MAC based Vlan problem
Hi, we're using freeradius to switch different computer into various vlans on our switches. We have had a working configuration for freeradius 1.x, but for 2.1.6 (running on SLES) this configuration is working different. We're including a file looking like this: --- # VLAN 14 # # DEFAULT Tunnel-Private-Group-ID = 14, Foundry-802_1x-enable = 0, Fall-Through = 1 # aaabbbcccddd User-Password == aaabbbcccddd # VLAN 15 # # DEFAULT Tunnel-Private-Group-ID = 15, Foundry-802_1x-enable = 0, Fall-Through = 1 # bbbcccdddaaa User-Password == bbbcccdddaaa --- On the new freeradius *all* valid mac addresses are getting the vlan Tunnel-Private-Group-ID from the first statement. All other vlan id's are ignored. The advantage was, to group all mac according to the vlan-id. Now you have to add all settings to each mac Is there a way to group the mac addresses with one header ? -- Bye, Peer _ Max-Planck-Institut fuer Biogeochemie Dr. Peer-Joachim Koch Hans-Knöll Str.10Telefon: ++49 3641 57-6705 D-07745 Jena Telefax: ++49 3641 57-7705 attachment: pkoch.vcf smime.p7s Description: S/MIME Cryptographic Signature - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
802.1x+WLAN and radtest
Hi, we are using one radius server for external users to get access to a 802.1x WLAN. The radius server is configured to look for the domain and only answer local request or form our domain. Everything else is forwareded to central instance (using the proxy.conf). Now I have a strange problem: When I use our local domain radtest and the WLAN is working fine. When I try to use an external domain account, radtest tells OK, but using the same account for the WLAN will fail. How can I debug this error ? -- Bye, Peer _ Max-Planck-Institut fuer Biogeochemie Dr. Peer-Joachim Koch Hans-Knöll Str.10Telefon: ++49 3641 57-6705 D-07745 Jena Telefax: ++49 3641 57-7705 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: 802.1x+WLAN and radtest
Hi, enclose the output from radiusd -X first using radtest, the switching on the WLAN with the same useranme and password: =radiusd -X out rad_recv: Access-Request packet from host 141.5.16.151:2234, id=228, length=68 User-Name = [EMAIL PROTECTED] User-Password = PASSWD NAS-IP-Address = 255.255.255.255 NAS-Port = 1 Processing the authorize section of radiusd.conf modcall: entering group authorize for request 7 modcall[authorize]: module preprocess returns ok for request 7 radius_xlat: '/var/log/radius/radacct/141.5.16.151/auth-detail-20080423' rlm_detail: /var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d expands to /var/log/radius/radacct/141.5.16.151/auth-detail-20080423 modcall[authorize]: module auth_log returns ok for request 7 modcall[authorize]: module mschap returns noop for request 7 rlm_realm: Looking up realm ice.mpg.de for User-Name = [EMAIL PROTECTED] rlm_realm: Found realm DEFAULT rlm_realm: Proxying request from user pkoch to realm DEFAULT rlm_realm: Adding Realm = DEFAULT rlm_realm: Preparing to proxy authentication request to realm DEFAULT modcall[authorize]: module suffix returns updated for request 7 rlm_eap: No EAP-Message, not doing EAP modcall[authorize]: module eap returns noop for request 7 modcall[authorize]: module files returns notfound for request 7 rlm_ldap: - authorize rlm_ldap: performing user authorization for [EMAIL PROTECTED] radius_xlat: 'uid=_' radius_xlat: 'dc=bgc-jena, dc=mpg, dc=de' rlm_ldap: ldap_get_conn: Checking Id: 0 rlm_ldap: ldap_get_conn: Got Id: 0 rlm_ldap: performing search in dc=bgc-jena, dc=mpg, dc=de, with filter uid=_ rlm_ldap: object not found or got ambiguous search result rlm_ldap: search failed rlm_ldap: ldap_release_conn: Release Id: 0 modcall[authorize]: module ldap returns notfound for request 7 modcall: leaving group authorize (returns updated) for request 7 Sending Access-Request of id 6 to 193.174.75.134 port 1812 User-Name = [EMAIL PROTECTED] User-Password = PASSWD NAS-IP-Address = 255.255.255.255 NAS-Port = 1 Proxy-State = 0x323238 --- Walking the entire request list --- Waking up in 6 seconds... rad_recv: Access-Accept packet from host 193.174.75.134:1812, id=6, length=25 Proxy-State = 0x323238 Processing the post-proxy section of radiusd.conf modcall: entering group post-proxy for request 7 attr_filter: Matched entry DEFAULT at line 103 modcall[post-proxy]: module attr_filter returns updated for request 7 modcall[post-proxy]: module eap returns noop for request 7 modcall: leaving group post-proxy (returns updated) for request 7 Processing the authorize section of radiusd.conf modcall: entering group authorize for request 7 modcall[authorize]: module preprocess returns ok for request 7 radius_xlat: '/var/log/radius/radacct/141.5.16.151/auth-detail-20080423' rlm_detail: /var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d expands to /var/log/radius/radacct/141.5.16.151/auth-detail-20080423 modcall[authorize]: module auth_log returns ok for request 7 modcall[authorize]: module mschap returns noop for request 7 rlm_realm: Proxy reply, or no User-Name. Ignoring. modcall[authorize]: module suffix returns noop for request 7 modcall[authorize]: module eap returns noop for request 7 modcall[authorize]: module files returns notfound for request 7 rlm_ldap: - authorize rlm_ldap: performing user authorization