Connection is dropped.
Hi all! Updating the FreeRadius to the last snapshot of november I decide to change my old snapshot of OpenSSL to the stable release of OpenSSL 0.9.7c. After having a couple of troubles with the different versions of the OpenSSL, I recompiled and they worked together. Now, Using a similar configuration to the one I was using, I found that the authentication succeed, but it is dropped. (My client is Windows XP, and the AP is a Cisco 350 series). The AP said to succeed when authenticating the client, but the client (which also said to succeed) says that there is no connection available. The full info of the radius server is at: http://www.ece.udel.edu/~barrera/logradius Everything seems to be fine with radius, or at least I couldn't find the problem. Does anyone face with this thing before? Thank you, Have a nice time this hollydays!! Ivan D. Barrera - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Relocation Error - Checked the SSL versions, but still apear - HELP
Hi, I was using an old snap version of freeradius, compiled with an old snap version of OpenSSL, it was working fine with EAP-TLS, but I wanted to try the TTLS, so I tried to set the OpenSSL to the latest stable version 0.9.7c and use the SNAPSHOT version of Freeradius to get the TTLS. Now I'm getting the error: ./radiusd: relocation error: /usr/local/radius//lib/rlm_eap_tls-1.0.0-pre0.so: undefined symbol: SSL_set_msg_callback as soon as a client tries to get in. An old posted message said to be a problem with OpenSSL versions. I'm not good with this linux installations. So what I did was to remove the old directory where the snapshot were, and I used it again to install the stable version. As soon as it finished, anyway I replaced the libcrypto.so and libssl.so in the /usr/lib to point to the new ones. (also openssl file by it self). - I'm using RH8 and I think I also have the 0.9.6 (engine) which I just renamed as openssl.old. I thought that was enough to fix the problem and make the freeradius point to the 0.9.7c version, but still I compiled and executed getting this error. I regenerated the certificates, I removed the whole radius directory and installed it again, but it doesn't work. Is there any way to check what are the versions I'm trying to use? Is there a way to uninstall correctly whether freeradius or Openssl? Probably I'm doing all wrong, but still I don't know what it is. If you can help me out showing me the path, that would be awesome!! Thanks a lot for your help, Ivan D. Barrera - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: Relocation Error - Checked the SSL versions, but still apear
So sorry, looks like the page was cached, and I never saw my message posted!, thanks I will check on that. Ivan D. Barrera Ivan Dario Barrera [EMAIL PROTECTED] wrote: ... You do READ the list, don't you? http://lists.cistron.nl/pipermail/freeradius-users/2003-December/026413.html Is there any way to check what are the versions I'm trying to use? ldd. See the FAQ. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Freeradius FAQ (14.3)
Hello,
So you don't have any request on your machine? Have you tried to run radtest
from a different machine (not the radius server)? Are you sure you don't
have a firewall blocking the ports used by Freeradius? Are the ports well
configured (udp 1812, etc, etc)?
If you have a firewall installed on your freeradius you should try to turn
it off that could be the reason you are not getting any request.
Ivan Barrera
- Original Message -
From: apellido jr., wilfredo p [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Sunday, August 17, 2003 4:43 AM
Subject: Freeradius FAQ (14.3)
After succesfull testing of my radius using radtest, i
tried to test using dial-up connection. It will say
the computer you are dialling cannot establish dial-up
connection. The problem is according to freeradius FAQ
14.3. The NAS has no idea which RADIUS server you use.
I run tcpdump udp on localhost here's the output:
16:27:33.075451 portmaster.mactan.ph.router
203.177.22.191.router: RIPv1-resp [items 9]:
{dialup-008.mactan.ph}(1) {dialup-
16:27:34.013197 CM-14D.mactan.ph.1046
mail.mactan.ph.domain: 3373+ PTR?
188.22.177.203.in-addr.arpa. (45)
16:27:34.013892 mail.mactan.ph.domain
CM-14D.mactan.ph.1046: 3373* 1/1/1 (135)
16:27:34.014250 CM-14D.mactan.ph.1047
mail.mactan.ph.domain: 3374+ PTR?
