debug log
Ľudovít Mikula
ludovit.mikula at mikori.sk
Fri Jul 12 16:13:23 UTC 2024
Hey Ryan,
daloRadius is a GUI but works with a database and configures
freeradius to use database for couple things.
This way it is able to do some (limited) configuration of freeradius.
I started with freeradius the same way like you, but ended up installing
freeradius directly on the host - clean ubuntu + official freeradius
(not from ubuntu package repo - that one is old).
Then as Alan repeats relentlessly :) I went to read the configs which
document all the stuff. It takes time, but getting to understand how it
works really pays off in the end.
It would also help you to get a bit more familiar with the RADIUS
protocol, especially which packets are sent by client and what packets
are returned in which situation AND what attributes they carry.
This is essential to configure your freeradius installation and your NAS
the way you need it and the freeradius configs will start making a lot
more sense to you.
Ludo
On 7/12/24 17:36, Ryan McGuire via Freeradius-Users wrote:
> Isn’t daloradius just a gui form of freeradius? But yes, I have daloradius loaded….sorry to sound dumb but what do I open the daloradiusvm.ova file with?
>
> Thanks Jon
>
>
> ----------------------------
> Ryan McGuire | Systems Administrator
> Century Gaming Technologies - Billings
> PO Box 21138 Billings, MT 59101
> C: 406-860-1299
> E: rmcguire at cgtmt.com
> W: www.cgtmt.com
> Confidentiality Statement:
> This e-mail contains confidential information which also may be privileged. Unless you are the addressee (or authorized to receive for the addressee), you may not copy, use, disclose or distribute the e-mail message or any information contained in the message. If you have received this e-mail message in error, please advise the sender by replying to this message or by telephone and then promptly delete it.
> ----------------------------
> From: Jon Gerdes <gerdesj at blueloop.net>
> Sent: Friday, July 12, 2024 9:32 AM
> To: aland at deployingradius.com; Ryan McGuire <rmcguire at cgtmt.com>
> Cc: freeradius-users at lists.freeradius.org
> Subject: Re: debug log
>
> Ryan What about going all in on daloRADIUS? Getting used to Linux and RADIUS all in one go is quite a challenge. This is an OVA based appliance with a manual: https: //sourceforge. net/projects/daloradius/files/daloradius/daloRADIUS%20VM/ Cheers
>
> Ryan
>
> What about going all in on daloRADIUS? Getting used to Linux and RADIUS all in one go is quite a challenge. This is an OVA based appliance with a manual:
>
> https://sourceforge.net/projects/daloradius/files/daloradius/daloRADIUS%20VM/<https://urldefense.com/v3/__https:/sourceforge.net/projects/daloradius/files/daloradius/daloRADIUS*20VM/__;JQ!!OpwIkcY!gdGXPUNnmY2XrEUhyyK2hHmMy8W2K35wy6fXsOfy944Me_K_oNi8TgEjjQoX6Zsw7NqPbRvO4q2Sud53$>
>
> Cheers
> Jon
>
>
> On Fri, 2024-07-12 at 14:20 +0000, Ryan McGuire wrote:
> Hi Jon,
>
> Just seeing what other information you would need from me. Once again, really new to this and just started setting up freeradius with linux.
>
> Thank you for your help
>
> ‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑
> Ryan McGuire
> |
> Systems Administrator
> Century Gaming Technologies
> ‑
> Billings
> PO Box 21138
>
> Billings
> ,
> MT
>
> 59101
> C: 406-860-1299<tel:406-860-1299>
> E: rmcguire at cgtmt.com<mailto:rmcguire at cgtmt.com>
> W: www.cgtmt.com<http://www.cgtmt.com/>
> [cid:image001.jpg at 01DAD43E.F5A51AB0]
> Confidentiality Statement:
> This e-mail contains confidential information which also may be privileged. Unless you are the addressee (or authorized to receive for the addressee), you may not copy, use, disclose or distribute the e-mail message or any information contained in the message. If you have received this e-mail message in error, please advise the sender by replying to this message or by telephone and then promptly delete it.
> ‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑
> From: Ryan McGuire
> Sent: Thursday, July 11, 2024 8:27 AM
> To: Jon Gerdes <gerdesj at blueloop.net<mailto:gerdesj at blueloop.net>>; aland at deployingradius.com<mailto:aland at deployingradius.com>
> Cc: freeradius-users at lists.freeradius.org<mailto:freeradius-users at lists.freeradius.org>
> Subject: RE: debug log
>
> Hi Jon,
>
> I have a Linux Server setup with Ubuntu 22.04.4….initially we had setup radius using a windows server that was our Certificate Authority, Network Policy Server, with all of our different routers at different locations as radius clients(we have multiple locations 10 or so, where we want to dictate the devices which are allowed to connect to our wireless in those locations but say someone visits from one location to another have them automatically authenticate to the new location they’re at).
>
> Problem is we cannot go the route of Windows based now and had come across using first user manager but we don’t want to authenticate via mac address which lead me to free radius.
>
> The mikrotik’s would all be my NAS clients I believe, the one I’m testing on is v6.49.8. All laptops connecting would be either Windows 10 or 11.
>
> Had setup daloradius as well for a GUI to use as for myself this works better as I’m learning linux still.
