Re: FreeRadius questions
On 2012/02/28 07:06 PM, James DeLuca wrote:
Module: Checking post-auth {...} for more modules to load }
radiusd: Opening IP addresses and Ports listen {
type = auth
ipaddr = 10.0.8.9
You've configures your server to NOT listen on localhost.
Sending to localhost will therefore not work.
--
Johan Meiring
Cape PC Services CC
Tel: (021) 883-8271
Fax: (021) 886-7782
Before acting on this email or opening any attachments
you should read Cape PC Service's email disclaimer at:
http://www.pcservices.co.za/disclaimer.html
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
FreeRadius questions
Hope you can help us out. First time dealing with RADIUS servers. Following
your instructions. Seem to have missed something along the way.
We are running FreeRadius(Version 2.1.1) on a SLES version 11 server. The
serve has a static IP address.
We have tried both of the following setting in our client.conf
file(/etc/raddb/clients.conf). Neither have produced good results.
client localhost {
ipadddr = 127.0.0.1
require_message_authenticator = no
secret = x
nastype = other
}
client localhost {
ipadddr = 10.0.xxx.xxx
require_message_authenticator = no
secret = x
nastype = other
}
We entered a user in our user(/etc/raddb/users) file
bob Cleartext-Password := hello
Started two terminal sessions. In the first session we ran /usr/sbin/radiusd -X
And received these results
FreeRADIUS Version 2.1.1, for host i686-suse-linux-gnu, built on Feb 23 2009 at
21:34:25 Copyright (C) 1999-2008 The FreeRADIUS server project and contributors.
There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR
PURPOSE.
You may redistribute copies of FreeRADIUS under the terms of the GNU General
Public License v2.
Starting - reading configuration files ...
including configuration file /etc/raddb/radiusd.conf including configuration
file /etc/raddb/proxy.conf including configuration file /etc/raddb/clients.conf
including files in directory /etc/raddb/modules/ including configuration file
/etc/raddb/modules/detail including configuration file
/etc/raddb/modules/preprocess including configuration file
/etc/raddb/modules/ippool including configuration file
/etc/raddb/modules/inner-eap including configuration file
/etc/raddb/modules/checkval including configuration file
/etc/raddb/modules/ldap including configuration file
/etc/raddb/modules/sradutmp including configuration file
/etc/raddb/modules/attr_filter including configuration file
/etc/raddb/modules/policy including configuration file
/etc/raddb/modules/always including configuration file
/etc/raddb/modules/etc_group including configuration file
/etc/raddb/modules/logintime including configuration file
/etc/raddb/modules/passwd including configuration file /etc/raddb/modules/realm
including configuration file /etc/raddb/modules/krb5 including configuration
file /etc/raddb/modules/echo including configuration file
/etc/raddb/modules/expiration including configuration file
/etc/raddb/modules/expr including configuration file
/etc/raddb/modules/detail.example.com
including configuration file /etc/raddb/modules/pam including configuration
file /etc/raddb/modules/files including configuration file
/etc/raddb/modules/smbpasswd including configuration file
/etc/raddb/modules/attr_rewrite including configuration file
/etc/raddb/modules/linelog including configuration file
/etc/raddb/modules/detail.log including configuration file
/etc/raddb/modules/unix including configuration file /etc/raddb/modules/exec
including configuration file /etc/raddb/modules/radutmp including configuration
file /etc/raddb/modules/acct_unique including configuration file
/etc/raddb/modules/digest including configuration file /etc/raddb/modules/chap
