Hi,
>I've followed the following howto :
>[1]http://deployingradius.com/documents/configuration/active_directory.html
>and everything goes fine with the radtest, wbinfo, ntlm_auth and my user
>is correctly authentified.
my first question is why so old a version of FreeRADIUS is yo
Hey everyone !
I'm trying to configure a FreeRadius server that authenticates with MSCHAPv2
with an Active Directory 2008.
It's my fisrt radius install so go easy with me, I'm a noob :)
I've followed the following howto :
http://deployingradius.com/documents/configuration/active_directory.html
an
Hi,
> Alan: I believe I posted the errors I have been getting. I have posted
no. ou just posted the debug output when a packet was received...not
the full debug output from server startup. big difference
alan
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Matt Madrid wrote:
> Alan: I believe I posted the errors I have been getting. I have posted
> the debug output in previous posts in this thread. If there is more
> information that you think I should be giving pleas le me know.
You were told what the problem is:
...
server inner-tunnel {
+- ent
>
>> I'd love to use inner-tunnel if I could get it to work.
>
> so..whats the error then - radiusd -X - it should be quite obvious
>
Alan: I believe I posted the errors I have been getting. I have posted
the debug output in previous posts in this thread. If there is more
information that you thi
Hi,
> I'd love to use inner-tunnel if I could get it to work.
so..whats the error then - radiusd -X - it should be quite obvious
alan
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>> Ok, well like I said, mysql wasn't being queried by the inner-tunnel
>> server. Still not clear on why that was happening, but I worked around
>> it by commenting out inner-tunnel as the virtual server to use for
>> peap. So the default server is being used and working.
>
> er, it wasnt work
Hi,
> > Now I've read a million posts on the web, including this list where
> > people have reported the same problem. In most cases the problem was
> > that the inner-tunnel server wasn't configured for sql. I definitely
> > have sql on in the inner-tunnel file (which I will post in a sec). The
>
> Now I've read a million posts on the web, including this list where
> people have reported the same problem. In most cases the problem was
> that the inner-tunnel server wasn't configured for sql. I definitely
> have sql on in the inner-tunnel file (which I will post in a sec). The
> mysql server
Hello list,
First of all: freeradius-2.1.8, Mysql 5.1.41 on Ubuntu 10.04 / Airport
Extreme v7.5
I'm having trouble authenticating users with EAP/mschapv2 against a
mysql database. Users authenticate fine if they are in the users file.
Here's the main problem it seems from the debug output:
Found
> Ah, you weren't mentioning AD. With AD you can exercise reasonable
> control. And issuing and installing certificates should't be much of a
> problem (read about domain member autoenrolement). You should go for AD
> integration:
Hi, Ivan. I mentioned AD but it was way back in the first email. To
> If that's the case what's the purpose of machine certs? Are they
> really that easy to steal from
> a XP/sp3 box joined to AD? Our end users are pretty constrained by GPO
> (no command line etc)
>
Ah, you weren't mentioning AD. With AD you can exercise reasonable
control. And issuing and install
On Fri, May 8, 2009 at 2:27 PM, Arran Cudbard-Bell
wrote:
> On 8/5/09 22:02, Ivan Kalik wrote:
>>>
>>> I want machine security for machines owned by the school district.
>>> That way only school machines can be on the Lan.
>>> Student machines won't get the cert installed on their machines so
>>>
On 8/5/09 22:02, Ivan Kalik wrote:
I want machine security for machines owned by the school district.
That way only school machines can be on the Lan.
Student machines won't get the cert installed on their machines so
they won't be able to answer the challenge from the CA, right? Am I
missing you
> I want machine security for machines owned by the school district.
> That way only school machines can be on the Lan.
> Student machines won't get the cert installed on their machines so
> they won't be able to answer the challenge from the CA, right? Am I
> missing your argument?
Ah, that's how
On Fri, May 8, 2009 at 1:19 PM, Ivan Kalik wrote:
>> I haven't found a good howto on this. It seems that most folks are
>> concerned about using freeradius with WPA supplicants. The process
>> seems a bit different for computers who's must be valid as well.
