Please make sure that port 1812/1813 are enabled on your server firewall. Hashim Mohammed Zayed Moeen IT
On 2012 2 28 17:10, "James DeLuca" <[email protected]> wrote: > Hope you can help us out. First time dealing with RADIUS servers. > Following your instructions. Seem to have missed something along the way. > **** > > ** ** > > We are running FreeRadius(Version 2.1.1) on a SLES version 11 server. The > serve has a static IP address.**** > > ** ** > > We have tried both of the following setting in our client.conf > file(/etc/raddb/clients.conf). Neither have produced good results. > > client localhost { > ipadddr = 127.0.0.1 > require_message_authenticator = no > secret = "xxxxx" > nastype = "other" > } > > client localhost { > ipadddr = 10.0.xxx.xxx > require_message_authenticator = no > secret = "xxxxx" > nastype = "other" > } > > **** > > We entered a user in our user(/etc/raddb/users) file ** ** > > ** ** > > bob Cleartext-Password := "hello"**** > > ** ** > > Started two terminal sessions. In the first session we ran > /usr/sbin/radiusd -X**** > > ** ** > > And received these results**** > > FreeRADIUS Version 2.1.1, for host i686-suse-linux-gnu, built on Feb 23 > 2009 at 21:34:25 Copyright (C) 1999-2008 The FreeRADIUS server project and > contributors. **** > > There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A > PARTICULAR PURPOSE. **** > > You may redistribute copies of FreeRADIUS under the terms of the GNU > General Public License v2. **** > > Starting - reading configuration files ...**** > > including configuration file /etc/raddb/radiusd.conf including > configuration file /etc/raddb/proxy.conf including configuration file > /etc/raddb/clients.conf including files in directory /etc/raddb/modules/ > including configuration file /etc/raddb/modules/detail including > configuration file /etc/raddb/modules/preprocess including configuration > file /etc/raddb/modules/ippool including configuration file > /etc/raddb/modules/inner-eap including configuration file > /etc/raddb/modules/checkval including configuration file > /etc/raddb/modules/ldap including configuration file > /etc/raddb/modules/sradutmp including configuration file > /etc/raddb/modules/attr_filter including configuration file > /etc/raddb/modules/policy including configuration file > /etc/raddb/modules/always including configuration file > /etc/raddb/modules/etc_group including configuration file > /etc/raddb/modules/logintime including configuration file > /etc/raddb/modules/passwd including configuration file > /etc/raddb/modules/realm including configuration file > /etc/raddb/modules/krb5 including configuration file > /etc/raddb/modules/echo including configuration file > /etc/raddb/modules/expiration including configuration file > /etc/raddb/modules/expr including configuration file /etc/raddb/modules/ > detail.example.com**** > > **** > > including configuration file /etc/raddb/modules/pam including > configuration file /etc/raddb/modules/files including configuration file > /etc/raddb/modules/smbpasswd including configuration file > /etc/raddb/modules/attr_rewrite including configuration file > /etc/raddb/modules/linelog including configuration file > /etc/raddb/modules/detail.log including configuration file > /etc/raddb/modules/unix including configuration file > /etc/raddb/modules/exec including configuration file > /etc/raddb/modules/radutmp including configuration file > /etc/raddb/modules/acct_unique including configuration file > /etc/raddb/modules/digest including configuration file > /etc/raddb/modules/chap including configuration file > /etc/raddb/modules/sql_log including configuration file > /etc/raddb/modules/mschap including configuration file > /etc/raddb/modules/counter including configuration file > /etc/raddb/modules/pap including configuration file > /etc/raddb/modules/mac2vlan including configuration file > /etc/raddb/modules/mac2ip including configuration file > /etc/raddb/modules/wimax