New to FreeRadius and can't manage to get it to work for me

Alan Buxey alan.buxey at gmail.com
Tue Aug 21 23:05:14 CEST 2018


Start by running an up to date version of freeradius

alan

On Mon, 20 Aug 2018, 13:47 Moshe Sakajo, <moshe_s at packetlight.com> wrote:

>
> Hi,
>
> I am a QA Engineer and my purpose is to test that my boxes RADIUS support
> feature is functioning right
>
> and that it is OK with the most popular RADIUS servers.
>
>
>
> One of our customers complaint about the fact that he is not able to make
> our boxes authenticated against FreeRadius.
>
>
>
> I have no experience with FreeRadius and I immediately revealed that is
> not a Plug-and-Play RADIUS Server as TekRADIUS (Windows).
>
>
>
> With TekRADIUS I manage to authenticate a user that performs a login into
> our boxes. Actually it is almost Plug-and-Play.
>
> I simply defined a Default (name of the client/group) with a secret and a
> vendor that is general (ietf)
>
> then I defined  3 users (one for each of my privileges). Each user has two
> attributes:
>
> 1.       User_Password with a type of Check the Value is the password
> string
>
> 2.       Class with a type of Success-Reply which controls the priveleges
> of the users. The Value is an integer (4/2/1)
>
>
>
>
>
> I have set FreeRadius like this:
>
> 1.       I added the clients.conf file the following client
>
> client <http://10.0.1.0/8> 10.0.1.0/8<http://10.0.1.0/8> {
>
>                 secret = test
>
>                 nastype = other
>
> }
>
> 2.        I added a user into the users file
>
> moshe Cleartext-Password := "moshe"
>
>                 Service-Type = "6"
>
>
>
> 3.       The radius.conf was set with the following log {} settings
>
> auth = yes
>
> auth-goodpass = yes
>
>
>
> with all of that said I can also tell the radius.log show that the Login
> attempts are OK but I still
>
> get Access denied from my device, like something is still missing.
>
>
>
> Can you please tell me what might be missing ? Thanks for the support
>
>
>
> Here is the debug info
>
>
>
> root at radius1:/etc/freeradius# freeradius -X
>
> freeradius: FreeRADIUS Version 2.2.8, for host x86_64-pc-linux-gnu, built
> on Jul 26 2017 at 15:27:21
>
> Copyright (C) 1999-2015 The FreeRADIUS server project and contributors.
>
> There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A
>
> PARTICULAR PURPOSE.
>
> You may redistribute copies of FreeRADIUS under the terms of the
>
> GNU General Public License.
>
> For more information about these matters, see the file named COPYRIGHT.
>
> Starting - reading configuration files ...
>
> including configuration file /etc/freeradius/radiusd.conf
>
> including configuration file /etc/freeradius/proxy.conf
>
> including configuration file /etc/freeradius/clients.conf
>
> including files in directory /etc/freeradius/modules/
>
> including configuration file /etc/freeradius/modules/etc_group
>
> including configuration file /etc/freeradius/modules/exec
>
> including configuration file /etc/freeradius/modules/mac2vlan
>
> including configuration file /etc/freeradius/modules/pam
>
> including configuration file /etc/freeradius/modules/wimax
>
> including configuration file /etc/freeradius/modules/unix
>
> including configuration file /etc/freeradius/modules/policy
>
> including configuration file /etc/freeradius/modules/sradutmp
>
> including configuration file /etc/freeradius/modules/checkval
>
> including configuration file /etc/freeradius/modules/krb5
>
> including configuration file /etc/freeradius/modules/perl
>
> including configuration file /etc/freeradius/modules/attr_filter
>
> including configuration file /etc/freeradius/modules/dynamic_clients
>
> including configuration file /etc/freeradius/modules/files
>
> including configuration file /etc/freeradius/modules/preprocess
>
> including configuration file /etc/freeradius/modules/dhcp_sqlippool
>
