Hi All, I want to use the Radius Server where the requesting Client are IPv6 Host. I have changed the clients.conf like : client 2001:0:0:1::9 { secret = pass shortname = admin } I have changed the users file: vikas User-Password == password Service-Type = Administrative-User But, the RADIUS SERVER is showing: rlm_pap: WARNING! No "known good" password found for the user. Authentication may fail because of this. I have enabled the IPv6 connection line form radiusd.conf file. Is am i require to do any changes which impact of responding to ipv6 client host THANKS IN ADVANCE...I am waiting for early reply. Thanks Vikas S --------------------------------- Got a little couch potato? Check out fun summer activities for kids.
Vikas Bagora wrote:
I want to use the Radius Server where the requesting Client are IPv6 Host.
Is this in 2.0.0-pr2?
I have changed the users file: vikas User-Password == password
No. See the FAQ.
Service-Type = Administrative-User But, the RADIUS SERVER is showing: rlm_pap: WARNING! No "known good" password found for the user. Authentication may fail because of this.
This problem has nothing to do with IPv6. It is because you haven't configured the users file entry correctly.
I have enabled the IPv6 connection line form radiusd.conf file.
I have no idea what that means. Alan DeKok.
Hi All, Sending Clear Information... 1. I am using freeradius-server-2.0.0-pre1 Version(which support for IPv6 also). 2. My Objective is ( Radius Client Information): Make Radius Server to accept the request from the IPv6 client(Embedded System). - My Client has dual TCP/IP Stack enable(IPv4 / IPv6). - My Client IPv6 IP Address is 2001:0:0:1::175. - Sending Radius Packet to 2001:0:0:1::105( Radius Server is running in this IPv6 IP Address). 3. Radius Server Information: Current situation is, Radius Server is getting the Radius Client Request Packet and not responding to its client for the received request packet. - In Radius Server "clients.conf" file is modified with : client 2001:0:0:1::175 { secret = pass Shortname = admin } - "users" file is modified in only with this lines : vikas User-Password == password Service-Type = Administrative - "radiusd.conf" is changed to ( to accept the IPv6 Request): listen { # IP address on which to listen. # Allowed values are: # dotted quad (1.2.3.4) # hostname (radius.example.com) # wildcard (*) # ipaddr = * (COMMENTED THIS LINE) # OR, you can use an IPv6 address, but not both # at the same time. ipv6addr = :: # any. ::1 == localhost (UNCOMMENTED THIS LINE) -. -. - } These are the Changes i have made for Radius Server. When i try to login from the CLI to my embedded system with: username: vikas password: password The Server shows following messeges..( LOG IN ATTACHMENT). 5. So, with this behaviour my Radius Client is getting time out after 3 tries to connect with server. This is not the same with IPv4 request, where in IPv4 from the same Embedded system the Radius Server is responding, but with "access-reject" packet. LOG FOR IPv4 response from Server : RADIUS_CLIENT::process_radius_response() - received a response (2741423ms) code 3, identifier 0, length 20, port index 0, src ip ::ffff:169.26.27.105, src port 1812 Please let me know what changes are require in either side of Radius Server / Radius Client. THANKS IN ADVANCE... Vikas s Alan DeKok <aland@deployingradius.com> wrote: Vikas Bagora wrote:
I want to use the Radius Server where the requesting Client are IPv6 Host.
Is this in 2.0.0-pr2?
I have changed the users file: vikas User-Password == password
No. See the FAQ.
Service-Type = Administrative-User But, the RADIUS SERVER is showing: rlm_pap: WARNING! No "known good" password found for the user. Authentication may fail because of this.
This problem has nothing to do with IPv6. It is because you haven't configured the users file entry correctly.
I have enabled the IPv6 connection line form radiusd.conf file.
