Hi all<br>We have a strange propmlem with our RADIUS Server.<br>I'm not the RADIUS expert and take over this Server and configuration... :-(<br><br>From time to time the users are not able to login, sometime it works and sometime it works only from 1 or 2 accesspopints (we have 10 accesspoints).<br>
<br>Attached you'll find the configuration and a snap from the RADIUS-log in debugmode.<br><br>Accesspoints are Linksys WRT54GL with Tomato 1.23<br><br>We are running FreeRadius 2.0.5 on Gentoo Linux 2.6.27-r27.<br>Could it be if we running FreeRadius on another OS we have less problems ?!?<br>
<br>Thanks a lot !<br>Best wishes, Frank<br><br>Errormessages from radiusd -X:<br>rad_recv: Access-Request packet from host 10.0.0.15 port 2048, id=6, length=139<br> User-Name = "hummel.daniel"<br> NAS-IP-Address = 10.0.0.15<br>
Called-Station-Id = "00226b8df369"<br> Calling-Station-Id = "001de03c1333"<br> NAS-Identifier = "00226b8df369"<br> NAS-Port = 28<br> Framed-MTU = 1400<br> NAS-Port-Type = Wireless-802.11<br>
EAP-Message = 0x020000120168756d6d656c2e64616e69656c<br> Message-Authenticator = 0xc4150c77c1b15ce73bb23597f026471a<br>+- entering group authorize<br> expand: %{User-Name} -> hummel.daniel<br>rlm_sql (sql): sql_set_user escaped user --> 'hummel.daniel'<br>
rlm_sql (sql): Reserving sql socket id: 1<br> expand: SELECT id, username, attribute, value, op FROM radcheck WHERE username = '%{SQL-User-Name}' ORDER BY id -> SELECT id, username, attribute, value, op FROM radcheck WHERE username = 'hummel.daniel' ORDER BY id<br>
rlm_sql (sql): User found in radcheck table<br> expand: SELECT id, username, attribute, value, op FROM radreply WHERE username = '%{SQL-User-Name}' ORDER BY id -> SELECT id, username, attribute, value, op FROM radreply WHERE username = 'hummel.daniel' ORDER BY id<br>
expand: SELECT groupname FROM radusergroup WHERE username = '%{SQL-User-Name}' ORDER BY priority -> SELECT groupname FROM radusergroup WHERE username = 'hummel.daniel' ORDER BY priority<br>
rlm_sql (sql): Released sql socket id: 1<br>++[sql] returns ok<br>++[files] returns noop<br>++[mschap] returns noop<br> rlm_eap: EAP packet type response id 0 length 18<br> rlm_eap: No EAP Start, assuming it's an on-going EAP conversation<br>
++[eap] returns updated<br> rad_check_password: Found Auth-Type EAP<br>auth: type "EAP"<br>+- entering group authenticate<br> rlm_eap: EAP Identity<br> rlm_eap: processing type tls<br> rlm_eap_tls: Initiate<br>
rlm_eap_tls: Start returned 1<br>++[eap] returns handled<br>Sending Access-Challenge of id 6 to 10.0.0.15 port 2048<br> EAP-Message = 0x010100061520<br> Message-Authenticator = 0x00000000000000000000000000000000<br>
State = 0xe01ba3a4e01ab604a48cd5e81844c9b7<br>Finished request 92.<br>Going to the next request<br>Waking up in 4.9 seconds.<br>rad_recv: Access-Request packet from host 10.0.0.15 port 2048, id=6, length=145<br>Cleaning up request 92 ID 6 with timestamp +1637<br>
User-Name = "hummel.daniel"<br> NAS-IP-Address = 10.0.0.15<br> Called-Station-Id = "00226b8df369"<br> Calling-Station-Id = "001de03c1333"<br> NAS-Identifier = "00226b8df369"<br>
NAS-Port = 28<br> Framed-MTU = 1400<br> State = 0xe01ba3a4e01ab604a48cd5e81844c9b7<br> NAS-Port-Type = Wireless-802.11<br> EAP-Message = 0x020100060319<br> Message-Authenticator = 0x0b24d65028ad5d79b81610cd54488cfa<br>
+- entering group authorize<br> expand: %{User-Name} -> hummel.daniel<br>rlm_sql (sql): sql_set_user escaped user --> 'hummel.daniel'<br>rlm_sql (sql): Reserving sql socket id: 0<br> expand: SELECT id, username, attribute, value, op FROM radcheck WHERE username = '%{SQL-User-Name}' ORDER BY id -> SELECT id, username, attribute, value, op FROM radcheck WHERE username = 'hummel.daniel' ORDER BY id<br>
