Re: radius-apache authentication problem
no change, same errors. mod_auth_xradius don't work in apache 2.2.3 On 3/26/07, Nick Owen [EMAIL PROTECTED] wrote: You might try using mod_auth_xradius: http://www.outoforder.cc/projects/apache/mod_auth_xradius/ More information can be found here: http://www.howtoforge.com/apache_radius_two_factor_authentication HTH, Nick On 3/26/07, Ramazan Ulker [EMAIL PROTECTED] wrote: Hi I want to implement otp authentication for a web site. Radius and otp scripts works well together but apache don't send any authentication data to radius. I followed instructions in http://www.freeradius.org/mod_auth_radius/ but apache mod_authn_file wants passwords and could not be disabled. when i removed the module no authn provider configured are seen in apache error logs. Changing AuthBasicAuthorative on or off in .htaccess didn't solve the problem. Problem stems from apache but someone solves such a problem can respond me. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- Nick Owen WiKID Systems, Inc. 404.962.8983 (desk) 404.542.9453 (cell) http://www.wikidsystems.com At last, two-factor authentication, without the hassle factor Now open source: http://sourceforge.net/projects/wikid-twofactor/ - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: radius-apache authentication problem
Hi these are error lines in apache error log and apache conf files. thanks for your assistance [Wed Mar 28 09:26:27 2007] [error] [client 127.0.0.1] (9)Bad file descriptor: Could not open password file: (null) [Wed Mar 28 09:26:27 2007] [crit] [client 127.0.0.1] configuration error: couldn't check user. No user file?: /favicon.ico .htaccess file content AuthType Basic AuthBasicAuthoritative off AuthName RADIUS authentication for localhost AuthXRadiusAddServer localhost:1812 testing123 AuthXRadiusTimeout 2 AuthXRadiusRetries 2 require valid-user httpd.conf relevant part vhost.conf is similar except directory path DocumentRoot /home/web Directory /home/web Options FollowSymLinks AllowOverride All Order allow,deny Allow from all /Directory and apache modules APACHE_MODULES=actions alias auth_xradius auth_basic authn_file authz_host authz_groupfile authz_default authz_user authn_dbm autoindex cgi dir env expires include info log_config mime negotiation setenvif ssl suexec status userdir php5 vhost_alias these modules suceessfully imported to loadmodule.conf On 3/27/07, Nick Owen [EMAIL PROTECTED] wrote: On 3/27/07, Ramazan Ulker [EMAIL PROTECTED] wrote: no change, same errors. mod_auth_xradius don't work in apache 2.2.3 I have only tested with 2.2.2. FWIW, authn_file_module is loaded. Why don't you post the relevant portions of your htaccess and httpd.conf files. -- Nick Owen WiKID Systems, Inc. 404.962.8983 (desk) 404.542.9453 (cell) http://www.wikidsystems.com At last, two-factor authentication, without the hassle factor Now open source: http://sourceforge.net/projects/wikid-twofactor/ - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
a problem about radius and ldap
Hi I'm working on 802.1x implementation(cisco 2950, freeradius, ldap), i face a problem. First of all, defining users and passwords in users file in raddb works well with md5 authentication. Then i tried to use ldap, then with radtest i get accept-accept packet. But while authenticating from xp client with md5-challenge, I got Auth:rlm_ldap:Attribute User-Password is required for authentication error. In one of the e-mail you said don't authenticate from ldap, but with radtest function i get success!!! The passwords are kept clear text. I'm looking forward to getting your help. I also send radius debug log. Best Regards Ramazan Starting - reading configuration files ... reread_config: reading radiusd.conf Config: including file: /etc/raddb/proxy.conf Config: including file: /etc/raddb/clients.conf Config: including file: /etc/raddb/snmp.conf Config: including file: /etc/raddb/sql.conf main: prefix = /usr main: localstatedir = /var main: logdir = /var/log/radius main: libdir = /usr/lib/freeradius main: radacctdir = /var/log/radius/radacct main: hostname_lookups = no main: max_request_time = 30 main: cleanup_delay = 5 main: max_requests = 1024 main: delete_blocked_requests = 0 main: port = 0 main: allow_core_dumps = no main: log_stripped_names = yes main: log_file = /var/log/radius/radius.log main: log_auth = yes main: log_auth_badpass = yes main: log_auth_goodpass = yes main: pidfile = /var/run/radiusd/radiusd.pid main: user = radiusd main: group = radiusd main: usercollide = no main: lower_user = no main: lower_pass = no main: nospace_user = no main: nospace_pass = no main: checkrad = /usr/sbin/checkrad main: proxy_requests = yes proxy: retry_delay = 5 proxy: retry_count = 3 proxy: synchronous = no proxy: default_fallback = yes proxy: dead_time = 120 proxy: post_proxy_authorize = yes proxy: wake_all_if_all_dead = no security: max_attributes = 200 security: reject_delay = 1 security: status_server = no main: debug_level = 0 read_config_files: reading dictionary read_config_files: reading naslist read_config_files: reading clients read_config_files: reading realms radiusd: entering modules setup Module: Library search path is /usr/lib/freeradius Module: Loaded expr Module: Instantiated expr (expr) Module: Loaded PAP pap: encryption_scheme = crypt Module: Instantiated pap (pap) Module: Loaded CHAP Module: Instantiated chap (chap) Module: Loaded MS-CHAP mschap: use_mppe = yes mschap: require_encryption = no mschap: require_strong = no mschap: passwd = (null) mschap: authtype = MS-CHAP Module: Instantiated mschap (mschap) Module: Loaded System unix: cache = no unix: passwd = (null) unix: shadow = (null) unix: group = (null) unix: radwtmp = /var/log/radius/radwtmp unix: usegroup = no unix: cache_reload = 600 Module: Instantiated unix (unix) Module: Loaded LDAP ldap: server = 192.168.100.18 ldap: port = 389 ldap: net_timeout = 1 ldap: timeout = 4 ldap: timelimit = 3 ldap: identity = ldap: start_tls = no ldap: password = ldap: basedn = dc=dot1x.com ldap: filter = (uid=%{Stripped-User-Name:-%{User-Name}}) ldap: default_profile = (null) ldap: profile_attribute = (null) ldap: password_header = (null) ldap: password_attribute = userPassword ldap: access_attr = radiusgroupname ldap: groupname_attribute = cn ldap: groupmembership_filter = (|((objectClass=GroupOfNames)(member=%{Ldap-UserDn}))((objectClass=GroupOfUniqueNames)(uniquemember=%{Ldap-UserDn}))) ldap: groupmembership_attribute = radiusGroupName ldap: dictionary_mapping = /etc/raddb/ldap.attrmap ldap: ldap_debug = 0 ldap: ldap_connections_number = 5 ldap: compare_check_items = no ldap: access_attr_used_for_allow = yes conns: (nil) rlm_ldap: reading ldap-radius mappings from file /etc/raddb/ldap.attrmap rlm_ldap: LDAP radiusCheckItem mapped to RADIUS $GENERIC$ rlm_ldap: LDAP radiusReplyItem mapped to RADIUS $GENERIC$ rlm_ldap: LDAP radiusAuthType mapped to RADIUS Auth-Type rlm_ldap: LDAP radiusSimultaneousUse mapped to RADIUS Simultaneous-Use rlm_ldap: LDAP radiusCalledStationId mapped to RADIUS Called-Station-Id rlm_ldap: LDAP radiusCallingStationId mapped to RADIUS Calling-Station-Id rlm_ldap: LDAP lmPassword mapped to RADIUS LM-Password rlm_ldap: LDAP ntPassword mapped to RADIUS NT-Password rlm_ldap: LDAP acctFlags mapped to RADIUS SMB-Account-CTRL-TEXT rlm_ldap: LDAP radiusExpiration mapped to RADIUS Expiration rlm_ldap: LDAP radiusServiceType mapped to RADIUS Service-Type rlm_ldap: LDAP radiusFramedProtocol mapped to RADIUS Framed-Protocol rlm_ldap: LDAP radiusFramedIPAddress mapped to RADIUS Framed-IP-Address rlm_ldap: LDAP radiusFramedIPNetmask mapped to RADIUS Framed-IP-Netmask rlm_ldap: LDAP radiusFramedRoute mapped to RADIUS Framed-Route rlm_ldap: LDAP radiusFramedRouting mapped to RADIUS Framed-Routing rlm_ldap: LDAP radiusFilterId mapped to RADIUS Filter-Id rlm_ldap: LDAP radiusFramedMTU mapped to RADIUS Framed-MTU
Re: a problem about radius and ldap
