<!--/*SC*/DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"/*EC*/-->
<html><head><title></title><style type="text/css"><!-- body{padding:1ex;margin:0;font-family:sans-serif;font-size:small}a[href]{color:-moz-hyperlinktext!important;text-decoration:-moz-anchor-decoration}blockquote{margin:0;border-left:2px solid #144fae;padding-left:1em}blockquote blockquote{border-color:#006312}blockquote blockquote blockquote{border-color:#540000} --></style></head><body><div style="font-family: Arial; font-size: medium;" dir="ltr"><div>
Thank you, I have done that already. The IP and the shared secret is inside the EAP config of the router just like you say. I have ping contact from the PC to the router. The configuration "client router { secret = testing123; ipaddr = 192.168.0.1; }" should work so that I would be able to send "radtest sigbj testing-0 192.168.0.1 0 testing123" to the router to have the router call the radiusd at 192.168.0.199. Using 127.0.0.1 there is full acceptance both with radtetst -t eap-md5, chap, mschap, pap. It IS working, and WELL too. -- The mysql part I have not tried out, but it is not so important at this stage.</div>
<div>
</div>
<div>
To me the radius is so well configured and constructed that it should be this simple, at least taken in consideration the docu I have read. The problem seems to be that call from the computer to the NAS-client (the router) does not come through, or the NAS will not send requests to the radius server. Again, it might be a network problem, a missing part from my side, or something else. Strange is it, because the router works with WAP-PSK</div>
<div>
--</div>
<div>
Si St</div>
<div>
<a href="mailto:sigbj-st@operamail.com">sigbj-st@operamail.com</a></div>
<div class="defangedMessage">
<div id="me18768">
<div>
</div>
<div>
</div>
<div>
On Sun, Jul 15, 2012, at 11:21 PM, Andrew Andonopoulos wrote:</div>
<blockquote class="me18768QuoteMessage" type="cite">
<style type="text/css"><!-- --></style>
<div dir="ltr">
Hi,
<div>
</div>
<div>
you can use the following to include all the IPs inside the clients file:</div>
<div>
</div>
<div>
<pre class="me18768text" style="border-width: 0px; margin: 0px; padding: 0px; overflow: visible; outline-width: 0px; font-size: 12px; vertical-align: baseline; background-color: transparent; width: auto; clear: none; line-height: 1.333; white-space: pre; font-family: monospace;">
<span class="me18768Apple-style-span" style="color: rgb(17, 0, 0); font-family: verdana,arial,sans-serif; font-size: 12px; line-height: 18px;">client 0.0.0.0/0 {
secret = mysecret
shortname = myNAS
}</span></pre>
<pre class="me18768text" style="border-width: 0px; margin: 0px; padding: 0px; overflow: visible; outline-width: 0px; font-size: 12px; vertical-align: baseline; background-color: transparent; width: auto; clear: none; line-height: 1.333; white-space: pre; font-family: monospace;">
</pre>
<pre class="me18768text" style="border-width: 0px; margin: 0px; padding: 0px; overflow: visible; outline-width: 0px; font-size: 12px; vertical-align: baseline; background-color: transparent; width: auto; clear: none; line-height: 1.333; white-space: pre; font-family: monospace;">
</pre>
<pre class="me18768text" style="border-width: 0px; margin: 0px; padding: 0px; overflow: visible; outline-width: 0px; font-size: 12px; vertical-align: baseline; background-color: transparent; width: auto; clear: none; line-height: 1.333; white-space: pre; font-family: monospace;">
<span class="me18768Apple-style-span" style="color: rgb(17, 0, 0); font-family: verdana,arial,sans-serif; font-size: 12px; line-height: 18px;">From the router's side you need to write a command to add your radius shared key and ip. For example if it's allied telesis</span></pre>
<pre class="me18768text" style="border-width: 0px; margin: 0px; padding: 0px; overflow: visible; outline-width: 0px; font-size: 12px; vertical-align: baseline; background-color: transparent; width: auto; clear: none; line-height: 1.333; white-space: pre; font-family: monospace;">
</pre>
<pre class="me18768text" style="border-width: 0px; margin: 0px; padding: 0px; overflow: visible; outline-width: 0px; font-size: 12px; vertical-align: baseline; background-color: transparent; width: auto; clear: none; line-height: 1.333; white-space: pre; font-family: monospace;">
