Author Topic: HowTo: add radius module with mschap support to zentyal 4.0, 4.2, 5.0, 5.1  (Read 22969 times)

julio

  • Guest
Re: HowTo: add radius module with mschap support to zentyal 4.0, 4.1, 4.2
« Reply #15 on: November 13, 2015, 06:07:22 pm »
Hi Dersch,

open the "/var/lib/dpkg/info/freeradius-ldap.postinst" file and modify the line:
invoke-rc.d freeradius force-reload to /etc/init.d/freeradius force-reload

After the modification run: sudo apt-get install -f
« Last Edit: November 13, 2015, 06:11:58 pm by julio »

Dersch

  • Zen Monk
  • **
  • Posts: 87
  • Karma: +1/-0
    • View Profile
Re: HowTo: add radius module with mschap support to zentyal 4.0, 4.1, 4.2
« Reply #16 on: November 13, 2015, 10:59:30 pm »
Hey julio, thanks for your help. Now i could install and configure it. But it is still not working, the module is stopped. If i reload the module i get the message "successful reloaded" but it is still stopped.

Here is what happend after your hint:

Code: [Select]
dirk@superserver:~$ sudo nano /var/lib/dpkg/info/freeradius-ldap.postinst
dirk@superserver:~$ sudo apt-get install -f
Paketlisten werden gelesen... Fertig
Abhängigkeitsbaum wird aufgebaut.
Statusinformationen werden eingelesen.... Fertig
0 aktualisiert, 0 neu installiert, 0 zu entfernen und 0 nicht aktualisiert.
2 nicht vollständig installiert oder entfernt.
Nach dieser Operation werden 0 B Plattenplatz zusätzlich benutzt.
freeradius-ldap (2.1.12+dfsg-1.2ubuntu8.1) wird eingerichtet ...
 * Reloading FreeRADIUS daemon freeradius                                                                       
* /var/run/freeradius/freeradius.pid not found...                                                       [ OK ]
zentyal-radius (4.2) wird eingerichtet ...
Trigger für zentyal-core (4.2.1) werden verarbeitet ...
 * Restarting Zentyal module: webadmin                                   [ OK ]
 * Restarting Zentyal module: logs                                       [ OK ]

Freeradius is running:
Code: [Select]
sudo service freeradius start                                                     
freeradius start/running, process 5237

But stopped immeditaley
Code: [Select]
sudo service freeradius status
freeradius stop/waiting

And i activated the module, of course.

I also started the install process again but it had no effect.

The freeradius log at /var/log/freeradius is full of errors:

Code: [Select]
Fri Nov 13 23:07:19 2015 : Error: Failed to load virtual server <default>
Fri Nov 13 23:07:19 2015 : Error: rlm_eap: SSL error error:0200100D:system library:fopen:Permission denied
Fri Nov 13 23:07:19 2015 : Error: rlm_eap_tls: Error reading certificate file /etc/freeradius/certs/freeradius.pem
Fri Nov 13 23:07:19 2015 : Error: rlm_eap: Failed to initialize type tls
Fri Nov 13 23:07:19 2015 : Error: /etc/freeradius/eap.conf[17]: Instantiation failed for module "eap"
Fri Nov 13 23:07:19 2015 : Error: /etc/freeradius/sites-enabled/default[287]: Failed to load module "eap".
Fri Nov 13 23:07:19 2015 : Error: /etc/freeradius/sites-enabled/default[234]: Errors parsing authenticate section.
Fri Nov 13 23:07:19 2015 : Error: Failed to load virtual server <default>
Fri Nov 13 23:07:19 2015 : Error: rlm_eap: SSL error error:0200100D:system library:fopen:Permission denied
Fri Nov 13 23:07:19 2015 : Error: rlm_eap_tls: Error reading certificate file /etc/freeradius/certs/freeradius.pem
Fri Nov 13 23:07:19 2015 : Error: rlm_eap: Failed to initialize type tls
Fri Nov 13 23:07:19 2015 : Error: /etc/freeradius/eap.conf[17]: Instantiation failed for module "eap"
Fri Nov 13 23:07:19 2015 : Error: /etc/freeradius/sites-enabled/default[287]: Failed to load module "eap".
Fri Nov 13 23:07:19 2015 : Error: /etc/freeradius/sites-enabled/default[234]: Errors parsing authenticate section.
Fri Nov 13 23:07:19 2015 : Error: Failed to load virtual server <default>
Fri Nov 13 23:07:19 2015 : Error: rlm_eap: SSL error error:0200100D:system library:fopen:Permission denied
Fri Nov 13 23:07:19 2015 : Error: rlm_eap_tls: Error reading certificate file /etc/freeradius/certs/freeradius.pem
Fri Nov 13 23:07:19 2015 : Error: rlm_eap: Failed to initialize type tls
Fri Nov 13 23:07:19 2015 : Error: /etc/freeradius/eap.conf[17]: Instantiation failed for module "eap"
Fri Nov 13 23:07:19 2015 : Error: /etc/freeradius/sites-enabled/default[287]: Failed to load module "eap".
Fri Nov 13 23:07:19 2015 : Error: /etc/freeradius/sites-enabled/default[234]: Errors parsing authenticate section.
Fri Nov 13 23:07:19 2015 : Error: Failed to load virtual server <default>
Fri Nov 13 23:07:19 2015 : Error: rlm_eap: SSL error error:0200100D:system library:fopen:Permission denied
Fri Nov 13 23:07:19 2015 : Error: rlm_eap_tls: Error reading certificate file /etc/freeradius/certs/freeradius.pem
Fri Nov 13 23:07:19 2015 : Error: rlm_eap: Failed to initialize type tls
Fri Nov 13 23:07:19 2015 : Error: /etc/freeradius/eap.conf[17]: Instantiation failed for module "eap"
Fri Nov 13 23:07:19 2015 : Error: /etc/freeradius/sites-enabled/default[287]: Failed to load module "eap".
Fri Nov 13 23:07:19 2015 : Error: /etc/freeradius/sites-enabled/default[234]: Errors parsing authenticate section.
Fri Nov 13 23:07:19 2015 : Error: Failed to load virtual server <default>
Fri Nov 13 23:07:19 2015 : Error: rlm_eap: SSL error error:0200100D:system library:fopen:Permission denied
Fri Nov 13 23:07:19 2015 : Error: rlm_eap_tls: Error reading certificate file /etc/freeradius/certs/freeradius.pem
Fri Nov 13 23:07:19 2015 : Error: rlm_eap: Failed to initialize type tls
Fri Nov 13 23:07:19 2015 : Error: /etc/freeradius/eap.conf[17]: Instantiation failed for module "eap"
Fri Nov 13 23:07:19 2015 : Error: /etc/freeradius/sites-enabled/default[287]: Failed to load module "eap".
Fri Nov 13 23:07:19 2015 : Error: /etc/freeradius/sites-enabled/default[234]: Errors parsing authenticate section.
Fri Nov 13 23:07:19 2015 : Error: Failed to load virtual server <default>
« Last Edit: November 13, 2015, 11:11:36 pm by Dersch »

Dersch

  • Zen Monk
  • **
  • Posts: 87
  • Karma: +1/-0
    • View Profile
Re: HowTo: add radius module with mschap support to zentyal 4.0, 4.1, 4.2
« Reply #17 on: November 14, 2015, 12:32:46 am »
No i could fix the issue with the certificate. At CA Authority i checked RADIUS once and saved. The error stopped.

Then i got another error in the Log File:
Code: [Select]
Sat Nov 14 00:16:59 2015 : Error: Errors reading /etc/freeradius/users
Sat Nov 14 00:16:59 2015 : Error: /etc/freeradius/modules/files[7]: Instantiation failed for module "files"
Sat Nov 14 00:16:59 2015 : Error: /etc/freeradius/sites-enabled/default[152]: Failed to load module "files".
Sat Nov 14 00:16:59 2015 : Error: /etc/freeradius/sites-enabled/default[62]: Errors parsing authorize section.
Sat Nov 14 00:16:59 2015 : Error: Failed to load virtual server <default>
Sat Nov 14 00:16:59 2015 : Error: /etc/freeradius/users[3]: Parse error (check) for entry DEFAULT: Expected end of line or comma

I changed in Zentyal the group allowed to authenticate once and saved to write the file new. Then freeradius could start:

Code: [Select]
Sat Nov 14 00:20:31 2015 : Info: Loaded virtual server <default>
Sat Nov 14 00:20:31 2015 : Info: Loaded virtual server inner-tunnel
Sat Nov 14 00:20:31 2015 : Info:  ... adding new socket proxy address * port 40920
Sat Nov 14 00:20:31 2015 : Info: Ready to process requests.

