Problem with log and PEAP/MS-CHAPv2

Alan Buxey alan.buxey at gmail.com
Fri Apr 14 11:03:21 CEST 2017


hi,

this is just the output of the standard freeradius logfile - which gives
you some basic info (with log_auth enabled) .

you need to be looking at the output when you run the server in full debug
mode:

radiusd -X
or
freeradiusd -X (if you're on debian/ubuntu builds)

(and yes, thats just one big uppercase X)  - as that will tell you exactly
what is happening and why something doesnt work.

if this is a vanilla install with no local confidential stuff etc then
theres no reason to not post the output in full to the list - there will be
one or 2 obvious things


alan

On 14 April 2017 at 08:19, Andrea Gabellini <
andrea.gabellini at telecomitalia.sm> wrote:

>
>
> Il 13/04/2017 13:18, Alan DeKok ha scritto:
> > On Apr 13, 2017, at 3:41 AM, Andrea Gabellini <andrea.gabellini@
> telecomitalia.sm> wrote:
> >> the server doesn't have any extra options:
> >   <shrug>  The server doesn't magically start printing all debug
> messages to the log file.
> >
> >   You've made some change in your local configuration to cause this to
> happen.  Find it, and fix it.
> >
> > $ cd /etc/raddb
> > $ grep -r debug .
> >
> >   Maybe that will help.
>
> Hi Alan,
>
> the search for the debug keyword in the config directory doesn't return
> any hint.
>
> I removed the raddb directory and reinstalled all with make install.
> Just modified "auth = yes" and enabled the user "bob" from the default
> configuration:
>
> [09:14:22][radius31:/usr/local/freeradius/etc/raddb] #systemctl restart
> radiusd
> [09:14:26][radius31:/usr/local/freeradius/etc/raddb] #tail -f
> /var/log/radius/radius.log
> Fri Apr 14 09:14:26 2017 : Info: Debugger not attached
> Fri Apr 14 09:14:26 2017 : Warning:
> [/usr/local/freeradius/etc/raddb/mods-config/attr_filter/access_reject]:11
> Check item "FreeRADIUS-Response-Delay"     found in filter list for
> realm "DEFAULT".
> Fri Apr 14 09:14:26 2017 : Warning:
> [/usr/local/freeradius/etc/raddb/mods-config/attr_filter/access_reject]:11
> Check item "FreeRADIUS-Response-Delay-USec" found in filter list for
> realm "DEFAULT".
> Fri Apr 14 09:14:26 2017 : Info: Loaded virtual server <default>
> Fri Apr 14 09:14:26 2017 : Warning: Ignoring "sql" (see
> raddb/mods-available/README.rst)
> Fri Apr 14 09:14:26 2017 : Warning: Ignoring "ldap" (see
> raddb/mods-available/README.rst)
> Fri Apr 14 09:14:26 2017 : Info: Loaded virtual server default
> Fri Apr 14 09:14:26 2017 : Info:  # Skipping contents of 'if' as it is
> always 'false' --
> /usr/local/freeradius/etc/raddb/sites-enabled/inner-tunnel:330
> Fri Apr 14 09:14:26 2017 : Info: Loaded virtual server inner-tunnel
> Fri Apr 14 09:14:26 2017 : Info: Ready to process requests
> Fri Apr 14 09:14:30 2017 : Auth: (0) Login OK: [bob] (from client
> localhost port 0)
> Fri Apr 14 09:14:32 2017 : Auth: (1) Login incorrect (pap: Cleartext
> password "hellox" does not match "known good" password): [bob] (from
> client localhost port 0)
>
> Freeradius was compiled on CentOS 7 server with: ./configure
> --prefix=/usr/local/freeradius --enable-static=no --localstatedir=/var
> --with-docdir=no --with-vmps=no
> --with-oracle-include-dir=/usr/local/oracle/sdk/include
> --with-oracle-lib-dir=/usr/local/oracle
>
> Any idea on what I can check?
>
> Thanks,
> Andrea
>
> >
> >   Again, you *should* keep track of your local changes, and you *should*
> know what changes you made.
> >
> >   Alan DeKok.
> >
> >
> > -
> > List info/subscribe/unsubscribe? See http://www.freeradius.org/
> list/users.html
>
> --
> ----------------------------------------------------------------
> The box said: 'install on Windows 95, NT 4.0 or better'. So I installed it
> on Linux.
>
> ----------------------------------------------------------------
>
> Ing. Andrea Gabellini
> Email: andrea.gabellini at telecomitalia.sm
> Skype: andreagabellini
> Tel: (+378) 0549 886111
> Fax: (+378) 0549 886188
>
> Telecom Italia San Marino S.p.A.
> Via XXVIII Luglio, 212 - Piano -2
> 47893 Borgo Maggiore
> Republic of San Marino
>
> http://www.telecomitalia.sm
>
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/
> list/users.html


More information about the Freeradius-Users mailing list