. modcall[authenticate]: module ldap returns invalid for request 0 modcall: group authenticate returns invalid for request 0 auth: Failed to validate the user. Login incorrect: [ramazan/no User-Password attribute] (from client radius port 50001 cli 00-12-79-AE-D2-4D) Delaying request 0 for 1 seconds Finished request 0 Going to the next request --- Walking the entire request list --- Waking up in 1 seconds... --- Walking the entire request list --- Sending Access-Reject of id 18 to 192.168.100.17:1812 Waking up in 4 seconds... --- Walking the entire request list --- Cleaning up request 0 ID 18 with timestamp 45bca254 Nothing to do. Sleeping until we see a request. On 1/29/07, Alan DeKok [EMAIL PROTECTED] wrote: Ramazan Ulker wrote: . But while authenticating from xp client with md5-challenge, I got Auth:rlm_ldap:Attribute User-Password is required for authentication You set Auth-Type := LDAP. Don't do that. error. In one of the e-mail you said don't authenticate from ldap, but with radtest function i get success!!! I know. Please read the documentation on why. The passwords are kept clear text. I'm looking forward to getting your help. I also send radius debug log. The solution? Follow my instructions. Alan DeKok. -- http://deployingradius.com - The web site of the book http://deployingradius.com/blog/ - The blog - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: a problem about radius and ldap
= 0x0205001d0410820fd3de9d3280644551107995e35ea872616d617a616e Message-Authenticator = 0xaedb1daf912087d870c9a486827f1eef modcall: entering group authorize for request 1 modcall[authorize]: module preprocess returns ok for request 1 rlm_ldap: Entering ldap_groupcmp() radius_xlat: 'dc=dot1x.com' radius_xlat: '(uid=ramazan)' ldap_get_conn: Got Id: 0 rlm_ldap: performing search in dc=dot1x.com, with filter (uid=ramazan) ldap_release_conn: Release Id: 0 radius_xlat: '(|((objectClass=GroupOfNames)(member=uid=ramazan,cn=users,cn=idc,dc= dot1x.com ))((objectClass=GroupOfUniqueNames)(uniquemember=uid=ramazan,cn=users,cn=idc,dc= dot1x.com)))' ldap_get_conn: Got Id: 0 rlm_ldap: performing search in dc=dot1x.com, with filter ((cn=VPN)(|((objectClass=GroupOfNames)(member=uid=ramazan,cn=users,cn=idc,dc= dot1x.com ))((objectClass=GroupOfUniqueNames)(uniquemember=uid=ramazan,cn=users,cn=idc,dc= dot1x.com rlm_ldap: object not found or got ambiguous search result ldap_release_conn: Release Id: 0 ldap_get_conn: Got Id: 0 rlm_ldap: performing search in uid=ramazan,cn=users,cn=idc,dc=dot1x.com, with filter (objectclass=*) rlm_ldap::ldap_groupcmp: User found in group VPN ldap_release_conn: Release Id: 0 users: Matched DEFAULT at 174 modcall[authorize]: module files returns ok for request 1 rlm_eap: EAP packet type notification id 5 length 29 rlm_eap: EAP Start not found modcall[authorize]: module eap returns updated for request 1 rlm_ldap: - authorize rlm_ldap: performing user authorization for ramazan radius_xlat: '(uid=ramazan)' radius_xlat: 'dc=dot1x.com' ldap_get_conn: Got Id: 0 rlm_ldap: performing search in dc=dot1x.com, with filter (uid=ramazan) rlm_ldap: checking if remote access for ramazan is allowed by radiusGroupName rlm_ldap: looking for check items in directory... rlm_ldap: looking for reply items in directory... rlm_ldap: Adding radiusTunnelPrivateGroupId as Tunnel-Private-Group-Id, value 2 op=11 rlm_ldap: Adding radiusTunnelMediumType as Tunnel-Medium-Type, value 6 op=11 rlm_ldap: Adding radiusTunnelType as Tunnel-Type, value VLAN op=11 rlm_ldap: Adding radiusClass as Class, value employee op=11 rlm_ldap: user ramazan authorized to use remote access ldap_release_conn: Release Id: 0 modcall[authorize]: module ldap returns ok for request 1 modcall: group authorize returns updated for request 1 rad_check_password: Found Auth-Type EAP auth: type EAP modcall: entering group authenticate for request 1 rlm_eap: EAP packet type notification id 5 length 29 rlm_eap: EAP Start not found rlm_eap: Request found, released from the list rlm_eap: EAP_TYPE - md5 rlm_eap: processing type md5 rlm_eap_md5: No password configured for this user (there is a password in ldap in clear-text