I am new to FreeRADIUS so please be patient with me. I am scouring the docs as I write this but so far I have been stumped. Below I have included the debug output of my server when I send it a authentication request.
You will see that the user is found and authenticated by the "ntlm_auth_Cru" module, however the user is still rejected bec the server says no auth-type was configured for the request. Any help is appreciated. I have the following lines in my users file: ----------------- DEFAULT Auth-Type := ntlm_auth Fall-Through = Yes ----------------- I also have the following in my radius.conf: ------------------ redundant ntlm_auth { group { ntlm_auth_Cru { reject = 1 ok = return } ntlm_auth_UMHB { reject = 1 ok = return } } } ------------------ Here is the debug output: ------------------ rad_recv: Access-Request packet from host 10.2.1.75 port 46841, id=239, length=51 User-Name = "image" User-Password = "image" NAS-IP-Address = 10.2.1.75 Tue Jul 27 13:01:03 2010 : Info: +- entering group authorize {...} Tue Jul 27 13:01:03 2010 : Info: ++[preprocess] returns ok Tue Jul 27 13:01:03 2010 : Info: ++- entering group ntlm_auth {...} Tue Jul 27 13:01:03 2010 : Info: +++- entering group {...} Tue Jul 27 13:01:03 2010 : Info: [ntlm_auth_Cru] expand: --username=%{mschap:User-Name} -> --username=image Tue Jul 27 13:01:03 2010 : Info: [ntlm_auth_Cru] expand: --password=%{User-Password} -> --password=image Tue Jul 27 13:01:03 2010 : Debug: Exec-Program output: NT_STATUS_OK: Success (0x0) Tue Jul 27 13:01:03 2010 : Debug: Exec-Program-Wait: plaintext: NT_STATUS_OK: Success (0x0) Tue Jul 27 13:01:03 2010 : Debug: Exec-Program: returned: 0 Tue Jul 27 13:01:03 2010 : Info: ++++[ntlm_auth_Cru] returns ok Tue Jul 27 13:01:03 2010 : Info: +++- group returns ok Tue Jul 27 13:01:03 2010 : Info: ++- group ntlm_auth returns ok Tue Jul 27 13:01:03 2010 : Info: ++[expiration] returns noop Tue Jul 27 13:01:03 2010 : Info: ++[logintime] returns noop GOT CLONE -1208792368 0x9f8ff70 Tue Jul 27 13:01:03 2010 : Debug: rlm_perl: PacketFence SWITCH: 10.2.1.75 Tue Jul 27 13:01:03 2010 : Debug: rlm_perl: PacketFence MAC: Tue Jul 27 13:01:03 2010 : Debug: rlm_perl: PacketFence USER: image Tue Jul 27 13:01:03 2010 : Debug: rlm_perl: Added pair User-Name = image Tue Jul 27 13:01:03 2010 : Debug: rlm_perl: Added pair User-Password = image Tue Jul 27 13:01:03 2010 : Debug: rlm_perl: Added pair NAS-IP-Address = 10.2.1.75 Tue Jul 27 13:01:03 2010 : Info: ++[perl] returns ok Tue Jul 27 13:01:03 2010 : Info: No authenticate method (Auth-Type) configuration found for the request: Rejecting the user Tue Jul 27 13:01:03 2010 : Info: Failed to authenticate the user. Tue Jul 27 13:01:03 2010 : Info: Using Post-Auth-Type Reject Tue Jul 27 13:01:03 2010 : Info: +- entering group REJECT {...} Tue Jul 27 13:01:03 2010 : Info: [attr_filter.access_reject] expand: %{User-Name} -> image Tue Jul 27 13:01:03 2010 : Debug: attr_filter: Matched entry DEFAULT at line 11 Tue Jul 27 13:01:03 2010 : Info: ++[attr_filter.access_reject] returns updated Tue Jul 27 13:01:03 2010 : Info: Delaying reject of request 0 for 1 seconds Tue Jul 27 13:01:03 2010 : Debug: Going to the next request Tue Jul 27 13:01:03 2010 : Debug: Waking up in 0.8 seconds. Tue Jul 27 13:01:04 2010 : Info: Sending delayed reject for request 0 Sending Access-Reject of id 239 to 10.2.1.75 port 46841 Tue Jul 27 13:01:04 2010 : Debug: Waking up in 4.9 seconds. Tue Jul 27 13:01:09 2010 : Info: Cleaning up request 0 ID 239 with timestamp +26 Tue Jul 27 13:01:09 2010 : Debug: Ready to process requests. ------------------ PS: I know it is not best practice to specify the default auth-type but this is a single purpose server and I know what types of requests are going to come to it, anything other than what I want should be discarded. Jake Sallee Godfather Of Bandwidth Network Engineer Fone: 254-295-4658 Phax: 254-295-4221 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html