Re: Authentication Failed
## # # Create a new client certificate, signed by the the above server # certificate. # ## client.csr client.key: client.cnf openssl req -new -out client.csr -keyout client.key -config ./client.cnf client.crt: client.csr ca.pem ca.key index.txt serial openssl ca -batch -keyfile ca.key -cert ca.pem -in client.csr -key $(PASSWORD_CA) -out client.crt -extensions xpclient_ext -extfile xpextensions -config ./client.cnf client.p12: client.crt openssl pkcs12 -export -in client.crt -inkey client.key -out client.p12 -passin pass:$(PASSWORD_CLIENT) -passout pass:$(PASSWORD_CLIENT) client.pem: client.p12 openssl pkcs12 -in client.p12 -out client.pem -passin pass:$(PASSWORD_CLIENT) -passout pass:$(PASSWORD_CLIENT) cp client.pem $(USER_NAME).pem .PHONY: server.vrfy client.vrfy: ca.pem client.pem c_rehash . openssl verify -CApath . client.pem 2010/1/20 Devinder Singh devinbhul...@gmail.com Hi Ivan, I cant seem to authenticate my Windows XP client using EAP authentication. I have folllowed the steps in /etc/raddb/certs This is my radius start up Module: Instantiating eap-tls tls { rsa_key_exchange = no dh_key_exchange = yes rsa_key_length = 512 dh_key_length = 512 verify_depth = 0 pem_file_type = yes private_key_file = /etc/raddb/certs/server.pem certificate_file = /etc/raddb/certs/server.pem CA_file = /etc/raddb/certs/ca.pem private_key_password = myettelap dh_file = /etc/raddb/certs/dh random_file = /etc/raddb/certs/random fragment_size = 1024 include_length = yes check_crl = no cipher_list = DEFAULT make_cert_command = /etc/raddb/certs/bootstrap cache { enable = no lifetime = 24 max_entries = 255 } } Module: Linked to sub-module rlm_eap_ttls Module: Instantiating eap-ttls ttls { default_eap_type = md5 copy_request_to_tunnel = no use_tunneled_reply = no virtual_server = inner-tunnel } Module: Linked to sub-module rlm_eap_peap Module: Instantiating eap-peap peap { default_eap_type = mschapv2 copy_request_to_tunnel = no use_tunneled_reply = no proxy_tunneled_request_as_eap = yes virtual_server = inner-tunnel } Module: Linked to sub-module rlm_eap_mschapv2 Module: Instantiating eap-mschapv2 mschapv2 { with_ntdomain_hack = no } Module: Checking authorize {...} for more modules to load Module: Linked to module rlm_realm Module: Instantiating suffix realm suffix { format = suffix delimiter = @ ignore_default = no ignore_null = no } Module: Linked to module rlm_files Module: Instantiating files files { usersfile = /etc/raddb/users acctusersfile = /etc/raddb/acct_users preproxy_usersfile = /etc/raddb/preproxy_users compat = no } Module: Checking session {...} for more modules to load Module: Linked to module rlm_radutmp Module: Instantiating radutmp radutmp { filename = /var/log/radius/radutmp username = %{User-Name} case_sensitive = yes check_with_nas = yes perm = 384 callerid = yes } Module: Checking post-proxy {...} for more modules to load Module: Checking post-auth {...} for more modules to load Module: Linked to module rlm_attr_filter Module: Instantiating attr_filter.access_reject attr_filter attr_filter.access_reject { attrsfile = /etc/raddb/attrs.access_reject key = %{User-Name} } } } modules { Module: Checking authenticate {...} for more modules to load Module: Checking authorize {...} for more modules to load Module: Linked to module rlm_preprocess Module: Instantiating preprocess preprocess { huntgroups = /etc/raddb/huntgroups hints = /etc/raddb/hints with_ascend_hack = no ascend_channels_per_line = 23 with_ntdomain_hack = no with_specialix_jetstream_hack = no with_cisco_vsa_hack = no with_alvarion_vsa_hack = no } Module: Checking preacct {...} for more modules to load Module: Linked to module rlm_acct_unique Module: Instantiating acct_unique acct_unique { key = User-Name, Acct-Session-Id, NAS-IP-Address, Client-IP-Address, NAS-Port } Module: Checking accounting {...} for more modules to load Module: Linked to module rlm_detail Module: Instantiating detail detail { detailfile = /var/log/radius/radacct/%{Client-IP-Address}/detail-%Y%m%d header = %t detailperm
Re: Authentication Failed
When i click on my SSID i get authentication failed. The Proxim AP reports Radius not connected and i dont get to see any reply on Radius Server 2010/1/20 Devinder Singh devinbhul...@gmail.com ## # # Create a new client certificate, signed by the the above server # certificate. # ## client.csr client.key: client.cnf openssl req -new -out client.csr -keyout client.key -config ./client.cnf client.crt: client.csr ca.pem ca.key index.txt serial openssl ca -batch -keyfile ca.key -cert ca.pem -in client.csr -key $(PASSWORD_CA) -out client.crt -extensions xpclient_ext -extfile xpextensions -config ./client.cnf client.p12: client.crt openssl pkcs12 -export -in client.crt -inkey client.key -out client.p12 -passin pass:$(PASSWORD_CLIENT) -passout pass:$(PASSWORD_CLIENT) client.pem: client.p12 openssl pkcs12 -in client.p12 -out client.pem -passin pass:$(PASSWORD_CLIENT) -passout pass:$(PASSWORD_CLIENT) cp client.pem $(USER_NAME).pem .PHONY: server.vrfy client.vrfy: ca.pem client.pem c_rehash . openssl verify -CApath . client.pem 2010/1/20 Devinder Singh devinbhul...@gmail.com Hi Ivan, I cant seem to authenticate my Windows XP client using EAP authentication. I have folllowed the steps in /etc/raddb/certs This is my radius start up Module: Instantiating eap-tls tls { rsa_key_exchange = no dh_key_exchange = yes rsa_key_length = 512 dh_key_length = 512 verify_depth = 0 pem_file_type = yes private_key_file = /etc/raddb/certs/server.pem certificate_file = /etc/raddb/certs/server.pem CA_file = /etc/raddb/certs/ca.pem private_key_password = myettelap dh_file = /etc/raddb/certs/dh random_file = /etc/raddb/certs/random fragment_size = 1024 include_length = yes check_crl = no cipher_list = DEFAULT make_cert_command = /etc/raddb/certs/bootstrap cache { enable = no lifetime = 24 max_entries = 255 } } Module: Linked to sub-module rlm_eap_ttls Module: Instantiating eap-ttls ttls { default_eap_type = md5 copy_request_to_tunnel = no use_tunneled_reply = no virtual_server = inner-tunnel } Module: Linked to sub-module rlm_eap_peap Module: Instantiating eap-peap peap { default_eap_type = mschapv2 copy_request_to_tunnel = no use_tunneled_reply = no proxy_tunneled_request_as_eap = yes virtual_server = inner-tunnel } Module: Linked to sub-module rlm_eap_mschapv2 Module: Instantiating eap-mschapv2 mschapv2 { with_ntdomain_hack = no } Module: Checking authorize {...} for more modules to load Module: Linked to module rlm_realm Module: Instantiating suffix realm suffix { format = suffix delimiter = @ ignore_default = no ignore_null = no } Module: Linked to module rlm_files Module: Instantiating files files { usersfile = /etc/raddb/users acctusersfile = /etc/raddb/acct_users preproxy_usersfile = /etc/raddb/preproxy_users compat = no } Module: Checking session {...} for more modules to load Module: Linked to module rlm_radutmp Module: Instantiating radutmp radutmp { filename = /var/log/radius/radutmp username = %{User-Name} case_sensitive = yes check_with_nas = yes perm = 384 callerid = yes } Module: Checking post-proxy {...} for more modules to load Module: Checking post-auth {...} for more modules to load Module: Linked to module rlm_attr_filter Module: Instantiating attr_filter.access_reject attr_filter attr_filter.access_reject { attrsfile = /etc/raddb/attrs.access_reject key = %{User-Name} } } } modules { Module: Checking authenticate {...} for more modules to load Module: Checking authorize {...} for more modules to load Module: Linked to module rlm_preprocess Module: Instantiating preprocess preprocess { huntgroups = /etc/raddb/huntgroups hints = /etc/raddb/hints with_ascend_hack = no ascend_channels_per_line = 23 with_ntdomain_hack = no with_specialix_jetstream_hack = no with_cisco_vsa_hack = no with_alvarion_vsa_hack = no } Module: Checking preacct {...} for more modules to load Module: Linked to module rlm_acct_unique Module: Instantiating acct_unique acct_unique { key = User-Name, Acct-Session-Id, NAS-IP-Address, Client-IP-Address, NAS-Port } Module: Checking accounting {...} for more
Re: Authentication Failed
After i had restarted my XP i get to see Windows was unable to log you on to palstaff. palstaff is my sssid Devinder 2010/1/20 Devinder Singh devinbhul...@gmail.com When i click on my SSID i get authentication failed. The Proxim AP reports Radius not connected and i dont get to see any reply on Radius Server 2010/1/20 Devinder Singh devinbhul...@gmail.com ## # # Create a new client certificate, signed by the the above server # certificate. # ## client.csr client.key: client.cnf openssl req -new -out client.csr -keyout client.key -config ./client.cnf client.crt: client.csr ca.pem ca.key index.txt serial openssl ca -batch -keyfile ca.key -cert ca.pem -in client.csr -key $(PASSWORD_CA) -out client.crt -extensions xpclient_ext -extfile xpextensions -config ./client.cnf client.p12: client.crt openssl pkcs12 -export -in client.crt -inkey client.key -out client.p12 -passin pass:$(PASSWORD_CLIENT) -passout pass:$(PASSWORD_CLIENT) client.pem: client.p12 openssl pkcs12 -in client.p12 -out client.pem -passin pass:$(PASSWORD_CLIENT) -passout pass:$(PASSWORD_CLIENT) cp client.pem $(USER_NAME).pem .PHONY: server.vrfy client.vrfy: ca.pem client.pem c_rehash . openssl verify -CApath . client.pem 2010/1/20 Devinder Singh devinbhul...@gmail.com Hi Ivan, I cant seem to authenticate my Windows XP client using EAP authentication. I have folllowed the steps in /etc/raddb/certs This is my radius start up Module: Instantiating eap-tls tls { rsa_key_exchange = no dh_key_exchange = yes rsa_key_length = 512 dh_key_length = 512 verify_depth = 0 pem_file_type = yes private_key_file = /etc/raddb/certs/server.pem certificate_file = /etc/raddb/certs/server.pem CA_file = /etc/raddb/certs/ca.pem private_key_password = myettelap dh_file = /etc/raddb/certs/dh random_file = /etc/raddb/certs/random fragment_size = 1024 include_length = yes check_crl = no cipher_list = DEFAULT make_cert_command = /etc/raddb/certs/bootstrap cache { enable = no lifetime = 24 max_entries = 255 } } Module: Linked to sub-module rlm_eap_ttls Module: Instantiating eap-ttls ttls { default_eap_type = md5 copy_request_to_tunnel = no use_tunneled_reply = no virtual_server = inner-tunnel } Module: Linked to sub-module rlm_eap_peap Module: Instantiating eap-peap peap { default_eap_type = mschapv2 copy_request_to_tunnel = no use_tunneled_reply = no proxy_tunneled_request_as_eap = yes virtual_server = inner-tunnel } Module: Linked to sub-module rlm_eap_mschapv2 Module: Instantiating eap-mschapv2 mschapv2 { with_ntdomain_hack = no } Module: Checking authorize {...} for more modules to load Module: Linked to module rlm_realm Module: Instantiating suffix realm suffix { format = suffix delimiter = @ ignore_default = no ignore_null = no } Module: Linked to module rlm_files Module: Instantiating files files { usersfile = /etc/raddb/users acctusersfile = /etc/raddb/acct_users preproxy_usersfile = /etc/raddb/preproxy_users compat = no } Module: Checking session {...} for more modules to load Module: Linked to module rlm_radutmp Module: Instantiating radutmp radutmp { filename = /var/log/radius/radutmp username = %{User-Name} case_sensitive = yes check_with_nas = yes perm = 384 callerid = yes } Module: Checking post-proxy {...} for more modules to load Module: Checking post-auth {...} for more modules to load Module: Linked to module rlm_attr_filter Module: Instantiating attr_filter.access_reject attr_filter attr_filter.access_reject { attrsfile = /etc/raddb/attrs.access_reject key = %{User-Name} } } } modules { Module: Checking authenticate {...} for more modules to load Module: Checking authorize {...} for more modules to load Module: Linked to module rlm_preprocess Module: Instantiating preprocess preprocess { huntgroups = /etc/raddb/huntgroups hints = /etc/raddb/hints with_ascend_hack = no ascend_channels_per_line = 23 with_ntdomain_hack = no with_specialix_jetstream_hack = no with_cisco_vsa_hack = no with_alvarion_vsa_hack = no } Module: Checking preacct {...} for more modules to load Module: Linked to module rlm_acct_unique Module
Re: Authentication Failed
Hello I have followed the procedures to create EAP certificates in etc/raddb/certs but when i copy the ca.der and client.P12 my windows XP cannot seem to authenticate to the radisu Server. I can se a small baloon appearing on xp stating failed to authenticate on palstaff. My Proxim AP reports Radius Server Error but i have already set the Radius Server IP address in the Proxim AP. I have also updated my make file as below to allow XP clients to authenticate ## # # Create a new client certificate, signed by the the above server # certificate. # ## client.csr client.key: client.cnf openssl req -new -out client.csr -keyout client.key -config ./client.cnf client.crt: client.csr ca.pem ca.key index.txt serial openssl ca -batch -keyfile ca.key -cert ca.pem -in client.csr -key $(PASSWORD_CA) -out client.crt -extensions xpclient_ext -extfile xpextensions -config ./client.cnf client.p12: client.crt openssl pkcs12 -export -in client.crt -inkey client.key -out client.p12 -passin pass:$(PASSWORD_CLIENT) -passout pass:$(PASSWORD_CLIENT) client.pem: client.p12 openssl pkcs12 -in client.p12 -out client.pem -passin pass:$(PASSWORD_CLIENT) -passout pass:$(PASSWORD_CLIENT) cp client.pem $(USER_NAME).pem .PHONY: server.vrfy client.vrfy: ca.pem client.pem c_rehash . openssl verify -CApath . client.pem $ rm -f *.pem *.der *.csr *.crt *.key *.p12 serial* index.txt* and redo the certificates. Please need help on this Regards Devinder 2010/1/20 Devinder Singh devinbhul...@gmail.com After i had restarted my XP i get to see Windows was unable to log you on to palstaff. palstaff is my sssid Devinder 2010/1/20 Devinder Singh devinbhul...@gmail.com When i click on my SSID i get authentication failed. The Proxim AP reports Radius not connected and i dont get to see any reply on Radius Server 2010/1/20 Devinder Singh devinbhul...@gmail.com ## # # Create a new client certificate, signed by the the above server # certificate. # ## client.csr client.key: client.cnf openssl req -new -out client.csr -keyout client.key -config ./client.cnf client.crt: client.csr ca.pem ca.key index.txt serial openssl ca -batch -keyfile ca.key -cert ca.pem -in client.csr -key $(PASSWORD_CA) -out client.crt -extensions xpclient_ext -extfile xpextensions -config ./client.cnf client.p12: client.crt openssl pkcs12 -export -in client.crt -inkey client.key -out client.p12 -passin pass:$(PASSWORD_CLIENT) -passout pass:$(PASSWORD_CLIENT) client.pem: client.p12 openssl pkcs12 -in client.p12 -out client.pem -passin pass:$(PASSWORD_CLIENT) -passout pass:$(PASSWORD_CLIENT) cp client.pem $(USER_NAME).pem .PHONY: server.vrfy client.vrfy: ca.pem client.pem c_rehash . openssl verify -CApath . client.pem 2010/1/20 Devinder Singh devinbhul...@gmail.com Hi Ivan, I cant seem to authenticate my Windows XP client using EAP authentication. I have folllowed the steps in /etc/raddb/certs This is my radius start up Module: Instantiating eap-tls tls { rsa_key_exchange = no dh_key_exchange = yes rsa_key_length = 512 dh_key_length = 512 verify_depth = 0 pem_file_type = yes private_key_file = /etc/raddb/certs/server.pem certificate_file = /etc/raddb/certs/server.pem CA_file = /etc/raddb/certs/ca.pem private_key_password = myettelap dh_file = /etc/raddb/certs/dh random_file = /etc/raddb/certs/random fragment_size = 1024 include_length = yes check_crl = no cipher_list = DEFAULT make_cert_command = /etc/raddb/certs/bootstrap cache { enable = no lifetime = 24 max_entries = 255 } } Module: Linked to sub-module rlm_eap_ttls Module: Instantiating eap-ttls ttls { default_eap_type = md5 copy_request_to_tunnel = no use_tunneled_reply = no virtual_server = inner-tunnel } Module: Linked to sub-module rlm_eap_peap Module: Instantiating eap-peap peap { default_eap_type = mschapv2 copy_request_to_tunnel = no use_tunneled_reply = no proxy_tunneled_request_as_eap = yes virtual_server = inner-tunnel } Module: Linked to sub-module rlm_eap_mschapv2 Module: Instantiating eap-mschapv2 mschapv2 { with_ntdomain_hack = no } Module: Checking authorize {...} for more modules to load Module: Linked to module rlm_realm Module: Instantiating suffix realm suffix { format
Re: Authentication Failed
Hi I had just checked my Proxim AP 700 and it seems to report that Radius Server not responding but i have already configured teh Radius Server Profiles and IP address in the AP What shoud i do Devinder 2010/1/20 Devinder Singh devinbhul...@gmail.com Hi Ivan, I created the certificates basd on the README file in etc/raddb and copied ca.der and client.p12 to Windows XP I also also made changed to the Makefile which runs on XP but when i connect to the SSID i get authentication failde and the radius does not seem to get any response from the Proxim AP. -- Devinder -- Devinder - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Decoupled accounting
