<HTML><BODY style="word-wrap: break-word; -khtml-nbsp-mode: space; -khtml-line-break: after-white-space; "><DIV>We are currently using our RADIUS server to do one thing. It is authenticating wireless users via Mac address through access points. Very clean, very simple. We would like to increase the security a bit by having the users authenticate against eDirectory as well. If a user tries to get on the network, his MAC is passed to the RADIUS server. If the MAC is validated, the request is passed to the Novell Server, the user is asked to enter his password, and then he is allowed in. I have setup my config files according to several eDirectory/FreeRADIUS FAQ articles that I have found, but I am still having a few issues.</DIV><DIV><BR class="khtml-block-placeholder"></DIV><DIV>1: I am never asked for a password</DIV><DIV>2: rlm_ldap: When I attempt to get access, I get an error message "could not start TLS operations error"</DIV><DIV><BR class="khtml-block-placeholder"></DIV><DIV><BR class="khtml-block-placeholder"></DIV><DIV>Below are some clips from my configurations as well as the access messages as I receive:</DIV><DIV><BR class="khtml-block-placeholder"></DIV><DIV>ACCESS ATTEMPT:</DIV><DIV><BR class="khtml-block-placeholder"></DIV><DIV style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; ">rad_recv: Access-Request packet from host 172.16.14.23:1812, id=1, length=73</DIV><DIV style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; "> User-Password = "xxxxxx"</DIV><DIV style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; "> User-Name = "0016cb-b64f93"</DIV><DIV style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; "> NAS-Identifier = "172.16.14.23"</DIV><DIV style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; "> NAS-IP-Address = 172.16.14.23</DIV><DIV style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; "> Processing the authorize section of radiusd.conf</DIV><DIV style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; ">modcall: entering group authorize for request 0</DIV><DIV style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; "> modcall[authorize]: module "preprocess" returns ok for request 0</DIV><DIV style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; ">radius_xlat: '/usr/local/var/log/radius/radacct/172.16.14.23/auth-detail-20071011'</DIV><DIV style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; ">rlm_detail: /usr/local/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d expands to /usr/local/var/log/radius/radacct/172.16.14.23/auth-detail-20071011</DIV><DIV style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; "> modcall[authorize]: module "auth_log" returns ok for request 0</DIV><DIV style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; "> modcall[authorize]: module "chap" returns noop for request 0</DIV><DIV style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; "> modcall[authorize]: module "mschap" returns noop for request 0</DIV><DIV style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; "> rlm_realm: No '@' in User-Name = "0016cb-b64f93", looking up realm NULL</DIV><DIV style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; "> rlm_realm: No such realm "NULL"</DIV><DIV style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; "> modcall[authorize]: module "suffix" returns noop for request 0</DIV><DIV style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; "> rlm_eap: No EAP-Message, not doing EAP</DIV><DIV style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; "> modcall[authorize]: module "eap" returns noop for request 0</DIV><DIV style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; "> users: Matched entry DEFAULT at line 153</DIV><DIV style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; "> users: Matched entry 0016cb-b64f93 at line 222</DIV><DIV style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; "> modcall[authorize]: module "files" returns ok for request 0</DIV><DIV style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; ">rlm_ldap: - authorize</DIV><DIV style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; ">rlm_ldap: performing user authorization for 0016cb-b64f93</DIV><DIV style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; ">radius_xlat: '(uid=0016cb-b64f93)'</DIV><DIV style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; ">radius_xlat: 'o=dist-155'</DIV><DIV style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; ">rlm_ldap: ldap_get_conn: Checking Id: 0</DIV><DIV style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; ">rlm_ldap: ldap_get_conn: Got Id: 0</DIV><DIV style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; ">rlm_ldap: attempting LDAP reconnection</DIV><DIV style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; ">rlm_ldap: (re)connect to 172.16.13.10:636, authentication 0</DIV><DIV style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; ">rlm_ldap: setting TLS mode to 1</DIV><DIV style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; ">rlm_ldap: setting TLS CACert File to /usr/local/etc/raddb/certs/cacert.pem</DIV><DIV style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; ">rlm_ldap: setting TLS CACert Directory to /usr/local/etc/raddb/certs/</DIV><DIV style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; ">rlm_ldap: setting TLS Require Cert to demand</DIV><DIV style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; ">rlm_ldap: starting TLS</DIV><DIV style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; ">rlm_ldap: ldap_start_tls_s()</DIV><DIV style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; ">rlm_ldap: could not start TLS Operations error</DIV><DIV style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; ">rlm_ldap: (re)connection attempt failed</DIV><DIV style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; ">rlm_ldap: search failed</DIV><DIV style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; ">rlm_ldap: ldap_release_conn: Release Id: 0</DIV><DIV style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; "> modcall[authorize]: module "ldap" returns fail for request 0</DIV><DIV style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; ">modcall: leaving group authorize (returns fail) for request 0</DIV><DIV style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; ">Finished request 0</DIV><DIV style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; ">Going to the next request</DIV><DIV><BR class="khtml-block-placeholder"></DIV><DIV><BR class="khtml-block-placeholder"></DIV><DIV>RADIUSD.CONF</DIV><DIV><BR class="khtml-block-placeholder"></DIV><DIV># MODULE CONFIGURATION</DIV><DIV>#</DIV><DIV>modules {</DIV><DIV><SPAN class="Apple-tab-span" style="white-space:pre"> </SPAN>#</DIV><DIV><SPAN class="Apple-tab-span" style="white-space:pre"> </SPAN>pap {</DIV><DIV><SPAN class="Apple-tab-span" style="white-space:pre"> </SPAN>encryption_scheme = crypt</DIV><DIV><SPAN class="Apple-tab-span" style="white-space:pre"> </SPAN>auto_header = yes</DIV><DIV><SPAN class="Apple-tab-span" style="white-space:pre"> </SPAN>}</DIV><DIV><SPAN class="Apple-tab-span" style="white-space:pre"> </SPAN>chap {</DIV><DIV><SPAN class="Apple-tab-span" style="white-space:pre"> </SPAN>authtype = CHAP</DIV><DIV><SPAN class="Apple-tab-span" style="white-space:pre"> </SPAN>}</DIV><DIV><SPAN class="Apple-tab-span" style="white-space:pre"> </SPAN>pam {</DIV><DIV><SPAN class="Apple-tab-span" style="white-space:pre"> </SPAN>pam_auth = radiusd</DIV><DIV><SPAN class="Apple-tab-span" style="white-space:pre"> </SPAN>}</DIV><DIV><SPAN class="Apple-tab-span" style="white-space:pre"> </SPAN>unix {</DIV><DIV><SPAN class="Apple-tab-span" style="white-space:pre"> </SPAN>cache = no</DIV><DIV><SPAN class="Apple-tab-span" style="white-space:pre"> </SPAN>cache_reload = 600</DIV><DIV><SPAN class="Apple-tab-span" style="white-space:pre"> </SPAN>#<SPAN