Re: User_Role configuration in freeRadius Users file
Thanks Ivan. Sorry it was late response. I was out for sometime. Just want to make sure that the comments in raddb/dictionary says 'If you want to add entries to the dictionary file, which are NOT going to be placed in a RADIUS packet, add them here'. So am I right adding it here? Anyway I tried adding the new attribute in raddb/dictionary. There is no error in client now but the client is not receiving/parsing the new attribute and value. Sorry, how do I add custom attribute in client directory. I could not find any provision to add custom attributes in jradius client side. Please help me. Also, I could see there are some vendor specific dictionary files like dictionary.juniper. I have defined my own called 'dictionary.test with this custom attribute and included the dictionary in /usr/local/share/freeradius/dictionary but results in same exception. Please advise. Thanks in advance. Regards, Dhandapani Ivan Kalik wrote: > >> I hope it is /usr/local/share/freeradius/dictionary included in >> raddb/dictionary. > > No, it *is* raddb/dictionary. > >> >> I added an entry like this & restarted server: >> ATTRIBUTE User-Role 208 string > > Attribute needs to have number above 3000. > >> But with JRadius client, I am getting 'Invalid RADIUS Authenticator' >> after >> this new attribute. I am calling the server using the below code. I tried >> using PAPAuthenticator also but same error. >> RadiusPacket reply = radiusClient.authenticate(request, new >> MSCHAPv2Authenticator(), 0); > > You have to configure an attribute with the same number in client > dictionary. > > Ivan Kalik > Kalik Informatika ISP > > - > List info/subscribe/unsubscribe? See > http://www.freeradius.org/list/users.html > > -- View this message in context: http://www.nabble.com/User_Role-configuration-in-freeRadius-Users-file-tp24268833p24324892.html Sent from the FreeRadius - User mailing list archive at Nabble.com. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: User_Role configuration in freeRadius Users file
Thanks Ivan. I hope it is /usr/local/share/freeradius/dictionary included in raddb/dictionary. I added an entry like this & restarted server: ATTRIBUTE User-Role 208 string But with JRadius client, I am getting 'Invalid RADIUS Authenticator' after this new attribute. I am calling the server using the below code. I tried using PAPAuthenticator also but same error. RadiusPacket reply = radiusClient.authenticate(request, new MSCHAPv2Authenticator(), 0); Can you help me why I am getting this error? Regards, Dhandapani Ivan Kalik wrote: > > OK then. Your users file example looks fine. All you have to do is define > this custom attribute in raddb/dictionary. > > Ivan Kalik > Kalik Informatika ISP > >> Yes Ivan. I am sure that I will utilize the server configuration in >> client >> application. >> >> I am able to read the response and parse the attributes from client. For >> example, I am able to read the value of the attribute 'Reply-Message' >> using >> its name or the code 18. Same way I want to read the userType and >> authorize >> the features of my client. Please advise. >> >> Thanks in advance. >> >> Regards, >> Dhandapani >> >> >> Ivan Kalik wrote: >>> I am using freeRadius for user authentication. I also want to assign roles (like type of user) for each user configured in /usr/local/etc/raddb/users file as like below. Then I will authorize the user in my radius client application based on radius returned role. dhandapani Cleartext-Password := "dhanda" Service-Type = Framed-User, Framed-Protocol = PPP, Reply-Message = "Hello Dhandapani", User-Role = Admin Is it possible. I have seen an attribute called 'Aruba-User-Role' but looks like vendor specific. Is there any way to configure the role? >>> >>> Does your client know what to do with that attribute? There is no point >>> configuring it in freeradius if your client can't use it. >>> >>> Ivan Kalik >>> Kalik Informatika ISP >>> >>> - >>> List info/subscribe/unsubscribe? See >>> http://www.freeradius.org/list/users.html >>> >>> >> >> -- >> View this message in context: >> http://www.nabble.com/User_Role-configuration-in-freeRadius-Users-file-tp24268833p24269270.html >> Sent from the FreeRadius - User mailing list archive at Nabble.com. >> >> - >> List info/subscribe/unsubscribe? See >> http://www.freeradius.org/list/users.html >> > > > - > List info/subscribe/unsubscribe? See > http://www.freeradius.org/list/users.html > > -- View this message in context: http://www.nabble.com/User_Role-configuration-in-freeRadius-Users-file-tp24268833p24270722.html Sent from the FreeRadius - User mailing list archive at Nabble.com. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: User_Role configuration in freeRadius Users file
