Nie jesteś zalogowany.
Jeśli nie posiadasz konta, zarejestruj je już teraz! Pozwoli Ci ono w pełni korzystać z naszego serwisu. Spamerom dziękujemy!
Ogłoszenie
Prosimy o pomoc dla małej Julki — przekaż 1% podatku na Fundacji Dzieciom zdazyć z Pomocą.
Więcej informacji na dug.net.pl/pomagamy/.
#1 2009-12-21 19:21:34
BiExi - 
matka przelozona
MT Freeradius problemów ciąg dalszy
bazy
Kod:
radius=> SELECT username, attribute, op, value FROM radcheck; username | attribute | op | value ----------+--------------------+----+------------------- test | Calling-Station-Id | == | 00:22:43:79:1A:72 test | Cleartext-Password | == | test (2 rows) radius=> SELECT username, attribute, op, value FROM radreply; username | attribute | op | value ----------+-------------------+----+-------------- test | Framed-IP-Address | = | 192.168.1.10 test | Port-Limit | := | 1 test | Auth-Type | := | mschap (3 rows) radius=> SELECT UserName, GroupName FROM radusergroup; username | groupname ----------+----------- test | static (1 row) radius=> SELECT GroupName, Attribute, Value, op FROM radgroupcheck; groupname | attribute | value | op -----------+-----------+-------+---- (0 rows) radius=> SELECT GroupName, Attribute, Value, Op FROM radgroupreply; groupname | attribute | value | op -----------+--------------------+---------------------+---- static | Service-Type | Login-User | := static | Framed-Compression | Van-Jacobsen-TCP-IP | == static | Framed-Protocol | PPP | == static | Framed-MTU | 1500 | == static | Service-Type | Framed-User | == (5 rows)
/etc/raddb/radiusd.conf
Kod:
prefix = /usr
exec_prefix = ${prefix}
sysconfdir = /etc
localstatedir = /var
sbindir = ${exec_prefix}/sbin
logdir = ${localstatedir}/log/radius
raddbdir = ${sysconfdir}/raddb
radacctdir = ${logdir}/radacct
confdir = ${raddbdir}
run_dir = ${localstatedir}/run/radiusd
db_dir = $(raddbdir)
libdir = /usr/lib64
pidfile = ${run_dir}/radiusd.pid
max_request_time = 30
cleanup_delay = 5
max_requests = 1024
listen {
type = auth
ipaddr = *
port = 0
}
listen {
ipaddr = *
port = 0
type = acct
}
hostname_lookups = no
allow_core_dumps = no
regular_expressions = yes
extended_expressions = yes
log {
destination = files
file = ${logdir}/radius.log
syslog_facility = daemon
stripped_names = no
auth = no
auth_badpass = no
auth_goodpass = no
}
checkrad = ${sbindir}/checkrad
security {
max_attributes = 200
reject_delay = 1
status_server = yes
}
proxy_requests = yes
$INCLUDE proxy.conf
$INCLUDE clients.conf
snmp = no
$INCLUDE snmp.conf
thread pool {
start_servers = 5
max_servers = 32
min_spare_servers = 3
max_spare_servers = 10
max_requests_per_server = 0
}
modules {
$INCLUDE ${confdir}/modules/
$INCLUDE eap.conf
$INCLUDE sql.conf
$INCLUDE sql/postgresql/counter.conf
}
instantiate {
}
$INCLUDE policy.conf
$INCLUDE sites-enabled//etc/raddb/modules/mschap
Kod:
mschap {
use_mppe = yes
require_encryption = yes
require_strong = yes
authtype = "MS-CHAPv2"
}/etc/raddb/sql.conf
Kod:
sql {
database = "postgresql"
driver = "rlm_sql_${database}"
server = "localhost"
login = "radius"
password = "radius"
radius_db = "radius"
acct_table1 = "radacct"
acct_table2 = "radacct"
postauth_table = "radpostauth"
authcheck_table = "radcheck"
authreply_table = "radreply"
groupcheck_table = "radgroupcheck"
groupreply_table = "radgroupreply"
usergroup_table = "radusergroup"
