EAP-MD5 Authentication problem. Resolved!!!

Marco Spiga mspiga3 at alice.it
Thu Dec 29 17:59:55 CET 2005


Thanks to your patience Alan, I have resolved !!!!!!!!!!!!!!!

I have reinstalled freeradius.
The errors was in radiusd.conf.
Sorry but I did not know that for any modify in users file it was needed restart radiusd :-(
The others old files do not give errors.

I haved included the difference between the bad radiusd.conf file and the good (my new) radiusd.conf file.


20c20,21
< bind_address = *
---
54,84c55,60
< 	pap {
< 		encryption_scheme = crypt
< 	}
< 	chap {
< 		authtype = CHAP
< 	}
< 	pam {
< 		pam_auth = radiusd
< 	}
< 	unix {
< 		cache = no
< 		cache_reload = 600
< 		shadow = /etc/shadow
< 		radwtmp = ${logdir}/radwtmp
< 	}
< $INCLUDE ${confdir}/eap.conf
< 	mschap {
< 		authtype = MS-CHAP
< 	}
< 	ldap {
< 		server = "ldap.your.domain"
< 		basedn = "o=My Org,c=UA"
< 		filter = "(uid=%{Stripped-User-Name:-%{User-Name}})"
< 		start_tls = no
< 		access_attr = "dialupAccess"
< 		dictionary_mapping = ${raddbdir}/ldap.attrmap
< 		ldap_connections_number = 5
< 		timeout = 4
< 		timelimit = 3
< 		net_timeout = 1
< 	}
---
> #$INCLUDE ${confdir}/eap.conf
> eap {
>                         default_eap_type = md5
>                         md5 {
>                         }
>                 }
136c112
< 	$INCLUDE ${confdir}/postgresql.conf
---
> 	$INCLUDE  ${confdir}/sql.conf
173a150
> 
175a153
> 
177a156,157
> 
> preprocess
182,197d161
< 	exec echo {
< 		wait = yes
< 		program = "/bin/echo %{User-Name}"
< 		input_pairs = request
< 		output_pairs = reply
< 	}
< 	ippool main_pool {
< 		range-start = 192.168.1.1
< 		range-stop = 192.168.3.254
< 		netmask = 255.255.255.0
< 		cache-size = 800
< 		session-db = ${raddbdir}/db.ippool
< 		ip-index = ${raddbdir}/db.ipindex
< 		override = no
< 		maximum-timeout = 0
< 	}
205,207d168
< 	chap
< 	mschap
< 	suffix
209,210d169
< 	files
< 	sql
213,222d171
< 	Auth-Type PAP {
< 		pap
< 	}
< 	Auth-Type CHAP {
< 		chap
< 	}
< 	Auth-Type MS-CHAP {
< 		mschap
< 	}
< 	unix
225a175
> 	files
233d182
< 	unix
234a184
> 	sql
237a188
> 	sql
239a191
> 	sql
244d195


Good year to all the participants to the mailing-list!!!!!!!!!!!!!!!

BYE





On Thu, Dec 29, 2005 at 02:22:19AM -0500, Alan DeKok wrote:
> From: "Alan DeKok" <aland at ox.org>
> To: FreeRadius users mailing list <freeradius-users at lists.freeradius.org>
> Date: Thu, 29 Dec 2005 02:22:19 -0500
> Subject: Re: EAP-MD5 Authentication problem 
> 
> Marco Spiga <mspiga3 at alice.it> wrote:
> > However as soon as installed freeradius I have tried radtest and it worked well, also whith users inserted in
> > radcheck table of postgresql and authentication EAP MD5 has not never worked.
> 
>   The entry in the "users" file isn't being matched because you edited
> radiusd.conf, and broke the server.
> 
> > modcall: entering group authorize for request 0
> >   modcall[authorize]: module "preprocess" returns ok for request 0
> >   rlm_eap: EAP packet type response id 210 length 9
> >   rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
> >   modcall[authorize]: module "eap" returns updated for request 0
> > modcall: group authorize returns updated for request 0
> 
>   See?  There's no mention of the "files" module, or that any entry in
> the "users" file was matched.  So you can edit the "users" file
> forever, and it won't affect anything... because *you* told the server
> to not look at the "users" file.
> 
> >         # eap sets the authenticate type as EAP
> >         authorize {
> >                 ...
> >                 eap
> >         }
> 
>   And rather than quoting your exact "authorize" section, you've
> edited it.
> 
>   Since I can read the debug output, I can tell what you've done.  But
> by editing the "radiusd.conf" pieces you quoted, you've gone out of
> your way to make it more difficult for anyone to be able to help you.
> 
>   In short, if you don't know what the entries in "radiusd.conf" do,
> DON'T EDIT THEM.  The default configuration is set up that way for a
> reason.  IT WORKS.
> 
>   If you had used the default configuration, the "users" file entry
> would have worked as I said.  But because you edited the default
> configuration (and didn't say you edited it), you broke it, and the
> "users" fil entry didn't work.
> 
>   Alan DeKok.
> - 
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
---fine del testo---

-- 
				!!!!! Messaggio da Marco !!!!!



More information about the Freeradius-Users mailing list