Re: Freeradius + Microsoft Active Directory
Hello,
your password crypt key is used. not become in this ethereal can't recognize.
Auth-Type CHAP {
chap
}
Auth-Type MS-CHAP {
mschap
}
you must show the full and state this in the file
#ls /etc/raddact
#vi radius.conf
#vi clients.conf
best regards,
--
Ozgur Karatas
CCNA Network Engineer
Linux System Administrator
ozgur (at) ozgurkaratas dot com
- Original Message -
From: Natalia Escalera [EMAIL PROTECTED]
To: FreeRadius users mailing list freeradius-users@lists.freeradius.org
Subject: Re: Freeradius + Microsoft Active Directory
Date: Sat, 25 Feb 2006 11:53:20 -0600
Hello Mr. DeKok
Thank you for the fast response. The password is clear-text. We are
using ethereal to debug why we are getting Operations Error on the
Search Result. The Operation Errors comment is the following:
In order to perform this operation a successful bind must be completed.
The search request on ethereal from Freeradius to the active directory
gives the following:
Message Type: Search Request
Message Length: 96
Response In: 469
Base DN: dc=test, dc=prt
Scope: subtree (0x02)
Derefence: Never (0x00)
Size Limit: 0
Time Limit: 4
Attributes only: False
Filter: ((objectclass=person)(sAMAccountName=%u))
Attribute: uid we are not sending this attribute and we do not
know where it is specified on Freeradius
Here are the settings given for LDAP module on radius.conf and user file:
#radius.conf
ldap {
server=xxx.xx.xxx.xxx
identity = # If this is suppose to be the bind dn???
password = mypassword
basedn =dc=test,dc=prt
#filter = (uid=%{Stripped-User-Name:-%{User-Name}})
filter =((objectclass=person) (sAMAccountName=%u))
# set this to 'yes' to use TLS encrypted connections
# to the LDAP database by using the StartTLS extended
# operation.
# The StartTLS operation is supposed to be used with normal
# ldap connections instead of using ldaps (port 689) connections
start_tls = no
# tls_cacertfile= /path/to/cacert.pem
# tls_cacertdir = /path/to/ca/dir/
# tls_certfile = /path/to/radius.crt
# tls_keyfile = /path/to/radius.key
# tls_randfile = /path/to/rnd
# tls_require_cert = demand
# default_profile = cn=radprofile,ou=dialup,o=My Org,c=UA
# profile_attribute = radiusProfileDn
access_attr = dialupAccess
# Mapping of RADIUS dictionary attributes to LDAP
# directory attributes.
dictionary_mapping = ${raddbdir}/ldap.attrmap
ldap_connections_number = 5
timeout =5
timelimit =4
net_timeout =2
compare_check_items = yes
}
authenticate {
Auth-Type PAP {
pap
}
Auth-Type CHAP {
chap
}
Auth-Type MS-CHAP {
mschap
}
unix
Auth-Type LDAP {
ldap
}
eap
}
#users file
DEFAULT Auth-Type := LDAP
Fall-Through = 1
Can you please tell us if there is something wrong or if we are
missing something on the configuration files?
Thanks in advance,
Nataly
On 2/25/06, Alan DeKok [EMAIL PROTECTED] wrote:
Natalia Escalera [EMAIL PROTECTED] wrote:
I am setting up freeradius with Microsoft Active Directory. So far, I
am able to connect to the server but not to authenticate a user. Can
you please give me a hint of how the configuration files need to be
set in order to authenticate the user.
If the RADIUS packets have clear-text passwords, then the normal
LDAP module should work. If you're using PEAP or MS-CHAP, read
radiusd.conf,m and use ntlm_auth.
Also, what is 3D used for? (Example: server =3D your.ad.server.org ...)
Nothing. It's an artifact of stupid mailers. 3D is ASCII for '='.
Alan DeKok.
-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
+-+-+-+ BEGIN PGP SIGNATURE +-+-+-+
Version: GnuPG v1.4.2 (GNU/Linux)
.-. .-._
: : : : :_;
.-' : .--. : `-. .-. .--. ,-.,-.
' .; :' '_.'' .; :: :' .; ; : ,. :
`.__.'`.__.'`.__.':_;`.__,_;:_;:_;
Kai Ozgur Geek
Network Engineer
PGP ID: B1B63B6E
+-+-+-+ END PGP SIGNATURE +-+-+-+
--
___
Check out the latest SMS services @ http://www.linuxmail.org
This allows you to send
Re: Freeradius authentication question
Hello,
[EMAIL PROTECTED] root]# vi /etc/raddb/server ??
the config file will this be ?
correct directory;
#vi /etc/raddb/clients.conf
oke.
- Original Message -
From: Le Gal Philippe [EMAIL PROTECTED]
To: FreeRadius users mailing list freeradius-users@lists.freeradius.org
Subject: Freeradius authentication question
Date: Fri, 20 Jan 2006 11:34:51 -
Hi everybody,
I'm trying to authenticate users login in a machine using ssh. I
have configured ssh PAM on that server to autenticate against the
radius server (Redhat Application Server 2.1).
Please find below the debug of the radius server as well as my conf files.
