ntlm_auth and clear-text passwords

Michael Griego mgriego at utdallas.edu
Mon Jul 3 18:29:51 CEST 2006


Something is different between your test ntlm_auth and the ntlm_auth  
you're running under FreeRADIUS.  Your test may return OK, but under  
FreeRADIUS, its returning NO SUCH USER.

In any case, since you're doing cleartext authentication in this  
case, you could use LDAP authentication against the AD domain and  
avoid having to spawn an external program.

--Mike


On Jul 3, 2006, at 3:38 AM, robiwan at arcor.de wrote:

> Dear all,
>
> For AAA-Authenticating on a Cisco Catalyst Switch 3750, i try to  
> use use the ntlm_auth to authenticate users against our Active  
> Directory (domain-name: SOUTH). Users telnet the switch, therefore  
> a clear-text password will be sent.
>
> according to an earlier posting http://lists.freeradius.org/mailman/ 
> htdig/freeradius-users/2005-July/045377.html
>
> i did this:
>
>> What you need to do is to configure a *different* ntlm_auth, only
>> for clear-text passwords.  The simplest way to do this is to use the
>> "exec" module:
>>
>> modules {
>> 	...
>> 	exec win_domain {
>> 	     wait = yes
>> 	     input_pairs = request
>> 	     output_pairs = reply
>> 	     program = "ntlm_auth --username=\"%{User-Name}\" --password= 
>> \"%{User-Password}\" --domain=usmisgne"
>> 	}
>> 	...
>> }
>>
>>  Now list "win_domain" in the "authenticate" section, and add the
>> following entry to the "users" file:
>>
>> DEFAULT	  Auth-Type = win_domain
>>
>
> But the authentication still fails.
>
> My ntlm_auth shell-command works:
>
> ~# /usr/bin/ntlm_auth --username="john.smith" -- 
> password='smith1000' --domain=SOUTH
> NT_STATUS_OK: Success (0x0)
>
> ....but authentication via freeradius fails.
>
> Here are my config files and the complete freeradius -X output:
>
> my radiusd.conf file:
> -----------------------------
> prefix = /usr
> exec_prefix = /usr
> sysconfdir = /etc
> localstatedir = /var
> sbindir = ${exec_prefix}/sbin
> logdir = /var/log/freeradius
> raddbdir = /etc/freeradius
> radacctdir = ${logdir}/radacct
> confdir = ${raddbdir}
> run_dir = ${localstatedir}/run/freeradius
> log_file = ${logdir}/radius.log
> libdir = /usr/lib/freeradius
> pidfile = ${run_dir}/freeradius.pid
> max_request_time = 30
> delete_blocked_requests = no
> cleanup_delay = 5
> max_requests = 1024
> bind_address = *
> port = 0
> hostname_lookups = no
> allow_core_dumps = no
> regular_expressions     = yes
> extended_expressions    = yes
> log_stripped_names = yes
> log_auth = yes
> log_auth_badpass = yes
> log_auth_goodpass = yes
> usercollide = no
> lower_user = no
> lower_pass = no
> nospace_user = no
> nospace_pass = no
> checkrad = ${sbindir}/checkrad
> security {
>         max_attributes = 200
>         reject_delay = 1
>         status_server = no
> }
> proxy_requests  = yes
> $INCLUDE  ${confdir}/proxy.conf
> $INCLUDE  ${confdir}/clients.conf
> snmp    = no
> $INCLUDE  ${confdir}/snmp.conf
> thread pool {
>         start_servers = 5
>         max_servers = 32
>         min_spare_servers = 3
>         max_spare_servers = 10
>         max_requests_per_server = 0
> }
> modules {
>         pap {
>                 encryption_scheme = crypt
>         }
>         chap {
>                 authtype = CHAP
>         }
>         pam {
>                 pam_auth = radiusd
>         }
>         unix {
>                 cache = no
>                 cache_reload = 600
>                 shadow = /etc/shadow
>                 radwtmp = ${logdir}/radwtmp
>         }
> $INCLUDE ${confdir}/eap.conf
>         mschap {
>                 authtype = MS-CHAP
>                 use_mppe = no
>                 require_encryption = yes
>                 require_strong = yes
>                 with_ntdomain_hack = yes
>                 ntlm_auth = "/usr/bin/ntlm_auth --request-nt-key -- 
> domain=%{mschap:NT-Domain} --username=%{mschap:User-Name} -- 
> challenge=%{mschap:Challenge} --nt-response=%{mschap:NT-Response}"
>         }
>         ldap {
>                 server = "10.187.64.3"
>                 identity = "CN=Hans  
> Dampf,CN=Computers,DC=winlab,DC=rsnhm,DC=t-com,DC=de"
>                 password = Gerti1000