class="Apple-tab-span" style="white-space:pre"> </SPAN>passwd = /etc/passwd</DIV><DIV><SPAN class="Apple-tab-span" style="white-space:pre"> </SPAN>#<SPAN class="Apple-tab-span" style="white-space:pre"> </SPAN>shadow = /etc/shadow</DIV><DIV><SPAN class="Apple-tab-span" style="white-space:pre"> </SPAN>#<SPAN class="Apple-tab-span" style="white-space:pre"> </SPAN>group = /etc/group</DIV><DIV><SPAN class="Apple-tab-span" style="white-space:pre"> </SPAN>radwtmp = ${logdir}/radwtmp</DIV><DIV><SPAN class="Apple-tab-span" style="white-space:pre"> </SPAN>}</DIV><DIV>$INCLUDE ${confdir}/eap.conf</DIV><DIV><SPAN class="Apple-tab-span" style="white-space:pre"> </SPAN>mschap {</DIV><DIV><SPAN class="Apple-tab-span" style="white-space:pre"> </SPAN>#use_mppe = no</DIV><DIV><SPAN class="Apple-tab-span" style="white-space:pre"> </SPAN>#require_encryption = yes</DIV><DIV><SPAN class="Apple-tab-span" style="white-space:pre"> </SPAN>#require_strong = yes</DIV><DIV><SPAN class="Apple-tab-span" style="white-space:pre"> </SPAN>#with_ntdomain_hack = no</DIV><DIV><SPAN class="Apple-tab-span" style="white-space:pre"> </SPAN>#ntlm_auth = "/path/to/ntlm_auth --request-nt-key --username=%{Stripped-User-Name:-%{User-Name:-None}} --challenge=%{mschap:Challenge:-00} --nt-response=%{mschap:NT-Response:-00}"</DIV><DIV><SPAN class="Apple-tab-span" style="white-space:pre"> </SPAN>}</DIV><DIV><SPAN class="Apple-tab-span" style="white-space:pre"> </SPAN>ldap {</DIV><DIV><SPAN class="Apple-tab-span" style="white-space:pre"> </SPAN>server = 172.16.13.10 </DIV><DIV><SPAN class="Apple-tab-span" style="white-space:pre"> </SPAN>identity = "cn=ProxyUser,ou=District,o=dist-155"</DIV><DIV><SPAN class="Apple-tab-span" style="white-space:pre"> </SPAN>password = "xxxxxx"</DIV><DIV><SPAN class="Apple-tab-span" style="white-space:pre"> </SPAN>basedn = "o=dist-155"</DIV><DIV><SPAN class="Apple-tab-span" style="white-space:pre"> </SPAN>filter = "(uid=%{Stripped-User-Name:-%{User-Name}})"</DIV><DIV><SPAN class="Apple-tab-span" style="white-space:pre"> </SPAN>base_filter = "(objectclass=radiusprofile)"</DIV><DIV><SPAN class="Apple-tab-span" style="white-space:pre"> </SPAN>start_tls = yes </DIV><DIV><SPAN class="Apple-tab-span" style="white-space:pre"> </SPAN>tls_mode = yes</DIV><DIV> port = 636</DIV><DIV><SPAN class="Apple-tab-span" style="white-space:pre"> </SPAN>tls_cacertfile<SPAN class="Apple-tab-span" style="white-space:pre"> </SPAN>= /usr/local/etc/raddb/certs/cacert.pem</DIV><DIV><SPAN class="Apple-tab-span" style="white-space:pre"> </SPAN>tls_cacertdir<SPAN class="Apple-tab-span" style="white-space:pre"> </SPAN>= /usr/local/etc/raddb/certs/</DIV><DIV><SPAN class="Apple-tab-span" style="white-space:pre"> </SPAN># tls_certfile<SPAN class="Apple-tab-span" style="white-space:pre"> </SPAN>= /usr/local/etc/raddb/certs/radius.crt</DIV><DIV><SPAN class="Apple-tab-span" style="white-space:pre"> </SPAN># tls_keyfile<SPAN class="Apple-tab-span" style="white-space:pre"> </SPAN>= /usr/local/etc/raddb/certs/radius.key</DIV><DIV><SPAN class="Apple-tab-span" style="white-space:pre"> </SPAN># tls_randfile<SPAN class="Apple-tab-span" style="white-space:pre"> </SPAN>= /path/to/rnd</DIV><DIV><SPAN class="Apple-tab-span" style="white-space:pre"> </SPAN>tls_require_cert<SPAN class="Apple-tab-span" style="white-space:pre"> </SPAN>= "demand"</DIV><DIV><SPAN class="Apple-tab-span" style="white-space:pre"> </SPAN># default_profile = "cn=radprofile,ou=dialup,o=My Org,c=UA"</DIV><DIV><SPAN class="Apple-tab-span" style="white-space:pre"> </SPAN># profile_attribute = "radiusProfileDn"</DIV><DIV><SPAN class="Apple-tab-span" style="white-space:pre"> </SPAN>access_attr = "dialupAccess"</DIV><DIV><SPAN class="Apple-tab-span" style="white-space:pre"> </SPAN>dictionary_mapping = ${raddbdir}/ldap.attrmap</DIV><DIV><SPAN class="Apple-tab-span" style="white-space:pre"> </SPAN>ldap_connections_number = 10 </DIV><DIV><SPAN class="Apple-tab-span" style="white-space:pre"> </SPAN> Set:</DIV><DIV><SPAN class="Apple-tab-span" style="white-space:pre"> </SPAN>password_attribute = nspmPassword</DIV><DIV><SPAN class="Apple-tab-span" style="white-space:pre"> </SPAN># password_attribute = userPassword</DIV><DIV><SPAN class="Apple-tab-span" style="white-space:pre"> </SPAN>edir_account_policy_check=yes</DIV><DIV><SPAN class="Apple-tab-span" style="white-space:pre"> </SPAN># groupname_attribute = cn</DIV><DIV><SPAN class="Apple-tab-span" style="white-space:pre"> </SPAN># groupmembership_filter = "(|(&(objectClass=GroupOfNames)(member=%{Ldap-UserDn}))(&(objectClass=GroupOfUniqueNames)(uniquemember=%{Ldap-UserDn})))"</DIV><DIV><SPAN class="Apple-tab-span" style="white-space:pre"> </SPAN># groupmembership_attribute = radiusGroupName</DIV><DIV><SPAN class="Apple-tab-span" style="white-space:pre"> </SPAN>timeout = 4</DIV><DIV><SPAN class="Apple-tab-span" style="white-space:pre"> </SPAN>timelimit = 3</DIV><DIV><SPAN class="Apple-tab-span" style="white-space:pre"> </SPAN>net_timeout = 1</DIV><DIV><SPAN class="Apple-tab-span" style="white-space:pre"> </SPAN># compare_check_items = yes</DIV><DIV><SPAN class="Apple-tab-span" style="white-space:pre"> </SPAN># do_xlat = yes</DIV><DIV><SPAN class="Apple-tab-span" style="white-space:pre"> </SPAN># access_attr_used_for_allow = yes</DIV><DIV><SPAN class="Apple-tab-span" style="white-space:pre"> </SPAN># set_auth_type = yes</DIV><DIV><SPAN class="Apple-tab-span" style="white-space:pre"> </SPAN>}</DIV><DIV><BR class="khtml-block-placeholder"></DIV><DIV>EAP.CONF</DIV><DIV><BR class="khtml-block-placeholder"></DIV><DIV><SPAN class="Apple-tab-span" style="white-space:pre"> </SPAN>eap {</DIV><DIV><SPAN class="Apple-tab-span" style="white-space:pre"> </SPAN>default_eap_type = peap </DIV><DIV><SPAN class="Apple-tab-span" style="white-space:pre"> </SPAN>timer_expire = 60</DIV><DIV><SPAN class="Apple-tab-span" style="white-space:pre"> </SPAN>ignore_unknown_eap_types = no</DIV><DIV><SPAN class="Apple-tab-span" style="white-space:pre"> </SPAN>cisco_accounting_username_bug = no</DIV><DIV><BR class="khtml-block-placeholder"></DIV><DIV><SPAN class="Apple-tab-span" style="white-space:pre"> </SPAN># Supported EAP-types</DIV><DIV><BR class="khtml-block-placeholder"></DIV><DIV><SPAN class="Apple-tab-span" style="white-space:pre"> </SPAN>md5 {</DIV><DIV><SPAN class="Apple-tab-span" style="white-space:pre"> </SPAN>}</DIV><DIV><SPAN class="Apple-tab-span" style="white-space:pre"> </SPAN>leap {</DIV><DIV><SPAN class="Apple-tab-span" style="white-space:pre"> </SPAN>}</DIV><DIV><SPAN class="Apple-tab-span" style="white-space:pre"> </SPAN>gtc {</DIV><DIV><SPAN class="Apple-tab-span" style="white-space:pre"> </SPAN>auth_type = PAP</DIV><DIV><SPAN class="Apple-tab-span" style="white-space:pre"> </SPAN>}</DIV><DIV><BR class="khtml-block-placeholder"></DIV><DIV><SPAN class="Apple-tab-span" style="white-space:pre"> </SPAN>## EAP-TLS</DIV><DIV><SPAN class="Apple-tab-span" style="white-space:pre"> </SPAN>tls {</DIV><DIV><SPAN class="Apple-tab-span" style="white-space:pre"> </SPAN>private_key_password = ch$d!s$ </DIV><DIV><SPAN class="Apple-tab-span" style="white-space:pre"> </SPAN>private_key_file = ${raddbdir}/certs/cert-key.pem</DIV><DIV><SPAN class="Apple-tab-span" style="white-space:pre"> </SPAN>certificate_file = ${raddbdir}/certs/cert-srv.pem</DIV><DIV><SPAN class="Apple-tab-span" style="white-space:pre"> </SPAN>CA_file = ${raddbdir}/certs/demoCA/cacert.pem</DIV><DIV><SPAN class="Apple-tab-span" style="white-space:pre"> </SPAN>dh_file = ${raddbdir}/certs/dh</DIV><DIV><SPAN class="Apple-tab-span" style="white-space:pre"> </SPAN>random_file = ${raddbdir}/certs/random</DIV><DIV><SPAN class="Apple-tab-span" style="white-space:pre"> </SPAN>fragment_size = 1024</DIV><DIV><SPAN class="Apple-tab-span" style="white-space:pre"> </SPAN>include_length = yes</DIV><DIV><SPAN class="Apple-tab-span" style="white-space:pre"> </SPAN>#<SPAN class="Apple-tab-span" style="white-space:pre"> </SPAN>check_crl = yes</DIV><DIV><SPAN class="Apple-tab-span" style="white-space:pre"> </SPAN># check_cert_issuer = "/C=GB/ST=Berkshire/L=Newbury/O=My Company Ltd"</DIV><DIV><SPAN class="Apple-tab-span" style="white-space:pre"> </SPAN>#<SPAN class="Apple-tab-span" style="white-space:pre"> </SPAN>check_cert_cn = %{User-Name}</DIV><DIV><SPAN class="Apple-tab-span" style="white-space:pre"> </SPAN>#<SPAN class="Apple-tab-span" style="white-space:pre"> </SPAN>cipher_list = "DEFAULT"</DIV><DIV><SPAN class="Apple-tab-span" style="white-space:pre"> </SPAN>}</DIV><DIV><SPAN class="Apple-tab-span" style="white-space:pre"> </SPAN>ttls {</DIV><DIV><SPAN class="Apple-tab-span" style="white-space:pre"> </SPAN>default_eap_type = md5</DIV><DIV><SPAN class="Apple-tab-span" style="white-space:pre"> </SPAN>copy_request_to_tunnel = yes </DIV><DIV><SPAN class="Apple-tab-span" style="white-space:pre"> </SPAN>use_tunneled_reply = yes</DIV><DIV><SPAN class="Apple-tab-span" style="white-space:pre"> </SPAN>}</DIV><DIV><SPAN class="Apple-tab-span" style="white-space:pre"> </SPAN> peap {</DIV><DIV><SPAN class="Apple-tab-span" style="white-space:pre"> </SPAN>default_eap_type = mschapv2</DIV><DIV><SPAN class="Apple-tab-span" style="white-space:pre"> </SPAN>#<SPAN class="Apple-tab-span" style="white-space:pre"> </SPAN>copy_request_to_tunnel = no</DIV><DIV><SPAN class="Apple-tab-span" style="white-space:pre"> </SPAN>#<SPAN class="Apple-tab-span" style="white-space:pre"> </SPAN>use_tunneled_reply = no</DIV><DIV><SPAN class="Apple-tab-span" style="white-space:pre"> </SPAN>#<SPAN class="Apple-tab-span" style="white-space:pre"> </SPAN>proxy_tunneled_request_as_eap = yes</DIV><DIV><SPAN class="Apple-tab-span" style="white-space:pre"> </SPAN>}</DIV><DIV><SPAN class="Apple-tab-span" style="white-space:pre"> </SPAN>mschapv2 {</DIV><DIV><SPAN class="Apple-tab-span" style="white-space:pre"> </SPAN>}</DIV><DIV><SPAN class="Apple-tab-span" style="white-space:pre"> </SPAN>}</DIV><DIV><BR class="khtml-block-placeholder"></DIV><DIV>USERS</DIV><DIV><BR class="khtml-block-placeholder"></DIV><DIV>#Dist - Lachel</DIV><DIV>"0016cb-b64f93" Auth-Type := Local, User-Password == "xxxxxx"</DIV><DIV><BR class="khtml-block-placeholder"></DIV><DIV><BR class="khtml-block-placeholder"></DIV><DIV>I am using freeRADIUS 1.1.7 on an OS X 10.4.10 Server machine. My Access Points are currently Apple Airports, but we will be replacing those with Cisco 1131s.</DIV><DIV><BR class="khtml-block-placeholder"></DIV><DIV>Any help at getting this going would be greatly appreciated.</DIV><DIV><BR class="khtml-block-placeholder"></DIV><DIV>Thanks</DIV><DIV><BR class="khtml-block-placeholder"></DIV><BR><DIV> <SPAN class="Apple-style-span" style="border-collapse: separate; border-spacing: 0px 0px; color: rgb(0, 0, 0); font-family: Helvetica; font-size: 12px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; text-align: auto; -khtml-text-decorations-in-effect: none; text-indent: 0px; -apple-text-size-adjust: auto; text-transform: none; orphans: 2; white-space: normal; widows: 2; word-spacing: 0px; "><DIV>Brad Lachel</DIV><DIV>Community High School District #155</DIV><DIV><A href="mailto:stuff@d155.org">stuff@d155.org</A></DIV><DIV><BR class="khtml-block-placeholder"></DIV><BR class="Apple-interchange-newline"></SPAN> </DIV><BR></BODY></HTML>
<br><hr style="BORDER:#000000; COLOR:#000000;" align="left" width="400" noShade SIZE="2">
<FONT color="#000000" size="2"><i>All e-mail to and from this address is subject to the Acceptable Use Policies of Community High School District #155. All e-mail may be monitored and/or disclosed to third parties. Any views or opinions presented in an e-mail are solely those of the author and may not represent those of Community High School District #155.</i></FONT><br>
<a href="http://www.d155.org"><FONT size="2" face="Gill Sans, Arial" color="#0000FF">http://www.d155.org</FONT></a>