<span class="me18768Apple-style-span" style="color: rgb(17, 0, 0); font-family: verdana,arial,sans-serif; font-size: 12px; line-height: 18px;">radius-server key <key>
radius-server host <ip></span></pre>
<pre class="me18768text" style="border-width: 0px; margin: 0px; padding: 0px; overflow: visible; outline-width: 0px; font-size: 12px; vertical-align: baseline; background-color: transparent; width: auto; clear: none; line-height: 1.333; white-space: pre; font-family: monospace;">
</pre>
<pre class="me18768text" style="border-width: 0px; margin: 0px; padding: 0px; overflow: visible; outline-width: 0px; font-size: 12px; vertical-align: baseline; background-color: transparent; width: auto; clear: none; line-height: 1.333; white-space: pre; font-family: monospace;">
<span class="me18768Apple-style-span" style="color: rgb(17, 0, 0); font-family: verdana,arial,sans-serif; font-size: 12px; line-height: 18px;">for cisco is something similar.</span></pre>
<pre class="me18768text" style="border-width: 0px; margin: 0px; padding: 0px; overflow: visible; outline-width: 0px; font-size: 12px; vertical-align: baseline; background-color: transparent; width: auto; clear: none; line-height: 1.333; white-space: pre; font-family: monospace;">
</pre>
<br />
<pre class="me18768text" style="border-width: 0px; margin: 0px; padding: 0px; overflow: visible; outline-width: 0px; font-size: 12px; vertical-align: baseline; background-color: transparent; width: auto; clear: none; line-height: 1.333; white-space: pre; font-family: monospace;">
<span class="me18768Apple-style-span" style="color: rgb(17, 0, 0); font-family: verdana,arial,sans-serif; font-size: 12px; line-height: 18px;">If you are using Mysql then you need to add it to the nas table but before that you need to edit the sql.conf file and uncomment the radclients = yes</span></pre>
<pre class="me18768text" style="border-width: 0px; margin: 0px; padding: 0px; overflow: visible; outline-width: 0px; font-size: 12px; vertical-align: baseline; background-color: transparent; width: auto; clear: none; line-height: 1.333; white-space: pre; font-family: monospace;">
</pre>
<pre class="me18768text" style="border-width: 0px; margin: 0px; padding: 0px; overflow: visible; outline-width: 0px; font-size: 12px; vertical-align: baseline; background-color: transparent; width: auto; clear: none; line-height: 1.333; white-space: pre; font-family: monospace;">
</pre>
<pre class="me18768text" style="border-width: 0px; margin: 0px; padding: 0px; overflow: visible; outline-width: 0px; font-size: 12px; vertical-align: baseline; background-color: transparent; width: auto; clear: none; line-height: 1.333; white-space: pre; font-family: monospace;">
<span class="me18768Apple-style-span" style="color: rgb(17, 0, 0); font-family: verdana,arial,sans-serif; font-size: 12px; line-height: 18px;">for example my Mysql nas table is like that:</span></pre>
<pre class="me18768text" style="border-width: 0px; margin: 0px; padding: 0px; overflow: visible; outline-width: 0px; font-size: 12px; vertical-align: baseline; background-color: transparent; width: auto; clear: none; line-height: 1.333; white-space: pre; font-family: monospace;">
</pre>
<pre class="me18768text" style="border-width: 0px; margin: 0px; padding: 0px; overflow: visible; outline-width: 0px; font-size: 12px; vertical-align: baseline; background-color: transparent; width: auto; clear: none; line-height: 1.333; white-space: pre; font-family: monospace;">
<span class="me18768Apple-style-span" style="color: rgb(17, 0, 0); font-family: verdana,arial,sans-serif; font-size: 12px; line-height: 18px;">+----+----------+--------------+-------+-------+--------+-----------+---------------+--------+
| id | nasname | shortname | type | ports | secret | community | description | server |
+----+----------+--------------+-------+-------+--------+-----------+---------------+--------+
| 1 | <IP> | Core | other | NULL | <key> | NULL | Radius Client | NULL |
| 2 | <IP> | ZoneDirector | other | NULL | <key> | NULL | Radius Client | NULL |
+----+----------+--------------+-------+-------+--------+-----------+---------------+--------+
