Re: Freeradius + Microsoft Active Directory
Hello, your password crypt key is used. not become in this ethereal can't recognize. Auth-Type CHAP { chap } Auth-Type MS-CHAP { mschap } you must show the full and state this in the file #ls /etc/raddact #vi radius.conf #vi clients.conf best regards, -- Ozgur Karatas CCNA Network Engineer Linux System Administrator ozgur (at) ozgurkaratas dot com - Original Message - From: Natalia Escalera [EMAIL PROTECTED] To: FreeRadius users mailing list freeradius-users@lists.freeradius.org Subject: Re: Freeradius + Microsoft Active Directory Date: Sat, 25 Feb 2006 11:53:20 -0600 Hello Mr. DeKok Thank you for the fast response. The password is clear-text. We are using ethereal to debug why we are getting Operations Error on the Search Result. The Operation Errors comment is the following: In order to perform this operation a successful bind must be completed. The search request on ethereal from Freeradius to the active directory gives the following: Message Type: Search Request Message Length: 96 Response In: 469 Base DN: dc=test, dc=prt Scope: subtree (0x02) Derefence: Never (0x00) Size Limit: 0 Time Limit: 4 Attributes only: False Filter: ((objectclass=person)(sAMAccountName=%u)) Attribute: uid we are not sending this attribute and we do not know where it is specified on Freeradius Here are the settings given for LDAP module on radius.conf and user file: #radius.conf ldap { server=xxx.xx.xxx.xxx identity = # If this is suppose to be the bind dn??? password = mypassword basedn =dc=test,dc=prt #filter = (uid=%{Stripped-User-Name:-%{User-Name}}) filter =((objectclass=person) (sAMAccountName=%u)) # set this to 'yes' to use TLS encrypted connections # to the LDAP database by using the StartTLS extended # operation. # The StartTLS operation is supposed to be used with normal # ldap connections instead of using ldaps (port 689) connections start_tls = no # tls_cacertfile= /path/to/cacert.pem # tls_cacertdir = /path/to/ca/dir/ # tls_certfile = /path/to/radius.crt # tls_keyfile = /path/to/radius.key # tls_randfile = /path/to/rnd # tls_require_cert = demand # default_profile = cn=radprofile,ou=dialup,o=My Org,c=UA # profile_attribute = radiusProfileDn access_attr = dialupAccess # Mapping of RADIUS dictionary attributes to LDAP # directory attributes. dictionary_mapping = ${raddbdir}/ldap.attrmap ldap_connections_number = 5 timeout =5 timelimit =4 net_timeout =2 compare_check_items = yes } authenticate { Auth-Type PAP { pap } Auth-Type CHAP { chap } Auth-Type MS-CHAP { mschap } unix Auth-Type LDAP { ldap } eap } #users file DEFAULT Auth-Type := LDAP Fall-Through = 1 Can you please tell us if there is something wrong or if we are missing something on the configuration files? Thanks in advance, Nataly On 2/25/06, Alan DeKok [EMAIL PROTECTED] wrote: Natalia Escalera [EMAIL PROTECTED] wrote: I am setting up freeradius with Microsoft Active Directory. So far, I am able to connect to the server but not to authenticate a user. Can you please give me a hint of how the configuration files need to be set in order to authenticate the user. If the RADIUS packets have clear-text passwords, then the normal LDAP module should work. If you're using PEAP or MS-CHAP, read radiusd.conf,m and use ntlm_auth. Also, what is 3D used for? (Example: server =3D your.ad.server.org ...) Nothing. It's an artifact of stupid mailers. 3D is ASCII for '='. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html +-+-+-+ BEGIN PGP SIGNATURE +-+-+-+ Version: GnuPG v1.4.2 (GNU/Linux) .-. .-._ : : : : :_; .-' : .--. : `-. .-. .--. ,-.,-. ' .; :' '_.'' .; :: :' .; ; : ,. : `.__.'`.__.'`.__.':_;`.__,_;:_;:_; Kai Ozgur Geek Network Engineer PGP ID: B1B63B6E +-+-+-+ END PGP SIGNATURE +-+-+-+ -- ___ Check out the latest SMS services @ http://www.linuxmail.org This allows you to send
Re: Freeradius authentication question
