I tried to login from another client, but it´s the same problem.
TLS Alert write:fatal:handshake failure
TLS_accept:error in SSLv3 read client certificate B
rlm_eap: SSL error error:140890C7:SSL
routines:SSL3_GET_CLIENT_CERTIFICATE:peer did not return a certificate
SSL: SSL_read failed in a
Klaus Laus wrote:
I tried to login from another client, but it´s the same problem.
TLS Alert write:fatal:handshake failure
TLS_accept:error in SSLv3 read client certificate B
rlm_eap: SSL error error:140890C7:SSL
routines:SSL3_GET_CLIENT_CERTIFICATE:peer did not return a certificate
SSL:
Neil Prockter wrote:
Well things have taken a turn for the worse. At the weekend we upgraded
the last AD Domain controller to 2008r2 (still in AD2003 mode) and the
radius servers instantly stopped working with named pipe disconnected
and now ntlm --username and wbinfo -a no longer work.
On 21/09/10 08:57, Alan DeKok wrote:
Neil Prockter wrote:
Well things have taken a turn for the worse. At the weekend we upgraded
the last AD Domain controller to 2008r2 (still in AD2003 mode) and the
radius servers instantly stopped working with named pipe disconnected
and now ntlm
The message is clear. Yes I created a client certificate and imported it into
the client.
When I use TLS to connect to the freeradius server I can choose the client
certificate in the TLS dialog and the client can login successfully.
When I use PEAP to login I have to type in my username and
++[files] returns noop
Was the key I was editing the wrong users file... all is well now... Thanks
tons!
-Original Message-
From:
Hello,
is it possible to send attributes based on the used SSID?
Setup:
SSID_X - Access Point - Freeradius - ntlm_auth - Active Directory
So, if an user enters SSID_X, Freeradius puts him into VLAN1234. If the
same person enters SSID_Y, he shall stay in the default VLAN1000. (Both
SSIDs use
Klaus Laus wrote:
The message is clear. Yes I created a client certificate and imported it into
the client.
When I use TLS to connect to the freeradius server I can choose the client
certificate in the TLS dialog and the client can login successfully.
When I use PEAP to login I have to
EAP/PEAP requires a server certificate. You can opt for the M$ supplicant to
verify it but it does not use a client certificate.
That's why there is no option to pick the client cert when setting up PEAP.
-Original Message-
From:
I *only* want to know all the time if it´s possible to login on a client with
user/userpassword and client certificate. I pleased you *only* to say *no* or
*yes* and maybe one sentence more.
I know you´re a freeradius expert not a M$ expert but I thought when you know
how to set up a server
Klaus Laus wrote:
I *only* want to know all the time if it´s possible to login on a client with
user/userpassword and client certificate. I pleased you *only* to say *no* or
*yes* and maybe one sentence more.
I know you´re a freeradius expert not a M$ expert but I thought when you know
Hi!
How i can create several perl instances
for several virtual hosts (DHCP, AAA etc)?
--
Sergey V. Sokolov
nic-hdl: SVS141-RIPE
X-NCC-RegID: ru.gorizont
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Hi
To install JRadius server, I must install freeRadius server?
thanks
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
A lot of thanks for your answer Mearl Danner, I read the pages of M$ but I
didn´t found any possibilitys to configure the clients so, that the client is
use a username/password and certificate. Do you know how I can do these
settings or if it´s generelly not possible? thanks again
Not possible with the Microsoft supplicant as far as I know. PEAP encapsulation
doesn't support client certificates.
Probably what you want is EAP-TTLS which is not supported by Microsoft. You'll
need a third party supplicant for it.
Might look at this for reference:
Hi,
How i can create several perl instances
for several virtual hosts (DHCP, AAA etc)?
give them names and identities...then call them that from the virtual host etc
eg
perl dhcp-perl {
stuff here
}
perl main-code {
stuff here
}
where 'stuff here' is taken from the current supplied perl
Hi
I am trying to find a list of the criteria you can use in the users file on
the match line, I came across a lengthy list/table earlier but can't seem to
find it again.
I have looked at the attributes RFC, but I'm looking more for something that
will list things like Group-Name, Auth-Type, and
Hi,
I've configured originate COA using the originate-coa as an example.
My (relevant/edited for privacy) configuration looks like this:
client 11.22.33.44 {
secret = verysecret
shortname = test
nastype = other
virtual_server = my_virtual_server
Hello
I've managed to compile pam_radius-1.3.17 both 32Bit and 64Bit.
I had to add -lsocket as part of linking to get it to work and modified the
make file to have -m64 to compile on 64bit
When I compile it for 64Bit this is my make output:
gcc -Wall -fPIC -m64 -c pam_radius_auth.c -o
Cameron Wood wrote:
Hi
I am trying to find a list of the criteria you can use in the users
file on the match line, I came across a lengthy list/table earlier but
can't seem to find it again.
$ man users ?
I have looked at the attributes RFC, but I'm looking more for something
that will
shawky skaff wrote:
Hi,
It seem to have radiusd running ok, but when I run radiusd -X in the
debug tool, the following lines are highlighted red and I'm not sure
what they mean or how to fix it.
Don't worry about it. It's fine.
Alan DeKok.
-
List info/subscribe/unsubscribe? See
21 matches
Mail list logo