Hi Ivan I had had followed the steps to create certitifactes for Win XP and configured the AP. Also copied the client.p12 and ca.der to XP machine When i double click on the SSID palstaff it shows the windows was unable to log you on to the palette network. Regards Devinder - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
WinXP 802.1x
2010/1/20 Devinder Singh devinbhul...@gmail.com Hi Ivan I had had followed the steps to create certitifactes for Win XP and configured the AP. Also copied the client.p12 and ca.der to XP machine When i double click on the SSID palstaff it shows the windows was unable to log you on to the palette network. Regards Devinder -- Devinder - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Authentication Failed
Hi Ivan, I created the certificates basd on the README file in etc/raddb and copied ca.der and client.p12 to Windows XP I also also made changed to the Makefile which runs on XP but when i connect to the SSID i get authentication failde and the radius does not seem to get any response from the Proxim AP. -- Devinder - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Authentication Failed
Hi Ivan, I cant seem to authenticate my Windows XP client using EAP authentication. I have folllowed the steps in /etc/raddb/certs This is my radius start up Module: Instantiating eap-tls tls { rsa_key_exchange = no dh_key_exchange = yes rsa_key_length = 512 dh_key_length = 512 verify_depth = 0 pem_file_type = yes private_key_file = /etc/raddb/certs/server.pem certificate_file = /etc/raddb/certs/server.pem CA_file = /etc/raddb/certs/ca.pem private_key_password = myettelap dh_file = /etc/raddb/certs/dh random_file = /etc/raddb/certs/random fragment_size = 1024 include_length = yes check_crl = no cipher_list = DEFAULT make_cert_command = /etc/raddb/certs/bootstrap cache { enable = no lifetime = 24 max_entries = 255 } } Module: Linked to sub-module rlm_eap_ttls Module: Instantiating eap-ttls ttls { default_eap_type = md5 copy_request_to_tunnel = no use_tunneled_reply = no virtual_server = inner-tunnel } Module: Linked to sub-module rlm_eap_peap Module: Instantiating eap-peap peap { default_eap_type = mschapv2 copy_request_to_tunnel = no use_tunneled_reply = no proxy_tunneled_request_as_eap = yes virtual_server = inner-tunnel } Module: Linked to sub-module rlm_eap_mschapv2 Module: Instantiating eap-mschapv2 mschapv2 { with_ntdomain_hack = no } Module: Checking authorize {...} for more modules to load Module: Linked to module rlm_realm Module: Instantiating suffix realm suffix { format = suffix delimiter = @ ignore_default = no ignore_null = no } Module: Linked to module rlm_files Module: Instantiating files files { usersfile = /etc/raddb/users acctusersfile = /etc/raddb/acct_users preproxy_usersfile = /etc/raddb/preproxy_users compat = no } Module: Checking session {...} for more modules to load Module: Linked to module rlm_radutmp Module: Instantiating radutmp radutmp { filename = /var/log/radius/radutmp username = %{User-Name} case_sensitive = yes check_with_nas = yes perm = 384 callerid = yes } Module: Checking post-proxy {...} for more modules to load Module: Checking post-auth {...} for more modules to load Module: Linked to module rlm_attr_filter Module: Instantiating attr_filter.access_reject attr_filter attr_filter.access_reject { attrsfile = /etc/raddb/attrs.access_reject key = %{User-Name} } } } modules { Module: Checking authenticate {...} for more modules to load Module: Checking authorize {...} for more modules to load Module: Linked to module rlm_preprocess Module: Instantiating preprocess preprocess { huntgroups = /etc/raddb/huntgroups hints = /etc/raddb/hints with_ascend_hack = no ascend_channels_per_line = 23 with_ntdomain_hack = no with_specialix_jetstream_hack = no with_cisco_vsa_hack = no with_alvarion_vsa_hack = no } Module: Checking preacct {...} for more modules to load Module: Linked to module rlm_acct_unique Module: Instantiating acct_unique acct_unique { key = User-Name, Acct-Session-Id, NAS-IP-Address, Client-IP-Address, NAS-Port } Module: Checking accounting {...} for more modules to load Module: Linked to module rlm_detail Module: Instantiating detail detail { detailfile = /var/log/radius/radacct/%{Client-IP-Address}/detail-%Y%m%d header = %t detailperm = 384 dirperm = 493 locking = no log_packet_header = no } Module: Instantiating attr_filter.accounting_response attr_filter attr_filter.accounting_response { attrsfile = /etc/raddb/attrs.accounting_response key = %{User-Name} } Module: Checking session {...} for more modules to load Module: Checking post-proxy {...} for more modules to load Module: Checking post-auth {...} for more modules to load } radiusd: Opening IP addresses and Ports listen { type = auth ipaddr = * port = 0 } listen { type = acct ipaddr = * port = 0 } Listening on authentication address * port 1812 Listening on accounting address * port 1813 Listening on proxy address * port 1814 Ready to process requests. ^[[6~^[[6~ 2010/1/20 Devinder Singh devinbhul...@gmail.com Hi Ivan, I created the certificates basd on the README file in etc/raddb and copied ca.der and client.p12 to Windows XP I also also made changed to the Makefile which runs on XP but when i connect to the SSID i get authentication failde and the radius does not seem to get any response from the Proxim AP. -- Devinder -- Devinder - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
802.1x EAP
Hi Ivan I managed to install the certificates on XP machine and works filn. I had configured my AP IP addresss in radius Server and shared secret key.yesterday i can get an Ip address when i click on the SSID today i get limited network connectivity. I hse VLAN 3 on the SSID. It was working well yesterday morning. Please could you let me know if i need to configure anything on my AP. Thanks My radius and AP are on the same subnet 203.121.4.x -- Devinder - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: How to control users traffic ?
Hi Have you tried using WISPr attributes to control bandwidth. These are set in the Radius database server. 2009/8/18 Andrew Paternoster and...@gpk.net.au: Does anyone have any Example policies that they can share. I'm trying to work out how to send attributes to my cisco NAS when the suers reach their traffic limit. I have looked around and cannot find how to make these policies mentioned below. Can any one point me in the right direction? Thanks -- Andrew Paternoster GPK Computers Pty Ltd T 1300 854 223 F 1300 854 228 --- The information contained in or accompanying this e-mail is intended only for the use of the stated recipient and may contain information that is confidential and/or privileged. If the reader is not the intended recipient or the agent thereof, you are hereby notified that any dissemination, distribution or copying of this e-mail is strictly prohibited and may constitute a breach of confidence and/or privilege. If you have received this e-mail in error, please notify us immediately. Any views or opinions presented are those solely of the author and do not necessarily represent those of GPK Computers Pty Ltd.. Warning: Although the company has taken reasonable precautions to ensure no viruses are present in this e-mail, the company cannot accept responsibility for any loss or damage arising from the use of this e-mail or attachments --- Senior System Engineer-Original Message- From: freeradius-users-bounces+andrew=gpk.net...@lists.freeradius.org [mailto:freeradius-users-bounces+andrew=gpk.net...@lists.freeradius.org] On Behalf Of Ivan Kalik Sent: Tuesday, 7 July 2009 7:12 PM To: FreeRadius users mailing list Subject: Re: How to control users traffic ? Which is conventional way for checking online users traffic volume and disconnecting who reach to the limit of every user in freeradius: There are no standard radius attributes for this. Your NAS might have vendor specific attributes that can be used for data (sql)counters but many don't. 1- using acct-interim packets to update output or input octets in sql and if user reach to the max of its accounting permission disconnect him/her.(Is there any patch to do this ?) Again, this will depend on NAS supporting PoD or CoA. You can make a policy that sends instructions to NAS to disconnect the user if he goes over the limit on update packet. If it doesn't, you should still be able to disconnect the user using SNMP. 2- freeradius sends Session-Octets-Limit to the NAS and NAS can does this? If it has such VSA. You can then use standard (sql)counter. Ivan Kalik Kalik Informatika ISP - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- Devinder - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
WPA Authentication
Hi I have followed the instructions in /etc/raddb/certs to generate root server and client certificates . i copied root.der and client.p12 to XP machine and managed to install without any problems on XP i had configured Proxim AP 700 with WPA authentication When i click on SSID palstaff i get a pop up to select the client devin...@palettemm.com When i ran radisud -X i get some strange error in SSL Need you assistance on this. files] users: Matched entry devin...@palettemm.com at line 94 ++[files] returns ok ++[expiration] returns noop ++[logintime] returns noop ++[pap] returns noop Found Auth-Type = EAP +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/tls [eap] processing type tls [tls] Authenticate [tls] processing EAP-TLS [tls] eaptls_verify returned 7 [tls] Done initial handshake [tls] TLS 1.0 Handshake [length 03b2], Certificate -- verify error:num=20:unable to get local issuer certificate [tls] TLS 1.0 Alert [length 0002], fatal unknown_ca TLS Alert write:fatal:unknown CA TLS_accept:error in SSLv3 read client certificate B rlm_eap: SSL error error:140890B2:SSL routines:SSL3_GET_CLIENT_CERTIFICATE:no certificate returned SSL: SSL_read failed in a system call (-1), TLS session fails. TLS receive handshake failed during operation [tls] eaptls_process returned 4 [eap] Handler failed in EAP/tls [eap] Failed in EAP select ++[eap] returns invalid Failed to authenticate the user. Using Post-Auth-Type Reject +- entering group REJECT {...} [attr_filter.access_reject] expand: %{User-Name} - devin...@palettemm.com attr_filter: Matched entry DEFAULT at line 11 ++[attr_filter.access_reject] returns updated Delaying reject of request 6 for 1 seconds Going to the next request Waking up in 0.9 seconds. Sending delayed reject for request 6 Sending Access-Reject of id 126 to 203.121.4.59 port 6001 EAP-Message = 0x04070004 Message-Authenticator = 0x Waking up in 3.8 seconds. Cleaning up request 0 ID 120 with timestamp +781 Cleaning up request 1 ID 121 with timestamp +781 Cleaning up request 2 ID 122 with timestamp +781 Cleaning up request 3 ID 123 with timestamp +781 Cleaning up request 4 ID 124 with timestamp +781 Cleaning up request 5 ID 125 with timestamp +781 Waking up in 1.0 seconds. Cleaning up request 6 ID 126 with timestamp +781 Ready to process requests. Devinder - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Decoupled accounting
HI Ivan Thanks. Yes i have double click on the ca.der file and client.p12 both were installed successfuly. I also manaed to set up my SSID palstaff and when i click on the SSID i see a pop up windows on my wireles LAN asking for my username on certificate and i selected devin...@palettemm.com from the combo drop down list and click OK when i click OK radius reports the following error TLS Alert write:fatal:unknown CA TLS_accept:error in SSLv3 read client certificate B rlm_eap: SSL error error:140890B2:SSL routines:SSL3_GET_CLIENT_CERTIFICATE:no certificate returned SSL: SSL_read failed in a system call (-1), TLS session fails. TLS receive handshake failed during operation [tls] eaptls_process returned 4 [eap] Handler failed in EAP/tls [eap] Failed in EAP select ++[eap] returns invalid Failed to authenticate the user. Using Post-Auth-Type Reject +- entering group REJECT {...} [attr_filter.access_reject] expand: %{User-Name} - devin...@palettemm.com attr_filter: Matched entry DEFAULT at line 11 ++[attr_filter.access_reject] returns updated Delaying reject of request 6 for 1 seconds Going to the next request Waking up in 0.9 seconds. Sending delayed reject for request 6 Sending Access-Reject of id 133 to 203.121.4.59 port 6001 EAP-Message = 0x040a0004 Message-Authenticator = 0x Waking up in 3.6 seconds. Cleaning up request 0 ID 127 with timestamp +18 Cleaning up request 1 ID 128 with timestamp +18 Cleaning up request 2 ID 129 with timestamp +18 Cleaning up request 3 ID 130 with timestamp +18 Cleaning up request 4 ID 131 with timestamp +18 Waking up in 0.2 seconds. Cleaning up request 5 ID 132 with timestamp +18 Waking up in 1.0 seconds. Cleaning up request 6 ID 133 with timestamp +19 Ready to process requests. 2009/8/4 Ivan Kalik t...@kalik.net: I mnaged to follow the steps in /etc/raddb/certs/README and copied ca.der and client.p12 to XP machine It looks like you have copied them but not installed them in the certificate store. Double-click the certificates and install them first. Ivan Kalik Kalik Informatika ISP -- Devinder - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Decoupled accounting
Ok i took your advise and yes its a diffeenrent error now Listening on authentication address * port 1812 Listening on accounting address * port 1813 Listening on proxy address * port 1814 Ready to process requests. rad_recv: Access-Request packet from host 203.121.4.59 port 6001, id=134, length=181 User-Name = devin...@palettemm.com NAS-IP-Address = 203.121.4.59 Called-Station-Id = 00-20-a6-6c-49-9d:palstaff Calling-Station-Id = 00-04-23-7b-56-b9 NAS-Identifier = ORiNOCO-AP-700-6c-49-9d Framed-MTU = 1400 NAS-Port-Type = Wireless-802.11 EAP-Message = 0x0203001b01646576696e6465724070616c657474656d6d2e636f6d Message-Authenticator = 0xb7f29ed2232abda7b5b24bb131883617 +- entering group authorize {...} ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop [suffix] Looking up realm palettemm.com for User-Name = devin...@palettemm.com [suffix] No such realm palettemm.com ++[suffix] returns noop [eap] EAP packet type response id 3 length 27 [eap] No EAP Start, assuming it's an on-going EAP conversation ++[eap] returns updated ++[unix] returns notfound [files] users: Matched entry devin...@palettemm.com at line 94 ++[files] returns ok ++[expiration] returns noop ++[logintime] returns noop [pap] WARNING! No known good password found for the user. Authentication may fail because of this. ++[pap] returns noop Found Auth-Type = EAP +- entering group authenticate {...} [eap] EAP Identity [eap] processing type md5 rlm_eap_md5: Issuing Challenge ++[eap] returns handled Sending Access-Challenge of id 134 to 203.121.4.59 port 6001 EAP-Message = 0x010400160410edd3007f1e599b71120693ed62eaee7c Message-Authenticator = 0x State = 0x17b5db9117b1dfd16583cca5ed9db022 Finished request 0. Going to the next request Waking up in 4.9 seconds. Cleaning up request 0 ID 134 with timestamp +1 Ready to process requests. 2009/8/4 Devinder Singh devinbhul...@gmail.com: HI Ivan Thanks. Yes i have double click on the ca.der file and client.p12 both were installed successfuly. I also manaed to set up my SSID palstaff and when i click on the SSID i see a pop up windows on my wireles LAN asking for my username on certificate and i selected devin...@palettemm.com from the combo drop down list and click OK when i click OK radius reports the following error TLS Alert write:fatal:unknown CA TLS_accept:error in SSLv3 read client certificate B rlm_eap: SSL error error:140890B2:SSL routines:SSL3_GET_CLIENT_CERTIFICATE:no certificate returned SSL: SSL_read failed in a system call (-1), TLS session fails. TLS receive handshake failed during operation [tls] eaptls_process returned 4 [eap] Handler failed in EAP/tls [eap] Failed in EAP select ++[eap] returns invalid Failed to authenticate the user. Using Post-Auth-Type Reject +- entering group REJECT {...} [attr_filter.access_reject] expand: %{User-Name} - devin...@palettemm.com attr_filter: Matched entry DEFAULT at line 11 ++[attr_filter.access_reject] returns updated Delaying reject of request 6 for 1 seconds Going to the next request Waking up in 0.9 seconds. Sending delayed reject for request 6 Sending Access-Reject of id 133 to 203.121.4.59 port 6001 EAP-Message = 0x040a0004 Message-Authenticator = 0x Waking up in 3.6 seconds. Cleaning up request 0 ID 127 with timestamp +18 Cleaning up request 1 ID 128 with timestamp +18 Cleaning up request 2 ID 129 with timestamp +18 Cleaning up request 3 ID 130 with timestamp +18 Cleaning up request 4 ID 131 with timestamp +18 Waking up in 0.2 seconds. Cleaning up request 5 ID 132 with timestamp +18 Waking up in 1.0 seconds. Cleaning up request 6 ID 133 with timestamp +19 Ready to process requests. 2009/8/4 Ivan Kalik t...@kalik.net: I mnaged to follow the steps in /etc/raddb/certs/README and copied ca.der and client.p12 to XP machine It looks like you have copied them but not installed them in the certificate store. Double-click the certificates and install them first. Ivan Kalik Kalik Informatika ISP -- Devinder -- Devinder - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Decoupled accounting
