freeradius interview questions
Top freeradius frequently asked interview questions
I'm using MySql 5.5.
I need to find a userid on a date with a particular ip address.
The fields are userid, ipaddress, startdate, enddate.
So for instance I am looking for a userid with ip address 192.168.1.1 on Sep 12 2011.
the query would be similar
select * from database where ipaddress='192.168.1.1' and 2011-12-09 is in(startdate and enddate);
Any help to pointing out this logic flaw is welcome. Thank you.
Source: (StackOverflow)
I have two SSIDs (one for users, one for employees), and a FreeRADIUS server which authorises accounts to access the wireless networks. But the server is validating all the user accounts to access both SSIDs. I want user accounts to be unable to access the employee SSID, and vice versa. How do I set that up?
Source: (StackOverflow)
I'm looking for a solution in PHP Similar to the output of radcrypt.
I've looked into mcrypt and can't seem to figure out which cipher and setting i should use.
Mcrypt wants a salt to add to the encryption but radcrypt doesn't seem to have a salt.
Anyone knows what the cipher and/or settings of radcrypt are?
Source: (StackOverflow)
I am attempting to setup a freeradius service to allow authentication against a https api. And i have it working for most android devices, even my Mac book pro works. However when we attempt to use an iOS device (iPad, iPhone), the inner tunnel fails to get the User-Password field.
so the current setup is EAP -> TTLS -> custom auth
eap.conf ttls section
ttls {
default_eap_type = md5
copy_request_to_tunnel = yes
use_tunneled_reply = yes
virtual_server = "inner-tunnel"
}
inner-tunnel custom auth
authorize {
...
update control {
Auth-Type := `/usr/local/bin/admin_portal.py %{User-Name} '%{User-Password}' %{Calling-Station-Id}`,
Fall-Through = Yes
}
}
When I run in debug mode, I get the following output
expand: %{User-Name} -> user@somedomain.com
expand: '%{User-Password}' -> ''
expand: %{Calling-Station-Id} -> 01-23-45-67-89-ab
However, when i use a non iOS device, the password is populated.
Any help would be appreciated.
Thank you.
Source: (StackOverflow)
I am running openwrt on beagle bone black board. I am getting following error while running freeradius.
radiusd -X
rlm_eap: SSL error error:02001002:lib(2):func(1):reason(2)
rlm_eap_tls: Error reading certificate file /etc/freeradius2/certs/server.pem
rlm_eap: Failed to initialize type tls
/etc/freeradius2/eap.conf[17]: Instantiation failed for module "eap"
/etc/freeradius2/sites/default[312]: Failed to find "eap" in the "modules" section.
/etc/freeradius2/sites/default[254]: Errors parsing authenticate section.
when i checked there is no "cert" directory present in /etc/freeradius2/. Plz help
Source: (StackOverflow)
I want to develop a tool that uses the FreeRADIUS client library, however I am not able to find sufficient documentation for the API's and how to build the library from source.
I have installed RADIUS server on Ubuntu, I would like to test this with my own tool which should send Authentication request to server.
Kindly point to any good documentation to build tools using such library and to compile and install the library.
Source: (StackOverflow)
I just installed freeradius from tarbal version, freeradius-server-2.2.0.tar.gz.
comile and make install running well.i also can running radius -X to run on debug mode firstly.
Then i try to configure freeradius in order to can run using mysql database.
I configure authorizaion,accounting on sites-available/default, uncoment include sql on radiusd.conf and configure connection on sql.conf
Then i import schema to mysql database from schema.sql and nas.sql
Then when i try to running radiusd -X i got error like bellow :
Could not link driver rlm_sql_mysql: rlm_sql_mysql.so: cannot open shared object file: No such file or directory
Make sure it (and all its dependent libraries!) are in the search path of your system's ld.
/usr/local/etc/raddb/sql.conf[22]: Instantiation failed for module "sql"
/usr/local/etc/raddb/sites-enabled/default[177]: Failed to find "sql" in the "modules" section.
/usr/local/etc/raddb/sites-enabled/default[69]: Errors parsing authorize section.
Anyone could help me how to solve this ?
Thanks
Source: (StackOverflow)
i am trying to get mikrotik,freeradius and daloradius work together.
all this are working but for freeradius.
when i run '~$ sudo service freeradius restart' i get
'jazabilling@jazawifi:~$ sudo service freeradius restart
* Stopping FreeRADIUS daemon freeradius
* /var/run/freeradius/freeradius.pid not found... [ OK ]
* Starting FreeRADIUS daemon freeradius [fail]
i have tried 'jazabilling@jazawifi:~$ sudo apt-get purge freeradius'
but nothing .....so heeeelp!
