Re: Freeradius+Java application api call and authenticate
team howto disable nas-port, nas-port-type,nas-identifier, called-station-id, calling-station-id, i would like to use only username, user-password, nas-ip-address 2009-04-16 20:55:13,614 ERROR [net.jradius.log.BaseRadiusLog] - Problem: Request Missing: NAS-Port, NAS-Port-Type, NAS-Identifier, Called-Station-Id, Calling-Station-Id sollunga wrote: sorry to bring it back i am bit confused, even though i have the username and password in simulator, still it gives me this error message ERROR [net.jradius.log.BaseRadiusLog] - Problem: Request Missing: User-Password CHAP-Password = [Binary Data (length=10)] NAS-IP-Address = 127.0.0.1 NAS-Port = 0 Called-Station-Id = 1 Calling-Station-Id = 2 NAS-Identifier = logmon NAS-Port-Type = Ethernet CHAP-Challenge = [Binary Data (length=16)] CHAP-Password = [Binary Data (length=17)] Message-Authenticator = [Binary Data (length=16)] --- RADIUS Reply: --- Class: class net.jradius.packet.AccessReject Attributes: also i would like to use only username, userpassword and a 10 digit number tobe checked how to achieve this? sollunga wrote: my apologies ivan tnt-4 wrote: http://coova.org/wiki/index.php/JRadius/WithFreeRADIUS http://coova.org/wordpress/index.php/2007/04/07/integrating-radius-with-your-java-enterprise/ i can find only these two urls for documentation? anywhere else as a reference? Ask them, not us. Ivan Kalik Kalik Informatika ISP - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- View this message in context: http://www.nabble.com/Freeradius%2BJava-application-api-call-and-authenticate-tp22449820p23080283.html Sent from the FreeRadius - User mailing list archive at Nabble.com. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Freeradius+Java application api call and authenticate
sorry to bring it back i am bit confused, even though i have the username and password in simulator, still it gives me this error message ERROR [net.jradius.log.BaseRadiusLog] - Problem: Request Missing: User-Password CHAP-Password = [Binary Data (length=10)] NAS-IP-Address = 127.0.0.1 NAS-Port = 0 Called-Station-Id = 1 Calling-Station-Id = 2 NAS-Identifier = logmon NAS-Port-Type = Ethernet CHAP-Challenge = [Binary Data (length=16)] CHAP-Password = [Binary Data (length=17)] Message-Authenticator = [Binary Data (length=16)] --- RADIUS Reply: --- Class: class net.jradius.packet.AccessReject Attributes: also i would like to use only username, userpassword and a 10 digit number tobe checked how to achieve this? sollunga wrote: my apologies ivan tnt-4 wrote: http://coova.org/wiki/index.php/JRadius/WithFreeRADIUS http://coova.org/wordpress/index.php/2007/04/07/integrating-radius-with-your-java-enterprise/ i can find only these two urls for documentation? anywhere else as a reference? Ask them, not us. Ivan Kalik Kalik Informatika ISP - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- View this message in context: http://www.nabble.com/Freeradius%2BJava-application-api-call-and-authenticate-tp22449820p23018413.html Sent from the FreeRadius - User mailing list archive at Nabble.com. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Freeradius+Java application api call and authenticate
my apologies ivan tnt-4 wrote: http://coova.org/wiki/index.php/JRadius/WithFreeRADIUS http://coova.org/wordpress/index.php/2007/04/07/integrating-radius-with-your-java-enterprise/ i can find only these two urls for documentation? anywhere else as a reference? Ask them, not us. Ivan Kalik Kalik Informatika ISP - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- View this message in context: http://www.nabble.com/Freeradius%2BJava-application-api-call-and-authenticate-tp22449820p22654036.html Sent from the FreeRadius - User mailing list archive at Nabble.com. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Freeradius+Java application api call and authenticate
finally i had some luck i guess, now the radius do authentication, but
jradius simulator say's timedout, could be ACS is not passing the
information to simulator i feel. though i am using ACS proxy distributin
table, still simulator is not getting the response back, any clues will be
greatly appreciated sir/mam.
