On 20 Sep 2013, at 17:04, Nasser Heidari wrote:
> Hi,
>
> I'm trying to setup eap-ttls with freeradius, all my tests in LAB was
> successful. I've test it with both users file and sql and it was working.
> Now I'm going to prepare it for real setup, my only
Hi,
I'm trying to setup eap-ttls with freeradius, all my tests in LAB was
successful. I've test it with both users file and sql and it was working.
Now I'm going to prepare it for real setup, my only problem is that all my
User-Passwords is database is stored with SMD5-Passwor
Hi,
I'm trying to setup eap-ttls with freeradius, all my tests in LAB was
successful. I've test it with both users file and sql and it was working.
Now I'm going to prepare it for real setup, my only problem is that all my
User-Passwords is database is stored with SMD5-Passwor
NOT what I want to do. I want to send the inner
> > message, not the tunnel and do PAP on the remote server.
> You can only do PAP on the remote server if your inner auth method was PAP.
> Basically, this means EAP-TTLS/PAP.
> Doing that is simple:
> server inner-tunnel {
>
emote server.
You can only do PAP on the remote server if your inner auth method was
PAP. Basically, this means EAP-TTLS/PAP.
Doing that is simple:
server inner-tunnel {
authorize {
update control {
Proxy-To-Realm := THEREALM
}
}
}
If this isn't working, send a debug from &
Hi,
> >This *is* proxying the inner tunnel; the inner tunnel auth is also EAP, and
> >you're sending it to the remote server.
>
> Thanks, this is NOT what I want to do. I want to send the inner message, not
> the tunnel and do PAP on the remote server.
okay. so you need to start by terminating
>> What I really need to do is proxy the inner message to another Radius
>> server which will do the authentication but I cannot get this to work.
>> Whatever I try, I always see an EAP-Message avp heading off to the
>> remote server. I have looked at the proxy-inner-tunnel virtual server
>> bu
and, if I send a simple radtest
request I get an access-accept from the downstream server. What I want to do is
be able to send in an EAP-TTLS request using eapol_test and have the same
result.
Thanks again.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
On 19/06/13 13:28, adrian.p.sm...@bt.com wrote:
What I really need to do is proxy the inner message to another Radius
server which will do the authentication but I cannot get this to work.
Whatever I try, I always see an EAP-Message avp heading off to the
remote server. I have looked at the prox
Hi,
>I have managed to setup a simple test using eapol_test as per
>
> http://www.openlogic.com/wazi/bid/188089/Authenticating-Wi-Fi-Users-with-FreeRADIUS
thats a rather old...and random URL. why not look at official docs?
>and it all works as described except that I have to use ca.p
I have managed to setup a simple test using eapol_test as per
http://www.openlogic.com/wazi/bid/188089/Authenticating-Wi-Fi-Users-with-FreeRADIUS
and it all works as described except that I have to use ca.pem instead of
server.pem. I think this might be because the example uses an older version
The security depends on the configuration of your clients and the certificate
chosen for your radius server
alan
This smartphone uses eduroam for free WiFi access around the world. Now that's
what I call smart.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Emmanuel BILLOT wrote:
> We are thinking about using radius authentification trough Internet.
> Considering we use EAP-TTLS method for authenticating wifi users, is
> there any way to intercept user passwords ?
No.
> Is EAP-TTLS as secure as https or smtps ?
Yes. They all use
Hi,
We are thinking about using radius authentification trough Internet.
Considering we use EAP-TTLS method for authenticating wifi users, is
there any way to intercept user passwords ?
Is EAP-TTLS as secure as https or smtps ?
BR,
--
Emmanuel BILLOT
CATEL - Dpt. Système et Réseaux
Rectorat
> The user 'bob' does not exist, so FreeRADIUS does the correct thing (i.e.
> rejecting the user). This has not been in doubt at all.
