Ich versuche einen Freeradius-Server einzurichten, aber wenn ich versuche, es mit zu starten
# service freeradius start Job for freeradius.service failed because the control process exited with error code. See "systemctl status freeradius.service" and "journalctl -xe" for details. wenn ich journalctl schreibe, bekomme ich das
-- The start-up result is done. Dec 30 16:03:05 pppie sudo[19994]: dilian : TTY=pts/0 ; PWD=/home/dilian ; USER=root ; COMMAND=/bin/su Dec 30 16:03:05 pppie sudo[19994]: pam_unix(sudo:session): session opened for user root by dilian(uid=0) Dec 30 16:03:06 pppie su[19995]: Successful su for root by root Dec 30 16:03:06 pppie su[19995]: + /dev/pts/0 root:root Dec 30 16:03:06 pppie su[19995]: pam_unix(su:session): session opened for user root by dilian(uid=0) Dec 30 16:03:06 pppie su[19995]: pam_systemd(su:session): Cannot create session: Already running in a session Dec 30 16:03:28 pppie systemd[1]: Starting LSB: Radius Daemon... -- Subject: Unit freeradius.service has begun start-up -- Defined-By: systemd -- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel -- -- Unit freeradius.service has begun starting up. Dec 30 16:03:28 pppie freeradius[20039]: * Starting FreeRADIUS daemon freeradius Dec 30 16:03:28 pppie freeradius[20039]: ...fail! Dec 30 16:03:28 pppie systemd[1]: freeradius.service: Control process exited, code=exited status=1 Dec 30 16:03:28 pppie systemd[1]: Failed to start LSB: Radius Daemon. -- Subject: Unit freeradius.service has failed -- Defined-By: systemd -- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel -- -- Unit freeradius.service has failed. -- -- The result is failed. Dec 30 16:03:28 pppie systemd[1]: freeradius.service: Unit entered failed state. Dec 30 16:03:28 pppie systemd[1]: freeradius.service: Failed with result 'exit-code'. Und wenn ich "Freeradius -X" versuche, komme ich zur letzten Linie und es bleibt da und tut nichts.
> # freeradius -X freeradius: FreeRADIUS Version 2.2.8, for host x86_64-pc-linux-gnu, built on Apr > 5 2016 at 13:40:43 Copyright (C) 1999-2015 The FreeRADIUS server > project and contributors. There is NO warranty; not even for > MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. You may > redistribute copies of FreeRADIUS under the terms of the GNU General > Public License. For more information about these matters, see the file > named COPYRIGHT. Starting - reading configuration files ... including > configuration file /etc/freeradius/radiusd.conf including > configuration file /etc/freeradius/proxy.conf including configuration > file /etc/freeradius/clients.conf including configuration file > /etc/freeradius/snmp.conf including configuration file > /etc/freeradius/nibs.conf main { > user = "nobody" > group = "nobody" > allow_core_dumps = no } including dictionary file /etc/freeradius/dictionary main { > name = "radiusd" > prefix = "/usr/local" > localstatedir = "/var" > sbindir = "/usr/local/sbin" > logdir = "/var/log" > run_dir = "/var/run/radiusd" > libdir = "/usr/local/lib" > radacctdir = "/var/log/radacct" > hostname_lookups = no > max_request_time = 30 > cleanup_delay = 5 > max_requests = 1024 > pidfile = "/var/run/radiusd/radiusd.pid" > checkrad = "/usr/local/sbin/checkrad" > debug_level = 0 > proxy_requests = no > log_auth = no > log_auth_badpass = yes > log_auth_goodpass = yes > log_stripped_names = no security { > max_attributes = 200 > reject_delay = 1 > status_server = no > allow_vulnerable_openssl = no } } radiusd: #### Loading Realms and Home Servers #### proxy server { > retry_delay = 5 > retry_count = 3 > default_fallback = no > dead_time = 120 > wake_all_if_all_dead = no } home_server localhost { > ipaddr = 127.0.0.1 > port = 1812 > type = "auth" > secret = "testing123" > response_window = 20 > max_outstanding = 65536 > require_message_authenticator = yes > zombie_period = 40 > status_check = "status-server" > ping_interval = 30 > check_interval = 30 > num_answers_to_alive = 3 > num_pings_to_alive = 3 > revive_interval = 120 > status_check_timeout = 4 coa { > irt = 2 > mrt = 16 > mrc = 5 > mrd = 30 } } home_server_pool my_auth_failover { > type = fail-over > home_server = localhost } realm example.com { > auth_pool = my_auth_failover } realm LOCAL { } radiusd: #### Loading Clients #### client localhost { > ipaddr = 127.0.0.1 > require_message_authenticator = no > secret = "testing123" > nastype = "other" } radiusd: #### Instantiating modules #### instantiate { Module: Linked to module rlm_exec Module: > Instantiating module "exec" from file /etc/freeradius/radiusd.conf > exec { > wait = yes > input_pairs = "request" > shell_escape = yes } Module: Linked to module rlm_expr Module: Instantiating module "expr" from file > /etc/freeradius/radiusd.conf } radiusd: #### Loading Virtual Servers > #### server { # from file /etc/freeradius/radiusd.conf modules { } # modules } # server radiusd: #### Opening IP addresses and Ports #### > bind_address = * WARNING: The directive 'bind_address' is deprecated, and will be removed in futu > re versions of FreeRADIUS. Please edit the configuration files to use > the direct > ive 'listen'. Listening on authentication address * port 1812 > Listening on accounting address * port 1813 Ready to process requests. es gibt keine fehler msg und ich weiß nicht, was zu tun ist, um es zu beheben ... im Ubuntu Server 16.04
wenn jemand eine idee hat was ist los? 10x für deine Zeit.