once after this is up, how do i proceed to forward/receive these info
(username,password, token pass)to be confirmed for the java based
application
i know i am in total confusion mode, but some kind of help will be helpful
for me to look towards right direction..
rlm_jradius: reading attribute: type=1259012097; len=1
rlm_jradius: Released JRadius socket id: 6
++[jradius] returns updated
++[preprocess] returns ok
[chap] Setting 'Auth-Type := CHAP'
++[chap] returns ok
[files] users: Matched entry d...@mydomain.com at line 90
[files] expand: Hello, %{User-Name} - Hello, d...@mydomain.com
++[files] returns ok
Found Auth-Type = CHAP
+- entering group CHAP {...}
[chap] login attempt by d...@mydomain.com with CHAP password
[chap] Using clear text password hello for user d...@mydomain.com
authentication.
[chap] chap user d...@mydomain.com authenticated succesfully
++[chap] returns ok
Login OK: [...@mydomain.com/CHAP-Password] (from client mydomain port 0)
+- entering group post-auth {...}
++[exec] returns noop
Sending Access-Accept of id 2 to 192.168.0.50 port 2773
Reply-Message = Hello, d...@mydomain.com
Proxy-State = 0x434953434f3a30
Finished request 1.
Going to the next request
Waking up in 1.9 seconds.
Cleaning up request 1 ID 2 with timestamp +13
Ready to process requests.
sollunga wrote:
thanks ivan for the quick reply, will get back to you shortly
sollunga wrote:
i am using Cisco ACS for authenticating my vpn users, now i thought of
using two factor auth in place against the direct authentication by ACS,
on this process one of the googling guided me to try proxying the ACS to
Freeradius and call some scripts to talk to the java application. now by
making the ACS to do proxying at network configuration, i can see the
request is flowing to freeradius from ACS, and the freeradius does
[chap] rlm_chap: Attribute User-Name is required for authentication.
++[chap] returns invalid
Failed to authenticate the user.
Using Post-Auth-Type Reject
+- entering group REJECT {...}
[attr_filter.access_reject] expand: %{User-Name} -
++[attr_filter.access_reject] returns noop
Delaying reject of request 27 for 1 seconds
after a while it says
[pap] Found existing Auth-Type, not changing it.
++[pap] returns noop
Found Auth-Type = CHAP
+- entering group CHAP {...}
[chap] login attempt by Doe with CHAP password
[chap] Using clear text password hello for user Doe authentication.
[chap] chap user Doe authenticated succesfully
++[chap] returns ok
+- entering group post-auth {...}
++[exec] returns noop
Sending Access-Accept of id 63 to
i am trying to figure out where could be the issue
once after this process, i need to send the same to a java application
and get a success status from there and authenticate this user.
could it be possible?
team i am a newbie here, i am just a sys admin, and now trying extend my
knowledge, please help me.
--
View this message in context:
http://www.nabble.com/Freeradius%2BJava-application-api-call-and-authenticate-tp22449820p22619518.html
Sent from the FreeRadius - User mailing list archive at Nabble.com.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Freeradius+Java application api call and authenticate
finally i had some luck i guess, now the radius do authentication, but jradius simulator say's timedout, could be ACS is not passing the information to simulator i feel. though i am using ACS proxy distributin table, still simulator is not getting the response back, any clues will be greatly appreciated sir/mam. Debug ACS. once after this is up, how do i proceed to forward/receive these info (username,password, token pass)to be confirmed for the java based application jradius module will pass request attributes (all, not just username and password) to jradius server. You need to read jradius documentation to see how to process them and configure reply. Ivan Kalik Kalik Informatika ISP - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Freeradius+Java application api call and authenticate
