Great. It is working now Thanks a lot.. I need to configure the proxy.conf. But it is not loaded.. Starting - reading configuration files ... including dictionary file /usr/local/share/freeradius/dictionary including dictionary file /usr/local/share/freeradius/dictionary.dhcp including dictionary file /usr/local/share/freeradius/dictionary.vqp including dictionary file /usr/local/etc/raddb/dictionary *including configuration file /usr/local/etc/raddb/radiusd.confincluding configuration file /usr/local/etc/raddb/clients.conf* including files in directory /usr/local/etc/raddb/mods-enabled/ including configuration file /usr/local/etc/raddb/mods-enabled/attr_filter including configuration file /usr/local/etc/raddb/mods-enabled/cache_eap including configuration file /usr/local/etc/raddb/mods-enabled/chap including configuration file /usr/local/etc/raddb/mods-enabled/date including configuration file /usr/local/etc/raddb/mods-enabled/detail including configuration file /usr/local/etc/raddb/mods-enabled/detail.log including configuration file /usr/local/etc/raddb/mods-enabled/digest including configuration file /usr/local/etc/raddb/mods-enabled/dynamic_clients including configuration file /usr/local/etc/raddb/mods-enabled/eap including configuration file /usr/local/etc/raddb/mods-enabled/echo including configuration file /usr/local/etc/raddb/mods-enabled/exec including configuration file /usr/local/etc/raddb/mods-enabled/expiration including configuration file /usr/local/etc/raddb/mods-enabled/expr including configuration file /usr/local/etc/raddb/mods-enabled/files including configuration file /usr/local/etc/raddb/mods-enabled/linelog including configuration file /usr/local/etc/raddb/mods-enabled/logintime including configuration file /usr/local/etc/raddb/mods-enabled/mschap including configuration file /usr/local/etc/raddb/mods-enabled/realm including configuration file /usr/local/etc/raddb/mods-enabled/pap including configuration file /usr/local/etc/raddb/mods-enabled/passwd including configuration file /usr/local/etc/raddb/mods-enabled/preprocess including configuration file /usr/local/etc/raddb/mods-enabled/radutmp including configuration file /usr/local/etc/raddb/mods-enabled/counter including configuration file /usr/local/etc/raddb/mods-enabled/replicate including configuration file /usr/local/etc/raddb/mods-enabled/soh including configuration file /usr/local/etc/raddb/mods-enabled/sradutmp including configuration file /usr/local/etc/raddb/mods-enabled/unix including configuration file /usr/local/etc/raddb/mods-enabled/always including configuration file /usr/local/etc/raddb/mods-enabled/unpack including configuration file /usr/local/etc/raddb/mods-enabled/utf8 including configuration file /usr/local/etc/raddb/mods-enabled/motp including configuration file /usr/local/etc/raddb/mods-enabled/googleauth including configuration file /usr/local/etc/raddb/mods-enabled/datacounter_acct including configuration file /usr/local/etc/raddb/mods-enabled/ldap including files in directory /usr/local/etc/raddb/policy.d/ including configuration file /usr/local/etc/raddb/policy.d/accounting including configuration file /usr/local/etc/raddb/policy.d/canonicalization including configuration file /usr/local/etc/raddb/policy.d/control including configuration file /usr/local/etc/raddb/policy.d/cui including configuration file /usr/local/etc/raddb/policy.d/debug including configuration file /usr/local/etc/raddb/policy.d/dhcp including configuration file /usr/local/etc/raddb/policy.d/eap including configuration file /usr/local/etc/raddb/policy.d/filter including configuration file /usr/local/etc/raddb/policy.d/moonshot-targeted-ids including configuration file /usr/local/etc/raddb/policy.d/operator-name including configuration file /usr/local/etc/raddb/policy.d/rfc7542 including configuration file /usr/local/etc/raddb/policy.d/abfab-tr including configuration file /usr/local/etc/raddb/policy.d/pfs_custom_policies including files in directory /usr/local/etc/raddb/sites-enabled/ including configuration file /usr/local/etc/raddb/sites-enabled/default including configuration file /usr/local/etc/raddb/sites-enabled/inner-tunnel-ttls including configuration file /usr/local/etc/raddb/sites-enabled/inner-tunnel-peap -------------------- *This is the file * */usr/local/etc/raddb/radiusd.conf* prefix = /usr/local exec_prefix = ${prefix} sysconfdir = ${prefix}/etc localstatedir = /var sbindir = ${exec_prefix}/sbin logdir = ${localstatedir}/log raddbdir = ${sysconfdir}/raddb radacctdir = ${logdir}/radacct name = radiusd confdir = ${raddbdir} modconfdir = ${confdir}/mods-config certdir = ${confdir}/certs cadir = ${confdir}/certs run_dir = ${localstatedir}/run db_dir = ${raddbdir} libdir = /usr/local/lib/freeradius-3.0.21 pidfile = ${run_dir}/${name}.pid max_request_time = 30 cleanup_delay = 5 max_requests = 1024 hostname_lookups = no regular_expressions = yes extended_expressions = yes log { destination = files colourise = yes file = ${logdir}/radius.log syslog_facility = daemon stripped_names = no auth = yes auth_badpass = no auth_goodpass = no msg_goodpass = "%{User-Name}" msg_badpass = "%{User-Name}" msg_denied = "You are already logged in - access denied" } checkrad = ${sbindir}/checkrad security { allow_core_dumps = no max_attributes = 200 reject_delay = 1 status_server = no # Disable this check since it may not be accurate due to how FreeBSD patches OpenSSL allow_vulnerable_openssl = yes } $INCLUDE clients.conf thread pool { start_servers = 5 max_servers = 32 min_spare_servers = 3 max_spare_servers = 10 max_queue_size = 65536 max_requests_per_server = 0 auto_limit_acct = no } modules { $INCLUDE ${confdir}/mods-enabled/ } instantiate { exec expr expiration logintime ### Dis-/Enable sql instatiate #sql daily weekly monthly forever } policy { $INCLUDE policy.d/ } $INCLUDE sites-enabled/ ------------------------------------------------ Some warnings in the Output are.... *(17) WARNING: Outer and inner identities are the same. User privacy is compromised.* (17) server inner-tunnel-ttls { (17) # Executing section authorize from file /usr/local/etc/raddb/sites-enabled/inner-tunnel-ttls (17) authorize { (17) [chap] = noop (17) [mschap] = noop (17) update control { (17) &Proxy-To-Realm := LOCAL (17) } # update control = noop (17) eap: No EAP-Message, not doing EAP (17) [eap] = noop (17) [files] = noop rlm_ldap (ldap): Closing connection (2): Hit idle_timeout, was idle for 67 seconds rlm_ldap (ldap): You probably need to lower "min" rlm_ldap (ldap): Reserved connection (1) (17) ldap: EXPAND (uid=%{%{Stripped-User-Name}:-%{User-Name}}) (17) ldap: --> (uid=ldap) (17) ldap: Performing search in "dc=tanuvas,dc=org,dc=in" with filter "(uid=ldap)", scope "sub" (17) ldap: Waiting for search result... (17) ldap: User object found at DN "uid=ldap,ou=Faculty,ou=People,ou=Registrar,ou=Users,dc=tanuvas,dc=org,dc=in" (17) ldap: Processing user attributes *(17) ldap: WARNING: No "known good" password added. Ensure the admin user has permission to read the password attribute(17) ldap: WARNING: PAP authentication will *NOT* work with Active Directory (if that is what you were trying to configure)*rlm_ldap (ldap): Released connection (1) Need 1 more connections to reach min connections (5) rlm_ldap (ldap): Opening additional connection (5), 1 of 1 pending slots used rlm_ldap (ldap): Connecting to ldap://127.0.0.1:1636 rlm_ldap (ldap): Waiting for bind result... rlm_ldap (ldap): Bind successful (17) [ldap] = ok (17) [expiration] = noop (17) [logintime] = noop (17) [pap] = noop (17) if (User-Password) { (17) if (User-Password) -> TRUE (17) if (User-Password) { (17) update control { (17) Auth-Type := LDAP (17) } # update control = noop (17) } # if (User-Password) = noop (17) } # authorize = ok (17) WARNING: You set Proxy-To-Realm = LOCAL, but the realm does not exist! Cancelling invalid proxy request. (17) Found Auth-Type = LDAP (17) # Executing group from file /usr/local/etc/raddb/sites-enabled/inner-tunnel-ttls (17) Auth-Type LDAP { rlm_ldap (ldap): Reserved connection (3) (17) ldap: Login attempt by "ldap" (17) ldap: Using user DN from request "uid=ldap,ou=Faculty,ou=People,ou=Registrar,ou=Users,dc=tanuvas,dc=org,dc=in" (17) ldap: Waiting for bind result... (17) ldap: Bind successful (17) ldap: Bind as user "uid=ldap,ou=Faculty,ou=People,ou=Registrar,ou=Users,dc=tanuvas,dc=org,dc=in" was successful rlm_ldap (ldap): Released connection (3) (17) [ldap] = ok (17) } # Auth-Type LDAP = ok (17) # Executing section post-auth from file /usr/local/etc/raddb/sites-enabled/inner-tunnel-ttls (17) post-auth { (17) if (1) { (17) if (1) -> TRUE (17) if (1) { (17) update reply { (17) User-Name !* ANY (17) Message-Authenticator !* ANY (17) EAP-Message !* ANY (17) Proxy-State !* ANY (17) MS-MPPE-Encryption-Types !* ANY (17) MS-MPPE-Encryption-Policy !* ANY (17) MS-MPPE-Send-Key !* ANY (17) MS-MPPE-Recv-Key !* ANY (17) } # update reply = noop (17) update { (17) No attributes updated for RHS &reply: (17) } # update = noop (17) } # if (1) = noop (17) } # post-auth = noop (17) EXPAND %{User-Name} (17) --> ldap (17) Login OK: [ldap] (from client IAP303VC port 0 via TLS tunnel) ldap (17) } # server inner-tunnel-ttls (17) Virtual server sending reply (17) eap_ttls: Got tunneled Access-Accept (17) eap: Sending EAP Success (code 3) ID 6 length 4 (17) eap: Freeing handler (17) [eap] = ok (17) } # authenticate = ok (17) # Executing section post-auth from file /usr/local/etc/raddb/sites-enabled/default (17) post-auth { (17) update { (17) &reply::TLS-Session-Cipher-Suite += &session-state:TLS-Session-Cipher-Suite[*] -> 'ECDHE-RSA-AES128-GCM-SHA256' (17) &reply::TLS-Session-Version += &session-state:TLS-Session-Version[*] -> 'TLS 1.2' (17) } # update = noop (17) [exec] = noop (17) policy remove_reply_message_if_eap { (17) if (&reply:EAP-Message && &reply:Reply-Message) { (17) if (&reply:EAP-Message && &reply:Reply-Message) -> FALSE (17) else { (17) [noop] = noop (17) } # else = noop (17) } # policy remove_reply_message_if_eap = noop (17) } # post-auth = noop (17) EXPAND %{User-Name} (17) --> ldap (17) Login OK: [ldap] (from client IAP303VC port 0 cli e01f882afe1f) ldap (17) Sent Access-Accept Id 124 from 172.16.10.20:1812 to 172.16.11.2:55184 length 0 (17) MS-MPPE-Recv-Key = 0x580722b63c86773fa04c013221518a046abf915b0e4f596df698273c84823d59 (17) MS-MPPE-Send-Key = 0x5e597facb7eccf9b6e4ffacc5ff6d54260a42db31a48d0c0454595aeaec8b281 (17) EAP-Message = 0x03060004 (17) Message-Authenticator = 0x00000000000000000000000000000000 (17) User-Name = "ldap" (17) Finished request Waking up in 2.2 seconds. (12) Cleaning up request packet ID 119 with timestamp +86 (13) Cleaning up request packet ID 120 with timestamp +86 (14) Cleaning up request packet ID 121 with timestamp +86 (15) Cleaning up request packet ID 122 with timestamp +86 (16) Cleaning up request packet ID 123 with timestamp +86 Waking up in 2.6 seconds. (17) Cleaning up request packet ID 124 with timestamp +86 *Ready to process requests* Best, Thirunavukkarasu...