>
Instantiate a new EAPTTLSAuthenticator() for each authentication session
and you should be fine. The Authenticator class is there to maintain a
context through
To: FreeRadius users mailing list
Subject: Re: Question about EAP-TTLS session resumption
stefan.pae...@diamond.ac.uk wrote:
> However, when you go to the bottom of the output, where the request for user
> 'steve' (who is a valid user, and for whom a correct password was supplied)
s
> prematurely, which leads me to believe that the EAP-TTLS client (the JRadius
> EAPTTLSAuthenticator bean) is not complying with the RFC, i.e. restart the
> EAP session, negotiate a fresh tunnel, and then attempt to authenticate the
> valid user 'steve' with the give
ord was supplied) is
sent, the request fails. The session for 'steve' is partial and stops
prematurely, which leads me to believe that the EAP-TTLS client (the JRadius
EAPTTLSAuthenticator bean) is not complying with the RFC, i.e. restart the EAP
session, negotiate a fresh tunnel, and th
stefan.pae...@diamond.ac.uk wrote:
> We're trying to put together an EAP-TTLS authentication solution with another
> open-source authentication server (Jasig CAS). We've found that only the
> first authentication process succeeds, but everything else after fails. In
> or
Hi,
We're trying to put together an EAP-TTLS authentication solution with another
open-source authentication server (Jasig CAS). We've found that only the first
authentication process succeeds, but everything else after fails. In order for
us to pinpoint whether this is a problem
Phil Mayers wrote:
> Ooh, really? What solution did you hit on?
Cache reply by "State".
authorize {
cached_reply
...
}
post-auth {
...
cached_reply
}
It returns "handled" in the "authorize" section if it finds a matching
State.
On authorize it does:
On 19/11/12 16:27, Alan DeKok wrote:
There are patches going into 3.0 which will detect RADIUS retransmits
over multiple proxy hops. That is a rare case, but more likely in the
case of eduroam. Fixing it is good.
Ooh, really? What solution did you hit on?
-
List info/subscribe/unsubscribe
l...@securew2.com wrote:
> it still seems strange that it would respond with a packet id that was
> never sent by the client. I guess this could only happen if the AP somehow
> thought it should retransmit the identity request.
Yes, maybe.
> I am hoping the radius server logs will help so i can
Hi Alan,
it still seems strange that it would respond with a packet id that was
never sent by the client. I guess this could only happen if the AP somehow
thought it should retransmit the identity request.
I am hoping the radius server logs will help so i can see the missing
packet causing freera
l...@securew2.com wrote:
> Furthermore this does not happen all the time leading me to believe this
> might be a retransmit issue between the access point and freeradius, maybe
> during high load.
That's likely. And since it's EAP retransmit after a long time, odds
are that the RADIUS packet is
Hi,
I am still waiting on the freeradius logs from the customer experiencing
this problem, but I was wondering if anyone had ever seen the following
before or have any ideas what may be causing it:
1. EAP-TTLS client sends the EAP-Identity (packet id 2)
2. EAP-TTLS client receives the EAP-TTLS
2012/06/04 15:52:41:686525 :rlm_eap_tls: <<< TLS 1.0
Alert [length 0002], fatal unknown_ca
This means WiMAX supplicant sends TLS Alert message. This is because
supplicant do not trust CA that have issued AAA server certificate.
CA certificate of the CA that have issued AAA server certific
Hi...
just check the mail with subject: *"generating ssl certs in debian squeeze"*
, it may help
Thank You
On 20 October 2012 18:42, Alan DeKok wrote:
> Rathod Subhashchandra wrote:
> > This issue is coming consistently for multiple clients during Network
> Entry.
>
> So read the debug log.
Rathod Subhashchandra wrote:
> This issue is coming consistently for multiple clients during Network Entry.
So read the debug log. It isn't hard.
> 2012/06/04 15:52:41:686559 : TLS_accept:failed in
> SSLv3 read client certificate A
> 2012/06/04 15:52:41:686579 : rlm_eap: SSL error
> err
Dear All,
I am using EAP-TTLS authentication mechanism for between WiMAX client and AAA
on Linux environment
During EAP negotiation phase following steps are successfully completed.
