<br><br><div><span class="gmail_quote">On 4/24/06, <b class="gmail_sendername">sumi thra</b> <<a href="mailto:sumi.techno@gmail.com">sumi.techno@gmail.com</a>> wrote:</span><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
<div style="direction: ltr;">Hi Alan,<br><br>Thanks for your earliest reply. <br><br>Please find the attached configuration file for details & Let me know what is mis-configured.</div></blockquote><div><br><br>Config file :
<br><br>prefix = /usr<br>exec_prefix = /usr<br>sysconfdir = ${prefix}/etc<br>localstatedir = /var<br>sbindir = ${exec_prefix}/sbin<br>logdir = /var/log/radius<br>raddbdir = /var/etc/raddb<br>radacctdir = ${logdir}/radacct
<br>confdir = ${raddbdir}<br>run_dir = ${localstatedir}/run/radiusd<br>log_file = ${logdir}/radius.log<br>libdir = ${exec_prefix}/lib/radius<br>pidfile = ${run_dir}/radiusd.pid<br>max_request_time = 90<br>delete_blocked_requests = no
<br>cleanup_delay = 5<br>max_requests = 1024<br>#user = admin<br>#group = users<br>bind_address = *<br>port = 0<br>hostname_lookups = no<br>allow_core_dumps = no<br>regular_expressions = yes<br>extended_expressions = yes<br>
log_stripped_names = no<br>log_auth = no<br>log_auth_badpass = no<br>log_auth_goodpass = no<br>usercollide = no<br>lower_user = no<br>lower_pass = no<br>nospace_user = no<br>nospace_pass = no<br>checkrad = ${sbindir}/checkrad
<br><br>security {<br> max_attributes = 200<br> reject_delay = 1<br> status_server = no<br>}<br><br>proxy_requests = yes<br>snmp = yes<br><br>$INCLUDE ${confdir}/proxy.conf<br>$INCLUDE ${confdir}/clients.conf<br>
$INCLUDE ${confdir}/snmp.conf<br><br>thread pool {<br> start_servers = 5<br> max_servers = 32<br> min_spare_servers = 3<br> max_spare_servers = 10<br> max_requests_per_server = 0<br>}<br><br>modules {<br> pap {
<br> encryption_scheme = clear<br> }<br><br> chap {<br> authtype = CHAP<br> }<br><br> pam {<br> pam_auth = radiusd<br> }<br><br> unix {<br> cache = no<br> cache_reload = 600
<br> radwtmp = /var/log/radius/radwtmp<br> }<br><br> mschap {<br> authtype = MS-CHAP<br> #use_mppe = no<br> #require_encryption = yes<br> #require_strong = yes<br> #with_ntdomain_hack = no
<br> }<br><br> ldap ldap_primary {<br> server = <a href="http://1.1.1.1">1.1.1.1</a><br> port = 389<br> identity = "cn=Manager,o=My Org,c=INDIA"<br> password = secret<br> basedn = o=My Org,c=INDIA
<br> filter = "(uid=%{Stripped-User-Name:-%{User-Name}})"<br> start_tls = no<br> access_attr = "dialupacces"<br> dictionary_mapping = ${raddbdir}/ldap.attrmap<br> ldap_connections_number = 5
<br> #password_header = "{SHA}"<br> password_attribute = userPassword<br> groupname_attribute = cn<br> groupmembership_filter = "(|(&(objectClass=GroupOfNames)(member=%{Ldap-UserDn}))(&(objectClass=GroupOfUniqueNames)(uniquemember=%{Ldap-UserDn})))"
<br> groupmembership_attribute = radiusGroupName<br> timeout = 4<br> timelimit = 3<br> net_timeout = 1<br> access_attr_used_for_allow = no<br> }<br><br> ldap ldap_secondary {<br> server =
ldap.your.domain<br> port = 389<br> identity = cn=admin,o=My Org,c=UA<br> password = mypass<br> basedn = o=My Org<br> filter = (uid=%{Stripped-User-Name:-%{User-Name}})<br> start_tls = no
<br> access_attr = "dialupacces"<br> dictionary_mapping = ${raddbdir}/ldap.attrmap<br> ldap_connections_number = 5<br> #password_header = "{SHA}"<br> password_attribute = userPassword
<br> groupname_attribute = cn<br> groupmembership_filter = (|(&(objectClass=GroupOfNames)(member=%{Ldap-UserDn}))(&(objectClass=GroupOfUniqueNames)(uniquemember=%{Ldap-UserDn})))<br> groupmembership_attribute = radiusGroupName
<br> timeout = 4<br> timelimit = 3<br> net_timeout = 1<br> access_attr_used_for_allow = no<br> }<br><br> passwd etc_passwd {<br> filename = /var/etc/passwd<br> format = "*User-Name::User-Password"
<br> delimiter = :<br> }<br><br> passwd etc_group {<br> filename = /var/etc/group<br> format = "~Group-Name::*,User-Name"<br> delimiter = :<br> }<br><br> realm suffix_oblic {
<br> format = suffix<br> delimiter = /<br> ignore_default = no<br> ignore_null = no<br> }<br><br> realm prefix_oblic {<br> format = prefix<br> delimiter = /<br> ignore_default = no
<br> ignore_null = no<br> }<br><br> realm suffix_at {<br> format = suffix<br> delimiter = @<br> ignore_default = no<br> ignore_null = no<br> }<br><br> realm prefix_at {<br> format = prefix
<br> delimiter = @<br> ignore_default = no<br> ignore_null = no<br> }<br><br> realm suffix_percent {<br> format = suffix<br> delimiter = %<br> ignore_default = no<br> ignore_null = no
<br> }<br><br> realm prefix_percent {<br> format = prefix<br> delimiter = %<br> ignore_default = no<br> ignore_null = no<br> }<br><br> checkval {<br> item-name = Calling-Station-Id
<br> check-name = Calling-Station-Id<br> data-type = string<br> #notfound-reject = no<br> }<br><br> preprocess {<br> huntgroups = ${confdir}/huntgroups<br> hu_int32_ts = ${confdir}/hints
<br> with_ascend_hack = no<br> ascend_channels_per_line = 23<br> with_ntdomain_hack = no<br> with_specialix_jetstream_hack = no<br> with_cisco_vsa_hack = no<br> }<br><br> files {<br>
usersfile = ${confdir}/users<br> acctusersfile = ${confdir}/acct_users<br> compat = no<br> }<br><br> detail {<br> detailfile = ${radacctdir}/%{Client-IP-Address}/acct-%Y%m%d<br> detailperm = 0666
<br> }<br><br> acct_unique {<br> key = "User-Name, Acct-Session-Id, NAS-IP-Address, Client-IP-Address, NAS-Port"<br> }<br><br> radutmp {<br> filename = /var/log/radius/radutmp<br> username = %{User-Name}
<br> case_sensitive = yes<br> check_with_nas = yes<br> perm = 0600<br> callerid = yes<br> }<br><br> radutmp {<br> filename = /var/log/radius/sradutmp<br> perm = 0644<br> callerid = no
<br> }<br><br> attr_filter {<br> attrsfile = ${confdir}/attrs<br> }<br><br> counter daily {<br> filename = ${raddbdir}/db.daily<br> key = User-Name<br> count-attribute = Acct-Session-Time
<br> reset = daily<br> counter-name = Daily-Session-Time<br> check-name = Max-Daily-Session<br> allowed-servicetype = Framed-User<br> cache-size = 5000<br> }<br><br> always fail {<br>
rcode = fail<br> }<br><br> always reject {<br> rcode = reject<br> }<br><br> always ok {<br> rcode = ok<br> simulcount = 0<br> mpp = no<br> }<br><br> expr {<br> }<br>
<br> digest {<br> }<br><br> exec {<br> wait = yes<br> input_pairs = request<br> }<br><br> exec echo {<br> wait = yes<br> program = "/bin/echo %{User-Name}"<br> input_pairs = request
<br> output_pairs = reply<br> }<br><br> ippool main_pool {<br> range-start = <a href="http://192.168.1.1">192.168.1.1</a><br> range-stop = <a href="http://192.168.3.254">192.168.3.254</a><br> netmask =
<a href="http://255.255.255.0">255.255.255.0</a><br> cache-size = 800<br> session-db = ${raddbdir}/db.ippool<br> ip-index = ${raddbdir}/db.ipindex<br> override = no<br> maximum-timeout = 0
<br> }<br><br> $INCLUDE ${confdir}/eap.conf<br>}<br><br>instantiate {<br> #exec<br> #expr<br>}<br><br>authorize {<br> preprocess<br> #etc_passwd<br> #etc_group<br> chap<br> mschap<br> suffix_oblic
<br> prefix_oblic<br> suffix_at<br> prefix_at<br> suffix_percent<br> prefix_percent<br> files<br> redundant{<br> ldap_primary<br> ldap_secondary<br> }<br> eap<br>}<br><br>
authenticate {<br> Auth-Type PAP {<br> pap<br> }<br><br> Auth-Type CHAP {<br> chap<br> }<br><br> Auth-Type MS-CHAP {<br> mschap<br> }<br><br> Auth-Type LDAP {<br> redundant {
<br> ldap_primary<br> ldap_secondary<br> }<br> }<br><br> #unix<br> eap<br>}<br><br>preacct {<br> preprocess<br> acct_unique<br> suffix_oblic<br> files<br>}<br><br>accounting {
<br> detail<br> #unix<br> #radutmp<br>}<br><br>session {<br> #radutmp<br>}<br><br>post-auth {<br>}<br><br>pre-proxy {<br>}<br><br>post_proxy {<br> eap<br>}<br> <br></div><br><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
<div style="direction: ltr;">Thanks<br>Sumithra.<br><br><div></div><div style="direction: ltr;"><span class="q"><span class="gmail_quote">On 4/24/06,
<b class="gmail_sendername">Alan DeKok</b> <<a href="mailto:aland@nitros9.org" target="_blank" onclick="return top.js.OpenExtLink(window,event,this)">aland@nitros9.org</a>> wrote:</span><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
"sumi thra" <<a href="mailto:sumi.techno@gmail.com" target="_blank" onclick="return top.js.OpenExtLink(window,event,this)">sumi.techno@gmail.com</a>> wrote:<br>> My configuration in the radiusd.conf is...
<br>><br>> ldap {<br>> redundant {<br><br> Huh? The "redundant" section doesn't go into "ldap", it goes into
<br>"authorize".</blockquote></span></div><div style="direction: ltr;"><div><br> <span style="color: rgb(255, 0, 0);">Yes. The redundant ldap config goes into authorize module. </span> <span style="color: rgb(255, 0, 0);">
Please look into the config file attached for detailed configuration.
<br><br></span></div></div><div style="direction: ltr;"><span class="q"><br><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;"> Alan DeKok.<br>
<br>-<br>List info/subscribe/unsubscribe? See <a href="http://www.freeradius.org/list/users.html" target="_blank" onclick="return top.js.OpenExtLink(window,event,this)">
http://www.freeradius.org/list/users.html</a><br></blockquote></span></div><div style="direction: ltr;"></div><br>
</div><br clear="all"></blockquote></div><br>