What cert import to Windows Clients

Usuário do Sistema maiconlp at ig.com.br
Fri Mar 15 19:28:10 CET 2013


Hi,

Thanks guys, I have done test imported only certificate of the Root CA
to windowS 7 and seem it's working

but now I fall in other old question as follow bellow.

I'm using PEAP on Wireless configuration and the client machine is a Windows 7

that user: d1am is on LDAP/SAMBA with attributes LM-Password and NT-Password

Why does complain about  "No Cleartext-Password configured.  Cannot
create LM-Password"

What I have do in my system ( FreeRadius, LDAP or Client machine ) to
work that integration ?

I should like my Wireless users ( Windows 7, XP and  MAC OS )  were
authenticate on LDAP through FreeRadius.

any tip is welcome

[eap] Request found, released from the list
[eap] EAP/mschapv2
[eap] processing type mschapv2
[mschapv2] # Executing group from file /etc/raddb/sites-enabled/inner-tunnel
[mschapv2] +- entering group MS-CHAP {...}
[mschap] No Cleartext-Password configured.  Cannot create LM-Password.
[mschap] No Cleartext-Password configured.  Cannot create NT-Password.
[mschap] Creating challenge hash with username: d1am
[mschap] Told to do MS-CHAPv2 for d1am with NT-Password
[mschap] FAILED: No NT/LM-Password.  Cannot perform authentication.
[mschap] FAILED: MS-CHAP2-Response is incorrect



thanks!





