Freeradius on Debian

All threads related to any flava of Linux or BSD.
Post Reply
User avatar
SilentDIGGER
Hacker in Training
Posts: 71
Joined: Sun Mar 27, 2005 12:26 pm

Freeradius on Debian

Post by SilentDIGGER » Mon Nov 30, 2009 8:00 am

Hi guys,
I recently tried to install freeradius on my debian system, and the installation went well, I used:

Code: Select all

#apt-get install freeradius freeradius-mysql
It said successfully installed, but when I do this:

Code: Select all

#freeradius -X
I get this(this is the full output):

Code: Select all

FreeRADIUS Version 2.0.4, for host i486-pc-linux-gnu, built on Sep  7 2008 at 23:35:34
Copyright (C) 1999-2008 The FreeRADIUS server project and contributors.
There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A
PARTICULAR PURPOSE.
You may redistribute copies of FreeRADIUS under the terms of the
GNU General Public License.
Starting - reading configuration files ...
including configuration file /etc/freeradius/radiusd.conf
including configuration file /etc/freeradius/proxy.conf
including configuration file /etc/freeradius/clients.conf
including configuration file /etc/freeradius/snmp.conf
including configuration file /etc/freeradius/eap.conf
including configuration file /etc/freeradius/sql.conf
including configuration file /etc/freeradius/sql/mysql/dialup.conf
including configuration file /etc/freeradius/policy.conf
including files in directory /etc/freeradius/sites-enabled/
including configuration file /etc/freeradius/sites-enabled/inner-tunnel
including configuration file /etc/freeradius/sites-enabled/default
including dictionary file /etc/freeradius/dictionary
main {
        prefix = "/usr"
        localstatedir = "/var"
        logdir = "/var/log/freeradius"
        libdir = "/usr/lib/freeradius"
        radacctdir = "/var/log/freeradius/radacct"
        hostname_lookups = no
        max_request_time = 30
        cleanup_delay = 5
        max_requests = 1024
        allow_core_dumps = no
        pidfile = "/var/run/freeradius/freeradius.pid"
        user = "freerad"
        group = "freerad"
        checkrad = "/usr/sbin/checkrad"
        debug_level = 0
        proxy_requests = yes
 security {
        max_attributes = 200
        reject_delay = 1
        status_server = yes
 }
}
 client localhost {
        ipaddr = 127.0.0.1
        require_message_authenticator = no
        secret = "testing123"
        nastype = "other"
 }
 client 99.57.246.165 {
        require_message_authenticator = no
        secret = "testing123"
        shortname = "test1"
 }
radiusd: #### Loading Realms and Home Servers ####
 proxy server {
        retry_delay = 5
        retry_count = 3
        default_fallback = no
        dead_time = 120
        wake_all_if_all_dead = no
 }
 home_server localhost {
        ipaddr = 127.0.0.1
        port = 1812
        type = "auth"
        secret = "testing123"
        response_window = 20
        max_outstanding = 65536
        zombie_period = 40
        status_check = "status-server"
        ping_check = "none"
        ping_interval = 30
        check_interval = 30
        num_answers_to_alive = 3
        num_pings_to_alive = 3
        revive_interval = 120
        status_check_timeout = 4
 }
 home_server_pool my_auth_failover {
        type = fail-over
        home_server = localhost
 }
 realm example.com {
        auth_pool = my_auth_failover
 }
 realm LOCAL {
 }
radiusd: #### Instantiating modules ####
 instantiate {
 Module: Linked to module rlm_exec
 Module: Instantiating exec
  exec {
        wait = yes
        input_pairs = "request"
        shell_escape = yes
  }
 Module: Linked to module rlm_expr
 Module: Instantiating expr
 Module: Linked to module rlm_expiration
 Module: Instantiating expiration
  expiration {
        reply-message = "Password Has Expired  "
  }
 Module: Linked to module rlm_logintime
 Module: Instantiating logintime
  logintime {
        reply-message = "You are calling outside your allowed timespan  "
        minimum-timeout = 60
  }
 }
radiusd: #### Loading Virtual Servers ####
server inner-tunnel {
 modules {
 Module: Checking authenticate {...} for more modules to load
 Module: Linked to module rlm_pap
 Module: Instantiating pap
  pap {
        encryption_scheme = "auto"
