API tools faq
paste
Advertisement
Guest User

RADIUS-WIFI Error

a guest
Jan 18th, 2016
119
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 17.49 KB | None | 0 0
raw download clone embed print report
  1. mohammed@linuxserver:~$ sudo freeradius -X
  2. [sudo] password for mohammed:
  3. FreeRADIUS Version 2.1.12, for host i686-pc-linux-gnu, built on Feb 27 2015 at 12:38:42
  4. Copyright (C) 1999-2009 The FreeRADIUS server project and contributors.
  5. There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A
  6. PARTICULAR PURPOSE.
  7. You may redistribute copies of FreeRADIUS under the terms of the
  8. GNU General Public License v2.
  9. Starting - reading configuration files ...
  10. including configuration file /etc/freeradius/radiusd.conf
  11. including configuration file /etc/freeradius/proxy.conf
  12. including configuration file /etc/freeradius/clients.conf
  13. including files in directory /etc/freeradius/modules/
  14. including configuration file /etc/freeradius/modules/detail
  15. including configuration file /etc/freeradius/modules/cui
  16. including configuration file /etc/freeradius/modules/smsotp
  17. including configuration file /etc/freeradius/modules/expiration
  18. including configuration file /etc/freeradius/modules/unix
  19. including configuration file /etc/freeradius/modules/replicate
  20. including configuration file /etc/freeradius/modules/detail.example.com
  21. including configuration file /etc/freeradius/modules/passwd
  22. including configuration file /etc/freeradius/modules/opendirectory
  23. including configuration file /etc/freeradius/modules/ippool
  24. including configuration file /etc/freeradius/modules/chap
  25. including configuration file /etc/freeradius/modules/mschap
  26. including configuration file /etc/freeradius/modules/soh
  27. including configuration file /etc/freeradius/modules/etc_group
  28. including configuration file /etc/freeradius/modules/logintime
  29. including configuration file /etc/freeradius/modules/radutmp
  30. including configuration file /etc/freeradius/modules/exec
  31. including configuration file /etc/freeradius/modules/counter
  32. including configuration file /etc/freeradius/modules/inner-eap
  33. including configuration file /etc/freeradius/modules/mac2vlan
  34. including configuration file /etc/freeradius/modules/files
  35. including configuration file /etc/freeradius/modules/perl
  36. including configuration file /etc/freeradius/modules/mac2ip
  37. including configuration file /etc/freeradius/modules/krb5
  38. including configuration file /etc/freeradius/modules/ntlm_auth
  39. including configuration file /etc/freeradius/modules/preprocess
  40. including configuration file /etc/freeradius/modules/ldap
  41. including configuration file /etc/freeradius/modules/sql_log
  42. including configuration file /etc/freeradius/modules/dynamic_clients
  43. including configuration file /etc/freeradius/modules/policy
  44. including configuration file /etc/freeradius/modules/smbpasswd
  45. including configuration file /etc/freeradius/modules/linelog
  46. including configuration file /etc/freeradius/modules/pap
  47. including configuration file /etc/freeradius/modules/sradutmp
  48. including configuration file /etc/freeradius/modules/always
  49. including configuration file /etc/freeradius/modules/pam
  50. including configuration file /etc/freeradius/modules/sqlcounter_expire_on_login
  51. including configuration file /etc/freeradius/modules/echo
  52. including configuration file /etc/freeradius/modules/rediswho
  53. including configuration file /etc/freeradius/modules/redis
  54. including configuration file /etc/freeradius/modules/attr_rewrite
  55. including configuration file /etc/freeradius/modules/realm
  56. including configuration file /etc/freeradius/modules/attr_filter
  57. including configuration file /etc/freeradius/modules/expr
