Hi again Jean-Paul, but I have a new problem:
What I need to change in my radiusd.conf???
Note:
When Alfa&Ariss client ask me user, password and domain I write my user
"sgisev" and my password "whatever" , but I don't know exactly what is my
domain.
freeradius log
-------------------------
[EMAIL PROTECTED] raddb]# rad_recv: Access-Request packet from host
192.168.49.252:1225, id=68, length=134
User-Name = "sgisev"
NAS-IP-Address = 192.168.49.252
NAS-Port = 0
Called-Station-Id = "00-80-C8-01-01-55"
Calling-Station-Id = "00-0B-46-26-1C-44"
NAS-Identifier = "DWL-1000AP+"
Framed-MTU = 1380
NAS-Port-Type = Wireless-802.11
EAP-Message = 0x0201000b01736769736576
Message-Authenticator = 0x8854f2ad8aab0424819b2a04e221f5b6
modcall: entering group authorize for request 0
modcall[authorize]: module "preprocess" returns ok for request 0
users: Matched sgisev at 161
modcall[authorize]: module "files" returns ok for request 0
modcall: group authorize returns ok for request 0
auth: type Local
auth: No User-Password or CHAP-Password attribute in the request
auth: Failed to validate the user.
Delaying request 0 for 1 seconds
Finished request 0
Going to the next request
--- Walking the entire request list ---
Waking up in 1 seconds...
--- Walking the entire request list ---
Waking up in 1 seconds...
--- Walking the entire request list ---
Sending Access-Reject of id 68 to 192.168.49.252:1225
Waking up in 4 seconds...
rad_recv: Access-Request packet from host 192.168.49.252:1225, id=69,
length=134
User-Name = "sgisev"
NAS-IP-Address = 192.168.49.252
NAS-Port = 0
Called-Station-Id = "00-80-C8-01-01-55"
Calling-Station-Id = "00-0B-46-26-1C-44"
NAS-Identifier = "DWL-1000AP+"
Framed-MTU = 1380
NAS-Port-Type = Wireless-802.11
EAP-Message = 0x0201000b01736769736576
Message-Authenticator = 0x028d6a55380ba0efb236aec77d33f8b3
modcall: entering group authorize for request 1
modcall[authorize]: module "preprocess" returns ok for request 1
users: Matched sgisev at 161
modcall[authorize]: module "files" returns ok for request 1
modcall: group authorize returns ok for request 1
auth: type Local
auth: No User-Password or CHAP-Password attribute in the request
auth: Failed to validate the user.
Delaying request 1 for 1 seconds
Finished request 1
Going to the next request
--- Walking the entire request list ---
Waking up in 1 seconds...
--- Walking the entire request list ---
Waking up in 1 seconds...
--- Walking the entire request list ---
Cleaning up request 0 ID 68 with timestamp 403606ef
Sending Access-Reject of id 69 to 192.168.49.252:1225
Waking up in 4 seconds...
rad_recv: Access-Request packet from host 192.168.49.252:1225, id=70,
length=134
User-Name = "sgisev"
NAS-IP-Address = 192.168.49.252
NAS-Port = 0
Called-Station-Id = "00-80-C8-01-01-55"
Calling-Station-Id = "00-0B-46-26-1C-44"
NAS-Identifier = "DWL-1000AP+"
Framed-MTU = 1380
NAS-Port-Type = Wireless-802.11
EAP-Message = 0x0201000b01736769736576
Message-Authenticator = 0x1259bac11b122a6599dfb8dc056263f1
modcall: entering group authorize for request 2
modcall[authorize]: module "preprocess" returns ok for request 2
users: Matched sgisev at 161
modcall[authorize]: module "files" returns ok for request 2
modcall: group authorize returns ok for request 2
auth: type Local
auth: No User-Password or CHAP-Password attribute in the request
auth: Failed to validate the user.
Delaying request 2 for 1 seconds
Finished request 2
Going to the next request
--- Walking the entire request list ---
Waking up in 1 seconds...
--- Walking the entire request list ---
Cleaning up request 1 ID 69 with timestamp 403606f3
Waking up in 1 seconds...
--- Walking the entire request list ---
Sending Access-Reject of id 70 to 192.168.49.252:1225
Waking up in 4 seconds...
