Re: Wimax VSA support
katro kar wrote: Does the latest 2.0-pre of freeradius support parsing of wimax VSA attributes ? No. If it is not (I feel it is not supported yet, as i could not see any dictionary for wimax vsa), is there any plans or work in progress to implement it ? There are no plans to support it. i.e. If someone sends in a patch, or supports the feature via some other method, then it will go in. Another question is, does the wimax forum dictate what to be done with these attributes in radius server ? Yes. The WiMAX NWG specification has detailed requirements. You need to be a member of the WiMAX forum to obtain the specifications, I believe. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Freeradius logging w/syslog
[EMAIL PROTECTED] wrote: I'm running freeradius 1.0.1 Why? Upgrade. Now. on CentOS 4.4 and I'm trying to get the radius to log to a syslog server. I followed the example Syslog_HOWTO but its not working. I was hoping that someone else might know the answer / fix. Upgrade. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: rlm_passwd pulling file?
Joe Mom wrote: looking for some sort of indication that the radius.conf file is working. I've created a section in the radius.conf file under modules as per man rlm_passwd Did you list the tovc_group entry in the authorize section? Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: [Fwd: Re: rlm_perl (threads) performance question]
Apostolos Pantsiopoulos wrote: Well, yes that has been my main concern I must admit... because I have seen so many replies in the mailing list urging people to make the backend DB faster (and concentrating on that aspect alone when the server performs poorly). There are many factors to consider in tuning a system. A RADIUS server all by itself can handle 5k requests/s, if it doesn't access DB's or any files. A stand-along DB client can do 1000's of reads/s all by itself. The combination of the two does NOT necessarily get the best of both... i.e. 1000's of reads/s through RADIUS. Interaction effects mean that the maximum throughput is LESS than the maximum throughput of each piece in isolation. Find out what else is stopping the server from processing requests. Is there ANYTHING you have configured other than your Perl script? If so, that may be the issue. I''ll re-check it. Run cachegrind to see where all of the CPU time is spent. It won't count sleeping (or waiting for network activity), so the times may be somewhat misleading. But it may help. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Using freeradius and 802.1x for dynamic VLAN
Arran Cudbard-Bell wrote: Not true, see HPs Open VLAN feature. The NAS may also request that the supplicant be put into a certain VLAN based on the static VLAN assignment on the port the supplicant is connecting to. Wild. I hadn't seen that before. In any case, the original poster hasn't configured a check vlan policy, and hasn't showed via radiusd -X that the client is in fact sending vlan information. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Set freeradius attribute value
Hi, all I want to store a value in freeradius, and change it sometimes by radius request. I think there must be some attributes in freeradius which client can change or get its value by request. How can I implement it? Please give me some solutions or advice. Or give me some key points. Thanks very much. Rock - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: [Fwd: Re: rlm_perl (threads) performance question]
I have a clue, maybe your client is not able to do more requests or your configuration on client side is wrong. Best Regards, Boian Jordanov SNE Orbitel - Next Generation Telecom tel. +359 2 4004 723 tel. +359 2 4004 002 On Oct 17, 2007, at 9:17 AM, Alan DeKok wrote: Apostolos Pantsiopoulos wrote: Well, yes that has been my main concern I must admit... because I have seen so many replies in the mailing list urging people to make the backend DB faster (and concentrating on that aspect alone when the server performs poorly). There are many factors to consider in tuning a system. A RADIUS server all by itself can handle 5k requests/s, if it doesn't access