  58. including configuration file /etc/freeradius/modules/otp
  59. including configuration file /etc/freeradius/modules/detail.log
  60. including configuration file /etc/freeradius/modules/digest
  61. including configuration file /etc/freeradius/modules/wimax
  62. including configuration file /etc/freeradius/modules/acct_unique
  63. including configuration file /etc/freeradius/modules/checkval
  64. including configuration file /etc/freeradius/policy.conf
  65. including files in directory /etc/freeradius/sites-enabled/
  66. including configuration file /etc/freeradius/sites-enabled/default
  67. including configuration file /etc/freeradius/sites-enabled/inner-tunnel
  68. main {
  69. user = "freerad"
  70. group = "freerad"
  71. allow_core_dumps = no
  72. }
  73. including dictionary file /etc/freeradius/dictionary
  74. main {
  75. name = "freeradius"
  76. prefix = "/usr"
  77. localstatedir = "/var"
  78. sbindir = "/usr/sbin"
  79. logdir = "/var/log/freeradius"
  80. run_dir = "/var/run/freeradius"
  81. libdir = "/usr/lib/freeradius"
  82. radacctdir = "/var/log/freeradius/radacct"
  83. hostname_lookups = no
  84. max_request_time = 30
  85. cleanup_delay = 5
  86. max_requests = 1024
  87. pidfile = "/var/run/freeradius/freeradius.pid"
  88. checkrad = "/usr/sbin/checkrad"
  89. debug_level = 0
  90. proxy_requests = yes
  91. log {
  92. stripped_names = no
  93. auth = no
  94. auth_badpass = no
  95. auth_goodpass = no
  96. }
  97. security {
  98. max_attributes = 200
  99. reject_delay = 1
  100. status_server = yes
  101. }
  102. }
  103. radiusd: #### Loading Realms and Home Servers ####
  104. proxy server {
  105. retry_delay = 5
  106. retry_count = 3
  107. default_fallback = no
  108. dead_time = 120
  109. wake_all_if_all_dead = no
  110. }
  111. home_server localhost {
  112. ipaddr = 127.0.0.1
  113. port = 1812
  114. type = "auth"
  115. secret = "testing123"
  116. response_window = 20
  117. max_outstanding = 65536
  118. require_message_authenticator = yes
  119. zombie_period = 40
  120. status_check = "status-server"
  121. ping_interval = 30
  122. check_interval = 30
  123. num_answers_to_alive = 3
  124. num_pings_to_alive = 3
  125. revive_interval = 120
  126. status_check_timeout = 4
  127. coa {
  128. irt = 2
  129. mrt = 16
  130. mrc = 5
  131. mrd = 30
  132. }
  133. }
  134. home_server_pool my_auth_failover {
  135. type = fail-over
  136. home_server = localhost
  137. }
  138. realm example.com {
  139. auth_pool = my_auth_failover
  140. }
  141. realm LOCAL {
  142. }
  143. radiusd: #### Loading Clients ####
  144. client localhost {
  145. ipaddr = 127.0.0.1
  146. require_message_authenticator = no
  147. secret = "secretkey"
  148. nastype = "other"
  149. }
  150. client 192.168.0.0/16 {
  151. require_message_authenticator = no
  152. secret = "secretkey"
  153. nastype = "other"
  154. }
  155. client 10.0.0.0/8 {
  156. require_message_authenticator = no
  157. secret = "secretkey"
  158. nastype = "other"
  159. }
  160. radiusd: #### Instantiating modules ####
  161. instantiate {
  162. Module: Linked to module rlm_exec
  163. Module: Instantiating module "exec" from file /etc/freeradius/modules/exec
  164. exec {
  165. wait = no
  166. input_pairs = "request"
  167. shell_escape = yes
  168. }
  169. Module: Linked to module rlm_expr
  170. Module: Instantiating module "expr" from file /etc/freeradius/modules/expr
  171. Module: Linked to module rlm_expiration
  172. Module: Instantiating module "expiration" from file /etc/freeradius/modules/expiration
  173. expiration {
  174. reply-message = "Password Has Expired "
  175. }
  176. Module: Linked to module rlm_logintime
  177. Module: Instantiating module "logintime" from file /etc/freeradius/modules/logintime
  178. logintime {
  179. reply-message = "You are calling outside your allowed timespan "
