hi collin,
thank you for responding to my message,
Regarding the configuration that you wrote above,
I have also changed the protocol to PAP. But it still didn't work.
Previously, I made sure that no errors occurred on my Freeradius server and
my CAS server.
Related to some of your suggestions about:
* Confirm networking 101, i.e. can you ping the Rad. Server (CAS Server and
Freeradius have successfully connected and I can ping each other from both
servers.)
* Can you see the packets arriving on the Radius Server? (Here is the main
problem collin, I can't see any packets reaching my radius server. When
running freeradius -X I don't see any authentication requests from the form
on the cas server go to my radius server.)
* Your sure the shared secret / clients configuration is right / correct?
(I've also made sure the shared server and clients config on the Freeradius
server are correct.
(Even if not again running in -xX will who the connection being dropped).
About this I've done freeradius to debug. I don't get an error message.
However, I saw a warning message and I will write this message below:
Tue Dec 1 22:19:39 2020: Warning:
/etc/freeradius/3.0/mods-config/sql/main/mysql/queries.conf[362]: The item
'-query' is defined, but is unused by the configuration
Tue Dec 1 22:19:39 2020: Warning:
/etc/freeradius/3.0/mods-config/sql/main/mysql/queries.conf[471]: The item
'-query' is defined, but is unused by the configuration
Tue Dec 1 22:19:39 2020: Warning:
/etc/freeradius/3.0/mods-config/sql/main/mysql/queries.conf[563]: The item
'-query' is defined, but is unused by the configuration
Tue Dec 1 22:19:39 2020: Warning: Please use tls_min_version and
tls_max_version instead of disable_tlsv1
Tue Dec 1 22:19:39 2020: Warning: Please use tls_min_version and
tls_max_version instead of disable_tlsv1_2
Tue Dec 1 22:19:39 2020: Warning: Ignoring "ldap" (see raddb /
mods-available / README.rst)
Is this something that missing, about my config?
I just wondering why there are no packets arriving to the Radius Server
from my cas server.
Thanks colling,
irvan
Pada Selasa, 01 Desember 2020 pukul 22.00.33 UTC+7 C Ryan menulis:
> Irvan,
>
>
> All I have is the following:
>
>
>
> cas.authn.radius.name=Radius
> cas.authn.radius.server.protocol=PAP
> cas.authn.radius.server.retries=1
> cas.authn.radius.client.authenticationPort=1645
> cas.authn.radius.client.sharedSecret=<shared secret>
> cas.authn.radius.client.inetAddress=<IP of Radius Server>
> cas.authn.radius.client.accountingPort=1646
>
>
> If your missing any core CAS Bits or directives it should complain loudly
> when you start up CAS.
>
> As well running your freeradius (if you can) with the -xX switches will
> show your more than enough debugging information.
>
> You need to get down to good old 101 level troubleshooting.
>
> * Confirm networking 101, i.e. can you ping the Rad. Server
>
> * Can you see packets arriving on the Radius Server?
>
> * Your sure the shared secret/clients configuration is right/correct?
> (even if not again running in -xX will who the connection being dropped.
>
>
> Anyhow as mentioned between running CAS with debug log levels and running
> FreeRadius in such levels should give you clear indications of where there
> are issues.
>
> Colin
> On 11/29/20 1:40 PM, irvan suryadi wrote:
>
> Hello all,
>
> Related to the development of the CAS system using the Freeradius
> authenticator. I've added some configurations based on directions from the
> documentation on the Apereo CAS website.
>
> However after I did some of this configuration. My freeradius server is
> still not responding to an authentication request from my CAS server.
>
> Are there any other configurations required for these two servers to
> communicate with each other? Or is there something wrong I did in this
> configuration?
>
> Regards,
> Irvan
>
>
> ------------------------------------------------------------------------------------------------------------------
>
> The following is my server configuration :
>
> # Versions
>
> - CAS `6.3.x`
> - JDK `11`
>
> *#The CAS Server :*
>
> #cas.properties file :
>
> cas.serviceRegistry.json.location: file:/etc/cas/services
>
> cas.authn.accept.enabled=false
> server.port = 8443
>
> cas.authn.policy.required-handler-authentication-policy-enabled=true
>
> cas.authn.policy.req.try-all=false
> cas.authn.policy.req.handler-name=Radius
> cas.authn.policy.req.enabled=true
>
> cas.authn.radius.name=Radius
> cas.authn.radius.server.protocol=EAP_MSCHAPv2
> cas.authn.radius.server.retries=1
> cas.authn.radius.client.authenticationPort=1812
> cas.authn.radius.client.sharedSecret=casserver
> cas.authn.radius.client.inetAddress=192.168.1.2 (my freeradius IP Address)
> cas.authn.radius.client.accountingPort=1813
>
> #My Service Registry File (file name : application-10000001.json) :
> ---Location /etc/cas/services---
>
> {
> "@class" : "org.apereo.cas.services.RegexRegisteredService",
> "serviceId" : "^(https|imaps)://.*",
> "name" : "HTTPS and IMAPS",
> "id" : 10000001,
> "evaluationOrder": 99999,
> "authenticationPolicy" : {
> "@class" :
> "org.apereo.cas.services.DefaultRegisteredServiceAuthenticationPolicy",
> "requiredAuthenticationHandlers" : ["java.util.TreeSet", [ "Radius" ]]
> }
> }
>
> #My Build.gradle files (Dependencies Registered) :
>
> dependencies {
> if (project.hasProperty("casmodules")) {
> def dependencies = project.getProperty("casmodules").split(",")
> dependencies.each {
> implementation "org.apereo.cas:cas-server-${it}:${casServerVersion}"
> implementation
> "org.apereo.cas:cas-server-support-radius:${project.'cas.version'}"
> implementation
> "org.apereo.cas:cas-server-support-simple-mfa:${project.'cas.version'}"
> }
> }
>
> // https://mvnrepository.com/artifact/gnu.getopt/java-getopt
> compile group: 'gnu.getopt', name: 'java-getopt', version: '1.0.13'
>
> compile
> "org.apereo.cas:cas-server-webapp${project.appServer}:${casServerVersion}"
>
> // Other CAS dependencies/modules may be listed here...
> compile
> "org.apereo.cas:cas-server-support-json-service-registry:${casServerVersion}"
> }
>
> --------------------------------------------------------------------
> *#My Freeradius Config for the cas server*
>
> Nas IP = 192.168.1.3 (my CAS Server IP Address)
> Secret = casserver
> (pictures attached)
>
>
> --
> - Website: https://apereo.github.io/cas
> - Gitter Chatroom: https://gitter.im/apereo/cas
> - List Guidelines: https://goo.gl/1VRrw7
> - Contributions: https://goo.gl/mh7qDG
> ---
> You received this message because you are subscribed to the Google Groups
> "CAS Community" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to [email protected].
> To view this discussion on the web visit
> https://groups.google.com/a/apereo.org/d/msgid/cas-user/01610a61-ddda-4e6c-947e-b6a45c06c247n%40apereo.org
>
> <https://groups.google.com/a/apereo.org/d/msgid/cas-user/01610a61-ddda-4e6c-947e-b6a45c06c247n%40apereo.org?utm_medium=email&utm_source=footer>
> .
>
>
--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/a/apereo.org/d/msgid/cas-user/7af52ae2-11f6-408d-84fc-5e55050a7171n%40apereo.org.
