Closed indian65 closed 5 years ago
pihomeserver
commented
5 years ago Hello First be sure that the value of HS_RADSECRET in /etc/chilli/config is the same than secret in /etc/freeradius/3.0/clients.conf (2 values should be uncomment) Then stop freeradius service, start freeradius in debug mode and run the radtest command to check that all is running fine (look for an example here https://github.com/pihomeserver/Kupiki-Hotspot-Script/issues/10#issuecomment-262168674)
indian65
commented
5 years ago The two values are differents, i change for the same key, (the key of freeradius) but when i test a new user I have that pi@kupikihotspot:~ $ echo "insert into radcheck (username, attribute, op, value) values ('usertest', 'Cleartext-Password', ':=', 'passwd');" | mysql -u root -praspbian radius ERROR 1045 (28000): Access denied for user 'root'@'localhost' (using password: YES)
pihomeserver
commented
5 years ago Password for the db is wrong. Check the value in the script and replace raspbian with the correct one. Should be pihotspot by default
indian65
commented
5 years ago The same pi@kupikihotspot:~ $ echo "insert into radcheck (username, attribute, op, value) values ('usertest', 'Cleartext-Password', ':=', 'passwd');" | mysql -u root -pihotspot radius ERROR 1045 (28000): Access denied for user 'root'@'localhost' (using password: YES) I change nothing in the script, it's crazy!
pihomeserver
commented
5 years ago You forget the p before the password ! It’s -ppihotspot
indian65
commented
5 years ago Ok, I'm stupid I'm create a new user but when i test ,no accept/accept sudo radtest usertest passwd localhost 0 testing123 (0) Received Access-Request Id 89 from 127.0.0.1:42248 to 127.0.0.1:1812 length 78 Dropping packet without response because of error: Received packet from 127.0.0.1 with invalid Message-Authenticator! (Shared secret is incorrect.) Waking up in 0.3 seconds. (0) Cleaning up request packet ID 89 with timestamp +303 Ready to process requests (1) Received Access-Request Id 89 from 127.0.0.1:42248 to 127.0.0.1:1812 length 78 Dropping packet without response because of error: Received packet from 127.0.0.1 with invalid Message-Authenticator! (Shared secret is incorrect.) Waking up in 0.3 seconds. (1) Cleaning up request packet ID 89 with timestamp +308 Ready to process requests (2) Received Access-Request Id 89 from 127.0.0.1:42248 to 127.0.0.1:1812 length 78 Dropping packet without response because of error: Received packet from 127.0.0.1 with invalid Message-Authenticator! (Shared secret is incorrect.) Waking up in 0.3 seconds. (2) Cleaning up request packet ID 89 with timestamp +313 Ready to process requests
pihomeserver
commented
5 years ago That’s normal you use testing123 as the secret key instead of the real one.
indian65
commented
5 years ago It's work, When i create a new user by step, it's no recognize but when i use quick add user option, it's work. Thank's for your quickly responses. Merci beaucoup pour votre réactivité.
pihomeserver
commented
5 years ago I guess there is something wrong in the way you try to create the user. Often the problem is in the attribute creation to add a check for the password
indian65
commented
5 years ago I bought a new sd, I try a clean installation this afternoon and modifying some lines of the script (adding the driver of my external wifi antenna).
pihomeserver
commented
5 years ago The installation is not related to the way the users are created. All is handle by Daloradius. Once the user is created, be sure that in the radius database you have something like bellow
indian65
commented
5 years ago 1/I tried with my antenna, the driver is recognized and the antenna activated (LED lit) but no visible wifi network. 2/ for the radius database, is it possible to give me the path of the file, I am a noob.
pihomeserver
commented
5 years ago If you are not with little linux experience it will be difficult to achieve your goal For the antena did you updated the script with the new interface ? About the database it’s not a file but a database in the mariadb instance. Look at google about a GUI tool for your OS to connect to your instance (after allowing remote root access)
indian65
commented
5 years ago For the antenna, I changed the two values LAN_INTERFACE: wlan1 LAN_WIFI_DRIVER:ath9k_htc (atheros 9271) Maybe I'm forgetting something
pihomeserver
commented
5 years ago If your antenna is up and running on wlan1 no it should be ok. Are you sure that the wifi key could work as an access point ?
