Follow us on...
Follow us on G+ Follow us on Twitter Follow us on Facebook Watch us on YouTube
Register
Results 1 to 7 of 7
  1. #1
    Status
    Offline
    Akangage's Avatar
    Administrator
    Join Date
    Aug 2007
    Location
    Daerah Khusus Ibukota Jakarta, Indonesia
    Posts
    4,188
    Reviews
    Read 0 Reviews
    Downloads
    210
    Uploads
    87
    Feedback Score
    0

    MikroTik EAP-TLS dengan Freeradius

    Berhubung kebetulan lagi ada case dengan EAP-TLS di customer jadi sekalian share cara setup-nya. Perlengkapan yang di butuhkan
    Informasi

    1. MikroTik embeded Wireless atau yang menggunakan card juga bisa
    2. Linux any distro, yang saya gunakan adalah ubuntu 12.04 server LTS
    3. Freeradius + daloradius
    4. EASY-RSA 2.2.2, bisa download di official -nya.
    5. Saya asumsikan anda sudah tahu cara setup wireless di MikroTik.

    Click here to enlarge


    Informasi

    IP address wireless client -- 192.168.20.0/24
    IP address RADIUS -- 192.168.8.10/24
    IP address Access Point -- 192.168.8.9/24
    Click here to enlarge


    NOTE
    >_
    sudo apt-get install mysql-client mysql-server freeradius freeradius-utils freeradius-mysql php5-common php5-gd php-pear php-db libapache2-mod-php5 php5-mysql php5-mcrypt apache2 phpmyadmin


    Yang saya lakukan menggunakan simple password, user : root password : admin123
    Jika waktu instalasi anda di tawari user dan password bebas saja, hanya saja karena testing jadi menggunakan seperti itu.

    Jika sudah selesai instalasi semua, masuk ke MySQL
    >_
    mysql -u root -p
    Enter password:
    Welcome to the MySQL monitor. Commands end with ; or \g.
    Your MySQL connection id is 51
    Server version: 5.5.24-0ubuntu0.12.04.1 (Ubuntu)

    Copyright (c) 2000, 2011, Oracle and/or its affiliates. All rights reserved.

    Oracle is a registered trademark of Oracle Corporation and/or its
    affiliates. Other names may be trademarks of their respective
    owners.

    Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.

    mysql> create database radius;
    Query OK, 0 rows affected (0.00 sec)

    Setelah di sukses membuat database, saat-nya kita meng-import sql skema milik freeradius
    >_
    mysql -u root -p radius < /etc/freeradius/sql/mysql/schema.sql

    Kemudian import sql untuk nas milik freeradius
    >_
    mysql -u root -p radius < /etc/freeradius/sql/mysql/nas.sql

    Sudah selesai semua dan lancar tiada masalah, saat-nya kita mencoba mengakses menggunakan user dan password :o
    >_
    nano /etc/freeradius/users

    Tambahkan di paling bawah paling enak, kosongnya panjang :hammer:
    >_
    root Cleartext-password := "admin123"

    Untuk keluar dan menyimpan "ctrl+x" setelah itu kita restart service freeradius-nya
    >_
    root@out-standing:/home/akangage# /etc/init.d/freeradius restart
    * Stopping FreeRADIUS daemon freeradius [ OK ]
    * Starting FreeRADIUS daemon freeradius [ OK ]

    Kita coba masukan user dan password yang sudah di buat barusan
    >_
    radtest root admin123 localhost 1812 testing123

    Jika sukses maka akan muncul informarsi Access-Accept
    >_
    Sending Access-Request of id 233 to 127.0.0.1 port 1812 User-Name = "root"
    User-Password = "admin123"
    NAS-IP-Address = 127.0.1.1
    NAS-Port = 1812
    Message-Authenticator = 0x00000000000000000000000000000000
    rad_recv: Access-Accept packet from host 127.0.0.1 port 1812, id=233, length=20

    Sukses membuat akses freeradius, sekarang saat-nya dari radius ke MySQL
    >_
    mysql -u root -p
    Enter password:
    Welcome to the MySQL monitor. Commands end with ; or \g.
    Your MySQL connection id is 72
    Server version: 5.5.24-0ubuntu0.12.04.1 (Ubuntu)

    Copyright (c) 2000, 2011, Oracle and/or its affiliates. All rights reserved.