deletestalesessions = yes
sqltrace = no
sqltracefile = ${logdir}/sqltrace.sql
num_sql_socks = 5
connect_failure_retry_delay = 60
readclients = yes
nas_table = "nas"
$INCLUDE sql/${database}/dialup.conf
}/etc/raddb/sites-enabled/default
Kod:
authorize {
preprocess
mschap
suffix
unix
sql
}
authenticate {
Auth-Type MS-CHAP {
mschap
}
unix
}
preacct {
acct_unique
}
accounting {
detail
sql
}
session {
radutmp
}
post-auth {
sql
}
pre-proxy {
}
post-proxy {
}/etc/raddb/sql/postgresql/dialup.conf
Kod:
sql_user_name = "%{User-Name}"
nas_query = "SELECT id, nasname, shortname, type, secret FROM ${nas_table}"
authorize_check_query = "SELECT id, UserName, Attribute, Value, Op \
FROM ${authcheck_table} \
WHERE Username = '%{SQL-User-Name}' \
ORDER BY id"
authorize_reply_query = "SELECT id, UserName, Attribute, Value, Op \
FROM ${authreply_table} \
WHERE Username = '%{SQL-User-Name}' \
ORDER BY id"
authorize_group_check_query = "SELECT id, GroupName, Attribute, Value, op \
FROM ${groupcheck_table} \
WHERE GroupName = '%{Sql-Group}' \
ORDER BY id"
authorize_group_reply_query = "SELECT id, GroupName, Attribute, Value, op \
FROM ${groupreply_table} \
WHERE GroupName = '%{Sql-Group}' \
ORDER BY id"
accounting_onoff_query = "UPDATE ${acct_table1} \
SET AcctStopTime = ('%S'::timestamp - '%{%{Acct-Delay-Time}:-0}'::interval), \
AcctSessionTime = (EXTRACT(EPOCH FROM ('%S'::timestamp with time zone - AcctStartTime::timestamp with time zone \
- '%{%{Acct-Delay-Time}:-0}'::interval)))::BIGINT, \
AcctTerminateCause = '%{Acct-Terminate-Cause}', \
AcctStopDelay = 0 \
WHERE AcctStopTime IS NULL \
AND NASIPAddress= '%{NAS-IP-Address}' \
AND AcctStartTime <= '%S'::timestamp"
accounting_update_query = "UPDATE ${acct_table1} \
SET FramedIPAddress = NULLIF('%{Framed-IP-Address}', '')::inet, \
AcctSessionTime = '%{Acct-Session-Time}', \
AcctInputOctets = (('%{%{Acct-Input-Gigawords}:-0}'::bigint << 32) + '%{%{Acct-Input-Octets}:-0}'::bigint), \
AcctOutputOctets = (('%{%{Acct-Output-Gigawords}:-0}'::bigint << 32) + '%{%{Acct-Output-Octets}:-0}'::bigint) \
WHERE AcctSessionId = '%{Acct-Session-Id}' AND UserName = '%{SQL-User-Name}' \
AND NASIPAddress= '%{NAS-IP-Address}' AND AcctStopTime IS NULL"
accounting_update_query_alt = "INSERT INTO ${acct_table1} \
(AcctSessionId, AcctUniqueId, UserName, Realm, NASIPAddress, \
NASPortId, NASPortType, AcctStartTime, \
AcctSessionTime, AcctAuthentic, AcctInputOctets, \
AcctOutputOctets, CalledStationId, CallingStationId, \
ServiceType, FramedProtocol, FramedIPAddress, XAscendSessionSvrKey) \
VALUES('%{Acct-Session-Id}', '%{Acct-Unique-Session-Id}', \
'%{SQL-User-Name}', NULLIF('%{Realm}', ''), '%{NAS-IP-Address}', \
%{%{NAS-Port}:-NULL}::integer, '%{NAS-Port-Type}', \
('%S'::timestamp - '%{%{Acct-Delay-Time}:-0}'::interval - '%{%{Acct-Session-Time}:-0}'::interval), \
'%{Acct-Session-Time}', '%{Acct-Authentic}', \
(('%{%{Acct-Input-Gigawords}:-0}'::bigint << 32) + '%{%{Acct-Input-Octets}:-0}'::bigint), \
(('%{%{Acct-Output-Gigawords}:-0}'::bigint << 32) + '%{%{Acct-Output-Octets}:-0}'::bigint), \
'%{Called-Station-Id}', \
'%{Calling-Station-Id}', '%{Service-Type}', '%{Framed-Protocol}', \
NULLIF('%{Framed-IP-Address}', '')::inet, '%{X-Ascend-Session-Svr-Key}')"
accounting_start_query = "INSERT INTO ${acct_table1} \
