ok
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: OK
confirm 940273Desafio AntiZona: participe do jogo de perguntas e respostas que vai dar 1 Renault Clio, computadores, câmeras digitais, videogames e muito mais!
radiusd core dumping on failed logins, ok for successful logins
Hi, I seem to have radiusd working fine with PAM now, however I have a strange core dump problem. Users can authenticate successfully, BUT when a user puts in an incorrect password, radiusd core dumps. pam_pass: function pam_authenticate FAILED for . Reason: Authentication failed Segmentation Fault(coredump) The PAM module I am using is the MIT pam_krb5 one, which otherwise works fine for other PAM enabled applications. Any ideas on this, anyone seen this behaviour before ? Mark strace output of radiusd pam_pass: function pam_authenticate FAILED for . Reason: Authentication failed write(1, " p a m _ p a s s : f u".., 87) = 87 Incurred fault #6, FLTBOUNDS %pc = 0xEEA04838 siginfo: SIGSEGV SEGV_MAPERR addr=0xEEA04838 Received signal #11, SIGSEGV [caught] siginfo: SIGSEGV SEGV_MAPERR addr=0xEEA04838 sigprocmask(SIG_SETMASK, 0xEF4D7DA0, 0x) = 0 sigaction(SIGSEGV, 0xEFFFD320, 0x) = 0 sigprocmask(SIG_SETMASK, 0xEF4E0AA0, 0x) = 0 setcontext(0xEFFFD4E0) Incurred fault #6, FLTBOUNDS %pc = 0xEEA04838 siginfo: SIGSEGV SEGV_MAPERR addr=0xEEA04838 Received signal #11, SIGSEGV [default] siginfo: SIGSEGV SEGV_MAPERR addr=0xEEA04838 *** process killed *** == radiusd debug output == Nothing to do. Sleeping until we see a request. rad_recv: Access-Request packet from host 10.129.162.198:2406, id=120, length=101 User-Name = "fred" User-Password = "fdsfsd" NAS-IP-Address = 10.129.162.198 NAS-Identifier = "sshd" NAS-Port = 1381 NAS-Port-Type = Virtual Service-Type = Authenticate-Only Calling-Station-Id = "fredpc1.wks.fred.com" modcall: entering group authorize modcall[authorize]: module "preprocess" returns ok rlm_chap: Could not find proper Chap-Password attribute in request modcall[authorize]: module "chap" returns noop modcall[authorize]: module "mschap" returns notfound rlm_realm: No '@' in User-Name = "fred", looking up realm NULL rlm_realm: No such realm NULL modcall[authorize]: module "suffix" returns noop users: Matched DEFAULT at 155 modcall[authorize]: module "files" returns ok modcall: group authorize returns ok rad_check_password: Found Auth-Type Pam auth: type "PAM" modcall: entering group authenticate pam_pass: using pamauth string for pam.conf lookup pam_pass: function pam_authenticate FAILED for . Reason: Authentication failed Segmentation Fault(coredump) - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
is ok
Do You Yahoo!? Yahoo! Net: La mejor conexión a internet y 25MB extra a tu correo por $100 al mes.
Re: EAP-TLS ok w/ xsupplicant, WinXP not
On Mon, Jun 02, 2003 at 07:51:56AM -0700, Sepp Rudel wrote: > Hi, > > I've configured FreeRADIUS 0.8.1+OpenSSL 0.9.7b, Cisco > AP 350 and a laptop with Linux+xsupplicant and > WinXP+SP1.. With Linux+xsupplicant everything works > like a charm but with WinXPSP1 after radiusd sends > Access-Accept WinXP thinks for a second and then just > shows "No wireless connection available." Any ideas > what needs to be done to get WinXP to work? Apply all the service packs you possibly can. http://support.microsoft.com/default.aspx?scid=kb;en-us;328658 (also, type '802.1x' into http://support.microsoft.com ) -- Adam Haberlach | Gravity: so consistent and predictable, yet [EMAIL PROTECTED] | frequently surprising. http://mediariffic.com | - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
EAP-TLS ok w/ xsupplicant, WinXP not
Hi, I've configured FreeRADIUS 0.8.1+OpenSSL 0.9.7b, Cisco AP 350 and a laptop with Linux+xsupplicant and WinXP+SP1.. With Linux+xsupplicant everything works like a charm but with WinXPSP1 after radiusd sends Access-Accept WinXP thinks for a second and then just shows "No wireless connection available." Any ideas what needs to be done to get WinXP to work? __ Do you Yahoo!? The New Yahoo! Search - Faster. Easier. Bingo. http://search.yahoo.com - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
access ok with FreeRadius router but not with cisco router.(Secondpart)
Hello all again. I have just discovered if I write this user rafa Auth-Type := Local, User-Password == "wilma" Service-Type = Framed-User, Framed-Protocol = PPP, cisco-avpair = "ipv6:prefix#1=4081:800:40:2c72::/64", cisco-avpair = "ipv6:route#1=4081:800:40:2c72::/64" cisco router (3600 IOS 12.2 reports) if I remove cisco-avpair = "ipv6:prefix#1=4081:800:40:2c72::/64", PAP works and link is established Could somebody explian me why? -- -- Rafael Marin Lopez Faculty of Computer Science-University of Murcia 30071 Murcia - Spain Telf: +34968364644 e-mail: [EMAIL PROTECTED] -- - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: access ok with FreeRadius router but not with cisco router.
