Is there a way to disable ntlm authorization when using PEAP. I added the following entry in user "testuser" Cleartext-Password := "password", MS-CHAP-Use-NTLM-Auth := 0 Reply-Message = "Hello, %{User-Name}" Below is the radius log # Executing section authorize from file /etc/raddb/sites-enabled/default +- entering group authorize {...} ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop ++[digest] returns noop [suffix] No '@' in User-Name = "testuser", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop [eap] EAP packet type response id 3 length 6 [eap] Continuing tunnel setup. ++[eap] returns ok Found Auth-Type = EAP # Executing group from file /etc/raddb/sites-enabled/default +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/peap [eap] processing type peap [peap] processing EAP-TLS [peap] Received TLS ACK [peap] ACK handshake fragment handler [peap] eaptls_verify returned 1 [peap] eaptls_process returned 13 [peap] EAPTLS_HANDLED ++[eap] returns handled Sending Access-Challenge of id 199 to 10.1.2.12 port 1645 EAP-Message = 0x010403fc194000fd4f6b26b546151e300d06092a864886f70d010105050030818a310b3009 060355040613025553310b30090603550408130256413112301006035504071309536f6d6577 68657265310f300d060355040a1306436f726e65743122302006092a864886f70d0109011613 702e6b616d61746840636f726e65742e636f6d312530230603550403131c436f726e65742043 6572746966696361746520417574686f72697479301e170d3135303830363137333635375a17 0d3135313030353137333635375a30818a310b3009060355040613025553310b300906035504 08130256413112301006035504071309536f6d65776865726531 EAP-Message = 0x0f300d060355040a1306436f726e65743122302006092a864886f70d0109011613702e6b61 6d61746840636f726e65742e636f6d312530230603550403131c436f726e6574204365727469 66696361746520417574686f7269747930820122300d06092a864886f70d0101010500038201 0f003082010a0282010100d47bc9d476a963ae8b2bc54602dd3ec02a9a61d503388bf03325b1 e036a1b3c3789185a1d8db84c8318ecde367d201f5f8f186a25c865840c9b23e65b37266df1a 43bdfaa22e27984d0daf81e92cbd5bb794eb44f54ccbcaded32f178128ddeb7dde5d9f792c3f 93178dd67e64b7f680b12d86b1b6115f870f8762466c30ebd4eb EAP-Message = 0x7ad6cdf30f95d684e080b4b24048b2df4170bd0a8f33c7c07fa980178288903c8185444061 ed2e387840db38ff3f59a4a27854a83bfae7b97080e3ba2b2ec08038fa54583f58420b1f8586 00ed63c7541e5a0a284bbe67f1a21f8cbb5c6a483ab0bd815401b1554e5bee024db9311b9228 634ca8b32f43f0dc55959a8bbc510203010001a381f23081ef301d0603551d0e04160414a7d9 5ae87b9322fd7c72f4cb8447da70a44858a93081bf0603551d230481b73081b48014a7d95ae8 7b9322fd7c72f4cb8447da70a44858a9a18190a4818d30818a310b3009060355040613025553 310b30090603550408130256413112301006035504071309536f EAP-Message = 0x6d657768657265310f300d060355040a1306436f726e65743122302006092a864886f70d01 09011613702e6b616d61746840636f726e65742e636f6d312530230603550403131c436f726e 657420436572746966696361746520417574686f72697479820900fd4f6b26b546151e300c06 03551d13040530030101ff300d06092a864886f70d010105050003820101002deab51a55b190 8fe4dd333b9beaab737dbe396a12d17f5856e98eb03f3de18677805ca6033d52cd621cb24771 d3f909d8c35b011d51dadd980e80bb8cb25e98f04d9575fd64fc3d689f3729f648011aa51ed3 c9f3a13c90e690353fe84514c0a9d4f2a6654e90af9cd54c7da1 EAP-Message = 0x73c22dbad3d8ccd2 Message-Authenticator = 0x00000000000000000000000000000000 State = 0xa3e091d2a1e48827dc72cc968a436b25 Finished request 2. Going to the next request Waking up in 4.9 seconds. rad_recv: Access-Request packet from host 10.1.2.12 port 1645, id=200, length=167 User-Name = "testuser" Service-Type = Framed-User Framed-MTU = 1500 Called-Station-Id = "24-B6-57-D3-2C-8C" Calling-Station-Id = "5C-B9-01-B2-4A-15" EAP-Message = 0x020400061900 Message-Authenticator = 0xe2fbaee84c14daebca49cfa615ef8ded NAS-Port-Type = Ethernet NAS-Port = 50112 NAS-Port-Id = "GigabitEthernet1/0/12" State = 0xa3e091d2a1e48827dc72cc968a436b25 NAS-IP-Address = 10.1.2.12 # Executing section authorize from file /etc/raddb/sites-enabled/default +- entering group authorize {...} ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop ++[digest] returns noop [suffix] No '@' in User-Name = "testuser", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop [eap] EAP packet type response id 4 length 6 [eap] Continuing tunnel setup. ++[eap] returns ok Found Auth-Type = EAP # Executing group from file /etc/raddb/sites-enabled/default +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/peap [eap] processing type peap [peap] processing EAP-TLS [peap] Received TLS ACK [peap] ACK handshake fragment handler [peap] eaptls_verify returned 1 [peap] eaptls_process returned 13 [peap] EAPTLS_HANDLED ++[eap] returns handled Sending Access-Challenge of id 200 to 10.1.2.12 port 1645 EAP-Message = 0x0105009a1900f6f1b234409a3067f2946a561c41d329e2d754a68f1c93f8f22c8a79524218 ede2f7357366f533057d0d2af98920702c1d5e0c8ba3a69b9dd4cf8490a6c3c85804bead2421 de19ca57155d7a7df921695c5819a6c3561c8f7a5531960f3f4635175d18752884a7789c8bf2 7866237835c61daa0b744b20f5bb6504022beae99c3abaaa7a5af11fe44e7c1f16030100040e 000000 Message-Authenticator = 0x00000000000000000000000000000000 State = 0xa3e091d2a0e58827dc72cc968a436b25 Finished request 3. Going to the next request Waking up in 4.9 seconds. rad_recv: Access-Request packet from host 10.1.2.12 port 1645, id=201, length=499 User-Name = "testuser" Service-Type = Framed-User Framed-MTU = 1500 Called-Station-Id = "24-B6-57-D3-2C-8C" Calling-Station-Id = "5C-B9-01-B2-4A-15" EAP-Message = 0x0205015019800000014616030101061000010201006473f4b19800a13a9c5c7b01b3c265ea 10349366de65e2161d5b2c91fdbe8cefe2f3dc20824d20a4ccea304433ee4f644c1be1606b5c 58d8f5eab7b3fbd6325e35903642aefe1ed49c6abc70659b0320d46939ccdee65bb7f1886999 33027510e90b50d550c2bbbbc1253ae3defb82d7cfaf8f2dabe2417d84c49351ba04b6f93435 cca2124f5223c73b1aeb00680810ee17ab8f78db16768b38e6d99d44ab04985665bf5f7406eb 3baa28092d43fedefa54b114154161dc45c83ef6a5edee18978a5c75e4b38d9ce32ff1af0545 6c5c1a953eb4b074fa3fa8aa8e6f68cfb94aeb34c0a757d67b8a EAP-Message = 0x387ed8c044da03f5d7406be6e7fd97cafb2444dabc0d77441403010001011603010030820a 5d69190d3d35413bd788bcd9f65f7d2b22c2ca536887f0d789165fb645ca844b6936df7fdaf7 01bd12390e8cdbd7 Message-Authenticator = 0x16d00ab524c96631a6b287c799aae583 NAS-Port-Type = Ethernet NAS-Port = 50112 NAS-Port-Id = "GigabitEthernet1/0/12" State = 0xa3e091d2a0e58827dc72cc968a436b25 NAS-IP-Address = 10.1.2.12 # Executing section authorize from file /etc/raddb/sites-enabled/default +- entering group authorize {...} ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop ++[digest] returns noop [suffix] No '@' in User-Name = "testuser", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop [eap] EAP packet type response id 5 length 253 [eap] Continuing tunnel setup. ++[eap] returns ok Found Auth-Type = EAP # Executing group from file /etc/raddb/sites-enabled/default +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/peap [eap] processing type peap [peap] processing EAP-TLS TLS Length 326 [peap] Length Included [peap] eaptls_verify returned 11 [peap] <<< TLS 1.0 Handshake [length 0106], ClientKeyExchange [peap] TLS_accept: SSLv3 read client key exchange A [peap] <<< TLS 1.0 ChangeCipherSpec [length 0001] [peap] <<< TLS 1.0 Handshake [length 0010], Finished [peap] TLS_accept: SSLv3 read finished A [peap] >>> TLS 1.0 ChangeCipherSpec [length 0001] [peap] TLS_accept: SSLv3 write change cipher spec A [peap] >>> TLS 1.0 Handshake [length 0010], Finished [peap] TLS_accept: SSLv3 write finished A [peap] TLS_accept: SSLv3 flush data [peap] (other): SSL negotiation finished successfully SSL Connection Established [peap] eaptls_process returned 13 [peap] EAPTLS_HANDLED ++[eap] returns handled Sending Access-Challenge of id 201 to 10.1.2.12 port 1645 EAP-Message = 0x01060041190014030100010116030100300d9b14780e1f41191472b86a2fd4214ac11ce309 a2e5ac57ec848f6615f78666d5c745305aeb0bbd1cf6cfc958e3a140 Message-Authenticator = 0x00000000000000000000000000000000 State = 0xa3e091d2a7e68827dc72cc968a436b25 Finished request 4. Going to the next request Waking up in 4.8 seconds. rad_recv: Access-Request packet from host 10.1.2.12 port 1645, id=202, length=167 User-Name = "testuser" Service-Type = Framed-User Framed-MTU = 1500 Called-Station-Id = "24-B6-57-D3-2C-8C" Calling-Station-Id = "5C-B9-01-B2-4A-15" EAP-Message = 0x020600061900 Message-Authenticator = 0xefaefb3a513154371bb7663ec7e046ff NAS-Port-Type = Ethernet NAS-Port = 50112 NAS-Port-Id = "GigabitEthernet1/0/12" State = 0xa3e091d2a7e68827dc72cc968a436b25 NAS-IP-Address = 10.1.2.12 # Executing section authorize from file /etc/raddb/sites-enabled/default +- entering group authorize {...} ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop ++[digest] returns noop [suffix] No '@' in User-Name = "testuser", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop [eap] EAP packet type response id 6 length 6 [eap] Continuing tunnel setup. ++[eap] returns ok Found Auth-Type = EAP # Executing group from file /etc/raddb/sites-enabled/default +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/peap [eap] processing type peap [peap] processing EAP-TLS [peap] Received TLS ACK [peap] ACK handshake is finished [peap] eaptls_verify returned 3 [peap] eaptls_process returned 3 [peap] EAPTLS_SUCCESS [peap] Session established. Decoding tunneled attributes. [peap] Peap state TUNNEL ESTABLISHED ++[eap] returns handled Sending Access-Challenge of id 202 to 10.1.2.12 port 1645 EAP-Message = 0x0107002b190017030100209e946f4b1c969f5d313d2103e294794df2bdcd4a4dae649fbcee eb26a155c94b Message-Authenticator = 0x00000000000000000000000000000000 State = 0xa3e091d2a6e78827dc72cc968a436b25 Finished request 5. Going to the next request Waking up in 4.8 seconds. rad_recv: Access-Request packet from host 10.1.2.12 port 1645, id=203, length=204 User-Name = "testuser" Service-Type = Framed-User Framed-MTU = 1500 Called-Station-Id = "24-B6-57-D3-2C-8C" Calling-Station-Id = "5C-B9-01-B2-4A-15" EAP-Message = 0x0207002b1900170301002080698631153c58f752969b90367cc7bb69ac4b399ebf69911b8e a80d378b4ce4 Message-Authenticator = 0x698eabce7651b9a3d79e14a8a99a03c1 NAS-Port-Type = Ethernet NAS-Port = 50112 NAS-Port-Id = "GigabitEthernet1/0/12" State = 0xa3e091d2a6e78827dc72cc968a436b25 NAS-IP-Address = 10.1.2.12 # Executing section authorize from file /etc/raddb/sites-enabled/default +- entering group authorize {...} ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop ++[digest] returns noop [suffix] No '@' in User-Name = "testuser", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop [eap] EAP packet type response id 7 length 43 [eap] Continuing tunnel setup. ++[eap] returns ok Found Auth-Type = EAP # Executing group from file /etc/raddb/sites-enabled/default +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/peap [eap] processing type peap [peap] processing EAP-TLS [peap] eaptls_verify returned 7 [peap] Done initial handshake [peap] eaptls_process returned 7 [peap] EAPTLS_OK [peap] Session established. Decoding tunneled attributes. [peap] Peap state WAITING FOR INNER IDENTITY [peap] Identity - testuser [peap] Got inner identity 'testuser' [peap] Setting default EAP type for tunneled EAP session. [peap] Got tunneled request EAP-Message = 0x0207000d017465737475736572 server { [peap] Setting User-Name to testuser Sending tunneled request EAP-Message = 0x0207000d017465737475736572 FreeRADIUS-Proxied-To = 127.0.0.1 User-Name = "testuser" server inner-tunnel { # Executing section authorize from file /etc/raddb/sites-enabled/inner-tunnel +- entering group authorize {...} ++[chap] returns noop ++[mschap] returns noop [suffix] No '@' in User-Name = "testuser", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop ++[control] returns noop [eap] EAP packet type response id 7 length 13 [eap] No EAP Start, assuming it's an on-going EAP conversation ++[eap] returns updated ++[expiration] returns noop ++[logintime] returns noop ++[pap] returns noop Found Auth-Type = EAP # Executing group from file /etc/raddb/sites-enabled/inner-tunnel +- entering group authenticate {...} [eap] EAP Identity [eap] processing type mschapv2 rlm_eap_mschapv2: Issuing Challenge ++[eap] returns handled } # server inner-tunnel [peap] Got tunneled reply code 11 EAP-Message = 0x010800221a0108001d105ce8326e9114d3a2dec5900608214ee17465737475736572 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x7aa966307aa17c542ff595d55e7d6a15 [peap] Got tunneled reply RADIUS code 11 EAP-Message = 0x010800221a0108001d105ce8326e9114d3a2dec5900608214ee17465737475736572 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x7aa966307aa17c542ff595d55e7d6a15 [peap] Got tunneled Access-Challenge ++[eap] returns handled Sending Access-Challenge of id 203 to 10.1.2.12 port 1645 EAP-Message = 0x0108004b19001703010040be266c6bc8bf3236c7e1700ce1539cf2905fa2d9a5c93fbc53ad 267876efcf31c6f1d3df428d9db9de49ec9cd07e95a7f06233e489a467a2676163512422c03f Message-Authenticator = 0x00000000000000000000000000000000 State = 0xa3e091d2a5e88827dc72cc968a436b25 Finished request 6. Going to the next request Waking up in 3.9 seconds. rad_recv: Access-Request packet from host 10.1.2.12 port 1645, id=204, length=268 User-Name = "testuser" Service-Type = Framed-User Framed-MTU = 1500 Called-Station-Id = "24-B6-57-D3-2C-8C" Calling-Station-Id = "5C-B9-01-B2-4A-15" EAP-Message = 0x0208006b1900170301006053c7440846571f5c9208d31294e6a0d5b8dbbdfc0bbc0ec2f0d0 98d24e8079f3dc59fe3f778fa7fc4ec47f37ef3565f42e7ace8c13bb6ab3d5293a7275cfcd49 fa4d577a520df55a5a4950dbfc6608eb927bdac98356c7287449eabe75ac774d Message-Authenticator = 0x1d5978dcfe28a322fa85f581541a4d61 NAS-Port-Type = Ethernet NAS-Port = 50112 NAS-Port-Id = "GigabitEthernet1/0/12" State = 0xa3e091d2a5e88827dc72cc968a436b25 NAS-IP-Address = 10.1.2.12 # Executing section authorize from file /etc/raddb/sites-enabled/default +- entering group authorize {...} ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop ++[digest] returns noop [suffix] No '@' in User-Name = "testuser", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop [eap] EAP packet type response id 8 length 107 [eap] Continuing tunnel setup. ++[eap] returns ok Found Auth-Type = EAP # Executing group from file /etc/raddb/sites-enabled/default +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/peap [eap] processing type peap [peap] processing EAP-TLS [peap] eaptls_verify returned 7 [peap] Done initial handshake [peap] eaptls_process returned 7 [peap] EAPTLS_OK [peap] Session established. Decoding tunneled attributes. [peap] Peap state phase2 [peap] EAP type mschapv2 [peap] Got tunneled request EAP-Message = 0x020800431a0208003e31c0591f7fb2f2511bc7c7a39941cb7ca1000000000000000056dc0e e4ef5fc8898def1758e6aa29ac06cd681d7fd35106007465737475736572 server { [peap] Setting User-Name to testuser Sending tunneled request EAP-Message = 0x020800431a0208003e31c0591f7fb2f2511bc7c7a39941cb7ca1000000000000000056dc0e e4ef5fc8898def1758e6aa29ac06cd681d7fd35106007465737475736572 FreeRADIUS-Proxied-To = 127.0.0.1 User-Name = "testuser" State = 0x7aa966307aa17c542ff595d55e7d6a15 server inner-tunnel { # Executing section authorize from file /etc/raddb/sites-enabled/inner-tunnel +- entering group authorize {...} ++[chap] returns noop ++[mschap] returns noop [suffix] No '@' in User-Name = "testuser", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop ++[control] returns noop [eap] EAP packet type response id 8 length 67 [eap] No EAP Start, assuming it's an on-going EAP conversation ++[eap] returns updated ++[expiration] returns noop ++[logintime] returns noop ++[pap] returns noop Found Auth-Type = EAP # Executing group from file /etc/raddb/sites-enabled/inner-tunnel +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/mschapv2 [eap] processing type mschapv2 [mschapv2] # Executing group from file /etc/raddb/sites-enabled/inner-tunnel [mschapv2] +- entering group MS-CHAP {...} [mschap] Creating challenge hash with username: testuser [mschap] Told to do MS-CHAPv2 for testuser with NT-Password [mschap] expand: %{Stripped-User-Name} -> [mschap] ... expanding second conditional [mschap] expand: %{User-Name} -> testuser [mschap] expand: %{%{User-Name}:-None} -> testuser [mschap] expand: --username=%{%{Stripped-User-Name}:-%{%{User-Name}:-None}} -> --username=testuser [mschap] Creating challenge hash with username: testuser [mschap] expand: %{mschap:Challenge} -> f9a36aa3aa275bf0 [mschap] expand: --challenge=%{%{mschap:Challenge}:-00} -> --challenge=f9a36aa3aa275bf0 [mschap] expand: %{mschap:NT-Response} -> 56dc0ee4ef5fc8898def1758e6aa29ac06cd681d7fd35106 [mschap] expand: --nt-response=%{%{mschap:NT-Response}:-00} -> --nt-response=56dc0ee4ef5fc8898def1758e6aa29ac06cd681d7fd35106 Exec-Program output: Exec-Program: FAILED to execute /path/to/ntlm_auth: No such file or directory Exec-Program-Wait: plaintext: Exec-Program: FAILED to execute /path/to/ntlm_auth: No such file or directory Exec-Program: returned: 1 [mschap] External script failed. [mschap] FAILED: MS-CHAP2-Response is incorrect ++[mschap] returns reject [eap] Freeing handler ++[eap] returns reject Failed to authenticate the user. } # server inner-tunnel [peap] Got tunneled reply code 3 MS-CHAP-Error = "\010E=691 R=1" EAP-Message = 0x04080004 Message-Authenticator = 0x00000000000000000000000000000000 [peap] Got tunneled reply RADIUS code 3 MS-CHAP-Error = "\010E=691 R=1" EAP-Message = 0x04080004 Message-Authenticator = 0x00000000000000000000000000000000 [peap] Tunneled authentication was rejected. [peap] FAILURE ++[eap] returns handled Sending Access-Challenge of id 204 to 10.1.2.12 port 1645 EAP-Message = 0x0109002b19001703010020126279bbbe9350880386e85c413ca97f91ee0deaf67387bfb865 27c4952dc155 Message-Authenticator = 0x00000000000000000000000000000000 State = 0xa3e091d2a4e98827dc72cc968a436b25 Finished request 7. Going to the next request Waking up in 3.7 seconds. rad_recv: Access-Request packet from host 10.1.2.12 port 1645, id=205, length=204 User-Name = "testuser" Service-Type = Framed-User Framed-MTU = 1500 Called-Station-Id = "24-B6-57-D3-2C-8C" Calling-Station-Id = "5C-B9-01-B2-4A-15" EAP-Message = 0x0209002b190017030100205e8ff15f68aa5877d0da372e553dea37fa5131380a857a89c766 11d30c77d468 Message-Authenticator = 0x5f64a4462e35c1f883f2fbbaf2d3b957 NAS-Port-Type = Ethernet NAS-Port = 50112 NAS-Port-Id = "GigabitEthernet1/0/12" State = 0xa3e091d2a4e98827dc72cc968a436b25 NAS-IP-Address = 10.1.2.12 # Executing section authorize from file /etc/raddb/sites-enabled/default +- entering group authorize {...} ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop ++[digest] returns noop [suffix] No '@' in User-Name = "testuser", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop [eap] EAP packet type response id 9 length 43 [eap] Continuing tunnel setup. ++[eap] returns ok Found Auth-Type = EAP # Executing group from file /etc/raddb/sites-enabled/default +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/peap [eap] processing type peap [peap] processing EAP-TLS [peap] eaptls_verify returned 7 [peap] Done initial handshake [peap] eaptls_process returned 7 [peap] EAPTLS_OK [peap] Session established. Decoding tunneled attributes. [peap] Peap state send tlv failure [peap] Received EAP-TLV response. [peap] The users session was previously rejected: returning reject (again.) [peap] *** This means you need to read the PREVIOUS messages in the debug output [peap] *** to find out the reason why the user was rejected. [peap] *** Look for "reject" or "fail". Those earlier messages will tell you. [peap] *** what went wrong, and how to fix the problem. [eap] Handler failed in EAP/peap [eap] Failed in EAP select ++[eap] returns invalid Failed to authenticate the user. Using Post-Auth-Type Reject # Executing group from file /etc/raddb/sites-enabled/default +- entering group REJECT {...} [attr_filter.access_reject] expand: %{User-Name} -> testuser attr_filter: Matched entry DEFAULT at line 11 ++[attr_filter.access_reject] returns updated Delaying reject of request 8 for 1 seconds Going to the next request Waking up in 0.9 seconds. Sending delayed reject for request 8 Sending Access-Reject of id 205 to 10.1.2.12 port 1645 EAP-Message = 0x04090004 Message-Authenticator = 0x00000000000000000000000000000000 Waking up in 1.8 seconds. Thanks Preyas -----Original Message----- From: Freeradius-Users [mailto:freeradius-users-bounces+p.kamath=cornet.com@lists.freeradius.org] On Behalf Of A.L.M.Buxey@lboro.ac.uk Sent: Thursday, August 06, 2015 9:29 AM To: FreeRadius users mailing list Subject: Re: Switch sends EAP-Fail after Radius Access-Accept Hi,
[preyask@localhost controller-ned]$ cat /etc/raddb/small.conf listen { type = auth ipaddr = * port = 1812 } client 10.1.2.0/24 { # allow packets from 10.1.2.0/24 secret = testing123 shortname = 10.1.2.12 } modules { # We don't use any modules } authorize { # return Access-Accept for PAP and CHAP update control { Auth-Type := Accept } }
yeh. that wont work....start with the default configuration and THEN start slimming it down big hints - you are using EAP thus you ARE using modules....in fact ALL work in FreeRADIUS uses modules. you are doing EAP - therefore the request needs to go into a virtual server that is called in the eap.conf configuration. default in virtual-server. I'll repeat. stop what you are currently doing, install the default config, add your client and THEN start work....once its working and you get to know what each module does and how the server works, THEN reduce the configuration alan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html