(AcctSessionId, AcctUniqueId, UserName, Realm, NASIPAddress, \
NASPortId, NASPortType, AcctStartTime, AcctAuthentic, \
ConnectInfo_start, CalledStationId, CallingStationId, ServiceType, \
FramedProtocol, FramedIPAddress, AcctStartDelay, XAscendSessionSvrKey) \
VALUES('%{Acct-Session-Id}', \
'%{Acct-Unique-Session-Id}', \
'%{SQL-User-Name}', \
NULLIF('%{Realm}', ''), \
'%{NAS-IP-Address}', \
%{%{NAS-Port}:-NULL}::integer, \
'%{NAS-Port-Type}', \
('%S'::timestamp - '%{%{Acct-Delay-Time}:-0}'::interval), \
'%{Acct-Authentic}', \
'%{Connect-Info}', \
'%{Called-Station-Id}', \
'%{Calling-Station-Id}', \
'%{Service-Type}', \
'%{Framed-Protocol}', \
NULLIF('%{Framed-IP-Address}', '')::inet, \
0, \
'%{X-Ascend-Session-Svr-Key}')"
accounting_start_query_alt = "UPDATE ${acct_table1} \
SET AcctStartTime = ('%S'::timestamp - '%{%{Acct-Delay-Time}:-0}'::interval), \
AcctStartDelay = 0, \
ConnectInfo_start = '%{Connect-Info}' \
WHERE AcctSessionId = '%{Acct-Session-Id}' \
AND UserName = '%{SQL-User-Name}' \
AND NASIPAddress = '%{NAS-IP-Address}' \
AND AcctStopTime IS NULL"
accounting_stop_query = "UPDATE ${acct_table2} \
SET AcctStopTime = ('%S'::timestamp - '%{%{Acct-Delay-Time}:-0}'::interval), \
AcctSessionTime = CASE WHEN '%{Acct-Session-Time}' = '' THEN \
(EXTRACT(EPOCH FROM ('%S'::TIMESTAMP WITH TIME ZONE - AcctStartTime::TIMESTAMP WITH TIME ZONE \
- '%{%{Acct-Delay-Time}:-0}'::INTERVAL)))::BIGINT ELSE '%{Acct-Session-Time}' END, \
AcctInputOctets = (('%{%{Acct-Input-Gigawords}:-0}'::bigint << 32) + '%{%{Acct-Input-Octets}:-0}'::bigint), \
AcctOutputOctets = (('%{%{Acct-Output-Gigawords}:-0}'::bigint << 32) + '%{%{Acct-Output-Octets}:-0}'::bigint), \
AcctTerminateCause = '%{Acct-Terminate-Cause}', \
AcctStopDelay = 0, \
FramedIPAddress = NULLIF('%{Framed-IP-Address}', '')::inet, \
ConnectInfo_stop = '%{Connect-Info}' \
WHERE AcctSessionId = '%{Acct-Session-Id}' \
AND UserName = '%{SQL-User-Name}' \
AND NASIPAddress = '%{NAS-IP-Address}' \
AND AcctStopTime IS NULL"
accounting_stop_query_alt = "INSERT INTO ${acct_table2} \
(AcctSessionId, AcctUniqueId, UserName, Realm, NASIPAddress, NASPortId, NASPortType, AcctStartTime, AcctStopTime, \
AcctSessionTime, AcctAuthentic, ConnectInfo_stop, AcctInputOctets, AcctOutputOctets, CalledStationId, \
CallingStationId, AcctTerminateCause, ServiceType, FramedProtocol, FramedIPAddress, AcctStopDelay) \
values('%{Acct-Session-Id}', \
'%{Acct-Unique-Session-Id}', \
'%{SQL-User-Name}', \
NULLIF('%{Realm}', ''), \
'%{NAS-IP-Address}', \
%{%{NAS-Port}:-NULL}::integer, \
'%{NAS-Port-Type}', \
('%S'::timestamp - '%{%{Acct-Delay-Time}:-0}'::interval - '%{%{Acct-Session-Time}:-0}'::interval), \
('%S'::timestamp - '%{%{Acct-Delay-Time}:-0}'::interval), \
NULLIF('%{Acct-Session-Time}', '')::bigint, '%{Acct-Authentic}', \
'%{Connect-Info}', \
(('%{%{Acct-Input-Gigawords}:-0}'::bigint << 32) + '%{%{Acct-Input-Octets}:-0}'::bigint), \
(('%{%{Acct-Output-Gigawords}:-0}'::bigint << 32) + '%{%{Acct-Output-Octets}:-0}'::bigint), \
'%{Called-Station-Id}', \
'%{Calling-Station-Id}', \
'%{Acct-Terminate-Cause}', \
'%{Service-Type}', \
'%{Framed-Protocol}', \
NULLIF('%{Framed-IP-Address}', '')::inet, 0)"
group_membership_query = "SELECT GroupName FROM ${usergroup_table} WHERE UserName='%{SQL-User-Name}' ORDER BY priority"
postauth_query = "INSERT INTO ${postauth_table} (username, pass, reply, authdate) \
