Hi
i have big problem whit my freeradius 2.2.0 whit
mysql
log from freeradius -X
FreeRADIUS Version 2.2.0, for host
i386-portbld-freebsd9.0, built on Dec 18 2012 at 15:56:50
Copyright (C)
1999-2012 The FreeRADIUS server project and contributors.
There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A
PARTICULAR PURPOSE.
You may redistribute copies of FreeRADIUS under the terms of the
GNU
General Public License v2.
Starting - reading configuration files
...
including configuration file
/usr/local/etc/raddb/radiusd.conf
including configuration file
/usr/local/etc/raddb/clients.conf
including files in directory
/usr/local/etc/raddb/modules/
including configuration file
/usr/local/etc/raddb/modules/wimax
including configuration file
/usr/local/etc/raddb/modules/always
including configuration file
/usr/local/etc/raddb/modules/attr_filter
including configuration file
/usr/local/etc/raddb/modules/attr_rewrite
including configuration file
/usr/local/etc/raddb/modules/cache
including configuration file
/usr/local/etc/raddb/modules/chap
including configuration file
/usr/local/etc/raddb/modules/checkval
including configuration file
/usr/local/etc/raddb/modules/counter
including configuration file
/usr/local/etc/raddb/modules/cui
including configuration file
/usr/local/etc/raddb/modules/detail
including configuration file
/usr/local/etc/raddb/modules/detail.example.com
including configuration file
/usr/local/etc/raddb/modules/detail.log
including configuration file
/usr/local/etc/raddb/modules/dhcp_sqlippool
including configuration file
/usr/local/etc/raddb/sql/mysql/ippool-dhcp.conf
including configuration file
/usr/local/etc/raddb/modules/digest
including configuration file
/usr/local/etc/raddb/modules/dynamic_clients
including configuration file
/usr/local/etc/raddb/modules/echo
including configuration file
/usr/local/etc/raddb/modules/etc_group
including configuration file
/usr/local/etc/raddb/modules/exec
including configuration file
/usr/local/etc/raddb/modules/expiration
including configuration file
/usr/local/etc/raddb/modules/expr
including configuration file
/usr/local/etc/raddb/modules/files
including configuration file
/usr/local/etc/raddb/modules/inner-eap
including configuration file
/usr/local/etc/raddb/modules/ippool
including configuration file
/usr/local/etc/raddb/modules/krb5
including configuration file
/usr/local/etc/raddb/modules/ldap
including configuration file
/usr/local/etc/raddb/modules/linelog
including configuration file
/usr/local/etc/raddb/modules/otp
including configuration file
/usr/local/etc/raddb/modules/logintime
including configuration file
/usr/local/etc/raddb/modules/mac2ip
including configuration file
/usr/local/etc/raddb/modules/mac2vlan
including configuration file
/usr/local/etc/raddb/modules/mschap
including configuration file
/usr/local/etc/raddb/modules/ntlm_auth
including configuration file
/usr/local/etc/raddb/modules/opendirectory
including configuration file
/usr/local/etc/raddb/modules/pam
including configuration file
/usr/local/etc/raddb/modules/pap
including configuration file
/usr/local/etc/raddb/modules/passwd
including configuration file
/usr/local/etc/raddb/modules/perl
including configuration file
/usr/local/etc/raddb/modules/policy
including configuration file
/usr/local/etc/raddb/modules/preprocess
including configuration file
/usr/local/etc/raddb/modules/radrelay
including configuration file
/usr/local/etc/raddb/modules/radutmp
including configuration file
/usr/local/etc/raddb/modules/realm
including configuration file