Hello, [EMAIL PROTECTED] root]# vi /etc/raddb/server ?? the config file will this be ? correct directory; #vi /etc/raddb/clients.conf oke. - Original Message - From: Le Gal Philippe [EMAIL PROTECTED] To: FreeRadius users mailing list freeradius-users@lists.freeradius.org Subject: Freeradius authentication question Date: Fri, 20 Jan 2006 11:34:51 - Hi everybody, I'm trying to authenticate users login in a machine using ssh. I have configured ssh PAM on that server to autenticate against the radius server (Redhat Application Server 2.1). Please find below the debug of the radius server as well as my conf files. The Free radius server says : Login incorrect: [test/\010\n\INCORRECT] (from client us067.eudra.org port 1500 cli 192.168.xx.xx) WARNING: Unprintable characters in the password. ? Double-check the shared secret on the server and the NAS! So did I . I checked the secrets on the server and they are *IDENTICAL*... I used the NTRadPing utility with exactly the same parameters and it works absolutely fine ! Thank you for your help ! my /etc/raddb/server file : (on the client machine) : [EMAIL PROTECTED] root]# vi /etc/raddb/server # pam_radius_auth configuration file. Copy to: /etc/raddb/server # # For proper security, this file SHOULD have permissions 0600, # that is readable by root, and NO ONE else. If anyone other than # root can read this file, then they can spoof responses from the server! # # There are 3 fields per line in this file. There may be multiple # lines. Blank lines or lines beginning with '#' are treated as # comments, and are ignored. The fields are: # # server[:port] secret [timeout] # # the port name or number is optional. The default port name is # radius, and is looked up from /etc/services The timeout field is # optional. The default timeout is 3 seconds. # # If multiple RADIUS server lines exist, they are tried in order. The # first server to return success or failure causes the module to return # success or failure. Only if a server fails to response is it skipped, # and the next server in turn is used. # # The timeout field controls how many seconds the module waits before # deciding that the server has failed to respond. # # server[:port] shared_secret timeout (s) loginhost.eudra.org philippe123456 1 # # having localhost in your radius configuration is a Good Thing. # # See the INSTALL file for pam.conf hints. clients.conf : client us067.eudra.org { secret = philippe123456 shortname = us067.eudra.org } [EMAIL PROTECTED] raddb]# radiusd -X Starting - reading configuration files ... reread_config: reading radiusd.conf Config: including file: /usr/local/etc/raddb/proxy.conf Config: including file: /usr/local/etc/raddb/clients.conf Config: including file: /usr/local/etc/raddb/snmp.conf Config: including file: /usr/local/etc/raddb/eap.conf Config: including file: /usr/local/etc/raddb/sql.conf main: prefix = /usr/local main: localstatedir = /usr/local/var main: logdir = /usr/local/var/log/radius main: libdir = /usr/local/lib main: radacctdir = /usr/local/var/log/radius/radacct main: hostname_lookups = no main: max_request_time = 30 main: cleanup_delay = 5 main: max_requests = 1024 main: delete_blocked_requests = 0 main: port = 0 main: allow_core_dumps = no main: log_stripped_names = no main: log_file = /usr/local/var/log/radius/radius.log main: log_auth = yes main: log_auth_badpass = yes main: log_auth_goodpass = yes main: pidfile = /usr/local/var/run/radiusd/radiusd.pid main: user = (null) main: group = (null) main: usercollide = no main: lower_user = no main: lower_pass = no main: nospace_user = no main: nospace_pass = no main: checkrad = /usr/local/sbin/checkrad main: proxy_requests = yes proxy: retry_delay = 5 proxy: retry_count = 3 proxy: synchronous = no proxy: default_fallback = yes proxy: dead_time = 120 proxy: post_proxy_authorize = yes proxy: wake_all_if_all_dead = no security: max_attributes = 200 security: reject_delay = 1 security: status_server = no main: debug_level = 0 read_config_files: reading dictionary read_config_files: reading naslist Using deprecated naslist file. Support for this will go away soon. read_config_files: reading clients read_config_files: reading realms radiusd: entering modules setup Module: Library search path is /usr/local/lib Module: Loaded exec exec: wait = yes exec: program = (null) exec: input_pairs = request exec: output_pairs = (null) exec: packet_type = (null) rlm_exec: Wait=yes but no output defined. Did you mean output=none? Module: Instantiated exec (exec) Module: Loaded expr Module: Instantiated expr (expr) Module: Loaded PAP pap: encryption_scheme = crypt Module: Instantiated pap
RE: Freeradius authentication question
