Help me <br>i read full documentation of this server but problem remain<br> i send you with last email in sql module log<br>and i this maybe occurs with my sql configuration but in file mode module i have same problem<br><br>
FreeRADIUS Version 2.1.10, for host x86_64-unknown-linux-gnu, built on Nov 14 2010 at 03:05:12<br>Copyright (C) 1999-2009 The FreeRADIUS server project and contributors. <br>There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A <br>
PARTICULAR PURPOSE. <br>You may redistribute copies of FreeRADIUS under the terms of the <br>GNU General Public License v2. <br>Starting - reading configuration files ...<br>including configuration file /usr/local/etc/raddb/radiusd.conf<br>
including configuration file /usr/local/etc/raddb/clients.conf<br>including configuration file /usr/local/etc/raddb/eap.conf<br>including configuration file /usr/local/etc/raddb/modules/files<br>main {<br> allow_core_dumps = no<br>
}<br>including dictionary file /usr/local/etc/raddb/dictionary<br>main {<br> prefix = "/usr"<br> localstatedir = "/var"<br> logdir = "/var/log/freeradius"<br> libdir = "/usr/lib/freeradius"<br>
radacctdir = "/var/log/freeradius/radacct"<br> hostname_lookups = no<br> max_request_time = 30<br> cleanup_delay = 5<br> max_requests = 1024<br> pidfile = "/var/run/freeradius/freeradius.pid"<br>
checkrad = "/usr/sbin/checkrad"<br> debug_level = 0<br> proxy_requests = no<br> log_auth = no<br> log_auth_badpass = no<br> log_auth_goodpass = no<br> log_stripped_names = no<br>}<br>radiusd: #### Loading Realms and Home Servers ####<br>
radiusd: #### Loading Clients ####<br> client 127.0.0.1 {<br> ipaddr = 127.0.0.1<br> require_message_authenticator = no<br> secret = "aminahooradkpw"<br> nastype = "other"<br> }<br> client 10.10.10.2 {<br>
require_message_authenticator = no<br> secret = "aminahooradkpw"<br> shortname = "SingleRouter"<br> nastype = "mikrotik"<br> }<br> client 192.168.137.2 {<br> require_message_authenticator = no<br>
secret = "aminahooradkpw"<br> shortname = "SingleRouter"<br> nastype = "mikrotik"<br> }<br> client 172.16.15.1 {<br> require_message_authenticator = no<br> secret = "dkpw"<br>
shortname = "wireless"<br> nastype = "other"<br> }<br>radiusd: #### Instantiating modules ####<br> instantiate {<br> }<br>radiusd: #### Loading Virtual Servers ####<br>server { # from file /usr/local/etc/raddb/radiusd.conf<br>
modules {<br> Module: Checking authenticate {...} for more modules to load<br> Module: Linked to module rlm_pap<br> Module: Instantiating module "pap" from file /usr/local/etc/raddb/radiusd.conf<br> pap {<br>
encryption_scheme = "crypt"<br>
auto_header = no<br> }<br> Module: Linked to module rlm_chap<br> Module: Instantiating module "chap" from file /usr/local/etc/raddb/radiusd.conf<br> Module: Linked to module rlm_mschap<br> Module: Instantiating module "mschap" from file /usr/local/etc/raddb/radiusd.conf<br>
mschap {<br> use_mppe = no<br> require_encryption = no<br> require_strong = no<br> with_ntdomain_hack = no<br> }<br> Module: Linked to module rlm_eap<br> Module: Instantiating module "eap" from file /usr/local/etc/raddb/eap.conf<br>
eap {<br> default_eap_type = "peap"<br> timer_expire = 60<br> ignore_unknown_eap_types = no<br> cisco_accounting_username_bug = no<br> max_sessions = 2048<br> }<br> Module: Linked to sub-module rlm_eap_tls<br>
Module: Instantiating eap-tls<br> tls {<br> rsa_key_exchange = no<br> dh_key_exchange = yes<br> rsa_key_length = 512<br> dh_key_length = 512<br> verify_depth = 0<br> pem_file_type = yes<br> private_key_file = "/usr/local/etc/raddb/certs/server.pem"<br>
certificate_file = "/usr/local/etc/raddb/certs/server.pem"<br> CA_file = "/usr/local/etc/raddb/certs/ca.pem"<br> private_key_password = "whatever"<br> dh_file = "/usr/local/etc/raddb/certs/dh"<br>
