Re: Querry on localhost testing
In his inimicable (?) style, Alan DeKok wrote: > "Rudramuni PH" <[EMAIL PROTECTED]> wrote: > > Full Debug in formation > ... > Go back and read it. The answer to your question is in the > debug log you posted to the list. Alan, to you it is insanely obvious, to a first timer reading hundreds of lines of "potentially" useful output, the critical bits are "buried in the noise" -- would it have really taken that long for you to say: > Full Debug in formation [...] > rad_recv: Access-Request packet from host 127.0.0.1:1025, id=152, length=57 [...] > User-Name = "rudra" > User-Password = "rudra" > NAS-IP-Address = 255.255.255.255 > NAS-Port = 10 This [hopefully obvious] section shows you what the server parsed out of the request > users: Matched DEFAULT at 152 This important line tells you what the server believes to be the "user" to be validated [...] > rad_check_password: Found Auth-Type System this important line tells us that we'll be looking up the user in the /etc/passwd file, i.e., we expect the user to be a regular user of the linux server itself > modcall[authenticate]: module "unix" returns notfound > modcall: group authenticate returns notfound > auth: Failed to validate the user. and as you might imagine, we don't find a user called "rudra" in the system. Things to check: [ok alan, this is where it gets subjective, and I'm sure for you overly repetitive -- NOW you can refer someone to a FAQ (if it's in there) and specifically WHERE in the FAQ to start looking] -- the conf file to figure out why the wrong authentication method was being used [i.e., "system"] -- the user's file to figure out why the user "rudra" wasn't found/matched -- any databases in use? properly configured? right "op" values? Not the exact answer, but some directions for someone new to this to start looking... -- Yet another Blog: http://osnut.homelinux.net pgp0.pgp Description: signature
RE: NAS under Linux with iptables.
Look at www.nocat.net It uses iptables to control access, and can be connected to freeradius Kveðja / Best regards / ด้วยความคิดถึง Brynjar Hauksson ICQ# 15512204 -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Rio Martin. Sent: Monday, August 11, 2003 12:20 PM To: [EMAIL PROTECTED] Subject: NAS under Linux with iptables. Dear all, I build and run Freeradius-0.9.0 under my Linux-2.4.21 The plan is i want to build NAS under Linux with iptables under the same machines, together with the FreeRadius server. Please let me know if there is anyone in this list know somekind of tools used to build NAS under Linux with iptables. Thanks .. Regards, Rio Martin. -- Violence is the last refuge of the incompetent. -- Salvor Hardin - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Newbie - need help urgently, help appreciated
Lee Puay Yong <[EMAIL PROTECTED]> wrote: > 1.Does freeradius support LEAP authentication against ldap > database. No. > I tried to set authorize to LDAP and authentication to EAP but no > progress so far (maybe I missed somthing). It will be nice if > someone can send me a wokring copy of the radiusd.conf and the users > file. If you can configure the server to do PAP authentication by using LDAP for 'authorize', and NOT using LDAP for 'authenticate', then that should also work for LEAP. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: FreeRadius Authentification Problem
Hi Serg - Original Message - From: "Serg Shipaev" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Wednesday, August 06, 2003 1:44 PM Subject: Re: FreeRadius Authentification Problem > Serg Shipaev wrote: > > That's a trouble: > secret keys in clients, clients.conf and in NAS server are the same! > > I think that's a trouble of MS-CHAP (MD5 I think) authentification. > The NAS client is a software of Cisco VoIP gateway type. > what about the naslist file? Atanu Das, S S NetCom Pvt. Ltd. Shillong http://www.ssnetcom.com - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: FreeRadius Authentification Problem
Serg Shipaev <[EMAIL PROTECTED]> wrote: > Yes, I see it. > But, I meant authentification process for NAS, not for any client of > this NAS. NASes are never authenticated. > As I understand, of RADIUS authentification process, > the 1-step is check NAS, > then aaa for client of this NAS. Can you say where you got this idea from? The RADIUS RFC's say nothing about that. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: caller id ?
