Hi all,<br> <br>I am trying to authenticate netscreen 5gt from a radius server.<br><br>I have done the following config on netscreen..<br><br>set auth-server "radius1" id 1<br>set auth-server "radius1" server-name "
<a href="http://192.168.1.50">192.168.1.50</a>"<br>set auth-server "radius1" timeout 30<br>set auth-server "radius1" forced-timeout 60<br>set auth-server "radius1" radius port 1812<br>set auth-server "radius1" radius secret "testing123"
<br>set auth radius accounting port 1813<br><br>and on radius side..i have made a local user.<br><br>net Cleartext-Password := "net"<br><br>but i am not able to authenticate...Netscreen is not sending anythin to radius server..i can't see any logs in radius (running in debug mode).
<br><br>Kindly suggest..<br><br>Thanks,<br><br><div><span class="gmail_quote">On 9/10/07, <b class="gmail_sendername"><a href="mailto:freeradius-users-request@lists.freeradius.org">freeradius-users-request@lists.freeradius.org
</a></b> <<a href="mailto:freeradius-users-request@lists.freeradius.org">freeradius-users-request@lists.freeradius.org</a>> wrote:</span><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
Send Freeradius-Users mailing list submissions to<br> <a href="mailto:freeradius-users@lists.freeradius.org">freeradius-users@lists.freeradius.org</a><br><br>To subscribe or unsubscribe via the World Wide Web, visit
<br> <a href="http://lists.freeradius.org/mailman/listinfo/freeradius-users">http://lists.freeradius.org/mailman/listinfo/freeradius-users</a><br>or, via email, send a message with subject or body 'help' to
<br> <a href="mailto:freeradius-users-request@lists.freeradius.org">freeradius-users-request@lists.freeradius.org</a><br><br>You can reach the person managing the list at<br> <a href="mailto:freeradius-users-owner@lists.freeradius.org">
freeradius-users-owner@lists.freeradius.org</a><br><br>When replying, please edit your Subject line so it is more specific<br>than "Re: Contents of Freeradius-Users digest..."<br><br><br>Today's Topics:<br><br>
1. Re: Freeradius+Active directory - router login authentciation<br> (Turbo Fredriksson)<br> 2. two different enable passwords. (ashish verma)<br><br><br>----------------------------------------------------------------------
<br><br>Message: 1<br>Date: Mon, 10 Sep 2007 13:06:29 +0200<br>From: Turbo Fredriksson <<a href="mailto:turbo@dagdrivarn.se">turbo@dagdrivarn.se</a>><br>Subject: Re: Freeradius+Active directory - router login authentciation
<br>To: <a href="mailto:freeradius-users@lists.freeradius.org">freeradius-users@lists.freeradius.org</a><br>Message-ID: <<a href="mailto:878x7eok3u.fsf@pumba.bayour.com">878x7eok3u.fsf@pumba.bayour.com</a>><br>Content-Type: text/plain; charset=us-ascii
<br><br>Quoting "Rakesh Jha" <<a href="mailto:rakesh@burgan.com">rakesh@burgan.com</a>>:<br><br>I'm far from an expert in FreeRADIUS (so take what I say with a<br>grane of salt), but I instantly noticed this.
