EAP_TLS
hello freeradius.
I used my radius by using authentication type EAP-MD5, which is based on the
use of login and password.
Then I tried to use EAP-TLS. So I created the certificates and I modified the
file eap.con as follows:eap{ default_eap_type = tls}tls {
private_key_password = 20092010
private_key_file = ${raddbdir}/certs/serv...@yahoo.fr-cert.pem
certificate_file = ${raddbdir}/certs/serv...@yahoo.fr-cert.pem
CA_file =
${raddbdir}/certs/root_CA-cacert.pem dh_file
= ${raddbdir}/certs/dh random_file =
${raddbdir}/certs/random fragment_size = 1024
include_length = yes
CA_path = ${raddbdir}/certs/ check_crl = no
}
When i run freeradius-X, the shell out the following
message:r...@pfe-laptop:/home/pfe# freeradius -XStarting - reading
configuration files ...reread_config: reading radiusd.confConfig: including
file: /etc/freeradius/proxy.confConfig: including file:
/etc/freeradius/clients.confConfig: including file:
/etc/freeradius/snmp.confConfig: including file:
/etc/freeradius/eap.conf/etc/freeradius/eap.conf[344]: Unexpected end of
fileErrors reading radiusd.conf
But,I don't modify the file radiusd.conf.Please, is there something wrong in my
file eap.con?thank you
_
Hotmail: Free, trusted and rich email service.
https://signup.live.com/signup.aspx?id=60969-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: freeradius 2.x EAP-MSCHAPv2 + MySQL
hi,in sql.conf did you modify that line :readclients = no to readclients = yes ? > Date: Wed, 19 May 2010 13:52:59 +0200 > Subject: freeradius 2.x EAP-MSCHAPv2 + MySQL > From: mac...@drobniuch.pl > To: freeradius-users@lists.freeradius.org > > Hi ALL!! > I'm trying to get authenticated with mikrotik wireless AP. All works > but only when I add the user into the users file. > The thing is that i want to get the users from mysql. > In this moment the authentication requests are coming from PPPoE > concentrator, and the users are in MySQL database - it works fine. > The freeradius server while authenticating is not searching in the sql > database. Why that? > Please help and sorry for my lame eng. > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html _ Hotmail: Trusted email with powerful SPAM protection. https://signup.live.com/signup.aspx?id=60969- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE:
ok thank you David. i will test it by cheking this link:http://support.authenex.com/index.php?_m=knowledgebase&_a=viewarticle&kbarticleid=16&nav=0 Date: Wed, 19 May 2010 13:03:01 +0200 Subject: Re: From: davidse...@gmail.com To: freeradius-users@lists.freeradius.org Yes, it works, but you must use with wine. It works fine. Other solution is use JRadius but is more difficult to configure. Regards, David 2010/5/19 dorra aa yes i want to try my radius server whith an extern client. i'm wrking whith ubuntu. does NTRadping works in ubuntu? Date: Wed, 19 May 2010 12:56:54 +0200 Subject: Re: From: davidse...@gmail.com To: freeradius-users@lists.freeradius.org Do you want it only to try your radius server? You can use NTRadping (windows or wine :-D ) or JRadius to try your freeradius server. Regards, David 2010/5/19 dorra aa after the addition of customers in the database sql, I assay to test a client in other computer by using radtest.but i had those lignes: # radtestLe programme 'radtest' peut être trouvé dans les paquets suivants :(that's means The program 'radtest' can be found in the following packages) * radiusd-livingston * yardradius * xtradius * freeradius all that a want that the client try to acced to the server.and all the document said that i may use "radtest" but it's just working only in server thank you Hotmail: Trusted email with powerful SPAM protection. Sign up now. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html Hotmail: Trusted email with powerful SPAM protection. Sign up now. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html _ Hotmail: Free, trusted and rich email service. https://signup.live.com/signup.aspx?id=60969- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE:
yes i want to try my radius server whith an extern client. i'm wrking whith ubuntu. does NTRadping works in ubuntu? Date: Wed, 19 May 2010 12:56:54 +0200 Subject: Re: From: davidse...@gmail.com To: freeradius-users@lists.freeradius.org Do you want it only to try your radius server? You can use NTRadping (windows or wine :-D ) or JRadius to try your freeradius server. Regards, David 2010/5/19 dorra aa after the addition of customers in the database sql, I assay to test a client in other computer by using radtest.but i had those lignes: # radtestLe programme 'radtest' peut être trouvé dans les paquets suivants :(that's means The program 'radtest' can be found in the following packages) * radiusd-livingston * yardradius * xtradius * freeradius all that a want that the client try to acced to the server.and all the document said that i may use "radtest" but it's just working only in server thank you Hotmail: Trusted email with powerful SPAM protection. Sign up now. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html _ Hotmail: Trusted email with powerful SPAM protection. https://signup.live.com/signup.aspx?id=60969- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
radtest
hi,after the addition of customers in the database sql, I assay to test a client in other computer by using radtest.but i had those lignes in the shell:# radtestLe programme 'radtest' peut être trouvé dans les paquets suivants :(that's means The program 'radtest' can be found in the following packages) * radiusd-livingston * yardradius * xtradius * freeradius all that a want that the client try to acced to the server.and all the document said that i may use "radtest" but it's just working only in serverthank you _ Your E-mail and More On-the-Go. Get Windows Live Hotmail Free. https://signup.live.com/signup.aspx?id=60969- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