> > check your detail files for Called-Station-Id > > If you dont have the information in the detail files, then your NAS is > not sending the information, may be because the lines attached are not > configured to get called-id > Actually, I think he means the detail stored in 'Calling-Station-Id': Called-Station-Id: The number called by the client to connect to the NAS (eg: The ISPs number) Calling-Station-Id: The number of the client themselves. Either way, the NAS/telephone system needs to be configured to provide all these things before you can even worry about them in RADIUS. Fenn. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
CHAP - NT-Domain authentication
Hello List I know there is a often discussed question! -sorry ;-)) But do you see any chance to authenticate with chap on a NT-Domain. - Maybe with a batch to export the passwords as cleartext! - Or with a domain - ldap configuration I don´t know Are the any tool´s (URL) which export the NT-Domain passwords in cleartext? thx christian - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Authentication, Authorization process
Hello, In FreeRADIUS, authorization is done before authentication. Is that a proper sequence regarding the standard RADIUS concept? For example, when a user mistypes the password, FreeRADIUS still send out the attributes to RADIUS client. Would that be an issue (ie, security, loading, ...)? Best Regards, Bush - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Unknown Problem
"Jason Coutermarsh" <[EMAIL PROTECTED]> wrote: > I'm using freeRadius with a Netgear ME103 wireless access point. I have > the latest CVS build (as of Aug 8 afternoon). I first get an > Access-Accept, and then it just seems to keep sending challenges. I > can't find any errors in the log, so I don't know what to search for > through the archives. Does anyone have any idea what's going on? The AP and/or the wireless client don't like the Access-Accept. The only way to solve the problem is to figure out *why* they don't like it. And there's little to nothing you can look at on the server, to debug problems with the AP/client. With the wireless clients I've used, I sometimes see it authenticate, wait ~3 seconds, and try again. The second time always succeeds. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: checkrad always returning 0? --
well what I would do is printing something else to test if the checkrad script is working until there. like print("hello"); :) and then just before $telnet->print("list connections"); you can put like sleep(60); so it will sleep 60 seconds so you can see if your user is already inside this netserver thing :) never seen one so...if its not there then you can be sure that checkrad is having trouble. If the user is not there but hello prints then you will know there is a problem with the telnet connection. you can not print $curline because its an array... you can try foreach $line (@curline) { print($line); } this would print each element of the currline array so after you test these you can return back to me :) by the way my icq number is 913003 if you would prefer that. well I just canceled my previous email after I pressed send because there was a semicolon missing after print :) just be careful... Evren Ray wrote: On Wednesday 06 August 2003 23:44, you wrote: did you realize these? # uncomment this if you use the standard # prefixes #$user =~ s/^[PSC]//; #$user =~ s/\.(ppp|slip|cslip)$//; we aren't using prefixes as far as i know. you can perhaps put print($user); right after these and you should see all the users in the nas from the output also you might figure out what is wrong dont put it inside the if clause though :) well you can let us know what you get? tried putting a print $user in different places, and for some reason they don't print anything. but then i don't know perl, so i might be doing this wrong too. while ($curprompt ne "\>") { ($curline, $curprompt) = $telnet->waitfor ( String => "\>", Timeout => 10); $ok = $telnet->print(""); push @curlines, split(/^/m, $curline); print($curline); } ... # # Check to see if $user is already connected # print($user); if ($user eq $ARGV[3]) { and i modified the print statement about user not found just to make sure i'm editing the correct module and file. (and i am) what does the output of list connections command look like? HiPer>> list connections CONNECTIONS Start Start IfName User Name Type DLL DateTime slot:1/mod:1jd613 DIALIN PPP 06-AUG-2003 13:58:58 slot:1/mod:2david