Hi list
While doing eap-tls authentication i am getting the following debug
message.Anybody please clarify.
TLS_accept: Need to read more data: SSLv3 read client certificate A
In SSL Handshake Phase
In SSL Accept mode
eaptls_process returned 13
eaptls_verify returned 1
[EMAIL PROTECTED] wrote:
While doing eap-tls authentication i am getting the following debug
message.Anybody please clarify.
...
What is these debug messages indicate...
That the server is working as expected.
Alan DeKok.
--
http://deployingradius.com - The web site of the book
Dear all
Thanks for the information.I am not able to do successful
authentication still.
These are my configurations
I have copied my root.pem and server.pem to /etc/raddb/certs directory
1.My eap.conf file is like this
eap {
Hi,
still no joy: I've set up a brand new virtual test machine, installed FR-1.1.6
from pristine sources, and did only the minimum required changes to the
config - diff of the whole raddb directory as is on the machine compared to
the shipped config below:
diff -r raddb-shipped/radiusd.conf
Stefan Winter wrote:
still no joy: I've set up a brand new virtual test machine, installed
FR-1.1.6
from pristine sources, and did only the minimum required changes to the
config - diff of the whole raddb directory as is on the machine compared to
the shipped config below:
OK, it looks like
The FAQ, README, INSTALL, etc. all say to run the server in debugging
mode to see what\'s going on.
Dear all
I run the radius server in debug mode and the output is as follows.
I didn;t get any clue for the problem.
[EMAIL PROTECTED] raddb]# radiusd -X
Starting - reading
Hi All,
I would like to create a user account which only allow user to use for 1 day.
Once the user has been authenticated, the time will be start counting and ended
after 24 hours. Although the user didn’t fully used up their session time,
radius still will reject user to login.
Can
They also say this:
The most common problem with PEAP is that the client sends a series of
Access-Request messages, the server sends an series of Access-Challenge
responses, and then... nothing happens. After a little wait, it all
starts again.
If you see this happening STOP!
The RAIDUS server
hi,
how did you generate your certificates?
alan
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
[EMAIL PROTECTED] wrote:
Dear all
Thanks for the information.I am not able to do successful
authentication still.
These are my configurations
I have copied my root.pem and server.pem to /etc/raddb/certs directory
1.My eap.conf file is like this
The FAQ, README, INSTALL,
Perfect! That fixed it, thanks!
--
Stefan WINTER
Stiftung RESTENA - Réseau Téléinformatique de l'Education Nationale et de
la Recherche
Ingenieur Forschung Entwicklung
6, rue Richard Coudenhove-Kalergi
L-1359 Luxembourg
E-Mail: [EMAIL PROTECTED] Tel.: +352 424409-1
Server setup (radiusd.conf) pap: encryption_scheme = crypt
Password attribute NT-Password
from radiusd.conf:
# PAP module to authenticate users based on their stored password
#
# As of 1.1.4, the encryption_scheme configuration should
# no longer be used. For backwards compatibility, it
Dave Shackleford wrote:
We are about to begin the consensus process for a FreeRADIUS security
benchmark. Time commitments are minimal, all you need to do is go and
sign up on the mailing list and provide some input to the group on the
benchmark draft when it's released.
Looking at the bind
Am Mittwoch, den 28.03.2007, 14:30 +0100 schrieb satish patel:
why user not disconnect from NAS but user still login on NAS ?
Maybe you've been hit by this bug?
http://www.cisco.com/en/US/products/hw/routers/ps133/prod_release_note09186a0080346996.html
CSCee16150
Previously, the router
[EMAIL PROTECTED] wrote:
I run the radius server in debug mode and the output is as follows.
I didn;t get any clue for the problem.
There we messages yesterday on this list describing this exact
problem, and how to fix it.
The file eap.conf describes this problem and how to fix
Dear all
Thank you for the responses
I am using openssl tool for certificate generation.I have inclided the
file xpextensions while generating certificates.The same certificates worked
well with Navis radius server and windows xp as client.So this may not be the
problem here
Anoop
hi,
Take a look at rlm_counter/rlm_sqlcounter (I don't know if it's exactly what
you are looking for) or if you don't want to complicate, just work with a
database logic and change the radius auth queries depending on certain
timestamps and NOW(), for example, in the case of MySQL, in sql.conf.
