Freeradius-Users Digest, Vol 5, Issue 4

Aguirre Fernando fernando.aguirre at gmail.com
Fri Sep 2 11:52:06 CEST 2005


hello, My question is very simple, how can I get in console mode with a 
debian, and install free radius?
THX

 2005/9/2, freeradius-users-request at lists.freeradius.org <
freeradius-users-request at lists.freeradius.org>: 
> 
> Send Freeradius-Users mailing list submissions to
> freeradius-users at lists.freeradius.org
> 
> To subscribe or unsubscribe via the World Wide Web, visit
> http://lists.freeradius.org/mailman/listinfo/freeradius-users
> or, via email, send a message with subject or body 'help' to
> freeradius-users-request at lists.freeradius.org
> 
> You can reach the person managing the list at
> freeradius-users-owner at lists.freeradius.org
> 
> When replying, please edit your Subject line so it is more specific
> than "Re: Contents of Freeradius-Users digest..."
> 
> 
> Today's Topics:
> 
> 1. Re: CHAP/MS-CHAP/MS-CHAPv2 + LDAP problem (Alan DeKok)
> 2. Re: CHAP/MS-CHAP/MS-CHAPv2 + LDAP problem (Tiago Fernandes)
> 3. rlm_perl support for pre/post-proxy in next release? (Thor Spruyt)
> 4. RE: Windows Client Authentification bevore Domain logon
> (J?r?my Cluzel)
> 5. Removing prefix and suffix from User-Name (J?r?my Cluzel)
> 6. RE: Removing prefix and suffix from User-Name (Seferovic Edvin)
> 7. RE: 4400 switch configuration and auth_module_radius.so
> problem (Luis Antonio Chavez Puebla)
> 
> 
> ----------------------------------------------------------------------
> 
> Message: 1
> Date: Thu, 01 Sep 2005 17:06:30 -0400
> From: "Alan DeKok" <aland at ox.org>
> Subject: Re: CHAP/MS-CHAP/MS-CHAPv2 + LDAP problem
> To: FreeRadius users mailing list
> <freeradius-users at lists.freeradius.org>
> Message-ID: <20050901210630.5E05316FAB at mail.nitros9.org>
> 
> Vilius =?utf-8?b?xaB1bXNrYXM=?= <vilius at lnk.lt> wrote:
> > But Radius can't autenticate to LDAP as there is no User-Password
> > attribute in the packet. (rlm_ldap: Attribute "User-Password" is
> > required for authentication).
> 
> Use LDAP as a database, not as an authentication server.
> 
> See many, many, posts on this topic to this list.
> 
> > Is there a way to do this authentification and NOT turning MS-CHAP
> > protocol in VPN box? Are there some kind of preauth hooks in Radius?
> 
> Have FreeRADIUS get the password from LDAP, and let FreeRADIUS do
> the authentication.
> 
> Alan DeKok.
> 
> 
> ------------------------------
> 
> Message: 2
> Date: Thu, 01 Sep 2005 22:16:11 +0100
> From: Tiago Fernandes <l13614 at alunos.uevora.pt>
> Subject: Re: CHAP/MS-CHAP/MS-CHAPv2 + LDAP problem
> To: FreeRadius users mailing list
> <freeradius-users at lists.freeradius.org>
> Message-ID: <1125609371.3607.7.camel at pyka.crinnet.net>
> Content-Type: text/plain; charset="iso-8859-15"
> 
> On Thu, 2005-09-01 at 12:32 +0300, Vilius ¦umskas wrote:
> > Hello,
> >
> > I'm having trouble authenticating from VPN box through Radius server to 
> LDAP.
> > My VPN uses MS-CHAP challenge/response system for authentification.
> > Packet that comes from VPN to Radius server looks like this:
> >
> > User-Name = "admin"
> > MS-CHAP-Challenge = 0x45bc0700dd22f6795f77bbe0d986328c
> > MS-CHAP2-Response =
> > 
> 0x0100313396a8ea58cd1155c817c50a00715b0000000000000000b03e5340a5ae3c2ac4e
> > 9408d57eae02fcfdbffab3f983a1b
> > NAS-Port = 0
> > NAS-Port-Type = Virtual
> > Service-Type = Framed-User
> > Framed-Protocol = PPP
> > Framed-IP-Address = 10.1.1.202 <http://10.1.1.202>
> >
> > But Radius can't autenticate to LDAP as there is no User-Password
> > attribute in the packet. (rlm_ldap: Attribute "User-Password" is
> > required for authentication).