The Free radius server says :
Login incorrect: [test/\010\n\INCORRECT] (from client
us067.eudra.org port 1500 cli 192.168.xx.xx)
WARNING: Unprintable characters in the password. ? Double-check
the shared secret on the server and the NAS!
So did I . I checked the secrets on the server and they are *IDENTICAL*...
I used the NTRadPing utility with exactly the same parameters and
it works absolutely fine !
Thank you for your help !
my /etc/raddb/server file : (on the client machine) :
[EMAIL PROTECTED] root]# vi /etc/raddb/server
# pam_radius_auth configuration file. Copy to: /etc/raddb/server
#
# For proper security, this file SHOULD have permissions 0600,
# that is readable by root, and NO ONE else. If anyone other than
# root can read this file, then they can spoof responses from the server!
#
# There are 3 fields per line in this file. There may be multiple
# lines. Blank lines or lines beginning with '#' are treated as
# comments, and are ignored. The fields are:
#
# server[:port] secret [timeout]
#
# the port name or number is optional. The default port name is
# radius, and is looked up from /etc/services The timeout field is
# optional. The default timeout is 3 seconds.
#
# If multiple RADIUS server lines exist, they are tried in order. The
# first server to return success or failure causes the module to return
# success or failure. Only if a server fails to response is it skipped,
# and the next server in turn is used.
#
# The timeout field controls how many seconds the module waits before
# deciding that the server has failed to respond.
#
# server[:port] shared_secret timeout (s)
loginhost.eudra.org philippe123456 1
#
# having localhost in your radius configuration is a Good Thing.
#
# See the INSTALL file for pam.conf hints.
clients.conf :
client us067.eudra.org {
secret = philippe123456
shortname = us067.eudra.org
}
[EMAIL PROTECTED] raddb]# radiusd -X
Starting - reading configuration files ...
reread_config: reading radiusd.conf
Config: including file: /usr/local/etc/raddb/proxy.conf
Config: including file: /usr/local/etc/raddb/clients.conf
Config: including file: /usr/local/etc/raddb/snmp.conf
Config: including file: /usr/local/etc/raddb/eap.conf
Config: including file: /usr/local/etc/raddb/sql.conf
main: prefix = /usr/local
main: localstatedir = /usr/local/var
main: logdir = /usr/local/var/log/radius
main: libdir = /usr/local/lib
main: radacctdir = /usr/local/var/log/radius/radacct
main: hostname_lookups = no
main: max_request_time = 30
main: cleanup_delay = 5
main: max_requests = 1024
main: delete_blocked_requests = 0
main: port = 0
main: allow_core_dumps = no
main: log_stripped_names = no
main: log_file = /usr/local/var/log/radius/radius.log
main: log_auth = yes
main: log_auth_badpass = yes
main: log_auth_goodpass = yes
main: pidfile = /usr/local/var/run/radiusd/radiusd.pid
main: user = (null)
main: group = (null)
main: usercollide = no
main: lower_user = no
main: lower_pass = no
main: nospace_user = no
main: nospace_pass = no
main: checkrad = /usr/local/sbin/checkrad
main: proxy_requests = yes
proxy: retry_delay = 5
proxy: retry_count = 3
proxy: synchronous = no
proxy: default_fallback = yes
proxy: dead_time = 120
proxy: post_proxy_authorize = yes
proxy: wake_all_if_all_dead = no
security: max_attributes = 200
security: reject_delay = 1
security: status_server = no
main: debug_level = 0
read_config_files: reading dictionary
read_config_files: reading naslist
Using deprecated naslist file. Support for this will go away soon.
read_config_files: reading clients
read_config_files: reading realms
radiusd: entering modules setup
Module: Library search path is /usr/local/lib
Module: Loaded exec
exec: wait = yes
exec: program = (null)
exec: input_pairs = request
exec: output_pairs = (null)
exec: packet_type = (null)
rlm_exec: Wait=yes but no output defined. Did you mean output=none?
Module: Instantiated exec (exec)
Module: Loaded expr
Module: Instantiated expr (expr)
Module: Loaded PAP
pap: encryption_scheme = crypt
Module: Instantiated pap
RE: Freeradius authentication question
hmm ok
a lot thank you..
regards :)
- Original Message -
From: Le Gal Philippe [EMAIL PROTECTED]
To: FreeRadius users mailing list freeradius-users@lists.freeradius.org
Subject: RE: Freeradius authentication question
Date: Fri, 20 Jan 2006 12:08:59 -
The Pam radius configuration file on the client machine should be
located here: /etc/raddb/server (cf pam radius INSTALL)
I can't see why the radius server can not decrypt the password when
I know my shared secret is absolutely identical on the client and
on the radius server.
Anyone ?
Philippe
-Original Message-
From:
[EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]
dius.org]On Behalf Of Kai Geek
Sent: 20 January 2006 12:00
To: FreeRadius users mailing list
Subject: Re: Freeradius authentication question
Hello,
[EMAIL PROTECTED] root]# vi /etc/raddb/server ??
the config file will this be ?
correct directory;
#vi /etc/raddb/clients.conf
oke.
