Reply attribute in access-accept while doing eap-mschapv2

free.aaa free.aaa at gmail.com
Fri May 23 13:27:39 CEST 2014 

Hi Alan,
> radiusd -X

Here it is the output starting with eap module:

(3) # Executing group from file /usr/local/etc/raddb/sites-enabled/default
(3)   authenticate {
(3) eap : Expiring EAP session with state 0x5a52ce915851d4f0
(3) eap : Finished EAP session with state 0x5a52ce915851d4f0
(3) eap : Previous EAP request found for state 0x5a52ce915851d4f0, 
released from the list
(3) eap : Peer sent MSCHAPv2 (26)
(3) eap : EAP MSCHAPv2 (26)
(3) eap : Calling eap_mschapv2 to process EAP data
(3) eap : Freeing handler
(3)   [eap] = ok
(3)  } #  authenticate = ok
(3) # Executing section post-auth from file 
/usr/local/etc/raddb/sites-enabled/default
(3)   post-auth {
(3)   switch &Huntgroup-Name {
(3)    case hVPN {
(3) *update reply {**
**(3) EXPAND %{Class}**
**(3)    -->**
**(3)     Class = 0x*
(3)     } # update reply = noop
(3)    } # case hVPN = noop
(3)   } # switch &Huntgroup-Name = noop
(3) sql : EXPAND .query
(3) sql :    --> .query
(3) sql : Using query template 'query'
rlm_sql (sql): Reserved connection (4)
(3) sql : EXPAND %{User-Name}
(3) sql :    --> alex
(3) sql : SQL-User-Name set to 'alex'
(3) sql : EXPAND INSERT INTO radpostauth (username, pass, reply, 
authdate) VALUES ( '%{SQL-User-Name}', 
'%{%{User-Password}:-%{Chap-Password}}', '%{reply:Packet-Type}', '%S')
(3) sql :    --> INSERT INTO radpostauth (username, pass, reply, 
authdate) VALUES ( 'alex', '', 'Access-Accept', '2014-05-23 19:18:39')
rlm_sql (sql): Executing query: 'INSERT INTO radpostauth (username, 
pass, reply, authdate) VALUES ( 'alex', '', 'Access-Accept', '2014-05-23 
19:18:39')'
rlm_sql (sql): Released connection (4)
(3)   [sql] = ok
(3)   [exec] = noop
(3)   remove_reply_message_if_eap remove_reply_message_if_eap {
(3)     if (reply:EAP-Message && reply:Reply-Message)
(3)     if (reply:EAP-Message && reply:Reply-Message)  -> FALSE
(3)    else else {
(3)     [noop] = noop
(3)    } # else else = noop
(3)   } # remove_reply_message_if_eap remove_reply_message_if_eap = noop
(3)  } #  post-auth = ok
Sending Access-Accept Id 35 from 192.168.10.191:1812 to 192.168.10.201:37584
         MS-MPPE-Encryption-Policy = Encryption-Allowed
         MS-MPPE-Encryption-Types = RC4-40or128-bit-Allowed
         MS-MPPE-Send-Key = 0xf8d37a9bb5a0ba0255cdf0b35460fedb
         MS-MPPE-Recv-Key = 0xe07010b108e1d452513af46337a818aa
         EAP-Message = 0x03030004
         Message-Authenticator = 0x00000000000000000000000000000000
         User-Name = 'alex'
*Class = 0x*
(3) Finished request

This is a result when I do:
post-auth {
   update reply {
                     Class = "%{Class}"
    }
}
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20140523/c91138bd/attachment.html>

More information about the Freeradius-Users mailing list