|
|
|
| My friends, I am back in Linux Hell
This time, I am trying to set up RADIUS on a linux box. I installed Cistron Radius 1.6.6 on a Red Hat 7.3 box. I want RADIUS to handle the authentication to my Cisco routers.
I set up a test user as follows:
freak Auth-Type = System
I want the authentication process to use the /etc/passwd file on the linux box so that there is no clear text password kicking around.
I am running radiusd in debug mode, and I get the following:
radrecv: Packet from host 10.0.0.1
NAS-IP-ADDRESS: 10.0.0.1
NAS-PORT = 66
User-Name = freak
User-Password = 34/545/56/67/78/
users: matched freak at line 199
auth: System
Sending Reject of id 38 to 10.0.0.1
Login Incorrect: [freak/werfgfgytfy] from 10.0.0.1
Any ideas??? | |
| Mr. Linux Guy 2002-12-11, 9:15 am |
| Did you try running it in debugging mode to get more informative error messages?
# radiusd -xxyz -l stdout
Try it and see if you get some more info. | |
|
| that's how I got the info I posted... | |
| Mr. Linux Guy 2002-12-11, 9:34 am |
| Ok, not very informative. Have you checked any error logs to see if more info was included? Also, what do you have auth-Type set to? If you are using the wrong authentication type, your login attempts will automatically be rejected. | |
|
| the log in /var/log/radius.log is basically useless in this situation. I am not aware of any other log.
My original post does state that my users file indeed features the entry Auth-Type = System for the user in question.
Note that I also tried to go with a local authentication instead just to test it, and still no go.
Furthermore, I tried to log on with the right password, then with the wrong password on purpose, to compare the debug info, and they look identical. I wonder if it is a case of RADIUS and Linux encryption are not the same? This is really starting to get on my nerves, as it has been an on-going issue for 4 days straight now... grrrrr  | |
| Mr. Linux Guy 2002-12-11, 9:42 am |
| What do the entries in your user file look like? Might be a syntax problem. | |
| freak 2002-12-11, 11:38 am |
| freak Auth-Type = System | |
| Mr. Linux Guy 2002-12-11, 12:22 pm |
| quote:
Originally posted by freak
freak Auth-Type = System
Your user file. Where you add the password for that user. Should look something like:
freak Auth-Type := Local, Password == "freak"
Reply-Message += "Bonjour, freak" | |
|
| nope, I am using the /etc/passwd file, hence the Auth = System entry in the users file. | |
| Mr. Linux Guy 2002-12-12, 6:57 am |
| quote:
Originally posted by freak
nope, I am using the /etc/passwd file, hence the Auth = System entry in the users file.
Not sure . . . I will take a look at the mailing list archives and see if there are any other similar problems. The encryption shouldn't be a problem, I wouldn't think, but I will check it out and see if it could be. | |
|
| I found the issue... the irony is thick enough to choke on.
First I installed freeRadius on a RH 8.0 box. Big mistake, the thing just would not work no matter what.
Installed freeRadius on a RH 7.3 box. Installed like a charm. Then my boxx wanted to use a webmin module with the Radius setup, so I uninstalled freeRadius and installed Cistron instead, since there is a webmin module for it.
So I recreated all the config files necessary and used the Webmin tool to reload them and restart the server.
But it never worked and I could never authenticate from the router.
i used the debug mode on the radius server and on the router to try and gain more info.
one thing that surprised me was that whether I changed the user authentication from local to system or not, the debug info always showed the use of system auth.
Guess what: the webmin module does not work. It never reloaded the files. In other words, the files looked good because they *were*. That's why i could not find anything wrong with the syntax. Once I reloaded them by hand it worked flawlessly.
4 days wasted.... grrrrrrrrrrrrrrrrrrrrr. | |
|
| although this exercise in apparent futility certainly has made me learn a whole lot about Radius -- a whole lot more than I wanted to anyway  | |
| Mr. Linux Guy 2002-12-12, 8:00 am |
| quote:
Originally posted by freak
although this exercise in apparent futility certainly has made me learn a whole lot about Radius -- a whole lot more than I wanted to anyway
Never underestimate the value of futile work. That's the way I learned Linux in the first place.
BTW, great job! | |
| Mr. Linux Guy 2002-12-12, 8:03 am |
| quote:
Originally posted by freak
I found the issue... the irony is thick enough to choke on.
First I installed freeRadius on a RH 8.0 box. Big mistake, the thing just would not work no matter what.
Installed freeRadius on a RH 7.3 box. Installed like a charm. Then my boxx wanted to use a webmin module with the Radius setup, so I uninstalled freeRadius and installed Cistron instead, since there is a webmin module for it.
So I recreated all the config files necessary and used the Webmin tool to reload them and restart the server.
But it never worked and I could never authenticate from the router.
i used the debug mode on the radius server and on the router to try and gain more info.
one thing that surprised me was that whether I changed the user authentication from local to system or not, the debug info always showed the use of system auth.
Guess what: the webmin module does not work. It never reloaded the files. In other words, the files looked good because they *were*. That's why i could not find anything wrong with the syntax. Once I reloaded them by hand it worked flawlessly.
4 days wasted.... grrrrrrrrrrrrrrrrrrrrr.
Great work! And c'mon! That's 4 days (!) of extra experience you got!  | |
|
| true, but it's not like this is the only project I had to work on I wish I had had the same time dedicated to other tasks. But as I said, it was an interesting experience. | |
| Mr. Linux Guy 2002-12-12, 8:45 am |
| quote:
Originally posted by freak
true, but it's not like this is the only project I had to work on I wish I had had the same time dedicated to other tasks. But as I said, it was an interesting experience.
Well, thats IT for you . . . you always have about a dozen things to do at once. The time you put into it does help you grok the system/app. No pain, no gain, as they say. You'll be a guru in no time. | |
|
| Ha! Me as a Linux guru would be a sight to behold
Thanks for the help! | |
| Mr. Linux Guy 2002-12-12, 8:56 am |
| quote:
Originally posted by freak
Ha! Me as a Linux guru would be a sight to behold
Thanks for the help!
What help? You solved it yourself. | |
|
| true, but you made me look at the files again. Plus it was nice to receive the moral support in time of need |
|
|
|