Hi Ivan I still get the same error now Found Auth-Type = EAP +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/tls [eap] processing type tls [tls] Authenticate [tls] processing EAP-TLS [tls] eaptls_verify returned 7 [tls] Done initial handshake [tls] TLS 1.0 Handshake [length 03b2], Certificate -- verify error:num=20:unable to get local issuer certificate [tls] TLS 1.0 Alert [length 0002], fatal unknown_ca TLS Alert write:fatal:unknown CA TLS_accept:error in SSLv3 read client certificate B rlm_eap: SSL error error:140890B2:SSL routines:SSL3_GET_CLIENT_CERTIFICATE:no certificate returned SSL: SSL_read failed in a system call (-1), TLS session fails. TLS receive handshake failed during operation [tls] eaptls_process returned 4 [eap] Handler failed in EAP/tls [eap] Failed in EAP select ++[eap] returns invalid Failed to authenticate the user. Using Post-Auth-Type Reject +- entering group REJECT {...} [attr_filter.access_reject] expand: %{User-Name} - devin...@palettemm.com attr_filter: Matched entry DEFAULT at line 11 ++[attr_filter.access_reject] returns updated Delaying reject of request 7 for 1 seconds Going to the next request Waking up in 0.9 seconds. Sending delayed reject for request 7 Sending Access-Reject of id 141 to 203.121.4.59 port 6001 EAP-Message = 0x04070004 Message-Authenticator = 0x Waking up in 3.8 seconds. Cleaning up request 1 ID 135 with timestamp +120 Cleaning up request 2 ID 136 with timestamp +120 Cleaning up request 3 ID 137 with timestamp +120 Cleaning up request 4 ID 138 with timestamp +120 Cleaning up request 5 ID 139 with timestamp +120 Cleaning up request 6 ID 140 with timestamp +120 Waking up in 1.0 seconds. Cleaning up request 7 ID 141 with timestamp +120 Ready to process requests. 2009/8/4 Devinder Singh devinbhul...@gmail.com: Ok i took your advise and yes its a diffeenrent error now Listening on authentication address * port 1812 Listening on accounting address * port 1813 Listening on proxy address * port 1814 Ready to process requests. rad_recv: Access-Request packet from host 203.121.4.59 port 6001, id=134, length=181 User-Name = devin...@palettemm.com NAS-IP-Address = 203.121.4.59 Called-Station-Id = 00-20-a6-6c-49-9d:palstaff Calling-Station-Id = 00-04-23-7b-56-b9 NAS-Identifier = ORiNOCO-AP-700-6c-49-9d Framed-MTU = 1400 NAS-Port-Type = Wireless-802.11 EAP-Message = 0x0203001b01646576696e6465724070616c657474656d6d2e636f6d Message-Authenticator = 0xb7f29ed2232abda7b5b24bb131883617 +- entering group authorize {...} ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop [suffix] Looking up realm palettemm.com for User-Name = devin...@palettemm.com [suffix] No such realm palettemm.com ++[suffix] returns noop [eap] EAP packet type response id 3 length 27 [eap] No EAP Start, assuming it's an on-going EAP conversation ++[eap] returns updated ++[unix] returns notfound [files] users: Matched entry devin...@palettemm.com at line 94 ++[files] returns ok ++[expiration] returns noop ++[logintime] returns noop [pap] WARNING! No known good password found for the user. Authentication may fail because of this. ++[pap] returns noop Found Auth-Type = EAP +- entering group authenticate {...} [eap] EAP Identity [eap] processing type md5 rlm_eap_md5: Issuing Challenge ++[eap] returns handled Sending Access-Challenge of id 134 to 203.121.4.59 port 6001 EAP-Message = 0x010400160410edd3007f1e599b71120693ed62eaee7c Message-Authenticator = 0x State = 0x17b5db9117b1dfd16583cca5ed9db022 Finished request 0. Going to the next request Waking up in 4.9 seconds. Cleaning up request 0 ID 134 with timestamp +1 Ready to process requests. 2009/8/4 Devinder Singh devinbhul...@gmail.com: HI Ivan Thanks. Yes i have double click on the ca.der file and client.p12 both were installed successfuly. I also manaed to set up my SSID palstaff and when i click on the SSID i see a pop up windows on my wireles LAN asking for my username on certificate and i selected devin...@palettemm.com from the combo drop down list and click OK when i click OK radius reports the following error TLS Alert write:fatal:unknown CA TLS_accept:error in SSLv3 read client certificate B rlm_eap: SSL error error:140890B2:SSL routines:SSL3_GET_CLIENT_CERTIFICATE:no certificate returned SSL: SSL_read failed in a system call (-1), TLS session fails. TLS receive handshake failed during operation [tls] eaptls_process returned 4 [eap] Handler failed in EAP/tls [eap] Failed in EAP select ++[eap] returns invalid Failed to authenticate the user. Using Post-Auth-Type Reject +- entering group REJECT {...} [attr_filter.access_reject] expand: %{User-Name} - devin...@palettemm.com attr_filter: Matched entry DEFAULT at line 11
Re: Decoupled accounting
Hi Ivan, ok could you let me know what do i need to alter in the Make File. Just wanted to make sure i dont do something wrong here What are the steps that i need to take to do this. I can see a Makefile in /etc/raddb/certs Thanks Devinder 2009/8/4 Ivan Kalik t...@kalik.net: OK, I think this is the issue where Windows refuses to accept server certificate as the intermediate CA. You should alter Makefile in certs to sign client certificates with CA and not server certificate. Ivan Kalik Kalik Informatika ISP Hi Ivan I still get the same error now Found Auth-Type = EAP +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/tls [eap] processing type tls [tls] Authenticate [tls] processing EAP-TLS [tls] eaptls_verify returned 7 [tls] Done initial handshake [tls] TLS 1.0 Handshake [length 03b2], Certificate -- verify error:num=20:unable to get local issuer certificate [tls] TLS 1.0 Alert [length 0002], fatal unknown_ca TLS Alert write:fatal:unknown CA TLS_accept:error in SSLv3 read client certificate B rlm_eap: SSL error error:140890B2:SSL routines:SSL3_GET_CLIENT_CERTIFICATE:no certificate returned SSL: SSL_read failed in a system call (-1), TLS session fails. TLS receive handshake failed during operation [tls] eaptls_process returned 4 [eap] Handler failed in EAP/tls [eap] Failed in EAP select ++[eap] returns invalid Failed to authenticate the user. Using Post-Auth-Type Reject +- entering group REJECT {...} [attr_filter.access_reject] expand: %{User-Name} - devin...@palettemm.com attr_filter: Matched entry DEFAULT at line 11 ++[attr_filter.access_reject] returns updated Delaying reject of request 7 for 1 seconds Going to the next request Waking up in 0.9 seconds. Sending delayed reject for request 7 Sending Access-Reject of id 141 to 203.121.4.59 port 6001 EAP-Message = 0x04070004 Message-Authenticator = 0x Waking up in 3.8 seconds. Cleaning up request 1 ID 135 with timestamp +120 Cleaning up request 2 ID 136 with timestamp +120 Cleaning up request 3 ID 137 with timestamp +120 Cleaning up request 4 ID 138 with timestamp +120 Cleaning up request 5 ID 139 with timestamp +120 Cleaning up request 6 ID 140 with timestamp +120 Waking up in 1.0 seconds. Cleaning up request 7 ID 141 with timestamp +120 Ready to process requests. 2009/8/4 Devinder Singh devinbhul...@gmail.com: Ok i took your advise and yes its a diffeenrent error now Listening on authentication address * port 1812 Listening on accounting address * port 1813 Listening on proxy address * port 1814 Ready to process requests. rad_recv: Access-Request packet from host 203.121.4.59 port 6001, id=134, length=181 User-Name = devin...@palettemm.com NAS-IP-Address = 203.121.4.59 Called-Station-Id = 00-20-a6-6c-49-9d:palstaff Calling-Station-Id = 00-04-23-7b-56-b9 NAS-Identifier = ORiNOCO-AP-700-6c-49-9d Framed-MTU = 1400 NAS-Port-Type = Wireless-802.11 EAP-Message = 0x0203001b01646576696e6465724070616c657474656d6d2e636f6d Message-Authenticator = 0xb7f29ed2232abda7b5b24bb131883617 +- entering group authorize {...} ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop [suffix] Looking up realm palettemm.com for User-Name = devin...@palettemm.com [suffix] No such realm palettemm.com ++[suffix] returns noop [eap] EAP packet type response id 3 length 27 [eap] No EAP Start, assuming it's an on-going EAP conversation ++[eap] returns updated ++[unix] returns notfound [files] users: Matched entry devin...@palettemm.com at line 94 ++[files] returns ok ++[expiration] returns noop ++[logintime] returns noop [pap] WARNING! No known good password found for the user. Authentication may fail because of this. ++[pap] returns noop Found Auth-Type = EAP +- entering group authenticate {...} [eap] EAP Identity [eap] processing type md5 rlm_eap_md5: Issuing Challenge ++[eap] returns handled Sending Access-Challenge of id 134 to 203.121.4.59 port 6001 EAP-Message = 0x010400160410edd3007f1e599b71120693ed62eaee7c Message-Authenticator = 0x State = 0x17b5db9117b1dfd16583cca5ed9db022 Finished request 0. Going to the next request Waking up in 4.9 seconds. Cleaning up request 0 ID 134 with timestamp +1 Ready to process requests. 2009/8/4 Devinder Singh devinbhul...@gmail.com: HI Ivan Thanks. Yes i have double click on the ca.der file and client.p12 both were installed successfuly. I also manaed to set up my SSID palstaff and when i click on the SSID i see a pop up windows on my wireles LAN asking for my username on certificate and i selected devin...@palettemm.com from the combo drop down list and click OK when i click OK radius reports the following error TLS Alert write:fatal:unknown CA TLS_accept:error in SSLv3
Re: Decoupled accounting
Ok once i have made the changes shoud i repeat the steps in the /etc/raddb/README to generate the certs , server and client once again? 2009/8/4 Ivan Kalik t...@kalik.net: ok could you let me know what do i need to alter in the Make File. Just wanted to make sure i dont do something wrong here What are the steps that i need to take to do this. I can see a Makefile in /etc/raddb/certs I don't know much about makefiles. I have altered one using hit and miss method. Alter the client section like this: client.csr client.key: client.cnf openssl req -new -out client.csr -keyout client.key -config ./client.cnf client.crt: client.csr ca.pem ca.key index.txt serial openssl ca -batch -keyfile ca.key -cert ca.pem -in client.csr -key $(PASSWORD_CA) -out client.crt -extensions xpclient_ext -extfile xpextensions -config ./client.cnf client.p12: client.crt openssl pkcs12 -export -in client.crt -inkey client.key -out client.p12 -passin pass:$(PASSWORD_CLIENT) -passout pass:$(PASSWORD_CLIENT) client.pem: client.p12 openssl pkcs12 -in client.p12 -out client.pem -passin pass:$(PASSWORD_CLIENT) -passout pass:$(PASSWORD_CLIENT) cp client.pem $(USER_NAME).pem .PHONY: server.vrfy client.vrfy: ca.pem client.pem c_rehash . openssl verify -CApath . client.pem Ivan Kalik Kalik Informatika ISP -- Devinder - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: WPA
Hi Ivan These are the changes made to Makefile client.csr client.key: client.cnf openssl req -new -out client.csr -keyout client.key -config ./client.cnf client.crt: client.csr ca.pem ca.key index.txt serial openssl ca -batch -keyfile ca.key -cert ca.pem -in client.csr -key $(PASSWORD_CA) -out client.crt -extensions xpclient_ext -extfile xpextensions -config ./client.cnf client.p12: client.crt openssl pkcs12 -export -in client.crt -inkey client.key -out client.p12 -passin pass:$(PASSWORD_CLIENT) -passout pass:$(PASSWORD_CLIENT) client.pem: client.p12 openssl pkcs12 -in client.p12 -out client.pem -passin pass:$(PASSWORD_CLIENT) -passout pass:$(PASSWORD_CLIENT) cp client.pem $(USER_NAME).pem .PHONY: server.vrfy client.vrfy: ca.pem client.pem c_rehash . openssl verify -CApath . client.pem Ok iam about to re do the certiicates do i need to delete any files from /certs directory? 2009/8/4 Devinder Singh devinbhul...@gmail.com: Ok 2009/8/4 Ivan Kalik t...@kalik.net: Ok once i have made the changes shoud i repeat the steps in the /etc/raddb/README to generate the certs , server and client once again? Yes, make certificates again. Ivan Kalik Kalik Informatika ISP -- Devinder -- Devinder - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Decoupled accounting
Hi Ivan Before i generate the certificates do i need to delete any files from /etc/raddb/certs folder Devinder 2009/8/4 Ivan Kalik t...@kalik.net: Ok once i have made the changes shoud i repeat the steps in the /etc/raddb/README to generate the certs , server and client once again? Yes, make certificates again. Ivan Kalik Kalik Informatika ISP -- Devinder - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Decoupled accounting
Hi Ivan. Ok i have reformetated my machine and installed Radius 2.1.1 from Yast Open Suse 11. I followed the instructions in /etc/raddb/certs/README Module: Linked to sub-module rlm_eap_tls Module: Instantiating eap-tls tls { rsa_key_exchange = no dh_key_exchange = yes rsa_key_length = 512 dh_key_length = 512 verify_depth = 0 pem_file_type = yes private_key_file = /etc/raddb/certs/server.pem certificate_file = /etc/raddb/certs/server.pem CA_file = /etc/raddb/certs/ca.pem private_key_password = whatever dh_file = /etc/raddb/certs/dh random_file = /etc/raddb/certs/random fragment_size = 1024 include_length = yes check_crl = no cipher_list = DEFAULT make_cert_command = /etc/raddb/certs/bootstrap cache { enable = no lifetime = 24 max_entries = 255 } } rlm_eap: SSL error error:0200100D:system library:fopen:Permission denied rlm_eap_tls: Error reading certificate file /etc/raddb/certs/server.pem rlm_eap: Failed to initialize type tls /etc/raddb/eap.conf[17]: Instantiation failed for module eap /etc/raddb/sites-enabled/inner-tunnel[223]: Failed to find module eap. /etc/raddb/sites-enabled/inner-tunnel[176]: Errors parsing authenticate section. } } Errors initializing modules 2009/8/1 Ivan Kalik t...@kalik.net: I refeer only to version 1.0.4 for the serial file as its not there in /etc/raddb/certs/demoCA so i get the serial file from version 1.0.4 But i still get the errror message Bad Encrypt. What shoud i do next. How about following the instructions in raddb/certs/README file? Ivan Kalik Kalik Informatika ISP -- Devinder - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Decoupled accounting
Hi Ivan, these are the files in the /cert directory after i had ran the instruction in RREADME Could you let me know how to fix the errors Thanks linux-h9qt:/etc/raddb/certs # ls 01.pem ca.cnf client.cnf client.p12 index.txt Makefile serial.old server.key 02.pem ca.der client.crt client.pem index.txt.attr randomserver.cnf server.p12 03.pem ca.key client.csr devin...@palettemm.com.pem index.txt.attr.old READMEserver.crt server.pem bootstrap ca.pem client.key dh index.txt.old serialserver.csr xpextensions 2009/8/3 Devinder Singh devinbhul...@gmail.com: Hi Ivan. Ok i have reformetated my machine and installed Radius 2.1.1 from Yast Open Suse 11. I followed the instructions in /etc/raddb/certs/README Module: Linked to sub-module rlm_eap_tls Module: Instantiating eap-tls tls { rsa_key_exchange = no dh_key_exchange = yes rsa_key_length = 512 dh_key_length = 512 verify_depth = 0 pem_file_type = yes private_key_file = /etc/raddb/certs/server.pem certificate_file = /etc/raddb/certs/server.pem CA_file = /etc/raddb/certs/ca.pem private_key_password = whatever dh_file = /etc/raddb/certs/dh random_file = /etc/raddb/certs/random fragment_size = 1024 include_length = yes check_crl = no cipher_list = DEFAULT make_cert_command = /etc/raddb/certs/bootstrap cache { enable = no lifetime = 24 max_entries = 255 } } rlm_eap: SSL error error:0200100D:system library:fopen:Permission denied rlm_eap_tls: Error reading certificate file /etc/raddb/certs/server.pem rlm_eap: Failed to initialize type tls /etc/raddb/eap.conf[17]: Instantiation failed for module eap /etc/raddb/sites-enabled/inner-tunnel[223]: Failed to find module eap. /etc/raddb/sites-enabled/inner-tunnel[176]: Errors parsing authenticate section. } } Errors initializing modules 2009/8/1 Ivan Kalik t...@kalik.net: I refeer only to version 1.0.4 for the serial file as its not there in /etc/raddb/certs/demoCA so i get the serial file from version 1.0.4 But i still get the errror message Bad Encrypt. What shoud i do next. How about following the instructions in raddb/certs/README file? Ivan Kalik Kalik Informatika ISP -- Devinder -- Devinder - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Decoupled accounting
