Hi guys,

 

New to Freeradius. I installed freeradius in a virtualbox but cant get it work. This is the error that I get.

rad_recv: Access-Request packet from host 127.0.0.1 port 52378, id=160, length=119

      User-Name = "test-01"

      User-Password = "test-01"

      NAS-IP-Address = 127.0.1.1

      NAS-Port = 1812

      Message-Authenticator = 0xb4f32db02020dde2dea54abf00aad93e

      State = 0x1924712819bb75814c2d329074168479

      EAP-Message = 0x029f00160410804938cd9f788564d605731c54d4ceaf

# Executing section authorize from file /usr/local/etc/raddb/sites-enabled/default

+- entering group authorize {...}

++[preprocess] returns ok

++[chap] returns noop

++[mschap] returns noop

++[digest] returns noop

[suffix] No '@' in User-Name = "test-01", looking up realm NULL

[suffix] No such realm "NULL"

++[suffix] returns noop

[eap] EAP packet type response id 159 length 22

[eap] No EAP Start, assuming it's an on-going EAP conversation

++[eap] returns updated

++[files] returns noop

++[expiration] returns noop

++[logintime] returns noop

[pap] WARNING! No "known good" password found for the user.  Authentication may fail because of this.

++[pap] returns noop

Found Auth-Type = EAP

# Executing group from file /usr/local/etc/raddb/sites-enabled/default

+- entering group authenticate {...}

[eap] Request found, released from the list

[eap] EAP/md5

[eap] processing type md5

rlm_eap_md5: Cleartext-Password is required for EAP-MD5 authentication

[eap] Handler failed in EAP/md5

[eap] Failed in EAP select

++[eap] returns invalid

Failed to authenticate the user.

Using Post-Auth-Type Reject

# Executing group from file /usr/local/etc/raddb/sites-enabled/default

+- entering group REJECT {...}

[attr_filter.access_reject]   expand: %{User-Name} -> test-01

 attr_filter: Matched entry DEFAULT at line 11

++[attr_filter.access_reject] returns updated

Delaying reject of request 5 for 1 seconds

Going to the next request

Waking up in 0.9 seconds.

Sending delayed reject for request 5

Sending Access-Reject of id 160 to 127.0.0.1 port 52378

      EAP-Message = 0x049f0004

      Message-Authenticator = 0x00000000000000000000000000000000

Waking up in 3.9 seconds.

Cleaning up request 4 ID 159 with timestamp +5907

Waking up in 0.9 seconds.

Cleaning up request 5 ID 160 with timestamp +5907

Ready to process requests.

rad_recv: Access-Request packet from host 127.0.0.1 port 37217, id=174, length=91

      User-Name = "test-01"

      User-Password = "test-01"

      NAS-IP-Address = 127.0.1.1

      NAS-Port = 1812

      Message-Authenticator = 0x3731176813fa2d963f45aad0433d91ce

      EAP-Message = 0x02ad000c01746573742d3031

# Executing section authorize from file /usr/local/etc/raddb/sites-enabled/default

+- entering group authorize {...}

++[preprocess] returns ok

++[chap] returns noop

++[mschap] returns noop

++[digest] returns noop

[suffix] No '@' in User-Name = "test-01", looking up realm NULL

[suffix] No such realm "NULL"

++[suffix] returns noop

[eap] EAP packet type response id 173 length 12

[eap] No EAP Start, assuming it's an on-going EAP conversation

++[eap] returns updated

++[files] returns noop

++[expiration] returns noop

++[logintime] returns noop

[pap] WARNING! No "known good" password found for the user.  Authentication may fail because of this.

++[pap] returns noop

Found Auth-Type = EAP

# Executing group from file /usr/local/etc/raddb/sites-enabled/default

+- entering group authenticate {...}

[eap] EAP Identity

[eap] processing type md5

rlm_eap_md5: Issuing Challenge

++[eap] returns handled

Sending Access-Challenge of id 174 to 127.0.0.1 port 37217

      EAP-Message = 0x01ae00160410dd3b9e060bc20ab6c7618dabcbaba135

      Message-Authenticator = 0x00000000000000000000000000000000

      State = 0x254299cc25ec9d2a127daea22ca93a94

Finished request 6.

