e paths do work here. Checking with
absolute ones led to the following caveat: if you combine the needed
cr's in one file by concatenating c_rehash does only generate one
hashname link by virtue of 'openssl crl [...] -hash' providing only
(the first?) one. Adding the appropriately
On 6/9/06, Abul Monsur Mannan <[EMAIL PROTECTED]> wrote:
rlm_sql (sql):
"/usr/local/src/freeradius-1.1.1/src/modules/rlm_sql/drivers/rlm_sql_mysql"
is NOT an SQL driver!
radiusd.conf[14]: sql: Module instantiation failed.
radiusd.conf[1798] Unknown module "sql".
radiusd.conf[1727] Failed to pars
On 6/9/06, Cliff Hayes <[EMAIL PROTECTED]> wrote:
For example, in the clients.conf file, the only required fields are SECRET
and SHORTNAME. In the NAS table, SHORTNAME is optional (can be NULL), and
NASNAME cannot be NULL. So, do I copy what I had in the clients.conf
SHORTNAME into the NAS tabl
above) you need.
So depending on what you're actually trying to achieve, you only need
a subset of the3x3-matrix you listed.
regards
K. Hoercher
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
different files and rehash
again or alternatively provide the necessary symlinks yourself, by
script or whatever suits you.
But this is not a freeradius an esp. no -devel problem, please check
openssl docs.
regards
K. Hoercher
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list
provide the debug output as mentioned in various docs.
regards
K. Hoercher
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
lem you are
refering to.
Best regards
K .Hoercher
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
h
information about your problem as possible.
best regards
K. Hoercher
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
for whatever
purpose that fits.
But please stop throwing allegations about issues whith mschapv2 and
ntlmv2 (whatever that might be, at least it's not part of freeradius).
regards
K. Hoercher
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Hi,
you must be kidding or maybe you confounded the pertinent mailing lists or...
Provided there really is a problem with freeradius, please enlighten
us as to the debugging output of _it_ not just the nice but offtopic
one from hostapd.
regards
K. Hoercher
-
List info/subscribe/unsubscribe
mming from
false assumptions on your side).
4. Whatever you test with radtest does not relate to EAP-PEAP/MSCHAP.
Please restart your efforts with unchanged default configuration
files. Alter them step-by-step according to the information you were
already given. And, sorry, don't whip a dead horse
n the pertinent tables,
wherefore you should contemplate the information contained in the
default users file. Actually, Alan didn't say you have to use it. *g*
HTH
K. Hoercher
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
certs/random
are accessible? It's just a quick shot, I could only check against
1.1.2 which stops with some intelligible message when one or the the
other is missing at this stage. Otherwise a backtrace might be
helpful.
HTH
K. Hoercher
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
le
to read the client certificate (which is unneeded as you already
noted). If so, it' s not an "error" with respect to freeradius eap
etc.
As you didn't provide meaningful output one cannot be sure of course...
regards
K. Hoercher
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
le
to read the client certificate (which is possible but unneeded as you
already noted). If so, it' s not an "error" with respect to freeradius
eap etc.
As you didn't provide meaningful output one cannot be sure of course...
regards
K. Hoercher
-
List info/subscribe/unsubs
after the challenge was sent out.
That looks curious.
As your included data got truncated on the list you might consider
resending it as attachment or use a pastebot and provide the link.
Maybe you could provide some sniffing on the wireless part (via
wireshark et al). That might be instruc
e radius server might be helpful here too.
I'll refrain from looking into that as long as I have to play some
sort of detective to even get to know what is going on on your
installation.
regards
K. Hoercher
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
ggestion.
Something along this line should apply to your /etc/X1/jagger.pem.
ah and yes, just the default users file would suffice.
regards
K. Hoercher
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
On 8/25/06, Nick Larsen <[EMAIL PROTECTED]> wrote:
tls: certificate_file = "(null)"
You have to fill in this information. See the comment in eap.conf
above the pertinent line.
regards
K. Hoercher
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
t reoccur, would you please check for the OID's in your
certificates windows thinks are the proper ones. And something Alan
mentioned about a ms knowledgebase hint concerning xp sp2 having
problems with non-MS radius servers. (I'm looking for it myself atm)
HTH
K. Hoercher
-
List info/s
url's
where to download those informations. Please don't try to put some
digested information into an line mangling mua or an eventually
similar way of making it unnecessary hard to look into it for those
trying to help.
regards
K. Hoercher
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
CA. So I'd suggest looking at openssl.org for further
information (looking at the scripts might give you some starting point
though). Basically you are to issue (unique) client certs (modelled to
the one CA.all gave you) to other users either by acting as your own
CA or using some commercial CA.
andshake
failure:s3_pkt.c:837:
So your client wasn't able to fiind a correct CA certificate for the
cert freeradius had sent before. Please see to provide those. If in
doubt, check with dummy ones to be created by CA.all script.
regards
K. Hoercher
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
On 8/29/06, Fabiano Martins <[EMAIL PROTECTED]> wrote:
I've benn searching with no sucess about this... It's frustrating...
there is no documents about.
