Hi,
Any ideas on this error. Waiting anxiously for some pointer to the right
direction.
rlm_eap_leap: FAILED incorrect NtChallengeResponse from AP
Thanks
Joseph
Barry,
Looks like i too am looking at the same problem, but could not find a
solution.
Can you please help me out on this. I am attaching my mail as a text file.
Looking forward to your comments.
Joseph
(See attached file: details.txt)
Hi people,
First of all I want to thank Allan to assist ourselves in any kind of
question.
I proposed to myself and to my company if the VoIP service can be served
with RADIUS. If so, I want to know how it will be possible and the steps to
follow.
Thanks,
hi there.
anyone here had experience on setting up VYYO
broadband wireless modem to authenticate its MAC address
against freeradius ? i cannot find any docs and
source from www.vyyo.com that it can
authenticate to
Linux OS via freeradius...anyone?
//milver
Hello,
I want to know how it's possible to authenticate user with a unix like
crypt password (in a file or in ldap) through a peap or ttls authentication?
--
--
- Wilfried QUET -
- Université de Technologie de Compiègne -
- Service
I proposed to myself and to my company if the VoIP service can be
served
with RADIUS. If so, I want to know how it will be possible and the steps
to
follow.
Yes it is bloody possible. My suggestion would be to gather data with
regards
to your VOIP box, the attributes and the like so it
Hi all
I am trying the freeradius server version 0.9.3. Everything from compiling
to installation went fine. When I give
radtest localhost testing123 127.0.0.1 10 testing123
it give a Access reject error.
Regards Thanks
Mahesh S Kudva
-
List info/subscribe/unsubscribe? See
I set multi Cisco-AVPair in users file,but only firstisposted to Cisco router .
Why ?
Do you Yahoo!?Friends. Fun. Try the all-new Yahoo! Messenger
Hi
I'm a student in computer sciences. In our network security class we are
trying to get the 802.1x (dot1x) features of an Enterasys E1 Switch
running with a freeradius server.
Unfortunately Enterasys is not very talkative about this on their webpage.
Does anyone know of an HOWTO or tutorial
Ladies/Gents,
Second message reference this subject, first one seems to have lost it's
way !!
Has anyone implemented an IVR application using FreeRadius and Lucent
MAX TNT gateways WITHOUT using Lucent's MVAM gatekeeper/controller
software ?
We successfully have those gateways registering to
On Thu, 27 May 2004, Wilfried QUET wrote:
Hello,
I want to know how it's possible to authenticate user with a unix like
crypt password (in a file or in ldap) through a peap or ttls authentication?
Through peap no, clear text passwords are required as far as i know.
With ttls yes.
--
On Thu, 27 May 2004, Lee Norvall wrote:
Hi
I am currently looking into using MLPPP. I have added Simultaneous-Use
:= 2 but I cannot get this to work with the Cisco nas (setup in
naspasswd and naslist and SNMP is working). Is there a diferent/better
way to do this, just to allow
On Thu, 27 May 2004, Joseph Silvin wrote:
Hi,
Any ideas on this error. Waiting anxiously for some pointer to the right
direction.
rlm_eap_leap: FAILED incorrect NtChallengeResponse from AP
Thanks
rlm_ldap: Added password (91CA074DSFSD4453936C9A32AF) in check items
Are you *sure* that
sy sy wrote:
I set multi Cisco-AVPair in users file,but only first is posted to Cisco
router .
Why ?
How did you assign the additional entries? Can you post your radius
entries? The second and following entries should have the
+=-assignment ...
-gg
-
List info/subscribe/unsubscribe? See
Hi
I'm a student in computer sciences. In our network security class we are
trying to get the 802.1x (dot1x) features of an Enterasys E1 Switch
running with a freeradius server.
Hi, I'm using 802.1x on Enterasys switch, it works, then look :
Hi Kostas,On Mon, 24 May 2004, you wrote in reply to my posted
message below. Youwrote (in reply):Try asking for the
corresponding pages directly, like:http://your-machine-name/dialupadmin-dir/accounting.php3I
did the above and I still get a blank page as before.You also wrote (in
Hi,
I am not putting the brackets. It is coming automatically.
Also, just check this link and tell me does it have any bearing on what we
are trying to achieve.
http://forum.cisco.com/eforum/servlet/NetProf?page=netprofCommCmd=MB%3Fcmd%3Dpass_through%26location%3Doutline%40%5E1%40%40.ee735fc
Hi everybody,
I'm a new member. I have some problems using freeradius 0.9.3.
