Alan, Radius -X is always on, and I went through the clients.conf file. -X gives a lot information, since you asked here is my understanding. I'm not a programmer so some of them are cryptic to me. I put in comments to what I think they are, but they are only guesses. I would be very thankful if you can shed lights on them. Also, there is file experimental.conf stated in eap.conf, but did not exist. It may have some useful information. root@Crest raddb]# radtest cisco cisco 127.0.0.1 200 testing123 Sending Access-Request of id 187 to 127.0.0.1 port 1812 User-Name = "cisco" User-Password = "cisco" NAS-IP-Address = 127.0.0.1 NAS-Port = 200 rad_recv: Access-Request packet from host 127.0.0.1 port 43663, id=187, length=57 User-Name = "cisco" User-Password = "cisco" NAS-IP-Address = 127.0.0.1 NAS-Port = 200 +- entering group authorize {...} ++[preprocess] returns ok ;what is preprocess and what does it do? ++[chap] returns noop ;I can tell that chap was not selected as a protocol, right? ++[mschap] returns noop ;as above [suffix] No '@' in User-Name = "cisco", looking up realm NULL ;why @ is expected in a name or password? [suffix] No such realm "NULL" ;what this mean? ++[suffix] returns noop [eap] No EAP-Message, not doing EAP ;eap is not auth protocol. ++[eap] returns noop ++[unix] returns notfound ;what is this? ++[files] returns noop ? ++[expiration] returns noop ? ++[logintime] returns noop ? [pap] WARNING! No "known good" password found for the user. Authentication may fail because of this. ;I do have a password (cisco). ++[pap] returns noop No authenticate method (Auth-Type) configuration found for the request: Rejecting the user ;this look like authentication protocol is a must before the process can work, however, eap.conf file is there and eap is uncommented out with it's arguments. ? Failed to authenticate the user. Using Post-Auth-Type Reject +- entering group REJECT {...} [attr_filter.access_reject] expand: %{User-Name} -> cisco attr_filter: Matched entry DEFAULT at line 11 ++[attr_filter.access_reject] returns updated Delaying reject of request 5 for 1 seconds Going to the next request Waking up in 0.9 seconds. Sending delayed reject for request 5 Sending Access-Reject of id 187 to 127.0.0.1 port 43663 Waking up in 4.9 seconds. rad_recv: Access-Reject packet from host 127.0.0.1 port 1812, id=187, length=20 [root@Crest raddb]# Cleaning up request 5 ID 187 with timestamp +411 Ready to process requests. Rgrds, Alex -----Original Message----- From: freeradius-users-bounces+alexbahoor=sbcglobal.net@lists.freeradius.org [mailto:freeradius-users-bounces+alexbahoor=sbcglobal.net@lists.freeradius.o rg] On Behalf Of Alan Buxey Sent: Thursday, December 10, 2009 2:07 AM To: FreeRadius users mailing list Subject: Re: Testing radius server Hi,
Now I know it's a config issue in the clients.conf, as radtest is failing. I set user name and password, but radius is sending a reject. This is the first time I'm using radius. So please bear with me. Can some one mail me example of the minimum required configuration that needed for the radius to work, no EAP or MSCAP ..etc.
hey, guess what - 'radiusd -X' this will be far more useful than throwing random recommendations to you. have you followed basic guidance regarding hwo to use clients.conf eg testuser Cleartext-Password := "testpassword" alan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html __________ Information from ESET NOD32 Antivirus, version of virus signature database 4674 (20091209) __________ The message was checked by ESET NOD32 Antivirus. http://www.eset.com __________ Information from ESET NOD32 Antivirus, version of virus signature database 4676 (20091210) __________ The message was checked by ESET NOD32 Antivirus. http://www.eset.com __________ Information from ESET NOD32 Antivirus, version of virus signature database 4676 (20091210) __________ The message was checked by ESET NOD32 Antivirus. http://www.eset.com