Perhaps the looking into the very obscure doc/rlm_sqlcounter file
helps, although it' not "DOC" for some stran
Well, the *full* output would have been helpful (including the startup
messages). And a backtrace from the coredump.
HTH
K. Hoercher
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
e, because _it_ cannot
find a CA certificate. What you are talking about is the freeradius
side of things which looks alright at first glance.
And if you don't get it to work, please first check with demo
certficates to be generated by the CA.all script.
hth
K. Hoercher
-
List
ately to your needs, is considered not very
nice.
hth
K. Hoercher
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
re the contents of users file do contain information as to
those Auth-Types. And to forestall further problems, please keep in
mind:
http://deployingradius.com/documents/configuration/auth_type.html
regards
K. Hoercher
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
ficate
issues) to provide a known (almost always) working set of generation
tools, I'm contemplating a few improvements just now.
regards
K. Hoercher
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
ue but isn't guaranteed to be so (at least in default
setup).
regards
K. Hoercher
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
t the supplicant sends. What is "host/vinfo-t1"
supposed to be?
regards
K. Hoercher
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
would you please follow the
various FAQ, hints in doc etc. and provide a debug output.
Oh, and btw a quick test with 1.1.3 shows that at least with that, the
statement about the (unconditional) need for configuration of the main
mschap module doesn't hold.
regards
K. Hoercher
-
List inf
check for the CN. Afaik you might strip it by using the
with_ntdomain_hack directive.
Further changes changes depend on the eap type you want to use. I have
already asked about that.
regards
K. Hoercher
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
he road. (For the
time being you don't need anything set there, esp no User-Password, as
we, just now, can guess, you don't want eap-peap)
regards
K. Hoercher
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Hi,
just to avoid confusion:
On 9/4/06, K. Hoercher <[EMAIL PROTECTED]> wrote:
Oh, and btw a quick test with 1.1.3 shows that at least with that, the
statement about the (unconditional) need for configuration of the main
mschap module doesn't hold.
That's nonsense, I just mes
e
places contain lots of information about) freeradius in debian is not
linked against it.
Ok, enough for now. :)
regards
K. Hoercher
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
fixing that, I retried with users file again
and then it behaved as wanted, allowing on exit code 0, denying on
other codes (ok, just tested -1).
hth
K. Hoercher
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
angen.de. Do you
intend to use machine authentication? If so, what does a succesful
request look like? Note, that it seems to only find matching DEFAULT
entries, so peap would be impossible, as no User-Password is known to
freeradius. Otherwise, you should check your XP setup to use the
intended
use = NAS-Reboot
Processing the preacct section of radiusd.conf
modcall: entering group preacct for request 0
Which version of hostapd is that? Perhaps it might me useful to forego
the accounting (comment out the lines auth_server_* in hostapd.conf)
for the moment and check if the remaining p
again)
the usual suspects: oid's in certs on supplicant, reception of
Access-Request there, time, MS foo (they sound familiar somehow *g*)
regards
K. Hoercher
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
On 9/22/06, K. Hoercher <[EMAIL PROTECTED]> wrote:
the usual suspects: oid's in certs on supplicant, reception of
ah, for peap, of course you only need a proper root ca cert there.
Anyways it doesn't look like that gets even relevant.
regards
K .Hoercher
-
List info/subsc
Hi,
hm, the _full_ debugging output (-X as has been time and time again
been mentioned here, faq, etc.) would show, where exactly freeradius
wants to read that file. "No such file or directory" does point pretty
strong into the direction of the problem one would think.
regards
K
.conf
- debug log of supplicant
- some beer (should be further up *g*)
regards
K. Hoercher
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
rmally does live up to its name, i.e. stripping binaries off what it
considers "unneeded symbols". For building a "debugging" package let
DEB_BUILD_OPTIONS contain "nostrip".