<br><br>> tls: private_key_file = "/usr/local/etc/raddb/certs/cert-srv.pem"<br>> tls: certificate_file = "/usr/local/etc/raddb/certs/cert-srv.pem"<br>> tls: CA_file = "/usr/local/etc/raddb/certs/demoCA/cacert.pem"
<br>> tls: check_cert_cn = "(null)"<br>> tls: cipher_list = "(null)"<br>> tls: check_cert_issuer = "(null)"<br>> rlm_eap_tls: Loading the certificate file as a chain<br>> rlm_eap_tls: Unable to open DH file - (null)
<br>> rlm_eap: Failed to initialize type tls<br><br>It can't open the 'DH file' (don't quite know which one that is),<br>but I would assume that it's some (or maybe all?) of the first<br>three files. Do they exist? Does the freeradius daemon have the
<br>right to _read_ those files (are you running the daemon under some<br>user _not_ root). I run (default in Debian GNU/Linux) the daemon<br>under the 'freerad' user so this user must be able to read the<br>files mentioned (AND have the right to access all directory paths
<br>before it).<br><br>Also, the 'check_cert_cn' is empty. If you don't use it, uncomment<br>it in the config file. probably goes for the options 'check_cert_cn'<br>and 'check_cert_issuer' to.<br>
<br>I DO use them, and my eap.conf file looks like this:<br><br>----- s n i p -----<br>celia:~# egrep 'check_cert_issuer|check_cert_cn|cipher_list' /etc/freeradius/eap.conf<br> check_cert_issuer = "<see below>"
<br> check_cert_cn = %{User-Name}<br> cipher_list = "DEFAULT"<br>----- s n i p -----<br><br>The 'check_cert_issuer' value is a little personal (something<br>
I wouldn't want to post to the 'Net) but is the value<br>found in the 'subject' line when running the command:<br><br> openssl x509 -subject -noout -in <cacert><br><br>----- s n i p -----<br>celia:~# openssl x509 -subject -noout -in /etc/ssl/CA/cacert.pem
<br>subject= <secret><br>----- s n i p -----<br><br>> radiusd.conf[10]: eap: Module instantiation failed.<br>> radiusd.conf[1962] Unknown module "eap".<br>> radiusd.conf[1909] Failed to parse authenticate section.
<br><br>These will probably go away once you have fixed the tls parts<br>above...<br><br>> As you have written 'as are most "helpful" pages not on <a href="http://freeradius.org">freeradius.org</a>',<br>
> can you please suggest some links which guide correctly to configure<br>> radius, openssl and active directory.<br><br>I think Alan is a little 'judgmental' (wrong choice, but I<br>can't quite get the exact translation of what I meant) if here.
<br>I would to if (since!) people don't think for them self and<br>only follow external 'documentation' by the letter without<br>trying to actually understand what it means...<br><br>Following ANY documentation require UNDERSTANDING! Not HOW,
<br>but WHY ('... a certain option is used with a special value').<br><br>DISCLAIMER (before Alan slaps me :): I'm in no way better<br> my self - I'm lousy in reading documentation.<br> I only read a little here and a little there,
<br> but I (almost) always understand the parts that<br> I DO read :)<br><br><br>------------------------------<br><br>Message: 2<br>Date: Mon, 10 Sep 2007 17:21:34 +0530<br>From: "ashish verma" <
<a href="mailto:ashish.scit@gmail.com">ashish.scit@gmail.com</a>><br>Subject: two different enable passwords.<br>To: <a href="mailto:freeradius-users@lists.freeradius.org">freeradius-users@lists.freeradius.org</a><br>Message-ID:
<br> <<a href="mailto:11b554120709100451v630a635fj48f54a6660c46216@mail.gmail.com">11b554120709100451v630a635fj48f54a6660c46216@mail.gmail.com</a>><br>Content-Type: text/plain; charset="iso-8859-1"<br>
<br>Hi all,<br><br>I have radius-ldap setup for authenticating network devices.<br><br>I have small doubt here.<br><br>Is it possible to have different enable passwords for different huntgroups?<br><br>For e.g. i have 2 huntgroups. one for cisco switches and one for cisco
<br>routers and I want to have different enable passwords for both.<br><br>Currently i have only one entry for enable password and that is commom for<br>all the cisco devices.<br><br><br>On 9/10/07, <a href="mailto:freeradius-users-request@lists.freeradius.org">
