Log the IP client after a successful login
Hi, Is it possible lo to log the IP address of the client after a successfull auth/login? Something like that: Tue Jul 5 17:18:46 2011 : Auth: Login OK: [elo...@irta.es/] (from client WLC_SSCC port 1 cli B8-C7-5D-E4-A3-6B) *$IPADDRESS* Thanks in advance. -- View this message in context: http://freeradius.1045715.n5.nabble.com/Log-the-IP-client-after-a-successful-login-tp4556157p4556157.html Sent from the FreeRadius - User mailing list archive at Nabble.com. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Credentials format in Windows suplicant
Hi everybody,
I have successfully authenticated a user by adding this portion
authorize {
if (User-Name =~ /^([^@]*)@(.+)$/) {
update request {
Stripped-User-Name := "%{1}"
Realm := "%{toupper:%{2}}"
}
}
else {
reject
}
that Phil provide me.
The internal authentication/accounting with Active Directory is fine, so all
corporate users using eduroam with internal realms in the credentials can
gain access to the network.
However, using users from another realms which have to be proxied do not. In
debug mode the request is proxied:
u Jun 23 15:22:03 2011 : Info: Ready to process requests.
rad_recv: Access-Request packet from host 172.18.1.10 port 32769, id=97,
length=203
User-Name = "proves_i...@cesca.cat"
Calling-Station-Id = "00-26-B6-59-F1-EA"
Called-Station-Id = "00-22-55-F1-80-B0:eduroam"
NAS-Port = 1
NAS-IP-Address = 172.18.1.10
NAS-Identifier = "WLC_SSCC"
Airespace-Wlan-Id = 1
Service-Type = Framed-User
Framed-MTU = 1300
NAS-Port-Type = Wireless-802.11
Tunnel-Type:0 = VLAN
Tunnel-Medium-Type:0 = IEEE-802
Tunnel-Private-Group-Id:0 = "50"
EAP-Message = 0x0205001a0170726f7665735f697274614063657363612e636174
Message-Authenticator = 0x559f7e2dfefa8dffefb282cb2c7dae91
Thu Jun 23 15:22:16 2011 : Info: # Executing section authorize from file
/etc/raddb/sites-enabled/default
Thu Jun 23 15:22:16 2011 : Info: +- entering group authorize {...}
Thu Jun 23 15:22:16 2011 : Info: ++[chap] returns noop
Thu Jun 23 15:22:16 2011 : Info: ++[mschap] returns noop
Thu Jun 23 15:22:16 2011 : Info: [suffix] Looking up realm "cesca.cat" for
User-Name = "proves_i...@cesca.cat"
Thu Jun 23 15:22:16 2011 : Info: [suffix] Found realm "DEFAULT"
Thu Jun 23 15:22:16 2011 : Info: [suffix] Adding Realm = "DEFAULT"
Thu Jun 23 15:22:16 2011 : Info: [suffix] Proxying request from user
proves_irta to realm DEFAULT
Thu Jun 23 15:22:16 2011 : Info: [suffix] Preparing to proxy authentication
request to realm "DEFAULT"
Thu Jun 23 15:22:16 2011 : Info: ++[suffix] returns updated
Thu Jun 23 15:22:16 2011 : Info: [eap] Request is supposed to be proxied to
Realm DEFAULT. Not doing EAP.
Thu Jun 23 15:22:16 2011 : Info: ++[eap] returns noop
Thu Jun 23 15:22:16 2011 : Info: ++[files] returns noop
Thu Jun 23 15:22:16 2011 : Info: WARNING: Empty pre-proxy section. Using
default return values.