Uh, on a side note the ifeq/endif construct around seems unneeded to
me, as dh_strip should ho
ot;sql" in post-auth{} and minus "sql" in accounting{}. Make
small changes and check how they work by looking at debug output.
Then you could contemplate putting the logic in users file to sql tables.
regards
K. Hoercher
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
On 10/11/06, K. Hoercher <[EMAIL PROTECTED]> wrote:
and "files" to authenticate {}, get rid of "files" "512*" etc and
to authorize{} of course.
Sorry for that.
K. Hoercher
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
e of coming from radreply table)
won't work. See doc/processing_users_file, doc/aaa.txt, "man users"
etc.
hth
K. Hoercher
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
s further down the line. You should check that.
regards
K. Hoercher
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
"actual
section" by their name.
regards
K. Hoercher
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
INSTALL (provided you even talk about
freeradius) etc. and almost daily on this list. Even if someone would
know anything more specific than me, I think (s)he would consider it
too burdensome to reply to such a broad question.
regards
K. Hoercher
-
List info/subscribe/unsubscribe? See http://ww
n the comments looks preferable, at least until you
get some working config.
regards
K. Hoercher
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
ere, done that *g*).
Something to those effects regarding chilli.conf.
Some of that might have been ruled out/in already, had you provided
the full debug output and pertinent snippets from your config.
Sniff the radius traffic, and check validity manually. See src/lib/hmac.c
hth
K. Hoercher
-
request reveiced by radius server:
As I told you in another thread, those first 6 requests are part of
the ongoing EAP negotiation. To sort out any timing problems it would
be helpful to show the log at least up to the point when the server
sends either Access-Accept or Access-Reject.
regard
; parts of the _full_ debug output.
regards
K. Hoercher
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
you still chose not to
provide here.
regards
K. Hoercher
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
all[authenticate]: module "eap" returns invalid for request 1^M
modcall: leaving group authenticate (returns invalid) for request 1^M
Thats pretty much non-informative. In case, the above fix does not yet
yield the desired results, provide the full debug output.
regards
K. Hoercher
-
List i
equest timed out OR EAP-response to an unknown
EAP-request^M
That does look strange (and might indicate your real problem), if it
still persists with the suggested changes it might be useful to dig
further into that. Perhaps you could add another -x to the freeradius
invocation to
e behaviour of the server?)
regards
K. Hoercher
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
n't have a clear understanding of
what the meaning of "different subnet mask"s in that context could
possibly be, under sort of normal circumstances dhcp would happen
after users' machines associate/authenticate on an ap.
regards
K. Hoercher
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
ferent inputs. Any more specific suggestions
could only arise from you telling what the aps do (other than putting
users on different subnets, which is possible too, but not desireable
I think) ; more to the point: what (which attributes) do they send in
which situations, and what reaction yo
t; message meaning that no error occured.
hth
K. Hoercher
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
eral a question to give an useful answer. Keep in mind
that "authenticating" against ldap by binding the user's dn, will not
work for EAP(-PEAP)
Regards
K. Hoercher
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
lines 21-28
of said rules file.
apt-get install libssl-dev
dpkg-buildpackage -us -us -rfakeroot -d
dpkg -i
Before ./configure set --with-rlm_eap_tls in makefile. i think
As you don't call ./configure manually there is no business of that.
Anyway you should not mess around in ma
") and
while perhaps technically possible, ill advised from the SSL/TLS point
of view.
Good starting points for further reading would be RFCs 2716 and 2246,
maybe documentation of openssl.
Regards
K. Hoercher
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
7;t be able to crash the authentication server
but it looks curious. Perhaps someone might find that information
helpful.
regards
K. Hoercher
radius_debug.log
Description: Binary data
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
rce package).
Under normal circumstances you cannot/should not mix interdependent
packages from different sources. That leads to conflicting
dependencies as you are told by apt-get. Those are there for a reason.
hth
K. Hoercher
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Some hint in my notes says
HKEY_CURRENT_USER\Software\Microsoft\Eapol\UserEapInfo
I'm not sure if you have to delete it, or to put some value 0 into it.
But I remember it being quite obvious.
HTH
Klaus Hoercher
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
On 4/27/06, Krämer Armin <[EMAIL PROTECTED]> wrote:
> Hi, i downloaded the source of freeradius 1.1.1 and compiled it with default
> setting which does not include eap-tls support. What do I have to change to
If you dl'ed upstream tarball, the debian/rules defaults to building
with eap-tls. If you
68 matches
Mail list logo