</span></pre>
<div>
</div>
<div>
</div>
<div>
<span class="me18768Apple-style-span" style="color: rgb(17, 0, 0); font-family: verdana,arial,sans-serif; font-size: 12px; line-height: 18px;">because i am using the core and the zone director as a NAS.</span></div>
<pre class="me18768text" style="border-width: 0px; margin: 0px; padding: 0px; overflow: visible; outline-width: 0px; font-size: 12px; vertical-align: baseline; background-color: transparent; width: auto; clear: none; line-height: 1.333; white-space: pre; font-family: monospace;">
</pre>
<pre class="me18768text" style="border-width: 0px; margin: 0px; padding: 0px; overflow: visible; outline-width: 0px; font-size: 12px; vertical-align: baseline; background-color: transparent; width: auto; clear: none; line-height: 1.333; white-space: pre; font-family: monospace;">
</pre>
<pre class="me18768text" style="border-width: 0px; margin: 0px; padding: 0px; overflow: visible; outline-width: 0px; font-size: 12px; vertical-align: baseline; background-color: transparent; width: auto; clear: none; line-height: 1.333; white-space: pre; font-family: monospace;">
<span class="me18768Apple-style-span" style="color: rgb(17, 0, 0); font-family: verdana,arial,sans-serif; font-size: 12px; line-height: 18px;">Good luck</span></pre>
<pre class="me18768text" style="border-width: 0px; margin: 0px; padding: 0px; overflow: visible; outline-width: 0px; font-size: 12px; vertical-align: baseline; background-color: transparent; width: auto; clear: none; line-height: 1.333; white-space: pre; font-family: monospace;">
<span class="me18768Apple-style-span" style="color: rgb(17, 0, 0); font-family: verdana,arial,sans-serif; font-size: 12px; line-height: 18px;">Andrew</span></pre>
<pre class="me18768text" style="border-width: 0px; margin: 0px; padding: 0px; overflow: visible; outline-width: 0px; font-size: 12px; vertical-align: baseline; background-color: transparent; width: auto; clear: none; line-height: 1.333; white-space: pre; font-family: monospace;">
</pre>
<br />
<div>
> From: sigbj-st@operamail.com<br />
> To: freeradius-users@lists.freeradius.org<br />
> Subject: a router as NAS<br />
> Date: Sun, 15 Jul 2012 18:49:18 +0200<br />
><br />
> (I think I messed up the previous posting by returning on a previous by<br />
> Winter answered post. This message is found in the end of that post. I<br />
> am sorry. Hope this one comes in with the new subject.)<br />
> Can I connect to radius via a router that has a guestzone? It simply<br />
> means that the router has an extra guestzone interface that also<br />
> contains choice for PSK or EAP<br />
><br />
> From the following information I wonder why the radiusd is not<br />
> responding.Remember I am trying to log in with the radius from the PC<br />
> where the radius is installed. Radius is on 192.168.0.198 and I am<br />
> attempting login or request from 192.168.0.198. This may also be a<br />
> mistake. Maybe there will be a conflict betw 192.168.0.1 = router and<br />
> 192.168.0.198 localhost. I simply dont know.<br />
><br />
> The router is a DLINK 655<br />
> The OS is SuSE Linux Enterprise Desktop 10, ServPack 3<br />
> The radius is the freeradiu-sserver-2.1.12<br />
><br />
> Here are the fields from this zone in the router:<br />
> **ROUTER PART**<br />
> "Use this section to configure the guest zone settings of your router.<br />
> The guest zone provide a separate network zone for guest to access<br />
> Internet":<br />
><br />
> --GUEST ZONE SELECTION--<br />
> Enable Guest Zone : (Yes)<br />
> Wireless Band : 2.4GHz Band<br />
> Wireless Network Name : EAP_sled (Also called the SSID)<br />
> Enable Routing Between Zones : (No)<br />
> Security Mode : WPA-Enterprise<br />
><br />
> --WPA--<br />
> WPA Mode : Auto (WPA or WPA2)<br />
> Cipher Type : TKIP and AES<br />
> Group Key Update Interval : 3600 (seconds)<br />
><br />
> --EAP (802.1x)--<br />
><br />
> "When WPA enterprise is enabled, the router uses EAP (802.1x) to<br />
> authenticate clients via a remote RADIUS server."<br />
><br />
> Authentication Timeout : 60 (minutes)<br />
> RADIUS server IP Address : 192.168.0.198<br />
> RADIUS server Port : 1812<br />