including configuration file /etc/raddb/modules/sql_log including configuration
file /etc/raddb/modules/mschap including configuration file
/etc/raddb/modules/counter including configuration file /etc/raddb/modules/pap
including configuration file /etc/raddb/modules/mac2vlan including
configuration file /etc/raddb/modules/mac2ip including configuration file
/etc/raddb/modules/wimax including configuration file /etc/raddb/eap.conf
including configuration file /etc/raddb/sql.conf including configuration file
/etc/raddb/sql/mysql/dialup.conf including configuration file
/etc/raddb/sql/mysql/counter.conf including configuration file
/etc/raddb/policy.conf including files in directory /etc/raddb/sites-enabled/
including configuration file /etc/raddb/sites-enabled/default including
configuration file /etc/raddb/sites-enabled/inner-tunnel
group = radiusd
user = radiusd
including dictionary file /etc/raddb/dictionary main {
prefix = /usr
localstatedir = /var
logdir = /var/log/radius
libdir = /usr/lib/freeradius
radacctdir = /var/log/radius/radacct
hostname_lookups = no
max_request_time = 30
cleanup_delay = 5
max_requests = 1024
allow_core_dumps = no
pidfile = /var/run/radiusd/radiusd.pid
checkrad = /usr/sbin/checkrad
debug_level = 0
proxy_requests = yes
log {
stripped_names = no
auth = no
auth_badpass = no
auth_goodpass = no
}
security {
max_attributes = 200
reject_delay = 1
status_server = yes
}
}
client localhost {
ipaddr = 10.0.8.9
require_message_authenticator = no
secret = testing123
nastype = other
}
radiusd:
Re: FreeRadius questions
hi, you have configured your server to listen for authentications on IP 10.0.8.9 ..but then you try sending a request to 127.0.0.1 (localhost) of course it isnt going to work. either configure the server to listen on all interfaces (*) as a default install would, or use 10.0.8.9 as the destination address with radtest alan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: FreeRadius questions
Firewall is turned off on the server at this time.
From: freeradius-users-bounces+jdeluca=wiu.k12.pa...@lists.freeradius.org
[mailto:freeradius-users-bounces+jdeluca=wiu.k12.pa...@lists.freeradius.org] On
Behalf Of hashim zayed
Sent: Tuesday, February 28, 2012 2:16 PM
To: FreeRadius users mailing list
Subject: Re: FreeRadius questions
Please make sure that port 1812/1813 are enabled on your server firewall.
Hashim Mohammed Zayed
Moeen IT
On 2012 2 28 17:10, James DeLuca
jdel...@wiu.k12.pa.usmailto:jdel...@wiu.k12.pa.us wrote:
Hope you can help us out. First time dealing with RADIUS servers. Following
your instructions. Seem to have missed something along the way.
We are running FreeRadius(Version 2.1.1) on a SLES version 11 server. The
serve has a static IP address.
We have tried both of the following setting in our client.conf
file(/etc/raddb/clients.conf). Neither have produced good results.
client localhost {
ipadddr = 127.0.0.1
require_message_authenticator = no
secret = x
nastype = other
}
client localhost {
ipadddr = 10.0.xxx.xxx
require_message_authenticator = no
secret = x
nastype = other
}
We entered a user in our user(/etc/raddb/users) file
bob Cleartext-Password := hello
Started two terminal sessions. In the first session we ran /usr/sbin/radiusd -X
And received these results
FreeRADIUS Version 2.1.1, for host i686-suse-linux-gnu, built on Feb 23 2009 at
21:34:25 Copyright (C) 1999-2008 The FreeRADIUS server project and contributors.
There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR
PURPOSE.
You may redistribute copies of FreeRADIUS under the terms of the GNU General
Public License v2.
Starting - reading configuration files ...
including configuration file /etc/raddb/radiusd.conf including configuration
file /etc/raddb/proxy.conf including configuration file /etc/raddb/clients.conf
including files in directory /etc/raddb/modules/ including configuration file
/etc/raddb/modules/detail including configuration file
/etc/raddb/modules/preprocess including configuration file
/etc/raddb/modules/ippool including configuration file
/etc/raddb/modules/inner-eap including configuration file
/etc/raddb/modules/checkval including configuration file
/etc/raddb/modules/ldap including configuration file
/etc/raddb/modules/sradutmp including configuration file
/etc/raddb/modules/attr_filter including configuration file
/etc/raddb/modules/policy including configuration file
/etc/raddb/modules/always including configuration file
/etc/raddb/modules/etc_group including configuration file
/etc/raddb/modules/logintime including configuration file
/etc/raddb/modules/passwd including configuration file /etc/raddb/modules/realm
including configuration file /etc/raddb/modules/krb5 including configuration
file /etc/raddb/modules/echo including configuration file
/etc/raddb/modules/expiration including configuration file
/etc/raddb/modules/expr including configuration file
/etc/raddb/modules/detail.example.comhttp://detail.example.com
including configuration file /etc/raddb/modules/pam including configuration
file /etc/raddb/modules/files including configuration file
/etc/raddb/modules/smbpasswd including configuration file
/etc/raddb/modules/attr_rewrite including configuration file
/etc/raddb/modules/linelog including configuration file
/etc/raddb/modules/detail.log including configuration file
/etc/raddb/modules/unix including configuration file /etc/raddb/modules/exec
including configuration file /etc/raddb/modules/radutmp including configuration
file /etc/raddb/modules/acct_unique including configuration file
/etc/raddb/modules/digest including configuration file /etc/raddb/modules/chap
including configuration file /etc/raddb/modules/sql_log including configuration
file /etc/raddb/modules/mschap including configuration file
/etc/raddb/modules/counter including configuration file /etc/raddb/modules/pap
including configuration file /etc/raddb/modules/mac2vlan including
configuration file /etc/raddb/modules/mac2ip including configuration file
/etc/raddb/modules/wimax including configuration file /etc/raddb/eap.conf
including configuration file /etc/raddb/sql.conf including configuration file
/etc/raddb/sql/mysql/dialup.conf including configuration file
/etc/raddb/sql/mysql/counter.conf including configuration file
/etc/raddb/policy.conf including files in directory /etc/raddb/sites-enabled/
including configuration file /etc/raddb/sites-enabled/default including
configuration file /etc/raddb/sites-enabled/inner-tunnel
group = radiusd
user = radiusd
including dictionary file /etc/raddb/dictionary main {
prefix = /usr
localstatedir = /var
logdir = /var/log/radius
libdir = /usr/lib/freeradius
radacctdir = /var/log/radius/radacct
hostname_lookups = no
max_request_time = 30
RE: FreeRadius questions
Changed the radtest to radtest bob hello 10.0.8.9 0 testing123 Now in the terminal windows where we ran radiusd -X we get the following error Ignoring request to authentication address 10.0.8.9 port 1812 from unknown client 10.0.8.9 port 56524 The terminal session we ran the radtest bob hello 10.0.8.9 0 testing123 still has the no response message. From: freeradius-users-bounces+jdeluca=wiu.k12.pa...@lists.freeradius.org [freeradius-users-bounces+jdeluca=wiu.k12.pa...@lists.freeradius.org] on behalf of Alan Buxey [a.l.m.bu...@lboro.ac.uk] Sent: Tuesday, February 28, 2012 2:50 PM To: FreeRadius users mailing list Subject: Re: FreeRadius questions hi, you have configured your server to listen for authentications on IP 10.0.8.9 ..but then you try sending a request to 127.0.0.1 (localhost) of course it isnt going to work. either configure the server to listen on all interfaces (*) as a default install would, or use 10.0.8.9 as the destination address with radtest alan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: FreeRadius questions
James DeLuca wrote: Changed the radtest to radtest bob hello 10.0.8.9 0 testing123 Now in the terminal windows where we ran radiusd -X we get the following error Ignoring request to authentication address 10.0.8.9 port 1812 from unknown client 10.0.8.9 port 56524 So... what do you think you should do? Read the previous message as a hint. The terminal session we ran the radtest bob hello 10.0.8.9 0 testing123 still has the no response message. We assume a certain basic understanding of IP networking. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: FreeRadius questions
Hi, radtest bob hello 10.0.8.9 0 testing123 Now in the terminal windows where we ran radiusd -X we get the following error Ignoring request to authentication address 10.0.8.9 port 1812 from unknown client 10.0.8.9 port 56524 is 10.0.8.9 listed in clients.conf ? you will see no response in the radtest window as, as the server says, the request is being ignored... you'll just get a time out alan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
