eap/ttls proxy: No EAP session matching the State variable.

Kadlecsik Jozsef kadlec at mail.kfki.hu
Wed Sep 1 11:06:26 CEST 2010


Hi,

We have a working freeradius setup, with one exception: when guests try to 
authenticate (EduRoam) it always fails. The setup is EAP/TTLS and what we 
tested so far: wpa_supplicant/Windows Vista behind D-Link DWS-3024; 
wpa_supplicant behind Linksys WRT45GL; eapol_test running directly at the 
radius server machine.

We run freeradius 2.1.9 - the proxy server we communicate with runs 
freeradius-1.0.1-3.RHEL4.5.

What can be the reason of the problem? A misconfiguration on our part? Or 
a compatibility issue? Other partners reportedly can use that proxy server 
successfully, our users too when they are guests at other places.

Here follows the output of eapol_test:

Reading configuration file 'config'
ap_scan=1
ctrl_interface='/var/run/wpa_supplicant'
Line: 3 - start of a new network block
ssid - hexdump_ascii(len=7):
     65 64 75 72 6f 61 6d                              eduroam         
scan_ssid=0 (0x0)
proto: 0x3
key_mgmt: 0x1
pairwise: 0x18
group: 0x18
eap methods - hexdump(len=16): 00 00 00 00 15 00 00 00 00 00 00 00 00 00 00 00
anonymous_identity - hexdump_ascii(len=26):
     61 6e 6f 6e 79 6d 6f 75 73 40 74 65 73 7a 74 2e   anonymous at teszt.
     65 64 75 72 6f 61 6d 2e 68 75                     eduroam.hu      
ca_path - hexdump_ascii(len=14):
     2f 65 74 63 2f 73 73 6c 2f 63 65 72 74 73         /etc/ssl/certs  
identity - hexdump_ascii(len=23):
     6b 61 64 6c 65 63 40 74 65 73 7a 74 2e 65 64 75   kadlec at teszt.edu
     72 6f 61 6d 2e 68 75                              roam.hu         
password - hexdump_ascii(len=8):
     XX XX XX XX XX XX XX XX                           XXXXXX        
phase2 - hexdump_ascii(len=8):
     61 75 74 68 3d 50 41 50                           auth=PAP        
Priority group 0
   id=0 ssid='eduroam'
Authentication server 148.6.0.31:1812
RADIUS local address: 127.0.0.1:43327
EAPOL: SUPP_PAE entering state DISCONNECTED
EAPOL: KEY_RX entering state NO_KEY_RECEIVE
EAPOL: SUPP_BE entering state INITIALIZE
EAP: EAP entering state DISABLED
EAPOL: External notification - portValid=0
EAPOL: External notification - portEnabled=1
EAPOL: SUPP_PAE entering state CONNECTING
EAPOL: SUPP_BE entering state IDLE
EAP: EAP entering state INITIALIZE
EAP: EAP entering state IDLE
Sending fake EAP-Request-Identity
EAPOL: Received EAP-Packet frame
EAPOL: SUPP_PAE entering state RESTART
EAP: EAP entering state INITIALIZE
EAP: EAP entering state IDLE
EAPOL: SUPP_PAE entering state AUTHENTICATING
EAPOL: SUPP_BE entering state REQUEST
EAPOL: getSuppRsp
EAP: EAP entering state RECEIVED
EAP: Received EAP-Request id=0 method=1 vendor=0 vendorMethod=0
EAP: EAP entering state IDENTITY
CTRL-EVENT-EAP-STARTED EAP authentication started
EAP: EAP-Request Identity data - hexdump_ascii(len=0):
EAP: using anonymous identity - hexdump_ascii(len=26):
     61 6e 6f 6e 79 6d 6f 75 73 40 74 65 73 7a 74 2e   anonymous at teszt.
     65 64 75 72 6f 61 6d 2e 68 75                     eduroam.hu      
EAP: EAP entering state SEND_RESPONSE
EAP: EAP entering state IDLE
EAPOL: SUPP_BE entering state RESPONSE
EAPOL: txSuppRsp
WPA: eapol_test_eapol_send(type=0 len=31)
TX EAP -> RADIUS - hexdump(len=31): 02 00 00 1f 01 61 6e 6f 6e 79 6d 6f 75 73 40 74 65 73 7a 74 2e 65 64 75 72 6f 61 6d 2e 68 75
Encapsulating EAP message into a RADIUS packet
Learned identity from EAP-Response-Identity - hexdump(len=26): 61 6e 6f 6e 79 6d 6f 75 73 40 74 65 73 7a 74 2e 65 64 75 72 6f 61 6d 2e 68 75
Sending RADIUS message to authentication server
RADIUS message: code=1 (Access-Request) identifier=0 length=160
   Attribute 1 (User-Name) length=28
      Value: 'anonymous at teszt.eduroam.hu'
   Attribute 4 (NAS-IP-Address) length=6
      Value: 127.0.0.1
   Attribute 31 (Calling-Station-Id) length=19
      Value: '02-00-00-00-00-01'
   Attribute 12 (Framed-MTU) length=6
      Value: 1400
   Attribute 61 (NAS-Port-Type) length=6
      Value: 19
   Attribute 77 (Connect-Info) length=24
      Value: 'CONNECT 11Mbps 802.11b'
   Attribute 79 (EAP-Message) length=33
      Value: 02 00 00 1f 01 61 6e 6f 6e 79 6d 6f 75 73 40 74 65 73 7a 74 2e 65 64 75 72 6f 61 6d 2e 68 75
   Attribute 80 (Message-Authenticator) length=18
      Value: 70 6e 57 1e dc ed 36 e3 3c fa 25 dd cf fa 74 c1
Next RADIUS client retransmit in 3 seconds

EAPOL: SUPP_BE entering state RECEIVE
Received 80 bytes from RADIUS server
Received RADIUS message
RADIUS message: code=11 (Access-Challenge) identifier=0 length=80
   Attribute 79 (EAP-Message) length=24
      Value: 01 01 00 16 04 10 22 d3 f4 e0 40 54 d1 41 de 2d b7 47 ed 24 dd ba
   Attribute 80 (Message-Authenticator) length=18
      Value: 5f 4c 2d 96 f6 19 04 e5 12 f0 4f 8e ed 6c ae c7
   Attribute 24 (State) length=18
      Value: 83 69 c1 18 5f 3a bd 42 77 dd 09 89 23 78 83 a5
STA 02:00:00:00:00:01: Received RADIUS packet matched with a pending request, round trip time 0.00 sec

RADIUS packet matching with station
decapsulated EAP packet (code=1 id=1 len=22) from RADIUS server: EAP-Request-MD5 (4)
EAPOL: Received EAP-Packet frame
EAPOL: SUPP_BE entering state REQUEST
EAPOL: getSuppRsp
EAP: EAP entering state RECEIVED
EAP: Received EAP-Request id=1 method=4 vendor=0 vendorMethod=0
EAP: EAP entering state GET_METHOD
EAP: configuration does not allow: vendor 0 method 4
EAP: vendor 0 method 4 not allowed
EAP: Building EAP-Nak (requested type 4 vendor=0 method=0 not allowed)
EAP: allowed methods - hexdump(len=1): 15
EAP: EAP entering state SEND_RESPONSE
EAP: EAP entering state IDLE
EAPOL: SUPP_BE entering state RESPONSE
EAPOL: txSuppRsp
WPA: eapol_test_eapol_send(type=0 len=6)
TX EAP -> RADIUS - hexdump(len=6): 02 01 00 06 03 15
Encapsulating EAP message into a RADIUS packet
  Copied RADIUS State Attribute
Sending RADIUS message to authentication server
RADIUS message: code=1 (Access-Request) identifier=1 length=153
   Attribute 1 (User-Name) length=28
      Value: 'anonymous at teszt.eduroam.hu'
   Attribute 4 (NAS-IP-Address) length=6
      Value: 127.0.0.1
   Attribute 31 (Calling-Station-Id) length=19
      Value: '02-00-00-00-00-01'
   Attribute 12 (Framed-MTU) length=6
      Value: 1400
   Attribute 61 (NAS-Port-Type) length=6
      Value: 19
   Attribute 77 (Connect-Info) length=24
      Value: 'CONNECT 11Mbps 802.11b'
   Attribute 79 (EAP-Message) length=8
      Value: 02 01 00 06 03 15
   Attribute 24 (State) length=18
      Value: 83 69 c1 18 5f 3a bd 42 77 dd 09 89 23 78 83 a5
   Attribute 80 (Message-Authenticator) length=18
      Value: 58 cd ca e3 8a ac bb 23 e6 22 0e 72 24 ef 56 27
Next RADIUS client retransmit in 3 seconds

EAPOL: SUPP_BE entering state RECEIVE
Received 64 bytes from RADIUS server
Received RADIUS message
RADIUS message: code=11 (Access-Challenge) identifier=1 length=64
   Attribute 79 (EAP-Message) length=8
      Value: 01 02 00 06 15 20
   Attribute 80 (Message-Authenticator) length=18
      Value: 29 b0 ab fc 91 ab 54 b8 ba 53 37 75 36 90 52 6a
   Attribute 24 (State) length=18
      Value: 44 79 a4 5f ed 64 34 ea 95 59 f7 21 7d 23 51 e7
STA 02:00:00:00:00:01: Received RADIUS packet matched with a pending request, round trip time 0.00 sec

RADIUS packet matching with station
decapsulated EAP packet (code=1 id=2 len=6) from RADIUS server: EAP-Request-TTLS (21)
EAPOL: Received EAP-Packet frame
EAPOL: SUPP_BE entering state REQUEST
EAPOL: getSuppRsp
EAP: EAP entering state RECEIVED
EAP: Received EAP-Request id=2 method=21 vendor=0 vendorMethod=0
EAP: EAP entering state GET_METHOD
EAP: Initialize selected EAP method: vendor 0 method 21 (TTLS)
EAP-TTLS: Phase2 type: PAP
CTRL-EVENT-EAP-METHOD EAP vendor 0 method 21 (TTLS) selected
EAP: EAP entering state METHOD
SSL: Received packet(len=6) - Flags 0x20
EAP-TTLS: Start (server ver=0, own ver=0)
TLS: using phase1 config options
TLS: Trusted root certificate(s) loaded
EAP-TTLS: Start
SSL: (where=0x10 ret=0x1)
SSL: (where=0x1001 ret=0x1)
SSL: SSL_connect:before/connect initialization
SSL: (where=0x1001 ret=0x1)
SSL: SSL_connect:SSLv3 write client hello A
SSL: (where=0x1002 ret=0xffffffff)
SSL: SSL_connect:error in SSLv3 read server hello A
SSL: SSL_connect - want more data
SSL: 87 bytes pending from ssl_out
SSL: 87 bytes left to be sent out (of total 87 bytes)
EAP: method process -> ignore=FALSE methodState=MAY_CONT decision=FAIL
EAP: EAP entering state SEND_RESPONSE
EAP: EAP entering state IDLE
EAPOL: SUPP_BE entering state RESPONSE
EAPOL: txSuppRsp
WPA: eapol_test_eapol_send(type=0 len=93)
TX EAP -> RADIUS - hexdump(len=93): 02 02 00 5d 15 00 16 03 01 00 52 01 00 00 4e 03 01 4c 7d 06 b5 35 a7 02 a3 28 f3 ce 39 c4 66 ca 50 01 f7 88 dc 64 fb 4f a8 7d 35 02 30 a4 0c 2c e9 00 00 26 00 39 00 38 00 35 00 16 00 13 00 0a 00 33 00 32 00 2f 00 05 00 04 00 15 00 12 00 09 00 14 00 11 00 08 00 06 00 03 02 01 00
Encapsulating EAP message into a RADIUS packet
  Copied RADIUS State Attribute
Sending RADIUS message to authentication server
RADIUS message: code=1 (Access-Request) identifier=2 length=240
   Attribute 1 (User-Name) length=28
      Value: 'anonymous at teszt.eduroam.hu'
   Attribute 4 (NAS-IP-Address) length=6
      Value: 127.0.0.1
   Attribute 31 (Calling-Station-Id) length=19
      Value: '02-00-00-00-00-01'
   Attribute 12 (Framed-MTU) length=6
      Value: 1400
   Attribute 61 (NAS-Port-Type) length=6
      Value: 19
   Attribute 77 (Connect-Info) length=24
      Value: 'CONNECT 11Mbps 802.11b'
   Attribute 79 (EAP-Message) length=95
      Value: 02 02 00 5d 15 00 16 03 01 00 52 01 00 00 4e 03 01 4c 7d 06 b5 35 a7 02 a3 28 f3 ce 39 c4 66 ca 50 01 f7 88 dc 64 fb 4f a8 7d 35 02 30 a4 0c 2c e9 00 00 26 00 39 00 38 00 35 00 16 00 13 00 0a 00 33 00 32 00 2f 00 05 00 04 00 15 00 12 00 09 00 14 00 11 00 08 00 06 00 03 02 01 00
   Attribute 24 (State) length=18
      Value: 44 79 a4 5f ed 64 34 ea 95 59 f7 21 7d 23 51 e7
   Attribute 80 (Message-Authenticator) length=18
      Value: 33 8c 32 7f 4f 8e f7 b0 23 41 94 98 3b 9d 10 4e
Next RADIUS client retransmit in 3 seconds

