Re: Freeradius + Microsoft Active Directory
Hello,
your password crypt key is used. not become in this ethereal can't recognize.
> Auth-Type CHAP {
> chap
> }
>
>
> Auth-Type MS-CHAP {
> mschap
> }
you must show the full and state this in the file
#ls /etc/raddact
#vi radius.conf
#vi clients.conf
best regards,
--
Ozgur Karatas
CCNA & Network Engineer
Linux System Administrator
ozgur (at) ozgurkaratas dot com
> - Original Message -
> From: "Natalia Escalera" <[EMAIL PROTECTED]>
> To: "FreeRadius users mailing list"
> Subject: Re: Freeradius + Microsoft Active Directory
> Date: Sat, 25 Feb 2006 11:53:20 -0600
>
>
> Hello Mr. DeKok
>
> Thank you for the fast response. The password is clear-text. We are
> using ethereal to debug why we are getting "Operations Error" on the
> Search Result. The Operation Errors comment is the following:
> "In order to perform this operation a successful bind must be completed."
>
> The search request on ethereal from Freeradius to the active directory
> gives the following:
> Message Type: Search Request
> Message Length: 96
> Response In: 469
> Base DN: dc=test, dc=prt
> Scope: subtree (0x02)
> Derefence: Never (0x00)
> Size Limit: 0
> Time Limit: 4
> Attributes only: False
> Filter: (&(objectclass=person)(sAMAccountName=%u))
> Attribute: uid we are not sending this attribute and we do not
> know where it is specified on Freeradius
>
> Here are the settings given for LDAP module on radius.conf and user file:
>
> #radius.conf
> ldap {
> server="xxx.xx.xxx.xxx"
>
> identity ="" # If this is suppose to be the bind dn???
>
> password = "mypassword"
> basedn ="dc=test,dc=prt"
>
> #filter = "(uid=%{Stripped-User-Name:-%{User-Name}})"
> filter ="(&(objectclass=person) (sAMAccountName=%u))"
>
> # set this to 'yes' to use TLS encrypted connections
> # to the LDAP database by using the StartTLS extended
> # operation.
> # The StartTLS operation is supposed to be used with normal
> # ldap connections instead of using ldaps (port 689) connections
> start_tls = no
>
> # tls_cacertfile= /path/to/cacert.pem
> # tls_cacertdir = /path/to/ca/dir/
> # tls_certfile = /path/to/radius.crt
> # tls_keyfile = /path/to/radius.key
> # tls_randfile = /path/to/rnd
> # tls_require_cert = "demand"
>
> # default_profile = "cn=radprofile,ou=dialup,o=My Org,c=UA"
> # profile_attribute = "radiusProfileDn"
> access_attr = "dialupAccess"
>
> # Mapping of RADIUS dictionary attributes to LDAP
> # directory attributes.
> dictionary_mapping = ${raddbdir}/ldap.attrmap
>
> ldap_connections_number = 5
>
>
> timeout =5
> timelimit =4
> net_timeout =2
> compare_check_items = yes
>
> }
>
> authenticate {
>
> Auth-Type PAP {
> pap
> }
>
>
> Auth-Type CHAP {
> chap
> }
>
>
> Auth-Type MS-CHAP {
> mschap
> }
>
>
> unix
>
>
>
> Auth-Type LDAP {
> ldap
> }
>
>
> eap
> }
>
> #users file
> DEFAULT Auth-Type := LDAP
> Fall-Through = 1
>
> Can you please tell us if there is something wrong or if we are
> missing something on the configuration files?
>
> Thanks in advance,
> Nataly
>
> On 2/25/06, Alan DeKok <[EMAIL PROTECTED]> wrote:
> > "Natalia Escalera" <[EMAIL PROTECTED]> wrote:
> > > I am setting up freeradius with Microsoft Active Directory. So far, I
> > > am able to connect to the server but not to authenticate a user. Can
> > > you please give me a hint of how the configuration files need to be
> > > set in order to authenticate the user.
> >
> > If the RADIUS packets have clear-text passwords, then the normal
> > LDAP module should work. If you're using PEAP or MS-CHAP, read
> > "radiusd.conf",m and use "ntlm_auth".
> >
> > > Also, what is "3D" used for? (Example: server =3D your.ad.server.org ...)
> >
> > Nothing. It's an artifact of stupid mailers. 3D is ASCII for '='.
> >
> > Alan DeKok.
> >
> > -
> > List info/subscribe/unsubscribe? See
> > http://www.freeradius.org/list/users.html
> >
>
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>
+-+-+-+ BEGIN PGP SIGNATURE +-+-+-+
Version: GnuPG v1.4.2 (GNU/Linux)
.-. .-._
: : : : :_;
.-' : .--. : `-. .-. .--. ,-.,-.
' .; :' '_.'' .; :: :' .; ; : ,. :
`.__.'`.__.'`.__.':_;`.__,_;:_;:_;
Kai "Ozgur" Geek
Network Engineer
PGP ID: B1
RE: Freeradius authentication question
hmm ok
a lot thank you..
regards :)
> - Original Message -
> From: "Le Gal Philippe" <[EMAIL PROTECTED]>
> To: "FreeRadius users mailing list"
> Subject: RE: Freeradius authentication question
> Date: Fri, 20 Jan 2006 12:08:59 -
>
>
>
> The Pam radius configuration file on the client machine should be
> located here: /etc/raddb/server (cf pam radius INSTALL)
>
> I can't see why the radius server can not decrypt the password when
> I know my shared secret is absolutely identical on the client and
> on the radius server.