Yes Ivan. I am sure that I will utilize the server configuration in client application. I am able to read the response and parse the attributes from client. For example, I am able to read the value of the attribute 'Reply-Message' using its name or the code 18. Same way I want to read the userType and authorize the features of my client. Please advise. Thanks in advance. Regards, Dhandapani Ivan Kalik wrote: > >> I am using freeRadius for user authentication. I also want to assign >> roles >> (like type of user) for each user configured in >> /usr/local/etc/raddb/users >> file as like below. Then I will authorize the user in my radius client >> application based on radius returned role. >> >> dhandapani Cleartext-Password := "dhanda" >>Service-Type = Framed-User, >>Framed-Protocol = PPP, >>Reply-Message = "Hello Dhandapani", >>User-Role = Admin >> >> Is it possible. I have seen an attribute called 'Aruba-User-Role' but >> looks >> like vendor specific. Is there any way to configure the role? > > Does your client know what to do with that attribute? There is no point > configuring it in freeradius if your client can't use it. > > Ivan Kalik > Kalik Informatika ISP > > - > List info/subscribe/unsubscribe? See > http://www.freeradius.org/list/users.html > > -- View this message in context: http://www.nabble.com/User_Role-configuration-in-freeRadius-Users-file-tp24268833p24269270.html Sent from the FreeRadius - User mailing list archive at Nabble.com. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
User_Role configuration in freeRadius Users file
Hi, I am using freeRadius for user authentication. I also want to assign roles (like type of user) for each user configured in /usr/local/etc/raddb/users file as like below. Then I will authorize the user in my radius client application based on radius returned role. dhandapani Cleartext-Password := "dhanda" Service-Type = Framed-User, Framed-Protocol = PPP, Reply-Message = "Hello Dhandapani", User-Role = Admin Is it possible. I have seen an attribute called 'Aruba-User-Role' but looks like vendor specific. Is there any way to configure the role? Or do I need to configure it somewhere else? Please suggest. Regards, Dhandapani -- View this message in context: http://www.nabble.com/User_Role-configuration-in-freeRadius-Users-file-tp24268833p24268833.html Sent from the FreeRadius - User mailing list archive at Nabble.com. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Issue when freeRadius is accessed using JRadius Client.
Thanks Ivan for the suggestion. Finally I found the reason behind the issue was wrong AttributeDictionaryImpl as below. It failed to decode attribute as it does not fond in teh given impl. > AttributeFactory.loadAttributeDictionary("net.jradius.dictionary.AttributeDictionaryImpl"); instead of the right one > AttributeFactory.loadAttributeDictionary("net.sf.jradius.dictionary.AttributeDictionaryImpl"); It works fine now. Regards, Dhandapani Ivan Kalik wrote: > >> I am using JRadius Client with freeRadius server for user authentication. >> The following code is used to access freeRadius server: >> -- >> AttributeFactory.loadAttributeDictionary("net.jradius.dictionary.AttributeDictionaryImpl"); >> InetAddress addr = InetAddress.getByName(radiusServerAddress); >> RadiusClient radiusClient = new RadiusClient(addr, secretKey); >> AttributeList attributeList = new AttributeList(); >> attributeList.add(new Attr_UserName(userName)); >> attributeList.add(new Attr_NASPortType(Attr_NASPortType.Ethernet)); >> attributeList.add(new Attr_NASPort(new Long(1))); >> AccessRequest request = new AccessRequest(radiusClient, attributeList); >> request.addAttribute(new Attr_UserPassword(password)); >> RadiusPacket reply = radiusClient.authenticate(request, new >> PAPAuthenticator(), 0); >> System.out.println("Received: " + reply.toString()); >> >> >> The server authenticates the user successfully but the response message >> is >> printed as follows. So I couldn't read the response values. >> Unknown-Attribute(6) = [Binary Data (length=4)] >> Unknown-Attribute(7) = [Binary Data (length=4)] >> >> The /usr/local/etc/raddb/users configuration is as follows : >> dave Cleartext-Password := "public" >>Service-Type = Framed-User, >>Framed-Protocol = PPP, >> >> Please help me to resolve this issue. Am I missing anything? > > You have to decode the reply. Just like you encoded the request. > > Ivan Kalik > Kalik Informatika ISP > > - > List info/subscribe/unsubscribe? See > http://www.freeradius.org/list/users.html > > -- View this message in context: http://www.nabble.com/Issue-when-freeRadius-is-accessed-using-JRadius-Client.-tp24202940p24255031.html Sent from the FreeRadius - User mailing list archive at Nabble.com. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Issue when freeRadius is accessed using JRadius Client.