EAPOL: SUPP_BE entering state RECEIVE
Received 20 bytes from RADIUS server
Received RADIUS message
RADIUS message: code=3 (Access-Reject) identifier=2 length=20
STA 02:00:00:00:00:01: Received RADIUS packet matched with a pending request, round trip time 1.00 sec

Allowing RADIUS Access-Reject without Message-Authenticator since it does not include EAP-Message

RADIUS packet matching with station
could not extract EAP-Message from RADIUS message
EAPOL: EAP key not available
EAP: deinitialize previously used EAP method (21, TTLS) at EAP deinit
MPPE keys OK: 0  mismatch: 1
FAILURE

And the debugging log of our freeradius server:

FreeRADIUS Version 2.1.9, for host i486-pc-linux-gnu, built on Aug 25 2010 at 10:18:45
Copyright (C) 1999-2009 The FreeRADIUS server project and contributors. 
There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A 
PARTICULAR PURPOSE. 
You may redistribute copies of FreeRADIUS under the terms of the 
GNU General Public License v2. 
Starting - reading configuration files ...
including configuration file /etc/freeradius/radiusd.conf
including configuration file /etc/freeradius/proxy.conf
including configuration file /etc/freeradius/clients.conf
including files in directory /etc/freeradius/modules/
including configuration file /etc/freeradius/modules/always
including configuration file /etc/freeradius/modules/attr_filter
including configuration file /etc/freeradius/modules/attr_rewrite
including configuration file /etc/freeradius/modules/chap
including configuration file /etc/freeradius/modules/checkval
including configuration file /etc/freeradius/modules/counter
including configuration file /etc/freeradius/modules/detail
including configuration file /etc/freeradius/modules/detail.example.com
including configuration file /etc/freeradius/modules/detail.log
including configuration file /etc/freeradius/modules/digest
including configuration file /etc/freeradius/modules/echo
including configuration file /etc/freeradius/modules/etc_group
including configuration file /etc/freeradius/modules/exec
including configuration file /etc/freeradius/modules/expiration
including configuration file /etc/freeradius/modules/expr
including configuration file /etc/freeradius/modules/files
including configuration file /etc/freeradius/modules/inner-eap
including configuration file /etc/freeradius/modules/ippool
including configuration file /etc/freeradius/modules/krb5
including configuration file /etc/freeradius/modules/ldap
including configuration file /etc/freeradius/modules/linelog
including configuration file /etc/freeradius/modules/logintime
including configuration file /etc/freeradius/modules/mac2ip
including configuration file /etc/freeradius/modules/mac2vlan
including configuration file /etc/freeradius/modules/mschap
including configuration file /etc/freeradius/modules/pam
including configuration file /etc/freeradius/modules/pap
including configuration file /etc/freeradius/modules/passwd
including configuration file /etc/freeradius/modules/policy
including configuration file /etc/freeradius/modules/preprocess
including configuration file /etc/freeradius/modules/radutmp
including configuration file /etc/freeradius/modules/realm
including configuration file /etc/freeradius/modules/smbpasswd
including configuration file /etc/freeradius/modules/sql_log
including configuration file /etc/freeradius/modules/sradutmp
including configuration file /etc/freeradius/modules/unix
including configuration file /etc/freeradius/modules/wimax
including configuration file /etc/freeradius/modules/kemping_files
including configuration file /etc/freeradius/modules/eduroam_files
including configuration file /etc/freeradius/modules/rmki_files
including configuration file /etc/freeradius/modules/cui
including configuration file /etc/freeradius/modules/mschap.dpkg-dist
including configuration file /etc/freeradius/modules/ntlm_auth
including configuration file /etc/freeradius/modules/otp
including configuration file /etc/freeradius/modules/perl
including configuration file /etc/freeradius/modules/smsotp
including configuration file /etc/freeradius/modules/sqlcounter_expire_on_login
including configuration file /etc/freeradius/modules/acct_unique
including configuration file /etc/freeradius/eap.conf
including configuration file /etc/freeradius/sql.conf
including configuration file /etc/freeradius/sql/mysql/eduroam_external.conf
including configuration file /etc/freeradius/sql/mysql/eduroam_external.conf
including configuration file /etc/freeradius/sql/mysql/eduroam.conf
including configuration file /etc/freeradius/sql/mysql/eduroam.conf
including configuration file /etc/freeradius/sql/mysql/rmki.conf
including configuration file /etc/freeradius/sql/mysql/rmki.conf
including configuration file /etc/freeradius/policy.conf
including files in directory /etc/freeradius/sites-enabled/
including configuration file /etc/freeradius/sites-enabled/eduroam
including configuration file /etc/freeradius/sites-enabled/default
including configuration file /etc/freeradius/sites-enabled/rmki
main {
	allow_core_dumps = no
}
including dictionary file /etc/freeradius/dictionary
main {
	prefix = "/usr"
	localstatedir = "/var"
	logdir = "/var/log/freeradius"
	libdir = "/usr/lib/freeradius"
	radacctdir = "/var/log/freeradius/radacct"
	hostname_lookups = no
	max_request_time = 30
	cleanup_delay = 5
	max_requests = 1024
	pidfile = "/var/run/freeradius/freeradius.pid"
	checkrad = "/usr/sbin/checkrad"
	debug_level = 0
	proxy_requests = yes
 log {
	stripped_names = no
	auth = yes
	auth_badpass = no
	auth_goodpass = no
 }
 security {
	max_attributes = 200
	reject_delay = 1
	status_server = yes
 }
}
radiusd: #### Loading Realms and Home Servers ####
 proxy server {
	retry_delay = 5
	retry_count = 3
	default_fallback = no
	dead_time = 120
	wake_all_if_all_dead = no
 }
 home_server localhost {
	ipaddr = 127.0.0.1
	port = 1812
	type = "auth"
	secret = "XXXXX"
	response_window = 20
	max_outstanding = 65536
	zombie_period = 40
	status_check = "status-server"
	ping_interval = 30
	check_interval = 30
	num_answers_to_alive = 3
	num_pings_to_alive = 3
	revive_interval = 120
	status_check_timeout = 4
	irt = 2
	mrt = 16
	mrc = 5
	mrd = 30
 }
 home_server_pool my_auth_failover {
	type = fail-over
	home_server = localhost
 }
 realm sunserv.kfki.hu {
	auth_pool = my_auth_failover
 }
 realm LOCAL {
 }
 home_server radius1.eduroam.hu {
	ipaddr = 195.111.98.4
	port = 1812
	type = "auth"
	secret = "XXXXX"
	response_window = 20
	max_outstanding = 65536
	zombie_period = 40
	status_check = "status-server"
	ping_interval = 30
	check_interval = 30
	num_answers_to_alive = 3
	num_pings_to_alive = 3
	revive_interval = 120
	status_check_timeout = 4
	irt = 2
	mrt = 16
	mrc = 5
	mrd = 30
 }
 home_server radius2.eduroam.hu {
	ipaddr = 195.111.98.12
	port = 1812
	type = "auth"
	secret = "XXXXX"
	response_window = 20
	max_outstanding = 65536
	zombie_period = 40
	status_check = "status-server"
	ping_interval = 30
	check_interval = 30
	num_answers_to_alive = 3
	num_pings_to_alive = 3
	revive_interval = 120
	status_check_timeout = 4
	irt = 2
	mrt = 16
	mrc = 5
	mrd = 30
 }
 home_server_pool radius.eduroam.hu {
	type = fail-over
	home_server = radius1.eduroam.hu
	home_server = radius2.eduroam.hu
 }
 realm UP {
	auth_pool = radius.eduroam.hu
	nostrip
 }
radiusd: #### Loading Clients ####
 client localhost {
	ipaddr = 127.0.0.1
	require_message_authenticator = no
	secret = "XXXXX"
	nastype = "other"
 }
radiusd: #### Instantiating modules ####
 instantiate {
 Module: Linked to module rlm_expr
 Module: Instantiating expr
 }
radiusd: #### Loading Virtual Servers ####
server eduroam {
 modules {
 Module: Checking authenticate {...} for more modules to load
 Module: Linked to module rlm_pap
 Module: Instantiating pap
  pap {
	encryption_scheme = "auto"
	auto_header = yes
  }
 Module: Linked to module rlm_chap
 Module: Instantiating chap
 Module: Linked to module rlm_mschap
 Module: Instantiating mschap
  mschap {
	use_mppe = yes
	require_encryption = no
	require_strong = no
	with_ntdomain_hack = yes
  }
 Module: Linked to module rlm_eap
 Module: Instantiating eap
  eap {
	default_eap_type = "ttls"
	timer_expire = 60
	ignore_unknown_eap_types = no
	cisco_accounting_username_bug = no
	max_sessions = 2048
  }
 Module: Linked to sub-module rlm_eap_md5
 Module: Instantiating eap-md5
 Module: Linked to sub-module rlm_eap_gtc
 Module: Instantiating eap-gtc
   gtc {
	challenge = "Password: "
	auth_type = "PAP"
   }
 Module: Linked to sub-module rlm_eap_tls
 Module: Instantiating eap-tls
   tls {
	rsa_key_exchange = no
	dh_key_exchange = yes
	rsa_key_length = 512
	dh_key_length = 512
	verify_depth = 0
	pem_file_type = yes
	private_key_file = "/etc/freeradius/certs/radius_key.pem"
	certificate_file = "/etc/freeradius/certs/radius_pub.pem"
	CA_file = "/etc/freeradius/certs/kfki_ca.pem"
	dh_file = "/etc/freeradius/certs/dh"
	random_file = "/dev/urandom"
	fragment_size = 1024
	include_length = yes
	check_crl = no
	cipher_list = "DEFAULT"
    cache {
	enable = no
	lifetime = 1
	max_entries = 255
    }
   }
 Module: Linked to sub-module rlm_eap_ttls
 Module: Instantiating eap-ttls
   ttls {
	default_eap_type = "md5"
	copy_request_to_tunnel = no
	use_tunneled_reply = no
	include_length = yes
   }
 Module: Linked to sub-module rlm_eap_peap
 Module: Instantiating eap-peap
   peap {
	default_eap_type = "mschapv2"
	copy_request_to_tunnel = no
	use_tunneled_reply = no
	proxy_tunneled_request_as_eap = yes
   }
 Module: Linked to sub-module rlm_eap_mschapv2
 Module: Instantiating eap-mschapv2
   mschapv2 {
	with_ntdomain_hack = no
   }
 Module: Checking authorize {...} for more modules to load
 Module: Linked to module rlm_preprocess
 Module: Instantiating preprocess
  preprocess {
	huntgroups = "/etc/freeradius/huntgroups"
	hints = "/etc/freeradius/hints"
	with_ascend_hack = no
	ascend_channels_per_line = 23
	with_ntdomain_hack = no
	with_specialix_jetstream_hack = no
	with_cisco_vsa_hack = no
	with_alvarion_vsa_hack = no
  }
 Module: Linked to module rlm_detail
 Module: Instantiating auth_log
  detail auth_log {
	detailfile = "/var/log/freeradius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d"
	header = "%t"
	detailperm = 384
	dirperm = 493
	locking = no
	log_packet_header = no
  }
 Module: Linked to module rlm_files
 Module: Instantiating eduroam_files
  files eduroam_files {
	usersfile = "/etc/freeradius/users.eduroam"
	acctusersfile = "/etc/freeradius/acct_users"
	preproxy_usersfile = "/etc/freeradius/preproxy_users"
	compat = "no"
  }
 Module: Linked to module rlm_sql
 Module: Instantiating internal_eduroam_sql0
  sql internal_eduroam_sql0 {
	driver = "rlm_sql_mysql"
	server = "mdb0.kfki.hu"
	port = ""
	login = "XXXXX"
	password = "XXXX"
	radius_db = "postfilter_replicated"
	read_groups = yes
	sqltrace = yes
	sqltracefile = "/var/log/freeradius/sqltrace.sql"
	readclients = no
	deletestalesessions = no
	num_sql_socks = 3
	lifetime = 0
	max_queries = 0
	sql_user_name = "%{User-Name}"
	default_user_profile = ""
	nas_query = "SELECT _userid, 'foo', 'foo', 'foo', 'foo' FROM user 		    WHERE _address = '_never_match'"
	authorize_check_query = "SELECT _userid, _address, 'Password', _passwd, ':='           FROM user           WHERE _address = '%{SQL-User-Name}' and _passwd != '' and 		(_hidden = 0 or _address like '%%@eduroam.kfki.hu')           ORDER BY _userid"
	authorize_reply_query = "SELECT _userid, _address, 'foo', 'foo', '=='           FROM user           WHERE _address = '_never_match'"
	authorize_group_check_query = "SELECT _userid, _address, 'foo', 'foo', '==' 	   FROM  radgroupcheck 	   WHERE _address = '_never_match'"
	authorize_group_reply_query = "SELECT _userid, _address, 'foo', 'foo', '==' 	   FROM  radgroupcheck 	   WHERE _address = '_never_match'"
