Re: newbie - authentication error
Hi, Hi all, I'd like to tetst my radius conf with a basic setting. really? looks from the log you posted that you've massively edited the provided config files. why? you've just broken the server. alan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: newbie - authentication error
Ivan Kalik a écrit : Post the output from radiusd -X. here it is : FreeRADIUS Version 2.0.4, for host i486-pc-linux-gnu, built on May 11 2008 at 18:46:28 Copyright (C) 1999-2008 The FreeRADIUS server project and contributors. There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. You may redistribute copies of FreeRADIUS under the terms of the GNU General Public License. Starting - reading configuration files ... including configuration file /etc/freeradius/radiusd.conf including configuration file /etc/freeradius/proxy.conf including configuration file /etc/freeradius/clients.conf including configuration file /etc/freeradius/snmp.conf including configuration file /etc/freeradius/eap.conf including configuration file /etc/freeradius/policy.conf including files in directory /etc/freeradius/sites-enabled/ including dictionary file /etc/freeradius/dictionary main { prefix = /usr localstatedir = /var logdir = /var/log/freeradius libdir = /usr/lib/freeradius radacctdir = /var/log/freeradius/radacct hostname_lookups = no max_request_time = 30 cleanup_delay = 5 max_requests = 1024 allow_core_dumps = no pidfile = /var/run/freeradius/freeradius.pid user = freerad group = freerad checkrad = /usr/sbin/checkrad debug_level = 0 proxy_requests = yes security { max_attributes = 200 reject_delay = 1 status_server = yes } } client localhost { ipaddr = 127.0.0.1 require_message_authenticator = no secret = testing123 nastype = other } radiusd: Loading Realms and Home Servers proxy server { retry_delay = 5 retry_count = 3 default_fallback = no dead_time = 120 wake_all_if_all_dead = no } home_server localhost { ipaddr = 127.0.0.1 port = 1812 type = auth secret = testing123 response_window = 20 max_outstanding = 65536 zombie_period = 40 status_check = status-server ping_check = none ping_interval = 30 check_interval = 30 num_answers_to_alive = 3 num_pings_to_alive = 3 revive_interval = 120 status_check_timeout = 4 } home_server_pool my_auth_failover { type = fail-over home_server = localhost } realm example.com { auth_pool = my_auth_failover } realm LOCAL { } radiusd: Instantiating modules instantiate { Module: Linked to module rlm_exec Module: Instantiating exec exec { wait = yes input_pairs = request shell_escape = yes } Module: Linked to module rlm_expr Module: Instantiating expr Module: Linked to module rlm_expiration Module: Instantiating expiration expiration { reply-message = Password Has Expired } Module: Linked to module rlm_logintime Module: Instantiating logintime logintime { reply-message = You are calling outside your allowed timespan minimum-timeout = 60 } } radiusd: Loading Virtual Servers server { modules { } } radiusd: Opening IP addresses and Ports listen { type = auth ipaddr = * port = 0 } listen { type = acct ipaddr = * port = 0 } main { snmp = no smux_password = snmp_write_access = no } Listening on authentication address * port 1812 Listening on accounting address * port 1813 Listening on proxy address * port 1814 Ready to process requests. rad_recv: Access-Request packet from host 127.0.0.1 port 57784, id=236, length=59 User-Name = testuser User-Password = testpasswd NAS-IP-Address = x.x.x.x NAS-Port = 1812 auth: No authenticate method (Auth-Type) configuration found for the request: Rejecting the user auth: Failed to validate the user. Login incorrect: [testuser/testpasswd] (from client localhost port 1812) Delaying reject of request 0 for 1 seconds Going to the next request Waking up in 0.9 seconds. Sending delayed reject for request 0 Sending Access-Reject of id 236 to 127.0.0.1 port 57784 Waking up in 4.9 seconds. N F Ivan Kalik Kalik informatika ISP Dana 28/5/2008, pkc_mls [EMAIL PROTECTED] piše: Hi all, I'd like to tetst my radius conf with a basic setting. I'm running freeradius-2.0.4-2 on