freeradius-users-request@lists.freeradius.org</a> <<br><a href="mailto:freeradius-users-request@lists.freeradius.org">freeradius-users-request@lists.freeradius.org</a>> wrote:<br>><br>> Send Freeradius-Users mailing list submissions to
<br>> <a href="mailto:freeradius-users@lists.freeradius.org">freeradius-users@lists.freeradius.org</a><br>><br>> To subscribe or unsubscribe via the World Wide Web, visit<br>> <a href="http://lists.freeradius.org/mailman/listinfo/freeradius-users">
http://lists.freeradius.org/mailman/listinfo/freeradius-users</a><br>> or, via email, send a message with subject or body 'help' to<br>> <a href="mailto:freeradius-users-request@lists.freeradius.org">
freeradius-users-request@lists.freeradius.org</a><br>><br>> You can reach the person managing the list at<br>> <a href="mailto:freeradius-users-owner@lists.freeradius.org">freeradius-users-owner@lists.freeradius.org
</a><br>><br>> When replying, please edit your Subject line so it is more specific<br>> than "Re: Contents of Freeradius-Users digest..."<br>><br>><br>> Today's Topics:<br>><br>> 1. RE: Freeradius+Active directory - router login authentciation
<br>> (Rakesh Jha)<br>> 2. Re: Freeradius doesn't detect EAP when authenticating against<br>> MySQL (Andrew Rowson)<br>> 3. RE : LOGs of eap-tls authentication (inelec communication)<br>> 4. Re: Freeradius doesn't detect EAP when authenticating against
<br>> MySQL (Alan DeKok)<br>><br>><br>> ----------------------------------------------------------------------<br>><br>> Message: 1<br>> Date: Mon, 10 Sep 2007 09:21:42 +0300<br>> From: "Rakesh Jha" <
<a href="mailto:rakesh@burgan.com">rakesh@burgan.com</a>><br>> Subject: RE: Freeradius+Active directory - router login authentciation<br>> To: "FreeRadius users mailing list"<br>> <<a href="mailto:freeradius-users@lists.freeradius.org">
freeradius-users@lists.freeradius.org</a>><br>> Message-ID:<br>> <<a href="mailto:A928C53C7FC96746A7C07338F009DCA00C4D37@BB-MAIL.main.burgan.bnk">A928C53C7FC96746A7C07338F009DCA00C4D37@BB-MAIL.main.burgan.bnk
</a>><br>> Content-Type: text/plain; charset="us-ascii"<br>><br>> Alan,<br>><br>> Please see the complete output of radiusd -X as following -<br>><br>> Starting - reading configuration files ...
<br>> reread_config: reading radiusd.conf<br>> Config: including file: /usr/local/etc/raddb/proxy.conf<br>> Config: including file: /usr/local/etc/raddb/clients.conf<br>> Config: including file: /usr/local/etc/raddb/snmp.conf
<br>> Config: including file: /usr/local/etc/raddb/eap.conf<br>> Config: including file: /usr/local/etc/raddb/sql.conf<br>> main: prefix = "/usr/local"<br>> main: localstatedir = "/usr/local/var"
<br>> main: logdir = "/usr/local/var/log/radius"<br>> main: libdir = "/usr/local/lib"<br>> main: radacctdir = "/usr/local/var/log/radius/radacct"<br>> main: hostname_lookups = no<br>
> main: max_request_time = 30<br>> main: cleanup_delay = 5<br>> main: max_requests = 1024<br>> main: delete_blocked_requests = 0<br>> main: port = 0<br>> main: allow_core_dumps = no<br>> main: log_stripped_names = no
<br>> main: log_file = "/usr/local/var/log/radius/radius.log"<br>> main: log_auth = no<br>> main: log_auth_badpass = no<br>> main: log_auth_goodpass = no<br>> main: pidfile = "/usr/local/var/run/radiusd/radiusd.pid"
<br>> main: user = "(null)"<br>> main: group = "(null)"<br>> main: usercollide = no<br>> main: lower_user = "no"<br>> main: lower_pass = "no"<br>> main: nospace_user = "no"
<br>> main: nospace_pass = "no"<br>> main: checkrad = "/usr/local/sbin/checkrad"<br>> main: proxy_requests = yes<br>> proxy: retry_delay = 5<br>> proxy: retry_count = 3<br>> proxy: synchronous = no
<br>> proxy: default_fallback = yes<br>> proxy: dead_time = 120<br>> proxy: post_proxy_authorize = no<br>> proxy: wake_all_if_all_dead = no<br>> security: max_attributes = 200<br>> security: reject_delay = 1
<br>> security: status_server = no<br>> main: debug_level = 0<br>> read_config_files: reading dictionary<br>> read_config_files: reading naslist<br>> Using deprecated naslist file. Support for this will go away soon.
