Sorry for the long message, I really need to get this working ASAP. I am in the process of moving a radius server from cistron to freeradius and am having configuration issues right off the bat. I am usinging freeradius v 0.7 on a Redhat Linux 7.3 box.
I have a local user defined and using radtest I can get the local user to auth and get the session values set in the users file. If I try to the same user with the default domain (since some users dial in using the domain name after it) I get a login failure. We are also setting it so that users that are in the ppp group are authenticated and anyone else rejected. We do this setup under cistron and it works just fine....I really must be missing something and any help would be appreciated. Here is the output from the radtest: With the domain that gets rejected: # radtest [EMAIL PROTECTED] xxxxxxxx localhost 1 xxxxxxxx Sending Access-Request of id 27 to 127.0.0.1:1812 User-Name = "[EMAIL PROTECTED]" NAS-IP-Address = lorien.logical.net NAS-Port-Id = "1" rad_recv: Access-Reject packet from host 127.0.0.1:1812, id=27, length=20 Same user without domain: # radtest smaugy xxxxxxx localhost 1 xxxxxxxx Sending Access-Request of id 31 to 127.0.0.1:1812 User-Name = "smaugy" NAS-IP-Address = lorien.logical.net NAS-Port-Id = "1" rad_recv: Access-Accept packet from host 127.0.0.1:1812, id=31, length=68 The error that I get when I run the radius daemon with the -X flag is "auth: No authenticate method (Auth-Type) configuration found for the request: Rejecting the user" Here is the users file: # DEFAULT Group == "email", Auth-Type := Reject DEFAULT Group == "ppp", Auth-Type := System Service-Type = Framed-User, Framed-Protocol = PPP, Framed-Address = 255.255.255.254, Framed-Netmask = 255.255.255.255, Framed-Routing = None, Idle-Timeout = 1200, Session-Timeout = 28800, Framed-Compression = Van-Jacobsen-TCP-IP # On no match, the user is denied access. Here is the proxy.conf file: proxy server { synchronous = no retry_delay = 5 retry_count = 3 dead_time = 120 default_fallback = yes } realm traderscreek.com { type = radius authhost = LOCAL accthost = LOCAL } And here is the radiusd.conf file: prefix = /usr/local exec_prefix = ${prefix} sysconfdir = ${prefix}/etc localstatedir = ${prefix}/var sbindir = ${exec_prefix}/sbin logdir = ${localstatedir}/log/radius raddbdir = ${sysconfdir}/raddb radacctdir = ${logdir}/radacct confdir = ${raddbdir} run_dir = ${localstatedir}/run/radiusd ibdir = ${exec_prefix}/lib pidfile = ${run_dir}/radiusd.pid max_request_time = 30 delete_blocked_requests = no cleanup_delay = 5 max_requests = 1024 bind_address = * port = 0 hostname_lookups = yes allow_core_dumps = no regular_expressions = yes extended_expressions = yes log_stripped_names = no log_auth = yes log_auth_badpass = yes log_auth_goodpass = no usercollide = no lower_user = no lower_pass = no nospace_user = no nospace_pass = no checkrad = ${sbindir}/checkrad security { max_attributes = 200 reject_delay = 1 } proxy_requests = yes $INCLUDE ${confdir}/proxy.conf $INCLUDE ${confdir}/clients.conf $INCLUDE ${confdir}/snmp.conf thread pool { start_servers = 5 max_servers = 32 min_spare_servers = 3 max_spare_servers = 10 max_requests_per_server = 0 } modules { pam { pam_auth = radiusd } unix { cache = yes cache_reload = 600 passwd = /etc/passwd shadow = /etc/shadow group = /etc/group radwtmp = ${logdir}/radwtmp } eap { md5 { } } mschap { } pap { encryption_scheme = crypt } realm suffix { format = suffix delimiter = "@" } preprocess { huntgroups = ${confdir}/huntgroups hints = ${confdir}/hints with_ascend_hack = no ascend_channels_per_line = 23 with_ntdomain_hack = no with_specialix_jetstream_hack = no } files { usersfile = ${confdir}/users acctusersfile = ${confdir}/acct_users compat = no } fastusers { usersfile = ${confdir}/users_fast hashsize = 1000 compat = no hash_reload = 600 } detail { detailfile = ${radacctdir}/%{Client-IP-Address}/detail detailperm = 0600 } acct_unique { key = "User-Name, Acct-Session-Id, NAS-IP-Address, Client-IP-Address, NAS-Port-Id" } radutmp { filename = ${logdir}/radutmp perm = 0600 callerid = "yes" } radutmp sradutmp { filename = ${logdir}/sradutmp perm = 0644 callerid = "no" } attr_filter { attrsfile = ${confdir}/attrs } always fail { rcode = fail } always reject { rcode = reject } always ok { rcode = ok simulcount = 0 mpp = no } } authorize { preprocess suffix files } authenticate { unix authtype PAP { pap } } preacct { preprocess suffix files } accounting { detail unix radutmp } session { radutmp } ----------------------------------------------- "I have not failed. I've just found 10,000 ways that won't work." - Thomas Edison Michael Hendrix [EMAIL PROTECTED] Systems Engineer / SysAdmin Team Leader Logical Net / Capital Net (518) 292-4509 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html