I am using free-radius version 2.10<br> <br>I am trying to get the server statistics to be displayed for number of access-requests, responses etc:<br> <br> <br>echo "Message-Authenticator = 0x00,FreeRADIUS-Statistics-Type = 1" | radclient localhost:18120 status testing5<br>
<br>but its only printing the “access accept”<br> <br>I have seen the following example but somehow it doesn’t work on my setup, is this some bug or some configuration issue? Can you please help?<br> <br>Asking with radclient<br>
The next step is to ask the status server questions about the state of the server. There are some hints in the manual page of the radclient program and the configuration file of the status server itself. Combining both information you can ask i.e. about all authentication packet to and from the server: <br>
# echo "Message-Authenticator = 0x00, FreeRADIUS-Statistics-Type = 1" | \<br>radclient localhost:18120 status adminsecret<br>Received response ID 180, code 2, length = 140<br> FreeRADIUS-Total-Access-Requests = 3<br>
FreeRADIUS-Total-Access-Accepts = 1<br> FreeRADIUS-Total-Access-Rejects = 0<br> FreeRADIUS-Total-Access-Challenges = 0<br> FreeRADIUS-Total-Auth-Responses = 1<br> FreeRADIUS-Total-Auth-Duplicate-Requests = 0<br> FreeRADIUS-Total-Auth-Malformed-Requests = 0<br>
FreeRADIUS-Total-Auth-Invalid-Requests = 0<br> FreeRADIUS-Total-Auth-Dropped-Requests = 3<br> FreeRADIUS-Total-Auth-Unknown-Types = 0<br><a href="http://wiki.freeradius.org/Status">http://wiki.freeradius.org/Status</a><br>
<br><br>
<div class="gmail_quote">On Thu, Oct 28, 2010 at 6:28 PM, Maurice James <span dir="ltr"><<a href="mailto:midnightsteel@msn.com">midnightsteel@msn.com</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="PADDING-LEFT: 1ex; MARGIN: 0px 0px 0px 0.8ex; BORDER-LEFT: #ccc 1px solid">Working settings<br>I will be stating the changes from the default settings that I made to get<br>it to work. All file names are followed by a colon :<br>
<br><br><<<<< = notes changes<br><br><br><br>****First you must have your ldap server store password in clear text. They<br>CANNOT be hashed in any way****<br>eap.conf:<br>default_eap_type = peap <<<<<<br>
<br><br>ldap.attrmap:<br>checkItem Cleartext-Password userPassword <<<<< (this<br>entire line was added to the top of the list)<br><br><br><br>inner-tunnel:<br># The ldap module will set Auth-Type to LDAP if it has not<br>
# already been set<br>ldap <<<<<(this must be uncommented)<br><br><br>ldap:<br>ldap {<br> #<br> # Note that this needs to match the name in the LDAP<br> # server certificate, if you're using ldaps.<br>
server = "xxx.xxx.xxx" <<<<<(your ldap server)<br> identity = "uid=xxx,ou=xxx,ou=TopologyManagement,o=xxx" <<<<<(your<br>ldap admin user)<br> password = xxxxx <<<<<(your ldap admin password)<br>
basedn = "dc=xxx,dc=xxx" <<<<<(your base dn)<br> filter = "(uid=%{%{Stripped-User-Name}:-%{User-Name}})"<br><br><br><br><br><br>mschap:<br>use_mppe = yes<<<<<(not sure if this is needed but I changed it from no to<br>
yes)<br>with_ntdomain_hack = yes<<<<<(not sure if this is needed but I changed it<br>from no to yes)<br><br><br><br>default:<br># The ldap module will set Auth-Type to LDAP if it has not<br># already been set<br>
ldap<<<<<(uncomment)<br><br><br><br>These are all of the setting that I changed to get Windows 7/Vista x64 ><br>WPA2 > freeradius > 389-DS(Fedora Directory Server) to work<br><br><br><br><br><br><br>
<br><br><br><br><br><br><br><br><br><br><br><br><br>-----Original Message-----<br>From: freeradius-users-bounces+midnightsteel=<a href="http://msn.com/" target="_blank">msn.com</a>@<a href="http://lists.freeradius.org/" target="_blank">lists.freeradius.org</a><br>
[mailto:<a href="mailto:freeradius-users-bounces%2Bmidnightsteel">freeradius-users-bounces+midnightsteel</a>=<a href="http://msn.com/" target="_blank">msn.com</a>@<a href="http://lists.freeradius.org/" target="_blank">lists.freeradius.org</a>]<br>
On Behalf Of Maurice James<br>Sent: Thursday, October 28, 2010 4:37 PM<br>To: 'FreeRadius users mailing list'<br>Subject: RE: Wireless WPA2 enterprise Radius authentication<br><br>OK gentlemen,<br> After many sleepless nights I finally got it working. I was almost<br>
in tears (lol) but its done. Full authentication and authorization for a mix<br>of Windows7 x64/Vista x64 clients using WPA2 Enterprise, Freeradius,<br>389-DS(Fedora Directory Services). I will post the configs in a follow-up<br>
email.<br><br>Special thanks to the following<br>John Dennis<br>Sven Hartge<br>Phil Mayers<br><br>Thanks guys<br><br><br><br>MCITP Enterprise + Server<br> GIAC Security Leadership Certification (GSLC)<br><br><br><br><br>-----Original Message-----<br>
From: freeradius-users-bounces+midnightsteel=<a href="http://msn.com/" target="_blank">msn.com</a>@<a href="http://lists.freeradius.org/" target="_blank">lists.freeradius.org</a><br>[mailto:<a href="mailto:freeradius-users-bounces%2Bmidnightsteel">freeradius-users-bounces+midnightsteel</a>=<a href="http://msn.com/" target="_blank">msn.com</a>@<a href="http://lists.freeradius.org/" target="_blank">lists.freeradius.org</a>]<br>
On Behalf Of John Dennis<br>Sent: Wednesday, October 27, 2010 8:54 PM<br>To: FreeRadius users mailing list<br>Subject: Re: Wireless WPA2 enterprise Radius authentication<br><br>On 10/27/2010 07:56 PM, Maurice James wrote:<br>
> I will give it another try. I've been trying to the last hour to get<br>> the clear text password policy to stick to a user. Every time I run<br>> the radius debug I see hashed value passed from LDAP. I have to search<br>
> online for the instructions on how to get 389-ds server to use clear<br>> text. Thanks for all the help and advice all. This is one of the most<br>> responsive lists that I have ever been a member of<br><br>389-ds has most all the features I mentioned. The Administrators Guide is<br>
your friend.<br><br>389-ds doc can be found here:<br><br><a href="http://directory.fedoraproject.org/wiki/Documentation#389_Documentation" target="_blank">http://directory.fedoraproject.org/wiki/Documentation#389_Documentation</a><br>
<br>The Administrators Guide can be found here:<br><br><a href="http://www.redhat.com/docs/manuals/dir-server" target="_blank">http://www.redhat.com/docs/manuals/dir-server</a><br><br>--<br>John Dennis <<a href="mailto:jdennis@redhat.com">jdennis@redhat.com</a>><br>
<br>Looking to carve out IT costs?<br><a href="http://www.redhat.com/carveoutcosts/" target="_blank">www.redhat.com/carveoutcosts/</a><br>-<br>List info/subscribe/unsubscribe? See<br><a href="http://www.freeradius.org/list/users.html" target="_blank">http://www.freeradius.org/list/users.html</a><br>
<br>-<br>List info/subscribe/unsubscribe? See<br><a href="http://www.freeradius.org/list/users.html" target="_blank">http://www.freeradius.org/list/users.html</a><br><br>-<br>List info/subscribe/unsubscribe? See <a href="http://www.freeradius.org/list/users.html" target="_blank">http://www.freeradius.org/list/users.html</a><br>
</blockquote></div><br>