RE: FreeRadius working as a ProxyRadius using PAP protocol
>My radius server (which is not freeradius) rejects my authentication ... So why are you asking the questions here? Freeradius proxy has nothing to do with this. Ivan Kalik Kalik Informatika ISP - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: FreeRadius working as a ProxyRadius using PAP protocol
NGUYEN DANG LUAN, Eric wrote: > My radius server (which is not freeradius) rejects my authentication when i'm > using a ProxyRadius (freeradius). But it's ok when I use NTRadping or a cisco > ACS. I'm currently using SecureW2 software for the end user machine. > > Does anyone know where is the problem? The end RADIUS server. Go fix it. Read it's debugging output (if it has any). Don't ask *us* how to fix it. It's not a FreeRADIUS problem. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: FreeRadius working as a ProxyRadius using PAP protocol
> -Message d'origine- > De : [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] De la part de Alan DeKok > Envoyé : mercredi 12 novembre 2008 15:48 > À : FreeRadius users mailing list > Objet : Re: FreeRadius working as a ProxyRadius using PAP protocol > > NGUYEN DANG LUAN, Eric wrote: > > In my radius log file: > > < *** Incoming RADIUS packet: *** > > < radrecv: Packet from host 10.226.66.51, port=24670 > > < send_reject() > > Your main server is rejecting the request. Fix it. > > And it isn't FreeRADIUS. > > > I think the problem is the protocol I use : PAP. > > The problem is that you haven't configured the OTHER RADIUS server > properly. > > > I'm not sure that FreeRadius use PAP protocol to communicate with Radius > > Server. > > FreeRADIUS doesn't control the authentication protocol. The end user > machine controls it. > > > And is it normal that I can't see any password when I use a sniffer? > > Yes. > > Alan DeKok. > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html My radius server (which is not freeradius) rejects my authentication when i'm using a ProxyRadius (freeradius). But it's ok when I use NTRadping or a cisco ACS. I'm currently using SecureW2 software for the end user machine. Does anyone know where is the problem? NGUYEN Eric - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: FreeRadius working as a ProxyRadius using PAP protocol
>I think the problem is the protocol I use : PAP. >I'm not sure that FreeRadius use PAP protocol to communicate with Radius >Server. >And is it normal that I can't see any password when I use a sniffer? > No, the protocol you (or should I say the user) are using is eap not pap. Freeradius recieved eap request and proxied eap. It is normal not to have a password in eap packet. Ivan Kalik Kalik Informatika ISP - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: FreeRadius working as a ProxyRadius using PAP protocol
NGUYEN DANG LUAN, Eric wrote: > In my radius log file: > < *** Incoming RADIUS packet: *** > < radrecv: Packet from host 10.226.66.51, port=24670 > < send_reject() Your main server is rejecting the request. Fix it. And it isn't FreeRADIUS. > I think the problem is the protocol I use : PAP. The problem is that you haven't configured the OTHER RADIUS server properly. > I'm not sure that FreeRadius use PAP protocol to communicate with Radius > Server. FreeRADIUS doesn't control the authentication protocol. The end user machine controls it. > And is it normal that I can't see any password when I use a sniffer? Yes. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: FreeRadius working as a ProxyRadius using PAP protocol
> -Message d'origine-
> De : [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] De la part de [EMAIL
> PROTECTED]
> Envoyé : mercredi 12 novembre 2008 12:15
> À : FreeRadius users mailing list
> Objet : Re: FreeRadius working as a ProxyRadius using PAP protocol
>
> >I'm trying to use FreeRadius (server-2.1.1) as a Proxy Radius with PAP
> >protocol.
> >
>
> If you ment to proxy only pap requests, your configuration is not going
> to work.
>
> >proxy.conf:
> >
> >
> >
> >realm NULL {
> >
> >authhost= ***.***.***.***:1645
> >
> >accthost= ***.***.***.***:1646
> >
> >secret = pass
> >
> >}
> >
> >users:
> >
> >DEFAULT FreeRADIUS-Proxied-To == ***.***.***.***, Auth-Type := PAP
> >
>
> It was an eap request so that didn't match.