Hi, I am using JRadius Client with freeRadius server for user authentication. The following code is used to access freeRadius server: -- AttributeFactory.loadAttributeDictionary("net.jradius.dictionary.AttributeDictionaryImpl"); InetAddress addr = InetAddress.getByName(radiusServerAddress); RadiusClient radiusClient = new RadiusClient(addr, secretKey); AttributeList attributeList = new AttributeList(); attributeList.add(new Attr_UserName(userName)); attributeList.add(new Attr_NASPortType(Attr_NASPortType.Ethernet)); attributeList.add(new Attr_NASPort(new Long(1))); AccessRequest request = new AccessRequest(radiusClient, attributeList); request.addAttribute(new Attr_UserPassword(password)); RadiusPacket reply = radiusClient.authenticate(request, new PAPAuthenticator(), 0); System.out.println("Received: " + reply.toString()); The server authenticates the user successfully but the response message is printed as follows. So I couldn't read the response values. Unknown-Attribute(6) = [Binary Data (length=4)] Unknown-Attribute(7) = [Binary Data (length=4)] The /usr/local/etc/raddb/users configuration is as follows : dave Cleartext-Password := "public" Service-Type = Framed-User, Framed-Protocol = PPP, Please help me to resolve this issue. Am I missing anything? Thanks in advance. Regards, Dhandapani -- View this message in context: http://www.nabble.com/Issue-when-freeRadius-is-accessed-using-JRadius-Client.-tp24202940p24202940.html Sent from the FreeRadius - User mailing list archive at Nabble.com. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Any free Java APIs to access freeRadius server?
Thanks Ivan. Sorry for extending again. I am not clear with first part. 1) With EAPMSCHAPv2Authenticator as authenticator, as you said the server logs are fine with Challenge. But radius client receives only the final access-accept response. But I want each request in access-challenge should be sent to client and the client will handle it. For instance, I want to authenticate user with multiple passwords. How can I achieve this? 2) Is this(using EAPMSCHAPv2Authenticator) the only way to trigger Access-Challenge? Or any other way? Please suggest me. Regards, Dhandapani Ivan Kalik wrote: > >> Access Challenge: >> I am able to generate Access Request/Reject/Accept with the APIs. Still I >> am >> not sure on how to make radius server to trigger Access Challenge >> requests >> and get the Access Challenge reply in radius client code. So that I can >> prompt for next response. Please guide me. >> >> Please note blindly I tried to set pass EAPMSCHAPv2Authenticator instance >> as >> like below and could see some Access Challenge triggers in server logs >> (Attached). However I could not >> http://www.nabble.com/file/p24147803/radius_server_logs.txt >> radius_server_logs.txt see the next request in client & received only >> final >> Access Accept. I except the client to prompt for each request. >> //RadiusPacket reply = radiusClient.authenticate(request, new >> EAPMSCHAPv2Authenticator(), 1); > > There is no problem with Access-Challenge in that log. Authentication > completed fine. Accounting packets were rubbish. > > Ivan Kalik > Kalik Informatika ISP > > - > List info/subscribe/unsubscribe? See > http://www.freeradius.org/list/users.html > > -- View this message in context: http://www.nabble.com/Any-free-Java-APIs-to-access-freeRadius-server--tp24144424p24151027.html Sent from the FreeRadius - User mailing list archive at Nabble.com. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Any free Java APIs to access freeRadius server?