>                 basedn = "DC=winlab,DC=rsnhm,DC=t-com,DC=de"
>                 filter = "sAMAccountname=%{User-Name}"
>                 start_tls = no
>                 dictionary_mapping = ${raddbdir}/ldap.attrmap
>                 ldap_connections_number = 5
>                 edir_account_policy_check=no
>                 timeout = 4
>                 timelimit = 3
>                 net_timeout = 1
>         }
>         realm IPASS {
>                 format = prefix
>                 delimiter = "/"
>                 ignore_default = no
>                 ignore_null = no
>         }
>         realm suffix {
>                 format = suffix
>                 delimiter = "@"
>                 ignore_default = no
>                 ignore_null = no
>         }
>         realm realmpercent {
>                 format = suffix
>                 delimiter = "%"
>                 ignore_default = no
>                 ignore_null = no
>         }
>         realm ntdomain {
>                 format = prefix
>                 delimiter = "\\"
>                 ignore_default = no
>                 ignore_null = no
>         }
>         checkval {
>                 item-name = Calling-Station-Id
>                 check-name = Calling-Station-Id
>                 data-type = string
>         }
>         preprocess {
>                 huntgroups = ${confdir}/huntgroups
>                 hints = ${confdir}/hints
>                 with_ascend_hack = no
>                 ascend_channels_per_line = 23
>                 with_ntdomain_hack = no
>                 with_specialix_jetstream_hack = no
>                 with_cisco_vsa_hack = no
>         }
>         files {
>                 usersfile = ${confdir}/users
>                 acctusersfile = ${confdir}/acct_users
>                 preproxy_usersfile = ${confdir}/preproxy_users
>                 compat = no
>         }
>         detail {
>                 detailfile = ${radacctdir}/%{Client-IP-Address}/ 
> detail-%Y%m%d
>                 detailperm = 0600
>         }
>          detail auth_log {
>                  detailfile = ${radacctdir}/%{Client-IP-Address}/ 
> auth-detail-%Y%m%d
>                  detailperm = 0600
>          }
>         acct_unique {
>                 key = "User-Name, Acct-Session-Id, NAS-IP-Address,  
> Client-IP-Address, NAS-Port"
>         }
>         $INCLUDE  ${confdir}/sql.conf
>         radutmp {
>                 filename = ${logdir}/radutmp
>                 username = %{User-Name}
>                 case_sensitive = yes
>                 check_with_nas = yes
>                 perm = 0600
>                 callerid = "yes"
>         }
>         radutmp sradutmp {
>                 filename = ${logdir}/sradutmp
>                 perm = 0644
>                 callerid = "no"
>         }
>         attr_filter {
>                 attrsfile = ${confdir}/attrs
>         }
>         counter daily {
>                 filename = ${raddbdir}/db.daily
>                 key = User-Name
>                 count-attribute = Acct-Session-Time
>                 reset = daily
>                 counter-name = Daily-Session-Time
>                 check-name = Max-Daily-Session
>                 allowed-servicetype = Framed-User
>                 cache-size = 5000
>         }
>         sqlcounter dailycounter {
>                 counter-name = Daily-Session-Time
>                 check-name = Max-Daily-Session
>                 sqlmod-inst = sql
>                 key = User-Name
>                 reset = daily
>                 query = "SELECT SUM(AcctSessionTime - \
>                  GREATEST((%b - UNIX_TIMESTAMP(AcctStartTime)), 0)) \
>                  FROM radacct WHERE UserName='%{%k}' AND \
>                  UNIX_TIMESTAMP(AcctStartTime) + AcctSessionTime >  
> '%b'"
>         }
>         sqlcounter monthlycounter {
>                 counter-name = Monthly-Session-Time
>                 check-name = Max-Monthly-Session
>                 sqlmod-inst = sql
>                 key = User-Name
>                 reset = monthly
>                 query = "SELECT SUM(AcctSessionTime - \
>                  GREATEST((%b - UNIX_TIMESTAMP(AcctStartTime)), 0)) \
>                  FROM radacct WHERE UserName='%{%k}' AND \
