Understanding the freeRADIUS source
I would like to study the source code of the freeRADIUS because I'm intend to pursue a master's in security. Then I need know where I begin to understand the source code. Best regards! Inácio Alves Bacharel em Matemática(UFC)/Técnico em Conectividade(IFCE) http://www.polluxweb.com/inacioalves/site __ Do You Yahoo!? Sie sind Spam leid? Yahoo! Mail verfügt über einen herausragenden Schutz gegen Massenmails. http://mail.yahoo.com - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Book About Free-Radius Configurations
Thanks Alan Dekok, I think that I saw in your blog that you is writting a book about RADIUS. The project continues? And about the book http://www.amazon.com/Radius-Jonathan-Hassell/dp/0596003226/ref=pd_sim_b_3 do you know it? I'm need to buy some book to configure a freeradius server on my network. Thanks, Inácio Alves Bacharel em Matemática(UFC)/Técnico em Conectividade(IFCE) http://www.polluxweb.com/inacioalves/site - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Algum brasileiro nessa lista?
Olá aos brasileiros, Sou mais um que está aprendendo (e tendo problamas) o FreeRADIUS. Espero que possamos trocar experiências e configurarmos de modo que o mesmo atenda nossas necessidades. Atualmente estou no básico sobre o protocolo RADIUS e nos primeiros passos com os arquivos de configuração do FreeRADIUS. Até mais. Inácio Alves Bacharel em Matemática(UFC)/Técnico em Conectividade(IFCE) http://www.polluxweb.com/inacioalves/site - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Book About Free-Radius Configurations
Hello, I have some days out, but I'm back. I would like know if exists any book with examples and explications about freeRadius configurations and the RADIUS protocol. What you thinks about the book http://www.amazon.com/AAA-Network-Security-Mobile-Access/dp/0470011947/ref=pd_bxgy_b_img_a Thanks, Inácio Alves http://www.polluxweb.com/inacioalves/site - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE:
Thanks Santiago and Ivan, The schema of the database is in the source of instalation and I have create my database in MySQL. I think that lack documentation to work with freeRADIUS. The new version 2.x is very different from early 1.x. So, how I said in the last post, the HOW_TO about SQL is out-of-date. The tables has name/schema changed. But I will have success. Finally. About the DHCP: How I said, my AP ignores the configurations that I set on users file, even if I disable the DHCP server in the AP. If I configure a DHCP server on my freeRADIUS server, I need atach MACxIP or if I set the configurations in the users file this informations will to the client? Again thanks to all, Inácio Alves http://www.polluxweb.com/inacioalves/site - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re:
Thanks Alan DeKok, but I have some questions. So, how I said in the last post, the HOW_TO about SQL is out-of-date. The tables has name/schema changed. But I will have success. All of this is documented in the config files. I search in the config files but I don't find nothing about this changes. In the sql directory have only the schemas to databases, and in the sql.conf file have only the configurations to access the database. See raddb/sites-available/dhcp, and modules/mac2ip Don't have problems in use this options? I read that it is in experimental stage. I think that this can break my server. No more, thanks Inácio Alves http://www.polluxweb.com/inacioalves/site - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE:
But, how I said, I don't need proxy, Then I have commented the line proxy proxy_requests = no #$INCLUDE proxy.conf ... and broke the server (inner-tunnel processing). Well done! Now put it back the way it was. I read in the radiusd.conf # The server has proxying turned on by default. If your system is NOT # set up to proxy requests to another server, then you can turn proxying # off here. This will save a small amount of resources on the server. then I disable the proxy. But in the next line have # If you have proxying turned off, and your configuration files say # to proxy a request, then an error message will be logged. How I can turn off the proxy and my config file say proxy request? I think was this that broke my server. P.S. I have returned to default donfiguration proxy_requests = yes $INCLUDE proxy.conf Inácio Alves http://www.polluxweb.com/inacioalves/site - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
AW: Freeradius-Users Digest, Vol 54, Issue 86
Thanks to all, But, how I said, I don't need proxy, Then I have commented the line proxy proxy_requests = no #$INCLUDE proxy.conf See http://pastebin.com/m52c747e3 to my radiusd.conf Therefore, I don't know why the log is Sun Oct 18 19:20:54 2009 : Info: [pap] No clear-text password in the request. Not performing PAP. Sun Oct 18 19:20:54 2009 : Info: ++[pap] returns noop Sun Oct 18 19:20:54 2009 : Info: WARNING: You set Proxy-To-Realm = LOCAL, but the realm does not exist! Cancelling invalid proxy request. Sun Oct 18 19:20:54 2009 : Info: WARNING: Please update your configuration, and remove 'Auth-Type = Local' Sun Oct 18 19:20:54 2009 : Info: WARNING: Use the PAP or CHAP modules instead. Sun Oct 18 19:20:54 2009 : Info: No User-Password or CHAP-Password attribute in the request. Sun Oct 18 19:20:54 2009 : Info: Cannot perform authentication. Sun Oct 18 19:20:54 2009 : Info: Failed to authenticate the user. Sun Oct 18 19:20:54 2009 : Auth: Login incorrect: [user] (from client wlan- alves-private-network port 0 via TLS tunnel)On my proxy.conf I have(even whithout use then, I don't alter this file) # DEFAULT EAP-Type == PEAP, Proxy-To-Realm := LOCAL # realm LOCAL { # If we do not specify a server pool, the realm is LOCAL, and # requests are not proxied to it. } Inácio Alves http://www.polluxweb.com/inacioalves/site --- freeradius-users-requ...@lists.freeradius.org freeradius-users-requ...@lists.freeradius.org schrieb am Mo, 19.10.2009: Message: 1 Date: Mon, 19 Oct 2009 00:54:39 + (GMT) From: INACIO ALVES inacioal...@yahoo.de To: freeradius-users@lists.freeradius.org Message-ID: 370578.7811...@web27401.mail.ukl.yahoo.com Content-Type: text/plain; charset=iso-8859-1 I'm trying configure the freeRADIUS on my wireless network but i'm having problems. My scnario: Debian Lenny+MySQL5.0+freeRADIUS 2.1.7 clients - ((( AP ))) [freeRADIUS server] When I execute the radiustest I get rad_recv: Access-Accept packet from host 127.0.0.1 port 1812, id=168, length=20 and when I execute radclient I get Received response ID 146, code 2, length = 32 But when I try authenticate on my nootebook I get rad_recv: Access-Reject packet from host 127.0.0.1 port 1812, id=168 My debug output is on address: http://pastebin.com/f7e47862f. My clients.conf is on: http://pastebin.com/f30e4955d And my users is on: http://pastebin.com/f5d958f63 This is my initial configuration. I want migrate to MySQL or PostgreSQL when the server is ready, I don't need proxy, and i need provide/revoke digital certificates to my clients. -- Message: 7 Date: Mon, 19 Oct 2009 09:07:25 +0100 From: nf-vale nf-v...@critical-links.com Subject: Re: To: FreeRadius users mailing list freeradius-users@lists.freeradius.org Message-ID: 200910190907.25443.nf-v...@critical-links.com Content-Type: Text/Plain; charset=iso-8859-15 Check your proxy / realms configuration. The reason why it fails is described in the logs: Sun Oct 18 19:20:54 2009 : Info: [pap] No clear-text password in the request. Not performing PAP. Sun Oct 18 19:20:54 2009 : Info: ++[pap] returns noop Sun Oct 18 19:20:54 2009 : Info: WARNING: You set Proxy-To-Realm = LOCAL, but the realm does not exist! Cancelling invalid proxy request. Sun Oct 18 19:20:54 2009 : Info: WARNING: Please update your configuration, and remove 'Auth-Type = Local' Sun Oct 18 19:20:54 2009 : Info: WARNING: Use the PAP or CHAP modules instead. Sun Oct 18 19:20:54 2009 : Info: No User-Password or CHAP-Password attribute in the request. Sun Oct 18 19:20:54 2009 : Info: Cannot perform authentication. Sun Oct 18 19:20:54 2009 : Info: Failed to authenticate the user. Sun Oct 18 19:20:54 2009 : Auth: Login incorrect: [user] (from client wlan- alves-private-network port 0 via TLS tunnel) Nelson Vale On Monday 19 October 2009 01:54:39 INACIO ALVES wrote: I'm trying configure the freeRADIUS on my wireless network but i'm having problems. My scnario: Debian Lenny+MySQL5.0+freeRADIUS 2.1.7 clients - ((( AP ))) [freeRADIUS server] When I execute the radiustest I get rad_recv: Access-Accept packet from host 127.0.0.1 port 1812, id=168, length=20 and when I execute radclient I get Received response ID 146, code 2, length = 32 But when I try authenticate on my nootebook I get rad_recv: Access-Reject packet from host 127.0.0.1 port 1812, id=168 My debug output is on address: http://pastebin.com/f7e47862f. My clients.conf is on: http://pastebin.com/f30e4955d And my users is on: http://pastebin.com/f5d958f63 This is my initial configuration. I want migrate to MySQL or PostgreSQL when the server is ready, I don't need proxy, and i need provide/revoke digital certificates to my clients. In?cio Alves http://www.polluxweb.com/inacioalves/site -- - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html End
RE:
Thanks to all, But, how I said, I don't need proxy, Then I have commented the line proxy proxy_requests = no #$INCLUDE proxy.conf See http://pastebin.com/m52c747e3 to my radiusd.conf Therefore, I don't know why the log is Sun Oct 18 19:20:54 2009 : Info: [pap] No clear-text password in the request. Not performing PAP. Sun Oct 18 19:20:54 2009 : Info: ++[pap] returns noop Sun Oct 18 19:20:54 2009 : Info: WARNING: You set Proxy-To-Realm = LOCAL, but the realm does not exist! Cancelling invalid proxy request. Sun Oct 18 19:20:54 2009 : Info: WARNING: Please update your configuration, and remove 'Auth-Type = Local' Sun Oct 18 19:20:54 2009 : Info: WARNING: Use the PAP or CHAP modules instead. Sun Oct 18 19:20:54 2009 : Info: No User-Password or CHAP-Password attribute in the request. Sun Oct 18 19:20:54 2009 : Info: Cannot perform authentication. Sun Oct 18 19:20:54 2009 : Info: Failed to authenticate the user. Sun Oct 18 19:20:54 2009 : Auth: Login incorrect: [user] (from client wlan- alves-private-network port 0 via TLS tunnel)On my proxy.conf I have(even whithout use then, I don't alter this file) # DEFAULT EAP-Type == PEAP, Proxy-To-Realm := LOCAL # realm LOCAL { # If we do not specify a server pool, the realm is LOCAL, and # requests are not proxied to it. } Inácio Alves http://www.polluxweb.com/inacioalves/site --- freeradius-users-requ...@lists.freeradius.org freeradius-users-requ...@lists.freeradius.org schrieb am Mo, 19.10.2009: Message: 1 Date: Mon, 19 Oct 2009 00:54:39 + (GMT) From: INACIO ALVES inacioal...@yahoo.de To: freeradius-users@lists.freeradius.org Message-ID: 370578.7811...@web27401.mail.ukl.yahoo.com Content-Type: text/plain; charset=iso-8859-1 I'm trying configure the freeRADIUS on my wireless network but i'm having problems. My scnario: Debian Lenny+MySQL5.0+freeRADIUS 2.1.7 clients - ((( AP ))) [freeRADIUS server] When I execute the radiustest I get rad_recv: Access-Accept packet from host 127.0.0.1 port 1812, id=168, length=20 and when I execute radclient I get Received response ID 146, code 2, length = 32 But when I try authenticate on my nootebook I get rad_recv: Access-Reject packet from host 127.0.0.1 port 1812, id=168 My debug output is on address: http://pastebin.com/f7e47862f. My clients.conf is on: http://pastebin.com/f30e4955d And my users is on: http://pastebin.com/f5d958f63 This is my initial configuration. I want migrate to MySQL or PostgreSQL when the server is ready, I don't need proxy, and i need provide/revoke digital certificates to my clients. -- Message: 7 Date: Mon, 19 Oct 2009 09:07:25 +0100 From: nf-vale nf-v...@critical-links.com Subject: Re: To: FreeRadius users mailing list freeradius-users@lists.freeradius.org Message-ID: 200910190907.25443.nf-v...@critical-links.com Content-Type: Text/Plain; charset=iso-8859-15 Check your proxy / realms configuration. The reason why it fails is described in the logs: Sun Oct 18 19:20:54 2009 : Info: [pap] No clear-text password in the request. Not performing PAP. Sun Oct 18 19:20:54 2009 : Info: ++[pap] returns noop Sun Oct 18 19:20:54 2009 : Info: WARNING: You set Proxy-To-Realm = LOCAL, but the realm does not exist! Cancelling invalid proxy request. Sun Oct 18 19:20:54 2009 : Info: WARNING: Please update your configuration, and remove 'Auth-Type = Local' Sun Oct 18 19:20:54 2009 : Info: WARNING: Use the PAP or CHAP modules instead. Sun Oct 18 19:20:54 2009 : Info: No User-Password or CHAP-Password attribute in the request. Sun Oct 18 19:20:54 2009 : Info: Cannot perform authentication. Sun Oct 18 19:20:54 2009 : Info: Failed to authenticate the user. Sun Oct 18 19:20:54 2009 : Auth: Login incorrect: [user] (from client wlan- alves-private-network port 0 via TLS tunnel) Nelson Vale On Monday 19 October 2009 01:54:39 INACIO ALVES wrote: I'm trying configure the freeRADIUS on my wireless network but i'm having problems. My scnario: Debian Lenny+MySQL5.0+freeRADIUS 2.1.7 clients - ((( AP ))) [freeRADIUS server] When I execute the radiustest I get rad_recv: Access-Accept packet from host 127.0.0.1 port 1812, id=168, length=20 and when I execute radclient I get Received response ID 146, code 2, length = 32 But when I try authenticate on my nootebook I get rad_recv: Access-Reject packet from host 127.0.0.1 port 1812, id=168 My debug output is on address: http://pastebin.com/f7e47862f. My clients.conf is on: http://pastebin.com/f30e4955d And my users is on: http://pastebin.com/f5d958f63 This is my initial configuration. I want migrate to MySQL or PostgreSQL when the server is ready, I don't need proxy, and i need provide/revoke digital certificates to my clients. In?cio Alves http://www.polluxweb.com/inacioalves/site -- - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html End
AW: Freeradius-Users Digest, Vol 54, Issue 89
Thanks Ivan Kalik, Now my server is authenticating the users (Linux and Windows). The next step is migrate my users to MySQL or PostgreSQL database. So I need alter the file sites-available/default to include the line sql and remove the lines unix and files. Is this? Second. I set the Framed-IP-Address := 192.168.2.253, Framed-IP-Netmask = 255.255.255.0 to my user, but I don't receive this IP on my machine. I disable the DHCP on my AP and continue not receive this configuration. I need install a DHCP server on my server and close MACxIP to send this configurations to my machine? No more, thanks again. Inácio Alves http://www.polluxweb.com/inacioalves/site - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: Freeradius-Users Digest, Vol 54, Issue 89
Thanks Ivan Kalik, Now my server is authenticating the users (Linux and Windows). First. How I reply to my email go in the thread. I need set some attribute? Second. The next step is migrate my users to MySQL or PostgreSQL database. So I need alter the file sites-available/default to include the line sql and remove the lines unix and files. Is this? Third. I set the Framed-IP-Address := 192.168.2.253, Framed-IP-Netmask = 255.255.255.0 to my user, but I don't receive this IP on my machine. I disable the DHCP on my AP and continue not receive this configuration. I need install a DHCP server on my server and close MACxIP to send this configurations to my machine? No more, thanks again. Inácio Alves http://www.polluxweb.com/inacioalves/site - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: RE: ,
Thanks Ivan Kalik, Now my server is authenticating the users (Linux and Windows). First. How I reply to my email go in the thread. I need set some attribute? Second. The next step is migrate my users to MySQL or PostgreSQL database. So I need alter the file sites-available/default to include the line sql and remove the lines unix and files. Is this? Third. I set the Framed-IP-Address := 192.168.2.253, Framed-IP-Netmask = 255.255.255.0 to my user, but I don't receive this IP on my machine. I disable the DHCP on my AP and continue not receive this configuration. I need install a DHCP server on my server and close MACxIP to send this configurations to my machine? No more, thanks again. Inácio Alves http://www.polluxweb.com/inacioalves/site - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE:
Thanks Ivan Kalik, Now my server is authenticating the users (Linux and Windows). First. How I reply to my email go in the thread. I need set some attribute? Second. The next step is migrate my users to MySQL or PostgreSQL database. So I need alter the file sites-available/default to include the line sql and remove the lines unix and files. Is this? I think that the http://wiki.freeradius.org/SQL_HOWTO has a how-to out-of-date because I don't find the schema to the table usergroup. Third. I set the Framed-IP-Address := 192.168.2.253, Framed-IP-Netmask = 255.255.255.0 to my user, but I don't receive this IP on my machine. I disable the DHCP on my AP and continue not receive this configuration. I need install a DHCP server on my server and close MACxIP to send this configurations to my machine? No more, thanks again. Inácio Alves http://www.polluxweb.com/inacioalves/site - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
[no subject]
I'm trying configure the freeRADIUS on my wireless network but i'm having problems. My scnario: Debian Lenny+MySQL5.0+freeRADIUS 2.1.7 clients - ((( AP ))) [freeRADIUS server] When I execute the radiustest I get rad_recv: Access-Accept packet from host 127.0.0.1 port 1812, id=168, length=20 and when I execute radclient I get Received response ID 146, code 2, length = 32 But when I try authenticate on my nootebook I get rad_recv: Access-Reject packet from host 127.0.0.1 port 1812, id=168 My debug output is on address: http://pastebin.com/f7e47862f. My clients.conf is on: http://pastebin.com/f30e4955d And my users is on: http://pastebin.com/f5d958f63 This is my initial configuration. I want migrate to MySQL or PostgreSQL when the server is ready, I don't need proxy, and i need provide/revoke digital certificates to my clients. Inácio Alves http://www.polluxweb.com/inacioalves/site - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html