Hi Ivan, Thanks I am able setup standalone JRadius to access radius server and able to send/receive access requests. I need one more clarification here :) Access Challenge: I am able to generate Access Request/Reject/Accept with the APIs. Still I am not sure on how to make radius server to trigger Access Challenge requests and get the Access Challenge reply in radius client code. So that I can prompt for next response. Please guide me. Please note blindly I tried to set pass EAPMSCHAPv2Authenticator instance as like below and could see some Access Challenge triggers in server logs (Attached). However I could not http://www.nabble.com/file/p24147803/radius_server_logs.txt radius_server_logs.txt see the next request in client & received only final Access Accept. I except the client to prompt for each request. //RadiusPacket reply = radiusClient.authenticate(request, new EAPMSCHAPv2Authenticator(), 1); Regards, Dhandapani Ivan Kalik wrote: > >> I am using freeRadius server for authentication. I am able to >> authenticate >> for ssh login. >> >> I want to authenticate my java application using radius server. Is there >> any >> java libraries/APIs available to access and authenticate directly. Please >> advise me. > > jRadius. > > Ivan Kalik > Kalik Informatika ISP > > - > List info/subscribe/unsubscribe? See > http://www.freeradius.org/list/users.html > > -- View this message in context: http://www.nabble.com/Any-free-Java-APIs-to-access-freeRadius-server--tp24144424p24147803.html Sent from the FreeRadius - User mailing list archive at Nabble.com. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Any free Java APIs to access freeRadius server?
Hi, I am using freeRadius server for authentication. I am able to authenticate for ssh login. I want to authenticate my java application using radius server. Is there any java libraries/APIs available to access and authenticate directly. Please advise me. Thanks in advance. Regards, Dhandapani -- View this message in context: http://www.nabble.com/Any-free-Java-APIs-to-access-freeRadius-server--tp24144424p24144424.html Sent from the FreeRadius - User mailing list archive at Nabble.com. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: SSH authendication with radius server fails if the user does not exist in radius client
Yes. Got it. Thanks Ivan. Regards, Dhandapani Ivan Kalik wrote: > >> Do you mean the radius server can be only used for password >> authentication >> in case of ssh/telnet? > > Yes. > >> Can't we login using the centralized >> username/password? > > No, that can't work. Let's say that you were authenticated and reached the > shell as a nonexistant local user. How is he suposed to access anything or > execute any commands? No permissions would apply to him. > > Ivan Kalik > Kalik Informatika ISP > > - > List info/subscribe/unsubscribe? See > http://www.freeradius.org/list/users.html > > -- View this message in context: http://www.nabble.com/SSH-authendication-with-radius-server-fails-if-the-user-does-not-exist-in-radius-client-tp24074268p24077890.html Sent from the FreeRadius - User mailing list archive at Nabble.com. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: SSH authendication with radius server fails if the user does not exist in radius client
Thanks a lot Ivan for the clarification. I am feeling like working with you. Do you mean the radius server can be only used for password authentication in case of ssh/telnet? Can't we login using the centralized username/password? Regards, Dhandapani Ivan Kalik wrote: > >> So it looks like the radius client is not sending the password to radius >> server if the user does not exist in local machine. > > Yes, that's how PAM works. It can't authenticate users that don't exist > locally (think about it - if user/group is not defined locally what will > user be able to access on the machine). Nothing to do with radius. > > Ivan Kalik > Kalik Informatika ISP > > - > List info/subscribe/unsubscribe? See > http://www.freeradius.org/list/users.html > > -- View this message in context: http://www.nabble.com/SSH-authendication-with-radius-server-fails-if-the-user-does-not-exist-in-radius-client-tp24074268p24075986.html Sent from the FreeRadius - User mailing list archive at Nabble.com. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
SSH authendication with radius server fails if the user does not exist in radius client
Hi, I am trying to authenticate ssh login using radius server running in another linux machine. I added a new user in /usr/local/etc/raddb/users of radius server. Now when I do ssh to the radius client, the radius server denies request and says 'Password doesn't match. But I gave right password. If I add the new user in radius client machine, then if I do ssh, the server accepts and authenticates the request. So it looks like the radius client is not sending the password to radius server if the user does not exist in local machine. Do I need to configure anywhere in client or server to skip the local machine user check. Please help me to solve this issue. Thanks in advance. Regards, Dhandapani -- View this message in context: http://www.nabble.com/SSH-authendication-with-radius-server-fails-if-the-user-does-not-exist-in-radius-client-tp24074268p24074268.html Sent from the FreeRadius - User mailing list archive at Nabble.com. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Password conflict between Radius Server and Machine account
