Re: FreeRadius+AD integration
Hello All, Could some one please tell me why ntlm_auth resurning OK with out looking up the ADS . I couldnt understand the debug. On 5/1/07, shrikant Bhat [EMAIL PROTECTED] wrote: Alan, My intention is not argue, since I coudnt understand the debug I posted the messege. On 4/30/07, Alan DeKok [EMAIL PROTECTED] wrote: shrikant Bhat wrote: I dont have the user in Active directory, yet free radius sends a accept packet. I did read the debug output, unlike you. It shows why. I told you why. Stop arguing and read the debug output again, and my responses. It's not FreeRADIUS. You have configured FreeRADIUS to reply with an Access-Accept if the ntlm_auth module returns OK. For some reason, the ntlm_auth is returning OK. Go find out why that's happening, and fix it. Do NOT reply with but freeradius sends an access accept. That reply indicates that you're not reading the messages here. If you're not going to read the answers to your questions, I suggest you stop asking the questions. You're wasting your time, and ours. Alan DeKok. -- http://deployingradius.com - The web site of the book http://deployingradius.com/blog/ - The blog - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: FreeRadius+AD integration
shrikant Bhat wrote: Hello All, Could some one please tell me why ntlm_auth resurning OK with out looking up the ADS . Ask the people who wrote ntlm_auth? Alan DeKok. -- http://deployingradius.com - The web site of the book http://deployingradius.com/blog/ - The blog - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: FreeRadius+AD integration
Sorry I forgot to attach the radiusd.conf and debug results
***
..
prefix = /usr
exec_prefix = /usr
sysconfdir = /etc
localstatedir = /var
sbindir = /usr/sbin
logdir = ${localstatedir}/log/radius
raddbdir = ${sysconfdir}/raddb
radacctdir = ${logdir}/radacct
# Location of config and logfiles.
confdir = ${raddbdir}
run_dir = ${localstatedir}/run/radiusd
#
# The logging messages for the server are appended to the
# tail of this file.
#
log_file = ${logdir}/radius.log
libdir = /usr/local/lib
pidfile = ${run_dir}/radiusd.pid
user = radiusd
group = radiusd
max_request_time = 30
delete_blocked_requests = no
cleanup_delay = 5
#
max_requests = 1024
#
bind_address = *
#
port = 0
#
hostname_lookups = no
#
allow_core_dumps = no
# Regular expressions
#
regular_expressions = yes
extended_expressions= yes
# Log the full User-Name attribute, as it was found in the request.
#
log_stripped_names = no
# Log authentication requests to the log file.
#
# allowed values: {no, yes}
#
log_auth = no
# Log passwords with the authentication requests.
# log_auth_badpass - logs password if it's rejected
# log_auth_goodpass - logs password if it's correct
#
# allowed values: {no, yes}
#
log_auth_badpass = no
log_auth_goodpass = no
usercollide = no
#
lower_user = no
lower_pass = no
nospace_user = no
nospace_pass = no
checkrad = ${sbindir}/checkrad
#
security {
max_attributes = 200
reject_delay = 1
status_server = no
}
$INCLUDE ${confdir}/clients.conf
# SNMP CONFIGURATION
snmp= no
$INCLUDE ${confdir}/snmp.conf
thread pool {
start_servers = 5
max_servers = 32
#
min_spare_servers = 3
max_spare_servers = 10
# There may be memory leaks or resource allocation problems with
max_requests_per_server = 0
}
# MODULE CONFIGURATION
#
# The names and configuration of each module is located in this section.
#
# After the modules are defined here, they may be referred to by name,
# in other sections of this configuration file.
#
modules {
exec ntlm_auth {
wait = no
program = /usr/bin/ntlm_auth --request-nt-key
--domain=MYDOMAIN.ORG --username=%{mschap:User-Name}
--password=%{User-Password}
}
#
pap {
encryption_scheme = crypt
}
chap {
authtype = CHAP
}
$INCLUDE ${confdir}/eap.conf
mschap {
#
authtype = MS-CHAP
# ntlm_auth = /usr/bin/ntlm_auth --request-nt-key
--username=%{mschap:User-Name:-None}
--domain=%{mschap:NT-Domain:-MYDOMAIN.ORG}
--challenge=%{mschap:Challenge:-00}
--nt-response=%{mschap:NT-Response:-00}
}
checkval {
# The attribute to look for in the request
item-name = Calling-Station-Id
# The attribute to look for in check items. Can be multi valued
check-name = Calling-Station-Id
# The data type. Can be
# string,integer,ipaddr,date,abinary,octets
data-type = string
# If set to yes and we dont find the item-name attribute in the
# request then we send back a reject
# DEFAULT is no
#notfound-reject = no
}
preprocess {
huntgroups = ${confdir}/huntgroups
hints = ${confdir}/hints
with_ascend_hack = no
ascend_channels_per_line = 23
with_ntdomain_hack = no
with_specialix_jetstream_hack = no
with_cisco_vsa_hack = no
}
files {
}
detail {
detailfile = ${radacctdir}/%{Client-IP-Address}/detail-%Y%m%d
detailperm = 0600
}
acct_unique {
key = User-Name, Acct-Session-Id, NAS-IP-Address,
Client-IP-Address, NAS-Port
}
radutmp {
filename = ${logdir}/radutmp
username = %{User-Name}
case_sensitive = yes
check_with_nas = yes
perm = 0600
callerid = yes
}
radutmp sradutmp {
filename = ${logdir}/sradutmp
perm = 0644
callerid = no
}
attr_filter {
attrsfile = ${confdir}/attrs
}
counter daily {
filename = ${raddbdir}/db.daily
key = User-Name
count-attribute = Acct-Session-Time
reset = daily
counter-name = Daily-Session-Time
check-name = Max-Daily-Session
allowed-servicetype = Framed-User
cache-size = 5000
}
expr {
}
exec {
Re: FreeRadius+AD integration
It must be you. so your are the right person to tell me what is causing ntlm_auth to send OK. SB On 5/2/07, Alan DeKok [EMAIL PROTECTED] wrote: shrikant Bhat wrote: Hello All, Could some one please tell me why ntlm_auth resurning OK with out looking up the ADS . Ask the people who wrote ntlm_auth? Alan DeKok. -- http://deployingradius.com - The web site of the book http://deployingradius.com/blog/ - The blog - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: FreeRadius+AD integration
shrikant Bhat wrote: It must be you. so your are the right person to tell me what is causing ntlm_auth to send OK. Umm... no. 10 seconds of reading documentation would lead you to conclude that ntlm_auth is part of the Samba project. I am not part of the Samba project. Start reading documentation. Stop asking questions on this list about ntlm_auth. Alan DeKok. -- http://deployingradius.com - The web site of the book http://deployingradius.com/blog/ - The blog - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: FreeRadius+AD integration
Why not try this? Worked for us. http://wiki.freeradius.org/FreeRADIUS_Active_Directory_Integration_HOWTO Note that the first thing configured is the Samba server. It doesn't even mention installing the Freeradius server until after the Samba configuration is completed. Hi, It must be you. so your are the right person to tell me what is causing ntlm_auth to send OK. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: FreeRadius+AD integration
The deploying freeradius + AD is an excellent guide for the ntlm_auth method. Im guessing it is because your ntlm_auth command is commented out in the mschap part On 5/2/07, Danner, Mearl [EMAIL PROTECTED] wrote: Why not try this? Worked for us. http://wiki.freeradius.org/FreeRADIUS_Active_Directory_Integration_HOWTO Note that the first thing configured is the Samba server. It doesn't even mention installing the Freeradius server until after the Samba configuration is completed. Hi, It must be you. so your are the right person to tell me what is causing ntlm_auth to send OK. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: FreeRadius+AD integration
Alan, My intention is not argue, since I coudnt understand the debug I posted the messege. On 4/30/07, Alan DeKok [EMAIL PROTECTED] wrote: shrikant Bhat wrote: I dont have the user in Active directory, yet free radius sends a accept packet. I did read the debug output, unlike you. It shows why. I told you why. Stop arguing and read the debug output again, and my responses. It's not FreeRADIUS. You have configured FreeRADIUS to reply with an Access-Accept if the ntlm_auth module returns OK. For some reason, the ntlm_auth is returning OK. Go find out why that's happening, and fix it. Do NOT reply with but freeradius sends an access accept. That reply indicates that you're not reading the messages here. If you're not going to read the answers to your questions, I suggest you stop asking the questions. You're wasting your time, and ours. Alan DeKok. -- http://deployingradius.com - The web site of the book http://deployingradius.com/blog/ - The blog - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: FreeRadius+AD integration
Hi, Any one who can help me with this ? thanks in advance SB On 4/27/07, shrikant Bhat [EMAIL PROTECTED] wrote: On Line 154 I have default Auth-Type = ntlm_auth. If I comment this out I get the Access-reject packet. thanks, SB On 4/27/07, [EMAIL PROTECTED] [EMAIL PROTECTED] wrote: Well, it matched something in the users file: users: Matched entry DEFAULT at line 154 Dana 27/4/2007, shrikant Bhat [EMAIL PROTECTED] piše: Yes I figured that. thanks for that. But the issues is the user I am trying to authenticate is not listed in users file or in AD, so I dont understand how is it authenticating this user. I have attached debug . thanks for the help. * rad_recv: Access-Request packet from host 127.0.0.1:32779, id=100, length=59 User-Name = raduser User-Password = radpass NAS-IP-Address = 255.255.255.255 NAS-Port = 0 Processing the authorize section of radiusd.conf modcall: entering group authorize for request 3 modcall[authorize]: module preprocess returns ok for request 3 modcall[authorize]: module chap returns noop for request 3 modcall[authorize]: module mschap returns noop for request 3 rlm_realm: No '@' in User-Name = raduser, looking up realm NULL rlm_realm: No such realm NULL modcall[authorize]: module suffix returns noop for request 3 rlm_eap: No EAP-Message, not doing EAP modcall[authorize]: module eap returns noop for request 3 users: Matched entry DEFAULT at line 154 modcall[authorize]: module files returns ok for request 3 modcall: leaving group authorize (returns ok) for request 3 rad_check_password: Found Auth-Type ntlm_auth auth: type ntlm_auth Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 3 radius_xlat: Running registered xlat function of module mschap for string 'User-Name' radius_xlat: '--username=raduser' radius_xlat: '--password=radpass' modcall[authenticate]: module ntlm_auth returns ok for request 3 modcall: leaving group authenticate (returns ok) for request 3 Sending Access-Accept of id 100 to 127.0.0.1 port 32779 Finished request 3 Going to the next request --- Walking the entire request list --- Waking up in 6 seconds... --- Walking the entire request list --- Cleaning up request 3 ID 100 with timestamp 4631d1f0 Nothing to do. Sleeping until we see a request. On 4/27/07, [EMAIL PROTECTED] [EMAIL PROTECTED] wrote: Error seems to be because shared secret is testing123 not testing 123. But you need to paste output od radiusd-X after Access-Request. Open two ssh sessions and do radtest from one and radiusd -X from the other. Ivan Kalik Kalik Informatika ISP Dana 27/4/2007, shrikant Bhat [EMAIL PROTECTED] pi e: I get this error [EMAIL PROTECTED] ~]# radtest raduser radpass localhost 0 testing 123 Sending Access-Request of id 47 to 127.0.0.1 port 1812 User-Name = raduser User-Password = radpass NAS-IP-Address = 255.255.255.255 NAS-Port = 0 Framed-Protocol = PPP rad_recv: Access-Accept packet from host 127.0.0.1:1812, id=47, length=20 rad_verify: Received Access-Accept packet from client 127.0.0.1 port 1812 with invalid signature (err=2)! (Shared secret is incorrect.) On 4/27/07, [EMAIL PROTECTED] [EMAIL PROTECTED] wrote: And what happens when you get Access-Request? Dana 27/4/2007, shrikant Bhat [EMAIL PROTECTED] pi e: Hello Alan, I have built and installed 1.1.6 version of FreeRadius. When I test using radtest it authenticates any user with any pasword, what I mean by this is it doesnt seem to contact the ADS to lookup the user information and authenticate. I have attached the debug * [EMAIL PROTECTED] raddb]# /usr/local/sbin/radiusd -X Starting - reading configuration files ... reread_config: reading radiusd.conf Config: including file: /etc/raddb/clients.conf Config: including file: /etc/raddb/snmp.conf Config: including file: /etc/raddb/eap.conf Config: including file: /etc/raddb/sql.conf main: prefix = /usr main: localstatedir = /var main: logdir = /var/log/radius main: libdir = /usr/lib main: radacctdir = /var/log/radius/radacct main: hostname_lookups = no main: max_request_time = 30 main: cleanup_delay = 5 main: max_requests = 1024 main: delete_blocked_requests = 0 main: port = 0 main: allow_core_dumps = no main: log_stripped_names = no main: log_file = /var/log/radius/radius.log
Re: FreeRadius+AD integration
shrikant Bhat wrote: ... Yes I figured that. thanks for that. But the issues is the user I am trying to authenticate is not listed in users file or in AD, so I dont understand how is it authenticating this user. I have attached debug . Have you read the debug output? ... radius_xlat: Running registered xlat function of module mschap for string 'User-Name' radius_xlat: '--username=raduser' radius_xlat: '--password=radpass' modcall[authenticate]: module ntlm_auth returns ok for request 3 What part of that is unclear? You think the user isn't in Active Directory. Yet ntlm_auth is returning that the user is in AD. Either the user is in AD, or ntlm_auth is doing something magical. Alan DeKok. -- http://deployingradius.com - The web site of the book http://deployingradius.com/blog/ - The blog - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: FreeRadius+AD integration
I dont have the user in Active directory, yet free radius sends a accept packet. thanks On 4/30/07, Alan DeKok [EMAIL PROTECTED] wrote: shrikant Bhat wrote: ... Yes I figured that. thanks for that. But the issues is the user I am trying to authenticate is not listed in users file or in AD, so I dont understand how is it authenticating this user. I have attached debug . Have you read the debug output? ... radius_xlat: Running registered xlat function of module mschap for string 'User-Name' radius_xlat: '--username=raduser' radius_xlat: '--password=radpass' modcall[authenticate]: module ntlm_auth returns ok for request 3 What part of that is unclear? You think the user isn't in Active Directory. Yet ntlm_auth is returning that the user is in AD. Either the user is in AD, or ntlm_auth is doing something magical. Alan DeKok. -- http://deployingradius.com - The web site of the book http://deployingradius.com/blog/ - The blog - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: FreeRadius+AD integration
shrikant Bhat wrote: I dont have the user in Active directory, yet free radius sends a accept packet. I did read the debug output, unlike you. It shows why. I told you why. Stop arguing and read the debug output again, and my responses. It's not FreeRADIUS. You have configured FreeRADIUS to reply with an Access-Accept if the ntlm_auth module returns OK. For some reason, the ntlm_auth is returning OK. Go find out why that's happening, and fix it. Do NOT reply with but freeradius sends an access accept. That reply indicates that you're not reading the messages here. If you're not going to read the answers to your questions, I suggest you stop asking the questions. You're wasting your time, and ours. Alan DeKok. -- http://deployingradius.com - The web site of the book http://deployingradius.com/blog/ - The blog - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: FreeRadius+AD integration
Hello Alan,
I have built and installed 1.1.6 version of FreeRadius. When I test
using radtest it authenticates any user with any pasword, what I mean
by this is it doesnt seem to contact the ADS to lookup the user
information and authenticate. I have attached the debug
*
[EMAIL PROTECTED] raddb]# /usr/local/sbin/radiusd -X
Starting - reading configuration files ...
reread_config: reading radiusd.conf
Config: including file: /etc/raddb/clients.conf
Config: including file: /etc/raddb/snmp.conf
Config: including file: /etc/raddb/eap.conf
Config: including file: /etc/raddb/sql.conf
main: prefix = /usr
main: localstatedir = /var
main: logdir = /var/log/radius
main: libdir = /usr/lib
main: radacctdir = /var/log/radius/radacct
main: hostname_lookups = no
main: max_request_time = 30
main: cleanup_delay = 5
main: max_requests = 1024
main: delete_blocked_requests = 0
main: port = 0
main: allow_core_dumps = no
main: log_stripped_names = no
main: log_file = /var/log/radius/radius.log
main: log_auth = no
main: log_auth_badpass = no
main: log_auth_goodpass = no
main: pidfile = /var/run/radiusd/radiusd.pid
main: user = radiusd
main: group = radiusd
main: usercollide = no
main: lower_user = no
main: lower_pass = no
main: nospace_user = no
main: nospace_pass = no
main: checkrad = /usr/sbin/checkrad
main: proxy_requests = yes
security: max_attributes = 200
security: reject_delay = 1
security: status_server = no
main: debug_level = 0
read_config_files: reading dictionary
read_config_files: reading naslist
Using deprecated naslist file. Support for this will go away soon.
read_config_files: reading clients
read_config_files: reading realms
radiusd: entering modules setup
Module: Library search path is /usr/lib
Module: Loaded expr
Module: Instantiated expr (expr)
Module: Loaded exec
exec: wait = no
exec: program = /usr/bin/ntlm_auth --request-nt-key
--domain=MYDOMAIN.COM --username=%{mschap:User-Name}
--password=%{User-Password}
exec: input_pairs = request
exec: output_pairs = (null)
exec: packet_type = (null)
Module: Instantiated exec (ntlm_auth)
Module: Loaded CHAP
Module: Instantiated chap (chap)
Module: Loaded preprocess
preprocess: huntgroups = /etc/raddb/huntgroups
preprocess: hints = /etc/raddb/hints
preprocess: with_ascend_hack = no
preprocess: ascend_channels_per_line = 23
preprocess: with_ntdomain_hack = no
preprocess: with_specialix_jetstream_hack = no
preprocess: with_cisco_vsa_hack = no
Module: Instantiated preprocess (preprocess)
Module: Loaded MS-CHAP
mschap: use_mppe = yes
mschap: require_encryption = no
mschap: require_strong = no
mschap: with_ntdomain_hack = yes
mschap: passwd = (null)
mschap: authtype = MS-CHAP
mschap: ntlm_auth = (null)
Module: Instantiated mschap (mschap)
Module: Loaded realm
realm: format = suffix
realm: delimiter = @
realm: ignore_default = no
realm: ignore_null = no
Module: Instantiated realm (suffix)
Module: Loaded eap
eap: default_eap_type = md5
eap: timer_expire = 60
eap: ignore_unknown_eap_types = no
eap: cisco_accounting_username_bug = no
rlm_eap: Loaded and initialized type md5
rlm_eap: Loaded and initialized type leap
gtc: challenge = Password:
gtc: auth_type = PAP
rlm_eap: Loaded and initialized type gtc
mschapv2: with_ntdomain_hack = no
rlm_eap: Loaded and initialized type mschapv2
Module: Instantiated eap (eap)
Module: Loaded files
files: usersfile = /etc/raddb/users
files: acctusersfile = /etc/raddb/acct_users
files: preproxy_usersfile = /etc/raddb/preproxy_users
files: compat = cistron
[/etc/raddb/users]:1 Cistron compatibility checks for entry raduser ...
[/etc/raddb/users]:153 Cistron compatibility checks for entry DEFAULT ...
?Changing 'Auth-Type =' to 'Auth-Type +='
[/etc/raddb/users]:172 Cistron compatibility checks for entry DEFAULT ...
[/etc/raddb/users]:184 Cistron compatibility checks for entry DEFAULT ...
[/etc/raddb/users]:191 Cistron compatibility checks for entry DEFAULT ...
[/etc/raddb/users]:198 Cistron compatibility checks for entry DEFAULT ...
Module: Instantiated files (files)
Module: Loaded Acct-Unique-Session-Id
acct_unique: key = User-Name, Acct-Session-Id, NAS-IP-Address,
Client-IP-Address, NAS-Port
Module: Instantiated acct_unique (acct_unique)
Module: Loaded detail
detail: detailfile =
/var/log/radius/radacct/%{Client-IP-Address}/detail-%Y%m%d
detail: detailperm = 384
detail: dirperm = 493
detail: locking = no
Module: Instantiated detail (detail)
Module: Loaded System
unix: cache = no
unix: passwd = (null)
unix: shadow = /etc/shadow
unix: group = (null)
unix: radwtmp = /var/log/radius/radwtmp
unix: usegroup = no
unix: cache_reload = 600
Module: Instantiated unix (unix)
Module: Loaded radutmp
radutmp: filename = /var/log/radius/radutmp
radutmp: username = %{User-Name}
radutmp: case_sensitive = yes
radutmp: check_with_nas = yes
radutmp: perm = 384
radutmp:
Re: FreeRadius+AD integration
And what happens when you get Access-Request?
Dana 27/4/2007, shrikant Bhat [EMAIL PROTECTED] piše:
Hello Alan,
I have built and installed 1.1.6 version of FreeRadius. When I test
using radtest it authenticates any user with any pasword, what I mean
by this is it doesnt seem to contact the ADS to lookup the user
information and authenticate. I have attached the debug
*
[EMAIL PROTECTED] raddb]# /usr/local/sbin/radiusd -X
Starting - reading configuration files ...
reread_config: reading radiusd.conf
Config: including file: /etc/raddb/clients.conf
Config: including file: /etc/raddb/snmp.conf
Config: including file: /etc/raddb/eap.conf
Config: including file: /etc/raddb/sql.conf
main: prefix = /usr
main: localstatedir = /var
main: logdir = /var/log/radius
main: libdir = /usr/lib
main: radacctdir = /var/log/radius/radacct
main: hostname_lookups = no
main: max_request_time = 30
main: cleanup_delay = 5
main: max_requests = 1024
main: delete_blocked_requests = 0
main: port = 0
main: allow_core_dumps = no
main: log_stripped_names = no
main: log_file = /var/log/radius/radius.log
main: log_auth = no
main: log_auth_badpass = no
main: log_auth_goodpass = no
main: pidfile = /var/run/radiusd/radiusd.pid
main: user = radiusd
main: group = radiusd
main: usercollide = no
main: lower_user = no
main: lower_pass = no
main: nospace_user = no
main: nospace_pass = no
main: checkrad = /usr/sbin/checkrad
main: proxy_requests = yes
security: max_attributes = 200
security: reject_delay = 1
security: status_server = no
main: debug_level = 0
read_config_files: reading dictionary
read_config_files: reading naslist
Using deprecated naslist file. Support for this will go away soon.
read_config_files: reading clients
read_config_files: reading realms
radiusd: entering modules setup
Module: Library search path is /usr/lib
Module: Loaded expr
Module: Instantiated expr (expr)
Module: Loaded exec
exec: wait = no
exec: program = /usr/bin/ntlm_auth --request-nt-key
--domain=MYDOMAIN.COM --username=%{mschap:User-Name}
--password=%{User-Password}
exec: input_pairs = request
exec: output_pairs = (null)
exec: packet_type = (null)
Module: Instantiated exec (ntlm_auth)
Module: Loaded CHAP
Module: Instantiated chap (chap)
Module: Loaded preprocess
preprocess: huntgroups = /etc/raddb/huntgroups
preprocess: hints = /etc/raddb/hints
preprocess: with_ascend_hack = no
preprocess: ascend_channels_per_line = 23
preprocess: with_ntdomain_hack = no
preprocess: with_specialix_jetstream_hack = no
preprocess: with_cisco_vsa_hack = no
Module: Instantiated preprocess (preprocess)
Module: Loaded MS-CHAP
mschap: use_mppe = yes
mschap: require_encryption = no
mschap: require_strong = no
mschap: with_ntdomain_hack = yes
mschap: passwd = (null)
mschap: authtype = MS-CHAP
mschap: ntlm_auth = (null)
Module: Instantiated mschap (mschap)
Module: Loaded realm
realm: format = suffix
realm: delimiter = @
realm: ignore_default = no
realm: ignore_null = no
Module: Instantiated realm (suffix)
Module: Loaded eap
eap: default_eap_type = md5
eap: timer_expire = 60
eap: ignore_unknown_eap_types = no
eap: cisco_accounting_username_bug = no
rlm_eap: Loaded and initialized type md5
rlm_eap: Loaded and initialized type leap
gtc: challenge = Password:
gtc: auth_type = PAP
rlm_eap: Loaded and initialized type gtc
mschapv2: with_ntdomain_hack = no
rlm_eap: Loaded and initialized type mschapv2
Module: Instantiated eap (eap)
Module: Loaded files
files: usersfile = /etc/raddb/users
files: acctusersfile = /etc/raddb/acct_users
files: preproxy_usersfile = /etc/raddb/preproxy_users
files: compat = cistron
[/etc/raddb/users]:1 Cistron compatibility checks for entry raduser ...
[/etc/raddb/users]:153 Cistron compatibility checks for entry DEFAULT ...
?Changing 'Auth-Type =' to 'Auth-Type +='
[/etc/raddb/users]:172 Cistron compatibility checks for entry DEFAULT ...
[/etc/raddb/users]:184 Cistron compatibility checks for entry DEFAULT ...
[/etc/raddb/users]:191 Cistron compatibility checks for entry DEFAULT ...
[/etc/raddb/users]:198 Cistron compatibility checks for entry DEFAULT ...
Module: Instantiated files (files)
Module: Loaded Acct-Unique-Session-Id
acct_unique: key = User-Name, Acct-Session-Id, NAS-IP-Address,
Client-IP-Address, NAS-Port
Module: Instantiated acct_unique (acct_unique)
Module: Loaded detail
detail: detailfile =
/var/log/radius/radacct/%{Client-IP-Address}/detail-%Y%m%d
detail: detailperm = 384
detail: dirperm = 493
detail: locking = no
Module: Instantiated detail (detail)
Module: Loaded System
unix: cache = no
unix: passwd = (null)
unix: shadow = /etc/shadow
unix: group = (null)
unix: radwtmp = /var/log/radius/radwtmp
unix: usegroup = no
unix: cache_reload = 600
Module: Instantiated unix (unix)
Module: Loaded radutmp
radutmp: filename = /var/log/radius/radutmp
radutmp: username =
Re: FreeRadius+AD integration
Yes I figured that. thanks for that. But the issues is the user I am trying to authenticate is not listed in users file or in AD, so I dont understand how is it authenticating this user. I have attached debug . thanks for the help. * rad_recv: Access-Request packet from host 127.0.0.1:32779, id=100, length=59 User-Name = raduser User-Password = radpass NAS-IP-Address = 255.255.255.255 NAS-Port = 0 Processing the authorize section of radiusd.conf modcall: entering group authorize for request 3 modcall[authorize]: module preprocess returns ok for request 3 modcall[authorize]: module chap returns noop for request 3 modcall[authorize]: module mschap returns noop for request 3 rlm_realm: No '@' in User-Name = raduser, looking up realm NULL rlm_realm: No such realm NULL modcall[authorize]: module suffix returns noop for request 3 rlm_eap: No EAP-Message, not doing EAP modcall[authorize]: module eap returns noop for request 3 users: Matched entry DEFAULT at line 154 modcall[authorize]: module files returns ok for request 3 modcall: leaving group authorize (returns ok) for request 3 rad_check_password: Found Auth-Type ntlm_auth auth: type ntlm_auth Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 3 radius_xlat: Running registered xlat function of module mschap for string 'User-Name' radius_xlat: '--username=raduser' radius_xlat: '--password=radpass' modcall[authenticate]: module ntlm_auth returns ok for request 3 modcall: leaving group authenticate (returns ok) for request 3 Sending Access-Accept of id 100 to 127.0.0.1 port 32779 Finished request 3 Going to the next request --- Walking the entire request list --- Waking up in 6 seconds... --- Walking the entire request list --- Cleaning up request 3 ID 100 with timestamp 4631d1f0 Nothing to do. Sleeping until we see a request. On 4/27/07, [EMAIL PROTECTED] [EMAIL PROTECTED] wrote: Error seems to be because shared secret is testing123 not testing 123. But you need to paste output od radiusd-X after Access-Request. Open two ssh sessions and do radtest from one and radiusd -X from the other. Ivan Kalik Kalik Informatika ISP Dana 27/4/2007, shrikant Bhat [EMAIL PROTECTED] piše: I get this error [EMAIL PROTECTED] ~]# radtest raduser radpass localhost 0 testing 123 Sending Access-Request of id 47 to 127.0.0.1 port 1812 User-Name = raduser User-Password = radpass NAS-IP-Address = 255.255.255.255 NAS-Port = 0 Framed-Protocol = PPP rad_recv: Access-Accept packet from host 127.0.0.1:1812, id=47, length=20 rad_verify: Received Access-Accept packet from client 127.0.0.1 port 1812 with invalid signature (err=2)! (Shared secret is incorrect.) On 4/27/07, [EMAIL PROTECTED] [EMAIL PROTECTED] wrote: And what happens when you get Access-Request? Dana 27/4/2007, shrikant Bhat [EMAIL PROTECTED] pi e: Hello Alan, I have built and installed 1.1.6 version of FreeRadius. When I test using radtest it authenticates any user with any pasword, what I mean by this is it doesnt seem to contact the ADS to lookup the user information and authenticate. I have attached the debug * [EMAIL PROTECTED] raddb]# /usr/local/sbin/radiusd -X Starting - reading configuration files ... reread_config: reading radiusd.conf Config: including file: /etc/raddb/clients.conf Config: including file: /etc/raddb/snmp.conf Config: including file: /etc/raddb/eap.conf Config: including file: /etc/raddb/sql.conf main: prefix = /usr main: localstatedir = /var main: logdir = /var/log/radius main: libdir = /usr/lib main: radacctdir = /var/log/radius/radacct main: hostname_lookups = no main: max_request_time = 30 main: cleanup_delay = 5 main: max_requests = 1024 main: delete_blocked_requests = 0 main: port = 0 main: allow_core_dumps = no main: log_stripped_names = no main: log_file = /var/log/radius/radius.log main: log_auth = no main: log_auth_badpass = no main: log_auth_goodpass = no main: pidfile = /var/run/radiusd/radiusd.pid main: user = radiusd main: group = radiusd main: usercollide = no main: lower_user = no main: lower_pass = no main: nospace_user = no main: nospace_pass = no main: checkrad = /usr/sbin/checkrad main: proxy_requests = yes security: max_attributes = 200 security: reject_delay = 1 security: status_server = no main: debug_level = 0 read_config_files: reading dictionary read_config_files: reading naslist Using deprecated naslist file. Support for this will go away soon.
Re: FreeRadius+AD integration
On Line 154 I have default Auth-Type = ntlm_auth. If I comment this out I get the Access-reject packet. thanks, SB On 4/27/07, [EMAIL PROTECTED] [EMAIL PROTECTED] wrote: Well, it matched something in the users file: users: Matched entry DEFAULT at line 154 Dana 27/4/2007, shrikant Bhat [EMAIL PROTECTED] piše: Yes I figured that. thanks for that. But the issues is the user I am trying to authenticate is not listed in users file or in AD, so I dont understand how is it authenticating this user. I have attached debug . thanks for the help. * rad_recv: Access-Request packet from host 127.0.0.1:32779, id=100, length=59 User-Name = raduser User-Password = radpass NAS-IP-Address = 255.255.255.255 NAS-Port = 0 Processing the authorize section of radiusd.conf modcall: entering group authorize for request 3 modcall[authorize]: module preprocess returns ok for request 3 modcall[authorize]: module chap returns noop for request 3 modcall[authorize]: module mschap returns noop for request 3 rlm_realm: No '@' in User-Name = raduser, looking up realm NULL rlm_realm: No such realm NULL modcall[authorize]: module suffix returns noop for request 3 rlm_eap: No EAP-Message, not doing EAP modcall[authorize]: module eap returns noop for request 3 users: Matched entry DEFAULT at line 154 modcall[authorize]: module files returns ok for request 3 modcall: leaving group authorize (returns ok) for request 3 rad_check_password: Found Auth-Type ntlm_auth auth: type ntlm_auth Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 3 radius_xlat: Running registered xlat function of module mschap for string 'User-Name' radius_xlat: '--username=raduser' radius_xlat: '--password=radpass' modcall[authenticate]: module ntlm_auth returns ok for request 3 modcall: leaving group authenticate (returns ok) for request 3 Sending Access-Accept of id 100 to 127.0.0.1 port 32779 Finished request 3 Going to the next request --- Walking the entire request list --- Waking up in 6 seconds... --- Walking the entire request list --- Cleaning up request 3 ID 100 with timestamp 4631d1f0 Nothing to do. Sleeping until we see a request. On 4/27/07, [EMAIL PROTECTED] [EMAIL PROTECTED] wrote: Error seems to be because shared secret is testing123 not testing 123. But you need to paste output od radiusd-X after Access-Request. Open two ssh sessions and do radtest from one and radiusd -X from the other. Ivan Kalik Kalik Informatika ISP Dana 27/4/2007, shrikant Bhat [EMAIL PROTECTED] pi e: I get this error [EMAIL PROTECTED] ~]# radtest raduser radpass localhost 0 testing 123 Sending Access-Request of id 47 to 127.0.0.1 port 1812 User-Name = raduser User-Password = radpass NAS-IP-Address = 255.255.255.255 NAS-Port = 0 Framed-Protocol = PPP rad_recv: Access-Accept packet from host 127.0.0.1:1812, id=47, length=20 rad_verify: Received Access-Accept packet from client 127.0.0.1 port 1812 with invalid signature (err=2)! (Shared secret is incorrect.) On 4/27/07, [EMAIL PROTECTED] [EMAIL PROTECTED] wrote: And what happens when you get Access-Request? Dana 27/4/2007, shrikant Bhat [EMAIL PROTECTED] pi e: Hello Alan, I have built and installed 1.1.6 version of FreeRadius. When I test using radtest it authenticates any user with any pasword, what I mean by this is it doesnt seem to contact the ADS to lookup the user information and authenticate. I have attached the debug * [EMAIL PROTECTED] raddb]# /usr/local/sbin/radiusd -X Starting - reading configuration files ... reread_config: reading radiusd.conf Config: including file: /etc/raddb/clients.conf Config: including file: /etc/raddb/snmp.conf Config: including file: /etc/raddb/eap.conf Config: including file: /etc/raddb/sql.conf main: prefix = /usr main: localstatedir = /var main: logdir = /var/log/radius main: libdir = /usr/lib main: radacctdir = /var/log/radius/radacct main: hostname_lookups = no main: max_request_time = 30 main: cleanup_delay = 5 main: max_requests = 1024 main: delete_blocked_requests = 0 main: port = 0 main: allow_core_dumps = no main: log_stripped_names = no main: log_file = /var/log/radius/radius.log main: log_auth = no main: log_auth_badpass = no main: log_auth_goodpass = no main: pidfile = /var/run/radiusd/radiusd.pid main: user = radiusd main: group = radiusd main: usercollide = no main: lower_user
Re: FreeRadius+AD integration
Well, it matched something in the users file: users: Matched entry DEFAULT at line 154 Dana 27/4/2007, shrikant Bhat [EMAIL PROTECTED] piše: Yes I figured that. thanks for that. But the issues is the user I am trying to authenticate is not listed in users file or in AD, so I dont understand how is it authenticating this user. I have attached debug . thanks for the help. * rad_recv: Access-Request packet from host 127.0.0.1:32779, id=100, length=59 User-Name = raduser User-Password = radpass NAS-IP-Address = 255.255.255.255 NAS-Port = 0 Processing the authorize section of radiusd.conf modcall: entering group authorize for request 3 modcall[authorize]: module preprocess returns ok for request 3 modcall[authorize]: module chap returns noop for request 3 modcall[authorize]: module mschap returns noop for request 3 rlm_realm: No '@' in User-Name = raduser, looking up realm NULL rlm_realm: No such realm NULL modcall[authorize]: module suffix returns noop for request 3 rlm_eap: No EAP-Message, not doing EAP modcall[authorize]: module eap returns noop for request 3 users: Matched entry DEFAULT at line 154 modcall[authorize]: module files returns ok for request 3 modcall: leaving group authorize (returns ok) for request 3 rad_check_password: Found Auth-Type ntlm_auth auth: type ntlm_auth Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 3 radius_xlat: Running registered xlat function of module mschap for string 'User-Name' radius_xlat: '--username=raduser' radius_xlat: '--password=radpass' modcall[authenticate]: module ntlm_auth returns ok for request 3 modcall: leaving group authenticate (returns ok) for request 3 Sending Access-Accept of id 100 to 127.0.0.1 port 32779 Finished request 3 Going to the next request --- Walking the entire request list --- Waking up in 6 seconds... --- Walking the entire request list --- Cleaning up request 3 ID 100 with timestamp 4631d1f0 Nothing to do. Sleeping until we see a request. On 4/27/07, [EMAIL PROTECTED] [EMAIL PROTECTED] wrote: Error seems to be because shared secret is testing123 not testing 123. But you need to paste output od radiusd-X after Access-Request. Open two ssh sessions and do radtest from one and radiusd -X from the other. Ivan Kalik Kalik Informatika ISP Dana 27/4/2007, shrikant Bhat [EMAIL PROTECTED] pie: I get this error [EMAIL PROTECTED] ~]# radtest raduser radpass localhost 0 testing 123 Sending Access-Request of id 47 to 127.0.0.1 port 1812 User-Name = raduser User-Password = radpass NAS-IP-Address = 255.255.255.255 NAS-Port = 0 Framed-Protocol = PPP rad_recv: Access-Accept packet from host 127.0.0.1:1812, id=47, length=20 rad_verify: Received Access-Accept packet from client 127.0.0.1 port 1812 with invalid signature (err=2)! (Shared secret is incorrect.) On 4/27/07, [EMAIL PROTECTED] [EMAIL PROTECTED] wrote: And what happens when you get Access-Request? Dana 27/4/2007, shrikant Bhat [EMAIL PROTECTED] pi e: Hello Alan, I have built and installed 1.1.6 version of FreeRadius. When I test using radtest it authenticates any user with any pasword, what I mean by this is it doesnt seem to contact the ADS to lookup the user information and authenticate. I have attached the debug * [EMAIL PROTECTED] raddb]# /usr/local/sbin/radiusd -X Starting - reading configuration files ... reread_config: reading radiusd.conf Config: including file: /etc/raddb/clients.conf Config: including file: /etc/raddb/snmp.conf Config: including file: /etc/raddb/eap.conf Config: including file: /etc/raddb/sql.conf main: prefix = /usr main: localstatedir = /var main: logdir = /var/log/radius main: libdir = /usr/lib main: radacctdir = /var/log/radius/radacct main: hostname_lookups = no main: max_request_time = 30 main: cleanup_delay = 5 main: max_requests = 1024 main: delete_blocked_requests = 0 main: port = 0 main: allow_core_dumps = no main: log_stripped_names = no main: log_file = /var/log/radius/radius.log main: log_auth = no main: log_auth_badpass = no main: log_auth_goodpass = no main: pidfile = /var/run/radiusd/radiusd.pid main: user = radiusd main: group = radiusd main: usercollide = no main: lower_user = no main: lower_pass = no main: nospace_user = no main: nospace_pass = no main: checkrad = /usr/sbin/checkrad main: proxy_requests = yes security: max_attributes = 200 security: reject_delay = 1 security: status_server = no main: debug_level = 0
Re: FreeRadius+AD integration
Hi, radius.conf as per the instructions, but radtest fails with Access-Reject .I have attached the debug window output for reference. no you havent. you've attached a tiny snippet of the debug output. auth: No authenticate method (Auth-Type) configuration found for the request: Rejecting the user but at least it shows this bit - how are you attempting to authenticate and WHAT are you attempting to authenticate? alan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: FreeRadius+AD integration
shrikant Bhat wrote: Hi, I am trying to integrate freeradius with ADS 2003. I reffred to http://deployingradius.com/documents/configuration/active_directory.html http://deployingradius.com/documents/configuration/active_directory.html. everything works perfectly fine till ( $ ntlm_auth --request-nt-key --domain=*MYDOMAIN* --username=*user* --password=*password*) I get NT_STATUS_OK. I dont see NT_KEY output. I made changes to exec module in radius.conf as per the instructions, but radtest fails with Access-Reject .I have attached the debug window output for reference. You did not add the ntlm_auth entry to the authenticate section, as the web page says. Alan DeKok. -- http://deployingradius.com - The web site of the book http://deployingradius.com/blog/ - The blog - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: FreeRadius+AD integration
I tried with the following in the authenticate section
Auth-Type ntlm_auth {
mschap am not sure about the
protocol i need to use here
}
I have attached the debug window output
**
rad_recv: Access-Request packet from host 127.0.0.1:32928, id=202, length=57
User-Name = raduser
User-Password = radpass
NAS-IP-Address = 255.255.255.255
NAS-Port = 0
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 0
modcall[authorize]: module preprocess returns ok for request 0
modcall[authorize]: module chap returns noop for request 0
modcall[authorize]: module mschap returns noop for request 0
rlm_realm: No '@' in User-Name = raduser, looking up realm NULL
rlm_realm: No such realm NULL
modcall[authorize]: module suffix returns noop for request 0
rlm_eap: No EAP-Message, not doing EAP
modcall[authorize]: module eap returns noop for request 0
users: Matched entry DEFAULT at line 214
modcall[authorize]: module files returns ok for request 0
modcall: group authorize returns ok for request 0
rad_check_password: Found Auth-Type ntlm_auth
auth: type ntlm_auth
Processing the authenticate section of radiusd.conf
modcall: entering group Auth-Type for request 0
rlm_mschap: No User-Password configured. Cannot create LM-Password.
rlm_mschap: No User-Password configured. Cannot create NT-Password.
rlm_mschap: No MS-CHAP-Challenge in the request
modcall[authenticate]: module mschap returns reject for request 0
modcall: group Auth-Type returns reject for request 0
auth: Failed to validate the user.
Delaying request 0 for 1 seconds
Finished request 0
Going to the next request
***
All I want to do is authenticate my cisco device logins using ads id
and password.
I am novice to radius,please help.
thank you
regards
sb
On 4/23/07, Alan DeKok [EMAIL PROTECTED] wrote:
shrikant Bhat wrote:
Hi,
I am trying to integrate freeradius with ADS 2003. I reffred to
http://deployingradius.com/documents/configuration/active_directory.html
http://deployingradius.com/documents/configuration/active_directory.html.
everything works perfectly fine till ( $ ntlm_auth --request-nt-key
--domain=*MYDOMAIN* --username=*user* --password=*password*) I get
NT_STATUS_OK. I dont see NT_KEY output. I made changes to exec module
in radius.conf as per the instructions, but radtest fails with
Access-Reject .I have attached the debug window output for reference.
You did not add the ntlm_auth entry to the authenticate section,
as the web page says.
Alan DeKok.
--
http://deployingradius.com - The web site of the book
http://deployingradius.com/blog/ - The blog
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: FreeRadius+AD integration
shrikant Bhat wrote:
I tried with the following in the authenticate section
Auth-Type ntlm_auth {
mschap am not sure about the
protocol i need to use here
The web page says to just put ntlm_auth in the authenticate
section. It doesn't say you need Auth-Type, and it doesn't say to put
mschap in it, either.
Alan DeKok.
--
http://deployingradius.com - The web site of the book
http://deployingradius.com/blog/ - The blog
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: FreeRadius+AD integration
My apologies for that mistake..
I have the following lines in modules section
exec ntlm_auth {
wait = no
program = /usr/bin/ntlm_auth --request-nt-key
--domain=MYDOMAIN.COM
--username=%{mschap:User-Name} --password=%{User-Password}
and I have ntlm_auth listed in authenticate section while running radiusd -X
I get the following error.
*
[EMAIL PROTECTED] raddb]# /usr/sbin/radiusd -X -y
Starting - reading configuration files ...
reread_config: reading radiusd.conf
Config: including file: /etc/raddb/clients.conf
Config: including file: /etc/raddb/snmp.conf
Config: including file: /etc/raddb/eap.conf
Config: including file: /etc/raddb/sql.conf
main: prefix = /usr
main: localstatedir = /var
main: logdir = /var/log/radius
main: libdir = /usr/lib
main: radacctdir = /var/log/radius/radacct
main: hostname_lookups = no
main: max_request_time = 30
main: cleanup_delay = 5
main: max_requests = 1024
main: delete_blocked_requests = 0
main: port = 0
main: allow_core_dumps = no
main: log_stripped_names = no
main: log_file = /var/log/radius/radius.log
main: log_auth = no
main: log_auth_badpass = no
main: log_auth_goodpass = no
main: pidfile = /var/run/radiusd/radiusd.pid
main: user = radiusd
main: group = radiusd
main: usercollide = no
main: lower_user = no
main: lower_pass = no
main: nospace_user = no
main: nospace_pass = no
main: checkrad = /usr/sbin/checkrad
main: proxy_requests = yes
security: max_attributes = 200
security: reject_delay = 1
security: status_server = no
main: debug_level = 0
read_config_files: reading dictionary
read_config_files: reading naslist
Using deprecated naslist file. Support for this will go away soon.
read_config_files: reading clients
read_config_files: reading realms
radiusd: entering modules setup
Module: Library search path is /usr/lib
Module: Loaded exec
exec: wait = yes
exec: program = (null)
exec: input_pairs = request
exec: output_pairs = (null)
exec: packet_type = (null)
rlm_exec: Wait=yes but no output defined. Did you mean output=none?
Module: Instantiated exec (exec)
Module: Loaded expr
Module: Instantiated expr (expr)
exec: wait = no
exec: program = /usr/bin/ntlm_auth --request-nt-key
--domain=MYDOMAIN.COM --username=%{mschap:User-Name}
--password=%{User-Password}
exec: input_pairs = request
exec: output_pairs = (null)
exec: packet_type = (null)
Module: Instantiated exec (ntlm_auth)
radiusd.conf[1685] Unknown Auth-Type exec in authenticate section.
***
thanks for the help in advance.
SB
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: FreeRadius+AD integration
shrikant Bhat wrote:
My apologies for that mistake..
I have the following lines in modules section
exec ntlm_auth {
wait = no
program = /usr/bin/ntlm_auth --request-nt-key
--domain=MYDOMAIN.COM
--username=%{mschap:User-Name} --password=%{User-Password}
and I have ntlm_auth listed in authenticate section
No, you don't. You listed exec, not ntlm_auth.
Please follow the instructions. If you are not going to follow the
instructions, then do not be surprised that it doesn't work.
Alan DeKok.
--
http://deployingradius.com - The web site of the book
http://deployingradius.com/blog/ - The blog
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
FreeRadius+AD integration
Hi, I am trying to integrate freeradius with ADS 2003. I reffred to http://deployingradius.com/documents/configuration/active_directory.html . everything works perfectly fine till ( $ ntlm_auth --request-nt-key --domain=*MYDOMAIN* --username=*user* --password=*password*) I get NT_STATUS_OK. I dont see NT_KEY output. I made changes to exec module in radius.conf as per the instructions, but radtest fails with Access-Reject .I have attached the debug window output for reference. rad_recv: Access-Request packet from host 127.0.0.1:32928, id=44, length=57 User-Name = raduser User-Password = radpass NAS-IP-Address = 255.255.255.255 NAS-Port = 0 Processing the authorize section of radiusd.conf modcall: entering group authorize for request 0 modcall[authorize]: module preprocess returns ok for request 0 modcall[authorize]: module chap returns noop for request 0 modcall[authorize]: module mschap returns noop for request 0 rlm_realm: No '@' in User-Name = raduser, looking up realm NULL rlm_realm: No such realm NULL modcall[authorize]: module suffix returns noop for request 0 rlm_eap: No EAP-Message, not doing EAP modcall[authorize]: module eap returns noop for request 0 users: Matched entry sbhat at line 1 modcall[authorize]: module files returns ok for request 0 modcall: group authorize returns ok for request 0 auth: No authenticate method (Auth-Type) configuration found for the request: Rejecting the user auth: Failed to validate the user. Delaying request 0 for 1 seconds Finished request 0 _ Any help fixing this issue will be appreciated. thank you! SB - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