First of all, i'll give you an overview of my authentication network:
Linux redhat workstation: the radius server is installed here.
NAS Servers: 1) Cisco router 3000 series (i named it 3000A)
2)
On Wed, May 26, 2004 at 11:14:51PM +0200, Dinko Korunic wrote:
I've read this list archives throughly, and I've tried most of the stuff
people were reporting. Is there anything else I could check? Should I
try with NT-hashed passwords? Should I try with auth_ntlm to debug chap
responses?
I'm
Hello,
What the inner protocol that permit to use unix crypt password in ttls?
Thanks for your response.
Kostas Kalevras wrote:
On Thu, 27 May 2004, Wilfried QUET wrote:
Hello,
I want to know how it's possible to authenticate user with a unix like
crypt password (in a file or in ldap) through
On Thu, 27 May 2004, Wilfried QUET wrote:
Hello,
What the inner protocol that permit to use unix crypt password in ttls?
PAP
Thanks for your response.
Kostas Kalevras wrote:
On Thu, 27 May 2004, Wilfried QUET wrote:
Hello,
I want to know how it's possible to authenticate
Hi Fred
Thank you for your response.
The PDF will surely be very helpful.
Frédéric EVRARD wrote:
In hope that can help you, I will be interested by return about your
work,thx.
Well, I'll point you to our documentation when it's done.
I hope you understand german, because that's what it will be
Alexander Khoo [EMAIL PROTECTED] wrote:
auth: type System
modcall: entering group authenticate for request 0
modcall[authenticate]: module unix returns notfound for request 0
What part of that message is unclear? The user wasn't found in
/etc/passwd.
Alan DeKok.
-
List
[EMAIL PROTECTED] wrote:
I proposed to myself and to my company if the VoIP service can be served
with RADIUS. If so, I want to know how it will be possible and the steps to
follow.
In the latest CVS, see src/billing
Alan DeKok.
-
List info/subscribe/unsubscribe? See
[EMAIL PROTECTED] [EMAIL PROTECTED] wrote:
if I type an user/pass which is NOT defined into user file, or
whether it doesn't exist on the system (the authentication type is
System), the server goes in Segmentation Fault and crashes.
See doc/bugs
Alan DeKok.
-
List
Dinko Korunic [EMAIL PROTECTED] wrote:
Using the radauth (Java-based demo RADIUS client available from
http://www.axlradius.com), I've been able to narrow problem the already
described problem:
* auth types of PAP, CHAP, EAPMD5, MSCHAP (v1) work fine,
* auth type of MSCHAPv2 doesn't work.
Htin Hlaing [EMAIL PROTECTED] wrote:
Would it be right to say that a RADIUS server in 802.1X authentication
allows a client to be authenticated but can not unauthenticate a
authenticated client and let the AP(Nas) know about this
unauthentication.
Yes. This is in the FAQ. The RADIUS
Hi all,
I'm using 802.1x/EAP-TLS on FreeRADIUS, it works fine with linux
Xsupplicant but not with Win2000 supplicant, when supplicant receives EAP
request Identity packet, it doesn't answer anything and nothing
happens...There's no logs or I don't know to find them. I've read several
HOWTO but
Hello Folks,
Today I'm using FreeRadius getting login information from system user
accounts. I wanna migrate the accounts to MySQL, and use
FreeRadius+MySQL. I made some test and today everything is working fine
with this solution, FreeRadius+MySQL.
What I wanna know, is if exist one PHP admin
Hi!
I have several Cisco Dailin Server(NAS).
Some user should be able to dialin wherever they want,
some user should only be able to dialin on two or three
Dialin Servers and some only to one.
Enabling users to dialin wherever they want is really simple,
restricting users to dialin only to one NAS
Greetings fellow FreeRADIUS spelunkers!
I would like to create a minimal Fedora Core 2 machine to run FreeRADIUS with the
ntlm_auth/windbind authentication to Active Directory. If I use the Fedora Core 2
minimal install, what additional libraries do I need to bring down with up2date in
order
Hi Felipe,
check out dialup_admin that came with the package.
-Original Message-
From: Felipe Neuwald [mailto:[EMAIL PROTECTED]
Sent: donderdag 27 mei 2004 15:49
To: [EMAIL PROTECTED]
Subject: FreeRadius+MySQL+PHP
Hello Folks,
Today I'm using FreeRadius getting login
use mysql 4.0 not 4.1alpha or 5.0alpha. They have a bug in
authentication of mysql which might get you into troubles.
