Hi all, I’ve been struggling to get freeradius setup for a while now, and figured I’d post and see if anyone happens to know what I might be doing wrong..

I attempted to follow the guide here: http://wiki.freeradius.org/Mac-Auth but the raddb/modules/file module doesn’t seem to exist. I tried adding files authorized_macs section to the end of modules/files but I am still getting a module not found error. If someone could help point me in the right direction, it’d be very much appreciated.

 

-Joren

 

root@icarus:~# freeradius -X

FreeRADIUS Version 2.1.8, for host x86_64-pc-linux-gnu, built on Jan  5 2010 at 02:56:18

Copyright (C) 1999-2009 The FreeRADIUS server project and contributors.

There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A

PARTICULAR PURPOSE.

You may redistribute copies of FreeRADIUS under the terms of the

GNU General Public License v2.

Starting - reading configuration files ...

including configuration file /etc/freeradius/radiusd.conf

including configuration file /etc/freeradius/proxy.conf

including configuration file /etc/freeradius/clients.conf

including files in directory /etc/freeradius/modules/

including configuration file /etc/freeradius/modules/ippool

including configuration file /etc/freeradius/modules/attr_rewrite

including configuration file /etc/freeradius/modules/digest

including configuration file /etc/freeradius/modules/ldap

including configuration file /etc/freeradius/modules/always

including configuration file /etc/freeradius/modules/linelog

including configuration file /etc/freeradius/modules/inner-eap

including configuration file /etc/freeradius/modules/krb5

including configuration file /etc/freeradius/modules/mschap

including configuration file /etc/freeradius/modules/chap

including configuration file /etc/freeradius/modules/wimax

including configuration file /etc/freeradius/modules/checkval

including configuration file /etc/freeradius/modules/counter

including configuration file /etc/freeradius/modules/pam

including configuration file /etc/freeradius/modules/perl

including configuration file /etc/freeradius/modules/etc_group

including configuration file /etc/freeradius/modules/sradutmp

including configuration file /etc/freeradius/modules/preprocess

including configuration file /etc/freeradius/modules/sql_log

including configuration file /etc/freeradius/modules/expiration

including configuration file /etc/freeradius/modules/cui

including configuration file /etc/freeradius/modules/smsotp

including configuration file /etc/freeradius/modules/detail.example.com

including configuration file /etc/freeradius/modules/detail.log

including configuration file /etc/freeradius/modules/files

including configuration file /etc/freeradius/modules/logintime

including configuration file /etc/freeradius/modules/pap

including configuration file /etc/freeradius/modules/exec

including configuration file /etc/freeradius/modules/expr

including configuration file /etc/freeradius/modules/policy

including configuration file /etc/freeradius/modules/mac2ip

including configuration file /etc/freeradius/modules/radutmp

including configuration file /etc/freeradius/modules/sqlcounter_expire_on_login

including configuration file /etc/freeradius/modules/unix

including configuration file /etc/freeradius/modules/echo

including configuration file /etc/freeradius/modules/detail

including configuration file /etc/freeradius/modules/realm

including configuration file /etc/freeradius/modules/mac2vlan

including configuration file /etc/freeradius/modules/ntlm_auth

including configuration file /etc/freeradius/modules/passwd

including configuration file /etc/freeradius/modules/smbpasswd

including configuration file /etc/freeradius/modules/acct_unique

including configuration file /etc/freeradius/modules/otp

including configuration file /etc/freeradius/modules/attr_filter

including configuration file /etc/freeradius/eap.conf

including configuration file /etc/freeradius/policy.conf

including files in directory /etc/freeradius/sites-enabled/

including configuration file /etc/freeradius/sites-enabled/default

including configuration file /etc/freeradius/sites-enabled/inner-tunnel

main {

        user = "freerad"

        group = "freerad"

        allow_core_dumps = no

}

including dictionary file /etc/freeradius/dictionary

main {

        prefix = "/usr"

        localstatedir = "/var"

        logdir = "/var/log/freeradius"

        libdir = "/usr/lib/freeradius"

        radacctdir = "/var/log/freeradius/radacct"

        hostname_lookups = no

        max_request_time = 30

        cleanup_delay = 5

        max_requests = 1024

        pidfile = "/var/run/freeradius/freeradius.pid"

        checkrad = "/usr/sbin/checkrad"

        debug_level = 0

        proxy_requests = yes

log {

        stripped_names = no

        auth = no

        auth_badpass = no

        auth_goodpass = no

}

security {

        max_attributes = 200

        reject_delay = 1

        status_server = yes

}

}

radiusd: #### Loading Realms and Home Servers ####

proxy server {

        retry_delay = 5

        retry_count = 3

        default_fallback = no

        dead_time = 120

        wake_all_if_all_dead = no

}

home_server localhost {

        ipaddr = 127.0.0.1

        port = 1812

        type = "auth"

        secret = "testing123"

        response_window = 20

        max_outstanding = 65536

        require_message_authenticator = no

        zombie_period = 40

        status_check = "status-server"

        ping_interval = 30

        check_interval = 30

       num_answers_to_alive = 3

        num_pings_to_alive = 3

        revive_interval = 120

        status_check_timeout = 4

        irt = 2

        mrt = 16

        mrc = 5

        mrd = 30

}

home_server_pool my_auth_failover {

        type = fail-over

        home_server = localhost

}

realm example.com {

        auth_pool = my_auth_failover

}

realm LOCAL {

}

radiusd: #### Loading Clients ####

client 192.168.50.55 {

        require_message_authenticator = no

        secret = "testing123"

        shortname = "3com"

        nastype = "other"

}

client localhost {

        ipaddr = 127.0.0.1

        require_message_authenticator = no

        secret = "testing123"

        nastype = "other"