I have no idea what that means. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html --------------------------------- Be a better Heartthrob. Get better relationship answers from someone who knows. Yahoo! Answers - Check it out. rad_recv: Access-Request packet from host 2001:0:0:1::175 port 21812, id=0, length=63 User-Name = "vikas" User-Password = "password" NAS-IP-Address = 0x20010000000000010000000000000175 Fri Aug 31 15:20:10 2007 : Debug: Processing the authorize section of radiusd.conf Fri Aug 31 15:20:10 2007 : Debug: +- entering group authorize Fri Aug 31 15:20:10 2007 : Debug: modsingle[authorize]: calling preprocess (rlm_preprocess) for request 0 Fri Aug 31 15:20:10 2007 : Debug: modsingle[authorize]: returned from preprocess (rlm_preprocess) for request 0 Fri Aug 31 15:20:10 2007 : Debug: ++[preprocess] returns ok Fri Aug 31 15:20:10 2007 : Debug: modsingle[authorize]: calling chap (rlm_chap) for request 0 Fri Aug 31 15:20:10 2007 : Debug: modsingle[authorize]: returned from chap (rlm_chap) for request 0 Fri Aug 31 15:20:10 2007 : Debug: ++[chap] returns noop Fri Aug 31 15:20:10 2007 : Debug: modsingle[authorize]: calling mschap (rlm_mschap) for request 0 Fri Aug 31 15:20:10 2007 : Debug: modsingle[authorize]: returned from mschap (rlm_mschap) for request 0 Fri Aug 31 15:20:10 2007 : Debug: ++[mschap] returns noop Fri Aug 31 15:20:10 2007 : Debug: modsingle[authorize]: calling unix (rlm_unix) for request 0 Fri Aug 31 15:20:10 2007 : Debug: modsingle[authorize]: returned from unix (rlm_unix) for request 0 Fri Aug 31 15:20:10 2007 : Debug: ++[unix] returns notfound Fri Aug 31 15:20:10 2007 : Debug: modsingle[authorize]: calling suffix (rlm_realm) for request 0 Fri Aug 31 15:20:10 2007 : Debug: rlm_realm: No '@' in User-Name = "vikas", looking up realm NULL Fri Aug 31 15:20:10 2007 : Debug: rlm_realm: No such realm "NULL" Fri Aug 31 15:20:10 2007 : Debug: modsingle[authorize]: returned from suffix (rlm_realm) for request 0 Fri Aug 31 15:20:10 2007 : Debug: ++[suffix] returns noop Fri Aug 31 15:20:10 2007 : Debug: modsingle[authorize]: calling eap (rlm_eap) for request 0 Fri Aug 31 15:20:10 2007 : Debug: rlm_eap: No EAP-Message, not doing EAP Fri Aug 31 15:20:10 2007 : Debug: modsingle[authorize]: returned from eap (rlm_eap) for request 0 Fri Aug 31 15:20:10 2007 : Debug: ++[eap] returns noop Fri Aug 31 15:20:10 2007 : Debug: modsingle[authorize]: calling files (rlm_files) for request 0Fri Aug 31 15:20:10 2007 : Debug: users: Matched entry vikas at line 93 Fri Aug 31 15:20:10 2007 : Debug: modsingle[authorize]: returned from files (rlm_files) for request 0 Fri Aug 31 15:20:10 2007 : Debug: ++[files] returns ok Fri Aug 31 15:20:10 2007 : Debug: modsingle[authorize]: calling expiration (rlm_expiration) for request 0 Fri Aug 31 15:20:10 2007 : Debug: modsingle[authorize]: returned from expiration (rlm_expiration) for request 0 Fri Aug 31 15:20:10 2007 : Debug: ++[expiration] returns noop Fri Aug 31 15:20:10 2007 : Debug: modsingle[authorize]: calling logintime (rlm_logintime) for request 0 Fri Aug 31 15:20:10 2007 : Debug: modsingle[authorize]: returned from logintime (rlm_logintime) for request 0 Fri Aug 31 15:20:10 2007 : Debug: ++[logintime] returns noop Fri Aug 31 15:20:10 2007 : Debug: modsingle[authorize]: calling pap (rlm_pap) for request 0 Fri Aug 31 15:20:10 2007 : Debug: rlm_pap: WARNING! No "known good" password found for the user. Authentication may fail because of this. Fri Aug 31 15:20:10 2007 : Debug: modsingle[authorize]: returned from pap (rlm_pap) for request 0 Fri Aug 31 15:20:10 2007 : Debug: ++[pap] returns noop Fri Aug 31 15:20:10 2007 : Debug: +- group authorize returns ok Fri Aug 31 15:20:10 2007 : Debug: auth: No authenticate method (Auth-Type) configuration found for the request: Rejecting the user Fri Aug 31 15:20:10 2007 : Debug: auth: Failed to validate the user. Fri Aug 31 15:20:10 2007 : Debug: Found Post-Auth-Type Reject Fri Aug 31 15:20:10 2007 : Debug: Processing the post-auth section of radiusd.conf Fri Aug 31 15:20:10 2007 : Debug: +- entering group REJECT Fri Aug 31 15:20:10 2007 : Debug: modsingle[post-auth]: calling attr_filter.access_reject (rlm_attr_filter) for request 0 Fri Aug 31 15:20:10 2007 : Debug: radius_xlat: 'vikas' Fri Aug 31 15:20:10 2007 : Debug: attr_filter: Matched entry DEFAULT at line 11 Fri Aug 31 15:20:10 2007 : Debug: modsingle[post-auth]: returned from attr_filter.access_reject (rlm_attr_filter) for request 0 Fri Aug 31 15:20:10 2007 : Debug: ++[attr_filter.access_reject] returns updated Fri Aug 31 15:20:10 2007 : Debug: +- group REJECT returns updated Fri Aug 31 15:20:10 2007 : Debug: Delaying reject of request 0 for 1 seconds Fri Aug 31 15:20:10 2007 : Debug: Going to the next request Fri Aug 31 15:20:11 2007 : Debug: Sending delayed reject for request 0 Sending Access-Reject of id 0 to 2001:0:0:1::175 port 21812 Fri Aug 31 15:20:11 2007 : Debug: Waking up in 4 seconds... rad_recv: Access-Request packet from host 2001:0:0:1::175 port 21812, id=0, length=63 Fri Aug 31 15:20:13 2007 : Debug: Cleaning up request 0 ID 0 with timestamp +8 User-Name = "vikas" User-Password = "password" NAS-IP-Address = 0x20010000000000010000000000000175 Fri Aug 31 15:20:13 2007 : Debug: Processing the authorize section of radiusd.conf Fri Aug 31 15:20:13 2007 : Debug: +- entering group authorize Fri Aug 31 15:20:13 2007 : Debug: modsingle[authorize]: calling preprocess (rlm_preprocess) for request 1 Fri Aug 31 15:20:13 2007 : Debug: modsingle[authorize]: returned from preprocess (rlm_preprocess) for request 1 Fri Aug 31 15:20:13 2007 : Debug: ++[preprocess] returns ok Fri Aug 31 15:20:13 2007 : Debug: modsingle[authorize]: calling chap (rlm_chap) for request 1 Fri Aug 31 15:20:13 2007 : Debug: modsingle[authorize]: returned from chap (rlm_chap) for request 1 Fri Aug 31 15:20:13 2007 : Debug: ++[chap] returns noop Fri Aug 31 15:20:13 2007 : Debug: modsingle[authorize]: calling mschap (rlm_mschap) for request 1 Fri Aug 31 15:20:13 2007 : Debug: modsingle[authorize]: returned from mschap (rlm_mschap) for request 1 Fri Aug 31 15:20:13 2007 : Debug: ++[mschap] returns noop Fri Aug 31 15:20:13 2007 : Debug: modsingle[authorize]: calling unix (rlm_unix) for request 1 Fri Aug 31 15:20:13 2007 : Debug: modsingle[authorize]: returned from unix (rlm_unix) for request 1 Fri Aug 31 15:20:13 2007 : Debug: ++[unix] returns notfound Fri