Hi <br>I did my tests and after removing that custom block of authorize section the following is the output. <br><br>rad_recv: Access-Request packet from host 127.0.0.1 port 54347, id=2, length=57<br> User-Name = "01546"<br>
User-Password = "xxxxxxxx"<br> NAS-IP-Address = 192.168.0.99<br> NAS-Port = 0<br>Sat Jan 21 19:21:08 2012 : Info: +- entering group authorize {...}<br>Sat Jan 21 19:21:08 2012 : Info: ++[preprocess] returns ok<br>
Sat Jan 21 19:21:08 2012 : Info: ++[chap] returns noop<br>Sat Jan 21 19:21:08 2012 : Info: ++[mschap] returns noop<br>Sat Jan 21 19:21:08 2012 : Info: [suffix] No '@' in User-Name = "01546", looking up realm NULL<br>
Sat Jan 21 19:21:08 2012 : Info: [suffix] No such realm "NULL"<br>Sat Jan 21 19:21:08 2012 : Info: ++[suffix] returns noop<br>Sat Jan 21 19:21:08 2012 : Info: [eap] No EAP-Message, not doing EAP<br>Sat Jan 21 19:21:08 2012 : Info: ++[eap] returns noop<br>
Sat Jan 21 19:21:08 2012 : Info: [ntlm_auth] expand: --username=%{mschap:User-Name} -> --username=01546<br>Sat Jan 21 19:21:08 2012 : Info: [ntlm_auth] expand: --password=%{User-Password} -> --password=xxxxxxxxx<br>
Sat Jan 21 19:21:08 2012 : Debug: Exec-Program output: NT_STATUS_OK: Success (0x0)<br>Sat Jan 21 19:21:08 2012 : Debug: Exec-Program-Wait: plaintext: NT_STATUS_OK: Success (0x0)<br>Sat Jan 21 19:21:08 2012 : Debug: Exec-Program: returned: 0<br>
Sat Jan 21 19:21:08 2012 : Info: ++[ntlm_auth] returns ok<br>Sat Jan 21 19:21:08 2012 : Info: ++[expiration] returns noop<br>Sat Jan 21 19:21:08 2012 : Info: ++[logintime] returns noop<br>Sat Jan 21 19:21:08 2012 : Info: [pap] WARNING! No "known good" password found for the user. Authentication may fail because of this.<br>
Sat Jan 21 19:21:08 2012 : Info: ++[pap] returns noop<br>Sat Jan 21 19:21:08 2012 : Info: No authenticate method (Auth-Type) configuration found for the request: Rejecting the user<br>Sat Jan 21 19:21:08 2012 : Info: Failed to authenticate the user.<br>
Sat Jan 21 19:21:08 2012 : Info: Using Post-Auth-Type Reject<br>Sat Jan 21 19:21:08 2012 : Info: +- entering group REJECT {...}<br>Sat Jan 21 19:21:08 2012 : Info: [attr_filter.access_reject] expand: %{User-Name} -> 01546<br>
Sat Jan 21 19:21:08 2012 : Debug: attr_filter: Matched entry DEFAULT at line 11<br><br>---------------------------------------------------------<br><br>So means that ntlm_auth is still wokring good bt some access control triggers the Access-Reject. <br>
<br>I am still directionless as to where should I head next, I mean how to make tht EAP client and MSCHAP authentication work. Would appreciate if I could get some handy quick and dirty list of works to do next OR some URL/mailing list entry etc which explains the same. <br>
<br>I am reading a FreeRadius book (Packet Publishing) which just might help. <br><br>Regards <br>Dhiraj Gaur <br><br><br><div class="gmail_quote">On Sat, Jan 21, 2012 at 7:12 PM, Dhiraj Gaur <span dir="ltr"><<a href="mailto:dhiraj.gaur@gmail.com">dhiraj.gaur@gmail.com</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">Thanks ndk and alan I lll give it a fresh try to the testbed. I have already deleted the DEFAULT entry from the users file and updated mschap as indicated. I think what might be forcing NTLM_AUTH is an entry which i made to the authorize section of default file after which ntlm_auth strated to work for me <br>
<br>if(!control:Auth-Type) {<br> update control {<br> Auth-Type = "ntlm_auth"<br> }<br> }<br>I ll try removing the same and then need to see how mschap thing will work. Would appreciate if you may point me to a further howto on the same. I aim to connect and eap client through radius without the use of certificates for which MSCHAP seems to be an option. <br>
<br>I think I ll write a howto or add a wiki entry if I can make it work fine. <br><br>regards <br><span class="HOEnZb"><font color="#888888">Dhiraj Gaur <br></font></span><div class="HOEnZb"><div class="h5"><br><br><div class="gmail_quote">
On Sat, Jan 21, 2012 at 2:16 AM, Alan DeKok <span dir="ltr"><<a href="mailto:aland@deployingradius.com" target="_blank">aland@deployingradius.com</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div>NdK wrote:<br>
>> The radclient program has since been updated.<br>
> Then it could be better to update that page, since it's the reference<br>
> for all newbies that try to make it work.<br>
<br>
</div> Yeah, I've gone and fixed that. "git" is nice for updating web pages.<br>
<div><br>
> "It *should* work" is more correct :(<br>
> There still are many things that can go wrong.<br>
<br>
</div> If it doesn't work, the web pages explain which part to blame. 99% of<br>
the time, it's a bug in someone else's software.<br>
<span><font color="#888888"><br>
Alan DeKok.<br>
</font></span><div><div>-<br>
List info/subscribe/unsubscribe? See <a href="http://www.freeradius.org/list/users.html" target="_blank">http://www.freeradius.org/list/users.html</a><br>
</div></div></blockquote></div><br><br clear="all"><br></div></div><div class="HOEnZb"><div class="h5">-- <br><div><div><div>Regards</div></div><div><br></div><div>Dhiraj Gaur </div><div><br></div><img src=""><div> </div>
</div><br>
</div></div></blockquote></div><br><br clear="all"><br>-- <br><div><div><div>Regards</div></div><div><br></div><div>Dhiraj Gaur </div><div><br></div><img src=""><div> </div></div><br>