/usr/local/etc/raddb/modules/redis
including configuration file
/usr/local/etc/raddb/modules/rediswho
including configuration file
/usr/local/etc/raddb/modules/replicate
including configuration file
/usr/local/etc/raddb/modules/smbpasswd
including configuration file
/usr/local/etc/raddb/modules/smsotp
including configuration file
/usr/local/etc/raddb/modules/soh
including configuration file
/usr/local/etc/raddb/modules/sql_log
including configuration file
/usr/local/etc/raddb/modules/sqlcounter_expire_on_login
including
configuration file /usr/local/etc/raddb/modules/sradutmp
including
configuration file /usr/local/etc/raddb/modules/unix
including configuration
file /usr/local/etc/raddb/modules/acct_unique
including configuration file
/usr/local/etc/raddb/eap.conf
including configuration file
/usr/local/etc/raddb/sql.conf
including configuration file
/usr/local/etc/raddb/sql/mysql/dialup.conf
including configuration file
/usr/local/etc/raddb/sql/mysql/counter.conf
including configuration file
/usr/local/etc/raddb/policy.conf
including files in directory
/usr/local/etc/raddb/sites-enabled/
including configuration file
/usr/local/etc/raddb/sites-enabled/default
including configuration file
/usr/local/etc/raddb/sites-enabled/inner-tunnel
including configuration file
/usr/local/etc/raddb/sites-enabled/control-socket
main {
user =
"freeradius"
group = "freeradius"
allow_core_dumps =
no
}
including dictionary file /usr/local/etc/raddb/dictionary
main
{
name = "radiusd"
prefix =
"/usr/local"
localstatedir = "/var"
sbindir =
"/usr/local/sbin"
logdir = "/var/log"
run_dir =
"/var/run/radiusd"
libdir =
"/usr/local/lib/freeradius-2.2.0"
radacctdir =
"/var/log/radacct"
hostname_lookups = no
max_request_time =
30
cleanup_delay = 5
max_requests = 1024
pidfile =
"/var/run/radiusd/radiusd.pid"
checkrad =
"/usr/local/sbin/checkrad"
debug_level = 0
proxy_requests =
yes
log {
stripped_names = no
auth =
no
auth_badpass = no
auth_goodpass =
no
}
security {
max_attributes =
200
reject_delay = 1
status_server =
yes
}
}
radiusd: #### Loading Realms and Home Servers
####
radiusd: #### Loading Clients ####
client localhost
{
ipaddr = 127.0.0.1
require_message_authenticator =
no
secret = "testing123"
nastype =
"other"
}
radiusd: #### Instantiating modules
####
instantiate {
Module: Linked to module
rlm_exec
Module: Instantiating module "exec" from file
/usr/local/etc/raddb/modules/exec
exec {
wait =
no
input_pairs = "request"
shell_escape = yes
}
Module: Linked to module rlm_expr
Module: Instantiating
module "expr" from file /usr/local/etc/raddb/modules/expr
Module:
Linked to module rlm_expiration
Module: Instantiating module
"expiration" from file /usr/local/etc/raddb/modules/expiration
expiration {
reply-message = "Password Has Expired "
}
Module: Linked to module rlm_logintime
Module: Instantiating
module "logintime" from file /usr/local/etc/raddb/modules/logintime
logintime {
reply-message = "You are calling outside your allowed
timespan "
minimum-timeout = 60
}
}
radiusd: #### Loading Virtual Servers ####
server { # from
file /usr/local/etc/raddb/radiusd.conf
modules {
Module:
Creating Auth-Type = digest
Module: Creating Post-Auth-Type =
REJECT
Module: Checking authenticate {...} for more modules to
load
Module: Linked to module rlm_mschap
Module: Instantiating
module "mschap" from file /usr/local/etc/raddb/modules/mschap
mschap
{
use_mppe = yes
require_encryption =
no
require_strong = no
with_ntdomain_hack =
no
allow_retry = yes
}
Module: Linked to module
rlm_digest
