I am using free-radius version 2.10 I am trying to get the server statistics to be displayed for number of access-requests, responses etc: echo "Message-Authenticator = 0x00,FreeRADIUS-Statistics-Type = 1" | radclient localhost:18120 status testing5 but its only printing the “access accept” I have seen the following example but somehow it doesn’t work on my setup, is this some bug or some configuration issue? Can you please help? Asking with radclient The next step is to ask the status server questions about the state of the server. There are some hints in the manual page of the radclient program and the configuration file of the status server itself. Combining both information you can ask i.e. about all authentication packet to and from the server: # echo "Message-Authenticator = 0x00, FreeRADIUS-Statistics-Type = 1" | \ radclient localhost:18120 status adminsecret Received response ID 180, code 2, length = 140 FreeRADIUS-Total-Access-Requests = 3 FreeRADIUS-Total-Access-Accepts = 1 FreeRADIUS-Total-Access-Rejects = 0 FreeRADIUS-Total-Access-Challenges = 0 FreeRADIUS-Total-Auth-Responses = 1 FreeRADIUS-Total-Auth-Duplicate-Requests = 0 FreeRADIUS-Total-Auth-Malformed-Requests = 0 FreeRADIUS-Total-Auth-Invalid-Requests = 0 FreeRADIUS-Total-Auth-Dropped-Requests = 3 FreeRADIUS-Total-Auth-Unknown-Types = 0 http://wiki.freeradius.org/Status On Thu, Oct 28, 2010 at 6:28 PM, Maurice James <midnightsteel@msn.com>wrote:
Working settings I will be stating the changes from the default settings that I made to get it to work. All file names are followed by a colon :
<<<<< = notes changes
****First you must have your ldap server store password in clear text. They CANNOT be hashed in any way**** eap.conf: default_eap_type = peap <<<<<
ldap.attrmap: checkItem Cleartext-Password userPassword <<<<< (this entire line was added to the top of the list)
inner-tunnel: # The ldap module will set Auth-Type to LDAP if it has not # already been set ldap <<<<<(this must be uncommented)
ldap: ldap { # # Note that this needs to match the name in the LDAP # server certificate, if you're using ldaps. server = "xxx.xxx.xxx" <<<<<(your ldap server) identity = "uid=xxx,ou=xxx,ou=TopologyManagement,o=xxx" <<<<<(your ldap admin user) password = xxxxx <<<<<(your ldap admin password) basedn = "dc=xxx,dc=xxx" <<<<<(your base dn) filter = "(uid=%{%{Stripped-User-Name}:-%{User-Name}})"
mschap: use_mppe = yes<<<<<(not sure if this is needed but I changed it from no to yes) with_ntdomain_hack = yes<<<<<(not sure if this is needed but I changed it from no to yes)
default: # The ldap module will set Auth-Type to LDAP if it has not # already been set ldap<<<<<(uncomment)
These are all of the setting that I changed to get Windows 7/Vista x64 > WPA2 > freeradius > 389-DS(Fedora Directory Server) to work
-----Original Message----- From: freeradius-users-bounces+midnightsteel=msn.com@lists.freeradius.org [mailto:freeradius-users-bounces+midnightsteel<freeradius-users-bounces%2Bmidnightsteel> =msn.com@lists.freeradius.org] On Behalf Of Maurice James Sent: Thursday, October 28, 2010 4:37 PM To: 'FreeRadius users mailing list' Subject: RE: Wireless WPA2 enterprise Radius authentication
OK gentlemen, After many sleepless nights I finally got it working. I was almost in tears (lol) but its done. Full authentication and authorization for a mix of Windows7 x64/Vista x64 clients using WPA2 Enterprise, Freeradius, 389-DS(Fedora Directory Services). I will post the configs in a follow-up email.
Special thanks to the following John Dennis Sven Hartge Phil Mayers
Thanks guys
MCITP Enterprise + Server GIAC Security Leadership Certification (GSLC)
-----Original Message----- From: freeradius-users-bounces+midnightsteel=msn.com@lists.freeradius.org [mailto:freeradius-users-bounces+midnightsteel<freeradius-users-bounces%2Bmidnightsteel> =msn.com@lists.freeradius.org] On Behalf Of John Dennis Sent: Wednesday, October 27, 2010 8:54 PM To: FreeRadius users mailing list Subject: Re: Wireless WPA2 enterprise Radius authentication
On 10/27/2010 07:56 PM, Maurice James wrote:
I will give it another try. I've been trying to the last hour to get the clear text password policy to stick to a user. Every time I run the radius debug I see hashed value passed from LDAP. I have to search online for the instructions on how to get 389-ds server to use clear text. Thanks for all the help and advice all. This is one of the most responsive lists that I have ever been a member of
389-ds has most all the features I mentioned. The Administrators Guide is your friend.
389-ds doc can be found here:
http://directory.fedoraproject.org/wiki/Documentation#389_Documentation
The Administrators Guide can be found here:
http://www.redhat.com/docs/manuals/dir-server
-- John Dennis <jdennis@redhat.com>
Looking to carve out IT costs? www.redhat.com/carveoutcosts/ - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html