Discussion :

[yabo84]

bonsoir, je suis entrain de me noyer dans un verre d'eau!!!
En fait, je suis entrains de configurer un freeradius-mysql pour mon serveur captif.

je suis entrain de suivre ce lien [[CODE]http://doc.ubuntu-fr.org/coovachilli[/[CODE]
voici mes modification dans les différents fichiers:

/etc/network/interfaces

Code :

Sélectionner tout - Visualiser dans une fenêtre à part

1
2
3
4
5
6
auto eth0
  iface eth0 inet static
  address 192.168.10.1
  netmask 255.255.255.0
  auto eth1
  iface eth1 inet dhcp

/etc/sysctl.conf

Code :

Sélectionner tout - Visualiser dans une fenêtre à part

net.ip4.ip_forward=1

Apres on relance les interfaces

Code :

Sélectionner tout - Visualiser dans une fenêtre à part

/etc/init.d/networking restart

Mysql

Code :

Sélectionner tout - Visualiser dans une fenêtre à part

1
2
3
4
5
6
7
8
9
10
11
12
mysql -u root -p
#Entrer le mot de passe de Mysql.
mysql> CREATE DATABASE radius;
mysql> quit  
mysql -u root -p radius < /etc/freeradius/sql/mysql/schema.sql
mysql -u root -p radius < /etc/freeradius/sql/mysql/nas.sql
mysql -u root -p
#Entrer le mot de passe de Mysql.
mysql> GRANT ALL PRIVILEGES ON radius.* TO 'radius'@'localhost' IDENTIFIED BY 'motdepassemysql';
mysql> FLUSH PRIVILEGES;
mysql> quit
mysqldump -u root -p radius > /home/'acte'/backup.sql

/etc/freeradius/clients.conf

Code :

Sélectionner tout - Visualiser dans une fenêtre à part

1
2
3
4
client localhost {
    ipaddr = 127.0.0.1
    secret = secretacte
}

/etc/freeradius/users

Code :

Sélectionner tout - Visualiser dans une fenêtre à part

1
2
"John Doe"     Auth-Type := Local, User-Password == "hello"
               Reply-Message = "Hello, %{User-Name}"

sudo /etc/init.d/freeradius stop
sudo freeradius -XXX

Tester

Code :

Sélectionner tout - Visualiser dans une fenêtre à part

1
2
3
4
5
6
7
root@ldap:/home/acte# radtest "John Doe" hello 127.0.0.1 0 secretacte
Sending Access-Request of id 212 to 127.0.0.1 port 1812
    User-Name = "John Doe"
    User-Password = "hello"
    NAS-IP-Address = 127.0.1.1
    NAS-Port = 0
rad_recv: Access-Reject packet from host 127.0.0.1 port 1812, id=212, length=20

je suis bloquer la depuis 2 jours/
J'attaque le server (192.168.10.1) par un client (192.168.10.3) via ssh
quelqu"un peut me venir en aide?

[mvvvv]

ne manque-t-il pas dans /etc/network/interfaces la définition du lo ?

Code :

Sélectionner tout - Visualiser dans une fenêtre à part

1
2
3
 
auto lo
iface lo inet loopback

[yabo84]

C'etait une erreur de copier/coller le fichier /etc/network/interfaces est:

Code :

Sélectionner tout - Visualiser dans une fenêtre à part

1
2
3
4
5
6
7
8
9
  auto lo
  iface lo inet loopback
 
  auto eth0
  iface eth0 inet static
  address 192.168.10.1
  netmask 255.255.255.0
  auto eth1
  iface eth1 inet dhcp

[mvvvv]

Et en testant ainsi :

Code :

Sélectionner tout - Visualiser dans une fenêtre à part

radtest "John Doe" hello localhost 10 secretacte

[yabo84]

radtest "John Doe" hello localhost 10 secretacte me donne ceci:

Code :

Sélectionner tout - Visualiser dans une fenêtre à part

1
2
3
4
5
6
7
root@ldap:/home/acte#  radtest "John Doe" hello 127.0.0.1 10 secretacte
Sending Access-Request of id 4 to 127.0.0.1 port 1812
	User-Name = "John Doe"
	User-Password = "hello"
	NAS-IP-Address = 127.0.1.1
	NAS-Port = 10
rad_recv: Access-Reject packet from host 127.0.0.1 port 1812, id=4, length=20

[mvvvv]

que donne la commande nmap localhost ?

notamment concernant le port 1812.

[yabo84]

la commande nmap localhost donne ceci:

Code :

Sélectionner tout - Visualiser dans une fenêtre à part

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
acte@ldap:~$ nmap localhost 
 
Starting Nmap 5.21 ( http://nmap.org ) at 2012-06-21 13:10 CEST
Nmap scan report for localhost (127.0.0.1)
Host is up (0.00078s latency).
Hostname localhost resolves to 2 IPs. Only scanned 127.0.0.1
Not shown: 992 closed ports
PORT     STATE SERVICE
22/tcp   open  ssh
53/tcp   open  domain
80/tcp   open  http
139/tcp  open  netbios-ssn
389/tcp  open  ldap
445/tcp  open  microsoft-ds
631/tcp  open  ipp
3306/tcp open  mysql
 
Nmap done: 1 IP address (1 host up) scanned in 0.13 seconds

[mvvvv]

visiblement personne n'écoute le port 1813

ne faudrait-il pas lancer free radius par le service ?

Code :

Sélectionner tout - Visualiser dans une fenêtre à part

1
2
 
sudo /etc/init.d/freeradius start

ou en mode debug (à en croire la doc )

Code :

Sélectionner tout - Visualiser dans une fenêtre à part

sudo radiusd -X

http://freeradius.org/doc/

[yabo84]

Code :

Sélectionner tout - Visualiser dans une fenêtre à part

sudo /etc/init.d/freeradius start

passe tres bien avec avec le message:

Code :

Sélectionner tout - Visualiser dans une fenêtre à part

1
2
Stopping FreeRADIUS Daemon freeradius       [OK]
          Starting FreeRADIUS Daemon freeradius       [OK]

Par contre

Code :

Sélectionner tout - Visualiser dans une fenêtre à part

sudo radiusd -X

m'a imposer d'installer 3 packages.
Mais j'ai toujours le meme resultat sur radtest

[mvvvv]

je ne comprend pas pourquoi on ne voit pas le port lors du nmap.

Ce n'est peut être pas 1812

[Eusebius]

je ne comprend pas pourquoi on ne voit pas le port lors du nmap.

Ce n'est peut être pas 1812

Alors la commande suivante nous dira peut-être sur quoi écoute radius, s'il écoute sur quelque chose :

Code :

Sélectionner tout - Visualiser dans une fenêtre à part

sudo netstat -ap -net inet

[yabo84]

j'ai resolu mon probleme en desinstallant et en reinstallant freeradius Voici donc le resultat de radtest "John Doe" hello 127.0.0.1 0 testing123

Code :

Sélectionner tout - Visualiser dans une fenêtre à part

1
2
3
4
5
6
7
8
root@pc-fauba:/home/fauba# radtest "John Doe" hello 127.0.0.1 0 testing123
Sending Access-Request of id 236 to 127.0.0.1 port 1812
	User-Name = "John Doe"
	User-Password = "hello"
	NAS-IP-Address = 127.0.1.1
	NAS-Port = 0
rad_recv: Access-Accept packet from host 127.0.0.1 port 1812, id=236, length=37
	Reply-Message = "Hello, John Doe"

Ensuite J'ai inseré un utilisateur dans mysql (apres avoir modifié les différents fichiiers de configuration)

Code :

Sélectionner tout - Visualiser dans une fenêtre à part

echo "INSERT INTO radcheck (UserName, Attribute, Value) VALUES ('chillispot', 'Password', 'chillispot');" | mysql -u root -p radius

radtest chillispot chillispot 127.0.0.1 0 testing123 me donne ceci

Code :

Sélectionner tout - Visualiser dans une fenêtre à part

1
2
3
4
5
6
7
root@pc-fauba:/home/fauba# radtest chillispot chillispot 127.0.0.1 0 testing123
Sending Access-Request of id 238 to 127.0.0.1 port 1812
	User-Name = "chillispot"
	User-Password = "chillispot"
	NAS-IP-Address = 127.0.1.1
	NAS-Port = 0
rad_recv: Access-Reject packet from host 127.0.0.1 port 1812, id=238, length=20

Comment pourrais-je le resoudre?

[yabo84]

Alors la commande suivante nous dira peut-être sur quoi écoute radius, s'il écoute sur quelque chose :

Code :

Sélectionner tout - Visualiser dans une fenêtre à part

sudo netstat -ap -net inet

voici le resultat:

Code :

Sélectionner tout - Visualiser dans une fenêtre à part

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
root@pc-fauba:/home/fauba# netstat -ap -net inet
Connexions Internet actives (serveurs et établies)
Proto Recv-Q Send-Q Adresse locale          Adresse distante        Etat       User       Inode       PID/Program name
tcp        0      0 127.0.0.1:3306          0.0.0.0:*               LISTEN      115        10009       1027/mysqld     
tcp        0      0 127.0.0.1:53            0.0.0.0:*               LISTEN      0          222986      2918/dnsmasq    
tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN      0          7385        489/sshd        
tcp        0      0 127.0.0.1:631           0.0.0.0:*               LISTEN      0          7523        585/cupsd       
tcp        0      0 0.0.0.0:538             0.0.0.0:*               LISTEN      0          9449        1071/gdomap     
tcp        0      0 0.0.0.0:389             0.0.0.0:*               LISTEN      0          9102        1029/slapd      
tcp        0      0 192.168.1.130:55295     64.236.90.73:80         ESTABLISHED 1000       562634      2496/firefox    
tcp        0      0 192.168.1.130:40730     207.46.193.176:80       ESTABLISHED 1000       564654      2496/firefox    
tcp        0      0 192.168.1.130:45077     208.88.80.77:80         ESTABLISHED 1000       568536      2496/firefox    
tcp        0      0 192.168.1.130:33712     66.220.151.86:80        ESTABLISHED 1000       249670      2496/firefox    
tcp        0      0 192.168.1.130:39968     87.98.128.200:80        ESTABLISHED 1000       560908      2496/firefox    
tcp        0      0 192.168.1.130:43946     87.98.155.64:80         ESTABLISHED 1000       567133      2496/firefox    
tcp        0      0 192.168.1.130:54806     92.122.212.41:80        ESTABLISHED 1000       563909      2496/firefox    
tcp        1      0 192.168.1.130:59271     91.189.89.134:80        CLOSE_WAIT  1000       31191       2122/python     
tcp        0      0 192.168.1.130:39966     87.98.128.200:80        ESTABLISHED 1000       560814      2496/firefox    
tcp        1      0 192.168.1.130:59272     91.189.89.134:80        CLOSE_WAIT  1000       31192       2122/python     
tcp        0      0 192.168.1.130:54110     173.194.34.100:80       ESTABLISHED 1000       567132      2496/firefox    
tcp        0      0 192.168.1.130:39965     87.98.128.200:80        ESTABLISHED 1000       560813      2496/firefox    
tcp        0      0 192.168.1.130:39964     87.98.128.200:80        ESTABLISHED 1000       560812      2496/firefox    
tcp        0      0 192.168.1.130:39967     87.98.128.200:80        ESTABLISHED 1000       560815      2496/firefox    
tcp        0      0 192.168.1.130:52561     94.245.70.47:80         ESTABLISHED 1000       566500      2496/firefox    
tcp6       0      0 :::80                   :::*                    LISTEN      0          9659        1791/apache2    
tcp6       0      0 :::22                   :::*                    LISTEN      0          7371        489/sshd        
tcp6       0      0 :::443                  :::*                    LISTEN      0          9663        1791/apache2    
tcp6       0      0 :::389                  :::*                    LISTEN      0          9103        1029/slapd

et voici le resultat de freeradius -X

Code :