radtest successful) modcall[authenticate]: module eap returns invalid for request 1 modcall: group authenticate returns invalid for request 1 auth: Failed to validate the user. Login incorrect: [ramazan/no User-Password attribute] (from client radius port 50001 cli 00-12-79-AE-D2-4D) Delaying request 1 for 1 seconds Finished request 1 Going to the next request Waking up in 6 seconds... rad_recv: Access-Request packet from host 192.168.100.17:1812, id=8, length=184 Sending Access-Reject of id 8 to 192.168.100.17:1812 EAP-Message = 0x04050004 Message-Authenticator = 0x On 2/7/07, Phil Mayers [EMAIL PROTECTED] wrote: Ramazan Ulker wrote: rlm_eap: EAP_TYPE - md5 rlm_eap: processing type md5 rlm_eap_md5: No password configured for this user modcall[authenticate]: module eap returns invalid for request 1 modcall: group authenticate returns invalid for request 1 auth: Failed to validate the user. EAP-MD5 needs the plaintext password. rad_check_password: Found Auth-Type ldap auth: type LDAP modcall: entering group authenticate for request 0 rlm_ldap: - authenticate rlm_ldap: Attribute User-Password is required for authentication. modcall[authenticate]: module ldap returns invalid for request 0 modcall: group authenticate returns invalid for request 0 auth: Failed to validate the user. rlm_ldap can only *AUTHENTICATE* PAP requests. Since you've over-ridden Auth-Type (as you've been told not to) you're trying to force an EAP request through it. Don't set Auth-Type If you want to use EAP-MD5, your LDAP directory will need to contain a plaintext password and be configured to pass it to FreeRadius, because EAP-MD5 needs the plaintext password. Do you have that? - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: a problem about radius and ldap
In my configuration there is also pap in my configuration, i forgot to write in mail. I resend authentication block in radius.conf authenticate { Auth-Type PAP { pap } ldap eap } On 2/8/07, Ramazan Ulker [EMAIL PROTECTED] wrote: Hi I sent two ldapentry ldapsearch result and debug. In this ldapsearch there is clear-text userPassword. anyway i decribe the problem shortly for your help. like in howto authorize { preprocess files ldap eap } authenticate { ldap eap } ldapsearch result userpassword=ramazan . radiusclass=groupnet objectclass=radiusprofile objectclass=top objectclass=posixAccount objectclass=shadowAccount ... radtest successful for this configuration but xp client does't. ldapattr.map has User-Password to userPassword mapping. deleting the entry ldap in authentication block in radius.conf results unsuccessful both for radtest and xp client. For this configuration above debug log rad_recv: Access-Request packet from host 192.168.100.17:1812, id=7, length=129 NAS-IP-Address = 192.168.100.17 NAS-Port = 50001 NAS-Port-Type = Ethernet User-Name = ramazan Called-Station-Id = 00-0F-8F-77-DB-81 Calling-Station-Id = 00-12-79-AE-D2-4D Service-Type = Framed-User Framed-MTU = 1500 EAP-Message = 0x0204000c0172616d617a616e Message-Authenticator = 0x61cab38d83f6ed1abbd2ac2c8ce5b0bf modcall: entering group authorize for request 0 modcall[authorize]: module preprocess returns ok for request 0 rlm_ldap: Entering ldap_groupcmp() radius_xlat: 'dc=dot1x.com' radius_xlat: '(uid=ramazan)' ldap_get_conn: Got Id: 0 rlm_ldap: attempting LDAP reconnection rlm_ldap: (re)connect to 192.168.100.18:389, authentication 0 rlm_ldap: bind as / to 192.168.100.18:389 rlm_ldap: waiting for bind result ... rlm_ldap: performing search in dc=dot1x.com, with filter (uid=ramazan) ldap_release_conn: Release Id: 0 radius_xlat: '(|((objectClass=GroupOfNames)(member=uid=ramazan,cn=users,cn=idc,dc= dot1x.com ))((objectClass=GroupOfUniqueNames)(uniquemember=uid=ramazan,cn=users,cn=idc,dc= dot1x.com)))' ldap_get_conn: Got Id: 0 rlm_ldap: performing search in dc= dot1x.com, with filter ((cn=VPN)(|((objectClass=GroupOfNames)(member=uid=ramazan,cn=users,cn=idc,dc= dot1x.com))((objectClass=GroupOfUniqueNames)(uniquemember=uid=ramazan,cn=users,cn=idc,dc= dot1x.com