configuration
tnt at kalik.co.yu
tnt at kalik.co.yu
Fri Apr 20 12:36:45 CEST 2007
You are not sending gie.local to your IAS but dealing with them locally.
Change realm gie.local back to realm LOCAL and it should start to proxy
such requests.
Ivan Kalik
Kalik Informatika ISP
Dana 20/4/2007, "parfait kouassi nda" <ndaparfait at hotmail.com> piše:
>my last coonfiguration of these files is:
>radiusd.conf
>proxy_request = yes
>
>proxy.conf
>realm gie.local {
> type = radius
> authhost = LOCAL
> accthost = LOCAL
> }
>
>realm DEFAULT {
> type = radius
> authhost = araignee.gie.local:1812
> accthost = araignee.gie.local:1813
> secret = parfait
> nostrip
> }
>
>Clients.conf
>client 192.168.0.2 {
> secret = parfait
> shortname = araignee.gie.local
> }
>
>when i do configuration in all flies my freeradius reject my packets!
>this is the show of radiusd -X!
>
>Starting - reading configuration files ...
>reread_config: reading radiusd.conf
>Config: including file: /usr/local/etc/raddb/proxy.conf
>Config: including file: /usr/local/etc/raddb/clients.conf
>Config: including file: /usr/local/etc/raddb/snmp.conf
>Config: including file: /usr/local/etc/raddb/eap.conf
>main: prefix = "/usr/local"
>main: localstatedir = "/usr/local/var"
>main: logdir = "/usr/local/var/log/radius"
>main: libdir = "/usr/local/lib"
>main: radacctdir = "/usr/local/var/log/radius/radacct"
>main: hostname_lookups = no
>main: max_request_time = 30
>main: cleanup_delay = 5
>main: max_requests = 1024
>main: delete_blocked_requests = 0
>main: port = 1812
>main: allow_core_dumps = no
>main: log_stripped_names = yes
>main: log_file = "/usr/local/var/log/radius/radius.log"
>main: log_auth = yes
>main: log_auth_badpass = yes
>main: log_auth_goodpass = yes
>main: pidfile = "/usr/local/var/run/radiusd/radiusd.pid"
>main: user = "(null)"
>main: group = "nobody"
>main: usercollide = no
>main: lower_user = "no"
>main: lower_pass = "no"
>main: nospace_user = "no"
>main: nospace_pass = "no"
>main: checkrad = "/usr/local/sbin/checkrad"
>main: proxy_requests = yes
>proxy: retry_delay = 5
>proxy: retry_count = 3
>proxy: synchronous = no
>proxy: default_fallback = yes
>proxy: dead_time = 0
>proxy: post_proxy_authorize = no
>proxy: wake_all_if_all_dead = no
>security: max_attributes = 200
>security: reject_delay = 1
>security: status_server = no
>main: debug_level = 0
>read_config_files: reading dictionary
>read_config_files: reading naslist
>Using deprecated naslist file. Support for this will go away soon.
>read_config_files: reading clients
>read_config_files: reading realms
>radiusd: entering modules setup
>Module: Library search path is /usr/local/lib
>Module: Loaded exec
>exec: wait = yes
>exec: program = "(null)"
>exec: input_pairs = "request"
>exec: output_pairs = "(null)"
>exec: packet_type = "(null)"
>rlm_exec: Wait=yes but no output defined. Did you mean output=none?
