<table cellspacing="0" cellpadding="0" border="0" ><tr><td valign="top" style="font: inherit;"><DIV>I got same issue in another linux server. I think there are configration wrong. Can you give me some advise, Thanks.</DIV>
<DIV> </DIV>
<DIV>[root@device-fc12 ~]# radiusd -X<BR>FreeRADIUS Version 2.1.9, for host i686-pc-linux-gnu, built on Jun 28 2010 at 08:46:11<BR>Copyright (C) 1999-2009 The FreeRADIUS server project and contributors. <BR>There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A <BR>PARTICULAR PURPOSE. <BR>You may redistribute copies of FreeRADIUS under the terms of the <BR>GNU General Public License v2. <BR>Starting - reading configuration files ...<BR>including configuration file /usr/local/etc/raddb/radiusd.conf<BR>including configuration file /usr/local/etc/raddb/clients.conf<BR>including files in directory /usr/local/etc/raddb/modules/<BR>including configuration file /usr/local/etc/raddb/modules/ldap<BR>including configuration file /usr/local/etc/raddb/modules/ntlm_auth<BR>including configuration file /usr/local/etc/raddb/modules/chap<BR>including configuration file /usr/local/etc/raddb/modules/exec<BR>including configuration file
/usr/local/etc/raddb/modules/pap<BR>including configuration file /usr/local/etc/raddb/modules/mschap<BR>including configuration file /usr/local/etc/raddb/modules/realm<BR>including configuration file /usr/local/etc/raddb/eap.conf<BR>including configuration file /usr/local/etc/raddb/policy.conf<BR>including files in directory /usr/local/etc/raddb/sites-enabled/<BR>including configuration file /usr/local/etc/raddb/sites-enabled/default<BR>main {<BR> allow_core_dumps = no<BR>}<BR>including dictionary file /usr/local/etc/raddb/dictionary<BR>main {<BR> prefix = "/usr/local"<BR> localstatedir = "/usr/local/var"<BR> logdir = "/usr/local/var/log/radius"<BR> libdir = "/usr/local/lib"<BR> radacctdir =
"/usr/local/var/log/radius/radacct"<BR> hostname_lookups = no<BR> max_request_time = 30<BR> cleanup_delay = 5<BR> max_requests = 256<BR> pidfile = "/usr/local/var/run/radiusd/radiusd.pid"<BR> checkrad = "/usr/local/sbin/checkrad"<BR> debug_level = 0<BR> proxy_requests = yes<BR> log {<BR> stripped_names = no<BR> auth = no<BR> auth_badpass = no<BR> auth_goodpass = no<BR> }<BR> security {<BR>
max_attributes = 200<BR> reject_delay = 1<BR> status_server = yes<BR> }<BR>}<BR>radiusd: #### Loading Realms and Home Servers ####<BR>radiusd: #### Loading Clients ####<BR> client localhost {<BR> ipaddr = 127.0.0.1<BR> require_message_authenticator = no<BR> secret = "aerohive"<BR> shortname = "localhost"<BR> nastype = "other"<BR> }<BR> client 10.155.20.0/24 {<BR> require_message_authenticator = no<BR> secret = "aerohive"<BR> shortname = "private-network-1"<BR> }<BR>radiusd: #### Instantiating modules
####<BR> instantiate {<BR> Module: Linked to module rlm_exec<BR> Module: Instantiating exec<BR> exec {<BR> wait = no<BR> input_pairs = "request"<BR> shell_escape = yes<BR> }<BR> }<BR>radiusd: #### Loading Virtual Servers ####<BR>server {<BR> modules {<BR> Module: Checking authenticate {...} for more modules to load<BR> Module: Linked to module rlm_pap<BR> Module: Instantiating pap<BR> pap {<BR> encryption_scheme = "auto"<BR> auto_header = yes<BR> }<BR> Module: Linked to module rlm_chap<BR> Module: Instantiating chap<BR> Module: Linked to module rlm_mschap<BR> Module: Instantiating mschap<BR> mschap {<BR> use_mppe =
