<DIV>Alan,</DIV>
<DIV> </DIV>
<DIV>Thanks for your reply.</DIV>
<DIV> </DIV>
<DIV><includetail>
<DIV>Our FreeRadius server is servering the WLAN authentication.</DIV>
<DIV> </DIV>
<DIV>For some reason, we need know the result for each authentication request, pass or fail.</DIV>
<DIV> </DIV>
<DIV>We know the post-authentication query can do something which we know who is pass.</DIV>
<DIV> </DIV>
<DIV>We don't have a method to log the rejected request.</DIV>
<DIV> </DIV>
<DIV>Thanks!</DIV>
<DIV> </DIV>
<DIV style="COLOR: #000">
<DIV style="PADDING-BOTTOM: 2px; PADDING-LEFT: 0px; PADDING-RIGHT: 0px; FONT-FAMILY: Arial Narrow; FONT-SIZE: 12px; PADDING-TOP: 2px">------------------ Original ------------------</DIV>
<DIV style="PADDING-BOTTOM: 8px; PADDING-LEFT: 8px; PADDING-RIGHT: 8px; BACKGROUND: #efefef; FONT-SIZE: 12px; PADDING-TOP: 8px">
<DIV id=menu_sender><B>From: </B> "freeradius-users"<freeradius-users-request@lists.freeradius.org>;</DIV>
<DIV><B>Date: </B> Fri, Apr 20, 2012 03:30 PM</DIV>
<DIV><B>To: </B> "freeradius-users"<freeradius-users@lists.freeradius.org>; <WBR></DIV>
<DIV></DIV>
<DIV><B>Subject: </B> Freeradius-Users Digest, Vol 84, Issue 63</DIV></DIV>
<DIV> </DIV>Send Freeradius-Users mailing list submissions to<BR>freeradius-users@lists.freeradius.org<BR><BR>To subscribe or unsubscribe via the World Wide Web, visit<BR>http://lists.freeradius.org/mailman/listinfo/freeradius-users<BR>or, via email, send a message with subject or body 'help' to<BR>freeradius-users-request@lists.freeradius.org<BR><BR>You can reach the person managing the list at<BR>freeradius-users-owner@lists.freeradius.org<BR><BR>When replying, please edit your Subject line so it is more specific<BR>than "Re: Contents of Freeradius-Users digest..."<BR><BR><BR>Today's Topics:<BR><BR> 1. Re: LDAP-FreeRadius-Cisco Switch-802.1x Fails. (Alan Buxey)<BR> 2. Re: Perl, MySQL & auth (Alan Buxey)<BR> 3. Re: Freeradius Access Requet ID (Alan DeKok)<BR> 4. Re: LDAP-FreeRadius-Cisco Switch-802.1x Fails. (Wassim Zaarour)<BR> 5. Re: LDAP-FreeRadius-Cisco Switch-802.1x Fails. (Fajar A. Nugraha)<BR> 6. Re: LDAP-FreeRadius-Cisco Switch-802.1x Fails. (Wassim Zaarour)<BR> 7. Re: LDAP-FreeRadius-Cisco Switch-802.1x Fails. (Fajar A. Nugraha)<BR><BR><BR>----------------------------------------------------------------------<BR><BR>Message: 1<BR>Date: Fri, 20 Apr 2012 07:30:20 +0100<BR>From: Alan Buxey <A.L.M.Buxey@lboro.ac.uk><BR>To: "wassim.zaarour@navlink.com" <wassim.zaarour@navlink.com>,<BR>"freeradius-users@lists.freeradius.org"<BR><freeradius-users@lists.freeradius.org><BR>Subject: Re: LDAP-FreeRadius-Cisco Switch-802.1x Fails.<BR>Message-ID: <9339D497-E840-42EF-A2D5-779F77E0F5D9@lboro.ac.uk><BR>Content-Type: text/plain; charset="utf-8"<BR><BR>Please read the mailing list archives, this very question and setup is often mentioned<BR><BR>alan<BR><BR>-------------- next part --------------<BR>An HTML attachment was scrubbed...<BR>URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20120420/e4365248/attachment-0001.html><BR><BR>------------------------------<BR><BR>Message: 2<BR>Date: Fri, 20 Apr 2012 07:35:24 +0100<BR>From: Alan Buxey <A.L.M.Buxey@lboro.ac.uk><BR>To: "fabrifloresg@gmail.com" <fabrifloresg@gmail.com>,<BR>"freeradius-users@lists.freeradius.org"<BR><freeradius-users@lists.freeradius.org><BR>Subject: Re: Perl, MySQL & auth<BR>Message-ID: <EEA07012-72B5-438B-B5CE-039B6D237BA0@lboro.ac.uk><BR>Content-Type: text/plain; charset="utf-8"<BR><BR>Hi,<BR><BR>Some interesting system problems. Did you compile FR with PERL support....or if using distros version do they have additional packages you need to install eg freeradius-perl ?