>                  UNIX_TIMESTAMP(AcctStartTime) + AcctSessionTime >  
> '%b'"
>         }
>         always fail {
>                 rcode = fail
>         }
>         always reject {
>                 rcode = reject
>         }
>         always ok {
>                 rcode = ok
>                 simulcount = 0
>                 mpp = no
>         }
>         expr {
>         }
>         digest {
>         }
>         exec {
>                 wait = yes
>                 input_pairs = request
>         }
>         exec echo {
>                 wait = yes
>                 program = "/bin/echo %{User-Name}"
>                 input_pairs = request
>                 output_pairs = reply
>         }
>         exec win_domain {
>           wait = yes
>           input_pairs = request
>           output_pairs = reply
>           program = "/usr/bin/ntlm_auth --username=\"%{User-Name}\"  
> --password=\'%{User-Password}\' --domain=SOUTH"
>         }
>         ippool main_pool {
>                 range-start = 192.168.1.1
>                 range-stop = 192.168.3.254
>                 netmask = 255.255.255.0
>                 cache-size = 800
>                 session-db = ${raddbdir}/db.ippool
>                 ip-index = ${raddbdir}/db.ipindex
>                 override = no
>                 maximum-timeout = 0
>         }
> }
> instantiate {
>         exec
>         expr
> }
> authorize {
>         preprocess
>         chap
>         mschap
>         suffix
>         eap
>         files
>         ldap
> }
> authenticate {
>         Auth-Type PAP {
>                 pap
>         }
>         Auth-Type CHAP {
>                 chap
>         }
>         Auth-Type MS-CHAP {
>                 mschap
>         }
>         unix
>         Auth-Type LDAP {
>                 ldap
>         }
>         eap
>         Auth-Type win_domain{
>           win_domain
>         }
> }
> preacct {
>         preprocess
>         acct_unique
>         suffix
>         files
> }
> accounting {
>         detail
>         unix
>         radutmp
> }
> session {
>         radutmp
> }
> post-auth {
> }
> pre-proxy {
> }
> post-proxy {
>         eap
> }
>
> here is my users file
> ----------------------------
>
> hugo       User-Password == "hugo01"
>                 Service-Type = Login,
>                 Cisco-AVPair = "shell:priv-lvl=1"
>
> DEFAULT   Auth-Type = win_domain
>
> freeradius -X
> ---------------------
> freeradius -X
> Starting - reading configuration files ...
> reread_config:  reading radiusd.conf
> Config:   including file: /etc/freeradius/proxy.conf
> Config:   including file: /etc/freeradius/clients.conf
> Config:   including file: /etc/freeradius/snmp.conf
> Config:   including file: /etc/freeradius/eap.conf
> Config:   including file: /etc/freeradius/sql.conf
>  main: prefix = "/usr"
>  main: localstatedir = "/var"
>  main: logdir = "/var/log/freeradius"
>  main: libdir = "/usr/lib/freeradius"
>  main: radacctdir = "/var/log/freeradius/radacct"
>  main: hostname_lookups = no
>  main: snmp = no
>  main: max_request_time = 30
>  main: cleanup_delay = 5
>  main: max_requests = 1024
>  main: delete_blocked_requests = 0
>  main: port = 0
>  main: allow_core_dumps = no
>  main: log_stripped_names = yes
>  main: log_file = "/var/log/freeradius/radius.log"
>  main: log_auth = yes
>  main: log_auth_badpass = yes
>  main: log_auth_goodpass = yes
>  main: pidfile = "/var/run/freeradius/freeradius.pid"
>  main: user = "(null)"
>  main: group = "(null)"
>  main: usercollide = no
>  main: lower_user = "no"
>  main: lower_pass = "no"
>  main: nospace_user = "no"
>  main: nospace_pass = "no"
>  main: checkrad = "/usr/sbin/checkrad"
>  main: proxy_requests = yes
>  proxy: retry_delay = 5
>  proxy: retry_count = 3
>  proxy: synchronous = no
>  proxy: default_fallback = yes
>  proxy: dead_time = 120
>  proxy: post_proxy_authorize = no
>  proxy: wake_all_if_all_dead = no
>  security: max_attributes = 200
>  security: reject_delay = 1
>  security: status_server = no
>  main: debug_level = 0
> read_config_files:  reading dictionary
> read_config_files:  reading naslist
> Using deprecated naslist file.  Support for this will go away soon.
> read_config_files:  reading clients
> read_config_files:  reading realms
> radiusd:  entering modules setup
> Module: Library search path is /usr/lib/freeradius
> Module: Loaded exec
>  exec: wait = yes
>  exec: program = "(null)"
>  exec: input_pairs = "request"
>  exec: output_pairs = "(null)"
>  exec: packet_type = "(null)"
> rlm_exec: Wait=yes but no output defined. Did you mean output=none?
> Module: Instantiated exec (exec)
> Module: Loaded expr
> Module: Instantiated expr (expr)
> Module: Loaded PAP
>  pap: encryption_scheme = "crypt"
> Module: Instantiated pap (pap)
> Module: Loaded CHAP
> Module: Instantiated chap (chap)
> Module: Loaded MS-CHAP
>  mschap: use_mppe = no
>  mschap: require_encryption = yes
>  mschap: require_strong = yes
>  mschap: with_ntdomain_hack = yes
>  mschap: passwd = "(null)"
>  mschap: authtype = "MS-CHAP"
>  mschap: ntlm_auth = "/usr/bin/ntlm_auth --request-nt-key --domain=% 
> {mschap:NT-Domain} --username=%{mschap:User-Name} --challenge=% 
> {mschap:Challenge} --nt-response=%{mschap:NT-Response}"
> Module: Instantiated mschap (mschap)
> Module: Loaded System
>  unix: cache = no
>  unix: passwd = "(null)"
>  unix: shadow = "/etc/shadow"
>  unix: group = "(null)"
>  unix: radwtmp = "/var/log/freeradius/radwtmp"
>  unix: usegroup = no
>  unix: cache_reload = 600
> Module: Instantiated unix (unix)
> Module: Loaded LDAP
>  ldap: server = "10.187.64.3"
>  ldap: port = 389
>  ldap: net_timeout = 1
>  ldap: timeout = 4
>  ldap: timelimit = 3
>  ldap: identity = "CN=Hans  
> Dampf,CN=Computers,DC=winlab,DC=rsnhm,DC=t-com,DC=de"
>  ldap: tls_mode = no
>  ldap: start_tls = no
>  ldap: tls_cacertfile = "(null)"
>  ldap: tls_cacertdir = "(null)"
>  ldap: tls_certfile = "(null)"
>  ldap: tls_keyfile = "(null)"
>  ldap: tls_randfile = "(null)"
>  ldap: tls_require_cert = "allow"
>  ldap: password = "Gerti1000"
>  ldap: basedn = "DC=winlab,DC=rsnhm,DC=t-com,DC=de"
>  ldap: filter = "sAMAccountname=%{User-Name}"
>  ldap: base_filter = "(objectclass=radiusprofile)"
>  ldap: default_profile = "(null)"
>  ldap: profile_attribute = "(null)"
>  ldap: password_header = "(null)"
>  ldap: password_attribute = "(null)"
>  ldap: access_attr = "(null)"
>  ldap: groupname_attribute = "cn"
>  ldap: groupmembership_filter = "(|(&(objectClass=GroupOfNames) 
> (member=%{Ldap-UserDn}))(&(objectClass=GroupOfUniqueNames) 
> (uniquemember=%{Ldap-UserDn})))"
>  ldap: groupmembership_attribute = "(null)"
>  ldap: dictionary_mapping = "/etc/freeradius/ldap.attrmap"
>  ldap: ldap_debug = 0
>  ldap: ldap_connections_number = 5
>  ldap: compare_check_items = no
>  ldap: access_attr_used_for_allow = yes
>  ldap: do_xlat = yes
>  ldap: edir_account_policy_check = no
>  ldap: set_auth_type = yes
> rlm_ldap: Registering ldap_groupcmp for Ldap-Group
> rlm_ldap: Registering ldap_xlat with xlat_name ldap
> rlm_ldap: reading ldap<->radius mappings from file /etc/freeradius/ 
> ldap.attrmap
> rlm_ldap: LDAP uid mapped to RADIUS $GENERIC$
> conns: 0x81215a8
> Module: Instantiated ldap (ldap)
> Module: Loaded eap
>  eap: default_eap_type = "peap"
>  eap: timer_expire = 60
>  eap: ignore_unknown_eap_types = no
