Antonio Modesto wrote:
I am migrating my freeradius to freeradius 2.x, so time ago Alan told me
to change the User-Password to Cleartext-Password. Is there anything
more that I need to change in my schema to migrate to 2.x version?
You need to migrate your configuration gradually, and test
On Tue, Feb 28, 2012 at 8:48 PM, Omer Faruk SEN omerf...@gmail.com wrote:
Hi,
Is there a way to use PEAP or EAP-TTLS without Cleartext-Password since I
don't want to have this field in my openldap since it is clear password.
Sure.
- use eap-gtc or ttls-pap
- make sure your client supports
Hi,
Hi,
Is there a way to use PEAP or EAP-TTLS without� Cleartext-Password since I
don't want to have this field in my openldap since it is clear password.
NTHASH
alan
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Omer Faruk SEN wrote:
Is there a way to use PEAP or EAP-TTLS without Cleartext-Password since
I don't want to have this field in my openldap since it is clear password.
http://deployingradius.com/documents/protocols/compatibility.html
Alan DeKok.
-
List info/subscribe/unsubscribe? See
Thank you for the short answer Alan. Always short and simple answers you
have :)
Regards.
On Tue, Feb 28, 2012 at 4:16 PM, Alan DeKok al...@deployingradius.comwrote:
Omer Faruk SEN wrote:
Is there a way to use PEAP or EAP-TTLS without Cleartext-Password since
I don't want to have this
On 03/03/11 16:10, Difan Zhao wrote:
Hi experts,
I want to try another way to authenticate devices by their MAC
addresses. I don’t really care about the security and just try to make
the configuration easy. Here is my configuration:
hints =
DEFAULT User-Name =~ 001422.*
Hint = STB
@lists.freeradius.org]
On Behalf Of Phil Mayers
Sent: March-03-11 9:16 AM
To: FreeRadius users mailing list
Subject: Re: Cleartext-Password := %{User-Name} in the users file. Possible?
On 03/03/11 16:10, Difan Zhao wrote:
Hi experts,
I want to try another way to authenticate devices by their MAC
addresses. I
On 03/03/11 18:11, Difan Zhao wrote:
Thanks Phil! It works! It definitely fits what I need! However just be curious,
why my setting won't work?
I'm not sure. It should work; it seems like the expansion:
Cleartext-Password := %{User-Name}
...wasn't being acted on. Are you sure you didn't
Phil Mayers wrote:
I'm not sure. It should work; it seems like the expansion:
Cleartext-Password := %{User-Name}
...wasn't being acted on. Are you sure you didn't have a typo somewhere?
The control items aren't expanded in the hints or users file.
Use unlang.
Alan DeKok.
-
List
Shame on me!
For information my config(working) for the file /sites-enabled/default is
now :
Auth-Type CHAP {
#Modification du mdp venant du LDAP pour comparaison CHAP (fontionne
enfin!):
if (control:Cleartext-Password =~ /ethernet (.*)/i ) {
update control {
++? if (Cleartext-Password =~ /ethernet ([1-9a-ZA-Z:]*)/i )
(Attribute Cleartext-Password was not found)
rlm_chap: login attempt by 00:11:XX:XX:XX:XX with CHAP password
rlm_chap: Using clear text password ethernet 00:11:XX:XX:XX:XX for user
00:11:XX:XX:XX:XX authentication.
rlm_chap:
kpani wrote:
When we use PAP for user authentication, the password will be passed from
user to NAS(radius client) as cleartext password. But how it is transmitted
from NAS to Radius server. 1) As clear text password? or 2) The password is
encrypted using the secret keyword(used in both radius
Read the debug output.
On Aug 12, 2008, at 1:10 PM, Stéven Le Bras wrote:
WARNING: Unprintable characters in the password. Double-check
the shared secret on the server and the NAS!
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
I have already check this and it's ok. If i use the chilli interface i can
logon with any problem but i want to know if it's possible to force a clear
read
2008/8/12 Chris [EMAIL PROTECTED]
Read the debug output.
On Aug 12, 2008, at 1:10 PM, Stéven Le Bras wrote:
WARNING: Unprintable
It said to DOUBLECHECK it.
On Aug 12, 2008, at 1:30 PM, Stéven Le Bras wrote:
I have already check this and it's ok. If i use the chilli interface
i can logon with any problem but i want to know if it's possible to
force a clear read
2008/8/12 Chris [EMAIL PROTECTED]
Read the debug
Hi,
rad_recv: Access-Request packet from host 138.253.XXX.XXX port 47032,
id=195, length=49 User-Name = user
User-Password = passwd
NAS-IP-Address = 138.253.XXX.XXX
There. No MS-CHAP-Challenge. You are not supposed to process this packet with
the rlm_mschap module. Why
4) changed the users file DEFAULT entry from LDAP to mschap
+- entering group MS-CHAP
rlm_mschap: No Cleartext-Password configured. Cannot create LM-Password.
rlm_mschap: No Cleartext-Password configured. Cannot create NT-Password.
rlm_mschap: No MS-CHAP-Challenge in the request
Hi,
rad_recv: Access-Request packet from host 138.253.XXX.XXX port 47032,
id=195, length=49 User-Name = user
User-Password = passwd
NAS-IP-Address = 138.253.XXX.XXX
There. No MS-CHAP-Challenge. You are not supposed to process this packet with
the rlm_mschap module. Why does
Debug:
==
rad_recv: Access-Request packet from host 138.253.XXX.XXX port 47032, id=195,
length=49
User-Name = user
User-Password = passwd
NAS-IP-Address = 138.253.XXX.XXX
+- entering group authorize
++[preprocess] returns ok
++? if (%{User-Name} =~
Hi,
Hi,
I've installed freeradius and it was working fine with users file
authentication but when I add sql module ( freeradius's wiki-SQL_HOWTO )
when I try radtest with a username that is in db, authentication failed, and
it's the out put of debug mode:
Cleartext-Password is for latest
Fabio Pedretti wrote:
After that I see in the users file that User-Password was replaced
with Cleartext-Password, so I replaced in the radcheck all
User-Password with Cleartext-Password: after doing that, my users
can't no more authenticate. I get this in radius.log:
You should check
Thanks, it works fine, now.
May ask you what is the rationale behind the change from == to :=?
Wasn't := used for _setting_ something, while == for _checking_
parameters?
Thanks,
Fabio
Citando Alan DeKok [EMAIL PROTECTED]:
Fabio Pedretti wrote:
After that I see in the users file that
Fabio Pedretti wrote:
Thanks, it works fine, now.
May ask you what is the rationale behind the change from == to :=?
Wasn't := used for _setting_ something, while == for _checking_
parameters?
Yes and no. See man users for details.
== is comparing. Since there's no
23 matches
Mail list logo
