On 01/04/2010, at 8:40 PM, Bruno Kremel wrote:
2010/4/1 Matt Harlum <matt@cactuar.net>:
On 01/04/2010, at 1:44 PM, Matt Harlum wrote:
On 01/04/2010, at 7:39 AM, Bruno Kremel wrote:
On Wednesday 31 March 2010 21:28:48 Alan DeKok wrote: What should be there? Beacuse I don't know I am using Daloradius web interafce for adding data to database, so I just loaded default daloradius sql which was intendet (according to readme od daloradius) for 2.X Freeradius... and added accounts in web interface...
Here's an example from my radcheck table in the SQL Database id | UserName | Attribute | op | Value | +----+----------+---------------+----+------------+ | 1 | exampleuser | User-Password | == | password123 | This is how yours should be set up, otherwise you will get the "validating" issue in Windows.
I was wrong it should be Here's an example from my radcheck table in the SQL Database id | UserName | Attribute | op | Value | +----+----------+---------------+----+------------+ | 1 | exampleuser | Cleartext-Password | := | password123 | My configuration was wrong it'd seem, I hadn't noticed as I'm primarily using EAP-TLS with EAP-TTLS as a fallback. didn't test it when I upgraded to 2.x Regards, Matt Harlum
To me it seems that name/password was accepted so I have no clue where
is the problem..
The password was NOT accepted. It was *ignored*.
And what is that Accept-Accept on the end of the log?... also radtest gives me Accept-Accept only on correct login and password so I think that it's not that SQL...
As Alan said, it was simply ignored because of the misconfiguration Regards, Matt Harlum
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Thank you for answer.. You are right with that sql it is some mess in daloradius, but I tryed to disable SQL and use /etc/freeradius/users file instead, but I am stuck on Attempting to authenticate now.. log says this:
Are you trying to use EAP-TTLS?
Going to the next request Waking up in 4.9 seconds. rad_recv: Access-Request packet from host 192.168.3.1 port 1320, id=0, length=137 Cleaning up request 39 ID 0 with timestamp +589 User-Name = "pokus" NAS-IP-Address = 192.168.3.1 Called-Station-Id = "00259c523046" Calling-Station-Id = "001e650eb532" NAS-Identifier = "00259c523046" NAS-Port = 9 Framed-MTU = 1400 State = 0x53b1704550ba694fbe3359243d2a2638 NAS-Port-Type = Wireless-802.11 EAP-Message = 0x020b00061900 Message-Authenticator = 0x5fde19c57e8672a11c18b0b34d8c3acd +- entering group authorize ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop rlm_realm: No '@' in User-Name = "pokus", looking up realm NULL rlm_realm: No such realm "NULL" ++[suffix] returns noop rlm_eap: EAP packet type response id 11 length 6 rlm_eap: Continuing tunnel setup. ++[eap] returns ok rad_check_password: Found Auth-Type EAP auth: type "EAP" +- entering group authenticate rlm_eap: Request found, released from the list rlm_eap: EAP/peap rlm_eap: processing type peap rlm_eap_peap: Authenticate rlm_eap_tls: processing TLS rlm_eap_tls: Received EAP-TLS ACK message rlm_eap_tls: ack handshake fragment handler eaptls_verify returned 1 eaptls_process returned 13 rlm_eap_peap: EAPTLS_HANDLED ++[eap] returns handled Sending Access-Challenge of id 0 to 192.168.3.1 port 1320 EAP-Message = 0x010c00061900 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x53b1704557bd694fbe3359243d2a2638 Finished request 40. Going to the next request Waking up in 4.9 seconds. Cleaning up request 40 ID 0 with timestamp +589 Ready to process requests.
Hard for me to tell what's going wrong here, radiusd -X should give more diagnostic information that would help also, what was the exact section of your users file like? with obfuscated login credentials of course.
That Access-Challenge should authenticate my client if I am not wrong, but it still shows me validating identity and the attempting to authenticate...
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html