<div dir="ltr"><div><div>hi <br>I am not able to do radwho since radutmp is not created, In Radius -X it tells me radutmp module is loaded and file should be /var/log/radius/radutmp<br><br>Freeradius version is : freeradius-2.2.3-6.el6.x86_64<br>
<br>Module: Linked to module rlm_radutmp<br>Module: Instantiating module "radutmp" from file /etc/raddb/modules/radutmp<br> radutmp {<br> filename = "/var/log/radius/radutmp"<br> username = "%{User-Name}"<br>
case_sensitive = yes<br> check_with_nas = yes<br> perm = 384<br> callerid = yes<br> }<br><br><br><br>And, In /var/log/radius/radacct/<a href="http://192.168.1.1/auth-detail-20140430">192.168.1.1/auth-detail-20140430</a>, NAS seem to sending request packet to the server<br>
<br>Wed Apr 30 10:58:41 2014<br> Packet-Type = Access-Request<br> EAP-Message = 0x020900061a03<br> FreeRADIUS-Proxied-To = 127.0.0.1<br> User-Name = "<a href="mailto:testuser@ba.com">testuser@ba.com</a>"<br>
State = 0x882dba688924a0df1b204ef3b696b63f<br> Calling-Station-Id = "00215c5b8ef3"<br> Called-Station-Id = "dca5f44de9c0:eduroam-tmp"<br> NAS-Port = 1<br> Cisco-AVPair = "audit-session-id=82d0a5f700000e5a535fb9e9"<br>
NAS-IP-Address = 192.168.1.1<br> NAS-Identifier = "mywireless1"<br> Airespace-Wlan-Id = 310<br> Service-Type = Framed-User<br> Framed-MTU = 1300<br> NAS-Port-Type = Wireless-802.11<br>
<br>In /etc/raddb/sites-enabled/default accounting section radutmp is uncommented<br><br>And, still radutmp file is not created in /var/log/radius directory. <br><br><br>When I run the freeradius in debug mode (radiusd -X) and test authenticate user I get following:<br>
<br>Listening on proxy address * port 1814<br>Ready to process requests.<br>rad_recv: Access-Request packet from host 127.0.0.1 port 54636, id=127, length=139<br> User-Name = "<a href="mailto:testuser@ba.com">testuser@ba.com</a>"<br>
NAS-IP-Address = 192.168.1.1<br> NAS-Port = 0<br> Message-Authenticator = 0xee4209c0650849c1f6d60a5f94bf5a9b<br> MS-CHAP-Challenge = 0x3feecd0086804485<br> MS-CHAP-Response = 0x000100000000000000000000000000000000000000000000000077ac654ce5135ab5f8690098e68c7e403bfcc24bb714d293<br>
# Executing section authorize from file /etc/raddb/sites-enabled/default<br>+group authorize {<br>++[preprocess] = ok<br>++[chap] = noop<br>[mschap] Found MS-CHAP attributes. Setting 'Auth-Type = mschap'<br>++[mschap] = ok<br>
++[digest] = noop<br>[suffix] Looking up realm "<a href="http://ba.com">ba.com</a>" for User-Name = "<a href="mailto:testuser@ba.com">testuser@ba.com</a>"<br>[suffix] Found realm "<a href="http://ba.com">ba.com</a>"<br>
[suffix] Adding Stripped-User-Name = "testuser"<br>[suffix] Adding Realm = "<a href="http://ba.com">ba.com</a>"<br>[suffix] Authentication realm is LOCAL.<br>++[suffix] = ok<br>[eap] No EAP-Message, not doing EAP<br>
++[eap] = noop<br>[files] users: Matched entry DEFAULT at line 3<br>++[files] = ok<br>[ldap] performing user authorization for testuser<br>[ldap] expand: %{Stripped-User-Name} -> testuser<br>[ldap] expand: (uid=%{%{Stripped-User-Name}:-%{User-Name}}) -> (uid=testuser)<br>
[ldap] expand: ou=People,dc=BA,dc=com -> ou=People,dc=BA,dc=com<br> [ldap] ldap_get_conn: Checking Id: 0<br> [ldap] ldap_get_conn: Got Id: 0<br> [ldap] attempting LDAP reconnection<br> [ldap] (re)connect to <a href="http://ldap.ba.com:389">ldap.ba.com:389</a>, authentication 0<br>
[ldap] bind as / to <a href="http://ldap.ba.com:389">ldap.ba.com:389</a><br> [ldap] waiting for bind result ...<br> [ldap] Bind was successful<br> [ldap] performing search in ou=People,dc=BA,dc=com, with filter (uid=testuser)<br>
[ldap] looking for check items in directory...<br>[ldap] looking for reply items in directory...<br>WARNING: No "known good" password was found in LDAP. Are you sure that the user is configured correctly?<br> [ldap] ldap_release_conn: Release Id: 0<br>
++[ldap] = ok<br>++[expiration] = noop<br>++[logintime] = noop<br>[pap] WARNING! No "known good" password found for the user. Authentication may fail because of this.<br>++[pap] = noop<br>+} # group authorize = ok<br>
Found Auth-Type = MSCHAP<br># Executing group from file /etc/raddb/sites-enabled/default<br>+group MS-CHAP {<br>[mschap] Client is using MS-CHAPv1 with NT-Password<br>[mschap] expand: %{Stripped-User-Name} -> testuser<br>
[mschap] expand: --username=%{%{Stripped-User-Name}:-%{%{User-Name}:-None}} -> --username=testuser<br>[mschap] mschap1: 3f<br>[mschap] expand: %{mschap:Challenge} -> 3feecd0086804485<br>[mschap] expand: --challenge=%{%{mschap:Challenge}:-00} -> --challenge=3feecd0086804485<br>
[mschap] expand: %{mschap:NT-Response} -> 77ac654ce5135ab5f8690098e68c7e403bfcc24bb714d293<br>[mschap] expand: --nt-response=%{%{mschap:NT-Response}:-00} -> --nt-response=77ac654ce5135ab5f8690098e68c7e403bfcc24bb714d293<br>
Exec output: NT_KEY: 04066C8C6B0E8CFCABBB0AB6760971F7 <br>Exec plaintext: NT_KEY: 04066C8C6B0E8CFCABBB0AB6760971F7 <br>[mschap] Exec: program returned: 0<br>[mschap] adding MS-CHAPv1 MPPE keys<br>++[mschap] = ok<br>+} # group MS-CHAP = ok<br>
# Executing section session from file /etc/raddb/sites-enabled/default<br>+group session {<br>[radutmp] expand: /var/log/radius/radutmp -> /var/log/radius/radutmp<br>++[radutmp] = ok<br><br><br>So, even though it says radutmp = ok the file /var/log/radius/radutmp is not created. I must be doing something wrong or my configuration is not correct for radutmp. I appericiate some inputs. <br>
<br></div>Thanks<br><br></div>K<br></div>