Hi, I am now in using FreeRADIUS 1.0.5 with ATA 188 v3.1.2 and GunGK 2.2.2_4 on FreeBSD 6.0. When GnuGK send Access Request for ATA, RADIUS reject it. You can check the log from FreeRADIUS as below. When authorization, RADIUS set Auth-Type as CHAP. (In the log, you can see "rlm_chap: Setting 'Auth-Type := CHAP'".) But when authentication, RADIUS set Auth-Type as Reject. (In the log, you can see "rad_check_password: Found Auth-Type Reject".) I don't know why Auth-Type is changed. Could you tell me what I am wrong in configuration? Thanks in advance. Bye. BJ. =========================== The log from FreeRADIUS =========================== rad_recv: Access-Request packet from host 152.102.50.225:64821, id=117, length=145 User-Name = "happian" CHAP-Password = 0x04b3d9e7363592e0e15a4fc9c7ec90e627 CHAP-Challenge = 0x43c44e1a NAS-IP-Address = 152.102.50.225 NAS-Identifier = "Gatekeeper" NAS-Port-Type = Virtual Service-Type = Login-User Framed-IP-Address = 152.102.50.223 Cisco-AVPair = "h323-ivr-out=terminal-alias:happian,0175722139;" Processing the authorize section of radiusd.conf modcall: entering group authorize for request 5 radius_xlat: '/var/log/radius/radacct//auth-detail-20060111' rlm_detail: /var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d expands to /var/log/radius/radacct//auth-detail-20060111 modcall[authorize]: module "auth_log" returns ok for request 5 rlm_chap: Setting 'Auth-Type := CHAP' modcall[authorize]: module "chap" returns ok for request 5 radius_xlat: 'happian' rlm_sql (sql): sql_set_user escaped user --> 'happian' radius_xlat: 'SELECT id, 'happian', attrname, attrvalue, attrop FROM ??radius_get_check_attrs('happian', NULLIF('152.102.50.223', ' ')::INET, ???CASE ????WHEN '' = '' THEN TRUE ????ELSE FALSE ???END, ???CASE WHEN 'Login-User' = 'Call-Check' THEN TRUE ELSE FALSE EN D, ???'', NULLIF('',''), ???parse_avpair('h323-ivr-out=3Dterminal-alias:happian=2C0175722139=3B', 'h323-ivr-out', 'terminal-alias') ???)' rlm_sql (sql): Reserving sql socket id: 4 rlm_sql_postgresql: query: SELECT id, 'happian', attrname, attrvalue, attrop FROM ??radius_get_check_attrs('happian', NULLIF('152.10 2.50.223', '')::INET, ???CASE ????WHEN '' = '' THEN TRUE ????ELSE FALSE ???END, ???CASE WHEN 'Login-User' = 'Call-Check' THEN TRUE E LSE FALSE END, ???'', NULLIF('',''), ???parse_avpair('h323-ivr-out=3Dterminal-alias:happian=2C0175722139=3B', 'h323-ivr-out', 'termi nal-alias') ???) rlm_sql_postgresql: Status: PGRES_TUPLES_OK rlm_sql_postgresql: affected rows = radius_xlat: '' radius_xlat: 'SELECT id, 'happian', attrname, attrvalue, attrop FROM ??radius_get_reply_attrs('happian', NULLIF('152.102.50.223', ' ')::INET, ???CASE ????WHEN '' = '' THEN TRUE ????ELSE FALSE ???END, ???CASE WHEN 'Login-User' = 'Call-Check' THEN TRUE ELSE FALSE EN D, ???'', NULLIF('',''), ???parse_avpair('h323-ivr-out=3Dterminal-alias:happian=2C0175722139=3B', 'h323-ivr-out', 'terminal-alias') ???)' rlm_sql_postgresql: query: SELECT id, 'happian', attrname, attrvalue, attrop FROM ??radius_get_reply_attrs('happian', NULLIF('152.10 2.50.223', '')::INET, ???CASE ????WHEN '' = '' THEN TRUE ????ELSE FALSE ???END, ???CASE WHEN 'Login-User' = 'Call-Check' THEN TRUE E LSE FALSE END, ???'', NULLIF('',''), ???parse_avpair('h323-ivr-out=3Dterminal-alias:happian=2C0175722139=3B', 