rlm_sql (sql): User found in radcheck table<br> expand: SELECT id, username, attribute, value, op FROM radreply WHERE username = '%{SQL-User-Name}' ORDER BY id -> SELECT id, username, attribute, value, op FROM radreply WHERE username = 'hummel.daniel' ORDER BY id<br>
expand: SELECT groupname FROM radusergroup WHERE username = '%{SQL-User-Name}' ORDER BY priority -> SELECT groupname FROM radusergroup WHERE username = 'hummel.daniel' ORDER BY priority<br>
rlm_sql (sql): Released sql socket id: 0<br>++[sql] returns ok<br>++[files] returns noop<br>++[mschap] returns noop<br> rlm_eap: EAP packet type response id 1 length 6<br> rlm_eap: No EAP Start, assuming it's an on-going EAP conversation<br>
++[eap] returns updated<br> rad_check_password: Found Auth-Type EAP<br>auth: type "EAP"<br>+- entering group authenticate<br> rlm_eap: Request found, released from the list<br> rlm_eap: EAP NAK<br> rlm_eap: EAP-NAK asked for EAP-Type/peap<br>
rlm_eap: processing type tls<br> rlm_eap_tls: Initiate<br> rlm_eap_tls: Start returned 1<br>++[eap] returns handled<br>Sending Access-Challenge of id 6 to 10.0.0.15 port 2048<br> EAP-Message = 0x010200061920<br> Message-Authenticator = 0x00000000000000000000000000000000<br>
State = 0xe01ba3a4e119ba04a48cd5e81844c9b7<br>Finished request 93.<br>Going to the next request<br>Waking up in 4.9 seconds.<br>rad_recv: Access-Request packet from host 10.0.0.15 port 2048, id=6, length=295<br>Cleaning up request 93 ID 6 with timestamp +1637<br>
User-Name = "hummel.daniel"<br> NAS-IP-Address = 10.0.0.15<br> Called-Station-Id = "00226b8df369"<br> Calling-Station-Id = "001de03c1333"<br> NAS-Identifier = "00226b8df369"<br>
NAS-Port = 28<br> Framed-MTU = 1400<br> State = 0xe01ba3a4e119ba04a48cd5e81844c9b7<br> NAS-Port-Type = Wireless-802.11<br> EAP-Message = 0x0202009c198000000092160301008d01000089030149f72cc806e92a43ee6904dca25525651e77e998da5d0ededbd5753bb07ed85220af386935a49b3f5b9c4783516e0333469c78eb2cfad74151d5b753d674ee628c0018002f00350005000ac009c00ac013c01400320038001300040100002800000012001000000d68756d6d656c2e64616e69656c000a00080006001700180019000b00020100<br>
Message-Authenticator = 0xa26fd49f5c488c892a756621fb54de36<br>+- entering group authorize<br> expand: %{User-Name} -> hummel.daniel<br>rlm_sql (sql): sql_set_user escaped user --> 'hummel.daniel'<br>rlm_sql (sql): Reserving sql socket id: 4<br>
expand: SELECT id, username, attribute, value, op FROM radcheck WHERE username = '%{SQL-User-Name}' ORDER BY id -> SELECT id, username, attribute, value, op FROM radcheck WHERE username = 'hummel.daniel' ORDER BY id<br>
rlm_sql (sql): User found in radcheck table<br> expand: SELECT id, username, attribute, value, op FROM radreply WHERE username = '%{SQL-User-Name}' ORDER BY id -> SELECT id, username, attribute, value, op FROM radreply WHERE username = 'hummel.daniel' ORDER BY id<br>
expand: SELECT groupname FROM radusergroup WHERE username = '%{SQL-User-Name}' ORDER BY priority -> SELECT groupname FROM radusergroup WHERE username = 'hummel.daniel' ORDER BY priority<br>
rlm_sql (sql): Released sql socket id: 4<br>++[sql] returns ok<br>++[files] returns noop<br>++[mschap] returns noop<br> rlm_eap: EAP packet type response id 2 length 156<br> rlm_eap: Continuing tunnel setup.<br>++[eap] returns ok<br>
rad_check_password: Found Auth-Type EAP<br>auth: type "EAP"<br>+- entering group authenticate<br> rlm_eap: Request found, released from the list<br> rlm_eap: EAP/peap<br> rlm_eap: processing type peap<br> rlm_eap_peap: Authenticate<br>
