Start a new topic

Radius not working

tin @ Tue Apr 22 04:16:43 EEST 2014
Hi,

i tried to set up Radius client but it is not working. As I understand I only need to configure "Radius plugin". I did that and it is not working.
Here is my log:
04/22/2014 11:16:01 AM|[HTTPS:5040:10.10.10.8:443] Accepting connection from: 192.168.1.158:59614
04/22/2014 11:16:01 AM|CVE-2009-3555 fixed. Ciphers removed from SSL socket.
04/22/2014 11:16:01 AM|SQL:Connecting to db, executing sql:UPDATE SESSIONS set END_TIME = ? where RID = ?
04/22/2014 11:16:01 AM|[HTTPS:5041:10.10.10.8:443] Accepting connection from: 192.168.1.158:59615
04/22/2014 11:16:01 AM|CVE-2009-3555 fixed. Ciphers removed from SSL socket.
04/22/2014 11:16:01 AM|[HTTPS:5041::192.168.1.158] READ: *POST /WebInterface/function/ HTTP/1.1*
04/22/2014 11:16:01 AM|[HTTPS:5041::192.168.1.158] READ: *Host: 10.10.10.8*
04/22/2014 11:16:01 AM|[HTTPS:5041::192.168.1.158] READ: *Content-Length: 87*
04/22/2014 11:16:01 AM|[HTTPS:5041::192.168.1.158] READ: *Origin: https://10.10.10.8*
04/22/2014 11:16:01 AM|[HTTPS:5041::192.168.1.158] READ: *X-Requested-With: XMLHttpRequest*
04/22/2014 11:16:01 AM|[HTTPS:5041::192.168.1.158] READ: *User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/34.0.1847.116 Safari/537.36*
04/22/2014 11:16:01 AM|[HTTPS:5041::192.168.1.158] READ: *Referer: https://10.10.10.8/WebInterface/login.html*
04/22/2014 11:16:01 AM|[HTTPS:5041::192.168.1.158] READ: *Cookie: __WEBINTERFACE_PAGE_SIZE=100; localFileBrowserPopupLastSelection=/home/; __WEBINTERFACE_HIDE_FILTER=false; __WEBINTERFACE_HIDE_CHECKBOX_COLUMN=undefined; mainServerInstance=; CrushAuth=1398155242046_h3H2iDAkKQf5R0wYbnnxLkuOT0uNjB*
04/22/2014 11:16:01 AM|[HTTPS:5041::192.168.1.158] READ: *command:login*
04/22/2014 11:16:01 AM|[HTTPS:5041::192.168.1.158] READ: *username:aso*
04/22/2014 11:16:01 AM|[HTTPS:5041::192.168.1.158] READ: *password:************
04/22/2014 11:16:01 AM|[HTTPS:5041::192.168.1.158] READ: *encoded:true*
04/22/2014 11:16:01 AM|[HTTPS:5041::192.168.1.158] READ: *random:0.9813058343715966*
04/22/2014 11:16:01 AM|AutoUnzip :
04/22/2014 11:16:01 AM|ContentBlocker :
04/22/2014 11:16:01 AM|CrushLDAPGroup :
04/22/2014 11:16:01 AM|CrushNoIP :
04/22/2014 11:16:01 AM|CrushSQL :
04/22/2014 11:16:01 AM|CrushTask :
04/22/2014 11:16:01 AM|DuplicateBlocker :
04/22/2014 11:16:01 AM|FileEncryptDecrypt :
04/22/2014 11:16:01 AM|HomeDirectory :
04/22/2014 11:16:01 AM|LaunchProcess :
04/22/2014 11:16:01 AM|MagicDirectory :
04/22/2014 11:16:01 AM|PostBack :
04/22/2014 11:16:01 AM|PreferencesController :
04/22/2014 11:16:01 AM|Radius :
04/22/2014 11:16:01 AM|SharedLogin :
04/22/2014 11:16:01 AM|UniSSO :
04/22/2014 11:16:01 AM|WebApplication :
04/22/2014 11:16:01 AM|[HTTPS:5041:aso:192.168.1.158] WROTE: *530 Access denied.*
04/22/2014 11:16:01 AM|SQL:Connecting to db, executing sql:INSERT INTO SESSIONS (RID, SESSION, SERVER_GROUP, USER_NAME, START_TIME, END_TIME, SUCCESS_LOGIN, IP) VALUES (?,?,?,?,?,?,?,?)
04/22/2014 11:16:01 AM|[HTTPS:5041::192.168.1.158] WROTE: *HTTP/1.1 200 OK*
04/22/2014 11:16:01 AM|[HTTPS:5041::192.168.1.158] WROTE: *Vary: Accept-Encoding*
04/22/2014 11:16:01 AM|[HTTPS:5041::192.168.1.158] WROTE: *Content-Encoding: gzip*
04/22/2014 11:16:01 AM|[HTTPS:5041::192.168.1.158] WROTE: *Transfer-Encoding: chunked*
04/22/2014 11:16:01 AM|[HTTPS:5041::192.168.1.158] WROTE: *Access-Control-Allow-Origin: false*
04/22/2014 11:16:01 AM|[HTTPS:5041::192.168.1.158] WROTE: **
04/22/2014 11:16:01 AM|[HTTPS:5041::192.168.1.158] READ: *GET /favicon.ico HTTP/1.1*
04/22/2014 11:16:01 AM|[HTTPS:5041::192.168.1.158] READ: *Host: 10.10.10.8*
04/22/2014 11:16:01 AM|[HTTPS:5041::192.168.1.158] READ: *User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/34.0.1847.116 Safari/537.36*
04/22/2014 11:16:01 AM|[HTTPS:5041::192.168.1.158] READ: *Cookie: __WEBINTERFACE_PAGE_SIZE=100; localFileBrowserPopupLastSelection=/home/; __WEBINTERFACE_HIDE_FILTER=false; __WEBINTERFACE_HIDE_CHECKBOX_COLUMN=undefined; mainServerInstance=; CrushAuth=1398155242046_h3H2iDAkKQf5R0wYbnnxLkuOT0uNjB*
04/22/2014 11:16:01 AM|[HTTPS:5041::192.168.1.158] WROTE: *HTTP/1.1 200 OK*
04/22/2014 11:16:01 AM|[HTTPS:5041::192.168.1.158] WROTE: *Transfer-Encoding: chunked*
04/22/2014 11:16:01 AM|[HTTPS:5041::192.168.1.158] WROTE: *Access-Control-Allow-Origin: false*
04/22/2014 11:16:01 AM|[HTTPS:5041::192.168.1.158] WROTE: *Access-Control-Allow-Headers: authorization,content-type*
04/22/2014 11:16:01 AM|[HTTPS:5041::192.168.1.158] WROTE: *Access-Control-Allow-Methods: GET,POST,OPTIONS,PUT,PROPFIND,DELETE,MKCOL,MOVE,COPY,HEAD,PROPPATCH,LOCK,UNLOCK,ACL,TR*
04/22/2014 11:16:01 AM|[HTTPS:5041::192.168.1.158] WROTE: *Last-Modified: Thu, 02 Jan 2014 14:21:22 GMT*
04/22/2014 11:16:01 AM|[HTTPS:5041::192.168.1.158] WROTE: *ETag: 1388672482000*
04/22/2014 11:16:01 AM|[HTTPS:5041::192.168.1.158] WROTE: *X-UA-Compatible: chrome=1*
04/22/2014 11:16:01 AM|[HTTPS:5041::192.168.1.158] WROTE: *Accept-Ranges: bytes*
04/22/2014 11:16:01 AM|[HTTPS:5041::192.168.1.158] WROTE: *Vary: Accept-Encoding*
04/22/2014 11:16:01 AM|[HTTPS:5041::192.168.1.158] WROTE: *Content-Encoding: gzip*
04/22/2014 11:16:01 AM|[HTTPS:5041::192.168.1.158] WROTE: **

spinkb @ Tue Apr 22 06:27:17 EEST 2014
Is the plugin enabled?

