Authenticate with FreeRadius + MySQL + PEAP
tiodacio
tiodacio at bol.com.br
Tue Apr 8 16:23:40 CEST 2008
Ivan,
I compare the log of user "test" with user "test at some.domain.com" and the difference occurs in request 6, where the error occurs.
modcall: entering group MS-CHAP for request 6
rlm_mschap: Told to do MS-CHAPv2 for teste at unesp.br with NT-Password
rlm_mschap: FAILED: MS-CHAP2-Response is incorrect
Follow the full request debug. Thanks.
Dácio
rad_recv: Access-Request packet from host xxx.xxx.xxx.xxx:3072, id=229, length=185
User-Name = "test at some.domain.com"
NAS-IP-Address = xxx.xxx.xxx.xxx
NAS-Port = 0
Called-Station-Id = "00032f3939ee"
Calling-Station-Id = "00195b3bb2ef"
NAS-Identifier = "Realtek Access Point. 8181"
Framed-MTU = 1400
NAS-Port-Type = Wireless-802.11
Service-Type = Framed-User
Connect-Info = "CONNECT 11Mbps 802.11b"
EAP-Message = 0x0201001301746573746540756e6573702e6272
Message-Authenticator = 0xc3ffe9e3fc0f509ae2b84f8a6f6a6067
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 0
modcall[authorize]: module "preprocess" returns ok for request 0
radius_xlat: '/var/log/radacct/xxx.xxx.xxx.xxx/auth-detail-20080408'
rlm_detail: /var/log/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d expands to /var/log/radacct/xxx.xxx.xxx.xxx/auth-detail-20080408
modcall[authorize]: module "auth_log" returns ok for request 0
modcall[authorize]: module "mschap" returns noop for request 0
rlm_realm: Looking up realm "some.domain.com" for User-Name = "test at some.domain.com"
rlm_realm: Found realm "some.domain.com"
rlm_realm: Proxying request from user teste to realm xxx.xxx.xxx.xxx
rlm_realm: Adding Realm = "some.domain.com"
rlm_realm: Authentication realm is LOCAL.
modcall[authorize]: module "suffix" returns noop for request 0
rlm_eap: EAP packet type response id 1 length 19
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 0
radius_xlat: 'test at some.domain.com'
rlm_sql (sql): sql_set_user escaped user --> 'test at some.domain.com'
radius_xlat: 'SELECT id, UserName, Attribute, Value, op FROM radcheck WHERE Username = 'test at some.domain.com' ORDER BY id'
rlm_sql (sql): Reserving sql socket id: 0
rlm_sql_mysql: query: SELECT id, UserName, Attribute, Value, op FROM radcheck WHERE Username = 'test at some.domain.com' ORDER BY id
radius_xlat: 'SELECT radgroupcheck.id,radgroupcheck.GroupName,radgroupcheck.Attribute,radgroupcheck.Value,radgroupcheck.op FROM radgroupcheck,usergroup WHERE usergroup.Username = 'test at some.domain.com' AND usergroup.GroupName = radgroupcheck.GroupName ORDER BY radgroupcheck.id'
rlm_sql_mysql: query: SELECT radgroupcheck.id,radgroupcheck.GroupName,radgroupcheck.Attribute,radgroupcheck.Value,radgroupcheck.op FROM radgroupcheck,usergroup WHERE usergroup.Username = 'test at some.domain.com' AND usergroup.GroupName = radgroupcheck.GroupName ORDER BY radgroupcheck.id
radius_xlat: 'SELECT id, UserName, Attribute, Value, op FROM radreply WHERE Username = 'test at some.domain.com' ORDER BY id'
rlm_sql_mysql: query: SELECT id, UserName, Attribute, Value, op FROM radreply WHERE Username = 'test at some.domain.com' ORDER BY id
radius_xlat: 'SELECT radgroupreply.id,radgroupreply.GroupName,radgroupreply.Attribute,radgroupreply.Value,radgroupreply.op FROM radgroupreply,usergroup WHERE usergroup.Username = 'test at some.domain.com' AND usergroup.GroupName = radgroupreply.GroupName ORDER BY radgroupreply.id'
rlm_sql_mysql: query: SELECT radgroupreply.id,radgroupreply.GroupName,radgroupreply.Attribute,radgroupreply.Value,radgroupreply.op FROM radgroupreply,usergroup WHERE usergroup.Username = 'test at some.domain.com' AND usergroup.GroupName = radgroupreply.GroupName ORDER BY radgroupreply.id
rlm_sql (sql): Released sql socket id: 0
modcall[authorize]: module "sql" returns ok for request 0
modcall: leaving group authorize (returns updated) for request 0
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 0
rlm_eap: EAP Identity
rlm_eap: processing type tls
rlm_eap_tls: Initiate
rlm_eap_tls: Start returned 1
modcall[authenticate]: module "eap" returns handled for request 0
modcall: leaving group authenticate (returns handled) for request 0
Sending Access-Challenge of id 229 to xxx.xxx.xxx.xxx port 3072
EAP-Message = 0x010200061920
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x6224eaae80c73dc6c5b1e4c001202132
Finished request 0
Going to the next request
--- Walking the entire request list ---
Waking up in 6 seconds...
rad_recv: Access-Request packet from host xxx.xxx.xxx.xxx:3072, id=230, length=278
User-Name = "test at some.domain.com"
NAS-IP-Address = xxx.xxx.xxx.xxx
NAS-Port = 0
Called-Station-Id = "00032f3939ee"
Calling-Station-Id = "00195b3bb2ef"
NAS-Identifier = "Realtek Access Point. 8181"
NAS-Port-Type = Wireless-802.11
Service-Type = Framed-User
Connect-Info = "CONNECT 11Mbps 802.11b"
EAP-Message = 0x0202006419800000005a160301005501000051030147fb7c20c1e30b2994b996b0b8c4ef4242892ffcc47c595d2f5128ede79fe14800002a00160013006600150012000a0005000400070009006300650060006200610064001400110003000600080100
State = 0x6224eaae80c73dc6c5b1e4c001202132
Message-Authenticator = 0xc09131a50997249891265ad8957d7901
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 1
modcall[authorize]: module "preprocess" returns ok for request 1
radius_xlat: '/var/log/radacct/xxx.xxx.xxx.xxx/auth-detail-20080408'
rlm_detail: /var/log/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d expands to /var/log/radacct/xxx.xxx.xxx.xxx/auth-detail-20080408
modcall[authorize]: module "auth_log" returns ok for request 1
modcall[authorize]: module "mschap" returns noop for request 1
rlm_realm: Looking up realm "some.domain.com" for User-Name = "test at some.domain.com"
rlm_realm: Found realm "some.domain.com"
rlm_realm: Proxying request from user teste to realm some.domain.com
rlm_realm: Adding Realm = "some.domain.com"
rlm_realm: Authentication realm is LOCAL.
