Freeradius-Users
Threads by month
- ----- 2026 -----
- July
- June
- May
- April
- March
- February
- January
- ----- 2025 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2024 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2023 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2022 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2021 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2020 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2019 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2018 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2017 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2016 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2015 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2014 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2013 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2012 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2011 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2010 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2009 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2008 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2007 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2006 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2005 -----
- December
- November
- October
- September
- August
- July
- June
- May
July 2005
- 219 participants
- 323 discussions
Hi list!
I have a problem with the rlm_sqlcounter. It send the Session-Time-Out
correctly but when if check the time limit against the data base it
always return 0. I've added some debugging output and recompile.
This is the output:
Tue Jul 5 14:46:51 2005 : Debug: rlm_sqlcounter: Entering module authorize code
Tue Jul 5 14:46:51 2005 : Debug: sqlcounter_expand: 'SELECT
SUM(AcctSessionTime) FROM radacct WHERE UserName='%{User-Name}' AND
AcctStartTime > abstime(1120539600)'
Tue Jul 5 14:46:51 2005 : Debug: radius_xlat: 'SELECT
SUM(AcctSessionTime) FROM radacct WHERE UserName='ceruno' AND
AcctStartTime > abstime(1120539600)'
Tue Jul 5 14:46:51 2005 : Debug: sqlcounter_expand:
'%{sqlcca3:SELECT SUM(AcctSessionTime) FROM radacct WHERE
UserName='ceruno' AND AcctStartTime > abstime(1120539600)}'
Tue Jul 5 14:46:51 2005 : Debug: rlm_sqlcounter: querystr:
%{%S:SELECT SUM(AcctSessionTime) FROM radacct WHERE UserName='ceruno'
AND AcctStartTime > abstime(1120539600)}
Tue Jul 5 14:46:51 2005 : Debug: rlm_sqlcounter: responsestr:
%{sqlcca3:SELECT SUM(AcctSessionTime) FROM radacct WHERE
UserName='ceruno' AND AcctStartTime > abstime(1120539600)}
Tue Jul 5 14:46:51 2005 : Debug: rlm_sqlcounter: Valor obtenido de la
consulta: 0
Tue Jul 5 14:46:51 2005 : Debug: rlm_sqlcounter: Valor a checkar: 90
Tue Jul 5 14:46:51 2005 : Debug: rlm_sqlcounter: (Check item -
counter) is greater than zero
Tue Jul 5 14:46:51 2005 : Debug: rlm_sqlcounter: Authorized user
ceruno, check_item=90, counter=0
Tue Jul 5 14:46:51 2005 : Debug: rlm_sqlcounter: Sent Reply-Item for
user ceruno, Type=Session-Timeout, value=90
Tue Jul 5 14:46:51 2005 : Debug: modsingle[authorize]: returned
from dailycounter (rlm_sqlcounter) for request 9
Tue Jul 5 14:46:51 2005 : Debug: modcall[authorize]: module
"dailycounter" returns ok for request 9
Tue Jul 5 14:46:51 2005 : Debug: modsingle[authorize]: calling
monthlycounter (rlm_sqlcounter) for request 9
Tue Jul 5 14:46:51 2005 : Debug: rlm_sqlcounter: Entering module authorize code
Tue Jul 5 14:46:51 2005 : Debug: rlm_sqlcounter: Could not find Check
item value pair
Tue Jul 5 14:46:51 2005 : Debug: modsingle[authorize]: returned
from monthlycounter (rlm_sqlcounter) for request 9
Tue Jul 5 14:46:51 2005 : Debug: modcall[authorize]: module
"monthlycounter" returns noop for request 9
Tue Jul 5 14:46:51 2005 : Debug: modcall: group authorize returns ok
for request 9
Tue Jul 5 14:46:51 2005 : Debug: rad_check_password: Found Auth-Type System
Tue Jul 5 14:46:51 2005 : Debug: auth: type "System"
Tue Jul 5 14:46:51 2005 : Debug: Processing the authenticate
section of radiusd.conf
Tue Jul 5 14:46:51 2005 : Debug: modcall: entering group authenticate
for request 9
Tue Jul 5 14:46:51 2005 : Debug: modsingle[authenticate]: calling
unix (rlm_unix) for request 9
Tue Jul 5 14:46:51 2005 : Debug: modsingle[authenticate]: returned
from unix (rlm_unix) for request 9
Tue Jul 5 14:46:51 2005 : Debug: modcall[authenticate]: module
"unix" returns ok for request 9
Tue Jul 5 14:46:51 2005 : Debug: modcall: group authenticate returns
ok for request 9
Looking at the code in rlm_sqlcounter.c in the sqlcounter_authorize
function (the lines starting with * is what I've added).
/* third, wrap query with sql module & expand */
sprintf(querystr, "%%{%%S:%s}", responsestr);
sqlcounter_expand(responsestr, MAX_QUERY_LEN, querystr, instance);
/* Finally, xlat resulting SQL query */
radius_xlat(querystr, MAX_QUERY_LEN, responsestr, request, NULL);
* DEBUG2("rlm_sqlcounter: querystr: %s",querystr);
* DEBUG2("rlm_sqlcounter: responsestr: %s",responsestr);
counter = atoi(querystr);
* DEBUG2("rlm_sqlcounter: Valor obtenido de la consulta: %d",counter);
* DEBUG2("rlm_sqlcounter: Valor a checkar: %d",check_vp->lvalue);
If you compare the output above you will note that when 'counter =
atoi(querystr)' happens the value of querystr is : ' %{%S:SELECT
SUM(AcctSessionTime) FROM radacct WHERE UserName='ceruno' AND
AcctStartTime > abstime(1120539600)}' . So I think is maybe a bug.
I also have a question: Where the SQL query really happens? I
couldn't figure it out :(
I'am runnig in a FC3 with PostgreSQL 7.4.8 and the last stable release
of freeRadius. (Version 1.0.4)
I'll appreciate any help you can give me.
Miguel.
4
8
Hi,
I have made a access control to wired & wireless network by freeradius
and openldap base on attribute radiusGroupName.
Now, I want to reserve at one group only the access to the web (port
80), and to another group the full access to Internet. It's possible to
manage this control by freeradius and LDAP.
thanks,
Felice
--
Email.it, the professional e-mail, gratis per te: http://www.email.it/f
Sponsor:
Niente paura, da oggi puoi recuperare i dati persi dal PC, semplice come cliccare qui
Clicca qui: http://adv.email.it/cgi-bin/foclick.cgi?mid=3361&d=7-7
2
1
07 Jul '05
List,
I am experiencing several barriers in getting the FreeRadius 1.0.2 port
to work, in FreeBSD 5.4-RELEASE. The supplicant is XP SP2, requesting through
a Cisco 1100 AP NAS.
Included is my startup, along with a couple of supplicant requests.
In the past I have used sql authorization. I now use files, and am taking
baby-steps (with http://www.alphacore.net/spipen/article.php3?id_article=4 as
my guide).
When I can get everything working with the built-in XP 802.1x
authentcation client, I would like to enable multiple VLAN support into my
radius config.
My questions can be found at the bottom of this post.
---
/usr/local/sbin/radiusd -X -A -y -z
Starting - reading configuration files ...
reread_config: reading radiusd.conf
Config: including file: /usr/local/etc/raddb/proxy.conf
Config: including file: /usr/local/etc/raddb/clients.conf
Config: including file: /usr/local/etc/raddb/snmp.conf
Config: including file: /usr/local/etc/raddb/eap.conf
Config: including file: /usr/local/etc/raddb/sql.conf
main: prefix = "/usr/local"
main: localstatedir = "/var"
main: logdir = "/var/log"
main: libdir = "/usr/local/lib"
main: radacctdir = "/var/log/radacct"
main: hostname_lookups = yes
main: snmp = no
main: max_request_time = 30
main: cleanup_delay = 5
main: max_requests = 1024
main: delete_blocked_requests = 0
main: port = 1645
main: allow_core_dumps = no
main: log_stripped_names = yes
main: log_file = "/var/log/radius.log"
main: log_auth = yes
main: log_auth_badpass = yes
main: log_auth_goodpass = yes
main: pidfile = "/var/run/radiusd/radiusd.pid"
main: user = "nobody"
main: group = "nobody"
main: usercollide = no
main: lower_user = "no"
main: lower_pass = "no"
main: nospace_user = "no"
main: nospace_pass = "no"
main: checkrad = "/usr/local/sbin/checkrad"
main: proxy_requests = yes
proxy: retry_delay = 5
proxy: retry_count = 3
proxy: synchronous = no
proxy: default_fallback = yes
proxy: dead_time = 120
proxy: post_proxy_authorize = yes
proxy: wake_all_if_all_dead = no
security: max_attributes = 200
security: reject_delay = 1
security: status_server = no
main: debug_level = 0
read_config_files: reading dictionary
read_config_files: reading naslist
Using deprecated naslist file. Support for this will go away soon.
read_config_files: reading clients
read_config_files: reading realms
radiusd: entering modules setup
Module: Library search path is /usr/local/lib
Module: Loaded exec
exec: wait = yes
exec: program = "(null)"
exec: input_pairs = "request"
exec: output_pairs = "(null)"
exec: packet_type = "(null)"
rlm_exec: Wait=yes but no output defined. Did you mean output=none?
Module: Instantiated exec (exec)
Module: Loaded expr
Module: Instantiated expr (expr)
Module: Loaded PAP
pap: encryption_scheme = "crypt"
Module: Instantiated pap (pap)
Module: Loaded CHAP
Module: Instantiated chap (chap)
Module: Loaded MS-CHAP
mschap: use_mppe = yes
mschap: require_encryption = no
mschap: require_strong = no
mschap: with_ntdomain_hack = no
mschap: passwd = "(null)"
mschap: authtype = "MS-CHAP"
mschap: ntlm_auth = "(null)"
Module: Instantiated mschap (mschap)
Module: Loaded System
unix: cache = no
unix: passwd = "(null)"
unix: shadow = "(null)"
unix: group = "(null)"
unix: radwtmp = "/var/log/radwtmp"
unix: usegroup = no
unix: cache_reload = 600
Module: Instantiated unix (unix)
Module: Loaded eap
eap: default_eap_type = "md5"
eap: timer_expire = 60
eap: ignore_unknown_eap_types = no
eap: cisco_accounting_username_bug = no
rlm_eap: Loaded and initialized type md5
rlm_eap: Loaded and initialized type leap
gtc: challenge = "Password: "
gtc: auth_type = "PAP"
rlm_eap: Loaded and initialized type gtc
tls: rsa_key_exchange = no
tls: dh_key_exchange = yes
tls: rsa_key_length = 512
tls: dh_key_length = 512
tls: verify_depth = 0
tls: CA_path = "(null)"
tls: pem_file_type = yes
tls: private_key_file = "/usr/local/etc/raddb/certs/demoCA/private/cakey.pem"
tls: certificate_file = "/usr/local/etc/raddb/certs/cacert.pem"
tls: CA_file = "/usr/local/etc/raddb/certs/cacert.pem"
tls: private_key_password = "xXxXxX"
tls: dh_file = "/usr/local/etc/raddb/certs/dh"
tls: random_file = "/usr/local/etc/raddb/certs/random"
tls: fragment_size = 1024
tls: include_length = yes
tls: check_crl = no
tls: check_cert_cn = "(null)"
rlm_eap: Loaded and initialized type tls
ttls: default_eap_type = "md5"
ttls: copy_request_to_tunnel = yes
ttls: use_tunneled_reply = yes
rlm_eap: Loaded and initialized type ttls
mschapv2: with_ntdomain_hack = no
rlm_eap: Loaded and initialized type mschapv2
Module: Instantiated eap (eap)
Module: Loaded preprocess
preprocess: huntgroups = "/usr/local/etc/raddb/huntgroups"
preprocess: hints = "/usr/local/etc/raddb/hints"
preprocess: with_ascend_hack = no
preprocess: ascend_channels_per_line = 23
preprocess: with_ntdomain_hack = no
preprocess: with_specialix_jetstream_hack = no
preprocess: with_cisco_vsa_hack = no
Module: Instantiated preprocess (preprocess)
Module: Loaded detail
detail: detailfile = "/var/log/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d"
detail: detailperm = 384
detail: dirperm = 493
detail: locking = no
Module: Instantiated detail (auth_log)
Module: Loaded realm
realm: format = "suffix"
realm: delimiter = "@"
realm: ignore_default = no
realm: ignore_null = no
Module: Instantiated realm (suffix)
Module: Loaded files
files: usersfile = "/usr/local/etc/raddb/users"
files: acctusersfile = "/usr/local/etc/raddb/acct_users"
files: preproxy_usersfile = "/usr/local/etc/raddb/preproxy_users"
files: compat = "no"
Module: Instantiated files (files)
Module: Loaded Acct-Unique-Session-Id
acct_unique: key = "User-Name, Acct-Session-Id, NAS-IP-Address, Client-IP-Address, NAS-Port"
Module: Instantiated acct_unique (acct_unique)
detail: detailfile = "/var/log/radacct/%{Client-IP-Address}/detail-%Y%m%d"
detail: detailperm = 384
detail: dirperm = 493
detail: locking = no
Module: Instantiated detail (detail)
Module: Loaded radutmp
radutmp: filename = "/var/log/radutmp"
radutmp: username = "%{User-Name}"
radutmp: case_sensitive = yes
radutmp: check_with_nas = yes
radutmp: perm = 384
radutmp: callerid = yes
Module: Instantiated radutmp (radutmp)
Listening on authentication *:1645
Listening on accounting *:1646
Listening on proxy *:1647
Ready to process requests.