hmm ok a lot thank you.. regards :) - Original Message - From: Le Gal Philippe [EMAIL PROTECTED] To: FreeRadius users mailing list freeradius-users@lists.freeradius.org Subject: RE: Freeradius authentication question Date: Fri, 20 Jan 2006 12:08:59 - The Pam radius configuration file on the client machine should be located here: /etc/raddb/server (cf pam radius INSTALL) I can't see why the radius server can not decrypt the password when I know my shared secret is absolutely identical on the client and on the radius server. Anyone ? Philippe -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] dius.org]On Behalf Of Kai Geek Sent: 20 January 2006 12:00 To: FreeRadius users mailing list Subject: Re: Freeradius authentication question Hello, [EMAIL PROTECTED] root]# vi /etc/raddb/server ?? the config file will this be ? correct directory; #vi /etc/raddb/clients.conf oke. - Original Message - From: Le Gal Philippe [EMAIL PROTECTED] To: FreeRadius users mailing list freeradius-users@lists.freeradius.org Subject: Freeradius authentication question Date: Fri, 20 Jan 2006 11:34:51 - Hi everybody, I'm trying to authenticate users login in a machine using ssh. I have configured ssh PAM on that server to autenticate against the radius server (Redhat Application Server 2.1). Please find below the debug of the radius server as well as my conf files. The Free radius server says : Login incorrect: [test/\010\n\INCORRECT] (from client us067.eudra.org port 1500 cli 192.168.xx.xx) WARNING: Unprintable characters in the password. ? Double-check the shared secret on the server and the NAS! So did I . I checked the secrets on the server and they are *IDENTICAL*... I used the NTRadPing utility with exactly the same parameters and it works absolutely fine ! Thank you for your help ! my /etc/raddb/server file : (on the client machine) : [EMAIL PROTECTED] root]# vi /etc/raddb/server # pam_radius_auth configuration file. Copy to: /etc/raddb/server # # For proper security, this file SHOULD have permissions 0600, # that is readable by root, and NO ONE else. If anyone other than # root can read this file, then they can spoof responses from the server! # # There are 3 fields per line in this file. There may be multiple # lines. Blank lines or lines beginning with '#' are treated as # comments, and are ignored. The fields are: # # server[:port] secret [timeout] # # the port name or number is optional. The default port name is # radius, and is looked up from /etc/services The timeout field is # optional. The default timeout is 3 seconds. # # If multiple RADIUS server lines exist, they are tried in order. The # first server to return success or failure causes the module to return # success or failure. Only if a server fails to response is it skipped, # and the next server in turn is used. # # The timeout field controls how many seconds the module waits before # deciding that the server has failed to respond. # # server[:port] shared_secret timeout (s) loginhost.eudra.org philippe123456 1 # # having localhost in your radius configuration is a Good Thing. # # See the INSTALL file for pam.conf hints. clients.conf : client us067.eudra.org { secret = philippe123456 shortname = us067.eudra.org } [EMAIL PROTECTED] raddb]# radiusd -X Starting - reading configuration files ... reread_config: reading radiusd.conf Config: including file: /usr/local/etc/raddb/proxy.conf Config: including file: /usr/local/etc/raddb/clients.conf Config: including file: /usr/local/etc/raddb/snmp.conf Config: including file: /usr/local/etc/raddb/eap.conf Config: including file: /usr/local/etc/raddb/sql.conf main: prefix = /usr/local main: localstatedir = /usr/local/var main: logdir = /usr/local/var/log/radius main: libdir = /usr/local/lib main: radacctdir = /usr/local/var/log/radius/radacct main: hostname_lookups = no main: max_request_time = 30 main: cleanup_delay = 5 main: max_requests = 1024 main: delete_blocked_requests = 0 main: port = 0 main: allow_core_dumps = no main: log_stripped_names = no main: log_file = /usr/local/var/log/radius/radius.log main: log_auth = yes main: log_auth_badpass = yes main: log_auth_goodpass = yes main: pidfile = /usr/local/var/run/radiusd/radiusd.pid main: user = (null) main: group = (null) main: usercollide = no main: lower_user = no main: lower_pass = no main: nospace_user = no main: nospace_pass = no main: checkrad = /usr/local/sbin/checkrad main: proxy_requests = yes proxy: retry_delay = 5 proxy: retry_count = 3 proxy: synchronous = no proxy: default_fallback
Re: Ippool and NAS
