At 12:49 23/08/05, you wrote:
Hi, thanks for your email!
Ok, i tried it out but i have some problems. If i use the DWORT String you
sent me it has no efekkt. I found an other DWORT Key which Sounds
"AuthMode" and with this DWORT he only tries to authentificate with the
machine account. Maybe you have made a typing mistake in your email??
Whoops - You are right it was a typing mistake, it is AuthMode.
Ok, but my problem ist, that when he tries to authentificate with the
Computer Account i see in the radius debugging modse that he only tried to
use the default entry in the user File and not the "Client3" Entry. It
seems that he does not find the right Computer Certificate or the
Freeradius does not find the Right Entry in his user File???
I am new to freeRADIUS myself in order to get my system working I followed
the instructions in these web pages,
http://www.linuxjournal.com/article/8017,
http://www.linuxjournal.com/article/8095,
http://www.linuxjournal.com/article/8151.
It does look like a certificates problem, but then I am very new to
FreeRADIUS and I spent a considerable amount of time adjusting settings to
make it work.
This is the output from Freeradius -X -A when the DWORT "AuthMode" is set
to 2
Starting - reading configuration files ...
reread_config: reading radiusd.conf
Config: including file! : /etc/freeradius/proxy.conf
Config: including file: /etc/freeradius/clients.conf
Config: including file: /etc/freeradius/snmp.conf
Config: including file: /etc/freeradius/eap.conf
Config: including file: /etc/freeradius/sql.conf
main: prefix = "/usr"
main: localstatedir = "/var"
main: logdir = "/var/log/freeradius"
main: libdir = "/usr/lib/freeradius"
main: radacctdir = "/var/log/freeradius/radacct"
main: hostname_lookups = no
main: max_request_time = 30
main: cleanup_delay = 5
main: max_requests = 1024
main: delete_blocked_requests = 0
main: port = 0
main: allow_core_dumps = no
main: log_stripped_names = no
main: log_file = "/var/log/freeradius/radius.log"
main: log_auth = no
main: log_auth_badpass = no
main: log_auth_goodpass = no
main: pidfile = "/var/! run/freeradius/freeradius.pid"
main: user = "freerad"
&nbs
p;main: group = "freerad"
main: usercollide = no
main: lower_user = "no"
main: lower_pass = "no"
main: nospace_user = "no"
main: nospace_pass = "no"
main: checkrad = "/usr/sbin/checkrad"
main: proxy_requests = yes
proxy: retry_delay = 5
proxy: retry_count = 3
proxy: synchronous = no
proxy: default_fallback = yes
proxy: dead_time = 120
proxy: post_proxy_authorize = yes
proxy: wake_all_if_all_dead = no
security: max_attributes = 200
security: reject_delay = 1
security: status_server = no
main: debug_level = 0
read_config_files: reading dictionary
read_config_files: reading naslist
Using deprecated naslist file. Support for this will go away soon.
read_config_files: reading clients
read_config_files: reading realms
radiusd: entering modules setup
Module: Library ! search path is /usr/lib/freeradius
Module: Loaded exec
exec: wait = yes
exec: program = "(null)"
exec: input_pairs = "request"
exec: output_pairs = "(null)"
exec: packet_type = "(null)"
rlm_exec: Wait=yes but no output defined. Did you mean output=none?
Module: Instantiated exec (exec)
Module: Loaded expr
Module: Instantiated expr (expr)
Module: Loaded PAP
pap: encryption_scheme = "crypt"
Module: Instantiated pap (pap)
Module: Loaded CHAP
Module: Instantiated chap (chap)
Module: Loaded MS-CHAP
mschap: use_mppe = yes
mschap: require_encryption = no
mschap: require_strong = no
mschap: with_ntdomain_hack = no
mschap: passwd = "(null)"
mschap: authtype = "MS-CHAP"
mschap: ntlm_auth = "(null)"
Module: Instantiated mschap (mschap)
Module: Loaded System
unix: cache = no
unix: passwd = "(null)"
! ;unix: shadow = "/etc/shadow"
unix: group = "(null)"
;unix: radwtmp = "/var/log/freeradius/radwtmp"
unix: usegroup = no
unix: cache_reload = 600
Module: Instantiated unix (unix)
Module: Loaded eap
eap: default_eap_type = "tls"
eap: timer_expire = 60
eap: ignore_unknown_eap_types = no
eap: cisco_accounting_username_bug = no
rlm_eap: Loaded and initialized type md5
rlm_eap: Loaded and initialized type leap
gtc: challenge = "Password: "
gtc: auth_type = "PAP"
rlm_eap: Loaded and initialized type gtc
tls: rsa_key_exchange = no
tls: dh_key_exchange = yes
tls: rsa_key_length = 512
tls: dh_key_length = 512
tls: verify_depth = 0
tls: CA_path = "(null)"
tls: pem_file_type = yes
tls: private_key_file = "/etc/ssl/certs/8021x-server.pem"
tls: certificate_file = "/etc/ssl/certs/8021x-server.pem"
tls: CA_file = "/etc/ssl/certs/root.pem"
tls: private_key_pa! ssword = "whatever"
tls: dh_file = "/etc/ssl/certs/dh"
tls: random_file = "/etc/ssl/certs/random"
tls: fragment_size = 1024
tls: include_length = yes
tls: check_crl = no
tls: check_cert_cn = "(null)"
rlm_eap: Loaded and initialized type tls