    Oracle is a registered trademark of Oracle Corporation and/or its
    affiliates. Other names may be trademarks of their respective
    owners.

    Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.

    mysql> use radius;
    Reading table information for completion of table and column names
    You can turn off this feature to get a quicker startup with -A

    Database changed
    mysql> INSERT INTO radcheck (UserName, Attribute, Value) VALUES ('akangage', 'Password', 'tes123');
    Query OK, 1 row affected (0.04 sec)

    mysql> exit
    Bye

    Sekarang kita edit credential freeradius terhadap SQL
    >_
    /etc/freeradius/sql.conf

    database=mysql
    login=root
    password=admin123

    Serta lepas tanda pagar pada "readclient = yes"

    Mari kita coba lagi bisa atau tidak login
    >_
    Sending Access-Request of id 233 to 127.0.0.1 port 1812 User-Name = "akangage"
    User-Password = "tes123"
    NAS-IP-Address = 127.0.1.1
    NAS-Port = 1812
    Message-Authenticator = 0x00000000000000000000000000000000
    rad_recv: Access-Accept packet from host 127.0.0.1 port 1812, id=233, length=20

    OK, bisa konek berarti sejauh ini lancar jaya :Peace:

    Sekarang kita edit untuk SQL bekerja atas freeradius
    >_
    nano /etc/freeradius/sites-enabled/default

    Buang tanda pagar pada sql, sebelumnya
    >_
    # See “Authorization Queries” in sql.conf
    # sql

    # See “Accounting queries” in sql.conf
    # sql

    # See “Simultaneous Use Checking Queries” in sql.conf
    # sql

    # See “Authentication Logging Queries” in sql.conf
    # sql

    Menjadi :
    >_
    # See “Authorization Queries” in sql.conf
    sql

    # See “Accounting queries” in sql.conf
    sql

    # See “Simultaneous Use Checking Queries” in sql.conf
    sql

    # See “Authentication Logging Queries” in sql.conf
    sql

    Berikutnya kita edit
    >_
    nano /etc/freeradius/radiusd.conf

    Rubahlah sebelumnya (jika)
    >_
    # $INCLUDE sql.conf

    Menjadi
    >_
    $INCLUDE sql.conf


    Biar support via MySQL untuk menyimpan data, kita edit dulu yang ini
    >_
    nano /etc/freeradius/sites-enabled/inner-tunnel

    Buang tanda pagar pada sql, sebelumnya
    >_
    # See “Authorization Queries” in sql.conf
    # sql

    # See “Authentication Logging Queries” in sql.conf
    # sql

    Menjadi :
    >_
    # See “Authorization Queries” in sql.conf
    sql

    # See “Authentication Logging Queries” in sql.conf
    sql


    Saat-nya memasukan informasi MikroTik :linux2: akhirnya....
    >_
    nano /etc/freeradius/clients.conf

    Masukan informasi ini di paling bawah saja, agak longar soalnya :genit:
    >_
    client 192.168.8.195 {
    secret=Admin123
    shortname=routeros
    nastype=mikrotik
    }


    Biar lebih mudah ga repot setting di client eq. Smartphone
    >_
    nano /etc/freeradius/modules/mschap


    Buang tanda pagarnya dan di aktifkan semua
    >_
    use_mppe = yes
    require_encryption = yes
    require_strong = yes
    with_ntdomain_hack = yes


    Refresh library-nya
    >_
    ldconfig


    Mari kita tambakan library document MikorTik pada freeradius
    >_
    nano /etc/freeradius/dictionary

    Tambahkan ini di paling bawah lagi :wowcantik
    >_
    $INCLUDE /usr/share/freeradius/dictionary.mikrotik

    Setelah di simpan, mari kita restart
    >_
    root@out-standing:/home/akangage# /etc/init.d/freeradius restart
    * Stopping FreeRADIUS daemon freeradius [ OK ]
    * Starting FreeRADIUS daemon freeradius [ OK ]

    Click here to enlarge


    Sekarang kita bantu dengan GUI untuk freeradius dengan , mayan jadi agak mudah ngak buka teks lagi :hammer:
    NOTE
    Kita sedot dulu daloradiusnya bos
    >_
    wget http://downloads.sourceforge.net/project/daloradius/daloradius/daloradius0.9-9/daloradius-0.9-9.tar.gz?r=http%3A%2F%2Fsourceforge.net%2Fprojects%2Fdaloradius%2F&ts=1361864084&use_mirror=nchc

    Mari kita operasikan tar.gz-nya
    >_
    tar xvfz daloradius-0.9-9.tar.gz

    Lalu kita rubah menjadi bahasa manusia
    >_
    mv daloradius-0.9-9 daloradius

    Kemudian kita pindahkan ke www agar bisa di akses via web browser
    >_
    mv daloradius /var/www

    Jangan lupa di chown jika ada beberapa yang mengganggu.

