Re: eap-ttls with SMD5-Password

On 20 Sep 2013, at 17:04, Nasser Heidari wrote: > Hi, > > I'm trying to setup eap-ttls with freeradius, all my tests in LAB was > successful. I've test it with both users file and sql and it was working. > Now I'm going to prepare it for real setup, my only

eap-ttls with SMD5-Password

Hi, I'm trying to setup eap-ttls with freeradius, all my tests in LAB was successful. I've test it with both users file and sql and it was working. Now I'm going to prepare it for real setup, my only problem is that all my User-Passwords is database is stored with SMD5-Passwor

eap-ttls with SMD5-Password

Hi, I'm trying to setup eap-ttls with freeradius, all my tests in LAB was successful. I've test it with both users file and sql and it was working. Now I'm going to prepare it for real setup, my only problem is that all my User-Passwords is database is stored with SMD5-Passwor

RE: terminate eap-ttls

NOT what I want to do. I want to send the inner > > message, not the tunnel and do PAP on the remote server. > You can only do PAP on the remote server if your inner auth method was PAP. > Basically, this means EAP-TTLS/PAP. > Doing that is simple: > server inner-tunnel { >

Re: terminate eap-ttls

emote server. You can only do PAP on the remote server if your inner auth method was PAP. Basically, this means EAP-TTLS/PAP. Doing that is simple: server inner-tunnel { authorize { update control { Proxy-To-Realm := THEREALM } } } If this isn't working, send a debug from &

Re: terminate eap-ttls

Hi, > >This *is* proxying the inner tunnel; the inner tunnel auth is also EAP, and > >you're sending it to the remote server. > > Thanks, this is NOT what I want to do. I want to send the inner message, not > the tunnel and do PAP on the remote server. okay. so you need to start by terminating

RE: terminate eap-ttls

>> What I really need to do is proxy the inner message to another Radius >> server which will do the authentication but I cannot get this to work. >> Whatever I try, I always see an EAP-Message avp heading off to the >> remote server. I have looked at the proxy-inner-tunnel virtual server >> bu

RE: terminate eap-ttls

and, if I send a simple radtest request I get an access-accept from the downstream server. What I want to do is be able to send in an EAP-TTLS request using eapol_test and have the same result. Thanks again. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: terminate eap-ttls

On 19/06/13 13:28, adrian.p.sm...@bt.com wrote: What I really need to do is proxy the inner message to another Radius server which will do the authentication but I cannot get this to work. Whatever I try, I always see an EAP-Message avp heading off to the remote server. I have looked at the prox

Re: terminate eap-ttls

Hi, >I have managed to setup a simple test using eapol_test as per > > http://www.openlogic.com/wazi/bid/188089/Authenticating-Wi-Fi-Users-with-FreeRADIUS thats a rather old...and random URL. why not look at official docs? >and it all works as described except that I have to use ca.p

terminate eap-ttls

I have managed to setup a simple test using eapol_test as per http://www.openlogic.com/wazi/bid/188089/Authenticating-Wi-Fi-Users-with-FreeRADIUS and it all works as described except that I have to use ca.pem instead of server.pem. I think this might be because the example uses an older version

Re: EAP-TTLS security level

The security depends on the configuration of your clients and the certificate chosen for your radius server alan This smartphone uses eduroam for free WiFi access around the world. Now that's what I call smart. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: EAP-TTLS security level

Emmanuel BILLOT wrote: > We are thinking about using radius authentification trough Internet. > Considering we use EAP-TTLS method for authenticating wifi users, is > there any way to intercept user passwords ? No. > Is EAP-TTLS as secure as https or smtps ? Yes. They all use

EAP-TTLS security level

Hi, We are thinking about using radius authentification trough Internet. Considering we use EAP-TTLS method for authenticating wifi users, is there any way to intercept user passwords ? Is EAP-TTLS as secure as https or smtps ? BR, -- Emmanuel BILLOT CATEL - Dpt. Système et Réseaux Rectorat