160.22.177.203.in-addr.arpa. (45)
16:27:34.014909 mail.mactan.ph.domain
CM-14D.mactan.ph.1047: 3374* 1/1/1 (135)
16:27:34.015109 CM-14D.mactan.ph.1048
mail.mactan.ph.domain: 3375+ PTR?
163.22.177.203.in-addr.arpa. (45)
16:27:34.015766 mail.mactan.ph.domain
CM-14D.mactan.ph.1048: 3375* 1/1/1 (135)
16:27:35.012533 CM-14D.mactan.ph.1049
mail.mactan.ph.domain: 3376+ PTR?
151.22.177.203.in-addr.arpa. (45)
16:27:35.013226 mail.mactan.ph.domain
CM-14D.mactan.ph.1049: 3376* 2/1/1[|domain]
16:28:05.050417 portmaster.mactan.ph.router
203.177.22.191.router: RIPv1-resp [items 9]:
{dialup-008.mactan.ph}(1) {dialup-
16:28:36.915323 portmaster.mactan.ph.router
203.177.22.191.router: RIPv1-resp [items 9]:
{dialup-008.mactan.ph}(1) {dialup-
16:28:46.223213 210.23.208.159.1050
CM-14D.mactan.ph.netbios-ns: NBT UDP PACKET(137):
QUERY; REQUEST; BROADCAST
16:28:47.013783 CM-14D.mactan.ph.1050
mail.mactan.ph.domain: 3377+ PTR?
159.208.23.210.in-addr.arpa. (45)
16:28:47.305273 mail.mactan.ph.domain
CM-14D.mactan.ph.1050: 3377 NXDomain* 0/1/0 (134)
16:29:08.889632 portmaster.mactan.ph.router
203.177.22.191.router: RIPv1-resp [items 9]:
{dialup-008.mactan.ph}(1) {dialup-
16:29:40.864544 portmaster.mactan.ph.router
203.177.22.191.router: RIPv1-resp [items 9]:
{dialup-008.mactan.ph}(1) {dialup-
16:30:12.729307 portmaster.mactan.ph.router
203.177.22.191.router: RIPv1-resp [items 9]:
{dialup-008.mactan.ph}(1) {dialup-
16:30:24.265651 portmaster.mactan.ph.router
203.177.22.191.router: RIPv1-resp [items 1]:
{dialup-023.mactan.ph}(16)
16:30:24.305225 CM-14D.mactan.ph.1051
mail.mactan.ph.domain: 3378+ PTR?
175.22.177.203.in-addr.arpa. (45)
16:30:24.305888 mail.mactan.ph.domain
CM-14D.mactan.ph.1051: 3378* 1/1/1 (135)
is my analysis correct? that the NAS dont know where
radius server to use? because when i try to run radius
in debugging mode, it shown nothing but if i use
radtest then here's the output:
rad_recv: Access-Request packet from host
127.0.0.1:1052, id=243, length=60
Thread 2 assigned request 1
--- Walking the entire request list ---
Cleaning up request 0 ID 213 with timestamp 3f3f3713
Nothing to do. Sleeping until we see a request.
Thread 2 handling request 1, (1 handled so far)
User-Name = apellido
User-Password = apellido
NAS-IP-Address = 255.255.255.255
NAS-Port = 0
modcall: entering group authorize
modcall[authorize]: module preprocess returns ok
modcall[authorize]: module chap returns noop
rlm_realm: No '@' in User-Name = apellido,
looking up realm NULL
rlm_realm: No such realm NULL
modcall[authorize]: module suffix returns noop
radius_xlat: 'apellido'
rlm_sql (sql): sql_set_user escaped user --
'apellido'
radius_xlat: 'SELECT id,UserName,Attribute,Value,op
FROM radcheck WHERE Username = 'apellido' ORDER BY id'
rlm_sql (sql): Reserving sql socket id: 3
radius_xlat: 'SELECT
radgroupcheck.id,radgroupcheck.GroupName,radgroupcheck.Attribute,radgroupche
ck.Value,radgroupcheck.op
FROM radgroupcheck,usergroup WHERE usergroup.Username
= 'apellido' AND usergroup.GroupName =
radgroupcheck.GroupName ORDER BY radgroupcheck.id'
radius_xlat: 'SELECT id,UserName,Attribute,Value,op
FROM radreply WHERE Username = 'apellido' ORDER BY id'
radius_xlat: 'SELECT
radgroupreply.id,radgroupreply.GroupName,radgroupreply.Attribute,radgrouprep
ly.Value,radgroupreply.op
FROM radgroupreply,usergroup WHERE usergroup.Username
= 'apellido' AND usergroup.GroupName =
radgroupreply.GroupName ORDER BY radgroupreply.id'
rlm_sql (sql): Released sql socket id: 3
modcall[authorize]: module
Re: EAP and MAC Authentication worked once but it didn't twice.
