<html>
<head>
<style><!--
.hmmessage P
{
margin:0px;
padding:0px
}
body.hmmessage
{
font-size: 10pt;
font-family:Verdana
}
--></style>
</head>
<body class='hmmessage'>
<br><br>> From: freeradius-users-request@lists.freeradius.org<br>> Subject: Freeradius-Users Digest, Vol 55, Issue 34<br>> To: freeradius-users@lists.freeradius.org<br>> Date: Mon, 9 Nov 2009 20:55:31 +0100<br>> <br>> Send Freeradius-Users mailing list submissions to<br>> freeradius-users@lists.freeradius.org<br>> <br>> To subscribe or unsubscribe via the World Wide Web, visit<br>> http://lists.freeradius.org/mailman/listinfo/freeradius-users<br>> or, via email, send a message with subject or body 'help' to<br>> freeradius-users-request@lists.freeradius.org<br>> <br>> You can reach the person managing the list at<br>> freeradius-users-owner@lists.freeradius.org<br>> <br>> When replying, please edit your Subject line so it is more specific<br>> than "Re: Contents of Freeradius-Users digest..."<br>> <br>> <br>> Today's Topics:<br>> <br>> 1. Re: Freeradius-Users Digest, Vol 55, Issue 32 (Alan Buxey)<br>> 2. Cannot upgade to 2.1.7 (kachin Agarwal)<br>> 3. Re: Cannot upgade to 2.1.7 (Alan DeKok)<br>> 4. Re: Freeradius set up help (tnt@kalik.net)<br>> 5. LDAP and IPPool (David L Wolford)<br>> <br>> <br>> ----------------------------------------------------------------------<br>> <br>> Message: 1<br>> Date: Mon, 9 Nov 2009 15:55:13 +0000<br>> From: Alan Buxey <A.L.M.Buxey@lboro.ac.uk><br>> Subject: Re: Freeradius-Users Digest, Vol 55, Issue 32<br>> To: FreeRadius users mailing list<br>> <freeradius-users@lists.freeradius.org><br>> Message-ID: <20091109155513.GA30406@lboro.ac.uk><br>> Content-Type: text/plain; charset=us-ascii<br>> <br>> Hi,<br>> <br>> > I have a problem which I and a friend here have been trying to solve for some days now.<br>> <br>> it wasnt clear what the actual problem is that you are having - you seemed to miss<br>> out the problem - eg the output of radiusd -X<br><br>Hi Alan, sorry that i forgot the output from the terminal. <br>The output when i try to run using the command radiusd -X is:<br><br>FreeRADIUS Version 2.1.7, for host i686-pc-linux-gnu, built on Nov 6 2009 at 15:23:51<br>Copyright (C) 1999-2009 The FreeRADIUS server project and contributors. <br>There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A <br>PARTICULAR PURPOSE. <br>You may redistribute copies of FreeRADIUS under the terms of the <br>GNU General Public License v2. <br>Starting - reading configuration files ...<br>including configuration file /usr/local/etc/raddb/radiusd.conf<br>Unable to open file "/usr/local/etc/raddb/radiusd.conf": Permission denied<br>Errors reading /usr/local/etc/raddb/radiusd.conf<br>peter@peter-desktop:~/Desktop/freeradius-server$ sudo radiusd -X<br>FreeRADIUS Version 2.1.7, for host i686-pc-linux-gnu, built on Nov 6 2009 at 15:23:51<br>Copyright (C) 1999-2009 The FreeRADIUS server project and contributors. <br>There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A <br>PARTICULAR PURPOSE. <br>You may redistribute copies of FreeRADIUS under the terms of the <br>GNU General Public License v2. <br>Starting - reading configuration files ...<br>including configuration file /usr/local/etc/raddb/radiusd.conf<br>including configuration file /usr/local/etc/raddb/proxy.conf<br>including configuration file /usr/local/etc/raddb/clients.conf<br>including files in directory /usr/local/etc/raddb/modules/<br>including configuration file /usr/local/etc/raddb/modules/sql_log<br>including configuration file /usr/local/etc/raddb/modules/realm<br>including configuration file /usr/local/etc/raddb/modules/checkval<br>including configuration file /usr/local/etc/raddb/modules/expiration<br>including configuration file /usr/local/etc/raddb/modules/detail<br>including configuration file /usr/local/etc/raddb/modules/ippool<br>including configuration file /usr/local/etc/raddb/modules/smbpasswd<br>including configuration file /usr/local/etc/raddb/modules/policy<br>including configuration file /usr/local/etc/raddb/modules/detail.example.com<br>including configuration file /usr/local/etc/raddb/modules/passwd<br>including configuration file /usr/local/etc/raddb/modules/acct_unique<br>including configuration file /usr/local/etc/raddb/modules/attr_rewrite<br>including configuration file /usr/local/etc/raddb/modules/wimax<br>including configuration file /usr/local/etc/raddb/modules/detail.log<br>including configuration file /usr/local/etc/raddb/modules/unix<br>including configuration file /usr/local/etc/raddb/modules/inner-eap<br>including configuration file /usr/local/etc/raddb/modules/mac2vlan<br>including configuration file /usr/local/etc/raddb/modules/files<br>including configuration file /usr/local/etc/raddb/modules/perl<br>including configuration file /usr/local/etc/raddb/modules/linelog<br>including configuration file /usr/local/etc/raddb/modules/ldap<br>including configuration file /usr/local/etc/raddb/modules/always<br>including configuration file /usr/local/etc/raddb/modules/chap<br>including configuration file /usr/local/etc/raddb/modules/sradutmp<br>including configuration file /usr/local/etc/raddb/modules/echo<br>including configuration file /usr/local/etc/raddb/modules/counter<br>including configuration file /usr/local/etc/raddb/modules/pam<br>including configuration file /usr/local/etc/raddb/modules/mac2ip<br>including configuration file /usr/local/etc/raddb/modules/preprocess<br>including configuration file /usr/local/etc/raddb/modules/digest<br>including configuration file /usr/local/etc/raddb/modules/exec<br>including configuration file /usr/local/etc/raddb/modules/otp<br>including configuration file /usr/local/etc/raddb/modules/attr_filter<br>including configuration file /usr/local/etc/raddb/modules/etc_group<br>including configuration file /usr/local/etc/raddb/modules/pap<br>including configuration file /usr/local/etc/raddb/modules/krb5<br>including configuration file /usr/local/etc/raddb/modules/mschap<br>including configuration file /usr/local/etc/raddb/modules/smsotp<br>including configuration file /usr/local/etc/raddb/modules/expr<br>including configuration file /usr/local/etc/raddb/modules/radutmp<br>including configuration file /usr/local/etc/raddb/modules/sqlcounter_expire_on_login<br>including configuration file /usr/local/etc/raddb/modules/logintime<br>including configuration file /usr/local/etc/raddb/modules/cui<br>including configuration file /usr/local/etc/raddb/eap.conf<br>including configuration file /usr/local/etc/raddb/policy.conf<br>including files in directory /usr/local/etc/raddb/sites-enabled/<br>including configuration file /usr/local/etc/raddb/sites-enabled/inner-tunnel<br>including configuration file /usr/local/etc/raddb/sites-enabled/control-socket<br>including configuration file /usr/local/etc/raddb/sites-enabled/default<br>including dictionary file /usr/local/etc/raddb/dictionary<br>main {<br> prefix = "/usr/local"<br> localstatedir = "/usr/local/var"<br> logdir = "/usr/local/var/log/radius"<br> libdir = "/usr/local/lib"<br> radacctdir = "/usr/local/var/log/radius/radacct"<br> hostname_lookups = no<br> max_request_time = 30<br> cleanup_delay = 5<br> max_requests = 1024<br> allow_core_dumps = no<br> pidfile = "/usr/local/var/run/radiusd/radiusd.pid"<br> checkrad = "/usr/local/sbin/checkrad"<br> debug_level = 0<br> proxy_requests = yes<br> log {<br> stripped_names = no<br> auth = no<br> auth_badpass = no<br> auth_goodpass = no<br> }<br> security {<br> max_attributes = 200<br> reject_delay = 1<br> status_server = yes<br> }<br>}<br>radiusd: #### Loading Realms and Home Servers ####<br> proxy server {<br> retry_delay = 5<br> retry_count = 3<br> default_fallback = no<br> dead_time = 120<br> wake_all_if_all_dead = no<br> }<br> home_server localhost {<br> ipaddr = 127.0.0.1<br> port = 1812<br> type = "auth"<br> secret = "testing123"<br> response_window = 20<br> max_outstanding = 65536<br> require_message_authenticator = no<br> zombie_period = 40<br> status_check = "status-server"<br> ping_interval = 30<br> check_interval = 30<br> num_answers_to_alive = 3<br> num_pings_to_alive = 3<br> revive_interval = 120<br> status_check_timeout = 4<br> irt = 2<br> mrt = 16<br> mrc = 5<br> mrd = 30<br> }<br> home_server_pool my_auth_failover {<br> type = fail-over<br> home_server = localhost<br> }<br> realm example.com {<br> auth_pool = my_auth_failover<br> }<br> realm LOCAL {<br> }<br>radiusd: #### Loading Clients ####<br> client localhost {<br> ipaddr = 127.0.0.1<br> netmask = 32<br> require_message_authenticator = no<br> secret = "testing123"<br> shortname = "localhost"<br> nastype = "other"<br> }<br>Segmentation fault<br>peter@peter-desktop:~/Desktop/freeradius-server$<br><br>Best regards/ Peter<br>> <br>> alan<br>> <br>> <br>> ------------------------------<br>> <br>> Message: 2<br>> Date: Mon, 9 Nov 2009 22:13:03 +0530 (IST)<br>> From: kachin Agarwal <kach_gr8@yahoo.co.in><br>> Subject: Cannot upgade to 2.1.7<br>> To: freeradius-users@lists.freeradius.org<br>> Message-ID: <677054.66183.qm@web94201.mail.in2.yahoo.com><br>> Content-Type: text/plain; charset="iso-8859-1"<br>> <br>> <br>> Hi,<br>> ??? Ya i need the rlm_counter module. so how can i rectify it..? plz give me a solution..