Página 2 de 2 PrimeiroPrimeiro 12
+ Responder ao Tópico



  1. #21
    Under-linux.Org Team Avatar de MarcusMaciel
    Ingresso
    Dec 2000
    Localização
    Boston
    Posts
    1.961
    Posts de Blog
    44

    Padrão

    Quando voce fez o radtest oq apareceu do lado do freeradius ?

  2. #22

    Padrão

    ficou assim no debug
    Clique na imagem para uma versão maior

Nome:	         Sem título 32.png
Visualizações:	163
Tamanho: 	29,2 KB
ID:      	51548

  3. #23
    Under-linux.Org Team Avatar de MarcusMaciel
    Ingresso
    Dec 2000
    Localização
    Boston
    Posts
    1.961
    Posts de Blog
    44

    Padrão

    Como voce pode ver o problema é bem obvio a shared secret esta errada.

    Corrige ela que vai resolver.

  4. #24

    Padrão

    Como Marcus pediu, o client.conf


    Código :
    # -*- text -*-
    ##
    ## clients.conf -- client configuration directives
    ##
    ##    $Id$
     
     
    #######################################################################
    #
    #  Define RADIUS clients (usually a NAS, Access Point, etc.).
     
     
    #
    #  Defines a RADIUS client.
    #
    #  '127.0.0.1' is another name for 'localhost'.  It is enabled by default,
    #  to allow testing of the server after an initial installation.  If you
    #  are not going to be permitting RADIUS queries from localhost, we suggest
    #  that you delete, or comment out, this entry.
    #
    #
     
     
    #
    #  Each client has a "short name" that is used to distinguish it from
    #  other clients.
    #
    #  In version 1.x, the string after the word "client" was the IP
    #  address of the client.  In 2.0, the IP address is configured via
    #  the "ipaddr" or "ipv6addr" fields.  For compatibility, the 1.x
    #  format is still accepted.
    #
    client localhost {
        #  Allowed values are:
        #    dotted quad (1.2.3.4)
        #       hostname    (radius.example.com)
        ipaddr = 127.0.0.1
     
     
        #  OR, you can use an IPv6 address, but not both
        #  at the same time.
    #    ipv6addr = ::    # any.  ::1 == localhost
     
     
        #
        #  A note on DNS:  We STRONGLY recommend using IP addresses
        #  rather than host names.  Using host names means that the
        #  server will do DNS lookups when it starts, making it
        #  dependent on DNS.  i.e. If anything goes wrong with DNS,
        #  the server won't start!
        #
        #  The server also looks up the IP address from DNS once, and
        #  only once, when it starts.  If the DNS record is later
        #  updated, the server WILL NOT see that update.
        #
     
     
        #  One client definition can be applied to an entire network.
        #  e.g. 127/8 should be defined with "ipaddr = 127.0.0.0" and
        #  "netmask = 8"
        #
        #  If not specified, the default netmask is 32 (i.e. /32)
        #
        #  We do NOT recommend using anything other than 32.  There
        #  are usually other, better ways to achieve the same goal.
        #  Using netmasks of other than 32 can cause security issues.
        #
        #  You can specify overlapping networks (127/8 and 127.0/16)
        #  In that case, the smallest possible network will be used
        #  as the "best match" for the client.
        #
        #  Clients can also be defined dynamically at run time, based
        #  on any criteria.  e.g. SQL lookups, keying off of NAS-Identifier,
        #  etc.
        #  See raddb/sites-available/dynamic-clients for details.
        #
     