'h323-ivr-out', 'termi nal-alias') ???) rlm_sql_postgresql: Status: PGRES_TUPLES_OK rlm_sql_postgresql: affected rows = radius_xlat: '' rlm_sql (sql): Released sql socket id: 4 modcall[authorize]: module "sql" returns ok for request 5 modcall: group authorize returns ok for request 5 rad_check_password: Found Auth-Type Reject rad_check_password: Auth-Type = Reject, rejecting user auth: Failed to validate the user. Login incorrect: [happian/<CHAP-Password>] (from client Gatekeeper port 0) Sending Access-Reject of id 117 to 152.102.50.225:64821 Finished request 5 ====================================================================== =========================== radiusd.conf =========================== prefix = /usr/local exec_prefix = ${prefix} sysconfdir = ${prefix}/etc localstatedir = /var sbindir = ${exec_prefix}/sbin logdir = ${localstatedir}/log/radius raddbdir = ${sysconfdir}/raddb radacctdir = ${logdir}/radacct confdir = ${raddbdir} run_dir = ${localstatedir}/run/ log_file = ${logdir}/radius.log libdir = ${exec_prefix}/lib pidfile = ${run_dir}/radiusd.pid max_request_time = 30 delete_blocked_requests = no cleanup_delay = 5 max_requests = 1024 bind_address = * port = 0 hostname_lookups = no allow_core_dumps = no regular_expressions = yes extended_expressions = yes log_stripped_names = yes log_auth = yes log_auth_badpass = yes log_auth_goodpass = yes usercollide = no lower_user = no lower_pass = no nospace_user = no nospace_pass = no checkrad = ${sbindir}/checkrad security { max_attributes = 200 reject_delay = 0 status_server = no } proxy_requests = no $INCLUDE ${confdir}/clients.conf snmp = no thread pool { start_servers = 2 max_servers = 5 min_spare_servers = 1 max_spare_servers = 2 max_requests_per_server = 0 } modules { chap { authtype = CHAP } preprocess { with_ascend_hack = no ascend_channels_per_line = 23 with_ntdomain_hack = no with_specialix_jetstream_hack = no with_cisco_vsa_hack = yes } detail { detailfile = ${radacctdir}/%{Client-IP-Address}/detail-%Y%m%d detailperm = 0600 } detail auth_log { detailfile = ${radacctdir}/%{Client-IP-Address}/auth-detail-%Y%m%d detailperm = 0600 } detail reply_log { detailfile = ${radacctdir}/%{Client-IP-Address}/reply-detail-%Y%m%d detailperm = 0600 } acct_unique { key = "User-Name, Acct-Session-Id, NAS-IP-Address, Client-IP-Address, NAS-Port-Id" } $INCLUDE ${confdir}/postgresql.conf radutmp { filename = ${logdir}/radutmp username = %{User-Name} case_sensitive = yes check_with_nas = yes perm = 0600 callerid = "yes" } radutmp sradutmp { filename = ${logdir}/sradutmp perm = 0644 callerid = "no" } expr { } digest { } exec { wait = yes input_pairs = request } exec echo { wait = yes program = "/bin/echo %{User-Name}" input_pairs = request output_pairs = reply } ippool main_pool { range-start = 192.168.1.1 range-stop = 192.168.3.254 netmask = 255.255.255.0 cache-size = 800 session-db = ${raddbdir}/db.ippool ip-index = ${raddbdir}/db.ipindex override = no } } instantiate { expr } authorize { preprocess auth_log chap sql } authenticate { Auth-Type CHAP { chap } } preacct { } accounting { acct_unique sql } session { } post-auth { reply_log } pre-proxy { } post-proxy { } =====================================================================