rlm_eap_tls: processing TLS<br> TLS Length 146<br>rlm_eap_tls: Length Included<br> eaptls_verify returned 11<br> (other): before/accept initialization<br> TLS_accept: before/accept initialization<br> rlm_eap_tls: <<< TLS 1.0 Handshake [length 008d], ClientHello <br>
TLS_accept: SSLv3 read client hello A<br> rlm_eap_tls: >>> TLS 1.0 Handshake [length 004a], ServerHello <br> TLS_accept: SSLv3 write server hello A<br> rlm_eap_tls: >>> TLS 1.0 Handshake [length 087d], Certificate <br>
TLS_accept: SSLv3 write certificate A<br> rlm_eap_tls: >>> TLS 1.0 Handshake [length 0004], ServerHelloDone <br> TLS_accept: SSLv3 write server done A<br> TLS_accept: SSLv3 flush data<br> TLS_accept: Need to read more data: SSLv3 read client certificate A<br>
In SSL Handshake Phase<br>In SSL Accept mode <br> eaptls_process returned 13<br> rlm_eap_peap: EAPTLS_HANDLED<br>++[eap] returns handled<br>Sending Access-Challenge of id 6 to 10.0.0.15 port 2048<br> EAP-Message = 0x0103040019c0000008da160301004a02000046030149f71dc1279696bdfc3a39e5703d22d4088664135cd33f3acc30e4f54fe26fe520d50fe4ef8ff0d044ccaf9bae0ff85f02096806a0789312e930c82521d30dd182002f00160301087d0b0008790008760003b5308203b130820299a003020102020101300d06092a864886f70d0101040500308198310b3009060355040613024b53310e300c060355040813054d4e5446533111300f060355040713085355564152454b413111300f060355040a13085357495353434f59312b302906092a864886f70d010901161c434f4d43454e2e5357495353434f59405654472e41444d494e2e4348312630<br>
EAP-Message = 0x240603550403131d5377697373496e74205377697373436f79204365727469666963617465301e170d3038313132363039333731375a170d3039313132363039333731375a308185310b3009060355040613024b53310e300c060355040813054d4e5446533111300f060355040a13085357495353434f59312630240603550403131d5377697373496e74205377697373436f79204365727469666963617465312b302906092a864886f70d010901161c434f4d43454e2e5357495353434f59405654472e41444d494e2e434830820122300d06092a864886f70d01010105000382010f003082010a0282010100a9f605a518d65a8f655d463a3ac5bc<br>
EAP-Message = 0xd0cfd1ba53f38d27ff83ffa6b817dee8c36d785ab3ff4073eaa7c083aa5b9e8c5850b2e3e42b19387a41db367dcf83922e36d5a7d3a65161faf295430975d3bfad5a05caed7476df6b7379f5abb50ac3bf5ba5a8e5fcbfeabb909b5eefb6064bdc08a4bb08b2e9b424bcdf78899961b1b589c30ce8844ec2fd1e7bb2f39e6fea73a6c24bd5c5637a6d0252204269ff643c70f4b25ceb139e96ef390ae158a020e8fa2536e267e82061635325f6fffd2efad24fe27138844fbdf0fa3d9e19445edd460967c2b06c27f82054449cde1e9dc4ce1019a0c6a4367a189cbeb6b9327a0d80b51d25711600e3bc9c9e29d3b5c75b0203010001a3173015301306<br>
EAP-Message = 0x03551d25040c300a06082b06010505070301300d06092a864886f70d010104050003820101009be1f41d9e69695373cba465b1b2351da861cbda4a7f2ab090190a4eeb1d34213396a433b5f2b91d2de5fec116446ccbf453a88dccdfb81ca7ecd82009fc8d22d7189db99494c33efd6fb3f0fef7cd936fb84102fc89a2b3358189621396c81739d7a2355602f5e1bd345aedb0418e6c565657811996940234d7c6815a199fcdea7930f351be5b7fd778f15f64ca729059445eab1af1b87c1129b27ae17c14a09c22ae483daf3f7d31bbecc93bbdc057c4a7a4313c65a5b8d3f27cd0a9ce6ce2150db313ea46d435e1fde6725e1d02a62c36d59704dd79<br>
EAP-Message = 0x2828d76b689c221f2176580a<br> Message-Authenticator = 0x00000000000000000000000000000000<br> State = 0xe01ba3a4e218ba04a48cd5e81844c9b7<br>Finished request 94.<br>Going to the next request<br>Waking up in 4.9 seconds.<br>
rad_recv: Access-Request packet from host 10.0.0.15 port 2048, id=6, length=145<br>Cleaning up request 94 ID 6 with timestamp +1637<br> User-Name = "hummel.daniel"<br> NAS-IP-Address = 10.0.0.15<br> Called-Station-Id = "00226b8df369"<br>
Calling-Station-Id = "001de03c1333"<br> NAS-Identifier = "00226b8df369"<br> NAS-Port = 28<br> Framed-MTU = 1400<br> State = 0xe01ba3a4e218ba04a48cd5e81844c9b7<br> NAS-Port-Type = Wireless-802.11<br>
