Re: Freeradius FAQ (14.3)
Hello, So you don't have any request on your machine? Have you tried to run radtest from a different machine (not the radius server)? Are you sure you don't have a firewall blocking the ports used by Freeradius? Are the ports well configured (udp 1812, etc, etc)? If you have a firewall installed on your freeradius you should try to turn it off that could be the reason you are not getting any request. Ivan Barrera - Original Message - From: apellido jr., wilfredo p [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Sunday, August 17, 2003 4:43 AM Subject: Freeradius FAQ (14.3) After succesfull testing of my radius using radtest, i tried to test using dial-up connection. It will say the computer you are dialling cannot establish dial-up connection. The problem is according to freeradius FAQ 14.3. The NAS has no idea which RADIUS server you use. I run tcpdump udp on localhost here's the output: 16:27:33.075451 portmaster.mactan.ph.router 203.177.22.191.router: RIPv1-resp [items 9]: {dialup-008.mactan.ph}(1) {dialup- 16:27:34.013197 CM-14D.mactan.ph.1046 mail.mactan.ph.domain: 3373+ PTR? 188.22.177.203.in-addr.arpa. (45) 16:27:34.013892 mail.mactan.ph.domain CM-14D.mactan.ph.1046: 3373* 1/1/1 (135) 16:27:34.014250 CM-14D.mactan.ph.1047 mail.mactan.ph.domain: 3374+ PTR? 160.22.177.203.in-addr.arpa. (45) 16:27:34.014909 mail.mactan.ph.domain CM-14D.mactan.ph.1047: 3374* 1/1/1 (135) 16:27:34.015109 CM-14D.mactan.ph.1048 mail.mactan.ph.domain: 3375+ PTR? 163.22.177.203.in-addr.arpa. (45) 16:27:34.015766 mail.mactan.ph.domain CM-14D.mactan.ph.1048: 3375* 1/1/1 (135) 16:27:35.012533 CM-14D.mactan.ph.1049 mail.mactan.ph.domain: 3376+ PTR? 151.22.177.203.in-addr.arpa. (45) 16:27:35.013226 mail.mactan.ph.domain CM-14D.mactan.ph.1049: 3376* 2/1/1[|domain] 16:28:05.050417 portmaster.mactan.ph.router 203.177.22.191.router: RIPv1-resp [items 9]: {dialup-008.mactan.ph}(1) {dialup- 16:28:36.915323 portmaster.mactan.ph.router 203.177.22.191.router: RIPv1-resp [items 9]: {dialup-008.mactan.ph}(1) {dialup- 16:28:46.223213 210.23.208.159.1050 CM-14D.mactan.ph.netbios-ns: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST 16:28:47.013783 CM-14D.mactan.ph.1050 mail.mactan.ph.domain: 3377+ PTR? 159.208.23.210.in-addr.arpa. (45) 16:28:47.305273 mail.mactan.ph.domain CM-14D.mactan.ph.1050: 3377 NXDomain* 0/1/0 (134) 16:29:08.889632 portmaster.mactan.ph.router 203.177.22.191.router: RIPv1-resp [items 9]: {dialup-008.mactan.ph}(1) {dialup- 16:29:40.864544 portmaster.mactan.ph.router 203.177.22.191.router: RIPv1-resp [items 9]: {dialup-008.mactan.ph}(1) {dialup- 16:30:12.729307 portmaster.mactan.ph.router 203.177.22.191.router: RIPv1-resp [items 9]: {dialup-008.mactan.ph}(1) {dialup- 16:30:24.265651 portmaster.mactan.ph.router 203.177.22.191.router: RIPv1-resp [items 1]: {dialup-023.mactan.ph}(16) 16:30:24.305225 CM-14D.mactan.ph.1051 mail.mactan.ph.domain: 3378+ PTR? 175.22.177.203.in-addr.arpa. (45) 16:30:24.305888 mail.mactan.ph.domain CM-14D.mactan.ph.1051: 3378* 1/1/1 (135) is my analysis correct? that the NAS dont know where radius server to use? because when i try to run radius in debugging mode, it shown nothing but if i use radtest then here's the output: rad_recv: Access-Request packet from host 127.0.0.1:1052, id=243, length=60 Thread 2 assigned request 1 --- Walking the entire request list --- Cleaning up request 0 ID 213 with timestamp 3f3f3713 Nothing to do. Sleeping until we see a request. Thread 2 handling request 1, (1 handled so far) User-Name = apellido User-Password = apellido NAS-IP-Address = 255.255.255.255 NAS-Port = 0 modcall: entering group authorize modcall[authorize]: module preprocess returns ok modcall[authorize]: module chap returns noop rlm_realm: No '@' in User-Name = apellido, looking up realm NULL rlm_realm: No such realm NULL modcall[authorize]: module suffix returns noop radius_xlat: 'apellido' rlm_sql (sql): sql_set_user escaped user -- 'apellido' radius_xlat: 'SELECT id,UserName,Attribute,Value,op FROM radcheck WHERE Username = 'apellido' ORDER BY id' rlm_sql (sql): Reserving sql socket id: 3 radius_xlat: 'SELECT radgroupcheck.id,radgroupcheck.GroupName,radgroupcheck.Attribute,radgroupche ck.Value,radgroupcheck.op FROM radgroupcheck,usergroup WHERE usergroup.Username = 'apellido' AND usergroup.GroupName = radgroupcheck.GroupName ORDER BY radgroupcheck.id' radius_xlat: 'SELECT id,UserName,Attribute,Value,op FROM radreply WHERE Username = 'apellido' ORDER BY id' radius_xlat: 'SELECT radgroupreply.id,radgroupreply.GroupName,radgroupreply.Attribute,radgrouprep ly.Value,radgroupreply.op FROM radgroupreply,usergroup WHERE usergroup.Username = 'apellido' AND usergroup.GroupName = radgroupreply.GroupName ORDER BY radgroupreply.id' rlm_sql (sql): Released sql socket id: 3 modcall[authorize]: module
Freeradius FAQ (14.3)
After succesfull testing of my radius using radtest, i tried to test using dial-up connection. It will say the computer you are dialling cannot establish dial-up connection. The problem is according to freeradius FAQ 14.3. The NAS has no idea which RADIUS server you use. I run tcpdump udp on localhost here's the output: 16:27:33.075451 portmaster.mactan.ph.router 203.177.22.191.router: RIPv1-resp [items 9]: {dialup-008.mactan.ph}(1) {dialup- 16:27:34.013197 CM-14D.mactan.ph.1046 mail.mactan.ph.domain: 3373+ PTR? 188.22.177.203.in-addr.arpa. (45) 16:27:34.013892 mail.mactan.ph.domain CM-14D.mactan.ph.1046: 3373* 1/1/1 (135) 16:27:34.014250 CM-14D.mactan.ph.1047 mail.mactan.ph.domain: 3374+ PTR? 160.22.177.203.in-addr.arpa. (45) 16:27:34.014909 mail.mactan.ph.domain CM-14D.mactan.ph.1047: 3374* 1/1/1 (135) 16:27:34.015109 CM-14D.mactan.ph.1048 mail.mactan.ph.domain: 3375+ PTR? 163.22.177.203.in-addr.arpa. (45) 16:27:34.015766 mail.mactan.ph.domain CM-14D.mactan.ph.1048: 3375* 1/1/1 (135) 16:27:35.012533 CM-14D.mactan.ph.1049 mail.mactan.ph.domain: 3376+ PTR? 151.22.177.203.in-addr.arpa. (45) 16:27:35.013226 mail.mactan.ph.domain CM-14D.mactan.ph.1049: 3376* 2/1/1[|domain] 16:28:05.050417 portmaster.mactan.ph.router 203.177.22.191.router: RIPv1-resp [items 9]: {dialup-008.mactan.ph}(1) {dialup- 16:28:36.915323 portmaster.mactan.ph.router 203.177.22.191.router: RIPv1-resp [items 9]: {dialup-008.mactan.ph}(1) {dialup- 16:28:46.223213 210.23.208.159.1050 CM-14D.mactan.ph.netbios-ns: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST 16:28:47.013783 CM-14D.mactan.ph.1050 mail.mactan.ph.domain: 3377+ PTR? 159.208.23.210.in-addr.arpa. (45) 16:28:47.305273 mail.mactan.ph.domain CM-14D.mactan.ph.1050: 3377 NXDomain* 0/1/0 (134) 16:29:08.889632 portmaster.mactan.ph.router 203.177.22.191.router: RIPv1-resp [items 9]: {dialup-008.mactan.ph}(1) {dialup- 16:29:40.864544 portmaster.mactan.ph.router 203.177.22.191.router: RIPv1-resp [items 9]: {dialup-008.mactan.ph}(1) {dialup- 16:30:12.729307 portmaster.mactan.ph.router 203.177.22.191.router: RIPv1-resp [items 9]: {dialup-008.mactan.ph}(1) {dialup- 16:30:24.265651 portmaster.mactan.ph.router 203.177.22.191.router: RIPv1-resp [items 1]: {dialup-023.mactan.ph}(16) 16:30:24.305225 CM-14D.mactan.ph.1051 mail.mactan.ph.domain: 3378+ PTR? 175.22.177.203.in-addr.arpa. (45) 16:30:24.305888 mail.mactan.ph.domain CM-14D.mactan.ph.1051: 3378* 1/1/1 (135) is my analysis correct? that the NAS dont know where radius server to use? because when i try to run radius in debugging mode, it shown nothing but if i use radtest then here's the output: rad_recv: Access-Request packet from host 127.0.0.1:1052, id=243, length=60 Thread 2 assigned request 1 --- Walking the entire request list --- Cleaning up request 0 ID 213 with timestamp 3f3f3713 Nothing to do. Sleeping until we see a request. Thread 2 handling request 1, (1 handled so far) User-Name = apellido User-Password = apellido NAS-IP-Address = 255.255.255.255 NAS-Port = 0 modcall: entering group authorize modcall[authorize]: module preprocess returns ok modcall[authorize]: module chap returns noop rlm_realm: No '@' in User-Name = apellido, looking up realm NULL rlm_realm: No such realm NULL modcall[authorize]: module suffix returns noop radius_xlat: 'apellido' rlm_sql (sql): sql_set_user escaped user -- 'apellido' radius_xlat: 'SELECT id,UserName,Attribute,Value,op FROM radcheck WHERE Username = 'apellido' ORDER BY id' rlm_sql (sql): Reserving sql socket id: 3 radius_xlat: 'SELECT radgroupcheck.id,radgroupcheck.GroupName,radgroupcheck.Attribute,radgroupcheck.Value,radgroupcheck.op FROM radgroupcheck,usergroup WHERE usergroup.Username = 'apellido' AND usergroup.GroupName = radgroupcheck.GroupName ORDER BY radgroupcheck.id' radius_xlat: 'SELECT id,UserName,Attribute,Value,op FROM radreply WHERE Username = 'apellido' ORDER BY id' radius_xlat: 'SELECT radgroupreply.id,radgroupreply.GroupName,radgroupreply.Attribute,radgroupreply.Value,radgroupreply.op FROM radgroupreply,usergroup WHERE usergroup.Username = 'apellido' AND usergroup.GroupName = radgroupreply.GroupName ORDER BY radgroupreply.id' rlm_sql (sql): Released sql socket id: 3 modcall[authorize]: module sql returns ok modcall[authorize]: module mschap returns noop modcall: group authorize returns ok auth: type Local auth: user supplied User-Password matches local User-Password Login OK: [apellido/apellido] (from client localhost port 0) Sending Access-Accept of id 243 to 127.0.0.1:1052 Framed-Compression = Van-Jacobson-TCP-IP Framed-Protocol = PPP Service-Type = Framed-User Framed-MTU = 1500 Finished request 1 Going to the next request Thread 2 waiting to be assigned a request what attributes im missing? thanks in advance = [ apellido jr., wilfredo p. ] +63 034 4880-449 If you can't hear me, it's because i'm in parentheses