     
    #    netmask = 32
     
     
        #
        #  The shared secret use to "encrypt" and "sign" packets between
        #  the NAS and FreeRADIUS.  You MUST change this secret from the
        #  default, otherwise it's not a secret any more!
        #
        #  The secret can be any string, up to 8k characters in length.
        #
        #  Control codes can be entered vi octal encoding,
        #    e.g. "\101\102" == "AB"
        #  Quotation marks can be entered by escaping them,
        #    e.g. "foo\"bar"
        #
        #  A note on security:  The security of the RADIUS protocol
        #  depends COMPLETELY on this secret!  We recommend using a
        #  shared secret that is composed of:
        #
        #    upper case letters
        #    lower case letters
        #    numbers
        #
        #  And is at LEAST 8 characters long, preferably 16 characters in
        #  length.  The secret MUST be random, and should not be words,
        #  phrase, or anything else that is recognizable.
        #
        #  The default secret below is only for testing, and should
        #  not be used in any real environment.
        #
        secret        = testing123
     
     
        #
        #  Old-style clients do not send a Message-Authenticator
        #  in an Access-Request.  RFC 5080 suggests that all clients
        #  SHOULD include it in an Access-Request.  The configuration
        #  item below allows the server to require it.  If a client
        #  is required to include a Message-Authenticator and it does
        #  not, then the packet will be silently discarded.
        #
        #  allowed values: yes, no
        require_message_authenticator = no
     
     
        #
        #  The short name is used as an alias for the fully qualified
        #  domain name, or the IP address.
        #
        #  It is accepted for compatibility with 1.x, but it is no
        #  longer necessary in 2.0
        #
    #    shortname    = localhost
     
     
        #
        # the following three fields are optional, but may be used by
        # checkrad.pl for simultaneous use checks
        #
     
     
        #
        # The nastype tells 'checkrad.pl' which NAS-specific method to
        #  use to query the NAS for simultaneous use.
        #
        #  Permitted NAS types are:
        #
        #    cisco
        #    computone
        #    livingston
        #    max40xx
        #    multitech
        #    netserver
        #    pathras
        #    patton
        #    portslave
        #    tc
        #    usrhiper
        #    other        # for all other types
     
     
        #
        nastype     = other    # localhost isn't usually a NAS...
     
     
        #
        #  The following two configurations are for future use.
        #  The 'naspasswd' file is currently used to store the NAS
        #  login name and password, which is used by checkrad.pl
        #  when querying the NAS for simultaneous use.
        #
    #    login       = !root
    #    password    = someadminpas
     
     
        #
        #  As of 2.0, clients can also be tied to a virtual server.
        #  This is done by setting the "virtual_server" configuration
        #  item, as in the example below.
        #
    #    virtual_server = home1
     
     
        #
        #  A pointer to the "home_server_pool" OR a "home_server"
        #  section that contains the CoA configuration for this
        #  client.  For an example of a coa home server or pool,
        #  see raddb/sites-available/originate-coa
    #    coa_server = coa
    }
     
     
    # IPv6 Client
    [URL="https://under-linux.org/usertag.php?do=list&action=hash&hash=client"]#client[/URL]  ::1 {
    #    secret        = testing123
    #    shortname    = localhost
    #}
    #
    # All IPv6 Site-local clients
    [URL="https://under-linux.org/usertag.php?do=list&action=hash&hash=client"]#client[/URL]  fe80::/16 {
    #    secret        = testing123
    #    shortname    = localhost
    #}
     
     
    [URL="https://under-linux.org/usertag.php?do=list&action=hash&hash=client"]#client[/URL]  some.host.org {
    #    secret        = testing123
    #    shortname    = localhost
    #}
     
     
    #
    #  You can now specify one secret for a network of clients.
    #  When a client request comes in, the BEST match is chosen.
    #  i.e. The entry from the smallest possible network.
    #
    [URL="https://under-linux.org/usertag.php?do=list&action=hash&hash=client"]#client[/URL]  192.168.0.0/24 {
    #    secret        = testing123-1
    #    shortname    = private-network-1
    #}
    #
    client  192.168.40.1 {
        secret        = 123456
        shortname    = RB750
    }
     
     
     
     
    [URL="https://under-linux.org/usertag.php?do=list&action=hash&hash=client"]#client[/URL]  10.10.10.10 {
    #    # secret and password are mapped through the "secrets" file.
    #    secret      = testing123
    #    shortname   = liv1
    #       # the following three fields are optional, but may be used by
    #       # checkrad.pl for simultaneous usage checks
    #    nastype     = livingston
    #    login       = !root
    #    password    = someadminpas
    #}
     