http://coova.org/wiki/index.php/JRadius/WithFreeRADIUS http://coova.org/wordpress/index.php/2007/04/07/integrating-radius-with-your-java-enterprise/ i can find only these two urls for documentation? anywhere else as a reference? tnt-4 wrote: finally i had some luck i guess, now the radius do authentication, but jradius simulator say's timedout, could be ACS is not passing the information to simulator i feel. though i am using ACS proxy distributin table, still simulator is not getting the response back, any clues will be greatly appreciated sir/mam. Debug ACS. once after this is up, how do i proceed to forward/receive these info (username,password, token pass)to be confirmed for the java based application jradius module will pass request attributes (all, not just username and password) to jradius server. You need to read jradius documentation to see how to process them and configure reply. Ivan Kalik Kalik Informatika ISP - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- View this message in context: http://www.nabble.com/Freeradius%2BJava-application-api-call-and-authenticate-tp22449820p22620632.html Sent from the FreeRadius - User mailing list archive at Nabble.com. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Freeradius+Java application api call and authenticate
http://coova.org/wiki/index.php/JRadius/WithFreeRADIUS http://coova.org/wordpress/index.php/2007/04/07/integrating-radius-with-your-java-enterprise/ i can find only these two urls for documentation? anywhere else as a reference? Ask them, not us. Ivan Kalik Kalik Informatika ISP - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Freeradius+Java application api call and authenticate
thanks ivan for the quick reply, will get back to you shortly
sollunga wrote:
i am using Cisco ACS for authenticating my vpn users, now i thought of
using two factor auth in place against the direct authentication by ACS,
on this process one of the googling guided me to try proxying the ACS to
Freeradius and call some scripts to talk to the java application. now by
making the ACS to do proxying at network configuration, i can see the
request is flowing to freeradius from ACS, and the freeradius does
[chap] rlm_chap: Attribute User-Name is required for authentication.
++[chap] returns invalid
Failed to authenticate the user.
Using Post-Auth-Type Reject
+- entering group REJECT {...}
[attr_filter.access_reject] expand: %{User-Name} -
++[attr_filter.access_reject] returns noop
Delaying reject of request 27 for 1 seconds
after a while it says
[pap] Found existing Auth-Type, not changing it.
++[pap] returns noop
Found Auth-Type = CHAP
+- entering group CHAP {...}
[chap] login attempt by Doe with CHAP password
[chap] Using clear text password hello for user Doe authentication.
[chap] chap user Doe authenticated succesfully
++[chap] returns ok
+- entering group post-auth {...}
++[exec] returns noop
Sending Access-Accept of id 63 to
i am trying to figure out where could be the issue
once after this process, i need to send the same to a java application and
get a success status from there and authenticate this user.
could it be possible?
team i am a newbie here, i am just a sys admin, and now trying extend my
knowledge, please help me.
--
View this message in context:
http://www.nabble.com/Freeradius%2BJava-application-api-call-and-authenticate-tp22449820p22510302.html
Sent from the FreeRadius - User mailing list archive at Nabble.com.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Freeradius+Java application api call and authenticate
thanks Ivan Kalik will go thru the cisco documentation and get backto you,
meantime, still i am wondering howto post the information from freeradius to
java application, iam confused with jradius document.
From: t...@kalik.net t...@kalik.net
To: FreeRadius users mailing list freeradius-users@lists.freeradius.org
Sent: Thursday, March 12, 2009 3:36:48 PM
Subject: Re: Freeradius+Java application api call and authenticate
also i am going thru the documentation part of jradius to imply? can anyone
of you suggest me whether i am in right direction?
If you want to use Java that is a good way.
now by
making the ACS to do proxying at network configuration, i can see the
request
Well, we don't. Post the debug *with* the request.
is flowing to freeradius from ACS, and the freeradius does
[chap] rlm_chap: Attribute User-Name is required for authentication.
++[chap] returns invalid
Failed to authenticate the user.
Using Post-Auth-Type Reject
+- entering group REJECT {...}
[attr_filter.access_reject] expand: %{User-Name} -
++[attr_filter.access_reject] returns noop
Delaying reject of request 27 for 1 seconds
It's quite likely that it wasn't a chap request to start with. You are
forcing Auth-Type CHAP onto something that isn't chap.
after a while it says
[pap] Found existing Auth-Type, not changing it.
++[pap] returns noop
Found Auth-Type = CHAP
+- entering group CHAP {...}
[chap] login attempt by Doe with CHAP password
[chap] Using clear text password hello for user Doe authentication.