>  eap: cisco_accounting_username_bug = no
> rlm_eap: Loaded and initialized type md5
> rlm_eap: Loaded and initialized type leap
>  gtc: challenge = "Password: "
>  gtc: auth_type = "PAP"
> rlm_eap: Loaded and initialized type gtc
>  tls: rsa_key_exchange = no
>  tls: dh_key_exchange = yes
>  tls: rsa_key_length = 512
>  tls: dh_key_length = 512
>  tls: verify_depth = 0
>  tls: CA_path = "(null)"
>  tls: pem_file_type = yes
>  tls: private_key_file = "/etc/freeradius/certs/cert-srv.pem"
>  tls: certificate_file = "/etc/freeradius/certs/cert-srv.pem"
>  tls: CA_file = "/etc/freeradius/certs/demoCA/cacert.pem"
>  tls: private_key_password = "whatever"
>  tls: dh_file = "/etc/freeradius/certs/dh"
>  tls: random_file = "/etc/freeradius/certs/random"
>  tls: fragment_size = 1024
>  tls: include_length = yes
>  tls: check_crl = no
>  tls: check_cert_cn = "(null)"
> rlm_eap_tls: Loading the certificate file as a chain
> rlm_eap: Loaded and initialized type tls
>  peap: default_eap_type = "mschapv2"
>  peap: copy_request_to_tunnel = yes
>  peap: use_tunneled_reply = yes
>  peap: proxy_tunneled_request_as_eap = yes
> rlm_eap: Loaded and initialized type peap
>  mschapv2: with_ntdomain_hack = no
> rlm_eap: Loaded and initialized type mschapv2
> Module: Instantiated eap (eap)
>  exec: wait = yes
>  exec: program = "/usr/bin/ntlm_auth --username="%{User-Name}" -- 
> password='%{User-Password}' --domain=SOUTH"
>  exec: input_pairs = "request"
>  exec: output_pairs = "reply"
>  exec: packet_type = "(null)"
> Module: Instantiated exec (win_domain)
> Module: Loaded preprocess
>  preprocess: huntgroups = "/etc/freeradius/huntgroups"
>  preprocess: hints = "/etc/freeradius/hints"
>  preprocess: with_ascend_hack = no
>  preprocess: ascend_channels_per_line = 23
>  preprocess: with_ntdomain_hack = no
>  preprocess: with_specialix_jetstream_hack = no
>  preprocess: with_cisco_vsa_hack = no
> Module: Instantiated preprocess (preprocess)
> Module: Loaded realm
>  realm: format = "suffix"
>  realm: delimiter = "@"
>  realm: ignore_default = no
>  realm: ignore_null = no
> Module: Instantiated realm (suffix)
> Module: Loaded files
>  files: usersfile = "/etc/freeradius/users"
>  files: acctusersfile = "/etc/freeradius/acct_users"
>  files: preproxy_usersfile = "/etc/freeradius/preproxy_users"
>  files: compat = "no"
> Module: Instantiated files (files)
> Module: Loaded Acct-Unique-Session-Id
>  acct_unique: key = "User-Name, Acct-Session-Id, NAS-IP-Address,  
> Client-IP-Address, NAS-Port"
> Module: Instantiated acct_unique (acct_unique)
> Module: Loaded detail
>  detail: detailfile = "/var/log/freeradius/radacct/%{Client-IP- 
> Address}/detail-%Y%m%d"
>  detail: detailperm = 384
>  detail: dirperm = 493
>  detail: locking = no
> Module: Instantiated detail (detail)
> Module: Loaded radutmp
>  radutmp: filename = "/var/log/freeradius/radutmp"
>  radutmp: username = "%{User-Name}"
>  radutmp: case_sensitive = yes
>  radutmp: check_with_nas = yes
>  radutmp: perm = 384
>  radutmp: callerid = yes
> Module: Instantiated radutmp (radutmp)
> Listening on authentication *:1812
> Listening on accounting *:1813
> Ready to process requests.