  180. minimum-timeout = 60
  181. }
  182. }
  183. radiusd: #### Loading Virtual Servers ####
  184. server { # from file /etc/freeradius/radiusd.conf
  185. modules {
  186. Module: Creating Auth-Type = LDAP
  187. Module: Creating Post-Auth-Type = REJECT
  188. Module: Checking authenticate {...} for more modules to load
  189. Module: Linked to module rlm_ldap
  190. Module: Instantiating module "ldap" from file /etc/freeradius/modules/ldap
  191. ldap {
  192. server = "127.0.0.1"
  193. port = 389
  194. password = "M13n14e5"
  195. identity = "cn=admin,dc=example,dc=com"
  196. net_timeout = 1
  197. timeout = 4
  198. timelimit = 3
  199. tls_mode = no
  200. start_tls = no
  201. tls_require_cert = "allow"
  202. basedn = "ou=people,dc=example,dc=com"
  203. filter = "(uniqueIdentifier=%{%{Stripped-User-Name}:-%{User-Name}})"
  204. base_filter = "(objectclass=radiusprofile)"
  205. auto_header = no
  206. access_attr_used_for_allow = yes
  207. groupname_attribute = "cn"
  208. groupmembership_filter = "(|(&(objectClass=GroupOfNames)(member=%{Ldap-UserDn}))(&(objectClass=GroupOfUniqueNames)(uniquemember=%{Ldap-UserDn})))"
  209. dictionary_mapping = "/etc/freeradius/ldap.attrmap"
  210. ldap_debug = 0
  211. ldap_connections_number = 5
  212. compare_check_items = no
  213. do_xlat = yes
  214. edir_account_policy_check = no
  215. set_auth_type = yes
  216. }
  217. rlm_ldap: Registering ldap_groupcmp for Ldap-Group
  218. rlm_ldap: Registering ldap_xlat with xlat_name ldap
  219. rlm_ldap: reading ldap<->radius mappings from file /etc/freeradius/ldap.attrmap
  220. rlm_ldap: LDAP radiusCheckItem mapped to RADIUS $GENERIC$
  221. rlm_ldap: LDAP radiusReplyItem mapped to RADIUS $GENERIC$
  222. rlm_ldap: LDAP radiusAuthType mapped to RADIUS Auth-Type
  223. rlm_ldap: LDAP radiusSimultaneousUse mapped to RADIUS Simultaneous-Use
  224. rlm_ldap: LDAP radiusCalledStationId mapped to RADIUS Called-Station-Id
  225. rlm_ldap: LDAP radiusCallingStationId mapped to RADIUS Calling-Station-Id
  226. rlm_ldap: LDAP lmPassword mapped to RADIUS LM-Password
  227. rlm_ldap: LDAP ntPassword mapped to RADIUS NT-Password
  228. rlm_ldap: LDAP sambaLmPassword mapped to RADIUS LM-Password
  229. rlm_ldap: LDAP sambaNtPassword mapped to RADIUS NT-Password
  230. rlm_ldap: LDAP dBCSPwd mapped to RADIUS LM-Password
  231. rlm_ldap: LDAP userPassword mapped to RADIUS Password-With-Header
  232. rlm_ldap: LDAP acctFlags mapped to RADIUS SMB-Account-CTRL-TEXT
  233. rlm_ldap: LDAP radiusExpiration mapped to RADIUS Expiration
  234. rlm_ldap: LDAP radiusNASIpAddress mapped to RADIUS NAS-IP-Address
  235. rlm_ldap: LDAP radiusServiceType mapped to RADIUS Service-Type
  236. rlm_ldap: LDAP radiusFramedProtocol mapped to RADIUS Framed-Protocol
  237. rlm_ldap: LDAP radiusFramedIPAddress mapped to RADIUS Framed-IP-Address
  238. rlm_ldap: LDAP radiusFramedIPNetmask mapped to RADIUS Framed-IP-Netmask
  239. rlm_ldap: LDAP radiusFramedRoute mapped to RADIUS Framed-Route
  240. rlm_ldap: LDAP radiusFramedRouting mapped to RADIUS Framed-Routing
  241. rlm_ldap: LDAP radiusFilterId mapped to RADIUS Filter-Id
  242. rlm_ldap: LDAP radiusFramedMTU mapped to RADIUS Framed-MTU
  243. rlm_ldap: LDAP radiusFramedCompression mapped to RADIUS Framed-Compression
  244. rlm_ldap: LDAP radiusLoginIPHost mapped to RADIUS Login-IP-Host
  245. rlm_ldap: LDAP radiusLoginService mapped to RADIUS Login-Service
  246. rlm_ldap: LDAP radiusLoginTCPPort mapped to RADIUS Login-TCP-Port
  247. rlm_ldap: LDAP radiusCallbackNumber mapped to RADIUS Callback-Number
  248. rlm_ldap: LDAP radiusCallbackId mapped to RADIUS Callback-Id
  249. rlm_ldap: LDAP radiusFramedIPXNetwork mapped to RADIUS Framed-IPX-Network
  250. rlm_ldap: LDAP radiusClass mapped to RADIUS Class
  251. rlm_ldap: LDAP radiusSessionTimeout mapped to RADIUS Session-Timeout
  252. rlm_ldap: LDAP radiusIdleTimeout mapped to RADIUS Idle-Timeout