--- Walking the entire request list ---
Cleaning up request 2 ID 70 with timestamp 403606f8
Nothing to do. Sleeping until we see a request.
users file
-----------------
sgisev User-Password == "whatever"
radiusd.conf
-------------------------
eap {
default_eap_type = tls
timer_expire = 60
ignore_unknown_eap_types = no
md5 {
}
leap {
}
tls {
private_key_password = izadisan
private_key_file =
/usr/local/openssl/ssl/certs/server/server.pem
certificate_file =
/usr/local/openssl/ssl/certs/server/server.pem
CA_file = /usr/local/openssl/ssl/certs/ca/ca.pem
dh_file = /usr/local/openssl/ssl/certs/dh
random_file = /usr/local/openssl/ssl/certs/random
fragment_size = 1024
include_length = yes
}
ttls {
default_eap_type=md5
copy_request_to_tunnel = no
use_tunneled_reply=no
}
}
......
authorize {
preprocess
# Read the 'users' file
files
}
authenticate {
Auth-Type PAP {
pap
}
}
Jos� Luis Solano
SGI - Soluciones Globales Internet S.A.
Delegaci�n Regional Sur
[EMAIL PROTECTED]
(+34) 954.088.060
----- Original Message -----
From: "Jean-Paul Chapalain" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Friday, February 20, 2004 1:48 PM
Subject: Re: Authorize and Authenticate with FILES: "auth: Failed to
validate the user"
> Hi Jos�,
>
> For EAP authentication, you don't code Auth-Type.
> It's eap module that select itself authentication type.
>
> Use a definition like this :
> sgisev User-Password == "whatever"
>
> Jean-Paul.
>
> Jos� Luis Solano wrote:
> > Thanks but:
> >
> > How can I tell to freeradius who is the users???
> >
> >
> > In "users" file I have written:
> >
> > DEFAULT Auth-Type = PAP
> > Fall-Through = 1
> >
> > sgisev Auth-Type := LOCAL , User-Password == "12345678"
> >
> >
> > and the freeradius error is:
> >
> > [EMAIL PROTECTED] raddb]# rad_recv: Access-Request packet from host
> > 192.168.49.252:1225, id=54, length=140
> > User-Name = "anonymous"
> > NAS-IP-Address = 192.168.49.252
> > NAS-Port = 0
> > Called-Station-Id = "00-80-C8-01-01-55"
> > Calling-Station-Id = "00-0B-46-26-1C-44"
> > NAS-Identifier = "DWL-1000AP+"
> > Framed-MTU = 1380
> > NAS-Port-Type = Wireless-802.11
> > EAP-Message = 0x0201000e01616e6f6e796d6f7573
> > Message-Authenticator = 0xdc4c33e656d580182f8ae53ac84293f4
> > modcall: entering group authorize for request 0
> > modcall[authorize]: module "preprocess" returns ok for request 0
> > users: Matched DEFAULT at 156
> > modcall[authorize]: module "files" returns ok for request 0
> > modcall: group authorize returns ok for request 0
> > rad_check_password: Found Auth-Type PAP
> > auth: type "PAP"
> > modcall: entering group Auth-Type for request 0
> > rlm_pap: Attribute "Password" is required for authentication.
> > modcall[authenticate]: module "pap" returns invalid for request 0
> > modcall: group Auth-Type returns invalid for request 0
> > auth: Failed to validate the user.
> > Delaying request 0 for 1 seconds
> > Finished request 0
> > Going to the next request
> > --- Walking the entire request list ---
> > Waking up in 1 seconds...
> > --- Walking the entire request list ---
> > Waking up in 1 seconds...
> > --- Walking the entire request list ---
> > Sending Access-Reject of id 54 to 192.168.49.252:1225
> > Waking up in 4 seconds...
> > --- Walking the entire request list ---
> > Cleaning up request 0 ID 54 with timestamp 4035fcd9
> > Nothing to do. Sleeping until we see a request.
> > rad_recv: Access-Request packet from host 192.168.49.252:1225, id=55,
> > length=140
> > User-Name = "anonymous"
> > NAS-IP-Address = 192.168.49.252
> > NAS-Port = 0
> > Called-Station-Id = "00-80-C8-01-01-55"
> > Calling-Station-Id = "00-0B-46-26-1C-44"
> > NAS-Identifier = "DWL-1000AP+"
> > Framed-MTU = 1380
> > NAS-Port-Type = Wireless-802.11
> > EAP-Message = 0x0201000e01616e6f6e796d6f7573
> > Message-Authenticator = 0x7ee64368520996cda3142f0c7059a480
> > modcall: entering group authorize for request 1
> > modcall[authorize]: module "preprocess" returns ok for request 1
> > users: Matched DEFAULT at 156
> > modcall[authorize]: module "files" returns ok for request 1
> > modcall: group authorize returns ok for request 1
> > rad_check_password: Found Auth-Type PAP
> > auth: type "PAP"
> > modcall: entering group Auth-Type for request 1
> > rlm_pap: Attribute "Password" is required for authentication.
