+ Responder ao Tópico



  1. Quando voce fez o radtest oq apareceu do lado do freeradius ?

  2. ficou assim no debug
    Clique na imagem para uma versão maior

Nome:	         Sem título 32.png
Visualizações:	49
Tamanho: 	29,2 KB
ID:      	51548



  3. Como voce pode ver o problema é bem obvio a shared secret esta errada.

    Corrige ela que vai resolver.

  4. Como Marcus pediu, o client.conf


    Código :
    # -*- text -*-
    ##
    ## clients.conf -- client configuration directives
    ##
    ##    $Id$
     
     
    #######################################################################
    #
    #  Define RADIUS clients (usually a NAS, Access Point, etc.).
     
     
    #
    #  Defines a RADIUS client.
    #
    #  '127.0.0.1' is another name for 'localhost'.  It is enabled by default,
    #  to allow testing of the server after an initial installation.  If you
    #  are not going to be permitting RADIUS queries from localhost, we suggest
    #  that you delete, or comment out, this entry.
    #
    #
     
     
    #
    #  Each client has a "short name" that is used to distinguish it from
    #  other clients.
    #
    #  In version 1.x, the string after the word "client" was the IP
    #  address of the client.  In 2.0, the IP address is configured via
    #  the "ipaddr" or "ipv6addr" fields.  For compatibility, the 1.x
    #  format is still accepted.
    #
    client localhost {
        #  Allowed values are:
        #    dotted quad (1.2.3.4)
        #       hostname    (radius.example.com)
        ipaddr = 127.0.0.1
     
     
        #  OR, you can use an IPv6 address, but not both
        #  at the same time.
    #    ipv6addr = ::    # any.  ::1 == localhost
     
     
        #
        #  A note on DNS:  We STRONGLY recommend using IP addresses
        #  rather than host names.  Using host names means that the
        #  server will do DNS lookups when it starts, making it
        #  dependent on DNS.  i.e. If anything goes wrong with DNS,
        #  the server won't start!
        #
        #  The server also looks up the IP address from DNS once, and
        #  only once, when it starts.  If the DNS record is later
        #  updated, the server WILL NOT see that update.
        #
     
     
        #  One client definition can be applied to an entire network.
        #  e.g. 127/8 should be defined with "ipaddr = 127.0.0.0" and
        #  "netmask = 8"
        #
        #  If not specified, the default netmask is 32 (i.e. /32)
        #
        #  We do NOT recommend using anything other than 32.  There
        #  are usually other, better ways to achieve the same goal.
        #  Using netmasks of other than 32 can cause security issues.
        #
        #  You can specify overlapping networks (127/8 and 127.0/16)
        #  In that case, the smallest possible network will be used
        #  as the "best match" for the client.
        #
        #  Clients can also be defined dynamically at run time, based
        #  on any criteria.  e.g. SQL lookups, keying off of NAS-Identifier,
        #  etc.
        #  See raddb/sites-available/dynamic-clients for details.
        #
     
     
    #    netmask = 32
     
     
        #
        #  The shared secret use to "encrypt" and "sign" packets between
        #  the NAS and FreeRADIUS.  You MUST change this secret from the
        #  default, otherwise it's not a secret any more!
        #
        #  The secret can be any string, up to 8k characters in length.
        #
        #  Control codes can be entered vi octal encoding,
        #    e.g. "\101\102" == "AB"
        #  Quotation marks can be entered by escaping them,
        #    e.g. "foo\"bar"
        #
        #  A note on security:  The security of the RADIUS protocol
        #  depends COMPLETELY on this secret!  We recommend using a
        #  shared secret that is composed of:
        #
        #    upper case letters
        #    lower case letters
        #    numbers
        #
        #  And is at LEAST 8 characters long, preferably 16 characters in
        #  length.  The secret MUST be random, and should not be words,
        #  phrase, or anything else that is recognizable.
        #
        #  The default secret below is only for testing, and should
        #  not be used in any real environment.
        #
        secret        = testing123
     
     
        #
        #  Old-style clients do not send a Message-Authenticator
        #  in an Access-Request.  RFC 5080 suggests that all clients
        #  SHOULD include it in an Access-Request.  The configuration
        #  item below allows the server to require it.  If a client
        #  is required to include a Message-Authenticator and it does
        #  not, then the packet will be silently discarded.
        #
        #  allowed values: yes, no
        require_message_authenticator = no
     
     
        #
        #  The short name is used as an alias for the fully qualified
        #  domain name, or the IP address.
        #
        #  It is accepted for compatibility with 1.x, but it is no
        #  longer necessary in 2.0
        #
    #    shortname    = localhost
     
     
        #
        # the following three fields are optional, but may be used by
        # checkrad.pl for simultaneous use checks
        #
     
