hi [root@localhost sbin]# radiusd -X Starting - reading configuration files ... reread_config: reading radiusd.conf Config: including file: /etc/raddb/proxy.conf Config: including file: /etc/raddb/clients.conf Config: including file: /etc/raddb/snmp.conf Config: including file: /etc/raddb/eap.conf Config: including file: /etc/raddb/sql.conf main: prefix = \"/usr/local\" main: localstatedir = \"/usr/local/var\" main: logdir = \"/usr/local/var/log/radius\" SO my log directory is /usr/local/var/log/radius But in that file i am not getting any logs.Do i need to configure anything other than this. To: FreeRadius users mailing list <freeradius-users@lists.freeradius.org> Message-ID: <50340.98343.qm@web26004.mail.ukl.yahoo.com> Content-Type: text/plain; charset=\"iso-8859-1\" There is log file. Check your configure log to find out the path you specified for the log. You can also run in debug mode. radiusd - Regards Anoop Quoting freeradius-users-request@lists.freeradius.org:
Send Freeradius-Users mailing list submissions to freeradius-users@lists.freeradius.org
To subscribe or unsubscribe via the World Wide Web, visit http://lists.freeradius.org/mailman/listinfo/freeradius-users or, via email, send a message with subject or body \'help\' to freeradius-users-request@lists.freeradius.org
You can reach the person managing the list at freeradius-users-owner@lists.freeradius.org
When replying, please edit your Subject line so it is more specific than \"Re: Contents of Freeradius-Users digest...\"
Today\'s Topics:
1. FreeRadius and User-Password from Cisco Device (nicolaskarp@free.fr) 2. How to configure EAP Identity in 1.1.3 (Govardhana K N) 3. Re: FreeRadius and User-Password from Cisco Device (Stefan Winter) 4. Re : EAP-TLS authentication (Eshun Benjamin)
----------------------------------------------------------------------
Message: 1 Date: Mon, 16 Jul 2007 12:16:22 +0200 From: nicolaskarp@free.fr Subject: FreeRadius and User-Password from Cisco Device To: freeradius-users@lists.freeradius.org Message-ID: <1184580982.469b457602cb2@imp.free.fr> Content-Type: text/plain; charset=ISO-8859-1
Hello,
Here a access-request packet from a Cisco Router (2621) : NAS-IP-Address = \"IP_NAS\" NAS-Port = 66 NAS-Port-Type = Virtual User-Name = \"MyUserLogin\" Calling-Station-Id = \"IP NAS\" User-Password = \"ryMyPass/WordHashNotPlainText`\"
Why is my password not in plain text ? With other cisco devices (Switch 2960 for example), the User-Password is in plain text.. If I receive a hashed password, the authentication doesn\'t work..
My AAA configuration : aaa new-model aaa authentication login default group radius line aaa authentication login console line aaa authorization exec default group radius none aaa authorization network default group radius aaa accounting exec default start-stop group radius aaa accounting connection default start-stop group radius
What can I do ?
Thanks for your help !
Nicos.
------------------------------
Message: 2 Date: Mon, 16 Jul 2007 15:54:09 +0530 From: \"Govardhana K N\" <govardhan.nagarajaiah@gmail.com> Subject: How to configure EAP Identity in 1.1.3 To: FreeRadius <freeradius-users@lists.freeradius.org> Message-ID: <5f382300707160324s57339da5nc72c934408d4c971@mail.gmail.com> Content-Type: text/plain; charset=\"iso-8859-1\"
Hi,
I was trying to configure FreeRadius server with EAP authentication. AS mentioned in \"eap.conf\", I didn\'t change the Auth-Type, but I was sending a EAP message, and Message-Authenticator attributes in Access-Request. When i tried sending an Access-Request with EAP-Message, I got the following error \"rlm_eap: Identity Unknown, authentication failed\".