random_file = "/usr/local/etc/raddb/certs/random"<br> fragment_size = 1024<br> include_length = yes<br> check_crl = no<br> check_cert_cn = "%{User-Name}"<br> cipher_list = "DEFAULT"<br>
make_cert_command = "/usr/local/etc/raddb/certs/bootstrap"<br> cache {<br> enable = no<br> lifetime = 24<br> max_entries = 255<br> }<br> }<br> Module: Linked to sub-module rlm_eap_peap<br> Module: Instantiating eap-peap<br>
peap {<br> default_eap_type = "mschapv2"<br> copy_request_to_tunnel = no<br> use_tunneled_reply = no<br> proxy_tunneled_request_as_eap = yes<br> virtual_server = "inner-tunnel"<br> }<br>
Module: Linked to sub-module rlm_eap_mschapv2<br> Module: Instantiating eap-mschapv2<br> mschapv2 {<br> with_ntdomain_hack = no<br> }<br> Module: Checking authorize {...} for more modules to load<br> Module: Linked to module rlm_files<br>
Module: Instantiating module "files" from file /usr/local/etc/raddb/modules/files<br> files {<br> usersfile = "/usr/local/etc/raddb/users"<br> acctusersfile = "/usr/local/etc/raddb/acct_users"<br>
preproxy_usersfile = "/usr/local/etc/raddb/preproxy_users"<br> compat = "no"<br> }<br> Module: Checking preacct {...} for more modules to load<br> Module: Linked to module rlm_acct_unique<br> Module: Instantiating module "acct_unique" from file /usr/local/etc/raddb/radiusd.conf<br>
acct_unique {<br> key = "User-Name, Acct-Session-Id, NAS-IP-Address, Client-IP-Address, NAS-Port"<br> }<br> } # modules<br>} # server<br>radiusd: #### Opening IP addresses and Ports ####<br> bind_address = *<br>
WARNING: The directive 'bind_address' is deprecated, and will be removed in future versions of FreeRADIUS. Please edit the configuration files to use the directive 'listen'.<br>Listening on authentication address * port 1812<br>
Listening on accounting address * port 1813<br>Ready to process requests.<br>rad_recv: Access-Request packet from host 172.16.15.1 port 1027, id=176, length=127<br> User-Name = "10"<br> NAS-IP-Address = 172.16.15.1<br>
NAS-Identifier = "<a href="http://aminahoora.home.ir">aminahoora.home.ir</a>"<br> Framed-MTU = 1496<br> Called-Station-Id = "40-4a-03-ad-0b-b0"<br> Calling-Station-Id = "00-22-41-7d-9f-91"<br>
NAS-Port-Type = Wireless-802.11<br> EAP-Message = 0x02110007013130<br> Message-Authenticator = 0x04fff75e7f186f6ea10588cb2241d5d2<br># Executing section authorize from file /usr/local/etc/raddb/radiusd.conf<br>
+- entering group authorize {...}<br>
++[chap] returns noop<br>++[mschap] returns noop<br>WARNING: Found User-Password == "...".<br>WARNING: Are you sure you don't mean Cleartext-Password?<br>WARNING: See "man rlm_pap" for more information.<br>
[files] users: Matched entry 10 at line 204<br>++[files] returns ok<br>[eap] EAP packet type response id 17 length 7<br>[eap] No EAP Start, assuming it's an on-going EAP conversation<br>++[eap] returns updated<br>[pap] WARNING! No "known good" password found for the user. Authentication may fail because of this.<br>
++[pap] returns noop<br>Found Auth-Type = EAP<br># Executing group from file /usr/local/etc/raddb/radiusd.conf<br>+- entering group authenticate {...}<br>[eap] EAP Identity<br>[eap] processing type tls<br>[tls] Initiate<br>
[tls] Start returned 1<br>++[eap] returns handled<br>Sending Access-Challenge of id 176 to 172.16.15.1 port 1027<br> EAP-Message = 0x011200061920<br> Message-Authenticator = 0x00000000000000000000000000000000<br> State = 0x9ca1a80e9cb3b165fbd692931fddb1e7<br>
Finished request 0.<br>Going to the next request<br>Waking up in 4.9 seconds.<br>rad_recv: Access-Request packet from host 172.16.15.1 port 1027, id=177, length=222<br> User-Name = "10"<br> NAS-IP-Address = 172.16.15.1<br>
NAS-Identifier = "<a href="http://aminahoora.home.ir">aminahoora.home.ir</a>"<br> Framed-MTU = 1496<br> Called-Station-Id = "40-4a-03-ad-0b-b0"<br> Calling-Station-Id = "00-22-41-7d-9f-91"<br>
NAS-Port-Type = Wireless-802.11<br> EAP-Message = 0x0212005419800000004a16030100450100004103014d150aea2b4d30a28baa51de77dde94e3089e861c19507aeb18d51fae369150b00001a002f000500040035000a000900030008003300390016001500140100<br>