This is my output. . Thu Mar 6 14:52:34 2003 : Debug: rlm_realm: No such realm NULL Thu Mar 6 14:52:34 2003 : Debug: modcall[authorize]: module "suffix" returns noop Thu Mar 6 14:52:34 2003 : Debug: users: Matched rafa at 102 Thu Mar 6 14:52:34 2003 : Debug: modcall[authorize]: module "files" returns ok Thu Mar 6 14:52:34 2003 : Debug: modcall: group authorize returns ok Thu Mar 6 14:52:34 2003 : Debug: rad_check_password: Found Auth-Type Local Thu Mar 6 14:52:34 2003 : Debug: auth: type Local Thu Mar 6 14:52:34 2003 : Debug: auth: user supplied CHAP-Password matches local User-Password As you can see freeradius sends a Access-Accept Sending Access-Accept of id 4 to 155.54.95.1:1645 Service-Type = Framed-User Framed-Protocol = PPP Cisco-AVPair = "ipv6:prefix#1=2001:800:40:2c72::/64 autconfig" Thu Mar 6 14:52:34 2003 : Debug: Finished request 4 . Evren Yurtesen escribió: run radius with -sxxx and perhaps you can figure out whats wrong then. On Thu, 6 Mar 2003, Rafa Marín López wrote: Hello all I have installed FreeRadius 0.8.1 and I have a CISCO 3600 and a FreeBSD 4.7 client. When client starts up a PPPoE connection to router , this one sends authentication information to FreeRadius server whose ouput is : Sending Access-Accept of id 18 to 155.54.95.1:1645 Service-Type = Framed-User Framed-Protocol = PPP Cisco-AVPair = "ipv6:prefix#1=2001:800:40:2c72::/64 autconfig" I understand FreeRadius is able to athenticate the user. However, CISCO router output is : Vi1 PPP: Authorization required 15:50:27: Vi1 PPP: Treating connection as a dedicated line 15:50:28: Vi1 PAP: I AUTH-REQ id 1 len 15 from "rafa" 15:50:28: Vi1 PAP: Authenticating peer rafa 15:50:28: Vi1 PPP: Sent PAP LOGIN Request to AAA 15:50:28: Vi1 PPP: Received LOGIN Response from AAA = FAIL 15:50:28: Vi1 PAP: O AUTH-NAK id 1 len 27 msg is "Authentication failure" :( could somebody help me? Thank you very much. -- -- Rafael Marin Lopez Faculty of Computer Science-University of Murcia 30071 Murcia - Spain Telf: +34968364644 e-mail: [EMAIL PROTECTED] -- - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- -- Rafael Marin Lopez Faculty of Computer Science-University of Murcia 30071 Murcia - Spain Telf: +34968364644 e-mail: [EMAIL PROTECTED] -- - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: access ok with FreeRadius router but not with cisco router.
run radius with -sxxx and perhaps you can figure out whats wrong then. On Thu, 6 Mar 2003, Rafa Marín López wrote: > Hello all > > I have installed FreeRadius 0.8.1 and I have a CISCO 3600 and a FreeBSD > 4.7 client. > > When client starts up a PPPoE connection to router , this one sends > authentication information to FreeRadius server whose ouput is : > > > Sending Access-Accept of id 18 to 155.54.95.1:1645 > Service-Type = Framed-User > Framed-Protocol = PPP > Cisco-AVPair = "ipv6:prefix#1=2001:800:40:2c72::/64 autconfig" > > I understand FreeRadius is able to athenticate the user. However, CISCO > router output is : > > > Vi1 PPP: Authorization required > 15:50:27: Vi1 PPP: Treating connection as a dedicated line > 15:50:28: Vi1 PAP: I AUTH-REQ id 1 len 15 from "rafa" > 15:50:28: Vi1 PAP: Authenticating peer rafa > 15:50:28: Vi1 PPP: Sent PAP LOGIN Request to AAA > 15:50:28: Vi1 PPP: Received LOGIN Response from AAA = FAIL > 15:50:28: Vi1 PAP: O AUTH-NAK id 1 len 27 msg is "Authentication failure" > > :( > > could somebody help me? > > Thank you very much. > > -- > -- > Rafael Marin Lopez > Faculty of Computer Science-University of Murcia > 30071 Murcia - Spain > Telf: +34968364644e-mail: [EMAIL PROTECTED] > -- > > > > > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html > - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
access ok with FreeRadius router but not with cisco router.
Hello all I have installed FreeRadius 0.8.1 and I have a CISCO 3600 and a FreeBSD 4.7 client. When client starts up a PPPoE connection to router , this one sends authentication information to FreeRadius server whose ouput is : Sending Access-Accept of id 18 to 155.54.95.1:1645 Service-Type = Framed-User Framed-Protocol = PPP Cisco-AVPair = "ipv6:prefix#1=2001:800:40:2c72::/64 autconfig" I understand FreeRadius is able to athenticate the user. However, CISCO router output is : Vi1 PPP: Authorization required 15:50:27: Vi1 PPP: Treating connection as a dedicated line 15:50:28: Vi1 PAP: I AUTH-REQ id 1 len 15 from "rafa" 15:50:28: Vi1 PAP: Authenticating peer rafa 15:50:28: Vi1 PPP: Sent PAP LOGIN Request to AAA 15:50:28: Vi1 PPP: Received LOGIN Response from AAA = FAIL 15:50:28: Vi1 PAP: O AUTH-NAK id 1 len 27 msg is "Authentication failure" :( could somebody help me? Thank you very much. -- -- Rafael Marin Lopez Faculty of Computer Science-University of Murcia 30071 Murcia - Spain Telf: +34968364644 e-mail: [EMAIL PROTECTED] -- - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: ok not to be a pain ..
Rick Harris <[EMAIL PROTECTED]> wrote: > "6767868764605" Auth-Type := Local, User-Password == "678766" > Service-Type = Framed-User, > Framed-Protocol = PPP, > Framed-IP-Address = 255.255.255.254, > Framed-IP-Netmask = 255.255.255.0, > Framed-Routing = Broadcast-Listen, > Framed-MTU = 1500, > Framed-Compression = Van-Jacobsen-TCP-IP > > is the entry ... Huh? Now you've totally broken it. > I killed any lines with just spaces and this is what came out ? No, you didn't. You deleted ALL spaces from ALL lines. I said to look for BLANK LINES with NO TEXT, and delete the spaces from them. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
ok not to be a pain ..
"6767868764605" Auth-Type := Local, User-Password == "678766" Service-Type = Framed-User, Framed-Protocol = PPP, Framed-IP-Address = 255.255.255.254, Framed-IP-Netmask = 255.255.255.0, Framed-Routing = Broadcast-Listen, Framed-MTU = 1500, Framed-Compression = Van-Jacobsen-TCP-IP is the entry and the error is (from /usr/local/sbin/radiusd -XX) Module: Loaded files files: usersfile = "/usr/local/etc/raddb/users" files: acctusersfile = "/usr/local/etc/raddb/acct_users" files: preproxy_usersfile = "/usr/local/etc/raddb/preproxy_users" files: compat = "no" /usr/local/etc/raddb/users[2]: Parse error (check) for entry Service-Type: expecting '=' Errors reading /usr/local/etc/raddb/users radiusd.conf[862]: files: Module instantiation failed. I killed any lines with just spaces and this is what came out ? Thank You ! -- Rick Harris Senior Linux Engineer Business Access (972) 931-4198 ext 239 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Ok, I think I need help...