mschapv2: with_ntdomain_hack = no
rlm_eap: Loaded and initialized type mschapv2
Module: Instantiated eap (eap)
Module: Loaded preprocess
preprocess: huntgroups = "/etc/freeradius/huntgroups"
preprocess: hints = "/etc/freeradius/hints"
preprocess: with_ascend_hack = no
preprocess: ascend_channels_per_line = 23
preprocess: with_ntdomain_hack = no
preprocess: with_specialix_jetstream_hack = no
preprocess: with_cisco_vsa_hack = no
Module: Instantiated preprocess (preprocess)
Module: Loaded realm
realm: format = "suffix"
realm: delimiter = "@"
realm: ignore_default = no realm: ignore_null = no
Module: Instantiated realm (suffix )
Module: Loaded files
files: usersfile = "/etc/freeradius/users"
files: acctusersfile = "/etc/freeradius/acct_users"
files: preproxy_usersfile = "/etc/freeradius/preproxy_users"
files: compat = "no"
Module: Instantiated files (files)
Module: Loaded Acct-Unique-Session-Id
acct_unique: key = "User-Name, Acct-Session-Id, NAS-IP-Address,
Client-IP-Address, NAS-Port"
Module: Instantiated acct_unique (acct_unique)
Module: Loaded detail
detail: detailfile =
"/var/log/freeradius/radacct/%{Client-IP-Address}/detail-%Y%m%d"
detail: detailperm = 384
detail: dirperm = 493
detail: locking = no
Module: Instantiated detail (detail)
Module: Loaded radutmp
radutmp: filename = "/var/log/freeradius/radutmp"
radutmp: username = "%{User-Name}"
radutmp: case_sensitive = yes
radutmp: check_with_nas = yes
radutmp: perm = 384
radutmp: ca! llerid = yes
Module: Instantiated radutmp (radutmp)
Listening on authentication *:1812
Listening on accounting *:1813
Listening on proxy *:1814
Ready to process requests.
rad_recv: Access-Request packet from host 10.40.0.254:1024, id=103, length=120
NAS-IP-Address = 10.40.0.254
NAS-Port-Type = Ethernet
Service-Type = Framed-User
Message-Authenticator = 0x8e013b02cf39c8b291f8a9d790f3bd6a
NAS-Port = 8
Framed-MTU = 1490
User-Name = "host/Client3"
Calling-Station-Id = "00-10-5A-F7-F0-BA"
EAP-Message = 0x02ff001101686f73742f436c69656e7433
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 0
modcall[authorize]: module "preprocess" returns ok for request 0
modcall[authorize]: module "chap" returns noop for request 0
modcall[authorize]: module "mschap" returns noop for request 0
&nbs!
p; rlm_realm: No <mailto:'@'>'@' in User-Name = "host/Cli ent3", looking
up realm NULL
rlm_realm: No such realm "NULL"
modcall[authorize]: module "suffix" returns noop for request 0
rlm_eap: EAP packet type response id 255 length 17
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 0
users: Matched entry DEFAULT at line 181
users: Matched entry DEFAULT at line 200
modcall[authorize]: module "files" returns ok for request 0
modcall: group authorize returns updated for request 0
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 0
rlm_eap: EAP Identity
rlm_eap: processing type tls
rlm_eap_tls: Requiring client certificate
rlm_eap_tls: Initiate
rlm_eap_tls: ! Start returned 1
modcall[authenticate]: module "eap" returns handled for request 0
modcall: group authenticate returns handled for request 0
Sending Access-Challenge of id 103 to 10.40.0.254:1024
Framed-IP-Address = 255.255.255.254
Framed-MTU = 576
Service-Type = Framed-User
EAP-Message = 0x010000060d20
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x1814a65439afaa74487aa379af48ead9
Finished request 0
Going to the next request
--- Walking the entire request list ---
Waking up in 6 seconds...
--- Walking the entire request list ---
Cleaning up request 0 ID 103 with timestamp 430b0c7e
Nothing to do. Sleeping until we see a request.
rad_recv: Access-Request packet from host 10.40.0.254:1024, id=104, length=120
NAS-IP-Address = 10.40.0.254
NAS-Port-Type = Ethernet
Service-Type = Framed-User
Message-Authenticator = 0xe3868d2! de84c592e7e54eb355b23752f
NAS-Port = 8
Framed-MTU = 1490
User-Name = "host/Client3"
Calling-Station-Id = "00-10-5A-F7-F0-BA"
EAP-Message = 0x0201001101686f73742f436c69656e7433
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 1
modcall[authorize]: module "preprocess" returns ok for request 1
modcall[authorize]: module "chap" returns noop for request 1
modcall[authorize]: module "mschap" returns noop for request 1
rlm_realm: No <mailto:'@'>'@' in User-Name = "host/Client3", looking
up realm NULL
rlm_realm: No such realm "NULL"
modcall[authorize]: module "suffix" returns noop for request 1
rlm_eap: EAP packet type response id 1 length 17
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 1
users: Matched entry DEFAULT at li! ne 181
users: Matched entry DEFAULT at line 200
modcall[authorize]: module "files" returns ok for request 1
modcall: group authorize returns updated for request 1
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 1
Fallibroome High School
Priory Lane
Macclesfield
Cheshire
SK10 4AF
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
