Re: Mschapv2 not working! Please help!

[Syed Anwarul Hasan]

Hi,
PEAP MSCHAPv2 works well with Active Directory Backend. I am not sure of its
Authentication Process with users file.

Try with EAP MD5, it works well with Users file.

SYED
On Thu, Oct 16, 2008 at 5:21 PM, saini_jas16 <
[EMAIL PROTECTED]> wrote:

>
> Hello All,
>
> I am trying to authenticate a Windows XP Client with the username and
> password configured in the Users file on the Radius Server.  I have tried
> saveral changes, but I am not able to get rid of this error. I am running
> freeradius 2.1.1 on Suse 10 SP1.
>
> Kindly Help, I am in urgent need of making this radius server up and
> running.
> Below is the error I am receiving.
>
>
> rad_recv: Access-Request packet from host 130.1.254.174 port 2,
> id=212,
> length=182
>NAS-Port-Id = "2049/1"
>Calling-Station-Id = "00-1F-3B-70-5B-7F"
>Called-Station-Id = "00-18-6E-30-70-C0:NYCC_TEST"
>Service-Type = Framed-User
>User-Name = "jaswinder"
>State = 0x2aaca71b29aabed260fc846046180105
>EAP-Message =
> 0x0206002119800017150301001294659677442f8e7a361ee8ee93374c90ed53
>NAS-Port-Type = Wireless-802.11
>NAS-Identifier = "3Com"
>NAS-IP-Address = 130.1.254.174
>Message-Authenticator = 0xe42d1530c16b34c5b74bfb4c486083aa
> +- entering group authorize {...}
> ++[preprocess] returns ok
> ++[chap] returns noop
> ++[mschap] returns noop
> [suffix] No '@' in User-Name = "jaswinder", looking up realm NULL
> [suffix] No such realm "NULL"
> ++[suffix] returns noop
> [eap] EAP packet type response id 6 length 33
> [eap] Continuing tunnel setup.
> ++[eap] returns ok
> Found Auth-Type = EAP
> +- entering group authenticate {...}
> [eap] Request found, released from the list
> [eap] EAP/peap
> [eap] processing type peap
> [peap] processing EAP-TLS
>  TLS Length 23
> [peap] Length Included
> [peap] eaptls_verify returned 11
> [peap] <<< TLS 1.0 Alert [length 0002], fatal access_denied
> TLS Alert read:fatal:access denied
> [peap] WARNING: No data inside of the tunnel.
> [peap] eaptls_process returned 7
> [peap] EAPTLS_OK
> [peap] Session established.  Decoding tunneled attributes.
> [peap] Tunneled data is invalid.
> [eap] Handler failed in EAP/peap
> [eap] Failed in EAP select
> ++[eap] returns invalid
> Failed to authenticate the user.
> Using Post-Auth-Type Reject
> +- entering group REJECT {...}
> [attr_filter.access_reject] expand: %{User-Name} -> jaswinder
>  attr_filter: Matched entry DEFAULT at line 11
> ++[attr_filter.access_reject] returns updated
> Delaying reject of request 5 for 1 seconds
> Going to the next request
>
> Any help is greatly appreciated.
> Thanks,
> Jas
> --
> View this message in context:
> http://www.nabble.com/Mschapv2-not-working%21-Please-help%21-tp20015619p20015619.html
> Sent from the FreeRadius - User mailing list archive at Nabble.com.
>
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
>
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Problem with ntlm_auth

[Syed Anwarul Hasan]

That was example,to check with different Users,DEFAULT should be used as
rightly said by Ivan.


On Thu, Oct 9, 2008 at 1:22 PM, <[EMAIL PROTECTED]> wrote:

>  So to understand you right:
>
> Every user that should be authenticated has to be an entry in the users
> file?
>
> Isn't it possible to add an forwarding for every user so that all requests
> are just forwarded and checked?
>
> If not I must add all users from the AD to the users file, mustn't I?
>
>
>
>
>
> *Von:* freeradius-users-bounces+frederik.niedernolte=bertelsmann.de@
> lists.freeradius.org 
> [mailto:freeradius-users-bounces+frederik.niedernolte
> [EMAIL PROTECTED] *Im Auftrag von *Syed Anwarul Hasan
> *Gesendet:* Donnerstag, 9. Oktober 2008 13:16
>
> *An:* FreeRadius users mailing list
> *Betreff:* Re: Problem with ntlm_auth
>
>
>
> And also don't remove ntlm_auth from authenticate section of both default
> and inner-tunnel files.
>
> On Thu, Oct 9, 2008 at 1:12 PM, Syed Anwarul Hasan <
> [EMAIL PROTECTED]> wrote:
>
> Ok, Where are USER CREDENTIALS stored, the one descibed in the Manual is
> Bind as User. That is USer Entry is added in Users file and after using
> ntlm_auth, it is checked against a Active Directory or LDAP server backend
> using NT Lan manager Authentication Protocol.
>
> For example:
> Users file:
> User  Auth-Type :- ntlm_auth
>
> In Active Directory
> User should be a member.
>
> So, then ntlm_auth requests will be passed from your Server to Active
> Directory or LDAP Server.
>
> Otherwise you will not setup ntlm_auth.
>
> SYED
>
>
>
> On Thu, Oct 9, 2008 at 12:58 PM, <[EMAIL PROTECTED]>
> wrote:
>
> OK, I have tested it with "radtest MyUser MyPassword localhost 0
> testing123" and this is what the server gave back:
>
>
>
> Ready to process requests.
>
> rad_recv: Access-Request packet from host 127.0.0.1 port 32793, id=92,
> length=58
>
> User-Name = "MyUser"
>
> User-Password = "MyPassword"
>
> NAS-IP-Address = IP.OF.THE.SERVER
>
> NAS-Port = 0
>
> +- entering group authorize {...}
>
> ++[preprocess] returns ok
>
> ++[chap] returns noop
>
> ++[mschap] returns noop
>
> [suffix] No '@' in User-Name = "MyUser", looking up realm NULL
>
> [suffix] No such realm "NULL"
>
> ++[suffix] returns noop
>
> [eap] No EAP-Message, not doing EAP
>
> ++[eap] returns noop
>
> ++[unix] returns notfound
>
> ++[files] returns noop
>
> ++[expiration] returns noop
>
> ++[logintime] returns noop
>
> [pap] WARNING! No "known good" password found for the user.  Authentication
> may fail because of this.
>
> ++[pap] returns noop
>
> No authenticate method (Auth-Type) configuration found for the request:
> Rejecting the user
>
> Failed to authenticate the user.
>
> Using Post-Auth-Type Reject
>
> +- entering group REJECT {...}
>
> [attr_filter.access_reject] expand: %{User-Name} -> MyUser
>
>  attr_filter: Matched entry DEFAULT at line 11
>
> ++[attr_filter.access_reject] returns updated
>
> Delaying reject of request 0 for 1 seconds
>
> Going to the next request
>
> Waking up in 0.9 seconds.
>
> Sending delayed reject for request 0
>
> Sending Access-Reject of id 92 to 127.0.0.1 port 32793
>
> Waking up in 4.9 seconds.
>
> Cleaning up request 0 ID 92 with timestamp +3710
>
> Ready to process requests.
>
>
>
> Now what should I do?
> Thanks in advance.
>
>
>
> *Von:* freeradius-users-bounces+frederik.niedernolte=bertelsmann.de@
> lists.freeradius.org 
> [mailto:freeradius-users-bounces+frederik.niedernolte
> [EMAIL PROTECTED] *Im Auftrag von *Syed Anwarul Hasan
> *Gesendet:* Donnerstag, 9. Oktober 2008 12:12
>
>
> *An:* FreeRadius users mailing list
> *Betreff:* Re: Problem with ntlm_auth
>
>
>
> Hi,
> You can use radtest tool to check with the Server.The Server will return
> accept-accept message.
> Other tool includes JRadius Simulator as IVAN told. bu I have not used it.
> Otherwise If you have a Native PEAP or TTLS client, you can sent MSCHAP
> requests to use ntlm_auth with Active DIRECTORY or LDAP server backend.(if
> you have)
>
> SYED
>
> On Thu, Oct 9, 2008 at 11:54 AM, <[EMAIL PROTECTED]>
> wrote:
>
> Thanks, now it works :)
>
>
>
> Now the last step: How can I test it? What tool/program etc. can/should I
> use to test it?
>
> "The radclient cannot currently be used to send this request,
> unfortunately, which makes testing a little difficult If everything goes

Re: Problem with ntlm_auth

[Syed Anwarul Hasan]

And also don't remove ntlm_auth from authenticate section of both default
and inner-tunnel files.

On Thu, Oct 9, 2008 at 1:12 PM, Syed Anwarul Hasan <
[EMAIL PROTECTED]> wrote:

> Ok, Where are USER CREDENTIALS stored, the one descibed in the Manual is
> Bind as User. That is USer Entry is added in Users file and after using
> ntlm_auth, it is checked against a Active Directory or LDAP server backend
> using NT Lan manager Authentication Protocol.
>
> For example:
> Users file:
> User  Auth-Type :- ntlm_auth
>
> In Active Directory
> User should be a member.
>
> So, then ntlm_auth requests will be passed from your Server to Active
> Directory or LDAP Server.
>
> Otherwise you will not setup ntlm_auth.
>
> SYED
>
>
> On Thu, Oct 9, 2008 at 12:58 PM, <[EMAIL PROTECTED]>wrote:
>
>>  OK, I have tested it with "radtest MyUser MyPassword localhost 0
>> testing123" and this is what the server gave back:
>>
>>
>>
>> Ready to process requests.
>>
>> rad_recv: Access-Request packet from host 127.0.0.1 port 32793, id=92,
>> length=58
>>
>> User-Name = "MyUser"
>>
>> User-Password = "MyPassword"
>>
>> NAS-IP-Address = IP.OF.THE.SERVER
>>
>> NAS-Port = 0
>>
>> +- entering group authorize {...}
>>
>> ++[preprocess] returns ok
>>
>> ++[chap] returns noop
>>
>> ++[mschap] returns noop
>>
>> [suffix] No '@' in User-Name = "MyUser", looking up realm NULL
>>
>> [suffix] No such realm "NULL"
>>
>> ++[suffix] returns noop
>>
>> [eap] No EAP-Message, not doing EAP
>>
>> ++[eap] returns noop
>>
>> ++[unix] returns notfound
>>
>> ++[files] returns noop
>>
>> ++[expiration] returns noop
>>
>> ++[logintime] returns noop
>>
>> [pap] WARNING! No "known good" password found for the user.
>> Authentication may fail because of this.
>>
>> ++[pap] returns noop
>>
>> No authenticate method (Auth-Type) configuration found for the request:
>> Rejecting the user
>>
>> Failed to authenticate the user.
>>
>> Using Post-Auth-Type Reject
>>
>> +- entering group REJECT {...}
>>
>> [attr_filter.access_reject] expand: %{User-Name} -> MyUser
>>
>>  attr_filter: Matched entry DEFAULT at line 11
>>
>> ++[attr_filter.access_reject] returns updated
>>
>> Delaying reject of request 0 for 1 seconds
>>
>> Going to the next request
>>
>> Waking up in 0.9 seconds.
>>
>> Sending delayed reject for request 0
>>
>> Sending Access-Reject of id 92 to 127.0.0.1 port 32793
>>
>> Waking up in 4.9 seconds.
>>
>> Cleaning up request 0 ID 92 with timestamp +3710
>>
>> Ready to process requests.
>>
>>
>>
>> Now what should I do?
>> Thanks in advance.
>>
>>
>>
>> *Von:* freeradius-users-bounces+frederik.niedernolte=bertelsmann.de@
>> lists.freeradius.org [mailto:
>> freeradius-users-bounces+frederik.niedernolte
>> [EMAIL PROTECTED] *Im Auftrag von *Syed Anwarul Hasan
>> *Gesendet:* Donnerstag, 9. Oktober 2008 12:12
>>
>> *An:* FreeRadius users mailing list
>> *Betreff:* Re: Problem with ntlm_auth
>>
>>
>>
>> Hi,
>> You can use radtest tool to check with the Server.The Server will return
>> accept-accept message.
>> Other tool includes JRadius Simulator as IVAN told. bu I have not used it.
>> Otherwise If you have a Native PEAP or TTLS client, you can sent MSCHAP
>> requests to use ntlm_auth with Active DIRECTORY or LDAP server backend.(if
>> you have)
>>
>> SYED
>>
>>  On Thu, Oct 9, 2008 at 11:54 AM, <[EMAIL PROTECTED]>
>> wrote:
>>
>> Thanks, now it works :)
>>
>>
>>
>> Now the last step: How can I test it? What tool/program etc. can/should I
>> use to test it?
>>
>> "The radclient cannot currently be used to send this request,
>> unfortunately, which makes testing a little difficult If everything goes
>> well, you should see the server returning an 
>> Access-Accept<http://freeradius.org/rfc/rfc2865.html#Access-Accept>message 
>> as above."
>>
>>
>>
>> Mit freundlichen Grüßen / Kind regards
>>
>> Frederik Niedernolte
>> ---
>> arvato services
>> An der Autobahn
>> 33310 Gütersloh
>> Germany
>> http://www.a

Re: Problem with ntlm_auth

[Syed Anwarul Hasan]

Ok, Where are USER CREDENTIALS stored, the one descibed in the Manual is
Bind as User. That is USer Entry is added in Users file and after using
ntlm_auth, it is checked against a Active Directory or LDAP server backend
using NT Lan manager Authentication Protocol.