- Original Message -
From: Le Gal Philippe [EMAIL PROTECTED]
To: FreeRadius users mailing list freeradius-users@lists.freeradius.org
Subject: Freeradius authentication question Date: Fri, 20 Jan
2006 11:34:51 -
Hi everybody,
I'm trying to authenticate users login in a machine using ssh. I
have configured ssh PAM on that server to autenticate against
the radius server (Redhat Application Server 2.1).
Please find below the debug of the radius server as well as my conf files.
The Free radius server says :
Login incorrect: [test/\010\n\INCORRECT] (from client
us067.eudra.org port 1500 cli 192.168.xx.xx)
WARNING: Unprintable characters in the password. ?
Double-check the shared secret on the server and the NAS!
So did I . I checked the secrets on the server and they are *IDENTICAL*...
I used the NTRadPing utility with exactly the same parameters and
it works absolutely fine !
Thank you for your help !
my /etc/raddb/server file : (on the client machine) :
[EMAIL PROTECTED] root]# vi /etc/raddb/server
# pam_radius_auth configuration file. Copy to: /etc/raddb/server
#
# For proper security, this file SHOULD have permissions 0600,
# that is readable by root, and NO ONE else. If anyone other than
# root can read this file, then they can spoof responses from the server!
#
# There are 3 fields per line in this file. There may be multiple
# lines. Blank lines or lines beginning with '#' are treated as
# comments, and are ignored. The fields are:
#
# server[:port] secret [timeout]
#
# the port name or number is optional. The default port name is
# radius, and is looked up from /etc/services The timeout field is
# optional. The default timeout is 3 seconds.
#
# If multiple RADIUS server lines exist, they are tried in order. The
# first server to return success or failure causes the module to return
# success or failure. Only if a server fails to response is it skipped,
# and the next server in turn is used.
#
# The timeout field controls how many seconds the module waits before
# deciding that the server has failed to respond.
#
# server[:port] shared_secret timeout (s)
loginhost.eudra.org philippe123456 1
#
# having localhost in your radius configuration is a Good Thing.
#
# See the INSTALL file for pam.conf hints.
clients.conf :
client us067.eudra.org {
secret = philippe123456
shortname = us067.eudra.org
}
[EMAIL PROTECTED] raddb]# radiusd -X
Starting - reading configuration files ...
reread_config: reading radiusd.conf
Config: including file: /usr/local/etc/raddb/proxy.conf
Config: including file: /usr/local/etc/raddb/clients.conf
Config: including file: /usr/local/etc/raddb/snmp.conf
Config: including file: /usr/local/etc/raddb/eap.conf
Config: including file: /usr/local/etc/raddb/sql.conf
main: prefix = /usr/local
main: localstatedir = /usr/local/var
main: logdir = /usr/local/var/log/radius
main: libdir = /usr/local/lib
main: radacctdir = /usr/local/var/log/radius/radacct
main: hostname_lookups = no
main: max_request_time = 30
main: cleanup_delay = 5
main: max_requests = 1024
main: delete_blocked_requests = 0
main: port = 0
main: allow_core_dumps = no
main: log_stripped_names = no
main: log_file = /usr/local/var/log/radius/radius.log
main: log_auth = yes
main: log_auth_badpass = yes
main: log_auth_goodpass = yes
main: pidfile = /usr/local/var/run/radiusd/radiusd.pid
main: user = (null)
main: group = (null)
main: usercollide = no
main: lower_user = no
main: lower_pass = no
main: nospace_user = no
main: nospace_pass = no
main: checkrad = /usr/local/sbin/checkrad
main: proxy_requests = yes
proxy: retry_delay = 5
proxy: retry_count = 3
proxy: synchronous = no
proxy: default_fallback
Re: Ippool and NAS
Hello,
where you radius server and users config file ?
- Original Message -
From: Johansson, Daniel [EMAIL PROTECTED]
To: freeradius-users@lists.freeradius.org
Subject: Ippool and NAS
Date: Thu, 19 Jan 2006 15:18:59 +0100
Hi Freeradius users.
I have compiled and installed the 1.1.0 version of Freeradius and made
the basic configurations and everything works fine.
Now I have 5 NAS boxes that is accessing the radius server the problem
is that I want each NAS to use a set if ipadresses.
So for NAS(1) the radius should return ippool(1) and so on.
I have looked at the FAQ and have been searching in the mail archive for
several hours and have only seen people asking about allocating
ipadresses for specific user(s) or group(s) but not for a NAS.
Could anyone please help me to get me started on this.
Best Regards
/Daniel Johansson
Below is my NAS boxes in clients.conf
# Client for RTP-RFTN, GGSN 1
client 192.168.9.1 {
secret = xxx
shortname = RTP-RFTN
}
# Client for S99, GGSN 249
client 192.168.15.249 {
secret = xxx
shortname = S99 GGSN 249
}
# Client for S98, GGSN 254
client 192.168.13.254 {
secret = xxx
shortname = S98 GGSN 254
}
# Client for GLANA, GGSN 250
client 192.168.11.250 {
secret = xxx
shortname = GLANA GGSN 250
}
# Client for Telia GLANA, GGSN 249
client 192.168.11.249 {
secret = xxx
shortname = GLANA GGSN 249
}
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
+-+-+-+ BEGIN PGP SIGNATURE +-+-+-+
Version: GnuPG v1.4.2 (GNU/Linux)
.-. .-._
: : : : :_;
.-' : .--. : `-. .-. .--. ,-.,-.
