Re: Window domain (win server 2k3) ----- Free-Radius ----- NAS -------Access Point )))) ((((( STA
Dear All, I'm sorry I forgot attach file debug-info. Here is the debugging output: [root@localhost ~]# radiusd -x Starting - reading configuration files ... Using deprecated naslist file. Support for this will go away soon. Module: Loaded exec rlm_exec: Wait=yes but no output defined. Did you mean output=none? Module: Instantiated exec (exec) Module: Loaded expr Module: Instantiated expr (expr) Module: Instantiated exec (ntlm_auth) Module: Loaded PAP Module: Instantiated pap (pap) Module: Loaded CHAP Module: Instantiated chap (chap) Module: Loaded MS-CHAP Module: Instantiated mschap (mschap) Module: Loaded System Module: Instantiated unix (unix) Module: Loaded eap rlm_eap: Loaded and initialized type md5 rlm_eap: Loaded and initialized type leap rlm_eap: Loaded and initialized type gtc rlm_eap: Loaded and initialized type mschapv2 Module: Instantiated eap (eap) Module: Loaded preprocess Module: Instantiated preprocess (preprocess) Module: Loaded realm Module: Instantiated realm (suffix) Module: Loaded files Module: Instantiated files (files) Module: Loaded Acct-Unique-Session-Id Module: Instantiated acct_unique (acct_unique) Module: Loaded detail Module: Instantiated detail (detail) Module: Loaded radutmp Module: Instantiated radutmp (radutmp) Initializing the thread pool... Listening on authentication *:1812 Listening on accounting *:1813 Ready to process requests. rad_recv: Access-Request packet from host 192.168.200.100:32775, id=1, length=62 User-Name = "user" User-Password = "lab4man1" Message-Authenticator = 0x1631bbb58aed9a05ef6b72e282e28282 rad_recv: Access-Request packet from host 192.168.200.100:32775, id=1, length=62 Sending Access-Reject of id 1 to 192.168.200.100 port 32775 Can anybody help me on this behavior? Thanks. --- On Fri, 9/5/08, tnt@kalik.net <tnt@kalik.net> wrote: From: tnt@kalik.net <tnt@kalik.net> Subject: Re: Window domain (win server 2k3) ----- Free-Radius ----- NAS -------Access Point )))) ((((( STA To: freeradius-users@lists.freeradius.org Date: Friday, September 5, 2008, 1:18 PM
Can anybody please help me on this problem?
Not unless you post the debug. Ivan Kalik Kalik Informatika ISP - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Dear All, Finally i run freeradius 2.0.5 + mysql +wpa with peap mode by your helps i choose peap because in documents says peap doesnt need clint side ceritficate still i cant understand the certificate types i create it by /etc/raddb/certs make is there other way to build only server side certificates or other type mode like peap i dont want to give my custemers client certificates, i will use freeradius in a hotel like a hotspot, so they will need only user name and pass they will se my ssid and try to login by user name and password, they shouldnt change any configiration or install anythink else, this is my project ,how can i do it simply thanks everyone best regards. _________________________________________________________________ Windows Live Messenger'ın için Ücretsiz 30 İfadeyi yükle http://www.livemessenger-emoticons.com/funfamily/tr-tr/
Ahmet DÜLGAR wrote:
Finally i run freeradius 2.0.5 + mysql +wpa with peap mode by your helps i choose peap because in documents says peap doesnt need clint side ceritficate
Yes.
still i cant understand the certificate types i create it by /etc/raddb/certs make is there other way to build only server side certificates or other type mode like peap
Huh? The certificates created by the Makefile in raddb/certs can be used by the server. It produces a client certificate, but there's no requirement for you to use it.
i dont want to give my custemers client certificates,
Then don't.
i will use freeradius in a hotel like a hotspot, so they will need only user name and pass they will se my ssid and try to login by user name and password, they shouldnt change any configiration or install anythink else, this is my project ,how can i do it simply
Follow the instructions on my web site. Don't give the clients a certificate. It's that easy. Alan DeKok.
But please do give the client the radius-server-cerificate so it knows which server to authenticate with. If you don't use that certificate anybody can set up a (intermediate) radius-server and make you authenticate with that (without you knowing it). After that, all your data will flow though this malicious server and information could be stolen! gr, jelle 2008/9/6 Alan DeKok <aland@deployingradius.com>
Ahmet DÜLGAR wrote:
Finally i run freeradius 2.0.5 + mysql +wpa with peap mode by your helps i choose peap because in documents says peap doesnt need clint side ceritficate
Yes.
still i cant understand the certificate types i create it by /etc/raddb/certs make is there other way to build only server side certificates or other type mode like peap
Huh? The certificates created by the Makefile in raddb/certs can be used by the server. It produces a client certificate, but there's no requirement for you to use it.
i dont want to give my custemers client certificates,
Then don't.
i will use freeradius in a hotel like a hotspot, so they will need only user name and pass they will se my ssid and try to login by user name and password, they shouldnt change any configiration or install anythink else, this is my project ,how can i do it simply
Follow the instructions on my web site. Don't give the clients a certificate. It's that easy.
Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
No, not server certificate but CA certificate. Client uses CA certificate to validate server certificate end eliminate rogue servers. It is true that if "Validate server certificate" box isn't ticked credentials can end up on a rouge server. Ivan Kalik Kalik Informatika ISP Dana 7/9/2008, "Jelle Langbroek" <jml@orkz.net> piše:
But please do give the client the radius-server-cerificate so it knows which server to authenticate with. If you don't use that certificate anybody can set up a (intermediate) radius-server and make you authenticate with that (without you knowing it). After that, all your data will flow though this malicious server and information could be stolen!
gr, jelle
2008/9/6 Alan DeKok <aland@deployingradius.com>
Ahmet DÜLGAR wrote:
Finally i run freeradius 2.0.5 + mysql +wpa with peap mode by your helps i choose peap because in documents says peap doesnt need clint side ceritficate
Yes.
still i cant understand the certificate types i create it by /etc/raddb/certs make is there other way to build only server side certificates or other type mode like peap
Huh? The certificates created by the Makefile in raddb/certs can be used by the server. It produces a client certificate, but there's no requirement for you to use it.
i dont want to give my custemers client certificates,
Then don't.
i will use freeradius in a hotel like a hotspot, so they will need only user name and pass they will se my ssid and try to login by user name and password, they shouldnt change any configiration or install anythink else, this is my project ,how can i do it simply
Follow the instructions on my web site. Don't give the clients a certificate. It's that easy.
Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
participants (5)
-
Ahmet DÜLGAR -
Alan DeKok -
Jelle Langbroek -
Le Sang -
tnt@kalik.net