modcall[authorize]: module "suffix" returns noop for request 1
rlm_eap: EAP packet type response id 2 length 100
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 1
radius_xlat: 'test at some.domain.com'
rlm_sql (sql): sql_set_user escaped user --> 'test at some.domain.com'
radius_xlat: 'SELECT id, UserName, Attribute, Value, op FROM radcheck WHERE Username = 'test at some.domain.com' ORDER BY id'
rlm_sql (sql): Reserving sql socket id: 1
rlm_sql_mysql: query: SELECT id, UserName, Attribute, Value, op FROM radcheck WHERE Username = 'test at some.domain.com' ORDER BY id
radius_xlat: 'SELECT radgroupcheck.id,radgroupcheck.GroupName,radgroupcheck.Attribute,radgroupcheck.Value,radgroupcheck.op FROM radgroupcheck,usergroup WHERE usergroup.Username = 'test at some.domain.com' AND usergroup.GroupName = radgroupcheck.GroupName ORDER BY radgroupcheck.id'
rlm_sql_mysql: query: SELECT radgroupcheck.id,radgroupcheck.GroupName,radgroupcheck.Attribute,radgroupcheck.Value,radgroupcheck.op FROM radgroupcheck,usergroup WHERE usergroup.Username = 'test at some.domain.com' AND usergroup.GroupName = radgroupcheck.GroupName ORDER BY radgroupcheck.id
radius_xlat: 'SELECT id, UserName, Attribute, Value, op FROM radreply WHERE Username = 'test at some.domain.com' ORDER BY id'
rlm_sql_mysql: query: SELECT id, UserName, Attribute, Value, op FROM radreply WHERE Username = 'test at some.domain.com' ORDER BY id
radius_xlat: 'SELECT radgroupreply.id,radgroupreply.GroupName,radgroupreply.Attribute,radgroupreply.Value,radgroupreply.op FROM radgroupreply,usergroup WHERE usergroup.Username = 'test at some.domain.com' AND usergroup.GroupName = radgroupreply.GroupName ORDER BY radgroupreply.id'
rlm_sql_mysql: query: SELECT radgroupreply.id,radgroupreply.GroupName,radgroupreply.Attribute,radgroupreply.Value,radgroupreply.op FROM radgroupreply,usergroup WHERE usergroup.Username = 'test at some.domain.com' AND usergroup.GroupName = radgroupreply.GroupName ORDER BY radgroupreply.id
rlm_sql (sql): Released sql socket id: 1
modcall[authorize]: module "sql" returns ok for request 1
modcall: leaving group authorize (returns updated) for request 1
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 1
rlm_eap: Request found, released from the list
rlm_eap: EAP/peap
rlm_eap: processing type peap
rlm_eap_peap: Authenticate
rlm_eap_tls: processing TLS
rlm_eap_tls: Length Included
eaptls_verify returned 11
(other): before/accept initialization
TLS_accept: before/accept initialization
rlm_eap_tls: <<< TLS 1.0 Handshake [length 0055], ClientHello
TLS_accept: SSLv3 read client hello A
rlm_eap_tls: >>> TLS 1.0 Handshake [length 004a], ServerHello
TLS_accept: SSLv3 write server hello A
rlm_eap_tls: >>> TLS 1.0 Handshake [length 0694], Certificate
TLS_accept: SSLv3 write certificate A
rlm_eap_tls: >>> TLS 1.0 Handshake [length 0004], ServerHelloDone
TLS_accept: SSLv3 write server done A
TLS_accept: SSLv3 flush data
TLS_accept: Need to read more data: SSLv3 read client certificate A
In SSL Handshake Phase
In SSL Accept mode
eaptls_process returned 13
rlm_eap_peap: EAPTLS_HANDLED
modcall[authenticate]: module "eap" returns handled for request 1
modcall: leaving group authenticate (returns handled) for request 1
Sending Access-Challenge of id 230 to xxx.xxx.xxx.xxx port 3072
EAP-Message = 0x0103040a19c0000006f1160301004a02000046030147fb7c1f951876f5d60ba0f24d9fe93e6de4863bce7b5425c6cb1cf3a92dd33020613abc102d8150fef2156e03878273ffbbcc53b87de025738cea62fc0cb6a800000a0016030106940b00069000068d0002cd308202c930820232a003020102020102300d06092a864886f70d010104050030819f310b30090603550406130243413111300f0603550408130850726f76696e63653112301006035504071309536f6d65204369747931153013060355040a130c4f7267616e697a6174696f6e31123010060355040b13096c6f63616c686f7374311b301906035504031312436c69656e74206365
EAP-Message = 0x7274696669636174653121301f06092a864886f70d0109011612636c69656e74406578616d706c652e636f6d301e170d3034303132353133323631305a170d3035303132343133323631305a30819b310b30090603550406130243413111300f0603550408130850726f76696e63653112301006035504071309536f6d65204369747931153013060355040a130c4f7267616e697a6174696f6e31123010060355040b13096c6f63616c686f73743119301706035504031310526f6f74206365727469666963617465311f301d06092a864886f70d0109011610726f6f74406578616d706c652e636f6d30819f300d06092a864886f70d010101050003
EAP-Message = 0x818d0030818902818100dac525422bfedb082629a2cba44b3449c90d0ab462fb72c8434a782098863d7eb7d7e70028c2b7ad555a51cc756cf4fa1d7091615ab450d5289553ae6616aff014a55085d6b8fb4aee98638e426175cdd36c665c63cda177d34920eb30585edc8773999c2980f81ad4638bbbea1c82d054023db7ef24a3ec1c3f6241a903d7f30203010001a317301530130603551d25040c300a06082b06010505070301300d06092a864886f70d0101040500038181007a2d921b1cf13bf2982a9178ec9ede6d88edc178a2e8bd40a0a06fb6f0769957884cd7084537083496fd184165293f583c8e8240eb68e042c94b15752e4c07e80d09
EAP-Message = 0x779afa3dd55c24fa54ac292d77205d1c2477ed30d59f57caf9bd21ff2a8d16cc0911c50e4f295763fcb60efa3c3d2d0e43850f6e6fbe284902f6e83503650003ba308203b63082031fa003020102020100300d06092a864886f70d010104050030819f310b30090603550406130243413111300f0603550408130850726f76696e63653112301006035504071309536f6d65204369747931153013060355040a130c4f7267616e697a6174696f6e31123010060355040b13096c6f63616c686f7374311b301906035504031312436c69656e742063657274696669636174653121301f06092a864886f70d0109011612636c69656e74406578616d706c
EAP-Message = 0x652e636f6d301e170d3034303132353133323630375a
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x193c2165eb8d7263ae983a247103c03a
Finished request 1
Going to the next request
Waking up in 6 seconds...
rad_recv: Access-Request packet from host xxx.xxx.xxx.xxx:3072, id=231, length=184
User-Name = "test at some.domain.com"
NAS-IP-Address = xxx.xxx.xxx.xxx
NAS-Port = 0
Called-Station-Id = "00032f3939ee"
Calling-Station-Id = "00195b3bb2ef"
NAS-Identifier = "Realtek Access Point. 8181"
NAS-Port-Type = Wireless-802.11
Service-Type = Framed-User
Connect-Info = "CONNECT 11Mbps 802.11b"
EAP-Message = 0x020300061900
State = 0x193c2165eb8d7263ae983a247103c03a
Message-Authenticator = 0xe38fe982e8ba04777fcf3a5092644716
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 2
modcall[authorize]: module "preprocess" returns ok for request 2
radius_xlat: '/var/log/radacct/xxx.xxx.xxx.xxx/auth-detail-20080408'
rlm_detail: /var/log/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d expands to /var/log/radacct/xxx.xxx.xxx.xxx/auth-detail-20080408
modcall[authorize]: module "auth_log" returns ok for request 2
modcall[authorize]: module "mschap" returns noop for request 2
rlm_realm: Looking up realm "some.domain.com" for User-Name = "test at some.domain.com"
rlm_realm: Found realm "some.domain.com"
rlm_realm: Proxying request from user teste to realm some.domain.com
rlm_realm: Adding Realm = "some.domain.com"
rlm_realm: Authentication realm is LOCAL.
modcall[authorize]: module "suffix" returns noop for request 2
rlm_eap: EAP packet type response id 3 length 6
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 2
radius_xlat: 'test at some.domain.com'
rlm_sql (sql): sql_set_user escaped user --> 'test at some.domain.com'
radius_xlat: 'SELECT id, UserName, Attribute, Value, op FROM radcheck WHERE Username = 'test at some.domain.com' ORDER BY id'
rlm_sql (sql): Reserving sql socket id: 0
rlm_sql_mysql: query: SELECT id, UserName, Attribute, Value, op FROM radcheck WHERE Username = 'test at some.domain.com' ORDER BY id
radius_xlat: 'SELECT radgroupcheck.id,radgroupcheck.GroupName,radgroupcheck.Attribute,radgroupcheck.Value,radgroupcheck.op FROM radgroupcheck,usergroup WHERE usergroup.Username = 'test at some.domain.com' AND usergroup.GroupName = radgroupcheck.GroupName ORDER BY radgroupcheck.id'
rlm_sql_mysql: query: SELECT radgroupcheck.id,radgroupcheck.GroupName,radgroupcheck.Attribute,radgroupcheck.Value,radgroupcheck.op FROM radgroupcheck,usergroup WHERE usergroup.Username = 'test at some.domain.com' AND usergroup.GroupName = radgroupcheck.GroupName ORDER BY radgroupcheck.id
radius_xlat: 'SELECT id, UserName, Attribute, Value, op FROM radreply WHERE Username = 'test at some.domain.com' ORDER BY id'
rlm_sql_mysql: query: SELECT id, UserName, Attribute, Value, op FROM radreply WHERE Username = 'test at some.domain.com' ORDER BY id
radius_xlat: 'SELECT radgroupreply.id,radgroupreply.GroupName,radgroupreply.Attribute,radgroupreply.Value,radgroupreply.op FROM radgroupreply,usergroup WHERE usergroup.Username = 'test at some.domain.com' AND usergroup.GroupName = radgroupreply.GroupName ORDER BY radgroupreply.id'
rlm_sql_mysql: query: SELECT radgroupreply.id,radgroupreply.GroupName,radgroupreply.Attribute,radgroupreply.Value,radgroupreply.op FROM radgroupreply,usergroup WHERE usergroup.Username = 'test at some.domain.com' AND usergroup.GroupName = radgroupreply.GroupName ORDER BY radgroupreply.id
rlm_sql (sql): Released sql socket id: 0
modcall[authorize]: module "sql" returns ok for request 2
modcall: leaving group authorize (returns updated) for request 2
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 2
rlm_eap: Request found, released from the list
rlm_eap: EAP/peap
rlm_eap: processing type peap
rlm_eap_peap: Authenticate
rlm_eap_tls: processing TLS
rlm_eap_tls: Received EAP-TLS ACK message
rlm_eap_tls: ack handshake fragment handler
eaptls_verify returned 1
eaptls_process returned 13
rlm_eap_peap: EAPTLS_HANDLED
modcall[authenticate]: module "eap" returns handled for request 2
modcall: leaving group authenticate (returns handled) for request 2
Sending Access-Challenge of id 231 to xxx.xxx.xxx.xxx port 3072
EAP-Message = 0x010402f71900170d3036303132343133323630375a30819f310b30090603550406130243413111300f0603550408130850726f76696e63653112301006035504071309536f6d65204369747931153013060355040a130c4f7267616e697a6174696f6e31123010060355040b13096c6f63616c686f7374311b301906035504031312436c69656e742063657274696669636174653121301f06092a864886f70d0109011612636c69656e74406578616d706c652e636f6d30819f300d06092a864886f70d010101050003818d0030818902818100d4c5b19724f164acf1ffb189db1c8fbff4f14396ea7cb1e90f78d69451725377895dfe52ccb99b41e8
EAP-Message = 0x0ddeb58b127a943f4f58cbc562878192fbdc6fece9f871e7c130d35cf5188817e9b133249edd2a1c75d31043ae87553cec7a77ef26aa7d74281db9b77e17c6446c5dd9b188b43250ca0229963722a123a726b00b4027fd0203010001a381ff3081fc301d0603551d0e0416041468d36d3e1ee7bc9d5a057021c363da1365d1ade33081cc0603551d230481c43081c1801468d36d3e1ee7bc9d5a057021c363da1365d1ade3a181a5a481a230819f310b30090603550406130243413111300f0603550408130850726f76696e63653112301006035504071309536f6d65204369747931153013060355040a130c4f7267616e697a6174696f6e31123010
EAP-Message = 0x060355040b13096c6f63616c686f7374311b301906035504031312436c69656e742063657274696669636174653121301f06092a864886f70d0109011612636c69656e74406578616d706c652e636f6d820100300c0603551d13040530030101ff300d06092a864886f70d01010405000381810033c00b66b1e579ef73a06798252dab8d5e5511fc00fd276d80d12f834777c6743fdc2743fca1507704e4bc0979e4f60ac3ad9ee83e6f347369229d1f77229ba2e982359da563024a00163dba6d6c986c0bad28af85132ff8f0d76501bf1b7c2dff658ce1e62c01997b6e64e3e8d4373354ce9912847651539063b85bbc5485c516030100040e000000
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xcf564de617cbad9dca59e8769f2b8bf6
Finished request 2
Going to the next request
Waking up in 6 seconds...
