Alan,
Radius -X is always on, and I went through the clients.conf file. -X gives a lot information, since you asked here is my understanding. I'm not a programmer so some of them are cryptic to me. I put in comments to what I think they are, but they are only guesses. I would be very thankful if you can shed lights on them. Also, there is file experimental.conf stated in eap.conf, but did not exist. It may have some useful information. r...@crest raddb]# radtest cisco cisco 127.0.0.1 200 testing123 Sending Access-Request of id 187 to 127.0.0.1 port 1812 User-Name = "cisco" User-Password = "cisco" NAS-IP-Address = 127.0.0.1 NAS-Port = 200 rad_recv: Access-Request packet from host 127.0.0.1 port 43663, id=187, length=57 User-Name = "cisco" User-Password = "cisco" NAS-IP-Address = 127.0.0.1 NAS-Port = 200 +- entering group authorize {...} ++[preprocess] returns ok ;what is preprocess and what does it do? ++[chap] returns noop ;I can tell that chap was not selected as a protocol, right? ++[mschap] returns noop ;as above [suffix] No '@' in User-Name = "cisco", looking up realm NULL ;why @ is expected in a name or password? [suffix] No such realm "NULL" ;what this mean? ++[suffix] returns noop [eap] No EAP-Message, not doing EAP ;eap is not auth protocol. ++[eap] returns noop ++[unix] returns notfound ;what is this? ++[files] returns noop ? ++[expiration] returns noop ? ++[logintime] returns noop ? [pap] WARNING! No "known good" password found for the user. Authentication may fail because of this. ;I do have a password (cisco). ++[pap] returns noop No authenticate method (Auth-Type) configuration found for the request: Rejecting the user ;this look like authentication protocol is a must before the process can work, however, eap.conf file is there and eap is uncommented out with it's arguments. ? Failed to authenticate the user. Using Post-Auth-Type Reject +- entering group REJECT {...} [attr_filter.access_reject] expand: %{User-Name} -> cisco attr_filter: Matched entry DEFAULT at line 11 ++[attr_filter.access_reject] returns updated Delaying reject of request 5 for 1 seconds Going to the next request Waking up in 0.9 seconds. Sending delayed reject for request 5 Sending Access-Reject of id 187 to 127.0.0.1 port 43663 Waking up in 4.9 seconds. rad_recv: Access-Reject packet from host 127.0.0.1 port 1812, id=187, length=20 [r...@crest raddb]# Cleaning up request 5 ID 187 with timestamp +411 Ready to process requests. Rgrds, Alex -----Original Message----- From: freeradius-users-bounces+alexbahoor=sbcglobal....@lists.freeradius.org [mailto:freeradius-users-bounces+alexbahoor=sbcglobal....@lists.freeradius.o rg] On Behalf Of Alan Buxey Sent: Thursday, December 10, 2009 2:07 AM To: FreeRadius users mailing list Subject: Re: Testing radius server Hi, > Now I know it's a config issue in the clients.conf, as radtest is failing. I > set user name and password, but radius is sending a reject. This is the > first time I'm using radius. So please bear with me. Can some one mail me > example of the minimum required configuration that needed for the radius to > work, no EAP or MSCAP ..etc. hey, guess what - 'radiusd -X' this will be far more useful than throwing random recommendations to you. have you followed basic guidance regarding hwo to use clients.conf eg testuser Cleartext-Password := "testpassword" alan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html __________ Information from ESET NOD32 Antivirus, version of virus signature database 4674 (20091209) __________ The message was checked by ESET NOD32 Antivirus. http://www.eset.com __________ Information from ESET NOD32 Antivirus, version of virus signature database 4676 (20091210) __________ The message was checked by ESET NOD32 Antivirus. http://www.eset.com __________ Information from ESET NOD32 Antivirus, version of virus signature database 4676 (20091210) __________ The message was checked by ESET NOD32 Antivirus. http://www.eset.com
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html