right tutorial

Javier Escalante Javier.Escalante at bwireless.eu
Tue Jun 26 00:04:55 CEST 2018


Sorry, I found what you mean, I tried with yes and no, and the result is the same...

Javier Escalante
Business Development Manager
Javier.escalante at bwireless.eu 
00 34 626 785 675
00 34 93 141 56 36
00 41 78 689 85 69
Skype: fruiz002
Do you know our IoT solutions? Have a look here: www.bsmart.global
http://www.bwireless.eu
Le informamos que, de conformidad con la Ley Orgánica 15/1999, de 13 de diciembre, de Protección de Datos de Carácter  Personal, se informa que todos los datos personales que nos ha facilitado serán incorporados y tratados en los ficheros de B’W & TAKACS TELECOM, S.L. para las finalidades de su e-mail. 
Puede ejercer sus derechos de acceso, rectificación, cancelación y oposición mediante una comunicación a B’W & TAKACS TELECOM, S.L. con domicilio en Camil Oliveras, 26, 08032 Barcelona (España), o bien mediante una comunicación a la dirección de correo electrónico info at bwireless.eu. En ambos casos, deberá  acompañar una copia de su documento nacional de identidad o documento válido que lo identifique. 


-----Original Message-----
From: Freeradius-Users [mailto:freeradius-users-bounces+javier.escalante=bwireless.eu at lists.freeradius.org] On Behalf Of Alan Buxey
Sent: lunes, 25 de junio de 2018 18:22
To: FreeRadius users mailing list
Subject: Re: right tutorial

hi,

check your config (sql config) to ensure you are not using the group check stuff if you dont want groups and havent defined groups

# Tables containing 'check' items
authcheck_table = "radcheck"
groupcheck_table = "radgroupcheck"

# Tables containing 'reply' items
authreply_table = "radreply"
groupreply_table = "radgroupreply"

# Table to keep group info
usergroup_table = "radusergroup"

# If set to 'yes' (default) we read the group tables unless Fall-Through = no in the reply table.
# If set to 'no' we do not read the group tables unless Fall-Through = yes in the reply table.
# read_groups = yes

see?  its a check item by default...and if you dont have a response, its a
fail.   you might want to put relevant things int he radreply table.

alan


On 24 June 2018 at 14:57, Javier Escalante <Javier.Escalante at bwireless.eu>
wrote:

> Hello,
>
> Sorry guys, based on the answers of Alan, I might be stupid...I'll 
> explain another time and I hope this time I get some help:
>
> 1. I installed a fresh server (I have my all server already configured 
> and working since 4 years) 2. I installed freeradius 3.0.16 and mysql. 
> No errors during installation 3. I tested with user and password in 
> file, and it worked perfectly 4. I tested by putting the user test 
> with password test in radcheck and the authentication failed as it is 
> shown further down.
> 5. I have searched in all kind of forums and obviously also in 
> www.freeradius.org. No solution yet.
> 6. The sql seems to be working despite the include line is not 
> uncommented in radiusd.conf. Can somebody confirm?
>
> Can anybody give me a clue of how to solve this problem?
>
> Request:
>
> radtest test test localhost 10 1107
>
> Freeradius debug output:
>
> Ready to process requests
> (0) Received Access-Request Id 195 from 127.0.0.1:37474 to 
> 127.0.0.1:1812 length
>                    74
> (0)   User-Name = "test"
> (0)   User-Password = "test"
> (0)   NAS-IP-Address = 5.135.246.127
> (0)   NAS-Port = 10
> (0)   Message-Authenticator = 0x05270c450007175556849d0b38cc7a27
> (0) # Executing section authorize from file 
> /etc/freeradius/3.0/sites-enabled/de
>
>           fault
> (0)   authorize {
> (0)     [preprocess] = ok
> (0)     [chap] = noop
> (0)     [mschap] = noop
> (0)     [digest] = noop
> (0) suffix: Checking for suffix after "@"
> (0) suffix: No '@' in User-Name = "test", looking up realm NULL
> (0) suffix: No such realm "NULL"
> (0)     [suffix] = noop
> (0) eap: No EAP-Message, not doing EAP
> (0)     [eap] = noop
> (0)     [files] = noop
> (0) sql: EXPAND %{User-Name}
> (0) sql:    --> test
> (0) sql: SQL-User-Name set to 'test'
> rlm_sql (sql): Reserved connection (0)
> (0) sql: EXPAND SELECT id, username, attribute, value, op FROM 
> radcheck WHERE us
>                     ername = '%{SQL-User-Name}' ORDER BY id
> (0) sql:    --> SELECT id, username, attribute, value, op FROM radcheck
> WHERE us
>                     ername = 'test' ORDER BY id
> (0) sql: Executing select query: SELECT id, username, attribute, 
> value, op FROM
>                  radcheck WHERE username = 'test' ORDER BY id
> (0) sql: EXPAND SELECT groupname FROM radusergroup WHERE username =
> '%{SQL-User-
>                         Name}' ORDER BY priority
> (0) sql:    --> SELECT groupname FROM radusergroup WHERE username = 'test'
> ORDER
>                    BY priority
> (0) sql: Executing select query: SELECT groupname FROM radusergroup 
> WHERE userna
>                   me = 'test' ORDER BY priority
> (0) sql: User not found in any groups
> rlm_sql (sql): Released connection (0) Need 5 more connections to 
> reach 10 spares rlm_sql (sql): Opening additional connection (5), 1 of 
> 27 pending slots used
> (0)     [sql] = notfound
> (0)     [expiration] = noop
> (0)     [logintime] = noop
> (0) pap: WARNING: No "known good" password found for the user.  Not 
> setting Auth
>                         -Type
> (0) pap: WARNING: Authentication will fail unless a "known good" 
> password is ava
>                   ilable
> (0)     [pap] = noop
> (0)   } # authorize = ok
> (0) ERROR: No Auth-Type found: rejecting the user via Post-Auth-Type = 
> Reject
> (0) Failed to authenticate the user
> (0) Using Post-Auth-Type Reject
> (0) # Executing group from file /etc/freeradius/3.0/sites-enabled/default
> (0)   Post-Auth-Type REJECT {
> (0) sql: EXPAND .query
> (0) sql:    --> .query
> (0) sql: Using query template 'query'
> rlm_sql (sql): Reserved connection (1)
> (0) sql: EXPAND %{User-Name}
> (0) sql:    --> test
> (0) sql: SQL-User-Name set to 'test'
> (0) sql: EXPAND INSERT INTO radpostauth (username, pass, reply, 
> authdate) VALUES
>                    ( '%{SQL-User-Name}', 
> '%{%{User-Password}:-%{Chap-Password}}',
> '%{reply:Packet-
>                             Type}', '%S')
> (0) sql:    --> INSERT INTO radpostauth (username, pass, reply, authdate)
> VALUES
>                    ( 'test', 'test', 'Access-Reject', '2018-06-24 
> 13:55:21')
> (0) sql: Executing query: INSERT INTO radpostauth (username, pass, 
> reply, authda
>                   te) VALUES ( 'test', 'test', 'Access-Reject', 
> '2018-06-24
> 13:55:21')
> (0) sql: SQL query returned: success
> (0) sql: 1 record(s) updated
> rlm_sql (sql): Released connection (1)
> (0)     [sql] = ok
> (0) attr_filter.access_reject: EXPAND %{User-Name}
> (0) attr_filter.access_reject:    --> test
> (0) attr_filter.access_reject: Matched entry DEFAULT at line 11
> (0)     [attr_filter.access_reject] = updated
> (0)     [eap] = noop
> (0)     policy remove_reply_message_if_eap {
> (0)       if (&reply:EAP-Message && &reply:Reply-Message) {
> (0)       if (&reply:EAP-Message && &reply:Reply-Message)  -> FALSE
> (0)       else {
> (0)         [noop] = noop
> (0)       } # else = noop
> (0)     } # policy remove_reply_message_if_eap = noop
> (0)   } # Post-Auth-Type REJECT = updated
> (0) Delaying response for 1.000000 seconds Waking up in 0.3 seconds.
> Waking up in 0.6 seconds.
> (0) Sending delayed response
> (0) Sent Access-Reject Id 195 from 127.0.0.1:1812 to 127.0.0.1:37474 
> length 20 Waking up in 3.9 seconds.
> (0) Cleaning up request packet ID 195 with timestamp +2 Ready to 
> process requests
>
> Thanks in advance
>
>
> BR
>
>
>
>
> Javier Escalante
> Business Development Manager
> Javier.escalante at bwireless.eu
> 00 34 626 785 675
> 00 34 93 141 56 36
> 00 41 78 689 85 69
> Skype: fruiz002
> Do you know our IoT solutions? Have a look here: www.bsmart.global 
> http://www.bwireless.eu Le informamos que, de conformidad con la Ley 
> Orgánica 15/1999, de 13 de diciembre, de Protección de Datos de 
> Carácter  Personal, se informa que todos los datos personales que nos 
> ha facilitado serán incorporados y tratados en los ficheros de B’W & 
> TAKACS TELECOM, S.L. para las finalidades de su e-mail.
> Puede ejercer sus derechos de acceso, rectificación, cancelación y 
> oposición mediante una comunicación a B’W & TAKACS TELECOM, S.L. con 
> domicilio en Camil Oliveras, 26, 08032 Barcelona (España), o bien 
> mediante una comunicación a la dirección de correo electrónico info at bwireless.eu.
> En ambos casos, deberá  acompañar una copia de su documento nacional 
> de identidad o documento válido que lo identifique.
>
>
> -----Original Message-----
> From: Freeradius-Users 
> [mailto:freeradius-users-bounces+javier.escalante=
> bwireless.eu at lists.freeradius.org] On Behalf Of Alan Buxey
> Sent: viernes, 22 de junio de 2018 20:06
> To: FreeRadius users mailing list
> Subject: Re: right tutorial
>
> hi,
>
> Could somebody tell us which tutorial /wiki can we follow in order to
> > properly configure freeradius 3.0.16?
> >
>
> properly configure?  you need to define what it is you are trying to do.
> based on other replies there is history here that I havent seen (or 
> deleted amongst deluge of other posts) one persons 
> requirement/use-case rarely matches with another.
>
> take FreeRADIUS 3.0.16 - either built form source or via package.   then
> follow the guides (or read the docs in the config files themselves) as 
> required.
>
> DONT hack a load of the config around , start with basics (as per 
> docs)
>
>
> alan
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/ 
> list/users.html
>
>
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/ 
> list/users.html
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html




More information about the Freeradius-Users mailing list