[no subject]
after the addition of customers in the database sql, I assay to test a client in other computer by using radtest.but i had those lignes:# radtestLe programme 'radtest' peut être trouvé dans les paquets suivants :(that's means The program 'radtest' can be found in the following packages) * radiusd-livingston * yardradius * xtradius * freeradius all that a want that the client try to acced to the server.and all the document said that i may use "radtest" but it's just working only in serverthank you _ Hotmail: Trusted email with powerful SPAM protection. https://signup.live.com/signup.aspx?id=60969- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: authentification
thank you for the explication Date: Wed, 19 May 2010 08:41:05 +0200 Subject: Re: authentification From: davidse...@gmail.com To: freeradius-users@lists.freeradius.org Hi. With MAC Address Authentication you can use freeradius to authenticate all the network elements (like camcorders, routers, switches...); so that if these elements don't authenticate, not work in the network. Other aplication is to validate users in a captive portal without user interaction. Regards, David P.D: Sorry for my poor english 2010/5/18 dorra aa is there somebody want to tell what's the utility of it? From: dj_dido2...@hotmail.com To: freeradius-users@lists.freeradius.org Subject: authentification Date: Tue, 18 May 2010 19:40:28 + hi freeradius,i want to ask how to use MAC Address Authentication in my freeradius.besides, i add an address mac with the daloradius. how can i test the succes of that thnak you Hotmail: Powerful Free email with security by Microsoft. Get it now. Your E-mail and More On-the-Go. Get Windows Live Hotmail Free. Sign up now. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html _ Your E-mail and More On-the-Go. Get Windows Live Hotmail Free. https://signup.live.com/signup.aspx?id=60969- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: authentification
is there somebody want to tell what's the utility of it? From: dj_dido2...@hotmail.com To: freeradius-users@lists.freeradius.org Subject: authentification Date: Tue, 18 May 2010 19:40:28 + hi freeradius,i want to ask how to use MAC Address Authentication in my freeradius.besides, i add an address mac with the daloradius. how can i test the succes of thatthnak you Hotmail: Powerful Free email with security by Microsoft. Get it now. _ Your E-mail and More On-the-Go. Get Windows Live Hotmail Free. https://signup.live.com/signup.aspx?id=60969- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
authentification
hi freeradius,i want to ask how to use MAC Address Authentication in my freeradius.besides, i add an address mac with the daloradius. how can i test the succes of thatthnak you _ Hotmail: Powerful Free email with security by Microsoft. https://signup.live.com/signup.aspx?id=60969- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
MAC Address Authentication
hi finally, i installed freeradius and mysql .and i add users. Now i'm working whith daloradius. first, i add other user by daloradius and now i add MAC Address Authentication. I know i may do radtest user password ip-adress port secret to test a serin my radius . but i want to know how to test , in the shell, the MAC Address Authentication that i added or it is just to confirm to user added and don't need any command? _ Your E-mail and More On-the-Go. Get Windows Live Hotmail Free. https://signup.live.com/signup.aspx?id=60969- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
configuration freeradius with mysql
hi
i installed mysql.
and i modify in /etc/freeradius/sql.conf:
readclients=yes
also, i decommented in /etc/freeradius/radiusd.conf:
accounting
{
sql}
authorize
{...
sql}
i run again freeradius -X:
but it seems failed because of sql: this is the output
[...]
sql: postauth_query = "INSERT into radpostauth (user, pass, reply, date)
values ('%{User-Name}', '%{User-Password:-Chap-Password}',
'%{reply:Packet-Type}', NOW())"
sql: safe-characters =
"@abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789.-_: /"
rlm_sql (sql): Driver rlm_sql_mysql (module rlm_sql_mysql) loaded and linked
rlm_sql (sql): Attempting to connect to r...@localhost:/radius
rlm_sql (sql): starting 0
rlm_sql (sql): Attempting to connect rlm_sql_mysql #0
rlm_sql_mysql: Starting connect to MySQL server for #0
rlm_sql_mysql: Couldn't connect socket to MySQL server r! o...@localhost:radius
rlm_sql_mysql: Mysql error 'Access denied for user 'root'@'localhost' (using
password: YES)'
# but i check it and it's ok i have in sql.conf: sql{server = "localhost"
login = "root"
password = "rootpass"}
rlm_sql (sql): Failed to connect DB handle #0
rlm_sql (sql): starting 1
rlm_sql (sql): starting 2
rlm_sql (sql): starting 3
rlm_sql (sql): starting 4
rlm_sql (sql): Failed to connect to any SQL server.
#but i begin with installing mysql-server and i add a user in the database
rlm_sql (sql): - generate_sql_clients
rlm_sql (sql): Query: SELECT * FROM nas
rlm_sql (sql): Ignoring unconnected handle 4..
rlm_sql (sql): Ignoring unconnected handle 3..
rlm_sql (sql): Ignoring unconnected handle 2..
rlm_sql (sql): Ignoring unconnected handle 1..
rlm_sql (sql): Ignoring unconnected handle 0..
rlm_sql (sql): There are no DB handles to use! sk! ipped 5, tried to connect 0
rlm_sql (sql): generate_sql_clients() r eturned error
rlm_sql (sql): Closing sqlsocket 4
rlm_sql (sql): Closing sqlsocket 3
rlm_sql (sql): Closing sqlsocket 2
rlm_sql (sql): Closing sqlsocket 1
rlm_sql (sql): Closing sqlsocket 0
radiusd.conf[14]: sql: Module instantiation failed.
radiusd.conf[1860] Unknown module "sql".
radiusd.conf[1789] Failed to parse authorize section.
