Freeradius-Users
Threads by month
- ----- 2026 -----
- July
- June
- May
- April
- March
- February
- January
- ----- 2025 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2024 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2023 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2022 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2021 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2020 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2019 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2018 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2017 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2016 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2015 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2014 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2013 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2012 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2011 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2010 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2009 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2008 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2007 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2006 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2005 -----
- December
- November
- October
- September
- August
- July
- June
- May
July 2005
- 219 participants
- 323 discussions
I am running FC 4 with freeradius 1.0.3 and mysql 4.1.11. I can
authenticate to a MYSQL database, with NTRadPing Test Utility, when running
in debug BUT, I can not get FreeRadius to authenticate when I am running the
daemon.
I have changed the user and group both to root and I still can not get it to
authenticate.
Below is the radius -X output. Below that are copies of my /etc/group,
/etc/shadow and /etc/passwd files.
Below that is the radius log from the failed connections
Can someone PLEASE help me out here?????
[root@ raddb]# radiusd -X
Starting - reading configuration files ...
reread_config: reading radiusd.conf
Config: including file: /etc/raddb/proxy.conf
Config: including file: /etc/raddb/clients.conf
Config: including file: /etc/raddb/snmp.conf
Config: including file: /etc/raddb/eap.conf
Config: including file: /etc/raddb/sql.conf
main: prefix = "/usr"
main: localstatedir = "/var"
main: logdir = "/var/log/radius"
main: libdir = "/usr/lib"
main: radacctdir = "/var/log/radius/radacct"
main: hostname_lookups = no
main: max_request_time = 30
main: cleanup_delay = 5
main: max_requests = 1024
main: delete_blocked_requests = 0
main: port = 0
main: allow_core_dumps = no
main: log_stripped_names = no
main: log_file = "/var/log/radius/radius.log"
main: log_auth = no
main: log_auth_badpass = yes
main: log_auth_goodpass = no
main: pidfile = "/var/run/radiusd/radiusd.pid"
main: user = "root"
main: group = "root"
main: usercollide = no
main: lower_user = "no"
main: lower_pass = "no"
main: nospace_user = "no"
main: nospace_pass = "no"
main: checkrad = "/usr/sbin/checkrad"
main: proxy_requests = yes
proxy: retry_delay = 5
proxy: retry_count = 3
proxy: synchronous = no
proxy: default_fallback = yes
proxy: dead_time = 120
proxy: post_proxy_authorize = yes
proxy: wake_all_if_all_dead = no
security: max_attributes = 200
security: reject_delay = 1
security: status_server = no
main: debug_level = 0
read_config_files: reading dictionary
read_config_files: reading naslist
Using deprecated naslist file. Support for this will go away soon.
read_config_files: reading clients
read_config_files: reading realms
radiusd: entering modules setup
Module: Library search path is /usr/lib
Module: Loaded exec
exec: wait = yes
exec: program = "(null)"
exec: input_pairs = "request"
exec: output_pairs = "(null)"
exec: packet_type = "(null)"
rlm_exec: Wait=yes but no output defined. Did you mean output=none?
Module: Instantiated exec (exec)
Module: Loaded expr
Module: Instantiated expr (expr)
Module: Loaded PAP
pap: encryption_scheme = "crypt"
Module: Instantiated pap (pap)
Module: Loaded CHAP
Module: Instantiated chap (chap)
Module: Loaded MS-CHAP
mschap: use_mppe = yes
mschap: require_encryption = no
mschap: require_strong = no
mschap: with_ntdomain_hack = no
mschap: passwd = "(null)"
mschap: authtype = "MS-CHAP"
mschap: ntlm_auth = "(null)"
Module: Instantiated mschap (mschap)
Module: Loaded System
unix: cache = no
unix: passwd = "/etc/passwd"
unix: shadow = "/etc/shadow"
unix: group = "/etc/group"
unix: radwtmp = "/var/log/radius/radwtmp"
unix: usegroup = no
unix: cache_reload = 600
Module: Instantiated unix (unix)
Module: Loaded eap
eap: default_eap_type = "md5"
eap: timer_expire = 60
eap: ignore_unknown_eap_types = no
eap: cisco_accounting_username_bug = no
rlm_eap: Loaded and initialized type md5
rlm_eap: Loaded and initialized type leap
gtc: challenge = "Password: "
gtc: auth_type = "PAP"
rlm_eap: Loaded and initialized type gtc
mschapv2: with_ntdomain_hack = no
rlm_eap: Loaded and initialized type mschapv2
Module: Instantiated eap (eap)
Module: Loaded preprocess
preprocess: huntgroups = "/etc/raddb/huntgroups"
preprocess: hints = "/etc/raddb/hints"
preprocess: with_ascend_hack = no
preprocess: ascend_channels_per_line = 23
preprocess: with_ntdomain_hack = no
preprocess: with_specialix_jetstream_hack = no
preprocess: with_cisco_vsa_hack = no
Module: Instantiated preprocess (preprocess)
Module: Loaded realm
realm: format = "suffix"
realm: delimiter = "@"
realm: ignore_default = no
realm: ignore_null = no
Module: Instantiated realm (suffix)
Module: Loaded SQL
sql: driver = "rlm_sql_mysql"
sql: server = "localhost"
sql: port = "3306"
sql: login = "root"
sql: password = "password"
sql: radius_db = "radius"
sql: acct_table = "radacct"
sql: acct_table2 = "radacct"
sql: authcheck_table = "radcheck"
sql: authreply_table = "radreply"
sql: groupcheck_table = "radgroupcheck"
sql: groupreply_table = "radgroupreply"
sql: usergroup_table = "usergroup"
sql: nas_table = "nas"
sql: dict_table = "dictionary"
sql: sqltrace = yes
sql: sqltracefile = "/var/log/radius/sqltrace.sql"
sql: readclients = no
sql: deletestalesessions = yes
sql: num_sql_socks = 5
sql: sql_user_name = "%{User-Name}"
sql: default_user_profile = ""
sql: query_on_not_found = no
sql: authorize_check_query = "SELECT id,UserName,Attribute,Value,op FROM
radcheck WHERE Username = '%{SQL-User-Name}' ORDER BY id"
sql: authorize_reply_query = "SELECT id,UserName,Attribute,Value,op FROM
radreply WHERE Username = '%{SQL-User-Name}' ORDER BY id"
sql: authorize_group_check_query = "SELECT
radgroupcheck.id,radgroupcheck.GroupName,radgroupcheck.Attribute,radgroupche
ck.Value,radgroupcheck.op FROM radgroupcheck,usergroup WHERE
usergroup.Username = '%{SQL-User-Name}' AND usergroup.GroupName =
radgroupcheck.GroupName ORDER BY radgroupcheck.id"
sql: authorize_group_reply_query = "SELECT
radgroupreply.id,radgroupreply.GroupName,radgroupreply.Attribute,radgrouprep
ly.Value,radgroupreply.op FROM radgroupreply,usergroup WHERE
usergroup.Username = '%{SQL-User-Name}' AND usergroup.GroupName =
radgroupreply.GroupName ORDER BY radgroupreply.id"
sql: accounting_onoff_query = "UPDATE radacct SET AcctStopTime='%S',
AcctSessionTime=unix_timestamp('%S') - unix_timestamp(AcctStartTime),
AcctTerminateCause='%{Acct-Terminate-Cause}', AcctStopDelay =
'%{Acct-Delay-Time}' WHERE AcctSessionTime=0 AND AcctStopTime=0 AND
NASIPAddress= '%{NAS-IP-Address}' AND AcctStartTime <= '%S'"
sql: accounting_update_query = "UPDATE radacct ? SET FramedIPAddress =
'%{Framed-IP-Address}', ? AcctSessionTime = '%{Acct-Session-Time}', ?
AcctInputOctets = '%{Acct-Input-Octets}', ? AcctOutputOctets =
'%{Acct-Output-Octets}' ? WHERE AcctSessionId = '%{Acct-Session-Id}' ? AND
UserName = '%{SQL-User-Name}' ? AND NASIPAddress= '%{NAS-IP-Address}'"
sql: accounting_update_query_alt = "INSERT into radacct (AcctSessionId,
AcctUniqueId, UserName, Realm, NASIPAddress, NASPortId, NASPortType,
AcctStartTime, AcctSessionTime, AcctAuthentic, ConnectInfo_start,
AcctInputOctets, AcctOutputOctets, CalledStationId, CallingStationId,
ServiceType, FramedProtocol, FramedIPAddress, AcctStartDelay)
values('%{Acct-Session-Id}', '%{Acct-Unique-Session-Id}',
'%{SQL-User-Name}', '%{Realm}', '%{NAS-IP-Address}', '%{NAS-Port}',
'%{NAS-Port-Type}', DATE_SUB('%S',INTERVAL (%{Acct-Session-Time:-0} +
%{Acct-Delay-Time:-0}) SECOND), '%{Acct-Session-Time}', '%{Acct-Authentic}',
'', '%{Acct-Input-Octets}', '%{Acct-Output-Octets}', '%{Called-Station-Id}',
'%{Calling-Station-Id}', '%{Service-Type}', '%{Framed-Protocol}',
'%{Framed-IP-Address}', '0')"
sql: accounting_start_query = "INSERT into radacct (AcctSessionId,
AcctUniqueId, UserName, Realm, NASIPAddress, NASPortId, NASPortType,
AcctStartTime, AcctStopTime, AcctSessionTime, AcctAuthentic,
ConnectInfo_start, ConnectInfo_stop, AcctInputOctets, AcctOutputOctets,
CalledStationId, CallingStationId, AcctTerminateCause, ServiceType,
FramedProtocol, FramedIPAddress, AcctStartDelay, AcctStopDelay)
values('%{Acct-Session-Id}', '%{Acct-Unique-Session-Id}',
'%{SQL-User-Name}', '%{Realm}', '%{NAS-IP-Address}', '%{NAS-Port}',
'%{NAS-Port-Type}', '%S', '0', '0', '%{Acct-Authentic}', '%{Connect-Info}',
'', '0', '0', '%{Called-Station-Id}', '%{Calling-Station-Id}', '',
'%{Service-Type}', '%{Framed-Protocol}', '%{Framed-IP-Address}',
'%{Acct-Delay-Time}', '0')"
sql: accounting_start_query_alt = "UPDATE radacct SET AcctStartTime = '%S',
AcctStartDelay = '%{Acct-Delay-Time}', ConnectInfo_start = '%{Connect-Info}'
WHERE AcctSessionId = '%{Acct-Session-Id}' AND UserName = '%{SQL-User-Name}'
AND NASIPAddress = '%{NAS-IP-Address}'"
sql: accounting_stop_query = "UPDATE radacct SET AcctStopTime = '%S',
AcctSessionTime = '%{Acct-Session-Time}', AcctInputOctets =
'%{Acct-Input-Octets}', AcctOutputOctets = '%{Acct-Output-Octets}',
AcctTerminateCause = '%{Acct-Terminate-Cause}', AcctStopDelay =
'%{Acct-Delay-Time}', ConnectInfo_stop = '%{Connect-Info}' WHERE
AcctSessionId = '%{Acct-Session-Id}' AND UserName = '%{SQL-User-Name}' AND
NASIPAddress = '%{NAS-IP-Address}'"
sql: accounting_stop_query_alt = "INSERT into radacct (AcctSessionId,
AcctUniqueId, UserName, Realm, NASIPAddress, NASPortId, NASPortType,
AcctStartTime, AcctStopTime, AcctSessionTime, AcctAuthentic,
ConnectInfo_start, ConnectInfo_stop, AcctInputOctets, AcctOutputOctets,
CalledStationId, CallingStationId, AcctTerminateCause, ServiceType,
FramedProtocol, FramedIPAddress, AcctStartDelay, AcctStopDelay)
values('%{Acct-Session-Id}', '%{Acct-Unique-Session-Id}',
'%{SQL-User-Name}', '%{Realm}', '%{NAS-IP-Address}', '%{NAS-Port}',
'%{NAS-Port-Type}', DATE_SUB('%S', INTERVAL (%{Acct-Session-Time:-0} +
%{Acct-Delay-Time:-0}) SECOND), '%S', '%{Acct-Session-Time}',
'%{Acct-Authentic}', '', '%{Connect-Info}', '%{Acct-Input-Octets}',
'%{Acct-Output-Octets}', '%{Called-Station-Id}', '%{Calling-Station-Id}',
'%{Acct-Terminate-Cause}', '%{Service-Type}', '%{Framed-Protocol}',
'%{Framed-IP-Address}', '0', '%{Acct-Delay-Time}')"
sql: group_membership_query = "SELECT GroupName FROM usergroup WHERE
UserName='%{SQL-User-Name}'"
sql: connect_failure_retry_delay = 60
sql: simul_count_query = ""
sql: simul_verify_query = "SELECT RadAcctId, AcctSessionId, UserName,
NASIPAddress, NASPortId, FramedIPAddress, CallingStationId, FramedProtocol
FROM radacct WHERE UserName='%{SQL-User-Name}' AND AcctStopTime = 0"
sql: postauth_table = "radpostauth"
sql: postauth_query = "INSERT into radpostauth (id, user, pass, reply,
date) values ('', '%{User-Name}', '%{User-Password:-Chap-Password}',
'%{reply:Packet-Type}', NOW())"
sql: safe-characters =
"@abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789.-_: /"
rlm_sql (sql): Driver rlm_sql_mysql (module rlm_sql_mysql) loaded and linked
rlm_sql (sql): Attempting to connect to root@localhost:3306/radius
rlm_sql (sql): starting 0
rlm_sql (sql): Attempting to connect rlm_sql_mysql #0
rlm_sql_mysql: Starting connect to MySQL server for #0
rlm_sql (sql): Connected new DB handle, #0
rlm_sql (sql): starting 1
rlm_sql (sql): Attempting to connect rlm_sql_mysql #1
rlm_sql_mysql: Starting connect to MySQL server for #1
rlm_sql (sql): Connected new DB handle, #1
rlm_sql (sql): starting 2
rlm_sql (sql): Attempting to connect rlm_sql_mysql #2
rlm_sql_mysql: Starting connect to MySQL server for #2
rlm_sql (sql): Connected new DB handle, #2
rlm_sql (sql): starting 3
rlm_sql (sql): Attempting to connect rlm_sql_mysql #3
rlm_sql_mysql: Starting connect to MySQL server for #3
rlm_sql (sql): Connected new DB handle, #3
rlm_sql (sql): starting 4
rlm_sql (sql): Attempting to connect rlm_sql_mysql #4
rlm_sql_mysql: Starting connect to MySQL server for #4
rlm_sql (sql): Connected new DB handle, #4
Module: Instantiated sql (sql)
Module: Loaded Acct-Unique-Session-Id
acct_unique: key = "User-Name, Acct-Session-Id, NAS-IP-Address,
Client-IP-Address, NAS-Port"
Module: Instantiated acct_unique (acct_unique)
Module: Loaded files
files: usersfile = "/etc/raddb/users"
files: acctusersfile = "/etc/raddb/acct_users"
files: preproxy_usersfile = "/etc/raddb/preproxy_users"
files: compat = "no"
Module: Instantiated files (files)
Module: Loaded detail
detail: detailfile =
"/var/log/radius/radacct/%{Client-IP-Address}/detail-%Y%m%d"
detail: detailperm = 384
detail: dirperm = 493
detail: locking = no
Module: Instantiated detail (detail)
Module: Loaded radutmp
radutmp: filename = "/var/log/radius/radutmp"
radutmp: username = "%{User-Name}"
radutmp: case_sensitive = yes
radutmp: check_with_nas = yes
radutmp: perm = 384
radutmp: callerid = yes
Module: Instantiated radutmp (radutmp)
Listening on authentication *:1812
Listening on accounting *:1813
Listening on proxy *:1814
Ready to process requests.
