Re: Freeradius+Java application api call and authenticate
team howto disable nas-port, nas-port-type,nas-identifier, called-station-id, calling-station-id, i would like to use only username, user-password, nas-ip-address 2009-04-16 20:55:13,614 ERROR [net.jradius.log.BaseRadiusLog] - Problem: Request Missing: NAS-Port, NAS-Port-Type, NAS-Identifier, Called-Station-Id, Calling-Station-Id sollunga wrote: sorry to bring it back i am bit confused, even though i have the username and password in simulator, still it gives me this error message ERROR [net.jradius.log.BaseRadiusLog] - Problem: Request Missing: User-Password CHAP-Password = [Binary Data (length=10)] NAS-IP-Address = 127.0.0.1 NAS-Port = 0 Called-Station-Id = 1 Calling-Station-Id = 2 NAS-Identifier = logmon NAS-Port-Type = Ethernet CHAP-Challenge = [Binary Data (length=16)] CHAP-Password = [Binary Data (length=17)] Message-Authenticator = [Binary Data (length=16)] --- RADIUS Reply: --- Class: class net.jradius.packet.AccessReject Attributes: also i would like to use only username, userpassword and a 10 digit number tobe checked how to achieve this? sollunga wrote: my apologies ivan tnt-4 wrote: http://coova.org/wiki/index.php/JRadius/WithFreeRADIUS http://coova.org/wordpress/index.php/2007/04/07/integrating-radius-with-your-java-enterprise/ i can find only these two urls for documentation? anywhere else as a reference? Ask them, not us. Ivan Kalik Kalik Informatika ISP - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- View this message in context: http://www.nabble.com/Freeradius%2BJava-application-api-call-and-authenticate-tp22449820p23080283.html Sent from the FreeRadius - User mailing list archive at Nabble.com. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Freeradius+Java application api call and authenticate
sorry to bring it back i am bit confused, even though i have the username and password in simulator, still it gives me this error message ERROR [net.jradius.log.BaseRadiusLog] - Problem: Request Missing: User-Password CHAP-Password = [Binary Data (length=10)] NAS-IP-Address = 127.0.0.1 NAS-Port = 0 Called-Station-Id = 1 Calling-Station-Id = 2 NAS-Identifier = logmon NAS-Port-Type = Ethernet CHAP-Challenge = [Binary Data (length=16)] CHAP-Password = [Binary Data (length=17)] Message-Authenticator = [Binary Data (length=16)] --- RADIUS Reply: --- Class: class net.jradius.packet.AccessReject Attributes: also i would like to use only username, userpassword and a 10 digit number tobe checked how to achieve this? sollunga wrote: my apologies ivan tnt-4 wrote: http://coova.org/wiki/index.php/JRadius/WithFreeRADIUS http://coova.org/wordpress/index.php/2007/04/07/integrating-radius-with-your-java-enterprise/ i can find only these two urls for documentation? anywhere else as a reference? Ask them, not us. Ivan Kalik Kalik Informatika ISP - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- View this message in context: http://www.nabble.com/Freeradius%2BJava-application-api-call-and-authenticate-tp22449820p23018413.html Sent from the FreeRadius - User mailing list archive at Nabble.com. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Freeradius+Java application api call and authenticate
my apologies ivan tnt-4 wrote: http://coova.org/wiki/index.php/JRadius/WithFreeRADIUS http://coova.org/wordpress/index.php/2007/04/07/integrating-radius-with-your-java-enterprise/ i can find only these two urls for documentation? anywhere else as a reference? Ask them, not us. Ivan Kalik Kalik Informatika ISP - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- View this message in context: http://www.nabble.com/Freeradius%2BJava-application-api-call-and-authenticate-tp22449820p22654036.html Sent from the FreeRadius - User mailing list archive at Nabble.com. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Freeradius+Java application api call and authenticate
