Re: radius-apache authentication problem
no change, same errors. mod_auth_xradius don't work in apache 2.2.3 On 3/26/07, Nick Owen [EMAIL PROTECTED] wrote: You might try using mod_auth_xradius: http://www.outoforder.cc/projects/apache/mod_auth_xradius/ More information can be found here: http://www.howtoforge.com/apache_radius_two_factor_authentication HTH, Nick On 3/26/07, Ramazan Ulker [EMAIL PROTECTED] wrote: Hi I want to implement otp authentication for a web site. Radius and otp scripts works well together but apache don't send any authentication data to radius. I followed instructions in http://www.freeradius.org/mod_auth_radius/ but apache mod_authn_file wants passwords and could not be disabled. when i removed the module no authn provider configured are seen in apache error logs. Changing AuthBasicAuthorative on or off in .htaccess didn't solve the problem. Problem stems from apache but someone solves such a problem can respond me. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- Nick Owen WiKID Systems, Inc. 404.962.8983 (desk) 404.542.9453 (cell) http://www.wikidsystems.com At last, two-factor authentication, without the hassle factor Now open source: http://sourceforge.net/projects/wikid-twofactor/ - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: radius-apache authentication problem
Hi these are error lines in apache error log and apache conf files. thanks for your assistance [Wed Mar 28 09:26:27 2007] [error] [client 127.0.0.1] (9)Bad file descriptor: Could not open password file: (null) [Wed Mar 28 09:26:27 2007] [crit] [client 127.0.0.1] configuration error: couldn't check user. No user file?: /favicon.ico .htaccess file content AuthType Basic AuthBasicAuthoritative off AuthName RADIUS authentication for localhost AuthXRadiusAddServer localhost:1812 testing123 AuthXRadiusTimeout 2 AuthXRadiusRetries 2 require valid-user httpd.conf relevant part vhost.conf is similar except directory path DocumentRoot /home/web Directory /home/web Options FollowSymLinks AllowOverride All Order allow,deny Allow from all /Directory and apache modules APACHE_MODULES=actions alias auth_xradius auth_basic authn_file authz_host authz_groupfile authz_default authz_user authn_dbm autoindex cgi dir env expires include info log_config mime negotiation setenvif ssl suexec status userdir php5 vhost_alias these modules suceessfully imported to loadmodule.conf On 3/27/07, Nick Owen [EMAIL PROTECTED] wrote: On 3/27/07, Ramazan Ulker [EMAIL PROTECTED] wrote: no change, same errors. mod_auth_xradius don't work in apache 2.2.3 I have only tested with 2.2.2. FWIW, authn_file_module is loaded. Why don't you post the relevant portions of your htaccess and httpd.conf files. -- Nick Owen WiKID Systems, Inc. 404.962.8983 (desk) 404.542.9453 (cell) http://www.wikidsystems.com At last, two-factor authentication, without the hassle factor Now open source: http://sourceforge.net/projects/wikid-twofactor/ - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
a problem about radius and ldap
Hi
I'm working on 802.1x implementation(cisco 2950, freeradius, ldap), i face a
problem. First of all, defining users and passwords in users file in raddb
works well with md5 authentication. Then i tried to use ldap, then with
radtest i get accept-accept packet. But while authenticating from xp client
with md5-challenge, I got
Auth:rlm_ldap:Attribute User-Password is required for authentication
error. In one of the e-mail you said don't authenticate from ldap, but with
radtest function i get success!!! The passwords are kept clear text. I'm
looking forward to getting your help. I also send radius debug log.