>
> Anyone ?
>
> Philippe
>
> -Original Message-----
> From:
> [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED]
> dius.org]On Behalf Of Kai Geek
> Sent: 20 January 2006 12:00
> To: FreeRadius users mailing list
> Subject: Re: Freeradius authentication question
>
>
> Hello,
> [EMAIL PROTECTED] root]# vi /etc/raddb/server ??
>
> the config file will this be ?
> correct directory;
>
> #vi /etc/raddb/clients.conf
>
> oke.
>
> > - Original Message -
> > From: "Le Gal Philippe" <[EMAIL PROTECTED]>
> > To: "FreeRadius users mailing list"
> > Subject: Freeradius authentication question Date: Fri, 20 Jan
> > 2006 11:34:51 -
> >
> >
> >
> > Hi everybody,
> >
> > I'm trying to authenticate users login in a machine using ssh. I
> > have configured ssh & PAM on that server to autenticate against
> > the radius server (Redhat Application Server 2.1).
> >
> > Please find below the debug of the radius server as well as my conf files.
> >
> > The Free radius server says :
> >
> > Login incorrect: [test/\010\n\INCORRECT] (from client
> > us067.eudra.org port 1500 cli 192.168.xx.xx)
> >WARNING: Unprintable characters in the password. ?
> > Double-check the shared secret on the server and the NAS!
> >
> > So did I . I checked the secrets on the server and they are *IDENTICAL*...
> >
> > I used the NTRadPing utility with exactly the same parameters and
> > it works absolutely fine !
> >
> > Thank you for your help !
> >
> > my /etc/raddb/server file : (on the client machine) :
> >
> > [EMAIL PROTECTED] root]# vi /etc/raddb/server
> > # pam_radius_auth configuration file. Copy to: /etc/raddb/server
> > #
> > # For proper security, this file SHOULD have permissions 0600,
> > # that is readable by root, and NO ONE else. If anyone other than
> > # root can read this file, then they can spoof responses from the server!
> > #
> > # There are 3 fields per line in this file. There may be multiple
> > # lines. Blank lines or lines beginning with '#' are treated as
> > # comments, and are ignored. The fields are:
> > #
> > # server[:port] secret [timeout]
> > #
> > # the port name or number is optional. The default port name is
> > # "radius", and is looked up from /etc/services The timeout field is
> > # optional. The default timeout is 3 seconds.
> > #
> > # If multiple RADIUS server lines exist, they are tried in order. The
> > # first server to return success or failure causes the module to return
> > # success or failure. Only if a server fails to response is it skipped,
> > # and the next server in turn is used.
> > #
> > # The timeout field controls how many seconds the module waits before
> > # deciding that the server has failed to respond.
> > #
> > # server[:port] shared_secret timeout (s)
> > loginhost.eudra.org philippe123456 1
> > #
> > # having localhost in your radius configuration is a Good Thing.
> > #
> > # See the INSTALL file for pam.conf hints.
> >
> >
> > clients.conf :
> >
> > client us067.eudra.org {
> > secret = philippe123456
> > shortname = us067.eudra.org
> > }
> >
> >
> > [EMAIL PROTECTED] raddb]# radiusd -X
> > Starting - reading configuration files ...
> > reread_config: reading radiusd.conf
> > Config: including file: /usr/local/etc/raddb/proxy.conf
> > Config: including file: /usr/local/etc/raddb/clients.conf
> > Config: including file: /usr/local/etc/raddb/snmp.conf
> > Config: including file: /usr/local/etc/raddb/eap.conf
> > Config: including file: /usr/local/etc/raddb/sql.conf
> > main: prefix = "/usr/local"
> > main: localstatedir = "/usr/local/var"
> > main: logdir = "/usr/local/var/log/radius"
> > main: libd
Re: Freeradius authentication question
Hello,
[EMAIL PROTECTED] root]# vi /etc/raddb/server ??
the config file will this be ?
correct directory;
#vi /etc/raddb/clients.conf
oke.
> - Original Message -
> From: "Le Gal Philippe" <[EMAIL PROTECTED]>
> To: "FreeRadius users mailing list"
> Subject: Freeradius authentication question
> Date: Fri, 20 Jan 2006 11:34:51 -
>
>
>
> Hi everybody,
>
> I'm trying to authenticate users login in a machine using ssh. I
> have configured ssh & PAM on that server to autenticate against the
> radius server (Redhat Application Server 2.1).
>
> Please find below the debug of the radius server as well as my conf files.
>
> The Free radius server says :
>
> Login incorrect: [test/\010\n\INCORRECT] (from client
> us067.eudra.org port 1500 cli 192.168.xx.xx)
>WARNING: Unprintable characters in the password. ? Double-check
> the shared secret on the server and the NAS!
>
> So did I . I checked the secrets on the server and they are *IDENTICAL*...
>
> I used the NTRadPing utility with exactly the same parameters and
> it works absolutely fine !
>
> Thank you for your help !
>
> my /etc/raddb/server file : (on the client machine) :
>
> [EMAIL PROTECTED] root]# vi /etc/raddb/server
> # pam_radius_auth configuration file. Copy to: /etc/raddb/server
> #
> # For proper security, this file SHOULD have permissions 0600,
> # that is readable by root, and NO ONE else. If anyone other than
> # root can read this file, then they can spoof responses from the server!