for [EMAIL PROTECTED] radius_xlat: 'uid=_' radius_xlat: 'dc=bgc-jena, dc=mpg, dc=de' rlm_ldap: ldap_get_conn: Checking Id: 0 rlm_ldap: ldap_get_conn: Got Id: 0 rlm_ldap: performing search in dc=bgc-jena, dc=mpg, dc=de, with filter uid=_ rlm_ldap: object not found or got ambiguous search result rlm_ldap: search failed rlm_ldap: ldap_release_conn: Release Id: 0 modcall[authorize]: module ldap returns notfound for request 7 modcall: leaving group authorize (returns ok) for request 7 rad_check_password: Found Auth-Type rad_check_password: Auth-Type = Accept, accepting the user Processing the post-auth section of radiusd.conf modcall: entering group post-auth for request 7 modcall[post-auth]: module ldap returns noop for request 7 modcall: leaving group post-auth (returns noop) for request 7 Sending Access-Accept of id 228 to 141.5.16.151 port 2234 Finished request 7 Going to the next request Waking up in 6 seconds... ===Now the same over WLAN=== --- Walking the entire request list --- Cleaning up request 7 ID 228 with timestamp 480f2719 Nothing to do. Sleeping until we see a request. rad_recv: Access-Request packet from host 141.5.16.23:20008, id=173, length=201 User-Name = [EMAIL PROTECTED] MS-CHAP-Challenge = 0x04138c9db743bfbb843010bf7f8389aa MS-CHAP2-Response =
Re: 802.1x+WLAN and radtest
Hi Ivan, thanks, but I don't have access to this server. I'll can only do anything on our proxy. Your are right, the WLAN is configured with wpa2 TKIP PEAP and ms-chap-V2. Is there anything else I can do ? Bye, Peer Ivan Kalik schrieb: This is the debug from the proxy not home server. You need a debug from the home server to see why is first one accepted and second one rejected. Since first one was pap request and second mschap usual problem is that password stored on home server is encrypted. Ivan Kalik Kalik Informatika ISP _ Max-Planck-Institut fuer Biogeochemie Dr. Peer-Joachim Koch Hans-Knöll Str.10Telefon: ++49 3641 57-6705 D-07745 Jena Telefax: ++49 3641 57-7705 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
radiusd not starting
Hi, we updated yesterday one of our server running Novell SLES 9. After the update the raidusd (not the sles version, self compiled) did not work correctly (the load was getting higher and higher). Therefore I installed the current version of the freeradius-server (2.0.3) from http://download.opensuse.org/repositories/network:/aaa/ After fixing a few things in the /etd/raddb/users the server is running fine, when I do a radiusd -X also radius -f seem's to work. But neither a radiusd not /etc/init.d/freeradius start is launching the radiusd-Daemon. But I can not see WHY the raidusd is not starting as daemon. Any idea ? -- Bye, Peer _ Max-Planck-Institut fuer Biogeochemie Dr. Peer-Joachim Koch Hans-Knöll Str.10Telefon: ++49 3641 57-6705 D-07745 Jena Telefax: ++49 3641 57-7705 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: radiusd not starting
Hi, but even as root:root it's not working ! Shouldn't there be a access denied or smoething like this ? Here is the startup: ## more Rad2.log# FreeRADIUS Version 2.0.3, for host i686-suse-linux-gnu, built on Mar 19 2008 at 10:23:16 Copyright (C) 1999-2008 The FreeRADIUS server project and contributors. There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. You may redistribute copies of FreeRADIUS under the terms of the GNU General Public License. Starting - reading configuration files ... including configuration file /etc/raddb/radiusd.conf including configuration file /etc/raddb/proxy.conf including configuration file /etc/raddb/clients.conf including configuration file /etc/raddb/snmp.conf including configuration file /etc/raddb/eap.conf including dictionary file /etc/raddb/dictionary main { prefix = /usr localstatedir = /var logdir = /var/log/radius libdir = /usr/lib/freeradius radacctdir = /var/log/radius/radacct hostname_lookups = no max_request_time = 80 cleanup_delay = 5 max_requests = 1024 allow_core_dumps = no pidfile = /var/run/radiusd/radiusd.pid user = root group = root checkrad = /usr/sbin/checkrad debug_level = 0 proxy_requests = yes security { max_attributes = 200 reject_delay = 1 status_server = no } [EMAIL PROTECTED] schrieb: Hi, we updated yesterday one of our server running Novell SLES 9. After the update the raidusd (not the sles version, self compiled) did not work correctly (the load was getting higher and higher). Therefore I installed the current version of the freeradius-server (2.0.3) from http://download.opensuse.org/repositories/network:/aaa/ After fixing a few things in the /etd/raddb/users the server is running fine, when I do a radiusd -X also radius -f seem's to work. But neither a radiusd not /etc/init.d/freeradius start is launching the radiusd-Daemon. But I can not see WHY the raidusd is not starting as daemon. Any idea ? permissions - and if you ran radiusd -x you might even see that - its probably unabled to read some /etc/raddb files, or write to /var/log/radius etc etc - alan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- Mit freundlichem Gruss Peer-Joachim Koch _ Max-Planck-Institut fuer Biogeochemie Dr. Peer-Joachim Koch Hans-Knöll Str.10Telefon: ++49 3641 57-6705 D-07745 Jena Telefax: ++49 3641 57-7705 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html