For example:
Users file:
User  Auth-Type :- ntlm_auth

In Active Directory
User should be a member.

So, then ntlm_auth requests will be passed from your Server to Active
Directory or LDAP Server.

Otherwise you will not setup ntlm_auth.

SYED

On Thu, Oct 9, 2008 at 12:58 PM, <[EMAIL PROTECTED]>wrote:

>  OK, I have tested it with "radtest MyUser MyPassword localhost 0
> testing123" and this is what the server gave back:
>
>
>
> Ready to process requests.
>
> rad_recv: Access-Request packet from host 127.0.0.1 port 32793, id=92,
> length=58
>
> User-Name = "MyUser"
>
> User-Password = "MyPassword"
>
> NAS-IP-Address = IP.OF.THE.SERVER
>
> NAS-Port = 0
>
> +- entering group authorize {...}
>
> ++[preprocess] returns ok
>
> ++[chap] returns noop
>
> ++[mschap] returns noop
>
> [suffix] No '@' in User-Name = "MyUser", looking up realm NULL
>
> [suffix] No such realm "NULL"
>
> ++[suffix] returns noop
>
> [eap] No EAP-Message, not doing EAP
>
> ++[eap] returns noop
>
> ++[unix] returns notfound
>
> ++[files] returns noop
>
> ++[expiration] returns noop
>
> ++[logintime] returns noop
>
> [pap] WARNING! No "known good" password found for the user.  Authentication
> may fail because of this.
>
> ++[pap] returns noop
>
> No authenticate method (Auth-Type) configuration found for the request:
> Rejecting the user
>
> Failed to authenticate the user.
>
> Using Post-Auth-Type Reject
>
> +- entering group REJECT {...}
>
> [attr_filter.access_reject] expand: %{User-Name} -> MyUser
>
>  attr_filter: Matched entry DEFAULT at line 11
>
> ++[attr_filter.access_reject] returns updated
>
> Delaying reject of request 0 for 1 seconds
>
> Going to the next request
>
> Waking up in 0.9 seconds.
>
> Sending delayed reject for request 0
>
> Sending Access-Reject of id 92 to 127.0.0.1 port 32793
>
> Waking up in 4.9 seconds.
>
> Cleaning up request 0 ID 92 with timestamp +3710
>
> Ready to process requests.
>
>
>
> Now what should I do?
> Thanks in advance.
>
>
>
> *Von:* freeradius-users-bounces+frederik.niedernolte=bertelsmann.de@
> lists.freeradius.org 
> [mailto:freeradius-users-bounces+frederik.niedernolte
> [EMAIL PROTECTED] *Im Auftrag von *Syed Anwarul Hasan
> *Gesendet:* Donnerstag, 9. Oktober 2008 12:12
>
> *An:* FreeRadius users mailing list
> *Betreff:* Re: Problem with ntlm_auth
>
>
>
> Hi,
> You can use radtest tool to check with the Server.The Server will return
> accept-accept message.
> Other tool includes JRadius Simulator as IVAN told. bu I have not used it.
> Otherwise If you have a Native PEAP or TTLS client, you can sent MSCHAP
> requests to use ntlm_auth with Active DIRECTORY or LDAP server backend.(if
> you have)
>
> SYED
>
>  On Thu, Oct 9, 2008 at 11:54 AM, <[EMAIL PROTECTED]>
> wrote:
>
> Thanks, now it works :)
>
>
>
> Now the last step: How can I test it? What tool/program etc. can/should I
> use to test it?
>
> "The radclient cannot currently be used to send this request,
> unfortunately, which makes testing a little difficult If everything goes
> well, you should see the server returning an 
> Access-Accept<http://freeradius.org/rfc/rfc2865.html#Access-Accept>message as 
> above."
>
>
>
> Mit freundlichen Grüßen / Kind regards
>
> Frederik Niedernolte
> ---
> arvato services
> An der Autobahn
> 33310 Gütersloh
> Germany
> http://www.arvato-services.de
> [EMAIL PROTECTED]<[EMAIL PROTECTED]>
> Tel.:  +49 (0)5241 80-40554
>
> arvato services GmbH: Sitz Gütersloh | Amtsgericht Gütersloh HRB 3826 |
> Geschäftsführer Ralf Bierfischer, Bodo Krönfeld, Markus Schmedtmann, Eckhard
> Südmersen
>
>
>
> *Von:* freeradius-users-bounces+frederik.niedernolte=bertelsmann.de@
> lists.freeradius.org 
> [mailto:freeradius-users-bounces+frederik.niedernolte
> [EMAIL PROTECTED] *Im Auftrag von *Syed Anwarul Hasan
> *Gesendet:* Donnerstag, 9. Oktober 2008 11:44
> *An:* FreeRadius users mailing list
> *Betreff:* Re: Problem with ntlm_auth
>
>
>
> Hi Frederik,
>
> 1) Put User entry on *TOP* of users file.
> 2) In default file, in authenticate section, add *ntlm_auth. *Don't set
> using

Re: Problem with ntlm_auth

[Syed Anwarul Hasan]

Hi,
You can use radtest tool to check with the Server.The Server will return
accept-accept message.
Other tool includes JRadius Simulator as IVAN told. bu I have not used it.
Otherwise If you have a Native PEAP or TTLS client, you can sent MSCHAP
requests to use ntlm_auth with Active DIRECTORY or LDAP server backend.(if
you have)

SYED


On Thu, Oct 9, 2008 at 11:54 AM, <[EMAIL PROTECTED]>wrote:

>  Thanks, now it works :)
>
>
>
> Now the last step: How can I test it? What tool/program etc. can/should I
> use to test it?
>
> "The radclient cannot currently be used to send this request,
> unfortunately, which makes testing a little difficult If everything goes
> well, you should see the server returning an 
> Access-Accept<http://freeradius.org/rfc/rfc2865.html#Access-Accept>message as 
> above."
>
>
>
> Mit freundlichen Grüßen / Kind regards
>
> Frederik Niedernolte
> ---
> arvato services
> An der Autobahn
> 33310 Gütersloh
> Germany
> http://www.arvato-services.de
> [EMAIL PROTECTED]<[EMAIL PROTECTED]>
> Tel.:  +49 (0)5241 80-40554
>
> arvato services GmbH: Sitz Gütersloh | Amtsgericht Gütersloh HRB 3826 |
> Geschäftsführer Ralf Bierfischer, Bodo Krönfeld, Markus Schmedtmann, Eckhard
> Südmersen
>
>
>
> *Von:* freeradius-users-bounces+frederik.niedernolte=bertelsmann.de@
> lists.freeradius.org 
> [mailto:freeradius-users-bounces+frederik.niedernolte
> [EMAIL PROTECTED] *Im Auftrag von *Syed Anwarul Hasan
> *Gesendet:* Donnerstag, 9. Oktober 2008 11:44
> *An:* FreeRadius users mailing list
> *Betreff:* Re: Problem with ntlm_auth
>
>
>
> Hi Frederik,
>
> 1) Put User entry on *TOP* of users file.
> 2) In default file, in authenticate section, add *ntlm_auth. *Don't set
> using Auth-Type.
> 3) Also in Sites-enabled/inner-tunnel which is Virtual Server Inner Tunnel.
> Add *ntlm_auth* in Authenticate Section.
>
> I hope it will solve your problem.
> SYED
>
>
>  On Thu, Oct 9, 2008 at 11:17 AM, <[EMAIL PROTECTED]>
> wrote:
>
> I have finished all steps till „*user* Auth-Type := ntlm_auth" from
> http://deployingradius.com/documents/configuration/active_directory.html.
>
> With this command I get this error message at the end of
> "/usr/sbin/freeradius –X":
>
>
>
> /etc/freeradius/users[1]: Parse error (check) for entry MyUser: Unknown
> value ntlm_auth for attribute Auth-Type
>
> Errors reading /etc/freeradius/users
>
> /etc/freeradius/modules/files[7]: Instantiation failed for module "files"
>
> /etc/freeradius/sites-enabled/inner-tunnel[111]: Failed to find module
> "files".
>
> /etc/freeradius/sites-enabled/inner-tunnel[34]: Errors parsing authorize
> section.
>
>  }
>
> }
>
> Errors initializing modules
>
>
>
> The authenticate section in the /etc/freeradius/sites-enabled/default looks
> like this (only important part):
>
>
>
> authenticate {
>
> #
>
> #  NTML_AUTH authentication.
>
> Auth-Type ntlm_auth {
>
>ntlm_auth
>
> }
>
>
>
> What is wrong and what can I do to solve the problem?
>
> Thanks in advance.
>
> Best regards, F. Niedernolte
>
>
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
>
>
>
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
>
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Problem with ntlm_auth

[Syed Anwarul Hasan]

Hi Frederik,

1) Put User entry on *TOP* of users file.
2) In default file, in authenticate section, add *ntlm_auth. *Don't set
using Auth-Type.
3) Also in Sites-enabled/inner-tunnel which is Virtual Server Inner Tunnel.
Add *ntlm_auth* in Authenticate Section.

I hope it will solve your problem.
SYED



On Thu, Oct 9, 2008 at 11:17 AM, <[EMAIL PROTECTED]>wrote:

>  I have finished all steps till „*user* Auth-Type := ntlm_auth" from
> http://deployingradius.com/documents/configuration/active_directory.html.
>
> With this command I get this error message at the end of
> "/usr/sbin/freeradius –X":
>
>
>
> /etc/freeradius/users[1]: Parse error (check) for entry MyUser: Unknown
> value ntlm_auth for attribute Auth-Type
>
> Errors reading /etc/freeradius/users
>
> /etc/freeradius/modules/files[7]: Instantiation failed for module "files"
>
> /etc/freeradius/sites-enabled/inner-tunnel[111]: Failed to find module
> "files".
>
> /etc/freeradius/sites-enabled/inner-tunnel[34]: Errors parsing authorize
> section.
>
>  }
>
> }
>
> Errors initializing modules
>
>
>
> The authenticate section in the /etc/freeradius/sites-enabled/default looks
> like this (only important part):
>
>
>
> authenticate {
>
> #
>
> #  NTML_AUTH authentication.
>
> Auth-Type ntlm_auth {
>
>ntlm_auth
>
> }
>
>
>
> What is wrong and what can I do to solve the problem?
>
> Thanks in advance.
>
> Best regards, F. Niedernolte
>
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
>
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: NTLM_auth active directory - what is wrong?

[Syed Anwarul Hasan]

Hi Santiago,

 I would suggest you to first try with radtest to see ntlm_auth BIND AS
USER is working or not.

Have a User entry in Users file with Auth-Type := ntlm_auth
Add *ntlm_auth* in Authenticate section of default and inner-tunnel files in
/sites-enabled directory.

Then if radtest returns NT Success Ok or ntlm_auth is being done by Server.
Then Try for RADIUS requests from actual NAS.

I have done this way as of now to check ntlm_auth Bind.

The Experts can show you more light in your problem.

