Dear All, I am about deploying an AAA services: All authentication is centralized on my freeradius-server (on debian lenny), in the green zone behind ipcop in which I installed ipcop addons called copspot ( like chilispot) for the captive portal. The authentication worked well locally against openldap (in the same server). When an user try to connect to internet in the Blue Zone (WLAN), it generates the following error in the radius-server. I am really stuck here, any help will be welcome. Thu Apr 22 14:14:51 2010 : Debug: } Thu Apr 22 14:14:51 2010 : Debug: Listening on authentication address * port 1812 Thu Apr 22 14:14:51 2010 : Debug: Listening on accounting address * port 1813 Thu Apr 22 14:14:51 2010 : Debug: Listening on proxy address * port 1814 Thu Apr 22 14:14:51 2010 : Info: Ready to process requests. rad_recv: Access-Request packet from host 192.168.2.1 port 32790, id=0, length=216 User-Name = "kkigor14" CHAP-Challenge = 0xd12e07a5f57980aa86a4aa049fc7bb40 CHAP-Password = 0x0005cff525e5508c82bc3ebb315c0b09e5 NAS-IP-Address = 0.0.0.0 Service-Type = Login-User Framed-IP-Address = 192.168.4.7 Calling-Station-Id = "00-21-63-6B-C8-40" Called-Station-Id = "00-08-74-D4-7A-F5" NAS-Identifier = "nas01" Acct-Session-Id = "4bd058be00000003" NAS-Port-Type = Wireless-802.11 NAS-Port = 3 Message-Authenticator = 0x5d8d6302e9684a55c2db247bdafc022e WISPr-Logoff-URL = "http://192.168.4.1:3990/logoff" Thu Apr 22 14:17:59 2010 : Info: +- entering group authorize {...} Thu Apr 22 14:17:59 2010 : Info: ++[preprocess] returns ok Thu Apr 22 14:17:59 2010 : Info: [auth_log] expand: /var/log/freeradius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d -> /var/log/freeradius/radacct/192.168.2.1/auth-detail-20100422 Thu Apr 22 14:17:59 2010 : Info: [auth_log] /var/log/freeradius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d expands to /var/log/freeradius/radacct/192.168.2.1/auth-detail-20100422 Thu Apr 22 14:17:59 2010 : Info: [auth_log] expand: %t -> Thu Apr 22 14:17:59 2010 Thu Apr 22 14:17:59 2010 : Info: ++[auth_log] returns ok Thu Apr 22 14:17:59 2010 : Info: [suffix] No '@' in User-Name = "kkigor14", looking up realm NULL Thu Apr 22 14:17:59 2010 : Info: [suffix] No such realm "NULL" Thu Apr 22 14:17:59 2010 : Info: ++[suffix] returns noop Thu Apr 22 14:17:59 2010 : Info: [eap] No EAP-Message, not doing EAP Thu Apr 22 14:17:59 2010 : Info: ++[eap] returns noop Thu Apr 22 14:17:59 2010 : Info: ++[unix] returns notfound Thu Apr 22 14:17:59 2010 : Info: [ldap] performing user authorization for kkigor14 Thu Apr 22 14:17:59 2010 : Info: [ldap] expand: %{Stripped-User-Name} -> Thu Apr 22 14:17:59 2010 : Info: [ldap] ... expanding second conditional Thu Apr 22 14:17:59 2010 : Info: [ldap] expand: %{User-Name} -> kkigor14 Thu Apr 22 14:17:59 2010 : Info: [ldap] expand: (uid=%{%{Stripped-User-Name}:-%{User-Name}}) -> (uid=kkigor14) Thu Apr 22 14:17:59 2010 : Info: [ldap] expand: dc=csimaroc, dc=lan -> dc=csimaroc, dc=lan Thu Apr 22 14:17:59 2010 : Debug: [ldap] ldap_get_conn: Checking Id: 0 Thu Apr 22 14:17:59 2010 : Debug: [ldap] ldap_get_conn: Got Id: 0 Thu Apr 