Re: Authentication Failed
##
#
# Create a new client certificate, signed by the the above server
# certificate.
#
##
client.csr client.key: client.cnf
openssl req -new -out client.csr -keyout client.key -config
./client.cnf
client.crt: client.csr ca.pem ca.key index.txt serial
openssl ca -batch -keyfile ca.key -cert ca.pem -in client.csr -key
$(PASSWORD_CA) -out client.crt -extensions xpclient_ext -extfile
xpextensions -config ./client.cnf
client.p12: client.crt
openssl pkcs12 -export -in client.crt -inkey client.key -out
client.p12 -passin pass:$(PASSWORD_CLIENT) -passout pass:$(PASSWORD_CLIENT)
client.pem: client.p12
openssl pkcs12 -in client.p12 -out client.pem -passin
pass:$(PASSWORD_CLIENT) -passout pass:$(PASSWORD_CLIENT)
cp client.pem $(USER_NAME).pem
.PHONY: server.vrfy
client.vrfy: ca.pem client.pem
c_rehash .
openssl verify -CApath . client.pem
2010/1/20 Devinder Singh devinbhul...@gmail.com
Hi Ivan,
I cant seem to authenticate my Windows XP client using EAP authentication.
I have folllowed the steps in /etc/raddb/certs
This is my radius start up
Module: Instantiating
eap-tls
tls
{
rsa_key_exchange =
no
dh_key_exchange =
yes
rsa_key_length =
512
dh_key_length =
512
verify_depth =
0
pem_file_type =
yes
private_key_file =
/etc/raddb/certs/server.pem
certificate_file =
/etc/raddb/certs/server.pem
CA_file =
/etc/raddb/certs/ca.pem
private_key_password =
myettelap
dh_file =
/etc/raddb/certs/dh
random_file =
/etc/raddb/certs/random
fragment_size =
1024
include_length =
yes
check_crl =
no
cipher_list =
DEFAULT
make_cert_command =
/etc/raddb/certs/bootstrap
cache
{
enable =
no
lifetime =
24
max_entries =
255
}
}
Module: Linked to sub-module
rlm_eap_ttls
Module: Instantiating
eap-ttls
ttls
{
default_eap_type =
md5
copy_request_to_tunnel =
no
use_tunneled_reply =
no
virtual_server =
inner-tunnel
}
Module: Linked to sub-module
rlm_eap_peap
Module: Instantiating
eap-peap
peap
{
default_eap_type =
mschapv2
copy_request_to_tunnel =
no
use_tunneled_reply =
no
proxy_tunneled_request_as_eap =
yes
virtual_server =
inner-tunnel
}
Module: Linked to sub-module
rlm_eap_mschapv2
Module: Instantiating
eap-mschapv2
mschapv2
{
with_ntdomain_hack =
no
}
Module: Checking authorize {...} for more modules to
load
Module: Linked to module
rlm_realm
Module: Instantiating
suffix
realm suffix
{
format =
suffix
delimiter =
@
ignore_default =
no
ignore_null =
no
}
Module: Linked to module
rlm_files
Module: Instantiating
files
files
{
usersfile =
/etc/raddb/users
acctusersfile =
/etc/raddb/acct_users
preproxy_usersfile =
/etc/raddb/preproxy_users
compat =
no
}
Module: Checking session {...} for more modules to
load
Module: Linked to module
rlm_radutmp
Module: Instantiating
radutmp
radutmp
{
filename =
/var/log/radius/radutmp
username =
%{User-Name}
case_sensitive =
yes
check_with_nas =
yes
perm =
384
callerid =
yes
}
Module: Checking post-proxy {...} for more modules to
load
Module: Checking post-auth {...} for more modules to
load
Module: Linked to module
rlm_attr_filter
Module: Instantiating
attr_filter.access_reject
attr_filter attr_filter.access_reject
{
attrsfile =
/etc/raddb/attrs.access_reject
key =
%{User-Name}
}
}
}
modules
{
Module: Checking authenticate {...} for more modules to
load
Module: Checking authorize {...} for more modules to
load
Module: Linked to module
rlm_preprocess
Module: Instantiating
preprocess
preprocess
{
huntgroups =
/etc/raddb/huntgroups
hints =
/etc/raddb/hints
with_ascend_hack =
no
ascend_channels_per_line =
23
with_ntdomain_hack =
no
with_specialix_jetstream_hack =
no
with_cisco_vsa_hack =
no
with_alvarion_vsa_hack =
no
}
Module: Checking preacct {...} for more modules to
load
Module: Linked to module
rlm_acct_unique
Module: Instantiating acct_unique
acct_unique {
key = User-Name, Acct-Session-Id, NAS-IP-Address,
Client-IP-Address, NAS-Port
}
Module: Checking accounting {...} for more modules to load
Module: Linked to module rlm_detail
Module: Instantiating detail
detail {
detailfile =
/var/log/radius/radacct/%{Client-IP-Address}/detail-%Y%m%d
header = %t
detailperm
Re: Authentication Failed
When i click on my SSID i get authentication failed. The Proxim AP reports
Radius not connected and i dont get to see any reply on Radius Server
2010/1/20 Devinder Singh devinbhul...@gmail.com
##
#
# Create a new client certificate, signed by the the above server
# certificate.
#
##
client.csr client.key: client.cnf
openssl req -new -out client.csr -keyout client.key -config
./client.cnf
client.crt: client.csr ca.pem ca.key index.txt serial
openssl ca -batch -keyfile ca.key -cert ca.pem -in client.csr -key
$(PASSWORD_CA) -out client.crt -extensions xpclient_ext -extfile
xpextensions -config ./client.cnf
client.p12: client.crt
openssl pkcs12 -export -in client.crt -inkey client.key -out
client.p12 -passin pass:$(PASSWORD_CLIENT) -passout pass:$(PASSWORD_CLIENT)
client.pem: client.p12
openssl pkcs12 -in client.p12 -out client.pem -passin
pass:$(PASSWORD_CLIENT) -passout pass:$(PASSWORD_CLIENT)
cp client.pem $(USER_NAME).pem
.PHONY: server.vrfy
client.vrfy: ca.pem client.pem
c_rehash .
openssl verify -CApath . client.pem
2010/1/20 Devinder Singh devinbhul...@gmail.com
Hi Ivan,
I cant seem to authenticate my Windows XP client using EAP authentication.
I have folllowed the steps in /etc/raddb/certs
This is my radius start up
Module: Instantiating
eap-tls
tls
{
rsa_key_exchange =
no
dh_key_exchange =
yes
rsa_key_length =
512
dh_key_length =
512
verify_depth =
0
pem_file_type =
yes
private_key_file =
/etc/raddb/certs/server.pem
certificate_file =
/etc/raddb/certs/server.pem
CA_file =
/etc/raddb/certs/ca.pem
private_key_password =
myettelap
dh_file =
/etc/raddb/certs/dh
random_file =
/etc/raddb/certs/random
fragment_size =
1024
include_length =
yes
check_crl =
no
cipher_list =
DEFAULT
make_cert_command =
/etc/raddb/certs/bootstrap
cache
{
enable =
no
lifetime =
24
max_entries =
255
}
}
Module: Linked to sub-module
rlm_eap_ttls
Module: Instantiating
eap-ttls
ttls
{
default_eap_type =
md5
copy_request_to_tunnel =
no
use_tunneled_reply =
no
virtual_server =
inner-tunnel
}
Module: Linked to sub-module
rlm_eap_peap
Module: Instantiating
eap-peap
peap
{
default_eap_type =
mschapv2
copy_request_to_tunnel =
no
use_tunneled_reply =
no
proxy_tunneled_request_as_eap =
yes
virtual_server =
inner-tunnel
}
Module: Linked to sub-module
rlm_eap_mschapv2
Module: Instantiating
eap-mschapv2
mschapv2
{
with_ntdomain_hack =
no
}
Module: Checking authorize {...} for more modules to
load
Module: Linked to module
rlm_realm
Module: Instantiating
suffix
realm suffix
{
format =
suffix
delimiter =
@
ignore_default =
no
ignore_null =
no
}
Module: Linked to module
rlm_files
Module: Instantiating
files
files
{
usersfile =
/etc/raddb/users
acctusersfile =
/etc/raddb/acct_users
preproxy_usersfile =
/etc/raddb/preproxy_users
compat =
no
}
Module: Checking session {...} for more modules to
load
Module: Linked to module
rlm_radutmp
Module: Instantiating
radutmp
radutmp
{
filename =
/var/log/radius/radutmp
username =
%{User-Name}
case_sensitive =
yes
check_with_nas =
yes
perm =
384
callerid =
yes
}
Module: Checking post-proxy {...} for more modules to
load
Module: Checking post-auth {...} for more modules to
load
Module: Linked to module
rlm_attr_filter
Module: Instantiating
attr_filter.access_reject
attr_filter attr_filter.access_reject
{
attrsfile =
/etc/raddb/attrs.access_reject
key =
%{User-Name}
}
}
}
modules
{
Module: Checking authenticate {...} for more modules to
load
Module: Checking authorize {...} for more modules to
load
Module: Linked to module
rlm_preprocess
Module: Instantiating
preprocess
preprocess
{
huntgroups =
/etc/raddb/huntgroups
hints =
/etc/raddb/hints
with_ascend_hack =
no
ascend_channels_per_line =
23
with_ntdomain_hack =
no
with_specialix_jetstream_hack =
no
with_cisco_vsa_hack =
no
with_alvarion_vsa_hack =
no
}
Module: Checking preacct {...} for more modules to
load
Module: Linked to module
rlm_acct_unique
Module: Instantiating acct_unique
acct_unique {
key = User-Name, Acct-Session-Id, NAS-IP-Address,
Client-IP-Address, NAS-Port
}
Module: Checking accounting {...} for more
Re: Authentication Failed
After i had restarted my XP
i get to see Windows was unable to log you on to palstaff.
palstaff is my sssid
Devinder
2010/1/20 Devinder Singh devinbhul...@gmail.com
When i click on my SSID i get authentication failed. The Proxim AP reports
Radius not connected and i dont get to see any reply on Radius Server
2010/1/20 Devinder Singh devinbhul...@gmail.com
##
#
# Create a new client certificate, signed by the the above server
# certificate.
#
##
client.csr client.key: client.cnf
openssl req -new -out client.csr -keyout client.key -config
./client.cnf
client.crt: client.csr ca.pem ca.key index.txt serial
openssl ca -batch -keyfile ca.key -cert ca.pem -in client.csr
-key $(PASSWORD_CA) -out client.crt -extensions xpclient_ext -extfile
xpextensions -config ./client.cnf
client.p12: client.crt
openssl pkcs12 -export -in client.crt -inkey client.key -out
client.p12 -passin pass:$(PASSWORD_CLIENT) -passout pass:$(PASSWORD_CLIENT)
client.pem: client.p12
openssl pkcs12 -in client.p12 -out client.pem -passin
pass:$(PASSWORD_CLIENT) -passout pass:$(PASSWORD_CLIENT)
cp client.pem $(USER_NAME).pem
.PHONY: server.vrfy
client.vrfy: ca.pem client.pem
c_rehash .
openssl verify -CApath . client.pem
2010/1/20 Devinder Singh devinbhul...@gmail.com
Hi Ivan,
I cant seem to authenticate my Windows XP client using EAP
authentication. I have folllowed the steps in /etc/raddb/certs
This is my radius start up
Module: Instantiating
eap-tls
tls
{
rsa_key_exchange =
no
dh_key_exchange =
yes
rsa_key_length =
512
dh_key_length =
512
verify_depth =
0
pem_file_type =
yes
private_key_file =
/etc/raddb/certs/server.pem
certificate_file =
/etc/raddb/certs/server.pem
CA_file =
/etc/raddb/certs/ca.pem
private_key_password =
myettelap
dh_file =
/etc/raddb/certs/dh
random_file =
/etc/raddb/certs/random
fragment_size =
1024
include_length =
yes
check_crl =
no
cipher_list =
DEFAULT
make_cert_command =
/etc/raddb/certs/bootstrap
cache
{
enable =
no
lifetime =
24
max_entries =
255
}
}
Module: Linked to sub-module
rlm_eap_ttls
Module: Instantiating
eap-ttls
ttls
{
default_eap_type =
md5
copy_request_to_tunnel =
no
use_tunneled_reply =
no
virtual_server =
inner-tunnel
}
Module: Linked to sub-module
rlm_eap_peap
Module: Instantiating
eap-peap
peap
{
default_eap_type =
mschapv2
copy_request_to_tunnel =
no
use_tunneled_reply =
no
proxy_tunneled_request_as_eap =
yes
virtual_server =
inner-tunnel
}
Module: Linked to sub-module
rlm_eap_mschapv2
Module: Instantiating
eap-mschapv2
mschapv2
{
with_ntdomain_hack =
no
}
Module: Checking authorize {...} for more modules to
load
Module: Linked to module
rlm_realm
Module: Instantiating
suffix
realm suffix
{
format =
suffix
delimiter =
@
ignore_default =
no
ignore_null =
no
}
Module: Linked to module
rlm_files
Module: Instantiating
files
files
{
usersfile =
/etc/raddb/users
acctusersfile =
/etc/raddb/acct_users
preproxy_usersfile =
/etc/raddb/preproxy_users
compat =
no
}
Module: Checking session {...} for more modules to
load
Module: Linked to module
rlm_radutmp
Module: Instantiating
radutmp
radutmp
{
filename =
/var/log/radius/radutmp
username =
%{User-Name}
case_sensitive =
yes
check_with_nas =
yes
perm =
384
callerid =
yes
}
Module: Checking post-proxy {...} for more modules to
load
Module: Checking post-auth {...} for more modules to
load
Module: Linked to module
rlm_attr_filter
Module: Instantiating
attr_filter.access_reject
attr_filter attr_filter.access_reject
{
attrsfile =
/etc/raddb/attrs.access_reject
key =
%{User-Name}
}
}
}
modules
{
Module: Checking authenticate {...} for more modules to
load
Module: Checking authorize {...} for more modules to
load
Module: Linked to module
rlm_preprocess
Module: Instantiating
preprocess
preprocess
{
huntgroups =
/etc/raddb/huntgroups
hints =
/etc/raddb/hints
with_ascend_hack =
no
ascend_channels_per_line =
23
with_ntdomain_hack =
no
with_specialix_jetstream_hack =
no
with_cisco_vsa_hack =
no
with_alvarion_vsa_hack =
no
}
Module: Checking preacct {...} for more modules to
load
Module: Linked to module
rlm_acct_unique
Module
Re: Authentication Failed
Hello
I have followed the procedures to create EAP certificates in etc/raddb/certs
but when i copy the ca.der and client.P12 my windows XP cannot seem to
authenticate to the radisu Server.
I can se a small baloon appearing on xp stating failed to authenticate on
palstaff.
My Proxim AP reports Radius Server Error but i have already set the Radius
Server IP address in the Proxim AP.
I have also updated my make file as below to allow XP clients to
authenticate
##
#
# Create a new client certificate, signed by the the above server
# certificate.
#
##
client.csr client.key: client.cnf
openssl req -new -out client.csr -keyout client.key -config
./client.cnf
client.crt: client.csr ca.pem ca.key index.txt serial
openssl ca -batch -keyfile ca.key -cert ca.pem -in client.csr -key
$(PASSWORD_CA) -out client.crt -extensions xpclient_ext -extfile
xpextensions -config ./client.cnf
client.p12: client.crt
openssl pkcs12 -export -in client.crt -inkey client.key -out
client.p12 -passin pass:$(PASSWORD_CLIENT) -passout pass:$(PASSWORD_CLIENT)
client.pem: client.p12
openssl pkcs12 -in client.p12 -out client.pem -passin
pass:$(PASSWORD_CLIENT) -passout pass:$(PASSWORD_CLIENT)
cp client.pem $(USER_NAME).pem
.PHONY: server.vrfy
client.vrfy: ca.pem client.pem
c_rehash .
openssl verify -CApath . client.pem
$ rm -f *.pem *.der *.csr *.crt *.key *.p12 serial* index.txt*
and redo the certificates.