State = 0x9ca1a80e9cb3b165fbd692931fddb1e7<br> Message-Authenticator = 0x03f021f9c6cb610f8043acacd690bb14<br># Executing section authorize from file /usr/local/etc/raddb/radiusd.conf<br>+- entering group authorize {...}<br>
++[chap] returns noop<br>++[mschap] returns noop<br>WARNING: Found User-Password == "...".<br>WARNING: Are you sure you don't mean Cleartext-Password?<br>WARNING: See "man rlm_pap" for more information.<br>
[files] users: Matched entry 10 at line 204<br>++[files] returns ok<br>[eap] EAP packet type response id 18 length 84<br>[eap] Continuing tunnel setup.<br>++[eap] returns ok<br>++[pap] returns noop<br>Found Auth-Type = EAP<br>
# Executing group from file /usr/local/etc/raddb/radiusd.conf<br>+- entering group authenticate {...}<br>[eap] Request found, released from the list<br>[eap] EAP/peap<br>[eap] processing type peap<br>[peap] processing EAP-TLS<br>
TLS Length 74<br>[peap] Length Included<br>[peap] eaptls_verify returned 11 <br>[peap] (other): before/accept initialization<br>[peap] TLS_accept: before/accept initialization<br>[peap] <<< TLS 1.0 Handshake [length 0045], ClientHello <br>
[peap] TLS_accept: SSLv3 read client hello A<br>[peap] >>> TLS 1.0 Handshake [length 002a], ServerHello <br>[peap] TLS_accept: SSLv3 write server hello A<br>[peap] >>> TLS 1.0 Handshake [length 085e], Certificate <br>
[peap] TLS_accept: SSLv3 write certificate A<br>[peap] >>> TLS 1.0 Handshake [length 0004], ServerHelloDone <br>[peap] TLS_accept: SSLv3 write server done A<br>[peap] TLS_accept: SSLv3 flush data<br>
[peap] TLS_accept: Need to read more data: SSLv3 read client certificate A<br>In SSL Handshake Phase <br>In SSL Accept mode <br>[peap] eaptls_process returned 13 <br>[peap] EAPTLS_HANDLED<br>++[eap] returns handled<br>
Sending Access-Challenge of id 177 to 172.16.15.1 port 1027<br> EAP-Message = 0x0113040019c00000089b160301002a0200002603014d0d79121f619ae704fedcbf9402c4aed6108b549489614209008236d368e5b700002f00160301085e0b00085a0008570003a6308203a23082028aa003020102020101300d06092a864886f70d0101040500308193310b3009060355040613024652310f300d060355040813065261646975733112301006035504071309536f6d65776865726531153013060355040a130c4578616d706c6520496e632e3120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d312630240603550403131d4578616d706c6520436572746966696361746520417574686f72697479<br>
EAP-Message = 0x301e170d3039313131323130323732355a170d3130313131323130323732355a307c310b3009060355040613024652310f300d0603550408130652616469757331153013060355040a130c4578616d706c6520496e632e312330210603550403131a4578616d706c65205365727665722043657274696669636174653120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d30820122300d06092a864886f70d01010105000382010f003082010a0282010100ed4b1ec73b577eb4dd302dc0192331e6e40993f78258093329b68770e5e928e1461a574ce4132402dd833efec617ff947bc6da7606f3ea98e628113ad6cc<br>
EAP-Message = 0xabe291939f4b51566ff040429e307a26bea0beaea5ba59ddafe252c9eaee68ec220f0bf86d147dd1d20ba2257c168b0b9b1a4ca74417142b6a9c860552aa014cfd2ac15ec28ad1803eda7fe54e31bcf5fe774c9445337d94fa53a3638936a1edba4cedc9d7715919fade13eba12d84de71550a214ce20f985919cd4e4a3fc555f0117a0137eb93edeb98ff973367e1535737d76a62692870da46bbacd24c1f47a6f95594688a6c76a660e371d0ee68a6714389ee571e02283028d71161aad17aadef0203010001a317301530130603551d25040c300a06082b06010505070301300d06092a864886f70d010104050003820101007348a9f7eb447a0a18<br>
EAP-Message = 0x1a35b4290a56356ef5bdd344c898ae5782513d75d21362e94f76c6adc2c9f119f49e142c786edcc26ffb9e1b9f67013c32f5b289c6963372be252bf780766be2861ec76e3b5afdbe6ff3486bf7ad65079b41c000c72d105b8c95d0bdf2c24553f9578d71beb518892510fc3205ef923fb02ed4ac3d282d8cfa9d173ba5cc3e47949ed06ef6fbc8328a86ff45c50061f0d0d5e41d7712a92a927497e5c9f7c6f5d07ead4e9ffe1a866ffa134d5f5aeae24fb6c9b350a025a0db619e6a2edabac6ef7e80b72ac02c87feea8f951c4ddd3292e087a52a8265e99dcd4cde088847424f21879c6d20f04e412363885aaec4973e7815fcfc53230004ab308204<br>