EAP-Message = 0x020300061900<br> Message-Authenticator = 0xb0cdf7b97da5aa0d76076441bf361fc1<br>+- entering group authorize<br> expand: %{User-Name} -> hummel.daniel<br>rlm_sql (sql): sql_set_user escaped user --> 'hummel.daniel'<br>
rlm_sql (sql): Reserving sql socket id: 3<br> expand: SELECT id, username, attribute, value, op FROM radcheck WHERE username = '%{SQL-User-Name}' ORDER BY id -> SELECT id, username, attribute, value, op FROM radcheck WHERE username = 'hummel.daniel' ORDER BY id<br>
rlm_sql (sql): User found in radcheck table<br> expand: SELECT id, username, attribute, value, op FROM radreply WHERE username = '%{SQL-User-Name}' ORDER BY id -> SELECT id, username, attribute, value, op FROM radreply WHERE username = 'hummel.daniel' ORDER BY id<br>
expand: SELECT groupname FROM radusergroup WHERE username = '%{SQL-User-Name}' ORDER BY priority -> SELECT groupname FROM radusergroup WHERE username = 'hummel.daniel' ORDER BY priority<br>
rlm_sql (sql): Released sql socket id: 3<br>++[sql] returns ok<br>++[files] returns noop<br>++[mschap] returns noop<br> rlm_eap: EAP packet type response id 3 length 6<br> rlm_eap: Continuing tunnel setup.<br>++[eap] returns ok<br>
rad_check_password: Found Auth-Type EAP<br>auth: type "EAP"<br>+- entering group authenticate<br> rlm_eap: Request found, released from the list<br> rlm_eap: EAP/peap<br> rlm_eap: processing type peap<br> rlm_eap_peap: Authenticate<br>
rlm_eap_tls: processing TLS<br>rlm_eap_tls: Received EAP-TLS ACK message<br> rlm_eap_tls: ack handshake fragment handler<br> eaptls_verify returned 1<br> eaptls_process returned 13<br> rlm_eap_peap: EAPTLS_HANDLED<br>
++[eap] returns handled<br><br><br><br><br>Radius Configuration:<br>---------------------<br><br>FreeRADIUS Version 2.0.5, for host i486-pc-linux-gnu, built on Jan 10 2009 at 23:27:15<br>Copyright (C) 1999-2008 The FreeRADIUS server project and contributors.<br>
There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A<br>PARTICULAR PURPOSE.<br>You may redistribute copies of FreeRADIUS under the terms of the<br>GNU General Public License v2.<br>Starting - reading configuration files ...<br>
including configuration file /etc/raddb/radiusd.conf<br>including configuration file /etc/raddb/clients.conf<br>including configuration file /etc/raddb/eap.conf<br>including configuration file /etc/raddb/sql.conf<br>including configuration file /etc/raddb/sql/mysql/dialup.conf<br>
including configuration file /etc/raddb/sql/mysql/counter.conf<br>including dictionary file /etc/raddb/dictionary<br>main {<br> prefix = "/usr"<br> localstatedir = "/var"<br> logdir = "/var/log/radius"<br>
libdir = "/usr/lib"<br> radacctdir = "/var/log/radius/radacct"<br> hostname_lookups = no<br> max_request_time = 60<br> cleanup_delay = 5<br> max_requests = 51200<br> allow_core_dumps = no<br>
pidfile = "/var/run/radiusd.pid"<br> checkrad = "/usr/sbin/checkrad"<br> debug_level = 0<br> proxy_requests = yes<br> log {<br> stripped_names = yes<br> auth = yes<br> auth_badpass = yes<br>
auth_goodpass = yes<br> }<br>}<br> client 10.0.0.9 {<br> require_message_authenticator = no<br> secret = "xxx"<br> shortname = "TuXp_Test"<br> nastype = "other"<br> }<br> client 10.0.0.10 {<br>
require_message_authenticator = no<br> secret = "xxx"<br> shortname = "Casa_A"<br> nastype = "other"<br> }<br> client 10.0.0.11 {<br> require_message_authenticator = no<br> secret = "xxx"<br>
shortname = "Casa_B"<br> nastype = "other"<br> }<br> client 10.0.0.12 {<br> require_message_authenticator = no<br> secret = "xxx"<br> shortname = "Casa_C"<br> nastype = "other"<br>