finally i had some luck i guess, now the radius do authentication, but jradius simulator say's timedout, could be ACS is not passing the information to simulator i feel. though i am using ACS proxy distributin table, still simulator is not getting the response back, any clues will be greatly appreciated sir/mam. once after this is up, how do i proceed to forward/receive these info (username,password, token pass)to be confirmed for the java based application i know i am in total confusion mode, but some kind of help will be helpful for me to look towards right direction.. rlm_jradius: reading attribute: type=1259012097; len=1 rlm_jradius: Released JRadius socket id: 6 ++[jradius] returns updated ++[preprocess] returns ok [chap] Setting 'Auth-Type := CHAP' ++[chap] returns ok [files] users: Matched entry d...@mydomain.com at line 90 [files] expand: Hello, %{User-Name} - Hello, d...@mydomain.com ++[files] returns ok Found Auth-Type = CHAP +- entering group CHAP {...} [chap] login attempt by d...@mydomain.com with CHAP password [chap] Using clear text password hello for user d...@mydomain.com authentication. [chap] chap user d...@mydomain.com authenticated succesfully ++[chap] returns ok Login OK: [...@mydomain.com/CHAP-Password] (from client mydomain port 0) +- entering group post-auth {...} ++[exec] returns noop Sending Access-Accept of id 2 to 192.168.0.50 port 2773 Reply-Message = Hello, d...@mydomain.com Proxy-State = 0x434953434f3a30 Finished request 1. Going to the next request Waking up in 1.9 seconds. Cleaning up request 1 ID 2 with timestamp +13 Ready to process requests. sollunga wrote: thanks ivan for the quick reply, will get back to you shortly sollunga wrote: i am using Cisco ACS for authenticating my vpn users, now i thought of using two factor auth in place against the direct authentication by ACS, on this process one of the googling guided me to try proxying the ACS to Freeradius and call some scripts to talk to the java application. now by making the ACS to do proxying at network configuration, i can see the request is flowing to freeradius from ACS, and the freeradius does [chap] rlm_chap: Attribute User-Name is required for authentication. ++[chap] returns invalid Failed to authenticate the user. Using Post-Auth-Type Reject +- entering group REJECT {...} [attr_filter.access_reject] expand: %{User-Name} - ++[attr_filter.access_reject] returns noop Delaying reject of request 27 for 1 seconds after a while it says [pap] Found existing Auth-Type, not changing it. ++[pap] returns noop Found Auth-Type = CHAP +- entering group CHAP {...} [chap] login attempt by Doe with CHAP password [chap] Using clear text password hello for user Doe authentication. [chap] chap user Doe authenticated succesfully ++[chap] returns ok +- entering group post-auth {...} ++[exec] returns noop Sending Access-Accept of id 63 to i am trying to figure out where could be the issue once after this process, i need to send the same to a java application and get a success status from there and authenticate this user. could it be possible? team i am a newbie here, i am just a sys admin, and now trying extend my knowledge, please help me. -- View this message in context: http://www.nabble.com/Freeradius%2BJava-application-api-call-and-authenticate-tp22449820p22619518.html Sent from the FreeRadius - User mailing list archive at Nabble.com. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Freeradius+Java application api call and authenticate
finally i had some luck i guess, now the radius do authentication, but jradius simulator say's timedout, could be ACS is not passing the information to simulator i feel. though i am using ACS proxy distributin table, still simulator is not getting the response back, any clues will be greatly appreciated sir/mam. Debug ACS. once after this is up, how do i proceed to forward/receive these info (username,password, token pass)to be confirmed for the java based application jradius module will pass request attributes (all, not just username and password) to jradius server. You need to read jradius documentation to see how to process them and configure reply. Ivan Kalik Kalik Informatika ISP - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Freeradius+Java application api call and authenticate
http://coova.org/wiki/index.php/JRadius/WithFreeRADIUS http://coova.org/wordpress/index.php/2007/04/07/integrating-radius-with-your-java-enterprise/ i can find only these two urls for documentation? anywhere else as a reference? tnt-4 wrote: finally i had some luck i guess, now the radius do authentication, but jradius simulator say's timedout, could be ACS is not passing the information to simulator i feel. though i am using ACS proxy distributin table, still simulator is not getting the response back, any clues will be greatly appreciated sir/mam. Debug ACS. once after this is up, how do i proceed to forward/receive these info (username,password, token pass)to be confirmed for the java based application jradius module will pass request attributes (all, not just username and password) to jradius server. You need to read jradius documentation to see how to process them and configure reply. Ivan Kalik Kalik Informatika ISP - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- View this message in context: http://www.nabble.com/Freeradius%2BJava-application-api-call-and-authenticate-tp22449820p22620632.html Sent from the FreeRadius - User mailing list archive at Nabble.com. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Freeradius+Java application api call and authenticate
