RE: sql returns fail for some stop requests
(sorry if this is duplicate)
i have modified the sql queries and removed unnecessary whitespace,
but am still getting some queries cut-off in the log.
the main issue is with accounting stop requests.
(i am using the default queries provided with freeradius 2.1.12 - dialup.conf)
is there a way to increase the space/memory available for sql queries?
the main issue is with accounting stop requests.
in addition i have found the following in the logs:
rlm_sql (sql): There are no DB handles to use! skipped 0, tried to connect 0
++[sql] returns fail
number of DB connections has already been raised from the default 5 to 25,
this is a rare error, but it still exists, might be related.
Amir.
From: Amir Tal
Sent: Wednesday, July 11, 2012 4:48 PM
To: 'freeradius-users@lists.freeradius.org'
Subject: sql returns fail for some stop requests
Freeradius ver 2.1.12, configured to use ldap for auth, sql for acct.
Sometimes users' sessions get stuck and have to be closed manualy (simultaneous
use is turned on for all users).
After extensive debugging I have found the following in the logs (radius -X)
[thread] # Executing section preacct from file
/etc/raddb/sites-enabled/default
[thread] +- entering group preacct {...}
++[preprocess] returns ok
[acct_unique] Hashing 'NAS-Port = 14117776,Client-IP-Address =
xx.xx.xx.xx,NAS-IP-Address = xx.xx.xx.xx,Acct-Session-Id = erx
ip:109.226.0.9:147.235.234.115:1e47:6248:14c2:8b6a:5dac845:0060992452,Use
r-Name = x@ccc'
[acct_unique] Acct-Unique-Session-ID = d49ba42fa077f5f0.
++[acct_unique] returns ok
[suffix] Looking up realm ccc for User-Name = x@ccc
[suffix] Found realm ccc
[suffix] Adding Stripped-User-Name = x
[suffix] Adding Realm = ccc
[suffix] Accounting realm is LOCAL.
++[suffix] returns ok
++[files] returns noop
# Executing section accounting from file /etc/raddb/sites-enabled/default
+- entering group accounting {...}
[detail]expand: %{Packet-Src-IP-Address} - xx.xx.xx.xx
[detail]expand:
/var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/detail-%Y%m%d
- /var/log/radius/radacct/xx.xx.xx.xx/detail-20120711
[detail]
/var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/detail-%Y%m%d
expands to /var/log/radius/radacct/xx.xx.xx.xx/detail-20120711
[detail]expand: %t - Wed Jul 11 02:03:45 2012
Cleaning up request 12612249 ID 93 with timestamp +729235
++[detail] returns ok
[detail.moreshet] expand: /var/log/radius/radacct/moreshet.relay -
/var/log/radius/radacct/moreshet.relay
[detail.moreshet] /var/log/radius/radacct/moreshet.relay expands to
/var/log/radius/radacct/moreshet.relay
[detail.moreshet] expand: %t - Wed Jul 11 02:03:45 2012
++[detail.moreshet] returns ok
++[unix] returns ok
[sql] expand: %{Stripped-User-Name} - x
[sql] expand: %{%{Stripped-User-Name}:-%{%{User-Name}:-DEFAULT}} - x
[sql] sql_set_user escaped user -- 'x'
[sql] expand: %{Acct-Input-Gigawords} - 0
[sql] expand: %{Acct-Input-Octets} - 4001
[sql] expand: %{Acct-Output-Gigawords} - 0
[sql] expand: %{Acct-Output-Octets} - 8134
[sql] expand: %{Acct-Delay-Time} - 0
[sql] expand:UPDATE radacct SET acctstoptime =
'%S', acctsessiontime= '%{Acct-Session-Time}',
acctinputoctets= '%{%{Acct-Input-Gigawords}:-0}' 32 |
'%{%{Acct-Input-Octets}:-0}', acctoutputoctets =
'%{%{Acct-Output-Gigawords}:-0}' 32 |
'%{%{Acct-Output-Octets}:-0}', acctterminatecause =
'%{Acct-Terminate-Cause}', acctstopdelay =
'%{%{Acct-Delay-Time}:-0}', connectinfo_stop = '%{Connect-Info}'
WHERE acctsessionid = '%{Acct-Session-Id}' AND username
= '%{SQL-User-Name}' AND nasipaddress =
'%{NAS-IP-Address}' -UPDATE radacct SET acctstoptime
= '2012-07-11 02:03:45', acctsessiontime= '517',
acctinputoctets= '0' 32 | '4001',
acctoutputoctets = '0' 32 |
[sql] expand: /var/log/radius/sqltrace.sql - /var/log/radius/sqltrace.sql
Cleaning up request 12612250 ID 95 with timestamp +729235
++[sql] returns fail
Thread 20 got semaphore
Thread 19 got semaphore
It seems the last SQL query line is cut off for some reason, this only happens
on some connections, while others are stopped correctly.
