Re: Get errors with radtest on ip address
etc/hosts file below : 127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4 ::1 localhost localhost.localdomain localhost6 localhost6.localdomain6 192.168.17.9 linux-mail.amber.com linux-mail From: Alan Buxey To: Patricia Julien ; FreeRadius users mailing list Sent: Thursday, September 5, 2013 5:36 PM Subject: Re: Get errors with radtest on ip address No problem with radiusd at this point. It's not received a single packet. You've got a problem with your local network environment on the host. Care to share /etc/hosts? alan- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Get errors with radtest on ip address
I've done the following to install and test freeradius on Scientific Linux el6_4. The server is one I use for testing and also has Splunk installed on it. No issues with Splunk and the ip address have been found as I've gotten logs from other test equipment into Splunk - I installed the freeradius-2.1.12-4.el6_3.x86_64 and then the utilities freeradius-utils-2.1.12-4.el6_3.x86_64.rpm to get the client (radtest). - I made a change to the users file to add the testing Cleartext-Password := "password". My hosts file indicates both lo and the ip address for the server. I can ping the server without issues. - After I added the line to the users file, I started radiusd -X >debug.txt I then opened another terminal window on the same server and performed the - radtest testing password 127.0.0.1 0 testing123. - I received an error indicating failed to find ip address for linux-mail.amber.net followed by nothing to do. - I looked at clients.conf and change the ip address from 127.0.0.1 to my ip address and added hostname. The results remained the same so I've reverted to original config for this. Each time I made any changes I restarted radiusd by killing the process and restarting. I could not service radiusd stop or radiusd stop to stop the application. I tried pasting the debug txt into the debug form on the other site and received a 405Forbidden when I accepted the policy. I've put my debug from testing with just the change to the users file below. Would appreciate any insight into what could be wrong. PJ # Debug text ## FreeRADIUS Version 2.1.12, for host x86_64-redhat-linux-gnu, built on Oct 2 2012 at 23:16:43 Copyright (C) 1999-2009 The FreeRADIUS server project and contributors. There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. You may redistribute copies of FreeRADIUS under the terms of the GNU General Public License v2. Starting - reading configuration files ... including configuration file /etc/raddb/radiusd.conf including configuration file /etc/raddb/proxy.conf including configuration file /etc/raddb/clients.conf including files in directory /etc/raddb/modules/ including configuration file /etc/raddb/modules/counter including configuration file /etc/raddb/modules/checkval including configuration file /etc/raddb/modules/expr including configuration file /etc/raddb/modules/logintime including configuration file /etc/raddb/modules/redis including configuration file /etc/raddb/modules/mschap including configuration file /etc/raddb/modules/wimax including configuration file /etc/raddb/modules/attr_rewrite including configuration file /etc/raddb/modules/replicate including configuration file /etc/raddb/modules/sql_log including configuration file /etc/raddb/modules/etc_group including configuration file /etc/raddb/modules/smbpasswd including configuration file /etc/raddb/modules/detail.log including configuration file /etc/raddb/modules/exec including configuration file /etc/raddb/modules/sradutmp including configuration file /etc/raddb/modules/pap including configuration file /etc/raddb/modules/expiration including configuration file /etc/raddb/modules/always including configuration file /etc/raddb/modules/preprocess including configuration file /etc/raddb/modules/echo including configuration file /etc/raddb/modules/policy including configuration file /etc/raddb/modules/opendirectory including configuration file /etc/raddb/modules/perl including configuration file /etc/raddb/modules/pam including configuration file /etc/raddb/modules/attr_filter including configuration file /etc/raddb/modules/chap including configuration file /etc/raddb/modules/detail including configuration file /etc/raddb/modules/radutmp including configuration file /etc/raddb/modules/ntlm_auth including configuration file /etc/raddb/modules/inner-eap including configuration file /etc/raddb/modules/soh including configuration file /etc/raddb/modules/passwd including configuration file /etc/raddb/modules/acct_unique including configuration file /etc/raddb/modules/dynamic_clients including configuration file /etc/raddb/modules/ippool including configuration file /etc/raddb/modules/digest including configuration file /etc/raddb/modules/rediswho including configuration file /etc/raddb/modules/mac2ip including configuration file /etc/raddb/modules/otp including configuration file /etc/raddb/modules/cui including configuration file /etc/raddb/modules/sqlcounter_expire_on_login including configuration file /etc/raddb/modules/smsotp including configuration file /etc/raddb/modules/unix including configuration file /etc/raddb/modules/mac2vlan including configuration file /etc/raddb/modules/files including configuration file /etc/raddb/modules/detail.example.com including configuration file /etc/raddb/modules/realm including configuration file /etc/raddb/modules/linelog including configuration file /etc/raddb/eap.
Re: Get errors with radtest on ip address
Patricia Julien wrote: > - I made a change to the users file to add the testing > Cleartext-Password := "password". My hosts file indicates both lo and > the ip address for the server. I can ping the server without issues. > - After I added the line to the users file, I started radiusd -X >>debug.txt I then opened another terminal window on the same server > and performed the - radtest testing password 127.0.0.1 0 testing123. > - I received an error indicating failed to find ip address for > linux-mail.amber.net followed by nothing to do. radtest looks up the $HOSTNAME to get an IP address, which it puts into the NAS-IP-Address. If it says "failed to find IP address for host", it's because the host name doesn't have a corresponding IP address. > - I looked at clients.conf and change the ip address from 127.0.0.1 to > my ip address and added hostname. The results remained the same so I've > reverted to original config for this. You're changing the server configuration. You need fix your DNS. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Get errors with radtest on ip address
No problem with radiusd at this point. It's not received a single packet. You've got a problem with your local network environment on the host. Care to share /etc/hosts? alan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: 2.x.x and radtest: no IPv6?
Hi, >Sorry, I've been unclear. What I meant was that I strongly suspect >nas->radius comms will either be v4 or v6 for a given pairing at any one >time, for periods of minutes or hours. Hence treating the addresses as >separately should be fine hmm, yes, we treat each as a seperate entity i'll have to check if cisco even let you define the same instance to have a v4 and v6 address...its doubtful but you never know. alan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: 2.x.x and radtest: no IPv6?
a.l.m.bu...@lboro.ac.uk wrote: >Hi, > >> My guess is dual-stack NAS->RADIUS is going to be rare. > >ummm. take a hold on that assertion. the joy of dual-stack deployment >is that you need to ensure your servers are ready on IPv4 and IPv6 - >and as part of that, you need to ensure that your using both methods >in case either your IPv4 goes...or your IPv6 goes. we use both >IPv4 and IPv6 on our kit...and our servers are configured for both..as >are our NAS kit that can do IPv6 for RADIUS (we had some discussion >about the best fall-over order to use..which in itself is interesting) > >my personal view is that network/sys admins who are avoiding IPv6 as >much >as they can are just storing themselves up for a whole lot of pain >later >when its forced onto them by internet evolution...embrace the IPv6 now >whilst you can do it in your own time. it not like you havent been >given over 15 years of advance notice ;-) > >alan >- >List info/subscribe/unsubscribe? See >http://www.freeradius.org/list/users.html Sorry, I've been unclear. What I meant was that I strongly suspect nas->radius comms will either be v4 or v6 for a given pairing at any one time, for periods of minutes or hours. Hence treating the addresses as separately should be fine -- Sent from my phone with, please excuse brevity and typos- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: 2.x.x and radtest: no IPv6?
Hi, > My guess is dual-stack NAS->RADIUS is going to be rare. ummm. take a hold on that assertion. the joy of dual-stack deployment is that you need to ensure your servers are ready on IPv4 and IPv6 - and as part of that, you need to ensure that your using both methods in case either your IPv4 goes...or your IPv6 goes. we use both IPv4 and IPv6 on our kit...and our servers are configured for both..as are our NAS kit that can do IPv6 for RADIUS (we had some discussion about the best fall-over order to use..which in itself is interesting) my personal view is that network/sys admins who are avoiding IPv6 as much as they can are just storing themselves up for a whole lot of pain later when its forced onto them by internet evolution...embrace the IPv6 now whilst you can do it in your own time. it not like you havent been given over 15 years of advance notice ;-) alan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: 2.x.x and radtest: no IPv6?
Hi, > > Still... maybe for a later version... if the input looks like an IP > > address, guessing the address family isn't all that hard. unlike your using IPv4 in its IPv6 incantation > What if the NAS started just using the SRC IPv6 address in packets, and > source IP protection was enabled? well, then things might be interesting. if the NAS was configured to talk to an IPv6 RADIUS server then I'd expect it to be using its IPv6 source address and if you have DAI/etc on the network then that would have to be factored in > I don't have any experience managing an IPv6 enabled network. Does anyone > else? Or is it all too new? new? its been around for more than the lifetime of some people on this list! ;-) you'll probably have noticed that any stuff from us here has the fallback if IPv6 isnt present - so the usual Framed-Address/NAS-IP-Address assumptions all have to be checked in the server/config - I first started noting these issues when we configured remote systems to talk to our IPv6 addresses - finding top-level entries in /var/log/radiusd/ because the IPv4 stuff was missing oh yes, warning needed to ensure that the filesystem you use likes ":" in filenames! ;-) alan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: 2.x.x and radtest: no IPv6?
On 22/07/13 14:32, Arran Cudbard-Bell wrote: On 22 Jul 2013, at 14:15, Phil Mayers wrote: On 22/07/13 13:47, Arran Cudbard-Bell wrote: It'd be nice to get some feedback from people though... do you think you'll ever need to record both your NAS IPv4 and IPv6 addresses? I'm guessing for dual stacking it'd be nice to record Framed-IP-Address and Framed-IPv6-Prefix, should they both be used to identify clients in areas like session management? It seems like the safest way of doing it to me. Yes. It's important to record them separately, and useful for the reasons you suggest. For the NAS too? Or would it be OK to have a single attribute?. Good question. Not sure on that one - I think most NASes treat an IPv4 and IPv6 RADIUS server as a separate server, so I guess treating it as a separate client is no big problem. OTOH two columns == less rows for dual-stack NAS. My guess is dual-stack NAS->RADIUS is going to be rare. But would it break things? What if the NAS started just using the SRC IPv6 address in packets, and source IP protection was enabled? Does this happen in the real world? Not sure I follow here; can you expand on this? Envisaging use in session identification. If the NAS was dumb, and was just looking at packets coming from one of it's directly connected devices, and pulling off the SRC IP address and using it to enrich Accounting-Requests, you may have that IP change during the Ah, gotcha. course of a session. Some NASes already do something similar with Framed-IP-Address only being present in some acct packets. We handle this with: update radacct set ... framedipaddress=coalesce(nullif('%{..}', ''), framedipaddress) ... ...which is basically "use the IP from the packet if set, or on the existing row if unset" - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: 2.x.x and radtest: no IPv6?
Stefan Winter wrote: > Still... maybe for a later version... if the input looks like an IP > address, guessing the address family isn't all that hard. Yeah patches? :) > I see that such a -4 -6 option is required for hostnames, but even then > only if they return addresses for both families. > > ipv6-localhost only returns ::1. And ::1 successfully parses neither as > an IPv4, nor a hostname, but as an IPv6 address. Both are unambiguous > and could be auto-detected. Sure. > That would add a little user-friendliness for users who didn't have > enough sleep :-) Yes. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: 2.x.x and radtest: no IPv6?
On 22 Jul 2013, at 14:15, Phil Mayers wrote: > On 22/07/13 13:47, Arran Cudbard-Bell wrote: >> >> It'd be nice to get some feedback from people though... do you think >> you'll ever need to record both your NAS IPv4 and IPv6 addresses? >> >> I'm guessing for dual stacking it'd be nice to record >> Framed-IP-Address and Framed-IPv6-Prefix, should they both be used to >> identify clients in areas like session management? It seems like the >> safest way of doing it to me. > > Yes. It's important to record them separately, and useful for the reasons you > suggest. For the NAS too? Or would it be OK to have a single attribute?. >> >> But would it break things? What if the NAS started just using the SRC >> IPv6 address in packets, and source IP protection was enabled? Does >> this happen in the real world? > > Not sure I follow here; can you expand on this? Envisaging use in session identification. If the NAS was dumb, and was just looking at packets coming from one of it's directly connected devices, and pulling off the SRC IP address and using it to enrich Accounting-Requests, you may have that IP change during the course of a session. I doubt any NAS vendors are quite that stupid, but just wanted confirmation. >> I don't have any experience managing an IPv6 enabled network. Does >> anyone else? Or is it all too new? > > "It's complicated". > > I've replied to your email on -devel. OK. Thanks. Arran Cudbard-Bell FreeRADIUS Development Team - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: 2.x.x and radtest: no IPv6?
On 22/07/13 13:47, Arran Cudbard-Bell wrote: It'd be nice to get some feedback from people though... do you think you'll ever need to record both your NAS IPv4 and IPv6 addresses? I'm guessing for dual stacking it'd be nice to record Framed-IP-Address and Framed-IPv6-Prefix, should they both be used to identify clients in areas like session management? It seems like the safest way of doing it to me. Yes. It's important to record them separately, and useful for the reasons you suggest. But would it break things? What if the NAS started just using the SRC IPv6 address in packets, and source IP protection was enabled? Does this happen in the real world? Not sure I follow here; can you expand on this? I don't have any experience managing an IPv6 enabled network. Does anyone else? Or is it all too new? "It's complicated". I've replied to your email on -devel. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: 2.x.x and radtest: no IPv6?
Hi, >> Does radtest not support IPv6? I could have sworn it did IPv6 earlier, >> but not totally sure. > > > > -4 Use IPv4 for the NAS address (default) > -6 Use IPv6 for the NAS address Uh. Sorry. Still... maybe for a later version... if the input looks like an IP address, guessing the address family isn't all that hard. I see that such a -4 -6 option is required for hostnames, but even then only if they return addresses for both families. ipv6-localhost only returns ::1. And ::1 successfully parses neither as an IPv4, nor a hostname, but as an IPv6 address. Both are unambiguous and could be auto-detected. That would add a little user-friendliness for users who didn't have enough sleep :-) Stefan -- Stefan WINTER Ingenieur de Recherche Fondation RESTENA - Réseau Téléinformatique de l'Education Nationale et de la Recherche 6, rue Richard Coudenhove-Kalergi L-1359 Luxembourg Tel: +352 424409 1 Fax: +352 422473 signature.asc Description: OpenPGP digital signature - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: 2.x.x and radtest: no IPv6?
