Testing radius server

Alex Bahoor alexbahoor at sbcglobal.net
Thu Dec 10 20:56:37 CET 2009


Gera

 

  _____  

From: freeradius-users-bounces+alexbahoor=sbcglobal.net at lists.freeradius.org
[mailto:freeradius-users-bounces+alexbahoor=sbcglobal.net at lists.freeradius.o
rg] On Behalf Of gera
Sent: Thursday, December 10, 2009 11:07 AM
To: FreeRadius users mailing list
Subject: Re: Testing radius server

 

Where did you create the user and password cisco?

 

in the /etc/raddb/clients.conf. 

 

A copy of your users configuration file would be great

 

Which config files do you need, radiusd.conf, or clients.conf? There is
also, /etc/raddb/users which I have not even touched, cuz I did not see it
readily on the wiki, and I did not know about till now.

 

I'm not clear on the purpose of the attachment you mailed? 

This file is not accessible: http://wiki.freeradius.org/FAQ

 

Alex

 

On Thu, Dec 10, 2009 at 12:05 PM, g <gerardocb at gmail.com> wrote:

Where did you create the user and password cisco?

 

A copy of your users configuration file would be great.

 

On Thu, Dec 10, 2009 at 11:03 AM, Alex Bahoor <alexbahoor at sbcglobal.net>
wrote:

Alan,

Radius -X is always on, and I went through the clients.conf file. -X gives a
lot information, since you asked here is my understanding. I'm not a
programmer so some of them are cryptic to me. I put in comments to what I
think they are, but they are only guesses. I would be very thankful if you
can shed lights on them. 

Also, there is file experimental.conf stated in eap.conf, but did not exist.
It may have some useful information.

root at Crest raddb]# radtest cisco cisco 127.0.0.1 200 testing123

Sending Access-Request of id 187 to 127.0.0.1 port 1812

        User-Name = "cisco"

        User-Password = "cisco"

        NAS-IP-Address = 127.0.0.1

        NAS-Port = 200

rad_recv: Access-Request packet from host 127.0.0.1 port 43663, id=187,
length=57

        User-Name = "cisco"

        User-Password = "cisco"

        NAS-IP-Address = 127.0.0.1

        NAS-Port = 200

+- entering group authorize {...}

++[preprocess] returns ok       ;what is preprocess and what does it do?

++[chap] returns noop   ;I can tell that chap was not selected as a
protocol, right?

++[mschap] returns noop         ;as above

[suffix] No '@' in User-Name = "cisco", looking up realm NULL ;why @ is
expected in a name or password?

[suffix] No such realm "NULL" ;what this mean?

++[suffix] returns noop

[eap] No EAP-Message, not doing EAP ;eap is not auth protocol.

++[eap] returns noop

++[unix] returns notfound       ;what is this?

++[files] returns noop          ?

++[expiration] returns noop     ?

++[logintime] returns noop      ?

[pap] WARNING! No "known good" password found for the user.  Authentication
may fail because of this.   ;I do have a password (cisco).

++[pap] returns noop

No authenticate method (Auth-Type) configuration found for the request:
Rejecting the user              ;this look like authentication protocol is a
must before the process can work, however, eap.conf file is there and eap is
uncommented out with it's arguments. ?

Failed to authenticate the user.

Using Post-Auth-Type Reject

+- entering group REJECT {...}

[attr_filter.access_reject]     expand: %{User-Name} -> cisco

 attr_filter: Matched entry DEFAULT at line 11

++[attr_filter.access_reject] returns updated

Delaying reject of request 5 for 1 seconds

Going to the next request

Waking up in 0.9 seconds.

Sending delayed reject for request 5

Sending Access-Reject of id 187 to 127.0.0.1 port 43663

Waking up in 4.9 seconds.

rad_recv: Access-Reject packet from host 127.0.0.1 port 1812, id=187,
length=20

[root at Crest raddb]# Cleaning up request 5 ID 187 with timestamp +411

Ready to process requests.

Rgrds,

Alex

-----Original Message-----
From: freeradius-users-bounces+alexbahoor=sbcglobal.net at lists.freeradius.org
[mailto:freeradius-users-bounces+alexbahoor=sbcglobal.net at lists.freeradius.o
rg] On Behalf Of Alan Buxey
Sent: Thursday, December 10, 2009 2:07 AM
To: FreeRadius users mailing list
Subject: Re: Testing radius server

Hi,

> Now I know it's a config issue in the clients.conf, as radtest is failing.
I

> set user name and password, but radius is sending a reject. This is the

> first time I'm using radius. So please bear with me. Can some one mail me

> example of the minimum required configuration that needed for the radius
to

> work, no EAP or MSCAP ..etc. 

hey, guess what - 'radiusd -X'  this will be far more useful than

throwing random recommendations to you.

have you followed basic guidance regarding hwo to use clients.conf

eg

testuser Cleartext-Password := "testpassword"

 

alan

-

List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html

 

__________ Information from ESET NOD32 Antivirus, version of virus signature
database 4674 (20091209) __________

The message was checked by ESET NOD32 Antivirus.

http://www.eset.com

  

__________ Information from ESET NOD32 Antivirus, version of virus signature
database 4676 (20091210) __________

The message was checked by ESET NOD32 Antivirus.

http://www.eset.com

 

 

__________ Information from ESET NOD32 Antivirus, version of virus signature
database 4676 (20091210) __________

The message was checked by ESET NOD32 Antivirus.

http://www.eset.com

 


-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html

 

 

 

__________ Information from ESET NOD32 Antivirus, version of virus signature
database 4676 (20091210) __________

 

The message was checked by ESET NOD32 Antivirus.

 

http://www.eset.com

 

__________ Information from ESET NOD32 Antivirus, version of virus signature
database 4677 (20091210) __________

 

The message was checked by ESET NOD32 Antivirus.

 

http://www.eset.com

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20091210/0e2b3f17/attachment.html>


More information about the Freeradius-Users mailing list