Sending Access-Request of id 113 to 84.88.0.19 port 1812
User-Name = "proves_i...@cesca.cat"
Calling-Station-Id = "00-26-B6-59-F1-EA"
Called-Station-Id = "00-22-55-F1-80-B0:eduroam"
NAS-Port = 1
NAS-IP-Address = 172.18.1.10
NAS-Identifier = "WLC_SSCC"
Airespace-Wlan-Id = 1
Service-Type = Framed-User
Framed-MTU = 1300
NAS-Port-Type = Wireless-802.11
Tunnel-Type:0 = VLAN
Tunnel-Medium-Type:0 = IEEE-802
Tunnel-Private-Group-Id:0 = "50"
EAP-Message = 0x0205001a0170726f7665735f697274614063657363612e636174
Message-Authenticator = 0x
Proxy-State = 0x3937
Thu Jun 23 15:22:16 2011 : Info: Proxying request 0 to home server
84.88.0.19 port 1812
Sending Access-Request of id 113 to 84.88.0.19 port 1812
User-Name = "proves_i...@cesca.cat"
Calling-Station-Id = "00-26-B6-59-F1-EA"
Called-Station-Id = "00-22-55-F1-80-B0:eduroam"
NAS-Port = 1
NAS-IP-Address = 172.18.1.10
NAS-Identifier = "WLC_SSCC"
Airespace-Wlan-Id = 1
Service-Type = Framed-User
Framed-MTU = 1300
NAS-Port-Type = Wireless-802.11
Tunnel-Type:0 = VLAN
Tunnel-Medium-Type:0 = IEEE-802
Tunnel-Private-Group-Id:0 = "50"
EAP-Message = 0x0205001a0170726f7665735f697274614063657363612e636174
Message-Authenticator = 0x
Proxy-State = 0x3937
Thu Jun 23 15:22:16 2011 : Debug: Going to the next request
Thu Jun 23 15:22:16 2011 : Debug: Waking up in 0.9 seconds.
Thu Jun 23 15:22:17 2011 : Debug: Waking up in 12.9 seconds.
rad_recv: Access-Request packet from host 172.18.1.10 port 32769, id=97,
length=203
Thu Jun 23 15:22:18 2011 : Info: Sending duplicate proxied request to home
server 84.88.0.19 port 1812 - ID: 113
Sending Access-Request of id 113 to 84.88.0.19 port 1812
User-Name = "proves_i...@cesca.cat"
Calling-Station-Id = "00-26-B6-59-F1-EA"
Called-Station-Id = "00-22-55-F1-80-B0:eduroam"
NAS-Port = 1
NAS-IP-Address = 172.18.1.10
NAS-Identifier = "WLC_SSCC"
Airespace-Wlan-Id = 1
Service-Type = Framed-User
Framed-MTU = 1300
NAS-Port-Type = Wireless-802.11
Tunnel-Type:0 = VLAN
Tunnel-Medium-Type:0 = IEEE-802
Tunnel-Private-Group-Id:0 = "50"
EAP-Message = 0x0205001a0170726f7665735f697274614063657363612e636174
Message-Authenticato
Re: Credentials format in Windows suplicant
Hi Phil,
Thank you for the reply.
Yes I am running 2.1.10
I have made the changes you proposed and I see in the debug:
Tue Jun 14 10:12:46 2011 : Info: ++- entering if (User-Name =~
/^([^@]*)@(.+)$/) {...}
Tue Jun 14 10:12:46 2011 : Info:expand: %{1} -> jroldan
Tue Jun 14 10:12:46 2011 : Info:expand: %{2} -> irta.es
Tue Jun 14 10:12:46 2011 : Info:expand: %{toupper:%{2}} -> IRTA.ES
How the expand is done.
But I still can not authenticate with user@domain format.
I attach you the
radius output:
http://freeradius.1045715.n5.nabble.com/file/n4487147/radius-Xx.txt
radius-Xx.txt
a good auth with nt format:
http://freeradius.1045715.n5.nabble.com/file/n4487147/auth_ok_nt_format.txt
auth_ok_nt_format.txt
a bad auth with "email" format:
http://freeradius.1045715.n5.nabble.com/file/n4487147/auth_no_ok_mail_format.txt
auth_no_ok_mail_format.txt
Thank you very much for your support.