Re: Question about EAP-TTLS session resumption

> The user 'bob' does not exist, so FreeRADIUS does the correct thing (i.e. > rejecting the user). This has not been in doubt at all. > Instantiate a new EAPTTLSAuthenticator() for each authentication session and you should be fine. The Authenticator class is there to maintain a context through

RE: Question about EAP-TTLS session resumption

To: FreeRadius users mailing list Subject: Re: Question about EAP-TTLS session resumption stefan.pae...@diamond.ac.uk wrote: > However, when you go to the bottom of the output, where the request for user > 'steve' (who is a valid user, and for whom a correct password was supplied)

Re: Question about EAP-TTLS session resumption

s > prematurely, which leads me to believe that the EAP-TTLS client (the JRadius > EAPTTLSAuthenticator bean) is not complying with the RFC, i.e. restart the > EAP session, negotiate a fresh tunnel, and then attempt to authenticate the > valid user 'steve' with the give

RE: Question about EAP-TTLS session resumption

ord was supplied) is sent, the request fails. The session for 'steve' is partial and stops prematurely, which leads me to believe that the EAP-TTLS client (the JRadius EAPTTLSAuthenticator bean) is not complying with the RFC, i.e. restart the EAP session, negotiate a fresh tunnel, and th

Re: Question about EAP-TTLS session resumption

stefan.pae...@diamond.ac.uk wrote: > We're trying to put together an EAP-TTLS authentication solution with another > open-source authentication server (Jasig CAS). We've found that only the > first authentication process succeeds, but everything else after fails. In > or

Question about EAP-TTLS session resumption

Hi, We're trying to put together an EAP-TTLS authentication solution with another open-source authentication server (Jasig CAS). We've found that only the first authentication process succeeds, but everything else after fails. In order for us to pinpoint whether this is a problem

Re: freeradius retransmit of EAP-TTLS start packet with incorrect packet id

Phil Mayers wrote: > Ooh, really? What solution did you hit on? Cache reply by "State". authorize { cached_reply ... } post-auth { ... cached_reply } It returns "handled" in the "authorize" section if it finds a matching State. On authorize it does:

Re: freeradius retransmit of EAP-TTLS start packet with incorrect packet id

On 19/11/12 16:27, Alan DeKok wrote: There are patches going into 3.0 which will detect RADIUS retransmits over multiple proxy hops. That is a rare case, but more likely in the case of eduroam. Fixing it is good. Ooh, really? What solution did you hit on? - List info/subscribe/unsubscribe

Re: freeradius retransmit of EAP-TTLS start packet with incorrect packet id

l...@securew2.com wrote: > it still seems strange that it would respond with a packet id that was > never sent by the client. I guess this could only happen if the AP somehow > thought it should retransmit the identity request. Yes, maybe. > I am hoping the radius server logs will help so i can

Re: freeradius retransmit of EAP-TTLS start packet with incorrect packet id

Hi Alan, it still seems strange that it would respond with a packet id that was never sent by the client. I guess this could only happen if the AP somehow thought it should retransmit the identity request. I am hoping the radius server logs will help so i can see the missing packet causing freera

Re: freeradius retransmit of EAP-TTLS start packet with incorrect packet id

l...@securew2.com wrote: > Furthermore this does not happen all the time leading me to believe this > might be a retransmit issue between the access point and freeradius, maybe > during high load. That's likely. And since it's EAP retransmit after a long time, odds are that the RADIUS packet is

freeradius retransmit of EAP-TTLS start packet with incorrect packet id

Hi, I am still waiting on the freeradius logs from the customer experiencing this problem, but I was wondering if anyone had ever seen the following before or have any ideas what may be causing it: 1. EAP-TTLS client sends the EAP-Identity (packet id 2) 2. EAP-TTLS client receives the EAP-TTLS