On 24.03.2004, at 23:30, Kirti S. Bajwa wrote:
Hello List:
I want to make sure I am installing freeRADIUS MySQL correctly. I
installed (test installation) freeRADIUS (0.9.3) and
On Thu, May 27, 2004 at 09:44:35AM -0400, Alan DeKok wrote:
Others are using MSCHAPv2 with the latest CVS snapshots. Are you
sure that the client is OK?
Unfortunately, I can confirm that I've been unsucessful with 4 different
Windows boxes using MSCHAPv2 which have been using Java RADIUS
On Thu, May 27, 2004 at 10:48:57AM -0300, Felipe Neuwald wrote:
What I wanna know, is if exist one PHP admin interface or something like
it to work with FreeRadius+MySQL.
I've been using PHPMyadmin for Web-based PHP/MySQL interface. Though, it
is a pure SQL client and you'll have to know things
If you're gonna be using winbind then obviously you'll need Samba. :-)
You'll need to make sure you've got gcc and related toolchains. For
that, I recommend not doing a minimal install, but instead during the
installation select samba and select the group of packages for getting
gcc (I
[EMAIL PROTECTED] [EMAIL PROTECTED] wrote:
I've read it. I also have read the old messages in the mail
archive, but my error is:
Segmentation fault
and not
Segmentation fault (core dumped).
Can u explain me better what I have to do?
Read doc/bugs. It explains what to do if you
Hello Dinko,
This isn't the best solution because it's not only me that will have
acess to the informations. I think a GUI better than PHPMyAdmin would be
good for this.
Regards,
--
Felipe Neuwald
[EMAIL PROTECTED]
+55 61 3038-5038
+55 61 8135-8918
--
Chave pública PGP / PGP public key:
Thanks Bart,
I'll check it. After done, I'll give my opinion to the list.
Regards,
--
Felipe Neuwald
[EMAIL PROTECTED]
+55 61 3038-5038
+55 61 8135-8918
--
Chave pública PGP / PGP public key:
http://pgp.mit.edu:11371/pks/lookup?op=getsearch=0x8AE508F3
Em Qui, 2004-05-27 às 10:59, Bart Van
Christopher M Bailey [EMAIL PROTECTED] wrote:
Looking for some help. What I need to find out is how to config a
radius to auth all my Wireless traffic before issuing an IP via DHCP,
then letting it auth on a Windows, Novell or Apple LAN.
Those three steps are completely independent, and can
Alexander Khoo wrote:
Hi all,
My goal is to use Freeradius with the sql module for authenticating
users. I'm using version 0.9.3 (installed from rpms i created with the
specfile that came with the tarball).I've been working
off of this tutorial: http://www.frontios.com/freeradius.html
I got but
radius_xlat: '/usr/local/var/log/radius/radacct//auth-detail-20040527'
rlm_detail:
/usr/local/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d
expands to /usr/local/var/log/radius/radacct//auth-detail-20040527
modcall[authorize]: module auth_log returns ok for request 3
rlm_eap: EAP packet
My question is, is there a better method to do so ?
Can I give a user more than one NAS-IP-Address option ?
For example:
user Auth-Type:= Local, User-Password == **, NAS-IP-Address == 1.1.1.1
, NAS-IP-Address == 1.1.1.2
Maybe you can use one regexp (=~) instead of multiple plain compares
(==).
Set the port number 1812...
D
- Original Message -
From:
Mahesh S Kudva
To: [EMAIL PROTECTED]
Sent: Thursday, May 27, 2004 10:52
AM
Subject: Access Reject
Hi allI am trying the freeradius server version 0.9.3.
Everything from compilingto installation went
You need to have jujai in your table.
--- Alexander Khoo [EMAIL PROTECTED] wrote:
Hi all,
My goal is to use Freeradius with the sql module for
authenticating
users. I'm using version 0.9.3 (installed from rpms
i created with the
specfile that came with the tarball).I've been
On Thu, May 27, 2004 at 10:36:49AM -0400, Alan DeKok wrote:
I've tested with the latest CVS snapshot, using a copy of an
MS-CHAPv2 session I've had sitting around for months, and which was
taken from a non-FreeRADIUS client. It works for me.
Are you sure you're running the latest CVS
-Name = user'
rlm_acct_unique: Acct-Unique-Session-ID = 0d62303b8e51c196.
modcall[accounting]: module acct_unique returns ok for request 2
radius_xlat: '/var/log/radius/radacct/172.16.1.2/detail-20040527'
rlm_detail: /var/log/radius/radacct/%{Client-IP-Address}/detail-%Y%m%d
expands to /var/log
Hi,
How should I configure the clients.conf if I would
like that each nas, which want to connect to my Radius can do it.
