Testing an access-request user without the debugging mode
Hello Guys, I am new in Freeradius server and also in linux and I need your help regarding the functionality of the server. I am currently using freeradius version 2.2.3 and my desktop computer is running the CentOS 6.4 linux operating. First of all, I've downloaded the uncompressed freeradius software package (freeradius-server-2.2.3.tar) from the freeradius website: http://www.freeradius.org from source code in the tar format. Then after I had to create a folder using CentOS linux in order to the freeradius server source code package to the folder, uncompressed and installed on the computer. After copied to the folder, I used the tar commands to uncompress the source code package and install it on the computer using #./configure, #make and #make install commands from the INSTALL file of the uncompressed server package. After installed, the configurations files of the RADIUS SERVER were found under /usr/local/etc/raddb directory path. i tested the server on the debugging mode using radiusd -X and at the end of the output i saw this line " Ready to process requests". I have first created a user inside the users file and I did the normal default testing with the debugging mode and the user was accepted. After that i change the clients.conf file putting my shared key and the IP Address of the switch and also configure ssh on the server side I have done the AAA , Radius and SSH configurations on the switch, then I used Putty on another computer to access to the server by putting the IP address of the switch . Is this the right way to access the server ? i ran the debugging mode on the server and try to access using putty on another PC . here is the result i got this : rad_recv: Accounting-Request packet from host 192.168.9.26 port 5001, id=151, length=122 User-Name = "testing" NAS-Identifier = "002389550a92" NAS-Port = 16781313 NAS-Port-Type = Ethernet Calling-Station-Id = "0000-0000-0000" Acct-Status-Type = Start Acct-Authentic = RADIUS Acct-Session-Id = "1100030205009" Framed-IP-Address = 192.168.9.25 NAS-IP-Address = 192.168.9.26 Event-Timestamp = "Apr 2 2000 12:00:06 ICT" Service-Type = Login-User # Executing section preacct from file /usr/local/etc/raddb/sites-enabled/default +group preacct { ++[preprocess] = ok [acct_unique] Hashing 'NAS-Port = 16781313,NAS-Identifier = "002389550a92",NAS-IP-Address = 192.168.9.26,Acct-Session-Id = "1100030205009",User-Name = "testing"' [acct_unique] Acct-Unique-Session-ID = "6ff6addd9c912e31". ++[acct_unique] = ok [suffix] No '@' in User-Name = "testing", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] = noop ++[files] = noop +} # group preacct = ok # Executing section accounting from file /usr/local/etc/raddb/sites-enabled/default +group accounting { [detail] expand: %{Packet-Src-IP-Address} -> 192.168.9.26 [detail] expand: /usr/local/var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/detail-%Y%m%d -> /usr/local/var/log/radius/radacct/192.168.9.26/detail-20140310 [detail] /usr/local/var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/detail-%Y%m%d expands to /usr/local/var/log/radius/radacct/192.168.9.26/detail-20140310 [detail] expand: %t -> Mon Mar 10 13:12:05 2014 ++[detail] = ok ++[unix] = ok ++[exec] = noop [attr_filter.accounting_response] expand: %{User-Name} -> testing attr_filter: Matched entry DEFAULT at line 12 ++[attr_filter.accounting_response] = updated +} # group accounting = updated Sending Accounting-Response of id 151 to 192.168.9.26 port 5001 Finished request 1. Cleaning up request 1 ID 151 with timestamp +122 Going to the next request Waking up in 4.9 seconds. Cleaning up request 0 ID 10 with timestamp +122 Ready to process requests. then i stopped the debugging mode. and run the server using this commands [root@chris raddb]# service radiusd restart Stopping radiusd: [ OK ] Starting radiusd: [ OK ] on the user's PC side i got access denied and the server does not report on the radius.log file . please help me and also correct me where ever i went wrong. With Regards, Chris
Hi,
Stopping radiusd: [ OK ] Starting radiusd: [ OK ]
on the user's PC side i got access denied and the server does not report on the radius.log file . please help me and also correct me where ever i went wrong.
if everything works fine in the full debug mode, then the problem when running as a service is either a file permissions issue (since when you ran in debug mode things got written as 'root' user...now its trying to run as a non priv task - check the files its trying to write/access - AND check what the server says when run in foreground mod e(not full debug, just not as a background daemon). another issue may be eg SELinux - are you running selines ('getenforce' output will say Enforcing) - it may be that you need to use SELinux policy tools to allow certain things (wondering why you arent using the FreeRADIUS that comes as part of your distro in these early days of testing/getting familiar?) - you can validate this by temporarily turning off SELinux 'setenforce 0' - to see what happens alan
participants (2)
-
A.L.M.Buxey@lboro.ac.uk -
Hangi Christian