Marco Spiga <mspiga3@alice.it> wrote: Still it does not work :-((
Go read the FAQ. See 5.10. It's directed specifically at your remark.
Alan DEKok.
Endured made!!!!!! I don't have include the output of radtest because I want to only qualify radiusd to use authentication EAP MD5. However as soon as installed freeradius I have tried radtest and it worked well, also whith users inserted in radcheck table of postgresql and authentication EAP MD5 has not never worked. The req.txt file contains: User-Name = "test" EAP-MD5-Password = "password" NAS-IP-Address = "localhost" EAP-Code = Response EAP-Id = 210 EAP-Type-Identity = "test" EAP-Message = "0x0" Message-Authenticator = "0x0" NAS-Port = WITH OUTPUT: +++> About to send encoded packet: User-Name = "test" EAP-MD5-Password = "password" NAS-IP-Address = localhost EAP-Code = Response EAP-Id = 210 EAP-Type-Identity = "test" Sending Access-Request of id 2 to 127.0.0.1:1812 User-Name = "test" NAS-IP-Address = localhost EAP-Message = 0x02d200090174657374 Message-Authenticator = 0x00000000000000000000000000000000 rad_recv: Access-Challenge packet from host 127.0.0.1:1812, id=2, length=80 EAP-Message = 0x01d300160410dc4eb119fa86b90b61acfdb69ab3a961 Message-Authenticator = 0x30c5633d1d0717256ade7d9780683428 State = 0xf28f6899a431b6ac423bf3672d4a21b9 <+++ EAP decoded packet: EAP-Message = 0x01d300160410dc4eb119fa86b90b61acfdb69ab3a961 Message-Authenticator = 0x30c5633d1d0717256ade7d9780683428 State = 0xf28f6899a431b6ac423bf3672d4a21b9 EAP-Id = 211 EAP-Code = Request EAP-Type-MD5 = 0x10dc4eb119fa86b90b61acfdb69ab3a961 +++> About to send encoded packet: User-Name = "test" EAP-MD5-Password = "password" NAS-IP-Address = localhost EAP-Code = Response EAP-Id = 211 Message-Authenticator = 0x00000000000000000000000000000000 EAP-Type-MD5 = 0x1079d9627aaca015bb70d2d48eb3d5581b State = 0xf28f6899a431b6ac423bf3672d4a21b9 Sending Access-Request of id 3 to 127.0.0.1:1812 User-Name = "test" NAS-IP-Address = localhost Message-Authenticator = 0x00000000000000000000000000000000 State = 0xf28f6899a431b6ac423bf3672d4a21b9 EAP-Message = 0x02d30016041079d9627aaca015bb70d2d48eb3d5581b Re-sending Access-Request of id 3 to 127.0.0.1:1812 User-Name = "test" EAP-MD5-Password = "password" NAS-IP-Address = localhost EAP-Code = Response EAP-Id = 211 Message-Authenticator = 0x00000000000000000000000000000000 EAP-Type-MD5 = 0x1079d9627aaca015bb70d2d48eb3d5581b State = 0xf28f6899a431b6ac423bf3672d4a21b9 EAP-Message = 0x02d30016041079d9627aaca015bb70d2d48eb3d5581b rad_recv: Access-Reject packet from host 127.0.0.1:1812, id=3, length=44 EAP-Message = 0x04d30004 Message-Authenticator = 0x54a6958e6602e2a3ada0be9c34d398b2 <+++ EAP decoded packet: EAP-Message = 0x04d30004 Message-Authenticator = 0x54a6958e6602e2a3ada0be9c34d398b2 EAP-Id = 211 EAP-Code = Failure Total approved auths: 0 Total denied auths: 2 -------------------------------------------------------------------- -------------------------------------------------------------------- the radius.conf file contain: modules { ... eap { default_eap_type = md5 md5 { } ... } ... } # eap sets the authenticate type as EAP authorize { ... eap } # eap authentication takes place. authenticate { eap } the eap.conf file contain: eap { default_eap_type = md5 md5 { } } the users file contain: # # Please read the documentation file ../doc/processing_users_file, # or 'man 5 users' (after installing the server) for more information. # # This file contains authentication security and configuration # information for each user. Accounting requests are NOT processed # through this file. Instead, see 'acct_users', in this directory. # # The first field is the user's