DIALIN PPP 06-AUG-2003 08:50:36 slot:1/mod:3allonmy DIALIN PPP 06-AUG-2003 11:03:46 Ray wrote: On Wednesday 06 August 2003 22:13, you wrote: for one thing, download latest release 0.9 something and try the checkrad which comes inside... then did you set etc/clients.conf and etc/naspasswd ? what did you set ? the important thing is nastype login and password ... what kind of nas do you have? etc. if you use snmp, did you try to see manually if you can connect to nas? do you have ucd snmp... and blah blah, and if you use telnet is Net::Telnet installed? perl module... etc/clients.conf and etc/naspassword are setup, but since i'm only calling checkrad manually at this point, only the naspassword file has any affect. i was getting an error about bad password before setting up naspassword, but the error message and documentation already got me past that problem. nas: i'm told it is USR/Total Control, but when i manually telnet into it and mimic the commands of the tc module, it doesn't do what it should. but the commands in the module for netserver are correct, so i'm using that. as for Net::Telnet, it is installed (3.02) snmp isn't being used since i'm not using a nas that checkrad needs snmp for, i'm not sure which version of snmp i have, but it doesn't seem like that would matter in this case where the modules are using telnet to check the nas. Ray wrote: trying to setup Simultaneous-Use and it is working so far, but i haven't succesfully setup checkrad with it. using freeRadius 0.8.1 checkrad -d netserver xx.xx.xx.4 366 user 22544538 and it keeps outputting Returning 0 (login ok) even when the user is on. i'm using MySQL for accounting and using NASIPAddress NASPortId UserName AcctSessionId from radacct for the paramaters to test checkrad what should i check or change to get that working? - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Querry Regarding Radius server running
Hi oliver Thanks for u r advice .. Sorry for sending again and again same querry can u tell me how to uninstall the free-radius from the linux regards rudra - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
What is the minimal attributes that must be in START, INTERIM UPDATE and STOP packets
Hello, I have no hardware NAS. I am just writing a radius client in Perl, and i am wondering what the radius server is expecting as minimal attributes in check items to honour STOP , INTERIM UPDATE AND STOP accounting request --- Peter Nixon <[EMAIL PROTECTED]> wrote: > On Fri August 8 2003 01:10, Aime wrote: > > Hello All, > > > > What are the minimal attributes to use to issue > > START , INTERIM UPDATE and STOP radius packet ? > > This is set on your NAS. Read the documentation for > your NAS and it shoudl > tell you how to enable these features. > > -- > > Peter Nixon > http://www.peternixon.net/ > PGP Key: http://www.peternixon.net/public.asc > > > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html __ Do you Yahoo!? Yahoo! SiteBuilder - Free, easy-to-use web site design software http://sitebuilder.yahoo.com - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
FR SQL flexibility
Hello! Is it possible, or could it be possible in the future to have users authenticated against different SQL tables/databases, optionally wven with different queries, depending on values of auth request attributes? Some way of dynamic definition of currently statically defined SQL queries and table names would really enhance the overall functionality and flexibility. For example, in my company's wireless environment, I'd like to have two kinds of authentication - MAC and VPN, and instead of having two separate radius servers it would be much nicer to have just two different tables (one with MAC addresses and the other with VPN usernames/passwords) and to chose appropriate table based on, say, NAS-IP-Address attribute. -- Best Regards, Sinisa Burina - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Linux Freeradius-.0.9.0 and Enterasys compatibility
[EMAIL PROTECTED] wrote: > already accept-request, but It is still prompting for username and > password. I think I have to put the attribute which is > "Enterasys:mgmt=su:policy=admin" somewhere. Could you advise me where to > put this attribute? I guess it makes sense if I put this in either > clients.conf or users file, but not sure what the command is. Hi Kiki, I´ve got an Enterasys (Cabletron SmartSwitch 6000) running with the following (example) entry in the users file: Reader Auth-Type := Local, User-Password == "readpass" Filter-Id = "Enterasys:version=1:mgmt=ro" Writer Auth-Type := Local, User-Password == "writepass" Filter-Id = "Enterasys:version=1:mgmt=rw" admin Auth-Type := Local, User-Password == "adminpass" Filter-Id = "Enterasys:version=1:mgmt=su" maybe it´s the entry you need... Regards, Arthur - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: Debian compilation problems