Re: EAP-TTLS: Access Reject comes randomly from AAA

2012/06/04 15:52:41:686525 :rlm_eap_tls: <<< TLS 1.0 Alert [length 0002], fatal unknown_ca This means WiMAX supplicant sends TLS Alert message. This is because supplicant do not trust CA that have issued AAA server certificate. CA certificate of the CA that have issued AAA server certific

Re: EAP-TTLS: Access Reject comes randomly from AAA

Hi... just check the mail with subject: *"generating ssl certs in debian squeeze"* , it may help Thank You On 20 October 2012 18:42, Alan DeKok wrote: > Rathod Subhashchandra wrote: > > This issue is coming consistently for multiple clients during Network > Entry. > > So read the debug log.

Re: EAP-TTLS: Access Reject comes randomly from AAA

Rathod Subhashchandra wrote: > This issue is coming consistently for multiple clients during Network Entry. So read the debug log. It isn't hard. > 2012/06/04 15:52:41:686559 : TLS_accept:failed in > SSLv3 read client certificate A > 2012/06/04 15:52:41:686579 : rlm_eap: SSL error > err

EAP-TTLS: Access Reject comes randomly from AAA

Dear All, I am using EAP-TTLS authentication mechanism for between WiMAX client and AAA on Linux environment During EAP negotiation phase following steps are successfully completed. 1. Identity exchange 2. Server/Client EAP-TTLS start 3. Client

Re: Freeradius crash during EAP-TTLS authentication

Hello, After three month having stable situation, the ISP home servers has started again to loose packet and to have slow response time, then our freeradius proxies has began to crash again. We've reproduced the crash with the Git version. Here's the output that I got with gdb Going to the

Re: Freeradius not expanding %{User-Password} (EAP-TTLS with MD5 authentication)

On 06/18/2012 01:25 PM, Matthew Newton wrote: Hi, On Mon, Jun 18, 2012 at 12:53:52PM +0200, Veselin Mijuskovic wrote: and without salt) and for that reason I need a password supplied from the Radius client in cleartext. You're using EAP-TTLS/MD5. Why do you think there is going to

Re: Freeradius not expanding %{User-Password} (EAP-TTLS with MD5 authentication)

Veselin Mijuskovic wrote: > However, when everything is set up, somehow '%{User-Password}' or > '%{Cleartext-Password}' (I've tried them both) does not expand to > anything when executing ntlm_auth authentication and my script always > rejects the user. There is very little magic here. The expa

Re: Freeradius not expanding %{User-Password} (EAP-TTLS with MD5 authentication)

Hi, On Mon, Jun 18, 2012 at 12:53:52PM +0200, Veselin Mijuskovic wrote: > and without salt) and for that reason I need a password supplied > from the Radius client in cleartext. You're using EAP-TTLS/MD5. Why do you think there is going to be a cleartext password anywhere in t

Re: Freeradius not expanding %{User-Password} (EAP-TTLS with MD5 authentication)

MS-CHAP doesn't send a password; it's a challenge/response authentication type, that requires the server to have access to the plaintext password, NT hash, or an oracle. See here: http://deployingradius.com/documents/protocols/compatibility.html http://deployingradius.com/documents/protocols/or

Re: EAP-TTLS-PAP-LDAP

On Jun 12, 2012, at 9:06 AM, akkouche wrote: > how to put the parameters in which files, to set up the TTLS / PAP ? greetings, way to many options out there. keep reading. use the Default FreeRadius + ldap module, ensure ssh is in order. -j smime.p7s Description: S/MIME cryptographic signature

Re: EAP-TTLS-PAP-LDAP

how to put the parameters in which files, to set up the TTLS / PAP ? -- View this message in context: http://freeradius.1045715.n5.nabble.com/EAP-TTLS-PAP-LDAP-tp2752336p5713663.html Sent from the FreeRadius - User mailing list archive at Nabble.com. - List info/subscribe/unsubscribe? See http