> >
> 
> insert the NT-Password (ntPassword) attribute into ldap user. this
> attibute is field with a NT hash value
> 
> example:
> password: test
> NT Hash: 0CB6948805F797BF2A82807973B89537
> 
> > Is there a way to do this authentification and NOT turning MS-CHAP
> > protocol in VPN box? Are there some kind of preauth hooks in Radius?
> >
> > I'm using freeradius-1.0.1-1.1.RHEL3 with openldap-2.0.27-17 and
> > Netware 6.0 Directory Services.
> >
> >
> > P.S. I tried to turn MS-CHAP protocol and it works great with PAP or
> > plain-text passwords. So everything is configured to work well with
> > LDAP.
> >
> -------------- next part --------------
> A non-text attachment was scrubbed...
> Name: not available
> Type: application/pgp-signature
> Size: 189 bytes
> Desc: This is a digitally signed message part
> Url : 
> https://list.xs4all.nl/pipermail/freeradius-users/attachments/20050901/56012aa5/attachment-0001.bin
> 
> ------------------------------
> 
> Message: 3
> Date: Fri, 2 Sep 2005 01:16:31 +0200
> From: "Thor Spruyt" <thor.spruyt at telenet.be>
> Subject: rlm_perl support for pre/post-proxy in next release?
> To: "FreeRadius Users" <freeradius-users at lists.freeradius.org>
> Message-ID: <001501c5af4b$301b7140$8e5ce0d5 at prod.telenet.be>
> Content-Type: text/plain; charset="iso-8859-1"
> 
> Hi,
> 
> I'm wondering if rlm_perl will support pre/post-proxy functions in the 
> next
> release?
> 
> Also, is there any chance to get bug 275 into next release?
> http://bugs.freeradius.org/show_bug.cgi?id=275
> Or does it have to be discussed further on the list?
> 
> --
> Groeten, Regards, Salutations,
> 
> Thor Spruyt
> M: +32 (0)475 67 22 65
> E: thor.spruyt at telenet.be
> W: www.thor-spruyt.com <http://www.thor-spruyt.com>
> 
> www.salesguide.be <http://www.salesguide.be>
> www.telenethotspot.be <http://www.telenethotspot.be>
> 
> 
> 
> ------------------------------
> 
> Message: 4
> Date: Fri, 02 Sep 2005 01:36:30 +0200
> From: J?r?my Cluzel <j.cluzel at online.fr>
> Subject: RE: Windows Client Authentification bevore Domain logon
> To: freeradius-users at lists.freeradius.org
> Message-ID: <4317907E.8070305 at online.fr>
> Content-Type: text/plain; charset="iso-8859-1"
> 
> Hi Guy,
> 
> Do you know working supplicants with a GINA module ? aegis ? secureW2 ?
> 
> Regards,
> 
> Jeremy
> 
> freeradius-users-request at lists.freeradius.org a écrit :
> 
> >Date: Thu, 1 Sep 2005 17:10:14 +0100
> >From: "Guy Davies" <Guy.Davies at telindus.co.uk>
> >Subject: RE: Windows Client Authentification bevore Domain logon
> >To: "FreeRadius users mailing list"
> > <freeradius-users at lists.freeradius.org>
> >Message-ID:
> > <A00F4E8D8C7E8847A8ABFFE22F48033701B3692A at tuk1mx1.telindus.intra>
> >Content-Type: text/plain; charset="iso-8859-1"
> >
> >Hi Marc,
> >
> >The only way to do this with the supplicant included with XP is to use 
> machine auth. This must use the same method used by the individual (i.e. 
> EAP-TLS or PEAP/MS-CHAPv2).
> >
> >There is a checkbox that says something like "Use machine credentials if 
> available". Check that and the machine will authenticate before the user. 
> Once the user authenticates, the machine auth is killed and the user's auth 
> is used. This requires that the machine has either a PEAP/MS-CHAPv2 
> username/password or an EAP-TLS certificate. These are stored in AD so you 
> have to backoff your request to AD. If you want to do that for 
> PEAP/MS-CHAPv2, you'll need NTLM access to the AD server, LDAP won't do 
> because it can't get the cleartext password (unless it is replicated to a 
> non-standard attribute).
