Testing radius server

Alex Bahoor alexbahoor at sbcglobal.net
Thu Dec 10 19:03:39 CET 2009 


Alan,

Radius -X is always on, and I went through the clients.conf file. -X gives a
lot information, since you asked here is my understanding. I'm not a
programmer so some of them are cryptic to me. I put in comments to what I
think they are, but they are only guesses. I would be very thankful if you
can shed lights on them. 

Also, there is file experimental.conf stated in eap.conf, but did not exist.
It may have some useful information.

root at Crest raddb]# radtest cisco cisco 127.0.0.1 200 testing123
Sending Access-Request of id 187 to 127.0.0.1 port 1812
	User-Name = "cisco"
	User-Password = "cisco"
	NAS-IP-Address = 127.0.0.1
	NAS-Port = 200
rad_recv: Access-Request packet from host 127.0.0.1 port 43663, id=187,
length=57
	User-Name = "cisco"
	User-Password = "cisco"
	NAS-IP-Address = 127.0.0.1
	NAS-Port = 200
+- entering group authorize {...}
++[preprocess] returns ok  	;what is preprocess and what does it do?
++[chap] returns noop	;I can tell that chap was not selected as a
protocol, right?

++[mschap] returns noop		;as above
[suffix] No '@' in User-Name = "cisco", looking up realm NULL ;why @ is
expected in a name or password?
[suffix] No such realm "NULL" ;what this mean?
++[suffix] returns noop
[eap] No EAP-Message, not doing EAP ;eap is not auth protocol.
++[eap] returns noop
++[unix] returns notfound	;what is this?
++[files] returns noop		?
++[expiration] returns noop	?
++[logintime] returns noop	?
[pap] WARNING! No "known good" password found for the user.  Authentication
may fail because of this.	;I do have a password (cisco).
++[pap] returns noop
No authenticate method (Auth-Type) configuration found for the request:
Rejecting the user		;this look like authentication protocol is a
must before the process can work, however, eap.conf file is there and eap is
uncommented out with it's arguments. ?
Failed to authenticate the user.
Using Post-Auth-Type Reject
+- entering group REJECT {...}
[attr_filter.access_reject] 	expand: %{User-Name} -> cisco
 attr_filter: Matched entry DEFAULT at line 11
++[attr_filter.access_reject] returns updated
Delaying reject of request 5 for 1 seconds
Going to the next request
Waking up in 0.9 seconds.
Sending delayed reject for request 5
Sending Access-Reject of id 187 to 127.0.0.1 port 43663
Waking up in 4.9 seconds.
rad_recv: Access-Reject packet from host 127.0.0.1 port 1812, id=187,
length=20
[root at Crest raddb]# Cleaning up request 5 ID 187 with timestamp +411
Ready to process requests.

Rgrds,

Alex


-----Original Message-----
From: freeradius-users-bounces+alexbahoor=sbcglobal.net at lists.freeradius.org
[mailto:freeradius-users-bounces+alexbahoor=sbcglobal.net at lists.freeradius.o
rg] On Behalf Of Alan Buxey
Sent: Thursday, December 10, 2009 2:07 AM
To: FreeRadius users mailing list
Subject: Re: Testing radius server

Hi,

> Now I know it's a config issue in the clients.conf, as radtest is failing.
I
> set user name and password, but radius is sending a reject. This is the
> first time I'm using radius. So please bear with me. Can some one mail me
> example of the minimum required configuration that needed for the radius
to
> work, no EAP or MSCAP ..etc. 

hey, guess what - 'radiusd -X'  this will be far more useful than
throwing random recommendations to you.

have you followed basic guidance regarding hwo to use clients.conf

eg

testuser Cleartext-Password := "testpassword"


alan
-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
 

__________ Information from ESET NOD32 Antivirus, version of virus signature
database 4674 (20091209) __________

The message was checked by ESET NOD32 Antivirus.

http://www.eset.com
  

__________ Information from ESET NOD32 Antivirus, version of virus signature
database 4676 (20091210) __________

The message was checked by ESET NOD32 Antivirus.

http://www.eset.com
 
 

__________ Information from ESET NOD32 Antivirus, version of virus signature
database 4676 (20091210) __________

The message was checked by ESET NOD32 Antivirus.

http://www.eset.com
 
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20091210/d22af4f7/attachment.html>

More information about the Freeradius-Users mailing list