> #
> # There are 3 fields per line in this file. There may be multiple
> # lines. Blank lines or lines beginning with '#' are treated as
> # comments, and are ignored. The fields are:
> #
> # server[:port] secret [timeout]
> #
> # the port name or number is optional. The default port name is
> # "radius", and is looked up from /etc/services The timeout field is
> # optional. The default timeout is 3 seconds.
> #
> # If multiple RADIUS server lines exist, they are tried in order. The
> # first server to return success or failure causes the module to return
> # success or failure. Only if a server fails to response is it skipped,
> # and the next server in turn is used.
> #
> # The timeout field controls how many seconds the module waits before
> # deciding that the server has failed to respond.
> #
> # server[:port] shared_secret timeout (s)
> loginhost.eudra.org philippe123456 1
> #
> # having localhost in your radius configuration is a Good Thing.
> #
> # See the INSTALL file for pam.conf hints.
>
>
> clients.conf :
>
> client us067.eudra.org {
> secret = philippe123456
> shortname = us067.eudra.org
> }
>
>
> [EMAIL PROTECTED] raddb]# radiusd -X
> Starting - reading configuration files ...
> reread_config: reading radiusd.conf
> Config: including file: /usr/local/etc/raddb/proxy.conf
> Config: including file: /usr/local/etc/raddb/clients.conf
> Config: including file: /usr/local/etc/raddb/snmp.conf
> Config: including file: /usr/local/etc/raddb/eap.conf
> Config: including file: /usr/local/etc/raddb/sql.conf
> main: prefix = "/usr/local"
> main: localstatedir = "/usr/local/var"
> main: logdir = "/usr/local/var/log/radius"
> main: libdir = "/usr/local/lib"
> main: radacctdir = "/usr/local/var/log/radius/radacct"
> main: hostname_lookups = no
> main: max_request_time = 30
> main: cleanup_delay = 5
> main: max_requests = 1024
> main: delete_blocked_requests = 0
> main: port = 0
> main: allow_core_dumps = no
> main: log_stripped_names = no
> main: log_file = "/usr/local/var/log/radius/radius.log"
> main: log_auth = yes
> main: log_auth_badpass = yes
> main: log_auth_goodpass = yes
> main: pidfile = "/usr/local/var/run/radiusd/radiusd.pid"
> main: user = "(null)"
> main: group = "(null)"
> main: usercollide = no
> main: lower_user = "no"
> main: lower_pass = "no"
> main: nospace_user = "no"
> main: nospace_pass = "no"
> main: checkrad = "/usr/local/sbin/checkrad"
> main: proxy_requests = yes
> proxy: retry_delay = 5
> proxy: retry_count = 3
> proxy: synchronous = no
> proxy: default_fallback = yes
> proxy: dead_time = 120
> proxy: post_proxy_authorize = yes
> proxy: wake_all_if_all_dead = no
> security: max_attributes = 200
> security: reject_delay = 1
> security: status_server = no
> main: debug_level = 0
> read_config_files: reading dictionary
> read_config_files: reading naslist
> Using deprecated naslist file. Support for this will go away soon.
> read_config_files: reading clients
> read_config_files: reading realms
> radiusd: entering modules setup
> Module: Library search path is /usr/local/lib
> Module: Loaded exec
> exec: wait = yes
> exec: program = "(null)"
> exec: input_pairs = "request"
> exec: output_pairs = "(null)"
> exec: packet_type = "(null)"
> rlm_exec: Wait=yes but no output defined. Did you mean output=none?
> Module: Instantiated exec (e
Re: Ippool and NAS
Hello,
where you radius server and users config file ?
> - Original Message -
> From: "Johansson, Daniel" <[EMAIL PROTECTED]>
> To: freeradius-users@lists.freeradius.org
> Subject: Ippool and NAS
> Date: Thu, 19 Jan 2006 15:18:59 +0100
>
>
> Hi Freeradius users.
>
> I have compiled and installed the 1.1.0 version of Freeradius and made
> the basic configurations and everything works fine.
>
> Now I have 5 NAS boxes that is accessing the radius server the problem
> is that I want each NAS to use a set if ipadresses.
>
> So for NAS(1) the radius should return ippool(1) and so on.
>
> I have looked at the FAQ and have been searching in the mail archive for
> several hours and have only seen people asking about allocating
> ipadresses for specific user(s) or group(s) but not for a NAS.
>
>
> Could anyone please help me to get me started on this.
>
> Best Regards
> /Daniel Johansson
>
>
> Below is my NAS boxes in clients.conf
>
> # Client for RTP-RFTN, GGSN 1
>
> client 192.168.9.1 {
> secret = xxx
> shortname = RTP-RFTN
>
> }
>
> # Client for S99, GGSN 249
>
> client 192.168.15.249 {
> secret = xxx
> shortname = S99 GGSN 249
> }
>
> # Client for S98, GGSN 254
>
> client 192.168.13.254 {
> secret = xxx
> shortname = S98 GGSN 254
> }
>
> # Client for GLANA, GGSN 250
>
> client 192.168.11.250 {
> secret = xxx
> shortname = GLANA GGSN 250
> }
>
> # Client for Telia GLANA, GGSN 249
>
> client 192.168.11.249 {
> secret = xxx
> shortname = GLANA GGSN 249
> }
>
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>
+-+-+-+ BEGIN PGP SIGNATURE +-+-+-+
Version: GnuPG v1.4.2 (GNU/Linux)
.-. .-._
: : : : :_;
.-' : .--. : `-. .-. .--. ,-.,-.