<br>> <br>> Thanks & Regards,<br>> Kachin<br>> <br>> --- On Mon, 9/11/09, kachin Agarwal <kach_gr8@yahoo.co.in> wrote:<br>> <br>> From: kachin Agarwal <kach_gr8@yahoo.co.in><br>> Subject: Cannot upgade to 2.1.7<br>> To: freeradius-users@lists.freeradius.org<br>> Date: Monday, 9 November, 2009, 6:00 PM<br>> <br>> Hi,<br>> I m trying to upgrade the freeradius server to 2.1.7. <br>> But when i build i get the following error :<br>> <br>> configure: error: set --without-rlm_counter to disable it explicitly.<br>> configure: error: ./configure failed for src/modules/rlm_counter<br>> make: *** [*/*/*/*/*/*/*/radius/freeradius-server-2.1.7/src/main/radiusd] Error 1<br>> <br>> How can i rectify this???<br>> <br>> Thanx & Regards,<br>> Kachin<br>> <br>> <br>> <br>> <br>> <br>> <br>> <br>> The INTERNET now has a personality. YOURS! See your Yahoo! Homepage.<br>> <br>> <br>> The INTERNET now has a personality. YOURS! See your Yahoo! Homepage. http://in.yahoo.com/<br>> -------------- next part --------------<br>> An HTML attachment was scrubbed...<br>> URL: <https://lists.freeradius.org/pipermail/freeradius-users/attachments/20091109/a666344c/attachment.html><br>> <br>> ------------------------------<br>> <br>> Message: 3<br>> Date: Mon, 09 Nov 2009 18:03:46 +0100<br>> From: Alan DeKok <aland@deployingradius.com><br>> Subject: Re: Cannot upgade to 2.1.7<br>> To: FreeRadius users mailing list<br>> <freeradius-users@lists.freeradius.org><br>> Message-ID: <4AF84B72.80409@deployingradius.com><br>> Content-Type: text/plain; charset=ISO-8859-1<br>> <br>> kachin Agarwal wrote:<br>> > <br>> > Hi,<br>> > Ya i need the rlm_counter module. so how can i rectify it..? plz<br>> > give me a solution..<br>> <br>> Read the REST of the messages. It tells you what the module needs,<br>> and what is missing.<br>> <br>> I never understand why some people look only at the LAST error<br>> message, and refuse to read anything more than that.<br>> <br>> Alan DeKok.<br>> <br>> <br>> <br>> ------------------------------<br>> <br>> Message: 4<br>> Date: Mon, 9 Nov 2009 17:13:07 -0000 (UTC)<br>> From: tnt@kalik.net<br>> Subject: Re: Freeradius set up help<br>> To: "FreeRadius users mailing list"<br>> <freeradius-users@lists.freeradius.org><br>> Message-ID: <57421.87.194.16.13.1257786787.squirrel@www.kalik.net><br>> Content-Type: text/plain;charset=iso-8859-1<br>> <br>> > Hello i'm trying to setup Freeradius to do wireless authcation when I try<br>> > to connect I get my peap certficte then it says "incorrect username or<br>> > password" below is the debug output<br>> ...<br>> <br>> > server inner-tunnel {<br>> > +- entering group authorize {...}<br>> > ++[chap] returns noop<br>> > ++[mschap] returns noop<br>> > ++[unix] returns notfound<br>> > ++[control] returns notfound<br>> > [eap] EAP packet type response id 109 length 67<br>> > [eap] No EAP Start, assuming it's an on-going EAP conversation<br>> > ++[eap] returns updated<br>> > ++[files] returns noop<br>> > ++[expiration] returns noop<br>> > ++[logintime] returns noop<br>> > ++[pap] returns noop<br>> > Found Auth-Type = EAP<br>> > +- entering group authenticate {...}<br>> > [eap] Request found, released from the list<br>> > [eap] EAP/mschapv2<br>> > [eap] processing type mschapv2<br>> > [mschapv2] +- entering group MS-CHAP {...}<br>> > [mschap] No Cleartext-Password configured. Cannot create LM-Password.<br>> > [mschap] No Cleartext-Password configured. Cannot create NT-Password.<br>> > [mschap] Told to do MS-CHAPv2 for ghorchem with NT-Password<br>> > [mschap] FAILED: No NT/LM-Password. Cannot perform authentication.<br>> > [mschap] FAILED: MS-CHAP2-Response is incorrect<br>> > ++[mschap] returns reject<br>> <br>> Where is your password? If it's in ldap, you haven't enabled ldap in<br>> inner-tunnel virtual server.