Hello, where you radius server and users config file ? - Original Message - From: Johansson, Daniel [EMAIL PROTECTED] To: freeradius-users@lists.freeradius.org Subject: Ippool and NAS Date: Thu, 19 Jan 2006 15:18:59 +0100 Hi Freeradius users. I have compiled and installed the 1.1.0 version of Freeradius and made the basic configurations and everything works fine. Now I have 5 NAS boxes that is accessing the radius server the problem is that I want each NAS to use a set if ipadresses. So for NAS(1) the radius should return ippool(1) and so on. I have looked at the FAQ and have been searching in the mail archive for several hours and have only seen people asking about allocating ipadresses for specific user(s) or group(s) but not for a NAS. Could anyone please help me to get me started on this. Best Regards /Daniel Johansson Below is my NAS boxes in clients.conf # Client for RTP-RFTN, GGSN 1 client 192.168.9.1 { secret = xxx shortname = RTP-RFTN } # Client for S99, GGSN 249 client 192.168.15.249 { secret = xxx shortname = S99 GGSN 249 } # Client for S98, GGSN 254 client 192.168.13.254 { secret = xxx shortname = S98 GGSN 254 } # Client for GLANA, GGSN 250 client 192.168.11.250 { secret = xxx shortname = GLANA GGSN 250 } # Client for Telia GLANA, GGSN 249 client 192.168.11.249 { secret = xxx shortname = GLANA GGSN 249 } - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html +-+-+-+ BEGIN PGP SIGNATURE +-+-+-+ Version: GnuPG v1.4.2 (GNU/Linux) .-. .-._ : : : : :_; .-' : .--. : `-. .-. .--. ,-.,-. ' .; :' '_.'' .; :: :' .; ; : ,. : `.__.'`.__.'`.__.':_;`.__,_;:_;:_; Kai Ozgur Geek Network Engineer PGP ID: B1B63B6E +-+-+-+ END PGP SIGNATURE +-+-+-+ -- ___ Check out the latest SMS services @ http://www.linuxmail.org This allows you to send and receive SMS through your mailbox. Powered by Outblaze - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Installation problem Radiusd does not exist
Hello, #tar zxvf freeradius-1.0.5.tar.gz #cd freeradius-1.0.5 #./configure --localstatedir=/var --sysconfdir=/etc #make #make install for command debian; ozgur:~# apt-cache search freeradius freeradius - a high-performance and highly configurable server #apt-get install freeradius and #cd /etc/raddb #pico users #pico clients.conf for edit users and clients file, #radiusd -X - Original Message - From: Nicolas Baradakis [EMAIL PROTECTED] To: FreeRadius users mailing list freeradius-users@lists.freeradius.org Subject: Re: Installation problem Radiusd does not exist Date: Thu, 5 Jan 2006 12:47:08 +0100 Nicola Iotti wrote: I'm installing freeradius 1.0.5 on a Debian Linux system I've downloaded tarball, extracted it with #tar zxvf freeradius-1.0.5.tar.gz I did : ./configure make make install You should just get the Debian binary package with apt-get. If you really want to recompile FreeRADIUS from source, see the advices on the wiki: http://wiki.freeradius.org/index.php/FreeRADIUS_Wiki:FAQ#How_do_I_build_a_Debian_package_from_sources.3F And please turn off HTML in your email client when posting to this mailing list: http://freeradius.org/list/users.html -- Nicolas Baradakis - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html +-+-+-+ BEGIN PGP SIGNATURE +-+-+-+ Version: GnuPG v1.4.2 (GNU/Linux) .-. .-._ : : : : :_; .-' : .--. : `-. .-. .--. ,-.,-. ' .; :' '_.'' .; :: :' .; ; : ,. : `.__.'`.__.'`.__.':_;`.__,_;:_;:_; Kai Ozgur Geek Network Engineer PGP ID: B1B63B6E +-+-+-+ END PGP SIGNATURE +-+-+-+ -- ___ Check out the latest SMS services @ http://www.linuxmail.org This allows you to send and receive SMS through your mailbox. Powered by Outblaze - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Freeradius probleming help me
Hello, [EMAIL PROTECTED]:/etc/raddb# radiusd -p 1645 Ignoring deprecated command-line option -pTue Jan 3 10:06:51 2006 : Info: Starting - reading configuration files ... why problem on radiusd ? [EMAIL PROTECTED]:/etc/raddb# radiusd -X Starting - reading configuration files ... reread_config: reading radiusd.conf Config: including file: /etc/raddb/clients.conf Config: including file: /etc/raddb/eap.conf Config: including file: /etc/raddb/sql.conf main: prefix = /usr/local main: localstatedir = /var main: logdir = /var/log/radius main: libdir = /usr/local/lib main: radacctdir = /var/log/radius/radacct main: hostname_lookups = no main: max_request_time = 30 main: cleanup_delay = 5 main: max_requests = 1024 main: delete_blocked_requests = 0 main: port = 1645 main: allow_core_dumps = no main: log_stripped_names = no main: log_file = /var/log/radius/radius.log main: log_auth = yes main: log_auth_badpass = no main: log_auth_goodpass = no main: pidfile = /var/run/radiusd/radiusd.pid main: bind_address = 10.0.0.6 IP address [10.0.0.6] main: user = root main: group = (null) main: usercollide = no main: lower_user = no main: lower_pass = no main: nospace_user = no main: nospace_pass = no main: checkrad = /usr/local/sbin/checkrad main: proxy_requests = yes security: max_attributes = 200 security: reject_delay = 1 security: status_server = no main: debug_level = 0 read_config_files: reading dictionary read_config_files: reading naslist Using deprecated naslist file. Support for this will go away soon. read_config_files: reading clients read_config_files: reading realms radiusd: entering modules setup Module: Library search path is /usr/local/lib Module: Loaded exec exec: wait = yes exec: program = (null) exec: input_pairs = request exec: output_pairs = (null) exec: packet_type = (null) rlm_exec: Wait=yes but no output defined. Did you mean output=none? Module: Instantiated exec (exec) Module: Loaded expr Module: Instantiated expr (expr) Module: Loaded PAP pap: encryption_scheme = crypt Module: Instantiated pap (pap) Module: Loaded CHAP Module: Instantiated chap (chap) Module: Loaded MS-CHAP mschap: use_mppe = yes mschap: require_encryption = no mschap: require_strong = no mschap: with_ntdomain_hack = no mschap: passwd = (null) mschap: authtype = MS-CHAP mschap: ntlm_auth = (null) Module: Instantiated mschap (mschap) Module: Loaded DIGEST Module: Instantiated digest (digest) Module: Loaded System unix: cache = no unix: passwd = (null) unix: shadow = (null) unix: group = (null) unix: radwtmp = /var/log/radius/radwtmp unix: usegroup = no unix: cache_reload = 600 Module: Instantiated unix (unix) Module: Loaded eap eap: default_eap_type = md5 eap: timer_expire = 60 eap: ignore_unknown_eap_types = no eap: cisco_accounting_username_bug = no rlm_eap: Loaded and initialized type md5 rlm_eap: Loaded and initialized type leap gtc: challenge = Password: gtc: auth_type = PAP rlm_eap: Loaded and initialized type gtc mschapv2: with_ntdomain_hack = no rlm_eap: Loaded and initialized type mschapv2 Module: Instantiated eap (eap) Module: Loaded detail detail: detailfile = /var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d detail: detailperm = 384 detail: dirperm = 493 detail: locking = no Module: Instantiated detail (auth_log) Module: Loaded attr_filter attr_filter: attrsfile = /etc/raddb/attrs rlm_attr_filter: Authorize method will be deprecated. Module: Instantiated attr_filter (attr_filter) Module: Loaded realm realm: format = suffix realm: delimiter = @ realm: ignore_default = no realm: ignore_null = no Module: Instantiated realm (suffix) Module: Loaded files files: usersfile = /etc/raddb/users files: acctusersfile = /etc/raddb/acct_users files: preproxy_usersfile = /etc/raddb/preproxy_users files: compat = no Module: Instantiated files (files) Module: Loaded Acct-Unique-Session-Id acct_unique: key = User-Name, Acct-Session-Id, NAS-IP-Address, Client-IP-Address, NAS-Port Module: Instantiated acct_unique (acct_unique) detail: detailfile = /var/log/radius/radacct/%{Client-IP-Address}/detail-%Y%m%d detail: detailperm = 384 detail: dirperm = 493 detail: locking = no Module: Instantiated detail (detail) Module: Loaded radutmp radutmp: filename = /var/log/radius/radutmp radutmp: username = %{User-Name} radutmp: case_sensitive = yes radutmp: check_with_nas = yes radutmp: perm = 384 radutmp: callerid = yes Module: Instantiated radutmp (radutmp) Listening on authentication 10.0.0.6:1645 Listening on accounting 10.0.0.6:1646 Listening on proxy 10.0.0.6:1647 Ready to process requests. #vi users steveAuth-Type := System Service-Type = Shell-User, Login-Service = Telnet, Login-IP-Host = 0.0.0.0, Login-TCP-Port = Telnet #vi clients.conf client 10.0.0.250 { secret = 250 shortname = switch nastype= dlink }
Module Problem
[EMAIL PROTECTED]:/etc/raddb# radiusd -X Module: Library search path is /usr/local/lib ERROR: Cannot find a configuration entry for module exec. why problem? +-+-+-+ BEGIN PGP SIGNATURE +-+-+-+ Version: GnuPG v1.4.2 (GNU/Linux) .-. .-._ : : : : :_; .-' : .--. : `-. .-. .--. ,-.,-. ' .; :' '_.'' .; :: :' .; ; : ,. : `.__.'`.__.'`.__.':_;`.__,_;:_;:_; Kai Ozgur Geek Network Engineer PGP ID: B1B63B6E +-+-+-+ END PGP SIGNATURE +-+-+-+ -- ___ Check out the latest SMS services @ http://www.linuxmail.org This allows you to send and receive SMS through your mailbox. Powered by Outblaze - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
FreeRadius and Dlink Switch Authentication Problem
