new to radius osx client 3com switch

[jeffrey j donovan]

hello

I have been learning about freeradius and could use some guidance. I have a 
freeradius server a 3com 5500 switch and mac osx client

I setup a test machine and added a client record and shared secret. Joe User is 
getting his credentials from ldap, and the machine he sent the request on is 
10.5.1.8, freeradius running on 10.5.1.101. 

Now I need to configure a 3Com switch, and mac OSX client to send/accept EAP or 
EAPTLS. neither apple or 3com have good setup docs, so Im looking to the list , 
maybe someone has crossed this river before I build a new bridge ?

here was my auth test from remote user;

echo "User-Name = joeuser\n User-Password = hispassword" | radclient -sx 
10.5.1.101 auth Secret

Sending Access-Request of id 137 to 10.5.1.101 port 1812
User-Name = "joeuser"
User-Password = "hispassword"
rad_recv: Access-Accept packet from host 10.5.1.101:1812, id=137, length=20

   Total approved auths:  1
 Total denied auths:  0
   Total lost auths:  0


Mon Apr 11 20:17:42 2011 : Debug: Ready to process requests.
rad_recv: Access-Request packet from host 10.5.1.8 port 57337, id=254, length=51
User-Name = "joeuser"
User-Password = "hispassword"
Mon Apr 11 20:27:04 2011 : Info: +- entering group authorize {...}
Mon Apr 11 20:27:04 2011 : Info: ++[preprocess] returns ok
Mon Apr 11 20:27:04 2011 : Info: ++[chap] returns noop
Mon Apr 11 20:27:04 2011 : Info: ++[mschap] returns noop
Mon Apr 11 20:27:04 2011 : Info: [suffix] No '@' in User-Name = "joeuser", 
looking up realm NULL
Mon Apr 11 20:27:04 2011 : Info: [suffix] No such realm "NULL"
Mon Apr 11 20:27:04 2011 : Info: ++[suffix] returns noop
Mon Apr 11 20:27:04 2011 : Info: [eap] No EAP-Message, not doing EAP
Mon Apr 11 20:27:04 2011 : Info: ++[eap] returns noop
Mon Apr 11 20:27:04 2011 : Info: ++[unix] returns updated
Mon Apr 11 20:27:04 2011 : Info: ++[files] returns noop
Mon Apr 11 20:27:04 2011 : Debug: rlm_opendirectory: The SACL group 
"com.apple.access_radius" does not exist on this system.
Mon Apr 11 20:27:04 2011 : Debug: rlm_opendirectory: The host 10.5.1.8 does not 
have an access group.
Mon Apr 11 20:27:04 2011 : Debug: rlm_opendirectory: no access control groups, 
all users allowed.
Mon Apr 11 20:27:04 2011 : Debug: rlm_opendirectory: Setting Auth-Type = 
opendirectory
Mon Apr 11 20:27:04 2011 : Info: ++[opendirectory] returns ok
Mon Apr 11 20:27:04 2011 : Info: ++[expiration] returns noop
Mon Apr 11 20:27:04 2011 : Info: ++[logintime] returns noop
Mon Apr 11 20:27:04 2011 : Info: [pap] Found existing Auth-Type, not changing 
it.
Mon Apr 11 20:27:04 2011 : Info: ++[pap] returns noop
Mon Apr 11 20:27:04 2011 : Info: Found Auth-Type = opendirectory
Mon Apr 11 20:27:04 2011 : Info: +- entering group opendirectory {...}
Mon Apr 11 20:27:04 2011 : Info: ++[opendirectory] returns ok
Mon Apr 11 20:27:04 2011 : Auth: Login OK: [joeuser/hispassword] (from client 
noc port 0)
Mon Apr 11 20:27:04 2011 : Info: +- entering group post-auth {...}
Mon Apr 11 20:27:04 2011 : Info: ++[exec] returns noop
Sending Access-Accept of id 254 to 10.5.1.8 port 57337
Mon Apr 11 20:27:04 2011 : Info: Finished request 2.
Mon Apr 11 20:27:04 2011 : Debug: Going to the next request
Mon Apr 11 20:27:04 2011 : Debug: Waking up in 4.9 seconds.


okay so thats good. now I assume that I can configure the switch , after 
following 3coms instructions i end up with
5500G-EI]display dot1x int g1/0/5
 Equipment 802.1X protocol is enabled
 CHAP authentication is enabled
 DHCP-launch is disabled
 Proxy trap checker is disabled
 Proxy logoff checker is disabled

 Configuration: Transmit Period 30 s,  Handshake Period   15 s
Quiet Period60 s,  Quiet Period Timer is disabled
Supp Timeout30 s,  Server Timeout 100 s
The maximal retransmitting times  2

 Total maximum 802.1x user resource number is 1024
 Total current used 802.1x resource number is 1

 GigabitEthernet1/0/5  is link-up
   802.1X protocol is enabled
   Proxy trap checker is disabled
   Proxy logoff checker is disabled
   The port is a(n) an authenticator
   Authenticate Mode is Auto
   Port Control Type is Mac-based
   Max on-line user number is 256
  
   Authentication Success: 0, Failed: 2 
   EAPOL Packets: Tx 13, Rx 12 
   Sent EAP Request/Identity Packet : 5 
EAP Request/Challenge Packets: 5 
   Received EAPOL Start Packets : 3 
EAPOL LogOff Packets: 0 
EAP Response/Identity Packets : 5 
EAP Response/Challenge Packets: 0 
Error Packets: 0 
 1. Unauthenticated user : MAC address: 0025-- 

   Controlled User(s) amount to 1
[5500G-EI]  disp domain
0  Domain = nocdomain
   State = Active
   RADIUS Scheme = nocsys  Access-limit = Disable 
   Domain User Template: 
   Idle-cut = Disable
   Self-service = Disable
   Messenger Time = Disable

1  Doma

Re: new to radius: wireless ap with radius: TLS problem ?

[tnt]

Are you going to post the end of this message?

Ivan Kalik
Kalik Informatika ISP

Dana 27/11/2008, "Jerome Blomart" <[EMAIL PROTECTED]> piše:

>Hello,
>
>i am new to freeraidus.
>
>Have set up a radius server for a linksys ap.
>- debian server: compiled a freeradius with eap/tls support
>- mysql db:
>  - tried "dialupadmin" and "phpMyprepaid": but those had problems in their
>"sql" scripts ( default values for timestamp and smallint ).
>  - corrected sql scripts and created database
>- as i have applied the scripts from multiple sources on the same db,
>the tables structures are a bit special comparing to tutorials stuff
>- access point ( linksys ):
>  - configured :
>- RADIUS server name ( ip address given )
>- RADIUS port
>- shared pass phrase ( NAS sghared secret given -- configured in mysql's
>radius.nas table )
>- generated four keys ( to complie with the linksys's dialogs )
>
>Now :
>   As i try Wireless clients connections :
>- the client connects to the wireless network, and tries to get an ip
>addressbut no...after retries it disconnects to the network
>
>What is happenning:
>   - in the freeradius's outpput i ca
>
>

-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

new to radius: wireless ap with radius: TLS problem ?

[Jerome Blomart]

Hello,

i am new to freeraidus.

Have set up a radius server for a linksys ap.
- debian server: compiled a freeradius with eap/tls support
- mysql db:
  - tried "dialupadmin" and "phpMyprepaid": but those had problems in their
"sql" scripts ( default values for timestamp and smallint ).
  - corrected sql scripts and created database
- as i have applied the scripts from multiple sources on the same db,
the tables structures are a bit special comparing to tutorials stuff
- access point ( linksys ):
  - configured :
- RADIUS server name ( ip address given )
- RADIUS port
- shared pass phrase ( NAS sghared secret given -- configured in mysql's
radius.nas table )
- generated four keys ( to complie with the linksys's dialogs )

Now :
   As i try Wireless clients connections :
- the client connects to the wireless network, and tries to get an ip
addressbut no...after retries it disconnects to the network

What is happenning:
   - in the freeradius's outpput i ca
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

new to radius

[Jason Brunk]

I have a wireless router that has radius server support in
it. 

 

What I am trying to do is get the radius server setup to do
the accounting and authentication.  I was told by the company that I bought the
router from that I could use just “Login-User” as the service type
and that would be the basics I needed.  I have the radius server running, and I
even have it as far as storing the data in the mysql db.   However, when I try
to authenticate from the router I see that the service-type is always “Framed-User” 
and that’s it.  But the radtest command works fine and sends back the access-accept
packet.  

 

I could use some help if anyone is willing to help me out.

 

Jason

New to radius. Questions on setup.

[Brown]

Hello All,

 I am new to radius in general and am trying to get freeradius up and running. As some 
background the system I am using has Slackware 9.1 running on it, I have Freeradius 
running (Not on startup yet) and it tests fine when I run the ($ radiusd -X and $ 
radtest test test localhost 0 testing123) so I am pretty sure everything is running 
fine here. I have also loaded Radkill but will not try to impliment this till last. It 
will be connecting to a MAX 6000 as the NAS (If I am Getting the terminology 
correct.). We are currently using Optigold ISP and Filemaker Pro as our user Interface 
and database. I am trying to find out what the best course of action is to get the 
radius server talking to the NAS and freeradius talking smoothly to Optigold and 
Filemaker. Our overall plan is to have it set up to kick users if the lines start 
getting full as well as keep users with times accounts on only as long as they are 
allowed. I hope I have provided enough information and would like to thank all that 
help in advance.

Matt Brown
[EMAIL PROTECTED] 

 

Sent via the SyberWerx system at mail.syberwerx.net

 
   

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html