Converting from GNU radius for a computone Client and an OpenVPN client using port 1645

classic Classic list List threaded Threaded
9 messages Options
| Threaded
Open this post in threaded view
|

Converting from GNU radius for a computone Client and an OpenVPN client using port 1645

Users mailing list
Currently I wish to convert from GNU radius to Free Radius.

I have a computione intelliserver on 192.168.5.4 using Shread
"Secret" to access to unix passwd file on 192.168.5.1 .

my gnu clients file

has server as wraparound and non-server like Routers and terminal servers
using Secret

My clients.conf as

server local ns1 foobar 1645 1646
source_ip ns1
timeout 3
retry 1

A config file with

option {}
logging{}
auth {}
acct {}
rewrite []

All defined

Hints file

DEFAULT Rewrite-Function = restore_nas_ip  Fall-Through = Yes

Naslist  with localhosy and 192.168.5.4 defined

nastypes typically defined

realms files

domain  ns1:1645
domain  ns2:1812

users

DEFAULT Auth-Type = System,
        Simultaneous-Use =1
        Service-Type = Framed-User,
        Framed-Protocol = PPP,
        Session-Timeout = 1day .

What is needed to convert this to Freeradius 3?

Openvpn radius plugin will assume to be not adjusted.
--
Member - Liberal International This is doctor@@nl2k.ab.ca Ici doctor@@nl2k.ab.ca
Yahweh, Queen & country!Never Satan President Republic!Beware AntiChrist rising!
nk.ca started 1 June 1995 . https://www.empire.kred/ROOTNK?t=94a1f39b 
Holding the church as Christ's head is not the act of a redeemed soul. -unknown
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
| Threaded
Open this post in threaded view
|

Re: Converting from GNU radius for a computone Client and an OpenVPN client using port 1645

Alan DeKok-2
On Jun 17, 2020, at 12:14 AM, The Doctor via Freeradius-Users <[hidden email]> wrote:
>
> Currently I wish to convert from GNU radius to Free Radius.

  Nice!  I never understood GNU radius.  It seemed to be a one-person project to get the *GNU* stamp on a RADIUS server.

  i.e. the GNU people don't like GPL code.  They like code that THEY own.  <sigh>

> What is needed to convert this to Freeradius 3?

  Well... you need to read the FreeRADIUS documentation and see how things relate.

  FreeRADIUS has a "hints" file.  it has a "users" file.  It has a "clients" file in clients.conf.  It has realms defined in proxy.conf.

  We don't have a detailed "howto" guide on converting from GNU RADIUS to FreeRADIUS.  GNU RADIUS was used by only a small number of people, and the project has been dead for over 10 years.

  I suggest going through the FreeRADIUS documents, and setting things up slowly.  The configuration files are well documented.  Just read them, and fill things in.

> Openvpn radius plugin will assume to be not adjusted.

  I don't know what that is, so I don't know.

  Alan DeKok.



-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
| Threaded
Open this post in threaded view
|

Re: Converting from GNU radius for a computone Client and an OpenVPN client using port 1645

Users mailing list
On Fri, Jun 19, 2020 at 11:19:19AM -0400, Alan DeKok wrote:
> On Jun 17, 2020, at 12:14 AM, The Doctor via Freeradius-Users <[hidden email]> wrote:
> >
> > Currently I wish to convert from GNU radius to Free Radius.
>
>   Nice!  I never understood GNU radius.  It seemed to be a one-person project to get the *GNU* stamp on a RADIUS server.
>
>   i.e. the GNU people don't like GPL code.  They like code that THEY own.  <sigh>

Yet I can get this to work on FreeBSD 12.1 and it was comiple on FreeBSD 10!

>
> > What is needed to convert this to Freeradius 3?
>
>   Well... you need to read the FreeRADIUS documentation and see how things relate.
>
>   FreeRADIUS has a "hints" file.  it has a "users" file.  It has a "clients" file in clients.conf.  It has realms defined in proxy.conf.
>
>   We don't have a detailed "howto" guide on converting from GNU RADIUS to FreeRADIUS.  GNU RADIUS was used by only a small number of people, and the project has been dead for over 10 years.
>
>   I suggest going through the FreeRADIUS documents, and setting things up slowly.  The configuration files are well documented.  Just read them, and fill things in.