indian65
commented
5 years ago iw list Wiphy phy1 max # scan SSIDs: 4 max scan IEs length: 2257 bytes max # sched scan SSIDs: 0 max # match sets: 0 max # scan plans: 1 max scan plan interval: -1 max scan plan iterations: 0 Retry short limit: 7 Retry long limit: 4 Coverage class: 0 (up to 0m) Device supports RSN-IBSS. Device supports T-DLS. Supported Ciphers:
total <= 2, #channels <= 1 HT Capability overrides:
total <= 3, #channels <= 2
total <= 4, #channels <= 1 Device supports scan flush. pi@raspberrypi:~ $ `
pihomeserver
commented
5 years ago Seems to support AP. To check on the web if hostapd can handle the hardware as it’s it who expose the SSID
indian65
commented
5 years ago I found, the antenna works with the generic driver, I reconfigured the hostapd.conf file, reboot and my network is visible and functional. the key was this page http://benoit.ofoofo.net/2012/07/21/hostapd-configuration-for-a-802-11n-ap-with-ath9k/
indian65
commented
5 years ago A new issue when i want to create a new user FreeRADIUS Version 3.0.12 Copyright (C) 1999-2016 The FreeRADIUS server project and contributors There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE You may redistribute copies of FreeRADIUS under the terms of the GNU General Public License For more information about these matters, see the file named COPYRIGHT Starting - reading configuration files ... including dictionary file /usr/share/freeradius/dictionary including dictionary file /usr/share/freeradius/dictionary.dhcp including dictionary file /usr/share/freeradius/dictionary.vqp including configuration file /etc/freeradius/3.0/radiusd.conf Unable to open file "/etc/freeradius/3.0/radiusd.conf": Permission denied Errors reading or parsing /etc/freeradius/3.0/radiusd.conf
pihomeserver
commented
5 years ago Look at the error message, i guess that you are not running the command as root. It should be better to learn about user creation in daloradius to avoid the use of root
indian65
commented
5 years ago I test in root no problème with freeradius, when i test a new user with daloradius, acces-accept, but when i tried to connect with the new user, i have password or login incorrect
indian65
commented
5 years ago I create a new user, and test Executed: echo User-Name='condorinette',User-Password='condorinette' | radclient -c '1' -n '3' -r '3' -t '3' -x '127.0.0.1:1812' 'auth' 'PrUHmdaHkHFDCxmT85RPWlKoHyuQWOXm' 2>&1
Results: Sent Access-Request Id 235 from 0.0.0.0:46805 to 127.0.0.1:1812 length 52 User-Name = "condorinette" User-Password = "condorinette" Cleartext-Password = "condorinette" Received Access-Accept Id 235 from 127.0.0.1:1812 to 0.0.0.0:0 length 20
but when i want to connect with this user
pihomeserver
commented
5 years ago Stop freeradius service and start freeradius in debug mode. You will see the error message. Pretty sure the secret key is the issue
indian65
commented
5 years ago The secret key are the same in the two folders When i start freeradius in debug mode
'%{Calling-Station-Id}', '', '%{Service-Type}', '%{Framed-Protocol}', '%{Framed-IP-Address}')" } interim-update { query = "UPDATE radacct SET acctupdatetime = (@acctupdatetime_old:=acctupdatetime), acctupdatetime = FROM_UNIXTIME(%{integer:Event-Timestamp}), acctinterval = %{integer:Event-Timestamp} - UNIX_TIMESTAMP(@acctupdatetime_old), framedipaddress = '%{Framed-IP-Address}', acctsessiontime = %{%{Acct-Session-Time}:-NULL}, acctinputoctets = '%{%{Acct-Input-Gigawords}:-0}' << 32 | '%{%{Acct-Input-Octets}:-0}', acctoutputoctets = '%{%{Acct-Output-Gigawords}:-0}' << 32 | '%{%{Acct-Output-Octets}:-0}' WHERE AcctUniqueId = '%{Acct-Unique-Session-Id}'" } stop { query = "UPDATE radacct SET acctstoptime = FROM_UNIXTIME(%{integer:Event-Timestamp}), acctsessiontime = %{%{Acct-Session-Time}:-NULL}, acctinputoctets = '%{%{Acct-Input-Gigawords}:-0}' << 32 | '%{%{Acct-Input-Octets}:-0}', acctoutputoctets = '%{%{Acct-Output-Gigawords}:-0}' << 32 | '%{%{Acct-Output-Octets}:-0}', acctterminatecause = '%{Acct-Terminate-Cause}', connectinfo_stop = '%{Connect-Info}' WHERE AcctUniqueId = '%{Acct-Unique-Session-Id}'" } } } post-auth { reference = ".query" query = "INSERT INTO radpostauth (username, pass, reply, authdate) VALUES ( '%{SQL-User-Name}', '%{%{User-Password}:-%{Chap-Password}}', '%{reply:Packet-Type}', '%S')" } } rlm_sql (sql): Driver rlm_sql_mysql (module rlm_sql_mysql) loaded and linked Creating attribute SQL-Group
