Re: Freeradius FAQ (14.3)
Hello,
So you don't have any request on your machine? Have you tried to run radtest
from a different machine (not the radius server)? Are you sure you don't
have a firewall blocking the ports used by Freeradius? Are the ports well
configured (udp 1812, etc, etc)?
If you have a firewall installed on your freeradius you should try to turn
it off that could be the reason you are not getting any request.
Ivan Barrera
- Original Message -
From: apellido jr., wilfredo p [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Sunday, August 17, 2003 4:43 AM
Subject: Freeradius FAQ (14.3)
After succesfull testing of my radius using radtest, i
tried to test using dial-up connection. It will say
the computer you are dialling cannot establish dial-up
connection. The problem is according to freeradius FAQ
14.3. The NAS has no idea which RADIUS server you use.
I run tcpdump udp on localhost here's the output:
16:27:33.075451 portmaster.mactan.ph.router
203.177.22.191.router: RIPv1-resp [items 9]:
{dialup-008.mactan.ph}(1) {dialup-
16:27:34.013197 CM-14D.mactan.ph.1046
mail.mactan.ph.domain: 3373+ PTR?
188.22.177.203.in-addr.arpa. (45)
16:27:34.013892 mail.mactan.ph.domain
CM-14D.mactan.ph.1046: 3373* 1/1/1 (135)
16:27:34.014250 CM-14D.mactan.ph.1047
mail.mactan.ph.domain: 3374+ PTR?
160.22.177.203.in-addr.arpa. (45)
16:27:34.014909 mail.mactan.ph.domain
CM-14D.mactan.ph.1047: 3374* 1/1/1 (135)
16:27:34.015109 CM-14D.mactan.ph.1048
mail.mactan.ph.domain: 3375+ PTR?
163.22.177.203.in-addr.arpa. (45)
16:27:34.015766 mail.mactan.ph.domain
CM-14D.mactan.ph.1048: 3375* 1/1/1 (135)
16:27:35.012533 CM-14D.mactan.ph.1049
mail.mactan.ph.domain: 3376+ PTR?
151.22.177.203.in-addr.arpa. (45)
16:27:35.013226 mail.mactan.ph.domain
CM-14D.mactan.ph.1049: 3376* 2/1/1[|domain]
16:28:05.050417 portmaster.mactan.ph.router
203.177.22.191.router: RIPv1-resp [items 9]:
{dialup-008.mactan.ph}(1) {dialup-
16:28:36.915323 portmaster.mactan.ph.router
203.177.22.191.router: RIPv1-resp [items 9]:
{dialup-008.mactan.ph}(1) {dialup-
16:28:46.223213 210.23.208.159.1050
CM-14D.mactan.ph.netbios-ns: NBT UDP PACKET(137):
QUERY; REQUEST; BROADCAST
16:28:47.013783 CM-14D.mactan.ph.1050
mail.mactan.ph.domain: 3377+ PTR?
159.208.23.210.in-addr.arpa. (45)
16:28:47.305273 mail.mactan.ph.domain
CM-14D.mactan.ph.1050: 3377 NXDomain* 0/1/0 (134)
16:29:08.889632 portmaster.mactan.ph.router
203.177.22.191.router: RIPv1-resp [items 9]:
{dialup-008.mactan.ph}(1) {dialup-
16:29:40.864544 portmaster.mactan.ph.router
203.177.22.191.router: RIPv1-resp [items 9]:
{dialup-008.mactan.ph}(1) {dialup-
16:30:12.729307 portmaster.mactan.ph.router
203.177.22.191.router: RIPv1-resp [items 9]:
{dialup-008.mactan.ph}(1) {dialup-
16:30:24.265651 portmaster.mactan.ph.router
203.177.22.191.router: RIPv1-resp [items 1]:
{dialup-023.mactan.ph}(16)
16:30:24.305225 CM-14D.mactan.ph.1051
mail.mactan.ph.domain: 3378+ PTR?