> including configuration file /etc/freeradius/modules/passwd
>
> including configuration file /etc/freeradius/modules/soh
>
> including configuration file /etc/freeradius/modules/<
> http://detail.example.com>detail.example.com<http://detail.example.com>
>
> including configuration file /etc/freeradius/modules/linelog
>
> including configuration file /etc/freeradius/modules/counter
>
> including configuration file /etc/freeradius/modules/ippool
>
> including configuration file /etc/freeradius/modules/ldap
>
> including configuration file /etc/freeradius/modules/mac2ip
>
> including configuration file /etc/freeradius/modules/sql_log
>
> including configuration file /etc/freeradius/modules/radrelay
>
> including configuration file /etc/freeradius/modules/ntlm_auth
>
> including configuration file /etc/freeradius/modules/expiration
>
> including configuration file /etc/freeradius/modules/cui
>
> including configuration file /etc/freeradius/modules/opendirectory
>
> including configuration file /etc/freeradius/modules/echo
>
> including configuration file /etc/freeradius/modules/expr
>
> including configuration file /etc/freeradius/modules/always
>
> including configuration file /etc/freeradius/modules/cache
>
> including configuration file /etc/freeradius/modules/rediswho
>
> including configuration file /etc/freeradius/modules/digest
>
> including configuration file /etc/freeradius/modules/replicate
>
> including configuration file /etc/freeradius/modules/radutmp
>
> including configuration file /etc/freeradius/modules/detail.log
>
> including configuration file /etc/freeradius/modules/acct_unique
>
> including configuration file /etc/freeradius/modules/chap
>
> including configuration file /etc/freeradius/modules/redis
>
> including configuration file /etc/freeradius/modules/detail
>
> including configuration file /etc/freeradius/modules/realm
>
> including configuration file /etc/freeradius/modules/smsotp
>
> including configuration file /etc/freeradius/modules/inner-eap
>
> including configuration file /etc/freeradius/modules/mschap
>
> including configuration file /etc/freeradius/modules/otp
>
> including configuration file /etc/freeradius/modules/attr_rewrite
>
> including configuration file /etc/freeradius/modules/logintime
>
> including configuration file /etc/freeradius/modules/smbpasswd
>
> including configuration file /etc/freeradius/modules/pap
>
> including configuration file
> /etc/freeradius/modules/sqlcounter_expire_on_login
>
> including configuration file /etc/freeradius/eap.conf
>
> including configuration file /etc/freeradius/policy.conf
>
> including files in directory /etc/freeradius/sites-enabled/
>
> including configuration file /etc/freeradius/sites-enabled/default
>
> including configuration file /etc/freeradius/sites-enabled/inner-tunnel
>
> main {
>
>         user = "freerad"
>
>         group = "freerad"
>
>         allow_core_dumps = no
>
> }
>
> including dictionary file /etc/freeradius/dictionary
>
> main {
>
>         name = "freeradius"
>
>         prefix = "/usr"
>
>         localstatedir = "/var"
>
>         sbindir = "/usr/sbin"
>
>         logdir = "/var/log/freeradius"
>
>         run_dir = "/var/run/freeradius"
>
>         libdir = "/usr/lib/freeradius"
>
>         radacctdir = "/var/log/freeradius/radacct"
>
>         hostname_lookups = no
>
>         max_request_time = 30
>
>         cleanup_delay = 5
>
>         max_requests = 1024
>
>         pidfile = "/var/run/freeradius/freeradius.pid"
>
>         checkrad = "/usr/sbin/checkrad"
>
>         debug_level = 0
>
>         proxy_requests = yes
>
> log {
>
>         stripped_names = no
>
>         auth = yes
>
>         auth_badpass = no
>
>         auth_goodpass = yes
>
> }
>
> security {
>
>         max_attributes = 200
>
>         reject_delay = 1
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html


More information about the Freeradius-Users mailing list