logintime { minimum_timeout = 60 }
exec { wait = no input_pairs = "request" shell_escape = yes timeout = 10 }
files { filename = "/etc/freeradius/3.0/mods-config/files/authorize" acctusersfile = "/etc/freeradius/3.0/mods-config/files/accounting" preproxy_usersfile = "/etc/freeradius/3.0/mods-config/files/pre-proxy" }
linelog { filename = "/var/log/freeradius/linelog" escape_filenames = no syslog_severity = "info" permissions = 384 format = "This is a log message for %{User-Name}" reference = "messages.%{%{reply:Packet-Type}:-default}" }
linelog log_accounting { filename = "/var/log/freeradius/linelog-accounting" escape_filenames = no syslog_severity = "info" permissions = 384 format = "" reference = "Accounting-Request.%{%{Acct-Status-Type}:-unknown}" }
pap { normalise = yes }
realm IPASS { format = "prefix" delimiter = "/" ignore_default = no ignore_null = no }
realm suffix { format = "suffix" delimiter = "@" ignore_default = no ignore_null = no }
realm realmpercent { format = "suffix" delimiter = "%" ignore_default = no ignore_null = no }
realm ntdomain { format = "prefix" delimiter = "\" ignore_default = no ignore_null = no }
exec ntlm_auth { wait = yes program = "/path/to/ntlm_auth --request-nt-key --domain=MYDOMAIN --username=%{mschap:User-Name} --password=%{User-Password}" shell_escape = yes }
cache cache_eap { driver = "rlm_cache_rbtree" key = "%{%{control:State}:-%{%{reply:State}:-%{State}}}" ttl = 15 max_entries = 0 epoch = 0 add_stats = no }
attr_filter attr_filter.post-proxy { filename = "/etc/freeradius/3.0/mods-config/attr_filter/post-proxy" key = "%{Realm}" relaxed = no }
attr_filter attr_filter.pre-proxy { filename = "/etc/freeradius/3.0/mods-config/attr_filter/pre-proxy" key = "%{Realm}" relaxed = no }
attr_filter attr_filter.access_reject { filename = "/etc/freeradius/3.0/mods-config/attr_filter/access_reject" key = "%{User-Name}" relaxed = no }
attr_filter attr_filter.access_challenge { filename = "/etc/freeradius/3.0/mods-config/attr_filter/access_challenge" key = "%{User-Name}" relaxed = no }
attr_filter attr_filter.accounting_response { filename = "/etc/freeradius/3.0/mods-config/attr_filter/accounting_response" key = "%{User-Name}" relaxed = no }
radutmp sradutmp { filename = "/var/log/freeradius/sradutmp" username = "%{User-Name}" case_sensitive = yes check_with_nas = yes permissions = 420 caller_id = no }
mschap { use_mppe = yes require_encryption = no require_strong = no with_ntdomain_hack = yes passchange { } allow_retry = yes }
detail auth_log { filename = "/var/log/freeradius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d" header = "%t" permissions = 384 locking = no escape_filenames = no log_packet_header = no }
detail reply_log { filename = "/var/log/freeradius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/reply-detail-%Y%m%d" header = "%t" permissions = 384 locking = no escape_filenames = no log_packet_header = no }
detail pre_proxy_log { filename = "/var/log/freeradius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/pre-proxy-detail-%Y%m%d" header = "%t" permissions = 384 locking = no escape_filenames = no log_packet_header = no }
detail post_proxy_log { filename = "/var/log/freeradius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/post-proxy-detail-%Y%m%d" header = "%t" permissions = 384 locking = no escape_filenames = no log_packet_header = no }
unix { radwtmp = "/var/log/freeradius/radwtmp" } Creating attribute Unix-Group
sqlcounter dailycounter { sql_module_instance = "sql" key = "User-Name" query = "SELECT SUM(acctsessiontime - GREATEST((%%b - UNIX_TIMESTAMP(acctstarttime)), 0)) FROM radacct WHERE username = '%{User-Name}' AND UNIX_TIMESTAMP(acctstarttime) + acctsessiontime > '%%b'" reset = "daily" counter_name = "Daily-Session-Time" check_name = "Max-Daily-Session" reply_name = "Session-Timeout" }