>Module: Instantiated exec (exec)
>Module: Loaded expr
>Module: Instantiated expr (expr)
>Module: Loaded PAP
>pap: encryption_scheme = "crypt"
>Module: Instantiated pap (pap)
>Module: Loaded CHAP
>Module: Instantiated chap (chap)
>Module: Loaded System
>unix: cache = no
>unix: passwd = "(null)"
>unix: shadow = "(null)"
>unix: group = "(null)"
>unix: radwtmp = "/usr/local/var/log/radius/radwtmp"
>unix: usegroup = no
>unix: cache_reload = 600
>Module: Instantiated unix (unix)
>Module: Loaded eap
>eap: default_eap_type = "md5"
>eap: timer_expire = 60
>eap: ignore_unknown_eap_types = no
>eap: cisco_accounting_username_bug = no
>rlm_eap: Loaded and initialized type md5
>rlm_eap: Loaded and initialized type leap
>gtc: challenge = "Password: "
>gtc: auth_type = "PAP"
>rlm_eap: Loaded and initialized type gtc
>mschapv2: with_ntdomain_hack = no
>rlm_eap: Loaded and initialized type mschapv2
>Module: Instantiated eap (eap)
>Module: Loaded preprocess
>preprocess: huntgroups = "/usr/local/etc/raddb/huntgroups"
>preprocess: hints = "/usr/local/etc/raddb/hints"
>preprocess: with_ascend_hack = no
>preprocess: ascend_channels_per_line = 23
>preprocess: with_ntdomain_hack = no
>preprocess: with_specialix_jetstream_hack = no
>preprocess: with_cisco_vsa_hack = no
>Module: Instantiated preprocess (preprocess)
>Module: Loaded realm
>realm: format = "suffix"
>realm: delimiter = "@"
>realm: ignore_default = no
>realm: ignore_null = no
>Module: Instantiated realm (suffix)
>Module: Loaded Acct-Unique-Session-Id
>acct_unique: key = "User-Name, Acct-Session-Id, NAS-IP-Address,
>Client-IP-Address, NAS-Port"
>Module: Instantiated acct_unique (acct_unique)
>Module: Loaded detail
>detail: detailfile =
>"/usr/local/var/log/radius/radacct/%{Client-IP-Address}/detail-%Y%m%d"
>detail: detailperm = 384
>detail: dirperm = 493
>detail: locking = no
>Module: Instantiated detail (detail)
>Module: Loaded radutmp
>radutmp: filename = "/usr/local/var/log/radius/radutmp"
>radutmp: username = "%{User-Name}"
>radutmp: case_sensitive = yes
>radutmp: check_with_nas = yes
>radutmp: perm = 384
>radutmp: callerid = yes
>Module: Instantiated radutmp (radutmp)
>Listening on authentication *:1812
>Listening on accounting *:1813
>Listening on proxy *:1814
>Ready to process requests.
>
>
>rad_recv: Access-Request packet from host 192.168.3.1:1812, id=19,
>length=130
> NAS-IP-Address = 192.168.3.1
> NAS-Port = 50001
> NAS-Port-Type = Ethernet
> User-Name = "picasso at gie.local"
> Calling-Station-Id = "00-A0-C9-DE-7A-FE"
> Service-Type = Framed-User
> Framed-MTU = 1000
> EAP-Message = 0x02020016017069636173736f406769652e6c6f63616c
> Message-Authenticator = 0x5aa9378c210f3cc9896ff7a4742bce77
> Processing the authorize section of radiusd.conf
>modcall: entering group authorize for request 0
> modcall[authorize]: module "preprocess" returns ok for request 0
> modcall[authorize]: module "chap" returns noop for request 0
> rlm_realm: Looking up realm "gie.local" for User-Name =
>"picasso at gie.local"
> rlm_realm: Found realm "gie.local"
> rlm_realm: Proxying request from user picasso to realm gie.local
> rlm_realm: Adding Realm = "gie.local"
> rlm_realm: Authentication realm is LOCAL.