1. Identity exchange
2. Server/Client EAP-TTLS start
3. Client
Hello,
After three month having stable situation, the ISP home servers has
started again to loose packet and to have slow response time, then our
freeradius proxies has began to crash again.
We've reproduced the crash with the Git version.
Here's the output that I got with gdb
Going to the
On 06/18/2012 01:25 PM, Matthew Newton wrote:
Hi,
On Mon, Jun 18, 2012 at 12:53:52PM +0200, Veselin Mijuskovic wrote:
and without salt) and for that reason I need a password supplied
from the Radius client in cleartext.
You're using EAP-TTLS/MD5. Why do you think there is going to
Veselin Mijuskovic wrote:
> However, when everything is set up, somehow '%{User-Password}' or
> '%{Cleartext-Password}' (I've tried them both) does not expand to
> anything when executing ntlm_auth authentication and my script always
> rejects the user.
There is very little magic here. The expa
Hi,
On Mon, Jun 18, 2012 at 12:53:52PM +0200, Veselin Mijuskovic wrote:
> and without salt) and for that reason I need a password supplied
> from the Radius client in cleartext.
You're using EAP-TTLS/MD5. Why do you think there is going to be a
cleartext password anywhere in t
MS-CHAP doesn't send a password; it's a challenge/response
authentication type, that requires the server to have access to the
plaintext password, NT hash, or an oracle. See here:
http://deployingradius.com/documents/protocols/compatibility.html
http://deployingradius.com/documents/protocols/or
On Jun 12, 2012, at 9:06 AM, akkouche wrote:
> how to put the parameters in which files, to set up the TTLS / PAP ?
greetings,
way to many options out there. keep reading.
use the Default FreeRadius + ldap module, ensure ssh is in order.
-j
smime.p7s
Description: S/MIME cryptographic signature
how to put the parameters in which files, to set up the TTLS / PAP ?
--
View this message in context:
http://freeradius.1045715.n5.nabble.com/EAP-TTLS-PAP-LDAP-tp2752336p5713663.html
Sent from the FreeRadius - User mailing list archive at Nabble.com.
-
List info/subscribe/unsubscribe? See http
ver (which you can secure) you are happy
with
EAP-TTLs/PAP - which, whilst it lets you do your secure server stuff, means
that you can have users with badly configured clients which dont do the
required CA checking or RADIUS CN checking - who will then quite happily send
me,
running a nasty MiTM at
for
> FreeRADIUS. Version 3.0 will support RadSec (RADIUS over SSL). Version
> 2.x will not. Ever.
>
>> That
>> said, Windows 7 is great in my opinion, like Windows XP. If you really
>> care, put pressure on your higher ups to extend the functionality to
>> suppor
you really
> care, put pressure on your higher ups to extend the functionality to
> support things like EAP/TTLS and PAP. I'm sure there's other
> deficiencies.. How is it right to sell "ultimate" versions of an OS
> for $150-200 when they dont even support
m one OS to sell
> a newer OS is one of the reasons I cannot stand your company. That
> said, Windows 7 is great in my opinion, like Windows XP. If you really
> care, put pressure on your higher ups to extend the functionality to
> support things like EAP/TTLS and PAP. I'm sure there
ne of the reasons I cannot stand your company. That
said, Windows 7 is great in my opinion, like Windows XP. If you really
care, put pressure on your higher ups to extend the functionality to
support things like EAP/TTLS and PAP. I'm sure there's other
deficiencies.. How is it right to
Hi Steve
Microsoft supports EAP TTLS in our upcoming is release of Windows 8 . That
said PEAP MSChapv2 is as modern as an EAP TTLS and is a very widely and
simply deployed method. I have personally used the freeradius peap mschapv2
pretty much out of the box. As far as the certificate error you
On 30/05/12 13:44, Steve Hopps wrote:
IPhones work with a custom config profile that's easily installed.
However, our most significant hurdle is windows machines. Who would have
guessed??? For some stupid reason Microsoft doesn't care about
supporting all modern encryption standards. Making our
Hi,
>an option and XSupplicant doesn't work reliably yet in 64bit Win7. So I'm
>back to trying to get mschapv2 working with peap. This seems impossible.
its 100% possible natively if you expose either the plain text password, or
HT-Hashed
password to the server - eg with LDAP module.
al
Steve Hopps wrote:
> We're trying to use an access point configured for wpa2 using freeradius
> to authenticate with openldap. For Android and Linux it works out of the
> box with eap/ttls and pap. So we used Pam cause it already works with
> ldap. I didn't know other enc
We're trying to use an access point configured for wpa2 using freeradius to
authenticate with openldap. For Android and Linux it works out of the box
with eap/ttls and pap. So we used Pam cause it already works with ldap. I
didn't know other encryption types wouldn't work with Pam
Steve Hopps wrote:
> But according to the configuration file:
...
> update control {
>Proxy-To-Realm := LOCAL
> }
>
> So I'm confused, what's the right way to handle this situation?
Don't edit proxy.conf to delete the LOCAL realm?
Alan DeKok.
-
List info/subsc
On 05/29/2012 10:28 PM, Steve Hopps wrote:
So I'm confused, what's the right way to handle this situation?
What situation?
What are you trying to do?
Alan has already hinted at the issue, but basically see here:
http://deployingradius.com/documents/protocols/oracles.html
...and here:
http
But according to the configuration file:
# The "suffix" module takes care of stripping the domain
# (e.g. "@example.com") from the User-Name attribute, and the
# next few lines ensure that the request is not proxied.
#
# If you want the inner tunnel request to
Hi,
> certificate errors. What could the windows machine be doing different?
> Why does the machine even enter the picture when the authentication is
> between the Access Point and the server?
authentication is between the client and the server - mediated over 802.1X
by the Access point. thats wh
s a
> Windows 7 machine. So I attempted to connect using EAP/TTLS and
> MSCHAPv2 using my linux machine and my Android phone. Now I get a
> different error.
>
> I also tried using PEAP on my Android phone, and received no
> certificate errors. What could the windows machine be doing
The only computer in our office which causes certificate errors is a
Windows 7 machine. So I attempted to connect using EAP/TTLS and
MSCHAPv2 using my linux machine and my Android phone. Now I get a
different error.
I also tried using PEAP on my Android phone, and received no
certificate errors
On 23/05/12 16:16, Alan DeKok wrote:
rlm_eap: SSL error error:14094418:SSL routines:SSL3_READ_BYTES:tlsv1
alert unknown ca
SSL: SSL_read failed inside of TLS (-1), TLS session fails.
IIRC, it means that the client doesn't have the same CA as the server.
So it gets the server's certificate
The log shows the client is using PEAP and is failing at the certificate level
- does the client have the CA for your server installed?
You're also using 2.1.10 which is old and has bugs
alan
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Steve Hopps wrote:
> I've got authentication with Android and Linux clients working using
> EAP/TTLS and PAP, however Windows and OSX clients dont seem to work.
> This is a log of a Windows 7 client. I was able to get iphones working
> with a special config, but the same metho
I've got authentication with Android and Linux clients working using
EAP/TTLS and PAP, however Windows and OSX clients dont seem to work.
This is a log of a Windows 7 client. I was able to get iphones working
with a special config, but the same method doesn't seem to work for
OSX. An
Thomas Fagart wrote:
> Did you have the opportunity to push this patch ?
Yes. See github.com
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Hello,
Did you have the opportunity to push this patch ?
The crash does not occur very soon (around once a month).
Many thanks
Regards
Thomas
On 28.03.2012 17:15, Alan DeKok wrote:
Thomas Fagart wrote:
Here's the debug output this happens specialy when we add a virtual
server as a fallback
I was able to get this working, thanks for all your help everyone
On Mon, May 14, 2012 at 4:51 PM, alan buxey wrote:
> Hi,
>
>> Well I've been trying to follow the advice here and also what I've
>> found online and in the configs. I attempted to revert to the
>> 'default' config files for sites-e
Hi,
> Well I've been trying to follow the advice here and also what I've
> found online and in the configs. I attempted to revert to the
> 'default' config files for sites-enabled, as this project was dropped
> in my lap after months of another guy working on it and being
> frustrated, and I wasn'
private_key_password = "-removed-"
dh_file = "/etc/freeradius/certs/dh"
random_file = "/dev/urandom"
fragment_size = 1024
include_length = yes
check_crl = no
cipher_list = "DEFAULT"
make_cert_command = "/etc/f
On 14/05/12 15:58, Steve Hopps wrote:
I'll post the full log. It should be pulling from OpenLDAP. I had to
It's not. You haven't configured it to do that.
Module: Instantiating module "ldap" from file /etc/freeradius/radiusd.conf
ldap {
server = "localhost"
port = 389
O
Hi,
> We are using the correct password. There must be something broken
> causing the passwords not to match. That is what I'm looking for help
> to determine.
WHERE are you using the correct password? if the client is being given the
correct
password, then where are the usernames and paswords
Steve Hopps wrote:
> I'll post the full log. It should be pulling from OpenLDAP. I had to
> censor the log in a few places, including the IP of the system I'm
> using to test, which I changed to 6.6.6.6
And please check Phil's comment. It is *still* showing this:
[pap] Using CRYPT password "*"
us/certs/dh"
random_file = "/dev/urandom"
fragment_size = 1024
include_length = yes
check_crl = no
cipher_list = "DEFAULT"
make_cert_command = "/etc/freeradius/certs/bootstrap"
cache {
enable = no
lifet
Steve Hopps wrote:
> We are using the correct password.
You can believe what the server sees. Or you can believe a fantasy.
It's that simple.
> There must be something broken
> causing the passwords not to match. That is what I'm looking for help
> to determine.
As Phil said, post the FU
On 14/05/12 15:07, Steve Hopps wrote:
We are using the correct password. There must be something broken
causing the passwords not to match. That is what I'm looking for help
to determine.
Send a full debug "radiusd -X". The trimmed debug doesn't show enough info.
However, at a guess, this line
We are using the correct password. There must be something broken
causing the passwords not to match. That is what I'm looking for help
to determine.
On Fri, May 11, 2012 at 3:02 PM, Alan DeKok wrote:
> Steve Hopps wrote:
>> I'm trying to use FreeRadius with OpenLDAP for authentication of some
>>
Steve Hopps wrote:
> I'm trying to use FreeRadius with OpenLDAP for authentication of some
> Nanostation M2 access points, but have had no luck getting it to work.
> When using rad_eap_test to experiment, I logged the following:
...
> [pap] Passwords don't match
> ++[pap] returns reject
> Failed to
I'm trying to use FreeRadius with OpenLDAP for authentication of some
Nanostation M2 access points, but have had no luck getting it to work.
When using rad_eap_test to experiment, I logged the following:
Found Auth-Type = PAP
# Executing group from file /etc/freeradius/sites-enabled/inner-tunnel
+
Hi,
> We've been digging into this a bit more and testing the TTLS
> support with Windows 8. Really nice to see more options than just
> PEAP at last :-)
thanks for the further testing/verification Matthew :-)
alan
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
testing the TTLS
support with Windows 8. Really nice to see more options than just
PEAP at last :-)
There seems to be a bug in the Windows 8 TTLS ACK, which means
that EAP-TTLS/MS-CHAPv2 doesn't work (EAP-TTLS/MSCHAP and
EAP-TTLS/EAP-MSCHAP-V2 are OK).
Having received an Access-Accept from
Many thanks, I will test it when available.
Thomas
Le 28/03/2012 17:15, Alan DeKok a écrit :
Thomas Fagart wrote:
Here's the debug output this happens specialy when we add a virtual
server as a fallback server.
OK... it looks like the proxy_reply doesn't exist. I'll push a patch.
Ala
Thomas Fagart wrote:
> Here's the debug output this happens specialy when we add a virtual
> server as a fallback server.
OK... it looks like the proxy_reply doesn't exist. I'll push a patch.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Hello,
Here's the debug output this happens specialy when we add a virtual
server as a fallback server.
Finished request 75.
Going to the next request
Waking up in 0.1 seconds.
rad_recv: Access-Request packet from host X.Y.Z.W port 34405, id=225,
length=389
# Executing section post-proxy fr
On Wed, Mar 7, 2012 at 1:58 AM, Fajar A. Nugraha wrote:
> I assume you've seen http://wiki.freeradius.org/Rlm_ldap ?
>
> Basically you need to determine:
> - which LDAP attribute stores the password (e.g. userPassword? something
> else?)
> - does the attribute store the password with header (e.g
On Wed, Mar 7, 2012 at 3:09 AM, Stefano Zanmarchi wrote:
> On Tue, Mar 6, 2012 at 8:00 PM, Fajar A. Nugraha wrote:
>>> Instead, you should find out which LDAP attribute stores your
>>> MD5-password, add the correct mapping to ldap.attrmap, and leave
>>> Auth-Type section commented-out.
>
> Hi Faj
On Tue, Mar 6, 2012 at 8:00 PM, Fajar A. Nugraha wrote:
>> Instead, you should find out which LDAP attribute stores your
>> MD5-password, add the correct mapping to ldap.attrmap, and leave
>> Auth-Type section commented-out.
Hi Fajar,
thank you for your kind answers, l'll try that out.
One thing
On Wed, Mar 7, 2012 at 1:53 AM, Fajar A. Nugraha wrote:
> On Wed, Mar 7, 2012 at 12:32 AM, Stefano Zanmarchi
> wrote:
>> Hi,
>> my aim is to to have eap-ttls/pap working using an openldap user
>> database with MD5
>> hashed passwords. I got it working configur
On Wed, Mar 7, 2012 at 12:32 AM, Stefano Zanmarchi wrote:
> Hi,
> my aim is to to have eap-ttls/pap working using an openldap user
> database with MD5
> hashed passwords. I got it working configuring ldap parameters in
> /etc/raddb/modules/ldap
> and applying two changes i
Hi,
my aim is to to have eap-ttls/pap working using an openldap user
database with MD5
hashed passwords. I got it working configuring ldap parameters in
/etc/raddb/modules/ldap
and applying two changes in /etc/raddb/sites-available/inner-tunnel:
1) uncommented "ldap" in the authorize
EAP-TTLS authentication
Hello,
Since more than a year we're doing EAP-TTLS to authenticate Wimax Users on
Alcatel and Huawei NASes.
Last week we've migrate Motorola authentication on freeradius. (no more
radiator :-) ).
But then we've experienced freeradius crash.
Informat
Thomas Fagart wrote:
> Last week we've migrate Motorola authentication on freeradius. (no more
> radiator :-) ).
Nice.
> But then we've experienced freeradius crash.
Not so nice.
> The crash usually happen when home servers (ISP radius) does not
> respond, then the radius load goes up to 50
Hello,
Since more than a year we're doing EAP-TTLS to authenticate Wimax Users
on Alcatel and Huawei NASes.
Last week we've migrate Motorola authentication on freeradius. (no more
radiator :-) ).
But then we've experienced freeradius crash.
Informations :
Software : Freer
From: Alan Buxey
Sent: 06-Mar-12 1:54 AM
To: FreeRadius users mailing list
Subject: Re: using windows 8's builtin eap-ttls w/ freeradius
hi,
right. interesting. I've just been looking into Windows 8 and I found
that if I chose a non-EAP method with TTLS (eg PAP or MSCHAP) then it
didnt wo
On 03/05/2012 06:31 PM, Brian Gold wrote:
I've uploaded the radius -X output to http://pastebin.com/Fgr60hXr since it was
pretty long.
Weird; that all looks good to me. I guess the problem must be on the
Windows side, but I'm not super familiar with TTLS so am not sure what
it might be.
-
hi,
right. interesting. I've just been looking into Windows 8 and I found
that if I chose a non-EAP method with TTLS (eg PAP or MSCHAP) then it
didnt work. but if I chose an EAP method with TTLS - eg EAP-MSCHAPv2 then
it worked fine. so more needs to be looked at there.
based on the UI it seems t
org] On Behalf Of Phil Mayers
> Sent: Monday, March 05, 2012 10:45 AM
> To: freeradius-users@lists.freeradius.org
> Subject: Re: using windows 8's builtin eap-ttls w/ freeradius
>
> On 05/03/12 15:05, Brian Gold wrote:
> > We've been using SecureW2's cli
On 05/03/12 15:05, Brian Gold wrote:
We've been using SecureW2's client with our Freeradius server using
EAP-TTLS/PAP authentication. From doing some very preliminary testing
with the Windows 8 consumer preview, I've noticed that MS is now
including EAP-TTLS support dire
We've been using SecureW2's client with our Freeradius server using
EAP-TTLS/PAP authentication. From doing some very preliminary
testing with the Windows 8 consumer preview, I've noticed that MS is now
including EAP-TTLS support directly in windows.
Unfortunately, I haven't
On Wed, Feb 29, 2012 at 1:56 AM, Omer Faruk SEN wrote:
> Hi,
>
> At http://wiki.freeradius.org/EAP-Clients it states that SecureW2 is an
> open-source product but as far as i see (correct me if i am wrong) they
> havechanged policy and this software is not open source anymore.
Page updated. Did
Hi,
>Hi,
>
>At [1]http://wiki.freeradius.org/EAP-Clients� it states that SecureW2 is
>an open-source product but as far as i see (correct me if i am wrong) they
>havechanged policy and this software is not open source anymore.
depends on which version - the old version is. the ne
Hi,
At http://wiki.freeradius.org/EAP-Clients it states that SecureW2 is an
open-source product but as far as i see (correct me if i am wrong) they
havechanged policy and this software is not open source anymore.
Regards.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/user
t; > not secure as some information is passed in clear text?!
>
> You need to decide what auth methods you want to support.
>
> PAP on its own sends the password in clear-text.
>
> Sounds like you are trying to set up EAP-TTLS/PAP, which means
> that the password is now
- Original Message -
From: Matthew Newton
To: FreeRadius users mailing list
Cc:
Sent: Thursday, 23 February 2012, 11:49
Subject: Re: freeradius eap-ttls user/pass + cert
Hi,
On Thu, Feb 23, 2012 at 02:09:50AM -0800, grub3r wrote:
> 2. configured ttls/server cert password
cide what auth methods you want to support.
PAP on its own sends the password in clear-text.
Sounds like you are trying to set up EAP-TTLS/PAP, which means
that the password is now inside a TLS tunnel, so no longer
clear-text on the wire.
> I added "EAP-TLS-Require-Client-Cert = Yes"
ig-files/logs on request.
regards, Dan.
--
View this message in context:
http://freeradius.1045715.n5.nabble.com/freeradius-eap-ttls-user-pass-cert-tp5507571p5507571.html
Sent from the FreeRadius - User mailing list archive at Nabble.com.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Vincent Guardiola wrote:
> Ok,
> I don't understand why my config doens"t work or maybe i've erroe on my
> client, this my conf :
You've butchered the configuration.
Why?
The default configuration works. Use it.
Then, read the default eap.conf, which contains documentation
describing h
Ok,
I don't understand why my config doens"t work or maybe i've erroe on my
client, this my conf :
eap.conf
eap {
default_eap_type = peap
timer_expire = 60
ignore_unknown_eap_types = no
cisco_accounting_username_bug = no
1 - 100 of 1134 matches
Mail list logo