Hi there guys, Look, I have been configuring FreeRadius (2.1.8) with OpenSSL (0.9.8m) to use ntlm_auth but it did not work at all. I installed libssl-dev (as Alan Dekok has said before) but it stills telling me: Ignoring EAP-Type/tls because we do not have OpenSSL support. Ignoring EAP-Type/ttls because we do not have OpenSSL support. Ignoring EAP-Type/peap because we do not have OpenSSL support. Recompiling FreeRadius does not work either. I tried installing from the sources and repositories but I could not solved the issue. Any suggestion? Help please... Cesar _________________________________________________________________ Connect to the next generation of MSN Messenger http://imagine-msn.com/messenger/launch80/default.aspx?locale=en-us&source=w...
hi, You need to have the openssl development packages installed. When you run configure please make sure you check for warnings, if configure doesn't find required libraries and headers it will emit a warning message, but will proceed (just disabling the feature). i fixed it doing like this bye 2010/3/17 Cesar Ortega <cesar8489@hotmail.com>
Hi there guys,
Look, I have been configuring FreeRadius (2.1.8) with OpenSSL (0.9.8m) to use ntlm_auth but it did not work at all. I installed libssl-dev (as Alan Dekok has said before) but it stills telling me:
Ignoring EAP-Type/tls because we do not have OpenSSL support. Ignoring EAP-Type/ttls because we do not have OpenSSL support. Ignoring EAP-Type/peap because we do not have OpenSSL support.
Recompiling FreeRadius does not work either. I tried installing from the sources and repositories but I could not solved the issue.
Any suggestion?
Help please...
Cesar ------------------------------ Connect to the next generation of MSN Messenger Get it now! <http://imagine-msn.com/messenger/launch80/default.aspx?locale=en-us&source=wlmailtagline>
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Hi omegabk, Yes, I already known that. However, for some reason FreeRadius doesn't recognized that OpenSSL is already installed on my system. During the compilation there wasn't any WARNING about OpenSSL. In the other hand, I just want to do transparent authentications of the user (it does not matter if it used clear text passwords) with my AD using a wireless LAN. As Alan Dekov said in his How To, I am using ntlm_auth module so when I wrote in eap.conf eap { default_eap_type = gtc ... with my wireless client (Nokia N900) configured like taht: EAP Type : PEAP EAP Method: EAP GTC (other possibility is EAP MSCHAPv2) # I am not using certifies at all Username: ortegaca In the FreeRadius console I see: Listening on authentication address * port 1645 Listening on accounting address * port 1646 Listening on command file /usr/local/var/run/radiusd/radiusd.sock Listening on proxy address * port 1647 Ready to process requests. rad_recv: Access-Request packet from host 129.90.13.170 port 1645, id=223, length=192 User-Name = "h59bfGBUMZsw4BwQZ3Pz/Q==" Framed-MTU = 1400 Called-Station-Id = "0015.62c8.75d0" Calling-Station-Id = "a87b.3995.468a" Cisco-AVPair = "ssid=radiusd" Service-Type = Login-User Message-Authenticator = 0x125b506b554d05dcf0cd7eace1e4b8a1 EAP-Message = 0x0202001d0168353962664742554d5a7377344277515a33507a2f513d3d NAS-Port-Type = Wireless-802.11 Cisco-NAS-Port = "682" NAS-Port = 682 NAS-IP-Address = 129.90.13.170 NAS-Identifier = "ap" +- entering group authorize {...} [ntlm_auth] expand: --username=%{mschap:User-Name} -> --username=h59bfGBUMZsw4BwQZ3Pz/Q== [ntlm_auth] expand: --password=%{User-Password} -> --password= Exec-Program output: NT_STATUS_NO_SUCH_USER: No such user (0xc0000064) Exec-Program-Wait: plaintext: NT_STATUS_NO_SUCH_USER: No such user (0xc0000064) Exec-Program: returned: 1 ++[ntlm_auth] returns reject Using Post-Auth-Type Reject +- entering group REJECT {...} [attr_filter.access_reject] expand: %{User-Name} -> h59bfGBUMZsw4BwQZ3Pz/Q== attr_filter: Matched entry DEFAULT at line 11 ++[attr_filter.access_reject] returns updated Delaying reject of request 0 for 1 seconds Going to the next request Waking up in 0.9 seconds. Sending delayed reject for request 0 Sending Access-Reject of id 223 to 129.90.13.170 port 1645 Waking up in 4.9 seconds. Why my username is encrypted or something like that? I don't get it... I just need authenticate a AD user using clear-text password Cesar Date: Wed, 17 Mar 2010 14:03:57 +0100 Subject: Re: openssl support From: omegabk@gmail.com To: freeradius-users@lists.freeradius.org hi, You need to have the openssl development packages installed. When you run configure please make sure you check for warnings, if configure doesn't find required libraries and headers it will emit a warning message, but will proceed (just disabling the feature). i fixed it doing like this bye 2010/3/17 Cesar Ortega <cesar8489@hotmail.com> Hi there guys, Look, I have been configuring FreeRadius (2.1.8) with OpenSSL (0.9.8m) to use ntlm_auth but it did not work at all. I installed libssl-dev (as Alan Dekok has said before) but it stills telling me: Ignoring EAP-Type/tls because we do not have OpenSSL support. Ignoring EAP-Type/ttls because we do not have OpenSSL support. Ignoring EAP-Type/peap because we do not have OpenSSL support. Recompiling FreeRadius does not work either. I tried installing from the sources and repositories but I could not solved the issue. Any suggestion? Help please... Cesar Connect to the next generation of MSN Messenger Get it now! - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html _________________________________________________________________ Connect to the next generation of MSN Messenger http://imagine-msn.com/messenger/launch80/default.aspx?locale=en-us&source=w...