I am really sorry Ivan. I am very new to radius and have not gone in depth. Thanks a lot. I can see the expected behavior after commenting unix in authorize :) Regards, Dhandapani Ivan Kalik wrote: > >> And I couldn't find the 'authorize' config file anywhere in my server. > > Oh, dear. How are you going to use the server when you don't know even the > most basic things about it? "Authorize" is a section in the default > virtual server (raddb/sites-enabled/default). > > Ivan Kalik > Kalik Informatika ISP > > - > List info/subscribe/unsubscribe? See > http://www.freeradius.org/list/users.html > > -- View this message in context: http://www.nabble.com/Password-conflict-between-Radius-Server-and-Machine-account-tp24055968p24067553.html Sent from the FreeRadius - User mailing list archive at Nabble.com. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Password conflict between Radius Server and Machine account
Thanks Ivan. My requirement falls in the situation where the radius server will configure a user which may be already configured machine. And I couldn't find the 'authorize' config file anywhere in my server. May I know the exact file/path, the unix should be commented. I am using RedHat Linux. Regards, Dhandapani Ivan Kalik wrote: > >> When I was trying to authenticate ssh login through radius server, I >> noticed >> an conflict issue with password. >> >> I have a linux machine-1 in which radius server is installed. I have >> configured an user with name/password as root/public in >> /usr/local/etc/raddb/users. But the linux machine already have a 'root' >> user >> account with password 'public123'. > > Comment out unix in authorize. Don't store passwords for same username in > several places. Pick one. > > Ivan Kalik > Kalik Informatika ISP > > - > List info/subscribe/unsubscribe? See > http://www.freeradius.org/list/users.html > > -- View this message in context: http://www.nabble.com/Password-conflict-between-Radius-Server-and-Machine-account-tp24055968p24058723.html Sent from the FreeRadius - User mailing list archive at Nabble.com. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Password conflict between Radius Server and Machine account
Hi, When I was trying to authenticate ssh login through radius server, I noticed an conflict issue with password. I have a linux machine-1 in which radius server is installed. I have configured an user with name/password as root/public in /usr/local/etc/raddb/users. But the linux machine already have a 'root' user account with password 'public123'. Now I tried to ssh machine-2 with username 'root' and password 'public'. SSH of this machine-2 is configured with above radius server for authentication. But the radius server rejects the access-request and log as below. - ++[unix] returns updated [files] users: Matched entry root at line 107 ++[files] returns ok ++[expiration] returns noop ++[logintime] returns noop ++[pap] returns updated Found Auth-Type = PAP +- entering group PAP {...} [pap] login attempt with password "public" [pap] Using CRYPT encryption. [pap] Passwords don't match ++[pap] returns reject --- Note the highlighted lines. First line says '[unix] returns updated. Later says 'password doesn't match'. But if I try with Machine-1 password 'public123', it accepts the request. So looks like that the radius server authenticates with machine password & not using the configured one. Please clarify me if you have faced this issue. Regards, Dhandapani -- View this message in context: http://www.nabble.com/Password-conflict-between-Radius-Server-and-Machine-account-tp24055968p24055968.html Sent from the FreeRadius - User mailing list archive at Nabble.com. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Access Challenge in freeRadius server
Thank you very much Ivan for your detailed response. I will check it and respond you. Regards, Dhandapani Ivan Kalik wrote: > >> Not sure how ssh/telnet will handle. > > That depends on your pam radius module. I believe freeradius hosted module > can handle it. Don't know for others. > >> But I assume, other than password it >> may request for additional RSA key generated to access a particular >> machine >> or something similar to that. > > Why? Server already knows it's RSA key. This has nothing to do with user > authentication. > >> Also, does NAS need any installation to support Access-Challenge like >> CHAP? > > It needs pam module that supports it. BTW chap doesn't have > Access-Challenge in the authentication process. Nor mschap. > > Ivan Kalik > Kalik Informatika ISP > > - > List info/subscribe/unsubscribe? See > http://www.freeradius.org/list/users.html > > -- View this message in context: http://www.nabble.com/Access-Challenge-in-freeRadius-server-tp24025860p24048486.html Sent from the FreeRadius - User mailing list archive at Nabble.com. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Access Challenge in freeRadius server
