Testing radius server
A.L.M.Buxey at lboro.ac.uk
Thu Dec 10 22:40:01 CET 2009
> Radius -X is always on, and I went through the clients.conf file. -X gives a lot information, since you asked here is my understanding. I'm not a programmer so some of them are cryptic to me. I put in comments to what I think they are, but they are only guesses. I would be very thankful if you can shed lights on them.
> Also, there is file experimental.conf stated in eap.conf, but did not exist. It may have some useful information.
i think you need to start with the basics before you start playing with experimental features! ;-)
> root at Crest raddb]# radtest cisco cisco 127.0.0.1 200 testing123
okay - very simple. we now look to see what happens....i've cut out the basic bits
to answer your questions
> ++[preprocess] returns ok ;what is preprocess and what does it do?
Contains the functions for the "huntgroups" and "hints" - if you use those files then
they'll seed the request so you can deal with it
> ++[chap] returns noop ;I can tell that chap was not selected as a protocol, right?
> ++[mschap] returns noop ;as above
> [suffix] No '@' in User-Name = "cisco", looking up realm NULL ;why @ is expected in a name or password?
@ is not 'expected' - but if its present then the suffix module will do stuff.
> [suffix] No such realm "NULL" ;what this mean?
exactly what it says - there wasnt a suffix, so the value is NULL but the suffix module
found no NULL realm in your config
> [eap] No EAP-Message, not doing EAP ;eap is not auth protocol.
correct - this isnt an EAP message
> ++[unix] returns notfound ;what is this?
unix passwd support. if you dont want to use /etc/passwd etc then comment 'unix' module out
> ++[files] returns noop ?
this is the big one - this is saying that files module found no information - this suggests that eg
you dont have
cisco Cleartext-Password := "cisco"
in your users file. if you do then you are looking at the wrong users file - /etc/raddb/users or
> ++[expiration] returns noop ?
> ++[logintime] returns noop ?
2 modules that deal with exactly what they say - expiration and logintime - these are authorisation
> [pap] WARNING! No "known good" password found for the user. Authentication may fail because of this. ;I do have a password (cisco).
PAP could not find your configured user - it relies on at least one of the previous methods to get such a user!
> No authenticate method (Auth-Type) configuration found for the request: Rejecting the user ;this look like authentication protocol is a must before the process can work, however, eap.conf file is there and eap is uncommented out with it’s arguments. ?
radtest doesnt do EAP you need to use one of the tests that does do EAP.
anyway....I can safely state that if you install a fresh FreeRADIUS you should be able to
add an example user to the users file (as I state above!) and do a radtest and test the whole
thing within minutes.
More information about the Freeradius-Users