Freeradius probleming help me

Alhagie Puye APuye at datawave.com
Tue Jan 3 18:21:28 CET 2006


Which port is your Dlink switch sending radius packet to? Most "new"
devices use 1812 instead of 1645. Please investigate that first...

If the Dlink is sending to port 1812, then just make sure you have "port
= 0" in the radiusd.conf file. This will take care of that problem.

Both devices have to be talking through the same port.

Hope that helps.

Alhagie Puye - Network Engineer
Datawave Group of Companies
(604)295-1817  

> >-----Original Message-----
> >From: 
> >freeradius-users-bounces+apuye=datawave.com at lists.freeradius.
> >org 
> >[mailto:freeradius-users-bounces+apuye=datawave.com at lists.fre
> >eradius.org] On Behalf Of Kai Geek
> >Sent: January 3, 2006 12:10 AM
> >To: freeradius-users at lists.freeradius.org
> >Subject: Freeradius probleming help me
> >
> >Hello,
> >
> >root at kaigeek:/etc/raddb# radiusd -p 1645
> >Ignoring deprecated command-line option -pTue Jan  3 
> >10:06:51 2006 : Info: Starting - reading configuration files ...
> >
> >why problem on radiusd ?
> >
> >root at kaigeek:/etc/raddb# radiusd -X
> >Starting - reading configuration files ...
> >reread_config:  reading radiusd.conf
> >Config:   including file: /etc/raddb/clients.conf
> >Config:   including file: /etc/raddb/eap.conf
> >Config:   including file: /etc/raddb/sql.conf
> > main: prefix = "/usr/local"
> > main: localstatedir = "/var"
> > main: logdir = "/var/log/radius"
> > main: libdir = "/usr/local/lib"
> > main: radacctdir = "/var/log/radius/radacct"
> > main: hostname_lookups = no
> > main: max_request_time = 30
> > main: cleanup_delay = 5
> > main: max_requests = 1024
> > main: delete_blocked_requests = 0
> > main: port = 1645
> > main: allow_core_dumps = no
> > main: log_stripped_names = no
> > main: log_file = "/var/log/radius/radius.log"
> > main: log_auth = yes
> > main: log_auth_badpass = no
> > main: log_auth_goodpass = no
> > main: pidfile = "/var/run/radiusd/radiusd.pid"
> > main: bind_address = 10.0.0.6 IP address [10.0.0.6]
> > main: user = "root"
> > main: group = "(null)"
> > main: usercollide = no
> > main: lower_user = "no"
> > main: lower_pass = "no"
> > main: nospace_user = "no"
> > main: nospace_pass = "no"
> > main: checkrad = "/usr/local/sbin/checkrad"
> > main: proxy_requests = yes
> > security: max_attributes = 200
> > security: reject_delay = 1
> > security: status_server = no
> > main: debug_level = 0
> >read_config_files:  reading dictionary
> >read_config_files:  reading naslist
> >Using deprecated naslist file.  Support for this will go away soon.
> >read_config_files:  reading clients
> >read_config_files:  reading realms
> >radiusd:  entering modules setup
> >Module: Library search path is /usr/local/lib
> >Module: Loaded exec
> > exec: wait = yes
> > exec: program = "(null)"
> > exec: input_pairs = "request"
> > exec: output_pairs = "(null)"
> > exec: packet_type = "(null)"
> >rlm_exec: Wait=yes but no output defined. Did you mean output=none?
> >Module: Instantiated exec (exec)
> >Module: Loaded expr
> >Module: Instantiated expr (expr)
> >Module: Loaded PAP
> > pap: encryption_scheme = "crypt"
> >Module: Instantiated pap (pap)
> >Module: Loaded CHAP
> >Module: Instantiated chap (chap)
> >Module: Loaded MS-CHAP
> > mschap: use_mppe = yes
> > mschap: require_encryption = no
> > mschap: require_strong = no
> > mschap: with_ntdomain_hack = no
> > mschap: passwd = "(null)"
> > mschap: authtype = "MS-CHAP"
> > mschap: ntlm_auth = "(null)"
> >Module: Instantiated mschap (mschap)
> >Module: Loaded DIGEST
> >Module: Instantiated digest (digest)
> >Module: Loaded System
> > unix: cache = no
> > unix: passwd = "(null)"
> > unix: shadow = "(null)"
> > unix: group = "(null)"
> > unix: radwtmp = "/var/log/radius/radwtmp"
> > unix: usegroup = no
> > unix: cache_reload = 600
> >Module: Instantiated unix (unix)
> >Module: Loaded eap
> > eap: default_eap_type = "md5"
> > eap: timer_expire = 60
> > eap: ignore_unknown_eap_types = no
> > eap: cisco_accounting_username_bug = no
> >rlm_eap: Loaded and initialized type md5
> >rlm_eap: Loaded and initialized type leap