> From: Nicolas Baradakis > Sent: Thursday, 7 August 2003 7:19 PM > To: [EMAIL PROTECTED] > Subject: Re: Debian compilation problems > Jan Berkel wrote: > > Sevcik Berndt wrote: > > > checking for dbm_open in -lgdbm_compat... yes > > > configure: warning: FAILURE: rlm_dbm requires: (libndbm or libgdm). > > > configure: error: set --without-rlm_dbm to disable it explicitly. > > > configure: error: ./configure failed for src/modules/rlm_dbm > > > > this happens when using a new version of libgdbm (libgdbm3), but > > apparently on some systems the package builds ok (if an old version is > > still installed and hasn't been removed). > > > > try changing line 70 in src/modules/rlm_dbm/configure.in: > > - if test "x$ac_cv_lib_gdbm_dbm_open" != "xyes"; then > > + if test "x$ac_cv_lib_gdbm_compat_dbm_open" != "xyes"; then > > ... and after that run autoconf to generate a correct configure > script. > > It's the second time the problem shows up on the mailing lists, it > would be nice if a maintainer of freeradius corrects it in the CVS. >From the description above, wouldn't this fix break attempts to build with libgdbm2? Or was it just a typo the first time? -- = Paul "TBBle" Hampson Bubblesworth Pty Ltd (ABN: 51 095 284 361) [EMAIL PROTECTED] This is a one line proof...if we start sufficiently far to the left. -- Cambridge University Math Department - Random signature generator 3.0 by Paul "TBBle" Hampson = - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: very short password expiry
"Desmond Rivet" <[EMAIL PROTECTED]> wrote: > > Try the CVS snapshot from tomorrow. The EAP module has been > >massively re-written since 0.9, and that problem should NOT be > >occuring. > > Massively re-written? Off the top of your head, do you know what major > things are different? Anyway, I'll try the newest CVS tree. Thanks. I can actually understand the code in the EAP module now. I've removed ~20% of it, and re-arranged & re-named the rest. The result is that the execution flow through the module is simpler to understand, and generally better designed & implemented. There shouldn't be any externally visible changes, as the module will still do EAP. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Sample config on Redhat with proxy
On Wed August 6 2003 07:54, Michael Kearey wrote: > Dick Lau wrote: > > Hi All, > > > > I'm frist time try the radius server. May I ask who can post the > > freeradius on redhat here? Or where can I find the details study manuel? > > > > Thanks > > I found this > http://people.redhat.com/twoerner/SRPMS/freeradius-0.8.1-6.src.rpm > > It's handy, though is not up date version. You could use the rpm to > base a build from new source. There are up to date spec files for SuSE and RedHat as well as debian build files in the source tarball... It's really very easy :-) -- Peter Nixon http://www.peternixon.net/ PGP Key: http://www.peternixon.net/public.asc - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Login-Time Question
Hi, im having an odd problem and im sure its related to setup just cant seem to spool up the problem. I see that Login-Time can be specified in the USERS file where it seems to work fine... i just cant seem to get it to work fine in the SQL database ? Can it run in the sql database as an attribute ? If it can How do i do so ? Thanks Patrick XSInet -- I live in my own little world. But it's OK. They know me here. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Problem whis simulteneous logins
I am using Freeradius 0.8.1 and portslave. User's online time I define in var "Session-Timeout". "Session-Timeout" I get from billing system for each user by script (Exec-Program-Wait). I allow simulteneous logins with the same User Name. So in such case user's online time must be less in 2 times. How can I change Session-Timeout when one user alredy online and another one with the same UserName connects to the server. Please help me! -- Technical Support Administrator of "NARZAN" Network Double mailto:[EMAIL PROTECTED] - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: checkrad always returning 0?