Thanks a lot Alan. It is working now. I still don't understand, why if I leave the command Auth-Type: EAP the request packets are different and they have different information. I saw that, but I thought it was something wrong with the certificates and I spent lot of time with SSL. Any clue about the difference between the requests? Since I only removed the Auth-type, Is the communication Client-Server different? I will check more on EAP, if you have good litterature to recomend, I would appreciate. Thank you a lot once again. Ivan Barrera - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
EAP and MAC Authentication worked once but it didn't twice.
Hi, I have this problem that is probably already documented, and I guess the solution is simple but I still cannot find the answer. I followed the HOWTOs and the authentication service seems to be working now, but it works just once. It happens that when I add a new user to the users file it can be authenticated with no problems for the first time, when I restart the user PC (that is when it tries to be authenticated for a second time) the radius server in debug mode says Failed to validate the user, it can be seen at http://www.ece.udel.edu/~barrera/logfail.txt The first time the user was authenticated looked like: http://www.ece.udel.edu/~barrera/log.txt As soon as I run the radius server with the options -xxxyz the messages look pretty normal, with no errors, http://www.ece.udel.edu/~barrera/start.txt which is the same that appears at http://www.impossiblereflex.com/8021x/eap-tls-HOWTO.htm I found that if I want the user to be authenticated once again I have to change something on users file and try to authenticate and then back to the original configuration. (a copy of the users file is below). Right now I'm using redhat 8.0 (2.4.18-14), freeradius 0.8.1., The AP is a Cisco 350 series and it was configured as http://www.missl.cs.umd.edu/wireless/eaptls/ says, using MAC address authentication. Any idea? Thanks a lot for your help and invaluable time!, please let me know the information supplied is enough. Ivan Barrera Users file: (Anyway they can be checked at http://www.ece.udel.edu/~barrera/radius/ ) DEFAULT Group == disabled, Auth-Type := Reject Reply-Message = Your account has been disabled. 00022d0bea39 Auth-Type := EAP, NAS-Port-Type := Wireless-802.11, Password == 00022d0bea39 Service-Type = Framed-User, Framed-IP-Address = 128.4.132.81 Ivan Barrera Auth-Type := EAP Service-Type = Framed-User ibarrera Auth-Type := EAP Service-Type = Framed-User test Auth-Type := Local, User-Password==test guest Auth-Type := Local, User-Password==test DEFAULT Auth-Type = System Fall-Through = 1 DEFAULT Service-Type == Framed-User Framed-IP-Address = 255.255.255.254, Framed-MTU = 576, Service-Type = Framed-User, Fall-Through = Yes DEFAULT Framed-Protocol == PPP Framed-Protocol = PPP, Framed-Compression = Van-Jacobson-TCP-IP DEFAULT Hint == CSLIP Framed-Protocol = SLIP, Framed-Compression = Van-Jacobson-TCP-IP - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Newbie-ish HUP question (0.9.0)
- Original Message - From: Fenn Bailey [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Wednesday, July 30, 2003 2:06 AM Subject: Newbie-ish HUP question (0.9.0) read_config_files: reading dictionary read_config_files: reading naslist Using deprecated naslist file. Support for this will go away soon. read_config_files: reading clients Using deprecated clients file. Support for this will go away soon. read_config_files: reading realms Using deprecated realms file. Support for this will go away soon. dies silently at this point - It looks like you modified a file it was used originally to configure freeradius and you shouldn't use it anymore. Try to check with the HowTo to see if you are changing the files you should and if you changed other one try to comment any change you did on it, just in order to follow the normal course of the application. It used to happen that if you change one old file like the clients instead of clients.conf it refuses to work. :) Bye Ivan D. Barrera EECIS Staff University of Delaware. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