EAP-Message = 0xa73082038fa0030201020209<br> Message-Authenticator = 0x00000000000000000000000000000000<br> State = 0x9ca1a80e9db2b165fbd692931fddb1e7<br>Finished request 1.<br>Going to the next request<br>Waking up in 4.9 seconds.<br>
rad_recv: Access-Request packet from host 172.16.15.1 port 1027, id=178, length=144<br> User-Name = "10"<br> NAS-IP-Address = 172.16.15.1<br> NAS-Identifier = "<a href="http://aminahoora.home.ir">aminahoora.home.ir</a>"<br>
Framed-MTU = 1496<br> Called-Station-Id = "40-4a-03-ad-0b-b0"<br> Calling-Station-Id = "00-22-41-7d-9f-91"<br> NAS-Port-Type = Wireless-802.11<br> EAP-Message = 0x021300061900<br> State = 0x9ca1a80e9db2b165fbd692931fddb1e7<br>
Message-Authenticator = 0x1137081fd9ba42765a28a148ee37c3da<br># Executing section authorize from file /usr/local/etc/raddb/radiusd.conf<br>+- entering group authorize {...}<br>++[chap] returns noop<br>++[mschap] returns noop<br>
WARNING: Found User-Password == "...".<br>WARNING: Are you sure you don't mean Cleartext-Password?<br>WARNING: See "man rlm_pap" for more information.<br>[files] users: Matched entry 10 at line 204<br>
++[files] returns ok<br>[eap] EAP packet type response id 19 length 6<br>[eap] Continuing tunnel setup.<br>++[eap] returns ok<br>++[pap] returns noop<br>Found Auth-Type = EAP<br># Executing group from file /usr/local/etc/raddb/radiusd.conf<br>
+- entering group authenticate {...}<br>[eap] Request found, released from the list<br>[eap] EAP/peap<br>[eap] processing type peap<br>[peap] processing EAP-TLS<br>[peap] Received TLS ACK<br>[peap] ACK handshake fragment handler<br>
[peap] eaptls_verify returned 1 <br>[peap] eaptls_process returned 13 <br>[peap] EAPTLS_HANDLED<br>++[eap] returns handled<br>Sending Access-Challenge of id 178 to 172.16.15.1 port 1027<br> EAP-Message = 0x011403fc194000dcdbb13f82d4ce56300d06092a864886f70d0101050500308193310b3009060355040613024652310f300d060355040813065261646975733112301006035504071309536f6d65776865726531153013060355040a130c4578616d706c6520496e632e3120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d312630240603550403131d4578616d706c6520436572746966696361746520417574686f72697479301e170d3039313131323130323732355a170d3130313131323130323732355a308193310b3009060355040613024652310f300d060355040813065261646975733112301006035504<br>
EAP-Message = 0x071309536f6d65776865726531153013060355040a130c4578616d706c6520496e632e3120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d312630240603550403131d4578616d706c6520436572746966696361746520417574686f7269747930820122300d06092a864886f70d01010105000382010f003082010a0282010100b4a62d9a3d9c2555520f25042b2a8b08ba1e61f07eee939363de3239d5d522b79938a269dae2eb5881c9e60fba117d1dcdbc83407a13bdde6a5d1ffd630e9613c34fad618dee5733d6ebc5df0ed3a641705baaa7250ce6a558ccef6f7def5f18f99bcc908f5a0e708f158ee77ecddc<br>
EAP-Message = 0x8969bdf71edf554961b83f8c719cb533f47a592d81e16e77b201ed464f09be9125da469bbb0e43bc76e23bc01f2eb78c7cca22e50382a384908b7fb1f416503d37b1c955303a144ca270259872f80c44ce20cf11a44e297ca763ac058de9cb83656ec62943d728f2c5499524542f3dbb61051d7e0a9a92d7fe883670624e751d7ec9fedc674cf73f4822361b8f263d2a650203010001a381fb3081f8301d0603551d0e041604146f2687e7262e22aecd2188eb6efb02eba39839fd3081c80603551d230481c03081bd80146f2687e7262e22aecd2188eb6efb02eba39839fda18199a48196308193310b3009060355040613024652310f300d06035504<br>
EAP-Message = 0x0813065261646975733112301006035504071309536f6d65776865726531153013060355040a130c4578616d706c6520496e632e3120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d312630240603550403131d4578616d706c6520436572746966696361746520417574686f72697479820900dcdbb13f82d4ce56300c0603551d13040530030101ff300d06092a864886f70d01010505000382010100647c9fcfe32740d5d6df5d621dd28948d3b5ba585446ce00a3f175f3fb60177f372d72b57463fd28220023dcc8873bd56b4bc89c39acdb8e334aaf6ac6009a784d7c780bd79366113bfbdb7d3af852bd2b9d<br>