Also enable its debug checkbox.

Do you have an enterprise license, or a trial enterprise license? The plugin is restricted to enterprise licenses. Email support directly to get a time trial enterprise license to use.

Thanks,
Ben
tin @ Tue Apr 22 07:08:38 EEST 2014
Plugin is enabled and also Debuging.
I have trial Enterprise licence so it should work.
I also check tcpdump and i don't get any action when I click on login.
spinkb @ Tue Apr 22 07:14:27 EEST 2014
In your plugins, lib folder, do you have these items:

jradius-core...
jradius-dictionary...

?

And verify you have a "Radius.jar in your plugins folder.

If radius is begin used, it will log a message about "sending auth...."

Can you give a screenshot of your radius plugin config?
tin @ Tue Apr 22 07:50:13 EEST 2014
In /plugins/lib i have "jradius-core-1.1.4.jar", "jradius-dicrionary-1.1.4.jar" and "jradius-extended-1.1.4.jar" and "Radius.jar" in plugins folder.

Here is my screenshot: [url]http://shrani.si/f/19/H0/4aSEUGRO/radius.png[/url]
spinkb @ Tue Apr 22 07:52:16 EEST 2014
Please fill in a template user...fill in "default". Its not an optional field.
tin @ Tue Apr 22 08:21:42 EEST 2014
Tnx for info. This default user helped but I still don't get any traffic on the network :/