     
    #######################################################################
    #
    #  Per-socket client lists.  The configuration entries are exactly
    #  the same as above, but they are nested inside of a section.
    #
    #  You can have as many per-socket client lists as you have "listen"
    #  sections, or you can re-use a list among multiple "listen" sections.
    #
    #  Un-comment this section, and edit a "listen" section to add:
    #  "clients = per_socket_clients".  That IP address/port combination
    #  will then accept ONLY the clients listed in this section.
    #
    [URL="https://under-linux.org/usertag.php?do=list&action=hash&hash=client"]#client[/URL] s per_socket_clients {
    #    client 192.168.3.4 {
    #        secret = testing123
    #        }
    #}

  5. #25

    Padrão

    Quando tento logar pelo Hotspot o freeradius fica assim

    Clique na imagem para uma versão maior

Nome:	         Sem título3.png
Visualizações:	197
Tamanho: 	32,0 KB
ID:      	51549

  6. #26

    Padrão

    Fiz a modificaçao no client.conf

    client 192.168.40.1 {

    ipaddr = 192.168.40.1
    nastype = other
    secret = 123456
    shortname = RB750
    }


    dei ctrl+C
    e freeradius -X novamente


    tentei logar pelo hotspot
    Clique na imagem para uma versão maior

Nome:	         56.png
Visualizações:	183
Tamanho: 	27,4 KB
ID:      	51551

  7. #27

    Padrão

    freeradius -X
    Clique na imagem para uma versão maior

Nome:	         56.jpg
Visualizações:	177
Tamanho: 	34,7 KB
ID:      	51552

    depois que tento logar
    Clique na imagem para uma versão maior

Nome:	         56.jpg
Visualizações:	222
Tamanho: 	50,7 KB
ID:      	51553

  8. #28

    Padrão

    Tabela do db
    Clique na imagem para uma versão maior

Nome:	         Sem título7.jpg
Visualizações:	231
Tamanho: 	37,9 KB
ID:      	51554

  9. #29

    Padrão

    Mudei Auth-Type para PAP

    Código :
     