' .; :' '_.'' .; :: :' .; ; : ,. :
`.__.'`.__.'`.__.':_;`.__,_;:_;:_;
Kai "Ozgur" Geek
Network Engineer
PGP ID: B1B63B6E
+-+-+-+ END PGP SIGNATURE +-+-+-+
--
___
Check out the latest SMS services @ http://www.linuxmail.org
This allows you to send and receive SMS through your mailbox.
Powered by Outblaze
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Installation problem Radiusd does not exist
Hello, #tar zxvf freeradius-1.0.5.tar.gz #cd freeradius-1.0.5 #./configure --localstatedir=/var --sysconfdir=/etc #make #make install for command debian; ozgur:~# apt-cache search freeradius freeradius - a high-performance and highly configurable server #apt-get install freeradius and #cd /etc/raddb #pico users #pico clients.conf for edit users and clients file, #radiusd -X - Original Message - From: "Nicolas Baradakis" <[EMAIL PROTECTED]> To: "FreeRadius users mailing list" Subject: Re: Installation problem Radiusd does not exist Date: Thu, 5 Jan 2006 12:47:08 +0100 > > Nicola Iotti wrote: > > > I'm installing freeradius 1.0.5 on a Debian Linux system > > I've downloaded tarball, extracted it with #tar zxvf > > freeradius-1.0.5.tar.gz > > I did : > > > > ./configure > > make > > make install > > You should just get the Debian binary package with "apt-get". > > If you really want to recompile FreeRADIUS from source, see the advices > on the wiki: > http://wiki.freeradius.org/index.php/FreeRADIUS_Wiki:FAQ#How_do_I_build_a_Debian_package_from_sources.3F > > And please turn off HTML in your email client when posting to this > mailing list: http://freeradius.org/list/users.html > > -- > Nicolas Baradakis > > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html +-+-+-+ BEGIN PGP SIGNATURE +-+-+-+ Version: GnuPG v1.4.2 (GNU/Linux) .-. .-._ : : : : :_; .-' : .--. : `-. .-. .--. ,-.,-. ' .; :' '_.'' .; :: :' .; ; : ,. : `.__.'`.__.'`.__.':_;`.__,_;:_;:_; Kai "Ozgur" Geek Network Engineer PGP ID: B1B63B6E +-+-+-+ END PGP SIGNATURE +-+-+-+ -- ___ Check out the latest SMS services @ http://www.linuxmail.org This allows you to send and receive SMS through your mailbox. Powered by Outblaze - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Freeradius probleming help me
Hello,
[EMAIL PROTECTED]:/etc/raddb# radiusd -p 1645
Ignoring deprecated command-line option -pTue Jan 3 10:06:51 2006 : Info:
Starting - reading configuration files ...
why problem on radiusd ?
[EMAIL PROTECTED]:/etc/raddb# radiusd -X
Starting - reading configuration files ...
reread_config: reading radiusd.conf
Config: including file: /etc/raddb/clients.conf
Config: including file: /etc/raddb/eap.conf
Config: including file: /etc/raddb/sql.conf
main: prefix = "/usr/local"
main: localstatedir = "/var"
main: logdir = "/var/log/radius"
main: libdir = "/usr/local/lib"
main: radacctdir = "/var/log/radius/radacct"
main: hostname_lookups = no
main: max_request_time = 30
main: cleanup_delay = 5
main: max_requests = 1024
main: delete_blocked_requests = 0
main: port = 1645
main: allow_core_dumps = no
main: log_stripped_names = no
main: log_file = "/var/log/radius/radius.log"
main: log_auth = yes
main: log_auth_badpass = no
main: log_auth_goodpass = no
main: pidfile = "/var/run/radiusd/radiusd.pid"
main: bind_address = 10.0.0.6 IP address [10.0.0.6]
main: user = "root"
main: group = "(null)"
main: usercollide = no
main: lower_user = "no"
main: lower_pass = "no"
main: nospace_user = "no"
main: nospace_pass = "no"
main: checkrad = "/usr/local/sbin/checkrad"
main: proxy_requests = yes
security: max_attributes = 200
security: reject_delay = 1
security: status_server = no
main: debug_level = 0
read_config_files: reading dictionary
read_config_files: reading naslist
Using deprecated naslist file. Support for this will go away soon.
read_config_files: reading clients
read_config_files: reading realms
radiusd: entering modules setup
Module: Library search path is /usr/local/lib
Module: Loaded exec
exec: wait = yes
exec: program = "(null)"
exec: input_pairs = "request"
exec: output_pairs = "(null)"
exec: packet_type = "(null)"
rlm_exec: Wait=yes but no output defined. Did you mean output=none?