"Chris Knipe" <[EMAIL PROTECTED]> wrote: > On the Radius Authentication (MySQL), what is the difference between the > *check* and *reply* queries, and why am I using both? See the 'users' file for exampls. See 'man 5 users' for more documentation. The general concept is "check to see if the request has FOO, and if so, reply with BAR". > I need to integrate the Radius into our existing management database, as I > am sure you can all understand, and to do this, I would most definitely need > a very clear understanding of how Radius works (I have this semi below the > belt), but also what information free Radius is looking for, and when! The server doesn't look for ANY information, other than what you configure it to look for. Read the files in the 'doc' directory. See 'doc/aaa.txt'. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Ok, I think I need help...
OK, Nothing like a big hit on the poor puter with a 10 minute break and a quick nicotine fix. I found my stupid problem, and it's sorted. I have a very basic Radius server running *woohooo* If I can just ask something else quickly. On the Radius Authentication (MySQL), what is the difference between the *check* and *reply* queries, and why am I using both? Sure, this may be a stupid question, and sure there may be some of you going *shrugs*, but bare with me OK... I never touched a RAS before in my life - I actually don't even have one yet... I need to integrate the Radius into our existing management database, as I am sure you can all understand, and to do this, I would most definitely need a very clear understanding of how Radius works (I have this semi below the belt), but also what information free Radius is looking for, and when! Sorry if it's stupid questions... I'm sure someone will find it in their hearts to help me :P -- me - Original Message - From: "Chris Knipe" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Saturday, November 02, 2002 10:11 AM Subject: Ok, I think I need help... > Yes, you're dealing with a newbie! LOL > > First ever radius server I attempt to setup, and I'm afraid to say it's > quite a tight one as well. Multiple realms, call-backs, vpns, just about > anything > > I've spend the night so far compiling it, and getting the DB structures in > order to expand a little bit on what is offered, so that I can use one DB > for multiple realms etc etc etc. > > Now, from the debug output, it would seem to me that the radius server does > the appropriate queries successfully, and retrieves the account password. > > Then, all of a sudden, this pops up... > > rlm_sql: Released sql socket id: 23 > modcall[authorize]: module "sql" returns ok > modcall: group authorize returns ok > rad_check_password: Found Auth-Type System > auth: type "System" > auth: Failed to validate the user. > > > I swear, I am missing something The question is what? If more info is > needed, please just ask, I'll be happy to provide! > > -- > me > > > > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Ok, I think I need help...
Yes, you're dealing with a newbie! LOL First ever radius server I attempt to setup, and I'm afraid to say it's quite a tight one as well. Multiple realms, call-backs, vpns, just about anything I've spend the night so far compiling it, and getting the DB structures in order to expand a little bit on what is offered, so that I can use one DB for multiple realms etc etc etc. Now, from the debug output, it would seem to me that the radius server does the appropriate queries successfully, and retrieves the account password. Then, all of a sudden, this pops up... rlm_sql: Released sql socket id: 23 modcall[authorize]: module "sql" returns ok modcall: group authorize returns ok rad_check_password: Found Auth-Type System auth: type "System" auth: Failed to validate the user. I swear, I am missing something The question is what? If more info is needed, please just ask, I'll be happy to provide! -- me - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: is ok
- Original Message - From: <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Tuesday, August 20, 2002 2:34 PM Subject: Freeradius-Users -- confirmation of subscription -- request 304190 > Freeradius-Users -- confirmation of subscription -- request 304190 > > We have received a request from 200.186.243.2 for subscription of your > email address, <[EMAIL PROTECTED]>, to the > [EMAIL PROTECTED] mailing list. To confirm the > request, please send a message to > [EMAIL PROTECTED], and either: > > - maintain the subject line as is (the reply's additional "Re:" is > ok), > > - or include the following line - and only the following line - in the > message body: > > confirm 304190 > > (Simply sending a 'reply' to this message should work from most email > interfaces, since that usually leaves the subject line in the right > form.) > > If you do not wish to subscribe to this list, please simply disregard > this message. Send questions to > [EMAIL PROTECTED] - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Authentication ok, now access...
With the kind help of Alan DeKok last week, I was able to configure the sending of properly formed accounting packets to my freeradius server, which successfully logged to mysql. And I can successfully authenticate a testuser. However, I am now having difficulty in the access stage. All of my users reside in ldap. They have an attribute radiusClass, which if set to "AnalogUser" should allow them access. I have the following lines in radiusd.conf: access_group = "ou=People,o=CTTEL,c=US" access_attr = radiusClass I can search successfully by doing an ldapsearch at the commandline for either the user, the radiusclass, or both. However, I am unsuccessful with radius. A log excerpt is below: rlm_ldap: performing search in ou=People,o=CTTEL,c=US, with filter (uid=gozilla) rlm_ldap: checking if remote access for gozilla is allowed by radiusClass rlm_ldap: checking user membership in dialup-enabling group ou=People,o=CTTEL,c=US radius_xlat: 'ou=People,o=CTTEL,c=US' radius_xlat: 'radiusClass' rlm_ldap: performing search in ou=People,o=CTTEL,c=US, with filter radiusClass rlm_ldap: ldap_search() failed: Bad search filter I might just be way off track right now... Thanks in advance for any help. -- Sincerely, Michael Klatsky Senior Unix Administrator Connecticut Telephone 1 Talcott Plaza Hartford, CT 06103 1-860-240-6496 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Expiration ok, Activation?
On Wed, 24 Apr 2002, Dirk Tanneberger wrote: > Date: Wed, 24 Apr 2002 17:52:56 +0200 > From: Dirk Tanneberger <[EMAIL PROTECTED]> > Reply-To: [EMAIL PROTECTED] > To: [EMAIL PROTECTED] > Subject: Re: Expiration ok, Activation? > > How can I find the synthax for Expiration attribute? For example, 26 Mar 2002 --- Aleksandr Kuzminsky,AK476-RIPE System Administrator, AK16-UANIC ISP NBI. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Expiration ok, Activation?