<br>> read_config_files: reading clients<br>> read_config_files: reading realms<br>> radiusd: entering modules setup<br>> Module: Library search path is /usr/local/lib<br>> Module: Loaded exec<br>> exec: wait = yes
<br>> exec: program = "(null)"<br>> exec: input_pairs = "request"<br>> exec: output_pairs = "(null)"<br>> exec: packet_type = "(null)"<br>> rlm_exec: Wait=yes but no output defined. Did you mean output=none?
<br>> Module: Instantiated exec (exec)<br>> Module: Loaded expr<br>> Module: Instantiated expr (expr)<br>> Module: Loaded PAP<br>> pap: encryption_scheme = "crypt"<br>> pap: auto_header = yes<br>
> Module: Instantiated pap (pap)<br>> Module: Loaded CHAP<br>> Module: Instantiated chap (chap)<br>> Module: Loaded MS-CHAP<br>> mschap: use_mppe = yes<br>> mschap: require_encryption = no<br>> mschap: require_strong = no
<br>> mschap: with_ntdomain_hack = yes<br>> mschap: passwd = "(null)"<br>> mschap: ntlm_auth = "/usr/bin/ntlm_auth --request-nt-key<br>> --domain=%{mschap:NT-D<br>> omain:-burgan_dom} --username=%{mschap:User-Name:-None}
<br>> --challenge=%{mschap:Cha<br>> llenge:-00} --nt-response=%{mschap:NT-Response:-00}"<br>> Module: Instantiated mschap (mschap)<br>> Module: Loaded System<br>> unix: cache = no<br>> unix: passwd = "(null)"
<br>> unix: shadow = "(null)"<br>> unix: group = "(null)"<br>> unix: radwtmp = "/usr/local/var/log/radius/radwtmp"<br>> unix: usegroup = no<br>> unix: cache_reload = 600<br>> Module: Instantiated unix (unix)
<br>> Module: Loaded eap<br>> eap: default_eap_type = "tls"<br>> eap: timer_expire = 60<br>> eap: ignore_unknown_eap_types = no<br>> eap: cisco_accounting_username_bug = no<br>> rlm_eap: Loaded and initialized type md5
<br>> rlm_eap: Loaded and initialized type leap<br>> gtc: challenge = "Password: "<br>> gtc: auth_type = "PAP"<br>> rlm_eap: Loaded and initialized type gtc<br>> tls: rsa_key_exchange = no
<br>> tls: dh_key_exchange = yes<br>> tls: rsa_key_length = 512<br>> tls: dh_key_length = 512<br>> tls: verify_depth = 0<br>> tls: CA_path = "(null)"<br>> tls: pem_file_type = yes<br>> tls: private_key_file = "/usr/local/etc/raddb/certs/cert-
srv.pem"<br>> tls: certificate_file = "/usr/local/etc/raddb/certs/cert-srv.pem"<br>> tls: CA_file = "/usr/local/etc/raddb/certs/demoCA/cacert.pem"<br>> tls: private_key_password = "whatever"
<br>> tls: dh_file = "(null)"<br>> tls: random_file = "/dev/urandom"<br>> tls: fragment_size = 1024<br>> tls: include_length = yes<br>> tls: check_crl = no<br>> tls: check_cert_cn = "(null)"
<br>> tls: cipher_list = "(null)"<br>> tls: check_cert_issuer = "(null)"<br>> rlm_eap_tls: Loading the certificate file as a chain<br>> rlm_eap_tls: Unable to open DH file - (null)<br>> rlm_eap: Failed to initialize type tls
<br>> radiusd.conf[10]: eap: Module instantiation failed.<br>> radiusd.conf[1962] Unknown module "eap".<br>> radiusd.conf[1909] Failed to parse authenticate section.<br>><br>> As you have written 'as are most "helpful" pages not on
<a href="http://freeradius.org">freeradius.org</a>',<br>> can you please suggest some links which guide correctly to configure<br>> radius, openssl and active directory.<br>><br>> Thanks a lot,<br>> Rakesh Jha
