Hi I did my tests and after removing that custom block of authorize section the following is the output. rad_recv: Access-Request packet from host 127.0.0.1 port 54347, id=2, length=57 User-Name = "01546" User-Password = "xxxxxxxx" NAS-IP-Address = 192.168.0.99 NAS-Port = 0 Sat Jan 21 19:21:08 2012 : Info: +- entering group authorize {...} Sat Jan 21 19:21:08 2012 : Info: ++[preprocess] returns ok Sat Jan 21 19:21:08 2012 : Info: ++[chap] returns noop Sat Jan 21 19:21:08 2012 : Info: ++[mschap] returns noop Sat Jan 21 19:21:08 2012 : Info: [suffix] No '@' in User-Name = "01546", looking up realm NULL Sat Jan 21 19:21:08 2012 : Info: [suffix] No such realm "NULL" Sat Jan 21 19:21:08 2012 : Info: ++[suffix] returns noop Sat Jan 21 19:21:08 2012 : Info: [eap] No EAP-Message, not doing EAP Sat Jan 21 19:21:08 2012 : Info: ++[eap] returns noop Sat Jan 21 19:21:08 2012 : Info: [ntlm_auth] expand: --username=%{mschap:User-Name} -> --username=01546 Sat Jan 21 19:21:08 2012 : Info: [ntlm_auth] expand: --password=%{User-Password} -> --password=xxxxxxxxx Sat Jan 21 19:21:08 2012 : Debug: Exec-Program output: NT_STATUS_OK: Success (0x0) Sat Jan 21 19:21:08 2012 : Debug: Exec-Program-Wait: plaintext: NT_STATUS_OK: Success (0x0) Sat Jan 21 19:21:08 2012 : Debug: Exec-Program: returned: 0 Sat Jan 21 19:21:08 2012 : Info: ++[ntlm_auth] returns ok Sat Jan 21 19:21:08 2012 : Info: ++[expiration] returns noop Sat Jan 21 19:21:08 2012 : Info: ++[logintime] returns noop Sat Jan 21 19:21:08 2012 : Info: [pap] WARNING! No "known good" password found for the user. Authentication may fail because of this. Sat Jan 21 19:21:08 2012 : Info: ++[pap] returns noop Sat Jan 21 19:21:08 2012 : Info: No authenticate method (Auth-Type) configuration found for the request: Rejecting the user Sat Jan 21 19:21:08 2012 : Info: Failed to authenticate the user. Sat Jan 21 19:21:08 2012 : Info: Using Post-Auth-Type Reject Sat Jan 21 19:21:08 2012 : Info: +- entering group REJECT {...} Sat Jan 21 19:21:08 2012 : Info: [attr_filter.access_reject] expand: %{User-Name} -> 01546 Sat Jan 21 19:21:08 2012 : Debug: attr_filter: Matched entry DEFAULT at line 11 --------------------------------------------------------- So means that ntlm_auth is still wokring good bt some access control triggers the Access-Reject. I am still directionless as to where should I head next, I mean how to make tht EAP client and MSCHAP authentication work. Would appreciate if I could get some handy quick and dirty list of works to do next OR some URL/mailing list entry etc which explains the same. I am reading a FreeRadius book (Packet Publishing) which just might help. Regards Dhiraj Gaur On Sat, Jan 21, 2012 at 7:12 PM, Dhiraj Gaur <dhiraj.gaur@gmail.com> wrote:
Thanks ndk and alan I lll give it a fresh try to the testbed. I have already deleted the DEFAULT entry from the users file and updated mschap as indicated. I think what might be forcing NTLM_AUTH is an entry which i made to the authorize section of default file after which ntlm_auth strated to work for me
if(!control:Auth-Type) { update control { Auth-Type = "ntlm_auth" } } I ll try removing the same and then need to see how mschap thing will work. Would appreciate if you may point me to a further howto on the same. I aim to connect and eap client through radius without the use of certificates for which MSCHAP seems to be an option.
I think I ll write a howto or add a wiki entry if I can make it work fine.
regards Dhiraj Gaur
On Sat, Jan 21, 2012 at 2:16 AM, Alan DeKok <aland@deployingradius.com>wrote:
NdK wrote:
The radclient program has since been updated. Then it could be better to update that page, since it's the reference for all newbies that try to make it work.
Yeah, I've gone and fixed that. "git" is nice for updating web pages.
"It *should* work" is more correct :( There still are many things that can go wrong.
If it doesn't work, the web pages explain which part to blame. 99% of the time, it's a bug in someone else's software.
Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
-- Regards
Dhiraj Gaur
-- Regards Dhiraj Gaur