how to move a freeradius server ?

2005-05-03 Thread Arthur EBEL 
Hi,
I am using a freeradius server with EAP TLS PEAP and LDAP. No problem its 
works perfectly.

I have ta move this service on another server (differents hostname) I don't 
know what to do with my certificates. I dont want to give new certificates 
to all my clients. Is it possible to just copy and paste certificates ??? 

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Question about Freeradius and LDAP

2004-07-07 Thread Arthur EBEL 
Hi everybody,
My freeradius operate very well with an openldap directory
All ldap users stored in my basedn=ou=people,ou=personnels,dc=utt,dc=fr 
can be authenticated.

I would like to add another basedn=ou=students,ou=personnels,dc=utt,dc=fr 
BUT I don't want to give an access to all my tree dc=utt,dc=fr

How can I set up the LDAP module to do this ?
Here is my radiusd.conf about ldap
 ldap  {
server = server.utt.fr
basedn = ou=people,ou=personnels,dc=utt,dc=fr
filter = (uid=%{Stripped-User-Name:-%{User-Name}})
start_tls = no
dictionary_mapping = ${raddbdir}/ldap.attrmap
ldap_connections_number = 5
password_header = {crypt}
 password_attribute = userPassword
timeout = 4
timelimit = 3
net_timeout = 1
}
Thx
Arthur EBEL

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

PEAP / MSCHAP2 / LDAP

2004-02-25 Thread Arthur EBEL 
I would like to use PEAP / MSCHAP2 / LDAP

But I have got this kind of erros and my users cant authenticate

rlm_mschap: No User-Password configured.  Cannot create LM-Password.
  rlm_mschap: No User-Password configured.  Cannot create NT-Password.
  rlm_mschap: No LM-Password or NT-Password attribute found.  Cannot 
perform MS-CHAP authentication.

My password is stored in my LDAP directory using Crypt.

I dont understand what is LM or NT password. Why it dont use the LDAP 
passwd ???

Have u got an idea ???



- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Question regarding Segmentation fault (core dumped) EAP PEAP LDAP

2004-02-02 Thread Arthur EBEL 
Hi,

I am using freeradius-snapshot-20040114

Want to authenticate my users with PEAP and password stored into LDAP.

Here is an extract of my radiusd.conf and logs of my server

When the client try to authenticate -- Segmentation fault (core dumped)

Have u got an idea to solve this problem ??? Known Bug ???


modules {

unix {  
cache = no  
radwtmp = ${logdir}/radwtmp
}
 
eap {
default_eap_type = tls
timer_expire = 60

tls {
private_key_password = 
private_key_file = /usr/local/freeradius/serveur.pem
certificate_file = /usr/local/freeradius/serveur.pem
CA_file = /usr/local/freeradius/root.pem
dh_file = /usr/local/freeradius/DH
random_file = /usr/local/freeradius/random

fragment_size = 1024
include_length = yes
}

peap {

default_eap_type = mschapv2
}

mschapv2 {
}

}


mschap {

authtype = MS-CHAP


}

 
ldap {
server = serveur.utt.fr

basedn = ou=people,ou=personnels,dc=utt,dc=fr
filter = (uid=%{Stripped-User-Name:-%{User-Name}})

ldap_connections_number = 5
password_header = {crypt}
password_attribute = userPassword

}
}

Logs of the serveur
--
Ready to process requests.
rad_recv: Access-Request packet from host 10.15.0.3:21645, id=3, length=117
User-Name = ebel
Framed-MTU = 1400
Called-Station-Id = 0002.8a5b.38ad
Calling-Station-Id = 0090.4bb3.5df1
Message-Authenticator = 0x1c87ce25c0f8a057e08fefa148f60b72
EAP-Message = 0x02020009016562656c
NAS-Port-Type = Wireless-802.11
NAS-Port = 261
Service-Type = Framed-User
NAS-IP-Address = 10.15.0.3
modcall: entering group authorize for request 0
  modcall[authorize]: module preprocess returns ok for request 0
radius_xlat:
'/usr/local/var/log/radius/radacct/10.15.0.3/auth-detail-20040202'
rlm_detail:
/usr/local/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d
expands to /usr/local/var/log/radius/radacct/10.15.0.3/auth-detail-20040202
  modcall[authorize]: module auth_log returns ok for request 0
  rlm_eap: EAP packet type response id 2 length 9
  rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
  modcall[authorize]: module eap returns updated for request 0
rlm_realm: No '@' in User-Name = ebel, looking up realm NULL
rlm_realm: No such realm NULL
  modcall[authorize]: module suffix returns noop for request 0
users: Matched DEFAULT at 157
users: Matched DEFAULT at 176
  modcall[authorize]: module files returns ok for request 0
rlm_ldap: - authorize
rlm_ldap: performing user authorization for ebel
radius_xlat:  '(uid=ebel)'
radius_xlat:  'ou=people,ou=personnels,dc=utt,dc=fr'
ldap_get_conn: Got Id: 0
rlm_ldap: attempting LDAP reconnection
rlm_ldap: (re)connect to serveur.utt.fr:389, authentication 0
rlm_ldap: bind as / to serveur.utt.fr:389
rlm_ldap: waiting for bind result ...
rlm_ldap: Bind was successful
rlm_ldap: performing search in ou=people,ou=personnels,dc=utt,dc=fr, with
filter (uid=ebel)
rlm_ldap: looking for check items in directory...
rlm_ldap: looking for reply items in directory...
rlm_ldap: user ebel authorized to use remote access
ldap_release_conn: Release Id: 0
  modcall[authorize]: module ldap returns ok for request 0
modcall: group authorize returns updated for request 0
  rad_check_password:  Found Auth-Type EAP
auth: type EAP
modcall: entering group authenticate for request 0
  rlm_eap: EAP Identity
  rlm_eap: processing type tls
  rlm_eap_tls: Initiate
Segmentation fault (core dumped)



- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html