    Sekarang kita update database freeradius dengan daloradius, kita menuju folder dimana DB daloradius di simpan
    >_
    cd /var/www/daloradius/contrib/db

    Kemudian kita improt
    >_
    mysql -u root -p radius < mysql-daloradius.sql

    Jangan lupa kita rubah dulu password DB di daloradius bisa konak sama freeradius
    >_
    nano /var/www/daloradius/library/daloradius.conf.php

    Rubah password DB menjadi :
    >_
    $configValues['CONFIG_DB_PASS'] = 'admin123';

    Click here to enlarge

    Ahaaa...... nongol dah daloradiusnya dengan input di browser

    Setelah Daloradius dapat di akses, yuk kita set user dan password untuk client dan setup NAS untuk MikroTik di bagian tab Management.
    Management --> User --> New user (Untuk menambahkan user baru)
    Management --> Nas --> New NAS (Untuk menambahkan nas baru)

    Sekarang MENU UTAMA-nya untuk EAP-TLS
    1. Kita generate sertifikat menggunakan EASY-RSA v2, copy-kan easy-rsa ke linux menggunakan winscp ke home atau ke root juga bisa, sample menggunakan home user.
    2. Langsung menuju ke direktori-nya
      >_
      cd /akangage/easy-rsa
    3. Kita edit dokumen "vars"-nya menjadi seperti ini
      >_
      # easy-rsa parameter settings
      # NOTE: If you installed from an RPM,
      # don't edit this file in place in
      # /usr/share/openvpn/easy-rsa --
      # instead, you should copy the whole
      # easy-rsa directory to another location
      # (such as /etc/openvpn) so that your
      # edits will not be wiped out by a future
      # OpenVPN package upgrade.

      # This variable should point to
      # the top level of the easy-rsa
      # tree.
      export EASY_RSA="`pwd`"

      #
      # This variable should point to
      # the requested executables
      #
      export OPENSSL="openssl"
      export PKCS11TOOL="pkcs11-tool"
      export GREP="grep"

      # This variable should point to
      # the openssl.cnf file included
      # with easy-rsa.
      export KEY_CONFIG=`$EASY_RSA/whichopensslcnf $EASY_RSA`

      # Edit this variable to point to
      # your soon-to-be-created key
      # directory.
      #
      # WARNING: clean-all will do
      # a rm -rf on this directory
      # so make sure you define
      # it correctly!
      export KEY_DIR="$EASY_RSA/keys"

      # Issue rm -rf warning
      echo NOTE: If you run ./clean-all, I will be doing a rm -rf on $KEY_DIR

      # PKCS11 fixes
      export PKCS11_MODULE_PATH="dummy"
      export PKCS11_PIN="dummy"

      # Increase this to 2048 if you
      # are paranoid. This will slow
      # down TLS negotiation performance
      # as well as the one-time DH parms
      # generation process.
      export KEY_SIZE=2048

      # In how many days should the root CA key expire?
      export CA_EXPIRE=3650

      # In how many days should certificates expire?
      export KEY_EXPIRE=3650

      # These are the default values for fields
      # which will be placed in the certificate.
      # Don't leave any of these fields blank.
      export KEY_COUNTRY="ID"
      export KEY_PROVINCE="DKI Jakarta"
      export KEY_CITY="Jakarta Utara"
      export KEY_ORG="Logicode"
      export KEY_EMAIL="support@*********.co.id"
      #export KEY_OU="Support"

