Find the answer to your Linux question:
Results 1 to 2 of 2
DC: 192.168.1.4 or Server11 Wireless Access Point: 192.168.1.251 SSID: jump Note: Had to replace all at symbals with the word AT I have hit a brickwall and am having a ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #1
    Just Joined!
    Join Date
    Aug 2010
    Location
    USA
    Posts
    4

    [SOLVED] FreeRadius with Active DIR - Authenication Issues - Last Stre


    DC: 192.168.1.4 or Server11
    Wireless Access Point: 192.168.1.251
    SSID: jump

    Note: Had to replace all at symbals with the word AT

    I have hit a brickwall and am having a really hard time getting through this last stretch. I am trying to setup freeradius on Centos 5.6 and am running into some issues. I am looking to setup freeradius to authenicate users for wireless access using there active directory account. I have tried following both these two guides: (can't post, don't have more then 15 post) .I can authenicate just find using some of the tools and local commands to test however When I start freeradius and try and connect using wireless I get some errors. Below are the errors I am seeing when running freeradius in debug mode (radiusd -X):




    Code:
    Ready to process requests.
    rad_recv: Access-Request packet from host 192.168.1.251 port 65468, id=72, length=150
    	User-Name = "TEC\\user1"
    	NAS-IP-Address = 192.168.1.251
    	NAS-Port = 0
    	Called-St AT ion-Id = "F8-1E-DF-FE-C7-1C:jump"
    	Calling-St AT ion-Id = "00-1E-C2-A6-25-E7"
    	Framed-MTU = 1400
    	NAS-Port-Type = Wireless-802.11
    	Connect-Info = "CONNECT 0Mbps 802.11"
    	EAP-Message = 0x0202000c015445435c65626c
    	Message-Authentic AT or = 0x63beaad45c9e4c48aa05cc09025a390d
    +- entering group authorize {...}
    ++[preprocess] returns ok
    ++[chap] returns noop
    ++[mschap] returns noop
    [suffix] No '  AT  ' in User-Name = "TEC\user1", looking up realm NULL
    [suffix] No such realm "NULL"
    ++[suffix] returns noop
    [eap] EAP packet type response id 2 length 12
    [eap] No EAP Start, assuming it's an on-going EAP convers AT ion
    ++[eap] returns upd AT ed
    ++[unix] returns notfound
    rlm_ldap: Entering ldap_groupcmp()
    [files] 	expand: �??cn=users,dc=TEC,dc=local�?? -> �??cn=users,dc=TEC,dc=local�??
    [files] WARNING: Deprec AT ed conditional expansion ":-".  See "man unlang" for details
    [files] 	expand: �??(&(sAMAccountName=%{Stripped-User-Name:-%{User-Name}}))�?? -> �??(&(sAMAccountName=TEC\5cuser1))�??
    rlm_ldap: ldap_get_conn: Checking Id: 0
    rlm_ldap: ldap_get_conn: Got Id: 0
    rlm_ldap:  AT tempting LDAP reconnection
    rlm_ldap: (re)connect to server11.tec.local:389, authentic AT ion 0
    rlm_ldap: bind as �??cn=Administr AT or,cn=users,dc=TEC,dc=local�??/MY-ADMIN-PASSWORD to server11.tec.local:389
    rlm_ldap: waiting for bind result ...
    rlm_ldap: LDAP login failed: check identity, password settings in ldap section of radiusd.conf
    rlm_ldap: (re)connection  AT tempt failed
    rlm_ldap::ldap_groupcmp: search failed
    rlm_ldap: ldap_release_conn: Release Id: 0
    ++[files] returns noop
    [ldap] performing user authoriz AT ion for TEC\user1
    [ldap] WARNING: Deprec AT ed conditional expansion ":-".  See "man unlang" for details
    [ldap] 	expand: �??(&(sAMAccountName=%{Stripped-User-Name:-%{User-Name}}))�?? -> �??(&(sAMAccountName=TEC\5cuser1))�??
    [ldap] 	expand: �??cn=users,dc=TEC,dc=local�?? -> �??cn=users,dc=TEC,dc=local�??
    rlm_ldap: ldap_get_conn: Checking Id: 0
    rlm_ldap: ldap_get_conn: Got Id: 0
    rlm_ldap:  AT tempting LDAP reconnection
    rlm_ldap: (re)connect to server11.tec.local:389, authentic AT ion 0
    rlm_ldap: bind as �??cn=Administr AT or,cn=users,dc=TEC,dc=local�??/MY-ADMIN-PASSWORD to server11.tec.local:389
    rlm_ldap: waiting for bind result ...
    rlm_ldap: LDAP login failed: check identity, password settings in ldap section of radiusd.conf
    rlm_ldap: (re)connection  AT tempt failed
    [ldap] search failed
    rlm_ldap: ldap_release_conn: Release Id: 0
    ++[ldap] returns fail
    Invalid user: [TEC\\user1/<via Auth-Type = EAP>] (from client 192.168.1.251 port 0 cli 00-1E-C2-A6-25-E7)
    Using Post-Auth-Type Reject
    +- entering group REJECT {...}
    [ AT tr_filter.access_reject] 	expand: %{User-Name} -> TEC\user1
      AT tr_filter: M AT ched entry DEFAULT  AT  line 11
    ++[ AT tr_filter.access_reject] returns upd AT ed
    Delaying reject of request 1 for 1 seconds
    Going to the next request
    Waking up in 0.9 seconds.
    Sending delayed reject for request 1
    Sending Access-Reject of id 72 to 192.168.1.251 port 65468
    Waking up in 4.9 seconds.
    Cleaning up request 1 ID 72 with timestamp +112
    Ready to process requests.