--
View this message in context:
http://freeradius.1045715.n5.nabble.com/Credentials-format-in-Windows-suplicant-tp4476319p4487147.html
Sent from the FreeRadius - User mailing list archive at Nabble.com.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Credentials format in Windows suplicant
Hi everybody, I have take a look to this post: http://freeradius.1045715.n5.nabble.com/MSCHAP-Authentication-Issue-td2785146.html And I totally agree with the behaviours described in the table. I have been experiencing the same. If I type the credentials on prompt of Windows supplicant like MYDOMAIN.COM\user password The request is accepted: Fri Jun 10 15:58:51 2011 : Info: ++[eap] returns ok Fri Jun 10 15:58:51 2011 : Auth: Login OK: [IRTA_NT\\jroldan/] (from client WLC_SSCC port 1 cli 00-26-B6-59-F1-EA) But if I type u...@mydomain.com password I get the next info: Fri Jun 10 16:11:52 2011 : Debug: Exec-Program output: Logon failure (0xc06d) Fri Jun 10 16:11:52 2011 : Debug: Exec-Program-Wait: plaintext: Logon failure (0xc06d) Fri Jun 10 16:11:52 2011 : Debug: Exec-Program: returned: 1 Fri Jun 10 16:11:52 2011 : Info: [mschap] External script failed. Fri Jun 10 16:11:52 2011 : Info: [mschap] FAILED: MS-CHAP2-Response is incorrect Fri Jun 10 16:11:52 2011 : Info: ++[mschap] returns reject Fri Jun 10 16:11:52 2011 : Info: [eap] Freeing handler Fri Jun 10 16:11:52 2011 : Info: ++[eap] returns reject Fri Jun 10 16:11:52 2011 : Info: Failed to authenticate the user. Fri Jun 10 16:11:52 2011 : Auth: Login incorrect (mschap: External script says Logon failure (0xc06d)): [jrol...@irta.es/] (from client WLC_SSCC port 0 via TLS tunnel) I assume my configuration is fine (extracted from deployingradius.com) because its working by typing credentials in NT format. As the configuration of freeradius is for eduroam purpose it would be nice that user enter the credentials like u...@domain.com, and in function of the domain the request would be proxied or not. Is is possible to use this format in spite of NT-domain? Thanks in advance. -- View this message in context: http://freeradius.1045715.n5.nabble.com/Credentials-format-in-Windows-suplicant-tp4476319p4476319.html Sent from the FreeRadius - User mailing list archive at Nabble.com. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: freeradius 2.1.10 WARNING: Internal sanity check failed
Hi, After failing to set an EAP-MSCHAP environment with certificates by default, I have handled a production certified by a CA signer. With these certificates I do not get the warning of compatibility with Windows. But the warning which I opened this post appears again: Info: WARNING: Internal sanity check failed in event handler for request 1: Discarding the request! The purpose of freeradius server is configured to implement eduroam in an institution with PEAP-MSCHAPv2 using windows supplicant. The changes I made in the configuration have been minimal: - The command "hello bob localhost 0 radtest testing123" working properly - configuration of all Wireless LAN Controller in clients.conf - definition as the default eap PEAP type in eap.conf - CA configuration file, key and certificate in tls in eap.conf - configuration of the proxy RADIUS realm DEFAULT When I try to authenticate a user to test the request goes to a higher radius, the request is sent to proxy radius but after a few tries before I get the warning again. I attach the outputs. http://freeradius.1045715.n5.nabble.com/file/n4461876/warning.txt warning.txt http://freeradius.1045715.n5.nabble.com/file/n4461876/radiusd-Xx.txt radiusd-Xx.txt Thanks in advance. -- View this message in context: http://freeradius.1045715.n5.nabble.com/freeradius-2-1-10-WARNING-Internal-sanity-check-failed-tp3340058p4461876.html Sent from the FreeRadius - User mailing list archive at Nabble.com. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: freeradius 2.1.10 WARNING: Internal sanity check failed
I have grabbed the 2.1.11 from git.freeradius.org, and unfortunally I get the same warning: Debug: WARNING: !! Debug: WARNING: !! EAP session for state 0xc729a88ac72ab1dd did not finish! Debug: WARNING: !! Please read http://wiki.freeradius.org/Certificate_Compatibility Debug: WARNING: !! I have tried with several EAP types, such PEAP-MSCHAPv2, TTLS, TLS with Windows, Cisco and Intel supplicants and always get the same warning. I always install the CA on Windows client, even the server.crt and server.p12 with no success. Has anyone face with this issue? Thanks a lot. -- View this message in context: http://freeradius.1045715.n5.nabble.com/freeradius-2-1-10-WARNING-Internal-sanity-check-failed-tp3340058p4364390.html Sent from the FreeRadius - User mailing list archive at Nabble.com. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: freeradius 2.1.10 WARNING: Internal sanity check failed
I have make sure that root certificate is installed on Windows client but I still got the same warning. Could anyone tell me how to fix it? Thanks in advance. -- View this message in context: http://freeradius.1045715.n5.nabble.com/freeradius-2-1-10-WARNING-Internal-sanity-check-failed-tp3340058p4341296.html Sent from the FreeRadius - User mailing list archive at Nabble.com. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: freeradius 2.1.10 WARNING: Internal sanity check failed
Hi,
I have followed your advise and I went back to the default config. I have
read the:
http://deployingradius.com/documents/configuration/certificates.html
And I have followed it step by step. Testing first the PAP auth with an
entry in users.conf and it worked fine. Next I add the Wireless LAN
Controller in clients.conf and change the default eap_type with peap.
