Freeradius-Users
Threads by month
- ----- 2026 -----
- July
- June
- May
- April
- March
- February
- January
- ----- 2025 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2024 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2023 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2022 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2021 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2020 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2019 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2018 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2017 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2016 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2015 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2014 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2013 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2012 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2011 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2010 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2009 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2008 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2007 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2006 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2005 -----
- December
- November
- October
- September
- August
- July
- June
- May
December 2006
- 128 participants
- 207 discussions
4
6
No way man!
:)
I've done a CVS clean install now (EVERYTHING old deleted before
install and rebooted machine) but the same error occurs!
It's just like the log from the previous post (below).
radiusd dies after "Sending Access-Request" to the proxy, every single time.
I'm not using any old conf, configured it from scratch.
Please help!
Thanks.
On 12/11/06, Guilherme Franco <guilhermefranco(a)gmail.com> wrote:
> Ok,
>
> The log is below, thank you.
>
> Gonna delete and clean install it, I just thought that "./configure,
> make, make install" would overwrite everything except the confs.
>
> radiusd -xxx
> Mon Dec 11 19:47:58 2006 : Info: Ready to process requests.
> Mon Dec 11 19:47:58 2006 : Debug: Nothing to do. Sleeping until we
> see a request.
> Mon Dec 11 19:47:58 2006 : Debug: Thread 1 waiting to be assigned a request
> Mon Dec 11 19:47:58 2006 : Debug: Thread 2 waiting to be assigned a request
> Mon Dec 11 19:47:58 2006 : Debug: Thread 5 waiting to be assigned a request
> Mon Dec 11 19:47:58 2006 : Debug: Thread 3 waiting to be assigned a request
> Mon Dec 11 19:47:58 2006 : Debug: Thread 4 waiting to be assigned a request
> rad_recv: Access-Request packet from host 10.10.2.11 port 50000,
> id=206, length=234
> Mon Dec 11 19:48:17 2006 : Debug: --- Walking the entire request list ---
> Mon Dec 11 19:48:17 2006 : Debug: Thread 1 got semaphore
> Mon Dec 11 19:48:17 2006 : Debug: Threads: total/active/spare threads = 5/0/5
> Mon Dec 11 19:48:17 2006 : Debug: Thread 1 handling request 0, (1
> handled so far)
> Mon Dec 11 19:48:17 2006 : Debug: Waking up in 1 seconds...
> User-Password = "bogus123"
> User-Name = "bogus(a)foo.com"
> Acct-Session-Id = "nas GigabitEthernet 11/0.165:2165:0028716608"
> Service-Type = Framed-User
> Framed-Protocol = PPP
> ERX-Pppoe-Description = "pppoe 00:0b:23:fd:1d:8c"
> Calling-Station-Id = "NAS-01#2165"
> NAS-Port-Type = Ethernet
> NAS-Port = 2952792181
> NAS-Port-Id = "GigabitEthernet 11/0.165:2165"
> NAS-IP-Address = 10.10.2.11
> NAS-Identifier = "NAS-01"
> Mon Dec 11 19:48:17 2006 : Debug: Processing the authorize section
> of radiusd.conf
> Mon Dec 11 19:48:17 2006 : Debug: modcall: entering group authorize
> for request 0
> Mon Dec 11 19:48:17 2006 : Debug: modsingle[authorize]: calling
> preprocess (rlm_preprocess) for request 0