Please need help on this
Regards
Devinder
2010/1/20 Devinder Singh devinbhul...@gmail.com
After i had restarted my XP
i get to see Windows was unable to log you on to palstaff.
palstaff is my sssid
Devinder
2010/1/20 Devinder Singh devinbhul...@gmail.com
When i click on my SSID i get authentication failed. The Proxim AP reports
Radius not connected and i dont get to see any reply on Radius Server
2010/1/20 Devinder Singh devinbhul...@gmail.com
##
#
# Create a new client certificate, signed by the the above server
# certificate.
#
##
client.csr client.key: client.cnf
openssl req -new -out client.csr -keyout client.key -config
./client.cnf
client.crt: client.csr ca.pem ca.key index.txt serial
openssl ca -batch -keyfile ca.key -cert ca.pem -in client.csr
-key $(PASSWORD_CA) -out client.crt -extensions xpclient_ext -extfile
xpextensions -config ./client.cnf
client.p12: client.crt
openssl pkcs12 -export -in client.crt -inkey client.key -out
client.p12 -passin pass:$(PASSWORD_CLIENT) -passout pass:$(PASSWORD_CLIENT)
client.pem: client.p12
openssl pkcs12 -in client.p12 -out client.pem -passin
pass:$(PASSWORD_CLIENT) -passout pass:$(PASSWORD_CLIENT)
cp client.pem $(USER_NAME).pem
.PHONY: server.vrfy
client.vrfy: ca.pem client.pem
c_rehash .
openssl verify -CApath . client.pem
2010/1/20 Devinder Singh devinbhul...@gmail.com
Hi Ivan,
I cant seem to authenticate my Windows XP client using EAP
authentication. I have folllowed the steps in /etc/raddb/certs
This is my radius start up
Module: Instantiating
eap-tls
tls
{
rsa_key_exchange =
no
dh_key_exchange =
yes
rsa_key_length =
512
dh_key_length =
512
verify_depth =
0
pem_file_type =
yes
private_key_file =
/etc/raddb/certs/server.pem
certificate_file =
/etc/raddb/certs/server.pem
CA_file =
/etc/raddb/certs/ca.pem
private_key_password =
myettelap
dh_file =
/etc/raddb/certs/dh
random_file =
/etc/raddb/certs/random
fragment_size =
1024
include_length =
yes
check_crl =
no
cipher_list =
DEFAULT
make_cert_command =
/etc/raddb/certs/bootstrap
cache
{
enable =
no
lifetime =
24
max_entries =
255
}
}
Module: Linked to sub-module
rlm_eap_ttls
Module: Instantiating
eap-ttls
ttls
{
default_eap_type =
md5
copy_request_to_tunnel =
no
use_tunneled_reply =
no
virtual_server =
inner-tunnel
}
Module: Linked to sub-module
rlm_eap_peap
Module: Instantiating
eap-peap
peap
{
default_eap_type =
mschapv2
copy_request_to_tunnel =
no
use_tunneled_reply =
no
proxy_tunneled_request_as_eap =
yes
virtual_server =
inner-tunnel
}
Module: Linked to sub-module
rlm_eap_mschapv2
Module: Instantiating
eap-mschapv2
mschapv2
{
with_ntdomain_hack =
no
}
Module: Checking authorize {...} for more modules to
load
Module: Linked to module
rlm_realm
Module: Instantiating
suffix
realm suffix
{
format
Re: Authentication Failed
Hi I had just checked my Proxim AP 700 and it seems to report that Radius Server not responding but i have already configured teh Radius Server Profiles and IP address in the AP What shoud i do Devinder 2010/1/20 Devinder Singh devinbhul...@gmail.com Hi Ivan, I created the certificates basd on the README file in etc/raddb and copied ca.der and client.p12 to Windows XP I also also made changed to the Makefile which runs on XP but when i connect to the SSID i get authentication failde and the radius does not seem to get any response from the Proxim AP. -- Devinder -- Devinder - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Decoupled accounting
Hi Ivan I had had followed the steps to create certitifactes for Win XP and configured the AP. Also copied the client.p12 and ca.der to XP machine When i double click on the SSID palstaff it shows the windows was unable to log you on to the palette network. Regards Devinder - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
WinXP 802.1x
2010/1/20 Devinder Singh devinbhul...@gmail.com Hi Ivan I had had followed the steps to create certitifactes for Win XP and configured the AP. Also copied the client.p12 and ca.der to XP machine When i double click on the SSID palstaff it shows the windows was unable to log you on to the palette network. Regards Devinder -- Devinder - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Authentication Failed
Hi Ivan, I created the certificates basd on the README file in etc/raddb and copied ca.der and client.p12 to Windows XP I also also made changed to the Makefile which runs on XP but when i connect to the SSID i get authentication failde and the radius does not seem to get any response from the Proxim AP. -- Devinder - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Authentication Failed
Hi Ivan,
I cant seem to authenticate my Windows XP client using EAP authentication. I
have folllowed the steps in /etc/raddb/certs
This is my radius start up
Module: Instantiating
eap-tls
tls
{
rsa_key_exchange =
no
dh_key_exchange =
yes
rsa_key_length =
512
dh_key_length =
512
verify_depth =
0
pem_file_type =
yes
private_key_file =
/etc/raddb/certs/server.pem
certificate_file =
/etc/raddb/certs/server.pem
CA_file =
/etc/raddb/certs/ca.pem
private_key_password =
myettelap
dh_file =
/etc/raddb/certs/dh
random_file =
/etc/raddb/certs/random
fragment_size =
1024
include_length =
yes
check_crl =
no
cipher_list =
DEFAULT
make_cert_command =
/etc/raddb/certs/bootstrap
cache
{
enable =
no
lifetime =
24
max_entries =
255
}
}
Module: Linked to sub-module
rlm_eap_ttls
Module: Instantiating
eap-ttls
ttls
{
default_eap_type =
md5
copy_request_to_tunnel =
no
use_tunneled_reply =
no
virtual_server =
inner-tunnel
}
Module: Linked to sub-module
rlm_eap_peap
Module: Instantiating
eap-peap
peap
{
default_eap_type =
mschapv2
copy_request_to_tunnel =
no
use_tunneled_reply =
no
proxy_tunneled_request_as_eap =
yes
virtual_server =
inner-tunnel
}
Module: Linked to sub-module
rlm_eap_mschapv2
Module: Instantiating
eap-mschapv2
mschapv2
{
with_ntdomain_hack =
no
}
Module: Checking authorize {...} for more modules to
load
Module: Linked to module
rlm_realm
Module: Instantiating
suffix
realm suffix
{
format =
suffix
delimiter =
@
ignore_default =
no
ignore_null =
no
}
Module: Linked to module
rlm_files
Module: Instantiating
files
files
{
usersfile =
/etc/raddb/users
acctusersfile =
/etc/raddb/acct_users
preproxy_usersfile =
/etc/raddb/preproxy_users
compat =
no
}
Module: Checking session {...} for more modules to
load
Module: Linked to module
rlm_radutmp
Module: Instantiating
radutmp
radutmp
{
filename =
/var/log/radius/radutmp
username =
%{User-Name}
case_sensitive =
yes
check_with_nas =
yes
perm =
384
callerid =
yes
}
Module: Checking post-proxy {...} for more modules to
load
Module: Checking post-auth {...} for more modules to
load
Module: Linked to module
rlm_attr_filter
Module: Instantiating
attr_filter.access_reject
attr_filter attr_filter.access_reject
{
attrsfile =
/etc/raddb/attrs.access_reject
key =
%{User-Name}
}
}
}
modules
{
Module: Checking authenticate {...} for more modules to
load
Module: Checking authorize {...} for more modules to
load
Module: Linked to module
rlm_preprocess
Module: Instantiating
preprocess
preprocess
{
huntgroups =
/etc/raddb/huntgroups
hints =
/etc/raddb/hints
with_ascend_hack =
no
ascend_channels_per_line =
23
with_ntdomain_hack =
no
with_specialix_jetstream_hack =
no
with_cisco_vsa_hack =
no
with_alvarion_vsa_hack =
no
}
Module: Checking preacct {...} for more modules to
load
Module: Linked to module
rlm_acct_unique
Module: Instantiating acct_unique
acct_unique {
key = User-Name, Acct-Session-Id, NAS-IP-Address,
Client-IP-Address, NAS-Port
}
Module: Checking accounting {...} for more modules to load
Module: Linked to module rlm_detail
Module: Instantiating detail
detail {
detailfile =
/var/log/radius/radacct/%{Client-IP-Address}/detail-%Y%m%d
header = %t
detailperm = 384
dirperm = 493
locking = no
log_packet_header = no
}
Module: Instantiating attr_filter.accounting_response
attr_filter attr_filter.accounting_response {
attrsfile = /etc/raddb/attrs.accounting_response
key = %{User-Name}
}
Module: Checking session {...} for more modules to load
Module: Checking post-proxy {...} for more modules to load
Module: Checking post-auth {...} for more modules to load
}
radiusd: Opening IP addresses and Ports
listen {
type = auth
ipaddr = *
port = 0
}
listen {
type = acct
ipaddr = *
port = 0
}
Listening on authentication address * port 1812
Listening on accounting address * port 1813
Listening on proxy address * port 1814
Ready to process requests.
^[[6~^[[6~
2010/1/20 Devinder Singh devinbhul...@gmail.com
Hi Ivan,
I created the certificates basd on the README file in etc/raddb and copied
ca.der and client.p12 to Windows XP
I also also made changed to the Makefile which runs on XP but when i
connect to the SSID i get authentication failde and the radius does not seem
to get any response from the Proxim AP.
--
Devinder
--
Devinder
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
802.1x EAP
Hi Ivan I managed to install the certificates on XP machine and works filn. I had configured my AP IP addresss in radius Server and shared secret key.yesterday i can get an Ip address when i click on the SSID today i get limited network connectivity. I hse VLAN 3 on the SSID. It was working well yesterday morning. Please could you let me know if i need to configure anything on my AP. Thanks My radius and AP are on the same subnet 203.121.4.x -- Devinder - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: How to control users traffic ?
Hi Have you tried using WISPr attributes to control bandwidth. These are set in the Radius database server. 2009/8/18 Andrew Paternoster and...@gpk.net.au: Does anyone have any Example policies that they can share. I'm trying to work out how to send attributes to my cisco NAS when the suers reach their traffic limit. I have looked around and cannot find how to make these policies mentioned below. Can any one point me in the right direction? Thanks -- Andrew Paternoster GPK Computers Pty Ltd T 1300 854 223 F 1300 854 228 --- The information contained in or accompanying this e-mail is intended only for the use of the stated recipient and may contain information that is confidential and/or privileged. If the reader is not the intended recipient or the agent thereof, you are hereby notified that any dissemination, distribution or copying of this e-mail is strictly prohibited and may constitute a breach of confidence and/or privilege. If you have received this e-mail in error, please notify us immediately. Any views or opinions presented are those solely of the author and do not necessarily represent those of GPK Computers Pty Ltd.. Warning: Although the company has taken reasonable precautions to ensure no viruses are present in this e-mail, the company cannot accept responsibility for any loss or damage arising from the use of this e-mail or attachments --- Senior System Engineer-Original Message- From: freeradius-users-bounces+andrew=gpk.net...@lists.freeradius.org [mailto:freeradius-users-bounces+andrew=gpk.net...@lists.freeradius.org] On Behalf Of Ivan Kalik Sent: Tuesday, 7 July 2009 7:12 PM To: FreeRadius users mailing list Subject: Re: How to control users traffic ? Which is conventional way for checking online users traffic volume and disconnecting who reach to the limit of every user in freeradius: There are no standard radius attributes for this. Your NAS might have vendor specific attributes that can be used for data (sql)counters but many don't. 1- using acct-interim packets to update output or input octets in sql and if user reach to the max of its accounting permission disconnect him/her.(Is there any patch to do this ?) Again, this will depend on NAS supporting PoD or CoA. You can make a policy that sends instructions to NAS to disconnect the user if he goes over the limit on update packet. If it doesn't, you should still be able to disconnect the user using SNMP. 2- freeradius sends Session-Octets-Limit to the NAS and NAS can does this? If it has such VSA. You can then use standard (sql)counter. Ivan Kalik Kalik Informatika ISP - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- Devinder - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
WPA Authentication
Hi
I have followed the instructions in /etc/raddb/certs to generate root
server and client certificates .
i copied root.der and client.p12 to XP machine and managed to install
without any problems on XP
i had configured Proxim AP 700 with WPA authentication
When i click on SSID palstaff i get a pop up to select the client
devin...@palettemm.com
When i ran radisud -X i get some strange error in SSL
Need you assistance on this.
files] users: Matched entry devin...@palettemm.com at line 94
++[files] returns ok
++[expiration] returns noop
++[logintime] returns noop
++[pap] returns noop
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/tls
[eap] processing type tls
[tls] Authenticate
[tls] processing EAP-TLS
[tls] eaptls_verify returned 7
[tls] Done initial handshake
[tls] TLS 1.0 Handshake [length 03b2], Certificate
-- verify error:num=20:unable to get local issuer certificate
[tls] TLS 1.0 Alert [length 0002], fatal unknown_ca
TLS Alert write:fatal:unknown CA
TLS_accept:error in SSLv3 read client certificate B
rlm_eap: SSL error error:140890B2:SSL
routines:SSL3_GET_CLIENT_CERTIFICATE:no certificate returned
SSL: SSL_read failed in a system call (-1), TLS session fails.
TLS receive handshake failed during operation
[tls] eaptls_process returned 4
[eap] Handler failed in EAP/tls
[eap] Failed in EAP select
++[eap] returns invalid
Failed to authenticate the user.
Using Post-Auth-Type Reject
+- entering group REJECT {...}
[attr_filter.access_reject] expand: %{User-Name} - devin...@palettemm.com
attr_filter: Matched entry DEFAULT at line 11
++[attr_filter.access_reject] returns updated
Delaying reject of request 6 for 1 seconds
Going to the next request
Waking up in 0.9 seconds.
Sending delayed reject for request 6
Sending Access-Reject of id 126 to 203.121.4.59 port 6001
EAP-Message = 0x04070004
Message-Authenticator = 0x
Waking up in 3.8 seconds.
Cleaning up request 0 ID 120 with timestamp +781
Cleaning up request 1 ID 121 with timestamp +781
Cleaning up request 2 ID 122 with timestamp +781
Cleaning up request 3 ID 123 with timestamp +781
Cleaning up request 4 ID 124 with timestamp +781
Cleaning up request 5 ID 125 with timestamp +781
Waking up in 1.0 seconds.
Cleaning up request 6 ID 126 with timestamp +781
Ready to process requests.
Devinder
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Decoupled accounting
HI Ivan
Thanks. Yes i have double click on the ca.der file and client.p12 both
were installed successfuly.
I also manaed to set up my SSID palstaff and when i click on the SSID
i see a pop up windows on my wireles LAN asking for my username on
certificate and i selected
devin...@palettemm.com from the combo drop down list and click OK
when i click OK radius reports the following error
TLS Alert write:fatal:unknown CA
TLS_accept:error in SSLv3 read client certificate B
rlm_eap: SSL error error:140890B2:SSL
routines:SSL3_GET_CLIENT_CERTIFICATE:no certificate returned
SSL: SSL_read failed in a system call (-1), TLS session fails.
TLS receive handshake failed during operation
[tls] eaptls_process returned 4
[eap] Handler failed in EAP/tls
[eap] Failed in EAP select
++[eap] returns invalid
Failed to authenticate the user.
Using Post-Auth-Type Reject
+- entering group REJECT {...}
[attr_filter.access_reject] expand: %{User-Name} - devin...@palettemm.com
attr_filter: Matched entry DEFAULT at line 11
++[attr_filter.access_reject] returns updated
Delaying reject of request 6 for 1 seconds
Going to the next request
Waking up in 0.9 seconds.
Sending delayed reject for request 6
Sending Access-Reject of id 133 to 203.121.4.59 port 6001
EAP-Message = 0x040a0004
Message-Authenticator = 0x
Waking up in 3.6 seconds.
Cleaning up request 0 ID 127 with timestamp +18
Cleaning up request 1 ID 128 with timestamp +18
Cleaning up request 2 ID 129 with timestamp +18
Cleaning up request 3 ID 130 with timestamp +18
Cleaning up request 4 ID 131 with timestamp +18
Waking up in 0.2 seconds.
Cleaning up request 5 ID 132 with timestamp +18
Waking up in 1.0 seconds.
Cleaning up request 6 ID 133 with timestamp +19
Ready to process requests.
2009/8/4 Ivan Kalik t...@kalik.net:
I mnaged to follow the steps in /etc/raddb/certs/README
and copied ca.der and client.p12 to XP machine
It looks like you have copied them but not installed them in the
certificate store. Double-click the certificates and install them first.
Ivan Kalik
Kalik Informatika ISP
--
Devinder
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Decoupled accounting
Ok i took your advise and yes its a diffeenrent error now
Listening on authentication address * port 1812
Listening on accounting address * port 1813
Listening on proxy address * port 1814
Ready to process requests.
rad_recv: Access-Request packet from host 203.121.4.59 port 6001,
id=134, length=181
User-Name = devin...@palettemm.com
NAS-IP-Address = 203.121.4.59
Called-Station-Id = 00-20-a6-6c-49-9d:palstaff
Calling-Station-Id = 00-04-23-7b-56-b9
NAS-Identifier = ORiNOCO-AP-700-6c-49-9d
Framed-MTU = 1400
NAS-Port-Type = Wireless-802.11
EAP-Message =
0x0203001b01646576696e6465724070616c657474656d6d2e636f6d
Message-Authenticator = 0xb7f29ed2232abda7b5b24bb131883617
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
[suffix] Looking up realm palettemm.com for User-Name =
devin...@palettemm.com
[suffix] No such realm palettemm.com
++[suffix] returns noop
[eap] EAP packet type response id 3 length 27
[eap] No EAP Start, assuming it's an on-going EAP conversation
++[eap] returns updated
++[unix] returns notfound
[files] users: Matched entry devin...@palettemm.com at line 94
++[files] returns ok
++[expiration] returns noop
++[logintime] returns noop
[pap] WARNING! No known good password found for the user.
Authentication may fail because of this.
++[pap] returns noop
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] EAP Identity
[eap] processing type md5
rlm_eap_md5: Issuing Challenge
++[eap] returns handled
Sending Access-Challenge of id 134 to 203.121.4.59 port 6001
EAP-Message = 0x010400160410edd3007f1e599b71120693ed62eaee7c
Message-Authenticator = 0x
State = 0x17b5db9117b1dfd16583cca5ed9db022
Finished request 0.
Going to the next request
Waking up in 4.9 seconds.
Cleaning up request 0 ID 134 with timestamp +1
Ready to process requests.
2009/8/4 Devinder Singh devinbhul...@gmail.com:
HI Ivan
Thanks. Yes i have double click on the ca.der file and client.p12 both
were installed successfuly.
I also manaed to set up my SSID palstaff and when i click on the SSID
i see a pop up windows on my wireles LAN asking for my username on
certificate and i selected
devin...@palettemm.com from the combo drop down list and click OK
when i click OK radius reports the following error
TLS Alert write:fatal:unknown CA
TLS_accept:error in SSLv3 read client certificate B
rlm_eap: SSL error error:140890B2:SSL
routines:SSL3_GET_CLIENT_CERTIFICATE:no certificate returned
SSL: SSL_read failed in a system call (-1), TLS session fails.
