Yeah, i think radius doesn't even boot if there is something wrong with certs. I checked firewalls, routing tables, etc. and no problem there.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Oh my god, now i opened up brand new Linksys router, installed dd-wrt on it and plugged it into my first freeradius server, that worked already. And now it doesn't get past the Access-Challenge! Please help me, what could be wrong? I used tcpdump to make sure, AP is sending nothing but
SOLVED! Problem is, Lynksys v5.1 can use only DD-WRT 23 sp1 MICRO - micro version is cousing problems! I used Lynksys v7 (thanks god i have plenty of those with different versions on dispossial :P) with original FW and it works!
-
List info/subscribe/unsubscribe? See
Hello, it's me again, did you miss me? :)Thing is, i tried to make 2nd freeradius server (eap-peap,mschapv2,openldap), with same setup and i configured it exact same way, but i get this when i try to connect:
rad_recv: Access-Request packet from host 192.168.1.1:3079, id=0, length=121 User-Name =
Hi,
On 9/22/06, Tilen [EMAIL PROTECTED] wrote:
Hello, it's me again, did you miss me? :)
Thing is, i tried to make 2nd freeradius server
(eap-peap,mschapv2,openldap), with same setup and i configured it exact same
way, but i get this when i try to connect:
Welcome back to our regular program
On 9/22/06, K. Hoercher [EMAIL PROTECTED] wrote:
the usual suspects: oid's in certs on supplicant, reception of
ah, for peap, of course you only need a proper root ca cert there.
Anyways it doesn't look like that gets even relevant.
regards
K .Hoercher
-
List info/subscribe/unsubscribe? See
Wohoo it works now :D Clear text password in LDAP worked like a charm now (dunno why i had problems with it in the past) :P Thank you all guys 10x!!!
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Ok i really don't get it. I made all certificates myself using only
openssl (no scripts) and entered path to them in TLS part of the
eap.conf file. CA, server cert.., everything is there in the same
directory (in my case - CERTS, with big letters) (how would i sign
certificate if i wouldn't create
On 8/30/06, Tilen [EMAIL PROTECTED] wrote:
Ok i really don't get it. I made all certificates myself using only openssl
(no scripts) and entered path to them in TLS part of the eap.conf file.
CA, server cert.., everything is there in the same directory (in my case -
CERTS, with big letters) (how
Yes yes, i understand, this works now :) I copied CA public key to wireless client and now it works. Now i only get this error:
rlm_mschap: No User-Password configured. Cannot create LM-Password.
rlm_mschap: No User-Password configured. Cannot create NT-Password.
rlm_mschap: Told to do
Tilen [EMAIL PROTECTED] wrote:
rlm_mschap: No User-Password configured. Cannot create LM-Password.
...
Hm, now i have to make LDAP passwords in NT hash and it will work (still
gotta figure out how)? Or should i make changes in ldap.attrmap file too?
No. If you have the clear-text password
users mailing list
Subject: Re: Freeradius + OpenLDAP
- user password problem
So, what i want to achieve is, to authorize against OpenLDAP the
easiest way. I don't care if i use cleartext passwords or NT hashes. What would
be the fastest way to make things work? I'm running out of time
Tilen [EMAIL PROTECTED] wrote:
rlm_ldap: Added password {crypt}$1$9wlsOcEJ$QA/FskGvrnnmsj1SWi1kY/ in check
items
...
rlm_mschap: Told to do MS-CHAPv2 for test with NT-Password
rlm_mschap: FAILED: MS-CHAP2-Response is incorrect
Requests prior to #4 are missing becouse i tried to connect multiple
times, and i didn't want to paste same thing twice. Then everything got
corrupted, becouse i had to paste it by pieces in the gmail and it
really got messed up. So here is the example of full (pasted with care
:p) radius log:
On 8/29/06, Tilen [EMAIL PROTECTED] wrote:
So here comes something really weird:
Waking up in 6 seconds...
