Hi guys,
New to Freeradius. I installed freeradius in a virtualbox but cant get
it work. This is the error that I get.
rad_recv: Access-Request
packet from host 127.0.0.1 port 52378, id=160, length=119
User-Name =
"test-01"
User-Password =
"test-01"
NAS-IP-Address = 127.0.1.1
NAS-Port =
1812
Message-Authenticator
= 0xb4f32db02020dde2dea54abf00aad93e
State =
0x1924712819bb75814c2d329074168479
EAP-Message =
0x029f00160410804938cd9f788564d605731c54d4ceaf
# Executing section
authorize from file /usr/local/etc/raddb/sites-enabled/default
+- entering group authorize
{...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
++[digest] returns noop
[suffix] No '@' in User-Name
= "test-01", looking up realm NULL
[suffix] No such realm
"NULL"
++[suffix] returns noop
[eap] EAP packet type
response id 159 length 22
[eap] No EAP Start, assuming
it's an on-going EAP conversation
++[eap] returns updated
++[files] returns noop
++[expiration] returns noop
++[logintime] returns noop
[pap] WARNING! No
"known good" password found for the user. Authentication may fail
because of this.
++[pap] returns noop
Found Auth-Type = EAP
# Executing group from file
/usr/local/etc/raddb/sites-enabled/default
+- entering group
authenticate {...}
[eap] Request found,
released from the list
[eap] EAP/md5
[eap] processing type md5
rlm_eap_md5:
Cleartext-Password is required for EAP-MD5 authentication
[eap] Handler failed in
EAP/md5
[eap] Failed in EAP select
++[eap] returns invalid
Failed to authenticate the
user.
Using Post-Auth-Type Reject
# Executing group from file
/usr/local/etc/raddb/sites-enabled/default
+- entering group REJECT
{...}
[attr_filter.access_reject] expand:
%{User-Name} -> test-01
attr_filter: Matched entry
DEFAULT at line 11
++[attr_filter.access_reject]
returns updated
Delaying reject of request 5
for 1 seconds
Going to the next request
Waking up in 0.9 seconds.
Sending delayed reject for
request 5
Sending Access-Reject of id
160 to 127.0.0.1 port 52378
EAP-Message =
0x049f0004
Message-Authenticator
= 0x00000000000000000000000000000000
Waking up in 3.9 seconds.
Cleaning up request 4 ID 159
with timestamp +5907
Waking up in 0.9 seconds.
Cleaning up request 5 ID 160
with timestamp +5907
Ready to process requests.
rad_recv: Access-Request
packet from host 127.0.0.1 port 37217, id=174, length=91
User-Name =
"test-01"
User-Password =
"test-01"
NAS-IP-Address = 127.0.1.1
NAS-Port =
1812
Message-Authenticator
= 0x3731176813fa2d963f45aad0433d91ce
EAP-Message = 0x02ad000c01746573742d3031
# Executing section
authorize from file /usr/local/etc/raddb/sites-enabled/default
+- entering group authorize
{...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
++[digest] returns noop
[suffix] No '@' in User-Name
= "test-01", looking up realm NULL
[suffix] No such realm
"NULL"
++[suffix] returns noop
[eap] EAP packet type
response id 173 length 12
[eap] No EAP Start, assuming
it's an on-going EAP conversation
++[eap] returns updated
++[files] returns noop
++[expiration] returns noop
++[logintime] returns noop
[pap] WARNING! No
"known good" password found for the user. Authentication may fail
because of this.
++[pap] returns noop
Found Auth-Type = EAP
# Executing group from file
/usr/local/etc/raddb/sites-enabled/default
+- entering group
authenticate {...}
[eap] EAP Identity
[eap] processing type md5
rlm_eap_md5: Issuing
Challenge
++[eap] returns handled
Sending Access-Challenge of
id 174 to 127.0.0.1 port 37217
EAP-Message =
0x01ae00160410dd3b9e060bc20ab6c7618dabcbaba135
Message-Authenticator
= 0x00000000000000000000000000000000
State =
0x254299cc25ec9d2a127daea22ca93a94
Finished request 6.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request
packet from host 127.0.0.1 port 37217, id=175, length=119
User-Name =
"test-01"
User-Password =
"test-01"
NAS-IP-Address = 127.0.1.1
NAS-Port =
1812
Message-Authenticator
= 0x74c8493a76c0fd7a58208e5ea899acfe
State =
0x254299cc25ec9d2a127daea22ca93a94
EAP-Message =
0x02ae0016041005754627c66e7e1f2dd289bddf3faede
# Executing section
authorize from file /usr/local/etc/raddb/sites-enabled/default
+- entering group authorize
{...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
++[digest] returns noop
[suffix] No '@' in User-Name
= "test-01", looking up realm NULL
[suffix] No such realm
"NULL"
++[suffix] returns noop
[eap] EAP packet type
response id 174 length 22
[eap] No EAP Start, assuming
it's an on-going EAP conversation
++[eap] returns updated
++[files] returns noop
++[expiration] returns noop
++[logintime] returns noop
[pap] WARNING! No
"known good" password found for the user. Authentication may fail
because of this.
