<html><body><div style="color:#000; background-color:#fff; font-family:times new roman, new york, times, serif;font-size:12pt"><div>I've done the following to install and test freeradius on Scientific Linux el6_4. The server is one I use for testing and also has Splunk installed on it. No issues with Splunk and the ip address have been found as I've gotten logs from other test equipment into Splunk<br></div><div style="color: rgb(0, 0, 0); font-size: 16px; font-family: times new roman,new york,times,serif; background-color: transparent; font-style: normal;"><br></div><div style="color: rgb(0, 0, 0); font-size: 16px; font-family: times new roman,new york,times,serif; background-color: transparent; font-style: normal;">- I installed the freeradius-2.1.12-4.el6_3.x86_64 and then the utilities freeradius-utils-2.1.12-4.el6_3.x86_64.rpm to get the client (radtest). <br></div><div style="color: rgb(0, 0, 0); font-size: 16px; font-family:
times new roman,new york,times,serif; background-color: transparent; font-style: normal;">- I made a change to the users file to add the testing Cleartext-Password := "password". My hosts file indicates both lo and the ip address for the server. I can ping the server without issues. <br></div><div style="color: rgb(0, 0, 0); font-size: 16px; font-family: times new roman,new york,times,serif; background-color: transparent; font-style: normal;">- After I added the line to the users file, I started radiusd -X >debug.txt I then opened another terminal window on the same server and performed the - radtest testing password 127.0.0.1 0 testing123. <br></div><div style="color: rgb(0, 0, 0); font-size: 16px; font-family: times new roman,new york,times,serif; background-color: transparent; font-style: normal;">- I received an error indicating failed to find ip address for linux-mail.amber.net followed by nothing to do.
<br></div><div style="color: rgb(0, 0, 0); font-size: 16px; font-family: times new roman,new york,times,serif; background-color: transparent; font-style: normal;">- I looked at clients.conf and change the ip address from 127.0.0.1 to my ip address and added hostname. The results remained the same so I've reverted to original config for this.</div><div style="color: rgb(0, 0, 0); font-size: 16px; font-family: times new roman,new york,times,serif; background-color: transparent; font-style: normal;"><br></div><div style="color: rgb(0, 0, 0); font-size: 16px; font-family: times new roman,new york,times,serif; background-color: transparent; font-style: normal;">Each time I made any changes I restarted radiusd by killing the process and restarting. I could not service radiusd stop or radiusd stop to stop the application. I tried pasting the debug txt into the debug form on the other site and received a 405Forbidden when I accepted the
policy.<br></div><div><br></div><div style="color: rgb(0, 0, 0); font-size: 16px; font-family: times new roman,new york,times,serif; background-color: transparent; font-style: normal;">I've put my debug from testing with just the change to the users file below. Would appreciate any insight into what could be wrong.</div><div style="color: rgb(0, 0, 0); font-size: 16px; font-family: times new roman,new york,times,serif; background-color: transparent; font-style: normal;"><br></div><div style="color: rgb(0, 0, 0); font-size: 16px; font-family: times new roman,new york,times,serif; background-color: transparent; font-style: normal;">PJ<br></div><div style="color: rgb(0, 0, 0); font-size: 16px; font-family: times new roman,new york,times,serif; background-color: transparent; font-style: normal;"><br></div><div style="color: rgb(0, 0, 0); font-size: 16px; font-family: times new roman,new york,times,serif; background-color: transparent; font-style:
normal;">##### Debug text ##########</div><div style="color: rgb(0, 0, 0); font-size: 16px; font-family: times new roman,new york,times,serif; background-color: transparent; font-style: normal;"><br></div><div style="color: rgb(0, 0, 0); font-size: 16px; font-family: times new roman,new york,times,serif; background-color: transparent; font-style: normal;"><br></div><div style="color: rgb(0, 0, 0); font-size: 16px; font-family: times new roman,new york,times,serif; background-color: transparent; font-style: normal;">FreeRADIUS Version 2.1.12, for host x86_64-redhat-linux-gnu, built on Oct 2 2012 at 23:16:43<br>Copyright (C) 1999-2009 The FreeRADIUS server project and contributors. <br>There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A <br>PARTICULAR PURPOSE. <br>You may redistribute copies of FreeRADIUS under the terms of the <br>GNU General Public License v2. <br>Starting - reading configuration files ...<br>including