TLS receive handshake failed during operation
[tls] eaptls_process returned 4
[eap] Handler failed in EAP/tls
[eap] Failed in EAP select
++[eap] returns invalid
Failed to authenticate the user.
Using Post-Auth-Type Reject
+- entering group REJECT {...}
[attr_filter.access_reject] expand: %{User-Name} - devin...@palettemm.com
attr_filter: Matched entry DEFAULT at line 11
++[attr_filter.access_reject] returns updated
Delaying reject of request 6 for 1 seconds
Going to the next request
Waking up in 0.9 seconds.
Sending delayed reject for request 6
Sending Access-Reject of id 133 to 203.121.4.59 port 6001
EAP-Message = 0x040a0004
Message-Authenticator = 0x
Waking up in 3.6 seconds.
Cleaning up request 0 ID 127 with timestamp +18
Cleaning up request 1 ID 128 with timestamp +18
Cleaning up request 2 ID 129 with timestamp +18
Cleaning up request 3 ID 130 with timestamp +18
Cleaning up request 4 ID 131 with timestamp +18
Waking up in 0.2 seconds.
Cleaning up request 5 ID 132 with timestamp +18
Waking up in 1.0 seconds.
Cleaning up request 6 ID 133 with timestamp +19
Ready to process requests.
2009/8/4 Ivan Kalik t...@kalik.net:
I mnaged to follow the steps in /etc/raddb/certs/README
and copied ca.der and client.p12 to XP machine
It looks like you have copied them but not installed them in the
certificate store. Double-click the certificates and install them first.
Ivan Kalik
Kalik Informatika ISP
--
Devinder
--
Devinder
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Decoupled accounting
Hi Ivan
I still get the same error now
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/tls
[eap] processing type tls
[tls] Authenticate
[tls] processing EAP-TLS
[tls] eaptls_verify returned 7
[tls] Done initial handshake
[tls] TLS 1.0 Handshake [length 03b2], Certificate
-- verify error:num=20:unable to get local issuer certificate
[tls] TLS 1.0 Alert [length 0002], fatal unknown_ca
TLS Alert write:fatal:unknown CA
TLS_accept:error in SSLv3 read client certificate B
rlm_eap: SSL error error:140890B2:SSL
routines:SSL3_GET_CLIENT_CERTIFICATE:no certificate returned
SSL: SSL_read failed in a system call (-1), TLS session fails.
TLS receive handshake failed during operation
[tls] eaptls_process returned 4
[eap] Handler failed in EAP/tls
[eap] Failed in EAP select
++[eap] returns invalid
Failed to authenticate the user.
Using Post-Auth-Type Reject
+- entering group REJECT {...}
[attr_filter.access_reject] expand: %{User-Name} - devin...@palettemm.com
attr_filter: Matched entry DEFAULT at line 11
++[attr_filter.access_reject] returns updated
Delaying reject of request 7 for 1 seconds
Going to the next request
Waking up in 0.9 seconds.
Sending delayed reject for request 7
Sending Access-Reject of id 141 to 203.121.4.59 port 6001
EAP-Message = 0x04070004
Message-Authenticator = 0x
Waking up in 3.8 seconds.
Cleaning up request 1 ID 135 with timestamp +120
Cleaning up request 2 ID 136 with timestamp +120
Cleaning up request 3 ID 137 with timestamp +120
Cleaning up request 4 ID 138 with timestamp +120
Cleaning up request 5 ID 139 with timestamp +120
Cleaning up request 6 ID 140 with timestamp +120
Waking up in 1.0 seconds.
Cleaning up request 7 ID 141 with timestamp +120
Ready to process requests.
2009/8/4 Devinder Singh devinbhul...@gmail.com:
Ok i took your advise and yes its a diffeenrent error now
Listening on authentication address * port 1812
Listening on accounting address * port 1813
Listening on proxy address * port 1814
Ready to process requests.
rad_recv: Access-Request packet from host 203.121.4.59 port 6001,
id=134, length=181
User-Name = devin...@palettemm.com
NAS-IP-Address = 203.121.4.59
Called-Station-Id = 00-20-a6-6c-49-9d:palstaff
Calling-Station-Id = 00-04-23-7b-56-b9
NAS-Identifier = ORiNOCO-AP-700-6c-49-9d
Framed-MTU = 1400
NAS-Port-Type = Wireless-802.11
EAP-Message =
0x0203001b01646576696e6465724070616c657474656d6d2e636f6d
Message-Authenticator = 0xb7f29ed2232abda7b5b24bb131883617
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
[suffix] Looking up realm palettemm.com for User-Name =
devin...@palettemm.com
[suffix] No such realm palettemm.com
++[suffix] returns noop
[eap] EAP packet type response id 3 length 27
[eap] No EAP Start, assuming it's an on-going EAP conversation
++[eap] returns updated
++[unix] returns notfound
[files] users: Matched entry devin...@palettemm.com at line 94
++[files] returns ok
++[expiration] returns noop
++[logintime] returns noop
[pap] WARNING! No known good password found for the user.
Authentication may fail because of this.
++[pap] returns noop
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] EAP Identity
[eap] processing type md5
rlm_eap_md5: Issuing Challenge
++[eap] returns handled
Sending Access-Challenge of id 134 to 203.121.4.59 port 6001
EAP-Message = 0x010400160410edd3007f1e599b71120693ed62eaee7c
Message-Authenticator = 0x
State = 0x17b5db9117b1dfd16583cca5ed9db022
Finished request 0.
Going to the next request
Waking up in 4.9 seconds.
Cleaning up request 0 ID 134 with timestamp +1
Ready to process requests.
2009/8/4 Devinder Singh devinbhul...@gmail.com:
HI Ivan
Thanks. Yes i have double click on the ca.der file and client.p12 both
were installed successfuly.
I also manaed to set up my SSID palstaff and when i click on the SSID
i see a pop up windows on my wireles LAN asking for my username on
certificate and i selected
devin...@palettemm.com from the combo drop down list and click OK
when i click OK radius reports the following error
TLS Alert write:fatal:unknown CA
TLS_accept:error in SSLv3 read client certificate B
rlm_eap: SSL error error:140890B2:SSL
routines:SSL3_GET_CLIENT_CERTIFICATE:no certificate returned
SSL: SSL_read failed in a system call (-1), TLS session fails.
TLS receive handshake failed during operation
[tls] eaptls_process returned 4
[eap] Handler failed in EAP/tls
[eap] Failed in EAP select
++[eap] returns invalid
Failed to authenticate the user.
Using Post-Auth-Type Reject
+- entering group REJECT {...}
[attr_filter.access_reject] expand: %{User-Name} -
devin...@palettemm.com
attr_filter: Matched entry DEFAULT at line 11
Re: Decoupled accounting
Hi Ivan,
ok could you let me know what do i need to alter in the Make File.
Just wanted to make sure i dont do something wrong here
What are the steps that i need to take to do this.
I can see a Makefile in /etc/raddb/certs
Thanks
Devinder
2009/8/4 Ivan Kalik t...@kalik.net:
OK, I think this is the issue where Windows refuses to accept server
certificate as the intermediate CA. You should alter Makefile in certs to
sign client certificates with CA and not server certificate.
Ivan Kalik
Kalik Informatika ISP
Hi Ivan
I still get the same error now
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/tls
[eap] processing type tls
[tls] Authenticate
[tls] processing EAP-TLS
[tls] eaptls_verify returned 7
[tls] Done initial handshake
[tls] TLS 1.0 Handshake [length 03b2], Certificate
-- verify error:num=20:unable to get local issuer certificate
[tls] TLS 1.0 Alert [length 0002], fatal unknown_ca
TLS Alert write:fatal:unknown CA
TLS_accept:error in SSLv3 read client certificate B
rlm_eap: SSL error error:140890B2:SSL
routines:SSL3_GET_CLIENT_CERTIFICATE:no certificate returned
SSL: SSL_read failed in a system call (-1), TLS session fails.
TLS receive handshake failed during operation
[tls] eaptls_process returned 4
[eap] Handler failed in EAP/tls
[eap] Failed in EAP select
++[eap] returns invalid
Failed to authenticate the user.
Using Post-Auth-Type Reject
+- entering group REJECT {...}
[attr_filter.access_reject] expand: %{User-Name} -
devin...@palettemm.com
attr_filter: Matched entry DEFAULT at line 11
++[attr_filter.access_reject] returns updated
Delaying reject of request 7 for 1 seconds
Going to the next request
Waking up in 0.9 seconds.
Sending delayed reject for request 7
Sending Access-Reject of id 141 to 203.121.4.59 port 6001
EAP-Message = 0x04070004
Message-Authenticator = 0x
Waking up in 3.8 seconds.
Cleaning up request 1 ID 135 with timestamp +120
Cleaning up request 2 ID 136 with timestamp +120
Cleaning up request 3 ID 137 with timestamp +120
Cleaning up request 4 ID 138 with timestamp +120
Cleaning up request 5 ID 139 with timestamp +120
Cleaning up request 6 ID 140 with timestamp +120
Waking up in 1.0 seconds.
Cleaning up request 7 ID 141 with timestamp +120
Ready to process requests.
2009/8/4 Devinder Singh devinbhul...@gmail.com:
Ok i took your advise and yes its a diffeenrent error now
Listening on authentication address * port 1812
Listening on accounting address * port 1813
Listening on proxy address * port 1814
Ready to process requests.
rad_recv: Access-Request packet from host 203.121.4.59 port 6001,
id=134, length=181
User-Name = devin...@palettemm.com
NAS-IP-Address = 203.121.4.59
Called-Station-Id = 00-20-a6-6c-49-9d:palstaff
Calling-Station-Id = 00-04-23-7b-56-b9
NAS-Identifier = ORiNOCO-AP-700-6c-49-9d
Framed-MTU = 1400
NAS-Port-Type = Wireless-802.11
EAP-Message =
0x0203001b01646576696e6465724070616c657474656d6d2e636f6d
Message-Authenticator = 0xb7f29ed2232abda7b5b24bb131883617
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
[suffix] Looking up realm palettemm.com for User-Name =
devin...@palettemm.com
[suffix] No such realm palettemm.com
++[suffix] returns noop
[eap] EAP packet type response id 3 length 27
[eap] No EAP Start, assuming it's an on-going EAP conversation
++[eap] returns updated
++[unix] returns notfound
[files] users: Matched entry devin...@palettemm.com at line 94
++[files] returns ok
++[expiration] returns noop
++[logintime] returns noop
[pap] WARNING! No known good password found for the user.
Authentication may fail because of this.
++[pap] returns noop
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] EAP Identity
[eap] processing type md5
rlm_eap_md5: Issuing Challenge
++[eap] returns handled
Sending Access-Challenge of id 134 to 203.121.4.59 port 6001
EAP-Message = 0x010400160410edd3007f1e599b71120693ed62eaee7c
Message-Authenticator = 0x
State = 0x17b5db9117b1dfd16583cca5ed9db022
Finished request 0.
Going to the next request
Waking up in 4.9 seconds.
Cleaning up request 0 ID 134 with timestamp +1
Ready to process requests.
2009/8/4 Devinder Singh devinbhul...@gmail.com:
HI Ivan
Thanks. Yes i have double click on the ca.der file and client.p12 both
were installed successfuly.
I also manaed to set up my SSID palstaff and when i click on the SSID
i see a pop up windows on my wireles LAN asking for my username on
certificate and i selected
devin...@palettemm.com from the combo drop down list and click OK
when i click OK radius reports the following error
TLS Alert write:fatal:unknown CA
TLS_accept:error in SSLv3
Re: Decoupled accounting
Ok once i have made the changes shoud i repeat the steps in the /etc/raddb/README to generate the certs , server and client once again? 2009/8/4 Ivan Kalik t...@kalik.net: ok could you let me know what do i need to alter in the Make File. Just wanted to make sure i dont do something wrong here What are the steps that i need to take to do this. I can see a Makefile in /etc/raddb/certs I don't know much about makefiles. I have altered one using hit and miss method. Alter the client section like this: client.csr client.key: client.cnf openssl req -new -out client.csr -keyout client.key -config ./client.cnf client.crt: client.csr ca.pem ca.key index.txt serial openssl ca -batch -keyfile ca.key -cert ca.pem -in client.csr -key $(PASSWORD_CA) -out client.crt -extensions xpclient_ext -extfile xpextensions -config ./client.cnf client.p12: client.crt openssl pkcs12 -export -in client.crt -inkey client.key -out client.p12 -passin pass:$(PASSWORD_CLIENT) -passout pass:$(PASSWORD_CLIENT) client.pem: client.p12 openssl pkcs12 -in client.p12 -out client.pem -passin pass:$(PASSWORD_CLIENT) -passout pass:$(PASSWORD_CLIENT) cp client.pem $(USER_NAME).pem .PHONY: server.vrfy client.vrfy: ca.pem client.pem c_rehash . openssl verify -CApath . client.pem Ivan Kalik Kalik Informatika ISP -- Devinder - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: WPA
Hi Ivan These are the changes made to Makefile client.csr client.key: client.cnf openssl req -new -out client.csr -keyout client.key -config ./client.cnf client.crt: client.csr ca.pem ca.key index.txt serial openssl ca -batch -keyfile ca.key -cert ca.pem -in client.csr -key $(PASSWORD_CA) -out client.crt -extensions xpclient_ext -extfile xpextensions -config ./client.cnf client.p12: client.crt openssl pkcs12 -export -in client.crt -inkey client.key -out client.p12 -passin pass:$(PASSWORD_CLIENT) -passout pass:$(PASSWORD_CLIENT) client.pem: client.p12 openssl pkcs12 -in client.p12 -out client.pem -passin pass:$(PASSWORD_CLIENT) -passout pass:$(PASSWORD_CLIENT) cp client.pem $(USER_NAME).pem .PHONY: server.vrfy client.vrfy: ca.pem client.pem c_rehash . openssl verify -CApath . client.pem Ok iam about to re do the certiicates do i need to delete any files from /certs directory? 2009/8/4 Devinder Singh devinbhul...@gmail.com: Ok 2009/8/4 Ivan Kalik t...@kalik.net: Ok once i have made the changes shoud i repeat the steps in the /etc/raddb/README to generate the certs , server and client once again? Yes, make certificates again. Ivan Kalik Kalik Informatika ISP -- Devinder -- Devinder - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Decoupled accounting
Hi Ivan Before i generate the certificates do i need to delete any files from /etc/raddb/certs folder Devinder 2009/8/4 Ivan Kalik t...@kalik.net: Ok once i have made the changes shoud i repeat the steps in the /etc/raddb/README to generate the certs , server and client once again? Yes, make certificates again. Ivan Kalik Kalik Informatika ISP -- Devinder - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Decoupled accounting
Hi Ivan.
Ok i have reformetated my machine and installed Radius 2.1.1 from Yast
Open Suse 11.
I followed the instructions in /etc/raddb/certs/README
Module: Linked to sub-module rlm_eap_tls
Module: Instantiating eap-tls
tls {
rsa_key_exchange = no
dh_key_exchange = yes
rsa_key_length = 512
dh_key_length = 512
verify_depth = 0
pem_file_type = yes
private_key_file = /etc/raddb/certs/server.pem
certificate_file = /etc/raddb/certs/server.pem
CA_file = /etc/raddb/certs/ca.pem
private_key_password = whatever
dh_file = /etc/raddb/certs/dh
random_file = /etc/raddb/certs/random
fragment_size = 1024
include_length = yes
check_crl = no
cipher_list = DEFAULT
make_cert_command = /etc/raddb/certs/bootstrap
cache {
enable = no
lifetime = 24
max_entries = 255
}
}
rlm_eap: SSL error error:0200100D:system library:fopen:Permission
denied
rlm_eap_tls: Error reading certificate file
/etc/raddb/certs/server.pem
rlm_eap: Failed to initialize type tls
/etc/raddb/eap.conf[17]: Instantiation failed for module eap
/etc/raddb/sites-enabled/inner-tunnel[223]: Failed to find module
eap.
/etc/raddb/sites-enabled/inner-tunnel[176]: Errors parsing
authenticate section.
}
}
Errors initializing modules
2009/8/1 Ivan Kalik t...@kalik.net:
I refeer only to version 1.0.4 for the serial file as its not there in
/etc/raddb/certs/demoCA so i get the serial file from version 1.0.4
But i still get the errror message Bad Encrypt.
What shoud i do next.
How about following the instructions in raddb/certs/README file?
Ivan Kalik
Kalik Informatika ISP
--
Devinder
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Decoupled accounting
Hi Ivan,
these are the files in the /cert directory after i had ran the
instruction in RREADME
Could you let me know how to fix the errors
Thanks
linux-h9qt:/etc/raddb/certs # ls
01.pem ca.cnf client.cnf client.p12 index.txt
Makefile serial.old server.key
02.pem ca.der client.crt client.pem
index.txt.attr randomserver.cnf server.p12
03.pem ca.key client.csr devin...@palettemm.com.pem
index.txt.attr.old READMEserver.crt server.pem
bootstrap ca.pem client.key dh
index.txt.old serialserver.csr xpextensions
2009/8/3 Devinder Singh devinbhul...@gmail.com:
Hi Ivan.
Ok i have reformetated my machine and installed Radius 2.1.1 from Yast
Open Suse 11.
I followed the instructions in /etc/raddb/certs/README
Module: Linked to sub-module rlm_eap_tls
Module: Instantiating eap-tls
tls {
rsa_key_exchange = no
dh_key_exchange = yes
rsa_key_length = 512
dh_key_length = 512
verify_depth = 0
pem_file_type = yes
private_key_file = /etc/raddb/certs/server.pem
certificate_file = /etc/raddb/certs/server.pem
CA_file = /etc/raddb/certs/ca.pem
private_key_password = whatever
dh_file = /etc/raddb/certs/dh
random_file = /etc/raddb/certs/random
fragment_size = 1024
include_length = yes
check_crl = no
cipher_list = DEFAULT
make_cert_command = /etc/raddb/certs/bootstrap
cache {
enable = no
lifetime = 24
max_entries = 255
}
}
rlm_eap: SSL error error:0200100D:system library:fopen:Permission
denied
rlm_eap_tls: Error reading certificate file
/etc/raddb/certs/server.pem
rlm_eap: Failed to initialize type tls
/etc/raddb/eap.conf[17]: Instantiation failed for module eap
/etc/raddb/sites-enabled/inner-tunnel[223]: Failed to find module
eap.