But it is still impossible to login:
Code: [Select]
Sat Nov 14 00:21:44 2015 : Error:   [ldap] ldap_search() failed: Operations error
Sat Nov 14 00:21:44 2015 : Auth: Invalid user: [Administrator] (from client 192.168.10.40/32 port 0 cli E8-50-8B-83-95-42)

Also Zentyal Webinterface does not recognize the running service.

Manual start is also impossible:
Code: [Select]
service zentyal radius restart
 * Restarting Zentyal module: radius                                     [fail]

It is very strange right now. With 4.1 everything worked so well without any issue.  Please help me to fix that. There must be some error within the installation tipps.

best regards
Dirk

julio

  • Guest
Re: HowTo: add radius module with mschap support to zentyal 4.0, 4.1, 4.2
« Reply #18 on: November 14, 2015, 02:44:59 am »
my opinion completely remove/reinstall much easier:
Code: [Select]
sudo apt-get purge --auto-remove zentyal-radius freeradius

cd ~/Downloads
sudo dpkg -i zentyal-radius_4.2_all.deb
sudo apt-get install -f -y

Dersch

  • Zen Monk
  • **
  • Posts: 87
  • Karma: +1/-0
    • View Profile
Re: HowTo: add radius module with mschap support to zentyal 4.0, 4.1, 4.2
« Reply #19 on: November 14, 2015, 09:41:30 am »
Thats not changing anything. Now freeradius does not start because of the first error

Code: [Select]
Sat Nov 14 09:39:23 2015 : Error: rlm_eap_tls: Error reading certificate file /etc/freeradius/certs/freeradius.pem
Sat Nov 14 09:39:23 2015 : Error: rlm_eap: Failed to initialize type tls
Sat Nov 14 09:39:23 2015 : Error: /etc/freeradius/eap.conf[17]: Instantiation failed for module "eap"
Sat Nov 14 09:39:23 2015 : Error: /etc/freeradius/sites-enabled/default[287]: Failed to load module "eap".
Sat Nov 14 09:39:23 2015 : Error: /etc/freeradius/sites-enabled/default[234]: Errors parsing authenticate section.
Sat Nov 14 09:39:23 2015 : Error: Failed to load virtual server <default>
Sat Nov 14 09:39:23 2015 : Error: rlm_eap: SSL error error:0200100D:system library:fopen:Permission denied
Sat Nov 14 09:39:23 2015 : Error: rlm_eap_tls: Error reading certificate file /etc/freeradius/certs/freeradius.pem
Sat Nov 14 09:39:23 2015 : Error: rlm_eap: Failed to initialize type tls
Sat Nov 14 09:39:23 2015 : Error: /etc/freeradius/eap.conf[17]: Instantiation failed for module "eap"
Sat Nov 14 09:39:23 2015 : Error: /etc/freeradius/sites-enabled/default[287]: Failed to load module "eap".
Sat Nov 14 09:39:23 2015 : Error: /etc/freeradius/sites-enabled/default[234]: Errors parsing authenticate section.
Sat Nov 14 09:39:23 2015 : Error: Failed to load virtual server <default>
Sat Nov 14 09:39:23 2015 : Error: rlm_eap: SSL error error:0200100D:system library:fopen:Permission denied
Sat Nov 14 09:39:23 2015 : Error: rlm_eap_tls: Error reading certificate file /etc/freeradius/certs/freeradius.pem
Sat Nov 14 09:39:23 2015 : Error: rlm_eap: Failed to initialize type tls
Sat Nov 14 09:39:23 2015 : Error: /etc/freeradius/eap.conf[17]: Instantiation failed for module "eap"
Sat Nov 14 09:39:23 2015 : Error: /etc/freeradius/sites-enabled/default[287]: Failed to load module "eap".
Sat Nov 14 09:39:23 2015 : Error: /etc/freeradius/sites-enabled/default[234]: Errors parsing authenticate section.
Sat Nov 14 09:39:23 2015 : Error: Failed to load virtual server <default>
Sat Nov 14 09:39:23 2015 : Error: rlm_eap: SSL error error:0200100D:system library:fopen:Permission denied
Sat Nov 14 09:39:23 2015 : Error: rlm_eap_tls: Error reading certificate file /etc/freeradius/certs/freeradius.pem
Sat Nov 14 09:39:23 2015 : Error: rlm_eap: Failed to initialize type tls
Sat Nov 14 09:39:23 2015 : Error: /etc/freeradius/eap.conf[17]: Instantiation failed for module "eap"
Sat Nov 14 09:39:23 2015 : Error: /etc/freeradius/sites-enabled/default[287]: Failed to load module "eap".
Sat Nov 14 09:39:23 2015 : Error: /etc/freeradius/sites-enabled/default[234]: Errors parsing authenticate section.
Sat Nov 14 09:39:23 2015 : Error: Failed to load virtual server <default>
dirk@superserver:~/Downloads$
« Last Edit: November 14, 2015, 10:31:05 am by Dersch »