' .; :' '_.'' .; :: :' .; ; : ,. :
`.__.'`.__.'`.__.':_;`.__,_;:_;:_;
Kai Ozgur Geek
Network Engineer
PGP ID: B1B63B6E
+-+-+-+ END PGP SIGNATURE +-+-+-+
--
___
Check out the latest SMS services @ http://www.linuxmail.org
This allows you to send and receive SMS through your mailbox.
Powered by Outblaze
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Installation problem Radiusd does not exist
Hello, #tar zxvf freeradius-1.0.5.tar.gz #cd freeradius-1.0.5 #./configure --localstatedir=/var --sysconfdir=/etc #make #make install for command debian; ozgur:~# apt-cache search freeradius freeradius - a high-performance and highly configurable server #apt-get install freeradius and #cd /etc/raddb #pico users #pico clients.conf for edit users and clients file, #radiusd -X - Original Message - From: Nicolas Baradakis [EMAIL PROTECTED] To: FreeRadius users mailing list freeradius-users@lists.freeradius.org Subject: Re: Installation problem Radiusd does not exist Date: Thu, 5 Jan 2006 12:47:08 +0100 Nicola Iotti wrote: I'm installing freeradius 1.0.5 on a Debian Linux system I've downloaded tarball, extracted it with #tar zxvf freeradius-1.0.5.tar.gz I did : ./configure make make install You should just get the Debian binary package with apt-get. If you really want to recompile FreeRADIUS from source, see the advices on the wiki: http://wiki.freeradius.org/index.php/FreeRADIUS_Wiki:FAQ#How_do_I_build_a_Debian_package_from_sources.3F And please turn off HTML in your email client when posting to this mailing list: http://freeradius.org/list/users.html -- Nicolas Baradakis - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html +-+-+-+ BEGIN PGP SIGNATURE +-+-+-+ Version: GnuPG v1.4.2 (GNU/Linux) .-. .-._ : : : : :_; .-' : .--. : `-. .-. .--. ,-.,-. ' .; :' '_.'' .; :: :' .; ; : ,. : `.__.'`.__.'`.__.':_;`.__,_;:_;:_; Kai Ozgur Geek Network Engineer PGP ID: B1B63B6E +-+-+-+ END PGP SIGNATURE +-+-+-+ -- ___ Check out the latest SMS services @ http://www.linuxmail.org This allows you to send and receive SMS through your mailbox. Powered by Outblaze - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Freeradius probleming help me
Hello,
[EMAIL PROTECTED]:/etc/raddb# radiusd -p 1645
Ignoring deprecated command-line option -pTue Jan 3 10:06:51 2006 : Info:
Starting - reading configuration files ...
why problem on radiusd ?
[EMAIL PROTECTED]:/etc/raddb# radiusd -X
Starting - reading configuration files ...
reread_config: reading radiusd.conf
Config: including file: /etc/raddb/clients.conf
Config: including file: /etc/raddb/eap.conf
Config: including file: /etc/raddb/sql.conf
main: prefix = /usr/local
main: localstatedir = /var
main: logdir = /var/log/radius
main: libdir = /usr/local/lib
main: radacctdir = /var/log/radius/radacct
main: hostname_lookups = no
main: max_request_time = 30
main: cleanup_delay = 5
main: max_requests = 1024
main: delete_blocked_requests = 0
main: port = 1645
main: allow_core_dumps = no
main: log_stripped_names = no
main: log_file = /var/log/radius/radius.log
main: log_auth = yes
main: log_auth_badpass = no
main: log_auth_goodpass = no
main: pidfile = /var/run/radiusd/radiusd.pid
main: bind_address = 10.0.0.6 IP address [10.0.0.6]
main: user = root
main: group = (null)
main: usercollide = no
main: lower_user = no
main: lower_pass = no
main: nospace_user = no
main: nospace_pass = no
main: checkrad = /usr/local/sbin/checkrad
main: proxy_requests = yes
security: max_attributes = 200
security: reject_delay = 1
security: status_server = no
main: debug_level = 0
read_config_files: reading dictionary
read_config_files: reading naslist
Using deprecated naslist file. Support for this will go away soon.
read_config_files: reading clients
read_config_files: reading realms
radiusd: entering modules setup
Module: Library search path is /usr/local/lib
Module: Loaded exec
exec: wait = yes
exec: program = (null)
exec: input_pairs = request
exec: output_pairs = (null)
exec: packet_type = (null)
rlm_exec: Wait=yes but no output defined. Did you mean output=none?