Module: Instantiating module "digest" from file
/usr/local/etc/raddb/modules/digest
Module: Checking authorize {...}
for more modules to load
Module: Linked to module
rlm_preprocess
Module: Instantiating module "preprocess" from file
/usr/local/etc/raddb/modules/preprocess
preprocess
{
huntgroups = "/usr/local/etc/raddb/huntgroups"
hints =
"/usr/local/etc/raddb/hints"
with_ascend_hack =
no
ascend_channels_per_line = 23
with_ntdomain_hack =
no
with_specialix_jetstream_hack = no
with_cisco_vsa_hack =
no
with_alvarion_vsa_hack = no
}
reading pairlist file
/usr/local/etc/raddb/huntgroups
reading pairlist file
/usr/local/etc/raddb/hints
Module: Linked to module
rlm_chap
Module: Instantiating module "chap" from file
/usr/local/etc/raddb/modules/chap
Module: Linked to module
rlm_realm
Module: Instantiating module "suffix" from file
/usr/local/etc/raddb/modules/realm
realm suffix {
format =
"suffix"
delimiter = "@"
ignore_default =
no
ignore_null = no
}
Module: Linked to module
rlm_eap
Module: Instantiating module "eap" from file
/usr/local/etc/raddb/eap.conf
eap {
default_eap_type =
"md5"
timer_expire = 60
ignore_unknown_eap_types =
no
cisco_accounting_username_bug = no
max_sessions =
4096
}
Module: Linked to sub-module
rlm_eap_md5
Module: Instantiating eap-md5
Module: Linked to
sub-module rlm_eap_leap
Module: Instantiating eap-leap
Module:
Linked to sub-module rlm_eap_gtc
Module: Instantiating
eap-gtc
gtc {
challenge = "Password:
"
auth_type = "PAP"
}
Module: Linked to
sub-module rlm_eap_tls
Module: Instantiating eap-tls
tls {
rsa_key_exchange = no
dh_key_exchange =
yes
rsa_key_length = 512
dh_key_length =
512
verify_depth = 0
CA_path =
"/usr/local/etc/raddb/certs"
pem_file_type =
yes
private_key_file =
"/usr/local/etc/raddb/certs/server.pem"
certificate_file =
"/usr/local/etc/raddb/certs/server.pem"
CA_file =
"/usr/local/etc/raddb/certs/ca.pem"
private_key_password =
"whatever"
dh_file =
"/usr/local/etc/raddb/certs/dh"
random_file =
"/usr/local/etc/raddb/certs/random"
fragment_size =
1024
include_length = yes
check_crl = no
cipher_list
= "DEFAULT"
make_cert_command =
"/usr/local/etc/raddb/certs/bootstrap"
ecdh_curve =
"prime256v1"
cache {
enable =
no
lifetime = 24
max_entries = 255
}
verify {
}
ocsp {
enable = no
override_cert_url = yes
url = "http://127.0.0.1/ocsp/"
use_nonce = yes
timeout =
0
softfail = no
}
}
Module: Linked to sub-module rlm_eap_ttls
Module:
Instantiating eap-ttls
ttls {
default_eap_type =
"md5"
copy_request_to_tunnel = no
use_tunneled_reply =
no
virtual_server = "inner-tunnel"
include_length =
yes
}
Module: Linked to sub-module
rlm_eap_peap
Module: Instantiating eap-peap
peap
{
default_eap_type = "mschapv2"
copy_request_to_tunnel =
no
use_tunneled_reply = no
proxy_tunneled_request_as_eap =
yes
virtual_server = "inner-tunnel"
soh = no
}
Module: Linked to sub-module rlm_eap_mschapv2
Module:
Instantiating eap-mschapv2
mschapv2
{
with_ntdomain_hack = no
send_error = no
}
Module: Linked to module rlm_sql
Module: Instantiating
module "sql" from file /usr/local/etc/raddb/sql.conf
sql
{
driver = "rlm_sql_mysql"
server = "localhost"
port
= ""
login = "root"
password = "diablo"
radius_db =
"radius"
read_groups = yes
sqltrace = no
sqltracefile
= "/var/log/sqltrace.sql"
readclients =
yes
deletestalesessions = yes
num_sql_socks =
5
lifetime = 0
max_queries = 0
sql_user_name =
"%{User-Name}"
default_user_profile = ""
nas_query = "SELECT
id, nasname, shortname, type, secret, server FROM
nas"
authorize_check_query = "SELECT id, username, attribute, value,
op FROM
radcheck WHERE
username = '%{SQL-User-Name}' AND status =
'1' ORDER BY
id"
authorize_reply_query = "SELECT id, username, attribute, value,
op FROM
radreply WHERE
username =
'%{SQL-User-Name}'
ORDER BY id"
authorize_group_check_query = "SELECT id, groupname,
attribute, Value,
op FROM
radgroupcheck WHERE
groupname =
'%{Sql-Group}' ORDER
BY id"
authorize_group_reply_query = "SELECT id, groupname,
attribute, value,
op FROM
radgroupreply WHERE
groupname =
'%{Sql-Group}' ORDER
BY id"
accounting_onoff_query =
" UPDATE
radacct
SET
acctstoptime =
'%S',
acctsessiontime = unix_timestamp('%S')
-
unix_timestamp(acctstarttime),
acctterminatecause =
'%{Acct-Terminate-Cause}',
acctstopdelay =
%{%{Acct-Delay-Time}:-0}
WHERE acctstoptime IS
NULL AND
nasipaddress =
'%{NAS-IP-Address}'
AND acctstarttime <=
'%S'"
accounting_update_query =
" UPDATE
radacct
SET
framedipaddress =
'%{Framed-IP-Address}',
acctsessiontime =
'%{Acct-Session-Time}',
acctinputoctets = '%{%{Acct-Input-Gigawords}:-0}'
<< 32
|
'%{%{Acct-Input-Octets}:-0}',
acctoutputoctets = '%{%{Acct-Output-Gigawords}:-0}' <<
32
|
'%{%{Acct-Output-Octets}:-0}'
WHERE acctsessionid =
'%{Acct-Session-Id}'
AND username =
'%{SQL-User-Name}'
AND nasipaddress =
'%{NAS-IP-Address}'"
accounting_update_query_alt =
" INSERT INTO
radacct
(acctsessionid, acctuniqueid,
username,
realm,
nasipaddress,
nasportid,
nasporttype,
acctstarttime,
acctsessiontime,
acctauthentic, connectinfo_start,
acctinputoctets,
acctoutputoctets, calledstationid,
callingstationid,
servicetype, framedprotocol,
framedipaddress,
acctstartdelay,
xascendsessionsvrkey)
VALUES
('%{Acct-Session-Id}',
'%{Acct-Unique-Session-Id}',
'%{SQL-User-Name}',
'%{Realm}', '%{NAS-IP-Address}',
'%{NAS-Port}',
'%{NAS-Port-Type}',
DATE_SUB('%S',
INTERVAL (%{%{Acct-Session-Time}:-0}
+
%{%{Acct-Delay-Time}:-0})
SECOND),
'%{Acct-Session-Time}',
'%{Acct-Authentic}',
'',
'%{%{Acct-Input-Gigawords}:-0}' << 32
|
'%{%{Acct-Input-Octets}:-0}',
'%{%{Acct-Output-Gigawords}:-0}' << 32
|
'%{%{Acct-Output-Octets}:-0}',
'%{Called-Station-Id}',
'%{Calling-Station-Id}',
'%{Service-Type}',
'%{Framed-Protocol}',
'%{Framed-IP-Address}',
'0', '%{X-Ascend-Session-Svr-Key}')"
accounting_start_query =
" INSERT INTO
radacct
(acctsessionid, acctuniqueid,
username,
realm,
nasipaddress,
nasportid,
nasporttype, acctstarttime,
acctstoptime,
acctsessiontime, acctauthentic,
connectinfo_start,
connectinfo_stop, acctinputoctets,
acctoutputoctets,
calledstationid, callingstationid,
acctterminatecause,
servicetype, framedprotocol,
framedipaddress,
acctstartdelay, acctstopdelay,
xascendsessionsvrkey)
VALUES
('%{Acct-Session-Id}',
'%{Acct-Unique-Session-Id}',
'%{SQL-User-Name}',
'%{Realm}', '%{NAS-IP-Address}',
'%{NAS-Port}',
'%{NAS-Port-Type}', '%S',
NULL,
'0', '%{Acct-Authentic}',
'%{Connect-Info}',
'', '0',
'0',
'%{Called-Station-Id}', '%{Calling-Station-Id}',
'',
'%{Service-Type}', '%{Framed-Protocol}',
'%{Framed-IP-Address}',
'%{%{Acct-Delay-Time}:-0}', '0',
'%{X-Ascend-Session-Svr-Key}')"
accounting_start_query_alt =
" UPDATE radacct
SET
acctstarttime =
'%S',
acctstartdelay =
'%{%{Acct-Delay-Time}:-0}',
connectinfo_start =
'%{Connect-Info}'
WHERE acctsessionid =
'%{Acct-Session-Id}'
AND username =
'%{SQL-User-Name}'
AND nasipaddress =
'%{NAS-IP-Address}'"
accounting_stop_query =
" UPDATE radacct
SET
acctstoptime =
'%S',
acctsessiontime =
'%{Acct-Session-Time}',
acctinputoctets = '%{%{Acct-Input-Gigawords}:-0}' << 32
|
'%{%{Acct-Input-Octets}:-0}',
acctoutputoctets = '%{%{Acct-Output-Gigawords}:-0}' << 32
|
'%{%{Acct-Output-Octets}:-0}',
acctterminatecause =
'%{Acct-Terminate-Cause}',
acctstopdelay =
'%{%{Acct-Delay-Time}:-0}',
connectinfo_stop =
'%{Connect-Info}'
WHERE acctsessionid =
'%{Acct-Session-Id}'
AND username =
'%{SQL-User-Name}'
AND nasipaddress =
'%{NAS-IP-Address}'"
accounting_stop_query_alt =
" INSERT INTO
radacct
(acctsessionid, acctuniqueid,
username,
realm, nasipaddress,
nasportid,
nasporttype, acctstarttime,
acctstoptime,
acctsessiontime, acctauthentic,
connectinfo_start,
connectinfo_stop, acctinputoctets,
acctoutputoctets,
calledstationid, callingstationid,
acctterminatecause,
servicetype, framedprotocol,
framedipaddress,
acctstartdelay,
acctstopdelay)
VALUES
('%{Acct-Session-Id}',
'%{Acct-Unique-Session-Id}',
'%{SQL-User-Name}',
'%{Realm}', '%{NAS-IP-Address}',
'%{NAS-Port}',
'%{NAS-Port-Type}',
DATE_SUB('%S',
INTERVAL (%{%{Acct-Session-Time}:-0}
+
%{%{Acct-Delay-Time}:-0})
SECOND),
'%S', '%{Acct-Session-Time}', '%{Acct-Authentic}',
'',
'%{Connect-Info}',
'%{%{Acct-Input-Gigawords}:-0}' << 32
|
'%{%{Acct-Input-Octets}:-0}',
'%{%{Acct-Output-Gigawords}:-0}' << 32
|
'%{%{Acct-Output-Octets}:-0}',
'%{Called-Station-Id}',
'%{Calling-Station-Id}',
'%{Acct-Terminate-Cause}',
'%{Service-Type}', '%{Framed-Protocol}',
'%{Framed-IP-Address}',
'0', '%{%{Acct-Delay-Time}:-0}')"
group_membership_query = "SELECT
groupname FROM
radusergroup WHERE
username =
'%{SQL-User-Name}'
ORDER BY priority"
connect_failure_retry_delay =
60
simul_count_query = ""
simul_verify_query = "SELECT
radacctid, acctsessionid,
username,
nasipaddress, nasportid,
framedipaddress,
callingstationid,
framedprotocol
FROM
radacct
WHERE username =
'%{SQL-User-Name}'
AND acctstoptime IS NULL"
postauth_query = "INSERT INTO
radpostauth
(username, pass, reply,
authdate)
VALUES
(
'%{User-Name}',
'%{%{User-Password}:-%{Chap-Password}}',
'%{reply:Packet-Type}', '%S')"
safe-characters =
"@abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789.-_:
/"
}
rlm_sql (sql): Driver rlm_sql_mysql (module rlm_sql_mysql)
loaded and linked
rlm_sql (sql): Attempting to connect to root@localhost:/radius
rlm_sql (sql): starting 0
rlm_sql
(sql): Attempting to connect rlm_sql_mysql #0
rlm_sql_mysql: Starting connect
to MySQL server for #0
rlm_sql (sql): Connected new DB handle, #0
rlm_sql
(sql): starting 1
rlm_sql (sql): Attempting to connect rlm_sql_mysql
#1
rlm_sql_mysql: Starting connect to MySQL server for #1
rlm_sql (sql):
Connected new DB handle, #1
rlm_sql (sql): starting 2
rlm_sql (sql):
Attempting to connect rlm_sql_mysql #2
rlm_sql_mysql: Starting connect to
MySQL server for #2
rlm_sql (sql): Connected new DB handle, #2
rlm_sql
(sql): starting 3
rlm_sql (sql): Attempting to connect rlm_sql_mysql
#3
rlm_sql_mysql: Starting connect to MySQL server for #3
rlm_sql (sql):
Connected new DB handle, #3
rlm_sql (sql): starting 4
rlm_sql (sql):
Attempting to connect rlm_sql_mysql #4
rlm_sql_mysql: Starting connect to
MySQL server for #4
rlm_sql (sql): Connected new DB handle, #4
rlm_sql
(sql): Processing generate_sql_clients
rlm_sql (sql) in generate_sql_clients:
query is SELECT id, nasname, shortname, type, secret, server FROM nas
rlm_sql
(sql): Reserving sql socket id: 4
rlm_sql (sql): Read entry
nasname=192.168.30.1,shortname=batorego,secret=test
rlm_sql (sql): Adding
client 192.168.30.1 (batorego, server=<none>) to clients list
rlm_sql
(sql): Released sql socket id: 4
Module: Linked to module
rlm_pap
Module: Instantiating module "pap" from file
/usr/local/etc/raddb/modules/pap
pap {
encryption_scheme =
"auto"
auto_header = no
}
Module: Checking preacct
{...} for more modules to load
Module: Linked to module
rlm_acct_unique
Module: Instantiating module "acct_unique" from file
/usr/local/etc/raddb/modules/acct_unique
acct_unique {
key =
"User-Name, Acct-Session-Id, NAS-IP-Address, NAS-Identifier, NAS-Port"
}
Module: Linked to module rlm_files
Module: Instantiating
module "files" from file /usr/local/etc/raddb/modules/files
files
{
usersfile = "/usr/local/etc/raddb/users"
acctusersfile =
"/usr/local/etc/raddb/acct_users"
preproxy_usersfile =
"/usr/local/etc/raddb/preproxy_users"
compat = "no"
}
reading pairlist file /usr/local/etc/raddb/users
reading pairlist file
/usr/local/etc/raddb/acct_users
reading pairlist file
/usr/local/etc/raddb/preproxy_users
Module: Checking accounting {...}
for more modules to load
Module: Linked to module
rlm_detail
Module: Instantiating module "detail" from file
/usr/local/etc/raddb/modules/detail
detail {
detailfile =
"/var/log/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/detail-%Y%m%d"
header
= "%t"
detailperm = 384
dirperm = 493
locking =
no
log_packet_header = no
}
Module: Checking session
{...} for more modules to load
Module: Linked to module
rlm_radutmp
Module: Instantiating module "radutmp" from file
/usr/local/etc/raddb/modules/radutmp
radutmp {
filename =
"/var/log/radutmp"
username = "%{User-Name}"
case_sensitive =
yes
check_with_nas = yes
perm = 384
callerid =
yes
}
Module: Checking post-proxy {...} for more modules to
load
Module: Checking post-auth {...} for more modules to
load
Module: Linked to module rlm_sql_log
Module:
Instantiating module "sql_log" from file
/usr/local/etc/raddb/modules/sql_log
sql_log {
path =
"/var/log/radacct/sql-relay"
Post-Auth = "INSERT INTO
radpostauth
(username, pass, reply, authdate)
VALUES
('%{User-Name}',
'%{User-Password:-Chap-Password}',
'%{reply:Packet-Type}', '%S');"
sql_user_name =
"%{%{User-Name}:-DEFAULT}"
utf8 = no
safe-characters =
"@abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789.-_:
/"
}
Module: Linked to module
rlm_attr_filter
Module: Instantiating module
"attr_filter.access_reject" from file
/usr/local/etc/raddb/modules/attr_filter
attr_filter
attr_filter.access_reject {
attrsfile =
"/usr/local/etc/raddb/attrs.access_reject"
key =
"%{User-Name}"
relaxed = no
}
reading pairlist file
/usr/local/etc/raddb/attrs.access_reject
} # modules
} #
server
server inner-tunnel { # from file
/usr/local/etc/raddb/sites-enabled/inner-tunnel
modules
{
Module: Checking authenticate {...} for more modules to
load
Module: Linked to module rlm_unix
Module: Instantiating
module "unix" from file /usr/local/etc/raddb/modules/unix
unix
{
radwtmp = "/var/log/radwtmp"
}
Module: Checking
authorize {...} for more modules to load
Module: Checking session {...}
for more modules to load
Module: Checking post-proxy {...} for more
modules to load
Module: Checking post-auth {...} for more modules to
load
} # modules
} # server
radiusd: #### Opening IP addresses
and Ports ####
listen {
type = "auth"
ipaddr =
*
port = 0
}
listen {
type = "acct"
ipaddr =
*
port = 0
}
listen {
type = "control"
listen
{
socket = "/var/run/radiusd/radiusd.sock"
}
}
listen
{
type = "auth"
ipaddr = 127.0.0.1
port =
18120
}
Listening on authentication address * port 1812
Listening on
accounting address * port 1813
Listening on command file
/var/run/radiusd/radiusd.sock
Listening on authentication address 127.0.0.1
port 18120 as server inner-tunnel
Listening on proxy address * port
1814
Ready to process requests.
rad_recv: Access-Request packet from host
192.168.30.25 port 56465, id=93, length=192
Service-Type =
Framed-User
Framed-Protocol = PPP
NAS-Port =
52088
NAS-Port-Type = Ethernet
User-Name =
"makowska_t"
Calling-Station-Id =
"00:02:72:72:AC:26"
Called-Station-Id = "osiedle"
NAS-Port-Id
= "anteny2.4"
MS-CHAP-Challenge =
0xb141e7a2b9fa3b6ce38853fca0b840ab
MS-CHAP2-Response =
0x0100fd95e527bf09943e54f4835baa4684ae0000000000000000e19fa7e004fd1ff998159565eacaeb94f1b53d4e89db66e1
NAS-Identifier
= "OSIEDLE"
NAS-IP-Address = 192.168.30.25
# Executing section
authorize from file /usr/local/etc/raddb/sites-enabled/default
+- entering
group authorize {...}
++[preprocess] returns ok
++[chap] returns
noop
[mschap] Found MS-CHAP attributes. Setting 'Auth-Type =
mschap'
++[mschap] returns ok
[suffix] No '@' in User-Name
= "makowska_t", looking up realm NULL
[suffix] No such realm
"NULL"
++[suffix] returns noop
[eap] No EAP-Message, not doing
EAP
++[eap] returns noop
[sql] expand: %{User-Name} ->
makowska_t
[sql] sql_set_user escaped user --> 'makowska_t'
rlm_sql
(sql): Reserving sql socket id: 3
[sql] expand: SELECT id, username,
attribute, value, op
FROM radcheck WHERE
username = '%{SQL-User-Name}' AND status =
'1' ORDER BY id ->
SELECT id, username, attribute, value,
op FROM
radcheck WHERE
username = 'makowska_t' AND status =
'1' ORDER BY id
[sql]
expand: SELECT
groupname FROM
radusergroup WHERE
username =
'%{SQL-User-Name}'
ORDER BY priority -> SELECT
groupname FROM
radusergroup WHERE
username =
'makowska_t' ORDER
BY priority
rlm_sql (sql): Released sql socket id: 3
[sql] User makowska_t
not found
++[sql] returns notfound
[pap] WARNING! No "known good" password
found for the user. Authentication may fail because of this.
++[pap]
returns noop
Found Auth-Type = MSCHAP
# Executing group from file
/usr/local/etc/raddb/sites-enabled/default
+- entering group MS-CHAP
{...}
[mschap] No Cleartext-Password configured. Cannot create
LM-Password.
[mschap] No Cleartext-Password configured. Cannot create
NT-Password.
[mschap] Creating challenge hash with username:
makowska_t
[mschap] Client is using MS-CHAPv2 for makowska_t, we need
NT-Password
[mschap] FAILED: No NT/LM-Password. Cannot perform
authentication.
[mschap] FAILED: MS-CHAP2-Response is incorrect
++[mschap]
returns reject
Failed to authenticate the user.
Using Post-Auth-Type
REJECT
# Executing group from file
/usr/local/etc/raddb/sites-enabled/default
+- entering group REJECT
{...}
[sql] expand: %{User-Name} -> makowska_t
[sql] sql_set_user
escaped user --> 'makowska_t'
[sql] expand: %{User-Password} ->
[sql] ... expanding second conditional
[sql] expand:
%{Chap-Password} ->
[sql] expand: INSERT INTO
radpostauth
(username, pass, reply,
authdate)
VALUES
(
'%{User-Name}',
'%{%{User-Password}:-%{Chap-Password}}',
'%{reply:Packet-Type}', '%S') -> INSERT INTO
radpostauth
(username, pass, reply,
authdate)
VALUES
(
'makowska_t',
'',
'Access-Reject', '2013-01-31 14:34:41')
rlm_sql (sql) in sql_postauth: query
is INSERT INTO
radpostauth
(username, pass, reply,
authdate)
VALUES
(
'makowska_t',
'',
'Access-Reject', '2013-01-31 14:34:41')
rlm_sql (sql): Reserving sql socket
id: 2
rlm_sql (sql): Released sql socket id: 2
++[sql] returns
ok
[attr_filter.access_reject] expand: %{User-Name} ->
makowska_t
attr_filter: Matched entry DEFAULT at line
11
++[attr_filter.access_reject] returns updated
Delaying reject of
request 0 for 1 seconds
Going to the next request
When a
combination of coding mschapv1 everything works ok
all options in :/sites-enabled (defoult and
inner-tunnel) whot 'sql' enabled.