<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META http-equiv=Content-Type content="text/html; charset=us-ascii">
<META content="MSHTML 6.00.2900.2912" name=GENERATOR></HEAD>
<BODY>
<DIV><SPAN class=354164619-11072006><FONT face=Arial size=2>Im having trouble
configuring freeradius. Im going to give the full story, which might be too much
detail but here goes...</FONT></SPAN></DIV>
<DIV><SPAN class=354164619-11072006><FONT face=Arial
size=2></FONT></SPAN> </DIV>
<DIV><SPAN class=354164619-11072006><FONT face=Arial size=2>I have a radius
server (freeradius v 0.7) working on an old box. I want to upgrade this to a new
box with RHEL4 and Freeradius 1.0.1, that comes with RHEL4 now. The old
configuration files would not just copy over, starting free radius gives errors
with the dictionary files. Since I don't quite understand them, I thought better
try to reconfigure the new version then just copy over configuration
files.</FONT></SPAN></DIV>
<DIV><SPAN class=354164619-11072006><FONT face=Arial
size=2></FONT></SPAN> </DIV>
<DIV><SPAN class=354164619-11072006><FONT face=Arial size=2>Now I have the new
version running/authenticating. The problem is Im missing some data, I
think. When I authenticate (using NTRadPing) off the old server, I
get</FONT></SPAN></DIV>
<DIV><SPAN class=354164619-11072006><FONT face=Arial
size=2></FONT></SPAN> </DIV>
<DIV><SPAN class=354164619-11072006><FONT face=Arial size=2>Sending
authentication request to server 111.111.111.111:1812</FONT></SPAN></DIV>
<DIV><SPAN class=354164619-11072006><FONT face=Arial size=2>Transmitting packet,
code =1 id=4 length=67</FONT></SPAN></DIV>
<DIV><SPAN class=354164619-11072006><FONT face=Arial size=2>received response
from the server in 10 miliseconds</FONT></SPAN></DIV>
<DIV><SPAN class=354164619-11072006><FONT face=Arial size=2>reply packet code=2
id=4 length=174</FONT></SPAN></DIV>
<DIV><SPAN class=354164619-11072006><FONT face=Arial size=2>response:
Access-Accept</FONT></SPAN></DIV>
<DIV><SPAN class=354164619-11072006><FONT face=Arial
size=2>-----------------------------------attribute dump
----------------------------------------------</FONT></SPAN></DIV>
<DIV><SPAN class=354164619-11072006><FONT face=Arial
size=2>Service-Type=Framed</FONT></SPAN></DIV>
<DIV><SPAN class=354164619-11072006><FONT face=Arial
size=2>Framed-Protocol=PPP</FONT></SPAN></DIV>
<DIV><SPAN class=354164619-11072006><FONT face=Arial
size=2>Ascend-Data-Filter=\0x01\0x01\0x00\0x00\0x00\0x00\0x00\0x00\0x00</FONT></SPAN></DIV>
<DIV><SPAN class=354164619-11072006><FONT face=Arial size=2>(repeated
lines)</FONT></SPAN></DIV>
<DIV><SPAN class=354164619-11072006><FONT face=Arial
size=2>Ascent-Assign-IP-Pool=0</FONT></SPAN></DIV>
<DIV><SPAN class=354164619-11072006><FONT face=Arial
size=2></FONT></SPAN> </DIV>
<DIV><SPAN class=354164619-11072006><FONT face=Arial
size=2></FONT></SPAN> </DIV>
<DIV><SPAN class=354164619-11072006><FONT face=Arial
size=2></FONT></SPAN> </DIV>
<DIV><SPAN class=354164619-11072006><FONT face=Arial size=2>When I try against
the new one, I get only the lines to "--attribute dump--", but I
do get a correct auth. I know that part works because if I change the
uname/password to wrong, it doesnt work. So it is correctly checking against
LDAP. But I get none of the lower lines. I know the process is not quite
right as If I add the lines to my hints file (which exists on the old
server)</FONT></SPAN></DIV>
<DIV><SPAN class=354164619-11072006> </SPAN></DIV>
<DIV><SPAN class=354164619-11072006>
DEFAULT Suffix == "@dial.dsl.net", Strip-User-Name =
Yes<BR> Hint =
"UUNetDial"<BR></SPAN></DIV>
<DIV><SPAN class=354164619-11072006><FONT face=Arial size=2>then I get nothing
working. If I comment out those lines, I can authenticate, but with no extra
info. (Which I assume is part of the problem.) If I comment the hints
lines out, I get this in the output of radiusd</FONT></SPAN></DIV>
<DIV><SPAN class=354164619-11072006><FONT face=Arial
size=2></FONT></SPAN> </DIV>
<DIV><SPAN class=354164619-11072006><FONT face=Arial
size=2> rlm_ldap: Bind was
successful<BR> rlm_ldap: performing
search in dc=dsl,dc=net, with filter
(&(objectClass=dslnDialupUser)(uid=radius%dsl.net))<BR>
rlm_ldap: checking if remote access for radius%dsl.net is allowed by
dslnRadiusProfile<BR> rlm_ldap:
looking for check items in
directory...<BR> rlm_ldap: looking for
reply items in directory...<BR>
rlm_ldap: user radius%dsl.net authorized to use remote
access<BR></FONT></SPAN></DIV>
<DIV><SPAN class=354164619-11072006><FONT face=Arial size=2>if I leave those
lines in the hints, it loses the uid, as shown below...</FONT></SPAN></DIV>
<DIV><SPAN class=354164619-11072006><FONT face=Arial
size=2></FONT></SPAN> </DIV>
<DIV><SPAN class=354164619-11072006><FONT face=Arial
size=2> rlm_ldap: Bind was
successful<BR> rlm_ldap: performing
search in dc=dsl,dc=net, with filter
(&(objectClass=dslnDialupUser)(uid=_))<BR>
rlm_ldap: object not found or got ambiguous search
result<BR> rlm_ldap: search
failed<BR></FONT></SPAN></DIV>
<DIV><SPAN class=354164619-11072006><FONT face=Arial size=2>So, what I need to
know is, why does the hint lines make the uid get stripped? Im guessing the
system somewhere else is also doing a strip, and so the double means no UID gets
there? Is there any "radius for dummies"? I think Im getting lost as to
which process happens when during the process,ie: when does the hints vs clients
vs users files come into play.</FONT></SPAN></DIV>
<DIV><SPAN class=354164619-11072006><FONT face=Arial
size=2></FONT></SPAN> </DIV>
<DIV><SPAN class=354164619-11072006><FONT face=Arial size=2>Thanks for any
help!</FONT></SPAN></DIV>
<DIV><SPAN class=354164619-11072006><FONT face=Arial
size=2>Nick</DIV></FONT></SPAN></BODY></HTML>