On May 7, 2015, at 3:17 AM, sridharww@yahoo.co.in wrote:
I am using Free Radius version of 1.1.7-r0.0.2
Wow... upgrade to a version released in the last 8 years.
When i searched for windows version, i could only get http://freeradius.net/Downloads.html site where 1.1.7 is the pointer for it. No other binaries are shown here. So I have taken the version of linux (version 3) and installed in REDHAT box. faced following problem with openssl https://www.openssl.org/news/secadv_20140407.txt Even i have upgraded openssl in my box to 1.0.2g and did configure , make and make install of radius tool but still it throws the same error. openssl downloaded from : http://www.linuxfromscratch.org/blfs/view/svn/postlfs/openssl.html I edited security.allow_vulnerable_openssl = 'CVE-2014-0160' or security.allow_vulnerable_openssl = no or security.allow_vulnerable_openssl = yes or allow_vulnerable_openssl = yes or allow_vulnerable_openssl = no or allow_vulnerable_openssl = 'CVE-2014-0160' followed by again configure, make , make install. but still its not working. following is seen when trying to start up the server. security { max_attributes = 200 reject_delay = 1.000000 status_server = yes allow_vulnerable_openssl = "no" Debugger not attachedRefusing to start with libssl version OpenSSL 1.0.1e-fips 11 Feb 2013 0x1000105f (1.0.1e release) (in range 1.0.1 dev - 1.0.1f release)Security advisory CVE-2014-0160 (Heartbleed)For more information see http://heartbleed.comOnce you have verified libssl has been correctly patched, set security.allow_vulnerable_openssl = 'CVE-2014-0160' I think some more things needs to be done to overcome this problem.
I have an software where i will provide my RADIUS server details i.e. IP address, port to communicate, protocol (in my case i either use CHAP or PAP) So when i am trying to login to the software i will provide username and password which will be parsed to the Freeradius installed server which will check in radius server database (users.conf) file. Based on the permission i have provided it allows me to login to my software and if the user is missing in that conf file then it will deny my access Now, i need to provide second level authentication i.e. secure ID token in addition to the username and password . FOr this i believe if i enable access-challenge in Free radius tool, then if any user login request comes in i.e. access-request packet then i expect Free radius should validate the request and if the user is present in radius tool then it challenge my software with access-challenge request .
Modern versions of FreeRADIUS include an rlm_securid module. You can use that.
I found a Freed radius along with my REDHAT OS which i have installed using yum command and its successful too. Now i can able to access my software with normal authentication but i need to add it more with secure ID + access challenge part. Can you guide me on this now. I am also surfing internet to find some guides / solutions to get it configured in Free radius tool.Below are the log outputs taken from radius server. RADIUS details:Authentication request: Fri May 8 13:49:21 2015 Packet-Type = Access-Request NAS-Port = 825766194 Attr-4 = 0x3132372e302e302e31 User-Name = "test" Reply for request:Fri May 8 13:49:21 2015Packet-Type = Access-Accept Name : freeradiusArch : x86_64Version : 2.1.12Release : 6.el6Size : 5.7 MRepo : installedFrom repo : rhel-x86_64-server-6 Can you guide me on the further steps to configure the access-challenge + secure ID part now. hope this version of linux shoud do the needful.
Alan DeKok. From: Alan DeKok <aland@deployingradius.com> To: sridharww@yahoo.co.in Sent: Thursday, 7 May 2015 7:13 PM Subject: Re: How to enable Access-challenge in Free radius On May 7, 2015, at 3:17 AM, sridharww@yahoo.co.in wrote:
I am using Free Radius version of 1.1.7-r0.0.2
Wow... upgrade to a version released in the last 8 years.
I have an software where i will provide my RADIUS server details i.e. IP address, port to communicate, protocol (in my case i either use CHAP or PAP)
So when i am trying to login to the software i will provide username and password which will be parsed to the Freeradius installed server which will check in radius server database (users.conf) file. Based on the permission i have provided it allows me to login to my software and if the user is missing in that conf file then it will deny my access
Now, i need to provide second level authentication i.e. secure ID token in addition to the username and password .
FOr this i believe if i enable access-challenge in Free radius tool, then if any user login request comes in i.e. access-request packet then i expect Free radius should validate the request and if the user is present in radius tool then it challenge my software with access-challenge request .
Modern versions of FreeRADIUS include an rlm_securid module. You can use that.
Alan DeKok.