Last post about FreeRadius (available on this LINK) introduced FreeRadius and basic installation steps (install from RPM and directly from source). My advice is to install from source (frequent updates, less bugs, etc). Also, please remember that FreeRadius is active project and you should always stick to the official site and wiki. Very often all of the documentation on “third party” web sites is outdated.
I suppose you already installed the FreeRadius (from source) and now I will try to explain a few basic steps.
Files
-rw-r----- 1 root root 671 Jan 27 15:54 acct_users -rw-r----- 1 root root 4174 Jan 27 15:54 attrs -rw-r----- 1 root root 513 Jan 27 15:54 attrs.access_challenge -rw-r----- 1 root root 458 Jan 27 15:54 attrs.access_reject -rw-r----- 1 root root 437 Jan 27 15:54 attrs.accounting_response -rw-r----- 1 root root 2022 Jan 27 15:54 attrs.pre-proxy drwxr-x--- 2 root root 4096 Jan 27 16:00 certs -rw-r----- 1 root root 6703 Jan 27 15:54 clients.conf -rw-r----- 1 root root 883 Jan 27 15:54 dictionary -rw-r----- 1 root root 18063 Jan 27 15:54 eap.conf -rwxr-xr-x 1 root root 4744 Jan 27 15:54 example.pl -rw-r----- 1 root root 12722 Jan 27 15:54 experimental.conf -rw-r----- 1 root root 2352 Jan 27 15:54 hints -rw-r----- 1 root root 1604 Jan 27 15:54 huntgroups -rw-r----- 1 root root 3218 Jan 27 15:54 ldap.attrmap drwxr-x--- 2 root root 4096 Jan 27 15:54 modules -rw-r----- 1 root root 2840 Jan 27 15:54 policy.conf -rw-r----- 1 root root 4873 Jan 27 15:54 policy.txt -rw-r----- 1 root root 984 Jan 27 15:54 preproxy_users -rw-r----- 1 root root 26529 Jan 27 15:54 proxy.conf -rw-r----- 1 root root 27238 Jan 27 15:54 radiusd.conf drwxr-x--- 2 root root 4096 Jan 27 15:54 sites-available drwxr-x--- 2 root root 4096 Jan 27 15:54 sites-enabled drwxr-x--- 7 root root 4096 Jan 27 15:54 sql -rw-r----- 1 root root 3042 Jan 27 15:54 sql.conf -rw-r----- 1 root root 2475 Jan 27 15:54 sqlippool.conf -rw-r----- 1 root root 3597 Jan 27 15:54 templates.conf -rw-r----- 1 root root 6524 Jan 27 15:54 users |
Initial test
Start the server with
# radiusd |
The easiest way to test your radius installation is via radtest utility. It is a fast and convenient way to test a radius server. The radtest syntax is
radtest [-d raddb_directory] [-t pap/chap/mschap] [-x ] user password radius-server nas-port-number secret [ppphint] [nasname] |
In this case lets test with user “user” and password “password” on localhost (127.0.0.1) with secret testing123
# radtest user password 127.0.0.1 0 testing123 |
You should see something like this:
[root@test raddb]# radtest user password 127.0.0.1 0 testing123
Sending Access-Request of id 245 to 127.0.0.1 port 1812
User-Name = "user"
User-Password = "password"
NAS-IP-Address = 192.168.1.10
NAS-Port = 0
rad_recv: Access-Reject packet from host 127.0.0.1 port 1812, id=245, length=20 |
Notice the Access-Reject message. This is the normal message because user “user” doesn’t exist.
Now add
user Cleartext-Password := "password" |
inside users file (at the top, before anything else). Save the file, restart radius server (pkill radiusd, radiusd) and test again.