    rad_recv: Access-Request packet from host 192.168.40.1 port 40085, id=24, length=191
            NAS-Port-Type = Wireless-802.11
            Calling-Station-Id = "80:EE:73:1B:CD:CC"
            Called-Station-Id = "hotspot1"
            NAS-Port-Id = "teste"
            User-Name = "teste"
            NAS-Port = 2147483669
            Acct-Session-Id = "80000015"
            Framed-IP-Address = 10.0.5.254
            Mikrotik-Host-IP = 10.0.5.254
            CHAP-Challenge = 0x1a07368e7ad9033c2c3afc83f78eab52
            CHAP-Password = 0x66af1b7658d5787074736308e564e3900b
            Service-Type = Login-User
            WISPr-Logoff-URL = "http://10.0.5.1/logout"
            NAS-Identifier = "jatonet"
            NAS-IP-Address = 192.168.40.1
    # Executing section authorize from file /etc/freeradius/sites-enabled/default
    +- entering group authorize {...}
    ++[preprocess] returns ok
    [chap] Setting 'Auth-Type := CHAP'
    ++[chap] returns ok
    ++[mschap] returns noop
    ++[digest] returns noop
    [suffix] No '@' in User-Name = "teste", looking up realm NULL
    [suffix] No such realm "NULL"
    ++[suffix] returns noop
    [eap] No EAP-Message, not doing EAP
    ++[eap] returns noop
    ++[files] returns noop
    [sql]   expand: %{User-Name} -> teste
    [sql] sql_set_user escaped user --> 'teste'
    rlm_sql (sql): Reserving sql socket id: 4
    [sql]   expand: SELECT id, username, attribute, value, op           FROM radcheck           WHERE username = '%{SQL-User-Name}'           ORDER BY id -> SELECT id, username, attribute, value, op           FROM radcheck           WHERE username = 'teste'           ORDER BY id
    WARNING: Found User-Password == "...".
    WARNING: Are you sure you don't mean Cleartext-Password?
    WARNING: See "man rlm_pap" for more information.
    [sql] User found in radcheck table
    [sql]   expand: SELECT id, username, attribute, value, op           FROM radreply           WHERE username = '%{SQL-User-Name}'           ORDER BY id -> SELECT id, username, attribute, value, op           FROM radreply           WHERE username = 'teste'           ORDER BY id
    [sql]   expand: SELECT groupname           FROM radusergroup           WHERE username = '%{SQL-User-Name}'           ORDER BY priority -> SELECT groupname           FROM radusergroup           WHERE username = 'teste'           ORDER BY priority
    [sql]   expand: SELECT id, groupname, attribute,           Value, op           FROM radgroupcheck           WHERE groupname = '%{Sql-Group}'           ORDER BY id -> SELECT id, groupname, attribute,           Value, op           FROM radgroupcheck           WHERE groupname = 'bandalarga'           ORDER BY id
    [sql] User found in group bandalarga
    [sql]   expand: SELECT id, groupname, attribute,           value, op           FROM radgroupreply           WHERE groupname = '%{Sql-Group}'           ORDER BY id -> SELECT id, groupname, attribute,           value, op           FROM radgroupreply           WHERE groupname = 'bandalarga'           ORDER BY id
    rlm_sql (sql): Released sql socket id: 4
    ++[sql] returns ok
    ++[expiration] returns noop
    ++[logintime] returns noop
    [pap] WARNING: Auth-Type already set.  Not setting to PAP
    ++[pap] returns noop
    Found Auth-Type = PAP
    !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
    !!!    Replacing User-Password in config items with Cleartext-Password.     !!!
    !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
    !!! Please update your configuration so that the "known good"               !!!
    !!! clear text password is in Cleartext-Password, and not in User-Password. !!!
    !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
    # Executing group from file /etc/freeradius/sites-enabled/default
    +- entering group PAP {...}
    [pap] ERROR: You set 'Auth-Type = PAP' for a request that does not contain a User-Password attribute!
    ++[pap] returns invalid
    Failed to authenticate the user.
    Using Post-Auth-Type Reject
    # Executing group from file /etc/freeradius/sites-enabled/default
    +- entering group REJECT {...}
    [attr_filter.access_reject]     expand: %{User-Name} -> teste
    attr_filter: Matched entry DEFAULT at line 11
    ++[attr_filter.access_reject] returns updated
    Delaying reject of request 0 for 1 seconds
    Going to the next request
    Waking up in 0.9 seconds.
    rad_recv: Access-Request packet from host 192.168.40.1 port 40085, id=24, length=191
    Waiting to send Access-Reject to client RB750 port 40085 - ID: 24
    Waking up in 0.6 seconds.
    rad_recv: Access-Request packet from host 192.168.40.1 port 40085, id=24, length=191
    Waiting to send Access-Reject to client RB750 port 40085 - ID: 24
    Waking up in 0.3 seconds.
    Sending delayed reject for request 0
    Sending Access-Reject of id 24 to 192.168.40.1 port 40085
    Waking up in 4.9 seconds.
    Cleaning up request 0 ID 24 with timestamp +37
    Ready to process requests.

    apresentou isso

  10. #30

  11. #31

    Padrão

    Intão pessoal o @MarcusMaciel me deu uma grande ajuda, vou postar agora as correçoes que foram feitas.


    O tutorial que segui foi esse


    http://getlan.blogspot.com.br/2012/0...ao-de-uma.html


    as correçoes feitas foram




    no client.conf


    client 192.168.40.1 {
    ipaddr = 192.168.40.1
    nastype = other
    secret = 123456
    shortname = RB750
    }




    e modifiquei o auth-type no banco de dados


    Auth-Type = CHAP

    @oracl3 ja add no skype