yes<BR> require_encryption = no<BR> require_strong = no<BR> with_ntdomain_hack = yes<BR> ntlm_auth = "/usr/bin/ntlm_auth --request-nt-key --domain=%{%{mschap:NT-Domain}:-AEROHIVE-HZ} --username=%{mschap:User-Name:-None} --challenge=%{mschap:Challenge:-00} --nt-response=%{mschap:NT-Response:-00}"<BR> }<BR> Module: Linked to module rlm_ldap<BR> Module: Instantiating ldap<BR> ldap {<BR> server = "10.155.3.2"<BR> port = 389<BR> password = "w2006njh"<BR> identity = "<A href="mailto:hhe@aerohive-hz.cn">hhe@aerohive-hz.cn</A>"<BR> net_timeout =
1<BR> timeout = 4<BR> timelimit = 3<BR> tls_mode = no<BR> start_tls = no<BR> tls_require_cert = "allow"<BR> tls {<BR> start_tls = no<BR> require_cert = "allow"<BR> }<BR> basedn = "OU=Domain Controllers,dc=aerohive-hz,dc=cn"<BR> filter = "(sAMAccountName=%{mschap:User-Name})"<BR> base_filter = "(objectclass=radiusprofile)"<BR> auto_header = no<BR> access_attr_used_for_allow = yes<BR>
groupname_attribute = "cn"<BR> groupmembership_filter = "(|(&(objectClass=GroupOfNames)(member=%{Ldap-UserDn}))(&(objectClass=GroupOfUniqueNames)(uniquemember=%{Ldap-UserDn})))"<BR> dictionary_mapping = "/usr/local/etc/raddb/ldap.attrmap"<BR> ldap_debug = 40<BR> ldap_connections_number = 5<BR> compare_check_items = no<BR> do_xlat = yes<BR> set_auth_type = yes<BR> }<BR>rlm_ldap: Registering ldap_groupcmp for Ldap-Group<BR>rlm_ldap: Registering ldap_xlat with xlat_name ldap<BR>rlm_ldap: reading ldap<->radius mappings from file /usr/local/etc/raddb/ldap.attrmap<BR>rlm_ldap: LDAP radiusCheckItem mapped to RADIUS $GENERIC$<BR>rlm_ldap: LDAP
radiusReplyItem mapped to RADIUS $GENERIC$<BR>rlm_ldap: LDAP radiusAuthType mapped to RADIUS Auth-Type<BR>rlm_ldap: LDAP radiusSimultaneousUse mapped to RADIUS Simultaneous-Use<BR>rlm_ldap: LDAP radiusCalledStationId mapped to RADIUS Called-Station-Id<BR>rlm_ldap: LDAP radiusCallingStationId mapped to RADIUS Calling-Station-Id<BR>rlm_ldap: LDAP lmPassword mapped to RADIUS LM-Password<BR>rlm_ldap: LDAP ntPassword mapped to RADIUS NT-Password<BR>rlm_ldap: LDAP sambaLmPassword mapped to RADIUS LM-Password<BR>rlm_ldap: LDAP sambaNtPassword mapped to RADIUS NT-Password<BR>rlm_ldap: LDAP dBCSPwd mapped to RADIUS LM-Password<BR>rlm_ldap: LDAP acctFlags mapped to RADIUS SMB-Account-CTRL-TEXT<BR>rlm_ldap: LDAP radiusExpiration mapped to RADIUS Expiration<BR>rlm_ldap: LDAP radiusNASIpAddress mapped to RADIUS NAS-IP-Address<BR>rlm_ldap: LDAP radiusServiceType mapped to RADIUS Service-Type<BR>rlm_ldap: LDAP radiusFramedProtocol mapped to RADIUS
Framed-Protocol<BR>rlm_ldap: LDAP radiusFramedIPAddress mapped to RADIUS Framed-IP-Address<BR>rlm_ldap: LDAP radiusFramedIPNetmask mapped to RADIUS Framed-IP-Netmask<BR>rlm_ldap: LDAP radiusFramedRoute mapped to RADIUS Framed-Route<BR>rlm_ldap: LDAP radiusFramedRouting mapped to RADIUS Framed-Routing<BR>rlm_ldap: LDAP radiusFilterId mapped to RADIUS Filter-Id<BR>rlm_ldap: LDAP radiusFramedMTU mapped to RADIUS Framed-MTU<BR>rlm_ldap: LDAP radiusFramedCompression mapped to RADIUS Framed-Compression<BR>rlm_ldap: LDAP radiusLoginIPHost mapped to RADIUS Login-IP-Host<BR>rlm_ldap: LDAP radiusLoginService mapped to RADIUS Login-Service<BR>rlm_ldap: LDAP radiusLoginTCPPort mapped to RADIUS Login-TCP-Port<BR>rlm_ldap: LDAP radiusCallbackNumber mapped to RADIUS Callback-Number<BR>rlm_ldap: LDAP radiusCallbackId mapped to RADIUS Callback-Id<BR>rlm_ldap: LDAP radiusFramedIPXNetwork mapped to RADIUS Framed-IPX-Network<BR>rlm_ldap: LDAP radiusClass mapped to RADIUS
