Re: [PacketFence-users] Cant' Start FreeRadius on PacketFence

[Fabrice Durand via PacketFence-users]

Hello Xavier,

when you want to test 802.1x you need to use eapol_test instead of radtest.

Regards

Fabrice



Le 2018-05-07 à 06:00, Xav Tauran via PacketFence-users a écrit :

Hello Fabrice,

Thank you for your help.
Effectivly, it was the wrong radiusd service. The correct one, works.
I configured my Cisco, and the radius on packetfence and when I try to 
test with the radtest command, I have this result :


[root@packetfence raddb]# radtest admin adminadmin localhost:18120 12 
testing123
Sent Access-Request Id 172 from 0.0.0.0:39530  
to 127.0.0.1:18120  length 75

User-Name = "admin"
User-Password = "adminadmin"
NAS-IP-Address = 169.254.0.2
NAS-Port = 12
Message-Authenticator = 0x00
Cleartext-Password = "adminadmin"
Received Access-Reject Id 172 from 127.0.0.1:18120 
 to 0.0.0.0:0  length 20

(0) -: Expected Access-Accept got Access-Reject

I don't understand why I have an Access-Reject and not an 
Access-Accept when I try my Radius in localhost connection.


Thank you in advance for your help.

Regards,

Xavier


2018-04-30 14:52 GMT+02:00 Fabrice Durand via PacketFence-users 
>:


Hello Xavier,

you are dealing with the wrong radiusd service , the correct one
is packetfence-radiusd-auth.

Also what you can try is the following (in /usr/local/pf/)

radiusd -d raddb/ -n auth -fxx -l stdout

And paste me the result.

Regards

Fabrice



Le 2018-04-26 à 05:00, Xav Tauran via PacketFence-users a écrit :


Hello everyone !
I'm deploying a NAC solution for a customer with PacketFence. I
use freeradius (freeradius is automatically installed with
PacketFence).
However, I have a problem with FreeRadius. FreeRadius doesn't
want to start on my virtual machine. (I use Centos 7).
I have this issue when I want to start radiuds with the radius -X
command :

Debugger not attached
Refusing to start with libssl version OpenSSL 1.0.1e-fips 11 Feb
2013 0x1000105f (1.0.1e release) (in range 1.0.1 release - 1.0.1t
rele)
Security advisory CVE-2016-6304 (OCSP status request extension)
For more information
seehttps://www.openssl.org/news/secadv/20160922.txt

Once you have verified libssl has been correctly patched, set
security.allow_vulnerable_openssl = 'CVE-2016-6304'
Refusing to start with libssl version OpenSSL 1.0.1e-fips 11 Feb
2013 0x1000105f (1.0.1e release) (in range 1.0.1 dev - 1.0.1f
release)
Security advisory CVE-2014-0160 (Heartbleed)
For more information seehttp://heartbleed.com


When I check the status of radiusd with systemctl status radiusd,
I have this result :

root@localhost raddb]# systemctl status radiusd
● radiusd.service - FreeRADIUS multi-protocol policy server
Loaded: loaded (/usr/lib/systemd/system/radiusd.service;
disabled; vendor preset: disabled)
Active: inactive (dead)
Docs: man:radiusd(8)
man:radiusd.conf(5)
http://wiki.freeradius.org/
http://networkradius.com/doc/

Can you help me ?

Thank you very much in advance !

Kind regards,

Xavier TAURAN





--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org!http://sdm.link/slashdot


___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net

https://lists.sourceforge.net/lists/listinfo/packetfence-users



-- 
Fabrice Durand

fdur...@inverse.ca   ::  +1.514.447.4918 (x135) 
::www.inverse.ca 
Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and PacketFence 
(http://packetfence.org)



--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net

https://lists.sourceforge.net/lists/listinfo/packetfence-users





--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot


___
PacketFence-users mailing list

Re: [PacketFence-users] Cant' Start FreeRadius on PacketFence

[Xav Tauran via PacketFence-users]

Hello Fabrice,

Thank you for your help.
Effectivly, it was the wrong radiusd service. The correct one, works.
I configured my Cisco, and the radius on packetfence and when I try to test
with the radtest command, I have this result :

[root@packetfence raddb]# radtest admin adminadmin localhost:18120 12
testing123
Sent Access-Request Id 172 from 0.0.0.0:39530 to 127.0.0.1:18120 length 75
User-Name = "admin"
User-Password = "adminadmin"
NAS-IP-Address = 169.254.0.2
NAS-Port = 12
Message-Authenticator = 0x00
Cleartext-Password = "adminadmin"
Received Access-Reject Id 172 from 127.0.0.1:18120 to 0.0.0.0:0 length 20
(0) -: Expected Access-Accept got Access-Reject

I don't understand why I have an Access-Reject and not an Access-Accept
when I try my Radius in localhost connection.

Thank you in advance for your help.

Regards,

Xavier


2018-04-30 14:52 GMT+02:00 Fabrice Durand via PacketFence-users <
packetfence-users@lists.sourceforge.net>:

> Hello Xavier,
>
> you are dealing with the wrong radiusd service , the correct one is
> packetfence-radiusd-auth.
>
> Also what you can try is the following (in /usr/local/pf/)
>
> radiusd -d raddb/ -n auth -fxx -l stdout
>
> And paste me the result.
>
> Regards
>
> Fabrice
>
>
>
> Le 2018-04-26 à 05:00, Xav Tauran via PacketFence-users a écrit :
>
> Hello everyone !
> I'm deploying a NAC solution for a customer with PacketFence. I use
> freeradius (freeradius is automatically installed with PacketFence).
> However, I have a problem with FreeRadius. FreeRadius doesn't want to
> start on my virtual machine. (I use Centos 7).
> I have this issue when I want to start radiuds with the radius -X command :
>
> Debugger not attached
> Refusing to start with libssl version OpenSSL 1.0.1e-fips 11 Feb 2013
> 0x1000105f (1.0.1e release) (in range 1.0.1 release - 1.0.1t rele)
> Security advisory CVE-2016-6304 (OCSP status request extension)
> For more information see https://www.openssl.org/news/secadv/20160922.txt
> Once you have verified libssl has been correctly patched, set
> security.allow_vulnerable_openssl = 'CVE-2016-6304'
> Refusing to start with libssl version OpenSSL 1.0.1e-fips 11 Feb 2013
> 0x1000105f (1.0.1e release) (in range 1.0.1 dev - 1.0.1f release)
> Security advisory CVE-2014-0160 (Heartbleed)
> For more information see http://heartbleed.com
>
> When I check the status of radiusd with systemctl status radiusd, I have
> this result :
>
> root@localhost raddb]# systemctl status radiusd
> ● radiusd.service - FreeRADIUS multi-protocol policy server
> Loaded: loaded (/usr/lib/systemd/system/radiusd.service; disabled; vendor
> preset: disabled)
> Active: inactive (dead)
> Docs: man:radiusd(8)
> man:radiusd.conf(5)
> http://wiki.freeradius.org/
> http://networkradius.com/doc/
>
> Can you help me ?
>
> Thank you very much in advance !
>
> Kind regards,
>
> Xavier TAURAN
>
>
>
> --
> Check out the vibrant tech community on one of the world's most
> engaging tech sites, Slashdot.org! http://sdm.link/slashdot
>
>
>
> ___
> PacketFence-users mailing 
> listPacketFence-users@lists.sourceforge.nethttps://lists.sourceforge.net/lists/listinfo/packetfence-users
>
>
> --
> Fabrice durandfdur...@inverse.ca ::  +1.514.447.4918 (x135) ::  www.inverse.ca
> Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and PacketFence 
> (http://packetfence.org)
>
>
> 
> --
> Check out the vibrant tech community on one of the world's most
> engaging tech sites, Slashdot.org! http://sdm.link/slashdot
> ___
> PacketFence-users mailing list
> PacketFence-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/packetfence-users
>
>
--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [PacketFence-users] Cant' Start FreeRadius on PacketFence

[Fabrice Durand via PacketFence-users]

Hello Xavier,

you are dealing with the wrong radiusd service , the correct one is
packetfence-radiusd-auth.

Also what you can try is the following (in /usr/local/pf/)

radiusd -d raddb/ -n auth -fxx -l stdout

And paste me the result.

Regards

Fabrice



Le 2018-04-26 à 05:00, Xav Tauran via PacketFence-users a écrit :
>
> Hello everyone !
> I'm deploying a NAC solution for a customer with PacketFence. I use
> freeradius (freeradius is automatically installed with PacketFence).
> However, I have a problem with FreeRadius. FreeRadius doesn't want to
> start on my virtual machine. (I use Centos 7).
> I have this issue when I want to start radiuds with the radius -X
> command :
>
> Debugger not attached
> Refusing to start with libssl version OpenSSL 1.0.1e-fips 11 Feb 2013
> 0x1000105f (1.0.1e release) (in range 1.0.1 release - 1.0.1t rele)
> Security advisory CVE-2016-6304 (OCSP status request extension)
> For more information
> see https://www.openssl.org/news/secadv/20160922.txt
> 
> Once you have verified libssl has been correctly patched, set
> security.allow_vulnerable_openssl = 'CVE-2016-6304'
> Refusing to start with libssl version OpenSSL 1.0.1e-fips 11 Feb 2013
> 0x1000105f (1.0.1e release) (in range 1.0.1 dev - 1.0.1f release)
> Security advisory CVE-2014-0160 (Heartbleed)
> For more information see http://heartbleed.com 
>
> When I check the status of radiusd with systemctl status radiusd, I
> have this result :
>
> root@localhost raddb]# systemctl status radiusd
> ● radiusd.service - FreeRADIUS multi-protocol policy server
> Loaded: loaded (/usr/lib/systemd/system/radiusd.service; disabled;
> vendor preset: disabled)
> Active: inactive (dead)
> Docs: man:radiusd(8)
> man:radiusd.conf(5)
> http://wiki.freeradius.org/
> http://networkradius.com/doc/
>
> Can you help me ?
>
> Thank you very much in advance !
>
> Kind regards,
>
> Xavier TAURAN
>
>
>
>
> --
> Check out the vibrant tech community on one of the world's most
> engaging tech sites, Slashdot.org! http://sdm.link/slashdot
>
>
> ___
> PacketFence-users mailing list
> PacketFence-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/packetfence-users

-- 
Fabrice Durand
fdur...@inverse.ca ::  +1.514.447.4918 (x135) ::  www.inverse.ca
Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and PacketFence 
(http://packetfence.org) 

--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [PacketFence-users] Cant' Start FreeRadius on PacketFence

[Truax, Peter via PacketFence-users]

Xav,

I ran into this same problem when I tried to install components for PacketFence 
individually. I solved this by using the deployment script given in the steps 
at the link below in chapter 4.

https://packetfence.org/doc/PacketFence_Administration_Guide.html#_os_installation


1.   Started with a minimal install of CentOS 7.

2.   Turn off firewall and dns as per directions.

3.   Run the following commands assuming you are using an x86 based server:

yum localinstall 
http://packetfence.org/downloads/PacketFence/RHEL7/x86_64/RPMS/packetfence-release-1.2-6.el7.centos.noarch.rpm

yum install perl

yum install –-enablerepo=packetfence packetfence

Packetfence will install with all of the dependences needed preconfigured.


Regards,

Peter

From: Xav Tauran via PacketFence-users 
[mailto:packetfence-users@lists.sourceforge.net]
Sent: Thursday, April 26, 2018 2:00 AM
To: packetfence-users@lists.sourceforge.net
Cc: Xav Tauran 
Subject: [PacketFence-users] Cant' Start FreeRadius on PacketFence


Hello everyone !
I'm deploying a NAC solution for a customer with PacketFence. I use freeradius 
(freeradius is automatically installed with PacketFence).
However, I have a problem with FreeRadius. FreeRadius doesn't want to start on 
my virtual machine. (I use Centos 7).
I have this issue when I want to start radiuds with the radius -X command :

Debugger not attached
Refusing to start with libssl version OpenSSL 1.0.1e-fips 11 Feb 2013 
0x1000105f (1.0.1e release) (in range 1.0.1 release - 1.0.1t rele)
Security advisory CVE-2016-6304 (OCSP status request extension)
For more information see https://www.openssl.org/news/secadv/20160922.txt
Once you have verified libssl has been correctly patched, set 
security.allow_vulnerable_openssl = 'CVE-2016-6304'
Refusing to start with libssl version OpenSSL 1.0.1e-fips 11 Feb 2013 
0x1000105f (1.0.1e release) (in range 1.0.1 dev - 1.0.1f release)
Security advisory CVE-2014-0160 (Heartbleed)
For more information see http://heartbleed.com

When I check the status of radiusd with systemctl status radiusd, I have this 
result :

root@localhost raddb]# systemctl status radiusd
● radiusd.service - FreeRADIUS multi-protocol policy server
Loaded: loaded (/usr/lib/systemd/system/radiusd.service; disabled; vendor 
preset: disabled)
Active: inactive (dead)
Docs: man:radiusd(8)
man:radiusd.conf(5)
http://wiki.freeradius.org/
http://networkradius.com/doc/

Can you help me ?

Thank you very much in advance !

Kind regards,

Xavier TAURAN

--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users