LOG:
04/22/2014 03:20:34 PM|[HTTPS:5413:anonymous:192.168.1.158] READ: *POST /WebInterface/function/ HTTP/1.1*
04/22/2014 03:20:34 PM|[HTTPS:5413:anonymous:192.168.1.158] READ: *Host: 10.10.10.8*
04/22/2014 03:20:34 PM|[HTTPS:5413:anonymous:192.168.1.158] READ: *Content-Length: 75*
04/22/2014 03:20:34 PM|[HTTPS:5413:anonymous:192.168.1.158] READ: *Origin: https://10.10.10.8*
04/22/2014 03:20:34 PM|[HTTPS:5413:anonymous:192.168.1.158] READ: *X-Requested-With: XMLHttpRequest*
04/22/2014 03:20:34 PM|[HTTPS:5413:anonymous:192.168.1.158] READ: *Referer: https://10.10.10.8/WebInterface/login.html*
04/22/2014 03:20:34 PM|[HTTPS:5413:anonymous:192.168.1.158] READ: *Cookie: __WEBINTERFACE_PAGE_SIZE=100; __WEBINTERFACE_HIDE_FILTER=false; __WEBINTERFACE_HIDE_CHECKBOX_COLUMN=undefined; localFileBrowserPopupLastSelection=/home/; mainServerInstance=; CrushAuth=1398172826230_oqV40ok7ub54WzoMlGfj3eSpwlBRMk*
04/22/2014 03:20:34 PM|[HTTPS:5413:anonymous:192.168.1.158] READ: *command:login*
04/22/2014 03:20:34 PM|[HTTPS:5413:anonymous:192.168.1.158] READ: *username:aso*
04/22/2014 03:20:34 PM|[HTTPS:5413:anonymous:192.168.1.158] READ: *password:************
04/22/2014 03:20:34 PM|[HTTPS:5413:anonymous:192.168.1.158] READ: *encoded:true*
04/22/2014 03:20:34 PM|[HTTPS:5413:anonymous:192.168.1.158] READ: *random:0.2985800290480256*
04/22/2014 03:20:34 PM|Temporary license will expire on:Sat Jun 14 00:00:00 CEST 2014
04/22/2014 03:20:34 PM|Radius:Version 4.2
04/22/2014 03:20:34 PM|Radius:Sending auth:Class: class net.jradius.packet.AccessRequest
Attributes:
User-Name := aso
NAS-Port-Type := Ethernet
NAS-Port := 10
User-Password := [Encrypted String]
04/22/2014 03:20:34 PM|aso:(5413)-192.168.1.158 (control)
04/22/2014 03:20:34 PM|java.lang.ArrayIndexOutOfBoundsException: 0
04/22/2014 03:20:34 PM|net.jradius.util.RadiusUtils.encodePapPassword:109
04/22/2014 03:20:34 PM|net.jradius.client.auth.PAPAuthenticator.processRequest:46
04/22/2014 03:20:34 PM|net.jradius.client.RadiusClient.authenticate:337
04/22/2014 03:20:34 PM|Radius.Start.loadUser:149
04/22/2014 03:20:34 PM|Radius.Start.run:86
04/22/2014 03:20:34 PM|sun.reflect.GeneratedMethodAccessor17.invoke:-1
04/22/2014 03:20:34 PM|sun.reflect.DelegatingMethodAccessorImpl.invoke:43
04/22/2014 03:20:34 PM|java.lang.reflect.Method.invoke:606
04/22/2014 03:20:34 PM|crushftp.handlers.Common.runPlugin:3941
04/22/2014 03:20:34 PM|crushftp.server.ServerStatus.runPlugins:2896
04/22/2014 03:20:34 PM|crushftp.server.ServerSession.runPlugin:3140
04/22/2014 03:20:34 PM|crushftp.server.ServerSession.verify_user:3383
04/22/2014 03:20:34 PM|crushftp.server.ServerSession.login_user_pass:4018
04/22/2014 03:20:34 PM|crushftp.server.ServerSession.login_user_pass:3959
04/22/2014 03:20:34 PM|crushftp.server.ServerSessionAJAX5_2.checkLogin1:88