> > gtc: challenge = "Password: "
> > gtc: auth_type = "PAP"
> >rlm_eap: Loaded and initialized type gtc
> > mschapv2: with_ntdomain_hack = no
> >rlm_eap: Loaded and initialized type mschapv2
> >Module: Instantiated eap (eap)
> >Module: Loaded detail
> > detail: detailfile = 
> >"/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d"
> > detail: detailperm = 384
> > detail: dirperm = 493
> > detail: locking = no
> >Module: Instantiated detail (auth_log)
> >Module: Loaded attr_filter
> > attr_filter: attrsfile = "/etc/raddb/attrs"
> > rlm_attr_filter: Authorize method will be deprecated.
> >Module: Instantiated attr_filter (attr_filter)
> >Module: Loaded realm
> > realm: format = "suffix"
> > realm: delimiter = "@"
> > realm: ignore_default = no
> > realm: ignore_null = no
> >Module: Instantiated realm (suffix)
> >Module: Loaded files
> > files: usersfile = "/etc/raddb/users"
> > files: acctusersfile = "/etc/raddb/acct_users"
> > files: preproxy_usersfile = "/etc/raddb/preproxy_users"
> > files: compat = "no"
> >Module: Instantiated files (files)
> >Module: Loaded Acct-Unique-Session-Id
> > acct_unique: key = "User-Name, Acct-Session-Id, 
> >NAS-IP-Address, Client-IP-Address, NAS-Port"
> >Module: Instantiated acct_unique (acct_unique)
> > detail: detailfile = 
> >"/var/log/radius/radacct/%{Client-IP-Address}/detail-%Y%m%d"
> > detail: detailperm = 384
> > detail: dirperm = 493
> > detail: locking = no
> >Module: Instantiated detail (detail)
> >Module: Loaded radutmp
> > radutmp: filename = "/var/log/radius/radutmp"
> > radutmp: username = "%{User-Name}"
> > radutmp: case_sensitive = yes
> > radutmp: check_with_nas = yes
> > radutmp: perm = 384
> > radutmp: callerid = yes
> >Module: Instantiated radutmp (radutmp)
> >Listening on authentication 10.0.0.6:1645
> >Listening on accounting 10.0.0.6:1646
> >Listening on proxy 10.0.0.6:1647
> >Ready to process requests.
> >
> >
> >
> >#vi users
> >steve            Auth-Type := System
> >                 Service-Type = Shell-User,
> >                 Login-Service = Telnet,
> >                 Login-IP-Host = 0.0.0.0,
> >                 Login-TCP-Port = Telnet
> >
> >#vi clients.conf
> >client 10.0.0.250 {
> >         secret      = 250
> >         shortname   = switch
> >          nastype    = dlink
> >}
> >
> >
> >
> >i am not authentication radius server and dlink switch.
> >what is problem ?
> >
> >#pico /etc/services
> ># IMPORTANT NOTE: Ports 1645/1646 are the traditional radius 
> >ports used by
> ># many vendors without obtaining official IANA assignment.  
> >The official
> ># assignment is now ports 1812/1813 and users are encouraged 
> >to migrate
> ># when possible to these new ports.
> >radius          1645/udp   #RADIUS authentication protocol (old)
> >radacct         1646/udp   #RADIUS accounting protocol (old)
> >
> >
> >
> >help me please...
> >
> >+-+-+-+ BEGIN PGP SIGNATURE +-+-+-+
> >Version: GnuPG v1.4.2 (GNU/Linux)
> >   .-.      .-.    _              
> >   : :      : :   :_;             
> > .-' : .--. : `-. .-. .--.  ,-.,-.
> >' .; :' '_.'' .; :: :' .; ; : ,. :
> >`.__.'`.__.'`.__.':_;`.__,_;:_;:_;
> >
> >Kai "Ozgur" Geek
> >Network Engineer
> >PGP ID: B1B63B6E
> >+-+-+-+ END PGP SIGNATURE +-+-+-+
> >
> >
> >-- 
> >_______________________________________________
> >Check out the latest SMS services @ http://www.linuxmail.org
> >This allows you to send and receive SMS through your mailbox.
> >
> >Powered by Outblaze
> >
> >- 
> >List info/subscribe/unsubscribe? See 
> >http://www.freeradius.org/list/users.html
> >


This message (including any attachments) is confidential, may be privileged and is only intended for the person to whom it is addressed.  If you have received it by mistake please notify the sender by return e-mail and delete this message from your system.  Any unauthorized use or dissemination of this message in whole or in part is strictly prohibited.  E-mail communications are inherently vulnerable to interception by unauthorized parties and are susceptible to change.  We will use alternate communication means upon request.




More information about the Freeradius-Users mailing list