linux debian. my client.conf contains the following : client localhost { ipaddr = 127.0.0.1 secret = testing123 nastype=other } I still don't know which kind of parametre I have to set in my /etc/freeradius/users file to allow my radtest to work. all my tests with cleartext-password, user-password, aht-type, and := =, ==, leads to the same error message : rad_recv: Access-Request packet from host 127.0.0.1 port 57756, id=178, length=59 User-Name = testuser User-Password = testpasswd NAS-IP-Address = x.x.x.x NAS-Port = 1812 Wed May 28 11:41:06 2008 : Debug: auth: No authenticate method (Auth-Type) configuration found for the request: Rejecting the user next step, how to set up the users file so my local unix users can also be authenticated via radius ? thanks - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: newbie - authentication error
Post the output from radiusd -X. Ivan Kalik Kalik informatika ISP Dana 28/5/2008, pkc_mls [EMAIL PROTECTED] piše: Hi all, I'd like to tetst my radius conf with a basic setting. I'm running freeradius-2.0.4-2 on linux debian. my client.conf contains the following : client localhost { ipaddr = 127.0.0.1 secret = testing123 nastype=other } I still don't know which kind of parametre I have to set in my /etc/freeradius/users file to allow my radtest to work. all my tests with cleartext-password, user-password, aht-type, and := =, ==, leads to the same error message : rad_recv: Access-Request packet from host 127.0.0.1 port 57756, id=178, length=59 User-Name = testuser User-Password = testpasswd NAS-IP-Address = x.x.x.x NAS-Port = 1812 Wed May 28 11:41:06 2008 : Debug: auth: No authenticate method (Auth-Type) configuration found for the request: Rejecting the user next step, how to set up the users file so my local unix users can also be authenticated via radius ? thanks - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: newbie - authentication error
[EMAIL PROTECTED] a écrit : Hi, Hi all, I'd like to tetst my radius conf with a basic setting. really? looks from the log you posted that you've massively edited the provided config files. why? you've just broken the server. ok, that means I have to remove the package and reinstall it. should I then test with a user already created on the system, or shall I create a new one in the users file ? the auth-type cannot be explicitely added to the arguments of the radtest, that's why I tried to set up in many different ways the users file. alan - - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: newbie - authentication error
Default configuration works - there is no need to change it. You have instructions in FAQ or users file about making simplest user entries. You don't need to set Auth-Type - server does this on it's own. Ivan Kalik Kalik Informatika ISP Dana 28/5/2008, pkc_mls [EMAIL PROTECTED] piše: [EMAIL PROTECTED] a écrit : Hi, Hi all, I'd like to tetst my radius conf with a basic setting. really? looks from the log you posted that you've massively edited the provided config files. why? you've just broken the server. ok, that means I have to remove the package and reinstall it. should I then test with a user already created on the system, or shall I create a new one in the users file ? the auth-type cannot be explicitely added to the arguments of the radtest, that's why I tried to set up in many different ways the users file. alan - - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: newbie - authentication error
Where is the output from the debug (radiusd -X)? Ivan Kalik Kalik Informatika ISP Dana 28/5/2008, pkc_mls [EMAIL PROTECTED] piše: Ivan Kalik a écrit : Default configuration works - there is no need to change it. You have instructions in FAQ or users file about making simplest user entries. You don't need to set Auth-Type - server does this on it's own. I just removed the debian packages, removes the /var/log/radius and /etc/freeradius, did an apt-get install again, then followed the first step described in http://deployingradius.com/documents/configuration/pap.html, ie place the following text