FreeRadius questions
hashim zayed
hashim.zayed at gmail.com
Tue Feb 28 20:16:15 CET 2012
Please make sure that port 1812/1813 are enabled on your server firewall.
Hashim Mohammed Zayed
Moeen IT
On 2012 2 28 17:10, "James DeLuca" <jdeluca at wiu.k12.pa.us> wrote:
> Hope you can help us out. First time dealing with RADIUS servers.
> Following your instructions. Seem to have missed something along the way.
> ****
>
> ** **
>
> We are running FreeRadius(Version 2.1.1) on a SLES version 11 server. The
> serve has a static IP address.****
>
> ** **
>
> We have tried both of the following setting in our client.conf
> file(/etc/raddb/clients.conf). Neither have produced good results.
>
> client localhost {
> ipadddr = 127.0.0.1
> require_message_authenticator = no
> secret = "xxxxx"
> nastype = "other"
> }
>
> client localhost {
> ipadddr = 10.0.xxx.xxx
> require_message_authenticator = no
> secret = "xxxxx"
> nastype = "other"
> }
>
> ****
>
> We entered a user in our user(/etc/raddb/users) file ** **
>
> ** **
>
> bob Cleartext-Password := "hello"****
>
> ** **
>
> Started two terminal sessions. In the first session we ran
> /usr/sbin/radiusd -X****
>
> ** **
>
> And received these results****
>
> FreeRADIUS Version 2.1.1, for host i686-suse-linux-gnu, built on Feb 23
> 2009 at 21:34:25 Copyright (C) 1999-2008 The FreeRADIUS server project and
> contributors. ****
>
> There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A
> PARTICULAR PURPOSE. ****
>
> You may redistribute copies of FreeRADIUS under the terms of the GNU
> General Public License v2. ****
>
> Starting - reading configuration files ...****
>
> including configuration file /etc/raddb/radiusd.conf including
> configuration file /etc/raddb/proxy.conf including configuration file
> /etc/raddb/clients.conf including files in directory /etc/raddb/modules/
> including configuration file /etc/raddb/modules/detail including
> configuration file /etc/raddb/modules/preprocess including configuration
> file /etc/raddb/modules/ippool including configuration file
> /etc/raddb/modules/inner-eap including configuration file
> /etc/raddb/modules/checkval including configuration file
> /etc/raddb/modules/ldap including configuration file
> /etc/raddb/modules/sradutmp including configuration file
> /etc/raddb/modules/attr_filter including configuration file
> /etc/raddb/modules/policy including configuration file
> /etc/raddb/modules/always including configuration file
> /etc/raddb/modules/etc_group including configuration file
> /etc/raddb/modules/logintime including configuration file
> /etc/raddb/modules/passwd including configuration file
> /etc/raddb/modules/realm including configuration file
> /etc/raddb/modules/krb5 including configuration file
> /etc/raddb/modules/echo including configuration file
> /etc/raddb/modules/expiration including configuration file
> /etc/raddb/modules/expr including configuration file /etc/raddb/modules/
> detail.example.com****
>
> ****
>
> including configuration file /etc/raddb/modules/pam including
> configuration file /etc/raddb/modules/files including configuration file
> /etc/raddb/modules/smbpasswd including configuration file
> /etc/raddb/modules/attr_rewrite including configuration file
> /etc/raddb/modules/linelog including configuration file
> /etc/raddb/modules/detail.log including configuration file
> /etc/raddb/modules/unix including configuration file
> /etc/raddb/modules/exec including configuration file
> /etc/raddb/modules/radutmp including configuration file
> /etc/raddb/modules/acct_unique including configuration file
> /etc/raddb/modules/digest including configuration file
> /etc/raddb/modules/chap including configuration file
> /etc/raddb/modules/sql_log including configuration file
> /etc/raddb/modules/mschap including configuration file
> /etc/raddb/modules/counter including configuration file
> /etc/raddb/modules/pap including configuration file
> /etc/raddb/modules/mac2vlan including configuration file
> /etc/raddb/modules/mac2ip including configuration file
> /etc/raddb/modules/wimax including configuration file /etc/raddb/eap.conf
> including configuration file /etc/raddb/sql.conf including configuration
> file /etc/raddb/sql/mysql/dialup.conf including configuration file
> /etc/raddb/sql/mysql/counter.conf including configuration file
> /etc/raddb/policy.conf including files in directory
> /etc/raddb/sites-enabled/ including configuration file
> /etc/raddb/sites-enabled/default including configuration file
> /etc/raddb/sites-enabled/inner-tunnel****
>
> group = radiusd****
>
> user = radiusd****
>
> including dictionary file /etc/raddb/dictionary main {****
>
> prefix = "/usr"****
>
> localstatedir = "/var"****
>
> logdir = "/var/log/radius"****
>
> libdir = "/usr/lib/freeradius"****
>
> radacctdir = "/var/log/radius/radacct"****
>
> hostname_lookups = no****
>
> max_request_time = 30****
>
> cleanup_delay = 5****
>
> max_requests = 1024****
>
> allow_core_dumps = no****
>
> pidfile = "/var/run/radiusd/radiusd.pid"****
>
> checkrad = "/usr/sbin/checkrad"****
>
> debug_level = 0****
>
> proxy_requests = yes****
>
> log {****
>
> stripped_names = no****
>
> auth = no****
>
> auth_badpass = no****
>
> auth_goodpass = no****
>
> }****
>
> security {****
>
> max_attributes = 200****
>
> reject_delay = 1****
>
> status_server = yes****
>
> }****
>
> }****
>
> client localhost {****
>
> ipaddr = 10.0.8.9****
>
> require_message_authenticator = no****
>
> secret = "testing123"****
>
> nastype = "other"****
>
> }****
>
> radiusd: #### Loading Realms and Home Servers #### proxy server {****
>
> retry_delay = 5****
>
> retry_count = 3****
>
> default_fallback = no****
>
> dead_time = 120****
>
> wake_all_if_all_dead = no****
>
> }****
>
> home_server localhost {****
>
> ipaddr = 127.0.0.1****
>
> port = 1812****
>
> type = "auth"****
>
> secret = "testing123"****
>
> response_window = 20****
>
> max_outstanding = 65536****
>
> zombie_period = 40****
>
> status_check = "status-server"****
>
> ping_interval = 30****
>
> check_interval = 30****
>
> num_answers_to_alive = 3****
>
> num_pings_to_alive = 3****
>
> revive_interval = 120****
>
> status_check_timeout = 4****
>
> }****
>
> home_server_pool my_auth_failover {****
>
> type = fail-over****
>
> home_server = localhost****
>
> }****
>
> realm example.com {****
>
> auth_pool = my_auth_failover****
>
> }****
>
> realm LOCAL {****
>
> }****
>
> radiusd: #### Instantiating modules #### instantiate {****
>
> Module: Linked to module rlm_exec****
>
> Module: Instantiating exec****
>
> exec {****
>
> wait = no****
>
> input_pairs = "request"****
>
> shell_escape = yes****
>
> }****
>
> Module: Linked to module rlm_expr****
>
> Module: Instantiating expr****
>
> Module: Linked to module rlm_expiration****
>
> Module: Instantiating expiration****
>
> expiration {****
>
> reply-message = "Password Has Expired "****
>
> }****
>
> Module: Linked to module rlm_logintime****
>
> Module: Instantiating logintime****
>
> logintime {****
>
> reply-message = "You are calling outside your allowed timespan "***
> *
>
> minimum-timeout = 60****
>
> }****
>
> }****
>
> radiusd: #### Loading Virtual Servers #### server inner-tunnel { modules {
> ****
>
> Module: Checking authenticate {...} for more modules to load****
>
> Module: Linked to module rlm_pap****
>
> Module: Instantiating pap****
>
> pap {****
>
> encryption_scheme = "auto"****
>
> auto_header = no****
>
> }****
>
> Module: Linked to module rlm_chap****
>
> Module: Instantiating chap****
>
> Module: Linked to module rlm_mschap****
>
> Module: Instantiating mschap****
>
> mschap {****
>
> use_mppe = yes****
>
> require_encryption = no****
>
> require_strong = no****
>
> with_ntdomain_hack = no****
>
> }****
>
> Module: Linked to module rlm_unix****
>
> Module: Instantiating unix****
>
> unix {****
>
> radwtmp = "/var/log/radius/radwtmp"****
>
> }****
>
> Module: Linked to module rlm_eap****
>
> Module: Instantiating eap****
>
> eap {****
>
> default_eap_type = "md5"****
>
> timer_expire = 60****
>
> ignore_unknown_eap_types = no****
>
> cisco_accounting_username_bug = no****
>
> max_sessions = 2048****
>
> }****
>
> Module: Linked to sub-module rlm_eap_md5****
>
> Module: Instantiating eap-md5****
>
> Module: Linked to sub-module rlm_eap_leap****
>
> Module: Instantiating eap-leap****
>
> Module: Linked to sub-module rlm_eap_gtc****
>
> Module: Instantiating eap-gtc****
>
> gtc {****
>
> challenge = "Password: "****
>
> auth_type = "PAP"****
>
> }****
>
> Module: Linked to sub-module rlm_eap_tls****
>
> Module: Instantiating eap-tls****
>
> tls {****
>
> rsa_key_exchange = no****
>
> dh_key_exchange = yes****
>
> rsa_key_length = 512****
>
> dh_key_length = 512****
>
> verify_depth = 0****
>
> pem_file_type = yes****
>
> private_key_file = "/etc/raddb/certs/server.pem"****
>
> certificate_file = "/etc/raddb/certs/server.pem"****
>
> CA_file = "/etc/raddb/certs/ca.pem"****
>
> private_key_password = "whatever"****
>
> dh_file = "/etc/raddb/certs/dh"****
>
> random_file = "/etc/raddb/certs/random"****
>
> fragment_size = 1024****
>
> include_length = yes****
>
> check_crl = no****
>
> cipher_list = "DEFAULT"****
>
> make_cert_command = "/etc/raddb/certs/bootstrap"****
>
> cache {****
>
> enable = no****
>
> lifetime = 24****
>
> max_entries = 255****
>
> }****
>
> }****
>
> Module: Linked to sub-module rlm_eap_ttls****
>
> Module: Instantiating eap-ttls****
>
> ttls {****
>
> default_eap_type = "md5"****
>
> copy_request_to_tunnel = no****
>
> use_tunneled_reply = no****
>
> virtual_server = "inner-tunnel"****
>
> }****
>
> Module: Linked to sub-module rlm_eap_peap****
>
> Module: Instantiating eap-peap****
>
> peap {****
>
> default_eap_type = "mschapv2"****
>
> copy_request_to_tunnel = no****
>
> use_tunneled_reply = no****
>
> proxy_tunneled_request_as_eap = yes****
>
> virtual_server = "inner-tunnel"****
>
> }****
>
> Module: Linked to sub-module rlm_eap_mschapv2****
>
> Module: Instantiating eap-mschapv2****
>
> mschapv2 {****
>
> with_ntdomain_hack = no****
>
> }****
>
> Module: Checking authorize {...} for more modules to load****
>
> Module: Linked to module rlm_realm****
>
> Module: Instantiating suffix****
>
> realm suffix {****
>
> format = "suffix"****
>
> delimiter = "@"****
>
> ignore_default = no****
>
> ignore_null = no****
>
> }****
>
> Module: Linked to module rlm_files****
>
> Module: Instantiating files****
>
> files {****
>
> usersfile = "/etc/raddb/users"****
>
> acctusersfile = "/etc/raddb/acct_users"****
>
> preproxy_usersfile = "/etc/raddb/preproxy_users"****
>
> compat = "no"****
>
> }****
>
> Module: Checking session {...} for more modules to load****
>
> Module: Linked to module rlm_radutmp****
>
> Module: Instantiating radutmp****
>
> radutmp {****
>
> filename = "/var/log/radius/radutmp"****
>
> username = "%{User-Name}"****
>
> case_sensitive = yes****
>
> check_with_nas = yes****
>
> perm = 384****
>
> callerid = yes****
>
> }****
>
> Module: Checking post-proxy {...} for more modules to load****
>
> Module: Checking post-auth {...} for more modules to load****
>
> Module: Linked to module rlm_attr_filter****
>
> Module: Instantiating attr_filter.access_reject****
>
> attr_filter attr_filter.access_reject {****
>
> attrsfile = "/etc/raddb/attrs.access_reject"****
>
> key = "%{User-Name}"****
>
> }****
>
> }****
>
> }****
>
> modules {****
>
> Module: Checking authenticate {...} for more modules to load****
>
> Module: Checking authorize {...} for more modules to load****
>
> Module: Linked to module rlm_preprocess****
>
> Module: Instantiating preprocess****
>
> preprocess {****
>
> huntgroups = "/etc/raddb/huntgroups"****
>
> hints = "/etc/raddb/hints"****
>
> with_ascend_hack = no****
>
> ascend_channels_per_line = 23****
>
> with_ntdomain_hack = no****
>
> with_specialix_jetstream_hack = no****
>
> with_cisco_vsa_hack = no****
>
> with_alvarion_vsa_hack = no****
>
> }****
>
> Module: Checking preacct {...} for more modules to load****
>
> Module: Linked to module rlm_acct_unique****
>
> Module: Instantiating acct_unique****
>
> acct_unique {****
>
> key = "User-Name, Acct-Session-Id, NAS-IP-Address,
> Client-IP-Address, NAS-Port"****
>
> }****
>
> Module: Checking accounting {...} for more modules to load****
>
> Module: Linked to module rlm_detail****
>
> Module: Instantiating detail****
>
> detail {****
>
> detailfile =
> "/var/log/radius/radacct/%{Client-IP-Address}/detail-%Y%m%d"****
>
> header = "%t"****
>
> detailperm = 384****
>
> dirperm = 493****
>
> locking = no****
>
> log_packet_header = no****
>
> }****
>
> Module: Instantiating attr_filter.accounting_response****
>
> attr_filter attr_filter.accounting_response {****
>
> attrsfile = "/etc/raddb/attrs.accounting_response"****
>
> key = "%{User-Name}"****
>
> }****
>
> Module: Checking session {...} for more modules to load****
>
> Module: Checking post-proxy {...} for more modules to load****
>
> Module: Checking post-auth {...} for more modules to load }****
>
> radiusd: #### Opening IP addresses and Ports #### listen {****
>
> type = "auth"****
>
> ipaddr = 10.0.8.9****
>
> port = 0****
>
> }****
>
> listen {****
>
> type = "acct"****
>
> ipaddr = *****
>
> port = 0****
>
> }****
>
> Listening on authentication address 10.0.8.9 port 1812 Listening on
> accounting address * port 1813 Listening on proxy address 10.0.8.9 port
> 1814 Ready to process requests.****
>
> ** **
>
> ** **
>
> In the second terminal window we ran:****
>
> radtest bob hello localhost 0 testing123****
>
> ** **
>
> And got these results****
>
> Sending Access-Request of id 186 to 127.0.0.1 port 1812****
>
> User-Name = "bob"****
>
> User-Password = "hello"****
>
> NAS-IP-Address = 127.0.0.2****
>
> NAS-Port = 0****
>
> Sending Access-Request of id 186 to 127.0.0.1 port 1812****
>
> User-Name = "bob"****
>
> User-Password = "hello"****
>
> NAS-IP-Address = 127.0.0.2****
>
> NAS-Port = 0****
>
> Sending Access-Request of id 186 to 127.0.0.1 port 1812****
>
> User-Name = "bob"****
>
> User-Password = "hello"****
>
> NAS-IP-Address = 127.0.0.2****
>
> NAS-Port = 0****
>
> Sending Access-Request of id 186 to 127.0.0.1 port 1812****
>
> User-Name = "bob"****
>
> User-Password = "hello"****
>
> NAS-IP-Address = 127.0.0.2****
>
> NAS-Port = 0****
>
> Sending Access-Request of id 186 to 127.0.0.1 port 1812****
>
> User-Name = "bob"****
>
> User-Password = "hello"****
>
> NAS-IP-Address = 127.0.0.2****
>
> NAS-Port = 0****
>
> Sending Access-Request of id 186 to 127.0.0.1 port 1812****
>
> User-Name = "bob"****
>
> User-Password = "hello"****
>
> NAS-IP-Address = 127.0.0.2****
>
> NAS-Port = 0****
>
> Sending Access-Request of id 186 to 127.0.0.1 port 1812****
>
> User-Name = "bob"****
>
> User-Password = "hello"****
>
> NAS-IP-Address = 127.0.0.2****
>
> NAS-Port = 0****
>
> Sending Access-Request of id 186 to 127.0.0.1 port 1812****
>
> User-Name = "bob"****
>
> User-Password = "hello"****
>
> NAS-IP-Address = 127.0.0.2****
>
> NAS-Port = 0****
>
> Sending Access-Request of id 186 to 127.0.0.1 port 1812****
>
> User-Name = "bob"****
>
> User-Password = "hello"****
>
> NAS-IP-Address = 127.0.0.2****
>
> NAS-Port = 0****
>
> Sending Access-Request of id 186 to 127.0.0.1 port 1812****
>
> User-Name = "bob"****
>
> User-Password = "hello"****
>
> NAS-IP-Address = 127.0.0.2****
>
> NAS-Port = 0****
>
> radclient: no response from server for ID 186 socket 3****
>
> ** **
>
> Searched for solutions to this error message, but have not been able to
> find any that work. Could you please tell us what we did wrong.****
>
> ** **
>
> ** **
>
> James M. DeLuca****
>
> Network Administrator****
>
> Kiski Area School District****
>
> 200 Poplar St****
>
> Vandergrift, PA 15690****
>
> Office: 724-845-6188****
>
> Cell: 724-640-4681****
>
> ** **
>
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20120228/54bac7e0/attachment.html>
More information about the Freeradius-Users
mailing list