>>
>
> And why do you insist on checking
> I haven't found a good howto on this. It seems that most folks are
> concerned about using freeradius with WPA supplicants. The process
> seems a bit different for computers who's must be valid as well.
>
And why do you insist on checking machine identity? Security? Lets say one
of your students
> But what you can do is largely dependant
> on what NAS supports
Thanks for the explanation.
>
>> I want
>> my users to
>> have to supply both a valid domain user/password combo AND I want their
>> computers to prove that they are allowed on the lan. My un
>
> >
> > 1) Would PEAP/EAP-MSCHAPv2 with client certs accomplish my goal?
>
> No. Because your problem has nothing to do with authentication (methods).
> Your problem is with authorization.
Thanks for your reply.
I am not sure I understand your distinction, sorry for
.
> My test setup looks like Active Directory <=> winbind <=> Freeradius <=>
> NAS
> <=> Supplicant
>
> I think that using PEAP/EAP-MSCHAPv2 with client certs may be a
> reasonable
> way to proceed but I would like to get a sanity check from folks.
>
looks like Active Directory <=> winbind <=> Freeradius <=> NAS
<=> Supplicant
I think that using PEAP/EAP-MSCHAPv2 with client certs may be a reasonable
way to proceed but I would like to get a sanity check from folks.
1) Would PEAP/EAP-MSCHAPv2 with client certs accomplish
witch 2948 SFP against FreeRADIUS server 2.0.5.
>
> Windows are cofigured to use PEAP - EAP-MSCHAPv2.
> Server certificate was created with bootstrap script (xpextensions
> are included).
>
> I tried windows xp sp3 and linux (wpa_supplicant) client and both
> cause the same server
[EMAIL PROTECTED] wrote:
> You should post that on wpa_supplicant list. Google returned this as
> likely:
>
> http://ubuntuforums.org/archive/index.php/t-604576.html
i saw similar posts yet but i never reached this state:
CTRL-EVENT-EAP-SUCCESS EAP authentication completed successfully
only
CTRL-
You should post that on wpa_supplicant list. Google returned this as
likely:
http://ubuntuforums.org/archive/index.php/t-604576.html
Ivan Kalik
Kalik Informatika ISP
Dana 29/10/2008, "Lukas Lisa" <[EMAIL PROTECTED]> piše:
>
>
>[EMAIL PROTECTED] wrote:
> I tried windows xp sp3 and linux (wp
[EMAIL PROTECTED] wrote:
I tried windows xp sp3 and linux (wpa_supplicant) client and both
cause the same server output and authorization can't pass.
Testing tools eapol_test, radeapclient and jRadiusSimulator can pass
all tests fine.
>>> Your supplicant has issues then.
>>> I tried windows xp sp3 and linux (wpa_supplicant) client and both
>>> cause the same server output and authorization can't pass.
>>> Testing tools eapol_test, radeapclient and jRadiusSimulator can pass
>>> all tests fine.
>>>
>>
>> Your supplicant has issues then. Examine eapol.log file (XP):
>
[EMAIL PROTECTED] wrote:
>> I would like to authorize windows clients access to 3com Baseline
>> Switch 2948 SFP against FreeRADIUS server 2.0.5.
>>
>> Windows are cofigured to use PEAP - EAP-MSCHAPv2.
>> Server certificate was created with bootstrap script
>
>
>
> That seem to work for me. Give it a try. I have test FR 2.1.1 with that
> configuration. Client is Win XP SP3
>
>
> Lukas Lisa wrote:
>> Hello,
>> I would like to authorize windows clients access to 3com Baseline
>> Switch 2948 SFP against FreeR
>I would like to authorize windows clients access to 3com Baseline
>Switch 2948 SFP against FreeRADIUS server 2.0.5.
>
>Windows are cofigured to use PEAP - EAP-MSCHAPv2.
>Server certificate was created with bootstrap script (xpextensions
>are included).