> Mon Dec 11 19:48:17 2006 : Debug: modsingle[authorize]: returned
> from preprocess (rlm_preprocess) for request 0
> Mon Dec 11 19:48:17 2006 : Debug: modcall[authorize]: module
> "preprocess" returns ok for request 0
> Mon Dec 11 19:48:17 2006 : Debug: modsingle[authorize]: calling
> auth_log (rlm_detail) for request 0
> Mon Dec 11 19:48:17 2006 : Debug: radius_xlat:
> '/usr/local/var/log/radius/radacct/10.10.2.11/auth-detail-20061211'
> Mon Dec 11 19:48:17 2006 : Debug: rlm_detail:
> /usr/local/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d
> expands to /usr/local/var/log/radius/radacct/10.10.2.11/auth-detail-20061211
> Mon Dec 11 19:48:17 2006 : Debug: radius_xlat: 'Mon Dec 11 19:48:17 2006'
> Mon Dec 11 19:48:17 2006 : Debug: modsingle[authorize]: returned
> from auth_log (rlm_detail) for request 0
> Mon Dec 11 19:48:17 2006 : Debug: modcall[authorize]: module
> "auth_log" returns ok for request 0
> Mon Dec 11 19:48:17 2006 : Debug: modsingle[authorize]: calling chap
> (rlm_chap) for request 0
> Mon Dec 11 19:48:17 2006 : Debug: modsingle[authorize]: returned
> from chap (rlm_chap) for request 0
> Mon Dec 11 19:48:17 2006 : Debug: modcall[authorize]: module "chap"
> returns noop for request 0
> Mon Dec 11 19:48:17 2006 : Debug: modsingle[authorize]: calling
> mschap (rlm_mschap) for request 0
> Mon Dec 11 19:48:17 2006 : Debug: modsingle[authorize]: returned
> from mschap (rlm_mschap) for request 0
> Mon Dec 11 19:48:17 2006 : Debug: modcall[authorize]: module
> "mschap" returns noop for request 0
> Mon Dec 11 19:48:17 2006 : Debug: modsingle[authorize]: calling unix
> (rlm_unix) for request 0
> Mon Dec 11 19:48:17 2006 : Debug: modsingle[authorize]: returned
> from unix (rlm_unix) for request 0
> Mon Dec 11 19:48:17 2006 : Debug: modcall[authorize]: module "unix"
> returns notfound for request 0
> Mon Dec 11 19:48:17 2006 : Debug: modsingle[authorize]: calling
> suffix (rlm_realm) for request 0
> Mon Dec 11 19:48:17 2006 : Debug: rlm_realm: Looking up realm
> "foo.com" for User-Name = "bogus(a)foo.com"
> Mon Dec 11 19:48:17 2006 : Debug: rlm_realm: Found realm "foo.com"
> Mon Dec 11 19:48:17 2006 : Debug: rlm_realm: Adding
> Stripped-User-Name = "bogus"
> Mon Dec 11 19:48:17 2006 : Debug: rlm_realm: Proxying request from
> user bogus to realm foo.com
> Mon Dec 11 19:48:17 2006 : Debug: rlm_realm: Adding Realm = "foo.com"
> Mon Dec 11 19:48:17 2006 : Debug: rlm_realm: Preparing to proxy
> authentication request to realm "foo.com"
> Mon Dec 11 19:48:17 2006 : Debug: modsingle[authorize]: returned
> from suffix (rlm_realm) for request 0
> Mon Dec 11 19:48:17 2006 : Debug: modcall[authorize]: module
> "suffix" returns updated for request 0
> Mon Dec 11 19:48:17 2006 : Debug: modsingle[authorize]: calling
> files (rlm_files) for request 0
> Mon Dec 11 19:48:17 2006 : Debug: users: Matched entry DEFAULT at line 173
> Mon Dec 11 19:48:17 2006 : Debug: modsingle[authorize]: returned
> from files (rlm_files) for request 0
> Mon Dec 11 19:48:17 2006 : Debug: modcall[authorize]: module "files"
> returns ok for request 0
> Mon Dec 11 19:48:17 2006 : Debug: modsingle[authorize]: calling sql
> (rlm_sql) for request 0
> Mon Dec 11 19:48:17 2006 : Debug: radius_xlat: 'bogus(a)foo.com'
> Mon Dec 11 19:48:17 2006 : Debug: rlm_sql (sql): sql_set_user escaped
> user --> 'bogus(a)foo.com'
> Mon Dec 11 19:48:17 2006 : Debug: rlm_sql (sql): Reserving sql socket id: 14
> Mon Dec 11 19:48:17 2006 : Debug: radius_xlat: 'SELECT
> id,UserName,Attribute,Value,op FROM radcheck WHERE Username =
> 'bogus(a)foo.com' ORDER BY id'
> Mon Dec 11 19:48:17 2006 : Debug: SELECT
> id,UserName,Attribute,Value,op FROM radcheck WHERE Username =
> 'bogus(a)foo.com' ORDER BY id