including configuration file /etc/raddb/eap.conf > including configuration file /etc/raddb/sql.conf including configuration > file /etc/raddb/sql/mysql/dialup.conf including configuration file > /etc/raddb/sql/mysql/counter.conf including configuration file > /etc/raddb/policy.conf including files in directory > /etc/raddb/sites-enabled/ including configuration file > /etc/raddb/sites-enabled/default including configuration file > /etc/raddb/sites-enabled/inner-tunnel**** > > group = radiusd**** > > user = radiusd**** > > including dictionary file /etc/raddb/dictionary main {**** > > prefix = "/usr"**** > > localstatedir = "/var"**** > > logdir = "/var/log/radius"**** > > libdir = "/usr/lib/freeradius"**** > > radacctdir = "/var/log/radius/radacct"**** > > hostname_lookups = no**** > > max_request_time = 30**** > > cleanup_delay = 5**** > > max_requests = 1024**** > > allow_core_dumps = no**** > > pidfile = "/var/run/radiusd/radiusd.pid"**** > > checkrad = "/usr/sbin/checkrad"**** > > debug_level = 0**** > > proxy_requests = yes**** > > log {**** > > stripped_names = no**** > > auth = no**** > > auth_badpass = no**** > > auth_goodpass = no**** > > }**** > > security {**** > > max_attributes = 200**** > > reject_delay = 1**** > > status_server = yes**** > > }**** > > }**** > > client localhost {**** > > ipaddr = 10.0.8.9**** > > require_message_authenticator = no**** > > secret = "testing123"**** > > nastype = "other"**** > > }**** > > radiusd: #### Loading Realms and Home Servers #### proxy server {**** > > retry_delay = 5**** > > retry_count = 3**** > > default_fallback = no**** > > dead_time = 120**** > > wake_all_if_all_dead = no**** > > }**** > > home_server localhost {**** > > ipaddr = 127.0.0.1**** > > port = 1812**** > > type = "auth"**** > > secret = "testing123"**** > > response_window = 20**** > > max_outstanding = 65536**** > > zombie_period = 40**** > > status_check = "status-server"**** > > ping_interval = 30**** > > check_interval = 30**** > > num_answers_to_alive = 3**** > > num_pings_to_alive = 3**** > > revive_interval = 120**** > > status_check_timeout = 4**** > > }**** > > home_server_pool my_auth_failover {**** > > type = fail-over**** > > home_server = localhost**** > > }**** > > realm example.com {**** > > auth_pool = my_auth_failover**** > > }**** > > realm LOCAL {**** > > }**** > > radiusd: #### Instantiating modules #### instantiate {**** > > Module: Linked to module rlm_exec**** > > Module: Instantiating exec**** > > exec {**** > > wait = no**** > > input_pairs = "request"**** > > shell_escape = yes**** > > }**** > > Module: Linked to module rlm_expr**** > > Module: Instantiating expr**** > > Module: Linked to module rlm_expiration**** > > Module: Instantiating expiration**** > > expiration {**** > > reply-message = "Password Has Expired "**** > > }**** > > Module: Linked to module rlm_logintime**** > > Module: Instantiating logintime**** > > logintime {**** > > reply-message = "You are calling outside your allowed timespan "*** > * > > minimum-timeout = 60**** > > }**** > > }**** > > radiusd: #### Loading Virtual Servers #### server inner-tunnel { modules { > **** > > Module: Checking authenticate {...} for more modules to load**** > > Module: Linked to module rlm_pap**** > > Module: Instantiating pap**** > > pap {**** > > encryption_scheme = "auto"**** > > auto_header = no**** > > }**** > > Module: Linked to module rlm_chap**** > > Module: Instantiating chap**** > > Module: Linked to module rlm_mschap**** > > Module: Instantiating mschap**** > > mschap {**** > > use_mppe = yes**** > > require_encryption = no**** > > require_strong = no**** > > with_ntdomain_hack = no**** > > }**** > > Module: Linked to module rlm_unix**** > > Module: Instantiating unix**** > > unix {**** > > radwtmp = "/var/log/radius/radwtmp"**** > > }**** > > Module: Linked to module rlm_eap**** > > Module: Instantiating eap**** > > eap {**** > > default_eap_type = "md5"**** > > timer_expire = 60**** > > ignore_unknown_eap_types = no**** > > cisco_accounting_username_bug = no**** > > max_sessions = 2048**** > > }**** > > Module: Linked to sub-module rlm_eap_md5**** > > Module: Instantiating eap-md5**** > > Module: Linked to sub-module rlm_eap_leap**** > > Module: Instantiating eap-leap**** > > Module: Linked to sub-module rlm_eap_gtc**** > > Module: Instantiating eap-gtc**** > > gtc {**** > > challenge = "Password: "**** > > auth_type = "PAP"**** > > }**** > > Module: Linked to sub-module rlm_eap_tls**** > > Module: Instantiating eap-tls**** > > tls {**** > > rsa_key_exchange = no**** > > dh_key_exchange = yes**** > > rsa_key_length = 512**** > > dh_key_length = 512**** > > verify_depth = 0**** > > pem_file_type = yes**** > > private_key_file = "/etc/raddb/certs/server.pem"**** > > certificate_file = "/etc/raddb/certs/server.pem"**** > > CA_file = "/etc/raddb/certs/ca.pem"**** > > private_key_password = "whatever"**** > > dh_file = "/etc/raddb/certs/dh"**** > > random_file = "/etc/raddb/certs/random"**** > > fragment_size = 1024**** > > include_length = yes**** > > check_crl = no**** > > cipher_list = "DEFAULT"**** > > make_cert_command = "/etc/raddb/certs/bootstrap"**** > > cache {**** > > enable = no**** > > lifetime = 24**** > > max_entries = 255**** > > }**** > > }**** > > Module: Linked to sub-module rlm_eap_ttls**** > > Module: Instantiating eap-ttls**** > > ttls {**** > > default_eap_type = "md5"**** > > copy_request_to_tunnel = no**** > > use_tunneled_reply = no**** > > virtual_server = "inner-tunnel"**** > > }**** > > Module: Linked to sub-module rlm_eap_peap**** > > Module: Instantiating eap-peap**** > > peap {**** > > default_eap_type = "mschapv2"**** > > copy_request_to_tunnel = no**** > > use_tunneled_reply = no**** > > proxy_tunneled_request_as_eap = yes**** > > virtual_server = "inner-tunnel"**** > > }**** > > Module: Linked to sub-module rlm_eap_mschapv2**** > > Module: Instantiating eap-mschapv2**** > > mschapv2 {**** > > with_ntdomain_hack = no**** > > }**** > > Module: Checking authorize {...} for more modules to load**** > > Module: Linked to module rlm_realm**** > > Module: Instantiating suffix**** > > realm suffix {**** > > format = "suffix"**** > > delimiter = "@"**** > > ignore_default = no**** > > ignore_null = no**** > > }**** > > Module: Linked to module rlm_files**** > > Module: Instantiating files**** > > files {**** > > usersfile = "/etc/raddb/users"**** > > acctusersfile = "/etc/raddb/acct_users"**** > > preproxy_usersfile = "/etc/raddb/preproxy_users"**** > > compat = "no"**** > > }**** > > Module: Checking session {...} for more modules to load**** > > Module: Linked to module rlm_radutmp**** > > Module: Instantiating radutmp**** > > radutmp {**** > > filename = "/var/log/radius/radutmp"**** > > username = "%{User-Name}"**** > > case_sensitive = yes**** > > check_with_nas = yes**** > > perm = 384**** > > callerid = yes**** > > }**** > > Module: Checking post-proxy {...} for more modules to load**** > > Module: Checking post-auth {...} for more modules to load**** > > Module: Linked to module rlm_attr_filter**** > > Module: Instantiating attr_filter.access_reject**** > > attr_filter attr_filter.access_reject {**** > > attrsfile = "/etc/raddb/attrs.access_reject"**** > > key = "%{User-Name}"**** > > }**** > > }**** > > }**** > > modules {**** > > Module: Checking authenticate {...} for more modules to load**** > > Module: Checking authorize {...} for more modules to load**** > > Module: Linked to module rlm_preprocess**** > > Module: Instantiating preprocess**** > > preprocess {**** > > huntgroups = "/etc/raddb/huntgroups"**** > > hints = "/etc/raddb/hints"**** > > with_ascend_hack = no**** > > ascend_channels_per_line = 23**** > > with_ntdomain_hack = no**** > > with_specialix_jetstream_hack = no**** > > with_cisco_vsa_hack = no**** > > with_alvarion_vsa_hack = no**** > > }**** > > Module: Checking preacct {...