How can I find the synthax for Expiration attribute? regards Dirk Tanneberger - Original Message - From: "Alan DeKok" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Wednesday, April 24, 2002 4:26 PM Subject: Re: Expiration ok, Activation? > "Andrew Kelaidis" <[EMAIL PROTECTED]> wrote: > > I am using freeRADIUS version 0.5 (stable). I have noticed that there is an > > Expiration attribute which I can use. I want to know if there is any > > Activate date (like Criston Radius) attribute > > No, but there's a Current-Time attribute > > bob Current-Time < "Oct 2, 2002", Auth-Type := Reject > Reply-Message = "You're not allowed to log in yet" > > Although I forget what the exact format of the date string is... > > Alan DeKok. > > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html > > - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Expiration ok, Activation?
"Andrew Kelaidis" <[EMAIL PROTECTED]> wrote: > I am using freeRADIUS version 0.5 (stable). I have noticed that there is an > Expiration attribute which I can use. I want to know if there is any > Activate date (like Criston Radius) attribute No, but there's a Current-Time attribute bob Current-Time < "Oct 2, 2002", Auth-Type := Reject Reply-Message = "You're not allowed to log in yet" Although I forget what the exact format of the date string is... Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Expiration ok, Activation?
I am using freeRADIUS version 0.5 (stable). I have noticed that there is an Expiration attribute which I can use. I want to know if there is any Activate date (like Criston Radius) attribute Thanx a lot. Kelaidis Andrew N.O.C. TEI of Athens, Greece _ Send and receive Hotmail on your mobile device: http://mobile.msn.com - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: acs ok with Cisco router but not with Freeradius.
"Armando Poyaoan" <[EMAIL PROTECTED]> wrote: > Regarding reply from ACS and from FreeRADIUS both are the same > "Service-Type(Framed-User), and > Framed-Protocol(PPP). The fact is that not all users are being droped using > FreeRADIUS. Are ALL attributes of the reply the same? If so, then the problem is the NAS, not the RADIUS server. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: acs ok with Cisco router but not with Freeradius.
DCLewis <[EMAIL PROTECTED]> wrote: >Hi Armando: > >Could you please post your pertenant Cisco 7206 config entries. I may be= > able to >assist you. I too have a 7206 and I am providing ADSL thru it. I have b= >een using >Cistron Radius which is what FreeRadius is derived from and I am migratin= >g from >Cistron to FreeRadius. I haven't tried to auth a dsl user thru FreeRadiu= >s but I >have been using Cistron for quite sometime and have no problems with DSL. Hi Doug, Thanks for your reply, below you can see the pertenant config entries. version 12.1 no service pad service tcp-keepalives-in service tcp-keepalives-out service timestamps debug datetime localtime show-timezone service timestamps log datetime localtime show-timezone service password-encryption ! hostname rome_7206_2 ! boot bootstrap tftp c7200-js-mz.121-4.bin 255.255.255.255 boot system flash c7200-js-mz.121-6.bin aaa new-model aaa authentication ppp default group radius local aaa authorization network default group radius local aaa accounting network default start-stop group radius enable secret 5 $1$UflG$rOB./VhBAYjW4.ejMkGeK/ interface ATM2/0.14 multipoint description *** ADSL urbano *** no ip mroute-cache ! pvc armando 14/104 ! pvc armando1 14/106 ! pvc ip_static 14/108 encapsulation aal5mux ppp Virtual-Template1 ! pvc pida 14/105 ! pvc ip_static1 14/100 encapsulation aal5mux ppp Virtual-Template1 ! pvc armando2 14/107 ! ! interface Virtual-Template1 description ***ip static*** ip unnumbered Loopback0 no ip route-cache cef ip mroute-cache no peer default ip address ppp authentication chap ! interface Virtual-Template2 description *** ip pool dynamic *** ip unnumbered Loopback0 no ip route-cache cef ip mroute-cache peer default ip address pool ip_pool ppp authentication chap ! ip local pool ip_pool 172.17.7.1 172.17.7.255 Hoping to hear from you soon. Regards, Armando - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: acs ok with Cisco router but not with Freeradius.
"Alan DeKok" <[EMAIL PROTECTED]> wrote: > The problem isn't ACS or FreeRADIUS, or the router. The problem is >that the router is expecting certain attributes, and it is not getting >them. That is, you've configured FreeRADIUS to send back *different* >attributes to the router than ACS. > > Find out what reply is being sent from ACS. Configure FreeRADIUS to >send the same kind of replies. It will work. > > Alan DeKok. Hi Alan, Regarding reply from ACS and from FreeRADIUS both are the same "Service-Type(Framed-User), and Framed-Protocol(PPP). The fact is that not all users are being droped using FreeRADIUS. Thanks in Advance, Armando - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
R: acs ok with Cisco router but not with Freeradius.
>Da: Scott Bartlett [mailto:[EMAIL PROTECTED]] wrote: >Inviato: martedì 26 marzo 2002 17.59 >A: [EMAIL PROTECTED] >Oggetto: Re: acs ok with Cisco router but not with Freeradius. > > >Armando, > >We're currently about to switch from ACS to using FreeRadius (after months >of flapping about!). I've used FR with a test Cisco 3640 router using >dial-up and it worked fine. > >However, we had a vaguely similar problem to yours with a different Cisco >router (a 3620 which was going to temporarily take over service from >another live 3640 we have). > >The 3620 authenticated with the RADIUS OK but then dropped certain user >accounts (but not all accounts) for reasons I could never explain - we >re-IOS'd it, it still happened, and we gave up with it as we needed to keep >service running (we went back to an older 3640 chassis). The 3620 did that >using ACS as the RADIUS, not FR, so I think it was the router, or at least >something about the version(s) of IOS it had. Swapping back in the 3640 >and the problem went away... > >The 3640 I'm using to test FR only has an old 11.2 release on it which I >haven't updated... so maybe there's something there. I haven't had time to >test further yet, but maybe this is something to investigate? > >This probably doesn't help you though... sorry... ! > >Regards, > >SB > >Scott Bartlett >BTA Limited, 100 High Street Wandsworth, London SW18 4LA, United Kingdom < >e: [EMAIL PROTECTED]v: +44 (0)20 8871 4240 f: +44 (0)20 8871 4584 > >Network Consultancy and Support for Windows 9x/NT and MacOS. >Internet connectivity, solutions, and business services. >http://www.bta.com. Scott, Thanks for your reply, I think we still have much investigation to do regarding this issue. If you find a solution please let me know. Thanks again in advance. Armando - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: acs ok with Cisco router but not with Freeradius.