2013/3/14 <freeradius-users-request at lists.freeradius.org>
>
> Send Freeradius-Users mailing list submissions to
>         freeradius-users at lists.freeradius.org
>
> To subscribe or unsubscribe via the World Wide Web, visit
>         http://lists.freeradius.org/mailman/listinfo/freeradius-users
> or, via email, send a message with subject or body 'help' to
>         freeradius-users-request at lists.freeradius.org
>
> You can reach the person managing the list at
>         freeradius-users-owner at lists.freeradius.org
>
> When replying, please edit your Subject line so it is more specific
> than "Re: Contents of Freeradius-Users digest..."
>
>
> Today's Topics:
>
>    1. Re: errors when check with huntgroup (A.L.M.Buxey at lboro.ac.uk)
>    2. What cert import to Windows Clients (Usu?rio do Sistema)
>    3. Re: What cert import to Windows Clients (Alan DeKok)
>    4. Re: What cert import to Windows Clients (A.L.M.Buxey at lboro.ac.uk)
>    5. Re: How to use checkval (Danny Kurniawan)
>    6. Re: How to use checkval (Fajar A. Nugraha)
>
>
> ----------------------------------------------------------------------
>
> Message: 1
> Date: Thu, 14 Mar 2013 19:51:38 +0000
> From: A.L.M.Buxey at lboro.ac.uk
> To: FreeRadius users mailing list
>         <freeradius-users at lists.freeradius.org>
> Subject: Re: errors when check with huntgroup
> Message-ID: <20130314195138.GC31680 at lboro.ac.uk>
> Content-Type: text/plain; charset=us-ascii
>
> hi,
>
> you've edited a whole lot of stuff out of your debug log...including
> the stuff which actually matters where the failure actually occurs
> (you just kept the part where the end result was recorded).
>
> alan
>
>
> ------------------------------
>
> Message: 2
> Date: Thu, 14 Mar 2013 17:27:18 -0300
> From: Usu?rio do Sistema <maiconlp at ig.com.br>
> To: FreeRadius users mailing list
>         <freeradius-users at lists.freeradius.org>
> Subject: What cert import to Windows Clients
> Message-ID:
>
> <CAMTjHryiBvaQuDFcK4Ysf+ybk1=4nD7uMRGC+JLkYoJKYvZDHA at mail.gmail.com>
> Content-Type: text/plain; charset=ISO-8859-1
>
> Hello everyone,
>
> I have just deploy a Freeradius on CentOS 5.9 Linux machine.
>
> I should like use EAP method with TLS so I have genetated the certs. I
> had just ran bootstrap script from /etc/raddb/certs and it generated
> many files as follow
>
>  01.pem
> ca.der
> ca.key
> ca.pem
>  dh
> server.crt
> server.csr
> server.key
> server.p12
> server.pem
>
> What are that files I have import to windows clients machine ?
>
> I have installed ca.der on an windows XP but unseccessfull. I can't to
> connect at the network Wireless.
>
> I wonderful any tip about how to generate certs on freeradius and
> import they to windows machine.
>
>
> thanks
>
>
> ------------------------------
>
> Message: 3
> Date: Thu, 14 Mar 2013 16:40:37 -0400
> From: Alan DeKok <aland at deployingradius.com>
> To: FreeRadius users mailing list
>         <freeradius-users at lists.freeradius.org>
> Subject: Re: What cert import to Windows Clients
> Message-ID: <514235C5.7050601 at deployingradius.com>
> Content-Type: text/plain; charset=ISO-8859-1
>
> Usu?rio do Sistema wrote:
> > I should like use EAP method with TLS so I have genetated the certs. I
> > had just ran bootstrap script from /etc/raddb/certs and it generated
> > many files as follow
> ...
> > What are that files I have import to windows clients machine ?
>
>   Just the ca.der and client certificate.
>
> > I have installed ca.der on an windows XP but unseccessfull. I can't to
> > connect at the network Wireless.
>
>   Well... there's more to it than that.
>
> > I wonderful any tip about how to generate certs on freeradius and
> > import they to windows machine.
>
>   Read this:
>
> http://deployingradius.com/
>
>   It has a detailed set of instructions.
>
>   Or click on the "documentation" link on www.freeradius.org.  There's
> an EAP-TLS Howto.
>
>   This is all very well documented.
>
>   Alan DeKok.
>
>
> ------------------------------
>
> Message: 4
> Date: Thu, 14 Mar 2013 20:41:08 +0000
> From: A.L.M.Buxey at lboro.ac.uk
> To: FreeRadius users mailing list
>         <freeradius-users at lists.freeradius.org>
> Subject: Re: What cert import to Windows Clients
> Message-ID: <20130314204108.GG31680 at lboro.ac.uk>
> Content-Type: text/plain; charset=us-ascii
>
> Hi,
>
> >  01.pem
> > ca.der
> > ca.key
> > ca.pem
> >  dh
> > server.crt
> > server.csr
> > server.key
> > server.p12
> > server.pem
> >
> > What are that files I have import to windows clients machine ?
>
> for EAP-TLS ?   as thats a certificate authentication method you need to
> generate client certificates....the standard provided script will make
> client.*
> files and you'll need the client.der or client.cer file.
>
> > I have installed ca.der on an windows XP but unseccessfull. I can't to
> > connect at the network Wireless.
>
> doing what if you only have ca.der installed - and you put it into the