	accounting_onoff_query = "          UPDATE radacct           SET              acctstoptime       =  '%S',              acctsessiontime    =  unix_timestamp('%S') -                                    unix_timestamp(acctstarttime),              acctterminatecause =  '%{Acct-Terminate-Cause}',              acctstopdelay      =  %{%{Acct-Delay-Time}:-0}           WHERE acctstoptime IS NULL           AND nasipaddress      =  '%{NAS-IP-Address}'           AND acctstarttime     <= '%S'"
	accounting_update_query = "           UPDATE radacct           SET              framedipaddress = '%{Framed-IP-Address}',              acctsessiontime     = '%{Acct-Session-Time}',              acctinputoctets     = '%{%{Acct-Input-Gigawords}:-0}'  << 32 |                                    '%{%{Acct-Input-Octets}:-0}',              acctoutputoctets    = '%{%{Acct-Output-Gigawords}:-0}' << 32 |                                    '%{%{Acct-Output-Octets}:-0}'           WHERE acctsessionid = '%{Acct-Session-Id}'           AND username        = '%{SQL-User-Name}'           AND nasipaddress    = '%{NAS-IP-Address}'"
	accounting_update_query_alt = "           INSERT INTO radacct             (acctsessionid,    acctuniqueid,      username,              realm,            nasipaddress,      nasportid,              nasporttype,      acctstarttime,     acctsessiontime,              acctauthentic,    connectinfo_start, acctinputoctets,              acctoutputoctets, calledstationid,   callingstationid,              servicetype,      framedprotocol,    framedipaddress,              acctstartdelay,   xascendsessionsvrkey)           VALUES             ('%{Acct-Session-Id}', '%{Acct-Unique-Session-Id}',              '%{SQL-User-Name}',              '%{Realm}', '%{NAS-IP-Address}', '%{NAS-Port}',              '%{NAS-Port-Type}',              DATE_SUB('%S',                       INTERVAL (%{%{Acct-Session-Time}:-0} +                                 %{%{Acct-Delay-Time}:-0}) SECOND),                       '%{Acct-Session-Time}',              '%{Acct-Authentic}', '',              '%{%{Acct-Input-Gigawor
 ds}:-0}' << 32 |              '%{%{Acct-Input-Octets}:-0}',              '%{%{Acct-Output-Gigawords}:-0}' << 32 |              '%{%{Acct-Output-Octets}:-0}',              '%{Called-Station-Id}', '%{Calling-Station-Id}',              '%{Service-Type}', '%{Framed-Protocol}',              '%{Framed-IP-Address}',              '0', '%{X-Ascend-Session-Svr-Key}')"
	accounting_start_query = "           INSERT INTO radacct             (acctsessionid,    acctuniqueid,     username,              realm,            nasipaddress,     nasportid,              nasporttype,      acctstarttime,    acctstoptime,              acctsessiontime,  acctauthentic,    connectinfo_start,              connectinfo_stop, acctinputoctets,  acctoutputoctets,              calledstationid,  callingstationid, acctterminatecause,              servicetype,      framedprotocol,   framedipaddress,              acctstartdelay,   acctstopdelay,    xascendsessionsvrkey)           VALUES             ('%{Acct-Session-Id}', '%{Acct-Unique-Session-Id}',              '%{SQL-User-Name}',              '%{Realm}', '%{NAS-IP-Address}', '%{NAS-Port}',              '%{NAS-Port-Type}', '%S', NULL,              '0', '%{Acct-Authentic}', '%{Connect-Info}',              '', '0', '0',              '%{Called-Station-Id}', '%{Calling-Station-Id}', '',              '%{Service-Type}', '%{Fra
 med-Protocol}', '%{Framed-IP-Address}',              '%{%{Acct-Delay-Time}:-0}', '0', '%{X-Ascend-Session-Svr-Key}')"
	accounting_start_query_alt = "           UPDATE radacct SET              acctstarttime     = '%S',              acctstartdelay    = '%{%{Acct-Delay-Time}:-0}',              connectinfo_start = '%{Connect-Info}'           WHERE acctsessionid  = '%{Acct-Session-Id}'           AND username         = '%{SQL-User-Name}'           AND nasipaddress     = '%{NAS-IP-Address}'"
	accounting_stop_query = "           UPDATE radacct SET              acctstoptime       = '%S',              acctsessiontime    = '%{Acct-Session-Time}',              acctinputoctets    = '%{%{Acct-Input-Gigawords}:-0}' << 32 |                                   '%{%{Acct-Input-Octets}:-0}',              acctoutputoctets   = '%{%{Acct-Output-Gigawords}:-0}' << 32 |                                   '%{%{Acct-Output-Octets}:-0}',              acctterminatecause = '%{Acct-Terminate-Cause}',              acctstopdelay      = '%{%{Acct-Delay-Time}:-0}',              connectinfo_stop   = '%{Connect-Info}'           WHERE acctsessionid   = '%{Acct-Session-Id}'           AND username          = '%{SQL-User-Name}'           AND nasipaddress      = '%{NAS-IP-Address}'"
	accounting_stop_query_alt = "           INSERT INTO radacct             (acctsessionid, acctuniqueid, username,              realm, nasipaddress, nasportid,              nasporttype, acctstarttime, acctstoptime,              acctsessiontime, acctauthentic, connectinfo_start,              connectinfo_stop, acctinputoctets, acctoutputoctets,              calledstationid, callingstationid, acctterminatecause,              servicetype, framedprotocol, framedipaddress,              acctstartdelay, acctstopdelay)           VALUES             ('%{Acct-Session-Id}', '%{Acct-Unique-Session-Id}',              '%{SQL-User-Name}',              '%{Realm}', '%{NAS-IP-Address}', '%{NAS-Port}',              '%{NAS-Port-Type}',              DATE_SUB('%S',                  INTERVAL (%{%{Acct-Session-Time}:-0} +                  %{%{Acct-Delay-Time}:-0}) SECOND),              '%S', '%{Acct-Session-Time}', '%{Acct-Authentic}', '',              '%{Connect-Info}',              '%{%{Acct-Input-Gig
 awords}:-0}' << 32 |              '%{%{Acct-Input-Octets}:-0}',              '%{%{Acct-Output-Gigawords}:-0}' << 32 |              '%{%{Acct-Output-Octets}:-0}',              '%{Called-Station-Id}', '%{Calling-Station-Id}',              '%{Acct-Terminate-Cause}',              '%{Service-Type}', '%{Framed-Protocol}', '%{Framed-IP-Address}',              '0', '%{%{Acct-Delay-Time}:-0}')"
	group_membership_query = "SELECT 'foo'           FROM user           WHERE _address = '_never_match'"
	connect_failure_retry_delay = 60
	simul_count_query = ""
	simul_verify_query = "SELECT radacctid, acctsessionid, username,                                nasipaddress, nasportid, framedipaddress,                                callingstationid, framedprotocol                                FROM radacct                                WHERE username = '%{SQL-User-Name}'                                AND acctstoptime IS NULL"
	postauth_query = "INSERT INTO radpostauth                           (username, pass, reply, authdate)                           VALUES (                           '%{User-Name}',                           '%{%{User-Password}:-%{Chap-Password}}',                           '%{reply:Packet-Type}', '%S')"
	safe-characters = "@abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789.-_: /"
  }
rlm_sql (internal_eduroam_sql0): Driver rlm_sql_mysql (module rlm_sql_mysql) loaded and linked
rlm_sql (internal_eduroam_sql0): Attempting to connect to freeradius at mdb0.kfki.hu:/postfilter_replicated
rlm_sql (internal_eduroam_sql0): starting 0
rlm_sql (internal_eduroam_sql0): Attempting to connect rlm_sql_mysql #0
rlm_sql_mysql: Starting connect to MySQL server for #0
rlm_sql (internal_eduroam_sql0): Connected new DB handle, #0
rlm_sql (internal_eduroam_sql0): starting 1
rlm_sql (internal_eduroam_sql0): Attempting to connect rlm_sql_mysql #1
rlm_sql_mysql: Starting connect to MySQL server for #1
rlm_sql (internal_eduroam_sql0): Connected new DB handle, #1
rlm_sql (internal_eduroam_sql0): starting 2
rlm_sql (internal_eduroam_sql0): Attempting to connect rlm_sql_mysql #2
rlm_sql_mysql: Starting connect to MySQL server for #2
rlm_sql (internal_eduroam_sql0): Connected new DB handle, #2
 Module: Instantiating internal_eduroam_sql1
  sql internal_eduroam_sql1 {
	driver = "rlm_sql_mysql"
	server = "mdb1.kfki.hu"
	port = ""
	login = "XXXXX"
	password = "XXXXX"
	radius_db = "postfilter_replicated"
	read_groups = yes
	sqltrace = yes
	sqltracefile = "/var/log/freeradius/sqltrace.sql"
	readclients = no
	deletestalesessions = no
	num_sql_socks = 3
	lifetime = 0
	max_queries = 0
	sql_user_name = "%{User-Name}"
	default_user_profile = ""
	nas_query = "SELECT _userid, 'foo', 'foo', 'foo', 'foo' FROM user 		    WHERE _address = '_never_match'"
	authorize_check_query = "SELECT _userid, _address, 'Password', _passwd, ':='           FROM user           WHERE _address = '%{SQL-User-Name}' and _passwd != '' and 		(_hidden = 0 or _address like '%%@eduroam.kfki.hu')           ORDER BY _userid"
	authorize_reply_query = "SELECT _userid, _address, 'foo', 'foo', '=='           FROM user           WHERE _address = '_never_match'"
	authorize_group_check_query = "SELECT _userid, _address, 'foo', 'foo', '==' 	   FROM  radgroupcheck 	   WHERE _address = '_never_match'"
	authorize_group_reply_query = "SELECT _userid, _address, 'foo', 'foo', '==' 	   FROM  radgroupcheck 	   WHERE _address = '_never_match'"
	accounting_onoff_query = "          UPDATE radacct           SET              acctstoptime       =  '%S',              acctsessiontime    =  unix_timestamp('%S') -                                    unix_timestamp(acctstarttime),              acctterminatecause =  '%{Acct-Terminate-Cause}',              acctstopdelay      =  %{%{Acct-Delay-Time}:-0}           WHERE acctstoptime IS NULL           AND nasipaddress      =  '%{NAS-IP-Address}'           AND acctstarttime     <= '%S'"
	accounting_update_query = "           UPDATE radacct           SET              framedipaddress = '%{Framed-IP-Address}',              acctsessiontime     = '%{Acct-Session-Time}',              acctinputoctets     = '%{%{Acct-Input-Gigawords}:-0}'  << 32 |                                    '%{%{Acct-Input-Octets}:-0}',              acctoutputoctets    = '%{%{Acct-Output-Gigawords}:-0}' << 32 |                                    '%{%{Acct-Output-Octets}:-0}'           WHERE acctsessionid = '%{Acct-Session-Id}'           AND username        = '%{SQL-User-Name}'           AND nasipaddress    = '%{NAS-IP-Address}'"
	accounting_update_query_alt = "           INSERT INTO radacct             (acctsessionid,    acctuniqueid,      username,              realm,            nasipaddress,      nasportid,              nasporttype,      acctstarttime,     acctsessiontime,              acctauthentic,    connectinfo_start, acctinputoctets,              acctoutputoctets, calledstationid,   callingstationid,              servicetype,      framedprotocol,    framedipaddress,              acctstartdelay,   xascendsessionsvrkey)           VALUES             ('%{Acct-Session-Id}', '%{Acct-Unique-Session-Id}',              '%{SQL-User-Name}',              '%{Realm}', '%{NAS-IP-Address}', '%{NAS-Port}',              '%{NAS-Port-Type}',              DATE_SUB('%S',                       INTERVAL (%{%{Acct-Session-Time}:-0} +                                 %{%{Acct-Delay-Time}:-0}) SECOND),                       '%{Acct-Session-Time}',              '%{Acct-Authentic}', '',              '%{%{Acct-Input-Gigawor
 ds}:-0}' << 32 |              '%{%{Acct-Input-Octets}:-0}',              '%{%{Acct-Output-Gigawords}:-0}' << 32 |              '%{%{Acct-Output-Octets}:-0}',              '%{Called-Station-Id}', '%{Calling-Station-Id}',              '%{Service-Type}', '%{Framed-Protocol}',              '%{Framed-IP-Address}',              '0', '%{X-Ascend-Session-Svr-Key}')"
