Sorry about the incomplete previous email, Try by adding jwinius Auth-Type = pam Cleartext-Password := xxx
Deepti On Fri, Feb 8, 2013 at 12:31 PM, Deepti kulkarni <deepti.kde...@gmail.com>wrote: > Try by adding > jwinius Cleartext-Password := xxx > > > > On Fri, Feb 8, 2013 at 11:41 AM, Jaap Winius <jwin...@umrk.nl> wrote: > >> Hi folks, >> >> Having managed to get freeradius 2.10 to run on Debian squeeze with a >> username and password defined in /etc/freeradius/users, I was hoping to >> take a step forward by getting it to authenticate users through PAM. But, >> that's not working out as I had hoped. >> >> Could sombody please tell me what's missing, or what I'm doing wrong? So >> far I have done the following: >> >> 1.) Copied a set of 4096-bit MD5 SSL certificates that were used in the >> previous configuration to the /etc/freeradius/certs directory. To generate >> them, each time I used "LongStringNumberOne" for both the input and output >> passwords. >> Among the encryption files generated are ca.pem, dh, server.key and >> server.pem. The ca.pem file was also copied to my laptop's /etc/certs >> directory and is used with wpasupplicant for testing the system. >> >> 2.) Added the following lines to the end of /etc/freeradius/clients: >> >> client 192.168.2.0/24 { >> secret = LongStringNumberTwo >> shortname = mynet >> } >> >> 3.) Added the following line to the end of /etc/freeradius/users: >> >> DEFAULT Auth-Type = Pam >> >> 4.) In /etc/freeradius/eap.conf I changed the values of the following two >> attributes to: >> >> default_eap_type = ttls >> private_key_password = LongStringNumberOne >> >> 5.) In /etc/freeradius/radiusd.conf I changed the value of the following >> attribute to: >> >> user = root >> >> 6.) In both /etc/freeradius/sites-enabled/**default and >> /etc/freeradius/sites-enabled/**inner-tunnel, I uncommented the "pam" >> entry in section "authenticate". >> >> 7.) Some sources suggest changing it, but I chose to leave the contents >> of /etc/pam.d/radiusd unmodified: >> >> @include common-auth >> @include common-account >> @include common-password >> @include common-session >> >> 8.) My NAS is a Linksys is a WRT54GS running DD-WRT v24 firmware and is >> configured as follows: >> >> Wireless Mode AP >> Wireless Network Mode Mixed >> Wireless Network Name (SSID) mynet >> Wireless Channel 6 - 2.437 GHz >> Wireless SSID Broadcast Enable >> Network Configuration Bridged >> >> Security Mode WPA2 Enterprise >> WPA Algorithms TKIP+AES >> RADIUS Server Address 192.168.2.12 >> RADIUS Server Port 1812 >> RADIUS Shared Secret LongStringNumberTwo >> Key Renewal Interval (in sec.) 3600 >> >> Unfortunately, after starting the server in debugging mode with >> "freeradius -X", my client's authentication attempts get rejected and I get >> the following output from the freeradius server: >> >> ==============================**=========== >> >> rad_recv: Access-Request packet from host 192.168.2.2 port 1025, id=0, >> length=245 >> Cleaning up request 6 ID 0 with timestamp +12 >> WARNING: !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!**!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!** >> !!!!!!!!!! >> WARNING: !! EAP session for state 0x2ecb21dd28cc340c did not finish! >> WARNING: !! Please read http://wiki.freeradius.org/ >> Certificate_Compatibility >> WARNING: !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!**!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!** >> !!!!!!!!!! >> User-Name = "jwinius" >> NAS-IP-Address = 192.168.2.2 >> Called-Station-Id = "0014bf72f676" >> Calling-Station-Id = "00110a81fb2b" >> NAS-Identifier = "0014bf72f676" >> NAS-Port = 17 >> Framed-MTU = 1400 >> State = 0x2ecb21dd28cc340c8873b5871c63**7572 >> NAS-Port-Type = Wireless-802.11 >> EAP-Message = 0x020700701500170301002073bdd7** >> 051dfb44f3caccd4c92... >> Message-Authenticator = 0x6cbe906a70bc7ee95f9ad3365a04**71b0 >> # Executing section authorize from file /etc/freeradius/sites-enabled/ >> default >> +- entering group authorize {...} >> ++[preprocess] returns ok >> ++[chap] returns noop >> ++[mschap] returns noop >> ++[digest] returns noop >> [suffix] No '@' in User-Name = "jwinius", looking up realm NULL >> [suffix] No such realm "NULL" >> ++[suffix] returns noop >> [eap] EAP packet type response id 7 length 112 >> [eap] Continuing tunnel setup. >> ++[eap] returns ok >> Found Auth-Type = EAP >> # Executing group from file /etc/freeradius/sites-enabled/**default >> +- entering group authenticate {...} >> [eap] Request found, released from the list >> [eap] EAP/ttls >> [eap] processing type ttls >> [ttls] Authenticate >> [ttls] processing EAP-TLS >> [ttls] eaptls_verify returned 7 >> [ttls] Done initial handshake >> [ttls] eaptls_process returned 7 >> [ttls] Session established. Proceeding to decode tunneled attributes. >> [ttls] Got tunneled request >> EAP-Message = 0x0201001604109f00ed2b3ff2dd51**11997f0ba6cee99e >> FreeRADIUS-Proxied-To = 127.0.0.1 >> [ttls] Sending tunneled request >> EAP-Message = 0x0201001604109f00ed2b3ff2dd51**11997f0ba6cee99e >> FreeRADIUS-Proxied-To = 127.0.0.1 >> User-Name = "jwinius" >> State = 0xdbd7fca1dbd6f80c791225e3340e**a6e4 >> server inner-tunnel { >> # Executing section authorize from file /etc/freeradius/sites-enabled/ >> inner-tunnel >> +- entering group authorize {...} >> ++[chap] returns noop >> ++[mschap] returns noop >> [suffix] No '@' in User-Name = "jwinius", looking up realm NULL >> [suffix] No such realm "NULL" >> ++[suffix] returns noop >> ++[control] returns noop >> [eap] EAP packet type response id 1 length 22 >> [eap] No EAP Start, assuming it's an on-going EAP conversation >> ++[eap] returns updated >> [files] users: Matched entry DEFAULT at line 211 >> ++[files] returns ok >> ++[expiration] returns noop >> ++[logintime] returns noop >> ++[pap] returns noop >> Found Auth-Type = EAP >> # Executing group from file /etc/freeradius/sites-enabled/**inner-tunnel >> +- entering group authenticate {...} >> [eap] Request found, released from the list >> [eap] EAP/md5 >> [eap] processing type md5 >> rlm_eap_md5: Cleartext-Password is required for EAP-MD5 authentication >> [eap] Handler failed in EAP/md5 >> [eap] Failed in EAP select >> ++[eap] returns invalid >> Failed to authenticate the user. >> } # server inner-tunnel >> [ttls] Got tunneled reply code 3 >> EAP-Message = 0x04010004 >> Message-Authenticator = 0x0000000000000000000000000000**0000 >> [ttls] Got tunneled Access-Reject >> [eap] Handler failed in EAP/ttls >> rlm_eap_ttls: Freeing handler for user jwinius >> [eap] Failed in EAP select >> ++[eap] returns invalid >> Failed to authenticate the user. >> Using Post-Auth-Type Reject >> # Executing group from file /etc/freeradius/sites-enabled/**default >> +- entering group REJECT {...} >> [attr_filter.access_reject] expand: %{User-Name} -> jwinius >> attr_filter: Matched entry DEFAULT at line 11 >> ++[attr_filter.access_reject] returns updated >> Delaying reject of request 7 for 1 seconds >> Going to the next request >> Waking up in 0.9 seconds. >> Sending delayed reject for request 7 >> Sending Access-Reject of id 0 to 192.168.2.2 port 1025 >> EAP-Message = 0x04070004 >> Message-Authenticator = 0x0000000000000000000000000000**0000 >> >> ==============================**=========== >> >> Any idea what I'm doing wrong? >> >> Thanks, >> >> Jaap >> - >> List info/subscribe/unsubscribe? See http://www.freeradius.org/** >> list/users.html <http://www.freeradius.org/list/users.html> >> > >
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html