Ehlo We are usign Cisco1200 AP for roaming, but AP needs to auth into radius. Because CISCO it must use LEAP. But it fails on this rlm_eap: EAP/leap rlm_eap: processing type leap rlm_eap_leap: No User-Password or NT-Password configured for this user rlm_eap: Handler failed in EAP/leap rlm_eap: Failed in EAP select modcall[authenticate]: module "eap" returns invalid for request 3 EAP with TLS and PEAP works well. LDAP user exists uid: AP-DATI userrPassword: cisco1234 sambaNTPassword: 3B298390489F668CA3C38047C7FE1266 sambaLMPassword: 8BE57A0FA91F460C19F10A933D4868DC How should I fix this? Regards,
Luis Daniel Lucio Quiroz <dlucio@okay.com.mx> wrote:
uid: AP-DATI userrPassword: cisco1234 sambaNTPassword: 3B298390489F668CA3C38047C7FE1266 sambaLMPassword: 8BE57A0FA91F460C19F10A933D4868DC
How should I fix this?
Add the following to ldap.attrmap: checkItem NT-Password sambaNTPassword Alan DeKok.
Hi, look in /etc/raddb for the ldapattr.map file. That file contains mappings from Radius attributes to the ones in LDAP. There are Reply- and Check Items. Just alter the file so that User-Password maps to userPassword or sambaNTPassword. Regards, Edvin Seferovic -----Original Message----- From: freeradius-users-bounces@lists.freeradius.org [mailto:freeradius-users-bounces@lists.freeradius.org] On Behalf Of Luis Daniel Lucio Quiroz Sent: Mittwoch, 01. Juni 2005 01:07 To: freeradius-users@lists.freeradius.org Subject: LEAP Ehlo We are usign Cisco1200 AP for roaming, but AP needs to auth into radius. Because CISCO it must use LEAP. But it fails on this rlm_eap: EAP/leap rlm_eap: processing type leap rlm_eap_leap: No User-Password or NT-Password configured for this user rlm_eap: Handler failed in EAP/leap rlm_eap: Failed in EAP select modcall[authenticate]: module "eap" returns invalid for request 3 EAP with TLS and PEAP works well. LDAP user exists uid: AP-DATI userrPassword: cisco1234 sambaNTPassword: 3B298390489F668CA3C38047C7FE1266 sambaLMPassword: 8BE57A0FA91F460C19F10A933D4868DC How should I fix this? Regards, - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Hi, I try to implement EAP/TLS for network users in company I work. Authentication is works only for one certificate. When I create a second certificate and concatenate with the first certificate using 'cat', both certificates does not work . The error it gives is shown below (error is in the last line), auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 37 rlm_eap: Request found, released from the list rlm_eap: EAP/tls rlm_eap: processing type tls rlm_eap_tls: Authenticate rlm_eap_tls: processing TLS rlm_eap_tls: Length Included eaptls_verify returned 11 (other): before/accept initialization TLS_accept: before/accept initialization rlm_eap_tls: <<< TLS 1.0 Handshake [length 0041], ClientHello TLS_accept: SSLv3 read client hello A rlm_eap_tls: >>> TLS 1.0 Handshake [length 004a], ServerHello TLS_accept: SSLv3 write server hello A rlm_eap_tls: >>> TLS 1.0 Handshake [length 0274], Certificate TLS_accept: SSLv3 write certificate A rlm_eap_tls: >>> TLS 1.0 Handshake [length 0078], CertificateRequest TLS_accept: SSLv3 write certificate request A TLS_accept: SSLv3 flush data TLS_accept:error in SSLv3 read client certificate A I hope somebody from the list can help me. Thanks.
"Jefri bin Dahari" <jeff@mimos.my> wrote:
I try to implement EAP/TLS for network users in company I work. Authentication is works only for one certificate. When I create a second certificate and concatenate with the first certificate using 'cat', both certificates does not work . The error it gives is shown below (error is in the last line),
The server supports only one server certificate. To use more than one, you would have to edit the source code to choose which certificate to use, rather than "cat"ing them together. Alan DeKok.
Thanks Alan for the feedback. If you or somebody from this list can give me a lead or link on how to edit the source code to have multiple certificate, I would highly appreciate. Thanks. ----- Original Message ----- From: "Alan DeKok" <aland@ox.org>ce To: "FreeRadius users mailing list" <freeradius-users@lists.freeradius.org> Sent: Thursday, June 02, 2005 01:17 Subject: Re: Cannot create more than one certificate
"Jefri bin Dahari" <jeff@mimos.my> wrote:
I try to implement EAP/TLS for network users in company I work. Authentication is works only for one certificate. When I create a second certificate and concatenate with the first certificate using 'cat', both certificates does not work . The error it gives is shown below (error is in the last line),
The server supports only one server certificate. To use more than one, you would have to edit the source code to choose which certificate to use, rather than "cat"ing them together.
Alan DeKok.
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
"Jefri bin Dahari" <jeff@mimos.my> wrote:
Thanks Alan for the feedback. If you or somebody from this list can give me a lead or link on how to edit the source code to have multiple certificate, I would highly appreciate.
See src/modules/rlm_eap/types/rlm_eap_tls/* It loads a certificate when it starts, and uses that certificate in SSL connections. To add support for more certificates, I suggest adding a subsection to the configuration for that module, called "certificates". The contents should be other sub-sections, one for each certificate. They can all be loaded when the module initializes, and then one of them may be selected when the SSL connection is started. That may be a little vague, but I'm not an SSL expert, so the description above is as best I know how to do it. Alan DeKok.
participants (4)
-
Alan DeKok -
Jefri bin Dahari -
Luis Daniel Lucio Quiroz -
Seferovic Edvin