> >
> >A better method, in my experience, is to use a supplicant with a GINA 
> module. That stops the windows login process immediately after the user has 
> entered the credentials, takes the user's credentials and uses them to login 
> to the network, then it returns control to the windows login process. This 
> doesn't require any authentication of the machine.
> >
> >Regards,
> >
> >Guy
> >
> >
> >
> >>-----Original Message-----
> >>From: freeradius-users-bounces at lists.freeradius.org
> >>[mailto:freeradius-users-bounces at lists.freeradius.org] On
> >>Behalf Of Marc-Henri Boisis-delavaud
> >>Sent: 01 September 2005 15:19
> >>To: FreeRadius users mailing list
> >>Subject: Re: Windows Client Authentification bevore Domain logon
> >>
> >>
> >>
> >>Le 31 août 05 à 18:53, Alan DeKok a écrit :
> >>
> >>
> >>
> >>>=?ISO-8859-1?Q?J=E9r=E9my_Cluzel?= <j.cluzel at online.fr> wrote:
> >>>
> >>>
> >>>
> >>>>Sorry, but I didn't find any references of this OID in the
> >>>>creation scripts in the "scripts" directory (Ca.all, CA.certs...).
> >>>>The only OID added seem to be 1.3.6.1.5.5.7.3.1 and
> >>>>1.3.6.1.5.5.7.3.2 (in "xpextensions").
> >>>>Is there any way to do this without patching openssl (like
> >>>>explained there
> >>>>
> >>>>
> >>http://lists.cistron.nl/pipermail/freeradius-users/
> >>
> >>
> >>>>2004-July/034141.html) ?
> >>>>
> >>>>
> >>>>
> >>> You can use that OID just like the other ones.
> >>>
> >>> Alan DeKok.
> >>>-
> >>>List info/subscribe/unsubscribe? See
> >>>
> >>>
> >>http://www.freeradius.org/list/
> >>
> >>
> >>>users.html
> >>>
> >>>
> >>>
> >>Can you explain how we can activate 802.1x authentification before
> >>logon on xp. And what are the prerequisites ?
> >>Marc
> >>
> >>
> >>
> >>-
> >>List info/subscribe/unsubscribe? See
> >>http://www.freeradius.org/list/users.html
> >>
> >>
> >>
> >
> >This e-mail is private and may be confidential and is for the intended 
> recipient only. If misdirected, please notify us by telephone and confirm 
> that it has been deleted from your system and any copies destroyed. If you 
> are not the intended recipient you are strictly prohibited from using, 
> printing, copying, distributing or disseminating this e-mail or any 
> information contained in it. We use reasonable endeavours to virus scan all 
> e-mails leaving the Company but no warranty is given that this e-mail and 
> any attachments are virus free. You should undertake your own virus 
> checking. The right to monitor e-mail communications through our network is 
> reserved by us.
> >
> -------------- next part --------------
> An HTML attachment was scrubbed...
> URL: 
> https://list.xs4all.nl/pipermail/freeradius-users/attachments/20050902/f1c59f12/attachment-0001.html
> 
> ------------------------------
> 
> Message: 5
> Date: Fri, 02 Sep 2005 02:04:38 +0200
> From: J?r?my Cluzel <j.cluzel at online.fr>
> Subject: Removing prefix and suffix from User-Name
> To: freeradius-users at lists.freeradius.org
> Message-ID: <43179716.4010705 at online.fr>
> Content-Type: text/plain; charset=ISO-8859-1; format=flowed
> 
> Hi,
> 
> I want to convert the User-Name recieved:
> "\host\login.server.domain.com" to "username".
> What's the best way to do this ?
> 
> - using preprocess module and "hints" file:
> DEFAULT Prefix == "/host", Strip-User-Name = Yes
> DEFAULT Suffix == ".server.domain.com", Strip-User-Name = Yes
> 
> - using "proxy.conf" file:
> realm server.domain.com <http://server.domain.com> {
> type = radius
> authhost = LOCAL
> accthost = LOCAL
> }
> 
> - using realm module:
> realm test {
> format = suffix
> delimiter = "."