>
> >< Proxying request 0 to home server ***.***.***.*** port 1645
> >
> >< Sending Access-Request of id 210 to ***.***.***.*** port 1645
> >
> >< Message-Authenticator = 0x
> >
> >< Service-Type = Framed-User
> >
> >< User-Name = "enguyend"
> >
> >< Framed-MTU = 1488
> >
> >< Called-Station-Id = "00-1D-7E-5F-F7-39:SogetiNET"
> >
> >< Calling-Station-Id = "00-16-6F-AA-80-DD"
> >
> >< NAS-Port-Type = Wireless-802.11
> >
> >< Connect-Info = "CONNECT 54Mbps 802.11g"
> >
> >< EAP-Message = 0x020d01656e677579656e64
> >
> >< NAS-IP-Address = 192.168.1.1
> >
> >< NAS-Port = 1
> >
> >< NAS-Port-Id = "STA port # 1"
> >
> >< Proxy-State = 0x30
> >
> >< Going to the next request
>..
> >< Rejecting request 0 due to lack of any response from home server
> >***.***.***.*** port 1645
> >
> >< There was no response configured: rejecting request 0
> >
>
> Request was proxied but home server didn't respond. You will have to
> debug the home server and see did it recieve the request.
>
> Ivan Kalik
> Kalik Informatika ISP
>
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
My request are proxied : i got this the following respond :
< rad_recv: Access-Reject packet from host 205.223.235.196 port 1645, id=186,
length=23
< Proxy-State = 0x30
In my radius log file:
< *** Incoming RADIUS packet: ***
< radrecv: Packet from host 10.226.66.51, port=24670
< send_reject()
< *** Incoming RADIUS packet: ***
< radrecv: Packet from host 10.226.65.52, port=25433
< send_reject()
I think the problem is the protocol I use : PAP.
I'm not sure that FreeRadius use PAP protocol to communicate with Radius Server.
And is it normal that I can't see any password when I use a sniffer?
Regards
NGUYEN Eric
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: FreeRadius working as a ProxyRadius using PAP protocol
>I'm trying to use FreeRadius (server-2.1.1) as a Proxy Radius with PAP
>protocol.
>
If you ment to proxy only pap requests, your configuration is not going
to work.
>proxy.conf:
>
>
>
>realm NULL {
>
>authhost= ***.***.***.***:1645
>
>accthost= ***.***.***.***:1646
>
>secret = pass
>
>}
>
>users:
>
>DEFAULT FreeRADIUS-Proxied-To == ***.***.***.***, Auth-Type := PAP
>
It was an eap request so that didn't match.
>< Proxying request 0 to home server ***.***.***.*** port 1645
>
>< Sending Access-Request of id 210 to ***.***.***.*** port 1645
>
>< Message-Authenticator = 0x
>
>< Service-Type = Framed-User
>
>< User-Name = "enguyend"
>
>< Framed-MTU = 1488
>
>< Called-Station-Id = "00-1D-7E-5F-F7-39:SogetiNET"
>
>< Calling-Station-Id = "00-16-6F-AA-80-DD"
>
>< NAS-Port-Type = Wireless-802.11
>
>< Connect-Info = "CONNECT 54Mbps 802.11g"
>
>< EAP-Message = 0x020d01656e677579656e64
>
>< NAS-IP-Address = 192.168.1.1
>
>< NAS-Port = 1
>
>< NAS-Port-Id = "STA port # 1"
>
>< Proxy-State = 0x30
>
>< Going to the next request
..
>< Rejecting request 0 due to lack of any response from home server
>***.***.***.*** port 1645
>
>< There was no response configured: rejecting request 0
>
Request was proxied but home server didn't respond. You will have to
debug the home server and see did it recieve the request.
Ivan Kalik
Kalik Informatika ISP
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