Module: Instantiated exec (exec)
Module: Loaded expr
Module: Instantiated expr (expr)
Module: Loaded PAP
pap: encryption_scheme = crypt
Module: Instantiated pap (pap)
Module: Loaded CHAP
Module: Instantiated chap (chap)
Module: Loaded MS-CHAP
mschap: use_mppe = yes
mschap: require_encryption = no
mschap: require_strong = no
mschap: with_ntdomain_hack = no
mschap: passwd = (null)
mschap: authtype = MS-CHAP
mschap: ntlm_auth = (null)
Module: Instantiated mschap (mschap)
Module: Loaded DIGEST
Module: Instantiated digest (digest)
Module: Loaded System
unix: cache = no
unix: passwd = (null)
unix: shadow = (null)
unix: group = (null)
unix: radwtmp = /var/log/radius/radwtmp
unix: usegroup = no
unix: cache_reload = 600
Module: Instantiated unix (unix)
Module: Loaded eap
eap: default_eap_type = md5
eap: timer_expire = 60
eap: ignore_unknown_eap_types = no
eap: cisco_accounting_username_bug = no
rlm_eap: Loaded and initialized type md5
rlm_eap: Loaded and initialized type leap
gtc: challenge = Password:
gtc: auth_type = PAP
rlm_eap: Loaded and initialized type gtc
mschapv2: with_ntdomain_hack = no
rlm_eap: Loaded and initialized type mschapv2
Module: Instantiated eap (eap)
Module: Loaded detail
detail: detailfile =
/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d
detail: detailperm = 384
detail: dirperm = 493
detail: locking = no
Module: Instantiated detail (auth_log)
Module: Loaded attr_filter
attr_filter: attrsfile = /etc/raddb/attrs
rlm_attr_filter: Authorize method will be deprecated.
Module: Instantiated attr_filter (attr_filter)
Module: Loaded realm
realm: format = suffix
realm: delimiter = @
realm: ignore_default = no
realm: ignore_null = no
Module: Instantiated realm (suffix)
Module: Loaded files
files: usersfile = /etc/raddb/users
files: acctusersfile = /etc/raddb/acct_users
files: preproxy_usersfile = /etc/raddb/preproxy_users
files: compat = no
Module: Instantiated files (files)
Module: Loaded Acct-Unique-Session-Id
acct_unique: key = User-Name, Acct-Session-Id, NAS-IP-Address,
Client-IP-Address, NAS-Port
Module: Instantiated acct_unique (acct_unique)
detail: detailfile =
/var/log/radius/radacct/%{Client-IP-Address}/detail-%Y%m%d
detail: detailperm = 384
detail: dirperm = 493
detail: locking = no
Module: Instantiated detail (detail)
Module: Loaded radutmp
radutmp: filename = /var/log/radius/radutmp
radutmp: username = %{User-Name}
radutmp: case_sensitive = yes
radutmp: check_with_nas = yes
radutmp: perm = 384
radutmp: callerid = yes
Module: Instantiated radutmp (radutmp)
Listening on authentication 10.0.0.6:1645
Listening on accounting 10.0.0.6:1646
Listening on proxy 10.0.0.6:1647
Ready to process requests.
#vi users
steveAuth-Type := System
Service-Type = Shell-User,
Login-Service = Telnet,
Login-IP-Host = 0.0.0.0,
Login-TCP-Port = Telnet
#vi clients.conf
client 10.0.0.250 {
secret = 250
shortname = switch
nastype= dlink
}
Module Problem
[EMAIL PROTECTED]:/etc/raddb# radiusd -X Module: Library search path is /usr/local/lib ERROR: Cannot find a configuration entry for module exec. why problem? +-+-+-+ BEGIN PGP SIGNATURE +-+-+-+ Version: GnuPG v1.4.2 (GNU/Linux) .-. .-._ : : : : :_; .-' : .--. : `-. .-. .--. ,-.,-. ' .; :' '_.'' .; :: :' .; ; : ,. : `.__.'`.__.'`.__.':_;`.__,_;:_;:_; Kai Ozgur Geek Network Engineer PGP ID: B1B63B6E +-+-+-+ END PGP SIGNATURE +-+-+-+ -- ___ Check out the latest SMS services @ http://www.linuxmail.org This allows you to send and receive SMS through your mailbox. Powered by Outblaze - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
FreeRadius and Dlink Switch Authentication Problem
Hello,
i am using freeradius in my computer with the ip 10.0.0.6
i have a dlink 3226s model switch in my network and its ip is 10.0.0.250
i want this switch to verify username and password from radius server
(10.0.0.6)
i have added 10.0.0.250 as a client to the radius servers clients.conf and
users files and i introduced a user. but still it doesnt connect. where may be
the error?
when i test locally, it seems as working but teh switch doesnt connect to
radius?
thank you,
using command radius server (10.0.0.6)
[EMAIL PROTECTED] clients.conf
client 10.0.0.250 {
secret = 250
shortname = 1
}
[EMAIL PROTECTED] users
steve Auth-Type := Local, User-Password == testing
Service-Type = Framed-User,
Framed-Protocol = PPP,
Framed-IP-Address = 127.0.0.1,
Framed-IP-Netmask = 255.255.255.0,
Framed-Routing = Broadcast-Listen,
Framed-Filter-Id = std.ppp,
Framed-MTU = 1500,
Framed-Compression = Van-Jacobsen-TCP-IP
#radtest steve testing 10.0.0.6 1812 testing
okay
what problem ?
when i test locally, it seems as working but teh switch doesnt connect to
radius?
