Re: how to Test my first freeradius install ? OK fixed ! BUT other problem: (long logs) (server@192.168.122.254not responding)
Linux!audimed [EMAIL PROTECTED] wrote: Do you have any doc tha explain howto set pslave.conf ? Sorry, this is the FreeRADIUS list. I don't run portslave, and I don't know much about it. I would suggest reading the portslave documentation, or joining a portslave list. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: how to Test my first freeradius install ? OK fixed ! BUT other problem: (long logs) (server@192.168.122.254not responding)
The log you posted showed that the RADIUS server sent an Access-Accept packet to the client. THat means the server is configured correctly. THX Alan. ! Ok I understand that If the client still does not let the user in, then the client has to be fixed. Right and clear. Do you have any doc tha explain howto set pslave.conf ? I done it with the self instructions of the archive. But is not enough to me. I need to know more since I do not understand well the options. at botom I will copy my pslave.conf file and 254RadServer keeps saying : Malformed RADIUS packet from host 192.168.122.253: Invalid attribute 0 Use 'tcpdump' to find out what's going on. The client appears to be sending bad packets to the server. The issue is that I do not know how is a good packet. please show me the way. Alan DeKok. Is a porrtslave from pslave.lrp package 1.17-1 This is the portslave radius client. This package includes pppd-radius 2.3.5. # pslave.conf Here is the sample server configuration file. # Version: 1.17 03-Nov-1998 Donloaded from ftp.linuxrouter.org/pub/linux/linux-router/dists/2.9.8/packages/ Can''t be this version is too old ? #pslave.conf # pslave.conf Here is the sample server configuration file. # # Version: 1.17 03-Nov-1998 # # # Hostname of the system. # conf.hostname dialup.uucp.com # # IP address - if left empty, uses the IP address of the system (hostname). # This is used as the local address for SLIP and PPP connections. # #conf.ipno 192.168.42.21 # # Lock directory - on FSSTND compliant systems it's /var/lock. # conf.lockdir /var/lock # # Where to find the rlogin binary that accepts the -i flag. # conf.rlogin /usr/bin/rlogin-radius # # Where to find our patched pppd that has radius linked in. # conf.pppd /usr/sbin/pppd-radius # # Where to find telnet. This can just be the system telnet. # conf.telnet /usr/bin/telnet # # If you set this to 1, you can always login locally by putting a '!' # before your loginname. Useful for emergencies when the RADIUS server is down. # conf.locallogins 1 # # Logging stuff - this program can use a remote syslog daemon if needed. # If you want to log locally leave the syslog field empty. The facility # field is an integer between 0 and 7 and sets the syslog facility to # local0-local7. # conf.syslog conf.facility 6 # # Stripnames - if you set this to 1, leading P, S, C, L or ! # characters and trailing .slip, .cslip and .ppp strings will be # stripped from the username before it is recorded in the system # utmp and wtmp files (if sysutmp or syswtmp are turned on ofcourse) # conf.stripnames 0 ## ## The all entry is used as a template for all others. This means that ## setting all.debug to 0, you set s0.debug, s1.debug, s2.debug etc. ## to 0. It also means that all these settings can be overridden on a ## per-port basis below. ## # # Debugging output to syslog. Set to 0 or 1. 1 is pretty verbose. # all.debug 1 # # Authentication type - either radius or none. # all.authtyperadius # # Authentication host and accounting host. We can have 2 of both. The # first one is always tried three times before switching to the second one. # They are alternately tried after that, upto maximum 10 times in total. # Timeout is 5 seconds per query. # all.authhost1 192.168.122.254 all.accthost1 192.168.122.254 #all.authhost2 backuphost.someisp.com #all.accthost2 backuphost.someisp.com # # # The shared secret for RADIUS. # all.secret clave2 # # Default protocol and host. This is for rlogin sessions. # #all.protocol rlogin #all.host shellhost.someisp.com # # Default IP stuff. If you end the ipno with a +, the portnumber will # be added to the IP number. The IP number of a port is used when the RADIUS # server doesn't send an IP number, or if it tells us to use a dynamic ipno. # # Leave the netmask at 255.255.255.255, unless your really know what # you're doing. # all.ipno 192.168.122.253 all.netmask 255.255.255.0 all.mtu 1500 # # Standard message that is issued on connect. # all.issue \n\ Cistron Internet Services \n\ POP Alphen aan den Rijn \n\ Welcome to terminal server %h port S%p\n # # Login prompt. # all.prompt Cistron login: # # Terminal type, for rlogin/telnet sessions. # all.term vt100 # # If you want portslave to update the utmp and/or wtmp files just # like a regular getty/login, set these to 1. # all.sysutmp 1 all.syswtmp 0 ## ## Options for the serial port. ## # # Porttype (passed to Radius for logging). # 0 = async, 1 = sync, 2 = ISDN, 3 = ISDN-V120, 4 = ISDN-V110 # all.porttype 0 # # Speed. All ports are set to 8N1. # all.speed 115200 # # Use this to initialize the modem. # all.initchat \d\dATZ OK\r\n-ATZ-OK\r\n # # You can use either waitfor or aa. # all.waitfor RING # # Chat string to get the modem to connect after waitfor. # The @ sign matches (.*)[\r\n] in regexp code, the match is logged # to Radius as Connection-Info. # all.answer ATA CONNECT@ # # Auto answer - if you set this to 1, the system
RE: how to Test my first freeradius install ? OK fixed ! BUT other problem: (long logs) (server@192.168.122.254not responding)
If I remember correctly, portslave by default tries to communicate with a
RADIUS server using ports 1645 instead of the new standard 1812/1813.