> > modcall[authenticate]: module "pap" returns invalid for request 1
> > modcall: group Auth-Type returns invalid for request 1
> > auth: Failed to validate the user.
> > Delaying request 1 for 1 seconds
> > Finished request 1
> > Going to the next request
> > --- Walking the entire request list ---
> > Waking up in 1 seconds...
> > rad_recv: Access-Request packet from host 192.168.49.252:1225, id=56,
> > length=140
> > User-Name = "anonymous"
> > NAS-IP-Address = 192.168.49.252
> > NAS-Port = 0
> > Called-Station-Id = "00-80-C8-01-01-55"
> > Calling-Station-Id = "00-0B-46-26-1C-44"
> > NAS-Identifier = "DWL-1000AP+"
> > Framed-MTU = 1380
> > NAS-Port-Type = Wireless-802.11
> > EAP-Message = 0x0202000e01616e6f6e796d6f7573
> > Message-Authenticator = 0xa060e6b6b7489e59c65c8eb9154f7cd7
> > modcall: entering group authorize for request 2
> > modcall[authorize]: module "preprocess" returns ok for request 2
> > users: Matched DEFAULT at 156
> > modcall[authorize]: module "files" returns ok for request 2
> > modcall: group authorize returns ok for request 2
> > rad_check_password: Found Auth-Type PAP
> > auth: type "PAP"
> > modcall: entering group Auth-Type for request 2
> > rlm_pap: Attribute "Password" is required for authentication.
> > modcall[authenticate]: module "pap" returns invalid for request 2
> > modcall: group Auth-Type returns invalid for request 2
> > auth: Failed to validate the user.
> > Delaying request 2 for 1 seconds
> > Finished request 2
> > Going to the next request
> > Waking up in 1 seconds...
> > --- Walking the entire request list ---
> > Waking up in 1 seconds...
> > --- Walking the entire request list ---
> > Sending Access-Reject of id 55 to 192.168.49.252:1225
> > Sending Access-Reject of id 56 to 192.168.49.252:1225
> > Waking up in 4 seconds...
> > --- Walking the entire request list ---
> > Cleaning up request 1 ID 55 with timestamp 4035fce4
> > Cleaning up request 2 ID 56 with timestamp 4035fce4
> > Nothing to do. Sleeping until we see a request.
> >
> >
> >
> >
> > Jos� Luis Solano
> > SGI - Soluciones Globales Internet S.A.
> > Delegaci�n Regional Sur
> > [EMAIL PROTECTED]
> > (+34) 954.088.060
> > ----- Original Message -----
> > From: "Jean-Paul Chapalain" <[EMAIL PROTECTED]>
> > To: <[EMAIL PROTECTED]>
> > Sent: Friday, February 20, 2004 1:16 PM
> > Subject: Re: Authorize and Authenticate with FILES: "auth: Failed to
> > validate the user"
> >
> >
> >
> >>Hi Jos�,
> >>
> >>Look at the config of "Alfa&Ariss client" and UNSELECT "Use anonymous
> >>user for outer authentication" in Properties.
> >>
> >>Jean-Paul.
> >>
> >>Jos� Luis Solano wrote:
> >>
> >>>Hi all!!!
> >>>
> >>>
> >>>I have installed freeradius-snapshot-20040216 with redhat 9.
> >>>I use Alfa&Ariss client under Windows XP, cisco pcmcia car on my
laptop.
> >>>
> >>>I use FILES to authorize and authenticate, but TTLS don't run ok.
> >>>
> >>>any idea?? please help?? (Alan, Lionel, Jean-Paul, please!!!!)
> >>>
> >>>
> >>>freeradius logs
> >>>------------------------------------------
> >>>[EMAIL PROTECTED] raddb]# rad_recv: Access-Request packet from host
> >
> > 192.168.49.252:1225, id=41, length=140
> >
> >>> User-Name = "anonymous"
> >>
> >>!!!!!!!!!!!!!! are you anonymous ?