> Mon Dec 11 19:48:17 2006 : Debug: rlm_sql (sql): User found in radcheck table
> Mon Dec 11 19:48:17 2006 : Debug: radius_xlat: 'SELECT
> id,UserName,Attribute,Value,op FROM radreply WHERE Username =
> 'bogus(a)foo.com' ORDER BY id'
> Mon Dec 11 19:48:17 2006 : Debug: SELECT
> id,UserName,Attribute,Value,op FROM radreply WHERE Username =
> 'bogus(a)foo.com' ORDER BY id
> Mon Dec 11 19:48:17 2006 : Debug: rlm_sql (sql): Released sql socket id: 14
> Mon Dec 11 19:48:17 2006 : Debug: modsingle[authorize]: returned
> from sql (rlm_sql) for request 0
> Mon Dec 11 19:48:17 2006 : Debug: modcall[authorize]: module "sql"
> returns ok for request 0
> Mon Dec 11 19:48:17 2006 : Debug: modsingle[authorize]: calling
> expiration (rlm_expiration) for request 0
> Mon Dec 11 19:48:17 2006 : Debug: modsingle[authorize]: returned
> from expiration (rlm_expiration) for request 0
> Mon Dec 11 19:48:17 2006 : Debug: modcall[authorize]: module
> "expiration" returns noop for request 0
> Mon Dec 11 19:48:17 2006 : Debug: modsingle[authorize]: calling
> logintime (rlm_logintime) for request 0
> Mon Dec 11 19:48:17 2006 : Debug: modsingle[authorize]: returned
> from logintime (rlm_logintime) for request 0
> Mon Dec 11 19:48:17 2006 : Debug: modcall[authorize]: module
> "logintime" returns noop for request 0
> Mon Dec 11 19:48:17 2006 : Debug: modsingle[authorize]: calling pap
> (rlm_pap) for request 0
> Mon Dec 11 19:48:17 2006 : Debug: modsingle[authorize]: returned
> from pap (rlm_pap) for request 0
> Mon Dec 11 19:48:17 2006 : Debug: modcall[authorize]: module "pap"
> returns noop for request 0
> Mon Dec 11 19:48:17 2006 : Debug: modcall: group authorize returns
> updated for request 0
> Mon Dec 11 19:48:17 2006 : Debug: Processing the pre-proxy section
> of radiusd.conf
> Mon Dec 11 19:48:17 2006 : Debug: modcall: entering group pre-proxy
> for request 0
> Mon Dec 11 19:48:17 2006 : Debug: modsingle[pre-proxy]: calling
> pre_proxy_log (rlm_detail) for request 0
> Mon Dec 11 19:48:17 2006 : Debug: radius_xlat:
> '/usr/local/var/log/radius/radacct/10.10.2.11/pre-proxy-detail-20061211'
> Mon Dec 11 19:48:17 2006 : Debug: rlm_detail:
> /usr/local/var/log/radius/radacct/%{Client-IP-Address}/pre-proxy-detail-%Y%m%d
> expands to /usr/local/var/log/radius/radacct/10.10.2.11/pre-proxy-detail-20061211
> Mon Dec 11 19:48:17 2006 : Debug: radius_xlat: 'Mon Dec 11 19:48:17 2006'
> Mon Dec 11 19:48:17 2006 : Debug: modsingle[pre-proxy]: returned
> from pre_proxy_log (rlm_detail) for request 0
> Mon Dec 11 19:48:17 2006 : Debug: modcall[pre-proxy]: module
> "pre_proxy_log" returns ok for request 0
> Mon Dec 11 19:48:17 2006 : Debug: modcall: group pre-proxy returns ok
> for request 0
> Mon Dec 11 19:48:17 2006 : Debug: proxy: allocating destination
> 30.30.2.1 port 1812 - Id 191
> Sending Access-Request of id 191 to 30.30.2.1 port 1812
> User-Password = "bogus123"
> User-Name = "bogus"
> Acct-Session-Id = "nas GigabitEthernet 11/0.165:2165:0028716608"
> Service-Type = Framed-User
> Framed-Protocol = PPP
> ERX-Pppoe-Description = "pppoe 00:0b:23:fd:1d:8c"
> Calling-Station-Id = "NAS-01#2165"
> NAS-Port-Type = Ethernet
> NAS-Port = 2952792181
> NAS-Port-Id = "GigabitEthernet 11/0.165:2165"
> NAS-IP-Address = 10.10.2.11
> NAS-Identifier = "NAS-01"
> Proxy-State = 0x323036
> Mon Dec 11 19:48:17 2006 : Error: Assertion failed in listen.c, line 621
>
3
7
> 1. Does your password have odd (non-ascii) characters in it? That
> should NOT matter for MS-CHAP since it's explicitly unicode aware
MS-CHAP is unicode aware, but FreeRADIUS' implementation is not. It
definitely borks on non-ASCII characters in passwords. (I submitted a
patch some time ago to fix this, check the archives).