<br>><br>> -----Original Message-----<br>> From: <a href="mailto:freeradius-users-bounces@lists.freeradius.org">freeradius-users-bounces@lists.freeradius.org</a><br>> [mailto:<a href="mailto:freeradius-users-bounces@lists.freeradius.org">
freeradius-users-bounces@lists.freeradius.org</a>] On Behalf Of Alan<br>> DeKok<br>> Sent: Monday, September 10, 2007 8:35 AM<br>> To: FreeRadius users mailing list<br>> Subject: Re: Freeradius+Active directory - router login authentciation
<br>><br>> Rakesh Jha wrote:<br>> ...<br>> > After following FreeRADIUS Tutorial for AD integration I am not able<br>> to<br>> > start radius daemon as it complains -<br>> ><br>> > radiusd.conf
[10]: eap: Module instantiation failed.<br>> > radiusd.conf[1962] Unknown module "eap".<br>> > radiusd.conf[1909] Failed to parse authenticate section.<br>><br>> I'm at a bit of a loss for why so many people are so insistent on
<br>> removing all useful messages.<br>><br>> Attention:<br>> Any non-official business related views, opinions and other information<br>> presented in this electronic mail<br>> are solely those of the sender/author.
<br>> Burgan Bank does not endorse or accept responsibility for their opinions.<br>> If you are not the addressed<br>> indicated in this mail or responsible for delivering this message to the<br>> intended,<br>
> you should delete this message and notify the sender immediately.<br>> -------------------------------------------------------<br>> Burgan Bank S.A.K<br>> <a href="http://www.burgan.com">www.burgan.com</a><br>
><br>><br>><br>> ------------------------------<br>><br>> Message: 2<br>> Date: Mon, 10 Sep 2007 08:47:09 +0100<br>> From: Andrew Rowson <<a href="mailto:freeradius@growse.com">freeradius@growse.com
</a>><br>> Subject: Re: Freeradius doesn't detect EAP when authenticating against<br>> MySQL<br>> To: FreeRadius users mailing list<br>> <<a href="mailto:freeradius-users@lists.freeradius.org">
freeradius-users@lists.freeradius.org</a>><br>> Message-ID: <<a href="mailto:b03eaa106466517b3d809c38044273f9@ticklemail.mrmen.home">b03eaa106466517b3d809c38044273f9@ticklemail.mrmen.home</a>><br>> Content-Type: text/plain; charset="UTF-8"
<br>><br>><br>><br>> On Mon, 10 Sep 2007 07:31:04 +0200, Alan DeKok <<a href="mailto:aland@deployingradius.com">aland@deployingradius.com</a>><br>> wrote:<br>> > Andrew Rowson wrote:<br>> >> Looking over it, it seems that a problem comes up with the MSCHAP bit:
<br>> >><br>> >> rlm_mschap: No User-Password configured. Cannot create LM-Password.<br>> >> rlm_mschap: No User-Password configured. Cannot create NT-Password.<br>> >> rlm_mschap: Told to do MS-CHAPv2 for growse with NT-Password
<br>> >> rlm_mschap: FAILED: No NT/LM-Password. Cannot perform<br>> authentication.<br>> >> rlm_mschap: FAILED: MS-CHAP2-Response is incorrect<br>> >> modcall[authenticate]: module "mschap" returns reject for request 14
<br>> >><br>> >> This appears to imply that there's no User-Password entry found<br>> anywhere<br>> >> for the user in the database. This would be correct, as the attribute<br>> in<br>
> >> the radcheck table is set to Cleartext-Password. Anything other than<br>> >> Cleartext-Password and freeradius doesn't attempt an auth-type of EAP,<br>> >> but Local instead, going back to my original problem.