sqlcounter weeklycounter { sql_module_instance = "sql" key = "User-Name" query = "SELECT IFNULL(SUM(AcctSessionTime),0) FROM radacct WHERE UserName='%{User-Name}'" reset = "weekly" counter_name = "Weekly-Session-Time" check_name = "Max-Weekly-Session" reply_name = "Session-Timeout" }
sqlcounter monthlycounter { sql_module_instance = "sql" key = "User-Name" query = "SELECT SUM(acctsessiontime - GREATEST((%%b - UNIX_TIMESTAMP(acctstarttime)), 0)) FROM radacct WHERE username='%{User-Name}' AND UNIX_TIMESTAMP(acctstarttime) + acctsessiontime > '%%b'" reset = "monthly" counter_name = "Monthly-Session-Time" check_name = "Max-Monthly-Session" reply_name = "Session-Timeout" }
sqlcounter quaterlycounter { sql_module_instance = "sql" key = "User-Name" query = "SELECT IFNULL(SUM(AcctSessionTime),0) FROM radacct WHERE UserName='%{User-Name}'" reset = "3m" counter_name = "Quaterly-Session-Time" check_name = "Max-Quaterly-Session" reply_name = "Session-Timeout" }
sqlcounter yearlycounter { sql_module_instance = "sql" key = "User-Name" query = "SELECT IFNULL(SUM(AcctSessionTime),0) FROM radacct WHERE UserName='%{User-Name}'" reset = "12m" counter_name = "Yearly-Session-Time" check_name = "Max-Yearly-Session" reply_name = "Session-Timeout" }
sqlcounter noresetcounter { sql_module_instance = "sql" key = "User-Name" query = "SELECT IFNULL(SUM(AcctSessionTime),0) FROM radacct WHERE UserName='%{User-Name}'" reset = "never" counter_name = "Max-All-Session-Time" check_name = "Max-All-Session" reply_name = "Session-Timeout" }
sqlcounter expire_on_login { sql_module_instance = "sql" key = "User-Name" query = "SELECT IFNULL( MAX(TIME_TO_SEC(TIMEDIFF(NOW(), acctstarttime))),0) FROM radacct WHERE UserName='%{User-Name}' ORDER BY acctstarttime LIMIT 1;" reset = "never" counter_name = "Expire-After-Initial-Login" check_name = "Expire-After" reply_name = "Session-Timeout" }
sqlcounter counterChilliSpotMaxTotalOctetsDaily { sql_module_instance = "sql" key = "User-Name" query = "SELECT IFNULL((SUM(AcctInputOctets + AcctOutputOctets)),0) FROM radacct WHERE UserName='%{User-Name}' AND UNIX_TIMESTAMP(AcctStartTime) + AcctSessionTime > '%%b'" reset = "daily" counter_name = "ChilliSpot-Max-Total-Octets-Daily" check_name = "CS-Total-Octets-Daily" reply_name = "ChilliSpot-Max-Total-Octets" }
sqlcounter counterChilliSpotMaxTotalOctetsWeekly { sql_module_instance = "sql" key = "User-Name" query = "SELECT IFNULL((SUM(AcctInputOctets + AcctOutputOctets)),0) FROM radacct WHERE UserName='%{User-Name}' AND UNIX_TIMESTAMP(AcctStartTime) + AcctSessionTime > '%%b'" reset = "weekly" counter_name = "ChilliSpot-Max-Total-Octets-Weekly" check_name = "CS-Total-Octets-Weekly" reply_name = "ChilliSpot-Max-Total-Octets" }
sqlcounter counterChilliSpotMaxTotalOctetsMonthly { sql_module_instance = "sql" key = "User-Name" query = "SELECT IFNULL((SUM(AcctInputOctets + AcctOutputOctets)),0)FROM radacct WHERE UserName='%{User-Name}' AND UNIX_TIMESTAMP(AcctStartTime) + AcctSessionTime > '%%b'" reset = "monthly" counter_name = "ChilliSpot-Max-Total-Octets-Monthly" check_name = "CS-Total-Octets-Monthly" reply_name = "ChilliSpot-Max-Total-Octets" }
sqlcounter counterChilliSpotMaxTotalOctetsQuarterly { sql_module_instance = "sql" key = "User-Name" query = "SELECT IFNULL((SUM(AcctInputOctets + AcctOutputOctets)),0) FROM radacct WHERE UserName='%{User-Name}' AND UNIX_TIMESTAMP(AcctStartTime) + AcctSessionTime > '%%b'" reset = "3m" counter_name = "ChilliSpot-Max-Total-Octets-Quarterly" check_name = "CS-Total-Octets-Quarterly" reply_name = "ChilliSpot-Max-Total-Octets" }
sqlcounter counterChilliSpotMaxTotalOctetsYearly { sql_module_instance = "sql" key = "User-Name" query = "SELECT IFNULL((SUM(AcctInputOctets + AcctOutputOctets)),0) FROM radacct WHERE UserName='%{User-Name}' AND UNIX_TIMESTAMP(AcctStartTime) + AcctSessionTime > '%%b'" reset = "12m" counter_name = "ChilliSpot-Max-Total-Octets-Yearly" check_name = "CS-Total-Octets-Yearly" reply_name = "ChilliSpot-Max-Total-Octets" }
sqlcounter counterChilliSpotMaxInputOctetsDaily { sql_module_instance = "sql" key = "User-Name" query = "SELECT IFNULL(SUM(AcctInputOctets),0) FROM radacct WHERE UserName='%{User-Name}' AND UNIX_TIMESTAMP(AcctStartTime) + AcctSessionTime > '%%b'" reset = "daily" counter_name = "ChilliSpot-Max-Input-Octets-Daily" check_name = "CS-Input-Octets-Daily" reply_name = "ChilliSpot-Max-Input-Octets" }
