Can't authenticate users on LDAP Server by FreeRadius
Hello All, I'm running FreeRADIUS Version 1.1.3, for host i686-redhat-linux-gnu, built on Jan 26 2010 at 18:56:10 Copyright (C) 2000-2006 The FreeRADIUS server project on CENTOS, and trying for now, authenticate the same users in my old users file, but now, I set freeradius to sent auth packets to a LDAP server and I don't know what is wrong. Who can help me with this issue? *#* *# MY DEBUG -X -A* *#* [root@radius_server raddb]# radiusd -X -A Starting - reading configuration files ... reread_config: reading radiusd.conf Config: including file: /etc/raddb/proxy.conf Config: including file: /etc/raddb/clients.conf Config: including file: /etc/raddb/snmp.conf Config: including file: /etc/raddb/eap.conf main: prefix = "/usr" main: localstatedir = "/var" main: logdir = "/var/log/radius" main: libdir = "/usr/lib" main: radacctdir = "/var/log/radius/radacct" main: hostname_lookups = no main: snmp = no main: max_request_time = 60 main: cleanup_delay = 6 main: max_requests = 4096 main: delete_blocked_requests = 0 main: port = 1812 main: allow_core_dumps = no main: log_stripped_names = no main: log_file = "/var/log/radius/radius.log" main: log_auth = yes main: log_auth_badpass = yes main: log_auth_goodpass = yes main: pidfile = "/var/run/radiusd/radiusd.pid" main: user = "radiusd" main: group = "radiusd" main: usercollide = no main: lower_user = "no" main: lower_pass = "no" main: nospace_user = "no" main: nospace_pass = "no" main: checkrad = "/usr/sbin/checkrad" main: proxy_requests = no proxy: retry_delay = 5 proxy: retry_count = 3 proxy: synchronous = no proxy: default_fallback = yes proxy: dead_time = 120 proxy: post_proxy_authorize = yes proxy: wake_all_if_all_dead = no security: max_attributes = 200 security: reject_delay = 3 security: status_server = no main: debug_level = 0 read_config_files: reading dictionary read_config_files: reading naslist Using deprecated naslist file. Support for this will go away soon. read_config_files: reading clients read_config_files: reading realms radiusd: entering modules setup Module: Library search path is /usr/lib Module: Loaded exec exec: wait = yes exec: program = "(null)" exec: input_pairs = "request" exec: output_pairs = "(null)" exec: packet_type = "(null)" rlm_exec: Wait=yes but no output defined. Did you mean output=none? Module: Instantiated exec (exec) Module: Loaded expr Module: Instantiated expr (expr) Module: Loaded LDAP ldap: server = "srv01t.MYCOMPANY.net.br <http://srv01t.mycompany.net.br/>" ldap: port = 389 ldap: net_timeout = 1 ldap: timeout = 4 ldap: timelimit = 3 ldap: identity = "CN=AUTHENTIC,CN=Users,DC=MYCOMPANY,DC=NET,DC=BR" ldap: tls_mode = no ldap: start_tls = no ldap: tls_cacertfile = "(null)" ldap: tls_cacertdir = "(null)" ldap: tls_certfile = "(null)" ldap: tls_keyfile = "(null)" ldap: tls_randfile = "(null)" ldap: tls_require_cert = "allow" ldap: password = "segredo" ldap: basedn = "CN=USERS,DC=MYCOMPANY,DC=NET,DC=BR" ldap: filter = "(cn=%{Stripped-User-Name:-%{User-Name}})" ldap: base_filter = "(objectclass=radiusprofile)" ldap: default_profile = "(null)" ldap: profile_attribute = "(null)" ldap: password_header = "(null)" ldap: password_attribute = "(null)" ldap: access_attr = "(null)" ldap: groupname_attribute = "CN=USERS,DC=MYCOMPANY,DC=NET,DC=BR" ldap: groupmembership_filter = "(|(&(objectClass=GroupOfNames)(member=%{Ldap-UserDn}))(&(objectClass=GroupOfUniqueNames)(uniquemember=%{Ldap-UserDn})))" ldap: groupmembership_attribute = "(null)" ldap: dictionary_mapping = "/etc/raddb/ldap.attrmap" ldap: ldap_debug = 0 ldap: ldap_connections_number = 5 ldap: compare_check_items = no ldap: access_attr_used_for_allow = yes ldap: do_xlat = yes ldap: set_auth_type = yes rlm_ldap: Registering ldap_groupcmp for Ldap-Group rlm_ldap: Registering ldap_xlat with xlat_name ldap rlm_ldap: reading ldap<->radius mappings from file /etc/raddb/ldap.attrmap rlm_ldap: LDAP radiusCheckItem mapped to RADIUS $GENERIC$ rlm_ldap: LDAP radiusReplyItem mapped to RADIUS $GENERIC$ rlm_ldap: LDAP radiusAuthType mapped to RADIUS Auth-Type rlm_ldap: LDAP radiusSimultaneousUse mapped to RADIUS Simultaneous-Use rlm_ldap: LDAP radiusCalledStationId mapped to RADIUS Called-Station-Id rlm_ldap: LDAP radiusCallingStationId mapped to RADIUS Calling-Station-Id rlm_ldap: LDAP sambaLMPassword mapped to RADIUS LM-Password rlm_ldap: LDAP sambaNTPassword mapped to RADIUS NT-Password rlm_ldap: LDAP sambaAcctFlags mapped to RADIUS SMB-Account-CTRL-TEXT rlm_ldap: LDAP radiusExpiration mapped to RADIUS Expiration rlm_ldap: LDAP radiusNASIpAddress mapped to RADIUS NAS-IP-Address rlm_ldap: LDAP radiusServiceType mapped to RADIUS Service-Type rlm_ldap: LDAP radiusFramedProtocol mapped to RADIUS Framed-Protocol rlm_ldap: LDAP radiusFramedIPAddress mapped to RADIUS Framed-IP-Address rlm_ldap: LDAP radiusFramedIPNetmask mapped to RADIUS Framed-IP-Netmask rlm_ldap: LDAP radiusFramedRoute mapped to RADIUS Framed-Route rlm_ldap: LDAP radiusFramedRouting mapped to RADIUS Framed-Routing rlm_ldap: LDAP radiusFilterId mapped to RADIUS Filter-Id rlm_ldap: LDAP radiusFramedMTU mapped to RADIUS Framed-MTU rlm_ldap: LDAP radiusFramedCompression mapped to RADIUS Framed-Compression rlm_ldap: LDAP radiusLoginIPHost mapped to RADIUS Login-IP-Host rlm_ldap: LDAP radiusLoginService mapped to RADIUS Login-Service rlm_ldap: LDAP radiusLoginTCPPort mapped to RADIUS Login-TCP-Port rlm_ldap: LDAP radiusCallbackNumber mapped to RADIUS Callback-Number rlm_ldap: LDAP radiusCallbackId mapped to RADIUS Callback-Id rlm_ldap: LDAP radiusFramedIPXNetwork mapped to RADIUS Framed-IPX-Network rlm_ldap: LDAP radiusClass mapped to RADIUS Class rlm_ldap: LDAP radiusSessionTimeout mapped to RADIUS Session-Timeout rlm_ldap: LDAP radiusIdleTimeout mapped to RADIUS Idle-Timeout rlm_ldap: LDAP radiusTerminationAction mapped to RADIUS Termination-Action rlm_ldap: LDAP radiusLoginLATService mapped to RADIUS Login-LAT-Service rlm_ldap: LDAP radiusLoginLATNode mapped to RADIUS Login-LAT-Node rlm_ldap: LDAP radiusLoginLATGroup mapped to RADIUS Login-LAT-Group rlm_ldap: LDAP radiusFramedAppleTalkLink mapped to RADIUS Framed-AppleTalk-Link rlm_ldap: LDAP radiusFramedAppleTalkNetwork mapped to RADIUS Framed-AppleTalk-Network rlm_ldap: LDAP radiusFramedAppleTalkZone mapped to RADIUS Framed-AppleTalk-Zone rlm_ldap: LDAP radiusPortLimit mapped to RADIUS Port-Limit rlm_ldap: LDAP radiusLoginLATPort mapped to RADIUS Login-LAT-Port rlm_ldap: LDAP radiusReplyMessage mapped to RADIUS Reply-Message *rlm_ldap: LDAP AcmeUserPrivilege mapped to RADIUS Service-Type <-- Need for authorization and access level* *rlm_ldap: LDAP AcmeUserClass mapped to RADIUS Service-Type **<-- Need for authorization and access level* *rlm_ldap: LDAP AcmeUserPrivilege mapped to RADIUS Login-Service **<-- Need for authorization and access level* conns: 0x9ef47c0 Module: Instantiated ldap (ldap) Module: Loaded preprocess preprocess: huntgroups = "/etc/raddb/huntgroups" preprocess: hints = "/etc/raddb/hints" preprocess: with_ascend_hack = no preprocess: ascend_channels_per_line = 23 preprocess: with_ntdomain_hack = no preprocess: with_specialix_jetstream_hack = no preprocess: with_cisco_vsa_hack = no preprocess: with_alvarion_vsa_hack = no Module: Instantiated preprocess (preprocess) Module: Loaded detail detail: detailfile = "/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d" detail: detailperm = 384 detail: dirperm = 493 detail: locking = no Module: Instantiated detail (auth_log) Module: Loaded Acct-Unique-Session-Id acct_unique: key = "User-Name, Acct-Session-Id, NAS-IP-Address, Client-IP-Address, NAS-Port" Module: Instantiated acct_unique (acct_unique) Module: Loaded realm realm: format = "suffix" realm: delimiter = "@" realm: ignore_default = no realm: ignore_null = no Module: Instantiated realm (suffix) Module: Loaded files files: usersfile = "/etc/raddb/users" files: acctusersfile = "/etc/raddb/acct_users" files: preproxy_usersfile = "/etc/raddb/preproxy_users" files: compat = "no" Module: Instantiated files (files) detail: detailfile = "/var/log/radius/radacct/%{Client-IP-Address}/detail-%Y%m%d" detail: detailperm = 384 detail: dirperm = 493 detail: locking = no Module: Instantiated detail (detail) Module: Loaded System unix: cache = no unix: passwd = "/etc/passwd" unix: shadow = "/etc/shadow" unix: group = "/etc/group" unix: radwtmp = "/var/log/radius/radwtmp" unix: usegroup = no unix: cache_reload = 600 Module: Instantiated unix (unix) Module: Loaded radutmp radutmp: filename = "/var/log/radius/radutmp" radutmp: username = "%{User-Name}" radutmp: case_sensitive = yes radutmp: check_with_nas = yes radutmp: perm = 384 radutmp: callerid = yes Module: Instantiated radutmp (radutmp) Listening on authentication *:1812 Listening on accounting *:1813 Ready to process requests. rad_recv: Access-Request packet from host 10.253.7.156:1812, id=72, length=69 User-Name = "lveiga" User-Password = "mypassword" NAS-Identifier = "102537156" NAS-IP-Address = 10.253.7.156 NAS-Port = 118751232 Processing the authorize section of radiusd.conf modcall: entering group authorize for request 0 modcall[authorize]: module "preprocess" returns ok for request 0 radius_xlat: '/var/log/radius/radacct/10.253.7.156/auth-detail-20140210' rlm_detail: /var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d expands to /var/log/radius/radacct/10.253.7.156/auth-detail-20140210 modcall[authorize]: module "auth_log" returns ok for request 0 rlm_ldap: - authorize rlm_ldap: performing user authorization for lveiga radius_xlat: '(cn=lveiga)' radius_xlat: 'CN=USERS,DC=MYCOMPANY,DC=NET,DC=BR' rlm_ldap: ldap_get_conn: Checking Id: 0 rlm_ldap: ldap_get_conn: Got Id: 0 rlm_ldap: attempting LDAP reconnection rlm_ldap: (re)connect to srv01t.MYCOMPANY.net.br:389<http://srv01t.mycompany.net.br:389/>, authentication 0 rlm_ldap: bind as CN=AUTHENTIC,CN=Users,DC=MYCOMPANY,DC=NET,DC=BR/passwordomitted to srv01t.MYCOMPANY.net.br:389 <http://srv01t.mycompany.net.br:389/> rlm_ldap: waiting for bind result ... rlm_ldap: Bind was successful rlm_ldap: performing search in CN=USERS,DC=MYCOMPANY,DC=NET,DC=BR, with filter (cn=lveiga) *rlm_ldap: object not found or got ambiguous search result* *rlm_ldap: search failed* rlm_ldap: ldap_release_conn: Release Id: 0 modcall[authorize]: module "ldap" returns notfound for request 0 modcall: leaving group authorize (returns ok) for request 0 *auth: No authenticate method (Auth-Type) configuration found for the request: Rejecting the user* *auth: Failed to validate the user.* *Login incorrect (rlm_ldap: User not found): [lveiga/mypassword] (from client myhost80.spoig port 118751232)* Delaying request 0 for 3 seconds Finished request 0 Going to the next request --- Walking the entire request list --- Waking up in 3 seconds... --- Walking the entire request list --- Waking up in 3 seconds... --- Walking the entire request list --- Sending Access-Reject of id 72 to 10.253.7.156 port 1812 Waking up in 1 seconds... --- Walking the entire request list --- Cleaning up request 0 ID 72 with timestamp 52f8d4df Nothing to do. Sleeping until we see a request. *#* *# MY RLM_LDAP FILE* *#* # Lightweight Directory Access Protocol (LDAP) # # This module definition allows you to use LDAP for # authorization and authentication. # # See doc/rlm_ldap for description of configuration options # and sample authorize{} and authenticate{} blocks # # However, LDAP can be used for authentication ONLY when the # Access-Request packet contains a clear-text User-Password # attribute. LDAP authentication will NOT work for any other # authentication method. # # This means that LDAP servers don't understand EAP. If you # force "Auth-Type = LDAP", and then send the server a # request containing EAP authentication, then authentication # WILL NOT WORK. # # The solution is to use the default configuration, which does # work. # # Setting "Auth-Type = LDAP" is ALMOST ALWAYS WRONG. We # really can't emphasize this enough. # ldap { server = "srv01t.MYCOMPANY.net.br <http://srv01t.mycompany.net.br/>" identity = "CN=AUTHENTIC,CN=USERS,DC=MYCOMPANY,DC=NET,DC=BR" password = mypassword basedn = "CN=Users,DC=MYCOMPANY,DC=NET,DC=BR" filter = "(cn=%{Stripped-User-Name:-%{User-Name}})" ldap_connections_number = 5 timeout = 5 timelimit = 3 net_timeout = 1 dictionary_mapping = /etc/raddb/ldap.attrmap access_attr_used_for_allow = no set_auth_type = no compare_check_items = yes do_xlat = yes } # # This subsection configures the tls related items # that control how FreeRADIUS connects to an LDAP # server. It contains all of the "tls_*" configuration # entries used in older versions of FreeRADIUS. Those # configuration entries can still be used, but we recommend # using these. # tls { # Set this to 'yes' to use TLS encrypted connections # to the LDAP database by using the StartTLS extended # operation. # # The StartTLS operation is supposed to be # used with normal ldap connections instead of # using ldaps (port 689) connections start_tls = no # cacertfile = /path/to/cacert.pem # cacertdir = /path/to/ca/dir/ # certfile = /path/to/radius.crt # keyfile = /path/to/radius.key # randfile = /path/to/rnd # require_cert = "demand" } # default_profile = "cn=radprofile,ou=dialup,o=My Org,c=UA" # profile_attribute = "radiusProfileDn" # access_attr = "dialupAccess" # Mapping of RADIUS dictionary attributes to LDAP # directory attributes. dictionary_mapping = ${raddbdir}/ldap.attrmap # Set password_attribute = nspmPassword to get the # user's password from a Novell eDirectory # backend. This will work ONLY IF FreeRADIUS has been # built with the --with-edir configure option. # # password_attribute = userPassword # As of 1.1.0, the LDAP module will auto-discover # the password headers (which are non-standard). # It will use the following table to map passwords # to RADIUS attributes. The PAP module (see above) # can then automatically determine the hashing # method to use to authenticate the user. # # Header Attribute # ------ --------- # {clear} User-Password # {cleartext} User-Password # {md5} MD5-Password # {smd5} SMD5-Password # {crypt} Crypt-Password # {sha} SHA-Password # {ssha} SSHA-Password # {nt} NT-Password # {ns-mta-md5} NS-MTA-MD5-Password # # # The headers are compared in a case-insensitive manner. # The format of the password in LDAP (base 64-encoded, hex, # clear-text, whatever) is not that important. The PAP # module will figure it out. # # The default for "auto_header" is "no", to enable backwards # compatibility with the "password_header" directive, # which is now deprecated. If this is set to "yes", # then the above table will be used, and the # "password_header" directive will be ignored. #auto_header = yes # Un-comment the following to disable Novell # eDirectory account policy check and intruder # detection. This will work *only if* FreeRADIUS is # configured to build with --with-edir option. # #edir_account_policy_check = no # # Group membership checking. Disabled by default. # # groupname_attribute = cn # groupmembership_filter = "(|(&(objectClass=GroupOfNames)(member=%{Ldap-UserDn}))(&(objectClass=GroupOfUniqueNames)(uniquemember=%{Ldap-UserDn})))" # groupmembership_attribute = radiusGroupName compare_check_items = yes do_xlat = yes access_attr_used_for_allow = yes # # By default, if the packet contains a User-Password, # and no other module is configured to handle the # authentication, the LDAP module sets itself to do # LDAP bind for authentication. # # You can disable this behavior by setting the following # configuration entry to "no". # # allowed values: {no, yes} set_auth_type = yes } *#* *# MY LDAP.ATTRMAP* *#* [root@syslog01 raddb]# cat ldap.attrmap # # Mapping of RADIUS dictionary attributes to LDAP directory attributes # to be used by LDAP authentication and authorization module (rlm_ldap) # # Format: # ItemType RADIUS-Attribute-Name ldapAttributeName # # Where: # ItemType = checkItem or replyItem # RADIUS-Attribute-Name = attribute name in RADIUS dictionary # ldapAttributeName = attribute name in LDAP schema # # If $GENERIC$ is specified as RADIUS-Attribute-Name, the line specifies # a LDAP attribute which can be used to store any RADIUS # attribute/value-pair in LDAP directory. # # You should edit this file to suit it to your needs. # checkItem $GENERIC$ radiusCheckItem replyItem $GENERIC$ radiusReplyItem checkItem Auth-Type radiusAuthType checkItem Simultaneous-Use radiusSimultaneousUse checkItem Called-Station-Id radiusCalledStationId checkItem Calling-Station-Id radiusCallingStationId checkItem LM-Password sambaLMPassword checkItem NT-Password sambaNTPassword checkItem SMB-Account-CTRL-TEXT sambaAcctFlags checkItem Expiration radiusExpiration checkItem NAS-IP-Address radiusNASIpAddress replyItem Service-Type radiusServiceType replyItem Framed-Protocol radiusFramedProtocol replyItem Framed-IP-Address radiusFramedIPAddress replyItem Framed-IP-Netmask radiusFramedIPNetmask replyItem Framed-Route radiusFramedRoute replyItem Framed-Routing radiusFramedRouting replyItem Filter-Id radiusFilterId replyItem Framed-MTU radiusFramedMTU replyItem Framed-Compression radiusFramedCompression replyItem Login-IP-Host radiusLoginIPHost replyItem Login-Service radiusLoginService replyItem Login-TCP-Port radiusLoginTCPPort replyItem Callback-Number radiusCallbackNumber replyItem Callback-Id radiusCallbackId replyItem Framed-IPX-Network radiusFramedIPXNetwork replyItem Class radiusClass replyItem Session-Timeout radiusSessionTimeout replyItem Idle-Timeout radiusIdleTimeout replyItem Termination-Action radiusTerminationAction replyItem Login-LAT-Service radiusLoginLATService replyItem Login-LAT-Node radiusLoginLATNode replyItem Login-LAT-Group radiusLoginLATGroup replyItem Framed-AppleTalk-Link radiusFramedAppleTalkLink replyItem Framed-AppleTalk-Network radiusFramedAppleTalkNetwork replyItem Framed-AppleTalk-Zone radiusFramedAppleTalkZone replyItem Port-Limit radiusPortLimit replyItem Login-LAT-Port radiusLoginLATPort replyItem Reply-Message radiusReplyMessage *replyItem Service-Type AcmeUserPrivilege <- define user authorization* *replyItem Login-Service AcmeUserPrivilege <- define user authorization* *replyItem Service-Type AcmeUserClass <- define user authorization* *#* *# MY RADIUSD.CONF concerns to LDAP* *#* # Lightweight Directory Access Protocol (LDAP) # # This module definition allows you to use LDAP for # authorization and authentication. # # See doc/rlm_ldap for description of configuration options # and sample authorize{} and authenticate{} blocks # # However, LDAP can be used for authentication ONLY when the # Access-Request packet contains a clear-text User-Password # attribute. LDAP authentication will NOT work for any other # authentication method. # # This means that LDAP servers don't understand EAP. If you # force "Auth-Type = LDAP", and then send the server a # request containing EAP authentication, then authentication # WILL NOT WORK. # # The solution is to use the default configuration, which does # work. # # Setting "Auth-Type = LDAP" is ALMOST ALWAYS WRONG. We # really can't emphasize this enough. # ldap { server = "srv01t.embratel.net.br" port = 389 password = passwordomitted identity = "CN=AUTHENTIC,CN=Users,DC=MYCONPANY,DC=NET,DC=BR" net_timeout = 1 timeout = 4 timelimit = 3 tls_require_cert = "allow" basedn = "CN=USERS,DC=MYCOMPANY,DC=NET,DC=BR" filter = "(cn=%{Stripped-User-Name:-%{User-Name}})" #groupname_attribute = "CN=USERS,DC=MYCOMPANY,DC=NET,DC=BR" dictionary_mapping = "/etc/raddb/ldap.attrmap" ldap_debug = 0 ldap_connections_number = 5 compare_check_items = no do_xlat = yes set_auth_type = yes } # passwd module allows to do authorization via any passwd-like # file and to extract any attributes from these modules # # parameters are: # filename - path to filename # format - format for filename record. This parameters # correlates record in the passwd file and RADIUS # attributes. # # Field marked as '*' is key field. That is, the parameter # with this name from the request is used to search for # the record from passwd file # Attribute marked as '=' is added to reply_itmes instead # of default configure_itmes # Attribute marked as '~' is added to request_items # # Field marked as ',' may contain a comma separated list # of attributes. # authtype - if record found this Auth-Type is used to authenticate # user # hashsize - hashtable size. If 0 or not specified records are not # stored in memory and file is red on every request. # allowmultiplekeys - if few records for every key are allowed # ignorenislike - ignore NIS-related records # delimiter - symbol to use as a field separator in passwd file, # for format ':' symbol is always used. '\0', '\n' are # not allowed # # An example configuration for using /etc/smbpasswd. # #passwd etc_smbpasswd { # filename = /etc/smbpasswd # format = "*User-Name::LM-Password:NT-Password:SMB-Account-CTRL-TEXT::" # authtype = MS-CHAP # hashsize = 100 # ignorenislike = no # allowmultiplekeys = no #} # Similar configuration, for the /etc/group file. Adds a Group-Name # attribute for every group that the user is member of. # #passwd etc_group { # filename = /etc/group # format = "=Group-Name:::*,User-Name" # hashsize = 50 # ignorenislike = yes # allowmultiplekeys = yes # delimiter = ":" #} # Realm module, for proxying. # # You can have multiple instances of the realm module to # support multiple realm syntaxs at the same time. The # search order is defined by the order in the authorize and # preacct sections. # # Four config options: # format - must be 'prefix' or 'suffix' # delimiter - must be a single character # ignore_default - set to 'yes' or 'no' # ignore_null - set to 'yes' or 'no' # # ignore_default and ignore_null can be set to 'yes' to prevent # the module from matching against DEFAULT or NULL realms. This # may be useful if you have have multiple instances of the # realm module. # # They both default to 'no'. # # 'realm/username' # # Using this entry, IPASS users have their realm set to "IPASS". realm IPASS { format = prefix delimiter = "/" ignore_default = no ignore_null = no } # 'username@realm' # realm suffix { format = suffix delimiter = "@" ignore_default = no ignore_null = no } # 'username%realm' # realm realmpercent { format = suffix delimiter = "%" ignore_default = no ignore_null = no } # # 'domain\user' # realm ntdomain { format = prefix delimiter = "\\" ignore_default = no ignore_null = no } # A simple value checking module # # It can be used to check if an attribute value in the request # matches a (possibly multi valued) attribute in the check # items This can be used for example for caller-id # authentication. For the module to run, both the request # attribute and the check items attribute must exist # # i.e. # A user has an ldap entry with 2 radiusCallingStationId # attributes with values "12345678" and "12345679". If we # enable rlm_checkval, then any request which contains a # Calling-Station-Id with one of those two values will be # accepted. Requests with other values for # Calling-Station-Id will be rejected. # # Regular expressions in the check attribute value are allowed # as long as the operator is '=~' # checkval { # The attribute to look for in the request item-name = Calling-Station-Id # The attribute to look for in check items. Can be multi valued check-name = Calling-Station-Id # The data type. Can be # string,integer,ipaddr,date,abinary,octets data-type = string # If set to yes and we dont find the item-name attribute in the # request then we send back a reject # DEFAULT is no #notfound-reject = no } # rewrite arbitrary packets. Useful in accounting and authorization. # # # The module can also use the Rewrite-Rule attribute. If it # is set and matches the name of the module instance, then # that module instance will be the only one which runs. # # Also if new_attribute is set to yes then a new attribute # will be created containing the value replacewith and it # will be added to searchin (packet, reply, proxy, proxy_reply or config). # searchfor,ignore_case and max_matches will be ignored in that case. # # Backreferences are supported: %{0} will contain the string the whole match # and %{1} to %{8} will contain the contents of the 1st to the 8th parentheses # # If max_matches is greater than one the backreferences will correspond to the # first match # #attr_rewrite sanecallerid { # attribute = Called-Station-Id # may be "packet", "reply", "proxy", "proxy_reply" or "config" # searchin = packet # searchfor = "[+ ]" # replacewith = "" # ignore_case = no # new_attribute = no # max_matches = 10 # ## If set to yes then the replace string will be appended to the original string # append = no #} # Preprocess the incoming RADIUS request, before handing it off # to other modules. # # This module processes the 'huntgroups' and 'hints' files. # In addition, it re-writes some weird attributes created # by some NASes, and converts the attributes into a form which # is a little more standard. # preprocess { huntgroups = ${confdir}/huntgroups hints = ${confdir}/hints # This hack changes Ascend's wierd port numberings # to standard 0-??? port numbers so that the "+" works # for IP address assignments. with_ascend_hack = no ascend_channels_per_line = 23 # Windows NT machines often authenticate themselves as # NT_DOMAIN\username # # If this is set to 'yes', then the NT_DOMAIN portion # of the user-name is silently discarded. # # This configuration entry SHOULD NOT be used. # See the "realms" module for a better way to handle # NT domains. with_ntdomain_hack = no # Specialix Jetstream 8500 24 port access server. # # If the user name is 10 characters or longer, a "/" # and the excess characters after the 10th are # appended to the user name. # # If you're not running that NAS, you don't need # this hack. with_specialix_jetstream_hack = no # Cisco (and Quintum in Cisco mode) sends it's VSA attributes # with the attribute name *again* in the string, like: # # H323-Attribute = "h323-attribute=value". # # If this configuration item is set to 'yes', then # the redundant data in the the attribute text is stripped # out. The result is: # # H323-Attribute = "value" # # If you're not running a Cisco or Quintum NAS, you don't # need this hack. with_cisco_vsa_hack = no } # Livingston-style 'users' file # files { usersfile = ${confdir}/users acctusersfile = ${confdir}/acct_users #preproxy_usersfile = ${confdir}/preproxy_users # If you want to use the old Cistron 'users' file # with FreeRADIUS, you should change the next line # to 'compat = cistron'. You can the copy your 'users' # file from Cistron. compat = no } # Write a detailed log of all accounting records received. # detail { # Note that we do NOT use NAS-IP-Address here, as # that attribute MAY BE from the originating NAS, and # NOT from the proxy which actually sent us the # request. The Client-IP-Address attribute is ALWAYS # the address of the client which sent us the # request. # # The following line creates a new detail file for # every radius client (by IP address or hostname). # In addition, a new detail file is created every # day, so that the detail file doesn't have to go # through a 'log rotation' # # If your detail files are large, you may also want # to add a ':%H' (see doc/variables.txt) to the end # of it, to create a new detail file every hour, e.g.: # # ..../detail-%Y%m%d:%H # # This will create a new detail file for every hour. # detailfile = ${radacctdir}/%{Client-IP-Address}/detail-%Y%m%d # # The Unix-style permissions on the 'detail' file. # # The detail file often contains secret or private # information about users. So by keeping the file # permissions restrictive, we can prevent unwanted # people from seeing that information. detailperm = 0600 # # Certain attributes such as User-Password may be # "sensitive", so they should not be printed in the # detail file. This section lists the attributes # that should be suppressed. # # The attributes should be listed one to a line. # #suppress { # User-Password #} } # # Many people want to log authentication requests. # Rather than modifying the server core to print out more # messages, we can use a different instance of the 'detail' # module, to log the authentication requests to a file. # # You will also need to un-comment the 'auth_log' line # in the 'authorize' section, below. # detail auth_log { detailfile = ${radacctdir}/%{Client-IP-Address}/auth-detail-%Y%m%d # # This MUST be 0600, otherwise anyone can read # the users passwords! detailperm = 0600 } # # This module logs authentication reply packets sent # to a NAS. Both Access-Accept and Access-Reject packets # are logged. # # You will also need to un-comment the 'reply_log' line # in the 'post-auth' section, below. # # Changed here ---- detail reply_log { detailfile = ${radacctdir}/%{Client-IP-Address}/reply-detail-%Y%m%d # # This MUST be 0600, otherwise anyone can read # the users passwords! detailperm = 0600 } # # Finished here # # # This module logs packets proxied to a home server. # # You will also need to un-comment the 'pre_proxy_log' line # in the 'pre-proxy' section, below. # # detail pre_proxy_log { # detailfile = ${radacctdir}/%{Client-IP-Address}/pre-proxy-detail-%Y%m%d # # This MUST be 0600, otherwise anyone can read # the users passwords! # detailperm = 0600 # } # # This module logs response packets from a home server. # # You will also need to un-comment the 'post_proxy_log' line # in the 'post-proxy' section, below. # # detail post_proxy_log { # detailfile = ${radacctdir}/%{Client-IP-Address}/post-proxy-detail-%Y%m%d # # This MUST be 0600, otherwise anyone can read # the users passwords! # detailperm = 0600 # } # # The rlm_sql_log module appends the SQL queries in a log # file which is read later by the radsqlrelay program. # # This module only performs the dynamic expansion of the # variables found in the SQL statements. No operation is # executed on the database server. (this could be done # later by an external program) That means the module is # useful only with non-"SELECT" statements. # # See rlm_sql_log(5) manpage. # # sql_log { # path = ${radacctdir}/sql-relay # acct_table = "radacct" # postauth_table = "radpostauth" # # Start = "INSERT INTO ${acct_table} (AcctSessionId, UserName, \ # NASIPAddress, FramedIPAddress, AcctStartTime, AcctStopTime, \ # AcctSessionTime, AcctTerminateCause) VALUES \ # ('%{Acct-Session-Id}', '%{User-Name}', '%{NAS-IP-Address}', \ # '%{Framed-IP-Address}', '%S', '0', '0', '');" # Stop = "INSERT INTO ${acct_table} (AcctSessionId, UserName, \ # NASIPAddress, FramedIPAddress, AcctStartTime, AcctStopTime, \ # AcctSessionTime, AcctTerminateCause) VALUES \ # ('%{Acct-Session-Id}', '%{User-Name}', '%{NAS-IP-Address}', \ # '%{Framed-IP-Address}', '0', '%S', '%{Acct-Session-Time}', \ # '%{Acct-Terminate-Cause}');" # Alive = "INSERT INTO ${acct_table} (AcctSessionId, UserName, \ # NASIPAddress, FramedIPAddress, AcctStartTime, AcctStopTime, \ # AcctSessionTime, AcctTerminateCause) VALUES \ # ('%{Acct-Session-Id}', '%{User-Name}', '%{NAS-IP-Address}', \ # '%{Framed-IP-Address}', '0', '0', '%{Acct-Session-Time}','');" # # Post-Auth = "INSERT INTO ${postauth_table} \ # (user, pass, reply, date) VALUES \ # ('%{User-Name}', '%{User-Password:-Chap-Password}', \ # '%{reply:Packet-Type}', '%S');" # } # # Create a unique accounting session Id. Many NASes re-use # or repeat values for Acct-Session-Id, causing no end of # confusion. # # This module will add a (probably) unique session id # to an accounting packet based on the attributes listed # below found in the packet. See doc/rlm_acct_unique for # more information. # acct_unique { key = "User-Name, Acct-Session-Id, NAS-IP-Address, Client-IP-Address, NAS-Port" } # Include another file that has the SQL-related configuration. # This is another file only because it tends to be big. # # The following configuration file is for use with MySQL. # # For Postgresql, use: ${confdir}/postgresql.conf # For MS-SQL, use: ${confdir}/mssql.conf # For Oracle, use: ${confdir}/oraclesql.conf # # $INCLUDE ${confdir}/sql.conf # For Cisco VoIP specific accounting with Postgresql, # use: ${confdir}/pgsql-voip.conf # # You will also need the sql schema from: # src/billing/cisco_h323_db_schema-postgres.sql # Note: This config can be use AS WELL AS the standard sql # config if you need SQL based Auth # Write a 'utmp' style file, of which users are currently # logged in, and where they've logged in from. # # This file is used mainly for Simultaneous-Use checking, # and also 'radwho', to see who's currently logged in. # radutmp { # Where the file is stored. It's not a log file, # so it doesn't need rotating. # filename = ${logdir}/radutmp # The field in the packet to key on for the # 'user' name, If you have other fields which you want # to use to key on to control Simultaneous-Use, # then you can use them here. # # Note, however, that the size of the field in the # 'utmp' data structure is small, around 32 # characters, so that will limit the possible choices # of keys. # # You may want instead: %{Stripped-User-Name:-%{User-Name}} username = %{User-Name} # Whether or not we want to treat "user" the same # as "USER", or "User". Some systems have problems # with case sensitivity, so this should be set to # 'no' to enable the comparisons of the key attribute # to be case insensitive. # case_sensitive = yes # Accounting information may be lost, so the user MAY # have logged off of the NAS, but we haven't noticed. # If so, we can verify this information with the NAS, # # If we want to believe the 'utmp' file, then this # configuration entry can be set to 'no'. # check_with_nas = yes # Set the file permissions, as the contents of this file # are usually private. perm = 0600 callerid = "yes"
Luís Cláudio Veiga wrote:
Hello All, I'm running FreeRADIUS Version 1.1.3,
Upgrade. We don't support version 1 any more.
for host i686-redhat-linux-gnu, built on Jan 26 2010 at 18:56:10 Copyright (C) 2000-2006 The FreeRADIUS server project on CENTOS, and trying for now, authenticate the same users in my old users file, but now, I set freeradius to sent auth packets to a LDAP server and I don't know what is wrong. Who can help me with this issue?
*#* *# MY DEBUG -X -A* *#*
That's good. But you've also inclused a number of configuration files. That's not good. Posting copies of the default configuration to the list is useless and annoying. Alan DeKok.
Hello Alan, I didn't post default conf files. I solve the problem with no version upgrade. Thanks for your help, Best regards Em 11/02/2014 20:56, "Alan DeKok" <aland@deployingradius.com> escreveu:
Luís Cláudio Veiga wrote:
Hello All, I'm running FreeRADIUS Version 1.1.3,
Upgrade. We don't support version 1 any more.
for host i686-redhat-linux-gnu, built on Jan 26 2010 at 18:56:10 Copyright (C) 2000-2006 The FreeRADIUS server project on CENTOS, and trying for now, authenticate the same users in my old users file, but now, I set freeradius to sent auth packets to a LDAP server and I don't know what is wrong. Who can help me with this issue?
*#* *# MY DEBUG -X -A* *#*
That's good. But you've also inclused a number of configuration files. That's not good. Posting copies of the default configuration to the list is useless and annoying.
Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
I solve the problem with no version upgrade.
Well. .. That's good...apart from that fact that 1.1.3 has several security problems some of which are remotely triggered and it has quite a few well known bugs. That is one reason you were helpfully advised to upgrade to at least the 2.x release! :/ Alan
Hi everybody, specially Alan Dekok, Ivan Kallik and people trying to do this work. [root@freeradius_server1 ~]# radiusd -X -A -xxx Thu Feb 27 12:07:00 2014 : Info: Starting - reading configuration files ... Thu Feb 27 12:07:00 2014 : Debug: reread_config: reading radiusd.conf Thu Feb 27 12:07:00 2014 : Debug: Config: including file: /etc/raddb/proxy.conf Thu Feb 27 12:07:00 2014 : Debug: Config: including file: /etc/raddb/clients.conf Thu Feb 27 12:07:00 2014 : Debug: Config: including file: /etc/raddb/snmp.conf Thu Feb 27 12:07:00 2014 : Debug: Config: including file: /etc/raddb/eap.conf Thu Feb 27 12:07:00 2014 : Debug: main: prefix = "/usr" Thu Feb 27 12:07:00 2014 : Debug: main: localstatedir = "/var" Thu Feb 27 12:07:00 2014 : Debug: main: logdir = "/var/log/radius" Thu Feb 27 12:07:00 2014 : Debug: main: libdir = "/usr/lib" Thu Feb 27 12:07:00 2014 : Debug: main: radacctdir = "/var/log/radius/radacct" Thu Feb 27 12:07:00 2014 : Debug: main: hostname_lookups = no Thu Feb 27 12:07:00 2014 : Debug: main: snmp = no Thu Feb 27 12:07:00 2014 : Debug: main: max_request_time = 60 Thu Feb 27 12:07:00 2014 : Debug: main: cleanup_delay = 6 Thu Feb 27 12:07:00 2014 : Debug: main: max_requests = 4096 Thu Feb 27 12:07:00 2014 : Debug: main: delete_blocked_requests = 0 Thu Feb 27 12:07:00 2014 : Debug: main: port = 1812 Thu Feb 27 12:07:00 2014 : Debug: main: allow_core_dumps = no Thu Feb 27 12:07:00 2014 : Debug: main: log_stripped_names = no Thu Feb 27 12:07:00 2014 : Debug: main: log_file = "/var/log/radius/radius.log" Thu Feb 27 12:07:00 2014 : Debug: main: log_auth = yes Thu Feb 27 12:07:00 2014 : Debug: main: log_auth_badpass = yes Thu Feb 27 12:07:00 2014 : Debug: main: log_auth_goodpass = yes Thu Feb 27 12:07:00 2014 : Debug: main: pidfile = "/var/run/radiusd/radiusd.pid" Thu Feb 27 12:07:00 2014 : Debug: main: user = "root" Thu Feb 27 12:07:00 2014 : Debug: main: group = "root" Thu Feb 27 12:07:00 2014 : Debug: main: usercollide = no Thu Feb 27 12:07:00 2014 : Debug: main: lower_user = "no" Thu Feb 27 12:07:00 2014 : Debug: main: lower_pass = "no" Thu Feb 27 12:07:00 2014 : Debug: main: nospace_user = "no" Thu Feb 27 12:07:00 2014 : Debug: main: nospace_pass = "no" Thu Feb 27 12:07:00 2014 : Debug: main: checkrad = "/usr/sbin/checkrad" Thu Feb 27 12:07:00 2014 : Debug: main: proxy_requests = no Thu Feb 27 12:07:00 2014 : Debug: proxy: retry_delay = 5 Thu Feb 27 12:07:00 2014 : Debug: proxy: retry_count = 3 Thu Feb 27 12:07:00 2014 : Debug: proxy: synchronous = no Thu Feb 27 12:07:00 2014 : Debug: proxy: default_fallback = yes Thu Feb 27 12:07:00 2014 : Debug: proxy: dead_time = 120 Thu Feb 27 12:07:00 2014 : Debug: proxy: post_proxy_authorize = yes Thu Feb 27 12:07:00 2014 : Debug: proxy: wake_all_if_all_dead = no Thu Feb 27 12:07:00 2014 : Debug: security: max_attributes = 200 Thu Feb 27 12:07:00 2014 : Debug: security: reject_delay = 3 Thu Feb 27 12:07:00 2014 : Debug: security: status_server = no Thu Feb 27 12:07:00 2014 : Debug: main: debug_level = 0 Thu Feb 27 12:07:00 2014 : Debug: read_config_files: reading dictionary Thu Feb 27 12:07:00 2014 : Debug: read_config_files: reading naslist Thu Feb 27 12:07:00 2014 : Info: Using deprecated naslist file. Support for this will go away soon. Thu Feb 27 12:07:00 2014 : Debug: read_config_files: reading clients Thu Feb 27 12:07:00 2014 : Debug: read_config_files: reading realms Thu Feb 27 12:07:00 2014 : Debug: radiusd: entering modules setup Thu Feb 27 12:07:00 2014 : Debug: Module: Library search path is /usr/lib Thu Feb 27 12:07:00 2014 : Debug: Module: Loaded exec Thu Feb 27 12:07:00 2014 : Debug: exec: wait = yes Thu Feb 27 12:07:00 2014 : Debug: exec: program = "(null)" Thu Feb 27 12:07:00 2014 : Debug: exec: input_pairs = "request" Thu Feb 27 12:07:00 2014 : Debug: exec: output_pairs = "(null)" Thu Feb 27 12:07:00 2014 : Debug: exec: packet_type = "(null)" Thu Feb 27 12:07:00 2014 : Info: rlm_exec: Wait=yes but no output defined. Did you mean output=none? Thu Feb 27 12:07:00 2014 : Debug: Module: Instantiated exec (exec) Thu Feb 27 12:07:00 2014 : Debug: Module: Loaded expr Thu Feb 27 12:07:00 2014 : Debug: Module: Instantiated expr (expr) Thu Feb 27 12:07:00 2014 : Debug: Module: Loaded PAP Thu Feb 27 12:07:00 2014 : Debug: pap: encryption_scheme = "clear" Thu Feb 27 12:07:00 2014 : Debug: Module: Instantiated pap (pap) Thu Feb 27 12:07:00 2014 : Debug: Module: Loaded CHAP Thu Feb 27 12:07:00 2014 : Debug: Module: Instantiated chap (chap) Thu Feb 27 12:07:00 2014 : Debug: Module: Loaded MS-CHAP Thu Feb 27 12:07:00 2014 : Debug: mschap: use_mppe = yes Thu Feb 27 12:07:00 2014 : Debug: mschap: require_encryption = no Thu Feb 27 12:07:00 2014 : Debug: mschap: require_strong = no Thu Feb 27 12:07:00 2014 : Debug: mschap: with_ntdomain_hack = no Thu Feb 27 12:07:00 2014 : Debug: mschap: passwd = "(null)" Thu Feb 27 12:07:00 2014 : Debug: mschap: ntlm_auth = "(null)" Thu Feb 27 12:07:00 2014 : Debug: Module: Instantiated mschap (mschap) Thu Feb 27 12:07:00 2014 : Debug: Module: Loaded System Thu Feb 27 12:07:00 2014 : Debug: unix: cache = no Thu Feb 27 12:07:00 2014 : Debug: unix: passwd = "/etc/passwd" Thu Feb 27 12:07:00 2014 : Debug: unix: shadow = "/etc/shadow" Thu Feb 27 12:07:00 2014 : Debug: unix: group = "/etc/group" Thu Feb 27 12:07:00 2014 : Debug: unix: radwtmp = "/var/log/radius/radwtmp" Thu Feb 27 12:07:00 2014 : Debug: unix: usegroup = no Thu Feb 27 12:07:00 2014 : Debug: unix: cache_reload = 600 Thu Feb 27 12:07:00 2014 : Debug: Module: Instantiated unix (unix) Thu Feb 27 12:07:00 2014 : Debug: Module: Loaded LDAP Thu Feb 27 12:07:00 2014 : Debug: ldap: server = " myadserver.MYCOMPANY.net.br" Thu Feb 27 12:07:00 2014 : Debug: ldap: port = 389 Thu Feb 27 12:07:00 2014 : Debug: ldap: net_timeout = 1 Thu Feb 27 12:07:00 2014 : Debug: ldap: timeout = 4 Thu Feb 27 12:07:00 2014 : Debug: ldap: timelimit = 20 Thu Feb 27 12:07:00 2014 : Debug: ldap: identity = "CN=AUTHENTIC,CN=USERS,DC=MYCOMPANY,DC=NET,DC=BR" Thu Feb 27 12:07:00 2014 : Debug: ldap: tls_mode = no Thu Feb 27 12:07:00 2014 : Debug: ldap: start_tls = no Thu Feb 27 12:07:00 2014 : Debug: ldap: tls_cacertfile = "(null)" Thu Feb 27 12:07:00 2014 : Debug: ldap: tls_cacertdir = "(null)" Thu Feb 27 12:07:00 2014 : Debug: ldap: tls_certfile = "(null)" Thu Feb 27 12:07:00 2014 : Debug: ldap: tls_keyfile = "(null)" Thu Feb 27 12:07:00 2014 : Debug: ldap: tls_randfile = "(null)" Thu Feb 27 12:07:00 2014 : Debug: ldap: tls_require_cert = "allow" Thu Feb 27 12:07:00 2014 : Debug: ldap: password = "adpasswd" Thu Feb 27 12:07:00 2014 : Debug: ldap: basedn = "CN=USERS,DC=MYCOMPANY,DC=NET,DC=BR" Thu Feb 27 12:07:00 2014 : Debug: ldap: filter = "(&(sAMAccountname=%{Stripped-User-Name:-%{User-Name}})(objectClass=user))" Thu Feb 27 12:07:00 2014 : Debug: ldap: base_filter = "(objectclass=posixAccount)" Thu Feb 27 12:07:00 2014 : Debug: ldap: default_profile = "(null)" Thu Feb 27 12:07:00 2014 : Debug: ldap: profile_attribute = "(null)" Thu Feb 27 12:07:00 2014 : Debug: ldap: password_header = "(null)" Thu Feb 27 12:07:00 2014 : Debug: ldap: password_attribute = "userPassword" Thu Feb 27 12:07:00 2014 : Debug: ldap: access_attr = "SamAccountName" Thu Feb 27 12:07:00 2014 : Debug: ldap: groupname_attribute = "cn" Thu Feb 27 12:07:00 2014 : Debug: ldap: groupmembership_filter = "(&(objectClass=group)(member=%{Ldap-UserDn}))" Thu Feb 27 12:07:00 2014 : Debug: ldap: groupmembership_attribute = "memberOf" Thu Feb 27 12:07:00 2014 : Debug: ldap: dictionary_mapping = "/etc/raddb/ldap.attrmap" Thu Feb 27 12:07:00 2014 : Debug: ldap: ldap_debug = 0 Thu Feb 27 12:07:00 2014 : Debug: ldap: ldap_connections_number = 30 Thu Feb 27 12:07:00 2014 : Debug: ldap: compare_check_items = yes Thu Feb 27 12:07:00 2014 : Debug: ldap: access_attr_used_for_allow = yes Thu Feb 27 12:07:00 2014 : Debug: ldap: do_xlat = yes Thu Feb 27 12:07:00 2014 : Debug: ldap: set_auth_type = yes Thu Feb 27 12:07:00 2014 : Debug: rlm_ldap: Registering ldap_groupcmp for Ldap-Group Thu Feb 27 12:07:00 2014 : Debug: rlm_ldap: Registering ldap_xlat with xlat_name ldap Thu Feb 27 12:07:00 2014 : Debug: rlm_ldap: reading ldap<->radius mappings from file /etc/raddb/ldap.attrmap Thu Feb 27 12:07:00 2014 : Debug: rlm_ldap: LDAP radiusCheckItem mapped to RADIUS $GENERIC$ Thu Feb 27 12:07:00 2014 : Debug: rlm_ldap: LDAP radiusReplyItem mapped to RADIUS $GENERIC$ Thu Feb 27 12:07:00 2014 : Debug: rlm_ldap: LDAP radiusAuthType mapped to RADIUS Auth-Type Thu Feb 27 12:07:00 2014 : Debug: rlm_ldap: LDAP radiusSimultaneousUse mapped to RADIUS Simultaneous-Use Thu Feb 27 12:07:00 2014 : Debug: rlm_ldap: LDAP radiusCalledStationId mapped to RADIUS Called-Station-Id Thu Feb 27 12:07:00 2014 : Debug: rlm_ldap: LDAP radiusCallingStationId mapped to RADIUS Calling-Station-Id Thu Feb 27 12:07:00 2014 : Debug: rlm_ldap: LDAP sambaLMPassword mapped to RADIUS LM-Password Thu Feb 27 12:07:00 2014 : Debug: rlm_ldap: LDAP sambaNTPassword mapped to RADIUS NT-Password Thu Feb 27 12:07:00 2014 : Debug: rlm_ldap: LDAP sambaAcctFlags mapped to RADIUS SMB-Account-CTRL-TEXT Thu Feb 27 12:07:00 2014 : Debug: rlm_ldap: LDAP radiusExpiration mapped to RADIUS Expiration Thu Feb 27 12:07:00 2014 : Debug: rlm_ldap: LDAP radiusNASIpAddress mapped to RADIUS NAS-IP-Address Thu Feb 27 12:07:00 2014 : Debug: rlm_ldap: LDAP radiusServiceType mapped to RADIUS Service-Type Thu Feb 27 12:07:00 2014 : Debug: rlm_ldap: LDAP radiusFramedProtocol mapped to RADIUS Framed-Protocol Thu Feb 27 12:07:00 2014 : Debug: rlm_ldap: LDAP radiusFramedIPAddress mapped to RADIUS Framed-IP-Address Thu Feb 27 12:07:00 2014 : Debug: rlm_ldap: LDAP radiusFramedIPNetmask mapped to RADIUS Framed-IP-Netmask Thu Feb 27 12:07:00 2014 : Debug: rlm_ldap: LDAP radiusFramedRoute mapped to RADIUS Framed-Route Thu Feb 27 12:07:00 2014 : Debug: rlm_ldap: LDAP radiusFramedRouting mapped to RADIUS Framed-Routing Thu Feb 27 12:07:00 2014 : Debug: rlm_ldap: LDAP radiusFilterId mapped to RADIUS Filter-Id Thu Feb 27 12:07:00 2014 : Debug: rlm_ldap: LDAP radiusFramedMTU mapped to RADIUS Framed-MTU Thu Feb 27 12:07:00 2014 : Debug: rlm_ldap: LDAP radiusFramedCompression mapped to RADIUS Framed-Compression Thu Feb 27 12:07:00 2014 : Debug: rlm_ldap: LDAP radiusLoginIPHost mapped to RADIUS Login-IP-Host Thu Feb 27 12:07:00 2014 : Debug: rlm_ldap: LDAP radiusLoginService mapped to RADIUS Login-Service Thu Feb 27 12:07:00 2014 : Debug: rlm_ldap: LDAP radiusLoginTCPPort mapped to RADIUS Login-TCP-Port Thu Feb 27 12:07:00 2014 : Debug: rlm_ldap: LDAP radiusCallbackNumber mapped to RADIUS Callback-Number Thu Feb 27 12:07:00 2014 : Debug: rlm_ldap: LDAP radiusCallbackId mapped to RADIUS Callback-Id Thu Feb 27 12:07:00 2014 : Debug: rlm_ldap: LDAP radiusFramedIPXNetwork mapped to RADIUS Framed-IPX-Network Thu Feb 27 12:07:00 2014 : Debug: rlm_ldap: LDAP radiusClass mapped to RADIUS Class Thu Feb 27 12:07:00 2014 : Debug: rlm_ldap: LDAP radiusSessionTimeout mapped to RADIUS Session-Timeout Thu Feb 27 12:07:00 2014 : Debug: rlm_ldap: LDAP radiusIdleTimeout mapped to RADIUS Idle-Timeout Thu Feb 27 12:07:00 2014 : Debug: rlm_ldap: LDAP radiusTerminationAction mapped to RADIUS Termination-Action Thu Feb 27 12:07:00 2014 : Debug: rlm_ldap: LDAP radiusLoginLATService mapped to RADIUS Login-LAT-Service Thu Feb 27 12:07:00 2014 : Debug: rlm_ldap: LDAP radiusLoginLATNode mapped to RADIUS Login-LAT-Node Thu Feb 27 12:07:00 2014 : Debug: rlm_ldap: LDAP radiusLoginLATGroup mapped to RADIUS Login-LAT-Group Thu Feb 27 12:07:00 2014 : Debug: rlm_ldap: LDAP radiusFramedAppleTalkLink mapped to RADIUS Framed-AppleTalk-Link Thu Feb 27 12:07:00 2014 : Debug: rlm_ldap: LDAP radiusFramedAppleTalkNetwork mapped to RADIUS Framed-AppleTalk-Network Thu Feb 27 12:07:00 2014 : Debug: rlm_ldap: LDAP radiusFramedAppleTalkZone mapped to RADIUS Framed-AppleTalk-Zone Thu Feb 27 12:07:00 2014 : Debug: rlm_ldap: LDAP radiusPortLimit mapped to RADIUS Port-Limit Thu Feb 27 12:07:00 2014 : Debug: rlm_ldap: LDAP radiusLoginLATPort mapped to RADIUS Login-LAT-Port Thu Feb 27 12:07:00 2014 : Debug: rlm_ldap: LDAP radiusReplyMessage mapped to RADIUS Reply-Message Thu Feb 27 12:07:00 2014 : Debug: rlm_ldap: LDAP AcmeUserPrivilege mapped to RADIUS Service-Type Thu Feb 27 12:07:00 2014 : Debug: rlm_ldap: LDAP AcmeUserClass mapped to RADIUS Service-Type Thu Feb 27 12:07:00 2014 : Debug: rlm_ldap: LDAP Cisco-AVPair mapped to RADIUS Cisco-AVPair Thu Feb 27 12:07:00 2014 : Debug: conns: 0x8ac0db0 Thu Feb 27 12:07:00 2014 : Debug: Module: Instantiated ldap (ldap) Thu Feb 27 12:07:00 2014 : Debug: Module: Loaded eap Thu Feb 27 12:07:00 2014 : Debug: eap: default_eap_type = "peap" Thu Feb 27 12:07:00 2014 : Debug: eap: timer_expire = 60 Thu Feb 27 12:07:00 2014 : Debug: eap: ignore_unknown_eap_types = no Thu Feb 27 12:07:00 2014 : Debug: eap: cisco_accounting_username_bug = no Thu Feb 27 12:07:00 2014 : Debug: rlm_eap: Loaded and initialized type md5 Thu Feb 27 12:07:00 2014 : Debug: rlm_eap: Loaded and initialized type leap Thu Feb 27 12:07:00 2014 : Debug: gtc: challenge = "Password: " Thu Feb 27 12:07:00 2014 : Debug: gtc: auth_type = "PAP" Thu Feb 27 12:07:00 2014 : Debug: rlm_eap: Loaded and initialized type gtc Thu Feb 27 12:07:00 2014 : Debug: tls: rsa_key_exchange = no Thu Feb 27 12:07:00 2014 : Debug: tls: dh_key_exchange = yes Thu Feb 27 12:07:00 2014 : Debug: tls: rsa_key_length = 512 Thu Feb 27 12:07:00 2014 : Debug: tls: dh_key_length = 512 Thu Feb 27 12:07:00 2014 : Debug: tls: verify_depth = 0 Thu Feb 27 12:07:00 2014 : Debug: tls: CA_path = "(null)" Thu Feb 27 12:07:00 2014 : Debug: tls: pem_file_type = yes Thu Feb 27 12:07:00 2014 : Debug: tls: private_key_file = "/etc/raddb/certs/cert-srv.pem" Thu Feb 27 12:07:00 2014 : Debug: tls: certificate_file = "/etc/raddb/certs/cert-srv.pem" Thu Feb 27 12:07:00 2014 : Debug: tls: CA_file = "/etc/raddb/certs/demoCA/cacert.pem" Thu Feb 27 12:07:00 2014 : Debug: tls: private_key_password = "whatever" Thu Feb 27 12:07:00 2014 : Debug: tls: dh_file = "/etc/raddb/certs/dh" Thu Feb 27 12:07:00 2014 : Debug: tls: random_file = "/etc/raddb/certs/random" Thu Feb 27 12:07:00 2014 : Debug: tls: fragment_size = 1024 Thu Feb 27 12:07:00 2014 : Debug: tls: include_length = yes Thu Feb 27 12:07:00 2014 : Debug: tls: check_crl = no Thu Feb 27 12:07:00 2014 : Debug: tls: check_cert_cn = "(null)" Thu Feb 27 12:07:00 2014 : Debug: tls: cipher_list = "(null)" Thu Feb 27 12:07:00 2014 : Debug: tls: check_cert_issuer = "(null)" Thu Feb 27 12:07:00 2014 : Info: rlm_eap_tls: Loading the certificate file as a chain Thu Feb 27 12:07:00 2014 : Debug: rlm_eap: Loaded and initialized type tls Thu Feb 27 12:07:00 2014 : Debug: ttls: default_eap_type = "md5" Thu Feb 27 12:07:00 2014 : Debug: ttls: copy_request_to_tunnel = no Thu Feb 27 12:07:00 2014 : Debug: ttls: use_tunneled_reply = no Thu Feb 27 12:07:00 2014 : Debug: rlm_eap: Loaded and initialized type ttls Thu Feb 27 12:07:00 2014 : Debug: peap: default_eap_type = "mschapv2" Thu Feb 27 12:07:00 2014 : Debug: peap: copy_request_to_tunnel = no Thu Feb 27 12:07:00 2014 : Debug: peap: use_tunneled_reply = no Thu Feb 27 12:07:00 2014 : Debug: peap: proxy_tunneled_request_as_eap = yes Thu Feb 27 12:07:00 2014 : Debug: rlm_eap: Loaded and initialized type peap Thu Feb 27 12:07:00 2014 : Debug: mschapv2: with_ntdomain_hack = no Thu Feb 27 12:07:00 2014 : Debug: rlm_eap: Loaded and initialized type mschapv2 Thu Feb 27 12:07:00 2014 : Debug: Module: Instantiated eap (eap) Thu Feb 27 12:07:00 2014 : Debug: Module: Loaded preprocess Thu Feb 27 12:07:00 2014 : Debug: preprocess: huntgroups = "/etc/raddb/huntgroups" Thu Feb 27 12:07:00 2014 : Debug: preprocess: hints = "/etc/raddb/hints" Thu Feb 27 12:07:00 2014 : Debug: preprocess: with_ascend_hack = no Thu Feb 27 12:07:00 2014 : Debug: preprocess: ascend_channels_per_line = 23 Thu Feb 27 12:07:00 2014 : Debug: preprocess: with_ntdomain_hack = no Thu Feb 27 12:07:00 2014 : Debug: preprocess: with_specialix_jetstream_hack = no Thu Feb 27 12:07:00 2014 : Debug: preprocess: with_cisco_vsa_hack = no Thu Feb 27 12:07:00 2014 : Debug: preprocess: with_alvarion_vsa_hack = no Thu Feb 27 12:07:00 2014 : Debug: Module: Instantiated preprocess (preprocess) Thu Feb 27 12:07:00 2014 : Debug: Module: Loaded detail Thu Feb 27 12:07:00 2014 : Debug: detail: detailfile = "/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d" Thu Feb 27 12:07:00 2014 : Debug: detail: detailperm = 384 Thu Feb 27 12:07:00 2014 : Debug: detail: dirperm = 493 Thu Feb 27 12:07:00 2014 : Debug: detail: locking = no Thu Feb 27 12:07:00 2014 : Debug: Module: Instantiated detail (auth_log) Thu Feb 27 12:07:00 2014 : Debug: Module: Loaded files Thu Feb 27 12:07:00 2014 : Debug: files: usersfile = "/etc/raddb/users" Thu Feb 27 12:07:00 2014 : Debug: files: acctusersfile = "/etc/raddb/acct_users" Thu Feb 27 12:07:00 2014 : Debug: files: preproxy_usersfile = "/etc/raddb/preproxy_users" Thu Feb 27 12:07:00 2014 : Debug: files: compat = "no" Thu Feb 27 12:07:00 2014 : Debug: Module: Instantiated files (files) Thu Feb 27 12:07:00 2014 : Debug: Module: Loaded Acct-Unique-Session-Id Thu Feb 27 12:07:00 2014 : Debug: acct_unique: key = "User-Name, Acct-Session-Id, NAS-IP-Address, Client-IP-Address, NAS-Port" Thu Feb 27 12:07:00 2014 : Debug: Module: Instantiated acct_unique (acct_unique) Thu Feb 27 12:07:00 2014 : Debug: Module: Loaded realm Thu Feb 27 12:07:00 2014 : Debug: realm: format = "suffix" Thu Feb 27 12:07:00 2014 : Debug: realm: delimiter = "@" Thu Feb 27 12:07:00 2014 : Debug: realm: ignore_default = no Thu Feb 27 12:07:00 2014 : Debug: realm: ignore_null = no Thu Feb 27 12:07:00 2014 : Debug: Module: Instantiated realm (suffix) Thu Feb 27 12:07:00 2014 : Debug: detail: detailfile = "/var/log/radius/radacct/%{Client-IP-Address}/detail-%Y%m%d" Thu Feb 27 12:07:00 2014 : Debug: detail: detailperm = 384 Thu Feb 27 12:07:00 2014 : Debug: detail: dirperm = 493 Thu Feb 27 12:07:00 2014 : Debug: detail: locking = no Thu Feb 27 12:07:00 2014 : Debug: Module: Instantiated detail (detail) Thu Feb 27 12:07:00 2014 : Debug: Module: Loaded radutmp Thu Feb 27 12:07:00 2014 : Debug: radutmp: filename = "/var/log/radius/radutmp" Thu Feb 27 12:07:00 2014 : Debug: radutmp: username = "%{User-Name}" Thu Feb 27 12:07:00 2014 : Debug: radutmp: case_sensitive = yes Thu Feb 27 12:07:00 2014 : Debug: radutmp: check_with_nas = yes Thu Feb 27 12:07:00 2014 : Debug: radutmp: perm = 384 Thu Feb 27 12:07:00 2014 : Debug: radutmp: callerid = yes Thu Feb 27 12:07:00 2014 : Debug: Module: Instantiated radutmp (radutmp) Thu Feb 27 12:07:00 2014 : Debug: Listening on authentication *:1812 Thu Feb 27 12:07:00 2014 : Debug: Listening on accounting *:1813 Thu Feb 27 12:07:00 2014 : Info: Ready to process requests. rad_recv: Access-Request packet from host 10.253.7.156:1812, id=157, length=63 User-Name = "username" User-Password = "userpassword" NAS-Identifier = "NGN" NAS-IP-Address = 10.253.7.156 NAS-Port = 118751232 Thu Feb 27 12:07:11 2014 : Debug: Processing the authorize section of radiusd.conf Thu Feb 27 12:07:11 2014 : Debug: modcall: entering group authorize for request 0 Thu Feb 27 12:07:11 2014 : Debug: modsingle[authorize]: calling preprocess (rlm_preprocess) for request 0 Thu Feb 27 12:07:11 2014 : Debug: modsingle[authorize]: returned from preprocess (rlm_preprocess) for request 0 Thu Feb 27 12:07:11 2014 : Debug: modcall[authorize]: module "preprocess" returns ok for request 0 Thu Feb 27 12:07:11 2014 : Debug: modsingle[authorize]: calling auth_log (rlm_detail) for request 0 Thu Feb 27 12:07:11 2014 : Debug: radius_xlat: '/var/log/radius/radacct/ 10.253.7.156/auth-detail-20140227' Thu Feb 27 12:07:11 2014 : Debug: rlm_detail: /var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d expands to /var/log/radius/radacct/10.253.7.156/auth-detail-20140227 Thu Feb 27 12:07:11 2014 : Debug: modsingle[authorize]: returned from auth_log (rlm_detail) for request 0 Thu Feb 27 12:07:11 2014 : Debug: modcall[authorize]: module "auth_log" returns ok for request 0 Thu Feb 27 12:07:11 2014 : Debug: modsingle[authorize]: calling chap (rlm_chap) for request 0 Thu Feb 27 12:07:11 2014 : Debug: modsingle[authorize]: returned from chap (rlm_chap) for request 0 Thu Feb 27 12:07:11 2014 : Debug: modcall[authorize]: module "chap" returns noop for request 0 Thu Feb 27 12:07:11 2014 : Debug: modsingle[authorize]: calling mschap (rlm_mschap) for request 0 Thu Feb 27 12:07:11 2014 : Debug: modsingle[authorize]: returned from mschap (rlm_mschap) for request 0 Thu Feb 27 12:07:11 2014 : Debug: modcall[authorize]: module "mschap" returns noop for request 0 Thu Feb 27 12:07:11 2014 : Debug: modsingle[authorize]: calling eap (rlm_eap) for request 0 Thu Feb 27 12:07:11 2014 : Debug: rlm_eap: No EAP-Message, not doing EAP Thu Feb 27 12:07:11 2014 : Debug: modsingle[authorize]: returned from eap (rlm_eap) for request 0 Thu Feb 27 12:07:11 2014 : Debug: modcall[authorize]: module "eap" returns noop for request 0 Thu Feb 27 12:07:11 2014 : Debug: modsingle[authorize]: calling ldap (rlm_ldap) for request 0 Thu Feb 27 12:07:11 2014 : Debug: rlm_ldap: - authorize Thu Feb 27 12:07:11 2014 : Debug: rlm_ldap: performing user authorization for username Thu Feb 27 12:07:11 2014 : Debug: radius_xlat: '(&(sAMAccountname=username)(objectClass=user))' Thu Feb 27 12:07:11 2014 : Debug: radius_xlat: 'CN=USERS,DC=MYCOMPANY,DC=NET,DC=BR' Thu Feb 27 12:07:11 2014 : Debug: rlm_ldap: ldap_get_conn: Checking Id: 0 Thu Feb 27 12:07:11 2014 : Debug: rlm_ldap: ldap_get_conn: Got Id: 0 Thu Feb 27 12:07:11 2014 : Debug: rlm_ldap: attempting LDAP reconnection Thu Feb 27 12:07:11 2014 : Debug: rlm_ldap: (re)connect to myadserver.MYCOMPANY.net.br:389, authentication 0 Thu Feb 27 12:07:11 2014 : Debug: rlm_ldap: bind as CN=AUTHENTIC,CN=USERS,DC=MYCOMPANY,DC=NET,DC=BR/adpasswd to myadserver.MYCOMPANY.net.br:389 Thu Feb 27 12:07:11 2014 : Debug: rlm_ldap: waiting for bind result ... Thu Feb 27 12:07:11 2014 : Debug: rlm_ldap: Bind was successful Thu Feb 27 12:07:11 2014 : Debug: rlm_ldap: performing search in CN=USERS,DC=MYCOMPANY,DC=NET,DC=BR, with filter (&(sAMAccountname=username)(objectClass=user)) Thu Feb 27 12:07:11 2014 : Debug: rlm_ldap: checking if remote access for username is allowed by SamAccountName Thu Feb 27 12:07:11 2014 : Debug: rlm_ldap: looking for check items in directory... Thu Feb 27 12:07:11 2014 : Debug: rlm_ldap: looking for reply items in directory... Thu Feb 27 12:07:11 2014 : Debug: rlm_ldap: Setting Auth-Type = ldap Thu Feb 27 12:07:11 2014 : Debug: rlm_ldap: user username authorized to use remote access Thu Feb 27 12:07:11 2014 : Debug: rlm_ldap: ldap_release_conn: Release Id: 0 Thu Feb 27 12:07:11 2014 : Debug: modsingle[authorize]: returned from ldap (rlm_ldap) for request 0 Thu Feb 27 12:07:11 2014 : Debug: modcall[authorize]: module "ldap" returns ok for request 0 Thu Feb 27 12:07:11 2014 : Debug: modsingle[authorize]: calling files (rlm_files) for request 0 Thu Feb 27 12:07:11 2014 : Debug: users: Matched entry DEFAULT at line 4 Thu Feb 27 12:07:11 2014 : Debug: rlm_ldap: Entering ldap_groupcmp() Thu Feb 27 12:07:11 2014 : Debug: radius_xlat: 'CN=USERS,DC=MYCOMPANY,DC=NET,DC=BR' Thu Feb 27 12:07:11 2014 : Debug: radius_xlat: '(&(objectClass=group)(member=CN\3dLUIS VEIGA \28324278\29\2cCN\3dUsers\2cDC\3dMYCOMPANY\2cDC\3dnet\2cDC\3dbr))' Thu Feb 27 12:07:11 2014 : Debug: rlm_ldap: ldap_get_conn: Checking Id: 0 Thu Feb 27 12:07:11 2014 : Debug: rlm_ldap: ldap_get_conn: Got Id: 0 Thu Feb 27 12:07:11 2014 : Debug: rlm_ldap: performing search in CN=USERS,DC=MYCOMPANY,DC=NET,DC=BR, with filter (&(cn=sbcadmin)(&(objectClass=group)(member=CN\3dLUIS VEIGA \28324278\29\2cCN\3dUsers\2cDC\3dMYCOMPANY\2cDC\3dnet\2cDC\3dbr))) Thu Feb 27 12:07:11 2014 : Debug: rlm_ldap::ldap_groupcmp: User found in group sbcadmin Thu Feb 27 12:07:11 2014 : Debug: rlm_ldap: ldap_release_conn: Release Id: 0 Thu Feb 27 12:07:11 2014 : Debug: users: Matched entry DEFAULT at line 7 Thu Feb 27 12:07:11 2014 : Debug: modsingle[authorize]: returned from files (rlm_files) for request 0 Thu Feb 27 12:07:11 2014 : Debug: modcall[authorize]: module "files" returns ok for request 0 Thu Feb 27 12:07:11 2014 : Debug: modcall: leaving group authorize (returns ok) for request 0 Thu Feb 27 12:07:11 2014 : Debug: rad_check_password: Found Auth-Type LDAP Thu Feb 27 12:07:11 2014 : Debug: auth: type "LDAP" Thu Feb 27 12:07:11 2014 : Debug: Processing the authenticate section of radiusd.conf Thu Feb 27 12:07:11 2014 : Debug: modcall: entering group LDAP for request 0 Thu Feb 27 12:07:11 2014 : Debug: modsingle[authenticate]: calling ldap (rlm_ldap) for request 0 Thu Feb 27 12:07:11 2014 : Debug: rlm_ldap: - authenticate Thu Feb 27 12:07:11 2014 : Debug: rlm_ldap: login attempt by "username" with password "userpassword" Thu Feb 27 12:07:11 2014 : Debug: rlm_ldap: user DN: CN=LUIS VEIGA (324278),CN=Users,DC=MYCOMPANY,DC=net,DC=br Thu Feb 27 12:07:11 2014 : Debug: rlm_ldap: (re)connect to myadserver.MYCOMPANY.net.br:389, authentication 1 Thu Feb 27 12:07:11 2014 : Debug: rlm_ldap: bind as CN=LUIS VEIGA (324278),CN=Users,DC=MYCOMPANY,DC=net,DC=br/userpassword to myadserver.MYCOMPANY.net.br:389 Thu Feb 27 12:07:11 2014 : Debug: rlm_ldap: waiting for bind result ... Thu Feb 27 12:07:11 2014 : Debug: rlm_ldap: Bind was successful Thu Feb 27 12:07:11 2014 : Debug: rlm_ldap: user username authenticated succesfully Thu Feb 27 12:07:11 2014 : Debug: modsingle[authenticate]: returned from ldap (rlm_ldap) for request 0 Thu Feb 27 12:07:11 2014 : Debug: modcall[authenticate]: module "ldap" returns ok for request 0 Thu Feb 27 12:07:11 2014 : Debug: modcall: leaving group LDAP (returns ok) for request 0 Thu Feb 27 12:07:11 2014 : Auth: Login OK: [username/userpassword] (from client myhost.spoig port 118751232) Sending Access-Accept of id 157 to 10.253.7.156 port 1812 Service-Type = Login-User Login-Service = Telnet Port-Limit := 5 Idle-Timeout := 300 Session-Timeout := 300 Acme-User-Class := "Admin" Acme-User-Privilege := "sftpForAll" Thu Feb 27 12:07:11 2014 : Debug: Finished request 0 Thu Feb 27 12:07:11 2014 : Debug: Going to the next request Thu Feb 27 12:07:11 2014 : Debug: --- Walking the entire request list --- Thu Feb 27 12:07:11 2014 : Debug: Waking up in 7 seconds... 2014-02-12 6:06 GMT-02:00 Alan Buxey <A.L.M.Buxey@lboro.ac.uk>:
I solve the problem with no version upgrade.
Well. .. That's good...apart from that fact that 1.1.3 has several security problems some of which are remotely triggered and it has quite a few well known bugs. That is one reason you were helpfully advised to upgrade to at least the 2.x release! :/
Alan
On 02/10/2014 12:17 PM, Luís Cláudio Veiga wrote:
I'm running FreeRADIUS Version 1.1.3,
Who can help me with this issue?
1.1.3 is ancient, so you're not likely to get any help with 1.1.3 Current version is 3.0.1. CentOS has 2.1.12 available if you don't want to build from scratch. -- John
Ok John i will try this issue later. Thanx again Em 11/02/2014 21:08, "John Dennis" <jdennis@redhat.com> escreveu:
On 02/10/2014 12:17 PM, Luís Cláudio Veiga wrote:
I'm running FreeRADIUS Version 1.1.3,
Who can help me with this issue?
1.1.3 is ancient, so you're not likely to get any help with 1.1.3
Current version is 3.0.1.
CentOS has 2.1.12 available if you don't want to build from scratch.
-- John - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
participants (4)
-
Alan Buxey -
Alan DeKok -
John Dennis -
Luís Cláudio Veiga