        auto_header = no
  }
 Module: Linked to module rlm_chap
 Module: Instantiating chap
 Module: Linked to module rlm_mschap
 Module: Instantiating mschap
  mschap {
        use_mppe = yes
        require_encryption = no
        require_strong = no
        with_ntdomain_hack = no
  }
 Module: Linked to module rlm_unix
 Module: Instantiating unix
  unix {
        radwtmp = "/var/log/freeradius/radwtmp"
  }
 Module: Linked to module rlm_eap
 Module: Instantiating eap
  eap {
        default_eap_type = "md5"
        timer_expire = 60
        ignore_unknown_eap_types = no
        cisco_accounting_username_bug = no
  }
 Module: Linked to sub-module rlm_eap_md5
 Module: Instantiating eap-md5
 Module: Linked to sub-module rlm_eap_leap
 Module: Instantiating eap-leap
 Module: Linked to sub-module rlm_eap_gtc
 Module: Instantiating eap-gtc
   gtc {
        challenge = "Password: "
        auth_type = "PAP"
   }
rlm_eap: Ignoring EAP-Type/tls because we do not have OpenSSL support.
rlm_eap: Ignoring EAP-Type/ttls because we do not have OpenSSL support.
rlm_eap: Ignoring EAP-Type/peap because we do not have OpenSSL support.
 Module: Linked to sub-module rlm_eap_mschapv2
 Module: Instantiating eap-mschapv2
   mschapv2 {
        with_ntdomain_hack = no
   }
 Module: Checking authorize {...} for more modules to load
 Module: Linked to module rlm_realm
 Module: Instantiating suffix
  realm suffix {
        format = "suffix"
        delimiter = "@"
        ignore_default = no
        ignore_null = no
  }
 Module: Linked to module rlm_files
 Module: Instantiating files
  files {
        usersfile = "/etc/freeradius/users"
        acctusersfile = "/etc/freeradius/acct_users"
        preproxy_usersfile = "/etc/freeradius/preproxy_users"
        compat = "no"
  }
 Module: Checking session {...} for more modules to load
 Module: Linked to module rlm_radutmp
 Module: Instantiating radutmp
  radutmp {
        filename = "/var/log/freeradius/radutmp"
        username = "%{User-Name}"
        case_sensitive = yes
        check_with_nas = yes
        perm = 384
        callerid = yes
  }
 Module: Checking post-proxy {...} for more modules to load
 Module: Checking post-auth {...} for more modules to load
 Module: Linked to module rlm_attr_filter
 Module: Instantiating attr_filter.access_reject
  attr_filter attr_filter.access_reject {
        attrsfile = "/etc/freeradius/attrs.access_reject"
        key = "%{User-Name}"
  }
 }
}
server {
 modules {
 Module: Checking authenticate {...} for more modules to load
 Module: Checking authorize {...} for more modules to load
 Module: Linked to module rlm_preprocess
 Module: Instantiating preprocess
  preprocess {
        huntgroups = "/etc/freeradius/huntgroups"
        hints = "/etc/freeradius/hints"
        with_ascend_hack = no
        ascend_channels_per_line = 23
        with_ntdomain_hack = no
        with_specialix_jetstream_hack = no
        with_cisco_vsa_hack = no
        with_alvarion_vsa_hack = no
  }
 Module: Checking preacct {...} for more modules to load
 Module: Linked to module rlm_acct_unique
 Module: Instantiating acct_unique
  acct_unique {
        key = "User-Name, Acct-Session-Id, NAS-IP-Address, Client-IP-Address, NAS-Port"
  }
 Module: Checking accounting {...} for more modules to load
 Module: Linked to module rlm_detail
 Module: Instantiating detail
  detail {
        detailfile = "/var/log/freeradius/radacct/%{Client-IP-Address}/detail-%Y%m%d"
        header = "%t"
        detailperm = 384
        dirperm = 493
        locking = no
        log_packet_header = no
  }
 Module: Instantiating attr_filter.accounting_response
  attr_filter attr_filter.accounting_response {
        attrsfile = "/etc/freeradius/attrs.accounting_response"
        key = "%{User-Name}"
  }
 Module: Checking session {...} for more modules to load
 Module: Checking post-proxy {...} for more modules to load
 Module: Checking post-auth {...} for more modules to load
 }
}
radiusd: #### Opening IP addresses and Ports ####
listen {
        type = "auth"
        ipaddr = my.ip.add.ress
        port = 1812
ERROR: Failed to open socket: cannot bind socket: Address already in use
/etc/freeradius/radiusd.conf[210]: Error binding to port for my.ip.add.ress port 1812