Sélectionner tout - Visualiser dans une fenêtre à part

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
 Module: Instantiating module "attr_filter.access_reject" from file /etc/freeradius/modules/attr_filter
  attr_filter attr_filter.access_reject {
	attrsfile = "/etc/freeradius/attrs.access_reject"
	key = "%{User-Name}"
  }
 } # modules
} # server
server { # from file /etc/freeradius/radiusd.conf
 modules {
 Module: Checking authenticate {...} for more modules to load
 Module: Linked to module rlm_digest
 Module: Instantiating module "digest" from file /etc/freeradius/modules/digest
 Module: Checking authorize {...} for more modules to load
 Module: Linked to module rlm_preprocess
 Module: Instantiating module "preprocess" from file /etc/freeradius/modules/preprocess
  preprocess {
	huntgroups = "/etc/freeradius/huntgroups"
	hints = "/etc/freeradius/hints"
	with_ascend_hack = no
	ascend_channels_per_line = 23
	with_ntdomain_hack = no
	with_specialix_jetstream_hack = no
	with_cisco_vsa_hack = no
	with_alvarion_vsa_hack = no
  }
 Module: Checking preacct {...} for more modules to load
 Module: Linked to module rlm_acct_unique
 Module: Instantiating module "acct_unique" from file /etc/freeradius/modules/acct_unique
  acct_unique {
	key = "User-Name, Acct-Session-Id, NAS-IP-Address, Client-IP-Address, NAS-Port"
  }
 Module: Checking accounting {...} for more modules to load
 Module: Linked to module rlm_detail
 Module: Instantiating module "detail" from file /etc/freeradius/modules/detail
  detail {
	detailfile = "/var/log/freeradius/radacct/%{Client-IP-Address}/detail-%Y%m%d"
	header = "%t"
	detailperm = 384
	dirperm = 493
	locking = no
	log_packet_header = no
  }
 Module: Instantiating module "attr_filter.accounting_response" from file /etc/freeradius/modules/attr_filter
  attr_filter attr_filter.accounting_response {
	attrsfile = "/etc/freeradius/attrs.accounting_response"
	key = "%{User-Name}"
  }
 Module: Checking session {...} for more modules to load
 Module: Checking post-proxy {...} for more modules to load
 Module: Checking post-auth {...} for more modules to load
 } # modules
} # server
radiusd: #### Opening IP addresses and Ports ####
listen {
	type = "auth"
	ipaddr = *
	port = 0
}
listen {
	type = "acct"
	ipaddr = *
	port = 0
}
listen {
	type = "auth"
	ipaddr = 127.0.0.1
	port = 18120
}
Listening on authentication address * port 1812
Listening on accounting address * port 1813
Listening on authentication address 127.0.0.1 port 18120 as server inner-tunnel
Listening on proxy address * port 1814
Ready to process requests.
^C
root@pc-fauba:~# radtest Thus1 motdepasse 127.0.0.1 0 testing123
Sending Access-Request of id 32 to 127.0.0.1 port 1812
	User-Name = "Thus1"
	User-Password = "motdepasse"
	NAS-IP-Address = 127.0.1.1
	NAS-Port = 0
Sending Access-Request of id 32 to 127.0.0.1 port 1812
	User-Name = "Thus1"
	User-Password = "motdepasse"
	NAS-IP-Address = 127.0.1.1
	NAS-Port = 0
Sending Access-Request of id 32 to 127.0.0.1 port 1812
	User-Name = "Thus1"
	User-Password = "motdepasse"
	NAS-IP-Address = 127.0.1.1
	NAS-Port = 0
^C
root@pc-fauba:~# radtest "John Doe" hello 127.0.0.1 0 testing123
Sending Access-Request of id 80 to 127.0.0.1 port 1812
	User-Name = "John Doe"
	User-Password = "hello"
	NAS-IP-Address = 127.0.1.1
	NAS-Port = 0
Sending Access-Request of id 80 to 127.0.0.1 port 1812
	User-Name = "John Doe"
	User-Password = "hello"
	NAS-IP-Address = 127.0.1.1
	NAS-Port = 0
^C
root@pc-fauba:~# radtest "John Doe" hello 127.0.0.1 0 testing123
Sending Access-Request of id 183 to 127.0.0.1 port 1812
	User-Name = "John Doe"
	User-Password = "hello"
	NAS-IP-Address = 127.0.1.1
	NAS-Port = 0
Sending Access-Request of id 183 to 127.0.0.1 port 1812
	User-Name = "John Doe"
	User-Password = "hello"
	NAS-IP-Address = 127.0.1.1
	NAS-Port = 0
Sending Access-Request of id 183 to 127.0.0.1 port 1812
	User-Name = "John Doe"
	User-Password = "hello"
	NAS-IP-Address = 127.0.1.1
	NAS-Port = 0
radclient: no response from server for ID 183 socket 3
root@pc-fauba:~# /etc/init.d/freeradius stop
 * Stopping FreeRADIUS daemon freeradius                                         * /var/run/freeradius/freeradius.pid not found...                       [ OK ] 
root@pc-fauba:~# /etc/init.d/freeradius restart
 * Stopping FreeRADIUS daemon freeradius                                         * /var/run/freeradius/freeradius.pid not found...                       [ OK ] 
 * Starting FreeRADIUS daemon freeradius                                 [ OK ] 
root@pc-fauba:~# radtest "John Doe" hello 127.0.0.1 0 testing123
Sending Access-Request of id 125 to 127.0.0.1 port 1812
	User-Name = "John Doe"
	User-Password = "hello"
	NAS-IP-Address = 127.0.1.1
	NAS-Port = 0
rad_recv: Access-Accept packet from host 127.0.0.1 port 1812, id=125, length=37
	Reply-Message = "Hello, John Doe"
root@pc-fauba:~# radtest Thus1 motdepasse 127.0.0.1 0 testing123
Sending Access-Request of id 126 to 127.0.0.1 port 1812
	User-Name = "Thus1"
	User-Password = "motdepasse"
	NAS-IP-Address = 127.0.1.1
	NAS-Port = 0
rad_recv: Access-Reject packet from host 127.0.0.1 port 1812, id=126, length=20
root@pc-fauba:~# freeradius -X
FreeRADIUS Version 2.1.10, for host i686-pc-linux-gnu, built on Nov 24 2011 at 07:42:53
Copyright (C) 1999-2009 The FreeRADIUS server project and contributors. 
There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A 
PARTICULAR PURPOSE. 
You may redistribute copies of FreeRADIUS under the terms of the 
GNU General Public License v2. 
Starting - reading configuration files ...
including configuration file /etc/freeradius/radiusd.conf
including configuration file /etc/freeradius/proxy.conf
including configuration file /etc/freeradius/clients.conf
including files in directory /etc/freeradius/modules/
including configuration file /etc/freeradius/modules/acct_unique