}<br> client 10.0.0.13 {<br> require_message_authenticator = no<br> secret = "xxx"<br> shortname = "Casa_D"<br> nastype = "other"<br> }<br> client 10.0.0.14 {<br> require_message_authenticator = no<br>
secret = "xxx"<br> shortname = "Casa_E"<br> nastype = "other"<br> }<br> client 10.0.0.15 {<br> require_message_authenticator = no<br> secret = "xxx"<br> shortname = "Casa_F"<br>
nastype = "other"<br> }<br> client 10.0.0.16 {<br> require_message_authenticator = no<br> secret = "xxx"<br> shortname = "Casa_G"<br> nastype = "other"<br> }<br> client 10.0.0.17 {<br>
require_message_authenticator = no<br> secret = "xxx"<br> shortname = "Casa_H"<br> nastype = "other"<br> }<br> client 10.0.0.18 {<br> require_message_authenticator = no<br> secret = "xxx"<br>
shortname = "Casa_I"<br> nastype = "other"<br> }<br> client 10.0.0.19 {<br> require_message_authenticator = no<br> secret = "xxx"<br> shortname = "Casa_J"<br> nastype = "other"<br>
}<br> client 127.0.0.1 {<br> require_message_authenticator = no<br> secret = "xxx"<br> shortname = "Local"<br> nastype = "other"<br> }<br>radiusd: #### Loading Realms and Home Servers ####<br>
radiusd: #### Instantiating modules ####<br>radiusd: #### Loading Virtual Servers ####<br>server {<br> modules {<br> Module: Checking authenticate {...} for more modules to load<br> Module: Linked to module rlm_mschap<br>
Module: Instantiating mschap<br> mschap {<br> use_mppe = yes<br> require_encryption = no<br> require_strong = no<br> with_ntdomain_hack = yes<br> }<br> Module: Linked to module rlm_eap<br> Module: Instantiating eap<br>
eap {<br> default_eap_type = "ttls"<br> timer_expire = 90<br> ignore_unknown_eap_types = no<br> cisco_accounting_username_bug = no<br> }<br> Module: Linked to sub-module rlm_eap_md5<br> Module: Instantiating eap-md5<br>
Module: Linked to sub-module rlm_eap_mschapv2<br> Module: Instantiating eap-mschapv2<br> mschapv2 {<br> with_ntdomain_hack = no<br> }<br> Module: Linked to sub-module rlm_eap_tls<br> Module: Instantiating eap-tls<br>
tls {<br> rsa_key_exchange = no<br> dh_key_exchange = yes<br> rsa_key_length = 512<br> dh_key_length = 512<br> verify_depth = 0<br> pem_file_type = yes<br> private_key_file = "/etc/raddb/certs/server.pem"<br>
certificate_file = "/etc/raddb/certs/server.pem"<br> CA_file = "/etc/raddb/certs/ca.pem"<br> private_key_password = "ab3z742fg4med"<br> dh_file = "/etc/raddb/certs/dh"<br>
random_file = "/etc/raddb/certs/random"<br> fragment_size = 1024<br> include_length = yes<br> check_crl = no<br> }<br> Module: Linked to sub-module rlm_eap_ttls<br> Module: Instantiating eap-ttls<br>
ttls {<br> default_eap_type = "md5"<br> copy_request_to_tunnel = no<br> use_tunneled_reply = no<br> }<br> Module: Linked to sub-module rlm_eap_peap<br> Module: Instantiating eap-peap<br> peap {<br>
default_eap_type = "mschapv2"<br> copy_request_to_tunnel = no<br> use_tunneled_reply = no<br> proxy_tunneled_request_as_eap = yes<br> }<br> Module: Checking authorize {...} for more modules to load<br>
Module: Linked to module rlm_sql<br> Module: Instantiating sql<br> sql {<br> driver = "rlm_sql_mysql"<br> server = "localhost"<br> port = ""<br> login = "radius"<br> password = "XXXXX"<br>
radius_db = "radius"<br> read_groups = yes<br> sqltrace = no<br> sqltracefile = "/var/log/radius/sqltrace.sql"<br> readclients = no<br> deletestalesessions = yes<br> num_sql_socks = 5<br>
sql_user_name = "%{User-Name}"<br> default_user_profile = ""<br> nas_query = "SELECT id, nasname, shortname, type, secret FROM nas"<br> authorize_check_query = "SELECT id, username, attribute, value, op FROM radcheck WHERE username = '%{SQL-User-Name}' ORDER BY id"<br>