    ------------------------------------------------------------------------------
    This is wh AT it looks like when I start freeradius in debug mode:



    Code:
    [root  AT  server15 raddb]# radiusd -X
    FreeRADIUS Version 2.1.7, for host x86_64-redh AT -linux-gnu, built on Mar 31 2010  AT  00:14:28
    Copyright (C) 1999-2009 The FreeRADIUS server project and contributors. 
    There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A 
    PARTICULAR PURPOSE. 
    You may redistribute copies of FreeRADIUS under the terms of the 
    GNU General Public License v2. 
    Starting - reading configur AT ion files ...
    including configur AT ion file /etc/raddb/radiusd.conf
    including configur AT ion file /etc/raddb/proxy.conf
    including configur AT ion file /etc/raddb/clients.conf
    including files in directory /etc/raddb/modules/
    including configur AT ion file /etc/raddb/modules/krb5
    including configur AT ion file /etc/raddb/modules/always
    including configur AT ion file /etc/raddb/modules/files
    including configur AT ion file /etc/raddb/modules/pap
    including configur AT ion file /etc/raddb/modules/linelog
    including configur AT ion file /etc/raddb/modules/unix
    including configur AT ion file /etc/raddb/modules/digest
    including configur AT ion file /etc/raddb/modules/expr
    including configur AT ion file /etc/raddb/modules/ AT tr_rewrite
    including configur AT ion file /etc/raddb/modules/acct_unique
    including configur AT ion file /etc/raddb/modules/preprocess
    including configur AT ion file /etc/raddb/modules/passwd
    including configur AT ion file /etc/raddb/modules/detail.example.com
    including configur AT ion file /etc/raddb/modules/mac2vlan
    including configur AT ion file /etc/raddb/modules/sradutmp
    including configur AT ion file /etc/raddb/modules/exec
    including configur AT ion file /etc/raddb/modules/realm
    including configur AT ion file /etc/raddb/modules/ AT tr_filter
    including configur AT ion file /etc/raddb/modules/ippool
    including configur AT ion file /etc/raddb/modules/perl
    including configur AT ion file /etc/raddb/modules/mac2ip
    including configur AT ion file /etc/raddb/modules/policy
    including configur AT ion file /etc/raddb/modules/detail.log
    including configur AT ion file /etc/raddb/modules/etc_group
    including configur AT ion file /etc/raddb/modules/logintime
    including configur AT ion file /etc/raddb/modules/mschap
    including configur AT ion file /etc/raddb/modules/inner-eap
    including configur AT ion file /etc/raddb/modules/checkval
    including configur AT ion file /etc/raddb/modules/expir AT ion
    including configur AT ion file /etc/raddb/modules/cui
    including configur AT ion file /etc/raddb/modules/smbpasswd
    including configur AT ion file /etc/raddb/modules/radutmp
    including configur AT ion file /etc/raddb/modules/wimax
    including configur AT ion file /etc/raddb/modules/echo
    including configur AT ion file /etc/raddb/modules/ldap
    including configur AT ion file /etc/raddb/modules/smsotp