sqlcounter counterChilliSpotMaxInputOctetsWeekly { sql_module_instance = "sql" key = "User-Name" query = "SELECT IFNULL(SUM(AcctInputOctets),0) FROM radacct WHERE UserName='%{User-Name}' AND UNIX_TIMESTAMP(AcctStartTime) + AcctSessionTime > '%%b'" reset = "weekly" counter_name = "ChilliSpot-Max-Input-Octets-Weekly" check_name = "CS-Input-Octets-Weekly" reply_name = "ChilliSpot-Max-Input-Octets" }
sqlcounter counterChilliSpotMaxInputOctetsMonthly { sql_module_instance = "sql" key = "User-Name" query = "SELECT IFNULL(SUM(AcctInputOctets),0) FROM radacct WHERE UserName='%{User-Name}' AND UNIX_TIMESTAMP(AcctStartTime) + AcctSessionTime > '%%b'" reset = "monthly" counter_name = "ChilliSpot-Max-Input-Octets-Monthly" check_name = "CS-Input-Octets-Monthly" reply_name = "ChilliSpot-Max-Input-Octets" }
sqlcounter counterChilliSpotMaxInputOctetsQuarterly { sql_module_instance = "sql" key = "User-Name" query = "SELECT IFNULL(SUM(AcctInputOctets),0) FROM radacct WHERE UserName='%{User-Name}' AND UNIX_TIMESTAMP(AcctStartTime) + AcctSessionTime > '%%b'" reset = "3m" counter_name = "ChilliSpot-Max-Input-Octets-Quarterly" check_name = "CS-Input-Octets-Quarterly" reply_name = "ChilliSpot-Max-Input-Octets" }
sqlcounter counterChilliSpotMaxInputOctetsYearly { sql_module_instance = "sql" key = "User-Name" query = "SELECT IFNULL(SUM(AcctInputOctets),0) FROM radacct WHERE UserName='%{User-Name}' AND UNIX_TIMESTAMP(AcctStartTime) + AcctSessionTime > '%%b'" reset = "12m" counter_name = "ChilliSpot-Max-Input-Octets-Yearly" check_name = "CS-Input-Octets-Yearly" reply_name = "ChilliSpot-Max-Input-Octets" }
sqlcounter counterChilliSpotMaxOutputOctetsDaily { sql_module_instance = "sql" key = "User-Name" query = "SELECT IFNULL(SUM(AcctOutputOctets),0) FROM radacct WHERE UserName='%{User-Name}' AND UNIX_TIMESTAMP(AcctStartTime) + AcctSessionTime > '%%b'" reset = "daily" counter_name = "ChilliSpot-Max-Output-Octets-Daily" check_name = "CS-Output-Octets-Daily" reply_name = "ChilliSpot-Max-Output-Octets" }
sqlcounter counterChilliSpotMaxOutputOctetsWeekly { sql_module_instance = "sql" key = "User-Name" query = "SELECT IFNULL(SUM(AcctOutputOctets),0) FROM radacct WHERE UserName='%{User-Name}' AND UNIX_TIMESTAMP(AcctStartTime) + AcctSessionTime > '%%b'" reset = "weekly" counter_name = "ChilliSpot-Max-Output-Octets-Weekly" check_name = "CS-Output-Octets-Weekly" reply_name = "ChilliSpot-Max-Output-Octets" }
sqlcounter counterChilliSpotMaxOutputOctetsMonthly { sql_module_instance = "sql" key = "User-Name" query = "SELECT IFNULL(SUM(AcctOutputOctets),0) FROM radacct WHERE UserName='%{User-Name}' AND UNIX_TIMESTAMP(AcctStartTime) + AcctSessionTime > '%%b'" reset = "monthly" counter_name = "ChilliSpot-Max-Output-Octets-Monthly" check_name = "CS-Output-Octets-Monthly" reply_name = "ChilliSpot-Max-Output-Octets" }
sqlcounter counterChilliSpotMaxOutputOctetsQuarterly { sql_module_instance = "sql" key = "User-Name" query = "SELECT IFNULL(SUM(AcctOutputOctets),0) FROM radacct WHERE UserName='%{User-Name}' AND UNIX_TIMESTAMP(AcctStartTime) + AcctSessionTime > '%%b'" reset = "3m" counter_name = "ChilliSpot-Max-Output-Octets-Quarterly" check_name = "CS-Output-Octets-Quarterly" reply_name = "ChilliSpot-Max-Output-Octets" }
sqlcounter counterChilliSpotMaxOutputOctetsYearly { sql_module_instance = "sql" key = "User-Name" query = "SELECT IFNULL(SUM(AcctOutputOctets),0) FROM radacct WHERE UserName='%{User-Name}' AND UNIX_TIMESTAMP(AcctStartTime) + AcctSessionTime > '%%b'" reset = "12m" counter_name = "ChilliSpot-Max-Output-Octets-Yearly" check_name = "CS-Output-Octets-Yearly" reply_name = "ChilliSpot-Max-Output-Octets" }
detail { filename = "/var/log/freeradius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/detail-%Y%m%d" header = "%t" permissions = 384 locking = no escape_filenames = no log_packet_header = no }
expr { safecharacters = "@abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789.-: /äéöüàâæçèéêëîïôœùûüaÿÄÉÖÜßÀÂÆÇÈÉÊËÎÏÔŒÙÛÜŸ" }
soh { dhcp = yes }
passwd etc_passwd { filename = "/etc/passwd" format = "*User-Name:Crypt-Password:" delimiter = ":" ignore_nislike = no ignore_empty = yes allow_multiple_keys = no hash_size = 100 }