+-+-+-+ BEGIN PGP SIGNATURE +-+-+-+
Version: GnuPG v1.4.2 (GNU/Linux)
.-. .-._
: : : : :_;
.-' : .--. : `-. .-. .--. ,-.,-.
' .; :' '_.'' .; :: :' .; ; : ,. :
`.__.'`.__.'`.__.':_;`.__,_;:_;:_;
Kai Ozgur Geek
Network Engineer
PGP ID: B1B63B6E
+-+-+-+ END PGP SIGNATURE +-+-+-+
--
___
Check out the latest SMS services @ http://www.linuxmail.org
This allows you to send and receive SMS through your mailbox.
Powered by Outblaze
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: FreeRadius and Dlink Switch Authentication Problem
Merhabalar Inci hanim,
oncelikle yardimlariniz icin cok tesekkur ederim. Ancak tacacs kullanamiyoruz
cunku switchlerin cogu Dlink ve 3226 modeli yani tacacs yok. radius server
destekliyorlar. bu nedenle radius kullanmam gerek.
#radiusd -X
diyerek debug moda aliyorum ve benim ip adresim 10.0.0.185 radius server ise
10.0.0.6'da calisiyor. switch ise (dlink marka) 10.0.0.250 ip adresine sahip.
ben
#telnet 10.0.0.250
komutunu verdigim zaman switchin kendi icindeki kullanici ile (admin)
girebiliyorum. ama hicbir log dusmuyor. ne onerirsiniz?
- Original Message -
From: Inci Gedik [EMAIL PROTECTED]
To: 'FreeRadius users mailing list' freeradius-users@lists.freeradius.org
Subject: RE: FreeRadius and Dlink Switch Authentication Problem
Date: Thu, 29 Dec 2005 15:20:43 +0200
Selam,
Radius un debug ettin mi ? Sen switch e baglanmaya calisirken ekrana neler
geliyor bir bakar misin ? Birde calisan bir sistemden ornek veriim :
client.conf dosyani asagidaki gibi editler misin ?
client 10.0.0.250 {
secret = 250
shortname = switch
nastype = cisco
}
Users dosyasindaki kulanici tanimlamasini asagidaki gibi yapip, linux
sisteminde steve diye bir kullanici acip bir de sifre verirsen baglantiyi
saglayabilirsin.
steve Auth-Type := System
Service-Type = Shell-User,
Login-Service = Telnet,
Login-IP-Host = 0.0.0.0,
Login-TCP-Port = Telnet
Linux altinda port numaralarinda acik degil mi ? Bu sekilde bir kontrol
edersen bir de conf dosyani inceleyebiliriz. O zaman conf dosyanda bir hata
var demektir.
Bi de israrla tacacs+ diyorum : )
Kolay gelsin ,
Inci Gedik
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On
Behalf Of Kai Geek
Sent: 29 Aralık 2005 Perşembe 14:24
To: freeradius-users@lists.freeradius.org
Subject: FreeRadius and Dlink Switch Authentication Problem
Hello,
i am using freeradius in my computer with the ip 10.0.0.6
i have a dlink 3226s model switch in my network and its ip is 10.0.0.250
i want this switch to verify username and password from radius server
(10.0.0.6)
i have added 10.0.0.250 as a client to the radius servers clients.conf and
users files and i introduced a user. but still it doesnt connect. where may
be the error?
when i test locally, it seems as working but teh switch doesnt connect to
radius?
thank you,
using command radius server (10.0.0.6)
[EMAIL PROTECTED] clients.conf
client 10.0.0.250 {
secret = 250
shortname = 1
}
[EMAIL PROTECTED] users
steve Auth-Type := Local, User-Password == testing
Service-Type = Framed-User,
Framed-Protocol = PPP,
Framed-IP-Address = 127.0.0.1,
Framed-IP-Netmask = 255.255.255.0,
Framed-Routing = Broadcast-Listen,
Framed-Filter-Id = std.ppp,
Framed-MTU = 1500,
Framed-Compression = Van-Jacobsen-TCP-IP
#radtest steve testing 10.0.0.6 1812 testing
okay
what problem ?
when i test locally, it seems as working but teh switch doesnt connect to
radius?
+-+-+-+ BEGIN PGP SIGNATURE +-+-+-+
Version: GnuPG v1.4.2 (GNU/Linux)
.-. .-._
: : : : :_;
.-' : .--. : `-. .-. .--. ,-.,-.
' .; :' '_.'' .; :: :' .; ; : ,. :
`.__.'`.__.'`.__.':_;`.__,_;:_;:_;
Kai Ozgur Geek
Network Engineer
PGP ID: B1B63B6E
+-+-+-+ END PGP SIGNATURE +-+-+-+
--
___
Check out the latest SMS services @ http://www.linuxmail.org
This allows you to send and receive SMS through your mailbox.
Powered by Outblaze
-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
+-+-+-+ BEGIN PGP SIGNATURE +-+-+-+
Version: GnuPG v1.4.2 (GNU/Linux)
.-. .-._
: : : : :_;
.-' : .--. : `-. .-. .--. ,-.,-.
