<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN"><HTML DIR=ltr><HEAD><META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=iso-8859-1"></HEAD><BODY><DIV><FONT face='Arial' color=#000000 size=2>Hello,<BR><BR>I am trying to walk through the following
document:<BR><BR><A
href="/exchweb/bin/redir.asp?URL=http://homepages.lu/charlesschwartz/radius/freeRadius_AD_tutorial.pdf"
target=_blank>http://homepages.lu/charlesschwartz/radius/freeRadius_AD_tutorial.pdf</A><BR><BR>in
order to authenticate Cisco router and switch logins
against<BR>FreeRadius/Active Directory. Using the HowTo, I have
successfully<BR>joined a FC2 box to our Windows 2003 AD for testing
purposes. I have<BR>also successfully used the manual ntlm_auth command to
authenticate a<BR>user from the Radius server. I have configured the Cisco
switch to<BR>point to the Radius server for authentication. I am not
trying to<BR>authenticate an actual PC from a switch port, so I have not
followed<BR>through with the EAP portion of the HowTo.<BR><BR>Here is the output
of the Radiusd -X and the attempted telnet login to<BR>the switch:<BR><BR>#
radiusd -X<BR>Starting - reading configuration files ...<BR>reread_config:
reading radiusd.conf<BR>Config: including file:
/etc/raddb/proxy.conf<BR>Config: including file:
/etc/raddb/clients.conf<BR>Config: including file:
/etc/raddb/snmp.conf<BR>Config: including file:
/etc/raddb/eap.conf<BR>Config: including file:
/etc/raddb/sql.conf<BR> main: prefix = "/usr"<BR> main: localstatedir
= "/var"<BR> main: logdir = "/var/log/radius"<BR> main: libdir =
"/usr/lib"<BR> main: radacctdir = "/var/log/radius/radacct"<BR> main:
hostname_lookups = no<BR> main: max_request_time = 30<BR> main:
cleanup_delay = 5<BR> main: max_requests = 1024<BR> main:
delete_blocked_requests = 0<BR> main: port = 0<BR> main:
allow_core_dumps = no<BR> main: log_stripped_names = no<BR> main:
log_file = "/var/log/radius/radius.log"<BR> main: log_auth =
no<BR> main: log_auth_badpass = no<BR> main: log_auth_goodpass =
no<BR> main: pidfile = "/var/run/radiusd/radiusd.pid"<BR> main: user =
"radiusd"<BR> main: group = "radiusd"<BR> main: usercollide =
no<BR> main: lower_user = "no"<BR> main: lower_pass =
"no"<BR> main: nospace_user = "no"<BR> main: nospace_pass =
"no"<BR> main: checkrad = "/usr/sbin/checkrad"<BR> main:
proxy_requests = yes<BR> proxy: retry_delay = 5<BR> proxy: retry_count
= 3<BR> proxy: synchronous = no<BR> proxy: default_fallback =
yes<BR> proxy: dead_time = 120<BR> proxy: post_proxy_authorize =
yes<BR> proxy: wake_all_if_all_dead = no<BR> security: max_attributes
= 200<BR> security: reject_delay = 1<BR> security: status_server =
no<BR> main: debug_level = 0<BR>read_config_files: reading
dictionary<BR>read_config_files: reading naslist<BR>Using deprecated
naslist file. Support for this will go away
soon.<BR>read_config_files: reading clients<BR>read_config_files:
reading realms<BR>radiusd: entering modules setup<BR>Module: Library
search path is /usr/lib<BR>Module: Loaded exec<BR> exec: wait =
yes<BR> exec: program = "(null)"<BR> exec: input_pairs =
"request"<BR> exec: output_pairs = "(null)"<BR> exec: packet_type =
"(null)"<BR>rlm_exec: Wait=yes but no output defined. Did you mean
output=none?<BR>Module: Instantiated exec (exec)<BR>Module: Loaded
expr<BR>Module: Instantiated expr (expr)<BR>Module: Loaded PAP<BR> pap:
encryption_scheme = "crypt"<BR>Module: Instantiated pap (pap)<BR>Module: Loaded
CHAP<BR>Module: Instantiated chap (chap)<BR>Module: Loaded
MS-CHAP<BR> mschap: use_mppe = yes<BR> mschap: require_encryption =
no<BR> mschap: require_strong = no<BR> mschap: with_ntdomain_hack =
yes<BR> mschap: passwd = "(null)"<BR> mschap: authtype =
"MS-CHAP"<BR> mschap: ntlm_auth = "/usr/bin/ntlm_auth --request-nt-key
--domain=<BR>%{mschap:NT-Domain} --username=%{mschap:User-Name}
--challenge=<BR>%{mschap:Challenge:-00}
--nt-response=%{mschap:NT-Response:-00}"<BR>Module: Instantiated mschap
(mschap)<BR>Module: Loaded System<BR> unix: cache = no<BR> unix:
passwd = "(null)"<BR> unix: shadow = "/etc/shadow"<BR> unix: group =
"(null)"<BR> unix: radwtmp = "/var/log/radius/radwtmp"<BR> unix:
usegroup = no<BR> unix: cache_reload = 600<BR>Module: Instantiated unix
(unix)<BR>Module: Loaded eap<BR> eap: default_eap_type =
"md5"<BR> eap: timer_expire = 60<BR> eap: ignore_unknown_eap_types =
no<BR> eap: cisco_accounting_username_bug = no<BR>rlm_eap: Loaded and
initialized type md5<BR>rlm_eap: Loaded and initialized type leap<BR> gtc:
challenge = "Password: "<BR> gtc: auth_type = "PAP"<BR>rlm_eap: Loaded and
initialized type gtc<BR> mschapv2: with_ntdomain_hack = no<BR>rlm_eap:
Loaded and initialized type mschapv2<BR>Module: Instantiated eap
(eap)<BR>Module: Loaded preprocess<BR> preprocess: huntgroups =
"/etc/raddb/huntgroups"<BR> preprocess: hints =
"/etc/raddb/hints"<BR> preprocess: with_ascend_hack =
no<BR> preprocess: ascend_channels_per_line = 23<BR> preprocess:
with_ntdomain_hack = no<BR> preprocess: with_specialix_jetstream_hack =
no<BR> preprocess: with_cisco_vsa_hack = no<BR>Module: Instantiated
preprocess (preprocess)<BR>Module: Loaded realm<BR> realm: format =
"suffix"<BR> realm: delimiter = "@"<BR> realm: ignore_default =
no<BR> realm: ignore_null = no<BR>Module: Instantiated realm
(suffix)<BR>Module: Loaded files<BR> files: usersfile =
"/etc/raddb/users"<BR> files: acctusersfile =
"/etc/raddb/acct_users"<BR> files: preproxy_usersfile =
"/etc/raddb/preproxy_users"<BR> files: compat = "no"<BR>Module:
Instantiated files (files)<BR>Module: Loaded
Acct-Unique-Session-Id<BR> acct_unique: key = "User-Name, Acct-Session-Id,
NAS-IP-Address,<BR>Client-IP-Address, NAS-Port"<BR>Module: Instantiated
acct_unique (acct_unique)<BR>Module: Loaded detail<BR> detail: detailfile
=<BR>"/var/log/radius/radacct/%{Client-IP-Address}/detail-%Y%m%d"<BR> detail:
detailperm = 384<BR> detail: dirperm = 493<BR> detail: locking =
no<BR>Module: Instantiated detail (detail)<BR>Module: Loaded
radutmp<BR> radutmp: filename = "/var/log/radius/radutmp"<BR> radutmp:
username = "%{User-Name}"<BR> radutmp: case_sensitive =
yes<BR> radutmp: check_with_nas = yes<BR> radutmp: perm =
384<BR> radutmp: callerid = yes<BR>Module: Instantiated radutmp
(radutmp)<BR>Listening on authentication *:1812<BR>Listening on accounting
*:1813<BR>Listening on proxy *:1814<BR>Ready to process requests.<BR>rad_recv:
Access-Request packet from host 172.16.0.3:1645,
id=68,<BR>length=78<BR> NAS-IP-Address
= 172.16.0.3<BR> NAS-Port =
66<BR> NAS-Port-Type =
Virtual<BR> User-Name =
"dwhite"<BR> Calling-Station-Id =
"172.16.2.122"<BR> User-Password =
"Password1"<BR> Processing the authorize section of
radiusd.conf<BR>modcall: entering group authorize for request 0<BR>
modcall[authorize]: module "preprocess" returns ok for request 0<BR>
modcall[authorize]: module "chap" returns noop for request 0<BR>
modcall[authorize]: module "mschap" returns noop for request
0<BR> rlm_realm: No '@' in User-Name = "dwhite", looking up
realm NULL<BR> rlm_realm: No such realm "NULL"<BR>
modcall[authorize]: module "suffix" returns noop for request 0<BR>
rlm_eap: No EAP-Message, not doing EAP<BR> modcall[authorize]: module
"eap" returns noop for request 0<BR> users: Matched DEFAULT at
152<BR> modcall[authorize]: module "files" returns ok for request
0<BR>modcall: group authorize returns ok for request 0<BR>
rad_check_password: Found Auth-Type System<BR>auth: type
"System"<BR> Processing the authenticate section of
radiusd.conf<BR>modcall: entering group authenticate for request 0<BR>
modcall[authenticate]: module "unix" returns notfound for request 0<BR>modcall:
group authenticate returns notfound for request 0<BR>auth: Failed to validate
the user.<BR>Delaying request 0 for 1 seconds<BR>Finished request 0<BR>Going to
the next request<BR>--- Walking the entire request list ---<BR>Waking up in 1
seconds...<BR>--- Walking the entire request list ---<BR>Waking up in 1
seconds...<BR>--- Walking the entire request list ---<BR>Sending Access-Reject
of id 68 to 172.16.0.3:1645<BR>Waking up in 4 seconds...<BR>--- Walking the
entire request list ---<BR>Cleaning up request 0 ID 68 with timestamp
448daaf9<BR>Nothing to do. Sleeping until we see a request.<BR><BR>Any
help as to my next step would be greatly appreciated.<BR><BR>Thanks,<BR>Doug
White<BR></FONT></DIV></BODY></HTML>