Wenn ich es versuche
root@pppie:/home/dilian# freeradius -f -lstdout -XXX Fri Jan 6 14:05:36 2017 : Info: freeradius: FreeRADIUS Version 2.2.8, for host x86_64-pc-linux-gnu, built on Apr 5 2016 at 13:40:43 Fri Jan 6 14:05:36 2017 : Debug: Server was built with: Fri Jan 6 14:05:36 2017 : Debug: accounting Fri Jan 6 14:05:36 2017 : Debug: authentication Fri Jan 6 14:05:36 2017 : Debug: WITH_DHCP Fri Jan 6 14:05:36 2017 : Debug: WITH_VMPS Fri Jan 6 14:05:36 2017 : Debug: Server core libs: Fri Jan 6 14:05:36 2017 : Debug: ssl: OpenSSL 1.0.2g 1 Mar 2016 Fri Jan 6 14:05:36 2017 : Info: Copyright (C) 1999-2015 The FreeRADIUS server project and contributors. Fri Jan 6 14:05:36 2017 : Info: There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A Fri Jan 6 14:05:36 2017 : Info: PARTICULAR PURPOSE. Fri Jan 6 14:05:36 2017 : Info: You may redistribute copies of FreeRADIUS under the terms of the Fri Jan 6 14:05:36 2017 : Info: GNU General Public License. Fri Jan 6 14:05:36 2017 : Info: For more information about these matters, see the file named COPYRIGHT. Fri Jan 6 14:05:36 2017 : Info: Starting - reading configuration files ... Fri Jan 6 14:05:36 2017 : Debug: including configuration file /etc/freeradius/radiusd.conf Fri Jan 6 14:05:36 2017 : Debug: including configuration file /etc/freeradius/proxy.conf Fri Jan 6 14:05:36 2017 : Debug: including configuration file /etc/freeradius/clients.conf Fri Jan 6 14:05:36 2017 : Debug: including configuration file /etc/freeradius/snmp.conf Fri Jan 6 14:05:36 2017 : Debug: including configuration file /etc/freeradius/nibs.conf Fri Jan 6 14:05:36 2017 : Debug: main { Fri Jan 6 14:05:36 2017 : Debug: user = "nobody" Fri Jan 6 14:05:36 2017 : Debug: group = "nobody" Fri Jan 6 14:05:36 2017 : Debug: allow_core_dumps = no Fri Jan 6 14:05:36 2017 : Debug: } Fri Jan 6 14:05:36 2017 : Debug: including dictionary file /etc/freeradius/dictionary Fri Jan 6 14:05:36 2017 : Debug: main { Fri Jan 6 14:05:36 2017 : Debug: name = "radiusd" Fri Jan 6 14:05:36 2017 : Debug: prefix = "/usr/local" Fri Jan 6 14:05:36 2017 : Debug: localstatedir = "/var" Fri Jan 6 14:05:36 2017 : Debug: sbindir = "/usr/local/sbin" Fri Jan 6 14:05:36 2017 : Debug: logdir = "/var/log" Fri Jan 6 14:05:36 2017 : Debug: run_dir = "/var/run/radiusd" Fri Jan 6 14:05:36 2017 : Debug: libdir = "/usr/local/lib" Fri Jan 6 14:05:36 2017 : Debug: radacctdir = "/var/log/radacct" Fri Jan 6 14:05:36 2017 : Debug: hostname_lookups = no Fri Jan 6 14:05:36 2017 : Debug: max_request_time = 30 Fri Jan 6 14:05:36 2017 : Debug: cleanup_delay = 5 Fri Jan 6 14:05:36 2017 : Debug: max_requests = 1024 Fri Jan 6 14:05:36 2017 : Debug: pidfile = "/var/run/radiusd/radiusd.pid" Fri Jan 6 14:05:36 2017 : Debug: checkrad = "/usr/local/sbin/checkrad" Fri Jan 6 14:05:36 2017 : Debug: debug_level = 0 Fri Jan 6 14:05:36 2017 : Debug: proxy_requests = no Fri Jan 6 14:05:36 2017 : Debug: log_auth = no Fri Jan 6 14:05:36 2017 : Debug: log_auth_badpass = yes Fri Jan 6 14:05:36 2017 : Debug: log_auth_goodpass = yes Fri Jan 6 14:05:36 2017 : Debug: log_stripped_names = no Fri Jan 6 14:05:36 2017 : Debug: security { Fri Jan 6 14:05:36 2017 : Debug: max_attributes = 200 Fri Jan 6 14:05:36 2017 : Debug: reject_delay = 1 Fri Jan 6 14:05:36 2017 : Debug: status_server = no Fri Jan 6 14:05:36 2017 : Debug: allow_vulnerable_openssl = no Fri Jan 6 14:05:36 2017 : Debug: } Fri Jan 6 14:05:36 2017 : Debug: } Fri Jan 6 14:05:36 2017 : Debug: radiusd: #### Loading Realms and Home Servers #### Fri Jan 6 14:05:36 2017 : Debug: proxy server { Fri Jan 6 14:05:36 2017 : Debug: retry_delay = 5 Fri Jan 6 14:05:36 2017 : Debug: retry_count = 3 Fri Jan 6 14:05:36 2017 : Debug: default_fallback = no Fri Jan 6 14:05:36 2017 : Debug: dead_time = 120 Fri Jan 6 14:05:36 2017 : Debug: wake_all_if_all_dead = no Fri Jan 6 14:05:36 2017 : Debug: } Fri Jan 6 14:05:36 2017 : Debug: home_server localhost { Fri Jan 6 14:05:36 2017 : Debug: ipaddr = 127.0.0.1 Fri Jan 6 14:05:36 2017 : Debug: port = 1812 Fri Jan 6 14:05:36 2017 : Debug: type = "auth" Fri Jan 6 14:05:36 2017 : Debug: secret = "testing123" Fri Jan 6 14:05:36 2017 : Debug: response_window = 20 Fri Jan 6 14:05:36 2017 : Debug: max_outstanding = 65536 Fri Jan 6 14:05:36 2017 : Debug: require_message_authenticator = yes Fri Jan 6 14:05:36 2017 : Debug: zombie_period = 40 Fri Jan 6 14:05:36 2017 : Debug: status_check = "status-server" Fri Jan 6 14:05:36 2017 : Debug: ping_interval = 30 Fri Jan 6 14:05:36 2017 : Debug: check_interval = 30 Fri Jan 6 14:05:36 2017 : Debug: num_answers_to_alive = 3 Fri Jan 6 14:05:36 2017 : Debug: num_pings_to_alive = 3 Fri Jan 6 14:05:36 2017 : Debug: revive_interval = 120 Fri Jan 6 14:05:36 2017 : Debug: status_check_timeout = 4 Fri Jan 6 14:05:36 2017 : Debug: coa { Fri Jan 6 14:05:36 2017 : Debug: irt = 2 Fri Jan 6 14:05:36 2017 : Debug: mrt = 16 Fri Jan 6 14:05:36 2017 : Debug: mrc = 5 Fri Jan 6 14:05:36 2017 : Debug: mrd = 30 Fri Jan 6 14:05:36 2017 : Debug: } Fri Jan 6 14:05:36 2017 : Debug: } Fri Jan 6 14:05:36 2017 : Debug: home_server_pool my_auth_failover { Fri Jan 6 14:05:36 2017 : Debug: type = fail-over Fri Jan 6 14:05:36 2017 : Debug: home_server = localhost Fri Jan 6 14:05:36 2017 : Debug: } Fri Jan 6 14:05:36 2017 : Debug: realm example.com { Fri Jan 6 14:05:36 2017 : Debug: auth_pool = my_auth_failover Fri Jan 6 14:05:36 2017 : Debug: } Fri Jan 6 14:05:36 2017 : Debug: realm LOCAL { Fri Jan 6 14:05:36 2017 : Debug: } Fri Jan 6 14:05:36 2017 : Debug: radiusd: #### Loading Clients #### Fri Jan 6 14:05:36 2017 : Debug: client localhost { Fri Jan 6 14:05:36 2017 : Debug: ipaddr = 127.0.0.1 Fri Jan 6 14:05:36 2017 : Debug: require_message_authenticator = no Fri Jan 6 14:05:36 2017 : Debug: secret = "testing123" Fri Jan 6 14:05:36 2017 : Debug: nastype = "other" Fri Jan 6 14:05:36 2017 : Debug: } Fri Jan 6 14:05:36 2017 : Debug: radiusd: #### Instantiating modules #### Fri Jan 6 14:05:36 2017 : Debug: instantiate { Fri Jan 6 14:05:36 2017 : Debug: (Loaded rlm_exec, checking if it's valid) Fri Jan 6 14:05:36 2017 : Debug: Module: Linked to module rlm_exec Fri Jan 6 14:05:36 2017 : Debug: Module: Instantiating module "exec" from file /etc/freeradius/radiusd.conf Fri Jan 6 14:05:36 2017 : Debug: exec { Fri Jan 6 14:05:36 2017 : Debug: wait = yes Fri Jan 6 14:05:36 2017 : Debug: input_pairs = "request" Fri Jan 6 14:05:36 2017 : Debug: shell_escape = yes Fri Jan 6 14:05:36 2017 : Debug: } Fri Jan 6 14:05:36 2017 : Debug: (Loaded rlm_expr, checking if it's valid) Fri Jan 6 14:05:36 2017 : Debug: Module: Linked to module rlm_expr Fri Jan 6 14:05:36 2017 : Debug: Module: Instantiating module "expr" from file /etc/freeradius/radiusd.conf Fri Jan 6 14:05:36 2017 : Debug: } Fri Jan 6 14:05:36 2017 : Debug: radiusd: #### Loading Virtual Servers #### Fri Jan 6 14:05:36 2017 : Debug: server { # from file /etc/freeradius/radiusd.conf Fri Jan 6 14:05:36 2017 : Debug: modules { Fri Jan 6 14:05:36 2017 : Debug: } # modules Fri Jan 6 14:05:36 2017 : Debug: } # server Fri Jan 6 14:05:36 2017 : Debug: radiusd: #### Opening IP addresses and Ports #### Fri Jan 6 14:05:36 2017 : Debug: bind_address = * Fri Jan 6 14:05:36 2017 : Info: WARNING: The directive 'bind_address' is deprecated, and will be removed in future versions of FreeRADIUS. Please edit the configuration files to use the directive 'listen'. Fri Jan 6 14:05:36 2017 : Debug: Listening on authentication address * port 1812 Fri Jan 6 14:05:36 2017 : Debug: Listening on accounting address * port 1813 Fri Jan 6 14:05:36 2017 : Info: Ready to process requests. und es bleibt wieder in der Zeile Bereit, Anfragen zu bearbeiten.
Wenn ich versuche, es mit zu beginnen:
root@pppie:/home/dilian# /etc/init.d/freeradius start [....] Starting freeradius (via systemctl): freeradius.serviceJob for freeradius.service failed because the control process exited with error code. See "systemctl status freeradius.service" and "journalctl -xe" for details. failed! Ich laufe als root
Sehr wahrscheinlich ein Berechtigungsproblem.
Mit -X wechselt der FreeRADIUS-Prozess nicht zu Benutzern, sondern läuft wie derjenige, der ihn ausgeführt hat.
Freeradius starten mit:
-f -lstdout -xxx -f Im Vordergrund laufen-lstdout log zu stdout-xxx Setzen Sie die Protokollierungsgenauigkeit auf das gleiche wie -XEs wird dann mit der konfigurierten UID / GID ausgeführt.
Mein erster Versuch bestand darin, den lokalen Host zu verwenden. Die Client-Details, die ich für den localhost verwendet habe, waren die Ursache meines Problems.
als ich für den Testclient Folgendes eingegeben habe:
Client 127.0.0.1
Der Dienst wurde gestartet und ich konnte die Installation auf Ubuntu 16.04 abschließen