Beacuse they have dinamic ip address, so I can't
set this in the clients.conf.
client 0.0.0.0{
secret= mysecret } any other attributes?
Thanks,
David
Hi
I have added port-limit=2, but the user is still getting error 52,
duplicate name exists on network.
I tried this in both group-check group-reply.
Rgds
Lee
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Kostas
Kalevras
Sent: 27 May 2004 12:38
To:
Hello,
i have read configurable_failover for three times
but i
can not do that freeradius failover with ippool. I
have
two pools that i want to use then for all my
users. I
need that freradius start to asign IPs from the
second
Pool whe the first is full. I do not known what i
must
read to
Dear Alan DeKok,
there is bug in MS-CHAPv2 if do_ntlm_auth configured:
/*
* Update the NT hash hash, from the NT key.
*/
if (hex2bin(buffer + 8, nthashhash, 16) != 16) {
Buffer
Dear Dinko Korunic,
--Thursday, May 27, 2004, 4:31:17 PM, you wrote to [EMAIL PROTECTED]:
DK User-Name (1), Length: 6, Data: [test], [# 1952805748] / [IP
DK 116.101.115.116], 0 x74657374
Look at Length carefully. It must be 4 bytes, not 6, probably it's a bug
of your client. Unlike
Dear Dinko Korunic,
--Thursday, May 27, 2004, 4:31:17 PM, you wrote to [EMAIL PROTECTED]:
DK NAS-IP-Address (4), Length: 6, Data: [# 3251018014] / [IP 127.0.0.2], 0xC1C
DK 6991E
DK User-Name (1), Length: 6, Data: [test], [# 1952805748] / [IP 116.101.115.116], 0
DK x74657374
DK How that
Dear 3APA3A,
--Thursday, May 27, 2004, 8:29:05 PM, you wrote to [EMAIL PROTECTED]:
3 Buffer hash nthash, additional md4() is required to get nthashhash from
3 nthash.
Typo. I mean buffer _has_ (contains) nthash, to convert nthash to
nthashhash additional MD4 is required.
--
~/ZARAZA
hi
strictly spoken, the server-to-client communication is not defined
within RADIUS protocol which follows the client-server comm. model.
this possibility does exist in DIAMETER (if you find an NAS which
understands it, please shout!)
practically, cisco does something like that in RADIUS (but
i think the problem is that you are trying to use WEP within your access
point but no WEP is configured within the 802.11 client on the terminal
(which is NOT included in Win2k).
use the external 802.11 client of your wireless network adapter and
activate WEP (whichever form of it). that will
(sql): User LEPILLEUR Benjamin not found in radcheck
radius_xlat: ''
radius_xlat: ''
rlm_sql (sql): Released sql socket id: 1
modcall[authorize]: module sql returns ok for request 3
radius_xlat: '/usr/local/var/log/radius/radacct//auth-detail-20040527'
rlm_detail:
/usr/local/var/log/radius
Hi All,
I
would like to as a general question about RADIUS Server.
Case 1:
N1=NAS Client
R1=RADIUS Server
N1shared secret=1
R1shared secret =2
Then should it be the case that there
should be a silent discard at R1 for a request. or R1 should respond to
N1 and N1 should check
congratulations, your server works as it should.
Access Reject is NOT an error, it's what the server is supposed to do
for the unknown users.
ciao
artur
ps
[EMAIL PROTECTED]:~$ radtest --help
Usage: radtest user passwd radius-server[:port] nas-port-number secret
i don't think you have a user
I'm no expert with freeradius as a matter of fact I'm a newbie. I was
able to get it working with PEAP and LDAP after a few days of banging my
head against the wall. I got help from several people on this mailing
list. The last thing I did (I was almost ready to give up) was
download the
Dinko Korunic [EMAIL PROTECTED] wrote:
Are you sure you're running the latest CVS snapshot?
Yeps, taken from CVS these days:
Hmmm.. try:
User-Name = aland
MS-CHAP-Challenge = 0x06bc3119daab4d9bb26be8d3ae4d958b616c616e64
MS-CHAP2-Response =
Alan, the User Change Password Administrator etc., are already part
of the LDAP schema (under the attribute securityRole) e.g.
Uid=testuser
Attribute Value
securityRoleUsers
Alan DeKok wrote:
The value should have the operator in it. e.g.