04/22/2014 03:20:34 PM|crushftp.server.ServerSessionAJAX5_2.processItemAnonymous:170
04/22/2014 03:20:34 PM|crushftp.server.ServerSessionHTTP5_2.handle_http_requests:974
04/22/2014 03:20:34 PM|crushftp.server.ServerSessionHTTP5_2.run:157
04/22/2014 03:20:34 PM|crushftp.server.QuickConnect.run:105
04/22/2014 03:20:34 PM|crushftp.server.Worker.run:32
04/22/2014 03:20:34 PM|java.lang.Thread.run:744
04/22/2014 03:20:34 PM|Radius:finished. Returning failure.
04/22/2014 03:20:34 PM|[HTTPS:5413:aso:192.168.1.158] WROTE: *530 Access denied.*
04/22/2014 03:20:34 PM|[HTTPS:5413::192.168.1.158] WROTE: *HTTP/1.1 200 OK*
04/22/2014 03:20:34 PM|[HTTPS:5413::192.168.1.158] WROTE: *Vary: Accept-Encoding*
04/22/2014 03:20:34 PM|[HTTPS:5413::192.168.1.158] WROTE: *Content-Encoding: gzip*
04/22/2014 03:20:34 PM|[HTTPS:5413::192.168.1.158] WROTE: *Transfer-Encoding: chunked*
04/22/2014 03:20:34 PM|[HTTPS:5413::192.168.1.158] WROTE: *Access-Control-Allow-Origin: false*
04/22/2014 03:20:34 PM|[HTTPS:5413::192.168.1.158] WROTE: **
04/22/2014 03:20:34 PM|[HTTPS:5413:anonymous:192.168.1.158] READ: *GET /favicon.ico HTTP/1.1*
04/22/2014 03:20:34 PM|[HTTPS:5413:anonymous:192.168.1.158] READ: *Host: 10.10.10.8*
04/22/2014 03:20:34 PM|[HTTPS:5413:anonymous:192.168.1.158] READ: *Cookie: __WEBINTERFACE_PAGE_SIZE=100; __WEBINTERFACE_HIDE_FILTER=false; __WEBINTERFACE_HIDE_CHECKBOX_COLUMN=undefined; localFileBrowserPopupLastSelection=/home/; mainServerInstance=; CrushAuth=1398172826230_oqV40ok7ub54WzoMlGfj3eSpwlBRMk*
04/22/2014 03:20:34 PM|[HTTPS:5413:anonymous:192.168.1.158] WROTE: *HTTP/1.1 200 OK*
04/22/2014 03:20:34 PM|[HTTPS:5413:anonymous:192.168.1.158] WROTE: *Transfer-Encoding: chunked*
04/22/2014 03:20:34 PM|[HTTPS:5413:anonymous:192.168.1.158] WROTE: *Access-Control-Allow-Origin: false*
04/22/2014 03:20:34 PM|[HTTPS:5413:anonymous:192.168.1.158] WROTE: *Access-Control-Allow-Headers: authorization,content-type*
04/22/2014 03:20:34 PM|[HTTPS:5413:anonymous:192.168.1.158] WROTE: *Access-Control-Allow-Methods: GET,POST,OPTIONS,PUT,PROPFIND,DELETE,MKCOL,MOVE,COPY,HEAD,PROPPATCH,LOCK,UNLOCK,ACL,TR*
04/22/2014 03:20:34 PM|[HTTPS:5413:anonymous:192.168.1.158] WROTE: *Last-Modified: Thu, 02 Jan 2014 14:21:22 GMT*
04/22/2014 03:20:34 PM|[HTTPS:5413:anonymous:192.168.1.158] WROTE: *ETag: 1388672482000*
04/22/2014 03:20:34 PM|[HTTPS:5413:anonymous:192.168.1.158] WROTE: *X-UA-Compatible: chrome=1*
04/22/2014 03:20:34 PM|[HTTPS:5413:anonymous:192.168.1.158] WROTE: *Accept-Ranges: bytes*
04/22/2014 03:20:34 PM|[HTTPS:5413:anonymous:192.168.1.158] WROTE: *Vary: Accept-Encoding*
04/22/2014 03:20:34 PM|[HTTPS:5413:anonymous:192.168.1.158] WROTE: *Content-Encoding: gzip*
04/22/2014 03:20:34 PM|[HTTPS:5413:anonymous:192.168.1.158] WROTE: **
spinkb @ Tue Apr 22 08:33:57 EEST 2014
This is now a Radius error not liking your shared secret I think...