# radtest user password 127.0.0.1 0 testing123 |
[root@test raddb]# radtest user password 127.0.0.1 0 testing123
Sending Access-Request of id 53 to 127.0.0.1 port 1812
User-Name = "user"
User-Password = "password"
NAS-IP-Address = 192.168.1.10
NAS-Port = 0
rad_recv: Access-Accept packet from host 127.0.0.1 port 1812, id=53, length=20 |
Fine. Now we have a Access-Accept message.
If you notice some problems wile testing, start the server in debug mode (radiusd -X) and test it from the new terminal window. In debug mode you will have more details so it is very easy to find out where the problem is.
In next post, I will write something about basic configuration (which config files you should check), how to assign FreeRadius and MySQL (or other database).
Stay tuned.
When I start debug nothing error but when I use ” radtest user password 127.0.0.1 0 testing123″ it show radclient: no response from server for ID 97 socket 3. what wrong? how to fix it? plz I need your help
Try radtest user password localhost 0 testing123
Also, try to run radiusd -X in one terminal and the command radtest user password 127.0.0.1 0 testing123 in the second and see what is the problem
when i run (user Cleartext-Password := “password”) i get this error bash: user: command not found… wh<t is missing and i don't really understand what you mean here (inside users file (at the top, before anything else). Save the file, restart radius server (pkill radiusd, radiusd) and test again.) in your instructions supporting the above mentioned command that am getting an error i know am missing something but can't figure out
@Mwayi
You need to read a complete post once again…
I did’t wrote
“exec user Cleartext-Password := “password””
I wrote ADD LINE “user Cleartext-Password := “password” ” INSIDE users file which is located inside raddb dir.
Then EXEC
radtest user password 127.0.0.1 0 testing123
bash: /usr/local/etc/raddb/users: Permission denied this is the other error i get when am trying to acces the users file
Login as root and enter the next command
nano /usr/local/etc/raddb/users
or in case you don’t have nano editor, enter
vi /usr/local/etc/raddb/users
press i and add the line I mentioned above, press ESC and then write :wq! to exit from Vi editor and to save changes…
I posted here basic commands which you should know already… Especially if you want to work with FreeRadius…
thanks it worked am new in this whole thing just trying to fix or build a radius server out of great pressure. hope u understand
When i add user Cleartext-Password := “password” in users and ran radiusd -X i get this error
/etc/raddb/users[1]: Parse error (check) for entry user: Unknown attribute “Cleartext-Password”
Errors reading /etc/raddb/users
radiusd.conf[1059]: files: Module instantiation failed.
radiusd.conf[1837] Unknown module “files”.
radiusd.conf[1773] Failed to parse authorize section.
Pls help me
I am getting the problem as:
/usr/local/etc/raddb/users[204]: Parse error (check) for entry test: Expected end of line or comma
Errors reading /usr/local/etc/raddb/users
/usr/local/etc/raddb/modules/files[7]: Instantiation failed for module “files”
/usr/local/etc/raddb/sites-enabled/default[170]: Failed to load module “files”.
/usr/local/etc/raddb/sites-enabled/default[69]: Errors parsing authorize section.
Please help me..
when i run radius -X :
FreeRADIUS Version 2.1.12, for host i686-pc-linux-gnu, built on Oct 18 2011 at 05:50:23
Copyright (C) 1999-2009 The FreeRADIUS server project and contributors.
There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A
PARTICULAR PURPOSE.
You may redistribute copies of FreeRADIUS under the terms of the
GNU General Public License v2.
