Aller au contenu
View in the app

A better way to browse. Learn more.

Next

A full-screen app on your home screen with push notifications, badges and more.

To install this app on iOS and iPadOS
  1. Tap the Share icon in Safari
  2. Scroll the menu and tap Add to Home Screen.
  3. Tap Add in the top-right corner.
To install this app on Android
  1. Tap the 3-dot menu (⋮) in the top-right corner of the browser.
  2. Tap Add to Home screen or Install app.
  3. Confirm by tapping Install.

Radius - Debian - Cisco

Featured Replies

Posté(e)

Bonjour,

Voici ma configuration:

Serveur Debian avec freeradius 2.1.12

- Mysql (users (MAC CLIENT) et bornes dans les tables radcheck et nas)

Borne Wifi Cisco WAP4410N

- WPA2 Entreprise

- 802.1X Supplicant activé

Pc portable (XP SP3)

- Certificats client et CA installés

Le problème :

Je n'arrive pas a avoir internet :(

En faisant un freeradius -X sur le serveur et en me connectant avec le portable, j'arrive bien a m'authentifier ([pap] user authenticated successfully) et aucun ERROR ou WARNING.

Dans les log CISCO:

J'ai toujours ça

Nov 10 10:39:56 kernel: [][MAC CLIENT] SUBTYPE_AUTH

Nov 10 10:39:56 kernel: [ciscosb][MAC CLIENT] Deauthenticated

Nov 10 10:39:56 kernel: [][MAC CLIENT] SUBTYPE_AUTH

Nov 10 10:39:56 kernel: [ciscosb][MAC CLIENT Deauthenticated

J'ai besoin d'aide pour faire fonctionner tout ça

Merci

Posté(e)

Qu'as-tu déclaré dans clients.conf ?

Si tu pouvais poster tes fichiers de conf ici, ça serait plus facile de t'aider.

Posté(e)
  • Auteur

ba il y a rien dans client.conf vu que j'utilise mysql.

mais dans la table radcheck, j'ai ajouter:

username | attribute | op | value

---------------------------------------------

test0 | User-Password | == | userpassword

@mac client |User-Password | == | @mac client

mais dans la table radcheck, j'ai ajouter:

nasname | shortname | secret

----------------------------

127.0.0.1 | localhost | secret_password

192.168.0.246 | ciscosb | secret_password

j'envoie les fichiers de conf.

merci

Posté(e)
  • Auteur

Voici mes fichiers de conf

##  eap.conf -- Configuration for EAP types (PEAP, TTLS, etc.)eap {	default_eap_type = tls	timer_expire     = 60	ignore_unknown_eap_types = no	cisco_accounting_username_bug = no	max_sessions = 4096	tls {		certdir = ${confdir}/certs		cadir = ${confdir}/certs		private_key_password = secret_password		private_key_file = ${certdir}/server@cert.pem		certificate_file = ${certdir}/server@cert.pem		CA_file = ${cadir}/root_CA-cacert.pem		dh_file = ${certdir}/dh		random_file = ${certdir}/random		check_crl = no		CA_path = ${cadir}/		cipher_list = "DEFAULT"		cache {	 		      lifetime = 24 # hours		      max_entries = 255		}	}}
## radiusd.conf	-- FreeRADIUS server configuration file.prefix = /usrexec_prefix = /usrsysconfdir = /etclocalstatedir = /varsbindir = ${exec_prefix}/sbinlogdir = /var/log/freeradiusraddbdir = /etc/freeradiusradacctdir = ${logdir}/radacctname = freeradiusconfdir = ${raddbdir}run_dir = ${localstatedir}/run/freeradiusdb_dir = ${raddbdir}libdir = /usr/lib/freeradiuspidfile = ${run_dir}/freeradius.piduser = freeradgroup = freeradmax_request_time = 30cleanup_delay = 5max_requests = 1024listen {type = authipaddr = *port = 0}listen {ipaddr = *port = 0type = acct}hostname_lookups = noallow_core_dumps = noregular_expressions	= yesextended_expressions	= yeslog {destination = filessyslog_facility = daemonstripped_names = yesauth = yesauth_badpass = yesauth_goodpass = yes}security {max_attributes = 200reject_delay = 1status_server = yes}proxy_requests  = yes$INCLUDE proxy.confthread pool {min_spare_servers = 3max_spare_servers = 10max_requests_per_server = 0}modules {$INCLUDE ${confdir}/modules/$INCLUDE eap.conf$INCLUDE sql.conf$INCLUDE sql/mysql/counter.conf}instantiate {execexprexpirationlogintime}$INCLUDE policy.conf$INCLUDE sites-enabled/
## sql.conf -- SQL modulessql {database = "mysql"driver = "rlm_sql_${database}"server = "localhost"login = "radius"radius_db = "radius"acct_table1 = "radacct"acct_table2 = "radacct"postauth_table = "radpostauth"authcheck_table = "radcheck"authreply_table = "radreply"groupcheck_table = "radgroupcheck"groupreply_table = "radgroupreply"usergroup_table = "radusergroup"deletestalesessions = yessqltrace = nosqltracefile = ${logdir}/sqltrace.sqlnum_sql_socks = 5connect_failure_retry_delay = 60lifetime = 0max_queries = 0readclients = yesnas_table = "nas"$INCLUDE sql/${database}/dialup.conf}
authorize {preprocesschapsuffixeap {	ok = return}sqlexpirationlogintime}authenticate {Auth-Type CHAP {	chap}Auth-Type MS-CHAP {	mschap}unixeap}preacct {preprocessacct_uniquesuffix}accounting {detailradutmpsqlsql_logexecattr_filter.accounting_response}session {radutmpsql}post-auth {sqlPost-Auth-Type REJECT {	sql	attr_filter.access_reject}}
Posté(e)

Tu as testé avec la commande radtest ?

Vérifie que tu as bien suivi les instructions pour les clients définis dans une base SQL :

      #  Clients can also be defined dynamically at run time, based     #  on any criteria.  e.g. SQL lookups, keying off of NAS-Identifier,     #  etc.     #  See raddb/sites-available/dynamic-clients for details.

source :http://wiki.freeradius.org/Clients.conf

Posté(e)
  • Auteur

oui et je n'ai pas d'erreur

rad_recv: Access-Accept packet from host 127.0.0.1 port 1812, id=80, lenght=20

Pour l'ajout des utilisateurs, j'ai suivis différents tutos.

Archivé

Ce sujet est désormais archivé et ne peut plus recevoir de nouvelles réponses.

Configure browser push notifications

Chrome (Android)
  1. Tap the lock icon next to the address bar.
  2. Tap Permissions → Notifications.
  3. Adjust your preference.
Chrome (Desktop)
  1. Click the padlock icon in the address bar.
  2. Select Site settings.
  3. Find Notifications and adjust your preference.