	accounting_start_query = "           INSERT INTO radacct             (acctsessionid,    acctuniqueid,     username,              realm,            nasipaddress,     nasportid,              nasporttype,      acctstarttime,    acctstoptime,              acctsessiontime,  acctauthentic,    connectinfo_start,              connectinfo_stop, acctinputoctets,  acctoutputoctets,              calledstationid,  callingstationid, acctterminatecause,              servicetype,      framedprotocol,   framedipaddress,              acctstartdelay,   acctstopdelay,    xascendsessionsvrkey)           VALUES             ('%{Acct-Session-Id}', '%{Acct-Unique-Session-Id}',              '%{SQL-User-Name}',              '%{Realm}', '%{NAS-IP-Address}', '%{NAS-Port}',              '%{NAS-Port-Type}', '%S', NULL,              '0', '%{Acct-Authentic}', '%{Connect-Info}',              '', '0', '0',              '%{Called-Station-Id}', '%{Calling-Station-Id}', '',              '%{Service-Type}', '%{Fra
 med-Protocol}', '%{Framed-IP-Address}',              '%{%{Acct-Delay-Time}:-0}', '0', '%{X-Ascend-Session-Svr-Key}')"
	accounting_start_query_alt = "           UPDATE radacct SET              acctstarttime     = '%S',              acctstartdelay    = '%{%{Acct-Delay-Time}:-0}',              connectinfo_start = '%{Connect-Info}'           WHERE acctsessionid  = '%{Acct-Session-Id}'           AND username         = '%{SQL-User-Name}'           AND nasipaddress     = '%{NAS-IP-Address}'"
	accounting_stop_query = "           UPDATE radacct SET              acctstoptime       = '%S',              acctsessiontime    = '%{Acct-Session-Time}',              acctinputoctets    = '%{%{Acct-Input-Gigawords}:-0}' << 32 |                                   '%{%{Acct-Input-Octets}:-0}',              acctoutputoctets   = '%{%{Acct-Output-Gigawords}:-0}' << 32 |                                   '%{%{Acct-Output-Octets}:-0}',              acctterminatecause = '%{Acct-Terminate-Cause}',              acctstopdelay      = '%{%{Acct-Delay-Time}:-0}',              connectinfo_stop   = '%{Connect-Info}'           WHERE acctsessionid   = '%{Acct-Session-Id}'           AND username          = '%{SQL-User-Name}'           AND nasipaddress      = '%{NAS-IP-Address}'"
	accounting_stop_query_alt = "           INSERT INTO radacct             (acctsessionid, acctuniqueid, username,              realm, nasipaddress, nasportid,              nasporttype, acctstarttime, acctstoptime,              acctsessiontime, acctauthentic, connectinfo_start,              connectinfo_stop, acctinputoctets, acctoutputoctets,              calledstationid, callingstationid, acctterminatecause,              servicetype, framedprotocol, framedipaddress,              acctstartdelay, acctstopdelay)           VALUES             ('%{Acct-Session-Id}', '%{Acct-Unique-Session-Id}',              '%{SQL-User-Name}',              '%{Realm}', '%{NAS-IP-Address}', '%{NAS-Port}',              '%{NAS-Port-Type}',              DATE_SUB('%S',                  INTERVAL (%{%{Acct-Session-Time}:-0} +                  %{%{Acct-Delay-Time}:-0}) SECOND),              '%S', '%{Acct-Session-Time}', '%{Acct-Authentic}', '',              '%{Connect-Info}',              '%{%{Acct-Input-Gig
 awords}:-0}' << 32 |              '%{%{Acct-Input-Octets}:-0}',              '%{%{Acct-Output-Gigawords}:-0}' << 32 |              '%{%{Acct-Output-Octets}:-0}',              '%{Called-Station-Id}', '%{Calling-Station-Id}',              '%{Acct-Terminate-Cause}',              '%{Service-Type}', '%{Framed-Protocol}', '%{Framed-IP-Address}',              '0', '%{%{Acct-Delay-Time}:-0}')"
	group_membership_query = "SELECT 'foo'           FROM user           WHERE _address = '_never_match'"
	connect_failure_retry_delay = 60
	simul_count_query = ""
	simul_verify_query = "SELECT radacctid, acctsessionid, username,                                nasipaddress, nasportid, framedipaddress,                                callingstationid, framedprotocol                                FROM radacct                                WHERE username = '%{SQL-User-Name}'                                AND acctstoptime IS NULL"
	postauth_query = "INSERT INTO radpostauth                           (username, pass, reply, authdate)                           VALUES (                           '%{User-Name}',                           '%{%{User-Password}:-%{Chap-Password}}',                           '%{reply:Packet-Type}', '%S')"
	safe-characters = "@abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789.-_: /"
  }
rlm_sql (internal_eduroam_sql1): Driver rlm_sql_mysql (module rlm_sql_mysql) loaded and linked
rlm_sql (internal_eduroam_sql1): Attempting to connect to freeradius at mdb1.kfki.hu:/postfilter_replicated
rlm_sql (internal_eduroam_sql1): starting 0
rlm_sql (internal_eduroam_sql1): Attempting to connect rlm_sql_mysql #0
rlm_sql_mysql: Starting connect to MySQL server for #0
rlm_sql (internal_eduroam_sql1): Connected new DB handle, #0
rlm_sql (internal_eduroam_sql1): starting 1
rlm_sql (internal_eduroam_sql1): Attempting to connect rlm_sql_mysql #1
rlm_sql_mysql: Starting connect to MySQL server for #1
rlm_sql (internal_eduroam_sql1): Connected new DB handle, #1
rlm_sql (internal_eduroam_sql1): starting 2
rlm_sql (internal_eduroam_sql1): Attempting to connect rlm_sql_mysql #2
rlm_sql_mysql: Starting connect to MySQL server for #2
rlm_sql (internal_eduroam_sql1): Connected new DB handle, #2
 Module: Checking preacct {...} for more modules to load
 Module: Linked to module rlm_acct_unique
 Module: Instantiating acct_unique
  acct_unique {
	key = "User-Name, Acct-Session-Id, NAS-IP-Address, Client-IP-Address, NAS-Port"
  }
 Module: Checking accounting {...} for more modules to load
 Module: Instantiating detail
  detail {
	detailfile = "/var/log/freeradius/radacct/%{Client-IP-Address}/detail-%Y%m%d"
	header = "%t"
	detailperm = 384
	dirperm = 493
	locking = no
	log_packet_header = no
  }
 Module: Linked to module rlm_radutmp
 Module: Instantiating radutmp
  radutmp {
	filename = "/var/log/freeradius/radutmp"
	username = "%{User-Name}"
	case_sensitive = yes
	check_with_nas = yes
	perm = 384
	callerid = yes
  }
 Module: Checking session {...} for more modules to load
 Module: Checking pre-proxy {...} for more modules to load
 Module: Instantiating pre_proxy_log
  detail pre_proxy_log {
	detailfile = "/var/log/freeradius/radacct/%{Client-IP-Address}/pre-proxy-detail-%Y%m%d"
	header = "%t"
	detailperm = 384
	dirperm = 493
	locking = no
	log_packet_header = no
  }
 Module: Checking post-proxy {...} for more modules to load
 Module: Instantiating post_proxy_log
  detail post_proxy_log {
	detailfile = "/var/log/freeradius/radacct/%{Client-IP-Address}/post-proxy-detail-%Y%m%d"
	header = "%t"
	detailperm = 384
	dirperm = 493
	locking = no
	log_packet_header = no
  }
 Module: Checking post-auth {...} for more modules to load
 Module: Instantiating reply_log
  detail reply_log {
	detailfile = "/var/log/freeradius/radacct/%{Client-IP-Address}/reply-detail-%Y%m%d"
	header = "%t"
	detailperm = 384
	dirperm = 493
	locking = no
	log_packet_header = no
  }
 } # modules
} # server
server rmki {
 modules {
 Module: Checking authenticate {...} for more modules to load
 Module: Checking authorize {...} for more modules to load
 Module: Instantiating rmki_files
  files rmki_files {
	usersfile = "/etc/freeradius/users.rmki"
	acctusersfile = "/etc/freeradius/acct_users"
	preproxy_usersfile = "/etc/freeradius/preproxy_users"
	compat = "no"
  }
 Module: Instantiating rmki_sql0
  sql rmki_sql0 {
	driver = "rlm_sql_mysql"
	server = "mdb0.kfki.hu"
	port = ""
	login = "XXXXX"
	password = "XXXXX"
	radius_db = "postfilter_replicated"
	read_groups = yes
	sqltrace = yes
	sqltracefile = "/var/log/freeradius/sqltrace.sql"
	readclients = no
	deletestalesessions = no
	num_sql_socks = 3
	lifetime = 0
	max_queries = 0
	sql_user_name = "%{User-Name}"
	default_user_profile = ""
	nas_query = "SELECT _userid, 'foo', 'foo', 'foo', 'foo' FROM user 		    WHERE _address = '_never_match'"
	authorize_check_query = "SELECT user._userid, user._address, 'Password', user._passwd, ':='           FROM user, attributes           WHERE user._address = '%{SQL-User-Name}' and user._passwd != '' and user._hidden = 0 		and (user._address like '%%@rmki.kfki.hu' 		     or (attributes._address = '%{SQL-User-Name}' and attributes._key = 'o' and attributes._value = 'RMKI'))"
	authorize_reply_query = "SELECT _userid, _address, 'foo', 'foo', '=='           FROM user           WHERE _address = '_never_match'"
	authorize_group_check_query = "SELECT _userid, _address, 'foo', 'foo', '==' 	   FROM  radgroupcheck 	   WHERE _address = '_never_match'"
	authorize_group_reply_query = "SELECT _userid, _address, 'foo', 'foo', '==' 	   FROM  radgroupcheck 	   WHERE _address = '_never_match'"
	accounting_onoff_query = "          UPDATE radacct           SET              acctstoptime       =  '%S',              acctsessiontime    =  unix_timestamp('%S') -                                    unix_timestamp(acctstarttime),              acctterminatecause =  '%{Acct-Terminate-Cause}',              acctstopdelay      =  %{%{Acct-Delay-Time}:-0}           WHERE acctstoptime IS NULL           AND nasipaddress      =  '%{NAS-IP-Address}'           AND acctstarttime     <= '%S'"
	accounting_update_query = "           UPDATE radacct           SET              framedipaddress = '%{Framed-IP-Address}',              acctsessiontime     = '%{Acct-Session-Time}',              acctinputoctets     = '%{%{Acct-Input-Gigawords}:-0}'  << 32 |                                    '%{%{Acct-Input-Octets}:-0}',              acctoutputoctets    = '%{%{Acct-Output-Gigawords}:-0}' << 32 |                                    '%{%{Acct-Output-Octets}:-0}'           WHERE acctsessionid = '%{Acct-Session-Id}'           AND username        = '%{SQL-User-Name}'           AND nasipaddress    = '%{NAS-IP-Address}'"
	accounting_update_query_alt = "           INSERT INTO radacct             (acctsessionid,    acctuniqueid,      username,              realm,            nasipaddress,      nasportid,              nasporttype,      acctstarttime,     acctsessiontime,              acctauthentic,    connectinfo_start, acctinputoctets,              acctoutputoctets, calledstationid,   callingstationid,              servicetype,      framedprotocol,    framedipaddress,              acctstartdelay,   xascendsessionsvrkey)           VALUES             ('%{Acct-Session-Id}', '%{Acct-Unique-Session-Id}',              '%{SQL-User-Name}',              '%{Realm}', '%{NAS-IP-Address}', '%{NAS-Port}',              '%{NAS-Port-Type}',              DATE_SUB('%S',                       INTERVAL (%{%{Acct-Session-Time}:-0} +                                 %{%{Acct-Delay-Time}:-0}) SECOND),                       '%{Acct-Session-Time}',              '%{Acct-Authentic}', '',              '%{%{Acct-Input-Gigawor
 ds}:-0}' << 32 |              '%{%{Acct-Input-Octets}:-0}',              '%{%{Acct-Output-Gigawords}:-0}' << 32 |              '%{%{Acct-Output-Octets}:-0}',              '%{Called-Station-Id}', '%{Calling-Station-Id}',              '%{Service-Type}', '%{Framed-Protocol}',              '%{Framed-IP-Address}',              '0', '%{X-Ascend-Session-Svr-Key}')"
	accounting_start_query = "           INSERT INTO radacct             (acctsessionid,    acctuniqueid,     username,              realm,            nasipaddress,     nasportid,              nasporttype,      acctstarttime,    acctstoptime,              acctsessiontime,  acctauthentic,    connectinfo_start,              connectinfo_stop, acctinputoctets,  acctoutputoctets,              calledstationid,  callingstationid, acctterminatecause,              servicetype,      framedprotocol,   framedipaddress,              acctstartdelay,   acctstopdelay,    xascendsessionsvrkey)           VALUES             ('%{Acct-Session-Id}', '%{Acct-Unique-Session-Id}',              '%{SQL-User-Name}',              '%{Realm}', '%{NAS-IP-Address}', '%{NAS-Port}',              '%{NAS-Port-Type}', '%S', NULL,              '0', '%{Acct-Authentic}', '%{Connect-Info}',              '', '0', '0',              '%{Called-Station-Id}', '%{Calling-Station-Id}', '',              '%{Service-Type}', '%{Fra