> RADIUS server Shared Secret : testing123<br />
> MAC Address Authentication : No<br />
> **CLIENT.CONF**<br />
> Then I change the client.conf from localhost 127.0.0.1 to the IP of the<br />
> router 192.168.0.1<br />
> #client localhost {<br />
> # Allowed values are:<br />
> # dotted quad (1.2.3.4)<br />
> # hostname (radius.example.com)<br />
> # ipaddr = 127.0.0.1<br />
> # Test with router:<br />
> client router {<br />
> # Allowed values are:<br />
> # dotted quad (1.2.3.4)<br />
> # hostname (radius.example.com)<br />
> ipaddr = 192.168.0.1<br />
> #<br />
> and I keep rest of it as it was.<br />
><br />
> **/ETC/HOSTS/**<br />
> I put in a line in /etc/hosts/ (I am not sure if it is right or<br />
> necessary:<br />
> # IP-Address Full-Qualified-Hostname Short-Hostname<br />
> 192.168.0.1 router dlink<br />
><br />
> **YAST CONFIG FOR THE USERCLIENT**<br />
> I change the setup in system (YaST)from PKS key to EAP:<br />
> --MODUS--<br />
> Accesspoint: (Yes)<br />
> Ad hoc: no<br />
> Master: no<br />
> --NETWORKNAME SSID--<br />
> EAP_sled<br />
> --AUTHENTICATION MODUS--<br />
> Open: no<br />
> Shared key: no<br />
> WPA-EAP (Yes)<br />
> WPA-PSK: no<br />
> EAP Modus: TTLS<br />
> Identity: sigbj (as in /usr/local/etc/raddb/users)<br />
> Password: testing-0 (as in /usr/local/etc/raddb/users)<br />
> Anonymous identity: (left open)<br />
> Client-Sert: (closed)<br />
> Client-Key: (closed)<br />
> Client-Key_password: whatever<br />
> Server-Sert: /usr/local/etc/raddb/certs/server.csr<br />
><br />
> I have made no changes in eap.conf and radius.conf<br />
><br />
> I try to start the radiusd -X with these changes (the previous test on<br />
> localhost is successful: "Ready to process requests." And radtest test<br />
> gives the right feedback:Sending Access-Accept of id 178 to 127.0.0.1<br />
> port 1932,so this test part works)<br />
><br />
> Some of the messages from the radiusd -X with the changed client.conf:<br />
> ........<br />
> radiusd: #### Loading Clients ####<br />
> client router {<br />
> ipaddr = 192.168.0.1<br />
> require_message_authenticator = no<br />
> secret = "testing123"<br />
> nastype = "other"<br />
> .............<br />
> ... adding new socket proxy address * port 1047<br />
> Listening on authentication address * port 1812<br />
> Listening on accounting address * port 1813<br />
> Listening on command file /usr/local/var/run/radiusd/radiusd.sock<br />
> Listening on authentication address 127.0.0.1 port 18120 as server<br />
> inner-tunnel<br />
> Listening on proxy address * port 1814<br />
> Ready to process requests.<br />
><br />
> radtest gives this:<br />
> Sending Access-Request of id 207 to 127.0.0.1 port 1812<br />
> User-Name = "sigbj"<br />
> User-Password = "testing-0"<br />
> NAS-IP-Address = 192.168.0.198<br />
> NAS-Port = 0<br />
> Message-Authenticator = 0x00000000000000000000000000000000<br />
> radclient: no response from server for ID 207 socket 3<br />
><br />
> and radiusd consequently:<br />
> Ignoring request to authentication address * port 1812 from unknown<br />
> client 127.0.0.1 port 1048<br />
><br />
> Trying to login with the Knetworkmanager (KDE) on to the network gives<br />
> no reaction on the server, server is just waiting, the knetworkmanager<br />
> may blink or just dryrun. I have a feeling that the server is listening<br />
> on the 127.0.0.1 instead on 192.168.0.1, but do not know<br />
><br />
> I am of course doing a typical newbie mistake somewhere, but I do not<br />
> know what.<br />
><br />
> IF YOU NEED THE WHOLE RADIUSD -X LOG AT THIS POINT, PLEASE TELL ME. I<br />
> have given this explanations to begin with. The problems may also be<br />
> that a router of this kind cannot be used on freeradius or that the<br />
> router is 100% "Windows-messed-up".<br />
><br />
> --<br />
> Si St<br />
> sigbj-st@operamail.com<br />
><br />
> --<br />
> http://www.fastmail.fm - The professional email service<br />
><br />
> -<br />
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html</div>
</div>
</div>
</blockquote>
</div>
</div>
<div>
</div>
</div><pre>
--
http://www.fastmail.fm - Accessible with your email software
or over the web
</pre>
</body></html>