(I've not been following this thread, so I don't know if pertinent or
not.)
Josh.
1
0
Hi there, this is an old issue, but AFAIAC hasn't been solved yet, that's why I'm asking for help with this problem which is driving me crazy.
I'm trying to auth the user with PEAP+MSCHAP against AD. Kerberos and Samba have been properly configured and the server has been joined to the domain. From the command line:
ntlm_auth --request-nt-key --domain=DOMAIN --username=testuser
password:
NT_STATUS_OK: Success (0x0)
ntlm_auth is properly working so it should work fine with FreeRadius.
In the log below you'll find two auths performed by the same user in the same domain against the same FreeRadius server.
In the first attempt the user has checked the option "Automatically use my Windows logon name and password (and domain if any)", user account is valid in the domain and is not locked out, however user authentication fails.
In the next attempt the user has unchecked this option, so everytime he connects to the network he has to type his credentials in. After clicking "Connect" he gets access.
Why if Windows sends the same user information only in the latter case user is able to get in?
Does anyone know how to solve/troubleshoot this problem?
Many thanks
Hector
----- FREERADIUS LOG -------
Starting - reading configuration files ...
reread_config: reading radiusd.conf
Config: including file: /usr/local/etc/raddb/clients.conf
Config: including file: /usr/local/etc/raddb/eap.conf
main: prefix = "/usr/local"
main: localstatedir = "/usr/local/var"
main: logdir = "/usr/local/var/log/radius"
main: libdir = "/usr/local/lib"
main: radacctdir = "/usr/local/var/log/radius/radacct"
main: hostname_lookups = no
main: max_request_time = 30
main: cleanup_delay = 5
main: max_requests = 1024
main: delete_blocked_requests = 0
main: port = 0
main: allow_core_dumps = no
main: log_stripped_names = no
main: log_file = "/usr/local/var/log/radius/radius.log"
main: log_auth = no
main: log_auth_badpass = no
main: log_auth_goodpass = no
main: pidfile = "/usr/local/var/run/radiusd/radiusd.pid"
main: user = "radiusd"
main: group = "radiusd"
main: usercollide = no
main: lower_user = "no"
main: lower_pass = "no"
main: nospace_user = "no"
main: nospace_pass = "no"
main: checkrad = "/usr/local/sbin/checkrad"
main: proxy_requests = yes
security: max_attributes = 200
security: reject_delay = 1
security: status_server = no
main: debug_level = 0
read_config_files: reading dictionary
read_config_files: reading naslist
Using deprecated naslist file. Support for this will go away soon.
read_config_files: reading clients
read_config_files: reading realms
radiusd: entering modules setup
Module: Library search path is /usr/local/lib
Module: Loaded MS-CHAP
mschap: use_mppe = no
mschap: require_encryption = no
mschap: require_strong = no
mschap: with_ntdomain_hack = yes
mschap: passwd = "(null)"
mschap: ntlm_auth = "/opt/samba/bin/ntlm_auth --request-nt-key --domain=%{mschap:NT-Domain:-DOMAIN} --username=%{mschap:User-Name} --challenge=%{mschap:Challenge:-00} --nt-response=%{mschap:NT-Response:-00}"
Module: Instantiated mschap (mschap)
Module: Loaded eap
eap: default_eap_type = "peap"
eap: timer_expire = 60
eap: ignore_unknown_eap_types = no
eap: cisco_accounting_username_bug = no
tls: rsa_key_exchange = no
tls: dh_key_exchange = yes
tls: rsa_key_length = 512
tls: dh_key_length = 512
tls: verify_depth = 0
tls: CA_path = "(null)"
tls: pem_file_type = yes
tls: private_key_file = "/usr/local/etc/raddb/certs/private_key.pem"