Hello Dinko,
Wednesday, May 26, 2004, 11:14:51 PM, you wrote:
DK Hi. I've been using FreeRadius recent CVS version to authenticate
DK wireless Windows XP/2k users via EAP and Cisco AP1000 series. I've so
DK far suceeded in EAP/TLS and EAP/TTLS, as well as with non-EAP modules
DK (PAP and CHAP)
On 27 May 2004 at 17:12, Lee Norvall wrote:
Hi
I have added port-limit=2, but the user is still getting error
52, duplicate name exists on network. I tried this in both
group-check group-reply.
Rgds
Lee
Try something like this...
Multilink PPP user statement example, Fast_Users +
On Thu, May 27, 2004 at 01:55:52PM -0400, Alan DeKok wrote:
If that doesn't work, then I think there's something wrong with your
local install. Try it on another machine, and see if it's any
better.
I have, in fact. You're not going to like the answer - it seems that
current rlm_mschap
Dinko Korunic [EMAIL PROTECTED] wrote:
I have, in fact. You're not going to like the answer - it seems that
current rlm_mschap isn't endian-clean.
That's at least an explanation as to why it doesn't work.
Now that we know that, it's possible to track down the problem.
You can use the
I have seen that the latest CVS snapshot accepts cisco
VSA hacks to aid in voIP billing. Is there any plan to
embed quintum as well ?
regards,
Apu
__
Do you Yahoo!?
Friends. Fun. Try the all-new Yahoo! Messenger.
: '/usr/local/var/log/radius/radacct//auth-detail-20040527'
rlm_detail:
/usr/local/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d
expands to /usr/local/var/log/radius/radacct//auth-detail-20040527
modcall[authorize]: module auth_log returns ok for request 3
rlm_eap: EAP packet
Alan, the User Change Password Administrator etc., are already part
of the LDAP schema (under the attribute securityRole) e.g.
Uid=testuser
Attribute Value
securityRoleUsers
Alan DeKok wrote:
The value should have the operator in it. e.g.
Apu islam [EMAIL PROTECTED] wrote:
I have seen that the latest CVS snapshot accepts cisco
VSA hacks to aid in voIP billing. Is there any plan to
embed quintum as well ?
Send a patch.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hello everyone,
I've been working on having radius authenticate through PAM which is
getting it's authentication info from LDAP. This is so I can use pam_tally
to monitor failed logins.
I actually have the system working, but with one show stopping
On Thu, May 27, 2004 at 05:03:26PM -0400, Alan DeKok wrote:
Dinko Korunic [EMAIL PROTECTED] wrote:
You can then run it on two machines, use 'grep' to pull out the
MSCHAP lines from the debug log, and then use 'diff' to see where
they differ. This will let you track down where the
Thank you for the reply, I know how to do nowGarry Glendown [EMAIL PROTECTED] wrote:
sy sy wrote: I set multi Cisco-AVPair in users file,but only first is posted to Cisco router . Why ?How did you assign the additional entries? Can you post your radius entries? The second and following entries
On Fri, May 28, 2004 at 02:34:48AM +0200, Dinko Korunic wrote:
As we can see, initial challenge calculation has gone wrong somewhere.. which
is happening in challenge_hash(), function whish is strictly using OpenSSL SHA1
functions. Doh. I thought at least OpenSSL should be endian-clean..
To
The SHA1 functions are implemented in src/lib/sha1.c
--Mike
On Thu, 2004-05-27 at 20:31, Dinko Korunic wrote:
On Fri, May 28, 2004 at 02:34:48AM +0200, Dinko Korunic wrote:
As we can see, initial challenge calculation has gone wrong somewhere.. which
is happening in challenge_hash(),
Looks like this might be an updated version of this file that handles
endian issues:
http://gtk-gnutella.sourceforge.net/tools/sha1/sha1.c
--Mike
On Thu, 2004-05-27 at 20:58, Michael Griego wrote:
The SHA1 functions are implemented in src/lib/sha1.c
--Mike
On Thu, 2004-05-27 at 20:31,
Try the attached patch to the sha1.c file and see if that takes care of
the problem.
--Mike
On Thu, 2004-05-27 at 20:31, Dinko Korunic wrote:
On Fri, May 28, 2004 at 02:34:48AM +0200, Dinko Korunic wrote:
As we can see, initial challenge calculation has gone wrong somewhere.. which
is
Hi
I am trying the freeradius server version 0.9.3. Everything from =
compiling
to installation went fine. When I give
radtest localhost testing123 127.0.0.1 10 testing123
it give a Access reject error.
The port is set to 1812
Here is a sample output with the default configuration
78 matches
Mail list logo