Hi, Very strange I didn't get this email ?
See my comments below: > > Thibault Le Meur ha scritto: > >> >> But the output now is: > >> >> > >> >> rad_recv: Access-Request packet from host > 127.0.0.1:1030, id=65, > >> >> length=54 > >> >> Service-Type = Framed-User > >> >> Framed-Protocol = PPP > >> >> User-Name = "peppeska" > >> >> NAS-IP-Address = 127.0.0.1 > >> >> NAS-Port = 0 > >> >> > >> >> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ > >> >> - ->Where is User-Password attribute? > >> >> - ------------------------------------------------ > > > > > > A good question indeed, that one should be asked to your NAS ;-) > > > > > > It's up to the NAS to send User-Password: unless it is setup to do > something > > > else (for instance MSCHAP). > > > > > > Have you setup ppp to use mschap (require-mschap-v2 option) ? Are > > > you using the radiusclient library ? > > refuse-pap > refuse-chap > require-mschap > require-mschap-v2 > require-mppe Ok so that your NAS don't have to send User-Password but a MS-CHAP challenge instead: that's what I thought. > > > If yes, could you check that you radiusclient dictionnary file > > > includes Microsoft attributes: > > > * check the "dictionary <path-to-dict-file>" line of > > > /etc/radiusclient-ng/radiusclient.conf file (or > > > /etc/radiusclient/radiusclient.conf file) > > > * check that the file <path-to-dict-file> contains a reference to > > > other dictionnary files such as: INCLUDE > > > /usr/share/radiusclient-ng/dictionary.merit > > > INCLUDE /usr/share/radiusclient-ng/dictionary.microsoft > > > * check that you have these 2 extra dictionnary files (especially > > > the microsoft one) ==> I've attached the two files > > in my radiusclient.conf there is: > > # dictionary of allowed attributes and values > # just like in the normal RADIUS distributions > dictionary /etc/radiusclient/dictionary > > and in the dictonary file: > $INCLUDE /etc/radiusclient/dictionary.microsoft > $INCLUDE /etc/radiusclient/dictionary.ascend > $INCLUDE /etc/radiusclient/dictionary.compat > $INCLUDE /etc/radiusclient/dictionary.merit > $INCLUDE /usr/share/freeradius/dictionary Don't write "$INCLUDE" but "INCLUDE" without the "$": this is the syntax for radiusclient. > But... whitout declaretion of Default Auth-Type in the users file: > > rlm_ldap: user peppeska authorized to use remote access > rlm_ldap: ldap_release_conn: Release Id: 0 > modcall[authorize]: module "ldap" returns ok for request 0 > modcall: leaving group authorize (returns ok) for request 0 > auth: No authenticate method (Auth-Type) configuration found for the > request: Rejecting the user > auth: Failed to validate the user. > Login incorrect: [peppeska/<no User-Password attribute>] > (from client localhost port 0) Delaying request 0 for 1 > seconds Finished request 0 Sure, because Auth-Type must be set to MS-CHAP (automatically, don't use Auth-Type:=): this will be the case if FR receives MS-CHAP challenge. But this can work only if radiusclient knows the MS-CHAP Radius attributes, which is not the case for the momenet (see above the INCLUDE issue). Regards, Thibault - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html