> modcall[authorize]: module "suffix" returns noop for request 0
> rlm_eap: EAP packet type response id 2 length 22
> rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
> modcall[authorize]: module "eap" returns updated for request 0
>modcall: leaving group authorize (returns updated) for request 0
> rad_check_password: Found Auth-Type EAP
>auth: type "EAP"
> Processing the authenticate section of radiusd.conf
>modcall: entering group authenticate for request 0
> rlm_eap: EAP Identity
> rlm_eap: processing type md5
>rlm_eap_md5: Issuing Challenge
> modcall[authenticate]: module "eap" returns handled for request 0
>modcall: leaving group authenticate (returns handled) for request 0
>Sending Access-Challenge of id 19 to 192.168.3.1 port 1812
> EAP-Message = 0x01030016041014292e9e4d0f780980b96f3ad2459504
> Message-Authenticator = 0x00000000000000000000000000000000
> State = 0x020f058ccb95cbc717c1bb0f624b681b
>Finished request 0
>Going to the next request
>--- Walking the entire request list ---
>Waking up in 6 seconds...
>rad_recv: Access-Request packet from host 192.168.3.1:1812, id=20,
>length=165
> NAS-IP-Address = 192.168.3.1
> NAS-Port = 50001
> NAS-Port-Type = Ethernet
> User-Name = "picasso at gie.local"
> Calling-Station-Id = "00-A0-C9-DE-7A-FE"
> Service-Type = Framed-User
> Framed-MTU = 1000
> State = 0x020f058ccb95cbc717c1bb0f624b681b
> EAP-Message =
>0x020300270410e10ab8e5381c81c7806d8dbe102936fa7069636173736f406769652e6c6f63616c
> Message-Authenticator = 0xd4268d3dbb7397a0ff40d4c74b040f9d
> Processing the authorize section of radiusd.conf
>modcall: entering group authorize for request 1
> modcall[authorize]: module "preprocess" returns ok for request 1
> modcall[authorize]: module "chap" returns noop for request 1
> rlm_realm: Looking up realm "gie.local" for User-Name =
>"picasso at gie.local"
> rlm_realm: Found realm "gie.local"
> rlm_realm: Proxying request from user picasso to realm gie.local
> rlm_realm: Adding Realm = "gie.local"
> rlm_realm: Authentication realm is LOCAL.
> modcall[authorize]: module "suffix" returns noop for request 1
> rlm_eap: EAP packet type response id 3 length 39
> rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
> modcall[authorize]: module "eap" returns updated for request 1
>modcall: leaving group authorize (returns updated) for request 1
> rad_check_password: Found Auth-Type EAP
>auth: type "EAP"
> Processing the authenticate section of radiusd.conf
>modcall: entering group authenticate for request 1
> rlm_eap: Request found, released from the list
> rlm_eap: EAP/md5
> rlm_eap: processing type md5
>rlm_eap_md5: User-Password is required for EAP-MD5 authentication
>rlm_eap: Handler failed in EAP/md5
> rlm_eap: Failed in EAP select
> modcall[authenticate]: module "eap" returns invalid for request 1
>modcall: leaving group authenticate (returns invalid) for request 1
>auth: Failed to validate the user.
>Login incorrect: [picasso at gie.local/<no User-Password attribute>] (from
>client Switch port 50001 cli 00-A0-C9-DE-7A-FE)
>Delaying request 1 for 1 seconds
>Finished request 1
>Going to the next request
>Waking up in 6 seconds...
>rad_recv: Access-Request packet from host 192.168.3.1:1812, id=20,
>length=165
>Sending Access-Reject of id 20 to 192.168.3.1 port 1812
> EAP-Message = 0x04030004
> Message-Authenticator = 0x00000000000000000000000000000000
>--- Walking the entire request list ---
>Waking up in 1 seconds...
>--- Walking the entire request list ---
>Cleaning up request 0 ID 19 with timestamp 46288d79
>Cleaning up request 1 ID 20 with timestamp 46288d79
>Nothing to do. Sleeping until we see a request.
>
>_________________________________________________________________
>MSN Hotmail : créez votre adresse e-mail gratuite & ŕ vie !
>http://www.msn.fr/newhotmail/Default.asp?Ath=f
>
>-
>List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>
>
More information about the Freeradius-Users
mailing list