freeradius: FreeRADIUS Version 2.2.5, for host arm-unknown-linux-gnueabihf, built on Oct 25 2014 at 07:04:01 Copyright (C) 1999-2013 The FreeRADIUS server project and contributors. There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. You may redistribute copies of FreeRADIUS under the terms of the GNU General Public License. For more information about these matters, see the file named COPYRIGHT. Starting - reading configuration files ... including configuration file /etc/freeradius/radiusd.conf including configuration file /etc/freeradius/proxy.conf including configuration file /etc/freeradius/clients.conf including files in directory /etc/freeradius/modules/ including configuration file /etc/freeradius/modules/soh including configuration file /etc/freeradius/modules/detail.log including configuration file /etc/freeradius/modules/expr including configuration file /etc/freeradius/modules/smbpasswd including configuration file /etc/freeradius/modules/digest including configuration file /etc/freeradius/modules/mac2vlan including configuration file /etc/freeradius/modules/cache including configuration file /etc/freeradius/modules/dynamic_clients including configuration file /etc/freeradius/modules/detail including configuration file /etc/freeradius/modules/attr_rewrite including configuration file /etc/freeradius/modules/opendirectory including configuration file /etc/freeradius/modules/detail.example.com including configuration file /etc/freeradius/modules/dhcp_sqlippool including configuration file /etc/freeradius/modules/exec including configuration file /etc/freeradius/modules/mac2ip including configuration file /etc/freeradius/modules/realm including configuration file /etc/freeradius/modules/mschap including configuration file /etc/freeradius/modules/expiration including configuration file /etc/freeradius/modules/policy including configuration file /etc/freeradius/modules/smsotp including configuration file /etc/freeradius/modules/otp including configuration file /etc/freeradius/modules/inner-eap including configuration file /etc/freeradius/modules/ntlm_auth including configuration file /etc/freeradius/modules/unix including configuration file /etc/freeradius/modules/radutmp including configuration file /etc/freeradius/modules/pap including configuration file /etc/freeradius/modules/preprocess including configuration file /etc/freeradius/modules/krb5 including configuration file /etc/freeradius/modules/linelog including configuration file /etc/freeradius/modules/checkval including configuration file /etc/freeradius/modules/sradutmp including configuration file /etc/freeradius/modules/files including configuration file /etc/freeradius/modules/sql_log including configuration file /etc/freeradius/modules/chap including configuration file /etc/freeradius/modules/rediswho including configuration file /etc/freeradius/modules/echo including configuration file /etc/freeradius/modules/radrelay including configuration file /etc/freeradius/modules/wimax including configuration file /etc/freeradius/modules/passwd including configuration file /etc/freeradius/modules/always including configuration file /etc/freeradius/modules/acct_unique including configuration file /etc/freeradius/modules/etc_group including configuration file /etc/freeradius/modules/logintime including configuration file /etc/freeradius/modules/sqlcounter_expire_on_login including configuration file /etc/freeradius/modules/attr_filter including configuration file /etc/freeradius/modules/cui including configuration file /etc/freeradius/modules/ippool including configuration file /etc/freeradius/modules/redis including configuration file /etc/freeradius/modules/pam including configuration file /etc/freeradius/modules/perl including configuration file /etc/freeradius/modules/ldap including configuration file /etc/freeradius/modules/counter including configuration file /etc/freeradius/modules/replicate including configuration file /etc/freeradius/eap.conf including configuration file /etc/freeradius/sql.conf including configuration file /etc/freeradius/sql/mysql/dialup.conf including configuration file /etc/freeradius/sql/mysql/counter.conf including configuration file /etc/freeradius/policy.conf including files in directory /etc/freeradius/sites-enabled/ including configuration file /etc/freeradius/sites-enabled/default including configuration file /etc/freeradius/sites-enabled/inner-tunnel main { user = "freerad" group = "freerad" allow_core_dumps = no } including dictionary file /etc/freeradius/dictionary main { name = "freeradius" prefix = "/usr" localstatedir = "/var" sbindir = "/usr/sbin" logdir = "/var/log/freeradius" run_dir = "/var/run/freeradius" libdir = "/usr/lib/freeradius" radacctdir = "/var/log/freeradius/radacct" hostname_lookups = no max_request_time = 30 cleanup_delay = 5 max_requests = 1024 pidfile = "/var/run/freeradius/freeradius.pid" checkrad = "/usr/sbin/checkrad" debug_level = 0 proxy_requests = yes log { stripped_names = no auth = yes auth_badpass = yes auth_goodpass = yes } security { max_attributes = 200 reject_delay = 1 status_server = yes allow_vulnerable_openssl = no } } radiusd: #### Loading Realms and Home Servers #### proxy server { retry_delay = 5 retry_count = 3 default_fallback = no dead_time = 120 wake_all_if_all_dead = no } home_server localhost { ipaddr = 127.0.0.1 port = 1812 type = "auth" secret = "testing123" response_window = 20 max_outstanding = 65536 require_message_authenticator = yes zombie_period = 40 status_check = "status-server" ping_interval = 30 check_interval = 30 num_answers_to_alive = 3 num_pings_to_alive = 3 revive_interval = 120 status_check_timeout = 4 coa { irt = 2 mrt = 16 mrc = 5 mrd = 30 } } home_server_pool my_auth_failover { type = fail-over home_server = localhost } realm example.com { auth_pool = my_auth_failover } realm LOCAL { } radiusd: #### Loading Clients #### client localhost { ipaddr = 127.0.0.1 require_message_authenticator = no secret = "testing123" nastype = "other" } radiusd: #### Instantiating modules #### instantiate { Module: Linked to module rlm_exec Module: Instantiating module "exec" from file /etc/freeradius/modules/exec exec { wait = no input_pairs = "request" shell_escape = yes timeout = 10 } Module: Linked to module rlm_expr Module: Instantiating module "expr" from file /etc/freeradius/modules/expr Module: Linked to module rlm_expiration Module: Instantiating module "expiration" from file /etc/freeradius/modules/expiration expiration { reply-message = "Password Has Expired " } Module: Linked to module rlm_logintime Module: Instantiating module "logintime" from file /etc/freeradius/modules/logintime logintime { reply-message = "You are calling outside your allowed timespan " minimum-timeout = 60 } } radiusd: #### Loading Virtual Servers #### server { # from file /etc/freeradius/radiusd.conf modules { Module: Creating Post-Auth-Type = REJECT Module: Checking authenticate {...} for more modules to load Module: Linked to module rlm_pap Module: Instantiating module "pap" from file /etc/freeradius/modules/pap pap { encryption_scheme = "auto" auto_header = no } Module: Linked to module rlm_chap Module: Instantiating module "chap" from file /etc/freeradius/modules/chap Module: Linked to module rlm_mschap Module: Instantiating module "mschap" from file /etc/freeradius/modules/mschap mschap { use_mppe = yes require_encryption = yes require_strong = yes with_ntdomain_hack = yes allow_retry = yes } Module: Linked to module rlm_unix Module: Instantiating module "unix" from file /etc/freeradius/modules/unix unix { radwtmp = "/var/log/freeradius/radwtmp" } Module: Linked to module rlm_eap Module: Instantiating module "eap" from file /etc/freeradius/eap.conf eap { default_eap_type = "peap" timer_expire = 60 ignore_unknown_eap_types = no cisco_accounting_username_bug = no max_sessions = 1024 } Module: Linked to sub-module rlm_eap_md5 Module: Instantiating eap-md5 Module: Linked to sub-module rlm_eap_leap Module: Instantiating eap-leap Module: Linked to sub-module rlm_eap_gtc Module: Instantiating eap-gtc gtc { challenge = "Password: " auth_type = "PAP" } Module: Linked to sub-module rlm_eap_tls Module: Instantiating eap-tls tls { rsa_key_exchange = no dh_key_exchange = yes rsa_key_length = 512 dh_key_length = 512 verify_depth = 0 CA_path = "/etc/freeradius/certs" pem_file_type = yes private_key_file = "/etc/freeradius/certs/server.key" certificate_file = "/etc/freeradius/certs/server.pem" CA_file = "/etc/freeradius/certs/ca.pem" private_key_password = "whatever" dh_file = "/etc/freeradius/certs/dh" random_file = "/dev/urandom" fragment_size = 1024 include_length = yes check_crl = no cipher_list = "DEFAULT" make_cert_command = "/etc/freeradius/certs/bootstrap" ecdh_curve = "prime256v1" cache { enable = no lifetime = 24 max_entries = 255 } verify { } ocsp { enable = no override_cert_url = yes url = "http://127.0.0.1/ocsp/" use_nonce = yes timeout = 0 softfail = no } } Module: Linked to sub-module rlm_eap_ttls Module: Instantiating eap-ttls ttls { default_eap_type = "md5" copy_request_to_tunnel = yes use_tunneled_reply = yes virtual_server = "inner-tunnel" include_length = yes } Module: Linked to sub-module rlm_eap_peap Module: Instantiating eap-peap peap { default_eap_type = "mschapv2" copy_request_to_tunnel = no use_tunneled_reply = no proxy_tunneled_request_as_eap = yes virtual_server = "inner-tunnel" soh = no } Module: Linked to sub-module rlm_eap_mschapv2 Module: Instantiating eap-mschapv2 mschapv2 { with_ntdomain_hack = no send_error = no } Module: Checking authorize {...} for more modules to load Module: Linked to module rlm_preprocess Module: Instantiating module "preprocess" from file /etc/freeradius/modules/preprocess preprocess { huntgroups = "/etc/freeradius/huntgroups" hints = "/etc/freeradius/hints" with_ascend_hack = no ascend_channels_per_line = 23 with_ntdomain_hack = no with_specialix_jetstream_hack = no with_cisco_vsa_hack = no with_alvarion_vsa_hack = no } reading pairlist file /etc/freeradius/huntgroups reading pairlist file /etc/freeradius/hints Module: Linked to module rlm_realm Module: Instantiating module "suffix" from file /etc/freeradius/modules/realm realm suffix { format = "suffix" delimiter = "@" ignore_default = no ignore_null = no } Module: Linked to module rlm_files Module: Instantiating module "files" from file /etc/freeradius/modules/files files { usersfile = "/etc/freeradius/users" acctusersfile = "/etc/freeradius/acct_users" preproxy_usersfile = "/etc/freeradius/preproxy_users" compat = "no" } reading pairlist file /etc/freeradius/users reading pairlist file /etc/freeradius/acct_users reading pairlist file /etc/freeradius/preproxy_users Module: Linked to module rlm_sql Module: Instantiating module "sql" from file /etc/freeradius/sql.conf sql { driver = "rlm_sql_mysql" server = "localhost" port = "" login = "radiususer" password = "radius_password" radius_db = "radiusdb" read_groups = yes sqltrace = no sqltracefile = "/var/log/freeradius/sqltrace.sql" readclients = yes deletestalesessions = yes num_sql_socks = 5 lifetime = 0 max_queries = 0 sql_user_name = "%{User-Name}" default_user_profile = "" nas_query = "SELECT id, nasname, shortname, type, secret, server FROM nas" authorize_check_query = "SELECT id, username, attribute, value, op FROM radcheck WHERE username = '%{SQL-User-Name}' ORDER BY id" authorize_reply_query = "SELECT id, username, attribute, value, op FROM radreply WHERE username = '%{SQL-User-Name}' ORDER BY id" authorize_group_check_query = "SELECT id, groupname, attribute, Value, op FROM radgroupcheck WHERE groupname = '%{Sql-Group}' ORDER BY id" authorize_group_reply_query = "SELECT id, groupname, attribute, value, op FROM radgroupreply WHERE groupname = '%{Sql-Group}' ORDER BY id" accounting_onoff_query = " UPDATE radacct SET acctstoptime = '%S', acctsessiontime = unix_timestamp('%S') - unix_timestamp(acctstarttime), acctterminatecause = '%{Acct-Terminate-Cause}', acctstopdelay = %{%{Acct-Delay-Time}:-0} WHERE acctstoptime IS NULL AND nasipaddress = '%{NAS-IP-Address}' AND acctstarttime <= '%S'" accounting_update_query = " UPDATE radacct SET framedipaddress = '%{Framed-IP-Address}', acctsessiontime = '%{Acct-Session-Time}', acctinputoctets = '%{%{Acct-Input-Gigawords}:-0}' << 32 | '%{%{Acct-Input-Octets}:-0}', acctoutputoctets = '%{%{Acct-Output-Gigawords}:-0}' << 32 | '%{%{Acct-Output-Octets}:-0}' WHERE acctsessionid = '%{Acct-Session-Id}' AND username = '%{SQL-User-Name}' AND nasipaddress = '%{NAS-IP-Address}'" accounting_update_query_alt = " INSERT INTO radacct (acctsessionid, acctuniqueid, username, realm, nasipaddress, nasportid, nasporttype, acctstarttime, acctsessiontime, acctauthentic, connectinfo_start, acctinputoctets, acctoutputoctets, calledstationid, callingstationid, servicetype, framedprotocol, framedipaddress, acctstartdelay, xascendsessionsvrkey) VALUES ('%{Acct-Session-Id}', '%{Acct-Unique-Session-Id}', '%{SQL-User-Name}', '%{Realm}', '%{NAS-IP-Address}', '%{NAS-Port}', '%{NAS-Port-Type}', DATE_SUB('%S', INTERVAL (%{%{Acct-Session-Time}:-0} + %{%{Acct-Delay-Time}:-0}) SECOND), '%{Acct-Session-Time}', '%{Acct-Authentic}', '', '%{%{Acct-Input-Gigawords}:-0}' << 32 | '%{%{Acct-Input-Octets}:-0}', '%{%{Acct-Output-Gigawords}:-0}' << 32 | '%{%{Acct-Output-Octets}:-0}', '%{Called-Station-Id}', '%{Calling-Station-Id}', '%{Service-Type}', '%{Framed-Protocol}', '%{Framed-IP-Address}', '0', '%{X-Ascend-Session-Svr-Key}')" accounting_start_query = " INSERT INTO radacct (acctsessionid, acctuniqueid, username, realm, nasipaddress, nasportid, nasporttype, acctstarttime, acctstoptime, acctsessiontime, acctauthentic, connectinfo_start, connectinfo_stop, acctinputoctets, acctoutputoctets, calledstationid, callingstationid, acctterminatecause, servicetype, framedprotocol, framedipaddress, acctstartdelay, acctstopdelay, xascendsessionsvrkey) VALUES ('%{Acct-Session-Id}', '%{Acct-Unique-Session-Id}', '%{SQL-User-Name}', '%{Realm}', '%{NAS-IP-Address}', '%{NAS-Port}', '%{NAS-Port-Type}', '%S', NULL, '0', '%{Acct-Authentic}', '%{Connect-Info}', '', '0', '0', '%{Called-Station-Id}', '%{Calling-Station-Id}', '', '%{Service-Type}', '%{Framed-Protocol}', '%{Framed-IP-Address}', '%{%{Acct-Delay-Time}:-0}', '0', '%{X-Ascend-Session-Svr-Key}')" accounting_start_query_alt = " UPDATE radacct SET acctstarttime = '%S', acctstartdelay = '%{%{Acct-Delay-Time}:-0}', connectinfo_start = '%{Connect-Info}' WHERE acctsessionid = '%{Acct-Session-Id}' AND username = '%{SQL-User-Name}' AND nasipaddress = '%{NAS-IP-Address}'" accounting_stop_query = " UPDATE radacct SET acctstoptime = '%S', acctsessiontime = '%{Acct-Session-Time}', acctinputoctets = '%{%{Acct-Input-Gigawords}:-0}' << 32 | '%{%{Acct-Input-Octets}:-0}', acctoutputoctets = '%{%{Acct-Output-Gigawords}:-0}' << 32 | '%{%{Acct-Output-Octets}:-0}', acctterminatecause = '%{Acct-Terminate-Cause}', acctstopdelay = '%{%{Acct-Delay-Time}:-0}', connectinfo_stop = '%{Connect-Info}' WHERE acctsessionid = '%{Acct-Session-Id}' AND username = '%{SQL-User-Name}' AND nasipaddress = '%{NAS-IP-Address}'" accounting_stop_query_alt = " INSERT INTO radacct (acctsessionid, acctuniqueid, username, realm, nasipaddress, nasportid, nasporttype, acctstarttime, acctstoptime, acctsessiontime, acctauthentic, connectinfo_start, connectinfo_stop, acctinputoctets, acctoutputoctets, calledstationid, callingstationid, acctterminatecause, servicetype, framedprotocol, framedipaddress, acctstartdelay, acctstopdelay) VALUES ('%{Acct-Session-Id}', '%{Acct-Unique-Session-Id}', '%{SQL-User-Name}', '%{Realm}', '%{NAS-IP-Address}', '%{NAS-Port}', '%{NAS-Port-Type}', DATE_SUB('%S', INTERVAL (%{%{Acct-Session-Time}:-0} + %{%{Acct-Delay-Time}:-0}) SECOND), '%S', '%{Acct-Session-Time}', '%{Acct-Authentic}', '', '%{Connect-Info}', '%{%{Acct-Input-Gigawords}:-0}' << 32 | '%{%{Acct-Input-Octets}:-0}', '%{%{Acct-Output-Gigawords}:-0}' << 32 | '%{%{Acct-Output-Octets}:-0}', '%{Called-Station-Id}', '%{Calling-Station-Id}', '%{Acct-Terminate-Cause}', '%{Service-Type}', '%{Framed-Protocol}', '%{Framed-IP-Address}', '0', '%{%{Acct-Delay-Time}:-0}')" group_membership_query = "SELECT groupname FROM radusergroup WHERE username = '%{SQL-User-Name}' ORDER BY priority" connect_failure_retry_delay = 60 simul_count_query = "" simul_verify_query = "SELECT radacctid, acctsessionid, username, nasipaddress, nasportid, framedipaddress, callingstationid, framedprotocol FROM radacct WHERE username = '%{SQL-User-Name}' AND acctstoptime IS NULL" postauth_query = "INSERT INTO radpostauth (username, pass, reply, authdate) VALUES ( '%{User-Name}', '%{%{User-Password}:-%{Chap-Password}}', '%{reply:Packet-Type}', '%S')" safe-characters = "@abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789.-_: /" } rlm_sql (sql): Driver rlm_sql_mysql (module rlm_sql_mysql) loaded and linked rlm_sql (sql): Attempting to connect to radiususer@localhost:/radiusdb rlm_sql (sql): starting 0 rlm_sql (sql): Attempting to connect rlm_sql_mysql #0 rlm_sql_mysql: Starting connect to MySQL server for #0 rlm_sql (sql): Connected new DB handle, #0 rlm_sql (sql): starting 1 rlm_sql (sql): Attempting to connect rlm_sql_mysql #1 rlm_sql_mysql: Starting connect to MySQL server for #1 rlm_sql (sql): Connected new DB handle, #1 rlm_sql (sql): starting 2 rlm_sql (sql): Attempting to connect rlm_sql_mysql #2 rlm_sql_mysql: Starting connect to MySQL server for #2 rlm_sql (sql): Connected new DB handle, #2 rlm_sql (sql): starting 3 rlm_sql (sql): Attempting to connect rlm_sql_mysql #3 rlm_sql_mysql: Starting connect to MySQL server for #3 rlm_sql (sql): Connected new DB handle, #3 rlm_sql (sql): starting 4 rlm_sql (sql): Attempting to connect rlm_sql_mysql #4 rlm_sql_mysql: Starting connect to MySQL server for #4 rlm_sql (sql): Connected new DB handle, #4 rlm_sql (sql): Processing generate_sql_clients rlm_sql (sql) in generate_sql_clients: query is SELECT id, nasname, shortname, type, secret, server FROM nas rlm_sql (sql): Reserving sql socket id: 4 rlm_sql (sql): Read entry nasname=10.0.0.101,shortname=ThanWiFi-0-1,secret=than18341220 rlm_sql (sql): Adding client 10.0.0.101 (ThanWiFi-0-1, server=) to clients list rlm_sql (sql): Read entry nasname=10.0.0.102,shortname=ThanWiFi-0-2,secret=than18341220 rlm_sql (sql): Adding client 10.0.0.102 (ThanWiFi-0-2, server=) to clients list rlm_sql (sql): Read entry nasname=10.0.0.103,shortname=ThanWiFi-0-3,secret=than18341220 rlm_sql (sql): Adding client 10.0.0.103 (ThanWiFi-0-3, server=) to clients list rlm_sql (sql): Read entry nasname=10.0.0.104,shortname=ThanWiFi-0-4,secret=than18341220 rlm_sql (sql): Adding client 10.0.0.104 (ThanWiFi-0-4, server=) to clients list rlm_sql (sql): Read entry nasname=10.0.0.111,shortname=ThanWiFi-1-1,secret=than18341220 rlm_sql (sql): Adding client 10.0.0.111 (ThanWiFi-1-1, server=) to clients list rlm_sql (sql): Read entry nasname=10.0.0.112,shortname=ThanWiFi-1-2,secret=than18341220 rlm_sql (sql): Adding client 10.0.0.112 (ThanWiFi-1-2, server=) to clients list rlm_sql (sql): Read entry nasname=10.0.0.113,shortname=ThanWiFi-1-3,secret=than18341220 rlm_sql (sql): Adding client 10.0.0.113 (ThanWiFi-1-3, server=) to clients list rlm_sql (sql): Read entry nasname=10.0.0.121,shortname=ThanWiFi-2-1,secret=than18341220 rlm_sql (sql): Adding client 10.0.0.121 (ThanWiFi-2-1, server=) to clients list rlm_sql (sql): Read entry nasname=10.0.0.122,shortname=ThanWiFi-2-2,secret=than18341220 rlm_sql (sql): Adding client 10.0.0.122 (ThanWiFi-2-2, server=) to clients list rlm_sql (sql): Read entry nasname=10.0.0.123,shortname=ThanWiFi-2-3,secret=than18341220 rlm_sql (sql): Adding client 10.0.0.123 (ThanWiFi-2-3, server=) to clients list rlm_sql (sql): Read entry nasname=10.0.0.131,shortname=ThanWiFi-3-1,secret=than18341220 rlm_sql (sql): Adding client 10.0.0.131 (ThanWiFi-3-1, server=) to clients list rlm_sql (sql): Read entry nasname=10.0.0.132,shortname=ThanWiFi-3-2,secret=than18341220 rlm_sql (sql): Adding client 10.0.0.132 (ThanWiFi-3-2, server=) to clients list rlm_sql (sql): Read entry nasname=10.0.0.133,shortname=ThanWiFi-3-3,secret=than18341220 rlm_sql (sql): Adding client 10.0.0.133 (ThanWiFi-3-3, server=) to clients list rlm_sql (sql): Read entry nasname=10.0.0.141,shortname=ThanWiFi-4-1,secret=than18341220 rlm_sql (sql): Adding client 10.0.0.141 (ThanWiFi-4-1, server=) to clients list rlm_sql (sql): Read entry nasname=10.0.0.142,shortname=ThanWiFi-4-2,secret=than18341220 rlm_sql (sql): Adding client 10.0.0.142 (ThanWiFi-4-2, server=) to clients list rlm_sql (sql): Read entry nasname=10.0.0.143,shortname=ThanWiFi-4-3,secret=than18341220 rlm_sql (sql): Adding client 10.0.0.143 (ThanWiFi-4-3, server=) to clients list rlm_sql (sql): Read entry nasname=10.0.0.105,shortname=ThanWiFi-0-5,secret=than18341220 rlm_sql (sql): Adding client 10.0.0.105 (ThanWiFi-0-5, server=) to clients list rlm_sql (sql): Read entry nasname=10.0.0.124,shortname=ThanWiFi-2-4,secret=than18341220 rlm_sql (sql): Adding client 10.0.0.124 (ThanWiFi-2-4, server=) to clients list rlm_sql (sql): Released sql socket id: 4 Module: Linked to module rlm_sqlcounter Module: Instantiating module "dailycounter" from file /etc/freeradius/sql/mysql/counter.conf sqlcounter dailycounter { counter-name = "Daily-Session-Time" check-name = "Max-Daily-Session" reply-name = "Session-Timeout" key = "User-Name" sqlmod-inst = "sql" query = "SELECT IFNULL(SUM(acctsessiontime - GREATEST((%b - UNIX_TIMESTAMP(acctstarttime)), 0)),0) FROM radacct WHERE username = '%{%k}' AND UNIX_TIMESTAMP(acctstarttime) + acctsessiontime > '%b'" reset = "daily" safe-characters = "@abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789.-_: /" } rlm_sqlcounter: Check attribute Max-Daily-Session is number 11274 rlm_sqlcounter: Current Time: 1457366787 [2016-03-07 17:06:27], Next reset 1457391600 [2016-03-08 00:00:00] rlm_sqlcounter: Current Time: 1457366787 [2016-03-07 17:06:27], Prev reset 1457305200 [2016-03-07 00:00:00] Module: Instantiating module "monthlycounter" from file /etc/freeradius/sql/mysql/counter.conf sqlcounter monthlycounter { counter-name = "Monthly-Session-Time" check-name = "Max-Monthly-Session" reply-name = "Session-Timeout" key = "User-Name" sqlmod-inst = "sql" query = "SELECT IFNULL(SUM(acctsessiontime - GREATEST((%b - UNIX_TIMESTAMP(acctstarttime)), 0)),0) FROM radacct WHERE username='%{%k}' AND UNIX_TIMESTAMP(acctstarttime) + acctsessiontime > '%b'" reset = "monthly" safe-characters = "@abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789.-_: /" } rlm_sqlcounter: Check attribute Max-Monthly-Session is number 11276 rlm_sqlcounter: Current Time: 1457366787 [2016-03-07 17:06:27], Next reset 1459465200 [2016-04-01 01:00:00] rlm_sqlcounter: Current Time: 1457366787 [2016-03-07 17:06:27], Prev reset 1456786800 [2016-03-01 00:00:00] Module: Instantiating module "weeklycounter" from file /etc/freeradius/sql/mysql/counter.conf sqlcounter weeklycounter { counter-name = "Weekly-Session-Time" check-name = "Max-Weekly-Session" reply-name = "Session-Timeout" key = "User-Name" sqlmod-inst = "sql" query = "SELECT IFNULL(SUM(AcctSessionTime),0) FROM radacct WHERE UserName='%{%k}'" reset = "weekly" safe-characters = "@abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789.-_: /" } rlm_sqlcounter: Check attribute Max-Weekly-Session is number 11278 rlm_sqlcounter: Current Time: 1457366787 [2016-03-07 17:06:27], Next reset 1457823600 [2016-03-13 00:00:00] rlm_sqlcounter: Current Time: 1457366787 [2016-03-07 17:06:27], Prev reset 1456786800 [2016-03-01 00:00:00] Module: Instantiating module "quaterlycounter" from file /etc/freeradius/sql/mysql/counter.conf sqlcounter quaterlycounter { counter-name = "Quaterly-Session-Time" check-name = "Max-Quaterly-Session" reply-name = "Session-Timeout" key = "User-Name" sqlmod-inst = "sql" query = "SELECT IFNULL(SUM(AcctSessionTime),0) FROM radacct WHERE UserName='%{%k}'" reset = "3m" safe-characters = "@abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789.-_: /" } rlm_sqlcounter: Check attribute Max-Quaterly-Session is number 11280 rlm_sqlcounter: num=3, last=m rlm_sqlcounter: Current Time: 1457366787 [2016-03-07 17:06:27], Next reset 1464735600 [2016-06-01 01:00:00] rlm_sqlcounter: num=3, last=m rlm_sqlcounter: Current Time: 1457366787 [2016-03-07 17:06:27], Prev reset 1451602800 [2016-01-01 00:00:00] Module: Instantiating module "yearlycounter" from file /etc/freeradius/sql/mysql/counter.conf sqlcounter yearlycounter { counter-name = "Yearly-Session-Time" check-name = "Max-Yearly-Session" reply-name = "Session-Timeout" key = "User-Name" sqlmod-inst = "sql" query = "SELECT IFNULL(SUM(AcctSessionTime),0) FROM radacct WHERE UserName='%{%k}'" reset = "12m" safe-characters = "@abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789.-_: /" } rlm_sqlcounter: Check attribute Max-Yearly-Session is number 11282 rlm_sqlcounter: num=12, last=m rlm_sqlcounter: Current Time: 1457366787 [2016-03-07 17:06:27], Next reset 1488322800 [2017-03-01 00:00:00] rlm_sqlcounter: num=12, last=m rlm_sqlcounter: Current Time: 1457366787 [2016-03-07 17:06:27], Prev reset 1427842800 [2015-04-01 01:00:00] Module: Instantiating module "noresetcounter" from file /etc/freeradius/sql/mysql/counter.conf sqlcounter noresetcounter { counter-name = "Max-All-Session-Time" check-name = "Max-All-Session" reply-name = "Session-Timeout" key = "User-Name" sqlmod-inst = "sql" query = "SELECT IFNULL(SUM(AcctSessionTime),0) FROM radacct WHERE UserName='%{%k}'" reset = "never" safe-characters = "@abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789.-_: /" } rlm_sqlcounter: Check attribute Max-All-Session is number 11284 rlm_sqlcounter: Current Time: 1457366787 [2016-03-07 17:06:27], Next reset 0 [2016-03-07 17:00:00] rlm_sqlcounter: Current Time: 1457366787 [2016-03-07 17:06:27], Prev reset 0 [2016-03-07 17:00:00] Module: Instantiating module "accessperiod" from file /etc/freeradius/sql/mysql/counter.conf sqlcounter accessperiod { counter-name = "Max-Access-Period-Never" check-name = "Access-Period" reply-name = "Session-Timeout" key = "User-Name" sqlmod-inst = "sql" query = "SELECT IF(COUNT(radacctid>=1),(UNIX_TIMESTAMP() - IFNULL(UNIX_TIMESTAMP(AcctStartTime),0)),0) FROM radacct WHERE UserName = '%{%k}' AND AcctSessionTime >= 1 ORDER BY AcctStartTime LIMIT 1" reset = "never" safe-characters = "@abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789.-_: /" } rlm_sqlcounter: Check attribute Access-Period is number 11286 rlm_sqlcounter: Current Time: 1457366787 [2016-03-07 17:06:27], Next reset 0 [2016-03-07 17:00:00] rlm_sqlcounter: Current Time: 1457366787 [2016-03-07 17:06:27], Prev reset 0 [2016-03-07 17:00:00] Module: Instantiating module "counterChilliSpotMaxTotalOctetsDaily" from file /etc/freeradius/sql/mysql/counter.conf sqlcounter counterChilliSpotMaxTotalOctetsDaily { counter-name = "ChilliSpot-Max-Total-Octets-Daily" check-name = "CS-Total-Octets-Daily" reply-name = "ChilliSpot-Max-Total-Octets" key = "User-Name" sqlmod-inst = "sql" query = "SELECT IFNULL((SUM(AcctInputOctets + AcctOutputOctets)),0) FROM radacct WHERE UserName='%{%k}' AND UNIX_TIMESTAMP(AcctStartTime) + AcctSessionTime > '%b'" reset = "daily" safe-characters = "@abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789.-_: /" } rlm_sqlcounter: Check attribute CS-Total-Octets-Daily is number 11288 rlm_sqlcounter: Current Time: 1457366787 [2016-03-07 17:06:27], Next reset 1457391600 [2016-03-08 00:00:00] rlm_sqlcounter: Current Time: 1457366787 [2016-03-07 17:06:27], Prev reset 1457305200 [2016-03-07 00:00:00] Module: Instantiating module "counterChilliSpotMaxTotalOctetsWeekly" from file /etc/freeradius/sql/mysql/counter.conf sqlcounter counterChilliSpotMaxTotalOctetsWeekly { counter-name = "ChilliSpot-Max-Total-Octets-Weekly" check-name = "CS-Total-Octets-Weekly" reply-name = "ChilliSpot-Max-Total-Octets" key = "User-Name" sqlmod-inst = "sql" query = "SELECT IFNULL((SUM(AcctInputOctets + AcctOutputOctets)),0) FROM radacct WHERE UserName='%{%k}' AND UNIX_TIMESTAMP(AcctStartTime) + AcctSessionTime > '%b'" reset = "weekly" safe-characters = "@abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789.-_: /" } rlm_sqlcounter: Check attribute CS-Total-Octets-Weekly is number 11290 rlm_sqlcounter: Current Time: 1457366787 [2016-03-07 17:06:27], Next reset 1457823600 [2016-03-13 00:00:00] rlm_sqlcounter: Current Time: 1457366787 [2016-03-07 17:06:27], Prev reset 1456786800 [2016-03-01 00:00:00] Module: Instantiating module "counterChilliSpotMaxTotalOctetsMonthly" from file /etc/freeradius/sql/mysql/counter.conf sqlcounter counterChilliSpotMaxTotalOctetsMonthly { counter-name = "ChilliSpot-Max-Total-Octets-Monthly" check-name = "CS-Total-Octets-Monthly" reply-name = "ChilliSpot-Max-Total-Octets" key = "User-Name" sqlmod-inst = "sql" query = "SELECT IFNULL((SUM(AcctInputOctets + AcctOutputOctets)),0)FROM radacct WHERE UserName='%{%k}' AND UNIX_TIMESTAMP(AcctStartTime) + AcctSessionTime > '%b'" reset = "monthly" safe-characters = "@abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789.-_: /" } rlm_sqlcounter: Check attribute CS-Total-Octets-Monthly is number 11292 rlm_sqlcounter: Current Time: 1457366787 [2016-03-07 17:06:27], Next reset 1459465200 [2016-04-01 01:00:00] rlm_sqlcounter: Current Time: 1457366787 [2016-03-07 17:06:27], Prev reset 1456786800 [2016-03-01 00:00:00] Module: Instantiating module "counterChilliSpotMaxTotalOctetsQuarterly" from file /etc/freeradius/sql/mysql/counter.conf sqlcounter counterChilliSpotMaxTotalOctetsQuarterly { counter-name = "ChilliSpot-Max-Total-Octets-Quarterly" check-name = "CS-Total-Octets-Quarterly" reply-name = "ChilliSpot-Max-Total-Octets" key = "User-Name" sqlmod-inst = "sql" query = "SELECT IFNULL((SUM(AcctInputOctets + AcctOutputOctets)),0) FROM radacct WHERE UserName='%{%k}' AND UNIX_TIMESTAMP(AcctStartTime) + AcctSessionTime > '%b'" reset = "3m" safe-characters = "@abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789.-_: /" } rlm_sqlcounter: Check attribute CS-Total-Octets-Quarterly is number 11294 rlm_sqlcounter: num=3, last=m rlm_sqlcounter: Current Time: 1457366787 [2016-03-07 17:06:27], Next reset 1464735600 [2016-06-01 01:00:00] rlm_sqlcounter: num=3, last=m rlm_sqlcounter: Current Time: 1457366787 [2016-03-07 17:06:27], Prev reset 1451602800 [2016-01-01 00:00:00] Module: Instantiating module "counterChilliSpotMaxTotalOctetsYearly" from file /etc/freeradius/sql/mysql/counter.conf sqlcounter counterChilliSpotMaxTotalOctetsYearly { counter-name = "ChilliSpot-Max-Total-Octets-Yearly" check-name = "CS-Total-Octets-Yearly" reply-name = "ChilliSpot-Max-Total-Octets" key = "User-Name" sqlmod-inst = "sql" query = "SELECT IFNULL((SUM(AcctInputOctets + AcctOutputOctets)),0) FROM radacct WHERE UserName='%{%k}' AND UNIX_TIMESTAMP(AcctStartTime) + AcctSessionTime > '%b'" reset = "12m" safe-characters = "@abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789.-_: /" } rlm_sqlcounter: Check attribute CS-Total-Octets-Yearly is number 11296 rlm_sqlcounter: num=12, last=m rlm_sqlcounter: Current Time: 1457366787 [2016-03-07 17:06:27], Next reset 1488322800 [2017-03-01 00:00:00] rlm_sqlcounter: num=12, last=m rlm_sqlcounter: Current Time: 1457366787 [2016-03-07 17:06:27], Prev reset 1427842800 [2015-04-01 01:00:00] Module: Instantiating module "counterChilliSpotMaxTotalOctetsAll" from file /etc/freeradius/sql/mysql/counter.conf sqlcounter counterChilliSpotMaxTotalOctetsAll { counter-name = "ChilliSpot-Max-Total-Octets" check-name = "CS-Total-Octets" reply-name = "ChilliSpot-Max-Total-Octets" key = "User-Name" sqlmod-inst = "sql" query = "SELECT IFNULL((SUM(AcctInputOctets + AcctOutputOctets)),0) FROM radacct WHERE UserName='%{%k}' AND UNIX_TIMESTAMP(AcctStartTime) + AcctSessionTime > '%b'" reset = "never" safe-characters = "@abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789.-_: /" } rlm_sqlcounter: Check attribute CS-Total-Octets is number 11297 rlm_sqlcounter: Current Time: 1457366787 [2016-03-07 17:06:27], Next reset 0 [2016-03-07 17:00:00] rlm_sqlcounter: Current Time: 1457366787 [2016-03-07 17:06:27], Prev reset 0 [2016-03-07 17:00:00] Module: Instantiating module "counterChilliSpotMaxInputOctetsDaily" from file /etc/freeradius/sql/mysql/counter.conf sqlcounter counterChilliSpotMaxInputOctetsDaily { counter-name = "ChilliSpot-Max-Input-Octets-Daily" check-name = "CS-Input-Octets-Daily" reply-name = "ChilliSpot-Max-Input-Octets" key = "User-Name" sqlmod-inst = "sql" query = "SELECT IFNULL(SUM(AcctInputOctets),0) FROM radacct WHERE UserName='%{%k}' AND UNIX_TIMESTAMP(AcctStartTime) + AcctSessionTime > '%b'" reset = "daily" safe-characters = "@abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789.-_: /" } rlm_sqlcounter: Check attribute CS-Input-Octets-Daily is number 11299 rlm_sqlcounter: Current Time: 1457366787 [2016-03-07 17:06:27], Next reset 1457391600 [2016-03-08 00:00:00] rlm_sqlcounter: Current Time: 1457366787 [2016-03-07 17:06:27], Prev reset 1457305200 [2016-03-07 00:00:00] Module: Instantiating module "counterChilliSpotMaxInputOctetsWeekly" from file /etc/freeradius/sql/mysql/counter.conf sqlcounter counterChilliSpotMaxInputOctetsWeekly { counter-name = "ChilliSpot-Max-Input-Octets-Weekly" check-name = "CS-Input-Octets-Weekly" reply-name = "ChilliSpot-Max-Input-Octets" key = "User-Name" sqlmod-inst = "sql" query = "SELECT IFNULL(SUM(AcctInputOctets),0) FROM radacct WHERE UserName='%{%k}' AND UNIX_TIMESTAMP(AcctStartTime) + AcctSessionTime > '%b'" reset = "weekly" safe-characters = "@abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789.-_: /" } rlm_sqlcounter: Check attribute CS-Input-Octets-Weekly is number 11301 rlm_sqlcounter: Current Time: 1457366787 [2016-03-07 17:06:27], Next reset 1457823600 [2016-03-13 00:00:00] rlm_sqlcounter: Current Time: 1457366787 [2016-03-07 17:06:27], Prev reset 1456786800 [2016-03-01 00:00:00] Module: Instantiating module "counterChilliSpotMaxInputOctetsMonthly" from file /etc/freeradius/sql/mysql/counter.conf sqlcounter counterChilliSpotMaxInputOctetsMonthly { counter-name = "ChilliSpot-Max-Input-Octets-Monthly" check-name = "CS-Input-Octets-Monthly" reply-name = "ChilliSpot-Max-Input-Octets" key = "User-Name" sqlmod-inst = "sql" query = "SELECT IFNULL(SUM(AcctInputOctets),0) FROM radacct WHERE UserName='%{%k}' AND UNIX_TIMESTAMP(AcctStartTime) + AcctSessionTime > '%b'" reset = "monthly" safe-characters = "@abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789.-_: /" } rlm_sqlcounter: Check attribute CS-Input-Octets-Monthly is number 11303 rlm_sqlcounter: Current Time: 1457366787 [2016-03-07 17:06:27], Next reset 1459465200 [2016-04-01 01:00:00] rlm_sqlcounter: Current Time: 1457366787 [2016-03-07 17:06:27], Prev reset 1456786800 [2016-03-01 00:00:00] Module: Instantiating module "counterChilliSpotMaxInputOctetsQuarterly" from file /etc/freeradius/sql/mysql/counter.conf sqlcounter counterChilliSpotMaxInputOctetsQuarterly { counter-name = "ChilliSpot-Max-Input-Octets-Quarterly" check-name = "CS-Input-Octets-Quarterly" reply-name = "ChilliSpot-Max-Input-Octets" key = "User-Name" sqlmod-inst = "sql" query = "SELECT IFNULL(SUM(AcctInputOctets),0) FROM radacct WHERE UserName='%{%k}' AND UNIX_TIMESTAMP(AcctStartTime) + AcctSessionTime > '%b'" reset = "3m" safe-characters = "@abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789.-_: /" } rlm_sqlcounter: Check attribute CS-Input-Octets-Quarterly is number 11305 rlm_sqlcounter: num=3, last=m rlm_sqlcounter: Current Time: 1457366787 [2016-03-07 17:06:27], Next reset 1464735600 [2016-06-01 01:00:00] rlm_sqlcounter: num=3, last=m rlm_sqlcounter: Current Time: 1457366787 [2016-03-07 17:06:27], Prev reset 1451602800 [2016-01-01 00:00:00] Module: Instantiating module "counterChilliSpotMaxInputOctetsYearly" from file /etc/freeradius/sql/mysql/counter.conf sqlcounter counterChilliSpotMaxInputOctetsYearly { counter-name = "ChilliSpot-Max-Input-Octets-Yearly" check-name = "CS-Input-Octets-Yearly" reply-name = "ChilliSpot-Max-Input-Octets" key = "User-Name" sqlmod-inst = "sql" query = "SELECT IFNULL(SUM(AcctInputOctets),0) FROM radacct WHERE UserName='%{%k}' AND UNIX_TIMESTAMP(AcctStartTime) + AcctSessionTime > '%b'" reset = "12m" safe-characters = "@abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789.-_: /" } rlm_sqlcounter: Check attribute CS-Input-Octets-Yearly is number 11307 rlm_sqlcounter: num=12, last=m rlm_sqlcounter: Current Time: 1457366787 [2016-03-07 17:06:27], Next reset 1488322800 [2017-03-01 00:00:00] rlm_sqlcounter: num=12, last=m rlm_sqlcounter: Current Time: 1457366787 [2016-03-07 17:06:27], Prev reset 1427842800 [2015-04-01 01:00:00] Module: Instantiating module "counterChilliSpotMaxInputOctetsAll" from file /etc/freeradius/sql/mysql/counter.conf sqlcounter counterChilliSpotMaxInputOctetsAll { counter-name = "ChilliSpot-Max-Input-Octets" check-name = "CS-Input-Octets" reply-name = "ChilliSpot-Max-Input-Octets" key = "User-Name" sqlmod-inst = "sql" query = "SELECT IFNULL(SUM(AcctInputOctets),0) FROM radacct WHERE UserName='%{%k}' AND UNIX_TIMESTAMP(AcctStartTime) + AcctSessionTime > '%b'" reset = "never" safe-characters = "@abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789.-_: /" } rlm_sqlcounter: Check attribute CS-Input-Octets is number 11308 rlm_sqlcounter: Current Time: 1457366787 [2016-03-07 17:06:27], Next reset 0 [2016-03-07 17:00:00] rlm_sqlcounter: Current Time: 1457366787 [2016-03-07 17:06:27], Prev reset 0 [2016-03-07 17:00:00] Module: Instantiating module "counterChilliSpotMaxOutputOctetsDaily" from file /etc/freeradius/sql/mysql/counter.conf sqlcounter counterChilliSpotMaxOutputOctetsDaily { counter-name = "ChilliSpot-Max-Output-Octets-Daily" check-name = "CS-Output-Octets-Daily" reply-name = "ChilliSpot-Max-Output-Octets" key = "User-Name" sqlmod-inst = "sql" query = "SELECT IFNULL(SUM(AcctOutputOctets),0) FROM radacct WHERE UserName='%{%k}' AND UNIX_TIMESTAMP(AcctStartTime) + AcctSessionTime > '%b'" reset = "daily" safe-characters = "@abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789.-_: /" } rlm_sqlcounter: Check attribute CS-Output-Octets-Daily is number 11310 rlm_sqlcounter: Current Time: 1457366787 [2016-03-07 17:06:27], Next reset 1457391600 [2016-03-08 00:00:00] rlm_sqlcounter: Current Time: 1457366787 [2016-03-07 17:06:27], Prev reset 1457305200 [2016-03-07 00:00:00] Module: Instantiating module "counterChilliSpotMaxOutputOctetsWeekly" from file /etc/freeradius/sql/mysql/counter.conf sqlcounter counterChilliSpotMaxOutputOctetsWeekly { counter-name = "ChilliSpot-Max-Output-Octets-Weekly" check-name = "CS-Output-Octets-Weekly" reply-name = "ChilliSpot-Max-Output-Octets" key = "User-Name" sqlmod-inst = "sql" query = "SELECT IFNULL(SUM(AcctOutputOctets),0) FROM radacct WHERE UserName='%{%k}' AND UNIX_TIMESTAMP(AcctStartTime) + AcctSessionTime > '%b'" reset = "weekly" safe-characters = "@abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789.-_: /" } rlm_sqlcounter: Check attribute CS-Output-Octets-Weekly is number 11312 rlm_sqlcounter: Current Time: 1457366787 [2016-03-07 17:06:27], Next reset 1457823600 [2016-03-13 00:00:00] rlm_sqlcounter: Current Time: 1457366787 [2016-03-07 17:06:27], Prev reset 1456786800 [2016-03-01 00:00:00] Module: Instantiating module "counterChilliSpotMaxOutputOctetsMonthly" from file /etc/freeradius/sql/mysql/counter.conf sqlcounter counterChilliSpotMaxOutputOctetsMonthly { counter-name = "ChilliSpot-Max-Output-Octets-Monthly" check-name = "CS-Output-Octets-Monthly" reply-name = "ChilliSpot-Max-Output-Octets" key = "User-Name" sqlmod-inst = "sql" query = "SELECT IFNULL(SUM(AcctOutputOctets),0) FROM radacct WHERE UserName='%{%k}' AND UNIX_TIMESTAMP(AcctStartTime) + AcctSessionTime > '%b'" reset = "monthly" safe-characters = "@abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789.-_: /" } rlm_sqlcounter: Check attribute CS-Output-Octets-Monthly is number 11314 rlm_sqlcounter: Current Time: 1457366787 [2016-03-07 17:06:27], Next reset 1459465200 [2016-04-01 01:00:00] rlm_sqlcounter: Current Time: 1457366787 [2016-03-07 17:06:27], Prev reset 1456786800 [2016-03-01 00:00:00] Module: Instantiating module "counterChilliSpotMaxOutputOctetsQuarterly" from file /etc/freeradius/sql/mysql/counter.conf sqlcounter counterChilliSpotMaxOutputOctetsQuarterly { counter-name = "ChilliSpot-Max-Output-Octets-Quarterly" check-name = "CS-Output-Octets-Quarterly" reply-name = "ChilliSpot-Max-Output-Octets" key = "User-Name" sqlmod-inst = "sql" query = "SELECT IFNULL(SUM(AcctOutputOctets),0) FROM radacct WHERE UserName='%{%k}' AND UNIX_TIMESTAMP(AcctStartTime) + AcctSessionTime > '%b'" reset = "3m" safe-characters = "@abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789.-_: /" } rlm_sqlcounter: Check attribute CS-Output-Octets-Quarterly is number 11316 rlm_sqlcounter: num=3, last=m rlm_sqlcounter: Current Time: 1457366787 [2016-03-07 17:06:27], Next reset 1464735600 [2016-06-01 01:00:00] rlm_sqlcounter: num=3, last=m rlm_sqlcounter: Current Time: 1457366787 [2016-03-07 17:06:27], Prev reset 1451602800 [2016-01-01 00:00:00] Module: Instantiating module "counterChilliSpotMaxOutputOctetsYearly" from file /etc/freeradius/sql/mysql/counter.conf sqlcounter counterChilliSpotMaxOutputOctetsYearly { counter-name = "ChilliSpot-Max-Output-Octets-Yearly" check-name = "CS-Output-Octets-Yearly" reply-name = "ChilliSpot-Max-Output-Octets" key = "User-Name" sqlmod-inst = "sql" query = "SELECT IFNULL(SUM(AcctOutputOctets),0) FROM radacct WHERE UserName='%{%k}' AND UNIX_TIMESTAMP(AcctStartTime) + AcctSessionTime > '%b'" reset = "12m" safe-characters = "@abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789.-_: /" } rlm_sqlcounter: Check attribute CS-Output-Octets-Yearly is number 11318 rlm_sqlcounter: num=12, last=m rlm_sqlcounter: Current Time: 1457366787 [2016-03-07 17:06:27], Next reset 1488322800 [2017-03-01 00:00:00] rlm_sqlcounter: num=12, last=m rlm_sqlcounter: Current Time: 1457366787 [2016-03-07 17:06:27], Prev reset 1427842800 [2015-04-01 01:00:00] Module: Instantiating module "counterChilliSpotMaxOutputOctetsAll" from file /etc/freeradius/sql/mysql/counter.conf sqlcounter counterChilliSpotMaxOutputOctetsAll { counter-name = "ChilliSpot-Max-Output-Octets" check-name = "CS-Output-Octets" reply-name = "ChilliSpot-Max-Output-Octets" key = "User-Name" sqlmod-inst = "sql" query = "SELECT IFNULL(SUM(AcctOutputOctets),0) FROM radacct WHERE UserName='%{%k}' AND UNIX_TIMESTAMP(AcctStartTime) + AcctSessionTime > '%b'" reset = "never" safe-characters = "@abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789.-_: /" } rlm_sqlcounter: Check attribute CS-Output-Octets is number 11319 rlm_sqlcounter: Current Time: 1457366787 [2016-03-07 17:06:27], Next reset 0 [2016-03-07 17:00:00] rlm_sqlcounter: Current Time: 1457366787 [2016-03-07 17:06:27], Prev reset 0 [2016-03-07 17:00:00] Module: Checking preacct {...} for more modules to load Module: Linked to module rlm_acct_unique Module: Instantiating module "acct_unique" from file /etc/freeradius/modules/acct_unique acct_unique { key = "User-Name, Acct-Session-Id, NAS-IP-Address, NAS-Identifier, NAS-Port" } Module: Checking accounting {...} for more modules to load Module: Linked to module rlm_detail Module: Instantiating module "detail" from file /etc/freeradius/modules/detail detail { detailfile = "/var/log/freeradius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/detail-%Y%m%d" header = "%t" detailperm = 384 dirperm = 493 locking = no log_packet_header = no } Module: Linked to module rlm_radutmp Module: Instantiating module "radutmp" from file /etc/freeradius/modules/radutmp radutmp { filename = "/var/log/freeradius/radutmp" username = "%{User-Name}" case_sensitive = yes check_with_nas = yes perm = 384 callerid = yes } Module: Linked to module rlm_attr_filter Module: Instantiating module "attr_filter.accounting_response" from file /etc/freeradius/modules/attr_filter attr_filter attr_filter.accounting_response { attrsfile = "/etc/freeradius/attrs.accounting_response" key = "%{User-Name}" relaxed = no } reading pairlist file /etc/freeradius/attrs.accounting_response Module: Checking session {...} for more modules to load Module: Checking post-proxy {...} for more modules to load Module: Checking post-auth {...} for more modules to load Module: Instantiating module "attr_filter.access_reject" from file /etc/freeradius/modules/attr_filter attr_filter attr_filter.access_reject { attrsfile = "/etc/freeradius/attrs.access_reject" key = "%{User-Name}" relaxed = no } reading pairlist file /etc/freeradius/attrs.access_reject } # modules } # server server inner-tunnel { # from file /etc/freeradius/sites-enabled/inner-tunnel modules { Module: Checking authenticate {...} for more modules to load Module: Checking authorize {...} for more modules to load Module: Checking session {...} for more modules to load Module: Checking post-proxy {...} for more modules to load Module: Checking post-auth {...} for more modules to load } # modules } # server radiusd: #### Opening IP addresses and Ports #### listen { type = "auth" ipaddr = * port = 0 } listen { type = "acct" ipaddr = * port = 0 } listen { type = "auth" ipaddr = 127.0.0.1 port = 18120 } ... adding new socket proxy address * port 36639 Listening on authentication address * port 1812 Listening on accounting address * port 1813 Listening on authentication address 127.0.0.1 port 18120 as server inner-tunnel Listening on proxy address * port 1814 Ready to process requests. rad_recv: Access-Request packet from host 10.0.0.132 port 40298, id=35, length=179 User-Name = "damuk" NAS-Identifier = "ThanWiFi-3-2" Called-Station-Id = "E8-DE-27-96-BC-BD:ThanWiFi" NAS-Port-Type = Wireless-802.11 NAS-Port = 1 Calling-Station-Id = "64-B3-10-8D-97-D0" Connect-Info = "CONNECT 54Mbps 802.11g" Acct-Session-Id = "56D94114-0000018C" Framed-MTU = 1400 EAP-Message = 0x02a9000a0164616d756b Message-Authenticator = 0x98fe29a8cb48ced6f8f5f8ae90a366c7 # Executing section authorize from file /etc/freeradius/sites-enabled/default +group authorize { ++[preprocess] = ok ++[chap] = noop ++[mschap] = noop [suffix] No '@' in User-Name = "damuk", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] = noop [eap] EAP packet type response id 169 length 10 [eap] No EAP Start, assuming it's an on-going EAP conversation ++[eap] = updated ++[unix] = notfound ++[files] = noop [sql] expand: %{User-Name} -> damuk [sql] sql_set_user escaped user --> 'damuk' rlm_sql (sql): Reserving sql socket id: 3 [sql] expand: SELECT id, username, attribute, value, op FROM radcheck WHERE username = '%{SQL-User-Name}' ORDER BY id -> SELECT id, username, attribute, value, op FROM radcheck WHERE username = 'damuk' ORDER BY id [sql] User found in radcheck table [sql] expand: SELECT id, username, attribute, value, op FROM radreply WHERE username = '%{SQL-User-Name}' ORDER BY id -> SELECT id, username, attribute, value, op FROM radreply WHERE username = 'damuk' ORDER BY id [sql] expand: SELECT groupname FROM radusergroup WHERE username = '%{SQL-User-Name}' ORDER BY priority -> SELECT groupname FROM radusergroup WHERE username = 'damuk' ORDER BY priority [sql] expand: SELECT id, groupname, attribute, Value, op FROM radgroupcheck WHERE groupname = '%{Sql-Group}' ORDER BY id -> SELECT id, groupname, attribute, Value, op FROM radgroupcheck WHERE groupname = 'Dolgozo' ORDER BY id [sql] User found in group Dolgozo [sql] expand: SELECT id, groupname, attribute, value, op FROM radgroupreply WHERE groupname = '%{Sql-Group}' ORDER BY id -> SELECT id, groupname, attribute, value, op FROM radgroupreply WHERE groupname = 'Dolgozo' ORDER BY id rlm_sql (sql): Released sql socket id: 3 ++[sql] = ok rlm_sqlcounter: Entering module authorize code rlm_sqlcounter: Could not find Check item value pair ++[dailycounter] = noop rlm_sqlcounter: Entering module authorize code rlm_sqlcounter: Could not find Check item value pair ++[monthlycounter] = noop rlm_sqlcounter: Entering module authorize code rlm_sqlcounter: Could not find Check item value pair ++[weeklycounter] = noop rlm_sqlcounter: Entering module authorize code rlm_sqlcounter: Could not find Check item value pair ++[quaterlycounter] = noop rlm_sqlcounter: Entering module authorize code rlm_sqlcounter: Could not find Check item value pair ++[yearlycounter] = noop rlm_sqlcounter: Entering module authorize code rlm_sqlcounter: Could not find Check item value pair ++[noresetcounter] = noop rlm_sqlcounter: Entering module authorize code rlm_sqlcounter: Could not find Check item value pair ++[accessperiod] = noop rlm_sqlcounter: Entering module authorize code rlm_sqlcounter: Could not find Check item value pair ++[counterChilliSpotMaxTotalOctetsDaily] = noop rlm_sqlcounter: Entering module authorize code rlm_sqlcounter: Could not find Check item value pair ++[counterChilliSpotMaxTotalOctetsWeekly] = noop rlm_sqlcounter: Entering module authorize code rlm_sqlcounter: Could not find Check item value pair ++[counterChilliSpotMaxTotalOctetsMonthly] = noop rlm_sqlcounter: Entering module authorize code rlm_sqlcounter: Could not find Check item value pair ++[counterChilliSpotMaxTotalOctetsQuarterly] = noop rlm_sqlcounter: Entering module authorize code rlm_sqlcounter: Could not find Check item value pair ++[counterChilliSpotMaxTotalOctetsYearly] = noop rlm_sqlcounter: Entering module authorize code rlm_sqlcounter: Could not find Check item value pair ++[counterChilliSpotMaxTotalOctetsAll] = noop rlm_sqlcounter: Entering module authorize code rlm_sqlcounter: Could not find Check item value pair ++[counterChilliSpotMaxInputOctetsDaily] = noop rlm_sqlcounter: Entering module authorize code rlm_sqlcounter: Could not find Check item value pair ++[counterChilliSpotMaxInputOctetsWeekly] = noop rlm_sqlcounter: Entering module authorize code rlm_sqlcounter: Could not find Check item value pair ++[counterChilliSpotMaxInputOctetsMonthly] = noop rlm_sqlcounter: Entering module authorize code rlm_sqlcounter: Could not find Check item value pair ++[counterChilliSpotMaxInputOctetsQuarterly] = noop rlm_sqlcounter: Entering module authorize code rlm_sqlcounter: Could not find Check item value pair ++[counterChilliSpotMaxInputOctetsYearly] = noop rlm_sqlcounter: Entering module authorize code rlm_sqlcounter: Could not find Check item value pair ++[counterChilliSpotMaxInputOctetsAll] = noop rlm_sqlcounter: Entering module authorize code rlm_sqlcounter: Could not find Check item value pair ++[counterChilliSpotMaxOutputOctetsDaily] = noop rlm_sqlcounter: Entering module authorize code rlm_sqlcounter: Could not find Check item value pair ++[counterChilliSpotMaxOutputOctetsWeekly] = noop rlm_sqlcounter: Entering module authorize code rlm_sqlcounter: Could not find Check item value pair ++[counterChilliSpotMaxOutputOctetsMonthly] = noop rlm_sqlcounter: Entering module authorize code rlm_sqlcounter: Could not find Check item value pair ++[counterChilliSpotMaxOutputOctetsQuarterly] = noop rlm_sqlcounter: Entering module authorize code rlm_sqlcounter: Could not find Check item value pair ++[counterChilliSpotMaxOutputOctetsYearly] = noop rlm_sqlcounter: Entering module authorize code rlm_sqlcounter: Could not find Check item value pair ++[counterChilliSpotMaxOutputOctetsAll] = noop ++[expiration] = noop ++[logintime] = noop [pap] WARNING: Auth-Type already set. Not setting to PAP ++[pap] = noop +} # group authorize = updated Found Auth-Type = EAP # Executing group from file /etc/freeradius/sites-enabled/default +group authenticate { [eap] EAP Identity [eap] processing type tls [tls] Initiate [tls] Start returned 1 ++[eap] = handled +} # group authenticate = handled Sending Access-Challenge of id 35 to 10.0.0.132 port 40298 Acct-Interim-Interval := 60 Idle-Timeout := 600 EAP-Message = 0x01aa00061920 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x2762460227c85f39e5ae4f7dd194e514 Finished request 0. Going to the next request Waking up in 4.9 seconds. rad_recv: Access-Request packet from host 10.0.0.132 port 40298, id=36, length=387 User-Name = "damuk" NAS-Identifier = "ThanWiFi-3-2" Called-Station-Id = "E8-DE-27-96-BC-BD:ThanWiFi" NAS-Port-Type = Wireless-802.11 NAS-Port = 1 Calling-Station-Id = "64-B3-10-8D-97-D0" Connect-Info = "CONNECT 54Mbps 802.11g" Acct-Session-Id = "56D94114-0000018C" Framed-MTU = 1400 EAP-Message = 0x02aa00c81980000000be16030100b9010000b5030156dda72575af503e775102f8180023fee24fc94f9ddcff275d0b7091aa2040b1000048c014c00a00390038c00fc0050035c012c00800160013c00dc003000ac013c00900330032c00ec004002fc011c007c00cc002000500040015001200090014001100080006000300ff01000044000b000403000102000a00340032000100020003000400050006000700080009000a000b000c000d000e000f001000110012001300140015001600170018001900230000 State = 0x2762460227c85f39e5ae4f7dd194e514 Message-Authenticator = 0x180279bd9a0258c42b008286805f9680 # Executing section authorize from file /etc/freeradius/sites-enabled/default +group authorize { ++[preprocess] = ok ++[chap] = noop ++[mschap] = noop [suffix] No '@' in User-Name = "damuk", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] = noop [eap] EAP packet type response id 170 length 200 [eap] Continuing tunnel setup. ++[eap] = ok +} # group authorize = ok Found Auth-Type = EAP # Executing group from file /etc/freeradius/sites-enabled/default +group authenticate { [eap] Request found, released from the list [eap] EAP/peap [eap] processing type peap [peap] processing EAP-TLS TLS Length 190 [peap] Length Included [peap] eaptls_verify returned 11 [peap] (other): before/accept initialization [peap] TLS_accept: before/accept initialization [peap] <<< TLS 1.0 Handshake [length 00b9], ClientHello [peap] TLS_accept: unknown state [peap] >>> TLS 1.0 Handshake [length 0039], ServerHello [peap] TLS_accept: unknown state [peap] >>> TLS 1.0 Handshake [length 02c4], Certificate [peap] TLS_accept: unknown state [peap] >>> TLS 1.0 Handshake [length 014b], ServerKeyExchange [peap] TLS_accept: unknown state [peap] >>> TLS 1.0 Handshake [length 0004], ServerHelloDone [peap] TLS_accept: unknown state [peap] TLS_accept: unknown state [peap] TLS_accept: Need to read more data: unknown state In SSL Handshake Phase In SSL Accept mode [peap] eaptls_process returned 13 [peap] EAPTLS_HANDLED ++[eap] = handled +} # group authenticate = handled Sending Access-Challenge of id 36 to 10.0.0.132 port 40298 EAP-Message = 0x01ab040019c0000004601603010039020000350301a4bd33aa9e1948a33da628f6f461aacd783726274ec57a24abf85521b7bdcf5500c01400000dff01000100000b00040300010216030102c40b0002c00002bd0002ba308202b63082019ea0030201020209009989ad7dff6b022b300d06092a864886f70d01010b050030133111300f06035504030c085468616e57694669301e170d3136303330353133343331305a170d3236303330333133343331305a30133111300f06035504030c085468616e5769466930820122300d06092a864886f70d01010105000382010f003082010a0282010100ad9d4ac7dc70296afa82ca4a408b3248c2a9fd9f EAP-Message = 0x24e82f792dcbc58c5cc2c51e21d320e0203b631097ec7fbed2ad2f467ec62f07cf3801f9e335b3c1dec9d39471d543232226645c6023b65c26ed7589806628ab8229ded32e07936fb1e1181f5c140194acacd90dd091537413ca60e45a0f20308d1562b6fe7c452b4b4fc0567c6934d74cd40de68b76bb59d39db4e671ef6fd2588b244d2b476e9d06a6943735f49944e0c720b332529eb6bd65b2388f5ec4240926d8d3818bb19fabd04162543fdf521b1434e35966d39dfc4eecf8f5612a78fcd15773b667486e7a760a3a1f6180ea9c7bfb1200670537a1ab7b1bfd36d311a5778bd485276c5f293bab9b0203010001a30d300b30090603551d1304 EAP-Message = 0x023000300d06092a864886f70d01010b050003820101001fa3d9f0bd880af1ad3cfe6e704027f13a874fc4f8be0dc65cdac8f5cbf9f88da5c2bf9edf195cf601d7f71b2237862f3616f7411cc660537a66c18e05e869c55dda84a7691aca8142cab247db8a12028f1cc6d5a67e92d9e64734fff22b1d7b7922872189407053d489c2cb416cffc54ec784c7b79a66f8d713e0e35b82e3713c1b85c9c1fb385a0369ee2ac37be476f25737f905eca7bc6568bec3ffe338aa34f2319b37b59c747cd328f60555ebe51f9d65567bc5f16305cb7a44911d57379eaa85b5254d8616da1cff944ab3f4b9eecd282cdc122719a1031b2613b46c5943362c43bb8c EAP-Message = 0x1c117142310b05b1176ac4922b9e4473ac6966e407489bb55204160301014b0c00014703001741049b15f9b9cc8e9f78dc4ae2d1ed35288cf59c9733790489f4e96269a7a8ae3ace74441c5cf95848602ffecddc8fb49bfd6981284d2719c0c7952addc4bede2f7601003dcf6fd7a3a04266493ee3634b82e333e768714ddf0c0e8858ca0184165a479b69ac203ce26268bf5b7dd8b54e1d75f07ba681050b54af9adb8732e5f4ef74df29c806102addf0473f8ade9c9a3c6fb29a431f015ce00cab2e9017622fb5ea5aef672f7048373ac4ee5c872f49b5932e961a1ee755706b0ca7d9d967ede63b8b15ac44b0a9aad9fb259e43ed4306176766e80c EAP-Message = 0xbddfe52a1da53caf19a46041 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x2762460226c95f39e5ae4f7dd194e514 Finished request 1. Going to the next request Waking up in 4.8 seconds. rad_recv: Access-Request packet from host 10.0.0.132 port 40298, id=37, length=193 User-Name = "damuk" NAS-Identifier = "ThanWiFi-3-2" Called-Station-Id = "E8-DE-27-96-BC-BD:ThanWiFi" NAS-Port-Type = Wireless-802.11 NAS-Port = 1 Calling-Station-Id = "64-B3-10-8D-97-D0" Connect-Info = "CONNECT 54Mbps 802.11g" Acct-Session-Id = "56D94114-0000018C" Framed-MTU = 1400 EAP-Message = 0x02ab00061900 State = 0x2762460226c95f39e5ae4f7dd194e514 Message-Authenticator = 0x023bb3ea59f59370d29368ef6dced2a4 # Executing section authorize from file /etc/freeradius/sites-enabled/default +group authorize { ++[preprocess] = ok ++[chap] = noop ++[mschap] = noop [suffix] No '@' in User-Name = "damuk", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] = noop [eap] EAP packet type response id 171 length 6 [eap] Continuing tunnel setup. ++[eap] = ok +} # group authorize = ok Found Auth-Type = EAP # Executing group from file /etc/freeradius/sites-enabled/default +group authenticate { [eap] Request found, released from the list [eap] EAP/peap [eap] processing type peap [peap] processing EAP-TLS [peap] Received TLS ACK [peap] ACK handshake fragment handler [peap] eaptls_verify returned 1 [peap] eaptls_process returned 13 [peap] EAPTLS_HANDLED ++[eap] = handled +} # group authenticate = handled Sending Access-Challenge of id 37 to 10.0.0.132 port 40298 EAP-Message = 0x01ac00701900db24526def2de4d092d9116998249293352ec7a59d6764931ae2fe0398b5c70bf998db4e753cdf4f9d7231222547d3fa9705d0b20f2905965f39692adbaefd504f98dbfd9cf65c27a4a5efb4ac179fdf3025a1e9294a872b148d47e339a35373cd16030100040e000000 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x2762460225ce5f39e5ae4f7dd194e514 Finished request 2. Going to the next request Waking up in 4.8 seconds. rad_recv: Access-Request packet from host 10.0.0.132 port 40298, id=38, length=331 User-Name = "damuk" NAS-Identifier = "ThanWiFi-3-2" Called-Station-Id = "E8-DE-27-96-BC-BD:ThanWiFi" NAS-Port-Type = Wireless-802.11 NAS-Port = 1 Calling-Station-Id = "64-B3-10-8D-97-D0" Connect-Info = "CONNECT 54Mbps 802.11g" Acct-Session-Id = "56D94114-0000018C" Framed-MTU = 1400 EAP-Message = 0x02ac0090198000000086160301004610000042410474090430ff74229b54cbbf29bcdbe9837165479f7574f6fd3f86fc52ff0d20ca01da74a52dec858f8e10fa04670a61ea9d973a20399d2524c264a42af68644421403010001011603010030c35db7aa74880ca2a812e0bd06d1970c709e837e7564a360ab1564de5f94fb53152bbb791fba3dc374e067965aa81e16 State = 0x2762460225ce5f39e5ae4f7dd194e514 Message-Authenticator = 0xe50eec7317b59663194d96aa712bf56a # Executing section authorize from file /etc/freeradius/sites-enabled/default +group authorize { ++[preprocess] = ok ++[chap] = noop ++[mschap] = noop [suffix] No '@' in User-Name = "damuk", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] = noop [eap] EAP packet type response id 172 length 144 [eap] Continuing tunnel setup. ++[eap] = ok +} # group authorize = ok Found Auth-Type = EAP # Executing group from file /etc/freeradius/sites-enabled/default +group authenticate { [eap] Request found, released from the list [eap] EAP/peap [eap] processing type peap [peap] processing EAP-TLS TLS Length 134 [peap] Length Included [peap] eaptls_verify returned 11 [peap] <<< TLS 1.0 Handshake [length 0046], ClientKeyExchange [peap] TLS_accept: unknown state [peap] <<< TLS 1.0 ChangeCipherSpec [length 0001] [peap] <<< TLS 1.0 Handshake [length 0010], Finished [peap] TLS_accept: unknown state [peap] >>> TLS 1.0 ChangeCipherSpec [length 0001] [peap] TLS_accept: unknown state [peap] >>> TLS 1.0 Handshake [length 0010], Finished [peap] TLS_accept: unknown state [peap] TLS_accept: unknown state [peap] (other): SSL negotiation finished successfully SSL Connection Established [peap] eaptls_process returned 13 [peap] EAPTLS_HANDLED ++[eap] = handled +} # group authenticate = handled Sending Access-Challenge of id 38 to 10.0.0.132 port 40298 EAP-Message = 0x01ad004119001403010001011603010030703aeb9707841b8f792015968d93111bdc354ac6d6604398b51bca9673d010f020fb4c09e5f01532ff217475bfdc39c2 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x2762460224cf5f39e5ae4f7dd194e514 Finished request 3. Going to the next request Waking up in 4.7 seconds. rad_recv: Access-Request packet from host 10.0.0.132 port 40298, id=39, length=193 User-Name = "damuk" NAS-Identifier = "ThanWiFi-3-2" Called-Station-Id = "E8-DE-27-96-BC-BD:ThanWiFi" NAS-Port-Type = Wireless-802.11 NAS-Port = 1 Calling-Station-Id = "64-B3-10-8D-97-D0" Connect-Info = "CONNECT 54Mbps 802.11g" Acct-Session-Id = "56D94114-0000018C" Framed-MTU = 1400 EAP-Message = 0x02ad00061900 State = 0x2762460224cf5f39e5ae4f7dd194e514 Message-Authenticator = 0xc3321e3c8a2c23f8ff61c3707580fd21 # Executing section authorize from file /etc/freeradius/sites-enabled/default +group authorize { ++[preprocess] = ok ++[chap] = noop ++[mschap] = noop [suffix] No '@' in User-Name = "damuk", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] = noop [eap] EAP packet type response id 173 length 6 [eap] Continuing tunnel setup. ++[eap] = ok +} # group authorize = ok Found Auth-Type = EAP # Executing group from file /etc/freeradius/sites-enabled/default +group authenticate { [eap] Request found, released from the list [eap] EAP/peap [eap] processing type peap [peap] processing EAP-TLS [peap] Received TLS ACK [peap] ACK handshake is finished [peap] eaptls_verify returned 3 [peap] eaptls_process returned 3 [peap] EAPTLS_SUCCESS [peap] Session established. Decoding tunneled attributes. [peap] Peap state TUNNEL ESTABLISHED ++[eap] = handled +} # group authenticate = handled Sending Access-Challenge of id 39 to 10.0.0.132 port 40298 EAP-Message = 0x01ae002b190017030100206e021fcfc443651d5c888a98c79701ee9901bb8b241b4735c94b533971ac341a Message-Authenticator = 0x00000000000000000000000000000000 State = 0x2762460223cc5f39e5ae4f7dd194e514 Finished request 4. Going to the next request Waking up in 4.7 seconds. rad_recv: Access-Request packet from host 10.0.0.132 port 40298, id=40, length=267 User-Name = "damuk" NAS-Identifier = "ThanWiFi-3-2" Called-Station-Id = "E8-DE-27-96-BC-BD:ThanWiFi" NAS-Port-Type = Wireless-802.11 NAS-Port = 1 Calling-Station-Id = "64-B3-10-8D-97-D0" Connect-Info = "CONNECT 54Mbps 802.11g" Acct-Session-Id = "56D94114-0000018C" Framed-MTU = 1400 EAP-Message = 0x02ae005019001703010020acfda3a361e5311bddd45096c9153d79497da1ebd8312cb594e99e394363d46d170301002051dbad8d8bb8bfc6c35f4899eb105eb3c2298a3baba171611f6ce52ab42db39a State = 0x2762460223cc5f39e5ae4f7dd194e514 Message-Authenticator = 0x9aef9c24ef29f077e7aa57fcc898d8a6 # Executing section authorize from file /etc/freeradius/sites-enabled/default +group authorize { ++[preprocess] = ok ++[chap] = noop ++[mschap] = noop [suffix] No '@' in User-Name = "damuk", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] = noop [eap] EAP packet type response id 174 length 80 [eap] Continuing tunnel setup. ++[eap] = ok +} # group authorize = ok Found Auth-Type = EAP # Executing group from file /etc/freeradius/sites-enabled/default +group authenticate { [eap] Request found, released from the list [eap] EAP/peap [eap] processing type peap [peap] processing EAP-TLS [peap] eaptls_verify returned 7 [peap] Done initial handshake [peap] eaptls_process returned 7 [peap] EAPTLS_OK [peap] Session established. Decoding tunneled attributes. [peap] Peap state WAITING FOR INNER IDENTITY [peap] Identity - damuk [peap] Got inner identity 'damuk ' [peap] Setting default EAP type for tunneled EAP session. [peap] Got tunneled request EAP-Message = 0x02ae000b0164616d756b20 server { [peap] Setting User-Name to damuk Sending tunneled request EAP-Message = 0x02ae000b0164616d756b20 FreeRADIUS-Proxied-To = 127.0.0.1 User-Name = "damuk " server inner-tunnel { # Executing section authorize from file /etc/freeradius/sites-enabled/inner-tunnel +group authorize { ++[chap] = noop ++[mschap] = noop [suffix] No '@' in User-Name = "damuk ", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] = noop ++update control { ++} # update control = noop [eap] EAP packet type response id 174 length 11 [eap] No EAP Start, assuming it's an on-going EAP conversation ++[eap] = updated ++[files] = noop [sql] expand: %{User-Name} -> damuk [sql] sql_set_user escaped user --> 'damuk ' rlm_sql (sql): Reserving sql socket id: 2 [sql] expand: SELECT id, username, attribute, value, op FROM radcheck WHERE username = '%{SQL-User-Name}' ORDER BY id -> SELECT id, username, attribute, value, op FROM radcheck WHERE username = 'damuk ' ORDER BY id [sql] User found in radcheck table [sql] expand: SELECT id, username, attribute, value, op FROM radreply WHERE username = '%{SQL-User-Name}' ORDER BY id -> SELECT id, username, attribute, value, op FROM radreply WHERE username = 'damuk ' ORDER BY id [sql] expand: SELECT groupname FROM radusergroup WHERE username = '%{SQL-User-Name}' ORDER BY priority -> SELECT groupname FROM radusergroup WHERE username = 'damuk ' ORDER BY priority [sql] expand: SELECT id, groupname, attribute, Value, op FROM radgroupcheck WHERE groupname = '%{Sql-Group}' ORDER BY id -> SELECT id, groupname, attribute, Value, op FROM radgroupcheck WHERE groupname = 'Dolgozo' ORDER BY id [sql] User found in group Dolgozo [sql] expand: SELECT id, groupname, attribute, value, op FROM radgroupreply WHERE groupname = '%{Sql-Group}' ORDER BY id -> SELECT id, groupname, attribute, value, op FROM radgroupreply WHERE groupname = 'Dolgozo' ORDER BY id rlm_sql (sql): Released sql socket id: 2 ++[sql] = ok ++[expiration] = noop ++[logintime] = noop [pap] WARNING: Auth-Type already set. Not setting to PAP ++[pap] = noop +} # group authorize = updated Found Auth-Type = EAP # Executing group from file /etc/freeradius/sites-enabled/inner-tunnel +group authenticate { [eap] EAP Identity [eap] processing type mschapv2 rlm_eap_mschapv2: Issuing Challenge ++[eap] = handled +} # group authenticate = handled } # server inner-tunnel [peap] Got tunneled reply code 11 Acct-Interim-Interval := 60 Idle-Timeout := 600 EAP-Message = 0x01af00201a01af001b1099eb3920215be57be7c3941829c289a864616d756b20 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x5b82ad145b2db7e15a8e827e2e1d4f0c [peap] Got tunneled reply RADIUS code 11 Acct-Interim-Interval := 60 Idle-Timeout := 600 EAP-Message = 0x01af00201a01af001b1099eb3920215be57be7c3941829c289a864616d756b20 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x5b82ad145b2db7e15a8e827e2e1d4f0c [peap] Got tunneled Access-Challenge ++[eap] = handled +} # group authenticate = handled Sending Access-Challenge of id 40 to 10.0.0.132 port 40298 EAP-Message = 0x01af004b19001703010040f93b82c1349b079e37843c0109a7095dd5a434938d031d9085de00e15f671cb74b2ac111f9da916f4499052c332e39aa8bfb6252218cea755c7ec81183608fd5 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x2762460222cd5f39e5ae4f7dd194e514 Finished request 5. Going to the next request Waking up in 4.7 seconds. rad_recv: Access-Request packet from host 10.0.0.132 port 40298, id=41, length=331 User-Name = "damuk" NAS-Identifier = "ThanWiFi-3-2" Called-Station-Id = "E8-DE-27-96-BC-BD:ThanWiFi" NAS-Port-Type = Wireless-802.11 NAS-Port = 1 Calling-Station-Id = "64-B3-10-8D-97-D0" Connect-Info = "CONNECT 54Mbps 802.11g" Acct-Session-Id = "56D94114-0000018C" Framed-MTU = 1400 EAP-Message = 0x02af00901900170301002017e2757e5bea61eb6f158c9fc9726efa9a7bc4ebe0b89944ea0617fa55285276170301006058538cb53fcb0bd8477c47bc1b2d5add212bab6855d01616013d256ca30221bea7c77da116a233bdbb5d35c5d15d2bd27291ca60f5e5073c0016ff1a9cc623e2d048cfbdfd1e2c62367a48dec550152be89586c33d8a7ba9f8a86d0791e84d7c State = 0x2762460222cd5f39e5ae4f7dd194e514 Message-Authenticator = 0x2db818f82e17ba07d635d8e226b7eab5 # Executing section authorize from file /etc/freeradius/sites-enabled/default +group authorize { ++[preprocess] = ok ++[chap] = noop ++[mschap] = noop [suffix] No '@' in User-Name = "damuk", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] = noop [eap] EAP packet type response id 175 length 144 [eap] Continuing tunnel setup. ++[eap] = ok +} # group authorize = ok Found Auth-Type = EAP # Executing group from file /etc/freeradius/sites-enabled/default +group authenticate { [eap] Request found, released from the list [eap] EAP/peap [eap] processing type peap [peap] processing EAP-TLS [peap] eaptls_verify returned 7 [peap] Done initial handshake [peap] eaptls_process returned 7 [peap] EAPTLS_OK [peap] Session established. Decoding tunneled attributes. [peap] Peap state phase2 [peap] EAP type mschapv2 [peap] Got tunneled request EAP-Message = 0x02af00411a02af003c31a4130570eb2993a58e0048aa3a90c5340000000000000000428c4189560277fe72d2be24d9029d95defb97a3e53e7a6f0064616d756b20 server { [peap] Setting User-Name to damuk Sending tunneled request EAP-Message = 0x02af00411a02af003c31a4130570eb2993a58e0048aa3a90c5340000000000000000428c4189560277fe72d2be24d9029d95defb97a3e53e7a6f0064616d756b20 FreeRADIUS-Proxied-To = 127.0.0.1 User-Name = "damuk " State = 0x5b82ad145b2db7e15a8e827e2e1d4f0c server inner-tunnel { # Executing section authorize from file /etc/freeradius/sites-enabled/inner-tunnel +group authorize { ++[chap] = noop ++[mschap] = noop [suffix] No '@' in User-Name = "damuk ", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] = noop ++update control { ++} # update control = noop [eap] EAP packet type response id 175 length 65 [eap] No EAP Start, assuming it's an on-going EAP conversation ++[eap] = updated ++[files] = noop [sql] expand: %{User-Name} -> damuk [sql] sql_set_user escaped user --> 'damuk ' rlm_sql (sql): Reserving sql socket id: 1 [sql] expand: SELECT id, username, attribute, value, op FROM radcheck WHERE username = '%{SQL-User-Name}' ORDER BY id -> SELECT id, username, attribute, value, op FROM radcheck WHERE username = 'damuk ' ORDER BY id [sql] User found in radcheck table [sql] expand: SELECT id, username, attribute, value, op FROM radreply WHERE username = '%{SQL-User-Name}' ORDER BY id -> SELECT id, username, attribute, value, op FROM radreply WHERE username = 'damuk ' ORDER BY id [sql] expand: SELECT groupname FROM radusergroup WHERE username = '%{SQL-User-Name}' ORDER BY priority -> SELECT groupname FROM radusergroup WHERE username = 'damuk ' ORDER BY priority [sql] expand: SELECT id, groupname, attribute, Value, op FROM radgroupcheck WHERE groupname = '%{Sql-Group}' ORDER BY id -> SELECT id, groupname, attribute, Value, op FROM radgroupcheck WHERE groupname = 'Dolgozo' ORDER BY id [sql] User found in group Dolgozo [sql] expand: SELECT id, groupname, attribute, value, op FROM radgroupreply WHERE groupname = '%{Sql-Group}' ORDER BY id -> SELECT id, groupname, attribute, value, op FROM radgroupreply WHERE groupname = 'Dolgozo' ORDER BY id rlm_sql (sql): Released sql socket id: 1 ++[sql] = ok ++[expiration] = noop ++[logintime] = noop [pap] WARNING: Auth-Type already set. Not setting to PAP ++[pap] = noop +} # group authorize = updated Found Auth-Type = EAP # Executing group from file /etc/freeradius/sites-enabled/inner-tunnel +group authenticate { [eap] Request found, released from the list [eap] EAP/mschapv2 [eap] processing type mschapv2 [mschapv2] # Executing group from file /etc/freeradius/sites-enabled/inner-tunnel [mschapv2] +group MS-CHAP { [mschap] Creating challenge hash with username: damuk [mschap] Client is using MS-CHAPv2 for damuk , we need NT-Password [mschap] adding MS-CHAPv2 MPPE keys ++[mschap] = ok +} # group MS-CHAP = ok MSCHAP Success ++[eap] = handled +} # group authenticate = handled } # server inner-tunnel [peap] Got tunneled reply code 11 Acct-Interim-Interval := 60 Idle-Timeout := 600 EAP-Message = 0x01b000331a03af002e533d35323131353630334439304236323032324634304536463838303346374330393834303133424141 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x5b82ad145a32b7e15a8e827e2e1d4f0c [peap] Got tunneled reply RADIUS code 11 Acct-Interim-Interval := 60 Idle-Timeout := 600 EAP-Message = 0x01b000331a03af002e533d35323131353630334439304236323032324634304536463838303346374330393834303133424141 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x5b82ad145a32b7e15a8e827e2e1d4f0c [peap] Got tunneled Access-Challenge ++[eap] = handled +} # group authenticate = handled Sending Access-Challenge of id 41 to 10.0.0.132 port 40298 EAP-Message = 0x01b0005b190017030100502611a0ce7565476b5fcf466f13d9ff4ce2904fef8c2d4d9a10c05e3da0e5a8ca649915390981228a7c14a2aae3f3c4c0bbd8686a48d9626bcfb627fa414e2643e13f7d053f2c749ca8c1ab5850d52dad Message-Authenticator = 0x00000000000000000000000000000000 State = 0x2762460221d25f39e5ae4f7dd194e514 Finished request 6. Going to the next request Waking up in 4.7 seconds. rad_recv: Access-Request packet from host 10.0.0.132 port 40298, id=42, length=267 User-Name = "damuk" NAS-Identifier = "ThanWiFi-3-2" Called-Station-Id = "E8-DE-27-96-BC-BD:ThanWiFi" NAS-Port-Type = Wireless-802.11 NAS-Port = 1 Calling-Station-Id = "64-B3-10-8D-97-D0" Connect-Info = "CONNECT 54Mbps 802.11g" Acct-Session-Id = "56D94114-0000018C" Framed-MTU = 1400 EAP-Message = 0x02b0005019001703010020e6cecbc4ff05a31447c46fb205e394df2bc9ed84361e58893971d7df66582bf51703010020f5f45f72b2631b80e7b6359802cbbddcaacb545a94a2915d5a7ffd9bdbe9c35d State = 0x2762460221d25f39e5ae4f7dd194e514 Message-Authenticator = 0x2d754164fff24c73f4491f66e2fe8265 # Executing section authorize from file /etc/freeradius/sites-enabled/default +group authorize { ++[preprocess] = ok ++[chap] = noop ++[mschap] = noop [suffix] No '@' in User-Name = "damuk", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] = noop [eap] EAP packet type response id 176 length 80 [eap] Continuing tunnel setup. ++[eap] = ok +} # group authorize = ok Found Auth-Type = EAP # Executing group from file /etc/freeradius/sites-enabled/default +group authenticate { [eap] Request found, released from the list [eap] EAP/peap [eap] processing type peap [peap] processing EAP-TLS [peap] eaptls_verify returned 7 [peap] Done initial handshake [peap] eaptls_process returned 7 [peap] EAPTLS_OK [peap] Session established. Decoding tunneled attributes. [peap] Peap state phase2 [peap] EAP type mschapv2 [peap] Got tunneled request EAP-Message = 0x02b000061a03 server { [peap] Setting User-Name to damuk Sending tunneled request EAP-Message = 0x02b000061a03 FreeRADIUS-Proxied-To = 127.0.0.1 User-Name = "damuk " State = 0x5b82ad145a32b7e15a8e827e2e1d4f0c server inner-tunnel { # Executing section authorize from file /etc/freeradius/sites-enabled/inner-tunnel +group authorize { ++[chap] = noop ++[mschap] = noop [suffix] No '@' in User-Name = "damuk ", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] = noop ++update control { ++} # update control = noop [eap] EAP packet type response id 176 length 6 [eap] No EAP Start, assuming it's an on-going EAP conversation ++[eap] = updated ++[files] = noop [sql] expand: %{User-Name} -> damuk [sql] sql_set_user escaped user --> 'damuk ' rlm_sql (sql): Reserving sql socket id: 0 [sql] expand: SELECT id, username, attribute, value, op FROM radcheck WHERE username = '%{SQL-User-Name}' ORDER BY id -> SELECT id, username, attribute, value, op FROM radcheck WHERE username = 'damuk ' ORDER BY id [sql] User found in radcheck table [sql] expand: SELECT id, username, attribute, value, op FROM radreply WHERE username = '%{SQL-User-Name}' ORDER BY id -> SELECT id, username, attribute, value, op FROM radreply WHERE username = 'damuk ' ORDER BY id [sql] expand: SELECT groupname FROM radusergroup WHERE username = '%{SQL-User-Name}' ORDER BY priority -> SELECT groupname FROM radusergroup WHERE username = 'damuk ' ORDER BY priority [sql] expand: SELECT id, groupname, attribute, Value, op FROM radgroupcheck WHERE groupname = '%{Sql-Group}' ORDER BY id -> SELECT id, groupname, attribute, Value, op FROM radgroupcheck WHERE groupname = 'Dolgozo' ORDER BY id [sql] User found in group Dolgozo [sql] expand: SELECT id, groupname, attribute, value, op FROM radgroupreply WHERE groupname = '%{Sql-Group}' ORDER BY id -> SELECT id, groupname, attribute, value, op FROM radgroupreply WHERE groupname = 'Dolgozo' ORDER BY id rlm_sql (sql): Released sql socket id: 0 ++[sql] = ok ++[expiration] = noop ++[logintime] = noop [pap] WARNING: Auth-Type already set. Not setting to PAP ++[pap] = noop +} # group authorize = updated Found Auth-Type = EAP # Executing group from file /etc/freeradius/sites-enabled/inner-tunnel +group authenticate { [eap] Request found, released from the list [eap] EAP/mschapv2 [eap] processing type mschapv2 [eap] Freeing handler ++[eap] = ok +} # group authenticate = ok Login OK: [damuk /] (from client ThanWiFi-3-2 port 0 via TLS tunnel) # Executing section post-auth from file /etc/freeradius/sites-enabled/inner-tunnel +group post-auth { [sql] expand: %{User-Name} -> damuk [sql] sql_set_user escaped user --> 'damuk ' [sql] expand: %{User-Password} -> [sql] ... expanding second conditional [sql] expand: %{Chap-Password} -> [sql] expand: INSERT INTO radpostauth (username, pass, reply, authdate) VALUES ( '%{User-Name}', '%{%{User-Password}:-%{Chap-Password}}', '%{reply:Packet-Type}', '%S') -> INSERT INTO radpostauth (username, pass, reply, authdate) VALUES ( 'damuk ', '', 'Access-Accept', '2016-03-07 17:07:02') rlm_sql (sql) in sql_postauth: query is INSERT INTO radpostauth (username, pass, reply, authdate) VALUES ( 'damuk ', '', 'Access-Accept', '2016-03-07 17:07:02') rlm_sql (sql): Reserving sql socket id: 4 rlm_sql (sql): Released sql socket id: 4 ++[sql] = ok +} # group post-auth = ok } # server inner-tunnel [peap] Got tunneled reply code 2 Acct-Interim-Interval := 60 Idle-Timeout := 600 MS-MPPE-Encryption-Policy = 0x00000002 MS-MPPE-Encryption-Types = 0x00000004 MS-MPPE-Send-Key = 0xf461749d3315452509accc2162aaa793 MS-MPPE-Recv-Key = 0x7ff17a28a54770067fd7a0ed156005c9 EAP-Message = 0x03b00004 Message-Authenticator = 0x00000000000000000000000000000000 User-Name = "damuk " [peap] Got tunneled reply RADIUS code 2 Acct-Interim-Interval := 60 Idle-Timeout := 600 MS-MPPE-Encryption-Policy = 0x00000002 MS-MPPE-Encryption-Types = 0x00000004 MS-MPPE-Send-Key = 0xf461749d3315452509accc2162aaa793 MS-MPPE-Recv-Key = 0x7ff17a28a54770067fd7a0ed156005c9 EAP-Message = 0x03b00004 Message-Authenticator = 0x00000000000000000000000000000000 User-Name = "damuk " [peap] Tunneled authentication was successful. [peap] SUCCESS ++[eap] = handled +} # group authenticate = handled Sending Access-Challenge of id 42 to 10.0.0.132 port 40298 EAP-Message = 0x01b1002b190017030100203deed4dc10be6e3f62efd6ffd09a56d684ec4c92cb94de074125c926eb199500 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x2762460220d35f39e5ae4f7dd194e514 Finished request 7. Going to the next request Waking up in 4.7 seconds. rad_recv: Access-Request packet from host 10.0.0.132 port 40298, id=43, length=267 User-Name = "damuk" NAS-Identifier = "ThanWiFi-3-2" Called-Station-Id = "E8-DE-27-96-BC-BD:ThanWiFi" NAS-Port-Type = Wireless-802.11 NAS-Port = 1 Calling-Station-Id = "64-B3-10-8D-97-D0" Connect-Info = "CONNECT 54Mbps 802.11g" Acct-Session-Id = "56D94114-0000018C" Framed-MTU = 1400 EAP-Message = 0x02b1005019001703010020cd347142aefd144fab74ea3eb27feee47e68274754b9361608db70dacc4328ed17030100204cb4362f02e26976e38c99693decaec3b8786ca851490e176356f06bf7b5d538 State = 0x2762460220d35f39e5ae4f7dd194e514 Message-Authenticator = 0x71bacb3b77301a5065ec845ae7c65f52 # Executing section authorize from file /etc/freeradius/sites-enabled/default +group authorize { ++[preprocess] = ok ++[chap] = noop ++[mschap] = noop [suffix] No '@' in User-Name = "damuk", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] = noop [eap] EAP packet type response id 177 length 80 [eap] Continuing tunnel setup. ++[eap] = ok +} # group authorize = ok Found Auth-Type = EAP # Executing group from file /etc/freeradius/sites-enabled/default +group authenticate { [eap] Request found, released from the list [eap] EAP/peap [eap] processing type peap [peap] processing EAP-TLS [peap] eaptls_verify returned 7 [peap] Done initial handshake [peap] eaptls_process returned 7 [peap] EAPTLS_OK [peap] Session established. Decoding tunneled attributes. [peap] Peap state send tlv success [peap] Received EAP-TLV response. [peap] Success [eap] Freeing handler ++[eap] = ok +} # group authenticate = ok Login OK: [damuk/] (from client ThanWiFi-3-2 port 1 cli 64-B3-10-8D-97-D0) # Executing section post-auth from file /etc/freeradius/sites-enabled/default +group post-auth { [sql] expand: %{User-Name} -> damuk [sql] sql_set_user escaped user --> 'damuk' [sql] expand: %{User-Password} -> [sql] ... expanding second conditional [sql] expand: %{Chap-Password} -> [sql] expand: INSERT INTO radpostauth (username, pass, reply, authdate) VALUES ( '%{User-Name}', '%{%{User-Password}:-%{Chap-Password}}', '%{reply:Packet-Type}', '%S') -> INSERT INTO radpostauth (username, pass, reply, authdate) VALUES ( 'damuk', '', 'Access-Accept', '2016-03-07 17:07:02') rlm_sql (sql) in sql_postauth: query is INSERT INTO radpostauth (username, pass, reply, authdate) VALUES ( 'damuk', '', 'Access-Accept', '2016-03-07 17:07:02') rlm_sql (sql): Reserving sql socket id: 3 rlm_sql (sql): Released sql socket id: 3 ++[sql] = ok ++[exec] = noop +} # group post-auth = ok Sending Access-Accept of id 43 to 10.0.0.132 port 40298 MS-MPPE-Recv-Key = 0xb71eae80770f36c44f7e9964fd0762c60e5bd0b646c0cc58a1306c88481c3f60 MS-MPPE-Send-Key = 0x0160134aa6b3624b1f06a56935070c45983251dfc16ab34aa02238406e474e34 EAP-Message = 0x03b10004 Message-Authenticator = 0x00000000000000000000000000000000 User-Name = "damuk" Finished request 8. Going to the next request Waking up in 4.7 seconds. rad_recv: Access-Request packet from host 10.0.0.132 port 40298, id=44, length=179 User-Name = "damuk" NAS-Identifier = "ThanWiFi-3-2" Called-Station-Id = "E8-DE-27-96-BC-BD:ThanWiFi" NAS-Port-Type = Wireless-802.11 NAS-Port = 1 Calling-Station-Id = "64-B3-10-8D-97-D0" Connect-Info = "CONNECT 54Mbps 802.11g" Acct-Session-Id = "56D94114-0000018C" Framed-MTU = 1400 EAP-Message = 0x0251000a0164616d756b Message-Authenticator = 0x80eca36ac6716044ca6f0822db58aaa8 # Executing section authorize from file /etc/freeradius/sites-enabled/default +group authorize { ++[preprocess] = ok ++[chap] = noop ++[mschap] = noop [suffix] No '@' in User-Name = "damuk", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] = noop [eap] EAP packet type response id 81 length 10 [eap] No EAP Start, assuming it's an on-going EAP conversation ++[eap] = updated ++[unix] = notfound ++[files] = noop [sql] expand: %{User-Name} -> damuk [sql] sql_set_user escaped user --> 'damuk' rlm_sql (sql): Reserving sql socket id: 2 [sql] expand: SELECT id, username, attribute, value, op FROM radcheck WHERE username = '%{SQL-User-Name}' ORDER BY id -> SELECT id, username, attribute, value, op FROM radcheck WHERE username = 'damuk' ORDER BY id [sql] User found in radcheck table [sql] expand: SELECT id, username, attribute, value, op FROM radreply WHERE username = '%{SQL-User-Name}' ORDER BY id -> SELECT id, username, attribute, value, op FROM radreply WHERE username = 'damuk' ORDER BY id [sql] expand: SELECT groupname FROM radusergroup WHERE username = '%{SQL-User-Name}' ORDER BY priority -> SELECT groupname FROM radusergroup WHERE username = 'damuk' ORDER BY priority [sql] expand: SELECT id, groupname, attribute, Value, op FROM radgroupcheck WHERE groupname = '%{Sql-Group}' ORDER BY id -> SELECT id, groupname, attribute, Value, op FROM radgroupcheck WHERE groupname = 'Dolgozo' ORDER BY id [sql] User found in group Dolgozo [sql] expand: SELECT id, groupname, attribute, value, op FROM radgroupreply WHERE groupname = '%{Sql-Group}' ORDER BY id -> SELECT id, groupname, attribute, value, op FROM radgroupreply WHERE groupname = 'Dolgozo' ORDER BY id rlm_sql (sql): Released sql socket id: 2 ++[sql] = ok rlm_sqlcounter: Entering module authorize code rlm_sqlcounter: Could not find Check item value pair ++[dailycounter] = noop rlm_sqlcounter: Entering module authorize code rlm_sqlcounter: Could not find Check item value pair ++[monthlycounter] = noop rlm_sqlcounter: Entering module authorize code rlm_sqlcounter: Could not find Check item value pair ++[weeklycounter] = noop rlm_sqlcounter: Entering module authorize code rlm_sqlcounter: Could not find Check item value pair ++[quaterlycounter] = noop rlm_sqlcounter: Entering module authorize code rlm_sqlcounter: Could not find Check item value pair ++[yearlycounter] = noop rlm_sqlcounter: Entering module authorize code rlm_sqlcounter: Could not find Check item value pair ++[noresetcounter] = noop rlm_sqlcounter: Entering module authorize code rlm_sqlcounter: Could not find Check item value pair ++[accessperiod] = noop rlm_sqlcounter: Entering module authorize code rlm_sqlcounter: Could not find Check item value pair ++[counterChilliSpotMaxTotalOctetsDaily] = noop rlm_sqlcounter: Entering module authorize code rlm_sqlcounter: Could not find Check item value pair ++[counterChilliSpotMaxTotalOctetsWeekly] = noop rlm_sqlcounter: Entering module authorize code rlm_sqlcounter: Could not find Check item value pair ++[counterChilliSpotMaxTotalOctetsMonthly] = noop rlm_sqlcounter: Entering module authorize code rlm_sqlcounter: Could not find Check item value pair ++[counterChilliSpotMaxTotalOctetsQuarterly] = noop rlm_sqlcounter: Entering module authorize code rlm_sqlcounter: Could not find Check item value pair ++[counterChilliSpotMaxTotalOctetsYearly] = noop rlm_sqlcounter: Entering module authorize code rlm_sqlcounter: Could not find Check item value pair ++[counterChilliSpotMaxTotalOctetsAll] = noop rlm_sqlcounter: Entering module authorize code rlm_sqlcounter: Could not find Check item value pair ++[counterChilliSpotMaxInputOctetsDaily] = noop rlm_sqlcounter: Entering module authorize code rlm_sqlcounter: Could not find Check item value pair ++[counterChilliSpotMaxInputOctetsWeekly] = noop rlm_sqlcounter: Entering module authorize code rlm_sqlcounter: Could not find Check item value pair ++[counterChilliSpotMaxInputOctetsMonthly] = noop rlm_sqlcounter: Entering module authorize code rlm_sqlcounter: Could not find Check item value pair ++[counterChilliSpotMaxInputOctetsQuarterly] = noop rlm_sqlcounter: Entering module authorize code rlm_sqlcounter: Could not find Check item value pair ++[counterChilliSpotMaxInputOctetsYearly] = noop rlm_sqlcounter: Entering module authorize code rlm_sqlcounter: Could not find Check item value pair ++[counterChilliSpotMaxInputOctetsAll] = noop rlm_sqlcounter: Entering module authorize code rlm_sqlcounter: Could not find Check item value pair ++[counterChilliSpotMaxOutputOctetsDaily] = noop rlm_sqlcounter: Entering module authorize code rlm_sqlcounter: Could not find Check item value pair ++[counterChilliSpotMaxOutputOctetsWeekly] = noop rlm_sqlcounter: Entering module authorize code rlm_sqlcounter: Could not find Check item value pair ++[counterChilliSpotMaxOutputOctetsMonthly] = noop rlm_sqlcounter: Entering module authorize code rlm_sqlcounter: Could not find Check item value pair ++[counterChilliSpotMaxOutputOctetsQuarterly] = noop rlm_sqlcounter: Entering module authorize code rlm_sqlcounter: Could not find Check item value pair ++[counterChilliSpotMaxOutputOctetsYearly] = noop rlm_sqlcounter: Entering module authorize code rlm_sqlcounter: Could not find Check item value pair ++[counterChilliSpotMaxOutputOctetsAll] = noop ++[expiration] = noop ++[logintime] = noop [pap] WARNING: Auth-Type already set. Not setting to PAP ++[pap] = noop +} # group authorize = updated Found Auth-Type = EAP # Executing group from file /etc/freeradius/sites-enabled/default +group authenticate { [eap] EAP Identity [eap] processing type tls [tls] Initiate [tls] Start returned 1 ++[eap] = handled +} # group authenticate = handled Sending Access-Challenge of id 44 to 10.0.0.132 port 40298 Acct-Interim-Interval := 60 Idle-Timeout := 600 EAP-Message = 0x015200061920 Message-Authenticator = 0x00000000000000000000000000000000 State = 0xa7e7d28ca7b5cba0608855d1430131bc Finished request 9. Going to the next request Waking up in 0.6 seconds. Cleaning up request 0 ID 35 with timestamp +35 Waking up in 0.1 seconds. Cleaning up request 1 ID 36 with timestamp +35 Cleaning up request 2 ID 37 with timestamp +35 Cleaning up request 3 ID 38 with timestamp +35 Cleaning up request 4 ID 39 with timestamp +35 Cleaning up request 5 ID 40 with timestamp +35 Cleaning up request 6 ID 41 with timestamp +35 Cleaning up request 7 ID 42 with timestamp +35 Cleaning up request 8 ID 43 with timestamp +35 Waking up in 4.0 seconds. Cleaning up request 9 ID 44 with timestamp +39 WARNING: !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! WARNING: !! EAP session for state 0xa7e7d28ca7b5cba0 did not finish! WARNING: !! Please read http://wiki.freeradius.org/guide/Certificate_Compatibility WARNING: !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! Ready to process requests. rad_recv: Access-Request packet from host 10.0.0.112 port 49559, id=133, length=179 User-Name = "damuk" NAS-Identifier = "ThanWiFi-1-2" Called-Station-Id = "E8-DE-27-96-B5-8F:ThanWiFi" NAS-Port-Type = Wireless-802.11 NAS-Port = 1 Calling-Station-Id = "64-B3-10-8D-97-D0" Connect-Info = "CONNECT 54Mbps 802.11g" Acct-Session-Id = "56D94060-000001DE" Framed-MTU = 1400 EAP-Message = 0x02ad000a0164616d756b Message-Authenticator = 0x2fdb74d8ced9a384e9a9851172f2a609 # Executing section authorize from file /etc/freeradius/sites-enabled/default +group authorize { ++[preprocess] = ok ++[chap] = noop ++[mschap] = noop [suffix] No '@' in User-Name = "damuk", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] = noop [eap] EAP packet type response id 173 length 10 [eap] No EAP Start, assuming it's an on-going EAP conversation ++[eap] = updated ++[unix] = notfound ++[files] = noop [sql] expand: %{User-Name} -> damuk [sql] sql_set_user escaped user --> 'damuk' rlm_sql (sql): Reserving sql socket id: 1 [sql] expand: SELECT id, username, attribute, value, op FROM radcheck WHERE username = '%{SQL-User-Name}' ORDER BY id -> SELECT id, username, attribute, value, op FROM radcheck WHERE username = 'damuk' ORDER BY id [sql] User found in radcheck table [sql] expand: SELECT id, username, attribute, value, op FROM radreply WHERE username = '%{SQL-User-Name}' ORDER BY id -> SELECT id, username, attribute, value, op FROM radreply WHERE username = 'damuk' ORDER BY id [sql] expand: SELECT groupname FROM radusergroup WHERE username = '%{SQL-User-Name}' ORDER BY priority -> SELECT groupname FROM radusergroup WHERE username = 'damuk' ORDER BY priority [sql] expand: SELECT id, groupname, attribute, Value, op FROM radgroupcheck WHERE groupname = '%{Sql-Group}' ORDER BY id -> SELECT id, groupname, attribute, Value, op FROM radgroupcheck WHERE groupname = 'Dolgozo' ORDER BY id [sql] User found in group Dolgozo [sql] expand: SELECT id, groupname, attribute, value, op FROM radgroupreply WHERE groupname = '%{Sql-Group}' ORDER BY id -> SELECT id, groupname, attribute, value, op FROM radgroupreply WHERE groupname = 'Dolgozo' ORDER BY id rlm_sql (sql): Released sql socket id: 1 ++[sql] = ok rlm_sqlcounter: Entering module authorize code rlm_sqlcounter: Could not find Check item value pair ++[dailycounter] = noop rlm_sqlcounter: Entering module authorize code rlm_sqlcounter: Could not find Check item value pair ++[monthlycounter] = noop rlm_sqlcounter: Entering module authorize code rlm_sqlcounter: Could not find Check item value pair ++[weeklycounter] = noop rlm_sqlcounter: Entering module authorize code rlm_sqlcounter: Could not find Check item value pair ++[quaterlycounter] = noop rlm_sqlcounter: Entering module authorize code rlm_sqlcounter: Could not find Check item value pair ++[yearlycounter] = noop rlm_sqlcounter: Entering module authorize code rlm_sqlcounter: Could not find Check item value pair ++[noresetcounter] = noop rlm_sqlcounter: Entering module authorize code rlm_sqlcounter: Could not find Check item value pair ++[accessperiod] = noop rlm_sqlcounter: Entering module authorize code rlm_sqlcounter: Could not find Check item value pair ++[counterChilliSpotMaxTotalOctetsDaily] = noop rlm_sqlcounter: Entering module authorize code rlm_sqlcounter: Could not find Check item value pair ++[counterChilliSpotMaxTotalOctetsWeekly] = noop rlm_sqlcounter: Entering module authorize code rlm_sqlcounter: Could not find Check item value pair ++[counterChilliSpotMaxTotalOctetsMonthly] = noop rlm_sqlcounter: Entering module authorize code rlm_sqlcounter: Could not find Check item value pair ++[counterChilliSpotMaxTotalOctetsQuarterly] = noop rlm_sqlcounter: Entering module authorize code rlm_sqlcounter: Could not find Check item value pair ++[counterChilliSpotMaxTotalOctetsYearly] = noop rlm_sqlcounter: Entering module authorize code rlm_sqlcounter: Could not find Check item value pair ++[counterChilliSpotMaxTotalOctetsAll] = noop rlm_sqlcounter: Entering module authorize code rlm_sqlcounter: Could not find Check item value pair ++[counterChilliSpotMaxInputOctetsDaily] = noop rlm_sqlcounter: Entering module authorize code rlm_sqlcounter: Could not find Check item value pair ++[counterChilliSpotMaxInputOctetsWeekly] = noop rlm_sqlcounter: Entering module authorize code rlm_sqlcounter: Could not find Check item value pair ++[counterChilliSpotMaxInputOctetsMonthly] = noop rlm_sqlcounter: Entering module authorize code rlm_sqlcounter: Could not find Check item value pair ++[counterChilliSpotMaxInputOctetsQuarterly] = noop rlm_sqlcounter: Entering module authorize code rlm_sqlcounter: Could not find Check item value pair ++[counterChilliSpotMaxInputOctetsYearly] = noop rlm_sqlcounter: Entering module authorize code rlm_sqlcounter: Could not find Check item value pair ++[counterChilliSpotMaxInputOctetsAll] = noop rlm_sqlcounter: Entering module authorize code rlm_sqlcounter: Could not find Check item value pair ++[counterChilliSpotMaxOutputOctetsDaily] = noop rlm_sqlcounter: Entering module authorize code rlm_sqlcounter: Could not find Check item value pair ++[counterChilliSpotMaxOutputOctetsWeekly] = noop rlm_sqlcounter: Entering module authorize code rlm_sqlcounter: Could not find Check item value pair ++[counterChilliSpotMaxOutputOctetsMonthly] = noop rlm_sqlcounter: Entering module authorize code rlm_sqlcounter: Could not find Check item value pair ++[counterChilliSpotMaxOutputOctetsQuarterly] = noop rlm_sqlcounter: Entering module authorize code rlm_sqlcounter: Could not find Check item value pair ++[counterChilliSpotMaxOutputOctetsYearly] = noop rlm_sqlcounter: Entering module authorize code rlm_sqlcounter: Could not find Check item value pair ++[counterChilliSpotMaxOutputOctetsAll] = noop ++[expiration] = noop ++[logintime] = noop [pap] WARNING: Auth-Type already set. Not setting to PAP ++[pap] = noop +} # group authorize = updated Found Auth-Type = EAP # Executing group from file /etc/freeradius/sites-enabled/default +group authenticate { [eap] EAP Identity [eap] processing type tls [tls] Initiate [tls] Start returned 1 ++[eap] = handled +} # group authenticate = handled Sending Access-Challenge of id 133 to 10.0.0.112 port 49559 Acct-Interim-Interval := 60 Idle-Timeout := 600 EAP-Message = 0x01ae00061920 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x879bc7308735de1932a29b6d94f6bd82 Finished request 10. Going to the next request Waking up in 4.9 seconds. rad_recv: Access-Request packet from host 10.0.0.112 port 49559, id=134, length=387 User-Name = "damuk" NAS-Identifier = "ThanWiFi-1-2" Called-Station-Id = "E8-DE-27-96-B5-8F:ThanWiFi" NAS-Port-Type = Wireless-802.11 NAS-Port = 1 Calling-Station-Id = "64-B3-10-8D-97-D0" Connect-Info = "CONNECT 54Mbps 802.11g" Acct-Session-Id = "56D94060-000001DE" Framed-MTU = 1400 EAP-Message = 0x02ae00c81980000000be16030100b9010000b5030156dda778c780d12ab6b340a23a5a09e75e6ee611099040803660496796b3df46000048c014c00a00390038c00fc0050035c012c00800160013c00dc003000ac013c00900330032c00ec004002fc011c007c00cc002000500040015001200090014001100080006000300ff01000044000b000403000102000a00340032000100020003000400050006000700080009000a000b000c000d000e000f001000110012001300140015001600170018001900230000 State = 0x879bc7308735de1932a29b6d94f6bd82 Message-Authenticator = 0xb50a3afd425f7719f653d7c289f62745 # Executing section authorize from file /etc/freeradius/sites-enabled/default +group authorize { ++[preprocess] = ok ++[chap] = noop ++[mschap] = noop [suffix] No '@' in User-Name = "damuk", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] = noop [eap] EAP packet type response id 174 length 200 [eap] Continuing tunnel setup. ++[eap] = ok +} # group authorize = ok Found Auth-Type = EAP # Executing group from file /etc/freeradius/sites-enabled/default +group authenticate { [eap] Request found, released from the list [eap] EAP/peap [eap] processing type peap [peap] processing EAP-TLS TLS Length 190 [peap] Length Included [peap] eaptls_verify returned 11 [peap] (other): before/accept initialization [peap] TLS_accept: before/accept initialization [peap] <<< TLS 1.0 Handshake [length 00b9], ClientHello [peap] TLS_accept: unknown state [peap] >>> TLS 1.0 Handshake [length 0039], ServerHello [peap] TLS_accept: unknown state [peap] >>> TLS 1.0 Handshake [length 02c4], Certificate [peap] TLS_accept: unknown state [peap] >>> TLS 1.0 Handshake [length 014b], ServerKeyExchange [peap] TLS_accept: unknown state [peap] >>> TLS 1.0 Handshake [length 0004], ServerHelloDone [peap] TLS_accept: unknown state [peap] TLS_accept: unknown state [peap] TLS_accept: Need to read more data: unknown state In SSL Handshake Phase In SSL Accept mode [peap] eaptls_process returned 13 [peap] EAPTLS_HANDLED ++[eap] = handled +} # group authenticate = handled Sending Access-Challenge of id 134 to 10.0.0.112 port 49559 EAP-Message = 0x01af040019c000000460160301003902000035030138f5b2e31676817cff4a87905d0a6debf1e18e4e1e96de623e62ef8e431f026100c01400000dff01000100000b00040300010216030102c40b0002c00002bd0002ba308202b63082019ea0030201020209009989ad7dff6b022b300d06092a864886f70d01010b050030133111300f06035504030c085468616e57694669301e170d3136303330353133343331305a170d3236303330333133343331305a30133111300f06035504030c085468616e5769466930820122300d06092a864886f70d01010105000382010f003082010a0282010100ad9d4ac7dc70296afa82ca4a408b3248c2a9fd9f EAP-Message = 0x24e82f792dcbc58c5cc2c51e21d320e0203b631097ec7fbed2ad2f467ec62f07cf3801f9e335b3c1dec9d39471d543232226645c6023b65c26ed7589806628ab8229ded32e07936fb1e1181f5c140194acacd90dd091537413ca60e45a0f20308d1562b6fe7c452b4b4fc0567c6934d74cd40de68b76bb59d39db4e671ef6fd2588b244d2b476e9d06a6943735f49944e0c720b332529eb6bd65b2388f5ec4240926d8d3818bb19fabd04162543fdf521b1434e35966d39dfc4eecf8f5612a78fcd15773b667486e7a760a3a1f6180ea9c7bfb1200670537a1ab7b1bfd36d311a5778bd485276c5f293bab9b0203010001a30d300b30090603551d1304 EAP-Message = 0x023000300d06092a864886f70d01010b050003820101001fa3d9f0bd880af1ad3cfe6e704027f13a874fc4f8be0dc65cdac8f5cbf9f88da5c2bf9edf195cf601d7f71b2237862f3616f7411cc660537a66c18e05e869c55dda84a7691aca8142cab247db8a12028f1cc6d5a67e92d9e64734fff22b1d7b7922872189407053d489c2cb416cffc54ec784c7b79a66f8d713e0e35b82e3713c1b85c9c1fb385a0369ee2ac37be476f25737f905eca7bc6568bec3ffe338aa34f2319b37b59c747cd328f60555ebe51f9d65567bc5f16305cb7a44911d57379eaa85b5254d8616da1cff944ab3f4b9eecd282cdc122719a1031b2613b46c5943362c43bb8c EAP-Message = 0x1c117142310b05b1176ac4922b9e4473ac6966e407489bb55204160301014b0c00014703001741045f1de45d5487c5983c19525824645c2c2c8a6a5c1265a7628326881a475efaf8927d5fb3c8b95e707f8828ea978664e53d552d64e03f900e529735e25bc7bf2401004e29c51cfb962fe6faf018e2a8081af135d50bbc81257761f6a07511a89b062996748fe7f0692f606d7b652fcc470e9a7627f995cd7d30a9a9333404bd45df6a941223ac1581607ae1bea3944200af13c001cb61e62c4b8ec37a581f7bb58636d3cd9944c8290f29bbf9d54d9e455d4acc4ec5a38c20f4e77138a0759b48a988cde93ecc8ec790c3fde47c2d50a611803223c3 EAP-Message = 0x2efdba6c2af55f576f941e04 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x879bc7308634de1932a29b6d94f6bd82 Finished request 11. Going to the next request Waking up in 4.8 seconds. rad_recv: Access-Request packet from host 10.0.0.112 port 49559, id=135, length=193 User-Name = "damuk" NAS-Identifier = "ThanWiFi-1-2" Called-Station-Id = "E8-DE-27-96-B5-8F:ThanWiFi" NAS-Port-Type = Wireless-802.11 NAS-Port = 1 Calling-Station-Id = "64-B3-10-8D-97-D0" Connect-Info = "CONNECT 54Mbps 802.11g" Acct-Session-Id = "56D94060-000001DE" Framed-MTU = 1400 EAP-Message = 0x02af00061900 State = 0x879bc7308634de1932a29b6d94f6bd82 Message-Authenticator = 0x33eda6a45ee0723e8ac25be4ad019edf # Executing section authorize from file /etc/freeradius/sites-enabled/default +group authorize { ++[preprocess] = ok ++[chap] = noop ++[mschap] = noop [suffix] No '@' in User-Name = "damuk", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] = noop [eap] EAP packet type response id 175 length 6 [eap] Continuing tunnel setup. ++[eap] = ok +} # group authorize = ok Found Auth-Type = EAP # Executing group from file /etc/freeradius/sites-enabled/default +group authenticate { [eap] Request found, released from the list [eap] EAP/peap [eap] processing type peap [peap] processing EAP-TLS [peap] Received TLS ACK [peap] ACK handshake fragment handler [peap] eaptls_verify returned 1 [peap] eaptls_process returned 13 [peap] EAPTLS_HANDLED ++[eap] = handled +} # group authenticate = handled Sending Access-Challenge of id 135 to 10.0.0.112 port 49559 EAP-Message = 0x01b00070190057c27bbef2398a3995260d5de565a504086f0e380f50aad17d41bb5e947cb6694627dbba254fa28c5fd923ecb58533d6472353382fea6f85f349dc81997223097b7c5db093cffcafe21d7d64898396aee47d4f9c6087f1654f86ca610926085a1016030100040e000000 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x879bc730852bde1932a29b6d94f6bd82 Finished request 12. Going to the next request Waking up in 4.8 seconds. rad_recv: Access-Request packet from host 10.0.0.112 port 49559, id=136, length=331 User-Name = "damuk" NAS-Identifier = "ThanWiFi-1-2" Called-Station-Id = "E8-DE-27-96-B5-8F:ThanWiFi" NAS-Port-Type = Wireless-802.11 NAS-Port = 1 Calling-Station-Id = "64-B3-10-8D-97-D0" Connect-Info = "CONNECT 54Mbps 802.11g" Acct-Session-Id = "56D94060-000001DE" Framed-MTU = 1400 EAP-Message = 0x02b000901980000000861603010046100000424104656bcf9d9af8f3e01d04dbbe7e57fb7c4099d75183976dd3914a1be4206c0312ebc9fc3435c44cffd298bd8ad8ed2180e71f56b4ae8fe9af2ca77b456696388b1403010001011603010030da41584b5dde29157aa14fd739323fe64ba36e011662b3d74c285b725d61491cb6146deca3ff5946a7bddfcec2ab5aa0 State = 0x879bc730852bde1932a29b6d94f6bd82 Message-Authenticator = 0xbcec35d3d43f467f359719058a0c1b9f # Executing section authorize from file /etc/freeradius/sites-enabled/default +group authorize { ++[preprocess] = ok ++[chap] = noop ++[mschap] = noop [suffix] No '@' in User-Name = "damuk", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] = noop [eap] EAP packet type response id 176 length 144 [eap] Continuing tunnel setup. ++[eap] = ok +} # group authorize = ok Found Auth-Type = EAP # Executing group from file /etc/freeradius/sites-enabled/default +group authenticate { [eap] Request found, released from the list [eap] EAP/peap [eap] processing type peap [peap] processing EAP-TLS TLS Length 134 [peap] Length Included [peap] eaptls_verify returned 11 [peap] <<< TLS 1.0 Handshake [length 0046], ClientKeyExchange [peap] TLS_accept: unknown state [peap] <<< TLS 1.0 ChangeCipherSpec [length 0001] [peap] <<< TLS 1.0 Handshake [length 0010], Finished [peap] TLS_accept: unknown state [peap] >>> TLS 1.0 ChangeCipherSpec [length 0001] [peap] TLS_accept: unknown state [peap] >>> TLS 1.0 Handshake [length 0010], Finished [peap] TLS_accept: unknown state [peap] TLS_accept: unknown state [peap] (other): SSL negotiation finished successfully SSL Connection Established [peap] eaptls_process returned 13 [peap] EAPTLS_HANDLED ++[eap] = handled +} # group authenticate = handled Sending Access-Challenge of id 136 to 10.0.0.112 port 49559 EAP-Message = 0x01b1004119001403010001011603010030d80a65f82e543421945047bfffb8568b32f74e15d771fa13c749606cd327976b59982c01493b80fb05b7be718a8c4ab4 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x879bc730842ade1932a29b6d94f6bd82 Finished request 13. Going to the next request Waking up in 4.7 seconds. rad_recv: Access-Request packet from host 10.0.0.112 port 49559, id=137, length=193 User-Name = "damuk" NAS-Identifier = "ThanWiFi-1-2" Called-Station-Id = "E8-DE-27-96-B5-8F:ThanWiFi" NAS-Port-Type = Wireless-802.11 NAS-Port = 1 Calling-Station-Id = "64-B3-10-8D-97-D0" Connect-Info = "CONNECT 54Mbps 802.11g" Acct-Session-Id = "56D94060-000001DE" Framed-MTU = 1400 EAP-Message = 0x02b100061900 State = 0x879bc730842ade1932a29b6d94f6bd82 Message-Authenticator = 0xfae0bdd4bdeb90c850a4a9fbfb6e3fd4 # Executing section authorize from file /etc/freeradius/sites-enabled/default +group authorize { ++[preprocess] = ok ++[chap] = noop ++[mschap] = noop [suffix] No '@' in User-Name = "damuk", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] = noop [eap] EAP packet type response id 177 length 6 [eap] Continuing tunnel setup. ++[eap] = ok +} # group authorize = ok Found Auth-Type = EAP # Executing group from file /etc/freeradius/sites-enabled/default +group authenticate { [eap] Request found, released from the list [eap] EAP/peap [eap] processing type peap [peap] processing EAP-TLS [peap] Received TLS ACK [peap] ACK handshake is finished [peap] eaptls_verify returned 3 [peap] eaptls_process returned 3 [peap] EAPTLS_SUCCESS [peap] Session established. Decoding tunneled attributes. [peap] Peap state TUNNEL ESTABLISHED ++[eap] = handled +} # group authenticate = handled Sending Access-Challenge of id 137 to 10.0.0.112 port 49559 EAP-Message = 0x01b2002b19001703010020ca6c611f03b3201c96b3efa847591370befdd4f9d01dc0ca99c21b5f620d2665 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x879bc7308329de1932a29b6d94f6bd82 Finished request 14. Going to the next request Waking up in 4.7 seconds. rad_recv: Access-Request packet from host 10.0.0.112 port 49559, id=138, length=267 User-Name = "damuk" NAS-Identifier = "ThanWiFi-1-2" Called-Station-Id = "E8-DE-27-96-B5-8F:ThanWiFi" NAS-Port-Type = Wireless-802.11 NAS-Port = 1 Calling-Station-Id = "64-B3-10-8D-97-D0" Connect-Info = "CONNECT 54Mbps 802.11g" Acct-Session-Id = "56D94060-000001DE" Framed-MTU = 1400 EAP-Message = 0x02b20050190017030100203d5f928f9021c88b259f05b8f4141a596619264ffb95484015e4eb9a11c610cd1703010020152fae149be81cd2f7f72ce8fe84c1b8e67889a62152920b2d82e5258f2fb36c State = 0x879bc7308329de1932a29b6d94f6bd82 Message-Authenticator = 0xa7f0fb92dc87ec62cd3a37cd72043fb8 # Executing section authorize from file /etc/freeradius/sites-enabled/default +group authorize { ++[preprocess] = ok ++[chap] = noop ++[mschap] = noop [suffix] No '@' in User-Name = "damuk", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] = noop [eap] EAP packet type response id 178 length 80 [eap] Continuing tunnel setup. ++[eap] = ok +} # group authorize = ok Found Auth-Type = EAP # Executing group from file /etc/freeradius/sites-enabled/default +group authenticate { [eap] Request found, released from the list [eap] EAP/peap [eap] processing type peap [peap] processing EAP-TLS [peap] eaptls_verify returned 7 [peap] Done initial handshake [peap] eaptls_process returned 7 [peap] EAPTLS_OK [peap] Session established. Decoding tunneled attributes. [peap] Peap state WAITING FOR INNER IDENTITY [peap] Identity - damuk [peap] Got inner identity 'damuk ' [peap] Setting default EAP type for tunneled EAP session. [peap] Got tunneled request EAP-Message = 0x02b2000b0164616d756b20 server { [peap] Setting User-Name to damuk Sending tunneled request EAP-Message = 0x02b2000b0164616d756b20 FreeRADIUS-Proxied-To = 127.0.0.1 User-Name = "damuk " server inner-tunnel { # Executing section authorize from file /etc/freeradius/sites-enabled/inner-tunnel +group authorize { ++[chap] = noop ++[mschap] = noop [suffix] No '@' in User-Name = "damuk ", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] = noop ++update control { ++} # update control = noop [eap] EAP packet type response id 178 length 11 [eap] No EAP Start, assuming it's an on-going EAP conversation ++[eap] = updated ++[files] = noop [sql] expand: %{User-Name} -> damuk [sql] sql_set_user escaped user --> 'damuk ' rlm_sql (sql): Reserving sql socket id: 0 [sql] expand: SELECT id, username, attribute, value, op FROM radcheck WHERE username = '%{SQL-User-Name}' ORDER BY id -> SELECT id, username, attribute, value, op FROM radcheck WHERE username = 'damuk ' ORDER BY id [sql] User found in radcheck table [sql] expand: SELECT id, username, attribute, value, op FROM radreply WHERE username = '%{SQL-User-Name}' ORDER BY id -> SELECT id, username, attribute, value, op FROM radreply WHERE username = 'damuk ' ORDER BY id [sql] expand: SELECT groupname FROM radusergroup WHERE username = '%{SQL-User-Name}' ORDER BY priority -> SELECT groupname FROM radusergroup WHERE username = 'damuk ' ORDER BY priority [sql] expand: SELECT id, groupname, attribute, Value, op FROM radgroupcheck WHERE groupname = '%{Sql-Group}' ORDER BY id -> SELECT id, groupname, attribute, Value, op FROM radgroupcheck WHERE groupname = 'Dolgozo' ORDER BY id [sql] User found in group Dolgozo [sql] expand: SELECT id, groupname, attribute, value, op FROM radgroupreply WHERE groupname = '%{Sql-Group}' ORDER BY id -> SELECT id, groupname, attribute, value, op FROM radgroupreply WHERE groupname = 'Dolgozo' ORDER BY id rlm_sql (sql): Released sql socket id: 0 ++[sql] = ok ++[expiration] = noop ++[logintime] = noop [pap] WARNING: Auth-Type already set. Not setting to PAP ++[pap] = noop +} # group authorize = updated Found Auth-Type = EAP # Executing group from file /etc/freeradius/sites-enabled/inner-tunnel +group authenticate { [eap] EAP Identity [eap] processing type mschapv2 rlm_eap_mschapv2: Issuing Challenge ++[eap] = handled +} # group authenticate = handled } # server inner-tunnel [peap] Got tunneled reply code 11 Acct-Interim-Interval := 60 Idle-Timeout := 600 EAP-Message = 0x01b300201a01b3001b10fe8b5c012ba4c4aa69a9ba586345522564616d756b20 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x8ff3ada98f40b792124c72421014311f [peap] Got tunneled reply RADIUS code 11 Acct-Interim-Interval := 60 Idle-Timeout := 600 EAP-Message = 0x01b300201a01b3001b10fe8b5c012ba4c4aa69a9ba586345522564616d756b20 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x8ff3ada98f40b792124c72421014311f [peap] Got tunneled Access-Challenge ++[eap] = handled +} # group authenticate = handled Sending Access-Challenge of id 138 to 10.0.0.112 port 49559 EAP-Message = 0x01b3004b190017030100403e096fcb5b8e568cdac414bad9c5a59d9f619edd793a98239bc813e645a70044e53ba8f0bf279c9241fb47a3a97bffddd861e5de16d46c65935fe1df5a5cd362 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x879bc7308228de1932a29b6d94f6bd82 Finished request 15. Going to the next request Waking up in 4.7 seconds. rad_recv: Access-Request packet from host 10.0.0.112 port 49559, id=139, length=331 User-Name = "damuk" NAS-Identifier = "ThanWiFi-1-2" Called-Station-Id = "E8-DE-27-96-B5-8F:ThanWiFi" NAS-Port-Type = Wireless-802.11 NAS-Port = 1 Calling-Station-Id = "64-B3-10-8D-97-D0" Connect-Info = "CONNECT 54Mbps 802.11g" Acct-Session-Id = "56D94060-000001DE" Framed-MTU = 1400 EAP-Message = 0x02b30090190017030100201c0a4613363978d38741161b719882f780c917f559cea2e13afbd822f5b3f8041703010060eca3725db8ebfd23405d8c4be1a739fc0764bfd9bc0d0d5d205f75ad2bd3bafa70b61b1d845c43b2e0a9492e163740aa12faf227cc1e6129ac9aea6bf492a8892220c17c051bf3aa6346cc8e923ff440ad083e7456bfb0ca86804501b140bd8e State = 0x879bc7308228de1932a29b6d94f6bd82 Message-Authenticator = 0xbf390ee2a5e7a7eef29a53fad5203579 # Executing section authorize from file /etc/freeradius/sites-enabled/default +group authorize { ++[preprocess] = ok ++[chap] = noop ++[mschap] = noop [suffix] No '@' in User-Name = "damuk", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] = noop [eap] EAP packet type response id 179 length 144 [eap] Continuing tunnel setup. ++[eap] = ok +} # group authorize = ok Found Auth-Type = EAP # Executing group from file /etc/freeradius/sites-enabled/default +group authenticate { [eap] Request found, released from the list [eap] EAP/peap [eap] processing type peap [peap] processing EAP-TLS [peap] eaptls_verify returned 7 [peap] Done initial handshake [peap] eaptls_process returned 7 [peap] EAPTLS_OK [peap] Session established. Decoding tunneled attributes. [peap] Peap state phase2 [peap] EAP type mschapv2 [peap] Got tunneled request EAP-Message = 0x02b300411a02b3003c31e7550f154cde3c99746f8800f5f95e8100000000000000007fdda896fadd4d624e5d1f9f6e555e967d8f3e4fc76689590064616d756b20 server { [peap] Setting User-Name to damuk Sending tunneled request EAP-Message = 0x02b300411a02b3003c31e7550f154cde3c99746f8800f5f95e8100000000000000007fdda896fadd4d624e5d1f9f6e555e967d8f3e4fc76689590064616d756b20 FreeRADIUS-Proxied-To = 127.0.0.1 User-Name = "damuk " State = 0x8ff3ada98f40b792124c72421014311f server inner-tunnel { # Executing section authorize from file /etc/freeradius/sites-enabled/inner-tunnel +group authorize { ++[chap] = noop ++[mschap] = noop [suffix] No '@' in User-Name = "damuk ", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] = noop ++update control { ++} # update control = noop [eap] EAP packet type response id 179 length 65 [eap] No EAP Start, assuming it's an on-going EAP conversation ++[eap] = updated ++[files] = noop [sql] expand: %{User-Name} -> damuk [sql] sql_set_user escaped user --> 'damuk ' rlm_sql (sql): Reserving sql socket id: 4 [sql] expand: SELECT id, username, attribute, value, op FROM radcheck WHERE username = '%{SQL-User-Name}' ORDER BY id -> SELECT id, username, attribute, value, op FROM radcheck WHERE username = 'damuk ' ORDER BY id [sql] User found in radcheck table [sql] expand: SELECT id, username, attribute, value, op FROM radreply WHERE username = '%{SQL-User-Name}' ORDER BY id -> SELECT id, username, attribute, value, op FROM radreply WHERE username = 'damuk ' ORDER BY id [sql] expand: SELECT groupname FROM radusergroup WHERE username = '%{SQL-User-Name}' ORDER BY priority -> SELECT groupname FROM radusergroup WHERE username = 'damuk ' ORDER BY priority [sql] expand: SELECT id, groupname, attribute, Value, op FROM radgroupcheck WHERE groupname = '%{Sql-Group}' ORDER BY id -> SELECT id, groupname, attribute, Value, op FROM radgroupcheck WHERE groupname = 'Dolgozo' ORDER BY id [sql] User found in group Dolgozo [sql] expand: SELECT id, groupname, attribute, value, op FROM radgroupreply WHERE groupname = '%{Sql-Group}' ORDER BY id -> SELECT id, groupname, attribute, value, op FROM radgroupreply WHERE groupname = 'Dolgozo' ORDER BY id rlm_sql (sql): Released sql socket id: 4 ++[sql] = ok ++[expiration] = noop ++[logintime] = noop [pap] WARNING: Auth-Type already set. Not setting to PAP ++[pap] = noop +} # group authorize = updated Found Auth-Type = EAP # Executing group from file /etc/freeradius/sites-enabled/inner-tunnel +group authenticate { [eap] Request found, released from the list [eap] EAP/mschapv2 [eap] processing type mschapv2 [mschapv2] # Executing group from file /etc/freeradius/sites-enabled/inner-tunnel [mschapv2] +group MS-CHAP { [mschap] Creating challenge hash with username: damuk [mschap] Client is using MS-CHAPv2 for damuk , we need NT-Password [mschap] adding MS-CHAPv2 MPPE keys ++[mschap] = ok +} # group MS-CHAP = ok MSCHAP Success ++[eap] = handled +} # group authenticate = handled } # server inner-tunnel [peap] Got tunneled reply code 11 Acct-Interim-Interval := 60 Idle-Timeout := 600 EAP-Message = 0x01b400331a03b3002e533d32363937324637433443363443363338453037343238373342343839313334423831454132303541 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x8ff3ada98e47b792124c72421014311f [peap] Got tunneled reply RADIUS code 11 Acct-Interim-Interval := 60 Idle-Timeout := 600 EAP-Message = 0x01b400331a03b3002e533d32363937324637433443363443363338453037343238373342343839313334423831454132303541 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x8ff3ada98e47b792124c72421014311f [peap] Got tunneled Access-Challenge ++[eap] = handled +} # group authenticate = handled Sending Access-Challenge of id 139 to 10.0.0.112 port 49559 EAP-Message = 0x01b4005b190017030100501ab482a7f7f190f7933435378a4e4e91d144ac529abea26e635b9b3a5aece949d875fc0791f01cf493813c72e706c258df6d5b1a07354fdf9d371f227d4bb0c9c09a57528728378d5161126a5f4f7246 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x879bc730812fde1932a29b6d94f6bd82 Finished request 16. Going to the next request Waking up in 4.7 seconds. rad_recv: Access-Request packet from host 10.0.0.112 port 49559, id=140, length=267 User-Name = "damuk" NAS-Identifier = "ThanWiFi-1-2" Called-Station-Id = "E8-DE-27-96-B5-8F:ThanWiFi" NAS-Port-Type = Wireless-802.11 NAS-Port = 1 Calling-Station-Id = "64-B3-10-8D-97-D0" Connect-Info = "CONNECT 54Mbps 802.11g" Acct-Session-Id = "56D94060-000001DE" Framed-MTU = 1400 EAP-Message = 0x02b40050190017030100200bb339d619857d01c77b55adf746cf3384f1f93a89fc437d32b0db505baacf2c1703010020e458ece0b5b1704c8d7901282ee09034f51907429eb421eda7fa164c9b07b8a8 State = 0x879bc730812fde1932a29b6d94f6bd82 Message-Authenticator = 0x42d117a8100bdd30b0e33bab3e60e6c8 # Executing section authorize from file /etc/freeradius/sites-enabled/default +group authorize { ++[preprocess] = ok ++[chap] = noop ++[mschap] = noop [suffix] No '@' in User-Name = "damuk", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] = noop [eap] EAP packet type response id 180 length 80 [eap] Continuing tunnel setup. ++[eap] = ok +} # group authorize = ok Found Auth-Type = EAP # Executing group from file /etc/freeradius/sites-enabled/default +group authenticate { [eap] Request found, released from the list [eap] EAP/peap [eap] processing type peap [peap] processing EAP-TLS [peap] eaptls_verify returned 7 [peap] Done initial handshake [peap] eaptls_process returned 7 [peap] EAPTLS_OK [peap] Session established. Decoding tunneled attributes. [peap] Peap state phase2 [peap] EAP type mschapv2 [peap] Got tunneled request EAP-Message = 0x02b400061a03 server { [peap] Setting User-Name to damuk Sending tunneled request EAP-Message = 0x02b400061a03 FreeRADIUS-Proxied-To = 127.0.0.1 User-Name = "damuk " State = 0x8ff3ada98e47b792124c72421014311f server inner-tunnel { # Executing section authorize from file /etc/freeradius/sites-enabled/inner-tunnel +group authorize { ++[chap] = noop ++[mschap] = noop [suffix] No '@' in User-Name = "damuk ", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] = noop ++update control { ++} # update control = noop [eap] EAP packet type response id 180 length 6 [eap] No EAP Start, assuming it's an on-going EAP conversation ++[eap] = updated ++[files] = noop [sql] expand: %{User-Name} -> damuk [sql] sql_set_user escaped user --> 'damuk ' rlm_sql (sql): Reserving sql socket id: 3 [sql] expand: SELECT id, username, attribute, value, op FROM radcheck WHERE username = '%{SQL-User-Name}' ORDER BY id -> SELECT id, username, attribute, value, op FROM radcheck WHERE username = 'damuk ' ORDER BY id [sql] User found in radcheck table [sql] expand: SELECT id, username, attribute, value, op FROM radreply WHERE username = '%{SQL-User-Name}' ORDER BY id -> SELECT id, username, attribute, value, op FROM radreply WHERE username = 'damuk ' ORDER BY id [sql] expand: SELECT groupname FROM radusergroup WHERE username = '%{SQL-User-Name}' ORDER BY priority -> SELECT groupname FROM radusergroup WHERE username = 'damuk ' ORDER BY priority [sql] expand: SELECT id, groupname, attribute, Value, op FROM radgroupcheck WHERE groupname = '%{Sql-Group}' ORDER BY id -> SELECT id, groupname, attribute, Value, op FROM radgroupcheck WHERE groupname = 'Dolgozo' ORDER BY id [sql] User found in group Dolgozo [sql] expand: SELECT id, groupname, attribute, value, op FROM radgroupreply WHERE groupname = '%{Sql-Group}' ORDER BY id -> SELECT id, groupname, attribute, value, op FROM radgroupreply WHERE groupname = 'Dolgozo' ORDER BY id rlm_sql (sql): Released sql socket id: 3 ++[sql] = ok ++[expiration] = noop ++[logintime] = noop [pap] WARNING: Auth-Type already set. Not setting to PAP ++[pap] = noop +} # group authorize = updated Found Auth-Type = EAP # Executing group from file /etc/freeradius/sites-enabled/inner-tunnel +group authenticate { [eap] Request found, released from the list [eap] EAP/mschapv2 [eap] processing type mschapv2 [eap] Freeing handler ++[eap] = ok +} # group authenticate = ok Login OK: [damuk /] (from client ThanWiFi-1-2 port 0 via TLS tunnel) # Executing section post-auth from file /etc/freeradius/sites-enabled/inner-tunnel +group post-auth { [sql] expand: %{User-Name} -> damuk [sql] sql_set_user escaped user --> 'damuk ' [sql] expand: %{User-Password} -> [sql] ... expanding second conditional [sql] expand: %{Chap-Password} -> [sql] expand: INSERT INTO radpostauth (username, pass, reply, authdate) VALUES ( '%{User-Name}', '%{%{User-Password}:-%{Chap-Password}}', '%{reply:Packet-Type}', '%S') -> INSERT INTO radpostauth (username, pass, reply, authdate) VALUES ( 'damuk ', '', 'Access-Accept', '2016-03-07 17:08:26') rlm_sql (sql) in sql_postauth: query is INSERT INTO radpostauth (username, pass, reply, authdate) VALUES ( 'damuk ', '', 'Access-Accept', '2016-03-07 17:08:26') rlm_sql (sql): Reserving sql socket id: 2 rlm_sql (sql): Released sql socket id: 2 ++[sql] = ok +} # group post-auth = ok } # server inner-tunnel [peap] Got tunneled reply code 2 Acct-Interim-Interval := 60 Idle-Timeout := 600 MS-MPPE-Encryption-Policy = 0x00000002 MS-MPPE-Encryption-Types = 0x00000004 MS-MPPE-Send-Key = 0x4f2ea275af88d0f5a8539b487cf4f5a6 MS-MPPE-Recv-Key = 0x355ad97c07a8af37be9ca257441bb7ce EAP-Message = 0x03b40004 Message-Authenticator = 0x00000000000000000000000000000000 User-Name = "damuk " [peap] Got tunneled reply RADIUS code 2 Acct-Interim-Interval := 60 Idle-Timeout := 600 MS-MPPE-Encryption-Policy = 0x00000002 MS-MPPE-Encryption-Types = 0x00000004 MS-MPPE-Send-Key = 0x4f2ea275af88d0f5a8539b487cf4f5a6 MS-MPPE-Recv-Key = 0x355ad97c07a8af37be9ca257441bb7ce EAP-Message = 0x03b40004 Message-Authenticator = 0x00000000000000000000000000000000 User-Name = "damuk " [peap] Tunneled authentication was successful. [peap] SUCCESS ++[eap] = handled +} # group authenticate = handled Sending Access-Challenge of id 140 to 10.0.0.112 port 49559 EAP-Message = 0x01b5002b1900170301002089c05c90265a39b8becf05c4f56ba6b105b4a8870949fb473f07461a95f1550a Message-Authenticator = 0x00000000000000000000000000000000 State = 0x879bc730802ede1932a29b6d94f6bd82 Finished request 17. Going to the next request Waking up in 4.7 seconds. rad_recv: Access-Request packet from host 10.0.0.112 port 49559, id=141, length=267 User-Name = "damuk" NAS-Identifier = "ThanWiFi-1-2" Called-Station-Id = "E8-DE-27-96-B5-8F:ThanWiFi" NAS-Port-Type = Wireless-802.11 NAS-Port = 1 Calling-Station-Id = "64-B3-10-8D-97-D0" Connect-Info = "CONNECT 54Mbps 802.11g" Acct-Session-Id = "56D94060-000001DE" Framed-MTU = 1400 EAP-Message = 0x02b50050190017030100207c3ae8fabae8664501cd59dda12a53360686320f395400b4629aac6ab283a8b71703010020bbc0a03372ec525aed68246c3be24d7adbbeef110827cc89e793f15cdb97a7e4 State = 0x879bc730802ede1932a29b6d94f6bd82 Message-Authenticator = 0x1e4b9b29a7142f2e0443abb8c468dec7 # Executing section authorize from file /etc/freeradius/sites-enabled/default +group authorize { ++[preprocess] = ok ++[chap] = noop ++[mschap] = noop [suffix] No '@' in User-Name = "damuk", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] = noop [eap] EAP packet type response id 181 length 80 [eap] Continuing tunnel setup. ++[eap] = ok +} # group authorize = ok Found Auth-Type = EAP # Executing group from file /etc/freeradius/sites-enabled/default +group authenticate { [eap] Request found, released from the list [eap] EAP/peap [eap] processing type peap [peap] processing EAP-TLS [peap] eaptls_verify returned 7 [peap] Done initial handshake [peap] eaptls_process returned 7 [peap] EAPTLS_OK [peap] Session established. Decoding tunneled attributes. [peap] Peap state send tlv success [peap] Received EAP-TLV response. [peap] Success [eap] Freeing handler ++[eap] = ok +} # group authenticate = ok Login OK: [damuk/] (from client ThanWiFi-1-2 port 1 cli 64-B3-10-8D-97-D0) # Executing section post-auth from file /etc/freeradius/sites-enabled/default +group post-auth { [sql] expand: %{User-Name} -> damuk [sql] sql_set_user escaped user --> 'damuk' [sql] expand: %{User-Password} -> [sql] ... expanding second conditional [sql] expand: %{Chap-Password} -> [sql] expand: INSERT INTO radpostauth (username, pass, reply, authdate) VALUES ( '%{User-Name}', '%{%{User-Password}:-%{Chap-Password}}', '%{reply:Packet-Type}', '%S') -> INSERT INTO radpostauth (username, pass, reply, authdate) VALUES ( 'damuk', '', 'Access-Accept', '2016-03-07 17:08:26') rlm_sql (sql) in sql_postauth: query is INSERT INTO radpostauth (username, pass, reply, authdate) VALUES ( 'damuk', '', 'Access-Accept', '2016-03-07 17:08:26') rlm_sql (sql): Reserving sql socket id: 1 rlm_sql (sql): Released sql socket id: 1 ++[sql] = ok ++[exec] = noop +} # group post-auth = ok Sending Access-Accept of id 141 to 10.0.0.112 port 49559 MS-MPPE-Recv-Key = 0xe15fb215486c38785d6ce3782d9ab374c43c7b9611f7d6da2abe5ac615138df6 MS-MPPE-Send-Key = 0x6f46923eda1080c66edf58b00f606664ecf7d0c18702c61135b22b88251db34f EAP-Message = 0x03b50004 Message-Authenticator = 0x00000000000000000000000000000000 User-Name = "damuk" Finished request 18. Going to the next request Waking up in 4.7 seconds. rad_recv: Accounting-Request packet from host 10.0.0.112 port 51279, id=142, length=174 Acct-Session-Id = "56D94060-000001DE" Acct-Status-Type = Start Acct-Authentic = RADIUS User-Name = "damuk" NAS-Identifier = "ThanWiFi-1-2" Called-Station-Id = "E8-DE-27-96-B5-8F:ThanWiFi" NAS-Port-Type = Wireless-802.11 NAS-Port = 1 Calling-Station-Id = "64-B3-10-8D-97-D0" Connect-Info = "CONNECT 54Mbps 802.11g" Acct-Session-Id = "56D94060-000001DE" # Executing section preacct from file /etc/freeradius/sites-enabled/default +group preacct { ++[preprocess] = ok [acct_unique] Hashing 'NAS-Port = 1,NAS-Identifier = "ThanWiFi-1-2",NAS-IP-Address = 10.0.0.112,Acct-Session-Id = "56D94060-000001DE",User-Name = "damuk"' [acct_unique] Acct-Unique-Session-ID = "6d39ed8a84bf6eba". ++[acct_unique] = ok [suffix] No '@' in User-Name = "damuk", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] = noop ++[files] = noop +} # group preacct = ok # Executing section accounting from file /etc/freeradius/sites-enabled/default +group accounting { [detail] expand: %{Packet-Src-IP-Address} -> 10.0.0.112 [detail] expand: /var/log/freeradius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/detail-%Y%m%d -> /var/log/freeradius/radacct/10.0.0.112/detail-20160307 [detail] /var/log/freeradius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/detail-%Y%m%d expands to /var/log/freeradius/radacct/10.0.0.112/detail-20160307 [detail] expand: %t -> Mon Mar 7 17:08:26 2016 ++[detail] = ok ++[unix] = ok [radutmp] expand: /var/log/freeradius/radutmp -> /var/log/freeradius/radutmp [radutmp] expand: %{User-Name} -> damuk ++[radutmp] = ok [sql] expand: %{User-Name} -> damuk [sql] sql_set_user escaped user --> 'damuk' [sql] expand: %{Acct-Delay-Time} -> [sql] ... expanding second conditional [sql] expand: INSERT INTO radacct (acctsessionid, acctuniqueid, username, realm, nasipaddress, nasportid, nasporttype, acctstarttime, acctstoptime, acctsessiontime, acctauthentic, connectinfo_start, connectinfo_stop, acctinputoctets, acctoutputoctets, calledstationid, callingstationid, acctterminatecause, servicetype, framedprotocol, framedipaddress, acctstartdelay, acctstopdelay, xascendsessionsvrkey) VALUES ('%{Acct-Session-Id}', '%{Acct-Unique-Session-Id}', '%{SQL-User-Name}', '%{Realm}', '%{NAS-IP-Address}', '%{NAS-Port}', '%{NAS-Port-Type}', '%S', NULL, '0', '%{Acct-Authentic}', '%{Connect-Info}', '', '0', '0', '%{Called-Station-Id}', '%{Calling-Station-Id}', '', '%{Service-Type}', '%{Framed-Protocol}', '%{Framed-IP-Address}', rlm_sql (sql): Reserving sql socket id: 0 rlm_sql (sql): Released sql socket id: 0 ++[sql] = ok ++[exec] = noop [attr_filter.accounting_response] expand: %{User-Name} -> damuk attr_filter: Matched entry DEFAULT at line 12 ++[attr_filter.accounting_response] = updated +} # group accounting = updated Sending Accounting-Response of id 142 to 10.0.0.112 port 51279 Finished request 19. Cleaning up request 19 ID 142 with timestamp +119 Going to the next request Waking up in 4.6 seconds. Cleaning up request 10 ID 133 with timestamp +118 Waking up in 0.1 seconds. Cleaning up request 11 ID 134 with timestamp +118 Cleaning up request 12 ID 135 with timestamp +119 Cleaning up request 13 ID 136 with timestamp +119 Cleaning up request 14 ID 137 with timestamp +119 Cleaning up request 15 ID 138 with timestamp +119 Cleaning up request 16 ID 139 with timestamp +119 Cleaning up request 17 ID 140 with timestamp +119 Cleaning up request 18 ID 141 with timestamp +119 Ready to process requests. rad_recv: Access-Request packet from host 10.0.0.131 port 46766, id=182, length=179 User-Name = "damuk" NAS-Identifier = "ThanWiFi-3-1" Called-Station-Id = "C4-6E-1F-31-EE-F2:ThanWiFi" NAS-Port-Type = Wireless-802.11 NAS-Port = 3 Calling-Station-Id = "64-B3-10-8D-97-D0" Connect-Info = "CONNECT 54Mbps 802.11g" Acct-Session-Id = "56D94100-0000021D" Framed-MTU = 1400 EAP-Message = 0x027b000a0164616d756b Message-Authenticator = 0xcaea31c808acb48f6c95fe412082015b # Executing section authorize from file /etc/freeradius/sites-enabled/default +group authorize { ++[preprocess] = ok ++[chap] = noop ++[mschap] = noop [suffix] No '@' in User-Name = "damuk", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] = noop [eap] EAP packet type response id 123 length 10 [eap] No EAP Start, assuming it's an on-going EAP conversation ++[eap] = updated ++[unix] = notfound ++[files] = noop [sql] expand: %{User-Name} -> damuk [sql] sql_set_user escaped user --> 'damuk' rlm_sql (sql): Reserving sql socket id: 4 [sql] expand: SELECT id, username, attribute, value, op FROM radcheck WHERE username = '%{SQL-User-Name}' ORDER BY id -> SELECT id, username, attribute, value, op FROM radcheck WHERE username = 'damuk' ORDER BY id [sql] User found in radcheck table [sql] expand: SELECT id, username, attribute, value, op FROM radreply WHERE username = '%{SQL-User-Name}' ORDER BY id -> SELECT id, username, attribute, value, op FROM radreply WHERE username = 'damuk' ORDER BY id [sql] expand: SELECT groupname FROM radusergroup WHERE username = '%{SQL-User-Name}' ORDER BY priority -> SELECT groupname FROM radusergroup WHERE username = 'damuk' ORDER BY priority [sql] expand: SELECT id, groupname, attribute, Value, op FROM radgroupcheck WHERE groupname = '%{Sql-Group}' ORDER BY id -> SELECT id, groupname, attribute, Value, op FROM radgroupcheck WHERE groupname = 'Dolgozo' ORDER BY id [sql] User found in group Dolgozo [sql] expand: SELECT id, groupname, attribute, value, op FROM radgroupreply WHERE groupname = '%{Sql-Group}' ORDER BY id -> SELECT id, groupname, attribute, value, op FROM radgroupreply WHERE groupname = 'Dolgozo' ORDER BY id rlm_sql (sql): Released sql socket id: 4 ++[sql] = ok rlm_sqlcounter: Entering module authorize code rlm_sqlcounter: Could not find Check item value pair ++[dailycounter] = noop rlm_sqlcounter: Entering module authorize code rlm_sqlcounter: Could not find Check item value pair ++[monthlycounter] = noop rlm_sqlcounter: Entering module authorize code rlm_sqlcounter: Could not find Check item value pair ++[weeklycounter] = noop rlm_sqlcounter: Entering module authorize code rlm_sqlcounter: Could not find Check item value pair ++[quaterlycounter] = noop rlm_sqlcounter: Entering module authorize code rlm_sqlcounter: Could not find Check item value pair ++[yearlycounter] = noop rlm_sqlcounter: Entering module authorize code rlm_sqlcounter: Could not find Check item value pair ++[noresetcounter] = noop rlm_sqlcounter: Entering module authorize code rlm_sqlcounter: Could not find Check item value pair ++[accessperiod] = noop rlm_sqlcounter: Entering module authorize code rlm_sqlcounter: Could not find Check item value pair ++[counterChilliSpotMaxTotalOctetsDaily] = noop rlm_sqlcounter: Entering module authorize code rlm_sqlcounter: Could not find Check item value pair ++[counterChilliSpotMaxTotalOctetsWeekly] = noop rlm_sqlcounter: Entering module authorize code rlm_sqlcounter: Could not find Check item value pair ++[counterChilliSpotMaxTotalOctetsMonthly] = noop rlm_sqlcounter: Entering module authorize code rlm_sqlcounter: Could not find Check item value pair ++[counterChilliSpotMaxTotalOctetsQuarterly] = noop rlm_sqlcounter: Entering module authorize code rlm_sqlcounter: Could not find Check item value pair ++[counterChilliSpotMaxTotalOctetsYearly] = noop rlm_sqlcounter: Entering module authorize code rlm_sqlcounter: Could not find Check item value pair ++[counterChilliSpotMaxTotalOctetsAll] = noop rlm_sqlcounter: Entering module authorize code rlm_sqlcounter: Could not find Check item value pair ++[counterChilliSpotMaxInputOctetsDaily] = noop rlm_sqlcounter: Entering module authorize code rlm_sqlcounter: Could not find Check item value pair ++[counterChilliSpotMaxInputOctetsWeekly] = noop rlm_sqlcounter: Entering module authorize code rlm_sqlcounter: Could not find Check item value pair ++[counterChilliSpotMaxInputOctetsMonthly] = noop rlm_sqlcounter: Entering module authorize code rlm_sqlcounter: Could not find Check item value pair ++[counterChilliSpotMaxInputOctetsQuarterly] = noop rlm_sqlcounter: Entering module authorize code rlm_sqlcounter: Could not find Check item value pair ++[counterChilliSpotMaxInputOctetsYearly] = noop rlm_sqlcounter: Entering module authorize code rlm_sqlcounter: Could not find Check item value pair ++[counterChilliSpotMaxInputOctetsAll] = noop rlm_sqlcounter: Entering module authorize code rlm_sqlcounter: Could not find Check item value pair ++[counterChilliSpotMaxOutputOctetsDaily] = noop rlm_sqlcounter: Entering module authorize code rlm_sqlcounter: Could not find Check item value pair ++[counterChilliSpotMaxOutputOctetsWeekly] = noop rlm_sqlcounter: Entering module authorize code rlm_sqlcounter: Could not find Check item value pair ++[counterChilliSpotMaxOutputOctetsMonthly] = noop rlm_sqlcounter: Entering module authorize code rlm_sqlcounter: Could not find Check item value pair ++[counterChilliSpotMaxOutputOctetsQuarterly] = noop rlm_sqlcounter: Entering module authorize code rlm_sqlcounter: Could not find Check item value pair ++[counterChilliSpotMaxOutputOctetsYearly] = noop rlm_sqlcounter: Entering module authorize code rlm_sqlcounter: Could not find Check item value pair ++[counterChilliSpotMaxOutputOctetsAll] = noop ++[expiration] = noop ++[logintime] = noop [pap] WARNING: Auth-Type already set. Not setting to PAP ++[pap] = noop +} # group authorize = updated Found Auth-Type = EAP # Executing group from file /etc/freeradius/sites-enabled/default +group authenticate { [eap] EAP Identity [eap] processing type tls [tls] Initiate [tls] Start returned 1 ++[eap] = handled +} # group authenticate = handled Sending Access-Challenge of id 182 to 10.0.0.131 port 46766 Acct-Interim-Interval := 60 Idle-Timeout := 600 EAP-Message = 0x017c00061920 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x994149d6993d504e8ae398c78554459c Finished request 20. Going to the next request Waking up in 4.9 seconds. rad_recv: Access-Request packet from host 10.0.0.131 port 46766, id=183, length=387 User-Name = "damuk" NAS-Identifier = "ThanWiFi-3-1" Called-Station-Id = "C4-6E-1F-31-EE-F2:ThanWiFi" NAS-Port-Type = Wireless-802.11 NAS-Port = 3 Calling-Station-Id = "64-B3-10-8D-97-D0" Connect-Info = "CONNECT 54Mbps 802.11g" Acct-Session-Id = "56D94100-0000021D" Framed-MTU = 1400 EAP-Message = 0x027c00c81980000000be16030100b9010000b5030156dda7ac4bfe39a9ad0caa8999f69714f4c345accaf8d0c4d1e64c6c3db55cab000048c014c00a00390038c00fc0050035c012c00800160013c00dc003000ac013c00900330032c00ec004002fc011c007c00cc002000500040015001200090014001100080006000300ff01000044000b000403000102000a00340032000100020003000400050006000700080009000a000b000c000d000e000f001000110012001300140015001600170018001900230000 State = 0x994149d6993d504e8ae398c78554459c Message-Authenticator = 0x0cd1a27f4bad2625ee71f4631719c639 # Executing section authorize from file /etc/freeradius/sites-enabled/default +group authorize { ++[preprocess] = ok ++[chap] = noop ++[mschap] = noop [suffix] No '@' in User-Name = "damuk", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] = noop [eap] EAP packet type response id 124 length 200 [eap] Continuing tunnel setup. ++[eap] = ok +} # group authorize = ok Found Auth-Type = EAP # Executing group from file /etc/freeradius/sites-enabled/default +group authenticate { [eap] Request found, released from the list [eap] EAP/peap [eap] processing type peap [peap] processing EAP-TLS TLS Length 190 [peap] Length Included [peap] eaptls_verify returned 11 [peap] (other): before/accept initialization [peap] TLS_accept: before/accept initialization [peap] <<< TLS 1.0 Handshake [length 00b9], ClientHello [peap] TLS_accept: unknown state [peap] >>> TLS 1.0 Handshake [length 0039], ServerHello [peap] TLS_accept: unknown state [peap] >>> TLS 1.0 Handshake [length 02c4], Certificate [peap] TLS_accept: unknown state [peap] >>> TLS 1.0 Handshake [length 014b], ServerKeyExchange [peap] TLS_accept: unknown state [peap] >>> TLS 1.0 Handshake [length 0004], ServerHelloDone [peap] TLS_accept: unknown state [peap] TLS_accept: unknown state [peap] TLS_accept: Need to read more data: unknown state In SSL Handshake Phase In SSL Accept mode [peap] eaptls_process returned 13 [peap] EAPTLS_HANDLED ++[eap] = handled +} # group authenticate = handled Sending Access-Challenge of id 183 to 10.0.0.131 port 46766 EAP-Message = 0x017d040019c000000460160301003902000035030123df20e0b47708a7ad3bd86435c7b84801266ce417e9424208650e859f732c8f00c01400000dff01000100000b00040300010216030102c40b0002c00002bd0002ba308202b63082019ea0030201020209009989ad7dff6b022b300d06092a864886f70d01010b050030133111300f06035504030c085468616e57694669301e170d3136303330353133343331305a170d3236303330333133343331305a30133111300f06035504030c085468616e5769466930820122300d06092a864886f70d01010105000382010f003082010a0282010100ad9d4ac7dc70296afa82ca4a408b3248c2a9fd9f EAP-Message = 0x24e82f792dcbc58c5cc2c51e21d320e0203b631097ec7fbed2ad2f467ec62f07cf3801f9e335b3c1dec9d39471d543232226645c6023b65c26ed7589806628ab8229ded32e07936fb1e1181f5c140194acacd90dd091537413ca60e45a0f20308d1562b6fe7c452b4b4fc0567c6934d74cd40de68b76bb59d39db4e671ef6fd2588b244d2b476e9d06a6943735f49944e0c720b332529eb6bd65b2388f5ec4240926d8d3818bb19fabd04162543fdf521b1434e35966d39dfc4eecf8f5612a78fcd15773b667486e7a760a3a1f6180ea9c7bfb1200670537a1ab7b1bfd36d311a5778bd485276c5f293bab9b0203010001a30d300b30090603551d1304 EAP-Message = 0x023000300d06092a864886f70d01010b050003820101001fa3d9f0bd880af1ad3cfe6e704027f13a874fc4f8be0dc65cdac8f5cbf9f88da5c2bf9edf195cf601d7f71b2237862f3616f7411cc660537a66c18e05e869c55dda84a7691aca8142cab247db8a12028f1cc6d5a67e92d9e64734fff22b1d7b7922872189407053d489c2cb416cffc54ec784c7b79a66f8d713e0e35b82e3713c1b85c9c1fb385a0369ee2ac37be476f25737f905eca7bc6568bec3ffe338aa34f2319b37b59c747cd328f60555ebe51f9d65567bc5f16305cb7a44911d57379eaa85b5254d8616da1cff944ab3f4b9eecd282cdc122719a1031b2613b46c5943362c43bb8c EAP-Message = 0x1c117142310b05b1176ac4922b9e4473ac6966e407489bb55204160301014b0c0001470300174104c38af050ffb2b0e4db667f63f229e76078c6b1641d13d8fd73ad4521598b71ec552b026ef4442f16e9bd7982ab6e53d0dad33725291167d47821f8c92fd7367301006dba4d983d94c0ae9f9bf05647b40d34f301d657b8ba78b406b1e3e926069004210b69e75b460f4c09f997342679dade2995bc5738482d3289c74d8b16b676d487ce652019b382efbca0b404c7f6ee79cc86642c8a4a1d8a96c956060f6355cd18e9fd075e84d1e19400bcc792f0baf15c697cbdf1985679dcddaf4c7cb92857f4a27566fb164954ac1eafa859f363c7e78d02 EAP-Message = 0xffd8cc9325b001b2ed3f67d7 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x994149d6983c504e8ae398c78554459c Finished request 21. Going to the next request Waking up in 4.8 seconds. rad_recv: Access-Request packet from host 10.0.0.131 port 46766, id=184, length=193 User-Name = "damuk" NAS-Identifier = "ThanWiFi-3-1" Called-Station-Id = "C4-6E-1F-31-EE-F2:ThanWiFi" NAS-Port-Type = Wireless-802.11 NAS-Port = 3 Calling-Station-Id = "64-B3-10-8D-97-D0" Connect-Info = "CONNECT 54Mbps 802.11g" Acct-Session-Id = "56D94100-0000021D" Framed-MTU = 1400 EAP-Message = 0x027d00061900 State = 0x994149d6983c504e8ae398c78554459c Message-Authenticator = 0x3f98fb7f259932fc7e8cfcb24af6adc5 # Executing section authorize from file /etc/freeradius/sites-enabled/default +group authorize { ++[preprocess] = ok ++[chap] = noop ++[mschap] = noop [suffix] No '@' in User-Name = "damuk", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] = noop [eap] EAP packet type response id 125 length 6 [eap] Continuing tunnel setup. ++[eap] = ok +} # group authorize = ok Found Auth-Type = EAP # Executing group from file /etc/freeradius/sites-enabled/default +group authenticate { [eap] Request found, released from the list [eap] EAP/peap [eap] processing type peap [peap] processing EAP-TLS [peap] Received TLS ACK [peap] ACK handshake fragment handler [peap] eaptls_verify returned 1 [peap] eaptls_process returned 13 [peap] EAPTLS_HANDLED ++[eap] = handled +} # group authenticate = handled Sending Access-Challenge of id 184 to 10.0.0.131 port 46766 EAP-Message = 0x017e007019004275ee36c2dc81f7252fce1a480fc6394d9cf7180b32539ba0bd50be98ea6ca6891c18f4c5621436dac2ba31255b196cfef4dfc8173b0c0d7d957c68bf8e58aa8ef0205909d036b1935279dd0f4c1424db405f5ccb9d1e3806b39c8fe51c656b6f16030100040e000000 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x994149d69b3f504e8ae398c78554459c Finished request 22. Going to the next request Waking up in 4.8 seconds. rad_recv: Access-Request packet from host 10.0.0.131 port 46766, id=185, length=331 User-Name = "damuk" NAS-Identifier = "ThanWiFi-3-1" Called-Station-Id = "C4-6E-1F-31-EE-F2:ThanWiFi" NAS-Port-Type = Wireless-802.11 NAS-Port = 3 Calling-Station-Id = "64-B3-10-8D-97-D0" Connect-Info = "CONNECT 54Mbps 802.11g" Acct-Session-Id = "56D94100-0000021D" Framed-MTU = 1400 EAP-Message = 0x027e0090198000000086160301004610000042410477470a63a1bdb5f9dfab6fcf3fcbe5862b9adfcfb68ecf0b0c709a91499f541e78848b31eac32086cab6521aa6db99d56606d2065b8dcc0aa4a808a24181c1161403010001011603010030d14022e3fe939d170cd474ad23ca69be9ebc3de4270b00c7157c039f4a2d1cfc10bf56b6049b2451890e80879864e1ac State = 0x994149d69b3f504e8ae398c78554459c Message-Authenticator = 0xb1e25f4ceb63c4c70722847e2abd03be # Executing section authorize from file /etc/freeradius/sites-enabled/default +group authorize { ++[preprocess] = ok ++[chap] = noop ++[mschap] = noop [suffix] No '@' in User-Name = "damuk", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] = noop [eap] EAP packet type response id 126 length 144 [eap] Continuing tunnel setup. ++[eap] = ok +} # group authorize = ok Found Auth-Type = EAP # Executing group from file /etc/freeradius/sites-enabled/default +group authenticate { [eap] Request found, released from the list [eap] EAP/peap [eap] processing type peap [peap] processing EAP-TLS TLS Length 134 [peap] Length Included [peap] eaptls_verify returned 11 [peap] <<< TLS 1.0 Handshake [length 0046], ClientKeyExchange [peap] TLS_accept: unknown state [peap] <<< TLS 1.0 ChangeCipherSpec [length 0001] [peap] <<< TLS 1.0 Handshake [length 0010], Finished [peap] TLS_accept: unknown state [peap] >>> TLS 1.0 ChangeCipherSpec [length 0001] [peap] TLS_accept: unknown state [peap] >>> TLS 1.0 Handshake [length 0010], Finished [peap] TLS_accept: unknown state [peap] TLS_accept: unknown state [peap] (other): SSL negotiation finished successfully SSL Connection Established [peap] eaptls_process returned 13 [peap] EAPTLS_HANDLED ++[eap] = handled +} # group authenticate = handled Sending Access-Challenge of id 185 to 10.0.0.131 port 46766 EAP-Message = 0x017f00411900140301000101160301003023f524ef4e35d75c2424f174a17f8751de84b744a5998545bce2c7ec6a7a387be56417ba8727b1eb2e0ccbc90eddc665 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x994149d69a3e504e8ae398c78554459c Finished request 23. Going to the next request Waking up in 4.8 seconds. rad_recv: Access-Request packet from host 10.0.0.131 port 46766, id=186, length=193 User-Name = "damuk" NAS-Identifier = "ThanWiFi-3-1" Called-Station-Id = "C4-6E-1F-31-EE-F2:ThanWiFi" NAS-Port-Type = Wireless-802.11 NAS-Port = 3 Calling-Station-Id = "64-B3-10-8D-97-D0" Connect-Info = "CONNECT 54Mbps 802.11g" Acct-Session-Id = "56D94100-0000021D" Framed-MTU = 1400 EAP-Message = 0x027f00061900 State = 0x994149d69a3e504e8ae398c78554459c Message-Authenticator = 0xa19e256fddf3df33e9aad3e3df71a98d # Executing section authorize from file /etc/freeradius/sites-enabled/default +group authorize { ++[preprocess] = ok ++[chap] = noop ++[mschap] = noop [suffix] No '@' in User-Name = "damuk", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] = noop [eap] EAP packet type response id 127 length 6 [eap] Continuing tunnel setup. ++[eap] = ok +} # group authorize = ok Found Auth-Type = EAP # Executing group from file /etc/freeradius/sites-enabled/default +group authenticate { [eap] Request found, released from the list [eap] EAP/peap [eap] processing type peap [peap] processing EAP-TLS [peap] Received TLS ACK [peap] ACK handshake is finished [peap] eaptls_verify returned 3 [peap] eaptls_process returned 3 [peap] EAPTLS_SUCCESS [peap] Session established. Decoding tunneled attributes. [peap] Peap state TUNNEL ESTABLISHED ++[eap] = handled +} # group authenticate = handled Sending Access-Challenge of id 186 to 10.0.0.131 port 46766 EAP-Message = 0x0180002b19001703010020380b1da4f804f6c8f3d8ebfeb6a5c00becbd8ba9228ea57bd76ad90fb5aed986 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x994149d69dc1504e8ae398c78554459c Finished request 24. Going to the next request Waking up in 4.8 seconds. rad_recv: Access-Request packet from host 10.0.0.131 port 46766, id=187, length=267 User-Name = "damuk" NAS-Identifier = "ThanWiFi-3-1" Called-Station-Id = "C4-6E-1F-31-EE-F2:ThanWiFi" NAS-Port-Type = Wireless-802.11 NAS-Port = 3 Calling-Station-Id = "64-B3-10-8D-97-D0" Connect-Info = "CONNECT 54Mbps 802.11g" Acct-Session-Id = "56D94100-0000021D" Framed-MTU = 1400 EAP-Message = 0x028000501900170301002029b9d1408fa37d181a2a6b748b5585ff3320bd8929943d156ddc9c71aebbeed1170301002010258efc5a1d26eb02db0f2f57862bf19389d5d0a833d9f8912eaf2dee4570a6 State = 0x994149d69dc1504e8ae398c78554459c Message-Authenticator = 0xc614b3bc209230d552161c88ef4f72fd # Executing section authorize from file /etc/freeradius/sites-enabled/default +group authorize { ++[preprocess] = ok ++[chap] = noop ++[mschap] = noop [suffix] No '@' in User-Name = "damuk", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] = noop [eap] EAP packet type response id 128 length 80 [eap] Continuing tunnel setup. ++[eap] = ok +} # group authorize = ok Found Auth-Type = EAP # Executing group from file /etc/freeradius/sites-enabled/default +group authenticate { [eap] Request found, released from the list [eap] EAP/peap [eap] processing type peap [peap] processing EAP-TLS [peap] eaptls_verify returned 7 [peap] Done initial handshake [peap] eaptls_process returned 7 [peap] EAPTLS_OK [peap] Session established. Decoding tunneled attributes. [peap] Peap state WAITING FOR INNER IDENTITY [peap] Identity - damuk [peap] Got inner identity 'damuk ' [peap] Setting default EAP type for tunneled EAP session. [peap] Got tunneled request EAP-Message = 0x0280000b0164616d756b20 server { [peap] Setting User-Name to damuk Sending tunneled request EAP-Message = 0x0280000b0164616d756b20 FreeRADIUS-Proxied-To = 127.0.0.1 User-Name = "damuk " server inner-tunnel { # Executing section authorize from file /etc/freeradius/sites-enabled/inner-tunnel +group authorize { ++[chap] = noop ++[mschap] = noop [suffix] No '@' in User-Name = "damuk ", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] = noop ++update control { ++} # update control = noop [eap] EAP packet type response id 128 length 11 [eap] No EAP Start, assuming it's an on-going EAP conversation ++[eap] = updated ++[files] = noop [sql] expand: %{User-Name} -> damuk [sql] sql_set_user escaped user --> 'damuk ' rlm_sql (sql): Reserving sql socket id: 3 [sql] expand: SELECT id, username, attribute, value, op FROM radcheck WHERE username = '%{SQL-User-Name}' ORDER BY id -> SELECT id, username, attribute, value, op FROM radcheck WHERE username = 'damuk ' ORDER BY id [sql] User found in radcheck table [sql] expand: SELECT id, username, attribute, value, op FROM radreply WHERE username = '%{SQL-User-Name}' ORDER BY id -> SELECT id, username, attribute, value, op FROM radreply WHERE username = 'damuk ' ORDER BY id [sql] expand: SELECT groupname FROM radusergroup WHERE username = '%{SQL-User-Name}' ORDER BY priority -> SELECT groupname FROM radusergroup WHERE username = 'damuk ' ORDER BY priority [sql] expand: SELECT id, groupname, attribute, Value, op FROM radgroupcheck WHERE groupname = '%{Sql-Group}' ORDER BY id -> SELECT id, groupname, attribute, Value, op FROM radgroupcheck WHERE groupname = 'Dolgozo' ORDER BY id [sql] User found in group Dolgozo [sql] expand: SELECT id, groupname, attribute, value, op FROM radgroupreply WHERE groupname = '%{Sql-Group}' ORDER BY id -> SELECT id, groupname, attribute, value, op FROM radgroupreply WHERE groupname = 'Dolgozo' ORDER BY id rlm_sql (sql): Released sql socket id: 3 ++[sql] = ok ++[expiration] = noop ++[logintime] = noop [pap] WARNING: Auth-Type already set. Not setting to PAP ++[pap] = noop +} # group authorize = updated Found Auth-Type = EAP # Executing group from file /etc/freeradius/sites-enabled/inner-tunnel +group authenticate { [eap] EAP Identity [eap] processing type mschapv2 rlm_eap_mschapv2: Issuing Challenge ++[eap] = handled +} # group authenticate = handled } # server inner-tunnel [peap] Got tunneled reply code 11 Acct-Interim-Interval := 60 Idle-Timeout := 600 EAP-Message = 0x018100201a0181001b10c7ef810e411e02014e68bf5e958b47e764616d756b20 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x9faacd9d9f2bd7296c0e44c09fe0b6aa [peap] Got tunneled reply RADIUS code 11 Acct-Interim-Interval := 60 Idle-Timeout := 600 EAP-Message = 0x018100201a0181001b10c7ef810e411e02014e68bf5e958b47e764616d756b20 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x9faacd9d9f2bd7296c0e44c09fe0b6aa [peap] Got tunneled Access-Challenge ++[eap] = handled +} # group authenticate = handled Sending Access-Challenge of id 187 to 10.0.0.131 port 46766 EAP-Message = 0x0181004b19001703010040996dbf0a8227ace388e7cd3fc10a541449596364e95be10c4745ce7a83e5da10263c7d67cd47426bca1e4ec21199f6de5c31ac555b6ee17b8304709797552f46 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x994149d69cc0504e8ae398c78554459c Finished request 25. Going to the next request Waking up in 4.7 seconds. rad_recv: Access-Request packet from host 10.0.0.131 port 46766, id=188, length=331 User-Name = "damuk" NAS-Identifier = "ThanWiFi-3-1" Called-Station-Id = "C4-6E-1F-31-EE-F2:ThanWiFi" NAS-Port-Type = Wireless-802.11 NAS-Port = 3 Calling-Station-Id = "64-B3-10-8D-97-D0" Connect-Info = "CONNECT 54Mbps 802.11g" Acct-Session-Id = "56D94100-0000021D" Framed-MTU = 1400 EAP-Message = 0x028100901900170301002045d728228811a16e8f2e56919ea06d2f954fa6714cf1cc49c411e1c4375ac41e1703010060aed708318f34844e007c84812d3c2007b9dbad2d995420daef6a2084da615f9ecd165c1f8126e4965ff4e1018719e5459e181c4bff54442b7c4c230f1eaf33efd30438324e439c1d6672c8726c2cad6249dc242cbba59bc4a6ac2aac621aabac State = 0x994149d69cc0504e8ae398c78554459c Message-Authenticator = 0x89815838317861c4ce05fd7567744788 # Executing section authorize from file /etc/freeradius/sites-enabled/default +group authorize { ++[preprocess] = ok ++[chap] = noop ++[mschap] = noop [suffix] No '@' in User-Name = "damuk", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] = noop [eap] EAP packet type response id 129 length 144 [eap] Continuing tunnel setup. ++[eap] = ok +} # group authorize = ok Found Auth-Type = EAP # Executing group from file /etc/freeradius/sites-enabled/default +group authenticate { [eap] Request found, released from the list [eap] EAP/peap [eap] processing type peap [peap] processing EAP-TLS [peap] eaptls_verify returned 7 [peap] Done initial handshake [peap] eaptls_process returned 7 [peap] EAPTLS_OK [peap] Session established. Decoding tunneled attributes. [peap] Peap state phase2 [peap] EAP type mschapv2 [peap] Got tunneled request EAP-Message = 0x028100411a0281003c3127bbbbfa3c7a86d9d9b21171d7ac35140000000000000000a22b628966b0c973c9a29febd621a27fb88be1d166fe4d880064616d756b20 server { [peap] Setting User-Name to damuk Sending tunneled request EAP-Message = 0x028100411a0281003c3127bbbbfa3c7a86d9d9b21171d7ac35140000000000000000a22b628966b0c973c9a29febd621a27fb88be1d166fe4d880064616d756b20 FreeRADIUS-Proxied-To = 127.0.0.1 User-Name = "damuk " State = 0x9faacd9d9f2bd7296c0e44c09fe0b6aa server inner-tunnel { # Executing section authorize from file /etc/freeradius/sites-enabled/inner-tunnel +group authorize { ++[chap] = noop ++[mschap] = noop [suffix] No '@' in User-Name = "damuk ", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] = noop ++update control { ++} # update control = noop [eap] EAP packet type response id 129 length 65 [eap] No EAP Start, assuming it's an on-going EAP conversation ++[eap] = updated ++[files] = noop [sql] expand: %{User-Name} -> damuk [sql] sql_set_user escaped user --> 'damuk ' rlm_sql (sql): Reserving sql socket id: 2 [sql] expand: SELECT id, username, attribute, value, op FROM radcheck WHERE username = '%{SQL-User-Name}' ORDER BY id -> SELECT id, username, attribute, value, op FROM radcheck WHERE username = 'damuk ' ORDER BY id [sql] User found in radcheck table [sql] expand: SELECT id, username, attribute, value, op FROM radreply WHERE username = '%{SQL-User-Name}' ORDER BY id -> SELECT id, username, attribute, value, op FROM radreply WHERE username = 'damuk ' ORDER BY id [sql] expand: SELECT groupname FROM radusergroup WHERE username = '%{SQL-User-Name}' ORDER BY priority -> SELECT groupname FROM radusergroup WHERE username = 'damuk ' ORDER BY priority [sql] expand: SELECT id, groupname, attribute, Value, op FROM radgroupcheck WHERE groupname = '%{Sql-Group}' ORDER BY id -> SELECT id, groupname, attribute, Value, op FROM radgroupcheck WHERE groupname = 'Dolgozo' ORDER BY id [sql] User found in group Dolgozo [sql] expand: SELECT id, groupname, attribute, value, op FROM radgroupreply WHERE groupname = '%{Sql-Group}' ORDER BY id -> SELECT id, groupname, attribute, value, op FROM radgroupreply WHERE groupname = 'Dolgozo' ORDER BY id rlm_sql (sql): Released sql socket id: 2 ++[sql] = ok ++[expiration] = noop ++[logintime] = noop [pap] WARNING: Auth-Type already set. Not setting to PAP ++[pap] = noop +} # group authorize = updated Found Auth-Type = EAP # Executing group from file /etc/freeradius/sites-enabled/inner-tunnel +group authenticate { [eap] Request found, released from the list [eap] EAP/mschapv2 [eap] processing type mschapv2 [mschapv2] # Executing group from file /etc/freeradius/sites-enabled/inner-tunnel [mschapv2] +group MS-CHAP { [mschap] Creating challenge hash with username: damuk [mschap] Client is using MS-CHAPv2 for damuk , we need NT-Password [mschap] adding MS-CHAPv2 MPPE keys ++[mschap] = ok +} # group MS-CHAP = ok MSCHAP Success ++[eap] = handled +} # group authenticate = handled } # server inner-tunnel [peap] Got tunneled reply code 11 Acct-Interim-Interval := 60 Idle-Timeout := 600 EAP-Message = 0x018200331a0381002e533d38384537463334304236453346373536433445354441434343453034344441373836363834353235 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x9faacd9d9e28d7296c0e44c09fe0b6aa [peap] Got tunneled reply RADIUS code 11 Acct-Interim-Interval := 60 Idle-Timeout := 600 EAP-Message = 0x018200331a0381002e533d38384537463334304236453346373536433445354441434343453034344441373836363834353235 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x9faacd9d9e28d7296c0e44c09fe0b6aa [peap] Got tunneled Access-Challenge ++[eap] = handled +} # group authenticate = handled Sending Access-Challenge of id 188 to 10.0.0.131 port 46766 EAP-Message = 0x0182005b190017030100502b969eec670ee85b942178137fef82780495fb9f76ad46ee30a7f59b0aad8c3c78b7029c71fffb84f7b5132d8c0befd21e8146b6ea2facba8045623df8ea3ac6076ca2ed075119a1717081e1a61385fd Message-Authenticator = 0x00000000000000000000000000000000 State = 0x994149d69fc3504e8ae398c78554459c Finished request 26. Going to the next request Waking up in 4.7 seconds. rad_recv: Access-Request packet from host 10.0.0.131 port 46766, id=189, length=267 User-Name = "damuk" NAS-Identifier = "ThanWiFi-3-1" Called-Station-Id = "C4-6E-1F-31-EE-F2:ThanWiFi" NAS-Port-Type = Wireless-802.11 NAS-Port = 3 Calling-Station-Id = "64-B3-10-8D-97-D0" Connect-Info = "CONNECT 54Mbps 802.11g" Acct-Session-Id = "56D94100-0000021D" Framed-MTU = 1400 EAP-Message = 0x0282005019001703010020b3794a69861963a08bc761f3aab9427e06075c8a7b123ec3acc4afab0256fd00170301002002604fb7c148797c83737e222e55f9e5218d4b10a7b5a4d8445589ecf72c5681 State = 0x994149d69fc3504e8ae398c78554459c Message-Authenticator = 0x94ebac68404f68fad9e865877e02d333 # Executing section authorize from file /etc/freeradius/sites-enabled/default +group authorize { ++[preprocess] = ok ++[chap] = noop ++[mschap] = noop [suffix] No '@' in User-Name = "damuk", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] = noop [eap] EAP packet type response id 130 length 80 [eap] Continuing tunnel setup. ++[eap] = ok +} # group authorize = ok Found Auth-Type = EAP # Executing group from file /etc/freeradius/sites-enabled/default +group authenticate { [eap] Request found, released from the list [eap] EAP/peap [eap] processing type peap [peap] processing EAP-TLS [peap] eaptls_verify returned 7 [peap] Done initial handshake [peap] eaptls_process returned 7 [peap] EAPTLS_OK [peap] Session established. Decoding tunneled attributes. [peap] Peap state phase2 [peap] EAP type mschapv2 [peap] Got tunneled request EAP-Message = 0x028200061a03 server { [peap] Setting User-Name to damuk Sending tunneled request EAP-Message = 0x028200061a03 FreeRADIUS-Proxied-To = 127.0.0.1 User-Name = "damuk " State = 0x9faacd9d9e28d7296c0e44c09fe0b6aa server inner-tunnel { # Executing section authorize from file /etc/freeradius/sites-enabled/inner-tunnel +group authorize { ++[chap] = noop ++[mschap] = noop [suffix] No '@' in User-Name = "damuk ", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] = noop ++update control { ++} # update control = noop [eap] EAP packet type response id 130 length 6 [eap] No EAP Start, assuming it's an on-going EAP conversation ++[eap] = updated ++[files] = noop [sql] expand: %{User-Name} -> damuk [sql] sql_set_user escaped user --> 'damuk ' rlm_sql (sql): Reserving sql socket id: 1 [sql] expand: SELECT id, username, attribute, value, op FROM radcheck WHERE username = '%{SQL-User-Name}' ORDER BY id -> SELECT id, username, attribute, value, op FROM radcheck WHERE username = 'damuk ' ORDER BY id [sql] User found in radcheck table [sql] expand: SELECT id, username, attribute, value, op FROM radreply WHERE username = '%{SQL-User-Name}' ORDER BY id -> SELECT id, username, attribute, value, op FROM radreply WHERE username = 'damuk ' ORDER BY id [sql] expand: SELECT groupname FROM radusergroup WHERE username = '%{SQL-User-Name}' ORDER BY priority -> SELECT groupname FROM radusergroup WHERE username = 'damuk ' ORDER BY priority [sql] expand: SELECT id, groupname, attribute, Value, op FROM radgroupcheck WHERE groupname = '%{Sql-Group}' ORDER BY id -> SELECT id, groupname, attribute, Value, op FROM radgroupcheck WHERE groupname = 'Dolgozo' ORDER BY id [sql] User found in group Dolgozo [sql] expand: SELECT id, groupname, attribute, value, op FROM radgroupreply WHERE groupname = '%{Sql-Group}' ORDER BY id -> SELECT id, groupname, attribute, value, op FROM radgroupreply WHERE groupname = 'Dolgozo' ORDER BY id rlm_sql (sql): Released sql socket id: 1 ++[sql] = ok ++[expiration] = noop ++[logintime] = noop [pap] WARNING: Auth-Type already set. Not setting to PAP ++[pap] = noop +} # group authorize = updated Found Auth-Type = EAP # Executing group from file /etc/freeradius/sites-enabled/inner-tunnel +group authenticate { [eap] Request found, released from the list [eap] EAP/mschapv2 [eap] processing type mschapv2 [eap] Freeing handler ++[eap] = ok +} # group authenticate = ok Login OK: [damuk /] (from client ThanWiFi-3-1 port 0 via TLS tunnel) # Executing section post-auth from file /etc/freeradius/sites-enabled/inner-tunnel +group post-auth { [sql] expand: %{User-Name} -> damuk [sql] sql_set_user escaped user --> 'damuk ' [sql] expand: %{User-Password} -> [sql] ... expanding second conditional [sql] expand: %{Chap-Password} -> [sql] expand: INSERT INTO radpostauth (username, pass, reply, authdate) VALUES ( '%{User-Name}', '%{%{User-Password}:-%{Chap-Password}}', '%{reply:Packet-Type}', '%S') -> INSERT INTO radpostauth (username, pass, reply, authdate) VALUES ( 'damuk ', '', 'Access-Accept', '2016-03-07 17:09:17') rlm_sql (sql) in sql_postauth: query is INSERT INTO radpostauth (username, pass, reply, authdate) VALUES ( 'damuk ', '', 'Access-Accept', '2016-03-07 17:09:17') rlm_sql (sql): Reserving sql socket id: 0 rlm_sql (sql): Released sql socket id: 0 ++[sql] = ok +} # group post-auth = ok } # server inner-tunnel [peap] Got tunneled reply code 2 Acct-Interim-Interval := 60 Idle-Timeout := 600 MS-MPPE-Encryption-Policy = 0x00000002 MS-MPPE-Encryption-Types = 0x00000004 MS-MPPE-Send-Key = 0x6a0cca9113f0e6ac2ff7626698af0df6 MS-MPPE-Recv-Key = 0x10e7d9ee6661df5673086e8c4c2fd996 EAP-Message = 0x03820004 Message-Authenticator = 0x00000000000000000000000000000000 User-Name = "damuk " [peap] Got tunneled reply RADIUS code 2 Acct-Interim-Interval := 60 Idle-Timeout := 600 MS-MPPE-Encryption-Policy = 0x00000002 MS-MPPE-Encryption-Types = 0x00000004 MS-MPPE-Send-Key = 0x6a0cca9113f0e6ac2ff7626698af0df6 MS-MPPE-Recv-Key = 0x10e7d9ee6661df5673086e8c4c2fd996 EAP-Message = 0x03820004 Message-Authenticator = 0x00000000000000000000000000000000 User-Name = "damuk " [peap] Tunneled authentication was successful. [peap] SUCCESS ++[eap] = handled +} # group authenticate = handled Sending Access-Challenge of id 189 to 10.0.0.131 port 46766 EAP-Message = 0x0183002b19001703010020e015d25365624d40c99631bd1e9a7692c8f3e534142bed90e896db4172e2d188 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x994149d69ec2504e8ae398c78554459c Finished request 27. Going to the next request Waking up in 4.7 seconds. rad_recv: Access-Request packet from host 10.0.0.131 port 46766, id=190, length=267 User-Name = "damuk" NAS-Identifier = "ThanWiFi-3-1" Called-Station-Id = "C4-6E-1F-31-EE-F2:ThanWiFi" NAS-Port-Type = Wireless-802.11 NAS-Port = 3 Calling-Station-Id = "64-B3-10-8D-97-D0" Connect-Info = "CONNECT 54Mbps 802.11g" Acct-Session-Id = "56D94100-0000021D" Framed-MTU = 1400 EAP-Message = 0x02830050190017030100209a50ee774e29728dd95ec0de44eb4f34a2a96387458fe606332daca56fbee581170301002087bbb1df7918be87c06d832261539c9ff5db7e8e8a5fb957ee290713d1719017 State = 0x994149d69ec2504e8ae398c78554459c Message-Authenticator = 0xacb7c3fcd8e15f9d63829ae63ee831b4 # Executing section authorize from file /etc/freeradius/sites-enabled/default +group authorize { ++[preprocess] = ok ++[chap] = noop ++[mschap] = noop [suffix] No '@' in User-Name = "damuk", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] = noop [eap] EAP packet type response id 131 length 80 [eap] Continuing tunnel setup. ++[eap] = ok +} # group authorize = ok Found Auth-Type = EAP # Executing group from file /etc/freeradius/sites-enabled/default +group authenticate { [eap] Request found, released from the list [eap] EAP/peap [eap] processing type peap [peap] processing EAP-TLS [peap] eaptls_verify returned 7 [peap] Done initial handshake [peap] eaptls_process returned 7 [peap] EAPTLS_OK [peap] Session established. Decoding tunneled attributes. [peap] Peap state send tlv success [peap] Received EAP-TLV response. [peap] Success [eap] Freeing handler ++[eap] = ok +} # group authenticate = ok Login OK: [damuk/] (from client ThanWiFi-3-1 port 3 cli 64-B3-10-8D-97-D0) # Executing section post-auth from file /etc/freeradius/sites-enabled/default +group post-auth { [sql] expand: %{User-Name} -> damuk [sql] sql_set_user escaped user --> 'damuk' [sql] expand: %{User-Password} -> [sql] ... expanding second conditional [sql] expand: %{Chap-Password} -> [sql] expand: INSERT INTO radpostauth (username, pass, reply, authdate) VALUES ( '%{User-Name}', '%{%{User-Password}:-%{Chap-Password}}', '%{reply:Packet-Type}', '%S') -> INSERT INTO radpostauth (username, pass, reply, authdate) VALUES ( 'damuk', '', 'Access-Accept', '2016-03-07 17:09:17') rlm_sql (sql) in sql_postauth: query is INSERT INTO radpostauth (username, pass, reply, authdate) VALUES ( 'damuk', '', 'Access-Accept', '2016-03-07 17:09:17') rlm_sql (sql): Reserving sql socket id: 4 rlm_sql (sql): Released sql socket id: 4 ++[sql] = ok ++[exec] = noop +} # group post-auth = ok Sending Access-Accept of id 190 to 10.0.0.131 port 46766 MS-MPPE-Recv-Key = 0x433ae2e5b00f1fdcdfd4dd31e593decfdf1be615f3d893be521aac2da1918617 MS-MPPE-Send-Key = 0x50fc6c921c8a7b1b7d4dde8d05fd879ef1844c3a2ff69030765b09af132fa2ea EAP-Message = 0x03830004 Message-Authenticator = 0x00000000000000000000000000000000 User-Name = "damuk" Finished request 28. Going to the next request Waking up in 4.7 seconds. rad_recv: Access-Request packet from host 10.0.0.131 port 46766, id=191, length=179 User-Name = "damuk" NAS-Identifier = "ThanWiFi-3-1" Called-Station-Id = "C4-6E-1F-31-EE-F2:ThanWiFi" NAS-Port-Type = Wireless-802.11 NAS-Port = 3 Calling-Station-Id = "64-B3-10-8D-97-D0" Connect-Info = "CONNECT 54Mbps 802.11g" Acct-Session-Id = "56D94100-0000021D" Framed-MTU = 1400 EAP-Message = 0x025a000a0164616d756b Message-Authenticator = 0xbc586d4a612883f579674802b065c936 # Executing section authorize from file /etc/freeradius/sites-enabled/default +group authorize { ++[preprocess] = ok ++[chap] = noop ++[mschap] = noop [suffix] No '@' in User-Name = "damuk", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] = noop [eap] EAP packet type response id 90 length 10 [eap] No EAP Start, assuming it's an on-going EAP conversation ++[eap] = updated ++[unix] = notfound ++[files] = noop [sql] expand: %{User-Name} -> damuk [sql] sql_set_user escaped user --> 'damuk' rlm_sql (sql): Reserving sql socket id: 3 [sql] expand: SELECT id, username, attribute, value, op FROM radcheck WHERE username = '%{SQL-User-Name}' ORDER BY id -> SELECT id, username, attribute, value, op FROM radcheck WHERE username = 'damuk' ORDER BY id [sql] User found in radcheck table [sql] expand: SELECT id, username, attribute, value, op FROM radreply WHERE username = '%{SQL-User-Name}' ORDER BY id -> SELECT id, username, attribute, value, op FROM radreply WHERE username = 'damuk' ORDER BY id [sql] expand: SELECT groupname FROM radusergroup WHERE username = '%{SQL-User-Name}' ORDER BY priority -> SELECT groupname FROM radusergroup WHERE username = 'damuk' ORDER BY priority [sql] expand: SELECT id, groupname, attribute, Value, op FROM radgroupcheck WHERE groupname = '%{Sql-Group}' ORDER BY id -> SELECT id, groupname, attribute, Value, op FROM radgroupcheck WHERE groupname = 'Dolgozo' ORDER BY id [sql] User found in group Dolgozo [sql] expand: SELECT id, groupname, attribute, value, op FROM radgroupreply WHERE groupname = '%{Sql-Group}' ORDER BY id -> SELECT id, groupname, attribute, value, op FROM radgroupreply WHERE groupname = 'Dolgozo' ORDER BY id rlm_sql (sql): Released sql socket id: 3 ++[sql] = ok rlm_sqlcounter: Entering module authorize code rlm_sqlcounter: Could not find Check item value pair ++[dailycounter] = noop rlm_sqlcounter: Entering module authorize code rlm_sqlcounter: Could not find Check item value pair ++[monthlycounter] = noop rlm_sqlcounter: Entering module authorize code rlm_sqlcounter: Could not find Check item value pair ++[weeklycounter] = noop rlm_sqlcounter: Entering module authorize code rlm_sqlcounter: Could not find Check item value pair ++[quaterlycounter] = noop rlm_sqlcounter: Entering module authorize code rlm_sqlcounter: Could not find Check item value pair ++[yearlycounter] = noop rlm_sqlcounter: Entering module authorize code rlm_sqlcounter: Could not find Check item value pair ++[noresetcounter] = noop rlm_sqlcounter: Entering module authorize code rlm_sqlcounter: Could not find Check item value pair ++[accessperiod] = noop rlm_sqlcounter: Entering module authorize code rlm_sqlcounter: Could not find Check item value pair ++[counterChilliSpotMaxTotalOctetsDaily] = noop rlm_sqlcounter: Entering module authorize code rlm_sqlcounter: Could not find Check item value pair ++[counterChilliSpotMaxTotalOctetsWeekly] = noop rlm_sqlcounter: Entering module authorize code rlm_sqlcounter: Could not find Check item value pair ++[counterChilliSpotMaxTotalOctetsMonthly] = noop rlm_sqlcounter: Entering module authorize code rlm_sqlcounter: Could not find Check item value pair ++[counterChilliSpotMaxTotalOctetsQuarterly] = noop rlm_sqlcounter: Entering module authorize code rlm_sqlcounter: Could not find Check item value pair ++[counterChilliSpotMaxTotalOctetsYearly] = noop rlm_sqlcounter: Entering module authorize code rlm_sqlcounter: Could not find Check item value pair ++[counterChilliSpotMaxTotalOctetsAll] = noop rlm_sqlcounter: Entering module authorize code rlm_sqlcounter: Could not find Check item value pair ++[counterChilliSpotMaxInputOctetsDaily] = noop rlm_sqlcounter: Entering module authorize code rlm_sqlcounter: Could not find Check item value pair ++[counterChilliSpotMaxInputOctetsWeekly] = noop rlm_sqlcounter: Entering module authorize code rlm_sqlcounter: Could not find Check item value pair ++[counterChilliSpotMaxInputOctetsMonthly] = noop rlm_sqlcounter: Entering module authorize code rlm_sqlcounter: Could not find Check item value pair ++[counterChilliSpotMaxInputOctetsQuarterly] = noop rlm_sqlcounter: Entering module authorize code rlm_sqlcounter: Could not find Check item value pair ++[counterChilliSpotMaxInputOctetsYearly] = noop rlm_sqlcounter: Entering module authorize code rlm_sqlcounter: Could not find Check item value pair ++[counterChilliSpotMaxInputOctetsAll] = noop rlm_sqlcounter: Entering module authorize code rlm_sqlcounter: Could not find Check item value pair ++[counterChilliSpotMaxOutputOctetsDaily] = noop rlm_sqlcounter: Entering module authorize code rlm_sqlcounter: Could not find Check item value pair ++[counterChilliSpotMaxOutputOctetsWeekly] = noop rlm_sqlcounter: Entering module authorize code rlm_sqlcounter: Could not find Check item value pair ++[counterChilliSpotMaxOutputOctetsMonthly] = noop rlm_sqlcounter: Entering module authorize code rlm_sqlcounter: Could not find Check item value pair ++[counterChilliSpotMaxOutputOctetsQuarterly] = noop rlm_sqlcounter: Entering module authorize code rlm_sqlcounter: Could not find Check item value pair ++[counterChilliSpotMaxOutputOctetsYearly] = noop rlm_sqlcounter: Entering module authorize code rlm_sqlcounter: Could not find Check item value pair ++[counterChilliSpotMaxOutputOctetsAll] = noop ++[expiration] = noop ++[logintime] = noop [pap] WARNING: Auth-Type already set. Not setting to PAP ++[pap] = noop +} # group authorize = updated Found Auth-Type = EAP # Executing group from file /etc/freeradius/sites-enabled/default +group authenticate { [eap] EAP Identity [eap] processing type tls [tls] Initiate [tls] Start returned 1 ++[eap] = handled +} # group authenticate = handled Sending Access-Challenge of id 191 to 10.0.0.131 port 46766 Acct-Interim-Interval := 60 Idle-Timeout := 600 EAP-Message = 0x015b00061920 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x99a2540299f94d1e4be62c835f233bb8 Finished request 29. Going to the next request Waking up in 3.1 seconds. rad_recv: Access-Request packet from host 10.0.0.131 port 46766, id=192, length=387 User-Name = "damuk" NAS-Identifier = "ThanWiFi-3-1" Called-Station-Id = "C4-6E-1F-31-EE-F2:ThanWiFi" NAS-Port-Type = Wireless-802.11 NAS-Port = 3 Calling-Station-Id = "64-B3-10-8D-97-D0" Connect-Info = "CONNECT 54Mbps 802.11g" Acct-Session-Id = "56D94100-0000021D" Framed-MTU = 1400 EAP-Message = 0x025b00c81980000000be16030100b9010000b5030156dda7ae84226d23e28e2bce37cfaa3f569e53cc3662757e987e8c749c87b7e3000048c014c00a00390038c00fc0050035c012c00800160013c00dc003000ac013c00900330032c00ec004002fc011c007c00cc002000500040015001200090014001100080006000300ff01000044000b000403000102000a00340032000100020003000400050006000700080009000a000b000c000d000e000f001000110012001300140015001600170018001900230000 State = 0x99a2540299f94d1e4be62c835f233bb8 Message-Authenticator = 0x2ddcf74fdd300ae4fc3ac68b98b735ee # Executing section authorize from file /etc/freeradius/sites-enabled/default +group authorize { ++[preprocess] = ok ++[chap] = noop ++[mschap] = noop [suffix] No '@' in User-Name = "damuk", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] = noop [eap] EAP packet type response id 91 length 200 [eap] Continuing tunnel setup. ++[eap] = ok +} # group authorize = ok Found Auth-Type = EAP # Executing group from file /etc/freeradius/sites-enabled/default +group authenticate { [eap] Request found, released from the list [eap] EAP/peap [eap] processing type peap [peap] processing EAP-TLS TLS Length 190 [peap] Length Included [peap] eaptls_verify returned 11 [peap] (other): before/accept initialization [peap] TLS_accept: before/accept initialization [peap] <<< TLS 1.0 Handshake [length 00b9], ClientHello [peap] TLS_accept: unknown state [peap] >>> TLS 1.0 Handshake [length 0039], ServerHello [peap] TLS_accept: unknown state [peap] >>> TLS 1.0 Handshake [length 02c4], Certificate [peap] TLS_accept: unknown state [peap] >>> TLS 1.0 Handshake [length 014b], ServerKeyExchange [peap] TLS_accept: unknown state [peap] >>> TLS 1.0 Handshake [length 0004], ServerHelloDone [peap] TLS_accept: unknown state [peap] TLS_accept: unknown state [peap] TLS_accept: Need to read more data: unknown state In SSL Handshake Phase In SSL Accept mode [peap] eaptls_process returned 13 [peap] EAPTLS_HANDLED ++[eap] = handled +} # group authenticate = handled Sending Access-Challenge of id 192 to 10.0.0.131 port 46766 EAP-Message = 0x015c040019c0000004601603010039020000350301de204ff36c2b042710ebe1d0e3224910068fd24d22e926b5198bd6579adbb8fa00c01400000dff01000100000b00040300010216030102c40b0002c00002bd0002ba308202b63082019ea0030201020209009989ad7dff6b022b300d06092a864886f70d01010b050030133111300f06035504030c085468616e57694669301e170d3136303330353133343331305a170d3236303330333133343331305a30133111300f06035504030c085468616e5769466930820122300d06092a864886f70d01010105000382010f003082010a0282010100ad9d4ac7dc70296afa82ca4a408b3248c2a9fd9f EAP-Message = 0x24e82f792dcbc58c5cc2c51e21d320e0203b631097ec7fbed2ad2f467ec62f07cf3801f9e335b3c1dec9d39471d543232226645c6023b65c26ed7589806628ab8229ded32e07936fb1e1181f5c140194acacd90dd091537413ca60e45a0f20308d1562b6fe7c452b4b4fc0567c6934d74cd40de68b76bb59d39db4e671ef6fd2588b244d2b476e9d06a6943735f49944e0c720b332529eb6bd65b2388f5ec4240926d8d3818bb19fabd04162543fdf521b1434e35966d39dfc4eecf8f5612a78fcd15773b667486e7a760a3a1f6180ea9c7bfb1200670537a1ab7b1bfd36d311a5778bd485276c5f293bab9b0203010001a30d300b30090603551d1304 EAP-Message = 0x023000300d06092a864886f70d01010b050003820101001fa3d9f0bd880af1ad3cfe6e704027f13a874fc4f8be0dc65cdac8f5cbf9f88da5c2bf9edf195cf601d7f71b2237862f3616f7411cc660537a66c18e05e869c55dda84a7691aca8142cab247db8a12028f1cc6d5a67e92d9e64734fff22b1d7b7922872189407053d489c2cb416cffc54ec784c7b79a66f8d713e0e35b82e3713c1b85c9c1fb385a0369ee2ac37be476f25737f905eca7bc6568bec3ffe338aa34f2319b37b59c747cd328f60555ebe51f9d65567bc5f16305cb7a44911d57379eaa85b5254d8616da1cff944ab3f4b9eecd282cdc122719a1031b2613b46c5943362c43bb8c EAP-Message = 0x1c117142310b05b1176ac4922b9e4473ac6966e407489bb55204160301014b0c00014703001741045c715565f65a0510ede301e5cdf88e651e851705e6cda165bcf17682940a4d50c785f29b645246c1ee8d99af38cbbef58c7f13ddad8153102ce1b7c12af617ca0100375aaa0f556230fad72a52cb24dfb0ece2109a87d15f43d5bd1abb131322684c3f251b6b6cd5e89216288e4aa918dde839669fb43bc81710616f8626095f07ece4fd0c30b3b90ba35369878e1ec18665ac19e14848f5b768fe4f6ceec694dde7eac68717db1e6d9129188d6e90c51c376af8022da9f1721687764288234fb253a5f23088f71af0cb7798f704fe1ffe95a41f52 EAP-Message = 0x703e3b6074d0ad5f164bd7f6 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x99a2540298fe4d1e4be62c835f233bb8 Finished request 30. Going to the next request Waking up in 3.1 seconds. rad_recv: Access-Request packet from host 10.0.0.131 port 46766, id=193, length=193 User-Name = "damuk" NAS-Identifier = "ThanWiFi-3-1" Called-Station-Id = "C4-6E-1F-31-EE-F2:ThanWiFi" NAS-Port-Type = Wireless-802.11 NAS-Port = 3 Calling-Station-Id = "64-B3-10-8D-97-D0" Connect-Info = "CONNECT 54Mbps 802.11g" Acct-Session-Id = "56D94100-0000021D" Framed-MTU = 1400 EAP-Message = 0x025c00061900 State = 0x99a2540298fe4d1e4be62c835f233bb8 Message-Authenticator = 0x1c0a7fb6a594cc214b697c711d11e3b4 # Executing section authorize from file /etc/freeradius/sites-enabled/default +group authorize { ++[preprocess] = ok ++[chap] = noop ++[mschap] = noop [suffix] No '@' in User-Name = "damuk", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] = noop [eap] EAP packet type response id 92 length 6 [eap] Continuing tunnel setup. ++[eap] = ok +} # group authorize = ok Found Auth-Type = EAP # Executing group from file /etc/freeradius/sites-enabled/default +group authenticate { [eap] Request found, released from the list [eap] EAP/peap [eap] processing type peap [peap] processing EAP-TLS [peap] Received TLS ACK [peap] ACK handshake fragment handler [peap] eaptls_verify returned 1 [peap] eaptls_process returned 13 [peap] EAPTLS_HANDLED ++[eap] = handled +} # group authenticate = handled Sending Access-Challenge of id 193 to 10.0.0.131 port 46766 EAP-Message = 0x015d007019009b08f7215b0445c831b41f1abd786d720bd254165f5bff1a0a199d22dbdd5e0c0bffbb72c2c241a2765397f236ee6247c6dc83dd115cea37b0e55fab69acdb35b7589cb7ccf056ee9aa3ec8e03a9e155acab57a1ca10e7af60cddcbafd5cfafdea16030100040e000000 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x99a254029bff4d1e4be62c835f233bb8 Finished request 31. Going to the next request Waking up in 3.0 seconds. rad_recv: Access-Request packet from host 10.0.0.131 port 46766, id=194, length=331 User-Name = "damuk" NAS-Identifier = "ThanWiFi-3-1" Called-Station-Id = "C4-6E-1F-31-EE-F2:ThanWiFi" NAS-Port-Type = Wireless-802.11 NAS-Port = 3 Calling-Station-Id = "64-B3-10-8D-97-D0" Connect-Info = "CONNECT 54Mbps 802.11g" Acct-Session-Id = "56D94100-0000021D" Framed-MTU = 1400 EAP-Message = 0x025d00901980000000861603010046100000424104b3d7138f576ae1374ab61d8d77d59e1badd34009801d972aa0341df19000f4179f37817be7b43286731941e3a38bc887a045ed00467c1366a6ac4eb62bbaac1414030100010116030100305e62d3cf1c2b26defb91b044317bb8528588794a50eee78f6fa8e4a1fc4be75bf8c990e69cc1071bb9b953866d13bd1d State = 0x99a254029bff4d1e4be62c835f233bb8 Message-Authenticator = 0xf846af6d19b1555718536159529811b1 # Executing section authorize from file /etc/freeradius/sites-enabled/default +group authorize { ++[preprocess] = ok ++[chap] = noop ++[mschap] = noop [suffix] No '@' in User-Name = "damuk", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] = noop [eap] EAP packet type response id 93 length 144 [eap] Continuing tunnel setup. ++[eap] = ok +} # group authorize = ok Found Auth-Type = EAP # Executing group from file /etc/freeradius/sites-enabled/default +group authenticate { [eap] Request found, released from the list [eap] EAP/peap [eap] processing type peap [peap] processing EAP-TLS TLS Length 134 [peap] Length Included [peap] eaptls_verify returned 11 [peap] <<< TLS 1.0 Handshake [length 0046], ClientKeyExchange [peap] TLS_accept: unknown state [peap] <<< TLS 1.0 ChangeCipherSpec [length 0001] [peap] <<< TLS 1.0 Handshake [length 0010], Finished [peap] TLS_accept: unknown state [peap] >>> TLS 1.0 ChangeCipherSpec [length 0001] [peap] TLS_accept: unknown state [peap] >>> TLS 1.0 Handshake [length 0010], Finished [peap] TLS_accept: unknown state [peap] TLS_accept: unknown state [peap] (other): SSL negotiation finished successfully SSL Connection Established [peap] eaptls_process returned 13 [peap] EAPTLS_HANDLED ++[eap] = handled +} # group authenticate = handled Sending Access-Challenge of id 194 to 10.0.0.131 port 46766 EAP-Message = 0x015e004119001403010001011603010030780d4ac741dc2cf9ae350e0f10a56f335ea6af34ece60fce23d1231787d26480b5b5dcee6d2414cadd7c4d4cae8b6181 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x99a254029afc4d1e4be62c835f233bb8 Finished request 32. Going to the next request Waking up in 3.0 seconds. rad_recv: Access-Request packet from host 10.0.0.131 port 46766, id=195, length=193 User-Name = "damuk" NAS-Identifier = "ThanWiFi-3-1" Called-Station-Id = "C4-6E-1F-31-EE-F2:ThanWiFi" NAS-Port-Type = Wireless-802.11 NAS-Port = 3 Calling-Station-Id = "64-B3-10-8D-97-D0" Connect-Info = "CONNECT 54Mbps 802.11g" Acct-Session-Id = "56D94100-0000021D" Framed-MTU = 1400 EAP-Message = 0x025e00061900 State = 0x99a254029afc4d1e4be62c835f233bb8 Message-Authenticator = 0xc35bf4d4c6391aee04642850f3f4f6b2 # Executing section authorize from file /etc/freeradius/sites-enabled/default +group authorize { ++[preprocess] = ok ++[chap] = noop ++[mschap] = noop [suffix] No '@' in User-Name = "damuk", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] = noop [eap] EAP packet type response id 94 length 6 [eap] Continuing tunnel setup. ++[eap] = ok +} # group authorize = ok Found Auth-Type = EAP # Executing group from file /etc/freeradius/sites-enabled/default +group authenticate { [eap] Request found, released from the list [eap] EAP/peap [eap] processing type peap [peap] processing EAP-TLS [peap] Received TLS ACK [peap] ACK handshake is finished [peap] eaptls_verify returned 3 [peap] eaptls_process returned 3 [peap] EAPTLS_SUCCESS [peap] Session established. Decoding tunneled attributes. [peap] Peap state TUNNEL ESTABLISHED ++[eap] = handled +} # group authenticate = handled Sending Access-Challenge of id 195 to 10.0.0.131 port 46766 EAP-Message = 0x015f002b19001703010020f165a6a2b27a6c43b5ed4ea48625838a050901fd79e43817c419237c407b16ed Message-Authenticator = 0x00000000000000000000000000000000 State = 0x99a254029dfd4d1e4be62c835f233bb8 Finished request 33. Going to the next request Waking up in 3.0 seconds. rad_recv: Access-Request packet from host 10.0.0.131 port 46766, id=196, length=267 User-Name = "damuk" NAS-Identifier = "ThanWiFi-3-1" Called-Station-Id = "C4-6E-1F-31-EE-F2:ThanWiFi" NAS-Port-Type = Wireless-802.11 NAS-Port = 3 Calling-Station-Id = "64-B3-10-8D-97-D0" Connect-Info = "CONNECT 54Mbps 802.11g" Acct-Session-Id = "56D94100-0000021D" Framed-MTU = 1400 EAP-Message = 0x025f0050190017030100208d5a95155b9fe733ea2742d7e129f3a8ca24cc228d0a084fc7b8cef329cdd6221703010020d1992c48e3b1d26697a8bf36bc3d54077266a9ec4317ea37c38be81c85241164 State = 0x99a254029dfd4d1e4be62c835f233bb8 Message-Authenticator = 0x4e8d21a94f72c58776b123cfbbbdd67a # Executing section authorize from file /etc/freeradius/sites-enabled/default +group authorize { ++[preprocess] = ok ++[chap] = noop ++[mschap] = noop [suffix] No '@' in User-Name = "damuk", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] = noop [eap] EAP packet type response id 95 length 80 [eap] Continuing tunnel setup. ++[eap] = ok +} # group authorize = ok Found Auth-Type = EAP # Executing group from file /etc/freeradius/sites-enabled/default +group authenticate { [eap] Request found, released from the list [eap] EAP/peap [eap] processing type peap [peap] processing EAP-TLS [peap] eaptls_verify returned 7 [peap] Done initial handshake [peap] eaptls_process returned 7 [peap] EAPTLS_OK [peap] Session established. Decoding tunneled attributes. [peap] Peap state WAITING FOR INNER IDENTITY [peap] Identity - damuk [peap] Got inner identity 'damuk ' [peap] Setting default EAP type for tunneled EAP session. [peap] Got tunneled request EAP-Message = 0x025f000b0164616d756b20 server { [peap] Setting User-Name to damuk Sending tunneled request EAP-Message = 0x025f000b0164616d756b20 FreeRADIUS-Proxied-To = 127.0.0.1 User-Name = "damuk " server inner-tunnel { # Executing section authorize from file /etc/freeradius/sites-enabled/inner-tunnel +group authorize { ++[chap] = noop ++[mschap] = noop [suffix] No '@' in User-Name = "damuk ", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] = noop ++update control { ++} # update control = noop [eap] EAP packet type response id 95 length 11 [eap] No EAP Start, assuming it's an on-going EAP conversation ++[eap] = updated ++[files] = noop [sql] expand: %{User-Name} -> damuk [sql] sql_set_user escaped user --> 'damuk ' rlm_sql (sql): Reserving sql socket id: 2 [sql] expand: SELECT id, username, attribute, value, op FROM radcheck WHERE username = '%{SQL-User-Name}' ORDER BY id -> SELECT id, username, attribute, value, op FROM radcheck WHERE username = 'damuk ' ORDER BY id [sql] User found in radcheck table [sql] expand: SELECT id, username, attribute, value, op FROM radreply WHERE username = '%{SQL-User-Name}' ORDER BY id -> SELECT id, username, attribute, value, op FROM radreply WHERE username = 'damuk ' ORDER BY id [sql] expand: SELECT groupname FROM radusergroup WHERE username = '%{SQL-User-Name}' ORDER BY priority -> SELECT groupname FROM radusergroup WHERE username = 'damuk ' ORDER BY priority [sql] expand: SELECT id, groupname, attribute, Value, op FROM radgroupcheck WHERE groupname = '%{Sql-Group}' ORDER BY id -> SELECT id, groupname, attribute, Value, op FROM radgroupcheck WHERE groupname = 'Dolgozo' ORDER BY id [sql] User found in group Dolgozo [sql] expand: SELECT id, groupname, attribute, value, op FROM radgroupreply WHERE groupname = '%{Sql-Group}' ORDER BY id -> SELECT id, groupname, attribute, value, op FROM radgroupreply WHERE groupname = 'Dolgozo' ORDER BY id rlm_sql (sql): Released sql socket id: 2 ++[sql] = ok ++[expiration] = noop ++[logintime] = noop [pap] WARNING: Auth-Type already set. Not setting to PAP ++[pap] = noop +} # group authorize = updated Found Auth-Type = EAP # Executing group from file /etc/freeradius/sites-enabled/inner-tunnel +group authenticate { [eap] EAP Identity [eap] processing type mschapv2 rlm_eap_mschapv2: Issuing Challenge ++[eap] = handled +} # group authenticate = handled } # server inner-tunnel [peap] Got tunneled reply code 11 Acct-Interim-Interval := 60 Idle-Timeout := 600 EAP-Message = 0x016000201a0160001b1098233d16eab2dc6a808ec9efb8b1906764616d756b20 Message-Authenticator = 0x00000000000000000000000000000000 State = 0xdb1e7c20db7e66fcc27ce7e757abd69c [peap] Got tunneled reply RADIUS code 11 Acct-Interim-Interval := 60 Idle-Timeout := 600 EAP-Message = 0x016000201a0160001b1098233d16eab2dc6a808ec9efb8b1906764616d756b20 Message-Authenticator = 0x00000000000000000000000000000000 State = 0xdb1e7c20db7e66fcc27ce7e757abd69c [peap] Got tunneled Access-Challenge ++[eap] = handled +} # group authenticate = handled Sending Access-Challenge of id 196 to 10.0.0.131 port 46766 EAP-Message = 0x0160004b190017030100400875e722194c2d8000e3f4cca0259df6a7343f2d8d29edbad59b89ab4bd6926c0643d22030d85e702ecc48d62887e80218529076cc40b39f45b998e7450d7ad4 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x99a254029cc24d1e4be62c835f233bb8 Finished request 34. Going to the next request Waking up in 3.0 seconds. rad_recv: Access-Request packet from host 10.0.0.131 port 46766, id=197, length=331 User-Name = "damuk" NAS-Identifier = "ThanWiFi-3-1" Called-Station-Id = "C4-6E-1F-31-EE-F2:ThanWiFi" NAS-Port-Type = Wireless-802.11 NAS-Port = 3 Calling-Station-Id = "64-B3-10-8D-97-D0" Connect-Info = "CONNECT 54Mbps 802.11g" Acct-Session-Id = "56D94100-0000021D" Framed-MTU = 1400 EAP-Message = 0x0260009019001703010020f05a454b0c90635e2484d85a1b910da39936151455623ccca72ef9267f05035d17030100609c4150681481016ce2362a830c06721a2a4fdbed8736342207935d2d08bc13d09269453390e2ebc3ad7a85d733e468fa7e6f8dc3ec70679cbe5dc31cca55cdc5e38c32a8ce8a7331d0de92daaaf59f1fb4915edb351edaacda671c10aa2368f4 State = 0x99a254029cc24d1e4be62c835f233bb8 Message-Authenticator = 0x30f33ea6527d0d737448a6f1d7097ea9 # Executing section authorize from file /etc/freeradius/sites-enabled/default +group authorize { ++[preprocess] = ok ++[chap] = noop ++[mschap] = noop [suffix] No '@' in User-Name = "damuk", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] = noop [eap] EAP packet type response id 96 length 144 [eap] Continuing tunnel setup. ++[eap] = ok +} # group authorize = ok Found Auth-Type = EAP # Executing group from file /etc/freeradius/sites-enabled/default +group authenticate { [eap] Request found, released from the list [eap] EAP/peap [eap] processing type peap [peap] processing EAP-TLS [peap] eaptls_verify returned 7 [peap] Done initial handshake [peap] eaptls_process returned 7 [peap] EAPTLS_OK [peap] Session established. Decoding tunneled attributes. [peap] Peap state phase2 [peap] EAP type mschapv2 [peap] Got tunneled request EAP-Message = 0x026000411a0260003c3197e9a7482756cf219c0563da5b9ad8ce000000000000000030f67097b52fb6a4206e75f74b968a4d1e4d7671facc7cc40064616d756b20 server { [peap] Setting User-Name to damuk Sending tunneled request EAP-Message = 0x026000411a0260003c3197e9a7482756cf219c0563da5b9ad8ce000000000000000030f67097b52fb6a4206e75f74b968a4d1e4d7671facc7cc40064616d756b20 FreeRADIUS-Proxied-To = 127.0.0.1 User-Name = "damuk " State = 0xdb1e7c20db7e66fcc27ce7e757abd69c server inner-tunnel { # Executing section authorize from file /etc/freeradius/sites-enabled/inner-tunnel +group authorize { ++[chap] = noop ++[mschap] = noop [suffix] No '@' in User-Name = "damuk ", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] = noop ++update control { ++} # update control = noop [eap] EAP packet type response id 96 length 65 [eap] No EAP Start, assuming it's an on-going EAP conversation ++[eap] = updated ++[files] = noop [sql] expand: %{User-Name} -> damuk [sql] sql_set_user escaped user --> 'damuk ' rlm_sql (sql): Reserving sql socket id: 1 [sql] expand: SELECT id, username, attribute, value, op FROM radcheck WHERE username = '%{SQL-User-Name}' ORDER BY id -> SELECT id, username, attribute, value, op FROM radcheck WHERE username = 'damuk ' ORDER BY id [sql] User found in radcheck table [sql] expand: SELECT id, username, attribute, value, op FROM radreply WHERE username = '%{SQL-User-Name}' ORDER BY id -> SELECT id, username, attribute, value, op FROM radreply WHERE username = 'damuk ' ORDER BY id [sql] expand: SELECT groupname FROM radusergroup WHERE username = '%{SQL-User-Name}' ORDER BY priority -> SELECT groupname FROM radusergroup WHERE username = 'damuk ' ORDER BY priority [sql] expand: SELECT id, groupname, attribute, Value, op FROM radgroupcheck WHERE groupname = '%{Sql-Group}' ORDER BY id -> SELECT id, groupname, attribute, Value, op FROM radgroupcheck WHERE groupname = 'Dolgozo' ORDER BY id [sql] User found in group Dolgozo [sql] expand: SELECT id, groupname, attribute, value, op FROM radgroupreply WHERE groupname = '%{Sql-Group}' ORDER BY id -> SELECT id, groupname, attribute, value, op FROM radgroupreply WHERE groupname = 'Dolgozo' ORDER BY id rlm_sql (sql): Released sql socket id: 1 ++[sql] = ok ++[expiration] = noop ++[logintime] = noop [pap] WARNING: Auth-Type already set. Not setting to PAP ++[pap] = noop +} # group authorize = updated Found Auth-Type = EAP # Executing group from file /etc/freeradius/sites-enabled/inner-tunnel +group authenticate { [eap] Request found, released from the list [eap] EAP/mschapv2 [eap] processing type mschapv2 [mschapv2] # Executing group from file /etc/freeradius/sites-enabled/inner-tunnel [mschapv2] +group MS-CHAP { [mschap] Creating challenge hash with username: damuk [mschap] Client is using MS-CHAPv2 for damuk , we need NT-Password [mschap] adding MS-CHAPv2 MPPE keys ++[mschap] = ok +} # group MS-CHAP = ok MSCHAP Success ++[eap] = handled +} # group authenticate = handled } # server inner-tunnel [peap] Got tunneled reply code 11 Acct-Interim-Interval := 60 Idle-Timeout := 600 EAP-Message = 0x016100331a0360002e533d38394541393143464630413833374145414642434631443242413139374435314344333434303235 Message-Authenticator = 0x00000000000000000000000000000000 State = 0xdb1e7c20da7f66fcc27ce7e757abd69c [peap] Got tunneled reply RADIUS code 11 Acct-Interim-Interval := 60 Idle-Timeout := 600 EAP-Message = 0x016100331a0360002e533d38394541393143464630413833374145414642434631443242413139374435314344333434303235 Message-Authenticator = 0x00000000000000000000000000000000 State = 0xdb1e7c20da7f66fcc27ce7e757abd69c [peap] Got tunneled Access-Challenge ++[eap] = handled +} # group authenticate = handled Sending Access-Challenge of id 197 to 10.0.0.131 port 46766 EAP-Message = 0x0161005b19001703010050c6ec702a01f367b1cc0412981abdb28c74a23be26688e3dd0689f1ca25de12c2d3286fa33e74ef85e04454bebb62b0c4f0a35c80f72f90ca58315bf0d5cb5f6d508c324b3fc4fd58cfd3bac2a01239d2 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x99a254029fc34d1e4be62c835f233bb8 Finished request 35. Going to the next request Waking up in 2.9 seconds. rad_recv: Access-Request packet from host 10.0.0.131 port 46766, id=198, length=267 User-Name = "damuk" NAS-Identifier = "ThanWiFi-3-1" Called-Station-Id = "C4-6E-1F-31-EE-F2:ThanWiFi" NAS-Port-Type = Wireless-802.11 NAS-Port = 3 Calling-Station-Id = "64-B3-10-8D-97-D0" Connect-Info = "CONNECT 54Mbps 802.11g" Acct-Session-Id = "56D94100-0000021D" Framed-MTU = 1400 EAP-Message = 0x0261005019001703010020b620ce37d2c7f0b3fad300f14d72c9f82494bcf042986040fc011487c1244d071703010020753c917f3a33ac31eaf068fe2615283e78d21e0fce5865963a9a4a3c27995635 State = 0x99a254029fc34d1e4be62c835f233bb8 Message-Authenticator = 0x9c08715cd43be7fd965e11267f8cde66 # Executing section authorize from file /etc/freeradius/sites-enabled/default +group authorize { ++[preprocess] = ok ++[chap] = noop ++[mschap] = noop [suffix] No '@' in User-Name = "damuk", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] = noop [eap] EAP packet type response id 97 length 80 [eap] Continuing tunnel setup. ++[eap] = ok +} # group authorize = ok Found Auth-Type = EAP # Executing group from file /etc/freeradius/sites-enabled/default +group authenticate { [eap] Request found, released from the list [eap] EAP/peap [eap] processing type peap [peap] processing EAP-TLS [peap] eaptls_verify returned 7 [peap] Done initial handshake [peap] eaptls_process returned 7 [peap] EAPTLS_OK [peap] Session established. Decoding tunneled attributes. [peap] Peap state phase2 [peap] EAP type mschapv2 [peap] Got tunneled request EAP-Message = 0x026100061a03 server { [peap] Setting User-Name to damuk Sending tunneled request EAP-Message = 0x026100061a03 FreeRADIUS-Proxied-To = 127.0.0.1 User-Name = "damuk " State = 0xdb1e7c20da7f66fcc27ce7e757abd69c server inner-tunnel { # Executing section authorize from file /etc/freeradius/sites-enabled/inner-tunnel +group authorize { ++[chap] = noop ++[mschap] = noop [suffix] No '@' in User-Name = "damuk ", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] = noop ++update control { ++} # update control = noop [eap] EAP packet type response id 97 length 6 [eap] No EAP Start, assuming it's an on-going EAP conversation ++[eap] = updated ++[files] = noop [sql] expand: %{User-Name} -> damuk [sql] sql_set_user escaped user --> 'damuk ' rlm_sql (sql): Reserving sql socket id: 0 [sql] expand: SELECT id, username, attribute, value, op FROM radcheck WHERE username = '%{SQL-User-Name}' ORDER BY id -> SELECT id, username, attribute, value, op FROM radcheck WHERE username = 'damuk ' ORDER BY id [sql] User found in radcheck table [sql] expand: SELECT id, username, attribute, value, op FROM radreply WHERE username = '%{SQL-User-Name}' ORDER BY id -> SELECT id, username, attribute, value, op FROM radreply WHERE username = 'damuk ' ORDER BY id [sql] expand: SELECT groupname FROM radusergroup WHERE username = '%{SQL-User-Name}' ORDER BY priority -> SELECT groupname FROM radusergroup WHERE username = 'damuk ' ORDER BY priority [sql] expand: SELECT id, groupname, attribute, Value, op FROM radgroupcheck WHERE groupname = '%{Sql-Group}' ORDER BY id -> SELECT id, groupname, attribute, Value, op FROM radgroupcheck WHERE groupname = 'Dolgozo' ORDER BY id [sql] User found in group Dolgozo [sql] expand: SELECT id, groupname, attribute, value, op FROM radgroupreply WHERE groupname = '%{Sql-Group}' ORDER BY id -> SELECT id, groupname, attribute, value, op FROM radgroupreply WHERE groupname = 'Dolgozo' ORDER BY id rlm_sql (sql): Released sql socket id: 0 ++[sql] = ok ++[expiration] = noop ++[logintime] = noop [pap] WARNING: Auth-Type already set. Not setting to PAP ++[pap] = noop +} # group authorize = updated Found Auth-Type = EAP # Executing group from file /etc/freeradius/sites-enabled/inner-tunnel +group authenticate { [eap] Request found, released from the list [eap] EAP/mschapv2 [eap] processing type mschapv2 [eap] Freeing handler ++[eap] = ok +} # group authenticate = ok Login OK: [damuk /] (from client ThanWiFi-3-1 port 0 via TLS tunnel) # Executing section post-auth from file /etc/freeradius/sites-enabled/inner-tunnel +group post-auth { [sql] expand: %{User-Name} -> damuk [sql] sql_set_user escaped user --> 'damuk ' [sql] expand: %{User-Password} -> [sql] ... expanding second conditional [sql] expand: %{Chap-Password} -> [sql] expand: INSERT INTO radpostauth (username, pass, reply, authdate) VALUES ( '%{User-Name}', '%{%{User-Password}:-%{Chap-Password}}', '%{reply:Packet-Type}', '%S') -> INSERT INTO radpostauth (username, pass, reply, authdate) VALUES ( 'damuk ', '', 'Access-Accept', '2016-03-07 17:09:19') rlm_sql (sql) in sql_postauth: query is INSERT INTO radpostauth (username, pass, reply, authdate) VALUES ( 'damuk ', '', 'Access-Accept', '2016-03-07 17:09:19') rlm_sql (sql): Reserving sql socket id: 4 rlm_sql (sql): Released sql socket id: 4 ++[sql] = ok +} # group post-auth = ok } # server inner-tunnel [peap] Got tunneled reply code 2 Acct-Interim-Interval := 60 Idle-Timeout := 600 MS-MPPE-Encryption-Policy = 0x00000002 MS-MPPE-Encryption-Types = 0x00000004 MS-MPPE-Send-Key = 0xcf056bc7c21e0f93295a7f52d522efe1 MS-MPPE-Recv-Key = 0xf7ab8d9b4916afbf54c35550b0572f59 EAP-Message = 0x03610004 Message-Authenticator = 0x00000000000000000000000000000000 User-Name = "damuk " [peap] Got tunneled reply RADIUS code 2 Acct-Interim-Interval := 60 Idle-Timeout := 600 MS-MPPE-Encryption-Policy = 0x00000002 MS-MPPE-Encryption-Types = 0x00000004 MS-MPPE-Send-Key = 0xcf056bc7c21e0f93295a7f52d522efe1 MS-MPPE-Recv-Key = 0xf7ab8d9b4916afbf54c35550b0572f59 EAP-Message = 0x03610004 Message-Authenticator = 0x00000000000000000000000000000000 User-Name = "damuk " [peap] Tunneled authentication was successful. [peap] SUCCESS ++[eap] = handled +} # group authenticate = handled Sending Access-Challenge of id 198 to 10.0.0.131 port 46766 EAP-Message = 0x0162002b19001703010020bba044b38a3550eb169832c728e9077fde7476ca00c2936356dd205d6a8d86e4 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x99a254029ec04d1e4be62c835f233bb8 Finished request 36. Going to the next request Waking up in 2.9 seconds. rad_recv: Access-Request packet from host 10.0.0.131 port 46766, id=199, length=267 User-Name = "damuk" NAS-Identifier = "ThanWiFi-3-1" Called-Station-Id = "C4-6E-1F-31-EE-F2:ThanWiFi" NAS-Port-Type = Wireless-802.11 NAS-Port = 3 Calling-Station-Id = "64-B3-10-8D-97-D0" Connect-Info = "CONNECT 54Mbps 802.11g" Acct-Session-Id = "56D94100-0000021D" Framed-MTU = 1400 EAP-Message = 0x02620050190017030100205ade303a2e35537bbab579cb89c3c100bfe8e45db8f1d6b0263c142d6b824b6817030100202dd704f29f8b80816d768b4d7dae53888f2af3721ff9049bba21c3a93b6f0f03 State = 0x99a254029ec04d1e4be62c835f233bb8 Message-Authenticator = 0x54b198a193d38ac938a78d961be0fee0 # Executing section authorize from file /etc/freeradius/sites-enabled/default +group authorize { ++[preprocess] = ok ++[chap] = noop ++[mschap] = noop [suffix] No '@' in User-Name = "damuk", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] = noop [eap] EAP packet type response id 98 length 80 [eap] Continuing tunnel setup. ++[eap] = ok +} # group authorize = ok Found Auth-Type = EAP # Executing group from file /etc/freeradius/sites-enabled/default +group authenticate { [eap] Request found, released from the list [eap] EAP/peap [eap] processing type peap [peap] processing EAP-TLS [peap] eaptls_verify returned 7 [peap] Done initial handshake [peap] eaptls_process returned 7 [peap] EAPTLS_OK [peap] Session established. Decoding tunneled attributes. [peap] Peap state send tlv success [peap] Received EAP-TLV response. [peap] Success [eap] Freeing handler ++[eap] = ok +} # group authenticate = ok Login OK: [damuk/] (from client ThanWiFi-3-1 port 3 cli 64-B3-10-8D-97-D0) # Executing section post-auth from file /etc/freeradius/sites-enabled/default +group post-auth { [sql] expand: %{User-Name} -> damuk [sql] sql_set_user escaped user --> 'damuk' [sql] expand: %{User-Password} -> [sql] ... expanding second conditional [sql] expand: %{Chap-Password} -> [sql] expand: INSERT INTO radpostauth (username, pass, reply, authdate) VALUES ( '%{User-Name}', '%{%{User-Password}:-%{Chap-Password}}', '%{reply:Packet-Type}', '%S') -> INSERT INTO radpostauth (username, pass, reply, authdate) VALUES ( 'damuk', '', 'Access-Accept', '2016-03-07 17:09:19') rlm_sql (sql) in sql_postauth: query is INSERT INTO radpostauth (username, pass, reply, authdate) VALUES ( 'damuk', '', 'Access-Accept', '2016-03-07 17:09:19') rlm_sql (sql): Reserving sql socket id: 3 rlm_sql (sql): Released sql socket id: 3 ++[sql] = ok ++[exec] = noop +} # group post-auth = ok Sending Access-Accept of id 199 to 10.0.0.131 port 46766 MS-MPPE-Recv-Key = 0x63c1e86b3f138caa4bc0d5a5ef3dc1590079e5f63dd6e94853fdec13904e4235 MS-MPPE-Send-Key = 0x8ffd3ec2b41627ddccf7ad9c588d59fd98e064a86c1e13e43420ae079890cdb4 EAP-Message = 0x03620004 Message-Authenticator = 0x00000000000000000000000000000000 User-Name = "damuk" Finished request 37. Going to the next request Waking up in 2.9 seconds. rad_recv: Accounting-Request packet from host 10.0.0.131 port 36856, id=200, length=174 Acct-Session-Id = "56D94100-0000021D" Acct-Status-Type = Start Acct-Authentic = RADIUS User-Name = "damuk" NAS-Identifier = "ThanWiFi-3-1" Called-Station-Id = "C4-6E-1F-31-EE-F2:ThanWiFi" NAS-Port-Type = Wireless-802.11 NAS-Port = 3 Calling-Station-Id = "64-B3-10-8D-97-D0" Connect-Info = "CONNECT 54Mbps 802.11g" Acct-Session-Id = "56D94100-0000021D" # Executing section preacct from file /etc/freeradius/sites-enabled/default +group preacct { ++[preprocess] = ok [acct_unique] Hashing 'NAS-Port = 3,NAS-Identifier = "ThanWiFi-3-1",NAS-IP-Address = 10.0.0.131,Acct-Session-Id = "56D94100-0000021D",User-Name = "damuk"' [acct_unique] Acct-Unique-Session-ID = "176e179137a2dc6e". ++[acct_unique] = ok [suffix] No '@' in User-Name = "damuk", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] = noop ++[files] = noop +} # group preacct = ok # Executing section accounting from file /etc/freeradius/sites-enabled/default +group accounting { [detail] expand: %{Packet-Src-IP-Address} -> 10.0.0.131 [detail] expand: /var/log/freeradius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/detail-%Y%m%d -> /var/log/freeradius/radacct/10.0.0.131/detail-20160307 [detail] /var/log/freeradius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/detail-%Y%m%d expands to /var/log/freeradius/radacct/10.0.0.131/detail-20160307 [detail] expand: %t -> Mon Mar 7 17:09:19 2016 ++[detail] = ok ++[unix] = ok [radutmp] expand: /var/log/freeradius/radutmp -> /var/log/freeradius/radutmp [radutmp] expand: %{User-Name} -> damuk ++[radutmp] = ok [sql] expand: %{User-Name} -> damuk [sql] sql_set_user escaped user --> 'damuk' [sql] expand: %{Acct-Delay-Time} -> [sql] ... expanding second conditional [sql] expand: INSERT INTO radacct (acctsessionid, acctuniqueid, username, realm, nasipaddress, nasportid, nasporttype, acctstarttime, acctstoptime, acctsessiontime, acctauthentic, connectinfo_start, connectinfo_stop, acctinputoctets, acctoutputoctets, calledstationid, callingstationid, acctterminatecause, servicetype, framedprotocol, framedipaddress, acctstartdelay, acctstopdelay, xascendsessionsvrkey) VALUES ('%{Acct-Session-Id}', '%{Acct-Unique-Session-Id}', '%{SQL-User-Name}', '%{Realm}', '%{NAS-IP-Address}', '%{NAS-Port}', '%{NAS-Port-Type}', '%S', NULL, '0', '%{Acct-Authentic}', '%{Connect-Info}', '', '0', '0', '%{Called-Station-Id}', '%{Calling-Station-Id}', '', '%{Service-Type}', '%{Framed-Protocol}', '%{Framed-IP-Address}', rlm_sql (sql): Reserving sql socket id: 2 rlm_sql (sql): Released sql socket id: 2 ++[sql] = ok ++[exec] = noop [attr_filter.accounting_response] expand: %{User-Name} -> damuk attr_filter: Matched entry DEFAULT at line 12 ++[attr_filter.accounting_response] = updated +} # group accounting = updated Sending Accounting-Response of id 200 to 10.0.0.131 port 36856 Finished request 38. Cleaning up request 38 ID 200 with timestamp +172 Going to the next request Waking up in 2.9 seconds. Cleaning up request 20 ID 182 with timestamp +170 Cleaning up request 21 ID 183 with timestamp +170 Cleaning up request 22 ID 184 with timestamp +170 Cleaning up request 23 ID 185 with timestamp +170 Cleaning up request 24 ID 186 with timestamp +170 Cleaning up request 25 ID 187 with timestamp +170 Cleaning up request 26 ID 188 with timestamp +170 Cleaning up request 27 ID 189 with timestamp +170 Cleaning up request 28 ID 190 with timestamp +170 Waking up in 1.5 seconds. Cleaning up request 29 ID 191 with timestamp +172 Cleaning up request 30 ID 192 with timestamp +172 Cleaning up request 31 ID 193 with timestamp +172 Cleaning up request 32 ID 194 with timestamp +172 Cleaning up request 33 ID 195 with timestamp +172 Cleaning up request 34 ID 196 with timestamp +172 Cleaning up request 35 ID 197 with timestamp +172 Cleaning up request 36 ID 198 with timestamp +172 Cleaning up request 37 ID 199 with timestamp +172 Ready to process requests. rad_recv: Accounting-Request packet from host 10.0.0.123 port 45678, id=86, length=211 Acct-Session-Id = "56D940D8-000000EA" Acct-Status-Type = Stop Acct-Authentic = RADIUS User-Name = "tenyii" NAS-Identifier = "ThanWiFi-2-3" Called-Station-Id = "C4-6E-1F-31-EE-FC:ThanWiFi" NAS-Port-Type = Wireless-802.11 NAS-Port = 2 Calling-Station-Id = "9C-AD-97-B8-EE-66" Connect-Info = "CONNECT 54Mbps 802.11g" Acct-Session-Id = "56D940D8-000000EA" Acct-Session-Time = 5203 Acct-Input-Packets = 91828 Acct-Output-Packets = 73405 Acct-Input-Octets = 78243111 Acct-Output-Octets = 47152719 Event-Timestamp = "Mar 7 2016 17:10:14 CET" # Executing section preacct from file /etc/freeradius/sites-enabled/default +group preacct { ++[preprocess] = ok [acct_unique] Hashing 'NAS-Port = 2,NAS-Identifier = "ThanWiFi-2-3",NAS-IP-Address = 10.0.0.123,Acct-Session-Id = "56D940D8-000000EA",User-Name = "tenyii"' [acct_unique] Acct-Unique-Session-ID = "867d8d41938725ed". ++[acct_unique] = ok [suffix] No '@' in User-Name = "tenyii", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] = noop ++[files] = noop +} # group preacct = ok # Executing section accounting from file /etc/freeradius/sites-enabled/default +group accounting { [detail] expand: %{Packet-Src-IP-Address} -> 10.0.0.123 [detail] expand: /var/log/freeradius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/detail-%Y%m%d -> /var/log/freeradius/radacct/10.0.0.123/detail-20160307 [detail] /var/log/freeradius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/detail-%Y%m%d expands to /var/log/freeradius/radacct/10.0.0.123/detail-20160307 [detail] expand: %t -> Mon Mar 7 17:10:14 2016 ++[detail] = ok ++[unix] = ok [radutmp] expand: /var/log/freeradius/radutmp -> /var/log/freeradius/radutmp [radutmp] expand: %{User-Name} -> tenyii ++[radutmp] = ok [sql] expand: %{User-Name} -> tenyii [sql] sql_set_user escaped user --> 'tenyii' [sql] expand: %{Acct-Input-Gigawords} -> [sql] ... expanding second conditional [sql] expand: %{Acct-Input-Octets} -> 78243111 [sql] expand: %{Acct-Output-Gigawords} -> [sql] ... expanding second conditional [sql] expand: %{Acct-Output-Octets} -> 47152719 [sql] expand: %{Acct-Delay-Time} -> [sql] ... expanding second conditional [sql] expand: UPDATE radacct SET acctstoptime = '%S', acctsessiontime = '%{Acct-Session-Time}', acctinputoctets = '%{%{Acct-Input-Gigawords}:-0}' << 32 | '%{%{Acct-Input-Octets}:-0}', acctoutputoctets = '%{%{Acct-Output-Gigawords}:-0}' << 32 | '%{%{Acct-Output-Octets}:-0}', acctterminatecause = '%{Acct-Terminate-Cause}', acctstopdelay = '%{%{Acct-Delay-Time}:-0}', connectinfo_stop = '%{Connect-Info}' WHERE acctsessionid = '%{Acct-Session-Id}' AND username = '%{SQL-User-Name}' AND nasipaddress = '%{NAS-IP-Address}' -> UPDATE radacct SET acctstoptime = '2016-03-07 17:10:14', acctsessiontime = '5203', acctinputoctets = '0' << 32 | '78243111', acctoutputoctets = '0' << rlm_sql (sql): Reserving sql socket id: 1 [sql] expand: %{Acct-Session-Time} -> 5203 [sql] expand: %{Acct-Delay-Time} -> [sql] ... expanding second conditional [sql] expand: %{Acct-Input-Gigawords} -> [sql] ... expanding second conditional [sql] expand: %{Acct-Input-Octets} -> 78243111 [sql] expand: %{Acct-Output-Gigawords} -> [sql] ... expanding second conditional [sql] expand: %{Acct-Output-Octets} -> 47152719 [sql] expand: %{Acct-Delay-Time} -> [sql] ... expanding second conditional [sql] expand: INSERT INTO radacct (acctsessionid, acctuniqueid, username, realm, nasipaddress, nasportid, nasporttype, acctstarttime, acctstoptime, acctsessiontime, acctauthentic, connectinfo_start, connectinfo_stop, acctinputoctets, acctoutputoctets, calledstationid, callingstationid, acctterminatecause, servicetype, framedprotocol, framedipaddress, acctstartdelay, acctstopdelay) VALUES ('%{Acct-Session-Id}', '%{Acct-Unique-Session-Id}', '%{SQL-User-Name}', '%{Realm}', '%{NAS-IP-Address}', '%{NAS-Port}', '%{NAS-Port-Type}', DATE_SUB('%S', INTERVAL (%{%{Acct-Session-Time}:-0} + %{%{Acct-Delay-Time}:-0}) SECOND), '%S', '%{Acct-Session-Time}', '%{Acct-Authentic}', '', '%{Connect-Info}', '%{%{Acct-Input-Gigawords}:-0}' << 32 | '%{%{Acct-Inpu rlm_sql (sql): Released sql socket id: 1 ++[sql] = ok ++[exec] = noop [attr_filter.accounting_response] expand: %{User-Name} -> tenyii attr_filter: Matched entry DEFAULT at line 12 ++[attr_filter.accounting_response] = updated +} # group accounting = updated Sending Accounting-Response of id 86 to 10.0.0.123 port 45678 Finished request 39. Cleaning up request 39 ID 86 with timestamp +227 Going to the next request Ready to process requests.