rad_recv: Access-Request packet from host 66.140.198.160:11448, id=5,
length=44
User-Name = "test"
User-Password = "test1"
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 0
modcall[authorize]: module "preprocess" returns ok for request 0
modcall[authorize]: module "chap" returns noop for request 0
modcall[authorize]: module "mschap" returns noop for request 0
rlm_realm: No '@' in User-Name = "test", looking up realm NULL
rlm_realm: No such realm "NULL"
modcall[authorize]: module "suffix" returns noop for request 0
rlm_eap: No EAP-Message, not doing EAP
modcall[authorize]: module "eap" returns noop for request 0
radius_xlat: 'test'
rlm_sql (sql): sql_set_user escaped user --> 'test'
radius_xlat: 'SELECT id,UserName,Attribute,Value,op FROM radcheck WHERE
Username = 'test' ORDER BY id'
rlm_sql (sql): Reserving sql socket id: 4
rlm_sql_mysql: query: SELECT id,UserName,Attribute,Value,op FROM radcheck
WHERE Username = 'test' ORDER BY id
radius_xlat: 'SELECT
radgroupcheck.id,radgroupcheck.GroupName,radgroupcheck.Attribute,radgroupche
ck.Value,radgroupcheck.op FROM radgroupcheck,usergroup WHERE
usergroup.Username = 'test' AND usergroup.GroupName =
radgroupcheck.GroupName ORDER BY radgroupcheck.id'
rlm_sql_mysql: query: SELECT
radgroupcheck.id,radgroupcheck.GroupName,radgroupcheck.Attribute,radgroupche
ck.Value,radgroupcheck.op FROM radgroupcheck,usergroup WHERE
usergroup.Username = 'test' AND usergroup.GroupName =
radgroupcheck.GroupName ORDER BY radgroupcheck.id
radius_xlat: 'SELECT id,UserName,Attribute,Value,op FROM radreply WHERE
Username = 'test' ORDER BY id'
rlm_sql_mysql: query: SELECT id,UserName,Attribute,Value,op FROM radreply
WHERE Username = 'test' ORDER BY id
radius_xlat: 'SELECT
radgroupreply.id,radgroupreply.GroupName,radgroupreply.Attribute,radgrouprep
ly.Value,radgroupreply.op FROM radgroupreply,usergroup WHERE
usergroup.Username = 'test' AND usergroup.GroupName =
radgroupreply.GroupName ORDER BY radgroupreply.id'
rlm_sql_mysql: query: SELECT
radgroupreply.id,radgroupreply.GroupName,radgroupreply.Attribute,radgrouprep
ly.Value,radgroupreply.op FROM radgroupreply,usergroup WHERE
usergroup.Username = 'test' AND usergroup.GroupName =
radgroupreply.GroupName ORDER BY radgroupreply.id
rlm_sql (sql): Released sql socket id: 4
modcall[authorize]: module "sql" returns ok for request 0
modcall: group authorize returns ok for request 0
auth: type Local
auth: user supplied User-Password matches local User-Password
radius_xlat: 'Hello test'
Sending Access-Accept of id 5 to 66.140.198.160:11448
Reply-Message = "Hello test"
Finished request 0
Going to the next request
--- Walking the entire request list ---
Waking up in 6 seconds...
--- Walking the entire request list ---
Cleaning up request 0 ID 5 with timestamp 42d53d29
Nothing to do. Sleeping until we see a request.
etc/shadow
root:$1$xDYohtMJ$xRWoA.eCJn8nWDfUvNT4v/:12977:0:99999:7:::
bin:*:12977:0:99999:7:::
daemon:*:12977:0:99999:7:::
adm:*:12977:0:99999:7:::
lp:*:12977:0:99999:7:::
sync:*:12977:0:99999:7:::
shutdown:*:12977:0:99999:7:::
halt:*:12977:0:99999:7:::
mail:*:12977:0:99999:7:::
news:*:12977:0:99999:7:::
uucp:*:12977:0:99999:7:::
operator:*:12977:0:99999:7:::
games:*:12977:0:99999:7:::
gopher:*:12977:0:99999:7:::
ftp:*:12977:0:99999:7:::
nobody:*:12977:0:99999:7:::
dbus:!!:12977:0:99999:7:::
vcsa:!!:12977:0:99999:7:::
rpm:!!:12977:0:99999:7:::
haldaemon:!!:12977:0:99999:7:::
pcap:!!:12977:0:99999:7:::
nscd:!!:12977:0:99999:7:::
ident:!!:12977:0:99999:7:::
named:!!:12977:0:99999:7:::
netdump:!!:12977:0:99999:7:::
sshd:!!:12977:0:99999:7:::
rpc:!!:12977:0:99999:7:::
mailnull:!!:12977:0:99999:7:::
smmsp:!!:12977:0:99999:7:::
rpcuser:!!:12977:0:99999:7:::
nfsnobody:!!:12977:0:99999:7:::
apache:!!:12977:0:99999:7:::
squid:!!:12977:0:99999:7:::
webalizer:!!:12977:0:99999:7:::
tomcat:!!:12977:0:99999:7:::
xfs:!!:12977:0:99999:7:::
ntp:!!:12977:0:99999:7:::
gdm:!!:12977:0:99999:7:::
iiimd:!!:12977:0:99999:7:::
pvm:!!:12977:0:99999:7:::
canna:!!:12977:0:99999:7:::
quagga:!!:12977:0:99999:7:::
dovecot:!!:12977:0:99999:7:::
postfix:!!:12977:0:99999:7:::
mailman:!!:12977:0:99999:7:::
mysql:!!:12977:0:99999:7:::
radiusd:!!:12977:0:99999:7:::
amanda:!!:12977:0:99999:7:::
etc/group
root:x:0:root
shadow:x:0:
bin:x:1:root,bin,daemon
daemon:x:2:root,bin,daemon
sys:x:3:root,bin,adm
adm:x:4:root,adm,daemon
tty:x:5:
disk:x:6:root
lp:x:7:daemon,lp
mem:x:8:
kmem:x:9:
wheel:x:10:root
mail:x:12:mail,postfix
news:x:13:news
uucp:x:14:uucp,nut
man:x:15:
games:x:20:
gopher:x:30:
dip:x:40:
ftp:x:50:
lock:x:54:
nobody:x:99:
users:x:100:
dbus:x:81:
floppy:x:19:
vcsa:x:69:
rpm:x:37:
utmp:x:22:
haldaemon:x:68:
slocate:x:21:
pcap:x:77:
nscd:x:28:
ident:x:98:
named:x:25:
netdump:x:34:
sshd:x:74:
rpc:x:32:
mailnull:x:47:
smmsp:x:51:
rpcuser:x:29:
nfsnobody:x:65534:
apache:x:48:
squid:x:23:
webalizer:x:67:
tomcat:x:91:
xfs:x:43:
ntp:x:38:
gdm:x:42:
iiimd:x:101:
pvm:x:24:
canna:x:39:
quaggavt:x:102:
quagga:x:92:
dovecot:x:97:
postdrop:x:90:
postfix:x:89:
mailman:x:41:
mysql:x:27:
radiusd:x:95:
ldap:x:55:
radvd:x:75:
screen:x:84:
postgres:x:26:
fax:x:78:
nut:x:57:
privoxy:x:73:
etc/passwd
root:x:0:0:root:/root:/bin/bash
bin:x:1:1:bin:/bin:/sbin/nologin
daemon:x:2:2:daemon:/sbin:/sbin/nologin
adm:x:3:4:adm:/var/adm:/sbin/nologin
lp:x:4:7:lp:/var/spool/lpd:/sbin/nologin
sync:x:5:0:sync:/sbin:/bin/sync
shutdown:x:6:0:shutdown:/sbin:/sbin/shutdown
halt:x:7:0:halt:/sbin:/sbin/halt
mail:x:8:12:mail:/var/spool/mail:/sbin/nologin
news:x:9:13:news:/etc/news:
uucp:x:10:14:uucp:/var/spool/uucp:/sbin/nologin
operator:x:11:0:operator:/root:/sbin/nologin
games:x:12:100:games:/usr/games:/sbin/nologin
gopher:x:13:30:gopher:/var/gopher:/sbin/nologin
ftp:x:14:50:FTP User:/var/ftp:/sbin/nologin
nobody:x:99:99:Nobody:/:/sbin/nologin
dbus:x:81:81:System message bus:/:/sbin/nologin
vcsa:x:69:69:virtual console memory owner:/dev:/sbin/nologin
rpm:x:37:37::/var/lib/rpm:/sbin/nologin
haldaemon:x:68:68:HAL daemon:/:/sbin/nologin
pcap:x:77:77::/var/arpwatch:/sbin/nologin
nscd:x:28:28:NSCD Daemon:/:/sbin/nologin
ident:x:98:98::/home/ident:/sbin/nologin
named:x:25:25:Named:/var/named:/sbin/nologin
netdump:x:34:34:Network Crash Dump user:/var/crash:/bin/bash
sshd:x:74:74:Privilege-separated SSH:/var/empty/sshd:/sbin/nologin
rpc:x:32:32:Portmapper RPC user:/:/sbin/nologin
mailnull:x:47:47::/var/spool/mqueue:/sbin/nologin
smmsp:x:51:51::/var/spool/mqueue:/sbin/nologin
rpcuser:x:29:29:RPC Service User:/var/lib/nfs:/sbin/nologin
nfsnobody:x:65534:65534:Anonymous NFS User:/var/lib/nfs:/sbin/nologin
apache:x:48:48:Apache:/var/www:/sbin/nologin
squid:x:23:23::/var/spool/squid:/sbin/nologin
webalizer:x:67:67:Webalizer:/var/www/usage:/sbin/nologin
tomcat:x:91:91:Tomcat:/usr/share/tomcat5:/bin/sh
xfs:x:43:43:X Font Server:/etc/X11/fs:/sbin/nologin
ntp:x:38:38::/etc/ntp:/sbin/nologin
gdm:x:42:42::/var/gdm:/sbin/nologin
iiimd:x:100:101:IIIMF server:/usr/lib/iiim:/sbin/nologin
pvm:x:24:24::/usr/share/pvm3:/bin/bash
canna:x:39:39:Canna Service User:/var/lib/canna:/sbin/nologin
quagga:x:92:92:Quagga routing suite:/var/run/quagga:/sbin/nologin
dovecot:x:97:97:dovecot:/usr/libexec/dovecot:/sbin/nologin
postfix:x:89:89::/var/spool/postfix:/sbin/nologin
mailman:x:41:41:GNU Mailing List Manager:/usr/lib/mailman:/sbin/nologin
mysql:x:27:27:MySQL Server:/var/lib/mysql:/bin/bash
radiusd:x:95:95:radiusd user:/:/bin/false
amanda:x:33:6:Amanda user:/var/lib/amanda:/bin/bash
/var/log/radius/radius.log
Wed Jul 13 11:11:10 2005 : Info: Ready to process requests.
Wed Jul 13 11:11:30 2005 : Info: Using deprecated naslist file. Support for
this will go away soon.
Wed Jul 13 11:11:30 2005 : Info: rlm_exec: Wait=yes but no output defined.
Did you mean output=none?
Wed Jul 13 11:11:30 2005 : Info: rlm_sql (sql): Driver rlm_sql_mysql (module
rlm_sql_mysql) loaded and linked
Wed Jul 13 11:11:30 2005 : Info: rlm_sql (sql): Attempting to connect to
root@localhost:3306/radius
Wed Jul 13 11:11:30 2005 : Info: rlm_sql_mysql: Starting connect to MySQL
server for #0
Wed Jul 13 11:11:30 2005 : Error: rlm_sql_mysql: Couldn't connect socket to
MySQL server root@localhost:radius
Wed Jul 13 11:11:30 2005 : Error: rlm_sql_mysql: Mysql error 'Can't connect
to local MySQL server through socket '/var/lib/mysql/mysql.sock' (13)'
Wed Jul 13 11:11:30 2005 : Error: rlm_sql (sql): Failed to connect DB handle
#0
Wed Jul 13 11:11:30 2005 : Info: Ready to process requests.
Wed Jul 13 11:11:33 2005 : Info: rlm_sql (sql): There are no DB handles to
use! skipped 5, tried to connect 0
Jamie Chitester
1
0
Hello,
I am currently configuring a setup where an AD server is used to authenticate
users via password _and_ supplemental attributes.
So far I think I figured out that I need to use mschap {} with ntlm_auth to
verify the password, but would need to use the ldap {} module to get the
checkItems and replyItems I need to do the supplemental checking, and do the
actual checking in the users file. Is that right?
Secondly, I would like to use clear-text passwords in the Access-Request
packets. Would the mschap module figure out things right automagically? As I
see it, it only gets active and sets Auth-Type to MS-CHAP when it sees a
Challenge in the Access-Request. Could this be one of the rare cases where I
have to set Auth-Type manually (to MS-CHAP) get ntlm_auth running?
Greetings,
Stefan Winter
--
Stefan WINTER
Fondation RESTENA - Réseau Téléinformatique de l'Education Nationale et de
la Recherche
Ingénieur de recherche
6, rue Richard Coudenhove-Kalergi
L-1359 Luxembourg
email: stefan.winter(a)restena.lu   tél.:   +352 424409-1
http://www.restena.lu        fax:    +352 422473
2
3
hi list ,
Is there any way to describe 'total session timeout' , i mean total time that the can login . the session timeout attribute is usefull over single connection ...
--
Q: What does a WASP Mom make for dinner?
A: A crisp salad, a hearty soup, a lovely entree, followed by
a delicious dessert.
3
2
Im just curious is it possible to set free radius to use any accounting
back end via the normal pam_moduals. for example allow freeradius to use
say the pam_ldap as the account information back end?
2
1
Folks,
Could someone explain why we have to use samba to authenticate against active directory. Is there any other way to authenticate MS-CHAP attributes against active directory without using samba.
I don't have anything against samba, its just another thing to configure and learn that I could do without learning about.
Regards,
Martin
-----Original Message-----
From: freeradius-users-bounces(a)lists.freeradius.org [mailto:freeradius-users-bounces@lists.freeradius.org] On Behalf Of Stefan Winter
Sent: 13 July 2005 10:33
To: FreeRadius users mailing list
Subject: Re: Active Directory + LDAP
Hello,
> > Secondly, I would like to use clear-text passwords in the Access-Request
> > packets. Would the mschap module figure out things right automagically?
>
> No. For that, you can list ldap in the authenticate section.
>
> > As I see it, it only gets active and sets Auth-Type to MS-CHAP when
> > it sees a Challenge in the Access-Request. Could this be one of the
> > rare cases where I have to set Auth-Type manually (to MS-CHAP) get
> > ntlm_auth running?
>
> You may set Auth-Type, but don't set it to MSCHAP. Set it to LDAP.
authorize {
mschap
ldap
files
}
and
authenticate {
Auth-Type LDAP {
ldap
}
}
right? Or would the mschap module be completely obsolete in this case? But
then I don't understand why so many people complain that auth against Active
Directory doesn't work with the LDAP module?
Startled greetings,
Stefan Winter
--
Stefan WINTER
Fondation RESTENA - Réseau Téléinformatique de l'Education Nationale et de
la Recherche
Ingénieur de recherche
6, rue Richard Coudenhove-Kalergi
L-1359 Luxembourg
email: stefan.winter(a)restena.lu   tél.:   +352 424409-1
http://www.restena.lu        fax:    +352 422473
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
2
1
13 Jul '05
I am running freeradius-1.0.4 from source, on SLES 9.0. I want to install
freeradius so that it uses /etc and /var, and not /usr/local/etc and /usr/local/var.
If I do:
/usr/local/src/freeradius-1.0.4 # make clean && make distclean
/usr/local/src/freeradius-1.0.4 # ./configure --disable-shared --without-rlm_x99_token --prefix=/ --localstatedir=/var --sysconfdir=/etc --exec-prefix=/ --bindir=/usr/local --sbin=/usr/local --libexec=/usr/local --datadir=/usr/local --libdir=/usr/local --includedir=/usr/local --oldincludedir=/usr/local --infodir=/usr/local --mandir=/usr/local && make
Why do I receive this error message:
/usr/local/src/freeradius-1.0.4 # src/main/radiusd
Fri Jul 8 15:49:43 2005 : Info: Starting - reading configuration files ...
radiusd: Couldn't open /usr/local/var/log/radius/radius.log for logging: Permission denied
(rlm_exec: Wait=yes but no output defined. Did you mean output=none?)
There should be no reference to:
Couldn't open /usr/local/var/log/radius/radius.log
Full logs of configure and make are viewable at:
http://www.southwestern.edu/~johnk/freeradius_build_logs.txt
Additionaly, why isn't there a Makefile method for deinstallation?
Thanks,
--johnk
3
2
Hi, I want to use freeradius1.0.4 to auth and acct mpd_3.18_2 PPTP VPN (on FreeBSD).
But I have a problem.
In the log file, it displayed the following messages:
"
Jul 13 10:32:53 vpn mpd: [pptp1] RADIUS: using /usr/local/etc/raddb/radiusd.conf
Jul 13 10:32:53 vpn mpd: [pptp1] RADIUS: rad_config: /usr/local/etc/raddb/radiusd.conf:23: invalid timeout
Jul 13 10:32:53 vpn mpd: [pptp1] CHAP: sending FAILURE
Jul 13 10:32:53 vpn mpd: [pptp1] LCP: authorization failed
"
I check radiusd.conf:23 .
"
# The per-request variables are of the form %{Attribute-Name}, and
# are taken from the values of the attribute in the incoming
# request. See 'doc/variables.txt' for more information.
prefix = /usr/local <----------------------line 23
exec_prefix = ${prefix}
sysconfdir = ${prefix}/etc
localstatedir = ${prefix}/var
"
Anyone can tell me what it means and how can I resolve it?
Thanks
wangyan
2
1
Hi,
Comments inlined.
On Tue, 2005-07-12 at 11:15 -0700, jp(a)joshmp.com wrote:
> I appologize in advance, but I am new to FreeRADIUS and RADIUS in
general.
>
> Here is my setup:
> - Server with FreeRADIUS 1.0.4 --with-edir on FreeBSD 4.11
> - Server with NetWare 6.5.4
>
> Here is what I am trying to accomplish:
> - Get FreeRADIUS to authenticate VPN users (Cisco VPN Contentrator)
to
LDAP
> database in NetWare tree.
>
> Here is what I DON'T want to do:
> - Mess with eDirectory (profiles, extending the schema, etc.)
>
> Basically, when this configuration is moved into production,
FreeRADIUS would
> authenticate users who IDs already exist in a complex, mature
NetWare
eDir tree.
> I don't want to mess with Universal Passwords, extending the
schema,
etc. I
> have already sucessfully configured the Cisco VPN Concentrator to
authenticate
> users using FreeRADIUS and the UNIX users list. However, I can't
get
FreeRADIUS
> to successfully query the LDAP database on the NetWare server.
>
> I have been through Novell's documentation, but their docs include
building
> RADIUS profiles, extending the schema, etc. This is something that
I
am not
> going to be able to do. I have also been up and down the web,
FreeRADIUS mail
> lists, docs, etc. I have found threads where it is mentioned that
you
can get
> FreeRADIUS to authenticate users to a NetWare LDAP directory using
cleartext,
> but I have not been able to do this myself.
>
> I would like to take this in stages:
> 1. Succesfully query LDAP without security (with the assumption that
this would
> be the easiest first step).
The debug output shows that FreeRADIUS is already doing this,
> 2. Get FreeRADIUS to query LDAP securely.
This also can be configured.
>
> Below you will find the following:
> - Text from radiusd.conf file
> - Output from radiusd -X
> - Text from radius.log file
>
<- Snipped,....
> # Lightweight Directory Access Protocol (LDAP)
> #
> # This module definition allows you to use LDAP for
> # authorization and authentication (Auth-Type := LDAP)
> #
> # See doc/rlm_ldap for description of configuration options
> # and sample authorize{} and authenticate{} blocks
> ldap {
> server = "10.1.1.71"
> identity = "cn=admin,o=radius"
> password = pass
> basedn = "o=radius"
> filter = "(uid=%{Stripped-User-Name:-%{User-Name}})"
> base_filter = "(objectclass=radiusprofile)"
>
> # set this to 'yes' to use TLS encrypted connections
> # to the LDAP database by using the StartTLS
extended
> # operation.
> # The StartTLS operation is supposed to be used with
normal
> # ldap connections instead of using ldaps (port 689)
connections
> start_tls = no
Set start_tls = yes for making a secure connection to
eDirectory.
>
> # tls_cacertfile = /path/to/cacert.pem
Set the path to eDirectory CA cert here.
> # tls_cacertdir = /path/to/ca/dir/
> # tls_certfile = /path/to/radius.crt
> # tls_keyfile = /path/to/radius.key
> # tls_randfile = /path/to/rnd
> # tls_require_cert = "demand"
>
> # default_profile = "cn=radprofile,ou=dialup,o=My
Org,c=UA"
> # profile_attribute = "radiusProfileDn"
> # access_attr = "dialupAccess"
>
> # Mapping of RADIUS dictionary attributes to LDAP
> # directory attributes.
> dictionary_mapping = ${raddbdir}/ldap.attrmap
>
> ldap_connections_number = 5
>
> #
> # NOTICE: The password_header directive is NOT case
insensitive
> #
> # password_header = "{clear}"
> #
> # Set:
> password_attribute = nspmPassword
Set password_attribute to anything other than nspmPassword or
comment
out this attribute. This will make sure FreeRADIUS does not try to
read
Universal Password.
> #
> # to get the user's password from a Novell
eDirectory
> # backend. This will work *only if* freeRADIUS is
> # configured to build with --with-edir option.
> #
> #
> # The server can usually figure this out on its
own,
and pull
> # the correct User-Password or NT-Password from the
database.
> #
> # Note that NT-Passwords MUST be stored as a
32-digit
hex
> # string, and MUST start off with "0x", such as:
> #
> # 0x000102030405060708090a0b0c0d0e0f
> #
> # Without the leading "0x", NT-Passwords will not
work.
> # This goes for NT-Passwords stored in SQL, too.
> #
> # password_attribute = userPassword
> #
> # Un-comment the following to disable Novell
eDirectory account
> # policy check and intruder detection. This will
work
*only if*
> # FreeRADIUS is configured to build with --with-edir
option.
> #
> edir_account_policy_check=yes
> #
> # groupname_attribute = cn
> # groupmembership_filter =
>
"(|(&(objectClass=GroupOfNames)(member=%{Ldap-UserDn}))(&(objectClass=GroupOfUniqueNames)(uniquemember=%{Ldap-UserDn})))"
> # groupmembership_attribute = radiusGroupName
> timeout = 4
> timelimit = 3
> net_timeout = 1
> # compare_check_items = yes
> # do_xlat = yes
> # access_attr_used_for_allow = yes
> }
>
<-Snipped....
> Ready to process requests.
> rad_recv: Access-Request packet from host 127.0.0.1:2302, id=75,
length=57
> User-Name = "admin"
> User-Password = "pass"
> NAS-IP-Address = 255.255.255.255
> NAS-Port = 10
> Processing the authorize section of radiusd.conf
> modcall: entering group authorize for request 0
> modcall[authorize]: module "preprocess" returns ok for request 0
> modcall[authorize]: module "chap" returns noop for request 0
> modcall[authorize]: module "mschap" returns noop for request 0
> rlm_realm: No '@' in User-Name = "admin", looking up realm NULL
> rlm_realm: No such realm "NULL"
> modcall[authorize]: module "suffix" returns noop for request 0
> rlm_eap: No EAP-Message, not doing EAP
> modcall[authorize]: module "eap" returns noop for request 0
> users: Matched entry DEFAULT at line 152
> modcall[authorize]: module "files" returns ok for request 0
> rlm_ldap: - authorize
> rlm_ldap: performing user authorization for admin
> radius_xlat: '(uid=admin)'
> radius_xlat: 'o=radius'
> rlm_ldap: ldap_get_conn: Checking Id: 0
> rlm_ldap: ldap_get_conn: Got Id: 0
> rlm_ldap: attempting LDAP reconnection
> rlm_ldap: (re)connect to 10.1.1.71:389, authentication 0
> rlm_ldap: bind as cn=admin,o=radius/pass to 10.1.1.71:389
> rlm_ldap: waiting for bind result ...
> rlm_ldap: Bind was successful
> rlm_ldap: performing search in o=radius, with filter (uid=admin)
As you can see FreeRADIUS is already querying eDirectory for
user
information.
> rlm_ldap: Error reading Universal Password.Return Code = 80
See comments on password_attribute.
> rlm_ldap: looking for check items in directory...
> rlm_ldap: looking for reply items in directory...
> rlm_ldap: user admin authorized to use remote access
> rlm_ldap: ldap_release_conn: Release Id: 0
> modcall[authorize]: module "ldap" returns ok for request 0
> modcall: group authorize returns ok for request 0
> rad_check_password: Found Auth-Type System
The Auth-Type is set to System. I reckon this is done by one of
the
default entries in users file. What is the authentication mechanism
you
want to use? If you want to use authentication methods like CHAP,
MS-CHAP, EAP etc you will have to enable Universal Password. However
if
you just want to authenticate against eDirectory with plain text
password then you need not read Universal Password. You must enable
the
ldap module in the authenticate section.
> auth: type "System"
> Processing the authenticate section of radiusd.conf
> modcall: entering group authenticate for request 0
> modcall[authenticate]: module "unix" returns notfound for request
0
> modcall: group authenticate returns notfound for request 0
> auth: Failed to validate the user.
> Processing the post-auth section of radiusd.conf
> modcall: entering group Post-Auth-Type for request 0
> modcall[post-auth]: module "ldap" returns noop for request 0
> modcall: group Post-Auth-Type returns noop for request 0
> Delaying request 0 for 1 seconds
> Finished request 0
> Going to the next request
> --- Walking the entire request list ---
> Waking up in 1 seconds...
> --- Walking the entire request list ---
> Waking up in 1 seconds...
> --- Walking the entire request list ---
> Sending Access-Reject of id 75 to 127.0.0.1:2302
> Waking up in 4 seconds...
> --- Walking the entire request list ---
> Cleaning up request 0 ID 75 with timestamp 42d39d5d
> Nothing to do. Sleeping until we see a request.
> -----END RADIUSD DEBUG-----
>
> The line that I find disturbing is the "error reading Universal
Password" line.
> I assume that I must edit my config in some way so that FreeRADIUS
is
not
> attempting to read a Universal Password, or somehow tells NLDAP not
to
send a
> Universal Password.
Hope this helps.
Get back to me in case you have any further queries.
-Sayantan.
1
0
Hello list,
I’m sending this e-mail to ask about a problem with certificates
generated by OpenCA and used with FreeRadius. My problem is similar to
the one that Tom Tim had using EAP_TLS and the same type of CA. From
what I’ve read, the solution was to export the certificates as pcks12
and then convert them to pem with openssl. At first, I made the EAP_TLS
work using the test certificates. I had no problem doing this. However,
when I used mine, things did not go so well ?.
I have tried using the Radius Server Certificate, using two different
types: TLS WEB SERVER and VPN SERVER. Also, I have tried using that of
the client, such as TLS WEB CLIENT.
I have converted them using 2 different methods:
1. openssl pkcs12 -in cert.p12 -out cert.pem (This seems to be similar
to cert-srv.pem)
2. openssl pkcs12 -clcerts -nokeys -in cert.p12 -out usercert.pem
openssl pkcs12 -nocerts -in cert.p12 -out userkey.pem (These are similar
to the one above, except that they are separated.)
To confirm this, I looked at the certificates with openssl x509 -in
cert.pem –text, and it appears that everything is correct.
I have attached the log given by the FreeRadius. The server never sends
the Accept-Access, but it doesn’t give many clues as to what is
happening either, except: TLS_accept:error in SSLv3 read client
certificate A.
I hope that someone is able to help me out with this, I am a bit
frustrated with it and I need to get it up and running.
Best regards.
Starting - reading configuration files ...
reread_config: reading radiusd.conf
Config: including file: /etc/raddb/proxy.conf
Config: including file: /etc/raddb/clients.conf
Config: including file: /etc/raddb/snmp.conf
Config: including file: /etc/raddb/eap.conf
Config: including file: /etc/raddb/sql.conf
main: prefix = "/usr/local"
main: localstatedir = "/usr/local/var"
main: logdir = "/usr/local/var/log/radius"
main: libdir = "/usr/local/lib"
main: radacctdir = "/usr/local/var/log/radius/radacct"
main: hostname_lookups = no
main: max_request_time = 30
main: cleanup_delay = 5
main: max_requests = 1024
main: delete_blocked_requests = 0
main: port = 0
main: allow_core_dumps = no
main: log_stripped_names = yes
main: log_file = "/usr/local/var/log/radius/radius.log"
main: log_auth = yes
main: log_auth_badpass = yes
main: log_auth_goodpass = no
main: pidfile = "/usr/local/var/run/radiusd/radiusd.pid"
main: user = "(null)"
main: group = "(null)"
main: usercollide = no
main: lower_user = "no"
main: lower_pass = "no"
main: nospace_user = "no"
main: nospace_pass = "no"
main: checkrad = "/usr/local/sbin/checkrad"
main: proxy_requests = yes
proxy: retry_delay = 5
proxy: retry_count = 3
proxy: synchronous = no
proxy: default_fallback = yes
proxy: dead_time = 120
proxy: post_proxy_authorize = yes
proxy: wake_all_if_all_dead = no
security: max_attributes = 200
security: reject_delay = 1
security: status_server = no
main: debug_level = 0
read_config_files: reading dictionary
read_config_files: reading naslist
Using deprecated naslist file. Support for this will go away soon.
read_config_files: reading clients
read_config_files: reading realms
radiusd: entering modules setup
Module: Library search path is /usr/local/lib
Module: Loaded exec
exec: wait = yes
exec: program = "(null)"
exec: input_pairs = "request"
exec: output_pairs = "(null)"
exec: packet_type = "(null)"
rlm_exec: Wait=yes but no output defined. Did you mean output=none?