      # X509 Subject Field
      #export KEY_NAME="EasyRSA"

      # PKCS11 Smart Card
      export PKCS11_MODULE_PATH="changeme"
      export PKCS11_PIN=1234

      # If you'd like to sign all keys with the same Common Name, uncomment the KEY_CN export below
      # You will also need to make sure your OpenVPN server config has the duplicate-cn option set
      # export KEY_CN="CommonName"
    4. Jalankan perintah ini untuk generate sertifikat-nya.
      >_
      source ./vars./clean-all
      ./pkitool --initca
      ./pkitool --server radius
      ./pkitool --pkcs12 iphone4s
      ./pkitool --pkcs12 android
    5. Jika gagal menjalankan perintah tersebut di atas bisa di ubah
      >_
      chmod 774 vars chmod 774 clean-all
      chmod 774 pkitools
    6. Kita copy-kan sertifikat-nya
      >_
      cp /akangage/easy-rsa/keys/ca.crt /etc/freeradius/certs/ca.crt cp /akangage/easy-rsa/keys/radius.crt /etc/freeradius/certs/radius.crt
      cp /akangage/easy-rsa/keys/radius.key /etc/freeradius/certs/radius.key
    7. Semua hasil generate sertifikat ada di folder
      >_
      /akangage/easy-rsa/keys/


    Setelah sertifikat sukses di generate, saat-nya kita set freeradius default ke EAP-TLS, ubah eap.conf seperti gambar di bawah.
    >_
    nano /etc/freeradius/eap.conf



    Setelah sukses edit eap.conf, matikan freeradius
    >_
    service freeradius stop

