Re: Connecting the dots.
Hi Ken, Thanks for the response On this particular server we have not run any updates to the software stack as it is our policy to only update at regular intervals so that we can catch these things. I only sent the e-mail to the list after spending the day in freeradius -X and -Xx to see if I can find out why it is failing. I wanted to start fresh with a server so I could see at what stage it starts failing. But funnily enough the new server lets me auth against ad using a local query using radtest and a forced auth method of DEFAULT Auth-Type = ntlm_auth in the users file. As soon as I try to auth using my cisco wirless conection it fails unable to find the realm. That is why I was asking how the doc's on the site match up to the latest conf files. So I can find out where to add the REALM settings so that it works. We also have 2 AD trees we connect to but once I get the one working the other will be easy. Thanks for the help Lance On 15/09/2010 20:38, Kenneth Marshall k...@rice.edu wrote: Many times this is caused by a software update to the system. To figure out where the problem lies, you will need to follow the very well documented procedure for debugging freeradius if you do not have logs of what was updated on the system so you can rollback the update(s). Cheers, Ken - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Connecting the dots.
Hi C.J. Thanks for the tip. We do run out config in Git and it has not changed since it was configured about 2 months ago, this is what is baffling me. The windows servers were not changed (well that is what the windows admins have informed us@) Thanks Lance On 15/09/2010 21:10, C.J. Adams-Collier KF7BMP c...@colliertech.org wrote: I've found that keeping config file history using RCS or git to be very useful. It's saved me a bunch of headache with bind, apache, sendmail and freeradius. If you'd like some tips, I'm happy to oblige either on-list or off, depending on whether the regulars consider it OT. Cheers, C.J. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Connecting the dots.
Hi Alan,
Thanks for the response.
We do know about the samba update and it was the first thing I check when
the system broke. We have about 400 ubuntu vm's running on our environment
and we have not yet updated our corporate repo with this update as we have
not tested it yet.
I checked the winbindd_privileged directory and it has the correct file
permissions
I want to add to me original post to the list in that this server was not
originally configured by myself and the original person created a monolithic
radiusd.conf file with all the settings in the one file this is making it
difficult to match the settings to the docs. Hence my question about how the
docs match to the new conf files.
Freeradius -X and -Xx have not highlighted anything suspicious that I
believe is different to what was being logged there before.
The reason for the new server build is so that I can understand how
freeradius works and specifically how it will work with AD as a backend.
I have been able to get the server connecting to AD and authing me against
it as per one of my other posts to the list.
I am just not sure I have done this correctly as the auth request fails when
I try to connect using my laptop. (we mostly have mac's in this office)
This is against my new server by the way.
This is what led me to copntact the list to see how the docs match the new
config as I have seen
=
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 10.0.210.4 port 32768, id=187,
length=205
User-Name = Lance.Haig
Calling-Station-Id = 00-26-08-e8-c9-85
Called-Station-Id = 00-1b-8f-8a-d8-90:LNH
NAS-Port = 13
NAS-IP-Address = 10.0.210.4
NAS-Identifier = FWDWLC
Airespace-Wlan-Id = 4
Service-Type = Framed-User
Framed-MTU = 1300
NAS-Port-Type = Wireless-802.11
EAP-Message =
0x0207002b19001703010020520cb27842380dee8600973e5967661e03fab0689f23a28f27cb
78dce34bfcc5
State = 0x47419e384246876f90468b6b37412030
Message-Authenticator = 0x4bb2d4d267947887f5bcb88b9c8dfbb2
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
[suffix] No '@' in User-Name = Lance.Haig, looking up realm NULL
[suffix] No such realm NULL
++[suffix] returns noop
[eap] EAP packet type response id 7 length 43
[eap] Continuing tunnel setup.
==
Which leads me to believe that the REALMS config is not working properly.
And I cant find instructions on what to check to make sure this is the case.
Apologies for rambling on a bit.
Lance
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Connecting the dots.
HI Alan, Thanks for the response mine are inline Well... nothing in the server magically changes it's behavior on a certain day. *Something* changed. I agree and I am having a hard time finding what. And... what does the debug output say? I posted my debug output to the list in another mail but I will add it to the end of this mail so they two are on the same page as it were. The documentation is pretty clear on this, as are the comments in the configuration files. It's more efficient to read them than to ask a question on this list, and wait for an answer. I beg to differ. The documentation does not match the current config file structure and so it is very difficult for anyone to follow. Your insinuation that I am being lazy by asking a list for answers would be valid if that was the case. I do realise you have had to answer many questions on this subject but I would recommend a review of the docs tomake sure it is easier to follow for people then your argument would be valid. Please do not take this as a flame just someone hoping to find out how to use a great tool. Lance - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Connecting the dots.
Hi, We have implemented a freeradius server on ubuntu 10.04 connecting to AD on windows 2003 to allow our users to auth against for wirless access. This morning it all broke. And we don’t know why. So I started looking to build a new server to fault find. I am trying to find some documentation to help me. Looking through the wiki and Alan’s website I found some documentation but it does not quite match the files and config I find In the freeradius directory. I am not sure how best to continue, can someone tell me how these two document site atch up? Thanks in advance Lance -- Lance Haig Virtualisation Engineer Forward Floor 1, Centro 3 19 Mandela Street London NW1 0DU T: 020 7121 1199 F: 020 7121 1196 M: 07786167805 W: www.forward.co.uk This message contains confidential information and is intended only for the individual named. If you are not the named addressee you should not disseminate, distribute or copy this e-mail. Please notify Forward immediately by e-mail if you have received this e-mail by mistake and delete this e-mail from your system. E-mail transmission cannot be guaranteed to be secure or error-free as information could be intercepted, corrupted, lost, destroyed, arrive late or incomplete, or contain viruses. Forward does not accept liability for any errors or omissions in the contents of this message, which arise as a result of e-mail transmission. Opinions expressed in this email are those of Lance Haig, and do not necessarily reflect those of Forward. If verification is required please request a hard-copy version. Forward Internet Group, a company incorporated in England with registered company number 05199774. Registered address: 1 Conduit Street, London W1S 2XA, United Kingdom; VAT Number: 844386209. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
