Yes i have. Here are the two different logs, one from radlogin on the server and the the second from an iphone who wants to connect. RADLOGIN: rad_recv: Access-Request packet from host 127.0.0.1 port 46391, id=99, length=71 Service-Type = Login-User User-Name = "Administrator" User-Password = "***" NAS-IP-Address = 10.119.2.4 NAS-Port = 0 +- entering group authorize ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop rlm_realm: No '@' in User-Name = "Administrator", looking up realm NULL rlm_realm: No such realm "NULL" ++[suffix] returns noop rlm_eap: No EAP-Message, not doing EAP ++[eap] returns noop ++[unix] returns updated ++[files] returns noop rlm_ldap: - authorize rlm_ldap: performing user authorization for Administrator WARNING: Deprecated conditional expansion ":-". See "man unlang" for details expand: (uid=%{Stripped-User-Name:-%{User-Name}}) -> (uid=Administrator) expand: dc=tcsvo,dc=local -> dc=tcsvo,dc=local rlm_ldap: ldap_get_conn: Checking Id: 0 rlm_ldap: ldap_get_conn: Got Id: 0 rlm_ldap: attempting LDAP reconnection rlm_ldap: (re)connect to localhost:389, authentication 0 rlm_ldap: starting TLS rlm_ldap: bind as cn=admin,dc=tcsvo,dc=local/pPWSrf5 to localhost:389 rlm_ldap: waiting for bind result ... rlm_ldap: Bind was successful rlm_ldap: performing search in dc=tcsvo,dc=local, with filter (uid=Administrator) rlm_ldap: checking if remote access for Administrator is allowed by uid rlm_ldap: No default NMAS login sequence rlm_ldap: looking for check items in directory... rlm_ldap: LDAP attribute userPassword as RADIUS attribute Cleartext-Password == "{crypt}$1$5eEakVq3$MQZSsqhrcB6NW/aaGYuRx." rlm_ldap: LDAP attribute sambaNtPassword as RADIUS attribute NT-Password == 0x4139444241443137383246324236314336454541304139374238384242373245 rlm_ldap: LDAP attribute sambaLmPassword as RADIUS attribute LM-Password == 0x4241303338423239303831394236353944463132384232444433324241443037 rlm_ldap: looking for reply items in directory... rlm_ldap: Setting Auth-Type = ldap rlm_ldap: user Administrator authorized to use remote access rlm_ldap: ldap_release_conn: Release Id: 0 ++[ldap] returns ok ++[expiration] returns noop ++[logintime] returns noop rlm_pap: Normalizing NT-Password from hex encoding rlm_pap: Normalizing LM-Password from hex encoding rlm_pap: Found existing Auth-Type, not changing it. ++[pap] returns noop rad_check_password: Found Auth-Type ldap auth: type "LDAP" +- entering group LDAP rlm_ldap: - authenticate rlm_ldap: login attempt by "Administrator" with password "***" rlm_ldap: user DN: uid=Administrator,cn=users,dc=tcsvo,dc=local rlm_ldap: (re)connect to localhost:389, authentication 1 rlm_ldap: starting TLS rlm_ldap: bind as uid=Administrator,cn=users,dc=tcsvo,dc=local/D4t6Ui2g to localhost:389 rlm_ldap: waiting for bind result ... rlm_ldap: Bind was successful rlm_ldap: user Administrator authenticated succesfully ++[ldap] returns ok Login OK: [Administrator/***] (from client localhost port 0) +- entering group post-auth ++[ldap] returns noop ++[exec] returns noop Sending Access-Accept of id 99 to 127.0.0.1 port 46391 Finished request 0. Going to the next request Waking up in 4.9 seconds. Cleaning up request 0 ID 99 with timestamp +1284 Ready to process requests. IPhone test: rad_recv: Access-Request packet from host 10.119.12.2 port 1318, id=21, length=197 Message-Authenticator = 0x24691ccd1f2040d828405d72ef7189ec Service-Type = Framed-User User-Name = "nadine.bosshard" Framed-MTU = 1488 Called-Station-Id = "204E7FE98EF3:TCSVO-Intern" Calling-Station-Id = "9803D861E85C" NAS-Identifier = "aptcsvo02" NAS-Port-Type = Wireless-802.11 Connect-Info = "CONNECT 54Mbps 802.11g" EAP-Message = 0x02000014016e6164696e652e626f737368617264 NAS-IP-Address = 10.119.12.2 NAS-Port = 1 NAS-Port-Id = "STA port # 1" +- entering group authorize ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop rlm_realm: No '@' in User-Name = "nadine.bosshard", looking up realm NULL rlm_realm: No such realm "NULL" ++[suffix] returns noop rlm_eap: EAP packet type response id 0 length 20 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation ++[eap] returns updated rlm_unix: [nadine.bosshard]: invalid shell [/bin/false] ++[unix] returns reject Invalid user: [nadine.bosshard/<via Auth-Type = EAP>] (from client aptcsvo02 port 1 cli 9803D861E85C) Found Post-Auth-Type Reject +- entering group REJECT expand: %{User-Name} -> nadine.bosshard attr_filter: Matched entry DEFAULT at line 11 ++[attr_filter.access_reject] returns updated Delaying reject of request 0 for 1 seconds Going to the next request Waking up in 0.9 seconds. rad_recv: Access-Request packet from host 10.119.12.2 port 1318, id=21, length=197 Waiting to send Access-Reject to client aptcsvo02 port 1318 - ID: 21 Sending delayed reject for request 0 Sending Access-Reject of id 21 to 10.119.12.2 port 1318 Waking up in 4.9 seconds. Cleaning up request 0 ID 21 with timestamp +1333 Ready to process requests. Am 09/11/2012 10:42 AM, schrieb Fajar A. Nugraha:
On Tue, Sep 11, 2012 at 3:29 PM, Mihajlo Joksimovic <mihajlo.joksimovic@adfinis-sygroup.ch> wrote:
Well i started with a fresh installation and made minimal changes. i put in the ap's in clients.conf, activated and configured ldap and copied the certs in the correct direction. that's a start
This is the output when i start with -X: good.
Listening on authentication address * port 1812 Listening on accounting address * port 1813 Listening on proxy address * port 1814 Ready to process requests. ... and where's the access-request packet?
It should have different log compared to the one you pasted the first time, since the config is different.
... or is it you haven't tested authentication using this readius?
-- Adfinis SyGroup AG Mihajlo Joksimovic, System Engineer Güterstrasse 86 | CH-4053 Basel Tel. 061 333 80 33