newbie question basic passwd authentication
Hi, I am a complete newbie with radius. I need to configure this for use with a PPTP VPN. The end goal will be that radius is running on a fedora box, and authenticates against a SMBPASSWD file. PPTPd needs chap. but I am getting ahead of myself, irst I need to get a basic system working. I installed the freeradius rpm, and tried to configure some things: file clients.conf: client 127.0.0.1 { secret = testing123 shortname = localhost nastype = other } client 192.168.1.0/24 { secret = testing123 shortname = localnet } File naslist: localhost local other File users: nothing changed, all seemed oke to me. file radius.conf: cutted away some text unix { cache = no cache_reload = 600 passwd = /etc/passwd shadow = /etc/shadow group = /etc/group } When I now start the daemon as root: # radiusd -sfxxyz -l stdout. When I tried to test it from the console again: radtest ramses "OfCourseThisShouldBeSomethingLessObvious" localhost 1 testing123 I see this at my console: rad_recv: Access-Request packet from host 127.0.0.1:32769, id=122, length=58 User-Name = "ramses" User-Password = "OfCourseThisShouldBeSomethingLessObvious" NAS-IP-Address = 255.255.255.255 NAS-Port = 1 Processing the authorize section of radiusd.conf modcall: entering group authorize for request 0 modcall[authorize]: module "preprocess" returns ok for request 0 modcall[authorize]: module "chap" returns noop for request 0 modcall[authorize]: module "mschap" returns noop for request 0 rlm_realm: No '@' in User-Name = "ramses", looking up realm NULL rlm_realm: No such realm "NULL" modcall[authorize]: module "suffix" returns noop for request 0 rlm_eap: No EAP-Message, not doing EAP modcall[authorize]: module "eap" returns noop for request 0 users: Matched DEFAULT at 152 modcall[authorize]: module "files" returns ok for request 0 modcall: group authorize returns ok for request 0 rad_check_password: Found Auth-Type System auth: type "System" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 0 rlm_unix: [ramses]: invalid password modcall[authenticate]: module "unix" returns reject for request 0 modcall: group authenticate returns reject for request 0 auth: Failed to validate the user. Delaying request 0 for 1 seconds Finished request 0 Going to the next request --- Walking the entire request list --- Waking up in 1 seconds... --- Walking the entire request list --- Waking up in 1 seconds... --- Walking the entire request list --- Sending Access-Reject of id 122 to 127.0.0.1:32769 Waking up in 4 seconds... --- Walking the entire request list --- Cleaning up request 0 ID 122 with timestamp 42ca3387 Nothing to do. Sleeping until we see a request. Ofcourse I tripple checked the typed in password, and I could find nothing wrong with that one. Now I think all I can do is shoult: HELPPPPPPP adoes anyone have any ideas? kind regards, Ramses
Solved this step: It turns out that radius user has no rights to read the shadow file (I feel stupid and will write 1000 lines "I will first check the filepermissions before shouting for help" ;) ) ramses
Hi,
I am a complete newbie with radius. I need to configure this for use with a PPTP VPN. The end goal will be that radius is running on a fedora box, and authenticates against a SMBPASSWD file. PPTPd needs chap.
but I am getting ahead of myself, irst I need to get a basic system working. I installed the freeradius rpm, and tried to configure some things:
file clients.conf: client 127.0.0.1 { secret = testing123 shortname = localhost nastype = other } client 192.168.1.0/24 { secret = testing123 shortname = localnet }
File naslist: localhost local other
File users: nothing changed, all seemed oke to me.
file radius.conf: cutted away some text unix { cache = no cache_reload = 600 passwd = /etc/passwd shadow = /etc/shadow group = /etc/group }
When I now start the daemon as root: # radiusd -sfxxyz -l stdout.