Cesar Ortega wrote:
Yes, I already known that. However, for some reason FreeRadius doesn't recognized that OpenSSL is already installed on my system. During the compilation there wasn't any WARNING about OpenSSL.
Did you read the configure / compile stages for messages about openssl? It's not hard. There are a lot of messages, but a simple "grep" should limit that to messages related to OpenSSL. Then... read the 20-30 messages about OpenSSL to see what's happening there. To repeat: You need to *read* the messages produced on your system.
User-Name = "h59bfGBUMZsw4BwQZ3Pz/Q=="
...
Why my username is encrypted or something like that? I don't get it... I just need authenticate a AD user using clear-text password
Blame the client device. Nokia, whatever. It isn't a FreeRADIUS problem. Alan DeKok.
Thanks Alan, OK, I tried with a native Windows XP client but it asked me for a certify. Why does happened? In the other hand, FreeRadius console never received the packet from the Windows client as Nokia did. I only want to do a transparent authentication to my wireless network just using the username and password that the client send. I dont want to use PEAP for that reason (certifies), so I chose gtc as default_eap_type in eap.conf file eap { # Invoke the default supported EAP type when # EAP-Identity response is received. # # The incoming EAP messages DO NOT specify which EAP # type they will be using, so it MUST be set here. # # For now, only one default EAP type may be used at a time. # # If the EAP-Type attribute is set by another module, # then that EAP type takes precedence over the # default type configured here. # default_eap_type = gtc What is wrong? Cesar
Date: Wed, 17 Mar 2010 13:48:44 -0700 From: aland@deployingradius.com To: freeradius-users@lists.freeradius.org Subject: Re: openssl support
Cesar Ortega wrote:
Yes, I already known that. However, for some reason FreeRadius doesn't recognized that OpenSSL is already installed on my system. During the compilation there wasn't any WARNING about OpenSSL.
Did you read the configure / compile stages for messages about openssl? It's not hard. There are a lot of messages, but a simple "grep" should limit that to messages related to OpenSSL.
Then... read the 20-30 messages about OpenSSL to see what's happening there.
To repeat: You need to *read* the messages produced on your system.
User-Name = "h59bfGBUMZsw4BwQZ3Pz/Q=="
...
Why my username is encrypted or something like that? I don't get it... I just need authenticate a AD user using clear-text password
Blame the client device. Nokia, whatever. It isn't a FreeRADIUS problem.
Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
_________________________________________________________________ Invite your mail contacts to join your friends list with Windows Live Spaces. It's easy! http://spaces.live.com/spacesapi.aspx?wx_action=create&wx_url=/friends.aspx&...
Cesar Ortega wrote:
OK, I tried with a native Windows XP client but it asked me for a certify. Why does happened?
That's how EAP works. This is documented in FreeRADIUS and in Windows.
In the other hand, FreeRadius console never received the packet from the Windows client as Nokia did. I only want to do a transparent authentication to my wireless network just using the username and password that the client send.
Then you need to configure EAP. There are many howtos describing how to do this.
I dont want to use PEAP for that reason (certifies), so I chose gtc as default_eap_type in eap.conf file
You cannot use GTC for wireless authentication. You MUST use a certificate-based EAP method. This is documented in FreeRADIUS and in Windows. Alan DeKok.
hi, you have a bootstrap script in certs directory for a sample certification, it works. bye 2010/3/17 Alan DeKok <aland@deployingradius.com>
Cesar Ortega wrote:
OK, I tried with a native Windows XP client but it asked me for a certify. Why does happened?
That's how EAP works. This is documented in FreeRADIUS and in Windows.
In the other hand, FreeRadius console never received the packet from the Windows client as Nokia did. I only want to do a transparent authentication to my wireless network just using the username and password that the client send.
Then you need to configure EAP. There are many howtos describing how to do this.
I dont want to use PEAP for that reason (certifies), so I chose gtc as default_eap_type in eap.conf file
You cannot use GTC for wireless authentication. You MUST use a certificate-based EAP method.
This is documented in FreeRADIUS and in Windows.
Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
On 03/17/2010 04:09 PM, Cesar Ortega wrote:
Hi omegabk,
Yes, I already known that. However, for some reason FreeRadius doesn't recognized that OpenSSL is already installed on my system. During the compilation there wasn't any WARNING about OpenSSL.
The warning do not occur during compilation, they occur when you run configure. Once you've run configure you've fixed your compilation options. If you want to change your compilation options (e.g. because you *now* have the openssl development files installed) then you must re-run configure *before* you compile. -- John Dennis <jdennis@redhat.com> Looking to carve out IT costs? www.redhat.com/carveoutcosts/
participants (4)
-
Alan DeKok -
Cesar Ortega -
John Dennis -
omega bk