    including configur AT ion file /etc/raddb/modules/ntlm_auth
    including configur AT ion file /etc/raddb/modules/sqlcounter_expire_on_login
    including configur AT ion file /etc/raddb/modules/counter
    including configur AT ion file /etc/raddb/modules/detail
    including configur AT ion file /etc/raddb/modules/sql_log
    including configur AT ion file /etc/raddb/modules/otp
    including configur AT ion file /etc/raddb/modules/chap
    including configur AT ion file /etc/raddb/modules/pam
    including configur AT ion file /etc/raddb/eap.conf
    including configur AT ion file /etc/raddb/policy.conf
    including files in directory /etc/raddb/sites-enabled/
    including configur AT ion file /etc/raddb/sites-enabled/control-socket
    including configur AT ion file /etc/raddb/sites-enabled/default
    including configur AT ion file /etc/raddb/sites-enabled/inner-tunnel
    group = radiusd
    user = radiusd
    including dictionary file /etc/raddb/dictionary
    main {
    	prefix = "/usr"
    	localst AT edir = "/var"
    	logdir = "/var/log/radius"
    	libdir = "/usr/lib64/freeradius"
    	radacctdir = "/var/log/radius/radacct"
    	hostname_lookups = no
    	max_request_time = 30
    	cleanup_delay = 5
    	max_requests = 1024
    	allow_core_dumps = no
    	pidfile = "/var/run/radiusd/radiusd.pid"
    	checkrad = "/usr/sbin/checkrad"
    	debug_level = 0
    	proxy_requests = yes
     log {
    	stripped_names = no
    	auth = yes
    	auth_badpass = yes
    	auth_goodpass = yes
     }
     security {
    	max_ AT tributes = 200
    	reject_delay = 1
    	st AT us_server = yes
     }
    }
    radiusd: #### Loading Realms and Home Servers ####
     proxy server {
    	retry_delay = 5
    	retry_count = 3
    	default_fallback = no
    	dead_time = 120
    	wake_all_if_all_dead = no
     }
     home_server localhost {
    	ipaddr = 127.0.0.1
    	port = 1812
    	type = "auth"
    	secret = "testing123"
    	response_window = 20
    	max_outstanding = 65536
    	require_message_authentic AT or = no
    	zombie_period = 40
    	st AT us_check = "st AT us-server"
    	ping_interval = 30
    	check_interval = 30
    	num_answers_to_alive = 3
    	num_pings_to_alive = 3
    	revive_interval = 120
    	st AT us_check_timeout = 4
    	irt = 2
    	mrt = 16
    	mrc = 5
    	mrd = 30
     }
     home_server_pool my_auth_failover {
    	type = fail-over
    	home_server = localhost
     }
     realm example.com {
    	auth_pool = my_auth_failover
     }
     realm LOCAL {
     }
    radiusd: #### Loading Clients ####
     client localhost {
    	ipaddr = 127.0.0.1
    	require_message_authentic AT or = no
    	secret = "My-SECRET!"
    	nastype = "other"
     }
     client 192.168.1.251 {
    	require_message_authentic AT or = no
    	secret = "My-SECRET!"
    	shortname = "192.168.1.251"
     }
     client 192.168.1.0/24 {
    	require_message_authentic AT or = no
    	secret = "My-SECRET!"
    	shortname = "TEC"
     }
    radiusd: #### Instanti AT ing modules ####
     instanti AT e {
     Module: Linked to module rlm_exec
     Module: Instanti AT ing exec
      exec {
    	wait = no