Module: Instantiated exec (exec)
Module: Loaded expr
Module: Instantiated expr (expr)
Module: Loaded PAP
pap: encryption_scheme = "crypt"
Module: Instantiated pap (pap)
Module: Loaded CHAP
Module: Instantiated chap (chap)
Module: Loaded MS-CHAP
mschap: use_mppe = yes
mschap: require_encryption = no
mschap: require_strong = no
mschap: with_ntdomain_hack = no
mschap: passwd = "(null)"
mschap: authtype = "MS-CHAP"
mschap: ntlm_auth = "(null)"
Module: Instantiated mschap (mschap)
Module: Loaded DIGEST
Module: Instantiated digest (digest)
Module: Loaded System
unix: cache = no
unix: passwd = "(null)"
unix: shadow = "(null)"
unix: group = "(null)"
unix: radwtmp = "/var/log/radius/radwtmp"
unix: usegroup = no
unix: cache_reload = 600
Module: Instantiated unix (unix)
Module: Loaded eap
eap: default_eap_type = "md5"
eap: timer_expire = 60
eap: ignore_unknown_eap_types = no
eap: cisco_accounting_username_bug = no
rlm_eap: Loaded and initialized type md5
rlm_eap: Loaded and initialized type leap
gtc: challenge = "Password: "
gtc: auth_type = "PAP"
rlm_eap: Loaded and initialized type gtc
mschapv2: with_ntdomain_hack = no
rlm_eap: Loaded and initialized type mschapv2
Module: Instantiated eap (eap)
Module: Loaded detail
detail: detailfile =
"/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d"
detail: detailperm = 384
detail: dirperm = 493
detail: locking = no
Module: Instantiated detail (auth_log)
Module: Loaded attr_filter
attr_filter: attrsfile = "/etc/raddb/attrs"
rlm_attr_filter: Authorize method will be deprecated.
Module: Instantiated attr_filter (attr_filter)
Module: Loaded realm
realm: format = "suffix"
realm: delimiter = "@"
realm: ignore_default = no
realm: ignore_null = no
Module: Instantiated realm (suffix)
Module: Loaded files
files: usersfile = "/etc/raddb/users"
files: acctusersfile = "/etc/raddb/acct_users"
files: preproxy_usersfile = "/etc/raddb/preproxy_users"
files: compat = "no"
Module: Instantiated files (files)
Module: Loaded Acct-Unique-Session-Id
acct_unique: key = "User-Name, Acct-Session-Id, NAS-IP-Address,
Client-IP-Address, NAS-Port"
Module: Instantiated acct_unique (acct_unique)
detail: detailfile =
"/var/log/radius/radacct/%{Client-IP-Address}/detail-%Y%m%d"
detail: detailperm = 384
detail: dirperm = 493
detail: locking = no
Module: Instantiated detail (detail)
Module: Loaded radutmp
radutmp: filename = "/var/log/radius/radutmp"
radutmp: username = "%{User-Name}"
radutmp: case_sensitive = yes
radutmp: check_with_nas = yes
radutmp: perm = 384
radutmp: callerid = yes
Module: Instantiated radutmp (radutmp)
Listening on authentication 10.0.0.6:1645
Listening on accounting 10.0.0.6:1646
Listening on proxy 10.0.0.6:1647
Ready to process requests.
#vi users
steveAuth-Type := System
Service-Type = Shell-User,
Login-Service = Telnet,
Login-IP-Host = 0.0.0.0,
Login-TCP-Port = Telnet
#vi clients.conf
client 10.0.0.250 {
s
Module Problem
[EMAIL PROTECTED]:/etc/raddb# radiusd -X Module: Library search path is /usr/local/lib ERROR: Cannot find a configuration entry for module "exec". why problem? +-+-+-+ BEGIN PGP SIGNATURE +-+-+-+ Version: GnuPG v1.4.2 (GNU/Linux) .-. .-._ : : : : :_; .-' : .--. : `-. .-. .--. ,-.,-. ' .; :' '_.'' .; :: :' .; ; : ,. : `.__.'`.__.'`.__.':_;`.__,_;:_;:_; Kai "Ozgur" Geek Network Engineer PGP ID: B1B63B6E +-+-+-+ END PGP SIGNATURE +-+-+-+ -- ___ Check out the latest SMS services @ http://www.linuxmail.org This allows you to send and receive SMS through your mailbox. Powered by Outblaze - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: FreeRadius and Dlink Switch Authentication Problem
Merhabalar Inci hanim,
oncelikle yardimlariniz icin cok tesekkur ederim. Ancak tacacs kullanamiyoruz
cunku switchlerin cogu Dlink ve 3226 modeli yani tacacs yok. radius server
destekliyorlar. bu nedenle radius kullanmam gerek.
#radiusd -X
diyerek debug moda aliyorum ve benim ip adresim 10.0.0.185 radius server ise
10.0.0.6'da calisiyor. switch ise (dlink marka) 10.0.0.250 ip adresine sahip.
ben
#telnet 10.0.0.250
komutunu verdigim zaman switchin kendi icindeki kullanici ile (admin)
girebiliyorum. ama hicbir log dusmuyor. ne onerirsiniz?
- Original Message -
From: "Inci Gedik " <[EMAIL PROTECTED]>
To: "'FreeRadius users mailing list'"
Subject: RE: FreeRadius and Dlink Switch Authentication Problem
Date: Thu, 29 Dec 2005 15:20:43 +0200
>
> Selam,
>
> Radius un debug ettin mi ? Sen switch e baglanmaya calisirken ekrana neler
> geliyor bir bakar misin ? Birde calisan bir sistemden ornek veriim :
>
> client.conf dosyani asagidaki gibi editler misin ?
>
> client 10.0.0.250 {
> secret = 250
> shortname = switch
> nastype = cisco
> }
>
> Users dosyasindaki kulanici tanimlamasini asagidaki gibi yapip, linux
> sisteminde steve diye bir kullanici acip bir de sifre verirsen baglantiyi
> saglayabilirsin.
