debug log

Ryan McGuire rmcguire at cgtmt.com
Mon Jul 15 17:16:58 UTC 2024


Attached is the image getting when initially connecting to wireless


----------------------------
Ryan McGuire | Systems Administrator
Century Gaming Technologies - Billings
PO Box 21138 Billings, MT 59101
C: 406-860-1299
E: rmcguire at cgtmt.com
W: www.cgtmt.com
Confidentiality Statement:
This e-mail contains confidential information which also may be privileged. Unless you are the addressee (or authorized to receive for the addressee), you may not copy, use, disclose or distribute the e-mail message or any information contained in the message. If you have received this e-mail message in error, please advise the sender by replying to this message or by telephone and then promptly delete it.
----------------------------
From: Ryan McGuire
Sent: Monday, July 15, 2024 10:47 AM
To: 'Jon Gerdes' <gerdesj at blueloop.net>; 'ludovit.mikula at mikori.sk' <ludovit.mikula at mikori.sk>
Cc: 'freeradius-users at lists.freeradius.org' <freeradius-users at lists.freeradius.org>
Subject: RE: debug log

I’ve ran my debug after attempting wireless authentication, when trying to connect I also receive the following message:

[cid:image001.png at 01DAD6A8.7FC0EA10]

(74) Received Access-Request Id 116 from 10.108.21.198:60463 to 10.108.15.25:1812 length 153
(74)   Service-Type = Framed-User
(74)   Framed-MTU = 1400
(74)   User-Name = "rmcguire"
(74)   NAS-Port-Id = "wlan1"
(74)   NAS-Port-Type = Wireless-802.11
(74)   Calling-Station-Id = "04-7B-CB-C6-1C-E8"
(74)   Called-Station-Id = "74-4D-28-67-06-9F:freeradius"
(74)   EAP-Message = 0x0201000d01726d636775697265
(74)   Message-Authenticator = 0xf95217ceee686ad83ac8633e2019e7a9
(74)   NAS-Identifier = "MikroTik"
(74)   NAS-IP-Address = 10.108.21.198
(74) # Executing section authorize from file /etc/freeradius/3.0/sites-enabled/default
(74)   authorize {
(74)     policy filter_username {
(74)       if (&User-Name) {
(74)       if (&User-Name)  -> TRUE
(74)       if (&User-Name)  {
(74)         if (&User-Name =~ / /) {
(74)         if (&User-Name =~ / /)  -> FALSE
(74)         if (&User-Name =~ /@[^@]*@/ ) {
(74)         if (&User-Name =~ /@[^@]*@/ )  -> FALSE
(74)         if (&User-Name =~ /\.\./ ) {
(74)         if (&User-Name =~ /\.\./ )  -> FALSE
(74)         if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)<mailto:/@(.+)\.(.+)$/)>)  {
(74)         if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)<mailto:/@(.+)\.(.+)$/)>)   -> FALSE
(74)         if (&User-Name =~ /\.$/)  {
(74)         if (&User-Name =~ /\.$/)   -> FALSE
(74)         if (&User-Name =~ /@\./<mailto:/@\./>)  {
(74)         if (&User-Name =~ /@\./<mailto:/@\./>)   -> FALSE
(74)       } # if (&User-Name)  = notfound
(74)     } # policy filter_username = notfound
(74)     [preprocess] = ok
(74)     [chap] = noop
(74)     [mschap] = noop
(74)     [digest] = noop
(74) suffix: Checking for suffix after "@"
