Hi,

"If you check rad client from remote machine the case will be different."

I have binded my Radius client ip and port in clients.conf and in radiusd.conf.

My radius server and client is present in two different PCs. Will that be a prob?

Now in debug mode log looks like this: 

Cleaning up request 33 ID 108 with timestamp 541fd188
Nothing to do.  Sleeping until we see a request.
rad_recv: Access-Request packet from host 10.253.6.11:1645, id=1, length=53
        NAS-IP-Address = 11.6.253.10
        User-Name = "raduser"
        User-Password = "k\014%\220\2779\213\203\307\030\222\364\004qM\223"
  Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 34
  modcall[authorize]: module "preprocess" returns ok for request 34
radius_xlat:  '../var/log/radius/radacct/10.253.6.11/auth-detail-20140922.log'
rlm_detail: ../var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d.log expands to ../var/log/radius/radacct/10.253.6.11/auth-detail-20140922.l
  modcall[authorize]: module "auth_log" returns ok for request 34
  modcall[authorize]: module "chap" returns noop for request 34
  modcall[authorize]: module "mschap" returns noop for request 34
    rlm_realm: No '@' in User-Name = "raduser", looking up realm NULL
    rlm_realm: No such realm "NULL"
  modcall[authorize]: module "suffix" returns noop for request 34
  rlm_eap: No EAP-Message, not doing EAP
  modcall[authorize]: module "eap" returns noop for request 34
    users: Matched entry DEFAULT at line 170
  modcall[authorize]: module "files" returns ok for request 34
rlm_pap: WARNING! No "known good" password found for the user.  Authentication may fail because of this.
  modcall[authorize]: module "pap" returns noop for request 34
modcall: leaving group authorize (returns ok) for request 34
  rad_check_password:  Found Auth-Type System
auth: type "System"
  ERROR: Unknown value specified for Auth-Type.  Cannot perform requested action.
auth: Failed to validate the user.
Login incorrect: [raduser/k\014%\220\2779\213\203\307\030\222\364\004qM\223] (from client private-network-3 port 0)
  WARNING: Unprintable characters in the password. ?  Double-check the shared secret on the server and the NAS!
Delaying request 34 for 1 seconds
Finished request 34
Going to the next request
--- Walking the entire request list ---
Waking up in 1 seconds...
--- Walking the entire request list ---
Waking up in 1 seconds...
--- Walking the entire request list ---
Sending Access-Reject of id 1 to 10.253.6.11 port 1645
Waking up in 4 seconds...
rad_recv: Access-Request packet from host 10.253.6.11:1645, id=1, length=53
Sending duplicate reply to client private-network-3:1645 - ID: 1
Re-sending Access-Reject of id 1 to 10.253.6.11 port 1645
--- Walking the entire request list ---
Waking up in 3 seconds...
--- Walking the entire request list ---
Cleaning up request 34 ID 1 with timestamp 541fd3a6
Nothing to do.  Sleeping until we see a request.


Thanks,
Kavya


On Mon, Sep 22, 2014 at 1:57 PM, <freeradius-users-request@lists.freeradius.org> wrote:
Send Freeradius-Users mailing list submissions to
        freeradius-users@lists.freeradius.org

To subscribe or unsubscribe via the World Wide Web, visit
        http://lists.freeradius.org/mailman/listinfo/freeradius-users
or, via email, send a message with subject or body 'help' to
        freeradius-users-request@lists.freeradius.org

You can reach the person managing the list at
        freeradius-users-owner@lists.freeradius.org

When replying, please edit your Subject line so it is more specific
than "Re: Contents of Freeradius-Users digest..."


Today's Topics:

   1. Re: Beginner need help (Himanshu Pandey) (KAVYA PRABHAKAR)
   2. Re: Beginner need help (Himanshu Pandey) (Amit Linux)
   3. 3.0.4: proxy-to-vserver and proxied post-auth? (Stefan Winter)
   4. Re: Beginner need help (Himanshu Pandey) (A.L.M.Buxey@lboro.ac.uk)


----------------------------------------------------------------------

Message: 1
Date: Mon, 22 Sep 2014 13:10:54 +0530
From: KAVYA PRABHAKAR <kavyamelinmaneprabhakar@gmail.com>
To: freeradius-users@lists.freeradius.org
Subject: Re: Beginner need help (Himanshu Pandey)
Message-ID:
        <CANpdVrz8yFuvUP55vtjdiX0hBRq6RQQ5wajb94LsJ=-2XWHYxw@mail.gmail.com>
Content-Type: text/plain; charset="utf-8"

Hi,

I am beginner. I installed Freeradius in my windows PC.
With default configuration it works as expected.

Now I have a RADIUS client which will send request to server and I want
server to authenticate the same.

I should be changing users.conf

raduser User-Password == "Password"
 where User-name = "raduser" and Password = "Password"

I will have to change clients.conf as well.

client <ipaddr/mask>{
  secret = secret
  shortname = client name  # what is the significance of shortname
}

In radiusd.conf, I have changed to which Ip and port RADIUS server has to
listen to. (optional)

After doing respective changes, I will execute following command:

radtest raduser Password 10.253.6.11 1812 Password

The result is as follows:

C:\FreeRADIUS.net\bin>radclient.exe -d ..\etc\raddb -f radtest.txt -x -s
127.1 au
th testing123
Sending Access-Request of id 108 to 127.0.0.1 port 1812
        User-Name = "testuser"
        User-Password = "testpw"
        NAS-IP-Address = 127.0.0.1
        NAS-Port = 123
rad_recv: Access-Accept packet from host 127.0.0.1:1812, id=108, length=20

           Total approved auths:  1
             Total denied auths:  0
               Total lost auths:  0

Here I would like to know why am I getting reply from 127.0.0.1 when I have
explicitly asked to receive from 10.253.6.11

PFA the debug log.

Thanks in advance,
Kavya
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20140922/f9c75785/attachment-0001.html>

------------------------------

Message: 2
Date: Mon, 22 Sep 2014 13:40:23 +0530
From: Amit Linux <amitbutere64@gmail.com>
To: FreeRadius users mailing list
        <freeradius-users@lists.freeradius.org>
Subject: Re: Beginner need help (Himanshu Pandey)
Message-ID: <1A3C9BD9-2C19-419E-9A8D-2C7FD6DF5ABD@gmail.com>
Content-Type: text/plain; charset="us-ascii"

Hi Kavya,

You can bind radius on specific ip to have response from particular ip.
If you check rad client from remote machine the case will be different.

Regards
Amit B.
HTH
Sent from my iPhone

> On 22-Sep-2014, at 13:10, KAVYA PRABHAKAR <kavyamelinmaneprabhakar@gmail.com> wrote:
>
> Hi,
>
> I am beginner. I installed Freeradius in my windows PC.
> With default configuration it works as expected.
>
> Now I have a RADIUS client which will send request to server and I want server to authenticate the same.
>
> I should be changing users.conf
>
> raduser User-Password == "Password"
>  where User-name = "raduser" and Password = "Password"
>
> I will have to change clients.conf as well.
>
> client <ipaddr/mask>{
>   secret = secret
>   shortname = client name  # what is the significance of shortname
> }
>
> In radiusd.conf, I have changed to which Ip and port RADIUS server has to listen to. (optional)
>
> After doing respective changes, I will execute following command:
>
> radtest raduser Password 10.253.6.11 1812 Password
>
> The result is as follows:
>
> C:\FreeRADIUS.net\bin>radclient.exe -d ..\etc\raddb -f radtest.txt -x -s 127.1 au
> th testing123
> Sending Access-Request of id 108 to 127.0.0.1 port 1812
>         User-Name = "testuser"
>         User-Password = "testpw"
>         NAS-IP-Address = 127.0.0.1
>         NAS-Port = 123
> rad_recv: Access-Accept packet from host 127.0.0.1:1812, id=108, length=20
>
>            Total approved auths:  1
>              Total denied auths:  0
>                Total lost auths:  0
>
> Here I would like to know why am I getting reply from 127.0.0.1 when I have explicitly asked to receive from 10.253.6.11
>
> PFA the debug log.
>
> Thanks in advance,
> Kavya
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20140922/ceed896b/attachment-0001.html>

