Please make sure that port 1812/1813 are enabled on your server firewall. Hashim Mohammed Zayed Moeen IT On 2012 2 28 17:10, "James DeLuca" <jdeluca@wiu.k12.pa.us> wrote:
Hope you can help us out. First time dealing with RADIUS servers. Following your instructions. Seem to have missed something along the way. ****
** **
We are running FreeRadius(Version 2.1.1) on a SLES version 11 server. The serve has a static IP address.****
** **
We have tried both of the following setting in our client.conf file(/etc/raddb/clients.conf). Neither have produced good results.
client localhost { ipadddr = 127.0.0.1 require_message_authenticator = no secret = "xxxxx" nastype = "other" }
client localhost { ipadddr = 10.0.xxx.xxx require_message_authenticator = no secret = "xxxxx" nastype = "other" }
****
We entered a user in our user(/etc/raddb/users) file ** **
** **
bob Cleartext-Password := "hello"****
** **
Started two terminal sessions. In the first session we ran /usr/sbin/radiusd -X****
** **
And received these results****
FreeRADIUS Version 2.1.1, for host i686-suse-linux-gnu, built on Feb 23 2009 at 21:34:25 Copyright (C) 1999-2008 The FreeRADIUS server project and contributors. ****
There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. ****
You may redistribute copies of FreeRADIUS under the terms of the GNU General Public License v2. ****
Starting - reading configuration files ...****
including configuration file /etc/raddb/radiusd.conf including configuration file /etc/raddb/proxy.conf including configuration file /etc/raddb/clients.conf including files in directory /etc/raddb/modules/ including configuration file /etc/raddb/modules/detail including configuration file /etc/raddb/modules/preprocess including configuration file /etc/raddb/modules/ippool including configuration file /etc/raddb/modules/inner-eap including configuration file /etc/raddb/modules/checkval including configuration file /etc/raddb/modules/ldap including configuration file /etc/raddb/modules/sradutmp including configuration file /etc/raddb/modules/attr_filter including configuration file /etc/raddb/modules/policy including configuration file /etc/raddb/modules/always including configuration file /etc/raddb/modules/etc_group including configuration file /etc/raddb/modules/logintime including configuration file /etc/raddb/modules/passwd including configuration file /etc/raddb/modules/realm including configuration file /etc/raddb/modules/krb5 including configuration file /etc/raddb/modules/echo including configuration file /etc/raddb/modules/expiration including configuration file /etc/raddb/modules/expr including configuration file /etc/raddb/modules/ detail.example.com****
****
including configuration file /etc/raddb/modules/pam including configuration file /etc/raddb/modules/files including configuration file /etc/raddb/modules/smbpasswd including configuration file /etc/raddb/modules/attr_rewrite including configuration file /etc/raddb/modules/linelog including configuration file /etc/raddb/modules/detail.log including configuration file /etc/raddb/modules/unix including configuration file /etc/raddb/modules/exec including configuration file /etc/raddb/modules/radutmp including configuration file /etc/raddb/modules/acct_unique including configuration file /etc/raddb/modules/digest including configuration file /etc/raddb/modules/chap including configuration file /etc/raddb/modules/sql_log including configuration file /etc/raddb/modules/mschap including configuration file /etc/raddb/modules/counter including configuration file /etc/raddb/modules/pap including configuration file /etc/raddb/modules/mac2vlan including configuration file /etc/raddb/modules/mac2ip including configuration file /etc/raddb/modules/wimax including configuration file /etc/raddb/eap.conf including configuration file /etc/raddb/sql.conf including configuration file /etc/raddb/sql/mysql/dialup.conf including configuration file /etc/raddb/sql/mysql/counter.conf including configuration file /etc/raddb/policy.conf including files in directory /etc/raddb/sites-enabled/ including configuration file /etc/raddb/sites-enabled/default including configuration file /etc/raddb/sites-enabled/inner-tunnel****
group = radiusd****
user = radiusd****
including dictionary file /etc/raddb/dictionary main {****
prefix = "/usr"****
localstatedir = "/var"****
logdir = "/var/log/radius"****
libdir = "/usr/lib/freeradius"****
radacctdir = "/var/log/radius/radacct"****
hostname_lookups = no****
max_request_time = 30****
cleanup_delay = 5****
max_requests = 1024****
allow_core_dumps = no****
pidfile = "/var/run/radiusd/radiusd.pid"****
checkrad = "/usr/sbin/checkrad"****
debug_level = 0****
proxy_requests = yes****