    	input_pairs = "request"
    	shell_escape = yes
      }
     Module: Linked to module rlm_expr
     Module: Instanti AT ing expr
     Module: Linked to module rlm_expir AT ion
     Module: Instanti AT ing expir AT ion
      expir AT ion {
    	reply-message = "Password Has Expired  "
      }
     Module: Linked to module rlm_logintime
     Module: Instanti AT ing logintime
      logintime {
    	reply-message = "You are calling outside your allowed timespan  "
    	minimum-timeout = 60
      }
     }
    radiusd: #### Loading Virtual Servers ####
    server inner-tunnel {
     modules {
     Module: Checking authentic AT e {...} for more modules to load
     Module: Instanti AT ing ntlm_auth
      exec ntlm_auth {
    	wait = yes
    	program = "/usr/bin/ntlm_auth --request-nt-key --domain=TEC --username=%{mschap:User-Name} --password=%{User-Password}"
    	input_pairs = "request"
    	shell_escape = yes
      }
     Module: Linked to module rlm_pap
     Module: Instanti AT ing pap
      pap {
    	encryption_scheme = "auto"
    	auto_header = no
      }
     Module: Linked to module rlm_chap
     Module: Instanti AT ing chap
     Module: Linked to module rlm_mschap
     Module: Instanti AT ing mschap
      mschap {
    	use_mppe = yes
    	require_encryption = no
    	require_strong = no
    	with_ntdomain_hack = yes
    	ntlm_auth = "/usr/bin/ntlm_auth --request-nt-key --username=%{mschap:User-Name:-None} --domain=%{%{mschap:NT-Domain}:-MYDOMAIN} --challenge=%{mschap:Challenge:-00} --nt-response=%{mschap:NT-Response:-00}"
      }
     Module: Linked to module rlm_unix
     Module: Instanti AT ing unix
      unix {
    	radwtmp = "/var/log/radius/radwtmp"
      }
     Module: Linked to module rlm_eap
     Module: Instanti AT ing eap
      eap {
    	default_eap_type = "md5"
    	timer_expire = 60
    	ignore_unknown_eap_types = no
    	cisco_accounting_username_bug = no
    	max_sessions = 2048
      }
     Module: Linked to sub-module rlm_eap_md5
     Module: Instanti AT ing eap-md5
     Module: Linked to sub-module rlm_eap_leap
     Module: Instanti AT ing eap-leap
     Module: Linked to sub-module rlm_eap_gtc
     Module: Instanti AT ing eap-gtc
       gtc {
    	challenge = "Password: "
    	auth_type = "PAP"
       }
     Module: Linked to sub-module rlm_eap_tls
     Module: Instanti AT ing eap-tls
       tls {
    	rsa_key_exchange = no
    	dh_key_exchange = yes
    	rsa_key_length = 512
    	dh_key_length = 512
    	verify_depth = 0
    	pem_file_type = yes
    	priv AT e_key_file = "/etc/raddb/certs/server.pem"
    	certific AT e_file = "/etc/raddb/certs/server.pem"
    	CA_file = "/etc/raddb/certs/ca.pem"
    	priv AT e_key_password = "wh AT ever"
    	dh_file = "/etc/raddb/certs/dh"
    	random_file = "/etc/raddb/certs/random"
    	fragment_size = 1024
    	include_length = yes
    	check_crl = no
    	cipher_list = "DEFAULT"
    	make_cert_command = "/etc/raddb/certs/bootstrap"
        cache {
    	enable = no
    	lifetime = 24
    	max_entries = 255
        }
       }
     Module: Linked to sub-module rlm_eap_ttls
     Module: Instanti AT ing eap-ttls
       ttls {