rad_recv: Access-Request packet from host 192.168.1.1:3072, id=0,
length=147
User-Name = test
NAS-IP-Address = 192.168.1.1
Called-Station-Id = 00401013
I get Access-Reject, whole debug log is here:
rad_recv: Access-Request packet from host 192.168.1.1:3072, id=0, length=236
User-Name = test
NAS-IP-Address = 192.168.1.1
Called-Station-Id = 00401013
Calling-Station-Id = 000e3557c74e
NAS-Identifier = 00401013
NAS-Port = 30
Still doesn't work. I tried yesterday on new machine, i set up everything and
configure eap.conf to use peap. I set up server certificates and CA. When i
try to login from XP client via Linksys wireless router i get error reading
client certificate messege from freeRadius. Since i don't need
On 8/22/06, Stuckzor [EMAIL PROTECTED] wrote:
try to login from XP client via Linksys wireless router i get error reading
client certificate messege from freeRadius. Since i don't need client
Hi,
thats probably the linked in openssl complaining about not being able
to read the client
On 8/22/06, Stuckzor [EMAIL PROTECTED] wrote:
try to login from XP client via Linksys wireless router i get error reading
client certificate messege from freeRadius. Since i don't need client
Hi,
thats probably the linked in openssl complaining about not being able
to read the client
Thanks to you too. I noticed some people feel offended by my attitude, so let
me apologize - i don't mean to be a smartass, and i definetly don't have any
doubts in your knowledge, but i'm a young computer engineer (first months of
work) and when things get hard for me i can get a little pushy
Stuckzor [EMAIL PROTECTED] wrote:
Now i configured radius to use EAP-PEAP and i tought i have only 1 step left
to take - make OpenLDAP use NT hash passwords (already know how to do
that), but damn, that no dialup access attribute error strikes again with
radtest:(
From the ldap section of
Ok, let me try to get that straight - i can't use ldap in authorization section of radiusd.conf (or in users file) and connect to radius with WinXP client. But i can use something else instead and still connect to radius with ldap accounts, right?
John wrote:However, in my LDAP directory, it
Okey i tried some things out and noticed, that what John pasted definitly
isn't .ldif file. And if i set Auth-Type to LDAP in users file or if i
uncomment it in authorize section of radiusd.conf -- isn't the same! If i
set ldap in radiusd.conf i get rlm_ldap: no dialupAccess attribute - access
Tilen wrote:
Ok, let me try to get that straight - i can't use ldap in authorization
section of radiusd.conf (or in users file) and connect to radius with
WinXP client. But i can use something else instead and still connect to
radius with ldap accounts, right?
Wrong. You're very confused
Phil Mayers wrote:
Wrong. You're very confused about how this work.
Your original mail states you want to do EAP-PEAP+MS-CHAP for wireless
auth.
Unless your LDAP directory contains the plaintext password or the NT
hash, what you want to do is impossible. If it does contain the
Stuckzor wrote:
Thank you, your reply was very usefull, and yes, i am confused about how
this things work and i am not ashamed to admit it, but it's getting clearer
pretty rapidly :) Now i have one last question (or at least i hope so) -
which choice is more viable, using EAP-PEAP+MS-CHAP for
Thank you again, you were very helpful, but still i have issues. That's
bugging me:
Only under these circumstances:
1.)I have ldap in authenticate section
2.)AUTH-TYPE set ot LDAP in users fileand
3.)MUST NOT have ldap under authorize section of radiusd.conf.
Only with this config i get
On 8/3/06, Stuckzor [EMAIL PROTECTED] wrote:
1.)I have ldap in authenticate section
2.)AUTH-TYPE set ot LDAP in users fileand
3.)MUST NOT have ldap under authorize section of radiusd.conf.
Only with this config i get access-accept with radtest (i tried all possible
combinations of those 3). I
Ok, i'm back on this case. I didn't have time to work on it past few days. The debug log you posted hows that you set Auth-Type := LDAP.
Don't do that. Alan DeKok.I have that set in users file:--DEFAULT Auth-Type := LDAPFall-Through = 1
I said:
The debug log you posted hows that you set Auth-Type := LDAP.
Don't do that.
To which you responded:
I have that set in users file:
--
DEFAULT Auth-Type := LDAP
Fall-Through = 1
Hi Tillen,
Although I'm no expert, I do have a working FreeRadius+LDAP set-up, so I
can tell you what works for me.
Tilen wrote:
I have that set in users file:
--
DEFAULT Auth-Type := LDAP
Fall-Through = 1
John McEleney [EMAIL PROTECTED] wrote:
As you can see, AuthType is set to Local in LDAP. I don't know if this
is the recommended way to do this, but it work for me :-)
If all you do is PAP authentication.
And if you have ldap listed in the authorise section, the module
takes care of
OK, i guess, i should paste that anyway, so here it is, hope it helps:
rad_recv: Access-Request packet from host 192.168.1.1:2051, id=0, length=121
User-Name = root
NAS-IP-Address = 192.168.1.1
Called-Station-Id = 0016b6016815
Calling-Station-Id = 00130237d9db
And here is the example of sucessful logon with radtest:
radtest bbb badblueboy 192.168.1.129 1 testing123
rad_recv: Access-Request packet from host 192.168.1.129:35640, id=191,
length=55
User-Name = bbb
User-Password = badblueboy
NAS-IP-Address = 255.255.255.255
Stuckzor [EMAIL PROTECTED] wrote:
Hello, as you can see, i must be pretty desperate to register somewhere so i
can ask for help. Anyway, the situation is: i recently set up a freeradius
server with openldap for auth., everything seemed to work great (radtest
returns access-accept ), until i
35 matches
Mail list logo