Hello, i am using freeradius in my computer with the ip 10.0.0.6 i have a dlink 3226s model switch in my network and its ip is 10.0.0.250 i want this switch to verify username and password from radius server (10.0.0.6) i have added 10.0.0.250 as a client to the radius servers clients.conf and users files and i introduced a user. but still it doesnt connect. where may be the error? when i test locally, it seems as working but teh switch doesnt connect to radius? thank you, using command radius server (10.0.0.6) [EMAIL PROTECTED] clients.conf client 10.0.0.250 { secret = 250 shortname = 1 } [EMAIL PROTECTED] users steve Auth-Type := Local, User-Password == testing Service-Type = Framed-User, Framed-Protocol = PPP, Framed-IP-Address = 127.0.0.1, Framed-IP-Netmask = 255.255.255.0, Framed-Routing = Broadcast-Listen, Framed-Filter-Id = std.ppp, Framed-MTU = 1500, Framed-Compression = Van-Jacobsen-TCP-IP #radtest steve testing 10.0.0.6 1812 testing okay what problem ? when i test locally, it seems as working but teh switch doesnt connect to radius? +-+-+-+ BEGIN PGP SIGNATURE +-+-+-+ Version: GnuPG v1.4.2 (GNU/Linux) .-. .-._ : : : : :_; .-' : .--. : `-. .-. .--. ,-.,-. ' .; :' '_.'' .; :: :' .; ; : ,. : `.__.'`.__.'`.__.':_;`.__,_;:_;:_; Kai Ozgur Geek Network Engineer PGP ID: B1B63B6E +-+-+-+ END PGP SIGNATURE +-+-+-+ -- ___ Check out the latest SMS services @ http://www.linuxmail.org This allows you to send and receive SMS through your mailbox. Powered by Outblaze - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: FreeRadius and Dlink Switch Authentication Problem
Merhabalar Inci hanim, oncelikle yardimlariniz icin cok tesekkur ederim. Ancak tacacs kullanamiyoruz cunku switchlerin cogu Dlink ve 3226 modeli yani tacacs yok. radius server destekliyorlar. bu nedenle radius kullanmam gerek. #radiusd -X diyerek debug moda aliyorum ve benim ip adresim 10.0.0.185 radius server ise 10.0.0.6'da calisiyor. switch ise (dlink marka) 10.0.0.250 ip adresine sahip. ben #telnet 10.0.0.250 komutunu verdigim zaman switchin kendi icindeki kullanici ile (admin) girebiliyorum. ama hicbir log dusmuyor. ne onerirsiniz? - Original Message - From: Inci Gedik [EMAIL PROTECTED] To: 'FreeRadius users mailing list' freeradius-users@lists.freeradius.org Subject: RE: FreeRadius and Dlink Switch Authentication Problem Date: Thu, 29 Dec 2005 15:20:43 +0200 Selam, Radius un debug ettin mi ? Sen switch e baglanmaya calisirken ekrana neler geliyor bir bakar misin ? Birde calisan bir sistemden ornek veriim : client.conf dosyani asagidaki gibi editler misin ? client 10.0.0.250 { secret = 250 shortname = switch nastype = cisco } Users dosyasindaki kulanici tanimlamasini asagidaki gibi yapip, linux sisteminde steve diye bir kullanici acip bir de sifre verirsen baglantiyi saglayabilirsin. steve Auth-Type := System Service-Type = Shell-User, Login-Service = Telnet, Login-IP-Host = 0.0.0.0, Login-TCP-Port = Telnet Linux altinda port numaralarinda acik degil mi ? Bu sekilde bir kontrol edersen bir de conf dosyani inceleyebiliriz. O zaman conf dosyanda bir hata var demektir. Bi de israrla tacacs+ diyorum : ) Kolay gelsin , Inci Gedik -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Kai Geek Sent: 29 Aralık 2005 Perşembe 14:24 To: freeradius-users@lists.freeradius.org Subject: FreeRadius and Dlink Switch Authentication Problem Hello, i am using freeradius in my computer with the ip 10.0.0.6 i have a dlink 3226s model switch in my network and its ip is 10.0.0.250 i want this switch to verify username and password from radius server (10.0.0.6) i have added 10.0.0.250 as a client to the radius servers clients.conf and users files and i introduced a user. but still it doesnt connect. where may be the error? when i test locally, it seems as working but teh switch doesnt connect to radius? thank you, using command radius server (10.0.0.6) [EMAIL PROTECTED] clients.conf client 10.0.0.250 { secret = 250 shortname = 1 } [EMAIL PROTECTED] users steve Auth-Type := Local, User-Password == testing Service-Type = Framed-User, Framed-Protocol = PPP, Framed-IP-Address = 127.0.0.1, Framed-IP-Netmask = 255.255.255.0, Framed-Routing = Broadcast-Listen, Framed-Filter-Id = std.ppp, Framed-MTU = 1500, Framed-Compression = Van-Jacobsen-TCP-IP #radtest steve testing 10.0.0.6 1812 testing okay what problem ? when i test locally, it seems as working but teh switch doesnt connect to radius? +-+-+-+ BEGIN PGP SIGNATURE +-+-+-+ Version: GnuPG v1.4.2 (GNU/Linux) .-. .-._ : : : : :_; .-' : .--. : `-. .-. .--. ,-.,-. ' .; :' '_.'' .; :: :' .; ; : ,. : `.__.'`.__.'`.__.':_;`.__,_;:_;:_; Kai Ozgur Geek Network Engineer PGP ID: B1B63B6E +-+-+-+ END PGP SIGNATURE +-+-+-+ -- ___ Check out the latest SMS services @ http://www.linuxmail.org This allows you to send and receive SMS through your mailbox. Powered by Outblaze - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html +-+-+-+ BEGIN PGP SIGNATURE +-+-+-+ Version: GnuPG v1.4.2 (GNU/Linux) .-. .-._ : : : : :_; .-' : .--. : `-. .-. .--. ,-.,-. ' .; :' '_.'' .; :: :' .; ; : ,. : `.__.'`.__.'`.__.':_;`.__,_;:_;:_; Kai Ozgur Geek Network Engineer PGP ID: B1B63B6E +-+-+-+ END PGP SIGNATURE +-+-+-+ -- ___ Check out the latest SMS services @ http://www.linuxmail.org This allows you to send and receive SMS through your mailbox. Powered by Outblaze - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Hello Radius Server Problem