EAP-Message = 0x5759f29e94ec8aef<br> Message-Authenticator = 0x00000000000000000000000000000000<br> State = 0x9ca1a80e9eb5b165fbd692931fddb1e7<br>Finished request 2.<br>Going to the next request<br>Waking up in 4.9 seconds.<br>
rad_recv: Access-Request packet from host 172.16.15.1 port 1027, id=179, length=144<br> User-Name = "10"<br> NAS-IP-Address = 172.16.15.1<br> NAS-Identifier = "<a href="http://aminahoora.home.ir">aminahoora.home.ir</a>"<br>
Framed-MTU = 1496<br> Called-Station-Id = "40-4a-03-ad-0b-b0"<br> Calling-Station-Id = "00-22-41-7d-9f-91"<br> NAS-Port-Type = Wireless-802.11<br> EAP-Message = 0x021400061900<br> State = 0x9ca1a80e9eb5b165fbd692931fddb1e7<br>
Message-Authenticator = 0x312e182ce06032e4516f6d50a6c4c129<br># Executing section authorize from file /usr/local/etc/raddb/radiusd.conf<br>+- entering group authorize {...}<br>++[chap] returns noop<br>++[mschap] returns noop<br>
WARNING: Found User-Password == "...".<br>WARNING: Are you sure you don't mean Cleartext-Password?<br>WARNING: See "man rlm_pap" for more information.<br>[files] users: Matched entry 10 at line 204<br>
++[files] returns ok<br>[eap] EAP packet type response id 20 length 6<br>[eap] Continuing tunnel setup.<br>++[eap] returns ok<br>++[pap] returns noop<br>Found Auth-Type = EAP<br># Executing group from file /usr/local/etc/raddb/radiusd.conf<br>
+- entering group authenticate {...}<br>[eap] Request found, released from the list<br>[eap] EAP/peap<br>[eap] processing type peap<br>[peap] processing EAP-TLS<br>[peap] Received TLS ACK<br>[peap] ACK handshake fragment handler<br>
[peap] eaptls_verify returned 1 <br>[peap] eaptls_process returned 13 <br>[peap] EAPTLS_HANDLED<br>++[eap] returns handled<br>Sending Access-Challenge of id 179 to 172.16.15.1 port 1027<br> EAP-Message = 0x011500b51900bf21a0b69a3e67caac09ed7c1cfbe98ac4b9e2d992a78310ee9b777b568fc84698be69b725c44305c38668cbfdf2fc4d2bd20a0a2ccca4a713772ac2d5867ce172062d8dba01d5fae9b313874d1eb94c2489edd82862b33ef58e0e0558093917fed55cb1a9b0f8fe70811709ca05d6ed1549e6377527c4a2c68c3ff021ae6f52fa1ba9e4832dad7a71d1f6775fdecb48936a9fff5e5e0910dc5645e144ad54538828a11e269616030100040e000000<br>
Message-Authenticator = 0x00000000000000000000000000000000<br> State = 0x9ca1a80e9fb4b165fbd692931fddb1e7<br>Finished request 3.<br>Going to the next request<br>Waking up in 4.9 seconds.<br>rad_recv: Access-Request packet from host 172.16.15.1 port 1027, id=180, length=476<br>
User-Name = "10"<br> NAS-IP-Address = 172.16.15.1<br> NAS-Identifier = "<a href="http://aminahoora.home.ir">aminahoora.home.ir</a>"<br> Framed-MTU = 1496<br> Called-Station-Id = "40-4a-03-ad-0b-b0"<br>
Calling-Station-Id = "00-22-41-7d-9f-91"<br> NAS-Port-Type = Wireless-802.11<br> EAP-Message = 0x021501501980000001461603010106100001020100498a4854d4465ef574b4954c3c8ee6b9ae2d8ee5cf9aa79e64d7bc3cf81f0be4ad0a50782e0af7e23c14ba838680fbaf95cd58afe9d8d95d8f0a17cc7278f9841fa2334fab620dee7d4f97675b0d3f729104e25cd46051d0731ead475a45a4d22b9e60f5db2026ffe3a73facda7e5f45715de1560ca853fcf80c89dbf0b8608c5743d86ee6d02605dce1061a91b92be6c1602070ae49b93d48dbef5f41cdd81bf1a0dcbc647f2a3c5658035530d44e222a7659ad7d6a5492d5c39ab5bc75b7cc2b689af8cf9092b92833509df984b19f32d98d5345ad77717505760bdd5ed9295a3ce1da0aff0012<br>
EAP-Message = 0xc119bae4349284a4ad2e9fb29ba4effba1c5e1697194040f1403010001011603010030333c379e1cebfa25f09bdd6df6ea7960b7cfbe9e378b62b682c6d05f0afc08e1b6ae003652ebe60bac4709d46ad0e4ae<br> State = 0x9ca1a80e9fb4b165fbd692931fddb1e7<br>
Message-Authenticator = 0xf40facdf859bf71c40af155b112cbf50<br># Executing section authorize from file /usr/local/etc/raddb/radiusd.conf<br>+- entering group authorize {...}<br>++[chap] returns noop<br>++[mschap] returns noop<br>
