Re: autthentication error

2010-05-15 Thread Alan DeKok 
shirkavand wrote:
 i have followed this tutorial(because this is what i need exacty to do)
 but it does not worked either. 

  I'm astonished at a few things here.

  One, the Wiki contains instructions for building on Debian.  What's
wrong with them?

  Two, the tutorial has you do a *lot* of work to create certificates.
This has been unnecessary for *years*.

  Read the Wiki for how to build a debian package.  It's not hard: type
debian into the search bar.

  See my web site: deployingradius.com for instructions on creating
certificates: the DEFAULT INSTALL of the server does everything you need.

  Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: autthentication error

2010-05-14 Thread shirkavand 
Hi there,

Thanks for the fast reply.

I did not build myself freeradius, i have installed Freeradius on ubuntu
9.10 using

sudo apt-get install freeradius*

But maybe this does not installed openSSL support so I am going to check if
i have dev packages and ssl support properly installed, and come back to you
if necessary.

Regards
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: autthentication error

2010-05-14 Thread shirkavand 
HI there,

Ok i have tryed to add ssl support to freeradius in my ubuntu 9.10. As i
mentioned before i have installed freeradius using apt-get. The thing is
that every tutorial i followed did not woked, and after hours of trying...i
read that freeradius over ubuntu does not have ssl support for some license
issues.

Is this right?

Then i just remove all my freeradius installation, and tryed to install from
source(because fin so menay tutorials explaning this kind of installation),
i downloaded the last version from freeradius.org, and followed the
installation tutorial that exists there(creating a .deb package etc etc),
but all i get is tons of dependencies errors.

Is there any way of installing freeradius over ubuntu 9.10 with ssl support
using apt? Any advice will be apreciatted.

Cheers
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: autthentication error

2010-05-14 Thread shirkavand 
hi,

i have followed this tutorial(because this is what i need exacty to do) but
it does not worked either.

http://www.wains.be/index.php/2009/09/13/wpa2-freeradius-eap-tls/

Cheers
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

autthentication error

2010-05-11 Thread shirkavand 
Hi,

I have configurated a freeradius server using MySql authentication. When i
run radtest i get a succefull response:

rad_recv: Access-Request packet from host 127.0.0.1 port 45562, id=209,
length=59
 User-Name = sqltest
User-Password = testpwd
NAS-IP-Address = 127.0.1.1
 NAS-Port = 1812
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
[suffix] No '@' in User-Name = sqltest, looking up realm NULL
[suffix] No such realm NULL
++[suffix] returns noop
[eap] No EAP-Message, not doing EAP
++[eap] returns noop
++[unix] returns notfound
++[files] returns noop
expand: %{User-Name} - sqltest
[sql] sql_set_user escaped user -- 'sqltest'
rlm_sql (sql): Reserving sql socket id: 3
expand: SELECT id, username, attribute, value, op   FROM radcheck
WHERE username = '%{SQL-User-Name}'   ORDER BY id - SELECT
id, username, attribute, value, op   FROM radcheck   WHERE
username = 'sqltest'   ORDER BY id
[sql] User found in radcheck table
expand: SELECT id, username, attribute, value, op   FROM radreply
WHERE username = '%{SQL-User-Name}'   ORDER BY id - SELECT
id, username, attribute, value, op   FROM radreply   WHERE
username = 'sqltest'   ORDER BY id
 expand: SELECT groupname   FROM radusergroup   WHERE
username = '%{SQL-User-Name}'   ORDER BY priority - SELECT
groupname   FROM radusergroup   WHERE username = 'sqltest'
ORDER BY priority
rlm_sql (sql): Released sql socket id: 3
++[sql] returns ok
++[expiration] returns noop
++[logintime] returns noop
++[pap] returns updated
Found Auth-Type = PAP
+- entering group PAP {...}
[pap] login attempt with password testpwd
[pap] Using clear text password testpwd
[pap] User authenticated successfully
++[pap] returns ok
+- entering group post-auth {...}
++[exec] returns noop
Sending Access-Accept of id 209 to 127.0.0.1 port 45562
Finished request 20.
Going to the next request

Now i have configurated a windows supplicant, when i enter the credentials
for login from the suplicant pc, the radius server always sends a rejected
response in the servers terminal(i have freeradius over debug mode to se all
the messages), this is what i get:

Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 192.168.1.4 port 3666, id=0,
length=139
Cleaning up request 18 ID 0 with timestamp +502
User-Name = sqltest
 NAS-IP-Address = 192.168.1.4
Called-Station-Id = 00226b81bae1
 Calling-Station-Id = 002369764cef
NAS-Identifier = 00226b81bae1
 NAS-Port = 21
Framed-MTU = 1400
State = 0x5589d8c55588dc92d29bccd07151cb7c
 NAS-Port-Type = Wireless-802.11
EAP-Message = 0x020100060319
Message-Authenticator = 0xb35d1b6482700c1122714ca033d1e480
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
[suffix] No '@' in User-Name = sqltest, looking up realm NULL
[suffix] No such realm NULL
++[suffix] returns noop
[eap] EAP packet type response id 1 length 6
[eap] No EAP Start, assuming it's an on-going EAP conversation
++[eap] returns updated
++[unix] returns notfound
++[files] returns noop
expand: %{User-Name} - sqltest
[sql] sql_set_user escaped user -- 'sqltest'
rlm_sql (sql): Reserving sql socket id: 4
expand: SELECT id, username, attribute, value, op   FROM radcheck
WHERE username = '%{SQL-User-Name}'   ORDER BY id - SELECT
id, username, attribute, value, op   FROM radcheck   WHERE
username = 'sqltest'   ORDER BY id
[sql] User found in radcheck table
expand: SELECT id, username, attribute, value, op   FROM radreply
WHERE username = '%{SQL-User-Name}'   ORDER BY id - SELECT
id, username, attribute, value, op   FROM radreply   WHERE
username = 'sqltest'   ORDER BY id
 expand: SELECT groupname   FROM radusergroup   WHERE
username = '%{SQL-User-Name}'   ORDER BY priority - SELECT
groupname   FROM radusergroup   WHERE username = 'sqltest'
ORDER BY priority
rlm_sql (sql): Released sql socket id: 4
++[sql] returns ok
++[expiration] returns noop
++[logintime] returns noop
[pap] Found existing Auth-Type, not changing it.
++[pap] returns noop
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP NAK
[eap] NAK asked for unsupported type 25
[eap] No common EAP types found.
[eap] Failed in EAP select
++[eap] returns invalid
Failed to authenticate the user.
Using Post-Auth-Type Reject
+- entering group REJECT {...}
expand: %{User-Name} - sqltest
 attr_filter: Matched entry DEFAULT at line 11
++[attr_filter.access_reject] returns updated
Delaying reject of request 19 for 1 seconds
Going to the next request
Waking up in 0.9 seconds.
Sending delayed reject for request 19
Sending Access-Reject of id 0 to 192.168.1.4 port 3666
EAP-Message = 0x04010004
Message-Authenticator

Re: autthentication error

2010-05-11 Thread Alan DeKok 
shirkavand wrote:
 As i can see the error is located here:
 
 Found Auth-Type = EAP
 +- entering group authenticate {...}
 [eap] Request found, released from the list
 [eap] EAP NAK
 [eap] NAK asked for unsupported type 25
 [eap] No common EAP types found.
 [eap] Failed in EAP select

  Exactly.  You need to build the server with SSL support.

 when the windows suppllicant tryes to access the server found an EAP
 authentication..that from some reason fails, when i do a radtest the
 the server tells:

  radtest doesn't do EAP.  The supplicant does.

 I have configurated the windows client as recomended over in
 wiki.freeradius.org http://freeradius.org site

  http://deployingradius.com/ has complete instructions for testing EAP,
and building with OpenSSL.

  Also search the Wiki for OpenSSL.  You should see instructions.

  Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: autthentication error

2010-05-11 Thread Alan Buxey 
Hi,

 I have configurated a freeradius server using MySql authentication. When i 
 run radtest i get a succefull response:

built yourself?

so, basic SQL works. good. however, your windows client didnt - and this error 
here:

 Found Auth-Type = EAP
 +- entering group authenticate {...}
 [eap] Request found, released from the list
 [eap] EAP NAK
 [eap] NAK asked for unsupported type 25
 [eap] No common EAP types found.
 [eap] Failed in EAP select
 ++[eap] returns invalid

looks like the method you are trying to use is not known to the server...did you
build the server yourself? looks like it doesnt recognise (PEAP).

simple search of web and mailing list shows this commonly caused
by server not being built with OpenSSL or OpenSSL libraries not
installed


alan
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html