Best Regards
Ramazan
Starting - reading configuration files ...
reread_config: reading radiusd.conf
Config: including file: /etc/raddb/proxy.conf
Config: including file: /etc/raddb/clients.conf
Config: including file: /etc/raddb/snmp.conf
Config: including file: /etc/raddb/sql.conf
main: prefix = /usr
main: localstatedir = /var
main: logdir = /var/log/radius
main: libdir = /usr/lib/freeradius
main: radacctdir = /var/log/radius/radacct
main: hostname_lookups = no
main: max_request_time = 30
main: cleanup_delay = 5
main: max_requests = 1024
main: delete_blocked_requests = 0
main: port = 0
main: allow_core_dumps = no
main: log_stripped_names = yes
main: log_file = /var/log/radius/radius.log
main: log_auth = yes
main: log_auth_badpass = yes
main: log_auth_goodpass = yes
main: pidfile = /var/run/radiusd/radiusd.pid
main: user = radiusd
main: group = radiusd
main: usercollide = no
main: lower_user = no
main: lower_pass = no
main: nospace_user = no
main: nospace_pass = no
main: checkrad = /usr/sbin/checkrad
main: proxy_requests = yes
proxy: retry_delay = 5
proxy: retry_count = 3
proxy: synchronous = no
proxy: default_fallback = yes
proxy: dead_time = 120
proxy: post_proxy_authorize = yes
proxy: wake_all_if_all_dead = no
security: max_attributes = 200
security: reject_delay = 1
security: status_server = no
main: debug_level = 0
read_config_files: reading dictionary
read_config_files: reading naslist
read_config_files: reading clients
read_config_files: reading realms
radiusd: entering modules setup
Module: Library search path is /usr/lib/freeradius
Module: Loaded expr
Module: Instantiated expr (expr)
Module: Loaded PAP
pap: encryption_scheme = crypt
Module: Instantiated pap (pap)
Module: Loaded CHAP
Module: Instantiated chap (chap)
Module: Loaded MS-CHAP
mschap: use_mppe = yes
mschap: require_encryption = no
mschap: require_strong = no
mschap: passwd = (null)
mschap: authtype = MS-CHAP
Module: Instantiated mschap (mschap)
Module: Loaded System
unix: cache = no
unix: passwd = (null)
unix: shadow = (null)
unix: group = (null)
unix: radwtmp = /var/log/radius/radwtmp
unix: usegroup = no
unix: cache_reload = 600
Module: Instantiated unix (unix)
Module: Loaded LDAP
ldap: server = 192.168.100.18
ldap: port = 389
ldap: net_timeout = 1
ldap: timeout = 4
ldap: timelimit = 3
ldap: identity =
ldap: start_tls = no
ldap: password =
ldap: basedn = dc=dot1x.com
ldap: filter = (uid=%{Stripped-User-Name:-%{User-Name}})
ldap: default_profile = (null)
ldap: profile_attribute = (null)
ldap: password_header = (null)
ldap: password_attribute = userPassword
ldap: access_attr = radiusgroupname
ldap: groupname_attribute = cn
ldap: groupmembership_filter =
(|((objectClass=GroupOfNames)(member=%{Ldap-UserDn}))((objectClass=GroupOfUniqueNames)(uniquemember=%{Ldap-UserDn})))
ldap: groupmembership_attribute = radiusGroupName
ldap: dictionary_mapping = /etc/raddb/ldap.attrmap
ldap: ldap_debug = 0
ldap: ldap_connections_number = 5
ldap: compare_check_items = no
ldap: access_attr_used_for_allow = yes
conns: (nil)
rlm_ldap: reading ldap-radius mappings from file /etc/raddb/ldap.attrmap
rlm_ldap: LDAP radiusCheckItem mapped to RADIUS $GENERIC$
rlm_ldap: LDAP radiusReplyItem mapped to RADIUS $GENERIC$
rlm_ldap: LDAP radiusAuthType mapped to RADIUS Auth-Type
rlm_ldap: LDAP radiusSimultaneousUse mapped to RADIUS Simultaneous-Use
rlm_ldap: LDAP radiusCalledStationId mapped to RADIUS Called-Station-Id
rlm_ldap: LDAP radiusCallingStationId mapped to RADIUS Calling-Station-Id
rlm_ldap: LDAP lmPassword mapped to RADIUS LM-Password
