Freeradius, Cisco Catalyst 2950, Windwos Domain
Hello I'm now trying more than a week to find a solution for my needs: Equipment: Windows XP Client, Cisco Catalyst 2950, Freeradius Server (Debian Linux) and Windows 2000 Domain. Scenario: 1. Windows XP Client boots up. 2. Windows XP authenticates and brings the port to the authorized state. 3. User logs in to the Windows Domain. My Questions: 1. How do I have to configure the Windows XP Client? I found out, that the only setup that tries to authenticate before the users logs in is PEAP with "Authenticate as computer when information is available". Is that correct? Is there a possibility to send user name and password of the user before the domain login? 2.How do I configure the FreeRadius server? I tried it with PEAP and host/myhostname.mydomain.com but I got an error (see below). Who do I have to specify the password for this? 3. What would be the best practice for this problem? Thanks a lot Marco -- rlm_eap_peap: EAPTLS_OK rlm_eap_peap: Session established. Decoding tunneled attributes. rlm_eap_peap: Received EAP-TLV response. rlm_eap_peap: Tunneled data is valid. rlm_eap_peap: Had sent TLV failure, rejecting. rlm_eap: Handler failed in EAP/peap rlm_eap: Failed in EAP select modcall[authenticate]: module "eap" returns invalid for request 23 modcall: group authenticate returns invalid for request 23 auth: Failed to validate the user. Delaying request 23 for 1 seconds Finished request 23 Going to the next request Waking up in 6 seconds... rad_recv: Access-Request packet from host 192.168.107.44:1812, id=87, length=180 Sending Access-Reject of id 87 to 192.168.107.44:1812 EAP-Message = 0x04070004 Message-Authenticator = 0x - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Freeradius, Cisco Catalyst 2950, Windwos Domain
"M.Cerqui - PUBLISHERIA" <[EMAIL PROTECTED]> wrote: > 1. How do I have to configure the Windows XP Client? I > found out, that the only setup that tries to authenticate before the > users logs in is PEAP with "Authenticate as computer when information is > available". Is that correct? Yes. > Is there a possibility to send user name and password of the user > before the domain login? That will happen automatically when you use PEAP. > 2.How do I configure the FreeRadius server? I tried it > with PEAP and host/myhostname.mydomain.com but I got an error (see > below). Who do I have to specify the password for this? ... > rlm_eap_peap: Had sent TLV failure, rejecting. If you're only going to read the last few lines of the debug log, then there's no point in running the server in debugging mode. Please either read, or post, the rest of the debug log. It WILL tell you what's going wrong, and why. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Freeradius, Cisco Catalyst 2950, Windwos Domain
" That will happen automatically when you use PEAP. ..." Are you sure with this? The catalyst and Freeradius don't even move a bit before a successful windows login if I only use this "use user information from windows login" option. Only when I activate "Authenticate as computer when information is available" the Freeradius Server "does something" before a successful login. Thanks Marco Alan DeKok wrote: "M.Cerqui - PUBLISHERIA" <[EMAIL PROTECTED]> wrote: 1. How do I have to configure the Windows XP Client? I found out, that the only setup that tries to authenticate before the users logs in is PEAP with "Authenticate as computer when information is available". Is that correct? Yes. Is there a possibility to send user name and password of the user before the domain login? That will happen automatically when you use PEAP. 2.How do I configure the FreeRadius server? I tried it with PEAP and host/myhostname.mydomain.com but I got an error (see below). Who do I have to specify the password for this? ... rlm_eap_peap: Had sent TLV failure, rejecting. If you're only going to read the last few lines of the debug log, then there's no point in running the server in debugging mode. Please either read, or post, the rest of the debug log. It WILL tell you what's going wrong, and why. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Freeradius, Cisco Catalyst 2950, Windwos Domain
"M.Cerqui - PUBLISHERIA" <[EMAIL PROTECTED]> wrote: > Are you sure with this? If cofnigured correctly, yes. > The catalyst and Freeradius don't even move a bit before a > successful windows login if I only use this "use user information > from windows login" option. So you've configured the AP && windows machine to NOT use FreeRADIUS for authentication. > Only when I activate "Authenticate as computer when information is > available" the Freeradius Server "does something" before a > successful login. Since you're not going to post the debug log to explain what "does something" means, even after you were asked to post it, I really help you. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: Freeradius, Cisco Catalyst 2950, Windwos Domain
Sorry for my bad english... the problem is, that I can't post any debug information because there isn't any. I start "freeradius -X" and turn "debug radius" on my catalyst on, but with the following windows xp configuration nothing occurs on the server and switch until I have logged in and the desktop is loaded. My Windows XP SP2 configuration: My Network Places / Ethernet Network Connection / Properties /Authentication: Enable IEEE 802.1y authentication for this network -> SELECTED Authenticate as computer when computer information is available -> NOT SELECTED Authenticate as guest when user or computer information is unavailable -> NOT SELECTED EAP type: Protected EAP (PEAP) -> Properties Validate server certificate -> NOT SELECTED Enable Fast Reconnect -> NOT SELECTED Select Authentication Method: Secured password (eap-mschap v2) -> Properties Automatically use my Windows logon name and password (anddomain if any) -> SELECTED Thanks for your help Marco -Original Message- From: Alan DeKok [mailto:[EMAIL PROTECTED] Sent: Montag, 4. Oktober 2004 17:52 To: [EMAIL PROTECTED] Subject: Re: Freeradius, Cisco Catalyst 2950, Windwos Domain "M.Cerqui - PUBLISHERIA" <[EMAIL PROTECTED]> wrote: > Are you sure with this? If cofnigured correctly, yes. > The catalyst and Freeradius don't even move a bit before a > successful windows login if I only use this "use user information > from windows login" option. So you've configured the AP && windows machine to NOT use FreeRADIUS for authentication. > Only when I activate "Authenticate as computer when information is > available" the Freeradius Server "does something" before a > successful login. Since you're not going to post the debug log to explain what "does something" means, even after you were asked to post it, I really help you. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Freeradius, Cisco Catalyst 2950, Windwos Domain
"M.Cerqui - PUBLISHERIA" <[EMAIL PROTECTED]> wrote: > Sorry for my bad english... the problem is, that I can't post any debug > information because there isn't any. I start "freeradius -X" and turn "debug > radius" on my catalyst on, but with the following windows xp configuration > nothing occurs on the server and switch until I have logged in and the > desktop is loaded. If the windows box is accessing the network via wireless, without FreeRADIUS being involved, then you haven't configured the AP to require authentication. Fix that. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: Freeradius, Cisco Catalyst 2950, Windwos Domain
No wireless, wired environment! Authentication is required because the port goes into unauthenticated state and I haven't got any network access. [EMAIL PROTECTED] said... -Original Message- From: Alan DeKok [mailto:[EMAIL PROTECTED] Sent: Montag, 4. Oktober 2004 21:07 To: [EMAIL PROTECTED] Subject: Re: Freeradius, Cisco Catalyst 2950, Windwos Domain "M.Cerqui - PUBLISHERIA" <[EMAIL PROTECTED]> wrote: > Sorry for my bad english... the problem is, that I can't post any debug > information because there isn't any. I start "freeradius -X" and turn "debug > radius" on my catalyst on, but with the following windows xp configuration > nothing occurs on the server and switch until I have logged in and the > desktop is loaded. If the windows box is accessing the network via wireless, without FreeRADIUS being involved, then you haven't configured the AP to require authentication. Fix that. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: Freeradius, Cisco Catalyst 2950, Windwos Domain
If nothing shows in the radius debug, my guess is that you haven't configured the 2950 properly, i.e you have the wrong ip adress to the radius server. The configuration should look like this: aaa new-model aaa authentication dot1x default group radius radius-server host auth-port 1812 acct-port 1813 key On the ethernet interface, you shold have this: dot1x port-control auto - Øystein Gåsdal > -Original Message- > From: M.Cerqui - PUBLISHERIA [mailto:[EMAIL PROTECTED] > Sent: 4. oktober 2004 21:02 > To: [EMAIL PROTECTED] > Subject: RE: Freeradius, Cisco Catalyst 2950, Windwos Domain > > No wireless, wired environment! Authentication is required > because the port goes into unauthenticated state and I > haven't got any network access. > > > > [EMAIL PROTECTED] said... > > > -Original Message- > From: Alan DeKok [mailto:[EMAIL PROTECTED] > Sent: Montag, 4. Oktober 2004 21:07 > To: [EMAIL PROTECTED] > Subject: Re: Freeradius, Cisco Catalyst 2950, Windwos Domain > > "M.Cerqui - PUBLISHERIA" <[EMAIL PROTECTED]> wrote: > > Sorry for my bad english... the problem is, that I can't post any > > debug information because there isn't any. I start > "freeradius -X" and > > turn > "debug > > radius" on my catalyst on, but with the following windows xp > > configuration nothing occurs on the server and switch until I have > > logged in and the desktop is loaded. > > If the windows box is accessing the network via wireless, > without FreeRADIUS being involved, then you haven't > configured the AP to require authentication. > > Fix that. > > Alan DeKok. > > > > - > List info/subscribe/unsubscribe? See > http://www.freeradius.org/list/users.html > > > > - > List info/subscribe/unsubscribe? See > http://www.freeradius.org/list/users.html > - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Freeradius, Cisco Catalyst 2950, Windwos Domain
Hi Øystein Thanks for your help. I have the Calatlyst already configured like this and even when I turn on the "debug radius" option on the catalyst there is no output before a successful login :-( I now have tried the Aegis Client as Supplicant on Windows and with this supplicant authentication before domain login works perfectly (PEAP). Any other idea? Is the default Microsoft Windows XP supplicant that bad? Cheers Marco Øystein Gåsdal wrote: If nothing shows in the radius debug, my guess is that you haven't configured the 2950 properly, i.e you have the wrong ip adress to the radius server. The configuration should look like this: aaa new-model aaa authentication dot1x default group radius radius-server host auth-port 1812 acct-port 1813 key On the ethernet interface, you shold have this: dot1x port-control auto - Øystein Gåsdal -Original Message- From: M.Cerqui - PUBLISHERIA [mailto:[EMAIL PROTECTED]] Sent: 4. oktober 2004 21:02 To: [EMAIL PROTECTED] Subject: RE: Freeradius, Cisco Catalyst 2950, Windwos Domain No wireless, wired environment! Authentication is required because the port goes into unauthenticated state and I haven't got any network access. [EMAIL PROTECTED] said... -Original Message- From: Alan DeKok [mailto:[EMAIL PROTECTED]] Sent: Montag, 4. Oktober 2004 21:07 To: [EMAIL PROTECTED] Subject: Re: Freeradius, Cisco Catalyst 2950, Windwos Domain "M.Cerqui - PUBLISHERIA" <[EMAIL PROTECTED]> wrote: Sorry for my bad english... the problem is, that I can't post any debug information because there isn't any. I start "freeradius -X" and turn "debug radius" on my catalyst on, but with the following windows xp configuration nothing occurs on the server and switch until I have logged in and the desktop is loaded. If the windows box is accessing the network via wireless, without FreeRADIUS being involved, then you haven't configured the AP to require authentication. Fix that. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: Freeradius, Cisco Catalyst 2950, Windwos Domain
The WindowsXP supplicant works for me...kinda. It sends requests via my 2950, but i still can't logon, but I guess that has something to do with the configuration on the radius server. In Network Connections -> -> Authentication, it says something like this. Enable IEEE 802.1x etc. is marked EAP type: Protected EAP (PEAP) Press the Properties button Take away the Validate server certificate mark. Under Select Authentication Method, choose Secured password (EAP-MSCHAP v2) Do you have the same? Anyway, does this mean you have been able to authenticate users via a NT domain? What files did you configure to make it work? and what parameters? - Øystein From: M.Cerqui - PUBLISHERIA [mailto:[EMAIL PROTECTED] Sent: 8. oktober 2004 11:45To: [EMAIL PROTECTED]Subject: Re: Freeradius, Cisco Catalyst 2950, Windwos Domain Hi ØysteinThanks for your help. I have the Calatlyst already configured like this and even when I turn on the "debug radius" option on the catalyst there is no output before a successful login :-( I now have tried the Aegis Client as Supplicant on Windows and with this supplicant authentication before domain login works perfectly (PEAP). Any other idea? Is the default Microsoft Windows XP supplicant that bad?CheersMarcoØystein Gåsdal wrote: If nothing shows in the radius debug, my guess is that you haven't configured the 2950 properly, i.e you have the wrong ip adress to the radius server. The configuration should look like this: aaa new-model aaa authentication dot1x default group radius radius-server host auth-port 1812 acct-port 1813 key On the ethernet interface, you shold have this: dot1x port-control auto - Øystein Gåsdal -Original Message- From: M.Cerqui - PUBLISHERIA [mailto:[EMAIL PROTECTED]] Sent: 4. oktober 2004 21:02 To: [EMAIL PROTECTED] Subject: RE: Freeradius, Cisco Catalyst 2950, Windwos Domain No wireless, wired environment! Authentication is required because the port goes into unauthenticated state and I haven't got any network access. [EMAIL PROTECTED] said... -Original Message- From: Alan DeKok [mailto:[EMAIL PROTECTED]] Sent: Montag, 4. Oktober 2004 21:07 To: [EMAIL PROTECTED] Subject: Re: Freeradius, Cisco Catalyst 2950, Windwos Domain "M.Cerqui - PUBLISHERIA" <[EMAIL PROTECTED]> wrote: Sorry for my bad english... the problem is, that I can't post any debug information because there isn't any. I start "freeradius -X" and turn "debug radius" on my catalyst on, but with the following windows xp configuration nothing occurs on the server and switch until I have logged in and the desktop is loaded. If the windows box is accessing the network via wireless, without FreeRADIUS being involved, then you haven't configured the AP to require authentication. Fix that. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Freeradius, Cisco Catalyst 2950, Windwos Domain
Here my 2950 configuration: usts01# configure terminal <>usts01(config)# aaa new-model usts01(config)# aaa authentication dot1x default group radius <> usts01(config)# dot1x system-auth-control <> usts01(config)# aaa authorization network default group radius <> usts01(config)# interface FastEthernet0/1 <> usts01(config-if)# dot1 port-control auto<> usts01(config-if)# end usts01(config)# radius-server host 192.168.107.43 auth-port 1812 acct-port 1813 key whatever My goal is, that the windows supplicant does the authentication BEFORE the windows login, because without that I don't have any connection to the domain controller. I had the same configuration for the windows supplicant, but it didn't send any request when I did the login, so I didn't get any connection to the DC -> login failed. Now I use the Aegis client and with this, I works perfectly! The disadvantage is, that you have to pay for the client. You understand what I mean? I created a user account for the computer in the users file for the authentication. Did the windows supplicant with your configuration send the user name / password before connecting to the DC? Cheers Marco Øystein Gåsdal wrote: The WindowsXP supplicant works for me...kinda. It sends requests via my 2950, but i still can't logon, but I guess that has something to do with the configuration on the radius server. In Network Connections -> -> Authentication, it says something like this. Enable IEEE 802.1x etc. is marked EAP type: Protected EAP (PEAP) Press the Properties button Take away the Validate server certificate mark. Under Select Authentication Method, choose Secured password (EAP-MSCHAP v2) Do you have the same? Anyway, does this mean you have been able to authenticate users via a NT domain? What files did you configure to make it work? and what parameters? - Øystein From: M.Cerqui - PUBLISHERIA [mailto:[EMAIL PROTECTED]] Sent: 8. oktober 2004 11:45 To: [EMAIL PROTECTED] Subject: Re: Freeradius, Cisco Catalyst 2950, Windwos Domain Hi Øystein Thanks for your help. I have the Calatlyst already configured like this and even when I turn on the "debug radius" option on the catalyst there is no output before a successful login :-( I now have tried the Aegis Client as Supplicant on Windows and with this supplicant authentication before domain login works perfectly (PEAP). Any other idea? Is the default Microsoft Windows XP supplicant that bad? Cheers Marco Øystein Gåsdal wrote: If nothing shows in the radius debug, my guess is that you haven't configured the 2950 properly, i.e you have the wrong ip adress to the radius server. The configuration should look like this: aaa new-model aaa authentication dot1x default group radius radius-server host auth-port 1812 acct-port 1813 key On the ethernet interface, you shold have this: dot1x port-control auto - Øystein Gåsdal -Original Message- From: M.Cerqui - PUBLISHERIA [mailto:[EMAIL PROTECTED]] Sent: 4. oktober 2004 21:02 To: [EMAIL PROTECTED] Subject: RE: Freeradius, Cisco Catalyst 2950, Windwos Domain No wireless, wired environment! Authentication is required because the port goes into unauthenticated state and I haven't got any network access. [EMAIL PROTECTED] said... -Original Message- From: Alan DeKok [mailto:[EMAIL PROTECTED]] Sent: Montag, 4. Oktober 2004 21:07 To: [EMAIL PROTECTED] Subject: Re: Freeradius, Cisco Catalyst 2950, Windwos Domain "M.Cerqui - PUBLISHERIA" <[EMAIL PROTECTED]> wrote: Sorry for my bad english... the problem is, that I can't post any debug information because there isn't any. I start "freeradius -X" and turn "debug radius" on my catalyst on, but with the following windows xp configuration nothing occurs on the server and switch until I have logged in and the desktop is loaded. If the windows box is accessing the network via wireless, without FreeRADIUS being involved, then you haven't configured the AP to require authentication. Fix that. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: Freeradius, Cisco Catalyst 2950, Windwos Domain
> -Original Message- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On > Behalf Of M.Cerqui - PUBLISHERIA > Sent: Friday, October 08, 2004 8:01 AM > To: [EMAIL PROTECTED] > Subject: Re: Freeradius, Cisco Catalyst 2950, Windwos Domain > > > My goal is, that the windows supplicant does the > authentication BEFORE the windows login, because without that > I don't have any connection to the domain controller. When a Windows machine belongs to a domain, it needs to contact the DC on boot (way before a successful login or any user interaction). At that time the PC acquires policies from GPO's. This means that you must have 802.1X credentials stored somewhere on the PC so the box can authenticate without any user interaction. The only way I know making it work is by using EAP-TLS. I got this to work by setting up the PC to use EAP-TLS, get a client certificate, and store it in the COMPUTER ACCOUNT certificate store of the PC. When an XP box (post SP1) boots, it will check the computer account certificate store for a valid cert, do an EAP-TLS auth session and change the authenticator mode (doesn't matter if it's a switch port or an AP) to authorized and get the PC on the network to continue with domain association. When a user logs into this box, the default behavior (post SP1) will be to re-authenticate with the user credentials (this can be changed in the registry). Read all about it at: http://www.microsoft.com/resources/documentation/WindowsServ/2003/all/techref/en-us/Default.asp?url=/resources/documentation/WindowsServ/2003/all/techref/en-us/w2k3tr_wir_tools.asp -- Matanya - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Freeradius, Cisco Catalyst 2950, Windwos Domain
Marco's observations about XP's supplicant behavior are true. Microsoft made a rather poor implementation of 802.1x in Windows XP. By default, XP does not respond to a 1x challenge, or attempt a 1x logon until the user enters credentials into GINA. This is unfortunate, because the host may require network access prior to this point. For example, a host joined to an AD domain will need to reach the AD controller in order to authenticate the user, but Microsoft's 1x supplicant will not yet have attempted a 1x logon. Nor will Windows have responded to a 1x challenge from the network. The port will be in an unauthorized state, so Windows will be unable to authenticate the user to AD. Cisco provides a solution for this problem, with the directive (dot1x guest-vlan 555). If an attached host is unresponsive to 1x challenges within a configurable timeout (dot1x timeout tx-period 15), the port will be placed into a state similar to authorized, but assigned to the configured guest vlan. This works fine for non-1x hosts, such as printers, but creates a headache on XP hosts, because of the hosts DHCP client timeout, etc. Windows XP also has a solution for this problem, which Marco was struggling with in this thread. The Network Connections -> Properties -> Authentication tab has an option "Authenticate as computer..." That option, along with a "Supplicant Mode" registry key tweak will cause XP to behave more like the Supplicant PAE State- Machine described in the IEEE standard, though not wholly so. It appears that the "Authenticate as computer..." option is the only way to pre-authenticate the network port. Pre-authenticate, in my environment, means to place the port into an authenticated state, but in a tightly limited vlan. Hosts can reach nothing from this vlan, except the AD controller. The "Authenticate as computer..." option accomplishes this very well. The problem with the "Authenticate as computer..." option is that it requires integration with Active Directory. You cannot choose one auth type for "as computer..." and another for the normal user login. The "as computer..." option uses the NT hostname and secret within the PEAP/MSCHAP conversation. It would be difficult to make those AD hostnames/passwords available to freeradius, so freeradius must proxy these requests to a Microsoft Authentication Server. That is exactly what I'm doing, and it is working well enough... however I'm not happy about this forced dependence upon a Microsoft service, which has already shown some odd behavior and signs of unreliability. It bothers me that the great and flexible freeradius must bow to IAS. I would like to simply accept all of these requests, and assign them into the restricted vlan. I have no need to authenticate them against AD, or at all. My purpose is to have XP behave properly, not to authenticate some service account on each hosts. If only I could configure rlm_eap to always EAP-Accept these host/hostname.domainname requests, I could avoid this overly complex scenario. I haven't found configuration directives that would allow this. I cannot send an Accept-Accept, because the NAS is expecting an EAP-Accept. Does anyone know whether rlm_eap can be directed to immediately return success for an EAPOL-Start in an Access-Request packet? Thanks, Coates Carter University of Richmond, Virginia From freeradius-users@lists.freeradius.org Mon Oct 4 09:37:15 2004 From: freeradius-users@lists.freeradius.org (M.Cerqui - PUBLISHERIA) Date: Mon, 04 Oct 2004 10:37:15 +0200 Subject: Freeradius, Cisco Catalyst 2950, Windwos Domain Message-ID: <[EMAIL PROTECTED]> -Original Message- From: Alan DeKok [mailto:[EMAIL PROTECTED] Sent: Montag, 4. Oktober 2004 17:52 To: freeradius-users@lists.freeradius.org Subject: Re: Freeradius, Cisco Catalyst 2950, Windwos Domain "M.Cerqui - PUBLISHERIA" <[EMAIL PROTECTED]> wrote: > Are you sure with this? If cofnigured correctly, yes. > The catalyst and Freeradius don't even move a bit before a > successful windows login if I only use this "use user information > from windows login" option. So you've configured the AP && windows machine to NOT use FreeRADIUS for authentication. > Only when I activate "Authenticate as computer when information is > available" the Freeradius Server "does something" before a > successful login. Since you're not going to post the debug log to explain what "does something" means, even after you were asked to post it, I really help you. Alan DeKok. -Original Message- From freeradius-users@lists.freeradius.org Mon Oct 4 09:37:15 2004 From: freeradius-users@lists.freeradius.org (M.Cerqui - PUBLISHERIA) Date: Mon, 04