VALUES ('%{User-Name}', '%{%{User-Password}:-Chap-Password}', '%{reply:Packet-Type}', NOW())"eap.conf
Kod:
eap {
default_eap_type = md5
timer_expire = 60
ignore_unknown_eap_types = no
cisco_accounting_username_bug = no
md5 {
}
leap {
}
gtc {
#challenge = "Password: "
auth_type = PAP
}
tls {
certdir = ${confdir}/certs
cadir = ${confdir}/certs
private_key_password = whatever
private_key_file = ${certdir}/server.pem
certificate_file = ${certdir}/server.pem
CA_file = ${cadir}/ca.pem
dh_file = ${certdir}/dh
random_file = ${certdir}/random
cipher_list = "DEFAULT"
make_cert_command = "${certdir}/bootstrap"
}
ttls {
default_eap_type = md5
copy_request_to_tunnel = no
# virtual_server = "inner-tunnel"
}
peap {
default_eap_type = mschapv2
copy_request_to_tunnel = no
use_tunneled_reply = no
# proxy_tunneled_request_as_eap = yes
}
mschapv2 {
}
}LOGI
Radius
Kod:
rad_recv: Access-Request packet from host 172.16.19.230 port 34276, id=21, length=178
Service-Type = Framed-User
Framed-Protocol = PPP
NAS-Port = 25
NAS-Port-Type = Ethernet
User-Name = "test"
Calling-Station-Id = "00:22:43:79:1A:72"
Called-Station-Id = "mt"
NAS-Port-Id = "wlan1"
MS-CHAP-Challenge = 0x6a792711f59326e82335e680656d8b8c
MS-CHAP2-Response = 0x0100fcf42c73e334d69a72367b6cc52b69d1000000000000000039678e0efb0441ac0d8852a66334edee25024bbf531f32a7
NAS-Identifier = "MikroTik"
NAS-IP-Address = 172.16.19.230
+- entering group authorize
++[preprocess] returns ok
rlm_mschap: Found MS-CHAP attributes. Setting 'Auth-Type = mschap'
++[mschap] returns ok
rlm_realm: No '@' in User-Name = "test", looking up realm NULL
rlm_realm: No such realm "NULL"
++[suffix] returns noop
++[unix] returns notfound
expand: %{User-Name} -> test
rlm_sql (sql): sql_set_user escaped user --> 'test'
rlm_sql (sql): Reserving sql socket id: 3
expand: SELECT id, UserName, Attribute, Value, Op FROM radcheck WHERE Username = '%{SQL-User-Name}' ORDER BY id -> SELECT id, UserName, Attribute, Value, Op FROM radcheck WHERE Username = 'test' ORDER BY id
rlm_sql_postgresql: Status: PGRES_TUPLES_OK
rlm_sql_postgresql: query affected rows = 2 , fields = 5
expand: SELECT GroupName FROM radusergroup WHERE UserName='%{SQL-User-Name}' ORDER BY priority -> SELECT GroupName FROM radusergroup WHERE UserName='test' ORDER BY priority
rlm_sql_postgresql: Status: PGRES_TUPLES_OK
rlm_sql_postgresql: query affected rows = 1 , fields = 1
expand: SELECT id, GroupName, Attribute, Value, op FROM radgroupcheck WHERE GroupName = '%{Sql-Group}' ORDER BY id -> SELECT id, GroupName, Attribute, Value, op FROM radgroupcheck WHERE GroupName = 'static' ORDER BY id
rlm_sql_postgresql: Status: PGRES_TUPLES_OK
rlm_sql_postgresql: query affected rows = 0 , fields = 5
rlm_sql (sql): User found in group static
expand: SELECT id, GroupName, Attribute, Value, op FROM radgroupreply WHERE GroupName = '%{Sql-Group}' ORDER BY id -> SELECT id, GroupName, Attribute, Value, op FROM radgroupreply WHERE GroupName = 'static' ORDER BY id
rlm_sql_postgresql: Status: PGRES_TUPLES_OK
rlm_sql_postgresql: query affected rows = 5 , fields = 5
rlm_sql (sql): Released sql socket id: 3
++[sql] returns ok
rad_check_password: Found Auth-Type mschap
auth: type "MSCHAP"
+- entering group MS-CHAP
rlm_mschap: No Cleartext-Password configured. Cannot create LM-Password.
