>2.0.4 should be available for Debian.<br>I know, 2.0.4 freeradius is available for debian lenny but not etch unfortunately.<br><br>>2. Use EAP-TLS to connect (Smart card or certificate in Windows speak).<br>Could you write me where in config put that? I tried described below but it doesnt work<br>
eap.conf:<br> eap {<br> default_eap_type = tls<br> ....<br> }<br>and I set up on xp: <br>local connection->properites->authentication->smart card or certificate, and I chose my cacert.pem <br>
<br>how to configure it that way?<br>thank you for rapid answer.<br>Bartosz.<br><br><br><br><br><div class="gmail_quote">On Thu, May 14, 2009 at 12:54 PM, Ivan Kalik <span dir="ltr"><<a href="mailto:tnt@kalik.net">tnt@kalik.net</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;"><div class="im">> I have freeradius with eap support on debian etch, radius v1.1.3<br>
<br>
</div>2.0.4 should be available for Debian. Upgrade. Vista doesn't work with<br>
1.1.3. And you will have problems with XP SP3.<br>
<div><div></div><div class="h5"><br>
> "everthing" working fine but I'd like to have much more simple<br>
> configuration<br>
> only by certificate and nothing more,<br>
> so I have few question:<br>
><br>
> 1.<br>
> fragment of my log first, before question<br>
> Listening on authentication *:1812<br>
> Listening on accounting *:1813<br>
> Ready to process requests.<br>
> rad_recv: Access-Request packet from host <a href="http://192.168.5.206:1812" target="_blank">192.168.5.206:1812</a>, id=182,<br>
> length=159<br>
> NAS-IP-Address = 192.168.5.206<br>
> NAS-Port = 50046<br>
> NAS-Port-Type = Ethernet<br>
> User-Name = "PC-01\\Administrator"<br>
> Called-Station-Id = "00-0C-30-81-9B-EE"<br>
> Calling-Station-Id = "00-0A-E4-13-1A-02"<br>
> Service-Type = Framed-User<br>
> Framed-MTU = 1500<br>
> EAP-Message =<br>
> 0x0200001b014e4c504c2d4943455c41646d696e6973747261746f72<br>
> Message-Authenticator = 0xe0b4e2966553f890137d9e56bebd0b3d<br>
> Processing the authorize section of radiusd.conf<br>
> modcall: entering group authorize for request 0<br>
> modcall[authorize]: module "preprocess" returns ok for request 0<br>
> modcall[authorize]: module "mschap" returns noop for request 0<br>
> rlm_realm: No '@' in User-Name = "PC-01\Administrator", looking up<br>
> realm<br>
> NULL<br>
> rlm_realm: No such realm "NULL"<br>
> modcall[authorize]: module "suffix" returns noop for request 0<br>
><br>
> my users file contain:<br>
> "PC-01\\Administrator" User-Password == "passwd"<br>
><br>
> how can I avoid this value PC-01 ?, its really annoying, I would like to<br>
> have only real user, PC-01 is "my computer -> properties -> computer name<br>
> -><br>
> full computer name". I would like to have only username (with no matter of<br>
> case sensitive).<br>
<br>
</div></div>1. Don't use windows logon name. Untick that when you are making the<br>
connection.<br>
<br>
2. You can't strip username in EAP. Use ntdomain. It's listed but<br>
commented out in default configuration.<br>
<div class="im"><br>
> sth like<br>
> "administrator" User-Password == "passwd"<br>
><br>
<br>
</div>For that to work add domain bit as local realm to proxy.conf.<br>
<div class="im"><br>
> 2.<br>
> I would like to use only certificate to check wheter or not some computer<br>
> should have network connection,<br>
> I dont care about login or password,<br>
> if client has a valid cacert.pem installed on pc (windows xp) it should<br>
> grant acces to network, is it possible to do that?<br>
<br>
</div>Use EAP-TLS to connect (Smart card or certificate in Windows speak).<br>
<div class="im"><br>
> 3.<br>
> when I read log from freeradius -X I see that one pc need to have<br>
> 7requests<br>
> in freeradius and in 8-th request is accepted, is it ok?<br>
><br>
<br>
</div>Yes.<br>
<br>
Ivan Kalik<br>
Kalik Informatika ISP<br>
<br>
-<br>
List info/subscribe/unsubscribe? See <a href="http://www.freeradius.org/list/users.html" target="_blank">http://www.freeradius.org/list/users.html</a><br>
</blockquote></div><br>