Hi Ivan I did this chown root:radiusd /etc/raddb/certs/server.pem chown root:radiusd /etc/raddb/certs/ca.pem and then i got the error Module: Instantiating eap-tls tls { rsa_key_exchange = no dh_key_exchange = yes rsa_key_length = 512 dh_key_length = 512 verify_depth = 0 pem_file_type = yes private_key_file = /etc/raddb/certs/server.pem certificate_file = /etc/raddb/certs/server.pem CA_file = /etc/raddb/certs/ca.pem private_key_password = whatever dh_file = /etc/raddb/certs/dh random_file = /etc/raddb/certs/random fragment_size = 1024 include_length = yes check_crl = no cipher_list = DEFAULT make_cert_command = /etc/raddb/certs/bootstrap cache { enable = no lifetime = 24 max_entries = 255 } } rlm_eap: SSL error error:06065064:digital envelope routines:EVP_DecryptFinal_ex:bad decrypt rlm_eap_tls: Error reading private key file /etc/raddb/certs/server.pem rlm_eap: Failed to initialize type tls /etc/raddb/eap.conf[17]: Instantiation failed for module eap /etc/raddb/sites-enabled/inner-tunnel[223]: Failed to find module eap. /etc/raddb/sites-enabled/inner-tunnel[176]: Errors parsing authenticate section. } } Errors initializing modules 2009/8/3 Devinder Singh devinbhul...@gmail.com: Hi Ivan, these are the files in the /cert directory after i had ran the instruction in RREADME Could you let me know how to fix the errors Thanks linux-h9qt:/etc/raddb/certs # ls 01.pem ca.cnf client.cnf client.p12 index.txt Makefile serial.old server.key 02.pem ca.der client.crt client.pem index.txt.attr random server.cnf server.p12 03.pem ca.key client.csr devin...@palettemm.com.pem index.txt.attr.old README server.crt server.pem bootstrap ca.pem client.key dh index.txt.old serial server.csr xpextensions 2009/8/3 Devinder Singh devinbhul...@gmail.com: Hi Ivan. Ok i have reformetated my machine and installed Radius 2.1.1 from Yast Open Suse 11. I followed the instructions in /etc/raddb/certs/README Module: Linked to sub-module rlm_eap_tls Module: Instantiating eap-tls tls { rsa_key_exchange = no dh_key_exchange = yes rsa_key_length = 512 dh_key_length = 512 verify_depth = 0 pem_file_type = yes private_key_file = /etc/raddb/certs/server.pem certificate_file = /etc/raddb/certs/server.pem CA_file = /etc/raddb/certs/ca.pem private_key_password = whatever dh_file = /etc/raddb/certs/dh random_file = /etc/raddb/certs/random fragment_size = 1024 include_length = yes check_crl = no cipher_list = DEFAULT make_cert_command = /etc/raddb/certs/bootstrap cache { enable = no lifetime = 24 max_entries = 255 } } rlm_eap: SSL error error:0200100D:system library:fopen:Permission denied rlm_eap_tls: Error reading certificate file /etc/raddb/certs/server.pem rlm_eap: Failed to initialize type tls /etc/raddb/eap.conf[17]: Instantiation failed for module eap /etc/raddb/sites-enabled/inner-tunnel[223]: Failed to find module eap. /etc/raddb/sites-enabled/inner-tunnel[176]: Errors parsing authenticate section. } } Errors initializing modules 2009/8/1 Ivan Kalik t...@kalik.net: I refeer only to version 1.0.4 for the serial file as its not there in /etc/raddb/certs/demoCA so i get the serial file from version 1.0.4 But i still get the errror message Bad Encrypt. What shoud i do next. How about following the instructions in raddb/certs/README file? Ivan Kalik Kalik Informatika ISP -- Devinder -- Devinder -- Devinder - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Decoupled accounting
ok i set the password to devin123 Module: Instantiating eap-tls tls { rsa_key_exchange = no dh_key_exchange = yes rsa_key_length = 512 dh_key_length = 512 verify_depth = 0 pem_file_type = yes private_key_file = /etc/raddb/certs/server.pem certificate_file = /etc/raddb/certs/server.pem CA_file = /etc/raddb/certs/ca.pem private_key_password = devin123 dh_file = /etc/raddb/certs/dh random_file = /etc/raddb/certs/random fragment_size = 1024 include_length = yes check_crl = no cipher_list = DEFAULT make_cert_command = /etc/raddb/certs/bootstrap cache { enable = no lifetime = 24 max_entries = 255 } } rlm_eap: SSL error error::lib(0):func(0):reason(0) rlm_eap_tls: Error loading randomness rlm_eap: Failed to initialize type tls /etc/raddb/eap.conf[17]: Instantiation failed for module eap /etc/raddb/sites-enabled/inner-tunnel[223]: Failed to find module eap. /etc/raddb/sites-enabled/inner-tunnel[176]: Errors parsing authenticate section. } } Errors initializing modules 2009/8/3 Devinder Singh devinbhul...@gmail.com: Hi Ivan I did this chown root:radiusd /etc/raddb/certs/server.pem chown root:radiusd /etc/raddb/certs/ca.pem and then i got the error Module: Instantiating eap-tls tls { rsa_key_exchange = no dh_key_exchange = yes rsa_key_length = 512 dh_key_length = 512 verify_depth = 0 pem_file_type = yes private_key_file = /etc/raddb/certs/server.pem certificate_file = /etc/raddb/certs/server.pem CA_file = /etc/raddb/certs/ca.pem private_key_password = whatever dh_file = /etc/raddb/certs/dh random_file = /etc/raddb/certs/random fragment_size = 1024 include_length = yes check_crl = no cipher_list = DEFAULT make_cert_command = /etc/raddb/certs/bootstrap cache { enable = no lifetime = 24 max_entries = 255 } } rlm_eap: SSL error error:06065064:digital envelope routines:EVP_DecryptFinal_ex:bad decrypt rlm_eap_tls: Error reading private key file /etc/raddb/certs/server.pem rlm_eap: Failed to initialize type tls /etc/raddb/eap.conf[17]: Instantiation failed for module eap /etc/raddb/sites-enabled/inner-tunnel[223]: Failed to find module eap. /etc/raddb/sites-enabled/inner-tunnel[176]: Errors parsing authenticate section. } } Errors initializing modules 2009/8/3 Devinder Singh devinbhul...@gmail.com: Hi Ivan, these are the files in the /cert directory after i had ran the instruction in RREADME Could you let me know how to fix the errors Thanks linux-h9qt:/etc/raddb/certs # ls 01.pem ca.cnf client.cnf client.p12 index.txt Makefile serial.old server.key 02.pem ca.der client.crt client.pem index.txt.attr random server.cnf server.p12 03.pem ca.key client.csr devin...@palettemm.com.pem index.txt.attr.old README server.crt server.pem bootstrap ca.pem client.key dh index.txt.old serial server.csr xpextensions 2009/8/3 Devinder Singh devinbhul...@gmail.com: Hi Ivan. Ok i have reformetated my machine and installed Radius 2.1.1 from Yast Open Suse 11. I followed the instructions in /etc/raddb/certs/README Module: Linked to sub-module rlm_eap_tls Module: Instantiating eap-tls tls { rsa_key_exchange = no dh_key_exchange = yes rsa_key_length = 512 dh_key_length = 512 verify_depth = 0 pem_file_type = yes private_key_file = /etc/raddb/certs/server.pem certificate_file = /etc/raddb/certs/server.pem CA_file = /etc/raddb/certs/ca.pem private_key_password = whatever dh_file = /etc/raddb/certs/dh random_file = /etc/raddb/certs/random fragment_size = 1024 include_length = yes check_crl = no cipher_list = DEFAULT make_cert_command = /etc/raddb/certs/bootstrap cache { enable = no lifetime = 24 max_entries = 255 } } rlm_eap: SSL error error:0200100D:system library:fopen:Permission denied rlm_eap_tls: Error reading certificate file /etc/raddb/certs/server.pem rlm_eap: Failed to initialize type tls /etc/raddb/eap.conf[17]: Instantiation failed for module eap /etc/raddb/sites-enabled/inner-tunnel[223]: Failed to find module eap. /etc/raddb/sites-enabled/inner-tunnel[176]: Errors parsing authenticate section. } } Errors initializing modules 2009/8/1 Ivan Kalik t...@kalik.net: I refeer only to version 1.0.4 for the serial file as its not there in /etc/raddb/certs/demoCA so i get the serial file from version 1.0.4 But i still get the errror message Bad Encrypt. What shoud i do next. How about following the instructions in raddb/certs/README file? Ivan Kalik Kalik
Re: Decoupled accounting
HI Ivan, These are the new error messages Module: Linked to sub-module rlm_eap_tls Module: Instantiating eap-tls tls { rsa_key_exchange = no dh_key_exchange = yes rsa_key_length = 512 dh_key_length = 512 verify_depth = 0 pem_file_type = yes private_key_file = /etc/raddb/certs/server.pem certificate_file = /etc/raddb/certs/server.pem CA_file = /etc/raddb/certs/ca.pem private_key_password = devin123 dh_file = /etc/raddb/certs/dh random_file = /etc/raddb/certs/random fragment_size = 1024 include_length = yes check_crl = no cipher_list = DEFAULT make_cert_command = /etc/raddb/certs/bootstrap cache { enable = no lifetime = 24 max_entries = 255 } } rlm_eap: SSL error error::lib(0):func(0):reason(0) rlm_eap_tls: Error loading randomness rlm_eap: Failed to initialize type tls /etc/raddb/eap.conf[17]: Instantiation failed for module eap /etc/raddb/sites-enabled/inner-tunnel[223]: Failed to find module eap. /etc/raddb/sites-enabled/inner-tunnel[176]: Errors parsing authenticate section. } } Devinder 2009/8/3 Devinder Singh devinbhul...@gmail.com: ok i set the password to devin123 Module: Instantiating eap-tls tls { rsa_key_exchange = no dh_key_exchange = yes rsa_key_length = 512 dh_key_length = 512 verify_depth = 0 pem_file_type = yes private_key_file = /etc/raddb/certs/server.pem certificate_file = /etc/raddb/certs/server.pem CA_file = /etc/raddb/certs/ca.pem private_key_password = devin123 dh_file = /etc/raddb/certs/dh random_file = /etc/raddb/certs/random fragment_size = 1024 include_length = yes check_crl = no cipher_list = DEFAULT make_cert_command = /etc/raddb/certs/bootstrap cache { enable = no lifetime = 24 max_entries = 255 } } rlm_eap: SSL error error::lib(0):func(0):reason(0) rlm_eap_tls: Error loading randomness rlm_eap: Failed to initialize type tls /etc/raddb/eap.conf[17]: Instantiation failed for module eap /etc/raddb/sites-enabled/inner-tunnel[223]: Failed to find module eap. /etc/raddb/sites-enabled/inner-tunnel[176]: Errors parsing authenticate section. } } Errors initializing modules 2009/8/3 Devinder Singh devinbhul...@gmail.com: Hi Ivan I did this chown root:radiusd /etc/raddb/certs/server.pem chown root:radiusd /etc/raddb/certs/ca.pem and then i got the error Module: Instantiating eap-tls tls { rsa_key_exchange = no dh_key_exchange = yes rsa_key_length = 512 dh_key_length = 512 verify_depth = 0 pem_file_type = yes private_key_file = /etc/raddb/certs/server.pem certificate_file = /etc/raddb/certs/server.pem CA_file = /etc/raddb/certs/ca.pem private_key_password = whatever dh_file = /etc/raddb/certs/dh random_file = /etc/raddb/certs/random fragment_size = 1024 include_length = yes check_crl = no cipher_list = DEFAULT make_cert_command = /etc/raddb/certs/bootstrap cache { enable = no lifetime = 24 max_entries = 255 } } rlm_eap: SSL error error:06065064:digital envelope routines:EVP_DecryptFinal_ex:bad decrypt rlm_eap_tls: Error reading private key file /etc/raddb/certs/server.pem rlm_eap: Failed to initialize type tls /etc/raddb/eap.conf[17]: Instantiation failed for module eap /etc/raddb/sites-enabled/inner-tunnel[223]: Failed to find module eap. /etc/raddb/sites-enabled/inner-tunnel[176]: Errors parsing authenticate section. } } Errors initializing modules 2009/8/3 Devinder Singh devinbhul...@gmail.com: Hi Ivan, these are the files in the /cert directory after i had ran the instruction in RREADME Could you let me know how to fix the errors Thanks linux-h9qt:/etc/raddb/certs # ls 01.pem ca.cnf client.cnf client.p12 index.txt Makefile serial.old server.key 02.pem ca.der client.crt client.pem index.txt.attr random server.cnf server.p12 03.pem ca.key client.csr devin...@palettemm.com.pem index.txt.attr.old README server.crt server.pem bootstrap ca.pem client.key dh index.txt.old serial server.csr xpextensions 2009/8/3 Devinder Singh devinbhul...@gmail.com: Hi Ivan. Ok i have reformetated my machine and installed Radius 2.1.1 from Yast Open Suse 11. I followed the instructions in /etc/raddb/certs/README Module: Linked to sub-module rlm_eap_tls Module: Instantiating eap-tls tls { rsa_key_exchange = no dh_key_exchange = yes rsa_key_length = 512 dh_key_length = 512 verify_depth = 0 pem_file_type = yes private_key_file = /etc/raddb/certs/server.pem
Re: Decoupled accounting
Hi I do have the random and dh file linux-h9qt:/etc/raddb/certs #ls -al -rw-r- 1 root root 245 2009-08-03 11:36 dh -rw-r--r-- 1 root root 384 2009-08-03 12:11 index.txt -rw-r--r-- 1 root root 21 2009-08-03 12:11 index.txt.attr -rw-r--r-- 1 root root 21 2009-08-03 11:59 index.txt.attr.old -rw-r--r-- 1 root root 254 2009-08-03 11:59 index.txt.old -rw-r- 1 root radiusd 4441 2008-12-03 21:57 Makefile -rw-r- 1 root root5120 2009-08-03 11:36 random 2009/8/3 Devinder Singh devinbhul...@gmail.com: HI Ivan, These are the new error messages Module: Linked to sub-module rlm_eap_tls Module: Instantiating eap-tls tls { rsa_key_exchange = no dh_key_exchange = yes rsa_key_length = 512 dh_key_length = 512 verify_depth = 0 pem_file_type = yes private_key_file = /etc/raddb/certs/server.pem certificate_file = /etc/raddb/certs/server.pem CA_file = /etc/raddb/certs/ca.pem private_key_password = devin123 dh_file = /etc/raddb/certs/dh random_file = /etc/raddb/certs/random fragment_size = 1024 include_length = yes check_crl = no cipher_list = DEFAULT make_cert_command = /etc/raddb/certs/bootstrap cache { enable = no lifetime = 24 max_entries = 255 } } rlm_eap: SSL error error::lib(0):func(0):reason(0) rlm_eap_tls: Error loading randomness rlm_eap: Failed to initialize type tls /etc/raddb/eap.conf[17]: Instantiation failed for module eap /etc/raddb/sites-enabled/inner-tunnel[223]: Failed to find module eap. /etc/raddb/sites-enabled/inner-tunnel[176]: Errors parsing authenticate section. } } Devinder 2009/8/3 Devinder Singh devinbhul...@gmail.com: ok i set the password to devin123 Module: Instantiating eap-tls tls { rsa_key_exchange = no dh_key_exchange = yes rsa_key_length = 512 dh_key_length = 512 verify_depth = 0 pem_file_type = yes private_key_file = /etc/raddb/certs/server.pem certificate_file = /etc/raddb/certs/server.pem CA_file = /etc/raddb/certs/ca.pem private_key_password = devin123 dh_file = /etc/raddb/certs/dh random_file = /etc/raddb/certs/random fragment_size = 1024 include_length = yes check_crl = no cipher_list = DEFAULT make_cert_command = /etc/raddb/certs/bootstrap cache { enable = no lifetime = 24 max_entries = 255 } } rlm_eap: SSL error error::lib(0):func(0):reason(0) rlm_eap_tls: Error loading randomness rlm_eap: Failed to initialize type tls /etc/raddb/eap.conf[17]: Instantiation failed for module eap /etc/raddb/sites-enabled/inner-tunnel[223]: Failed to find module eap. /etc/raddb/sites-enabled/inner-tunnel[176]: Errors parsing authenticate section. } } Errors initializing modules 2009/8/3 Devinder Singh devinbhul...@gmail.com: Hi Ivan I did this chown root:radiusd /etc/raddb/certs/server.pem chown root:radiusd /etc/raddb/certs/ca.pem and then i got the error Module: Instantiating eap-tls tls { rsa_key_exchange = no dh_key_exchange = yes rsa_key_length = 512 dh_key_length = 512 verify_depth = 0 pem_file_type = yes private_key_file = /etc/raddb/certs/server.pem certificate_file = /etc/raddb/certs/server.pem CA_file = /etc/raddb/certs/ca.pem private_key_password = whatever dh_file = /etc/raddb/certs/dh random_file = /etc/raddb/certs/random fragment_size = 1024 include_length = yes check_crl = no cipher_list = DEFAULT make_cert_command = /etc/raddb/certs/bootstrap cache { enable = no lifetime = 24 max_entries = 255 } } rlm_eap: SSL error error:06065064:digital envelope routines:EVP_DecryptFinal_ex:bad decrypt rlm_eap_tls: Error reading private key file /etc/raddb/certs/server.pem rlm_eap: Failed to initialize type tls /etc/raddb/eap.conf[17]: Instantiation failed for module eap /etc/raddb/sites-enabled/inner-tunnel[223]: Failed to find module eap. /etc/raddb/sites-enabled/inner-tunnel[176]: Errors parsing authenticate section. } } Errors initializing modules 2009/8/3 Devinder Singh devinbhul...@gmail.com: Hi Ivan, these are the files in the /cert directory after i had ran the instruction in RREADME Could you let me know how to fix the errors Thanks linux-h9qt:/etc/raddb/certs # ls 01.pem ca.cnf client.cnf client.p12 index.txt Makefile serial.old server.key 02.pem ca.der client.crt client.pem index.txt.attr random server.cnf server.p12 03.pem ca.key client.csr devin...@palettemm.com.pem index.txt.attr.old README server.crt server.pem bootstrap ca.pem client.key dh index.txt.old serial
Re: Freeradius with AD integration