Hello, what your radius server starting problem? dont log /varlog/radius/radius.conf :( Switch IP: 10.0.0.250 - Dlink (26 Port) Radius Server: 10.0.0.6 #ssh 10.0.0.6 #pico clients.conf client 10.0.0.250 { secret = testing shortname = des-deneme } #pico users tbaygul Auth-Type := Local, User-Password == testing Service-Type = Framed-User, Framed-Protocol = PPP, # Framed-IP-Address = , # Framed-IP-Netmask = 255.255.255.0, Framed-Routing = Broadcast-Listen, Framed-Filter-Id = std.ppp, Framed-MTU = 1500, Framed-Compression = Van-Jacobsen-TCP-IP [EMAIL PROTECTED]:/etc# radiusd -X Starting - reading configuration files ... reread_config: reading radiusd.conf Config: including file: /etc/raddb/proxy.conf Config: including file: /etc/raddb/clients.conf Config: including file: /etc/raddb/snmp.conf Config: including file: /etc/raddb/eap.conf Config: including file: /etc/raddb/sql.conf main: prefix = /usr/local main: localstatedir = /var main: logdir = /var/log/radius main: libdir = /usr/local/lib main: radacctdir = /var/log/radius/radacct main: hostname_lookups = no main: max_request_time = 30 main: cleanup_delay = 5 main: max_requests = 1024 main: delete_blocked_requests = 0 main: port = 1812 main: allow_core_dumps = no main: log_stripped_names = no main: log_file = /var/log/radius/radius.log main: log_auth = yes main: log_auth_badpass = no main: log_auth_goodpass = no main: pidfile = /var/run/radiusd/radiusd.pid main: bind_address = 127.0.0.1 IP address [127.0.0.1] main: user = (null) main: group = (null) main: usercollide = no main: lower_user = no main: lower_pass = no main: nospace_user = no main: nospace_pass = no main: checkrad = /usr/local/sbin/checkrad main: proxy_requests = yes proxy: retry_delay = 5 proxy: retry_count = 3 proxy: synchronous = no proxy: default_fallback = yes proxy: dead_time = 120 proxy: post_proxy_authorize = yes proxy: wake_all_if_all_dead = no security: max_attributes = 200 security: reject_delay = 1 security: status_server = no main: debug_level = 0 read_config_files: reading dictionary read_config_files: reading naslist Using deprecated naslist file. Support for this will go away soon. read_config_files: reading clients read_config_files: reading realms listen: ipaddr = 10.0.0.6 IP address [10.0.0.6] listen: port = 1812 listen: type = auth radiusd: entering modules setup Module: Library search path is /usr/local/lib Module: Loaded exec exec: wait = yes exec: program = (null) exec: input_pairs = request exec: output_pairs = (null) exec: packet_type = (null) rlm_exec: Wait=yes but no output defined. Did you mean output=none? Module: Instantiated exec (exec) Module: Loaded expr Module: Instantiated expr (expr) Module: Loaded PAP pap: encryption_scheme = crypt Module: Instantiated pap (pap) Module: Loaded CHAP Module: Instantiated chap (chap) Module: Loaded MS-CHAP mschap: use_mppe = yes mschap: require_encryption = no mschap: require_strong = no mschap: with_ntdomain_hack = no mschap: passwd = (null) mschap: authtype = MS-CHAP mschap: ntlm_auth = (null) Module: Instantiated mschap (mschap) Module: Loaded System unix: cache = no unix: passwd = (null) unix: shadow = (null) unix: group = (null) unix: radwtmp = /var/log/radius/radwtmp unix: usegroup = no unix: cache_reload = 600 Module: Instantiated unix (unix) Module: Loaded eap eap: default_eap_type = md5 eap: timer_expire = 60 eap: ignore_unknown_eap_types = no eap: cisco_accounting_username_bug = no rlm_eap: Loaded and initialized type md5 rlm_eap: Loaded and initialized type leap gtc: challenge = Password: gtc: auth_type = PAP rlm_eap: Loaded and initialized type gtc mschapv2: with_ntdomain_hack = no rlm_eap: Loaded and initialized type mschapv2 Module: Instantiated eap (eap) Module: Loaded preprocess preprocess: huntgroups = /etc/raddb/huntgroups preprocess: hints = /etc/raddb/hints preprocess: with_ascend_hack = no preprocess: ascend_channels_per_line = 23 preprocess: with_ntdomain_hack = no preprocess: with_specialix_jetstream_hack = no preprocess: with_cisco_vsa_hack = no Module: Instantiated preprocess (preprocess) Module: Loaded realm realm: format = suffix realm: delimiter = @ realm: ignore_default = no realm: ignore_null = no Module: Instantiated realm (suffix) Module: Loaded files files: usersfile = /etc/raddb/users files: acctusersfile = /etc/raddb/acct_users files: preproxy_usersfile = /etc/raddb/preproxy_users files: compat = no Module: Instantiated files (files) Module: Loaded Acct-Unique-Session-Id acct_unique: key = User-Name, Acct-Session-Id, NAS-IP-Address, Client-IP-Address, NAS-Port Module: Instantiated acct_unique (acct_unique) Module: Loaded detail detail: detailfile = /var/log/radius/radacct/%{Client-IP-Address}/detail-%Y%m%d detail: detailperm = 384 detail: dirperm = 493 detail: locking = no Module:
radius error file
#tail -f /var/log/radius/radius.log Wed Dec 28 13:31:21 2005 : Info: Using deprecated naslist file. Support for this will go away soon. Wed Dec 28 13:31:21 2005 : Info: rlm_exec: Wait=yes but no output defined. Did you mean output=none? Wed Dec 28 13:31:21 2005 : Info: Ready to process requests. why problem in radius server ? -- ___ Check out the latest SMS services @ http://www.linuxmail.org This allows you to send and receive SMS through your mailbox. Powered by Outblaze - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
radiusd -X and Raddb Configure
Hello, i am installing freeradius server and operating system slackware 10.2 #cd /etc/raddb #list acct_users clients.conf hints naslist preproxy_users snmp.conf x99passwd.sample attrs dictionary huntgroupsnaspasswdproxy.conf sql.conf certs/ eap.conf ldap.attrmap oraclesql.conf radiusd.conf users clients experimental.conf mssql.confpostgresql.conf realms x99.conf #radiusd -X Module: Instantiated unix (unix) radiusd.conf[1682] Unknown Auth-Type System in authenticate section. what problem? -- -- | Radius Server || Dlink Switch | | IP : 10.0.0.200|--- | IP: 10.0.0.250 | -- -- | ssh accepting radius| ^ |__| | __| | (ssh wish request) | | -- | My Computer| | IP: 10.0.0.201 | -- How do I topology ensure this? what Raddb server must I do ? Thank you +-+-+- BEGIN PGP SIGNATURE -+-+-+ Version: GnuPG v1.4.2 (GNU/Linux) ___ / __)Kai Ozgur Geek \__ \PGP ID: B1B63B6E (___/lackwareNetwork Engineer +-+-+-+ END PGP SIGNATURE +-+-+-+ -- ___ Check out the latest SMS services @ http://www.linuxmail.org This allows you to send and receive SMS through your mailbox. Powered by Outblaze - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Freeradius Configure Help me
Hello, i am install Slackware 10.2 on freeradius server. [EMAIL PROTECTED]:/etc/raddb# radiusd Thu Dec 22 12:07:48 2005 : Info: Starting - reading configuration files ... [EMAIL PROTECTED]:/etc/raddb# what is this mistake ? From where can i find Radius Install (Configuration) Guide ? Thank you... +-+-+- BEGIN PGP SIGNATURE -+-+-+ Version: GnuPG v1.4.2 (GNU/Linux) ___ / __)Kai Ozgur Geek \__ \PGP ID: B1B63B6E (___/lackwareNetwork Engineer +-+-+-+ END PGP SIGNATURE +-+-+-+ -- ___ Check out the latest SMS services @ http://www.linuxmail.org This allows you to send and receive SMS through your mailbox. Powered by Outblaze - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Freeradius Configure Help me
Hello, Errors reading dictionary: dict_init: /usr/share/freeradius/dictionary[14]: Couldn't open dictionary /usr/share/freeradius/d ictionary: Too many open files Errors reading radiusd.conf - Original Message - From: Philippe Sultan [EMAIL PROTECTED] To: FreeRadius users mailing list freeradius-users@lists.freeradius.org Subject: Re: Freeradius Configure Help me Date: Thu, 22 Dec 2005 11:58:45 +0100 On 12/22/05, Kai Geek [EMAIL PROTECTED] wrote: Hello, i am install Slackware 10.2 on freeradius server. In this order? [EMAIL PROTECTED]:/etc/raddb# radiusd Thu Dec 22 12:07:48 2005 : Info: Starting - reading configuration files ... [EMAIL PROTECTED]:/etc/raddb# You successfully launched the radiusd daemon. Try radiusd -X to keep output to your terminal. Bye, Philippe - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html +-+-+- BEGIN PGP SIGNATURE -+-+-+ Version: GnuPG v1.4.2 (GNU/Linux) ___ / __)Kai Ozgur Geek \__ \PGP ID: B1B63B6E (___/lackwareNetwork Engineer +-+-+-+ END PGP SIGNATURE +-+-+-+ -- ___ Check out the latest SMS services @ http://www.linuxmail.org This allows you to send and receive SMS through your mailbox. Powered by Outblaze - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html