When I tried to test it from the console again: radtest ramses "OfCourseThisShouldBeSomethingLessObvious" localhost 1 testing123 I see this at my console:
rad_recv: Access-Request packet from host 127.0.0.1:32769, id=122, length=58 User-Name = "ramses" User-Password = "OfCourseThisShouldBeSomethingLessObvious" NAS-IP-Address = 255.255.255.255 NAS-Port = 1 Processing the authorize section of radiusd.conf modcall: entering group authorize for request 0 modcall[authorize]: module "preprocess" returns ok for request 0 modcall[authorize]: module "chap" returns noop for request 0 modcall[authorize]: module "mschap" returns noop for request 0 rlm_realm: No '@' in User-Name = "ramses", looking up realm NULL rlm_realm: No such realm "NULL" modcall[authorize]: module "suffix" returns noop for request 0 rlm_eap: No EAP-Message, not doing EAP modcall[authorize]: module "eap" returns noop for request 0 users: Matched DEFAULT at 152 modcall[authorize]: module "files" returns ok for request 0 modcall: group authorize returns ok for request 0 rad_check_password: Found Auth-Type System auth: type "System" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 0 rlm_unix: [ramses]: invalid password modcall[authenticate]: module "unix" returns reject for request 0 modcall: group authenticate returns reject for request 0 auth: Failed to validate the user. Delaying request 0 for 1 seconds Finished request 0 Going to the next request --- Walking the entire request list --- Waking up in 1 seconds... --- Walking the entire request list --- Waking up in 1 seconds... --- Walking the entire request list --- Sending Access-Reject of id 122 to 127.0.0.1:32769 Waking up in 4 seconds... --- Walking the entire request list --- Cleaning up request 0 ID 122 with timestamp 42ca3387 Nothing to do. Sleeping until we see a request.
Ofcourse I tripple checked the typed in password, and I could find nothing wrong with that one.
Now I think all I can do is shoult: HELPPPPPPP adoes anyone have any ideas?
kind regards,
Ramses - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Hi,
I am a complete newbie with radius. I need to configure this for use with a PPTP VPN. The end goal will be that radius is running on a fedora box, and authenticates against a SMBPASSWD file. PPTPd needs chap.
I used to run it againts smbpasswd, now I'm running against LDAP :-) samba and freeradius use the same password hashes. I can share configuration if You want.
but I am getting ahead of myself, irst I need to get a basic system working. I installed the freeradius rpm, and tried to configure some things:
file clients.conf: client 127.0.0.1 { secret = testing123 shortname = localhost nastype = other } client 192.168.1.0/24 { secret = testing123 shortname = localnet }
File naslist: localhost local other
File users: nothing changed, all seemed oke to me.
file radius.conf: cutted away some text unix { cache = no cache_reload = 600 passwd = /etc/passwd shadow = /etc/shadow group = /etc/group }
When I now start the daemon as root: # radiusd -sfxxyz -l stdout.
When I tried to test it from the console again: radtest ramses "OfCourseThisShouldBeSomethingLessObvious" localhost 1 testing123 I see this at my console:
rad_recv: Access-Request packet from host 127.0.0.1:32769, id=122, length=58 User-Name = "ramses" User-Password = "OfCourseThisShouldBeSomethingLessObvious" NAS-IP-Address = 255.255.255.255 NAS-Port = 1 Processing the authorize section of radiusd.conf modcall: entering group authorize for request 0 modcall[authorize]: module "preprocess" returns ok for request 0 modcall[authorize]: module "chap" returns noop for request 0 modcall[authorize]: module "mschap" returns noop for request 0 rlm_realm: No '@' in User-Name = "ramses", looking up realm NULL rlm_realm: No such realm "NULL" modcall[authorize]: module "suffix" returns noop for request 0 rlm_eap: No EAP-Message, not doing EAP modcall[authorize]: module "eap" returns noop for request 0 users: Matched DEFAULT at 152 modcall[authorize]: module "files" returns ok for request 0 modcall: group authorize returns ok for request 0 rad_check_password: Found Auth-Type System auth: type "System" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 0 rlm_unix: [ramses]: invalid password modcall[authenticate]: module "unix" returns reject for request 0 modcall: group authenticate returns reject for request 0 auth: Failed to validate the user. Delaying request 0 for 1 seconds Finished request 0 Going to the next request --- Walking the entire request list --- Waking up in 1 seconds... --- Walking the entire request list --- Waking up in 1 seconds... --- Walking the entire request list --- Sending Access-Reject of id 122 to 127.0.0.1:32769 Waking up in 4 seconds... --- Walking the entire request list --- Cleaning up request 0 ID 122 with timestamp 42ca3387 Nothing to do. Sleeping until we see a request.
Ofcourse I tripple checked the typed in password, and I could find nothing wrong with that one.
Now I think all I can do is shoult: HELPPPPPPP adoes anyone have any ideas?
kind regards,
Ramses - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
participants (2)
-
Ilia Chipitsine -
Ramses van Pinxteren