    Kemudian kita jalankan debug
    >_
    freeradius -X


    Install P12 sertifikat untuk iPhone dan Android, dan setup Wireless-nya menggunakan EAP-TLS, jika OK, maka akan "Connected", berikut debug EAP-TLS
    >_
    +- entering group authorize {...}++[preprocess] returns ok
    ++[chap] returns noop
    ++[mschap] returns noop
    ++[digest] returns noop
    [suffix] No '@' in User-Name = "dwi", looking up realm NULL
    [suffix] No such realm "NULL"
    ++[suffix] returns noop
    [eap] EAP packet type response id 4 length 253
    [eap] No EAP Start, assuming it's an on-going EAP conversation
    ++[eap] returns updated
    ++[files] returns noop
    [sql] expand: %{User-Name} -> dwi
    [sql] sql_set_user escaped user --> 'dwi'
    rlm_sql (sql): Reserving sql socket id: 4
    [sql] expand: SELECT id, username, attribute, value, op FROM radcheck WHERE username = '%{SQL-User-Name}' ORDER BY id -> SELECT id, username, attribute, value, op FROM radcheck WHERE username = 'dwi' ORDER BY id
    [sql] User found in radcheck table
    [sql] expand: SELECT id, username, attribute, value, op FROM radreply WHERE username = '%{SQL-User-Name}' ORDER BY id -> SELECT id, username, attribute, value, op FROM radreply WHERE username = 'dwi' ORDER BY id
    [sql] expand: SELECT groupname FROM radusergroup WHERE username = '%{SQL-User-Name}' ORDER BY priority -> SELECT groupname FROM radusergroup WHERE username = 'dwi' ORDER BY priority
    rlm_sql (sql): Released sql socket id: 4
    ++[sql] returns ok
    ++[expiration] returns noop
    ++[logintime] returns noop
    [pap] WARNING: Auth-Type already set. Not setting to PAP
    ++[pap] returns noop
    Found Auth-Type = EAP
    # Executing group from file /etc/freeradius/sites-enabled/default
    +- entering group authenticate {...}
    [eap] Request found, released from the list
    [eap] EAP/tls
    [eap] processing type tls
    [tls] Authenticate
    [tls] processing EAP-TLS
    TLS Length 1818
    [tls] Received EAP-TLS First Fragment of the message
    [tls] eaptls_verify returned 9
    [tls] eaptls_process returned 13
    ++[eap] returns handled
    Sending Access-Challenge of id 141 to 118.137.64.118 port 39892
    EAP-Message = 0x010500060d00
    Message-Authenticator = 0x00000000000000000000000000000000
    State = 0x7d63d9b57966d4c269b19db8008fcfd1
    Finished request 4.
    Going to the next request
    Waking up in 2.2 seconds.
    rad_recv: Access-Request packet from host 118.137.64.118 port 47203, id=142, length=722
    Service-Type = Framed-User
    Framed-MTU = 1400
    User-Name = "dwi"
    State = 0x7d63d9b57966d4c269b19db8008fcfd1
    NAS-Port-Id = "wlan3"
    NAS-Port-Type = Wireless-802.11
    Calling-Station-Id = "18-20-32-74-75-95"
    Called-Station-Id = "02-0C-42-62-C5-3A:HomEnterprise"
    EAP-Message = 0x0205022e0d00c9c60bd1c7b47484fb6daef453e75b84d89acc5c1b53721fc4ffb34ba22e45e291451300c1bc051c85faa5c7ce7e86277c89102adbf2988322dba9d92fe08572774a0c9f6e56185671401508d7d92259a5753f4e21a011ffcc95d560500d316d64e93e015947dbf54391a60894d78f336ba47efa95dd13fdb38ec3b6305e9d5a63bf2cc26b11d2d9a5b0795ed4764548c85c9a97e62413086f30a49e6776ea5dcd3d5890d08fba81b7330f8ea6f1e9719e752af9be4dd3dcf51e00b8448487f21e0e45925fd6dd59e1f944a00dd623d32cd99f6c2738a6deec930c6f47ae07a4d82816030101060f00010201006b589819164cadda2ce7
    EAP-Message = 0x8eb6972dc2111104914c6fff257313ec3f0000cff57e66c722eb07607db7d85d1a2e584f9eec7b6dcd3fbf32227693c1dd4500e6c836218db3569b1245680e9102c10821bf96cb68a28f74dbd40cf39aa7e6b5e3e87a1766135b6112925e9c2e4aade3b3cf2ca2dd548934fd2e435a5761d2c95c523dabd123f45c459b324b0d619ec607326450c8b9f40fe9df1a17fe55b2791172c9b2146652b94623c1c01d3dfdebb6041f3741da61f16df117ac98aba3075d4740a8147d5d225e1debb33a70da48a7605439e24555bbd21d21b3147c9b8667ca9d9ea79833a229a31ccebf2e0005e084cfe681ed4f07818f865c20495a84dbba1614030100010116
    EAP-Message = 0x03010030e9092c8f52941fa26f174fc4a5ed28c38494808572019146fb66777fccee825c575760d0d2bddec67b19390f5170723a
    Message-Authenticator = 0x4048cb0a2e4a1fe7f2751e4e082a0af6
    NAS-Identifier = "HOME-Fastnet"
    NAS-IP-Address = 118.137.64.118
    # Executing section authorize from file /etc/freeradius/sites-enabled/default