This is with default configuration, the my.ip.add.ress is my ip address and I have installed and started mysql service before installing freeradius, so what else is there to do, I mean I googled around and I found some solutions that worked for the posters, but not for me?

Please help me out :)
Hack to learn and create, not to destroy and hate.

User avatar
SilentDIGGER
Hacker in Training
Posts: 71
Joined: Sun Mar 27, 2005 12:26 pm

Re: Freeradius on Debian

Post by SilentDIGGER » Mon Nov 30, 2009 8:21 am

Sorry guys, I fixed it, it was just that freeradius was running already and magical:

Code: Select all

#killall freeradius
Solved the problem.

Thanks either way.

p.s.
This is probably third or fourth time that I'm asking for help here and I don't get any, but somehow I figure it out on my own. Hackerthreads is my muse :mrgreen:
Hack to learn and create, not to destroy and hate.

User avatar
Aiden
Administrator
Posts: 1080
Joined: Tue Oct 31, 2006 11:11 pm
Location: /usr/bin/perl

Re: Freeradius on Debian

Post by Aiden » Mon Nov 30, 2009 11:52 am

If it makes you feel any better, every time I have a question or idea, I explain it to an idiot on MSN and I always figure it out as I'm asking the question or giving them the background information :lol:
"When it takes forever to learn all the rules, no time is left for breaking them."

clueless
Hacker in Training
Posts: 70
Joined: Thu Apr 16, 2009 6:26 pm

Re: Freeradius on Debian

Post by clueless » Mon Nov 30, 2009 11:59 am

drusepth wrote:If it makes you feel any better, every time I have a question or idea, I explain it to an idiot on MSN and I always figure it out as I'm asking the question or giving them the background information :lol:
Haha that's aweso-- Hey, wait a minute... :(

To SilentDIGGER: I think debian adds a start-up script for the service in /etc/init.d
You can properly start, restart and stop it by running:

Code: Select all

/etc/init.d/scriptname start
/etc/init.d/scriptname restart
/etc/init.d/scriptname stop

User avatar
Cool_Fire
Not a sandwich
Posts: 1888
Joined: Fri May 09, 2003 1:20 pm
Location: 41 6d 73 74 65 72 64 61 6d
Contact:

Re: Freeradius on Debian

Post by Cool_Fire » Tue Dec 01, 2009 8:43 am

Actually, that'd be pretty sweet. I've never looked into radius before, but might give it a shot now.
If we're breaking the rules, then how come you can't catch us? You can't find us? I know why. Cause, it's ... MAGIC!
Hackerthreads chat, where the party is going 24/7.

dave_magu
n00b
Posts: 1
Joined: Wed Jan 27, 2010 4:26 am

Re: Freeradius on Debian

Post by dave_magu » Wed Jan 27, 2010 4:37 am

Hello,

did anybody fixed this problem ?

I got same shit if i want to restart my freeradius.

