On Tue, Sep 11, 2012 at 3:54 PM, Mihajlo Joksimovic <mihajlo.joksimo...@adfinis-sygroup.ch> wrote:
> IPhone test: > rad_recv: Access-Request packet from host 10.119.12.2 port 1318, id=21, > length=197 > Message-Authenticator = 0x24691ccd1f2040d828405d72ef7189ec > > Service-Type = Framed-User > User-Name = "nadine.bosshard" > Framed-MTU = 1488 > Called-Station-Id = "204E7FE98EF3:TCSVO-Intern" > Calling-Station-Id = "9803D861E85C" > NAS-Identifier = "aptcsvo02" > NAS-Port-Type = Wireless-802.11 > Connect-Info = "CONNECT 54Mbps 802.11g" > EAP-Message = 0x02000014016e6164696e652e626f737368617264 > NAS-IP-Address = 10.119.12.2 > NAS-Port = 1 > NAS-Port-Id = "STA port # 1" > +- entering group authorize > ++[preprocess] returns ok > ++[chap] returns noop > ++[mschap] returns noop > rlm_realm: No '@' in User-Name = "nadine.bosshard", looking up realm > NULL > rlm_realm: No such realm "NULL" > ++[suffix] returns noop > rlm_eap: EAP packet type response id 0 length 20 > rlm_eap: No EAP Start, assuming it's an on-going EAP conversation There should be other lines before that. Like the ones that says it's using inner-tunnel? > rlm_unix: [nadine.bosshard]: invalid shell [/bin/false] > ++[unix] returns reject Did you read that line? You have "unix" in authorize section of inner tunnel. And user nadine.bosshard is not allowed to login to the system (invalid shell). FR does the right thing. Comment-out that line in inner tunnel. Your radlogin test succeed because you don't have "unix" in authorize section of default virtual server. See how important complete debug logs are? ... and seriously, upgrade. There are many known bugs fixed since 2.0.x. And if you can edit the configuration freely by hand, you should be able to upgrade. -- Fajar - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html