linux-h9qt:/etc/raddb # radiusd -X FreeRADIUS Version 2.1.1, for host x86_64-suse-linux-gnu, built on Dec 3 2008 at 13:57:16 Copyright (C) 1999-2008 The FreeRADIUS server project and contributors. There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. You may redistribute copies of FreeRADIUS under the terms of the GNU General Public License v2. Starting - reading configuration files ... including configuration file /etc/raddb/radiusd.conf including configuration file /etc/raddb/proxy.conf including configuration file /etc/raddb/clients.conf including files in directory /etc/raddb/modules/ including configuration file /etc/raddb/modules/wimax including configuration file /etc/raddb/modules/ippool including configuration file /etc/raddb/modules/expiration including configuration file /etc/raddb/modules/inner-eap including configuration file /etc/raddb/modules/exec including configuration file /etc/raddb/modules/mac2ip including configuration file /etc/raddb/modules/krb5 including configuration file /etc/raddb/modules/logintime including configuration file /etc/raddb/modules/detail including configuration file /etc/raddb/modules/digest including configuration file /etc/raddb/modules/etc_group including configuration file /etc/raddb/modules/sql_log including configuration file /etc/raddb/modules/attr_filter including configuration file /etc/raddb/modules/always including configuration file /etc/raddb/modules/ldap including configuration file /etc/raddb/modules/files including configuration file /etc/raddb/modules/detail.log including configuration file /etc/raddb/modules/radutmp including configuration file /etc/raddb/modules/preprocess including configuration file /etc/raddb/modules/realm including configuration file /etc/raddb/modules/sradutmp including configuration file /etc/raddb/modules/policy including configuration file /etc/raddb/modules/linelog including configuration file /etc/raddb/modules/counter including configuration file /etc/raddb/modules/smbpasswd including configuration file /etc/raddb/modules/expr including configuration file /etc/raddb/modules/mac2vlan including configuration file /etc/raddb/modules/checkval including configuration file /etc/raddb/modules/unix including configuration file /etc/raddb/modules/pam including configuration file /etc/raddb/modules/echo including configuration file /etc/raddb/modules/passwd including configuration file /etc/raddb/modules/mschap including configuration file /etc/raddb/modules/detail.example.com including configuration file /etc/raddb/modules/acct_unique including configuration file /etc/raddb/modules/attr_rewrite including configuration file /etc/raddb/modules/chap including configuration file /etc/raddb/modules/pap including configuration file /etc/raddb/eap.conf including configuration file /etc/raddb/sql.conf including configuration file /etc/raddb/sql/mysql/dialup.conf including configuration file /etc/raddb/sql/mysql/counter.conf including configuration file /etc/raddb/policy.conf including files in directory /etc/raddb/sites-enabled/ including configuration file /etc/raddb/sites-enabled/default including configuration file /etc/raddb/sites-enabled/inner-tunnel group = radiusd user = radiusd including dictionary file /etc/raddb/dictionary main { prefix = /usr localstatedir = /var logdir = /var/log/radius libdir = /usr/lib64/freeradius radacctdir = /var/log/radius/radacct hostname_lookups = no max_request_time = 30 cleanup_delay = 5 max_requests = 1024 allow_core_dumps = no pidfile = /var/run/radiusd/radiusd.pid checkrad = /usr/sbin/checkrad debug_level = 0 proxy_requests = yes log { stripped_names = no auth = no auth_badpass = no auth_goodpass = no } security { max_attributes = 200 reject_delay = 1 status_server = yes } } client localhost { ipaddr = 127.0.0.1 require_message_authenticator = no secret = testing123 nastype = other } radiusd: Loading Realms and Home Servers proxy server { retry_delay = 5 retry_count = 3 default_fallback = no dead_time = 120 wake_all_if_all_dead = no } home_server localhost { ipaddr = 127.0.0.1 port = 1812 type = auth secret = testing123 response_window = 20 max_outstanding = 65536 zombie_period = 40 status_check = status-server ping_interval = 30 check_interval = 30 num_answers_to_alive = 3 num_pings_to_alive = 3 revive_interval = 120 status_check_timeout = 4 } home_server_pool my_auth_failover { type = fail-over home_server = localhost } realm example.com { auth_pool = my_auth_failover } realm LOCAL { } radiusd: Instantiating modules instantiate { Module: Linked to
Re: Decoupled accounting
Hi This is my directory listing which file should i copy to the XP machine linux-h9qt:/etc/raddb/certs # ls 01.pem bootstrap ca.key client.crt client.p12 dh index.txt.attr.old random serial.old server.csr server.pem 02.pem ca.cnf ca.pem client.csr client.pem index.txt index.txt.old README server.cnf server.key xpextensions 03.pem ca.der client.cnf client.key devin...@palettemm.com.pem index.txt.attr Makefileserial server.crt server.p12 2009/8/3 Devinder Singh devinbhul...@gmail.com: I dont get any errors now when i run radiusd -X does that mean the certs are generated OK 2009/8/3 Devinder Singh devinbhul...@gmail.com: what do i do next i want to install teh cert on my windows XP machine? 2009/8/3 Devinder Singh devinbhul...@gmail.com: Yes got it to work Ivan Thanks i did chown root:radiusd /etc/raddb/certs/random and for dh 2009/8/3 Devinder Singh devinbhul...@gmail.com: user = radiusd group = radiusd how do i chown the entire cert directory? 2009/8/3 Ivan Kalik t...@kalik.net: so how do i go about in this chown root:radiusd /etc/raddb/certs/dh chown root:radiusd /etc/raddb/certs/random is that correct? chown whole certs directory. I don't know what user does your radiusd run under. I am quite sure root/radiusd is wrong. It's either root:root or radius:radius in default configuration. It could be different in binary distributions. Check user/group settings in radiusd.conf. Ivan Kalik Kalik Informatika ISP -- Devinder -- Devinder -- Devinder -- Devinder -- Devinder - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Decoupled accounting
Hi Ivan Ok i managed to install ca.der and client.p12 on my XP When i run radiusd -X i get rad_recv: Access-Request packet from host 203.121.4.59 port 6001, id=30, length=216 User-Name = devin...@palettemm.com NAS-IP-Address = 203.121.4.59 Called-Station-Id = 00-20-a6-6c-49-9d:palstaff Calling-Station-Id = 00-04-23-7b-56-b9 NAS-Identifier = ORiNOCO-AP-700-6c-49-9d State = 0xf30ae66df60debd09c91249e7b82f0a9 Framed-MTU = 1400 NAS-Port-Type = Wireless-802.11 EAP-Message = 0x0207002c0d000116030100205a6f866d20eb642ddc9f404f90d8650422eb751e7bb0199a016bb14e384df6fa Message-Authenticator = 0x06206416bbe520db012eb924f72ba75e +- entering group authorize {...} ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop [suffix] Looking up realm palettemm.com for User-Name = devin...@palettemm.com [suffix] No such realm palettemm.com ++[suffix] returns noop [eap] EAP packet type response id 7 length 44 [eap] No EAP Start, assuming it's an on-going EAP conversation ++[eap] returns updated ++[unix] returns notfound [files] users: Matched entry devin...@palettemm.com at line 94 ++[files] returns ok ++[expiration] returns noop ++[logintime] returns noop ++[pap] returns noop Found Auth-Type = EAP +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/tls [eap] processing type tls [tls] Authenticate [tls] processing EAP-TLS [tls] eaptls_verify returned 7 [tls] Done initial handshake [tls] TLS 1.0 Handshake [length 03b2], Certificate -- verify error:num=20:unable to get local issuer certificate [tls] TLS 1.0 Alert [length 0002], fatal unknown_ca TLS Alert write:fatal:unknown CA TLS_accept:error in SSLv3 read client certificate B rlm_eap: SSL error error:140890B2:SSL routines:SSL3_GET_CLIENT_CERTIFICATE:no certificate returned SSL: SSL_read failed in a system call (-1), TLS session fails. TLS receive handshake failed during operation [tls] eaptls_process returned 4 [eap] Handler failed in EAP/tls [eap] Failed in EAP select ++[eap] returns invalid Failed to authenticate the user. Using Post-Auth-Type Reject +- entering group REJECT {...} [attr_filter.access_reject] expand: %{User-Name} - devin...@palettemm.com attr_filter: Matched entry DEFAULT at line 11 ++[attr_filter.access_reject] returns updated Delaying reject of request 6 for 1 seconds Going to the next request Waking up in 0.9 seconds. Sending delayed reject for request 6 Sending Access-Reject of id 30 to 203.121.4.59 port 6001 EAP-Message = 0x04070004 Message-Authenticator = 0x Waking up in 3.8 seconds. Cleaning up request 0 ID 24 with timestamp +83 Cleaning up request 1 ID 25 with timestamp +83 Cleaning up request 2 ID 26 with timestamp +83 Cleaning up request 3 ID 27 with timestamp +83 Cleaning up request 4 ID 28 with timestamp +83 Cleaning up request 5 ID 29 with timestamp +83 Waking up in 1.0 seconds. Cleaning up request 6 ID 30 with timestamp +83 Ready to process requests. Users File devin...@palettemm.com Auth-Type := EAP DEFAULT Auth-Type := Reject Reply-Message = Authentication Failed 2009/8/3 Ivan Kalik t...@kalik.net: Do i copy this file to the XP and install ca.der ca.der and client.p12 Yes. Ivan Kalik Kalik Informatika ISP -- Devinder - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Decoupled accounting
Hi Ivan, When i clik on my SSID palstaff it prompts for the certificate name username on certificate so i selected devin...@palettemm.com Click OK then authentication failed on the SSID 2009/8/4 Devinder Singh devinbhul...@gmail.com: Hi Ivan Ok i managed to install ca.der and client.p12 on my XP When i run radiusd -X i get rad_recv: Access-Request packet from host 203.121.4.59 port 6001, id=30, length=216 User-Name = devin...@palettemm.com NAS-IP-Address = 203.121.4.59 Called-Station-Id = 00-20-a6-6c-49-9d:palstaff Calling-Station-Id = 00-04-23-7b-56-b9 NAS-Identifier = ORiNOCO-AP-700-6c-49-9d State = 0xf30ae66df60debd09c91249e7b82f0a9 Framed-MTU = 1400 NAS-Port-Type = Wireless-802.11 EAP-Message = 0x0207002c0d000116030100205a6f866d20eb642ddc9f404f90d8650422eb751e7bb0199a016bb14e384df6fa Message-Authenticator = 0x06206416bbe520db012eb924f72ba75e +- entering group authorize {...} ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop [suffix] Looking up realm palettemm.com for User-Name = devin...@palettemm.com [suffix] No such realm palettemm.com ++[suffix] returns noop [eap] EAP packet type response id 7 length 44 [eap] No EAP Start, assuming it's an on-going EAP conversation ++[eap] returns updated ++[unix] returns notfound [files] users: Matched entry devin...@palettemm.com at line 94 ++[files] returns ok ++[expiration] returns noop ++[logintime] returns noop ++[pap] returns noop Found Auth-Type = EAP +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/tls [eap] processing type tls [tls] Authenticate [tls] processing EAP-TLS [tls] eaptls_verify returned 7 [tls] Done initial handshake [tls] TLS 1.0 Handshake [length 03b2], Certificate -- verify error:num=20:unable to get local issuer certificate [tls] TLS 1.0 Alert [length 0002], fatal unknown_ca TLS Alert write:fatal:unknown CA TLS_accept:error in SSLv3 read client certificate B rlm_eap: SSL error error:140890B2:SSL routines:SSL3_GET_CLIENT_CERTIFICATE:no certificate returned SSL: SSL_read failed in a system call (-1), TLS session fails. TLS receive handshake failed during operation [tls] eaptls_process returned 4 [eap] Handler failed in EAP/tls [eap] Failed in EAP select ++[eap] returns invalid Failed to authenticate the user. Using Post-Auth-Type Reject +- entering group REJECT {...} [attr_filter.access_reject] expand: %{User-Name} - devin...@palettemm.com attr_filter: Matched entry DEFAULT at line 11 ++[attr_filter.access_reject] returns updated Delaying reject of request 6 for 1 seconds Going to the next request Waking up in 0.9 seconds. Sending delayed reject for request 6 Sending Access-Reject of id 30 to 203.121.4.59 port 6001 EAP-Message = 0x04070004 Message-Authenticator = 0x Waking up in 3.8 seconds. Cleaning up request 0 ID 24 with timestamp +83 Cleaning up request 1 ID 25 with timestamp +83 Cleaning up request 2 ID 26 with timestamp +83 Cleaning up request 3 ID 27 with timestamp +83 Cleaning up request 4 ID 28 with timestamp +83 Cleaning up request 5 ID 29 with timestamp +83 Waking up in 1.0 seconds. Cleaning up request 6 ID 30 with timestamp +83 Ready to process requests. Users File devin...@palettemm.com Auth-Type := EAP DEFAULT Auth-Type := Reject Reply-Message = Authentication Failed 2009/8/3 Ivan Kalik t...@kalik.net: Do i copy this file to the XP and install ca.der ca.der and client.p12 Yes. Ivan Kalik Kalik Informatika ISP -- Devinder -- Devinder - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Decoupled accounting
attr_filter attr_filter.access_reject { attrsfile = /etc/raddb/attrs.access_reject key = %{User-Name} } } } modules { Module: Checking authenticate {...} for more modules to load Module: Checking authorize {...} for more modules to load Module: Linked to module rlm_preprocess Module: Instantiating preprocess preprocess { huntgroups = /etc/raddb/huntgroups hints = /etc/raddb/hints with_ascend_hack = no ascend_channels_per_line = 23 with_ntdomain_hack = no with_specialix_jetstream_hack = no with_cisco_vsa_hack = no with_alvarion_vsa_hack = no } Module: Checking preacct {...} for more modules to load Module: Linked to module rlm_acct_unique Module: Instantiating acct_unique acct_unique { key = User-Name, Acct-Session-Id, NAS-IP-Address, Client-IP-Address, NAS-Port } Module: Checking accounting {...} for more modules to load Module: Linked to module rlm_detail Module: Instantiating detail detail { detailfile = /var/log/radius/radacct/%{Client-IP-Address}/detail-%Y%m%d header = %t detailperm = 384 dirperm = 493 locking = no log_packet_header = no } Module: Instantiating attr_filter.accounting_response attr_filter attr_filter.accounting_response { attrsfile = /etc/raddb/attrs.accounting_response key = %{User-Name} } Module: Checking session {...} for more modules to load Module: Checking post-proxy {...} for more modules to load Module: Checking post-auth {...} for more modules to load } radiusd: Opening IP addresses and Ports listen { type = auth ipaddr = * port = 0 } listen { type = acct ipaddr = * port = 0 } Listening on authentication address * port 1812 Listening on accounting address * port 1813 Listening on proxy address * port 1814 Ready to process requests. 2009/8/4 Devinder Singh devinbhul...@gmail.com: Hi Ivan, When i clik on my SSID palstaff it prompts for the certificate name username on certificate so i selected devin...@palettemm.com Click OK then authentication failed on the SSID 2009/8/4 Devinder Singh devinbhul...@gmail.com: Hi Ivan Ok i managed to install ca.der and client.p12 on my XP When i run radiusd -X i get rad_recv: Access-Request packet from host 203.121.4.59 port 6001, id=30, length=216 User-Name = devin...@palettemm.com NAS-IP-Address = 203.121.4.59 Called-Station-Id = 00-20-a6-6c-49-9d:palstaff Calling-Station-Id = 00-04-23-7b-56-b9 NAS-Identifier = ORiNOCO-AP-700-6c-49-9d State = 0xf30ae66df60debd09c91249e7b82f0a9 Framed-MTU = 1400 NAS-Port-Type = Wireless-802.11 EAP-Message = 0x0207002c0d000116030100205a6f866d20eb642ddc9f404f90d8650422eb751e7bb0199a016bb14e384df6fa Message-Authenticator = 0x06206416bbe520db012eb924f72ba75e +- entering group authorize {...} ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop [suffix] Looking up realm palettemm.com for User-Name = devin...@palettemm.com [suffix] No such realm palettemm.com ++[suffix] returns noop [eap] EAP packet type response id 7 length 44 [eap] No EAP Start, assuming it's an on-going EAP conversation ++[eap] returns updated ++[unix] returns notfound [files] users: Matched entry devin...@palettemm.com at line 94 ++[files] returns ok ++[expiration] returns noop ++[logintime] returns noop ++[pap] returns noop Found Auth-Type = EAP +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/tls [eap] processing type tls [tls] Authenticate [tls] processing EAP-TLS [tls] eaptls_verify returned 7 [tls] Done initial handshake [tls] TLS 1.0 Handshake [length 03b2], Certificate -- verify error:num=20:unable to get local issuer certificate [tls] TLS 1.0 Alert [length 0002], fatal unknown_ca TLS Alert write:fatal:unknown CA TLS_accept:error in SSLv3 read client certificate B rlm_eap: SSL error error:140890B2:SSL routines:SSL3_GET_CLIENT_CERTIFICATE:no certificate returned SSL: SSL_read failed in a system call (-1), TLS session fails. TLS receive handshake failed during operation [tls] eaptls_process returned 4 [eap] Handler failed in EAP/tls [eap] Failed in EAP select ++[eap] returns invalid Failed to authenticate the user. Using Post-Auth-Type Reject +- entering group REJECT {...} [attr_filter.access_reject] expand: %{User-Name} - devin...@palettemm.com attr_filter: Matched entry DEFAULT at line 11 ++[attr_filter.access_reject] returns updated Delaying reject of request 6 for 1 seconds Going to the next request Waking up in 0.9 seconds. Sending delayed reject for request 6 Sending Access-Reject of id 30 to 203.121.4.59 port 6001 EAP-Message = 0x04070004 Message-Authenticator = 0x Waking up in 3.8 seconds. Cleaning up request 0 ID 24
Re: phpRadmin,dialupAdmin?