tls: certificate_file = "/usr/local/etc/raddb/certs/certificate.pem"
tls: CA_file = "/usr/local/etc/raddb/certs/ca.pem"
tls: private_key_password = "whatever"
tls: dh_file = "/usr/local/etc/raddb/certs/dh"
tls: random_file = "/dev/urandom"
tls: fragment_size = 1024
tls: include_length = yes
tls: check_crl = yes
tls: check_cert_cn = "(null)"
tls: cipher_list = "(null)"
tls: check_cert_issuer = "(null)"
rlm_eap_tls: Loading the certificate file as a chain
rlm_eap: Loaded and initialized type tls
ttls: default_eap_type = "mschapv2"
ttls: copy_request_to_tunnel = yes
ttls: use_tunneled_reply = yes
rlm_eap: Loaded and initialized type ttls
peap: default_eap_type = "mschapv2"
peap: copy_request_to_tunnel = no
peap: use_tunneled_reply = no
peap: proxy_tunneled_request_as_eap = yes
rlm_eap: Loaded and initialized type peap
mschapv2: with_ntdomain_hack = no
rlm_eap: Loaded and initialized type mschapv2
Module: Instantiated eap (eap)
Module: Loaded perl
perl: module = "/opt/nac/bin/rad2vmps"
perl: func_authorize = "authorize"
perl: func_authenticate = "authenticate"
perl: func_accounting = "accounting"
perl: func_preacct = "preacct"
perl: func_checksimul = "checksimul"
perl: func_detach = "detach"
perl: func_xlat = "xlat"
perl: func_pre_proxy = "pre_proxy"
perl: func_post_proxy = "post_proxy"
perl: func_post_auth = "post_auth"
perl: perl_flags = "(null)"
perl: func_start_accounting = "(null)"
perl: func_stop_accounting = "(null)"
perl: max_clones = 32
perl: start_clones = 5
perl: min_spare_clones = 3
perl: max_spare_clones = 3
perl: cleanup_delay = 5
perl: max_request_per_clone = 0
Module: Instantiated perl (verify_mac)
Module: Loaded files
files: usersfile = "/usr/local/etc/raddb/users"
files: acctusersfile = "/usr/local/etc/raddb/acct_users"
files: preproxy_usersfile = "/usr/local/etc/raddb/preproxy_users"
files: compat = "cistron"
[/usr/local/etc/raddb/users]:1 Cistron compatibility checks for entry DEFAULT ...
Module: Instantiated files (files)
Listening on authentication *:1812
Listening on accounting *:1813
Ready to process requests.
rad_recv: Access-Request packet from host 192.168.1.1:1645, id=38, length=149
User-Name = "DOMAIN\\testuser"
Service-Type = Framed-User
Framed-MTU = 1500
Called-Station-Id = "00-19-AA-2C-8F-03"
Calling-Station-Id = "00-08-74-46-2A-A5"
EAP-Message = 0x0202001601434f5250524f4f545c7467646f72686531
Message-Authenticator = 0x9bc11b6f6182f53f6428ad12c48d8f10
NAS-Port = 50001
NAS-Port-Type = Ethernet
NAS-IP-Address = 192.168.1.1
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 0
rlm_eap: EAP packet type response id 2 length 22
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 0
users: Matched entry DEFAULT at line 1
modcall[authorize]: module "files" returns ok for request 0
modcall: leaving group authorize (returns updated) for request 0
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 0
rlm_eap: EAP Identity
rlm_eap: processing type tls
rlm_eap_tls: Initiate
rlm_eap_tls: Start returned 1
modcall[authenticate]: module "eap" returns handled for request 0
modcall: leaving group authenticate (returns handled) for request 0
Sending Access-Challenge of id 38 to 192.168.1.1 port 1645
Tunnel-Type:0 = VLAN
Tunnel-Medium-Type:0 = IEEE-802
Tunnel-Private-Group-Id:0 = "vlanX"
EAP-Message = 0x010300061920
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x67c75e29c6b4d8d32c662ce2d154d277
Finished request 0
Going to the next request
--- Walking the entire request list ---
Waking up in 6 seconds...