Not specific to users or time of day.
Versions information:
cat /etc/issue :
CentOS release 5.6 (Final)
Kernel \r on an \m
rpm -qa | grep radius :
freeradius2-python-2.1.12-7
freeradius2-ldap-2.1.12-7
freeradius2-2.1.12-7
freeradius2-krb5-2.1.12-7
freeradius2-mysql-2.1.12-7
freeradius2-utils-2.1.12-7
freeradius2-postgresql-2.1.12-7
freeradius2-perl-2.1.12-7
freeradius2-unixODBC-2.1.12-7
additional logs and/or information can be provided
Router as NAS
Can I connect to radius via a router that has a guestzone? It simply
means that the router has an extra guestzone interface that also
contains choice for PSK or EAP
From the following information I wonder why the radiusd is not
responding.Remember I am trying to log in with the radius from the PC
where the radius is installed. Radius is on 192.168.0.198 and I am
attempting login or request from 192.168.0.198. This may also be a
mistake. Maybe there will be a conflict betw 192.168.0.1 = router and
192.168.0.198 localhost. I simply dont know.
The router is a DLINK 655
The OS is SuSE Linux Enterprise Desktop 10, ServPack 3
The radius is the freeradiu-sserver-2.1.12
Here are the fields from this zone in the router:
**ROUTER PART**
Use this section to configure the guest zone settings of your router.
The guest zone provide a separate network zone for guest to access
Internet:
--GUEST ZONE SELECTION--
Enable Guest Zone : (Yes)
Wireless Band : 2.4GHz Band
Wireless Network Name : EAP_sled (Also called the SSID)
Enable Routing Between Zones : (No)
Security Mode : WPA-Enterprise
--WPA--
WPA Mode : Auto (WPA or WPA2)
Cipher Type : TKIP and AES
Group Key Update Interval : 3600 (seconds)
--EAP (802.1x)--
When WPA enterprise is enabled, the router uses EAP (802.1x) to
authenticate clients via a remote RADIUS server.
Authentication Timeout : 60 (minutes)
RADIUS server IP Address : 192.168.0.198
RADIUS server Port : 1812
RADIUS server Shared Secret : testing123
MAC Address Authentication : No
**CLIENT.CONF**
Then I change the client.conf from localhost 127.0.0.1 to the IP of the
router 192.168.0.1
#client localhost {
# Allowed values are:
# dotted quad (1.2.3.4)
# hostname(radius.example.com)
# ipaddr = 127.0.0.1
# Test with router:
client router {
# Allowed values are:
# dotted quad (1.2.3.4)
# hostname(radius.example.com)
ipaddr = 192.168.0.1
#
and I keep rest of it as it was.