http://deployingradius.com/scripts/raddb/users/pap.txt at the *top* of the /users/ file: bob Cleartext-Password := hello then started the freeradius with a -X option : freeradius -X. radtest bob hello localhost 0 testing123 Sending Access-Request of id 189 to 127.0.0.1 port 1812 User-Name = bob User-Password = hello NAS-IP-Address = x.x.x.x NAS-Port = 0 rad_recv: Access-Reject packet from host 127.0.0.1 port 1812, id=189, length=20 it looks like I choosed the wrong FAQ. the line added to the /etc/freeradius/users was the only modification I did to the users file. anyway, I'll test on another host, to see if it works better. Ivan Kalik Kalik Informatika ISP Dana 28/5/2008, pkc_mls [EMAIL PROTECTED] piše: [EMAIL PROTECTED] a écrit : Hi, Hi all, I'd like to tetst my radius conf with a basic setting. really? looks from the log you posted that you've massively edited the provided config files. why? you've just broken the server. ok, that means I have to remove the package and reinstall it. should I then test with a user already created on the system, or shall I create a new one in the users file ? the auth-type cannot be explicitely added to the arguments of the radtest, that's why I tried to set up in many different ways the users file. alan - - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/usershtml - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: newbie - authentication error
Ivan Kalik a écrit : Default configuration works - there is no need to change it. You have instructions in FAQ or users file about making simplest user entries. You don't need to set Auth-Type - server does this on it's own. I just removed the debian packages, removes the /var/log/radius and /etc/freeradius, did an apt-get install again, then followed the first step described in http://deployingradius.com/documents/configuration/pap.html, ie place the following text http://deployingradius.com/scripts/raddb/users/pap.txt at the *top* of the /users/ file: bob Cleartext-Password := hello then started the freeradius with a -X option : freeradius -X. radtest bob hello localhost 0 testing123 Sending Access-Request of id 189 to 127.0.0.1 port 1812 User-Name = bob User-Password = hello NAS-IP-Address = x.x.x.x NAS-Port = 0 rad_recv: Access-Reject packet from host 127.0.0.1 port 1812, id=189, length=20 it looks like I choosed the wrong FAQ. the line added to the /etc/freeradius/users was the only modification I did to the users file. anyway, I'll test on another host, to see if it works better. Ivan Kalik Kalik Informatika ISP Dana 28/5/2008, pkc_mls [EMAIL PROTECTED] piše: [EMAIL PROTECTED] a écrit : Hi, Hi all, I'd like to tetst my radius conf with a basic setting. really? looks from the log you posted that you've massively edited the provided config files. why? you've just broken the server. ok, that means I have to remove the package and reinstall it. should I then test with a user already created on the system, or shall I create a new one in the users file ? the auth-type cannot be explicitely added to the arguments of the radtest, that's why I tried to set up in many different ways the users file. alan - - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: newbie - authentication error
Ivan Kalik a écrit : Where is the output from the debug (radiusd -X)? here it is : freeradius -X FreeRADIUS Version 2.0.4, for host i486-pc-linux-gnu, built on May 11 2008 at 18:46:28 Copyright (C) 1999-2008 The FreeRADIUS server project and contributors. There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. You may redistribute copies of FreeRADIUS under the terms of the GNU General Public License. Starting - reading configuration files ... including configuration file /etc/freeradius/radiusd.conf including configuration file /etc/freeradius/proxy.conf including configuration file /etc/freeradius/clients.conf including configuration file /etc/freeradius/snmp.conf including configuration file /etc/freeradius/eap.conf including configuration file /etc/freeradius/policy.conf including files in directory /etc/freeradius/sites-enabled/ including dictionary file /etc/freeradius/dictionary main { prefix = /usr localstatedir = /var logdir = /var/log/freeradius libdir = /usr/lib/freeradius radacctdir = /var/log/freeradius/radacct hostname_lookups = no max_request_time = 30 cleanup_delay = 5 max_requests = 1024 allow_core_dumps = no pidfile = /var/run/freeradius/freeradius.pid user = freerad group = freerad checkrad = /usr/sbin/checkrad debug_level = 0 proxy_requests = yes security { max_attributes = 200 reject_delay = 1 status_server = yes } } client localhost { ipaddr = 127.0.0.1 require_message_authenticator = no secret = testing123 nastype = other } radiusd: Loading Realms and Home Servers proxy server { retry_delay = 5 retry_count = 3 default_fallback = no dead_time = 120 wake_all_if_all_dead = no } home_server localhost { ipaddr = 127.0.0.1 port = 1812 type = auth secret = testing123 response_window = 20 max_outstanding = 65536 zombie_period = 40 status_check = status-server ping_check = none ping_interval = 30 check_interval = 30 num_answers_to_alive = 3 num_pings_to_alive = 3 revive_interval = 120 status_check_timeout = 4 } home_server_pool my_auth_failover { type = fail-over home_server = localhost } realm example.com { auth_pool = my_auth_failover } realm LOCAL { } radiusd: Instantiating modules instantiate { Module: Linked to module rlm_exec Module: Instantiating exec exec { wait = yes input_pairs = request shell_escape = yes } Module: Linked to module rlm_expr Module: Instantiating expr Module: Linked to module rlm_expiration Module: Instantiating expiration expiration { reply-message = Password Has Expired } Module: Linked to module rlm_logintime Module: Instantiating logintime logintime { reply-message = You are calling outside your allowed timespan minimum-timeout = 60 } } radiusd: Loading Virtual Servers server { modules { } } radiusd: Opening IP addresses and Ports listen { type = auth ipaddr = * port = 0 } listen { type = acct ipaddr = * port = 0 } main { snmp = no smux_password = snmp_write_access = no } Listening on authentication address * port 1812 Listening on accounting address * port 1813 Listening on proxy address * port 1814 Ready to process requests. rad_recv: Access-Request packet from host 127.0.0.1 port 32780, id=45, length=55 User-Name = bob User-Password = hello NAS-IP-Address = 127.0.1.1 NAS-Port = 0 auth: No authenticate method (Auth-Type) configuration found for the request: Rejecting the user auth: Failed to validate the user. Login incorrect: [bob/hello] (from client localhost port 0) Delaying reject of request 0 for 1 seconds Going to the next request Waking up in 0.9 seconds. Sending delayed reject for request 0 Sending Access-Reject of id 45 to 127.0.0.1 port 32780 Waking up in 4.9 seconds. Cleaning up request 0 ID 45 with timestamp +8 Ready to process requests. thanks for your time and patience. Ivan Kalik Kalik Informatika ISP - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: newbie - authentication error
Hi, here it is : freeradius -X okay. so you didnt edit the config - the package maintainers have edited it in weird ways and broken in. can you please post your radiusd.conf and sites-enabled/default alan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: newbie - authentication error
[EMAIL PROTECTED] a écrit : Hi, here it is : freeradius -X okay. so you didnt edit the config - the package maintainers have edited it in weird ways and broken in. can you please post your radiusd.conf and sites-enabled/default there is no sites-enabled/default file. the default is only in the sites-available directory. please find below the radiusd.conf. I removed the comments, but I can also send the complete file if needed. prefix = /usr exec_prefix = /usr sysconfdir = /etc localstatedir = /var sbindir = ${exec_prefix}/sbin logdir = /var/log/freeradius raddbdir = /etc/freeradius radacctdir = ${logdir}/radacct confdir = ${raddbdir} run_dir = ${localstatedir}/run/freeradius db_dir = $(raddbdir) libdir = /usr/lib/freeradius pidfile = ${run_dir}/freeradius.pid user = freerad group = freerad max_request_time = 30 cleanup_delay = 5 max_requests = 1024 