RE: Freeradius probleming help me
Which port is your Dlink switch sending radius packet to? Most "new" devices use 1812 instead of 1645. Please investigate that first... If the Dlink is sending to port 1812, then just make sure you have "port = 0" in the radiusd.conf file. This will take care of that problem. Both devices have to be talking through the same port. Hope that helps. Alhagie Puye - Network Engineer Datawave Group of Companies (604)295-1817
-----Original Message----- From: freeradius-users-bounces+apuye=datawave.com@lists.freeradius. org [mailto:freeradius-users-bounces+apuye=datawave.com@lists.fre eradius.org] On Behalf Of Kai Geek Sent: January 3, 2006 12:10 AM To: freeradius-users@lists.freeradius.org Subject: Freeradius probleming help me
Hello,
root@kaigeek:/etc/raddb# radiusd -p 1645 Ignoring deprecated command-line option -pTue Jan 3 10:06:51 2006 : Info: Starting - reading configuration files ...
why problem on radiusd ?
root@kaigeek:/etc/raddb# radiusd -X Starting - reading configuration files ... reread_config: reading radiusd.conf Config: including file: /etc/raddb/clients.conf Config: including file: /etc/raddb/eap.conf Config: including file: /etc/raddb/sql.conf main: prefix = "/usr/local" main: localstatedir = "/var" main: logdir = "/var/log/radius" main: libdir = "/usr/local/lib" main: radacctdir = "/var/log/radius/radacct" main: hostname_lookups = no main: max_request_time = 30 main: cleanup_delay = 5 main: max_requests = 1024 main: delete_blocked_requests = 0 main: port = 1645 main: allow_core_dumps = no main: log_stripped_names = no main: log_file = "/var/log/radius/radius.log" main: log_auth = yes main: log_auth_badpass = no main: log_auth_goodpass = no main: pidfile = "/var/run/radiusd/radiusd.pid" main: bind_address = 10.0.0.6 IP address [10.0.0.6] main: user = "root" main: group = "(null)" main: usercollide = no main: lower_user = "no" main: lower_pass = "no" main: nospace_user = "no" main: nospace_pass = "no" main: checkrad = "/usr/local/sbin/checkrad" main: proxy_requests = yes security: max_attributes = 200 security: reject_delay = 1 security: status_server = no main: debug_level = 0 read_config_files: reading dictionary read_config_files: reading naslist Using deprecated naslist file. Support for this will go away soon. read_config_files: reading clients read_config_files: reading realms radiusd: entering modules setup Module: Library search path is /usr/local/lib Module: Loaded exec exec: wait = yes exec: program = "(null)" exec: input_pairs = "request" exec: output_pairs = "(null)" exec: packet_type = "(null)" rlm_exec: Wait=yes but no output defined. Did you mean output=none? Module: Instantiated exec (exec) Module: Loaded expr Module: Instantiated expr (expr) Module: Loaded PAP pap: encryption_scheme = "crypt" Module: Instantiated pap (pap) Module: Loaded CHAP Module: Instantiated chap (chap) Module: Loaded MS-CHAP mschap: use_mppe = yes mschap: require_encryption = no mschap: require_strong = no mschap: with_ntdomain_hack = no mschap: passwd = "(null)" mschap: authtype = "MS-CHAP" mschap: ntlm_auth = "(null)" Module: Instantiated mschap (mschap) Module: Loaded DIGEST Module: Instantiated digest (digest) Module: Loaded System unix: cache = no unix: passwd = "(null)" unix: shadow = "(null)" unix: group = "(null)" unix: radwtmp = "/var/log/radius/radwtmp" unix: usegroup = no unix: cache_reload = 600 Module: Instantiated unix (unix) Module: Loaded eap eap: default_eap_type = "md5" eap: timer_expire = 60 eap: ignore_unknown_eap_types = no eap: cisco_accounting_username_bug = no rlm_eap: Loaded and initialized type md5 rlm_eap: Loaded and initialized type leap gtc: challenge = "Password: " gtc: auth_type = "PAP" rlm_eap: Loaded and initialized type gtc mschapv2: with_ntdomain_hack = no rlm_eap: Loaded and initialized type mschapv2 Module: Instantiated eap (eap) Module: Loaded detail detail: detailfile = "/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d" detail: detailperm = 384 detail: dirperm = 493 detail: locking = no Module: Instantiated detail (auth_log) Module: Loaded attr_filter attr_filter: attrsfile = "/etc/raddb/attrs" rlm_attr_filter: Authorize method will be deprecated. Module: Instantiated attr_filter (attr_filter) Module: Loaded realm realm: format = "suffix" realm: delimiter = "@" realm: ignore_default = no realm: ignore_null = no Module: Instantiated realm (suffix) Module: Loaded files files: usersfile = "/etc/raddb/users" files: acctusersfile = "/etc/raddb/acct_users" files: preproxy_usersfile = "/etc/raddb/preproxy_users" files: compat = "no" Module: Instantiated files (files) Module: Loaded Acct-Unique-Session-Id acct_unique: key = "User-Name, Acct-Session-Id, NAS-IP-Address, Client-IP-Address, NAS-Port" Module: Instantiated acct_unique (acct_unique) detail: detailfile = "/var/log/radius/radacct/%{Client-IP-Address}/detail-%Y%m%d" detail: detailperm = 384 detail: dirperm = 493 detail: locking = no Module: Instantiated detail (detail) Module: Loaded radutmp radutmp: filename = "/var/log/radius/radutmp" radutmp: username = "%{User-Name}" radutmp: case_sensitive = yes radutmp: check_with_nas = yes radutmp: perm = 384 radutmp: callerid = yes Module: Instantiated radutmp (radutmp) Listening on authentication 10.0.0.6:1645 Listening on accounting 10.0.0.6:1646 Listening on proxy 10.0.0.6:1647 Ready to process requests.
#vi users steve Auth-Type := System Service-Type = Shell-User, Login-Service = Telnet, Login-IP-Host = 0.0.0.0, Login-TCP-Port = Telnet
#vi clients.conf client 10.0.0.250 { secret = 250 shortname = switch nastype = dlink }
i am not authentication radius server and dlink switch. what is problem ?
#pico /etc/services # IMPORTANT NOTE: Ports 1645/1646 are the traditional radius ports used by # many vendors without obtaining official IANA assignment. The official # assignment is now ports 1812/1813 and users are encouraged to migrate # when possible to these new ports. radius 1645/udp #RADIUS authentication protocol (old) radacct 1646/udp #RADIUS accounting protocol (old)
help me please...
+-+-+-+ BEGIN PGP SIGNATURE +-+-+-+ Version: GnuPG v1.4.2 (GNU/Linux) .-. .-. _ : : : : :_; .-' : .--. : `-. .-. .--. ,-.,-. ' .; :' '_.'' .; :: :' .; ; : ,. : `.__.'`.__.'`.__.':_;`.__,_;:_;:_;
Kai "Ozgur" Geek Network Engineer PGP ID: B1B63B6E +-+-+-+ END PGP SIGNATURE +-+-+-+
-- _______________________________________________ Check out the latest SMS services @ http://www.linuxmail.org This allows you to send and receive SMS through your mailbox.
Powered by Outblaze
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
This message (including any attachments) is confidential, may be privileged and is only intended for the person to whom it is addressed. If you have received it by mistake please notify the sender by return e-mail and delete this message from your system. Any unauthorized use or dissemination of this message in whole or in part is strictly prohibited. E-mail communications are inherently vulnerable to interception by unauthorized parties and are susceptible to change. We will use alternate communication means upon request.
participants (1)
-
Alhagie Puye