I am sure it is simple. I did do some research and one of the posts was about some of the auth modules not starting. Any suggestions ? Testing on localhost. Please see end of file - I have included the begining bit where I have started radius -X filename = "/var/log/radius/linelog" permissions = 384 format = "This is a log message for %{User-Name}" reference = "messages.%{%{Packet-Type}:-default}" } # Instantiating module "log_accounting" from file /etc/raddb/mods-enabled/line log linelog log_accounting { filename = "/var/log/radius/linelog-accounting" permissions = 384 format = "" reference = "Accounting-Request.%{%{Acct-Status-Type}:-unknown}" } # Loaded module rlm_logintime # Instantiating module "logintime" from file /etc/raddb/mods-enabled/logintime logintime { minimum_timeout = 60 } # Loaded module rlm_mschap # Instantiating module "mschap" from file /etc/raddb/mods-enabled/mschap mschap { use_mppe = yes require_encryption = no require_strong = no with_ntdomain_hack = yes passchange { } allow_retry = yes } # Instantiating module "ntlm_auth" from file /etc/raddb/mods-enabled/ntlm_auth exec ntlm_auth { wait = yes program = "/path/to/ntlm_auth --request-nt-key --domain=MYDOMAIN --usern ame=%{mschap:User-Name} --password=%{User-Password}" shell_escape = yes } # Loaded module rlm_pap # Instantiating module "pap" from file /etc/raddb/mods-enabled/pap pap { normalise = yes } # Loaded module rlm_passwd # Instantiating module "etc_passwd" from file /etc/raddb/mods-enabled/passwd passwd etc_passwd { filename = "/etc/passwd" format = "*User-Name:Crypt-Password:" delimiter = ":" ignore_nislike = no ignore_empty = yes allow_multiple_keys = no hash_size = 100 } rlm_passwd: nfields: 3 keyfield 0(User-Name) listable: no # Loaded module rlm_preprocess # Instantiating module "preprocess" from file /etc/raddb/mods-enabled/preproce ss preprocess { huntgroups = "/etc/raddb/mods-config/preprocess/huntgroups" hints = "/etc/raddb/mods-config/preprocess/hints" with_ascend_hack = no ascend_channels_per_line = 23 with_ntdomain_hack = no with_specialix_jetstream_hack = no with_cisco_vsa_hack = no with_alvarion_vsa_hack = no } reading pairlist file /etc/raddb/mods-config/preprocess/huntgroups reading pairlist file /etc/raddb/mods-config/preprocess/hints # Loaded module rlm_radutmp # Instantiating module "radutmp" from file /etc/raddb/mods-enabled/radutmp radutmp { filename = "/var/log/radius/radutmp" username = "%{User-Name}" case_sensitive = yes check_with_nas = yes permissions = 384 caller_id = yes } # Loaded module rlm_realm # Instantiating module "IPASS" from file /etc/raddb/mods-enabled/realm realm IPASS { format = "prefix" delimiter = "/" ignore_default = no ignore_null = no } # Instantiating module "suffix" from file /etc/raddb/mods-enabled/realm realm suffix { format = "suffix" delimiter = "@" ignore_default = no ignore_null = no } # Instantiating module "realmpercent" from file /etc/raddb/mods-enabled/realm realm realmpercent { format = "suffix" delimiter = "%" ignore_default = no ignore_null = no } # Instantiating module "ntdomain" from file /etc/raddb/mods-enabled/realm realm ntdomain { format = "prefix" delimiter = "\" ignore_default = no ignore_null = no } # Loaded module rlm_replicate # Instantiating module "replicate" from file /etc/raddb/mods-enabled/replicate # Loaded module rlm_soh # Instantiating module "soh" from file /etc/raddb/mods-enabled/soh soh { dhcp = yes } # Instantiating module "sradutmp" from file /etc/raddb/mods-enabled/sradutmp radutmp sradutmp { filename = "/var/log/radius/sradutmp" username = "%{User-Name}" case_sensitive = yes check_with_nas = yes permissions = 420 caller_id = no } # Loaded module rlm_unix # Instantiating module "unix" from file /etc/raddb/mods-enabled/unix unix { radwtmp = "/var/log/radius/radwtmp" } # Loaded module rlm_unpack # Instantiating module "unpack" from file /etc/raddb/mods-enabled/unpack # Loaded module rlm_utf8 # Instantiating module "utf8" from file /etc/raddb/mods-enabled/utf8 } # modules radiusd: #### Loading Virtual Servers #### server { # from file /etc/raddb/radiusd.conf } # server server default { # from file /etc/raddb/sites-enabled/default # Creating Auth-Type = digest # Loading authenticate {...