Hi
I did my tests and after removing that custom block of authorize section the following is the output.

rad_recv: Access-Request packet from host 127.0.0.1 port 54347, id=2, length=57
        User-Name = "01546"
        User-Password = "xxxxxxxx"
        NAS-IP-Address = 192.168.0.99
        NAS-Port = 0
Sat Jan 21 19:21:08 2012 : Info: +- entering group authorize {...}
Sat Jan 21 19:21:08 2012 : Info: ++[preprocess] returns ok
Sat Jan 21 19:21:08 2012 : Info: ++[chap] returns noop
Sat Jan 21 19:21:08 2012 : Info: ++[mschap] returns noop
Sat Jan 21 19:21:08 2012 : Info: [suffix] No '@' in User-Name = "01546", looking up realm NULL
Sat Jan 21 19:21:08 2012 : Info: [suffix] No such realm "NULL"
Sat Jan 21 19:21:08 2012 : Info: ++[suffix] returns noop
Sat Jan 21 19:21:08 2012 : Info: [eap] No EAP-Message, not doing EAP
Sat Jan 21 19:21:08 2012 : Info: ++[eap] returns noop
Sat Jan 21 19:21:08 2012 : Info: [ntlm_auth]    expand: --username=%{mschap:User-Name} -> --username=01546
Sat Jan 21 19:21:08 2012 : Info: [ntlm_auth]    expand: --password=%{User-Password} -> --password=xxxxxxxxx
Sat Jan 21 19:21:08 2012 : Debug: Exec-Program output: NT_STATUS_OK: Success (0x0)
Sat Jan 21 19:21:08 2012 : Debug: Exec-Program-Wait: plaintext: NT_STATUS_OK: Success (0x0)
Sat Jan 21 19:21:08 2012 : Debug: Exec-Program: returned: 0
Sat Jan 21 19:21:08 2012 : Info: ++[ntlm_auth] returns ok
Sat Jan 21 19:21:08 2012 : Info: ++[expiration] returns noop
Sat Jan 21 19:21:08 2012 : Info: ++[logintime] returns noop
Sat Jan 21 19:21:08 2012 : Info: [pap] WARNING! No "known good" password found for the user.  Authentication may fail because of this.
Sat Jan 21 19:21:08 2012 : Info: ++[pap] returns noop
Sat Jan 21 19:21:08 2012 : Info: No authenticate method (Auth-Type) configuration found for the request: Rejecting the user
Sat Jan 21 19:21:08 2012 : Info: Failed to authenticate the user.
Sat Jan 21 19:21:08 2012 : Info: Using Post-Auth-Type Reject
Sat Jan 21 19:21:08 2012 : Info: +- entering group REJECT {...}
Sat Jan 21 19:21:08 2012 : Info: [attr_filter.access_reject]    expand: %{User-Name} -> 01546
Sat Jan 21 19:21:08 2012 : Debug:  attr_filter: Matched entry DEFAULT at line 11

---------------------------------------------------------

So means that ntlm_auth is still wokring good bt some access control triggers the Access-Reject.

I am still directionless as to where should I head next, I mean how to make tht EAP client and MSCHAP authentication work. Would appreciate if I could get some handy quick and dirty list of works to do next OR some URL/mailing list entry etc which explains the same.

I am reading a FreeRadius book (Packet Publishing) which just might help.

Regards
Dhiraj Gaur


On Sat, Jan 21, 2012 at 7:12 PM, Dhiraj Gaur <dhiraj.gaur@gmail.com> wrote:
Thanks ndk and alan I lll give it a fresh try to the testbed. I have already deleted the DEFAULT entry from the users file and updated mschap as indicated. I think what might be forcing NTLM_AUTH is an entry which i made to the authorize section of default file after which ntlm_auth strated to work for me

if(!control:Auth-Type) {
                update control {
                        Auth-Type = "ntlm_auth"
                }
        }
I ll try removing the same and then need to see how mschap thing will work. Would appreciate if you may point me to a further howto on the same. I aim to connect and eap client through radius without the use of certificates for which MSCHAP seems to be an option.

I think I ll write a howto or add a wiki entry if I can make it work fine.

regards
Dhiraj Gaur


On Sat, Jan 21, 2012 at 2:16 AM, Alan DeKok <aland@deployingradius.com> wrote:
NdK wrote:
>>   The radclient program has since been updated.
> Then it could be better to update that page, since it's the reference
> for all newbies that try to make it work.

 Yeah, I've gone and fixed that.  "git" is nice for updating web pages.

> "It *should* work" is more correct :(
> There still are many things that can go wrong.

 If it doesn't work, the web pages explain which part to blame.  99% of
the time, it's a bug in someone else's software.

 Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html



--
Regards

Dhiraj Gaur 

 




--
Regards

Dhiraj Gaur