<br>> <br>> Ivan Kalik<br>> Kalik Informatika ISP<br>> <br>> <br>> <br>> ------------------------------<br>> <br>> Message: 5<br>> Date: Mon, 9 Nov 2009 13:55:14 -0600<br>> From: David L Wolford <dwolford@uab.edu><br>> Subject: LDAP and IPPool<br>> To: "freeradius-users@lists.freeradius.org"<br>> <freeradius-users@lists.freeradius.org><br>> Message-ID:<br>> <0BCEA0B32DD1C342AFC672A2B8444BC911051D0A12@UABEXMBS5.ad.uab.edu><br>> Content-Type: text/plain; charset="us-ascii"<br>> <br>> I am trying to authenticate users via Freeradius 2.1.7 against LDAP. I would like to use a checkItem to determine ippool assignment to give users an IP address from defined pools. The LDAP portion is working correctly but I receive the message "Could not find Pool-Name attribute" in my debug output (hence no IP address is assigned). What am I missing?<br>> <br>> <br>> Thanks,<br>> <br>> David Wolford<br>> <br>> **************************<br>> <br>> My user file is as follows:<br>> <br>> Default Group-Name == Telecommunictations, Pool-Name := "Telecommunications"<br>> Fall-Through = Yes<br>> **************************<br>> My ldap.attrmap is as follows:<br>> <br>> checkItem radiusemployeedepartment uabemployeedepartment<br>> **************************<br>> My ippool is as follows:<br>> <br>> ippool Telecommunications{<br>> range-start = 10.0.0.1<br>> range-stop = 10.0.0.10<br>> netmask = 255.255.0.0<br>> cache-size = 10<br>> session-db = ${db_dir}/db.Telecommunications-session<br>> ip-index = ${db_dir}/db.Telecommunications-index<br>> override = yes<br>> }<br>> ***************************<br>> My debug output:<br>> <br>> [root@localhost sbin]# ./radiusd -X<br>> FreeRADIUS Version 2.1.7, for host i386-redhat-linux-gnu, built on Sep 18 2009 at 10:59:17<br>> Copyright (C) 1999-2009 The FreeRADIUS server project and contributors.<br>> There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A<br>> PARTICULAR PURPOSE.<br>> You may redistribute copies of FreeRADIUS under the terms of the<br>> GNU General Public License v2.<br>> Starting - reading configuration files ...<br>> including configuration file /etc/raddb/radiusd.conf<br>> including configuration file /etc/raddb/proxy.conf<br>> including configuration file /etc/raddb/clients.conf<br>> including files in directory /etc/raddb/modules/<br>> including configuration file /etc/raddb/modules/smbpasswd<br>> including configuration file /etc/raddb/modules/inner-eap<br>> including configuration file /etc/raddb/modules/otp<br>> including configuration file /etc/raddb/modules/radutmp<br>> including configuration file /etc/raddb/modules/mschap<br>> including configuration file /etc/raddb/modules/mac2vlan<br>> including configuration file /etc/raddb/modules/ippool<br>> including configuration file /etc/raddb/modules/mac2ip<br>> including configuration file /etc/raddb/modules/passwd<br>> including configuration file /etc/raddb/modules/detail.example.com<br>> including configuration file /etc/raddb/modules/preprocess<br>> including configuration file /etc/raddb/modules/detail<br>> including configuration file /etc/raddb/modules/sradutmp<br>> including configuration file /etc/raddb/modules/logintime<br>> including configuration file /etc/raddb/modules/echo<br>> including configuration file /etc/raddb/modules/acct_unique<br>> including configuration file /etc/raddb/modules/etc_group<br>> including configuration file /etc/raddb/modules/detail.log<br>> including configuration file /etc/raddb/modules/counter<br>> including configuration file /etc/raddb/modules/unix<br>> including configuration file /etc/raddb/modules/digest<br>> including configuration file /etc/raddb/modules/wimax<br>> including configuration file /etc/raddb/modules/sqlcounter_expire_on_login<br>> including configuration file /etc/raddb/modules/ldap<br>> including configuration file /etc/raddb/modules/sql_log<br>> including configuration file /etc/raddb/modules/attr_filter<br>> including configuration file /etc/raddb/modules/expr<br>> including configuration file /etc/raddb/modules/checkval<br>> including configuration file /etc/raddb/modules/files<br>> including configuration file /etc/raddb/modules/attr_rewrite<br>> including configuration file /etc/raddb/modules/cui<br>> including configuration file /etc/raddb/modules/perl<br>> including configuration file /etc/raddb/modules/exec<br>> including configuration file /etc/raddb/modules/smsotp<br>> including configuration file /etc/raddb/modules/linelog<br>> including configuration file /etc/raddb/modules/chap<br>> including configuration file /etc/raddb/modules/policy<br>> including configuration file /etc/raddb/modules/pap<br>> including configuration file /etc/raddb/modules/pam<br>> including configuration file /etc/raddb/modules/always<br>> including configuration file /etc/raddb/modules/expiration<br>> including configuration file /etc/raddb/modules/realm<br>> including configuration file /etc/raddb/eap.conf<br>> including configuration file /etc/raddb/policy.conf<br>> including files in directory /etc/raddb/sites-enabled/<br>> including configuration file /etc/raddb/sites-enabled/default<br>> including configuration file /etc/raddb/sites-enabled/control-socket<br>> including configuration file /etc/raddb/sites-enabled/inner-tunnel<br>> group = radiusd<br>> user = radiusd<br>> including dictionary file /etc/raddb/dictionary<br>> main {<br>> prefix = "/usr"<br>> localstatedir = "/var"<br>> logdir = "/var/log/radius"<br>> libdir = "/usr/lib/freeradius"<br>> radacctdir = "/var/log/radius/radacct"<br>> hostname_lookups = no<br>> max_request_time = 30<br>> cleanup_delay = 5<br>> max_requests = 1024<br>> allow_core_dumps = no<br>> pidfile = "/var/run/radiusd/radiusd.pid"<br>> checkrad = "/usr/sbin/checkrad"<br>> debug_level = 0<br>> proxy_requests = yes<br>> log {<br>> stripped_names = no<br>> auth = no<br>> auth_badpass = no<br>> auth_goodpass = no<br>> }<br>> security {<br>> max_attributes = 200<br>> reject_delay = 1<br>> status_server = yes<br>> }<br>> }<br>> radiusd: #### Loading Realms and Home Servers ####<br>> proxy server {<br>> retry_delay = 5<br>> retry_count = 3<br>> default_fallback = no<br>> dead_time = 120<br>> wake_all_if_all_dead = no<br>> }<br>> home_server localhost {<br>> ipaddr = 127.0.0.1<br>> port = 1812<br>> type = "auth"<br>> secret = "testing123"<br>> response_window = 20<br>> max_outstanding = 65536<br>> require_message_authenticator = no<br>> zombie_period = 40<br>> status_check = "status-server"<br>> ping_interval = 30<br>> check_interval = 30<br>> num_answers_to_alive = 3<br>> num_pings_to_alive = 3<br>> revive_interval = 120<br>> status_check_timeout = 4<br>> irt = 2<br>> mrt = 16<br>> mrc = 5<br>> mrd = 30<br>> }<br>> home_server_pool my_auth_failover {<br>> type = fail-over<br>> home_server = localhost<br>> }<br>> realm example.com {<br>> auth_pool = my_auth_failover<br>> }<br>> realm LOCAL {<br>> }<br>> radiusd: #### Loading Clients ####<br>> client localhost {<br>> ipaddr = 127.0.0.1<br>> require_message_authenticator = no<br>> secret = "testing123"<br>> nastype = "other"<br>> }<br>> client x.x.x.x {<br>> require_message_authenticator = no<br>> secret = "*********"<br>> shortname = "ASA1"<br>> }<br>> client x.x.x.x {<br>> require_message_authenticator = no<br>> secret = "*********"<br>> shortname = "ASA2"<br>> }<br>> radiusd: #### Instantiating modules ####<br>> instantiate {<br>> Module: Linked to module rlm_exec<br>> Module: Instantiating exec<br>> exec {<br>> wait = no<br>> input_pairs = "request"<br>> shell_escape = yes<br>> }<br>> Module: Linked to module rlm_expr<br>> Module: Instantiating expr<br>> Module: Linked to module rlm_expiration<br>> Module: Instantiating expiration<br>> expiration {<br>> reply-message = "Password Has Expired "<br>> }<br>> Module: Linked to module rlm_logintime<br>> Module: Instantiating logintime<br>> logintime {<br>> reply-message = "You are calling outside your allowed timespan "<br>> minimum-timeout = 60<br>> }<br>> }<br>> radiusd: #### Loading Virtual Servers ####<br>> server inner-tunnel {<br>> modules {<br>> Module: Checking authenticate {...} for more modules to load<br>> Module: Linked to module rlm_pap<br>> Module: Instantiating pap<br>> pap {<br>> encryption_scheme = "auto"<br>> auto_header = no<br>> }<br>> Module: Linked to module rlm_chap<br>> Module: Instantiating chap<br>> Module: Linked to module rlm_mschap<br>> Module: Instantiating mschap<br>> mschap {<br>> use_mppe = yes<br>> require_encryption = no<br>> require_strong = no<br>> with_ntdomain_hack = no<br>> }<br>> Module: Linked to module rlm_unix<br>> Module: Instantiating unix<br>> unix {<br>> radwtmp = "/var/log/radius/radwtmp"<br>> }<br>> Module: Linked to module rlm_ldap<br>> Module: Instantiating ldap<br>> ldap {<br>> server = "my ldap server"<br>> port = 389<br>> password = ""<br>> identity = ""<br>> net_timeout = 1<br>> timeout = 4<br>> timelimit = 3<br>> tls_mode = no<br>> start_tls = no<br>> tls_require_cert = "allow"<br>> tls {<br>> start_tls = no<br>> require_cert = "allow"<br>> }<br>> basedn = "dc=some,dc=company"<br>> filter = "(uid=%u)"<br>> base_filter = "(objectclass=radiusprofile)"<br>> auto_header = no<br>> access_attr_used_for_allow = yes<br>> groupname_attribute = "cn"<br>> groupmembership_filter = "(|(&(objectClass=GroupOfNames)(member=%{control:Ldap-UserDn}))(&(objectClass=GroupOfUniqueNames)(uniquemember=%{control:Ldap-UserDn})))"<br>> dictionary_mapping = "/etc/raddb/ldap.attrmap"<br>> ldap_debug = 0<br>> ldap_connections_number = 5<br>> compare_check_items = no<br>> do_xlat = yes<br>> set_auth_type = yes<br>> }<br>> rlm_ldap: Registering ldap_groupcmp for Ldap-Group<br>> rlm_ldap: Registering ldap_xlat with xlat_name ldap<br>> rlm_ldap: reading ldap<->radius mappings from file /etc/raddb/ldap.attrmap<br>> rlm_ldap: LDAP radiusCheckItem mapped to RADIUS $GENERIC$<br>> rlm_ldap: LDAP radiusReplyItem mapped to RADIUS $GENERIC$<br>> rlm_ldap: LDAP radiusAuthType mapped to RADIUS Auth-Type<br>> rlm_ldap: LDAP radiusSimultaneousUse mapped to RADIUS Simultaneous-Use<br>> rlm_ldap: LDAP radiusCalledStationId mapped to RADIUS Called-Station-Id<br>> rlm_ldap: LDAP radiusCallingStationId mapped to RADIUS Calling-Station-Id<br>> rlm_ldap: LDAP lmPassword mapped to RADIUS LM-Password<br>> rlm_ldap: LDAP ntPassword mapped to RADIUS NT-Password<br>> rlm_ldap: LDAP sambaLmPassword mapped to RADIUS LM-Password<br>> rlm_ldap: LDAP sambaNtPassword mapped to RADIUS NT-Password<br>> rlm_ldap: LDAP dBCSPwd mapped to RADIUS LM-Password<br>> rlm_ldap: LDAP acctFlags mapped to RADIUS SMB-Account-CTRL-TEXT<br>> rlm_ldap: LDAP radiusExpiration mapped to RADIUS Expiration<br>> rlm_ldap: LDAP radiusNASIpAddress mapped to RADIUS NAS-IP-Address<br>> rlm_ldap: LDAP uabemployeedepartment mapped to RADIUS radiusemployeedepartment<br>> rlm_ldap: LDAP radiusServiceType mapped to RADIUS Service-Type<br>> rlm_ldap: LDAP radiusFramedProtocol mapped to RADIUS Framed-Protocol<br>> rlm_ldap: LDAP radiusFramedIPAddress mapped to RADIUS Framed-IP-Address<br>> rlm_ldap: LDAP radiusFramedIPNetmask mapped to RADIUS Framed-IP-Netmask<br>> rlm_ldap: LDAP radiusFramedRoute mapped to RADIUS Framed-Route<br>> rlm_ldap: LDAP radiusFramedRouting mapped to RADIUS Framed-Routing<br>> rlm_ldap: LDAP radiusFilterId mapped to RADIUS Filter-Id<br>> rlm_ldap: LDAP radiusFramedMTU mapped to RADIUS Framed-MTU<br>> rlm_ldap: LDAP radiusFramedCompression mapped to RADIUS Framed-Compression<br>> rlm_ldap: LDAP radiusLoginIPHost mapped to RADIUS Login-IP-Host<br>> rlm_ldap: LDAP radiusLoginService mapped to RADIUS Login-Service<br>> rlm_ldap: LDAP radiusLoginTCPPort mapped to RADIUS Login-TCP-Port<br>> rlm_ldap: LDAP radiusCallbackNumber mapped to RADIUS Callback-Number<br>> rlm_ldap: LDAP radiusCallbackId mapped to RADIUS Callback-Id<br>> rlm_ldap: LDAP radiusFramedIPXNetwork mapped to RADIUS Framed-IPX-Network<br>> rlm_ldap: LDAP radiusClass mapped to RADIUS Class<br>> rlm_ldap: LDAP radiusSessionTimeout mapped to RADIUS Session-Timeout<br>> rlm_ldap: LDAP radiusIdleTimeout mapped to RADIUS Idle-Timeout<br>> rlm_ldap: LDAP radiusTerminationAction mapped to RADIUS Termination-Action<br>> rlm_ldap: LDAP radiusLoginLATService mapped to RADIUS Login-LAT-Service<br>> rlm_ldap: LDAP radiusLoginLATNode mapped to RADIUS Login-LAT-Node<br>> rlm_ldap: LDAP radiusLoginLATGroup mapped to RADIUS Login-LAT-Group<br>> rlm_ldap: LDAP radiusFramedAppleTalkLink mapped to RADIUS Framed-AppleTalk-Link<br>> rlm_ldap: LDAP radiusFramedAppleTalkNetwork mapped to RADIUS Framed-AppleTalk-Network<br>> rlm_ldap: LDAP radiusFramedAppleTalkZone mapped to RADIUS Framed-AppleTalk-Zone<br>> rlm_ldap: LDAP radiusPortLimit mapped to RADIUS Port-Limit<br>> rlm_ldap: LDAP radiusLoginLATPort mapped to RADIUS Login-LAT-Port<br>> rlm_ldap: LDAP radiusReplyMessage mapped to RADIUS Reply-Message<br>> rlm_ldap: LDAP radiusTunnelType mapped to RADIUS Tunnel-Type<br>> rlm_ldap: LDAP radiusTunnelMediumType mapped to RADIUS Tunnel-Medium-Type<br>> rlm_ldap: LDAP radiusTunnelPrivateGroupId mapped to RADIUS Tunnel-Private-Group-Id<br>> conns: 0x9bb7a50<br>> Module: Linked to module rlm_eap<br>> Module: Instantiating eap<br>> eap {<br>> default_eap_type = "md5"<br>> timer_expire = 60<br>> ignore_unknown_eap_types = no<br>> cisco_accounting_username_bug = no<br>> max_sessions = 2048<br>> }<br>> Module: Linked to sub-module rlm_eap_md5<br>> Module: Instantiating eap-md5<br>> Module: Linked to sub-module rlm_eap_leap<br>> Module: Instantiating eap-leap<br>> Module: Linked to sub-module rlm_eap_gtc<br>> Module: Instantiating eap-gtc<br>> gtc {<br>> challenge = "Password: "<br>> auth_type = "PAP"<br>> }<br>> Module: Linked to sub-module rlm_eap_tls<br>> Module: Instantiating eap-tls<br>> tls {<br>> rsa_key_exchange = no<br>> dh_key_exchange = yes<br>> rsa_key_length = 512<br>> dh_key_length = 512<br>> verify_depth = 0<br>> pem_file_type = yes<br>> private_key_file = "/etc/raddb/certs/server.pem"<br>> certificate_file = "/etc/raddb/certs/server.pem"<br>> CA_file = "/etc/raddb/certs/ca.pem"<br>> private_key_password = "whatever"<br>> dh_file = "/etc/raddb/certs/dh"<br>> random_file = "/etc/raddb/certs/random"<br>> fragment_size = 1024<br>> include_length = yes<br>> check_crl = no<br>> cipher_list = "DEFAULT"<br>> make_cert_command = "/etc/raddb/certs/bootstrap"<br>> cache {<br>> enable = no<br>> lifetime = 24<br>> max_entries = 255<br>> }<br>> }<br>> Module: Linked to sub-module rlm_eap_ttls<br>> Module: Instantiating eap-ttls<br>> ttls {<br>> default_eap_type = "md5"<br>> copy_request_to_tunnel = no<br>> use_tunneled_reply = no<br>> virtual_server = "inner-tunnel"<br>> include_length = yes<br>> }<br>> Module: Linked to sub-module rlm_eap_peap<br>> Module: Instantiating eap-peap<br>> peap {<br>> default_eap_type = "mschapv2"<br>> copy_request_to_tunnel = no<br>> use_tunneled_reply = no<br>> proxy_tunneled_request_as_eap = yes<br>> virtual_server = "inner-tunnel"<br>> }<br>> Module: Linked to sub-module rlm_eap_mschapv2<br>> Module: Instantiating eap-mschapv2<br>> mschapv2 {<br>> with_ntdomain_hack = no<br>> }<br>> Module: Checking authorize {...} for more modules to load<br>> Module: Linked to module rlm_realm<br>> Module: Instantiating suffix<br>> realm suffix {<br>> format = "suffix"<br>> delimiter = "@"<br>> ignore_default = no<br>> ignore_null = no<br>> }<br>> Module: Linked to module rlm_files<br>> Module: Instantiating files<br>> files {<br>> usersfile = "/etc/raddb/users"<br>> acctusersfile = "/etc/raddb/acct_users"<br>> preproxy_usersfile = "/etc/raddb/preproxy_users"<br>> compat = "no"<br>> }<br>> Module: Checking session {...} for more modules to load<br>> Module: Linked to module rlm_radutmp<br>> Module: Instantiating radutmp<br>> radutmp {<br>> filename = "/var/log/radius/radutmp"<br>> username = "%{User-Name}"<br>> case_sensitive = yes<br>> check_with_nas = yes<br>> perm = 384<br>> callerid = yes<br>> }<br>> Module: Checking post-proxy {...} for more modules to load<br>> Module: Checking post-auth {...} for more modules to load<br>> Module: Linked to module rlm_attr_filter<br>> Module: Instantiating attr_filter.access_reject<br>> attr_filter attr_filter.access_reject {<br>> attrsfile = "/etc/raddb/attrs.access_reject"<br>> key = "%{User-Name}"<br>> }<br>> } # modules<br>> } # server<br>> server {<br>> modules {<br>> Module: Checking authenticate {...} for more modules to load<br>> Module: Checking authorize {...} for more modules to load<br>> Module: Linked to module rlm_preprocess<br>> Module: Instantiating preprocess<br>> preprocess {<br>> huntgroups = "/etc/raddb/huntgroups"<br>> hints = "/etc/raddb/hints"<br>> with_ascend_hack = no<br>> ascend_channels_per_line = 23<br>> with_ntdomain_hack = no<br>> with_specialix_jetstream_hack = no<br>> with_cisco_vsa_hack = no<br>> with_alvarion_vsa_hack = no<br>> }<br>> Module: Checking preacct {...} for more modules to load<br>> Module: Linked to module rlm_acct_unique<br>> Module: Instantiating acct_unique<br>> acct_unique {<br>> key = "User-Name, Acct-Session-Id, NAS-IP-Address, Client-IP-Address, NAS-Port"<br>> }<br>> Module: Checking accounting {...} for more modules to load<br>> Module: Linked to module rlm_detail<br>> Module: Instantiating detail<br>> detail {<br>> detailfile = "/var/log/radius/radacct/%{Client-IP-Address}/detail-%Y%m%d"<br>> header = "%t"<br>> detailperm = 384<br>> dirperm = 493<br>> locking = no<br>> log_packet_header = no<br>> }<br>> Module: Linked to module rlm_ippool<br>> Module: Instantiating main_pool<br>> ippool main_pool {<br>> session-db = "/etc/raddb/db.ippool"<br>> ip-index = "/etc/raddb/db.ipindex"<br>> key = "%{NAS-IP-Address} %{NAS-Port}"<br>> range-start = 192.168.1.1<br>> range-stop = 192.168.3.254<br>> netmask = 255.255.255.0<br>> cache-size = 800<br>> override = no<br>> maximum-timeout = 0<br>> }<br>> Module: Instantiating Telecommunications<br>> ippool Telecommunications {<br>> session-db = "/etc/raddb/db.Telecommunications-session"<br>> ip-index = "/etc/raddb/db.Telecommunications-index"<br>> key = "%{NAS-IP-Address} %{NAS-Port}"<br>> range-start = x.x.x.x<br>> range-stop = x.x.x.x<br>> netmask = 255.255.0.0<br>> cache-size = 10<br>> override = yes<br>> maximum-timeout = 0<br>> }<br>> Module: Instantiating attr_filter.accounting_response<br>> attr_filter attr_filter.accounting_response {<br>> attrsfile = "/etc/raddb/attrs.accounting_response"<br>> key = "%{User-Name}"<br>> }<br>> Module: Checking session {...