rad_recv: Access-Request packet from host 192.168.1.1:1645, id=39, length=257
User-Name = "DOMAIN\\testuser"
Service-Type = Framed-User
Framed-MTU = 1500
Called-Station-Id = "00-19-AA-2C-8F-03"
Calling-Station-Id = "00-08-74-46-2A-A5"
EAP-Message = 0x0203007019800000006616030100610100005d0301457998f4e09ac05f33a934415945c7264b94c0701d13c0caab7fa36b0cc015282065c088fd4f3b7fdc5fed147045382b152c89d35916d5d2938f9dd648c55fa6d8001600040005000a000900640062000300060013001200630100
Message-Authenticator = 0x4fe4e78473480d0bdd990a665c67c62d
NAS-Port = 50001
NAS-Port-Type = Ethernet
State = 0x67c75e29c6b4d8d32c662ce2d154d277
NAS-IP-Address = 192.168.1.1
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 1
rlm_eap: EAP packet type response id 3 length 112
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 1
users: Matched entry DEFAULT at line 1
modcall[authorize]: module "files" returns ok for request 1
modcall: leaving group authorize (returns updated) for request 1
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 1
rlm_eap: Request found, released from the list
rlm_eap: EAP/peap
rlm_eap: processing type peap
rlm_eap_peap: Authenticate
rlm_eap_tls: processing TLS
rlm_eap_tls: Length Included
eaptls_verify returned 11
(other): before/accept initialization
TLS_accept: before/accept initialization
rlm_eap_tls: <<< TLS 1.0 Handshake [length 0061], ClientHello
TLS_accept: SSLv3 read client hello A
rlm_eap_tls: >>> TLS 1.0 Handshake [length 004a], ServerHello
TLS_accept: SSLv3 write server hello A
rlm_eap_tls: >>> TLS 1.0 Handshake [length 080d], Certificate
TLS_accept: SSLv3 write certificate A
rlm_eap_tls: >>> TLS 1.0 Handshake [length 0004], ServerHelloDone
TLS_accept: SSLv3 write server done A
TLS_accept: SSLv3 flush data
TLS_accept:error in SSLv3 read client certificate A
rlm_eap: SSL error error:00000000:lib(0):func(0):reason(0)
In SSL Handshake Phase
In SSL Accept mode
eaptls_process returned 13
rlm_eap_peap: EAPTLS_HANDLED
modcall[authenticate]: module "eap" returns handled for request 1
modcall: leaving group authenticate (returns handled) for request 1
Sending Access-Challenge of id 39 to 192.168.1.1 port 1645
Tunnel-Type:0 = VLAN
Tunnel-Medium-Type:0 = IEEE-802
Tunnel-Private-Group-Id:0 = "vlanX"
EAP-Message = 0x0104040a19c00000086a160301004a020000460301457998f53062b10c6041e3d6247d9f8189960a70e58063d2eb8416ca085f728a20c131ee8e347614dd96be74d24d8d0d56dffdbc25b8a27dded39fc3df92bb91d5000400160301080d0b0008090008060004b6308204b23082041ba003020102020a2e00e9e400000000002a300d06092a864886f70d0101050500306f3128302606092a864886f70d0109011619696e6f2e68656c706465736b407377697373636f6d2e636f6d310b30090603550406130243483121301f060355040a13185377697373636f6d20496e6e6f766174696f6e73204c7464311330110603550403130a494e4f2d4345
EAP-Message = 0x532d4341301e170d3036313032303132323831305a170d3037313032303132333831305a307e311b301906092a864886f70d010901160c726f6f7440767074742e6368310b3009060355040613024348310d300b060355040813044265726e3121301f060355040a13185377697373636f6d20496e6e6f766174696f6e204c74642e3120301e06035504031317696e6f636573766d7073312e73776973737074742e636830819f300d06092a864886f70d010101050003818d0030818902818100bcbadc4b571f51a19389879c2df4b32045fd76516d1afb6b06f96374dac730116958664972ae66216bf6bb9530573daaf005e0ea7018020baa62471f
EAP-Message = 0xf05d3288cec3d40eac124ef80047cc9c853b0f2a925ab042bd1e0ba961de60cc0f1aca95a38b7ca9362977ed79f29de2b83325ff9c8cc4c087b3a7c7283e6fc0c95e1f470203010001a382024430820240301d0603551d0e0416041402827c1fe6af65cb4ed510eee57c81f9845126b33081a80603551d230481a030819d80140531afcf5f726f0182cc53ee960e4a53f8687bf4a173a471306f3128302606092a864886f70d0109011619696e6f2e68656c706465736b407377697373636f6d2e636f6d310b30090603550406130243483121301f060355040a13185377697373636f6d20496e6e6f766174696f6e73204c7464311330110603550403
EAP-Message = 0x130a494e4f2d4345532d4341821050dae873d6e1498e49c13dc445dc31f730818d0603551d1f048185308182303ea03ca03a8638687474703a2f2f696e6f636573616373322e636f7270726f6f742e6e65742f43657274456e726f6c6c2f494e4f2d4345532d43412e63726c3040a03ea03c863a66696c653a2f2f5c5c696e6f636573616373322e636f7270726f6f742e6e65745c43657274456e726f6c6c5c494e4f2d4345532d43412e63726c3081ce06082b060105050701010481c13081be305c06082b060105050730028650687474703a2f2f696e6f636573616373322e636f7270726f6f742e6e65742f43657274456e726f6c6c2f696e6f63
EAP-Message = 0x6573616373322e636f7270726f6f742e6e65745f494e
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x584c9a8d95626f74ada9c048f89febd5
Finished request 1
Going to the next request
Waking up in 6 seconds...