} for more modules to load**** > > Module: Linked to module rlm_acct_unique**** > > Module: Instantiating acct_unique**** > > acct_unique {**** > > key = "User-Name, Acct-Session-Id, NAS-IP-Address, > Client-IP-Address, NAS-Port"**** > > }**** > > Module: Checking accounting {...} for more modules to load**** > > Module: Linked to module rlm_detail**** > > Module: Instantiating detail**** > > detail {**** > > detailfile = > "/var/log/radius/radacct/%{Client-IP-Address}/detail-%Y%m%d"**** > > header = "%t"**** > > detailperm = 384**** > > dirperm = 493**** > > locking = no**** > > log_packet_header = no**** > > }**** > > Module: Instantiating attr_filter.accounting_response**** > > attr_filter attr_filter.accounting_response {**** > > attrsfile = "/etc/raddb/attrs.accounting_response"**** > > key = "%{User-Name}"**** > > }**** > > Module: Checking session {...} for more modules to load**** > > Module: Checking post-proxy {...} for more modules to load**** > > Module: Checking post-auth {...} for more modules to load }**** > > radiusd: #### Opening IP addresses and Ports #### listen {**** > > type = "auth"**** > > ipaddr = 10.0.8.9**** > > port = 0**** > > }**** > > listen {**** > > type = "acct"**** > > ipaddr = ***** > > port = 0**** > > }**** > > Listening on authentication address 10.0.8.9 port 1812 Listening on > accounting address * port 1813 Listening on proxy address 10.0.8.9 port > 1814 Ready to process requests.**** > > ** ** > > ** ** > > In the second terminal window we ran:**** > > radtest bob hello localhost 0 testing123**** > > ** ** > > And got these results**** > > Sending Access-Request of id 186 to 127.0.0.1 port 1812**** > > User-Name = "bob"**** > > User-Password = "hello"**** > > NAS-IP-Address = 127.0.0.2**** > > NAS-Port = 0**** > > Sending Access-Request of id 186 to 127.0.0.1 port 1812**** > > User-Name = "bob"**** > > User-Password = "hello"**** > > NAS-IP-Address = 127.0.0.2**** > > NAS-Port = 0**** > > Sending Access-Request of id 186 to 127.0.0.1 port 1812**** > > User-Name = "bob"**** > > User-Password = "hello"**** > > NAS-IP-Address = 127.0.0.2**** > > NAS-Port = 0**** > > Sending Access-Request of id 186 to 127.0.0.1 port 1812**** > > User-Name = "bob"**** > > User-Password = "hello"**** > > NAS-IP-Address = 127.0.0.2**** > > NAS-Port = 0**** > > Sending Access-Request of id 186 to 127.0.0.1 port 1812**** > > User-Name = "bob"**** > > User-Password = "hello"**** > > NAS-IP-Address = 127.0.0.2**** > > NAS-Port = 0**** > > Sending Access-Request of id 186 to 127.0.0.1 port 1812**** > > User-Name = "bob"**** > > User-Password = "hello"**** > > NAS-IP-Address = 127.0.0.2**** > > NAS-Port = 0**** > > Sending Access-Request of id 186 to 127.0.0.1 port 1812**** > > User-Name = "bob"**** > > User-Password = "hello"**** > > NAS-IP-Address = 127.0.0.2**** > > NAS-Port = 0**** > > Sending Access-Request of id 186 to 127.0.0.1 port 1812**** > > User-Name = "bob"**** > > User-Password = "hello"**** > > NAS-IP-Address = 127.0.0.2**** > > NAS-Port = 0**** > > Sending Access-Request of id 186 to 127.0.0.1 port 1812**** > > User-Name = "bob"**** > > User-Password = "hello"**** > > NAS-IP-Address = 127.0.0.2**** > > NAS-Port = 0**** > > Sending Access-Request of id 186 to 127.0.0.1 port 1812**** > > User-Name = "bob"**** > > User-Password = "hello"**** > > NAS-IP-Address = 127.0.0.2**** > > NAS-Port = 0**** > > radclient: no response from server for ID 186 socket 3**** > > ** ** > > Searched for solutions to this error message, but have not been able to > find any that work. Could you please tell us what we did wrong.**** > > ** ** > > ** ** > > James M. DeLuca**** > > Network Administrator**** > > Kiski Area School District**** > > 200 Poplar St**** > > Vandergrift, PA 15690**** > > Office: 724-845-6188**** > > Cell: 724-640-4681**** > > ** ** > > - > List info/subscribe/unsubscribe? See > http://www.freeradius.org/list/users.html > >
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
