Freeradius+Java application api call and authenticate

sollunga sollunga at yahoo.com
Fri Mar 20 13:43:40 CET 2009


finally i had some luck i guess, now the radius do authentication, but
jradius simulator say's timedout, could be ACS is not passing the
information to simulator i feel. though i am using ACS proxy distributin
table, still simulator is not getting the response back, any clues will be
greatly appreciated sir/mam.

once after this is up, how do i proceed to forward/receive  these info
(username,password, token pass)to be confirmed for the java based
application

i know i am in total confusion mode, but some kind of help will be helpful
for me to look towards right direction..

following are the logs from radiusd -X

rlm_jradius: reading attribute: type=1259012097; len=1
rlm_jradius: Released JRadius socket id: 6
++[jradius] returns updated
++[preprocess] returns ok
[chap] Setting 'Auth-Type := CHAP'
++[chap] returns ok
[files] users: Matched entry doe at mydomain.com at line 90
[files]         expand: Hello, %{User-Name} -> Hello, doe at mydomain.com
++[files] returns ok
Found Auth-Type = CHAP
+- entering group CHAP {...}
[chap] login attempt by "doe at mydomain.com" with CHAP password
[chap] Using clear text password "hello" for user doe at mydomain.com
authentication.
[chap] chap user doe at mydomain.com authenticated succesfully
++[chap] returns ok
Login OK: [doe at mydomain.com/<CHAP-Password>] (from client mydomain port 0)
+- entering group post-auth {...}
++[exec] returns noop
Sending Access-Accept of id 2 to 192.168.0.50 port 2773
        Reply-Message = "Hello, doe at mydomain.com"
        Proxy-State = 0x434953434f3a30
Finished request 1.
Going to the next request
Waking up in 1.9 seconds.
Cleaning up request 1 ID 2 with timestamp +13
Ready to process requests.


:confused:
>> packets in request from "mydomain":
--- packet 1 of 2
Class: class net.jradius.packet.AccessRequest
Attributes:
User-Name = doe at mydomain.com
NAS-IP-Address = 127.0.0.1
CHAP-Challenge = [Binary Data (length=16)]
CHAP-Password = [Binary Data (length=17)]
Message-Authenticator = [Binary Data (length=16)]
Proxy-State = [Binary Data (length=7)]

--- packet 2 of 2
Class: class net.jradius.packet.NullPacket
Attributes:

Configuration Items:
JRadius-Session-Id := 6cc2f8c3c2e248a2648c5656b62ce82b
JRadius-Request-Id := 2



sollunga wrote:
> 
> thanks ivan for the quick reply, will get back to you shortly
> 
> 
> 
> sollunga wrote:
>> 
>> i am using Cisco ACS for authenticating my vpn users, now i thought of
>> using two factor auth in place against the direct authentication by ACS,
>> on this process one of the googling guided me to try proxying the ACS to
>> Freeradius and call some scripts to talk to the java application. now by
>> making the ACS to do proxying at network configuration, i can see the
>> request is flowing to freeradius from ACS, and the freeradius does 
>> 
>> ""
>> [chap] rlm_chap: Attribute "User-Name" is required for authentication.
>> ++[chap] returns invalid
>> Failed to authenticate the user.
>> Using Post-Auth-Type Reject
>> +- entering group REJECT {...}
>> [attr_filter.access_reject]     expand: %{User-Name} ->
>> ++[attr_filter.access_reject] returns noop
>> Delaying reject of request 27 for 1 seconds
>> 
>> ""
>> 
>> after a while it says
>> 
>> ""
>> [pap] Found existing Auth-Type, not changing it.
>> ++[pap] returns noop
>> Found Auth-Type = CHAP
>> +- entering group CHAP {...}
>> [chap] login attempt by "Doe" with CHAP password
>> [chap] Using clear text password "hello" for user Doe authentication.
>> [chap] chap user Doe authenticated succesfully
>> ++[chap] returns ok
>> +- entering group post-auth {...}
>> ++[exec] returns noop
>> Sending Access-Accept of id 63 to
>> 
>> ""
>> i am trying to figure out where could be the issue
>> 
>> once after this process, i need to send the same to a java application
>> and get a success status from there and authenticate this user.
>> 
>> could it be possible?
>> 
>> team i am a newbie here, i am just a sys admin, and now trying extend my
>> knowledge, please help me.
>> 
> 
> 

-- 
View this message in context: http://www.nabble.com/Freeradius%2BJava-application-api-call-and-authenticate-tp22449820p22619518.html
Sent from the FreeRadius - User mailing list archive at Nabble.com.




More information about the Freeradius-Users mailing list