Re: how to Test my first freeradius install ? OK fixed ! BUT other problem: (long logs) (server@192.168.122.254not responding)
Linux!audimed [EMAIL PROTECTED] wrote: Do you have any doc tha explain howto set pslave.conf ? Sorry, this is the FreeRADIUS list. I don't run portslave, and I don't know much about it. I would suggest reading the portslave documentation, or joining a portslave list. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: how to Test my first freeradius install ? OK fixed ! BUT other problem: (long logs) (server@192.168.122.254not responding)
The log you posted showed that the RADIUS server sent an Access-Accept packet to the client. THat means the server is configured correctly. THX Alan. ! Ok I understand that If the client still does not let the user in, then the client has to be fixed. Right and clear. Do you have any doc tha explain howto set pslave.conf ? I done it with the self instructions of the archive. But is not enough to me. I need to know more since I do not understand well the options. at botom I will copy my pslave.conf file and 254RadServer keeps saying : Malformed RADIUS packet from host 192.168.122.253: Invalid attribute 0 Use 'tcpdump' to find out what's going on. The client appears to be sending bad packets to the server. The issue is that I do not know how is a good packet. please show me the way. Alan DeKok. Is a porrtslave from pslave.lrp package 1.17-1 This is the portslave radius client. This package includes pppd-radius 2.3.5. # pslave.conf Here is the sample server configuration file. # Version: 1.17 03-Nov-1998 Donloaded from ftp.linuxrouter.org/pub/linux/linux-router/dists/2.9.8/packages/ Can''t be this version is too old ? #pslave.conf # pslave.conf Here is the sample server configuration file. # # Version: 1.17 03-Nov-1998 # # # Hostname of the system. # conf.hostname dialup.uucp.com # # IP address - if left empty, uses the IP address of the system (hostname). # This is used as the local address for SLIP and PPP connections. # #conf.ipno 192.168.42.21 # # Lock directory - on FSSTND compliant systems it's /var/lock. # conf.lockdir /var/lock # # Where to find the rlogin binary that accepts the -i flag. # conf.rlogin /usr/bin/rlogin-radius # # Where to find our patched pppd that has radius linked in. # conf.pppd /usr/sbin/pppd-radius # # Where to find telnet. This can just be the system telnet. # conf.telnet /usr/bin/telnet # # If you set this to 1, you can always login locally by putting a '!' # before your loginname. Useful for emergencies when the RADIUS server is down. # conf.locallogins 1 # # Logging stuff - this program can use a remote syslog daemon if needed. # If you want to log locally leave the syslog field empty. The facility # field is an integer between 0 and 7 and sets the syslog facility to # local0-local7. # conf.syslog conf.facility 6 # # Stripnames - if you set this to 1, leading P, S, C, L or ! # characters and trailing .slip, .cslip and .ppp strings will be # stripped from the username before it is recorded in the system # utmp and wtmp files (if sysutmp or syswtmp are turned on ofcourse) # conf.stripnames 0 ## ## The all entry is used as a template for all others. This means that ## setting all.debug to 0, you set s0.debug, s1.debug, s2.debug etc. ## to 0. It also means that all these settings can be overridden on a ## per-port basis below. ## # # Debugging output to syslog. Set to 0 or 1. 1 is pretty verbose. # all.debug 1 # # Authentication type - either radius or none. # all.authtyperadius # # Authentication host and accounting host. We can have 2 of both. The # first one is always tried three times before switching to the second one. # They are alternately tried after that, upto maximum 10 times in total. # Timeout is 5 seconds per query. # all.authhost1 192.168.122.254 all.accthost1 192.168.122.254 #all.authhost2 backuphost.someisp.com #all.accthost2 backuphost.someisp.com # # # The shared secret for RADIUS. # all.secret clave2 # # Default protocol and host. This is for rlogin sessions. # #all.protocol rlogin #all.host shellhost.someisp.com # # Default IP stuff. If you end the ipno with a +, the portnumber will # be added to the IP number. The IP number of a port is used when the RADIUS # server doesn't send an IP number, or if it tells us to use a dynamic ipno. # # Leave the netmask at 255.255.255.255, unless your really know what # you're doing. # all.ipno 192.168.122.253 all.netmask 255.255.255.0 all.mtu 1500 # # Standard message that is issued on connect. # all.issue \n\ Cistron Internet Services \n\ POP Alphen aan den Rijn \n\ Welcome to terminal server %h port S%p\n # # Login prompt. # all.prompt Cistron login: # # Terminal type, for rlogin/telnet sessions. # all.term vt100 # # If you want portslave to update the utmp and/or wtmp files just # like a regular getty/login, set these to 1. # all.sysutmp 1 all.syswtmp 0 ## ## Options for the serial port. ## # # Porttype (passed to Radius for logging). # 0 = async, 1 = sync, 2 = ISDN, 3 = ISDN-V120, 4 = ISDN-V110 # all.porttype 0 # # Speed. All ports are set to 8N1. # all.speed 115200 # # Use this to initialize the modem. # all.initchat \d\dATZ OK\r\n-ATZ-OK\r\n # # You can use either waitfor or aa. # all.waitfor RING # # Chat string to get the modem to connect after waitfor. # The @ sign matches (.*)[\r\n] in regexp code, the match is logged # to Radius as Connection-Info. # all.answer ATA CONNECT@ # # Auto answer - if you set this to 1, the system
RE: how to Test my first freeradius install ? OK fixed ! BUT other problem: (long logs) (server@192.168.122.254not responding)
If I remember correctly, portslave by default tries to communicate with a RADIUS server using ports 1645 instead of the new standard 1812/1813. EXELENT!!! that it the port number ! portslave still use 1645 so I put a -p 1645 to the radiusd command and I get radius and portslave talking between boht machines 192.168.122.254 RadServer(254 on more) and 192.168.122.253 the RadClient (253 on more) I can see it doing tail -f on the logs it was fixed this way. But I cant still authenticate the user.Im using 3 machines for this test . (10dialclient)--(253RadClient)--(254RadServer) w9x Linuxrouter k2.2.16 redhat7.0 2.9.8pre It is intend to: w9x takes 192.168.122.10 IP by example here goes my next problem: IF I use a VALIDuser/WRONGpassword I ged DENIED by 254RadServer and DENIED by 253RadClient that is ok. by the least it looks normal BUT IF I use a VALIDuser/VALIDpassword I ged ACCESS by 254RadServer BUT DENIED by 253RadClient and 254RadServer keeps saying : Malformed RADIUS packet from host 192.168.122.253: Invalid attribute 0 --- Walking the entire request list --- and 253RadClient keeps saying : Jan 1 02:19:01 myrouter pppd[550]: ul_login(lucas) called Jan 1 02:19:10 myrouter pppd[550]: [EMAIL PROTECTED] not responding at this moment you ask . where are the logs ? OK here is ALL it would be hard but I go on please be patient. I will cut in three important parts: 1 start of RADserver and RADclient(portslave) 2 a try with (valid user/ wrong pass ) 3 a try with (valid user/ valid pass ) # ALL 1 start of RADserver and RADclient(portslave) # portslave 1 from inittab with T0:23:respawn:+/usr/sbin/portslave 0 I ask myself for what is the + in inittab path of portslave ?? but it is not the big problem here. so lets continue... Jan 1 02:00:39 myrouter port[S0]: portslave started on port 0 (ttyS0) Jan 1 02:00:40 myrouter port[S0]: chat_expect() Jan 1 02:00:40 myrouter port[S0]: chat_expect - got it Jan 1 02:00:40 myrouter port[S0]: chat_send(\d\dATZ) Jan 1 02:00:42 myrouter port[S0]: chat_expect(OK\r\n) Jan 1 02:00:42 myrouter port[S0]: chat_expect - got it Jan 1 02:00:42 myrouter port[S0]: waiting for RING END portslave 1 ### radiusd 1 from console debug mode /usr/sbin/radiusd -fxxyz -p 1645 ### Starting - reading configuration files ... reread_config: reading radiusd.conf Config: including file: /etc/raddb/proxy.conf Config: including file: /etc/raddb/clients.conf Config: including file: /etc/raddb/snmp.conf Config: including file: /etc/raddb/sql.conf main: prefix = /usr main: localstatedir = /var main: logdir = /var/log/radius main: libdir = /usr/lib main: radacctdir = /var/log/radius/radacct main: hostname_lookups = no read_config_files: reading dictionary read_config_files: reading clients read_config_files: reading realms read_config_files: reading naslist main: max_request_time = 30 main: cleanup_delay = 5 main: max_requests = 1024 main: delete_blocked_requests = 0 main: port = 0 main: allow_core_dumps = no main: log_stripped_names = yes main: log_auth = yes main: log_auth_badpass = yes main: log_auth_goodpass = yes main: pidfile = /var/run/radiusd.pid main: bind_address = 192.168.122.254 IP address [192.168.122.254] main: user = root main: group = root main: usercollide = no main: lower_user = no main: lower_pass = no main: nospace_user = no main: nospace_pass = no main: proxy_requests = yes proxy: retry_delay = 5 proxy: retry_count = 3 proxy: synchronous = no proxy: dead_time = 120 main: debug_level = 0 read_config_files: entering modules setup Module: Library search path is /usr/lib Module: Loaded System unix: cache = no unix: passwd = /etc/passwd unix: shadow = /etc/shadow unix: group = /etc/group unix: radwtmp = /var/log/radius/radwtmp unix: usegroup = no Module: Instantiated unix (unix) Module: Loaded preprocess preprocess: huntgroups = /etc/raddb/huntgroups preprocess: hints = /etc/raddb/hints preprocess: with_ascend_hack = no preprocess: ascend_channels_per_line = 23 preprocess: with_ntdomain_hack = no preprocess: with_specialix_jetstream_hack = no preprocess: with_cisco_vsa_hack = no Module: Instantiated preprocess (preprocess) Module: Loaded realm realm: format = suffix realm: delimiter = @ Module: Instantiated realm (suffix) Module: Loaded files files: usersfile = /etc/raddb/users files: acctusersfile = /etc/raddb/acct_users files: compat = no Module: Instantiated files (files) Module: Loaded detail detail: detailfile = /var/log/radius/radacct/%{Client-IP-Address}/detail detail: detailperm = 384 detail: dirperm = 493