>
> steve Auth-Type := System
> Service-Type = Shell-User,
> Login-Service = Telnet,
> Login-IP-Host = 0.0.0.0,
> Login-TCP-Port = Telnet
>
> Linux altinda port numaralarinda acik degil mi ? Bu sekilde bir kontrol
> edersen bir de conf dosyani inceleyebiliriz. O zaman conf dosyanda bir hata
> var demektir.
>
> Bi de israrla tacacs+ diyorum : )
>
>
>
> Kolay gelsin ,
>
> Inci Gedik
>
> -Original Message-
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] On
> Behalf Of Kai Geek
> Sent: 29 Aralık 2005 Perşembe 14:24
> To: freeradius-users@lists.freeradius.org
> Subject: FreeRadius and Dlink Switch Authentication Problem
>
> Hello,
> i am using freeradius in my computer with the ip 10.0.0.6
> i have a dlink 3226s model switch in my network and its ip is 10.0.0.250
>
> i want this switch to verify username and password from radius server
> (10.0.0.6)
>
> i have added 10.0.0.250 as a client to the radius servers clients.conf and
> users files and i introduced a user. but still it doesnt connect. where may
> be the error?
> when i test locally, it seems as working but teh switch doesnt connect to
> radius?
> thank you,
>
> using command radius server (10.0.0.6)
>
> [EMAIL PROTECTED] clients.conf
>
> client 10.0.0.250 {
> secret = 250
> shortname = 1
> }
>
> [EMAIL PROTECTED] users
>
> steve Auth-Type := Local, User-Password == "testing"
> Service-Type = Framed-User,
> Framed-Protocol = PPP,
> Framed-IP-Address = 127.0.0.1,
> Framed-IP-Netmask = 255.255.255.0,
> Framed-Routing = Broadcast-Listen,
> Framed-Filter-Id = "std.ppp",
> Framed-MTU = 1500,
> Framed-Compression = Van-Jacobsen-TCP-IP
>
> #radtest steve testing 10.0.0.6 1812 testing
> okay
> what problem ?
> when i test locally, it seems as working but teh switch doesnt connect to
> radius?
>
> +-+-+-+ BEGIN PGP SIGNATURE +-+-+-+
> Version: GnuPG v1.4.2 (GNU/Linux)
> .-. .-._
> : : : : :_;
> .-' : .--. : `-. .-. .--. ,-.,-.
> ' .; :' '_.'' .; :: :' .; ; : ,. :
> `.__.'`.__.'`.__.':_;`.__,_;:_;:_;
>
> Kai "Ozgur" Geek
> Network Engineer
> PGP ID: B1B63B6E
> +-+-+-+ END PGP SIGNATURE +-+-+-+
>
>
> --
> ___
> Check out the latest SMS services @ http://www.linuxmail.org
> This allows you to send and receive SMS through your mailbox.
>
> Powered by Outblaze
>
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
>
>
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
+-+-+-+ BEGIN PGP SIGNATURE +-+-+-+
Version: GnuPG v1.4.2 (GNU/Linux)
.-. .-._
: : : : :_;
.-' : .--. : `-. .-. .--. ,-.,-.
' .; :' '_.'' .; :: :' .; ; : ,. :
`.__.'`.__.'`.__.':_;`.__,_;:_;:_;
Kai "Ozgur" Geek
Network Engineer
PGP ID: B1B63B6E
+-+-+-+ END PGP SIGNATURE +-+-+-+
--
___
Check out the latest SMS services @ http://www.linuxmail.org
This allows you to send and receive SMS through your mailbox.
Powered by Outblaze
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
FreeRadius and Dlink Switch Authentication Problem
Hello,
i am using freeradius in my computer with the ip 10.0.0.6
i have a dlink 3226s model switch in my network and its ip is 10.0.0.250
i want this switch to verify username and password from radius server
(10.0.0.6)
i have added 10.0.0.250 as a client to the radius servers clients.conf and
users files and i introduced a user. but still it doesnt connect. where may be
the error?
when i test locally, it seems as working but teh switch doesnt connect to
radius?
thank you,
using command radius server (10.0.0.6)
[EMAIL PROTECTED] clients.conf
client 10.0.0.250 {
secret = 250
shortname = 1
}
[EMAIL PROTECTED] users
steve Auth-Type := Local, User-Password == "testing"
Service-Type = Framed-User,
Framed-Protocol = PPP,
Framed-IP-Address = 127.0.0.1,
Framed-IP-Netmask = 255.255.255.0,
Framed-Routing = Broadcast-Listen,
Framed-Filter-Id = "std.ppp",
Framed-MTU = 1500,
Framed-Compression = Van-Jacobsen-TCP-IP
#radtest steve testing 10.0.0.6 1812 testing
okay
what problem ?
when i test locally, it seems as working but teh switch doesnt connect to
radius?
+-+-+-+ BEGIN PGP SIGNATURE +-+-+-+
Version: GnuPG v1.4.2 (GNU/Linux)
.-. .-._
: : : : :_;
.-' : .--. : `-. .-. .--. ,-.,-.
' .; :' '_.'' .; :: :' .; ; : ,. :
`.__.'`.__.'`.__.':_;`.__,_;:_;:_;
Kai "Ozgur" Geek
Network Engineer
PGP ID: B1B63B6E
+-+-+-+ END PGP SIGNATURE +-+-+-+
--
___
Check out the latest SMS services @ http://www.linuxmail.org
This allows you to send and receive SMS through your mailbox.