rad_recv: Access-Request packet from host xxx.xxx.xxx.xxx:3072, id=232, length=378
User-Name = "test at some.domain.com"
NAS-IP-Address = xxx.xxx.xxx.xxx
NAS-Port = 0
Called-Station-Id = "00032f3939ee"
Calling-Station-Id = "00195b3bb2ef"
NAS-Identifier = "Realtek Access Point. 8181"
NAS-Port-Type = Wireless-802.11
Service-Type = Framed-User
Connect-Info = "CONNECT 11Mbps 802.11b"
EAP-Message = 0x020400c81980000000be1603010086100000820080cc1fe677bfe3b1d5581ac79a9e25bca4c9451d47ea55f3930c0d5b9c7899c116a7463e86a71a6e55ccef458b4d474e42b301d869fa872bbec33a1f3e15433cb50454aca004b29a3b631fc8a1edaaa814435ce7b90aeb19c7477de1fd46b5ddf4db383c95766a78208a60687042d3680790877c39e98ac997935ee3ab718cc20b140301000101160301002828a9d204577a1d9398ec183a15bd27e4f1695f56df57e7e52f65c4a1acbf43358a76e938916c5b5b
State = 0xcf564de617cbad9dca59e8769f2b8bf6
Message-Authenticator = 0x2d7e56d69f0063be3791634814782f93
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 3
modcall[authorize]: module "preprocess" returns ok for request 3
radius_xlat: '/var/log/radacct/xxx.xxx.xxx.xxx/auth-detail-20080408'
rlm_detail: /var/log/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d expands to /var/log/radacct/xxx.xxx.xxx.xxx/auth-detail-20080408
modcall[authorize]: module "auth_log" returns ok for request 3
modcall[authorize]: module "mschap" returns noop for request 3
rlm_realm: Looking up realm "some.domain.com" for User-Name = "test at some.domain.com"
rlm_realm: Found realm "some.domain.com"
rlm_realm: Proxying request from user teste to realm some.domain.com
rlm_realm: Adding Realm = "some.domain.com"
rlm_realm: Authentication realm is LOCAL.
modcall[authorize]: module "suffix" returns noop for request 3
rlm_eap: EAP packet type response id 4 length 200
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 3
radius_xlat: 'test at some.domain.com'
rlm_sql (sql): sql_set_user escaped user --> 'test at some.domain.com'
radius_xlat: 'SELECT id, UserName, Attribute, Value, op FROM radcheck WHERE Username = 'test at some.domain.com' ORDER BY id'
rlm_sql (sql): Reserving sql socket id: 1
rlm_sql_mysql: query: SELECT id, UserName, Attribute, Value, op FROM radcheck WHERE Username = 'test at some.domain.com' ORDER BY id
radius_xlat: 'SELECT radgroupcheck.id,radgroupcheck.GroupName,radgroupcheck.Attribute,radgroupcheck.Value,radgroupcheck.op FROM radgroupcheck,usergroup WHERE usergroup.Username = 'test at some.domain.com' AND usergroup.GroupName = radgroupcheck.GroupName ORDER BY radgroupcheck.id'
rlm_sql_mysql: query: SELECT radgroupcheck.id,radgroupcheck.GroupName,radgroupcheck.Attribute,radgroupcheck.Value,radgroupcheck.op FROM radgroupcheck,usergroup WHERE usergroup.Username = 'test at some.domain.com' AND usergroup.GroupName = radgroupcheck.GroupName ORDER BY radgroupcheck.id
radius_xlat: 'SELECT id, UserName, Attribute, Value, op FROM radreply WHERE Username = 'test at some.domain.com' ORDER BY id'
rlm_sql_mysql: query: SELECT id, UserName, Attribute, Value, op FROM radreply WHERE Username = 'test at some.domain.com' ORDER BY id
radius_xlat: 'SELECT radgroupreply.id,radgroupreply.GroupName,radgroupreply.Attribute,radgroupreply.Value,radgroupreply.op FROM radgroupreply,usergroup WHERE usergroup.Username = 'test at some.domain.com' AND usergroup.GroupName = radgroupreply.GroupName ORDER BY radgroupreply.id'
rlm_sql_mysql: query: SELECT radgroupreply.id,radgroupreply.GroupName,radgroupreply.Attribute,radgroupreply.Value,radgroupreply.op FROM radgroupreply,usergroup WHERE usergroup.Username = 'test at some.domain.com' AND usergroup.GroupName = radgroupreply.GroupName ORDER BY radgroupreply.id
rlm_sql (sql): Released sql socket id: 1
modcall[authorize]: module "sql" returns ok for request 3
modcall: leaving group authorize (returns updated) for request 3
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 3
rlm_eap: Request found, released from the list
rlm_eap: EAP/peap
rlm_eap: processing type peap
rlm_eap_peap: Authenticate
rlm_eap_tls: processing TLS
rlm_eap_tls: Length Included
eaptls_verify returned 11
rlm_eap_tls: <<< TLS 1.0 Handshake [length 0086], ClientKeyExchange
TLS_accept: SSLv3 read client key exchange A
rlm_eap_tls: <<< TLS 1.0 ChangeCipherSpec [length 0001]
rlm_eap_tls: <<< TLS 1.0 Handshake [length 0010], Finished
TLS_accept: SSLv3 read finished A
rlm_eap_tls: >>> TLS 1.0 ChangeCipherSpec [length 0001]
TLS_accept: SSLv3 write change cipher spec A
rlm_eap_tls: >>> TLS 1.0 Handshake [length 0010], Finished
TLS_accept: SSLv3 write finished A
TLS_accept: SSLv3 flush data
(other): SSL negotiation finished successfully
SSL Connection Established
eaptls_process returned 13
rlm_eap_peap: EAPTLS_HANDLED
modcall[authenticate]: module "eap" returns handled for request 3
modcall: leaving group authenticate (returns handled) for request 3
Sending Access-Challenge of id 232 to xxx.xxx.xxx.xxx port 3072
EAP-Message = 0x010500391900140301000101160301002825a817ae388d2cd2ec8ae3be6049e08fb21c0a5e3179ee6edb412a99bcf926e8157cb15dd1addeee
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x182e732c21ae66a62538d2ac3f2a13e0
Finished request 3
Going to the next request
Waking up in 6 seconds...
rad_recv: Access-Request packet from host xxx.xxx.xxx.xxx:3072, id=233, length=184
User-Name = "test at some.domain.com"
NAS-IP-Address = xxx.xxx.xxx.xxx
NAS-Port = 0
Called-Station-Id = "00032f3939ee"
Calling-Station-Id = "00195b3bb2ef"
NAS-Identifier = "Realtek Access Point. 8181"
NAS-Port-Type = Wireless-802.11
Service-Type = Framed-User
Connect-Info = "CONNECT 11Mbps 802.11b"
EAP-Message = 0x020500061900
State = 0x182e732c21ae66a62538d2ac3f2a13e0
Message-Authenticator = 0xe575301676b2facac5ac8cf928a43cb3
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 4
modcall[authorize]: module "preprocess" returns ok for request 4
radius_xlat: '/var/log/radacct/xxx.xxx.xxx.xxx/auth-detail-20080408'
rlm_detail: /var/log/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d expands to /var/log/radacct/xxx.xxx.xxx.xxx/auth-detail-20080408
modcall[authorize]: module "auth_log" returns ok for request 4
modcall[authorize]: module "mschap" returns noop for request 4
rlm_realm: Looking up realm "some.domain.com" for User-Name = "test at some.domain.com"
rlm_realm: Found realm "some.domain.com"
rlm_realm: Proxying request from user teste to realm some.domain.com
rlm_realm: Adding Realm = "some.domain.com"
rlm_realm: Authentication realm is LOCAL.
modcall[authorize]: module "suffix" returns noop for request 4
rlm_eap: EAP packet type response id 5 length 6
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 4
radius_xlat: 'test at some.domain.com'
rlm_sql (sql): sql_set_user escaped user --> 'test at some.domain.com'
radius_xlat: 'SELECT id, UserName, Attribute, Value, op FROM radcheck WHERE Username = 'test at some.domain.com' ORDER BY id'
rlm_sql (sql): Reserving sql socket id: 0
rlm_sql_mysql: query: SELECT id, UserName, Attribute, Value, op FROM radcheck WHERE Username = 'test at some.domain.com' ORDER BY id
radius_xlat: 'SELECT radgroupcheck.id,radgroupcheck.GroupName,radgroupcheck.Attribute,radgroupcheck.Value,radgroupcheck.op FROM radgroupcheck,usergroup WHERE usergroup.Username = 'test at some.domain.com' AND usergroup.GroupName = radgroupcheck.GroupName ORDER BY radgroupcheck.id'
rlm_sql_mysql: query: SELECT radgroupcheck.id,radgroupcheck.GroupName,radgroupcheck.Attribute,radgroupcheck.Value,radgroupcheck.op FROM radgroupcheck,usergroup WHERE usergroup.Username = 'test at some.domain.com' AND usergroup.GroupName = radgroupcheck.GroupName ORDER BY radgroupcheck.id
radius_xlat: 'SELECT id, UserName, Attribute, Value, op FROM radreply WHERE Username = 'test at some.domain.com' ORDER BY id'
rlm_sql_mysql: query: SELECT id, UserName, Attribute, Value, op FROM radreply WHERE Username = 'test at some.domain.com' ORDER BY id
radius_xlat: 'SELECT radgroupreply.id,radgroupreply.GroupName,radgroupreply.Attribute,radgroupreply.Value,radgroupreply.op FROM radgroupreply,usergroup WHERE usergroup.Username = 'test at some.domain.com' AND usergroup.GroupName = radgroupreply.GroupName ORDER BY radgroupreply.id'
rlm_sql_mysql: query: SELECT radgroupreply.id,radgroupreply.GroupName,radgroupreply.Attribute,radgroupreply.Value,radgroupreply.op FROM radgroupreply,usergroup WHERE usergroup.Username = 'test at some.domain.com' AND usergroup.GroupName = radgroupreply.GroupName ORDER BY radgroupreply.id
rlm_sql (sql): Released sql socket id: 0
modcall[authorize]: module "sql" returns ok for request 4
modcall: leaving group authorize (returns updated) for request 4
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 4
rlm_eap: Request found, released from the list
rlm_eap: EAP/peap
rlm_eap: processing type peap
rlm_eap_peap: Authenticate
rlm_eap_tls: processing TLS
rlm_eap_tls: Received EAP-TLS ACK message
rlm_eap_tls: ack handshake is finished
eaptls_verify returned 3
eaptls_process returned 3
rlm_eap_peap: EAPTLS_SUCCESS
modcall[authenticate]: module "eap" returns handled for request 4
modcall: leaving group authenticate (returns handled) for request 4
Sending Access-Challenge of id 233 to xxx.xxx.xxx.xxx port 3072
EAP-Message = 0x0106002b19001703010020de0aa7aa8c691695e91aac3dcbcf0f308a562d1695fa441d14542c764e2d2c3a
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xd704d19866681740655181d83bd472b2
Finished request 4
Going to the next request
Waking up in 6 seconds...
rad_recv: Access-Request packet from host xxx.xxx.xxx.xxx:3072, id=234, length=258
User-Name = "test at some.domain.com"
NAS-IP-Address = xxx.xxx.xxx.xxx
NAS-Port = 0
Called-Station-Id = "00032f3939ee"
Calling-Station-Id = "00195b3bb2ef"
NAS-Identifier = "Realtek Access Point. 8181"
NAS-Port-Type = Wireless-802.11
Service-Type = Framed-User
Connect-Info = "CONNECT 11Mbps 802.11b"
EAP-Message = 0x020600501900170301001827a733901555adfb04f3dea94b257adfc45ba0d6d8bc37681703010028b24cc3458a50eeb036ece2970736c5700fdd6848c37c002972ec179988e6e95b65e31802d2ca14eb
State = 0xd704d19866681740655181d83bd472b2
Message-Authenticator = 0xcc1ed16ef713838dd8c0efa98dc5afc6
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 5
modcall[authorize]: module "preprocess" returns ok for request 5
radius_xlat: '/var/log/radacct/xxx.xxx.xxx.xxx/auth-detail-20080408'
rlm_detail: /var/log/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d expands to /var/log/radacct/xxx.xxx.xxx.xxx/auth-detail-20080408
modcall[authorize]: module "auth_log" returns ok for request 5
modcall[authorize]: module "mschap" returns noop for request 5
rlm_realm: Looking up realm "some.domain.com" for User-Name = "test at some.domain.com"
rlm_realm: Found realm "some.domain.com"
rlm_realm: Proxying request from user teste to realm some.domain.com
rlm_realm: Adding Realm = "some.domain.com"
rlm_realm: Authentication realm is LOCAL.
modcall[authorize]: module "suffix" returns noop for request 5
rlm_eap: EAP packet type response id 6 length 80
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 5
radius_xlat: 'test at some.domain.com'
rlm_sql (sql): sql_set_user escaped user --> 'test at some.domain.com'
radius_xlat: 'SELECT id, UserName, Attribute, Value, op FROM radcheck WHERE Username = 'test at some.domain.com' ORDER BY id'
rlm_sql (sql): Reserving sql socket id: 1
rlm_sql_mysql: query: SELECT id, UserName, Attribute, Value, op FROM radcheck WHERE Username = 'test at some.domain.com' ORDER BY id
radius_xlat: 'SELECT radgroupcheck.id,radgroupcheck.GroupName,radgroupcheck.Attribute,radgroupcheck.Value,radgroupcheck.op FROM radgroupcheck,usergroup WHERE usergroup.Username = 'test at some.domain.com' AND usergroup.GroupName = radgroupcheck.GroupName ORDER BY radgroupcheck.id'
rlm_sql_mysql: query: SELECT radgroupcheck.id,radgroupcheck.GroupName,radgroupcheck.Attribute,radgroupcheck.Value,radgroupcheck.op FROM radgroupcheck,usergroup WHERE usergroup.Username = 'test at some.domain.com' AND usergroup.GroupName = radgroupcheck.GroupName ORDER BY radgroupcheck.id
radius_xlat: 'SELECT id, UserName, Attribute, Value, op FROM radreply WHERE Username = 'test at some.domain.com' ORDER BY id'
rlm_sql_mysql: query: SELECT id, UserName, Attribute, Value, op FROM radreply WHERE Username = 'test at some.domain.com' ORDER BY id
radius_xlat: 'SELECT radgroupreply.id,radgroupreply.GroupName,radgroupreply.Attribute,radgroupreply.Value,radgroupreply.op FROM radgroupreply,usergroup WHERE usergroup.Username = 'test at some.domain.com' AND usergroup.GroupName = radgroupreply.GroupName ORDER BY radgroupreply.id'
rlm_sql_mysql: query: SELECT radgroupreply.id,radgroupreply.GroupName,radgroupreply.Attribute,radgroupreply.Value,radgroupreply.op FROM radgroupreply,usergroup WHERE usergroup.Username = 'test at some.domain.com' AND usergroup.GroupName = radgroupreply.GroupName ORDER BY radgroupreply.id
rlm_sql (sql): Released sql socket id: 1
modcall[authorize]: module "sql" returns ok for request 5
modcall: leaving group authorize (returns updated) for request 5
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 5
rlm_eap: Request found, released from the list
rlm_eap: EAP/peap
rlm_eap: processing type peap
rlm_eap_peap: Authenticate
rlm_eap_tls: processing TLS
eaptls_verify returned 7
rlm_eap_tls: Done initial handshake
eaptls_process returned 7
rlm_eap_peap: EAPTLS_OK
rlm_eap_peap: Session established. Decoding tunneled attributes.
rlm_eap_peap: Identity - test at some.domain.com
rlm_eap_peap: Tunneled data is valid.
PEAP: Got tunneled EAP-Message
EAP-Message = 0x0206001301746573746540756e6573702e6272
PEAP: Got tunneled identity of test at some.domain.com
PEAP: Setting default EAP type for tunneled EAP session.
PEAP: Setting User-Name to test at some.domain.com
PEAP: Sending tunneled request
EAP-Message = 0x0206001301746573746540756e6573702e6272
FreeRADIUS-Proxied-To = 127.0.0.1
User-Name = "test at some.domain.com"
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 5
modcall[authorize]: module "preprocess" returns ok for request 5
radius_xlat: '/var/log/radacct/127.0.0.1/auth-detail-20080408'
rlm_detail: /var/log/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d expands to /var/log/radacct/127.0.0.1/auth-detail-20080408
modcall[authorize]: module "auth_log" returns ok for request 5
modcall[authorize]: module "mschap" returns noop for request 5
rlm_realm: Looking up realm "some.domain.com" for User-Name = "test at some.domain.com"
rlm_realm: Found realm "some.domain.com"
rlm_realm: Proxying request from user teste to realm some.domain.com
rlm_realm: Adding Realm = "some.domain.com"
rlm_realm: Authentication realm is LOCAL.
modcall[authorize]: module "suffix" returns noop for request 5
rlm_eap: EAP packet type response id 6 length 19
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 5
radius_xlat: 'test at some.domain.com'
rlm_sql (sql): sql_set_user escaped user --> 'test at some.domain.com'
radius_xlat: 'SELECT id, UserName, Attribute, Value, op FROM radcheck WHERE Username = 'test at some.domain.com' ORDER BY id'
rlm_sql (sql): Reserving sql socket id: 0
rlm_sql_mysql: query: SELECT id, UserName, Attribute, Value, op FROM radcheck WHERE Username = 'test at some.domain.com' ORDER BY id
radius_xlat: 'SELECT radgroupcheck.id,radgroupcheck.GroupName,radgroupcheck.Attribute,radgroupcheck.Value,radgroupcheck.op FROM radgroupcheck,usergroup WHERE usergroup.Username = 'test at some.domain.com' AND usergroup.GroupName = radgroupcheck.GroupName ORDER BY radgroupcheck.id'
rlm_sql_mysql: query: SELECT radgroupcheck.id,radgroupcheck.GroupName,radgroupcheck.Attribute,radgroupcheck.Value,radgroupcheck.op FROM radgroupcheck,usergroup WHERE usergroup.Username = 'test at some.domain.com' AND usergroup.GroupName = radgroupcheck.GroupName ORDER BY radgroupcheck.id
radius_xlat: 'SELECT id, UserName, Attribute, Value, op FROM radreply WHERE Username = 'test at some.domain.com' ORDER BY id'
rlm_sql_mysql: query: SELECT id, UserName, Attribute, Value, op FROM radreply WHERE Username = 'test at some.domain.com' ORDER BY id
radius_xlat: 'SELECT radgroupreply.id,radgroupreply.GroupName,radgroupreply.Attribute,radgroupreply.Value,radgroupreply.op FROM radgroupreply,usergroup WHERE usergroup.Username = 'test at some.domain.com' AND usergroup.GroupName = radgroupreply.GroupName ORDER BY radgroupreply.id'
rlm_sql_mysql: query: SELECT radgroupreply.id,radgroupreply.GroupName,radgroupreply.Attribute,radgroupreply.Value,radgroupreply.op FROM radgroupreply,usergroup WHERE usergroup.Username = 'test at some.domain.com' AND usergroup.GroupName = radgroupreply.GroupName ORDER BY radgroupreply.id
rlm_sql (sql): Released sql socket id: 0
modcall[authorize]: module "sql" returns ok for request 5
modcall: leaving group authorize (returns updated) for request 5
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 5
rlm_eap: EAP Identity
rlm_eap: processing type mschapv2
rlm_eap_mschapv2: Issuing Challenge
modcall[authenticate]: module "eap" returns handled for request 5
modcall: leaving group authenticate (returns handled) for request 5
PEAP: Got tunneled reply RADIUS code 11
EAP-Message = 0x010700281a010700231008a4d8ef8da7648f9e3b999692beb2d9746573746540756e6573702e6272
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x4c210b27974f76ea183dd958e64687f6
PEAP: Processing from tunneled session code 0x814c540 11
EAP-Message = 0x010700281a010700231008a4d8ef8da7648f9e3b999692beb2d9746573746540756e6573702e6272
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x4c210b27974f76ea183dd958e64687f6
PEAP: Got tunneled Access-Challenge
modcall[authenticate]: module "eap" returns handled for request 5
modcall: leaving group authenticate (returns handled) for request 5
Sending Access-Challenge of id 234 to xxx.xxx.xxx.xxx port 3072
EAP-Message = 0x0107004b1900170301004040e0c56b9292f315d4d01662f832bd6f36bbc14146db053b464da3e2d53a0a4c6b81806fd47bab5917f63c3f73e537e789c824f9c55feb37ef46a24176ede837
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x8ecf9b67323718ec2c911b6ca0d17892
Finished request 5
Going to the next request
Waking up in 6 seconds...
rad_recv: Access-Request packet from host xxx.xxx.xxx.xxx:3072, id=235, length=306
User-Name = "test at some.domain.com"
NAS-IP-Address = xxx.xxx.xxx.xxx
NAS-Port = 0
Called-Station-Id = "00032f3939ee"
Calling-Station-Id = "00195b3bb2ef"
NAS-Identifier = "Realtek Access Point. 8181"
NAS-Port-Type = Wireless-802.11
Service-Type = Framed-User
Connect-Info = "CONNECT 11Mbps 802.11b"
EAP-Message = 0x0207008019001703010018097c58bd0f7550fe69d20edc0338b113586aa977a1b8155e17030100587bf14aeb61246aed87d8cf406094493cebd1660d1f385298dcdf88440828c2052c5cb34136a89f75921f89dd4daba5c5bb3d146d56a00def6cdf669cec0947f1f80f2197cd79bcc4884cbf931c1c8a0556fba4743d260d11
State = 0x8ecf9b67323718ec2c911b6ca0d17892
Message-Authenticator = 0x62dfc88c5039a06086439e75ba25cd7b
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 6
modcall[authorize]: module "preprocess" returns ok for request 6
radius_xlat: '/var/log/radacct/xxx.xxx.xxx.xxx/auth-detail-20080408'
rlm_detail: /var/log/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d expands to /var/log/radacct/xxx.xxx.xxx.xxx/auth-detail-20080408
modcall[authorize]: module "auth_log" returns ok for request 6
modcall[authorize]: module "mschap" returns noop for request 6
rlm_realm: Looking up realm "some.domain.com" for User-Name = "test at some.domain.com"
rlm_realm: Found realm "some.domain.com"
rlm_realm: Proxying request from user teste to realm some.domain.com
rlm_realm: Adding Realm = "some.domain.com"
rlm_realm: Authentication realm is LOCAL.
modcall[authorize]: module "suffix" returns noop for request 6
rlm_eap: EAP packet type response id 7 length 128
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 6
radius_xlat: 'test at some.domain.com'
rlm_sql (sql): sql_set_user escaped user --> 'test at some.domain.com'
radius_xlat: 'SELECT id, UserName, Attribute, Value, op FROM radcheck WHERE Username = 'test at some.domain.com' ORDER BY id'
rlm_sql (sql): Reserving sql socket id: 1
rlm_sql_mysql: query: SELECT id, UserName, Attribute, Value, op FROM radcheck WHERE Username = 'test at some.domain.com' ORDER BY id
radius_xlat: 'SELECT radgroupcheck.id,radgroupcheck.GroupName,radgroupcheck.Attribute,radgroupcheck.Value,radgroupcheck.op FROM radgroupcheck,usergroup WHERE usergroup.Username = 'test at some.domain.com' AND usergroup.GroupName = radgroupcheck.GroupName ORDER BY radgroupcheck.id'
rlm_sql_mysql: query: SELECT radgroupcheck.id,radgroupcheck.GroupName,radgroupcheck.Attribute,radgroupcheck.Value,radgroupcheck.op FROM radgroupcheck,usergroup WHERE usergroup.Username = 'test at some.domain.com' AND usergroup.GroupName = radgroupcheck.GroupName ORDER BY radgroupcheck.id
radius_xlat: 'SELECT id, UserName, Attribute, Value, op FROM radreply WHERE Username = 'test at some.domain.com' ORDER BY id'
rlm_sql_mysql: query: SELECT id, UserName, Attribute, Value, op FROM radreply WHERE Username = 'test at some.domain.com' ORDER BY id
radius_xlat: 'SELECT radgroupreply.id,radgroupreply.GroupName,radgroupreply.Attribute,radgroupreply.Value,radgroupreply.op FROM radgroupreply,usergroup WHERE usergroup.Username = 'test at some.domain.com' AND usergroup.GroupName = radgroupreply.GroupName ORDER BY radgroupreply.id'
rlm_sql_mysql: query: SELECT radgroupreply.id,radgroupreply.GroupName,radgroupreply.Attribute,radgroupreply.Value,radgroupreply.op FROM radgroupreply,usergroup WHERE usergroup.Username = 'test at some.domain.com' AND usergroup.GroupName = radgroupreply.GroupName ORDER BY radgroupreply.id
rlm_sql (sql): Released sql socket id: 1
modcall[authorize]: module "sql" returns ok for request 6
modcall: leaving group authorize (returns updated) for request 6
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 6
rlm_eap: Request found, released from the list
rlm_eap: EAP/peap
rlm_eap: processing type peap
rlm_eap_peap: Authenticate
rlm_eap_tls: processing TLS
eaptls_verify returned 7
rlm_eap_tls: Done initial handshake
eaptls_process returned 7
rlm_eap_peap: EAPTLS_OK
rlm_eap_peap: Session established. Decoding tunneled attributes.
rlm_eap_peap: EAP type mschapv2
rlm_eap_peap: Tunneled data is valid.
PEAP: Got tunneled EAP-Message
EAP-Message = 0x020700401a0207003b31c46468a9049dbdcc059374d52be43ec400000000000000001c9c46053af9712fe75317261304952aff7418c766d6e14d007465737465
PEAP: Setting User-Name to test at some.domain.com
PEAP: Adding old state with 4c 21
PEAP: Sending tunneled request
EAP-Message = 0x020700401a0207003b31c46468a9049dbdcc059374d52be43ec400000000000000001c9c46053af9712fe75317261304952aff7418c766d6e14d007465737465
FreeRADIUS-Proxied-To = 127.0.0.1
User-Name = "test at some.domain.com"
State = 0x4c210b27974f76ea183dd958e64687f6
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 6
modcall[authorize]: module "preprocess" returns ok for request 6
radius_xlat: '/var/log/radacct/127.0.0.1/auth-detail-20080408'
rlm_detail: /var/log/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d expands to /var/log/radacct/127.0.0.1/auth-detail-20080408
modcall[authorize]: module "auth_log" returns ok for request 6
modcall[authorize]: module "mschap" returns noop for request 6
rlm_realm: Looking up realm "some.domain.com" for User-Name = "test at some.domain.com"
rlm_realm: Found realm "some.domain.com"
rlm_realm: Proxying request from user teste to realm some.domain.com
rlm_realm: Adding Realm = "some.domain.com"
rlm_realm: Authentication realm is LOCAL.
modcall[authorize]: module "suffix" returns noop for request 6
rlm_eap: EAP packet type response id 7 length 64
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 6
radius_xlat: 'test at some.domain.com'
rlm_sql (sql): sql_set_user escaped user --> 'test at some.domain.com'
radius_xlat: 'SELECT id, UserName, Attribute, Value, op FROM radcheck WHERE Username = 'test at some.domain.com' ORDER BY id'
rlm_sql (sql): Reserving sql socket id: 0
rlm_sql_mysql: query: SELECT id, UserName, Attribute, Value, op FROM radcheck WHERE Username = 'test at some.domain.com' ORDER BY id
radius_xlat: 'SELECT radgroupcheck.id,radgroupcheck.GroupName,radgroupcheck.Attribute,radgroupcheck.Value,radgroupcheck.op FROM radgroupcheck,usergroup WHERE usergroup.Username = 'test at some.domain.com' AND usergroup.GroupName = radgroupcheck.GroupName ORDER BY radgroupcheck.id'
rlm_sql_mysql: query: SELECT radgroupcheck.id,radgroupcheck.GroupName,radgroupcheck.Attribute,radgroupcheck.Value,radgroupcheck.op FROM radgroupcheck,usergroup WHERE usergroup.Username = 'test at some.domain.com' AND usergroup.GroupName = radgroupcheck.GroupName ORDER BY radgroupcheck.id
radius_xlat: 'SELECT id, UserName, Attribute, Value, op FROM radreply WHERE Username = 'test at some.domain.com' ORDER BY id'
rlm_sql_mysql: query: SELECT id, UserName, Attribute, Value, op FROM radreply WHERE Username = 'test at some.domain.com' ORDER BY id
radius_xlat: 'SELECT radgroupreply.id,radgroupreply.GroupName,radgroupreply.Attribute,radgroupreply.Value,radgroupreply.op FROM radgroupreply,usergroup WHERE usergroup.Username = 'test at some.domain.com' AND usergroup.GroupName = radgroupreply.GroupName ORDER BY radgroupreply.id'
rlm_sql_mysql: query: SELECT radgroupreply.id,radgroupreply.GroupName,radgroupreply.Attribute,radgroupreply.Value,radgroupreply.op FROM radgroupreply,usergroup WHERE usergroup.Username = 'test at some.domain.com' AND usergroup.GroupName = radgroupreply.GroupName ORDER BY radgroupreply.id
rlm_sql (sql): Released sql socket id: 0
modcall[authorize]: module "sql" returns ok for request 6
modcall: leaving group authorize (returns updated) for request 6
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 6
rlm_eap: Request found, released from the list
rlm_eap: EAP/mschapv2
rlm_eap: processing type mschapv2
Processing the authenticate section of radiusd.conf
modcall: entering group MS-CHAP for request 6
rlm_mschap: Told to do MS-CHAPv2 for test at some.domain.com with NT-Password
rlm_mschap: FAILED: MS-CHAP2-Response is incorrect
modcall[authenticate]: module "mschap" returns reject for request 6
modcall: leaving group MS-CHAP (returns reject) for request 6
rlm_eap: Freeing handler
modcall[authenticate]: module "eap" returns reject for request 6
modcall: leaving group authenticate (returns reject) for request 6
auth: Failed to validate the user.
Trying to look up name of unknown client 127.0.0.1.
Login incorrect: [test at some.domain.com/<no User-Password attribute>] (from client UNKNOWN-CLIENT port 0)
PEAP: Got tunneled reply RADIUS code 3
MS-CHAP-Error = "\007E=691 R=1"
EAP-Message = 0x04070004
Message-Authenticator = 0x00000000000000000000000000000000
PEAP: Processing from tunneled session code 0x814c580 3
MS-CHAP-Error = "\007E=691 R=1"
EAP-Message = 0x04070004
Message-Authenticator = 0x00000000000000000000000000000000
PEAP: Tunneled authentication was rejected.
rlm_eap_peap: FAILURE
modcall[authenticate]: module "eap" returns handled for request 6
modcall: leaving group authenticate (returns handled) for request 6
Sending Access-Challenge of id 235 to xxx.xxx.xxx.xxx port 3072
EAP-Message = 0x0108002b190017030100204f9c3f7cf2cfc129466b867acdfb475dcc3af95f2ced0c6372afd0ba0c0fa8a2
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xdd4feaf92f62dd58a7c02671a675bd37
Finished request 6
Going to the next request
Waking up in 6 seconds...
rad_recv: Access-Request packet from host xxx.xxx.xxx.xxx:3072, id=236, length=250
User-Name = "test at some.domain.com"
NAS-IP-Address = xxx.xxx.xxx.xxx
NAS-Port = 0
Called-Station-Id = "00032f3939ee"
Calling-Station-Id = "00195b3bb2ef"
NAS-Identifier = "Realtek Access Point. 8181"
NAS-Port-Type = Wireless-802.11
Service-Type = Framed-User
Connect-Info = "CONNECT 11Mbps 802.11b"
EAP-Message = 0x0208004819001703010018bd3ccdb7752e25d155d356f08ba1e02912ec8e16c8a8bf9817030100204b2bfca50409bfae77cc01432a5b5a30eabf8a4cbacc1f46646f5a586fae96ea
State = 0xdd4feaf92f62dd58a7c02671a675bd37
Message-Authenticator = 0x9a4d428deb0e6931a3a41cff9a3f7365
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 7
modcall[authorize]: module "preprocess" returns ok for request 7
radius_xlat: '/var/log/radacct/xxx.xxx.xxx.xxx/auth-detail-20080408'
rlm_detail: /var/log/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d expands to /var/log/radacct/xxx.xxx.xxx.xxx/auth-detail-20080408
modcall[authorize]: module "auth_log" returns ok for request 7
modcall[authorize]: module "mschap" returns noop for request 7
rlm_realm: Looking up realm "some.domain.com" for User-Name = "test at some.domain.com"
rlm_realm: Found realm "some.domain.com"
rlm_realm: Proxying request from user teste to realm some.domain.com
rlm_realm: Adding Realm = "some.domain.com"
rlm_realm: Authentication realm is LOCAL.
modcall[authorize]: module "suffix" returns noop for request 7
rlm_eap: EAP packet type response id 8 length 72
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 7
radius_xlat: 'test at some.domain.com'
rlm_sql (sql): sql_set_user escaped user --> 'test at some.domain.com'
radius_xlat: 'SELECT id, UserName, Attribute, Value, op FROM radcheck WHERE Username = 'test at some.domain.com' ORDER BY id'
rlm_sql (sql): Reserving sql socket id: 1
rlm_sql_mysql: query: SELECT id, UserName, Attribute, Value, op FROM radcheck WHERE Username = 'test at some.domain.com' ORDER BY id
radius_xlat: 'SELECT radgroupcheck.id,radgroupcheck.GroupName,radgroupcheck.Attribute,radgroupcheck.Value,radgroupcheck.op FROM radgroupcheck,usergroup WHERE usergroup.Username = 'test at some.domain.com' AND usergroup.GroupName = radgroupcheck.GroupName ORDER BY radgroupcheck.id'
rlm_sql_mysql: query: SELECT radgroupcheck.id,radgroupcheck.GroupName,radgroupcheck.Attribute,radgroupcheck.Value,radgroupcheck.op FROM radgroupcheck,usergroup WHERE usergroup.Username = 'test at some.domain.com' AND usergroup.GroupName = radgroupcheck.GroupName ORDER BY radgroupcheck.id
radius_xlat: 'SELECT id, UserName, Attribute, Value, op FROM radreply WHERE Username = 'test at some.domain.com' ORDER BY id'
rlm_sql_mysql: query: SELECT id, UserName, Attribute, Value, op FROM radreply WHERE Username = 'test at some.domain.com' ORDER BY id
radius_xlat: 'SELECT radgroupreply.id,radgroupreply.GroupName,radgroupreply.Attribute,radgroupreply.Value,radgroupreply.op FROM radgroupreply,usergroup WHERE usergroup.Username = 'test at some.domain.com' AND usergroup.GroupName = radgroupreply.GroupName ORDER BY radgroupreply.id'
rlm_sql_mysql: query: SELECT radgroupreply.id,radgroupreply.GroupName,radgroupreply.Attribute,radgroupreply.Value,radgroupreply.op FROM radgroupreply,usergroup WHERE usergroup.Username = 'test at some.domain.com' AND usergroup.GroupName = radgroupreply.GroupName ORDER BY radgroupreply.id
rlm_sql (sql): Released sql socket id: 1
modcall[authorize]: module "sql" returns ok for request 7
modcall: leaving group authorize (returns updated) for request 7
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 7
rlm_eap: Request found, released from the list
rlm_eap: EAP/peap
rlm_eap: processing type peap
rlm_eap_peap: Authenticate
rlm_eap_tls: processing TLS
eaptls_verify returned 7
rlm_eap_tls: Done initial handshake
eaptls_process returned 7
rlm_eap_peap: EAPTLS_OK
rlm_eap_peap: Session established. Decoding tunneled attributes.
rlm_eap_peap: Received EAP-TLV response.
rlm_eap_peap: Tunneled data is valid.
rlm_eap_peap: Had sent TLV failure. User was rejcted rejected earlier in this session.
rlm_eap: Handler failed in EAP/peap
rlm_eap: Failed in EAP select
modcall[authenticate]: module "eap" returns invalid for request 7
modcall: leaving group authenticate (returns invalid) for request 7
auth: Failed to validate the user.
Login incorrect: [test at some.domain.com/<no User-Password attribute>] (from client AP01-GRC port 0 cli 00195b3bb2ef)
Delaying request 7 for 1 seconds
Finished request 7
Going to the next request
Waking up in 6 seconds...
---------- Início da mensagem original -----------
De: freeradius-users-bounces+tiodacio=bol.com.br at lists.freeradius.org
Para: "FreeRadius users mailing list" freeradius-users at lists.freeradius.org
Cc:
Data: Tue, 08 Apr 2008 14:32:01 +0100
Assunto: Re: Authenticate with FreeRadius + MySQL + PEAP
> Debug of the request?
>
> Ivan Kalik
> Kalik Informatika ISP
>
>
> Dana 8/4/2008, "tiodacio" <tiodacio at bol.com.br> pise:
>
> >Hi,
> >
> >I'm using FreeRADIUS Version 1.1.6 for Freebsd 6.2 to authenticate Wi-Fi clients. Im using WPA2. My users are in a MySQL database and i'm using EAP-PEAP and mschapv2 for authentication.
> >
> >When i create a user "test", for example, in the radcheck table and configure this user in a Windows XP the authentication proceeds without problem, but when i create a user "test at some.domain.com" in radcheck and configure this user in Windows XP client, the authentication fails.
> >
> >In my proxy.conf i have two entries, the realm NULL and the realm some.domain.com, both authenticating locally, and the realm some.domain.com with the nostrip option. In my radiusd.conf, i'm using realm suffix with @ as delimiter.
> >
> >The strange is that with the same configuration, the user "test" was authenticate correctly but the user "test at some.domain.com" was not. Any suggestions?
> >
> >Follow my configuration options:
> >
> >Config: including file: /usr/local/etc/raddb/proxy.conf
> >Config: including file: /usr/local/etc/raddb/clients.conf
> >Config: including file: /usr/local/etc/raddb/eap.conf
> >Config: including file: /usr/local/etc/raddb/sql.conf
> > main: prefix = "/usr/local"
> > main: localstatedir = "/var"
> > main: logdir = "/var/log"
> > main: libdir = "/usr/local/lib"
> > main: radacctdir = "/var/log/radacct"
> > main: hostname_lookups = no
> > main: max_request_time = 30
> > main: cleanup_delay = 5
> > main: max_requests = 1024
> > main: delete_blocked_requests = 0
> > main: port = 1812
> > main: allow_core_dumps = no
> > main: log_stripped_names = yes
> > main: log_file = "/var/log/radius.log"
> > main: log_auth = yes
> > main: log_auth_badpass = yes
> > main: log_auth_goodpass = yes
> > main: pidfile = "/var/run/radiusd/radiusd.pid"
> > main: bind_address = xxx.xxx.xxx.xxx IP address [xxx.xxx.xxx.xxx]
> > main: user = "(null)"
> > main: group = "(null)"
> > main: usercollide = no
> > main: lower_user = "no"
> > main: lower_pass = "no"
> > main: nospace_user = "no"
> > main: nospace_pass = "no"
> > main: checkrad = "/usr/local/sbin/checkrad"
> > main: proxy_requests = yes
> > proxy: retry_delay = 5
> > proxy: retry_count = 3
> > proxy: synchronous = no
> > proxy: default_fallback = yes
> > proxy: dead_time = 120
> > proxy: post_proxy_authorize = no
> > proxy: wake_all_if_all_dead = no
> > security: max_attributes = 200
> > security: reject_delay = 1
> > security: status_server = no
> > main: debug_level = 0
> >read_config_files: reading dictionary
> >read_config_files: reading naslist
> >Using deprecated naslist file. Support for this will go away soon.
> >read_config_files: reading clients
> >read_config_files: reading realms
> >radiusd: entering modules setup
> >Module: Library search path is /usr/local/lib
> >Module: Loaded MS-CHAP
> > mschap: use_mppe = no
> > mschap: require_encryption = yes
> > mschap: require_strong = yes
> > mschap: with_ntdomain_hack = no
> > mschap: passwd = "(null)"
> > mschap: ntlm_auth = "(null)"
> >Module: Instantiated mschap (mschap)
> >Module: Loaded eap
> > eap: default_eap_type = "peap"
> > eap: timer_expire = 60
> > eap: ignore_unknown_eap_types = no
> > eap: cisco_accounting_username_bug = no
> > tls: rsa_key_exchange = no
> > tls: dh_key_exchange = yes
> > tls: rsa_key_length = 512
> > tls: dh_key_length = 512
> > tls: verify_depth = 0
> > tls: CA_path = "(null)"
> > tls: pem_file_type = yes
> > tls: private_key_file = "/usr/local/etc/raddb/certs/cert-srv.pem"
> > tls: certificate_file = "/usr/local/etc/raddb/certs/cert-srv.pem"
> > tls: CA_file = "/usr/local/etc/raddb/certs/demoCA/cacert.pem"
> > tls: private_key_password = "whatever"
> > tls: dh_file = "/usr/local/etc/raddb/certs/dh"
> > tls: random_file = "/usr/local/etc/raddb/certs/random"
> > tls: fragment_size = 1024
> > tls: include_length = yes
> > tls: check_crl = no
> > tls: check_cert_cn = "(null)"
> > tls: cipher_list = "(null)"
> > tls: check_cert_issuer = "(null)"
> >rlm_eap_tls: Loading the certificate file as a chain
> >rlm_eap: Loaded and initialized type tls
> > peap: default_eap_type = "mschapv2"
> > peap: copy_request_to_tunnel = no
> > peap: use_tunneled_reply = no
> > peap: proxy_tunneled_request_as_eap = yes
> >rlm_eap: Loaded and initialized type peap
> > mschapv2: with_ntdomain_hack = no
> >rlm_eap: Loaded and initialized type mschapv2
> >Module: Instantiated eap (eap)
> >Module: Loaded preprocess
> > preprocess: huntgroups = "/usr/local/etc/raddb/huntgroups"
> > preprocess: hints = "/usr/local/etc/raddb/hints"
> > preprocess: with_ascend_hack = no
> > preprocess: ascend_channels_per_line = 23
> > preprocess: with_ntdomain_hack = no
> > preprocess: with_specialix_jetstream_hack = no
> > preprocess: with_cisco_vsa_hack = no
> > preprocess: with_alvarion_vsa_hack = no
> >Module: Instantiated preprocess (preprocess)
> >Module: Loaded detail
> > detail: detailfile = "/var/log/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d"
> > detail: detailperm = 384
> > detail: dirperm = 493
> > detail: locking = no
> >Module: Instantiated detail (auth_log)
> >Module: Loaded realm
> > realm: format = "suffix"
> > realm: delimiter = "@"
> > realm: ignore_default = no
> > realm: ignore_null = no
> >Module: Instantiated realm (suffix)
> >Module: Loaded SQL
> > sql: driver = "rlm_sql_mysql"
> > sql: server = "localhost"
> > sql: port = ""
> > sql: login = "root"
> > sql: password = "xxxxxxxxxxxx"
> > sql: radius_db = "phpradmin"
> > sql: nas_table = "nas"
> > sql: sqltrace = yes
> > sql: sqltracefile = "/var/log/sqltrace.sql"
> > sql: readclients = yes
> > sql: deletestalesessions = yes
> > sql: num_sql_socks = 2
> > sql: sql_user_name = "%{Stripped-User-Name:-%{User-Name:-DEFAULT}}"
> > sql: default_user_profile = ""
> > sql: query_on_not_found = no
> > sql: authorize_check_query = "SELECT id, UserName, Attribute, Value, op FROM radcheck WHERE Username = '%{SQL-User-Name}' ORDER BY id"
> > sql: authorize_reply_query = "SELECT id, UserName, Attribute, Value, op FROM radreply WHERE Username = '%{SQL-User-Name}' ORDER BY id"
> > sql: authorize_group_check_query = "SELECT radgroupcheck.id,radgroupcheckGroupName,radgroupcheck.Attribute,radgroupcheck.Value,radgroupcheck.op FROM radgroupcheck,usergroup WHERE usergroup.Username = '%{SQL-User-Name}' AND usergroup.GroupName = radgroupcheck.GroupName ORDER BY radgroupcheck.id"
> > sql: authorize_group_reply_query = "SELECT radgroupreply.id,radgroupreplyGroupName,radgroupreply.Attribute,radgroupreply.Value,radgroupreply.op FROM radgroupreply,usergroup WHERE usergroup.Username = '%{SQL-User-Name}' AND usergroup.GroupName = radgroupreply.GroupName ORDER BY radgroupreply.id"
> > sql: accounting_onoff_query = "UPDATE radacct SET AcctStopTime='%S', AcctSessionTime=unix_timestamp('%S') - unix_timestamp(AcctStartTime), AcctTerminateCause='%{Acct-Terminate-Cause}', AcctStopDelay = '%{Acct-Delay-Time}' WHERE AcctSessionTime=0 AND AcctStopTime=0 AND NASIPAddress= '%{NAS-IP-Address}' AND AcctStartTime <= '%S'"
> > sql: accounting_update_query = "UPDATE radacct SET FramedIPAddress = '%{Framed-IP-Address}', AcctSessionTime = '%{Acct-Session-Time}', AcctInputOctets = '%{Acct-Input-Octets}', AcctOutputOctets = '%{Acct-Output-Octets}' WHERE AcctSessionId = '%{Acct-Session-Id}' AND UserName = '%{SQL-User-Name}' AND NASIPAddress= '%{NAS-IP-Address}'"
> > sql: accounting_update_query_alt = "INSERT into radacct (AcctSessionId, AcctUniqueId, UserName, Realm, NASIPAddress, NASPortId, NASPortType, AcctStartTime, AcctSessionTime, AcctAuthentic, ConnectInfo_start, AcctInputOctets, AcctOutputOctets, CalledStationId, CallingStationId, ServiceType, FramedProtocol, FramedIPAddress, AcctStartDelay) values('%{Acct-Session-Id}', '%{Acct-Unique-Session-Id}', '%{SQL-User-Name}', '%{Realm}', '%{NAS-IP-Address}', '%{NAS-Port}', '%{NAS-Port-Type}', DATE_SUB('%S',INTERVAL (%{Acct-Session-Time:-0} + %{Acct-Delay-Time:-0}) SECOND), '%{Acct-Session-Time}', '%{Acct-Authentic}', '', '%{Acct-Input-Octets}', '%{Acct-Output-Octets}', '%{Called-Station-Id}', '%{Calling-Station-Id}', '%{Service-Type}', '%{Framed-Protocol}', '%{Framed-IP-Address}', '0')"
> > sql: accounting_start_query = "INSERT into radacct (AcctSessionId, AcctUniqueId, UserName, Realm, NASIPAddress, NASPortId, NASPortType, AcctStartTime, AcctStopTime, AcctSessionTime, AcctAuthentic, ConnectInfo_start, ConnectInfo_stop, AcctInputOctets, AcctOutputOctets, CalledStationId, CallingStationId, AcctTerminateCause, ServiceType, FramedProtocol, FramedIPAddress, AcctStartDelay, AcctStopDelay) values('%{Acct-Session-Id}', '%{Acct-Unique-Session-Id}', '%{SQL-User-Name}', '%{Realm}', '%{NAS-IP-Address}', '%{NAS-Port}', '%{NAS-Port-Type}', '%S', '0', '0', '%{Acct-Authentic}', '%{Connect-Info}', '', '0', '0', '%{Called-Station-Id}', '%{Calling-Station-Id}', '', '%{Service-Type}', '%{Framed-Protocol}', '%{Framed-IP-Address}', '%{Acct-Delay-Time}', '0')"
> > sql: accounting_start_query_alt = "UPDATE radacct SET AcctStartTime = '%S', AcctStartDelay = '%{Acct-Delay-Time}', ConnectInfo_start = '%{Connect-Info}' WHERE AcctSessionId = '%{Acct-Session-Id}' AND UserName = '%{SQL-User-Name}' AND NASIPAddress = '%{NAS-IP-Address}'"
> > sql: accounting_stop_query = "UPDATE radacct SET AcctStopTime = '%S', AcctSessionTime = '%{Acct-Session-Time}', AcctInputOctets = '%{Acct-Input-Octets}', AcctOutputOctets = '%{Acct-Output-Octets}', AcctTerminateCause = '%{Acct-Terminate-Cause}', AcctStopDelay = '%{Acct-Delay-Time}', ConnectInfo_stop = '%{Connect-Info}' WHERE AcctSessionId = '%{Acct-Session-Id}' AND UserName = '%{SQL-User-Name}' AND NASIPAddress = '%{NAS-IP-Address}'"
> > sql: accounting_stop_query_alt = "INSERT into radacct (AcctSessionId, AcctUniqueId, UserName, Realm, NASIPAddress, NASPortId, NASPortType, AcctStartTime, AcctStopTime, AcctSessionTime, AcctAuthentic, ConnectInfo_start, ConnectInfo_stop, AcctInputOctets, AcctOutputOctets, CalledStationId, CallingStationId, AcctTerminateCause, ServiceType, FramedProtocol, FramedIPAddress, AcctStartDelay, AcctStopDelay) values('%{Acct-Session-Id}', '%{Acct-Unique-Session-Id}', '%{SQL-User-Name}', '%{Realm}', '%{NAS-IP-Address}', '%{NAS-Port}', '%{NAS-Port-Type}', DATE_SUB('%S', INTERVAL (%{Acct-Session-Time:-0} + %{Acct-Delay-Time:-0}) SECOND), '%S', '%{Acct-Session-Time}', '%{Acct-Authentic}', '', '%{Connect-Info}', '%{Acct-Input-Octets}', '%{Acct-Output-Octets}', '%{Called-Station-Id}', '%{Calling-Station-Id}', '%{Acct-Terminate-Cause}', '%{Service-Type}', '%{Framed-Protocol}', '%{Framed-IP-Address}', '0', '%{Acct-Delay-Time}')"
> > sql: group_membership_query = "SELECT GroupName FROM usergroup WHERE UserName='%{SQL-User-Name}'"
> > sql: connect_failure_retry_delay = 60
> > sql: simul_count_query = ""
> > sql: simul_verify_query = "SELECT RadAcctId, AcctSessionId, UserName, NASIPAddress, NASPortId, FramedIPAddress, CallingStationId, FramedProtocol FROM radacct WHERE UserName='%{SQL-User-Name}' AND AcctStopTime = 0"
> > sql: postauth_query = "INSERT into radpostauth (id, user, pass, reply, date) values ('', '%{User-Name}', '%{User-Password:-Chap-Password}', '%{reply:Packet-Type}', NOW())"
> > sql: safe-characters = "@abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789.-_: /"
> >rlm_sql (sql): Driver rlm_sql_mysql (module rlm_sql_mysql) loaded and linked
> >rlm_sql (sql): Attempting to connect to root at localhost:/phpradmin
> >rlm_sql (sql): starting 0
> >rlm_sql (sql): Attempting to connect rlm_sql_mysql #0
> >rlm_sql_mysql: Starting connect to MySQL server for #0
> >rlm_sql (sql): Connected new DB handle, #0
> >rlm_sql (sql): starting 1
> >rlm_sql (sql): Attempting to connect rlm_sql_mysql #1
> >rlm_sql_mysql: Starting connect to MySQL server for #1
> >rlm_sql (sql): Connected new DB handle, #1
> >rlm_sql (sql): - generate_sql_clients
> >rlm_sql (sql): Query: SELECT * FROM nas
> >rlm_sql (sql): Reserving sql socket id: 1
> >rlm_sql_mysql: query: SELECT * FROM nas
> >rlm_sql (sql): Read entry nasname=xxx.xxx.xxx.xxx,shortname=Localhost,secret=xxxxxxxx
> >rlm_sql (sql): Adding client xxx.xxx.xxx.xxx (Localhost) to clients list
> >rlm_sql (sql): Read entry nasname=xxx.xxx.xxx.xxx,shortname=AP01,secret=xxxxxxxx
> >rlm_sql (sql): Adding client xxx.xxx.xxx.xxx (AP01) to clients list
> >rlm_sql (sql): Released sql socket id: 1
> >Module: Instantiated sql (sql)
> >Module: Loaded Acct-Unique-Session-Id
> > acct_unique: key = "User-Name, Acct-Session-Id, NAS-IP-Address, Client-IP-Address, NAS-Port"
> >Module: Instantiated acct_unique (acct_unique)
> > detail: detailfile = "/var/log/radacct/%{Client-IP-Address}/pre-proxy-detail-%Y%m%d"
> > detail: detailperm = 384
> > detail: dirperm = 493
> > detail: locking = no
> >Module: Instantiated detail (pre_proxy_log)
> > detail: detailfile = "/var/log/radacct/%{Client-IP-Address}/reply-detail-%Y%m%d"
> > detail: detailperm = 384
> > detail: dirperm = 493
> > detail: locking = no
> >Module: Instantiated detail (reply_log)
> >Listening on authentication xxx.xxx.xxx.xxx:1812
> >Listening on accounting xxx.xxx.xxx.xxx:1813
> >Ready to process requests.
> >
> >
> >-
> >List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
> >
> >
>
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>
More information about the Freeradius-Users
mailing list