I try it under Linux version 2.6.31-14-generic (buildd@crested) (gcc version 4.4.1 (Ubuntu 4.4.1-4ubuntu8) ) #48-Ubuntu SMP Fri Oct 16 14:05:01 UTC 2009

Code: Select all

/etc/init.d/freeradius restart
 * Stopping FreeRADIUS daemon freeradius                                        
start-stop-daemon: warning: failed to kill 2479: No such process
                                                                         [ OK ]
 * Starting FreeRADIUS daemon freeradius                                 [ OK ]

Code: Select all

Failed binding to socket: Address already in use 
/etc/freeradius/radiusd.conf[302]: Error binding to port for 0.0.0.0 port 1812

Code: Select all

[netstat -unpl                                            
Aktive Internetverbindungen (Nur Server)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name
udp        0      0 0.0.0.0:5353            0.0.0.0:*                           1113/avahi-daemon: 
udp        0      0 0.0.0.0:60153           0.0.0.0:*                           1113/avahi-daemon: 
udp        0      0 0.0.0.0:10000           0.0.0.0:*                           1819/perl   /code]


[code] lsof  | grep LISTEN                                  
sshd      1281       root    3u     IPv4               5352       0t0        TCP *:ssh (LISTEN)
sshd      1281       root    4u     IPv6               5354       0t0        TCP *:ssh (LISTEN)
mysqld    1438      mysql   10u     IPv4               5548       0t0        TCP localhost:mysql (LISTEN)
cupsd     1566       root    6u     IPv6               6119       0t0        TCP localhost:ipp (LISTEN)
cupsd     1566       root    7u     IPv4               6120       0t0        TCP localhost:ipp (LISTEN)
apache2   1705       root    3u     IPv4               6275       0t0        TCP *:www (LISTEN)
apache2   1705       root    4u     IPv4               6277       0t0        TCP *:https (LISTEN)
apache2   1762   www-data    3u     IPv4               6275       0t0        TCP *:www (LISTEN)
apache2   1762   www-data    4u     IPv4               6277       0t0        TCP *:https (LISTEN)
apache2   1763   www-data    3u     IPv4               6275       0t0        TCP *:www (LISTEN)
apache2   1763   www-data    4u     IPv4               6277       0t0        TCP *:https (LISTEN)
apache2   1764   www-data    3u     IPv4               6275       0t0        TCP *:www (LISTEN)
apache2   1764   www-data    4u     IPv4               6277       0t0        TCP *:https (LISTEN)
apache2   1765   www-data    3u     IPv4               6275       0t0        TCP *:www (LISTEN)
apache2   1765   www-data    4u     IPv4               6277       0t0        TCP *:https (LISTEN)
apache2   1766   www-data    3u     IPv4               6275       0t0        TCP *:www (LISTEN)
apache2   1766   www-data    4u     IPv4               6277       0t0        TCP *:https (LISTEN)
miniserv. 1819       root    5u     IPv4               6524       0t0        TCP *:webmin (LISTEN)
sshd      1898         nx    9u     IPv6               6726       0t0        TCP localhost:6010 (LISTEN)
sshd      1898         nx   10u     IPv4               6727       0t0        TCP localhost:6010 (LISTEN)
nxagent   2228  adminmagu    0u     IPv6               7611       0t0        TCP *:7013 (LISTEN)
nxagent   2228  adminmagu    1u     IPv4               7612       0t0        TCP *:7013 (LISTEN)

Where is radius listen ?


trying to connect to radius DB, but nothing happens!

I was able to connect before i did a reboot of my machine!

Code: Select all

radtest testsql passwordsql 127.0.0.1 1812 testing123        
Sending Access-Request of id 82 to 127.0.0.1 port 1812
 User-Name = "testsql"
 User-Password = "passwordsql"
 NAS-IP-Address = 127.0.1.1
 NAS-Port = 1812
Sending Access-Request of id 82 to 127.0.0.1 port 1812
 User-Name = "testsql"
 User-Password = "passwordsql"
 NAS-IP-Address = 127.0.1.1
 NAS-Port = 1812


Whats happend? Can anybody help me, plz!?

Post Reply