Going to the next request

Waking up in 4.9 seconds.

rad_recv: Access-Request packet from host 127.0.0.1 port 37217, id=175, length=119

      User-Name = "test-01"

      User-Password = "test-01"

      NAS-IP-Address = 127.0.1.1

      NAS-Port = 1812

      Message-Authenticator = 0x74c8493a76c0fd7a58208e5ea899acfe

      State = 0x254299cc25ec9d2a127daea22ca93a94

      EAP-Message = 0x02ae0016041005754627c66e7e1f2dd289bddf3faede

# Executing section authorize from file /usr/local/etc/raddb/sites-enabled/default

+- entering group authorize {...}

++[preprocess] returns ok

++[chap] returns noop

++[mschap] returns noop

++[digest] returns noop

[suffix] No '@' in User-Name = "test-01", looking up realm NULL

[suffix] No such realm "NULL"

++[suffix] returns noop

[eap] EAP packet type response id 174 length 22

[eap] No EAP Start, assuming it's an on-going EAP conversation

++[eap] returns updated

++[files] returns noop

++[expiration] returns noop

++[logintime] returns noop

[pap] WARNING! No "known good" password found for the user.  Authentication may fail because of this.

++[pap] returns noop

Found Auth-Type = EAP

# Executing group from file /usr/local/etc/raddb/sites-enabled/default

+- entering group authenticate {...}

[eap] Request found, released from the list

[eap] EAP/md5

[eap] processing type md5

rlm_eap_md5: Cleartext-Password is required for EAP-MD5 authentication

[eap] Handler failed in EAP/md5

[eap] Failed in EAP select

++[eap] returns invalid

Failed to authenticate the user.

Using Post-Auth-Type Reject

# Executing group from file /usr/local/etc/raddb/sites-enabled/default

+- entering group REJECT {...}

[attr_filter.access_reject]   expand: %{User-Name} -> test-01

 attr_filter: Matched entry DEFAULT at line 11

++[attr_filter.access_reject] returns updated

Delaying reject of request 7 for 1 seconds

Going to the next request

Waking up in 0.9 seconds.

Sending delayed reject for request 7

Sending Access-Reject of id 175 to 127.0.0.1 port 37217

      EAP-Message = 0x04ae0004

      Message-Authenticator = 0x00000000000000000000000000000000

Waking up in 3.9 seconds.

Cleaning up request 6 ID 174 with timestamp +6089

Waking up in 0.9 seconds.

Cleaning up request 7 ID 175 with timestamp +6089

Ready to process requests.

 

 

 

Kindly check my users conf.

 

#test-01    Cleartext-Password := "test-01"

#

#     Please read the documentation file ../doc/processing_users_file,

#     or 'man 5 users' (after installing the server) for more information.

#

#     This file contains authentication security and configuration

#     information for each user.  Accounting requests are NOT processed

#     through this file.  Instead, see 'acct_users', in this directory.

#

#     The first field is the user's name and can be up to

#     253 characters in length.  This is followed (on the same line) with

#     the list of authentication requirements for that user.  This can

#     include password, comm server name, comm server port number, protocol

#     type (perhaps set by the "hints" file), and huntgroup name (set by

#     the "huntgroups" file).

#

#     If you are not sure why a particular reply is being sent by the

#     server, then run the server in debugging mode (radiusd -X), and

#     you will see which entries in this file are matched.

#

#     When an authentication request is received from the comm server,

#     these values are tested. Only the first match is used unless the

#     "Fall-Through" variable is set to "Yes".

#

#     A special user named "DEFAULT" matches on all usernames.

#     You can have several DEFAULT entries. All entries are processed

#     in the order they appear in this file. The first entry that

#     matches the login-request will stop processing unless you use

#     the Fall-Through variable.

#

#     If you use the database support to turn this file into a .db or .dbm

#     file, the DEFAULT entries _have_ to be at the end of this file and

#     you can't have multiple entries for one username.

#

#     Indented (with the tab character) lines following the first

#     line indicate the configuration values to be passed back to

#     the comm server to allow the initiation of a user session.

#     This can include things like the PPP configuration values

#     or the host to log the user onto.

#

#     You can include another `users' file with `$INCLUDE users.other'

#

 

#

#     For a list of RADIUS attributes, and links to their definitions,

#     see:

#

#     http://www.freeradius.org/rfc/attributes.html

#

 

#

# Deny access for a specific user.  Note that this entry MUST

# be before any other 'Auth-Type' attribute which results in the user

# being authenticated.

#

# Note that there is NO 'Fall-Through' attribute, so the user will not

# be given any additional resources.

#

#lameuser   Auth-Type := Reject

#           Reply-Message = "Your account has been disabled."

 

#

# Deny access for a group of users.

#

# Note that there is NO 'Fall-Through' attribute, so the user will not

# be given any additional resources.

#

#DEFAULT    Group == "disabled", Auth-Type := Reject

#           Reply-Message = "Your account has been disabled."

#

 

#

# This is a complete entry for "steve". Note that there is no Fall-Through

# entry so that no DEFAULT entry will be used, and the user will NOT

# get any attributes in addition to the ones listed here.

#

steve Cleartext-Password := "testing"

