<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<meta content="text/html;charset=ISO-8859-1" http-equiv="Content-Type">
</head>
<body bgcolor="#ffffff" text="#000000">
Hello!<br>
I got to work my freeradius configuration for the following environment:<br>
*Freeradius client is a wifi access point, wifi-clients can connect via
wpa2-enterprise / eap-peap<br>
*i'm still using test certificates<br>
*The data-Backend is a mysql-storage with a different table structure
that default. The queries that I've changed work correctly. This has
been tested<br>
*My tests are done with a linux wifi-client using wpa_supplicant and
kde-frontends<br>
<br>
Now my goal is to tell the NAS to assign every wifi-packet to a certain
VLAN. I don't need to have a dynamic assignment of VLAN based on
usernames or something else. One VLAN would be sufficient.<br>
<br>
The solution I found was to insert the following lines into the
radgroupreply table (splitted up into the correct columns...):<br>
Tunnel-Type = 13<br>
Tunnel-Medium-Type = 6<br>
Tunnel-Private-Group-Id = 10<br>
<br>
After I've done this entry, I hoped that it would work, but it didn't.
There is no dialogue that contains such information. Below I pasted
such a dialogue. Can you please help me to find the problem and a
working solution for it? I'm not sure if eap/peap and tunnelling is
working in the correct way...<br>
<br>
Thank you!<br>
Marten<br>
<br>
rad_recv: Access-Request packet from host 172.20.160.40 port 32768,
id=165, length=261<br>
User-Name = "marpap"<br>
NAS-IP-Address = 172.20.160.40<br>
NAS-Port = 0<br>
Called-Station-Id = "00-18-84-A2-7D-C5:ABH-Radiustest"<br>
Calling-Station-Id = "00-60-B3-63-4E-03"<br>
Framed-MTU = 1400<br>
NAS-Port-Type = Wireless-802.11<br>
Connect-Info = "CONNECT 0Mbps 802.11"<br>
EAP-Message =
0x02a100601900170301002008e9b2a352735ed2407406268dd56051d9adc7798d3cda8b660c740ba3871bd6170301003042f11b790723eaeeed249cadbf49997f453b7806afe61b6a40af64c3995ecc43952584e4d7e221c4596e9479d56be47a<br>
State = 0x4135755949946c07b29c66b8d618b063<br>
Message-Authenticator = 0x9ab8793841a539e9a2086d12d79b2b38<br>
+- entering group authorize {...}<br>
++[preprocess] returns ok<br>
++[mschap] returns noop<br>
[eap] EAP packet type response id 161 length 96<br>
[eap] Continuing tunnel setup.<br>
++[eap] returns ok<br>
Found Auth-Type = EAP<br>
+- entering group authenticate {...}<br>
[eap] Request found, released from the list<br>
[eap] EAP/peap<br>
[eap] processing type peap<br>
[peap] processing EAP-TLS<br>
[peap] eaptls_verify returned 7 <br>
[peap] Done initial handshake<br>
[peap] eaptls_process returned 7 <br>
[peap] EAPTLS_OK<br>
[peap] Session established. Decoding tunneled attributes.<br>
[peap] Received EAP-TLV response.<br>
[peap] Success<br>