    	default_eap_type = "md5"
    	copy_request_to_tunnel = no
    	use_tunneled_reply = no
    	virtual_server = "inner-tunnel"
    	include_length = yes
       }
     Module: Linked to sub-module rlm_eap_peap
     Module: Instanti AT ing eap-peap
       peap {
    	default_eap_type = "mschapv2"
    	copy_request_to_tunnel = no
    	use_tunneled_reply = no
    	proxy_tunneled_request_as_eap = yes
    	virtual_server = "inner-tunnel"
       }
     Module: Linked to sub-module rlm_eap_mschapv2
     Module: Instanti AT ing eap-mschapv2
       mschapv2 {
    	with_ntdomain_hack = no
       }
     Module: Checking authorize {...} for more modules to load
     Module: Linked to module rlm_realm
     Module: Instanti AT ing suffix
      realm suffix {
    	form AT  = "suffix"
    	delimiter = "  AT  "
    	ignore_default = no
    	ignore_null = no
      }
     Module: Linked to module rlm_files
     Module: Instanti AT ing files
      files {
    	usersfile = "/etc/raddb/users"
    	acctusersfile = "/etc/raddb/acct_users"
    	preproxy_usersfile = "/etc/raddb/preproxy_users"
    	comp AT  = "no"
      }
     Module: Linked to module rlm_ldap
     Module: Instanti AT ing ldap
      ldap {
    	server = "server11.tec.local"
    	port = 389
    	password = "MY-ADMIN-PASSWORD"
    	identity = "�??cn=Administr AT or,cn=users,dc=TEC,dc=local�??"
    	net_timeout = 1
    	timeout = 4
    	timelimit = 3
    	tls_mode = no
    	start_tls = no
    	tls_require_cert = "allow"
       tls {
    	start_tls = no
    	require_cert = "allow"
       }
    	basedn = "�??cn=users,dc=TEC,dc=local�??"
    	filter = "�??(&(sAMAccountName=%{Stripped-User-Name:-%{User-Name}}))�??"
    	base_filter = "(objectclass=radiusprofile)"
    	auto_header = no
    	access_ AT tr_used_for_allow = yes
    	groupname_ AT tribute = "cn"
    	groupmembership_filter = "�??(|(&(objectClass=group)(member=%Ldap-UserDn}))(&(objectClass=top)(uniquemember=%{Ldap-UserDn})))�??"
    	dictionary_mapping = "/etc/raddb/ldap. AT trmap"
    	ldap_debug = 0
    	ldap_connections_number = 5
    	compare_check_items = no
    	do_xl AT  = yes
    	set_auth_type = yes
      }
    rlm_ldap: Registering ldap_groupcmp for Ldap-Group
    rlm_ldap: Registering ldap_xl AT  with xl AT _name ldap
    rlm_ldap: Over-riding set_auth_type, as there is no module ldap listed in the "authentic AT e" section.
    rlm_ldap: reading ldap<->radius mappings from file /etc/raddb/ldap. AT trmap
    rlm_ldap: LDAP radiusCheckItem mapped to RADIUS $GENERIC$
    rlm_ldap: LDAP radiusReplyItem mapped to RADIUS $GENERIC$
    rlm_ldap: LDAP radiusAuthType mapped to RADIUS Auth-Type
    rlm_ldap: LDAP radiusSimultaneousUse mapped to RADIUS Simultaneous-Use
    rlm_ldap: LDAP radiusCalledSt AT ionId mapped to RADIUS Called-St AT ion-Id
    rlm_ldap: LDAP radiusCallingSt AT ionId mapped to RADIUS Calling-St AT ion-Id
    rlm_ldap: LDAP lmPassword mapped to RADIUS LM-Password
    rlm_ldap: LDAP ntPassword mapped to RADIUS NT-Password
    rlm_ldap: LDAP sambaLmPassword mapped to RADIUS LM-Password
    rlm_ldap: LDAP sambaNtPassword mapped to RADIUS NT-Password