WARNING: Found User-Password == "...".<br>WARNING: Are you sure you don't mean Cleartext-Password?<br>WARNING: See "man rlm_pap" for more information.<br>[files] users: Matched entry 10 at line 204<br>
++[files] returns ok<br>[eap] EAP packet type response id 21 length 253<br>[eap] Continuing tunnel setup.<br>++[eap] returns ok<br>++[pap] returns noop<br>Found Auth-Type = EAP<br># Executing group from file /usr/local/etc/raddb/radiusd.conf<br>
+- entering group authenticate {...}<br>[eap] Request found, released from the list<br>[eap] EAP/peap<br>[eap] processing type peap<br>[peap] processing EAP-TLS<br> TLS Length 326<br>[peap] Length Included<br>[peap] eaptls_verify returned 11 <br>
[peap] <<< TLS 1.0 Handshake [length 0106], ClientKeyExchange <br>[peap] TLS_accept: SSLv3 read client key exchange A<br>[peap] <<< TLS 1.0 ChangeCipherSpec [length 0001] <br>[peap] <<< TLS 1.0 Handshake [length 0010], Finished <br>
[peap] TLS_accept: SSLv3 read finished A<br>[peap] >>> TLS 1.0 ChangeCipherSpec [length 0001] <br>[peap] TLS_accept: SSLv3 write change cipher spec A<br>[peap] >>> TLS 1.0 Handshake [length 0010], Finished <br>
[peap] TLS_accept: SSLv3 write finished A<br>[peap] TLS_accept: SSLv3 flush data<br>[peap] (other): SSL negotiation finished successfully<br>SSL Connection Established <br>[peap] eaptls_process returned 13 <br>
[peap] EAPTLS_HANDLED<br>++[eap] returns handled<br>Sending Access-Challenge of id 180 to 172.16.15.1 port 1027<br> EAP-Message = 0x0116004119001403010001011603010030fb7d3c24d1c65b12dfa94d1ecdc6ddcc9d646faa4ecd36827418b2332203481407386ca214b13d7ab1b8cf9662552c07<br>
Message-Authenticator = 0x00000000000000000000000000000000<br> State = 0x9ca1a80e98b7b165fbd692931fddb1e7<br>Finished request 4.<br>Going to the next request<br>Waking up in 4.7 seconds.<br>rad_recv: Access-Request packet from host 172.16.15.1 port 1027, id=181, length=144<br>
User-Name = "10"<br> NAS-IP-Address = 172.16.15.1<br> NAS-Identifier = "<a href="http://aminahoora.home.ir">aminahoora.home.ir</a>"<br> Framed-MTU = 1496<br> Called-Station-Id = "40-4a-03-ad-0b-b0"<br>
Calling-Station-Id = "00-22-41-7d-9f-91"<br> NAS-Port-Type = Wireless-802.11<br> EAP-Message = 0x021600061900<br> State = 0x9ca1a80e98b7b165fbd692931fddb1e7<br> Message-Authenticator = 0x2f0dd64255b0a8380e6a9b4871dfbdab<br>
# Executing section authorize from file /usr/local/etc/raddb/radiusd.conf<br>+- entering group authorize {...}<br>++[chap] returns noop<br>++[mschap] returns noop<br>WARNING: Found User-Password == "...".<br>WARNING: Are you sure you don't mean Cleartext-Password?<br>
WARNING: See "man rlm_pap" for more information.<br>[files] users: Matched entry 10 at line 204<br>++[files] returns ok<br>[eap] EAP packet type response id 22 length 6<br>[eap] Continuing tunnel setup.<br>++[eap] returns ok<br>
++[pap] returns noop<br>Found Auth-Type = EAP<br># Executing group from file /usr/local/etc/raddb/radiusd.conf<br>+- entering group authenticate {...}<br>[eap] Request found, released from the list<br>[eap] EAP/peap<br>[eap] processing type peap<br>
[peap] processing EAP-TLS<br>[peap] Received TLS ACK<br>[peap] ACK handshake is finished<br>[peap] eaptls_verify returned 3 <br>[peap] eaptls_process returned 3 <br>[peap] EAPTLS_SUCCESS<br>[peap] Session established. Decoding tunneled attributes.<br>
[peap] Peap state TUNNEL ESTABLISHED<br>++[eap] returns handled<br>Sending Access-Challenge of id 181 to 172.16.15.1 port 1027<br> EAP-Message = 0x0117002b190017030100207a938b37cd6503d215e4414cb1fd370240a2498818dfa70c7edc86e56bac80a1<br>
Message-Authenticator = 0x00000000000000000000000000000000<br> State = 0x9ca1a80e99b6b165fbd692931fddb1e7<br>Finished request 5.<br>Going to the next request<br>Waking up in 4.6 seconds.<br>rad_recv: Access-Request packet from host 172.16.15.1 port 1027, id=182, length=181<br>