Class<BR>rlm_ldap: LDAP radiusSessionTimeout mapped to RADIUS Session-Timeout<BR>rlm_ldap: LDAP radiusIdleTimeout mapped to RADIUS Idle-Timeout<BR>rlm_ldap: LDAP radiusTerminationAction mapped to RADIUS Termination-Action<BR>rlm_ldap: LDAP radiusLoginLATService mapped to RADIUS Login-LAT-Service<BR>rlm_ldap: LDAP radiusLoginLATNode mapped to RADIUS Login-LAT-Node<BR>rlm_ldap: LDAP radiusLoginLATGroup mapped to RADIUS Login-LAT-Group<BR>rlm_ldap: LDAP radiusFramedAppleTalkLink mapped to RADIUS Framed-AppleTalk-Link<BR>rlm_ldap: LDAP radiusFramedAppleTalkNetwork mapped to RADIUS Framed-AppleTalk-Network<BR>rlm_ldap: LDAP radiusFramedAppleTalkZone mapped to RADIUS Framed-AppleTalk-Zone<BR>rlm_ldap: LDAP radiusPortLimit mapped to RADIUS Port-Limit<BR>rlm_ldap: LDAP radiusLoginLATPort mapped to RADIUS Login-LAT-Port<BR>rlm_ldap: LDAP radiusReplyMessage mapped to RADIUS Reply-Message<BR>rlm_ldap: LDAP radiusTunnelType mapped to RADIUS Tunnel-Type<BR>rlm_ldap:
LDAP radiusTunnelMediumType mapped to RADIUS Tunnel-Medium-Type<BR>rlm_ldap: LDAP radiusTunnelPrivateGroupId mapped to RADIUS Tunnel-Private-Group-Id<BR>conns: 0x9bfad38<BR> Module: Linked to module rlm_eap<BR> Module: Instantiating eap<BR> eap {<BR> default_eap_type = "md5"<BR> timer_expire = 60<BR> ignore_unknown_eap_types = no<BR> cisco_accounting_username_bug = no<BR> max_sessions = 4096<BR> }<BR> Module: Linked to sub-module rlm_eap_md5<BR> Module: Instantiating eap-md5<BR> Module: Linked to sub-module rlm_eap_leap<BR> Module: Instantiating eap-leap<BR> Module: Linked to sub-module rlm_eap_tls<BR> Module: Instantiating eap-tls<BR> tls
{<BR> rsa_key_exchange = no<BR> dh_key_exchange = yes<BR> rsa_key_length = 512<BR> dh_key_length = 512<BR> verify_depth = 0<BR> pem_file_type = yes<BR> private_key_file = "/usr/local/etc/raddb/certs/radius_key.pem"<BR> certificate_file = "/usr/local/etc/raddb/certs/radius_cert.pem"<BR> CA_file = "/usr/local/etc/raddb/certs/authtestCA.pem"<BR> private_key_password = "whatever"<BR> dh_file = "/usr/local/etc/raddb/certs/dh"<BR> random_file =
"/usr/local/etc/raddb/certs/random"<BR> fragment_size = 1024<BR> include_length = yes<BR> check_crl = no<BR> cipher_list = "DEFAULT"<BR> make_cert_command = "/usr/local/etc/raddb/certs/bootstrap"<BR> cache {<BR> enable = no<BR> lifetime = 24<BR> max_entries = 255<BR> }<BR> }<BR> Module: Linked to sub-module rlm_eap_ttls<BR> Module: Instantiating eap-ttls<BR> ttls {<BR> default_eap_type = "md5"<BR> copy_request_to_tunnel = no<BR>
use_tunneled_reply = no<BR> virtual_server = "inner-tunnel"<BR> include_length = yes<BR> }<BR> Module: Linked to sub-module rlm_eap_peap<BR> Module: Instantiating eap-peap<BR> peap {<BR> default_eap_type = "mschapv2"<BR> copy_request_to_tunnel = no<BR> use_tunneled_reply = no<BR> proxy_tunneled_request_as_eap = yes<BR> virtual_server = "inner-tunnel"<BR> }<BR> Module: Linked to sub-module rlm_eap_mschapv2<BR> Module: Instantiating eap-mschapv2<BR> mschapv2 {<BR> with_ntdomain_hack = no<BR> }<BR> Module: Checking authorize {...} for more