configuration file /etc/raddb/radiusd.conf<br>including configuration file /etc/raddb/proxy.conf<br>including configuration file /etc/raddb/clients.conf<br>including files in directory /etc/raddb/modules/<br>including configuration file /etc/raddb/modules/counter<br>including configuration file /etc/raddb/modules/checkval<br>including configuration file /etc/raddb/modules/expr<br>including configuration file /etc/raddb/modules/logintime<br>including configuration file /etc/raddb/modules/redis<br>including configuration file /etc/raddb/modules/mschap<br>including configuration file /etc/raddb/modules/wimax<br>including configuration file /etc/raddb/modules/attr_rewrite<br>including configuration file /etc/raddb/modules/replicate<br>including configuration file /etc/raddb/modules/sql_log<br>including configuration file /etc/raddb/modules/etc_group<br>including configuration file /etc/raddb/modules/smbpasswd<br>including configuration file
/etc/raddb/modules/detail.log<br>including configuration file /etc/raddb/modules/exec<br>including configuration file /etc/raddb/modules/sradutmp<br>including configuration file /etc/raddb/modules/pap<br>including configuration file /etc/raddb/modules/expiration<br>including configuration file /etc/raddb/modules/always<br>including configuration file /etc/raddb/modules/preprocess<br>including configuration file /etc/raddb/modules/echo<br>including configuration file /etc/raddb/modules/policy<br>including configuration file /etc/raddb/modules/opendirectory<br>including configuration file /etc/raddb/modules/perl<br>including configuration file /etc/raddb/modules/pam<br>including configuration file /etc/raddb/modules/attr_filter<br>including configuration file /etc/raddb/modules/chap<br>including configuration file /etc/raddb/modules/detail<br>including configuration file /etc/raddb/modules/radutmp<br>including configuration file
/etc/raddb/modules/ntlm_auth<br>including configuration file /etc/raddb/modules/inner-eap<br>including configuration file /etc/raddb/modules/soh<br>including configuration file /etc/raddb/modules/passwd<br>including configuration file /etc/raddb/modules/acct_unique<br>including configuration file /etc/raddb/modules/dynamic_clients<br>including configuration file /etc/raddb/modules/ippool<br>including configuration file /etc/raddb/modules/digest<br>including configuration file /etc/raddb/modules/rediswho<br>including configuration file /etc/raddb/modules/mac2ip<br>including configuration file /etc/raddb/modules/otp<br>including configuration file /etc/raddb/modules/cui<br>including configuration file /etc/raddb/modules/sqlcounter_expire_on_login<br>including configuration file /etc/raddb/modules/smsotp<br>including configuration file /etc/raddb/modules/unix<br>including configuration file /etc/raddb/modules/mac2vlan<br>including configuration file
/etc/raddb/modules/files<br>including configuration file /etc/raddb/modules/detail.example.com<br>including configuration file /etc/raddb/modules/realm<br>including configuration file /etc/raddb/modules/linelog<br>including configuration file /etc/raddb/eap.conf<br>including configuration file /etc/raddb/policy.conf<br>including files in directory /etc/raddb/sites-enabled/<br>including configuration file /etc/raddb/sites-enabled/control-socket<br>including configuration file /etc/raddb/sites-enabled/inner-tunnel<br>including configuration file /etc/raddb/sites-enabled/default<br>main {<br> user = "radiusd"<br> group = "radiusd"<br> allow_core_dumps = no<br>}<br>including dictionary file /etc/raddb/dictionary<br>main {<br> name = "radiusd"<br> prefix = "/usr"<br> localstatedir = "/var"<br> sbindir =
"/usr/sbin"<br> logdir = "/var/log/radius"<br> run_dir = "/var/run/radiusd"<br> libdir = "/usr/lib64/freeradius"<br> radacctdir = "/var/log/radius/radacct"<br> hostname_lookups = no<br> max_request_time = 30<br> cleanup_delay = 5<br> max_requests = 1024<br> pidfile = "/var/run/radiusd/radiusd.pid"<br> checkrad = "/usr/sbin/checkrad"<br> debug_level = 0<br> proxy_requests = yes<br> log {<br> stripped_names = no<br> auth = no<br> auth_badpass = no<br> auth_goodpass = no<br> }<br> security {<br> max_attributes = 200<br> reject_delay = 1<br> status_server = yes<br> }<br>}<br>radiusd: #### Loading