> correct
> certificate store as per microsoft docs (or various correct online
> resources)
> then you can only be doing PEAP with that windows XP client - so ensure
> its using
> a username/password that is known to the RADIUS server
>
> alan
>
>
> ------------------------------
>
> Message: 5
> Date: Fri, 15 Mar 2013 07:52:06 +0800
> From: Danny Kurniawan <danny.kurniawan at fairchildsemi.com>
> To: FreeRadius users mailing list
>         <freeradius-users at lists.freeradius.org>
> Subject: Re: How to use checkval
> Message-ID:
>
> <CANXjhbzH0tTcyOjQzkydhidKa6oVLEcgxCR-sXoXNW1LwataqA at mail.gmail.com>
> Content-Type: text/plain; charset="utf-8"
>
> Hi All,
>
> Sorry for this beginner question again. I have read the wiki & i will need
> some "hint" from any of you:
> 1. So which files that i need to download from
> http://freeradius.org/download.html ? Version 2.2.0: tar.gz OR
> Version 2.2.0: tar.bz2 ?
> 2. So after i download one of them just copy it here  : *
> /usr/src/packages/SOURCES* ? Or i should extract the content?
> 3. So the spec files has to be removed from .tar file or just copy it out?
> 4. Which file that i should edit to include this --with-edir option during
> configure ? I believe the usage of this is for radius to be able to like
> check account lockedOut, account disabled etc?
>
> Thanks a bunch
> Danny
>
> On Fri, Mar 15, 2013 at 2:00 AM, Alan DeKok
> <aland at deployingradius.com>wrote:
>
> > Danny Kurniawan wrote:
> > > I have read some article about compiling our own rpm. I only concern
> > > about the --edir integration.
> >
> >   Add that to the suse files.  Look for the script running "configure".
> >
> > > So is there any input for me whether after i upgrade using the rpm
> > > that
> > > i build my self, can i still using it with edir? As i saw somewhere
> > > article that said "make sure you used --edir option when install
> > > freeradius that doesnt come with the OS"
> >
> >   You can edit the files in the suse directory.
> >
> > > Its just this is PROD server and I'm not really expert in Linux, so if
> > > you / anyone else can give me a link or guide steps on how to upgrade
> > > the free radius manually on my SLES 10 i will be very happy.
> >
> >   See the wiki.
> >
> > http://wiki.freeradius.org/building/Build
> >
> >   Alan DeKok.
> > -
> > List info/subscribe/unsubscribe? See
> > http://www.freeradius.org/list/users.html
> >
>
>
>
> --
> Best Regards,
> Danny
> -------------- next part --------------
> An HTML attachment was scrubbed...
> URL:
> <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20130315/add36bd9/attachment-0001.html>
>
> ------------------------------
>
> Message: 6
> Date: Fri, 15 Mar 2013 12:11:12 +1100
> From: "Fajar A. Nugraha" <list at fajar.net>
> To: FreeRadius users mailing list
>         <freeradius-users at lists.freeradius.org>
> Subject: Re: How to use checkval
> Message-ID:
>
> <CAG1y0seXqZtjZrv2MEZfeEmo=RYUmzmWZj1_KGqeKAQ25WBZTA at mail.gmail.com>
> Content-Type: text/plain; charset="iso-8859-1"
>
> On Fri, Mar 15, 2013 at 10:52 AM, Danny Kurniawan <
> danny.kurniawan at fairchildsemi.com> wrote:
>
> > Hi All,
> >
> > Sorry for this beginner question again. I have read the wiki & i will
> > need
> > some "hint" from any of you:
> > 1. So which files that i need to download from
> > http://freeradius.org/download.html ? Version 2.2.0: tar.gz OR
> > Version 2.2.0: tar.bz2 ?
> >
>
> Same thing. Please spend some time to learn about archive formats. For
> example: http://www.dslreports.com/faq/3999
>
>
> > 2. So after i download one of them just copy it here  : *
> > /usr/src/packages/SOURCES* ? Or i should extract the content?
> > 3. So the spec files has to be removed from .tar file or just copy it
> > out?
> >
>
>
> This is beyond the scope of this list. Please learn about building RPM
> packages, especially on suse. Possibly ask on suse list.
>
> In general, the bundled suse spec file assumes that you have the spec file
> on SPECS directory, and the bz2 file (as well as all other files on suse
> directory) in SOURCES.
>
>
>
> > 4. Which file that i should edit to include this --with-edir option
> > during
> > configure ? I believe the usage of this is for radius to be able to like
> > check account lockedOut, account disabled etc?
> >
> >
>
> If you had learned about building RPM, you wouldn't need to ask this
> question. Please spend some time to learn about building RPM packages. The
> short version is suse's specfile uses --with-edir by default.
>
> --
> Fajar
> -------------- next part --------------
> An HTML attachment was scrubbed...
> URL:
> <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20130315/bda2e070/attachment.html>
>
> ------------------------------
>
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
>
> End of Freeradius-Users Digest, Vol 95, Issue 69
> ************************************************


More information about the Freeradius-Users mailing list