rlm_ldap: LDAP ntPassword mapped to RADIUS NT-Password
rlm_ldap: LDAP acctFlags mapped to RADIUS SMB-Account-CTRL-TEXT
rlm_ldap: LDAP radiusExpiration mapped to RADIUS Expiration
rlm_ldap: LDAP radiusServiceType mapped to RADIUS Service-Type
rlm_ldap: LDAP radiusFramedProtocol mapped to RADIUS Framed-Protocol
rlm_ldap: LDAP radiusFramedIPAddress mapped to RADIUS Framed-IP-Address
rlm_ldap: LDAP radiusFramedIPNetmask mapped to RADIUS Framed-IP-Netmask
rlm_ldap: LDAP radiusFramedRoute mapped to RADIUS Framed-Route
rlm_ldap: LDAP radiusFramedRouting mapped to RADIUS Framed-Routing
rlm_ldap: LDAP radiusFilterId mapped to RADIUS Filter-Id
rlm_ldap: LDAP radiusFramedMTU mapped to RADIUS Framed-MTU
Re: a problem about radius and ldap
. modcall[authenticate]: module ldap returns invalid for request 0 modcall: group authenticate returns invalid for request 0 auth: Failed to validate the user. Login incorrect: [ramazan/no User-Password attribute] (from client radius port 50001 cli 00-12-79-AE-D2-4D) Delaying request 0 for 1 seconds Finished request 0 Going to the next request --- Walking the entire request list --- Waking up in 1 seconds... --- Walking the entire request list --- Sending Access-Reject of id 18 to 192.168.100.17:1812 Waking up in 4 seconds... --- Walking the entire request list --- Cleaning up request 0 ID 18 with timestamp 45bca254 Nothing to do. Sleeping until we see a request. On 1/29/07, Alan DeKok [EMAIL PROTECTED] wrote: Ramazan Ulker wrote: . But while authenticating from xp client with md5-challenge, I got Auth:rlm_ldap:Attribute User-Password is required for authentication You set Auth-Type := LDAP. Don't do that. error. In one of the e-mail you said don't authenticate from ldap, but with radtest function i get success!!! I know. Please read the documentation on why. The passwords are kept clear text. I'm looking forward to getting your help. I also send radius debug log. The solution? Follow my instructions. Alan DeKok. -- http://deployingradius.com - The web site of the book http://deployingradius.com/blog/ - The blog - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: a problem about radius and ldap
= 0x0205001d0410820fd3de9d3280644551107995e35ea872616d617a616e Message-Authenticator = 0xaedb1daf912087d870c9a486827f1eef modcall: entering group authorize for request 1 modcall[authorize]: module preprocess returns ok for request 1 rlm_ldap: Entering ldap_groupcmp() radius_xlat: 'dc=dot1x.com' radius_xlat: '(uid=ramazan)' ldap_get_conn: Got Id: 0 rlm_ldap: performing search in dc=dot1x.com, with filter (uid=ramazan) ldap_release_conn: Release Id: 0 radius_xlat: '(|((objectClass=GroupOfNames)(member=uid=ramazan,cn=users,cn=idc,dc= dot1x.com ))((objectClass=GroupOfUniqueNames)(uniquemember=uid=ramazan,cn=users,cn=idc,dc= dot1x.com)))' ldap_get_conn: Got Id: 0 rlm_ldap: performing search in dc=dot1x.com, with filter ((cn=VPN)(|((objectClass=GroupOfNames)(member=uid=ramazan,cn=users,cn=idc,dc= dot1x.com ))((objectClass=GroupOfUniqueNames)(uniquemember=uid=ramazan,cn=users,cn=idc,dc= dot1x.com rlm_ldap: object not found or got ambiguous search result ldap_release_conn: Release Id: 0 ldap_get_conn: Got Id: 0 rlm_ldap: performing search in uid=ramazan,cn=users,cn=idc,dc=dot1x.com, with filter (objectclass=*) rlm_ldap::ldap_groupcmp: User found in group VPN ldap_release_conn: Release Id: 0 users: Matched DEFAULT at 174 modcall[authorize]: module files returns ok for request 1 rlm_eap: EAP packet type notification id 5 length 29 rlm_eap: EAP Start not found modcall[authorize]: module eap returns updated for request 1 rlm_ldap: - authorize rlm_ldap: performing user authorization for ramazan radius_xlat: '(uid=ramazan)' radius_xlat: 'dc=dot1x.com' ldap_get_conn: Got Id: 0 rlm_ldap: performing search in dc=dot1x.com, with filter (uid=ramazan) rlm_ldap: checking if remote access for ramazan is allowed by radiusGroupName rlm_ldap: looking for check items in directory... rlm_ldap: looking for reply items in directory... rlm_ldap: Adding radiusTunnelPrivateGroupId as Tunnel-Private-Group-Id, value 2 op=11 rlm_ldap: Adding radiusTunnelMediumType as Tunnel-Medium-Type, value 6 op=11 rlm_ldap: Adding radiusTunnelType as Tunnel-Type, value VLAN op=11 rlm_ldap: Adding radiusClass as Class, value employee op=11 rlm_ldap: user ramazan authorized to use remote access ldap_release_conn: Release Id: 0 modcall[authorize]: module ldap returns ok for request 1 modcall: group authorize returns updated for request 1 rad_check_password: Found Auth-Type EAP auth: type EAP modcall: entering group authenticate for request 1 rlm_eap: EAP packet type notification id 5 length 29 rlm_eap: EAP Start not found rlm_eap: Request found, released from the list rlm_eap: EAP_TYPE - md5 rlm_eap: processing type md5 rlm_eap_md5: No password configured for this user (there is a password in ldap in clear-text radtest successful) modcall[authenticate]: module eap returns invalid for request 1 modcall: group authenticate returns invalid for request 1 auth: Failed to validate the user. Login incorrect: [ramazan/no User-Password attribute] (from client radius port 50001 cli 00-12-79-AE-D2-4D) Delaying request 1 for 1 seconds Finished request 1 Going to the next request Waking up in 6 seconds... rad_recv: Access-Request packet from host 192.168.100.17:1812, id=8, length=184 Sending Access-Reject of id 8 to 192.168.100.17:1812 EAP-Message = 0x04050004 Message-Authenticator = 0x On 2/7/07, Phil Mayers [EMAIL PROTECTED] wrote: Ramazan Ulker wrote: rlm_eap: EAP_TYPE - md5 rlm_eap: processing type md5 rlm_eap_md5: No password configured for this user modcall[authenticate]: module eap returns invalid for request 1 modcall: group authenticate returns invalid for request 1 auth: Failed to validate the user. EAP-MD5 needs the plaintext password. rad_check_password: Found Auth-Type ldap auth: type LDAP modcall: entering group authenticate for request 0 rlm_ldap: - authenticate rlm_ldap: Attribute User-Password is required for authentication. modcall[authenticate]: module ldap returns invalid for request 0 modcall: group authenticate returns invalid for request 0 auth: Failed to validate the user. rlm_ldap can only *AUTHENTICATE* PAP requests. Since you've over-ridden Auth-Type (as you've been told not to) you're trying to force an EAP request through it. Don't set Auth-Type If you want to use EAP-MD5, your LDAP directory will need to contain a plaintext password and be configured to pass it to FreeRadius, because EAP-MD5 needs the plaintext password. Do you have that? - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: a problem about radius and ldap
In my configuration there is also pap in my configuration, i forgot to
write in mail. I resend authentication block in radius.conf
authenticate {
Auth-Type PAP {
pap
}
ldap
eap
}
On 2/8/07, Ramazan Ulker [EMAIL PROTECTED] wrote:
Hi
I sent two ldapentry ldapsearch result and debug. In this ldapsearch there
is clear-text userPassword. anyway i decribe the problem shortly for your
help.
like in howto
authorize {
preprocess
files
ldap
eap
}
authenticate {
ldap
eap
}
ldapsearch result
userpassword=ramazan
.
radiusclass=groupnet
objectclass=radiusprofile
objectclass=top
objectclass=posixAccount
objectclass=shadowAccount
...
radtest successful for this configuration but xp client does't.
ldapattr.map has User-Password to userPassword mapping. deleting the entry
ldap in authentication block in radius.conf results unsuccessful both for
radtest and xp client.
For this configuration above debug log
rad_recv: Access-Request packet from host 192.168.100.17:1812, id=7,
length=129
NAS-IP-Address = 192.168.100.17
NAS-Port = 50001
NAS-Port-Type = Ethernet
User-Name = ramazan
Called-Station-Id = 00-0F-8F-77-DB-81
Calling-Station-Id = 00-12-79-AE-D2-4D
Service-Type = Framed-User
Framed-MTU = 1500
EAP-Message = 0x0204000c0172616d617a616e
Message-Authenticator = 0x61cab38d83f6ed1abbd2ac2c8ce5b0bf
modcall: entering group authorize for request 0
modcall[authorize]: module preprocess returns ok for request 0
rlm_ldap: Entering ldap_groupcmp()
radius_xlat: 'dc=dot1x.com'
radius_xlat: '(uid=ramazan)'
ldap_get_conn: Got Id: 0
rlm_ldap: attempting LDAP reconnection
rlm_ldap: (re)connect to 192.168.100.18:389, authentication 0
rlm_ldap: bind as / to 192.168.100.18:389
rlm_ldap: waiting for bind result ...
rlm_ldap: performing search in dc=dot1x.com, with filter (uid=ramazan)
ldap_release_conn: Release Id: 0
radius_xlat:
'(|((objectClass=GroupOfNames)(member=uid=ramazan,cn=users,cn=idc,dc=
dot1x.com
))((objectClass=GroupOfUniqueNames)(uniquemember=uid=ramazan,cn=users,cn=idc,dc=
dot1x.com)))'
ldap_get_conn: Got Id: 0
rlm_ldap: performing search in dc= dot1x.com, with filter
((cn=VPN)(|((objectClass=GroupOfNames)(member=uid=ramazan,cn=users,cn=idc,dc=
dot1x.com))((objectClass=GroupOfUniqueNames)(uniquemember=uid=ramazan,cn=users,cn=idc,dc=
dot1x.com
rlm_ldap: object not found or got ambiguous search result
ldap_release_conn: Release Id: 0
ldap_get_conn: Got Id: 0
rlm_ldap: performing search in uid=ramazan,cn=users,cn=idc,dc= dot1x.com,
with filter (objectclass=*)
rlm_ldap::ldap_groupcmp: User found in group VPN
ldap_release_conn: Release Id: 0
users: Matched DEFAULT at 174
modcall[authorize]: module files returns ok for request 0
rlm_eap: EAP packet type notification id 4 length 12
rlm_eap: EAP Start not found
modcall[authorize]: module eap returns updated for request 0
rlm_ldap: - authorize
rlm_ldap: performing user authorization for ramazan
radius_xlat: '(uid=ramazan)'
radius_xlat: 'dc=dot1x.com'
ldap_get_conn: Got Id: 0
rlm_ldap: performing search in dc=dot1x.com, with filter (uid=ramazan)
rlm_ldap: checking if remote access for ramazan is allowed by
radiusGroupName
rlm_ldap: looking for check items in directory...
rlm_ldap: looking for reply items in directory...
rlm_ldap: Adding radiusTunnelPrivateGroupId as Tunnel-Private-Group-Id,
value 2 op=11
rlm_ldap: Adding radiusTunnelMediumType as Tunnel-Medium-Type, value 6
op=11
rlm_ldap: Adding radiusTunnelType as Tunnel-Type, value VLAN op=11
rlm_ldap: Adding radiusClass as Class, value employee op=11
rlm_ldap: user ramazan authorized to use remote access
ldap_release_conn: Release Id: 0
modcall[authorize]: module ldap returns ok for request 0
modcall: group authorize returns updated for request 0
rad_check_password: Found Auth-Type EAP
auth: type EAP
modcall: entering group authenticate for request 0
rlm_eap: EAP packet type notification id 4 length 12
rlm_eap: EAP Start not found
rlm_eap: EAP Identity
rlm_eap: processing type md5
rlm_eap_md5: Issuing Challenge
modcall[authenticate]: module eap returns ok for request 0
modcall: group authenticate returns ok for request 0
Login OK: [ramazan/no User-Password attribute] (from client radius port
50001 cli 00-12-79-AE-D2-4D)
Sending Access-Challenge of id 7 to 192.168.100.17:1812
Framed-IP-Address = 255.255.255.254
Framed-MTU = 576
Service-Type = Framed-User
Tunnel-Private-Group-Id:0 = 2
Tunnel-Medium-Type:0 = 6
Tunnel-Type:0 = VLAN
Class = 0x656d706c6f796565
EAP-Message = 0x0105001604105a4f17068db0feb3ebdee25f9cfe966f
Message-Authenticator = 0x
State =
0x395efcd2fb04e81f34be33bd9cd0cf0831cbc4456746df615bd2474fb42f67add24a0e16
Finished request 0
Going to the next request
--- Walking the entire request list ---
Waking up in 6 seconds...
rad_recv: Access-Request packet from host 192.168.100.17:1812, id=8,
length=184
NAS-IP-Address = 192.168.100.17
NAS-Port = 50001
NAS-Port-Type = Ethernet
User-Name = ramazan
Called
Re: a problem about radius and ldap [SOLVED]
Hi
Sorry for too many mails. Problem solved by setting identity and password in
radius.conf with proper user in ldap. I managed to get User-Password from
ldap at the end as shown below.
rlm_ldap: Added password ramazan in check items
rlm_ldap: looking for check items in directory...
rlm_ldap: Adding userpassword as User-Password, value ramazan op=21
rlm_ldap: looking for reply items in directory...
rlm_ldap: Adding radiusTunnelPrivateGroupId as Tunnel-Private-Group-Id,
value 2 op=11
rlm_ldap: Adding radiusTunnelMediumType as Tunnel-Medium-Type, value 6
op=11
rlm_ldap: Adding radiusTunnelType as Tunnel-Type, value VLAN op=11
rlm_ldap: Adding radiusClass as Class, value employee op=11
rlm_ldap: user ramazan authorized to use remote access
rlm_ldap: ldap_release_conn: Release Id: 0
modcall[authorize]: module ldap returns ok for request 1
modcall: leaving group authorize (returns updated) for request 1
rad_check_password: Found Auth-Type EAP
auth: type EAP
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 1
rlm_eap: Request found, released from the list
rlm_eap: EAP/md5
rlm_eap: processing type md5
rlm_eap: Freeing handler
modcall[authenticate]: module eap returns ok for request 1
modcall: leaving group authenticate (returns ok) for request 1
Login OK: [ramazan/no User-Password attribute] (from client ldapsrv port
50001 cli 00-12-79-AE-D2-4D)
On 1/29/07, Ramazan Ulker [EMAIL PROTECTED] wrote:
Hi
I'm working on 802.1x implementation(cisco 2950, freeradius, ldap), i face
a problem. First of all, defining users and passwords in users file in raddb
works well with md5 authentication. Then i tried to use ldap, then with
radtest i get accept-accept packet. But while authenticating from xp client
with md5-challenge, I got
Auth:rlm_ldap:Attribute User-Password is required for authentication
error. In one of the e-mail you said don't authenticate from ldap, but
with radtest function i get success!!! The passwords are kept clear text.
I'm looking forward to getting your help. I also send radius debug log.
Best Regards
Ramazan
Starting - reading configuration files ...
reread_config: reading radiusd.conf
Config: including file: /etc/raddb/proxy.conf
Config: including file: /etc/raddb/clients.conf
Config: including file: /etc/raddb/snmp.conf
Config: including file: /etc/raddb/sql.conf
main: prefix = /usr
main: localstatedir = /var
main: logdir = /var/log/radius
main: libdir = /usr/lib/freeradius
main: radacctdir = /var/log/radius/radacct
main: hostname_lookups = no
main: max_request_time = 30
main: cleanup_delay = 5
main: max_requests = 1024
main: delete_blocked_requests = 0
main: port = 0
main: allow_core_dumps = no
main: log_stripped_names = yes
main: log_file = /var/log/radius/radius.log
main: log_auth = yes
main: log_auth_badpass = yes
main: log_auth_goodpass = yes
main: pidfile = /var/run/radiusd/radiusd.pid
main: user = radiusd
main: group = radiusd
main: usercollide = no
main: lower_user = no
main: lower_pass = no
main: nospace_user = no
main: nospace_pass = no
main: checkrad = /usr/sbin/checkrad
main: proxy_requests = yes
proxy: retry_delay = 5
proxy: retry_count = 3
proxy: synchronous = no
proxy: default_fallback = yes
proxy: dead_time = 120
proxy: post_proxy_authorize = yes
proxy: wake_all_if_all_dead = no
security: max_attributes = 200
security: reject_delay = 1
security: status_server = no
main: debug_level = 0
read_config_files: reading dictionary
read_config_files: reading naslist
read_config_files: reading clients
read_config_files: reading realms
radiusd: entering modules setup
Module: Library search path is /usr/lib/freeradius
Module: Loaded expr
Module: Instantiated expr (expr)
Module: Loaded PAP
pap: encryption_scheme = crypt
Module: Instantiated pap (pap)
Module: Loaded CHAP
Module: Instantiated chap (chap)
Module: Loaded MS-CHAP
mschap: use_mppe = yes
mschap: require_encryption = no
mschap: require_strong = no
mschap: passwd = (null)
mschap: authtype = MS-CHAP
Module: Instantiated mschap (mschap)
Module: Loaded System
unix: cache = no
unix: passwd = (null)
unix: shadow = (null)
unix: group = (null)
unix: radwtmp = /var/log/radius/radwtmp
unix: usegroup = no
unix: cache_reload = 600
Module: Instantiated unix (unix)
Module: Loaded LDAP
ldap: server = 192.168.100.18
ldap: port = 389
ldap: net_timeout = 1
ldap: timeout = 4
ldap: timelimit = 3
ldap: identity =
ldap: start_tls = no
ldap: password =
ldap: basedn = dc=dot1x.com
ldap: filter = (uid=%{Stripped-User-Name:-%{User-Name}})
ldap: default_profile = (null)
ldap: profile_attribute = (null)
ldap: password_header = (null)
ldap: password_attribute = userPassword
ldap: access_attr = radiusgroupname
ldap: groupname_attribute = cn
ldap: groupmembership_filter =
(|((objectClass=GroupOfNames)(member=%{Ldap-UserDn}))((objectClass=GroupOfUniqueNames)(uniquemember=%{Ldap-UserDn})))
ldap
vista support
Hi Peap, tls and eap-md5 work well for xp clients but peap and eap-md5 fail for vista client for version 1.1.3. Freeradius 1.1.4 version was released for vista support. But I couldn't update to this release from package manager programs(smart, aptitude, yast etc.). Updating and pasting configuration files are easy however installing it from source could be problematic. Is there a patch for working system or will this version soon be updated from linux distrubutions? Best regards - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
