After some 4 years, I'm back to looking at freeradius, and while I found the configuration daunting at first, I quickly got it trimmed down to the bare essentials of what I need (which is authorization only). Great job, the configuration syntax is fairly easy to get once all the commentary and useless crap has been cut out of the config files.
On with my problem, which an hour with Google didn't help me with. Authentication reqeusts are being successfully proxied out to the master servers (the VISP), but the freeradius server is ignoring the attributes set in the users file (such as static IPs), even though it clearly says it matched. Here's the applicable lines from my users file (which is the same as I'm using in Cistron 1.6.something). My login is on line 8, the DEFAULT entry is line 101. [EMAIL PROTECTED] Framed-Address = "10.20.30.40", Framed-Netmask = "255.255.255.255", Fall-Through = Yes DEFAULT Reply-Message = "Welcome to Pulaski Networks" Here's what I'm getting from radiusd -X: rad_recv: Access-Request packet from host 127.0.0.1:2645, id=102, length=67 User-Name = "[EMAIL PROTECTED]" User-Password = "youwish" Service-Type = Framed-User Framed-Protocol = PPP rad_lowerpair: User-Name now '[EMAIL PROTECTED]' modcall: entering group authorize for request 0 modcall[authorize]: module "preprocess" returns ok for request 0 radius_xlat: '/var/log/radius/radacct/2004/auth-detail-0214' rlm_detail: /var/log/radius/radacct/%Y/auth-detail-%m%d expands to /var/log/radius/radacct/2004/auth-detail-0214 modcall[authorize]: module "auth_log" returns ok for request 0 rlm_realm: Looking up realm "psknet.com" for User-Name = "[EMAIL PROTECTED]" rlm_realm: Found realm "psknet.com" rlm_realm: Proxying request from user troy to realm psknet.com rlm_realm: Adding Realm = "psknet.com" rlm_realm: Preparing to proxy authentication request to realm "psknet.com" modcall[authorize]: module "suffix" returns updated for request 0 users: Matched [EMAIL PROTECTED] at 8 users: Matched DEFAULT at 101 modcall[authorize]: module "files" returns ok for request 0 modcall: group authorize returns updated for request 0 Sending Access-Request of id 1 to 63.171.251.nn:1812 User-Name = "[EMAIL PROTECTED]" User-Password = "youwish" Service-Type = Framed-User Framed-Protocol = PPP NAS-IP-Address = 127.0.0.1 Proxy-State = 0x313032 --- Walking the entire request list --- Waking up in 6 seconds... rad_recv: Access-Accept packet from host 63.171.251.nn:1812, id=1, length=54 Reply-Message = "Welcome to Pulaski Networks" Proxy-State = 0x313032 modcall: entering group post-proxy for request 0 attr_filter: Matched entry DEFAULT at line 85 modcall[post-proxy]: module "attr_filter" returns updated for request 0 modcall: group post-proxy returns updated for request 0 rad_lowerpair: User-Name now '[EMAIL PROTECTED]' authorize: Skipping authorize in post-proxy stage rad_check_password: Found Auth-Type rad_check_password: Auth-Type = Accept, accepting the user Login OK: [EMAIL PROTECTED] (from client localhost port 0) Sending Access-Accept of id 102 to 127.0.0.1:2645 Finished request 0 Finally, here's the output of radclient: $ cat testlogin | radclient localhost auth testing123 Received response ID 102, code 2, length = 20 Note that the Reply-Message received from the other server was filtered out with the attr_filter. Thanks for any help anyone can give on this. -- Troy Settle Pulaski Networks http://www.psknet.com 866.477.5638 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html