Realms and Home Servers ####<br> proxy server {<br> retry_delay = 5<br> retry_count = 3<br> default_fallback = no<br> dead_time = 120<br> wake_all_if_all_dead = no<br> }<br> home_server localhost {<br> ipaddr = 127.0.0.1<br> port = 1812<br> type = "auth"<br> secret = "testing123"<br> response_window = 20<br> max_outstanding = 65536<br> require_message_authenticator = yes<br> zombie_period = 40<br> status_check = "status-server"<br> ping_interval = 30<br> check_interval = 30<br> num_answers_to_alive = 3<br> num_pings_to_alive = 3<br> revive_interval = 120<br> status_check_timeout =
4<br> coa {<br> irt = 2<br> mrt = 16<br> mrc = 5<br> mrd = 30<br> }<br> }<br> home_server_pool my_auth_failover {<br> type = fail-over<br> home_server = localhost<br> }<br> realm example.com {<br> auth_pool = my_auth_failover<br> }<br> realm LOCAL {<br> }<br>radiusd: #### Loading Clients ####<br> client localhost {<br> ipaddr = 127.0.0.1<br> require_message_authenticator = no<br> secret = "testing123"<br> nastype = "other"<br> }<br>radiusd: #### Instantiating modules ####<br> instantiate {<br> Module: Linked to module rlm_exec<br> Module: Instantiating module "exec" from file /etc/raddb/modules/exec<br> exec {<br> wait = no<br> input_pairs =
"request"<br> shell_escape = yes<br> }<br> Module: Linked to module rlm_expr<br> Module: Instantiating module "expr" from file /etc/raddb/modules/expr<br> Module: Linked to module rlm_expiration<br> Module: Instantiating module "expiration" from file /etc/raddb/modules/expiration<br> expiration {<br> reply-message = "Password Has Expired "<br> }<br> Module: Linked to module rlm_logintime<br> Module: Instantiating module "logintime" from file /etc/raddb/modules/logintime<br> logintime {<br> reply-message = "You are calling outside your allowed timespan "<br> minimum-timeout = 60<br> }<br> }<br>radiusd: #### Loading Virtual Servers ####<br>server { # from file /etc/raddb/radiusd.conf<br> modules {<br> Module: Creating Auth-Type = digest<br> Module: Creating Post-Auth-Type =
REJECT<br> Module: Checking authenticate {...} for more modules to load<br> Module: Linked to module rlm_pap<br> Module: Instantiating module "pap" from file /etc/raddb/modules/pap<br> pap {<br> encryption_scheme = "auto"<br> auto_header = no<br> }<br> Module: Linked to module rlm_chap<br> Module: Instantiating module "chap" from file /etc/raddb/modules/chap<br> Module: Linked to module rlm_mschap<br> Module: Instantiating module "mschap" from file /etc/raddb/modules/mschap<br> mschap {<br> use_mppe = yes<br> require_encryption = no<br> require_strong = no<br> with_ntdomain_hack = no<br> allow_retry = yes<br> }<br> Module: Linked to module rlm_digest<br> Module: Instantiating module "digest" from file /etc/raddb/modules/digest<br> Module: Linked to module
rlm_unix<br> Module: Instantiating module "unix" from file /etc/raddb/modules/unix<br> unix {<br> radwtmp = "/var/log/radius/radwtmp"<br> }<br> Module: Linked to module rlm_eap<br> Module: Instantiating module "eap" from file /etc/raddb/eap.conf<br> eap {<br> default_eap_type = "md5"<br> timer_expire = 60<br> ignore_unknown_eap_types = no<br> cisco_accounting_username_bug = no<br> max_sessions = 4096<br> }<br> Module: Linked to sub-module rlm_eap_md5<br> Module: Instantiating eap-md5<br> Module: Linked to sub-module rlm_eap_leap<br> Module: Instantiating eap-leap<br> Module: Linked to sub-module rlm_eap_gtc<br> Module: Instantiating eap-gtc<br> gtc {<br> challenge = "Password: "<br> auth_type = "PAP"<br>
}<br> Module: Linked to sub-module rlm_eap_tls<br> Module: Instantiating eap-tls<br> tls {<br> rsa_key_exchange = no<br> dh_key_exchange = yes<br> rsa_key_length = 512<br> dh_key_length = 512<br> verify_depth = 0<br> CA_path = "/etc/raddb/certs"<br> pem_file_type = yes<br> private_key_file = "/etc/raddb/certs/server.pem"<br> certificate_file = "/etc/raddb/certs/server.pem"<br> CA_file = "/etc/raddb/certs/ca.pem"<br> private_key_password = "whatever"<br> dh_file = "/etc/raddb/certs/dh"<br> random_file = "/etc/raddb/certs/random"<br> fragment_size = 1024<br> include_length = yes<br> check_crl = no<br> cipher_list =
"DEFAULT"<br> cache {<br> enable = no<br> lifetime = 24<br> max_entries = 255<br> }<br> verify {<br> }<br> ocsp {<br> enable = no<br> override_cert_url = yes<br> url = "http://127.0.0.1/ocsp/"<br> }<br> }<br> Module: Linked to sub-module rlm_eap_ttls<br> Module: Instantiating eap-ttls<br> ttls {<br> default_eap_type = "md5"<br> copy_request_to_tunnel = no<br> use_tunneled_reply = no<br> virtual_server = "inner-tunnel"<br> include_length = yes<br> }<br> Module: Linked to sub-module rlm_eap_peap<br> Module: Instantiating eap-peap<br> peap {<br> default_eap_type =