Well I have been and the result so far has been

Wed Jun 17 19:34:12 2020 : Debug: Waking up in 3.9 seconds.
Wed Jun 17 19:34:16 2020 : Debug: (0) Cleaning up request packet ID 1 with timestamp +41
Wed Jun 17 19:34:16 2020 : Info: Ready to process requests
Wed Jun 17 19:34:20 2020 : Debug: Waking up in 0.3 seconds.
Wed Jun 17 19:34:20 2020 : Debug: Thread 2 got semaphore
Wed Jun 17 19:34:20 2020 : Debug: Thread 2 handling request 1, (1 handled so far)
Wed Jun 17 19:34:20 2020 : Debug: (1) Received Access-Request Id 2 from 204.209.81.4:1278 to 204.209.81.1:1645 length 56
Wed Jun 17 19:34:20 2020 : Debug: (1)   User-Name = "user from /etc/passwd setup"
Wed Jun 17 19:34:20 2020 : Debug: (1)   User-Password = "password from /etc/passwd setup"
Wed Jun 17 19:34:20 2020 : Debug: (1)   NAS-IP-Address = 192.168.5.4
Wed Jun 17 19:34:20 2020 : Debug: (1)   NAS-Port = 20
Wed Jun 17 19:34:20 2020 : Debug: (1) session-state: No State attribute
Wed Jun 17 19:34:20 2020 : Debug: (1) Empty authorize section.  Using default return values.
Wed Jun 17 19:34:20 2020 : ERROR: (1) No Auth-Type found: rejecting the user via Post-Auth-Type = Reject
Wed Jun 17 19:34:20 2020 : Debug: (1) Failed to authenticate the user
Wed Jun 17 19:34:20 2020 : Debug: (1) Using Post-Auth-Type Reject
Wed Jun 17 19:34:20 2020 : Debug: (1) Post-Auth-Type sub-section not found.  Ignoring.
Wed Jun 17 19:34:20 2020 : Debug: (1) Delaying response for 1.000000 seconds
Wed Jun 17 19:34:20 2020 : Debug: Thread 2 waiting to be assigned a request
Wed Jun 17 19:34:20 2020 : Debug: Waking up in 0.6 seconds.
Wed Jun 17 19:34:21 2020 : Debug: (1) Sending delayed response
Wed Jun 17 19:34:21 2020 : Debug: (1) Sent Access-Reject Id 2 from 204.209.81.1:1645 to 204.209.81.4:1278 length 20
Wed Jun 17 19:34:21 2020 : Debug: Waking up in 3.9 seconds.
Wed Jun 17 19:34:25 2020 : Debug: (1) Cleaning up request packet ID 2 with timestamp +50
Wed Jun 17 19:34:25 2020 : Info: Ready to process requests

And I am going, all right should I migrate or stay with GNU radius?

>
> > Openvpn radius plugin will assume to be not adjusted.
>
>   I don't know what that is, so I don't know.
>

All right.

>   Alan DeKok.
>
>

--
Member - Liberal International This is doctor@@nl2k.ab.ca Ici doctor@@nl2k.ab.ca
Yahweh, Queen & country!Never Satan President Republic!Beware AntiChrist rising!
nk.ca started 1 June 1995 . https://www.empire.kred/ROOTNK?t=94a1f39b 
Better shun the bait, than struggle in the snare.  -John Dryden
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
| Threaded
Open this post in threaded view
|

Re: Converting from GNU radius for a computone Client and an OpenVPN client using port 1645

Alan DeKok-2
On Jun 19, 2020, at 12:29 PM, The Doctor via Freeradius-Users <[hidden email]> wrote:
>>  I suggest going through the FreeRADIUS documents, and setting things up slowly.  The configuration files are well documented.  Just read them, and fill things in.
>
> Well I have been and the result so far has been

  Please read the docs...  http://wiki.freeradius.org/list-help

   We need to see "radiusd -X", not anything else.

> Wed Jun 17 19:34:12 2020 : Debug: Waking up in 3.9 seconds.
> Wed Jun 17 19:34:16 2020 : Debug: (0) Cleaning up request packet ID 1 with timestamp +41
> Wed Jun 17 19:34:16 2020 : Info: Ready to process requests
> Wed Jun 17 19:34:20 2020 : Debug: Waking up in 0.3 seconds.
> Wed Jun 17 19:34:20 2020 : Debug: Thread 2 got semaphore
> Wed Jun 17 19:34:20 2020 : Debug: Thread 2 handling request 1, (1 handled so far)
> Wed Jun 17 19:34:20 2020 : Debug: (1) Received Access-Request Id 2 from 204.209.81.4:1278 to 204.209.81.1:1645 length 56
> Wed Jun 17 19:34:20 2020 : Debug: (1)   User-Name = "user from /etc/passwd setup"
> Wed Jun 17 19:34:20 2020 : Debug: (1)   User-Password = "password from /etc/passwd setup"

  That's a bit unusual, but OK.  Typically the name and password are the actual name and password.