log {****
stripped_names = no****
auth = no****
auth_badpass = no****
auth_goodpass = no****
}****
security {****
max_attributes = 200****
reject_delay = 1****
status_server = yes****
}****
}****
client localhost {****
ipaddr = 10.0.8.9****
require_message_authenticator = no****
secret = "testing123"****
nastype = "other"****
}****
radiusd: #### Loading Realms and Home Servers #### proxy server {****
retry_delay = 5****
retry_count = 3****
default_fallback = no****
dead_time = 120****
wake_all_if_all_dead = no****
}****
home_server localhost {****
ipaddr = 127.0.0.1****
port = 1812****
type = "auth"****
secret = "testing123"****
response_window = 20****
max_outstanding = 65536****
zombie_period = 40****
status_check = "status-server"****
ping_interval = 30****
check_interval = 30****
num_answers_to_alive = 3****
num_pings_to_alive = 3****
revive_interval = 120****
status_check_timeout = 4****
}****
home_server_pool my_auth_failover {****
type = fail-over****
home_server = localhost****
}****
realm example.com {****
auth_pool = my_auth_failover****
}****
realm LOCAL {****
}****
radiusd: #### Instantiating modules #### instantiate {****
Module: Linked to module rlm_exec****
Module: Instantiating exec****
exec {****
wait = no****
input_pairs = "request"****
shell_escape = yes****
}****
Module: Linked to module rlm_expr****
Module: Instantiating expr****
Module: Linked to module rlm_expiration****
Module: Instantiating expiration****
expiration {****
reply-message = "Password Has Expired "****
}****
Module: Linked to module rlm_logintime****
Module: Instantiating logintime****
logintime {****
reply-message = "You are calling outside your allowed timespan "*** *
minimum-timeout = 60****
}****
}****
radiusd: #### Loading Virtual Servers #### server inner-tunnel { modules { ****
Module: Checking authenticate {...} for more modules to load****
Module: Linked to module rlm_pap****
Module: Instantiating pap****
pap {****
encryption_scheme = "auto"****
auto_header = no****
}****
Module: Linked to module rlm_chap****
Module: Instantiating chap****
Module: Linked to module rlm_mschap****
Module: Instantiating mschap****
mschap {****
use_mppe = yes****
require_encryption = no****
require_strong = no****
with_ntdomain_hack = no****
}****
Module: Linked to module rlm_unix****
Module: Instantiating unix****
unix {****
radwtmp = "/var/log/radius/radwtmp"****
}****
Module: Linked to module rlm_eap****
Module: Instantiating eap****
eap {****
default_eap_type = "md5"****
timer_expire = 60****
ignore_unknown_eap_types = no****
cisco_accounting_username_bug = no****
max_sessions = 2048****
}****
Module: Linked to sub-module rlm_eap_md5****
Module: Instantiating eap-md5****
Module: Linked to sub-module rlm_eap_leap****
Module: Instantiating eap-leap****
Module: Linked to sub-module rlm_eap_gtc****
Module: Instantiating eap-gtc****
gtc {****
challenge = "Password: "****
auth_type = "PAP"****
}****
Module: Linked to sub-module rlm_eap_tls****
Module: Instantiating eap-tls****
tls {****
rsa_key_exchange = no****
dh_key_exchange = yes****
rsa_key_length = 512****
dh_key_length = 512****
verify_depth = 0****
pem_file_type = yes****
private_key_file = "/etc/raddb/certs/server.pem"****
certificate_file = "/etc/raddb/certs/server.pem"****
CA_file = "/etc/raddb/certs/ca.pem"****
private_key_password = "whatever"****
dh_file = "/etc/raddb/certs/dh"****
random_file = "/etc/raddb/certs/random"****
fragment_size = 1024****
include_length = yes****
check_crl = no****
cipher_list = "DEFAULT"****
make_cert_command = "/etc/raddb/certs/bootstrap"****
cache {****
enable = no****
lifetime = 24****
max_entries = 255****
}****
}****
Module: Linked to sub-module rlm_eap_ttls****
Module: Instantiating eap-ttls****
ttls {****
default_eap_type = "md5"****
copy_request_to_tunnel = no****
use_tunneled_reply = no****
virtual_server = "inner-tunnel"****
}****
Module: Linked to sub-module rlm_eap_peap****
Module: Instantiating eap-peap****
peap {****
default_eap_type = "mschapv2"****
copy_request_to_tunnel = no****
use_tunneled_reply = no****
proxy_tunneled_request_as_eap = yes****
virtual_server = "inner-tunnel"****
}****
Module: Linked to sub-module rlm_eap_mschapv2****
Module: Instantiating eap-mschapv2****
mschapv2 {****
with_ntdomain_hack = no****
}****
Module: Checking authorize {...} for more modules to load****
Module: Linked to module rlm_realm****
Module: Instantiating suffix****
realm suffix {****
format = "suffix"****
delimiter = "@"****
ignore_default = no****
ignore_null = no****
}****
Module: Linked to module rlm_files****
Module: Instantiating files****
files {****
usersfile = "/etc/raddb/users"****
acctusersfile = "/etc/raddb/acct_users"****
preproxy_usersfile = "/etc/raddb/preproxy_users"****
compat = "no"****
}****
Module: Checking session {...} for more modules to load****
Module: Linked to module rlm_radutmp****
Module: Instantiating radutmp****
radutmp {****
filename = "/var/log/radius/radutmp"****
username = "%{User-Name}"****
case_sensitive = yes****
check_with_nas = yes****
perm = 384****
callerid = yes****
}****
Module: Checking post-proxy {...} for more modules to load****
Module: Checking post-auth {...} for more modules to load****
Module: Linked to module rlm_attr_filter****
Module: Instantiating attr_filter.access_reject****
attr_filter attr_filter.access_reject {****
attrsfile = "/etc/raddb/attrs.access_reject"****
key = "%{User-Name}"****
}****
}****
}****
modules {****
Module: Checking authenticate {...} for more modules to load****
Module: Checking authorize {...} for more modules to load****
Module: Linked to module rlm_preprocess****
Module: Instantiating preprocess****
preprocess {****
huntgroups = "/etc/raddb/huntgroups"****
hints = "/etc/raddb/hints"****
with_ascend_hack = no****
ascend_channels_per_line = 23****
with_ntdomain_hack = no****
with_specialix_jetstream_hack = no****
with_cisco_vsa_hack = no****
with_alvarion_vsa_hack = no****
}****
Module: Checking preacct {...} for more modules to load****
Module: Linked to module rlm_acct_unique****
Module: Instantiating acct_unique****
acct_unique {****
key = "User-Name, Acct-Session-Id, NAS-IP-Address, Client-IP-Address, NAS-Port"****
}****
Module: Checking accounting {...} for more modules to load****
Module: Linked to module rlm_detail****
Module: Instantiating detail****
detail {****
detailfile = "/var/log/radius/radacct/%{Client-IP-Address}/detail-%Y%m%d"****
header = "%t"****
detailperm = 384****
dirperm = 493****
locking = no****
log_packet_header = no****
}****
Module: Instantiating attr_filter.accounting_response****
attr_filter attr_filter.accounting_response {****
attrsfile = "/etc/raddb/attrs.accounting_response"****
key = "%{User-Name}"****
}****
Module: Checking session {...} for more modules to load****
Module: Checking post-proxy {...} for more modules to load****
Module: Checking post-auth {...} for more modules to load }****
radiusd: #### Opening IP addresses and Ports #### listen {****
type = "auth"****
ipaddr = 10.0.8.9****
port = 0****
}****
listen {****
type = "acct"****
ipaddr = *****
port = 0****
}****
Listening on authentication address 10.0.8.9 port 1812 Listening on accounting address * port 1813 Listening on proxy address 10.0.8.9 port 1814 Ready to process requests.****
** **
** **
In the second terminal window we ran:****
radtest bob hello localhost 0 testing123****
** **
And got these results****
Sending Access-Request of id 186 to 127.0.0.1 port 1812****
User-Name = "bob"****
User-Password = "hello"****
NAS-IP-Address = 127.0.0.2****
NAS-Port = 0****
Sending Access-Request of id 186 to 127.0.0.1 port 1812****
User-Name = "bob"****
User-Password = "hello"****
NAS-IP-Address = 127.0.0.2****
NAS-Port = 0****
Sending Access-Request of id 186 to 127.0.0.1 port 1812****
User-Name = "bob"****
User-Password = "hello"****
NAS-IP-Address = 127.0.0.2****
NAS-Port = 0****
Sending Access-Request of id 186 to 127.0.0.1 port 1812****
User-Name = "bob"****
User-Password = "hello"****
NAS-IP-Address = 127.0.0.2****
NAS-Port = 0****
Sending Access-Request of id 186 to 127.0.0.1 port 1812****
User-Name = "bob"****
User-Password = "hello"****
NAS-IP-Address = 127.0.0.2****
NAS-Port = 0****
Sending Access-Request of id 186 to 127.0.0.1 port 1812****
User-Name = "bob"****
User-Password = "hello"****
NAS-IP-Address = 127.0.0.2****
NAS-Port = 0****
Sending Access-Request of id 186 to 127.0.0.1 port 1812****
User-Name = "bob"****
User-Password = "hello"****
NAS-IP-Address = 127.0.0.2****
NAS-Port = 0****
Sending Access-Request of id 186 to 127.0.0.1 port 1812****
User-Name = "bob"****
User-Password = "hello"****
NAS-IP-Address = 127.0.0.2****
NAS-Port = 0****
Sending Access-Request of id 186 to 127.0.0.1 port 1812****
User-Name = "bob"****
User-Password = "hello"****
NAS-IP-Address = 127.0.0.2****
NAS-Port = 0****
Sending Access-Request of id 186 to 127.0.0.1 port 1812****
User-Name = "bob"****
User-Password = "hello"****
NAS-IP-Address = 127.0.0.2****
NAS-Port = 0****
radclient: no response from server for ID 186 socket 3****
** **
Searched for solutions to this error message, but have not been able to find any that work. Could you please tell us what we did wrong.****
** **
** **
James M. DeLuca****
Network Administrator****
Kiski Area School District****
200 Poplar St****
Vandergrift, PA 15690****
Office: 724-845-6188****
Cell: 724-640-4681****
** **
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html