Aug 31 15:20:13 2007 : Debug: modsingle[authorize]: calling suffix (rlm_realm) for request 1 Fri Aug 31 15:20:13 2007 : Debug: rlm_realm: No '@' in User-Name = "vikas", looking up realm NULL Fri Aug 31 15:20:13 2007 : Debug: rlm_realm: No such realm "NULL" Fri Aug 31 15:20:13 2007 : Debug: modsingle[authorize]: returned from suffix (rlm_realm) for request 1 Fri Aug 31 15:20:13 2007 : Debug: ++[suffix] returns noop Fri Aug 31 15:20:13 2007 : Debug: modsingle[authorize]: calling eap (rlm_eap) for request 1 Fri Aug 31 15:20:13 2007 : Debug: rlm_eap: No EAP-Message, not doing EAP Fri Aug 31 15:20:13 2007 : Debug: modsingle[authorize]: returned from eap (rlm_eap) for request 1 Fri Aug 31 15:20:13 2007 : Debug: ++[eap] returns noop Fri Aug 31 15:20:13 2007 : Debug: modsingle[authorize]: calling files (rlm_files) for request 1Fri Aug 31 15:20:13 2007 : Debug: users: Matched entry vikas at line 93 Fri Aug 31 15:20:13 2007 : Debug: modsingle[authorize]: returned from files (rlm_files) for request 1 Fri Aug 31 15:20:13 2007 : Debug: ++[files] returns ok Fri Aug 31 15:20:13 2007 : Debug: modsingle[authorize]: calling expiration (rlm_expiration) for request 1 Fri Aug 31 15:20:13 2007 : Debug: modsingle[authorize]: returned from expiration (rlm_expiration) for request 1 Fri Aug 31 15:20:13 2007 : Debug: ++[expiration] returns noop Fri Aug 31 15:20:13 2007 : Debug: modsingle[authorize]: calling logintime (rlm_logintime) for request 1 Fri Aug 31 15:20:13 2007 : Debug: modsingle[authorize]: returned from logintime (rlm_logintime) for request 1 Fri Aug 31 15:20:13 2007 : Debug: ++[logintime] returns noop Fri Aug 31 15:20:13 2007 : Debug: modsingle[authorize]: calling pap (rlm_pap) for request 1 Fri Aug 31 15:20:13 2007 : Debug: rlm_pap: WARNING! No "known good" password found for the user. Authentication may fail because of this. Fri Aug 31 15:20:13 2007 : Debug: modsingle[authorize]: returned from pap (rlm_pap) for request 1 Fri Aug 31 15:20:13 2007 : Debug: ++[pap] returns noop Fri Aug 31 15:20:13 2007 : Debug: +- group authorize returns ok Fri Aug 31 15:20:13 2007 : Debug: auth: No authenticate method (Auth-Type) configuration found for the request: Rejecting the user Fri Aug 31 15:20:13 2007 : Debug: auth: Failed to validate the user. Fri Aug 31 15:20:13 2007 : Debug: Found Post-Auth-Type Reject Fri Aug 31 15:20:13 2007 : Debug: Processing the post-auth section of radiusd.conf Fri Aug 31 15:20:13 2007 : Debug: +- entering group REJECT Fri Aug 31 15:20:13 2007 : Debug: modsingle[post-auth]: calling attr_filter.access_reject (rlm_attr_filter) for request 1 Fri Aug 31 15:20:13 2007 : Debug: radius_xlat: 'vikas' Fri Aug 31 15:20:13 2007 : Debug: attr_filter: Matched entry DEFAULT at line 11 Fri Aug 31 15:20:13 2007 : Debug: modsingle[post-auth]: returned from attr_filter.access_reject (rlm_attr_filter) for request 1 Fri Aug 31 15:20:13 2007 : Debug: ++[attr_filter.access_reject] returns updated Fri Aug 31 15:20:13 2007 : Debug: +- group REJECT returns updated Fri Aug 31 15:20:13 2007 : Debug: Delaying reject of request 1 for 1 seconds Fri Aug 31 15:20:13 2007 : Debug: Going to the next request Fri Aug 31 15:20:14 2007 : Debug: Sending delayed reject for