http://coova.org/wiki/index.php/JRadius/WithFreeRADIUS http://coova.org/wordpress/index.php/2007/04/07/integrating-radius-with-your-java-enterprise/ i can find only these two urls for documentation? anywhere else as a reference? Ask them, not us. Ivan Kalik Kalik Informatika ISP - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Freeradius+Java application api call and authenticate
thanks ivan for the quick reply, will get back to you shortly sollunga wrote: i am using Cisco ACS for authenticating my vpn users, now i thought of using two factor auth in place against the direct authentication by ACS, on this process one of the googling guided me to try proxying the ACS to Freeradius and call some scripts to talk to the java application. now by making the ACS to do proxying at network configuration, i can see the request is flowing to freeradius from ACS, and the freeradius does [chap] rlm_chap: Attribute User-Name is required for authentication. ++[chap] returns invalid Failed to authenticate the user. Using Post-Auth-Type Reject +- entering group REJECT {...} [attr_filter.access_reject] expand: %{User-Name} - ++[attr_filter.access_reject] returns noop Delaying reject of request 27 for 1 seconds after a while it says [pap] Found existing Auth-Type, not changing it. ++[pap] returns noop Found Auth-Type = CHAP +- entering group CHAP {...} [chap] login attempt by Doe with CHAP password [chap] Using clear text password hello for user Doe authentication. [chap] chap user Doe authenticated succesfully ++[chap] returns ok +- entering group post-auth {...} ++[exec] returns noop Sending Access-Accept of id 63 to i am trying to figure out where could be the issue once after this process, i need to send the same to a java application and get a success status from there and authenticate this user. could it be possible? team i am a newbie here, i am just a sys admin, and now trying extend my knowledge, please help me. -- View this message in context: http://www.nabble.com/Freeradius%2BJava-application-api-call-and-authenticate-tp22449820p22510302.html Sent from the FreeRadius - User mailing list archive at Nabble.com. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Freeradius+Java application api call and authenticate
thanks Ivan Kalik will go thru the cisco documentation and get backto you, meantime, still i am wondering howto post the information from freeradius to java application, iam confused with jradius document. From: t...@kalik.net t...@kalik.net To: FreeRadius users mailing list freeradius-users@lists.freeradius.org Sent: Thursday, March 12, 2009 3:36:48 PM Subject: Re: Freeradius+Java application api call and authenticate also i am going thru the documentation part of jradius to imply? can anyone of you suggest me whether i am in right direction? If you want to use Java that is a good way. now by making the ACS to do proxying at network configuration, i can see the request Well, we don't. Post the debug *with* the request. is flowing to freeradius from ACS, and the freeradius does [chap] rlm_chap: Attribute User-Name is required for authentication. ++[chap] returns invalid Failed to authenticate the user. Using Post-Auth-Type Reject +- entering group REJECT {...} [attr_filter.access_reject] expand: %{User-Name} - ++[attr_filter.access_reject] returns noop Delaying reject of request 27 for 1 seconds It's quite likely that it wasn't a chap request to start with. You are forcing Auth-Type CHAP onto something that isn't chap. after a while it says [pap] Found existing Auth-Type, not changing it. ++[pap] returns noop Found Auth-Type = CHAP +- entering group CHAP {...} [chap] login attempt by Doe with CHAP password [chap] Using clear text password hello for user Doe authentication. [chap] chap user Doe authenticated succesfully ++[chap] returns ok +- entering group post-auth {...} ++[exec] returns noop Sending Access-Accept of id 63 to That looks fine. But you might need to return things like Service-Type in the Access-Accept. You will need to read Cisco documentation to see what is need for making a connection. Ivan Kalik Kalik Informatika ISP - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Freeradius+Java application api call and authenticate