(74) suffix: No '@' in User-Name = "rmcguire", looking up realm NULL
(74) suffix: No such realm "NULL"
(74)     [suffix] = noop
(74) eap: Peer sent EAP Response (code 2) ID 1 length 13
(74) eap: EAP-Identity reply, returning 'ok' so we can short-circuit the rest of authorize
(74)     [eap] = ok
(74)   } # authorize = ok
(74) Found Auth-Type = eap
(74) # Executing group from file /etc/freeradius/3.0/sites-enabled/default
(74)   authenticate {
(74) eap: Peer sent packet with method EAP Identity (1)
(74) eap: Calling submodule eap_md5 to process data
(74) eap_md5: Issuing MD5 Challenge
(74) eap: Sending EAP Request (code 1) ID 2 length 22
(74) eap: EAP session adding &reply:State = 0xde3a9147de38956c
(74)     [eap] = handled
(74)   } # authenticate = handled
(74) Using Post-Auth-Type Challenge
(74) # Executing group from file /etc/freeradius/3.0/sites-enabled/default
(74)   Challenge { ... } # empty sub-section is ignored
(74) Sent Access-Challenge Id 116 from 10.108.15.25:1812 to 10.108.21.198:60463 length 80
(74)   EAP-Message = 0x010200160410c324609b663fe10b1572532fdbf7e3e9
(74)   Message-Authenticator = 0x00000000000000000000000000000000
(74)   State = 0xde3a9147de38956cc3d44c0587e63b17
(74) Finished request
Waking up in 4.9 seconds.
(75) Received Access-Request Id 117 from 10.108.21.198:35245 to 10.108.15.25:1812 length 165
(75)   Service-Type = Framed-User
(75)   Framed-MTU = 1400
(75)   User-Name = "rmcguire"
(75)   State = 0xde3a9147de38956cc3d44c0587e63b17
(75)   NAS-Port-Id = "wlan1"
(75)   NAS-Port-Type = Wireless-802.11
(75)   Calling-Station-Id = "04-7B-CB-C6-1C-E8"
(75)   Called-Station-Id = "74-4D-28-67-06-9F:freeradius"
(75)   EAP-Message = 0x02020007031915
(75)   Message-Authenticator = 0x584a48ecbdea8d026726ae3d288b4c95
(75)   NAS-Identifier = "MikroTik"
(75)   NAS-IP-Address = 10.108.21.198
(75) session-state: No cached attributes
(75) # Executing section authorize from file /etc/freeradius/3.0/sites-enabled/default
(75)   authorize {
(75)     policy filter_username {
(75)       if (&User-Name) {
(75)       if (&User-Name)  -> TRUE
(75)       if (&User-Name)  {
(75)         if (&User-Name =~ / /) {
(75)         if (&User-Name =~ / /)  -> FALSE
(75)         if (&User-Name =~ /@[^@]*@/ ) {
(75)         if (&User-Name =~ /@[^@]*@/ )  -> FALSE
(75)         if (&User-Name =~ /\.\./ ) {
(75)         if (&User-Name =~ /\.\./ )  -> FALSE
(75)         if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)<mailto:/@(.+)\.(.+)$/)>)  {
(75)         if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)<mailto:/@(.+)\.(.+)$/)>)   -> FALSE
(75)         if (&User-Name =~ /\.$/)  {
(75)         if (&User-Name =~ /\.$/)   -> FALSE
(75)         if (&User-Name =~ /@\./<mailto:/@\./>)  {
(75)         if (&User-Name =~ /@\./<mailto:/@\./>)   -> FALSE
(75)       } # if (&User-Name)  = notfound
(75)     } # policy filter_username = notfound
(75)     [preprocess] = ok
