FreeRADIUS ( 2 ) and SNMP - broken pipe error - password not accepted
Hello, I have set up FreeRADIUS ( pre2 ) and activated SNMP ( rebuilt it with --with-snmp ... ). The snmpd is also configured with the smuxpeer and the correct password, but password seems to be rejected. I am using snmpd-5.3.1 on Debian Etch ( AMD64 ). Both passwords are the same. Does anyone have an idea what might be wrong? Sun Dec 2 09:47:20 2007 : Debug: SMUX connect try 1 Sun Dec 2 09:47:20 2007 : Debug: SMUX SMUX open oid: 1.3.6.1.4.1.11344.1.1.1 Sun Dec 2 09:47:20 2007 : Debug: SMUX open progname: radiusd Sun Dec 2 09:47:20 2007 : Debug: SMUX open password: rad Sun Dec 2 09:47:20 2007 : Debug: SMUX SMUX register oid: 1.3.6.1.2.1.67.1.1.1.1 Sun Dec 2 09:47:20 2007 : Debug: SMUX register priority: -1 Sun Dec 2 09:47:20 2007 : Debug: SMUX register operation: 1 Sun Dec 2 09:47:20 2007 : Debug: SMUX SMUX register oid: 1.3.6.1.2.1.67.2.1.1.1 Sun Dec 2 09:47:20 2007 : Debug: SMUX register priority: -1 Sun Dec 2 09:47:20 2007 : Debug: SMUX register operation: 1 Sun Dec 2 09:47:20 2007 : Debug: Listening on authentication address 172.19.10.3 port 1812 as server mac-auth Sun Dec 2 09:47:20 2007 : Debug: Listening on accounting address 172.19.10.3 port 1813 as server mac-auth Sun Dec 2 09:47:20 2007 : Debug: Listening on SNMP SMUX with OID .1.3.6.1.4.1.11344.1.1.1 Sun Dec 2 09:47:20 2007 : Debug: Ready to process requests. Sun Dec 2 09:47:20 2007 : Debug: SMUX read start Sun Dec 2 09:47:20 2007 : Debug: SMUX read len: 3 Sun Dec 2 09:47:20 2007 : Debug: SMUX message received type: 0 rest len: 1 Sun Dec 2 09:47:20 2007 : Debug: SMUX Unknown type: 0 Sun Dec 2 09:47:20 2007 : Debug: Ready to process requests. Sun Dec 2 09:47:20 2007 : Debug: SMUX read start Sun Dec 2 09:47:20 2007 : Debug: SMUX connection closed: 12 Sun Dec 2 09:47:20 2007 : Debug: SMUX connect try 1 Sun Dec 2 09:47:20 2007 : Debug: SMUX SMUX open oid: 1.3.6.1.4.1.11344.1.1.1 Sun Dec 2 09:47:20 2007 : Debug: SMUX open progname: radiusd Sun Dec 2 09:47:20 2007 : Debug: SMUX open password: rad Sun Dec 2 09:47:20 2007 : Debug: SMUX SMUX register oid: 1.3.6.1.2.1.67.1.1.1.1 Sun Dec 2 09:47:20 2007 : Debug: SMUX register priority: -1 Sun Dec 2 09:47:20 2007 : Debug: SMUX register operation: 1 Sun Dec 2 09:47:20 2007 : Debug: SMUX SMUX register oid: 1.3.6.1.2.1.67.2.1.1.1 Sun Dec 2 09:47:20 2007 : Debug: SMUX register priority: -1 Sun Dec 2 09:47:20 2007 : Debug: SMUX register operation: 1 Sun Dec 2 09:47:20 2007 : Debug: Ready to process requests. Sun Dec 2 09:47:20 2007 : Debug: SMUX read start Sun Dec 2 09:47:20 2007 : Debug: SMUX read len: 3 Sun Dec 2 09:47:20 2007 : Debug: SMUX message received type: 0 rest len: 1 Sun Dec 2 09:47:20 2007 : Debug: SMUX Unknown type: 0 Sun Dec 2 09:47:20 2007 : Debug: Ready to process requests. Sun Dec 2 09:47:20 2007 : Debug: SMUX read start Sun Dec 2 09:47:20 2007 : Debug: SMUX connection closed: 12 Sun Dec 2 09:47:20 2007 : Debug: SMUX connect try 1 Sun Dec 2 09:47:20 2007 : Debug: SMUX SMUX open oid: 1.3.6.1.4.1.11344.1.1.1 Sun Dec 2 09:47:20 2007 : Debug: SMUX open progname: radiusd Sun Dec 2 09:47:20 2007 : Debug: SMUX open password: rad Sun Dec 2 09:47:20 2007 : Debug: SMUX SMUX register oid: 1.3.6.1.2.1.67.1.1.1.1 Sun Dec 2 09:47:20 2007 : Debug: SMUX register priority: -1 Sun Dec 2 09:47:20 2007 : Debug: SMUX register operation: 1 Sun Dec 2 09:47:20 2007 : Debug: SMUX SMUX register oid: 1.3.6.1.2.1.67.2.1.1.1 Sun Dec 2 09:47:20 2007 : Debug: SMUX register priority: -1 Sun Dec 2 09:47:20 2007 : Debug: SMUX register operation: 1 Sun Dec 2 09:47:20 