I get the next warning:
Debug: WARNING:
!!
Debug: WARNING: !! EAP session for state 0xc729a88ac72ab1dd did not finish!
Debug: WARNING: !! Please read
http://wiki.freeradius.org/Certificate_Compatibility
Debug: WARNING:
!!
Testing with an WinXP and Win7 client, so I do not think its a Supplicant
issue.
The supplicant config is PEAP with MSCHAPv2, and no certificate validation.
I have a look to certs/README file, and I have studied the ./bootstrap
script I make sure xpextensions are applied.I also launch
rm -f *.pem *.der *.csr *.crt *.key *.p12 serial* index.txt*
Before modifying the server.cnf and ca.cnf and launch bootstrap script
again.
I always get the same warning, I do no undestand why. In
http://deployingradius.com says it just worked, but not in my enviorment.
I attach the output:
Thu Mar 31 13:14:25 2011 : Info: Ready to process requests.
rad_recv: Access-Request packet from host 10.118.249.20 port 32768, id=51,
length=173
User-Name = "bob"
Calling-Station-Id = "00-1B-77-8E-1E-A4"
Called-Station-Id = "00-1E-4A-90-5F-30:eduroam"
NAS-Port = 29
NAS-IP-Address = 10.118.249.20
NAS-Identifier = "WLC_2_SCC_LAB"
Airespace-Wlan-Id = 1
Service-Type = Framed-User
Framed-MTU = 1300
NAS-Port-Type = Wireless-802.11
Tunnel-Type:0 = VLAN
Tunnel-Medium-Type:0 = IEEE-802
Tunnel-Private-Group-Id:0 = "911"
EAP-Message = 0x0202000801626f62
Message-Authenticator = 0xfabf4ce8269ee315494653e616f244ce
Thu Mar 31 13:14:26 2011 : Info: # Executing section authorize from file
/etc/raddb/sites-enabled/default
Thu Mar 31 13:14:26 2011 : Info: +- entering group authorize {...}
Thu Mar 31 13:14:26 2011 : Info: ++[preprocess] returns ok
Thu Mar 31 13:14:26 2011 : Info: ++[chap] returns noop
Thu Mar 31 13:14:26 2011 : Info: ++[mschap] returns noop
Thu Mar 31 13:14:26 2011 : Info: ++[digest] returns noop
Thu Mar 31 13:14:26 2011 : Info: [suffix] No '@' in User-Name = "bob",
looking up realm NULL
Thu Mar 31 13:14:26 2011 : Info: [suffix] No such realm "NULL"
Thu Mar 31 13:14:26 2011 : Info: ++[suffix] returns noop
Thu Mar 31 13:14:26 2011 : Info: [eap] EAP packet type response id 2 length
8
Thu Mar 31 13:14:26 2011 : Info: [eap] No EAP Start, assuming it's an
on-going EAP conversation
Thu Mar 31 13:14:26 2011 : Info: ++[eap] returns updated
Thu Mar 31 13:14:26 2011 : Info: [files] users: Matched entry bob at line 1
Thu Mar 31 13:14:26 2011 : Info: ++[files] returns ok
Thu Mar 31 13:14:26 2011 : Info: ++[expiration] returns noop
Thu Mar 31 13:14:26 2011 : Info: ++[logintime] returns noop
Thu Mar 31 13:14:26 2011 : Info: [pap] WARNING: Auth-Type already set. Not
setting to PAP
Thu Mar 31 13:14:26 2011 : Info: ++[pap] returns noop
Thu Mar 31 13:14:26 2011 : Info: Found Auth-Type = EAP
Thu Mar 31 13:14:26 2011 : Info: # Executing group from file
/etc/raddb/sites-enabled/default
Thu Mar 31 13:14:26 2011 : Info: +- entering group authenticate {...}
Thu Mar 31 13:14:26 2011 : Info: [eap] EAP Identity
Thu Mar 31 13:14:26 2011 : Info: [eap] processing type tls
Thu Mar 31 13:14:26 2011 : Info: [tls] Initiate
Thu Mar 31 13:14:26 2011 : Info: [tls] Start returned 1
Thu Mar 31 13:14:26 2011 : Info: ++[eap] returns handled
Sending Access-Challenge of id 51 to 10.118.249.20 port 32768
EAP-Message = 0x010300061920
Message-Authenticator = 0x
State = 0xc729a88ac72ab1dd3e4f8d4fc2851f1c
Thu Mar 31 13:14:26 2011 : Info: Finished request 9.
