eap-tls configuration not running...
Hello I've got a problem with my eap-tls configuration : the server is accepting the device ( rad_check_password: Auth-Type = Accept, accepting the user), but it doesn't connect to the to access-point (HP Procurve). The server is a virtual Suse linux enterprise and the client is windows XP sp 3. Any help would be great.... Here is the output on the server: Starting - reading configuration files ... reread_config: reading radiusd.conf Config: including file: /etc/raddb/proxy.conf Config: including file: /etc/raddb/clients.conf Config: including file: /etc/raddb/snmp.conf Config: including file: /etc/raddb/eap.conf Config: including file: /etc/raddb/sql.conf main: prefix = "/usr" main: localstatedir = "/var" main: logdir = "/var/log/radius" main: libdir = "/usr/lib/freeradius" main: radacctdir = "/var/log/radius/radacct" main: hostname_lookups = no main: max_request_time = 30 main: cleanup_delay = 5 main: max_requests = 1024 main: delete_blocked_requests = 0 main: port = 0 main: allow_core_dumps = no main: log_stripped_names = no main: log_file = "/var/log/radius/radius.log" main: log_auth = no main: log_auth_badpass = no main: log_auth_goodpass = no main: pidfile = "/var/run/radiusd/radiusd.pid" main: user = "(null)" main: group = "(null)" main: usercollide = no main: lower_user = "no" main: lower_pass = "no" main: nospace_user = "no" main: nospace_pass = "no" main: checkrad = "/usr/sbin/checkrad" main: proxy_requests = yes proxy: retry_delay = 5 proxy: retry_count = 3 proxy: synchronous = no proxy: default_fallback = yes proxy: dead_time = 120 proxy: post_proxy_authorize = no proxy: wake_all_if_all_dead = no security: max_attributes = 200 security: reject_delay = 1 security: status_server = no main: debug_level = 0 read_config_files: reading dictionary read_config_files: reading naslist read_config_files: reading clients Using deprecated clients file. Support for this will go away soon. read_config_files: reading realms radiusd: entering modules setup Module: Library search path is /usr/lib/freeradius Module: Loaded exec exec: wait = yes exec: program = "(null)" exec: input_pairs = "request" exec: output_pairs = "(null)" exec: packet_type = "(null)" rlm_exec: Wait=yes but no output defined. Did you mean output=none? Module: Instantiated exec (exec) Module: Loaded expr Module: Instantiated expr (expr) Module: Loaded eap eap: default_eap_type = "tls" eap: timer_expire = 60 eap: ignore_unknown_eap_types = no eap: cisco_accounting_username_bug = no rlm_eap: Loaded and initialized type md5 rlm_eap: Loaded and initialized type leap gtc: challenge = "Password: " gtc: auth_type = "PAP" rlm_eap: Loaded and initialized type gtc tls: rsa_key_exchange = no tls: dh_key_exchange = yes tls: rsa_key_length = 512 tls: dh_key_length = 512 tls: verify_depth = 0 tls: CA_path = "(null)" tls: pem_file_type = yes tls: private_key_file = "/sslcert/CAkey.pem" tls: certificate_file = "/sslcert/sierrerad10.pem" tls: CA_file = "/sslcert/CAcrt.pem" tls: private_key_password = "novelis" tls: dh_file = "/etc/raddb/certs/dh" tls: random_file = "/etc/raddb/certs/random" tls: fragment_size = 1024 tls: include_length = yes tls: check_crl = no tls: check_cert_cn = "(null)" rlm_eap_tls: Loading the certificate file as a chain rlm_eap: Loaded and initialized type tls mschapv2: with_ntdomain_hack = no rlm_eap: Loaded and initialized type mschapv2 Module: Instantiated eap (eap) Module: Loaded preprocess preprocess: huntgroups = "/etc/raddb/huntgroups" preprocess: hints = "/etc/raddb/hints" preprocess: with_ascend_hack = no preprocess: ascend_channels_per_line = 23 preprocess: with_ntdomain_hack = no preprocess: with_specialix_jetstream_hack = no preprocess: with_cisco_vsa_hack = no Module: Instantiated preprocess (preprocess) Module: Loaded files files: usersfile = "/etc/raddb/users" files: acctusersfile = "/etc/raddb/acct_users" files: preproxy_usersfile = "/etc/raddb/preproxy_users" files: compat = "no" Module: Instantiated files (files) Module: Loaded Acct-Unique-Session-Id