(75)     [chap] = noop
(75)     [mschap] = noop
(75)     [digest] = noop
(75) suffix: Checking for suffix after "@"
(75) suffix: No '@' in User-Name = "rmcguire", looking up realm NULL
(75) suffix: No such realm "NULL"
(75)     [suffix] = noop
(75) eap: Peer sent EAP Response (code 2) ID 2 length 7
(75) eap: No EAP Start, assuming it's an on-going EAP conversation
(75)     [eap] = updated
(75) files: users: Matched entry rmcguire at line 5
(75)     [files] = ok
(75) sql: EXPAND %{User-Name}
(75) sql:    --> rmcguire
(75) sql: SQL-User-Name set to 'rmcguire'
rlm_sql (sql): Reserved connection (3)
(75) sql: EXPAND SELECT id, username, attribute, value, op FROM radcheck WHERE username = '%{SQL-User-Name}' ORDER BY id
(75) sql:    --> SELECT id, username, attribute, value, op FROM radcheck WHERE username = 'rmcguire' ORDER BY id
(75) sql: Executing select query: SELECT id, username, attribute, value, op FROM radcheck WHERE username = 'rmcguire' ORDER BY id
(75) sql: User found in radcheck table
(75) sql: Conditional check items matched, merging assignment check items
(75) sql:   Cleartext-Password := "password123"
(75) sql: EXPAND SELECT id, username, attribute, value, op FROM radreply WHERE username = '%{SQL-User-Name}' ORDER BY id
(75) sql:    --> SELECT id, username, attribute, value, op FROM radreply WHERE username = 'rmcguire' ORDER BY id
(75) sql: Executing select query: SELECT id, username, attribute, value, op FROM radreply WHERE username = 'rmcguire' ORDER BY id
(75) sql: EXPAND SELECT groupname FROM radusergroup WHERE username = '%{SQL-User-Name}' ORDER BY priority
(75) sql:    --> SELECT groupname FROM radusergroup WHERE username = 'rmcguire' ORDER BY priority
(75) sql: Executing select query: SELECT groupname FROM radusergroup WHERE username = 'rmcguire' ORDER BY priority
(75) sql: User found in the group table
(75) sql: EXPAND SELECT id, groupname, attribute, Value, op FROM radgroupcheck WHERE groupname = '%{SQL-Group}' ORDER BY id
(75) sql:    --> SELECT id, groupname, attribute, Value, op FROM radgroupcheck WHERE groupname = 'admin' ORDER BY id
(75) sql: Executing select query: SELECT id, groupname, attribute, Value, op FROM radgroupcheck WHERE groupname = 'admin' ORDER BY id
(75) sql: Group "admin": Conditional check items matched
(75) sql: Group "admin": Merging assignment check items
(75) sql:   Auth-Type := Accept
(75) sql: EXPAND SELECT id, groupname, attribute, value, op FROM radgroupreply WHERE groupname = '%{SQL-Group}' ORDER BY id
(75) sql:    --> SELECT id, groupname, attribute, value, op FROM radgroupreply WHERE groupname = 'admin' ORDER BY id
(75) sql: Executing select query: SELECT id, groupname, attribute, value, op FROM radgroupreply WHERE groupname = 'admin' ORDER BY id
(75) sql: Group "admin": Merging reply items
(75) sql:   Tunnel-Medium-Type = IEEE-802
(75) sql:   Tunnel-Type = VLAN
(75) sql:   Tunnel-Private-Group-Id = "88"
rlm_sql (sql): Released connection (3)