' .; :' '_.'' .; :: :' .; ; : ,. :
`.__.'`.__.'`.__.':_;`.__,_;:_;:_;
Kai Ozgur Geek
Network Engineer
PGP ID: B1B63B6E
+-+-+-+ END PGP SIGNATURE +-+-+-+
--
___
Check out the latest SMS services @ http://www.linuxmail.org
This allows you to send and receive SMS through your mailbox.
Powered by Outblaze
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Hello Radius Server Problem
Hello,
what your radius server starting problem? dont log /varlog/radius/radius.conf
:(
Switch IP: 10.0.0.250 - Dlink (26 Port)
Radius Server: 10.0.0.6
#ssh 10.0.0.6
#pico clients.conf
client 10.0.0.250 {
secret = testing
shortname = des-deneme
}
#pico users
tbaygul Auth-Type := Local, User-Password == testing
Service-Type = Framed-User,
Framed-Protocol = PPP,
# Framed-IP-Address = ,
# Framed-IP-Netmask = 255.255.255.0,
Framed-Routing = Broadcast-Listen,
Framed-Filter-Id = std.ppp,
Framed-MTU = 1500,
Framed-Compression = Van-Jacobsen-TCP-IP
[EMAIL PROTECTED]:/etc# radiusd -X
Starting - reading configuration files ...
reread_config: reading radiusd.conf
Config: including file: /etc/raddb/proxy.conf
Config: including file: /etc/raddb/clients.conf
Config: including file: /etc/raddb/snmp.conf
Config: including file: /etc/raddb/eap.conf
Config: including file: /etc/raddb/sql.conf
main: prefix = /usr/local
main: localstatedir = /var
main: logdir = /var/log/radius
main: libdir = /usr/local/lib
main: radacctdir = /var/log/radius/radacct
main: hostname_lookups = no
main: max_request_time = 30
main: cleanup_delay = 5
main: max_requests = 1024
main: delete_blocked_requests = 0
main: port = 1812
main: allow_core_dumps = no
main: log_stripped_names = no
main: log_file = /var/log/radius/radius.log
main: log_auth = yes
main: log_auth_badpass = no
main: log_auth_goodpass = no
main: pidfile = /var/run/radiusd/radiusd.pid
main: bind_address = 127.0.0.1 IP address [127.0.0.1]
main: user = (null)
main: group = (null)
main: usercollide = no
main: lower_user = no
main: lower_pass = no
main: nospace_user = no
main: nospace_pass = no
main: checkrad = /usr/local/sbin/checkrad
main: proxy_requests = yes
proxy: retry_delay = 5
proxy: retry_count = 3
proxy: synchronous = no
proxy: default_fallback = yes
proxy: dead_time = 120
proxy: post_proxy_authorize = yes
proxy: wake_all_if_all_dead = no
security: max_attributes = 200
security: reject_delay = 1
security: status_server = no
main: debug_level = 0
read_config_files: reading dictionary
read_config_files: reading naslist
Using deprecated naslist file. Support for this will go away soon.
read_config_files: reading clients
read_config_files: reading realms
listen: ipaddr = 10.0.0.6 IP address [10.0.0.6]
listen: port = 1812
listen: type = auth
radiusd: entering modules setup
Module: Library search path is /usr/local/lib
Module: Loaded exec
exec: wait = yes
exec: program = (null)
exec: input_pairs = request
exec: output_pairs = (null)
exec: packet_type = (null)
rlm_exec: Wait=yes but no output defined. Did you mean output=none?
Module: Instantiated exec (exec)
Module: Loaded expr
Module: Instantiated expr (expr)
Module: Loaded PAP
pap: encryption_scheme = crypt
Module: Instantiated pap (pap)
Module: Loaded CHAP
Module: Instantiated chap (chap)
Module: Loaded MS-CHAP
mschap: use_mppe = yes
mschap: require_encryption = no
mschap: require_strong = no
mschap: with_ntdomain_hack = no
mschap: passwd = (null)
mschap: authtype = MS-CHAP
mschap: ntlm_auth = (null)
Module: Instantiated mschap (mschap)
Module: Loaded System
unix: cache = no
unix: passwd = (null)
unix: shadow = (null)
unix: group = (null)
unix: radwtmp = /var/log/radius/radwtmp
unix: usegroup = no
unix: cache_reload = 600
Module: Instantiated unix (unix)
Module: Loaded eap
eap: default_eap_type = md5
eap: timer_expire = 60
eap: ignore_unknown_eap_types = no
eap: cisco_accounting_username_bug = no
rlm_eap: Loaded and initialized type md5
rlm_eap: Loaded and initialized type leap
gtc: challenge = Password:
gtc: auth_type = PAP
rlm_eap: Loaded and initialized type gtc
mschapv2: with_ntdomain_hack = no
rlm_eap: Loaded and initialized type mschapv2
Module: Instantiated eap (eap)
Module: Loaded preprocess
preprocess: huntgroups = /etc/raddb/huntgroups
preprocess: hints = /etc/raddb/hints
preprocess: with_ascend_hack = no
preprocess: ascend_channels_per_line = 23
preprocess: with_ntdomain_hack = no
preprocess: with_specialix_jetstream_hack = no
preprocess: with_cisco_vsa_hack = no