thanks Ivan Kalik will go thru the cisco documentation and get backto you, meantime, still i am wondering howto post the information from freeradius to java application, iam confused with jradius document. Configuration file for jradius module is included in the source (src/modules/rlm_jradius). You place configuration file as raddb/modules/jradius and list jradius in appropriate section (authorize, accounting, ...). Module will then pass the request attributes to jradius. Ivan Kalik Kalik Informatika ISP - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Freeradius+Java application api call and authenticate
also i am going thru the documentation part of jradius to imply? can anyone of you suggest me whether i am in right direction? sollunga wrote: i am using Cisco ACS for authenticating my vpn users, now i thought of using two factor auth in place against the direct authentication by ACS, on this process one of the googling guided me to try proxying the ACS to Freeradius and call some scripts to talk to the java application. now by making the ACS to do proxying at network configuration, i can see the request is flowing to freeradius from ACS, and the freeradius does [chap] rlm_chap: Attribute User-Name is required for authentication. ++[chap] returns invalid Failed to authenticate the user. Using Post-Auth-Type Reject +- entering group REJECT {...} [attr_filter.access_reject] expand: %{User-Name} - ++[attr_filter.access_reject] returns noop Delaying reject of request 27 for 1 seconds after a while it says [pap] Found existing Auth-Type, not changing it. ++[pap] returns noop Found Auth-Type = CHAP +- entering group CHAP {...} [chap] login attempt by Doe with CHAP password [chap] Using clear text password hello for user Doe authentication. [chap] chap user Doe authenticated succesfully ++[chap] returns ok +- entering group post-auth {...} ++[exec] returns noop Sending Access-Accept of id 63 to i am trying to figure out where could be the issue once after this process, i need to send the same to a java application and get a success status from there and authenticate this user. could it be possible? team i am a newbie here, i am just a sys admin, and now trying extend my knowledge, please help me. -- View this message in context: http://www.nabble.com/Freeradius%2BJava-application-api-call-and-authenticate-tp22449820p22470635.html Sent from the FreeRadius - User mailing list archive at Nabble.com. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Freeradius+Java application api call and authenticate
also i am going thru the documentation part of jradius to imply? can anyone of you suggest me whether i am in right direction? If you want to use Java that is a good way. now by making the ACS to do proxying at network configuration, i can see the request Well, we don't. Post the debug *with* the request. is flowing to freeradius from ACS, and the freeradius does [chap] rlm_chap: Attribute User-Name is required for authentication. ++[chap] returns invalid Failed to authenticate the user. Using Post-Auth-Type Reject +- entering group REJECT {...} [attr_filter.access_reject] expand: %{User-Name} - ++[attr_filter.access_reject] returns noop Delaying reject of request 27 for 1 seconds It's quite likely that it wasn't a chap request to start with. You are forcing Auth-Type CHAP onto something that isn't chap. after a while it says [pap] Found existing Auth-Type, not changing it. ++[pap] returns noop Found Auth-Type = CHAP +- entering group CHAP {...} [chap] login attempt by Doe with CHAP password [chap] Using clear text password hello for user Doe authentication. [chap] chap user Doe authenticated succesfully ++[chap] returns ok +- entering group post-auth {...} ++[exec] returns noop Sending Access-Accept of id 63 to That looks fine. But you might need to return things like Service-Type in the Access-Accept. You will need to read Cisco documentation to see what is need for making a connection. Ivan Kalik Kalik Informatika ISP - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html