including configuration file /etc/freeradius/modules/mac2ip
including configuration file /etc/freeradius/modules/counter
including configuration file /etc/freeradius/modules/detail
including configuration file /etc/freeradius/modules/ldap
including configuration file /etc/freeradius/modules/unix
including configuration file /etc/freeradius/modules/otp
including configuration file /etc/freeradius/modules/cui
including configuration file /etc/freeradius/modules/opendirectory
including configuration file /etc/freeradius/modules/krb5
including configuration file /etc/freeradius/modules/wimax
including configuration file /etc/freeradius/modules/sradutmp
including configuration file /etc/freeradius/modules/expiration
including configuration file /etc/freeradius/modules/smbpasswd
including configuration file /etc/freeradius/modules/inner-eap
including configuration file /etc/freeradius/modules/dynamic_clients
including configuration file /etc/freeradius/modules/passwd
including configuration file /etc/freeradius/modules/logintime
including configuration file /etc/freeradius/modules/detail.log
including configuration file /etc/freeradius/modules/mac2vlan
including configuration file /etc/freeradius/modules/digest
including configuration file /etc/freeradius/modules/detail.example.com
including configuration file /etc/freeradius/modules/ntlm_auth
including configuration file /etc/freeradius/modules/attr_filter
including configuration file /etc/freeradius/modules/always
including configuration file /etc/freeradius/modules/policy
including configuration file /etc/freeradius/modules/echo
including configuration file /etc/freeradius/modules/linelog
including configuration file /etc/freeradius/modules/sql_log
including configuration file /etc/freeradius/modules/files
including configuration file /etc/freeradius/modules/exec
including configuration file /etc/freeradius/modules/perl
including configuration file /etc/freeradius/modules/mschap
including configuration file /etc/freeradius/modules/checkval
including configuration file /etc/freeradius/modules/preprocess
including configuration file /etc/freeradius/modules/etc_group
including configuration file /etc/freeradius/modules/smsotp
including configuration file /etc/freeradius/modules/attr_rewrite
including configuration file /etc/freeradius/modules/sqlcounter_expire_on_login
including configuration file /etc/freeradius/modules/ippool
including configuration file /etc/freeradius/modules/pap
including configuration file /etc/freeradius/modules/pam
including configuration file /etc/freeradius/modules/radutmp
including configuration file /etc/freeradius/modules/expr
including configuration file /etc/freeradius/modules/chap
including configuration file /etc/freeradius/modules/realm
including configuration file /etc/freeradius/eap.conf
including configuration file /etc/freeradius/sql.conf
including configuration file /etc/freeradius/sql/mysql/dialup.conf
including configuration file /etc/freeradius/sql/mysql/counter.conf
including configuration file /etc/freeradius/policy.conf
including files in directory /etc/freeradius/sites-enabled/
including configuration file /etc/freeradius/sites-enabled/default
including configuration file /etc/freeradius/sites-enabled/radius.foobar.com
including configuration file /etc/freeradius/sites-enabled/inner-tunnel
main {
	user = "freerad"
	group = "freerad"
	allow_core_dumps = no
}
including dictionary file /etc/freeradius/dictionary
main {
	prefix = "/usr"
	localstatedir = "/var"
	logdir = "/var/log/freeradius"
	libdir = "/usr/lib/freeradius"
	radacctdir = "/var/log/freeradius/radacct"
	hostname_lookups = no
	max_request_time = 30
	cleanup_delay = 5
	max_requests = 1024
	pidfile = "/var/run/freeradius/freeradius.pid"
	checkrad = "/usr/sbin/checkrad"
	debug_level = 0
	proxy_requests = yes
 log {
	stripped_names = no
	auth = no
	auth_badpass = no
	auth_goodpass = no
 }
 security {
	max_attributes = 200
	reject_delay = 1
	status_server = yes
 }
}
radiusd: #### Loading Realms and Home Servers ####
 proxy server {
	retry_delay = 5
	retry_count = 3
	default_fallback = no
	dead_time = 120
	wake_all_if_all_dead = no
 }
 home_server localhost {
	ipaddr = 127.0.0.1
	port = 1812
	type = "auth"
	secret = "testing123"
	response_window = 20
	max_outstanding = 65536
	require_message_authenticator = yes
	zombie_period = 40
	status_check = "status-server"
	ping_interval = 30
	check_interval = 30
	num_answers_to_alive = 3
	num_pings_to_alive = 3
	revive_interval = 120
	status_check_timeout = 4
	irt = 2
	mrt = 16
	mrc = 5
	mrd = 30
 }
 home_server_pool my_auth_failover {
	type = fail-over
	home_server = localhost
 }
 realm example.com {
	auth_pool = my_auth_failover
 }
 realm LOCAL {
 }
radiusd: #### Loading Clients ####
 client localhost {
	ipaddr = 127.0.0.1
	require_message_authenticator = no
	secret = "testing123"
	nastype = "other"
 }
radiusd: #### Instantiating modules ####
 instantiate {
 Module: Linked to module rlm_exec
 Module: Instantiating module "exec" from file /etc/freeradius/modules/exec
  exec {
	wait = no
	input_pairs = "request"
	shell_escape = yes
  }
 Module: Linked to module rlm_expr
 Module: Instantiating module "expr" from file /etc/freeradius/modules/expr
 Module: Linked to module rlm_expiration
 Module: Instantiating module "expiration" from file /etc/freeradius/modules/expiration
  expiration {
	reply-message = "Password Has Expired  "
  }
 Module: Linked to module rlm_logintime
 Module: Instantiating module "logintime" from file /etc/freeradius/modules/logintime
  logintime {
	reply-message = "You are calling outside your allowed timespan  "
	minimum-timeout = 60
  }
 }
radiusd: #### Loading Virtual Servers ####
server inner-tunnel { # from file /etc/freeradius/sites-enabled/inner-tunnel
 modules {
 Module: Checking authenticate {...} for more modules to load
 Module: Linked to module rlm_pap
 Module: Instantiating module "pap" from file /etc/freeradius/modules/pap
  pap {
	encryption_scheme = "auto"
	auto_header = no
  }
 Module: Linked to module rlm_chap
 Module: Instantiating module "chap" from file /etc/freeradius/modules/chap
 Module: Linked to module rlm_mschap
 Module: Instantiating module "mschap" from file /etc/freeradius/modules/mschap
  mschap {
	use_mppe = yes
	require_encryption = no
	require_strong = no
	with_ntdomain_hack = no
  }
 Module: Linked to module rlm_unix
 Module: Instantiating module "unix" from file /etc/freeradius/modules/unix
  unix {
	radwtmp = "/var/log/freeradius/radwtmp"
  }
 Module: Linked to module rlm_eap
 Module: Instantiating module "eap" from file /etc/freeradius/eap.conf
  eap {
	default_eap_type = "md5"
	timer_expire = 60
	ignore_unknown_eap_types = no
	cisco_accounting_username_bug = no
	max_sessions = 4096
  }
 Module: Linked to sub-module rlm_eap_md5
 Module: Instantiating eap-md5
 Module: Linked to sub-module rlm_eap_leap
 Module: Instantiating eap-leap
 Module: Linked to sub-module rlm_eap_gtc
 Module: Instantiating eap-gtc
   gtc {
	challenge = "Password: "
	auth_type = "PAP"
   }
 Module: Linked to sub-module rlm_eap_tls
 Module: Instantiating eap-tls
   tls {
	rsa_key_exchange = no
	dh_key_exchange = yes
	rsa_key_length = 512
	dh_key_length = 512
	verify_depth = 0
	CA_path = "/etc/freeradius/certs"
	pem_file_type = yes
	private_key_file = "/etc/freeradius/certs/server.key"
	certificate_file = "/etc/freeradius/certs/server.pem"
	CA_file = "/etc/freeradius/certs/ca.pem"
	private_key_password = "whatever"
	dh_file = "/etc/freeradius/certs/dh"
	random_file = "/dev/urandom"
	fragment_size = 1024
	include_length = yes
	check_crl = no
	cipher_list = "DEFAULT"
	make_cert_command = "/etc/freeradius/certs/bootstrap"
    cache {
	enable = no
	lifetime = 24
	max_entries = 255
    }
    verify {
    }
   }
 Module: Linked to sub-module rlm_eap_ttls
 Module: Instantiating eap-ttls
   ttls {
	default_eap_type = "md5"
	copy_request_to_tunnel = no
	use_tunneled_reply = no
	virtual_server = "inner-tunnel"
	include_length = yes
   }
 Module: Linked to sub-module rlm_eap_peap
 Module: Instantiating eap-peap
   peap {
	default_eap_type = "mschapv2"
	copy_request_to_tunnel = no
	use_tunneled_reply = no
	proxy_tunneled_request_as_eap = yes
	virtual_server = "inner-tunnel"
   }
 Module: Linked to sub-module rlm_eap_mschapv2
 Module: Instantiating eap-mschapv2
   mschapv2 {
	with_ntdomain_hack = no
   }
 Module: Checking authorize {...} for more modules to load
 Module: Linked to module rlm_realm
 Module: Instantiating module "suffix" from file /etc/freeradius/modules/realm
  realm suffix {
	format = "suffix"
	delimiter = "@"
	ignore_default = no
	ignore_null = no
  }
 Module: Linked to module rlm_files
 Module: Instantiating module "files" from file /etc/freeradius/modules/files
  files {
	usersfile = "/etc/freeradius/users"
	acctusersfile = "/etc/freeradius/acct_users"
	preproxy_usersfile = "/etc/freeradius/preproxy_users"
	compat = "no"
  }
 Module: Checking session {...} for more modules to load
 Module: Linked to module rlm_radutmp
 Module: Instantiating module "radutmp" from file /etc/freeradius/modules/radutmp
  radutmp {
	filename = "/var/log/freeradius/radutmp"
	username = "%{User-Name}"
	case_sensitive = yes
	check_with_nas = yes
	perm = 384
	callerid = yes
  }
 Module: Checking post-proxy {...} for more modules to load
 Module: Checking post-auth {...} for more modules to load
 Module: Linked to module rlm_attr_filter
 Module: Instantiating module "attr_filter.access_reject" from file /etc/freeradius/modules/attr_filter
  attr_filter attr_filter.access_reject {
	attrsfile = "/etc/freeradius/attrs.access_reject"
	key = "%{User-Name}"
  }
 } # modules
} # server
server { # from file /etc/freeradius/radiusd.conf
 modules {
 Module: Checking authenticate {...} for more modules to load
 Module: Linked to module rlm_digest
 Module: Instantiating module "digest" from file /etc/freeradius/modules/digest
 Module: Checking authorize {...} for more modules to load
 Module: Linked to module rlm_preprocess
 Module: Instantiating module "preprocess" from file /etc/freeradius/modules/preprocess
  preprocess {
	huntgroups = "/etc/freeradius/huntgroups"
	hints = "/etc/freeradius/hints"
	with_ascend_hack = no
	ascend_channels_per_line = 23
	with_ntdomain_hack = no
	with_specialix_jetstream_hack = no
	with_cisco_vsa_hack = no
	with_alvarion_vsa_hack = no
  }
 Module: Checking preacct {...} for more modules to load
 Module: Linked to module rlm_acct_unique
 Module: Instantiating module "acct_unique" from file /etc/freeradius/modules/acct_unique
  acct_unique {
	key = "User-Name, Acct-Session-Id, NAS-IP-Address, Client-IP-Address, NAS-Port"
  }
 Module: Checking accounting {...} for more modules to load
 Module: Linked to module rlm_detail
 Module: Instantiating module "detail" from file /etc/freeradius/modules/detail
  detail {
	detailfile = "/var/log/freeradius/radacct/%{Client-IP-Address}/detail-%Y%m%d"
	header = "%t"
	detailperm = 384
	dirperm = 493
	locking = no
	log_packet_header = no
  }
 Module: Instantiating module "attr_filter.accounting_response" from file /etc/freeradius/modules/attr_filter
  attr_filter attr_filter.accounting_response {
	attrsfile = "/etc/freeradius/attrs.accounting_response"
	key = "%{User-Name}"
  }
 Module: Checking session {...} for more modules to load
 Module: Checking post-proxy {...} for more modules to load
 Module: Checking post-auth {...} for more modules to load
 } # modules
} # server
radiusd: #### Opening IP addresses and Ports ####
listen {
	type = "auth"
	ipaddr = *
	port = 0
Failed binding to authentication address * port 1812: Address already in use 
/etc/freeradius/radiusd.conf[240]: Error binding to port for 0.0.0.0 port 1812

[Invité]

j'ai resolu mon probleme en desinstallant et en reinstallant freeradius Voici donc le resultat de radtest "John Doe" hello 127.0.0.1 0 testing123

Code :

Sélectionner tout - Visualiser dans une fenêtre à part

1
2
3
4
5
6
7
8
root@pc-fauba:/home/fauba# radtest "John Doe" hello 127.0.0.1 0 testing123
Sending Access-Request of id 236 to 127.0.0.1 port 1812
	User-Name = "John Doe"
	User-Password = "hello"
	NAS-IP-Address = 127.0.1.1
	NAS-Port = 0
rad_recv: Access-Accept packet from host 127.0.0.1 port 1812, id=236, length=37
	Reply-Message = "Hello, John Doe"

Ensuite J'ai inseré un utilisateur dans mysql (apres avoir modifié les différents fichiiers de configuration)

Code :

Sélectionner tout - Visualiser dans une fenêtre à part

echo "INSERT INTO radcheck (UserName, Attribute, Value) VALUES ('chillispot', 'Password', 'chillispot');" | mysql -u root -p radius

radtest chillispot chillispot 127.0.0.1 0 testing123 me donne ceci

Code :

Sélectionner tout - Visualiser dans une fenêtre à part

1
2
3
4
5
6
7
root@pc-fauba:/home/fauba# radtest chillispot chillispot 127.0.0.1 0 testing123
Sending Access-Request of id 238 to 127.0.0.1 port 1812
	User-Name = "chillispot"
	User-Password = "chillispot"
	NAS-IP-Address = 127.0.1.1
	NAS-Port = 0
rad_recv: Access-Reject packet from host 127.0.0.1 port 1812, id=238, length=20

Comment pourrais-je le resoudre?

Salut,

As-tu redémarré le service freeradius après la modification de tes fichiers de config?

Pour info, freeradius semble utiliser l'udp et non le tcp.

Code :

Sélectionner tout - Visualiser dans une fenêtre à part

1
2
3
4
5
6
7
sudo cat /etc/issue && sudo netstat -anltup | grep freeradius
Ubuntu 10.04.4 LTS \n \l

udp        0      0 0.0.0.0:1812            0.0.0.0:*                           6132/freeradius
udp        0      0 0.0.0.0:1813            0.0.0.0:*                           6132/freeradius
udp        0      0 0.0.0.0:1814            0.0.0.0:*                           6132/freeradius

[mvvvv]

il semblerait que ce soit de l'udp

avec la commande lsof | grep radius il devrait apparaître (essayer sans le grep si non visible)

sinon en essayant l'adresse 192.168.10.1 ?

[yabo84]

Salut,

As-tu redémarré le service freeradius après la modification de tes fichiers de config?

Pour info, freeradius semble utiliser l'udp et non le tcp.

Code :

Sélectionner tout - Visualiser dans une fenêtre à part

1
2
3
4
5
6
7
sudo cat /etc/issue && sudo netstat -anltup | grep freeradius
Ubuntu 10.04.4 LTS \n \l

udp        0      0 0.0.0.0:1812            0.0.0.0:*                           6132/freeradius
udp        0      0 0.0.0.0:1813            0.0.0.0:*                           6132/freeradius
udp        0      0 0.0.0.0:1814            0.0.0.0:*                           6132/freeradius

J'ai redemarré ce le service freeradius mais rien de bon tjr meme message

Code :

Sélectionner tout - Visualiser dans une fenêtre à part

1
2
3
4
5
6
7
root@pc-fauba:~# cat /etc/issue && sudo netstat -anltup | grep freeradius
Ubuntu 12.04 LTS \n \l
 
udp        0      0 127.0.0.1:18120         0.0.0.0:*                           5006/freeradius 
udp        0      0 0.0.0.0:1812            0.0.0.0:*                           5006/freeradius 
udp        0      0 0.0.0.0:1813            0.0.0.0:*                           5006/freeradius 
udp        0      0 0.0.0.0:1814            0.0.0.0:*                           5006/freeradius

[yabo84]

il semblerait que ce soit de l'udp

avec la commande lsof | grep radius il devrait apparaître (essayer sans le grep si non visible)

sinon en essayant l'adresse 192.168.10.1 ?

voici le resultat de l'adress 192.168.10.1

Code :

Sélectionner tout - Visualiser dans une fenêtre à part

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
root@pc-fauba:~# radtest Thus1 motdepasse 192.168.10.1 0 testing123
Sending Access-Request of id 208 to 192.168.10.1 port 1812
	User-Name = "Thus1"
	User-Password = "motdepasse"
	NAS-IP-Address = 127.0.1.1
	NAS-Port = 0
Sending Access-Request of id 208 to 192.168.10.1 port 1812
	User-Name = "Thus1"
	User-Password = "motdepasse"
	NAS-IP-Address = 127.0.1.1
	NAS-Port = 0
Sending Access-Request of id 208 to 192.168.10.1 port 1812
	User-Name = "Thus1"
	User-Password = "motdepasse"
	NAS-IP-Address = 127.0.1.1
	NAS-Port = 0
radclient: no response from server for ID 208 socket 3

[mvvvv]

Code :

Sélectionner tout - Visualiser dans une fenêtre à part

1
2
3
4
5
#client pour test de réseau LAN
client 192.168.0.0/24 {
     secret        = demolan
     shortname = mon-reseau
}

dans le fichier config de radius eth0 est-il en commentaire ou non ?

[yabo84]

C'est en commentaire:

Code :

Sélectionner tout - Visualiser dans une fenêtre à part

1
2
3
4
5
6
7
8
9
#client 192.168.0.0/24 {
#       secret          = testing123-1
#       shortname       = private-network-1
#}
#
#client 192.168.0.0/16 {
#       secret          = testing123-2
#       shortname       = private-network-2
#}

[mvvvv]

ça serait intéressant de dé commenter le premier. relancer le serveur et retenter