Hi,
I am in the process of upgrading a couple of servers from using
FreeRadius 1.0.1 (on FC3), to FreeRadius 1.1.6 (on CentOS 5). In our
'users' file we have a few entries such as:
bob Auth-Type = Local,User-Password := abc,Proxy-To-Realm := LOCAL
This works fine with FR 1.0.1. By default we
John Horne wrote:
bob Auth-Type = Local,User-Password := abc,Proxy-To-Realm := LOCAL
Don't set Auth-Type. Use Cleartext-Password, not User-Password.
The entry should look like:
bob Cleartext-Password := abc, Proxy-To-Realm := LOCAL
Whilst trying to sort this out, I noted Alan
On Fri, 2007-05-11 at 13:47 +0200, Alan DeKok wrote:
John Horne wrote:
bob Auth-Type = Local,User-Password := abc,Proxy-To-Realm := LOCAL
Don't set Auth-Type. Use Cleartext-Password, not User-Password.
The entry should look like:
bob Cleartext-Password := abc, Proxy-To-Realm :=
John Horne wrote:
No, that doesn't work.
Yes, it does. Did you read man rlm_pap as I suggested?
In 1.1.6, the pap module is listed last in the authorize section.
Simply using your existing configuration from 1.0.x won't work. You
have to upgrade the configuration to 1.1.6, and read the
...or if you're feeling lazy and know Perl, rlm_perl is an exellent tool to
make your own policy decisions (as you can configure perl to talk to your
mysql database).
Hope this helps,
Jan
On 11/05/07, Marc Miranda (GOWEX) [EMAIL PROTECTED] wrote:
Take a look at rlm_counter/rlm_sqlcounter (I
Hi,
how about setting post_proxy_authorize in proxy.conf and then creating rules
for changing the attribute in the users file?
Stefan
--
Stefan WINTER
Stiftung RESTENA - Réseau Téléinformatique de l'Education Nationale et de
la Recherche
Ingenieur Forschung Entwicklung
6, rue Richard
MS-CHAP works with default configuration. Use default radiusd.conf and
erase that proxy to local realm. If it's still not working post
radiusd- X output again.
Ivan Kalik
Kalik Informatika ISP
Dana 11/5/2007, John Horne [EMAIL PROTECTED] piše:
On Fri, 2007-05-11 at 14:24 +0200, Alan DeKok
Hi, I was able to configure radius server, users can connect after entering
user credentials. However I am not sure whether the configuration fully
correct or not. In below, I pasted my radius daemon logs for only one
authentication process.
Entered username was true and password was false.
Why
On Fri, 2007-05-11 at 14:24 +0200, Alan DeKok wrote:
John Horne wrote:
No, that doesn't work.
Yes, it does.
No, it doesn't (even with 'pap' last in the authorize section).
Did you read man rlm_pap as I suggested?
Yes, but this is an MS-CHAP request, not PAP.
John.
--
tevfik wrote:
Why there are 4 request for only one authentication process? What is wrong
with it?
That's how EAP-TTLS works.
What does rlm_ldap: user tkiziloren authorized to use remote
access mean?
See the comments for the ldap module in radiusd.conf.
The password is not true how
Why there are 4 request for only one authentication process?
That's quite a normal sequence of Requsts and Challenges. EAP works that
way.
What is wrongwith it?
Nothing
What does rlm_ldap: user tkiziloren authorized to use remote
access mean?
What it says - that user tkiziloren is
John Horne wrote:
No, that doesn't work.
Yes, it does.
No, it doesn't (even with 'pap' last in the authorize section)
Then something else in your configuration is broken. All I know is
that a default install of 1.1.6, with that entry in the users file
works for me.
Did you read man
Hello
We have a setup with Active Directory and there we used a field for the
Digest-HA1 hash (testpurpose). This field
contains a md5-hashed value of username:realm:password.