2007 : Debug: Ready to process requests. Sun Dec 2 09:47:20 2007 : Debug: SMUX read start Sun Dec 2 09:47:20 2007 : Debug: SMUX read len: 3 Sun Dec 2 09:47:20 2007 : Debug: SMUX message received type: 0 rest len: 1 Sun Dec 2 09:47:20 2007 : Debug: SMUX Unknown type: 0 Sun Dec 2 09:47:20 2007 : Debug: Ready to process requests. Sun Dec 2 09:47:20 2007 : Debug: SMUX read start Sun Dec 2 09:47:20 2007 : Debug: SMUX connection closed: 12 Sun Dec 2 09:47:20 2007 : Debug: SMUX connect try 1 Sun Dec 2 09:47:20 2007 : Debug: SMUX SMUX open oid: 1.3.6.1.4.1.11344.1.1.1 Sun Dec 2 09:47:20 2007 : Debug: SMUX open progname: radiusd Sun Dec 2 09:47:20 2007 : Debug: SMUX open password: rad Sun Dec 2 09:47:20 2007 : Debug: SMUX SMUX register oid: 1.3.6.1.2.1.67.1.1.1.1 Sun Dec 2 09:47:20 2007 : Debug: SMUX register priority: -1 Sun Dec 2 09:47:20 2007 : Debug: SMUX register operation: 1 Sun Dec 2 09:47:20 2007 : Debug: SMUX SMUX register oid: 1.3.6.1.2.1.67.2.1.1.1 Sun Dec 2 09:47:20 2007 : Debug: SMUX register priority: -1 Sun Dec 2 09:47:20 2007 : Debug: SMUX register operation: 1 Sun Dec 2 09:47:20 2007 : Debug: Ready to process requests. Sun Dec 2 09:47:20 2007 : Debug: SMUX read start Sun Dec 2 09:47:20 2007 : Debug: SMUX read len: 3 Sun Dec 2 09:47:20 2007 : Debug: SMUX message received type: 0 rest len: 1 Sun Dec 2 09:47:20 2007 : Debug: SMUX Unknown type: 0 Sun Dec 2 09:47:20 2007 : Debug: Ready to
Re: FreeRADIUS ( 2 ) and SNMP - broken pipe error - password not accepted
Edvin Seferovic wrote: Hello, I have set up FreeRADIUS ( pre2 ) and activated SNMP ( rebuilt it with --with-snmp ... ). The snmpd is also configured with the smuxpeer and the correct password, but password seems to be rejected. I am using snmpd-5.3.1 on Debian Etch ( AMD64 ). Both passwords are the same. Does anyone have an idea what might be wrong? The SMUX code in src/main doesn't appear to be 64-bit clean. There's a patch from Redhat on bugs.freeradius.org that helps, but apparently it still doesn't work. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: FreeRADIUS ( 2 ) and SNMP - broken pipe error - password not accepted
Edvin Seferovic wrote: Is the patch already in the CVS ? Can you send me the BugID ( can't find it :( ) ? Can you give me a hint what needs to be ajusted ? There is no patch in CVS. If it's not in bugs.freeradius.org, it's in the mailing list archives. As for a fix, the code uses int where it should really be either int32 for protocol packing, or size_t for lengths. Once those changes are made, it should work. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RADIUS SNMP
Dear All, I want to monitor the RADIUS with SNMP. but i need to know exactly what is that OID means ( radiusAccServTotalNoRecords ) i searched and found that it means The number of RADIUS Accounting-Request packets which were received and responded to but not recorded but i can't understand how come that the radius respond to a packet but it is not recorded ?? i'm using mysql as accounting DB regards, Amr Ali - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: 64-bit issues ( SNMP issues )