"Armando Poyaoan" <[EMAIL PROTECTED]> wrote: > Im trying to migrate from ACS to Freeradius but it seems that there is a > problem > on the router side, authentication ok, but the router drops the user if I > use Freeradius, > but with ACS all is ok. The problem isn't ACS or FreeRADIUS, or the router. The problem is that the router is expecting certain attributes, and it is not getting them. That is, you've configured FreeRADIUS to send back *different* attributes to the router than ACS. Find out what reply is being sent from ACS. Configure FreeRADIUS to send the same kind of replies. It will work. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: acs ok with Cisco router but not with Freeradius.
Armando Poyaoan wrote: > Hi to everybody, > > Im trying to migrate from ACS to Freeradius but it seems that there is a > Further information: > I tried using Freeradius .04 and Freeradius .05 with mysql database the > result is still the same. > The router which I enabled the debug is a Cisco 7206 for ADSL. Hi Armando: Could you please post your pertenant Cisco 7206 config entries. I may be able to assist you. I too have a 7206 and I am providing ADSL thru it. I have been using Cistron Radius which is what FreeRadius is derived from and I am migrating from Cistron to FreeRadius. I haven't tried to auth a dsl user thru FreeRadius but I have been using Cistron for quite sometime and have no problems with DSL. -- ~~~| (o- Doug Lewis, Systems Administrator -o)| //\ S&T Telephone, Internet division/\\| V_/_WWW.ST-TEL.NET _\_V| - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
acs ok with Cisco router but not with Freeradius.
Hi to everybody, Im trying to migrate from ACS to Freeradius but it seems that there is a problem on the router side, authentication ok, but the router drops the user if I use Freeradius, but with ACS all is ok. Below you can see the debug made on the router (debug aaa authentication). This is the debug on a router using Freeradius, you can see that status = PASS so authentication Is ok but it drops the user (: free_user (0x6258F9A0) user='armando' ruser='') Mar 26 15:13:33 UTC: AAA: parse name=Virtual-Access11 idb type=21 tty=-1 Mar 26 15:13:33 UTC: AAA: name=Virtual-Access11 flags=0x11 type=5 shelf=0 slot=0 adapter=0 port=11 channel=0 Mar 26 15:13:33 UTC: AAA: parse name= idb type=-1 tty=-1 Mar 26 15:13:33 UTC: AAA/MEMORY: create_user (0x6258F9A0) user='armando' ruser='' port='Virtual-Access11' rem_addr='' authen_type=CHAP service=PPP priv=1 Mar 26 15:13:33 UTC: AAA/AUTHEN/START (1155600932): port='Virtual-Access11' list='' action=LOGIN service=PPP Mar 26 15:13:33 UTC: AAA/AUTHEN/START (1155600932): using "default" list Mar 26 15:13:33 UTC: AAA/AUTHEN/START (1155600932): Method=radius (radius) Mar 26 15:13:33 UTC: AAA/AUTHEN (1155600932): status = PASS Mar 26 15:13:33 UTC: AAA/MEMORY: free_user (0x6258F9A0) user='armando' ruser='' port='Virtual-Access11' rem_addr='' authen_type=CHAP service=PPP priv=1 Below is the debug on a router using ACS, status = PASS and Line protocol on Interface Virtual-Access11, changed state to up all is ok it does not drop the user. Mar 26 15:20:07 UTC: AAA: parse name=Virtual-Access11 idb type=21 tty=-1 Mar 26 15:20:07 UTC: AAA: name=Virtual-Access11 flags=0x11 type=5 shelf=0 slot=0 adapter=0 port=11 channel=0 Mar 26 15:20:07 UTC: AAA: parse name= idb type=-1 tty=-1 Mar 26 15:20:07 UTC: AAA/MEMORY: create_user (0x6258F954) user='armando' ruser='' port='Virtual-Access11' rem_addr='' authen_type=CHAP service=PPP priv=1 Mar 26 15:20:07 UTC: AAA/AUTHEN/START (984776533): port='Virtual-Access11' list='' action=LOGIN service=PPP Mar 26 15:20:07 UTC: AAA/AUTHEN/START (984776533): using "default" list Mar 26 15:20:07 UTC: AAA/AUTHEN/START (984776533): Method=radius (radius) Mar 26 15:20:22 UTC: AAA/AUTHEN (984776533): status = PASS Mar 26 15:20:23 UTC: %LINEPROTO-5-UPDOWN: Line protocol on Interface Virtual-Access11, changed state to up Further information: I tried using Freeradius .04 and Freeradius .05 with mysql database the result is still the same. The router which I enabled the debug is a Cisco 7206 for ADSL. Hoping to here from somebody soon. Thanks in advance. Armando - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
If everthink is OK why I am rejected?
If everthink is OK why I am rejected? -- rlm_sql: Released sql socket id: 4 modcall[authorize]: module "sql" returns ok users: Matched DEFAULT at 148 modcall[authorize]: module "files" returns ok modcall: group authorize returns ok rad_check_password: Found Auth-Type System auth: type "System" auth: Failed to validate the user. Login incorrect: [fredf/wilma] (from nas workst port 0) Sending Access-Reject of id 0 to 10.100.100.226:2345 Finished request 1 Going to the next request --- Walking the entire request list --- Waking up in 6 seconds... --- Walking the entire request list --- Cleaning up request 1 ID 0 with timestamp 3c92665f Nothing to do. Sleeping until we see a request. -- Thanks Jo __ Find, Connect, Date! http://personals.yahoo.ca - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RV:"IS OK" Freeradius-Users -- confirmation of subscription -- request 738699
-Mensaje original- De: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]En nombre de [EMAIL PROTECTED] Enviado el: miércoles, 20 de febrero de 2002 18:37 Para: [EMAIL PROTECTED] Asunto: Freeradius-Users -- confirmation of subscription -- request 738699 Freeradius-Users -- confirmation of subscription -- request 738699 We have received a request from 200.74.161.6 for subscription of your email address, <[EMAIL PROTECTED]>, to the [EMAIL PROTECTED] mailing list. To confirm the request, please send a message to [EMAIL PROTECTED], and either: - maintain the subject line as is (the reply's additional "Re:" is ok), - or include the following line - and only the following line - in the message body: confirm 738699 (Simply sending a 'reply' to this message should work from most email interfaces, since that usually leaves the subject line in the right form.) If you do not wish to subscribe to this list, please simply disregard this message. Send questions to [EMAIL PROTECTED] - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: OK!
Steve Sobol <[EMAIL PROTECTED]> wrote: > The Makefile generated by autoconf doesn't assign a value to > TARGET. TARGET should be set equal to rlm_ldap. The 'configure' script only sets TARGET if it thinks ldap is installed on your system. I'd suggest looking at why the configure script didn't find ldap. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: OK!
At 02:49 PM 1/31/2002 -0500, you wrote: >I just started working again on my problem with LDAP and rlm_ldap. I have >finally >figured out why rlm_ldap.c doesn't compile! > >The Makefile generated by autoconf doesn't assign a value to TARGET. >TARGET should be >set equal to rlm_ldap. > >Once I manually edited the makefile, voila, it worked. Did generate some >bugs, though. I hate when my fingers work faster than my brain. TARGET should be set equal to "rlm_ldap" (the character string) and "did generate some bugs" should read "did generate some compile-time errors" -- JustThe.net LLC - Steve "Web Dude" Sobol, CTO ICQ: 56972932/WebDude216 website: http://JustThe.net email: [EMAIL PROTECTED] phone: 216.619.2NET postal: 5686 Davis Drive, Mentor On The Lake, OH 44060-2752 DalNet: ZX-2 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
OK!
I just started working again on my problem with LDAP and rlm_ldap. I have finally figured out why rlm_ldap.c doesn't compile! The Makefile generated by autoconf doesn't assign a value to TARGET. TARGET should be set equal to rlm_ldap. Once I manually edited the makefile, voila, it worked. Did generate some bugs, though. I suspect the LDAP module expects to use OPENLDAP 2.0 and I am not using 2.0... More updates will be posted as I am able to post them. :) -- JustThe.net LLC - Steve "Web Dude" Sobol, CTO ICQ: 56972932/WebDude216 website: http://JustThe.net email: [EMAIL PROTECTED] phone: 216.619.2NET postal: 5686 Davis Drive, Mentor On The Lake, OH 44060-2752 DalNet: ZX-2 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
"Re:" is ok
confirm 785023
RE:(solved by myself and lots of hours. it was an stupid thing, as my) how to Test my first freeradius install ? OK fixed ! BUT other problem: (long logs) (server@192.168.122.254not responding)
>- Original Message - >From: Linux!audimed <[EMAIL PROTECTED]> >To: <[EMAIL PROTECTED]> >Sent: Sunday, December 02, 2001 3:12 AM >Subject: RE: how to Test my first freeradius install ? OK fixed ! BUT other >problem: (long logs) ([EMAIL PROTECTED] responding) > > > > > If I remember correctly, portslave by default tries to communicate with >a > > > RADIUS server using ports 1645 instead of the new standard 1812/1813. > > EXELENT!!! that it the port number ! > > portslave still use 1645 > > so I put a -p 1645 to the radiusd command > > and I get radius and portslave talking between > > boht machines 192.168.122.254 RadServer(254 on more) and > > 192.168.122.253 the RadClient (253 on more) > > I can see it doing "tail -f" on the logs > > it was fixed this way. > > But I cant still authenticate the user.Im using 3 > > machines for this test . I had the same problem with a Cisco IOS device. (okay, it was an AS5300). Cisco IOS wants to use 1645 et al by default. I instead, ran Radiusd on 1812, 1813, 1814 (the new standard), and told Cisco IOS to go to those ports instead. I suppose a person could always run another instance of radiusd on the old ports as well (of course, logging to another directory.) BTW, this software has been working quite well for me. My next project is to link the accounting to an SQL database. Happy, happy! Donovan Hill Electronics Engineering Technologist. Alantra Venture Corp/Vancouver Teleport (604)881-8500 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE:(solved by myself and lots of hours. it was an stupid thing, as my) how to Test my first freeradius install ? OK fixed ! BUT other problem: (long logs) (server@192.168.122.254not responding)
the error is in portslave conf. open big your EYES ! D O N O T D OI T (SAME IP) in pslave.conf > all.authhost1 192.168.122.254 > all.accthost1 192.168.122.254 becose i do not have 2 radius servers i put the same on both. damn moment when I do it. It was a week sice it. - Original Message - From: Linux!audimed <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Sunday, December 02, 2001 3:12 AM Subject: RE: how to Test my first freeradius install ? OK fixed ! BUT other problem: (long logs) ([EMAIL PROTECTED] responding) > > If I remember correctly, portslave by default tries to communicate with a > > RADIUS server using ports 1645 instead of the new standard 1812/1813. > EXELENT!!! that it the port number ! > portslave still use 1645 > so I put a -p 1645 to the radiusd command > and I get radius and portslave talking between > boht machines 192.168.122.254 RadServer(254 on more) and > 192.168.122.253 the RadClient (253 on more) > I can see it doing "tail -f" on the logs > it was fixed this way. > But I cant still authenticate the user.Im using 3 > machines for this test . > > (10dialclient)<-->(253RadClient)<-->(254RadServer) > w9x Linuxrouter k2.2.16 redhat7.0 > 2.9.8pre > > It is intend to: w9x takes 192.168.122.10 IP by example > here goes my next problem: > IF I use a VALIDuser/WRONGpassword I ged DENIED by 254RadServer > and DENIED by 253RadClient > that is ok. by the least it looks normal > > <> > IF I use a VALIDuser/VALIDpassword I ged ACCESS by 254RadServer > BUT DENIED by 253RadClient > > and 254RadServer keeps saying : > "Malformed RADIUS packet from host 192.168.122.253: Invalid attribute 0 > --- Walking the entire request list ---" > and 253RadClient keeps saying : > Jan 1 02:19:01 myrouter pppd[550]: ul_login(lucas) called > Jan 1 02:19:10 myrouter pppd[550]: [EMAIL PROTECTED] not responding > > at this moment you ask . where are the logs ? OK here is ALL > it would be hard but I go on please be patient. > I will cut in three important parts: > 1 start of RADserver and RADclient(portslave) > 2 a try with (valid user/ wrong pass ) > 3 a try with (valid user/ valid pass ) > > # > ALL 1 start of RADserver and RADclient(portslave) > # > > portslave 1 from inittab