Powered by Outblaze
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
radius error file
#tail -f /var/log/radius/radius.log Wed Dec 28 13:31:21 2005 : Info: Using deprecated naslist file. Support for this will go away soon. Wed Dec 28 13:31:21 2005 : Info: rlm_exec: Wait=yes but no output defined. Did you mean output=none? Wed Dec 28 13:31:21 2005 : Info: Ready to process requests. why problem in radius server ? -- ___ Check out the latest SMS services @ http://www.linuxmail.org This allows you to send and receive SMS through your mailbox. Powered by Outblaze - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Hello Radius Server Problem
Hello,
what your radius server starting problem? dont log /varlog/radius/radius.conf
:(
Switch IP: 10.0.0.250 <- Dlink (26 Port)
Radius Server: 10.0.0.6
#ssh 10.0.0.6
#pico clients.conf
client 10.0.0.250 {
secret = testing
shortname = des-deneme
}
#pico users
tbaygul Auth-Type := Local, User-Password == "testing"
Service-Type = Framed-User,
Framed-Protocol = PPP,
# Framed-IP-Address = ,
# Framed-IP-Netmask = 255.255.255.0,
Framed-Routing = Broadcast-Listen,
Framed-Filter-Id = "std.ppp",
Framed-MTU = 1500,
Framed-Compression = Van-Jacobsen-TCP-IP
[EMAIL PROTECTED]:/etc# radiusd -X
Starting - reading configuration files ...
reread_config: reading radiusd.conf
Config: including file: /etc/raddb/proxy.conf
Config: including file: /etc/raddb/clients.conf
Config: including file: /etc/raddb/snmp.conf
Config: including file: /etc/raddb/eap.conf
Config: including file: /etc/raddb/sql.conf
main: prefix = "/usr/local"
main: localstatedir = "/var"
main: logdir = "/var/log/radius"
main: libdir = "/usr/local/lib"
main: radacctdir = "/var/log/radius/radacct"
main: hostname_lookups = no
main: max_request_time = 30
main: cleanup_delay = 5
main: max_requests = 1024
main: delete_blocked_requests = 0
main: port = 1812
main: allow_core_dumps = no
main: log_stripped_names = no
main: log_file = "/var/log/radius/radius.log"
main: log_auth = yes
main: log_auth_badpass = no
main: log_auth_goodpass = no
main: pidfile = "/var/run/radiusd/radiusd.pid"
main: bind_address = 127.0.0.1 IP address [127.0.0.1]
main: user = "(null)"
main: group = "(null)"
main: usercollide = no
main: lower_user = "no"
main: lower_pass = "no"
main: nospace_user = "no"
main: nospace_pass = "no"
main: checkrad = "/usr/local/sbin/checkrad"
main: proxy_requests = yes
proxy: retry_delay = 5
proxy: retry_count = 3
proxy: synchronous = no
proxy: default_fallback = yes
proxy: dead_time = 120
proxy: post_proxy_authorize = yes
proxy: wake_all_if_all_dead = no
security: max_attributes = 200
security: reject_delay = 1
security: status_server = no
main: debug_level = 0
read_config_files: reading dictionary
read_config_files: reading naslist
Using deprecated naslist file. Support for this will go away soon.
read_config_files: reading clients
read_config_files: reading realms
listen: ipaddr = 10.0.0.6 IP address [10.0.0.6]
listen: port = 1812
listen: type = "auth"
radiusd: entering modules setup
Module: Library search path is /usr/local/lib
Module: Loaded exec
exec: wait = yes
exec: program = "(null)"
exec: input_pairs = "request"
exec: output_pairs = "(null)"
exec: packet_type = "(null)"
rlm_exec: Wait=yes but no output defined. Did you mean output=none?
Module: Instantiated exec (exec)
Module: Loaded expr
Module: Instantiated expr (expr)
Module: Loaded PAP
pap: encryption_scheme = "crypt"
Module: Instantiated pap (pap)
Module: Loaded CHAP
Module: Instantiated chap (chap)
Module: Loaded MS-CHAP
mschap: use_mppe = yes
mschap: require_encryption = no
mschap: require_strong = no
mschap: with_ntdomain_hack = no
mschap: passwd = "(null)"
mschap: authtype = "MS-CHAP"
mschap: ntlm_auth = "(null)"
Module: Instantiated mschap (mschap)
Module: Loaded System
unix: cache = no
unix: passwd = "(null)"
unix: shadow = "(null)"
unix: group = "(null)"
unix: radwtmp = "/var/log/radius/radwtmp"
unix: usegroup = no
unix: cache_reload = 600
Module: Instantiated unix (unix)
Module: Loaded eap
eap: default_eap_type = "md5"
eap: timer_expire = 60
eap: ignore_unknown_eap_types = no
eap: cisco_accounting_username_bug = no
rlm_eap: Loaded and initialized type md5
rlm_eap: Loaded and initialized type leap
gtc: challenge = "Password: "
gtc: auth_type = "PAP"
rlm_eap: Loaded and initialized type gtc
mschapv2: with_ntdomain_hack = no
rlm_eap: Loaded and initialized type mschapv2
Module: Instantiated eap (eap)
Module: Loaded preprocess
preprocess: huntgroups = "/etc/raddb/huntgroups"
preprocess: hints = "/etc/raddb/hints"
preprocess: with_ascend_hack = no
preprocess: ascend_channels_per_line = 23
preprocess: with_ntdomain_hack = no