name and can be up to # 253 characters in length. This is followed (on the same line) with # the list of authentication requirements for that user. This can # include password, comm server name, comm server port number, protocol # type (perhaps set by the "hints" file), and huntgroup name (set by # the "huntgroups" file). # # If you are not sure why a particular reply is being sent by the # server, then run the server in debugging mode (radiusd -X), and # you will see which entries in this file are matched. # # When an authentication request is received from the comm server, # these values are tested. Only the first match is used unless the # "Fall-Through" variable is set to "Yes". # # A special user named "DEFAULT" matches on all usernames. # You can have several DEFAULT entries. All entries are processed # in the order they appear in this file. The first entry that # matches the login-request will stop processing unless you use # the Fall-Through variable. # # If you use the database support to turn this file into a .db or .dbm # file, the DEFAULT entries _have_ to be at the end of this file and # you can't have multiple entries for one username. # # You don't need to specify a password if you set Auth-Type += System # on the list of authentication requirements. The RADIUS server # will then check the system password file. # # Indented (with the tab character) lines following the first # line indicate the configuration values to be passed back to # the comm server to allow the initiation of a user session. # This can include things like the PPP configuration values # or the host to log the user onto. # # You can include another `users' file with `$INCLUDE users.other' # # # For a list of RADIUS attributes, and links to their definitions, # see: # # http://www.freeradius.org/rfc/attributes.html # # # Deny access for a specific user. Note that this entry MUST # be before any other 'Auth-Type' attribute which results in the user # being authenticated. # # Note that there is NO 'Fall-Through' attribute, so the user will not # be given any additional resources. # #lameuser Auth-Type := Reject # Reply-Message = "Your account has been disabled." # # Deny access for a group of users. # # Note that there is NO 'Fall-Through' attribute, so the user will not # be given any additional resources. # #DEFAULT Group == "disabled", Auth-Type := Reject # Reply-Message = "Your account has been disabled." # # # This is a complete entry for "steve". Note that there is no Fall-Through # entry so that no DEFAULT entry will be used, and the user will NOT # get any attributes in addition to the ones listed here. # #steve Auth-Type := Local, User-Password == "testing" # Service-Type = Framed-User, # Framed-Protocol = PPP, # Framed-IP-Address = 172.16.3.33, # Framed-IP-Netmask = 255.255.255.0, # Framed-Routing = Broadcast-Listen, # Framed-Filter-Id = "std.ppp", # Framed-MTU = 1500, # Framed-Compression = Van-Jacobsen-TCP-IP # # This is an entry for a user with a space in their name. # Note the double quotes surrounding the name. # #"JohnDoe" Auth-Type := Local, User-Password == "hello" # Reply-Message = "Hello, %u" "test" Auth-Type := EAP, User-Password := "password" Reply-Message = "Hello, %u" #"test2" Auth-Type := Local, User-Password == "hello" # Reply-Message = "Hello, %u" # # Dial user back and telnet to the default host for that port # #Deg Auth-Type := Local, User-Password == "ge55ged" # Service-Type = Callback-Login-User, # Login-IP-Host = 0.0.0.0, # Callback-Number = "9,5551212", # Login-Service = Telnet, # Login-TCP-Port = Telnet # # Another complete entry. After the user "dialbk" has logged in, the # connection will