How to configure the Identity for EAP?
debug log from server: ---------------------------------
Starting - reading configuration files ... reread_config: reading radiusd.conf Config: including file: /etc/freeradius/proxy.conf Config: including file: /etc/freeradius/clients.conf Config: including file: /etc/freeradius/snmp.conf Config: including file: /etc/freeradius/eap.conf Config: including file: /etc/freeradius/sql.conf main: prefix = \"/usr\" main: localstatedir = \"/var\" main: logdir = \"/var/log/freeradius\" main: libdir = \"/usr/lib/freeradius\" main: radacctdir = \"/var/log/freeradius/radacct\" main: hostname_lookups = no main: max_request_time = 30 main: cleanup_delay = 5 main: max_requests = 1024 main: delete_blocked_requests = 0 main: port = 1812 main: allow_core_dumps = no main: log_stripped_names = yes main: log_file = \"/var/log/freeradius/radius.log\" main: log_auth = no main: log_auth_badpass = no main: log_auth_goodpass = no main: pidfile = \"/var/run/freeradius/freeradius.pid\" main: bind_address = 127.0.0.1 IP address [127.0.0.1] main: user = \"freerad\" main: group = \"freerad\" main: usercollide = no main: lower_user = \"no\" main: lower_pass = \"no\" main: nospace_user = \"no\" main: nospace_pass = \"no\" main: checkrad = \"/usr/sbin/checkrad\" main: proxy_requests = no proxy: retry_delay = 5 proxy: retry_count = 3 proxy: synchronous = no proxy: default_fallback = yes proxy: dead_time = 120 proxy: post_proxy_authorize = no proxy: wake_all_if_all_dead = no security: max_attributes = 200 security: reject_delay = 1 security: status_server = no main: debug_level = 0 read_config_files: reading dictionary read_config_files: reading naslist Using deprecated naslist file. Support for this will go away soon. read_config_files: reading clients read_config_files: reading realms radiusd: entering modules setup Module: Library search path is /usr/lib/freeradius Module: Loaded exec exec: wait = no exec: program = \"(null)\" exec: input_pairs = \"request\" exec: output_pairs = \"(null)\" exec: packet_type = \"(null)\" Module: Instantiated exec (exec) Module: Loaded expr Module: Instantiated expr (expr) Module: Loaded PAP pap: encryption_scheme = \"crypt\" Module: Instantiated pap (pap) Module: Loaded CHAP Module: Instantiated chap (chap) Module: Loaded MS-CHAP mschap: use_mppe = yes mschap: require_encryption = no mschap: require_strong = no mschap: with_ntdomain_hack = no mschap: passwd = \"(null)\" mschap: ntlm_auth = \"(null)\" Module: Instantiated mschap (mschap) Module: Loaded System unix: cache = no unix: passwd = \"/etc/passwd\" unix: shadow = \"/etc/shadow\" unix: group = \"/etc/group\" unix: radwtmp = \"/var/log/freeradius/radwtmp\" unix: usegroup = no unix: cache_reload = 600 Module: Instantiated unix (unix) Module: Loaded eap eap: default_eap_type = \"md5\" eap: timer_expire = 60 eap: ignore_unknown_eap_types = no eap: cisco_accounting_username_bug = no rlm_eap: Loaded and initialized type md5 rlm_eap: Loaded and initialized type leap gtc: challenge = \"Password: \" gtc: auth_type = \"PAP\" rlm_eap: Loaded and initialized type gtc mschapv2: with_ntdomain_hack = no rlm_eap: Loaded and initialized type mschapv2 Module: Instantiated eap (eap) Module: Loaded preprocess preprocess: huntgroups = \"/etc/freeradius/huntgroups\" preprocess: hints = \"/etc/freeradius/hints\" preprocess: with_ascend_hack = no preprocess: ascend_channels_per_line = 23 preprocess: with_ntdomain_hack = no preprocess: with_specialix_jetstream_hack = no preprocess: with_cisco_vsa_hack = no preprocess: with_alvarion_vsa_hack = no Module: Instantiated preprocess (preprocess) Module: Loaded realm realm: format = \"suffix\" realm: delimiter = \"@\" realm: ignore_default = no realm: ignore_null = no Module: Instantiated realm (suffix) Module: Loaded files files: usersfile = \"/etc/freeradius/users\" files: acctusersfile = \"/etc/freeradius/acct_users\" files: preproxy_usersfile = \"/etc/freeradius/preproxy_users\" files: compat = \"no\" Module: Instantiated files (files) Module: Loaded Acct-Unique-Session-Id acct_unique: key = \"User-Name, Acct-Session-Id, NAS-IP-Address, Client-IP-Address, NAS-Port\" Module: Instantiated acct_unique (acct_unique) Module: Loaded detail detail: detailfile = \"/var/log/freeradius/radacct/%{Client-IP-Address}/detail-%Y%m%d\" detail: detailperm = 384 detail: dirperm = 493 detail: locking = no Module: Instantiated detail (detail) Module: Loaded radutmp radutmp: filename = \"/var/log/freeradius/radutmp\" radutmp: username = \"%{User-Name}\" radutmp: case_sensitive = yes radutmp: check_with_nas = yes radutmp: perm = 384 radutmp: callerid = yes Module: Instantiated radutmp (radutmp) Listening on authentication 127.0.0.1:1812 Listening on accounting 127.0.0.1:1813 Ready to process requests. rad_recv: Access-Request packet from host 127.0.0.1:32813, id=179, length=95 User-Name = \"jrc\" NAS-Identifier = \"jrcnas\" NAS-Port-Type = Ethernet CUI = \"0\" Service-Type = Framed-User Framed-MTU = 1400 Calling-Station-Id = \"1:1:1:1:1:1\" EAP-Message = 0x01100008016a7263 Message-Authenticator = 0x64c5851b699cd2c027877bbb94fe7f8b Processing the authorize section of radiusd.conf modcall: entering group authorize for request 0 modcall[authorize]: module \"preprocess\" returns ok for request 0 modcall[authorize]: module \"chap\" returns noop for request 0 modcall[authorize]: module \"mschap\" returns noop for request 0 rlm_realm: No \'@\' in User-Name = \"jrc\", looking up realm NULL rlm_realm: No such realm \"NULL\" modcall[authorize]: module \"suffix\" returns noop for request 0 rlm_eap: EAP packet type request id 16 length 8 rlm_eap: No EAP Start, assuming it\'s an on-going EAP conversation modcall[authorize]: module \"eap\" returns updated for request 0 users: Matched entry DEFAULT at line 152 users: Matched entry jrc at line 178 modcall[authorize]: module \"files\" returns ok for request 0 modcall: leaving group authorize (returns updated) for request 0 rad_check_password: Found Auth-Type EAP auth: type \"EAP\" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 0 rlm_eap: Identity Unknown, authentication failed rlm_eap: Failed in handler modcall[authenticate]: module \"eap\" returns invalid for request 0 modcall: leaving group authenticate (returns invalid) for request 0 auth: Failed to validate the user. Delaying request 0 for 1 seconds Finished request 0 Going to the next request --- Walking the entire request list --- Waking up in 1 seconds... --- Walking the entire request list --- Waking up in 1 seconds... --- Walking the entire request list --- Sending Access-Reject of id 179 to 127.0.0.1 port 32813 Waking up in 4 seconds... --- Walking the entire request list --- Cleaning up request 0 ID 179 with timestamp 469b9233 Nothing to do. Sleeping until we see a request.
debug log from Client: -------------------------------------
cheux301:/home/govardhana# radeapclient -x localhost auth jrcsecret <access-request
+++> About to send encoded packet: User-Name = \"jrc\" NAS-Identifier = \"jrcnas\" NAS-Port-Type = Ethernet CUI = \"0\" Service-Type = Framed-User Framed-MTU = 1400 Calling-Station-Id = \"1:1:1:1:1:1\" EAP-Message = 0x01100008016a7263 Message-Authenticator = 0x00 Sending Access-Request of id 179 to 127.0.0.1 port 1812 User-Name = \"jrc\" NAS-Identifier = \"jrcnas\" NAS-Port-Type = Ethernet CUI = \"0\" Service-Type = Framed-User Framed-MTU = 1400 Calling-Station-Id = \"1:1:1:1:1:1\" EAP-Message = 0x01100008016a7263 Message-Authenticator = 0x00000000000000000000000000000000 rad_recv: Access-Reject packet from host 127.0.0.1:1812, id=179, length=20 rlm_eap: EAP-Message not found <+++ EAP decoded packet:
Thanks & Regards, Govardhana K N
-- With Regards, Govardhana K N
participants (2)
-
anoop_c@sifycorp.com -
tnt@kalik.co.yu