How to setup Ubuntu server as a client of FreeRadius Server
Raheel Itrat
raheel082 at hotmail.com
Sat May 14 08:37:57 CEST 2011
Hi,
I have a Linux(Ubuntu) NMS server and I want it to be authenticated Via Freeradius. So If I log into that NMS server it should send requests for authentication to FreeRadius serve. Also, can a windows XP machine be authenticated through Freeradius? I mean not the telnet/SSH login but somethign like RDP or VNC as well.
BR,
Raheel
> Date: Fri, 13 May 2011 20:42:03 -0700
> From: richard.adams at stentofon.com.au
> To: freeradius-users at lists.freeradius.org
> Subject: Authentication issues from Apple devices
>
> Hello. I have configured a Wireless Hotspot using the EasyHotSpot system,
> that uses FreeRadius for authentication.
>
> I am having problems only when Apple devices (iphone, ipad, macbooks)
> attempt to connect to the hotspot.
>
> This is confusing, as all other devices and software (Winxp, Vista, 7,
> Symbian, Blackberry, Android etc) authenticate perfectly.
>
> As a test case, and while running debugging, I attempted to connect with my
> Blackberry and an Iphone using the same username and password. I have
> attached the results. As you will see, using the same username and
> password, the blackberry authenticates while the iphone fails. I cannot see
> any reason for this in the log. Can anyone please assist?
>
> Failed log:
>
> Ready to process requests.
> rad_recv: Access-Request packet from host 127.0.0.1 port 60277, id=0,
> length=216
> User-Name = "sandra"
> CHAP-Challenge = 0x0571777ec7661c411af641e8952291b9
> CHAP-Password = 0x00120c16a8ff125a7a348459a0f40a86a9
> NAS-IP-Address = 0.0.0.0
> Service-Type = Login-User
> Framed-IP-Address = 192.168.182.10
> Calling-Station-Id = "DC-2B-61-9C-92-E6"
> Called-Station-Id = "00-0D-56-9C-AC-F6"
> NAS-Identifier = "nas01"
> Acct-Session-Id = "4dcde5a500000000"
> NAS-Port-Type = Wireless-802.11
> NAS-Port = 0
> Message-Authenticator = 0x35f8e8bc299636c4cd468b533de65f78
> WISPr-Logoff-URL = "http://192.168.182.1:3990/logoff"
> +- entering group authorize {...}
> ++[preprocess] returns ok
> [chap] Setting 'Auth-Type := CHAP'
> ++[chap] returns ok
> ++[mschap] returns noop
> [suffix] No '@' in User-Name = "sandra", looking up realm NULL
> [suffix] No such realm "NULL"
> ++[suffix] returns noop
> [eap] No EAP-Message, not doing EAP
> ++[eap] returns noop
> ++[unix] returns notfound
> ++[files] returns noop
> expand: %{User-Name} -> sandra
> [sql] sql_set_user escaped user --> 'sandra'
> rlm_sql (sql): Reserving sql socket id: 4
> expand: SELECT id, username, attribute, value, op FROM radcheck
> WHERE username = '%{SQL-User-Name}' ORDER BY id -> SELECT id,
> username, attribute, value, op FROM radcheck WHERE
> username = 'sandra' ORDER BY id
> [sql] User found in radcheck table
> expand: SELECT id, username, attribute, value, op FROM radreply
> WHERE username = '%{SQL-User-Name}' ORDER BY id -> SELECT id,
> username, attribute, value, op FROM radreply WHERE
> username = 'sandra' ORDER BY id
> expand: SELECT groupname FROM radusergroup WHERE
> username = '%{SQL-User-Name}' ORDER BY priority -> SELECT
> groupname FROM radusergroup WHERE username = 'sandra'
> ORDER BY priority
> rlm_sql (sql): Released sql socket id: 4
> ++[sql] returns ok
> rlm_sqlcounter: Entering module authorize code
> rlm_sqlcounter: Could not find Check item value pair
> ++[max_all_mb] returns noop
> rlm_sqlcounter: Entering module authorize code
> rlm_sqlcounter: Could not find Check item value pair
> ++[noresetcounter] returns noop
> [expiration] Checking Expiration time: 'September 11 2011 24:00:00'
> ++[expiration] returns ok
> ++[logintime] returns noop
> [pap] Found existing Auth-Type, not changing it.
> ++[pap] returns noop
> Found Auth-Type = CHAP
> +- entering group CHAP {...}
> [chap] login attempt by "sandra" with CHAP password
> [chap] Using clear text password "sandra" for user sandra authentication.
> [chap] Password check failed
> ++[chap] returns reject
> Failed to authenticate the user.
> Using Post-Auth-Type Reject
> +- entering group REJECT {...}
> expand: %{User-Name} -> sandra
> attr_filter: Matched entry DEFAULT at line 11
> ++[attr_filter.access_reject] returns updated
> Delaying reject of request 0 for 1 seconds
> Going to the next request
> Waking up in 0.9 seconds.
> Sending delayed reject for request 0
> Sending Access-Reject of id 0 to 127.0.0.1 port 60277
> Waking up in 4.9 seconds.
> Cleaning up request 0 ID 0 with timestamp +36
> Ready to process requests.