exec echo { wait = yes program = "/bin/echo %{User-Name}" input_pairs = "request" output_pairs = "reply" shell_escape = yes } instantiate { }
gtc { challenge = "Password: " auth_type = "PAP" }
tls { tls = "tls-common" } tls-config tls-common { verify_depth = 0 ca_path = "/etc/freeradius/3.0/certs" pem_file_type = yes private_key_file = "/etc/ssl/private/ssl-cert-snakeoil.key" certificate_file = "/etc/ssl/certs/ssl-cert-snakeoil.pem" ca_file = "/etc/ssl/certs/ca-certificates.crt" private_key_password = <<< secret >>> dh_file = "/etc/freeradius/3.0/certs/dh" fragment_size = 1024 include_length = yes auto_chain = yes check_crl = no check_all_crl = no cipher_list = "DEFAULT" ecdh_curve = "prime256v1" cache { enable = yes lifetime = 24 max_entries = 255 } verify { skip_if_ocsp_ok = no } ocsp { enable = no override_cert_url = yes url = "http://127.0.0.1/ocsp/" use_nonce = yes timeout = 0 softfail = no } }
ttls { tls = "tls-common" default_eap_type = "md5" copy_request_to_tunnel = no use_tunneled_reply = no virtual_server = "inner-tunnel" include_length = yes require_client_cert = no } tls: Using cached TLS configuration from previous invocation
peap { tls = "tls-common" default_eap_type = "mschapv2" copy_request_to_tunnel = no use_tunneled_reply = no proxy_tunneled_request_as_eap = yes virtual_server = "inner-tunnel" soh = no require_client_cert = no } tls: Using cached TLS configuration from previous invocation
mschapv2 { with_ntdomain_hack = no send_error = no }
reading pairlist file /etc/freeradius/3.0/mods-config/preprocess/huntgroups reading pairlist file /etc/freeradius/3.0/mods-config/preprocess/hints
rlm_sql_mysql: libmysql version: 10.1.37-MariaDB mysql { tls { } warnings = "auto" } rlm_sql (sql): Attempting to connect to database "radius" rlm_sql (sql): Initialising connection pool pool { start = 5 min = 3 max = 32 spare = 10 uses = 0 lifetime = 0 cleanup_interval = 30 idle_timeout = 60 retry_delay = 30 spread = no } rlm_sql (sql): Opening additional connection (0), 1 of 32 pending slots used rlm_sql_mysql: Starting connect to MySQL server rlm_sql_mysql: Connected to database 'radius' on Localhost via UNIX socket, server version 10.1.37-MariaDB-0+deb9u1, protocol version 10 rlm_sql (sql): Opening additional connection (1), 1 of 31 pending slots used rlm_sql_mysql: Starting connect to MySQL server rlm_sql_mysql: Connected to database 'radius' on Localhost via UNIX socket, server version 10.1.37-MariaDB-0+deb9u1, protocol version 10 rlm_sql (sql): Opening additional connection (2), 1 of 30 pending slots used rlm_sql_mysql: Starting connect to MySQL server rlm_sql_mysql: Connected to database 'radius' on Localhost via UNIX socket, server version 10.1.37-MariaDB-0+deb9u1, protocol version 10 rlm_sql (sql): Opening additional connection (3), 1 of 29 pending slots used rlm_sql_mysql: Starting connect to MySQL server rlm_sql_mysql: Connected to database 'radius' on Localhost via UNIX socket, server version 10.1.37-MariaDB-0+deb9u1, protocol version 10 rlm_sql (sql): Opening additional connection (4), 1 of 28 pending slots used rlm_sql_mysql: Starting connect to MySQL server rlm_sql_mysql: Connected to database 'radius' on Localhost via UNIX socket, server version 10.1.37-MariaDB-0+deb9u1, protocol version 10
reading pairlist file /etc/freeradius/3.0/mods-config/files/authorize reading pairlist file /etc/freeradius/3.0/mods-config/files/accounting reading pairlist file /etc/freeradius/3.0/mods-config/files/pre-proxy
rlm_cache (cache_eap): Driver rlm_cache_rbtree (module rlm_cache_rbtree) loaded and linked
reading pairlist file /etc/freeradius/3.0/mods-config/attr_filter/post-proxy
reading pairlist file /etc/freeradius/3.0/mods-config/attr_filter/pre-proxy
reading pairlist file /etc/freeradius/3.0/mods-config/attr_filter/access_reject [/etc/freeradius/3.0/mods-config/attr_filter/access_reject]:11 Check item "FreeRADIUS-Response-Delay" found in filter list for realm "DEFAULT". [/etc/freeradius/3.0/mods-config/attr_filter/access_reject]:11 Check item "FreeRADIUS-Response-Delay-USec" found in filter list for realm "DEFAULT".