175.22.177.203.in-addr.arpa. (45)
16:30:24.305888 mail.mactan.ph.domain
CM-14D.mactan.ph.1051: 3378* 1/1/1 (135)
is my analysis correct? that the NAS dont know where
radius server to use? because when i try to run radius
in debugging mode, it shown nothing but if i use
radtest then here's the output:
rad_recv: Access-Request packet from host
127.0.0.1:1052, id=243, length=60
Thread 2 assigned request 1
--- Walking the entire request list ---
Cleaning up request 0 ID 213 with timestamp 3f3f3713
Nothing to do. Sleeping until we see a request.
Thread 2 handling request 1, (1 handled so far)
User-Name = apellido
User-Password = apellido
NAS-IP-Address = 255.255.255.255
NAS-Port = 0
modcall: entering group authorize
modcall[authorize]: module preprocess returns ok
modcall[authorize]: module chap returns noop
rlm_realm: No '@' in User-Name = apellido,
looking up realm NULL
rlm_realm: No such realm NULL
modcall[authorize]: module suffix returns noop
radius_xlat: 'apellido'
rlm_sql (sql): sql_set_user escaped user --
'apellido'
radius_xlat: 'SELECT id,UserName,Attribute,Value,op
FROM radcheck WHERE Username = 'apellido' ORDER BY id'
rlm_sql (sql): Reserving sql socket id: 3
radius_xlat: 'SELECT
radgroupcheck.id,radgroupcheck.GroupName,radgroupcheck.Attribute,radgroupche
ck.Value,radgroupcheck.op
FROM radgroupcheck,usergroup WHERE usergroup.Username
= 'apellido' AND usergroup.GroupName =
radgroupcheck.GroupName ORDER BY radgroupcheck.id'
radius_xlat: 'SELECT id,UserName,Attribute,Value,op
FROM radreply WHERE Username = 'apellido' ORDER BY id'
radius_xlat: 'SELECT
radgroupreply.id,radgroupreply.GroupName,radgroupreply.Attribute,radgrouprep
ly.Value,radgroupreply.op
FROM radgroupreply,usergroup WHERE usergroup.Username
= 'apellido' AND usergroup.GroupName =
radgroupreply.GroupName ORDER BY radgroupreply.id'
rlm_sql (sql): Released sql socket id: 3
modcall[authorize]: module
Freeradius FAQ (14.3)
After succesfull testing of my radius using radtest, i
tried to test using dial-up connection. It will say
the computer you are dialling cannot establish dial-up
connection. The problem is according to freeradius FAQ
14.3. The NAS has no idea which RADIUS server you use.
I run tcpdump udp on localhost here's the output:
16:27:33.075451 portmaster.mactan.ph.router
203.177.22.191.router: RIPv1-resp [items 9]:
{dialup-008.mactan.ph}(1) {dialup-
16:27:34.013197 CM-14D.mactan.ph.1046
mail.mactan.ph.domain: 3373+ PTR?
188.22.177.203.in-addr.arpa. (45)
16:27:34.013892 mail.mactan.ph.domain
CM-14D.mactan.ph.1046: 3373* 1/1/1 (135)
16:27:34.014250 CM-14D.mactan.ph.1047
mail.mactan.ph.domain: 3374+ PTR?
160.22.177.203.in-addr.arpa. (45)
16:27:34.014909 mail.mactan.ph.domain
CM-14D.mactan.ph.1047: 3374* 1/1/1 (135)
16:27:34.015109 CM-14D.mactan.ph.1048
mail.mactan.ph.domain: 3375+ PTR?
163.22.177.203.in-addr.arpa. (45)
16:27:34.015766 mail.mactan.ph.domain
CM-14D.mactan.ph.1048: 3375* 1/1/1 (135)
16:27:35.012533 CM-14D.mactan.ph.1049
mail.mactan.ph.domain: 3376+ PTR?
151.22.177.203.in-addr.arpa. (45)
16:27:35.013226 mail.mactan.ph.domain
CM-14D.mactan.ph.1049: 3376* 2/1/1[|domain]
16:28:05.050417 portmaster.mactan.ph.router
203.177.22.191.router: RIPv1-resp [items 9]:
{dialup-008.mactan.ph}(1) {dialup-
16:28:36.915323 portmaster.mactan.ph.router
203.177.22.191.router: RIPv1-resp [items 9]:
{dialup-008.mactan.ph}(1) {dialup-
16:28:46.223213 210.23.208.159.1050
CM-14D.mactan.ph.netbios-ns: NBT UDP PACKET(137):
QUERY; REQUEST; BROADCAST
16:28:47.013783 CM-14D.mactan.ph.1050
mail.mactan.ph.domain: 3377+ PTR?
159.208.23.210.in-addr.arpa. (45)
16:28:47.305273 mail.mactan.ph.domain
CM-14D.mactan.ph.1050: 3377 NXDomain* 0/1/0 (134)
16:29:08.889632 portmaster.mactan.ph.router
203.177.22.191.router: RIPv1-resp [items 9]:
{dialup-008.mactan.ph}(1) {dialup-
16:29:40.864544 portmaster.mactan.ph.router
203.177.22.191.router: RIPv1-resp [items 9]:
{dialup-008.mactan.ph}(1) {dialup-
16:30:12.729307 portmaster.mactan.ph.router
203.177.22.191.router: RIPv1-resp [items 9]:
{dialup-008.mactan.ph}(1) {dialup-
16:30:24.265651 portmaster.mactan.ph.router
203.177.22.191.router: RIPv1-resp [items 1]:
{dialup-023.mactan.ph}(16)
16:30:24.305225 CM-14D.mactan.ph.1051
mail.mactan.ph.domain: 3378+ PTR?
175.22.177.203.in-addr.arpa. (45)
16:30:24.305888 mail.mactan.ph.domain
CM-14D.mactan.ph.1051: 3378* 1/1/1 (135)
is my analysis correct? that the NAS dont know where
radius server to use? because when i try to run radius
in debugging mode, it shown nothing but if i use
radtest then here's the output:
rad_recv: Access-Request packet from host
127.0.0.1:1052, id=243, length=60
Thread 2 assigned request 1
--- Walking the entire request list ---
Cleaning up request 0 ID 213 with timestamp 3f3f3713
Nothing to do. Sleeping until we see a request.
Thread 2 handling request 1, (1 handled so far)
User-Name = apellido
User-Password = apellido
NAS-IP-Address = 255.255.255.255
NAS-Port = 0
modcall: entering group authorize
modcall[authorize]: module preprocess returns ok
modcall[authorize]: module chap returns noop
rlm_realm: No '@' in User-Name = apellido,
looking up realm NULL
rlm_realm: No such realm NULL
modcall[authorize]: module suffix returns noop
radius_xlat: 'apellido'
rlm_sql (sql): sql_set_user escaped user --
'apellido'
radius_xlat: 'SELECT id,UserName,Attribute,Value,op
FROM radcheck WHERE Username = 'apellido' ORDER BY id'
rlm_sql (sql): Reserving sql socket id: 3
radius_xlat: 'SELECT
radgroupcheck.id,radgroupcheck.GroupName,radgroupcheck.Attribute,radgroupcheck.Value,radgroupcheck.op
FROM radgroupcheck,usergroup WHERE usergroup.Username
= 'apellido' AND usergroup.GroupName =
radgroupcheck.GroupName ORDER BY radgroupcheck.id'
radius_xlat: 'SELECT id,UserName,Attribute,Value,op
FROM radreply WHERE Username = 'apellido' ORDER BY id'
radius_xlat: 'SELECT
radgroupreply.id,radgroupreply.GroupName,radgroupreply.Attribute,radgroupreply.Value,radgroupreply.op
FROM radgroupreply,usergroup WHERE usergroup.Username
= 'apellido' AND usergroup.GroupName =
radgroupreply.GroupName ORDER BY radgroupreply.id'
rlm_sql (sql): Released sql socket id: 3
modcall[authorize]: module sql returns ok
modcall[authorize]: module mschap returns noop
modcall: group authorize returns ok
auth: type Local
auth: user supplied User-Password matches local
User-Password
Login OK: [apellido/apellido] (from client localhost
port 0)
Sending Access-Accept of id 243 to 127.0.0.1:1052
Framed-Compression = Van-Jacobson-TCP-IP
Framed-Protocol = PPP
Service-Type = Framed-User
Framed-MTU = 1500
Finished request 1
Going to the next request
Thread 2 waiting to be assigned a request
what attributes im missing? thanks in advance
=
[ apellido jr., wilfredo p. ]
+63 034 4880-449
If you can't hear me, it's because i'm in parentheses