julio

  • Guest
Re: HowTo: add radius module with mschap support to zentyal 4.0, 4.1, 4.2
« Reply #20 on: November 14, 2015, 10:43:35 am »
please remove/recompile/reinstall one more time:

Code: [Select]
sudo rm -rf ~/Downloads/*radius*
sudo apt-get purge --auto-remove zentyal-radius freeradius freeradius-common libfreeradius2
sudo rm -rf /etc/freeradius

recompile/reinstall the zentyal-radius module

« Last Edit: November 14, 2015, 01:36:59 pm by julio »

Dersch

  • Zen Monk
  • **
  • Posts: 87
  • Karma: +1/-0
    • View Profile
Re: HowTo: add radius module with mschap support to zentyal 4.0, 4.1, 4.2
« Reply #21 on: November 14, 2015, 02:32:02 pm »
IT WORKS!!! Thank you so much! I don't know what i should do with Zentyal without you ;)

julio

  • Guest
Re: HowTo: add radius module with mschap support to zentyal 4.0, 4.1, 4.2
« Reply #22 on: November 14, 2015, 06:31:31 pm »
I am glad I was able to help. :)

gummibear1986

  • Zen Apprentice
  • *
  • Posts: 12
  • Karma: +0/-0
    • View Profile
Re: HowTo: add radius module with mschap support to zentyal 4.0, 4.1, 4.2
« Reply #23 on: January 29, 2016, 10:37:01 pm »
Hi Julio

Awesome work in getting RADIUS back into Zentyal, this was one of the main reasons i was looking at possible alternatives as my firewall requires it to authenticate VPN users (can't use AD).

It all seems to work brilliantly, the only issue i have found is that if i set it to authenticate Domain Users, it fails everytime. The user i am testing with is a Domain Admin and it works if i select that or All Users, but never under Domain Users. I have added another user who is not a Domain Admin in case this was the issue and the result is the same.

Also, do you know if it is possible to use MSCHAP? I cant seem to figure that one out either.

Thanks again for your work on this.

julio

  • Guest
Re: HowTo: add radius module with mschap support to zentyal 4.0, 4.1, 4.2
« Reply #24 on: January 31, 2016, 06:30:19 pm »
Hi Julio

Awesome work in getting RADIUS back into Zentyal, this was one of the main reasons i was looking at possible alternatives as my firewall requires it to authenticate VPN users (can't use AD).

It all seems to work brilliantly, the only issue i have found is that if i set it to authenticate Domain Users, it fails everytime. The user i am testing with is a Domain Admin and it works if i select that or All Users, but never under Domain Users. I have added another user who is not a Domain Admin in case this was the issue and the result is the same.