Hi I have used Daloradius and its easier to set up and install google Daloradius - authored by Liran Tal 2009/8/4 RANDRIAMAMPIONONA José Johnny vasian...@gmail.com: Hello, Does anyone know if these projects still active! In fact , I d like to install it on my server but it looks like non-existent! Thanks! Sincerly! -- JJohnny R. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- Devinder - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Decoupled accounting
Hi Ivan Actually i followed the steps in Free Radius http://wiki.freeradius.org/WPA_HOWTO. Could i use the steps here or shoud i follow the Readme file Regards Devinder 2009/8/1 Ivan Kalik t...@kalik.net: I refeer only to version 1.0.4 for the serial file as its not there in /etc/raddb/certs/demoCA so i get the serial file from version 1.0.4 But i still get the errror message Bad Encrypt. What shoud i do next. How about following the instructions in raddb/certs/README file? Ivan Kalik Kalik Informatika ISP -- Devinder - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Decoupled accounting
Hi Ivan, I refeer only to version 1.0.4 for the serial file as its not there in /etc/raddb/certs/demoCA so i get the serial file from version 1.0.4 But i still get the errror message Bad Encrypt. What shoud i do next. I have created the certificates alomoist 5 times already . The massspord user for .CA.root myettelap .CA.server devin myettelap Pls help on this Regards Devinder } rlm_eap: SSL error error:06065064:digital envelope routines:EVP_DecryptFinal_ex:bad decrypt rlm_eap_tls: Error reading private key file /etc/wireless-auth/linux-7v1x.pem rlm_eap: Failed to initialize type tls /etc/raddb/eap.conf[17]: Instantiation failed for module eap /etc/raddb/sites-enabled/default[280]: Failed to find module eap. /etc/raddb/sites-enabled/default[227]: Errors parsing authenticate section. } Errors initializing modules 2009/8/1 Devinder Singh devinbhul...@gmail.com: Hi Ivan Actually im am using version 2.1.1 Free Radius and i need the serial file from 1.0.4 devinder 2009/7/31 Ivan Kalik t...@kalik.net: Hi Ivan This is how generetd the certs and radiusd -X gives error ... /home/palette/Desktop/freeradius-1.0.4/raddb/certs/demoCA/ ... Ah, this is 1.0.4! Don't use that for EAP. It's incompatible with Vista, XP SP2, SP3, ... Upgrade. Ivan Kalik Kalik Informatika ISP -- Devinder -- Devinder - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Decoupled accounting
Hi Ivan Ned you help here Module: Linked to sub-module rlm_eap_tls Module: Instantiating eap-tls tls { rsa_key_exchange = no dh_key_exchange = yes rsa_key_length = 512 dh_key_length = 512 verify_depth = 0 pem_file_type = yes private_key_file = /etc/wireless-auth/linux-7v1x.pem certificate_file = /etc/wireless-auth/linux-7v1x.pem CA_file = /etc/wireless-auth/root.pem private_key_password = myettelap dh_file = /etc/wireless-auth/DH random_file = /etc/wireless-auth/random fragment_size = 1024 include_length = yes check_crl = no } rlm_eap: SSL error error:06065064:digital envelope routines:EVP_DecryptFinal_ex:bad decrypt rlm_eap_tls: Error reading private key file /etc/wireless-auth/linux-7v1x.pem rlm_eap: Failed to initialize type tls /etc/raddb/eap.conf[17]: Instantiation failed for module eap /etc/raddb/sites-enabled/default[280]: Failed to find module eap. /etc/raddb/sites-enabled/default[227]: Errors parsing authenticate section. } Errors initializing modules - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Decoupled accounting
I my certs /pass directord is empty 2009/7/31 Devinder Singh devinbhul...@gmail.com: Hi Ivan Ned you help here Module: Linked to sub-module rlm_eap_tls Module: Instantiating eap-tls tls { rsa_key_exchange = no dh_key_exchange = yes rsa_key_length = 512 dh_key_length = 512 verify_depth = 0 pem_file_type = yes private_key_file = /etc/wireless-auth/linux-7v1x.pem certificate_file = /etc/wireless-auth/linux-7v1x.pem CA_file = /etc/wireless-auth/root.pem private_key_password = myettelap dh_file = /etc/wireless-auth/DH random_file = /etc/wireless-auth/random fragment_size = 1024 include_length = yes check_crl = no } rlm_eap: SSL error error:06065064:digital envelope routines:EVP_DecryptFinal_ex:bad decrypt rlm_eap_tls: Error reading private key file /etc/wireless-auth/linux-7v1x.pem rlm_eap: Failed to initialize type tls /etc/raddb/eap.conf[17]: Instantiation failed for module eap /etc/raddb/sites-enabled/default[280]: Failed to find module eap. /etc/raddb/sites-enabled/default[227]: Errors parsing authenticate section. } Errors initializing modules -- Devinder - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Decoupled accounting
Makefile pass README xpextensions linux-7v1x:/etc/raddb/certs # cd pass linux-7v1x:/etc/raddb/certs/pass # ls root.pass linux-7v1x:/etc/raddb/certs/pass # cd .. linux-7v1x:/etc/raddb/certs # cd der linux-7v1x:/etc/raddb/certs/der # ls linux-7v1x.der root.der linux-7v1x:/etc/raddb/certs/der # cd . linux-7v1x:/etc/raddb/certs/der # cd .. linux-7v1x:/etc/raddb/certs # ls bootstrap CA.client CA.rootclient.cnf der p12 pem server.cnf CA.cient ca.cnf CA.server demoCA Makefile pass README xpextensions linux-7v1x:/etc/raddb/certs # ./CA.client palette-giau6pb devin myettelap Generating a 1024 bit RSA private key ...++ ...++ writing new private key to 'pem/newreq.pem' - You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank. - Country Name (2 letter code) [AU]: State or Province Name (full name) [Some-State]: Locality Name (eg, city) []: Organization Name (eg, company) [Internet Widgits Pty Ltd]: Organizational Unit Name (eg, section) []: Common Name (eg, YOUR name) []:palette-giau6pb Email Address []: Please enter the following 'extra' attributes to be sent with your certificate request A challenge password []:1234 An optional company name []: Using configuration from /etc/ssl/openssl.cnf Check that the request matches the signature Signature ok Certificate Details: Serial Number: 4 (0x4) Validity Not Before: Jul 31 09:31:56 2009 GMT Not After : Jul 31 09:31:56 2010 GMT Subject: countryName = AU stateOrProvinceName = Some-State organizationName = Internet Widgits Pty Ltd commonName= palette-giau6pb X509v3 extensions: X509v3 Extended Key Usage: TLS Web Client Authentication Certificate is to be certified until Jul 31 09:31:56 2010 GMT (365 days) Sign the certificate? [y/n]:y 1 out of 1 certificate requests certified, commit? [y/n]y Write out database with 1 new entries Data Base Updated MAC verified OK linux-7v1x:/etc/raddb/certs # ls Module: Linked to sub-module rlm_eap_tls Module: Instantiating eap-tls tls { rsa_key_exchange = no dh_key_exchange = yes rsa_key_length = 512 dh_key_length = 512 verify_depth = 0 pem_file_type = yes private_key_file = /etc/wireless-auth/linux-7v1x.pem certificate_file = /etc/wireless-auth/linux-7v1x.pem CA_file = /etc/wireless-auth/root.pem private_key_password = myettelap dh_file = /etc/wireless-auth/DH random_file = /etc/wireless-auth/random fragment_size = 1024 include_length = yes check_crl = no } rlm_eap: SSL error error:06065064:digital envelope routines:EVP_DecryptFinal_ex:bad decrypt rlm_eap_tls: Error reading private key file /etc/wireless-auth/linux-7v1x.pem rlm_eap: Failed to initialize type tls /etc/raddb/eap.conf[17]: Instantiation failed for module eap /etc/raddb/sites-enabled/default[280]: Failed to find module eap. /etc/raddb/sites-enabled/default[227]: Errors parsing authenticate section. } Errors initializing modules 2009/7/31 Devinder Singh devinbhul...@gmail.com: Hi Ivan Ned you help here Module: Linked to sub-module rlm_eap_tls Module: Instantiating eap-tls tls { rsa_key_exchange = no dh_key_exchange = yes rsa_key_length = 512 dh_key_length = 512 verify_depth = 0 pem_file_type = yes private_key_file = /etc/wireless-auth/linux-7v1x.pem certificate_file = /etc/wireless-auth/linux-7v1x.pem CA_file = /etc/wireless-auth/root.pem private_key_password = myettelap dh_file = /etc/wireless-auth/DH random_file = /etc/wireless-auth/random fragment_size = 1024 include_length = yes check_crl = no } rlm_eap: SSL error error:06065064:digital envelope routines:EVP_DecryptFinal_ex:bad decrypt rlm_eap_tls: Error reading private key file /etc/wireless-auth/linux-7v1x.pem rlm_eap: Failed to initialize type tls /etc/raddb/eap.conf[17]: Instantiation failed for module eap /etc/raddb/sites-enabled/default[280]: Failed to find module eap. /etc/raddb/sites-enabled/default[227]: Errors parsing authenticate section. } Errors initializing modules -- Devinder - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
WPA Authentiction
Hello 2009/7/31 Devinder Singh devinbhul...@gmail.com: Hi I am using Free Radius version 2.0.1 and have set up the Root Server and Client Certificates When i run Radiusd - X i get Module: Linked to sub-module rlm_eap_tls Module: Instantiating eap-tls tls { rsa_key_exchange = no dh_key_exchange = yes rsa_key_length = 512 dh_key_length = 512 verify_depth = 0 pem_file_type = yes private_key_file = /etc/wireless-auth/linux-7v1x.pem certificate_file = /etc/wireless-auth/linux-7v1x.pem CA_file = /etc/wireless-auth/root.pem private_key_password = /etc/raddb/certs/pass/linux-7v1x.pass dh_file = /etc/wireless-auth/DH random_file = /etc/wireless-auth/random fragment_size = 1024 include_length = yes check_crl = no } rlm_eap: SSL error error:06065064:digital envelope routines:EVP_DecryptFinal_ex:bad decrypt rlm_eap_tls: Error reading private key file /etc/wireless-auth/linux-7v1x.pem rlm_eap: Failed to initialize type tls /etc/raddb/eap.conf[17]: Instantiation failed for module eap /etc/raddb/sites-enabled/default[280]: Failed to find module eap. /etc/raddb/sites-enabled/default[227]: Errors parsing authenticate section. } -- Devinder -- Devinder -- Devinder - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Free Radius FreeBSD
Hi Which version of Free Radius shoud i use for FreeBSD I plan to use Free BSD 7.0. SHoud i use the Free Radius Free BSD version on the web site http://portsmon.freebsd.org/portoverview.py?category=netportname=freeradius -- Devinder - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Free Radius FreeBSD
Hi Scott Thanks I will giev it a go now. We tried on Free BSD and when i ran using MYSQL it gave a lot of erros. ependency missing. Regards Devinder 2008/6/17 Scott Lambert [EMAIL PROTECTED]: On Tue, Jun 17, 2008 at 09:08:40AM +0800, Devinder Singh wrote: Hi Which version of Free Radius shoud i use for FreeBSD I plan to use Free BSD 7.0. Shoud i use the Free Radius Free BSD version on the web site http://portsmon.freebsd.org/portoverview.py?category=netportname=freeradius Use FreeRADIUS 2.x net/freeradius2 http://portsmon.freebsd.org/portoverview.py?category=netportname=freeradius2 -- Scott LambertKC5MLE Unix SysAdmin [EMAIL PROTECTED] - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- Devinder - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: About client.conf
whats ure network IP for example 192,168.1.100 then use client IP as 192.168.1.0/24 .0 means that any client IP address with 192,168.1.n can connect to radius 2008/6/14 Fabián Omar Franzotti [EMAIL PROTECTED]: Hi guys I did install Freeradius 2.0.4 and i don't find the way to configure client 0.0.0.0/0 { secret = mysecret shortname = allworld } I have this configuration over older Freeradius, but with this version do not work can any one tell my how configure it in this version? Thanks - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- Devinder - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Could not link driver rlm_sql_mysql: rlm_sql_mysql.so
Hi Why do i get this error message *Could* *not* *link* *driver* *rlm_sql_mysql*: *rlm_sql_mysql*.*so* ** ** *Regards* *Devinder* - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
rlm_sql_unixodbc: Connection failed
Hi I have configured Free Radius 1.1.7 to connect to MSSQL. However when i run radiusd -x i get the error rlm_sql_unixodbc: Connection failed Shoud i use versiion 2 instead. I need help on this. Thank you -- Devinder - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: rlm_sql_unixodbc: Connection failed
Do i need to download any patch if i use Version 2. I cant sem to find a solution via google. I have folloowed the insttuctions in Making FreeRadius and MSSQL work together. Regards Devinder 2008/5/6 Devinder Singh [EMAIL PROTECTED]: Hi I have configured Free Radius 1.1.7 to connect to MSSQL. However when i run radiusd -x i get the error rlm_sql_unixodbc: Connection failed Shoud i use versiion 2 instead. I need help on this. Thank you -- Devinder -- Devinder - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Another Issue--
Have u tried using NT Rad Ping Utility Enter the Radius IP Address user name password secret key testing123-1 to see if you can get a access-accept reply Devinder On 07/04/2008, Alan DeKok [EMAIL PROTECTED] wrote: Austin G. Smith wrote: I am having an issue authenticating against mysql backended radius now. I have been toyin with this for around 4 hours, and cannot seem to make it work. In my previous email about rpm build, something about quirks was mentioned on this arch… it has me weary… ... EAP-Message = 0x010600061900 Message-Authenticator = 0x State = 0x7a0f3a2b7f0923f0e1d4dc591995af63 Finished request 17. Going to the next request Waking up in 9.9 seconds. Cleaning up request 12 ID 18 with timestamp +618 There's nothing wrong with the server. It's sending a packet, and the supplicant isn't continuing the EAP conversation. Go fix the supplicant. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- Devinder - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Fwd: EAP Authentication
Hi Ivan Yes i maanaged to solve the problem I was using files instead of SQL as i followed the wiki example on 802.1x secure wireless. Not i can authenticate users with certs and then they login into the captive portal to login to Radius Server. Thanks Devinder On 07/04/2008, Ivan Kalik [EMAIL PROTECTED] wrote: I want to authenticate users through using EAP authentication. I managed to generate the client and root certs from Free Radius. I have installed the client sert in my notebook. and managed to get authenticated via AP to Radius. But i cant seem to find them in the Free Radius accounting database. Does the debug show accounting packets. If not, portal is not sending them. There is no log event in the database. I want them to be authenticated in the radcheck table so that i can set bandwidth to them. No need. sql is a database - it doesn't do authentication, just stores data. Set the bandwidth in radreply table and leave certificate authentication as it is. Would it be possible to also have monowall users to log into the captive portal at the same time with EAP turned on in Free Radius. I want private users to authenticate via certs and also go through captive portal. If i enable EAP TLS then users cant login using the captive portal login page. That's the whole idea. Portal captures users that are *not* authenticated. It does not capture them after authentication. Ivan Kalik Kalik Informatika ISP - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- Devinder - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: EAP Authentication
Hi Ivan, Before i enabled EAP authentication radius reads the users name and password from radcheck table. When i enabled EAP it only read the users.conf file. I want it to read the radcheck table which has the usernames and password for EAP authentication. I have generated the Certs and they are installed on the Client computer. Thank you. Devinder On 04/04/2008, Ivan Kalik [EMAIL PROTECTED] wrote: radcheck? EAP-TLS is certificate based authentication. What is it reading from users file? Reply attributes? They should be in radreply table. This would be so much easier if you would provide relevant information: user file entry that you want to store in sql; sql data for that user; radiusd -X output (when data is in sql). Ivan Kalik Kalik Informatika ISP Dana 4/4/2008, Devinder Singh [EMAIL PROTECTED] piše: Hi Ivan Im using EAP-TLS authentication. Could you tell me the sql configuration to allow EAP-TLS to read radcheck table instead of users.conf file Thanks -Devinder On 04/04/2008, Ivan Kalik [EMAIL PROTECTED] wrote: Which EAP? TLS, PEAP, something else? Have you uncommented sql in authorize section? Debug would help. Ivan Kalik Kalik Informatika ISP Dana 4/4/2008, Devinder Singh [EMAIL PROTECTED] piše: Hi Ivan Kalik When i set EAP turned on using 802.1x authentication i dont sem to get users authenticated to the RADIUS Raccheck account table. How do i enable EAP using 802.1x and allow users to get authenticated to the RADIUS Server radcheck table which has the user name and login details Thank you Devinder On 04/04/2008, Devinder Singh [EMAIL PROTECTED] wrote: I guesss i need to use VLAN methods and two SSID On 03/04/2008, Ivan Kalik [EMAIL PROTECTED] wrote: radiusd -X. Send the debug of the monowall request. Ivan Kalik Kalik Informatika ISP Dana 3/4/2008, Devinder Singh [EMAIL PROTECTED] piše: Hi I have set up Free Radius to allows users to set up certificates on their notebook and get access to the Internet. When i set EAP i cant sem to allow monowall captiv portal users to login to the RADIUS Server. Is there any settings to be done in users.conf file or radiusd .conf file to allow users to login via the monowall captive portal login page. FREE Radisu rejects login from the caprive portal login. Shoud i be using MSCHAP or can i still use EAP. Thank you Devinder - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- Devinder -- Devinder - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- Devinder - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- Devinder - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Fwd: EAP Authentication