Not sure, but radius gave this error and not CrushFTP now.

Thanks,
Ben
tin @ Tue Apr 22 08:58:59 EEST 2014
Tnx for now...I am going forward but still have some issues :)
tin @ Wed Apr 23 02:24:48 EEST 2014
Hi,

I got it working but I still have one little issue. I enter username(without password)..press login and I get SMS on my cell with OTP. Then I enter my username and PIN+OTP but it doesn't happen anything. Then I found out that I have to wait app. 60s then the PIN+OTP will work. It's like there is some timeout set or something...does anyone have any idea?

spinkb @ Wed Apr 23 02:28:32 EEST 2014
In the prefs, misc, set remember invalid usernames for x seconds to be 0.

Otherwise the username will be ignored for 60 seconds before it can be attempted again since it failed once.

Thanks,
Ben
tin @ Wed Apr 23 02:34:41 EEST 2014
tnx you so much :)
tin @ Wed Apr 23 02:43:31 EEST 2014
Sorry just one more thing :)

Now if I understand correct I have one template (default user) for all Radius users? So if I want different permissions for different users I can't?
spinkb @ Wed Apr 23 02:46:01 EEST 2014
The plugin is virtually creating a user...there is no UI to control a specific usernames settings. So everyone inherits from the template user configured.

If you want to get detailed on user configurations, then you can no longer virtualize them all, and must make each individual user. They can still be authenticated using Radius, but that is all...then it looks at the User Manager for a matching username to see what they have access to.

There is a checkbox for that in the UI to authenticate only.

Thanks,
Ben
Login to post a comment