be broken and the user will be dialed back after which # he will get a connection to the host "timeshare1". # #dialbk Auth-Type := Local, User-Password == "callme" # Service-Type = Callback-Login-User, # Login-IP-Host = timeshare1, # Login-Service = PortMaster, # Callback-Number = "9,1-800-555-1212" # # user "swilson" will only get a static IP number if he logs in with # a framed protocol on a terminal server in Alphen (see the huntgroups file). # # Note that by setting "Fall-Through", other attributes will be added from # the following DEFAULT entries # #swilson Service-Type == Framed-User, Huntgroup-Name == "alphen" # Framed-IP-Address = 192.168.1.65, # Fall-Through = Yes # # If the user logs in as 'username.shell', then authenticate them # against the system database, give them shell access, and stop processing # the rest of the file. # #DEFAULT Suffix == ".shell", Auth-Type := System # Service-Type = Login-User, # Login-Service = Telnet, # Login-IP-Host = your.shell.machine # # The rest of this file contains the several DEFAULT entries. # DEFAULT entries match with all login names. # Note that DEFAULT entries can also Fall-Through (see first entry). # A name-value pair from a DEFAULT entry will _NEVER_ override # an already existing name-value pair. # # # First setup all accounts to be checked against the UNIX /etc/passwd. # (Unless a password was already given earlier in this file). # DEFAULT Auth-Type = System Fall-Through = 1 # # Set up different IP address pools for the terminal servers. # Note that the "+" behind the IP address means that this is the "base" # IP address. The Port-Id (S0, S1 etc) will be added to it. # #DEFAULT Service-Type == Framed-User, Huntgroup-Name == "alphen" # Framed-IP-Address = 192.168.1.32+, # Fall-Through = Yes #DEFAULT Service-Type == Framed-User, Huntgroup-Name == "delft" # Framed-IP-Address = 192.168.2.32+, # Fall-Through = Yes # # Defaults for all framed connections. # DEFAULT Service-Type == Framed-User Framed-IP-Address = 255.255.255.254, Framed-MTU = 576, Service-Type = Framed-User, Fall-Through = Yes # # Default for PPP: dynamic IP address, PPP mode, VJ-compression. # NOTE: we do not use Hint = "PPP", since PPP might also be auto-detected # by the terminal server in which case there may not be a "P" suffix. # The terminal server sends "Framed-Protocol = PPP" for auto PPP. # DEFAULT Framed-Protocol == PPP Framed-Protocol = PPP, Framed-Compression = Van-Jacobson-TCP-IP # # Default for CSLIP: dynamic IP address, SLIP mode, VJ-compression. # DEFAULT Hint == "CSLIP" Framed-Protocol = SLIP, Framed-Compression = Van-Jacobson-TCP-IP # # Default for SLIP: dynamic IP address, SLIP mode. # DEFAULT Hint == "SLIP" Framed-Protocol = SLIP # # Last default: rlogin to our main server. # #DEFAULT # Service-Type = Login-User, # Login-Service = Rlogin, # Login-IP-Host = shellbox.ispdomain.com # # # # Last default: shell on the local terminal server. # # # DEFAULT # Service-Type = Shell-User # On no match, the user is denied access. ------------------------------------------------------ And the OUTPUT of the radiusd -XA is: Starting - reading configuration files ... reread_config: reading radiusd.conf Config: including file: /etc/raddb/proxy.conf Config: including file: /etc/raddb/clients.conf Config: including file: /etc/raddb/snmp.conf Config: including file: /etc/raddb/sql.conf main: prefix = "/usr" main: localstatedir = "/var" main: logdir = "/var/log/radius" main: libdir = "/usr/lib" main: radacctdir = "/var/log/radius/radacct" main: hostname_lookups = no main: max_request_time = 30 main: cleanup_delay = 5 main: max_requests = 1024 main: delete_blocked_requests = 0 main: port = 0 main: allow_core_dumps = no main: log_stripped_names = no main: log_file = "/var/log/radius/radius.log" main: log_auth = no main: log_auth_badpass = no main: log_auth_goodpass = no main: pidfile = "/var/run/radiusd/radiusd.pid" main: bind_address = 127.0.0.1 IP address [127.0.0.1] main: user = "radiusd" main: group = "radiusd" main: usercollide = no main: lower_user = "no" main: lower_pass = "no" main: nospace_user = "no" main: nospace_pass = "no" main: checkrad = "/usr/sbin/checkrad" main: proxy_requests = yes proxy: retry_delay = 5 proxy: retry_count = 3 proxy: synchronous = no proxy: default_fallback = yes proxy: dead_time = 120 proxy: post_proxy_authorize = yes proxy: wake_all_if_all_dead = no security: max_attributes = 200 security: reject_delay = 1 security: status_server = no main: debug_level = 0 read_config_files: reading dictionary read_config_files: reading naslist Using deprecated naslist file. Support for this will go away soon. read_config_files: reading clients read_config_files: reading realms radiusd: entering modules setup Module: Library search path is /usr/lib Module: Loaded exec exec: wait = yes exec: program = "(null)" exec: input_pairs = "request" exec: output_pairs = "(null)" exec: packet_type = "(null)" rlm_exec: Wait=yes but no output defined. Did you mean output=none? Module: Instantiated exec (exec) Module: Loaded expr Module: Instantiated expr (expr) Module: Loaded eap eap: default_eap_type = "md5" eap: timer_expire = 60 eap: ignore_unknown_eap_types = no eap: cisco_accounting_username_bug = no rlm_eap: Loaded and initialized type md5 Module: Instantiated eap (eap) Module: Loaded preprocess preprocess: huntgroups = "/etc/raddb/huntgroups" preprocess: hints = "/etc/raddb/hints" preprocess: with_ascend_hack = no preprocess: ascend_channels_per_line = 23 preprocess: with_ntdomain_hack = no preprocess: with_specialix_jetstream_hack = no preprocess: with_cisco_vsa_hack = no Module: Instantiated preprocess (preprocess) Module: Loaded files files: usersfile = "/etc/raddb/users" files: acctusersfile = "/etc/raddb/acct_users" files: preproxy_usersfile = "/etc/raddb/preproxy_users" files: compat = "no" Module: Instantiated files (files) Module: Loaded Acct-Unique-Session-Id acct_unique: key = "User-Name, Acct-Session-Id, NAS-IP-Address, Client-IP-Address, NAS-Port" Module: Instantiated acct_unique (acct_unique) Module: Loaded realm realm: format = "suffix" realm: delimiter = "@" realm: ignore_default = no realm: ignore_null = no Module: Instantiated realm (suffix) Module: Loaded detail detail: detailfile = "/var/log/radius/radacct/%{Client-IP-Address}/detail-%Y%m%d" detail: detailperm = 384 detail: dirperm = 493 detail: locking = no Module: Instantiated detail (detail) Module: Loaded radutmp radutmp: filename = "/var/log/radius/radutmp" radutmp: username = "%{User-Name}" radutmp: case_sensitive = yes radutmp: check_with_nas = yes radutmp: perm = 384 radutmp: callerid = yes Module: Instantiated radutmp (radutmp) Module: Loaded SQL sql: driver = "rlm_sql_postgresql" sql: server = "localhost" sql: port = "" sql: login = "manut" sql: password = "test" sql: radius_db = "radiusdb" sql: acct_table = "radacct" sql: acct_table2 = "radacct" sql: authcheck_table = "radcheck" sql: authreply_table = "radreply" sql: groupcheck_table = "radgroupcheck" sql: groupreply_table = "radgroupreply" sql: usergroup_table = "usergroup" sql: nas_table = "nas" sql: dict_table = "dictionary" sql: sqltrace = yes sql: sqltracefile = "/var/log/radius/sqltrace.sql" sql: readclients = no sql: deletestalesessions = yes sql: num_sql_socks = 5 sql: sql_user_name = "%{User-Name}" sql: default_user_profile = "" sql: query_on_not_found = no sql: authorize_check_query = "SELECT id, UserName, Attribute, Value, Op ??FROM radcheck ??WHERE Username = '%{SQL-User-Name}' ??ORDER BY id" sql: authorize_reply_query = "SELECT id, UserName, Attribute, Value, Op ??FROM radreply ??WHERE Username = '%{SQL-User-Name}' ??ORDER BY id" sql: authorize_group_check_query = "SELECT radgroupcheck.id, radgroupcheck.GroupName, ??radgroupcheck.Attribute, radgroupcheck.Value,radgroupcheck.Op ??FROM radgroupcheck, usergroup ??WHERE usergroup.Username = '%{SQL-User-Name}' AND usergroup.GroupName = radgroupcheck.GroupName ??ORDER BY radgroupcheck.id" sql: authorize_group_reply_query = "SELECT radgroupreply.id, radgroupreply.GroupName, radgroupreply.Attribute, ??radgroupreply.Value, radgroupreply.Op ??FROM radgroupreply,usergroup ??WHERE usergroup.Username = '%{SQL-User-Name}' AND usergroup.GroupName = radgroupreply.GroupName ??ORDER BY radgroupreply.id" sql: accounting_onoff_query = "UPDATE radacct ??SET AcctStopTime = (now() - '%{Acct-Delay-Time:-0}'::interval), ??AcctSessionTime = (EXTRACT(EPOCH FROM(now()::timestamp with time zone - AcctStartTime::timestamp with time zone - '%{Acct-Delay-Time:-0}'::interval)))::BIGINT, ??AcctTerminateCause='%{Acct-Terminate-Cause}', AcctStopDelay = '%{Acct-Delay-Time:-0}' ??WHERE AcctSessionTime IS NULL AND AcctStopTime IS NULL AND NASIPAddress= '%{NAS-IP-Address}' AND AcctStartTime <= now()" sql: accounting_update_query = "UPDATE radacct ??SET FramedIPAddress = NULLIF('%{Framed-IP-Address}', '')::inet, ??AcctSessionTime = (EXTRACT(EPOCH FROM(now()::timestamp with time zone - AcctStartTime::timestamp with time zone - '%{Acct-Delay-Time:-0}'::interval)))::BIGINT, AcctInputOctets = (('%{Acct-Input-Gigawords:-0}'::bigint << 32) + '%{Acct-Input-Octets:-0}'::bigint), AcctOutputOctets = (('%{Acct-Output-Gigawords:-0}'::bigint << 32) + '%{Acct-Output-Octets:-0}'::bigint) ??WHERE AcctSessionId = '%{Acct-Session-Id}' AND UserName = '%{SQL-User-Name}' ??AND NASIPAddress= '%{NAS-IP-Address}' AND AcctStopTime IS NULL" sql: accounting_update_query_alt = "INSERT into radacct ??(AcctSessionId, AcctUniqueId, UserName, Realm, NASIPAddress, NASPortId, NASPortType, AcctStartTime, ??AcctSessionTime, AcctAuthentic, AcctInputOctets, AcctOutputOctets, CalledStationId, CallingStationId, ??ServiceType, FramedProtocol, FramedIPAddress) ??values('%{Acct-Session-Id}', '%{Acct-Unique-Session-Id}', '%{SQL-User-Name}', '%{Realm}', '%{NAS-IP-Address}', ??'%{NAS-Port}', '%{NAS-Port-Type}', (now() - '%{Acct-Delay-Time:-0}'::interval - '%{Acct-Session-Time:-0}'::interval), ??'%{Acct-Session-Time}', '%{Acct-Authentic}', ??(('%{Acct-Input-Gigawords:-0}'::bigint << 32) + '%{Acct-Input-Octets:-0}'::bigint), ??(('%{Acct-Output-Gigawords:-0}'::bigint << 32) + '%{Acct-Output-Octets:-0}'::bigint), '%{Called-Station-Id}', ??'%{Calling-Station-Id}', '%{Service-Type}', '%{Framed-Protocol}', ??NULLIF('%{Framed-IP-Address}', '')::inet)" sql: accounting_start_query = "INSERT into radacct ??(AcctSessionId, AcctUniqueId, UserName, Realm, NASIPAddress, NASPortId, NASPortType, AcctStartTime, AcctAuthentic, ??ConnectInfo_start, CalledStationId, CallingStationId, ServiceType, FramedProtocol, FramedIPAddress, AcctStartDelay) ??values('%{Acct-Session-Id}', '%{Acct-Unique-Session-Id}', '%{SQL-User-Name}', '%{Realm}', '%{NAS-IP-Address}', ??'%{NAS-Port}', '%{NAS-Port-Type}', (now() - '%{Acct-Delay-Time:-0}'::interval), '%{Acct-Authentic}', '%{Connect-Info}', ??'