}

radiusd: #### Instantiating modules ####

instantiate {

Module: Linked to module rlm_exec

Module: Instantiating exec

  exec {

        wait = no

        input_pairs = "request"

        shell_escape = yes

  }

Module: Linked to module rlm_expr

Module: Instantiating expr

Module: Linked to module rlm_expiration

Module: Instantiating expiration

  expiration {

        reply-message = "Password Has Expired  "

  }

Module: Linked to module rlm_logintime

Module: Instantiating logintime

  logintime {

        reply-message = "You are calling outside your allowed timespan  "

        minimum-timeout = 60

  }

}

radiusd: #### Loading Virtual Servers ####

server inner-tunnel {

modules {

Module: Checking authenticate {...} for more modules to load

Module: Linked to module rlm_pap

Module: Instantiating pap

  pap {

        encryption_scheme = "auto"

        auto_header = no

  }

Module: Linked to module rlm_chap

Module: Instantiating chap

Module: Linked to module rlm_mschap

Module: Instantiating mschap

  mschap {

        use_mppe = yes

        require_encryption = no

        require_strong = no

        with_ntdomain_hack = no

  }

Module: Linked to module rlm_unix

Module: Instantiating unix

  unix {

        radwtmp = "/var/log/freeradius/radwtmp"

  }

Module: Linked to module rlm_eap

Module: Instantiating eap

  eap {

        default_eap_type = "md5"

        timer_expire = 60

        ignore_unknown_eap_types = no

        cisco_accounting_username_bug = no

        max_sessions = 4096

  }

Module: Linked to sub-module rlm_eap_md5

Module: Instantiating eap-md5

Module: Linked to sub-module rlm_eap_leap

Module: Instantiating eap-leap

Module: Linked to sub-module rlm_eap_gtc

Module: Instantiating eap-gtc

   gtc {

        challenge = "Password: "

        auth_type = "PAP"

   }

Module: Linked to sub-module rlm_eap_tls

Module: Instantiating eap-tls

   tls {

        rsa_key_exchange = no

        dh_key_exchange = yes

        rsa_key_length = 512

        dh_key_length = 512

        verify_depth = 0

        pem_file_type = yes

        private_key_file = "/etc/freeradius/certs/server.key"

        certificate_file = "/etc/freeradius/certs/server.pem"

        CA_file = "/etc/freeradius/certs/ca.pem"

        private_key_password = "whatever"

        dh_file = "/etc/freeradius/certs/dh"

        random_file = "/etc/freeradius/certs/random"

        fragment_size = 1024

        include_length = yes

        check_crl = no

        cipher_list = "DEFAULT"

        make_cert_command = "/etc/freeradius/certs/bootstrap"

    cache {

        enable = no

        lifetime = 24

        max_entries = 255

    }

   }

Module: Linked to sub-module rlm_eap_ttls

Module: Instantiating eap-ttls

   ttls {

        default_eap_type = "md5"

        copy_request_to_tunnel = no

        use_tunneled_reply = no

        virtual_server = "inner-tunnel"

        include_length = yes

   }

Module: Linked to sub-module rlm_eap_peap

Module: Instantiating eap-peap

   peap {

        default_eap_type = "mschapv2"

        copy_request_to_tunnel = no

        use_tunneled_reply = no

        proxy_tunneled_request_as_eap = yes

        virtual_server = "inner-tunnel"

   }

Module: Linked to sub-module rlm_eap_mschapv2

Module: Instantiating eap-mschapv2

   mschapv2 {

        with_ntdomain_hack = no

   }

Module: Checking authorize {...} for more modules to load

Module: Linked to module rlm_realm

Module: Instantiating suffix

  realm suffix {

        format = "suffix"

        delimiter = "@"

        ignore_default = no

        ignore_null = no

  }

Module: Linked to module rlm_files

Module: Instantiating files

  files {

        usersfile = "/etc/freeradius/users"

        acctusersfile = "/etc/freeradius/acct_users"

        preproxy_usersfile = "/etc/freeradius/preproxy_users"

        compat = "no"

  }

Module: Checking session {...} for more modules to load

Module: Linked to module rlm_radutmp

Module: Instantiating radutmp

  radutmp {

        filename = "/var/log/freeradius/radutmp"

        username = "%{User-Name}"

        case_sensitive = yes

        check_with_nas = yes

        perm = 384

        callerid = yes

  }

Module: Checking post-proxy {...} for more modules to load

Module: Checking post-auth {...} for more modules to load

Module: Linked to module rlm_attr_filter

Module: Instantiating attr_filter.access_reject

  attr_filter attr_filter.access_reject {

        attrsfile = "/etc/freeradius/attrs.access_reject"

        key = "%{User-Name}"

  }

} # modules

} # server

server {

modules {

Module: Checking authenticate {...} for more modules to load

Module: Checking authorize {...} for more modules to load

Module: Linked to module rlm_preprocess

Module: Instantiating preprocess

  preprocess {

        huntgroups = "/etc/freeradius/huntgroups"

        hints = "/etc/freeradius/hints"

        with_ascend_hack = no

        ascend_channels_per_line = 23

        with_ntdomain_hack = no

        with_specialix_jetstream_hack = no

        with_cisco_vsa_hack = no

        with_alvarion_vsa_hack = no

  }

Module: Loading virtual module rewrite_calling_station_id

Module: Linked to module rlm_always

Module: Instantiating noop

  always noop {

        rcode = "noop"

        simulcount = 0

        mpp = no

  }

/etc/freeradius/sites-enabled/default[81]: Failed to find module "authorize_macs".

/etc/freeradius/sites-enabled/default[62]: Errors parsing authorize section.