Testing radius server
tnt at kalik.net
tnt at kalik.net
Thu Dec 10 19:58:24 CET 2009
> Radius -X is always on, and I went through the clients.conf file. -X gives
> a
> lot information, since you asked here is my understanding. I'm not a
> programmer so some of them are cryptic to me. I put in comments to what I
> think they are, but they are only guesses. I would be very thankful if you
> can shed lights on them.
>
> Also, there is file experimental.conf stated in eap.conf, but did not
> exist.
> It may have some useful information.
>
> root at Crest raddb]# radtest cisco cisco 127.0.0.1 200 testing123
> Sending Access-Request of id 187 to 127.0.0.1 port 1812
> User-Name = "cisco"
> User-Password = "cisco"
> NAS-IP-Address = 127.0.0.1
> NAS-Port = 200
> rad_recv: Access-Request packet from host 127.0.0.1 port 43663, id=187,
> length=57
> User-Name = "cisco"
> User-Password = "cisco"
> NAS-IP-Address = 127.0.0.1
> NAS-Port = 200
> +- entering group authorize {...}
> ++[preprocess] returns ok ;what is preprocess and what does it do?
Well, read the debug of server startup and it will be clearer. Don't ask
us what's in the bit you coudn't be bothered to read.
> ++[chap] returns noop ;I can tell that chap was not selected as a
> protocol, right?
Correct.
> ++[mschap] returns noop ;as above
Yes.
> [suffix] No '@' in User-Name = "cisco", looking up realm NULL ;why @ is
> expected in a name or password?
suffix is enabled by default. Lots of people have user at domain type
username that it makes sense for it to be default option. If you don't
have such usernames you can comment it out.
> [suffix] No such realm "NULL" ;what this mean?
No @ in username.
> ++[suffix] returns noop
> [eap] No EAP-Message, not doing EAP ;eap is not auth protocol.
> ++[eap] returns noop
Same as chap and mschap.
> ++[unix] returns notfound ;what is this?
System passwords. Again enabled by default as enough people use it. You
can comment it out if you are not using it.
> ++[files] returns noop ?
You don't have that user entry in users file (people have told you to put
the password there but you haven't).
> ++[expiration] returns noop ?
Password expiration. Another module enabled by default.
> ++[logintime] returns noop ?
Does what says on the tin.
> [pap] WARNING! No "known good" password found for the user.
> Authentication
> may fail because of this. ;I do have a password (cisco).
No, you don't. Or should I say - where did you store that password?
> ++[pap] returns noop
> No authenticate method (Auth-Type) configuration found for the request:
> Rejecting the user ;this look like authentication protocol is a
> must before the process can work, however, eap.conf file is there and eap
> is
> uncommented out with it's arguments. ?
No password - no authentication. You haven't stored password for this user
in any place server looked.
Ivan Kalik
More information about the Freeradius-Users
mailing list