[chap] chap user Doe authenticated succesfully
++[chap] returns ok
+- entering group post-auth {...}
++[exec] returns noop
Sending Access-Accept of id 63 to
That looks fine. But you might need to return things like Service-Type in
the Access-Accept. You will need to read Cisco documentation to see what
is need for making a connection.
Ivan Kalik
Kalik Informatika ISP
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Freeradius+Java application api call and authenticate
thanks Ivan Kalik will go thru the cisco documentation and get backto you, meantime, still i am wondering howto post the information from freeradius to java application, iam confused with jradius document. Configuration file for jradius module is included in the source (src/modules/rlm_jradius). You place configuration file as raddb/modules/jradius and list jradius in appropriate section (authorize, accounting, ...). Module will then pass the request attributes to jradius. Ivan Kalik Kalik Informatika ISP - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Freeradius+Java application api call and authenticate
also i am going thru the documentation part of jradius to imply? can anyone
of you suggest me whether i am in right direction?
sollunga wrote:
i am using Cisco ACS for authenticating my vpn users, now i thought of
using two factor auth in place against the direct authentication by ACS,
on this process one of the googling guided me to try proxying the ACS to
Freeradius and call some scripts to talk to the java application. now by
making the ACS to do proxying at network configuration, i can see the
request is flowing to freeradius from ACS, and the freeradius does
[chap] rlm_chap: Attribute User-Name is required for authentication.
++[chap] returns invalid
Failed to authenticate the user.
Using Post-Auth-Type Reject
+- entering group REJECT {...}
[attr_filter.access_reject] expand: %{User-Name} -
++[attr_filter.access_reject] returns noop
Delaying reject of request 27 for 1 seconds
after a while it says
[pap] Found existing Auth-Type, not changing it.
++[pap] returns noop
Found Auth-Type = CHAP
+- entering group CHAP {...}
[chap] login attempt by Doe with CHAP password
[chap] Using clear text password hello for user Doe authentication.
[chap] chap user Doe authenticated succesfully
++[chap] returns ok
+- entering group post-auth {...}
++[exec] returns noop
Sending Access-Accept of id 63 to
i am trying to figure out where could be the issue
once after this process, i need to send the same to a java application and
get a success status from there and authenticate this user.
could it be possible?
team i am a newbie here, i am just a sys admin, and now trying extend my
knowledge, please help me.
--
View this message in context:
http://www.nabble.com/Freeradius%2BJava-application-api-call-and-authenticate-tp22449820p22470635.html
Sent from the FreeRadius - User mailing list archive at Nabble.com.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Freeradius+Java application api call and authenticate
also i am going thru the documentation part of jradius to imply? can anyone
of you suggest me whether i am in right direction?
If you want to use Java that is a good way.
now by
making the ACS to do proxying at network configuration, i can see the
request
Well, we don't. Post the debug *with* the request.
is flowing to freeradius from ACS, and the freeradius does
[chap] rlm_chap: Attribute User-Name is required for authentication.
++[chap] returns invalid
Failed to authenticate the user.
Using Post-Auth-Type Reject
+- entering group REJECT {...}
[attr_filter.access_reject] expand: %{User-Name} -
++[attr_filter.access_reject] returns noop
Delaying reject of request 27 for 1 seconds
It's quite likely that it wasn't a chap request to start with. You are
forcing Auth-Type CHAP onto something that isn't chap.
after a while it says
[pap] Found existing Auth-Type, not changing it.
++[pap] returns noop
Found Auth-Type = CHAP
+- entering group CHAP {...}
[chap] login attempt by Doe with CHAP password
[chap] Using clear text password hello for user Doe authentication.
[chap] chap user Doe authenticated succesfully
++[chap] returns ok
+- entering group post-auth {...}
++[exec] returns noop
Sending Access-Accept of id 63 to
That looks fine. But you might need to return things like Service-Type in
the Access-Accept. You will need to read Cisco documentation to see what
is need for making a connection.
Ivan Kalik
Kalik Informatika ISP
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