_
Hotmail: Trusted email with Microsoft’s powerful SPAM protection.
https://signup.live.com/signup.aspx?id=60969-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
freeradius with mysql failed
hi
i installed mysql.
and i modify in /etc/freeradius/sql.conf:
readclients=yes
also, i decommented in /etc/freeradius/radiusd.conf:
accounting
{
sql}
authorize
{...
sql}
i run again freeradius -X:
but it seems failed because of sql: this is the output
[...]
sql: postauth_query = "INSERT into radpostauth (user, pass, reply, date)
values ('%{User-Name}', '%{User-Password:-Chap-Password}',
'%{reply:Packet-Type}', NOW())"
sql: safe-characters =
"@abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789.-_: /"
rlm_sql (sql): Driver rlm_sql_mysql (module rlm_sql_mysql) loaded and linked
rlm_sql (sql): Attempting to connect to r...@localhost:/radius
rlm_sql (sql): starting 0
rlm_sql (sql): Attempting to connect rlm_sql_mysql #0
rlm_sql_mysql: Starting connect to MySQL server for #0
rlm_sql_mysql: Couldn't connect socket to MySQL server r...@localhost:radius
rlm_sql_mysql: Mysql error 'Access denied for user 'root'@'localhost' (using
password: YES)'
# but i check it and it's ok i have in sql.conf: sql{server = "localhost"
login = "root"
password = "rootpass"}
rlm_sql (sql): Failed to connect DB handle #0
rlm_sql (sql): starting 1
rlm_sql (sql): starting 2
rlm_sql (sql): starting 3
rlm_sql (sql): starting 4
rlm_sql (sql): Failed to connect to any SQL server.
#but i begin with installing mysql-server and i add a user in the database
rlm_sql (sql): - generate_sql_clients
rlm_sql (sql): Query: SELECT * FROM nas
rlm_sql (sql): Ignoring unconnected handle 4..
rlm_sql (sql): Ignoring unconnected handle 3..
rlm_sql (sql): Ignoring unconnected handle 2..
rlm_sql (sql): Ignoring unconnected handle 1..
rlm_sql (sql): Ignoring unconnected handle 0..
rlm_sql (sql): There are no DB handles to use! skipped 5, tried to connect 0
rlm_sql (sql): generate_sql_clients() returned error
rlm_sql (sql): Closing sqlsocket 4
rlm_sql (sql): Closing sqlsocket 3
rlm_sql (sql): Closing sqlsocket 2
rlm_sql (sql): Closing sqlsocket 1
rlm_sql (sql): Closing sqlsocket 0
radiusd.conf[14]: sql: Module instantiation failed.
radiusd.conf[1860] Unknown module "sql".
radiusd.conf[1789] Failed to parse authorize section.
_
Your E-mail and More On-the-Go. Get Windows Live Hotmail Free.
https://signup.live.com/signup.aspx?id=60969-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: Access request-access reject
no plz sorry i'm not so well in english. thank you Alan :))) it's working now see it: r...@pfe-laptop:/home/pfe# radtest abc 123 localhost 1812 testing123 Sending Access-Request of id 185 to 127.0.0.1 port 1812 User-Name = "abc" User-Password = "123" NAS-IP-Address = 255.255.255.255 NAS-Port = 1812 rad_recv: Access-Accept packet from host 127.0.0.1:1812, id=185, length=20 thakkksss > Date: Thu, 13 May 2010 13:07:45 +0100 > From: a.l.m.bu...@lboro.ac.uk > To: freeradius-users@lists.freeradius.org > Subject: Re: Access request-access reject > > Hi, > > > > comment this line out and restart the daemon > > > remove calls to 'unix' from your configuration > > > if you dont want to even think about /etc/passwd > > i commented it like that: > > #DEFAULT Auth-Type = System > > Fall-Through = 1 > > comment out both lines.the DEFAULT line and the fall-through > > and you didnt read my original email...which is a pity, where i said > to comment out calls to 'unix' in your config if you dont use it or > need it. as you are not reading what i am telling you then i'm afraid > i wont bother replying to you again over this issue :-( > > alan > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html _ Hotmail: Trusted email with powerful SPAM protection. https://signup.live.com/signup.aspx?id=60969- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: i found two freeradius
> > > yestaerday i create that file: > > cd ~ > > apt-get source freeradius > > and i woked in the users of: cd freeradius-1.1.7/ > > that would just be the original source code of the program. > > > but now i find another freeradius in: /etc/freeradius. > > that would be the directory created and filled with correct > files from the install of freeradius > > > if you run radiusd -X you will clearly see which directory is in > use by the program. delete the one not in use ok i see that: # freeradius -X Starting - reading configuration files ... reread_config: reading radiusd.conf Config: including file: /etc/freeradius/proxy.conf Config: including file: /etc/freeradius/clients.conf Config: including file: /etc/freeradius/snmp.conf Config: including file: /etc/freeradius/eap.conf Config: including file: /etc/freeradius/sql.conf that mean i must delete ~/freeradius-1.1.7 that i have created with the debian : freeradius_1.1.7-1ubuntu0.2_i386.deb. that don't result any problem in my work? because im using a document with this debian _ Your E-mail and More On-the-Go. Get Windows Live Hotmail Free. https://signup.live.com/signup.aspx?id=60969- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
i found two freeradius
yestaerday i create that file: cd ~ apt-get source freeradius and i woked in the users of: cd freeradius-1.1.7/ but now i find another freeradius in: /etc/freeradius. I don't know how it is created there? and does it have any influence in my radius, because i do mychanges in file: users of cd freeradius-1.1.7/. may i delete the second freeradius that i do not created?? _ Hotmail: Trusted email with Microsoft’s powerful SPAM protection. https://signup.live.com/signup.aspx?id=60969- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: Access request-access reject
> Date: Thu, 13 May 2010 11:01:10 +0100
> From: a.l.m.bu...@lboro.ac.uk
> To: freeradius-users@lists.freeradius.org
> Subject: Re: Access request-access reject
>
> Hi,
>
> > I found in users file that line:
> > DEFAULTAuth-Type = System
>
> comment this line out and restart the daemon
> remove calls to 'unix' from your configuration
> if you dont want to even think about /etc/passwd
i commented it like that:
#DEFAULT Auth-Type = System
Fall-Through = 1
also in file radiusd.conf:
authenticate {
#
# PAP authentication, when a back-end database listed
# in the 'authorize' section supplies a password. The
# password can be clear-text, or encrypted.
Auth-Type PAP {
pap
}
#
# Most people want CHAP authentication
# A back-end database listed in the 'authorize' section
# MUST supply a CLEAR TEXT password. Encrypted passwords
# won't work.
Auth-Type CHAP {
chap
}
#
# MSCHAP authentication.
Auth-Type MS-CHAP {
mschap
}
#
# If you have a Cisco SIP server authenticating against
# FreeRADIUS, uncomment the following line, and the 'digest'
# line in the 'authorize' section.
#digest
#
# Pluggable Authentication Modules.
#pam
#
# See 'man getpwent' for information on how the 'unix'
# module checks the users password. Note that packets
# containing CHAP-Password attributes CANNOT be authenticated
# against /etc/passwd! See the FAQ for details.
#
unix
# Uncomment it if you want to use ldap for authentication
#
# Note that this means "check plain-text password against
# the ldap database", which means that EAP won't work,
# as it does not supply a plain-text password.
#Auth-Type LDAP {
#ldap
#}
#
# Allow EAP authentication.
eap
}
i commented :unix
...
and i have this output in the deamon:
Ready to process requests.
rad_recv: Access-Request packet from host 127.0.0.1:40128, id=130, length=55
User-Name = "abc"
User-Password = "123"
NAS-IP-Address = 255.255.255.255
NAS-Port = 1812
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 0
modcall[authorize]: module "preprocess" returns ok for request 0
modcall[authorize]: module "chap" returns noop for request 0
modcall[authorize]: module "mschap" returns noop for request 0
rlm_realm: No '@' in User-Name = "abc", looking up realm NULL
rlm_realm: No such realm "NULL"
modcall[authorize]: module "suffix" returns noop for request 0
rlm_eap: No EAP-Message, not doing EAP
modcall[authorize]: module "eap" returns noop for request 0
users: Matched entry DEFAULT at line 153
users: Matched entry abc at line 216
modcall[authorize]: module "files" returns ok for request 0
rlm_pap: Found existing Auth-Type, not changing it.
modcall[authorize]: module "pap" returns noop for request 0
modcall: leaving group authorize (returns ok) for request 0
rad_check_password: Found Auth-Type System
auth: type "System"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 0
modcall[authenticate]: module "unix" returns notfound for request 0
modcall: leaving group authenticate (returns notfound) for request 0
auth: Failed to validate the user.
Delaying request 0 for 1 seconds
Finished request 0
Going to the next request
--- Walking the entire request list ---
Waking up in 1 seconds...
--- Walking the entire request list ---
Waking up in 1 seconds...
--- Walking the entire request list ---
Sending Access-Reject of id 130 to 127.0.0.1 port 40128
Waking up in 4 seconds...
--- Walking the entire request list ---
Cleaning up request 0 ID 130 with timestamp 4bebd86e
Nothing to do. Sleeping until we see a request.
> alan
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
_
Hotmail: Free, trusted and rich email service.
https://signup.live.com/signup.aspx?id=60969-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Access request-access reject
> users: Matched entry DEFAULT at line 153 > > users: Matched entry abc at line 216 > > modcall[authorize]: module "files" returns ok for request 0 > > modcall: leaving group authorize (returns ok) for request 0 > > rlm_pap: Found existing Auth-Type, not changing it. > > rad_check_password: Found Auth-Type System > > modcall[authenticate]: module "unix" returns notfound for request 0 > > It shouldn't be using an auth-type of "System", that means to lookup the > user in the /etc/passwd (/etc/shadow) file. But you don't have a user on > your system named "abc" so the not found result makes sense, right? > > Why is it trying to find "abc" amongst the unix users on your system? > The answer is right above, look at the lines labeled "users:", that's > your users file, also look at the line that says "Found Auth-Type, not > changing it". So somthing in your users file forced the user "abc" to > have an Auth-Type of "system" or "unix", it also tells you which lines > in the users files it matched. Go fix your users file so it doesn't do that. I found in users file that line: DEFAULTAuth-Type = System i decommented it but same problem. i think i must change it to other attribut? > I'm guessing in your attempts to get things working you may have mangled > the example users file, you might want to start with the unaltered users > file and just add your test user. > > All this is documented in the link I sent you a week ago: > http://deployingradius.com/documents/configuration/pap.html > > -- > John Dennis _ Hotmail: Trusted email with powerful SPAM protection. https://signup.live.com/signup.aspx?id=60969- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
sending Access-request, Access-Reject
hi can someone help me in that i add a users : abc cleartext-password:="123" and i run freeradius -X after that i do: r...@pfe-laptop:/home/pfe# radtest abc 123 localhost 1812 testing123 Sending Access-Request of id 48 to 127.0.0.1 port 1812 User-Name = "abc" User-Password = "123" NAS-IP-Address = 255.255.255.255 NAS-Port = 1812 rad_recv: Access-Reject packet from host 127.0.0.1:1812, id=48, length=20 and this is the output of deamon: Ready to process requests. rad_recv: Access-Request packet from host 127.0.0.1:41804, id=48, length=55 User-Name = "abc" User-Password = "123" NAS-IP-Address = 255.255.255.255 NAS-Port = 1812 Processing the authorize section of radiusd.conf modcall: entering group authorize for request 0 modcall[authorize]: module "preprocess" returns ok for request 0 modcall[authorize]: module "chap" returns noop for request 0 modcall[authorize]: module "mschap" returns noop for request 0 rlm_realm: No '@' in User-Name = "abc", looking up realm NULL rlm_realm: No such realm "NULL" modcall[authorize]: module "suffix" returns noop for request 0 rlm_eap: No EAP-Message, not doing EAP modcall[authorize]: module "eap" returns noop for request 0 users: Matched entry DEFAULT at line 153 users: Matched entry abc at line 216 modcall[authorize]: module "files" returns ok for request 0 rlm_pap: Found existing Auth-Type, not changing it. modcall[authorize]: module "pap" returns noop for request 0 modcall: leaving group authorize (returns ok) for request 0 rad_check_password: Found Auth-Type System auth: type "System" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 0 modcall[authenticate]: module "unix" returns notfound for request 0 modcall: leaving group authenticate (returns notfound) for request 0 auth: Failed to validate the user. Delaying request 0 for 1 seconds Finished request 0 Going to the next request --- Walking the entire request list --- Waking up in 1 seconds... --- Walking the entire request list --- Waking up in 1 seconds... --- Walking the entire request list --- Sending Access-Reject of id 48 to 127.0.0.1 port 41804 Waking up in 4 seconds... --- Walking the entire request list --- Cleaning up request 0 ID 48 with timestamp 4beb3ff9 Nothing to do. Sleeping until we see a request. _ Hotmail: Free, trusted and rich email service. https://signup.live.com/signup.aspx?id=60969- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: freeradius-server-2.1.8
when i wrote that # radtest dorra mesh 192.168.1.65 1812 testing123 i had this error r...@pfe-laptop:/home/pfe/freeradius-server-2.1.8/raddb# radtest dorra mesh 192.168.1.65 1812 testing123 Sending Access-Request of id 224 to 192.168.1.65 port 1812 User-Name = "dorra" User-Password = "mesh" NAS-IP-Address = 127.0.1.1 NAS-Port = 1812 Sending Access-Request of id 224 to 192.168.1.65 port 1812 User-Name = "dorra" User-Password = "mesh" NAS-IP-Address = 127.0.1.1 NAS-Port = 1812 Sending Access-Request of id 224 to 192.168.1.65 port 1812 User-Name = "dorra" User-Password = "mesh" NAS-IP-Address = 127.0.1.1 NAS-Port = 1812 radclient: no response from server for ID 224 socket 3 and ther is nothing in the output of radiusd -X > Date: Wed, 12 May 2010 01:51:28 +0200 > From: mangi...@gmail.com > To: m...@myownsoho.net; freeradius-users@lists.freeradius.org > Subject: Re: freeradius-server-2.1.8 > > Maybe the professor wanted to learn him how to work with "&" operator > and radiusd -X is just a simple command :) > > now, lets get to work, > > Tell us what you want to achieve then there is a chance to see something > usable on this list > > > > Mike Nichols wrote: > > > > running radius in debug mode in the background shouldn't provide > > anything useful tho. > > > > just a thought... > > > > On Tue, 11 May 2010 19:36:24 +, dorra aa > > wrote: > > > > I installed on a server machine: freeradius-server-2.1.8 > > I wrote in the terminal: radiusd-X & > > Now I want to test a remote access client with radtest, is what > > the client must be equipped with He commend > > freeradius-server-2.1.8 or not? what I should do in the client side > > > > Hotmail: Powerful Free email with security by Microsoft. Get it > > now. <https://signup.live.com/signup.aspx?id=60969> > > > > > > > > -- > > > > Mike Nichols > > My Own SOHO > > m...@myownsoho.net > > http://myownsoho.com > > 212 202-2194 > > > > > > - > > List info/subscribe/unsubscribe? See > > http://www.freeradius.org/list/users.html > > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html _ Hotmail: Trusted email with Microsoft’s powerful SPAM protection. https://signup.live.com/signup.aspx?id=60969- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: freeradius-server-2.1.8
this is not my idea.it's the idea of my professor. i have no idea about the radius and he wants me to work in it just in 2 weeks.I'm shearching in many forum but i don't understand because of many errorsnow i want to test with radtest name password 192.168.1.12 1812 secretshould i write it in the terminal of server?Please help me in the first stages. :((( > Date: Tue, 11 May 2010 21:45:19 +0200 > From: al...@deployingradius.com > To: freeradius-users@lists.freeradius.org > Subject: Re: freeradius-server-2.1.8 > > dorra aa wrote: > > I installed on a server machine: freeradius-server-2.1.8 > > I wrote in the terminal: radiusd-X & > > Why would you do that? > > Nothing in *any* documentation says that's a good idea. > > > Now I want to test a remote access client with radtest, is what the > > client must be equipped with He commend freeradius-server-2.1.8 or > > not? what I should do in the client side > > The client needs a radius client... like radtest. > > Alan DeKok. > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html _ Hotmail: Powerful Free email with security by Microsoft. https://signup.live.com/signup.aspx?id=60969- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
freeradius-server-2.1.8
I installed on a server machine: freeradius-server-2.1.8 I wrote in the terminal: radiusd-X & Now I want to test a remote access client with radtest, is what the client must be equipped with He commend freeradius-server-2.1.8 or not? what I should do in the client side _ Hotmail: Powerful Free email with security by Microsoft. https://signup.live.com/signup.aspx?id=60969- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
want client but not localhost
Hello. I installed the radius on a computer and finally the test is successful locally. Now I want to do the test on another computer client.Should i install the Radius on this computer I'm writing ?or just in the terminal powered the second command: radtest But this does not work.because even if I install I get two Radius servers. I still do not understand this idea. Thank you for the enlightenment _ Hotmail: Trusted email with Microsoft’s powerful SPAM protection. https://signup.live.com/signup.aspx?id=60969- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: is there a package named phpmysql
