Hallo zusammen,
aktuell evaluiere ich verschiedene Software Lösungen, UCS sieht wirklich vielversprechend aus.
Ich versuche aktuell den RADIUS so zu konfigurieren, dass dieser TTLS für die Clients nutzt statt MSCHAPv2. Das funktioniert aber nicht.
Folgende Befehle habe ich genutzt:
ucr set freeradius/conf/auth-type/mschap='false'
ucr set freeradius/conf/auth-type/ttls='true'
mit journalctl -fu freeradius sehe ich dann folgendes
-- Logs begin at Mon 2018-05-14 14:42:55 CEST. --
Mai 17 13:39:54 ucs-01 freeradius[14943]: [/etc/freeradius/3.0/mods-config/attr_filter/access_reject]:11 Check item "FreeRADIUS-Response-Delay" found in filter list for realm "DEFAULT".
Mai 17 13:39:54 ucs-01 freeradius[14943]: [/etc/freeradius/3.0/mods-config/attr_filter/access_reject]:11 Check item "FreeRADIUS-Response-Delay-USec" found in filter list for realm "DEFAULT".
Mai 17 13:39:54 ucs-01 freeradius[14943]: tls: Using cached TLS configuration from previous invocation
Mai 17 13:39:54 ucs-01 freeradius[14943]: /etc/freeradius/3.0/mods-enabled/eap[830]: Failed to find 'Auth-Type MS-CHAP' section. Cannot authenticate users.
Mai 17 13:39:54 ucs-01 freeradius[14943]: rlm_eap (EAP): Failed to initialise rlm_eap_mschapv2
Mai 17 13:39:54 ucs-01 freeradius[14943]: /etc/freeradius/3.0/mods-enabled/eap[23]: Instantiation failed for module "eap"
Mai 17 13:39:54 ucs-01 systemd[1]: freeradius.service: Control process exited, code=exited status=1
Mai 17 13:39:54 ucs-01 systemd[1]: Failed to start FreeRADIUS multi-protocol policy server.
Mai 17 13:39:54 ucs-01 systemd[1]: freeradius.service: Unit entered failed state.
Mai 17 13:39:54 ucs-01 systemd[1]: freeradius.service: Failed with result 'exit-code'.
q
Mai 17 13:40:00 ucs-01 systemd[1]: freeradius.service: Service hold-off time over, scheduling restart.
Mai 17 13:40:00 ucs-01 systemd[1]: Stopped FreeRADIUS multi-protocol policy server.
Mai 17 13:40:00 ucs-01 systemd[1]: Starting FreeRADIUS multi-protocol policy server...
Mai 17 13:40:00 ucs-01 freeradius[14949]: FreeRADIUS Version 3.0.12
Mai 17 13:40:00 ucs-01 freeradius[14949]: Copyright (C) 1999-2016 The FreeRADIUS server project and contributors
Mai 17 13:40:00 ucs-01 freeradius[14949]: There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A
Mai 17 13:40:00 ucs-01 freeradius[14949]: PARTICULAR PURPOSE
Mai 17 13:40:00 ucs-01 freeradius[14949]: You may redistribute copies of FreeRADIUS under the terms of the
Mai 17 13:40:00 ucs-01 freeradius[14949]: GNU General Public License
Mai 17 13:40:00 ucs-01 freeradius[14949]: For more information about these matters, see the file named COPYRIGHT
Mai 17 13:40:00 ucs-01 freeradius[14949]: Starting - reading configuration files ...
Mai 17 13:40:00 ucs-01 freeradius[14949]: No 'ipaddr' or 'ipv4addr' or 'ipv6addr' field found in client 10.30.20.248. Please fix your configuration
Mai 17 13:40:00 ucs-01 freeradius[14949]: Support for old-style clients will be removed in a future release
Mai 17 13:40:00 ucs-01 freeradius[14949]: Debugger not attached
Mai 17 13:40:00 ucs-01 freeradius[14949]: Creating attribute LDAP-Group
Mai 17 13:40:00 ucs-01 freeradius[14949]: Creating attribute Unix-Group
Mai 17 13:40:00 ucs-01 freeradius[14949]: rlm_ldap: libldap vendor: OpenLDAP, version: 20445
Mai 17 13:40:00 ucs-01 freeradius[14949]: rlm_ldap (ldap): Initialising connection pool
Mai 17 13:40:00 ucs-01 freeradius[14949]: rlm_mschap (mschap): authenticating by calling 'ntlm_auth'
Mai 17 13:40:00 ucs-01 freeradius[14949]: [/etc/freeradius/3.0/mods-config/attr_filter/access_reject]:11 Check item "FreeRADIUS-Response-Delay" found in filter list for realm "DEFAULT".
Mai 17 13:40:00 ucs-01 freeradius[14949]: [/etc/freeradius/3.0/mods-config/attr_filter/access_reject]:11 Check item "FreeRADIUS-Response-Delay-USec" found in filter list for realm "DEFAULT".
Mai 17 13:40:00 ucs-01 freeradius[14949]: tls: Using cached TLS configuration from previous invocation
Mai 17 13:40:00 ucs-01 freeradius[14949]: /etc/freeradius/3.0/mods-enabled/eap[830]: Failed to find 'Auth-Type MS-CHAP' section. Cannot authenticate users.
Mai 17 13:40:00 ucs-01 freeradius[14949]: rlm_eap (EAP): Failed to initialise rlm_eap_mschapv2
Mai 17 13:40:00 ucs-01 freeradius[14949]: /etc/freeradius/3.0/mods-enabled/eap[23]: Instantiation failed for module "eap"
Mai 17 13:40:00 ucs-01 systemd[1]: freeradius.service: Control process exited, code=exited status=1
Mai 17 13:40:00 ucs-01 systemd[1]: Failed to start FreeRADIUS multi-protocol policy server.
Mai 17 13:40:00 ucs-01 systemd[1]: freeradius.service: Unit entered failed state.
Mai 17 13:40:00 ucs-01 systemd[1]: freeradius.service: Failed with result 'exit-code'.
^C
Was genau mache ich falsch?
Gruß,
Arp