  253. rlm_ldap: LDAP radiusTerminationAction mapped to RADIUS Termination-Action
  254. rlm_ldap: LDAP radiusLoginLATService mapped to RADIUS Login-LAT-Service
  255. rlm_ldap: LDAP radiusLoginLATNode mapped to RADIUS Login-LAT-Node
  256. rlm_ldap: LDAP radiusLoginLATGroup mapped to RADIUS Login-LAT-Group
  257. rlm_ldap: LDAP radiusFramedAppleTalkLink mapped to RADIUS Framed-AppleTalk-Link
  258. rlm_ldap: LDAP radiusFramedAppleTalkNetwork mapped to RADIUS Framed-AppleTalk-Network
  259. rlm_ldap: LDAP radiusFramedAppleTalkZone mapped to RADIUS Framed-AppleTalk-Zone
  260. rlm_ldap: LDAP radiusPortLimit mapped to RADIUS Port-Limit
  261. rlm_ldap: LDAP radiusLoginLATPort mapped to RADIUS Login-LAT-Port
  262. rlm_ldap: LDAP radiusReplyMessage mapped to RADIUS Reply-Message
  263. rlm_ldap: LDAP radiusTunnelType mapped to RADIUS Tunnel-Type
  264. rlm_ldap: LDAP radiusTunnelMediumType mapped to RADIUS Tunnel-Medium-Type
  265. rlm_ldap: LDAP radiusTunnelPrivateGroupId mapped to RADIUS Tunnel-Private-Group-Id
  266. conns: 0x90f7348
  267. Module: Checking authorize {...} for more modules to load
  268. Module: Checking session {...} for more modules to load
  269. Module: Linked to module rlm_radutmp
  270. Module: Instantiating module "radutmp" from file /etc/freeradius/modules/radutmp
  271. radutmp {
  272. filename = "/var/log/freeradius/radutmp"
  273. username = "%{User-Name}"
  274. case_sensitive = yes
  275. check_with_nas = yes
  276. perm = 384
  277. callerid = yes
  278. }
  279. Module: Checking post-auth {...} for more modules to load
  280. Module: Linked to module rlm_attr_filter
  281. Module: Instantiating module "attr_filter.access_reject" from file /etc/freeradius/modules/attr_filter
  282. attr_filter attr_filter.access_reject {
  283. attrsfile = "/etc/freeradius/attrs.access_reject"
  284. key = "%{User-Name}"
  285. relaxed = no
  286. }
  287. } # modules
  288. } # server
  289. server inner-tunnel { # from file /etc/freeradius/sites-enabled/inner-tunnel
  290. modules {
  291. Module: Checking authenticate {...} for more modules to load
  292. Module: Checking authorize {...} for more modules to load
  293. Module: Checking session {...} for more modules to load
  294. Module: Checking post-auth {...} for more modules to load
  295. } # modules
  296. } # server
  297. radiusd: #### Opening IP addresses and Ports ####
  298. listen {
  299. type = "auth"
  300. ipaddr = *
  301. port = 0
  302. }
  303. listen {
  304. type = "acct"
  305. ipaddr = *
  306. port = 0
  307. }
  308. ... adding new socket proxy address * port 33445
  309. Listening on authentication address * port 1812
  310. Listening on accounting address * port 1813
  311. Listening on proxy address * port 1814
  312. Ready to process requests.
  313. rad_recv: Access-Request packet from host 192.168.1.110 port 33824, id=107, length=75
  314. User-Name = "alice"
  315. User-Password = "M13n14e5"
  316. NAS-IP-Address = 127.0.1.1
  317. NAS-Port = 1812
  318. Message-Authenticator = 0x5a72ebd326bf2df52bf7a0050a36b091
  319. # Executing section authorize from file /etc/freeradius/sites-enabled/default
  320. +- entering group authorize {...}
  321. [ldap] performing user authorization for alice
  322. [ldap] expand: %{Stripped-User-Name} ->
  323. [ldap] ... expanding second conditional
  324. [ldap] expand: %{User-Name} -> alice
  325. [ldap] expand: (uniqueIdentifier=%{%{Stripped-User-Name}:-%{User-Name}}) -> (uniqueIdentifier=alice)
  326. [ldap] expand: ou=people,dc=example,dc=com -> ou=people,dc=example,dc=com
  327. [ldap] ldap_get_conn: Checking Id: 0
  328. [ldap] ldap_get_conn: Got Id: 0
  329. [ldap] attempting LDAP reconnection
  330. [ldap] (re)connect to 127.0.0.1:389, authentication 0
  331. [ldap] bind as cn=admin,dc=example,dc=com/M13n14e5 to 127.0.0.1:389
  332. [ldap] waiting for bind result ...