Sorry but it's not true because with that package i want to install mysql for the radius. So i'm asked if there is someone used it.And i had the help from that list us you see. thxx > Date: Thu, 6 May 2010 20:06:29 -0400 > From: jden...@redhat.com > To: freeradius-users@lists.freeradius.org > Subject: Re: is there a package named phpmysql > > On 05/06/2010 07:53 PM, dorra aa wrote: > > Hi.i'm working now in the install of mysql for the radius.I found a file > > that tell me to do: > > sudo apt-get install mysql-server phpmysql vim-full > > But i got: > > E: Impossible de trouver le paquet phpmysql (that means impossible to > > found phpmysql) > > is there a package called like that; or the file is wrong?? > > thank > > I hope you understand whatever it is you're reading. For what it's worth > phpmysql is completely irrelevant to the purpose of this list. Seek > advice on phpmyslq elsewhere. > > -- > John Dennis > > Looking to carve out IT costs? > www.redhat.com/carveoutcosts/ > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html _ Hotmail: Powerful Free email with security by Microsoft. https://signup.live.com/signup.aspx?id=60969- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: is there a package named phpmysql
Thank you for this help Date: Thu, 6 May 2010 17:11:26 -0700 Subject: Re: is there a package named phpmysql From: paul.bart...@gmail.com To: freeradius-users@lists.freeradius.org you are probably looking for php5-mysql or php4-mysql. A good source for this kind of info is your distro's package archive. 2010/5/6 dorra aa Hi.i'm working now in the install of mysql for the radius.I found a file that tell me to do: sudo apt-get install mysql-server phpmysql vim-full But i got: E: Impossible de trouver le paquet phpmysql (that means impossible to found phpmysql) is there a package called like that; or the file is wrong?? thank Hotmail: Trusted email with Microsoft’s powerful SPAM protection. Sign up now. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- Random quote of the week/month/whenever i get to updating it: "Quis custodiet ipsos custodes?": "who shall watch the watchers themselves?" - Juvenal _ Hotmail: Free, trusted and rich email service. https://signup.live.com/signup.aspx?id=60969- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
is there a package named phpmysql
Hi.i'm working now in the install of mysql for the radius.I found a file that tell me to do: sudo apt-get install mysql-server phpmysql vim-full But i got: E: Impossible de trouver le paquet phpmysql (that means impossible to found phpmysql) is there a package called like that; or the file is wrong?? thank _ Hotmail: Trusted email with Microsoft’s powerful SPAM protection. https://signup.live.com/signup.aspx?id=60969- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: plz help me: access-reject
> Date: Wed, 5 May 2010 11:08:28 -0400 > From: jden...@redhat.com > To: freeradius-users@lists.freeradius.org > Subject: Re: plz help me: access-reject > CC: a.l.m.bu...@lboro.ac.uk > > On 05/05/2010 11:01 AM, Alan Buxey wrote: > > Hi, > > > >> Mr Alan i do it but always the same result: > >> r...@pfe-laptop:/home/pfe/freeradius-server-2.1.8# radtest sonia salut > >> 127.0.0.1:1812 1812 testing123 > >> Sending Access-Request of id 76 to 127.0.0.1 port 1812 > >> User-Name = "sonia" > >> User-Password = "salut" > >> NAS-IP-Address = 127.0.1.1 > >> NAS-Port = 1812 > >> rad_recv: Access-Reject packet from host 127.0.0.1 port 1812, id=76, > >> length=20 > > > > are you SURE you are editing the right users file? you havent got two > > copies > > of FR installed have you ? (eg self-build and RPM) - check that > > you dont have eg /etc/raddn/users AND /usr/local/etc/raddb/users or such No Sir i have only one file of users.thank you for your help.i think to install freeradius*.deb > Good thought, but this person was already told to check this :-( For John Dennis; I'm checking it form the first time.I'm not joking whith my work.i'm serious.Just it does not work > -- > John Dennis > > Looking to carve out IT costs? > www.redhat.com/carveoutcosts/ > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html _ Hotmail: Trusted email with Microsoft’s powerful SPAM protection. https://signup.live.com/signup.aspx?id=60969- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: plz help me: access-reject
Mr Alan i do it but always the same result: r...@pfe-laptop:/home/pfe/freeradius-server-2.1.8# radtest sonia salut 127.0.0.1:1812 1812 testing123 Sending Access-Request of id 76 to 127.0.0.1 port 1812 User-Name = "sonia" User-Password = "salut" NAS-IP-Address = 127.0.1.1 NAS-Port = 1812 rad_recv: Access-Reject packet from host 127.0.0.1 port 1812, id=76, length=20 plz can you give me the steps that i may to do more then that. plz help me. I am a beginner in that > Date: Wed, 5 May 2010 11:19:29 +0100 > From: a.l.m.bu...@lboro.ac.uk > To: freeradius-users@lists.freeradius.org > Subject: Re: plz help me: access-reject > > Hi, > > > Hi. im used freeradius 2.1.8. Please can somebody give me an example of > > configuration of files to do na simple test with radiusd -X. > > because i'm testing now a local client and the result is reject. I modify > > onlu users and clients.conf.is that anought? > > > > 1/I add on Users: > > > > "sonia" Auth-Type := Local, User-Password == "salut" > > Reply-Message = "Hello, %u", > > Reply-Message = "are you fine, %u" > you've already had replies about this. > > this config is wrong > > > I'm also trying another exemple: > > > > "sonia" Cleartext-Password := "salut" > > that config is correct > > alan > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html _ Your E-mail and More On-the-Go. Get Windows Live Hotmail Free. https://signup.live.com/signup.aspx?id=60969- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
plz help me: access-reject
Hi. im used freeradius 2.1.8. Please can somebody give me an example of
configuration of files to do na simple test with radiusd -X.