request 1 Sending Access-Reject of id 0 to 2001:0:0:1::175 port 21812 Fri Aug 31 15:20:14 2007 : Debug: Waking up in 4 seconds... rad_recv: Access-Request packet from host 2001:0:0:1::175 port 21812, id=0, length=63 Fri Aug 31 15:20:17 2007 : Debug: Cleaning up request 1 ID 0 with timestamp +11 User-Name = "vikas" User-Password = "password" NAS-IP-Address = 0x20010000000000010000000000000175 Fri Aug 31 15:20:17 2007 : Debug: Processing the authorize section of radiusd.conf Fri Aug 31 15:20:17 2007 : Debug: +- entering group authorize Fri Aug 31 15:20:17 2007 : Debug: modsingle[authorize]: calling preprocess (rlm_preprocess) for request 2 Fri Aug 31 15:20:17 2007 : Debug: modsingle[authorize]: returned from preprocess (rlm_preprocess) for request 2 Fri Aug 31 15:20:17 2007 : Debug: ++[preprocess] returns ok Fri Aug 31 15:20:17 2007 : Debug: modsingle[authorize]: calling chap (rlm_chap) for request 2 Fri Aug 31 15:20:17 2007 : Debug: modsingle[authorize]: returned from chap (rlm_chap) for request 2 Fri Aug 31 15:20:17 2007 : Debug: ++[chap] returns noop Fri Aug 31 15:20:17 2007 : Debug: modsingle[authorize]: calling mschap (rlm_mschap) for request 2 Fri Aug 31 15:20:17 2007 : Debug: modsingle[authorize]: returned from mschap (rlm_mschap) for request 2 Fri Aug 31 15:20:17 2007 : Debug: ++[mschap] returns noop Fri Aug 31 15:20:17 2007 : Debug: modsingle[authorize]: calling unix (rlm_unix) for request 2 Fri Aug 31 15:20:17 2007 : Debug: modsingle[authorize]: returned from unix (rlm_unix) for request 2 Fri Aug 31 15:20:17 2007 : Debug: ++[unix] returns notfound Fri Aug 31 15:20:17 2007 : Debug: modsingle[authorize]: calling suffix (rlm_realm) for request 2 Fri Aug 31 15:20:17 2007 : Debug: rlm_realm: No '@' in User-Name = "vikas", looking up realm NULL Fri Aug 31 15:20:17 2007 : Debug: rlm_realm: No such realm "NULL" Fri Aug 31 15:20:17 2007 : Debug: modsingle[authorize]: returned from suffix (rlm_realm) for request 2 Fri Aug 31 15:20:17 2007 : Debug: ++[suffix] returns noop Fri Aug 31 15:20:17 2007 : Debug: modsingle[authorize]: calling eap (rlm_eap) for request 2 Fri Aug 31 15:20:17 2007 : Debug: rlm_eap: No EAP-Message, not doing EAP Fri Aug 31 15:20:17 2007 : Debug: modsingle[authorize]: returned from eap (rlm_eap) for request 2 Fri Aug 31 15:20:17 2007 : Debug: ++[eap] returns noop Fri Aug 31 15:20:17 2007 : Debug: modsingle[authorize]: calling files (rlm_files) for request 2Fri Aug 31 15:20:17 2007 : Debug: users: Matched entry vikas at line 93 Fri Aug 31 15:20:17 2007 : Debug: modsingle[authorize]: returned from files (rlm_files) for request 2 Fri Aug 31 15:20:17 2007 : Debug: ++[files] returns ok Fri Aug 31 15:20:17 2007 : Debug: modsingle[authorize]: calling expiration (rlm_expiration) for request 2 Fri Aug 31 15:20:17 2007 : Debug: modsingle[authorize]: returned from expiration (rlm_expiration) for request 2 Fri Aug 31 15:20:17 2007 : Debug: ++[expiration] returns noop Fri Aug 31 15:20:17 2007 : Debug: modsingle[authorize]: calling logintime (rlm_logintime) for request 2 Fri Aug 31 15:20:17 2007 : Debug: modsingle[authorize]: returned from logintime (rlm_logintime) for request 2 Fri Aug 31 15:20:17 2007 : Debug: ++[logintime] returns