Yes i have.

Here are the two different logs, one from radlogin on the server and the the second from an iphone who wants to connect.

RADLOGIN:
rad_recv: Access-Request packet from host 127.0.0.1 port 46391, id=99, length=71
    Service-Type = Login-User
    User-Name = "Administrator"
    User-Password = "***"
    NAS-IP-Address = 10.119.2.4
    NAS-Port = 0
+- entering group authorize
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
    rlm_realm: No '@' in User-Name = "Administrator", looking up realm NULL
    rlm_realm: No such realm "NULL"
++[suffix] returns noop
  rlm_eap: No EAP-Message, not doing EAP
++[eap] returns noop
++[unix] returns updated
++[files] returns noop
rlm_ldap: - authorize
rlm_ldap: performing user authorization for Administrator
WARNING: Deprecated conditional expansion ":-".  See "man unlang" for details
    expand: (uid=%{Stripped-User-Name:-%{User-Name}}) -> (uid=Administrator)
    expand: dc=tcsvo,dc=local -> dc=tcsvo,dc=local
rlm_ldap: ldap_get_conn: Checking Id: 0
rlm_ldap: ldap_get_conn: Got Id: 0
rlm_ldap: attempting LDAP reconnection
rlm_ldap: (re)connect to localhost:389, authentication 0
rlm_ldap: starting TLS
rlm_ldap: bind as cn=admin,dc=tcsvo,dc=local/pPWSrf5 to localhost:389
rlm_ldap: waiting for bind result ...
rlm_ldap: Bind was successful
rlm_ldap: performing search in dc=tcsvo,dc=local, with filter (uid=Administrator)
rlm_ldap: checking if remote access for Administrator is allowed by uid
rlm_ldap: No default NMAS login sequence
rlm_ldap: looking for check items in directory...
rlm_ldap: LDAP attribute userPassword as RADIUS attribute Cleartext-Password == "{crypt}$1$5eEakVq3$MQZSsqhrcB6NW/aaGYuRx."
rlm_ldap: LDAP attribute sambaNtPassword as RADIUS attribute NT-Password == 0x4139444241443137383246324236314336454541304139374238384242373245
rlm_ldap: LDAP attribute sambaLmPassword as RADIUS attribute LM-Password == 0x4241303338423239303831394236353944463132384232444433324241443037
rlm_ldap: looking for reply items in directory...
rlm_ldap: Setting Auth-Type = ldap
rlm_ldap: user Administrator authorized to use remote access
rlm_ldap: ldap_release_conn: Release Id: 0
++[ldap] returns ok
++[expiration] returns noop
++[logintime] returns noop
rlm_pap: Normalizing NT-Password from hex encoding
rlm_pap: Normalizing LM-Password from hex encoding
rlm_pap: Found existing Auth-Type, not changing it.
++[pap] returns noop
  rad_check_password:  Found Auth-Type ldap
auth: type "LDAP"
+- entering group LDAP
rlm_ldap: - authenticate
rlm_ldap: login attempt by "Administrator" with password "***"
rlm_ldap: user DN: uid=Administrator,cn=users,dc=tcsvo,dc=local
rlm_ldap: (re)connect to localhost:389, authentication 1
rlm_ldap: starting TLS
rlm_ldap: bind as uid=Administrator,cn=users,dc=tcsvo,dc=local/D4t6Ui2g to localhost:389
rlm_ldap: waiting for bind result ...
rlm_ldap: Bind was successful
rlm_ldap: user Administrator authenticated succesfully
++[ldap] returns ok
Login OK: [Administrator/***] (from client localhost port 0)
+- entering group post-auth
++[ldap] returns noop
++[exec] returns noop
Sending Access-Accept of id 99 to 127.0.0.1 port 46391
Finished request 0.
Going to the next request
Waking up in 4.9 seconds.
Cleaning up request 0 ID 99 with timestamp +1284
Ready to process requests.





IPhone test:
rad_recv: Access-Request packet from host 10.119.12.2 port 1318, id=21, length=197
    Message-Authenticator = 0x24691ccd1f2040d828405d72ef7189ec
    Service-Type = Framed-User
    User-Name = "nadine.bosshard"
    Framed-MTU = 1488
    Called-Station-Id = "204E7FE98EF3:TCSVO-Intern"
    Calling-Station-Id = "9803D861E85C"
    NAS-Identifier = "aptcsvo02"
    NAS-Port-Type = Wireless-802.11
    Connect-Info = "CONNECT 54Mbps 802.11g"
    EAP-Message = 0x02000014016e6164696e652e626f737368617264
    NAS-IP-Address = 10.119.12.2
    NAS-Port = 1
    NAS-Port-Id = "STA port # 1"
+- entering group authorize
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
    rlm_realm: No '@' in User-Name = "nadine.bosshard", looking up realm NULL
    rlm_realm: No such realm "NULL"
++[suffix] returns noop
  rlm_eap: EAP packet type response id 0 length 20
  rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
++[eap] returns updated
rlm_unix: [nadine.bosshard]: invalid shell [/bin/false]
++[unix] returns reject
Invalid user: [nadine.bosshard/<via Auth-Type = EAP>] (from client aptcsvo02 port 1 cli 9803D861E85C)
  Found Post-Auth-Type Reject
+- entering group REJECT
    expand: %{User-Name} -> nadine.bosshard
 attr_filter: Matched entry DEFAULT at line 11
++[attr_filter.access_reject] returns updated
Delaying reject of request 0 for 1 seconds
Going to the next request
Waking up in 0.9 seconds.
rad_recv: Access-Request packet from host 10.119.12.2 port 1318, id=21, length=197
Waiting to send Access-Reject to client aptcsvo02 port 1318 - ID: 21
Sending delayed reject for request 0
Sending Access-Reject of id 21 to 10.119.12.2 port 1318
Waking up in 4.9 seconds.
Cleaning up request 0 ID 21 with timestamp +1333
Ready to process requests.



Am 09/11/2012 10:42 AM, schrieb Fajar A. Nugraha:
On Tue, Sep 11, 2012 at 3:29 PM, Mihajlo Joksimovic
<mihajlo.joksimovic@adfinis-sygroup.ch> wrote:
Well i started with a fresh installation and made minimal changes.
i put in the ap's in clients.conf, activated and configured ldap and copied
the certs in the correct direction.
that's a start

This is the output when i start with -X:
good.

Listening on authentication address * port 1812
Listening on accounting address * port 1813
Listening on proxy address * port 1814
Ready to process requests.
... and where's the access-request packet?

It should have different log compared to the one you pasted the first
time, since the config is different.

... or is it you haven't tested authentication using this readius?


-- 
Adfinis SyGroup AG
Mihajlo Joksimovic, System Engineer

Güterstrasse 86 | CH-4053 Basel
Tel. 061 333 80 33