Re: more EAP/TTLS trouble

ver (which you can secure) you are happy with EAP-TTLs/PAP - which, whilst it lets you do your secure server stuff, means that you can have users with badly configured clients which dont do the required CA checking or RADIUS CN checking - who will then quite happily send me, running a nasty MiTM at

Re: more EAP/TTLS trouble

for > FreeRADIUS.  Version 3.0 will support RadSec (RADIUS over SSL).  Version > 2.x will not.  Ever. > >> That >> said, Windows 7 is great in my opinion, like Windows XP. If you really >> care, put pressure on your higher ups to extend the functionality to >> suppor

Re: more EAP/TTLS trouble

you really > care, put pressure on your higher ups to extend the functionality to > support things like EAP/TTLS and PAP. I'm sure there's other > deficiencies.. How is it right to sell "ultimate" versions of an OS > for $150-200 when they dont even support

Re: more EAP/TTLS trouble

m one OS to sell > a newer OS is one of the reasons I cannot stand your company. That > said, Windows 7 is great in my opinion, like Windows XP. If you really > care, put pressure on your higher ups to extend the functionality to > support things like EAP/TTLS and PAP. I'm sure there

Re: more EAP/TTLS trouble

ne of the reasons I cannot stand your company. That said, Windows 7 is great in my opinion, like Windows XP. If you really care, put pressure on your higher ups to extend the functionality to support things like EAP/TTLS and PAP. I'm sure there's other deficiencies.. How is it right to

RE: more EAP/TTLS trouble

Hi Steve Microsoft supports EAP TTLS in our upcoming is release of Windows 8 . That said PEAP MSChapv2 is as modern as an EAP TTLS and is a very widely and simply deployed method. I have personally used the freeradius peap mschapv2 pretty much out of the box. As far as the certificate error you

Re: more EAP/TTLS trouble

On 30/05/12 13:44, Steve Hopps wrote: IPhones work with a custom config profile that's easily installed. However, our most significant hurdle is windows machines. Who would have guessed??? For some stupid reason Microsoft doesn't care about supporting all modern encryption standards. Making our

Re: more EAP/TTLS trouble

Hi, >an option and XSupplicant doesn't work reliably yet in 64bit Win7. So I'm >back to trying to get mschapv2 working with peap. This seems impossible. its 100% possible natively if you expose either the plain text password, or HT-Hashed password to the server - eg with LDAP module. al

Re: more EAP/TTLS trouble

Steve Hopps wrote: > We're trying to use an access point configured for wpa2 using freeradius > to authenticate with openldap. For Android and Linux it works out of the > box with eap/ttls and pap. So we used Pam cause it already works with > ldap. I didn't know other enc

Re: more EAP/TTLS trouble

We're trying to use an access point configured for wpa2 using freeradius to authenticate with openldap. For Android and Linux it works out of the box with eap/ttls and pap. So we used Pam cause it already works with ldap. I didn't know other encryption types wouldn't work with Pam

Re: more EAP/TTLS trouble

Steve Hopps wrote: > But according to the configuration file: ... > update control { >Proxy-To-Realm := LOCAL > } > > So I'm confused, what's the right way to handle this situation? Don't edit proxy.conf to delete the LOCAL realm? Alan DeKok. - List info/subsc

Re: more EAP/TTLS trouble

On 05/29/2012 10:28 PM, Steve Hopps wrote: So I'm confused, what's the right way to handle this situation? What situation? What are you trying to do? Alan has already hinted at the issue, but basically see here: http://deployingradius.com/documents/protocols/oracles.html ...and here: http

Re: more EAP/TTLS trouble

But according to the configuration file: # The "suffix" module takes care of stripping the domain # (e.g. "@example.com") from the User-Name attribute, and the # next few lines ensure that the request is not proxied. # # If you want the inner tunnel request to

Re: more EAP/TTLS trouble

Hi, > certificate errors. What could the windows machine be doing different? > Why does the machine even enter the picture when the authentication is > between the Access Point and the server? authentication is between the client and the server - mediated over 802.1X by the Access point. thats wh