noop Fri Aug 31 15:20:17 2007 : Debug: modsingle[authorize]: calling pap (rlm_pap) for request 2 Fri Aug 31 15:20:17 2007 : Debug: rlm_pap: WARNING! No "known good" password found for the user. Authentication may fail because of this. Fri Aug 31 15:20:17 2007 : Debug: modsingle[authorize]: returned from pap (rlm_pap) for request 2 Fri Aug 31 15:20:17 2007 : Debug: ++[pap] returns noop Fri Aug 31 15:20:17 2007 : Debug: +- group authorize returns ok Fri Aug 31 15:20:17 2007 : Debug: auth: No authenticate method (Auth-Type) configuration found for the request: Rejecting the user Fri Aug 31 15:20:17 2007 : Debug: auth: Failed to validate the user. Fri Aug 31 15:20:17 2007 : Debug: Found Post-Auth-Type Reject Fri Aug 31 15:20:17 2007 : Debug: Processing the post-auth section of radiusd.conf Fri Aug 31 15:20:17 2007 : Debug: +- entering group REJECT Fri Aug 31 15:20:17 2007 : Debug: modsingle[post-auth]: calling attr_filter.access_reject (rlm_attr_filter) for request 2 Fri Aug 31 15:20:17 2007 : Debug: radius_xlat: 'vikas' Fri Aug 31 15:20:17 2007 : Debug: attr_filter: Matched entry DEFAULT at line 11 Fri Aug 31 15:20:17 2007 : Debug: modsingle[post-auth]: returned from attr_filter.access_reject (rlm_attr_filter) for request 2 Fri Aug 31 15:20:17 2007 : Debug: ++[attr_filter.access_reject] returns updated Fri Aug 31 15:20:17 2007 : Debug: +- group REJECT returns updated Fri Aug 31 15:20:17 2007 : Debug: Delaying reject of request 2 for 1 seconds Fri Aug 31 15:20:17 2007 : Debug: Going to the next request Fri Aug 31 15:20:18 2007 : Debug: Sending delayed reject for request 2 Sending Access-Reject of id 0 to 2001:0:0:1::175 port 21812 Fri Aug 31 15:20:18 2007 : Debug: Waking up in 4 seconds... Fri Aug 31 15:20:23 2007 : Debug: Cleaning up request 2 ID 0 with timestamp +15 Fri Aug 31 15:20:23 2007 : Debug: Nothing to do. Sleeping until we see a request.
THaNks A Lot Alan, Now Server is working Fine for the IPv4 Client Request only, But i dont understand with the same Image(with the same set-up) why the IPv6(client) Connection is not receiving reply back from the Radius Server...though Server is authentication properly as similar its doing for the IPv4 connection from the client. Server side: I am not sure whether Radius Server is sending(access-accept is showing on screen) the packet to IPv6 Client or not..I need to confrim that !!! Client Side: After sending the Access-Request packet to server the client is getting time out and after 3 tries and then its exceeding its time limit and stop requesting for the IPv6 connection further. I have stoped time out even aslo...but not worked ! Its not getting response packet from the Radius Server. Thanks again.... Vikas Alan DeKok <aland@deployingradius.com> wrote: Vikas Bagora wrote:
1. I am using freeradius-server-2.0.0-pre1
Please use 2.0.0-pre2.
- "*users*" file is modified in only with this lines : vikas User-Password == password
Change that line to: vikas Cleartext-Password := "password" Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html --------------------------------- Luggage? GPS? Comic books? Check out fitting gifts for grads at Yahoo! Search.
participants (2)
-
Alan DeKok -
Vikas Bagora