Also, do you know if it is possible to use MSCHAP? I cant seem to figure that one out either.

Thanks again for your work on this.

Please use with your own group, nested groups 'Domain Admins, Domain Users, Domain Guests' not working yet!
MSCHAPV2:
http://www.nmt.edu/information-services-division/3845-windows-7-peap-ms-chapv2

segelfreak

  • Zen Monk
  • **
  • Posts: 70
  • Karma: +4/-0
    • View Profile
Re: HowTo: add radius module with mschap support to zentyal 4.0, 4.1, 4.2
« Reply #25 on: June 04, 2016, 11:59:17 am »
Hello Julio and all,

Thanks' for bringing Radius into Zentyal 4.2!
I was able to install successfully and it seems to work in general, but not in my specific setup.

I want to use Radius to grant WiFi access to registered users and tried with two different AP's so far. One is an older Siemens DSL router and the other is a buffalo router with DD-WRT on board.
Both seem to be using MSCHAP authentication, but they always fail with "Login incorrect". Looking into the radius.log file, all I can see is:
Code: [Select]
Fri Jun  3 19:01:02 2016 : Auth: Login incorrect (mschap: External script says ): [#username#] (from client ##.##.###.#/32 port 0 via TLS tunnel)
Fri Jun  3 19:01:03 2016 : Auth: Login incorrect: [#username#] (from client ##.##.###.#/32 port 1 cli ##-##-##-##-##-##)
 
and that's basically it. No more hints.
I also tried using radtest tool and it works successfully, unless I choose MSCHAP as type. So my understanding is that the auth against the AD works in general and there must be an issue with the MSCHAP module.

The module does exist in the modules folder and besides the domain hack being active, the ntlm_auth looks like this:
Code: [Select]
ntlm_auth = "/usr/bin/ntlm_auth --request-nt-key --username=%{%{Stripped-User-Name}:-%{%{User-Name}:-None}} --challenge=%{%{mschap:Challenge}:-00} --nt-response=%{%{mschap:NT-Response}:-00}"

I'm not a big pro on Radius setup, so I hope someone can help me to get this going. We're using the installation for a refugee project.

update:
radtest output for mschap auth: MS-CHAP-Error = "\000E=691 R=1"

update2: checked ntlm_auth and it does work, but only when using sudo. Is this correct? I read some comments about freerad user to be member of the winbindd_priv group, but this is already the case. (winbindd_priv:x:118:freerad)
« Last Edit: June 04, 2016, 12:40:18 pm by segelfreak »

julio

  • Guest
Re: HowTo: add radius module with mschap support to zentyal 4.0, 4.1, 4.2
« Reply #26 on: June 04, 2016, 01:55:12 pm »
Hello Julio and all,

Thanks' for bringing Radius into Zentyal 4.2!
I was able to install successfully and it seems to work in general, but not in my specific setup.

I want to use Radius to grant WiFi access to registered users and tried with two different AP's so far. One is an older Siemens DSL router and the other is a buffalo router with DD-WRT on board.
Both seem to be using MSCHAP authentication, but they always fail with "Login incorrect". Looking into the radius.log file, all I can see is:
Code: [Select]
Fri Jun  3 19:01:02 2016 : Auth: Login incorrect (mschap: External script says ): [#username#] (from client ##.##.###.#/32 port 0 via TLS tunnel)
Fri Jun  3 19:01:03 2016 : Auth: Login incorrect: [#username#] (from client ##.##.###.#/32 port 1 cli ##-##-##-##-##-##)
 
and that's basically it. No more hints.
I also tried using radtest tool and it works successfully, unless I choose MSCHAP as type. So my understanding is that the auth against the AD works in general and there must be an issue with the MSCHAP module.

