help-gnu-radius
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [Help-gnu-radius] Trying to test local authentication

From: Tucker, Nick
Subject: RE: [Help-gnu-radius] Trying to test local authentication
Date: Wed, 24 May 2006 14:12:23 -0400 
Ok,

I have added my Netcache in the clients file:

squid# tail clients
# For detailed description, run:
#       info Radius clients

#Client Name            Key
#----------------       -------------------
10.61.68.25             test1

squid#
(yes this addres has changed since yesterday since I am using a
different box)

Based on what your telling me, this "Key" is what the Netcache is asking
me when defineing the Radius server.  So I have defined it as follows:

Format: ip-address:port:password
10.61.29.33:1812:test1

Side-question:  For semantics purposes, should the Netcache call this
"password" a "key" instead?  Does all other Radius implementations call
this a "key"?

So in short:
10.61.68.25 = Netcache
10.61.29.33 = Fbsd with Radiusd

I start radiusd in this manner:

squid# radiusd -A -f -p=1812 -y -z

Heres the log of when it starts:
May 24 14:09:50 Main.info: Starting
May 24 14:09:50 Main.info: Terminating the subprocesses
May 24 14:09:50 Main.info: Loading configuration files.
May 24 14:09:50 Main.info: reading /usr/local/etc/raddb/config
May 24 14:09:50 Main.crit: AUTH bind: Address already in use
May 24 14:09:50 Main.error: /usr/local/etc/raddb/users:14: No
User-Password attribute in LHS
May 24 14:09:50 Main.error: /usr/local/etc/raddb/users:14: discarding
user `DEFAULT'
May 24 14:09:50 Main.info: /usr/local/etc/raddb/users reloaded.
May 24 14:09:50 Main.info: Ready
May 24 14:09:50 Main.info: Ready to process requests.
squid#

I have changed part of the users file to read like this:

## Default entry.
DEFAULT Auth-Type = Local,
                Simultaneous-Use = 1
        Service-Type = Framed-User,
                Framed-Protocol = PPP

Since I am not using SQL and everything needs to be done locally.

The problem remains:

May 24 14:09:50 Main.info: Ready to process requests.
May 24 14:11:10 Auth.error: (Access-Request 10.61.68.25 27 "admin" CLID=
=^]
): request from unknown client
May 24 14:11:16 Auth.error: (Access-Request 10.61.68.25 28 "admin" CLID=
=^]
): request from unknown client
squid#

I have tried also adding DEFAULT into clients, as an example states that
you can do this (and that its not recommended) - and even after
restarting radiusd, it still says request from unknown client, which I
thought DEFAULT would have surely taken care of.

Thanks again



-----Original Message-----
From: Sergey Poznyakoff [mailto:address@hidden 
Sent: Wednesday, May 24, 2006 5:38 AM
To: Tucker, Nick
Cc: address@hidden
Subject: Re: [Help-gnu-radius] Trying to test local authentication

Tucker, Nick <address@hidden> wrote:

> May 23 15:23:35 Auth.error: (Access-Request 10.61.68.65 59 "admin"
CLID=
> 
> =^]
> 
> ): request from unknown client

This means that the machine 10.61.68.65 is not described in your
raddb/clients file. This, in turn, results in: 
 
> When I traced this, I seen the request indeed using the "admin"
> username, however, the password is encrypted.

Passwords are always encrypted in RADIUS client to server communication.
To decrypt the password, radiusd must know the shared key used by
the remote party, hence the need for all termservers to be described in
raddb/clients.

Regards,
Sergey
reply via email to
[Prev in Thread] Current Thread [Next in Thread]