modules to load<BR> Module: Loading virtual module do_not_respond<BR>/usr/local/etc/raddb/policy.conf[64]: Failed to load module "handled".<BR>/usr/local/etc/raddb/policy.conf[64]: Failed to parse "handled" entry.<BR>/usr/local/etc/raddb/sites-enabled/default[1]: Errors parsing authorize section.</DIV>
<DIV> </DIV>
<DIV><BR><BR>--- <B>10年9月9日,周四, John <I><elmer_radius@yahoo.com.cn></I></B> 写道:<BR></DIV>
<BLOCKQUOTE style="PADDING-LEFT: 5px; MARGIN-LEFT: 5px; BORDER-LEFT: rgb(16,16,255) 2px solid"><BR>发件人: John <elmer_radius@yahoo.com.cn><BR>主题: Failed to load module "handled"<BR>收件人: "FreeRadius users mailing list" <freeradius-users@lists.freeradius.org><BR>日期: 2010年9月9日,周四,下午3:51<BR><BR>
<DIV id=yiv2133071107>
<TABLE cellSpacing=0 cellPadding=0 border=0>
<TBODY>
<TR>
<TD vAlign=top>
<DIV>2010-09-09 07:42:10 err /usr/local/etc/raddb/sites-enabled/default[1]: Errors parsing authorize section. <BR>2010-09-09 07:42:10 err /usr/local/etc/raddb/policy.conf[10]: Failed to parse "handled" entry.<BR>2010-09-09 07:42:10 err /usr/local/etc/raddb/policy.conf[10]: Failed to load module "handled".<BR></DIV>
<DIV> </DIV>
<DIV>radiusd.conf:</DIV>
<DIV><EM>listen {<BR> ipaddr = *<BR> port = 1812<BR> type = auth<BR>}<BR>log {<BR> destination = syslog<BR> syslog_facility = daemon<BR>}</EM></DIV>
<DIV><EM>$INCLUDE ${confdir}/clients.conf<BR>modules {<BR> $INCLUDE ${confdir}/modules<BR>$INCLUDE ${confdir}/eap.conf</EM></DIV>
<DIV><EM>}</EM></DIV>
<DIV><EM>instantiate { <BR> exec <BR>}
<BR> <BR>$INCLUDE ${confdir}/policy.conf <BR>$INCLUDE ${confdir}/sites-enabled/default</EM> </DIV>
<DIV> </DIV>
<DIV> </DIV>
<DIV>policy.conf:</DIV>
<DIV><EM>policy {<BR> #<BR> do_not_respond {<BR> update control {<BR> Response-Packet-Type := Do-Not-Respond<BR> }</EM></DIV>
<DIV><EM> handled<BR> }<BR>}</EM></DIV>
<DIV><BR>--- <B>10年9月2日,周四, Alan DeKok <I><aland@deployingradius.com></I></B> 写道:<BR></DIV>
<BLOCKQUOTE style="PADDING-LEFT: 5px; MARGIN-LEFT: 5px; BORDER-LEFT: rgb(16,16,255) 2px solid"><BR>发件人: Alan DeKok <aland@deployingradius.com><BR>主题: Re:<BR>收件人: "FreeRadius users mailing list" <freeradius-users@lists.freeradius.org><BR>日期: 2010年9月2日,周四,下午9:12<BR><BR>
<DIV class=yiv2133071107plainMail>John wrote:<BR>> Hi all, We upgrade freeradius from 1.1.6 to 2.1.18 recently. Looks<BR>> 2.1.8 will reply a Access-Reject when [ldap] return fail, but 1.1.6 is<BR>> just keep silence. Is there a way to let 2.1.8 reply nothing in the case?<BR><BR> See raddb/policy.conf. Look for "do_not_respond"<BR><BR> Alan DeKok.<BR>-<BR>List info/subscribe/unsubscribe? See <A href="http://www.freeradius.org/list/users.html" target=_blank rel=nofollow>http://www.freeradius.org/list/users.html</A><BR></DIV></BLOCKQUOTE></TD></TR></TBODY></TABLE><BR> </DIV><BR>-----下面为附件内容-----<BR><BR>
<DIV class=plainMail>-<BR>List info/subscribe/unsubscribe? See <A href="http://www.freeradius.org/list/users.html" target=_blank>http://www.freeradius.org/list/users.html</A></DIV></BLOCKQUOTE></td></tr></table><br>