[eap] Freeing handler<br>
++[eap] returns ok<br>
+- entering group post-auth {...}<br>
[sql] expand: %{User-Name} -> marpap<br>
[sql] sql_set_user escaped user --> 'marpap'<br>
[sql] expand: %{User-Password} -> <br>
[sql] ... expanding second conditional<br>
[sql] expand: %{Chap-Password} -> <br>
[sql] expand: INSERT INTO radpostauth
(username, pass, reply, authdate) VALUES
( '%{User-Name}',
'%{%{User-Password}:-%{Chap-Password}}',
'%{reply:Packet-Type}', '%S') -> INSERT INTO
radpostauth (username, pass, reply,
authdate) VALUES (
'marpap', '',
'Access-Accept', '2010-08-30 17:54:46')<br>
[sql] expand: /var/log/freeradius/sqltrace.sql ->
/var/log/freeradius/sqltrace.sql<br>
rlm_sql (sql) in sql_postauth: query is INSERT INTO
radpostauth (username, pass, reply,
authdate) VALUES (
'marpap', '',
'Access-Accept', '2010-08-30 17:54:46')<br>
rlm_sql (sql): Reserving sql socket id: 4<br>
rlm_sql_mysql: query: INSERT INTO
radpostauth (username, pass, reply,
authdate) VALUES (
'marpap', '',
'Access-Accept', '2010-08-30 17:54:46')<br>
rlm_sql (sql): Released sql socket id: 4<br>
++[sql] returns ok<br>
++[exec] returns noop<br>
Sending Access-Accept of id 165 to 172.20.160.40 port 32768<br>
MS-MPPE-Recv-Key =
0x63de979ef48495f1fe3db129c78383084c9d5661e2e14b85c89a4596e96756eb<br>
MS-MPPE-Send-Key =
0x010d4434923d42929b0d7d1b595e991391bf7c0ec6a70ee391591593fac04815<br>
EAP-Message = 0x03a10004<br>
Message-Authenticator = 0x00000000000000000000000000000000<br>
User-Name = "marpap"<br>
Finished request 9.<br>
Going to the next request<br>
Waking up in 4.8 seconds.<br>
<br>
<br>
gahn schrieb:
<blockquote cite="mid:806180.58779.qm@web52302.mail.re2.yahoo.com"
type="cite">
<pre wrap="">Thanks. Matteo:
But I don't have this 192.168.1.29 in my network and I have not configured any NAS yet. it was just genetic tests based on "radtest"...
--- On Mon, 8/30/10, <a class="moz-txt-link-abbreviated" href="mailto:matteo@crs4.it">matteo@crs4.it</a> <a class="moz-txt-link-rfc2396E" href="mailto:matteo@crs4.it"><matteo@crs4.it></a> wrote:
</pre>
<blockquote type="cite">
<pre wrap="">From: <a class="moz-txt-link-abbreviated" href="mailto:matteo@crs4.it">matteo@crs4.it</a> <a class="moz-txt-link-rfc2396E" href="mailto:matteo@crs4.it"><matteo@crs4.it></a>
Subject: Re: radius newbie question
To: <a class="moz-txt-link-abbreviated" href="mailto:freeradius-users@lists.freeradius.org">freeradius-users@lists.freeradius.org</a>
Date: Monday, August 30, 2010, 10:33 AM
Hello gahn,
that's ithe IP address of an Access Point you're using to
connect to
the network, or a switch, for example.
Matteo
Quoting gahn <a class="moz-txt-link-rfc2396E" href="mailto:ipfreak@yahoo.com"><ipfreak@yahoo.com></a>:
</pre>
<blockquote type="cite">
<pre wrap="">Ok.
now I started the server with "radiusd -X" and run
</pre>
</blockquote>
<pre wrap="">"radtest testing
</pre>
<blockquote type="cite">
<pre wrap="">password localhost 10 secret test123":
bn_1# radtest testing password localhost 10 secret
</pre>
</blockquote>
<pre wrap="">test123
</pre>
<blockquote type="cite">
<pre wrap="">Sending Access-Request of id 158 to 127.0.0.1 port
</pre>
</blockquote>
<pre wrap="">1812
</pre>
<blockquote type="cite">
<pre wrap=""> User-Name =
</pre>
</blockquote>
<pre wrap="">"testing"
</pre>
<blockquote type="cite">
<pre wrap=""> User-Password =
</pre>
</blockquote>
<pre wrap="">"password"
</pre>
<blockquote type="cite">
<pre wrap=""> NAS-IP-Address =
</pre>
</blockquote>
<pre wrap="">192.168.1.29
</pre>
<blockquote type="cite">
<pre wrap=""> NAS-Port = 10
Framed-Protocol
</pre>
</blockquote>
<pre wrap="">= PPP
</pre>
<blockquote type="cite">
<pre wrap="">radclient: Failed to send packet for ID 158: (unknown
</pre>
</blockquote>
<pre wrap="">error)
</pre>
<blockquote type="cite">
<pre wrap="">Sending Access-Request of id 158 to 127.0.0.1 port
</pre>
</blockquote>
<pre wrap="">1812
</pre>
<blockquote type="cite">
<pre wrap=""> User-Name =
</pre>
</blockquote>
<pre wrap="">"testing"
</pre>
<blockquote type="cite">
<pre wrap=""> User-Password =
</pre>
</blockquote>
<pre wrap="">"password"
</pre>
<blockquote type="cite">
<pre wrap=""> NAS-IP-Address =
</pre>
</blockquote>
<pre wrap="">192.168.1.29
</pre>
<blockquote type="cite">
<pre wrap=""> NAS-Port = 10
Framed-Protocol
</pre>
</blockquote>
<pre wrap="">= PPP
</pre>
<blockquote type="cite">
<pre wrap="">radclient: Failed to send packet for ID 158: (unknown
</pre>
</blockquote>
<pre wrap="">error)
</pre>
<blockquote type="cite">
<pre wrap="">Sending Access-Request of id 158 to 127.0.0.1 port
</pre>
</blockquote>
<pre wrap="">1812
</pre>
<blockquote type="cite">
<pre wrap=""> User-Name =
</pre>
</blockquote>
<pre wrap="">"testing"
</pre>
<blockquote type="cite">
<pre wrap=""> User-Password =
</pre>
</blockquote>
<pre wrap="">"password"
</pre>
<blockquote type="cite">
<pre wrap=""> NAS-IP-Address =
</pre>
</blockquote>
<pre wrap="">192.168.1.29
</pre>
<blockquote type="cite">
<pre wrap=""> NAS-Port = 10
Framed-Protocol
</pre>
</blockquote>
<pre wrap="">= PPP
</pre>
<blockquote type="cite">
<pre wrap="">radclient: Failed to send packet for ID 158: (unknown
</pre>
</blockquote>
<pre wrap="">error)
</pre>
<blockquote type="cite">
<pre wrap="">radclient: no response from server for ID 158 socket
</pre>
</blockquote>
<pre wrap="">3
</pre>
<blockquote type="cite">
<pre wrap="">
but the server debug didn't show anything:
Listening on authentication address * port 1812
Listening on accounting address * port 1813
Listening on command file
</pre>
</blockquote>
<pre wrap="">/var/run/radiusd/radiusd.sock
</pre>
<blockquote type="cite">
<pre wrap="">Listening on proxy address * port 1814
Ready to process requests.
where did that "NAS-IP-Address = 192.168.1.29" come
</pre>
</blockquote>
<pre wrap="">from?
</pre>
<blockquote type="cite">
<pre wrap="">Thanks in advance
--- On Sat, 8/28/10, gahn <a class="moz-txt-link-rfc2396E" href="mailto:ipfreak@yahoo.com"><ipfreak@yahoo.com></a>
</pre>
</blockquote>
<pre wrap="">wrote:
</pre>
<blockquote type="cite">
<blockquote type="cite">
<pre wrap="">From: gahn <a class="moz-txt-link-rfc2396E" href="mailto:ipfreak@yahoo.com"><ipfreak@yahoo.com></a>
Subject: Re: radius newbie question
To: "FreeRadius users mailing list" <a class="moz-txt-link-rfc2396E" href="mailto:freeradius-users@lists.freeradius.org"><freeradius-users@lists.freeradius.org></a>
Date: Saturday, August 28, 2010, 11:56 AM
thanks.
giraffe is the temp hostname (for now).. it is
</pre>
</blockquote>
</blockquote>
<pre wrap="">behind a dsl
</pre>
<blockquote type="cite">
<blockquote type="cite">
<pre wrap="">link at this moment and this public address is
</pre>
</blockquote>
</blockquote>
<pre wrap="">listed in
</pre>
<blockquote type="cite">
<blockquote type="cite">
<pre wrap="">ddns.
once i pointed my /etc/resolv.conf to that ddns
provider,the "radtest" worked as it is designed.
But why?
--- On Sat, 8/28/10, Alan Buxey <a class="moz-txt-link-rfc2396E" href="mailto:A.L.M.Buxey@lboro.ac.uk"><A.L.M.Buxey@lboro.ac.uk></a>
wrote:
</pre>
<blockquote type="cite">
<pre wrap="">From: Alan Buxey <a class="moz-txt-link-rfc2396E" href="mailto:A.L.M.Buxey@lboro.ac.uk"><A.L.M.Buxey@lboro.ac.uk></a>
Subject: Re: radius newbie question
To: "FreeRadius users mailing
</pre>
</blockquote>
</blockquote>
</blockquote>
<pre wrap="">list"
</pre>
<blockquote type="cite">
<blockquote type="cite">
<pre wrap=""><a class="moz-txt-link-rfc2396E" href="mailto:freeradius-users@lists.freeradius.org"><freeradius-users@lists.freeradius.org></a>
</pre>
<blockquote type="cite">
<pre wrap="">Date: Saturday, August 28, 2010, 11:46 AM
Hi,
</pre>
<blockquote type="cite">
<pre wrap="">host# radtest testing password localhost
</pre>
</blockquote>
</blockquote>
</blockquote>
</blockquote>
<pre wrap="">10
</pre>
<blockquote type="cite">
<blockquote type="cite">
<blockquote type="cite">
<pre wrap="">testing123
</pre>
<blockquote type="cite">
<pre wrap="">radclient:: Failed to find IP address
</pre>
</blockquote>
</blockquote>
</blockquote>
</blockquote>
<pre wrap="">for
</pre>
<blockquote type="cite">
<blockquote type="cite">
<pre wrap="">giraffe
</pre>
<blockquote type="cite">
<blockquote type="cite">
<pre wrap="">radclient: Nothing to send.
</pre>
</blockquote>
<pre wrap="">where does giraffe come from? whats in
</pre>
</blockquote>
</blockquote>
</blockquote>
<pre wrap="">your
</pre>
<blockquote type="cite">
<blockquote type="cite">
<blockquote type="cite">
<pre wrap="">/etc/resolv.conf?
alan
-
List info/subscribe/unsubscribe?
</pre>
</blockquote>
</blockquote>
</blockquote>
<pre wrap="">See
</pre>
<blockquote type="cite">
<blockquote type="cite">
<pre wrap=""><a class="moz-txt-link-freetext" href="http://www.freeradius.org/list/users.html">http://www.freeradius.org/list/users.html</a>
</pre>
<pre wrap="">
-
List info/subscribe/unsubscribe?
</pre>
</blockquote>
</blockquote>
<pre wrap="">See
</pre>
<blockquote type="cite">
<blockquote type="cite">
<pre wrap=""><a class="moz-txt-link-freetext" href="http://www.freeradius.org/list/users.html">http://www.freeradius.org/list/users.html</a>
</pre>
</blockquote>
<pre wrap="">
-
List info/subscribe/unsubscribe?
</pre>
</blockquote>
<pre wrap="">See
</pre>
<blockquote type="cite">
<pre wrap=""><a class="moz-txt-link-freetext" href="http://www.freeradius.org/list/users.html">http://www.freeradius.org/list/users.html</a>
</pre>
</blockquote>
<pre wrap="">
----------------------------------------------------------------
This message was sent using IMP, the Internet Messaging
Program.
-
List info/subscribe/unsubscribe? See <a class="moz-txt-link-freetext" href="http://www.freeradius.org/list/users.html">http://www.freeradius.org/list/users.html</a>
</pre>
</blockquote>
<pre wrap=""><!---->
-
List info/subscribe/unsubscribe? See <a class="moz-txt-link-freetext" href="http://www.freeradius.org/list/users.html">http://www.freeradius.org/list/users.html</a>
</pre>
</blockquote>
<br>
</body>
</html>