<br>> ><br>> > What does the database contain? Cleartext-Password == password,<br>> > or Cleartext-Password := password ?<br>> ><br>><br>> The database contains Cleartext-Password == password. I've tried it with
<br>> :=, but if I remember correctly that fails as well, with the Auth-type<br>> being set to local again. I'll see if I can get a log of that failure as<br>> well, if it'd be helpful?<br>><br>> Andrew
<br>><br>><br>><br>> ------------------------------<br>><br>> Message: 3<br>> Date: Mon, 10 Sep 2007 10:23:19 +0200 (CEST)<br>> From: inelec communication <<a href="mailto:inelec_communication@yahoo.fr">
inelec_communication@yahoo.fr</a>><br>> Subject: RE : LOGs of eap-tls authentication<br>> To: FreeRadius users mailing list<br>> <<a href="mailto:freeradius-users@lists.freeradius.org">freeradius-users@lists.freeradius.org
</a>><br>> Message-ID: <<a href="mailto:60722.76768.qm@web26011.mail.ukl.yahoo.com">60722.76768.qm@web26011.mail.ukl.yahoo.com</a>><br>> Content-Type: text/plain; charset="iso-8859-1"<br>><br>> hello,
<br>> running radius in debug mode doesn't give any log file ,i meen it<br>> doesn't give logs in radiusd.log ; if you give me your result when you<br>> have rubn radiusd -X -A perhaps i can help<br>>
<br>> regards<br>><br>><br>> <a href="mailto:anoop_c@sifycorp.com">anoop_c@sifycorp.com</a> a ?crit :<br>><br>> Hi 1 I am using eap-tls authentication.My setup is working well with<br>> certificates. I am unable to get logs of user login ok or denied in
<br>> the radius.log file [root@anoop sbin]# radiusd -X -A Starting -<br>> reading configuration files ... reread_config: reading radiusd.conf Config:<br>> including file: /etc/raddb/proxy.conf Config: including file:
<br>> /etc/raddb/clients.conf Config: including file:<br>> /etc/raddb/snmp.conf Config: including file:<br>> /etc/raddb/eap.conf Config: including file: /etc/raddb/sql.conf main:<br>> prefix = \"/usr/local\" main: localstatedir = \"/usr/local/var\" main:
<br>> logdir = \"/usr/local/var/log/radius\" main: libdir = \"/usr/local/lib\"<br>> main: radacctdir = \"/usr/local/var/log/radius/radacct\" main:<br>> hostname_lookups = no main: snmp = no main: max_request_time = 30
<br>> main: cleanup_delay = 5 main: max_requests = 1024 main:<br>> delete_blocked_requests = 0 main: port = 0 main: allow_core_dumps = no<br>> main: log_stripped_names<br>> = yes main: log_file = \"/usr/local/var/log/radius/radius.log\" main:
<br>> log_auth = yes main: log_auth_badpass = yes main: log_auth_goodpass =<br>> yes main: pidfile = \"/usr/local/var/run/radiusd/radiusd.pid\" main:<br>> user = \"(null)\" main: group = \"(null)\" main: usercollide = no
<br>> main: lower_user = \"no\" main: lower_pass = \"no\" main: nospace_user =<br>> \"no\" main: nospace_pass = \"no\" main: checkrad =<br>> \"/usr/local/sbin/checkrad\" main: proxy_requests = yes proxy:
<br>> retry_delay = 5 proxy: retry_count = 3 proxy: synchronous = no proxy:<br>> default_fallback = yes proxy: dead_time = 120 proxy:<br>> post_proxy_authorize = no proxy: wake_all_if_all_dead = no security:
<br>> max_attributes = 200 security: reject_delay = 1 security: status_server<br>> = no main: debug_level = 0 read_config_files: reading<br>> dictionary read_config_files: reading naslist Using deprecated naslist