rlm_mschap: No Cleartext-Password configured. Cannot create NT-Password.
rlm_mschap: Told to do MS-CHAPv2 for test with NT-Password
rlm_mschap: FAILED: No NT/LM-Password. Cannot perform authentication.
rlm_mschap: FAILED: MS-CHAP2-Response is incorrect
++[mschap] returns reject
auth: Failed to validate the user.
Sending Access-Reject of id 21 to 172.16.19.230 port 34276
Service-Type := Login-User
Framed-Compression == Van-Jacobson-TCP-IP
Framed-Protocol == PPP
Framed-MTU == 1500
Service-Type == Framed-User
MS-CHAP-Error = "\001E=691 R=1"
Finished request 0.
Going to the next request
Waking up in 4.9 seconds.
Cleaning up request 0 ID 21 with timestamp +38
Ready to process requests.MT
Kod:
06:04:13 pppoe,info PPPoE connection established from 00:22:43:79:1A:72 06:04:13 pppoe,ppp,info <pppoe-0>: waiting for call... 06:04:13 radius,debug new request 1b:1e code=Access-Request service=ppp called-id=mt 06:04:13 radius,debug sending 1b:1e to 217.96.37.4:1812 06:04:13 radius,debug,packet sending Access-Request with id 21 to 217.96.37.4:1812 06:04:13 radius,debug,packet Signature = 0x74793838aa1ce306825623385525ecf2 06:04:13 radius,debug,packet Service-Type = 2 06:04:13 radius,debug,packet Framed-Protocol = 1 06:04:13 radius,debug,packet NAS-Port = 25 06:04:13 radius,debug,packet NAS-Port-Type = 15 06:04:13 radius,debug,packet User-Name = "test" 06:04:13 radius,debug,packet Calling-Station-Id = "00:22:43:79:1A:72" 06:04:13 radius,debug,packet Called-Station-Id = "mt" 06:04:13 radius,debug,packet NAS-Port-Id = "wlan1" 06:04:13 radius,debug,packet MS-CHAP-Challenge = 0x6a792711f59326e82335e680656d8b8c 06:04:13 radius,debug,packet MS-CHAP2-Response = 0x0100fcf42c73e334d69a72367b6cc52b 06:04:13 radius,debug,packet 69d1000000000000000039678e0efb04 06:04:13 radius,debug,packet 41ac0d8852a66334edee25024bbf531f 06:04:13 radius,debug,packet 32a7 06:04:13 radius,debug,packet NAS-Identifier = "MikroTik" 06:04:13 radius,debug,packet NAS-IP-Address = 172.16.19.230 06:04:13 radius,debug,packet received Access-Reject with id 21 from 217.96.37.4:1812 06:04:13 radius,debug,packet Signature = 0x640f055e1b2c927eec5e02a207520bc5 06:04:13 radius,debug,packet Service-Type = 1 06:04:13 radius,debug,packet Framed-Compression = 1 06:04:13 radius,debug,packet Framed-Protocol = 1 06:04:13 radius,debug,packet Framed-MTU = 1500 06:04:13 radius,debug,packet Service-Type = 2 06:04:13 radius,debug,packet MS-CHAP-Error = 0x01453d36393120523d31 06:04:13 radius,debug received reply for 1b:1e 06:04:13 pppoe,ppp,info <pppoe-0>: terminating... - user test authentication failed 06:04:13 pppoe,ppp,info <pppoe-0>: disconnected
Windows zglasza blad nr 691
Online
#2 2009-12-22 18:55:17
Dest - Nowy użytkownik
- Dest
- Nowy użytkownik
- Zarejestrowany: 2009-12-22
Re: MT Freeradius problemów ciąg dalszy
Cześć! Wiem jaki FreeRADIUS może być miły gdy chce się go uruchomić. Mogę się mylić, ale za to coś podpowiem. Zatem zdecyduj się na konkretną formę uwierzytelniania - masz md5, skonfigurowane mschapv2 i inne. Wywalić, znaczy się zakomentować to co niepotrzebne i używać tego co się chce. Druga sprawa to proxy - serwer pracuje jako główny serwer czy jako proxy? Teraz wg czego się uwierzytelniasz - sql, unix itd. Po co tyle dodatkowych nie potrzebnych pierdołków? Odpowiedzi tylko Ty znasz, co jest potrzebne a co nie. Spokojnie rozpracujesz go później czy prędzej.