/etc/raddb/sites-enabled/inner-tunnel[176]: Errors parsing
authenticate section.
}
}
Errors initializing modules
2009/8/1 Ivan Kalik t...@kalik.net:
I refeer only to version 1.0.4 for the serial file as its not there in
/etc/raddb/certs/demoCA so i get the serial file from version 1.0.4
But i still get the errror message Bad Encrypt.
What shoud i do next.
How about following the instructions in raddb/certs/README file?
Ivan Kalik
Kalik Informatika ISP
--
Devinder
--
Devinder
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Decoupled accounting
Hi Ivan
I did this
chown root:radiusd /etc/raddb/certs/server.pem
chown root:radiusd /etc/raddb/certs/ca.pem
and then i got the error
Module: Instantiating eap-tls
tls {
rsa_key_exchange = no
dh_key_exchange = yes
rsa_key_length = 512
dh_key_length = 512
verify_depth = 0
pem_file_type = yes
private_key_file = /etc/raddb/certs/server.pem
certificate_file = /etc/raddb/certs/server.pem
CA_file = /etc/raddb/certs/ca.pem
private_key_password = whatever
dh_file = /etc/raddb/certs/dh
random_file = /etc/raddb/certs/random
fragment_size = 1024
include_length = yes
check_crl = no
cipher_list = DEFAULT
make_cert_command = /etc/raddb/certs/bootstrap
cache {
enable = no
lifetime = 24
max_entries = 255
}
}
rlm_eap: SSL error error:06065064:digital envelope
routines:EVP_DecryptFinal_ex:bad decrypt
rlm_eap_tls: Error reading private key file /etc/raddb/certs/server.pem
rlm_eap: Failed to initialize type tls
/etc/raddb/eap.conf[17]: Instantiation failed for module eap
/etc/raddb/sites-enabled/inner-tunnel[223]: Failed to find module eap.
/etc/raddb/sites-enabled/inner-tunnel[176]: Errors parsing authenticate section.
}
}
Errors initializing modules
2009/8/3 Devinder Singh devinbhul...@gmail.com:
Hi Ivan,
these are the files in the /cert directory after i had ran the
instruction in RREADME
Could you let me know how to fix the errors
Thanks
linux-h9qt:/etc/raddb/certs # ls
01.pem ca.cnf client.cnf client.p12 index.txt
Makefile serial.old server.key
02.pem ca.der client.crt client.pem
index.txt.attr random server.cnf server.p12
03.pem ca.key client.csr devin...@palettemm.com.pem
index.txt.attr.old README server.crt server.pem
bootstrap ca.pem client.key dh
index.txt.old serial server.csr xpextensions
2009/8/3 Devinder Singh devinbhul...@gmail.com:
Hi Ivan.
Ok i have reformetated my machine and installed Radius 2.1.1 from Yast
Open Suse 11.
I followed the instructions in /etc/raddb/certs/README
Module: Linked to sub-module rlm_eap_tls
Module: Instantiating eap-tls
tls {
rsa_key_exchange = no
dh_key_exchange = yes
rsa_key_length = 512
dh_key_length = 512
verify_depth = 0
pem_file_type = yes
private_key_file = /etc/raddb/certs/server.pem
certificate_file = /etc/raddb/certs/server.pem
CA_file = /etc/raddb/certs/ca.pem
private_key_password = whatever
dh_file = /etc/raddb/certs/dh
random_file = /etc/raddb/certs/random
fragment_size = 1024
include_length = yes
check_crl = no
cipher_list = DEFAULT
make_cert_command = /etc/raddb/certs/bootstrap
cache {
enable = no
lifetime = 24
max_entries = 255
}
}
rlm_eap: SSL error error:0200100D:system library:fopen:Permission
denied
rlm_eap_tls: Error reading certificate file
/etc/raddb/certs/server.pem
rlm_eap: Failed to initialize type tls
/etc/raddb/eap.conf[17]: Instantiation failed for module eap
/etc/raddb/sites-enabled/inner-tunnel[223]: Failed to find module
eap.
/etc/raddb/sites-enabled/inner-tunnel[176]: Errors parsing
authenticate section.
}
}
Errors initializing modules
2009/8/1 Ivan Kalik t...@kalik.net:
I refeer only to version 1.0.4 for the serial file as its not there in
/etc/raddb/certs/demoCA so i get the serial file from version 1.0.4
But i still get the errror message Bad Encrypt.
What shoud i do next.
How about following the instructions in raddb/certs/README file?
Ivan Kalik
Kalik Informatika ISP
--
Devinder
--
Devinder
--
Devinder
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Decoupled accounting
ok i set the password to devin123
Module: Instantiating eap-tls
tls {
rsa_key_exchange = no
dh_key_exchange = yes
rsa_key_length = 512
dh_key_length = 512
verify_depth = 0
pem_file_type = yes
private_key_file = /etc/raddb/certs/server.pem
certificate_file = /etc/raddb/certs/server.pem
CA_file = /etc/raddb/certs/ca.pem
private_key_password = devin123
dh_file = /etc/raddb/certs/dh
random_file = /etc/raddb/certs/random
fragment_size = 1024
include_length = yes
check_crl = no
cipher_list = DEFAULT
make_cert_command = /etc/raddb/certs/bootstrap
cache {
enable = no
lifetime = 24
max_entries = 255
}
}
rlm_eap: SSL error error::lib(0):func(0):reason(0)
rlm_eap_tls: Error loading randomness
rlm_eap: Failed to initialize type tls
/etc/raddb/eap.conf[17]: Instantiation failed for module eap
/etc/raddb/sites-enabled/inner-tunnel[223]: Failed to find module eap.
/etc/raddb/sites-enabled/inner-tunnel[176]: Errors parsing authenticate section.
}
}
Errors initializing modules
2009/8/3 Devinder Singh devinbhul...@gmail.com:
Hi Ivan
I did this
chown root:radiusd /etc/raddb/certs/server.pem
chown root:radiusd /etc/raddb/certs/ca.pem
and then i got the error
Module: Instantiating eap-tls
tls {
rsa_key_exchange = no
dh_key_exchange = yes
rsa_key_length = 512
dh_key_length = 512
verify_depth = 0
pem_file_type = yes
private_key_file = /etc/raddb/certs/server.pem
certificate_file = /etc/raddb/certs/server.pem
CA_file = /etc/raddb/certs/ca.pem
private_key_password = whatever
dh_file = /etc/raddb/certs/dh
random_file = /etc/raddb/certs/random
fragment_size = 1024
include_length = yes
check_crl = no
cipher_list = DEFAULT
make_cert_command = /etc/raddb/certs/bootstrap
cache {
enable = no
lifetime = 24
max_entries = 255
}
}
rlm_eap: SSL error error:06065064:digital envelope
routines:EVP_DecryptFinal_ex:bad decrypt
rlm_eap_tls: Error reading private key file /etc/raddb/certs/server.pem
rlm_eap: Failed to initialize type tls
/etc/raddb/eap.conf[17]: Instantiation failed for module eap
/etc/raddb/sites-enabled/inner-tunnel[223]: Failed to find module eap.
/etc/raddb/sites-enabled/inner-tunnel[176]: Errors parsing authenticate
section.
}
}
Errors initializing modules
2009/8/3 Devinder Singh devinbhul...@gmail.com:
Hi Ivan,
these are the files in the /cert directory after i had ran the
instruction in RREADME
Could you let me know how to fix the errors
Thanks
linux-h9qt:/etc/raddb/certs # ls
01.pem ca.cnf client.cnf client.p12 index.txt
Makefile serial.old server.key
02.pem ca.der client.crt client.pem
index.txt.attr random server.cnf server.p12
03.pem ca.key client.csr devin...@palettemm.com.pem
index.txt.attr.old README server.crt server.pem
bootstrap ca.pem client.key dh
index.txt.old serial server.csr xpextensions
2009/8/3 Devinder Singh devinbhul...@gmail.com:
Hi Ivan.
Ok i have reformetated my machine and installed Radius 2.1.1 from Yast
Open Suse 11.
I followed the instructions in /etc/raddb/certs/README
Module: Linked to sub-module rlm_eap_tls
Module: Instantiating eap-tls
tls {
rsa_key_exchange = no
dh_key_exchange = yes
rsa_key_length = 512
dh_key_length = 512
verify_depth = 0
pem_file_type = yes
private_key_file = /etc/raddb/certs/server.pem
certificate_file = /etc/raddb/certs/server.pem
CA_file = /etc/raddb/certs/ca.pem
private_key_password = whatever
dh_file = /etc/raddb/certs/dh
random_file = /etc/raddb/certs/random
fragment_size = 1024
include_length = yes
check_crl = no
cipher_list = DEFAULT
make_cert_command = /etc/raddb/certs/bootstrap
cache {
enable = no
lifetime = 24
max_entries = 255
}
}
rlm_eap: SSL error error:0200100D:system library:fopen:Permission
denied
rlm_eap_tls: Error reading certificate file
/etc/raddb/certs/server.pem
rlm_eap: Failed to initialize type tls
/etc/raddb/eap.conf[17]: Instantiation failed for module eap
/etc/raddb/sites-enabled/inner-tunnel[223]: Failed to find module
eap.
/etc/raddb/sites-enabled/inner-tunnel[176]: Errors parsing
authenticate section.
}
}
Errors initializing modules
2009/8/1 Ivan Kalik t...@kalik.net:
I refeer only to version 1.0.4 for the serial file as its not there in
/etc/raddb/certs/demoCA so i get the serial file from version 1.0.4
But i still get the errror message Bad Encrypt.
What shoud i do next.
How about following the instructions in raddb/certs/README file?
Ivan Kalik
Kalik
Re: Decoupled accounting
HI Ivan,
These are the new error messages
Module: Linked to sub-module rlm_eap_tls
Module: Instantiating eap-tls
tls {
rsa_key_exchange = no
dh_key_exchange = yes
rsa_key_length = 512
dh_key_length = 512
verify_depth = 0
pem_file_type = yes
private_key_file = /etc/raddb/certs/server.pem
certificate_file = /etc/raddb/certs/server.pem
CA_file = /etc/raddb/certs/ca.pem
private_key_password = devin123
dh_file = /etc/raddb/certs/dh
random_file = /etc/raddb/certs/random
fragment_size = 1024
include_length = yes
check_crl = no
cipher_list = DEFAULT
make_cert_command = /etc/raddb/certs/bootstrap
cache {
enable = no
lifetime = 24
max_entries = 255
}
}
rlm_eap: SSL error error::lib(0):func(0):reason(0)
rlm_eap_tls: Error loading randomness
rlm_eap: Failed to initialize type tls
/etc/raddb/eap.conf[17]: Instantiation failed for module eap
/etc/raddb/sites-enabled/inner-tunnel[223]: Failed to find module eap.
/etc/raddb/sites-enabled/inner-tunnel[176]: Errors parsing authenticate section.
}
}
Devinder
2009/8/3 Devinder Singh devinbhul...@gmail.com:
ok i set the password to devin123
Module: Instantiating eap-tls
tls {
rsa_key_exchange = no
dh_key_exchange = yes
rsa_key_length = 512
dh_key_length = 512
verify_depth = 0
pem_file_type = yes
private_key_file = /etc/raddb/certs/server.pem
certificate_file = /etc/raddb/certs/server.pem
CA_file = /etc/raddb/certs/ca.pem
private_key_password = devin123
dh_file = /etc/raddb/certs/dh
random_file = /etc/raddb/certs/random
fragment_size = 1024
include_length = yes
check_crl = no
cipher_list = DEFAULT
make_cert_command = /etc/raddb/certs/bootstrap
cache {
enable = no
lifetime = 24
max_entries = 255
}
}
rlm_eap: SSL error error::lib(0):func(0):reason(0)
rlm_eap_tls: Error loading randomness
rlm_eap: Failed to initialize type tls
/etc/raddb/eap.conf[17]: Instantiation failed for module eap
/etc/raddb/sites-enabled/inner-tunnel[223]: Failed to find module eap.
/etc/raddb/sites-enabled/inner-tunnel[176]: Errors parsing authenticate
section.
}
}
Errors initializing modules
2009/8/3 Devinder Singh devinbhul...@gmail.com:
Hi Ivan
I did this
chown root:radiusd /etc/raddb/certs/server.pem
chown root:radiusd /etc/raddb/certs/ca.pem
and then i got the error
Module: Instantiating eap-tls
tls {
rsa_key_exchange = no
dh_key_exchange = yes
rsa_key_length = 512
dh_key_length = 512
verify_depth = 0
pem_file_type = yes
private_key_file = /etc/raddb/certs/server.pem
certificate_file = /etc/raddb/certs/server.pem
CA_file = /etc/raddb/certs/ca.pem
private_key_password = whatever
dh_file = /etc/raddb/certs/dh
random_file = /etc/raddb/certs/random
fragment_size = 1024
include_length = yes
check_crl = no
cipher_list = DEFAULT
make_cert_command = /etc/raddb/certs/bootstrap
cache {
enable = no
lifetime = 24
max_entries = 255
}
}
rlm_eap: SSL error error:06065064:digital envelope
routines:EVP_DecryptFinal_ex:bad decrypt
rlm_eap_tls: Error reading private key file /etc/raddb/certs/server.pem
rlm_eap: Failed to initialize type tls
/etc/raddb/eap.conf[17]: Instantiation failed for module eap
/etc/raddb/sites-enabled/inner-tunnel[223]: Failed to find module eap.
/etc/raddb/sites-enabled/inner-tunnel[176]: Errors parsing authenticate
section.
}
}
Errors initializing modules
2009/8/3 Devinder Singh devinbhul...@gmail.com:
Hi Ivan,
these are the files in the /cert directory after i had ran the
instruction in RREADME
Could you let me know how to fix the errors
Thanks
linux-h9qt:/etc/raddb/certs # ls
01.pem ca.cnf client.cnf client.p12 index.txt
Makefile serial.old server.key
02.pem ca.der client.crt client.pem
index.txt.attr random server.cnf server.p12
03.pem ca.key client.csr devin...@palettemm.com.pem
index.txt.attr.old README server.crt server.pem
bootstrap ca.pem client.key dh
index.txt.old serial server.csr xpextensions
2009/8/3 Devinder Singh devinbhul...@gmail.com:
Hi Ivan.
Ok i have reformetated my machine and installed Radius 2.1.1 from Yast
Open Suse 11.
I followed the instructions in /etc/raddb/certs/README
Module: Linked to sub-module rlm_eap_tls
Module: Instantiating eap-tls
tls {
rsa_key_exchange = no
dh_key_exchange = yes
rsa_key_length = 512
dh_key_length = 512
verify_depth = 0
pem_file_type = yes
private_key_file = /etc/raddb/certs/server.pem
Re: Decoupled accounting
Hi
I do have the random and dh file
linux-h9qt:/etc/raddb/certs #ls -al
-rw-r- 1 root root 245 2009-08-03 11:36 dh
-rw-r--r-- 1 root root 384 2009-08-03 12:11 index.txt
-rw-r--r-- 1 root root 21 2009-08-03 12:11 index.txt.attr
-rw-r--r-- 1 root root 21 2009-08-03 11:59 index.txt.attr.old
-rw-r--r-- 1 root root 254 2009-08-03 11:59 index.txt.old
-rw-r- 1 root radiusd 4441 2008-12-03 21:57 Makefile
-rw-r- 1 root root5120 2009-08-03 11:36 random
2009/8/3 Devinder Singh devinbhul...@gmail.com:
HI Ivan,
These are the new error messages
Module: Linked to sub-module rlm_eap_tls
Module: Instantiating eap-tls
tls {
rsa_key_exchange = no
dh_key_exchange = yes
rsa_key_length = 512
dh_key_length = 512
verify_depth = 0
pem_file_type = yes
private_key_file = /etc/raddb/certs/server.pem
certificate_file = /etc/raddb/certs/server.pem
CA_file = /etc/raddb/certs/ca.pem
private_key_password = devin123
dh_file = /etc/raddb/certs/dh
random_file = /etc/raddb/certs/random
fragment_size = 1024
include_length = yes
check_crl = no
cipher_list = DEFAULT
make_cert_command = /etc/raddb/certs/bootstrap
cache {
enable = no
lifetime = 24
max_entries = 255
}
}
rlm_eap: SSL error error::lib(0):func(0):reason(0)
rlm_eap_tls: Error loading randomness
rlm_eap: Failed to initialize type tls
/etc/raddb/eap.conf[17]: Instantiation failed for module eap
/etc/raddb/sites-enabled/inner-tunnel[223]: Failed to find module eap.
/etc/raddb/sites-enabled/inner-tunnel[176]: Errors parsing authenticate
section.
}
}
Devinder
2009/8/3 Devinder Singh devinbhul...@gmail.com:
ok i set the password to devin123
Module: Instantiating eap-tls
tls {
rsa_key_exchange = no
dh_key_exchange = yes
rsa_key_length = 512
dh_key_length = 512
verify_depth = 0
pem_file_type = yes
private_key_file = /etc/raddb/certs/server.pem
certificate_file = /etc/raddb/certs/server.pem
CA_file = /etc/raddb/certs/ca.pem
private_key_password = devin123
dh_file = /etc/raddb/certs/dh
random_file = /etc/raddb/certs/random
fragment_size = 1024
include_length = yes
check_crl = no
cipher_list = DEFAULT
make_cert_command = /etc/raddb/certs/bootstrap
cache {
enable = no
lifetime = 24
max_entries = 255
}
}
rlm_eap: SSL error error::lib(0):func(0):reason(0)
rlm_eap_tls: Error loading randomness
rlm_eap: Failed to initialize type tls
/etc/raddb/eap.conf[17]: Instantiation failed for module eap
/etc/raddb/sites-enabled/inner-tunnel[223]: Failed to find module eap.
/etc/raddb/sites-enabled/inner-tunnel[176]: Errors parsing authenticate
section.
}
}
Errors initializing modules
2009/8/3 Devinder Singh devinbhul...@gmail.com:
Hi Ivan
I did this
chown root:radiusd /etc/raddb/certs/server.pem
chown root:radiusd /etc/raddb/certs/ca.pem
and then i got the error
Module: Instantiating eap-tls
tls {
rsa_key_exchange = no
dh_key_exchange = yes
rsa_key_length = 512
dh_key_length = 512
verify_depth = 0
pem_file_type = yes
private_key_file = /etc/raddb/certs/server.pem
certificate_file = /etc/raddb/certs/server.pem
CA_file = /etc/raddb/certs/ca.pem
private_key_password = whatever
dh_file = /etc/raddb/certs/dh
random_file = /etc/raddb/certs/random
fragment_size = 1024
include_length = yes
check_crl = no
cipher_list = DEFAULT
make_cert_command = /etc/raddb/certs/bootstrap
cache {
enable = no
lifetime = 24
max_entries = 255
}
}
rlm_eap: SSL error error:06065064:digital envelope
routines:EVP_DecryptFinal_ex:bad decrypt
rlm_eap_tls: Error reading private key file /etc/raddb/certs/server.pem
rlm_eap: Failed to initialize type tls
/etc/raddb/eap.conf[17]: Instantiation failed for module eap
/etc/raddb/sites-enabled/inner-tunnel[223]: Failed to find module eap.
/etc/raddb/sites-enabled/inner-tunnel[176]: Errors parsing authenticate
section.
}
}
Errors initializing modules
2009/8/3 Devinder Singh devinbhul...@gmail.com:
Hi Ivan,
these are the files in the /cert directory after i had ran the
instruction in RREADME
Could you let me know how to fix the errors
Thanks
linux-h9qt:/etc/raddb/certs # ls
01.pem ca.cnf client.cnf client.p12 index.txt
Makefile serial.old server.key
02.pem ca.der client.crt client.pem
index.txt.attr random server.cnf server.p12
03.pem ca.key client.csr devin...@palettemm.com.pem
index.txt.attr.old README server.crt server.pem
bootstrap ca.pem client.key dh
index.txt.old serial
Re: Freeradius with AD integration
linux-h9qt:/etc/raddb # radiusd -X
FreeRADIUS Version 2.1.1, for host x86_64-suse-linux-gnu, built on Dec
3 2008 at 13:57:16
Copyright (C) 1999-2008 The FreeRADIUS server project and
contributors.
There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A
PARTICULAR PURPOSE.
You may redistribute copies of FreeRADIUS under the terms of the
GNU General Public License v2.
Starting - reading configuration files ...
including configuration file /etc/raddb/radiusd.conf
including configuration file /etc/raddb/proxy.conf
including configuration file /etc/raddb/clients.conf
including files in directory /etc/raddb/modules/
including configuration file /etc/raddb/modules/wimax
including configuration file /etc/raddb/modules/ippool
including configuration file /etc/raddb/modules/expiration
including configuration file /etc/raddb/modules/inner-eap
including configuration file /etc/raddb/modules/exec
including configuration file /etc/raddb/modules/mac2ip
including configuration file /etc/raddb/modules/krb5
including configuration file /etc/raddb/modules/logintime
including configuration file /etc/raddb/modules/detail
including configuration file /etc/raddb/modules/digest
including configuration file /etc/raddb/modules/etc_group
including configuration file /etc/raddb/modules/sql_log
including configuration file /etc/raddb/modules/attr_filter
including configuration file /etc/raddb/modules/always
including configuration file /etc/raddb/modules/ldap
including configuration file /etc/raddb/modules/files
including configuration file /etc/raddb/modules/detail.log
including configuration file /etc/raddb/modules/radutmp
including configuration file /etc/raddb/modules/preprocess
including configuration file /etc/raddb/modules/realm
including configuration file /etc/raddb/modules/sradutmp
including configuration file /etc/raddb/modules/policy
including configuration file /etc/raddb/modules/linelog
including configuration file /etc/raddb/modules/counter
including configuration file /etc/raddb/modules/smbpasswd
including configuration file /etc/raddb/modules/expr
including configuration file /etc/raddb/modules/mac2vlan
including configuration file /etc/raddb/modules/checkval
including configuration file /etc/raddb/modules/unix
including configuration file /etc/raddb/modules/pam
including configuration file /etc/raddb/modules/echo
including configuration file /etc/raddb/modules/passwd
including configuration file /etc/raddb/modules/mschap
including configuration file /etc/raddb/modules/detail.example.com
including configuration file /etc/raddb/modules/acct_unique
including configuration file /etc/raddb/modules/attr_rewrite
including configuration file /etc/raddb/modules/chap
including configuration file /etc/raddb/modules/pap
including configuration file /etc/raddb/eap.conf
including configuration file /etc/raddb/sql.conf
including configuration file /etc/raddb/sql/mysql/dialup.conf
including configuration file /etc/raddb/sql/mysql/counter.conf
including configuration file /etc/raddb/policy.conf
including files in directory /etc/raddb/sites-enabled/
including configuration file /etc/raddb/sites-enabled/default
including configuration file /etc/raddb/sites-enabled/inner-tunnel
group = radiusd
user = radiusd
including dictionary file /etc/raddb/dictionary
main {
prefix = /usr
localstatedir = /var
logdir = /var/log/radius
libdir = /usr/lib64/freeradius
radacctdir = /var/log/radius/radacct
hostname_lookups = no
max_request_time = 30
cleanup_delay = 5
max_requests = 1024
allow_core_dumps = no
pidfile = /var/run/radiusd/radiusd.pid
checkrad = /usr/sbin/checkrad
debug_level = 0
proxy_requests = yes
log {
stripped_names = no
auth = no
auth_badpass = no
auth_goodpass = no
}
security {
max_attributes = 200
reject_delay = 1
status_server = yes
}
}
client localhost {
ipaddr = 127.0.0.1
require_message_authenticator = no
secret = testing123
nastype = other
}
radiusd: Loading Realms and Home Servers
proxy server {
retry_delay = 5
retry_count = 3
default_fallback = no
dead_time = 120
wake_all_if_all_dead = no
}
home_server localhost {
ipaddr = 127.0.0.1
port = 1812
type = auth
secret = testing123
response_window = 20
max_outstanding = 65536
zombie_period = 40
status_check = status-server
ping_interval = 30
check_interval = 30
num_answers_to_alive = 3
num_pings_to_alive = 3
revive_interval = 120
status_check_timeout = 4
}
home_server_pool my_auth_failover {
type = fail-over
home_server = localhost
}
realm example.com {
auth_pool = my_auth_failover
}
realm LOCAL {
}
radiusd: Instantiating modules
instantiate {
Module: Linked to
Re: Decoupled accounting
Hi This is my directory listing which file should i copy to the XP machine linux-h9qt:/etc/raddb/certs # ls 01.pem bootstrap ca.key client.crt client.p12 dh index.txt.attr.old random serial.old server.csr server.pem 02.pem ca.cnf ca.pem client.csr client.pem index.txt index.txt.old README server.cnf server.key xpextensions 03.pem ca.der client.cnf client.key devin...@palettemm.com.pem index.txt.attr Makefileserial server.crt server.p12 2009/8/3 Devinder Singh devinbhul...@gmail.com: I dont get any errors now when i run radiusd -X does that mean the certs are generated OK 2009/8/3 Devinder Singh devinbhul...@gmail.com: what do i do next i want to install teh cert on my windows XP machine? 2009/8/3 Devinder Singh devinbhul...@gmail.com: Yes got it to work Ivan Thanks i did chown root:radiusd /etc/raddb/certs/random and for dh 2009/8/3 Devinder Singh devinbhul...@gmail.com: user = radiusd group = radiusd how do i chown the entire cert directory? 2009/8/3 Ivan Kalik t...@kalik.net: so how do i go about in this chown root:radiusd /etc/raddb/certs/dh chown root:radiusd /etc/raddb/certs/random is that correct? chown whole certs directory. I don't know what user does your radiusd run under. I am quite sure root/radiusd is wrong. It's either root:root or radius:radius in default configuration. It could be different in binary distributions. Check user/group settings in radiusd.conf. Ivan Kalik Kalik Informatika ISP -- Devinder -- Devinder -- Devinder -- Devinder -- Devinder - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Decoupled accounting
Hi Ivan
Ok i managed to install ca.der and client.p12 on my XP
When i run radiusd -X i get
rad_recv: Access-Request packet from host 203.121.4.59 port 6001,
id=30, length=216
User-Name = devin...@palettemm.com
NAS-IP-Address = 203.121.4.59
Called-Station-Id = 00-20-a6-6c-49-9d:palstaff
Calling-Station-Id = 00-04-23-7b-56-b9
NAS-Identifier = ORiNOCO-AP-700-6c-49-9d
State = 0xf30ae66df60debd09c91249e7b82f0a9
Framed-MTU = 1400
NAS-Port-Type = Wireless-802.11
EAP-Message =
0x0207002c0d000116030100205a6f866d20eb642ddc9f404f90d8650422eb751e7bb0199a016bb14e384df6fa
Message-Authenticator = 0x06206416bbe520db012eb924f72ba75e
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
[suffix] Looking up realm palettemm.com for User-Name =
devin...@palettemm.com
[suffix] No such realm palettemm.com
++[suffix] returns noop
[eap] EAP packet type response id 7 length 44
[eap] No EAP Start, assuming it's an on-going EAP conversation
++[eap] returns updated
++[unix] returns notfound
[files] users: Matched entry devin...@palettemm.com at line 94
++[files] returns ok
++[expiration] returns noop
++[logintime] returns noop
++[pap] returns noop
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/tls
[eap] processing type tls
[tls] Authenticate
[tls] processing EAP-TLS
[tls] eaptls_verify returned 7
[tls] Done initial handshake
[tls] TLS 1.0 Handshake [length 03b2], Certificate
-- verify error:num=20:unable to get local issuer certificate
[tls] TLS 1.0 Alert [length 0002], fatal unknown_ca
TLS Alert write:fatal:unknown CA
TLS_accept:error in SSLv3 read client certificate B
rlm_eap: SSL error error:140890B2:SSL
routines:SSL3_GET_CLIENT_CERTIFICATE:no certificate returned
SSL: SSL_read failed in a system call (-1), TLS session fails.
TLS receive handshake failed during operation
[tls] eaptls_process returned 4
[eap] Handler failed in EAP/tls
[eap] Failed in EAP select
++[eap] returns invalid
Failed to authenticate the user.
Using Post-Auth-Type Reject
+- entering group REJECT {...}
[attr_filter.access_reject] expand: %{User-Name} - devin...@palettemm.com
attr_filter: Matched entry DEFAULT at line 11
++[attr_filter.access_reject] returns updated
Delaying reject of request 6 for 1 seconds
Going to the next request
Waking up in 0.9 seconds.
Sending delayed reject for request 6
Sending Access-Reject of id 30 to 203.121.4.59 port 6001
EAP-Message = 0x04070004
Message-Authenticator = 0x
Waking up in 3.8 seconds.
Cleaning up request 0 ID 24 with timestamp +83
Cleaning up request 1 ID 25 with timestamp +83
Cleaning up request 2 ID 26 with timestamp +83
Cleaning up request 3 ID 27 with timestamp +83
Cleaning up request 4 ID 28 with timestamp +83
Cleaning up request 5 ID 29 with timestamp +83
Waking up in 1.0 seconds.
Cleaning up request 6 ID 30 with timestamp +83
Ready to process requests.
Users File
devin...@palettemm.com Auth-Type := EAP
DEFAULT Auth-Type := Reject
Reply-Message = Authentication Failed
2009/8/3 Ivan Kalik t...@kalik.net:
Do i copy this file to the XP and install ca.der
ca.der and client.p12
Yes.
Ivan Kalik
Kalik Informatika ISP
--
Devinder
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Decoupled accounting
Hi Ivan,
When i clik on my SSID palstaff it prompts for the certificate name
username on certificate so i selected
devin...@palettemm.com
Click OK then authentication failed on the SSID
2009/8/4 Devinder Singh devinbhul...@gmail.com:
Hi Ivan
Ok i managed to install ca.der and client.p12 on my XP
When i run radiusd -X i get
rad_recv: Access-Request packet from host 203.121.4.59 port 6001,
id=30, length=216
User-Name = devin...@palettemm.com
NAS-IP-Address = 203.121.4.59
Called-Station-Id = 00-20-a6-6c-49-9d:palstaff
Calling-Station-Id = 00-04-23-7b-56-b9
NAS-Identifier = ORiNOCO-AP-700-6c-49-9d
State = 0xf30ae66df60debd09c91249e7b82f0a9
Framed-MTU = 1400
NAS-Port-Type = Wireless-802.11
EAP-Message =
0x0207002c0d000116030100205a6f866d20eb642ddc9f404f90d8650422eb751e7bb0199a016bb14e384df6fa
Message-Authenticator = 0x06206416bbe520db012eb924f72ba75e
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
[suffix] Looking up realm palettemm.com for User-Name =
devin...@palettemm.com
[suffix] No such realm palettemm.com
++[suffix] returns noop
[eap] EAP packet type response id 7 length 44
[eap] No EAP Start, assuming it's an on-going EAP conversation
++[eap] returns updated
++[unix] returns notfound
[files] users: Matched entry devin...@palettemm.com at line 94
++[files] returns ok
++[expiration] returns noop
++[logintime] returns noop
++[pap] returns noop
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/tls
[eap] processing type tls
[tls] Authenticate
[tls] processing EAP-TLS
[tls] eaptls_verify returned 7
[tls] Done initial handshake
[tls] TLS 1.0 Handshake [length 03b2], Certificate
-- verify error:num=20:unable to get local issuer certificate
[tls] TLS 1.0 Alert [length 0002], fatal unknown_ca
TLS Alert write:fatal:unknown CA
TLS_accept:error in SSLv3 read client certificate B
rlm_eap: SSL error error:140890B2:SSL
routines:SSL3_GET_CLIENT_CERTIFICATE:no certificate returned
SSL: SSL_read failed in a system call (-1), TLS session fails.
TLS receive handshake failed during operation
[tls] eaptls_process returned 4
[eap] Handler failed in EAP/tls
[eap] Failed in EAP select
++[eap] returns invalid
Failed to authenticate the user.
Using Post-Auth-Type Reject
+- entering group REJECT {...}
[attr_filter.access_reject] expand: %{User-Name} - devin...@palettemm.com
attr_filter: Matched entry DEFAULT at line 11
++[attr_filter.access_reject] returns updated
Delaying reject of request 6 for 1 seconds
Going to the next request
Waking up in 0.9 seconds.
Sending delayed reject for request 6
Sending Access-Reject of id 30 to 203.121.4.59 port 6001
EAP-Message = 0x04070004
Message-Authenticator = 0x
Waking up in 3.8 seconds.
Cleaning up request 0 ID 24 with timestamp +83
Cleaning up request 1 ID 25 with timestamp +83
Cleaning up request 2 ID 26 with timestamp +83
Cleaning up request 3 ID 27 with timestamp +83
Cleaning up request 4 ID 28 with timestamp +83
Cleaning up request 5 ID 29 with timestamp +83
Waking up in 1.0 seconds.
Cleaning up request 6 ID 30 with timestamp +83
Ready to process requests.
Users File
devin...@palettemm.com Auth-Type := EAP
DEFAULT Auth-Type := Reject
Reply-Message = Authentication Failed
2009/8/3 Ivan Kalik t...@kalik.net:
Do i copy this file to the XP and install ca.der
ca.der and client.p12
Yes.
Ivan Kalik
Kalik Informatika ISP
--
Devinder
--
Devinder
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Decoupled accounting
attr_filter attr_filter.access_reject {
attrsfile = /etc/raddb/attrs.access_reject
key = %{User-Name}
}
}
}
modules {
Module: Checking authenticate {...} for more modules to load
Module: Checking authorize {...} for more modules to load
Module: Linked to module rlm_preprocess
Module: Instantiating preprocess
preprocess {
huntgroups = /etc/raddb/huntgroups
hints = /etc/raddb/hints
with_ascend_hack = no
ascend_channels_per_line = 23
with_ntdomain_hack = no
with_specialix_jetstream_hack = no
with_cisco_vsa_hack = no
with_alvarion_vsa_hack = no
}
Module: Checking preacct {...} for more modules to load
Module: Linked to module rlm_acct_unique
Module: Instantiating acct_unique
acct_unique {
key = User-Name, Acct-Session-Id, NAS-IP-Address,
Client-IP-Address, NAS-Port
}
Module: Checking accounting {...} for more modules to load
Module: Linked to module rlm_detail
Module: Instantiating detail
detail {
detailfile =
/var/log/radius/radacct/%{Client-IP-Address}/detail-%Y%m%d
header = %t
detailperm = 384
dirperm = 493
locking = no
log_packet_header = no
}
Module: Instantiating attr_filter.accounting_response
attr_filter attr_filter.accounting_response {
attrsfile = /etc/raddb/attrs.accounting_response
key = %{User-Name}
}
Module: Checking session {...} for more modules to load
Module: Checking post-proxy {...} for more modules to load
Module: Checking post-auth {...} for more modules to load
}
radiusd: Opening IP addresses and Ports
listen {
type = auth
ipaddr = *
port = 0
}
listen {
type = acct
ipaddr = *
port = 0
}
Listening on authentication address * port 1812
Listening on accounting address * port 1813
Listening on proxy address * port 1814
Ready to process requests.