reading pairlist file /etc/freeradius/3.0/mods-config/attr_filter/access_challenge
reading pairlist file /etc/freeradius/3.0/mods-config/attr_filter/accounting_response
rlm_mschap (mschap): using internal authentication
rlm_detail (auth_log): 'User-Password' suppressed, will not appear in detail output
rlm_sqlcounter: Current Time: 1549663155 [2019-02-08 22:59:15], Next reset 1549666800 [2019-02-09 00:00:00] rlm_sqlcounter: Current Time: 1549663155 [2019-02-08 22:59:15], Prev reset 1549580400 [2019-02-08 00:00:00]
rlm_sqlcounter: Current Time: 1549663155 [2019-02-08 22:59:15], Next reset 1549753200 [2019-02-10 00:00:00] rlm_sqlcounter: Current Time: 1549663155 [2019-02-08 22:59:15], Prev reset 1549148400 [2019-02-03 00:00:00]
rlm_sqlcounter: Current Time: 1549663155 [2019-02-08 22:59:15], Next reset 1551394800 [2019-03-01 00:00:00] rlm_sqlcounter: Current Time: 1549663155 [2019-02-08 22:59:15], Prev reset 1548975600 [2019-02-01 00:00:00]
rlm_sqlcounter: num=3, last=m rlm_sqlcounter: Current Time: 1549663155 [2019-02-08 22:59:15], Next reset 1556665200 [2019-05-01 01:00:00] rlm_sqlcounter: num=3, last=m rlm_sqlcounter: Current Time: 1549663155 [2019-02-08 22:59:15], Prev reset 1543618800 [2018-12-01 00:00:00]
rlm_sqlcounter: num=12, last=m rlm_sqlcounter: Current Time: 1549663155 [2019-02-08 22:59:15], Next reset 1580511600 [2020-02-01 00:00:00] rlm_sqlcounter: num=12, last=m rlm_sqlcounter: Current Time: 1549663155 [2019-02-08 22:59:15], Prev reset 1519858800 [2018-03-01 00:00:00]
rlm_sqlcounter: Current Time: 1549663155 [2019-02-08 22:59:15], Next reset 0 [2019-02-08 22:00:00] rlm_sqlcounter: Current Time: 1549663155 [2019-02-08 22:59:15], Prev reset 0 [2019-02-08 22:00:00]
rlm_sqlcounter: Current Time: 1549663155 [2019-02-08 22:59:15], Next reset 0 [2019-02-08 22:00:00] rlm_sqlcounter: Current Time: 1549663155 [2019-02-08 22:59:15], Prev reset 0 [2019-02-08 22:00:00]
rlm_sqlcounter: Current Time: 1549663155 [2019-02-08 22:59:15], Next reset 1549666800 [2019-02-09 00:00:00] rlm_sqlcounter: Current Time: 1549663155 [2019-02-08 22:59:15], Prev reset 1549580400 [2019-02-08 00:00:00]
rlm_sqlcounter: Current Time: 1549663155 [2019-02-08 22:59:15], Next reset 1549753200 [2019-02-10 00:00:00] rlm_sqlcounter: Current Time: 1549663155 [2019-02-08 22:59:15], Prev reset 1549148400 [2019-02-03 00:00:00]
rlm_sqlcounter: Current Time: 1549663155 [2019-02-08 22:59:15], Next reset 1551394800 [2019-03-01 00:00:00] rlm_sqlcounter: Current Time: 1549663155 [2019-02-08 22:59:15], Prev reset 1548975600 [2019-02-01 00:00:00]
rlm_sqlcounter: num=3, last=m rlm_sqlcounter: Current Time: 1549663155 [2019-02-08 22:59:15], Next reset 1556665200 [2019-05-01 01:00:00] rlm_sqlcounter: num=3, last=m rlm_sqlcounter: Current Time: 1549663155 [2019-02-08 22:59:15], Prev reset 1543618800 [2018-12-01 00:00:00]
rlm_sqlcounter: num=12, last=m rlm_sqlcounter: Current Time: 1549663155 [2019-02-08 22:59:15], Next reset 1580511600 [2020-02-01 00:00:00] rlm_sqlcounter: num=12, last=m rlm_sqlcounter: Current Time: 1549663155 [2019-02-08 22:59:15], Prev reset 1519858800 [2018-03-01 00:00:00]
rlm_sqlcounter: Current Time: 1549663155 [2019-02-08 22:59:15], Next reset 1549666800 [2019-02-09 00:00:00] rlm_sqlcounter: Current Time: 1549663155 [2019-02-08 22:59:15], Prev reset 1549580400 [2019-02-08 00:00:00]
rlm_sqlcounter: Current Time: 1549663155 [2019-02-08 22:59:15], Next reset 1549753200 [2019-02-10 00:00:00] rlm_sqlcounter: Current Time: 1549663155 [2019-02-08 22:59:15], Prev reset 1549148400 [2019-02-03 00:00:00]
rlm_sqlcounter: Current Time: 1549663155 [2019-02-08 22:59:15], Next reset 1551394800 [2019-03-01 00:00:00] rlm_sqlcounter: Current Time: 1549663155 [2019-02-08 22:59:15], Prev reset 1548975600 [2019-02-01 00:00:00]
rlm_sqlcounter: num=3, last=m rlm_sqlcounter: Current Time: 1549663155 [2019-02-08 22:59:15], Next reset 1556665200 [2019-05-01 01:00:00] rlm_sqlcounter: num=3, last=m rlm_sqlcounter: Current Time: 1549663155 [2019-02-08 22:59:15], Prev reset 1543618800 [2018-12-01 00:00:00]