did you realize these? # uncomment this if you use the standard # prefixes #$user =~ s/^[PSC]//; #$user =~ s/\.(ppp|slip|cslip)$//; you can perhaps put print($user); right after these and you should see all the users in the nas from the output also you might figure out what is wrong dont put it inside the if clause though :) well you can let us know what you get? what does the output of list connections command look like? Evren Ray wrote: On Wednesday 06 August 2003 22:13, you wrote: for one thing, download latest release 0.9 something and try the checkrad which comes inside... then did you set etc/clients.conf and etc/naspasswd ? what did you set ? the important thing is nastype login and password ... what kind of nas do you have? etc. if you use snmp, did you try to see manually if you can connect to nas? do you have ucd snmp... and blah blah, and if you use telnet is Net::Telnet installed? perl module... etc/clients.conf and etc/naspassword are setup, but since i'm only calling checkrad manually at this point, only the naspassword file has any affect. i was getting an error about bad password before setting up naspassword, but the error message and documentation already got me past that problem. nas: i'm told it is USR/Total Control, but when i manually telnet into it and mimic the commands of the tc module, it doesn't do what it should. but the commands in the module for netserver are correct, so i'm using that. as for Net::Telnet, it is installed (3.02) snmp isn't being used since i'm not using a nas that checkrad needs snmp for, i'm not sure which version of snmp i have, but it doesn't seem like that would matter in this case where the modules are using telnet to check the nas. Ray wrote: trying to setup Simultaneous-Use and it is working so far, but i haven't succesfully setup checkrad with it. using freeRadius 0.8.1 checkrad -d netserver xx.xx.xx.4 366 user 22544538 and it keeps outputting Returning 0 (login ok) even when the user is on. i'm using MySQL for accounting and using NASIPAddress NASPortId UserName AcctSessionId from radacct for the paramaters to test checkrad what should i check or change to get that working? - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Authentication problems with EAP/TLS (and Enterasys)
nastype = other has not worked. The situation is the same than before. I have also not the possibility to use an other AP. Berndt On Fri, 2003-08-08 at 13:33, diomedes wrote: > Hi, > Try to put in clients.conf, in the lines of the NAS the following attribute > nastype = other > > I had a similar problem and with that line all goes perfectly ( or nearly) > > Good luck > > Other possibility is to try authenticate with the same configuration but > with other AP, if it's possible. > > Regards. > Omar > > > Sevcik Berndt wrote: > > >I try to authenticate an XP Client via an Enterasys RoamaboutR2 Access > >Point with freeradius. But the client get never authenticated. My > >problem that I have no idea where I should search for the error. I used > >the www.impossiblereflex.xom/8021x/eap-tls-HOWTO.htm Howto for setup. > > > >Output from freeradius -X -A: > >Ready to process requests. > >rad_recv: Access-Request packet from host 10.0.4.14:1205, id=253, > >length=116 > >Message-Authenticator = 0x78a9e48d042ad1f7109083edf2b3146d > >User-Name = "Sevcik Berndt" > >NAS-IP-Address = 10.0.4.14 > >NAS-Port = 2 > >NAS-Port-Type = Wireless-802.11 > >Calling-Station-Id = "00-01-f4-ec-3d-7c" > >EAP-Message = 0x024400120153657663696b204265726e6474 > >Framed-MTU = 1000 > >modcall: entering group authorize > > modcall[authorize]: module "preprocess" returns ok > > rlm_eap: EAP packet type response id 68 length 18 > > rlm_eap: EAP Start not found > > modcall[authorize]: module "eap" returns updated > >rlm_realm: No '@' in User-Name = "Sevcik Berndt", looking