} # Loading authorize {...} Ignoring "sql" (see raddb/mods-available/README.rst) Ignoring "ldap" (see raddb/mods-available/README.rst) # Loading preacct {...} # Loading accounting {...} # Loading post-proxy {...} # Loading post-auth {...} } # server default server inner-tunnel { # from file /etc/raddb/sites-enabled/inner-tunnel # Loading authenticate {...} # Loading authorize {...} # Loading session {...} # Loading post-proxy {...} # Loading post-auth {...} } # server inner-tunnel radiusd: #### Opening IP addresses and Ports #### listen { type = "auth" ipaddr = * port = 0 limit { max_connections = 16 lifetime = 0 idle_timeout = 30 } } listen { type = "acct" ipaddr = * port = 0 limit { max_connections = 16 lifetime = 0 idle_timeout = 30 } } listen { type = "auth" ipv6addr = :: port = 0 limit { max_connections = 16 lifetime = 0 idle_timeout = 30 } } listen { type = "acct" ipv6addr = :: port = 0 limit { max_connections = 16 lifetime = 0 idle_timeout = 30 } } listen { type = "auth" ipaddr = 127.0.0.1 port = 18120 } Listening on auth address * port 1812 as server default Listening on acct address * port 1813 as server default Listening on auth address :: port 1812 as server default Listening on acct address :: port 1813 as server default Listening on auth address 127.0.0.1 port 18120 as server inner-tunnel Opening new proxy socket 'proxy address * port 0' Listening on proxy address * port 43825 Ready to process requests Received Access-Request Id 180 from 127.0.0.1:59304 to 127.0.0.1:1812 length 73 User-Name = 'bob' User-Password = 'hello' NAS-IP-Address = 127.0.0.1 NAS-Port = 0 Message-Authenticator = 0x773faf53acb2a0cfec2b328e3f1d8fb3 (9) Received Access-Request packet from host 127.0.0.1 port 59304, id=180, length=73 (9) User-Name = 'bob' (9) User-Password = 'hello' (9) NAS-IP-Address = 127.0.0.1 (9) NAS-Port = 0 (9) Message-Authenticator = 0x773faf53acb2a0cfec2b328e3f1d8fb3 (9) # Executing section authorize from file /etc/raddb/sites-enabled/default (9) authorize { (9) filter_username filter_username { (9) if (!&User-Name) (9) if (!&User-Name) -> FALSE (9) if (&User-Name =~ / /) (9) if (&User-Name =~ / /) -> FALSE (9) if (&User-Name =~ /@.*@/ ) (9) if (&User-Name =~ /@.*@/ ) -> FALSE (9) if (&User-Name =~ /\\.\\./ ) (9) if (&User-Name =~ /\\.\\./ ) -> FALSE (9) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/)) (9) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/)) -> FALSE (9) if (&User-Name =~ /\\.$/) (9) if (&User-Name =~ /\\.$/) -> FALSE (9) if (&User-Name =~ /@\\./) (9) if (&User-Name =~ /@\\./) -> FALSE (9) } # filter_username filter_username = notfound (9) [preprocess] = ok (9) [chap] = noop (9) [mschap] = noop (9) [digest] = noop (9) suffix : Checking for suffix after "@" (9) suffix : No '@' in User-Name = "bob", looking up realm NULL (9) suffix : No such realm "NULL" (9) [suffix] = noop (9) eap : No EAP-Message, not doing EAP (9) [eap] = noop (9) [files] = noop (9) [expiration] = noop (9) [logintime] = noop (9) WARNING: pap : No "known good" password found for the user. Not setting Auth-Type (9) WARNING: pap : Authentication will fail unless a "known good" password is available (9) [pap] = noop (9) } # authorize = ok (9) ERROR: No Auth-Type found: rejecting the user via Post-Auth-Type = Reject (9) Failed to authenticate the user (9) Using Post-Auth-Type Reject (9) # Executing group from file /etc/raddb/sites-enabled/default (9) Post-Auth-Type REJECT { (9) attr_filter.access_reject : EXPAND %{User-Name} (9) attr_filter.access_reject : --> bob (9) attr_filter.access_reject : Matched entry DEFAULT at line 11 (9) [attr_filter.access_reject] = updated (9) eap : Request didn't