rlm_sqlcounter: num=12, last=m rlm_sqlcounter: Current Time: 1549663155 [2019-02-08 22:59:15], Next reset 1580511600 [2020-02-01 00:00:00] rlm_sqlcounter: num=12, last=m rlm_sqlcounter: Current Time: 1549663155 [2019-02-08 22:59:15], Prev reset 1519858800 [2018-03-01 00:00:00]
rlm_sqlcounter: Current Time: 1549663155 [2019-02-08 22:59:15], Next reset 1549666800 [2019-02-09 00:00:00] rlm_sqlcounter: Current Time: 1549663155 [2019-02-08 22:59:15], Prev reset 1549580400 [2019-02-08 00:00:00]
rlm_sqlcounter: Current Time: 1549663155 [2019-02-08 22:59:15], Next reset 1549753200 [2019-02-10 00:00:00] rlm_sqlcounter: Current Time: 1549663155 [2019-02-08 22:59:15], Prev reset 1549148400 [2019-02-03 00:00:00]
rlm_sqlcounter: Current Time: 1549663155 [2019-02-08 22:59:15], Next reset 1551394800 [2019-03-01 00:00:00] rlm_sqlcounter: Current Time: 1549663155 [2019-02-08 22:59:15], Prev reset 1548975600 [2019-02-01 00:00:00]
rlm_sqlcounter: num=3, last=m rlm_sqlcounter: Current Time: 1549663155 [2019-02-08 22:59:15], Next reset 1556665200 [2019-05-01 01:00:00] rlm_sqlcounter: num=3, last=m rlm_sqlcounter: Current Time: 1549663155 [2019-02-08 22:59:15], Prev reset 1543618800 [2018-12-01 00:00:00]
rlm_sqlcounter: num=12, last=m rlm_sqlcounter: Current Time: 1549663155 [2019-02-08 22:59:15], Next reset 1580511600 [2020-02-01 00:00:00] rlm_sqlcounter: num=12, last=m rlm_sqlcounter: Current Time: 1549663155 [2019-02-08 22:59:15], Prev reset 1519858800 [2018-03-01 00:00:00]
rlm_passwd: nfields: 3 keyfield 0(User-Name) listable: no } # modules radiusd: #### Loading Virtual Servers #### server { # from file /etc/freeradius/3.0/radiusd.conf } # server server coa { # from file /etc/freeradius/3.0/sites-enabled/coa
} # server coa server default { # from file /etc/freeradius/3.0/sites-enabled/default
Ignoring "ldap" (see raddb/mods-available/README.rst)
} # server default server inner-tunnel { # from file /etc/freeradius/3.0/sites-enabled/inner-tunnel
} # server inner-tunnel radiusd: #### Opening IP addresses and Ports #### listen { type = "coa" virtual_server = "coa" ipaddr = port = 1700 } listen { type = "auth" ipaddr = port = 0 limit { max_connections = 16 lifetime = 0 idle_timeout = 30 } } listen { type = "acct" ipaddr = port = 0 limit { max_connections = 16 lifetime = 0 idle_timeout = 30 } } listen { type = "auth" ipv6addr = :: port = 0 limit { max_connections = 16 lifetime = 0 idle_timeout = 30 } } listen { type = "acct" ipv6addr = :: port = 0 limit { max_connections = 16 lifetime = 0 idle_timeout = 30 } } listen { type = "auth" ipaddr = 127.0.0.1 port = 18120 } Listening on coa address port 1700 bound to server coa Listening on auth address port 1812 bound to server default Listening on acct address port 1813 bound to server default Listening on auth address :: port 1812 bound to server default Listening on acct address :: port 1813 bound to server default Listening on auth address 127.0.0.1 port 18120 bound to server inner-tunnel Listening on proxy address * port 37393 Listening on proxy address :: port 33535 Ready to process requests
indian65
commented
5 years ago I don't know why, but my new user is accept this morning. Thanks for your help. Very good job.
Actual behavior
{Please write here}
Expected behavior
Impossible de créer un user, croix rouge systématiquement, quelque soit le type d'identification, idem avec un user créer en ligne de commande Les services freeradius fonctionnent. Là, je sèche. {Please write here}
Configuration parameters (if changed in the script)
Script installé sans modification {Please write here}
Logs
info: Dropping packet without response because of error. Receveid Accounting request packet ffrom client 127.0.0.1 with invalid request authenticator ( shared secret is incorrect)
Your environment
Additional comments
{Please write here, if there is something more to tell}