**/ETC/HOSTS/**
I put in a line in /etc/hosts/ (I am not sure if it is right or
necessary:
# IP-Address Full-Qualified-Hostname Short-Hostname
192.168.0.1 routerdlink
**YAST CONFIG FOR THE USERCLIENT**
I change the setup in system (YaST)from PKS key to EAP:
--MODUS--
Accesspoint: (Yes)
Ad hoc: no
Master: no
--NETWORKNAME SSID--
EAP_sled
--AUTHENTICATION MODUS--
Open: no
Shared key: no
WPA-EAP (Yes)
WPA-PSK: no
EAP Modus: TTLS
Identity: sigbj (as in /usr/local/etc/raddb/users)
Password: testing-0 (as in /usr/local/etc/raddb/users)
Anonymous identity: (left open)
Client-Sert: (closed)
Client-Key: (closed)
Client-Key_password: whatever
Server-Sert: /usr/local/etc/raddb/certs/server.csr
I have made no changes in eap.conf and radius.conf
I try to start the radiusd -X with these changes (the previous test on
localhost is successful: Ready to process requests. And radtest test
gives the right feedback:Sending Access-Accept of id 178 to 127.0.0.1
port 1932,so this test part works)
Some of the messages from the radiusd -X with the changed client.conf:
radiusd: Loading Clients
client router {
ipaddr = 192.168.0.1
require_message_authenticator = no
secret = testing123
nastype = other
.
... adding new socket proxy address * port 1047
Listening on authentication address * port 1812
Listening on accounting address * port 1813
Listening on command file /usr/local/var/run/radiusd/radiusd.sock
Listening on authentication address 127.0.0.1 port 18120 as server
inner-tunnel
Listening on proxy address * port 1814
Ready to process requests.
radtest gives this:
Sending Access-Request of id 207 to 127.0.0.1 port 1812
User-Name = sigbj
User-Password = testing-0
NAS-IP-Address = 192.168.0.198
NAS-Port = 0
Message-Authenticator = 0x
radclient: no response from server for ID 207 socket 3
and radiusd consequently:
Ignoring request to authentication address * port 1812 from unknown
client 127.0.0.1 port 1048
Trying to login with the Knetworkmanager (KDE) on to the network gives
no reaction on the server, server is just waiting, the knetworkmanager
may blink or just dryrun. I have a feeling that the server is listening
on the 127.0.0.1 instead on 192.168.0.1, but do not know
I am of course doing a typical newbie mistake somewhere, but I do not
know what.
IF YOU NEED THE WHOLE RADIUSD -X LOG AT THIS POINT, PLEASE TELL ME. I
have given this explanations to begin with. The problems may also be
that a router of this kind cannot be used on freeradius or that the
router is 100% Windows-messed-up.
--
Si St
sigbj...@operamail.com
--
http://www.fastmail.fm - A no graphics, no pop-ups email service
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: sql returns fail for some stop requests
Amir Tal wrote: i have modified the sql queries and removed unnecessary whitespace, but am still getting some queries cut-off in the log. ... is there a way to increase the space/memory available for sql queries? Edit the source code. See src/modules/rlm_sql/ in addition i have found the following in the logs: rlm_sql (sql): There are no DB handles to use! skipped 0, tried to connect 0 ++[sql] returns fail ... this is a rare error, but it still exists, might be related. It's not related. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
a router as NAS
(I think I messed up the previous posting by returning on a previous by
Winter answered post. This message is found in the end of that post. I
am sorry. Hope this one comes in with the new subject.)
Can I connect to radius via a router that has a guestzone? It simply
means that the router has an extra guestzone interface that also
contains choice for PSK or EAP
From the following information I wonder why the radiusd is not
responding.Remember I am trying to log in with the radius from the PC
where the radius is installed. Radius is on 192.168.0.198 and I am
attempting login or request from 192.168.0.198. This may also be a
mistake. Maybe there will be a conflict betw 192.168.0.1 = router and
192.168.0.198 localhost. I simply dont know.
The router is a DLINK 655
The OS is SuSE Linux Enterprise Desktop 10, ServPack 3
The radius is the freeradiu-sserver-2.1.12
Here are the fields from this zone in the router:
**ROUTER PART**
Use this section to configure the guest zone settings of your router.
