On Mon, Jul 16, 2012 at 9:20 AM, alan buxey <a.l.m.bu...@lboro.ac.uk> wrote:
> Hi,
>
>> Issuing 'radius -X' still isn't showing anything :-(
>
> radiusd -X ?
>
> please ensure you are trying to runt he right command....
Sorry that was a typo!!
This is the output I get when command run:
radiusd: #### Opening IP addresses and Ports ####
listen {
type = "auth"
ipaddr = *
port = 0
}
listen {
type = "acct"
ipaddr = *
port = 0
}
listen {
type = "control"
listen {
socket = "/var/run/radiusd/radiusd.sock"
}
}
listen {
type = "auth"
ipaddr = 127.0.0.1
port = 18120
}
Listening on authentication address * port 1812
Listening on accounting address * port 1813
Listening on command file /var/run/radiusd/radiusd.sock
Listening on authentication address 127.0.0.1 port 18120 as server inner-tunnel
Listening on proxy address * port 1814
Ready to process requests.
>
> if you dont see anything on the output when client connection attempts are
> made,
> then you have a problem elsewhere on the network or on the NAS.... you could
> try running
>
> tcpdump -eqntl -i ethX port 1812
>
> (replace ethX with the name of your interface on which packets should be
> arriving)
Unforutnately I can't run this as the server isn't connected to the
internet or any other type of network, meaning that I can't install
it!
I guess using a USB stick I might be able to install the RPM for it
and dependencies, actually I will do this......
The setup is as such:
RADIUS Server <-> switch <-> laptop
The way the system is now I doubt it would show anything anyway??
>
>
> you can also turn on debuggin on your NAS - cisco kit has quite extensive
> 802.1X
> debugging - you should then see it sending traffic.... I suspect you may
> have
> an ACL between the management level of the switches and your server.
>
i tried this, I used 'debug radius verbose' but the log doesn't come
up with anything at all; just:
The log just shows this:
No Inactive Message Discriminator.
Console logging: level debugging, 14 messages logged, xml disabled,
filtering disabled
Monitor logging: level debugging, 0 messages logged, xml disabled,
filtering disabled
Buffer logging: level debugging, 14 messages logged, xml disabled,
filtering disabled
Exception Logging: size (4096 bytes)
Count and timestamp logging messages: disabled
File logging: disabled
Persistent logging: disabled
No active filter modules.
Trap logging: level informational, 17 message lines logged
Log Buffer (4096 bytes):
*Mar 1 00:01:13.928: %LINEPROTO-5-UPDOWN: Line protocol on Interface
Vlan1, changed state to down
*Mar 1 00:01:15.757: %SPANTREE-5-EXTENDED_SYSID: Extended SysId
enabled for type vlan
*Mar 1 00:01:19.398: %SYS-5-CONFIG_I: Configured from memory by console
*Mar 1 00:01:20.421: %SYS-5-RESTART: System restarted --
Cisco IOS Software, C3560 Software (C3560-IPSERVICESK9-M), Version
12.2(52)SE, RELEASE SOFTWARE (fc3)
Copyright (c) 1986-2009 by Cisco Systems, Inc.
Compiled Fri 25-Sep-09 08:13 by sasyamal
*Mar 1 00:01:20.438: %SSH-5-ENABLED: SSH 1.99 has been enabled
*Mar 1 00:01:22.703: %LINEPROTO-5-UPDOWN: Line protocol on Interface
GigabitEthernet0/11, changed state to up
*Mar 1 00:01:23.433: %LINEPROTO-5-UPDOWN: Line protocol on Interface
Vlan1, changed state to up
*Mar 1 00:01:24.506: %LINK-3-UPDOWN: Interface GigabitEthernet0/11,
changed state to up
*Mar 1 00:01:24.800: %LINK-3-UPDOWN: Interface GigabitEthernet0/1,
changed state to up
*Mar 1 00:01:25.807: %LINEPROTO-5-UPDOWN: Line protocol on Interface
GigabitEthernet0/1, changed state to up
*Mar 1 00:02:36.615: %LINEPROTO-5-UPDOWN: Line protocol on Interface
GigabitEthernet0/11, changed state to down
*Mar 1 00:02:40.591: %LINK-3-UPDOWN: Interface GigabitEthernet0/11,
changed state to down
*Mar 1 00:02:43.141: %LINK-3-UPDOWN: Interface GigabitEthernet0/11,
changed state to up
*Mar 1 00:02:44.148: %LINEPROTO-5-UPDOWN: Line protocol on Interface
GigabitEthernet0/11, changed state to up
which basically tells me that the vlan and interfaces are up and that's all??
>> Radius can't be this hard to get working can it?
>
> the bit you are doing should be easy. the hard part is authentication and
> policy.
>
>
> alan
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
I did change this on the switch from:
aaa authentication dot1x default group radius group test
aaa authorization network default group radius group test
aaa accounting dot1x default start-stop group radius group test
aaa accounting dot1x system start-stop group radius group test
aaa accounting network default start-stop group radius group test
to:
aaa authentication dot1x default group radius
aaa authorization network default group radius
aaa accounting dot1x default start-stop group radius
aaa accounting dot1x system start-stop group radius
aaa accounting network default start-stop group radius
but with no luck as per above :-(
Regards,
Kaya
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