The module does exist in the modules folder and besides the domain hack being active, the ntlm_auth looks like this:
Code: [Select]
ntlm_auth = "/usr/bin/ntlm_auth --request-nt-key --username=%{%{Stripped-User-Name}:-%{%{User-Name}:-None}} --challenge=%{%{mschap:Challenge}:-00} --nt-response=%{%{mschap:NT-Response}:-00}"

I'm not a big pro on Radius setup, so I hope someone can help me to get this going. We're using the installation for a refugee project.

update:
radtest output for mschap auth: MS-CHAP-Error = "\000E=691 R=1"

update2: checked ntlm_auth and it does work, but only when using sudo. Is this correct? I read some comments about freerad user to be member of the winbindd_priv group, but this is already the case. (winbindd_priv:x:118:freerad)

please make own group for radius users ex.: radusers
add radius users to this group and
set this group in "RADIUS - General configuration" -> "Group allowed to authenticate"
« Last Edit: June 04, 2016, 02:29:45 pm by julio »

segelfreak

  • Zen Monk
  • **
  • Posts: 70
  • Karma: +4/-0
    • View Profile
Re: HowTo: add radius module with mschap support to zentyal 4.0, 4.1, 4.2
« Reply #27 on: June 04, 2016, 03:13:50 pm »
Hey,
Thanks' for the prompt response and help.
Actually, the minute you posted, I found the solution as per one of your earlier advices.
https://forum.zentyal.org/index.php/topic,26466.msg97883.html#msg97883

First I tried
Code: [Select]
sudo chown root:root /etc/samba/openchange.conf
sudo chmod 644 /etc/samba/openchange.conf
which worked. so finally I did
Code: [Select]
echo -e "#"'!'"/bin/bash\nchown root:root /etc/samba/openchange.conf\nchmod 644 /etc/samba/openchange.conf\nexit 0" | sudo tee /etc/zentyal/hooks/openchange.postsetconf
sudo chmod +x /etc/zentyal/hooks/openchange.postsetconf

Seems this did the trick.

Dersch

  • Zen Monk
  • **
  • Posts: 87
  • Karma: +1/-0
    • View Profile
Re: HowTo: add radius module with mschap support to zentyal 4.0, 4.1, 4.2
« Reply #28 on: June 08, 2016, 10:24:55 pm »
Again i'm facing problems with RADIUS but this time it seems to be the connection with LDAP. I already removed and recomplied the zentyal radius module but without success. Overall the RADIUS Module seems to work and short after a reboot everything is fine. Only after a couple of minutes up to one hour it is starting with the following errors...

Code: [Select]
Wed Jun  8 20:29:23 2016 : Auth: Login OK: [Administrator] (from client 192.168.10.40/32 port 0 via TLS tunnel)
Wed Jun  8 20:29:23 2016 : Auth: Login OK: [Administrator] (from client 192.168.10.40/32 port 0 cli E8-50-8B-83-95-42)
Wed Jun  8 21:08:59 2016 : Error:   [ldap] ldap_search() failed: LDAP connection lost.
Wed Jun  8 21:08:59 2016 : Info:   [ldap] Attempting reconnect
Wed Jun  8 21:09:02 2016 : Error: Discarding duplicate request from client 192.168.10.42/32 port 48323 - ID: 24 due to unfinished request 33
Wed Jun  8 21:09:04 2016 : Error:   [ldap] ldap_search() failed: Timed out while waiting for server to respond. Please increase the timeout.
Wed Jun  8 21:09:04 2016 : Auth: Invalid user: [Administrator] (from client 192.168.10.42/32 port 0 cli E8-50-8B-83-95-42)
Wed Jun  8 21:09:20 2016 : Error: Discarding duplicate request from client 192.168.10.42/32 port 48323 - ID: 26 due to unfinished request 35
Wed Jun  8 21:09:22 2016 : Error:   [ldap] ldap_search() failed: Timed out while waiting for server to respond. Please increase the timeout.
Wed Jun  8 21:09:22 2016 : Auth: Invalid user: [Administrator] (from client 192.168.10.42/32 port 0 cli E8-50-8B-83-95-42)
Wed Jun  8 21:29:43 2016 : Error:   [ldap] ldap_search() failed: LDAP connection lost.
Wed Jun  8 21:29:43 2016 : Info:   [ldap] Attempting reconnect
Wed Jun  8 21:29:46 2016 : Error: Discarding duplicate request from client 192.168.10.42/32 port 35385 - ID: 8 due to unfinished request 36
Wed Jun  8 21:29:48 2016 : Error:   [ldap] ldap_search() failed: Timed out while waiting for server to respond. Please increase the timeout.
Wed Jun  8 21:29:48 2016 : Auth: Invalid user: [Daniela] (from client 192.168.10.42/32 port 0 cli AC-5F-3E-33-AF-45)
Wed Jun  8 21:30:01 2016 : Error: Discarding duplicate request from client 192.168.10.42/32 port 35385 - ID: 10 due to unfinished request 38
Wed Jun  8 21:30:03 2016 : Error:   [ldap] ldap_search() failed: Timed out while waiting for server to respond. Please increase the timeout.
Wed Jun  8 21:30:03 2016 : Auth: Invalid user: [Daniela] (from client 192.168.10.42/32 port 0 cli AC-5F-3E-33-AF-45)

julio

  • Guest
Re: HowTo: add radius module with mschap support to zentyal 4.0, 4.1, 4.2
« Reply #29 on: June 09, 2016, 06:17:37 am »
Again i'm facing problems with RADIUS but this time it seems to be the connection with LDAP. I already removed and recomplied the zentyal radius module but without success. Overall the RADIUS Module seems to work and short after a reboot everything is fine. Only after a couple of minutes up to one hour it is starting with the following errors...

Code: [Select]
Wed Jun  8 20:29:23 2016 : Auth: Login OK: [Administrator] (from client 192.168.10.40/32 port 0 via TLS tunnel)
Wed Jun  8 20:29:23 2016 : Auth: Login OK: [Administrator] (from client 192.168.10.40/32 port 0 cli E8-50-8B-83-95-42)
Wed Jun  8 21:08:59 2016 : Error:   [ldap] ldap_search() failed: LDAP connection lost.
Wed Jun  8 21:08:59 2016 : Info:   [ldap] Attempting reconnect
Wed Jun  8 21:09:02 2016 : Error: Discarding duplicate request from client 192.168.10.42/32 port 48323 - ID: 24 due to unfinished request 33
Wed Jun  8 21:09:04 2016 : Error:   [ldap] ldap_search() failed: Timed out while waiting for server to respond. Please increase the timeout.
Wed Jun  8 21:09:04 2016 : Auth: Invalid user: [Administrator] (from client 192.168.10.42/32 port 0 cli E8-50-8B-83-95-42)
Wed Jun  8 21:09:20 2016 : Error: Discarding duplicate request from client 192.168.10.42/32 port 48323 - ID: 26 due to unfinished request 35
Wed Jun  8 21:09:22 2016 : Error:   [ldap] ldap_search() failed: Timed out while waiting for server to respond. Please increase the timeout.
Wed Jun  8 21:09:22 2016 : Auth: Invalid user: [Administrator] (from client 192.168.10.42/32 port 0 cli E8-50-8B-83-95-42)
Wed Jun  8 21:29:43 2016 : Error:   [ldap] ldap_search() failed: LDAP connection lost.
Wed Jun  8 21:29:43 2016 : Info:   [ldap] Attempting reconnect
Wed Jun  8 21:29:46 2016 : Error: Discarding duplicate request from client 192.168.10.42/32 port 35385 - ID: 8 due to unfinished request 36
Wed Jun  8 21:29:48 2016 : Error:   [ldap] ldap_search() failed: Timed out while waiting for server to respond. Please increase the timeout.
Wed Jun  8 21:29:48 2016 : Auth: Invalid user: [Daniela] (from client 192.168.10.42/32 port 0 cli AC-5F-3E-33-AF-45)
Wed Jun  8 21:30:01 2016 : Error: Discarding duplicate request from client 192.168.10.42/32 port 35385 - ID: 10 due to unfinished request 38
Wed Jun  8 21:30:03 2016 : Error:   [ldap] ldap_search() failed: Timed out while waiting for server to respond. Please increase the timeout.
Wed Jun  8 21:30:03 2016 : Auth: Invalid user: [Daniela] (from client 192.168.10.42/32 port 0 cli AC-5F-3E-33-AF-45)

after restarting the radius service working again?
Code: [Select]
sudo service zentyal radius restart