Starting – reading configuration files …
including configuration file /usr/local/etc/raddb/radiusd.conf
Unable to open file “/usr/local/etc/raddb/radiusd.conf”: Permission denied
Errors reading /usr/local/etc/raddb/radiusd.conf
root@binodshah-MS-7592:/home/binodshah# radtest user password 127.0.0.1 0 testing123
Sending Access-Request of id 35 to 127.0.0.1 port 1812
User-Name = “user”
User-Password = “password”
NAS-IP-Address = 127.0.0.1
NAS-Port = 0
Message-Authenticator = 0x00000000000000000000000000000000
Sending Access-Request of id 35 to 127.0.0.1 port 1812
User-Name = “user”
User-Password = “password”
NAS-IP-Address = 127.0.0.1
NAS-Port = 0
Message-Authenticator = 0x00000000000000000000000000000000
Sending Access-Request of id 35 to 127.0.0.1 port 1812
User-Name = “user”
User-Password = “password”
NAS-IP-Address = 127.0.0.1
NAS-Port = 0
Message-Authenticator = 0x00000000000000000000000000000000
radclient: no response from server for ID 35 socket 3
Please help me…… for successful running of RADIUS server
You didn’t install freeradius correctly. Get back to configure section and check the output…
Of course you need to be logged in as root during installation process…
Regarding this:
“When I start debug nothing error but when I use ” radtest user password 127.0.0.1 0 testing123″ it show radclient: no response from server for ID 97 socket 3. what wrong? how to fix it? plz I need your help”
You need to add name of your server to the hosts file. Even if you sending request to 127.0.0.1 Radius for some reason try to resolve this ip into your name.
Hi all,
I am at the end of my wits.
Same error as kps above…
When i add user Cleartext-Password := “password” in users and run radiusd -X i get this error
/etc/raddb/users[1]: Parse error (check) for entry user: Unknown attribute “Cleartext-Password”
Any help greatly appreciated
Dennis
Check dictionary files… (/usr/share/dictionary).
I forget to ask, what freeradius version you’re using ?
hi
when i enter this command “radtest testing password 127.0.0.1 testing123” , this error shows up : “radclient:: Failed to find IP address for … radclient: Nothing to send. ”
whats wrong ????
What do you have inside /etc/hosts ?
its really good explanation but i have a problem hope it simple
when i make radtest {# radtest user password 127.0.0.1 0 testing123 }
i get repealy from 127.0.0.1 but you get repleay from 192.168.1.10
why that changes ???
adding user {user Cleartext-Password := “password”}
you add user under what (freeradius user or user under system (i think it for freeradius) ) cuz i get error command not found
last thing should i install or config or do any thing before start installation
i am allready installed (php – phpmyadmin – apache server- mysql {lamp server})
thank you and soory for long question
i am soory
i read it again and i get my mistake but i still can not access after i added the test user
and what is the difference between /usr/local/etc/raddb/radiusd.conf and
/usr/local/etc/raddb/clients.conf
hi people
i have one problem .
when i run /etc/init.d/radiusd start , i take this error :
/etc/freeradius/raddb/modules/files[7]: Instantiation failed for module “files”
i see admin say “Check dictionary files… (/usr/share/dictionary).”
but how to check this dict ? and what i need to do for dict ?
Best regards 😉
I followed what is instructed on this blog, just need some help. Fairly new in Unix/Linux cli’s…
I have pasted this on the 1st line of the user file,
[root@localhost /]# vi /etc/raddb/users
testing Cleartext-Password := “password”
#
did :wq!
now I used this command:
[root@localhost /]# radtest testing password localhost 0 testing123
bash: radtest: command not found…
As you can see the radtest command is not found…
Can anyone shed some light on this?
I run the following command:
radtest testuser testpw localhost 0 testing123
and received Reject message.
I have added testuser Cleartext-Password := “testpw” as 1st line in users file and restarted FR. Still my request is not accepted by FR.
I tried changing my username and password. But its of no use.
Can you help me pls!
I am a beginner in this area.
I also want to know if FR supports IPv6 address and does it support TLS?
When I run radiusd -X it throws the following error.
auth: Failed to validate the user.
Login incorrect (rlm_pap: CLEAR TEXT password check failed): [testuser/testpw] (
st port 123)
And I am running freeradius on windows, not on Linux.
i have the same probleme please what’s solution please
Why windows? Since I never tested the Win/FR combination, I have no idea why you’re facing this problem and I can’t help you with it. You can always run Linux on virtual machine…