2009/8/4 Devinder Singh devinbhul...@gmail.com:
Hi Ivan,
When i clik on my SSID palstaff it prompts for the certificate name
username on certificate so i selected
devin...@palettemm.com
Click OK then authentication failed on the SSID
2009/8/4 Devinder Singh devinbhul...@gmail.com:
Hi Ivan
Ok i managed to install ca.der and client.p12 on my XP
When i run radiusd -X i get
rad_recv: Access-Request packet from host 203.121.4.59 port 6001,
id=30, length=216
User-Name = devin...@palettemm.com
NAS-IP-Address = 203.121.4.59
Called-Station-Id = 00-20-a6-6c-49-9d:palstaff
Calling-Station-Id = 00-04-23-7b-56-b9
NAS-Identifier = ORiNOCO-AP-700-6c-49-9d
State = 0xf30ae66df60debd09c91249e7b82f0a9
Framed-MTU = 1400
NAS-Port-Type = Wireless-802.11
EAP-Message =
0x0207002c0d000116030100205a6f866d20eb642ddc9f404f90d8650422eb751e7bb0199a016bb14e384df6fa
Message-Authenticator = 0x06206416bbe520db012eb924f72ba75e
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
[suffix] Looking up realm palettemm.com for User-Name =
devin...@palettemm.com
[suffix] No such realm palettemm.com
++[suffix] returns noop
[eap] EAP packet type response id 7 length 44
[eap] No EAP Start, assuming it's an on-going EAP conversation
++[eap] returns updated
++[unix] returns notfound
[files] users: Matched entry devin...@palettemm.com at line 94
++[files] returns ok
++[expiration] returns noop
++[logintime] returns noop
++[pap] returns noop
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/tls
[eap] processing type tls
[tls] Authenticate
[tls] processing EAP-TLS
[tls] eaptls_verify returned 7
[tls] Done initial handshake
[tls] TLS 1.0 Handshake [length 03b2], Certificate
-- verify error:num=20:unable to get local issuer certificate
[tls] TLS 1.0 Alert [length 0002], fatal unknown_ca
TLS Alert write:fatal:unknown CA
TLS_accept:error in SSLv3 read client certificate B
rlm_eap: SSL error error:140890B2:SSL
routines:SSL3_GET_CLIENT_CERTIFICATE:no certificate returned
SSL: SSL_read failed in a system call (-1), TLS session fails.
TLS receive handshake failed during operation
[tls] eaptls_process returned 4
[eap] Handler failed in EAP/tls
[eap] Failed in EAP select
++[eap] returns invalid
Failed to authenticate the user.
Using Post-Auth-Type Reject
+- entering group REJECT {...}
[attr_filter.access_reject] expand: %{User-Name} -
devin...@palettemm.com
attr_filter: Matched entry DEFAULT at line 11
++[attr_filter.access_reject] returns updated
Delaying reject of request 6 for 1 seconds
Going to the next request
Waking up in 0.9 seconds.
Sending delayed reject for request 6
Sending Access-Reject of id 30 to 203.121.4.59 port 6001
EAP-Message = 0x04070004
Message-Authenticator = 0x
Waking up in 3.8 seconds.
Cleaning up request 0 ID 24
Re: phpRadmin,dialupAdmin?
Hi I have used Daloradius and its easier to set up and install google Daloradius - authored by Liran Tal 2009/8/4 RANDRIAMAMPIONONA José Johnny vasian...@gmail.com: Hello, Does anyone know if these projects still active! In fact , I d like to install it on my server but it looks like non-existent! Thanks! Sincerly! -- JJohnny R. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- Devinder - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Decoupled accounting
Hi Ivan Actually i followed the steps in Free Radius http://wiki.freeradius.org/WPA_HOWTO. Could i use the steps here or shoud i follow the Readme file Regards Devinder 2009/8/1 Ivan Kalik t...@kalik.net: I refeer only to version 1.0.4 for the serial file as its not there in /etc/raddb/certs/demoCA so i get the serial file from version 1.0.4 But i still get the errror message Bad Encrypt. What shoud i do next. How about following the instructions in raddb/certs/README file? Ivan Kalik Kalik Informatika ISP -- Devinder - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Decoupled accounting
Hi Ivan, I refeer only to version 1.0.4 for the serial file as its not there in /etc/raddb/certs/demoCA so i get the serial file from version 1.0.4 But i still get the errror message Bad Encrypt. What shoud i do next. I have created the certificates alomoist 5 times already . The massspord user for .CA.root myettelap .CA.server devin myettelap Pls help on this Regards Devinder } rlm_eap: SSL error error:06065064:digital envelope routines:EVP_DecryptFinal_ex:bad decrypt rlm_eap_tls: Error reading private key file /etc/wireless-auth/linux-7v1x.pem rlm_eap: Failed to initialize type tls /etc/raddb/eap.conf[17]: Instantiation failed for module eap /etc/raddb/sites-enabled/default[280]: Failed to find module eap. /etc/raddb/sites-enabled/default[227]: Errors parsing authenticate section. } Errors initializing modules 2009/8/1 Devinder Singh devinbhul...@gmail.com: Hi Ivan Actually im am using version 2.1.1 Free Radius and i need the serial file from 1.0.4 devinder 2009/7/31 Ivan Kalik t...@kalik.net: Hi Ivan This is how generetd the certs and radiusd -X gives error ... /home/palette/Desktop/freeradius-1.0.4/raddb/certs/demoCA/ ... Ah, this is 1.0.4! Don't use that for EAP. It's incompatible with Vista, XP SP2, SP3, ... Upgrade. Ivan Kalik Kalik Informatika ISP -- Devinder -- Devinder - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Decoupled accounting
Hi Ivan
Ned you help here
Module: Linked to sub-module rlm_eap_tls
Module: Instantiating eap-tls
tls {
rsa_key_exchange = no
dh_key_exchange = yes
rsa_key_length = 512
dh_key_length = 512
verify_depth = 0
pem_file_type = yes
private_key_file = /etc/wireless-auth/linux-7v1x.pem
certificate_file = /etc/wireless-auth/linux-7v1x.pem
CA_file = /etc/wireless-auth/root.pem
private_key_password = myettelap
dh_file = /etc/wireless-auth/DH
random_file = /etc/wireless-auth/random
fragment_size = 1024
include_length = yes
check_crl = no
}
rlm_eap: SSL error error:06065064:digital envelope
routines:EVP_DecryptFinal_ex:bad decrypt
rlm_eap_tls: Error reading private key file /etc/wireless-auth/linux-7v1x.pem
rlm_eap: Failed to initialize type tls
/etc/raddb/eap.conf[17]: Instantiation failed for module eap
/etc/raddb/sites-enabled/default[280]: Failed to find module eap.
/etc/raddb/sites-enabled/default[227]: Errors parsing authenticate section.
}
Errors initializing modules
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Decoupled accounting
I my certs /pass directord is empty
2009/7/31 Devinder Singh devinbhul...@gmail.com:
Hi Ivan
Ned you help here
Module: Linked to sub-module rlm_eap_tls
Module: Instantiating eap-tls
tls {
rsa_key_exchange = no
dh_key_exchange = yes
rsa_key_length = 512
dh_key_length = 512
verify_depth = 0
pem_file_type = yes
private_key_file = /etc/wireless-auth/linux-7v1x.pem
certificate_file = /etc/wireless-auth/linux-7v1x.pem
CA_file = /etc/wireless-auth/root.pem
private_key_password = myettelap
dh_file = /etc/wireless-auth/DH
random_file = /etc/wireless-auth/random
fragment_size = 1024
include_length = yes
check_crl = no
}
rlm_eap: SSL error error:06065064:digital envelope
routines:EVP_DecryptFinal_ex:bad decrypt
rlm_eap_tls: Error reading private key file /etc/wireless-auth/linux-7v1x.pem
rlm_eap: Failed to initialize type tls
/etc/raddb/eap.conf[17]: Instantiation failed for module eap
/etc/raddb/sites-enabled/default[280]: Failed to find module eap.
/etc/raddb/sites-enabled/default[227]: Errors parsing authenticate section.
}
Errors initializing modules
--
Devinder
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Decoupled accounting
Makefile pass README
xpextensions
linux-7v1x:/etc/raddb/certs # cd pass
linux-7v1x:/etc/raddb/certs/pass # ls
root.pass
linux-7v1x:/etc/raddb/certs/pass # cd ..
linux-7v1x:/etc/raddb/certs # cd der
linux-7v1x:/etc/raddb/certs/der # ls
linux-7v1x.der root.der
linux-7v1x:/etc/raddb/certs/der # cd .
linux-7v1x:/etc/raddb/certs/der # cd ..
linux-7v1x:/etc/raddb/certs # ls
bootstrap CA.client CA.rootclient.cnf der p12 pem server.cnf
CA.cient ca.cnf CA.server demoCA Makefile pass README
xpextensions
linux-7v1x:/etc/raddb/certs # ./CA.client palette-giau6pb devin myettelap
Generating a 1024 bit RSA private key
...++
...++
writing new private key to 'pem/newreq.pem'
-
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-
Country Name (2 letter code) [AU]:
State or Province Name (full name) [Some-State]:
Locality Name (eg, city) []:
Organization Name (eg, company) [Internet Widgits Pty Ltd]:
Organizational Unit Name (eg, section) []:
Common Name (eg, YOUR name) []:palette-giau6pb
Email Address []:
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:1234
An optional company name []:
Using configuration from /etc/ssl/openssl.cnf
Check that the request matches the signature
Signature ok
Certificate Details:
Serial Number: 4 (0x4)
Validity
Not Before: Jul 31 09:31:56 2009 GMT
Not After : Jul 31 09:31:56 2010 GMT
Subject:
countryName = AU
stateOrProvinceName = Some-State
organizationName = Internet Widgits Pty Ltd
commonName= palette-giau6pb
X509v3 extensions:
X509v3 Extended Key Usage:
TLS Web Client Authentication
Certificate is to be certified until Jul 31 09:31:56 2010 GMT (365 days)
Sign the certificate? [y/n]:y
1 out of 1 certificate requests certified, commit? [y/n]y
Write out database with 1 new entries
Data Base Updated
MAC verified OK
linux-7v1x:/etc/raddb/certs # ls
Module: Linked to sub-module rlm_eap_tls
Module: Instantiating eap-tls
tls {
rsa_key_exchange = no
dh_key_exchange = yes
rsa_key_length = 512
dh_key_length = 512
verify_depth = 0
pem_file_type = yes
private_key_file = /etc/wireless-auth/linux-7v1x.pem
certificate_file = /etc/wireless-auth/linux-7v1x.pem
CA_file = /etc/wireless-auth/root.pem
private_key_password = myettelap
dh_file = /etc/wireless-auth/DH
random_file = /etc/wireless-auth/random
fragment_size = 1024
include_length = yes
check_crl = no
}
rlm_eap: SSL error error:06065064:digital envelope
routines:EVP_DecryptFinal_ex:bad decrypt
rlm_eap_tls: Error reading private key file /etc/wireless-auth/linux-7v1x.pem
rlm_eap: Failed to initialize type tls
/etc/raddb/eap.conf[17]: Instantiation failed for module eap
/etc/raddb/sites-enabled/default[280]: Failed to find module eap.
/etc/raddb/sites-enabled/default[227]: Errors parsing authenticate section.
}
Errors initializing modules
2009/7/31 Devinder Singh devinbhul...@gmail.com:
Hi Ivan
Ned you help here
Module: Linked to sub-module rlm_eap_tls
Module: Instantiating eap-tls
tls {
rsa_key_exchange = no
dh_key_exchange = yes
rsa_key_length = 512
dh_key_length = 512
verify_depth = 0
pem_file_type = yes
private_key_file = /etc/wireless-auth/linux-7v1x.pem
certificate_file = /etc/wireless-auth/linux-7v1x.pem
CA_file = /etc/wireless-auth/root.pem
private_key_password = myettelap
dh_file = /etc/wireless-auth/DH
random_file = /etc/wireless-auth/random
fragment_size = 1024
include_length = yes
check_crl = no
}
rlm_eap: SSL error error:06065064:digital envelope
routines:EVP_DecryptFinal_ex:bad decrypt
rlm_eap_tls: Error reading private key file /etc/wireless-auth/linux-7v1x.pem
rlm_eap: Failed to initialize type tls
/etc/raddb/eap.conf[17]: Instantiation failed for module eap
/etc/raddb/sites-enabled/default[280]: Failed to find module eap.
/etc/raddb/sites-enabled/default[227]: Errors parsing authenticate section.
}
Errors initializing modules
--
Devinder
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
WPA Authentiction
Hello
2009/7/31 Devinder Singh devinbhul...@gmail.com:
Hi
I am using Free Radius version 2.0.1 and have set up the Root Server
and Client Certificates
When i run Radiusd - X i get
Module: Linked to sub-module rlm_eap_tls
Module: Instantiating eap-tls
tls {
rsa_key_exchange = no
dh_key_exchange = yes
rsa_key_length = 512
dh_key_length = 512
verify_depth = 0
pem_file_type = yes
private_key_file = /etc/wireless-auth/linux-7v1x.pem
certificate_file = /etc/wireless-auth/linux-7v1x.pem
CA_file = /etc/wireless-auth/root.pem
private_key_password = /etc/raddb/certs/pass/linux-7v1x.pass
dh_file = /etc/wireless-auth/DH
random_file = /etc/wireless-auth/random
fragment_size = 1024
include_length = yes
check_crl = no
}
rlm_eap: SSL error error:06065064:digital envelope
routines:EVP_DecryptFinal_ex:bad decrypt
rlm_eap_tls: Error reading private key file /etc/wireless-auth/linux-7v1x.pem
rlm_eap: Failed to initialize type tls
/etc/raddb/eap.conf[17]: Instantiation failed for module eap
/etc/raddb/sites-enabled/default[280]: Failed to find module eap.
/etc/raddb/sites-enabled/default[227]: Errors parsing authenticate section.
}
--
Devinder
--
Devinder
--
Devinder
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Free Radius FreeBSD
Hi Which version of Free Radius shoud i use for FreeBSD I plan to use Free BSD 7.0. SHoud i use the Free Radius Free BSD version on the web site http://portsmon.freebsd.org/portoverview.py?category=netportname=freeradius -- Devinder - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Free Radius FreeBSD
Hi Scott Thanks I will giev it a go now. We tried on Free BSD and when i ran using MYSQL it gave a lot of erros. ependency missing. Regards Devinder 2008/6/17 Scott Lambert [EMAIL PROTECTED]: On Tue, Jun 17, 2008 at 09:08:40AM +0800, Devinder Singh wrote: Hi Which version of Free Radius shoud i use for FreeBSD I plan to use Free BSD 7.0. Shoud i use the Free Radius Free BSD version on the web site http://portsmon.freebsd.org/portoverview.py?category=netportname=freeradius Use FreeRADIUS 2.x net/freeradius2 http://portsmon.freebsd.org/portoverview.py?category=netportname=freeradius2 -- Scott LambertKC5MLE Unix SysAdmin [EMAIL PROTECTED] - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- Devinder - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: About client.conf
whats ure network IP
for example 192,168.1.100
then use client IP as 192.168.1.0/24
.0 means that any client IP address with 192,168.1.n can connect to radius
2008/6/14 Fabián Omar Franzotti [EMAIL PROTECTED]:
Hi guys
I did install Freeradius 2.0.4 and i don't find the way to configure
client 0.0.0.0/0 {
secret = mysecret
shortname = allworld
}
I have this configuration over older Freeradius, but with this version do
not work
can any one tell my how configure it in this version?
Thanks
-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
--
Devinder
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Could not link driver rlm_sql_mysql: rlm_sql_mysql.so
Hi Why do i get this error message *Could* *not* *link* *driver* *rlm_sql_mysql*: *rlm_sql_mysql*.*so* ** ** *Regards* *Devinder* - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
rlm_sql_unixodbc: Connection failed
Hi I have configured Free Radius 1.1.7 to connect to MSSQL. However when i run radiusd -x i get the error rlm_sql_unixodbc: Connection failed Shoud i use versiion 2 instead. I need help on this. Thank you -- Devinder - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: rlm_sql_unixodbc: Connection failed
Do i need to download any patch if i use Version 2. I cant sem to find a solution via google. I have folloowed the insttuctions in Making FreeRadius and MSSQL work together. Regards Devinder 2008/5/6 Devinder Singh [EMAIL PROTECTED]: Hi I have configured Free Radius 1.1.7 to connect to MSSQL. However when i run radiusd -x i get the error rlm_sql_unixodbc: Connection failed Shoud i use versiion 2 instead. I need help on this. Thank you -- Devinder -- Devinder - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Another Issue--
Have u tried using NT Rad Ping Utility Enter the Radius IP Address user name password secret key testing123-1 to see if you can get a access-accept reply Devinder On 07/04/2008, Alan DeKok [EMAIL PROTECTED] wrote: Austin G. Smith wrote: I am having an issue authenticating against mysql backended radius now. I have been toyin with this for around 4 hours, and cannot seem to make it work. In my previous email about rpm build, something about quirks was mentioned on this arch… it has me weary… ... EAP-Message = 0x010600061900 Message-Authenticator = 0x State = 0x7a0f3a2b7f0923f0e1d4dc591995af63 Finished request 17. Going to the next request Waking up in 9.9 seconds. Cleaning up request 12 ID 18 with timestamp +618 There's nothing wrong with the server. It's sending a packet, and the supplicant isn't continuing the EAP conversation. Go fix the supplicant. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- Devinder - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Fwd: EAP Authentication
Hi Ivan Yes i maanaged to solve the problem I was using files instead of SQL as i followed the wiki example on 802.1x secure wireless. Not i can authenticate users with certs and then they login into the captive portal to login to Radius Server. Thanks Devinder On 07/04/2008, Ivan Kalik [EMAIL PROTECTED] wrote: I want to authenticate users through using EAP authentication. I managed to generate the client and root certs from Free Radius. I have installed the client sert in my notebook. and managed to get authenticated via AP to Radius. But i cant seem to find them in the Free Radius accounting database. Does the debug show accounting packets. If not, portal is not sending them. There is no log event in the database. I want them to be authenticated in the radcheck table so that i can set bandwidth to them. No need. sql is a database - it doesn't do authentication, just stores data. Set the bandwidth in radreply table and leave certificate authentication as it is. Would it be possible to also have monowall users to log into the captive portal at the same time with EAP turned on in Free Radius. I want private users to authenticate via certs and also go through captive portal. If i enable EAP TLS then users cant login using the captive portal login page. That's the whole idea. Portal captures users that are *not* authenticated. It does not capture them after authentication. Ivan Kalik Kalik Informatika ISP - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- Devinder - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: EAP Authentication
Hi Ivan, Before i enabled EAP authentication radius reads the users name and password from radcheck table. When i enabled EAP it only read the users.conf file. I want it to read the radcheck table which has the usernames and password for EAP authentication. I have generated the Certs and they are installed on the Client computer. Thank you. Devinder On 04/04/2008, Ivan Kalik [EMAIL PROTECTED] wrote: radcheck? EAP-TLS is certificate based authentication. What is it reading from users file? Reply attributes? They should be in radreply table. This would be so much easier if you would provide relevant information: user file entry that you want to store in sql; sql data for that user; radiusd -X output (when data is in sql). Ivan Kalik Kalik Informatika ISP Dana 4/4/2008, Devinder Singh [EMAIL PROTECTED] piše: Hi Ivan Im using EAP-TLS authentication. Could you tell me the sql configuration to allow EAP-TLS to read radcheck table instead of users.conf file Thanks -Devinder On 04/04/2008, Ivan Kalik [EMAIL PROTECTED] wrote: Which EAP? TLS, PEAP, something else? Have you uncommented sql in authorize section? Debug would help. Ivan Kalik Kalik Informatika ISP Dana 4/4/2008, Devinder Singh [EMAIL PROTECTED] piše: Hi Ivan Kalik When i set EAP turned on using 802.1x authentication i dont sem to get users authenticated to the RADIUS Raccheck account table. How do i enable EAP using 802.1x and allow users to get authenticated to the RADIUS Server radcheck table which has the user name and login details Thank you Devinder On 04/04/2008, Devinder Singh [EMAIL PROTECTED] wrote: I guesss i need to use VLAN methods and two SSID On 03/04/2008, Ivan Kalik [EMAIL PROTECTED] wrote: radiusd -X. Send the debug of the monowall request. Ivan Kalik Kalik Informatika ISP Dana 3/4/2008, Devinder Singh [EMAIL PROTECTED] piše: Hi I have set up Free Radius to allows users to set up certificates on their notebook and get access to the Internet. When i set EAP i cant sem to allow monowall captiv portal users to login to the RADIUS Server. Is there any settings to be done in users.conf file or radiusd .conf file to allow users to login via the monowall captive portal login page. FREE Radisu rejects login from the caprive portal login. Shoud i be using MSCHAP or can i still use EAP. Thank you Devinder - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- Devinder -- Devinder - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- Devinder - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- Devinder - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Fwd: EAP Authentication
I want to authenticate users through using EAP authentication. I managed to generate the client and root certs from Free Radius. I have installed the client sert in my notebook. and managed to get authenticated via AP to Radius. But i cant seem to find them in the Free Radius accounting database. There is no log event in the database. I want them to be authenticated in the radcheck table so that i can set bandwidth to them. Hope you can help me on this. Would it be possible to also have monowall users to log into the captive portal at the same time with EAP turned on in Free Radius. I want private users to authenticate via certs and also go through captive portal. If i enable EAP TLS then users cant login using the captive portal login page. Regards, -- Devinder -- Devinder - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: EAP Authentication
Hi Ivan Kalik When i set EAP turned on using 802.1x authentication i dont sem to get users authenticated to the RADIUS Raccheck account table. How do i enable EAP using 802.1x and allow users to get authenticated to the RADIUS Server radcheck table which has the user name and login details Thank you Devinder On 04/04/2008, Devinder Singh [EMAIL PROTECTED] wrote: I guesss i need to use VLAN methods and two SSID On 03/04/2008, Ivan Kalik [EMAIL PROTECTED] wrote: radiusd -X. Send the debug of the monowall request. Ivan Kalik Kalik Informatika ISP Dana 3/4/2008, Devinder Singh [EMAIL PROTECTED] piše: Hi I have set up Free Radius to allows users to set up certificates on their notebook and get access to the Internet. When i set EAP i cant sem to allow monowall captiv portal users to login to the RADIUS Server. Is there any settings to be done in users.conf file or radiusd .conf file to allow users to login via the monowall captive portal login page. FREE Radisu rejects login from the caprive portal login. Shoud i be using MSCHAP or can i still use EAP. Thank you Devinder - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- Devinder -- Devinder - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Authorize with SQL and/or AD with ntlm_auth
Hi I want Free Radius to authenticate user in my Radcheck table using EAP-TLS vai 802.1x authentication. Currently it is authenticating users in users.conf file Regards Devinder - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: EAP Authentication
Hi Ivan Im using EAP-TLS authentication. Could you tell me the sql configuration to allow EAP-TLS to read radcheck table instead of users.conf file Thanks -Devinder On 04/04/2008, Ivan Kalik [EMAIL PROTECTED] wrote: Which EAP? TLS, PEAP, something else? Have you uncommented sql in authorize section? Debug would help. Ivan Kalik Kalik Informatika ISP Dana 4/4/2008, Devinder Singh [EMAIL PROTECTED] piše: Hi Ivan Kalik When i set EAP turned on using 802.1x authentication i dont sem to get users authenticated to the RADIUS Raccheck account table. How do i enable EAP using 802.1x and allow users to get authenticated to the RADIUS Server radcheck table which has the user name and login details Thank you Devinder On 04/04/2008, Devinder Singh [EMAIL PROTECTED] wrote: I guesss i need to use VLAN methods and two SSID On 03/04/2008, Ivan Kalik [EMAIL PROTECTED] wrote: radiusd -X. Send the debug of the monowall request. Ivan Kalik Kalik Informatika ISP Dana 3/4/2008, Devinder Singh [EMAIL PROTECTED] piše: Hi I have set up Free Radius to allows users to set up certificates on their notebook and get access to the Internet. When i set EAP i cant sem to allow monowall captiv portal users to login to the RADIUS Server. Is there any settings to be done in users.conf file or radiusd .conf file to allow users to login via the monowall captive portal login page. FREE Radisu rejects login from the caprive portal login. Shoud i be using MSCHAP or can i still use EAP. Thank you Devinder - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- Devinder -- Devinder - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- Devinder - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: EAP Authentication
I guesss i need to use VLAN methods and two SSID On 03/04/2008, Ivan Kalik [EMAIL PROTECTED] wrote: radiusd -X. Send the debug of the monowall request. Ivan Kalik Kalik Informatika ISP Dana 3/4/2008, Devinder Singh [EMAIL PROTECTED] piše: Hi I have set up Free Radius to allows users to set up certificates on their notebook and get access to the Internet. When i set EAP i cant sem to allow monowall captiv portal users to login to the RADIUS Server. Is there any settings to be done in users.conf file or radiusd .conf file to allow users to login via the monowall captive portal login page. FREE Radisu rejects login from the caprive portal login. Shoud i be using MSCHAP or can i still use EAP. Thank you Devinder - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- Devinder - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
EAP Authentication
Hi I have set up Free Radius to allows users to set up certificates on their notebook and get access to the Internet. When i set EAP i cant sem to allow monowall captiv portal users to login to the RADIUS Server. Is there any settings to be done in users.conf file or radiusd .conf file to allow users to login via the monowall captive portal login page. FREE Radisu rejects login from the caprive portal login. Shoud i be using MSCHAP or can i still use EAP. Thank you Devinder - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
802.1x Authentication
Hi Does Free Radius has support for 802.1x authentication such as providing Certificate. Can it also integrate with MIcrosoft Active Direcrtory, Regards -- Devinder - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Monitoring Tool for Freeradius
Hi I had use daloradius and you can monitor how many users are online etc On 01/02/2008, Julian Stöver [EMAIL PROTECTED] wrote: Hello, is there any monitoring tool for freeradius or another possibility to see how many people are logged in and to do some other stuff? like the monitoring tool for openvpn? Would be nice if there's something avaible! bye! julian - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- Devinder - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: cannot connect to sql databse
Hi Liran
This is my log file i cant find any errors for cannot connect to sql
database
Thanks
Devinder
080124 14:48:58 mysqld ended
080124 14:48:58 mysqld started
080124 14:48:58 InnoDB: Started; log sequence number 0 43655
080124 14:48:58 [Note] /usr/sbin/mysqld: ready for connections.
Version: '5.0.45' socket: '/var/lib/mysql/mysql.sock' port: 3306 SUSE
MySQL RPM
080124 15:26:09 [Note] /usr/sbin/mysqld: Normal shutdown
080124 15:26:09 InnoDB: Starting shutdown...
080124 15:26:11 InnoDB: Shutdown completed; log sequence number 0 43655
080124 15:26:11 [Note] /usr/sbin/mysqld: Shutdown complete
080124 15:26:11 mysqld ended
080124 15:26:11 mysqld started
080124 15:26:11 InnoDB: Started; log sequence number 0 43655
080124 15:26:11 [Note] /usr/sbin/mysqld: ready for connections.
Version: '5.0.45' socket: '/var/lib/mysql/mysql.sock' port: 3306 SUSE
MySQL RPM
080124 15:40:56 [Note] /usr/sbin/mysqld: Normal shutdown
080124 15:40:56 InnoDB: Starting shutdown...
080124 15:40:57 InnoDB: Shutdown completed; log sequence number 0 43655
080124 15:40:57 [Note] /usr/sbin/mysqld: Shutdown complete
080124 15:40:57 mysqld ended
080124 15:40:57 mysqld started
080124 15:40:57 InnoDB: Started; log sequence number 0 43655
080124 15:40:58 [Note] /usr/sbin/mysqld: ready for connections.
Version: '5.0.45' socket: '/var/lib/mysql/mysql.sock' port: 3306 SUSE
MySQL RPM
On 29/01/2008, liran tal [EMAIL PROTECTED] wrote:
Hey Devinder,
On Jan 29, 2008 9:50 AM, Devinder Singh [EMAIL PROTECTED] wrote:
Hi Liran
The exact error message on Dial Up Admin is
cannot connec to sql database.
Well that's not too helpful now, is it?
I'm not too familiar with dialupadmin, maybe someone else can donate
his 2 cents if they had this problem as well. Like I said before, you
should
try debugging the problem by taking a look at log files instead of
trying to guess the problem into discovery.
Some thoughts to think about:
- is this working if you run it from console?
mysql -u freeradius -pmysuperpassword radius
- do you have the necessary php mysql package installed?
(php4-mysql or php5-mysql)
Regards,
Liran Tal.
On 29/01/2008, Liran Tal [EMAIL PROTECTED] wrote:
Hey Devinder,
On Jan 29, 2008 9:41 AM, Devinder Singh [EMAIL PROTECTED]
wrote:
Hi Liran
Where shoud i turn on the Logging in which file could you let me
know what files are involved to do logging.
Turning on the mysql logging is done in mysql's configuration
file (on debian it's found at /etc/mysql/my.cnf).
What is the exact error message you receive in the web page?
Dial Up admin page i get cannot connect to sql databse is too
ambiguous.
Copy and paste it here.
Regards,
Liran Tal.
On 29/01/2008, liran tal [EMAIL PROTECTED] wrote:
Hey Devinder,
On Jan 29, 2008 5:06 AM, Devinder Singh [EMAIL PROTECTED]
wrote:
Dear Liran
this is my dialup_admin.conf file
sql_type: mysql
sql_server: localhost
sql_port: 3306
sql_username: freeradius
sql_password: mysuperpassword
sql_database: radius
sql_accounting_table: radacct
sql_badusers_table: badusers
sql_check_table: radcheck
sql_reply_table: radreply
sql_user_info_table: userinfo
sql_groupcheck_table: radgroupcheck
sql_groupreply_table: radgroupreply
sql_usergroup_table: usergroup
and this is the /usr/raddb/sql.conf confihguration
sql {
# Database type
# Current supported are: rlm_sql_mysql,
rlm_sql_postgresql,
# rlm_sql_iodbc, rlm_sql_oracle, rlm_sql_unixodbc,
rlm_sql_freetds
driver = rlm_sql_mysql
# Connect info
server = localhost
login = freeradius
password = mysuperpassword
# Database table configuration
radius_db = radius
# If you want both stop and start records logged to the
# same SQL table, leave this as is. If you want them in
# different tables, put the start table in acct_table1
# and stop table in acct_table2
acct_table1 = radacct
acct_table2 = radacct
# Allow for storing data after authentication
postauth_table = radpostauth
Is there anything that i as missing pls advise.
I guess that looks alright but you haven't done any debugging like
I suggested. Turn on mysql logging and see if there's even a
connection
attempt and if there is you can track what query is going wrong.
You haven't detailed what is the exact error, it could just as
well be that
everything is configured fine but you haven't installed any
php-mysql
package and you have
Re: cannot connect to sql databse
I have hard times with Dial Up Admin Shoud i proceed with daloradius do i install in in srv/www folder like dial up On 28/01/2008, liran tal [EMAIL PROTECTED] wrote: Hey Devinder, On Jan 28, 2008 4:35 AM, Devinder Singh [EMAIL PROTECTED] wrote: Hi I am using Dial Up Admin on Free radius Free Radius is Running but when i acccess Dial Up admin page i get cannot connect to sql databse I have done most of the configuration settings and followed the wiki tutorial on Free Radius. Did you check that your sql server is actually running? Did you import the radius database schema into the sql server? Did you configure all the required settings to connect to the sql server in dialupadmin? You also might want to take a look at daloRADIUS for easy web management of freeradius with sql servers: http://sourceforge.net/projects/daloradius/ Regards, Liran. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- Devinder - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: cannot connect to sql databse
Yes i can access mysql rom CLI On 30/01/2008, YvesDM [EMAIL PROTECTED] wrote: On Jan 30, 2008 10:15 AM, Devinder Singh [EMAIL PROTECTED] wrote: Hi Liran This is my log file i cant find any errors for cannot connect to sql database Thanks Devinder 080124 14:48:58 mysqld ended 080124 14:48:58 mysqld started 080124 14:48:58 InnoDB: Started; log sequence number 0 43655 080124 14:48:58 [Note] /usr/sbin/mysqld: ready for connections. Version: '5.0.45' socket: '/var/lib/mysql/mysql.sock' port: 3306 SUSE MySQL RPM 080124 15:26:09 [Note] /usr/sbin/mysqld: Normal shutdown 080124 15:26:09 InnoDB: Starting shutdown... 080124 15:26:11 InnoDB: Shutdown completed; log sequence number 0 43655 080124 15:26:11 [Note] /usr/sbin/mysqld: Shutdown complete 080124 15:26:11 mysqld ended 080124 15:26:11 mysqld started 080124 15:26:11 InnoDB: Started; log sequence number 0 43655 080124 15:26:11 [Note] /usr/sbin/mysqld: ready for connections. Version: '5.0.45' socket: '/var/lib/mysql/mysql.sock' port: 3306 SUSE MySQL RPM 080124 15:40:56 [Note] /usr/sbin/mysqld: Normal shutdown 080124 15:40:56 InnoDB: Starting shutdown... 080124 15:40:57 InnoDB: Shutdown completed; log sequence number 0 43655 080124 15:40:57 [Note] /usr/sbin/mysqld: Shutdown complete 080124 15:40:57 mysqld ended 080124 15:40:57 mysqld started 080124 15:40:57 InnoDB: Started; log sequence number 0 43655 080124 15:40:58 [Note] /usr/sbin/mysqld: ready for connections. Version: '5.0.45' socket: '/var/lib/mysql/mysql.sock' port: 3306 SUSE MySQL RPM Does mysql actually keep running? What gives ps -ae | grep mysql Can you acces your database from the cli? kind regards, Y. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- Devinder - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: cannot connect to sql databse
Hi Liran
Do u have Yahoo IM or IRC channel to chat
Ok i will instal and configure daloradius
Will it work well with FreeRadius server
Where do i extract the tar file
i have srv/www folder
Thanks
Devinder
On 30/01/2008, Liran Tal [EMAIL PROTECTED] wrote:
On Jan 30, 2008 10:15 AM, Devinder Singh [EMAIL PROTECTED] wrote:
Hi Liran
This is my log file i cant find any errors for cannot connect to sql
database
If you don't find any connection attempts information then it means
that dialupadmin isn't initiating a connection due to one of the reasons
I have mentioned before or something else. We've been exchanging
so many emails so far and you haven't checked what I've told you to.
I can't help you more with dialupadmin as I am not aware of its
common configuration issues, if daloradius is an appropriate
alternative for you I will be happy to assist you with it.
Regards,
Liran Tal.
On 29/01/2008, liran tal [EMAIL PROTECTED] wrote:
Hey Devinder,
On Jan 29, 2008 9:50 AM, Devinder Singh [EMAIL PROTECTED]
wrote:
Hi Liran
The exact error message on Dial Up Admin is
cannot connec to sql database.
Well that's not too helpful now, is it?
I'm not too familiar with dialupadmin, maybe someone else can donate
his 2 cents if they had this problem as well. Like I said before, you
should
try debugging the problem by taking a look at log files instead of
trying to guess the problem into discovery.
Some thoughts to think about:
- is this working if you run it from console?
mysql -u freeradius -pmysuperpassword radius
- do you have the necessary php mysql package installed?
(php4-mysql or php5-mysql)
Regards,
Liran Tal.
On 29/01/2008, Liran Tal [EMAIL PROTECTED] wrote:
Hey Devinder,
On Jan 29, 2008 9:41 AM, Devinder Singh [EMAIL PROTECTED]
wrote:
Hi Liran
Where shoud i turn on the Logging in which file could you let me
know what files are involved to do logging.
Turning on the mysql logging is done in mysql's configuration
file (on debian it's found at /etc/mysql/my.cnf).
What is the exact error message you receive in the web page?
Dial Up admin page i get cannot connect to sql databse is too
ambiguous.
Copy and paste it here.
Regards,
Liran Tal.
On 29/01/2008, liran tal [EMAIL PROTECTED] wrote:
Hey Devinder,
On Jan 29, 2008 5:06 AM, Devinder Singh
[EMAIL PROTECTED] wrote:
Dear Liran
this is my dialup_admin.conf file
sql_type: mysql
sql_server: localhost
sql_port: 3306
sql_username: freeradius
sql_password: mysuperpassword
sql_database: radius
sql_accounting_table: radacct
sql_badusers_table: badusers
sql_check_table: radcheck
sql_reply_table: radreply
sql_user_info_table: userinfo
sql_groupcheck_table: radgroupcheck
sql_groupreply_table: radgroupreply
sql_usergroup_table: usergroup
and this is the /usr/raddb/sql.conf confihguration
sql {
# Database type
# Current supported are: rlm_sql_mysql,
rlm_sql_postgresql,
# rlm_sql_iodbc, rlm_sql_oracle, rlm_sql_unixodbc,
rlm_sql_freetds
driver = rlm_sql_mysql
# Connect info
server = localhost
login = freeradius
password = mysuperpassword
# Database table configuration
radius_db = radius
# If you want both stop and start records logged to
the
# same SQL table, leave this as is. If you want
them in
# different tables, put the start table in
acct_table1
# and stop table in acct_table2
acct_table1 = radacct
acct_table2 = radacct
# Allow for storing data after authentication
postauth_table = radpostauth
Is there anything that i as missing pls advise.
I guess that looks alright but you haven't done any debugging
like
I suggested. Turn on mysql logging and see if there's even a
connection
attempt and if there is you can track what query is going
wrong.
You haven't detailed what is the exact error, it could just as
well be that
everything is configured fine but you haven't installed any
php-mysql
package and you have error_reporting turned off and so you are
not seeing
the error.
Please check these things first.
Regards,
Liran Tal
Re: cannot connect to sql databse
Thanks Liran On 30/01/2008, Liran Tal [EMAIL PROTECTED] wrote: On Jan 30, 2008 10:42 AM, Devinder Singh [EMAIL PROTECTED] wrote: I have hard times with Dial Up Admin Shoud i proceed with daloradius do i install in in srv/www folder like dial up Yes you install it wherever you usually place your web projects on your distribution which is configured with apache. Please let's continue this discussion in a new thread, the daloradius mailing list or the on the irc channel #daloradius on freenode. Regards, Liran Tal. On 28/01/2008, liran tal [EMAIL PROTECTED] wrote: Hey Devinder, On Jan 28, 2008 4:35 AM, Devinder Singh [EMAIL PROTECTED] wrote: Hi I am using Dial Up Admin on Free radius Free Radius is Running but when i acccess Dial Up admin page i get cannot connect to sql databse I have done most of the configuration settings and followed the wiki tutorial on Free Radius. Did you check that your sql server is actually running? Did you import the radius database schema into the sql server? Did you configure all the required settings to connect to the sql server in dialupadmin? You also might want to take a look at daloRADIUS for easy web management of freeradius with sql servers: http://sourceforge.net/projects/daloradius/ Regards, Liran. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- Devinder - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- Devinder - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: cannot connect to sql databse
Hi Liran
The exact error message on Dial Up Admin is
cannot connec to sql database.
Rgds
Devinder
On 29/01/2008, Liran Tal [EMAIL PROTECTED] wrote:
Hey Devinder,
On Jan 29, 2008 9:41 AM, Devinder Singh [EMAIL PROTECTED] wrote:
Hi Liran
Where shoud i turn on the Logging in which file could you let me know
what files are involved to do logging.
Turning on the mysql logging is done in mysql's configuration
file (on debian it's found at /etc/mysql/my.cnf).
What is the exact error message you receive in the web page?
Dial Up admin page i get cannot connect to sql databse is too ambiguous.
Copy and paste it here.
Regards,
Liran Tal.
On 29/01/2008, liran tal [EMAIL PROTECTED] wrote:
Hey Devinder,
On Jan 29, 2008 5:06 AM, Devinder Singh [EMAIL PROTECTED]
wrote:
Dear Liran
this is my dialup_admin.conf file
sql_type: mysql
sql_server: localhost
sql_port: 3306
sql_username: freeradius
sql_password: mysuperpassword
sql_database: radius
sql_accounting_table: radacct
sql_badusers_table: badusers
sql_check_table: radcheck
sql_reply_table: radreply
sql_user_info_table: userinfo
sql_groupcheck_table: radgroupcheck
sql_groupreply_table: radgroupreply
sql_usergroup_table: usergroup
and this is the /usr/raddb/sql.conf confihguration
sql {
# Database type
# Current supported are: rlm_sql_mysql, rlm_sql_postgresql,
# rlm_sql_iodbc, rlm_sql_oracle, rlm_sql_unixodbc,
rlm_sql_freetds
driver = rlm_sql_mysql
# Connect info
server = localhost
login = freeradius
password = mysuperpassword
# Database table configuration
radius_db = radius
# If you want both stop and start records logged to the
# same SQL table, leave this as is. If you want them in
# different tables, put the start table in acct_table1
# and stop table in acct_table2
acct_table1 = radacct
acct_table2 = radacct
# Allow for storing data after authentication
postauth_table = radpostauth
Is there anything that i as missing pls advise.
I guess that looks alright but you haven't done any debugging like
I suggested. Turn on mysql logging and see if there's even a
connection
attempt and if there is you can track what query is going wrong.
You haven't detailed what is the exact error, it could just as well be
that
everything is configured fine but you haven't installed any php-mysql
package and you have error_reporting turned off and so you are not
seeing
the error.
Please check these things first.
Regards,
Liran Tal.
On 28/01/2008, Devinder Singh [EMAIL PROTECTED] wrote:
Hi Liran
Are the a lot of changes to be made on Dial Up Admin admin.conffile
Could you suggest any specific changes as well in
etc/raddb/sql.conf
Regards
Devinder
On 28/01/2008, Liran Tal [EMAIL PROTECTED] wrote:
Hey Devinder,
On Jan 28, 2008 8:44 AM, Devinder Singh [EMAIL PROTECTED]
wrote:
Hi Liran
I amd using MySQL would daloradius work with MySQL
Yes, daloradius has native support for mysql.
You check on dialupadmin for configuring errors - what is the
error message that you get?
It is also very useful to turn on mysql logging to see if
there's
even a connection attempt and if there is, what is causing
the error.
Regards,
Liran Tal.
On 28/01/2008, liran tal [EMAIL PROTECTED] wrote:
Hey Devinder,
On Jan 28, 2008 4:35 AM, Devinder Singh
[EMAIL PROTECTED] wrote:
Hi
I am using Dial Up Admin on Free radius
Free Radius is Running but when i acccess Dial Up admin
page i get cannot connect to sql databse
I have done most of the configuration settings and
followed the wiki tutorial on Free Radius.
Did you check that your sql server is actually running?
Did you import the radius database schema into the sql
server?
Did you configure all the required settings to connect to
the
sql server in dialupadmin?
You also might want to take a look at daloRADIUS for easy
web management
of freeradius with sql servers:
http://sourceforge.net/projects/daloradius/
Regards,
Liran.
-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list
Re: cannot connect to sql databse
Hi Liran
Where shoud i turn on the Logging in which file could you let me know what
files are involved to do logging.
Regards
Devinder
On 29/01/2008, liran tal [EMAIL PROTECTED] wrote:
Hey Devinder,
On Jan 29, 2008 5:06 AM, Devinder Singh [EMAIL PROTECTED] wrote:
Dear Liran
this is my dialup_admin.conf file
sql_type: mysql
sql_server: localhost
sql_port: 3306
sql_username: freeradius
sql_password: mysuperpassword
sql_database: radius
sql_accounting_table: radacct
sql_badusers_table: badusers
sql_check_table: radcheck
sql_reply_table: radreply
sql_user_info_table: userinfo
sql_groupcheck_table: radgroupcheck
sql_groupreply_table: radgroupreply
sql_usergroup_table: usergroup
and this is the /usr/raddb/sql.conf confihguration
sql {
# Database type
# Current supported are: rlm_sql_mysql, rlm_sql_postgresql,
# rlm_sql_iodbc, rlm_sql_oracle, rlm_sql_unixodbc,
rlm_sql_freetds
driver = rlm_sql_mysql
# Connect info
server = localhost
login = freeradius
password = mysuperpassword
# Database table configuration
radius_db = radius
# If you want both stop and start records logged to the
# same SQL table, leave this as is. If you want them in
# different tables, put the start table in acct_table1
# and stop table in acct_table2
acct_table1 = radacct
acct_table2 = radacct
# Allow for storing data after authentication
postauth_table = radpostauth
Is there anything that i as missing pls advise.
I guess that looks alright but you haven't done any debugging like
I suggested. Turn on mysql logging and see if there's even a connection
attempt and if there is you can track what query is going wrong.
You haven't detailed what is the exact error, it could just as well be
that
everything is configured fine but you haven't installed any php-mysql
package and you have error_reporting turned off and so you are not seeing
the error.
Please check these things first.
Regards,
Liran Tal.
On 28/01/2008, Devinder Singh [EMAIL PROTECTED] wrote:
Hi Liran
Are the a lot of changes to be made on Dial Up Admin admin.conf file
Could you suggest any specific changes as well in etc/raddb/sql.conf
Regards
Devinder
On 28/01/2008, Liran Tal [EMAIL PROTECTED] wrote:
Hey Devinder,
On Jan 28, 2008 8:44 AM, Devinder Singh [EMAIL PROTECTED]
wrote:
Hi Liran
I amd using MySQL would daloradius work with MySQL
Yes, daloradius has native support for mysql.
You check on dialupadmin for configuring errors - what is the
error message that you get?
It is also very useful to turn on mysql logging to see if there's
even a connection attempt and if there is, what is causing
the error.
Regards,
Liran Tal.
On 28/01/2008, liran tal [EMAIL PROTECTED] wrote:
Hey Devinder,
On Jan 28, 2008 4:35 AM, Devinder Singh [EMAIL PROTECTED]
wrote:
Hi
I am using Dial Up Admin on Free radius
Free Radius is Running but when i acccess Dial Up admin page i
get cannot connect to sql databse
I have done most of the configuration settings and followed
the wiki tutorial on Free Radius.
Did you check that your sql server is actually running?
Did you import the radius database schema into the sql server?
Did you configure all the required settings to connect to the
sql server in dialupadmin?
You also might want to take a look at daloRADIUS for easy web
management
of freeradius with sql servers:
http://sourceforge.net/projects/daloradius/
Regards,
Liran.
-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
--
Devinder
-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
--
Devinder
--
Devinder
-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
--
Devinder
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: cannot connect to sql databse
Hi Liran Are the a lot of changes to be made on Dial Up Admin admin.conf file Could you suggest any specific changes as well in etc/raddb/sql.conf Regards Devinder On 28/01/2008, Liran Tal [EMAIL PROTECTED] wrote: Hey Devinder, On Jan 28, 2008 8:44 AM, Devinder Singh [EMAIL PROTECTED] wrote: Hi Liran I amd using MySQL would daloradius work with MySQL Yes, daloradius has native support for mysql. You check on dialupadmin for configuring errors - what is the error message that you get? It is also very useful to turn on mysql logging to see if there's even a connection attempt and if there is, what is causing the error. Regards, Liran Tal. On 28/01/2008, liran tal [EMAIL PROTECTED] wrote: Hey Devinder, On Jan 28, 2008 4:35 AM, Devinder Singh [EMAIL PROTECTED] wrote: Hi I am using Dial Up Admin on Free radius Free Radius is Running but when i acccess Dial Up admin page i get cannot connect to sql databse I have done most of the configuration settings and followed the wiki tutorial on Free Radius. Did you check that your sql server is actually running? Did you import the radius database schema into the sql server? Did you configure all the required settings to connect to the sql server in dialupadmin? You also might want to take a look at daloRADIUS for easy web management of freeradius with sql servers: http://sourceforge.net/projects/daloradius/ Regards, Liran. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- Devinder - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- Devinder - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
cannot connect to sql databse
Dear Liran
this is my dialup_admin.conf file
sql_type: mysql
sql_server: localhost
sql_port: 3306
sql_username: freeradius
sql_password: mysuperpassword
sql_database: radius
sql_accounting_table: radacct
sql_badusers_table: badusers
sql_check_table: radcheck
sql_reply_table: radreply
sql_user_info_table: userinfo
sql_groupcheck_table: radgroupcheck
sql_groupreply_table: radgroupreply
sql_usergroup_table: usergroup
and this is the /usr/raddb/sql.conf confihguration
sql {
# Database type
# Current supported are: rlm_sql_mysql, rlm_sql_postgresql,
# rlm_sql_iodbc, rlm_sql_oracle, rlm_sql_unixodbc, rlm_sql_freetds
driver = rlm_sql_mysql
# Connect info
server = localhost
login = freeradius
password = mysuperpassword
# Database table configuration
radius_db = radius
# If you want both stop and start records logged to the
# same SQL table, leave this as is. If you want them in
# different tables, put the start table in acct_table1
# and stop table in acct_table2
acct_table1 = radacct
acct_table2 = radacct
# Allow for storing data after authentication
postauth_table = radpostauth
Is there anything that i as missing pls advise.
Regards
Devinder
On 28/01/2008, Devinder Singh [EMAIL PROTECTED] wrote:
Hi Liran
Are the a lot of changes to be made on Dial Up Admin admin.conf file
Could you suggest any specific changes as well in etc/raddb/sql.conf
Regards
Devinder
On 28/01/2008, Liran Tal [EMAIL PROTECTED] wrote:
Hey Devinder,
On Jan 28, 2008 8:44 AM, Devinder Singh [EMAIL PROTECTED] wrote:
Hi Liran
I amd using MySQL would daloradius work with MySQL
Yes, daloradius has native support for mysql.
You check on dialupadmin for configuring errors - what is the
error message that you get?
It is also very useful to turn on mysql logging to see if there's
even a connection attempt and if there is, what is causing
the error.
Regards,
Liran Tal.
On 28/01/2008, liran tal [EMAIL PROTECTED] wrote:
Hey Devinder,
On Jan 28, 2008 4:35 AM, Devinder Singh [EMAIL PROTECTED]
wrote:
Hi
I am using Dial Up Admin on Free radius
Free Radius is Running but when i acccess Dial Up admin page i get
cannot connect to sql databse
I have done most of the configuration settings and followed the
wiki tutorial on Free Radius.
Did you check that your sql server is actually running?
Did you import the radius database schema into the sql server?
Did you configure all the required settings to connect to the
sql server in dialupadmin?
You also might want to take a look at daloRADIUS for easy web
management
of freeradius with sql servers:
http://sourceforge.net/projects/daloradius/
Regards,
Liran.
-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
--
Devinder
-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
--
Devinder
--
Devinder
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Fwd: cannot connect to sql databse
Hi I am using Dial Up Admin on Free radius Free Radius is Running but when i acccess Dial Up admin page i get cannot connect to sql databse I have done most of the configuration settings and followed the wiki tutorial on Free Radius. Please help as i want to get the Dial Up Admin Page to work. Thank you. -- Devinder -- Devinder - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: cannot connect to sql databse
Hi Liran Yes MySQL is running and i have omport the database scheme in Radius db Im not sure whether i have configured the settings in dial up admin. I managed to configure admin.conf username and password as per acces to MySQL databae i eeven tried the root login and passwoed for mysql but cant acess. Regards Devinder On 28/01/2008, liran tal [EMAIL PROTECTED] wrote: Hey Devinder, On Jan 28, 2008 4:35 AM, Devinder Singh [EMAIL PROTECTED] wrote: Hi I am using Dial Up Admin on Free radius Free Radius is Running but when i acccess Dial Up admin page i get cannot connect to sql databse I have done most of the configuration settings and followed the wiki tutorial on Free Radius. Did you check that your sql server is actually running? Did you import the radius database schema into the sql server? Did you configure all the required settings to connect to the sql server in dialupadmin? You also might want to take a look at daloRADIUS for easy web management of freeradius with sql servers: http://sourceforge.net/projects/daloradius/ Regards, Liran. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- Devinder - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: cannot connect to sql databse
Hi Liran I amd using MySQL would daloradius work with MySQL Thanks Regards Devinder On 28/01/2008, liran tal [EMAIL PROTECTED] wrote: Hey Devinder, On Jan 28, 2008 4:35 AM, Devinder Singh [EMAIL PROTECTED] wrote: Hi I am using Dial Up Admin on Free radius Free Radius is Running but when i acccess Dial Up admin page i get cannot connect to sql databse I have done most of the configuration settings and followed the wiki tutorial on Free Radius. Did you check that your sql server is actually running? Did you import the radius database schema into the sql server? Did you configure all the required settings to connect to the sql server in dialupadmin? You also might want to take a look at daloRADIUS for easy web management of freeradius with sql servers: http://sourceforge.net/projects/daloradius/ Regards, Liran. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- Devinder - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