<br>> file. Support for this will go away soon. read_config_files: reading<br>> clients<br>> read_config_files: reading realms radiusd: entering modules<br>> setup Module: Library search path is /usr/local/lib Module: Loaded exec
<br>> exec: wait = yes exec: program = \"(null)\" exec: input_pairs =<br>> \"request\" exec: output_pairs = \"(null)\" exec: packet_type =<br>> \"(null)\" rlm_exec: Wait=yes but no output defined. Did you mean
<br>> output=none? Module: Instantiated exec (exec) Module: Loaded expr Module:<br>> Instantiated expr (expr) Module: Loaded System unix: cache = no unix:<br>> passwd = \"(null)\" unix: shadow = \"(null)\" unix: group = \"(null)\"
<br>> unix: radwtmp = \"/usr/local/var/log/radius/radwtmp\" unix: usegroup =<br>> no unix: cache_reload = 600 Module: Instantiated unix (unix) Module:<br>> Loaded eap eap: default_eap_type = \"tls\" eap: timer_expire = 60 eap:
<br>> ignore_unknown_eap_types = no eap: cisco_accounting_username_bug =<br>> no rlm_eap: Loaded and initialized type md5 rlm_eap: Loaded and<br>> initialized type leap gtc: challenge = \"Password: \"
<br>> gtc: auth_type = \"PAP\" rlm_eap: Loaded and initialized type gtc tls:<br>> rsa_key_exchange = no tls: dh_key_exchange = yes tls: rsa_key_length =<br>> 512 tls: dh_key_length = 512 tls: verify_depth = 0 tls: CA_path =
<br>> \"(null)\" tls: pem_file_type = yes tls: private_key_file =<br>> \"/etc/1x/07xwifi.pem\" tls: certificate_file = \"/etc/1x/07xwifi.pem\"<br>> tls: CA_file = \"/etc/1x/root.pem\" tls: private_key_password =
<br>> \"password\" tls: dh_file = \"/etc/1x/DH\" tls: random_file =<br>> \"/etc/1x/random\" tls: fragment_size = 1024 tls: include_length = yes<br>> tls: check_crl = no tls: check_cert_cn = \"(null)\" tls: cipher_list =
<br>> \"(null)\" tls: check_cert_issuer = \"(null)\" rlm_eap_tls: Loading the<br>> certificate file as a chain WARNING: rlm_eap_tls: Unable to set DH<br>> parameters. DH cipher suites may not work! WARNING: Fix this by running
<br>> the OpenSSL command listed in eap.conf rlm_eap: Loaded and initialized<br>> type tls mschapv2: with_ntdomain_hack = no<br>> rlm_eap: Loaded and initialized type mschapv2 Module: Instantiated eap<br>> (eap) Module: Loaded preprocess preprocess: huntgroups =
<br>> \"/etc/raddb/huntgroups\" preprocess: hints = \"/etc/raddb/hints\"<br>> preprocess: with_ascend_hack = no preprocess: ascend_channels_per_line =<br>> 23 preprocess: with_ntdomain_hack = no preprocess:
<br>> with_specialix_jetstream_hack = no preprocess: with_cisco_vsa_hack = no<br>> preprocess: with_alvarion_vsa_hack = no Module: Instantiated preprocess<br>> (preprocess) Module: Loaded realm realm: format = \"suffix\" realm:
<br>> delimiter = \"@\" realm: ignore_default = no realm: ignore_null =<br>> no Module: Instantiated realm (suffix) Module: Loaded files files:<br>> usersfile = \"/etc/raddb/users\" files: acctusersfile =
<br>> \"/etc/raddb/acct_users\" files: preproxy_usersfile =<br>> \"/etc/raddb/preproxy_users\" files: compat = \"no\" Module: Instantiated<br>> files (files) Module: Loaded Acct-Unique-Session-Id acct_unique: key =
<br>> \"User-Name,<br>> Acct-Session-Id, NAS-IP-Address, Client-IP-Address, NAS-Port\" Module:<br>> Instantiated acct_unique (acct_unique) Module: Loaded detail detail:<br>> detailfile =<br>> \"/usr/local/var/log/radius/radacct/%{Client-IP-Address}/detail-%Y%m%d\"
<br>> detail: detailperm = 384 detail: dirperm = 493 detail: locking =<br>> no Module: Instantiated detail (detail) Module: Loaded radutmp radutmp:<br>> filename = \"/usr/local/var/log/radius/radutmp\" radutmp: username =
<br>> \"%{User-Name}\" radutmp: case_sensitive = yes radutmp: check_with_nas =<br>> yes radutmp: perm = 384 radutmp: callerid = yes Module: Instantiated<br>> radutmp (radutmp) Listening on authentication *:1812 Listening on
<br>> accounting *:1813 Ready to process requests. 2 I am using certificate<br>> based authentication so do i need to edit anything in the users<br>> file/ Thanks and regards Anoop<br>><br>><br>> -
<br>> List info/subscribe/unsubscribe? See<br>> <a href="http://www.freeradius.org/list/users.html">http://www.freeradius.org/list/users.html</a><br>><br>><br>> ---------------------------------<br>> Ne gardez plus qu'une seule adresse mail ! Copiez vos mails vers Yahoo!
<br>> Mail<br>> -------------- next part --------------<br>> An HTML attachment was scrubbed...<br>> URL: <<br>> <a href="https://lists.freeradius.org/pipermail/freeradius-users/attachments/20070910/5b02759b/attachment-0001.html">
https://lists.freeradius.org/pipermail/freeradius-users/attachments/20070910/5b02759b/attachment-0001.html</a><br>> ><br>><br>> ------------------------------<br>><br>> Message: 4<br>> Date: Mon, 10 Sep 2007 11:15:58 +0200
<br>> From: Alan DeKok <<a href="mailto:aland@deployingradius.com">aland@deployingradius.com</a>><br>> Subject: Re: Freeradius doesn't detect EAP when authenticating against<br>> MySQL<br>> To:
<a href="mailto:freeradius@growse.com">freeradius@growse.com</a>, FreeRadius users mailing list<br>> <<a href="mailto:freeradius-users@lists.freeradius.org">freeradius-users@lists.freeradius.org</a>>
<br>> Message-ID: <<a href="mailto:46E50B4E.9050407@deployingradius.com">46E50B4E.9050407@deployingradius.com</a>><br>> Content-Type: text/plain; charset=ISO-8859-1<br>><br>> Andrew Rowson wrote:<br>> > The database contains Cleartext-Password == password. I've tried it with
<br>> > :=, but if I remember correctly that fails as well,<br>><br>> Use := for Cleartext-Password.<br>><br>> > with the Auth-type<br>> > being set to local again. I'll see if I can get a log of that failure as
<br>> > well, if it'd be helpful?<br>><br>> No.<br>><br>> Upgrade to 1.1.7, I think it solves this problem.<br>><br>> Alan DeKok.<br>><br>><br>> ------------------------------<br>
><br>> -<br>> List info/subscribe/unsubscribe? See<br>> <a href="http://www.freeradius.org/list/users.html">http://www.freeradius.org/list/users.html</a><br>><br>><br>> End of Freeradius-Users Digest, Vol 29, Issue 25
<br>> ************************************************<br>><br>-------------- next part --------------<br>An HTML attachment was scrubbed...<br>URL: <<a href="https://lists.freeradius.org/pipermail/freeradius-users/attachments/20070910/a2ffc990/attachment.html">
https://lists.freeradius.org/pipermail/freeradius-users/attachments/20070910/a2ffc990/attachment.html</a>><br><br>------------------------------<br><br>-<br>List info/subscribe/unsubscribe? See <a href="http://www.freeradius.org/list/users.html">
http://www.freeradius.org/list/users.html</a><br><br><br>End of Freeradius-Users Digest, Vol 29, Issue 27<br>************************************************<br></blockquote></div><br>