Re: more EAP/TTLS trouble

s a > Windows 7 machine. So I attempted to connect using EAP/TTLS and > MSCHAPv2 using my linux machine and my Android phone. Now I get a > different error. > > I also tried using PEAP on my Android phone, and received no > certificate errors. What could the windows machine be doing

more EAP/TTLS trouble

The only computer in our office which causes certificate errors is a Windows 7 machine. So I attempted to connect using EAP/TTLS and MSCHAPv2 using my linux machine and my Android phone. Now I get a different error. I also tried using PEAP on my Android phone, and received no certificate errors

Re: more EAP/TTLS trouble

On 23/05/12 16:16, Alan DeKok wrote: rlm_eap: SSL error error:14094418:SSL routines:SSL3_READ_BYTES:tlsv1 alert unknown ca SSL: SSL_read failed inside of TLS (-1), TLS session fails. IIRC, it means that the client doesn't have the same CA as the server. So it gets the server's certificate

Re: more EAP/TTLS trouble

The log shows the client is using PEAP and is failing at the certificate level - does the client have the CA for your server installed? You're also using 2.1.10 which is old and has bugs alan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: more EAP/TTLS trouble

Steve Hopps wrote: > I've got authentication with Android and Linux clients working using > EAP/TTLS and PAP, however Windows and OSX clients dont seem to work. > This is a log of a Windows 7 client. I was able to get iphones working > with a special config, but the same metho

more EAP/TTLS trouble

I've got authentication with Android and Linux clients working using EAP/TTLS and PAP, however Windows and OSX clients dont seem to work. This is a log of a Windows 7 client. I was able to get iphones working with a special config, but the same method doesn't seem to work for OSX. An

Re: Freeradius crash during EAP-TTLS authentication

Thomas Fagart wrote: > Did you have the opportunity to push this patch ? Yes. See github.com Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Freeradius crash during EAP-TTLS authentication

Hello, Did you have the opportunity to push this patch ? The crash does not occur very soon (around once a month). Many thanks Regards Thomas On 28.03.2012 17:15, Alan DeKok wrote: Thomas Fagart wrote: Here's the debug output this happens specialy when we add a virtual server as a fallback

Re: EAP/TTLS Auth problem

I was able to get this working, thanks for all your help everyone On Mon, May 14, 2012 at 4:51 PM, alan buxey wrote: > Hi, > >> Well I've been trying to follow the advice here and also what I've >> found online and in the configs. I attempted to revert to the >> 'default' config files for sites-e

Re: EAP/TTLS Auth problem

Hi, > Well I've been trying to follow the advice here and also what I've > found online and in the configs. I attempted to revert to the > 'default' config files for sites-enabled, as this project was dropped > in my lap after months of another guy working on it and being > frustrated, and I wasn'

Re: EAP/TTLS Auth problem

private_key_password = "-removed-" dh_file = "/etc/freeradius/certs/dh" random_file = "/dev/urandom" fragment_size = 1024 include_length = yes check_crl = no cipher_list = "DEFAULT" make_cert_command = "/etc/f

Re: EAP/TTLS Auth problem

On 14/05/12 15:58, Steve Hopps wrote: I'll post the full log. It should be pulling from OpenLDAP. I had to It's not. You haven't configured it to do that. Module: Instantiating module "ldap" from file /etc/freeradius/radiusd.conf ldap { server = "localhost" port = 389 O

Re: EAP/TTLS Auth problem

Hi, > We are using the correct password. There must be something broken > causing the passwords not to match. That is what I'm looking for help > to determine. WHERE are you using the correct password? if the client is being given the correct password, then where are the usernames and paswords

Re: EAP/TTLS Auth problem

Steve Hopps wrote: > I'll post the full log. It should be pulling from OpenLDAP. I had to > censor the log in a few places, including the IP of the system I'm > using to test, which I changed to 6.6.6.6 And please check Phil's comment. It is *still* showing this: [pap] Using CRYPT password "*"

Re: EAP/TTLS Auth problem

us/certs/dh" random_file = "/dev/urandom" fragment_size = 1024 include_length = yes check_crl = no cipher_list = "DEFAULT" make_cert_command = "/etc/freeradius/certs/bootstrap" cache { enable = no lifet

Re: EAP/TTLS Auth problem

Steve Hopps wrote: > We are using the correct password. You can believe what the server sees. Or you can believe a fantasy. It's that simple. > There must be something broken > causing the passwords not to match. That is what I'm looking for help > to determine. As Phil said, post the FU

Re: EAP/TTLS Auth problem

On 14/05/12 15:07, Steve Hopps wrote: We are using the correct password. There must be something broken causing the passwords not to match. That is what I'm looking for help to determine. Send a full debug "radiusd -X". The trimmed debug doesn't show enough info. However, at a guess, this line

Re: EAP/TTLS Auth problem

We are using the correct password. There must be something broken causing the passwords not to match. That is what I'm looking for help to determine. On Fri, May 11, 2012 at 3:02 PM, Alan DeKok wrote: > Steve Hopps wrote: >> I'm trying to use FreeRadius with OpenLDAP for authentication of some >>

Re: EAP/TTLS Auth problem

Steve Hopps wrote: > I'm trying to use FreeRadius with OpenLDAP for authentication of some > Nanostation M2 access points, but have had no luck getting it to work. > When using rad_eap_test to experiment, I logged the following: ... > [pap] Passwords don't match > ++[pap] returns reject > Failed to

EAP/TTLS Auth problem

I'm trying to use FreeRadius with OpenLDAP for authentication of some Nanostation M2 access points, but have had no luck getting it to work. When using rad_eap_test to experiment, I logged the following: Found Auth-Type = PAP # Executing group from file /etc/freeradius/sites-enabled/inner-tunnel +

Re: using windows 8's builtin eap-ttls... Windows 8 bug

Hi, > We've been digging into this a bit more and testing the TTLS > support with Windows 8. Really nice to see more options than just > PEAP at last :-) thanks for the further testing/verification Matthew :-) alan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: using windows 8's builtin eap-ttls... Windows 8 bug

testing the TTLS support with Windows 8. Really nice to see more options than just PEAP at last :-) There seems to be a bug in the Windows 8 TTLS ACK, which means that EAP-TTLS/MS-CHAPv2 doesn't work (EAP-TTLS/MSCHAP and EAP-TTLS/EAP-MSCHAP-V2 are OK). Having received an Access-Accept from

Re: Freeradius crash during EAP-TTLS authentication

Many thanks, I will test it when available. Thomas Le 28/03/2012 17:15, Alan DeKok a écrit : Thomas Fagart wrote: Here's the debug output this happens specialy when we add a virtual server as a fallback server. OK... it looks like the proxy_reply doesn't exist. I'll push a patch. Ala

Re: Freeradius crash during EAP-TTLS authentication

Thomas Fagart wrote: > Here's the debug output this happens specialy when we add a virtual > server as a fallback server. OK... it looks like the proxy_reply doesn't exist. I'll push a patch. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Freeradius crash during EAP-TTLS authentication

Hello, Here's the debug output this happens specialy when we add a virtual server as a fallback server. Finished request 75. Going to the next request Waking up in 0.1 seconds. rad_recv: Access-Request packet from host X.Y.Z.W port 34405, id=225, length=389 # Executing section post-proxy fr

Re: EAP-TTLS/PAP with OpenLDAP user store

On Wed, Mar 7, 2012 at 1:58 AM, Fajar A. Nugraha wrote: > I assume you've seen http://wiki.freeradius.org/Rlm_ldap ? > > Basically you need to determine: > - which LDAP attribute stores the password (e.g. userPassword? something > else?) > - does the attribute store the password with header (e.g

Re: EAP-TTLS/PAP with OpenLDAP user store

On Wed, Mar 7, 2012 at 3:09 AM, Stefano Zanmarchi wrote: > On Tue, Mar 6, 2012 at 8:00 PM, Fajar A. Nugraha wrote: >>> Instead, you should find out which LDAP attribute stores your >>> MD5-password, add the correct mapping to ldap.attrmap, and leave >>> Auth-Type section commented-out. > > Hi Faj

Re: EAP-TTLS/PAP with OpenLDAP user store

On Tue, Mar 6, 2012 at 8:00 PM, Fajar A. Nugraha wrote: >> Instead, you should find out which LDAP attribute stores your >> MD5-password, add the correct mapping to ldap.attrmap, and leave >> Auth-Type section commented-out. Hi Fajar, thank you for your kind answers, l'll try that out. One thing

Re: EAP-TTLS/PAP with OpenLDAP user store

On Wed, Mar 7, 2012 at 1:53 AM, Fajar A. Nugraha wrote: > On Wed, Mar 7, 2012 at 12:32 AM, Stefano Zanmarchi > wrote: >> Hi, >> my aim is to to have eap-ttls/pap working using an openldap user >> database with MD5 >> hashed passwords. I got it working configur

Re: EAP-TTLS/PAP with OpenLDAP user store

On Wed, Mar 7, 2012 at 12:32 AM, Stefano Zanmarchi wrote: > Hi, > my aim is to to have eap-ttls/pap working using an openldap user > database with MD5 > hashed passwords. I got it working configuring ldap parameters in > /etc/raddb/modules/ldap > and applying two changes i

EAP-TTLS/PAP with OpenLDAP user store

Hi, my aim is to to have eap-ttls/pap working using an openldap user database with MD5 hashed passwords. I got it working configuring ldap parameters in /etc/raddb/modules/ldap and applying two changes in /etc/raddb/sites-available/inner-tunnel: 1) uncommented "ldap" in the authorize

Re: Freeradius crash during EAP-TTLS authentication

EAP-TTLS authentication Hello, Since more than a year we're doing EAP-TTLS to authenticate Wimax Users on Alcatel and Huawei NASes. Last week we've migrate Motorola authentication on freeradius. (no more radiator :-) ). But then we've experienced freeradius crash. Informat

Re: Freeradius crash during EAP-TTLS authentication

Thomas Fagart wrote: > Last week we've migrate Motorola authentication on freeradius. (no more > radiator :-) ). Nice. > But then we've experienced freeradius crash. Not so nice. > The crash usually happen when home servers (ISP radius) does not > respond, then the radius load goes up to 50

Freeradius crash during EAP-TTLS authentication

Hello, Since more than a year we're doing EAP-TTLS to authenticate Wimax Users on Alcatel and Huawei NASes. Last week we've migrate Motorola authentication on freeradius. (no more radiator :-) ). But then we've experienced freeradius crash. Informations : Software : Freer

RE: using windows 8's builtin eap-ttls w/ freeradius

From: Alan Buxey Sent: 06-Mar-12 1:54 AM To: FreeRadius users mailing list Subject: Re: using windows 8's builtin eap-ttls w/ freeradius hi, right. interesting. I've just been looking into Windows 8 and I found that if I chose a non-EAP method with TTLS (eg PAP or MSCHAP) then it didnt wo

Re: using windows 8's builtin eap-ttls w/ freeradius

On 03/05/2012 06:31 PM, Brian Gold wrote: I've uploaded the radius -X output to http://pastebin.com/Fgr60hXr since it was pretty long. Weird; that all looks good to me. I guess the problem must be on the Windows side, but I'm not super familiar with TTLS so am not sure what it might be. -

Re: using windows 8's builtin eap-ttls w/ freeradius

hi, right. interesting. I've just been looking into Windows 8 and I found that if I chose a non-EAP method with TTLS (eg PAP or MSCHAP) then it didnt work. but if I chose an EAP method with TTLS - eg EAP-MSCHAPv2 then it worked fine. so more needs to be looked at there. based on the UI it seems t

RE: using windows 8's builtin eap-ttls w/ freeradius

org] On Behalf Of Phil Mayers > Sent: Monday, March 05, 2012 10:45 AM > To: freeradius-users@lists.freeradius.org > Subject: Re: using windows 8's builtin eap-ttls w/ freeradius > > On 05/03/12 15:05, Brian Gold wrote: > > We've been using SecureW2's cli

Re: using windows 8's builtin eap-ttls w/ freeradius

On 05/03/12 15:05, Brian Gold wrote: We've been using SecureW2's client with our Freeradius server using EAP-TTLS/PAP authentication. From doing some very preliminary testing with the Windows 8 consumer preview, I've noticed that MS is now including EAP-TTLS support dire

using windows 8's builtin eap-ttls w/ freeradius

We've been using SecureW2's client with our Freeradius server using EAP-TTLS/PAP authentication. From doing some very preliminary testing with the Windows 8 consumer preview, I've noticed that MS is now including EAP-TTLS support directly in windows. Unfortunately, I haven't

Re: eap-ttls clients and securew2

On Wed, Feb 29, 2012 at 1:56 AM, Omer Faruk SEN wrote: > Hi, > > At http://wiki.freeradius.org/EAP-Clients  it states that SecureW2 is an > open-source product but as far as i see (correct me if i am wrong) they > havechanged policy and this software is not open source anymore. Page updated. Did

Re: eap-ttls clients and securew2

Hi, >Hi, > >At [1]http://wiki.freeradius.org/EAP-Clients� it states that SecureW2 is >an open-source product but as far as i see (correct me if i am wrong) they >havechanged policy and this software is not open source anymore. depends on which version - the old version is. the ne

eap-ttls clients and securew2

Hi, At http://wiki.freeradius.org/EAP-Clients it states that SecureW2 is an open-source product but as far as i see (correct me if i am wrong) they havechanged policy and this software is not open source anymore. Regards. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/user

Re: freeradius eap-ttls user/pass + cert

t; > not secure as some information is passed in clear text?! > > You need to decide what auth methods you want to support. > > PAP on its own sends the password in clear-text. > > Sounds like you are trying to set up EAP-TTLS/PAP, which means > that the password is now

Re: freeradius eap-ttls user/pass + cert

- Original Message - From: Matthew Newton To: FreeRadius users mailing list Cc: Sent: Thursday, 23 February 2012, 11:49 Subject: Re: freeradius eap-ttls user/pass + cert Hi, On Thu, Feb 23, 2012 at 02:09:50AM -0800, grub3r wrote: > 2. configured ttls/server cert password

Re: freeradius eap-ttls user/pass + cert

cide what auth methods you want to support. PAP on its own sends the password in clear-text. Sounds like you are trying to set up EAP-TTLS/PAP, which means that the password is now inside a TLS tunnel, so no longer clear-text on the wire. > I added "EAP-TLS-Require-Client-Cert = Yes"

freeradius eap-ttls user/pass + cert

ig-files/logs on request. regards, Dan. -- View this message in context: http://freeradius.1045715.n5.nabble.com/freeradius-eap-ttls-user-pass-cert-tp5507571p5507571.html Sent from the FreeRadius - User mailing list archive at Nabble.com. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: EAP-TTLS/EAP-PEAP Certificats

Vincent Guardiola wrote: > Ok, > I don't understand why my config doens"t work or maybe i've erroe on my > client, this my conf : You've butchered the configuration. Why? The default configuration works. Use it. Then, read the default eap.conf, which contains documentation describing h

Re: EAP-TTLS/EAP-PEAP Certificats

Ok, I don't understand why my config doens"t work or maybe i've erroe on my client, this my conf : eap.conf eap { default_eap_type = peap timer_expire = 60 ignore_unknown_eap_types = no cisco_accounting_username_bug = no

  1   2   3   4   5   6   7   8   9   10   >