Module: Instantiated exec (exec)
Module: Loaded expr
Module: Instantiated expr (expr)
Module: Loaded LDAP
ldap: server = "localhost"
ldap: port = 389
ldap: net_timeout = 1
ldap: timeout = 4
ldap: timelimit = 3
ldap: identity = "cn=admin,o=uah,c=es"
ldap: tls_mode = no
ldap: start_tls = no
ldap: tls_cacertfile = "(null)"
ldap: tls_cacertdir = "(null)"
ldap: tls_certfile = "(null)"
ldap: tls_keyfile = "(null)"
ldap: tls_randfile = "(null)"
ldap: tls_require_cert = "allow"
ldap: password = "clave"
ldap: basedn = "ou=radius,o=uah,c=es"
ldap: filter = "(cn=%u)"
ldap: base_filter = "(objectclass=radiusprofile)"
ldap: default_profile = "(null)"
ldap: profile_attribute = "(null)"
ldap: password_header = "{clear}"
ldap: password_attribute = "(null)"
ldap: access_attr = "(null)"
ldap: groupname_attribute = "cn"
ldap: groupmembership_filter = "(|(&(objectClass=GroupOfNames)(member=%{Ldap-UserDn}))(&(objectClass=GroupOfUniqueNames)(uniquemember=%{Ldap-UserDn})))"
ldap: groupmembership_attribute = "(null)"
ldap: dictionary_mapping = "/etc/raddb/ldap.attrmap"
ldap: ldap_debug = 0
ldap: ldap_connections_number = 5
ldap: compare_check_items = no
ldap: access_attr_used_for_allow = yes
ldap: do_xlat = yes
rlm_ldap: Registering ldap_groupcmp for Ldap-Group
rlm_ldap: Registering ldap_xlat with xlat_name ldap
rlm_ldap: reading ldap<->radius mappings from file /etc/raddb/ldap.attrmap
rlm_ldap: LDAP radiusCheckItem mapped to RADIUS $GENERIC$
rlm_ldap: LDAP radiusReplyItem mapped to RADIUS $GENERIC$
rlm_ldap: LDAP userPassword mapped to RADIUS User-Password
rlm_ldap: LDAP radiusAuthType mapped to RADIUS Auth-Type
rlm_ldap: LDAP radiusSimultaneousUse mapped to RADIUS Simultaneous-Use
rlm_ldap: LDAP radiusCalledStationId mapped to RADIUS Called-Station-Id
rlm_ldap: LDAP radiusCallingStationId mapped to RADIUS Calling-Station-Id
rlm_ldap: LDAP lmPassword mapped to RADIUS LM-Password
rlm_ldap: LDAP ntPassword mapped to RADIUS NT-Password
rlm_ldap: LDAP acctFlags mapped to RADIUS SMB-Account-CTRL-TEXT
rlm_ldap: LDAP radiusExpiration mapped to RADIUS Expiration
rlm_ldap: LDAP radiusServiceType mapped to RADIUS Service-Type
rlm_ldap: LDAP radiusFramedProtocol mapped to RADIUS Framed-Protocol
rlm_ldap: LDAP radiusFramedIPAddress mapped to RADIUS Framed-IP-Address
rlm_ldap: LDAP radiusFramedIPNetmask mapped to RADIUS Framed-IP-Netmask
rlm_ldap: LDAP radiusFramedRoute mapped to RADIUS Framed-Route
rlm_ldap: LDAP radiusFramedRouting mapped to RADIUS Framed-Routing
rlm_ldap: LDAP radiusFilterId mapped to RADIUS Filter-Id
rlm_ldap: LDAP radiusFramedMTU mapped to RADIUS Framed-MTU
rlm_ldap: LDAP radiusFramedCompression mapped to RADIUS Framed-Compression
rlm_ldap: LDAP radiusLoginIPHost mapped to RADIUS Login-IP-Host
rlm_ldap: LDAP radiusLoginService mapped to RADIUS Login-Service
rlm_ldap: LDAP radiusLoginTCPPort mapped to RADIUS Login-TCP-Port
rlm_ldap: LDAP radiusCallbackNumber mapped to RADIUS Callback-Number
rlm_ldap: LDAP radiusCallbackId mapped to RADIUS Callback-Id
rlm_ldap: LDAP radiusFramedIPXNetwork mapped to RADIUS Framed-IPX-Network
rlm_ldap: LDAP radiusClass mapped to RADIUS Class
rlm_ldap: LDAP radiusSessionTimeout mapped to RADIUS Session-Timeout
rlm_ldap: LDAP radiusIdleTimeout mapped to RADIUS Idle-Timeout
rlm_ldap: LDAP radiusTerminationAction mapped to RADIUS Termination-Action
rlm_ldap: LDAP radiusLoginLATService mapped to RADIUS Login-LAT-Service
rlm_ldap: LDAP radiusLoginLATNode mapped to RADIUS Login-LAT-Node
rlm_ldap: LDAP radiusLoginLATGroup mapped to RADIUS Login-LAT-Group
rlm_ldap: LDAP radiusFramedAppleTalkLink mapped to RADIUS Framed-AppleTalk-Link
rlm_ldap: LDAP radiusFramedAppleTalkNetwork mapped to RADIUS Framed-AppleTalk-Network
rlm_ldap: LDAP radiusFramedAppleTalkZone mapped to RADIUS Framed-AppleTalk-Zone
rlm_ldap: LDAP radiusPortLimit mapped to RADIUS Port-Limit
rlm_ldap: LDAP radiusLoginLATPort mapped to RADIUS Login-LAT-Port
conns: 0x8113370
Module: Instantiated ldap (ldap)
Module: Loaded eap
eap: default_eap_type = "tls"
eap: timer_expire = 60
eap: ignore_unknown_eap_types = yes
eap: cisco_accounting_username_bug = no
rlm_eap: Loaded and initialized type md5
rlm_eap: Loaded and initialized type leap
gtc: challenge = "Password: "
gtc: auth_type = "PAP"
rlm_eap: Loaded and initialized type gtc
tls: rsa_key_exchange = no
tls: dh_key_exchange = yes
tls: rsa_key_length = 512
tls: dh_key_length = 512
tls: verify_depth = 0
tls: CA_path = "/etc/raddb/certs/"
tls: pem_file_type = yes
tls: private_key_file = "/etc/raddb/certs/vpn.crusa.com.pem"
tls: certificate_file = "/etc/raddb/certs/vpn.crusa.com.pem"
tls: CA_file = "/etc/raddb/certs/ca.pem"
tls: private_key_password = "claveclave"
tls: dh_file = "/etc/raddb/certs/dh"
tls: random_file = "/etc/raddb/certs/random"
tls: fragment_size = 1024
tls: include_length = yes
tls: check_crl = no
tls: check_cert_cn = "(null)"
rlm_eap: Loaded and initialized type tls
ttls: default_eap_type = "md5"
ttls: copy_request_to_tunnel = no
ttls: use_tunneled_reply = no
rlm_eap: Loaded and initialized type ttls
peap: default_eap_type = "mschapv2"
peap: copy_request_to_tunnel = no
peap: use_tunneled_reply = no
peap: proxy_tunneled_request_as_eap = yes
rlm_eap: Loaded and initialized type peap
mschapv2: with_ntdomain_hack = no
rlm_eap: Loaded and initialized type mschapv2
Module: Instantiated eap (eap)
Module: Loaded preprocess
preprocess: huntgroups = "/etc/raddb/huntgroups"
preprocess: hints = "/etc/raddb/hints"
preprocess: with_ascend_hack = no
preprocess: ascend_channels_per_line = 23
preprocess: with_ntdomain_hack = no
preprocess: with_specialix_jetstream_hack = no
preprocess: with_cisco_vsa_hack = no
Module: Instantiated preprocess (preprocess)
Module: Loaded CHAP
Module: Instantiated chap (chap)
Module: Loaded MS-CHAP
mschap: use_mppe = yes
mschap: require_encryption = no
mschap: require_strong = no
mschap: with_ntdomain_hack = no
mschap: passwd = "(null)"
mschap: authtype = "MS-CHAP"
mschap: ntlm_auth = "(null)"
Module: Instantiated mschap (mschap)
Module: Loaded realm
realm: format = "suffix"
realm: delimiter = "@"
realm: ignore_default = no
realm: ignore_null = no
Module: Instantiated realm (suffix)
Module: Loaded files
files: usersfile = "/etc/raddb/users"
files: acctusersfile = "/etc/raddb/acct_users"
files: preproxy_usersfile = "/etc/raddb/preproxy_users"
files: compat = "no"
Module: Instantiated files (files)
Module: Loaded SQL
sql: driver = "rlm_sql_mysql"
sql: server = "localhost"
sql: port = ""
sql: login = "radius_user"
sql: password = "radiuspass"
sql: radius_db = "radius"
sql: acct_table = "radacct"
sql: acct_table2 = "radacct"
sql: authcheck_table = "radcheck"
sql: authreply_table = "radreply"
sql: groupcheck_table = "radgroupcheck"
sql: groupreply_table = "radgroupreply"
sql: usergroup_table = "usergroup"
sql: nas_table = "nas"
sql: dict_table = "dictionary"
sql: sqltrace = no
sql: sqltracefile = "/usr/local/var/log/radius/sqltrace.sql"
sql: readclients = no
sql: deletestalesessions = yes
sql: num_sql_socks = 5
sql: sql_user_name = "%{User-Name}"
sql: default_user_profile = ""
sql: query_on_not_found = no
sql: authorize_check_query = "SELECT id,UserName,Attribute,Value,op FROM radcheck WHERE Username = '%{SQL-User-Name}' ORDER BY id"
sql: authorize_reply_query = "SELECT id,UserName,Attribute,Value,op FROM radreply WHERE Username = '%{SQL-User-Name}' ORDER BY id"
sql: authorize_group_check_query = "SELECT radgroupcheck.id,radgroupcheck.GroupName,radgroupcheck.Attribute,radgroupcheck.Value,radgroupcheck.op FROM radgroupcheck,usergroup WHERE usergroup.Username = '%{SQL-User-Name}' AND usergroup.GroupName = radgroupcheck.GroupName ORDER BY radgroupcheck.id"
sql: authorize_group_reply_query = "SELECT radgroupreply.id,radgroupreply.GroupName,radgroupreply.Attribute,radgroupreply.Value,radgroupreply.op FROM radgroupreply,usergroup WHERE usergroup.Username = '%{SQL-User-Name}' AND usergroup.GroupName = radgroupreply.GroupName ORDER BY radgroupreply.id"
sql: accounting_onoff_query = "UPDATE radacct SET AcctStopTime='%S', AcctSessionTime=unix_timestamp('%S') - unix_timestamp(AcctStartTime), AcctTerminateCause='%{Acct-Terminate-Cause}', AcctStopDelay = '%{Acct-Delay-Time}' WHERE AcctSessionTime=0 AND AcctStopTime=0 AND NASIPAddress= '%{NAS-IP-Address}' AND AcctStartTime <= '%S'"
sql: accounting_update_query = "UPDATE radacct ? SET FramedIPAddress = '%{Framed-IP-Address}', ? AcctSessionTime = '%{Acct-Session-Time}', ? AcctInputOctets = '%{Acct-Input-Octets}', ? AcctOutputOctets = '%{Acct-Output-Octets}' ? WHERE AcctSessionId = '%{Acct-Session-Id}' ? AND UserName = '%{SQL-User-Name}' ? AND NASIPAddress= '%{NAS-IP-Address}'"
sql: accounting_update_query_alt = "INSERT into radacct (AcctSessionId, AcctUniqueId, UserName, Realm, NASIPAddress, NASPortId, NASPortType, AcctStartTime, AcctSessionTime, AcctAuthentic, ConnectInfo_start, AcctInputOctets, AcctOutputOctets, CalledStationId, CallingStationId, ServiceType, FramedProtocol, FramedIPAddress, AcctStartDelay) values('%{Acct-Session-Id}', '%{Acct-Unique-Session-Id}', '%{SQL-User-Name}', '%{Realm}', '%{NAS-IP-Address}', '%{NAS-Port}', '%{NAS-Port-Type}', DATE_SUB('%S',INTERVAL (%{Acct-Session-Time:-0} + %{Acct-Delay-Time:-0}) SECOND), '%{Acct-Session-Time}', '%{Acct-Authentic}', '', '%{Acct-Input-Octets}', '%{Acct-Output-Octets}', '%{Called-Station-Id}', '%{Calling-Station-Id}', '%{Service-Type}', '%{Framed-Protocol}', '%{Framed-IP-Address}', '0')"
sql: accounting_start_query = "INSERT into radacct (AcctSessionId, AcctUniqueId, UserName, Realm, NASIPAddress, NASPortId, NASPortType, AcctStartTime, AcctStopTime, AcctSessionTime, AcctAuthentic, ConnectInfo_start, ConnectInfo_stop, AcctInputOctets, AcctOutputOctets, CalledStationId, CallingStationId, AcctTerminateCause, ServiceType, FramedProtocol, FramedIPAddress, AcctStartDelay, AcctStopDelay) values('%{Acct-Session-Id}', '%{Acct-Unique-Session-Id}', '%{SQL-User-Name}', '%{Realm}', '%{NAS-IP-Address}', '%{NAS-Port}', '%{NAS-Port-Type}', '%S', '0', '0', '%{Acct-Authentic}', '%{Connect-Info}', '', '0', '0', '%{Called-Station-Id}', '%{Calling-Station-Id}', '', '%{Service-Type}', '%{Framed-Protocol}', '%{Framed-IP-Address}', '%{Acct-Delay-Time}', '0')"
sql: accounting_start_query_alt = "UPDATE radacct SET AcctStartTime = '%S', AcctStartDelay = '%{Acct-Delay-Time}', ConnectInfo_start = '%{Connect-Info}' WHERE AcctSessionId = '%{Acct-Session-Id}' AND UserName = '%{SQL-User-Name}' AND NASIPAddress = '%{NAS-IP-Address}'"
sql: accounting_stop_query = "UPDATE radacct SET AcctStopTime = '%S', AcctSessionTime = '%{Acct-Session-Time}', AcctInputOctets = '%{Acct-Input-Octets}', AcctOutputOctets = '%{Acct-Output-Octets}', AcctTerminateCause = '%{Acct-Terminate-Cause}', AcctStopDelay = '%{Acct-Delay-Time}', ConnectInfo_stop = '%{Connect-Info}' WHERE AcctSessionId = '%{Acct-Session-Id}' AND UserName = '%{SQL-User-Name}' AND NASIPAddress = '%{NAS-IP-Address}'"
sql: accounting_stop_query_alt = "INSERT into radacct (AcctSessionId, AcctUniqueId, UserName, Realm, NASIPAddress, NASPortId, NASPortType, AcctStartTime, AcctStopTime, AcctSessionTime, AcctAuthentic, ConnectInfo_start, ConnectInfo_stop, AcctInputOctets, AcctOutputOctets, CalledStationId, CallingStationId, AcctTerminateCause, ServiceType, FramedProtocol, FramedIPAddress, AcctStartDelay, AcctStopDelay) values('%{Acct-Session-Id}', '%{Acct-Unique-Session-Id}', '%{SQL-User-Name}', '%{Realm}', '%{NAS-IP-Address}', '%{NAS-Port}', '%{NAS-Port-Type}', DATE_SUB('%S', INTERVAL (%{Acct-Session-Time:-0} + %{Acct-Delay-Time:-0}) SECOND), '%S', '%{Acct-Session-Time}', '%{Acct-Authentic}', '', '%{Connect-Info}', '%{Acct-Input-Octets}', '%{Acct-Output-Octets}', '%{Called-Station-Id}', '%{Calling-Station-Id}', '%{Acct-Terminate-Cause}', '%{Service-Type}', '%{Framed-Protocol}', '%{Framed-IP-Address}', '0', '%{Acct-Delay-Time}')"
sql: group_membership_query = "SELECT GroupName FROM usergroup WHERE UserName='%{SQL-User-Name}'"
sql: connect_failure_retry_delay = 60
sql: simul_count_query = ""
sql: simul_verify_query = "SELECT RadAcctId, AcctSessionId, UserName, NASIPAddress, NASPortId, FramedIPAddress, CallingStationId, FramedProtocol FROM radacct WHERE UserName='%{SQL-User-Name}' AND AcctStopTime = 0"
sql: postauth_table = "radpostauth"
sql: postauth_query = "INSERT into radpostauth (id, user, pass, reply, date) values ('', '%{User-Name}', '%{User-Password:-Chap-Password}', '%{reply:Packet-Type}', NOW())"
sql: safe-characters = "@abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789.-_: /"
rlm_sql (sql): Driver rlm_sql_mysql (module rlm_sql_mysql) loaded and linked
rlm_sql (sql): Attempting to connect to radius_user@localhost:/radius
rlm_sql (sql): starting 0
rlm_sql (sql): Attempting to connect rlm_sql_mysql #0
rlm_sql_mysql: Starting connect to MySQL server for #0
rlm_sql (sql): Connected new DB handle, #0
rlm_sql (sql): starting 1
rlm_sql (sql): Attempting to connect rlm_sql_mysql #1
rlm_sql_mysql: Starting connect to MySQL server for #1
rlm_sql (sql): Connected new DB handle, #1
rlm_sql (sql): starting 2
rlm_sql (sql): Attempting to connect rlm_sql_mysql #2
rlm_sql_mysql: Starting connect to MySQL server for #2
rlm_sql (sql): Connected new DB handle, #2
rlm_sql (sql): starting 3
rlm_sql (sql): Attempting to connect rlm_sql_mysql #3
rlm_sql_mysql: Starting connect to MySQL server for #3
rlm_sql (sql): Connected new DB handle, #3
rlm_sql (sql): starting 4
rlm_sql (sql): Attempting to connect rlm_sql_mysql #4
rlm_sql_mysql: Starting connect to MySQL server for #4
rlm_sql (sql): Connected new DB handle, #4
Module: Instantiated sql (sql)
Module: Loaded Acct-Unique-Session-Id
acct_unique: key = "User-Name, Acct-Session-Id, NAS-IP-Address, Client-IP-Address, NAS-Port"
Module: Instantiated acct_unique (acct_unique)
Module: Loaded detail
detail: detailfile = "/usr/local/var/log/radius/radacct/%{Client-IP-Address}/detail-%Y%m%d"
detail: detailperm = 384
detail: dirperm = 493
detail: locking = no
Module: Instantiated detail (detail)
Module: Loaded radutmp
radutmp: filename = "/usr/local/var/log/radius/radutmp"
radutmp: username = "%{User-Name}"
radutmp: case_sensitive = yes
radutmp: check_with_nas = yes
radutmp: perm = 384
radutmp: callerid = yes
Module: Instantiated radutmp (radutmp)
Listening on authentication *:1812
Listening on accounting *:1813
Listening on proxy *:1814
Ready to process requests.