authorize_reply_query = "SELECT id, username, attribute, value, op FROM radreply WHERE username = '%{SQL-User-Name}' ORDER BY id"<br> authorize_group_check_query = "SELECT id, groupname, attribute, Value, op FROM radgroupcheck WHERE groupname = '%{Sql-Group}' ORDER BY id"<br>
authorize_group_reply_query = "SELECT id, groupname, attribute, value, op FROM radgroupreply WHERE groupname = '%{Sql-Group}' ORDER BY id"<br> accounting_onoff_query = " UPDATE radacct SET acctstoptime = '%S', acctsessiontime = unix_timestamp('%S') - unix_timestamp(acctstarttime), acctterminatecause = '%{Acct-Terminate-Cause}', acctstopdelay = %{%{Acct-Delay-Time}:-0} WHERE acctstoptime IS NULL AND nasipaddress = '%{NAS-IP-Address}' AND acctstarttime <= '%S'"<br>
accounting_update_query = " UPDATE radacct SET framedipaddress = '%{Framed-IP-Address}', acctsessiontime = '%{Acct-Session-Time}', acctinputoctets = '%{%{Acct-Input-Gigawords}:-0}' << 32 | '%{%{Acct-Input-Octets}:-0}', acctoutputoctets = '%{%{Acct-Output-Gigawords}:-0}' << 32 | '%{%{Acct-Output-Octets}:-0}' WHERE acctsessionid = '%{Acct-Session-Id}' AND username = '%{SQL-User-Name}' AND nasipaddress = '%{NAS-IP-Address}'"<br>
accounting_update_query_alt = " INSERT INTO radacct (acctsessionid, acctuniqueid, username, realm, nasipaddress, nasportid, nasporttype, acctstarttime, acctsessiontime, acctauthentic, connectinfo_start, acctinputoctets, acctoutputoctets, calledstationid, callingstationid, servicetype, framedprotocol, framedipaddress, acctstartdelay, xascendsessionsvrkey) VALUES ('%{Acct-Session-Id}', '%{Acct-Unique-Session-Id}', '%{SQL-User-Name}', '%{Realm}', '%{NAS-IP-Address}', '%{NAS-Port}', '%{NAS-Port-Type}', DATE_SUB('%S', INTERVAL (%{%{Acct-Session-Time}:-0} + %{%{Acct-Delay-Time}:-0}) SECOND), '%{Acct-Session-Time}', '%{Acct-Authentic}', '', '%{%{Acct-Input-Gigawords}:-0}' << 32 | '%{%{Acct-Input-Octets}:-0}', '%{%{Acct-Output-Gigawords}:-0}' << 32 | '%{%{Acct-Output-Octets}:-0}', '%{Called-Station-Id}', '%{Calling-Station-Id}', '%{Service-Type}', '%{Framed-Protocol}', '%{Framed-IP-Address}', '0', '%{X-Ascend-Session-Svr-Key}')"<br>
accounting_start_query = " INSERT INTO radacct (acctsessionid, acctuniqueid, username, realm, nasipaddress, nasportid, nasporttype, acctstarttime, acctstoptime, acctsessiontime, acctauthentic, connectinfo_start, connectinfo_stop, acctinputoctets, acctoutputoctets, calledstationid, callingstationid, acctterminatecause, servicetype, framedprotocol, framedipaddress, acctstartdelay, acctstopdelay, xascendsessionsvrkey) VALUES ('%{Acct-Session-Id}', '%{Acct-Unique-Session-Id}', '%{SQL-User-Name}', '%{Realm}', '%{NAS-IP-Address}', '%{NAS-Port}', '%{NAS-Port-Type}', '%S', NULL, '0', '%{Acct-Authentic}', '%{Connect-Info}', '', '0', '0', '%{Called-Station-Id}', '%{Calling-Station-Id}', '', '%{Service-Type}', '%{Framed-Protocol}', '%{Framed-IP-Address}', '%{%{Acct-Delay-Time}:-0}', '0', '%{X-Ascend-Session-Svr-Key}')"<br>
accounting_start_query_alt = " UPDATE radacct SET acctstarttime = '%S', acctstartdelay = '%{%{Acct-Delay-Time}:-0}', connectinfo_start = '%{Connect-Info}' WHERE acctsessionid = '%{Acct-Session-Id}' AND username = '%{SQL-User-Name}' AND nasipaddress = '%{NAS-IP-Address}'"<br>
accounting_stop_query = " UPDATE radacct SET acctstoptime = '%S', acctsessiontime = '%{Acct-Session-Time}', acctinputoctets = '%{%{Acct-Input-Gigawords}:-0}' << 32 | '%{%{Acct-Input-Octets}:-0}', acctoutputoctets = '%{%{Acct-Output-Gigawords}:-0}' << 32 | '%{%{Acct-Output-Octets}:-0}', acctterminatecause = '%{Acct-Terminate-Cause}', acctstopdelay = '%{%{Acct-Delay-Time}:-0}', connectinfo_stop = '%{Connect-Info}' WHERE acctsessionid = '%{Acct-Session-Id}' AND username = '%{SQL-User-Name}' AND nasipaddress = '%{NAS-IP-Address}'"<br>
