Radius Server: Difference between revisions

← Older edit

Radius Server (view source)

Revision as of 17:02, 27 January 2022

2,739 bytes added , 2 years ago

→‎Configuration

Amanjosan2008

Bureaucrats, Administrators

4,400

edits

Revision as of 21:47, 5 August 2017 (view source) Amanjosan2008 (talk \| contribs) (→‎Troubleshooting) ← Older edit		Latest revision as of 17:02, 27 January 2022 (view source) Amanjosan2008 (talk \| contribs) (→‎Configuration)
(11 intermediate revisions by the same user not shown)
Line 10: == Configuration == Edit the freeradius users: sudo nano /etc/freeradius/3.0/users Uncomment the user 'John Doe': Line 16: Reply-Message = "Hello, %u" Add a new User with Group Name: Test teh connectivity from local machine:▼ aman Cleartext-Password := "pwd123" Citrix-User-Groups = "S_UA_G_Superuser", Reply-Message = "Hello, %{User-Name}" ▲Test ~~teh~~the connectivity from local machine: sudo radtest "John Doe" hello 127.0.0.1 0 testing123 Remote access to the radius server sudo nano /etc/freeradius/3.0/clients.conf And add the following snippet: Line 30 ⟶ 36: Now from another machine, try the following: radtest "John Doe" "hello" ~~example~~10.~~com~~10.40.1 0 "mysecret" You will get Access-Accept packet and "Hello, John Doe" messages. == Logging == Source: [https://wiki.freeradius.org/config/Logging#log-authentication-requests wiki.freeradius.org] The "log" section of the radiusd.conf file is where the primary logging configuration for the FreeRADIUS server is located. <pre> Line 57 ⟶ 63: stdout - log to standard output. stderr - log to standard error. = GUI = Line 208 ⟶ 213: password: radius === Troubleshooting Daloradius === *If you get permission denied error when importing schema: Line 229 ⟶ 234: </pre> Check if all the ~~dependancies~~dependencies are installed or not: php -m Line 281 ⟶ 286: sql </pre> = Troubleshooting = If you are unable to use radtest from other servers, check credentials for 0.0.0.0/0 in below file: sudo nano clients.conf == Debugging == sudo service freeradius stop sudo freeradius -X = Misc = Generating Access-Challenge requests: test@test-ubuntu:~$ sudo radtest '''-t eap-md5''' aman2 pwd123 10.107.88.93 0 testing123 Sending Access-Request packet to host 10.107.88.93 port 1812, id=46, length=0 User-Name = "aman2" User-Password = "pwd123" NAS-IP-Address = 10.107.88.68 NAS-Port = 0 Message-Authenticator = 0x00 EAP-Code = Response EAP-Type-Identity = 0x616d616e32 EAP-Message = 0x022d000a01616d616e32 Received Access-Challenge packet from host 10.107.88.93 port 1812, id=46, length=80 EAP-Message = 0x012e001604105b198df62a06f8e8b6f45c6e97221cbb Message-Authenticator = 0x85003a7abf1656a3064b38be08c17409 State = 0xa3a3b720a38db3e96a996e0bad7460b2 EAP-Id = 46 EAP-Code = Request EAP-Type-MD5-Challenge = 0x105b198df62a06f8e8b6f45c6e97221cbb Sending Access-Request packet to host 10.107.88.93 port 1812, id=47, length=87 User-Name = "aman2" User-Password = "pwd123" NAS-IP-Address = 10.107.88.68 NAS-Port = 0 Message-Authenticator = 0x00000000000000000000000000000000 EAP-Code = Response EAP-Type-MD5-Challenge = 0x10c09519c41c4c2384e79a1242928c5f31 EAP-Id = 46 State = 0xa3a3b720a38db3e96a996e0bad7460b2 EAP-Message = 0x022e00160410c09519c41c4c2384e79a1242928c5f31 Received Access-Accept packet from host 10.107.88.93 port 1812, id=47, length=51 EAP-Message = 0x032e0004 Message-Authenticator = 0xfc73020acc54cd6b85a82c8f52c094f5 User-Name = "aman2" EAP-Id = 46 EAP-Code = Success Packet flow is as follows: 22:40:29.222278 IP 10.107.88.68.54216 > ubuntu.radius: RADIUS, Access-Request (1), id: 0x2e length: 87 22:40:29.240517 IP ubuntu.radius > 10.107.88.68.54216: RADIUS, '''Access-Challenge''' (11), id: 0x2e length: 80 22:40:29.242083 IP 10.107.88.68.54216 > ubuntu.radius: RADIUS, Access-Request (1), id: 0x2f length: 117 22:40:29.292782 IP ubuntu.radius > 10.107.88.68.54216: RADIUS, Access-Accept (2), id: 0x2f length: 51 Similar Packet capture file: [[Media:RADIUS2.cap\|RADIUS2]] Forcing EAP for a user: {{UC}} Forcing just EAP {{UC}} <br />