++[pap] returns noop
Found Auth-Type = EAP
# Executing group from file
/usr/local/etc/raddb/sites-enabled/default
+- entering group
authenticate {...}
[eap] Request found,
released from the list
[eap] EAP/md5
[eap] processing type md5
rlm_eap_md5:
Cleartext-Password is required for EAP-MD5 authentication
[eap] Handler failed in
EAP/md5
[eap] Failed in EAP select
++[eap] returns invalid
Failed to authenticate the
user.
Using Post-Auth-Type Reject
# Executing group from file
/usr/local/etc/raddb/sites-enabled/default
+- entering group REJECT
{...}
[attr_filter.access_reject] expand:
%{User-Name} -> test-01
attr_filter: Matched entry
DEFAULT at line 11
++[attr_filter.access_reject]
returns updated
Delaying reject of request 7
for 1 seconds
Going to the next request
Waking up in 0.9 seconds.
Sending delayed reject for
request 7
Sending Access-Reject of id
175 to 127.0.0.1 port 37217
EAP-Message =
0x04ae0004
Message-Authenticator
= 0x00000000000000000000000000000000
Waking up in 3.9 seconds.
Cleaning up request 6 ID 174
with timestamp +6089
Waking up in 0.9 seconds.
Cleaning up request 7 ID 175
with timestamp +6089
Ready to process requests.
Kindly check my users conf.
#test-01 Cleartext-Password
:= "test-01"
#
# Please read the
documentation file ../doc/processing_users_file,
# or 'man 5 users'
(after installing the server) for more information.
#
# This file contains
authentication security and configuration
# information for each
user. Accounting requests are NOT processed
# through this file.
Instead, see 'acct_users', in this directory.
#
# The first field is the
user's name and can be up to
# 253 characters in
length. This is followed (on the same line) with
# the list of
authentication requirements for that user. This can
# include password, comm
server name, comm server port number, protocol
# type (perhaps set by
the "hints" file), and huntgroup name (set by
# the
"huntgroups" file).
#
# If you are not sure
why a particular reply is being sent by the
# server, then run the
server in debugging mode (radiusd -X), and
# you will see which
entries in this file are matched.
#
# When an authentication
request is received from the comm server,
# these values are
tested. Only the first match is used unless the
# "Fall-Through"
variable is set to "Yes".
#
# A special user named
"DEFAULT" matches on all usernames.
# You can have several
DEFAULT entries. All entries are processed
# in the order they
appear in this file. The first entry that
# matches the
login-request will stop processing unless you use
# the Fall-Through
variable.
#
# If you use the
database support to turn this file into a .db or .dbm
# file, the DEFAULT
entries _have_ to be at the end of this file and
# you can't have
multiple entries for one username.
#
# Indented (with the tab
character) lines following the first
# line indicate the
configuration values to be passed back to
# the comm server to
allow the initiation of a user session.
# This can include
things like the PPP configuration values
# or the host to log the
user onto.
#
# You can include
another `users' file with `$INCLUDE users.other'
#
#
# For a list of RADIUS
attributes, and links to their definitions,
# see:
#
# http://www.freeradius.org/rfc/attributes.html
#
#
# Deny access for a specific
user. Note that this entry MUST
# be before any other
'Auth-Type' attribute which results in the user
# being authenticated.
#
# Note that there is NO
'Fall-Through' attribute, so the user will not
# be given any additional resources.
#
#lameuser Auth-Type :=
Reject
# Reply-Message =
"Your account has been disabled."
#
# Deny access for a group of
users.
#
# Note that there is NO
'Fall-Through' attribute, so the user will not
# be given any additional
resources.
#
#DEFAULT Group ==
"disabled", Auth-Type := Reject
# Reply-Message =
"Your account has been disabled."
#
#
# This is a complete entry
for "steve". Note that there is no Fall-Through
# entry so that no DEFAULT
entry will be used, and the user will NOT
# get any attributes in
addition to the ones listed here.
#
steve Cleartext-Password :=
"testing"
Auth-Type := pap
# Service-Type =
Framed-User,
# Framed-Protocol = PPP,
# Framed-IP-Address =
172.16.3.33,
# Framed-IP-Netmask =
255.255.255.0,
# Framed-Routing =
Broadcast-Listen,
# Framed-Filter-Id =
"std.ppp",
# Framed-MTU = 1500,
# Framed-Compression =
Van-Jacobsen-TCP-IP
# Auth-Type := md5,
# Service-Type =
Administrative-user,
# Framed-Protocol = PPP,
# Framed-IP-Address =
172.16.3.33,
# Framed-IP-Netmask =
255.255.255.0,
# Framed-Routing =
Broadcast-Listen,
# Framed-Filter-Id =
"std.ppp",
# Framed-MTU = 1500,
# Framed-Compression =
Van-Jacobsen-TCP-IP
#
# This is an entry for a
user with a space in their name.
# Note the double quotes
surrounding the name.
#
#"John Doe" Cleartext-Password
:= "hello"
# Reply-Message =
"Hello, %{User-Name}"
#
# Dial user back and telnet
to the default host for that port
#
#Deg Cleartext-Password :=
"ge55ged"
# Service-Type =
Callback-Login-User,
# Login-IP-Host =
0.0.0.0,
# Callback-Number =
"9,5551212",
# Login-Service =
Telnet,
# Login-TCP-Port =
Telnet
#
# Another complete entry.
After the user "dialbk" has logged in, the
# connection will be broken
and the user will be dialed back after which
# he will get a connection
to the host "timeshare1".
#
#dialbk Cleartext-Password
:= "callme"
# Service-Type =
Callback-Login-User,
# Login-IP-Host =
timeshare1,
# Login-Service =
PortMaster,
# Callback-Number =
"9,1-800-555-1212"
#
# user "swilson"
will only get a static IP number if he logs in with
# a framed protocol on a
terminal server in Alphen (see the huntgroups file).
#
# Note that by setting
"Fall-Through", other attributes will be added from
# the following DEFAULT
entries
#
#swilson Service-Type ==
Framed-User, Huntgroup-Name == "alphen"
# Framed-IP-Address
= 192.168.1.65,
# Fall-Through =
Yes
#
# If the user logs in as
'username.shell', then authenticate them
# using the default method,
give them shell access, and stop processing
# the rest of the file.
#
#DEFAULT Suffix ==
".shell"
# Service-Type =
Login-User,
# Login-Service =
Telnet,
# Login-IP-Host =
your.shell.machine
#
# The rest of this file
contains the several DEFAULT entries.
# DEFAULT entries match with
all login names.
# Note that DEFAULT entries
can also Fall-Through (see first entry).
# A name-value pair from a
DEFAULT entry will _NEVER_ override
# an already existing
name-value pair.
#
#
# Set up different IP
address pools for the terminal servers.
# Note that the
"+" behind the IP address means that this is the "base"
# IP address. The Port-Id
(S0, S1 etc) will be added to it.
#
#DEFAULT Service-Type ==
Framed-User, Huntgroup-Name == "alphen"
# Framed-IP-Address
= 192.168.1.32+,
# Fall-Through =
Yes
#DEFAULT Service-Type ==
Framed-User, Huntgroup-Name == "delft"
# Framed-IP-Address
= 192.168.2.32+,
# Fall-Through =
Yes
#
# Sample defaults for all
framed connections.
#
#DEFAULT Service-Type ==
Framed-User
# Framed-IP-Address =
255.255.255.254,
# Framed-MTU = 576,
# Service-Type =
Framed-User,
# Fall-Through = Yes
#
# Default for PPP: dynamic
IP address, PPP mode, VJ-compression.
# NOTE: we do not use Hint =
"PPP", since PPP might also be auto-detected
# by the terminal server
in which case there may not be a "P" suffix.
# The terminal server
sends "Framed-Protocol = PPP" for auto PPP.
#
DEFAULT Framed-Protocol
== PPP
Framed-Protocol = PPP,
Framed-Compression =
Van-Jacobson-TCP-IP
#
# Default for CSLIP: dynamic
IP address, SLIP mode, VJ-compression.
#
DEFAULT Hint ==
"CSLIP"
Framed-Protocol =
SLIP,
Framed-Compression =
Van-Jacobson-TCP-IP
#
# Default for SLIP: dynamic
IP address, SLIP mode.
#
DEFAULT Hint ==
"SLIP"
Framed-Protocol = SLIP
#
# Last default: rlogin to
our main server.
#
#DEFAULT
# Service-Type =
Login-User,
# Login-Service =
Rlogin,
# Login-IP-Host =
shellbox.ispdomain.com
# #
# # Last default: shell on
the local terminal server.
# #
# DEFAULT
# Service-Type =
Administrative-User
# On no match, the user is
denied access.
Thank you.
Drei