>
>I tried
. Give it a try. I have test FR 2.1.1 with that
configuration. Client is Win XP SP3
Lukas Lisa wrote:
Hello,
I would like to authorize windows clients access to 3com Baseline
Switch 2948 SFP against FreeRADIUS server 2.0.5.
Windows are cofigured to use PEAP - EAP-MSCHAPv2.
Server certificate
Hello,
I would like to authorize windows clients access to 3com Baseline
Switch 2948 SFP against FreeRADIUS server 2.0.5.
Windows are cofigured to use PEAP - EAP-MSCHAPv2.
Server certificate was created with bootstrap script (xpextensions
are included).
I tried windows xp sp3 and linux
adreas Polyxronopoulos wrote:
rad_recv: Access-Request packet from host 10.0.0.10:3794, id=160, length=132
NAS-IP-Address = 10.0.0.10
NAS-Port-Type = Wireless-802.11
NAS-Port = 1
Framed-MTU = 1400
User-Name = "someone"
Calling-Station-Id = "00166f1
Hi,
> I am trying to set up freeradius-1.1.3 for a wlan using peap -
> eap/mschapv2. I have downloaded the source of freeradius-1.1.3 and
> compile it (./configure , make , make install). My wireless supplicant is on
> windows xp SP2. I use users file for authentication .
that wont
Hi everyone
Merry Christmas and a Happy new year ,
I am trying to set up freeradius-1.1.3 for a wlan using peap -
eap/mschapv2. I have downloaded the source of freeradius-1.1.3 and
compile it (./configure , make , make install
Hi everyone
Merry Christmas and a Happy new year ,
I have
Adreas Polyxronopoulos
Send instant messages to your online friends http://uk.messenger.yahoo.com -
List info/subscribe/unsubscribe? See http://www.freeradiu
In case, anyone is following this thread, the problem was solved by
downgrading from Freeradius 1.1.2 and above running on Solaris 9 down to
Freeradius 1.0.5 running on the same OS. Still tracing this issue
through the debugger and will post to this thread if more information is
available.
Be
Hi,
I am trying to set up Freeradius to proxy PEAP/EAP-MSCHAPv2 request as MSCHAPv2
and know that some of you were able to set up this cofiguration successfully i.e.
http://www.mail-archive.com/freeradius-users@lists.freeradius.org/msg22903.html
http://www.mail-archive.com/freeradius-users
"Bilal Shahid" <[EMAIL PROTECTED]> wrote:
> 1- I keep getting the following error
>
> rlm_eap_mschapv2: Response contains contradictory length 0 54
>
> while using PEAP-EAP-MSCHAPv2 to authenticate the XSupplicant with
> FreeRADIUS. Following is the partial lof
Hi,
I have a couple of questions. Would greatly appreciate any help.
1- I keep getting the following error
rlm_eap_mschapv2: Response contains contradictory length 0 54
while using PEAP-EAP-MSCHAPv2 to authenticate the XSupplicant with
FreeRADIUS. Following is the partial lof from FreeRADIUS run
"stephane BRANCHOUX" <[EMAIL PROTECTED]> wrote:
> I use freeradius 0.9.3 on a Rehdat 9.0 box.
That version does not support PEAP.
Use the latest CVS snapshot.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
ronet 1100 ;-))\
Tim Bots
-Oorspronkelijk bericht-
Van: stephane BRANCHOUX [mailto:[EMAIL PROTECTED]
Verzonden: Thursday, March 18, 2004 10:54
Aan: [EMAIL PROTECTED]
Onderwerp: authentication with PEAP (EAP-MSCHAPV2) from WinXP
Hello,
I use freeradius 0.9.3 on a Rehdat 9.0 box.
I would li
Hello,
I use freeradius 0.9.3 on a Rehdat 9.0 box.
I would like to authenticate from winXP (SP1 with all patches).
My test user is in user file :
criup Auth-Type := EAP, User-Password == "mypass"
eap is configured in sections modules, authorize an authenticate ( default
config).
My wireless
42 matches
Mail list logo