%{Called-Station-Id}', '%{Calling-Station-Id}', '%{Service-Type}', '%{Framed-Protocol}', ??NULLIF('%{Framed-IP-Address}', '')::inet, '%{Acct-Delay-Time:-0}')" sql: accounting_start_query_alt = "UPDATE radacct ??SET AcctStartTime = (now() - '%{Acct-Delay-Time:-0}'::interval), AcctStartDelay = '%{Acct-Delay-Time:-0}', ??ConnectInfo_start = '%{Connect-Info}' WHERE AcctSessionId = '%{Acct-Session-Id}' AND UserName = '%{SQL-User-Name}' ??AND NASIPAddress = '%{NAS-IP-Address}' AND AcctStopTime IS NULL" sql: accounting_stop_query = "UPDATE radacct ??SET AcctStopTime = (now() - '%{Acct-Delay-Time:-0}'::interval), ??AcctSessionTime = NULLIF('%{Acct-Session-Time}', '')::bigint, ??AcctInputOctets = (('%{Acct-Input-Gigawords:-0}'::bigint << 32) + '%{Acct-Input-Octets:-0}'::bigint), ??AcctOutputOctets = (('%{Acct-Output-Gigawords:-0}'::bigint << 32) + '%{Acct-Output-Octets:-0}'::bigint), ??AcctTerminateCause = '%{Acct-Terminate-Cause}', AcctStopDelay = '%{Acct-Delay-Time:-0}', ??FramedIPAddress = NULLIF('%{Framed-IP-Address}', '')::inet, ConnectInfo_stop = '%{Connect-Info}' ??WHERE AcctSessionId = '%{Acct-Session-Id}' AND UserName = '%{SQL-User-Name}' ??AND NASIPAddress = '%{NAS-IP-Address}' AND AcctStopTime IS NULL" sql: accounting_stop_query_alt = "INSERT into radacct ??(AcctSessionId, AcctUniqueId, UserName, Realm, NASIPAddress, NASPortId, NASPortType, AcctStartTime, AcctStopTime, ??AcctSessionTime, AcctAuthentic, ConnectInfo_stop, AcctInputOctets, AcctOutputOctets, CalledStationId, CallingStationId, ??AcctTerminateCause, ServiceType, FramedProtocol, FramedIPAddress, AcctStopDelay) ??values('%{Acct-Session-Id}', '%{Acct-Unique-Session-Id}', '%{SQL-User-Name}', '%{Realm}', '%{NAS-IP-Address}', ??'%{NAS-Port}', '%{NAS-Port-Type}', (now() - '%{Acct-Delay-Time:-0}'::interval - '%{Acct-Session-Time:-0}'::interval), ??(now() - '%{Acct-Delay-Time:-0}'::interval), NULLIF('%{Acct-Session-Time}', '')::bigint, ??'%{Acct-Authentic}', '%{Connect-Info}', ??(('%{Acct-Input-Gigawords:-0}'::bigint << 32) + '%{Acct-Input-Octets:-0}'::bigint), ??(('%{Acct-Output-Gigawords:-0}'::bigint << 32) + '%{Acct-Output-Octets:-0}'::bigint), '%{Called-Station-Id}', ??'%{Calling-Station-Id}', '%{Acct-Terminate-Cause}', '%{Service-Type}', '%{Framed-Protocol}', ??NULLIF('%{Framed-IP-Address}', '')::inet, '%{Acct-Delay-Time:-0}')" sql: group_membership_query = "SELECT GroupName FROM usergroup WHERE UserName='%{SQL-User-Name}'" sql: connect_failure_retry_delay = 60 sql: simul_count_query = "" sql: simul_verify_query = "" sql: postauth_table = "radpostauth" sql: postauth_query = "INSERT into radpostauth (username, pass, reply, authdate) ??values ('%{User-Name}', '%{User-Password:-Chap-Password}', '%{reply:Packet-Type}', NOW())" sql: safe-characters = "@abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789.-_: /" rlm_sql (sql): Driver rlm_sql_postgresql (module rlm_sql_postgresql) loaded and linked rlm_sql (sql): Attempting to connect to manut@localhost:/radiusdb rlm_sql (sql): starting 0 rlm_sql (sql): Attempting to connect rlm_sql_postgresql #0 rlm_sql (sql): Connected new DB handle, #0 rlm_sql (sql): starting 1 rlm_sql (sql): Attempting to connect rlm_sql_postgresql #1 rlm_sql (sql): Connected new DB handle, #1 rlm_sql (sql): starting 2 rlm_sql (sql): Attempting to connect rlm_sql_postgresql #2 rlm_sql (sql): Connected new DB handle, #2 rlm_sql (sql): starting 3 rlm_sql (sql): Attempting to connect rlm_sql_postgresql #3 rlm_sql (sql): Connected new DB handle, #3 rlm_sql (sql): starting 4 rlm_sql (sql): Attempting to connect rlm_sql_postgresql #4 rlm_sql (sql): Connected new DB handle, #4 Module: Instantiated sql (sql) Initializing the thread pool... thread: start_servers = 5 thread: max_servers = 32 thread: min_spare_servers = 3 thread: max_spare_servers = 10 thread: max_requests_per_server = 0 thread: cleanup_delay = 5 Thread spawned