22 14:17:59 2010 : Debug: [ldap] attempting LDAP reconnection Thu Apr 22 14:17:59 2010 : Debug: [ldap] (re)connect to 127.0.0.1:389, authentication 0 Thu Apr 22 14:17:59 2010 : Debug: [ldap] bind as / to 127.0.0.1:389 Thu Apr 22 14:17:59 2010 : Debug: [ldap] waiting for bind result ... Thu Apr 22 14:17:59 2010 : Debug: [ldap] Bind was successful Thu Apr 22 14:17:59 2010 : Debug: [ldap] performing search in dc=csimaroc, dc=lan, with filter (uid=kkigor14) Thu Apr 22 14:17:59 2010 : Info: [ldap] No default NMAS login sequence Thu Apr 22 14:17:59 2010 : Info: [ldap] looking for check items in directory... Thu Apr 22 14:17:59 2010 : Debug: [ldap] sambaNtPassword -> NT-Password == 0x4535334337353245323438413034353342353531353646383131303237453139 Thu Apr 22 14:17:59 2010 : Debug: [ldap] sambaLmPassword -> LM-Password == 0x4432433038394334374245444535364641414433423433354235313430344545 Thu Apr 22 14:17:59 2010 : Info: [ldap] looking for reply items in directory... Thu Apr 22 14:17:59 2010 : Debug: WARNING: No "known good" password was found in LDAP. Are you sure that the user is configured correctly? Thu Apr 22 14:17:59 2010 : Info: [ldap] user kkigor14 authorized to use remote access Thu Apr 22 14:17:59 2010 : Debug: [ldap] ldap_release_conn: Release Id: 0 Thu Apr 22 14:17:59 2010 : Info: ++[ldap] returns ok Thu Apr 22 14:17:59 2010 : Info: ++[expiration] returns noop Thu Apr 22 14:17:59 2010 : Info: ++[logintime] returns noop Thu Apr 22 14:17:59 2010 : Info: [pap] Normalizing NT-Password from hex encoding Thu Apr 22 14:17:59 2010 : Info: [pap] Normalizing LM-Password from hex encoding Thu Apr 22 14:17:59 2010 : Info: [pap] No clear-text password in the request. Not performing PAP. Thu Apr 22 14:17:59 2010 : Info: ++[pap] returns noop Thu Apr 22 14:17:59 2010 : Info: No authenticate method (Auth-Type) configuration found for the request: Rejecting the user Thu Apr 22 14:17:59 2010 : Info: Failed to authenticate the user. Thu Apr 22 14:17:59 2010 : Info: Using Post-Auth-Type Reject Thu Apr 22 14:17:59 2010 : Info: +- entering group REJECT {...} Thu Apr 22 14:17:59 2010 : Info: [attr_filter.access_reject] expand: %{User-Name} -> kkigor14 Thu Apr 22 14:17:59 2010 : Debug: attr_filter: Matched entry DEFAULT at line 11 Thu Apr 22 14:17:59 2010 : Info: ++[attr_filter.access_reject] returns updated Thu Apr 22 14:17:59 2010 : Info: Delaying reject of request 0 for 1 seconds Thu Apr 22 14:17:59 2010 : Debug: Going to the next request Thu Apr 22 14:17:59 2010 : Debug: Waking up in 0.9 seconds. Thu Apr 22 14:18:00 2010 : Info: Sending delayed reject for request 0 Sending Access-Reject of id 0 to 192.168.2.1 port 32790 Thu Apr 22 14:18:00 2010 : Debug: Waking up in 4.9 seconds. Thu Apr 22 14:18:05 2010 : Info: Cleaning up request 0 ID 0 with timestamp +188 Thu Apr 22 14:18:05 2010 : Info: Ready to process requests. All the Best -- ----------------------------------------------------------------- |JJohnny RANDRIAMAMPIONONA | | Phone: +212663682554 | | National School of Applied Sciences | | 1818 TANGIER 90000 | |----------------------------------------------------------------|