> ignore_default = no
> ignore_null = no
> }
> 
> - using attr_rewrite module:
> attr_rewrite saneUserName {
> attribute = User-Name
> searchin = packet
> searchfor = "^(+.).server.domain.com"
> replacewith = "%{1}"
> ignore_case = yes
> new_attribute = no
> max_matches = 1
> append = no
> }
> 
> - or using preprocess module and "hints" file:
> DEFAULT Prefix == "/host", Strip-User-Name = Yes
> DEFAULT Suffix == ".server.domain.com", Strip-User-Name = Yes
> 
> Regards,
> 
> Jeremy
> 
> 
> ------------------------------
> 
> Message: 6
> Date: Fri, 2 Sep 2005 02:33:23 +0200
> From: "Seferovic Edvin" <edvin.seferovic at kolp.at>
> Subject: RE: Removing prefix and suffix from User-Name
> To: "'FreeRadius users mailing list'"
> <freeradius-users at lists.freeradius.org>
> Message-ID: <200509020033.j820XT5E030618 at mxdrop12.xs4all.nl>
> Content-Type: text/plain; charset="iso-8859-2"
> 
> Hi,
> 
> is this a typo ?
> 
> "\host\login.server.domain.com" to "username" <<< backslash
> 
> DEFAULT Prefix == "/host", Strip-User-Name = Yes <<< slash?
> 
> Regards,
> 
> Edvin Seferovic
> 
> -----Original Message-----
> From: freeradius-users-bounces at lists.freeradius.org
> [mailto:freeradius-users-bounces at lists.freeradius.org] On Behalf Of Jérémy
> Cluzel
> Sent: Freitag, 02. September 2005 02:05
> To: freeradius-users at lists.freeradius.org
> Subject: Removing prefix and suffix from User-Name
> 
> Hi,
> 
> I want to convert the User-Name recieved:
> "\host\login.server.domain.com" to "username".
> What's the best way to do this ?
> 
> - using preprocess module and "hints" file:
> DEFAULT Prefix == "/host", Strip-User-Name = Yes
> DEFAULT Suffix == ".server.domain.com", Strip-User-Name = Yes
> 
> - using "proxy.conf" file:
> realm server.domain.com <http://server.domain.com> {
> type = radius
> authhost = LOCAL
> accthost = LOCAL
> }
> 
> - using realm module:
> realm test {
> format = suffix
> delimiter = "."
> ignore_default = no
> ignore_null = no
> }
> 
> - using attr_rewrite module:
> attr_rewrite saneUserName {
> attribute = User-Name
> searchin = packet
> searchfor = "^(+.).server.domain.com"
> replacewith = "%{1}"
> ignore_case = yes
> new_attribute = no
> max_matches = 1
> append = no
> }
> 
> - or using preprocess module and "hints" file:
> DEFAULT Prefix == "/host", Strip-User-Name = Yes
> DEFAULT Suffix == ".server.domain.com", Strip-User-Name = Yes
> 
> Regards,
> 
> Jeremy
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
> 
> 
> 
> 
> ------------------------------
> 
> Message: 7
> Date: Thu, 1 Sep 2005 20:45:23 -0500
> From: "Luis Antonio Chavez Puebla" <lchavez at technidata.com.mx>
> Subject: RE: 4400 switch configuration and auth_module_radius.so
> problem
> To: "Luis Antonio Chavez Puebla" <lchavez at mpsnet.com.mx>,
> <freeradius-users at lists.freeradius.org>
> Message-ID: <FKEMLLAJBBAPCHLHBBEBGEFECHAA.lchavez at technidata.com.mx>
> Content-Type: text/plain; charset="us-ascii"
> 
> 
> 
> -----Original Message-----
> From: Luis Antonio Chavez Puebla [mailto:lchavez at mpsnet.com.mx]
> Sent: Jueves, 01 de Septiembre de 2005 08:26 p.m.
> To: freeradius-users at lists.freeradius.org
> Subject: 4400 switch configuration and auth_module_radius.so problem
> 
> 
> hi
> i have a 4400 switch whit free radius
> and i need use mod_auth_radius
> but i can?t install this module on apache server 1.3.22
> 
> can you help me??
> 
> 
> ------------------------------
> 
> -
> List info/subscribe/unsubscribe? See 
> http://www.freeradius.org/list/users.html
> 
> 
> End of Freeradius-Users Digest, Vol 5, Issue 4
> **********************************************
> 



-- 
www.gusanete.com <http://www.gusanete.com>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20050902/9e4deaaa/attachment.html>


More information about the Freeradius-Users mailing list