The guest zone provide a separate network zone for guest to access
Internet:
--GUEST ZONE SELECTION--
Enable Guest Zone : (Yes)
Wireless Band : 2.4GHz Band
Wireless Network Name : EAP_sled (Also called the SSID)
Enable Routing Between Zones : (No)
Security Mode : WPA-Enterprise
--WPA--
WPA Mode : Auto (WPA or WPA2)
Cipher Type : TKIP and AES
Group Key Update Interval : 3600 (seconds)
--EAP (802.1x)--
When WPA enterprise is enabled, the router uses EAP (802.1x) to
authenticate clients via a remote RADIUS server.
Authentication Timeout : 60 (minutes)
RADIUS server IP Address : 192.168.0.198
RADIUS server Port : 1812
RADIUS server Shared Secret : testing123
MAC Address Authentication : No
**CLIENT.CONF**
Then I change the client.conf from localhost 127.0.0.1 to the IP of the
router 192.168.0.1
#client localhost {
# Allowed values are:
# dotted quad (1.2.3.4)
# hostname(radius.example.com)
# ipaddr = 127.0.0.1
# Test with router:
client router {
# Allowed values are:
# dotted quad (1.2.3.4)
# hostname(radius.example.com)
ipaddr = 192.168.0.1
#
and I keep rest of it as it was.
**/ETC/HOSTS/**
I put in a line in /etc/hosts/ (I am not sure if it is right or
necessary:
# IP-Address Full-Qualified-Hostname Short-Hostname
192.168.0.1 routerdlink
**YAST CONFIG FOR THE USERCLIENT**
I change the setup in system (YaST)from PKS key to EAP:
--MODUS--
Accesspoint: (Yes)
Ad hoc: no
Master: no
--NETWORKNAME SSID--
EAP_sled
--AUTHENTICATION MODUS--
Open: no
Shared key: no
WPA-EAP (Yes)
WPA-PSK: no
EAP Modus: TTLS
Identity: sigbj (as in /usr/local/etc/raddb/users)
Password: testing-0 (as in /usr/local/etc/raddb/users)
Anonymous identity: (left open)
Client-Sert: (closed)
Client-Key: (closed)
Client-Key_password: whatever
Server-Sert: /usr/local/etc/raddb/certs/server.csr
I have made no changes in eap.conf and radius.conf
I try to start the radiusd -X with these changes (the previous test on
localhost is successful: Ready to process requests. And radtest test
gives the right feedback:Sending Access-Accept of id 178 to 127.0.0.1
port 1932,so this test part works)
Some of the messages from the radiusd -X with the changed client.conf:
radiusd: Loading Clients
client router {
ipaddr = 192.168.0.1
require_message_authenticator = no
secret = testing123
nastype = other
.
... adding new socket proxy address * port 1047
Listening on authentication address * port 1812
Listening on accounting address * port 1813
Listening on command file /usr/local/var/run/radiusd/radiusd.sock
Listening on authentication address 127.0.0.1 port 18120 as server
inner-tunnel
Listening on proxy address * port 1814
Ready to process requests.
radtest gives this:
Sending Access-Request of id 207 to 127.0.0.1 port 1812
User-Name = sigbj
User-Password = testing-0
NAS-IP-Address = 192.168.0.198
NAS-Port = 0
Message-Authenticator = 0x
radclient: no response from server for ID 207 socket 3
and radiusd consequently:
Ignoring request to authentication address * port 1812 from unknown
client 127.0.0.1 port 1048
Trying to login with the Knetworkmanager (KDE) on to the network gives
no reaction on the server, server is just waiting, the knetworkmanager
may blink or just dryrun. I have a feeling that the server is listening
on the 127.0.0.1 instead on 192.168.0.1, but do not know
I am of course doing a typical newbie mistake somewhere, but I do not
know what.