with "T0:23:respawn:+/usr/sbin/portslave 0" > I ask myself for what is the "+" in inittab path of portslave ?? > but it is not the big problem here. so lets continue... > > Jan 1 02:00:39 myrouter port[S0]: portslave started on port 0 (ttyS0) > Jan 1 02:00:40 myrouter port[S0]: chat_expect("") > Jan 1 02:00:40 myrouter port[S0]: chat_expect - got it > Jan 1 02:00:40 myrouter port[S0]: chat_send(\d\dATZ) > Jan 1 02:00:42 myrouter port[S0]: chat_expect(OK\r\n) > Jan 1 02:00:42 myrouter port[S0]: chat_expect - got it > Jan 1 02:00:42 myrouter port[S0]: waiting for RING > > END portslave 1 > > ### > radiusd 1 from console debug mode > /usr/sbin/radiusd -fxxyz -p 1645 > ### > Starting - reading configuration files ... > reread_config: reading radiusd.conf > Config: including file: /etc/raddb/proxy.conf > Config: including file: /etc/raddb/clients.conf > Config: including file: /etc/raddb/snmp.conf > Config: including file: /etc/raddb/sql.conf > main: prefix = "/usr" > main: localstatedir = "/var" > main: logdir = "/var/log/radius" > main: libdir = "/usr/lib" > main: radacctdir = "/var/log/radius/radacct" > main: hostname_lookups = no > read_config_files: reading dictionary > read_config_files: reading clients > read_config_files: reading realms > read_config_files: reading naslist > main: max_request_time = 30 > main: cleanup_delay = 5 > main: max_requests = 1024 > main: delete_blocked_requests = 0 > main: port = 0 > main: allow_core_dumps = no > main: log_stripped_names = yes > main: log_auth = yes > main: log_auth_badpass = yes > main: log_auth_goodpass = yes > main: pidfile = "/var/run/radiusd.pid" > main: bind_address = 192.168.122.254 IP address [192.168.122.254] > main: user = "root" > main: group = "root" > main: usercollide = no > main: lower_user = "no" > main: lower_pass = "no" > main: nos
Re: how to Test my first freeradius install ? OK fixed ! BUT other problem: (long logs) (server@192.168.122.254not responding)
"Linux!audimed" <[EMAIL PROTECTED]> wrote: > Do you have any doc tha explain howto set pslave.conf ? Sorry, this is the FreeRADIUS list. I don't run portslave, and I don't know much about it. I would suggest reading the portslave documentation, or joining a portslave list. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: how to Test my first freeradius install ? OK fixed ! BUT other problem: (long logs) (server@192.168.122.254not responding)
> The log you posted showed that the RADIUS server sent an > Access-Accept packet to the client. THat means the server is > configured correctly. THX Alan. ! Ok I understand that > If the client still does not let the user in, then the client has to > be fixed. Right and clear. Do you have any doc tha explain howto set pslave.conf ? I done it with the self instructions of the archive. But is not enough to me. I need to know more since I do not understand well the options. at botom I will copy my pslave.conf file > > and 254RadServer keeps saying : > > "Malformed RADIUS packet from host 192.168.122.253: Invalid attribute 0 > > Use 'tcpdump' to find out what's going on. The client appears to be > sending bad packets to the server. The issue is that I do not know how is a good packet. please show me the way. > > Alan DeKok. Is a porrtslave from pslave.lrp package 1.17-1 This is the portslave radius client. This package includes pppd-radius 2.3.5. # pslave.conf Here is the sample server configuration file. # Version: 1.17 03-Nov-1998 Donloaded from ftp.linuxrouter.org/pub/linux/linux-router/dists/2.9.8/packages/ Can''t be this version is too old ? #pslave.conf # pslave.conf Here is the sample server configuration file. # # Version: 1.17 03-Nov-1998 # # # Hostname of the system. # conf.hostname dialup.uucp.com # # IP address - if left empty, uses the IP address of the system (hostname). # This is used as the "local" address for SLIP and PPP connections. # #conf.ipno 192.168.42.21 # # Lock directory - on FSSTND compliant systems it's /var/lock. # conf.lockdir /var/lock # # Where to find the rlogin binary that accepts the "-i" flag. # conf.rlogin /usr/bin/rlogin-radius # # Where to find our patched pppd that has radius linked in. # conf.pppd /usr/sbin/pppd-radius # # Where to find telnet. This can just be the system telnet. # conf.telnet /usr/bin/telnet # # If you set this to "1", you can always login locally by putting a '!' # before your loginname. Useful for emergencies when the RADIUS server is down. # conf.locallogins 1 # # Logging stuff - this program can use a remote syslog daemon if needed. # If you want to log locally leave the "syslog" field empty. The facility # field is an integer between 0 and 7 and sets the syslog facility to # local0-local7. # conf.syslog conf.facility 6 # # Stripnames - if you set this to "1", leading "P", "S", "C", "L" or "!" # characters and trailing ".slip", ".cslip" and ".ppp" strings will be # stripped from the username before it is recorded in the system # utmp and wtmp files (if sysutmp or syswtmp are turned on ofcourse) # conf.stripnames 0 ## ## The all entry is used as a template for all others. This means that ## setting all.debug to 0, you set s0.debug, s1.debug, s2.debug etc. ## to 0. It also means that all these settings can be overridden on a ## per-port basis below. ## # # Debugging output to syslog. Set to 0 or 1. "1" is pretty verbose. # all.debug 1 # # Authentication type - either "radius" or "none". # all.authtyperadius # # Authentication host and accounting host. We can have 2 of both. The # first one is always tried three times before switching to the second one. # They are alternately tried after that, upto maximum 10 times in total. # Timeout is 5 seconds per query. # all.authhost1 192.168.122.254 all.accthost1 192.168.122.254 #all.authhost2 backuphost.someisp.com #all.accthost2 backuphost.someisp.com # # # The shared secret for RADIUS. # all.secret clave2 # # Default protocol and host. This is for rlogin sessions. # #all.protocol rlogin #all.host shellhost.someisp.com # # Default IP stuff. If you end the "ipno" with a "+", the portnumber will # be added to