    rlm_ldap: LDAP dBCSPwd mapped to RADIUS LM-Password
    rlm_ldap: LDAP acctFlags mapped to RADIUS SMB-Account-CTRL-TEXT
    rlm_ldap: LDAP radiusExpir AT ion mapped to RADIUS Expir AT ion
    rlm_ldap: LDAP radiusNASIpAddress mapped to RADIUS NAS-IP-Address
    rlm_ldap: LDAP radiusServiceType mapped to RADIUS Service-Type
    rlm_ldap: LDAP radiusFramedProtocol mapped to RADIUS Framed-Protocol
    rlm_ldap: LDAP radiusFramedIPAddress mapped to RADIUS Framed-IP-Address
    rlm_ldap: LDAP radiusFramedIPNetmask mapped to RADIUS Framed-IP-Netmask
    rlm_ldap: LDAP radiusFramedRoute mapped to RADIUS Framed-Route
    rlm_ldap: LDAP radiusFramedRouting mapped to RADIUS Framed-Routing
    rlm_ldap: LDAP radiusFilterId mapped to RADIUS Filter-Id
    rlm_ldap: LDAP radiusFramedMTU mapped to RADIUS Framed-MTU
    rlm_ldap: LDAP radiusFramedCompression mapped to RADIUS Framed-Compression
    rlm_ldap: LDAP radiusLoginIPHost mapped to RADIUS Login-IP-Host
    rlm_ldap: LDAP radiusLoginService mapped to RADIUS Login-Service
    rlm_ldap: LDAP radiusLoginTCPPort mapped to RADIUS Login-TCP-Port
    rlm_ldap: LDAP radiusCallbackNumber mapped to RADIUS Callback-Number
    rlm_ldap: LDAP radiusCallbackId mapped to RADIUS Callback-Id
    rlm_ldap: LDAP radiusFramedIPXNetwork mapped to RADIUS Framed-IPX-Network
    rlm_ldap: LDAP radiusClass mapped to RADIUS Class
    rlm_ldap: LDAP radiusSessionTimeout mapped to RADIUS Session-Timeout
    rlm_ldap: LDAP radiusIdleTimeout mapped to RADIUS Idle-Timeout
    rlm_ldap: LDAP radiusTermin AT ionAction mapped to RADIUS Termin AT ion-Action
    rlm_ldap: LDAP radiusLoginL AT Service mapped to RADIUS Login-L AT -Service
    rlm_ldap: LDAP radiusLoginL AT Node mapped to RADIUS Login-L AT -Node
    rlm_ldap: LDAP radiusLoginL AT Group mapped to RADIUS Login-L AT -Group
    rlm_ldap: LDAP radiusFramedAppleTalkLink mapped to RADIUS Framed-AppleTalk-Link
    rlm_ldap: LDAP radiusFramedAppleTalkNetwork mapped to RADIUS Framed-AppleTalk-Network
    rlm_ldap: LDAP radiusFramedAppleTalkZone mapped to RADIUS Framed-AppleTalk-Zone
    rlm_ldap: LDAP radiusPortLimit mapped to RADIUS Port-Limit
    rlm_ldap: LDAP radiusLoginL AT Port mapped to RADIUS Login-L AT -Port
    rlm_ldap: LDAP radiusReplyMessage mapped to RADIUS Reply-Message
    rlm_ldap: LDAP radiusTunnelType mapped to RADIUS Tunnel-Type
    rlm_ldap: LDAP radiusTunnelMediumType mapped to RADIUS Tunnel-Medium-Type
    rlm_ldap: LDAP radiusTunnelPriv AT eGroupId mapped to RADIUS Tunnel-Priv AT e-Group-Id
    conns: 0x12432850
     Module: Checking session {...} for more modules to load
     Module: Linked to module rlm_radutmp
     Module: Instanti AT ing radutmp
      radutmp {
    	filename = "/var/log/radius/radutmp"
    	username = "%{User-Name}"
    	case_sensitive = yes
    	check_with_nas = yes
    	perm = 384
    	callerid = yes
      }
     Module: Checking post-proxy {...} for more modules to load
     Module: Checking post-auth {...} for more modules to load
     Module: Linked to module rlm_ AT tr_filter
     Module: Instanti AT ing  AT tr_filter.access_reject
       AT tr_filter  AT tr_filter.access_reject {
