Re: Radius says client is unknown.
Yes, I restarted it several times. 10.2.8.150 is the AP's address. I guess there is nothing wrong with the AP. Just a moment ago, I noticed that I can't start radiusd daemon with 'service radiusd start' command. It gives the following error: [EMAIL PROTECTED] raddb]# service radiusd start Starting RADIUS server: Tue Feb 27 21:44:38 2007 : Info: Starting - reading configuration files ... 6490:error:0906D06C:PEM routines:PEM_read_bio:no start line:pem_lib.c:632:Expecting: CERTIFICATE 6490:error:0906D06C:PEM routines:PEM_read_bio:no start line:pem_lib.c:632:Expecting: CERTIFICATE 6490:error:140AD009:SSL routines:SSL_CTX_use_certificate_file:PEM lib:ssl_rsa.c:534: [FAILED] But I can start it with 'radiusd -X' Can the prooblem be related to that? By the way, I have signed a new certificate to be used in radius. But it seems okay. Thanks for any help, Onur. [EMAIL PROTECTED] wrote: Hi, Hello, I have configured freeRadius server and a Cisco AP350. When I run the server in debug mode, it prints 'unknown client', although the client is explicitely defined in clients.conf. Output is: rad_recv: Access-Request packet from host 10.2.8.150:1058, id=31, length=143 Ignoring request from unknown client 10.2.8.150:1058 --- Walking the entire request list --- Nothing to do. Sleeping until we see a request. clients.conf entity is: client 10.2.8.150 { secret = testing123 shortname = tnl2-network } Any idea on what's wrong? have you restarted FreeRADIUS after adding it to clients.conf? alan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - Food fight? Enjoy some healthy debate in the Yahoo! Answers Food Drink QA.- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Radius says client is unknown.
On Tuesday 27 February 2007 14:47, M. Onur ERGiN wrote: Just a moment ago, I noticed that I can't start radiusd daemon with 'service radiusd start' command. It gives the following error: [EMAIL PROTECTED] raddb]# service radiusd start Starting RADIUS server: Tue Feb 27 21:44:38 2007 : Info: Starting - reading configuration files ... 6490:error:0906D06C:PEM routines:PEM_read_bio:no start line:pem_lib.c:632:Expecting: CERTIFICATE 6490:error:0906D06C:PEM routines:PEM_read_bio:no start line:pem_lib.c:632:Expecting: CERTIFICATE 6490:error:140AD009:SSL routines:SSL_CTX_use_certificate_file:PEM lib:ssl_rsa.c:534: [FAILED] But I can start it with 'radiusd -X' Can the prooblem be related to that? By the way, I have signed a new certificate to be used in radius. But it seems okay. Thanks for any help, Onur. Sounds like a permissions issue to me. Check the user/group that is configured in radiusd.conf, then verify that the user can read the certificates and config files. Kevin Bonner pgphLZ52A7c3r.pgp Description: PGP signature - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Radius says client is unknown.
I used CA.all script to create certificates and ran it as root. I also run radiusd as root. What do the error codes mean? (6490:error) Oh, by the way, may be this is a little off-topic but can I authenticate windows xp users through peap without using a certificate? Regards, Onur. Kevin Bonner [EMAIL PROTECTED] wrote: On Tuesday 27 February 2007 14:47, M. Onur ERGiN wrote: Just a moment ago, I noticed that I can't start radiusd daemon with 'service radiusd start' command. It gives the following error: [EMAIL PROTECTED] raddb]# service radiusd start Starting RADIUS server: Tue Feb 27 21:44:38 2007 : Info: Starting - reading configuration files ... 6490:error:0906D06C:PEM routines:PEM_read_bio:no start line:pem_lib.c:632:Expecting: CERTIFICATE 6490:error:0906D06C:PEM routines:PEM_read_bio:no start line:pem_lib.c:632:Expecting: CERTIFICATE 6490:error:140AD009:SSL routines:SSL_CTX_use_certificate_file:PEM lib:ssl_rsa.c:534: [FAILED] But I can start it with 'radiusd -X' Can the prooblem be related to that? By the way, I have signed a new certificate to be used in radius. But it seems okay. Thanks for any help, Onur. Sounds like a permissions issue to me. Check the user/group that is configured in radiusd.conf, then verify that the user can read the certificates and config files. Kevin Bonner - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - TV dinner still cooling? Check out Tonight's Picks on Yahoo! TV.- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Radius says client is unknown.
Hi, I used CA.all script to create certificates and ran it as root. I also run radiusd as root. you may 'run it as root' but radiusd will then change to run as the user defined in the radiusd.conf file - which MUST be able to read the config files and SSL keys etc. alan Oh, by the way, may be this is a little off-topic but can I authenticate windows xp users through peap without using a certificate? you COULD decide not to trust or check any certificate. nasty though. alan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: Radius says client is unknown.
Simple question Is the config file your ediiting the one that Freeradius is using? (I've done this before) Us the locate radiusd.conf and see all the instances. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Radius says client is unknown.
King, Michael wrote: Us the locate radiusd.conf and see all the instances. locate is not a universal app. It is only installed if your distro installs it by default or you install it specifically. Also, new/moved files will not be seen by locate unless the update runs (usually in cron at 4am, which won't happen if you happen to turn off this machine at the end of the day). A better solution is to use find which is on most systems: find / -name filename e.g. find / -name clients.conf man find for more info. Note that locate will be faster if you have locate on your system. Just be aware that it may not always be accurate. Finding a file from the root of the filesystem on a clean server (ie fresh install w/o unnecessary apps or a GUI) should be pretty quick. -- Dennis Skinner Systems Administrator BlueFrog Internet http://www.bluefrog.com - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: Radius says client is unknown.
:) thank you. how confusing it is: I have both radiusd.conf under /etc/raddb and under /usr/local/etc/raddb .. The correct one is that under /usr/ I don't know why but when I type something wrong into the one under /etc/raddb; radiusd still returns error. May be I must remove everything and reinstall freeradius from the beginning. Then let me ask one more question; Now I can send my user/password over my AP. but I receive access-reject and it says: rad_check_password: Found Auth-Type Local auth: type Local auth: No User-Password or CHAP-Password attribute in the request auth: Failed to validate the user. Delaying request 0 for 1 seconds Finished request 0 Can it be my certificate again? I edited eap.conf so that it includes default_eap_type = peap peap { default_eap_type = mschapv2 } and I uncommented the default certificate lines under tls{..} Best regards, Onur. King, Michael [EMAIL PROTECTED] wrote: Simple question Is the config file your ediiting the one that Freeradius is using? (I've done this before) Us the locate radiusd.conf and see all the instances. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - Looking for earth-friendly autos? Browse Top Cars by Green Rating at Yahoo! Autos' Green Center. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: Radius says client is unknown.
Also check if the distro had freeradius already installed. The start script in /etc/init.d, unless replaced, will call the preinstalled version - not the one you installed. rpm -q freeradius (for rpm based distros). Do which radiusd to see if the one in the path is the one you want to call. The path to radiusd.conf is part of the compile and a preinstalled version will usually look in /etc/raddb unless otherwide instructed. Mearl From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of M. Onur ERGiN Sent: Tuesday, February 27, 2007 4:08 PM To: FreeRadius users mailing list Subject: RE: Radius says client is unknown. :) thank you. how confusing it is: I have both radiusd.conf under /etc/raddb and under /usr/local/etc/raddb .. The correct one is that under /usr/ I don't know why but when I type something wrong into the one under /etc/raddb; radiusd still returns error. May be I must remove everything and reinstall freeradius from the beginning. Then let me ask one more question; Now I can send my user/password over my AP. but I receive access-reject and it says: rad_check_password: Found Auth-Type Local auth: type Local auth: No User-Password or CHAP-Password attribute in the request auth: Failed to validate the user. Delaying request 0 for 1 seconds Finished request 0 Can it be my certificate again? I edited eap.conf so that it includes default_eap_type = peap peap { default_eap_type = mschapv2 } and I uncommented the default certificate lines under tls{..} Best regards, Onur. King, Michael [EMAIL PROTECTED] wrote: Simple question Is the config file your ediiting the one that Freeradius is using? (I've done this before) Us the locate radiusd.conf and see all the instances. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html Looking for earth-friendly autos? Browse Top Cars by Green Rating at Yahoo! Autos' Green Center. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html