2010/4/1 Matt Harlum <m...@cactuar.net>: > > On 01/04/2010, at 1:44 PM, Matt Harlum wrote: > > On 01/04/2010, at 7:39 AM, Bruno Kremel wrote: > > On Wednesday 31 March 2010 21:28:48 Alan DeKok wrote: > What should be there? > Beacuse I don't know I am using Daloradius web interafce for adding data to > database, so I just loaded default daloradius sql which was intendet > (according to readme od daloradius) for 2.X Freeradius... and added accounts > in web interface... > > Here's an example from my radcheck table in the SQL Database > id | UserName | Attribute | op | Value | > +----+----------+---------------+----+------------+ > | 1 | exampleuser | User-Password | == | password123 | > This is how yours should be set up, otherwise you will get the "validating" > issue in Windows. > > I was wrong > it should be > Here's an example from my radcheck table in the SQL Database > id | UserName | Attribute | op | Value | > +----+----------+---------------+----+------------+ > | 1 | exampleuser | Cleartext-Password | := | password123 | > My configuration was wrong it'd seem, I hadn't noticed as I'm primarily > using EAP-TLS with EAP-TTLS as a fallback. didn't test it when I upgraded to > 2.x > Regards, > Matt Harlum > > > To me it seems that name/password was accepted so I have no clue where > > is the problem.. > > The password was NOT accepted. It was *ignored*. > > And what is that Accept-Accept on the end of the log?... also radtest gives > me > Accept-Accept only on correct login and password so I think that it's not > that > SQL... > > > As Alan said, it was simply ignored because of the misconfiguration > Regards, > Matt Harlum > > > > - > List info/subscribe/unsubscribe? See > http://www.freeradius.org/list/users.html >
Thank you for answer.. You are right with that sql it is some mess in daloradius, but I tryed to disable SQL and use /etc/freeradius/users file instead, but I am stuck on Attempting to authenticate now.. log says this: Going to the next request Waking up in 4.9 seconds. rad_recv: Access-Request packet from host 192.168.3.1 port 1320, id=0, length=137 Cleaning up request 39 ID 0 with timestamp +589 User-Name = "pokus" NAS-IP-Address = 192.168.3.1 Called-Station-Id = "00259c523046" Calling-Station-Id = "001e650eb532" NAS-Identifier = "00259c523046" NAS-Port = 9 Framed-MTU = 1400 State = 0x53b1704550ba694fbe3359243d2a2638 NAS-Port-Type = Wireless-802.11 EAP-Message = 0x020b00061900 Message-Authenticator = 0x5fde19c57e8672a11c18b0b34d8c3acd +- entering group authorize ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop rlm_realm: No '@' in User-Name = "pokus", looking up realm NULL rlm_realm: No such realm "NULL" ++[suffix] returns noop rlm_eap: EAP packet type response id 11 length 6 rlm_eap: Continuing tunnel setup. ++[eap] returns ok rad_check_password: Found Auth-Type EAP auth: type "EAP" +- entering group authenticate rlm_eap: Request found, released from the list rlm_eap: EAP/peap rlm_eap: processing type peap rlm_eap_peap: Authenticate rlm_eap_tls: processing TLS rlm_eap_tls: Received EAP-TLS ACK message rlm_eap_tls: ack handshake fragment handler eaptls_verify returned 1 eaptls_process returned 13 rlm_eap_peap: EAPTLS_HANDLED ++[eap] returns handled Sending Access-Challenge of id 0 to 192.168.3.1 port 1320 EAP-Message = 0x010c00061900 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x53b1704557bd694fbe3359243d2a2638 Finished request 40. Going to the next request Waking up in 4.9 seconds. Cleaning up request 40 ID 0 with timestamp +589 Ready to process requests. That Access-Challenge should authenticate my client if I am not wrong, but it still shows me validating identity and the attempting to authenticate... - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html