listen { type = auth ipaddr = * port = 0 } listen { ipaddr = * port = 0 type = acct } hostname_lookups = no allow_core_dumps = no regular_expressions= yes extended_expressions= yes log { destination = files file = ${logdir}/radius.log syslog_facility = daemon stripped_names = no auth = no auth_badpass = no auth_goodpass = no } checkrad = ${sbindir}/checkrad security { max_attributes = 200 reject_delay = 1 status_server = yes } proxy_requests = yes $INCLUDE proxy.conf $INCLUDE clients.conf snmp= no $INCLUDE snmp.conf thread pool { start_servers = 5 max_servers = 32 min_spare_servers = 3 max_spare_servers = 10 max_requests_per_server = 0 } modules { pap { auto_header = no } chap { authtype = CHAP } pam { pam_auth = radiusd } unix { radwtmp = ${logdir}/radwtmp } $INCLUDE eap.conf mschap { } ldap { server = ldap.your.domain basedn = o=My Org,c=UA filter = (uid=%{Stripped-User-Name:-%{User-Name}}) ldap_connections_number = 5 timeout = 4 timelimit = 3 net_timeout = 1 tls { start_tls = no } dictionary_mapping = ${confdir}/ldap.attrmap edir_account_policy_check = no } realm IPASS { format = prefix delimiter = / } realm suffix { format = suffix delimiter = @ } realm realmpercent { format = suffix delimiter = % } realm ntdomain { format = prefix delimiter = \\ } checkval { item-name = Calling-Station-Id check-name = Calling-Station-Id data-type = string } preprocess { huntgroups = ${confdir}/huntgroups hints = ${confdir}/hints with_ascend_hack = no ascend_channels_per_line = 23 with_ntdomain_hack = no with_specialix_jetstream_hack = no with_cisco_vsa_hack = no } files { usersfile = ${confdir}/users acctusersfile = ${confdir}/acct_users preproxy_usersfile = ${confdir}/preproxy_users compat = no } detail { detailfile = ${radacctdir}/%{Client-IP-Address}/detail-%Y%m%d detailperm = 0600 header = %t } acct_unique { key = User-Name, Acct-Session-Id, NAS-IP-Address, Client-IP-Address, NAS-Port } radutmp { filename = ${logdir}/radutmp username = %{User-Name} case_sensitive = yes check_with_nas = yes perm = 0600 callerid = yes } radutmp sradutmp { filename = ${logdir}/sradutmp perm = 0644 callerid = no } attr_filter attr_filter.post-proxy { attrsfile = ${confdir}/attrs } attr_filter attr_filter.pre-proxy { attrsfile = ${confdir}/attrs.pre-proxy } attr_filter attr_filter.access_reject { key = %{User-Name} attrsfile = ${confdir}/attrs.access_reject } attr_filter attr_filter.accounting_response { key = %{User-Name} attrsfile = ${confdir}/attrs.accounting_response } counter daily { filename = ${db_dir}/db.daily key = User-Name count-attribute = Acct-Session-Time reset = daily counter-name = Daily-Session-Time check-name = Max-Daily-Session reply-name = Session-Timeout allowed-servicetype = Framed-User cache-size = 5000 } always fail { rcode = fail } always reject { rcode = reject } always noop { rcode = noop } always handled { rcode = handled } always updated { rcode = updated } always notfound { rcode = notfound } always ok { rcode = ok simulcount = 0 mpp = no } expr { } digest { } expiration { reply-message = Password Has Expired\r\n } logintime { reply-message = You are calling outside your allowed timespan\r\n
Re: newbie - authentication error
Hi, [EMAIL PROTECTED] a écrit : Hi, here it is : freeradius -X okay. so you didnt edit the config - the package maintainers have edited it in weird ways and broken in. can you please post your radiusd.conf and sites-enabled/default there is no sites-enabled/default file. the default is only in the sites-available directory. cp /etc/freeradius/sites-available/default /etc/freeradius/sites-enabled/default that default file contains the brains of the server! then run the system again. alan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: newbie - authentication error
[EMAIL PROTECTED] a écrit : Hi, cp /etc/freeradius/sites-available/default /etc/freeradius/sites-enabled/default that default file contains the brains of the server! that's it. next step is to report the bug to debian package maintainer ... thanks everyone for patience and help. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html