Re: [PacketFence-users] Cant' Start FreeRadius on PacketFence

Mon, 07 May 2018 06:09:47 -0700 

Hello Xavier,

when you want to test 802.1x you need to use eapol_test instead of radtest.

Regards

Fabrice



Le 2018-05-07 à 06:00, Xav Tauran via PacketFence-users a écrit :

Hello Fabrice,

Thank you for your help.
Effectivly, it was the wrong radiusd service. The correct one, works.
I configured my Cisco, and the radius on packetfence and when I try to test with the radtest command, I have this result :
[root@packetfence raddb]# radtest admin adminadmin localhost:18120 12 testing123 Sent Access-Request Id 172 from 0.0.0.0:39530 <http://0.0.0.0:39530> to 127.0.0.1:18120 <http://127.0.0.1:18120> length 75 
User-Name = "admin"
User-Password = "adminadmin"
NAS-IP-Address = 169.254.0.2
NAS-Port = 12
Message-Authenticator = 0x00
Cleartext-Password = "adminadmin"
Received Access-Reject Id 172 from 127.0.0.1:18120 <http://127.0.0.1:18120> to 0.0.0.0:0 <http://0.0.0.0:0> length 20 
(0) -: Expected Access-Accept got Access-Reject
I don't understand why I have an Access-Reject and not an Access-Accept when I try my Radius in localhost connection. 

Thank you in advance for your help.

Regards,

Xavier
2018-04-30 14:52 GMT+02:00 Fabrice Durand via PacketFence-users <packetfence-users@lists.sourceforge.net <mailto:packetfence-users@lists.sourceforge.net>>: 

    Hello Xavier,

    you are dealing with the wrong radiusd service , the correct one
    is packetfence-radiusd-auth.

    Also what you can try is the following (in /usr/local/pf/)

    radiusd -d raddb/ -n auth -fxx -l stdout

    And paste me the result.

    Regards

    Fabrice



    Le 2018-04-26 à 05:00, Xav Tauran via PacketFence-users a écrit :


    Hello everyone !
    I'm deploying a NAC solution for a customer with PacketFence. I
    use freeradius (freeradius is automatically installed with
    PacketFence).
    However, I have a problem with FreeRadius. FreeRadius doesn't
    want to start on my virtual machine. (I use Centos 7).
    I have this issue when I want to start radiuds with the radius -X
    command :

    Debugger not attached
    Refusing to start with libssl version OpenSSL 1.0.1e-fips 11 Feb
    2013 0x1000105f (1.0.1e release) (in range 1.0.1 release - 1.0.1t
    rele)
    Security advisory CVE-2016-6304 (OCSP status request extension)
    For more information
    seehttps://www.openssl.org/news/secadv/20160922.txt
    <https://www.openssl.org/news/secadv/20160922.txt>
    Once you have verified libssl has been correctly patched, set
    security.allow_vulnerable_openssl = 'CVE-2016-6304'
    Refusing to start with libssl version OpenSSL 1.0.1e-fips 11 Feb
    2013 0x1000105f (1.0.1e release) (in range 1.0.1 dev - 1.0.1f
    release)
    Security advisory CVE-2014-0160 (Heartbleed)
    For more information seehttp://heartbleed.com
    <http://heartbleed.com/>

    When I check the status of radiusd with systemctl status radiusd,
    I have this result :

    root@localhost raddb]# systemctl status radiusd
    ● radiusd.service - FreeRADIUS multi-protocol policy server
    Loaded: loaded (/usr/lib/systemd/system/radiusd.service;
    disabled; vendor preset: disabled)
    Active: inactive (dead)
    Docs: man:radiusd(8)
    man:radiusd.conf(5)
    http://wiki.freeradius.org/
    http://networkradius.com/doc/

    Can you help me ?

    Thank you very much in advance !

    Kind regards,

    Xavier TAURAN




    
------------------------------------------------------------------------------
    Check out the vibrant tech community on one of the world's most
    engaging tech sites, Slashdot.org!http://sdm.link/slashdot


    _______________________________________________
    PacketFence-users mailing list
    PacketFence-users@lists.sourceforge.net
    <mailto:PacketFence-users@lists.sourceforge.net>
    https://lists.sourceforge.net/lists/listinfo/packetfence-users
    <https://lists.sourceforge.net/lists/listinfo/packetfence-users>
-- Fabrice Durand 
    fdur...@inverse.ca <mailto:fdur...@inverse.ca>  ::  +1.514.447.4918 (x135) 
::www.inverse.ca <http://www.inverse.ca>
    Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and PacketFence 
(http://packetfence.org)


    
------------------------------------------------------------------------------
    Check out the vibrant tech community on one of the world's most
    engaging tech sites, Slashdot.org! http://sdm.link/slashdot
    _______________________________________________
    PacketFence-users mailing list
    PacketFence-users@lists.sourceforge.net
    <mailto:PacketFence-users@lists.sourceforge.net>
    https://lists.sourceforge.net/lists/listinfo/packetfence-users
    <https://lists.sourceforge.net/lists/listinfo/packetfence-users>




------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot


_______________________________________________
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users



------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Reply via email to