     
        #
        # The nastype tells 'checkrad.pl' which NAS-specific method to
        #  use to query the NAS for simultaneous use.
        #
        #  Permitted NAS types are:
        #
        #    cisco
        #    computone
        #    livingston
        #    max40xx
        #    multitech
        #    netserver
        #    pathras
        #    patton
        #    portslave
        #    tc
        #    usrhiper
        #    other        # for all other types
     
     
        #
        nastype     = other    # localhost isn't usually a NAS...
     
     
        #
        #  The following two configurations are for future use.
        #  The 'naspasswd' file is currently used to store the NAS
        #  login name and password, which is used by checkrad.pl
        #  when querying the NAS for simultaneous use.
        #
    #    login       = !root
    #    password    = someadminpas
     
     
        #
        #  As of 2.0, clients can also be tied to a virtual server.
        #  This is done by setting the "virtual_server" configuration
        #  item, as in the example below.
        #
    #    virtual_server = home1
     
     
        #
        #  A pointer to the "home_server_pool" OR a "home_server"
        #  section that contains the CoA configuration for this
        #  client.  For an example of a coa home server or pool,
        #  see raddb/sites-available/originate-coa
    #    coa_server = coa
    }
     
     
    # IPv6 Client
    [URL="https://under-linux.org/usertag.php?do=list&action=hash&hash=client"]#client[/URL]  ::1 {
    #    secret        = testing123
    #    shortname    = localhost
    #}
    #
    # All IPv6 Site-local clients
    [URL="https://under-linux.org/usertag.php?do=list&action=hash&hash=client"]#client[/URL]  fe80::/16 {
    #    secret        = testing123
    #    shortname    = localhost
    #}
     
     
    [URL="https://under-linux.org/usertag.php?do=list&action=hash&hash=client"]#client[/URL]  some.host.org {
    #    secret        = testing123
    #    shortname    = localhost
    #}
     
     
    #
    #  You can now specify one secret for a network of clients.
    #  When a client request comes in, the BEST match is chosen.
    #  i.e. The entry from the smallest possible network.
    #
    [URL="https://under-linux.org/usertag.php?do=list&action=hash&hash=client"]#client[/URL]  192.168.0.0/24 {
    #    secret        = testing123-1
    #    shortname    = private-network-1
    #}
    #
    client  192.168.40.1 {
        secret        = 123456
        shortname    = RB750
    }
     
     
     
     
    [URL="https://under-linux.org/usertag.php?do=list&action=hash&hash=client"]#client[/URL]  10.10.10.10 {
    #    # secret and password are mapped through the "secrets" file.
    #    secret      = testing123
    #    shortname   = liv1
    #       # the following three fields are optional, but may be used by
    #       # checkrad.pl for simultaneous usage checks
    #    nastype     = livingston
    #    login       = !root
    #    password    = someadminpas
    #}
     
     
    #######################################################################
    #
    #  Per-socket client lists.  The configuration entries are exactly
    #  the same as above, but they are nested inside of a section.
    #
    #  You can have as many per-socket client lists as you have "listen"
    #  sections, or you can re-use a list among multiple "listen" sections.
    #
    #  Un-comment this section, and edit a "listen" section to add:
    #  "clients = per_socket_clients".  That IP address/port combination
    #  will then accept ONLY the clients listed in this section.
    #
    [URL="https://under-linux.org/usertag.php?do=list&action=hash&hash=client"]#client[/URL] s per_socket_clients {
    #    client 192.168.3.4 {
    #        secret = testing123
    #        }
    #}



  5. Quando tento logar pelo Hotspot o freeradius fica assim

    Clique na imagem para uma versão maior

Nome:	         Sem título3.png
Visualizações:	54
Tamanho: 	32,0 KB
ID:      	51549






Tópicos Similares

  1. Freeradius 2.x no Debian Lenny (Tutorial)
    Por netxtreme no fórum Redes
    Respostas: 14
    Último Post: 08-11-2012, 17:37
  2. freeradius no debian lenny
    Por pedrovigia no fórum Sistemas Operacionais
    Respostas: 3
    Último Post: 24-04-2009, 16:59
  3. Fontes True Type no Debian e no Slackware
    Por Mandrake no fórum Servidores de Rede
    Respostas: 4
    Último Post: 11-01-2003, 15:10
  4. FreeRadius
    Por no fórum Servidores de Rede
    Respostas: 5
    Último Post: 28-12-2002, 11:45
  5. Inicialização no Debian
    Por gil_maq no fórum Servidores de Rede
    Respostas: 3
    Último Post: 29-11-2002, 10:14

Visite: BR-Linux ·  VivaOLinux ·  Dicas-L