On Wed, Aug 21, 2013 at 11:45:11PM +0100, Matthew Newton wrote:
If that's all you're doing, forget about PEAP and just go for
straight EAP-TLS. All PEAP really gives you on top is the SoH
support, and may cause problems with other non-Windows clients.
EAP-TLS should work on more devices.
I'm
On Wed, Aug 21, 2013 at 01:28:08PM +0100, Matthew Newton wrote:
On Wed, Aug 21, 2013 at 01:17:02PM +0200, Martin Kraus wrote:
I managed to get EAP-TTLS/TLS working but EAP-PEAP/TLS fails after the outer
TLS tunnel is established:
On the assumption that your certificates are OK...
Have
Matthew Newton m...@leicester.ac.uk wrote:
On Wed, Aug 21, 2013 at 09:52:14PM +0200, Martin Kraus wrote:
well looking at man wpa_supplicant I can see
EAP-PEAP/TLS
I think that should be PEAP/EAP-TLS. Otherwise I'm not sure what
it's talking about.
Huh, and I thought MS-PEAP specified only
On 21/08/13 23:44, Chris Parker wrote:
Okay, pardon my confusion then. I had been following a howto online
and it reported that the command when run manually will produce the
key.
Either way, I'm still having a failure in MSCHAP with radtest that
I'm not quite grasping.
Well, as I explained
TLS in PEAP. Yes I've seen it. And EAP-MSCHAPV2 in PEAP
alan
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
On 22/08/13 10:54, Alan Buxey wrote:
TLS in PEAP. Yes I've seen it. And EAP-MSCHAPV2 in PEAP
PEAP/MSCHAP is *always* PEAP/EAP-MSCHAPv2 IIRC. Unlike TTLS there's no
bare MSCHAP variant, because there's no spec for how to derive the
MSCHAP challenge from the TLS master secret.
The EAP
Phil Mayers wrote:
PEAP/MSCHAP is *always* PEAP/EAP-MSCHAPv2 IIRC. Unlike TTLS there's no
bare MSCHAP variant, because there's no spec for how to derive the
MSCHAP challenge from the TLS master secret.
FWIW: PEAP is TLS + inner EAP. That's why there's no PAP / CHAP /
MS-CHAP inside the
Sokphak TOUCH wrote:
I have issue with configure radius. I have one Juniper MX80 for doing as
LNS in my lab and FreeRADIUS Version 2.1.12 installed. I can see there
is successful connected log to radius but after around 1mn it connect
again and again. I have check in MX80 but has no any
Thank you for setting me on the right track; I have followed the directions on
http://deployingradius.com/documents/configuration/active_directory.html (the
bottom section on MSCHAP) and have ntlm_auth in the authenticate {} - as per
those directions.
When I run the ntlm_auth command manually,
An interesting one for the list ...
We are installing a Palo Alto firewall and it has a way to pass Username/IP
mappings from FreeRADIUS to a Windows User ID Agent, which is then queried by
the firewall.
The method employed is to use a Perl module (PAN::API), which has a simple API,
Sorry for the individual emails, but I got things working with MSCHAP (w/
ntlm_auth) and WPA-EAP.
My issue was that when I got the two winbind errors, I did some more searching
and there's the potential that the freerad user did not have access to pipe
named: /var/run/samba/winbindd
That pipe
On 22/08/13 15:14, Chris Parker wrote:
Exec-Program output: Reading winbind reply failed! (0xc001)
Check the permissions on the winbind socket directory, specifically that
the freeradius daemon user can access it; this is usually at:
/var/cache/samba/winbindd_privileged
or
On 22/08/13 16:46, Dean, Barry wrote:
Anyone want to throw in 2 cents/pennies worth to this?
Yep, don't do it like this.
Instead, write the user/ip entries to a file using the linelog module,
and use a long-running perl process to tail the file (using File::Tail)
and post them to the PAN.
On Thu, Aug 22, 2013 at 10:30:54AM +0100, Phil Mayers wrote:
Matthew Newton m...@leicester.ac.uk wrote:
On Wed, Aug 21, 2013 at 09:52:14PM +0200, Martin Kraus wrote:
well looking at man wpa_supplicant I can see
EAP-PEAP/TLS
I think that should be PEAP/EAP-TLS. Otherwise I'm not sure
Hi All,
Just a quick question - I've compiled FR3 with pcre regex libraries
and it's working ok. I just can't get it to escape plusses ( + ) though
I've tried between 0 and 6(!) backslashes but all result in:
ERROR: Failed compiling regular expression: bad range inside [] at
offset 10
(0)
15 matches
Mail list logo