Need more connections to reach 10 spares
rlm_sql (sql): Opening additional connection (20), 1 of 24 pending slots used
rlm_sql_mysql: Starting connect to MySQL server
WARNING: MYSQL_OPT_RECONNECT is deprecated and will be removed in a future version.
rlm_sql_mysql: Connected to database 'radius' on Localhost via UNIX socket, server version 5.5.5-10.6.18-MariaDB-0ubuntu0.22.04.1, protocol version 10
(75)     [sql] = ok
(75)     [expiration] = noop
(75)     [logintime] = noop
(75) pap: WARNING: Auth-Type already set.  Not setting to PAP
(75)     [pap] = noop
(75)   } # authorize = updated
(75) Found Auth-Type = Accept
(75) Auth-Type = Accept, accepting the user
(75) # Executing section post-auth from file /etc/freeradius/3.0/sites-enabled/default
(75)   post-auth {
(75)     if (session-state:User-Name && reply:User-Name && request:User-Name && (reply:User-Name == request:User-Name)) {
(75)     if (session-state:User-Name && reply:User-Name && request:User-Name && (reply:User-Name == request:User-Name))  -> FALSE
(75)     update {
(75)       No attributes updated for RHS &session-state:
(75)     } # update = noop
(75) sql: EXPAND .query
(75) sql:    --> .query
(75) sql: Using query template 'query'
rlm_sql (sql): Reserved connection (14)
(75) sql: EXPAND %{User-Name}
(75) sql:    --> rmcguire
(75) sql: SQL-User-Name set to 'rmcguire'
(75) sql: EXPAND INSERT INTO radpostauth (username, pass, reply, authdate ) VALUES ( '%{SQL-User-Name}', '%{%{User-Password}:-%{Chap-Password}}', '%{reply:Packet-Type}', '%S.%M' )
(75) sql:    --> INSERT INTO radpostauth (username, pass, reply, authdate ) VALUES ( 'rmcguire', '', 'Access-Accept', '2024-07-15 16:45:48.325716' )
(75) sql: Executing query: INSERT INTO radpostauth (username, pass, reply, authdate ) VALUES ( 'rmcguire', '', 'Access-Accept', '2024-07-15 16:45:48.325716' )
(75) sql: SQL query returned: success
(75) sql: 1 record(s) updated
rlm_sql (sql): Released connection (14)
(75)     [sql] = ok
(75)     [exec] = noop
(75)     policy remove_reply_message_if_eap {
(75)       if (&reply:EAP-Message && &reply:Reply-Message) {
(75)       if (&reply:EAP-Message && &reply:Reply-Message)  -> FALSE
(75)       else {
(75)         [noop] = noop
(75)       } # else = noop
(75)     } # policy remove_reply_message_if_eap = noop
(75)     if (EAP-Key-Name && &reply:EAP-Session-Id) {
(75)     if (EAP-Key-Name && &reply:EAP-Session-Id)  -> FALSE
(75)   } # post-auth = ok
(75) Sent Access-Accept Id 117 from 10.108.15.25:1812 to 10.108.21.198:35245 length 49
(75)   Mikrotik-Group = "write"
(75)   Tunnel-Medium-Type = IEEE-802
(75)   Tunnel-Type = VLAN
(75)   Tunnel-Private-Group-Id = "88"
(75) Finished request
Waking up in 4.9 seconds.
(74) Cleaning up request packet ID 116 with timestamp +410 due to cleanup_delay was reached
(75) Cleaning up request packet ID 117 with timestamp +410 due to cleanup_delay was reached
Ready to process requests