 med-Protocol}', '%{Framed-IP-Address}',              '%{%{Acct-Delay-Time}:-0}', '0', '%{X-Ascend-Session-Svr-Key}')"
	accounting_start_query_alt = "           UPDATE radacct SET              acctstarttime     = '%S',              acctstartdelay    = '%{%{Acct-Delay-Time}:-0}',              connectinfo_start = '%{Connect-Info}'           WHERE acctsessionid  = '%{Acct-Session-Id}'           AND username         = '%{SQL-User-Name}'           AND nasipaddress     = '%{NAS-IP-Address}'"
	accounting_stop_query = "           UPDATE radacct SET              acctstoptime       = '%S',              acctsessiontime    = '%{Acct-Session-Time}',              acctinputoctets    = '%{%{Acct-Input-Gigawords}:-0}' << 32 |                                   '%{%{Acct-Input-Octets}:-0}',              acctoutputoctets   = '%{%{Acct-Output-Gigawords}:-0}' << 32 |                                   '%{%{Acct-Output-Octets}:-0}',              acctterminatecause = '%{Acct-Terminate-Cause}',              acctstopdelay      = '%{%{Acct-Delay-Time}:-0}',              connectinfo_stop   = '%{Connect-Info}'           WHERE acctsessionid   = '%{Acct-Session-Id}'           AND username          = '%{SQL-User-Name}'           AND nasipaddress      = '%{NAS-IP-Address}'"
	accounting_stop_query_alt = "           INSERT INTO radacct             (acctsessionid, acctuniqueid, username,              realm, nasipaddress, nasportid,              nasporttype, acctstarttime, acctstoptime,              acctsessiontime, acctauthentic, connectinfo_start,              connectinfo_stop, acctinputoctets, acctoutputoctets,              calledstationid, callingstationid, acctterminatecause,              servicetype, framedprotocol, framedipaddress,              acctstartdelay, acctstopdelay)           VALUES             ('%{Acct-Session-Id}', '%{Acct-Unique-Session-Id}',              '%{SQL-User-Name}',              '%{Realm}', '%{NAS-IP-Address}', '%{NAS-Port}',              '%{NAS-Port-Type}',              DATE_SUB('%S',                  INTERVAL (%{%{Acct-Session-Time}:-0} +                  %{%{Acct-Delay-Time}:-0}) SECOND),              '%S', '%{Acct-Session-Time}', '%{Acct-Authentic}', '',              '%{Connect-Info}',              '%{%{Acct-Input-Gig
 awords}:-0}' << 32 |              '%{%{Acct-Input-Octets}:-0}',              '%{%{Acct-Output-Gigawords}:-0}' << 32 |              '%{%{Acct-Output-Octets}:-0}',              '%{Called-Station-Id}', '%{Calling-Station-Id}',              '%{Acct-Terminate-Cause}',              '%{Service-Type}', '%{Framed-Protocol}', '%{Framed-IP-Address}',              '0', '%{%{Acct-Delay-Time}:-0}')"
	group_membership_query = "SELECT 'foo'           FROM user           WHERE _address = '_never_match'"
	connect_failure_retry_delay = 60
	simul_count_query = ""
	simul_verify_query = "SELECT radacctid, acctsessionid, username,                                nasipaddress, nasportid, framedipaddress,                                callingstationid, framedprotocol                                FROM radacct                                WHERE username = '%{SQL-User-Name}'                                AND acctstoptime IS NULL"
	postauth_query = "INSERT INTO radpostauth                           (username, pass, reply, authdate)                           VALUES (                           '%{User-Name}',                           '%{%{User-Password}:-%{Chap-Password}}',                           '%{reply:Packet-Type}', '%S')"
	safe-characters = "@abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789.-_: /"
  }
rlm_sql (rmki_sql0): Driver rlm_sql_mysql (module rlm_sql_mysql) loaded and linked
rlm_sql (rmki_sql0): Attempting to connect to freeradius at mdb0.kfki.hu:/postfilter_replicated
rlm_sql (rmki_sql0): starting 0
rlm_sql (rmki_sql0): Attempting to connect rlm_sql_mysql #0
rlm_sql_mysql: Starting connect to MySQL server for #0
rlm_sql (rmki_sql0): Connected new DB handle, #0
rlm_sql (rmki_sql0): starting 1
rlm_sql (rmki_sql0): Attempting to connect rlm_sql_mysql #1
rlm_sql_mysql: Starting connect to MySQL server for #1
rlm_sql (rmki_sql0): Connected new DB handle, #1
rlm_sql (rmki_sql0): starting 2
rlm_sql (rmki_sql0): Attempting to connect rlm_sql_mysql #2
rlm_sql_mysql: Starting connect to MySQL server for #2
rlm_sql (rmki_sql0): Connected new DB handle, #2
 Module: Instantiating rmki_sql1
  sql rmki_sql1 {
	driver = "rlm_sql_mysql"
	server = "mdb1.kfki.hu"
	port = ""
	login = "XXXXXX"
	password = "XXXXX"
	radius_db = "postfilter_replicated"
	read_groups = yes
	sqltrace = yes
	sqltracefile = "/var/log/freeradius/sqltrace.sql"
	readclients = no
	deletestalesessions = no
	num_sql_socks = 3
	lifetime = 0
	max_queries = 0
	sql_user_name = "%{User-Name}"
	default_user_profile = ""
	nas_query = "SELECT _userid, 'foo', 'foo', 'foo', 'foo' FROM user 		    WHERE _address = '_never_match'"
	authorize_check_query = "SELECT user._userid, user._address, 'Password', user._passwd, ':='           FROM user, attributes           WHERE user._address = '%{SQL-User-Name}' and user._passwd != '' and user._hidden = 0 		and (user._address like '%%@rmki.kfki.hu' 		     or (attributes._address = '%{SQL-User-Name}' and attributes._key = 'o' and attributes._value = 'RMKI'))"
	authorize_reply_query = "SELECT _userid, _address, 'foo', 'foo', '=='           FROM user           WHERE _address = '_never_match'"
	authorize_group_check_query = "SELECT _userid, _address, 'foo', 'foo', '==' 	   FROM  radgroupcheck 	   WHERE _address = '_never_match'"
	authorize_group_reply_query = "SELECT _userid, _address, 'foo', 'foo', '==' 	   FROM  radgroupcheck 	   WHERE _address = '_never_match'"
	accounting_onoff_query = "          UPDATE radacct           SET              acctstoptime       =  '%S',              acctsessiontime    =  unix_timestamp('%S') -                                    unix_timestamp(acctstarttime),              acctterminatecause =  '%{Acct-Terminate-Cause}',              acctstopdelay      =  %{%{Acct-Delay-Time}:-0}           WHERE acctstoptime IS NULL           AND nasipaddress      =  '%{NAS-IP-Address}'           AND acctstarttime     <= '%S'"
	accounting_update_query = "           UPDATE radacct           SET              framedipaddress = '%{Framed-IP-Address}',              acctsessiontime     = '%{Acct-Session-Time}',              acctinputoctets     = '%{%{Acct-Input-Gigawords}:-0}'  << 32 |                                    '%{%{Acct-Input-Octets}:-0}',              acctoutputoctets    = '%{%{Acct-Output-Gigawords}:-0}' << 32 |                                    '%{%{Acct-Output-Octets}:-0}'           WHERE acctsessionid = '%{Acct-Session-Id}'           AND username        = '%{SQL-User-Name}'           AND nasipaddress    = '%{NAS-IP-Address}'"
	accounting_update_query_alt = "           INSERT INTO radacct             (acctsessionid,    acctuniqueid,      username,              realm,            nasipaddress,      nasportid,              nasporttype,      acctstarttime,     acctsessiontime,              acctauthentic,    connectinfo_start, acctinputoctets,              acctoutputoctets, calledstationid,   callingstationid,              servicetype,      framedprotocol,    framedipaddress,              acctstartdelay,   xascendsessionsvrkey)           VALUES             ('%{Acct-Session-Id}', '%{Acct-Unique-Session-Id}',              '%{SQL-User-Name}',              '%{Realm}', '%{NAS-IP-Address}', '%{NAS-Port}',              '%{NAS-Port-Type}',              DATE_SUB('%S',                       INTERVAL (%{%{Acct-Session-Time}:-0} +                                 %{%{Acct-Delay-Time}:-0}) SECOND),                       '%{Acct-Session-Time}',              '%{Acct-Authentic}', '',              '%{%{Acct-Input-Gigawor
 ds}:-0}' << 32 |              '%{%{Acct-Input-Octets}:-0}',              '%{%{Acct-Output-Gigawords}:-0}' << 32 |              '%{%{Acct-Output-Octets}:-0}',              '%{Called-Station-Id}', '%{Calling-Station-Id}',              '%{Service-Type}', '%{Framed-Protocol}',              '%{Framed-IP-Address}',              '0', '%{X-Ascend-Session-Svr-Key}')"
	accounting_start_query = "           INSERT INTO radacct             (acctsessionid,    acctuniqueid,     username,              realm,            nasipaddress,     nasportid,              nasporttype,      acctstarttime,    acctstoptime,              acctsessiontime,  acctauthentic,    connectinfo_start,              connectinfo_stop, acctinputoctets,  acctoutputoctets,              calledstationid,  callingstationid, acctterminatecause,              servicetype,      framedprotocol,   framedipaddress,              acctstartdelay,   acctstopdelay,    xascendsessionsvrkey)           VALUES             ('%{Acct-Session-Id}', '%{Acct-Unique-Session-Id}',              '%{SQL-User-Name}',              '%{Realm}', '%{NAS-IP-Address}', '%{NAS-Port}',              '%{NAS-Port-Type}', '%S', NULL,              '0', '%{Acct-Authentic}', '%{Connect-Info}',              '', '0', '0',              '%{Called-Station-Id}', '%{Calling-Station-Id}', '',              '%{Service-Type}', '%{Fra
 med-Protocol}', '%{Framed-IP-Address}',              '%{%{Acct-Delay-Time}:-0}', '0', '%{X-Ascend-Session-Svr-Key}')"
	accounting_start_query_alt = "           UPDATE radacct SET              acctstarttime     = '%S',              acctstartdelay    = '%{%{Acct-Delay-Time}:-0}',              connectinfo_start = '%{Connect-Info}'           WHERE acctsessionid  = '%{Acct-Session-Id}'           AND username         = '%{SQL-User-Name}'           AND nasipaddress     = '%{NAS-IP-Address}'"
	accounting_stop_query = "           UPDATE radacct SET              acctstoptime       = '%S',              acctsessiontime    = '%{Acct-Session-Time}',              acctinputoctets    = '%{%{Acct-Input-Gigawords}:-0}' << 32 |                                   '%{%{Acct-Input-Octets}:-0}',              acctoutputoctets   = '%{%{Acct-Output-Gigawords}:-0}' << 32 |                                   '%{%{Acct-Output-Octets}:-0}',              acctterminatecause = '%{Acct-Terminate-Cause}',              acctstopdelay      = '%{%{Acct-Delay-Time}:-0}',              connectinfo_stop   = '%{Connect-Info}'           WHERE acctsessionid   = '%{Acct-Session-Id}'           AND username          = '%{SQL-User-Name}'           AND nasipaddress      = '%{NAS-IP-Address}'"
	accounting_stop_query_alt = "           INSERT INTO radacct             (acctsessionid, acctuniqueid, username,              realm, nasipaddress, nasportid,              nasporttype, acctstarttime, acctstoptime,              acctsessiontime, acctauthentic, connectinfo_start,              connectinfo_stop, acctinputoctets, acctoutputoctets,              calledstationid, callingstationid, acctterminatecause,              servicetype, framedprotocol, framedipaddress,              acctstartdelay, acctstopdelay)           VALUES             ('%{Acct-Session-Id}', '%{Acct-Unique-Session-Id}',              '%{SQL-User-Name}',              '%{Realm}', '%{NAS-IP-Address}', '%{NAS-Port}',              '%{NAS-Port-Type}',              DATE_SUB('%S',                  INTERVAL (%{%{Acct-Session-Time}:-0} +                  %{%{Acct-Delay-Time}:-0}) SECOND),              '%S', '%{Acct-Session-Time}', '%{Acct-Authentic}', '',              '%{Connect-Info}',              '%{%{Acct-Input-Gig
 awords}:-0}' << 32 |              '%{%{Acct-Input-Octets}:-0}',              '%{%{Acct-Output-Gigawords}:-0}' << 32 |              '%{%{Acct-Output-Octets}:-0}',              '%{Called-Station-Id}', '%{Calling-Station-Id}',              '%{Acct-Terminate-Cause}',              '%{Service-Type}', '%{Framed-Protocol}', '%{Framed-IP-Address}',              '0', '%{%{Acct-Delay-Time}:-0}')"
	group_membership_query = "SELECT 'foo'           FROM user           WHERE _address = '_never_match'"
	connect_failure_retry_delay = 60
	simul_count_query = ""
	simul_verify_query = "SELECT radacctid, acctsessionid, username,                                nasipaddress, nasportid, framedipaddress,                                callingstationid, framedprotocol                                FROM radacct                                WHERE username = '%{SQL-User-Name}'                                AND acctstoptime IS NULL"
	postauth_query = "INSERT INTO radpostauth                           (username, pass, reply, authdate)                           VALUES (                           '%{User-Name}',                           '%{%{User-Password}:-%{Chap-Password}}',                           '%{reply:Packet-Type}', '%S')"
	safe-characters = "@abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789.-_: /"
  }
rlm_sql (rmki_sql1): Driver rlm_sql_mysql (module rlm_sql_mysql) loaded and linked
rlm_sql (rmki_sql1): Attempting to connect to freeradius at mdb1.kfki.hu:/postfilter_replicated
rlm_sql (rmki_sql1): starting 0
rlm_sql (rmki_sql1): Attempting to connect rlm_sql_mysql #0
rlm_sql_mysql: Starting connect to MySQL server for #0
rlm_sql (rmki_sql1): Connected new DB handle, #0
rlm_sql (rmki_sql1): starting 1
rlm_sql (rmki_sql1): Attempting to connect rlm_sql_mysql #1
rlm_sql_mysql: Starting connect to MySQL server for #1
rlm_sql (rmki_sql1): Connected new DB handle, #1
rlm_sql (rmki_sql1): starting 2
rlm_sql (rmki_sql1): Attempting to connect rlm_sql_mysql #2
rlm_sql_mysql: Starting connect to MySQL server for #2
rlm_sql (rmki_sql1): Connected new DB handle, #2
 Module: Checking preacct {...} for more modules to load
 Module: Checking accounting {...} for more modules to load
 Module: Checking session {...} for more modules to load
 Module: Checking post-proxy {...} for more modules to load
 Module: Checking post-auth {...} for more modules to load
 } # modules
} # server
server {
 modules {
 Module: Checking authenticate {...} for more modules to load
 Module: Checking authorize {...} for more modules to load
 Module: Instantiating files
  files {
	usersfile = "/etc/freeradius/users"
	acctusersfile = "/etc/freeradius/acct_users"
	preproxy_usersfile = "/etc/freeradius/preproxy_users"
	compat = "no"
  }
 Module: Instantiating external_eduroam_sql0
  sql external_eduroam_sql0 {
	driver = "rlm_sql_mysql"
	server = "mdb0.kfki.hu"
	port = ""
	login = "XXXXX"
	password = "XXXXX"
	radius_db = "postfilter_replicated"
	read_groups = yes
	sqltrace = yes
	sqltracefile = "/var/log/freeradius/sqltrace.sql"
	readclients = no
	deletestalesessions = no
	num_sql_socks = 3
	lifetime = 0
	max_queries = 0
	sql_user_name = "%{User-Name}"
	default_user_profile = ""
	nas_query = "SELECT _userid, 'foo', 'foo', 'foo', 'foo' FROM user 		    WHERE _address = '_never_match'"
	authorize_check_query = "SELECT _userid, _address, 'Password', _passwd, ':='           FROM user           WHERE _address = '%{SQL-User-Name}' and _passwd != '' and 		(_hidden = 0 or _address like '%-test at eduroam.kfki.hu')           ORDER BY _userid"
	authorize_reply_query = "SELECT _userid, _address, 'foo', 'foo', '=='           FROM user           WHERE _address = '_never_match'"
	authorize_group_check_query = "SELECT _userid, _address, 'foo', 'foo', '==' 	   FROM  radgroupcheck 	   WHERE _address = '_never_match'"
	authorize_group_reply_query = "SELECT _userid, _address, 'foo', 'foo', '==' 	   FROM  radgroupcheck 	   WHERE _address = '_never_match'"
	accounting_onoff_query = "          UPDATE radacct           SET              acctstoptime       =  '%S',              acctsessiontime    =  unix_timestamp('%S') -                                    unix_timestamp(acctstarttime),              acctterminatecause =  '%{Acct-Terminate-Cause}',              acctstopdelay      =  %{%{Acct-Delay-Time}:-0}           WHERE acctstoptime IS NULL           AND nasipaddress      =  '%{NAS-IP-Address}'           AND acctstarttime     <= '%S'"
	accounting_update_query = "           UPDATE radacct           SET              framedipaddress = '%{Framed-IP-Address}',              acctsessiontime     = '%{Acct-Session-Time}',              acctinputoctets     = '%{%{Acct-Input-Gigawords}:-0}'  << 32 |                                    '%{%{Acct-Input-Octets}:-0}',              acctoutputoctets    = '%{%{Acct-Output-Gigawords}:-0}' << 32 |                                    '%{%{Acct-Output-Octets}:-0}'           WHERE acctsessionid = '%{Acct-Session-Id}'           AND username        = '%{SQL-User-Name}'           AND nasipaddress    = '%{NAS-IP-Address}'"
	accounting_update_query_alt = "           INSERT INTO radacct             (acctsessionid,    acctuniqueid,      username,              realm,            nasipaddress,      nasportid,              nasporttype,      acctstarttime,     acctsessiontime,              acctauthentic,    connectinfo_start, acctinputoctets,              acctoutputoctets, calledstationid,   callingstationid,              servicetype,      framedprotocol,    framedipaddress,              acctstartdelay,   xascendsessionsvrkey)           VALUES             ('%{Acct-Session-Id}', '%{Acct-Unique-Session-Id}',              '%{SQL-User-Name}',              '%{Realm}', '%{NAS-IP-Address}', '%{NAS-Port}',              '%{NAS-Port-Type}',              DATE_SUB('%S',                       INTERVAL (%{%{Acct-Session-Time}:-0} +                                 %{%{Acct-Delay-Time}:-0}) SECOND),                       '%{Acct-Session-Time}',              '%{Acct-Authentic}', '',              '%{%{Acct-Input-Gigawor
 ds}:-0}' << 32 |              '%{%{Acct-Input-Octets}:-0}',              '%{%{Acct-Output-Gigawords}:-0}' << 32 |              '%{%{Acct-Output-Octets}:-0}',              '%{Called-Station-Id}', '%{Calling-Station-Id}',              '%{Service-Type}', '%{Framed-Protocol}',              '%{Framed-IP-Address}',              '0', '%{X-Ascend-Session-Svr-Key}')"
	accounting_start_query = "           INSERT INTO radacct             (acctsessionid,    acctuniqueid,     username,              realm,            nasipaddress,     nasportid,              nasporttype,      acctstarttime,    acctstoptime,              acctsessiontime,  acctauthentic,    connectinfo_start,              connectinfo_stop, acctinputoctets,  acctoutputoctets,              calledstationid,  callingstationid, acctterminatecause,              servicetype,      framedprotocol,   framedipaddress,              acctstartdelay,   acctstopdelay,    xascendsessionsvrkey)           VALUES             ('%{Acct-Session-Id}', '%{Acct-Unique-Session-Id}',              '%{SQL-User-Name}',              '%{Realm}', '%{NAS-IP-Address}', '%{NAS-Port}',              '%{NAS-Port-Type}', '%S', NULL,              '0', '%{Acct-Authentic}', '%{Connect-Info}',              '', '0', '0',              '%{Called-Station-Id}', '%{Calling-Station-Id}', '',              '%{Service-Type}', '%{Fra
 med-Protocol}', '%{Framed-IP-Address}',              '%{%{Acct-Delay-Time}:-0}', '0', '%{X-Ascend-Session-Svr-Key}')"
	accounting_start_query_alt = "           UPDATE radacct SET              acctstarttime     = '%S',              acctstartdelay    = '%{%{Acct-Delay-Time}:-0}',              connectinfo_start = '%{Connect-Info}'           WHERE acctsessionid  = '%{Acct-Session-Id}'           AND username         = '%{SQL-User-Name}'           AND nasipaddress     = '%{NAS-IP-Address}'"
	accounting_stop_query = "           UPDATE radacct SET              acctstoptime       = '%S',              acctsessiontime    = '%{Acct-Session-Time}',              acctinputoctets    = '%{%{Acct-Input-Gigawords}:-0}' << 32 |                                   '%{%{Acct-Input-Octets}:-0}',              acctoutputoctets   = '%{%{Acct-Output-Gigawords}:-0}' << 32 |                                   '%{%{Acct-Output-Octets}:-0}',              acctterminatecause = '%{Acct-Terminate-Cause}',              acctstopdelay      = '%{%{Acct-Delay-Time}:-0}',              connectinfo_stop   = '%{Connect-Info}'           WHERE acctsessionid   = '%{Acct-Session-Id}'           AND username          = '%{SQL-User-Name}'           AND nasipaddress      = '%{NAS-IP-Address}'"
	accounting_stop_query_alt = "           INSERT INTO radacct             (acctsessionid, acctuniqueid, username,              realm, nasipaddress, nasportid,              nasporttype, acctstarttime, acctstoptime,              acctsessiontime, acctauthentic, connectinfo_start,              connectinfo_stop, acctinputoctets, acctoutputoctets,              calledstationid, callingstationid, acctterminatecause,              servicetype, framedprotocol, framedipaddress,              acctstartdelay, acctstopdelay)           VALUES             ('%{Acct-Session-Id}', '%{Acct-Unique-Session-Id}',              '%{SQL-User-Name}',              '%{Realm}', '%{NAS-IP-Address}', '%{NAS-Port}',              '%{NAS-Port-Type}',              DATE_SUB('%S',                  INTERVAL (%{%{Acct-Session-Time}:-0} +                  %{%{Acct-Delay-Time}:-0}) SECOND),              '%S', '%{Acct-Session-Time}', '%{Acct-Authentic}', '',              '%{Connect-Info}',              '%{%{Acct-Input-Gig
 awords}:-0}' << 32 |              '%{%{Acct-Input-Octets}:-0}',              '%{%{Acct-Output-Gigawords}:-0}' << 32 |              '%{%{Acct-Output-Octets}:-0}',              '%{Called-Station-Id}', '%{Calling-Station-Id}',              '%{Acct-Terminate-Cause}',              '%{Service-Type}', '%{Framed-Protocol}', '%{Framed-IP-Address}',              '0', '%{%{Acct-Delay-Time}:-0}')"
	group_membership_query = "SELECT 'foo'           FROM user           WHERE _address = '_never_match'"
	connect_failure_retry_delay = 60
	simul_count_query = ""
	simul_verify_query = "SELECT radacctid, acctsessionid, username,                                nasipaddress, nasportid, framedipaddress,                                callingstationid, framedprotocol                                FROM radacct                                WHERE username = '%{SQL-User-Name}'                                AND acctstoptime IS NULL"
	postauth_query = "INSERT INTO radpostauth                           (username, pass, reply, authdate)                           VALUES (                           '%{User-Name}',                           '%{%{User-Password}:-%{Chap-Password}}',                           '%{reply:Packet-Type}', '%S')"
	safe-characters = "@abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789.-_: /"
  }
rlm_sql (external_eduroam_sql0): Driver rlm_sql_mysql (module rlm_sql_mysql) loaded and linked
rlm_sql (external_eduroam_sql0): Attempting to connect to freeradius at mdb0.kfki.hu:/postfilter_replicated
rlm_sql (external_eduroam_sql0): starting 0
rlm_sql (external_eduroam_sql0): Attempting to connect rlm_sql_mysql #0
rlm_sql_mysql: Starting connect to MySQL server for #0
rlm_sql (external_eduroam_sql0): Connected new DB handle, #0
rlm_sql (external_eduroam_sql0): starting 1
rlm_sql (external_eduroam_sql0): Attempting to connect rlm_sql_mysql #1
rlm_sql_mysql: Starting connect to MySQL server for #1
rlm_sql (external_eduroam_sql0): Connected new DB handle, #1
rlm_sql (external_eduroam_sql0): starting 2
rlm_sql (external_eduroam_sql0): Attempting to connect rlm_sql_mysql #2
rlm_sql_mysql: Starting connect to MySQL server for #2
rlm_sql (external_eduroam_sql0): Connected new DB handle, #2
 Module: Instantiating external_eduroam_sql1
  sql external_eduroam_sql1 {
	driver = "rlm_sql_mysql"
	server = "mdb1.kfki.hu"
	port = ""
	login = "XXXXX"
	password = "XXXXX"
	radius_db = "postfilter_replicated"
	read_groups = yes
	sqltrace = yes
	sqltracefile = "/var/log/freeradius/sqltrace.sql"
	readclients = no
	deletestalesessions = no
	num_sql_socks = 3
	lifetime = 0
	max_queries = 0
	sql_user_name = "%{User-Name}"
	default_user_profile = ""
	nas_query = "SELECT _userid, 'foo', 'foo', 'foo', 'foo' FROM user 		    WHERE _address = '_never_match'"
	authorize_check_query = "SELECT _userid, _address, 'Password', _passwd, ':='           FROM user           WHERE _address = '%{SQL-User-Name}' and _passwd != '' and 		(_hidden = 0 or _address like '%-test at eduroam.kfki.hu')           ORDER BY _userid"
	authorize_reply_query = "SELECT _userid, _address, 'foo', 'foo', '=='           FROM user           WHERE _address = '_never_match'"
	authorize_group_check_query = "SELECT _userid, _address, 'foo', 'foo', '==' 	   FROM  radgroupcheck 	   WHERE _address = '_never_match'"
	authorize_group_reply_query = "SELECT _userid, _address, 'foo', 'foo', '==' 	   FROM  radgroupcheck 	   WHERE _address = '_never_match'"
	accounting_onoff_query = "          UPDATE radacct           SET              acctstoptime       =  '%S',              acctsessiontime    =  unix_timestamp('%S') -                                    unix_timestamp(acctstarttime),              acctterminatecause =  '%{Acct-Terminate-Cause}',              acctstopdelay      =  %{%{Acct-Delay-Time}:-0}           WHERE acctstoptime IS NULL           AND nasipaddress      =  '%{NAS-IP-Address}'           AND acctstarttime     <= '%S'"
	accounting_update_query = "           UPDATE radacct           SET              framedipaddress = '%{Framed-IP-Address}',              acctsessiontime     = '%{Acct-Session-Time}',              acctinputoctets     = '%{%{Acct-Input-Gigawords}:-0}'  << 32 |                                    '%{%{Acct-Input-Octets}:-0}',              acctoutputoctets    = '%{%{Acct-Output-Gigawords}:-0}' << 32 |                                    '%{%{Acct-Output-Octets}:-0}'           WHERE acctsessionid = '%{Acct-Session-Id}'           AND username        = '%{SQL-User-Name}'           AND nasipaddress    = '%{NAS-IP-Address}'"
	accounting_update_query_alt = "           INSERT INTO radacct             (acctsessionid,    acctuniqueid,      username,              realm,            nasipaddress,      nasportid,              nasporttype,      acctstarttime,     acctsessiontime,              acctauthentic,    connectinfo_start, acctinputoctets,              acctoutputoctets, calledstationid,   callingstationid,              servicetype,      framedprotocol,    framedipaddress,              acctstartdelay,   xascendsessionsvrkey)           VALUES             ('%{Acct-Session-Id}', '%{Acct-Unique-Session-Id}',              '%{SQL-User-Name}',              '%{Realm}', '%{NAS-IP-Address}', '%{NAS-Port}',              '%{NAS-Port-Type}',              DATE_SUB('%S',                       INTERVAL (%{%{Acct-Session-Time}:-0} +                                 %{%{Acct-Delay-Time}:-0}) SECOND),                       '%{Acct-Session-Time}',              '%{Acct-Authentic}', '',              '%{%{Acct-Input-Gigawor
 ds}:-0}' << 32 |              '%{%{Acct-Input-Octets}:-0}',              '%{%{Acct-Output-Gigawords}:-0}' << 32 |              '%{%{Acct-Output-Octets}:-0}',              '%{Called-Station-Id}', '%{Calling-Station-Id}',              '%{Service-Type}', '%{Framed-Protocol}',              '%{Framed-IP-Address}',              '0', '%{X-Ascend-Session-Svr-Key}')"
	accounting_start_query = "           INSERT INTO radacct             (acctsessionid,    acctuniqueid,     username,              realm,            nasipaddress,     nasportid,              nasporttype,      acctstarttime,    acctstoptime,              acctsessiontime,  acctauthentic,    connectinfo_start,              connectinfo_stop, acctinputoctets,  acctoutputoctets,              calledstationid,  callingstationid, acctterminatecause,              servicetype,      framedprotocol,   framedipaddress,              acctstartdelay,   acctstopdelay,    xascendsessionsvrkey)           VALUES             ('%{Acct-Session-Id}', '%{Acct-Unique-Session-Id}',              '%{SQL-User-Name}',              '%{Realm}', '%{NAS-IP-Address}', '%{NAS-Port}',              '%{NAS-Port-Type}', '%S', NULL,              '0', '%{Acct-Authentic}', '%{Connect-Info}',              '', '0', '0',              '%{Called-Station-Id}', '%{Calling-Station-Id}', '',              '%{Service-Type}', '%{Fra
 med-Protocol}', '%{Framed-IP-Address}',              '%{%{Acct-Delay-Time}:-0}', '0', '%{X-Ascend-Session-Svr-Key}')"
	accounting_start_query_alt = "           UPDATE radacct SET              acctstarttime     = '%S',              acctstartdelay    = '%{%{Acct-Delay-Time}:-0}',              connectinfo_start = '%{Connect-Info}'           WHERE acctsessionid  = '%{Acct-Session-Id}'           AND username         = '%{SQL-User-Name}'           AND nasipaddress     = '%{NAS-IP-Address}'"
	accounting_stop_query = "           UPDATE radacct SET              acctstoptime       = '%S',              acctsessiontime    = '%{Acct-Session-Time}',              acctinputoctets    = '%{%{Acct-Input-Gigawords}:-0}' << 32 |                                   '%{%{Acct-Input-Octets}:-0}',              acctoutputoctets   = '%{%{Acct-Output-Gigawords}:-0}' << 32 |                                   '%{%{Acct-Output-Octets}:-0}',              acctterminatecause = '%{Acct-Terminate-Cause}',              acctstopdelay      = '%{%{Acct-Delay-Time}:-0}',              connectinfo_stop   = '%{Connect-Info}'           WHERE acctsessionid   = '%{Acct-Session-Id}'           AND username          = '%{SQL-User-Name}'           AND nasipaddress      = '%{NAS-IP-Address}'"
	accounting_stop_query_alt = "           INSERT INTO radacct             (acctsessionid, acctuniqueid, username,              realm, nasipaddress, nasportid,              nasporttype, acctstarttime, acctstoptime,              acctsessiontime, acctauthentic, connectinfo_start,              connectinfo_stop, acctinputoctets, acctoutputoctets,              calledstationid, callingstationid, acctterminatecause,              servicetype, framedprotocol, framedipaddress,              acctstartdelay, acctstopdelay)           VALUES             ('%{Acct-Session-Id}', '%{Acct-Unique-Session-Id}',              '%{SQL-User-Name}',              '%{Realm}', '%{NAS-IP-Address}', '%{NAS-Port}',              '%{NAS-Port-Type}',              DATE_SUB('%S',                  INTERVAL (%{%{Acct-Session-Time}:-0} +                  %{%{Acct-Delay-Time}:-0}) SECOND),              '%S', '%{Acct-Session-Time}', '%{Acct-Authentic}', '',              '%{Connect-Info}',              '%{%{Acct-Input-Gig
 awords}:-0}' << 32 |              '%{%{Acct-Input-Octets}:-0}',              '%{%{Acct-Output-Gigawords}:-0}' << 32 |              '%{%{Acct-Output-Octets}:-0}',              '%{Called-Station-Id}', '%{Calling-Station-Id}',              '%{Acct-Terminate-Cause}',              '%{Service-Type}', '%{Framed-Protocol}', '%{Framed-IP-Address}',              '0', '%{%{Acct-Delay-Time}:-0}')"
	group_membership_query = "SELECT 'foo'           FROM user           WHERE _address = '_never_match'"
	connect_failure_retry_delay = 60
	simul_count_query = ""
	simul_verify_query = "SELECT radacctid, acctsessionid, username,                                nasipaddress, nasportid, framedipaddress,                                callingstationid, framedprotocol                                FROM radacct                                WHERE username = '%{SQL-User-Name}'                                AND acctstoptime IS NULL"
	postauth_query = "INSERT INTO radpostauth                           (username, pass, reply, authdate)                           VALUES (                           '%{User-Name}',                           '%{%{User-Password}:-%{Chap-Password}}',                           '%{reply:Packet-Type}', '%S')"
	safe-characters = "@abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789.-_: /"
  }
rlm_sql (external_eduroam_sql1): Driver rlm_sql_mysql (module rlm_sql_mysql) loaded and linked
rlm_sql (external_eduroam_sql1): Attempting to connect to freeradius at mdb1.kfki.hu:/postfilter_replicated
rlm_sql (external_eduroam_sql1): starting 0
rlm_sql (external_eduroam_sql1): Attempting to connect rlm_sql_mysql #0
rlm_sql_mysql: Starting connect to MySQL server for #0
rlm_sql (external_eduroam_sql1): Connected new DB handle, #0
rlm_sql (external_eduroam_sql1): starting 1
rlm_sql (external_eduroam_sql1): Attempting to connect rlm_sql_mysql #1
rlm_sql_mysql: Starting connect to MySQL server for #1
rlm_sql (external_eduroam_sql1): Connected new DB handle, #1
rlm_sql (external_eduroam_sql1): starting 2
rlm_sql (external_eduroam_sql1): Attempting to connect rlm_sql_mysql #2
rlm_sql_mysql: Starting connect to MySQL server for #2
rlm_sql (external_eduroam_sql1): Connected new DB handle, #2
 Module: Checking preacct {...} for more modules to load
 Module: Checking accounting {...} for more modules to load
 Module: Checking session {...} for more modules to load
 Module: Checking post-proxy {...} for more modules to load
 Module: Checking post-auth {...} for more modules to load
 } # modules
} # server
radiusd: #### Opening IP addresses and Ports ####
listen {
	type = "auth"
	ipaddr = 148.6.2.30
	port = 0
	clients = "niif"
  client 195.111.98.4 {
	require_message_authenticator = no
	secret = "XXXXX"
	shortname = "radius1.eduroam.hu"
  }
  client 195.111.98.12 {
	require_message_authenticator = no
	secret = "XXXXXX"
	shortname = "radius2.eduroam.hu"
  }
}
listen {
	type = "acct"
	ipaddr = 148.6.2.30
	port = 0
	clients = "niif"
}
listen {
	type = "auth"
	ipaddr = 148.6.0.31
	port = 0
	clients = "eduroam"
  client 148.6.136.130 {
	require_message_authenticator = no
	secret = "XXXXX"
	shortname = "Linksys-WRT160NL-konyvtar"
  }
  client 148.6.152.0/24 {
	require_message_authenticator = no
	secret = "XXXXX"
	shortname = "rmki-wifi.kfki.hu"
  }
  client 127.0.0.1 {
	require_message_authenticator = no
	secret = "XXXXX"
	shortname = "eapol_test"
  }
}
listen {
	type = "auth"
	ipaddr = 148.6.0.30
	port = 0
	clients = "rmki"
  client 148.6.152.0/24 {
	require_message_authenticator = no
	secret = "XXXXXX"
	shortname = "rmki-wifi.kfki.hu"
  }
}
Listening on authentication address 148.6.2.30 port 1812
Listening on accounting address 148.6.2.30 port 1813
Listening on authentication address 148.6.0.31 port 1812 as server eduroam
Listening on authentication address 148.6.0.30 port 1812 as server rmki
Listening on proxy address 148.6.2.30 port 1814
Ready to process requests.
rad_recv: Access-Request packet from host 127.0.0.1 port 43327, id=0, length=160
	User-Name = "anonymous at teszt.eduroam.hu"
	NAS-IP-Address = 127.0.0.1
	Calling-Station-Id = "02-00-00-00-00-01"
	Framed-MTU = 1400
	NAS-Port-Type = Wireless-802.11
	Connect-Info = "CONNECT 11Mbps 802.11b"
	EAP-Message = 0x0200001f01616e6f6e796d6f7573407465737a742e656475726f616d2e6875
	Message-Authenticator = 0x706e571edced36e33cfa25ddcffa74c1
server eduroam {
+- entering group authorize {...}
++[preprocess] returns ok
[auth_log] 	expand: /var/log/freeradius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d -> /var/log/freeradius/radacct/127.0.0.1/auth-detail-20100831
[auth_log] /var/log/freeradius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d expands to /var/log/freeradius/radacct/127.0.0.1/auth-detail-20100831