DB's or any files. A stand-along DB client can do 1000's of reads/s all by itself. The combination of the two does NOT necessarily get the best of both... i.e. 1000's of reads/s through RADIUS. Interaction effects mean that the maximum throughput is LESS than the maximum throughput of each piece in isolation. Find out what else is stopping the server from processing requests. Is there ANYTHING you have configured other than your Perl script? If so, that may be the issue. I''ll re-check it. Run cachegrind to see where all of the CPU time is spent. It won't count sleeping (or waiting for network activity), so the times may be somewhat misleading. But it may help. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/ users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE : Re: Wimax VSA support
Another question is, does the wimax forum dictate what to be done with these attributes in radius server ? Yes. The WiMAX NWG specification has detailed requirements. You need to be a member of the WiMAX forum to obtain the specifications, I believe. Since v1, the specifications are freely available on WiMAX forum web site: http://www.wimaxforum.org/technology/documents/ Geoff. _ Ne gardez plus qu'une seule adresse mail ! Copiez vos mails vers Yahoo! Mail - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: problem in integeration with poptop
hadi golestani wrote: I've add that line and comment ntlm line but still some error( tnx god it's not the same error) my radtest syntax: radtest root rootpassword localhost.localdomain 1645 testing123 modcall[authorize]: module files returns ok for request 4 sigh You deleted most of the debug log. If you don't know what the problem is, you don't know what's important in the debug log, and what's not important. rlm_pap: WARNING! No known good password found for the user. Authentication may fail because of this. modcall[authorize]: module pap returns noop for request 4 modcall: leaving group authorize (returns ok) for request 4 rad_check_password: Found Auth-Type System auth: type System So you didn't put the entry at the TOP of the users file. The FAQ contains instructions for getting simple PAP authentication working. It's really not hard. i've attached radius.conf and users and output of debug mode for both radtest and vpn client. Why? The problem is simple: you haven't followed the instructions in the FAQ for PAP authentication. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Problem with LDAP and Groups
Huntgroups file packeteer_read_only NAS-IP-Address == 10.17.69.12 Delete this. Users file 165 DEFAULT Huntgroup-Name == packeteer_read_only,Ldap-Group == packeteer_read_only,User-Profile := uid=packeteer_read_only,ou=profiles,ou=radius,dc=csctus,dc=net, Auth-Type := LDAP 166 Fall-Through = no Change it to: DEFAULT Huntgroup-Name == packeteer,Ldap-Group == packeteer_read_only,User-Profile := uid=packeteer_read_only,ou=profiles,ou=radius,dc=csctus,dc=net, Auth-Type := LDAP That's what I was on about overlaping groups and devices. Just don't have userA (B or any other) in both packeteer groups and it will work fine. Ivan Kalik Kalik Informatika ISP - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: problem in integeration with poptop
It's Cleartext not Clertext for the password attribute. Ivan Kalik Kalik Informatika ISP - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: problem in integeration with poptop
I know that it's taking too much , but plz accept my apologize 'cause I a little confused and have no time(sorry to say that and I know that it's not a commercial community so plz don't be angry at me). I've add the below line at the top of the users file. root Cleartext-Password := myRealRootPassword because this is the real root / root's password of my linux, this line in debug 'cause that access-accept via radtest modcall: entering group authenticate for request 0 modcall[authenticate]: module unix returns ok for request 0 modcall: leaving group authenticate (returns ok) for request 0 Sending Access-Accept of id 219 to 127.0.0.1 port 32772 but when I've changed it to e.g. test / testpass old error occurred. and when I try to connect from vpn client even for root / root's real password the access has been rejected with this debug output: modcall: entering group MS-CHAP for request 1 rlm_mschap: No User-Password configured. Cannot create LM-Password. rlm_mschap: No User-Password configured. Cannot create NT-Password. rlm_mschap: Told to do MS-CHAPv2 for root with NT-Password rlm_mschap: FAILED: No NT/LM-Password. Cannot perform authentication. rlm_mschap: FAILED: MS-CHAP2-Response is incorrect modcall[authenticate]: module mschap returns reject for request 1 modcall: leaving group MS-CHAP (returns reject) for request 1 auth: Failed to validate the user. why radiusd said No User-Password configured? Does it mean that password is not received from pptpd? tnx a lot. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: problem in integeration with poptop
hadi golestani wrote: I know that it's taking too much , but plz accept my apologize 'cause I a little confused and have no time(sorry to say that and I know that it's not a commercial community so plz don't be angry at me). If cannot make the time to understand the problem and solution, you won't be very successful in fixing it. I've add the below line at the top of the users file. root Cleartext-Password := myRealRootPassword because this is the real root / root's password of my linux, this line in debug 'cause that access-accept via radtest modcall: entering group authenticate for request 0 modcall[authenticate]: module unix returns ok for request 0 Then it's not using the entry you configured. modcall: leaving group authenticate (returns ok) for request 0 Sending Access-Accept of id 219 to 127.0.0.1 http://127.0.0.1 port 32772 but when I've changed it to e.g. test / testpass old error occurred. sigh You're not posting the full debug log, as suggested in the FAQ, README, INSTALL, etc. You're probably also massively editing radiusd.conf. STOP IT. Start with the default configuration files, and follow the FAQ to add a test account in the users file. Follow the FAQ to check that the account works, via radtest. Then, login from the VPN client using that test account. If it doesn't work, I will be shocked. Again, most of the problems you see are because you are editing the configuration without understanding what you're doing. The default configuration is designed to work in the widest possible set of circumstances, with minimum changes required to get ANYTHING to work. I feel like putting that in letters 10 feet high in the FAQ, README, etc. But somehow I think there will still be people who won't bother reading them. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
accounting update
I'm trying to do something like http://www.netexpertise.eu/en/FreeRadius/DailyAcct.html this tutorial so that traffic is collected at a regular intervals. The only thing is that they use a cisco router, which has some shell command configuration (I suppose?), anyway, I don't think my router supports the aaa accounting update commands, neither it has many configuration options. Is there any way to work around this. Freeradius server and client run on a linux computer, with apache, and chillispot(for web based login). Greetz Daan EDIT: Could someone post me some more info about the Acct-Interim-Interval command, how this works and if this could be a workaround for traffic collection on a regular base. I saw on this site how someone did this. I use freeradius MySQL. I am able to set frequency of acct update by setting attribute Acct-Interim-Interval in rad[group]reply table to number of seconds between updates. but I'd like to have some more detailed instructions on what to do. Thanks in advance -- View this message in context: http://www.nabble.com/accounting-update-tf4635760.html#a13238963 Sent from the FreeRadius - User mailing list archive at Nabble.com. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: stuck with no errors
K, so i switched to Cleartext-Password for testing purposes. and I am testing with radiusd -X here is the bit that is failing. rad_recv: Access-Request packet from host 127.0.0.1:32768, id=22, length=62 User-Name = 5198546373 User-Password = 123 NAS-IP-Address = 255.255.255.255 NAS-Port = 10 Processing the authorize section of radiusd.conf modcall: entering group authorize for request 1 modcall[authorize]: module preprocess returns ok for request 1 modcall[authorize]: module chap returns noop for request 1 modcall[authorize]: module mschap returns noop for request 1 rlm_eap: No EAP-Message, not doing EAP modcall[authorize]: module eap returns noop for request 1 users: Matched entry DEFAULT at line 153 modcall[authorize]: module files returns ok for request 1 rlm_passwd: Added Cleartext-Password: '123' to config_items modcall[authorize]: module tcovc_group returns ok for request 1 rlm_pap: Found existing Auth-Type, not changing it. modcall[authorize]: module pap returns noop for request 1 modcall: leaving group authorize (returns ok) for request 1 rad_check_password: Found Auth-Type System auth: type System ERROR: Unknown value specified for Auth-Type. Cannot perform requested action. auth: Failed to validate the user. according to documentation I shouldnt be using an auth-type anymore. On 10/17/07, Stefan Winter [EMAIL PROTECTED] wrote: Hi, i need to know either, how to get a more verbose log so i can tell what it is i'm doing wrong or simply what is wrong with the statement: radiusd -X, as is well documented in lots of places. passwd pull_export { filename = /home/ftpuser/export.txt format = *User-Name:Crypt-Password } You don't use Crypt-Passwords, so saying that the file contains Crypt-Passwords seems not so wise. What you are looking for is format = *User-Name:MD5-Password I believe. Stefan -- Stefan WINTER Stiftung RESTENA - Réseau Téléinformatique de l'Education Nationale et de la Recherche Ingenieur Forschung Entwicklung 6, rue Richard Coudenhove-Kalergi L-1359 Luxembourg E-Mail: [EMAIL PROTECTED] Tel.: +352 424409-1 http://www.restena.lu Fax: +352 422473 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- Regards Joe - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: stuck with no errors
Joe Mom wrote: K, so i switched to Cleartext-Password for testing purposes. ... users: Matched entry DEFAULT at line 153 Delete that entry from the users file. It is setting Auth-Type to System. rlm_pap: Found existing Auth-Type, not changing it. Once the above entry is deleted, it SHOULD just work. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: mod_auth_radius
On 7/19/07, Alan DeKok [EMAIL PROTECTED] wrote: Rascher, Markus wrote: # service httpd start Starting httpd: httpd: Syntax error on line 205 of /etc/httpd/conf/httpd.conf: Cannot load /usr/lib/httpd/modules/mod_auth_radius-2.0.so into server: /usr/lib/httpd/modules/mod_auth_radius-2.0.so: undefined symbol: ap_snprintf There are patches to make the module build with newer versions of Apache. They should really be applied, but I've been busy with other things. Once that's done, a new version of the module should be released. Or are the patches are available somewhere and can be applied? Any idea on a time-frame for a new release? thanks, nick -- Nick Owen WiKID Systems, Inc. 404.962.8983 http://www.wikidsystems.com Commercial/Open Source Two-Factor Authentication - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: stuck with no errors
eureka!!! the culprit was the line in users that stated # # First setup all accounts to be checked against the UNIX /etc/passwd. # (Unless a password was already given earlier in this file). # #DEFAULTAuth-Type = System # Fall-Through = 1 now i just gotta get the md5 working, but thats another story for another thread :P thanks for the help Alan On 10/17/07, Alan DeKok [EMAIL PROTECTED] wrote: Joe Mom wrote: K, so i switched to Cleartext-Password for testing purposes. ... users: Matched entry DEFAULT at line 153 Delete that entry from the users file. It is setting Auth-Type to System. rlm_pap: Found existing Auth-Type, not changing it. Once the above entry is deleted, it SHOULD just work. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- Regards Joe - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
ssh, pam, radius not playing nicely
We are trying to set up and ssh server and a VPN server to both use the same radius server. We are currently using freeradius-1.0.1-3 with EL4.4 . It works fine with our Cisco 3015 VOPN concentrator. It's not working so well with our EL4.4-based ssh server. I doanloaded the pam_radius_auth source and built and installed per http://www.hoei.com/2007/09/linux-sshd-authentication-to-external-radius/ and the INSTALL file that came with the software. I can get radtest to work just fine from the ssh system, but when I try to authenticate via ssh onto that system, it fails. Running debug on the server, I was seeing this: User-Password = \010\n\rINCORRECT I found something on the list saying this could happen if the user wasn't in the passwd file on the ssh box. I added the user there: meo:x::100::/home/meo:/bin/tcsh and now the radius server is happy. It claims to be authenticating OK (we use shadow passwd on the radius server, but I did not make shadow entries on the ssh box), but the ssh login fails. Any ideas? Thanks, Miles - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
radiusd deadlock on recvfrom on port 1814
Hey, I've had FreeRADIUS Version 1.1.0 hang twice recently. The core dumps are very similar in that it appears that main is waiting on some stuff from port 1814. Honestly I don't know what 1814 is really for (proxy port?) but it seems as if fd_isset says so we should expect some data on that socket. Unless something _else_ had already received that data. I hadn't noticed this before I added radrelay and another radiusd process on the same box. Both radiusd processes are bound to different virtual interfaces and radrelay is duplicating acct packets from one to the other. It's not obvious why there would be a race condition on that socket, but my guess is something is going on there. It seems as though both radiusd processes are using the same descriptors for each of their three sockets. I've included some debug info from the core files. Is this a know bug or can it be fixed with a configuration change? Thanks, Ryan -- Process One: (gdb) print *(rad_listen_t *) mainconfig.listen $1 = {next = 0x458023e8, ipaddr = 486477016, type = RAD_LISTEN_AUTH, port = 1812, fd = 3} (gdb) print *(rad_listen_t *) mainconfig.listen-next $2 = {next = 0x4580eef8, ipaddr = 486477016, type = RAD_LISTEN_ACCT, port = 1813, fd = 4} (gdb) print *(rad_listen_t *) mainconfig.listen-next-next $3 = {next = 0x0, ipaddr = 486477016, type = RAD_LISTEN_PROXY, port = 1814, fd = 5} Process Two: gdb) print *(rad_listen_t *) mainconfig.listen $2 = {next = 0x8117fe0, ipaddr = 145944, type = RAD_LISTEN_AUTH, port = 1812, fd = 3} (gdb) print *(rad_listen_t *) mainconfig.listen-next $3 = {next = 0x8117ff8, ipaddr = 145944, type = RAD_LISTEN_ACCT, port = 1813, fd = 4} (gdb) print *(rad_listen_t *) mainconfig.listen-next-next $4 = {next = 0x0, ipaddr = 145944, type = RAD_LISTEN_PROXY, port = 1814, fd = 5} Process One: (gdb) info threads * 6 process 11191 0x0804d145 in main (argc=1166077688, argv=0xbfffd0c0) at radiusd.c:1323 5 process 19865 0x401c8d0b in [EMAIL PROTECTED] () from /lib/tls/libpthread.so.0 4 process 19864 0x401c8d0b in [EMAIL PROTECTED] () from /lib/tls/libpthread.so.0 3 process 19863 0x401c8d0b in [EMAIL PROTECTED] () from /lib/tls/libpthread.so.0 2 process 19862 0x401c8d0b in [EMAIL PROTECTED] () from /lib/tls/libpthread.so.0 1 process 19861 0x401c8d0b in [EMAIL PROTECTED] () from /lib/tls/libpthread.so.0 (gdb) bt #0 0x401c99fe in recvfrom () from /lib/tls/libpthread.so.0 #1 0x4004e6d1 in rad_recv (fd=5) at radius.c:1044 #2 0x0804d145 in main (argc=1166077688, argv=0xbfffd0c0) at radiusd.c:1323 (gdb) print *(rad_listen_t *) listener $22 = {next = 0x0, ipaddr = 486477016, type = RAD_LISTEN_PROXY, port = 1814, fd = 5} (gdb) frame 1 #1 0x4004e6d1 in rad_recv (fd=5) at radius.c:1044 1044radius.c: No such file or directory. in radius.c (gdb) info locals packet = (RADIUS_PACKET *) 0x4780dc38 saremote = {sin_family = 0, sin_port = 0, sin_addr = {s_addr = 0}, sin_zero = \000\000\000\000\000\000\000} totallen = 263 salen = 16 attr = (uint8_t *) 0x0 count = -1073758352 host_ipaddr = \000\000\000\000۾\005\b seen_eap = 0 data = stuff... -- - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Segment Fault after reload
Hey, I'm using freeradius 1.1.6 on gentoo and I've noticed that if I attempt to do a /etc/init.d/radiusd reload that freeradius stops responding. When i run the server with Radiusd -X and do a reload I get: snip reread_config: reading radiusd.conf Config: including file: /etc/raddb/proxy.conf Config: including file: /etc/raddb/clients.conf Config: including file: /etc/raddb/snmp.conf Config: including file: /etc/raddb/eap.conf Config: including file: /etc/raddb/sql.conf main: prefix = /usr main: localstatedir = /var main: logdir = /var/log/radius main: libdir = /usr/lib64 main: radacctdir = /var/log/radius/radacct main: hostname_lookups = no main: snmp = no main: max_request_time = 30 main: cleanup_delay = 5 main: max_requests = 1024 main: delete_blocked_requests = 0 main: port = 0 main: allow_core_dumps = no main: log_stripped_names = no main: log_file = /var/log/radius/radius.log main: log_auth = no main: log_auth_badpass = no main: log_auth_goodpass = no main: pidfile = /var/run/radiusd/radiusd.pid main: user = radiusd main: group = radiusd main: usercollide = no main: lower_user = no main: lower_pass = no main: nospace_user = no main: nospace_pass = no main: checkrad = /usr/sbin/checkrad main: proxy_requests = yes proxy: retry_delay = 5 proxy: retry_count = 3 proxy: synchronous = no proxy: default_fallback = yes proxy: dead_time = 120 proxy: post_proxy_authorize = no proxy: wake_all_if_all_dead = no security: max_attributes = 200 security: reject_delay = 1 security: status_server = no main: debug_level = 0 read_config_files: reading dictionary read_config_files: reading naslist Using deprecated naslist file. Support for this will go away soon. read_config_files: reading clients read_config_files: reading realms Wed Oct 17 18:26:20 2007 : Info: rlm_exec: Wait=yes but no output defined. Did you mean output=none? Wed Oct 17 18:26:20 2007 : Error: radiusd.conf[1910] Auth-Type PAP already configured - skipping Wed Oct 17 18:26:20 2007 : Error: radiusd.conf[1919] Auth-Type CHAP already configured - skipping Wed Oct 17 18:26:20 2007 : Error: radiusd.conf[1925] Auth-Type MS-CHAP already configured - skipping Wed Oct 17 18:26:20 2007 : Info: radiusd.conf Auth-Type eap already configured - skipping Wed Oct 17 18:26:20 2007 : Info: rlm_passwd: nfields: 2 keyfield 0(User-Name) listable: no Wed Oct 17 18:26:20 2007 : Info: Ready to process requests. /snip Then once I attempt to do a radtest i get a Segmentation fault and the server quits. Any thoughts? -- Regards Joe - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Segment Fault after reload
Joe Mom wrote: I'm using freeradius 1.1.6 on gentoo and I've noticed that if I attempt to do a /etc/init.d/radiusd reload that freeradius stops responding. Don't reload it. This is a known issue. Maybe HUP will work in 2.x. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
SOLVED: ssh, pam, radius not playing nicely
Miles O'Neal said... |I added the user there: | | meo:x::100::/home/meo:/bin/tcsh I changed this to meo:::100::/home/meo:/bin/tcsh and now it works. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Freeradius logging w/syslog
Hi Alan, Ok, seems the default install is dated that comes with CentOS 4.4... I've upgraded to FreeRADIUS Version 1.1.7 now and logging seems to be working but I'd like to be able to get more usable data. I nthe /etc/syslog.conf file I have this entry: # .* will log all messages in the same log file local1.*/var/log/radius/radius.log From the syslog server I see this data: Oct 17 19:11:16 radius radiusd(pam_unix)[15776]: authentication failure; logname= uid=95 euid=95 tty= ruser= rhost= Oct 17 19:12:06 radius radiusd(pam_unix)[15776]: authentication failure; logname= uid=95 euid=95 tty= ruser= rhost= Oct 17 19:12:26 radius radiusd(pam_unix)[15776]: authentication failure; logname= uid=95 euid=95 tty= ruser= rhost= Oct 17 19:13:52 radius radiusd(pam_unix)[15776]: authentication failure; logname= uid=95 euid=95 tty= ruser= rhost= But I'd like to see the User_Name and Client_Name similar to what you in localhost:/var/log/radius/radius.log file. Thanks again, - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html