help in radius

2009-04-30 Thread Basant Agarwal 
Hello,
 I am installing freeradius .it is showing the error   Undefined symbol
"cbtls_password" .
 what is the problem ..?? i have installed openssl by apt-get install
openssl.


/usr/local/sbin/radiusd -X
Starting - reading configuration files ...
reread_config: reading radiusd.conf
Config: including file: /usr/local/etc/raddb/clients.conf
Config: including file: /usr/local/etc/raddb/eap.conf
Config: including file: /usr/local/etc/raddb/sql.conf
main: prefix = "/usr/local"
main: localstatedir = "/var"
main: logdir = "/var/log"
main: libdir = "/usr/local/lib"
main: radacctdir = "/var/log/radacct"
main: hostname_lookups = no
main: max_request_time = 30
main: cleanup_delay = 5
main: max_requests = 1024
main: delete_blocked_requests = 0
main: port = 0
main: allow_core_dumps = no
main: log_stripped_names = no
main: log_file = "/var/log/radius.log"
main: log_auth = no
main: log_auth_badpass = no
main: log_auth_goodpass = no
main: pidfile = "/var/run/radiusd/radiusd.pid"
main: user = "(null)"
main: group = "(null)"
main: usercollide = no
main: lower_user = "no"
main: lower_pass = "no"
main: nospace_user = "no"
main: nospace_pass = "no"
main: checkrad = "/usr/local/sbin/checkrad"
main: proxy_requests = no
security: max_attributes = 200
security: reject_delay = 1
security: status_server = no
main: debug_level = 0
read_config_files: reading dictionary
read_config_files: reading naslist
read_config_files: reading clients
read_config_files: reading realms
radiusd: entering modules setup
Module: Library search path is /usr/local/lib
Module: Loaded exec
exec: wait = yes
exec: program = "(null)"
exec: input_pairs = "request"
exec: output_pairs = "(null)"
exec: packet_type = "(null)"
rlm_exec: Wait=yes but no output defined. Did you mean output=none?
Module: Instantiated exec (exec)
Module: Loaded expr
Module: Instantiated expr (expr)
Module: Loaded MS-CHAP
mschap: use_mppe = yes
mschap: require_encryption = no
mschap: require_strong = no
mschap: with_ntdomain_hack = no
mschap: passwd = "(null)"
mschap: authtype = "MS-CHAP"
mschap: ntlm_auth = "(null)"
Module: Instantiated mschap (mschap)
Module: Loaded eap
eap: default_eap_type = "peap"
eap: timer_expire = 60
eap: ignore_unknown_eap_types = no
eap: cisco_accounting_username_bug = no
rlm_eap: Failed to link EAP-Type/tls:
/usr/local/lib/rlm_eap_tls-1.1.1.so: Undefined symbol "cbtls_password"
radiusd.conf[9]: eap: Module instantiation failed.
radiusd.conf[1893] Unknown module "eap".
radiusd.conf[1840] Failed to parse authenticate section.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

help for radius

2009-04-13 Thread Basant Agarwal 
Hello ,
 Please let me know .. Is it compulsory to configure EAP/PEAP . Since our
end user have windows xp /vista .. Or it will work with
 EAP -md5 (that is default configuration , without any change after
installation ...!!) also ..??

thanks.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Help for radius configuration

2009-04-13 Thread Basant Agarwal 
Hello ,  I want to install freeradius server for the authentic wifi users ,
whose database is stored in ldap server ..Users who will use the wifi are
mostly windows xp /vista users.

what i have tried:
(1) Install openssl by apt-get install command ... (Also By the source code
by the commands ./configure make make make install)
(2) installed freeradius-1.1.7
./configure
make
make install
(3) used default configuration and added  one entry in the users file ..

(Also tried for installing with apt-get install freeradius freeradius-ldap
freeradius-eappeap .. )
It worked well with radtest from localhost .. But when i try from laptop
..it does not work ..

After That i tried to configure eap type peap since i came to know that
windows xp /vista support EAP/PEAP for wifi authentication .
with this configuration also radtest works well ...but from laptop it does
not work

(4) I receive the following request from AP

Message-Authenticator = 0x3f459af06e42a2a0b7cf9c1d80092e31
Service-Type = Framed-User
User-Name = "testap"
Framed-MTU = 1488
Called-Station-Id = "00-15-E9-C9-F3-80:MNIT-DC-AP"
Calling-Station-Id = "00-16-6F-7C-DB-2D"
NAS-Identifier = "D-link Corp. Access Point"
NAS-Port-Type = Wireless-802.11
Connect-Info = "CONNECT 54Mbps 802.11g"
EAP-Message = 0x020b01746573746170
NAS-IP-Address = 172.16.1.80
NAS-Port = 1
NAS-Port-Id = "STA port # 1"

I want to ask you that how radius server with get authentic the user since
it is not getting user password  or hashed password ..??