rad_recv: Access-Request packet from host 10.0.0.11:1812, id=138, length=84
User-Name = "mobile"
NAS-IP-Address = 10.0.0.11
Calling-Station-Id = "00-0E-35-5D-B5-25"
EAP-Message = 0x023e000b016d6f62696c65
Message-Authenticator = 0x362fa760e942a62b4137dd87c2050deb
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 0
modcall[authorize]: module "preprocess" returns ok for request 0
modcall[authorize]: module "chap" returns noop for request 0
modcall[authorize]: module "mschap" returns noop for request 0
rlm_realm: No '@' in User-Name = "mobile", looking up realm NULL
rlm_realm: No such realm "NULL"
modcall[authorize]: module "suffix" returns noop for request 0
users: Matched entry DEFAULT at line 185
users: Matched entry mobile at line 227
modcall[authorize]: module "files" returns ok for request 0
rlm_eap: EAP packet type response id 62 length 11
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 0
radius_xlat: 'mobile'
rlm_sql (sql): sql_set_user escaped user --> 'mobile'
radius_xlat: 'SELECT id,UserName,Attribute,Value,op FROM radcheck WHERE Username = 'mobile' ORDER BY id'
rlm_sql (sql): Reserving sql socket id: 4
rlm_sql (sql): User mobile not found in radcheck
radius_xlat: 'SELECT radgroupcheck.id,radgroupcheck.GroupName,radgroupcheck.Attribute,radgroupcheck.Value,radgroupcheck.op FROM radgroupcheck,usergroup WHERE usergroup.Username = 'mobile' AND usergroup.GroupName = radgroupcheck.GroupName ORDER BY radgroupcheck.id'
radius_xlat: 'SELECT radgroupreply.id,radgroupreply.GroupName,radgroupreply.Attribute,radgroupreply.Value,radgroupreply.op FROM radgroupreply,usergroup WHERE usergroup.Username = 'mobile' AND usergroup.GroupName = radgroupreply.GroupName ORDER BY radgroupreply.id'
rlm_sql (sql): Released sql socket id: 4
modcall[authorize]: module "sql" returns ok for request 0
rlm_ldap: - authorize
rlm_ldap: performing user authorization for mobile
radius_xlat: '(cn=mobile)'
radius_xlat: 'ou=radius,o=uah,c=es'
rlm_ldap: ldap_get_conn: Checking Id: 0
rlm_ldap: ldap_get_conn: Got Id: 0
rlm_ldap: attempting LDAP reconnection
rlm_ldap: (re)connect to localhost:389, authentication 0
rlm_ldap: bind as cn=admin,o=uah,c=es/clave to localhost:389
rlm_ldap: waiting for bind result ...
rlm_ldap: Bind was successful
rlm_ldap: performing search in ou=radius,o=uah,c=es, with filter (cn=mobile)
rlm_ldap: object not found or got ambiguous search result
rlm_ldap: search failed
rlm_ldap: ldap_release_conn: Release Id: 0
modcall[authorize]: module "ldap" returns notfound for request 0
modcall: group authorize returns updated for request 0
rad_check_password: Found Auth-Type EAP
rad_check_password: Found Auth-Type EAP
Warning: Found 2 auth-types on request for user 'mobile'
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 0
rlm_eap: EAP Identity
rlm_eap: processing type tls
rlm_eap_tls: Requiring client certificate
rlm_eap_tls: Initiate
rlm_eap_tls: Start returned 1
modcall[authenticate]: module "eap" returns handled for request 0
modcall: group authenticate returns handled for request 0
Sending Access-Challenge of id 138 to 10.0.0.11:1812
EAP-Message = 0x013f00060d20
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x468de1ca8a58a4399a5f6a4d5b4e06fd
Finished request 0
Going to the next request
--- Walking the entire request list ---
Waking up in 6 seconds...
rad_recv: Access-Request packet from host 10.0.0.11:1812, id=139, length=197
User-Name = "mobile"
NAS-IP-Address = 10.0.0.11
Calling-Station-Id = "00-0E-35-5D-B5-25"
State = 0x468de1ca8a58a4399a5f6a4d5b4e06fd
EAP-Message = 0x023f006a0d8000000060160301005b01000057030142ca471887c23c7bfa361947c335437e2f9064b45923ead412ecbdbdf714facc00003000390038003500160013000a00330032002f0066000500040065006400630062006000150012000900140011000800030100
Message-Authenticator = 0xb84784150e58662d6a5ba31ee84b2c38
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 1
modcall[authorize]: module "preprocess" returns ok for request 1
modcall[authorize]: module "chap" returns noop for request 1
modcall[authorize]: module "mschap" returns noop for request 1
rlm_realm: No '@' in User-Name = "mobile", looking up realm NULL
rlm_realm: No such realm "NULL"
modcall[authorize]: module "suffix" returns noop for request 1
users: Matched entry DEFAULT at line 185
users: Matched entry mobile at line 227
modcall[authorize]: module "files" returns ok for request 1
rlm_eap: EAP packet type response id 63 length 106
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 1
radius_xlat: 'mobile'
rlm_sql (sql): sql_set_user escaped user --> 'mobile'
radius_xlat: 'SELECT id,UserName,Attribute,Value,op FROM radcheck WHERE Username = 'mobile' ORDER BY id'
rlm_sql (sql): Reserving sql socket id: 3
rlm_sql (sql): User mobile not found in radcheck
radius_xlat: 'SELECT radgroupcheck.id,radgroupcheck.GroupName,radgroupcheck.Attribute,radgroupcheck.Value,radgroupcheck.op FROM radgroupcheck,usergroup WHERE usergroup.Username = 'mobile' AND usergroup.GroupName = radgroupcheck.GroupName ORDER BY radgroupcheck.id'
radius_xlat: 'SELECT radgroupreply.id,radgroupreply.GroupName,radgroupreply.Attribute,radgroupreply.Value,radgroupreply.op FROM radgroupreply,usergroup WHERE usergroup.Username = 'mobile' AND usergroup.GroupName = radgroupreply.GroupName ORDER BY radgroupreply.id'
rlm_sql (sql): Released sql socket id: 3
modcall[authorize]: module "sql" returns ok for request 1
rlm_ldap: - authorize
rlm_ldap: performing user authorization for mobile
radius_xlat: '(cn=mobile)'
radius_xlat: 'ou=radius,o=uah,c=es'
rlm_ldap: ldap_get_conn: Checking Id: 0
rlm_ldap: ldap_get_conn: Got Id: 0
rlm_ldap: performing search in ou=radius,o=uah,c=es, with filter (cn=mobile)
rlm_ldap: object not found or got ambiguous search result
rlm_ldap: search failed
rlm_ldap: ldap_release_conn: Release Id: 0
modcall[authorize]: module "ldap" returns notfound for request 1
modcall: group authorize returns updated for request 1
rad_check_password: Found Auth-Type EAP
rad_check_password: Found Auth-Type EAP
Warning: Found 2 auth-types on request for user 'mobile'
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 1
rlm_eap: Request found, released from the list
rlm_eap: EAP/tls
rlm_eap: processing type tls
rlm_eap_tls: Authenticate
rlm_eap_tls: processing TLS
rlm_eap_tls: Length Included
eaptls_verify returned 11
(other): before/accept initialization
TLS_accept: before/accept initialization
rlm_eap_tls: <<< TLS 1.0 Handshake [length 005b], ClientHello
TLS_accept: SSLv3 read client hello A
rlm_eap_tls: >>> TLS 1.0 Handshake [length 004a], ServerHello
TLS_accept: SSLv3 write server hello A
rlm_eap_tls: >>> TLS 1.0 Handshake [length 0f5d], Certificate
TLS_accept: SSLv3 write certificate A
rlm_eap_tls: >>> TLS 1.0 Handshake [length 028d], ServerKeyExchange
TLS_accept: SSLv3 write key exchange A
rlm_eap_tls: >>> TLS 1.0 Handshake [length 008b], CertificateRequest
TLS_accept: SSLv3 write certificate request A
TLS_accept: SSLv3 flush data
TLS_accept:error in SSLv3 read client certificate A
In SSL Handshake Phase
In SSL Accept mode
eaptls_process returned 13
modcall[authenticate]: module "eap" returns handled for request 1
modcall: group authenticate returns handled for request 1
Sending Access-Challenge of id 139 to 10.0.0.11:1812
EAP-Message = 0x0140040a0dc0000012d3160301004a02000046030142ca47103b6ec22bb85f823c2dbe1a1fcb34a1f90fd18d67f0600d3c6dd27604205eaeb780b5d405762f45033c0bfc225df3ca49fad8f0970e6d04933680e09f230039001603010f5d0b000f59000f560007b5308207b130820599a003020102020108300d06092a864886f70d01010505003078310b3009060355040613026573310c300a060355040a1303756168310c300a060355040b1303504b49312e302c060355040313254175746f72696461642064652043657274696669636163696f6e204175746f6d6174696361311d301b06092a864886f70d010901160e706b69406175742e7561
EAP-Message = 0x682e6573301e170d3035303730353037333233315a170d3039303632343037333233315a3053310b3009060355040613026573310c300a060355040a130375616831123010060355040b1309536572766963696f73311630140603550403130d76706e2e63727573612e636f6d310a3008060355040513013830820222300d06092a864886f70d01010105000382020f003082020a0282020100d927d5b772acfac528068527ab36f4d2928efcf0c67c25db1deb04811215603b1abcef6e09ce8715a4672b40826fa8b0b634315ef9750c6a2d3b1192edf9553a0e0b814d8bbb94fda431346aa559a4fbd70983a93c4977ed821dcd904d00bc20383085
EAP-Message = 0x5fdbc51fa9c91cba73888d82df7cdbfefcec916d49f7d5f430298f9795f1fc835e6688d5ef4d7f5c22b987f83b42b5ddb99a8fed95b695d7acefd0a79ef21d62a7b211f28004c0d4e767e0d8dd807decc526753c2455c26f85d8250756e3ef2fb644362ff368931886a43d1bd14b7586815c18ced78dfef63726e2e132069ca3fb875cd1fbe0303cbc4f49da841c942b01b78ad0274e1f47c68003fd73a54c954e80e5a87916e17d79feb2060cabf50c26fd001e69c9f442e5c17fc23ea63ed1bef65e85a3edac10ec046e571224eda51252e577430f6742597891861e8dc498b0c84a0e462b824222c3550daeb7e122c5d87e1bc18abef75e508f1c22
EAP-Message = 0xa4b8598a59470934d8e874b0fe4fdb043515d7443d1e3194856eb3d344b164b8615a448c632c0c5cc4ad2d2cb3eddc4fa459cd0b278d70990d3d63f91094aae5ec1da53207dc6e23111203d7e17e4f6e2e9276927949e6c1b884068408c9ba19dc2ccd6162e66540464d883684369698d6d5cd0568eb87a4cb28fb4aef09fd968fcc62b729f1e27dde5bdd8b7f67e084bbd8409eee64cd7f2b852198fb0607350203010001a38202693082026530090603551d1304023000305c0603551d2004553053300706052a0303ce0a300606042a030305300606042a030306300606042a030307303006042a0303083028302606082b06010505070201161a68
EAP-Message = 0x7474703a2f2f796f64612e6175742e7561682e65732f
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x87945d41551fdf29b9808e0bf93b1364
Finished request 1
Going to the next request
Waking up in 6 seconds...
rad_recv: Access-Request packet from host 10.0.0.11:1812, id=140, length=97
User-Name = "mobile"
NAS-IP-Address = 10.0.0.11
Calling-Station-Id = "00-0E-35-5D-B5-25"
State = 0x87945d41551fdf29b9808e0bf93b1364
EAP-Message = 0x024000060d00
Message-Authenticator = 0x12b77eb84f2a1926f8492d0219f6a117
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 2
modcall[authorize]: module "preprocess" returns ok for request 2
modcall[authorize]: module "chap" returns noop for request 2
modcall[authorize]: module "mschap" returns noop for request 2
rlm_realm: No '@' in User-Name = "mobile", looking up realm NULL
rlm_realm: No such realm "NULL"
modcall[authorize]: module "suffix" returns noop for request 2
users: Matched entry DEFAULT at line 185
users: Matched entry mobile at line 227
modcall[authorize]: module "files" returns ok for request 2
rlm_eap: EAP packet type response id 64 length 6
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 2
radius_xlat: 'mobile'
rlm_sql (sql): sql_set_user escaped user --> 'mobile'
radius_xlat: 'SELECT id,UserName,Attribute,Value,op FROM radcheck WHERE Username = 'mobile' ORDER BY id'
rlm_sql (sql): Reserving sql socket id: 2
rlm_sql (sql): User mobile not found in radcheck
radius_xlat: 'SELECT radgroupcheck.id,radgroupcheck.GroupName,radgroupcheck.Attribute,radgroupcheck.Value,radgroupcheck.op FROM radgroupcheck,usergroup WHERE usergroup.Username = 'mobile' AND usergroup.GroupName = radgroupcheck.GroupName ORDER BY radgroupcheck.id'
radius_xlat: 'SELECT radgroupreply.id,radgroupreply.GroupName,radgroupreply.Attribute,radgroupreply.Value,radgroupreply.op FROM radgroupreply,usergroup WHERE usergroup.Username = 'mobile' AND usergroup.GroupName = radgroupreply.GroupName ORDER BY radgroupreply.id'
rlm_sql (sql): Released sql socket id: 2
modcall[authorize]: module "sql" returns ok for request 2
rlm_ldap: - authorize
rlm_ldap: performing user authorization for mobile
radius_xlat: '(cn=mobile)'
radius_xlat: 'ou=radius,o=uah,c=es'
rlm_ldap: ldap_get_conn: Checking Id: 0
rlm_ldap: ldap_get_conn: Got Id: 0
rlm_ldap: performing search in ou=radius,o=uah,c=es, with filter (cn=mobile)
rlm_ldap: object not found or got ambiguous search result
rlm_ldap: search failed
rlm_ldap: ldap_release_conn: Release Id: 0
modcall[authorize]: module "ldap" returns notfound for request 2
modcall: group authorize returns updated for request 2
rad_check_password: Found Auth-Type EAP
rad_check_password: Found Auth-Type EAP
Warning: Found 2 auth-types on request for user 'mobile'
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 2
rlm_eap: Request found, released from the list
rlm_eap: EAP/tls
rlm_eap: processing type tls
rlm_eap_tls: Authenticate
rlm_eap_tls: processing TLS
rlm_eap_tls: Received EAP-TLS ACK message
rlm_eap_tls: ack handshake fragment handler
eaptls_verify returned 1
eaptls_process returned 13
modcall[authenticate]: module "eap" returns handled for request 2
modcall: group authenticate returns handled for request 2
Sending Access-Challenge of id 140 to 10.0.0.11:1812
EAP-Message = 0x0141040a0dc0000012d3637073301106096086480186f8420101040403020640300b0603551d0f0404030205e0302006096086480186f842010d0413161156504e20536572766572206f6620756168301d0603551d0e041604142756c50196c3a0f1208f8327c67a89e6ec92d7cf3081aa0603551d230481a230819f801438870a2b2e63a58a8044a745ecb8a036446add56a17ca47a3078310b3009060355040613026573310c300a060355040a1303756168310c300a060355040b1303504b49312e302c060355040313254175746f72696461642064652043657274696669636163696f6e204175746f6d6174696361311d301b06092a864886f70d
EAP-Message = 0x010901160e706b69406175742e7561682e6573820900ae7948d122becdf5301e0603551d1104173015811376706e2d61646d696e4063727573612e636f6d30190603551d1204123010810e706b69406175742e7561682e6573303906096086480186f8420104042c162a687474703a2f2f6f626977616e2e6175742e7561682e65732f7075622f63726c2f636163726c2e63726c303906096086480186f8420103042c162a687474703a2f2f6f626977616e2e6175742e7561682e65732f7075622f63726c2f636163726c2e63726c303b0603551d1f043430323030a02ea02c862a687474703a2f2f6f626977616e2e6175742e7561682e65732f7075
EAP-Message = 0x622f63726c2f636163726c2e63726c300d06092a864886f70d010105050003820201000fd7e8dc029bbaf321ce6c6bba6d8315107f9e045cc6d8f82c3dbd32e8cdddcfa0d7123c13031c9e53ef74edd6f5f6a94beb3ae1bd20c96eafd1c069ad45a16375006fa3bdfe1fc39c7ef97defb2c7ea56e08dcc59bc0f40d69d6bea1ed19a8d144fbd14a7c0572b05e54c72c52b439df6e4c0e911eccb8c0c8cb7afc3b9c8bdd6d1d7041813215ac33ac9d45e73b368032fd4c192978ca63a1c3aa1cd344a04d4129e0d10cd7d9c018f929ff7ce212a93935342d6e2569dff805432a09e3831e08e7442b6d4235b982a4f8356935e343ff2f62e98fcb3cd25b8
EAP-Message = 0x9e439b062cbd79a6c9b8f99e8fc59a64224ad24ddf354b88604d296c54d13836ecc9a06e34d69b34298c0d334b682f8254e0c12ec9baff810ccac69e3427a50fdd8ec695aa960f8d60fcc55eaa5caed8e5ce34b25c0de26afec723977b3c6553057b66c5f6a35a279bc674b084aa7997aad22bc9c67e75ecce529c3ffd5a1be5fdb6a271d84df05a170c2de1a2e30fe505aec06a8fcf0e49811539c8e4f72325bc46d6fb89903fa5416a38668d04c71ed79c40e2f8c75b3f026fb1e7366449a1fe183ce7e34e5916b080a72a29bad7a67c8e9389ea01a70ddb4f3e2cf1d103b3d29d8993c91f0ae8dc9b690733ba153bba5248dfb72aec4aa21adfcf81
EAP-Message = 0x80725ad754035e7b3fcac22ee583c19032270f922f2e
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x8de1f909e4a87c97855957e5253bae2c
Finished request 2
Going to the next request
Waking up in 6 seconds...
rad_recv: Access-Request packet from host 10.0.0.11:1812, id=141, length=97
User-Name = "mobile"
NAS-IP-Address = 10.0.0.11
Calling-Station-Id = "00-0E-35-5D-B5-25"
State = 0x8de1f909e4a87c97855957e5253bae2c
EAP-Message = 0x024100060d00
Message-Authenticator = 0x840fbc4d13b0a07288c5d1659371118d
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 3
modcall[authorize]: module "preprocess" returns ok for request 3
modcall[authorize]: module "chap" returns noop for request 3
modcall[authorize]: module "mschap" returns noop for request 3
rlm_realm: No '@' in User-Name = "mobile", looking up realm NULL
rlm_realm: No such realm "NULL"
modcall[authorize]: module "suffix" returns noop for request 3
users: Matched entry DEFAULT at line 185
users: Matched entry mobile at line 227
modcall[authorize]: module "files" returns ok for request 3
rlm_eap: EAP packet type response id 65 length 6
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 3
radius_xlat: 'mobile'
rlm_sql (sql): sql_set_user escaped user --> 'mobile'
radius_xlat: 'SELECT id,UserName,Attribute,Value,op FROM radcheck WHERE Username = 'mobile' ORDER BY id'
rlm_sql (sql): Reserving sql socket id: 1
rlm_sql (sql): User mobile not found in radcheck
radius_xlat: 'SELECT radgroupcheck.id,radgroupcheck.GroupName,radgroupcheck.Attribute,radgroupcheck.Value,radgroupcheck.op FROM radgroupcheck,usergroup WHERE usergroup.Username = 'mobile' AND usergroup.GroupName = radgroupcheck.GroupName ORDER BY radgroupcheck.id'
radius_xlat: 'SELECT radgroupreply.id,radgroupreply.GroupName,radgroupreply.Attribute,radgroupreply.Value,radgroupreply.op FROM radgroupreply,usergroup WHERE usergroup.Username = 'mobile' AND usergroup.GroupName = radgroupreply.GroupName ORDER BY radgroupreply.id'
rlm_sql (sql): Released sql socket id: 1
modcall[authorize]: module "sql" returns ok for request 3
rlm_ldap: - authorize
rlm_ldap: performing user authorization for mobile
radius_xlat: '(cn=mobile)'
radius_xlat: 'ou=radius,o=uah,c=es'
rlm_ldap: ldap_get_conn: Checking Id: 0
rlm_ldap: ldap_get_conn: Got Id: 0
rlm_ldap: performing search in ou=radius,o=uah,c=es, with filter (cn=mobile)
rlm_ldap: object not found or got ambiguous search result
rlm_ldap: search failed
rlm_ldap: ldap_release_conn: Release Id: 0
modcall[authorize]: module "ldap" returns notfound for request 3
modcall: group authorize returns updated for request 3
rad_check_password: Found Auth-Type EAP
rad_check_password: Found Auth-Type EAP
Warning: Found 2 auth-types on request for user 'mobile'
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 3
rlm_eap: Request found, released from the list
rlm_eap: EAP/tls
rlm_eap: processing type tls
rlm_eap_tls: Authenticate
rlm_eap_tls: processing TLS
rlm_eap_tls: Received EAP-TLS ACK message
rlm_eap_tls: ack handshake fragment handler
eaptls_verify returned 1
eaptls_process returned 13
modcall[authenticate]: module "eap" returns handled for request 3
modcall: group authenticate returns handled for request 3
Sending Access-Challenge of id 141 to 10.0.0.11:1812
EAP-Message = 0x0142040a0dc0000012d38995578e1bbdef93336eea9b3086ea58767c4800079b308207973082057fa003020102020900ae7948d122becdf5300d06092a864886f70d01010505003078310b3009060355040613026573310c300a060355040a1303756168310c300a060355040b1303504b49312e302c060355040313254175746f72696461642064652043657274696669636163696f6e204175746f6d6174696361311d301b06092a864886f70d010901160e706b69406175742e7561682e6573301e170d3035303633303037353330335a170d3039303632393037353330335a3078310b3009060355040613026573310c300a060355040a13037561
EAP-Message = 0x68310c300a060355040b1303504b49312e302c060355040313254175746f72696461642064652043657274696669636163696f6e204175746f6d6174696361311d301b06092a864886f70d010901160e706b69406175742e7561682e657330820222300d06092a864886f70d01010105000382020f003082020a0282020100ccbe20115cdf3ea4f05c53e08ee11409c425f851e287b73f501d5809e9040059dbd95d83c316b9642820eb61e7804e0c76b5a7534d64e732be24bfe872b5e4a8b3991c18c61deb9e58e5dd43937812028a2d721e6311c9228cd977f71ab77979f3785c784adb8630b1559e3bb9f4dbf66f7cd3da2b32da2bc13ea816a3e3
EAP-Message = 0xa31c4b10b0457bc21780f4881c5dc30f49bf6aba7280412e6d45945de61837ef0de9af80f4778593f92d1e8c29440b8444f77dd57cbc907c393832f4e23e5855d83e63d459deaca7e154a09aa3654c945ec5648e07d67612aaddd5f777b1e6d02e9f467a29d9938f5acd34f120e6d0730b921e2f42e27f87a63589fa3120273e4388d69189ddf4995d1f0be2868eb92e981cc75f44b526317671e633875e40182a7c592a9ad55a00a4c08d591419942e5a590d896e1c351afd3515a5200be219f3e854521b8d5c10f5cfe633975c1e38cf590d7cdf325d53239b88cd483764556dbda3bcb1e8280d01cd782ca228d925e5bec5e25065d7c62fed532145
EAP-Message = 0x87a49a051ad92f251a131324e4c646461c7b780b7e322403708a758df8d5711d3c609efa5b62f47bc1c4e42f7b38970d944198545cff44fccd58787fc6edbbbd243c0d876c1fe3db89a6fd76f1276faa7a4fddbb7ab54078d69ea6c11289fb032b6d0b58f293e2133dafc7565b9c54d68bcc78d8a2733af103969ba0a0f7b08d40030214f70203010001a38202223082021e300f0603551d130101ff040530030101ff301d0603551d0e0416041438870a2b2e63a58a8044a745ecb8a036446add563081aa0603551d230481a230819f801438870a2b2e63a58a8044a745ecb8a036446add56a17ca47a3078310b3009060355040613026573310c300a
EAP-Message = 0x060355040a1303756168310c300a060355040b130350
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x78ebcb20e451da232658604c0f20cec0
Finished request 3
Going to the next request
Waking up in 6 seconds...
rad_recv: Access-Request packet from host 10.0.0.11:1812, id=142, length=97
User-Name = "mobile"
NAS-IP-Address = 10.0.0.11
Calling-Station-Id = "00-0E-35-5D-B5-25"
State = 0x78ebcb20e451da232658604c0f20cec0
EAP-Message = 0x024200060d00
Message-Authenticator = 0x56e8c1640961c51340628c5e4113336e
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 4
modcall[authorize]: module "preprocess" returns ok for request 4
modcall[authorize]: module "chap" returns noop for request 4
modcall[authorize]: module "mschap" returns noop for request 4
rlm_realm: No '@' in User-Name = "mobile", looking up realm NULL
rlm_realm: No such realm "NULL"
modcall[authorize]: module "suffix" returns noop for request 4
users: Matched entry DEFAULT at line 185
users: Matched entry mobile at line 227
modcall[authorize]: module "files" returns ok for request 4
rlm_eap: EAP packet type response id 66 length 6
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 4
radius_xlat: 'mobile'
rlm_sql (sql): sql_set_user escaped user --> 'mobile'
radius_xlat: 'SELECT id,UserName,Attribute,Value,op FROM radcheck WHERE Username = 'mobile' ORDER BY id'
rlm_sql (sql): Reserving sql socket id: 0
rlm_sql (sql): User mobile not found in radcheck
radius_xlat: 'SELECT radgroupcheck.id,radgroupcheck.GroupName,radgroupcheck.Attribute,radgroupcheck.Value,radgroupcheck.op FROM radgroupcheck,usergroup WHERE usergroup.Username = 'mobile' AND usergroup.GroupName = radgroupcheck.GroupName ORDER BY radgroupcheck.id'
radius_xlat: 'SELECT radgroupreply.id,radgroupreply.GroupName,radgroupreply.Attribute,radgroupreply.Value,radgroupreply.op FROM radgroupreply,usergroup WHERE usergroup.Username = 'mobile' AND usergroup.GroupName = radgroupreply.GroupName ORDER BY radgroupreply.id'
rlm_sql (sql): Released sql socket id: 0
modcall[authorize]: module "sql" returns ok for request 4
rlm_ldap: - authorize
rlm_ldap: performing user authorization for mobile
radius_xlat: '(cn=mobile)'
radius_xlat: 'ou=radius,o=uah,c=es'
rlm_ldap: ldap_get_conn: Checking Id: 0
rlm_ldap: ldap_get_conn: Got Id: 0
rlm_ldap: performing search in ou=radius,o=uah,c=es, with filter (cn=mobile)
rlm_ldap: object not found or got ambiguous search result
rlm_ldap: search failed
rlm_ldap: ldap_release_conn: Release Id: 0
modcall[authorize]: module "ldap" returns notfound for request 4
modcall: group authorize returns updated for request 4
rad_check_password: Found Auth-Type EAP
rad_check_password: Found Auth-Type EAP
Warning: Found 2 auth-types on request for user 'mobile'
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 4
rlm_eap: Request found, released from the list
rlm_eap: EAP/tls
rlm_eap: processing type tls
rlm_eap_tls: Authenticate
rlm_eap_tls: processing TLS
rlm_eap_tls: Received EAP-TLS ACK message
rlm_eap_tls: ack handshake fragment handler
eaptls_verify returned 1
eaptls_process returned 13
modcall[authenticate]: module "eap" returns handled for request 4
modcall: group authenticate returns handled for request 4
Sending Access-Challenge of id 142 to 10.0.0.11:1812
EAP-Message = 0x0143040a0dc0000012d34b49312e302c060355040313254175746f72696461642064652043657274696669636163696f6e204175746f6d6174696361311d301b06092a864886f70d010901160e706b69406175742e7561682e6573820900ae7948d122becdf5300b0603551d0f04040302010630190603551d1104123010810e706b69406175742e7561682e657330190603551d1204123010810e706b69406175742e7561682e6573301106096086480186f8420101040403020007303606096086480186f842010d042916277561682043657274696669636174696f6e20417574686f72697479204365727469666963617465303b0603551d1f0434
EAP-Message = 0x30323030a02ea02c862a687474703a2f2f6f626977616e2e6175742e7561682e65732f7075622f63726c2f636163726c2e63726c303906096086480186f8420104042c162a687474703a2f2f6f626977616e2e6175742e7561682e65732f7075622f63726c2f636163726c2e63726c303906096086480186f8420103042c162a687474703a2f2f6f626977616e2e6175742e7561682e65732f7075622f63726c2f636163726c2e63726c300d06092a864886f70d0101050500038202010042a0f8e04afcd107bbdd4e4d2f9765c612f5ec16f9f8d6a4b73b57c3fb718de633de0862e2bf869300ab2adb72595fd31ff1409f9d565699885cf00ee820c9
EAP-Message = 0xa1e64c6b67ace010c40df18456750a07b145d67ef13512ae0dbf3fde758be09c2c3e53fb24890868c7f22ad030a5d0f3df0bd634d9e8e8351d51964ca5df26e24aa3f4a74d830f4645e16ad411b156739767522b7244160969a904cf63891afc5ac9459d4cad8db8b64ca656ea782dd67d0ba6397c850b4ab544e0c24a0e066e3f266495e3e89b6eeef4bd7fe4fe1f9b05472a08a09b0588096467cd7a35d1fbfef138d32b11d5c368bcf55e19a951ef6296e9c965534778e5d7356ca2c53536dd81a7f468be9f3323f5fc04ab2573de0c558d6db2257dac688bd6328956f068b6aba10649848a3a26d5181c13404a392ae7029b3c9c2261fde9afdd99
EAP-Message = 0x07c79b8642e3c764fbb2585ebf009dbd9be1692ef28dfd564376b324d016cf56a726eae44bd2b55be01e8f4add1fcaca0af88f9f576d5099ae6f523a5090ad8e7890d41f50af3095126131bdcb16a5e803d66089a37635de14d5ec6f7c2da2e6c752a6b978fa84413f164ff43218a5a3cf03f94a712d31ee6fafec5ff5e168a08439faec58cab29c97d9f07b96b7cf2e47d55cfc3760f345ef0b0ea0fd9431cc96b9296ef90d4c375e3803485a5422300962a633a366278a1f7dae29c96a23d9e318e935160301028d0c0002890040eece0892a7684945d9c84b5e574665b987779aecd4cc5150e36eeed34818ffeacfac3c8b1e217cf21bec2fcae928
EAP-Message = 0x8c2cb604ad76c80fe5cfd0458b9b13b4f4b700010500
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x83a2b0b7088b72dae082b1c920aeb31a
Finished request 4
Going to the next request
Waking up in 6 seconds...
rad_recv: Access-Request packet from host 10.0.0.11:1812, id=143, length=97
User-Name = "mobile"
NAS-IP-Address = 10.0.0.11
Calling-Station-Id = "00-0E-35-5D-B5-25"
State = 0x83a2b0b7088b72dae082b1c920aeb31a
EAP-Message = 0x024300060d00
Message-Authenticator = 0x9da3b46acde71c0446afcb85102c4734
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 5
modcall[authorize]: module "preprocess" returns ok for request 5
modcall[authorize]: module "chap" returns noop for request 5
modcall[authorize]: module "mschap" returns noop for request 5
rlm_realm: No '@' in User-Name = "mobile", looking up realm NULL
rlm_realm: No such realm "NULL"
modcall[authorize]: module "suffix" returns noop for request 5
users: Matched entry DEFAULT at line 185
users: Matched entry mobile at line 227
modcall[authorize]: module "files" returns ok for request 5
rlm_eap: EAP packet type response id 67 length 6
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 5
radius_xlat: 'mobile'
rlm_sql (sql): sql_set_user escaped user --> 'mobile'
radius_xlat: 'SELECT id,UserName,Attribute,Value,op FROM radcheck WHERE Username = 'mobile' ORDER BY id'
rlm_sql (sql): Reserving sql socket id: 4
rlm_sql (sql): User mobile not found in radcheck
radius_xlat: 'SELECT radgroupcheck.id,radgroupcheck.GroupName,radgroupcheck.Attribute,radgroupcheck.Value,radgroupcheck.op FROM radgroupcheck,usergroup WHERE usergroup.Username = 'mobile' AND usergroup.GroupName = radgroupcheck.GroupName ORDER BY radgroupcheck.id'
radius_xlat: 'SELECT radgroupreply.id,radgroupreply.GroupName,radgroupreply.Attribute,radgroupreply.Value,radgroupreply.op FROM radgroupreply,usergroup WHERE usergroup.Username = 'mobile' AND usergroup.GroupName = radgroupreply.GroupName ORDER BY radgroupreply.id'
rlm_sql (sql): Released sql socket id: 4
modcall[authorize]: module "sql" returns ok for request 5
rlm_ldap: - authorize
rlm_ldap: performing user authorization for mobile
radius_xlat: '(cn=mobile)'
radius_xlat: 'ou=radius,o=uah,c=es'
rlm_ldap: ldap_get_conn: Checking Id: 0
rlm_ldap: ldap_get_conn: Got Id: 0
rlm_ldap: performing search in ou=radius,o=uah,c=es, with filter (cn=mobile)
rlm_ldap: object not found or got ambiguous search result
rlm_ldap: search failed
rlm_ldap: ldap_release_conn: Release Id: 0
modcall[authorize]: module "ldap" returns notfound for request 5
modcall: group authorize returns updated for request 5
rad_check_password: Found Auth-Type EAP
rad_check_password: Found Auth-Type EAP
Warning: Found 2 auth-types on request for user 'mobile'
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 5
rlm_eap: Request found, released from the list
rlm_eap: EAP/tls
rlm_eap: processing type tls
rlm_eap_tls: Authenticate
rlm_eap_tls: processing TLS
rlm_eap_tls: Received EAP-TLS ACK message
rlm_eap_tls: ack handshake fragment handler
eaptls_verify returned 1
eaptls_process returned 13
modcall[authenticate]: module "eap" returns handled for request 5
modcall: group authenticate returns handled for request 5
Sending Access-Challenge of id 143 to 10.0.0.11:1812
EAP-Message = 0x014402dd0d80000012d340b1872e42d5a34d28c71b1c5337514cabe48acfa781c1c3873e59590ba955cdb7ba278287c65e2a4f4dc06d7078c49c46dfa7ee92c48a94239096c330a5d2156a02004f20b4549575d48c8e4a388268cec8adbfc2828d20ceead9bdf7d06761896253534000448fbe3449c5333bf0b66540034c76fb0b8d6450122c9366b6fa5e86ee04726c33201290324dd27f0a533681c56e747b69db64a27e90fb993f98b0095903a9ac329cc211351fa23d20583db9e2121fb51d756a0767b941bfa647f949734c95ac726843df743b6d0b541b4926102dc83e710f9994e27e1e1b2ec76b3cd854b1525128213c8e97b0a285666588ee
EAP-Message = 0x392d91c72f546414996077fe904052d7dfbc8205575df979c53e6aedc56495baf548606c3a84cfade407959b832fe43222b432395eddd4990a3446df727de2fcd6ad433e5347f4419b13364399597f9e30948e118e43f55785a250d9e59c9786518a20ba2ca4bc3b6561a5556e4b71a867ab32946f93eeb6f85177ff0fd3fe6d962784c026457896a438c95dd702d85d2f981a2fdb726f048d71c3c1c901b658a94cf4c0bb5706e0a1e9c49606d7e39d107e39705e5736475fc1b5491a85913a883932d755b1ed27e244819c363c13d083efe45242ec2454dce61104a862ff1f411a9e4cc35b8428a8fb8ead440b34d5a29a897e87efa82f5ad91b9472
EAP-Message = 0x34ac50a8eede1098634f56cb0b73cad65e4e1b76efe23d5db1a2b1278a7a70501e5d8ba32564f9324de034ac8ffc23e0fd7b37b482244517c7453c08291b0609d89e9d7c92611dbf2e857025bd98896bb72e15160301008b0d0000830403040102007c007a3078310b3009060355040613026573310c300a060355040a1303756168310c300a060355040b1303504b49312e302c060355040313254175746f72696461642064652043657274696669636163696f6e204175746f6d6174696361311d301b06092a864886f70d010901160e706b69406175742e7561682e65730e000000
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x8114badf17473ee2b9c1d2ac7940e28d
Finished request 5
Going to the next request
Waking up in 6 seconds...
rad_recv: Access-Request packet from host 10.0.0.11:1812, id=144, length=1597
User-Name = "mobile"
NAS-IP-Address = 10.0.0.11
Calling-Station-Id = "00-0E-35-5D-B5-25"
State = 0x8114badf17473ee2b9c1d2ac7940e28d
EAP-Message = 0x024405d80dc000000efe1603010de80b000de4000de10006403082063c30820424a003020102020104300d06092a864886f70d01010505003078310b3009060355040613026573310c300a060355040a1303756168310c300a060355040b1303504b49312e302c060355040313254175746f72696461642064652043657274696669636163696f6e204175746f6d6174696361311d301b06092a864886f70d010901160e706b69406175742e7561682e6573301e170d3035303633303131333833345a170d3039303632383131333833345a304b310b3009060355040613026573310c300a060355040a13037561683110300e060355040b1307416c75
EAP-Message = 0x6d6e6f733110300e06035504031307436c69656e7465310a3008060355040513013430819f300d06092a864886f70d010101050003818d00308189028181009d475e9547b81afa9cfa087cef13d6e90dfaa1eef56fdef756fabdf8685ae8293f01f3c105e6c6ca1c14ac6cb4f92322deb00352b2842068d879c3683562883efa5eadddd275c269593afa9a5d8920b43d413118127213b8674a8837f97730d883f0c79fa54c06f67baf2a39a200106544fd498c58344b8bc20a9940ed10386d0203010001a38202803082027c30090603551d130402300030430603551d20043c303a300606042a030304303006042a0303053028302606082b06010505
EAP-Message = 0x070201161a687474703a2f2f796f64612e6175742e7561682e65732f637073301106096086480186f84201010404030205a0300b0603551d0f0404030205e030290603551d250422302006082b0601050507030206082b06010505070304060a2b060104018237140202302606096086480186f842010d0419161755736572204365727469666963617465206f6620756168301d0603551d0e0416041425c42b01ac77b1cd69ecb8fd105abdb37893f4c63081aa0603551d230481a230819f801438870a2b2e63a58a8044a745ecb8a036446add56a17ca47a3078310b3009060355040613026573310c300a060355040a1303756168310c300a060355
EAP-Message = 0x040b1303504b49312e302c060355040313254175746f72696461642064652043657274696669636163696f6e204175746f6d6174696361311d301b06092a864886f70d010901160e706b69406175742e7561682e6573820900ae7948d122becdf5301d0603551d11041630148112636c69656e7465407072756562612e636f6d30190603551d1204123010810e706b69406175742e7561682e6573303906096086480186f8420104042c162a687474703a2f2f6f626977616e2e6175742e7561682e65732f7075622f63726c2f636163726c2e63726c303906096086480186f8420103042c162a687474703a2f2f6f626977616e2e6175742e7561682e
EAP-Message = 0x65732f7075622f63726c2f636163726c2e63726c303b0603551d1f043430323030a02ea02c862a687474703a2f2f6f626977616e2e6175742e7561682e65732f7075622f63726c2f636163726c2e63726c300d06092a864886f70d010105050003820201005a416f2ab9d2911a2717c378f30c075c81b3aa7335897bea9dcf11aa23729c830263556297d9fbf4e36af0f230cd59df0e412530556a4c0bc3f9c608bbcb96785eef7aba9373654643be7661302978a43d3bb9e3a8235b23c121bb11dca9c0d866cea49f4adfe3d7f6dace21a3c88fee754d18db8c8123dac907f3d87fc47434a63d7ba9661f45f2088efdd1dbe420ed7c14c41f7af006dd
EAP-Message = 0xd799d71a479e34d17ea091468dbe0f560e7a44ce6d74368bc9dcca4257935e03bb9d755e3a4e178875ca51a32e7019d207268191a812745e2e5cb4b91224776f9aef9f6397ac485da2cd24a0d1c25e02d1f2828a21cbc47c762f86aeb4b44a5af71f013ded4d3a54cba5a49851218577af1c2b90cd27f3b5065a409f3e2644a7425ed3dc17d15a630f860fcc216813bdb0acb2b507f5c8479b280a110eecb858f0ef077a76f14107742ea064e02045789ded712b3eb8aadd9c1209e10757f25e14b900e4e8a111616e66697366586bf57a6f5fa79845021bde33efec2dddc95f3529b3a04ea2b8
Message-Authenticator = 0x8b8598358880bd370a2468c64421fec9
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 6
modcall[authorize]: module "preprocess" returns ok for request 6
modcall[authorize]: module "chap" returns noop for request 6
modcall[authorize]: module "mschap" returns noop for request 6
rlm_realm: No '@' in User-Name = "mobile", looking up realm NULL
rlm_realm: No such realm "NULL"
modcall[authorize]: module "suffix" returns noop for request 6
users: Matched entry DEFAULT at line 185
users: Matched entry mobile at line 227
modcall[authorize]: module "files" returns ok for request 6
rlm_eap: EAP packet type response id 68 length 253
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 6
radius_xlat: 'mobile'
rlm_sql (sql): sql_set_user escaped user --> 'mobile'
radius_xlat: 'SELECT id,UserName,Attribute,Value,op FROM radcheck WHERE Username = 'mobile' ORDER BY id'
rlm_sql (sql): Reserving sql socket id: 3
rlm_sql (sql): User mobile not found in radcheck
radius_xlat: 'SELECT radgroupcheck.id,radgroupcheck.GroupName,radgroupcheck.Attribute,radgroupcheck.Value,radgroupcheck.op FROM radgroupcheck,usergroup WHERE usergroup.Username = 'mobile' AND usergroup.GroupName = radgroupcheck.GroupName ORDER BY radgroupcheck.id'
radius_xlat: 'SELECT radgroupreply.id,radgroupreply.GroupName,radgroupreply.Attribute,radgroupreply.Value,radgroupreply.op FROM radgroupreply,usergroup WHERE usergroup.Username = 'mobile' AND usergroup.GroupName = radgroupreply.GroupName ORDER BY radgroupreply.id'
rlm_sql (sql): Released sql socket id: 3
modcall[authorize]: module "sql" returns ok for request 6
rlm_ldap: - authorize
rlm_ldap: performing user authorization for mobile
radius_xlat: '(cn=mobile)'
radius_xlat: 'ou=radius,o=uah,c=es'
rlm_ldap: ldap_get_conn: Checking Id: 0
rlm_ldap: ldap_get_conn: Got Id: 0
rlm_ldap: performing search in ou=radius,o=uah,c=es, with filter (cn=mobile)
rlm_ldap: object not found or got ambiguous search result
rlm_ldap: search failed
rlm_ldap: ldap_release_conn: Release Id: 0
modcall[authorize]: module "ldap" returns notfound for request 6
modcall: group authorize returns updated for request 6
rad_check_password: Found Auth-Type EAP
rad_check_password: Found Auth-Type EAP
Warning: Found 2 auth-types on request for user 'mobile'
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 6
rlm_eap: Request found, released from the list
rlm_eap: EAP/tls
rlm_eap: processing type tls
rlm_eap_tls: Authenticate
rlm_eap_tls: processing TLS
rlm_eap_tls: Received EAP-TLS First Fragment of the message
eaptls_verify returned 9
eaptls_process returned 13
modcall[authenticate]: module "eap" returns handled for request 6
modcall: group authenticate returns handled for request 6
Sending Access-Challenge of id 144 to 10.0.0.11:1812
EAP-Message = 0x014500060d00
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x15011ed049f30b857ce6683156d2b2b9
Finished request 6
Going to the next request
Waking up in 6 seconds...
rad_recv: Access-Request packet from host 10.0.0.11:1812, id=145, length=1597
User-Name = "mobile"
NAS-IP-Address = 10.0.0.11
Calling-Station-Id = "00-0E-35-5D-B5-25"
State = 0x15011ed049f30b857ce6683156d2b2b9
EAP-Message = 0x024505d80d40ab681293018df1f9594ec6cd73460d2eaa9ee53294dbc1ccc979aa7fa3ee1ade3de6ec5669814f25957e487620ab054f159c7fc7c9bff2f5f55bdb5a59950157d334d520a8764f9f39f5c97915552cd1f7c4721e62aafb240780478ef5ad4ea9b073ff39a6d0551d4e4b9a43421c763d8437403f645f05fa92c00ef13a4f99fdbd00079b308207973082057fa003020102020900ae7948d122becdf5300d06092a864886f70d01010505003078310b3009060355040613026573310c300a060355040a1303756168310c300a060355040b1303504b49312e302c060355040313254175746f726964616420646520436572746966696361
EAP-Message = 0x63696f6e204175746f6d6174696361311d301b06092a864886f70d010901160e706b69406175742e7561682e6573301e170d3035303633303037353330335a170d3039303632393037353330335a3078310b3009060355040613026573310c300a060355040a1303756168310c300a060355040b1303504b49312e302c060355040313254175746f72696461642064652043657274696669636163696f6e204175746f6d6174696361311d301b06092a864886f70d010901160e706b69406175742e7561682e657330820222300d06092a864886f70d01010105000382020f003082020a0282020100ccbe20115cdf3ea4f05c53e08ee11409c425f851
EAP-Message = 0xe287b73f501d5809e9040059dbd95d83c316b9642820eb61e7804e0c76b5a7534d64e732be24bfe872b5e4a8b3991c18c61deb9e58e5dd43937812028a2d721e6311c9228cd977f71ab77979f3785c784adb8630b1559e3bb9f4dbf66f7cd3da2b32da2bc13ea816a3e3a31c4b10b0457bc21780f4881c5dc30f49bf6aba7280412e6d45945de61837ef0de9af80f4778593f92d1e8c29440b8444f77dd57cbc907c393832f4e23e5855d83e63d459deaca7e154a09aa3654c945ec5648e07d67612aaddd5f777b1e6d02e9f467a29d9938f5acd34f120e6d0730b921e2f42e27f87a63589fa3120273e4388d69189ddf4995d1f0be2868eb92e981cc7
EAP-Message = 0x5f44b526317671e633875e40182a7c592a9ad55a00a4c08d591419942e5a590d896e1c351afd3515a5200be219f3e854521b8d5c10f5cfe633975c1e38cf590d7cdf325d53239b88cd483764556dbda3bcb1e8280d01cd782ca228d925e5bec5e25065d7c62fed53214587a49a051ad92f251a131324e4c646461c7b780b7e322403708a758df8d5711d3c609efa5b62f47bc1c4e42f7b38970d944198545cff44fccd58787fc6edbbbd243c0d876c1fe3db89a6fd76f1276faa7a4fddbb7ab54078d69ea6c11289fb032b6d0b58f293e2133dafc7565b9c54d68bcc78d8a2733af103969ba0a0f7b08d40030214f70203010001a38202223082021e30
EAP-Message = 0x0f0603551d130101ff040530030101ff301d0603551d0e0416041438870a2b2e63a58a8044a745ecb8a036446add563081aa0603551d230481a230819f801438870a2b2e63a58a8044a745ecb8a036446add56a17ca47a3078310b3009060355040613026573310c300a060355040a1303756168310c300a060355040b1303504b49312e302c060355040313254175746f72696461642064652043657274696669636163696f6e204175746f6d6174696361311d301b06092a864886f70d010901160e706b69406175742e7561682e6573820900ae7948d122becdf5300b0603551d0f04040302010630190603551d1104123010810e706b6940617574
EAP-Message = 0x2e7561682e657330190603551d1204123010810e706b69406175742e7561682e6573301106096086480186f8420101040403020007303606096086480186f842010d042916277561682043657274696669636174696f6e20417574686f72697479204365727469666963617465303b0603551d1f043430323030a02ea02c862a687474703a2f2f6f626977616e2e6175742e7561682e65732f7075622f63726c2f636163726c2e63726c303906096086480186f8420104042c162a687474703a2f2f6f626977616e2e6175742e7561682e65732f7075622f63726c2f636163726c2e63726c3039
Message-Authenticator = 0xc5d316d802ac60ec275aff67c255312d
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 7
modcall[authorize]: module "preprocess" returns ok for request 7
modcall[authorize]: module "chap" returns noop for request 7
modcall[authorize]: module "mschap" returns noop for request 7
rlm_realm: No '@' in User-Name = "mobile", looking up realm NULL
rlm_realm: No such realm "NULL"
modcall[authorize]: module "suffix" returns noop for request 7
users: Matched entry DEFAULT at line 185
users: Matched entry mobile at line 227
modcall[authorize]: module "files" returns ok for request 7
rlm_eap: EAP packet type response id 69 length 253
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 7
radius_xlat: 'mobile'
rlm_sql (sql): sql_set_user escaped user --> 'mobile'
radius_xlat: 'SELECT id,UserName,Attribute,Value,op FROM radcheck WHERE Username = 'mobile' ORDER BY id'
rlm_sql (sql): Reserving sql socket id: 2
rlm_sql (sql): User mobile not found in radcheck
radius_xlat: 'SELECT radgroupcheck.id,radgroupcheck.GroupName,radgroupcheck.Attribute,radgroupcheck.Value,radgroupcheck.op FROM radgroupcheck,usergroup WHERE usergroup.Username = 'mobile' AND usergroup.GroupName = radgroupcheck.GroupName ORDER BY radgroupcheck.id'
radius_xlat: 'SELECT radgroupreply.id,radgroupreply.GroupName,radgroupreply.Attribute,radgroupreply.Value,radgroupreply.op FROM radgroupreply,usergroup WHERE usergroup.Username = 'mobile' AND usergroup.GroupName = radgroupreply.GroupName ORDER BY radgroupreply.id'
rlm_sql (sql): Released sql socket id: 2
modcall[authorize]: module "sql" returns ok for request 7
rlm_ldap: - authorize
rlm_ldap: performing user authorization for mobile
radius_xlat: '(cn=mobile)'
radius_xlat: 'ou=radius,o=uah,c=es'
rlm_ldap: ldap_get_conn: Checking Id: 0
rlm_ldap: ldap_get_conn: Got Id: 0
rlm_ldap: performing search in ou=radius,o=uah,c=es, with filter (cn=mobile)
rlm_ldap: object not found or got ambiguous search result
rlm_ldap: search failed
rlm_ldap: ldap_release_conn: Release Id: 0
modcall[authorize]: module "ldap" returns notfound for request 7
modcall: group authorize returns updated for request 7
rad_check_password: Found Auth-Type EAP
rad_check_password: Found Auth-Type EAP
Warning: Found 2 auth-types on request for user 'mobile'
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 7
rlm_eap: Request found, released from the list
rlm_eap: EAP/tls
rlm_eap: processing type tls
rlm_eap_tls: Authenticate
rlm_eap_tls: processing TLS
rlm_eap_tls: More fragments to follow
eaptls_verify returned 10
eaptls_process returned 13
modcall[authenticate]: module "eap" returns handled for request 7
modcall: group authenticate returns handled for request 7
Sending Access-Challenge of id 145 to 10.0.0.11:1812
EAP-Message = 0x014600060d00
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x60952358c960e539d5816741349ddde1
Finished request 7
Going to the next request
Waking up in 6 seconds...
rad_recv: Access-Request packet from host 10.0.0.11:1812, id=146, length=965
User-Name = "mobile"
NAS-IP-Address = 10.0.0.11
Calling-Station-Id = "00-0E-35-5D-B5-25"
State = 0x60952358c960e539d5816741349ddde1
EAP-Message = 0x024603640d0006096086480186f8420103042c162a687474703a2f2f6f626977616e2e6175742e7561682e65732f7075622f63726c2f636163726c2e63726c300d06092a864886f70d0101050500038202010042a0f8e04afcd107bbdd4e4d2f9765c612f5ec16f9f8d6a4b73b57c3fb718de633de0862e2bf869300ab2adb72595fd31ff1409f9d565699885cf00ee820c9a1e64c6b67ace010c40df18456750a07b145d67ef13512ae0dbf3fde758be09c2c3e53fb24890868c7f22ad030a5d0f3df0bd634d9e8e8351d51964ca5df26e24aa3f4a74d830f4645e16ad411b156739767522b7244160969a904cf63891afc5ac9459d4cad8db8b64ca6
EAP-Message = 0x56ea782dd67d0ba6397c850b4ab544e0c24a0e066e3f266495e3e89b6eeef4bd7fe4fe1f9b05472a08a09b0588096467cd7a35d1fbfef138d32b11d5c368bcf55e19a951ef6296e9c965534778e5d7356ca2c53536dd81a7f468be9f3323f5fc04ab2573de0c558d6db2257dac688bd6328956f068b6aba10649848a3a26d5181c13404a392ae7029b3c9c2261fde9afdd9907c79b8642e3c764fbb2585ebf009dbd9be1692ef28dfd564376b324d016cf56a726eae44bd2b55be01e8f4add1fcaca0af88f9f576d5099ae6f523a5090ad8e7890d41f50af3095126131bdcb16a5e803d66089a37635de14d5ec6f7c2da2e6c752a6b978fa84413f164f
EAP-Message = 0xf43218a5a3cf03f94a712d31ee6fafec5ff5e168a08439faec58cab29c97d9f07b96b7cf2e47d55cfc3760f345ef0b0ea0fd9431cc96b9296ef90d4c375e3803485a5422300962a633a366278a1f7dae29c96a23d9e318e93516030100461000004200408e5d65cd23ea632c288f89fdc017613240c8791a4dcace0d6b6e55783dc7db94cb9b717f6687cf2dab64966aba2388383665750bac618fe5652beeb4ba1af93316030100860f00008200801d48acea0d6d3335e2dc0ba0b51c0945f1e142e3af5a743d42efe9cfe53fbfc59a6e22d5be597788917c2575292e1a623612229cca4395bbc28eb494a9ff8c036f4f6dbd554b0c7666e5d250338f
EAP-Message = 0x720647843d80125169fa1fea2a4cf59511da7c7cfc768b88188107033e7fdc7f6491fbd5084fbff1b102260ef4847c81a9e214030100010116030100302a8a7334eaa46ebabd33a1663113ab211dda71bdb26041325de1a11576c410e73b9812ad71e298f238b80452094c7652
Message-Authenticator = 0x86535dbf2d2b52864402b8f0e5619942
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 8
modcall[authorize]: module "preprocess" returns ok for request 8
modcall[authorize]: module "chap" returns noop for request 8
modcall[authorize]: module "mschap" returns noop for request 8
rlm_realm: No '@' in User-Name = "mobile", looking up realm NULL
rlm_realm: No such realm "NULL"
modcall[authorize]: module "suffix" returns noop for request 8
users: Matched entry DEFAULT at line 185
users: Matched entry mobile at line 227
modcall[authorize]: module "files" returns ok for request 8
rlm_eap: EAP packet type response id 70 length 253
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 8
radius_xlat: 'mobile'
rlm_sql (sql): sql_set_user escaped user --> 'mobile'
radius_xlat: 'SELECT id,UserName,Attribute,Value,op FROM radcheck WHERE Username = 'mobile' ORDER BY id'
rlm_sql (sql): Reserving sql socket id: 1
rlm_sql (sql): User mobile not found in radcheck
radius_xlat: 'SELECT radgroupcheck.id,radgroupcheck.GroupName,radgroupcheck.Attribute,radgroupcheck.Value,radgroupcheck.op FROM radgroupcheck,usergroup WHERE usergroup.Username = 'mobile' AND usergroup.GroupName = radgroupcheck.GroupName ORDER BY radgroupcheck.id'
radius_xlat: 'SELECT radgroupreply.id,radgroupreply.GroupName,radgroupreply.Attribute,radgroupreply.Value,radgroupreply.op FROM radgroupreply,usergroup WHERE usergroup.Username = 'mobile' AND usergroup.GroupName = radgroupreply.GroupName ORDER BY radgroupreply.id'
rlm_sql (sql): Released sql socket id: 1
modcall[authorize]: module "sql" returns ok for request 8
rlm_ldap: - authorize
rlm_ldap: performing user authorization for mobile
radius_xlat: '(cn=mobile)'
radius_xlat: 'ou=radius,o=uah,c=es'
rlm_ldap: ldap_get_conn: Checking Id: 0
rlm_ldap: ldap_get_conn: Got Id: 0
rlm_ldap: performing search in ou=radius,o=uah,c=es, with filter (cn=mobile)
rlm_ldap: object not found or got ambiguous search result
rlm_ldap: search failed
rlm_ldap: ldap_release_conn: Release Id: 0
modcall[authorize]: module "ldap" returns notfound for request 8
modcall: group authorize returns updated for request 8
rad_check_password: Found Auth-Type EAP
rad_check_password: Found Auth-Type EAP
Warning: Found 2 auth-types on request for user 'mobile'
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 8
rlm_eap: Request found, released from the list
rlm_eap: EAP/tls
rlm_eap: processing type tls
rlm_eap_tls: Authenticate
rlm_eap_tls: processing TLS
eaptls_verify returned 7
rlm_eap_tls: Done initial handshake
rlm_eap_tls: <<< TLS 1.0 Handshake [length 0de8], Certificate
chain-depth=1,
error=0
--> User-Name = mobile
--> BUF-Name = Autoridad de Certificacion Automatica
--> subject = /C=es/O=uah/OU=PKI/CN=Autoridad de Certificacion Automatica/emailAddress=pki(a)aut.uah.es
--> issuer = /C=es/O=uah/OU=PKI/CN=Autoridad de Certificacion Automatica/emailAddress=pki(a)aut.uah.es
--> verify return:1
chain-depth=0,
error=0
--> User-Name = mobile
--> BUF-Name = Cliente
--> subject = /C=es/O=uah/OU=Alumnos/CN=Cliente/serialNumber=4
--> issuer = /C=es/O=uah/OU=PKI/CN=Autoridad de Certificacion Automatica/emailAddress=pki(a)aut.uah.es
--> verify return:1
TLS_accept: SSLv3 read client certificate A
rlm_eap_tls: <<< TLS 1.0 Handshake [length 0046], ClientKeyExchange
TLS_accept: SSLv3 read client key exchange A
rlm_eap_tls: <<< TLS 1.0 Handshake [length 0086], CertificateVerify
TLS_accept: SSLv3 read certificate verify A
rlm_eap_tls: <<< TLS 1.0 ChangeCipherSpec [length 0001]
rlm_eap_tls: <<< TLS 1.0 Handshake [length 0010], Finished
TLS_accept: SSLv3 read finished A
rlm_eap_tls: >>> TLS 1.0 ChangeCipherSpec [length 0001]
TLS_accept: SSLv3 write change cipher spec A
rlm_eap_tls: >>> TLS 1.0 Handshake [length 0010], Finished
TLS_accept: SSLv3 write finished A
TLS_accept: SSLv3 flush data
(other): SSL negotiation finished successfully
SSL Connection Established
eaptls_process returned 13
modcall[authenticate]: module "eap" returns handled for request 8
modcall: group authenticate returns handled for request 8
Sending Access-Challenge of id 146 to 10.0.0.11:1812
EAP-Message = 0x014700450d800000003b14030100010116030100306e143f76c8cc466fb5bd2e30eae300820b579ca7d08e6c086fbf2ea0c05a80ab19014fa8ebec699fd9beb87723a81225
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x15ef8e9ca16373521a0d577ee1ced6ba
Finished request 8
Going to the next request
Waking up in 6 seconds...
1
0
Hello!
I'm trying to compile FreeRadius 1.0.4 on Windows XP machine under Cygwin, but the EAP module doesn't work.
I'm compile server with --disable-shared flag.
When radiusd -X executes it says that rlm_eap is failded to link and unknown error occur.
When I comment all eap definitions in radiusd.conf then all OK.
Could anyone help me on this, I am totally new to FreeRadius.
Thanks,
Andrew Melovatsky
1
0