acct_unique: key = "User-Name, Acct-Session-Id, NAS-IP-Address, Client-IP-Address, NAS-Port" Module: Instantiated acct_unique (acct_unique) Module: Loaded realm realm: format = "suffix" realm: delimiter = "@" realm: ignore_default = no realm: ignore_null = no Module: Instantiated realm (suffix) Module: Loaded detail detail: detailfile = "/var/log/radius/radacct/%{Client-IP-Address}/detail-%Y%m%d" detail: detailperm = 384 detail: dirperm = 493 detail: locking = no Module: Instantiated detail (detail) Module: Loaded System unix: cache = no unix: passwd = "/etc/passwd" unix: shadow = "(null)" unix: group = "/etc/group" unix: radwtmp = "/var/log/radius/radwtmp" unix: usegroup = no unix: cache_reload = 600 Module: Instantiated unix (unix) Module: Loaded radutmp radutmp: filename = "/var/log/radius/radutmp" radutmp: username = "%{User-Name}" radutmp: case_sensitive = yes radutmp: check_with_nas = yes radutmp: perm = 384 radutmp: callerid = yes Module: Instantiated radutmp (radutmp) Listening on authentication *:1812 Listening on accounting *:1813 Ready to process requests. rad_recv: Access-Request packet from host 10.166.42.30:1024, id=1, length=159 User-Name = "sierre08015" NAS-IP-Address = 10.166.42.30 NAS-Port = 1 Called-Station-Id = "00-14-C2-BB-FF-70:test" Calling-Station-Id = "00-1F-3C-13-1A-1F" Framed-MTU = 1400 NAS-Port-Type = Wireless-802.11 Connect-Info = "CONNECT 0Mbps 802.11g" EAP-Message = 0x02010010017369657272653038303135 Message-Authenticator = 0x4cc4a961e5aae9b990d400eab9ec0a8e Processing the authorize section of radiusd.conf modcall: entering group authorize for request 0 modcall[authorize]: module "preprocess" returns ok for request 0 rlm_eap: EAP packet type response id 1 length 16 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 0 users: Matched entry sierre08015 at line 97 modcall[authorize]: module "files" returns ok for request 0 modcall: leaving group authorize (returns updated) for request 0 rad_check_password: Found Auth-Type Accept rad_check_password: Auth-Type = Accept, accepting the user Sending Access-Accept of id 1 to 10.166.42.30 port 1024 Finished request 0 Going to the next request The eap.conf file : # -*- text -*- # # Whatever you do, do NOT set 'Auth-Type := EAP'. The server # is smart enough to figure this out on its own. The most # common side effect of setting 'Auth-Type := EAP' is that the # users then cannot use ANY other authentication method. # # $Id: eap.conf,v 1.4.4.1 2006/01/04 14:29:29 nbk Exp $ # eap { # Invoke the default supported EAP type when # EAP-Identity response is received. # # The incoming EAP messages DO NOT specify which EAP # type they will be using, so it MUST be set here. # # For now, only one default EAP type may be used at a time. # # If the EAP-Type attribute is set by another module, # then that EAP type takes precedence over the # default type configured here. # # default_eap_type = md5 default_eap_type = tls # A list is maintained to correlate EAP-Response # packets with EAP-Request packets. After a # configurable length of time, entries in the list # expire, and are deleted. # timer_expire = 60 # There are many EAP types, but the server has support # for only a limited subset. If the server receives # a request for an EAP type it does not support, then # it normally rejects the request. By setting this # configuration to "yes", you can tell the server to # instead keep processing the request. Another module # MUST then be configured to proxy the request to # another RADIUS server which supports that EAP type. # # If another module is NOT configured to handle the # request, then the request will still end up being # rejected. ignore_unknown_eap_types = no # Cisco AP1230B firmware 12.2(13)JA1 has a bug. When given # a User-Name attribute in an Access-Accept, it copies one # more byte than it should. # # We can work around it by configurably adding an extra # zero byte. cisco_accounting_username_bug = no # Supported EAP-types # # We do NOT recommend using EAP-MD5 authentication # for wireless connections. It is insecure, and does # not provide for dynamic WEP keys. # md5 { } # Cisco LEAP # # We do not recommend using LEAP in new deployments. See: # http://www.securiteam.com/tools/5TP012ACKE.html # # Cisco LEAP uses the MS-CHAP algorithm (but not # the MS-CHAP attributes) to perform it's authentication. # # As a result, LEAP *requires* access to the plain-text # User-Password, or the NT-Password attributes. # 'System' authentication is impossible with LEAP. # leap { } # Generic Token Card. # # Currently, this is only permitted inside of EAP-TTLS, # or EAP-PEAP. The module "challenges" the user with # text, and the response from the user is taken to be # the User-Password. # # Proxying the tunneled EAP-GTC session is a bad idea, # the users password will go over the wire in plain-text, # for anyone to see. # gtc { # The default challenge, which many clients # ignore.. #challenge = "Password: " # The plain-text response which comes back # is put into a User-Password attribute, # and passed to another module for # authentication. This allows the EAP-GTC # response to be checked against plain-text, # or crypt'd passwords. # # If you say "Local" instead of "PAP", then # the module will look for a User-Password # configured for the request, and do the # authentication itself. # auth_type = PAP } ## EAP-TLS # # To generate ctest certificates, run the script # # ../scripts/certs.sh # # The documents on http://www.freeradius.org/doc # are old, but may be helpful. # # See also: # # http://www.dslreports.com/forum/remark,9286052~mode=flat # tls { private_key_password = novelis # private_key_file = ${raddbdir}/certs/cert-srv.pem private_key_file = /sslcert/CAkey.pem # If Private key & Certificate are located in # the same file, then private_key_file & # certificate_file must contain the same file # name. # certificate_file = ${raddbdir}/certs/cert-srv.pem certificate_file = /sslcert/sierrerad10.pem # Trusted Root CA list # CA_file = ${raddbdir}/certs/demoCA/cacert.pem CA_file = /sslcert/CAcrt.pem # CA_path = ${raddbdir}/certs/demoCA/cacert.pem dh_file = ${raddbdir}/certs/dh random_file = ${raddbdir}/certs/random # # This can never exceed the size of a RADIUS # packet (4096 bytes), and is preferably half # that, to accomodate other attributes in # RADIUS packet. On most APs the MAX packet # length is configured between 1500 - 1600 # In these cases, fragment size should be # 1024 or less. # fragment_size = 1024 # include_length is a flag which is # by default set to yes If set to # yes, Total Length of the message is # included in EVERY packet we send. # If set to no, Total Length of the # message is included ONLY in the # First packet of a fragment series. # include_length = yes # Check the Certificate Revocation List # # 1) Copy CA certificates and CRLs to same directory. # 2) Execute 'c_rehash <CA certs&CRLs Directory>'. # 'c_rehash' is OpenSSL's command. # 3) Add 'CA_path=<CA certs&CRLs directory>' # to radiusd.conf's tls section. # 4) uncomment the line below. # 5) Restart radiusd # check_crl = yes # # If check_cert_cn is set, the value will # be xlat'ed and checked against the CN # in the client certificate. If the values # do not match, the certificate verification # will fail rejecting the user. # # check_cert_cn = %{User-Name} } # # This takes no configuration. # # Note that it is the EAP MS-CHAPv2 sub-module, not # the main 'mschap' module. # # Note also that in order for this sub-module to work, # the main 'mschap' module MUST ALSO be configured. # # This module is the *Microsoft* implementation of MS-CHAPv2 # in EAP. There is another (incompatible) implementation # of MS-CHAPv2 in EAP by Cisco, which FreeRADIUS does not # currently support. # mschapv2 { } } NOVELIS Fabien Crettaz IT System and Infrastructure Novelis Automotive, Painted & Specialities Novelis Switzerland SA CH - 3960 Sierre, Switzerland phone: +41 (0)27 457 7164 fax: +41 (0)27 457 7105 e-mail: fabien.crettaz@novelis.com http://www.novelis.ch P Please consider the environment before printing this email.
I've got a problem with my eap-tls configuration : the server is accepting the device ( rad_check_password: Auth-Type = Accept, accepting the user), but it doesn't connect to the to access-point (HP Procurve).
You broke EAP trying to force Auth-Type Accept. Ivan Kalik Kalik Informatika ISP
Hello Thanks for you response, what should I set as Auth-Type, as 'Auth-Type := eap' is not recommended (cf. coment in eap.conf) ? Fabien NOVELIS Fabien Crettaz IT System and Infrastructure Novelis Automotive, Painted & Specialities Novelis Switzerland SA CH - 3960 Sierre, Switzerland phone: +41 (0)27 457 7164 fax: +41 (0)27 457 7105 e-mail: fabien.crettaz@novelis.com http://www.novelis.ch P Please consider the environment before printing this email. <tnt@kalik.net> Sent by: freeradius-users-bounces+fabien.crettaz=novelis.com@lists.freeradius.org 03.03.2009 15:40 Please respond to FreeRadius users mailing list <freeradius-users@lists.freeradius.org> To "FreeRadius users mailing list" <freeradius-users@lists.freeradius.org> cc Subject Re: eap-tls configuration not running...
I've got a problem with my eap-tls configuration : the server is accepting the device ( rad_check_password: Auth-Type = Accept, accepting the user), but it doesn't connect to the to access-point (HP Procurve).
You broke EAP trying to force Auth-Type Accept. Ivan Kalik Kalik Informatika ISP - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Hello My server is now accepting the eap authentication, but is sending after this accept an access challenge to the client. It seems that the client "ignores" the access challenge sent by the server !! Any idea ?? Fabien rad_recv: Access-Request packet from host 10.166.42.30:1024, id=3, length=159 User-Name = "sierre08015" NAS-IP-Address = 10.166.42.30 NAS-Port = 1 Called-Station-Id = "00-14-C2-BB-FF-70:test" Calling-Station-Id = "00-1F-3C-13-1A-1F" Framed-MTU = 1400 NAS-Port-Type = Wireless-802.11 Connect-Info = "CONNECT 0Mbps 802.11g" EAP-Message = 0x02070010017369657272653038303135 Message-Authenticator = 0x44d8e63aaf78d1dd710924a013bfe7ba Processing the authorize section of radiusd.conf modcall: entering group authorize for request 3 modcall[authorize]: module "preprocess" returns ok for request 3 rlm_eap: EAP packet type response id 7 length 16 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 3 users: Matched entry sierre08015 at line 97 modcall[authorize]: module "files" returns ok for request 3 modcall: leaving group authorize (returns updated) for request 3 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 3 rlm_eap: EAP Identity rlm_eap: processing type tls rlm_eap_tls: Requiring client certificate rlm_eap_tls: Initiate rlm_eap_tls: Start returned 1 modcall[authenticate]: module "eap" returns handled for request 3 modcall: leaving group authenticate (returns handled) for request 3 Sending Access-Challenge of id 3 to 10.166.42.30 port 1024 EAP-Message = 0x010800060d20 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x70d9ca888398794265f013f1ea86a3b8 Finished request 3 Going to the next request --- Walking the entire request list --- Waking up in 6 seconds... rad_recv: Access-Request packet from host 10.166.42.30:1024, id=4, length=241 User-Name = "sierre08015" NAS-IP-Address = 10.166.42.30 NAS-Port = 1 Called-Station-Id = "00-14-C2-BB-FF-70:test" Calling-Station-Id = "00-1F-3C-13-1A-1F" Framed-MTU = 1400 NAS-Port-Type = Wireless-802.11 Connect-Info = "CONNECT 0Mbps 802.11g" EAP-Message = 0x020800500d800000004616030100410100003d030149ae3f67c2530394de05ba7fb9c39413db6dd4d884994527880e0543a428dee400001600040005000a000900640062000300060013001200630100 State = 0x70d9ca888398794265f013f1ea86a3b8 Message-Authenticator = 0x56372f6bfce57e79360ae0c757da625b Processing the authorize section of radiusd.conf modcall: entering group authorize for request 4 modcall[authorize]: module "preprocess" returns ok for request 4 rlm_eap: EAP packet type response id 8 length 80 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 4 users: Matched entry sierre08015 at line 97 modcall[authorize]: module "files" returns ok for request 4 modcall: leaving group authorize (returns updated) for request 4 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 4 rlm_eap: Request found, released from the list rlm_eap: EAP/tls rlm_eap: processing type tls rlm_eap_tls: Authenticate rlm_eap_tls: processing TLS rlm_eap_tls: Length Included eaptls_verify returned 11 (other): before/accept initialization TLS_accept: before/accept initialization rlm_eap_tls: <<< TLS 1.0 Handshake [length 0041], ClientHello TLS_accept: SSLv3 read client hello A rlm_eap_tls: >>> TLS 1.0 Handshake [length 004a], ServerHello TLS_accept: SSLv3 write server hello A rlm_eap_tls: >>> TLS 1.0 Handshake [length 02ad], Certificate TLS_accept: SSLv3 write certificate A rlm_eap_tls: >>> TLS 1.0 Handshake [length 00a3], CertificateRequest TLS_accept: SSLv3 write certificate request A TLS_accept: SSLv3 flush data TLS_accept:error in SSLv3 read client certificate A In SSL Handshake Phase In SSL Accept mode eaptls_process returned 13 modcall[authenticate]: module "eap" returns handled for request 4 modcall: leaving group authenticate (returns handled) for request 4 Sending Access-Challenge of id 4 to 10.166.42.30 port 1024 EAP-Message = 0x010903b30d80000003a9160301004a02000046030149ae3f6712908d3b767909434474e04763782e4799f5ba8fa55677e4cc5ebb69201f975e44af3ffdd4256b3608b4501983469357e875c2d3df0e562e297d56618300040016030102ad0b0002a90002a60002a33082029f30820208020900d79b076a9c2a726f300d06092a864886f70d0101050500308193310b3009060355040613024348311430120603550408130b537769747a65726c616e64310f300d06035504071306536965727265311d301b060355040a13144e6f76656c697320506c616e7420536965727265311630140603550403130d526164697573205365727665723126302406 EAP-Message = 0x092a864886f70d01090116177369657272657261643130406e6f76656c69732e636f6d301e170d3039303131323139323733375a170d3039303231313139323733375a308193310b3009060355040613024348311430120603550408130b537769747a65726c616e64310f300d06035504071306536965727265311d301b060355040a13144e6f76656c697320506c616e7420536965727265311630140603550403130d526164697573205365727665723126302406092a864886f70d01090116177369657272657261643130406e6f76656c69732e636f6d30819f300d06092a864886f70d010101050003818d0030818902818100ec5d7c0b616c84 EAP-Message = 0x9cb4d290cf1ba7432d4581ef7602de5309e60866c877dd2772a62df72614f0988998a7c5feffd6c2454656c0376e3e0f9fd0586bed25ffa89e6f416b92b352fd6090d3b9cf3f0bcb182a2e68ca58848f7cca593c62726f96421e1726757ffc143bf16dd9b132909199d1292ba067160afff70e612f56bfcc550203010001300d06092a864886f70d0101050500038181008f10a3348b6a8192ab370370cf5bc572fe2228a782b7fa97828e798716d26508dfe471fa5352f4ea71a8e5eb12b71413733f07e0d6222a9dec199b76b4434aba154bb64d6e77cd3e5471003e2fceb03bfa6d69340a1b4802edc3959f0de8a52d1ae0cc88217a2db731513ad9 EAP-Message = 0xc8ad4170e9d80b47b6e9ae2a82cc577076dec8b316030100a30d00009b0301020500950093308190310b3009060355040613024348311430120603550408130b537769747a65726c616e64310f300d0603550407130653696572726531163014060355040a130d4e6f76656c697320506c616e74311730150603550403130e46616269656e204372657474617a3129302706092a864886f70d010901161a66616269656e2e6372657474617a406e6f76656c69732e636f6d0e000000 Message-Authenticator = 0x00000000000000000000000000000000 State = 0xcad27a06a3667c11a3c87b3e41faa858 Finished request 4 Going to the next request Waking up in 6 seconds... rad_recv: Access-Request packet from host 10.166.42.30:1024, id=5, length=167 User-Name = "sierre08015" NAS-IP-Address = 10.166.42.30 NAS-Port = 1 Called-Station-Id = "00-14-C2-BB-FF-70:test" Calling-Station-Id = "00-1F-3C-13-1A-1F" Framed-MTU = 1400 NAS-Port-Type = Wireless-802.11 Connect-Info = "CONNECT 0Mbps 802.11g" EAP-Message = 0x020900060d00 State = 0xcad27a06a3667c11a3c87b3e41faa858 Message-Authenticator = 0x57367206865668163c2155289735fb84 Processing the authorize section of radiusd.conf modcall: entering group authorize for request 5 modcall[authorize]: module "preprocess" returns ok for request 5 rlm_eap: EAP packet type response id 9 length 6 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 5 users: Matched entry sierre08015 at line 97 modcall[authorize]: module "files" returns ok for request 5 modcall: leaving group authorize (returns updated) for request 5 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 5 rlm_eap: Request found, released from the list rlm_eap: EAP/tls rlm_eap: processing type tls rlm_eap_tls: Authenticate rlm_eap_tls: processing TLS rlm_eap_tls: Received EAP-TLS ACK message rlm_eap_tls: ack handshake fragment handler eaptls_verify returned 1 eaptls_process returned 13 modcall[authenticate]: module "eap" returns handled for request 5 modcall: leaving group authenticate (returns handled) for request 5 Sending Access-Challenge of id 5 to 10.166.42.30 port 1024 EAP-Message = 0x010a000a0d8000000000 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x850de87f7a3c97df745f110aed8ce38e Finished request 5 Going to the next request Waking up in 6 seconds... NOVELIS Fabien Crettaz IT System and Infrastructure Novelis Automotive, Painted & Specialities Novelis Switzerland SA CH - 3960 Sierre, Switzerland phone: +41 (0)27 457 7164 fax: +41 (0)27 457 7105 e-mail: fabien.crettaz@novelis.com http://www.novelis.ch P Please consider the environment before printing this email. <tnt@kalik.net> Sent by: freeradius-users-bounces+fabien.crettaz=novelis.com@lists.freeradius.org 03.03.2009 16:50 Please respond to FreeRadius users mailing list <freeradius-users@lists.freeradius.org> To "FreeRadius users mailing list" <freeradius-users@lists.freeradius.org> cc Subject Re: eap-tls configuration not running...
Thanks for you response, what should I set as Auth-Type, as 'Auth-Type := eap' is not recommended (cf. coment in eap.conf) ?
You don't set anything. Server will set what it needs. It "just works". Ivan Kalik Kalik Informatika ISP - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
fabien.crettaz@novelis.com wrote:
My server is now accepting the eap authentication, but is sending after this accept an access challenge to the client. It seems that the client "ignores" the access challenge sent by the server !! Any idea ??
Have you tried reading the FAQ? Alan DeKok.
The same thing happens to me. I have peapv0 and ttls working but eap-tls refuses to work with XP. tnt@kalik.net on the list was very helpful in finding that XP was ignoring the challenge because it could not find an acceptable client cert even though one was present with the correct OID's. We never came to a resolution though as I most likely got busy. I was signing the client cert with the CA etc... I even sent my CA and cert to tnt and nothing was wrong. Good luck, and let me know if you have success. -Josh Alan DeKok wrote:
fabien.crettaz@novelis.com wrote:
My server is now accepting the eap authentication, but is sending after this accept an access challenge to the client. It seems that the client "ignores" the access challenge sent by the server !! Any idea ??
Have you tried reading the FAQ?
Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
participants (4)
-
Alan DeKok -
fabien.crettaz@novelis.com -
Josh Hiner -
tnt@kalik.net