Re: freeradius server not responding to radtest
Ben, Not sure if this is much help or not but what does your clients.conf file say? If you don't have your localhost address 127.0.0.1 in clients.conf then the server will not respond. I think it is usually an access reject message but you never know. I also noticed that you have no defined IP address for that box either. Have you tried defining an IP address on the server and then send your radtest to that IP? If so what was the output? James On Fri, 2005-08-26 at 15:54 +0100, Ben Dowling wrote: > Hi, > > I have managed to get freeradius installed and running but I cannot get > radtest to authenticate with the server, or even to connect to it! > When I run radtest I recieve the following output: > > bratislava:/usr/local/etc/raddb# radtest test test localhost 0 test > Sending Access-Request of id 60 to 127.0.0.1:1812 > User-Name = "test" > User-Password = "test" > NAS-IP-Address = bratislava.wapsol.de > NAS-Port = 0 > Re-sending Access-Request of id 60 to 127.0.0.1:1812 > User-Name = "test" > User-Password = "y\034\026\033\255\2447\014\254[<;\270\257Um" > NAS-IP-Address = bratislava.wapsol.de > NAS-Port = 0 > > And it continues to re-send, eventually producing the message radclient: > no response from server for ID 60. Does anyone know why the radius > server does not respond? The output from radiusd is shown below. > > Thanks in advance, Ben > > bratislava:/usr/local/etc/raddb# radiusd -X -A > Starting - reading configuration files ... > reread_config: reading radiusd.conf > Config: including file: /usr/local/etc/raddb/proxy.conf > Config: including file: /usr/local/etc/raddb/clients.conf > Config: including file: /usr/local/etc/raddb/snmp.conf > Config: including file: /usr/local/etc/raddb/eap.conf > Config: including file: /usr/local/etc/raddb/sql.conf > main: prefix = "/usr" > main: localstatedir = "/var" > main: logdir = "/var/log/freeradius" > main: libdir = "/usr/local/lib/" > main: radacctdir = "/var/log/freeradius/radacct" > main: hostname_lookups = no > main: max_request_time = 30 > main: cleanup_delay = 5 > main: max_requests = 1024 > main: delete_blocked_requests = 0 > main: port = 0 > main: allow_core_dumps = no > main: log_stripped_names = no > main: log_file = "/var/log/freeradius/radius.log" > main: log_auth = yes > main: log_auth_badpass = yes > main: log_auth_goodpass = yes > main: pidfile = "/var/run/freeradius/freeradius.pid" > main: user = "freerad" > main: group = "freerad" > main: usercollide = no > main: lower_user = "no" > main: lower_pass = "no" > main: nospace_user = "no" > main: nospace_pass = "no" > main: checkrad = "/usr/sbin/checkrad" > main: proxy_requests = yes > proxy: retry_delay = 5 > proxy: retry_count = 3 > proxy: synchronous = no > proxy: default_fallback = yes > proxy: dead_time = 120 > proxy: post_proxy_authorize = yes > proxy: wake_all_if_all_dead = no > security: max_attributes = 200 > security: reject_delay = 1 > security: status_server = no > main: debug_level = 0 > read_config_files: reading dictionary > read_config_files: reading naslist > Using deprecated naslist file. Support for this will go away soon. > read_config_files: reading clients > read_config_files: reading realms > radiusd: entering modules setup > Module: Library search path is /usr/local/lib > Module: Loaded exec > exec: wait = yes > exec: program = "(null)" > exec: input_pairs = "request" > exec: output_pairs = "(null)" > exec: packet_type = "(null)" > rlm_exec: Wait=yes but no output defined. Did you mean output=none? > Module: Instantiated exec (exec) > Module: Loaded expr > Module: Instantiated expr (expr) > Module: Loaded System > unix: cache = no > unix: passwd = "(null)" > unix: shadow = "/etc/shadow" > unix: group = "(null)" > unix: radwtmp = "/var/log/freeradius/radwtmp" > unix: usegroup = no > unix: cache_reload = 600 > Module: Instantiated unix (unix) > Module: Loaded eap > eap: default_eap_type = "tls" > eap: timer_expire = 60 > eap: ignore_unknown_eap_types = yes > eap: cisco_accounting_username_bug = no > tls: rsa_key_exchange = no > tls: dh_key_exchange = yes > tls: rsa_key_length = 512 > tls: dh_key_length = 512 > tls: verify_depth = 0 > tls: CA_path = "(null)" > tls: pem_file_type = yes > tls: private_key_file = "/usr/local/etc/raddb/certs/server-cert.pem" > tls: certificate_file = "/usr/local/etc/raddb/certs/server-cert.pem" > tls: CA_file = "/usr/local/etc/raddb/certs/root.pem" > tls: private_key_password = "(null)" > tls: dh_file = "/usr/local/etc/raddb/certs/dh" > tls: random_file = "/usr/local/etc/raddb/certs/random" > tls: fragment_size = 1024 > tls: include_length = yes > tls: check_crl = no > tls: check_cert_cn = "(null)" > rlm_eap: Loaded and initialized type tls > Module: Instantiated eap (eap) > Module: Loaded preprocess > preprocess: huntgroups = "/usr/local/etc/raddb/huntgroups" > preprocess: hints = "/usr/local/etc/raddb/hints" > preprocess: with_ascend_hack = no > preprocess: ascend_channels_per_line = 23 > preprocess: with_ntdomain_hack = no > pr
Re: freeradius server not responding to radtest
It is in clients.conf with the secret 'test'. Scanning it with -P0 shows that port 1812 is open|filtered, but scanning without -P0 shows host is down. Cheers, Ben Benedikt Panzer wrote: Hello, do you have localhost with that shared secret in your clients.conf file? Is there a firewall blocking the requests? (nmap -sU -p 1812 localhost) Regards, Benedikt bratislava:/usr/local/etc/raddb# radtest test test localhost 0 test - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: freeradius server not responding to radtest
Hello, do you have localhost with that shared secret in your clients.conf file? Is there a firewall blocking the requests? (nmap -sU -p 1812 localhost) Regards, Benedikt bratislava:/usr/local/etc/raddb# radtest test test localhost 0 test - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
freeradius server not responding to radtest
Hi, I have managed to get freeradius installed and running but I cannot get radtest to authenticate with the server, or even to connect to it! When I run radtest I recieve the following output: bratislava:/usr/local/etc/raddb# radtest test test localhost 0 test Sending Access-Request of id 60 to 127.0.0.1:1812 User-Name = "test" User-Password = "test" NAS-IP-Address = bratislava.wapsol.de NAS-Port = 0 Re-sending Access-Request of id 60 to 127.0.0.1:1812 User-Name = "test" User-Password = "y\034\026\033\255\2447\014\254[<;\270\257Um" NAS-IP-Address = bratislava.wapsol.de NAS-Port = 0 And it continues to re-send, eventually producing the message radclient: no response from server for ID 60. Does anyone know why the radius server does not respond? The output from radiusd is shown below. Thanks in advance, Ben bratislava:/usr/local/etc/raddb# radiusd -X -A Starting - reading configuration files ... reread_config: reading radiusd.conf Config: including file: /usr/local/etc/raddb/proxy.conf Config: including file: /usr/local/etc/raddb/clients.conf Config: including file: /usr/local/etc/raddb/snmp.conf Config: including file: /usr/local/etc/raddb/eap.conf Config: including file: /usr/local/etc/raddb/sql.conf main: prefix = "/usr" main: localstatedir = "/var" main: logdir = "/var/log/freeradius" main: libdir = "/usr/local/lib/" main: radacctdir = "/var/log/freeradius/radacct" main: hostname_lookups = no main: max_request_time = 30 main: cleanup_delay = 5 main: max_requests = 1024 main: delete_blocked_requests = 0 main: port = 0 main: allow_core_dumps = no main: log_stripped_names = no main: log_file = "/var/log/freeradius/radius.log" main: log_auth = yes main: log_auth_badpass = yes main: log_auth_goodpass = yes main: pidfile = "/var/run/freeradius/freeradius.pid" main: user = "freerad" main: group = "freerad" main: usercollide = no main: lower_user = "no" main: lower_pass = "no" main: nospace_user = "no" main: nospace_pass = "no" main: checkrad = "/usr/sbin/checkrad" main: proxy_requests = yes proxy: retry_delay = 5 proxy: retry_count = 3 proxy: synchronous = no proxy: default_fallback = yes proxy: dead_time = 120 proxy: post_proxy_authorize = yes proxy: wake_all_if_all_dead = no security: max_attributes = 200 security: reject_delay = 1 security: status_server = no main: debug_level = 0 read_config_files: reading dictionary read_config_files: reading naslist Using deprecated naslist file. Support for this will go away soon. read_config_files: reading clients read_config_files: reading realms radiusd: entering modules setup Module: Library search path is /usr/local/lib Module: Loaded exec exec: wait = yes exec: program = "(null)" exec: input_pairs = "request" exec: output_pairs = "(null)" exec: packet_type = "(null)" rlm_exec: Wait=yes but no output defined. Did you mean output=none? Module: Instantiated exec (exec) Module: Loaded expr Module: Instantiated expr (expr) Module: Loaded System unix: cache = no unix: passwd = "(null)" unix: shadow = "/etc/shadow" unix: group = "(null)" unix: radwtmp = "/var/log/freeradius/radwtmp" unix: usegroup = no unix: cache_reload = 600 Module: Instantiated unix (unix) Module: Loaded eap eap: default_eap_type = "tls" eap: timer_expire = 60 eap: ignore_unknown_eap_types = yes eap: cisco_accounting_username_bug = no tls: rsa_key_exchange = no tls: dh_key_exchange = yes tls: rsa_key_length = 512 tls: dh_key_length = 512 tls: verify_depth = 0 tls: CA_path = "(null)" tls: pem_file_type = yes tls: private_key_file = "/usr/local/etc/raddb/certs/server-cert.pem" tls: certificate_file = "/usr/local/etc/raddb/certs/server-cert.pem" tls: CA_file = "/usr/local/etc/raddb/certs/root.pem" tls: private_key_password = "(null)" tls: dh_file = "/usr/local/etc/raddb/certs/dh" tls: random_file = "/usr/local/etc/raddb/certs/random" tls: fragment_size = 1024 tls: include_length = yes tls: check_crl = no tls: check_cert_cn = "(null)" rlm_eap: Loaded and initialized type tls Module: Instantiated eap (eap) Module: Loaded preprocess preprocess: huntgroups = "/usr/local/etc/raddb/huntgroups" preprocess: hints = "/usr/local/etc/raddb/hints" preprocess: with_ascend_hack = no preprocess: ascend_channels_per_line = 23 preprocess: with_ntdomain_hack = no preprocess: with_specialix_jetstream_hack = no preprocess: with_cisco_vsa_hack = no Module: Instantiated preprocess (preprocess) Module: Loaded detail detail: detailfile = "/var/log/freeradius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d" detail: detailperm = 384 detail: dirperm = 493 detail: locking = no Module: Instantiated detail (auth_log) Module: Loaded realm realm: format = "suffix" realm: delimiter = "@" realm: ignore_default = no realm: ignore_null = no Module: Instantiated realm (suffix) Module: Loaded files files: usersfile = "/usr/local/etc/raddb/users" files: acctusersfile = "/usr/local/etc/raddb/acct_users" files: preproxy_usersfile = "/usr/local/etc/raddb/preproxy_users" files: compat = "no" Module: Instantiated files (files) Module: Loaded