On 22 Jul 2013, at 13:32, Stefan Winter wrote: > Hi, > >>> Does radtest not support IPv6? I could have sworn it did IPv6 earlier, >>> but not totally sure. >> >> >> >>-4 Use IPv4 for the NAS address (default) >>-6 Use IPv6 for the NAS address > > Uh. Sorry. > > Still... maybe for a later version... if the input looks like an IP > address, guessing the address family isn't all that hard. > > I see that such a -4 -6 option is required for hostnames, but even then > only if they return addresses for both families. > > ipv6-localhost only returns ::1. And ::1 successfully parses neither as > an IPv4, nor a hostname, but as an IPv6 address. Both are unambiguous > and could be auto-detected. > > That would add a little user-friendliness for users who didn't have > enough sleep :-) I've mentally scheduled a pass through modules in master to fix any places where it's IPv4 only, so i'll be sure to add that. It'd be nice to get some feedback from people though... do you think you'll ever need to record both your NAS IPv4 and IPv6 addresses? I'm guessing for dual stacking it'd be nice to record Framed-IP-Address and Framed-IPv6-Prefix, should they both be used to identify clients in areas like session management? It seems like the safest way of doing it to me. But would it break things? What if the NAS started just using the SRC IPv6 address in packets, and source IP protection was enabled? Does this happen in the real world? I don't have any experience managing an IPv6 enabled network. Does anyone else? Or is it all too new? Arran Cudbard-Bell FreeRADIUS Development Team - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: 2.x.x and radtest: no IPv6?
Stefan Winter wrote: > while using radtest, I got some strange results: > > # ./radtest swinter testpwd [::1] 123 testing123 > radclient: Failed to find IP address for host ::1: Success It defaults to IPv4. > # ./radtest swinter testpwd ipv6-localhost 123 testing123 > radclient: Failed to find IP address for host ipv6-localhost: Success > > ipv6-localhost is in my /etc/hosts. I'd expect both of these to work... > no brackets also doesn't work, but that was just my last straw and > doesn't have to work anyway. > > Does radtest not support IPv6? I could have sworn it did IPv6 earlier, > but not totally sure. $ radtest -h Usage: radtest [OPTIONS] user passwd radius-server[:port] nas-port-number secret [ppphint] [nasname] -d RADIUS_DIR Set radius directory -tSet authentication method type can be pap, chap, mschap, or eap-md5 -x Enable debug output -4 Use IPv4 for the NAS address (default) -6 Use IPv6 for the NAS address Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
2.x.x and radtest: no IPv6?
Hi, while using radtest, I got some strange results: # ./radtest swinter testpwd [::1] 123 testing123 radclient: Failed to find IP address for host ::1: Success # ./radtest swinter testpwd ipv6-localhost 123 testing123 radclient: Failed to find IP address for host ipv6-localhost: Success ipv6-localhost is in my /etc/hosts. I'd expect both of these to work... no brackets also doesn't work, but that was just my last straw and doesn't have to work anyway. Does radtest not support IPv6? I could have sworn it did IPv6 earlier, but not totally sure. Greetings, Stefan Winter -- Stefan WINTER Ingenieur de Recherche Fondation RESTENA - Réseau Téléinformatique de l'Education Nationale et de la Recherche 6, rue Richard Coudenhove-Kalergi L-1359 Luxembourg Tel: +352 424409 1 Fax: +352 422473 signature.asc Description: OpenPGP digital signature - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: [Help] radtest mschap problem
On Sun, Apr 28, 2013 at 1:31 AM, Andres wrote: > Thank you all for your replays, > > I used SLES 11 freeradius standard package and it was too old, > and it was my mistake and took a few days off my life. > Hopefully someone else does not make the same mistake If all you need is mschap test function, IIRC 2.1.12 also has it, and there are packages for SLE 11: http://download.opensuse.org/repositories/network:/aaa/SLE_11/x86_64/ It will be even better if you can use 2.2.0. Search the list archive, IIRC you must manually delete references to sqlite3 in spec file to get it to build on SLE11. -- Fajar - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: [Help] radtest mschap problem
Thank you all for your replays, I used SLES 11 freeradius standard package and it was too old, and it was my mistake and took a few days off my life. Hopefully someone else does not make the same mistake Andres 2013/4/27 Alan DeKok > Andres wrote: > > FreeRADIUS server Version: 2.1.1-7.16.1 > > also installed freeradius-server-libs and utils > > Why? That version is SEVEN YEARS old. > > Upgrade. Really. > > And you're using a version of radclient which doesn't support mschap. > So... why are you trying to use mschap? > > We presume that you're running a recent version of the server. Also, > that you read the documentation which comes with the server. If > "radtest -h" doesn't say it supports the "-t" parameter, then it doesn't > support the "-t" parameter. > > Alan DeKok. > - > List info/subscribe/unsubscribe? See > http://www.freeradius.org/list/users.html > - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: [Help] radtest mschap problem
Andres wrote: > FreeRADIUS server Version: 2.1.1-7.16.1 > also installed freeradius-server-libs and utils Why? That version is SEVEN YEARS old. Upgrade. Really. And you're using a version of radclient which doesn't support mschap. So... why are you trying to use mschap? We presume that you're running a recent version of the server. Also, that you read the documentation which comes with the server. If "radtest -h" doesn't say it supports the "-t" parameter, then it doesn't support the "-t" parameter. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: [Help] radtest mschap problem
Hi, >FreeRADIUS server Version: 2.1.1-7.16.1 >also installed freeradius-server-libs and utils >FreeRADIUS server and libs and utils was installed via Yast. >radius:/etc # radclient -v >radclient: $Id$ built on Jan 22 2013 at 23:55:37 ># ># Version: $Id$ ># >prefix="/usr" >exec_prefix="/usr" >bindir="/usr/bin" >usage() { >echo "Usage: radtest user passwd radius-server[:port] >nas-port-number secret [ppphint] [nasname]" >&2 yes. thats your problem. OLD the current one says this: usage() { echo "Usage: radtest [OPTIONS] user passwd radius-server[:port] nas-port -number secret [ppphint] [nasname]" >&2 echo "-d RADIUS_DIR Set radius directory" >&2 echo "-tSet authentication method" >&2 echo "type can be pap, chap, mschap, or eap- md5" >&2 echo "-x Enable debug output" >&2 etc etc etc note, the tool has OPTIONS. yours doesnt. and because yours doesnt, it thinks "-t" is the username and "mschap" is the password and therefore "testing" is the hostname and you have no such host! alan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: [Help] radtest mschap problem
Hi, I have done clean SLES11 install FreeRADIUS server Version: 2.1.1-7.16.1 also installed freeradius-server-libs and utils FreeRADIUS server and libs and utils was installed via Yast. radius:/etc # radclient -v radclient: $Id$ built on Jan 22 2013 at 23:55:37 # # Version: $Id$ # prefix="/usr" exec_prefix="/usr" bindir="/usr/bin" usage() { echo "Usage: radtest user passwd radius-server[:port] nas-port-number secret [ppphint] [nasname]" >&2 exit 1 } radclient=$bindir/radclient if [ ! -x "$radclient" ] && [ -x ./radclient ] then radclient=./radclient fi if [ "$1" = "-d" ] then DICTIONARY="-d $2" shift;shift else DICTIONARY="" fi if [ $# -lt 5 ] || [ $# -gt 7 ] then usage fi if [ "$7" ] then nas=$7 else nas=`hostname` fi ( echo "User-Name = \"$1\"" echo "User-Password = \"$2\"" echo "NAS-IP-Address = $nas" echo "NAS-Port = $4" if [ "$6" ] then echo "Framed-Protocol = PPP" fi ) | $radclient $DICTIONARY -x $3 auth $5 Andres 2013/4/26 > Hi, > > what version of FreeRADIUS? are you sure you arent running old copies of > radclient/radtest > > ie you THINK you can do "-t mschap" but the wrapper or binary doesnt > > > radclient -v ? > > which radtest > then cat the resulting file. > > > alan > - > List info/subscribe/unsubscribe? See > http://www.freeradius.org/list/users.html > - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: [Help] radtest mschap problem
Hi, what version of FreeRADIUS? are you sure you arent running old copies of radclient/radtest ie you THINK you can do "-t mschap" but the wrapper or binary doesnt radclient -v ? which radtest then cat the resulting file. alan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: [Help] radtest mschap problem
host name is radius ip 10.58.5.58 Full Domain host name: radius.mydomain.com radius .. resolv.conf search mydomain.com nameserver 10.58.5.39 nameserver 10.58.5.45 /etc/hosts 127.0.0.1 localhost # special IPv6 addresses ::1 localhost ipv6-localhost ipv6-loopback fe00::0 ipv6-localnet ff00::0 ipv6-mcastprefix ff02::1 ipv6-allnodes ff02::2 ipv6-allrouters ff02::3 ipv6-allhosts 10.58.5.58 radius.dpd.ee radius radius:/etc # ping mydomain.com PING mydomain.com (10.58.5.39) 56(84) bytes of data. 64 bytes from fs.mydomain.com (10.58.5.39): icmp_seq=1 ttl=128 time=0.301 ms 64 bytes from fs.mydomain.com (10.58.5.39): icmp_seq=2 ttl=128 time=0.414 ms radius:/etc # ping localhost PING localhost (127.0.0.1) 56(84) bytes of data. 64 bytes from localhost (127.0.0.1): icmp_seq=1 ttl=64 time=0.025 ms 64 bytes from localhost (127.0.0.1): icmp_seq=2 ttl=64 time=0.039 ms radius:/etc # ping6 localhost PING localhost(localhost) 56 data bytes 64 bytes from localhost: icmp_seq=1 ttl=64 time=0.080 ms 64 bytes from localhost: icmp_seq=2 ttl=64 time=0.054 ms . radius:/etc # radtest -t mschap testing passme 127.0.0.1 0 testing123456 radclient: Failed to find IP address for host testing: Success . radius:/etc # radtest testing passme 127.0.0.1 0 testing123456 Sending Access-Request of id 177 to 127.0.0.1 port 1812 User-Name = "testing" User-Password = "passme" NAS-IP-Address = 10.58.5.58 NAS-Port = 0 rad_recv: Access-Reject packet from host 127.0.0.1 port 1812, id=177, length=20 Yast2 network settings > Hostname/DNS Network Settings ┌Global Options──Overview──Hostname/DNS──Routing───┐ │┌Hostname and Domain Name┐│ ││Hostname Domain Name ││ ││radius mydomain.com ▒▒▒││ ││[x] Change Hostname via DHCPNo interface with dhcp ││ ││[ ] Assign Hostname to Loopback IP ││ │└┘│ │Modify DNS configuration Custom Policy Rule │ │Use Default Policy▒↓ ▒↓ │ │┌Name Servers and Domain Search List─┐│ ││Name Server 1 ┌Domain Search┐ ││ ││10.58.5.45▒ │mydomain.com │ ││ ││Name Server 2 │ │ ││ ││10.58.5.39▒ │ │ ││ ││Name Server 3 │ │ ││ ││▒▒▒ └─┘ ││ │└ I cannot figure out what is the cause of it, that radtest -t mschap dont work. Is it related to DNS or IPv6? Did I something wrong... I'm using( as Windows 2008 domain member): SUSE Linux Enterprise Server 11 (x86_64) VERSION = 11 PATCHLEVEL = 2 FreeRADIUS Version 2.1.1, for host x86_64-suse-linux-gnu, built on Jan 22 2013 at 23:55:29 I'd be very grateful if someone would care to assist me with this problem Andres 2013/4/26 Chitrang Srivastava > whats the hostname of ur system ? > > > On Fri, Apr 26, 2013 at 6:30 PM, Andres wrote: > >> this way looks my hosts file: >> >> # IP-Address Full-Qualified-Hostname Short-Hostname >> # >> >> 127.0.0.1 localhost >> >> # special IPv6 addresses >> ::1 localhost ipv6-localhost ipv6-loopback >> >> fe00::0 ipv6-localnet >> >> ff00::0 ipv6-mcastprefix >> ff02::1 ipv6-allnodes >> ff02::2 ipv6-allrouters >> ff02::3 ipv6-allhosts >> 10.58.5.58 radius.mydomain.com radius >> >> Andres >> >> >> >> 2013/4/26 Chitrang Srivastava >> >>> Most likely your host file didnt have entry of your domain name, >>> dump your hostname and /etc/hosts file here and then we can comment >>> better >>> >>> On Thu, Apr 25, 2013 at 10:52 PM, Andres wrote: >>> >>>> Hello All, >>>> >>>> I'm trying to test mschap with radtest but it gives me strange error >>>> message. >>>> I've tried to solve it several days, but had no success. >>>> >>>> I'm using syntax like that: >>>> >>>> $ radtest -t mschap user password 127.0.0.1 0 secret >>>> >>>> radclient : Failed to find IP address for host user: Success >>>> >>>> >>>> radclient: $Id$ bu
Re: [Help] radtest mschap problem
whats the hostname of ur system ? On Fri, Apr 26, 2013 at 6:30 PM, Andres wrote: > this way looks my hosts file: > > # IP-Address Full-Qualified-Hostname Short-Hostname > # > > 127.0.0.1 localhost > > # special IPv6 addresses > ::1 localhost ipv6-localhost ipv6-loopback > > fe00::0 ipv6-localnet > > ff00::0 ipv6-mcastprefix > ff02::1 ipv6-allnodes > ff02::2 ipv6-allrouters > ff02::3 ipv6-allhosts > 10.58.5.58 radius.mydomain.com radius > > Andres > > > > 2013/4/26 Chitrang Srivastava > >> Most likely your host file didnt have entry of your domain name, >> dump your hostname and /etc/hosts file here and then we can comment better >> >> On Thu, Apr 25, 2013 at 10:52 PM, Andres wrote: >> >>> Hello All, >>> >>> I'm trying to test mschap with radtest but it gives me strange error >>> message. >>> I've tried to solve it several days, but had no success. >>> >>> I'm using syntax like that: >>> >>> $ radtest -t mschap user password 127.0.0.1 0 secret >>> >>> radclient : Failed to find IP address for host user: Success >>> >>> >>> radclient: $Id$ built on Jan 22 2013 at 23:55:37 >>> FreeRADIUS Version 2.1.1, for host x86_64-suse-linux-gnu, built on Jan >>> 22 2013 >>> >>> host file looks fine >>> >>> I would appreciate it if someone can help me >>> , >>> >>> Andres >>> >>> >>> >>> >>> >>> >>> >>> - >>> List info/subscribe/unsubscribe? See >>> http://www.freeradius.org/list/users.html >>> >> >> >> - >> List info/subscribe/unsubscribe? See >> http://www.freeradius.org/list/users.html >> > > > - > List info/subscribe/unsubscribe? See > http://www.freeradius.org/list/users.html > - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: [Help] radtest mschap problem
Andres wrote: > this way looks my hosts file: Well... something is wrong with DNS on your system. The only advantage to using radtest is that it's simpler than radclient. But it's just a wrapper around radclient. You can edit radtest to remove the DNS lookups, or write your own wrapper which doesn't do DNS lookups. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: [Help] radtest mschap problem
this way looks my hosts file: # IP-Address Full-Qualified-Hostname Short-Hostname # 127.0.0.1 localhost # special IPv6 addresses ::1 localhost ipv6-localhost ipv6-loopback fe00::0 ipv6-localnet ff00::0 ipv6-mcastprefix ff02::1 ipv6-allnodes ff02::2 ipv6-allrouters ff02::3 ipv6-allhosts 10.58.5.58 radius.mydomain.com radius Andres 2013/4/26 Chitrang Srivastava > Most likely your host file didnt have entry of your domain name, > dump your hostname and /etc/hosts file here and then we can comment better > > On Thu, Apr 25, 2013 at 10:52 PM, Andres wrote: > >> Hello All, >> >> I'm trying to test mschap with radtest but it gives me strange error >> message. >> I've tried to solve it several days, but had no success. >> >> I'm using syntax like that: >> >> $ radtest -t mschap user password 127.0.0.1 0 secret >> >> radclient : Failed to find IP address for host user: Success >> >> >> radclient: $Id$ built on Jan 22 2013 at 23:55:37 >> FreeRADIUS Version 2.1.1, for host x86_64-suse-linux-gnu, built on Jan 22 >> 2013 >> >> host file looks fine >> >> I would appreciate it if someone can help me >> , >> >> Andres >> >> >> >> >> >> >> >> - >> List info/subscribe/unsubscribe? See >> http://www.freeradius.org/list/users.html >> > > > - > List info/subscribe/unsubscribe? See > http://www.freeradius.org/list/users.html > - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: [Help] radtest mschap problem
Most likely your host file didnt have entry of your domain name, dump your hostname and /etc/hosts file here and then we can comment better On Thu, Apr 25, 2013 at 10:52 PM, Andres wrote: > Hello All, > > I'm trying to test mschap with radtest but it gives me strange error > message. > I've tried to solve it several days, but had no success. > > I'm using syntax like that: > > $ radtest -t mschap user password 127.0.0.1 0 secret > > radclient : Failed to find IP address for host user: Success > > > radclient: $Id$ built on Jan 22 2013 at 23:55:37 > FreeRADIUS Version 2.1.1, for host x86_64-suse-linux-gnu, built on Jan 22 > 2013 > > host file looks fine > > I would appreciate it if someone can help me > , > > Andres > > > > > > > > - > List info/subscribe/unsubscribe? See > http://www.freeradius.org/list/users.html > - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
[Help] radtest mschap problem
Hello All, I'm trying to test mschap with radtest but it gives me strange error message. I've tried to solve it several days, but had no success. I'm using syntax like that: $ radtest -t mschap user password 127.0.0.1 0 secret radclient : Failed to find IP address for host user: Success radclient: $Id$ built on Jan 22 2013 at 23:55:37 FreeRADIUS Version 2.1.1, for host x86_64-suse-linux-gnu, built on Jan 22 2013 host file looks fine I would appreciate it if someone can help me , Andres - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: radtest failed; IP not found
Thanks! Added line to /etc/hosts: 192.168.1.106 linux-vdis.site linux-vdis and then radtest works. /Staffan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: radtest failed; IP not found
On 12.03.2013 18:08, Staffan Meijer wrote: > I uncommented the eth0 line in the configuration file when radtest did > not work with the original. > > Using the original configuration file I get; > Listening on authentication address * port 1812 > > and > > linux-vdis:/etc/raddb # radtest testing password localhost 0 testing123 > radclient:: Failed to find IP address for linux-vdis.site > radclient: Nothing to send. your server's name resolution configuration is somewhere wrong. if you replace localhost by 127.0.0.1 it should work. fix your /etc/host, but this is beyond the scope of this list. Olivier -- Olivier Beytrison Network & Security Engineer, HES-SO Fribourg Mail: oliv...@heliosnet.org - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: radtest failed; IP not found
Le mardi 12 mars 2013 à 18:08 +0100, Staffan Meijer a écrit : > I uncommented the eth0 line in the configuration file when radtest did > not work with the original. > > Using the original configuration file I get; > Listening on authentication address * port 1812 > > > and > > > linux-vdis:/etc/raddb # radtest testing password localhost 0 > testing123 > radclient:: Failed to find IP address for linux-vdis.site That's a DNS issue, not a Freeradius issue. > radclient: Nothing to send. > > > > /Staffan > > > > > -- > > Olivier Beytrison > Network & Security Engineer, HES-SO Fribourg > Mail: oliv...@heliosnet.org > - > List info/subscribe/unsubscribe? See > http://www.freeradius.org/list/users.html > > > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: radtest failed; IP not found
I uncommented the eth0 line in the configuration file when radtest did not work with the original. Using the original configuration file I get; Listening on authentication address * port 1812 and linux-vdis:/etc/raddb # radtest testing password localhost 0 testing123 radclient:: Failed to find IP address for linux-vdis.site radclient: Nothing to send. /Staffan > > > > > -- > > Olivier Beytrison > Network & Security Engineer, HES-SO Fribourg > Mail: oliv...@heliosnet.org > - > List info/subscribe/unsubscribe? See > http://www.freeradius.org/list/users.html > - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: radtest failed; IP not found
On 12.03.2013 17:05, Staffan Meijer wrote: > Listening on authentication interface eth0 address * port 1812 > Listening on accounting address * port 1813 > Listening on command file /var/run/radiusd/radiusd.sock > Listening on authentication address 127.0.0.1 port 18120 as server > inner-tunnel > Listening on proxy address * port 1814 freeradius is listening on eth0 port 1812, not on all interfaces. so sending packets to localhost won't work. netstat -puln | grep radius will show exactly where freeradius is listening if really. Fix your listen section and it should work Olivier -- Olivier Beytrison Network & Security Engineer, HES-SO Fribourg Mail: oliv...@heliosnet.org - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
radtest failed; IP not found
Hi, I am using FreeRadius Version 2.1.12 on OpenSuse 12.2. I have looked at several posting about the same type of problem without finding the answer to my failure. Problem described below. First use of radiusd -X resulted in /var/run/radiusd not found. Created : mkdir /var/run/radiusd Now radiusd -X seems to work; see attachment "radiusd.txt" for the output. First line in "/etc/raddb/users" is: testing Cleartext-Password := "password" Using radtest failed: linux-vdis:/etc/raddb # radtest testing password localhost 0 testing123 radclient:: Failed to find IP address for linux-vdis.site radclient: Nothing to send. Pinging localhost works: linux-vdis:/etc/raddb # ping localhost PING localhost (127.0.0.1) 56(84) bytes of data. 64 bytes from localhost (127.0.0.1): icmp_seq=1 ttl=64 time=0.065 ms Is the missing /var/run/radiusd an indication that the installation is incorrect? FreeRadius was installed using Yast2 software manager. /Staffan FreeRADIUS Version 2.1.12, for host i586-suse-linux-gnu, built on Jan 9 2013 at 12:21 Copyright (C) 1999-2009 The FreeRADIUS server project and contributors. There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. You may redistribute copies of FreeRADIUS under the terms of the GNU General Public License v2. Starting - reading configuration files ... including configuration file /etc/raddb/radiusd.conf including configuration file /etc/raddb/proxy.conf including configuration file /etc/raddb/clients.conf including files in directory /etc/raddb/modules/ including configuration file /etc/raddb/modules/rediswho including configuration file /etc/raddb/modules/sqlcounter_expire_on_login including configuration file /etc/raddb/modules/dynamic_clients including configuration file /etc/raddb/modules/checkval including configuration file /etc/raddb/modules/chap including configuration file /etc/raddb/modules/expr including configuration file /etc/raddb/modules/files including configuration file /etc/raddb/modules/replicate including configuration file /etc/raddb/modules/krb5 including configuration file /etc/raddb/modules/inner-eap including configuration file /etc/raddb/modules/mschap including configuration file /etc/raddb/modules/pap including configuration file /etc/raddb/modules/smsotp including configuration file /etc/raddb/modules/passwd including configuration file /etc/raddb/modules/cui including configuration file /etc/raddb/modules/perl including configuration file /etc/raddb/modules/exec including configuration file /etc/raddb/modules/sradutmp including configuration file /etc/raddb/modules/mac2ip including configuration file /etc/raddb/modules/wimax including configuration file /etc/raddb/modules/soh including configuration file /etc/raddb/modules/smbpasswd including configuration file /etc/raddb/modules/detail.log including configuration file /etc/raddb/modules/sql_log including configuration file /etc/raddb/modules/ldap including configuration file /etc/raddb/modules/always including configuration file /etc/raddb/modules/etc_group including configuration file /etc/raddb/modules/pam including configuration file /etc/raddb/modules/otp including configuration file /etc/raddb/modules/mac2vlan including configuration file /etc/raddb/modules/policy including configuration file /etc/raddb/modules/attr_filter including configuration file /etc/raddb/modules/digest including configuration file /etc/raddb/modules/unix including configuration file /etc/raddb/modules/realm including configuration file /etc/raddb/modules/linelog including configuration file /etc/raddb/modules/echo including configuration file /etc/raddb/modules/expiration including configuration file /etc/raddb/modules/opendirectory including configuration file /etc/raddb/modules/detail including configuration file /etc/raddb/modules/logintime including configuration file /etc/raddb/modules/preprocess including configuration file /etc/raddb/modules/ippool including configuration file /etc/raddb/modules/acct_unique including configuration file /etc/raddb/modules/ntlm_auth including configuration file /etc/raddb/modules/radutmp including configuration file /etc/raddb/modules/redis including configuration file /etc/raddb/modules/counter including configuration file /etc/raddb/modules/attr_rewrite including configuration file /etc/raddb/modules/detail.example.com including configuration file /etc/raddb/eap.conf including configuration file /etc/raddb/policy.conf including files in directory /etc/raddb/sites-enabled/ including configuration file /etc/raddb/sites-enabled/control-socket-bu including configuration file /etc/raddb/sites-enabled/inner-tunnel including configuration file /etc/raddb/sites-enabled/default main { user = "radiusd" group = "radiusd" allow_core_dumps = no } including dictionary file /etc/raddb/dictionary main { name = "radiusd" prefix = "
Re: Server exits without warning on radtest?
Adrien Morvan wrote: > So i ran it with gdb. > There is a seg fault but i don't understand what is happening. That's OK. What is *not* OK is refusing to follow the instructions in doc/bugs. We need that information to help solve the problem. By refusing to follow the documentation, you're refusing to let us help you. Follow the documentation, or stop asking questions. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: ntlm_auth works but not radtest
>> Mon Mar 5 14:45:55 2012 : Debug: Exec-Program-Wait: plaintext: winbind >> client not authorized to use winbindd_pam_auth_crap. Ensure permissions >> on >> /var/run/samba/winbindd_privileged are set correctly. (0xc022) > > Did you spot this? This was definitely it. Thank you so much. -Scott - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: ntlm_auth works but not radtest
Hi, 2 things > Mon Mar 5 14:45:54 2012 : Info: [mschap] No NT-Domain was found in the > User-Name. > Mon Mar 5 14:45:54 2012 : Info: [mschap] expand: %{mschap:NT-DOMAIN} -> > Mon Mar 5 14:45:54 2012 : Info: [mschap] ... expanding second conditional > Mon Mar 5 14:45:54 2012 : Info: [mschap] expand: > --domain=%{%{mschap:NT-DOMAIN}:-MYDOMAIN} -> --domain=MYDOMAIN 1 as the reqest didnt contain an NT-Domain entry, ensure your --domain option is set correct (I assume you want MYDOMAIN but you never know..especially if you are just following a document from somewhere on the internet) > Mon Mar 5 14:45:55 2012 : Debug: Exec-Program output: winbind client not > authorized to use winbindd_pam_auth_crap. Ensure permissions on > /var/run/samba/winbindd_privileged are set correctly. (0xc022) 2 - this. did you not see this erro - the debug does try to tell you everything. SHORT OF BEING WRITTEN IN SCREEN HIGH CAPITAL LETTERS ;-) ensure that /var/run/samba/winbindd_privileged is set to same group as the user that FreeRADIUS runs as. oh..and be aware that any time that you patch/pdate samba package, that permission will be blatted back to wrong values. alan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: ntlm_auth works but not radtest
>Mon Mar 5 14:45:55 2012 : Debug: Exec-Program-Wait: plaintext: winbind >client not authorized to use winbindd_pam_auth_crap. Ensure permissions >on >/var/run/samba/winbindd_privileged are set correctly. (0xc022) Did you spot this? -- Sent from my phone. Please excuse brevity and typos. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
ntlm_auth works but not radtest
I'm attempting to follow the guide at http://deployingradius.com/ Things were going very well until I tried to set up Active Directory authentication. Testing with ntlm_auth, I get a success: $ ntlm_auth --request-nt-key --domain=MYDOMAIN --username=myuname --password=mypass NT_STATUS_OK: Success (0x0) But when I test with radtest it fails. I'm not sure I understand all of the debug output, but I thnk maybe it has to do with it thinking the realm is NULL. I have set it up in both smb.conf and krb5.conf as well as in the mschap module of freeradius. I am using freeradius version 2.1.10 on Ubuntu 11.10. Here's the output from the command line as well as the debug output: $ radtest -t mschap myuname mypass localhost 0 testing123 Sending Access-Request of id 99 to 127.0.0.1 port 1812 User-Name = "myuname" NAS-IP-Address = NAS-Port = 0 MS-CHAP-Challenge = 0xb89b59d41385c67c MS-CHAP-Response = 0x00013edd0cff110926a15d402 f5204078f2d78d908e773c3a9c6 rad_recv: Access-Reject packet from host 127.0.0.1 port 1812, id=99, length=20 rad_recv: Access-Request packet from host 127.0.0.1 port 42379, id=209, length=115 User-Name = "myuname" NAS-IP-Address = NAS-Port = 0 MS-CHAP-Challenge = 0x09d5dfb63fba5357 MS-CHAP-Response = 0x00010704b6897326b27adb243 658c300fcd922f008014ee7e25b Mon Mar 5 14:45:54 2012 : Info: # Executing section authorize from file /etc/freeradius/sites-enabled/default Mon Mar 5 14:45:54 2012 : Info: +- entering group authorize {...} Mon Mar 5 14:45:54 2012 : Info: ++[preprocess] returns ok Mon Mar 5 14:45:54 2012 : Info: ++[chap] returns noop Mon Mar 5 14:45:54 2012 : Info: [mschap] Found MS-CHAP attributes. Setting 'Auth-Type = mschap' Mon Mar 5 14:45:54 2012 : Info: ++[mschap] returns ok Mon Mar 5 14:45:54 2012 : Info: ++[digest] returns noop Mon Mar 5 14:45:54 2012 : Info: [suffix] No '@' in User-Name = "myuname", looking up realm NULL Mon Mar 5 14:45:54 2012 : Info: [suffix] No such realm "NULL" Mon Mar 5 14:45:54 2012 : Info: ++[suffix] returns noop Mon Mar 5 14:45:54 2012 : Info: [eap] No EAP-Message, not doing EAP Mon Mar 5 14:45:54 2012 : Info: ++[eap] returns noop Mon Mar 5 14:45:54 2012 : Info: ++[files] returns noop Mon Mar 5 14:45:54 2012 : Info: ++[expiration] returns noop Mon Mar 5 14:45:54 2012 : Info: ++[logintime] returns noop Mon Mar 5 14:45:54 2012 : Info: [pap] WARNING! No "known good" password found for the user. Authentication may fail because of this. Mon Mar 5 14:45:54 2012 : Info: ++[pap] returns noop Mon Mar 5 14:45:54 2012 : Info: Found Auth-Type = MSCHAP Mon Mar 5 14:45:54 2012 : Info: # Executing group from file /etc/freeradius/sites-enabled/default Mon Mar 5 14:45:54 2012 : Info: +- entering group MS-CHAP {...} Mon Mar 5 14:45:54 2012 : Info: [mschap] Told to do MS-CHAPv1 with NT-Password Mon Mar 5 14:45:54 2012 : Info: [mschap] expand: %{Stripped-User-Name} -> Mon Mar 5 14:45:54 2012 : Info: [mschap] ... expanding second conditional Mon Mar 5 14:45:54 2012 : Info: [mschap] WARNING: Deprecated conditional expansion ":-". See "man unlang" for details Mon Mar 5 14:45:54 2012 : Info: [mschap] expand: %{User-Name:-None} -> myuname Mon Mar 5 14:45:54 2012 : Info: [mschap] expand: --username=%{%{Stripped-User-Name}:-%{User-Name:-None}} -> --username=myuname Mon Mar 5 14:45:54 2012 : Info: [mschap] No NT-Domain was found in the User-Name. Mon Mar 5 14:45:54 2012 : Info: [mschap] expand: %{mschap:NT-DOMAIN} -> Mon Mar 5 14:45:54 2012 : Info: [mschap] ... expanding second conditional Mon Mar 5 14:45:54 2012 : Info: [mschap] expand: --domain=%{%{mschap:NT-DOMAIN}:-MYDOMAIN} -> --domain=MYDOMAIN Mon Mar 5 14:45:54 2012 : Info: [mschap] mschap1: 09 Mon Mar 5 14:45:54 2012 : Info: [mschap] expand: --challenge=%{mschap:Challenge:-00} -> --challenge=09d5dfb63fba5357 Mon Mar 5 14:45:54 2012 : Info: [mschap] expand: --nt-response=%{mschap:NT-Response:-00} -> --nt-response=0704b6897326b27adb243658c300fcd922f008014ee7e25b Mon Mar 5 14:45:55 2012 : Debug: Exec-Program output: winbind client not authorized to use winbindd_pam_auth_crap. Ensure permissions on /var/run/samba/winbindd_privileged are set correctly. (0xc022) Mon Mar 5 14:45:55 2012 : Debug: Exec-Program-Wait: plaintext: winbind client not authorized to use winbindd_pam_auth_crap. Ensure permissions on /var/run/samba/winbindd_privileged are set correctly. (0xc022) Mon Mar 5 14:45:55 2012 : Debug: Exec-Program: returned: 1 Mon Mar 5 14:45:55 2012 : Info: [mschap] External script failed. Mon Mar 5 14:45:55 2012 : Info: [mschap] MS-CHAP-Response is incorrect. Mon Mar 5 14:45:55 2012 : Info: ++[mschap] returns reject Mon
Re: How to test raduis is working.. can't find radtest
Thanks for the reply, i installed it from the Package Manager in Gnome, centos 5.6. Ill try what you suggested, thankyou. On 25/05/2011 6:28 PM, Phil Mayers wrote: On 05/25/2011 10:06 PM, Luke Hammond wrote: I have just installed FreeRADIUS 2.07 i think it is.. anyways. i followed a tutorial on how to install in with MySQL on Centos 5 and when i get to the part about testing the database using radtest.. it doesnt work. radtest is not where it should be, have looked on google to try and work out where esactly this 'radtest' lives, but all the locations it i supposed to be.. it isnt! So, where should it be and why isnt it there? do i have to install it separately? Also, how do i test that my radius is working and accepting logins without it? This isn't really a FreeRADIUS question; it's either a basic unix question, or one specific to the distribution of Linux you're using. Anyway: How did you install FreeRADIUS. If you installed it from the RPM, are you sure you installed all the RPMs you needed? Perhaps the server and client tools are split into separate RPMs? I see Fedora has freeradius-utils RPM - maybe Centos has that too? If you installed it from source - have you looked into the directory you installed it into (/usr/local usually) Try: locate radtest Or : find / | fgrep radtest Try: yum provides '*/radtest' - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: How to test raduis is working.. can't find radtest
On 05/25/2011 10:06 PM, Luke Hammond wrote: I have just installed FreeRADIUS 2.07 i think it is.. anyways. i followed a tutorial on how to install in with MySQL on Centos 5 and when i get to the part about testing the database using radtest.. it doesnt work. radtest is not where it should be, have looked on google to try and work out where esactly this 'radtest' lives, but all the locations it i supposed to be.. it isnt! So, where should it be and why isnt it there? do i have to install it separately? Also, how do i test that my radius is working and accepting logins without it? This isn't really a FreeRADIUS question; it's either a basic unix question, or one specific to the distribution of Linux you're using. Anyway: How did you install FreeRADIUS. If you installed it from the RPM, are you sure you installed all the RPMs you needed? Perhaps the server and client tools are split into separate RPMs? I see Fedora has freeradius-utils RPM - maybe Centos has that too? If you installed it from source - have you looked into the directory you installed it into (/usr/local usually) Try: locate radtest Or : find / | fgrep radtest Try: yum provides '*/radtest' - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
How to test raduis is working.. can't find radtest
I have just installed FreeRADIUS 2.07 i think it is.. anyways. i followed a tutorial on how to install in with MySQL on Centos 5 and when i get to the part about testing the database using radtest.. it doesnt work. radtest is not where it should be, have looked on google to try and work out where esactly this 'radtest' lives, but all the locations it i supposed to be.. it isnt! So, where should it be and why isnt it there? do i have to install it separately? Also, how do i test that my radius is working and accepting logins without it? - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: how to radtest from another client
On Sat, Apr 9, 2011 at 5:03 PM, 徐宇 wrote: > I install freeradius in the server its ip is 192.168.1.1. > In the server I have already do the radtest ,and the result is OK > rad_recv: Access-Accept packet from host 127.0.0.1 port 1812, id=11, length=20 > > I want to add a test authenticator host client. So I add something at > the end of my clients.conf and assign a shared-secret. > client 192.168.1.100 { > secret = testing123 > shortname = 192.168.1.100 > } > Should I do other things to finish it? I need to do the radtest in > the client(192.168.1.100) right? But there isn't a radtest command in > the client, Need I install some softwares in the client? > > thank you for your help ,best regards. Please don't send the same message over and over again. It's rude, and will simply discourage others from helping you. Yes, you need to install the software. radtest command is available if: - you built your own freeradius from source - you install a package from your distro containing radtest If you need to know which package from your distro has the radtest command, ask your distro forum/list/support. On Ubuntu, the package is called "freeradius-utils". If you have absolutely no idea what I'm talking about, then ask whoever sets up the server you're currently using, since you say that server already has radtest available. -- Fajar - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
how to radtest from another client
I install freeradius in the server its ip is 192.168.1.1. In the server I have already do the radtest ,and the result is OK rad_recv: Access-Accept packet from host 127.0.0.1 port 1812, id=11, length=20 I want to add a test authenticator host client. So I add something at the end of my clients.conf and assign a shared-secret. client 192.168.1.100 { secret = testing123 shortname = 192.168.1.100 } Should I do other things to finish it? I need to do the radtest in the client(192.168.1.100) right? But there isn't a radtest command in the client, Need I install some softwares in the client? thank you for your help ,best regards. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: how to radtest from another client
徐宇 wrote: > Should I do other things to finish it? I need to do the radtest in > the client(192.168.1.100) right? But there isn't a radtest command in > the client, Need I install some softwares in the client? Yes, that's how computers work. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
how to radtest from another client
I install freeradius in the server its ip is 192.168.1.1. In the server I have already do the radtest ,and the result is OK rad_recv: Access-Accept packet from host 127.0.0.1 port 1812, id=11, length=20 I want to add a test authenticator host client. So I add something at the end of my clients.conf and assign a shared-secret. client 192.168.1.100 { secret = testing123 shortname = 192.168.1.100 } Should I do other things to finish it? I need to do the radtest in the client(192.168.1.100) right? But there isn't a radtest command in the client, Need I install some softwares in the client? thank you for your help ,best regards. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
how to radtest from another client
I install freeradius in the server its ip is 192.168.1.1. In the server I have already do the radtest ,and the result is OK rad_recv: Access-Accept packet from host 127.0.0.1 port 1812, id=11, length=20 I want to add a test authenticator host client. So I add something at the end of my clients.conf and assign a shared-secret. client 192.168.1.100 { secret = testing123 shortname = 192.168.1.100 } Should I do other things to finish it? I need to do the radtest in the client(192.168.1.100) right? But there isn't a radtest command in the client, Need I install some softwares in the client? thank you for your help ,best regards. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
how to radtest from another client
I install freeradius in the server its ip is 192.168.1.1. In the server I have already do the radtest ,and the result is OK rad_recv: Access-Accept packet from host 127.0.0.1 port 1812, id=11, length=20 the end of my clients.conf and assign a shared-secret. client 192.168.1.100 { secret = testing123 shortname = 192.168.1.100 } Should I do other things to finish it? I need to do the radtest in the client(192.168.1.100) right? But there isn't a radtest command in the client, Need I install some softwares in the client? thank you for your help ,best regards. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: radtest issue
The NAS-IP-Address field should be set to whatever you are using as your supplicant, most likely your switch. On Fri, Oct 15, 2010 at 4:15 AM, Sujith Paily K wrote: > I have installed freeradius2 & freeradius2-utils on centos5.5 using yum. I > did the basic configuration and test with radtest > --------- > radtest testing password 127.0.0.1 10 testing123 > Sending Access-Request of id 221 to 127.0.0.1 port 1812 > User-Name = "testing" > User-Password = "password" > NAS-IP-Address = 216.34.94.184 > NAS-Port = 10 > rad_recv: Access-Accept packet from host 127.0.0.1 port 1812, id=221, > length=2 > > - > I dont understand "NAS-IP-Address = 216.34.94.184" my hostname is > node3.localhost. So expected NAS-IP-Address is node3.localhos right? > What is wrong?I dont find an the ip 216.34.94.184 in my machine > -- > Thanks and Regards, > Sujith Paily K > > http://SparkSupport.com<http://www.google.com/url?sa=D&q=http://SparkSupport.com&usg=AFQjCNEs6_09BzHZlbxsPEEJA7u3m8FIQg>| > http://migrate2cloud.com<http://www.google.com/url?sa=D&q=http://migrate2cloud.com&usg=AFQjCNHfkXv1LOsVi3L6UR_dP5cuf0w1qw> > > > > > - > List info/subscribe/unsubscribe? See > http://www.freeradius.org/list/users.html > - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
radtest issue
I have installed freeradius2 & freeradius2-utils on centos5.5 using yum. I did the basic configuration and test with radtest ----- radtest testing password 127.0.0.1 10 testing123 Sending Access-Request of id 221 to 127.0.0.1 port 1812 User-Name = "testing" User-Password = "password" NAS-IP-Address = 216.34.94.184 NAS-Port = 10 rad_recv: Access-Accept packet from host 127.0.0.1 port 1812, id=221, length=2 - I dont understand "NAS-IP-Address = 216.34.94.184" my hostname is node3.localhost. So expected NAS-IP-Address is node3.localhos right? What is wrong?I dont find an the ip 216.34.94.184 in my machine -- Thanks and Regards, Sujith Paily K http://SparkSupport.com<http://www.google.com/url?sa=D&q=http://SparkSupport.com&usg=AFQjCNEs6_09BzHZlbxsPEEJA7u3m8FIQg>| http://migrate2cloud.com<http://www.google.com/url?sa=D&q=http://migrate2cloud.com&usg=AFQjCNHfkXv1LOsVi3L6UR_dP5cuf0w1qw> - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Getting "Access-Reject" when using radtest
kartik dadwal wrote: > OS: Ubuntu 9.10 > Freeradius 2.1.0 (Installed using synaptic packet manager) > On the server terminal: > r...@kartik-laptop:/etc/freeradius# *radiusd -X* I would suggest reading the debug output. The answer to your question is in there. Also, try pasting the debug output into this form: http://networkradius.com/freeradius.html And look for the highlighted text. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Getting "Access-Reject" when using radtest
Hi, OS: Ubuntu 9.10 Freeradius 2.1.0 (Installed using synaptic packet manager) I have installed FreeRadius server and now I am testing it with the r...@kartik-laptop:/usr/local/etc/raddb# *radtest testing password 127.0.0.1 0 testing123* OUTPUT: Sending Access-Request of id 248 to 127.0.0.1 port 1812 User-Name = "testing" User-Password = "password" NAS-IP-Address = 127.0.1.1 NAS-Port = 0 rad_recv: Access-Reject packet from host 127.0.0.1 port 1812, id=248, length=20 === On the server terminal: r...