new child 1. Total threads in pool: 1 Thread spawned new child 2. Total threads in pool: 2 Thread spawned new child 3. Total threads in pool: 3 Thread spawned new child 4. Total threads in pool: 4 Thread spawned new child 5. Total threads in pool: 5 Thread pool initialized Listening on authentication 127.0.0.1:1812 Listening on accounting 127.0.0.1:1813 Listening on proxy 127.0.0.1:1814 Ready to process requests. Thread 1 waiting to be assigned a request Thread 2 waiting to be assigned a request Thread 3 waiting to be assigned a request Thread 4 waiting to be assigned a request Thread 5 waiting to be assigned a request rad_recv: Access-Request packet from host 127.0.0.1:33132, id=2, length=61 --- Walking the entire request list --- Waking up in 31 seconds... Threads: total/active/spare threads = 5/0/5 Thread 1 got semaphore Thread 1 handling request 0, (1 handled so far) User-Name = "test" NAS-IP-Address = 255.255.255.255 EAP-Message = 0x02d200090174657374 Message-Authenticator = 0xd61847a551a96358b8e6af8b80d9b968 Processing the authorize section of radiusd.conf modcall: entering group authorize for request 0 modcall[authorize]: module "preprocess" returns ok for request 0 rlm_eap: EAP packet type response id 210 length 9 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 0 modcall: group authorize returns updated for request 0 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 0 rlm_eap: EAP Identity rlm_eap: processing type md5 rlm_eap_md5: Issuing Challenge modcall[authenticate]: module "eap" returns handled for request 0 modcall: group authenticate returns handled for request 0 Sending Access-Challenge of id 2 to 127.0.0.1:33132 EAP-Message = 0x01d300160410dc4eb119fa86b90b61acfdb69ab3a961 Message-Authenticator = 0x00000000000000000000000000000000 State = 0xf28f6899a431b6ac423bf3672d4a21b9 Finished request 0 Going to the next request Thread 1 waiting to be assigned a request rad_recv: Access-Request packet from host 127.0.0.1:33132, id=3, length=92 Waking up in 31 seconds... Thread 2 got semaphore Thread 2 handling request 1, (1 handled so far) User-Name = "test" NAS-IP-Address = 255.255.255.255 Message-Authenticator = 0x1af851c856e64a78e42d91428abb07df State = 0xf28f6899a431b6ac423bf3672d4a21b9 EAP-Message = 0x02d30016041079d9627aaca015bb70d2d48eb3d5581b Processing the authorize section of radiusd.conf modcall: entering group authorize for request 1 modcall[authorize]: module "preprocess" returns ok for request 1 rlm_eap: EAP packet type response id 211 length 22 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 1 modcall: group authorize returns updated for request 1 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 1 rlm_eap: Request found, released from the list rlm_eap: EAP/md5 rlm_eap: processing type md5 rlm_eap_md5: User-Password is required for EAP-MD5 authentication rlm_eap: Handler failed in EAP/md5 rlm_eap: Failed in EAP select modcall[authenticate]: module "eap" returns invalid for request 1 modcall: group authenticate returns invalid for request 1 auth: Failed to validate the user. Delaying request 1 for 1 seconds Finished request 1 Going to the next request Thread 2 waiting to be assigned a request rad_recv: Access-Request packet from host 127.0.0.1:33132, id=3, length=92 Sending Access-Reject of id 3 to 127.0.0.1:33132 EAP-Message = 0x04d30004 Message-Authenticator = 0x00000000000000000000000000000000 --- Walking the entire request list --- Waking up in 3 seconds... --- Walking the entire request list --- Cleaning up request 0 ID 2 with timestamp 43b36b30 Cleaning up request 1 ID 3 with timestamp 43b36b30 Nothing to do. Sleeping until we see a request. Thanks Alan Marco