Testing radius server

gera gera at gera.me
Thu Dec 10 22:50:10 CET 2009


Alex, you don't create users on the clients.conf file. You create users on
the users file (among other most important things). You configure radius
clients on the clients.conf. For what you're trying to accomplish, users
file is fine.

There's tons of help on the man pages for each file, including very easy
examples.

man users
man clients.conf

Greetings.

On Thu, Dec 10, 2009 at 12:56 PM, Alex Bahoor <alexbahoor at sbcglobal.net>wrote:

>  Gera
>
>
>  ------------------------------
>
> *From:* freeradius-users-bounces+alexbahoor=sbcglobal.net@
> lists.freeradius.org [mailto:freeradius-users-bounces+alexbahoor<freeradius-users-bounces%2Balexbahoor>
> =sbcglobal.net at lists.freeradius.org] *On Behalf Of *gera
> *Sent:* Thursday, December 10, 2009 11:07 AM
>
> *To:* FreeRadius users mailing list
> *Subject:* Re: Testing radius server
>
>
>
> Where did you create the user and password cisco?
>
>
>
> in the /etc/raddb/clients.conf.
>
>
>
> A copy of your users configuration file would be great
>
>
>
> Which config files do you need, radiusd.conf, or clients.conf? There is
> also, /etc/raddb/users which I have not even touched, cuz I did not see it
> readily on the wiki, and I did not know about till now.
>
>
>
> I’m not clear on the purpose of the attachment you mailed?
>
> This file is not accessible: http://wiki.freeradius.org/FAQ
>
>
>
> Alex
>
>
>
> On Thu, Dec 10, 2009 at 12:05 PM, g <gerardocb at gmail.com> wrote:
>
> Where did you create the user and password cisco?
>
>
>
> A copy of your users configuration file would be great.
>
>
>
> On Thu, Dec 10, 2009 at 11:03 AM, Alex Bahoor <alexbahoor at sbcglobal.net>
> wrote:
>
> Alan,
>
> Radius -X is always on, and I went through the clients.conf file. -X gives
> a lot information, since you asked here is my understanding. I'm not a
> programmer so some of them are cryptic to me. I put in comments to what I
> think they are, but they are only guesses. I would be very thankful if you
> can shed lights on them.
>
> Also, there is file experimental.conf stated in eap.conf, but did not
> exist. It may have some useful information.
>
> root at Crest raddb]# radtest cisco cisco 127.0.0.1 200 testing123
>
> Sending Access-Request of id 187 to 127.0.0.1 port 1812
>
>         User-Name = "cisco"
>
>         User-Password = "cisco"
>
>         NAS-IP-Address = 127.0.0.1
>
>         NAS-Port = 200
>
> rad_recv: Access-Request packet from host 127.0.0.1 port 43663, id=187,
> length=57
>
>         User-Name = "cisco"
>
>         User-Password = "cisco"
>
>         NAS-IP-Address = 127.0.0.1
>
>         NAS-Port = 200
>
> +- entering group authorize {...}
>
> ++[preprocess] returns ok       ;what is preprocess and what does it do?
>
> ++[chap] returns noop   ;I can tell that chap was not selected as a
> protocol, right?
>
> ++[mschap] returns noop         ;as above
>
> [suffix] No '@' in User-Name = "cisco", looking up realm NULL ;why @ is
> expected in a name or password?
>
> [suffix] No such realm "NULL" ;what this mean?
>
> ++[suffix] returns noop
>
> [eap] No EAP-Message, not doing EAP ;eap is not auth protocol.
>
> ++[eap] returns noop
>
> ++[unix] returns notfound       ;what is this?
>
> ++[files] returns noop          ?
>
> ++[expiration] returns noop     ?
>
> ++[logintime] returns noop      ?
>
> [pap] WARNING! No "known good" password found for the user.  Authentication
> may fail because of this.   ;I do have a password (cisco).
>
> ++[pap] returns noop
>
> No authenticate method (Auth-Type) configuration found for the request:
> Rejecting the user              ;this look like authentication protocol is
> a must before the process can work, however, eap.conf file is there and
> eap is uncommented out with it’s arguments. ?
>
> Failed to authenticate the user.
>
> Using Post-Auth-Type Reject
>
> +- entering group REJECT {...}
>
> [attr_filter.access_reject]     expand: %{User-Name} -> cisco
>
>  attr_filter: Matched entry DEFAULT at line 11
>
> ++[attr_filter.access_reject] returns updated
>
> Delaying reject of request 5 for 1 seconds
>
> Going to the next request
>
> Waking up in 0.9 seconds.
>
> Sending delayed reject for request 5
>
> Sending Access-Reject of id 187 to 127.0.0.1 port 43663
>
> Waking up in 4.9 seconds.
>
> rad_recv: Access-Reject packet from host 127.0.0.1 port 1812, id=187,
> length=20
>
> [root at Crest raddb]# Cleaning up request 5 ID 187 with timestamp +411
>
> Ready to process requests.
>
> Rgrds,
>
> Alex
>
> -----Original Message-----
> From: freeradius-users-bounces+alexbahoor=sbcglobal.net@
> lists.freeradius.org [
> mailto:freeradius-users-bounces+alexbahoor=sbcglobal.net at lists.freeradius.org<freeradius-users-bounces+alexbahoor=sbcglobal.net at lists.freeradius.org>]
> On Behalf Of Alan Buxey
> Sent: Thursday, December 10, 2009 2:07 AM
> To: FreeRadius users mailing list
> Subject: Re: Testing radius server
>
> Hi,
>
> > Now I know it's a config issue in the clients.conf, as radtest is
> failing. I
>
> > set user name and password, but radius is sending a reject. This is the
>
> > first time I'm using radius. So please bear with me. Can some one mail me
>
> > example of the minimum required configuration that needed for the radius
> to
>
> > work, no EAP or MSCAP ..etc.
>
> hey, guess what - 'radiusd -X'  this will be far more useful than
>
> throwing random recommendations to you.
>
> have you followed basic guidance regarding hwo to use clients.conf
>
> eg
>
> testuser Cleartext-Password := "testpassword"
>
>
>
> alan
>
> -
>
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
>
>
>
> __________ Information from ESET NOD32 Antivirus, version of virus
> signature database 4674 (20091209) __________
>
> The message was checked by ESET NOD32 Antivirus.
>
> http://www.eset.com
>
>
>
> __________ Information from ESET NOD32 Antivirus, version of virus
> signature database 4676 (20091210) __________
>
> The message was checked by ESET NOD32 Antivirus.
>
> http://www.eset.com
>
>
>
>
>
> __________ Information from ESET NOD32 Antivirus, version of virus
> signature database 4676 (20091210) __________
>
> The message was checked by ESET NOD32 Antivirus.
>
> http://www.eset.com
>
>
>
>
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
>
>
>
>
>
>
>
> __________ Information from ESET NOD32 Antivirus, version of virus
> signature database 4676 (20091210) __________
>
>
>
> The message was checked by ESET NOD32 Antivirus.
>
>
>
> http://www.eset.com
>
>
>
> __________ Information from ESET NOD32 Antivirus, version of virus
> signature database 4677 (20091210) __________
>
>
>
> The message was checked by ESET NOD32 Antivirus.
>
>
>
> http://www.eset.com
>
>
> __________ Information from ESET NOD32 Antivirus, version of virus
> signature database 4677 (20091210) __________
>
>
> The message was checked by ESET NOD32 Antivirus.
>
> http://www.eset.com
>
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20091210/bec2705d/attachment.html>


More information about the Freeradius-Users mailing list