Hi Alan, thank you ! As you mentioned - net-snmp libraries do have a problem. Although I've found a patch on their mailing list covering this problem for net-snmp 5.3.1 ( I am attaching it ). Nevertheless I cannot get any data... freeradius seems to register just fine : Sun Dec 2 20:17:11 2007 : Debug: SMUX connect try 1 Sun Dec 2 20:17:11 2007 : Debug: SMUX SMUX open oid: 1.3.6.1.4.1.11344.1.1.1 Sun Dec 2 20:17:11 2007 : Debug: SMUX open progname: radiusd Sun Dec 2 20:17:11 2007 : Debug: SMUX open password: rad Sun Dec 2 20:17:11 2007 : Debug: SMUX SMUX register oid: 1.3.6.1.2.1.67.1.1.1.1 Sun Dec 2 20:17:11 2007 : Debug: SMUX register priority: -1 Sun Dec 2 20:17:11 2007 : Debug: SMUX register operation: 1 Sun Dec 2 20:17:11 2007 : Debug: SMUX SMUX register oid: 1.3.6.1.2.1.67.2.1.1.1 Sun Dec 2 20:17:11 2007 : Debug: SMUX register priority: -1 Sun Dec 2 20:17:11 2007 : Debug: SMUX register operation: 1 Sun Dec 2 20:17:11 2007 : Debug: Listening on authentication address 172.19.10.3 port 1812 as server mac-auth Sun Dec 2 20:17:11 2007 : Debug: Listening on accounting address 172.19.10.3 port 1813 as server mac-auth Sun Dec 2 20:17:11 2007 : Debug: Listening on SNMP SMUX with OID .1.3.6.1.4.1.11344.1.1.1 Sun Dec 2 20:17:11 2007 : Debug: Ready to process requests. Sun Dec 2 20:17:11 2007 : Debug: SMUX read start Sun Dec 2 20:17:11 2007 : Debug: SMUX read len: 6 Sun Dec 2 20:17:11 2007 : Debug: SMUX message received type: 67 rest len: 4 Sun Dec 2 20:17:11 2007 : Debug: SMUX_RRSP Sun Dec 2 20:17:11 2007 : Debug: SMUX_RRSP value: 0 errstat: 0 Sun Dec 2 20:17:11 2007 : Debug: Ready to process requests. Sun Dec 2 20:17:11 2007 : Debug: SMUX read start Sun Dec 2 20:17:11 2007 : Debug: SMUX read len: 6 Sun Dec 2 20:17:11 2007 : Debug: SMUX message received type: 67 rest len: 4 Sun Dec 2 20:17:11 2007 : Debug: SMUX_RRSP Sun Dec 2 20:17:11 2007 : Debug: SMUX_RRSP value: 0 errstat: 0 Dec 2 20:18:50 sphinx snmpd[17853]: NET-SNMP version 5.3.1 Dec 2 20:19:28 sphinx snmpd[17853]: Connection from UDP: [127.0.0.1]:32784 Dec 2 20:19:41 sphinx snmpd[17853]: [smux_accept] accepted fd 10 from 127.0.0.1:60772 Dec 2 20:19:41 sphinx snmpd[17853]: accepted smux peer: oid SNMPv2-SMI::enterprises.11344.1.1.1, descr radiusd Dec 2 20:19:48 sphinx snmpd[17853]: Connection from UDP: [127.0.0.1]:32784 sphinx:~/software# snmpwalk -v 2c -m /usr/share/snmp/mibs/RADIUS-AUTH-SERVER-MIB.txt -c public 127.0.0.1 radiusAuth RADIUS-AUTH-SERVER-MIB::radiusAuthentication = No more variables left in this MIB View (It is past the end of the MIB tree) Any ideas what might go wrong ? TIA Regards, E:S -Original Message- From: Alan DeKok [mailto:[EMAIL PROTECTED] Sent: Sonntag, 02. Dezember 2007 17:44 To: Edvin Seferovic Subject: 64-bit issues I don't know if the net-snmp libraries are 64-bit clean, either. In any case, I've cleaned up src/main/smux.c. Please try downloading building CVS head. Maybe that will fix it... Alan DeKok. __ NOD32 2697 (20071202) Information __ This message was checked by NOD32 antivirus system. http://www.eset.com net-snmp-5.3.1-smux-password.diff Description: Binary data - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Login rejected. Error 691.
I installed FreeRadius 1.1.2 on FreeBSD 6.0. I followed the HOWTO from
http://tldp.org/HOWTO/8021X-HOWTO/freeradius.html to configure the server.
When I ran radtest, it show the message like this:
Sending Access-Request of id 153 to 10.1.1.3 port 1645
User-Name = [EMAIL PROTECTED]
User-Password = sni
NAS-IP-Address = 255.255.255.255
NAS-Port = 1645
rad_recv: Access-Accept packet from host 10.1.1.3:1645, id=153, length=20
or
Sending Access-Request of id 153 to 10.1.1.3 port 1645
User-Name = user
User-Password = sni
NAS-IP-Address = 255.255.255.255
NAS-Port = 1645
rad_recv: Access-Accept packet from host 10.1.1.3:1645, id=153, length=20
The user 'user' already registered inside /etc/password:
user:*:1006:1006:user_radius_sisni:/home/user:/usr/sbin/nologin
In radius.conf , proxy_request is set to No. And the $INCLUDE
${confdir}/proxy.conf is already commented.
But I still got this message: rlm_realm: Proxy reply, or no User-Name.
Ignoring.
This is the content from huntgroup file:
LNS-KPU-SM2 NAS-IP-Address == 10.1.1.0
This is the content from hints file
DEFAULT Suffix == @sisni, Strip-User-Name = Yes
Hint = sisni,
If I tried to dial the Radius from Windows terminal, it always give me an
error like this:
*Error 691*: Access was denied because the user name and/or password was
invalid on the domain
Please help me to fix the error.
Thank you.
-Pungki
Here is the last message in /var/log/radacct/10.1.1.0/detail-20071203
Acct-Status-Type = Accounting-On
NAS-IP-Address = 10.1.1.0
NAS-Identifier = LNS-KPU-SM2
Acct-Authentic = RADIUS
Acct-Session-Id = load:2147484043
Event-Timestamp = Nov 22 2007 10:25:47 WIT
Acct-Delay-Time = 957324
Client-IP-Address = 10.1.1.0
Timestamp = 1196662186
Here is the message that show after radiusd -X command.
Starting - reading configuration files ...
reread_config: reading radiusd.conf
Config: including file: /usr/local/etc/raddb/clients.conf
Config: including file: /usr/local/etc/raddb/eap.conf
Config: including file: /usr/local/etc/raddb/sql.conf
main: prefix = /usr/local
main: localstatedir = /var
main: logdir = /var/log
main: libdir = /usr/local/lib
main: radacctdir = /var/log/radacct
main: hostname_lookups = no
main: max_request_time = 30
main: cleanup_delay = 5
main: max_requests = 1024
main: delete_blocked_requests = 0
main: port = 0
main: allow_core_dumps = no
main: log_stripped_names = no
main: log_file = /var/log/radius.log
main: log_auth = no
main: log_auth_badpass = no
main: log_auth_goodpass = no
main: pidfile = /var/run/radiusd/radiusd.pid
main: user = (null)
main: group = (null)
main: usercollide = no
main: lower_user = no
main: lower_pass = no
main: nospace_user = no
main: nospace_pass = no
main: checkrad = /usr/local/sbin/checkrad
main: proxy_requests = no
security: max_attributes = 200
security: reject_delay = 1
security: status_server = no
main: debug_level = 0
read_config_files: reading dictionary
read_config_files: reading naslist
read_config_files: reading clients
read_config_files: reading realms
radiusd: entering modules setup
Module: Library search path is /usr/local/lib
Module: Loaded exec
exec: wait = yes
exec: program = (null)
exec: input_pairs = request
exec: output_pairs = (null)
exec: packet_type = (null)
rlm_exec: Wait=yes but no output defined. Did you mean output=none?
Module: Instantiated exec (exec)
Module: Loaded expr
Module: Instantiated expr (expr)
Module: Loaded PAP
pap: encryption_scheme = crypt
Module: Instantiated pap (pap)
Module: Loaded CHAP
Module: Instantiated chap (chap)
Module: Loaded MS-CHAP
mschap: use_mppe = yes
mschap: require_encryption = no
mschap: require_strong = no
mschap: with_ntdomain_hack = no
mschap: passwd = (null)
mschap: ntlm_auth = (null)
Module: Instantiated mschap (mschap)
Module: Loaded System
unix: cache = no
unix: passwd = /etc/passwd
unix: shadow = /etc/shadow
unix: group = /etc/group
unix: radwtmp = /var/log/radwtmp
unix: usegroup = no
unix: cache_reload = 600
Module: Instantiated unix (unix)
Module: Loaded eap
eap: default_eap_type = md5
eap: timer_expire = 60
eap: ignore_unknown_eap_types = no
eap: cisco_accounting_username_bug = no
rlm_eap: Loaded and initialized type md5
rlm_eap: Loaded and initialized type leap
gtc: challenge = Password:
gtc: auth_type = PAP
rlm_eap: Loaded and initialized type gtc
mschapv2: with_ntdomain_hack = no
rlm_eap: Loaded and initialized type mschapv2
Module: Instantiated eap (eap)
Module: Loaded preprocess
preprocess: huntgroups = /usr/local/etc/raddb/huntgroups
preprocess: hints = /usr/local/etc/raddb/hints
preprocess: with_ascend_hack = no
preprocess: ascend_channels_per_line = 23
preprocess: with_ntdomain_hack = no
preprocess: with_specialix_jetstream_hack = no
preprocess: with_cisco_vsa_hack = no
Module: Instantiated preprocess (preprocess)