    +- entering group authorize {...}
    ++[preprocess] returns ok
    ++[chap] returns noop
    ++[mschap] returns noop
    ++[digest] returns noop
    [suffix] No '@' in User-Name = "dwi", looking up realm NULL
    [suffix] No such realm "NULL"
    ++[suffix] returns noop
    [eap] EAP packet type response id 5 length 253
    [eap] No EAP Start, assuming it's an on-going EAP conversation
    ++[eap] returns updated
    ++[files] returns noop
    [sql] expand: %{User-Name} -> dwi
    [sql] sql_set_user escaped user --> 'dwi'
    rlm_sql (sql): Reserving sql socket id: 3
    [sql] expand: SELECT id, username, attribute, value, op FROM radcheck WHERE username = '%{SQL-User-Name}' ORDER BY id -> SELECT id, username, attribute, value, op FROM radcheck WHERE username = 'dwi' ORDER BY id
    [sql] User found in radcheck table
    [sql] expand: SELECT id, username, attribute, value, op FROM radreply WHERE username = '%{SQL-User-Name}' ORDER BY id -> SELECT id, username, attribute, value, op FROM radreply WHERE username = 'dwi' ORDER BY id
    [sql] expand: SELECT groupname FROM radusergroup WHERE username = '%{SQL-User-Name}' ORDER BY priority -> SELECT groupname FROM radusergroup WHERE username = 'dwi' ORDER BY priority
    rlm_sql (sql): Released sql socket id: 3
    ++[sql] returns ok
    ++[expiration] returns noop
    ++[logintime] returns noop
    [pap] WARNING: Auth-Type already set. Not setting to PAP
    ++[pap] returns noop
    Found Auth-Type = EAP
    # Executing group from file /etc/freeradius/sites-enabled/default
    +- entering group authenticate {...}
    [eap] Request found, released from the list
    [eap] EAP/tls
    [eap] processing type tls
    [tls] Authenticate
    [tls] processing EAP-TLS
    [tls] eaptls_verify returned 7
    [tls] Done initial handshake
    [tls] <<< TLS 1.0 Handshake [length 04c4], Certificate
    [tls] chain-depth=1,
    [tls] error=0
    [tls] --> User-Name = dwi
    [tls] --> BUF-Name = Logicode CA
    [tls] --> subject = /C=ID/ST=DKI/L=Jakarta Utara/O=Logicode/CN=Logicode CA/emailAddress=support@logicode.co.id
    [tls] --> issuer = /C=ID/ST=DKI/L=Jakarta Utara/O=Logicode/CN=Logicode CA/emailAddress=support@logicode.co.id
    [tls] --> verify return:1
    [tls] chain-depth=0,
    [tls] error=0
    [tls] --> User-Name = dwi
    [tls] --> BUF-Name = dwi
    [tls] --> subject = /C=ID/ST=DKI/L=Jakarta Utara/O=Logicode/CN=dwi/emailAddress=support@logicode.co.id
    [tls] --> issuer = /C=ID/ST=DKI/L=Jakarta Utara/O=Logicode/CN=Logicode CA/emailAddress=support@logicode.co.id
    [tls] --> verify return:1
    [tls] TLS_accept: SSLv3 read client certificate A
    [tls] <<< TLS 1.0 Handshake [length 0106], ClientKeyExchange
    [tls] TLS_accept: SSLv3 read client key exchange A
    [tls] <<< TLS 1.0 Handshake [length 0106], CertificateVerify
    [tls] TLS_accept: SSLv3 read certificate verify A
    [tls] <<< TLS 1.0 ChangeCipherSpec [length 0001]
    [tls] <<< TLS 1.0 Handshake [length 0010], Finished
    [tls] TLS_accept: SSLv3 read finished A
    [tls] >>> TLS 1.0 ChangeCipherSpec [length 0001]
    [tls] TLS_accept: SSLv3 write change cipher spec A
    [tls] >>> TLS 1.0 Handshake [length 0010], Finished
    [tls] TLS_accept: SSLv3 write finished A
    [tls] TLS_accept: SSLv3 flush data
    [tls] (other): SSL negotiation finished successfully
    SSL Connection Established
    [tls] eaptls_process returned 13
    ++[eap] returns handled
    Sending Access-Challenge of id 142 to 118.137.64.118 port 47203
    EAP-Message = 0x010600450d800000003b140301000101160301003040eb0f63daca5efb5b1695377fe3618cf8325b4be48a465a89b23ac0a145ff2db58673b0b61f4b27c01212fac3fd9420
    Message-Authenticator = 0x00000000000000000000000000000000
    State = 0x7d63d9b57865d4c269b19db8008fcfd1
    Finished request 5.
    Going to the next request
    Waking up in 1.8 seconds.
    rad_recv: Access-Request packet from host 118.137.64.118 port 53692, id=143, length=166
    Service-Type = Framed-User
    Framed-MTU = 1400
    User-Name = "dwi"
    State = 0x7d63d9b57865d4c269b19db8008fcfd1
    NAS-Port-Id = "wlan3"
    NAS-Port-Type = Wireless-802.11
    Calling-Station-Id = "18-20-32-74-75-95"