rad_recv: Access-Request packet from host 192.168.1.249:1645, id=204, length=160
User-Name = "\\test"
Framed-MTU = 1400
Called-Station-Id = "0014.691e.dee0"
Calling-Station-Id = "000e.35b5.eb8f"
Service-Type = Login-User
Message-Authenticator = 0x238c744d504314eab835667ae645baac
EAP-Message = 0x0205001115800000000715030100020230
NAS-Port-Type = Wireless-802.11
NAS-Port = 5109
State = 0x9b473d358960d6200af1bc554cb69e61
NAS-IP-Address = 192.168.1.249
NAS-Identifier = "freeradius1100"
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 0
modcall[authorize]: module "preprocess" returns ok for request 0
radius_xlat: '/var/log/radacct/slc-int-1-249.southwestern.edu/auth-detail-20050707'
rlm_detail: /var/log/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d expands to /var/log/radacct/slc-int-1-249.southwestern.edu/auth-detail-20050707
modcall[authorize]: module "auth_log" returns ok for request 0
modcall[authorize]: module "chap" returns noop for request 0
modcall[authorize]: module "mschap" returns noop for request 0
rlm_realm: No '@' in User-Name = "\test", looking up realm NULL
rlm_realm: No such realm "NULL"
modcall[authorize]: module "suffix" returns noop for request 0
rlm_eap: EAP packet type response id 5 length 17
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 0
users: Matched entry DEFAULT at line 155
modcall[authorize]: module "files" returns ok for request 0
modcall: group authorize returns updated for request 0
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 0
rlm_eap: Request not found in the list
rlm_eap: Either EAP-request timed out OR EAP-response to an unknown EAP-request
rlm_eap: Failed in handler
modcall[authenticate]: module "eap" returns invalid for request 0
modcall: group authenticate returns invalid for request 0
auth: Failed to validate the user.
Login incorrect: [\\test/<no User-Password attribute>] (from client Aironet1100 port 5109 cli 000e.35b5.eb8f)
Delaying request 0 for 1 seconds
Finished request 0
Going to the next request
--- Walking the entire request list ---
Waking up in 1 seconds...
--- Walking the entire request list ---
Waking up in 1 seconds...
--- Walking the entire request list ---
Sending Access-Reject of id 204 to 192.168.1.249:1645
Waking up in 4 seconds...
rad_recv: Access-Request packet from host 192.168.1.249:1645, id=205, length=135
User-Name = "\\test"
Framed-MTU = 1400
Called-Station-Id = "0014.691e.dee0"
Calling-Station-Id = "000e.35b5.eb8f"
Service-Type = Login-User
Message-Authenticator = 0x8fa769b77767a6d40c0f4368065836f7
EAP-Message = 0x0201000a015c74657374
NAS-Port-Type = Wireless-802.11
NAS-Port = 5110
NAS-IP-Address = 192.168.1.249
NAS-Identifier = "freeradius1100"
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 1
modcall[authorize]: module "preprocess" returns ok for request 1
radius_xlat: '/var/log/radacct/slc-int-1-249.southwestern.edu/auth-detail-20050707'
rlm_detail: /var/log/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d expands to /var/log/radacct/slc-int-1-249.southwestern.edu/auth-detail-20050707
modcall[authorize]: module "auth_log" returns ok for request 1
modcall[authorize]: module "chap" returns noop for request 1
modcall[authorize]: module "mschap" returns noop for request 1
rlm_realm: No '@' in User-Name = "\test", looking up realm NULL
rlm_realm: No such realm "NULL"
modcall[authorize]: module "suffix" returns noop for request 1
rlm_eap: EAP packet type response id 1 length 10
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 1
users: Matched entry DEFAULT at line 155
modcall[authorize]: module "files" returns ok for request 1
modcall: group authorize returns updated for request 1
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 1
rlm_eap: EAP Identity
rlm_eap: processing type md5
rlm_eap_md5: Issuing Challenge
modcall[authenticate]: module "eap" returns handled for request 1
modcall: group authenticate returns handled for request 1
Sending Access-Challenge of id 205 to 192.168.1.249:1645
EAP-Message = 0x010200160410f8699c142f2b04174aa12d7ba7e1acb3
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xefbab3f23eae914a7e7e787f980a33ea
Finished request 1
Going to the next request
Waking up in 4 seconds...
rad_recv: Access-Request packet from host 192.168.1.249:1645, id=206, length=149
User-Name = "\\test"
Framed-MTU = 1400
Called-Station-Id = "0014.691e.dee0"
Calling-Station-Id = "000e.35b5.eb8f"
Service-Type = Login-User
Message-Authenticator = 0x028ca873c46d637a9313e8a7c400e9f9
EAP-Message = 0x020200060315
NAS-Port-Type = Wireless-802.11
NAS-Port = 5110
State = 0xefbab3f23eae914a7e7e787f980a33ea
NAS-IP-Address = 192.168.1.249
NAS-Identifier = "freeradius1100"
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 2
modcall[authorize]: module "preprocess" returns ok for request 2
radius_xlat: '/var/log/radacct/slc-int-1-249.southwestern.edu/auth-detail-20050707'
rlm_detail: /var/log/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d expands to /var/log/radacct/slc-int-1-249.southwestern.edu/auth-detail-20050707
modcall[authorize]: module "auth_log" returns ok for request 2
modcall[authorize]: module "chap" returns noop for request 2
modcall[authorize]: module "mschap" returns noop for request 2
rlm_realm: No '@' in User-Name = "\test", looking up realm NULL
rlm_realm: No such realm "NULL"
modcall[authorize]: module "suffix" returns noop for request 2
rlm_eap: EAP packet type response id 2 length 6
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 2
users: Matched entry DEFAULT at line 155
modcall[authorize]: module "files" returns ok for request 2
modcall: group authorize returns updated for request 2
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 2
rlm_eap: Request found, released from the list
rlm_eap: EAP NAK
rlm_eap: EAP-NAK asked for EAP-Type/ttls
rlm_eap: processing type tls
rlm_eap_tls: Initiate
rlm_eap_tls: Start returned 1
modcall[authenticate]: module "eap" returns handled for request 2
modcall: group authenticate returns handled for request 2
Sending Access-Challenge of id 206 to 192.168.1.249:1645
EAP-Message = 0x010300061520
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x92217acdcb66585c00578271b16e607a
Finished request 2
Going to the next request
Waking up in 4 seconds...
rad_recv: Access-Request packet from host 192.168.1.249:1645, id=207, length=249
User-Name = "\\test"
Framed-MTU = 1400
Called-Station-Id = "0014.691e.dee0"
Calling-Station-Id = "000e.35b5.eb8f"
Service-Type = Login-User
Message-Authenticator = 0x2720f14be41136a09d19c7eccb60cfe9
EAP-Message = 0x0203006a158000000060160301005b01000057030142cd0f6a8f09262c8c4b8acc2ac7d156e44e412a5860a00d23512d0ea279941000003000390038003500160013000a00330032002f0066000500040065006400630062006000150012000900140011000800030100
NAS-Port-Type = Wireless-802.11
NAS-Port = 5110
State = 0x92217acdcb66585c00578271b16e607a
NAS-IP-Address = 192.168.1.249
NAS-Identifier = "freeradius1100"
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 3
modcall[authorize]: module "preprocess" returns ok for request 3
radius_xlat: '/var/log/radacct/slc-int-1-249.southwestern.edu/auth-detail-20050707'
rlm_detail: /var/log/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d expands to /var/log/radacct/slc-int-1-249.southwestern.edu/auth-detail-20050707
modcall[authorize]: module "auth_log" returns ok for request 3
modcall[authorize]: module "chap" returns noop for request 3
modcall[authorize]: module "mschap" returns noop for request 3
rlm_realm: No '@' in User-Name = "\test", looking up realm NULL
rlm_realm: No such realm "NULL"
modcall[authorize]: module "suffix" returns noop for request 3
rlm_eap: EAP packet type response id 3 length 106
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 3
users: Matched entry DEFAULT at line 155
modcall[authorize]: module "files" returns ok for request 3
modcall: group authorize returns updated for request 3
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 3
rlm_eap: Request found, released from the list
rlm_eap: EAP/ttls
rlm_eap: processing type ttls
rlm_eap_ttls: Authenticate
rlm_eap_tls: processing TLS
rlm_eap_tls: Length Included
eaptls_verify returned 11
(other): before/accept initialization
TLS_accept: before/accept initialization
rlm_eap_tls: <<< TLS 1.0 Handshake [length 005b], ClientHello
TLS_accept: SSLv3 read client hello A
rlm_eap_tls: >>> TLS 1.0 Handshake [length 004a], ServerHello
TLS_accept: SSLv3 write server hello A
rlm_eap_tls: >>> TLS 1.0 Handshake [length 0454], Certificate
TLS_accept: SSLv3 write certificate A
rlm_eap_tls: >>> TLS 1.0 Handshake [length 0004], ServerHelloDone
TLS_accept: SSLv3 write server done A
TLS_accept: SSLv3 flush data
TLS_accept:error in SSLv3 read client certificate A
In SSL Handshake Phase
In SSL Accept mode
eaptls_process returned 13
modcall[authenticate]: module "eap" returns handled for request 3
modcall: group authenticate returns handled for request 3
Sending Access-Challenge of id 207 to 192.168.1.249:1645
EAP-Message = 0x0104040a15c0000004b1160301004a02000046030142ccc10ed21fab0d59b10e6188e109574dae7147d68ffb41d3d2023030eeda75207f4a0ac74177d7255e411ecedbe3ebc5db188d491a11923c4cffb6354b0b32fb00350016030104540b00045000044d00044a30820446308203afa003020102020900b4ffbc458a823a63300d06092a864886f70d01010405003081c9310b3009060355040613025553310e300c060355040813055465786173311330110603550407130a47656f726765746f776e3120301e060355040a1317536f7574687765737465726e20556e6976657273697479311e301c060355040b1315495453202d20536572766572
EAP-Message = 0x204469766973696f6e3129302706035504031320536f7574687765737465726e20556e6976657273697479202d205241444955533128302606092a864886f70d010901161973797361646d696e40736f7574687765737465726e2e656475301e170d3035303730363133353630335a170d3135303730343133353630335a3081c9310b3009060355040613025553310e300c060355040813055465786173311330110603550407130a47656f726765746f776e3120301e060355040a1317536f7574687765737465726e20556e6976657273697479311e301c060355040b1315495453202d20536572766572204469766973696f6e3129302706035504
EAP-Message = 0x031320536f7574687765737465726e20556e6976657273697479202d205241444955533128302606092a864886f70d010901161973797361646d696e40736f7574687765737465726e2e65647530819f300d06092a864886f70d010101050003818d0030818902818100952a6e25e986e7297e0fe23d8ab71a410a827faeed95c076d4bb558f46790b556c13bb40cb082da6776bcad9d70c884d7f831dce00b984cc2c1818a744c529c21a9fb708244e09ef55c7edc2c063659d0ab8f2948bcf9e98c862460023c17a5ce91ed97429e6a79e2726c11c8acbbf109f12f4a8d8efcea365a5831944dc14250203010001a38201323082012e301d0603551d
EAP-Message = 0x0e04160414166b7bb5824d8888245b04f718d44f9d85d631783081fe0603551d230481f63081f38014166b7bb5824d8888245b04f718d44f9d85d63178a181cfa481cc3081c9310b3009060355040613025553310e300c060355040813055465786173311330110603550407130a47656f726765746f776e3120301e060355040a1317536f7574687765737465726e20556e6976657273697479311e301c060355040b1315495453202d20536572766572204469766973696f6e3129302706035504031320536f7574687765737465726e20556e6976657273697479202d205241444955533128302606092a864886f70d010901161973797361646d69
EAP-Message = 0x6e40736f7574687765737465726e2e656475820900b4
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x2509db5459d6466c777ef4f8e39fe7bc
Finished request 3
Going to the next request
Waking up in 4 seconds...