IF YOU NEED THE WHOLE RADIUSD -X LOG AT THIS POINT, PLEASE TELL ME. I
have given this explanations to begin with. The problems may also be
that a router of this kind cannot be used on freeradius or that the
router is 100% Windows-messed-up.
--
Si St
sigbj...@operamail.com
--
Re: a router as NAS
Si St wrote: From the following information I wonder why the radiusd is not responding. Read the debug log. Really. It's not hard. Nothing else will help. Remember I am trying to log in with the radius from the PC where the radius is installed. I have no idea what that means. Here are the fields from this zone in the router: **ROUTER PART** Use this section to configure the guest zone settings of your router. We don't need to see any of the router config. **CLIENT.CONF** Then I change the client.conf from localhost 127.0.0.1 to the IP of the router 192.168.0.1 Why? Why not just add a *new* section? **/ETC/HOSTS/** I put in a line in /etc/hosts/ (I am not sure if it is right or necessary: If you're not sure, don't do it. **YAST CONFIG FOR THE USERCLIENT** We don't need to see any of this. I try to start the radiusd -X with these changes (the previous test on localhost is successful: Ready to process requests. And radtest test gives the right feedback:Sending Access-Accept of id 178 to 127.0.0.1 port 1932,so this test part works) Until you delete 127.0.0.1 from the clients.conf file. Sending Access-Request of id 207 to 127.0.0.1 port 1812 User-Name = sigbj User-Password = testing-0 NAS-IP-Address = 192.168.0.198 NAS-Port = 0 Message-Authenticator = 0x radclient: no response from server for ID 207 socket 3 and radiusd consequently: Ignoring request to authentication address * port 1812 from unknown client 127.0.0.1 port 1048 Of course. That's what you told it do to. Trying to login with the Knetworkmanager (KDE) on to the network gives no reaction on the server, server is just waiting, the knetworkmanager may blink or just dryrun. Then you have a networking problem. Not a RADIUS problem. Go fix that. I have a feeling that the server is listening on the 127.0.0.1 instead on 192.168.0.1, but do not know The server listens on all IPs by default. It prints this out in debug mode. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: a router as NAS
Hi,
you can use the following to include all the IPs inside the clients file:
client 0.0.0.0/0 {
secret = mysecret
shortname = myNAS
}
From the router's side you need to write a command to add your radius shared
key and ip. For example if it's allied telesis
radius-server key key
radius-server host ip
for cisco is something similar.
If you are using Mysql then you need to add it to the nas table but before that
you need to edit the sql.conf file and uncomment the radclients = yes
for example my Mysql nas table is like that:
++--+--+---+---++---+---++
| id | nasname | shortname| type | ports | secret | community |
description | server |
++--+--+---+---++---+---++
| 1 |IP | Core | other | NULL | key | NULL | Radius
Client | NULL |
| 2 |IP | ZoneDirector | other | NULL | key | NULL | Radius
Client | NULL |
++--+--+---+---++---+---++
because i am using the core and the zone director as a NAS.
Good luckAndrew
From: sigbj...@operamail.com
To: freeradius-users@lists.freeradius.org
Subject: a router as NAS
Date: Sun, 15 Jul 2012 18:49:18 +0200
(I think I messed up the previous posting by returning on a previous by
Winter answered post. This message is found in the end of that post. I
am sorry. Hope this one comes in with the new subject.)
Can I connect to radius via a router that has a guestzone? It simply
means that the router has an extra guestzone interface that also
contains choice for PSK or EAP
From the following information I wonder why the radiusd is not
responding.Remember I am trying to log in with the radius from the PC
where the radius is installed. Radius is on 192.168.0.198 and I am
attempting login or request from 192.168.0.198. This may also be a
mistake. Maybe there will be a conflict betw 192.168.0.1 = router and
192.168.0.198 localhost. I simply dont know.
The router is a DLINK 655
The OS is SuSE Linux Enterprise Desktop 10, ServPack 3
The radius is the freeradiu-sserver-2.1.12
Here are the fields from this zone in the router:
**ROUTER PART**
Use this section to configure the guest zone settings of your router.
The guest zone provide a separate network zone for guest to access
Internet:
--GUEST ZONE SELECTION--
Enable Guest Zone : (Yes)
Wireless Band : 2.4GHz Band
Wireless Network Name : EAP_sled (Also called the SSID)
Enable Routing Between Zones : (No)
Security Mode : WPA-Enterprise
--WPA--
WPA Mode : Auto (WPA or WPA2)
Cipher Type : TKIP and AES
Group Key Update Interval : 3600 (seconds)
--EAP (802.1x)--
When WPA enterprise is enabled, the router uses EAP (802.1x) to
authenticate clients via a remote RADIUS server.
Authentication Timeout : 60 (minutes)
RADIUS server IP Address : 192.168.0.198
RADIUS server Port : 1812
RADIUS server Shared Secret : testing123
MAC Address Authentication : No
**CLIENT.CONF**
Then I change the client.conf from localhost 127.0.0.1 to the IP of the
router 192.168.0.1
#client localhost {
# Allowed values are:
# dotted quad (1.2.3.4)
# hostname(radius.example.com)
# ipaddr = 127.0.0.1
# Test with router:
client router {
# Allowed values are:
# dotted quad (1.2.3.4)
# hostname(radius.example.com)
ipaddr = 192.168.0.1
#
and I keep rest of it as it was.
**/ETC/HOSTS/**
I put in a line in /etc/hosts/ (I am not sure if it is right or
necessary:
# IP-Address Full-Qualified-Hostname Short-Hostname
192.168.0.1 routerdlink
**YAST CONFIG FOR THE USERCLIENT**
I change the setup in system (YaST)from PKS key to EAP:
--MODUS--
Accesspoint: (Yes)
Ad hoc: no
Master: no
--NETWORKNAME SSID--
EAP_sled
--AUTHENTICATION MODUS--
Open: no
Shared key: no
WPA-EAP (Yes)
WPA-PSK: no
EAP Modus: TTLS
Identity: sigbj (as in /usr/local/etc/raddb/users)
Password: testing-0 (as in /usr/local/etc/raddb/users)
Anonymous identity: (left open)
Client-Sert: (closed)
Client-Key: (closed)
Client-Key_password: whatever
Server-Sert: /usr/local/etc/raddb/certs/server.csr
I have made no changes in eap.conf and radius.conf
I try to start the radiusd -X with these changes (the previous test on
localhost is successful: Ready to process requests. And radtest test
gives the right feedback:Sending Access-Accept of id 178 to 127.0.0.1
port 1932,so this test part works)
Some of the messages from the radiusd -X with the changed client.conf:
radiusd: Loading Clients
client router {
ipaddr = 192.168.0.1
require_message_authenticator = no
secret = testing123
nastype = other
Re: a router as NAS
Thank you, I have done that already. The IP and the shared secret
is inside the EAP config of the router just like you say. I have
ping contact from the PC to the router. The configuration client
router { secret = testing123; ipaddr = 192.168.0.1; } should
work so that I would be able to send radtest sigbj testing-0
192.168.0.1 0 testing123 to the router to have the router call
the radiusd at 192.168.0.199. Using 127.0.0.1 there is full
acceptance both with radtetst -t eap-md5, chap, mschap, pap. It
IS working, and WELL too. -- The mysql part I have not tried out,
but it is not so important at this stage.
To me the radius is so well configured and constructed that it
should be this simple, at least taken in consideration the docu I
have read. The problem seems to be that call from the computer to
the NAS-client (the router) does not come through, or the NAS
will not send requests to the radius server. Again, it might be a
network problem, a missing part from my side, or something else.
Strange is it, because the router works with WAP-PSK
--
Si St
[1]sigbj...@operamail.com
On Sun, Jul 15, 2012, at 11:21 PM, Andrew Andonopoulos wrote:
Hi,
you can use the following to include all the IPs inside the
clients file:
client 0.0.0.0/0 {
secret = mysecret
shortname = myNAS
}
From the router's side you need to write a command to add your radius shar
ed key and ip. For example if it's allied telesis
radius-server key key
radius-server host ip
for cisco is something similar.
If you are using Mysql then you need to add it to the nas table but before
that you need to edit the sql.conf file and uncomment the radclients = ye
s
for example my Mysql nas table is like that:
++--+--+---+---++---+-
--++
| id | nasname | shortname| type | ports | secret | community | desc
ription | server |
++--+--+---+---++---+-
--++
| 1 |IP | Core | other | NULL | key | NULL | Radi
us Client | NULL |
| 2 |IP | ZoneDirector | other | NULL | key | NULL | Radi
us Client | NULL |
++--+--+---+---++---+-
--++
because i am using the core and the zone director as a NAS.
Good luck
Andrew
From: sigbj...@operamail.com
To: freeradius-users@lists.freeradius.org
Subject: a router as NAS
Date: Sun, 15 Jul 2012 18:49:18 +0200
(I think I messed up the previous posting by returning on a
previous by
Winter answered post. This message is found in the end of that
post. I
am sorry. Hope this one comes in with the new subject.)
Can I connect to radius via a router that has a guestzone? It
simply
means that the router has an extra guestzone interface that
also
contains choice for PSK or EAP
From the following information I wonder why the radiusd is not
responding.Remember I am trying to log in with the radius from
the PC
where the radius is installed. Radius is on 192.168.0.198 and I
am
attempting login or request from 192.168.0.198. This may also
be a
mistake. Maybe there will be a conflict betw 192.168.0.1 =
router and
192.168.0.198 localhost. I simply dont know.
The router is a DLINK 655
The OS is SuSE Linux Enterprise Desktop 10, ServPack 3
The radius is the freeradiu-sserver-2.1.12
Here are the fields from this zone in the router:
**ROUTER PART**
Use this section to configure the guest zone settings of your
router.
The guest zone provide a separate network zone for guest to
access
Internet:
--GUEST ZONE SELECTION--
Enable Guest Zone : (Yes)
Wireless Band : 2.4GHz Band
Wireless Network Name : EAP_sled (Also called the SSID)
Enable Routing Between Zones : (No)
Security Mode : WPA-Enterprise
--WPA--
WPA Mode : Auto (WPA or WPA2)
Cipher Type : TKIP and AES
Group Key Update Interval : 3600 (seconds)
--EAP (802.1x)--
When WPA enterprise is enabled, the router uses EAP (802.1x)
to
authenticate clients via a remote RADIUS server.
Authentication Timeout : 60 (minutes)
RADIUS server IP Address : 192.168.0.198
RADIUS server Port : 1812
RADIUS server Shared Secret : testing123
MAC Address Authentication : No
**CLIENT.CONF**
Then I change the client.conf from localhost 127.0.0.1 to the
IP of the
router 192.168.0.1
#client localhost {
# Allowed values are:
# dotted quad (1.2.3.4)
# hostname (radius.example.com)
# ipaddr = 127.0.0.1
# Test with router:
client router {
# Allowed values are:
# dotted quad (1.2.3.4)
# hostname (radius.example.com)
ipaddr = 192.168.0.1
#
and I keep rest of it as it was.
**/ETC/HOSTS/**
I put in a line in /etc/hosts/ (I am not sure if it is right or
necessary:
# IP-Address Full-Qualified-Hostname Short-Hostname
192.168.0.1 router dlink
**YAST CONFIG FOR THE USERCLIENT**
I change the setup in system (YaST)from PKS key to EAP:
--MODUS--
Accesspoint: (Yes)
Ad hoc: no
Master:
