How to setup Ubuntu server as a client of FreeRadius Server

Raheel Itrat raheel082 at hotmail.com
Sat May 14 08:37:57 CEST 2011



Hi, 

I have a Linux(Ubuntu) NMS server and I want it to be authenticated Via Freeradius. So If I log into that NMS server it should send requests for authentication to FreeRadius serve. Also, can a windows XP machine be authenticated through Freeradius? I mean not the telnet/SSH login but somethign like RDP or VNC as well. 

BR,
Raheel

                                       
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 



> Date: Fri, 13 May 2011 20:42:03 -0700
> From: richard.adams at stentofon.com.au
> To: freeradius-users at lists.freeradius.org
> Subject: Authentication issues from Apple devices
> 
> Hello.  I have configured a Wireless Hotspot using the EasyHotSpot system,
> that uses FreeRadius for authentication.  
> 
> I am having problems only when Apple devices (iphone, ipad, macbooks)
> attempt to connect to the hotspot.
> 
> This is confusing, as all other devices and software (Winxp, Vista, 7,
> Symbian, Blackberry, Android etc) authenticate perfectly.
> 
> As a test case, and while running debugging, I attempted to connect with my
> Blackberry and an Iphone using the same username and password.  I have
> attached the results.  As you will see, using the same username and
> password, the blackberry authenticates while the iphone fails.  I cannot see
> any reason for this in the log.  Can anyone please assist?
> 
> Failed log:
> 
> Ready to process requests.
> rad_recv: Access-Request packet from host 127.0.0.1 port 60277, id=0,
> length=216
> 	User-Name = "sandra"
> 	CHAP-Challenge = 0x0571777ec7661c411af641e8952291b9
> 	CHAP-Password = 0x00120c16a8ff125a7a348459a0f40a86a9
> 	NAS-IP-Address = 0.0.0.0
> 	Service-Type = Login-User
> 	Framed-IP-Address = 192.168.182.10
> 	Calling-Station-Id = "DC-2B-61-9C-92-E6"
> 	Called-Station-Id = "00-0D-56-9C-AC-F6"
> 	NAS-Identifier = "nas01"
> 	Acct-Session-Id = "4dcde5a500000000"
> 	NAS-Port-Type = Wireless-802.11
> 	NAS-Port = 0
> 	Message-Authenticator = 0x35f8e8bc299636c4cd468b533de65f78
> 	WISPr-Logoff-URL = "http://192.168.182.1:3990/logoff"
> +- entering group authorize {...}
> ++[preprocess] returns ok
> [chap] Setting 'Auth-Type := CHAP'
> ++[chap] returns ok
> ++[mschap] returns noop
> [suffix] No '@' in User-Name = "sandra", looking up realm NULL
> [suffix] No such realm "NULL"
> ++[suffix] returns noop
> [eap] No EAP-Message, not doing EAP
> ++[eap] returns noop
> ++[unix] returns notfound
> ++[files] returns noop
> 	expand: %{User-Name} -> sandra
> [sql] sql_set_user escaped user --> 'sandra'
> rlm_sql (sql): Reserving sql socket id: 4
> 	expand: SELECT id, username, attribute, value, op           FROM radcheck          
> WHERE username = '%{SQL-User-Name}'           ORDER BY id -> SELECT id,
> username, attribute, value, op           FROM radcheck           WHERE
> username = 'sandra'           ORDER BY id
> [sql] User found in radcheck table
> 	expand: SELECT id, username, attribute, value, op           FROM radreply          
> WHERE username = '%{SQL-User-Name}'           ORDER BY id -> SELECT id,
> username, attribute, value, op           FROM radreply           WHERE
> username = 'sandra'           ORDER BY id
> 	expand: SELECT groupname           FROM radusergroup           WHERE
> username = '%{SQL-User-Name}'           ORDER BY priority -> SELECT
> groupname           FROM radusergroup           WHERE username = 'sandra'          
> ORDER BY priority
> rlm_sql (sql): Released sql socket id: 4
> ++[sql] returns ok
> rlm_sqlcounter: Entering module authorize code
> rlm_sqlcounter: Could not find Check item value pair
> ++[max_all_mb] returns noop
> rlm_sqlcounter: Entering module authorize code
> rlm_sqlcounter: Could not find Check item value pair
> ++[noresetcounter] returns noop
> [expiration] Checking Expiration time: 'September 11 2011 24:00:00'
> ++[expiration] returns ok
> ++[logintime] returns noop
> [pap] Found existing Auth-Type, not changing it.
> ++[pap] returns noop
> Found Auth-Type = CHAP
> +- entering group CHAP {...}
> [chap] login attempt by "sandra" with CHAP password
> [chap] Using clear text password "sandra" for user sandra authentication.
> [chap] Password check failed
> ++[chap] returns reject
> Failed to authenticate the user.
> Using Post-Auth-Type Reject
> +- entering group REJECT {...}
> 	expand: %{User-Name} -> sandra
>  attr_filter: Matched entry DEFAULT at line 11
> ++[attr_filter.access_reject] returns updated
> Delaying reject of request 0 for 1 seconds
> Going to the next request
> Waking up in 0.9 seconds.
> Sending delayed reject for request 0
> Sending Access-Reject of id 0 to 127.0.0.1 port 60277
> Waking up in 4.9 seconds.
> Cleaning up request 0 ID 0 with timestamp +36
> Ready to process requests.
> 
> Sucessful Log:
> 
> rad_recv: Access-Request packet from host 127.0.0.1 port 44107, id=0,
> length=216
> 	User-Name = "sandra"
> 	CHAP-Challenge = 0x97824e8524637118ae2cf716a0362b97
> 	CHAP-Password = 0x00f729a50979c25ef7d9d9e5e4cc1b2907
> 	NAS-IP-Address = 0.0.0.0
> 	Service-Type = Login-User
> 	Framed-IP-Address = 192.168.182.8
> 	Calling-Station-Id = "CC-55-AD-93-77-E6"
> 	Called-Station-Id = "00-0D-56-9C-AC-F6"
> 	NAS-Identifier = "nas01"
> 	Acct-Session-Id = "4dcde8c300000001"
> 	NAS-Port-Type = Wireless-802.11
> 	NAS-Port = 1
> 	Message-Authenticator = 0xf30387317dabf479ce7642e776e0295e
> 	WISPr-Logoff-URL = "http://192.168.182.1:3990/logoff"
> +- entering group authorize {...}
> ++[preprocess] returns ok
> [chap] Setting 'Auth-Type := CHAP'
> ++[chap] returns ok
> ++[mschap] returns noop
> [suffix] No '@' in User-Name = "sandra", looking up realm NULL
> [suffix] No such realm "NULL"
> ++[suffix] returns noop
> [eap] No EAP-Message, not doing EAP
> ++[eap] returns noop
> ++[unix] returns notfound
> ++[files] returns noop
> 	expand: %{User-Name} -> sandra
> [sql] sql_set_user escaped user --> 'sandra'
> rlm_sql (sql): Reserving sql socket id: 3
> 	expand: SELECT id, username, attribute, value, op           FROM radcheck          
> WHERE username = '%{SQL-User-Name}'           ORDER BY id -> SELECT id,
> username, attribute, value, op           FROM radcheck           WHERE
> username = 'sandra'           ORDER BY id
> [sql] User found in radcheck table
> 	expand: SELECT id, username, attribute, value, op           FROM radreply          
> WHERE username = '%{SQL-User-Name}'           ORDER BY id -> SELECT id,
> username, attribute, value, op           FROM radreply           WHERE
> username = 'sandra'           ORDER BY id
> 	expand: SELECT groupname           FROM radusergroup           WHERE
> username = '%{SQL-User-Name}'           ORDER BY priority -> SELECT
> groupname           FROM radusergroup           WHERE username = 'sandra'          
> ORDER BY priority
> rlm_sql (sql): Released sql socket id: 3
> ++[sql] returns ok
> rlm_sqlcounter: Entering module authorize code
> rlm_sqlcounter: Could not find Check item value pair
> ++[max_all_mb] returns noop
> rlm_sqlcounter: Entering module authorize code
> rlm_sqlcounter: Could not find Check item value pair
> ++[noresetcounter] returns noop
> [expiration] Checking Expiration time: 'September 11 2011 24:00:00'
> ++[expiration] returns ok
> ++[logintime] returns noop
> [pap] Found existing Auth-Type, not changing it.
> ++[pap] returns noop
> Found Auth-Type = CHAP
> +- entering group CHAP {...}
> [chap] login attempt by "sandra" with CHAP password
> [chap] Using clear text password "sandra" for user sandra authentication.
> [chap] chap user sandra authenticated succesfully
> ++[chap] returns ok
> +- entering group session {...}
> 	expand: /var/log/freeradius/radutmp -> /var/log/freeradius/radutmp
> 	expand: %{User-Name} -> sandra
> ++[radutmp] returns ok
> +- entering group post-auth {...}
> 	expand: %{User-Name} -> sandra
> [sql] sql_set_user escaped user --> 'sandra'
> 	expand: %{User-Password} -> 
> 	expand: %{Chap-Password} -> 0x00f729a50979c25ef7d9d9e5e4cc1b2907
> 	expand: INSERT INTO radpostauth                           (username, pass,
> reply, authdate)                           VALUES (                          
> '%{User-Name}',                          
> '%{%{User-Password}:-%{Chap-Password}}',                          
> '%{reply:Packet-Type}', '%S') -> INSERT INTO radpostauth                          
> (username, pass, reply, authdate)                           VALUES (                          
> 'sandra',                           '0x00f729a50979c25ef7d9d9e5e4cc1b2907',                          
> 'Access-Accept', '2011-05-14 12:28:43')
> rlm_sql (sql) in sql_postauth: query is INSERT INTO radpostauth                          
> (username, pass, reply, authdate)                           VALUES (                          
> 'sandra',                           '0x00f729a50979c25ef7d9d9e5e4cc1b2907',                          
> 'Access-Accept', '2011-05-14 12:28:43')
> rlm_sql (sql): Reserving sql socket id: 2
> rlm_sql (sql): Released sql socket id: 2
> ++[sql] returns ok
> ++[exec] returns noop
> Sending Access-Accept of id 0 to 127.0.0.1 port 44107
> 	WISPr-Bandwidth-Max-Down := 256000
> 	Idle-Timeout := 600
> 	WISPr-Session-Terminate-Time := "2011-9-11T24:00:00"
> 	Acct-Interim-Interval := 120
> 	Session-Timeout = 10409477
> Finished request 1.
> 
> 
> 
> --
> View this message in context: http://freeradius.1045715.n5.nabble.com/Authentication-issues-from-Apple-devices-tp4394941p4394941.html
> Sent from the FreeRadius - User mailing list archive at Nabble.com.
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
 		 	   		  
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20110514/fba6b7f1/attachment.html>


More information about the Freeradius-Users mailing list