<BR><BR>We use PERL here...FR compiled with it supported and just 'use DBI;' at the top of the PERL script....no need to do ANYTHING with system libs or running parameters<BR><BR>alan<BR><BR>--<BR>This smartphone has free WiFi worldwide with eduroam, now that IS smart<BR><BR>-------------- next part --------------<BR>An HTML attachment was scrubbed...<BR>URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20120420/61a728b2/attachment-0001.html><BR><BR>------------------------------<BR><BR>Message: 3<BR>Date: Fri, 20 Apr 2012 08:50:56 +0200<BR>From: Alan DeKok <aland@deployingradius.com><BR>To: FreeRadius users mailing list<BR><freeradius-users@lists.freeradius.org><BR>Subject: Re: Freeradius Access Requet ID<BR>Message-ID: <4F910750.7040104@deployingradius.com><BR>Content-Type: text/plain; charset=UTF-8<BR><BR>?????? wrote:<BR>> What is the parameter name for freeradius access requet ID?<BR>> <BR>> For example, <BR>> Called-Station-Id = "46-E7-CF-62-78-11"<BR>> Called-Station-Id is the parameter name for NAS MAC address.<BR><BR> You can't look at the access request ID. It doesn't mean anything,<BR>and there's no reason to look at it.<BR><BR> Alan DeKok.<BR><BR><BR>------------------------------<BR><BR>Message: 4<BR>Date: Fri, 20 Apr 2012 10:09:18 +0300<BR>From: Wassim Zaarour <wassim.zaarour@navlink.com><BR>To: Alan Buxey <A.L.M.Buxey@lboro.ac.uk>,<BR>"freeradius-users@lists.freeradius.org"<BR><freeradius-users@lists.freeradius.org><BR>Subject: Re: LDAP-FreeRadius-Cisco Switch-802.1x Fails.<BR>Message-ID: <CBB6E5E1.ECFF%wassim.zaarour@navlink.com><BR>Content-Type: text/plain; charset="us-ascii"<BR><BR>Hi Alan,<BR><BR>I went through the archives and did some changes but still getting the<BR>error, appreciate of you can help me a bit here.<BR><BR>I think I read that the ldap request must be proxied to the inner tunnel for<BR>it work, is that true? How can we do that?<BR><BR>Thanks<BR><BR><BR><BR>Wassim.<BR><BR><BR><BR><BR><BR><BR><BR><BR><BR><BR><BR><BR><BR><BR><BR>From: Alan Buxey <A.L.M.Buxey@lboro.ac.uk><BR>Date: Friday, April 20, 2012 9:30 AM<BR>To: Wassim Zaarour <wassim.zaarour@navlink.com>,<BR>"freeradius-users@lists.freeradius.org"<BR><freeradius-users@lists.freeradius.org><BR>Subject: Re: LDAP-FreeRadius-Cisco Switch-802.1x Fails.<BR><BR>Please read the mailing list archives, this very question and setup is often<BR>mentioned<BR><BR>alan<BR><BR><BR><BR>-------------- next part --------------<BR>An HTML attachment was scrubbed...<BR>URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20120420/a4e6bd5e/attachment-0001.html><BR><BR>------------------------------<BR><BR>Message: 5<BR>Date: Fri, 20 Apr 2012 14:15:59 +0700<BR>From: "Fajar A. Nugraha" <list@fajar.net><BR>To: FreeRadius users mailing list<BR><freeradius-users@lists.freeradius.org><BR>Subject: Re: LDAP-FreeRadius-Cisco Switch-802.1x Fails.<BR>Message-ID:<BR><CAG1y0scEv7ZrF9OkB5-FKEyJuKOiGW=mmAUQNjt=5AS6j4OnHw@mail.gmail.com><BR>Content-Type: text/plain; charset=ISO-8859-1<BR><BR>On Fri, Apr 20, 2012 at 2:09 PM, Wassim Zaarour<BR><wassim.zaarour@navlink.com> wrote:<BR>> Hi Alan,<BR>><BR>> I went through the archives and did some changes but still getting the<BR>> error, appreciate of you can help me a bit here.<BR>><BR>> I think I read that the ldap request must be proxied to the inner tunnel for<BR>> it work, is that true? How can we do that?<BR><BR>Short version: you won't be able to get PEAP-MSCHAPv2 (i.e. what<BR>windows use) to work with your LDAP. Period.