> Wed Jun 17 19:34:20 2020 : Debug: (1)   NAS-IP-Address = 192.168.5.4
> Wed Jun 17 19:34:20 2020 : Debug: (1)   NAS-Port = 20
> Wed Jun 17 19:34:20 2020 : Debug: (1) session-state: No State attribute
> Wed Jun 17 19:34:20 2020 : Debug: (1) Empty authorize section.  Using default return values.

   i.e. you deleted everything in the "authorize" section.

  Why?

> And I am going, all right should I migrate or stay with GNU radius?

  GNU RADIUS is dead.  You should migrate away from it.

  But PLEASE.  Read the docs and follow them.  It shouldn't be difficult.  Just read the files I told you about, and fill in the various fields.

  DON'T destroy the configuration files by randomly deleting things.  The documentation is VERY clear on this.  Read "man radiusd".  Read the howto guides on the Wiki.

  Alan DeKok.


-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
| Threaded
Open this post in threaded view
|

Re: Converting from GNU radius for a computone Client and an OpenVPN client using port 1645

Users mailing list
On Fri, Jun 19, 2020 at 01:33:28PM -0400, Alan DeKok wrote:
> On Jun 19, 2020, at 12:29 PM, The Doctor via Freeradius-Users <[hidden email]> wrote:
> >>  I suggest going through the FreeRADIUS documents, and setting things up slowly.  The configuration files are well documented.  Just read them, and fill things in.
> >
> > Well I have been and the result so far has been
>
>   Please read the docs...  http://wiki.freeradius.org/list-help

I have been.

>
>    We need to see "radiusd -X", not anything else.
>
> > Wed Jun 17 19:34:12 2020 : Debug: Waking up in 3.9 seconds.
> > Wed Jun 17 19:34:16 2020 : Debug: (0) Cleaning up request packet ID 1 with timestamp +41
> > Wed Jun 17 19:34:16 2020 : Info: Ready to process requests
> > Wed Jun 17 19:34:20 2020 : Debug: Waking up in 0.3 seconds.
> > Wed Jun 17 19:34:20 2020 : Debug: Thread 2 got semaphore
> > Wed Jun 17 19:34:20 2020 : Debug: Thread 2 handling request 1, (1 handled so far)
> > Wed Jun 17 19:34:20 2020 : Debug: (1) Received Access-Request Id 2 from 204.209.81.4:1278 to 204.209.81.1:1645 length 56
> > Wed Jun 17 19:34:20 2020 : Debug: (1)   User-Name = "user from /etc/passwd setup"
> > Wed Jun 17 19:34:20 2020 : Debug: (1)   User-Password = "password from /etc/passwd setup"
>
>   That's a bit unusual, but OK.  Typically the name and password are the actual name and password.
>
> > Wed Jun 17 19:34:20 2020 : Debug: (1)   NAS-IP-Address = 192.168.5.4
> > Wed Jun 17 19:34:20 2020 : Debug: (1)   NAS-Port = 20
> > Wed Jun 17 19:34:20 2020 : Debug: (1) session-state: No State attribute
> > Wed Jun 17 19:34:20 2020 : Debug: (1) Empty authorize section.  Using default return values.
>
>    i.e. you deleted everything in the "authorize" section.
>

Never touched the original files.

>   Why?
>
> > And I am going, all right should I migrate or stay with GNU radius?
>
>   GNU RADIUS is dead.  You should migrate away from it.
>
>   But PLEASE.  Read the docs and follow them.  It shouldn't be difficult.  Just read the files I told you about, and fill in the various fields.
>
>   DON'T destroy the configuration files by randomly deleting things.  The documentation is VERY clear on this.  Read "man radiusd".  Read the howto guides on the Wiki.
>

WEll I have been at it for 3 weeks.

Let's go to where is authorize section should be.

>   Alan DeKok.
>

--
Member - Liberal International This is doctor@@nl2k.ab.ca Ici doctor@@nl2k.ab.ca
Yahweh, Queen & country!Never Satan President Republic!Beware AntiChrist rising!
nk.ca started 1 June 1995 . https://www.empire.kred/ROOTNK?t=94a1f39b 
Better shun the bait, than struggle in the snare.  -John Dryden
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
| Threaded
Open this post in threaded view
|

Re: Converting from GNU radius for a computone Client and an OpenVPN client using port 1645

Alan DeKok-2
On Jun 19, 2020, at 2:04 PM, The Doctor <[hidden email]> wrote:
>>   i.e. you deleted everything in the "authorize" section.
>
> Never touched the original files.

  Not true.

  If you start the server using the default configuration files, it will NEVER produce the message:

"Empty authorize section.  Using default return values."

  The ONLY time it produces that message is when the default configuration files (a) aren't used, or (b) have been edited.

> WEll I have been at it for 3 weeks.
>
> Let's go to where is authorize section should be.

  Throw away all of the work you've done.  It's wrong.  It should take about a day to convert the GNU radius configuration you posted to the list.

  Go back to the default configuration files for FreeRADIUS.  Make ONE change.  i.e. edit the clients.conf file to add a client.  Then start the server, and see if it works.  Test ONE thing at a time.

  This is what "man radiusd" says to do.  I know, because I wrote it.  I wrote it because too many people butchered everything in the default config, and then posted on the list saying "I edited everything, and now it doesn't work".

  Use the default config.  Make small changes.  It WILL work.

  Alan DeKok.


-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
| Threaded
Open this post in threaded view
|

Re: Converting from GNU radius for a computone Client and an OpenVPN client using port 1645

Users mailing list
On Fri, Jun 19, 2020 at 02:10:42PM -0400, Alan DeKok wrote:

> On Jun 19, 2020, at 2:04 PM, The Doctor <[hidden email]> wrote:
> >>   i.e. you deleted everything in the "authorize" section.
> >
> > Never touched the original files.
>
>   Not true.
>
>   If you start the server using the default configuration files, it will NEVER produce the message:
>
> "Empty authorize section.  Using default return values."
>
>   The ONLY time it produces that message is when the default configuration files (a) aren't used, or (b) have been edited.
>
> > WEll I have been at it for 3 weeks.
> >
> > Let's go to where is authorize section should be.
>
>   Throw away all of the work you've done.  It's wrong.  It should take about a day to convert the GNU radius configuration you posted to the list.
>
>   Go back to the default configuration files for FreeRADIUS.  Make ONE change.  i.e. edit the clients.conf file to add a client.  Then start the server, and see if it works.  Test ONE thing at a time.
>
>   This is what "man radiusd" says to do.  I know, because I wrote it.  I wrote it because too many people butchered everything in the default config, and then posted on the list saying "I edited everything, and now it doesn't work".
>
>   Use the default config.  Make small changes.  It WILL work.

Just with people accessing the server quite readily, testing will be
somewhat limited.

>
>   Alan DeKok.
>

--
Member - Liberal International This is doctor@@nl2k.ab.ca Ici doctor@@nl2k.ab.ca
Yahweh, Queen & country!Never Satan President Republic!Beware AntiChrist rising!
nk.ca started 1 June 1995 . https://www.empire.kred/ROOTNK?t=94a1f39b 
Better shun the bait, than struggle in the snare.  -John Dryden
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
| Threaded
Open this post in threaded view
|

Re: Converting from GNU radius for a computone Client and an OpenVPN client using port 1645

Alan DeKok-2
On Jun 19, 2020, at 2:39 PM, The Doctor <[hidden email]> wrote:
> Just with people accessing the server quite readily, testing will be
> somewhat limited.

  You can install FreeRADIUS on your desktop.  It isn't difficult.  Or install it in a VM.

  Look for reasons to get things done.

  Alan DeKok.


-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
| Threaded
Open this post in threaded view
|

Re: Converting from GNU radius for a computone Client and an OpenVPN client using port 1645

Alan DeKok-2
On Jun 19, 2020, at 2:44 PM, Dave Shariff Yadallee - System Administrator a.k.a. The Root of the Problem <[hidden email]> wrote:
> This is using FreeBSD .

  This is getting annoying.

  You are not following the documentation.  You are arguing with every attempt by me to help you.

  Good luck getting this done.  You clearly don't need (or want) my help.

  Alan DeKok.


-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html