I want to authenticate users through using EAP authentication. I managed to generate the client and root certs from Free Radius. I have installed the client sert in my notebook. and managed to get authenticated via AP to Radius. But i cant seem to find them in the Free Radius accounting database. There is no log event in the database. I want them to be authenticated in the radcheck table so that i can set bandwidth to them. Hope you can help me on this. Would it be possible to also have monowall users to log into the captive portal at the same time with EAP turned on in Free Radius. I want private users to authenticate via certs and also go through captive portal. If i enable EAP TLS then users cant login using the captive portal login page. Regards, -- Devinder -- Devinder - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: EAP Authentication
Hi Ivan Kalik When i set EAP turned on using 802.1x authentication i dont sem to get users authenticated to the RADIUS Raccheck account table. How do i enable EAP using 802.1x and allow users to get authenticated to the RADIUS Server radcheck table which has the user name and login details Thank you Devinder On 04/04/2008, Devinder Singh [EMAIL PROTECTED] wrote: I guesss i need to use VLAN methods and two SSID On 03/04/2008, Ivan Kalik [EMAIL PROTECTED] wrote: radiusd -X. Send the debug of the monowall request. Ivan Kalik Kalik Informatika ISP Dana 3/4/2008, Devinder Singh [EMAIL PROTECTED] piše: Hi I have set up Free Radius to allows users to set up certificates on their notebook and get access to the Internet. When i set EAP i cant sem to allow monowall captiv portal users to login to the RADIUS Server. Is there any settings to be done in users.conf file or radiusd .conf file to allow users to login via the monowall captive portal login page. FREE Radisu rejects login from the caprive portal login. Shoud i be using MSCHAP or can i still use EAP. Thank you Devinder - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- Devinder -- Devinder - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Authorize with SQL and/or AD with ntlm_auth
Hi I want Free Radius to authenticate user in my Radcheck table using EAP-TLS vai 802.1x authentication. Currently it is authenticating users in users.conf file Regards Devinder - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: EAP Authentication
Hi Ivan Im using EAP-TLS authentication. Could you tell me the sql configuration to allow EAP-TLS to read radcheck table instead of users.conf file Thanks -Devinder On 04/04/2008, Ivan Kalik [EMAIL PROTECTED] wrote: Which EAP? TLS, PEAP, something else? Have you uncommented sql in authorize section? Debug would help. Ivan Kalik Kalik Informatika ISP Dana 4/4/2008, Devinder Singh [EMAIL PROTECTED] piše: Hi Ivan Kalik When i set EAP turned on using 802.1x authentication i dont sem to get users authenticated to the RADIUS Raccheck account table. How do i enable EAP using 802.1x and allow users to get authenticated to the RADIUS Server radcheck table which has the user name and login details Thank you Devinder On 04/04/2008, Devinder Singh [EMAIL PROTECTED] wrote: I guesss i need to use VLAN methods and two SSID On 03/04/2008, Ivan Kalik [EMAIL PROTECTED] wrote: radiusd -X. Send the debug of the monowall request. Ivan Kalik Kalik Informatika ISP Dana 3/4/2008, Devinder Singh [EMAIL PROTECTED] piše: Hi I have set up Free Radius to allows users to set up certificates on their notebook and get access to the Internet. When i set EAP i cant sem to allow monowall captiv portal users to login to the RADIUS Server. Is there any settings to be done in users.conf file or radiusd .conf file to allow users to login via the monowall captive portal login page. FREE Radisu rejects login from the caprive portal login. Shoud i be using MSCHAP or can i still use EAP. Thank you Devinder - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- Devinder -- Devinder - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- Devinder - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: EAP Authentication
I guesss i need to use VLAN methods and two SSID On 03/04/2008, Ivan Kalik [EMAIL PROTECTED] wrote: radiusd -X. Send the debug of the monowall request. Ivan Kalik Kalik Informatika ISP Dana 3/4/2008, Devinder Singh [EMAIL PROTECTED] piše: Hi I have set up Free Radius to allows users to set up certificates on their notebook and get access to the Internet. When i set EAP i cant sem to allow monowall captiv portal users to login to the RADIUS Server. Is there any settings to be done in users.conf file or radiusd .conf file to allow users to login via the monowall captive portal login page. FREE Radisu rejects login from the caprive portal login. Shoud i be using MSCHAP or can i still use EAP. Thank you Devinder - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- Devinder - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
EAP Authentication
Hi I have set up Free Radius to allows users to set up certificates on their notebook and get access to the Internet. When i set EAP i cant sem to allow monowall captiv portal users to login to the RADIUS Server. Is there any settings to be done in users.conf file or radiusd .conf file to allow users to login via the monowall captive portal login page. FREE Radisu rejects login from the caprive portal login. Shoud i be using MSCHAP or can i still use EAP. Thank you Devinder - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
802.1x Authentication
Hi Does Free Radius has support for 802.1x authentication such as providing Certificate. Can it also integrate with MIcrosoft Active Direcrtory, Regards -- Devinder - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Monitoring Tool for Freeradius
Hi I had use daloradius and you can monitor how many users are online etc On 01/02/2008, Julian Stöver [EMAIL PROTECTED] wrote: Hello, is there any monitoring tool for freeradius or another possibility to see how many people are logged in and to do some other stuff? like the monitoring tool for openvpn? Would be nice if there's something avaible! bye! julian - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- Devinder - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: cannot connect to sql databse
Hi Liran This is my log file i cant find any errors for cannot connect to sql database Thanks Devinder 080124 14:48:58 mysqld ended 080124 14:48:58 mysqld started 080124 14:48:58 InnoDB: Started; log sequence number 0 43655 080124 14:48:58 [Note] /usr/sbin/mysqld: ready for connections. Version: '5.0.45' socket: '/var/lib/mysql/mysql.sock' port: 3306 SUSE MySQL RPM 080124 15:26:09 [Note] /usr/sbin/mysqld: Normal shutdown 080124 15:26:09 InnoDB: Starting shutdown... 080124 15:26:11 InnoDB: Shutdown completed; log sequence number 0 43655 080124 15:26:11 [Note] /usr/sbin/mysqld: Shutdown complete 080124 15:26:11 mysqld ended 080124 15:26:11 mysqld started 080124 15:26:11 InnoDB: Started; log sequence number 0 43655 080124 15:26:11 [Note] /usr/sbin/mysqld: ready for connections. Version: '5.0.45' socket: '/var/lib/mysql/mysql.sock' port: 3306 SUSE MySQL RPM 080124 15:40:56 [Note] /usr/sbin/mysqld: Normal shutdown 080124 15:40:56 InnoDB: Starting shutdown... 080124 15:40:57 InnoDB: Shutdown completed; log sequence number 0 43655 080124 15:40:57 [Note] /usr/sbin/mysqld: Shutdown complete 080124 15:40:57 mysqld ended 080124 15:40:57 mysqld started 080124 15:40:57 InnoDB: Started; log sequence number 0 43655 080124 15:40:58 [Note] /usr/sbin/mysqld: ready for connections. Version: '5.0.45' socket: '/var/lib/mysql/mysql.sock' port: 3306 SUSE MySQL RPM On 29/01/2008, liran tal [EMAIL PROTECTED] wrote: Hey Devinder, On Jan 29, 2008 9:50 AM, Devinder Singh [EMAIL PROTECTED] wrote: Hi Liran The exact error message on Dial Up Admin is cannot connec to sql database. Well that's not too helpful now, is it? I'm not too familiar with dialupadmin, maybe someone else can donate his 2 cents if they had this problem as well. Like I said before, you should try debugging the problem by taking a look at log files instead of trying to guess the problem into discovery. Some thoughts to think about: - is this working if you run it from console? mysql -u freeradius -pmysuperpassword radius - do you have the necessary php mysql package installed? (php4-mysql or php5-mysql) Regards, Liran Tal. On 29/01/2008, Liran Tal [EMAIL PROTECTED] wrote: Hey Devinder, On Jan 29, 2008 9:41 AM, Devinder Singh [EMAIL PROTECTED] wrote: Hi Liran Where shoud i turn on the Logging in which file could you let me know what files are involved to do logging. Turning on the mysql logging is done in mysql's configuration file (on debian it's found at /etc/mysql/my.cnf). What is the exact error message you receive in the web page? Dial Up admin page i get cannot connect to sql databse is too ambiguous. Copy and paste it here. Regards, Liran Tal. On 29/01/2008, liran tal [EMAIL PROTECTED] wrote: Hey Devinder, On Jan 29, 2008 5:06 AM, Devinder Singh [EMAIL PROTECTED] wrote: Dear Liran this is my dialup_admin.conf file sql_type: mysql sql_server: localhost sql_port: 3306 sql_username: freeradius sql_password: mysuperpassword sql_database: radius sql_accounting_table: radacct sql_badusers_table: badusers sql_check_table: radcheck sql_reply_table: radreply sql_user_info_table: userinfo sql_groupcheck_table: radgroupcheck sql_groupreply_table: radgroupreply sql_usergroup_table: usergroup and this is the /usr/raddb/sql.conf confihguration sql { # Database type # Current supported are: rlm_sql_mysql, rlm_sql_postgresql, # rlm_sql_iodbc, rlm_sql_oracle, rlm_sql_unixodbc, rlm_sql_freetds driver = rlm_sql_mysql # Connect info server = localhost login = freeradius password = mysuperpassword # Database table configuration radius_db = radius # If you want both stop and start records logged to the # same SQL table, leave this as is. If you want them in # different tables, put the start table in acct_table1 # and stop table in acct_table2 acct_table1 = radacct acct_table2 = radacct # Allow for storing data after authentication postauth_table = radpostauth Is there anything that i as missing pls advise. I guess that looks alright but you haven't done any debugging like I suggested. Turn on mysql logging and see if there's even a connection attempt and if there is you can track what query is going wrong. You haven't detailed what is the exact error, it could just as well be that everything is configured fine but you haven't installed any php-mysql package and you have
Re: cannot connect to sql databse
I have hard times with Dial Up Admin Shoud i proceed with daloradius do i install in in srv/www folder like dial up On 28/01/2008, liran tal [EMAIL PROTECTED] wrote: Hey Devinder, On Jan 28, 2008 4:35 AM, Devinder Singh [EMAIL PROTECTED] wrote: Hi I am using Dial Up Admin on Free radius Free Radius is Running but when i acccess Dial Up admin page i get cannot connect to sql databse I have done most of the configuration settings and followed the wiki tutorial on Free Radius. Did you check that your sql server is actually running? Did you import the radius database schema into the sql server? Did you configure all the required settings to connect to the sql server in dialupadmin? You also might want to take a look at daloRADIUS for easy web management of freeradius with sql servers: http://sourceforge.net/projects/daloradius/ Regards, Liran. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- Devinder - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: cannot connect to sql databse
Yes i can access mysql rom CLI On 30/01/2008, YvesDM [EMAIL PROTECTED] wrote: On Jan 30, 2008 10:15 AM, Devinder Singh [EMAIL PROTECTED] wrote: Hi Liran This is my log file i cant find any errors for cannot connect to sql database Thanks Devinder 080124 14:48:58 mysqld ended 080124 14:48:58 mysqld started 080124 14:48:58 InnoDB: Started; log sequence number 0 43655 080124 14:48:58 [Note] /usr/sbin/mysqld: ready for connections. Version: '5.0.45' socket: '/var/lib/mysql/mysql.sock' port: 3306 SUSE MySQL RPM 080124 15:26:09 [Note] /usr/sbin/mysqld: Normal shutdown 080124 15:26:09 InnoDB: Starting shutdown... 080124 15:26:11 InnoDB: Shutdown completed; log sequence number 0 43655 080124 15:26:11 [Note] /usr/sbin/mysqld: Shutdown complete 080124 15:26:11 mysqld ended 080124 15:26:11 mysqld started 080124 15:26:11 InnoDB: Started; log sequence number 0 43655 080124 15:26:11 [Note] /usr/sbin/mysqld: ready for connections. Version: '5.0.45' socket: '/var/lib/mysql/mysql.sock' port: 3306 SUSE MySQL RPM 080124 15:40:56 [Note] /usr/sbin/mysqld: Normal shutdown 080124 15:40:56 InnoDB: Starting shutdown... 080124 15:40:57 InnoDB: Shutdown completed; log sequence number 0 43655 080124 15:40:57 [Note] /usr/sbin/mysqld: Shutdown complete 080124 15:40:57 mysqld ended 080124 15:40:57 mysqld started 080124 15:40:57 InnoDB: Started; log sequence number 0 43655 080124 15:40:58 [Note] /usr/sbin/mysqld: ready for connections. Version: '5.0.45' socket: '/var/lib/mysql/mysql.sock' port: 3306 SUSE MySQL RPM Does mysql actually keep running? What gives ps -ae | grep mysql Can you acces your database from the cli? kind regards, Y. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- Devinder - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: cannot connect to sql databse
Hi Liran Do u have Yahoo IM or IRC channel to chat Ok i will instal and configure daloradius Will it work well with FreeRadius server Where do i extract the tar file i have srv/www folder Thanks Devinder On 30/01/2008, Liran Tal [EMAIL PROTECTED] wrote: On Jan 30, 2008 10:15 AM, Devinder Singh [EMAIL PROTECTED] wrote: Hi Liran This is my log file i cant find any errors for cannot connect to sql database If you don't find any connection attempts information then it means that dialupadmin isn't initiating a connection due to one of the reasons I have mentioned before or something else. We've been exchanging so many emails so far and you haven't checked what I've told you to. I can't help you more with dialupadmin as I am not aware of its common configuration issues, if daloradius is an appropriate alternative for you I will be happy to assist you with it. Regards, Liran Tal. On 29/01/2008, liran tal [EMAIL PROTECTED] wrote: Hey Devinder, On Jan 29, 2008 9:50 AM, Devinder Singh [EMAIL PROTECTED] wrote: Hi Liran The exact error message on Dial Up Admin is cannot connec to sql database. Well that's not too helpful now, is it? I'm not too familiar with dialupadmin, maybe someone else can donate his 2 cents if they had this problem as well. Like I said before, you should try debugging the problem by taking a look at log files instead of trying to guess the problem into discovery. Some thoughts to think about: - is this working if you run it from console? mysql -u freeradius -pmysuperpassword radius - do you have the necessary php mysql package installed? (php4-mysql or php5-mysql) Regards, Liran Tal. On 29/01/2008, Liran Tal [EMAIL PROTECTED] wrote: Hey Devinder, On Jan 29, 2008 9:41 AM, Devinder Singh [EMAIL PROTECTED] wrote: Hi Liran Where shoud i turn on the Logging in which file could you let me know what files are involved to do logging. Turning on the mysql logging is done in mysql's configuration file (on debian it's found at /etc/mysql/my.cnf). What is the exact error message you receive in the web page? Dial Up admin page i get cannot connect to sql databse is too ambiguous. Copy and paste it here. Regards, Liran Tal. On 29/01/2008, liran tal [EMAIL PROTECTED] wrote: Hey Devinder, On Jan 29, 2008 5:06 AM, Devinder Singh [EMAIL PROTECTED] wrote: Dear Liran this is my dialup_admin.conf file sql_type: mysql sql_server: localhost sql_port: 3306 sql_username: freeradius sql_password: mysuperpassword sql_database: radius sql_accounting_table: radacct sql_badusers_table: badusers sql_check_table: radcheck sql_reply_table: radreply sql_user_info_table: userinfo sql_groupcheck_table: radgroupcheck sql_groupreply_table: radgroupreply sql_usergroup_table: usergroup and this is the /usr/raddb/sql.conf confihguration sql { # Database type # Current supported are: rlm_sql_mysql, rlm_sql_postgresql, # rlm_sql_iodbc, rlm_sql_oracle, rlm_sql_unixodbc, rlm_sql_freetds driver = rlm_sql_mysql # Connect info server = localhost login = freeradius password = mysuperpassword # Database table configuration radius_db = radius # If you want both stop and start records logged to the # same SQL table, leave this as is. If you want them in # different tables, put the start table in acct_table1 # and stop table in acct_table2 acct_table1 = radacct acct_table2 = radacct # Allow for storing data after authentication postauth_table = radpostauth Is there anything that i as missing pls advise. I guess that looks alright but you haven't done any debugging like I suggested. Turn on mysql logging and see if there's even a connection attempt and if there is you can track what query is going wrong. You haven't detailed what is the exact error, it could just as well be that everything is configured fine but you haven't installed any php-mysql package and you have error_reporting turned off and so you are not seeing the error. Please check these things first. Regards, Liran Tal
