Testing radius server

[Alan Buxey]

Hi,

> Radius -X is always on, and I went through the clients.conf file. -X gives a lot information, since you asked here is my understanding. I'm not a programmer so some of them are cryptic to me. I put in comments to what I think they are, but they are only guesses. I would be very thankful if you can shed lights on them.


> Also, there is file experimental.conf stated in eap.conf, but did not exist. It may have some useful information.

i think you need to start with the basics before  you start playing with experimental features! ;-)

> root at Crest raddb]# radtest cisco cisco 127.0.0.1 200 testing123

okay - very simple. we now look to see what happens....i've cut out the basic bits
to answer your questions

> ++[preprocess] returns ok       ;what is preprocess and what does it do?

Contains the functions for the "huntgroups" and "hints" - if you use those files then
they'll seed the request so you can deal with it

> ++[chap] returns noop   ;I can tell that chap was not selected as a protocol, right?

correct

> ++[mschap] returns noop         ;as above

yep

> [suffix] No '@' in User-Name = "cisco", looking up realm NULL ;why @ is expected in a name or password?

@ is not 'expected' - but if its present then the suffix module will do stuff.

> [suffix] No such realm "NULL" ;what this mean?

exactly what it says - there wasnt a suffix, so the value is NULL but the suffix module
found no NULL realm in your config

> [eap] No EAP-Message, not doing EAP ;eap is not auth protocol.

correct - this isnt an EAP message

> ++[unix] returns notfound       ;what is this?

unix passwd support. if you dont want to use /etc/passwd etc then comment 'unix' module out

> ++[files] returns noop          ?

this is the big one - this is saying that files module found no information - this suggests that eg
you dont have

cisco Cleartext-Password := "cisco"

in your users file.  if you do then you are looking at the wrong users file - /etc/raddb/users or
/usr/local/etc/raddb ?
 
> ++[expiration] returns noop     ?
> ++[logintime] returns noop      ?

2 modules that deal with exactly what they say - expiration and logintime - these are authorisation
methods

> [pap] WARNING! No "known good" password found for the user.  Authentication may fail because of this.   ;I do have a password (cisco).

PAP could not find your configured user - it relies on at least one of the previous methods to get such a user!

> No authenticate method (Auth-Type) configuration found for the request: Rejecting the user              ;this look like authentication protocol is a must before the process can work, however, eap.conf file is there and eap is uncommented out with it’s arguments. ?

radtest doesnt do EAP  you need to use one of the tests that does do EAP. 

anyway....I can safely state that if you install a fresh FreeRADIUS you should be able to
add an example user to the users file (as I state above!) and do a radtest and test the whole
thing within minutes. 

alan