> rad_recv: Access-Request packet from host 127.0.0.1:35261, id=176,  
> length=64
>         User-Name = "john.smith"
>         User-Password = "smith1000"
>         NAS-IP-Address = 255.255.255.255
>         NAS-Port = 1645
>   Processing the authorize section of radiusd.conf
> modcall: entering group authorize for request 0
>   modcall[authorize]: module "preprocess" returns ok for request 0
>   modcall[authorize]: module "chap" returns noop for request 0
>   modcall[authorize]: module "mschap" returns noop for request 0
>     rlm_realm: No '@' in User-Name = "john.smith", looking up realm  
> NULL
>     rlm_realm: No such realm "NULL"
>   modcall[authorize]: module "suffix" returns noop for request 0
>   rlm_eap: No EAP-Message, not doing EAP
>   modcall[authorize]: module "eap" returns noop for request 0
>     users: Matched entry DEFAULT at line 99
>   modcall[authorize]: module "files" returns ok for request 0
> rlm_ldap: - authorize
> rlm_ldap: performing user authorization for john.smith
> radius_xlat:  'sAMAccountname=john.smith'
> radius_xlat:  'DC=winlab,DC=rsnhm,DC=t-com,DC=de'
> rlm_ldap: ldap_get_conn: Checking Id: 0
> rlm_ldap: ldap_get_conn: Got Id: 0
> rlm_ldap: attempting LDAP reconnection
> rlm_ldap: (re)connect to 10.187.64.3:389, authentication 0
> rlm_ldap: bind as CN=Hans  
> Dampf,CN=Computers,DC=winlab,DC=rsnhm,DC=t-com,DC=de/Gerti1000 to  
> 10.187.64.3:389
> rlm_ldap: waiting for bind result ...
> rlm_ldap: Bind was successful
> rlm_ldap: performing search in DC=winlab,DC=rsnhm,DC=t-com,DC=de,  
> with filter sAMAccountname=john.smith
> rlm_ldap: looking for check items in directory...
> rlm_ldap: looking for reply items in directory...
> rlm_ldap: user john.smith authorized to use remote access
> rlm_ldap: ldap_release_conn: Release Id: 0
>   modcall[authorize]: module "ldap" returns ok for request 0
> modcall: leaving group authorize (returns ok) for request 0
>   rad_check_password:  Found Auth-Type win_domain
> auth: type "win_domain"
>   Processing the authenticate section of radiusd.conf
> modcall: entering group win_domain for request 0
> radius_xlat:  '/usr/bin/ntlm_auth --username="john.smith" -- 
> password='smith1000' --domain=SOUTH'
> Exec-Program: /usr/bin/ntlm_auth --username="john.smith" -- 
> password='smith1000' --domain=SOUTH
> Exec-Program output: NT_STATUS_NO_SUCH_USER: No such user (0xc0000064)
> Exec-Program-Wait: plaintext: NT_STATUS_NO_SUCH_USER: No such user  
> (0xc0000064)
> Exec-Program: returned: 1
> rlm_exec (win_domain): External script failed
>   modcall[authenticate]: module "win_domain" returns fail for  
> request 0
> modcall: leaving group win_domain (returns fail) for request 0
> auth: Failed to validate the user.
> Login incorrect: [john.smith/smith1000] (from client localhost port  
> 1645)
> Delaying request 0 for 1 seconds
> Finished request 0
> Going to the next request
> --- Walking the entire request list ---
> Waking up in 1 seconds...
> --- Walking the entire request list ---
> Waking up in 1 seconds...
> --- Walking the entire request list ---
> Sending Access-Reject of id 176 to 127.0.0.1 port 35261
> Waking up in 4 seconds...
> --- Walking the entire request list ---
> Cleaning up request 0 ID 176 with timestamp 44a4e1a4
> Nothing to do.  Sleeping until we see a request.
>
> Viel oder wenig? Schnell oder langsam? Unbegrenzt surfen +  
> telefonieren
> ohne Zeit- und Volumenbegrenzung? DAS TOP ANGEBOT JETZT bei Arcor:  
> günstig
> und schnell mit DSL - das All-Inclusive-Paket für clevere Doppel- 
> Sparer,
> nur  44,85 €  inkl. DSL- und ISDN-Grundgebühr!
> http://www.arcor.de/rd/emf-dsl-2
>
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/ 
> users.html

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 6184 bytes
Desc: not available
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20060703/22ce224f/attachment.bin>


More information about the Freeradius-Users mailing list