} for more modules to load<br>> Module: Checking post-proxy {...} for more modules to load<br>> Module: Checking post-auth {...} for more modules to load<br>> } # modules<br>> } # server<br>> radiusd: #### Opening IP addresses and Ports ####<br>> listen {<br>> type = "auth"<br>> ipaddr = *<br>> port = 0<br>> }<br>> listen {<br>> type = "acct"<br>> ipaddr = *<br>> port = 0<br>> }<br>> listen {<br>> type = "control"<br>> listen {<br>> socket = "/var/run/radiusd/radiusd.sock"<br>> }<br>> }<br>> Listening on authentication address * port 1812<br>> Listening on accounting address * port 1813<br>> Listening on command file /var/run/radiusd/radiusd.sock<br>> Listening on proxy address * port 1814<br>> Ready to process requests.<br>> rad_recv: Access-Request packet from host 127.0.0.1 port 39140, id=250, length=60<br>> User-Name = "dwo*****"<br>> User-Password = "Ap*********"<br>> NAS-IP-Address = 127.0.0.1<br>> NAS-Port = 1812<br>> +- entering group authorize {...}<br>> ++[preprocess] returns ok<br>> ++[chap] returns noop<br>> ++[mschap] returns noop<br>> [suffix] No '@' in User-Name = "dwo*****", looking up realm NULL<br>> [suffix] No such realm "NULL"<br>> ++[suffix] returns noop<br>> [eap] No EAP-Message, not doing EAP<br>> ++[eap] returns noop<br>> ++[unix] returns notfound<br>> ++[files] returns noop<br>> [ldap] performing user authorization for dwo*****<br>> [ldap] expand: (uid=%u) -> (uid=dwo*****)<br>> [ldap] expand: dc=some,dc=company -> dc=some,dc=company<br>> rlm_ldap: ldap_get_conn: Checking Id: 0<br>> rlm_ldap: ldap_get_conn: Got Id: 0<br>> rlm_ldap: attempting LDAP reconnection<br>> rlm_ldap: (re)connect to ldap.company:389, authentication 0<br>> rlm_ldap: bind as / to ldap.company:389<br>> rlm_ldap: waiting for bind result ...<br>> rlm_ldap: Bind was successful<br>> rlm_ldap: performing search in dc=some,dc=company, with filter (uid=dwo*****)<br>> [ldap] looking for check items in directory...<br>> rlm_ldap: uabemployeedepartment -> radiusemployeedepartment == "Telecommunications"<br>> [ldap] looking for reply items in directory...<br>> WARNING: No "known good" password was found in LDAP. Are you sure that the user is configured correctly?<br>> [ldap] Setting Auth-Type = LDAP<br>> [ldap] user dwo***** authorized to use remote access<br>> rlm_ldap: ldap_release_conn: Release Id: 0<br>> ++[ldap] returns ok<br>> ++[expiration] returns noop<br>> ++[logintime] returns noop<br>> [pap] WARNING! No "known good" password found for the user. Authentication may fail because of this.<br>> ++[pap] returns noop<br>> Found Auth-Type = LDAP<br>> +- entering group LDAP {...}<br>> [ldap] login attempt by "dwo*****" with password "Ap*********"<br>> [ldap] user DN: uid=dwo*****, ou=people, dc=some, dc=company<br>> rlm_ldap: (re)connect to ldap.company:389, authentication 1<br>> rlm_ldap: bind as uid=dwo*****, ou=people, dc=some, dc=company/Ap********* to ldap.company:389<br>> rlm_ldap: waiting for bind result ...<br>> rlm_ldap: Bind was successful<br>> [ldap] user dwo***** authenticated succesfully<br>> ++[ldap] returns ok<br>> +- entering group post-auth {...}<br>> [main_pool] Could not find Pool-Name attribute.<br>> ++[main_pool] returns noop<br>> [Telecommunications] Could not find Pool-Name attribute.<br>> ++[Telecommunications] returns noop<br>> ++[exec] returns noop<br>> Sending Access-Accept of id 250 to 127.0.0.1 port 39140<br>> Finished request 0.<br>> Going to the next request<br>> Waking up in 4.9 seconds.<br>> <br>> <br>> <br>> -------------- next part --------------<br>> An HTML attachment was scrubbed...<br>> URL: <https://lists.freeradius.org/pipermail/freeradius-users/attachments/20091109/2fdbb9a9/attachment.html><br>> <br>> ------------------------------<br>> <br>> -<br>> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html<br>> <br>> <br>> End of Freeradius-Users Digest, Vol 55, Issue 34<br>> ************************************************<br> <br /><hr />Windows Live: Make it easier for your friends to see <a href='http://www.microsoft.com/middleeast/windows/windowslive/see-it-in-action/social-network-basics.aspx?ocid=PID23461::T:WLMTAGL:ON:WL:en-xm:SI_SB_2:092009' target='_new'>what you’re up to on Facebook.</a></body>
</html>