contain an EAP-Message, not inserting EAP-Failure (9) [eap] = noop (9) remove_reply_message_if_eap remove_reply_message_if_eap { (9) if (&reply:EAP-Message && &reply:Reply-Message) (9) if (&reply:EAP-Message && &reply:Reply-Message) -> FALSE (9) else else { (9) [noop] = noop (9) } # else else = noop (9) } # remove_reply_message_if_eap remove_reply_message_if_eap = noop (9) } # Post-Auth-Type REJECT = updated (9) Delaying response for 1 seconds Waking up in 0.3 seconds. Waking up in 0.6 seconds. (9) Sending delayed response (9) Sending Access-Reject packet to host 127.0.0.1 port 59304, id=180, length=0 Sending Access-Reject Id 180 from 127.0.0.1:1812 to 127.0.0.1:59304 Waking up in 3.9 seconds. (9) Cleaning up request packet ID 180 with timestamp +1307 Ready to process requests Received Access-Request Id 222 from 127.0.0.1:49629 to 127.0.0.1:1812 length 77 User-Name = 'testing' User-Password = 'password' NAS-IP-Address = 127.0.0.1 NAS-Port = 0 Message-Authenticator = 0xef77888032042b26cdc7e39baf267ee8 (10) Received Access-Request packet from host 127.0.0.1 port 49629, id=222, length=77 (10) User-Name = 'testing' (10) User-Password = 'password' (10) NAS-IP-Address = 127.0.0.1 (10) NAS-Port = 0 (10) Message-Authenticator = 0xef77888032042b26cdc7e39baf267ee8 (10) # Executing section authorize from file /etc/raddb/sites-enabled/default (10) authorize { (10) filter_username filter_username { (10) if (!&User-Name) (10) if (!&User-Name) -> FALSE (10) if (&User-Name =~ / /) (10) if (&User-Name =~ / /) -> FALSE (10) if (&User-Name =~ /@.*@/ ) (10) if (&User-Name =~ /@.*@/ ) -> FALSE (10) if (&User-Name =~ /\\.\\./ ) (10) if (&User-Name =~ /\\.\\./ ) -> FALSE (10) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/)) (10) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/)) -> FALSE (10) if (&User-Name =~ /\\.$/) (10) if (&User-Name =~ /\\.$/) -> FALSE (10) if (&User-Name =~ /@\\./) (10) if (&User-Name =~ /@\\./) -> FALSE (10) } # filter_username filter_username = notfound (10) [preprocess] = ok (10) [chap] = noop (10) [mschap] = noop (10) [digest] = noop (10) suffix : Checking for suffix after "@" (10) suffix : No '@' in User-Name = "testing", looking up realm NULL (10) suffix : No such realm "NULL" (10) [suffix] = noop (10) eap : No EAP-Message, not doing EAP (10) [eap] = noop (10) [files] = noop (10) [expiration] = noop (10) [logintime] = noop (10) WARNING: pap : No "known good" password found for the user. Not setting Auth-Type (10) WARNING: pap : Authentication will fail unless a "known good" password is available (10) [pap] = noop (10) } # authorize = ok (10) ERROR: No Auth-Type found: rejecting the user via Post-Auth-Type = Reject (10) Failed to authenticate the user (10) Using Post-Auth-Type Reject (10) # Executing group from file /etc/raddb/sites-enabled/default (10) Post-Auth-Type REJECT { (10) attr_filter.access_reject : EXPAND %{User-Name} (10) attr_filter.access_reject : --> testing (10) attr_filter.access_reject : Matched entry DEFAULT at line 11 (10) [attr_filter.access_reject] = updated (10) eap : Request didn't contain an EAP-Message, not inserting EAP-Failure (10) [eap] = noop (10) remove_reply_message_if_eap remove_reply_message_if_eap { (10) if (&reply:EAP-Message && &reply:Reply-Message) (10) if (&reply:EAP-Message && &reply:Reply-Message) -> FALSE (10) else else { (10) [noop] = noop (10) } # else else = noop (10) } # remove_reply_message_if_eap remove_reply_message_if_eap = noop (10) } # Post-Auth-Type REJECT = updated (10) Delaying response for 1 seconds Waking up in 0.3 seconds. Waking up in 0.6 seconds. (10) Sending delayed response (10) Sending Access-Reject packet to host 127.0.0.1 port 49629, id=222, length=0 Sending Access-Reject Id 222 from 127.0.0.1:1812 to 127.0.0.1:49629 Waking up in 3.9 seconds. (10) Cleaning up request packet ID 222 with timestamp +1676 Ready to process requests Please consider the environment before printing this email