preprocess: with_specialix_jetstream_hack = no
preprocess: with_cisco_vsa_hack = no
Module: Instantiated preprocess (preprocess)
Module: Loaded realm
realm: format = "suffix"
realm: delimiter = "@"
realm: ignore_default = no
realm: ignore_null = no
Module: Instantiated realm (suffix)
Module: Loaded files
files: usersfile = "/etc/raddb/users"
files: acctusersfile = "/etc/raddb/acct_users"
files: preproxy_usersfile = "/etc/raddb/preproxy_users"
files: compat = "no"
Module: Instantiated files (files)
Module: Loaded Acct-Unique-Session-Id
acct_unique: key = "User-Name, Acct-Session-Id, NAS-IP-Address,
Client-IP-Address, NAS-Port"
Module: Instantiated acct_unique (acct_unique)
Module: Loaded detail
detail: detailfile =
"/var/log/radius/radacct/%{Client-IP-Address}/detail-%Y%m%d"
radiusd -X and Raddb Configure
Hello, i am installing freeradius server and operating system slackware 10.2 #cd /etc/raddb #list acct_users clients.conf hints naslist preproxy_users snmp.conf x99passwd.sample attrs dictionary huntgroupsnaspasswdproxy.conf sql.conf certs/ eap.conf ldap.attrmap oraclesql.conf radiusd.conf users clients experimental.conf mssql.confpostgresql.conf realms x99.conf #radiusd -X Module: Instantiated unix (unix) radiusd.conf[1682] Unknown Auth-Type "System" in authenticate section. what problem? -- -- | Radius Server || Dlink Switch | | IP : 10.0.0.200|--- | IP: 10.0.0.250 | -- -- | ssh accepting radius| ^ |__| | __| | (ssh wish request) | | -- | My Computer| | IP: 10.0.0.201 | -- How do I topology ensure this? what Raddb server must I do ? Thank you +-+-+- BEGIN PGP SIGNATURE -+-+-+ Version: GnuPG v1.4.2 (GNU/Linux) ___ / __)Kai "Ozgur" Geek \__ \PGP ID: B1B63B6E (___/lackwareNetwork Engineer +-+-+-+ END PGP SIGNATURE +-+-+-+ -- ___ Check out the latest SMS services @ http://www.linuxmail.org This allows you to send and receive SMS through your mailbox. Powered by Outblaze - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Freeradius Configure Help me
Hello, Errors reading dictionary: dict_init: /usr/share/freeradius/dictionary[14]: Couldn't open dictionary "/usr/share/freeradius/d ictionary": Too many open files Errors reading radiusd.conf - Original Message - From: "Philippe Sultan" <[EMAIL PROTECTED]> To: "FreeRadius users mailing list" Subject: Re: Freeradius Configure Help me Date: Thu, 22 Dec 2005 11:58:45 +0100 > > On 12/22/05, Kai Geek <[EMAIL PROTECTED]> wrote: > > Hello, > > i am install Slackware 10.2 on freeradius server. > > > In this order? > > > [EMAIL PROTECTED]:/etc/raddb# radiusd > > Thu Dec 22 12:07:48 2005 : Info: Starting - reading configuration files ... > > [EMAIL PROTECTED]:/etc/raddb# > > > You successfully launched the radiusd daemon. Try radiusd -X to keep > output to your terminal. > > Bye, > > Philippe > > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html +-+-+- BEGIN PGP SIGNATURE -+-+-+ Version: GnuPG v1.4.2 (GNU/Linux) ___ / __)Kai "Ozgur" Geek \__ \PGP ID: B1B63B6E (___/lackwareNetwork Engineer +-+-+-+ END PGP SIGNATURE +-+-+-+ -- ___ Check out the latest SMS services @ http://www.linuxmail.org This allows you to send and receive SMS through your mailbox. Powered by Outblaze - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Radius Configuration Helping
Hi; I setup freeradius on slackware. When i send ssh request to a router/switch in network i want radius to check on the identify control. How can I do this? I dont know raddb (radiusd.conf) configuration. Thank you, --- Radius konfigurasyonunu yapmak için bir dokuman var mıdır? Saygilarimla, -- +-+-+- BEGIN PGP SIGNATURE -+-+-+ Version: GnuPG v1.4.2 (GNU/Linux) ___ / __)Kai "Ozgur" Geek \__ \PGP ID: B1B63B6E (___/lackwareNetwork Engineer +-+-+-+ END PGP SIGNATURE +-+-+-+ -- ___ Check out the latest SMS services @ http://www.linuxmail.org This allows you to send and receive SMS through your mailbox. Powered by Outblaze - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Freeradius Configure Help me
Hello, i am install Slackware 10.2 on freeradius server. [EMAIL PROTECTED]:/etc/raddb# radiusd Thu Dec 22 12:07:48 2005 : Info: Starting - reading configuration files ... [EMAIL PROTECTED]:/etc/raddb# what is this mistake ? >From where can i find Radius Install (Configuration) Guide ? Thank you... +-+-+- BEGIN PGP SIGNATURE -+-+-+ Version: GnuPG v1.4.2 (GNU/Linux) ___ / __)Kai "Ozgur" Geek \__ \PGP ID: B1B63B6E (___/lackwareNetwork Engineer +-+-+-+ END PGP SIGNATURE +-+-+-+ -- ___ Check out the latest SMS services @ http://www.linuxmail.org This allows you to send and receive SMS through your mailbox. Powered by Outblaze - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