Regards,
SYED



On Tue, Oct 7, 2008 at 2:36 PM, Santiago Matiz V <[EMAIL PROTECTED]>wrote:

>
> Hi all
> I follow the instructions of Alan :
>
> 
>
> to authenticate ntlm_auth with radius but appers the following message:
>
> " WARNING: Unknown value specified for Auth-Type.  Cannot perform requested
> action.
> auth: Failed to validate the user."
>
> what is wrong?
>
> Please help.
> Santiago
>
>
> FreeRADIUS Version 2.0.5, for host i686-pc-linux-gnu, built on Sep  3 2008
> at 15:55:02
> Copyright (C) 1999-2008 The FreeRADIUS server project and contributors.
> There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A
> PARTICULAR PURPOSE.
> You may redistribute copies of FreeRADIUS under the terms of the
> GNU General Public License v2.
> Starting - reading configuration files ...
> including configuration file /usr/local/etc/raddb/radiusd.conf
> including configuration file /usr/local/etc/raddb/proxy.conf
> including configuration file /usr/local/etc/raddb/clients.conf
> including configuration file /usr/local/etc/raddb/snmp.conf
> including configuration file /usr/local/etc/raddb/eap.conf
> including dictionary file /usr/local/etc/raddb/dictionary
> main {
>prefix = "/usr/local"
>localstatedir = "/var"
>logdir = "/var/log/radius"
>libdir = "/usr/local/lib"
>radacctdir = "/var/log/radius/radacct"
>hostname_lookups = no
>max_request_time = 30
>cleanup_delay = 5
>max_requests = 1024
>allow_core_dumps = no
>pidfile = "/var/run/radiusd/radiusd.pid"
>checkrad = "/usr/local/sbin/checkrad"
>debug_level = 0
>proxy_requests = yes
>log_auth = yes
>log_auth_badpass = no
>log_auth_goodpass = no
>log_stripped_names = no
> }
>  client localhost {
>ipaddr = 127.0.0.1
>require_message_authenticator = no
>secret = "testing123"
>nastype = "other"
>  }
>  client 192.100.16.11 {
>require_message_authenticator = no
>secret = "123"
>  }
> radiusd:  Loading Realms and Home Servers 
>  proxy server {
>retry_delay = 5
>retry_count = 3
>default_fallback = no
>dead_time = 120
>wake_all_if_all_dead = no
>  }
>  home_server localhost {
>ipaddr = 127.0.0.1
>port = 1812
>type = "auth"
>secret = "testing123"
>response_window = 20
>max_outstanding = 65536
>zombie_period = 40
>status_check = "status-server"
>ping_check = "none"
>ping_interval = 30
>check_interval = 30
>num_answers_to_alive = 3
>num_pings_to_alive = 3
>revive_interval = 120
>status_check_timeout = 4
>  }
>  home_server_pool my_auth_failover {
>type = fail-over
>home_server = localhost
>  }
>  realm example.com {
>auth_pool = my_auth_failover
>  }
>  realm LOCAL {
>  }
>  realm DOMAIN.LOC {
>authhost = LOCAL
>accthost = LOCAL
>  }
>  realm DOMAIN {
>authhost = LOCAL
>accthost = LOCAL
>  }
> radiusd:  Instantiating modules 
>  instantiate {
>  Module: Linked to module rlm_expr
>  Module: Instantiating expr
>  }
> radiusd:  Loading Virtual Servers 
> server {
>  modules {
>  Module: Checking authenticate {...} for more modules to load
>  Module: Linked to module rlm_mschap
>  Module: Instantiating mschap
>  mschap {
>use_mppe = yes
>require_encryption = no
>require_strong = no
>with_ntdomain_hack = yes
>ntlm_auth = "/usr/bin/ntlm_auth --request-nt-key
>--domain=%{mschap:NT-Domain:-DOMAIN}
>  --username=%{mschap:User-Name}  --challenge=%{mschap:Challenge:-00}
> --nt-response=%{mschap:NT-Response:-00}"
>  }
>  Module: Checking authorize {...} for more modules to load
>  Module: Linked to module rlm_preprocess
>  Module: Instantiating preprocess
>  preprocess {
>huntgroups = "/usr/local/etc/raddb/huntgroups"
>hints = "/usr/local/etc/raddb/hints"
>with_ascend_hack = no
>ascend_channels_per_line = 23
>with_ntdomain_hack = no
>with_specialix_jetstream_hack = no
>with_cisco_vsa_hack = no
>with_alvarion_vsa_hack = no
>  }
>  Module: Linked to module rlm_realm
>  Module: Instantiating realmslash
>  realm realmslash {
>  

Re: Make Install Errot : FreeRadius V 2.1.1 on Suse

[Syed Anwarul Hasan]

Hi Alan,
   I tried by the Prefix option --prefix =/usr  in Configure step to Install
files in /usr rather than /usr/local which is default.

*Still, I got the same error*. And to inform you,  when I build the
freeradius rpm package from freeradius.spec  file. I have removed the
autoreconf line to avoid RPM errors as I described yesterday in the post.
Please help me in this regard.

SYED


On Fri, Oct 3, 2008 at 12:02 PM, Alan DeKok <[EMAIL PROTECTED]>wrote:

> Syed Anwarul Hasan wrote:
> > I have compiled FreeRadius V 2.1.1 on SLES 10 SP2 .And after config and
> > make steps when I tried the 'make Install'  to install the binaries. I
> > got an libtool error and Installation stopped.
> ...
> > libtool: install: error: cannot install rlm_acctlog.la
> > to a directory not ending in /usr/lib/freeradius
>
>   Libtool is insane.  I have *no* idea why it does that.  It's annoying,
> and I don't know of any real way to fix it.
>
>  The only work-around is to install all of the files in /usr... rather
> than somewhere else.
>
>  Alan DeKok.
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
>
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Make Install Errot : FreeRadius V 2.1.1 on Suse

[Syed Anwarul Hasan]

Dear Alan,Ivan and all,

I have compiled FreeRadius V 2.1.1 on SLES 10 SP2 .And after config and make
steps when I tried the 'make Install'  to install the binaries. I got an
libtool error and Installation stopped.
Please help in this regard.

SYED

pc1138:/usr/src/packages/BUILD/freeradius-server-2.1.1 #* make install*
gmake[1]: Entering directory
`/usr/src/packages/BUILD/freeradius-server-2.1.1'
Making install in src...
gmake[2]: Entering directory
`/usr/src/packages/BUILD/freeradius-server-2.1.1/src'
gmake[3]: Entering directory
`/usr/src/packages/BUILD/freeradius-server-2.1.1/src'
Making install in include...
gmake[4]: Entering directory
`/usr/src/packages/BUILD/freeradius-server-2.1.1/src/include'
/usr/src/packages/BUILD/freeradius-server-2.1.1/install-sh -c -d -m 755
/usr/local/include/freeradius
for i in hash.h libradius.h md4.h md5.h missing.h packet.h radius.h
radpaths.h sha1.h token.h udpfromto.h vqp.h ident.h ; do \
sed 's/^#include 
.inst.$$ ; \
/usr/src/packages/BUILD/freeradius-server-2.1.1/install-sh -c -m 644
.inst.$$   /usr/local/include/freeradius/$i; \
rm -f .inst.$$ ; \
done
gmake[4]: Leaving directory
`/usr/src/packages/BUILD/freeradius-server-2.1.1/src/include'
Making install in lib...
gmake[4]: Entering directory
`/usr/src/packages/BUILD/freeradius-server-2.1.1/src/lib'
/usr/src/packages/BUILD/freeradius-server-2.1.1/install-sh -c -d -m 755
/usr/local/lib
/usr/src/packages/BUILD/freeradius-server-2.1.1/libtool --mode=install
/usr/src/packages/BUILD/freeradius-server-2.1.1/install-sh -c -c
libfreeradius-radius.la \
/usr/local/lib/libfreeradius-radius.la
/usr/src/packages/BUILD/freeradius-server-2.1.1/install-sh -c -c .libs/
libfreeradius-radius-2.1.1.so /usr/local/lib/libfreeradius-radius-2.1.1.so
(cd /usr/local/lib && { ln -s -f
libfreeradius-radius-2.1.1.solibfreeradius-radius.so || { rm -f
libfreeradius-radius.so && ln -s
libfreeradius-radius-2.1.1.so libfreeradius-radius.so; }; })
/usr/src/packages/BUILD/freeradius-server-2.1.1/install-sh -c -c
.libs/libfreeradius-radius.lai /usr/local/lib/libfreeradius-radius.la
/usr/src/packages/BUILD/freeradius-server-2.1.1/install-sh -c -c
.libs/libfreeradius-radius.a /usr/local/lib/libfreeradius-radius.a
chmod 644 /usr/local/lib/libfreeradius-radius.a
ranlib /usr/local/lib/libfreeradius-radius.a
PATH="$PATH:/sbin" ldconfig -n /usr/local/lib
--
Libraries have been installed in:
   /usr/local/lib

If you ever happen to want to link against installed libraries
in a given directory, LIBDIR, you must either use libtool, and
specify the full pathname of the library, or use the `-LLIBDIR'
flag during linking and do at least one of the following:
   - add LIBDIR to the `LD_LIBRARY_PATH' environment variable
 during execution
   - add LIBDIR to the `LD_RUN_PATH' environment variable
 during linking
   - use the `-Wl,--rpath -Wl,LIBDIR' linker flag
   - have your system administrator add LIBDIR to `/etc/ld.so.conf'

See any operating system documentation about shared libraries for
more information, such as the ld(1) and ld.so(8) manual pages.
--
rm -f /usr/local/lib/libfreeradius-radius-2.1.1.la;
ln -s libfreeradius-radius.la /usr/local/lib/libfreeradius-radius-2.1.1.la
gmake[4]: Leaving directory
`/usr/src/packages/BUILD/freeradius-server-2.1.1/src/lib'
Making install in modules...
gmake[4]: Entering directory
`/usr/src/packages/BUILD/freeradius-server-2.1.1/src/modules'
/usr/src/packages/BUILD/freeradius-server-2.1.1/install-sh -c -d -m 755
/usr/local/lib
gmake[5]: Entering directory
`/usr/src/packages/BUILD/freeradius-server-2.1.1/src/modules'
Making install in rlm_acctlog...
gmake[6]: Entering directory
`/usr/src/packages/BUILD/freeradius-server-2.1.1/src/modules/rlm_acctlog'
if [ "xrlm_acctlog" != "x" ]; then \
/usr/src/packages/BUILD/freeradius-server-2.1.1/libtool --mode=install
/usr/src/packages/BUILD/freeradius-server-2.1.1/install-sh -c -c \
rlm_acctlog.la /usr/local/lib/rlm_acctlog.la || exit $?; \
rm -f /usr/local/lib/rlm_acctlog-2.1.1.la; \
ln -s rlm_acctlog.la /usr/local/lib/rlm_acctlog-2.1.1.la || exit $?; \
fi
li*btool: install: error: cannot install `rlm_acctlog.la' to a directory not
ending in /usr/lib/freeradius
gmake[6]: *** [install] Error 1
gmake[6]: Leaving directory
`/usr/src/packages/BUILD/freeradius-server-2.1.1/src/modules/rlm_acctlog'
gmake[5]: *** [common] Error 2
gmake[5]: Leaving directory
`/usr/src/packages/BUILD/freeradius-server-2.1.1/src/modules'
gmake[4]: *** [install] Error 2
gmake[4]: Leaving directory
`/usr/src/packages/BUILD/freeradius-server-2.1.1/src/modules'
gmake[3]: *** [common] Error 2
gmake[3]: Leaving directory
`/usr/src/packages/BUILD/freeradius-server-2.1.1/src'
gmake[2]: *** [install] Error 2
gmake[2]: Leaving directory
`/usr/src/packages/BUILD/freeradius-server-2.1.1/src'
gmake[1]: *** [common] Error 2
gmake[

Re: Compile Error :FreeRadius v 2.1.1 RPM build error

[Syed Anwarul Hasan]

Thanks Norbert,

  SYED

On Thu, Oct 2, 2008 at 5:12 PM, Norbert Wegener <[EMAIL PROTECTED]
> wrote:

>  See:
>
> http://lists.freeradius.org/pipermail/freeradius-users/2008-September/msg00659.html
>
>
> Norbert Wegener
>
> Syed Anwarul Hasan schrieb:
>
> Hi Ala, Ivan and all,
>
>Alan as I having backtrace problem in my FreeRadius v 2.0.5. I deleted
> all the old binaries and libraries for the  earlier version.Then  I got the
> latest FreeRadius v 2.1.1 tarball (Compresses tar.bz2) from 
> freeradius.orgwebsite and started to build on SLES 10 SP2. And I copied the
> freeradius.spec in SPECS folder.
> When I try to compile, I got an rpm build error and compilation stopped.
>
> Please help me in this regard.
> SYED
>
> pc1138: /usr/src/packages/SOURCES # *rpmbuild -ba
> /usr/src/packages/SPECS/freeradius.spec*
> Executing(%prep): /bin/sh -e /var/tmp/rpm-tmp.25117
> + umask 022
> + cd /usr/src/packages/BUILD
> + cd /usr/src/packages/BUILD
> + rm -rf freeradius-server-2.1.1
> + /usr/bin/bzip2 -dc
> /usr/src/packages/SOURCES/freeradius-server-2.1.1.tar.bz2
> + tar -xf -
> + STATUS=0
> + '[' 0 -ne 0 ']'
> + cd freeradius-server-2.1.1
> ++ /usr/bin/id -u
> + '[' 0 = 0 ']'
> + /bin/chown -Rhf root .
> ++ /usr/bin/id -u
> + '[' 0 = 0 ']'
> + /bin/chgrp -Rhf root .
> + /bin/chmod -Rf a+rX,u+w,g-w,o-w .
> ++ find . -name CVS
> + rm -rf
> + exit 0
> Executing(%build): /bin/sh -e /var/tmp/rpm-tmp.27085
> + umask 022
> + cd /usr/src/packages/BUILD
> + /bin/rm -rf /var/tmp/freeradius-server-2.1.1-build
> ++ dirname /var/tmp/freeradius-server-2.1.1-build
> + /bin/mkdir -p /var/tmp
> + /bin/mkdir /var/tmp/freeradius-server-2.1.1-build
> + cd freeradius-server-2.1.1
> + export 'CFLAGS=-O2 -g -m32 -march=i586 -mtune=i686 -fmessage-length=0
> -D_FORTIFY_SOURCE=2 -fno-strict-aliasing -DLDAP_DEPRECATED -fPIC -DPIC'
> + CFLAGS='-O2 -g -m32 -march=i586 -mtune=i686 -fmessage-length=0
> -D_FORTIFY_SOURCE=2 -fno-strict-aliasing -DLDAP_DEPRECATED -fPIC -DPIC'
> + autoreconf
> configure.in:1140: warning: AC_CONFIG_SUBDIRS: you should use literals
> autoconf/status.m4:1077: AC_CONFIG_SUBDIRS is expanded from...
> configure.in:1140: the top level
> configure.in:1140: warning: AC_CONFIG_SUBDIRS: you should use literals
> autoconf/status.m4:1077: AC_CONFIG_SUBDIRS is expanded from...
> configure.in:1140: the top level
> configure.in:1140: warning: AC_CONFIG_SUBDIRS: you should use literals
> autoconf/status.m4:1077: AC_CONFIG_SUBDIRS is expanded from...
> configure.in:1140: the top level
> configure.in:547: error: possibly undefined macro: AC_LIB_READLINE
>   If this token and others are legitimate, please use m4_pattern_allow.
> * * See the Autoconf documentation.*
> autoreconf: /usr/bin/autoconf failed with exit status: 1
> error: Bad exit status from /var/tmp/rpm-tmp.27085 (%build)*
>
>
> *RPM build errors:
> Bad exit status from /var/tmp/rpm-tmp.27085 (%build)*
>
>
>
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
>
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Compile Error :FreeRadius v 2.1.1 RPM build error

[Syed Anwarul Hasan]

Hi Ala, Ivan and all,

   Alan as I having backtrace problem in my FreeRadius v 2.0.5. I deleted
all the old binaries and libraries for the  earlier version.Then  I got the
latest FreeRadius v 2.1.1 tarball (Compresses tar.bz2) from
freeradius.orgwebsite and started to build on SLES 10 SP2. And I
copied the
freeradius.spec in SPECS folder.
When I try to compile, I got an rpm build error and compilation stopped.

Please help me in this regard.
SYED

pc1138: /usr/src/packages/SOURCES # *rpmbuild -ba
/usr/src/packages/SPECS/freeradius.spec*
Executing(%prep): /bin/sh -e /var/tmp/rpm-tmp.25117
+ umask 022
+ cd /usr/src/packages/BUILD
+ cd /usr/src/packages/BUILD
+ rm -rf freeradius-server-2.1.1
+ /usr/bin/bzip2 -dc
/usr/src/packages/SOURCES/freeradius-server-2.1.1.tar.bz2
+ tar -xf -
+ STATUS=0
+ '[' 0 -ne 0 ']'
+ cd freeradius-server-2.1.1
++ /usr/bin/id -u
+ '[' 0 = 0 ']'
+ /bin/chown -Rhf root .
++ /usr/bin/id -u
+ '[' 0 = 0 ']'
+ /bin/chgrp -Rhf root .
+ /bin/chmod -Rf a+rX,u+w,g-w,o-w .
++ find . -name CVS
+ rm -rf
+ exit 0
Executing(%build): /bin/sh -e /var/tmp/rpm-tmp.27085
+ umask 022
+ cd /usr/src/packages/BUILD
+ /bin/rm -rf /var/tmp/freeradius-server-2.1.1-build
++ dirname /var/tmp/freeradius-server-2.1.1-build
+ /bin/mkdir -p /var/tmp
+ /bin/mkdir /var/tmp/freeradius-server-2.1.1-build
+ cd freeradius-server-2.1.1
+ export 'CFLAGS=-O2 -g -m32 -march=i586 -mtune=i686 -fmessage-length=0
-D_FORTIFY_SOURCE=2 -fno-strict-aliasing -DLDAP_DEPRECATED -fPIC -DPIC'
+ CFLAGS='-O2 -g -m32 -march=i586 -mtune=i686 -fmessage-length=0
-D_FORTIFY_SOURCE=2 -fno-strict-aliasing -DLDAP_DEPRECATED -fPIC -DPIC'
+ autoreconf
configure.in:1140: warning: AC_CONFIG_SUBDIRS: you should use literals
autoconf/status.m4:1077: AC_CONFIG_SUBDIRS is expanded from...
configure.in:1140: the top level
configure.in:1140: warning: AC_CONFIG_SUBDIRS: you should use literals
autoconf/status.m4:1077: AC_CONFIG_SUBDIRS is expanded from...
configure.in:1140: the top level
configure.in:1140: warning: AC_CONFIG_SUBDIRS: you should use literals
autoconf/status.m4:1077: AC_CONFIG_SUBDIRS is expanded from...
configure.in:1140: the top level
configure.in:547: error: possibly undefined macro: AC_LIB_READLINE
  If this token and others are legitimate, please use m4_pattern_allow.
* * See the Autoconf documentation.*
autoreconf: /usr/bin/autoconf failed with exit status: 1
error: Bad exit status from /var/tmp/rpm-tmp.27085 (%build)*


*RPM build errors:
Bad exit status from /var/tmp/rpm-tmp.27085 (%build)*
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Backtrace found in debug: FreeRadius 2.0.5 version

[Syed Anwarul Hasan]

Thanks Alan, I will delete all files and Install 2.1.1.

SYED

On Thu, Sep 25, 2008 at 3:01 PM, Alan DeKok <[EMAIL PROTECTED]>wrote:

> Syed Anwarul Hasan wrote:
> > Yes Alan I have done a big mistake, I have updated to 2.0.6 with the
> > same  binaries of 2.0.5. And now again  I am getting
> > backtraces. Anow in /etc/raddb dir I have another module radiusd which
> > was not present in 2.0.5. and version file shows 2.0.6
>
>   There is no version 2.0.6.  Try deleting ALL of the various builds
> you've done, and starting again with 2.1.1.
>
> > How can I able to revert back to my earlier  FreeRadius Version 2.0.5 to
> > come out of this backtrace problem ?
>
>   Delete all of the builds, including all files that were installed, and
> start over.
>
>  Alan DeKok.
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
>
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Backtrace found in debug: FreeRadius 2.0.5 version

[Syed Anwarul Hasan]

Yes Alan I have done a big mistake, I have updated to 2.0.6 with the same
binaries of 2.0.5. And now again  I am getting backtraces. Anow in
/etc/raddb dir I have another module radiusd which was not present in
2.0.5.and version file shows 2.0.6

using CVS , I have done source checkout radiusd module . I have not
Installed Updated version from git.freeradius.org.

How can I able to revert back to my earlier  FreeRadius Version 2.0.5 to
come out of this backtrace problem ?

Please help me in this regard.

SYED


This is another backtrace I got today.
*** glibc detected *** radiusd: double free or corruption (!prev):
0x0817e3e0 ***
=== Backtrace: =
/lib/libc.so.6[0xb7d81961]
/lib/libc.so.6(__libc_free+0x84)[0xb7d83404]
/usr/local/lib/libfreeradius-radius-2.0.5.so(pairbasicfree+0x3a)[0xb7ed8d6a]
/usr/local/lib/libfreeradius-radius-2.0.5.so(pairfree+0x2c)[0xb7ed907c]
radiusd[0x8061b73]
radiusd(radius_handle_request+0x5b)[0x806249b]
radiusd(thread_pool_addrequest+0x3c)[0x805bbec]
radiusd[0x8060232]
/usr/local/lib/libfreeradius-radius-2.0.5.so
(fr_event_loop+0x236)[0xb7edc8c6]
radiusd(radius_event_process+0x30)[0x8060b70]
radiusd(main+0x5dc)[0x805acac]
/lib/libc.so.6(__libc_start_main+0xdc)[0xb7d338ac]
radiusd[0x804d221]
=== Memory map: 
08048000-08076000 r-xp  08:06 259362 /usr/local/sbin/radiusd
08076000-08078000 rw-p 0002e000 08:06 259362 /usr/local/sbin/radiusd
08078000-0818b000 rw-p 08078000 00:00 0  [heap]
b780-b7821000 rw-p b780 00:00 0
b7821000-b790 ---p b7821000 00:00 0
b7927000-b7931000 r-xp  08:03 340094 /lib/libgcc_s.so.1
b7931000-b7932000 rw-p 9000 08:03 340094 /lib/libgcc_s.so.1
b794c000-b794d000 rw-p b794c000 00:00 0
b794d000-b7982000 r--s  08:05 77490  /var/run/nscd/dbRVYXV9
(deleted)
b7982000-b79a4000 r-xp  08:06 893307 /usr/lib/libk5crypto.so.3.0
b79a4000-b79a5000 rw-p 00022000 08:06 893307 /usr/lib/libk5crypto.so.3.0
b79a5000-b79bb000 r-xp  08:06 893303
/usr/lib/libgssapi_krb5.so.2.2
b79bb000-b79bc000 rw-p 00015000 08:06 893303
/usr/lib/libgssapi_krb5.so.2.2
b79bc000-b7a24000 r-xp  08:06 893317 /usr/lib/libkrb5.so.3.2
b7a24000-b7a26000 rw-p 00068000 08:06 893317 /usr/lib/libkrb5.so.3.2
b7a26000-b7a5c000 r-xp  08:06 893641
/usr/lib/libldap-2.3.so.0.2.20
b7a5c000-b7a5d000 rw-p 00036000 08:06 893641
/usr/lib/libldap-2.3.so.0.2.20
b7a5d000-b7a7 r-xp  08:03 340335 /lib/libnss_ldap.so.2
b7a7-b7a71000 rw-p 00012000 08:03 340335 /lib/libnss_ldap.so.2
b7a71000-b7a7c000 rw-p b7a71000 00:00 0
b7a96000-b7ba6000 r-xp  08:06 893546 /usr/lib/libcrypto.so.0.9.8
b7ba6000-b7bba000 rw-p 0010f000 08:06 893546 /usr/lib/libcrypto.so.0.9.8
b7bba000-b7bbe000 rw-p b7bba000 00:00 0
b7bbe000-b7bf7000 r-xp  08:06 893547 /usr/lib/libssl.so.0.9.8
b7bf7000-b7bfb000 rw-p 00038000 08:06 893547 /usr/lib/libssl.so.0.9.8
b7bfb000-b7c1 r-xp  08:06 893294 /usr/lib/libsasl2.so.2.0.21





On Fri, Sep 19, 2008 at 2:39 PM, Alan DeKok <[EMAIL PROTECTED]>wrote:

> Syed Anwarul Hasan wrote:
> > I have updated my FreeRadius version 2.0.5 Installed on SLES 10 SP2
> > through CVS.
>
>   Huh?
>
> > Do I need to Install latest version of FreeRadius to be compatible with
> > the CVS update for my current version.
>
>   Do not mix and match versions.  If you install a version from
> git.freeradius.org, then the binaries will NOT be compatible with 2.0.5.
>
>  Alan DeKok.
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
>
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Backtrace found in debug: FreeRadius 2.0.5 version

[Syed Anwarul Hasan]

Thanks Alan for your reply, I got CVS update by means of Anonymous CVS
source login from cvs.freeradius.org. I did  it do overcome LDAP Caching
Problem to avoid conflict between FreeRadius and Openldap server on same
machine.