Source: (StackOverflow)
Am trying to configure Single sign-on using FreeRadius.
Scenario:
I have a fully configured LDAP (389 DS) Version-2.1 with few users and groups (in CentOS6).
I have installed FreeRadius (latest stable version) (in CentOS 6).
Configured FreeRadius to listen the above LDAP server.
I have made a client system (CentOS6) as radius client using pam_radius module. Now, am able to login to NAS with the LDAP credentials and getting logs correctly in FreeRadius.
Now, I want to implement single sign-on in this setup since I want to added some other devices like Firewall(Sonicwall) to authenticate.
I couldn't find any good docs to configure this.
Can someone please suggest me how to configure Single sign-on in the above setup?
Source: (StackOverflow)
I want to send Login credentials to Mikrotik to authenticate user from android application
I have created a radius client for android application to authenticate user its working fine. but now what i want is that to send request to the mikrotik instead direct hitting the RADIUS server and then mikrotik will send data to radius server and and send response of the RADIUS server to the user.
So please tell where to find the API for this.
Source: (StackOverflow)
I have freeradius inside a docker container (in docker-machine on osx) that's sending a UDP packet on a particular port (1812). My logs inside the container show sending on 1812, but when I sniff the packet on the host (OSX) it's on some random UDP port.
Is there a way to control the outgoing port in docker-machine? ie -> container sends on 1812 also leaves the host on 1812.
Should I be using virtualbox port fowarding for this?
Source: (StackOverflow)
I used Zimbra for many year, and a few web application use Zimbra account via LDAP for authentication.
Now I have a new wireless and I want to use Zimbra for authentications. I installed one new machine (opensuse) with freeradius and testing it (this is my first freeradius installation).
From command line radtest (for LDAP username/password) return Access-Accept
For wireless I used Ubquiti Unifi controller 3.1.10. When I start controller I get error on freeradius side:
ERROR: No authenitcation method (Auth-Type) found for the request: Rejecting the user
But, I did not send any user from unifi controller. I entered only ip-address, port and client security code
OK, if I try to connect on wifi from my device, I get prompt for username/password, but on freeradius server I get error:
[mschap] No Cleartext-Password configured. Cannot create LM-Password.
[mschap] No Cleartext-Password configured. Cannot create NT-Password.
[mschap] Creating challenge hash with username: myusername
[mschap] Told to do MS-CHAPv2 for myusername with NT-Password
[mschap] FAILED: No NT/LM-Password. Cannot perform authentication.
[mschap] FAILED: MS-CHAP2-Response is incorrect
I tried to create certificate but without success. However, I only want to use Zimbra accounts, I do not need any certificate.
I tried to ask google for help, and read many documentation, but without success.
Source: (StackOverflow)
I faced with one issue, which I can't understand in Freeradius users file.
My goal is just authenticate external user "shad" with password "test".
I added line in /etc/raddb/users the following line:
shad Cleartext-Password == "test"
Result was Reject. If I change "==" operator to ":=" Authentication is successful.
So my question is the following:
Why I can't use "==" operator while FreeRadius documentation tells:
"Attribute == Value
As a check item, it matches if the named attribute is present in the request, AND has the given value."
And one more question.
In some resourses I faced with such lines:
shad Auth-Type := Local, User-Password == "test"
I tried and it doesn't work. Responce is Reject with log:
[pap] WARNING! No "known good" password found for the user. Authentication may fail because of this.
Thank you in advance.
Best Regards.
Source: (StackOverflow)
When I run the following command, I can get successfull result.
root@ubuntu:/home/can# radtest user password 127.0.0.1 1812 testing123
Sending Access-Request of id 78 to 127.0.0.1 port 1812
User-Name = "user"
User-Password = "password"
NAS-IP-Address = 127.0.1.1
NAS-Port = 1812
Message-Authenticator = 0x00000000000000000000000000000000
rad_recv: Access-Accept packet from host 127.0.0.1 port 1812, id=78, length=20
However When I run the "freeradius -X" , I get error message as following :
.....
Failed binding to authentication address * port 1812: Address already in use
/etc/freeradius/radiusd.conf[250]: Error binding to port for 0.0.0.0 port 1812
Please Help Me
Thank you for your efforts.
Can
Source: (StackOverflow)