FreeRadius is configured to do a Ldap query to the AD and pullout this
value, which works very well.
I've configured
[EMAIL PROTECTED] wrote:
Dear all
Thank you for the responses
I am using openssl tool for certificate generation.I have inclided the
file xpextensions while generating certificates.The same certificates worked
well with Navis radius server and windows xp as client.So this may not be
The password is not true how can a user authorized although
his/her password is false.
Why do you want that?
Actually I don't want that. I just wonder why? Sorry for english.
Could you suggest any book or source for learning ttls except rfc
definitions?
I really want to deeply understand
: entering group authorize for request 1
modcall[authorize]: module preprocess returns ok for request 1
radius_xlat:
'/opt/local/var/log/radius/radacct/10.71.175.19/auth-detail-20070511'
rlm_detail:
/opt/local/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d
expands to /opt/local/var
Tevfik Kiziloren wrote:
Could you suggest any book or source for learning ttls except rfc
definitions?
I really want to deeply understand it.
If you want to deeply understand it, the only choice is to read the
standards.
Alan DeKok.
--
http://deployingradius.com - The web site
I can't see much wrong with them. But server is not working.
Your output:
..
radiusd: entering modules setup
Module: Library search path is /usr/lib64
Listening on authentication *:1812
Listening on accounting *:1813
Ready to process requests.
What should happen:
..
radiusd: entering modules
Hi,
Many thanks for your help, and apologies for the
It doesn't work
Yes it does
No it doesn't
dialogue!
:-)
i was just waiting for the 'its behind you!' part. (reference to
pantomimes for those not in the know...)
alan
-
List info/subscribe/unsubscribe? See
Roberto Greiner wrote:
All three are working fine and authenticating properly, but with one
catch. The users from the Total Control box do authenticate properly,
but they are not registered in the logs. No entry in the radacct table
in MySQL, nothing in radwho nor in radlast. The users are
in this matter than 1.1.4 do.
Also, I've tried to update to the latest CVS
(freeradius-server-snapshot-20070511.tar.bz2) just to check out
(because Mr. Nixon have told earlier that the postgresql driver was
fixed in CVS), but Floating point Exception occurred.
That's it. Thanks.
On 5/10/07, Alan
Hello Group,
I am running OSX 10.4.9 Server, with Free Radius 1.1.6. I have FreeRadius
setup to connect to my MySQL Server for authentication. That server is
running MySQL 4.1
When I try loading radiusd -X I get a mysql link error.
rlm_sql (sql): Could not link driver rlm_sql_mysql:
Ich werde ab 12.05.2007 nicht im Büro sein. Ich kehre zurück am
21.05.2007.
Bitte wenden sie sich an Michael Cochu [EMAIL PROTECTED]
+49-40-7339-1432.
I am not in the office. Please contact Michael Cochu
[EMAIL PROTECTED] +49-40-7339-1432.
-
List info/subscribe/unsubscribe? See
On May 8, 2007, at 00:49, Alan DeKok wrote:
Doug Hardie wrote:
FreeRadius 1.1.2 on FreeBSD 6.1 using libpthread.
Upgrade to 1.1.6. It has a lot of fixes that may help.
It looks like it's crashing when starting a new child thread. That
may be a pthread issue in the underlying
Joseph Sullivan wrote:
rlm_sql (sql): Could not link driver rlm_sql_mysql:
dlopen(/usr/local/lib/rlm_sql_mysql-1.1.6.so, 9): no suitable image found.
Did find: ?/usr/local/lib/rlm_sql_mysql-1.1.6.so: no matching architecture
in universal wrapper ?/usr/local/lib/rlm_sql_mysql-1.1.6.so: no
(freeradius-server-snapshot-20070511.tar.bz2) just to check out
(because Mr. Nixon have told earlier that the postgresql driver was
fixed in CVS), but Floating point Exception occurred.
There is floating point code in the server? Not that I'm aware of.
And if you see an error, is it so hard
43 matches
Mail list logo