because i'm testing now a local client and the result is reject. I modify onlu
users and clients.conf.is that anought?
1/I add on Users:
"sonia" Auth-Type := Local, User-Password == "salut"
Reply-Message = "Hello, %u",
Reply-Message = "are you fine, %u"
I'm also trying another exemple:
"sonia" Cleartext-Password := "salut"
Reply-Message = "Hello, %u",
Reply-Message += "are you fine, %u"
2/And i add on Clients.conf:
client 127.0.0.1 {
secret = testing123 # notre clé partagée
shortname = class
nastype = other
}
when i do this command, i have:
p...@pfe-laptop:~$ sudo radtest sonia salut 127.0.0.1:1812 1812 testing123
Sending Access-Request of id 11 to 127.0.0.1 port 1812
User-Name = "sonia"
User-Password = "salut"
NAS-IP-Address = 127.0.1.1
NAS-Port = 1812
rad_recv: Access-Reject packet from host 127.0.0.1 port 1812, id=11, length=20
3/The result of output radiusd -X is:
Ready to process requests.
rad_recv: Access-Request packet from host 127.0.0.1 port 38590, id=135,
length=57
User-Name = "sonia"
User-Password = "salut"
NAS-IP-Address = 127.0.1.1
NAS-Port = 1812
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
[suffix] No '@' in User-Name = "sonia", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] No EAP-Message, not doing EAP
++[eap] returns noop
++[unix] returns notfound
++[files] returns noop
++[expiration] returns noop
++[logintime] returns noop
[pap] WARNING! No "known good" password found for the user. Authentication may
fail because of this.
++[pap] returns noop
No authenticate method (Auth-Type) configuration found for the request:
Rejecting the user
Failed to authenticate the user.
Using Post-Auth-Type Reject
+- entering group REJECT {...}
[attr_filter.access_reject] expand: %{User-Name} -> sonia
attr_filter: Matched entry DEFAULT at line 11
++[attr_filter.access_reject] returns updated
Delaying reject of request 0 for 1 seconds
Going to the next request
Waking up in 0.9 seconds.
Sending delayed reject for request 0
Sending Access-Reject of id 135 to 127.0.0.1 port 38590
Waking up in 4.9 seconds.
Cleaning up request 0 ID 135 with timestamp +153
Ready to process requests.
What is the problem please
Can you help me whith a clear example
tahnk you
_
Hotmail: Trusted email with Microsoft’s powerful SPAM protection.
https://signup.live.com/signup.aspx?id=60969-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: your mail
the output of my radiusd -X is :
Module: Linked to module rlm_pap
Module: Instantiating pap
pap {
encryption_scheme = "auto"
auto_header = no
}
Module: Linked to module rlm_chap
Module: Instantiating chap
Module: Linked to module rlm_mschap
Module: Instantiating mschap
mschap {
use_mppe = yes
require_encryption = no
require_strong = no
with_ntdomain_hack = no
}
Module: Linked to module rlm_unix
Module: Instantiating unix
unix {
radwtmp = "/usr/local/var/log/radius/radwtmp"
}
Module: Linked to module rlm_eap
Module: Instantiating eap
eap {
default_eap_type = "md5"
timer_expire = 60
ignore_unknown_eap_types = no
cisco_accounting_username_bug = no
max_sessions = 4096
}
Module: Linked to sub-module rlm_eap_md5
Module: Instantiating eap-md5
Module: Linked to sub-module rlm_eap_leap
Module: Instantiating eap-leap
Module: Linked to sub-module rlm_eap_gtc
Module: Instantiating eap-gtc
gtc {
challenge = "Password: "
auth_type = "PAP"
}
Ignoring EAP-Type/tls because we do not have OpenSSL support.
Ignoring EAP-Type/ttls because we do not have OpenSSL support.
Ignoring EAP-Type/peap because we do not have OpenSSL support.
Module: Linked to sub-module rlm_eap_mschapv2
Module: Instantiating eap-mschapv2
mschapv2 {
with_ntdomain_hack = no
}
Module: Checking authorize {...} for more modules to load
Module: Linked to module rlm_realm
Module: Instantiating suffix
realm suffix {
format = "suffix"
delimiter = "@"
ignore_default = no
ignore_null = no
}
Module: Linked to module rlm_files
Module: Instantiating files
files {
usersfile = "/usr/local/etc/raddb/users"
acctusersfile = "/usr/local/etc/raddb/acct_users"
preproxy_usersfile = "/usr/local/etc/raddb/preproxy_users"
compat = "no"
}
Module: Checking session {...} for more modules to load
Module: Linked to module rlm_radutmp
Module: Instantiating radutmp
radutmp {
filename = "/usr/local/var/log/radius/radutmp"
username = "%{User-Name}"
case_sensitive = yes
check_with_nas = yes
perm = 384
callerid = yes
}
Module: Checking post-proxy {...} for more modules to load
Module: Checking post-auth {...} for more modules to load
Module: Linked to module rlm_attr_filter
Module: Instantiating attr_filter.access_reject
attr_filter attr_filter.access_reject {
attrsfile = "/usr/local/etc/raddb/attrs.access_reject"
key = "%{User-Name}"
}
} # modules
} # server
server {
modules {
Module: Checking authenticate {...} for more modules to load
Module: Checking authorize {...} for more modules to load
Module: Linked to module rlm_preprocess
Module: Instantiating preprocess
preprocess {
huntgroups = "/usr/local/etc/raddb/huntgroups"
hints = "/usr/local/etc/raddb/hints"
with_ascend_hack = no
ascend_channels_per_line = 23
with_ntdomain_hack = no
with_specialix_jetstream_hack = no
with_cisco_vsa_hack = no
with_alvarion_vsa_hack = no
}
Module: Checking preacct {...} for more modules to load
Module: Linked to module rlm_acct_unique
Module: Instantiating acct_unique
acct_unique {
key = "User-Name, Acct-Session-Id, NAS-IP-Address, Client-IP-Address,
NAS-Port"
}
Module: Checking accounting {...} for more modules to load
Module: Linked to module rlm_detail
Module: Instantiating detail
detail {
detailfile =
"/usr/local/var/log/radius/radacct/%{Client-IP-Address}/detail-%Y%m%d"
header = "%t"
detailperm = 384
dirperm = 493
locking = no
log_packet_header = no
}
Module: Instantiating attr_filter.accounting_response
attr_filter attr_filter.accounting_response {
attrsfile = "/usr/local/etc/raddb/attrs.accounting_response"
key = "%{User-Name}"
}
Module: Checking session {...} for more modules to load
Module: Checking post-proxy {...} for more modules to load
Module: Checking post-auth {...} for more modules to load
} # modules
} # server
radiusd: Opening IP addresses and Ports
listen {
type = "auth"
ipaddr = *
port = 0
Failed binding to authentication address * port 1812: Address already in use
/usr/local/etc/raddb/radiusd.conf[240]: Error binding to port for 0.0.0.0 port
1812
p...@pfe-laptop:~/freeradius-server-2.1.8$ killall radiusd
radiusd(4956): Opération non permise
radiusd: aucun processus tué
p...@pfe-laptop:~/freeradius-server-2.1.8$ sudo killall radiusd
p...@pfe-laptop:~/freeradius-server-2.1.8$ sudo radiusd -X
FreeRADIUS Version 2.1.8, for host i686-pc-linux-gnu, built on May 3 2010 at
23:42:10
Copyright (C) 1999-2009 The FreeRADIUS server project and contributors.
There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A
PARTICULAR PURPOSE.
You may redistribute copies of FreeRADIUS under the terms of the
GNU General Public License v2.
Starting - reading configuration files ...
including configuration file /usr/local/etc/raddb/radiusd.conf
including configuration file
[no subject]
Hi.
After installing Radius. i try to do some exemple.I d'ont know if it is correct
because i'm new in it.
I add on Users:
"sonia" Auth-Type := Local, User-Password == "salut"
Reply-Message = "Hello, %u",
Reply-Message = "are you fine, %u"
And i add on Clients.conf:
client 127.0.0.1 {
secret = testing123 # notre clé partagée
shortname = class
nastype = other
}
when i do this command, i have:
p...@pfe-laptop:~$ sudo radtest sonia salut 127.0.0.1:1812 1812 testing123
Sending Access-Request of id 11 to 127.0.0.1 port 1812
User-Name = "sonia"
User-Password = "salut"
NAS-IP-Address = 127.0.1.1
NAS-Port = 1812
rad_recv: Access-Reject packet from host 127.0.0.1 port 1812, id=11, length=20
What is the problem please.is there someting messing in my test?
Thank you
_
Hotmail: Trusted email with powerful SPAM protection.
https://signup.live.com/signup.aspx?id=60969-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Configuration radius
Hello. I am doing a project in network mesh, wireless mesh. After making the implementation of my network, I want to do authentication and security of my network using Radius. But I have no information of this side and I found many documents that I do not understand. Please help me to find a clear document and without difficulty. I want to do the Radius on two machines: a server and a client. What are the commands to type to each machine. Thank you _ Hotmail: Trusted email with Microsoft’s powerful SPAM protection. https://signup.live.com/signup.aspx?id=60969- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
radiusd -X
HI
I try to test freeradius with this command radiusd -X. but i get that error:
radiusd: Opening IP addresses and Ports
listen {
type = "auth"
ipaddr = *
port = 0
Failed binding to authentication address * port 1812: Address already in use
/usr/local/etc/raddb/radiusd.conf[240]: Error binding to port for 0.0.0.0 port
1812
What's the problem plz
THanks
_
Hotmail: Powerful Free email with security by Microsoft.
https://signup.live.com/signup.aspx?id=60969-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
