Hi, I set up the following config, tried to follow the advices of freeradius website (don't touch anything you could break in the raddb directory ;-) ) The config (in french, sorry) i used : http://www.openbsd-edu.net/index.php/FreeRadius FreeRadius OS: OpenBSD 4.5 freeradius-2.1.3 RADIUS server implementation 192.168.1.9 & 172.16.0.133 AP : Linksys WRT54G WPA Entreprise & TKIP 192.168.1.1 Client WinXP; SP2 DHCP On the server : pkg_add -v http://ftp.arcane-networks.fr/pub/OpenBSD/$(uname -r)/packages/$(uname -m)/freeradius echo "if [ -x /usr/local/sbin/radiusd ]; then install -d -o _freeradius /var/run/radiusd echo -n ' radiusd'; /usr/local/sbin/radiusd fi " >> /etc/rc.local cp radius.pem /etc/raddb/certs/server.pem chmod 744 /etc/raddb/certs/server.pem cp ca.pem /etc/raddb/certs/ca.pem chmod 744 /etc/raddb/certs/ca.pem openssl verify -verbose -CApath /etc/raddb/certs/ -CAfile /etc/raddb/certs/ca.pem /etc/raddb/certs/server.pem => /etc/raddb/certs/server.pem: OK dd if=/dev/urandom of=/etc/raddb/certs/random bs=1024 count=100 openssl dhparam -out /etc/raddb/certs/dh 1024 echo " usertest Cleartext-Password := \"password\" " >> /etc/raddb/users echo " #Nagios client Nagios { secret = SECRETNAGIOS shortname = Nagios ipaddr = @IP NAgios } #Wifi AP3 client AP3 { secret = \"SECRET_AP3\" shortname = AP3 ipaddr = @IP AP3 nastype = other } # En local client localhost { ipaddr = 127.0.0.1 secret = \"SECRETLOCAL\" require_message_authenticator = no shortname = localhost nastype = other } " > /etc/raddb/clients.conf ifconfig em0 alias 192.168.1.9 netmask 255.255.255.0 ifconfig -a =>em0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500 =>inet 172.16.0.223 netmask 0xffff0000 broadcast 172.16.255.255 =>inet 192.168.1.9 netmask 0xffffff00 broadcast 192.168.1.255 /usr/local/sbin/radiusd -X radtest local & radtest remote are OK for the local and Nagios clients. Let's go to the XP... When i try to use the Wifi, the radiusd -X tells : .......I paste the logs to http://networkradius.com/freeradius.html and only copied the neither white nor blue parts : WARNING: You set Proxy-To-Realm = LOCAL, but the realm does not exist! Cancelling invalid proxy request. No authenticate method (Auth-Type) configuration found for the request: Rejecting the user Failed to authenticate the user. grep roxy * |grep -v "#" attrs.access_reject: Proxy-State =* ANY attrs.accounting_response: Proxy-State =* ANY experimental.conf: mod_preproxy = radiusd_test experimental.conf: func_preproxy = preproxy experimental.conf: mod_postproxy = radiusd_test experimental.conf: func_postproxy = postproxy proxy.conf:proxy server { radiusd.conf:proxy_requests = no What is the missing magic command which could help me ?? Thanks. Best regards. -- Lycée polyvalent Alfred Nobel, Clichy sous Bois http://www.lyceenobel.org
Philippe Schwarz wrote:
I set up the following config, tried to follow the advices of freeradius website (don't touch anything you could break in the raddb directory ;-) )
That's good.
The config (in french, sorry) i used : http://www.openbsd-edu.net/index.php/FreeRadius
Hmm.. that doesn't look all correct. The certificate stuff isn't necessary in 2.1.3.
When i try to use the Wifi, the radiusd -X tells :
.......I paste the logs to http://networkradius.com/freeradius.html and only copied the neither white nor blue parts :
WARNING: You set Proxy-To-Realm = LOCAL, but the realm does not exist! Cancelling invalid proxy request. No authenticate method (Auth-Type) configuration found for the request: Rejecting the user Failed to authenticate the user.
You didn't specify a password for the user.
What is the missing magic command which could help me ??
Specify a password, as suggested in: Les fichiers importants users on the OpenBSD page you used. Alan DeKok.
Le 04/05/2010 19:05, Alan DeKok a écrit :
Philippe Schwarz wrote:
The config (in french, sorry) i used : http://www.openbsd-edu.net/index.php/FreeRadius
Hmm.. that doesn't look all correct. The certificate stuff isn't necessary in 2.1.3. Ok, but it's useless only; i can keep it that way , right ?
..>> Failed to authenticate the user.
You didn't specify a password for the user.
Oh! I should have read more carefully.. I thought i 'd have a popup for login,pass later..
What is the missing magic command which could help me ??
Specify a password, as suggested in:
Les fichiers importants users
OK, but my users are stored in a LDAP/samba Backend; i'll give it a try soon. BTW, the password is one-way encrypted, and tried echo -n 'user::Password' | md5 and paste the md5 to the users file, and ....did not work.. Maybe the null realm is the problem. Thanks. -- Lycée polyvalent Alfred Nobel, Clichy sous Bois http://www.lyceenobel.org
Philippe Schwarz wrote:
Ok, but it's useless only; i can keep it that way , right ?
"useless" means "confusing, unnecessary, and extra work". You should delete it.
..>> Failed to authenticate the user.
You didn't specify a password for the user. Oh! I should have read more carefully.. I thought i 'd have a popup for login,pass later..
Er... no. The *RADIUS* server doesn't know the correct password, so it can't authenticate the user.
OK, but my users are stored in a LDAP/samba Backend; i'll give it a try soon.
Take it one simple step at a time. Trying to configure everything all at once is a recipe for disaster.
BTW, the password is one-way encrypted, and tried
echo -n 'user::Password' | md5
and paste the md5 to the users file, and ....did not work..
<sigh> "I did stuff not recommended anywhere and it broke". Don't do that.
Maybe the null realm is the problem.
No. See the FAQ for an example of how to add a password. Alan DeKok.
participants (2)
-
Alan DeKok -
Philippe Schwarz