(4) I have tried all the above process for the freearadius-2.1.4 also ,
 (When i try to install freeradius-2.1.4  it does not include eap/peap
even i have installed openssl previously ... No problem with
freeradius-1.1.7)

 I have tried  all installation  on debian/ubuntu/deepofix.

I want to ask .. Is this compulsory to configure EAP/PEAP since our end
users would have windows xp/ vista ..??
what will be basic configuration ..??


I am sorry .. i am not posting any debug output here .. reason is -- i have
been posted those already ,  got solutions for that but still i am not
getting things working.. probably i got things wrong hence i am posting all
things which i need ..
Please give your views on what i have understood wrong ..!! and what should
i do ..??
Please provide me the steps for this scenario ...!!!
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Help userpassword attribute requird

2009-04-11 Thread Basant Agarwal 
Hello,
 I am using freeradius-1.1.7 . i am using the default configuration with a
local user whose entry is in users file .
now when i try from localhost it works..
 But when i try from laptop it shows error that user password attribute
requird ..!!!

what should i do...?

rad_recv: Access-Request packet from host 172.16.1.205:3072, id=0,
length=125
User-Name = "basant"
NAS-IP-Address = 172.16.1.205
Called-Station-Id = "001a70aa5bee"
Calling-Station-Id = "001b777bdffa"
NAS-Identifier = "001a70aa5bee"
NAS-Port = 30
Framed-MTU = 1400
NAS-Port-Type = Wireless-802.11
EAP-Message = 0x0202000b01626173616e74
Message-Authenticator = 0xda9d5f6bde06b199a7cbb321e26604cc
  Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 0
  modcall[authorize]: module "preprocess" returns ok for request 0
  modcall[authorize]: module "mschap" returns noop for request 0
rlm_realm: No '@' in User-Name = "basant", looking up realm NULL
rlm_realm: No such realm "NULL"
  modcall[authorize]: module "suffix" returns noop for request 0
  rlm_eap: EAP packet type response id 2 length 11
  rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
  modcall[authorize]: module "eap" returns updated for request 0
users: Matched entry basant at line 100
  modcall[authorize]: module "files" returns ok for request 0
modcall: leaving group authorize (returns updated) for request 0
  rad_check_password:  Found Auth-Type Local
auth: type Local
auth: No User-Password or CHAP-Password attribute in the request
auth: Failed to validate the user.
Delaying request 0 for 1 seconds
Finished request 0
Going to the next request
--- Walking the entire request list ---
Waking up in 1 seconds...
--- Walking the entire request list ---
Waking up in 1 seconds...
--- Walking the entire request list ---
Sending Access-Reject of id 0 to 172.16.1.205 port 3072
Waking up in 4 seconds...
--- Walking the entire request list ---
Cleaning up request 0 ID 0 with timestamp 49dffaf3
Nothing to do.  Sleeping until we see a request.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

cofiguration on client

2009-04-09 Thread Basant Agarwal 
Hello ,
   I am trying to use freeradius1.1.7 with ldap . Now when i try to
authenticate user from localhost , it works but when i try from laptop it
does not work . . it shows User-Password attribute required .. I tried to
remove AUTH TYPE = LDAP as alan suggested but i am not
things work .. it shows error in even running the server ...!!
 Please help me ..Probably i could not understand the thing alan wanted me
to do ..!!

Please be more elaborate on the topic ...!!!

Thanks and Regards,
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

user-Password required for ldap radius

2009-04-02 Thread Basant Agarwal 
Hello,  I am trying to authenticate wifi users for wireless network ... for
this i am using freeradius with ldap...
 When we run radtest on localhost, it is able to get authorised and
authenticated .. it works fine but when i try from laptop(windows ) then it
rejects the same user...
please let me know what to do ...??


here is the debug output ..