the IP number. The IP number of a port is used when the RADIUS # server doesn't send an IP number, or if it tells us to use a dynamic ipno. # # Leave the netmask at 255.255.255.255, unless your really know what # you're doing. # all.ipno 192.168.122.253 all.netmask 255.255.255.0 all.mtu 1500 # # Standard message that is issued on connect. # all.issue \n\ Cistron Internet Services \n\ POP Alphen aan den Rijn \n\ Welcome to terminal server %h port S%p\n # # Login prompt. # all.prompt Cistron login: # # Terminal type, for rlogin/telnet sessions. # all.term vt100 # # If you want portslave to update the utmp and/or wtmp files just # like a regular getty/login, set these to 1. # all.sysutmp 1 all.syswtmp 0 ## ## Options for the serial port. ## # # Porttype (passed to Radius for logging). # 0 = async, 1 = sync, 2 = ISDN, 3 = ISDN-V120, 4 = ISDN-V110 # all.porttype 0 # # Speed. All ports are set to 8N1. # all.speed 115200 # # Use this to initialize the modem. #
Re: how to Test my first freeradius install ? OK fixed ! BUT other problem: (long logs) (server@192.168.122.254not responding)
"Linux!audimed" <[EMAIL PROTECTED]> wrote: > IF I use a VALIDuser/VALIDpassword I ged ACCESS by 254RadServer > BUT DENIED by 253RadClient The log you posted showed that the RADIUS server sent an Access-Accept packet to the client. THat means the server is configured correctly. If the client still does not let the user in, then the client has to be fixed. > and 254RadServer keeps saying : > "Malformed RADIUS packet from host 192.168.122.253: Invalid attribute 0 Use 'tcpdump' to find out what's going on. The client appears to be sending bad packets to the server. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: how to Test my first freeradius install ? OK fixed ! BUT other problem: (long logs) (server@192.168.122.254not responding)
> If I remember correctly, portslave by default tries to communicate with a > RADIUS server using ports 1645 instead of the new standard 1812/1813. EXELENT!!! that it the port number ! portslave still use 1645 so I put a -p 1645 to the radiusd command and I get radius and portslave talking between boht machines 192.168.122.254 RadServer(254 on more) and 192.168.122.253 the RadClient (253 on more) I can see it doing "tail -f" on the logs it was fixed this way. But I cant still authenticate the user.Im using 3 machines for this test . (10dialclient)<-->(253RadClient)<-->(254RadServer) w9x Linuxrouter k2.2.16 redhat7.0 2.9.8pre It is intend to: w9x takes 192.168.122.10 IP by example here goes my next problem: IF I use a VALIDuser/WRONGpassword I ged DENIED by 254RadServer and DENIED by 253RadClient that is ok. by the least it looks normal <> IF I use a VALIDuser/VALIDpassword I ged ACCESS by 254RadServer BUT DENIED by 253RadClient and 254RadServer keeps saying : "Malformed RADIUS packet from host 192.168.122.253: Invalid attribute 0 --- Walking the entire request list ---" and 253RadClient keeps saying : Jan 1 02:19:01 myrouter pppd[550]: ul_login(lucas) called Jan 1 02:19:10 myrouter pppd[550]: [EMAIL PROTECTED] not responding at this moment you ask . where are the logs ? OK here is ALL it would be hard but I go on please be patient. I will cut in three important parts: 1 start of RADserver and RADclient(portslave) 2 a try with (valid user/ wrong pass ) 3 a try with (valid user/ valid pass ) # ALL 1 start of RADserver and RADclient(portslave) # portslave 1 from inittab with "T0:23:respawn:+/usr/sbin/portslave 0" I ask myself for what is the "+" in inittab path of portslave ?? but it is not the big problem here. so lets continue... Jan 1 02:00:39 myrouter port[S0]: portslave started on port 0 (ttyS0) Jan 1 02:00:40 myrouter port[S0]: chat_expect("") Jan 1 02:00:40 myrouter port[S0]: chat_expect - got it Jan 1 02:00:40 myrouter port[S0]: chat_send(\d\dATZ) Jan 1 02:00:42 myrouter port[S0]: chat_expect(OK\r\n) Jan 1 02:00:42 myrouter port[S0]: chat_expect - got it Jan 1 02:00:42 myrouter port[S0]: waiting for RING END portslave 1 ### radiusd 1 from console debug mode /usr/sbin/radiusd -fxxyz -p 1645 ### Starting - reading configuration files ... reread_config: reading radiusd.conf Config: including file: /etc/raddb/proxy.conf Config: including file: /etc/raddb/clients.conf Config: including file: /etc/raddb/snmp.conf Config: including file: /etc/raddb/sql.conf main: prefix = "/usr" main: localstatedir = "/var" main: logdir = "/var/log/radius" main: libdir = "/usr/lib" main: radacctdir = "/var/log/radius/radacct" main: hostname_lookups = no read_config_files: reading dictionary read_config_files: reading clients read_config_files: reading realms read_config_files: reading naslist main: max_request_time = 30 main: cleanup_delay = 5 main: max_requests = 1024 main: delete_blocked_requests = 0 main: port = 0 main: allow_core_dumps = no main: log_stripped_names = yes main: log_auth = yes main: log_auth_badpass = yes main: log_auth_goodpass = yes main: pidfile = "/var/run/radiusd.pid" main: bind_address = 192.168.122.254 IP address [192.168.122.254] main: user = "root" main: group = "root" main: usercollide = no main: lower_user = "no" main: lower_pass = "no" main: nospace_user = "no" main: nospace_pass = "no" main: proxy_requests = yes proxy: retry_delay = 5 proxy: retry_count = 3 proxy: synchronous = no proxy: dead_time = 120 main: debug_level = 0 read_config_files: entering modules setup Module: Library search path is /usr/lib Module: Loaded System unix: cache = no unix: passwd = "/etc/passwd" unix: shadow = "/etc/shadow" unix: group = "/etc/group" unix: radwtmp = "/var/log/radius/radwtmp" unix: usegroup = no Module: Instantiated unix (unix) Module: Loaded preprocess preprocess: huntgroups = "/etc/raddb/huntgroups" preprocess: hints = "/etc/raddb/hints" preprocess: with_ascend_hack = no preprocess: ascend_channels_per_line = 23 preprocess: with_ntdomain_hack = no preprocess: with_specialix_jetstream_hack = no preprocess: with_cisco_vsa_hack = no Module: Instantiated preprocess (preprocess) Module: Loaded realm realm: format = "suffix" realm: delimiter = "@" Module: