<html>
<head>
<meta http-equiv="content-type" content="text/html; charset=ISO-8859-1">
</head>
<body text="#000000" bgcolor="#FFFFFF">
Hi,<br>
<br>
First apologize my english, j'm french.<br>
<br>
So, i'm trying to use EAP-PEAP with freeradius 2.1 and i have some
questions.<br>
<br>
I didn't create any certificat.....can i use the certificate of
freeradius? (i have a warning "Unable to set DH parameters")<br>
My passwords are encrypted with NT-hashes, is it ok to use eap-peap
for? Is it normal the message : "[eap] No EAP-Message, not doing EA"
?<br>
<br>
i don't use the default virtual server, i only use one
file....l3_wifi_peap (where i use sql_auth for auth and sql_acct for
accounting)<br>
<br>
here are my files:<br>
<br>
<u><big><big>radiusd.conf :</big></big></u><br>
prefix = /usr<br>
exec_prefix = /usr<br>
sysconfdir = /etc<br>
localstatedir = /var<br>
sbindir = ${exec_prefix}/sbin<br>
logdir = /var/log/freeradius<br>
raddbdir = /etc/freeradius<br>
radacctdir = ${logdir}/radacct<br>
name = freeradius<br>
confdir = ${raddbdir}<br>
run_dir = ${localstatedir}/run/${name}<br>
db_dir = ${raddbdir}<br>
libdir = /usr/lib/freeradius<br>
pidfile = ${run_dir}/${name}.pid<br>
user = freerad<br>
group = freerad<br>
max_request_time = 30<br>
cleanup_delay = 5<br>
max_requests = 1024<br>
listen {<br>
type = auth<br>
ipaddr = *<br>
port = 0<br>
}<br>
listen {<br>
ipaddr = *<br>
port = 0<br>
type = acct<br>
}<br>
hostname_lookups = no<br>
allow_core_dumps = no<br>
regular_expressions = yes<br>
extended_expressions = yes<br>
log {<br>
destination = files<br>
file = ${logdir}/radius.log<br>
syslog_facility = daemon<br>
stripped_names = no<br>
auth = no<br>
auth_badpass = no<br>
auth_goodpass = no<br>
}<br>
checkrad = ${sbindir}/checkrad<br>
security {<br>
max_attributes = 200<br>
reject_delay = 1<br>
status_server = yes<br>
}<br>
proxy_requests = yes<br>
$INCLUDE proxy.conf<br>
$INCLUDE clients.conf<br>
thread pool {<br>
start_servers = 5<br>
max_servers = 32<br>
min_spare_servers = 3<br>
max_spare_servers = 10<br>
max_requests_per_server = 0<br>
}<br>
modules {<br>
$INCLUDE ${confdir}/modules/<br>
$INCLUDE eap-peap.conf<br>
$INCLUDE sql-peap.conf<br>
}<br>
instantiate {<br>
exec<br>
expr<br>
expiration<br>
logintime<br>
}<br>
$INCLUDE policy.conf<br>
$INCLUDE sites-enabled/<br>
<br>
<big><big>eap.conf:</big></big><br>
eap {<br>
default_eap_type = peap<br>
timer_expire = 60<br>
ignore_unknown_eap_types = no<br>
cisco_accounting_username_bug = no<br>
max_sessions = 4096<br>
tls {<br>
certdir = ${confdir}/certs<br>
cadir = ${confdir}/certs<br>
private_key_password = whatever<br>
private_key_file = ${certdir}/server.key<br>
certificate_file = ${certdir}/server.pem<br>
CA_file = ${cadir}/ca.pem<br>
dh_file = ${certdir}/dh<br>
random_file = /dev/urandom<br>
fragment_size = 1024<br>
include_length = yes<br>
check_crl = no <br>
cipher_list = "DEFAULT"<br>
make_cert_command = "${certdir}/bootstrap"<br>
}<br>
ttls {<br>
default_eap_type = md5<br>
copy_request_to_tunnel = no<br>
use_tunneled_reply = no<br>
virtual_server = "l3_wifi.peap"<br>
}<br>
peap {<br>
default_eap_type = mschapv2<br>
copy_request_to_tunnel = no<br>
use_tunneled_reply = no<br>
virtual_server = "l3_wifi.peap"<br>
}<br>
mschapv2 {<br>
}<br>
}<br>
<br>
<big><big>virtual server l3_wifi_peap:</big></big><br>
authorize {<br>
preprocess<br>
eap {<br>
ok = return<br>
} <br>
sql_auth<br>
}<br>
authenticate {<br>
Auth-Type MS-CHAP {<br>
mschap<br>
}<br>
}<br>
preacct {<br>
preprocess<br>
acct_unique<br>
suffixUnable to set DH parameters<br>
files<br>
}<br>
accounting {<br>
detail<br>
radutmp<br>
sql_acct<br>
attr_filter.accounting_response<br>
}<br>
session {<br>
radutmp<br>
}<br>
post-auth {<br>
exec<br>
Post-Auth-Type REJECT {<br>
attr_filter.access_reject<br>
}<br>
}<br>
<br>
<big><big><u>here are the queries to mysql database</u><u>:</u></big></big><br>
<br>
authorize_check_query = "SELECT uid, mail, 'NT-Password' AS
attribute, NTPassword, '==' AS op \<br>
FROM ${authcheck_table} \<br>
WHERE mail = '%{SQL-User-Name}' \<br>
ORDER BY uid"<br>
<br>
authorize_reply_query = "SELECT uid, mail, 'Trapeze-SSID' AS
attribute, 'WIFI' AS radiusTunnelPrivateGroupId, '=' AS op \<br>
FROM ${authreply_table} \<br>
WHERE mail = '%{SQL-User-Name}' \<br>
ORDER BY uid<br>
<br>
authcheck_table =_authreply_table<br>
<br>
+---------+--------------------------------+----------------------------------+<br>
| uid | mail |
NTPassword |<br>
+---------+--------------------------------+----------------------------------+<br>
| E999999 | <a class="moz-txt-link-abbreviated" href="mailto:alan.cox@test.fr">alan.cox@test.fr</a> | 18500da21668b63e900cc555c092e020 |<br>
+---------+--------------------------------+----------------------------------+<br>
<br>
<br>
<big><big><u>and finaly the freeradiux -X output :</u></big></big><br>
<br>
FreeRADIUS Version 2.1.12, for host x86_64-pc-linux-gnu, built on
Sep 11 2012 at 17:47:58<br>
Copyright (C) 1999-2009 The FreeRADIUS server project and
contributors. <br>
There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A
<br>
PARTICULAR PURPOSE. <br>
You may redistribute copies of FreeRADIUS under the terms of the <br>
GNU General Public License v2. <br>
Starting - reading configuration files ...<br>
including configuration file /etc/freeradius/radiusd.conf<br>
including configuration file /etc/freeradius/proxy.conf<br>
including configuration file /etc/freeradius/clients.conf<br>
including files in directory /etc/freeradius/modules/<br>
including configuration file /etc/freeradius/modules/cui<br>
including configuration file /etc/freeradius/modules/pam<br>
including configuration file /etc/freeradius/modules/pap<br>
including configuration file /etc/freeradius/modules/otp<br>
including configuration file /etc/freeradius/modules/soh<br>
including configuration file /etc/freeradius/modules/chap<br>
including configuration file /etc/freeradius/modules/echo<br>
including configuration file /etc/freeradius/modules/exec<br>
including configuration file /etc/freeradius/modules/expr<br>
including configuration file /etc/freeradius/modules/ldap<br>
including configuration file /etc/freeradius/modules/krb5<br>
including configuration file /etc/freeradius/modules/perl<br>
including configuration file /etc/freeradius/modules/unix<br>
including configuration file /etc/freeradius/modules/inner-eap<br>
including configuration file /etc/freeradius/modules/radutmp<br>
including configuration file /etc/freeradius/modules/counter<br>
including configuration file /etc/freeradius/modules/opendirectory<br>
including configuration file /etc/freeradius/modules/acct_unique<br>
including configuration file /etc/freeradius/modules/files<br>
including configuration file /etc/freeradius/modules/realm<br>
including configuration file /etc/freeradius/modules/redis<br>
including configuration file /etc/freeradius/modules/wimax<br>
including configuration file /etc/freeradius/modules/mac2vlan<br>
including configuration file /etc/freeradius/modules/replicate<br>
including configuration file /etc/freeradius/modules/linelog<br>
including configuration file
/etc/freeradius/modules/sqlcounter_expire_on_login<br>
including configuration file
/etc/freeradius/modules/detail.example.com<br>
including configuration file /etc/freeradius/modules/checkval<br>
including configuration file /etc/freeradius/modules/ntlm_auth<br>
including configuration file /etc/freeradius/modules/logintime<br>
including configuration file /etc/freeradius/modules/sql_log<br>
including configuration file /etc/freeradius/modules/sradutmp<br>
including configuration file /etc/freeradius/modules/always<br>
including configuration file /etc/freeradius/modules/attr_rewrite<br>
including configuration file /etc/freeradius/modules/detail<br>
including configuration file /etc/freeradius/modules/digest<br>
including configuration file /etc/freeradius/modules/dynamic_clients<br>
including configuration file /etc/freeradius/modules/ippool<br>
including configuration file /etc/freeradius/modules/mac2ip<br>
including configuration file /etc/freeradius/modules/mschap<br>
including configuration file /etc/freeradius/modules/smbpasswd<br>
including configuration file /etc/freeradius/modules/passwd<br>
including configuration file /etc/freeradius/modules/policy<br>
including configuration file /etc/freeradius/modules/smsotp<br>
including configuration file /etc/freeradius/modules/etc_group<br>
including configuration file /etc/freeradius/modules/preprocess<br>
including configuration file /etc/freeradius/modules/attr_filter<br>
including configuration file /etc/freeradius/modules/detail.log<br>
including configuration file /etc/freeradius/modules/rediswho<br>
including configuration file /etc/freeradius/modules/expiration<br>
including configuration file /etc/freeradius/eap-peap.conf<br>
including configuration file /etc/freeradius/sql-peap.conf<br>
including configuration file /etc/freeradius/policy.conf<br>
including files in directory /etc/freeradius/sites-enabled/<br>
including configuration file
/etc/freeradius/sites-enabled/l3_wifi.peap<br>
main {<br>
user = "freerad"<br>
group = "freerad"<br>
allow_core_dumps = no<br>
}<br>
including dictionary file /etc/freeradius/dictionary<br>
main {<br>
name = "freeradius"<br>
prefix = "/usr"<br>
localstatedir = "/var"<br>
sbindir = "/usr/sbin"<br>
logdir = "/var/log/freeradius"<br>
run_dir = "/var/run/freeradius"<br>
libdir = "/usr/lib/freeradius"<br>
radacctdir = "/var/log/freeradius/radacct"<br>
hostname_lookups = no<br>
max_request_time = 30<br>
cleanup_delay = 5<br>
max_requests = 1024<br>
pidfile = "/var/run/freeradius/freeradius.pid"<br>
checkrad = "/usr/sbin/checkrad"<br>
debug_level = 0<br>
proxy_requests = yes<br>
log {<br>
stripped_names = no<br>
auth = no<br>
auth_badpass = no<br>
auth_goodpass = no<br>
}<br>
security {<br>
max_attributes = 200<br>
reject_delay = 1<br>
status_server = yes<br>
}<br>
}<br>
radiusd: #### Loading Realms and Home Servers ####<br>
proxy server {<br>
retry_delay = 5<br>
retry_count = 3<br>
default_fallback = no<br>
dead_time = 120<br>
wake_all_if_all_dead = no<br>
}<br>
home_server localhost {<br>
ipaddr = 127.0.0.1<br>
port = 1812<br>
type = "auth"<br>
secret = "testing123"<br>
response_window = 20<br>
max_outstanding = 65536<br>
require_message_authenticator = yes<br>
zombie_period = 40<br>
status_check = "status-server"<br>
ping_interval = 30<br>
check_interval = 30<br>
num_answers_to_alive = 3<br>
num_pings_to_alive = 3<br>
revive_interval = 120<br>
status_check_timeout = 4<br>
coa {<br>
irt = 2<br>
mrt = 16<br>
mrc = 5<br>
mrd = 30<br>
}<br>
}<br>
home_server_pool my_auth_failover {<br>
type = fail-over<br>
home_server = localhost<br>
}<br>
realm example.com {<br>
auth_pool = my_auth_failover<br>
}<br>
realm LOCAL {<br>
}<br>
radiusd: #### Loading Clients ####<br>
client localhost {<br>
ipaddr = 127.0.0.1<br>
require_message_authenticator = no<br>
secret = "testing123"<br>
nastype = "other"<br>
}<br>
client 192.168.58.10 {<br>
require_message_authenticator = no<br>
secret = "*******"<br>
shortname = "192.168.58.10"<br>
nastype = "trapeze"<br>
}<br>
radiusd: #### Instantiating modules ####<br>
instantiate {<br>
Module: Linked to module rlm_exec<br>
Module: Instantiating module "exec" from file
/etc/freeradius/modules/exec<br>
exec {<br>
wait = no<br>
input_pairs = "request"<br>
shell_escape = yes<br>
}<br>
Module: Linked to module rlm_expr<br>
Module: Instantiating module "expr" from file
/etc/freeradius/modules/expr<br>
Module: Linked to module rlm_expiration<br>
Module: Instantiating module "expiration" from file
/etc/freeradius/modules/expiration<br>
expiration {<br>
reply-message = "Password Has Expired "<br>
}<br>
Module: Linked to module rlm_logintime<br>
Module: Instantiating module "logintime" from file
/etc/freeradius/modules/logintime<br>
logintime {<br>
reply-message = "You are calling outside your allowed timespan
"<br>
minimum-timeout = 60<br>
}<br>
}<br>
radiusd: #### Loading Virtual Servers ####<br>
server { # from file /etc/freeradius/radiusd.conf<br>
modules {<br>
Module: Creating Post-Auth-Type = REJECT<br>
Module: Checking authenticate {...} for more modules to load<br>
Module: Linked to module rlm_mschap<br>
Module: Instantiating module "mschap" from file
/etc/freeradius/modules/mschap<br>
mschap {<br>
use_mppe = yes<br>
require_encryption = no<br>
require_strong = no<br>
with_ntdomain_hack = no<br>
allow_retry = yes<br>
}<br>
Module: Linked to module rlm_eap<br>
Module: Instantiating module "eap" from file
/etc/freeradius/eap-peap.conf<br>
eap {<br>
default_eap_type = "peap"<br>
timer_expire = 60<br>
ignore_unknown_eap_types = no<br>
cisco_accounting_username_bug = no<br>
max_sessions = 4096<br>
}<br>
Module: Linked to sub-module rlm_eap_tls<br>
Module: Instantiating eap-tls<br>
tls {<br>
rsa_key_exchange = no<br>
dh_key_exchange = yes<br>
rsa_key_length = 512<br>
dh_key_length = 512<br>
verify_depth = 0<br>
pem_file_type = yes<br>
private_key_file = "/etc/freeradius/certs/server.key"<br>
certificate_file = "/etc/freeradius/certs/server.pem"<br>
CA_file = "/etc/freeradius/certs/ca.pem"<br>
private_key_password = "whatever"<br>
dh_file = "/etc/freeradius/certs/dh"<br>
random_file = "/dev/urandom"<br>
fragment_size = 1024<br>
include_length = yes<br>
check_crl = no<br>
cipher_list = "DEFAULT"<br>
make_cert_command = "/etc/freeradius/certs/bootstrap"<br>
ecdh_curve = "prime256v1"<br>
}<br>
WARNING: rlm_eap_tls: Unable to set DH parameters. DH cipher suites
may not work!<br>
WARNING: Fix this by running the OpenSSL command listed in eap.conf<br>
Module: Linked to sub-module rlm_eap_ttls<br>
Module: Instantiating eap-ttls<br>
ttls {<br>
default_eap_type = "md5"<br>
copy_request_to_tunnel = no<br>
use_tunneled_reply = no<br>
virtual_server = "l3_wifi.peap"<br>
include_length = yes<br>
}<br>
Module: Linked to sub-module rlm_eap_peap<br>
Module: Instantiating eap-peap<br>
peap {<br>
default_eap_type = "mschapv2"<br>
copy_request_to_tunnel = no<br>
use_tunneled_reply = no<br>
proxy_tunneled_request_as_eap = yes<br>
virtual_server = "l3_wifi.peap"<br>
soh = no<br>
}<br>
Module: Linked to sub-module rlm_eap_mschapv2<br>
Module: Instantiating eap-mschapv2<br>
mschapv2 {<br>
with_ntdomain_hack = no<br>
send_error = no<br>
}<br>
Module: Checking authorize {...} for more modules to load<br>
Module: Linked to module rlm_preprocess<br>
Module: Instantiating module "preprocess" from file
/etc/freeradius/modules/preprocess<br>
preprocess {<br>
huntgroups = "/etc/freeradius/huntgroups"<br>
hints = "/etc/freeradius/hints"<br>
with_ascend_hack = no<br>
ascend_channels_per_line = 23<br>
with_ntdomain_hack = no<br>
with_specialix_jetstream_hack = no<br>
with_cisco_vsa_hack = no<br>
with_alvarion_vsa_hack = no<br>
}<br>
Module: Linked to module rlm_sql<br>
Module: Instantiating module "sql_auth" from file
/etc/freeradius/sql-peap.conf<br>
sql sql_auth {<br>
driver = "rlm_sql_mysql"<br>
server = "********************"<br>
port = ""<br>
login = "********"<br>
password = "*************"<br>
radius_db = "**********"<br>
read_groups = yes<br>
sqltrace = no<br>
sqltracefile = "/var/log/freeradius/sqltrace.sql"<br>
readclients = no<br>
deletestalesessions = no<br>
num_sql_socks = 5<br>
lifetime = 0<br>
max_queries = 0<br>
sql_user_name = "%{User-Name}"<br>
default_user_profile = ""<br>
nas_query = "SELECT id,nasname,shortname,type,secret FROM nas"<br>
authorize_check_query = "SELECT uid, mail, 'NT-Password' AS
attribute, NTPassword, '==' AS op FROM dsi_radius WHERE
mail = '%{SQL-User-Name}' ORDER BY uid"<br>
authorize_reply_query = "SELECT uid, mail, 'Trapeze-SSID' AS
attribute, 'WIFI' AS radiusTunnelPrivateGroupId, '=' AS op
FROM dsi_radius WHERE mail = '%{SQL-User-Name}' ORDER BY
uid"<br>
authorize_group_check_query = ""<br>
authorize_group_reply_query = ""<br>
accounting_onoff_query = ""<br>
accounting_update_query = ""<br>
accounting_update_query_alt = ""<br>
accounting_start_query = ""<br>
accounting_start_query_alt = ""<br>
accounting_stop_query = ""<br>
accounting_stop_query_alt = ""<br>
connect_failure_retry_delay = 60<br>
simul_count_query = ""<br>
simul_verify_query = ""<br>
postauth_query = ""<br>
safe-characters =
"@abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789.-_:
/"<br>
}<br>
rlm_sql Creating new attribute sql_auth-SQL-Group<br>
rlm_sql (sql_auth): Driver rlm_sql_mysql (module rlm_sql_mysql)
loaded and linked<br>
rlm_sql (sql_auth): Attempting to connect to
***************************************<br>
rlm_sql (sql_auth): starting 0<br>
rlm_sql (sql_auth): Attempting to connect rlm_sql_mysql #0<br>
rlm_sql_mysql: Starting connect to MySQL server for #0<br>
rlm_sql (sql_auth): Connected new DB handle, #0<br>
rlm_sql (sql_auth): starting 1<br>
rlm_sql (sql_auth): Attempting to connect rlm_sql_mysql #1<br>
rlm_sql_mysql: Starting connect to MySQL server for #1<br>
rlm_sql (sql_auth): Connected new DB handle, #1<br>
rlm_sql (sql_auth): starting 2<br>
rlm_sql (sql_auth): Attempting to connect rlm_sql_mysql #2<br>
rlm_sql_mysql: Starting connect to MySQL server for #2<br>
rlm_sql (sql_auth): Connected new DB handle, #2<br>
rlm_sql (sql_auth): starting 3<br>
rlm_sql (sql_auth): Attempting to connect rlm_sql_mysql #3<br>
rlm_sql_mysql: Starting connect to MySQL server for #3<br>
rlm_sql (sql_auth): Connected new DB handle, #3<br>
rlm_sql (sql_auth): starting 4<br>
rlm_sql (sql_auth): Attempting to connect rlm_sql_mysql #4<br>
rlm_sql_mysql: Starting connect to MySQL server for #4<br>
rlm_sql (sql_auth): Connected new DB handle, #4<br>
Module: Checking preacct {...} for more modules to load<br>
Module: Linked to module rlm_acct_unique<br>
Module: Instantiating module "acct_unique" from file
/etc/freeradius/modules/acct_unique<br>
acct_unique {<br>
key = "User-Name, Acct-Session-Id, NAS-IP-Address,
Client-IP-Address, NAS-Port"<br>
}<br>
Module: Linked to module rlm_realm<br>
Module: Instantiating module "suffix" from file
/etc/freeradius/modules/realm<br>
realm suffix {<br>
format = "suffix"<br>
delimiter = "@"<br>
ignore_default = no<br>
ignore_null = no<br>
}<br>
Module: Linked to module rlm_files<br>
Module: Instantiating module "files" from file
/etc/freeradius/modules/files<br>
files {<br>
usersfile = "/etc/freeradius/users"<br>
acctusersfile = "/etc/freeradius/acct_users"<br>
preproxy_usersfile = "/etc/freeradius/preproxy_users"<br>
compat = "no"<br>
}<br>
Module: Checking accounting {...} for more modules to load<br>
Module: Linked to module rlm_detail<br>
Module: Instantiating module "detail" from file
/etc/freeradius/modules/detail<br>
detail {<br>
detailfile =
"/var/log/freeradius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/detail-%Y%m%d"<br>
header = "%t"<br>
detailperm = 384<br>
dirperm = 493<br>
locking = no<br>
log_packet_header = no<br>
}<br>
Module: Linked to module rlm_radutmp<br>
Module: Instantiating module "radutmp" from file
/etc/freeradius/modules/radutmp<br>
radutmp {<br>
filename = "/var/log/freeradius/radutmp"<br>
username = "%{User-Name}"<br>
case_sensitive = yes<br>
check_with_nas = yes<br>
perm = 384<br>
callerid = yes<br>
}<br>
Module: Instantiating module "sql_acct" from file
/etc/freeradius/sql-peap.conf<br>
sql sql_acct {<br>
driver = "rlm_sql_mysql"<br>
server = "**********************"<br>
port = ""<br>
login = "****************"<br>
password = "***************"<br>
radius_db = "****************"<br>
read_groups = yes<br>
sqltrace = yes<br>
sqltracefile = "/var/log/freeradius/sqltrace.sql"<br>
readclients = no<br>
deletestalesessions = yes<br>
num_sql_socks = 5<br>
lifetime = 0<br>
max_queries = 0<br>
sql_user_name = "%{User-Name}"<br>
default_user_profile = ""<br>
nas_query = "SELECT id,nasname,shortname,type,secret FROM nas"<br>
authorize_check_query = ""<br>
authorize_group_check_query = ""<br>
authorize_group_reply_query = ""<br>
accounting_onoff_query = " UPDATE radacct
SET acctstoptime = '%S',
acctsessiontime = unix_timestamp('%S')
-
unix_timestamp(acctstarttime), acctterminatecause =
'%{Acct-Terminate-Cause}', acctstopdelay =
%{%{Acct-Delay-Time}:-0} WHERE acctstoptime IS
NULL AND nasipaddress =
'%{NAS-IP-Address}' AND acctstarttime <= '%S'"<br>
accounting_update_query = " UPDATE radacct
SET framedipaddress =
'%{Framed-IP-Address}', acctsessiontime =
'%{Acct-Session-Time}', acctinputoctets =
'%{%{Acct-Input-Gigawords}:-0}' << 32
|
'%{%{Acct-Input-Octets}:-0}', acctoutputoctets =
'%{%{Acct-Output-Gigawords}:-0}' << 32
|
'%{%{Acct-Output-Octets}:-0}' WHERE acctsessionid =
'%{Acct-Session-Id}' AND username =
'%{SQL-User-Name}' AND nasipaddress =
'%{NAS-IP-Address}'"<br>
accounting_update_query_alt = " INSERT INTO
radacct (acctsessionid, acctuniqueid,
username, realm, nasipaddress,
nasportid, nasporttype, acctstarttime,
acctsessiontime, acctauthentic, connectinfo_start,
acctinputoctets, acctoutputoctets, calledstationid,
callingstationid, servicetype, framedprotocol,
framedipaddress, acctstartdelay,
xascendsessionsvrkey) VALUES
('%{Acct-Session-Id}', '%{Acct-Unique-Session-Id}',
'%{SQL-User-Name}', '%{Realm}', '%{NAS-IP-Address}',
'%{NAS-Port}', '%{NAS-Port-Type}',
DATE_SUB('%S', INTERVAL
(%{%{Acct-Session-Time}:-0} +
%{%{Acct-Delay-Time}:-0}) SECOND),
'%{Acct-Session-Time}', '%{Acct-Authentic}',
'', '%{%{Acct-Input-Gigawords}:-0}' << 32
| '%{%{Acct-Input-Octets}:-0}',
'%{%{Acct-Output-Gigawords}:-0}' << 32 |
'%{%{Acct-Output-Octets}:-0}', '%{Called-Station-Id}',
'%{Calling-Station-Id}', '%{Service-Type}',
'%{Framed-Protocol}',
'%{Framed-IP-Address}', '0',
'%{X-Ascend-Session-Svr-Key}')"<br>
accounting_start_query = " INSERT INTO
radacct (acctsessionid, acctuniqueid,
username, realm, nasipaddress,
nasportid, nasporttype, acctstarttime,
acctstoptime, acctsessiontime, acctauthentic,
connectinfo_start, connectinfo_stop, acctinputoctets,
acctoutputoctets, calledstationid, callingstationid,
acctterminatecause, servicetype, framedprotocol,
framedipaddress, acctstartdelay, acctstopdelay,
xascendsessionsvrkey) VALUES
('%{Acct-Session-Id}', '%{Acct-Unique-Session-Id}',
'%{SQL-User-Name}', '%{Realm}', '%{NAS-IP-Address}',
'%{NAS-Port}', '%{NAS-Port-Type}', '%S',
NULL, '0', '%{Acct-Authentic}',
'%{Connect-Info}', '', '0', '0',
'%{Called-Station-Id}', '%{Calling-Station-Id}', '',
'%{Service-Type}', '%{Framed-Protocol}',
'%{Framed-IP-Address}', '%{%{Acct-Delay-Time}:-0}',
'0', '%{X-Ascend-Session-Svr-Key}')"<br>
accounting_start_query_alt = " UPDATE radacct
SET acctstarttime = '%S',
acctstartdelay = '%{%{Acct-Delay-Time}:-0}',
connectinfo_start = '%{Connect-Info}' WHERE acctsessionid
= '%{Acct-Session-Id}' AND username =
'%{SQL-User-Name}' AND nasipaddress =
'%{NAS-IP-Address}'"<br>
accounting_stop_query = " UPDATE radacct
SET acctstoptime = '%S',
acctsessiontime = '%{Acct-Session-Time}',
acctinputoctets = '%{%{Acct-Input-Gigawords}:-0}' << 32
|
'%{%{Acct-Input-Octets}:-0}', acctoutputoctets =
'%{%{Acct-Output-Gigawords}:-0}' << 32
|
'%{%{Acct-Output-Octets}:-0}', acctterminatecause =
'%{Acct-Terminate-Cause}', acctstopdelay =
'%{%{Acct-Delay-Time}:-0}', connectinfo_stop =
'%{Connect-Info}' WHERE acctsessionid =
'%{Acct-Session-Id}' AND username =
'%{SQL-User-Name}' AND nasipaddress =
'%{NAS-IP-Address}'"<br>
accounting_stop_query_alt = " INSERT INTO
radacct (acctsessionid, acctuniqueid,
username, realm, nasipaddress, nasportid,
nasporttype, acctstarttime, acctstoptime,
acctsessiontime, acctauthentic, connectinfo_start,
connectinfo_stop, acctinputoctets, acctoutputoctets,
calledstationid, callingstationid, acctterminatecause,
servicetype, framedprotocol, framedipaddress,
acctstartdelay, acctstopdelay) VALUES
('%{Acct-Session-Id}', '%{Acct-Unique-Session-Id}',
'%{SQL-User-Name}', '%{Realm}', '%{NAS-IP-Address}',
'%{NAS-Port}', '%{NAS-Port-Type}',
DATE_SUB('%S', INTERVAL (%{%{Acct-Session-Time}:-0}
+ %{%{Acct-Delay-Time}:-0}) SECOND),
'%S', '%{Acct-Session-Time}', '%{Acct-Authentic}', '',
'%{Connect-Info}', '%{%{Acct-Input-Gigawords}:-0}'
<< 32 |
'%{%{Acct-Input-Octets}:-0}',
'%{%{Acct-Output-Gigawords}:-0}' << 32 |
'%{%{Acct-Output-Octets}:-0}', '%{Called-Station-Id}',
'%{Calling-Station-Id}',
'%{Acct-Terminate-Cause}', '%{Service-Type}',
'%{Framed-Protocol}', '%{Framed-IP-Address}', '0',
'%{%{Acct-Delay-Time}:-0}')"<br>
connect_failure_retry_delay = 60<br>
simul_count_query = ""<br>
simul_verify_query = "SELECT radacctid, acctsessionid,
username, nasipaddress, nasportid,
framedipaddress, callingstationid,
framedprotocol FROM
radacct WHERE username =
'%{SQL-User-Name}' AND acctstoptime
IS NULL"<br>
postauth_query = "INSERT INTO
radpostauth (username, pass, reply,
authdate) VALUES
(
'%{User-Name}',
'%{%{User-Password}:-%{Chap-Password}}',
'%{reply:Packet-Type}', '%S')"<br>
safe-characters =
"@abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789.-_:
/"<br>
}<br>
rlm_sql Creating new attribute sql_acct-SQL-Group<br>
rlm_sql (sql_acct): Driver rlm_sql_mysql (module rlm_sql_mysql)
loaded and linked<br>
rlm_sql (sql_acct): Attempting to connect to
************************************<br>
rlm_sql (sql_acct): starting 0<br>
rlm_sql (sql_acct): Attempting to connect rlm_sql_mysql #0<br>
rlm_sql_mysql: Starting connect to MySQL server for #0<br>
rlm_sql (sql_acct): Connected new DB handle, #0<br>
rlm_sql (sql_acct): starting 1<br>
rlm_sql (sql_acct): Attempting to connect rlm_sql_mysql #1<br>
rlm_sql_mysql: Starting connect to MySQL server for #1<br>
rlm_sql (sql_acct): Connected new DB handle, #1<br>
rlm_sql (sql_acct): starting 2<br>
rlm_sql (sql_acct): Attempting to connect rlm_sql_mysql #2<br>
rlm_sql_mysql: Starting connect to MySQL server for #2<br>
rlm_sql (sql_acct): Connected new DB handle, #2<br>
rlm_sql (sql_acct): starting 3<br>
rlm_sql (sql_acct): Attempting to connect rlm_sql_mysql #3<br>
rlm_sql_mysql: Starting connect to MySQL server for #3<br>
rlm_sql (sql_acct): Connected new DB handle, #3<br>
rlm_sql (sql_acct): starting 4<br>
rlm_sql (sql_acct): Attempting to connect rlm_sql_mysql #4<br>
rlm_sql_mysql: Starting connect to MySQL server for #4<br>
rlm_sql (sql_acct): Connected new DB handle, #4<br>
Module: Linked to module rlm_attr_filter<br>
Module: Instantiating module "attr_filter.accounting_response" from
file /etc/freeradius/modules/attr_filter<br>
attr_filter attr_filter.accounting_response {<br>
attrsfile = "/etc/freeradius/attrs.accounting_response"<br>
key = "%{User-Name}"<br>
relaxed = no<br>
}<br>
Module: Checking session {...} for more modules to load<br>
Module: Checking post-auth {...} for more modules to load<br>
Module: Instantiating module "attr_filter.access_reject" from file
/etc/freeradius/modules/attr_filter<br>
attr_filter attr_filter.access_reject {<br>
attrsfile = "/etc/freeradius/attrs.access_reject"<br>
key = "%{User-Name}"<br>
relaxed = no<br>
}<br>
} # modules<br>
} # server<br>
radiusd: #### Opening IP addresses and Ports ####<br>
listen {<br>
type = "auth"<br>
ipaddr = *<br>
port = 0<br>
}<br>
listen {<br>
type = "acct"<br>
ipaddr = *<br>
port = 0<br>
}<br>
... adding new socket proxy address * port 58995<br>
Listening on authentication address * port 1812<br>
Listening on accounting address * port 1813<br>
Listening on proxy address * port 1814<br>
Ready to process requests.<br>
rad_recv: Access-Request packet from host 192.168.58.10 port 20000,
id=83, length=136<br>
User-Name = <a class="moz-txt-link-rfc2396E" href="mailto:alan.cox@test.fr">"alan.cox@test.fr"</a><br>
Calling-Station-Id = "74-2F-68-ED-12-1C"<br>
Called-Station-Id = "00-0B-0E-AA-36-00:WIFI"<br>
NAS-Port = 82<br>
NAS-Port-Type = Wireless-802.11<br>
NAS-IP-Address = 192.168.58.10<br>
NAS-Identifier = "Trapeze"<br>
User-Password = "pass"<br>
# Executing section authorize from file
/etc/freeradius/sites-enabled/l3_wifi.peap<br>
+- entering group authorize {...}<br>
++[preprocess] returns ok<br>
[eap] No EAP-Message, not doing EA<br>
++[eap] returns noop<br>
[sql_auth] expand: %{User-Name} -> <a class="moz-txt-link-abbreviated" href="mailto:alan.cox@test.fr">alan.cox@test.fr</a><br>
[sql_auth] sql_set_user escaped user --> '<a class="moz-txt-link-abbreviated" href="mailto:alan.cox@test.fr">alan.cox@test.fr</a>'<br>
rlm_sql (sql_auth): Reserving sql socket id: 4<br>
[sql_auth] expand: SELECT uid, mail, 'NT-Password' AS attribute,
NTPassword, '==' AS op FROM dsi_radius WHERE mail =
'%{SQL-User-Name}' ORDER BY uid -> SELECT uid, mail,
'NT-Password' AS attribute, NTPassword, '==' AS op FROM
dsi_radius WHERE mail = '<a class="moz-txt-link-abbreviated" href="mailto:alan.cox@test.fr">alan.cox@test.fr</a>' ORDER BY uid<br>
rlm_sql (sql_auth): Released sql socket id: 4<br>
[sql_auth] User <a class="moz-txt-link-abbreviated" href="mailto:alan.cox@test.fr">alan.cox@test.fr</a> not found<br>
++[sql_auth] returns notfound<br>
ERROR: No authenticate method (Auth-Type) found for the request:
Rejecting the user<br>
Failed to authenticate the user.<br>
Using Post-Auth-Type Reject<br>
# Executing group from file
/etc/freeradius/sites-enabled/l3_wifi.peap<br>
+- entering group REJECT {...}<br>
[attr_filter.access_reject] expand: %{User-Name} ->
<a class="moz-txt-link-abbreviated" href="mailto:alan.cox@test.fr">alan.cox@test.fr</a><br>
attr_filter: Matched entry DEFAULT at line 11<br>
++[attr_filter.access_reject] returns updated<br>
Delaying reject of request 0 for 1 seconds<br>
Going to the next request<br>
Waking up in 0.9 seconds.<br>
Sending delayed reject for request 0<br>
Sending Access-Reject of id 83 to 192.168.58.10 port 20000<br>
Waking up in 4.9 seconds.<br>
Cleaning up request 0 ID 83 with timestamp +65<br>
Ready to process requests.<br>
<br>
<br>
<br>
Thank(s for your help!!<br>
</body>
</html>