Ready to process requests.
rad_recv: Access-Request packet from host 172.16.1.80:1122, id=0, length=204
Message-Authenticator = 0x3f459af06e42a2a0b7cf9c1d80092e31
Service-Type = Framed-User
User-Name = "testap"
Framed-MTU = 1488
Called-Station-Id = "00-15-E9-C9-F3-80:MNIT-DC-AP"
Calling-Station-Id = "00-16-6F-7C-DB-2D"
NAS-Identifier = "D-link Corp. Access Point"
NAS-Port-Type = Wireless-802.11
Connect-Info = "CONNECT 54Mbps 802.11g"
EAP-Message = 0x020b01746573746170
NAS-IP-Address = 172.16.1.80
NAS-Port = 1
NAS-Port-Id = "STA port # 1"
  Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 0
  modcall[authorize]: module "preprocess" returns ok for request 0
  modcall[authorize]: module "chap" returns noop for request 0
  modcall[authorize]: module "mschap" returns noop for request 0
rlm_realm: No '@' in User-Name = "testap", looking up realm NULL
rlm_realm: No such realm "NULL"
  modcall[authorize]: module "suffix" returns noop for request 0
  rlm_eap: EAP packet type response id 0 length 11
  rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
  modcall[authorize]: module "eap" returns updated for request 0
users: Matched entry DEFAULT at line 153
users: Matched entry DEFAULT at line 159
users: Matched entry DEFAULT at line 177
  modcall[authorize]: module "files" returns ok for request 0
rlm_ldap: - authorize
rlm_ldap: performing user authorization for testap
radius_xlat:  '(uid=testap)'
radius_xlat:  'dc=mnit,dc=ac,dc=in'
rlm_ldap: ldap_get_conn: Checking Id: 0
rlm_ldap: ldap_get_conn: Got Id: 0
rlm_ldap: attempting LDAP reconnection
rlm_ldap: (re)connect to 172.16.1.20:389, authentication 0
rlm_ldap: bind as uid=admin,ou=people,dc=mnit,dc=ac,dc=in/system to
172.16.1.20:389
rlm_ldap: waiting for bind result ...
rlm_ldap: Bind was successful
rlm_ldap: performing search in dc=mnit,dc=ac,dc=in, with filter
(uid=testap)
rlm_ldap: looking for check items in directory...
rlm_ldap: looking for reply items in directory...
rlm_ldap: user testap authorized to use remote access
rlm_ldap: ldap_release_conn: Release Id: 0
  modcall[authorize]: module "ldap" returns ok for request 0
rlm_pap: WARNING! No "known good" password found for the user.
Authentication may fail because of this.
  modcall[authorize]: module "pap" returns noop for request 0
modcall: leaving group authorize (returns updated) for request 0
  rad_check_password:  Found Auth-Type ldap
auth: type "LDAP"
  Processing the authenticate section of radiusd.conf
modcall: entering group LDAP for request 0
rlm_ldap: - authenticate
rlm_ldap: Attribute "User-Password" is required for authentication.
  modcall[authenticate]: module "ldap" returns invalid for request 0
modcall: leaving group LDAP (returns invalid) for request 0
auth: Failed to validate the user.
Delaying request 0 for 1 seconds
Finished request 0
Going to the next request
--- Walking the entire request list ---
Waking up in 1 seconds...
--- Walking the entire request list ---
Waking up in 1 seconds...
--- Walking the entire request list ---
Sending Access-Reject of id 0 to 172.16.1.80  port 1122
Waking up in 4 seconds...
--- Walking the entire request list ---
Cleaning up request 0 ID 0 with timestamp 46b1b8cb
Nothing to do.  Sleeping until we see a request.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

freeradius help

2009-04-01 Thread Basant Agarwal 
Hello ,
   I am using Freeradius-1.1.7 with ldap , i am being able to authenticate
users when i run radtest , those who are in my ldap directory, but i am
unable to authenticate the same authenticate users when i try from the
laptop(wifi ) .
What should i do ..

 here the debug mode when i try from radtest

rad_recv: Access-Request packet from host 127.0.0.1:2050, id=203, length=58
User-Name = "basant"
User-Password = "basant"
NAS-IP-Address = 255.255.255.255
NAS-Port = 0
  Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 0
  modcall[authorize]: module "preprocess" returns ok for request 0
  modcall[authorize]: module "mschap" returns noop for request 0
rlm_realm: No '@' in User-Name = "basant", looking up realm NULL
rlm_realm: No such realm "NULL"
  modcall[authorize]: module "suffix" returns noop for request 0
users: Matched entry DEFAULT at line 152
  modcall[authorize]: module "files" returns ok for request 0
rlm_ldap: - authorize
rlm_ldap: performing user authorization for basant
radius_xlat:  '(cn=basant)'
radius_xlat:  'ou=radius,dc=basant,dc=com'
rlm_ldap: ldap_get_conn: Checking Id: 0
rlm_ldap: ldap_get_conn: Got Id: 0
rlm_ldap: attempting LDAP reconnection
rlm_ldap: (re)connect to localhost:389, authentication 0
rlm_ldap: bind as cn=admin,dc=basant,dc=com/basant to localhost:389
rlm_ldap: waiting for bind result ...
rlm_ldap: Bind was successful
rlm_ldap: performing search in ou=radius,dc=basant,dc=com, with filter
(cn=basant)
rlm_ldap: checking if remote access for basant is allowed by cn
rlm_ldap: looking for check items in directory...
rlm_ldap: looking for reply items in directory...
rlm_ldap: user basant authorized to use remote access
rlm_ldap: ldap_release_conn: Release Id: 0
  modcall[authorize]: module "ldap" returns ok for request 0
modcall: leaving group authorize (returns ok) for request 0
  rad_check_password:  Found Auth-Type LDAP
auth: type "LDAP"
  Processing the authenticate section of radiusd.conf
modcall: entering group LDAP for request 0
rlm_ldap: - authenticate
rlm_ldap: login attempt by "basant" with password "basant"
rlm_ldap: user DN: cn=basant,ou=admins,ou=radius,dc=basant,dc=com
rlm_ldap: (re)connect to localhost:389, authentication 1
rlm_ldap: bind as cn=basant,ou=admins,ou=radius,dc=basant,dc=com/basant to
localhost:389
rlm_ldap: waiting for bind result ...
rlm_ldap: Bind was successful
rlm_ldap: user basant authenticated succesfully
  modcall[authenticate]: module "ldap" returns ok for request 0
modcall: leaving group LDAP (returns ok) for request 0
  Processing the post-auth section of radiusd.conf
modcall: entering group post-auth for request 0
  modcall[post-auth]: module "ldap" returns noop for request 0
modcall: leaving group post-auth (returns noop) for request 0
Sending Access-Accept of id 203 to 127.0.0.1 port 2050
Finished request 0
Going to the next request
--- Walking the entire request list ---
Waking up in 6 seconds...
--- Walking the entire request list ---
Cleaning up request 0 ID 203 with timestamp 49d36e19
Nothing to do.  Sleeping until we see a request.





-(Above output is of, when i run the same FR server on virtual machine,
result are same as when i do the same radtest on the server which is used
below but name of users, password, and LDAP server name are different, )

Here the debug mode output when i try to test from the labtop --

rad_recv: Access-Request packet from host 172.16.1.205:3072, id=0,
length=129
User-Name = "easypush"
NAS-IP-Address = 172.16.1.205
Called-Station-Id = "001a70aa5bee"
Calling-Station-Id = "0021002ca72e"
NAS-Identifier = "001a70aa5bee"
NAS-Port = 37
Framed-MTU = 1400
NAS-Port-Type = Wireless-802.11
EAP-Message = 0x020d016561737970757368
Message-Authenticator = 0x19517eaaaf0d384f55a94c110166d9a7
  Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 0
  modcall[authorize]: module "preprocess" returns ok for request 0
  modcall[authorize]: module "chap" returns noop for request 0
  modcall[authorize]: module "mschap" returns noop for request 0
rlm_realm: No '@' in User-Name = "easypush", looking up realm NULL
rlm_realm: No such realm "NULL"
  modcall[authorize]: module "suffix" returns noop for request 0
  rlm_eap: EAP packet type response id 0 length 13
  rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
  modcall[authorize]: module "eap" returns updated for request 0
users: Matched entry DEFAULT at line 152
  modcall[authorize]: module "files" returns ok for request 0
rlm_ldap: - authorize
rlm_ldap: performing user authorization for easypush
radius_xlat:  '(uid=easypush)'
radius_xlat:  'ou=people,dc=mnit,dc=ac,dc=in'
rlm_ldap: ldap_get_conn: Checking Id: 0
rlm_ldap: ldap_get_conn: Got Id: 0
rlm_ldap: attempting LDAP reconnection
rlm_ldap: (re)connect to 172.16.1.150:389, aut