Re: freeradius server not responding to radtest
Ben, Not sure if this is much help or not but what does your clients.conf file say? If you don't have your localhost address 127.0.0.1 in clients.conf then the server will not respond. I think it is usually an access reject message but you never know. I also noticed that you have no defined IP address for that box either. Have you tried defining an IP address on the server and then send your radtest to that IP? If so what was the output? James On Fri, 2005-08-26 at 15:54 +0100, Ben Dowling wrote: > Hi, > > I have managed to get freeradius installed and running but I cannot get > radtest to authenticate with the server, or even to connect to it! > When I run radtest I recieve the following output: > > bratislava:/usr/local/etc/raddb# radtest test test localhost 0 test > Sending Access-Request of id 60 to 127.0.0.1:1812 > User-Name = "test" > User-Password = "test" > NAS-IP-Address = bratislava.wapsol.de > NAS-Port = 0 > Re-sending Access-Request of id 60 to 127.0.0.1:1812 > User-Name = "test" > User-Password = "y\034\026\033\255\2447\014\254[<;\270\257Um" > NAS-IP-Address = bratislava.wapsol.de > NAS-Port = 0 > > And it continues to re-send, eventually producing the message radclient: > no response from server for ID 60. Does anyone know why the radius > server does not respond? The output from radiusd is shown below. > > Thanks in advance, Ben > > bratislava:/usr/local/etc/raddb# radiusd -X -A > Starting - reading configuration files ... > reread_config: reading radiusd.conf > Config: including file: /usr/local/etc/raddb/proxy.conf > Config: including file: /usr/local/etc/raddb/clients.conf > Config: including file: /usr/local/etc/raddb/snmp.conf > Config: including file: /usr/local/etc/raddb/eap.conf > Config: including file: /usr/local/etc/raddb/sql.conf > main: prefix = "/usr" > main: localstatedir = "/var" > main: logdir = "/var/log/freeradius" > main: libdir = "/usr/local/lib/" > main: radacctdir = "/var/log/freeradius/radacct" > main: hostname_lookups = no > main: max_request_time = 30 > main: cleanup_delay = 5 > main: max_requests = 1024 > main: delete_blocked_requests = 0 > main: port = 0 > main: allow_core_dumps = no > main: log_stripped_names = no > main: log_file = "/var/log/freeradius/radius.log" > main: log_auth = yes > main: log_auth_badpass = yes > main: log_auth_goodpass = yes > main: pidfile = "/var/run/freeradius/freeradius.pid" > main: user = "freerad" > main: group = "freerad" > main: usercollide = no > main: lower_user = "no" > main: lower_pass = "no" > main: nospace_user = "no" > main: nospace_pass = "no" > main: checkrad = "/usr/sbin/checkrad" > main: proxy_requests = yes > proxy: retry_delay = 5 > proxy: retry_count = 3 > proxy: synchronous = no > proxy: default_fallback = yes > proxy: dead_time = 120 > proxy: post_proxy_authorize = yes > proxy: wake_all_if_all_dead = no > security: max_attributes = 200 > security: reject_delay = 1 > security: status_server = no > main: debug_level = 0 > read_config_files: reading dictionary > read_config_files: reading naslist > Using deprecated naslist file. Support for this will go away soon. > read_config_files: reading clients > read_config_files: reading realms > radiusd: entering modules setup > Module: Library search path is /usr/local/lib > Module: Loaded exec > exec: wait = yes > exec: program = "(null)" > exec: input_pairs = "request" > exec: output_pairs = "(null)" > exec: packet_type = "(null)" > rlm_exec: Wait=yes but no output defined. Did you mean output=none? > Module: Instantiated exec (exec) > Module: Loaded expr > Module: Instantiated expr (expr) > Module: Loaded System > unix: cache = no > unix: passwd = "(null)" > unix: shadow = "/etc/shadow" > unix: group = "(null)" > unix: radwtmp = "/var/log/freeradius/radwtmp" > unix: usegroup = no > unix: cache_reload = 600 > Module: Instantiated unix (unix) > Module: Loaded eap > eap: default_eap_type = "tls" > eap: timer_expire = 60 > eap: ignore_unknown_eap_types = yes > eap: cisco_accounting_username_bug = no > tls: rsa_key_exchange = no > tls: dh_key_exchange = yes > tls: rsa_key_length = 512 > tls: dh_key_length = 512 > tls: verify_depth = 0 > tls: CA_path = "(null)" > tls: pem_file_type = yes > tls: private_key_file = "/usr/local/etc/raddb/certs/server-cert.pem" > tls: certificate_file = "/usr/local/etc/raddb/certs/server-cert.pem" > tls: CA_file = "/usr/local/etc/raddb/certs/root.pem" > tls: private_key_password = "(null)" > tls: dh_file = "/usr/local/etc/raddb/certs/dh" > tls: random_file = "/usr/local/etc/raddb/certs/random" > tls: fragment_size = 1024 > tls: include_length = yes > tls: check_crl = no > tls: check_cert_cn = "(null)" > rlm_eap: Loaded and initialized type tls > Module: Instantiated eap (eap) > Module: Loaded preprocess > preprocess: huntgroups = "/usr/local/etc/raddb/huntgroups" > preprocess: hints = "/usr/local/etc/raddb/hints" > preprocess: with_ascend_hack = no > preprocess: ascend_channels_per_line = 23 > preprocess: with_ntdomain_hack = no > pr
Re: freeradius server not responding to radtest
It is in clients.conf with the secret 'test'. Scanning it with -P0 shows that port 1812 is open|filtered, but scanning without -P0 shows host is down. Cheers, Ben Benedikt Panzer wrote: Hello, do you have localhost with that shared secret in your clients.conf file? Is there a firewall blocking the requests? (nmap -sU -p 1812 localhost) Regards, Benedikt bratislava:/usr/local/etc/raddb# radtest test test localhost 0 test - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: freeradius server not responding to radtest
Hello, do you have localhost with that shared secret in your clients.conf file? Is there a firewall blocking the requests? (nmap -sU -p 1812 localhost) Regards, Benedikt bratislava:/usr/local/etc/raddb# radtest test test localhost 0 test - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
freeradius server not responding to radtest
Hi,
I have managed to get freeradius installed and running but I cannot get
radtest to authenticate with the server, or even to connect to it!
When I run radtest I recieve the following output:
bratislava:/usr/local/etc/raddb# radtest test test localhost 0 test
Sending Access-Request of id 60 to 127.0.0.1:1812
User-Name = "test"
User-Password = "test"
NAS-IP-Address = bratislava.wapsol.de
NAS-Port = 0
Re-sending Access-Request of id 60 to 127.0.0.1:1812
User-Name = "test"
User-Password = "y\034\026\033\255\2447\014\254[<;\270\257Um"
NAS-IP-Address = bratislava.wapsol.de
NAS-Port = 0
And it continues to re-send, eventually producing the message radclient:
no response from server for ID 60. Does anyone know why the radius
server does not respond? The output from radiusd is shown below.
Thanks in advance, Ben
bratislava:/usr/local/etc/raddb# radiusd -X -A
Starting - reading configuration files ...
reread_config: reading radiusd.conf
Config: including file: /usr/local/etc/raddb/proxy.conf
Config: including file: /usr/local/etc/raddb/clients.conf
Config: including file: /usr/local/etc/raddb/snmp.conf
Config: including file: /usr/local/etc/raddb/eap.conf
Config: including file: /usr/local/etc/raddb/sql.conf
main: prefix = "/usr"
main: localstatedir = "/var"
main: logdir = "/var/log/freeradius"
main: libdir = "/usr/local/lib/"
main: radacctdir = "/var/log/freeradius/radacct"
main: hostname_lookups = no
main: max_request_time = 30
main: cleanup_delay = 5
main: max_requests = 1024
main: delete_blocked_requests = 0
main: port = 0
main: allow_core_dumps = no
main: log_stripped_names = no
main: log_file = "/var/log/freeradius/radius.log"
main: log_auth = yes
main: log_auth_badpass = yes
main: log_auth_goodpass = yes
main: pidfile = "/var/run/freeradius/freeradius.pid"
main: user = "freerad"
main: group = "freerad"
main: usercollide = no
main: lower_user = "no"
main: lower_pass = "no"
main: nospace_user = "no"
main: nospace_pass = "no"
main: checkrad = "/usr/sbin/checkrad"
main: proxy_requests = yes
proxy: retry_delay = 5
proxy: retry_count = 3
proxy: synchronous = no
proxy: default_fallback = yes
proxy: dead_time = 120
proxy: post_proxy_authorize = yes
proxy: wake_all_if_all_dead = no
security: max_attributes = 200
security: reject_delay = 1
security: status_server = no
main: debug_level = 0
read_config_files: reading dictionary
read_config_files: reading naslist
Using deprecated naslist file. Support for this will go away soon.
read_config_files: reading clients
read_config_files: reading realms
radiusd: entering modules setup
Module: Library search path is /usr/local/lib
Module: Loaded exec
exec: wait = yes
exec: program = "(null)"
exec: input_pairs = "request"
exec: output_pairs = "(null)"
exec: packet_type = "(null)"
rlm_exec: Wait=yes but no output defined. Did you mean output=none?
Module: Instantiated exec (exec)
Module: Loaded expr
Module: Instantiated expr (expr)
Module: Loaded System
unix: cache = no
unix: passwd = "(null)"
unix: shadow = "/etc/shadow"
unix: group = "(null)"
unix: radwtmp = "/var/log/freeradius/radwtmp"
unix: usegroup = no
unix: cache_reload = 600
Module: Instantiated unix (unix)
Module: Loaded eap
eap: default_eap_type = "tls"
eap: timer_expire = 60
eap: ignore_unknown_eap_types = yes
eap: cisco_accounting_username_bug = no
tls: rsa_key_exchange = no
tls: dh_key_exchange = yes
tls: rsa_key_length = 512
tls: dh_key_length = 512
tls: verify_depth = 0
tls: CA_path = "(null)"
tls: pem_file_type = yes
tls: private_key_file = "/usr/local/etc/raddb/certs/server-cert.pem"
tls: certificate_file = "/usr/local/etc/raddb/certs/server-cert.pem"
tls: CA_file = "/usr/local/etc/raddb/certs/root.pem"
tls: private_key_password = "(null)"
tls: dh_file = "/usr/local/etc/raddb/certs/dh"
tls: random_file = "/usr/local/etc/raddb/certs/random"
tls: fragment_size = 1024
tls: include_length = yes
tls: check_crl = no
tls: check_cert_cn = "(null)"
rlm_eap: Loaded and initialized type tls
Module: Instantiated eap (eap)
Module: Loaded preprocess
preprocess: huntgroups = "/usr/local/etc/raddb/huntgroups"
preprocess: hints = "/usr/local/etc/raddb/hints"
preprocess: with_ascend_hack = no
preprocess: ascend_channels_per_line = 23
preprocess: with_ntdomain_hack = no
preprocess: with_specialix_jetstream_hack = no
preprocess: with_cisco_vsa_hack = no
Module: Instantiated preprocess (preprocess)
Module: Loaded detail
detail: detailfile =
"/var/log/freeradius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d"
detail: detailperm = 384
detail: dirperm = 493
detail: locking = no
Module: Instantiated detail (auth_log)
Module: Loaded realm
realm: format = "suffix"
realm: delimiter = "@"
realm: ignore_default = no
realm: ignore_null = no
Module: Instantiated realm (suffix)
Module: Loaded files
files: usersfile = "/usr/local/etc/raddb/users"
files: acctusersfile = "/usr/local/etc/raddb/acct_users"
files: preproxy_usersfile = "/usr/local/etc/raddb/preproxy_users"
files: compat = "no"
Module: Instantiated files (files)
Module: Loaded