Thu Mar 31 13:14:26 2011 : Debug: Going to the next request
Thu Mar 31 13:14:26 2011 : Debug: Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 10.118.249.20 port 32768, id=51,
length=173
Thu Mar 31 13:14:28 2011 : Info: Sending duplicate reply to client WiSM port
32768 - ID: 51
Sending Access-Challenge of id 51 to 10.118.249.20 port 32768
Thu Mar 31 13:14:28 2011 : Debug: Waking up in 2.9 seconds.
rad_recv: Access-Request packet from host 10.118.249.20 port 32768, id=51,
length=173
Thu Mar 31 13:14:30 2011 : Info: Sending duplicate reply to client WiSM port
32768 - ID: 51
Sending Access-Challenge of id 51 to 10.118.249.20 port 32768
Thu Mar 31 13:14:30 2011 : Debug: Waking up in 0.9 seconds.
Thu Mar 31 13:14:31 2011 : Info: Cleaning up request 9 ID 51 with timestamp
+60
Thu Mar 31 13:14:31 2011 : Debug: WARNING:
!!
Thu Mar 31 13:14:31 2011 : Debug: WARNI
RE: freeradius 2.1.10 WARNING: Internal sanity check failed
FreeRADIUS Version 2.1.10, for host x86_64-redhat-linux-gnu, built on Oct 19
2010 at 20:00:35
Copyright (C) 1999-2009 The FreeRADIUS server project and contributors.
There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A
PARTICULAR PURPOSE.
You may redistribute copies of FreeRADIUS under the terms of the
GNU General Public License v2.
Starting - reading configuration files ...
including configuration file /etc/raddb/radiusd.conf
including configuration file /etc/raddb/proxy.conf
including configuration file /etc/raddb/clients.conf
including files in directory /etc/raddb/modules/
including configuration file /etc/raddb/modules/pap
including configuration file /etc/raddb/modules/mac2vlan
including configuration file /etc/raddb/modules/policy
including configuration file /etc/raddb/modules/always
including configuration file /etc/raddb/modules/linelog
including configuration file /etc/raddb/modules/attr_rewrite
including configuration file /etc/raddb/modules/checkval
including configuration file /etc/raddb/modules/dynamic_clients
including configuration file /etc/raddb/modules/detail.log
including configuration file /etc/raddb/modules/wimax
including configuration file /etc/raddb/modules/sql_log
including configuration file /etc/raddb/modules/files
including configuration file /etc/raddb/modules/counter
including configuration file /etc/raddb/modules/preprocess
including configuration file /etc/raddb/modules/cui
including configuration file /etc/raddb/modules/inner-eap
including configuration file /etc/raddb/modules/exec
including configuration file /etc/raddb/modules/perl
including configuration file /etc/raddb/modules/sqlcounter_expire_on_login
including configuration file /etc/raddb/modules/unix
including configuration file /etc/raddb/modules/realm
including configuration file /etc/raddb/modules/digest
including configuration file /etc/raddb/modules/ippool
including configuration file /etc/raddb/modules/expr
including configuration file /etc/raddb/modules/mschap
including configuration file /etc/raddb/modules/passwd
including configuration file /etc/raddb/modules/radutmp
including configuration file /etc/raddb/modules/ntlm_auth