rad_recv: Access-Request packet from host 192.168.1.249:1645, id=208, length=149
User-Name = "\\test"
Framed-MTU = 1400
Called-Station-Id = "0014.691e.dee0"
Calling-Station-Id = "000e.35b5.eb8f"
Service-Type = Login-User
Message-Authenticator = 0xdbea76e625c3741e8a7a40e97aab42c3
EAP-Message = 0x020400061500
NAS-Port-Type = Wireless-802.11
NAS-Port = 5110
State = 0x2509db5459d6466c777ef4f8e39fe7bc
NAS-IP-Address = 192.168.1.249
NAS-Identifier = "freeradius1100"
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 4
modcall[authorize]: module "preprocess" returns ok for request 4
radius_xlat: '/var/log/radacct/slc-int-1-249.southwestern.edu/auth-detail-20050707'
rlm_detail: /var/log/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d expands to /var/log/radacct/slc-int-1-249.southwestern.edu/auth-detail-20050707
modcall[authorize]: module "auth_log" returns ok for request 4
modcall[authorize]: module "chap" returns noop for request 4
modcall[authorize]: module "mschap" returns noop for request 4
rlm_realm: No '@' in User-Name = "\test", looking up realm NULL
rlm_realm: No such realm "NULL"
modcall[authorize]: module "suffix" returns noop for request 4
rlm_eap: EAP packet type response id 4 length 6
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 4
users: Matched entry DEFAULT at line 155
modcall[authorize]: module "files" returns ok for request 4
modcall: group authorize returns updated for request 4
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 4
rlm_eap: Request found, released from the list
rlm_eap: EAP/ttls
rlm_eap: processing type ttls
rlm_eap_ttls: Authenticate
rlm_eap_tls: processing TLS
rlm_eap_tls: Received EAP-TLS ACK message
rlm_eap_tls: ack handshake fragment handler
eaptls_verify returned 1
eaptls_process returned 13
modcall[authenticate]: module "eap" returns handled for request 4
modcall: group authenticate returns handled for request 4
Sending Access-Challenge of id 208 to 192.168.1.249:1645
EAP-Message = 0x010500bb1580000004b1ffbc458a823a63300c0603551d13040530030101ff300d06092a864886f70d01010405000381810030b2ae584f5f190289bcf3451bc1d1bac6a0e9d7ad7d79857c1b68c4537677fc2cc9192f4e5a17b974bdbb514f94178847884da765e4b3f3e878e0d9083978cd799b434f25e6f7fa8047d6bef2f410919f2d54574a873f1adafb83a175ccc47d34c46113fbc80fa0942cc9b74fe4fbbfed0c632eea7a4ba04ab80913169a289216030100040e000000
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xb976af42b5c24fda517ca5a5094e5bd1
Finished request 4
Going to the next request
Waking up in 4 seconds...
rad_recv: Access-Request packet from host 192.168.1.249:1645, id=209, length=160
User-Name = "\\test"
Framed-MTU = 1400
Called-Station-Id = "0014.691e.dee0"
Calling-Station-Id = "000e.35b5.eb8f"
Service-Type = Login-User
Message-Authenticator = 0x1ed15ed6d0d7cefc891b19b23bee81de
EAP-Message = 0x0205001115800000000715030100020230
NAS-Port-Type = Wireless-802.11
NAS-Port = 5110
State = 0xb976af42b5c24fda517ca5a5094e5bd1
NAS-IP-Address = 192.168.1.249
NAS-Identifier = "freeradius1100"
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 5
modcall[authorize]: module "preprocess" returns ok for request 5
radius_xlat: '/var/log/radacct/slc-int-1-249.southwestern.edu/auth-detail-20050707'
rlm_detail: /var/log/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d expands to /var/log/radacct/slc-int-1-249.southwestern.edu/auth-detail-20050707
modcall[authorize]: module "auth_log" returns ok for request 5
modcall[authorize]: module "chap" returns noop for request 5
modcall[authorize]: module "mschap" returns noop for request 5
rlm_realm: No '@' in User-Name = "\test", looking up realm NULL
rlm_realm: No such realm "NULL"
modcall[authorize]: module "suffix" returns noop for request 5
rlm_eap: EAP packet type response id 5 length 17
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 5
users: Matched entry DEFAULT at line 155
modcall[authorize]: module "files" returns ok for request 5
modcall: group authorize returns updated for request 5
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 5
rlm_eap: Request found, released from the list
rlm_eap: EAP/ttls
rlm_eap: processing type ttls
rlm_eap_ttls: Authenticate
rlm_eap_tls: processing TLS
rlm_eap_tls: Length Included
eaptls_verify returned 11
rlm_eap_tls: <<< TLS 1.0 Alert [length 0002], fatal unknown_ca
TLS Alert read:fatal:unknown CA
TLS_accept:failed in SSLv3 read client certificate A
74089:error:14094418:SSL routines:SSL3_READ_BYTES:tlsv1 alert unknown ca:s3_pkt.c:1052:SSL alert number 48
74089:error:140940E5:SSL routines:SSL3_READ_BYTES:ssl handshake failure:s3_pkt.c:837:
rlm_eap_tls: SSL_read failed in a system call (-1), TLS session fails.
In SSL Handshake Phase
In SSL Accept mode
rlm_eap_tls: BIO_read failed in a system call (-1), TLS session fails.
eaptls_process returned 13
rlm_eap: Freeing handler
modcall[authenticate]: module "eap" returns reject for request 5
modcall: group authenticate returns reject for request 5
auth: Failed to validate the user.
Login incorrect: [\\test/<no User-Password attribute>] (from client Aironet1100 port 5110 cli 000e.35b5.eb8f)
Delaying request 5 for 1 seconds
Finished request 5
Going to the next request
Waking up in 4 seconds...
--- Walking the entire request list ---
Cleaning up request 0 ID 204 with timestamp 42ccc10c
Sending Access-Reject of id 209 to 192.168.1.249:1645
EAP-Message = 0x04050004
Message-Authenticator = 0x00000000000000000000000000000000
Waking up in 2 seconds...
rad_recv: Access-Request packet from host 192.168.1.249:1645, id=210, length=135
User-Name = "\\test"
Framed-MTU = 1400
Called-Station-Id = "0014.691e.dee0"
Calling-Station-Id = "000e.35b5.eb8f"
Service-Type = Login-User
Message-Authenticator = 0x544e7a1be19c6f73f27f99568ad64107
EAP-Message = 0x0201000a015c74657374
NAS-Port-Type = Wireless-802.11
NAS-Port = 5111
NAS-IP-Address = 192.168.1.249
NAS-Identifier = "freeradius1100"
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 6
modcall[authorize]: module "preprocess" returns ok for request 6
radius_xlat: '/var/log/radacct/slc-int-1-249.southwestern.edu/auth-detail-20050707'
rlm_detail: /var/log/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d expands to /var/log/radacct/slc-int-1-249.southwestern.edu/auth-detail-20050707
modcall[authorize]: module "auth_log" returns ok for request 6
modcall[authorize]: module "chap" returns noop for request 6
modcall[authorize]: module "mschap" returns noop for request 6
rlm_realm: No '@' in User-Name = "\test", looking up realm NULL
rlm_realm: No such realm "NULL"
modcall[authorize]: module "suffix" returns noop for request 6
rlm_eap: EAP packet type response id 1 length 10
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 6
users: Matched entry DEFAULT at line 155
modcall[authorize]: module "files" returns ok for request 6
modcall: group authorize returns updated for request 6
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 6
rlm_eap: EAP Identity
rlm_eap: processing type md5
rlm_eap_md5: Issuing Challenge
modcall[authenticate]: module "eap" returns handled for request 6
modcall: group authenticate returns handled for request 6
Sending Access-Challenge of id 210 to 192.168.1.249:1645
EAP-Message = 0x0102001604102175e07d9aa780427053303ac2cde45c
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x63ae08507e7adbd6ec0a1b963ba8ac19
Finished request 6
Going to the next request
Waking up in 2 seconds...
rad_recv: Access-Request packet from host 192.168.1.249:1645, id=211, length=149
User-Name = "\\test"
Framed-MTU = 1400
Called-Station-Id = "0014.691e.dee0"
Calling-Station-Id = "000e.35b5.eb8f"
Service-Type = Login-User
Message-Authenticator = 0x9ca188d4e2c3bacf6951c2e146d7793b
EAP-Message = 0x020200060315
NAS-Port-Type = Wireless-802.11
NAS-Port = 5111
State = 0x63ae08507e7adbd6ec0a1b963ba8ac19
NAS-IP-Address = 192.168.1.249
NAS-Identifier = "freeradius1100"
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 7
modcall[authorize]: module "preprocess" returns ok for request 7
radius_xlat: '/var/log/radacct/slc-int-1-249.southwestern.edu/auth-detail-20050707'
rlm_detail: /var/log/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d expands to /var/log/radacct/slc-int-1-249.southwestern.edu/auth-detail-20050707
modcall[authorize]: module "auth_log" returns ok for request 7
modcall[authorize]: module "chap" returns noop for request 7
modcall[authorize]: module "mschap" returns noop for request 7
rlm_realm: No '@' in User-Name = "\test", looking up realm NULL
rlm_realm: No such realm "NULL"
modcall[authorize]: module "suffix" returns noop for request 7
rlm_eap: EAP packet type response id 2 length 6
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 7
users: Matched entry DEFAULT at line 155
modcall[authorize]: module "files" returns ok for request 7
modcall: group authorize returns updated for request 7
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 7
rlm_eap: Request found, released from the list
rlm_eap: EAP NAK
rlm_eap: EAP-NAK asked for EAP-Type/ttls
rlm_eap: processing type tls
rlm_eap_tls: Initiate
rlm_eap_tls: Start returned 1
modcall[authenticate]: module "eap" returns handled for request 7
modcall: group authenticate returns handled for request 7
Sending Access-Challenge of id 211 to 192.168.1.249:1645
EAP-Message = 0x010300061520
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xd9af635c0f0a743e30cb4b7cfcb6dbb3
Finished request 7
Going to the next request
Waking up in 2 seconds...