rlm_ldap: object not found or got ambiguous search result ldap_release_conn: Release Id: 0 ldap_get_conn: Got Id: 0 rlm_ldap: performing search in uid=ramazan,cn=users,cn=idc,dc= dot1x.com, with filter (objectclass=*) rlm_ldap::ldap_groupcmp: User found in group VPN ldap_release_conn: Release Id: 0 users: Matched DEFAULT at 174 modcall[authorize]: module files returns ok for request 0 rlm_eap: EAP packet type notification id 4 length 12 rlm_eap: EAP Start not found modcall[authorize]: module eap returns updated for request 0 rlm_ldap: - authorize rlm_ldap: performing user authorization for ramazan radius_xlat: '(uid=ramazan)' radius_xlat: 'dc=dot1x.com' ldap_get_conn: Got Id: 0 rlm_ldap: performing search in dc=dot1x.com, with filter (uid=ramazan) rlm_ldap: checking if remote access for ramazan is allowed by radiusGroupName rlm_ldap: looking for check items in directory... rlm_ldap: looking for reply items in directory... rlm_ldap: Adding radiusTunnelPrivateGroupId as Tunnel-Private-Group-Id, value 2 op=11 rlm_ldap: Adding radiusTunnelMediumType as Tunnel-Medium-Type, value 6 op=11 rlm_ldap: Adding radiusTunnelType as Tunnel-Type, value VLAN op=11 rlm_ldap: Adding radiusClass as Class, value employee op=11 rlm_ldap: user ramazan authorized to use remote access ldap_release_conn: Release Id: 0 modcall[authorize]: module ldap returns ok for request 0 modcall: group authorize returns updated for request 0 rad_check_password: Found Auth-Type EAP auth: type EAP modcall: entering group authenticate for request 0 rlm_eap: EAP packet type notification id 4 length 12 rlm_eap: EAP Start not found rlm_eap: EAP Identity rlm_eap: processing type md5 rlm_eap_md5: Issuing Challenge modcall[authenticate]: module eap returns ok for request 0 modcall: group authenticate returns ok for request 0 Login OK: [ramazan/no User-Password attribute] (from client radius port 50001 cli 00-12-79-AE-D2-4D) Sending Access-Challenge of id 7 to 192.168.100.17:1812 Framed-IP-Address = 255.255.255.254 Framed-MTU = 576 Service-Type = Framed-User Tunnel-Private-Group-Id:0 = 2 Tunnel-Medium-Type:0 = 6 Tunnel-Type:0 = VLAN Class = 0x656d706c6f796565 EAP-Message = 0x0105001604105a4f17068db0feb3ebdee25f9cfe966f Message-Authenticator = 0x State = 0x395efcd2fb04e81f34be33bd9cd0cf0831cbc4456746df615bd2474fb42f67add24a0e16 Finished request 0 Going to the next request --- Walking the entire request list --- Waking up in 6 seconds... rad_recv: Access-Request packet from host 192.168.100.17:1812, id=8, length=184 NAS-IP-Address = 192.168.100.17 NAS-Port = 50001 NAS-Port-Type = Ethernet User-Name = ramazan Called
Re: a problem about radius and ldap [SOLVED]
Hi Sorry for too many mails. Problem solved by setting identity and password in radius.conf with proper user in ldap. I managed to get User-Password from ldap at the end as shown below. rlm_ldap: Added password ramazan in check items rlm_ldap: looking for check items in directory... rlm_ldap: Adding userpassword as User-Password, value ramazan op=21 rlm_ldap: looking for reply items in directory... rlm_ldap: Adding radiusTunnelPrivateGroupId as Tunnel-Private-Group-Id, value 2 op=11 rlm_ldap: Adding radiusTunnelMediumType as Tunnel-Medium-Type, value 6 op=11 rlm_ldap: Adding radiusTunnelType as Tunnel-Type, value VLAN op=11 rlm_ldap: Adding radiusClass as Class, value employee op=11 rlm_ldap: user ramazan authorized to use remote access rlm_ldap: ldap_release_conn: Release Id: 0 modcall[authorize]: module ldap returns ok for request 1 modcall: leaving group authorize (returns updated) for request 1 rad_check_password: Found Auth-Type EAP auth: type EAP Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 1 rlm_eap: Request found, released from the list rlm_eap: EAP/md5 rlm_eap: processing type md5 rlm_eap: Freeing handler modcall[authenticate]: module eap returns ok for request 1 modcall: leaving group authenticate (returns ok) for request 1 Login OK: [ramazan/no User-Password attribute] (from client ldapsrv port 50001 cli 00-12-79-AE-D2-4D) On 1/29/07, Ramazan Ulker [EMAIL PROTECTED] wrote: Hi I'm working on 802.1x implementation(cisco 2950, freeradius, ldap), i face a problem. First of all, defining users and passwords in users file in raddb works well with md5 authentication. Then i tried to use ldap, then with radtest i get accept-accept packet. But while authenticating from xp client with md5-challenge, I got Auth:rlm_ldap:Attribute User-Password is required for authentication error. In one of the e-mail you said don't authenticate from ldap, but with radtest function i get success!!! The passwords are kept clear text. I'm looking forward to getting your help. I also send radius debug log. Best Regards Ramazan Starting - reading configuration files ... reread_config: reading radiusd.conf Config: including file: /etc/raddb/proxy.conf Config: including file: /etc/raddb/clients.conf Config: including file: /etc/raddb/snmp.conf Config: including file: /etc/raddb/sql.conf main: prefix = /usr main: localstatedir = /var main: logdir = /var/log/radius main: libdir = /usr/lib/freeradius main: radacctdir = /var/log/radius/radacct main: hostname_lookups = no main: max_request_time = 30 main: cleanup_delay = 5 main: max_requests = 1024 main: delete_blocked_requests = 0 main: port = 0 main: allow_core_dumps = no main: log_stripped_names = yes main: log_file = /var/log/radius/radius.log main: log_auth = yes main: log_auth_badpass = yes main: log_auth_goodpass = yes main: pidfile = /var/run/radiusd/radiusd.pid main: user = radiusd main: group = radiusd main: usercollide = no main: lower_user = no main: lower_pass = no main: nospace_user = no main: nospace_pass = no main: checkrad = /usr/sbin/checkrad main: proxy_requests = yes proxy: retry_delay = 5 proxy: retry_count = 3 proxy: synchronous = no proxy: default_fallback = yes proxy: dead_time = 120 proxy: post_proxy_authorize = yes proxy: wake_all_if_all_dead = no security: max_attributes = 200 security: reject_delay = 1 security: status_server = no main: debug_level = 0 read_config_files: reading dictionary read_config_files: reading naslist read_config_files: reading clients read_config_files: reading realms radiusd: entering modules setup Module: Library search path is /usr/lib/freeradius Module: Loaded expr Module: Instantiated expr (expr) Module: Loaded PAP pap: encryption_scheme = crypt Module: Instantiated pap (pap) Module: Loaded CHAP Module: Instantiated chap (chap) Module: Loaded MS-CHAP mschap: use_mppe = yes mschap: require_encryption = no mschap: require_strong = no mschap: passwd = (null) mschap: authtype = MS-CHAP Module: Instantiated mschap (mschap) Module: Loaded System unix: cache = no unix: passwd = (null) unix: shadow = (null) unix: group = (null) unix: radwtmp = /var/log/radius/radwtmp unix: usegroup = no unix: cache_reload = 600 Module: Instantiated unix (unix) Module: Loaded LDAP ldap: server = 192.168.100.18 ldap: port = 389 ldap: net_timeout = 1 ldap: timeout = 4 ldap: timelimit = 3 ldap: identity = ldap: start_tls = no ldap: password = ldap: basedn = dc=dot1x.com ldap: filter = (uid=%{Stripped-User-Name:-%{User-Name}}) ldap: default_profile = (null) ldap: profile_attribute = (null) ldap: password_header = (null) ldap: password_attribute = userPassword ldap: access_attr = radiusgroupname ldap: groupname_attribute = cn ldap: groupmembership_filter = (|((objectClass=GroupOfNames)(member=%{Ldap-UserDn}))((objectClass=GroupOfUniqueNames)(uniquemember=%{Ldap-UserDn}))) ldap
vista support
Hi Peap, tls and eap-md5 work well for xp clients but peap and eap-md5 fail for vista client for version 1.1.3. Freeradius 1.1.4 version was released for vista support. But I couldn't update to this release from package manager programs(smart, aptitude, yast etc.). Updating and pasting configuration files are easy however installing it from source could be problematic. Is there a patch for working system or will this version soon be updated from linux distrubutions? Best regards - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html