including configuration file /etc/raddb/modules/expiration
including configuration file /etc/raddb/modules/sradutmp
including configuration file /etc/raddb/modules/logintime
including configuration file /etc/raddb/modules/etc_group
including configuration file /etc/raddb/modules/chap
including configuration file /etc/raddb/modules/smsotp
including configuration file /etc/raddb/modules/echo
including configuration file /etc/raddb/modules/opendirectory
including configuration file /etc/raddb/modules/detail
including configuration file /etc/raddb/modules/mac2ip
including configuration file /etc/raddb/modules/acct_unique
including configuration file /etc/raddb/modules/smbpasswd
including configuration file /etc/raddb/modules/pam
including configuration file /etc/raddb/modules/attr_filter
including configuration file /etc/raddb/modules/otp
including configuration file /etc/raddb/modules/detail.example.com
including configuration file /etc/raddb/eap.conf
including configuration file /etc/raddb/policy.conf
including files in directory /etc/raddb/sites-enabled/
including configuration file /etc/raddb/sites-enabled/default
including configuration file /etc/raddb/sites-enabled/control-socket
including configuration file /etc/raddb/sites-enabled/inner-tunnel
main {
user = "radiusd"
group = "radiusd"
allow_core_dumps = no
}
including dictionary file /etc/raddb/dictionary
main {
prefix = "/usr"
localstatedir = "/var"
logdir = "/var/log/radius"
libdir = "/usr/lib64/freeradius"
radacctdir = "/var/log/radius/radacct"
hostname_lookups = no
max_request_time = 30
cleanup_delay = 5
max_requests = 1024
pidfile = "/var/run/radiusd/radiusd.pid"
checkrad = "/usr/sbin/checkrad"
debug_level = 0
proxy_requests = yes
log {
stripped_names = no
auth = yes
auth_badpass = yes
auth_goodpass = yes
}
security {
max_attributes = 200
reject_delay = 1
status_server = yes
}
}
radiusd: Loading Realms and Home Servers
proxy server {
retry_delay = 5
retry_count = 3
default_fallback = yes
dead_time = 120
wake_all_if_all_dead = no
}
realm NULL {
nostrip
authhost = LOCAL
accthost = LOCAL
}
realm DEFAULT {
nostrip
authhost = X.X.X.X:1812
accthost = X.X.X.X:1813
secret = verysecret
}
realm irta.cat {
nostrip
authhost = 192.168.1.34
accthost = 192.168.1.34
secret = **
}
realm irta.es {
nostrip
authhost = 192.168.1.34
accthost = 192.168.1.34
secret = **
}
realm IRTA_NT {
nostrip
authhost = 192.168.1.34
accthost = 1
RE: freeradius 2.1.10 WARNING: Internal sanity check failed
I'm sorry! Try to rewrite the e-mail to a human mode ; )
Hi,
I am configuring a freeradius for a institution for eduroam purposes, using
Fedora 13 and with freeradius 2.1.10. The only EAP type supported is
EAP-TTLS/PAP. I attach the radius -X output:
FreeRADIUS Version 2.1.10, for host x86_64-redhat-linux-gnu, built on Oct 19
2010 at 20:00:35
Copyright (C) 1999-2009 The FreeRADIUS server project and contributors.
There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A
PARTICULAR PURPOSE.
You may redistribute copies of FreeRADIUS under the terms of the
GNU General Public License v2.
