openssl support

Cesar Ortega cesar8489 at hotmail.com
Wed Mar 17 21:09:55 CET 2010


Hi omegabk,

Yes, I already known that. However,  for some reason FreeRadius doesn't recognized that OpenSSL is already installed on my system. During the compilation there wasn't any WARNING about OpenSSL. In the other hand, I just want to do transparent authentications  of the user (it does not matter if it used clear text passwords) with my AD using a wireless LAN. As Alan Dekov said in his How To, I am using ntlm_auth module so when I wrote in eap.conf

        eap {
                default_eap_type = gtc
                ...

with my wireless client (Nokia N900) configured like taht:

EAP Type : PEAP
EAP Method: EAP GTC (other possibility is EAP MSCHAPv2) # I am not using certifies at all
Username: ortegaca

In the FreeRadius console I see:

Listening on authentication address * port 1645
Listening on accounting address * port 1646
Listening on command file /usr/local/var/run/radiusd/radiusd.sock
Listening on proxy address * port 1647
Ready to process requests.
rad_recv: Access-Request packet from host 129.90.13.170 port 1645, id=223, length=192
    User-Name = "h59bfGBUMZsw4BwQZ3Pz/Q=="
    Framed-MTU = 1400
    Called-Station-Id = "0015.62c8.75d0"
    Calling-Station-Id = "a87b.3995.468a"
    Cisco-AVPair = "ssid=radiusd"
    Service-Type = Login-User
    Message-Authenticator = 0x125b506b554d05dcf0cd7eace1e4b8a1
    EAP-Message = 0x0202001d0168353962664742554d5a7377344277515a33507a2f513d3d
    NAS-Port-Type = Wireless-802.11
    Cisco-NAS-Port = "682"
    NAS-Port = 682
    NAS-IP-Address = 129.90.13.170
    NAS-Identifier = "ap"
+- entering group authorize {...}
[ntlm_auth]     expand: --username=%{mschap:User-Name} -> --username=h59bfGBUMZsw4BwQZ3Pz/Q==
[ntlm_auth]     expand: --password=%{User-Password} -> --password=
Exec-Program output: NT_STATUS_NO_SUCH_USER: No such user (0xc0000064) 
Exec-Program-Wait: plaintext: NT_STATUS_NO_SUCH_USER: No such user (0xc0000064) 
Exec-Program: returned: 1
++[ntlm_auth] returns reject
Using Post-Auth-Type Reject
+- entering group REJECT {...}
[attr_filter.access_reject]     expand: %{User-Name} -> h59bfGBUMZsw4BwQZ3Pz/Q==
 attr_filter: Matched entry DEFAULT at line 11
++[attr_filter.access_reject] returns updated
Delaying reject of request 0 for 1 seconds
Going to the next request
Waking up in 0.9 seconds.
Sending delayed reject for request 0
Sending Access-Reject of id 223 to 129.90.13.170 port 1645
Waking up in 4.9 seconds.

Why my username is encrypted or something like that? I don't get it... I just need authenticate a AD user using clear-text password

Cesar
Date: Wed, 17 Mar 2010 14:03:57 +0100
Subject: Re: openssl support
From: omegabk at gmail.com
To: freeradius-users at lists.freeradius.org

hi,

You need to have the openssl development
packages installed. When you run configure please make sure you check for warnings, if configure
doesn't find required libraries and headers it will emit a warning
message, but will proceed (just disabling the feature).
i fixed it doing like this

bye



2010/3/17 Cesar Ortega <cesar8489 at hotmail.com>






Hi there guys,

Look, I have been configuring FreeRadius (2.1.8) with OpenSSL (0.9.8m)
to use ntlm_auth but it did not work at all. I installed libssl-dev (as
Alan Dekok has said before) but it stills telling me:


Ignoring EAP-Type/tls because we do not have OpenSSL support.
Ignoring EAP-Type/ttls because we do not have OpenSSL support.
Ignoring EAP-Type/peap because we do not have OpenSSL support.

Recompiling FreeRadius does not work either. I tried installing from the

sources and repositories but I could not solved the issue.

Any suggestion? 

Help please...

Cesar


 		 	   		  
Connect to the next generation of MSN Messenger   Get it now! 


-

List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

 		 	   		  
_________________________________________________________________
Connect to the next generation of MSN Messenger 
http://imagine-msn.com/messenger/launch80/default.aspx?locale=en-us&source=wlmailtagline
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20100317/881a2259/attachment.html>


More information about the Freeradius-Users mailing list