"mschapv2"<br> copy_request_to_tunnel = no<br> use_tunneled_reply = no<br> proxy_tunneled_request_as_eap = yes<br> virtual_server = "inner-tunnel"<br> soh = no<br> }<br> Module: Linked to sub-module rlm_eap_mschapv2<br> Module: Instantiating eap-mschapv2<br> mschapv2 {<br> with_ntdomain_hack = no<br> send_error = no<br> }<br> Module: Checking authorize {...} for more modules to load<br> Module: Linked to module rlm_preprocess<br> Module: Instantiating module "preprocess" from file /etc/raddb/modules/preprocess<br> preprocess {<br> huntgroups = "/etc/raddb/huntgroups"<br> hints = "/etc/raddb/hints"<br> with_ascend_hack = no<br> ascend_channels_per_line = 23<br>
with_ntdomain_hack = no<br> with_specialix_jetstream_hack = no<br> with_cisco_vsa_hack = no<br> with_alvarion_vsa_hack = no<br> }<br> Module: Linked to module rlm_realm<br> Module: Instantiating module "suffix" from file /etc/raddb/modules/realm<br> realm suffix {<br> format = "suffix"<br> delimiter = "@"<br> ignore_default = no<br> ignore_null = no<br> }<br> Module: Linked to module rlm_files<br> Module: Instantiating module "files" from file /etc/raddb/modules/files<br> files {<br> usersfile = "/etc/raddb/users"<br> acctusersfile = "/etc/raddb/acct_users"<br> preproxy_usersfile = "/etc/raddb/preproxy_users"<br> compat = "no"<br> }<br> Module: Checking preacct {...} for more modules to
load<br> Module: Linked to module rlm_acct_unique<br> Module: Instantiating module "acct_unique" from file /etc/raddb/modules/acct_unique<br> acct_unique {<br> key = "User-Name, Acct-Session-Id, NAS-IP-Address, Client-IP-Address, NAS-Port"<br> }<br> Module: Checking accounting {...} for more modules to load<br> Module: Linked to module rlm_detail<br> Module: Instantiating module "detail" from file /etc/raddb/modules/detail<br> detail {<br> detailfile = "/var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/detail-%Y%m%d"<br> header = "%t"<br> detailperm = 384<br> dirperm = 493<br> locking = no<br> log_packet_header = no<br> }<br> Module: Linked to module rlm_radutmp<br> Module: Instantiating module "radutmp" from file
/etc/raddb/modules/radutmp<br> radutmp {<br> filename = "/var/log/radius/radutmp"<br> username = "%{User-Name}"<br> case_sensitive = yes<br> check_with_nas = yes<br> perm = 384<br> callerid = yes<br> }<br> Module: Linked to module rlm_attr_filter<br> Module: Instantiating module "attr_filter.accounting_response" from file /etc/raddb/modules/attr_filter<br> attr_filter attr_filter.accounting_response {<br> attrsfile = "/etc/raddb/attrs.accounting_response"<br> key = "%{User-Name}"<br> relaxed = no<br> }<br> Module: Checking session {...} for more modules to load<br> Module: Checking post-proxy {...} for more modules to load<br> Module: Checking post-auth {...} for more modules to load<br> Module: Instantiating module
"attr_filter.access_reject" from file /etc/raddb/modules/attr_filter<br> attr_filter attr_filter.access_reject {<br> attrsfile = "/etc/raddb/attrs.access_reject"<br> key = "%{User-Name}"<br> relaxed = no<br> }<br> } # modules<br>} # server<br>server inner-tunnel { # from file /etc/raddb/sites-enabled/inner-tunnel<br> modules {<br> Module: Checking authenticate {...} for more modules to load<br> Module: Checking authorize {...} for more modules to load<br> Module: Checking session {...} for more modules to load<br> Module: Checking post-proxy {...} for more modules to load<br> Module: Checking post-auth {...} for more modules to load<br> } # modules<br>} # server<br>radiusd: #### Opening IP addresses and Ports ####<br>listen {<br> type = "auth"<br> ipaddr = *<br> port = 0<br>}<br>listen
{<br> type = "acct"<br> ipaddr = *<br> port = 0<br>}<br>listen {<br> type = "control"<br> listen {<br> socket = "/var/run/radiusd/radiusd.sock"<br> }<br>}<br>listen {<br> type = "auth"<br> ipaddr = 127.0.0.1<br> port = 18120<br>}<br> ... adding new socket proxy address * port 35647<br>Listening on authentication address * port 1812<br>Listening on accounting address * port 1813<br>Listening on command file /var/run/radiusd/radiusd.sock<br>Listening on authentication address 127.0.0.1 port 18120 as server inner-tunnel<br>Listening on proxy address * port 1814<br>Ready to process requests.<br>Ready to process requests.<br>Signalled to terminate<br>Exiting normally.<br><br></div></div></body></html>