accounting_stop_query_alt = " INSERT INTO radacct (acctsessionid, acctuniqueid, username, realm, nasipaddress, nasportid, nasporttype, acctstarttime, acctstoptime, acctsessiontime, acctauthentic, connectinfo_start, connectinfo_stop, acctinputoctets, acctoutputoctets, calledstationid, callingstationid, acctterminatecause, servicetype, framedprotocol, framedipaddress, acctstartdelay, acctstopdelay) VALUES ('%{Acct-Session-Id}', '%{Acct-Unique-Session-Id}', '%{SQL-User-Name}', '%{Realm}', '%{NAS-IP-Address}', '%{NAS-Port}', '%{NAS-Port-Type}', DATE_SUB('%S', INTERVAL (%{%{Acct-Session-Time}:-0} + %{%{Acct-Delay-Time}:-0}) SECOND), '%S', '%{Acct-Session-Time}', '%{Acct-Authentic}', '', '%{Connect-Info}', '%{%{Acct-Input-Gigawords}:-0}' << 32 | '%{%{Acct-Input-Octets}:-0}', '%{%{Acct-Output-Gigawords}:-0}' << 32 | '%{%{Acct-Output-Octets}:-0}', '%{Called-Station-Id}', '%{Calling-Station-Id}', '%{Acct-Terminate-Cause}', '%{Service-Type}', '%{Framed-Protocol}', '%{Framed-IP-Address}', '0', '%{%{Acct-Delay-Time}:-0}')"<br>
group_membership_query = "SELECT groupname FROM radusergroup WHERE username = '%{SQL-User-Name}' ORDER BY priority"<br> connect_failure_retry_delay = 60<br> simul_count_query = ""<br>
simul_verify_query = "SELECT radacctid, acctsessionid, username, nasipaddress, nasportid, framedipaddress, callingstationid, framedprotocol FROM radacct WHERE username = '%{SQL-User-Name}' AND acctstoptime IS NULL"<br>
postauth_query = "INSERT INTO userinfo (username, mac, date, tag) VALUES ( '%{User-Name}', '%{Calling-Station-Id}', '%S', '%{Nas-IP-Address}' )"<br>
safe-characters = "@abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789.-_: /"<br> }<br>rlm_sql (sql): Driver rlm_sql_mysql (module rlm_sql_mysql) loaded and linked<br>rlm_sql (sql): Attempting to connect to radius@localhost:/radius<br>
rlm_sql (sql): starting 0<br>rlm_sql (sql): Attempting to connect rlm_sql_mysql #0<br>rlm_sql_mysql: Starting connect to MySQL server for #0<br>rlm_sql (sql): Connected new DB handle, #0<br>rlm_sql (sql): starting 1<br>rlm_sql (sql): Attempting to connect rlm_sql_mysql #1<br>
rlm_sql_mysql: Starting connect to MySQL server for #1<br>rlm_sql (sql): Connected new DB handle, #1<br>rlm_sql (sql): starting 2<br>rlm_sql (sql): Attempting to connect rlm_sql_mysql #2<br>rlm_sql_mysql: Starting connect to MySQL server for #2<br>
rlm_sql (sql): Connected new DB handle, #2<br>rlm_sql (sql): starting 3<br>rlm_sql (sql): Attempting to connect rlm_sql_mysql #3<br>rlm_sql_mysql: Starting connect to MySQL server for #3<br>rlm_sql (sql): Connected new DB handle, #3<br>
rlm_sql (sql): starting 4<br>rlm_sql (sql): Attempting to connect rlm_sql_mysql #4<br>rlm_sql_mysql: Starting connect to MySQL server for #4<br>rlm_sql (sql): Connected new DB handle, #4<br> Module: Linked to module rlm_files<br>
Module: Instantiating files<br> files {<br> usersfile = "/etc/raddb/users"<br> compat = "no"<br> }<br> Module: Checking post-auth {...} for more modules to load<br> }<br>}<br>radiusd: #### Opening IP addresses and Ports ####<br>
listen {<br> type = "auth"<br> ipaddr = 10.0.0.1<br> port = 1812<br>}<br>main {<br> snmp = no<br> smux_password = ""<br> snmp_write_access = no<br>}<br>Listening on authentication address 10.0.0.1 port 1812<br>
Listening on proxy address 10.0.0.1 port 1814<br>Ready to process requests.<br>rad_recv: Access-Request packet from host 10.0.0.19 port 2048, id=13, length=137<br> User-Name = "host/WSL-SIR"<br> NAS-IP-Address = 10.0.0.19<br>
Called-Station-Id = "00226b7a37b5"<br> Calling-Station-Id = "00242b2f525b"<br> NAS-Identifier = "00226b7a37b5"<br> NAS-Port = 38<br> Framed-MTU = 1400<br> NAS-Port-Type = Wireless-802.11<br>
EAP-Message = 0x0200001101686f73742f57534c2d534952<br> Message-Authenticator = 0x9fb6b52c90e4c0f844dc91d5fbcea21d<br>+- entering group authorize<br> expand: %{User-Name} -> host/WSL-SIR<br>rlm_sql (sql): sql_set_user escaped user --> 'host/WSL-SIR'<br>
rlm_sql (sql): Reserving sql socket id: 4<br> expand: SELECT id, username, attribute, value, op FROM radcheck WHERE username = '%{SQL-User-Name}' ORDER BY id -> SELECT id, username, attribute, value, op FROM radcheck WHERE username = 'host/WSL-SIR' ORDER BY id<br>
expand: SELECT groupname FROM radusergroup WHERE username = '%{SQL-User-Name}' ORDER BY priority -> SELECT groupname FROM radusergroup WHERE username = 'host/WSL-SIR' ORDER BY priority<br>
rlm_sql (sql): Released sql socket id: 4<br>rlm_sql (sql): User host/WSL-SIR not found<br>++[sql] returns notfound<br>++[files] returns noop<br>++[mschap] returns noop<br> rlm_eap: EAP packet type response id 0 length 17<br>
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation<br>++[eap] returns updated<br> rad_check_password: Found Auth-Type EAP<br>auth: type "EAP"<br>+- entering group authenticate<br> rlm_eap: EAP Identity<br>
rlm_eap: processing type tls<br> rlm_eap_tls: Initiate<br> rlm_eap_tls: Start returned 1<br>++[eap] returns handled<br>Sending Access-Challenge of id 13 to 10.0.0.19 port 2048<br> EAP-Message = 0x010100061520<br> Message-Authenticator = 0x00000000000000000000000000000000<br>
State = 0x9c4fd6cb9c4ec3f5023ff4254ba8f1d5<br>Finished request 0.<br>Going to the next request<br>Waking up in 4.9 seconds.<br>rad_recv: Access-Request packet from host 10.0.0.19 port 2048, id=13, length=137<br>Cleaning up request 0 ID 13 with timestamp +234<br>
User-Name = "host/WSL-SIR"<br> NAS-IP-Address = 10.0.0.19<br> Called-Station-Id = "00226b7a37b5"<br> Calling-Station-Id = "00242b2f525b"<br> NAS-Identifier = "00226b7a37b5"<br>
NAS-Port = 38<br> Framed-MTU = 1400<br> NAS-Port-Type = Wireless-802.11<br> EAP-Message = 0x0200001101686f73742f57534c2d534952<br> Message-Authenticator = 0xe77f186ef1912fceb5fd819815c11fa6<br>+- entering group authorize<br>
expand: %{User-Name} -> host/WSL-SIR<br>rlm_sql (sql): sql_set_user escaped user --> 'host/WSL-SIR'<br>rlm_sql (sql): Reserving sql socket id: 3<br> expand: SELECT id, username, attribute, value, op FROM radcheck WHERE username = '%{SQL-User-Name}' ORDER BY id -> SELECT id, username, attribute, value, op FROM radcheck WHERE username = 'host/WSL-SIR' ORDER BY id<br>
expand: SELECT groupname FROM radusergroup WHERE username = '%{SQL-User-Name}' ORDER BY priority -> SELECT groupname FROM radusergroup WHERE username = 'host/WSL-SIR' ORDER BY priority<br>
rlm_sql (sql): Released sql socket id: 3<br>rlm_sql (sql): User host/WSL-SIR not found<br>++[sql] returns notfound<br>++[files] returns noop<br>++[mschap] returns noop<br> rlm_eap: EAP packet type response id 0 length 17<br>
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation<br>++[eap] returns updated<br> rad_check_password: Found Auth-Type EAP<br>auth: type "EAP"<br>+- entering group authenticate<br> rlm_eap: EAP Identity<br>
rlm_eap: processing type tls<br> rlm_eap_tls: Initiate<br> rlm_eap_tls: Start returned 1<br>++[eap] returns handled<br>Sending Access-Challenge of id 13 to 10.0.0.19 port 2048<br> EAP-Message = 0x010100061520<br> Message-Authenticator = 0x00000000000000000000000000000000<br>
State = 0xc2248484c2259113db17cab2dbadac35<br>Finished request 1.<br><br>