[auth_log] 	expand: %t -> Tue Aug 31 15:42:13 2010
++[auth_log] returns ok
++[chap] returns noop
++[mschap] returns noop
[eap] EAP packet type response id 0 length 31
[eap] No EAP Start, assuming it's an on-going EAP conversation
++[eap] returns updated
[eduroam_files] 	expand: %{User-Name} -> anonymous at teszt.eduroam.hu
[eduroam_files] 	expand: %{User-Name} -> anonymous at teszt.eduroam.hu
[eduroam_files] users: Matched entry DEFAULT at line 214
++[eduroam_files] returns ok
++- entering group  {...}
[internal_eduroam_sql0] 	expand: %{User-Name} -> anonymous at teszt.eduroam.hu
[internal_eduroam_sql0] sql_set_user escaped user --> 'anonymous at teszt.eduroam.hu'
rlm_sql (internal_eduroam_sql0): Reserving sql socket id: 2
[internal_eduroam_sql0] 	expand: SELECT _userid, _address, 'Password', _passwd, ':='           FROM user           WHERE _address = '%{SQL-User-Name}' and _passwd != '' and 		(_hidden = 0 or _address like '%%@eduroam.kfki.hu')           ORDER BY _userid -> SELECT _userid, _address, 'Password', _passwd, ':='           FROM user           WHERE _address = 'anonymous at teszt.eduroam.hu' and _passwd != '' and 		(_hidden = 0 or _address like '%@eduroam.kfki.hu')           ORDER BY _userid
rlm_sql_mysql: query:  SELECT _userid, _address, 'Password', _passwd, ':='           FROM user           WHERE _address = 'anonymous at teszt.eduroam.hu' and _passwd != '' and 		(_hidden = 0 or _address like '%@eduroam.kfki.hu')           ORDER BY _userid
[internal_eduroam_sql0] 	expand: SELECT 'foo'           FROM user           WHERE _address = '_never_match' -> SELECT 'foo'           FROM user           WHERE _address = '_never_match'
rlm_sql_mysql: query:  SELECT 'foo'           FROM user           WHERE _address = '_never_match'
rlm_sql (internal_eduroam_sql0): Released sql socket id: 2
[internal_eduroam_sql0] User anonymous at teszt.eduroam.hu not found
+++[internal_eduroam_sql0] returns notfound
++- group  returns notfound
++[pap] returns noop
} # server eduroam
+- entering group pre-proxy {...}
[pre_proxy_log] 	expand: /var/log/freeradius/radacct/%{Client-IP-Address}/pre-proxy-detail-%Y%m%d -> /var/log/freeradius/radacct/127.0.0.1/pre-proxy-detail-20100831
[pre_proxy_log] /var/log/freeradius/radacct/%{Client-IP-Address}/pre-proxy-detail-%Y%m%d expands to /var/log/freeradius/radacct/127.0.0.1/pre-proxy-detail-20100831
[pre_proxy_log] 	expand: %t -> Tue Aug 31 15:42:13 2010
++[pre_proxy_log] returns ok
Sending Access-Request of id 135 to 195.111.98.4 port 1812
	User-Name = "anonymous at teszt.eduroam.hu"
	NAS-IP-Address = 127.0.0.1
	Calling-Station-Id = "02-00-00-00-00-01"
	Framed-MTU = 1400
	NAS-Port-Type = Wireless-802.11
	Connect-Info = "CONNECT 11Mbps 802.11b"
	EAP-Message = 0x0200001f01616e6f6e796d6f7573407465737a742e656475726f616d2e6875
	Message-Authenticator = 0x00000000000000000000000000000000
	Proxy-State = 0x30
Proxying request 0 to home server 195.111.98.4 port 1812
Sending Access-Request of id 135 to 195.111.98.4 port 1812
	User-Name = "anonymous at teszt.eduroam.hu"
	NAS-IP-Address = 127.0.0.1
	Calling-Station-Id = "02-00-00-00-00-01"
	Framed-MTU = 1400
	NAS-Port-Type = Wireless-802.11
	Connect-Info = "CONNECT 11Mbps 802.11b"
	EAP-Message = 0x0200001f01616e6f6e796d6f7573407465737a742e656475726f616d2e6875
	Message-Authenticator = 0x00000000000000000000000000000000
	Proxy-State = 0x30
Going to the next request
Waking up in 0.9 seconds.
rad_recv: Access-Challenge packet from host 195.111.98.4 port 1812, id=135, length=83
	EAP-Message = 0x01010016041022d3f4e04054d141de2db747ed24ddba
	Message-Authenticator = 0x18822b85b96e5f7846c9fbf655d2ce11
	State = 0x8369c1185f3abd4277dd0989237883a5
	Proxy-State = 0x30
+- entering group post-proxy {...}
[post_proxy_log] 	expand: /var/log/freeradius/radacct/%{Client-IP-Address}/post-proxy-detail-%Y%m%d -> /var/log/freeradius/radacct/127.0.0.1/post-proxy-detail-20100831
[post_proxy_log] /var/log/freeradius/radacct/%{Client-IP-Address}/post-proxy-detail-%Y%m%d expands to /var/log/freeradius/radacct/127.0.0.1/post-proxy-detail-20100831
[post_proxy_log] 	expand: %t -> Tue Aug 31 15:42:13 2010
++[post_proxy_log] returns ok
server eduroam {
} # server eduroam
Sending Access-Challenge of id 0 to 127.0.0.1 port 43327
	EAP-Message = 0x01010016041022d3f4e04054d141de2db747ed24ddba
	Message-Authenticator = 0x00000000000000000000000000000000
	State = 0x8369c1185f3abd4277dd0989237883a5
Finished request 0.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 127.0.0.1 port 43327, id=1, length=153
	User-Name = "anonymous at teszt.eduroam.hu"
	NAS-IP-Address = 127.0.0.1
	Calling-Station-Id = "02-00-00-00-00-01"
	Framed-MTU = 1400
	NAS-Port-Type = Wireless-802.11
	Connect-Info = "CONNECT 11Mbps 802.11b"
	EAP-Message = 0x020100060315
	State = 0x8369c1185f3abd4277dd0989237883a5
	Message-Authenticator = 0x58cdcae38aacbb23e6220e7224ef5627
server eduroam {
+- entering group authorize {...}
++[preprocess] returns ok
[auth_log] 	expand: /var/log/freeradius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d -> /var/log/freeradius/radacct/127.0.0.1/auth-detail-20100831
[auth_log] /var/log/freeradius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d expands to /var/log/freeradius/radacct/127.0.0.1/auth-detail-20100831
[auth_log] 	expand: %t -> Tue Aug 31 15:42:13 2010
++[auth_log] returns ok
++[chap] returns noop
++[mschap] returns noop
[eap] EAP packet type response id 1 length 6
[eap] No EAP Start, assuming it's an on-going EAP conversation
++[eap] returns updated
[eduroam_files] 	expand: %{User-Name} -> anonymous at teszt.eduroam.hu
[eduroam_files] 	expand: %{User-Name} -> anonymous at teszt.eduroam.hu
[eduroam_files] users: Matched entry DEFAULT at line 214
++[eduroam_files] returns ok
++- entering group  {...}
[internal_eduroam_sql0] 	expand: %{User-Name} -> anonymous at teszt.eduroam.hu
[internal_eduroam_sql0] sql_set_user escaped user --> 'anonymous at teszt.eduroam.hu'
rlm_sql (internal_eduroam_sql0): Reserving sql socket id: 1
[internal_eduroam_sql0] 	expand: SELECT _userid, _address, 'Password', _passwd, ':='           FROM user           WHERE _address = '%{SQL-User-Name}' and _passwd != '' and 		(_hidden = 0 or _address like '%%@eduroam.kfki.hu')           ORDER BY _userid -> SELECT _userid, _address, 'Password', _passwd, ':='           FROM user           WHERE _address = 'anonymous at teszt.eduroam.hu' and _passwd != '' and 		(_hidden = 0 or _address like '%@eduroam.kfki.hu')           ORDER BY _userid
rlm_sql_mysql: query:  SELECT _userid, _address, 'Password', _passwd, ':='           FROM user           WHERE _address = 'anonymous at teszt.eduroam.hu' and _passwd != '' and 		(_hidden = 0 or _address like '%@eduroam.kfki.hu')           ORDER BY _userid
[internal_eduroam_sql0] 	expand: SELECT 'foo'           FROM user           WHERE _address = '_never_match' -> SELECT 'foo'           FROM user           WHERE _address = '_never_match'
rlm_sql_mysql: query:  SELECT 'foo'           FROM user           WHERE _address = '_never_match'
rlm_sql (internal_eduroam_sql0): Released sql socket id: 1
[internal_eduroam_sql0] User anonymous at teszt.eduroam.hu not found
+++[internal_eduroam_sql0] returns notfound
++- group  returns notfound
++[pap] returns noop
} # server eduroam
+- entering group pre-proxy {...}
[pre_proxy_log] 	expand: /var/log/freeradius/radacct/%{Client-IP-Address}/pre-proxy-detail-%Y%m%d -> /var/log/freeradius/radacct/127.0.0.1/pre-proxy-detail-20100831
[pre_proxy_log] /var/log/freeradius/radacct/%{Client-IP-Address}/pre-proxy-detail-%Y%m%d expands to /var/log/freeradius/radacct/127.0.0.1/pre-proxy-detail-20100831
[pre_proxy_log] 	expand: %t -> Tue Aug 31 15:42:13 2010
++[pre_proxy_log] returns ok
Sending Access-Request of id 67 to 195.111.98.4 port 1812
	User-Name = "anonymous at teszt.eduroam.hu"
	NAS-IP-Address = 127.0.0.1
	Calling-Station-Id = "02-00-00-00-00-01"
	Framed-MTU = 1400
	NAS-Port-Type = Wireless-802.11
	Connect-Info = "CONNECT 11Mbps 802.11b"
	EAP-Message = 0x020100060315
	State = 0x8369c1185f3abd4277dd0989237883a5
	Message-Authenticator = 0x00000000000000000000000000000000
	Proxy-State = 0x31
Proxying request 1 to home server 195.111.98.4 port 1812
Sending Access-Request of id 67 to 195.111.98.4 port 1812
	User-Name = "anonymous at teszt.eduroam.hu"
	NAS-IP-Address = 127.0.0.1
	Calling-Station-Id = "02-00-00-00-00-01"
	Framed-MTU = 1400
	NAS-Port-Type = Wireless-802.11
	Connect-Info = "CONNECT 11Mbps 802.11b"
	EAP-Message = 0x020100060315
	State = 0x8369c1185f3abd4277dd0989237883a5
	Message-Authenticator = 0x00000000000000000000000000000000
	Proxy-State = 0x31
Going to the next request
Waking up in 0.9 seconds.
rad_recv: Access-Challenge packet from host 195.111.98.4 port 1812, id=67, length=67
	EAP-Message = 0x010200061520
	Message-Authenticator = 0xc986105bccde929701773e5a5bbd4ee9
	State = 0x4479a45fed6434ea9559f7217d2351e7
	Proxy-State = 0x31
+- entering group post-proxy {...}
[post_proxy_log] 	expand: /var/log/freeradius/radacct/%{Client-IP-Address}/post-proxy-detail-%Y%m%d -> /var/log/freeradius/radacct/127.0.0.1/post-proxy-detail-20100831
[post_proxy_log] /var/log/freeradius/radacct/%{Client-IP-Address}/post-proxy-detail-%Y%m%d expands to /var/log/freeradius/radacct/127.0.0.1/post-proxy-detail-20100831
[post_proxy_log] 	expand: %t -> Tue Aug 31 15:42:13 2010
++[post_proxy_log] returns ok
server eduroam {
} # server eduroam
Sending Access-Challenge of id 1 to 127.0.0.1 port 43327
	EAP-Message = 0x010200061520
	Message-Authenticator = 0x00000000000000000000000000000000
	State = 0x4479a45fed6434ea9559f7217d2351e7
Finished request 1.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 127.0.0.1 port 43327, id=2, length=240
	User-Name = "anonymous at teszt.eduroam.hu"
	NAS-IP-Address = 127.0.0.1
	Calling-Station-Id = "02-00-00-00-00-01"
	Framed-MTU = 1400
	NAS-Port-Type = Wireless-802.11
	Connect-Info = "CONNECT 11Mbps 802.11b"
	EAP-Message = 0x0202005d150016030100520100004e03014c7d06b535a702a328f3ce39c466ca5001f788dc64fb4fa87d350230a40c2ce900002600390038003500160013000a00330032002f0005000400150012000900140011000800060003020100
	State = 0x4479a45fed6434ea9559f7217d2351e7
	Message-Authenticator = 0x338c327f4f8ef7b0234194983b9d104e
server eduroam {
+- entering group authorize {...}
++[preprocess] returns ok
[auth_log] 	expand: /var/log/freeradius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d -> /var/log/freeradius/radacct/127.0.0.1/auth-detail-20100831
[auth_log] /var/log/freeradius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d expands to /var/log/freeradius/radacct/127.0.0.1/auth-detail-20100831
[auth_log] 	expand: %t -> Tue Aug 31 15:42:13 2010
++[auth_log] returns ok
++[chap] returns noop
++[mschap] returns noop
[eap] EAP packet type response id 2 length 93
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
+- entering group authenticate {...}
rlm_eap: No EAP session matching the State variable.
[eap] Either EAP-request timed out OR EAP-response to an unknown EAP-request
[eap] Failed in handler
++[eap] returns invalid
Failed to authenticate the user.
Login incorrect: [anonymous at teszt.eduroam.hu] (from client eapol_test port 0 cli 02-00-00-00-00-01)
} # server eduroam
Delaying reject of request 2 for 1 seconds
Going to the next request
Waking up in 0.9 seconds.
Sending delayed reject for request 2
Sending Access-Reject of id 2 to 127.0.0.1 port 43327
Waking up in 3.9 seconds.

Best regards,
Jozsef
--
E-mail : kadlec at mail.kfki.hu, kadlec at blackhole.kfki.hu
PGP key: http://www.kfki.hu/~kadlec/pgp_public_key.txt
Address: KFKI Research Institute for Particle and Nuclear Physics
         H-1525 Budapest 114, POB. 49, Hungary


More information about the Freeradius-Users mailing list