<BR><BR>Long version:<BR>MSCHAPv2 (which also means PEAP-MSCHAPv2) needs either:<BR>- Cleartext-Password or NT-Hash available (in LDAP, sql, users file<BR>whatever), OR<BR>- an active directory<BR><BR>If you don't have either, then it won't work.<BR><BR>-- <BR>Fajar<BR><BR><BR>------------------------------<BR><BR>Message: 6<BR>Date: Fri, 20 Apr 2012 10:22:30 +0300<BR>From: Wassim Zaarour <wassim.zaarour@navlink.com><BR>To: FreeRadius users mailing list<BR><freeradius-users@lists.freeradius.org><BR>Subject: Re: LDAP-FreeRadius-Cisco Switch-802.1x Fails.<BR>Message-ID: <CBB6E904.ED05%wassim.zaarour@navlink.com><BR>Content-Type: text/plain; CHARSET=US-ASCII<BR><BR><BR><BR><BR><BR>On 4/20/12 10:15 AM, "Fajar A. Nugraha" <list@fajar.net> wrote:<BR><BR>>On Fri, Apr 20, 2012 at 2:09 PM, Wassim Zaarour<BR>><wassim.zaarour@navlink.com> wrote:<BR>>> Hi Alan,<BR>>><BR>>> I went through the archives and did some changes but still getting the<BR>>> error, appreciate of you can help me a bit here.<BR>>><BR>>> I think I read that the ldap request must be proxied to the inner<BR>>>tunnel for<BR>>> it work, is that true? How can we do that?<BR>><BR>>Short version: you won't be able to get PEAP-MSCHAPv2 (i.e. what<BR>>windows use) to work with your LDAP. Period.<BR>><BR>>Long version:<BR>>MSCHAPv2 (which also means PEAP-MSCHAPv2) needs either:<BR>>- Cleartext-Password or NT-Hash available (in LDAP, sql, users file<BR>>whatever), OR<BR>>- an active directory<BR>><BR>>If you don't have either, then it won't work.<BR><BR>Hi Farja,<BR><BR>Passwords are stored as clear text in my LDAP, that should make MSCHAPv2<BR>work right?<BR><BR>Wassim<BR><BR><BR><BR><BR>------------------------------<BR><BR>Message: 7<BR>Date: Fri, 20 Apr 2012 14:30:42 +0700<BR>From: "Fajar A. Nugraha" <list@fajar.net><BR>To: FreeRadius users mailing list<BR><freeradius-users@lists.freeradius.org><BR>Subject: Re: LDAP-FreeRadius-Cisco Switch-802.1x Fails.<BR>Message-ID:<BR><CAG1y0sch+7s+r9+G5Gp5oxhca6wAjbek=j9L6_4gqDWU_sEztg@mail.gmail.com><BR>Content-Type: text/plain; charset=ISO-8859-1<BR><BR>On Fri, Apr 20, 2012 at 2:22 PM, Wassim Zaarour<BR><wassim.zaarour@navlink.com> wrote:<BR><BR>> On 4/20/12 10:15 AM, "Fajar A. Nugraha" <list@fajar.net> wrote:<BR><BR>>>Long version:<BR>>>MSCHAPv2 (which also means PEAP-MSCHAPv2) needs either:<BR>>>- Cleartext-Password or NT-Hash available (in LDAP, sql, users file<BR>>>whatever), OR<BR>>>- an active directory<BR>>><BR>>>If you don't have either, then it won't work.<BR>><BR>> Hi Farja,<BR>><BR>> Passwords are stored as clear text in my LDAP, that should make MSCHAPv2<BR>> work right?<BR><BR>Yes, if FR can find them. This part of the log says it can't:<BR><BR>[ldap] performing search in o=navbey.com, dc=navbey,dc=com, with filter<BR>(uid=pk)<BR>[ldap] looking for check items in directory...<BR>[ldap] looking for reply items in directory...<BR>WARNING: No "known good" password was found in LDAP. Are you sure that<BR>the user is configured correctly?<BR><BR>You might need to play around with the user used to login to LDAP, as<BR>some systems only give out passwords to admin accounts. Testing manual<BR>LDAP lookup using command line tool (e.g. ldapsearch) helps. If you<BR>CAN get your ldap server to return cleartext password with ldapsearch,<BR>then you should be able to configure FR to get that as well.<BR><BR>-- <BR>Fajar<BR><BR><BR>------------------------------<BR><BR>-<BR>List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html<BR><BR>End of Freeradius-Users Digest, Vol 84, Issue 63<BR>************************************************<BR></DIV></includetail></DIV>