Offline
#3 2009-12-22 20:36:57
BiExi - matka przelozona
#4 2009-12-22 21:51:30
Dest - Nowy użytkownik
- Dest
- Nowy użytkownik
- Zarejestrowany: 2009-12-22
Re: MT Freeradius problemów ciąg dalszy
W MT? Nie wiem, widze tylko, że chodzi o RADIUSa, Widze konfigurację jego, więc opierać się będe tylko na FreeRADIUS.
Podpowiedź do tego: w pliku eap.conf masz default_eap_type = md5. Tak więc zanim zacznie się wszystko konfigurować należy dokładnie przemyśleć co chce się zrobić, jakimi metodami, jacy użytkownicy (systemy, używany suplikant). Materiałów o FreeRADIUS jest wiele, większość z tego to tylko przykłady konfiguracji, lecz na podstawie tych szczątkowych informacji można złożyć rozwiązanie, które będzie pasować akurat nam.
Offline
#5 2009-12-23 13:11:03
zlyZwierz - Moderator
#6 2009-12-24 21:19:45
BiExi - matka przelozona
#7 2009-12-29 23:49:13
rpc - Użytkownik
Re: MT Freeradius problemów ciąg dalszy
Nie znam MT ale jeśli mowa o freeradius2 to
do windows najlepiej oprzeć się nie na MD5 a na MSCHAPV2. Windows lubi EAP-TLS, EAP-PEAP-mchapv2. Resztę ja bym wyłączył i tyle. Jako domyślne default_eap_type = peap.
Zamiast Cleartext-Password ja bym użył np.
DEFAULT User-Password := "haslo_do_logowania"
Offline
#8 2009-12-30 10:17:21
BiExi - matka przelozona
Re: MT Freeradius problemów ciąg dalszy
Problem rozwiazalam wczeniej juz wiec 2 sprawy trzeba bylo zmienic
Cleartext-Password :=
oraz w konfiguracji MT dodac pule adresowa do koncentratora i tyle :]
co do User-Password to stosuje sie w radiusie1 a w 2 uzywa sie Cleartext-Password
Online
#9 2010-01-09 21:26:19
bolos_11 - Użytkownik
- bolos_11
- Użytkownik
- Zarejestrowany: 2006-10-30
Re: MT Freeradius problemów ciąg dalszy
zlyZwierz napisał(-a):
Przecież to działa od strzała - na domyślnej konfiguracji.
pytanie tylko pod ktora dystrybujcja LINUXa ?
Offline
#10 2010-01-09 22:21:03
BiExi - matka przelozona
#11 2010-01-16 22:33:12
bolos_11 - Użytkownik
- bolos_11
- Użytkownik
- Zarejestrowany: 2006-10-30
Re: MT Freeradius problemów ciąg dalszy
BiExi napisał(-a):
bolos_11 dziala na defaulcie obojetnie gdzie (nim troszeczke trza poustawiac ale niewiele)
TYLE to wiem, jak sie w plikach TXT wsio poustawia TO jest OK ... gorzej jak w SQL sa dane ... sypie bledami ... i skonczyly mi sie pomysly co dalej
Ostatnio edytowany przez bolos_11 (2010-01-16 22:33:49)
Offline
#12 2011-11-16 09:22:36
domel90 - Nowy użytkownik
- domel90
- Nowy użytkownik
- Zarejestrowany: 2011-11-16
Re: MT Freeradius problemów ciąg dalszy
Podłączę się trochę do tematu oraz go odświeżę.
Skonfigurowałem freeradiusa na dystrybucji Centos oraz switch any wymagał uwierzytelniania 802.1x.
Klienta mam na WinXP.
Jeśli na kliencie wybiorę MD5_Challenge - to klient uwierzytelnia się poprawnie i wszystko działa.
Niestety nie mogę poradzić sobie z MSCHAPv2 <-- chciałbym aby klienci uwierzytelniani się właśnie tą metodą (za pomocą hasła). Nie wiem gdzie mam błąd.
Jeśli Ktoś z Was może podesłać mi jakiegoś dokładnego manuala, albo spakowaną przykładową działającą konfigurację całego Freeradiusa będę wdzięczny.
Mój mail to domin90@wp.pl
Z góry wielkie dzięki
Offline