Re: cannot connect to sql databse
Thanks Liran On 30/01/2008, Liran Tal [EMAIL PROTECTED] wrote: On Jan 30, 2008 10:42 AM, Devinder Singh [EMAIL PROTECTED] wrote: I have hard times with Dial Up Admin Shoud i proceed with daloradius do i install in in srv/www folder like dial up Yes you install it wherever you usually place your web projects on your distribution which is configured with apache. Please let's continue this discussion in a new thread, the daloradius mailing list or the on the irc channel #daloradius on freenode. Regards, Liran Tal. On 28/01/2008, liran tal [EMAIL PROTECTED] wrote: Hey Devinder, On Jan 28, 2008 4:35 AM, Devinder Singh [EMAIL PROTECTED] wrote: Hi I am using Dial Up Admin on Free radius Free Radius is Running but when i acccess Dial Up admin page i get cannot connect to sql databse I have done most of the configuration settings and followed the wiki tutorial on Free Radius. Did you check that your sql server is actually running? Did you import the radius database schema into the sql server? Did you configure all the required settings to connect to the sql server in dialupadmin? You also might want to take a look at daloRADIUS for easy web management of freeradius with sql servers: http://sourceforge.net/projects/daloradius/ Regards, Liran. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- Devinder - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- Devinder - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: cannot connect to sql databse
Hi Liran The exact error message on Dial Up Admin is cannot connec to sql database. Rgds Devinder On 29/01/2008, Liran Tal [EMAIL PROTECTED] wrote: Hey Devinder, On Jan 29, 2008 9:41 AM, Devinder Singh [EMAIL PROTECTED] wrote: Hi Liran Where shoud i turn on the Logging in which file could you let me know what files are involved to do logging. Turning on the mysql logging is done in mysql's configuration file (on debian it's found at /etc/mysql/my.cnf). What is the exact error message you receive in the web page? Dial Up admin page i get cannot connect to sql databse is too ambiguous. Copy and paste it here. Regards, Liran Tal. On 29/01/2008, liran tal [EMAIL PROTECTED] wrote: Hey Devinder, On Jan 29, 2008 5:06 AM, Devinder Singh [EMAIL PROTECTED] wrote: Dear Liran this is my dialup_admin.conf file sql_type: mysql sql_server: localhost sql_port: 3306 sql_username: freeradius sql_password: mysuperpassword sql_database: radius sql_accounting_table: radacct sql_badusers_table: badusers sql_check_table: radcheck sql_reply_table: radreply sql_user_info_table: userinfo sql_groupcheck_table: radgroupcheck sql_groupreply_table: radgroupreply sql_usergroup_table: usergroup and this is the /usr/raddb/sql.conf confihguration sql { # Database type # Current supported are: rlm_sql_mysql, rlm_sql_postgresql, # rlm_sql_iodbc, rlm_sql_oracle, rlm_sql_unixodbc, rlm_sql_freetds driver = rlm_sql_mysql # Connect info server = localhost login = freeradius password = mysuperpassword # Database table configuration radius_db = radius # If you want both stop and start records logged to the # same SQL table, leave this as is. If you want them in # different tables, put the start table in acct_table1 # and stop table in acct_table2 acct_table1 = radacct acct_table2 = radacct # Allow for storing data after authentication postauth_table = radpostauth Is there anything that i as missing pls advise. I guess that looks alright but you haven't done any debugging like I suggested. Turn on mysql logging and see if there's even a connection attempt and if there is you can track what query is going wrong. You haven't detailed what is the exact error, it could just as well be that everything is configured fine but you haven't installed any php-mysql package and you have error_reporting turned off and so you are not seeing the error. Please check these things first. Regards, Liran Tal. On 28/01/2008, Devinder Singh [EMAIL PROTECTED] wrote: Hi Liran Are the a lot of changes to be made on Dial Up Admin admin.conffile Could you suggest any specific changes as well in etc/raddb/sql.conf Regards Devinder On 28/01/2008, Liran Tal [EMAIL PROTECTED] wrote: Hey Devinder, On Jan 28, 2008 8:44 AM, Devinder Singh [EMAIL PROTECTED] wrote: Hi Liran I amd using MySQL would daloradius work with MySQL Yes, daloradius has native support for mysql. You check on dialupadmin for configuring errors - what is the error message that you get? It is also very useful to turn on mysql logging to see if there's even a connection attempt and if there is, what is causing the error. Regards, Liran Tal. On 28/01/2008, liran tal [EMAIL PROTECTED] wrote: Hey Devinder, On Jan 28, 2008 4:35 AM, Devinder Singh [EMAIL PROTECTED] wrote: Hi I am using Dial Up Admin on Free radius Free Radius is Running but when i acccess Dial Up admin page i get cannot connect to sql databse I have done most of the configuration settings and followed the wiki tutorial on Free Radius. Did you check that your sql server is actually running? Did you import the radius database schema into the sql server? Did you configure all the required settings to connect to the sql server in dialupadmin? You also might want to take a look at daloRADIUS for easy web management of freeradius with sql servers: http://sourceforge.net/projects/daloradius/ Regards, Liran. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list
Re: cannot connect to sql databse
Hi Liran Where shoud i turn on the Logging in which file could you let me know what files are involved to do logging. Regards Devinder On 29/01/2008, liran tal [EMAIL PROTECTED] wrote: Hey Devinder, On Jan 29, 2008 5:06 AM, Devinder Singh [EMAIL PROTECTED] wrote: Dear Liran this is my dialup_admin.conf file sql_type: mysql sql_server: localhost sql_port: 3306 sql_username: freeradius sql_password: mysuperpassword sql_database: radius sql_accounting_table: radacct sql_badusers_table: badusers sql_check_table: radcheck sql_reply_table: radreply sql_user_info_table: userinfo sql_groupcheck_table: radgroupcheck sql_groupreply_table: radgroupreply sql_usergroup_table: usergroup and this is the /usr/raddb/sql.conf confihguration sql { # Database type # Current supported are: rlm_sql_mysql, rlm_sql_postgresql, # rlm_sql_iodbc, rlm_sql_oracle, rlm_sql_unixodbc, rlm_sql_freetds driver = rlm_sql_mysql # Connect info server = localhost login = freeradius password = mysuperpassword # Database table configuration radius_db = radius # If you want both stop and start records logged to the # same SQL table, leave this as is. If you want them in # different tables, put the start table in acct_table1 # and stop table in acct_table2 acct_table1 = radacct acct_table2 = radacct # Allow for storing data after authentication postauth_table = radpostauth Is there anything that i as missing pls advise. I guess that looks alright but you haven't done any debugging like I suggested. Turn on mysql logging and see if there's even a connection attempt and if there is you can track what query is going wrong. You haven't detailed what is the exact error, it could just as well be that everything is configured fine but you haven't installed any php-mysql package and you have error_reporting turned off and so you are not seeing the error. Please check these things first. Regards, Liran Tal. On 28/01/2008, Devinder Singh [EMAIL PROTECTED] wrote: Hi Liran Are the a lot of changes to be made on Dial Up Admin admin.conf file Could you suggest any specific changes as well in etc/raddb/sql.conf Regards Devinder On 28/01/2008, Liran Tal [EMAIL PROTECTED] wrote: Hey Devinder, On Jan 28, 2008 8:44 AM, Devinder Singh [EMAIL PROTECTED] wrote: Hi Liran I amd using MySQL would daloradius work with MySQL Yes, daloradius has native support for mysql. You check on dialupadmin for configuring errors - what is the error message that you get? It is also very useful to turn on mysql logging to see if there's even a connection attempt and if there is, what is causing the error. Regards, Liran Tal. On 28/01/2008, liran tal [EMAIL PROTECTED] wrote: Hey Devinder, On Jan 28, 2008 4:35 AM, Devinder Singh [EMAIL PROTECTED] wrote: Hi I am using Dial Up Admin on Free radius Free Radius is Running but when i acccess Dial Up admin page i get cannot connect to sql databse I have done most of the configuration settings and followed the wiki tutorial on Free Radius. Did you check that your sql server is actually running? Did you import the radius database schema into the sql server? Did you configure all the required settings to connect to the sql server in dialupadmin? You also might want to take a look at daloRADIUS for easy web management of freeradius with sql servers: http://sourceforge.net/projects/daloradius/ Regards, Liran. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- Devinder - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- Devinder -- Devinder - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- Devinder - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: cannot connect to sql databse
Hi Liran Are the a lot of changes to be made on Dial Up Admin admin.conf file Could you suggest any specific changes as well in etc/raddb/sql.conf Regards Devinder On 28/01/2008, Liran Tal [EMAIL PROTECTED] wrote: Hey Devinder, On Jan 28, 2008 8:44 AM, Devinder Singh [EMAIL PROTECTED] wrote: Hi Liran I amd using MySQL would daloradius work with MySQL Yes, daloradius has native support for mysql. You check on dialupadmin for configuring errors - what is the error message that you get? It is also very useful to turn on mysql logging to see if there's even a connection attempt and if there is, what is causing the error. Regards, Liran Tal. On 28/01/2008, liran tal [EMAIL PROTECTED] wrote: Hey Devinder, On Jan 28, 2008 4:35 AM, Devinder Singh [EMAIL PROTECTED] wrote: Hi I am using Dial Up Admin on Free radius Free Radius is Running but when i acccess Dial Up admin page i get cannot connect to sql databse I have done most of the configuration settings and followed the wiki tutorial on Free Radius. Did you check that your sql server is actually running? Did you import the radius database schema into the sql server? Did you configure all the required settings to connect to the sql server in dialupadmin? You also might want to take a look at daloRADIUS for easy web management of freeradius with sql servers: http://sourceforge.net/projects/daloradius/ Regards, Liran. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- Devinder - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- Devinder - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
cannot connect to sql databse
Dear Liran this is my dialup_admin.conf file sql_type: mysql sql_server: localhost sql_port: 3306 sql_username: freeradius sql_password: mysuperpassword sql_database: radius sql_accounting_table: radacct sql_badusers_table: badusers sql_check_table: radcheck sql_reply_table: radreply sql_user_info_table: userinfo sql_groupcheck_table: radgroupcheck sql_groupreply_table: radgroupreply sql_usergroup_table: usergroup and this is the /usr/raddb/sql.conf confihguration sql { # Database type # Current supported are: rlm_sql_mysql, rlm_sql_postgresql, # rlm_sql_iodbc, rlm_sql_oracle, rlm_sql_unixodbc, rlm_sql_freetds driver = rlm_sql_mysql # Connect info server = localhost login = freeradius password = mysuperpassword # Database table configuration radius_db = radius # If you want both stop and start records logged to the # same SQL table, leave this as is. If you want them in # different tables, put the start table in acct_table1 # and stop table in acct_table2 acct_table1 = radacct acct_table2 = radacct # Allow for storing data after authentication postauth_table = radpostauth Is there anything that i as missing pls advise. Regards Devinder On 28/01/2008, Devinder Singh [EMAIL PROTECTED] wrote: Hi Liran Are the a lot of changes to be made on Dial Up Admin admin.conf file Could you suggest any specific changes as well in etc/raddb/sql.conf Regards Devinder On 28/01/2008, Liran Tal [EMAIL PROTECTED] wrote: Hey Devinder, On Jan 28, 2008 8:44 AM, Devinder Singh [EMAIL PROTECTED] wrote: Hi Liran I amd using MySQL would daloradius work with MySQL Yes, daloradius has native support for mysql. You check on dialupadmin for configuring errors - what is the error message that you get? It is also very useful to turn on mysql logging to see if there's even a connection attempt and if there is, what is causing the error. Regards, Liran Tal. On 28/01/2008, liran tal [EMAIL PROTECTED] wrote: Hey Devinder, On Jan 28, 2008 4:35 AM, Devinder Singh [EMAIL PROTECTED] wrote: Hi I am using Dial Up Admin on Free radius Free Radius is Running but when i acccess Dial Up admin page i get cannot connect to sql databse I have done most of the configuration settings and followed the wiki tutorial on Free Radius. Did you check that your sql server is actually running? Did you import the radius database schema into the sql server? Did you configure all the required settings to connect to the sql server in dialupadmin? You also might want to take a look at daloRADIUS for easy web management of freeradius with sql servers: http://sourceforge.net/projects/daloradius/ Regards, Liran. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- Devinder - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- Devinder -- Devinder - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Fwd: cannot connect to sql databse
Hi I am using Dial Up Admin on Free radius Free Radius is Running but when i acccess Dial Up admin page i get cannot connect to sql databse I have done most of the configuration settings and followed the wiki tutorial on Free Radius. Please help as i want to get the Dial Up Admin Page to work. Thank you. -- Devinder -- Devinder - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: cannot connect to sql databse
Hi Liran Yes MySQL is running and i have omport the database scheme in Radius db Im not sure whether i have configured the settings in dial up admin. I managed to configure admin.conf username and password as per acces to MySQL databae i eeven tried the root login and passwoed for mysql but cant acess. Regards Devinder On 28/01/2008, liran tal [EMAIL PROTECTED] wrote: Hey Devinder, On Jan 28, 2008 4:35 AM, Devinder Singh [EMAIL PROTECTED] wrote: Hi I am using Dial Up Admin on Free radius Free Radius is Running but when i acccess Dial Up admin page i get cannot connect to sql databse I have done most of the configuration settings and followed the wiki tutorial on Free Radius. Did you check that your sql server is actually running? Did you import the radius database schema into the sql server? Did you configure all the required settings to connect to the sql server in dialupadmin? You also might want to take a look at daloRADIUS for easy web management of freeradius with sql servers: http://sourceforge.net/projects/daloradius/ Regards, Liran. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- Devinder - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: cannot connect to sql databse
Hi Liran I amd using MySQL would daloradius work with MySQL Thanks Regards Devinder On 28/01/2008, liran tal [EMAIL PROTECTED] wrote: Hey Devinder, On Jan 28, 2008 4:35 AM, Devinder Singh [EMAIL PROTECTED] wrote: Hi I am using Dial Up Admin on Free radius Free Radius is Running but when i acccess Dial Up admin page i get cannot connect to sql databse I have done most of the configuration settings and followed the wiki tutorial on Free Radius. Did you check that your sql server is actually running? Did you import the radius database schema into the sql server? Did you configure all the required settings to connect to the sql server in dialupadmin? You also might want to take a look at daloRADIUS for easy web management of freeradius with sql servers: http://sourceforge.net/projects/daloradius/ Regards, Liran. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- Devinder - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html