Module: Instantiated preprocess (preprocess)
Module: Loaded realm
realm: format = suffix
realm: delimiter = @
realm: ignore_default = no
realm: ignore_null = no
Module: Instantiated realm (suffix)
Module: Loaded files
files: usersfile = /etc/raddb/users
files: acctusersfile = /etc/raddb/acct_users
files: preproxy_usersfile = /etc/raddb/preproxy_users
files: compat = no
Module: Instantiated files (files)
Module: Loaded Acct-Unique-Session-Id
acct_unique: key = User-Name, Acct-Session-Id, NAS-IP-Address,
Client-IP-Address, NAS-Port
Module: Instantiated acct_unique (acct_unique)
Module: Loaded detail
detail: detailfile =
/var/log/radius/radacct/%{Client-IP-Address}/detail-%Y%m%d
detail: detailperm = 384
detail: dirperm = 493
detail: locking = no
Module:
radius error file
#tail -f /var/log/radius/radius.log Wed Dec 28 13:31:21 2005 : Info: Using deprecated naslist file. Support for this will go away soon. Wed Dec 28 13:31:21 2005 : Info: rlm_exec: Wait=yes but no output defined. Did you mean output=none? Wed Dec 28 13:31:21 2005 : Info: Ready to process requests. why problem in radius server ? -- ___ Check out the latest SMS services @ http://www.linuxmail.org This allows you to send and receive SMS through your mailbox. Powered by Outblaze - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
radiusd -X and Raddb Configure
Hello, i am installing freeradius server and operating system slackware 10.2 #cd /etc/raddb #list acct_users clients.conf hints naslist preproxy_users snmp.conf x99passwd.sample attrs dictionary huntgroupsnaspasswdproxy.conf sql.conf certs/ eap.conf ldap.attrmap oraclesql.conf radiusd.conf users clients experimental.conf mssql.confpostgresql.conf realms x99.conf #radiusd -X Module: Instantiated unix (unix) radiusd.conf[1682] Unknown Auth-Type System in authenticate section. what problem? -- -- | Radius Server || Dlink Switch | | IP : 10.0.0.200|--- | IP: 10.0.0.250 | -- -- | ssh accepting radius| ^ |__| | __| | (ssh wish request) | | -- | My Computer| | IP: 10.0.0.201 | -- How do I topology ensure this? what Raddb server must I do ? Thank you +-+-+- BEGIN PGP SIGNATURE -+-+-+ Version: GnuPG v1.4.2 (GNU/Linux) ___ / __)Kai Ozgur Geek \__ \PGP ID: B1B63B6E (___/lackwareNetwork Engineer +-+-+-+ END PGP SIGNATURE +-+-+-+ -- ___ Check out the latest SMS services @ http://www.linuxmail.org This allows you to send and receive SMS through your mailbox. Powered by Outblaze - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Freeradius Configure Help me
Hello, i am install Slackware 10.2 on freeradius server. [EMAIL PROTECTED]:/etc/raddb# radiusd Thu Dec 22 12:07:48 2005 : Info: Starting - reading configuration files ... [EMAIL PROTECTED]:/etc/raddb# what is this mistake ? From where can i find Radius Install (Configuration) Guide ? Thank you... +-+-+- BEGIN PGP SIGNATURE -+-+-+ Version: GnuPG v1.4.2 (GNU/Linux) ___ / __)Kai Ozgur Geek \__ \PGP ID: B1B63B6E (___/lackwareNetwork Engineer +-+-+-+ END PGP SIGNATURE +-+-+-+ -- ___ Check out the latest SMS services @ http://www.linuxmail.org This allows you to send and receive SMS through your mailbox. Powered by Outblaze - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Freeradius Configure Help me
Hello, Errors reading dictionary: dict_init: /usr/share/freeradius/dictionary[14]: Couldn't open dictionary /usr/share/freeradius/d ictionary: Too many open files Errors reading radiusd.conf - Original Message - From: Philippe Sultan [EMAIL PROTECTED] To: FreeRadius users mailing list freeradius-users@lists.freeradius.org Subject: Re: Freeradius Configure Help me Date: Thu, 22 Dec 2005 11:58:45 +0100 On 12/22/05, Kai Geek [EMAIL PROTECTED] wrote: Hello, i am install Slackware 10.2 on freeradius server. In this order? [EMAIL PROTECTED]:/etc/raddb# radiusd Thu Dec 22 12:07:48 2005 : Info: Starting - reading configuration files ... [EMAIL PROTECTED]:/etc/raddb# You successfully launched the radiusd daemon. Try radiusd -X to keep output to your terminal. Bye, Philippe - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html +-+-+- BEGIN PGP SIGNATURE -+-+-+ Version: GnuPG v1.4.2 (GNU/Linux) ___ / __)Kai Ozgur Geek \__ \PGP ID: B1B63B6E (___/lackwareNetwork Engineer +-+-+-+ END PGP SIGNATURE +-+-+-+ -- ___ Check out the latest SMS services @ http://www.linuxmail.org This allows you to send and receive SMS through your mailbox. Powered by Outblaze - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