Thanks Ivan. Not sure how ssh/telnet will handle. But I assume, other than password it may request for additional RSA key generated to access a particular machine or something similar to that. Also, does NAS need any installation to support Access-Challenge like CHAP? Regards, Dhandapani Ivan Kalik wrote: > >> And also may I know why it is not advised to support Access Challenge for >> ssh or telnet. > > Nothing to do with what's advisable but with what's available. Will pam > module on ssh/telnet server be able to handle a challenge and know what to > do with it? > > Ivan Kalik > Kalik Informatika ISP > > - > List info/subscribe/unsubscribe? See > http://www.freeradius.org/list/users.html > > -- View this message in context: http://www.nabble.com/Access-Challenge-in-freeRadius-server-tp24025860p24040267.html Sent from the FreeRadius - User mailing list archive at Nabble.com. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Cleartext password between NAS and Radius Server
Hi, I am using PAP for radius authentication. I have a general question here. When we use PAP for user authentication, the password will be passed from user to NAS(radius client) as cleartext password. But how it is transmitted from NAS to Radius server. 1) As clear text password? or 2) The password is encrypted using the secret keyword(used in both radius client & server) and decrypted using secret key in server. Please correct me. I am seeing different answers in web pages. Regards, Dhandapani -- View this message in context: http://www.nabble.com/Cleartext-password-between-NAS-and-Radius-Server-tp24035942p24035942.html Sent from the FreeRadius - User mailing list archive at Nabble.com. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Access Challenge in freeRadius server
Thanks Ivan. Not sure how ssh/telnet will handle. But I assume, other than password it may request for additional RSA key generated to access a particular machine or something similar to that. Regards, Dhandapani Ivan Kalik wrote: > >> And also may I know why it is not advised to support Access Challenge for >> ssh or telnet. > > Nothing to do with what's advisable but with what's available. Will pam > module on ssh/telnet server be able to handle a challenge and know what to > do with it? > > Ivan Kalik > Kalik Informatika ISP > > - > List info/subscribe/unsubscribe? See > http://www.freeradius.org/list/users.html > > -- View this message in context: http://www.nabble.com/Access-Challenge-in-freeRadius-server-tp24025860p24035107.html Sent from the FreeRadius - User mailing list archive at Nabble.com. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Access Challenge in freeRadius server
Thanks Ivan for the clarification. I am just setting up the tool eapol_test to test it. Thanks. But I am also investigating whether it is possible to achieve Access Challenge with ssh/telnet without using any other tools. Could you please help if you have done it before? And also may I know why it is not advised to support Access Challenge for ssh or telnet. Regards, Dhandapani Ivan Kalik wrote: > >> I am trying to authorize the ssh and telnet login users of my Redhat >> Linux >> machine using freeRadius server. >> >> I am able to test Access-Accept and Access-Reject with right and wrong >> credentials respectively by configuring the file '/etc/pam.d/sshd' with >> entry pam_radius_auth.so. >> >> But I do not know how to achieve and test the Access-Challenge concept. > > Do you need to? ssh and telnet supplicants tend not to use protocols with > challenge-response exchange. > >> I >> mean what type of input will result in Access Challenge (I know it >> happens >> when we provide partial login information but not sure how to achieve >> with >> login in real time)? > > Send an eap request (eapol_test). > > Ivan Kalik > Kalik Informatika ISP > > - > List info/subscribe/unsubscribe? See > http://www.freeradius.org/list/users.html > > -- View this message in context: http://www.nabble.com/Access-Challenge-in-freeRadius-server-tp24025860p24033950.html Sent from the FreeRadius - User mailing list archive at Nabble.com. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Access Challenge in freeRadius server
Hi, I am new to freeRadius server. I am trying to authorize the ssh and telnet login users of my Redhat Linux machine using freeRadius server. I am able to test Access-Accept and Access-Reject with right and wrong credentials respectively by configuring the file '/etc/pam.d/sshd' with entry pam_radius_auth.so. But I do not know how to achieve and test the Access-Challenge concept. I mean what type of input will result in Access Challenge (I know it happens when we provide partial login information but not sure how to achieve with login in real time)? Please help me with some solutions in achieving Access Challenge. Thanks in advance. Regards, Dhandapani -- View this message in context: http://www.nabble.com/Access-Challenge-in-freeRadius-server-tp24025860p24025860.html Sent from the FreeRadius - User mailing list archive at Nabble.com. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html