up realm > >NULL > >rlm_realm: No such realm "NULL" > > modcall[authorize]: module "suffix" returns noop > >users: Matched DEFAULT at 152 > >users: Matched Sevcik Berndt at 216 > > modcall[authorize]: module "files" returns ok > >modcall: group authorize returns updated > > rad_check_password: Found Auth-Type EAP > >auth: type "EAP" > >modcall: entering group authenticate > > rlm_eap: EAP Identity > > rlm_eap: processing type tls > > rlm_eap_tls: Initiate > > rlm_eap_tls: Start returned 1 > > modcall[authenticate]: module "eap" returns handled > >modcall: group authenticate returns handled > >Sending Access-Challenge of id 253 to 10.0.4.14:1205 > >EAP-Message = 0x014500060d20 > >Message-Authenticator = 0x > >State = 0x1c0ccba6d22ad97dab13096d340f0290 > >Finished request 0 > >Going to the next request > >--- Walking the entire request list --- > >Waking up in 6 seconds... > >rad_recv: Access-Request packet from host 10.0.4.14:1205, id=254, > >length=196 > >Message-Authenticator = 0x31199cd93954566ea164f46ce86d6b59 > >User-Name = "Sevcik Berndt" > >State = 0x1c0ccba6d22ad97dab13096d340f0290 > >NAS-IP-Address = 10.0.4.14 > >NAS-Port = 2 > >NAS-Port-Type = Wireless-802.11 > >Calling-Station-Id = "00-01-f4-ec-3d-7c" > >Framed-MTU = 1000 > >EAP-Message = > >0x024500500d8000461603010041013d03013f3371da3a9bab75032c2c86afd3288de5d42d63265b6afe930d235a87d1df9a1600040005000a000900640062000300060013001200630100 > >modcall: entering group authorize > > modcall[authorize]: module "preprocess" returns ok > > rlm_eap: EAP packet type response id 69 length 80 > > rlm_eap: EAP Start not found > > modcall[authorize]: module "eap" returns updated > >rlm_realm: No '@' in User-Name = "Sevcik Berndt", looking up realm > >NULL > >rlm_realm: No such realm "NULL" > > modcall[authorize]: module "suffix" returns noop > >users: Matched DEFAULT at 152 > >users: Matched Sevcik Berndt at 216 > > modcall[authorize]: module "files" returns ok > >modcall: group authorize returns updated > > rad_check_password: Found Auth-Type EAP > >auth: type "EAP" > >modcall: entering group authenticate > > rlm_eap: Request found, released from the list > > rlm_eap: EAP_TYPE - tls > > rlm_eap: processing type tls > > rlm_eap_tls: Authenticate > > rlm_eap_tls: processing TLS > >rlm_eap_tls: Length Included > > eaptls_verify returned 11 > >undefined: before/accept initialization > >TLS_accept: before/accept initialization > > rlm_eap_tls: <<< TLS 1.0 Handshake [length 0041], ClientHello > >TLS_accept: SSLv3 read client hello A > > rlm_eap_tls: >>> TLS 1.0 Handshake [length 004a], ServerHello > >TLS_accept: SSLv3 write server hello A > > rlm_eap_tls: >>> TLS 1.0 Handshake [length 063c], Certificate > >TLS_accept: SSLv3 write certificate A > > rlm_eap_tls: >>> TLS 1.0 Handshake [length 00a0], CertificateRequest > >TLS_accept: SSLv3 write certificate request A > >TLS_accept: SSLv3 flush data > >TLS_accept:error in SSLv3 read client certificate A > >rlm_eap_tls: SSL_read Error > > Error code is . 2 > > SSL Error . 2 > >In SSL Handshake Phase > >In SSL Accept mode > > eaptls_process returned 13 > > modcall[authenticate]: module "eap" returns handl
Re: EAP and MAC Authentication worked once but it didn't twice.
Thanks a lot Alan. It is working now. I still don't understand, why if I leave the command "Auth-Type: EAP" the request packets are different and they have different information. I saw that, but I thought it was something wrong with the certificates and I spent lot of time with SSL. Any clue about the difference between the requests? Since I only removed the "Auth-type", Is the communication Client-Server different? I will check more on EAP, if you have good litterature to recomend, I would appreciate. Thank you a lot once again. Ivan Barrera - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html