  333. [ldap] Bind was successful
  334. [ldap] performing search in ou=people,dc=example,dc=com, with filter (uniqueIdentifier=alice)
  335. [ldap] No default NMAS login sequence
  336. [ldap] looking for check items in directory...
  337. [ldap] userPassword -> Password-With-Header == "M13n14e5"
  338. [ldap] looking for reply items in directory...
  339. [ldap] Setting Auth-Type = LDAP
  340. [ldap] user alice authorized to use remote access
  341. [ldap] ldap_release_conn: Release Id: 0
  342. ++[ldap] returns ok
  343. Found Auth-Type = LDAP
  344. # Executing group from file /etc/freeradius/sites-enabled/default
  345. +- entering group LDAP {...}
  346. [ldap] login attempt by "alice" with password "M13n14e5"
  347. [ldap] user DN: uniqueIdentifier=alice,ou=people,dc=example,dc=com
  348. [ldap] (re)connect to 127.0.0.1:389, authentication 1
  349. [ldap] bind as uniqueIdentifier=alice,ou=people,dc=example,dc=com/M13n14e5 to 127.0.0.1:389
  350. [ldap] waiting for bind result ...
  351. [ldap] Bind was successful
  352. [ldap] user alice authenticated succesfully
  353. ++[ldap] returns ok
  354. # Executing section post-auth from file /etc/freeradius/sites-enabled/default
  355. +- entering group post-auth {...}
  356. ++[exec] returns noop
  357. Sending Access-Accept of id 107 to 192.168.1.110 port 33824
  358. Finished request 0.
  359. Going to the next request
  360. Waking up in 4.9 seconds.
  361. Cleaning up request 0 ID 107 with timestamp +38
  362. Ready to process requests.
  363. rad_recv: Access-Request packet from host 192.168.1.1 port 41816, id=16, length=160
  364. User-Name = "someuser"
  365. NAS-IP-Address = 78.104.81.132
  366. Called-Station-Id = "A2-F3-C1-67-EC-68:MNE-Guests"
  367. NAS-Port-Type = Wireless-802.11
  368. NAS-Port = 1
  369. Calling-Station-Id = "48-D2-24-3F-55-D4"
  370. Connect-Info = "CONNECT 54Mbps 802.11g"
  371. Framed-MTU = 1400
  372. EAP-Message = 0x02d4000d01736f6d6575736572
  373. Message-Authenticator = 0x3a7a01d881fc2b687f1e77a3ff9ecf07
  374. # Executing section authorize from file /etc/freeradius/sites-enabled/default
  375. +- entering group authorize {...}
  376. [ldap] performing user authorization for someuser
  377. [ldap] expand: %{Stripped-User-Name} ->
  378. [ldap] ... expanding second conditional
  379. [ldap] expand: %{User-Name} -> someuser
  380. [ldap] expand: (uniqueIdentifier=%{%{Stripped-User-Name}:-%{User-Name}}) -> (uniqueIdentifier=someuser)
  381. [ldap] expand: ou=people,dc=example,dc=com -> ou=people,dc=example,dc=com
  382. [ldap] ldap_get_conn: Checking Id: 0
  383. [ldap] ldap_get_conn: Got Id: 0
  384. [ldap] performing search in ou=people,dc=example,dc=com, with filter (uniqueIdentifier=someuser)
  385. [ldap] object not found
  386. [ldap] search failed
  387. [ldap] ldap_release_conn: Release Id: 0
  388. ++[ldap] returns notfound
  389. ERROR: No authenticate method (Auth-Type) found for the request: Rejecting the user
  390. Failed to authenticate the user.
  391. Using Post-Auth-Type Reject
  392. # Executing group from file /etc/freeradius/sites-enabled/default
  393. +- entering group REJECT {...}
  394. [attr_filter.access_reject] expand: %{User-Name} -> someuser
  395. attr_filter: Matched entry DEFAULT at line 11
  396. ++[attr_filter.access_reject] returns updated
  397. Delaying reject of request 1 for 1 seconds
  398. Going to the next request
  399. Waking up in 0.9 seconds.
  400. Sending delayed reject for request 1
  401. Sending Access-Reject of id 16 to 192.168.1.1 port 41816
  402. Waking up in 4.9 seconds.
  403. Cleaning up request 1 ID 16 with timestamp +54
  404. Ready to process requests.
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!