@kartik-laptop:/etc/freeradius# *radiusd -X* FreeRADIUS Version 2.1.0, for host i686-pc-linux-gnu, built on Aug 17 2010 at 22:33:30 Copyright (C) 1999-2008 The FreeRADIUS server project and contributors. There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. You may redistribute copies of FreeRADIUS under the terms of the GNU General Public License v2. Starting - reading configuration files ... including configuration file /usr/local/etc/raddb/radiusd.conf including configuration file /usr/local/etc/raddb/proxy.conf including configuration file /usr/local/etc/raddb/clients.conf including files in directory /usr/local/etc/raddb/modules/ including configuration file /usr/local/etc/raddb/modules/wimax including configuration file /usr/local/etc/raddb/modules/inner-eap including configuration file /usr/local/etc/raddb/modules/expr including configuration file /usr/local/etc/raddb/modules/detail.example.com including configuration file /usr/local/etc/raddb/modules/exec including configuration file /usr/local/etc/raddb/modules/policy including configuration file /usr/local/etc/raddb/modules/smbpasswd including configuration file /usr/local/etc/raddb/modules/logintime including configuration file /usr/local/etc/raddb/modules/mac2ip including configuration file /usr/local/etc/raddb/modules/preprocess including configuration file /usr/local/etc/raddb/modules/passwd including configuration file /usr/local/etc/raddb/modules/always including configuration file /usr/local/etc/raddb/modules/sql_log including configuration file /usr/local/etc/raddb/modules/chap including configuration file /usr/local/etc/raddb/modules/files including configuration file /usr/local/etc/raddb/modules/acct_unique including configuration file /usr/local/etc/raddb/modules/ippool including configuration file /usr/local/etc/raddb/modules/attr_rewrite including configuration file /usr/local/etc/raddb/modules/sradutmp including configuration file /usr/local/etc/raddb/modules/detail including configuration file /usr/local/etc/raddb/modules/pap including configuration file /usr/local/etc/raddb/modules/mac2vlan including configuration file /usr/local/etc/raddb/modules/checkval including configuration file /usr/local/etc/raddb/modules/counter including configuration file /usr/local/etc/raddb/modules/realm including configuration file /usr/local/etc/raddb/modules/pam including configuration file /usr/local/etc/raddb/modules/radutmp including configuration file /usr/local/etc/raddb/modules/attr_filter including configuration file /usr/local/etc/raddb/modules/echo including configuration file /usr/local/etc/raddb/modules/detail.log including configuration file /usr/local/etc/raddb/modules/expiration including configuration file /usr/local/etc/raddb/modules/digest including configuration file /usr/local/etc/raddb/modules/krb5 including configuration file /usr/local/etc/raddb/modules/linelog including configuration file /usr/local/etc/raddb/modules/unix including configuration file /usr/local/etc/raddb/modules/mschap including configuration file /usr/local/etc/raddb/modules/ldap including configuration file /usr/local/etc/raddb/modules/etc_group including configuration file /usr/local/etc/raddb/eap.conf including configuration file /usr/local/etc/raddb/sql.conf including configuration file /usr/local/etc/raddb/sql/mysql/dialup.conf including configuration file /usr/local/etc/raddb/sql/mysql/counter.conf including configuration file /usr/local/etc/raddb/policy.conf including files in directory /usr/local/etc/raddb/sites-enabled/ including configuration file /usr/local/etc/raddb/sites-enabled/default including configuration file /usr/local/etc/raddb/sites-enabled/inner-tunnel including dictionary file /usr/local/etc/raddb/dictionary main { prefix = "/usr/local" localstatedir = "/usr/local/var" logdir = "/usr/local/var/log/radius" libdir = "/usr/local/lib" radacctdir = "/usr/local/var/log/radius/radacct" hostname_lookups = no max_request_time = 30 cleanup_delay = 5 max_requests = 1024 allow_core_dumps = no pidfile = "/usr/local/var/run/radiusd/radiusd.pid" checkrad = "/usr/local/sbin/checkrad" debug_level = 0 proxy_requests = yes log { stripped_names = no auth = no auth_badpass = no auth_goodpass = no } sec
Re: Segmentation Fault during running radtest and freeradius
Theresa wrote: > Hello, > > I use Freeradius 2.1.10 (built from the git branch 2.1.x). I just > configured it with one user (testing, password) and a shared secret > (testing123) and didn't change anything else. > I run freeradius -X (Ubuntu 10.04) and when it receives a request > (radtest testing password 127.0.0.1 0 testing123) I get following crash > (sorry for the long log). > > Any ideas how to fix it or where the problem is? See doc/bugs > /etc/freeradius/sites-enabled/default > +- entering group authorize {...} > Segmentation fault If it crashes that quickly, it's usually because of a shared library problem on the system. i.e. you've built 2.1.10, but it's using libraries from an older version of the server. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Segmentation Fault during running radtest and freeradius
Hello, I use Freeradius 2.1.10 (built from the git branch 2.1.x). I just configured it with one user (testing, password) and a shared secret (testing123) and didn't change anything else. I run freeradius -X (Ubuntu 10.04) and when it receives a request (radtest testing password 127.0.0.1 0 testing123) I get following crash (sorry for the long log). Any ideas how to fix it or where the problem is? Thanks in advance! Log: FreeRADIUS Version 2.1.10, for host i486-pc-linux-gnu, built on Aug 21 2010 at 23:02:11 Copyright (C) 1999-2009 The FreeRADIUS server project and contributors. There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. You may redistribute copies of FreeRADIUS under the terms of the GNU General Public License v2. Starting - reading configuration files ... including configuration file /etc/freeradius/radiusd.conf including configuration file /etc/freeradius/proxy.conf including configuration file /etc/freeradius/clients.conf including files in directory /etc/freeradius/modules/ including configuration file /etc/freeradius/modules/unix including configuration file /etc/freeradius/modules/always including configuration file /etc/freeradius/modules/pap including configuration file /etc/freeradius/modules/linelog including configuration file /etc/freeradius/modules/checkval including configuration file /etc/freeradius/modules/attr_rewrite including configuration file /etc/freeradius/modules/logintime including configuration file /etc/freeradius/modules/expiration including configuration file /etc/freeradius/modules/ldap including configuration file /etc/freeradius/modules/radutmp including configuration file /etc/freeradius/modules/attr_filter including configuration file /etc/freeradius/modules/digest including configuration file /etc/freeradius/modules/acct_unique including configuration file /etc/freeradius/modules/detail.log including configuration file /etc/freeradius/modules/counter including configuration file /etc/freeradius/modules/chap including configuration file /etc/freeradius/modules/krb5 including configuration file /etc/freeradius/modules/wimax including configuration file /etc/freeradius/modules/perl including configuration file /etc/freeradius/modules/sql_log including configuration file /etc/freeradius/modules/sradutmp including configuration file /etc/freeradius/modules/mschap including configuration file /etc/freeradius/modules/ippool including configuration file /etc/freeradius/modules/preprocess including configuration file /etc/freeradius/modules/policy including configuration file /etc/freeradius/modules/ntlm_auth including configuration file /etc/freeradius/modules/smsotp including configuration file /etc/freeradius/modules/files including configuration file /etc/freeradius/modules/detail.example.com including configuration file /etc/freeradius/modules/mac2ip including configuration file /etc/freeradius/modules/mac2vlan including configuration file /etc/freeradius/modules/detail including configuration file /etc/freeradius/modules/pam including configuration file /etc/freeradius/modules/cui including configuration file /etc/freeradius/modules/exec including configuration file /etc/freeradius/modules/realm including configuration file /etc/freeradius/modules/inner-eap including configuration file /etc/freeradius/modules/etc_group including configuration file /etc/freeradius/modules/smbpasswd including configuration file /etc/freeradius/modules/echo including configuration file /etc/freeradius/modules/expr including configuration file /etc/freeradius/modules/otp including configuration file /etc/freeradius/modules/sqlcounter_expire_on_login including configuration file /etc/freeradius/modules/passwd including configuration file /etc/freeradius/eap.conf including configuration file /etc/freeradius/policy.conf including files in directory /etc/freeradius/sites-enabled/ including configuration file /etc/freeradius/sites-enabled/inner-tunnel including configuration file /etc/freeradius/sites-enabled/default main { user = "freerad" group = "freerad" allow_core_dumps = no } including dictionary file /etc/freeradius/dictionary main { prefix = "/usr" localstatedir = "/var" logdir = "/var/log/freeradius" libdir = "/usr/lib/freeradius" radacctdir = "/var/log/freeradius/radacct" hostname_lookups = no max_request_time = 30 cleanup_delay = 5 max_requests = 1024 pidfile = "/var/run/freeradius/freeradius.pid" checkrad = "/usr/sbin/checkrad" debug_level = 0 proxy_requests = yes log { stripped_names = no auth = no auth_badpass = no auth_goodpass = no } security { max_attributes = 200 reject_delay = 1 status_server = yes } } radiusd: Loadi
Re: MySQL works for radtest, not IRL - Users file always works
Huckle Berry wrote: > Is there a good reference for the various protocols, i.e. a diagram, or > flowchart, that could help me understand the process and therefore > better troubleshoot my situation? I'm more of a visual learner so > illustrations would be awesome. There are no pictures. The processing is documented in... various places on the Wiki && in the "doc/" directory. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: MySQL works for radtest, not IRL - Users file always works
On Sun, Aug 15, 2010 at 3:43 AM, Alan DeKok wrote: > Huckle Berry wrote: > > radtest for both users works on server, but from the windows 7 client > > only RadiusUser can log in. After looking at RadiusSQL's debug, it seems > > the sql module isn't ever consulted... Debugs for both users can be > > posted on request. > > What you didn't say is that the Windows system is using PEAP. This > means that you need to configure "sql" in the file > raddb/sites-available/inner-tunnel. > > You've configured SQL in raddb/sites-available/default, which allows > it to work for simple PAP / MS-CHAP requests. But PEAP puts the > password inside of the "inner-tunnel", which hasn't been configured. > Is there a good reference for the various protocols, i.e. a diagram, or flowchart, that could help me understand the process and therefore better troubleshoot my situation? I'm more of a visual learner so illustrations would be awesome. > Alan DeKok. > - > List info/subscribe/unsubscribe? See > http://www.freeradius.org/list/users.html > - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: MySQL works for radtest, not IRL - Users file always works
Huckle Berry wrote: > radtest for both users works on server, but from the windows 7 client > only RadiusUser can log in. After looking at RadiusSQL's debug, it seems > the sql module isn't ever consulted... Debugs for both users can be > posted on request. What you didn't say is that the Windows system is using PEAP. This means that you need to configure "sql" in the file raddb/sites-available/inner-tunnel. You've configured SQL in raddb/sites-available/default, which allows it to work for simple PAP / MS-CHAP requests. But PEAP puts the password inside of the "inner-tunnel", which hasn't been configured. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
MySQL works for radtest, not IRL - Users file always works
I'm in a bit of an odd situation here, I have a freeradius 2.1.8 server (installed from the ubuntu 10.04 repo) that I'm using in conjunction with a DD-WRT v24-SP2 (on wrt54g v5) NAS. I've generated certs for two users RadiusUser and RadiusSQL and installed both on a windows 7 ultimate box along with the CA. RadiusUser is in the Users file with a bare-bones configuration: RadiusUser Cleartext-Password: "RadiusUser" RadiusSQL is in a MySQL database with a similiar configuration: SELECT * FROM radcheck; ++---+++---+ | id | username | attribute | op | value | ++---+++---+ | 1 | RadiusSQL | Cleartext-Password | := | RadiusSQL | ++---+----+----+---+ radtest for both users works on server, but from the windows 7 client only RadiusUser can log in. After looking at RadiusSQL's debug, it seems the sql module isn't ever consulted... Debugs for both users can be posted on request. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: radtest with MS-CHAPv2?
Ntradping http://www.novell.com/coolsolutions/tools/14377.html I believe this is the tool you are looking for. Ben -Original Message- From: freeradius-users-bounces+wiechman.lists=gmail@lists.freeradius.org [mailto:freeradius-users-bounces+wiechman.lists=gmail@lists.freeradius.o rg] On Behalf Of Alan DeKok Sent: Wednesday, June 09, 2010 3:21 PM To: FreeRadius users mailing list Subject: Re: radtest with MS-CHAPv2? Andrew Chiarello wrote: > Is there any cli tool I can use to send an MS-CHAPv2 test? No. There's a Windows tool, but I forget the name. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: problem with radtest + dictionary + Authen::Radius (perl)
> > $ cat /usr/share/freeradius/dictionary.rinuex > ... > > BEGIN-VENDORRinuex > > Which says "all of the following attributes are for this vendor" > OK > > > # Código para indicar la causa del Access-Reject > > ATTRIBUTECodigo-Reject8integerRinuex > > Which *duplicates* the vendor name. Do one of the following: > > a) delete the vendor name from the ATTRIBUTE line > > b) delete the BEGIN/END-VENDOR lines > I choose to delete the BEGIN/END-VENDOR lines for compatibility with Authen::Radius perl package. Thank you very much. Everything it's ok now. -- Ana Gallardo Gómez - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: problem with radtest + dictionary + Authen::Radius (perl)
Ana Gallardo wrote: > I'm sorry, I paste my actual dictionary... > > > $ cat /usr/share/freeradius/dictionary.rinuex ... > BEGIN-VENDORRinuex Which says "all of the following attributes are for this vendor" > # Código para indicar la causa del Access-Reject > ATTRIBUTECodigo-Reject8integerRinuex Which *duplicates* the vendor name. Do one of the following: a) delete the vendor name from the ATTRIBUTE line b) delete the BEGIN/END-VENDOR lines Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: problem with radtest + dictionary + Authen::Radius (perl)
> Which doesn't match the error message you showed above. here is *no* > ATTRIBUTE line having an option. > I'm sorry, I paste my actual dictionary... $ cat /usr/share/freeradius/dictionary.rinuex # -*- text -*- # # dictionary.rinuex # # # Mayo de 2010 # Marco Jaraíz # Ana Gallardo # VENDORRinuex35782 BEGIN-VENDORRinuex # Código para indicar la causa del Access-Reject ATTRIBUTECodigo-Reject8integerRinuex VALUE Codigo-RejectCredenciales-Erroneas3 VALUE Codigo-RejectCuenta-Bloqueada-Intentos-Reject4 VALUE Codigo-RejectImposible-Contactar-Backend5 VALUE Codigo-RejectError-Dominio6 VALUE Codigo-RejectCuenta-Expirada7 VALUE Codigo-RejectCuenta-Inactiva8 VALUE Codigo-RejectRadius-OK9 END-VENDORRinuex > Please be *consistent*. > OK, sorry and thanks for your time. Ana Ana Gallardo Gómez - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: radtest with MS-CHAPv2?
Andrew Chiarello wrote: > Is there any cli tool I can use to send an MS-CHAPv2 test? No. There's a Windows tool, but I forget the name. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: radtest with MS-CHAPv2?
Is there any cli tool I can use to send an MS-CHAPv2 test? - Original Message - From: "Alan DeKok" To: "FreeRadius users mailing list" Sent: Wednesday, June 9, 2010 11:33:30 AM Subject: Re: radtest with MS-CHAPv2? Andrew Chiarello wrote: > I'm very new to freeradius, and I need to test whether my configuration > is correctly accepting MS-CHAPv2 requests. I'm not sure exactly how to > do this with radtest (or am I using the wrong tool?) You can't use it with radtest. Maybe in version 2.1.10. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: radtest with MS-CHAPv2?
Andrew Chiarello wrote: > I'm very new to freeradius, and I need to test whether my configuration > is correctly accepting MS-CHAPv2 requests. I'm not sure exactly how to > do this with radtest (or am I using the wrong tool?) You can't use it with radtest. Maybe in version 2.1.10. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
radtest with MS-CHAPv2?
I'm very new to freeradius, and I need to test whether my configuration is correctly accepting MS-CHAPv2 requests. I'm not sure exactly how to do this with radtest (or am I using the wrong tool?) Andrew J. Chiarello Network Engineer Bryn Mawr College 610-526-7966 achiare...@brynmawr.edu - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: problem with radtest + dictionary + Authen::Radius (perl)
Ana Gallardo wrote: > Hello Alan, > > > $ radtest u...@realm pass radius 0 claveClient > > radclient: dict_init: /usr/share/freeradius/dictionary.XXX: unknown > > option "XXX" > > You didn't define "XXX" as a vendor. > > I think I did... > > $ cat /usr/share/freeradius/dictionary.rinuex Which doesn't match the error message you showed above. here is *no* ATTRIBUTE line having an option. Please be *consistent*. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: problem with radtest + dictionary + Authen::Radius (perl)
Hello Alan, > $ radtest u...@realm pass radius 0 claveClient > > radclient: dict_init: /usr/share/freeradius/dictionary.XXX: unknown > > option "XXX" > > You didn't define "XXX" as a vendor. > I think I did... $ cat /usr/share/freeradius/dictionary.rinuex # -*- text -*- # # dictionary.rinuex # # # Mayo de 2010 # Marco Jaraíz # Ana Gallardo # VENDOR Rinuex 35782 BEGIN-VENDORRinuex # Código para indicar la causa del Access-Reject ATTRIBUTE Codigo-Reject 8 integer VALUE Codigo-Reject Credenciales-Erroneas 3 VALUE Codigo-Reject Cuenta-Bloqueada-Intentos-Reject4 VALUE Codigo-Reject Imposible-Contactar-Backend 5 VALUE Codigo-Reject Error-Dominio 6 VALUE Codigo-Reject Cuenta-Expirada 7 VALUE Codigo-Reject Cuenta-Inactiva 8 VALUE Codigo-Reject Radius-OK 9 END-VENDORRinuex > > And there's no reason to keep the vendor name a secret. The > name/number for the vendor is available in public registries. > it's truth > > Alan DeKok. > > Thanks again -- Ana Gallardo Gómez - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: problem with radtest + dictionary + Authen::Radius (perl)
Ana Gallardo wrote: > $ radtest u...@realm pass radius 0 claveClient > radclient: dict_init: /usr/share/freeradius/dictionary.XXX: unknown > option "XXX" You didn't define "XXX" as a vendor. And there's no reason to keep the vendor name a secret. The name/number for the vendor is available in public registries. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
problem with radtest + dictionary + Authen::Radius (perl)
Hello, I'm working with Freeradius 2.1.8 and I have created my vendor dictionary. I need to use Authen::Radius (perl). This package needs 'vendor' declaration in every 'ATTRIBUTE' line in vendor dictionaries. Following man RADIUS dictionary file http://freeradius.org/radiusd/man/dictionary.html *ATTRIBUTE name number type [vendor|options]* that is possible. But when I use radtest, I have this problem: $ radtest u...@realm pass radius 0 claveClient radclient: dict_init: /usr/share/freeradius/dictionary.XXX: unknown option "XXX" Thank you and sorry for my english Ana Gallardo Gómez - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: radtest and IPv6 support
Hello John, Alan, all, > > John Dennis wrote: > > We also just discovered a bug with IPv6 usage in radclient (and > > radtest), you may want to take a look at these two bugzilla's: > > > > https://bugs.freeradius.org/bugzilla/show_bug.cgi?id=80 > > The better fix is to take unknown options starting with "-", and pass > them directly to radclient. This will make -4 work, -6, and a bunch of > other options. > Thanks both for the reply. I will try using the radclient for my testing from now on.. Cheers, Panos - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: radtest and IPv6 support
John Dennis wrote: > All you should need to do is create a bugzilla login, no different than > the FreeRADIUS bugzilla, but no problem, I attached the patch to the the > FreeRADIUS bug, should be easy to see now. Tried, still the same error. Oh well. >>From what I can tell, the issue is that ip_hton() does DNS lookups, >> and inet_pton() doesn't. > > yup, that's the primary issue, secondary issue is more informative error > reporting. OK. I've applied the patch. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: radtest and IPv6 support
On 06/07/2010 05:33 PM, Alan DeKok wrote: John Dennis wrote: We also just discovered a bug with IPv6 usage in radclient (and radtest), you may want to take a look at these two bugzilla's: https://bugs.freeradius.org/bugzilla/show_bug.cgi?id=80 The better fix is to take unknown options starting with "-", and pass them directly to radclient. This will make -4 work, -6, and a bunch of other options. Hokey dokey, I didn't create the proposed fix in this instance, please update the bugzilla with the suggestion or the git commit. Thanks! https://bugs.freeradius.org/bugzilla/show_bug.cgi?id=82 Except I'm not allowed to see the redhat bugs. All you should need to do is create a bugzilla login, no different than the FreeRADIUS bugzilla, but no problem, I attached the patch to the the FreeRADIUS bug, should be easy to see now. From what I can tell, the issue is that ip_hton() does DNS lookups, and inet_pton() doesn't. yup, that's the primary issue, secondary issue is more informative error reporting. -- John Dennis Looking to carve out IT costs? www.redhat.com/carveoutcosts/ - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: radtest and IPv6 support
John Dennis wrote: > We also just discovered a bug with IPv6 usage in radclient (and > radtest), you may want to take a look at these two bugzilla's: > > https://bugs.freeradius.org/bugzilla/show_bug.cgi?id=80 The better fix is to take unknown options starting with "-", and pass them directly to radclient. This will make -4 work, -6, and a bunch of other options. > https://bugs.freeradius.org/bugzilla/show_bug.cgi?id=82 Except I'm not allowed to see the redhat bugs. From what I can tell, the issue is that ip_hton() does DNS lookups, and inet_pton() doesn't. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: radtest and IPv6 support
On 06/03/2010 01:57 PM, Panagiotis Georgopoulos wrote: Hello all, I am trying to use radtest to test my freeradius configuration over IPv6. I have configured IPv6 on my freeradius server and a client machine from which I am firing radtest. However when I issue “radtest We also just discovered a bug with IPv6 usage in radclient (and radtest), you may want to take a look at these two bugzilla's: https://bugs.freeradius.org/bugzilla/show_bug.cgi?id=80 https://bugs.freeradius.org/bugzilla/show_bug.cgi?id=82 -- John Dennis Looking to carve out IT costs? www.redhat.com/carveoutcosts/ - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: radtest and IPv6 support
Hello Alan, all See bellow... > -Original Message- > From: freeradius-users- > bounces+panos=comp.lancs.ac...@lists.freeradius.org [mailto:freeradius- > users-bounces+panos=comp.lancs.ac...@lists.freeradius.org] On Behalf Of > Alan DeKok > Sent: 06 June 2010 09:27 > To: FreeRadius users mailing list > Subject: Re: radtest and IPv6 support > > Panagiotis Georgopoulos wrote: > > I am trying to use radtest to test my freeradius > > configuration over IPv6. I have configured IPv6 on my freeradius > server > > and a client machine from which I am firing radtest. However when I > > issue radtest bob hello 2001:db95::100 100 testing123 on my client I > > get a > > > > radclient: socket: cannot initialize udpfromto: Function not > implemented > > When building from source, do: > > $ ./configure --without-udpfromto > > It doesn't appear to work on your system. > How can I only build radtest from source? (recap: ) I have build freeRadius on my server and I want to run radtest on a client machine to test my configuration over IPv6. I installed radtest on my client machine by installing freeradius-utils... Is there another way to test FreeRadius with another tool that supports IPV6? Thanks, Panos - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: radtest and IPv6 support
Panagiotis Georgopoulos wrote: > I am trying to use radtest to test my freeradius > configuration over IPv6. I have configured IPv6 on my freeradius server > and a client machine from which I am firing radtest. However when I > issue “radtest bob hello 2001:db95::100 100 testing123” on my client I > get a > > “radclient: socket: cannot initialize udpfromto: Function not implemented” When building from source, do: $ ./configure --without-udpfromto It doesn't appear to work on your system. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
radtest and IPv6 support
Hello all, I am trying to use radtest to test my freeradius configuration over IPv6. I have configured IPv6 on my freeradius server and a client machine from which I am firing radtest. However when I issue "radtest bob hello 2001:db95::100 100 testing123" on my client I get a "radclient: socket: cannot initialize udpfromto: Function not implemented" Google returns a few people reporting this, but answers are related to changing how localhost is resolved when testing it from the freeradius server. Is there a proper solution for using radtest over IPv6 from a remote machine? Btw radtest works fine over IPv4 on my current setup. Thanks a lot, Panos - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: sql wont pass radtest
Robert Wilkinson wrote: > I have uncommented all the "SQL" lines to no avail. No module is loaded. The debug log *clearly* shows which files it is reading, and which modules it is loading. It reads the SQL configuration files, but does *not* load the SQL module. > Is it important to have a NAS installed at this stage? No. > including configuration file /etc/freeradius/sites-enabled/default > including configuration file /etc/freeradius/sites-enabled/inner-tunnel Did you edit these files? The answer is "no". None of the debug log shows it loading the sql module. You have been editing *different* files, which is why the server isn't using SQL. So.. which files were you editing and why? Go back and edit the *real* files. You will know you have succeeded when it starts printing text like this: Module: Linked to module rlm_sql Until it prints that text, you are not editing the right files. Again, the *whole purpose* of debug mode is for people to *read* it. It is *telling* you which files it is reading. You have been editing *different* files. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: sql wont pass radtest
On Wed, 2010-05-26 at 19:58 +0100, Alan Buxey wrote: > hi, > > your output doesnt show SQL being loaded up as the daemon startsits very > obvious when it does use SQL as there'll be a lot of SQL stuff shown in the > startup > eg sockets connecting to the SQL etc. > Just realised that the server needs to be restarted after each change in configuration. Important to know that. > check that you have the INCLUDE sql.conf in the radiusd.conf and chck that > you have uncommented the sql lines in the virtual servers that you want > to use (ie 'default' for plain stuff and 'inner-tunnel' for EAP stuff) I have uncommented all the "SQL" lines to no avail. No module is loaded. Is it important to have a NAS installed at this stage? Here is my radiusd -X output: FreeRADIUS Version 2.1.8, for host i486-pc-linux-gnu, built on Jan 5 2010 at 02:49:11 Copyright (C) 1999-2009 The FreeRADIUS server project and contributors. There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. You may redistribute copies of FreeRADIUS under the terms of the GNU General Public License v2. Starting - reading configuration files ... including configuration file /etc/freeradius/radiusd.conf including configuration file /etc/freeradius/clients.conf including files in directory /etc/freeradius/modules/ including configuration file /etc/freeradius/modules/ldap including configuration file /etc/freeradius/modules/preprocess including configuration file /etc/freeradius/modules/pap including configuration file /etc/freeradius/modules/exec including configuration file /etc/freeradius/modules/krb5 including configuration file /etc/freeradius/modules/wimax including configuration file /etc/freeradius/modules/policy including configuration file /etc/freeradius/modules/ntlm_auth including configuration file /etc/freeradius/modules/sql_log including configuration file /etc/freeradius/modules/linelog including configuration file /etc/freeradius/modules/sqlcounter_expire_on_login including configuration file /etc/freeradius/modules/mac2ip including configuration file /etc/freeradius/modules/otp including configuration file /etc/freeradius/modules/detail.example.com including configuration file /etc/freeradius/modules/expiration including configuration file /etc/freeradius/modules/perl including configuration file /etc/freeradius/modules/unix including configuration file /etc/freeradius/modules/etc_group including configuration file /etc/freeradius/modules/files including configuration file /etc/freeradius/modules/chap including configuration file /etc/freeradius/modules/radutmp including configuration file /etc/freeradius/modules/attr_rewrite including configuration file /etc/freeradius/modules/passwd including configuration file /etc/freeradius/modules/inner-eap including configuration file /etc/freeradius/modules/attr_filter including configuration file /etc/freeradius/modules/realm including configuration file /etc/freeradius/modules/acct_unique including configuration file /etc/freeradius/modules/mschap including configuration file /etc/freeradius/modules/sradutmp including configuration file /etc/freeradius/modules/digest including configuration file /etc/freeradius/modules/echo including configuration file /etc/freeradius/modules/mac2vlan including configuration file /etc/freeradius/modules/cui including configuration file /etc/freeradius/modules/always including configuration file /etc/freeradius/modules/expr including configuration file /etc/freeradius/modules/ippool including configuration file /etc/freeradius/modules/detail.log including configuration file /etc/freeradius/modules/pam including configuration file /etc/freeradius/modules/counter including configuration file /etc/freeradius/modules/logintime including configuration file /etc/freeradius/modules/checkval including configuration file /etc/freeradius/modules/detail including configuration file /etc/freeradius/modules/smsotp including configuration file /etc/freeradius/modules/smbpasswd including configuration file /etc/freeradius/eap.conf including configuration file /etc/freeradius/sql.conf including configuration file /etc/freeradius/sql/mysql/counter.conf including files in directory /etc/freeradius/sites-enabled/ including configuration file /etc/freeradius/sites-enabled/default including configuration file /etc/freeradius/sites-enabled/inner-tunnel main { user = "freerad" group = "freerad" allow_core_dumps = no } including dictionary file /etc/freeradius/dictionary main { prefix = "/usr" localstatedir = "/var" logdir = "/var/log/freeradius" libdir = "/usr/lib/freeradius" radacctdir = "/var/log/freeradius/radacct" hostname_lookups = no max_request_time = 30 cleanup_delay = 5 max_requests = 1024 pidfile = "/var/run/freeradius/freeradius.pid" checkrad = "/usr/sbin/checkrad" debug_level = 0 proxy_requests = no
Re: sql wont pass radtest
hi, your output doesnt show SQL being loaded up as the daemon startsits very obvious when it does use SQL as there'll be a lot of SQL stuff shown in the startup eg sockets connecting to the SQL etc. check that you have the INCLUDE sql.conf in the radiusd.conf and chck that you have uncommented the sql lines in the virtual servers that you want to use (ie 'default' for plain stuff and 'inner-tunnel' for EAP stuff) alan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: sql wont pass radtest
Robert Wilkinson wrote: > Hello. > After lots of reading and time testing I have been unable to get sql to > authenticate with using radtest. Am I having issues with the the DB > setup? I am having no problems with the "users" file. But there seems to > be nothing to pursue with the SQL issues. I am almost moved to tears.. > and tearing my hair out. The Wiki contains good instructions for configuring SQL. > I want to setup a wireless hotspot. I have spent 4 days tring to get my > mind around this. I have uncommented the "SQL" lines where needed. The debug log doesn't show this. You need to edit raddb/sites-available/default, and look for "sql". > Is it my database or the options I have made. I have spent lots of time > on the wiki and mailing list, to the point that confusion now reigns. > There needs to be a way for simple setups > to be made easy. http://wiki.freeradius.org/SQL_HOWTO It needs to be updated for 2.x, but the basic idea is there. > here is my freeradius -X Which shows it does not load the SQL module, and does not use the SQL module when it receives a packet. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
sql wont pass radtest
Hello. After lots of reading and time testing I have been unable to get sql to authenticate with using radtest. Am I having issues with the the DB setup? I am having no problems with the "users" file. But there seems to be nothing to pursue with the SQL issues. I am almost moved to tears.. and tearing my hair out. I am using: Ubuntu 10.4 (Linode account) Freeradius 2.1.8 MySql5 I want to setup a wireless hotspot. I have spent 4 days tring to get my mind around this. I have uncommented the "SQL" lines where needed. Is it my database or the options I have made. I have spent lots of time on the wiki and mailing list, to the point that confusion now reigns. There needs to be a way for simple setups to be made easy. here is my freeradius -X FreeRADIUS Version 2.1.8, for host i486-pc-linux-gnu, built on Jan 5 2010 at 02:49:11 Copyright (C) 1999-2009 The FreeRADIUS server project and contributors. There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. You may redistribute copies of FreeRADIUS under the terms of the GNU General Public License v2. Starting - reading configuration files ... including configuration file /etc/freeradius/radiusd.conf including configuration file /etc/freeradius/clients.conf including files in directory /etc/freeradius/modules/ including configuration file /etc/freeradius/modules/ldap including configuration file /etc/freeradius/modules/preprocess including configuration file /etc/freeradius/modules/pap including configuration file /etc/freeradius/modules/exec including configuration file /etc/freeradius/modules/krb5 including configuration file /etc/freeradius/modules/wimax including configuration file /etc/freeradius/modules/policy including configuration file /etc/freeradius/modules/ntlm_auth including configuration file /etc/freeradius/modules/sql_log including configuration file /etc/freeradius/modules/linelog including configuration file /etc/freeradius/modules/sqlcounter_expire_on_login including configuration file /etc/freeradius/modules/mac2ip including configuration file /etc/freeradius/modules/otp including configuration file /etc/freeradius/modules/detail.example.com including configuration file /etc/freeradius/modules/expiration including configuration file /etc/freeradius/modules/perl including configuration file /etc/freeradius/modules/unix including configuration file /etc/freeradius/modules/etc_group including configuration file /etc/freeradius/modules/files including configuration file /etc/freeradius/modules/chap including configuration file /etc/freeradius/modules/radutmp including configuration file /etc/freeradius/modules/attr_rewrite including configuration file /etc/freeradius/modules/passwd including configuration file /etc/freeradius/modules/inner-eap including configuration file /etc/freeradius/modules/attr_filter including configuration file /etc/freeradius/modules/realm including configuration file /etc/freeradius/modules/acct_unique including configuration file /etc/freeradius/modules/mschap including configuration file /etc/freeradius/modules/sradutmp including configuration file /etc/freeradius/modules/digest including configuration file /etc/freeradius/modules/echo including configuration file /etc/freeradius/modules/mac2vlan including configuration file /etc/freeradius/modules/cui including configuration file /etc/freeradius/modules/always including configuration file /etc/freeradius/modules/expr including configuration file /etc/freeradius/modules/ippool including configuration file /etc/freeradius/modules/detail.log including configuration file /etc/freeradius/modules/pam including configuration file /etc/freeradius/modules/counter including configuration file /etc/freeradius/modules/logintime including configuration file /etc/freeradius/modules/checkval including configuration file /etc/freeradius/modules/detail including configuration file /etc/freeradius/modules/smsotp including configuration file /etc/freeradius/modules/smbpasswd including configuration file /etc/freeradius/eap.conf including configuration file /etc/freeradius/sql.conf including configuration file /etc/freeradius/sql/mysql/dialup.conf including files in directory /etc/freeradius/sites-enabled/ including configuration file /etc/freeradius/sites-enabled/default including configuration file /etc/freeradius/sites-enabled/inner-tunnel main { user = "freerad" group = "freerad" allow_core_dumps = no } including dictionary file /etc/freeradius/dictionary main { prefix = "/usr" localstatedir = "/var" logdir = "/var/log/freeradius" libdir = "/usr/lib/freeradius" radacctdir = "/var/log/freeradius/radacct" hostname_lookups = no max_request_time = 30 cleanup_delay = 5 max_requests = 1024 pidfile = "/var/run/freeradius/freeradius.pid&qu
Re: radtest
Hi, > after the addition of customers in the database sql, I assay to test a client > in other computer by using radtest. > but i had those lignes in the shell: > # radtest > Le programme 'radtest' peut être trouvé dans les paquets suivants :(that's > means&! nbsp;The program 'radtest' can be found in the following packages) > * radiusd-livingston > * yardradius > * xtradius > * freeradius radtest is part of freeradius package. alan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
radtest
hi,after the addition of customers in the database sql, I assay to test a client in other computer by using radtest.but i had those lignes in the shell:# radtestLe programme 'radtest' peut être trouvé dans les paquets suivants :(that's means The program 'radtest' can be found in the following packages) * radiusd-livingston * yardradius * xtradius * freeradius all that a want that the client try to acced to the server.and all the document said that i may use "radtest" but it's just working only in serverthank you _ Your E-mail and More On-the-Go. Get Windows Live Hotmail Free. https://signup.live.com/signup.aspx?id=60969- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: format input to radclient (or radtest) for EAP-TTLS and EAP-PEAK (MSCHAPv2) test
bslee (HKBU) wrote: > Question1: I don't have the client and nas environment right now. I > want to input "EAP-TTLS" and "EAP-PEAP (MSCHAPv2)" respectively into > radclient (or radtest) to test my freeradius configuration. What should > be the input to radclient (or radtest) (i.e. the red string in the > example below)? radclient does not do EAP. You will need to use "eapol_test". See http://deployingradius.com for complete instructions. > Question 2: When freeradius receives a authentication request of either > one of those 2 types in question 1, a script will be invoked to > authenticate mysql (i.e. to replace corresponding rlm_eap_xxx module). Uh... no. That is not at all how it works. > a. May I know related configurations for invoking the script? See scripts/exec-program-wait, and "man unlang" > b. some attributes should be sent to the script from freeradius. What > are these attributes? How to get these attributes from PHP script? See above. > c. After accessing MYSQL, PHP script should return some attributes back > to freeradius, What are these attributes? How to allow freeradius to > accept authentication result and those attributes? See above. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
format input to radclient (or radtest) for EAP-TTLS and EAP-PEAK (MSCHAPv2) test
Hi, I am using v2.1.8 in SuSE 11. Question1: I don't have the client and nas environment right now. I want to input "EAP-TTLS" and "EAP-PEAP (MSCHAPv2)" respectively into radclient (or radtest) to test my freeradius configuration. What should be the input to radclient (or radtest) (i.e. the red string in the example below)? eg, echo "User-Name=test,Password=mypass,Framed-Protocol=PPP " | /usr/local/bin/radclient localhost:1812 auth s3cr3t Question 2: When freeradius receives a authentication request of either one of those 2 types in question 1, a script will be invoked to authenticate mysql (i.e. to replace corresponding rlm_eap_xxx module). a. May I know related configurations for invoking the script? b. some attributes should be sent to the script from freeradius. What are these attributes? How to get these attributes from PHP script? c. After accessing MYSQL, PHP script should return some attributes back to freeradius, What are these attributes? How to allow freeradius to accept authentication result and those attributes? --- Cheers, Joe __ Information from ESET Smart Security, version of virus signature database 5080 (20100502) __ The message was checked by ESET Smart Security. http://www.eset.com - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: radiusd not responding to radtest
Hi Alan, I figured out that I would need to add a test user in the users file, thanks for looking at it though. We are still testing in the lab, we hope to use this to replace our existing Orps thats running radiator, so we are trying to configure a server that will use EAP-TTLS with a PAP inner that talks to a LDAP backend for ucl.ac.uk users and sends everything else to the NRPS, I expect i'll be sending another post soon. Thanks Colin Hi, rad_recv: Access-Request packet from host 127.0.0.1 port 46723, id=155, length=56 User-Name = "test" User-Password = "test" NAS-IP-Address = 127.0.0.1 NAS-Port = 0 +- entering group authorize {...} ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop [suffix] No '@' in User-Name = "test", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop [eap] No EAP-Message, not doing EAP ++[eap] returns noop ++[unix] returns notfound ++[files] returns noop ++[expiration] returns noop ++[logintime] returns noop this means the user 'test' was not found - in either the passwd file, the users file ('files' module default location) and it wasnt an EAP message to the EAP module did nothing. if you add test Cleartext-Password := "test" to the users file and restart, you'll have success...this is a very basic test alan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- --- Colin Byelong Email: c.byel...@ucl.ac.uk Senior Network Development Officer Network Group Information Systems Division University College London Gower Street Phone: 020 7679-2572 London WC1E 6BT - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: radiusd not responding to radtest
Hi Alan, Thanks for the help we have turned IPv6 off Thanks Colin Hi, Thanks this was fixed by commenting out the ::1 entry in /etc/hosts as we don't intend to run IPv6 on the box if you dont intend fo run IPv6 on that server then I'd suggest to turn it off - otherwise you may have no ::1 in /etc/hosts but your IPv6 stack is running and ALL daemons etc that can do IPv6 *will* do IPv6 - that'd include FreeRADIUS if its set to use DNS names and they lookup nicely to IPv6 addresses - eg the UK National JRS proxies. heres some help http://www.cyberciti.biz/tips/linux-how-to-disable-the-ipv6-protocol.html alan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- --- Colin Byelong Email: c.byel...@ucl.ac.uk Senior Network Development Officer Network Group Information Systems Division University College London Gower Street Phone: 020 7679-2572 London WC1E 6BT - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: radiusd not responding to radtest
Hi, > rad_recv: Access-Request packet from host 127.0.0.1 port 46723, id=155, > length=56 > User-Name = "test" > User-Password = "test" > NAS-IP-Address = 127.0.0.1 > NAS-Port = 0 > +- entering group authorize {...} > ++[preprocess] returns ok > ++[chap] returns noop > ++[mschap] returns noop > [suffix] No '@' in User-Name = "test", looking up realm NULL > [suffix] No such realm "NULL" > ++[suffix] returns noop > [eap] No EAP-Message, not doing EAP > ++[eap] returns noop > ++[unix] returns notfound > ++[files] returns noop > ++[expiration] returns noop > ++[logintime] returns noop this means the user 'test' was not found - in either the passwd file, the users file ('files' module default location) and it wasnt an EAP message to the EAP module did nothing. if you add test Cleartext-Password := "test" to the users file and restart, you'll have success...this is a very basic test alan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: radiusd not responding to radtest
Hi, > Thanks this was fixed by commenting out the ::1 entry in /etc/hosts as > we don't intend to run IPv6 on the box if you dont intend fo run IPv6 on that server then I'd suggest to turn it off - otherwise you may have no ::1 in /etc/hosts but your IPv6 stack is running and ALL daemons etc that can do IPv6 *will* do IPv6 - that'd include FreeRADIUS if its set to use DNS names and they lookup nicely to IPv6 addresses - eg the UK National JRS proxies. heres some help http://www.cyberciti.biz/tips/linux-how-to-disable-the-ipv6-protocol.html alan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: radiusd not responding to radtest
Alan, Thanks this was fixed by commenting out the ::1 entry in /etc/hosts as we don't intend to run IPv6 on the box Thanks again Colin Colin Byelong wrote: radtest test test localhost 0 testing123 Sending Access-Request of id 253 to ::1 port 1812 ::1 is IPv6. ... Listening on authentication address * port 1812 Listening on accounting address * port 1813 Listening on command file /var/run/radiusd/radiusd.sock Listening on proxy address * port 1814 These are IPv4 sockets. Use '127.0.0.1' in radtest, rather than 'localhost'. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- --- Colin Byelong Email: c.byel...@ucl.ac.uk Senior Network Development Officer Network Group Information Systems Division University College London Gower Street Phone: 020 7679-2572 London WC1E 6BT - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: radiusd not responding to radtest
On Wed, Feb 10, 2010 at 11:45 PM, Colin Byelong wrote: > ++[unix] returns notfound ... so unix module is enabled > [pap] WARNING! No "known good" password found for the user. Authentication > may fail because of this. ... but No "known good" password found for the user. If you just want to test that freeradius works, you should be able to add a new user to the OS (using "useradd" and "passwd" or other tools), and then use that user/password for radtest. -- Fajar - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: radiusd not responding to radtest
Alan, Thanks I know have some output from the server: Ready to process requests. rad_recv: Access-Request packet from host 127.0.0.1 port 46723, id=155, length=56 User-Name = "test" User-Password = "test" NAS-IP-Address = 127.0.0.1 NAS-Port = 0 +- entering group authorize {...} ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop [suffix] No '@' in User-Name = "test", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop [eap] No EAP-Message, not doing EAP ++[eap] returns noop ++[unix] returns notfound ++[files] returns noop ++[expiration] returns noop ++[logintime] returns noop [pap] WARNING! No "known good" password found for the user. Authentication may fail because of this. ++[pap] returns noop No authenticate method (Auth-Type) configuration found for the request: Rejecting the user Failed to authenticate the user. Using Post-Auth-Type Reject +- entering group REJECT {...} [attr_filter.access_reject] expand: %{User-Name} -> test attr_filter: Matched entry DEFAULT at line 11 ++[attr_filter.access_reject] returns updated Delaying reject of request 0 for 1 seconds Going to the next request Waking up in 0.9 seconds. Sending delayed reject for request 0 Sending Access-Reject of id 155 to 127.0.0.1 port 46723 Waking up in 4.9 seconds. Cleaning up request 0 ID 155 with timestamp +2105 Its home time here so i'll look at this tomorrow :-) Thanks Colin Colin Byelong wrote: radtest test test localhost 0 testing123 Sending Access-Request of id 253 to ::1 port 1812 ::1 is IPv6. ... Listening on authentication address * port 1812 Listening on accounting address * port 1813 Listening on command file /var/run/radiusd/radiusd.sock Listening on proxy address * port 1814 These are IPv4 sockets. Use '127.0.0.1' in radtest, rather than 'localhost'. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- --- Colin Byelong Email: c.byel...@ucl.ac.uk Senior Network Development Officer Network Group Information Systems Division University College London Gower Street Phone: 020 7679-2572 London WC1E 6BT - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: radiusd not responding to radtest
Colin Byelong wrote: > radtest test test localhost 0 testing123 > Sending Access-Request of id 253 to ::1 port 1812 ::1 is IPv6. ... > Listening on authentication address * port 1812 > Listening on accounting address * port 1813 > Listening on command file /var/run/radiusd/radiusd.sock > Listening on proxy address * port 1814 These are IPv4 sockets. Use '127.0.0.1' in radtest, rather than 'localhost'. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: radiusd not responding to radtest
On 10/02/2010 15:54, John Dennis wrote: Hello, Did you open the port in your firewall? hint: either use system-config-firewall to see if it's open and open it if it isn't or use "service iptables status | grep 1812" to quickly verify if it's open or not. Hi John, Thanks for the respose. [r...@orps3 ~]# service iptables status | grep 1812 7ACCEPT udp -- 0.0.0.0/00.0.0.0/0 state NEW udp dpt:1812 I have tried it with the firewall disabled but got the same response. Thanks Colin -- --- Colin Byelong Email: c.byel...@ucl.ac.uk Senior Network Development Officer Network Group Information Systems Division University College London Gower Street Phone: 020 7679-2572 London WC1E 6BT - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
radiusd not responding to radtest
Hello, Im very new to freeradius so apologies if this is a dumb question. I installed freeradius2.1.8 on a Fedora 12 system today, when the install had finished I started radius with "radiusd -X" Another window was opened to run radtest: radtest test test localhost 0 testing123 Sending Access-Request of id 253 to ::1 port 1812 User-Name = "test" User-Password = "test" NAS-IP-Address = 127.0.0.1 NAS-Port = 0 Sending Access-Request of id 253 to ::1 port 1812 User-Name = "test" User-Password = "test" NAS-IP-Address = 127.0.0.1 NAS-Port = 0 Sending Access-Request of id 253 to ::1 port 1812 User-Name = "test" User-Password = "test" NAS-IP-Address = 127.0.0.1 NAS-Port = 0 radclient: no response from server for ID 253 socket 3 I expected to see a Access-Accept or Access-Reject. The output from radiusd -X is below: Thanks Colin =~=~=~=~=~=~=~=~=~=~=~= PuTTY log 2010.02.10 14:58:54 =~=~=~=~=~=~=~=~=~=~=~= FreeRADIUS Version 2.1.8, for host x86_64-redhat-linux-gnu, built on Jan 8 2010 at 18:16:21 Copyright (C) 1999-2009 The FreeRADIUS server project and contributors. There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. You may redistribute copies of FreeRADIUS under the terms of the GNU General Public License v2. Starting - reading configuration files ... including configuration file /etc/raddb/radiusd.conf including configuration file /etc/raddb/proxy.conf including configuration file /etc/raddb/clients.conf including files in directory /etc/raddb/modules/ including configuration file /etc/raddb/modules/radutmp including configuration file /etc/raddb/modules/policy including configuration file /etc/raddb/modules/checkval including configuration file /etc/raddb/modules/sql_log including configuration file /etc/raddb/modules/cui including configuration file /etc/raddb/modules/perl including configuration file /etc/raddb/modules/linelog including configuration file /etc/raddb/modules/expr including configuration file /etc/raddb/modules/chap including configuration file /etc/raddb/modules/passwd including configuration file /etc/raddb/modules/pap including configuration file /etc/raddb/modules/mac2ip including configuration file /etc/raddb/modules/mschap including configuration file /etc/raddb/modules/preprocess including configuration file /etc/raddb/modules/ldap including configuration file /etc/raddb/modules/detail.log including configuration file /etc/raddb/modules/otp including configuration file /etc/raddb/modules/digest including configuration file /etc/raddb/modules/attr_rewrite including configuration file /etc/raddb/modules/inner-eap including configuration file /etc/raddb/modules/sradutmp including configuration file /etc/raddb/modules/smsotp including configuration file /etc/raddb/modules/ippool including configuration file /etc/raddb/modules/ntlm_auth including configuration file /etc/raddb/modules/logintime including configuration file /etc/raddb/modules/acct_unique including configuration file /etc/raddb/modules/etc_group including configuration file /etc/raddb/modules/realm including configuration file /etc/raddb/modules/files including configuration file /etc/raddb/modules/smbpasswd including configuration file /etc/raddb/modules/attr_filter including configuration file /etc/raddb/modules/detail.example.com including configuration file /etc/raddb/modules/wimax including configuration file /etc/raddb/modules/echo including configuration file /etc/raddb/modules/expiration including configuration file /etc/raddb/modules/krb5 including configuration file /etc/raddb/modules/detail including configuration file /etc/raddb/modules/always including configuration file /etc/raddb/modules/mac2vlan including configuration file /etc/raddb/modules/counter including configuration file /etc/raddb/modules/pam including configuration file /etc/raddb/modules/sqlcounter_expire_on_login including configuration file /etc/raddb/modules/exec including configuration file /etc/raddb/modules/unix including configuration file /etc/raddb/eap.conf including configuration file /etc/raddb/policy.conf including files in directory /etc/raddb/sites-enabled/ including configuration file /etc/raddb/sites-enabled/default including configuration file /etc/raddb/sites-enabled/inner-tunnel including configuration file /etc/raddb/sites-enabled/control-socket main { user = "radiusd" group = "radiusd" allow_core_dumps = no } including dictionary file /etc/raddb/dictionary main { prefix = "/usr" localstatedir = "/var" logdir = "/var/log/radius" libdir = "/usr/lib64/freeradius" radacctdir = "/var/log/radius/radacct" hostname_lookups = no max_request_time = 30 cleanup_delay = 5 max_requests = 1024 pidfile = &q
Re: radiusd not responding to radtest
On 02/10/2010 10:30 AM, Colin Byelong wrote: Hello, Im very new to freeradius so apologies if this is a dumb question. I installed freeradius2.1.8 on a Fedora 12 system today, when the install had finished I started radius with "radiusd -X" Another window was opened to run radtest: radtest test test localhost 0 testing123 Sending Access-Request of id 253 to ::1 port 1812 User-Name = "test" User-Password = "test" NAS-IP-Address = 127.0.0.1 NAS-Port = 0 Sending Access-Request of id 253 to ::1 port 1812 User-Name = "test" User-Password = "test" NAS-IP-Address = 127.0.0.1 NAS-Port = 0 Sending Access-Request of id 253 to ::1 port 1812 User-Name = "test" User-Password = "test" NAS-IP-Address = 127.0.0.1 NAS-Port = 0 radclient: no response from server for ID 253 socket 3 I expected to see a Access-Accept or Access-Reject. Did you open the port in your firewall? hint: either use system-config-firewall to see if it's open and open it if it isn't or use "service iptables status | grep 1812" to quickly verify if it's open or not. -- John Dennis Looking to carve out IT costs? www.redhat.com/carveoutcosts/ - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
radiusd not responding to radtest
Hello, Im very new to freeradius so apologies if this is a dumb question. I installed freeradius2.1.8 on a Fedora 12 system today, when the install had finished I started radius with "radiusd -X" Another window was opened to run radtest: radtest test test localhost 0 testing123 Sending Access-Request of id 253 to ::1 port 1812 User-Name = "test" User-Password = "test" NAS-IP-Address = 127.0.0.1 NAS-Port = 0 Sending Access-Request of id 253 to ::1 port 1812 User-Name = "test" User-Password = "test" NAS-IP-Address = 127.0.0.1 NAS-Port = 0 Sending Access-Request of id 253 to ::1 port 1812 User-Name = "test" User-Password = "test" NAS-IP-Address = 127.0.0.1 NAS-Port = 0 radclient: no response from server for ID 253 socket 3 I expected to see a Access-Accept or Access-Reject. The output from radiusd -X is below: Thanks Colin =~=~=~=~=~=~=~=~=~=~=~= PuTTY log 2010.02.10 14:58:54 =~=~=~=~=~=~=~=~=~=~=~= FreeRADIUS Version 2.1.8, for host x86_64-redhat-linux-gnu, built on Jan 8 2010 at 18:16:21 Copyright (C) 1999-2009 The FreeRADIUS server project and contributors. There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. You may redistribute copies of FreeRADIUS under the terms of the GNU General Public License v2. Starting - reading configuration files ... including configuration file /etc/raddb/radiusd.conf including configuration file /etc/raddb/proxy.conf including configuration file /etc/raddb/clients.conf including files in directory /etc/raddb/modules/ including configuration file /etc/raddb/modules/radutmp including configuration file /etc/raddb/modules/policy including configuration file /etc/raddb/modules/checkval including configuration file /etc/raddb/modules/sql_log including configuration file /etc/raddb/modules/cui including configuration file /etc/raddb/modules/perl including configuration file /etc/raddb/modules/linelog including configuration file /etc/raddb/modules/expr including configuration file /etc/raddb/modules/chap including configuration file /etc/raddb/modules/passwd including configuration file /etc/raddb/modules/pap including configuration file /etc/raddb/modules/mac2ip including configuration file /etc/raddb/modules/mschap including configuration file /etc/raddb/modules/preprocess including configuration file /etc/raddb/modules/ldap including configuration file /etc/raddb/modules/detail.log including configuration file /etc/raddb/modules/otp including configuration file /etc/raddb/modules/digest including configuration file /etc/raddb/modules/attr_rewrite including configuration file /etc/raddb/modules/inner-eap including configuration file /etc/raddb/modules/sradutmp including configuration file /etc/raddb/modules/smsotp including configuration file /etc/raddb/modules/ippool including configuration file /etc/raddb/modules/ntlm_auth including configuration file /etc/raddb/modules/logintime including configuration file /etc/raddb/modules/acct_unique including configuration file /etc/raddb/modules/etc_group including configuration file /etc/raddb/modules/realm including configuration file /etc/raddb/modules/files including configuration file /etc/raddb/modules/smbpasswd including configuration file /etc/raddb/modules/attr_filter including configuration file /etc/raddb/modules/detail.example.com including configuration file /etc/raddb/modules/wimax including configuration file /etc/raddb/modules/echo including configuration file /etc/raddb/modules/expiration including configuration file /etc/raddb/modules/krb5 including configuration file /etc/raddb/modules/detail including configuration file /etc/raddb/modules/always including configuration file /etc/raddb/modules/mac2vlan including configuration file /etc/raddb/modules/counter including configuration file /etc/raddb/modules/pam including configuration file /etc/raddb/modules/sqlcounter_expire_on_login including configuration file /etc/raddb/modules/exec including configuration file /etc/raddb/modules/unix including configuration file /etc/raddb/eap.conf including configuration file /etc/raddb/policy.conf including files in directory /etc/raddb/sites-enabled/ including configuration file /etc/raddb/sites-enabled/default including configuration file /etc/raddb/sites-enabled/inner-tunnel including configuration file /etc/raddb/sites-enabled/control-socket main { user = "radiusd" group = "radiusd" allow_core_dumps = no } including dictionary file /etc/raddb/dictionary main { prefix = "/usr" localstatedir = "/var" logdir = "/var/log/radius" libdir = "/usr/lib64/freeradius" radacctdir = "/var/log/radius/radacct" hostname_lookups = no max_request_time = 30 cleanup_delay = 5 max_requests = 1024 pidfile = &q
RE: Duplicating results for radtest
Hello Alan, Attached is a dump file with auth requests included. Mark Smith Systems Engineer Abel Alarm Co Ltd 4 Vaughan Way Leicester LE1 4ST web: www.abelalarm.co.uk email: mark.sm...@abelalarm.co.uk -Original Message- From: freeradius-users-bounces+mark.smith=abelalarm.co...@lists.freeradius.org [mailto:freeradius-users-bounces+mark.smith=abelalarm.co...@lists.freeradius .org] On Behalf Of James J J Hooper Sent: 27 January 2010 17:20 To: FreeRadius users mailing list Subject: RE: Duplicating results for radtest --On Wednesday, January 27, 2010 05:11:26 PM + Mark Smith wrote: > Please see attached radiusd -X dump file as requested. > > Mark Smith > Systems Engineer > > -Original Message- > From: Alan Buxey [mailto:a.l.m.bu...@lboro.ac.uk] > Sent: 27 January 2010 14:39 > To: mark.sm...@abelalarm.co.uk; FreeRadius users mailing list > Subject: Re: Duplicating results for radtest > > radiusd -X > > then we can see what/where things are happening Hi Mark, Your -X doesn't seem to include an auth request... Could you send one that does? If you watch the -X during the auth request, you should be able to see when and why any attributes are added. -James - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html Starting - reading configuration files ... reread_config: reading radiusd.conf Config: including file: /etc/raddb/proxy.conf Config: including file: /etc/raddb/clients.conf Config: including file: /etc/raddb/snmp.conf Config: including file: /etc/raddb/sql.conf main: prefix = "/usr" main: localstatedir = "/var" main: logdir = "/var/log/radius" main: libdir = "/usr/lib" main: radacctdir = "/var/log/radius/radacct" main: hostname_lookups = no main: snmp = no main: max_request_time = 30 main: cleanup_delay = 5 main: max_requests = 1024 main: delete_blocked_requests = 0 main: port = 1645 main: allow_core_dumps = no main: log_stripped_names = yes main: log_file = "/var/log/radius/radius.log" main: log_auth = yes main: log_auth_badpass = yes main: log_auth_goodpass = yes main: pidfile = "/var/run/radiusd/radiusd.pid" main: bind_address = 100.1.1.133 IP address [100.1.1.133] main: user = "radiusd" main: group = "radiusd" main: usercollide = no main: lower_user = "no" main: lower_pass = "no" main: nospace_user = "no" main: nospace_pass = "no" main: checkrad = "/usr/sbin/checkrad" main: proxy_requests = no proxy: retry_delay = 5 proxy: retry_count = 3 proxy: synchronous = no proxy: default_fallback = yes proxy: dead_time = 120 proxy: post_proxy_authorize = no proxy: wake_all_if_all_dead = no security: max_attributes = 200 security: reject_delay = 1 security: status_server = yes main: debug_level = 0 read_config_files: reading dictionary read_config_files: reading naslist Using deprecated naslist file. Support for this will go away soon. read_config_files: reading clients read_config_files: reading realms radiusd: entering modules setup Module: Library search path is /usr/lib Module: Loaded exec exec: wait = yes exec: program = "(null)" exec: input_pairs = "request" exec: output_pairs = "(null)" exec: packet_type = "(null)" rlm_exec: Wait=yes but no output defined. Did you mean output=none? Module: Instantiated exec (exec) Module: Loaded expr Module: Instantiated expr (expr) Module: Loaded CHAP Module: Instantiated chap (chap) Module: Loaded MS-CHAP mschap: use_mppe = yes mschap: require_encryption = no mschap: require_strong = no mschap: with_ntdomain_hack = no mschap: passwd = "(null)" mschap: ntlm_auth = "(null)" Module: Instantiated mschap (mschap) Module: Loaded SQL sql: driver = "rlm_sql_mysql" sql: server = "localhost" sql: port = "" sql: login = "root" sql: password = "wsxedc" sql: radius_db = "radius" sql: nas_table = "nas" sql: sqltrace = no sql: sqltracefile = "/var/log/radius/sqltrace.sql" sql: readclients = no sql: deletestalesessions = yes sql: num_sql_socks = 5 sql: sql_user_name = "%{User-Name}" sql: default_user_profile = "" sql: query_on_not_found = no sql: authorize_check_query = "SELECT id, UserName, Attribute, Value, op FROM radcheck WHERE Username = '%{SQL-User-Name}' ORDER BY id" sql: authorize_reply_query = "SELECT id, UserName, Attribute, Value, op FROM radreply WHERE Username = '%{SQL-User-Name}' ORDER BY id" sql: authorize_group_check_query = "SELECT radgroupcheck.id,radgroupcheck.GroupName,radgroupcheck.Attribute,radgroupcheck.Value,radgroupcheck.op FROM radgroupcheck,usergroup WHERE usergr