From: Ryan McGuire
Sent: Friday, July 12, 2024 2:53 PM
To: 'Jon Gerdes' <gerdesj at blueloop.net<mailto:gerdesj at blueloop.net>>; 'ludovit.mikula at mikori.sk' <ludovit.mikula at mikori.sk<mailto:ludovit.mikula at mikori.sk>>
Cc: 'freeradius-users at lists.freeradius.org' <freeradius-users at lists.freeradius.org<mailto:freeradius-users at lists.freeradius.org>>
Subject: RE: debug log

>From here running NTRadPin Test,

https://draculaservers.com/tutorials/install-freeradius-daloradius-debian-9-mysql/


What does that actually do?

Here are my results:


(0) Received Access-Request Id 0 from 10.108.21.198:50766 to 10.108.15.25:1812 length 49
(0)   User-Name = "rmcguire"
(0)   CHAP-Password = 0xb1a04c4c233130aef7ab8045d0c2a09063
(0) # Executing section authorize from file /etc/freeradius/3.0/sites-enabled/default
(0)   authorize {
(0)     policy filter_username {
(0)       if (&User-Name) {
(0)       if (&User-Name)  -> TRUE
(0)       if (&User-Name)  {
(0)         if (&User-Name =~ / /) {
(0)         if (&User-Name =~ / /)  -> FALSE
(0)         if (&User-Name =~ /@[^@]*@/ ) {
(0)         if (&User-Name =~ /@[^@]*@/ )  -> FALSE
(0)         if (&User-Name =~ /\.\./ ) {
(0)         if (&User-Name =~ /\.\./ )  -> FALSE
(0)         if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)<mailto:/@(.+)\.(.+)$/)>)  {
(0)         if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)<mailto:/@(.+)\.(.+)$/)>)   -> FALSE
(0)         if (&User-Name =~ /\.$/)  {
(0)         if (&User-Name =~ /\.$/)   -> FALSE
(0)         if (&User-Name =~ /@\./<mailto:/@\./>)  {
(0)         if (&User-Name =~ /@\./<mailto:/@\./>)   -> FALSE
(0)       } # if (&User-Name)  = notfound
(0)     } # policy filter_username = notfound
(0)     [preprocess] = ok
(0) chap:   &control:Auth-Type := CHAP
(0)     [chap] = ok
(0)     [mschap] = noop
(0)     [digest] = noop
(0) suffix: Checking for suffix after "@"
(0) suffix: No '@' in User-Name = "rmcguire", looking up realm NULL
(0) suffix: No such realm "NULL"
(0)     [suffix] = noop
(0) eap: No EAP-Message, not doing EAP
(0)     [eap] = noop
(0)     [files] = noop
(0) sql: EXPAND %{User-Name}
(0) sql:    --> rmcguire
(0) sql: SQL-User-Name set to 'rmcguire'
rlm_sql (sql): Reserved connection (1)
(0) sql: EXPAND SELECT id, username, attribute, value, op FROM radcheck WHERE username = '%{SQL-User-Name}' ORDER BY id
(0) sql:    --> SELECT id, username, attribute, value, op FROM radcheck WHERE username = 'rmcguire' ORDER BY id
(0) sql: Executing select query: SELECT id, username, attribute, value, op FROM radcheck WHERE username = 'rmcguire' ORDER BY id
(0) sql: User found in radcheck table
(0) sql: Conditional check items matched, merging assignment check items
(0) sql:   Cleartext-Password := "password123"
(0) sql: EXPAND SELECT id, username, attribute, value, op FROM radreply WHERE username = '%{SQL-User-Name}' ORDER BY id
(0) sql:    --> SELECT id, username, attribute, value, op FROM radreply WHERE username = 'rmcguire' ORDER BY id
(0) sql: Executing select query: SELECT id, username, attribute, value, op FROM radreply WHERE username = 'rmcguire' ORDER BY id
(0) sql: EXPAND SELECT groupname FROM radusergroup WHERE username = '%{SQL-User-Name}' ORDER BY priority
(0) sql:    --> SELECT groupname FROM radusergroup WHERE username = 'rmcguire' ORDER BY priority
(0) sql: Executing select query: SELECT groupname FROM radusergroup WHERE username = 'rmcguire' ORDER BY priority
(0) sql: User found in the group table
(0) sql: EXPAND SELECT id, groupname, attribute, Value, op FROM radgroupcheck WHERE groupname = '%{SQL-Group}' ORDER BY id
(0) sql:    --> SELECT id, groupname, attribute, Value, op FROM radgroupcheck WHERE groupname = 'admin' ORDER BY id
(0) sql: Executing select query: SELECT id, groupname, attribute, Value, op FROM radgroupcheck WHERE groupname = 'admin' ORDER BY id
(0) sql: Group "admin": Conditional check items matched
(0) sql: Group "admin": Merging assignment check items
(0) sql:   Auth-Type := Accept
(0) sql: EXPAND SELECT id, groupname, attribute, value, op FROM radgroupreply WHERE groupname = '%{SQL-Group}' ORDER BY id
(0) sql:    --> SELECT id, groupname, attribute, value, op FROM radgroupreply WHERE groupname = 'admin' ORDER BY id
(0) sql: Executing select query: SELECT id, groupname, attribute, value, op FROM radgroupreply WHERE groupname = 'admin' ORDER BY id
(0) sql: Group "admin": Merging reply items
(0) sql:   Tunnel-Medium-Type = IEEE-802
(0) sql:   Tunnel-Type = VLAN
(0) sql:   Tunnel-Private-Group-Id = "88"
rlm_sql (sql): Released connection (1)
Need more connections to reach 10 spares
rlm_sql (sql): Opening additional connection (6), 1 of 26 pending slots used
rlm_sql_mysql: Starting connect to MySQL server
WARNING: MYSQL_OPT_RECONNECT is deprecated and will be removed in a future version.
rlm_sql_mysql: Connected to database 'radius' on Localhost via UNIX socket, server version 5.5.5-10.6.18-MariaDB-0ubuntu0.22.04.1, protocol version 10
(0)     [sql] = ok
(0)     [expiration] = noop
(0)     [logintime] = noop
(0) pap: WARNING: Auth-Type already set.  Not setting to PAP
(0)     [pap] = noop
(0)   } # authorize = ok
(0) Found Auth-Type = Accept
(0) Auth-Type = Accept, accepting the user
(0) # Executing section post-auth from file /etc/freeradius/3.0/sites-enabled/default
(0)   post-auth {
(0)     if (session-state:User-Name && reply:User-Name && request:User-Name && (reply:User-Name == request:User-Name)) {
(0)     if (session-state:User-Name && reply:User-Name && request:User-Name && (reply:User-Name == request:User-Name))  -> FALSE
(0)     update {
(0)       No attributes updated for RHS &session-state:
(0)     } # update = noop
(0) sql: EXPAND .query
(0) sql:    --> .query
(0) sql: Using query template 'query'
rlm_sql (sql): Reserved connection (2)
(0) sql: EXPAND %{User-Name}
(0) sql:    --> rmcguire
(0) sql: SQL-User-Name set to 'rmcguire'
(0) sql: EXPAND INSERT INTO radpostauth (username, pass, reply, authdate ) VALUES ( '%{SQL-User-Name}', '%{%{User-Password}:-%{Chap-Password}}', '%{reply:Packet-Type}', '%S.%M' )
(0) sql:    --> INSERT INTO radpostauth (username, pass, reply, authdate ) VALUES ( 'rmcguire', '0xb1a04c4c233130aef7ab8045d0c2a09063', 'Access-Accept', '2024-07-12 20:48:57.445087' )
(0) sql: Executing query: INSERT INTO radpostauth (username, pass, reply, authdate ) VALUES ( 'rmcguire', '0xb1a04c4c233130aef7ab8045d0c2a09063', 'Access-Accept', '2024-07-12 20:48:57.445087' )
(0) sql: SQL query returned: success
(0) sql: 1 record(s) updated
rlm_sql (sql): Released connection (2)
(0)     [sql] = ok
(0)     [exec] = noop
(0)     policy remove_reply_message_if_eap {
(0)       if (&reply:EAP-Message && &reply:Reply-Message) {
(0)       if (&reply:EAP-Message && &reply:Reply-Message)  -> FALSE
(0)       else {
(0)         [noop] = noop
(0)       } # else = noop
(0)     } # policy remove_reply_message_if_eap = noop
(0)     if (EAP-Key-Name && &reply:EAP-Session-Id) {
(0)     if (EAP-Key-Name && &reply:EAP-Session-Id)  -> FALSE
(0)   } # post-auth = ok
(0) Sent Access-Accept Id 0 from 10.108.15.25:1812 to 10.108.21.198:50766 length 36
(0)   Tunnel-Medium-Type = IEEE-802
(0)   Tunnel-Type = VLAN
(0)   Tunnel-Private-Group-Id = "88"
(0) Finished request
Waking up in 4.9 seconds.
(0) Cleaning up request packet ID 0 with timestamp +57 due to cleanup_delay was reached
Ready to process requests


From: Ryan McGuire
Sent: Friday, July 12, 2024 2:27 PM
To: Jon Gerdes <gerdesj at blueloop.net<mailto:gerdesj at blueloop.net>>; aland at deployingradius.com<mailto:aland at deployingradius.com>
Cc: freeradius-users at lists.freeradius.org<mailto:freeradius-users at lists.freeradius.org>
Subject: RE: debug log

When running radiusd -X should the freeradius service need to be stopped before running this? If I don’t have the freeradius service stopped I receive the following:

[cid:image002.png at 01DAD6A8.7FC0EA10]

From: Jon Gerdes <gerdesj at blueloop.net<mailto:gerdesj at blueloop.net>>
Sent: Friday, July 12, 2024 9:32 AM
To: aland at deployingradius.com<mailto:aland at deployingradius.com>; Ryan McGuire <rmcguire at cgtmt.com<mailto:rmcguire at cgtmt.com>>
Cc: freeradius-users at lists.freeradius.org<mailto:freeradius-users at lists.freeradius.org>
Subject: Re: debug log

Ryan What about going all in on daloRADIUS? Getting used to Linux and RADIUS all in one go is quite a challenge. This is an OVA based appliance with a manual: https: //sourceforge. net/projects/daloradius/files/daloradius/daloRADIUS%20VM/ Cheers

Ryan

What about going all in on daloRADIUS?  Getting used to Linux and RADIUS all in one go is quite a challenge.  This is an OVA based appliance with a manual:

https://sourceforge.net/projects/daloradius/files/daloradius/daloRADIUS%20VM/<https://urldefense.com/v3/__https:/sourceforge.net/projects/daloradius/files/daloradius/daloRADIUS*20VM/__;JQ!!OpwIkcY!gdGXPUNnmY2XrEUhyyK2hHmMy8W2K35wy6fXsOfy944Me_K_oNi8TgEjjQoX6Zsw7NqPbRvO4q2Sud53$>

Cheers
Jon


On Fri, 2024-07-12 at 14:20 +0000, Ryan McGuire wrote:
Hi Jon,

Just seeing what other information you would need from me. Once again, really new to this and just started setting up freeradius with linux.

Thank you for your help

‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑​​​​
Ryan McGuire
 |
Systems Administrator
Century Gaming Technologies
 ‑
Billings
PO Box 21138

Billings
,
MT

59101
C: 406-860-1299<tel:406-860-1299>
E: rmcguire at cgtmt.com<mailto:rmcguire at cgtmt.com>
W: www.cgtmt.com<http://www.cgtmt.com/>
[cid:image003.jpg at 01DAD6A8.7FC0EA10]
Confidentiality Statement:
This e-mail contains confidential information which also may be privileged. Unless you are the addressee (or authorized to receive for the addressee), you may not copy, use, disclose or distribute the e-mail message or any information contained in the message. If you have received this e-mail message in error, please advise the sender by replying to this message or by telephone and then promptly delete it.
‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑
From: Ryan McGuire
Sent: Thursday, July 11, 2024 8:27 AM
To: Jon Gerdes <gerdesj at blueloop.net<mailto:gerdesj at blueloop.net>>; aland at deployingradius.com<mailto:aland at deployingradius.com>
Cc: freeradius-users at lists.freeradius.org<mailto:freeradius-users at lists.freeradius.org>
Subject: RE: debug log

Hi Jon,

I have a Linux Server setup with Ubuntu 22.04.4….initially we had setup radius using a windows server that was our Certificate Authority, Network Policy Server, with all of our different routers at different locations as radius clients(we have multiple locations 10 or so, where we want to dictate the devices which are allowed to connect to our wireless in those locations but say someone visits from one location to another have them automatically authenticate to the new location they’re at).

Problem is we cannot go the route of Windows based now and had come across using first user manager but we don’t want to authenticate via mac address which lead me to free radius.

The mikrotik’s would all be my NAS clients I believe, the one I’m testing on is v6.49.8.  All laptops connecting would be either Windows 10 or 11.

Had setup daloradius as well for a GUI to use as for myself this works better as I’m learning linux still.



Let me know if you need any additional information


Thank you




From: Jon Gerdes <gerdesj at blueloop.net<mailto:gerdesj at blueloop.net>>
Sent: Wednesday, July 10, 2024 4:36 PM
To: aland at deployingradius.com<mailto:aland at deployingradius.com>; Ryan McGuire <rmcguire at cgtmt.com<mailto:rmcguire at cgtmt.com>>
Cc: freeradius-users at lists.freeradius.org<mailto:freeradius-users at lists.freeradius.org>
Subject: Re: debug log

Ryan "Received Access-Accept" means that RADIUS is happy and has authenticated the request. I get the impression that we have hit a blockage of some sort here. Perhaps a quick overview of what you are trying to do might help. No need
Ryan

"Received Access-Accept" means that RADIUS is happy and has authenticated the request.

I get the impression that we have hit a blockage of some sort here.  Perhaps a quick overview of what you are trying to do might help.  No need for configs.

Something like:

I am trying to do username/password authentication with a Windows 11 (version) laptop (model) connected via wifi to a Mikrotik (something) using (standard name).  The Mikrotik authenticates and authorises access using RADIUS.  The RADIUS server is a etc etc

Model numbers, versions etc will be helpful.  Given that, we might be able to work back through your debug logs and hopefully find out what is going wrong.

Cheers
Jon




On Wed, 2024-07-10 at 21:29 +0000, Ryan McGuire wrote:
This is what I get when I do a radtest

Sent Access-Request Id 27 from 0.0.0.0:41113 to 10.108.15.25:1812 length 78
        User-Name = "rmcguire"
        User-Password = "password123"
        NAS-IP-Address = 127.0.1.1
        NAS-Port = 1812
        Message-Authenticator = 0x00
        Cleartext-Password = "password123"
Received Access-Accept Id 27 from 10.108.15.25:1812 to 10.108.15.25:41113 length 36
        Tunnel-Medium-Type:0 = IEEE-802
        Tunnel-Type:0 = VLAN
        Tunnel-Private-Group-Id:0 = "88"

Basically, wanting to know what should I be looking for? Next steps to confirm things are working and then to get my router authentication working for wireless, sorry for all the dumb questions, this is my first time doing this and was hoping that there would be a straight forward tutorial for setting this up

Thanks for any help provided

‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑​​​​
Ryan McGuire
 |
Systems Administrator
Century Gaming Technologies
 ‑
Billings
PO Box 21138

Billings
,
MT

59101
C: 406-860-1299<tel:406-860-1299>
E: rmcguire at cgtmt.com<mailto:rmcguire at cgtmt.com>
W: www.cgtmt.com<http://www.cgtmt.com/>
[cid:image003.jpg at 01DAD6A8.7FC0EA10]
Confidentiality Statement:
This e-mail contains confidential information which also may be privileged. Unless you are the addressee (or authorized to receive for the addressee), you may not copy, use, disclose or distribute the e-mail message or any information contained in the message. If you have received this e-mail message in error, please advise the sender by replying to this message or by telephone and then promptly delete it.
‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑
From: Alan DeKok <aland at deployingradius.com<mailto:aland at deployingradius.com>>
Sent: Wednesday, July 10, 2024 2:32 PM
To: Ryan McGuire <rmcguire at cgtmt.com<mailto:rmcguire at cgtmt.com>>
Cc: Jon Gerdes <gerdesj at blueloop.net<mailto:gerdesj at blueloop.net>>;freeradius-users at lists.freeradius.org<mailto:freeradius-users at lists.freeradius.org>
Subject: Re: debug log

On Jul 10, 2024, at 3: 05 PM, Ryan McGuire <rmcguire@ cgtmt. com> wrote: > Attached is my log when running ntradping Please just paste the message into the email. That makes it easier to reply in-line, and quote the debug output. Adding

On Jul 10, 2024, at 3:05 PM, Ryan McGuire <rmcguire at cgtmt.com<mailto:rmcguire at cgtmt.com>> wrote:

> Attached is my log when running ntradping



  Please just paste the message into the email.  That makes it easier to reply in-line, and quote the debug output.  Adding it as an attachment just makes it more difficult to help you, which makes it less likely that you will get help.



  And you don't need to use nradping.  The server comes with test tools: radclient / radtest.



  As for the debug output, it doesn't show anything useful.  For one, you've removed almost everything from it, which the documentation says *don't do*.



  For another, the debug output shows it sending an Access-Accept.  OK... what's wrong?  Is there an error?  Do you expect the server to do something else?



  What, exactly, is the problem you need help with?  Can you describe it?



  I really only have limited patience for this kind of "20 questions" game.  If it's clear that I can't help you, then there's no reason for me to try.



  Alan DeKok.




-------------- next part --------------
A non-text attachment was scrubbed...
Name: image001.png
Type: image/png
Size: 114607 bytes
Desc: image001.png
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20240715/5be22c51/attachment-0003.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image002.png
Type: image/png
Size: 14531 bytes
Desc: image002.png
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20240715/5be22c51/attachment-0004.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: wireless.png
Type: image/png
Size: 91934 bytes
Desc: wireless.png
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20240715/5be22c51/attachment-0005.png>


More information about the Freeradius-Users mailing list