Freeradius 1.1.3 and Connectra

Joseph Parker joseph.parker at chathamnc.org
Wed Feb 7 22:08:28 CET 2007


I have got my radius server to do port based authentication with PEAP on
a cisco 3750 switch.  That works no problem.  I am trying to get
connectra to authenticate with it as well.   Every time that I try to
authenticate a user in Active Directory I get the following error
message.  What is different with Connectra vs. PEAP?  Thanks for any
help you can give me.

 

Starting - reading configuration files ...

reread_config:  reading radiusd.conf

Config:   including file: /etc/raddb/proxy.conf

Config:   including file: /etc/raddb/clients.conf

Config:   including file: /etc/raddb/snmp.conf

Config:   including file: /etc/raddb/eap.conf

 main: prefix = "/usr"

 main: localstatedir = "/var"

 main: logdir = "/var/log/radius"

 main: libdir = "/usr/lib"

 main: radacctdir = "/var/log/radius/radacct"

 main: hostname_lookups = no

 main: snmp = no

 main: max_request_time = 30

 main: cleanup_delay = 5

 main: max_requests = 1024

 main: delete_blocked_requests = 0

 main: port = 0

 main: allow_core_dumps = no

 main: log_stripped_names = no

 main: log_file = "/var/log/radius/radius.log"

 main: log_auth = no

 main: log_auth_badpass = no

 main: log_auth_goodpass = no

 main: pidfile = "/var/run/radiusd/radiusd.pid"

 main: user = "radiusd"

 main: group = "radiusd"

 main: usercollide = no

 main: lower_user = "no"

 main: lower_pass = "no"

 main: nospace_user = "no"

 main: nospace_pass = "no"

 main: checkrad = "/usr/sbin/checkrad"

 main: proxy_requests = yes

 proxy: retry_delay = 5

 proxy: retry_count = 3

 proxy: synchronous = no

 proxy: default_fallback = yes

 proxy: dead_time = 120

 proxy: post_proxy_authorize = no

 proxy: wake_all_if_all_dead = no

 security: max_attributes = 200

 security: reject_delay = 1

 security: status_server = no

 main: debug_level = 0

read_config_files:  reading dictionary

read_config_files:  reading naslist

Using deprecated naslist file.  Support for this will go away soon.

read_config_files:  reading clients

read_config_files:  reading realms

radiusd:  entering modules setup

Module: Library search path is /usr/lib

Module: Loaded exec 

 exec: wait = yes

 exec: program = "(null)"

 exec: input_pairs = "request"

 exec: output_pairs = "(null)"

 exec: packet_type = "(null)"

rlm_exec: Wait=yes but no output defined. Did you mean output=none?

Module: Instantiated exec (exec) 

Module: Loaded expr 

Module: Instantiated expr (expr) 

Module: Loaded PAP 

 pap: encryption_scheme = "crypt"

Module: Instantiated pap (pap) 

Module: Loaded CHAP 

Module: Instantiated chap (chap) 

Module: Loaded MS-CHAP 

 mschap: use_mppe = yes

 mschap: require_encryption = no

 mschap: require_strong = no

 mschap: with_ntdomain_hack = yes

 mschap: passwd = "(null)"

 mschap: ntlm_auth = "/usr/bin/ntlm_auth --request-nt-key
--domain=%{mschap:NT-Domain} --username=%{mschap:User-Name}
--challenge=%{mschap:Challenge:-00}
--nt-response=%{mschap:NT-Response:-00}"

Module: Instantiated mschap (mschap) 

Module: Loaded System 

 unix: cache = no

 unix: passwd = "(null)"

 unix: shadow = "/etc/shadow"

 unix: group = "(null)"

 unix: radwtmp = "/var/log/radius/radwtmp"

 unix: usegroup = no

 unix: cache_reload = 600

Module: Instantiated unix (unix) 

Module: Loaded eap 

 eap: default_eap_type = "peap"

 eap: timer_expire = 60

 eap: ignore_unknown_eap_types = no

 eap: cisco_accounting_username_bug = no

rlm_eap: Loaded and initialized type md5

rlm_eap: Loaded and initialized type leap

 gtc: challenge = "Password: "

 gtc: auth_type = "PAP"

rlm_eap: Loaded and initialized type gtc

 tls: rsa_key_exchange = no

 tls: dh_key_exchange = yes

 tls: rsa_key_length = 512

 tls: dh_key_length = 512

 tls: verify_depth = 0

 tls: CA_path = "(null)"

 tls: pem_file_type = yes

 tls: private_key_file = "/etc/raddb/certs/cert-srv.pem"

 tls: certificate_file = "/etc/raddb/certs/cert-srv.pem"

 tls: CA_file = "/etc/raddb/certs/demoCA/cacert.pem"