I had a backup copy of /etc/raddb dir. So now I am not having a problem of
backtrace.

Regards,

SYED






On Fri, Sep 19, 2008 at 2:39 PM, Alan DeKok <[EMAIL PROTECTED]>wrote:

> Syed Anwarul Hasan wrote:
> > I have updated my FreeRadius version 2.0.5 Installed on SLES 10 SP2
> > through CVS.
>
>   Huh?
>
> > Do I need to Install latest version of FreeRadius to be compatible with
> > the CVS update for my current version.
>
>   Do not mix and match versions.  If you install a version from
> git.freeradius.org, then the binaries will NOT be compatible with 2.0.5.
>
>  Alan DeKok.
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
>
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Backtrace found in debug: FreeRadius 2.0.5 version

[Syed Anwarul Hasan]

Dear Alan,Ivan and all,

I have updated my FreeRadius version 2.0.5 Installed on SLES 10 SP2 through
CVS. Now when I authenticate with a User i didn' get a BackTrace. But when I
try to Authenticate against Openldap I see this Trace with Memory Map after
Server returns back the result.

Do I need to Install latest version of FreeRadius to be compatible with the
CVS update for my current version.

Regards,

SYED
sending Access-Reject of id 187 to 192.168.1.131 port 1047
*** glibc detected *** radiusd: double free or corruption (!prev):
0x0817dd80 ***
=== Backtrace: =
/lib/libc.so.6[0xb7ddf961]
/lib/libc.so.6(__libc_free+0x84)[0xb7de1404]
/usr/local/lib/libfreeradius-radius-2.0.5.so(pairbasicfree+0x3a)[0xb7f36d6a]
/usr/local/lib/libfreeradius-radius-2.0.5.so(pairfree+0x2c)[0xb7f3707c]
radiusd[0x8061b73]
radiusd(radius_handle_request+0x5b)[0x806249b]
radiusd(thread_pool_addrequest+0x3c)[0x805bbec]
radiusd[0x8060232]
/usr/local/lib/libfreeradius-radius-2.0.5.so
(fr_event_loop+0x236)[0xb7f3a8c6]
radiusd(radius_event_process+0x30)[0x8060b70]
radiusd(main+0x5dc)[0x805acac]
/lib/libc.so.6(__libc_start_main+0xdc)[0xb7d918ac]
radiusd[0x804d221]
=== Memory map: 
08048000-08076000 r-xp  08:06 259362 /usr/local/sbin/radiusd
08076000-08078000 rw-p 0002e000 08:06 259362 /usr/local/sbin/radiusd
08078000-0818b000 rw-p 08078000 00:00 0  [heap]
b780-b7821000 rw-p b780 00:00 0
b7821000-b790 ---p b7821000 00:00 0
b79b9000-b79c3000 r-xp  08:03 340094 /lib/libgcc_s.so.1
b79c3000-b79c4000 rw-p 9000 08:03 340094 /lib/libgcc_s.so.1
b79dd000-b7a12000 r--s  08:05 77489  /var/run/nscd/passwd
b7a12000-b7a47000 r--s  08:05 77526  /var/run/nscd/dbbLcLLP
(deleted)
b7a47000-b7a49000 r-xp  08:06 893319
/usr/lib/libkrb5support.so.0.0
b7a49000-b7a4a000 rw-p 2000 08:06 893319
/usr/lib/libkrb5support.so.0.0
b7a4a000-b7a6c000 r-xp  08:06 893307 /usr/lib/libk5crypto.so.3.0
b7a6c000-b7a6d000 rw-p 00022000 08:06 893307 /usr/lib/libk5crypto.so.3.0
b7a6d000-b7a83000 r-xp  08:06 893303
/usr/lib/libgssapi_krb5.so.2.2
b7a83000-b7a84000 rw-p 00015000 08:06 893303
/usr/lib/libgssapi_krb5.so.2.2
b7a84000-b7aec000 r-xp  08:06 893317 /usr/lib/libkrb5.so.3.2
b7aec000-b7aee000 rw-p 00068000 08:06 893317 /usr/lib/libkrb5.so.3.2
b7aee000-b7b24000 r-xp  08:06 893641
/usr/lib/libldap-2.3.so.0.2.20
b7b24000-b7b25000 rw-p 00036000 08:06 893641
/usr/lib/libldap-2.3.so.0.2.20
b7b25000-b7b38000 r-xp  08:03 340335 /lib/libnss_ldap.so.2
b7b38000-b7b39000 rw-p 00012000 08:03 340335 /lib/libnss_ldap.so.2
b7b39000-b7b44000 rw-p b7b39000 00:00 0
b7b5d000-b7c6d000 r-xp  08:06 893546 /usr/lib/libcrypto.so.0.9.8
b7c6d000-b7c81000 rw-p 0010f000 08:06 893546 /usr/lib/libcrypto.so.0.9.8
b7c81000-b7c85000 rw-p b7c81000 00:00 0
b7c85000-b7cbe000 r-xp  08:06 893547 /usr/lib/libssl.so.0.9.8
b7cbe000-b7cc2000 rw-p 00038000 08:06 893547 /usr/lib/libssl.so.0.9.8
b7cc2000-b7cd7000 r-xp  08:06 893294 /usr/lib/libsasl2.so.2.0.21
b7cd7000-b7cd8000 rw-p 00014000 08:06 893294 /usr/lib/libsasl2.so.2.0.21
b7cd8000-b7ce4000 r-xp  08:06 893639
/usr/lib/liblber-2.3.so.0.2.20
b7ce4000-b7ce5000 rw-p b000 08:06 893639
/usr/lib/liblber-2.3.so.0.2.20
b7ce5000-b7d1f000 r-xp  08:06 893643
/usr/lib/libldap_r-2.3.so.0.2.20
b7d1f000-b7d21000 rw-p 00039000 08:06 893643
/usr/lib/libldap_r-2.3.so.0.2.20
b7d21000-b7d26000 rw-p b7d21000 00:00 0
b7d28000-b7d2a000 r-xp  08:03 340122 /lib/libcom_err.so.2.1
b7d2a000-b7d2b000 rw-p 1000 08:03 340122 /lib/libcom_err.so.2.1
b7d2b000-b7d33000 r-xp  08:03 340069 /lib/libnss_files-2.4.so
b7d33000-b7d35000 rw-p 7000 08:03 340069 /lib/libnss_files-2.4.so
b7d35000-b7d38000 r-xp  08:06 259212 /usr/local/lib/
rlm_detail-2.0.5.so
b7d38000-b7d39000 rw-p 2000 08:06 259212 /usr/local/lib/
rlm_detail-2.0.5.so
b7d39000-b7d3b000 r-xp  08:06 259165 /usr/local/lib/
rlm_acct_unique-2.0.5.so
b7d3b000-b7d3c000 rw-p 1000 08:06 259165 /usr/local/lib/
rlm_acct_unique-2.0.5.so
b7d3c000-b7d3e000 r-xp  08:06 259317 /usr/local/lib/
rlm_preprocess-2.0.5.so
b7d3e000-b7d3f000 rw-p 1000 08:06 259317 /usr/local/lib/
rlm_preprocess-2.0.5.so
b7d3f000-b7d4b000 r-xp  08:06 1036627/usr/lib/freeradius/
rlm_ldap-2.0.5.so
b7d4b000-b7d4c000 rw-p b000 08:06 1036627
/usr/lib/freeradius/rlm_ldap-2.0.
Aborted
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: No authenticate method (Auth-Type) configuration found

[Syed Anwarul Hasan]

Hi Jason,

 I also have the same problem before. Change the User-Password to
Cleartext-Password := "your password" in the users file.

I hope it will work.

SYED



On Thu, Sep 18, 2008 at 8:15 AM, browan.jason <[EMAIL PROTECTED]>wrote:

>  Hi all,
> I have got some problems when use freeradius.
> freeradius version:
> FreeRADIUS Version 1.0.5, for host , built on Sep  9 2008 at 11:11:51
> My system:
> Fedora core 4
> Kernel version:
> 2.6.11-1.1369_FC4
>
> When i test the radius server, I have add something into
> /usr/local/etc/raddb/users like this:
>  test1 Auth-Type := Local, User-Password == "123456"
> User-Password =="123456",
> Service-Type=Framed-User,
> Framed-Protocol=PPP,
> Framed-IP-Address=192.168.121.99,
> Framed-IP-Netmask=255.255.252.0
> Add this into clients.conf:
>  client 192.168.121.43{
> secret  =   mm
> shortname   =   remote
> nastype =   other
> }
>
> Then start the freeradius server and use radtest to check this server:
>
> radtest test1 123456 192.168.121.49 0 mm
> 192.168.121.49 is my server's IP, My local machine IP address is
> 192.168.121.43.
>
> But, It always failed!
> Following is the client's information:
>  Sending Access-Request of id 161 to 192.168.121.49:1812
> User-Name = "test1"
> User-Password = "123456"
> NAS-IP-Address = freepp
> NAS-Port = 0
> rad_recv: Access-Reject packet from host 192.168.121.49:1812, id=161, 
> length=20
>
>
> And radius server's debuf information:
>  rad_recv: Access-Request packet from host 192.168.121.43:32768
> , id=161, length=57
> User-Name = "test1"
> User-Password = "123456"
> NAS-IP-Address = 255.255.255.255
> NAS-Port = 0
>   Processing the authorize section of radiusd.conf
> modcall: entering group authorize for request 2
>   modcall[authorize]: module "preprocess" returns ok for request 2
>   modcall[authorize]: module "chap" returns noop for request 2
>   modcall[authorize]: module "mschap" returns noop for request 2
> rlm_realm: No '@' in User-Name = "test1", looking up realm NULL
> rlm_realm: No such realm "NULL"
>   modcall[authorize]: module "suffix" returns noop for request 2
>   rlm_eap: No EAP-Message, not doing EAP
>   modcall[authorize]: module "eap" returns noop for request 2
> *modcall: group authorize returns ok for request 2*
> *
> auth: No authenticate method (Auth-Type) configuration found for the request: 
> Rejecting the user
> *
> *auth: Failed to validate the user.*
> Delaying request 2 for 1 seconds
> Finished request 2
> Going to the next request
> --- Walking the entire request list ---
> Waking up in 1 seconds...
> --- Walking the entire request list ---
> Waking up in 1 seconds...
> --- Walking the entire request list ---
> Sending Access-Reject of id 161 to 192.168.121.43:32768
> Waking up in 4 seconds...
> --- Walking the entire request list ---
> Cleaning up request 2 ID 161 with timestamp 48d1f126
> Nothing to do.  Sleeping until we see a request.
>
> As you see, every time he told me "No authenticate method(Auth-Type)
> configuration found for the request..", I don't konw why?
> Could you please give me some help?
> Many Thanks!
> 2008-09-18
> --
> Jason Zhang
>
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
>
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

User-Name Authorization Problem in ldap module

[Syed Anwarul Hasan]

Dear Alan,Ivan and all,

I am having the Problem in rlm_ldap module in FreeRadius.
I am doing a MD5 based Authentication with a Windows XP Supplicant and a
Alcatel Switch acting as Authenticator and FreeRadius2.0.5 build  as Front
end and OpenLDAP 2.3.32 as backend.

When a Request is received the *FreeRadius rlm_ldap module is not able to
Authorize the User-Name in Authorize section.*
But when I tried with* radtest it was able to Authorize and bind the
identity with server. and authorized password.
I am unable to find the problem.

Please comment in this regard.

SYED

Debugged output with RADIUS Access Request received from Authenticator:*

rad_recv: Access-Request packet from host 192.168.1.2 port 1026, id=23,
length=118
User-Name = "hasan"
NAS-IP-Address = 192.168.1.2
State = 0xd2721542d2731113194d83152fbd73d0
NAS-Port = 1003
Calling-Station-Id = "000fb0ba868d"
EAP-Message =
0x0201001b0410aa93c55c3f5fb6f41369d77838fad2a2686173616e
Message-Authenticator = 0x6525206bdea6b09c81a5a3252e515782
+- entering group authorize
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
rlm_realm: No '@' in User-Name = "hasan", looking up realm NULL
rlm_realm: No such realm "NULL"
++[suffix] returns noop
  rlm_eap: EAP packet type response id 1 length 27
  rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
++[eap] returns updated
++[unix] returns notfound
++[files] returns noop
rlm_ldap: - authorize
*rlm_ldap: Attribute "User-Name" is required for authorization.*
*++[ldap] returns noop*
++[expiration] returns noop
++[logintime] returns noop
rlm_pap: WARNING! No "known good" password found for the user.
Authentication may fail because of this.
++[pap] returns noop
  rad_check_password:  Found Auth-Type EAP
auth: type "EAP"
+- entering group authenticate
  rlm_eap: Request found, released from the list
  rlm_eap: EAP/md5
  rlm_eap: processing type md5
rlm_eap_md5: Cleartext-Password is required for EAP-MD5 authentication
 rlm_eap: Handler failed in EAP/md5
  rlm_eap: Failed in EAP select
++[eap] returns invalid
auth: Failed to validate the user.
  Found Post-Auth-Type Reject
+- entering group REJECT
expand: %{User-Name} -> hasan
 attr_filter: Matched entry DEFAULT at line 11
++[attr_filter.access_reject] returns updated
Sending Access-Reject of id 23 to 192.168.1.2 port 1026
EAP-Message = 0x04010004
Message-Authenticator = 0x
Finished request 1.
Going to the next request

Debugged o/p with radtest:
radtest hasan password 192.168.1.131 10 testing123

*rlm_ldap: - authorize
rlm_ldap: performing user authorization for password
WARNING: Deprecated conditional expansion ":-".  See "man unlang" for
details
expand: (uid=%{Stripped-User-Name:-%{User-Name}}) -> (uid=hasan)
expand: dc=thales,dc=com -> dc=thales,dc=com
rlm_ldap: ldap_get_conn: Checking Id: 0
rlm_ldap: ldap_get_conn: Got Id: 0
rlm_ldap: attempting LDAP reconnection
rlm_ldap: (re)connect to localhost:389, authentication 0
rlm_ldap: bind as cn=Administrator,dc=thales,dc=com/thales to localhost:389
rlm_ldap: waiting for bind result ...
rlm_ldap: Bind was successful
rlm_ldap: performing search in dc=thales,dc=com, with filter (uid=hasan)
rlm_ldap: checking if remote access for password is allowed by uid
rlm_ldap: Added User-Password = password in check items
rlm_ldap: No default NMAS login sequence
rlm_ldap: looking for check items in directory...
rlm_ldap: looking for reply items in directory...
rlm_ldap: user password authorized to use remote access
rlm_ldap: ldap_release_conn: Release Id: 0*
++[ldap] returns ok
expiration] returns noop
++[logintime] returns noop
rlm_pap: WARNING! No "known good" password found for the user.
Authentication may fail because of this.
++[pap] returns noop
auth: No authenticate method (Auth-Type) configuration found for the
request: Rejecting the user
auth: Failed to validate the user.
  Found Post-Auth-Type Reject
+- entering group REJECT
expand: %{User-Name} -> hasan
 attr_filter: Matched entry DEFAULT at line 11
++[attr_filter.access_reject] returns updated
Sending Access-Reject of id 27 to 192.168.1.131 port 1068
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

User-Name Authorization Problem in ldap module

[Syed Anwarul Hasan]

Dear Alan,Ivan and all,

I am having the Problem in rlm_ldap module in FreeRadius.
I am doing a MD5 based Authentication with a Windows XP Supplicant and a
Alcatel Switch acting as Authenticator and FreeRadius2.0.5 build  as Front
end and OpenLDAP 2.3.32 as backend.

When a Request is received the *FreeRadius rlm_ldap module is not able to
Authorize the User-Name in Authorize section.*
But when I tried with* radtest it was able to Authorize and bind the
identity with server. and authorized password.
I am unable to find the problem.

Please comment in this regard.

SYED

Debugged output with RADIUS Access Request received from Authenticator:*

rad_recv: Access-Request packet from host 192.168.1.2 port 1026, id=23,
length=118
User-Name = "hasan"
NAS-IP-Address = 192.168.1.2
State = 0xd2721542d2731113194d83152fbd73d0
NAS-Port = 1003
Calling-Station-Id = "000fb0ba868d"
EAP-Message =
0x0201001b0410aa93c55c3f5fb6f41369d77838fad2a2686173616e
Message-Authenticator = 0x6525206bdea6b09c81a5a3252e515782
+- entering group authorize
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
rlm_realm: No '@' in User-Name = "hasan", looking up realm NULL
rlm_realm: No such realm "NULL"
++[suffix] returns noop
  rlm_eap: EAP packet type response id 1 length 27
  rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
++[eap] returns updated
++[unix] returns notfound
++[files] returns noop
rlm_ldap: - authorize
*rlm_ldap: Attribute "User-Name" is required for authorization.*
*++[ldap] returns noop*
++[expiration] returns noop
++[logintime] returns noop
rlm_pap: WARNING! No "known good" password found for the user.
Authentication may fail because of this.
++[pap] returns noop
  rad_check_password:  Found Auth-Type EAP
auth: type "EAP"
+- entering group authenticate
  rlm_eap: Request found, released from the list
  rlm_eap: EAP/md5
  rlm_eap: processing type md5
rlm_eap_md5: Cleartext-Password is required for EAP-MD5 authentication
 rlm_eap: Handler failed in EAP/md5
  rlm_eap: Failed in EAP select
++[eap] returns invalid
auth: Failed to validate the user.
  Found Post-Auth-Type Reject
+- entering group REJECT
expand: %{User-Name} -> hasan
 attr_filter: Matched entry DEFAULT at line 11
++[attr_filter.access_reject] returns updated
Sending Access-Reject of id 23 to 192.168.1.2 port 1026
EAP-Message = 0x04010004
Message-Authenticator = 0x
Finished request 1.
Going to the next request

Debugged o/p with radtest:
radtest hasan password 192.168.1.131 10 testing123

*rlm_ldap: - authorize
rlm_ldap: performing user authorization for password
WARNING: Deprecated conditional expansion ":-".  See "man unlang" for
details
expand: (uid=%{Stripped-User-Name:-%{User-Name}}) -> (uid=hasan)
expand: dc=thales,dc=com -> dc=thales,dc=com
rlm_ldap: ldap_get_conn: Checking Id: 0
rlm_ldap: ldap_get_conn: Got Id: 0
rlm_ldap: attempting LDAP reconnection
rlm_ldap: (re)connect to localhost:389, authentication 0
rlm_ldap: bind as cn=Administrator,dc=thales,dc=com/thales to localhost:389
rlm_ldap: waiting for bind result ...
rlm_ldap: Bind was successful
rlm_ldap: performing search in dc=thales,dc=com, with filter (uid=hasan)
rlm_ldap: checking if remote access for password is allowed by uid
rlm_ldap: Added User-Password = password in check items
rlm_ldap: No default NMAS login sequence
rlm_ldap: looking for check items in directory...
rlm_ldap: looking for reply items in directory...
rlm_ldap: user password authorized to use remote access
rlm_ldap: ldap_release_conn: Release Id: 0*
++[ldap] returns ok
expiration] returns noop
++[logintime] returns noop
rlm_pap: WARNING! No "known good" password found for the user.
Authentication may fail because of this.
++[pap] returns noop
auth: No authenticate method (Auth-Type) configuration found for the
request: Rejecting the user
auth: Failed to validate the user.
  Found Post-Auth-Type Reject
+- entering group REJECT
expand: %{User-Name} -> hasan
 attr_filter: Matched entry DEFAULT at line 11
++[attr_filter.access_reject] returns updated
Sending Access-Reject of id 27 to 192.168.1.131 port 1068
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: User-Password required Authentication problem

[Syed Anwarul Hasan]

Ivan , I have build the free radius on SLES 10 SP2 without e-directory
option. And also in ldap module, it is uncommented by default with value
e-dir_account_policy_check=no.So by default the Novell e-dir check is
disabled and further in the module I have uncommented the set_auth_type=yes
which is by default do LDAP binding for Authentication for Radius Pkts with
User-Password.So I have tried with these options. I am not knowing exactly
where I am going wrong.
Please comment.

Regards,
SYED



On Thu, Aug 28, 2008 at 1:37 PM, Ivan Kalik <[EMAIL PROTECTED]> wrote:

> Hm, that should work (password was found):
>
> >rlm_ldap: - authorize
> >rlm_ldap: performing user authorization for thales
> >WARNING: Deprecated conditional expansion ":-".  See "man unlang" for
> >details
> >expand: (uid=%{Stripped-User-Name:-%{User-Name}}) -> (uid=hasan)
> >expand: dc=thales,dc=com -> dc=thales,dc=com
> >rlm_ldap: ldap_get_conn: Checking Id: 0
> >rlm_ldap: ldap_get_conn: Got Id: 0
> >rlm_ldap: attempting LDAP reconnection
> >rlm_ldap: (re)connect to 127.0.0.1:389, authentication 0
> >rlm_ldap: bind as cn=Administrator,dc=thales,dc=com/thales to
> 127.0.0.1:389
> >rlm_ldap: waiting for bind result ...
> >rlm_ldap: Bind was successful
> >rlm_ldap: performing search in dc=thales,dc=com, with filter (uid=hasan)
> >rlm_ldap: checking if remote access for thales is allowed by uid
> >rlm_ldap: Added User-Password = thales in check items
> >rlm_ldap: No default NMAS login sequence
> >rlm_ldap: looking for check items in directory...
> >rlm_ldap: LDAP attribute userPassword as RADIUS attribute User-Password ==
> >"thales"
> >rlm_ldap: looking for reply items in directory...
> >rlm_ldap: user  authorized to use remote access
> >rlm_ldap: ldap_release_conn: Release Id: 0
> >++[ldap] returns ok
>
> but:
>
> >rlm_ldap: No default NMAS login sequence
>
> eDirectory? It might need additional settings. Have a look at
> edir_account_policy_check in ldap module and see if that has been set
> properly.
>
> Ivan Kalik
> Kalik Informatika ISP
>
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
>
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: User-Password required Authentication problem

[Syed Anwarul Hasan]

*yes Ivan.

Debug o:p  radiusd  -X*

Listening on authentication address * port 1812
Listening on accounting address * port 1813
Ready to process requests.
rad_recv: Access-Request packet from host 127.0.0.1 port 1031, id=171,
length=57
User-Name = "hasan"
User-Password = "thales"
NAS-IP-Address = 192.168.1.131
NAS-Port = 1
+- entering group authorize
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
rlm_realm: No '@' in User-Name = "hasan", looking up realm NULL
rlm_realm: No such realm "NULL"
++[suffix] returns noop
  rlm_eap: No EAP-Message, not doing EAP
++[eap] returns noop
++[unix] returns notfound
++[files] returns noop
rlm_ldap: - authorize
rlm_ldap: performing user authorization for thales
WARNING: Deprecated conditional expansion ":-".  See "man unlang" for
details
expand: (uid=%{Stripped-User-Name:-%{User-Name}}) -> (uid=hasan)
expand: dc=thales,dc=com -> dc=thales,dc=com
rlm_ldap: ldap_get_conn: Checking Id: 0
rlm_ldap: ldap_get_conn: Got Id: 0
rlm_ldap: attempting LDAP reconnection
rlm_ldap: (re)connect to 127.0.0.1:389, authentication 0
rlm_ldap: bind as cn=Administrator,dc=thales,dc=com/thales to 127.0.0.1:389
rlm_ldap: waiting for bind result ...
rlm_ldap: Bind was successful
rlm_ldap: performing search in dc=thales,dc=com, with filter (uid=hasan)
rlm_ldap: checking if remote access for thales is allowed by uid
rlm_ldap: Added User-Password = thales in check items
rlm_ldap: No default NMAS login sequence
rlm_ldap: looking for check items in directory...
rlm_ldap: LDAP attribute userPassword as RADIUS attribute User-Password ==
"thales"
rlm_ldap: looking for reply items in directory...
rlm_ldap: user  authorized to use remote access
rlm_ldap: ldap_release_conn: Release Id: 0
++[ldap] returns ok
++[expiration] returns noop
++[logintime] returns noop
*rlm_pap: WARNING! No "known good" password found for the user.
Authentication may fail because of this.
++[pap] returns noop
auth: No authenticate method (Auth-Type) configuration found for the
request: Rejecting the user
auth: Failed to validate the user.
  Found Post-Auth-Type Reject*
+- entering group REJECT
expand: %{User-Name} -> hasan
 attr_filter: Matched entry DEFAULT at line 11
++[attr_filter.access_reject] returns updated
Sending Access-Reject of id 171 to 127.0.0.1 port 1031

And the request/
* # radtest hasan thales localhost 1 testing123
Sending Access-Request of id 171 to 127.0.0.1 port 1812
User-Name = "hasan"
User-Password = "thales"
NAS-IP-Address = 192.168.1.131
NAS-Port = 1
rad_recv: Access-Reject packet from host 127.0.0.1 port 1812, id=171,
length=20*


2008/8/28 Ivan Kalik <[EMAIL PROTECTED]>

> Could be. You haven't posted the debug of request processing, so we
> can't see what's going on.
>
> Ivan Kalik
> Kalik Informatika ISP
>
>
> Dana 28/8/2008, "Syed Anwarul Hasan" <[EMAIL PROTECTED]>
> piše:
>
> >Hi Ivan, this is the request .Sorry Ivan, I didn't fix the name resolution
> >for locahost. This Problem is due to this.
> >I will fix the name resolution.
> >
> >SYED
> > # radtest hasan thales localhost 1 testing123
> >Sending Access-Request of id 241 to 127.0.0.1 port 1812
> >User-Name = "hasan"
> >User-Password = "thales"
> >NAS-IP-Address = 192.168.1.131
> >NAS-Port = 1
> >rad_recv: Access-Reject packet from host 127.0.0.1 port 1812, id=241,
> >length=20
> >
> >
> >2008/8/28 Ivan Kalik <[EMAIL PROTECTED]>
> >
> >> Well, ldap found the user but didn't find the password. Post the debug
> >> from the request.
> >>
> >> Ivan Kalik
> >> Kalik Informatika ISP
> >>
> >>
> >> Dana 28/8/2008, "Syed Anwarul Hasan" <[EMAIL PROTECTED]>
> >> piše:
> >>
> >> >Hi Alan,
> >> >Since I am using a Plain password in the LDAP database, hence I tried
> to
> >> do
> >> >LDAP Authentication with Auth-type set to LDAP.
> >> >Even I tried with only uncommenting ldap in Authorize and Authenticate
> >> >section of default file in sites-enabled.Still, I am having the Problem
> >> with
> >> >*no Authenticate method found for user error.
> >> >Please comment.
> >> >SYED
> >> >*
> >> >debug o/p:
> >> >++[ldap] returns ok
> >> >++[expiration] returns noop
> >> >++[logintime] returns noop
> >> >rlm_pap: WARNING! No "known good" password found for the user.
> >> >

Re: User-Password required Authentication problem

[Syed Anwarul Hasan]

Hi Ivan, this is the request .Sorry Ivan, I didn't fix the name resolution
for locahost. This Problem is due to this.
I will fix the name resolution.

SYED
 # radtest hasan thales localhost 1 testing123
Sending Access-Request of id 241 to 127.0.0.1 port 1812
User-Name = "hasan"
User-Password = "thales"
NAS-IP-Address = 192.168.1.131
NAS-Port = 1
rad_recv: Access-Reject packet from host 127.0.0.1 port 1812, id=241,
length=20


2008/8/28 Ivan Kalik <[EMAIL PROTECTED]>

> Well, ldap found the user but didn't find the password. Post the debug
> from the request.
>
> Ivan Kalik
> Kalik Informatika ISP
>
>
> Dana 28/8/2008, "Syed Anwarul Hasan" <[EMAIL PROTECTED]>
> piše:
>
> >Hi Alan,
> >Since I am using a Plain password in the LDAP database, hence I tried to
> do
> >LDAP Authentication with Auth-type set to LDAP.
> >Even I tried with only uncommenting ldap in Authorize and Authenticate
> >section of default file in sites-enabled.Still, I am having the Problem
> with
> >*no Authenticate method found for user error.
> >Please comment.
> >SYED
> >*
> >debug o/p:
> >++[ldap] returns ok
> >++[expiration] returns noop
> >++[logintime] returns noop
> >rlm_pap: WARNING! No "known good" password found for the user.
> >Authentication may fail because of this.
> >++[pap] returns noop
> >*auth: No authenticate method (Auth-Type) configuration found for the
> >request: Rejecting the user*
> >auth: Failed to validate the user.
> >  Found Post-Auth-Type Reject
> >+- entering group REJECT
> >expand: %{User-Name} -> hasan
> > attr_filter: Matched entry DEFAULT at line 11
> >
> >
> >On Wed, Aug 27, 2008 at 7:19 PM, Alan DeKok <[EMAIL PROTECTED]
> >wrote:
> >
> >> Syed Anwarul Hasan wrote:
> >> > ... Also in the Sites-enabled dir under default file, I have
> >> > added in the Authorize section I added,
> >> > *update control {
> >> >   Auth-Type :=ldap
> >>
> >>   Why?  All of the documentation and configuration files say DO NOT DO
> >> SET AUTH-TYPE.
> >>
> >> ...
> >> > rlm_ldap: Attribute "User-Password" is required for authentication.
> >> > Cannot use " (null)".
> >>
> >>   You are sending the server a request that doesn't contain a
> >> User-Password attribute.
> >>
> >>  Don't set Auth-Type.
> >>
> >>  Alan DeKok.
> >> -
> >> List info/subscribe/unsubscribe? See
> >> http://www.freeradius.org/list/users.html
> >>
> >
> >
>
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
>
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: User-Password required Authentication problem

[Syed Anwarul Hasan]

Hi Alan,
Since I am using a Plain password in the LDAP database, hence I tried to do
LDAP Authentication with Auth-type set to LDAP.
Even I tried with only uncommenting ldap in Authorize and Authenticate
section of default file in sites-enabled.Still, I am having the Problem with
*no Authenticate method found for user error.
Please comment.
SYED
*
debug o/p:
++[ldap] returns ok
++[expiration] returns noop
++[logintime] returns noop
rlm_pap: WARNING! No "known good" password found for the user.
Authentication may fail because of this.
++[pap] returns noop
*auth: No authenticate method (Auth-Type) configuration found for the
request: Rejecting the user*
auth: Failed to validate the user.
  Found Post-Auth-Type Reject
+- entering group REJECT
expand: %{User-Name} -> hasan
 attr_filter: Matched entry DEFAULT at line 11


On Wed, Aug 27, 2008 at 7:19 PM, Alan DeKok <[EMAIL PROTECTED]>wrote:

> Syed Anwarul Hasan wrote:
> > ... Also in the Sites-enabled dir under default file, I have
> > added in the Authorize section I added,
> > *update control {
> >   Auth-Type :=ldap
>
>   Why?  All of the documentation and configuration files say DO NOT DO
> SET AUTH-TYPE.
>
> ...
> > rlm_ldap: Attribute "User-Password" is required for authentication.
> > Cannot use " (null)".
>
>   You are sending the server a request that doesn't contain a
> User-Password attribute.
>
>  Don't set Auth-Type.
>
>  Alan DeKok.
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
>
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

User-Password required Authentication problem

[Syed Anwarul Hasan]

Hi Alan and all,

Thanks Alan for you earlier reply.
I have a problem for Authenticating Radius server with Openldap backend. In
the ldap.attrmap  I added the line
*checkitem   User-Password userPassword *and also under modules in ldap
module I have set_auth_type=yes for binding LDAP  for authentication for
User-Password. Also in the Sites-enabled dir under default file, I have
added in the Authorize section I added,
*update control {
  Auth-Type :=ldap
  }
ldap*

*And also enabled pap module with auto-header yes option.
*
So, after configuring in this manner,still I was not able to authenticate.
Please help in this regard.*

SYED


Radius Debug Output:*

r*ad_check_password:  Found Auth-Type ldap
auth: type "LDAP"
+- entering group LDAP
rlm_ldap: - authenticate
rlm_ldap: Attribute "User-Password" is required for authentication. Cannot
use " (null)".
++[ldap] returns invalid
auth: Failed to validate the user.
  Found Post-Auth-Type Reject*
+- entering group REJECT
expand: %{User-Name} -> hasan
 attr_filter: Matched entry DEFAULT at line 11
++[attr_filter.access_reject] returns updated
*Sending Access-Reject of id 225 to 127.0.0.1 port 1033*


*#using radtest:* *radtest hasan thales localhost 1 testing123*
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Integrating FreeRadius and Openldap: rlm_ldap not found error

[Syed Anwarul Hasan]

Ok,Alan. I will send debug o/p Short messages in future.

SYED

On Wed, Aug 27, 2008 at 11:58 AM, Alan DeKok <[EMAIL PROTECTED]>wrote:

> Syed Anwarul Hasan wrote:
> > I have done the following changes in the files below to test FreeRadius
> > Server against a Openldap backend
>
>   Please do not post the configuration files to the list.  You've sent
> over a LOT of data, much of which is unchanged from the files that ship
> with the server.
>
>  The only relevant portion is the following from the debug output;
>
> > /*usr/local/etc/raddb/modules/ldap[29]: Failed to link to module
> > 'rlm_ldap': rlm_ldap.so: cannot open shared object file: No such file or
> > directory
> > /usr/local/etc/raddb/sites-enabled/default[275]: Failed to find module
> > "ldap".
>
>   This is in the FAQ.  You have not installed or built the rlm_ldap
> module.  It may be in a separate package, if you installed freeradius
> from a package.
>
>  If you installed freeradius from source, you will need to install the
> OpenLDAP client libraries && development header files for your system.
> You should then re-build and re-install FreeRADIUS.
>
>  Alan DeKok.
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
>
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Integrating FreeRadius and Openldap: rlm_ldap not found error

[Syed Anwarul Hasan]

I have done the following changes in the files below to test FreeRadius
Server against a Openldap backend
.
*
1) /etc/raddb/modules/ldap*


ldap {
#
#  Note that this needs to match the name in the LDAP
#  server certificate, if you're using ldaps.
*server = "127.0.0.1"
identity = "cn=Administrator,dc=thales,dc=com"
password =  thales
basedn = "dc=thales,dc=com"
filter = "(uid=%{Stripped-User-Name:-%{User-Name}})"
base_filter = "(objectclass=radiusprofile)"*

  # default_profile = "cn=radprofile,ou=dialup,o=My Org,c=UA"
# profile_attribute = "radiusProfileDn"
 *access_attr = "dialupAccess"*

# Mapping of RADIUS dictionary attributes to LDAP
# directory attributes.
*dictionary_mapping = ${confdir}/ldap.attrmap
**password_attribute = userPassword

And also with no tls .




2) ldap.attrmap File with no changes.


*#
# Mapping of RADIUS dictionary attributes to LDAP directory attributes
# to be used by LDAP authentication and authorization module (rlm_ldap)
#
# Format:
#   ItemTypeRADIUS-Attribute-NameldapAttributeName  [operator]
#
# Where:
#   ItemType  = checkItem or replyItem
#   RADIUS-Attribute-Name = attribute name in RADIUS dictionary
#   ldapAttributeName = attribute name in LDAP schema
#   operator  = optional, and may not be present.
#If not present, defaults to "==" for checkItems,
#and "=" for replyItems.
#If present, the operator here should be one
#of the same operators as defined in the "users"3
#file ("man users", or "man 5 users").
#If an operator is present in the value of the
#LDAP entry (i.e. ":=foo"), then it over-rides
#both the default, and any operator given here.
#
# If $GENERIC$ is specified as RADIUS-Attribute-Name, the line specifies
# a LDAP attribute which can be used to store any RADIUS
# attribute/value-pair in LDAP directory.
#
# You should edit this file to suit it to your needs.
#

checkItem$GENERIC$radiusCheckItem
replyItem$GENERIC$radiusReplyItem

checkItemAuth-TyperadiusAuthType
checkItemSimultaneous-UseradiusSimultaneousUse
checkItemCalled-Station-IdradiusCalledStationId
checkItemCalling-Station-IdradiusCallingStationId
checkItemLM-PasswordlmPassword
checkItemNT-PasswordntPassword
checkItemLM-PasswordsambaLmPassword
checkItemNT-PasswordsambaNtPassword
checkItemSMB-Account-CTRL-TEXTacctFlags
checkItemExpirationradiusExpiration
checkItemNAS-IP-AddressradiusNASIpAddress

replyItemService-TyperadiusServiceType
replyItemFramed-ProtocolradiusFramedProtocol
replyItemFramed-IP-AddressradiusFramedIPAddress
replyItemFramed-IP-NetmaskradiusFramedIPNetmask
replyItemFramed-RouteradiusFramedRoute
replyItemFramed-RoutingradiusFramedRouting
replyItemFilter-IdradiusFilterId
replyItemFramed-MTUradiusFramedMTU
replyItemFramed-CompressionradiusFramedCompression
replyItemLogin-IP-HostradiusLoginIPHost
replyItemLogin-ServiceradiusLoginService
replyItemLogin-TCP-PortradiusLoginTCPPort
replyItemCallback-NumberradiusCallbackNumber
replyItemCallback-IdradiusCallbackId
replyItemFramed-IPX-NetworkradiusFramedIPXNetwork
replyItemClassradiusClass
replyItemSession-TimeoutradiusSessionTimeout
replyItemIdle-TimeoutradiusIdleTimeout
replyItemTermination-ActionradiusTerminationAction
replyItemLogin-LAT-ServiceradiusLoginLATService
replyItemLogin-LAT-NoderadiusLoginLATNode
replyItemLogin-LAT-GroupradiusLoginLATGroup
replyItemFramed-AppleTalk-LinkradiusFramedAppleTalkLink
replyItemFramed-AppleTalk-NetworkradiusFramedAppleTalkNetwork
replyItemFramed-AppleTalk-ZoneradiusFramedAppleTalkZone
replyItemPort-LimitradiusPortLimit
replyItemLogin-LAT-PortradiusLoginLATPort
replyItemReply-MessageradiusReplyMessage*


3) /etc/openldap/ldap.conf
#*
# LDAP Defaults
#

# See ldap.conf(5) for details
# This file should be world readable but not world writable.

#BASEdc=example, dc=com
#URIldap://ldap.example.com ldap://ldap-master.example.com:666

#SIZELIMIT12
#TIMELIMIT15
#DEREFnever
#TLS_REQCERTallow*
hostlocalhost
basedc=thales,dc=com


4) /etc/openldap/slapd.conf

#
# See slapd.conf(5) for details on configuration options.
# This file should NOT be world readable.
#
include/etc/openldap/schema/core.schema
include/etc/openldap/schema/cosine.schema
incl

Re: FreeRadius Basic Authentication Problem

[Syed Anwarul Hasan]

Thank you *Ivan* for your help and exact advice. I was able to debug and
able to do user Authentication as you said.
I once again thanks FreeRadius OpenSource Community for helping people with
their Questions.

SYED


On Fri, Aug 22, 2008 at 4:14 PM, orion <[EMAIL PROTECTED]> wrote:

> do not use
> *Auth-Type :=System,*
> dont use Auth-Type at all.
>
>
> 2008/8/22 Syed Anwarul Hasan <[EMAIL PROTECTED]>
>
>> FreeRADIUS Version 2.0.5, for host i686-pc-linux-gnu, built on Jul 21 2008
>> at 15:35:42
>> Copyright (C) 1999-2008 The FreeRADIUS server project and contributors.
>> There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A
>> PARTICULAR PURPOSE.
>> You may redistribute copies of FreeRADIUS under the terms of the
>> GNU General Public License v2.
>> Starting - reading configuration files ...
>> including configuration file /usr/local/etc/raddb/radiusd.conf
>> including configuration file /usr/local/etc/raddb/proxy.conf
>> including configuration file /usr/local/etc/raddb/clients.conf
>> including configuration file /usr/local/etc/raddb/snmp.conf
>> including files in directory /usr/local/etc/raddb/modules/
>> including configuration file /usr/local/etc/raddb/modules/policy
>> including configuration file /usr/local/etc/raddb/modules/acct_unique
>> including configuration file /usr/local/etc/raddb/modules/unix
>> including configuration file /usr/local/etc/raddb/modules/chap
>> including configuration file /usr/local/etc/raddb/modules/preprocess
>> including configuration file /usr/local/etc/raddb/modules/expiration
>> including configuration file /usr/local/etc/raddb/modules/mac2vlan
>> including configuration file /usr/local/etc/raddb/modules/mschap
>> including configuration file /usr/local/etc/raddb/modules/ippool
>> including configuration file /usr/local/etc/raddb/modules/files
>> including configuration file /usr/local/etc/raddb/modules/krb5
>> including configuration file /usr/local/etc/raddb/modules/passwd
>> including configuration file /usr/local/etc/raddb/modules/radutmp
>> including configuration file /usr/local/etc/raddb/modules/attr_rewrite
>> including configuration file /usr/local/etc/raddb/modules/echo
>> including configuration file /usr/local/etc/raddb/modules/etc_group
>> including configuration file /usr/local/etc/raddb/modules/pap
>> including configuration file /usr/local/etc/raddb/modules/realm
>> including configuration file /usr/local/etc/raddb/modules/pam
>> including configuration file /usr/local/etc/raddb/modules/always
>> including configuration file /usr/local/etc/raddb/modules/exec
>> including configuration file /usr/local/etc/raddb/modules/logintime
>> including configuration file /usr/local/etc/raddb/modules/sql_log
>> including configuration file /usr/local/etc/raddb/modules/smbpasswd
>> including configuration file /usr/local/etc/raddb/modules/sradutmp
>> including configuration file /usr/local/etc/raddb/modules/counter
>> including configuration file /usr/local/etc/raddb/modules/ldap
>> including configuration file /usr/local/etc/raddb/modules/expr
>> including configuration file /usr/local/etc/raddb/modules/attr_filter
>> including configuration file /usr/local/etc/raddb/modules/checkval
>> including configuration file /usr/local/etc/raddb/modules/digest
>> including configuration file /usr/local/etc/raddb/modules/detail
>> including configuration file /usr/local/etc/raddb/modules/detail.log
>> including configuration file /usr/local/etc/raddb/modules/mac2ip
>> including configuration file /usr/local/etc/raddb/eap.conf
>> including configuration file /usr/local/etc/raddb/sql.conf
>> including configuration file /usr/local/etc/raddb/sql/mysql/dialup.conf
>> including configuration file /usr/local/etc/raddb/sql/mysql/counter.conf
>> including configuration file /usr/local/etc/raddb/policy.conf
>> including files in directory /usr/local/etc/raddb/sites-enabled/
>> including configuration file /usr/local/etc/raddb/sites-enabled/default
>> including configuration file
>> /usr/local/etc/raddb/sites-enabled/inner-tunnel
>> including dictionary file /usr/local/etc/raddb/dictionary
>> main {
>> prefix = "/usr/local"
>> localstatedir = "/usr/local/var"
>> logdir = "/usr/local/var/log/radius"
>> libdir = "/usr/local/lib"
>> radacctdir = "/usr/local/var/log/radius/radacct"
>> hostname_lookups = no
>> max_request_time = 30
>> cleanup_delay = 5
>> max_requests = 1024
>> allow_core_dumps = no
>&

FreeRadius Basic Authentication Problem

[Syed Anwarul Hasan]

FreeRADIUS Version 2.0.5, for host i686-pc-linux-gnu, built on Jul 21 2008
at 15:35:42
Copyright (C) 1999-2008 The FreeRADIUS server project and contributors.
There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A
PARTICULAR PURPOSE.
You may redistribute copies of FreeRADIUS under the terms of the
GNU General Public License v2.
Starting - reading configuration files ...
including configuration file /usr/local/etc/raddb/radiusd.conf
including configuration file /usr/local/etc/raddb/proxy.conf
including configuration file /usr/local/etc/raddb/clients.conf
including configuration file /usr/local/etc/raddb/snmp.conf
including files in directory /usr/local/etc/raddb/modules/
including configuration file /usr/local/etc/raddb/modules/policy
including configuration file /usr/local/etc/raddb/modules/acct_unique
including configuration file /usr/local/etc/raddb/modules/unix
including configuration file /usr/local/etc/raddb/modules/chap
including configuration file /usr/local/etc/raddb/modules/preprocess
including configuration file /usr/local/etc/raddb/modules/expiration
including configuration file /usr/local/etc/raddb/modules/mac2vlan
including configuration file /usr/local/etc/raddb/modules/mschap
including configuration file /usr/local/etc/raddb/modules/ippool
including configuration file /usr/local/etc/raddb/modules/files
including configuration file /usr/local/etc/raddb/modules/krb5
including configuration file /usr/local/etc/raddb/modules/passwd
including configuration file /usr/local/etc/raddb/modules/radutmp
including configuration file /usr/local/etc/raddb/modules/attr_rewrite
including configuration file /usr/local/etc/raddb/modules/echo
including configuration file /usr/local/etc/raddb/modules/etc_group
including configuration file /usr/local/etc/raddb/modules/pap
including configuration file /usr/local/etc/raddb/modules/realm
including configuration file /usr/local/etc/raddb/modules/pam
including configuration file /usr/local/etc/raddb/modules/always
including configuration file /usr/local/etc/raddb/modules/exec
including configuration file /usr/local/etc/raddb/modules/logintime
including configuration file /usr/local/etc/raddb/modules/sql_log
including configuration file /usr/local/etc/raddb/modules/smbpasswd
including configuration file /usr/local/etc/raddb/modules/sradutmp
including configuration file /usr/local/etc/raddb/modules/counter
including configuration file /usr/local/etc/raddb/modules/ldap
including configuration file /usr/local/etc/raddb/modules/expr
including configuration file /usr/local/etc/raddb/modules/attr_filter
including configuration file /usr/local/etc/raddb/modules/checkval
including configuration file /usr/local/etc/raddb/modules/digest
including configuration file /usr/local/etc/raddb/modules/detail
including configuration file /usr/local/etc/raddb/modules/detail.log
including configuration file /usr/local/etc/raddb/modules/mac2ip
including configuration file /usr/local/etc/raddb/eap.conf
including configuration file /usr/local/etc/raddb/sql.conf
including configuration file /usr/local/etc/raddb/sql/mysql/dialup.conf
including configuration file /usr/local/etc/raddb/sql/mysql/counter.conf
including configuration file /usr/local/etc/raddb/policy.conf
including files in directory /usr/local/etc/raddb/sites-enabled/
including configuration file /usr/local/etc/raddb/sites-enabled/default
including configuration file /usr/local/etc/raddb/sites-enabled/inner-tunnel
including dictionary file /usr/local/etc/raddb/dictionary
main {
prefix = "/usr/local"
localstatedir = "/usr/local/var"
logdir = "/usr/local/var/log/radius"
libdir = "/usr/local/lib"
radacctdir = "/usr/local/var/log/radius/radacct"
hostname_lookups = no
max_request_time = 30
cleanup_delay = 5
max_requests = 1024
allow_core_dumps = no
pidfile = "/usr/local/var/run/radiusd/radiusd.pid"
checkrad = "/usr/local/sbin/checkrad"
debug_level = 0
proxy_requests = yes
 log {
stripped_names = no
auth = no
auth_badpass = no
auth_goodpass = no
 }
}
 client localhost {
ipaddr = 127.0.0.1
require_message_authenticator = no
secret = "testing123"
shortname = "localhost"
nastype = "other"
 }
radiusd:  Loading Realms and Home Servers 
 proxy server {
retry_delay = 5
retry_count = 3
default_fallback = no
dead_time = 120
wake_all_if_all_dead = no
 }
 home_server localhost {
ipaddr = 127.0.0.1
port = 1812
type = "auth"
secret = "testing123"
response_window = 20
max_outstanding = 65536
zombie_period = 40
status_check = "status-server"
ping_check = "none"
ping_interval = 30
check_interval = 30
num_answers_to_alive = 3
num_pings_to_alive = 3
revive_interval = 120
status_check_timeout = 4