> The log you posted showed that the RADIUS server sent an > Access-Accept packet to the client. THat means the server is > configured correctly. THX Alan. ! Ok I understand that > If the client still does not let the user in, then the client has to > be fixed. Right and clear. Do you have any doc tha explain howto set pslave.conf ? I done it with the self instructions of the archive. But is not enough to me. I need to know more since I do not understand well the options. at botom I will copy my pslave.conf file.... > > and 254RadServer keeps saying : > > "Malformed RADIUS packet from host 192.168.122.253: Invalid attribute 0 > > Use 'tcpdump' to find out what's going on. The client appears to be > sending bad packets to the server. The issue is that I do not know how is a good packet. please show me the way. > > Alan DeKok. Is a porrtslave from pslave.lrp package 1.17-1 This is the portslave radius client. This package includes pppd-radius 2.3.5. # pslave.conf Here is the sample server configuration file. # Version: 1.17 03-Nov-1998 Donloaded from ftp.linuxrouter.org/pub/linux/linux-router/dists/2.9.8/packages/
Can''t be this version is too old ? #pslave.conf#################### # pslave.conf Here is the sample server configuration file. # # Version: 1.17 03-Nov-1998 # # # Hostname of the system. # conf.hostname dialup.uucp.com # # IP address - if left empty, uses the IP address of the system (hostname). # This is used as the "local" address for SLIP and PPP connections. # #conf.ipno 192.168.42.21 # # Lock directory - on FSSTND compliant systems it's /var/lock. # conf.lockdir /var/lock # # Where to find the rlogin binary that accepts the "-i" flag. # conf.rlogin /usr/bin/rlogin-radius # # Where to find our patched pppd that has radius linked in. # conf.pppd /usr/sbin/pppd-radius # # Where to find telnet. This can just be the system telnet. # conf.telnet /usr/bin/telnet # # If you set this to "1", you can always login locally by putting a '!' # before your loginname. Useful for emergencies when the RADIUS server is down. # conf.locallogins 1 # # Logging stuff - this program can use a remote syslog daemon if needed. # If you want to log locally leave the "syslog" field empty. The facility # field is an integer between 0 and 7 and sets the syslog facility to # local0-local7. # conf.syslog conf.facility 6 # # Stripnames - if you set this to "1", leading "P", "S", "C", "L" or "!" # characters and trailing ".slip", ".cslip" and ".ppp" strings will be # stripped from the username before it is recorded in the system # utmp and wtmp files (if sysutmp or syswtmp are turned on ofcourse) # conf.stripnames 0 ## ## The all entry is used as a template for all others. This means that ## setting all.debug to 0, you set s0.debug, s1.debug, s2.debug etc. ## to 0. It also means that all these settings can be overridden on a ## per-port basis below. ## # # Debugging output to syslog. Set to 0 or 1. "1" is pretty verbose. # all.debug 1 # # Authentication type - either "radius" or "none". # all.authtype radius # # Authentication host and accounting host. We can have 2 of both. The # first one is always tried three times before switching to the second one. # They are alternately tried after that, upto maximum 10 times in total. # Timeout is 5 seconds per query. # all.authhost1 192.168.122.254 all.accthost1 192.168.122.254 #all.authhost2 backuphost.someisp.com #all.accthost2 backuphost.someisp.com # # # The shared secret for RADIUS. # all.secret clave2 # # Default protocol and host. This is for rlogin sessions. # #all.protocol rlogin #all.host shellhost.someisp.com # # Default IP stuff. If you end the "ipno" with a "+", the portnumber will # be added to the IP number. The IP number of a port is used when the RADIUS # server doesn't send an IP number, or if it tells us to use a dynamic ipno. # # Leave the netmask at 255.255.255.255, unless your really know what # you're doing. # all.ipno 192.168.122.253 all.netmask 255.255.255.0 all.mtu 1500 # # Standard message that is issued on connect. # all.issue \n\ Cistron Internet Services \n\ POP Alphen aan den Rijn \n\ Welcome to terminal server %h port S%p\n # # Login prompt. # all.prompt Cistron login: # # Terminal type, for rlogin/telnet sessions. # all.term vt100 # # If you want portslave to update the utmp and/or wtmp files just # like a regular getty/login, set these to 1. # all.sysutmp 1 all.syswtmp 0 ## ## Options for the serial port. ## # # Porttype (passed to Radius for logging). # 0 = async, 1 = sync, 2 = ISDN, 3 = ISDN-V120, 4 = ISDN-V110 # all.porttype 0 # # Speed. All ports are set to 8N1. # all.speed 115200 # # Use this to initialize the modem. # all.initchat "" \d\dATZ OK\r\n-ATZ-OK\r\n # # You can use either waitfor or aa. # all.waitfor RING # # Chat string to get the modem to connect after waitfor. # The @ sign matches (.*)[\r\n] in regexp code, the match is logged # to Radius as Connection-Info. # all.answer "" ATA CONNECT@ # # Auto answer - if you set this to "1", the system will just wait for # the DCD line to get high (this is not well tested). You won't get # the connection info either. # all.aa 0 # # You can use this chatstring to regulary check if the modem is still alive. # NOT IMPLEMENTED YET. # all.checktime 60 all.checkchat "" AT OK\r\n # # Flow control on this serial port: # hard - hardware, rts/cts # soft - software, CTRL-S / CTRL-Q # none. # all.flow hard # # Use the DCD line or not (this sets CLOCAL if on). This means that the session # will get hung up if the modem hangs up. Can be set to 0 or 1. # all.dcd 1 # # PPP options - used if we autodetect a PPP session. # Note that we set mru and mtu both to the MTU setting. all.autoppp proxyarp modem asyncmap 0 %i: \ noipx noccp login auth require-pap refuse-chap \ mtu %t mru %t \ # ms-addr 192.168.1.1 ms-addr 192.168.1.2 \ uselib /usr/lib/libpsr.so # # PPP options - User already authenticated and service type is PPP. # all.pppopt proxyarp modem asyncmap 0 %i:%j \ noipx noccp \ mtu %t mru %t netmask %m idle %I \ # ms-addr 192.168.1.1 ms-addr 192.168.1.2 uselib /usr/lib/libpsr.so ## ## Tty names are s0...s63. For every port we need to define a tty port, and ## an IP number for when radius tells us to pick one ourself. Unless you ## use the IP pool option mentioned above (IP number with "+" appended). ## ## Note that you can change _all_ of the above settings that start ## with all.xxxx on a per-port basis, such as issue, prompt etc. ## s0.tty ttyS0 s0.ipno 192.168.122.252 s0.protocol ppp s1.tty ttyS1 s2.tty ttyS2 s3.tty ttyS3 s4.tty ttyS4 s5.tty ttyS5 s6.tty ttyS6 s7.tty ttyS7 s8.tty ttyS8 s9.tty ttyS9 s10.tty ttyS10 s11.tty ttyS11 s12.tty ttyS12 s13.tty ttyS13 s14.tty ttyS14 s15.tty ttyS15 #END###pslave.conf#################### ----- Original Message ----- From: <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Sunday, December 02, 2001 12:06 PM Subject: Re: how to Test my first freeradius install ? OK fixed ! BUT other problem: (long logs) ([EMAIL PROTECTED] responding) - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html