EXELENT!!! that it the port number !
portslave still use 1645
so I put a -p 1645 to the radiusd command
and I get radius and portslave talking between
boht machines 192.168.122.254 RadServer(254 on more) and
192.168.122.253 the RadClient (253 on more)
I can see it doing tail -f on the logs
it was fixed this way.
But I cant still authenticate the user.Im using 3
machines for this test .
(10dialclient)--(253RadClient)--(254RadServer)
w9x Linuxrouter k2.2.16 redhat7.0
2.9.8pre
It is intend to: w9x takes 192.168.122.10 IP by example
here goes my next problem:
IF I use a VALIDuser/WRONGpassword I ged DENIED by 254RadServer
and DENIED by 253RadClient
that is ok. by the least it looks normal
BUT
IF I use a VALIDuser/VALIDpassword I ged ACCESS by 254RadServer
BUT DENIED by 253RadClient
and 254RadServer keeps saying :
Malformed RADIUS packet from host 192.168.122.253: Invalid attribute 0
--- Walking the entire request list ---
and 253RadClient keeps saying :
Jan 1 02:19:01 myrouter pppd[550]: ul_login(lucas) called
Jan 1 02:19:10 myrouter pppd[550]: [EMAIL PROTECTED] not responding
at this moment you ask . where are the logs ? OK here is ALL
it would be hard but I go on please be patient.
I will cut in three important parts:
1 start of RADserver and RADclient(portslave)
2 a try with (valid user/ wrong pass )
3 a try with (valid user/ valid pass )
#
ALL 1 start of RADserver and RADclient(portslave)
#
portslave 1 from inittab with T0:23:respawn:+/usr/sbin/portslave 0
I ask myself for what is the + in inittab path of portslave ??
but it is not the big problem here. so lets continue...
Jan 1 02:00:39 myrouter port[S0]: portslave started on port 0 (ttyS0)
Jan 1 02:00:40 myrouter port[S0]: chat_expect()
Jan 1 02:00:40 myrouter port[S0]: chat_expect - got it
Jan 1 02:00:40 myrouter port[S0]: chat_send(\d\dATZ)
Jan 1 02:00:42 myrouter port[S0]: chat_expect(OK\r\n)
Jan 1 02:00:42 myrouter port[S0]: chat_expect - got it
Jan 1 02:00:42 myrouter port[S0]: waiting for RING
END portslave 1
###
radiusd 1 from console debug mode
/usr/sbin/radiusd -fxxyz -p 1645
###
Starting - reading configuration files ...
reread_config: reading radiusd.conf
Config: including file: /etc/raddb/proxy.conf
Config: including file: /etc/raddb/clients.conf
Config: including file: /etc/raddb/snmp.conf
Config: including file: /etc/raddb/sql.conf
main: prefix = /usr
main: localstatedir = /var
main: logdir = /var/log/radius
main: libdir = /usr/lib
main: radacctdir = /var/log/radius/radacct
main: hostname_lookups = no
read_config_files: reading dictionary
read_config_files: reading clients
read_config_files: reading realms
read_config_files: reading naslist
main: max_request_time = 30
main: cleanup_delay = 5
main: max_requests = 1024
main: delete_blocked_requests = 0
main: port = 0
main: allow_core_dumps = no
main: log_stripped_names = yes
main: log_auth = yes
main: log_auth_badpass = yes
main: log_auth_goodpass = yes
main: pidfile = /var/run/radiusd.pid
main: bind_address = 192.168.122.254 IP address [192.168.122.254]
main: user = root
main: group = root
main: usercollide = no
main: lower_user = no
main: lower_pass = no
main: nospace_user = no
main: nospace_pass = no
main: proxy_requests = yes
proxy: retry_delay = 5
proxy: retry_count = 3
proxy: synchronous = no
proxy: dead_time = 120
main: debug_level = 0
read_config_files: entering modules setup
Module: Library search path is /usr/lib
Module: Loaded System
unix: cache = no
unix: passwd = /etc/passwd
unix: shadow = /etc/shadow
unix: group = /etc/group
unix: radwtmp = /var/log/radius/radwtmp
unix: usegroup = no
Module: Instantiated unix (unix)
Module: Loaded preprocess
preprocess: huntgroups = /etc/raddb/huntgroups
preprocess: hints = /etc/raddb/hints
preprocess: with_ascend_hack = no
preprocess: ascend_channels_per_line = 23
preprocess: with_ntdomain_hack = no
preprocess: with_specialix_jetstream_hack = no
preprocess: with_cisco_vsa_hack = no
Module: Instantiated preprocess (preprocess)
Module: Loaded realm
realm: format = suffix
realm: delimiter = @
Module: Instantiated realm (suffix)
Module: Loaded files
files: usersfile = /etc/raddb/users
files: acctusersfile = /etc/raddb/acct_users
files: compat = no
Module: Instantiated files (files)
Module: Loaded detail
detail: detailfile = /var/log/radius/radacct/%{Client-IP-Address}/detail
detail: detailperm = 384
detail: dirperm = 493