    Called-Station-Id = "02-0C-42-62-C5-3A:HomEnterprise"
    EAP-Message = 0x020600060d00
    Message-Authenticator = 0xe5df1734bad644965e67a253d689dfb7
    NAS-Identifier = "HOME-Fastnet"
    NAS-IP-Address = 118.137.64.118
    # Executing section authorize from file /etc/freeradius/sites-enabled/default
    +- entering group authorize {...}
    ++[preprocess] returns ok
    ++[chap] returns noop
    ++[mschap] returns noop
    ++[digest] returns noop
    [suffix] No '@' in User-Name = "dwi", looking up realm NULL
    [suffix] No such realm "NULL"
    ++[suffix] returns noop
    [eap] EAP packet type response id 6 length 6
    [eap] No EAP Start, assuming it's an on-going EAP conversation
    ++[eap] returns updated
    ++[files] returns noop
    [sql] expand: %{User-Name} -> dwi
    [sql] sql_set_user escaped user --> 'dwi'
    rlm_sql (sql): Reserving sql socket id: 2
    [sql] expand: SELECT id, username, attribute, value, op FROM radcheck WHERE username = '%{SQL-User-Name}' ORDER BY id -> SELECT id, username, attribute, value, op FROM radcheck WHERE username = 'dwi' ORDER BY id
    [sql] User found in radcheck table
    [sql] expand: SELECT id, username, attribute, value, op FROM radreply WHERE username = '%{SQL-User-Name}' ORDER BY id -> SELECT id, username, attribute, value, op FROM radreply WHERE username = 'dwi' ORDER BY id
    [sql] expand: SELECT groupname FROM radusergroup WHERE username = '%{SQL-User-Name}' ORDER BY priority -> SELECT groupname FROM radusergroup WHERE username = 'dwi' ORDER BY priority
    rlm_sql (sql): Released sql socket id: 2
    ++[sql] returns ok
    ++[expiration] returns noop
    ++[logintime] returns noop
    [pap] WARNING: Auth-Type already set. Not setting to PAP
    ++[pap] returns noop
    Found Auth-Type = EAP
    # Executing group from file /etc/freeradius/sites-enabled/default
    +- entering group authenticate {...}
    [eap] Request found, released from the list
    [eap] EAP/tls
    [eap] processing type tls
    [tls] Authenticate
    [tls] processing EAP-TLS
    [tls] Received TLS ACK
    [tls] ACK handshake is finished
    [tls] eaptls_verify returned 3
    [tls] eaptls_process returned 3
    [tls] Adding user data to cached session
    [eap] Freeing handler
    ++[eap] returns ok
    Login OK: [dwi] (from client MT port 0 cli 18-20-32-74-75-95)
    # Executing section post-auth from file /etc/freeradius/sites-enabled/default
    +- entering group post-auth {...}
    [sql] expand: %{User-Name} -> dwi
    [sql] sql_set_user escaped user --> 'dwi'
    [sql] expand: %{User-Password} ->
    [sql] ... expanding second conditional
    [sql] expand: %{Chap-Password} ->
    [sql] expand: INSERT INTO radpostauth (username, pass, reply, authdate) VALUES ( '%{User-Name}', '%{%{User-Password}:-%{Chap-Password}}', '%{reply:Packet-Type}', '%S') -> INSERT INTO radpostauth (username, pass, reply, authdate) VALUES ( 'dwi', '', 'Access-Accept', '2014-12-04 17:03:28')
    rlm_sql (sql) in sql_postauth: query is INSERT INTO radpostauth (username, pass, reply, authdate) VALUES ( 'dwi', '', 'Access-Accept', '2014-12-04 17:03:28')
    rlm_sql (sql): Reserving sql socket id: 1
    rlm_sql (sql): Released sql socket id: 1
    ++[sql] returns ok
    ++[exec] returns noop
    Sending Access-Accept of id 143 to 118.137.64.118 port 53692
    MS-MPPE-Recv-Key = 0x6435c87a57c869d8a0f549d7b593653beda9feaf8a50f67e38d9686d71f2ced9
    MS-MPPE-Send-Key = 0x13efdc5b4cd852a50574e6435754253cff2a4e4916f69b29a60aa7e44740f9e8
    EAP-Message = 0x03060004
    Message-Authenticator = 0x00000000000000000000000000000000
    User-Name = "dwi"
    Finished request 6.
    Going to the next request
    Waking up in 1.7 seconds.
    Cleaning up request 0 ID 137 with timestamp +15
    Waking up in 0.1 seconds.
    Cleaning up request 1 ID 138 with timestamp +15
    Cleaning up request 2 ID 139 with timestamp +15
    Waking up in 0.1 seconds.
    Cleaning up request 3 ID 140 with timestamp +15
    Waking up in 2.3 seconds.
    Cleaning up request 4 ID 141 with timestamp +17
    Waking up in 0.3 seconds.
    Cleaning up request 5 ID 142 with timestamp +18
    Cleaning up request 6 ID 143 with timestamp +18
    Ready to process requests.