Auth-Type := pap

#     Service-Type = Framed-User,

#     Framed-Protocol = PPP,

#     Framed-IP-Address = 172.16.3.33,

#     Framed-IP-Netmask = 255.255.255.0,

#     Framed-Routing = Broadcast-Listen,

#     Framed-Filter-Id = "std.ppp",

#     Framed-MTU = 1500,

#     Framed-Compression = Van-Jacobsen-TCP-IP

 

 

#     Auth-Type := md5,

#     Service-Type = Administrative-user,

#     Framed-Protocol = PPP,

#     Framed-IP-Address = 172.16.3.33,

#     Framed-IP-Netmask = 255.255.255.0,

#     Framed-Routing = Broadcast-Listen,

#     Framed-Filter-Id = "std.ppp",

#     Framed-MTU = 1500,

#     Framed-Compression = Van-Jacobsen-TCP-IP

 

#

# This is an entry for a user with a space in their name.

# Note the double quotes surrounding the name.

#

#"John Doe" Cleartext-Password := "hello"

#           Reply-Message = "Hello, %{User-Name}"

 

#

# Dial user back and telnet to the default host for that port

#

#Deg  Cleartext-Password := "ge55ged"

#     Service-Type = Callback-Login-User,

#     Login-IP-Host = 0.0.0.0,

#     Callback-Number = "9,5551212",

#     Login-Service = Telnet,

#     Login-TCP-Port = Telnet

 

#

# Another complete entry. After the user "dialbk" has logged in, the

# connection will be broken and the user will be dialed back after which

# he will get a connection to the host "timeshare1".

#

#dialbk     Cleartext-Password := "callme"

#     Service-Type = Callback-Login-User,

#     Login-IP-Host = timeshare1,

#     Login-Service = PortMaster,

#     Callback-Number = "9,1-800-555-1212"

 

#

# user "swilson" will only get a static IP number if he logs in with

# a framed protocol on a terminal server in Alphen (see the huntgroups file).

#

# Note that by setting "Fall-Through", other attributes will be added from

# the following DEFAULT entries

#

#swilson    Service-Type == Framed-User, Huntgroup-Name == "alphen"

#           Framed-IP-Address = 192.168.1.65,

#           Fall-Through = Yes

 

#

# If the user logs in as 'username.shell', then authenticate them

# using the default method, give them shell access, and stop processing

# the rest of the file.

#

#DEFAULT    Suffix == ".shell"

#           Service-Type = Login-User,

#           Login-Service = Telnet,

#           Login-IP-Host = your.shell.machine

 

 

#

# The rest of this file contains the several DEFAULT entries.

# DEFAULT entries match with all login names.

# Note that DEFAULT entries can also Fall-Through (see first entry).

# A name-value pair from a DEFAULT entry will _NEVER_ override

# an already existing name-value pair.

#

 

#

# Set up different IP address pools for the terminal servers.

# Note that the "+" behind the IP address means that this is the "base"

# IP address. The Port-Id (S0, S1 etc) will be added to it.

#

#DEFAULT    Service-Type == Framed-User, Huntgroup-Name == "alphen"

#           Framed-IP-Address = 192.168.1.32+,

#           Fall-Through = Yes

 

#DEFAULT    Service-Type == Framed-User, Huntgroup-Name == "delft"

#           Framed-IP-Address = 192.168.2.32+,

#           Fall-Through = Yes

 

#

# Sample defaults for all framed connections.

#

#DEFAULT    Service-Type == Framed-User

#     Framed-IP-Address = 255.255.255.254,

#     Framed-MTU = 576,

#     Service-Type = Framed-User,

#     Fall-Through = Yes

 

#

# Default for PPP: dynamic IP address, PPP mode, VJ-compression.

# NOTE: we do not use Hint = "PPP", since PPP might also be auto-detected

#     by the terminal server in which case there may not be a "P" suffix.

#     The terminal server sends "Framed-Protocol = PPP" for auto PPP.

#

DEFAULT     Framed-Protocol == PPP

      Framed-Protocol = PPP,

      Framed-Compression = Van-Jacobson-TCP-IP

 

#

# Default for CSLIP: dynamic IP address, SLIP mode, VJ-compression.

#

DEFAULT     Hint == "CSLIP"

      Framed-Protocol = SLIP,

      Framed-Compression = Van-Jacobson-TCP-IP

 

#

# Default for SLIP: dynamic IP address, SLIP mode.

#

DEFAULT     Hint == "SLIP"

      Framed-Protocol = SLIP

 

#

# Last default: rlogin to our main server.

#

#DEFAULT

#     Service-Type = Login-User,

#     Login-Service = Rlogin,

#     Login-IP-Host = shellbox.ispdomain.com

 

# #

# # Last default: shell on the local terminal server.

# #

# DEFAULT

#     Service-Type = Administrative-User

 

# On no match, the user is denied access.

 

Thank you.

Drei