>
> Sucessful Log:
>
> rad_recv: Access-Request packet from host 127.0.0.1 port 44107, id=0,
> length=216
> User-Name = "sandra"
> CHAP-Challenge = 0x97824e8524637118ae2cf716a0362b97
> CHAP-Password = 0x00f729a50979c25ef7d9d9e5e4cc1b2907
> NAS-IP-Address = 0.0.0.0
> Service-Type = Login-User
> Framed-IP-Address = 192.168.182.8
> Calling-Station-Id = "CC-55-AD-93-77-E6"
> Called-Station-Id = "00-0D-56-9C-AC-F6"
> NAS-Identifier = "nas01"
> Acct-Session-Id = "4dcde8c300000001"
> NAS-Port-Type = Wireless-802.11
> NAS-Port = 1
> Message-Authenticator = 0xf30387317dabf479ce7642e776e0295e
> WISPr-Logoff-URL = "http://192.168.182.1:3990/logoff"
> +- entering group authorize {...}
> ++[preprocess] returns ok
> [chap] Setting 'Auth-Type := CHAP'
> ++[chap] returns ok
> ++[mschap] returns noop
> [suffix] No '@' in User-Name = "sandra", looking up realm NULL
> [suffix] No such realm "NULL"
> ++[suffix] returns noop
> [eap] No EAP-Message, not doing EAP
> ++[eap] returns noop
> ++[unix] returns notfound
> ++[files] returns noop
> expand: %{User-Name} -> sandra
> [sql] sql_set_user escaped user --> 'sandra'
> rlm_sql (sql): Reserving sql socket id: 3
> expand: SELECT id, username, attribute, value, op FROM radcheck
> WHERE username = '%{SQL-User-Name}' ORDER BY id -> SELECT id,
> username, attribute, value, op FROM radcheck WHERE
> username = 'sandra' ORDER BY id
> [sql] User found in radcheck table
> expand: SELECT id, username, attribute, value, op FROM radreply
> WHERE username = '%{SQL-User-Name}' ORDER BY id -> SELECT id,
> username, attribute, value, op FROM radreply WHERE
> username = 'sandra' ORDER BY id
> expand: SELECT groupname FROM radusergroup WHERE
> username = '%{SQL-User-Name}' ORDER BY priority -> SELECT
> groupname FROM radusergroup WHERE username = 'sandra'
> ORDER BY priority
> rlm_sql (sql): Released sql socket id: 3
> ++[sql] returns ok
> rlm_sqlcounter: Entering module authorize code
> rlm_sqlcounter: Could not find Check item value pair
> ++[max_all_mb] returns noop
> rlm_sqlcounter: Entering module authorize code
> rlm_sqlcounter: Could not find Check item value pair
> ++[noresetcounter] returns noop
> [expiration] Checking Expiration time: 'September 11 2011 24:00:00'
> ++[expiration] returns ok
> ++[logintime] returns noop
> [pap] Found existing Auth-Type, not changing it.
> ++[pap] returns noop
> Found Auth-Type = CHAP
> +- entering group CHAP {...}
> [chap] login attempt by "sandra" with CHAP password
> [chap] Using clear text password "sandra" for user sandra authentication.
> [chap] chap user sandra authenticated succesfully
> ++[chap] returns ok
> +- entering group session {...}
> expand: /var/log/freeradius/radutmp -> /var/log/freeradius/radutmp
> expand: %{User-Name} -> sandra
> ++[radutmp] returns ok
> +- entering group post-auth {...}
> expand: %{User-Name} -> sandra
> [sql] sql_set_user escaped user --> 'sandra'
> expand: %{User-Password} ->
> expand: %{Chap-Password} -> 0x00f729a50979c25ef7d9d9e5e4cc1b2907
> expand: INSERT INTO radpostauth (username, pass,
> reply, authdate) VALUES (
> '%{User-Name}',
> '%{%{User-Password}:-%{Chap-Password}}',
> '%{reply:Packet-Type}', '%S') -> INSERT INTO radpostauth
> (username, pass, reply, authdate) VALUES (
> 'sandra', '0x00f729a50979c25ef7d9d9e5e4cc1b2907',
> 'Access-Accept', '2011-05-14 12:28:43')
> rlm_sql (sql) in sql_postauth: query is INSERT INTO radpostauth
> (username, pass, reply, authdate) VALUES (
> 'sandra', '0x00f729a50979c25ef7d9d9e5e4cc1b2907',
> 'Access-Accept', '2011-05-14 12:28:43')
> rlm_sql (sql): Reserving sql socket id: 2
> rlm_sql (sql): Released sql socket id: 2
> ++[sql] returns ok
> ++[exec] returns noop
> Sending Access-Accept of id 0 to 127.0.0.1 port 44107
> WISPr-Bandwidth-Max-Down := 256000
> Idle-Timeout := 600
> WISPr-Session-Terminate-Time := "2011-9-11T24:00:00"
> Acct-Interim-Interval := 120
> Session-Timeout = 10409477
> Finished request 1.
>
>
>
> --
> View this message in context: http://freeradius.1045715.n5.nabble.com/Authentication-issues-from-Apple-devices-tp4394941p4394941.html
> Sent from the FreeRadius - User mailing list archive at Nabble.com.
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20110514/fba6b7f1/attachment.html>
More information about the Freeradius-Users
mailing list