  2. The Following User Says Thank You to Akangage For This Useful Post:


  3. #2
    Status
    Offline
    agoesbali's Avatar
    Newbie
    Join Date
    Mar 2010
    Location
    Suroboyo
    Posts
    41
    Reviews
    Read 0 Reviews
    Downloads
    1
    Uploads
    0
    Feedback Score
    0
    om akang,

    penggunaan freeradius ini bisa nggak antara NAS satu dengan NAS yang lainya usernya juga berbeda?
    maksudnya kalo di freeradius udah ada userA, bisa nggak hanya di pake oleh NAS-A juga, semisal userA login dari perangkat NAS-B udah nggak bisa lagi
    saya cari setup/dokumentasinya nggak nemu nih, apa memang nggak ada? :P sekarang semua user di freeradius bisa dipake dari NAS yg udah terdaftar di list

    Thanks.

  4. #3
    Status
    Offline
    agoesbali's Avatar
    Newbie
    Join Date
    Mar 2010
    Location
    Suroboyo
    Posts
    41
    Reviews
    Read 0 Reviews
    Downloads
    1
    Uploads
    0
    Feedback Score
    0
    om akang,

    penggunaan freeradius ini bisa nggak antara NAS satu dengan NAS yang lainya usernya juga berbeda?
    maksudnya kalo di freeradius udah ada userA, bisa nggak hanya di pake oleh NAS-A juga, semisal userA login dari perangkat NAS-B udah nggak bisa lagi
    saya cari setup/dokumentasinya nggak nemu nih, apa memang nggak ada? :P sekarang semua user di freeradius bisa dipake dari NAS yg udah terdaftar di list

    Thanks.

  5. #4
    Status
    Offline
    Akangage's Avatar
    Administrator
    Join Date
    Aug 2007
    Location
    Daerah Khusus Ibukota Jakarta, Indonesia
    Posts
    4,188
    Reviews
    Read 0 Reviews
    Downloads
    210
    Uploads
    87
    Feedback Score
    0
    Click here to enlarge Originally Posted by agoesbali Click here to enlarge
    om akang,

    penggunaan freeradius ini bisa nggak antara NAS satu dengan NAS yang lainya usernya juga berbeda?
    maksudnya kalo di freeradius udah ada userA, bisa nggak hanya di pake oleh NAS-A juga, semisal userA login dari perangkat NAS-B udah nggak bisa lagi
    saya cari setup/dokumentasinya nggak nemu nih, apa memang nggak ada? :P sekarang semua user di freeradius bisa dipake dari NAS yg udah terdaftar di list

    Thanks.
    Udah coba pake ?

  6. #5
    Status
    Offline
    dauzayl's Avatar
    Baru Gabung
    Join Date
    Aug 2015
    Posts
    1
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0

    Database connection error

    om akang,

    saya sudah mengikuti langkah demi langkah, tapi kenapa ketika setelah saya login di daloradius nya yang terjadi adalah "Database connection error
    Error Message: DB Error: connect failed". Mohon bantuannya ya Click here to enlarge

  7. #6
    Status
    Offline
    upet's Avatar
    Newbie
    Join Date
    Jul 2010
    Location
    macazzart
    Posts
    32
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    maap mau nanya gmn ya cara pasang EASY-RSA v2?
    soalnya jalankan cd /akangage/easy-rsa -bash: cd: /akangage/easy-rsa: No such file or directory
    Last edited by upet; 19-10-2015 at 10:02.

  8. #7
    Status
    Offline
    cw-12's Avatar
    Member Senior
    Join Date
    Jan 2010
    Posts
    391
    Reviews
    Read 0 Reviews
    Downloads
    5
    Uploads
    2
    Feedback Score
    0
    Bahasan yang menarik, pengen nyobain eap di freeradius

 

 

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. Replies: 45
    Last Post: 01-03-2016, 18:52
  2. Mikrotik + FreeRadius + web php di linux buat login
    By bangcad in forum HotSpot, The Dude & User Manager
    Replies: 7
    Last Post: 14-02-2013, 09:09
  3. Replies: 9
    Last Post: 26-05-2010, 11:17
  4. freeradius+mikrotik+webphp
    By valentino4x6 in forum Linux Support
    Replies: 7
    Last Post: 25-04-2010, 14:17
  5. Userman dgn AAA di Freeradius
    By antodoroki in forum HotSpot, The Dude & User Manager
    Replies: 1
    Last Post: 14-11-2008, 23:22

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •