RE: Help About Peap
Hi I have a problem with PEAP-RADIUS-AD. I follow the configuration that find in this link http://wiki.freeradius.org/FreeRADIUS_Active_Directory_Integration_HOWTO Samba configuration ok and test (wbinfo u) Kerberos ok and test (kinit user) Radius install and configuration in Solaris SPARC the version is 1.1.7 download of sunfreeware with all depences ( http://sunfreeware.com/programlistsparc10.html#openssl098 openssl-0.9.8k, http://sunfreeware.com/programlistsparc10.html#netsnmp netsnmp, http://sunfreeware.com/programlistsparc10.html#gdbm gdbm, http://sunfreeware.com/programlistsparc10.html#openldap openldap, http://sunfreeware.com/programlistsparc10.html#mysql mysql, http://sunfreeware.com/programlistsparc10.html#zlib zlib, http://sunfreeware.com/programlistsparc10.html#sasl sasl, http://sunfreeware.com/programlistsparc10.html#libtool libtool, http://sunfreeware.com/programlistsparc10.html#libgcc34 libgcc-3.4.6) installed Radius radtest ok When the XP try login respond radius login incorrect. Attach messages of the radius server files. Thanks in advance Ing. Julio Villacís G. Ingeniero de Servicios Comware S.A. (593 4) 2690170 Ext. 4500 www.comware.com.ec Guayaquil-Ecuador image001.jpgimage002.gifStarting - reading configuration files ... reread_config: reading radiusd.conf Config: including file: /usr/local/etc/raddb/proxy.conf Config: including file: /usr/local/etc/raddb/clients.conf Config: including file: /usr/local/etc/raddb/snmp.conf Config: including file: /usr/local/etc/raddb/eap.conf Config: including file: /usr/local/etc/raddb/sql.conf main: prefix = /usr/local main: localstatedir = /usr/local/var main: logdir = /usr/local/var/log/radius main: libdir = /usr/local/lib main: radacctdir = /usr/local/var/log/radius/radacct main: hostname_lookups = no main: snmp = no main: max_request_time = 30 main: cleanup_delay = 5 main: max_requests = 1024 main: delete_blocked_requests = 0 main: port = 0 main: allow_core_dumps = no main: log_stripped_names = no main: log_file = /usr/local/var/log/radius/radius.log main: log_auth = yes main: log_auth_badpass = yes main: log_auth_goodpass = yes main: pidfile = /usr/local/var/run/radiusd/radiusd.pid main: user = (null) main: group = (null) main: usercollide = no main: lower_user = no main: lower_pass = no main: nospace_user = no main: nospace_pass = no main: checkrad = /usr/local/sbin/checkrad main: proxy_requests = no proxy: retry_delay = 5 proxy: retry_count = 3 proxy: synchronous = no proxy: default_fallback = yes proxy: dead_time = 120 proxy: post_proxy_authorize = no proxy: wake_all_if_all_dead = no security: max_attributes = 200 security: reject_delay = 1 security: status_server = no main: debug_level = 0 read_config_files: reading dictionary read_config_files: reading naslist Using deprecated naslist file. Support for this will go away soon. read_config_files: reading clients read_config_files: reading realms radiusd: entering modules setup Module: Library search path is /usr/local/lib Module: Loaded exec exec: wait = yes exec: program = (null) exec: input_pairs = request exec: output_pairs = (null) exec: packet_type = (null) rlm_exec: Wait=yes but no output defined. Did you mean output=none? Module: Instantiated exec (exec) Module: Loaded expr Module: Instantiated expr (expr) Module: Loaded PAP pap: encryption_scheme = crypt pap: auto_header = no Module: Instantiated pap (pap) Module: Loaded CHAP Module: Instantiated chap (chap) Module: Loaded MS-CHAP mschap: use_mppe = yes mschap: require_encryption = no mschap: require_strong = no mschap: with_ntdomain_hack = yes mschap: passwd = (null) mschap: ntlm_auth = /usr/sfw/bin/ntlm_auth --request-nt-key --domainname=%(mschap:NT-Domain:-CTG) --username=%{mschap:User-Name:-None} --challenge=%{mschap:Challenge:-00} --nt-response=%{mschap:NT-Response:-00} Module: Instantiated mschap (mschap) exec: wait = yes exec: program = /usr/sfw/bin/ntlm_auth ntlm_auth --request-nt-key --domain=CTG --username=%{mschap:User-Name} --password=%{User-Password} exec: input_pairs = request exec: output_pairs = (null) exec: packet_type = (null) rlm_exec: Wait=yes but no output defined. Did you mean output=none? Module: Instantiated exec (ntlm_auth) Module: Loaded System unix: cache = no unix: passwd = (null) unix: shadow = (null) unix: group = (null) unix: radwtmp = /usr/local/var/log/radius/radwtmp unix: usegroup = no unix: cache_reload = 600 Module: Instantiated unix (unix) Module: Loaded eap eap: default_eap_type = ttls eap: timer_expire = 60 eap: ignore_unknown_eap_types = no eap: cisco_accounting_username_bug = no rlm_eap: Loaded and initialized type md5 rlm_eap: Loaded and initialized type leap gtc: challenge = Password: gtc: auth_type = PAP rlm_eap: Loaded and initialized type gtc tls: rsa_key_exchange = no tls: dh_key_exchange = yes tls: rsa_key_length = 512 tls: dh_key_length = 512
RE: Help About Peap
Hi I have a problem with PEAP-RADIUS-AD. I follow the configuration that find in this link http://wiki.freeradius.org/FreeRADIUS_Active_Directory_Integration_HOWTO Samba configuration ok and test (wbinfo u) Kerberos ok and test (kinit user) Radius radtest ok When the XP try login respond radius login incorrect. Attach messages of the radius server files. You have stripped the username and broken EAP. That is not in the manual. Ivan Kalik Kalik Informatika ISP - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: Help About Peap
Hi The configuration was done as this in the document, I can send the file of configuration of radiusd.conf? Ing. Julio Villacís G. Ingeniero de Servicios Comware S.A. (593 4) 2690170 Ext. 4500 www.comware.com.ec Guayaquil-Ecuador -Mensaje original- De: Ivan Kalik [mailto:t...@kalik.net] Enviado el: Thursday, July 23, 2009 8:16 AM Para: jvill...@comware.com.ec; FreeRadius users mailing list Asunto: RE: Help About Peap Hi I have a problem with PEAP-RADIUS-AD. I follow the configuration that find in this link http://wiki.freeradius.org/FreeRADIUS_Active_Directory_Integration_HOWTO Samba configuration ok and test (wbinfo ?u) Kerberos ok and test (kinit user) Radius radtest ok When the XP try login respond radius login incorrect. Attach messages of the radius server files. You have stripped the username and broken EAP. That is not in the manual. Ivan Kalik Kalik Informatika ISP - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re : Help Using PEAP with Unix Password
use smbpasswd and mschap == Benjamin K. Eshun - Message d'origine De : Alan DeKok [EMAIL PROTECTED] À : FreeRadius users mailing list freeradius-users@lists.freeradius.org Envoyé le : Dimanche, 12 Août 2007, 15h11mn 02s Objet : Re: Help Using PEAP with Unix Password Duc Nguyen wrote: I'm running FreeRadius 1.0.1-3 I suggest upgrading to a recent version. So my question is: Is PEAP with unix password is possible? No. http://deployingradius.com/documents/protocols/compatibility.html Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html _ Ne gardez plus qu'une seule adresse mail ! Copiez vos mails vers Yahoo! Mail - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Help Using PEAP with Unix Password
Duc Nguyen wrote: I'm running FreeRadius 1.0.1-3 I suggest upgrading to a recent version. So my question is: Is PEAP with unix password is possible? No. http://deployingradius.com/documents/protocols/compatibility.html Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Help Using PEAP with Unix Password
Duc Nguyen wrote: Hi, I'm running FreeRadius 1.0.1-3 on CentOS4 and I'm trying to configure my wireless network to authenticate users with PEAP-MSCHAPv2 using their unix username/password. Here are some of the things that I did: - I set the deafult eap type in eap.conf to be peap and set peap to use mschapv2 - I also configured the ms-chap module in the modules section in radiusd.conf file and enabled mschap in the authorize section in radiusd.conf. Based on the debugging log when I ran /usr/sbin/radius -X, I could see that my username matched the DEFAULT that was the system user. However, it did not authenticate. In the mschap module of the radiusd.conf file, I also tried using a different authtype to override the default MS-CHAP, but that didn't work either. I even tried using the etc_smbpasswd module that they have(not in the mschap module but outside of it and enabled it in the authorize section) but that didn't work either. From what I understand and I maybe wrong on this, with PEAP, I don't have to use certificates with the clients so I didn't copy any certificate to the client laptop. I'm pretty much out of ideas to try. The one time that it did work was when I have the username and password in clear text in the radius users file. So my question is: Is PEAP with unix password is possible? Has anyone done this? If so, can you shed some light on this topic or point me to a tutorial somewhere? I haven't found any that pertains to this particular topic yet. No. PEAP uses MsCHAPv2 for inner encryption and so requires NT4Hash or Cleartext password. Thanks in advance for any help -duc - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Help: eap/peap + 8021x + freeradius + Win2k3/AD
Hangjun He wrote: * I have no samba installed in my linux.* Then you won't get PEAP to work with AD. There's a reason the howto's say to use Samba: it's needed. *3.eap/peap + 8021x + freeradius + Win2k3/AD* *When I auth the Winxp user access to switch. It failed. Even if I set Authenticate type to ldap or not, why?? * Because AD is not an LDAP server. Install Samba. Follow the howto's. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
回复: Re: Help: eap/peap + 8021x + freeradius + Win2k3/AD
Thanks Alan DeKok. But there are no enough memory on my linux system to install samba. What should I do? John Alan DeKok [EMAIL PROTECTED] 写道: Hangjun He wrote: * I have no samba installed in my linux.* Then you won't get PEAP to work with AD. There's a reason the howto's say to use Samba: it's needed. *3.eap/peap + 8021x + freeradius + Win2k3/AD* * When I auth the Winxp user access to switch. It failed. Even if I set Authenticate type to ldap or not, why?? * Because AD is not an LDAP server. Install Samba. Follow the howto's. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - 抢注雅虎免费邮箱3.5G容量,20M附件! - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
回复: Re: Help: eap/peap + 8021x + freeradius + Win2k3/AD
Can I start ldap-auth after eap authenticate failed..just like radclient. Hangjun He [EMAIL PROTECTED] 写道: Thanks Alan DeKok. But there are no enough memory on my linux system to install samba. What should I do? John Alan DeKok [EMAIL PROTECTED] 写道: Hangjun He wrote: * I have no samba installed in my linux.* Then you won't get PEAP to work with AD. There's a reason the howto's say to use Samba: it's needed. *3.eap/peap + 8021x + freeradius + Win2k3/AD* * When I auth the Winxp user access to switch. It failed. Even if I set Authenticate type to ldap or not, why?? * Because AD is not an LDAP server. Install Samba. Follow the howto's. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - 抢注雅虎免费邮箱3.5G容量,20M附件! - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - 抢注雅虎免费邮箱3.5G容量,20M附件! - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Help: eap/peap + 8021x + freeradius + Win2k3/AD
Hangjun He [EMAIL PROTECTED] said: But there are no enough memory on my linux system to install samba. What should I do? Install more memory. As Alan said, you have to have Samba to do what you want to do. John -- hugh - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Help with peap-eap/mschapv2
adreas Polyxronopoulos wrote: rad_recv: Access-Request packet from host 10.0.0.10:3794, id=160, length=132 NAS-IP-Address = 10.0.0.10 NAS-Port-Type = Wireless-802.11 NAS-Port = 1 Framed-MTU = 1400 User-Name = someone Calling-Station-Id = 00166f122595 Called-Station-Id = 000d545c4190 NAS-Identifier = 3Com Access Point EAP-Message = 0x0201000c01736f6d656f6e65 Message-Authenticator = 0x160e121c6c28afb7f18ee9f0862390d0 Processing the authorize section of radiusd.conf modcall: entering group authorize for request 0 modcall[authorize]: module preprocess returns ok for request 0 modcall[authorize]: module mschap returns noop for request 0 rlm_realm: No '@' in User-Name = someone, looking up realm NULL rlm_realm: No such realm NULL modcall[authorize]: module suffix returns noop for request 0 rlm_eap: EAP packet type response id 1 length 12 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module eap returns updated for request 0 users: Matched entry DEFAULT at line 155 users: Matched entry someone at line 219 modcall[authorize]: module files returns ok for request 0 modcall: leaving group authorize (returns updated) for request 0 rad_check_password: Found Auth-Type Local Don't set Auth-Type to Local. Don't set it to anything in fact. In 99% of cases, a correctly configured server will set it just fine itself, and attempting to fiddle with it will break things. Most likely one of the two entries in the users file in line 155 or 219 is causing it to break. Your users file only needs: usernameUser-Password := thepassword - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Help with peap-eap/mschapv2
Hi, I am trying to set up freeradius-1.1.3 for a wlan using peap - eap/mschapv2. I have downloaded the source of freeradius-1.1.3 and compile it (./configure , make , make install). My wireless supplicant is on windows xp SP2. I use users file for authentication . that wont work easily. Why the authentication of someone user failed ? What does it means : module mschap returns noop for request 0 ? Is it important debug info ? do you have the NT hash in the users files as their entry? have you enabled NT domain hack? alan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Help with PEAP
Hi, Someone have idea about this problem?? Thanks for help me, Israel. Israel Fabio Alves wrote: Hi, If I do tests without domain, the authentication run OK. If I do tests with user + password + domain, occur the information bellow: tcpdump -n -i eth0 -vv -s 0 -X udp and \( port 1812 or port 1813 \) 19:41:06.403013 172.22.2.32.2064 172.22.2.150.1812: [udp sum ok] rad-access-req 98 [id 99] Attr[ [EMAIL PROTECTED] EAP_msg{..} NAS_ipaddr{172.22.2.32} Service_type{Login} Calling_station{0.0.0.0} NAS_port_type{Ethernet} Message_auth{Y[ZLFIb..'.} ] (ttl 30, id 38919, len 126) 0x 4500 007e 9807 1e11 a785 ac16 0220E..~ 0x0010 ac16 0296 0810 0714 006a 1477 0163 0062.j.w.c.b 0x0020 0ce1 0e32 7afc 2694...2..z 0x0030 010e 6973 7261 656c 4054 4553 5445 4f13[EMAIL PROTECTED] 0x0040 0206 0011 0154 4553 5445 5c69 7372 6165.TESTE\israe 0x0050 6c04 06ac 1602 2006 0600 011f 0930l..0 0x0060 2e30 2e30 2e30 3d06 000f 5012 595b.0.0.0=.P.Y[ 0x0070 dea3 eef7 5a4c 4649 62ef 8327 083c ZLFIb..'. 19:41:06.410197 172.22.2.150.1812 172.22.2.32.2064: [udp sum ok] rad-access-reject 20 [id 99] (DF) (ttl 64, id 0, len 48) 0x 4500 0030 4000 4011 ddda ac16 0296[EMAIL PROTECTED]@... 0x0010 ac16 0220 0714 0810 001c 446d 0363 0014..Dm.c.. 0x0020 8e98 4517 d1fc ace0 55b2 f401 e0da ceae..E.U... /usr/local/radius/sbin/radiusd -X -A Ready to process requests. rad_recv: Access-Request packet from host 172.22.2.32:2065, id=86, length=98 User-Name = [EMAIL PROTECTED] EAP-Message = 0x020700110154455354455c69737261656c NAS-IP-Address = 172.22.2.32 Service-Type = Login-User Calling-Station-Id = 0.0.0.0 NAS-Port-Type = Ethernet Message-Authenticator = 0x7b08967cac1e313a1c8f7b19dd4932dc Processing the authorize section of radiusd.conf modcall: entering group authorize for request 0 modcall[authorize]: module preprocess returns ok for request 0 modcall[authorize]: module chap returns noop for request 0 modcall[authorize]: module mschap returns noop for request 0 rlm_realm: Looking up realm TESTE for User-Name = [EMAIL PROTECTED] rlm_realm: Found realm TESTE rlm_realm: Adding Stripped-User-Name = israel rlm_realm: Proxying request from user israel to realm TESTE rlm_realm: Adding Realm = TESTE rlm_realm: Preparing to proxy authentication request to realm TESTE modcall[authorize]: module TESTE returns updated for request 0 rlm_eap: Request is supposed to be proxied to Realm TESTE. Not doing EAP. modcall[authorize]: module eap returns noop for request 0 users: Matched entry israel at line 216 modcall[authorize]: module files returns ok for request 0 modcall: group authorize returns updated for request 0 Processing the pre-proxy section of radiusd.conf modcall: entering group pre-proxy for request 0 radius_xlat: '/usr/local/radius/var/log/radius/radacct/172.22.2.32/pre-proxy-detail-20050314' rlm_detail: /usr/local/radius/var/log/radius/radacct/%{Client-IP-Address}/pre-proxy-detail-%Y%m%d expands to /usr/local/radius/var/log/radius/radacct/172.22.2.32/pre-proxy-detail-20050314 modcall[pre-proxy]: module pre_proxy_log returns ok for request 0 modcall: group pre-proxy returns ok for request 0 Sending Access-Request of id 0 to 127.0.0.1:1812 User-Name = israel EAP-Message = 0x020700110154455354455c69737261656c NAS-IP-Address = 172.22.2.32 Service-Type = Login-User Calling-Station-Id = 0.0.0.0 NAS-Port-Type = Ethernet Message-Authenticator = 0x Proxy-State = 0x3836 --- Walking the entire request list --- Waking up in 6 seconds... rad_recv: Access-Request packet from host 127.0.0.1:1814, id=0, length=96 User-Name = israel EAP-Message = 0x020700110154455354455c69737261656c NAS-IP-Address = 172.22.2.32 Service-Type = Login-User Calling-Station-Id = 0.0.0.0 NAS-Port-Type = Ethernet Message-Authenticator = 0xb8f016bb4a4bdd82c395a5f43d058bb1 Proxy-State = 0x3836 Processing the authorize section of radiusd.conf modcall: entering group authorize for request 1 modcall[authorize]: module preprocess returns ok for request 1 modcall[authorize]: module chap returns noop for request 1 modcall[authorize]: module mschap returns noop for request 1 rlm_realm: No '@' in User-Name = israel, looking up realm NULL rlm_realm: No such realm NULL modcall[authorize]: module TESTE returns noop for request 1 rlm_eap: EAP packet type response id 7 length 17 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module eap returns updated for request 1 users: Matched entry israel at line 216 modcall[authorize]: module
Re: Help with PEAP
On Mon, Mar 14, 2005, Israel Fabio Alves wrote: rlm_realm: Looking up realm TESTE for User-Name = [EMAIL PROTECTED] rlm_realm: Found realm TESTE rlm_realm: Adding Stripped-User-Name = israel rlm_realm: Proxying request from user israel to realm TESTE rlm_realm: Adding Realm = TESTE rlm_realm: Preparing to proxy authentication request to realm TESTE modcall: group pre-proxy returns ok for request 0 Sending Access-Request of id 0 to 127.0.0.1:1812 That's weird. It seems that freeradius proxies the request to itself when it finds the realm. I don't know how and against what you want to authenticate, but that is probably not the desired behavior. I use PEAP + MSCHAPv2 with login/password authentication against the NT domain controlers. I don't know if that is exactly what you want to do or not, but teh relevant configuration files are available at http://ramiel.via.ecp.fr/~endy/config-radius.tar.gz if you want to have a look. hth, -- Endy - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Help with PEAP
Hi, I need help to configure Freeradius to authenticate Windows XP users with PEAP + MSCHAPV2. I need authenticate users using the username + password + domain. There is someone that run this that can help me?? Very thanks, Israel. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Help with PEAP
Hi, If I do tests without domain, the authentication run OK. If I do tests with user + password + domain, occur the information bellow: tcpdump -n -i eth0 -vv -s 0 -X udp and \( port 1812 or port 1813 \) 19:41:06.403013 172.22.2.32.2064 172.22.2.150.1812: [udp sum ok] rad-access-req 98 [id 99] Attr[ [EMAIL PROTECTED] EAP_msg{..} NAS_ipaddr{172.22.2.32} Service_type{Login} Calling_station{0.0.0.0} NAS_port_type{Ethernet} Message_auth{Y[ZLFIb..'.} ] (ttl 30, id 38919, len 126) 0x 4500 007e 9807 1e11 a785 ac16 0220E..~ 0x0010 ac16 0296 0810 0714 006a 1477 0163 0062.j.w.c.b 0x0020 0ce1 0e32 7afc 2694...2..z 0x0030 010e 6973 7261 656c 4054 4553 5445 4f13[EMAIL PROTECTED] 0x0040 0206 0011 0154 4553 5445 5c69 7372 6165.TESTE\israe 0x0050 6c04 06ac 1602 2006 0600 011f 0930l..0 0x0060 2e30 2e30 2e30 3d06 000f 5012 595b.0.0.0=.P.Y[ 0x0070 dea3 eef7 5a4c 4649 62ef 8327 083c ZLFIb..'. 19:41:06.410197 172.22.2.150.1812 172.22.2.32.2064: [udp sum ok] rad-access-reject 20 [id 99] (DF) (ttl 64, id 0, len 48) 0x 4500 0030 4000 4011 ddda ac16 0296[EMAIL PROTECTED]@... 0x0010 ac16 0220 0714 0810 001c 446d 0363 0014..Dm.c.. 0x0020 8e98 4517 d1fc ace0 55b2 f401 e0da ceae..E.U... /usr/local/radius/sbin/radiusd -X -A Ready to process requests. rad_recv: Access-Request packet from host 172.22.2.32:2065, id=86, length=98 User-Name = [EMAIL PROTECTED] EAP-Message = 0x020700110154455354455c69737261656c NAS-IP-Address = 172.22.2.32 Service-Type = Login-User Calling-Station-Id = 0.0.0.0 NAS-Port-Type = Ethernet Message-Authenticator = 0x7b08967cac1e313a1c8f7b19dd4932dc Processing the authorize section of radiusd.conf modcall: entering group authorize for request 0 modcall[authorize]: module preprocess returns ok for request 0 modcall[authorize]: module chap returns noop for request 0 modcall[authorize]: module mschap returns noop for request 0 rlm_realm: Looking up realm TESTE for User-Name = [EMAIL PROTECTED] rlm_realm: Found realm TESTE rlm_realm: Adding Stripped-User-Name = israel rlm_realm: Proxying request from user israel to realm TESTE rlm_realm: Adding Realm = TESTE rlm_realm: Preparing to proxy authentication request to realm TESTE modcall[authorize]: module TESTE returns updated for request 0 rlm_eap: Request is supposed to be proxied to Realm TESTE. Not doing EAP. modcall[authorize]: module eap returns noop for request 0 users: Matched entry israel at line 216 modcall[authorize]: module files returns ok for request 0 modcall: group authorize returns updated for request 0 Processing the pre-proxy section of radiusd.conf modcall: entering group pre-proxy for request 0 radius_xlat: '/usr/local/radius/var/log/radius/radacct/172.22.2.32/pre-proxy-detail-20050314' rlm_detail: /usr/local/radius/var/log/radius/radacct/%{Client-IP-Address}/pre-proxy-detail-%Y%m%d expands to /usr/local/radius/var/log/radius/radacct/172.22.2.32/pre-proxy-detail-20050314 modcall[pre-proxy]: module pre_proxy_log returns ok for request 0 modcall: group pre-proxy returns ok for request 0 Sending Access-Request of id 0 to 127.0.0.1:1812 User-Name = israel EAP-Message = 0x020700110154455354455c69737261656c NAS-IP-Address = 172.22.2.32 Service-Type = Login-User Calling-Station-Id = 0.0.0.0 NAS-Port-Type = Ethernet Message-Authenticator = 0x Proxy-State = 0x3836 --- Walking the entire request list --- Waking up in 6 seconds... rad_recv: Access-Request packet from host 127.0.0.1:1814, id=0, length=96 User-Name = israel EAP-Message = 0x020700110154455354455c69737261656c NAS-IP-Address = 172.22.2.32 Service-Type = Login-User Calling-Station-Id = 0.0.0.0 NAS-Port-Type = Ethernet Message-Authenticator = 0xb8f016bb4a4bdd82c395a5f43d058bb1 Proxy-State = 0x3836 Processing the authorize section of radiusd.conf modcall: entering group authorize for request 1 modcall[authorize]: module preprocess returns ok for request 1 modcall[authorize]: module chap returns noop for request 1 modcall[authorize]: module mschap returns noop for request 1 rlm_realm: No '@' in User-Name = israel, looking up realm NULL rlm_realm: No such realm NULL modcall[authorize]: module TESTE returns noop for request 1 rlm_eap: EAP packet type response id 7 length 17 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module eap returns updated for request 1 users: Matched entry israel at line 216 modcall[authorize]: module files returns ok for request 1 modcall: group authorize returns updated for request 1