freeradius certificate noob doubt
Hi There, Ok i am following the next tutorial in order to use certificates+freeRadius: http://deployingradius.com/documents/configuration/eap.html After executing: $ cd /etc/raddb/certs $ make Do i have to copy/paste any of the files created to the supplicant to make it work? Cheers - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: freeradius certificate noob doubt
Hi, What does the guide say? The guide does not say anything about copying any file to the client. So i assumed that it is not need it, but still after configuring the supplicant as the tutorial explains(for permitting the use of an unknown certificate) i always get certificate not found and no request reached the freeradius server from the supplicant. Just to clarify, my freeradius server is working well with everything else(freeradius+mysql+PAP+EAP and windows supplicant can connect too), just having troubles with certificates part. Any idea? Cheers - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: certs files missing?
Use the package and you'll probably get the certificates automatically So i can avoid to execute make in /usr/share/doc/freeradius/examples etc etc for generating test certificates? then i can use the defaults ones that are stored into /etc/freeradius/certs that came with the normal package installation? - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: windows client authentication error
Hi there, Thanks for your help. Does PAP work? OK as i understand (correct me if i am wrong) no matter if I use MySql or users.cof file for validating the users, if i execute: *$radtest sqltest testpwd localhost 1812 testing123* and the message i get is ( from both, the server terminal window, and the radtest terminal window): *Access-Accept* Means that PAP worked fine. If this is right, then i must say: yes PAP works. Did you configure the sql module? i am not sure what you exactly mean with sql module, but I can tell what i did configure for sql+freradius: 1- In /etc/freeradius/radiusd.conf i uncommented the line $INCLUDE sql.conf 2- Create a DB called radius and create a user called radius with full access to the just created DB 3- Load mysql schema and insert into radcheck table a user(the schema i used was /etc/freeradius/sql/mysql/schema.sql) *NOTE: i just insert a user into radcheck table, i did not populate any other table 4- Configure /etc/freeradius/sql.conf with my just created DB parameters(server, login, password) and uncommented the line readclients = yes 5- Then uncommented the sql line for the following sections in the /etc/freeradius/sites/enabled/default file: a) authorize b) accounting c) session d) post-auth 6- Ran a radtest, and everyhtin worked fine Did i aswered your question? Is the PEAP request for user sqltest? Yes, on the windows supplicant machine, i gave my credentials as follows: Login: sqltest password: testpwd domain: I leaved domain always blank because i have not configurated any domain yet. If you take a step by step approach, it should be trivial to configure. Well, i did not test the server with users.conf file. Once freeradius was installed and working, i just jump to install and configure mysql and make the first radtest using both. The radtest worked just fine. If you think that using the users.conf first could give me any clue about the erros i am having, i will not hesisate to test it. Any idea? Cheers - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re:
hi, dora as david said NTRadping (windows or wine :-D ) in other words..if you are using ubuntu you eed to use wine in order to get NTRadping up Cheers 2010/5/19 dorra aa dj_dido2...@hotmail.com yes i want to try my radius server whith an extern client. i'm wrking whith ubuntu. does NTRadping works in ubuntu? -- Date: Wed, 19 May 2010 12:56:54 +0200 Subject: Re: From: davidse...@gmail.com To: freeradius-users@lists.freeradius.org Do you want it only to try your radius server? You can use NTRadping (windows or wine :-D ) or JRadius to try your freeradius server. Regards, David 2010/5/19 dorra aa dj_dido2...@hotmail.com after the addition of customers in the database sql, I assay to test a client in other computer by using radtest. but i had those lignes: # radtest Le programme 'radtest' peut ĂȘtre trouvĂ© dans les paquets suivants :(that's means The program 'radtest' can be found in the following packages) * radiusd-livingston * yardradius * xtradius * freeradius all that a want that the client try to acced to the server.and all the document said that i may use radtest but it's just working only in server thank you -- Hotmail: Trusted email with powerful SPAM protection. Sign up now.https://signup.live.com/signup.aspx?id=60969 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- Hotmail: Trusted email with powerful SPAM protection. Sign up now.https://signup.live.com/signup.aspx?id=60969 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: windows client authentication error
Hi there, Thank you very much. It worked like a charm. Cheers, Shirkavand - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: certs files missing?
btw i am using Ubuntu 10.04 + FreeRadius 2.1.8 ( installed usig apt-get ) - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
certs files missing?
Hi there, I am trying to use certificates with freeradius. I am following steps given here http://deployingradius.com/ The step #2 (Get EAPhttp://deployingradius.com/documents/configuration/eap.html working using snake oil certificates) says that i have to execute the following commands: $ cd /etc/raddb/certs $ make but in my freeradius installation the certs folder does not have any make file, so if i try to run above commands i get errors. In fact my installation does not have several files that the tutorial suppose that should exist, they are: a) make fille b) ca.cnf c) sefver.cnf d) xpextensions Any idea why these files are missing? Cheers, Shirkavand - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
windows client authentication error
Hi there, i have installed freeradius 2.1.8 on ubuntu 10.04. radtest using mysql backend works fine. But when a windows supplicant tryes to connect the server always gets rejected. Freeradius debug console shows: ... ... [eap] Request found, released from the list [eap] EAP/mschapv2 [eap] processing type mschapv2 [mschapv2] +- entering group MS-CHAP {...} [mschap] No Cleartext-Password configured. Cannot create LM-Password. [mschap] No Cleartext-Password configured. Cannot create NT-Password. [mschap] Told to do MS-CHAPv2 for sqltest with NT-Password [mschap] FAILED: No NT/LM-Password. Cannot perform authentication. [mschap] FAILED: MS-CHAP2-Response is incorrect ++[mschap] returns reject [eap] Freeing handler ... ... Any idea why am missing? Cheers - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: windows client authentication error
I have into radcheck table the next user created: 1 | sqltest | Cleartext-Password | := | testpwd Dont know what i get the No Cleartext-Password configured error too. Cheers - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Free Radius testing....
HI there, Are your sure that your freeradius server is up? Try to start freeradius in debug mode and make the radtest again: sudo freeradius -X radtest bob bob localhost 1812 testing If you get an error trying to start the server with sudo freeradius -X try to stop it and start+test again: killall freeradius sudo freeradius -X radtest bob bob localhost 1812 testing As James said you need to run in debug mode while tetsing...so you can check whats going on. Cheers, Shirkavand - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: autthentication error
Hi there, Thanks for the fast reply. I did not build myself freeradius, i have installed Freeradius on ubuntu 9.10 using sudo apt-get install freeradius* But maybe this does not installed openSSL support so I am going to check if i have dev packages and ssl support properly installed, and come back to you if necessary. Regards - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: autthentication error
HI there, Ok i have tryed to add ssl support to freeradius in my ubuntu 9.10. As i mentioned before i have installed freeradius using apt-get. The thing is that every tutorial i followed did not woked, and after hours of trying...i read that freeradius over ubuntu does not have ssl support for some license issues. Is this right? Then i just remove all my freeradius installation, and tryed to install from source(because fin so menay tutorials explaning this kind of installation), i downloaded the last version from freeradius.org, and followed the installation tutorial that exists there(creating a .deb package etc etc), but all i get is tons of dependencies errors. Is there any way of installing freeradius over ubuntu 9.10 with ssl support using apt? Any advice will be apreciatted. Cheers - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: autthentication error
hi, i have followed this tutorial(because this is what i need exacty to do) but it does not worked either. http://www.wains.be/index.php/2009/09/13/wpa2-freeradius-eap-tls/ Cheers - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
autthentication error
Hi, I have configurated a freeradius server using MySql authentication. When i run radtest i get a succefull response: rad_recv: Access-Request packet from host 127.0.0.1 port 45562, id=209, length=59 User-Name = sqltest User-Password = testpwd NAS-IP-Address = 127.0.1.1 NAS-Port = 1812 +- entering group authorize {...} ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop [suffix] No '@' in User-Name = sqltest, looking up realm NULL [suffix] No such realm NULL ++[suffix] returns noop [eap] No EAP-Message, not doing EAP ++[eap] returns noop ++[unix] returns notfound ++[files] returns noop expand: %{User-Name} - sqltest [sql] sql_set_user escaped user -- 'sqltest' rlm_sql (sql): Reserving sql socket id: 3 expand: SELECT id, username, attribute, value, op FROM radcheck WHERE username = '%{SQL-User-Name}' ORDER BY id - SELECT id, username, attribute, value, op FROM radcheck WHERE username = 'sqltest' ORDER BY id [sql] User found in radcheck table expand: SELECT id, username, attribute, value, op FROM radreply WHERE username = '%{SQL-User-Name}' ORDER BY id - SELECT id, username, attribute, value, op FROM radreply WHERE username = 'sqltest' ORDER BY id expand: SELECT groupname FROM radusergroup WHERE username = '%{SQL-User-Name}' ORDER BY priority - SELECT groupname FROM radusergroup WHERE username = 'sqltest' ORDER BY priority rlm_sql (sql): Released sql socket id: 3 ++[sql] returns ok ++[expiration] returns noop ++[logintime] returns noop ++[pap] returns updated Found Auth-Type = PAP +- entering group PAP {...} [pap] login attempt with password testpwd [pap] Using clear text password testpwd [pap] User authenticated successfully ++[pap] returns ok +- entering group post-auth {...} ++[exec] returns noop Sending Access-Accept of id 209 to 127.0.0.1 port 45562 Finished request 20. Going to the next request Now i have configurated a windows supplicant, when i enter the credentials for login from the suplicant pc, the radius server always sends a rejected response in the servers terminal(i have freeradius over debug mode to se all the messages), this is what i get: Waking up in 4.9 seconds. rad_recv: Access-Request packet from host 192.168.1.4 port 3666, id=0, length=139 Cleaning up request 18 ID 0 with timestamp +502 User-Name = sqltest NAS-IP-Address = 192.168.1.4 Called-Station-Id = 00226b81bae1 Calling-Station-Id = 002369764cef NAS-Identifier = 00226b81bae1 NAS-Port = 21 Framed-MTU = 1400 State = 0x5589d8c55588dc92d29bccd07151cb7c NAS-Port-Type = Wireless-802.11 EAP-Message = 0x020100060319 Message-Authenticator = 0xb35d1b6482700c1122714ca033d1e480 +- entering group authorize {...} ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop [suffix] No '@' in User-Name = sqltest, looking up realm NULL [suffix] No such realm NULL ++[suffix] returns noop [eap] EAP packet type response id 1 length 6 [eap] No EAP Start, assuming it's an on-going EAP conversation ++[eap] returns updated ++[unix] returns notfound ++[files] returns noop expand: %{User-Name} - sqltest [sql] sql_set_user escaped user -- 'sqltest' rlm_sql (sql): Reserving sql socket id: 4 expand: SELECT id, username, attribute, value, op FROM radcheck WHERE username = '%{SQL-User-Name}' ORDER BY id - SELECT id, username, attribute, value, op FROM radcheck WHERE username = 'sqltest' ORDER BY id [sql] User found in radcheck table expand: SELECT id, username, attribute, value, op FROM radreply WHERE username = '%{SQL-User-Name}' ORDER BY id - SELECT id, username, attribute, value, op FROM radreply WHERE username = 'sqltest' ORDER BY id expand: SELECT groupname FROM radusergroup WHERE username = '%{SQL-User-Name}' ORDER BY priority - SELECT groupname FROM radusergroup WHERE username = 'sqltest' ORDER BY priority rlm_sql (sql): Released sql socket id: 4 ++[sql] returns ok ++[expiration] returns noop ++[logintime] returns noop [pap] Found existing Auth-Type, not changing it. ++[pap] returns noop Found Auth-Type = EAP +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP NAK [eap] NAK asked for unsupported type 25 [eap] No common EAP types found. [eap] Failed in EAP select ++[eap] returns invalid Failed to authenticate the user. Using Post-Auth-Type Reject +- entering group REJECT {...} expand: %{User-Name} - sqltest attr_filter: Matched entry DEFAULT at line 11 ++[attr_filter.access_reject] returns updated Delaying reject of request 19 for 1 seconds Going to the next request Waking up in 0.9 seconds. Sending delayed reject for request 19 Sending Access-Reject of id 0 to 192.168.1.4 port 3666 EAP-Message = 0x04010004 Message-Authenticator
Freeradius + mysql + openssl certificates?
Hi, Can i use freeradius + mysql + ssl certficates at the same time for autenticating users...or this does not make sense? I am a bit confused if i have to use one of them(mysql or ssl certificates) for autentication purposes. I have read tutorials for using freeradius + mysql OR freeradius + ssl certificates. In freeradius + mysql tutorial explains how to make the autentication using mysql... so the passwords and users are all stored inside a mysql db. In the other hand the freeradius + ssl certificates explains how to make the autentication using a file called users that stores all the users and paswords. So i am wondering if i can not make the radius server autenticate users using the credential fino from the mysql Db and using certificates too..or if each one are different methods to use. Any ideas? Cheers - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html