> >>
> >>
> >>> NAS-IP-Address = 192.168.49.252
> >>> NAS-Port = 0
> >>> Called-Station-Id = "00-80-C8-01-01-55"
> >>> Calling-Station-Id = "00-0B-46-26-1C-44"
> >>> NAS-Identifier = "DWL-1000AP+"
> >>> Framed-MTU = 1380
> >>> NAS-Port-Type = Wireless-802.11
> >>> EAP-Message = 0x0201000e01616e6f6e796d6f7573
> >>> Message-Authenticator = 0xd46c99136b226ede9c334c88dfb2fa91
> >>>modcall: entering group authorize for request 0
> >>> modcall[authorize]: module "preprocess" returns ok for request 0
> >>> modcall[authorize]: module "files" returns notfound for request 0
> >>>modcall: group authorize returns ok for request 0
> >>>auth: No authenticate method (Auth-Type) configuration found for the
> >
> > request: Rejecting the user
> >
> >>>auth: Failed to validate the user.
> >>>Delaying request 0 for 1 seconds
> >>>Finished request 0
> >>>Going to the next request
> >>>--- Walking the entire request list ---
> >>>Waking up in 1 seconds...
> >>>--- Walking the entire request list ---
> >>>Waking up in 1 seconds...
> >>>--- Walking the entire request list ---
> >>>Sending Access-Reject of id 41 to 192.168.49.252:1225
> >>>Waking up in 4 seconds...
> >>>--- Walking the entire request list ---
> >>>Cleaning up request 0 ID 41 with timestamp 4035e87f
> >>>Nothing to do. Sleeping until we see a request.
> >>>
> >>>
> >>>
> >>>
> >>>users file
> >>>-----------------
> >>>sgisev Auth-Type := Local , User-Password == "12345678"
> >>>
> >>>DEFAULT Service-Type == Framed-User
> >>> Framed-IP-Address = 255.255.255.254,
> >>> Framed-MTU = 576,
> >>> Service-Type = Framed-User,
> >>> Fall-Through = Yes
> >>>
> >>>DEFAULT Framed-Protocol == PPP
> >>> Framed-Protocol = PPP,
> >>> Framed-Compression = Van-Jacobson-TCP-IP
> >>>
> >>>DEFAULT Hint == "CSLIP"
> >>> Framed-Protocol = SLIP,
> >>> Framed-Compression = Van-Jacobson-TCP-IP
> >>>
> >>>DEFAULT Hint == "SLIP"
> >>> Framed-Protocol = SLIP
> >>>
> >>>
> >>>radiusd.conf
> >>>-------------------------
> >>> eap {
> >>> default_eap_type = tls
> >>>
> >>> timer_expire = 60
> >>> ignore_unknown_eap_types = no
> >>>
> >>> md5 {
> >>> }
> >>> leap {
> >>> }
> >>>
> >>> tls {
> >>> private_key_password = izadisan
> >>> private_key_file =
> >
> > /usr/local/openssl/ssl/certs/server/server.pem
> >
> >>> certificate_file =
> >
> > /usr/local/openssl/ssl/certs/server/server.pem
> >
> >>> CA_file =
/usr/local/openssl/ssl/certs/ca/ca.pem
> >>>
> >>> dh_file = /usr/local/openssl/ssl/certs/dh
> >>>
> >>> random_file =
> >
> > /usr/local/openssl/ssl/certs/random
> >
> >>>
> >>> fragment_size = 1024
> >>>
> >>> include_length = yes
> >>> }
> >>> ttls {
> >>> default_eap_type=md5
> >>> copy_request_to_tunnel = no
> >>> use_tunneled_reply=no
> >>>
> >>> }
> >>> }
> >>>
> >>>
> >>>
> >>>
> >>>
> >>>Jos� Luis Solano
> >>>SGI - Soluciones Globales Internet S.A.
> >>>Delegaci�n Regional Sur
> >>>[EMAIL PROTECTED]
> >>>(+34) 954.088.060
> >>>
> >>
> >>--
> >>-- Jean-Paul Chapalain - GICM - Resp. Reseaux et Infrastructure
> >>-- 32 rue Mirabeau - Le Relecq-Kerhuon - 29808 Brest Cedex 9, FRANCE
> >>-- Tel +33298002873 - Fax +33298284005 - [EMAIL PROTECTED]
> >>-- Key Fingerprint: 192C 1CFE F24A 050D F280 A086 AF15 8631 3ABB 4C7D
> >>
> >
> >
> >
> > -
> > List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
>
> --
> -- Jean-Paul Chapalain - GICM - Resp. Reseaux et Infrastructure
> -- 32 rue Mirabeau - Le Relecq-Kerhuon - 29808 Brest Cedex 9, FRANCE
> -- Tel +33298002873 - Fax +33298284005 - [EMAIL PROTECTED]
> -- Key Fingerprint: 192C 1CFE F24A 050D F280 A086 AF15 8631 3ABB 4C7D
>
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