 tls: private_key_password = "whatever"

 tls: dh_file = "/etc/raddb/certs/dh"

 tls: random_file = "/etc/raddb/certs/random"

 tls: fragment_size = 1024

 tls: include_length = yes

 tls: check_crl = no

 tls: check_cert_cn = "(null)"

 tls: cipher_list = "(null)"

 tls: check_cert_issuer = "(null)"

rlm_eap_tls: Loading the certificate file as a chain

rlm_eap: Loaded and initialized type tls

 peap: default_eap_type = "mschapv2"

 peap: copy_request_to_tunnel = no

 peap: use_tunneled_reply = no

 peap: proxy_tunneled_request_as_eap = yes

rlm_eap: Loaded and initialized type peap

 mschapv2: with_ntdomain_hack = no

rlm_eap: Loaded and initialized type mschapv2

Module: Instantiated eap (eap) 

Module: Loaded preprocess 

 preprocess: huntgroups = "/etc/raddb/huntgroups"

 preprocess: hints = "/etc/raddb/hints"

 preprocess: with_ascend_hack = no

 preprocess: ascend_channels_per_line = 23

 preprocess: with_ntdomain_hack = no

 preprocess: with_specialix_jetstream_hack = no

 preprocess: with_cisco_vsa_hack = no

 preprocess: with_alvarion_vsa_hack = no

Module: Instantiated preprocess (preprocess) 

Module: Loaded realm 

 realm: format = "suffix"

 realm: delimiter = "@"

 realm: ignore_default = no

 realm: ignore_null = no

Module: Instantiated realm (suffix) 

Module: Loaded files 

 files: usersfile = "/etc/raddb/users"

 files: acctusersfile = "/etc/raddb/acct_users"

 files: preproxy_usersfile = "/etc/raddb/preproxy_users"

 files: compat = "no"

Module: Instantiated files (files) 

Module: Loaded Acct-Unique-Session-Id 

 acct_unique: key = "User-Name, Acct-Session-Id, NAS-IP-Address,
Client-IP-Address, NAS-Port"

Module: Instantiated acct_unique (acct_unique) 

Module: Loaded detail 

 detail: detailfile =
"/var/log/radius/radacct/%{Client-IP-Address}/detail-%Y%m%d"

 detail: detailperm = 384

 detail: dirperm = 493

 detail: locking = no

Module: Instantiated detail (detail) 

Module: Loaded radutmp 

 radutmp: filename = "/var/log/radius/radutmp"

 radutmp: username = "%{User-Name}"

 radutmp: case_sensitive = yes

 radutmp: check_with_nas = yes

 radutmp: perm = 384

 radutmp: callerid = yes

Module: Instantiated radutmp (radutmp) 

Listening on authentication *:1812

Listening on accounting *:1813

Ready to process requests.

rad_recv: Access-Request packet from host 10.90.1.254:32768, id=58,
length=65

                User-Name = "joseph.parker"

                User-Password = "JPpass02"

                Service-Type = Login-User

                NAS-IP-Address = 10.90.1.254

  Processing the authorize section of radiusd.conf

modcall: entering group authorize for request 0

  modcall[authorize]: module "preprocess" returns ok for request 0

  modcall[authorize]: module "chap" returns noop for request 0

  modcall[authorize]: module "mschap" returns noop for request 0

    rlm_realm: No '@' in User-Name = "joseph.parker", looking up realm
NULL

    rlm_realm: No such realm "NULL"

  modcall[authorize]: module "suffix" returns noop for request 0

  rlm_eap: No EAP-Message, not doing EAP

  modcall[authorize]: module "eap" returns noop for request 0

    users: Matched entry DEFAULT at line 154

  modcall[authorize]: module "files" returns ok for request 0

modcall: leaving group authorize (returns ok) for request 0

  rad_check_password:  Found Auth-Type System

auth: type "System"

  Processing the authenticate section of radiusd.conf

modcall: entering group authenticate for request 0

  modcall[authenticate]: module "unix" returns notfound for request 0

modcall: leaving group authenticate (returns notfound) for request 0

auth: Failed to validate the user.

Delaying request 0 for 1 seconds

Finished request 0

Going to the next request

--- Walking the entire request list ---

Waking up in 1 seconds...

--- Walking the entire request list ---

Waking up in 1 seconds...

--- Walking the entire request list ---

Sending Access-Reject of id 58 to 10.90.1.254 port 32768

Waking up in 4 seconds...

--- Walking the entire request list ---

Cleaning up request 0 ID 58 with timestamp 45ca3d12

Nothing to do.  Sleeping until we see a request.

 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20070207/966d777e/attachment.html>


More information about the Freeradius-Users mailing list