User-Name = "10"<br> NAS-IP-Address = 172.16.15.1<br> NAS-Identifier = "<a href="http://aminahoora.home.ir">aminahoora.home.ir</a>"<br> Framed-MTU = 1496<br> Called-Station-Id = "40-4a-03-ad-0b-b0"<br>
Calling-Station-Id = "00-22-41-7d-9f-91"<br> NAS-Port-Type = Wireless-802.11<br> EAP-Message = 0x0217002b19001703010020e7748073d57a68c015f4fe8d1273a2e1212cff4a26e245f4d62330ca0ddca5e2<br> State = 0x9ca1a80e99b6b165fbd692931fddb1e7<br>
Message-Authenticator = 0xf80a05119c3182a4c5097b214aeb7c37<br># Executing section authorize from file /usr/local/etc/raddb/radiusd.conf<br>+- entering group authorize {...}<br>++[chap] returns noop<br>++[mschap] returns noop<br>
WARNING: Found User-Password == "...".<br>WARNING: Are you sure you don't mean Cleartext-Password?<br>WARNING: See "man rlm_pap" for more information.<br>[files] users: Matched entry 10 at line 204<br>
++[files] returns ok<br>[eap] EAP packet type response id 23 length 43<br>[eap] Continuing tunnel setup.<br>++[eap] returns ok<br>++[pap] returns noop<br>Found Auth-Type = EAP<br># Executing group from file /usr/local/etc/raddb/radiusd.conf<br>
+- entering group authenticate {...}<br>[eap] Request found, released from the list<br>[eap] EAP/peap<br>[eap] processing type peap<br>[peap] processing EAP-TLS<br>[peap] eaptls_verify returned 7 <br>[peap] Done initial handshake<br>
[peap] eaptls_process returned 7 <br>[peap] EAPTLS_OK<br>[peap] Session established. Decoding tunneled attributes.<br>[peap] Peap state WAITING FOR INNER IDENTITY<br>[peap] Identity - 10<br>[peap] Got inner identity '10'<br>
[peap] Setting default EAP type for tunneled EAP session.<br>[peap] Got tunneled request<br> EAP-Message = 0x02170007013130<br>server {<br> PEAP: Setting User-Name to 10<br>Sending tunneled request<br> EAP-Message = 0x02170007013130<br>
FreeRADIUS-Proxied-To = 127.0.0.1<br> User-Name = "10"<br>server inner-tunnel {<br>No such virtual server "inner-tunnel"<br>} # server inner-tunnel<br>[peap] Got tunneled reply code 3<br>[peap] Got tunneled reply RADIUS code 3<br>
[peap] Tunneled authentication was rejected.<br>[peap] FAILURE<br>++[eap] returns handled<br>Sending Access-Challenge of id 182 to 172.16.15.1 port 1027<br> EAP-Message = 0x0118002b19001703010020e922ee925838ed77c8b562883e7b7212c98e7180a9a9876b938d9d36de040ecd<br>
Message-Authenticator = 0x00000000000000000000000000000000<br> State = 0x9ca1a80e9ab9b165fbd692931fddb1e7<br>Finished request 6.<br>Going to the next request<br>Waking up in 4.6 seconds.<br>rad_recv: Access-Request packet from host 172.16.15.1 port 1027, id=183, length=181<br>
User-Name = "10"<br> NAS-IP-Address = 172.16.15.1<br> NAS-Identifier = "<a href="http://aminahoora.home.ir">aminahoora.home.ir</a>"<br> Framed-MTU = 1496<br> Called-Station-Id = "40-4a-03-ad-0b-b0"<br>
Calling-Station-Id = "00-22-41-7d-9f-91"<br> NAS-Port-Type = Wireless-802.11<br> EAP-Message = 0x0218002b1900170301002023f62825916276e5903af5875752449fa84f8fbba2c38c0814de3f094d11738e<br> State = 0x9ca1a80e9ab9b165fbd692931fddb1e7<br>
Message-Authenticator = 0x4271c9b17c0f2c3e8603ec2c6bbbc268<br># Executing section authorize from file /usr/local/etc/raddb/radiusd.conf<br>+- entering group authorize {...}<br>++[chap] returns noop<br>++[mschap] returns noop<br>
WARNING: Found User-Password == "...".<br>WARNING: Are you sure you don't mean Cleartext-Password?<br>WARNING: See "man rlm_pap" for more information.<br>[files] users: Matched entry 10 at line 204<br>
++[files] returns ok<br>[eap] EAP packet type response id 24 length 43<br>[eap] Continuing tunnel setup.<br>++[eap] returns ok<br>++[pap] returns noop<br>Found Auth-Type = EAP<br># Executing group from file /usr/local/etc/raddb/radiusd.conf<br>
+- entering group authenticate {...}<br>[eap] Request found, released from the list<br>[eap] EAP/peap<br>[eap] processing type peap<br>[peap] processing EAP-TLS<br>[peap] eaptls_verify returned 7 <br>[peap] Done initial handshake<br>
