goal is to enable/disable the
use of valid certificates use for different purposes and don't let
you assign other authorization info like what VLAN a user should be
assigned to.
The only
Dear all
My EAPTLS is working with free radisu 1.1.6 as i did every installation
starts from zero
Thanks for all for the help.
I have few quires for free radius as i was using navis radius.
1 Where will i find the log of the authentication like username login
ok...or
[EMAIL PROTECTED] wrote:
1 Where will i find the log of the authentication like username login
ok...or login failed
It's in radius.log
2 One user\'s certificate if I installed in other user\'s laptop it works.I
want one user certificate should work in one laptop only.
There's
[EMAIL PROTECTED] wrote:
Dear all
I am using the same AP,same widows client and same root certificate
for testing navis as well as free raduis .Root certificate is also installed.
Is ther any clue in the debug message?
No. If there was, you would have been told.
All I know
Dear all
I am using the same AP,same widows client and same root certificate
for testing navis as well as free raduis .Root certificate is also installed.
Is ther any clue in the debug message?
[EMAIL PROTECTED] wrote:
Dear all
Thank you for the responses
I am using openssl
Hi list
While doing eap-tls authentication i am getting the following debug
message.Anybody please clarify.
TLS_accept: Need to read more data: SSLv3 read client certificate A
In SSL Handshake Phase
In SSL Accept mode
eaptls_process returned 13
eaptls_verify returned 1
[EMAIL PROTECTED] wrote:
While doing eap-tls authentication i am getting the following debug
message.Anybody please clarify.
...
What is these debug messages indicate...
That the server is working as expected.
Alan DeKok.
--
http://deployingradius.com - The web site of the book
;t modified users file since its eap-tls authentication
Giude me any modification required further for eap-tls certificate based
authentication.
Regards
Anoop
That the server is working as expected.
Alan DeKok.
TLS_accept: Need to read more data: SSLv3 read client certificate
The FAQ, README, INSTALL, etc. all say to run the server in debugging
mode to see what\'s going on.
Dear all
I run the radius server in debug mode and the output is as follows.
I didn;t get any clue for the problem.
[EMAIL PROTECTED] raddb]# radiusd -X
Starting - reading
1 - 100 of 139 matches
Mail list logo