>
>
>
> Let me know if you need any additional information
>
>
> Thank you
>
>
>
>
> From: Jon Gerdes <gerdesj at blueloop.net<mailto:gerdesj at blueloop.net>>
> Sent: Wednesday, July 10, 2024 4:36 PM
> To: aland at deployingradius.com<mailto:aland at deployingradius.com>; Ryan McGuire <rmcguire at cgtmt.com<mailto:rmcguire at cgtmt.com>>
> Cc: freeradius-users at lists.freeradius.org<mailto:freeradius-users at lists.freeradius.org>
> Subject: Re: debug log
>
> Ryan "Received Access-Accept" means that RADIUS is happy and has authenticated the request. I get the impression that we have hit a blockage of some sort here. Perhaps a quick overview of what you are trying to do might help. No need
> Ryan
>
> "Received Access-Accept" means that RADIUS is happy and has authenticated the request.
>
> I get the impression that we have hit a blockage of some sort here. Perhaps a quick overview of what you are trying to do might help. No need for configs.
>
> Something like:
>
> I am trying to do username/password authentication with a Windows 11 (version) laptop (model) connected via wifi to a Mikrotik (something) using (standard name). The Mikrotik authenticates and authorises access using RADIUS. The RADIUS server is a etc etc
>
> Model numbers, versions etc will be helpful. Given that, we might be able to work back through your debug logs and hopefully find out what is going wrong.
>
> Cheers
> Jon
>
>
>
>
> On Wed, 2024-07-10 at 21:29 +0000, Ryan McGuire wrote:
> This is what I get when I do a radtest
>
> Sent Access-Request Id 27 from 0.0.0.0:41113 to 10.108.15.25:1812 length 78
> User-Name = "rmcguire"
> User-Password = "password123"
> NAS-IP-Address = 127.0.1.1
> NAS-Port = 1812
> Message-Authenticator = 0x00
> Cleartext-Password = "password123"
> Received Access-Accept Id 27 from 10.108.15.25:1812 to 10.108.15.25:41113 length 36
> Tunnel-Medium-Type:0 = IEEE-802
> Tunnel-Type:0 = VLAN
> Tunnel-Private-Group-Id:0 = "88"
>
> Basically, wanting to know what should I be looking for? Next steps to confirm things are working and then to get my router authentication working for wireless, sorry for all the dumb questions, this is my first time doing this and was hoping that there would be a straight forward tutorial for setting this up
>
> Thanks for any help provided
>
> ‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑
> Ryan McGuire
> |
> Systems Administrator
> Century Gaming Technologies
> ‑
> Billings
> PO Box 21138
>
> Billings
> ,
> MT
>
> 59101
> C: 406-860-1299<tel:406-860-1299>
> E: rmcguire at cgtmt.com<mailto:rmcguire at cgtmt.com>
> W: www.cgtmt.com<http://www.cgtmt.com/>
> [cid:image001.jpg at 01DAD43E.F5A51AB0]
> Confidentiality Statement:
> This e-mail contains confidential information which also may be privileged. Unless you are the addressee (or authorized to receive for the addressee), you may not copy, use, disclose or distribute the e-mail message or any information contained in the message. If you have received this e-mail message in error, please advise the sender by replying to this message or by telephone and then promptly delete it.
> ‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑
> From: Alan DeKok <aland at deployingradius.com<mailto:aland at deployingradius.com>>
> Sent: Wednesday, July 10, 2024 2:32 PM
> To: Ryan McGuire <rmcguire at cgtmt.com<mailto:rmcguire at cgtmt.com>>
> Cc: Jon Gerdes <gerdesj at blueloop.net<mailto:gerdesj at blueloop.net>>;freeradius-users at lists.freeradius.org<mailto:freeradius-users at lists.freeradius.org>
> Subject: Re: debug log
>
> On Jul 10, 2024, at 3: 05 PM, Ryan McGuire <rmcguire@ cgtmt. com> wrote: > Attached is my log when running ntradping Please just paste the message into the email. That makes it easier to reply in-line, and quote the debug output. Adding
>
> On Jul 10, 2024, at 3:05 PM, Ryan McGuire <rmcguire at cgtmt.com<mailto:rmcguire at cgtmt.com>> wrote:
>
>> Attached is my log when running ntradping
>
>
>
> Please just paste the message into the email. That makes it easier to reply in-line, and quote the debug output. Adding it as an attachment just makes it more difficult to help you, which makes it less likely that you will get help.
>
>
>
> And you don't need to use nradping. The server comes with test tools: radclient / radtest.
>
>
>
> As for the debug output, it doesn't show anything useful. For one, you've removed almost everything from it, which the documentation says *don't do*.
>
>
>
> For another, the debug output shows it sending an Access-Accept. OK... what's wrong? Is there an error? Do you expect the server to do something else?
>
>
>
> What, exactly, is the problem you need help with? Can you describe it?
>
>
>
> I really only have limited patience for this kind of "20 questions" game. If it's clear that I can't help you, then there's no reason for me to try.
>
>
>
> Alan DeKok.
>
>
>
>
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
--
Ľudovít Mikula
Mikori s.r.o
------------------------
Fatranská 3100/4
01008 Žilina
Slovenská Republika
------------------------
... aby korenie
chutilo, ako má ...
------------------------
Web: https://www.mikori.sk/
E-Shop: https://www.cerstvekorenie.sk/
E-mail: ludovit.mikula at mikori.sk
Facebook: https://www.facebook.com/mikori.korenie/
More information about the Freeradius-Users
mailing list