[peap] eaptls_process returned 7 <br>[peap] EAPTLS_OK<br>[peap] Session established. Decoding tunneled attributes.<br>[peap] Peap state send tlv failure<br>[peap] Received EAP-TLV response.<br>[peap] The users session was previously rejected: returning reject (again.)<br>
[peap] *** This means you need to read the PREVIOUS messages in the debug output<br>[peap] *** to find out the reason why the user was rejected.<br>[peap] *** Look for "reject" or "fail". Those earlier messages will tell you.<br>
[peap] *** what went wrong, and how to fix the problem.<br>[eap] Handler failed in EAP/peap<br>[eap] Failed in EAP select<br>++[eap] returns invalid<br>Failed to authenticate the user.<br>Sending Access-Reject of id 183 to 172.16.15.1 port 1027<br>
EAP-Message = 0x04180004<br> Message-Authenticator = 0x00000000000000000000000000000000<br>Finished request 7.<br>Going to the next request<br>Waking up in 4.6 seconds.<br>#################################################################################<br>
<br>and this is my radius configuration file<br><br><br>prefix = /usr<br>exec_prefix = /usr<br>sysconfdir = /etc<br>localstatedir = /var<br>sbindir = ${exec_prefix}/sbin<br>logdir = /var/log/freeradius<br>raddbdir = /etc/freeradius<br>
radacctdir = ${logdir}/radacct<br><br>confdir = ${raddbdir}<br>run_dir = ${localstatedir}/run/freeradius<br><br>log_file = ${logdir}/radius.log<br><br>libdir = /usr/lib/freeradius<br>pidfile = ${run_dir}/freeradius.pid<br>
<br>#user = freerad<br>#group = freerad<br><br>max_request_time = 30<br>delete_blocked_requests = no<br>cleanup_delay = 5<br>max_requests = 1024<br>bind_address = *<br><br>#listen {<br># ipaddr = 172.16.15.1<br># port = 1812<br>
# type = auth<br># virtual_server = one<br># }<br><br>port = 0<br><br>hostname_lookups = no<br>allow_core_dumps = no<br><br>regular_expressions = yes<br>extended_expressions = yes<br><br>log_stripped_names = no<br>
log_auth = no<br>log_auth_badpass = no<br>log_auth_goodpass = no<br><br>usercollide = no<br><br>lower_user = before<br>lower_pass = before<br><br>nospace_user = before<br>nospace_pass = before<br><br>checkrad = ${sbindir}/checkrad<br>
<br>#security {<br># max_attributes = 200<br># reject_delay = 1<br># status_server = no<br>#}<br><br>proxy_requests = no<br><br>$INCLUDE ${confdir}/clients.conf<br><br>snmp = no<br><br>thread pool {<br>
start_servers = 5<br> max_servers = 32<br> min_spare_servers = 3<br> max_spare_servers = 10<br> max_requests_per_server = 0<br>}<br><br>modules {<br> pap {<br> encryption_scheme = crypt<br>
}<br> chap {<br> authtype = CHAP<br> }<br> mschap {<br> authtype = MS-CHAP<br> use_mppe = no<br> #require_encryption = yes<br> #require_strong = yes<br>
# authtype = MS-CHAP<br> }<br> acct_unique {<br> key = "User-Name, Acct-Session-Id, NAS-IP-Address, Client-IP-Address, NAS-Port"<br> }<br> #$INCLUDE ${confdir}/sql.conf<br>
$INCLUDE ${confdir}/eap.conf<br> $INCLUDE ${confdir}/modules/files<br><br><br><br> counter daily {<br> filename = ${raddbdir}/db.daily<br> key = User-Name<br> count-attribute = Acct-Session-Time<br>
reset = daily<br> counter-name = Daily-Session-Time<br> check-name = Max-Daily-Session<br> allowed-servicetype = Framed-User<br> cache-size = 5000<br>
}<br> always fail {<br> rcode = fail<br> }<br> always reject {<br> rcode = reject<br> }<br> always ok {<br> rcode = ok<br> simulcount = 0<br>
mpp = no<br> }<br>}<br><br>instantiate {<br>}<br>authorize {<br> #preprocess<br> chap<br> mschap<br> #sql<br> files<br> eap<br> pap<br> }<br>
authenticate {<br>
Auth-Type PAP {<br> pap<br> }<br> Auth-Type CHAP {<br> chap<br> }<br> Auth-Type MS-CHAP {<br> mschap<br> }<br> eap<br>}<br><br>
preacct {<br> acct_unique<br>}<br>accounting {<br> #detail<br> #sql<br> }<br><br>session {<br> #sql<br>}<br>post-auth {<br> #sql<br>}<br><br><br><br><br><br><br>THANK YOU WITH BEST REGARDS<br>
AMIN AHOORA<br>