ich bin neu hier und habe ein prob. ich möchte mein wlan mit eine freeradius absichern (username+passwd). in dem wlan wuseln ein debian, ein win winxp und ein wm 2003 rum. als server läuft ein debian etch. ich komme mit keinem der drei clients rein. ich bitte die lnge zu entschuldigen, aber zur sicherheit druck ich alle freeradius files, die uns helfen könnten ab.
radiusd.conf
Code: Alles auswählen
prefix = /usr
exec_prefix = /usr
sysconfdir = /etc
localstatedir = /var
sbindir = ${exec_prefix}/sbin
logdir = /var/log/freeradius
raddbdir = /etc/freeradius
radacctdir = ${logdir}/radacct
confdir = ${raddbdir}
run_dir = ${localstatedir}/run/freeradius
log_file = ${logdir}/radius.log
libdir = /usr/lib/freeradius
pidfile = ${run_dir}/freeradius.pid
user = freerad
group = freerad
max_request_time = 30
delete_blocked_requests = no
cleanup_delay = 5
max_requests = 1024
bind_address = 192.168.2.99
port = 0
hostname_lookups = no
allow_core_dumps = no
regular_expressions = yes
extended_expressions = yes
log_stripped_names = yes
log_auth = yes
log_auth_badpass = yes
log_auth_goodpass = no
checkrad = ${sbindir}/checkrad
security {
max_attributes = 200
reject_delay = 1
status_server = no
}
proxy_requests = yes
$INCLUDE ${confdir}/proxy.conf
$INCLUDE ${confdir}/clients.conf
snmp = no
$INCLUDE ${confdir}/snmp.conf
thread pool {
start_servers = 5
max_servers = 32
min_spare_servers = 3
max_spare_servers = 10
max_requests_per_server = 0
}
modules {
pap {
auto_header = yes
}
$INCLUDE ${confdir}/eap.conf
mschap {
# authtype = MS-CHAP
use_mppe = yes
require_encryption = yes
require_strong = yes
with_ntdomain_hack = yes
}
realm ntdomain {
format = prefix
delimiter = "\\"
}
# counter daily {
# filename = ${raddbdir}/db.daily
# key = User-Name
# count-attribute = Acct-Session-Time
# reset = daily
# counter-name = Daily-Session-Time
# check-name = Max-Daily-Session
# allowed-servicetype = Framed-User
# #return-attribute = Session-Timeout
# cache-size = 5000
# }
expiration {
reply-message = "Password Has Expired\r\n"
}
preprocess {
huntgroups = ${confdir}/huntgroups
hints = ${confdir}/hints
with_ascend_hack = no
with_ntdomain_hack = yes
with_specialix_jetstream_hack = no
with_cisco_vsa_hack = no
}
radutmp {
filename = ${logdir}/radutmp
username = %{User-Name}
case_sensitive = yes
check_with_nas = yes
perm = 0600
callerid = "yes"
}
detail auth_log {
detailfile = ${radacctdir}/%{Client-IP-Address}/auth-detail-%Y%m%d
detailperm = 0600
}
eap {
default_eap_type = leap
leap {
}
peap {
default_eap_type = mschapv2
}
mschapv2 {
}
}
files {
usersfile = ${confdir}/users
acctusersfile = ${confdir}/acct_users
preproxy_usersfile = ${confdir}/preproxy_users
compat = no
}
unix {
# radwtmp = ${logdir}/radwtmp
}
}
#instantiate {
# daily
#}
authorize {
preprocess
ntdomain
auth_log
mschap
files
eap
}
authenticate {
Auth-Type MS-CHAP {
mschap
}
eap
# unix
}
session {
radutmp
}
Code: Alles auswählen
DEFAULT Auth-Type = System
Fall-Through = 1
DEFAULT Service-Type == Framed-User
Framed-IP-Address = 255.255.255.254,
Framed-MTU = 576,
Service-Type = Framed-User,
Fall-Through = Yes
Code: Alles auswählen
rad_recv: Access-Request packet from host 192.168.2.101:65470, id=75, length=135
User-Name = "posinet\\DERUSERNAME"
NAS-Port-Type = Wireless-802.11
Called-Station-Id = "00-1B-11-F7-9D-CC"
Calling-Station-Id = "00-09-2D-0B-E7-B9"
NAS-IP-Address = 192.168.2.101
Framed-MTU = 1400
EAP-Message = 0x0201001501706f73696e65745c62656e6a616d696e
Message-Authenticator = 0xf16f70ac293f1fa32f3d3637ed2b173b
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 0
modcall[authorize]: module "preprocess" returns ok for request 0
rlm_realm: No '\' in User-Name = "DERUSERNAME", looking up realm NULL
rlm_realm: No such realm "NULL"
modcall[authorize]: module "ntdomain" returns noop for request 0
radius_xlat: '/var/log/freeradius/radacct/192.168.2.101/auth-detail-20080304'
rlm_detail: /var/log/freeradius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d expands to /var/log/freeradius/radacct/192.168.2.101/auth-detail-20080304
modcall[authorize]: module "auth_log" returns ok for request 0
modcall[authorize]: module "mschap" returns noop for request 0
users: Matched entry DEFAULT at line 1
modcall[authorize]: module "files" returns ok for request 0
rlm_eap: EAP packet type response id 1 length 21
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 0
modcall: leaving group authorize (returns updated) for request 0
rad_check_password: Found Auth-Type System
rad_check_password: Found Auth-Type EAP
Warning: Found 2 auth-types on request for user 'DERUSERNAME'
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 0
rlm_eap: Identity does not match User-Name, setting from EAP Identity.
rlm_eap: Failed in handler
modcall[authenticate]: module "eap" returns invalid for request 0
modcall: leaving group authenticate (returns invalid) for request 0
auth: Failed to validate the user.
mfg das posi