------------------------------

Message: 3
Date: Mon, 22 Sep 2014 10:24:35 +0200
From: Stefan Winter <stefan.winter@restena.lu>
To: FreeRadius users mailing list
        <freeradius-users@lists.freeradius.org>
Subject: 3.0.4: proxy-to-vserver and proxied post-auth?
Message-ID: <541FDCC3.8040602@restena.lu>
Content-Type: text/plain; charset="utf-8"

Hello,

I've migrated almost all my virtual servers - but one - to 3.0.4.

There's one thing which I had expected to work, but it doesn't, but I do
recall some discussions around this on the list; but not what the final
verdict was.

My proxied-to vserver needs to do some stuff in post-auth. However it
looks like post-auth is not actually called; instead, only the post-auth
of the original vserver is.

Is that desired/expected behaviour in 3.0.4?

The symptoms of this boils down to these two lines:

Debug: (55) modsingle[authenticate]: returned from pap (rlm_pap) for
request 55
Debug: (55)   [pap] = ok
Debug: (55)  } # Auth-Type PAP = ok
Debug: (55) Empty post-proxy section.  Using default return values.
Debug: (55) Found Auth-Type = Accept
Debug: (55) Auth-Type = Accept, accepting the user
Debug: (55) # Executing section post-auth from file
/usr/local/freeradius/config/raddb/sites-enabled/AAI

The PAP instance there is the one from the proxied-to vserver; must be,
as it knows my password and the retrieval of that password is unique to
the vserver in question.

The next line speaks about empty post-proxy; that looks like the initial
vserver kicks in right after authenticate { } with its PAP is finished.

It then executes post-auth from the initial vserver, not the one from
proxied-to (the proxied-to vserver is called "staff", not "AAI"). That's
not helpful for my setup :-(

So... just wondering if this is a bug or if I'm going to need a majorish
rethink of my post-auth logic here...

Greetings,

Stefan Winter

--
Stefan WINTER
Ingenieur de Recherche
Fondation RESTENA - R?seau T?l?informatique de l'Education Nationale et
de la Recherche
6, rue Richard Coudenhove-Kalergi
L-1359 Luxembourg

Tel: +352 424409 1
Fax: +352 422473

PGP key updated to 4096 Bit RSA - I will encrypt all mails if the
recipient's key is known to me

http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xC0DE6A358A39DC66
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0x8A39DC66.asc
Type: application/pgp-keys
Size: 3243 bytes
Desc: not available
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20140922/31a29f11/attachment-0001.key>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: OpenPGP digital signature
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20140922/31a29f11/attachment-0001.pgp>

------------------------------

Message: 4
Date: Mon, 22 Sep 2014 08:27:20 +0000
From: A.L.M.Buxey@lboro.ac.uk
To: FreeRadius users mailing list
        <freeradius-users@lists.freeradius.org>
Subject: Re: Beginner need help (Himanshu Pandey)
Message-ID: <20140922082720.GA2282@lboro.ac.uk>
Content-Type: text/plain; charset=us-ascii

Hi,

>    Here I would like to know why am I getting reply from 127.0.0.1 when I
>    have explicitly asked to receive from 10.253.6.11

no you havent. you've just added 10.253.6.11 as a possible client.  if you only want to
receive from the interface/IP then change the listen directive in the config so that it
doesnt listen on 127.0.0.1

alan


------------------------------

-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

End of Freeradius-Users Digest, Vol 113, Issue 86
*************************************************