rad_recv: Access-Request packet from host 192.168.1.249:1645, id=212, length=249
User-Name = "\\test"
Framed-MTU = 1400
Called-Station-Id = "0014.691e.dee0"
Calling-Station-Id = "000e.35b5.eb8f"
Service-Type = Login-User
Message-Authenticator = 0xa6def1b9db8aef9d09c89013ae6291cd
EAP-Message = 0x0203006a158000000060160301005b01000057030142cd0f6ecc689e8295b1c859d9fa1226f5b025ac75bb01b1c1d27fc659c6a89500003000390038003500160013000a00330032002f0066000500040065006400630062006000150012000900140011000800030100
NAS-Port-Type = Wireless-802.11
NAS-Port = 5111
State = 0xd9af635c0f0a743e30cb4b7cfcb6dbb3
NAS-IP-Address = 192.168.1.249
NAS-Identifier = "freeradius1100"
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 8
modcall[authorize]: module "preprocess" returns ok for request 8
radius_xlat: '/var/log/radacct/slc-int-1-249.southwestern.edu/auth-detail-20050707'
rlm_detail: /var/log/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d expands to /var/log/radacct/slc-int-1-249.southwestern.edu/auth-detail-20050707
modcall[authorize]: module "auth_log" returns ok for request 8
modcall[authorize]: module "chap" returns noop for request 8
modcall[authorize]: module "mschap" returns noop for request 8
rlm_realm: No '@' in User-Name = "\test", looking up realm NULL
rlm_realm: No such realm "NULL"
modcall[authorize]: module "suffix" returns noop for request 8
rlm_eap: EAP packet type response id 3 length 106
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 8
users: Matched entry DEFAULT at line 155
modcall[authorize]: module "files" returns ok for request 8
modcall: group authorize returns updated for request 8
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 8
rlm_eap: Request found, released from the list
rlm_eap: EAP/ttls
rlm_eap: processing type ttls
rlm_eap_ttls: Authenticate
rlm_eap_tls: processing TLS
rlm_eap_tls: Length Included
eaptls_verify returned 11
(other): before/accept initialization
TLS_accept: before/accept initialization
rlm_eap_tls: <<< TLS 1.0 Handshake [length 005b], ClientHello
TLS_accept: SSLv3 read client hello A
rlm_eap_tls: >>> TLS 1.0 Handshake [length 004a], ServerHello
TLS_accept: SSLv3 write server hello A
rlm_eap_tls: >>> TLS 1.0 Handshake [length 0454], Certificate
TLS_accept: SSLv3 write certificate A
rlm_eap_tls: >>> TLS 1.0 Handshake [length 0004], ServerHelloDone
TLS_accept: SSLv3 write server done A
TLS_accept: SSLv3 flush data
TLS_accept:error in SSLv3 read client certificate A
In SSL Handshake Phase
In SSL Accept mode
eaptls_process returned 13
modcall[authenticate]: module "eap" returns handled for request 8
modcall: group authenticate returns handled for request 8
Sending Access-Challenge of id 212 to 192.168.1.249:1645
EAP-Message = 0x0104040a15c0000004b1160301004a02000046030142ccc1121988c9add3c5d8fe81cf66d5b075cdd1eb288ce2abcaef53a530f9b5205b04e5b1f6ba59f700f87ecb2710de52422884b1f67ea9fefce9b3350df8c17f00350016030104540b00045000044d00044a30820446308203afa003020102020900b4ffbc458a823a63300d06092a864886f70d01010405003081c9310b3009060355040613025553310e300c060355040813055465786173311330110603550407130a47656f726765746f776e3120301e060355040a1317536f7574687765737465726e20556e6976657273697479311e301c060355040b1315495453202d20536572766572
EAP-Message = 0x204469766973696f6e3129302706035504031320536f7574687765737465726e20556e6976657273697479202d205241444955533128302606092a864886f70d010901161973797361646d696e40736f7574687765737465726e2e656475301e170d3035303730363133353630335a170d3135303730343133353630335a3081c9310b3009060355040613025553310e300c060355040813055465786173311330110603550407130a47656f726765746f776e3120301e060355040a1317536f7574687765737465726e20556e6976657273697479311e301c060355040b1315495453202d20536572766572204469766973696f6e3129302706035504
EAP-Message = 0x031320536f7574687765737465726e20556e6976657273697479202d205241444955533128302606092a864886f70d010901161973797361646d696e40736f7574687765737465726e2e65647530819f300d06092a864886f70d010101050003818d0030818902818100952a6e25e986e7297e0fe23d8ab71a410a827faeed95c076d4bb558f46790b556c13bb40cb082da6776bcad9d70c884d7f831dce00b984cc2c1818a744c529c21a9fb708244e09ef55c7edc2c063659d0ab8f2948bcf9e98c862460023c17a5ce91ed97429e6a79e2726c11c8acbbf109f12f4a8d8efcea365a5831944dc14250203010001a38201323082012e301d0603551d
EAP-Message = 0x0e04160414166b7bb5824d8888245b04f718d44f9d85d631783081fe0603551d230481f63081f38014166b7bb5824d8888245b04f718d44f9d85d63178a181cfa481cc3081c9310b3009060355040613025553310e300c060355040813055465786173311330110603550407130a47656f726765746f776e3120301e060355040a1317536f7574687765737465726e20556e6976657273697479311e301c060355040b1315495453202d20536572766572204469766973696f6e3129302706035504031320536f7574687765737465726e20556e6976657273697479202d205241444955533128302606092a864886f70d010901161973797361646d69
EAP-Message = 0x6e40736f7574687765737465726e2e656475820900b4
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x164cf9a732e840475264604a9e01de91
Finished request 8
Going to the next request
Waking up in 2 seconds...
rad_recv: Access-Request packet from host 192.168.1.249:1645, id=213, length=149
User-Name = "\\test"
Framed-MTU = 1400
Called-Station-Id = "0014.691e.dee0"
Calling-Station-Id = "000e.35b5.eb8f"
Service-Type = Login-User
Message-Authenticator = 0x2709d031c3b73506b88e0453e2ec0c39
EAP-Message = 0x020400061500
NAS-Port-Type = Wireless-802.11
NAS-Port = 5111
State = 0x164cf9a732e840475264604a9e01de91
NAS-IP-Address = 192.168.1.249
NAS-Identifier = "freeradius1100"
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 9
modcall[authorize]: module "preprocess" returns ok for request 9
radius_xlat: '/var/log/radacct/slc-int-1-249.southwestern.edu/auth-detail-20050707'
rlm_detail: /var/log/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d expands to /var/log/radacct/slc-int-1-249.southwestern.edu/auth-detail-20050707
modcall[authorize]: module "auth_log" returns ok for request 9
modcall[authorize]: module "chap" returns noop for request 9
modcall[authorize]: module "mschap" returns noop for request 9
rlm_realm: No '@' in User-Name = "\test", looking up realm NULL
rlm_realm: No such realm "NULL"
modcall[authorize]: module "suffix" returns noop for request 9
rlm_eap: EAP packet type response id 4 length 6
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 9
users: Matched entry DEFAULT at line 155
modcall[authorize]: module "files" returns ok for request 9
modcall: group authorize returns updated for request 9
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 9
rlm_eap: Request found, released from the list
rlm_eap: EAP/ttls
rlm_eap: processing type ttls
rlm_eap_ttls: Authenticate
rlm_eap_tls: processing TLS
rlm_eap_tls: Received EAP-TLS ACK message
rlm_eap_tls: ack handshake fragment handler
eaptls_verify returned 1
eaptls_process returned 13
modcall[authenticate]: module "eap" returns handled for request 9
modcall: group authenticate returns handled for request 9
Sending Access-Challenge of id 213 to 192.168.1.249:1645
EAP-Message = 0x010500bb1580000004b1ffbc458a823a63300c0603551d13040530030101ff300d06092a864886f70d01010405000381810030b2ae584f5f190289bcf3451bc1d1bac6a0e9d7ad7d79857c1b68c4537677fc2cc9192f4e5a17b974bdbb514f94178847884da765e4b3f3e878e0d9083978cd799b434f25e6f7fa8047d6bef2f410919f2d54574a873f1adafb83a175ccc47d34c46113fbc80fa0942cc9b74fe4fbbfed0c632eea7a4ba04ab80913169a289216030100040e000000
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x473d358960d6204ce25ca24599a0f7f7
Finished request 9
Going to the next request
Waking up in 2 seconds...
rad_recv: Access-Request packet from host 192.168.1.249:1645, id=214, length=160
User-Name = "\\test"
Framed-MTU = 1400
Called-Station-Id = "0014.691e.dee0"
Calling-Station-Id = "000e.35b5.eb8f"
Service-Type = Login-User
Message-Authenticator = 0xe05d2ac8b90eacb717ad47ed3afe6f8c
EAP-Message = 0x0205001115800000000715030100020230
NAS-Port-Type = Wireless-802.11
NAS-Port = 5111
State = 0x473d358960d6204ce25ca24599a0f7f7
NAS-IP-Address = 192.168.1.249
NAS-Identifier = "freeradius1100"
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 10
modcall[authorize]: module "preprocess" returns ok for request 10
radius_xlat: '/var/log/radacct/slc-int-1-249.southwestern.edu/auth-detail-20050707'
rlm_detail: /var/log/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d expands to /var/log/radacct/slc-int-1-249.southwestern.edu/auth-detail-20050707
modcall[authorize]: module "auth_log" returns ok for request 10
modcall[authorize]: module "chap" returns noop for request 10
modcall[authorize]: module "mschap" returns noop for request 10
rlm_realm: No '@' in User-Name = "\test", looking up realm NULL
rlm_realm: No such realm "NULL"
modcall[authorize]: module "suffix" returns noop for request 10
rlm_eap: EAP packet type response id 5 length 17
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 10
users: Matched entry DEFAULT at line 155
modcall[authorize]: module "files" returns ok for request 10
modcall: group authorize returns updated for request 10
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 10
rlm_eap: Request found, released from the list
rlm_eap: EAP/ttls
rlm_eap: processing type ttls
rlm_eap_ttls: Authenticate
rlm_eap_tls: processing TLS
rlm_eap_tls: Length Included
eaptls_verify returned 11
rlm_eap_tls: <<< TLS 1.0 Alert [length 0002], fatal unknown_ca
TLS Alert read:fatal:unknown CA
TLS_accept:failed in SSLv3 read client certificate A
74089:error:14094418:SSL routines:SSL3_READ_BYTES:tlsv1 alert unknown ca:s3_pkt.c:1052:SSL alert number 48
74089:error:140940E5:SSL routines:SSL3_READ_BYTES:ssl handshake failure:s3_pkt.c:837:
rlm_eap_tls: SSL_read failed in a system call (-1), TLS session fails.
In SSL Handshake Phase
In SSL Accept mode
rlm_eap_tls: BIO_read failed in a system call (-1), TLS session fails.
eaptls_process returned 13
rlm_eap: Freeing handler
modcall[authenticate]: module "eap" returns reject for request 10
modcall: group authenticate returns reject for request 10
auth: Failed to validate the user.
Login incorrect: [\\test/<no User-Password attribute>] (from client Aironet1100 port 5111 cli 000e.35b5.eb8f)
Delaying request 10 for 1 seconds
Finished request 10
Going to the next request
Waking up in 2 seconds...
--- Walking the entire request list ---
Cleaning up request 1 ID 205 with timestamp 42ccc10e
Cleaning up request 2 ID 206 with timestamp 42ccc10e
Cleaning up request 3 ID 207 with timestamp 42ccc10e
Cleaning up request 4 ID 208 with timestamp 42ccc10e
Cleaning up request 5 ID 209 with timestamp 42ccc10e
Sending Access-Reject of id 214 to 192.168.1.249:1645
EAP-Message = 0x04050004
Message-Authenticator = 0x00000000000000000000000000000000
Waking up in 4 seconds...
rad_recv: Access-Request packet from host 192.168.1.249:1645, id=215, length=135
User-Name = "\\test"
Framed-MTU = 1400
Called-Station-Id = "0014.691e.dee0"
Calling-Station-Id = "000e.35b5.eb8f"
Service-Type = Login-User
Message-Authenticator = 0x9b1598a18cc60ddc9fd92daaf7b78b3b
EAP-Message = 0x0201000a015c74657374
NAS-Port-Type = Wireless-802.11
NAS-Port = 5112
NAS-IP-Address = 192.168.1.249
NAS-Identifier = "freeradius1100"
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 11
modcall[authorize]: module "preprocess" returns ok for request 11
radius_xlat: '/var/log/radacct/slc-int-1-249.southwestern.edu/auth-detail-20050707'
rlm_detail: /var/log/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d expands to /var/log/radacct/slc-int-1-249.southwestern.edu/auth-detail-20050707
modcall[authorize]: module "auth_log" returns ok for request 11
modcall[authorize]: module "chap" returns noop for request 11
modcall[authorize]: module "mschap" returns noop for request 11
rlm_realm: No '@' in User-Name = "\test", looking up realm NULL
rlm_realm: No such realm "NULL"
modcall[authorize]: module "suffix" returns noop for request 11
rlm_eap: EAP packet type response id 1 length 10
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 11
users: Matched entry DEFAULT at line 155
modcall[authorize]: module "files" returns ok for request 11
modcall: group authorize returns updated for request 11
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 11
rlm_eap: EAP Identity
rlm_eap: processing type md5
rlm_eap_md5: Issuing Challenge
modcall[authenticate]: module "eap" returns handled for request 11
modcall: group authenticate returns handled for request 11
Sending Access-Challenge of id 215 to 192.168.1.249:1645
EAP-Message = 0x010200160410ae56ef5b513719784eb029ef161e3834
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x47b6bb0eb7cb3629f5209d838c9cb2bb
Finished request 11
Going to the next request
Waking up in 4 seconds...
rad_recv: Access-Request packet from host 192.168.1.249:1645, id=216, length=149
User-Name = "\\test"
Framed-MTU = 1400
Called-Station-Id = "0014.691e.dee0"
Calling-Station-Id = "000e.35b5.eb8f"
Service-Type = Login-User
Message-Authenticator = 0xf8cbc78444e069e76dcfdc85d3d68e1c
EAP-Message = 0x020200060315
NAS-Port-Type = Wireless-802.11
NAS-Port = 5112
State = 0x47b6bb0eb7cb3629f5209d838c9cb2bb
NAS-IP-Address = 192.168.1.249
NAS-Identifier = "freeradius1100"
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 12
modcall[authorize]: module "preprocess" returns ok for request 12
radius_xlat: '/var/log/radacct/slc-int-1-249.southwestern.edu/auth-detail-20050707'
rlm_detail: /var/log/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d expands to /var/log/radacct/slc-int-1-249.southwestern.edu/auth-detail-20050707
modcall[authorize]: module "auth_log" returns ok for request 12
modcall[authorize]: module "chap" returns noop for request 12
modcall[authorize]: module "mschap" returns noop for request 12
rlm_realm: No '@' in User-Name = "\test", looking up realm NULL
rlm_realm: No such realm "NULL"
modcall[authorize]: module "suffix" returns noop for request 12
rlm_eap: EAP packet type response id 2 length 6
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 12
users: Matched entry DEFAULT at line 155
modcall[authorize]: module "files" returns ok for request 12
modcall: group authorize returns updated for request 12
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 12
rlm_eap: Request found, released from the list
rlm_eap: EAP NAK
rlm_eap: EAP-NAK asked for EAP-Type/ttls
rlm_eap: processing type tls
rlm_eap_tls: Initiate
rlm_eap_tls: Start returned 1
modcall[authenticate]: module "eap" returns handled for request 12
modcall: group authenticate returns handled for request 12
Sending Access-Challenge of id 216 to 192.168.1.249:1645
EAP-Message = 0x010300061520
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xcefd256444122da46c97de73b47f9968
Finished request 12
Going to the next request
Waking up in 4 seconds...
rad_recv: Access-Request packet from host 192.168.1.249:1645, id=217, length=249
User-Name = "\\test"
Framed-MTU = 1400
Called-Station-Id = "0014.691e.dee0"
Calling-Station-Id = "000e.35b5.eb8f"
Service-Type = Login-User
Message-Authenticator = 0xeee120ea8fb84b5b68ba7b01669c1a90
EAP-Message = 0x0203006a158000000060160301005b01000057030142cd0f70429a566d1ac989f1550ae3a440b7d4e9db1779f5e5288babe6e987cd00003000390038003500160013000a00330032002f0066000500040065006400630062006000150012000900140011000800030100
NAS-Port-Type = Wireless-802.11
NAS-Port = 5112
State = 0xcefd256444122da46c97de73b47f9968
NAS-IP-Address = 192.168.1.249
NAS-Identifier = "freeradius1100"
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 13
modcall[authorize]: module "preprocess" returns ok for request 13
radius_xlat: '/var/log/radacct/slc-int-1-249.southwestern.edu/auth-detail-20050707'
rlm_detail: /var/log/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d expands to /var/log/radacct/slc-int-1-249.southwestern.edu/auth-detail-20050707
modcall[authorize]: module "auth_log" returns ok for request 13
modcall[authorize]: module "chap" returns noop for request 13
modcall[authorize]: module "mschap" returns noop for request 13
rlm_realm: No '@' in User-Name = "\test", looking up realm NULL
rlm_realm: No such realm "NULL"
modcall[authorize]: module "suffix" returns noop for request 13
rlm_eap: EAP packet type response id 3 length 106
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 13
users: Matched entry DEFAULT at line 155
modcall[authorize]: module "files" returns ok for request 13
modcall: group authorize returns updated for request 13
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 13
rlm_eap: Request found, released from the list
rlm_eap: EAP/ttls
rlm_eap: processing type ttls
rlm_eap_ttls: Authenticate
rlm_eap_tls: processing TLS
rlm_eap_tls: Length Included
eaptls_verify returned 11
(other): before/accept initialization
TLS_accept: before/accept initialization
rlm_eap_tls: <<< TLS 1.0 Handshake [length 005b], ClientHello
TLS_accept: SSLv3 read client hello A
rlm_eap_tls: >>> TLS 1.0 Handshake [length 004a], ServerHello
TLS_accept: SSLv3 write server hello A
rlm_eap_tls: >>> TLS 1.0 Handshake [length 0454], Certificate
TLS_accept: SSLv3 write certificate A
rlm_eap_tls: >>> TLS 1.0 Handshake [length 0004], ServerHelloDone
TLS_accept: SSLv3 write server done A
TLS_accept: SSLv3 flush data
TLS_accept:error in SSLv3 read client certificate A
In SSL Handshake Phase
In SSL Accept mode
eaptls_process returned 13
modcall[authenticate]: module "eap" returns handled for request 13
modcall: group authenticate returns handled for request 13
Sending Access-Challenge of id 217 to 192.168.1.249:1645
EAP-Message = 0x0104040a15c0000004b1160301004a02000046030142ccc114fe81831a72e96a50f4c01c76f5410e5a4bdd3403910a23fe69681500209efd56cbe5f05cf20e7379e49dcef61940bbda94da905fbc49ee2f9f955b579000350016030104540b00045000044d00044a30820446308203afa003020102020900b4ffbc458a823a63300d06092a864886f70d01010405003081c9310b3009060355040613025553310e300c060355040813055465786173311330110603550407130a47656f726765746f776e3120301e060355040a1317536f7574687765737465726e20556e6976657273697479311e301c060355040b1315495453202d20536572766572
EAP-Message = 0x204469766973696f6e3129302706035504031320536f7574687765737465726e20556e6976657273697479202d205241444955533128302606092a864886f70d010901161973797361646d696e40736f7574687765737465726e2e656475301e170d3035303730363133353630335a170d3135303730343133353630335a3081c9310b3009060355040613025553310e300c060355040813055465786173311330110603550407130a47656f726765746f776e3120301e060355040a1317536f7574687765737465726e20556e6976657273697479311e301c060355040b1315495453202d20536572766572204469766973696f6e3129302706035504
EAP-Message = 0x031320536f7574687765737465726e20556e6976657273697479202d205241444955533128302606092a864886f70d010901161973797361646d696e40736f7574687765737465726e2e65647530819f300d06092a864886f70d010101050003818d0030818902818100952a6e25e986e7297e0fe23d8ab71a410a827faeed95c076d4bb558f46790b556c13bb40cb082da6776bcad9d70c884d7f831dce00b984cc2c1818a744c529c21a9fb708244e09ef55c7edc2c063659d0ab8f2948bcf9e98c862460023c17a5ce91ed97429e6a79e2726c11c8acbbf109f12f4a8d8efcea365a5831944dc14250203010001a38201323082012e301d0603551d
EAP-Message = 0x0e04160414166b7bb5824d8888245b04f718d44f9d85d631783081fe0603551d230481f63081f38014166b7bb5824d8888245b04f718d44f9d85d63178a181cfa481cc3081c9310b3009060355040613025553310e300c060355040813055465786173311330110603550407130a47656f726765746f776e3120301e060355040a1317536f7574687765737465726e20556e6976657273697479311e301c060355040b1315495453202d20536572766572204469766973696f6e3129302706035504031320536f7574687765737465726e20556e6976657273697479202d205241444955533128302606092a864886f70d010901161973797361646d69
EAP-Message = 0x6e40736f7574687765737465726e2e656475820900b4
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xab124225e8f965bd03e617abbd82f8fa
Finished request 13
Going to the next request
Waking up in 4 seconds...
rad_recv: Access-Request packet from host 192.168.1.249:1645, id=218, length=149
User-Name = "\\test"
Framed-MTU = 1400
Called-Station-Id = "0014.691e.dee0"
Calling-Station-Id = "000e.35b5.eb8f"
Service-Type = Login-User
Message-Authenticator = 0x0e840d4a507bc45feebe4dd29d555499
EAP-Message = 0x020400061500
NAS-Port-Type = Wireless-802.11
NAS-Port = 5112
State = 0xab124225e8f965bd03e617abbd82f8fa
NAS-IP-Address = 192.168.1.249
NAS-Identifier = "freeradius1100"
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 14
modcall[authorize]: module "preprocess" returns ok for request 14
radius_xlat: '/var/log/radacct/slc-int-1-249.southwestern.edu/auth-detail-20050707'
rlm_detail: /var/log/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d expands to /var/log/radacct/slc-int-1-249.southwestern.edu/auth-detail-20050707
modcall[authorize]: module "auth_log" returns ok for request 14
modcall[authorize]: module "chap" returns noop for request 14
modcall[authorize]: module "mschap" returns noop for request 14
rlm_realm: No '@' in User-Name = "\test", looking up realm NULL
rlm_realm: No such realm "NULL"
modcall[authorize]: module "suffix" returns noop for request 14
rlm_eap: EAP packet type response id 4 length 6
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 14
users: Matched entry DEFAULT at line 155
modcall[authorize]: module "files" returns ok for request 14
modcall: group authorize returns updated for request 14
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 14
rlm_eap: Request found, released from the list
rlm_eap: EAP/ttls
rlm_eap: processing type ttls
rlm_eap_ttls: Authenticate
rlm_eap_tls: processing TLS
rlm_eap_tls: Received EAP-TLS ACK message
rlm_eap_tls: ack handshake fragment handler
eaptls_verify returned 1
eaptls_process returned 13
modcall[authenticate]: module "eap" returns handled for request 14
modcall: group authenticate returns handled for request 14
Sending Access-Challenge of id 218 to 192.168.1.249:1645
EAP-Message = 0x010500bb1580000004b1ffbc458a823a63300c0603551d13040530030101ff300d06092a864886f70d01010405000381810030b2ae584f5f190289bcf3451bc1d1bac6a0e9d7ad7d79857c1b68c4537677fc2cc9192f4e5a17b974bdbb514f94178847884da765e4b3f3e878e0d9083978cd799b434f25e6f7fa8047d6bef2f410919f2d54574a873f1adafb83a175ccc47d34c46113fbc80fa0942cc9b74fe4fbbfed0c632eea7a4ba04ab80913169a289216030100040e000000
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xbb33623ddc8707a12f36fa8892364757
Finished request 14
Going to the next request
Waking up in 4 seconds...
rad_recv: Access-Request packet from host 192.168.1.249:1645, id=219, length=160
User-Name = "\\test"
Framed-MTU = 1400
Called-Station-Id = "0014.691e.dee0"
Calling-Station-Id = "000e.35b5.eb8f"
Service-Type = Login-User
Message-Authenticator = 0xf394bff1a421b25724d257be2378166e
EAP-Message = 0x0205001115800000000715030100020230
NAS-Port-Type = Wireless-802.11
NAS-Port = 5112
State = 0xbb33623ddc8707a12f36fa8892364757
NAS-IP-Address = 192.168.1.249
NAS-Identifier = "freeradius1100"
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 15
modcall[authorize]: module "preprocess" returns ok for request 15
radius_xlat: '/var/log/radacct/slc-int-1-249.southwestern.edu/auth-detail-20050707'
rlm_detail: /var/log/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d expands to /var/log/radacct/slc-int-1-249.southwestern.edu/auth-detail-20050707
modcall[authorize]: module "auth_log" returns ok for request 15
modcall[authorize]: module "chap" returns noop for request 15
modcall[authorize]: module "mschap" returns noop for request 15
rlm_realm: No '@' in User-Name = "\test", looking up realm NULL
rlm_realm: No such realm "NULL"
modcall[authorize]: module "suffix" returns noop for request 15
rlm_eap: EAP packet type response id 5 length 17
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 15
users: Matched entry DEFAULT at line 155
modcall[authorize]: module "files" returns ok for request 15
modcall: group authorize returns updated for request 15
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 15
rlm_eap: Request found, released from the list
rlm_eap: EAP/ttls
rlm_eap: processing type ttls
rlm_eap_ttls: Authenticate
rlm_eap_tls: processing TLS
rlm_eap_tls: Length Included
eaptls_verify returned 11
rlm_eap_tls: <<< TLS 1.0 Alert [length 0002], fatal unknown_ca
TLS Alert read:fatal:unknown CA
TLS_accept:failed in SSLv3 read client certificate A
74089:error:14094418:SSL routines:SSL3_READ_BYTES:tlsv1 alert unknown ca:s3_pkt.c:1052:SSL alert number 48
74089:error:140940E5:SSL routines:SSL3_READ_BYTES:ssl handshake failure:s3_pkt.c:837:
rlm_eap_tls: SSL_read failed in a system call (-1), TLS session fails.
In SSL Handshake Phase
In SSL Accept mode
rlm_eap_tls: BIO_read failed in a system call (-1), TLS session fails.
eaptls_process returned 13
rlm_eap: Freeing handler
modcall[authenticate]: module "eap" returns reject for request 15
modcall: group authenticate returns reject for request 15
auth: Failed to validate the user.
Login incorrect: [\\test/<no User-Password attribute>] (from client Aironet1100 port 5112 cli 000e.35b5.eb8f)
Delaying request 15 for 1 seconds
Finished request 15
Going to the next request
Waking up in 4 seconds...
---
My questions are the following:
- I choose EAP-TTLS because the client needs no additional certificates,
and it works well under Windows as it does under Mac.
User-Name = "\\test"
Why am I seeing \\username, instead of just username? Does this
have something to do with "Roaming Profile"? If it does, how do
I disable roaming profile from within the XP 802.1x authentication
dialog. Can this be corrected with a better understanding of how
to strip usernames?
Using radtest generates a Request-Accept packet, working fine.
- I created my SSL cert using CA.pl (prior use was with CA.all).
I am using a self signed cert. Why do I see the following:
TLS Alert read:fatal:unknown CA
TLS_accept:failed in SSLv3 read client certificate A
74089:error:14094418:SSL routines:SSL3_READ_BYTES:tlsv1 alert unknown ca:s3_pkt.c:1052:SSL alert number 48
74089:error:140940E5:SSL routines:SSL3_READ_BYTES:ssl handshake failure:s3_pkt.c:837:
rlm_eap_tls: SSL_read failed in a system call (-1), TLS session fails.
In SSL Handshake Phase
In SSL Accept mode
Is there a way to disable the validation of a CA in the built-in
XP supplicant 802.1x authentication dialog? Is that what is causing
my problem, a non-trusted CA certificate?
Sincerely,
--johnk
----- End forwarded message -----
--
2
1
Hi all!
I am trying to authenticate against a smbpasswd file with
freeradius-1.0.1 on a fedora core 3 machine.
When I start radius in debug mode, it shows me that authentication is
progressing perfect (modcall: group authorize returns ok for request
0)
However it still returns a accept-reject package.
I have the funny feeling I did miss a line somewhere in the radius.conf file.
Here is the console output. btw I started radius with with
# radiusd -sfxxyz -l stdout
Starting - reading configuration files ...
reread_config: reading radiusd.conf
Config: including file: /etc/raddb/clients.conf
Config: including file: /etc/raddb/eap.conf
Config: including file: /etc/raddb/sql.conf
main: prefix = "/usr"
main: localstatedir = "/var"
main: logdir = "/var/log/radius"
main: libdir = "/usr/lib"
main: radacctdir = "/var/log/radius/radacct"
main: hostname_lookups = no
main: max_request_time = 30
main: cleanup_delay = 5
main: max_requests = 1024
main: delete_blocked_requests = 0
main: port = 0
main: allow_core_dumps = no
main: log_stripped_names = yes
main: log_file = "/var/log/radius/radius.log"
main: log_auth = yes
main: log_auth_badpass = yes
main: log_auth_goodpass = yes
main: pidfile = "/var/run/radiusd/radiusd.pid"
main: user = "radiusd"
main: group = "radiusd"
main: usercollide = no
main: lower_user = "no"
main: lower_pass = "no"
main: nospace_user = "no"
main: nospace_pass = "no"
main: checkrad = "/usr/sbin/checkrad"
main: proxy_requests = no
security: max_attributes = 200
security: reject_delay = 1
security: status_server = no
main: debug_level = 0
read_config_files: reading dictionary
read_config_files: reading naslist
Using deprecated naslist file. Support for this will go away soon.
read_config_files: reading clients
read_config_files: reading realms
radiusd: entering modules setup
Module: Library search path is /usr/lib
Module: Loaded exec
exec: wait = yes
exec: program = "(null)"
exec: input_pairs = "request"
exec: output_pairs = "(null)"
exec: packet_type = "(null)"
rlm_exec: Wait=yes but no output defined. Did you mean output=none?
Module: Instantiated exec (exec)
Module: Loaded expr
Module: Instantiated expr (expr)
Module: Loaded MS-CHAP
mschap: use_mppe = yes
mschap: require_encryption = no
mschap: require_strong = no
mschap: with_ntdomain_hack = no
mschap: passwd = "(null)"
mschap: authtype = "MS-CHAP"
mschap: ntlm_auth = "(null)"
Module: Instantiated mschap (mschap)
Module: Loaded DIGEST
Module: Instantiated digest (digest)
Module: Loaded System
unix: cache = no
unix: passwd = "(null)"
unix: shadow = "/etc/shadow"
unix: group = "(null)"
unix: radwtmp = "/var/log/radius/radwtmp"
unix: usegroup = no
unix: cache_reload = 600
Module: Instantiated unix (unix)
Module: Loaded eap
eap: default_eap_type = "md5"
eap: timer_expire = 60
eap: ignore_unknown_eap_types = no
eap: cisco_accounting_username_bug = no
rlm_eap: Loaded and initialized type md5
rlm_eap: Loaded and initialized type leap
gtc: challenge = "Password: "
gtc: auth_type = "PAP"
rlm_eap: Loaded and initialized type gtc
mschapv2: with_ntdomain_hack = no
rlm_eap: Loaded and initialized type mschapv2
Module: Instantiated eap (eap)
Module: Loaded preprocess
preprocess: huntgroups = "/etc/raddb/huntgroups"
preprocess: hints = "/etc/raddb/hints"
preprocess: with_ascend_hack = no
preprocess: ascend_channels_per_line = 23
preprocess: with_ntdomain_hack = no
preprocess: with_specialix_jetstream_hack = no
preprocess: with_cisco_vsa_hack = no
Module: Instantiated preprocess (preprocess)
Module: Loaded detail
detail: detailfile =
"/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d"
detail: detailperm = 384
detail: dirperm = 493
detail: locking = no
Module: Instantiated detail (auth_log)
Module: Loaded attr_filter
attr_filter: attrsfile = "/etc/raddb/attrs"
rlm_attr_filter: Authorize method will be deprecated.
Module: Instantiated attr_filter (attr_filter)
Module: Loaded files
files: usersfile = "/etc/raddb/users"
files: acctusersfile = "/etc/raddb/acct_users"
files: preproxy_usersfile = "/etc/raddb/preproxy_users"
files: compat = "no"
Module: Instantiated files (files)
Module: Loaded passwd
passwd: filename = "/etc/samba/smbpasswd"
passwd: format = "*User-Name::LM-Password:NT-Password:SMB-Account-CTRL-TEXT::"
passwd: authtype = "MS-CHAP"
passwd: delimiter = ":"
passwd: ignorenislike = no
passwd: ignoreempty = yes
passwd: allowmultiplekeys = no
passwd: hashsize = 100
rlm_passwd: nfields: 7 keyfield 0(User-Name) listable: no
Module: Instantiated passwd (etc_smbpasswd)
Module: Loaded Acct-Unique-Session-Id
acct_unique: key = "User-Name, Acct-Session-Id, NAS-IP-Address,
Client-IP-Address, NAS-Port"
Module: Instantiated acct_unique (acct_unique)
detail: detailfile =
"/var/log/radius/radacct/%{Client-IP-Address}/detail-%Y%m%d"
detail: detailperm = 384
detail: dirperm = 493
detail: locking = no
Module: Instantiated detail (detail)
Module: Loaded radutmp
radutmp: filename = "/var/log/radius/radutmp"
radutmp: username = "%{User-Name}"
radutmp: case_sensitive = yes
radutmp: check_with_nas = yes
radutmp: perm = 384
radutmp: callerid = yes
Module: Instantiated radutmp (radutmp)
Listening on authentication *:1812
Listening on accounting *:1813
Ready to process requests.
rad_recv: Access-Request packet from host 127.0.0.1:32769, id=43, length=55
User-Name = "dkr"
User-Password = "sleutel"
NAS-IP-Address = 255.255.255.255
NAS-Port = 1
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 0
modcall[authorize]: module "preprocess" returns ok for request 0
radius_xlat: '/var/log/radius/radacct/127.0.0.1/auth-detail-20050706'
rlm_detail:
/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d
expands to /var/log/radius/radacct/127.0.0.1/auth-detail-20050706
modcall[authorize]: module "auth_log" returns ok for request 0
modcall[authorize]: module "attr_filter" returns noop for request 0
modcall[authorize]: module "mschap" returns noop for request 0
users: Matched DEFAULT at 152
modcall[authorize]: module "files" returns ok for request 0
rlm_passwd: Added LM-Password: '84ECA50B0BFCDCBEAAD3B435B51404EE' to
config_items
rlm_passwd: Added NT-Password: '6CC3E48E5B94C5FABEA360744435FBF4' to
config_items
rlm_passwd: Added SMB-Account-CTRL-TEXT: '[U ]' to config_items
rlm_passwd: Adding "Auth-Type = MS-CHAP"
modcall[authorize]: module "etc_smbpasswd" returns ok for request 0
modcall: group authorize returns ok for request 0
rad_check_password: Found Auth-Type System
auth: type "System"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 0
modcall[authenticate]: module "unix" returns notfound for request 0
modcall: group authenticate returns notfound for request 0
auth: Failed to validate the user.
Login incorrect: [dkr/sleutel] (from client localhost port 1)
Delaying request 0 for 1 seconds
Finished request 0
Going to the next request
--- Walking the entire request list ---
Waking up in 1 seconds...
--- Walking the entire request list ---
Sending Access-Reject of id 43 to 127.0.0.1:32769
Waking up in 4 seconds...
2
3
Good Day.
I used freeradius-1.0.2 and Oracle with table NAS in Oracle.
Everything was OK.
But in freeradius-snapshot-20050624 I got such error:
...................
rlm_sql (sql): - generate_sql_clients
rlm_sql (sql): Query: SELECT id,nasname,shortname,type,secret FROM nas
rlm_sql (sql): Reserving sql socket id: 14
rlm_sql (sql): nasname of length 19 is greater than the allowed maximum of 3
rlm_sql (sql): nasname of length 7 is greater than the allowed maximum of 3
rlm_sql (sql): nasname of length 19 is greater than the allowed maximum of 3
rlm_sql (sql): nasname of length 19 is greater than the allowed maximum of 3
rlm_sql (sql): nasname of length 19 is greater than the allowed maximum of 3
rlm_sql (sql): nasname of length 19 is greater than the allowed maximum of 3
rlm_sql (sql): nasname of length 21 is greater than the allowed maximum of 3
rlm_sql (sql): nasname of length 19 is greater than the allowed maximum of 3
.......................
2
1
Hi,
I would like checkrad.pl to be able to query my access
concentrator, which is running
pppoe-server (from rp-pppoe-3.5)
pppd-2.4.2
Later versions of pppd maintain a database of active PPP tunnels in
/var/run/pppd.tdb - which could be read and presented to checkrad.pl
over the network.
Has anything along these lines been done before? Is this the right way
to address the problem?
Regards,
Charlie
1
0
hi iam facing this problem will making the new build will any body help me the problem is
[root@ubikainfo freeradius-1.0.4]# make
gmake[1]: Entering directory `/root/freeradius-1.0.4'
Making all in libltdl...
gmake[2]: Entering directory `/root/freeradius-1.0.4/libltdl'
/bin/sh ./libtool --mode=compile gcc -DHAVE_CONFIG_H -I. -I. -I. -g -O2 -D_REENTRANT -D_POSIX_PTHREAD_SEMANTICS -DOPENSSL_NO_KRB5 -Wall -D_GNU_SOURCE -DNDEBUG -c ltdl.c
mkdir .libs
gcc -DHAVE_CONFIG_H -I. -I. -I. -g -O2 -D_REENTRANT -D_POSIX_PTHREAD_SEMANTICS -DOPENSSL_NO_KRB5 -Wall -D_GNU_SOURCE -DNDEBUG -c ltdl.c -fPIC -DPIC -o .libs/ltdl.lo
ltdl.c: In function `argzize_path':
ltdl.c:2109: warning: implicit declaration of function `argz_create_sep'
ltdl.c:2113: `ENOMEM' undeclared (first use in this function)
ltdl.c:2113: (Each undeclared identifier is reported only once
ltdl.c:2113: for each function it appears in.)
ltdl.c: In function `foreach_dirinpath':
[root@ubikainfo freeradius-1.0.4]# make
gmake[1]: Entering directory `/root/freeradius-1.0.4'
Making all in libltdl...
gmake[2]: Entering directory `/root/freeradius-1.0.4/libltdl'
/bin/sh ./libtool --mode=compile gcc -DHAVE_CONFIG_H -I. -I. -I. -g -O2 -D_REENTRANT -D_POSIX_PTHREAD_SEMANTICS -DOPENSSL_NO_KRB5 -Wall -D_GNU_SOURCE -DNDEBUG -c ltdl.c
rm -f .libs/ltdl.lo
gcc -DHAVE_CONFIG_H -I. -I. -I. -g -O2 -D_REENTRANT -D_POSIX_PTHREAD_SEMANTICS -DOPENSSL_NO_KRB5 -Wall -D_GNU_SOURCE -DNDEBUG -c ltdl.c -fPIC -DPIC -o .libs/ltdl.lo
ltdl.c: In function `argzize_path':
ltdl.c:2109: warning: implicit declaration of function `argz_create_sep'
ltdl.c:2113: `ENOMEM' undeclared (first use in this function)
ltdl.c:2113: (Each undeclared identifier is reported only once
ltdl.c:2113: for each function it appears in.)
ltdl.c: In function `foreach_dirinpath':
ltdl.c:2163: warning: implicit declaration of function `argz_next'
ltdl.c:2163: warning: assignment makes pointer from integer without a cast
ltdl.c: In function `lt_dlopenext':
ltdl.c:2926: warning: unused variable `file_found'
ltdl.c: In function `lt_argz_insert':
ltdl.c:3014: warning: implicit declaration of function `argz_insert'
ltdl.c:3018: `ENOMEM' undeclared (first use in this function)
ltdl.c: In function `lt_argz_insertinorder':
ltdl.c:3044: warning: assignment makes pointer from integer without a cast
ltdl.c: In function `lt_argz_insertdir':
ltdl.c:3074: dereferencing pointer to incomplete type
ltdl.c:3074: dereferencing pointer to incomplete type
ltdl.c:3079: dereferencing pointer to incomplete type
ltdl.c:3090: dereferencing pointer to incomplete type
ltdl.c:3099: dereferencing pointer to incomplete type
ltdl.c:3109: dereferencing pointer to incomplete type
ltdl.c:3109: dereferencing pointer to incomplete type
ltdl.c:3109: dereferencing pointer to incomplete type
ltdl.c:3109: dereferencing pointer to incomplete type
ltdl.c:3109: dereferencing pointer to incomplete type
ltdl.c: In function `list_files_by_dir':
ltdl.c:3127: `DIR' undeclared (first use in this function)
ltdl.c:3127: `dirp' undeclared (first use in this function)
ltdl.c:3135: warning: implicit declaration of function `opendir'
ltdl.c:3140: warning: implicit declaration of function `readdir'
ltdl.c:3140: warning: assignment makes pointer from integer without a cast
ltdl.c:3141: dereferencing pointer to incomplete type
ltdl.c:3148: warning: implicit declaration of function `closedir'
ltdl.c: In function `foreachfile_callback':
ltdl.c:3179: warning: assignment makes pointer from integer without a cast
ltdl.c: In function `lt_dlpath_insertdir':
ltdl.c:3474: warning: implicit declaration of function `argz_stringify'
gmake[2]: *** [ltdl.lo] Error 1
gmake[2]: Leaving directory `/root/freeradius-1.0.4/libltdl'
gmake[1]: *** [common] Error 2
gmake[1]: Leaving directory `/root/freeradius-1.0.4'
make: *** [all] Error 2
[root@ubikainfo freeradius-1.0.4]#
Thanks&Regards
From
Dilip.J.Mansukhani
Office no :56985070/16
1
0
hi
recently we had upgrade our radius server with the new one
but while building we are facing with this problem is anybody familar with this problem
[root@ubikainfo freeradius-1.0.4]# make
gmake[1]: Entering directory `/root/freeradius-1.0.4'
Making all in libltdl...
gmake[2]: Entering directory `/root/freeradius-1.0.4/libltdl'
/bin/sh ./libtool --mode=compile gcc -DHAVE_CONFIG_H -I. -I. -I. -g -O2 -D_REENTRANT -D_POSIX_PTHREAD_SEMANTICS -DOPENSSL_NO_KRB5 -Wall -D_GNU_SOURCE -DNDEBUG -c ltdl.c
mkdir .libs
gcc -DHAVE_CONFIG_H -I. -I. -I. -g -O2 -D_REENTRANT -D_POSIX_PTHREAD_SEMANTICS -DOPENSSL_NO_KRB5 -Wall -D_GNU_SOURCE -DNDEBUG -c ltdl.c -fPIC -DPIC -o .libs/ltdl.lo
ltdl.c: In function `argzize_path':
ltdl.c:2109: warning: implicit declaration of function `argz_create_sep'
ltdl.c:2113: `ENOMEM' undeclared (first use in this function)
ltdl.c:2113: (Each undeclared identifier is reported only once
ltdl.c:2113: for each function it appears in.)
ltdl.c: In function `foreach_dirinpath':
[root@ubikainfo freeradius-1.0.4]# make
gmake[1]: Entering directory `/root/freeradius-1.0.4'
Making all in libltdl...
gmake[2]: Entering directory `/root/freeradius-1.0.4/libltdl'
/bin/sh ./libtool --mode=compile gcc -DHAVE_CONFIG_H -I. -I. -I. -g -O2 -D_REENTRANT -D_POSIX_PTHREAD_SEMANTICS -DOPENSSL_NO_KRB5 -Wall -D_GNU_SOURCE -DNDEBUG -c ltdl.c
rm -f .libs/ltdl.lo
gcc -DHAVE_CONFIG_H -I. -I. -I. -g -O2 -D_REENTRANT -D_POSIX_PTHREAD_SEMANTICS -DOPENSSL_NO_KRB5 -Wall -D_GNU_SOURCE -DNDEBUG -c ltdl.c -fPIC -DPIC -o .libs/ltdl.lo
ltdl.c: In function `argzize_path':
ltdl.c:2109: warning: implicit declaration of function `argz_create_sep'
ltdl.c:2113: `ENOMEM' undeclared (first use in this function)
ltdl.c:2113: (Each undeclared identifier is reported only once
ltdl.c:2113: for each function it appears in.)
ltdl.c: In function `foreach_dirinpath':
ltdl.c:2163: warning: implicit declaration of function `argz_next'
ltdl.c:2163: warning: assignment makes pointer from integer without a cast
ltdl.c: In function `lt_dlopenext':
ltdl.c:2926: warning: unused variable `file_found'
ltdl.c: In function `lt_argz_insert':
ltdl.c:3014: warning: implicit declaration of function `argz_insert'
ltdl.c:3018: `ENOMEM' undeclared (first use in this function)
ltdl.c: In function `lt_argz_insertinorder':
ltdl.c:3044: warning: assignment makes pointer from integer without a cast
ltdl.c: In function `lt_argz_insertdir':
ltdl.c:3074: dereferencing pointer to incomplete type
ltdl.c:3074: dereferencing pointer to incomplete type
ltdl.c:3079: dereferencing pointer to incomplete type
ltdl.c:3090: dereferencing pointer to incomplete type
ltdl.c:3099: dereferencing pointer to incomplete type
ltdl.c:3109: dereferencing pointer to incomplete type
ltdl.c:3109: dereferencing pointer to incomplete type
ltdl.c:3109: dereferencing pointer to incomplete type
ltdl.c:3109: dereferencing pointer to incomplete type
ltdl.c:3109: dereferencing pointer to incomplete type
ltdl.c: In function `list_files_by_dir':
ltdl.c:3127: `DIR' undeclared (first use in this function)
ltdl.c:3127: `dirp' undeclared (first use in this function)
ltdl.c:3135: warning: implicit declaration of function `opendir'
ltdl.c:3140: warning: implicit declaration of function `readdir'
ltdl.c:3140: warning: assignment makes pointer from integer without a cast
ltdl.c:3141: dereferencing pointer to incomplete type
ltdl.c:3148: warning: implicit declaration of function `closedir'
ltdl.c: In function `foreachfile_callback':
ltdl.c:3179: warning: assignment makes pointer from integer without a cast
ltdl.c: In function `lt_dlpath_insertdir':
ltdl.c:3474: warning: implicit declaration of function `argz_stringify'
gmake[2]: *** [ltdl.lo] Error 1
gmake[2]: Leaving directory `/root/freeradius-1.0.4/libltdl'
gmake[1]: *** [common] Error 2
gmake[1]: Leaving directory `/root/freeradius-1.0.4'
make: *** [all] Error 2
[root@ubikainfo freeradius-1.0.4]#
Thanks and regard
dilip
Thanks&Regards
From
Dilip.J.Mansukhani
Office no :56985070/16
1
0
I got my Freeradius install ( 1.04 ) authing against a MySQL DB and using
dialup_admin to add , delete and administer user accounts.
My question , my upstream asks that I return the following replies on
authorization ..
>>>ADSL Profiles
>>>
>>>You need to return one of two profiles for ADSL users depending on their
>>>'capped' state. For normal (not-capped) users the follwing attributes
>>>must be returned in Access-Accepts:
>>>
>>>Cisco-AVPair = "ip:ip-unnumbered=Loopback50"
>>>Cisco-AVPair = "ip:addr-pool=ipnetpool1"
>>>Service-Type = Framed-User
>>>Framed-Protocol = PPP
>>>
>>>For 'capped' users return the following set:
>>>
>>>Cisco-AVPair = "ip:ip-unnumbered=Loopback51"
>>>Cisco-AVPair = "ip:addr-pool=ipnetpool2"
>>>Service-Type = Framed-User
>>>Framed-Protocol = PPP
>>>
>>>For 'unshaped dsl' return the following set:
>>>Cisco-AVPair = "ip:ip-unnumbered=Loopback52"
>>>Cisco-AVPair = "ip:addr-pool=ipnetpool3"
>>>Service-Type = Framed-User
>>>Framed-Protocol = PPP
I do have an option to use old redback profiles ) but they are not supported
any longer and it is preferred that I use the VSA's ...
Redback for uncapped dsl ....
Ip-Address-Pool-Name = ipnetsubs2
Service-Type = Framed-User
Framed-Protocol = PPP
Redback for capped dsl ...
Ip-Address-Pool-Name = ipnetsubs3
Service-Type = Framed-User
Framed-Protocol = PPP
The only place I can think of to define this is either in the hints file in
the /usr/local/etc/raddb dir OR in the sql database tables , being either
radcheck , radgroupreply , radpostauth
In including this in the radcheck and radgroupreply tables and when I auth
against the radius service , I fail to get the correct attributes back upon
authentication BUT the usernames do auth ..
Anyone have any ideas ..
1
0
Hi all!
I have a segmentation fault and it scares me. I have attached the output
of radiusd -X with this e-mail.
It is not because the database is not there because when I connect to it
"manually" it works.
Is is permission issues? Is it a driver problem?
Thanks for any help I can get!
--Vicky
Starting - reading configuration files ...
reread_config: reading radiusd.conf
Config: including file: /opt/freeradius/etc/raddb/proxy.conf
Config: including file: /opt/freeradius/etc/raddb/trs_proxy.conf
Config: including file: /opt/freeradius/etc/raddb/clients.conf
Config: including file: /opt/freeradius/etc/raddb/trs_clients.conf
Config: including file: /opt/freeradius/etc/raddb/snmp.conf
Config: including file: /opt/freeradius/etc/raddb/sqlcounter.conf
Config: including file: /opt/freeradius/etc/raddb/eap.conf
Config: including file: /opt/freeradius/etc/raddb/sql.conf
main: prefix = "/opt/freeradius"
main: localstatedir = "/opt/freeradius/var"
main: logdir = "/opt/freeradius/var/log/radius"
main: libdir = "/opt/freeradius/lib"
main: radacctdir = "/opt/freeradius/var/log/radius/radacct"
main: hostname_lookups = no
main: max_request_time = 30
main: cleanup_delay = 5
main: max_requests = 1024
main: delete_blocked_requests = 0
main: port = 0
main: allow_core_dumps = no
main: log_stripped_names = no
main: log_file = "/opt/freeradius/var/log/radius/radius.log"
main: log_auth = yes
main: log_auth_badpass = yes
main: log_auth_goodpass = no
main: pidfile = "/opt/freeradius/var/run/radiusd/radiusd.pid"
main: user = "trustive"
main: group = "trustive"
main: usercollide = no
main: lower_user = "no"
main: lower_pass = "no"
main: nospace_user = "no"
main: nospace_pass = "no"
main: checkrad = "/opt/freeradius/sbin/checkrad"
main: proxy_requests = yes
proxy: retry_delay = 5
proxy: retry_count = 3
proxy: synchronous = no
proxy: default_fallback = yes
proxy: dead_time = 120
proxy: post_proxy_authorize = no
proxy: wake_all_if_all_dead = no
security: max_attributes = 200
security: reject_delay = 1
security: status_server = no
main: debug_level = 0
read_config_files: reading dictionary
read_config_files: reading naslist
Using deprecated naslist file. Support for this will go away soon.