    	 AT trsfile = "/etc/raddb/ AT trs.access_reject"
    	key = "%{User-Name}"
      }
     } # modules
    } # server
    server {
     modules {
     Module: Checking authentic AT e {...} for more modules to load
     Module: Checking authorize {...} for more modules to load
     Module: Linked to module rlm_preprocess
     Module: Instanti AT ing preprocess
      preprocess {
    	huntgroups = "/etc/raddb/huntgroups"
    	hints = "/etc/raddb/hints"
    	with_ascend_hack = no
    	ascend_channels_per_line = 23
    	with_ntdomain_hack = no
    	with_specialix_jetstream_hack = no
    	with_cisco_vsa_hack = no
    	with_alvarion_vsa_hack = no
      }
     Module: Checking preacct {...} for more modules to load
     Module: Linked to module rlm_acct_unique
     Module: Instanti AT ing acct_unique
      acct_unique {
    	key = "User-Name, Acct-Session-Id, NAS-IP-Address, Client-IP-Address, NAS-Port"
      }
     Module: Checking accounting {...} for more modules to load
     Module: Linked to module rlm_detail
     Module: Instanti AT ing detail
      detail {
    	detailfile = "/var/log/radius/radacct/%{Client-IP-Address}/detail-%Y%m%d"
    	header = "%t"
    	detailperm = 384
    	dirperm = 493
    	locking = no
    	log_packet_header = no
      }
     Module: Instanti AT ing  AT tr_filter.accounting_response
       AT tr_filter  AT tr_filter.accounting_response {
    	 AT trsfile = "/etc/raddb/ AT trs.accounting_response"
    	key = "%{User-Name}"
      }
     Module: Checking session {...} for more modules to load
     Module: Checking post-proxy {...} for more modules to load
     Module: Checking post-auth {...} for more modules to load
     } # modules
    } # server
    radiusd: #### Opening IP addresses and Ports ####
    listen {
    	type = "auth"
    	ipaddr = *
    	port = 0
    }
    listen {
    	type = "acct"
    	ipaddr = *
    	port = 0
    }
    listen {
    	type = "control"
     listen {
    	socket = "/var/run/radiusd/radiusd.sock"
     }
    }
    Listening on authentic AT ion address * port 1812
    Listening on accounting address * port 1813
    Listening on command file /var/run/radiusd/radiusd.sock
    Listening on proxy address * port 1814
    Ready to process requests.


    -----------------------------------------------------------------------
    If any one can help point me in the right direction, I would appreciated it so much!
    Last edited by eric_1982; 05-27-2011 at 03:38 PM.

  2. #2
    Just Joined!
    Join Date
    Aug 2010
    Location
    USA
    Posts
    4

    Resolved

    I resolved this problem by taking ldap out of the picture and following the steps on the deployingradius website.

    My set involved samba 3 and freeradius2 running on centos 5.6

    I had to take a few extra steps. I was running into some security issues with freeradius and winbind and resplved it by adding the radiusd user to the wbpriv group

    # /usr/sbin/usermod -a -G radiusd,wbpriv radiusd

    I also had to enable the NT hack in the mschap module

    /etc/raddb/modules/mschap

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •