Thanks to your patience Alan, I have resolved !!!!!!!!!!!!!!! I have reinstalled freeradius. The errors was in radiusd.conf. Sorry but I did not know that for any modify in users file it was needed restart radiusd :-( The others old files do not give errors. I haved included the difference between the bad radiusd.conf file and the good (my new) radiusd.conf file. 20c20,21 < bind_address = * --- 54,84c55,60 < pap { < encryption_scheme = crypt < } < chap { < authtype = CHAP < } < pam { < pam_auth = radiusd < } < unix { < cache = no < cache_reload = 600 < shadow = /etc/shadow < radwtmp = ${logdir}/radwtmp < } < $INCLUDE ${confdir}/eap.conf < mschap { < authtype = MS-CHAP < } < ldap { < server = "ldap.your.domain" < basedn = "o=My Org,c=UA" < filter = "(uid=%{Stripped-User-Name:-%{User-Name}})" < start_tls = no < access_attr = "dialupAccess" < dictionary_mapping = ${raddbdir}/ldap.attrmap < ldap_connections_number = 5 < timeout = 4 < timelimit = 3 < net_timeout = 1 < } ---
#$INCLUDE ${confdir}/eap.conf eap { default_eap_type = md5 md5 { } } 136c112 < $INCLUDE ${confdir}/postgresql.conf
$INCLUDE ${confdir}/sql.conf 173a150
175a153
177a156,157
preprocess
182,197d161 < exec echo { < wait = yes < program = "/bin/echo %{User-Name}" < input_pairs = request < output_pairs = reply < } < ippool main_pool { < range-start = 192.168.1.1 < range-stop = 192.168.3.254 < netmask = 255.255.255.0 < cache-size = 800 < session-db = ${raddbdir}/db.ippool < ip-index = ${raddbdir}/db.ipindex < override = no < maximum-timeout = 0 < } 205,207d168 < chap < mschap < suffix 209,210d169 < files < sql 213,222d171 < Auth-Type PAP { < pap < } < Auth-Type CHAP { < chap < } < Auth-Type MS-CHAP { < mschap < } < unix 225a175
files 233d182 < unix 234a184 sql 237a188 sql 239a191 sql 244d195
Good year to all the participants to the mailing-list!!!!!!!!!!!!!!! BYE On Thu, Dec 29, 2005 at 02:22:19AM -0500, Alan DeKok wrote:
From: "Alan DeKok" <aland@ox.org> To: FreeRadius users mailing list <freeradius-users@lists.freeradius.org> Date: Thu, 29 Dec 2005 02:22:19 -0500 Subject: Re: EAP-MD5 Authentication problem
Marco Spiga <mspiga3@alice.it> wrote:
However as soon as installed freeradius I have tried radtest and it worked well, also whith users inserted in radcheck table of postgresql and authentication EAP MD5 has not never worked.
The entry in the "users" file isn't being matched because you edited radiusd.conf, and broke the server.
modcall: entering group authorize for request 0 modcall[authorize]: module "preprocess" returns ok for request 0 rlm_eap: EAP packet type response id 210 length 9 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 0 modcall: group authorize returns updated for request 0
See? There's no mention of the "files" module, or that any entry in the "users" file was matched. So you can edit the "users" file forever, and it won't affect anything... because *you* told the server to not look at the "users" file.
# eap sets the authenticate type as EAP authorize { ... eap }
And rather than quoting your exact "authorize" section, you've edited it.
Since I can read the debug output, I can tell what you've done. But by editing the "radiusd.conf" pieces you quoted, you've gone out of your way to make it more difficult for anyone to be able to help you.
In short, if you don't know what the entries in "radiusd.conf" do, DON'T EDIT THEM. The default configuration is set up that way for a reason. IT WORKS.
If you had used the default configuration, the "users" file entry would have worked as I said. But because you edited the default configuration (and didn't say you edited it), you broke it, and the "users" fil entry didn't work.
Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html ---fine del testo---
-- !!!!! Messaggio da Marco !!!!! -fine del testo--- !!!!! Messaggio da Marco !!!!!