read_config_files: reading clients
read_config_files: reading realms
radiusd: entering modules setup
Module: Library search path is /opt/freeradius/lib
Module: Loaded PAP
pap: encryption_scheme = "crypt"
Module: Instantiated pap (pap)
Module: Loaded CHAP
Module: Instantiated chap (chap)
Module: Loaded MS-CHAP
mschap: use_mppe = yes
mschap: require_encryption = no
mschap: require_strong = no
mschap: with_ntdomain_hack = no
mschap: passwd = "(null)"
mschap: authtype = "MS-CHAP"
mschap: ntlm_auth = "(null)"
Module: Instantiated mschap (mschap)
Module: Loaded System
unix: cache = no
unix: passwd = "(null)"
unix: shadow = "(null)"
unix: group = "(null)"
unix: radwtmp = "/opt/freeradius/var/log/radius/radwtmp"
unix: usegroup = no
unix: cache_reload = 600
Module: Instantiated unix (unix)
Module: Loaded eap
eap: default_eap_type = "md5"
eap: timer_expire = 60
eap: ignore_unknown_eap_types = no
eap: cisco_accounting_username_bug = no
rlm_eap: Loaded and initialized type md5
rlm_eap: Loaded and initialized type leap
gtc: challenge = "Password: "
gtc: auth_type = "PAP"
rlm_eap: Loaded and initialized type gtc
mschapv2: with_ntdomain_hack = no
rlm_eap: Loaded and initialized type mschapv2
Module: Instantiated eap (eap)
Module: Loaded attr_rewrite
attr_rewrite: attribute = "User-Name"
attr_rewrite: searchfor = "promo.*"
attr_rewrite: searchin = "packet"
attr_rewrite: replacewith = "%{User-Password}"
attr_rewrite: append = no
attr_rewrite: ignore_case = no
attr_rewrite: new_attribute = no
attr_rewrite: max_matches = 10
Module: Instantiated attr_rewrite (attr_rewrite)
Module: Loaded preprocess
preprocess: huntgroups = "/opt/freeradius/etc/raddb/huntgroups"
preprocess: hints = "/opt/freeradius/etc/raddb/hints"
preprocess: with_ascend_hack = no
preprocess: ascend_channels_per_line = 23
preprocess: with_ntdomain_hack = no
preprocess: with_specialix_jetstream_hack = no
preprocess: with_cisco_vsa_hack = no
Module: Instantiated preprocess (preprocess)
Module: Loaded detail
detail: detailfile = "/opt/freeradius/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d"
detail: detailperm = 384
detail: dirperm = 493
detail: locking = no
Module: Instantiated detail (auth_log)
Module: Loaded realm
realm: format = "prefix"
realm: delimiter = "/"
realm: ignore_default = yes
realm: ignore_null = yes
Module: Instantiated realm (prefix)
realm: format = "suffix"
realm: delimiter = "@"
realm: ignore_default = yes
realm: ignore_null = yes
Module: Instantiated realm (suffix)
Module: Loaded files
files: usersfile = "/opt/freeradius/etc/raddb/users"
files: acctusersfile = "/opt/freeradius/etc/raddb/acct_users"
files: preproxy_usersfile = "/opt/freeradius/etc/raddb/preproxy_users"
files: compat = "no"
Module: Instantiated files (files)
Module: Loaded SQL
sql: driver = "rlm_sql_mysql"
sql: server = "localhost"
sql: port = ""
sql: login = "root"
sql: password = "trustive"
sql: radius_db = "trs"
sql: acct_table = "radacct"
sql: acct_table2 = "radacct"
sql: authcheck_table = "radcheck"
sql: authreply_table = "radreply"
sql: groupcheck_table = "radgroupcheck"
sql: groupreply_table = "radgroupreply"
sql: usergroup_table = "usergroup"
sql: nas_table = "nas"
sql: dict_table = "dictionary"
sql: sqltrace = yes
sql: sqltracefile = "/opt/freeradius/var/log/radius/sqltrace.sql"
sql: readclients = no
sql: deletestalesessions = yes
sql: num_sql_socks = 5
sql: sql_user_name = "%{Stripped-User-Name:-%{User-Name}}"
sql: default_user_profile = ""
sql: query_on_not_found = no
sql: authorize_check_query = "SELECT id,UserName,Attribute,Value,op FROM radcheck WHERE Username = '%{SQL-User-Name}' ORDER BY id"
sql: authorize_reply_query = "SELECT id,UserName,Attribute,Value,op FROM radreply WHERE Username = '%{SQL-User-Name}' ORDER BY id"
sql: authorize_group_check_query = "SELECT radgroupcheck.id,radgroupcheck.GroupName,radgroupcheck.Attribute,radgroupcheck.Value,radgroupcheck.op FROM radgroupcheck,usergroup WHERE usergroup.Username = '%{SQL-User-Name}' AND usergroup.GroupName = radgroupcheck.GroupName ORDER BY radgroupcheck.id"
sql: authorize_group_reply_query = "SELECT radgroupreply.id,radgroupreply.GroupName,radgroupreply.Attribute,radgroupreply.Value,radgroupreply.op FROM radgroupreply,usergroup WHERE usergroup.Username = '%{SQL-User-Name}' AND usergroup.GroupName = radgroupreply.GroupName ORDER BY radgroupreply.id"
sql: accounting_onoff_query = "UPDATE radacct SET AcctStopTime='%S', AcctSessionTime=unix_timestamp('%S') - unix_timestamp(AcctStartTime), AcctTerminateCause='%{Acct-Terminate-Cause}', AcctStopDelay = '%{Acct-Delay-Time}' WHERE AcctSessionTime=0 AND AcctStopTime=0 AND NASIPAddress= '%{NAS-IP-Address}' AND AcctStartTime <= '%S'"
sql: accounting_update_query = "UPDATE radacct ? SET FramedIPAddress = '%{Framed-IP-Address}', ? AcctSessionTime = '%{Acct-Session-Time}', ? AcctInputOctets = '%{Acct-Input-Octets}', ? AcctOutputOctets = '%{Acct-Output-Octets}' ? WHERE AcctSessionId = '%{Acct-Session-Id}' ? AND UserName = '%{SQL-User-Name}' ? AND NASIPAddress= '%{NAS-IP-Address}'"
sql: accounting_update_query_alt = "INSERT into radacct (AcctSessionId, AcctUniqueId, UserName, Realm, NASIPAddress, NASPortId, NASPortType, AcctStartTime, AcctSessionTime, AcctAuthentic, ConnectInfo_start, AcctInputOctets, AcctOutputOctets, CalledStationId, CallingStationId, ServiceType, FramedProtocol, FramedIPAddress, AcctStartDelay) values('%{Acct-Session-Id}', '%{Acct-Unique-Session-Id}', '%{SQL-User-Name}', '%{Realm}', '%{NAS-IP-Address}', '%{NAS-Port}', '%{NAS-Port-Type}', DATE_SUB('%S',INTERVAL (%{Acct-Session-Time:-0} + %{Acct-Delay-Time:-0}) SECOND), '%{Acct-Session-Time}', '%{Acct-Authentic}', '', '%{Acct-Input-Octets}', '%{Acct-Output-Octets}', '%{Called-Station-Id}', '%{Calling-Station-Id}', '%{Service-Type}', '%{Framed-Protocol}', '%{Framed-IP-Address}', '0')"
sql: accounting_start_query = "INSERT into radacct (AcctSessionId, AcctUniqueId, UserName, Realm, NASIPAddress, NASIdentifier, NASPortId, NASPortType, AcctStartTime, AcctStopTime, AcctSessionTime, AcctAuthentic, ConnectInfo_start, ConnectInfo_stop, AcctInputOctets, AcctOutputOctets, CalledStationId, CallingStationId, AcctTerminateCause, ServiceType, FramedProtocol, FramedIPAddress, AcctStartDelay, AcctStopDelay, ClientIPAddress, WISPrLocationId, WISPrLocationName) values('%{Acct-Session-Id}', '%{Acct-Unique-Session-Id}', '%{SQL-User-Name}', '%{Realm}', '%{NAS-IP-Address}', '%{NAS-Identifier}', '%{NAS-Port}', '%{NAS-Port-Type}', '%S', '0', '0', '%{Acct-Authentic}', '%{Connect-Info}', '', '0', '0', '%{Called-Station-Id}', '%{Calling-Station-Id}', '', '%{Service-Type}', '%{Framed-Protocol}', '%{Framed-IP-Address}', '%{Acct-Delay-Time}', '0', '%{Client-IP-Address}', '%{WISPr-Location-Id}', '%{WISPr-Location-Name}')"
sql: accounting_start_query_alt = "UPDATE radacct SET AcctStartTime = '%S', AcctStartDelay = '%{Acct-Delay-Time}', ConnectInfo_start = '%{Connect-Info}' WHERE AcctSessionId = '%{Acct-Session-Id}' AND UserName = '%{SQL-User-Name}' AND NASIPAddress = '%{NAS-IP-Address}'"
sql: accounting_stop_query = "UPDATE radacct SET AcctStopTime = '%S', AcctSessionTime = '%{Acct-Session-Time}', AcctInputOctets = '%{Acct-Input-Octets}', AcctOutputOctets = '%{Acct-Output-Octets}', AcctTerminateCause = '%{Acct-Terminate-Cause}', AcctStopDelay = '%{Acct-Delay-Time}', ConnectInfo_stop = '%{Connect-Info}' WHERE AcctSessionId = '%{Acct-Session-Id}' AND UserName = '%{SQL-User-Name}' AND NASIPAddress = '%{NAS-IP-Address}'"
sql: accounting_stop_query_alt = "INSERT into radacct (AcctSessionId, AcctUniqueId, UserName, Realm, NASIPAddress, NASPortId, NASPortType, AcctStartTime, AcctStopTime, AcctSessionTime, AcctAuthentic, ConnectInfo_start, ConnectInfo_stop, AcctInputOctets, AcctOutputOctets, CalledStationId, CallingStationId, AcctTerminateCause, ServiceType, FramedProtocol, FramedIPAddress, AcctStartDelay, AcctStopDelay, ClientIPAddress, WISPrLocationId, WISPrLocationName) values('%{Acct-Session-Id}', '%{Acct-Unique-Session-Id}', '%{SQL-User-Name}', '%{Realm}', '%{NAS-IP-Address}', '%{NAS-Port}', '%{NAS-Port-Type}', DATE_SUB('%S', INTERVAL (%{Acct-Session-Time:-0} + %{Acct-Delay-Time:-0}) SECOND), '%S', '%{Acct-Session-Time}', '%{Acct-Authentic}', '', '%{Connect-Info}', '%{Acct-Input-Octets}', '%{Acct-Output-Octets}', '%{Called-Station-Id}', '%{Calling-Station-Id}', '%{Acct-Terminate-Cause}', '%{Service-Type}', '%{Framed-Protocol}', '%{Framed-IP-Address}', '0', '%{Acct-Delay-Time}', '%{Client-IP-Address}', '%{WISPr-Location-Id}', '%{WISPr-Location-Name}')"
sql: group_membership_query = "SELECT GroupName FROM usergroup WHERE UserName='%{SQL-User-Name}'"
sql: connect_failure_retry_delay = 60
sql: simul_count_query = ""
sql: simul_verify_query = "SELECT RadAcctId, AcctSessionId, UserName, NASIPAddress, NASPortId, FramedIPAddress, CallingStationId, FramedProtocol FROM radacct WHERE UserName='%{SQL-User-Name}' AND AcctStopTime = 0"
sql: postauth_table = "radpostauth"
sql: postauth_query = "INSERT into radpostauth (id, user, pass, session_id, reply, date) values ('', '%{User-Name}', '%{User-Password:-Chap-Password}', '%{Acct-Session-Id}', '%{reply:Packet-Type}', NOW())"
sql: safe-characters = "@abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789.-_: /"
rlm_sql (sql): Driver rlm_sql_mysql (module rlm_sql_mysql) loaded and linked
rlm_sql (sql): Attempting to connect to root@localhost:/trs
rlm_sql (sql): starting 0
rlm_sql (sql): Attempting to connect rlm_sql_mysql #0
rlm_sql_mysql: Starting connect to MySQL server for #0
rlm_sql (sql): Connected new DB handle, #0
rlm_sql (sql): starting 1
rlm_sql (sql): Attempting to connect rlm_sql_mysql #1
rlm_sql_mysql: Starting connect to MySQL server for #1
rlm_sql (sql): Connected new DB handle, #1
rlm_sql (sql): starting 2
rlm_sql (sql): Attempting to connect rlm_sql_mysql #2
rlm_sql_mysql: Starting connect to MySQL server for #2
rlm_sql (sql): Connected new DB handle, #2
rlm_sql (sql): starting 3
rlm_sql (sql): Attempting to connect rlm_sql_mysql #3
rlm_sql_mysql: Starting connect to MySQL server for #3
rlm_sql (sql): Connected new DB handle, #3
rlm_sql (sql): starting 4
rlm_sql (sql): Attempting to connect rlm_sql_mysql #4
rlm_sql_mysql: Starting connect to MySQL server for #4
rlm_sql (sql): Connected new DB handle, #4
Module: Instantiated sql (sql)
2
2