Starting - reading configuration files ...
including configuration file /etc/raddb/radiusd.conf
including configuration file /etc/raddb/proxy.conf
including configuration file /etc/raddb/clients.conf
including files in directory /etc/raddb/modules/
including configuration file /etc/raddb/modules/pap
including configuration file /etc/raddb/modules/mac2vlan
including configuration file /etc/raddb/modules/policy
including configuration file /etc/raddb/modules/always
including configuration file /etc/raddb/modules/linelog
including configuration file /etc/raddb/modules/attr_rewrite
including configuration file /etc/raddb/modules/checkval
including configuration file /etc/raddb/modules/dynamic_clients
including configuration file /etc/raddb/modules/detail.log
including configuration file /etc/raddb/modules/wimax
including configuration file /etc/raddb/modules/sql_log
including configuration file /etc/raddb/modules/files
including configuration file /etc/raddb/modules/counter
including configuration file /etc/raddb/modules/preprocess
including configuration file /etc/raddb/modules/cui
including configuration file /etc/raddb/modules/inner-eap
including configuration file /etc/raddb/modules/exec
including configuration file /etc/raddb/modules/perl
including configuration file /etc/raddb/modules/sqlcounter_expire_on_login
including configuration file /etc/raddb/modules/unix
including configuration file /etc/raddb/modules/realm
including configuration file /etc/raddb/modules/digest
including configuration file /etc/raddb/modules/ippool
including configuration file /etc/raddb/modules/expr
including configuration file /etc/raddb/modules/mschap
including configuration file /etc/raddb/modules/passwd
including configuration file /etc/raddb/modules/radutmp
including configuration file /etc/raddb/modules/ntlm_auth
including configuration file /etc/raddb/modules/expiration
including configuration file /etc/raddb/modules/sradutmp
including configuration file /etc/raddb/modules/logintime
including configuration file /etc/raddb/modules/etc_group
including configuration file /etc/raddb/modules/chap
including configuration file /etc/raddb/modules/smsotp
including configuration file /etc/raddb/modules/echo
including configuration file /etc/raddb/modules/opendirectory
including configuration file /etc/raddb/modules/detail
including configuration file /etc/raddb/modules/mac2ip
including configuration file /etc/raddb/modules/acct_unique
including configuration file /etc/raddb/modules/smbpasswd
including configuration file /etc/raddb/modules/pam
including configuration file /etc/raddb/modules/attr_filter
including configuration file /etc/raddb/modules/otp
including configuration file /etc/raddb/modules/detail.example.com
including configuration file /etc/raddb/eap.conf
including configuration file /etc/raddb/policy.conf
including files in directory /etc/raddb/sites-enabled/
including configuration file /etc/raddb/sites-enabled/default
including configuration file /etc/raddb/sites-enabled/control-socket
including configuration file /etc/raddb/sites-enabled/inner-tunnel
main {
user = "radiusd"
group = "radiusd"
allow_core_dumps = no
}
including dictionary file /etc/raddb/dictionary
main {
prefix = "/usr"
localstatedir = "/var"
logdir = "/var/log/radius"
libdir = "/usr/lib64/freeradius"
radacctdir = "/var/log/radius/radacct"
hostname_lookups = no
max_request_time = 30
cleanup_delay = 5
max_requests = 1024
pidfile = "/var/run/radiusd/radiusd.pid"
checkrad = "/usr/sbin/checkrad"
debug_level = 0
proxy_requests = yes
log {
stripped_names = no
auth = yes
auth_badpass = yes
auth_goodpass = yes
}
security {
max_attributes = 200
reject_delay = 1
status_server = yes
}
}
radiusd: Loading Realms and Home Servers
proxy server {
retry_delay = 5
retry_count = 3
default_fallback = yes
dead_time = 120
wake_all_if_all_dead = no
}
realm NULL {
nostrip
authhost = LOCAL
accthost = LOCAL
}
realm DEFAULT {
nostrip
authhost = X.X.X.X:1812
accthost = X.X.X.X:1813
secret = verysecret
}
realm irta.cat {
nostrip
authhost = 192.168.1.34
accth
freeradius 2.1.10 WARNING: Internal sanity check failed
Hi,
I am configuring a freeradius for a institution for eduroam purposes, using
Fedora 13 and with freeradius 2.1.10. The only EAP type supported is
EAP-TTLS/PAP. I attach the radius -X output:
FreeRADIUS Version 2.1.10, for host x86_64-redhat-linux-gnu, built on Oct 19
2010 at 20:00:35
Copyright (C) 1999-2009 The FreeRADIUS server project and contributors.
There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A
PARTICULAR PURPOSE.
You may redistribute copies of FreeRADIUS under the terms of the
GNU General Public License v2.
Starting - reading configuration files ...
including configuration file /etc/raddb/radiusd.conf
including configuration file /etc/raddb/proxy.conf
including configuration file /etc/raddb/clients.conf
including files in directory /etc/raddb/modules/
including configuration file /etc/raddb/modules/pap
including configuration file /etc/raddb/modules/mac2vlan
including configuration file /etc/raddb/modules/policy
including configuration file /etc/raddb/modules/always
including configuration file /etc/raddb/modules/linelog
including configuration file /etc/raddb/modules/attr_rewrite
including configuration file /etc/raddb/modules/checkval
including configuration file /etc/raddb/modules/dynamic_clients
including configuration file /etc/raddb/modules/detail.log
including configuration file /etc/raddb/modules/wimax
including configuration file /etc/raddb/modules/sql_log
including configuration file /etc/raddb/modules/files
including configuration file /etc/raddb/modules/counter
including configuration file /etc/raddb/modules/preprocess
including configuration file /etc/raddb/modules/cui
including configuration file /etc/raddb/modules/inner-eap
including configuration file /etc/raddb/modules/exec
including configuration file /etc/raddb/modules/perl
including configuration file /etc/raddb/modules/sqlcounter_expire_on_login
including configuration file /etc/raddb/modules/unix
including configuration file /etc/raddb/modules/realm
including configuration file /etc/raddb/modules/digest
including configuration file /etc/raddb/modules/ippool
including configuration file /etc/raddb/modules/expr
including configuration file /etc/raddb/modules/mschap
including configuration file /etc/raddb/modules/passwd
including configuration file /etc/raddb/modules/radutmp
including configuration file /etc/raddb/modules/ntlm_auth
including configuration file /etc/raddb/modules/expiration
including configuration file /etc/raddb/modules/sradutmp
including configuration file /etc/raddb/modules/logintime
including configuration file /etc/raddb/modules/etc_group
including configuration file /etc/raddb/modules/chap
including configuration file /etc/raddb/modules/smsotp
including configuration file /etc/raddb/modules/echo
including configuration file /etc/raddb/modules/opendirectory
including configuration file /etc/raddb/modules/detail
including configuration file /etc/raddb/modules/mac2ip
including configuration file /etc/raddb/modules/acct_unique
including configuration file /etc/raddb/modules/smbpasswd
including configuration file /etc/raddb/modules/pam
including configuration file /etc/raddb/modules/attr_filter
including configuration file /etc/raddb/modules/otp
including configuration file /etc/raddb/modules/detail.example.com
including configuration file /etc/raddb/eap.conf
including configuration file /etc/raddb/policy.conf
including files in directory /etc/raddb/sites-enabled/
including configuration file /etc/raddb/sites-enabled/default
including configuration file /etc/raddb/sites-enabled/control-socket
including configuration file /etc/raddb/sites-enabled/inner-tunnel
main {
user = "radiusd"
group = "radiusd"
allow_core_dumps = no
}
including dictionary file /etc/raddb/dictionary
main {
prefix = "/usr"
localstatedir = "/var"
logdir = "/var/log/radius"
libdir = "/usr/lib64/freeradius"
radacctdir = "/var/log/radius/radacct"
hostname_lookups = no
max_request_time = 30
cleanup_delay = 5
max_requests = 1024
pidfile = "/var/run/radiusd/radiusd.pid"
checkrad = "/usr/sbin/checkrad"
debug_level = 0
proxy_requests = yes
log {
stripped_names = no
auth = yes
auth_badpass = yes
auth_goodpass = yes
}
security {
max_attributes = 200
reject_delay = 1
status_server = yes
}
}
radiusd: Loading Realms and Home Servers
proxy server {
retry_delay = 5
retry_count = 3
default_fallback = yes
dead_time = 120
wake_all_if_all_dead = no
}
realm NULL {
nostrip
authhost = LOCAL
accthost = LOCAL
}
realm DEFAULT {
nostrip
authhost = X.X.X.X:1812
accthost = X.X.X.X:1813
secret = verysecret
}
realm irta.cat {
nostrip
authhost = 192.168.1.34
accthost = 192.168.1.34
secret = **
}
realm i