rad_recv: Access-Request packet from host 192.168.1.1:1645, id=40, length=151
User-Name = "DOMAIN\\testuser"
Service-Type = Framed-User
Framed-MTU = 1500
Called-Station-Id = "00-19-AA-2C-8F-03"
Calling-Station-Id = "00-08-74-46-2A-A5"
EAP-Message = 0x020400061900
Message-Authenticator = 0xcf9be95996c8d692195ff106f4f9ac5e
NAS-Port = 50001
NAS-Port-Type = Ethernet
State = 0x584c9a8d95626f74ada9c048f89febd5
NAS-IP-Address = 192.168.1.1
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 2
rlm_eap: EAP packet type response id 4 length 6
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 2
users: Matched entry DEFAULT at line 1
modcall[authorize]: module "files" returns ok for request 2
modcall: leaving group authorize (returns updated) for request 2
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 2
rlm_eap: Request found, released from the list
rlm_eap: EAP/peap
rlm_eap: processing type peap
rlm_eap_peap: Authenticate
rlm_eap_tls: processing TLS
rlm_eap_tls: Received EAP-TLS ACK message
rlm_eap_tls: ack handshake fragment handler
eaptls_verify returned 1
eaptls_process returned 13
rlm_eap_peap: EAPTLS_HANDLED
modcall[authenticate]: module "eap" returns handled for request 2
modcall: leaving group authenticate (returns handled) for request 2
Sending Access-Challenge of id 40 to 192.168.1.1 port 1645
Tunnel-Type:0 = VLAN
Tunnel-Medium-Type:0 = IEEE-802
Tunnel-Private-Group-Id:0 = "vlanX"
EAP-Message = 0x0105040619404f2d4345532d43412e637274305e06082b06010505073002865266696c653a2f2f5c5c696e6f636573616373322e636f7270726f6f742e6e65745c43657274456e726f6c6c5c696e6f636573616373322e636f7270726f6f742e6e65745f494e4f2d4345532d43412e63727430130603551d25040c300a06082b06010505070301300d06092a864886f70d0101050500038181006a5fee48e1a8a5a43794cbaa520aaab4b9105add93c531bf8ce91f8374f08ae40dc04c03d7de7410b29bf3b64e97bf9af15be919096a8b04d021c615a763b01a05fbb572428830e1d1a2ad3cffcff079f524ce745cf8c9c7a2306d0f035eb7072ae63a
EAP-Message = 0x92993d914ff7107b0ae9de3d3d4f19183f6b36383d91c57245f5cb694200034a30820346308202afa003020102021050dae873d6e1498e49c13dc445dc31f7300d06092a864886f70d0101050500306f3128302606092a864886f70d0109011619696e6f2e68656c706465736b407377697373636f6d2e636f6d310b30090603550406130243483121301f060355040a13185377697373636f6d20496e6e6f766174696f6e73204c7464311330110603550403130a494e4f2d4345532d4341301e170d3035303831303136313232315a170d3135303831303136323134325a306f3128302606092a864886f70d0109011619696e6f2e68656c70646573
EAP-Message = 0x6b407377697373636f6d2e636f6d310b30090603550406130243483121301f060355040a13185377697373636f6d20496e6e6f766174696f6e73204c7464311330110603550403130a494e4f2d4345532d434130819f300d06092a864886f70d010101050003818d0030818902818100bcdaa85f50acb0a704320cd308fe56ed5fff84b4ad027b0f8590495c17b15657a52475d8a7e14122f423213dae283a61978f27fa938e14adcc4ff6df9680be9520f576d041923181498768ad8f4e6a2c4c846359444d1ffba19b61d9086ddaa0b74d5ea18dc315482e3e14f43f3c6e937de7029cd2c1de45833fd6c4cf26697d0203010001a381e23081df300b
EAP-Message = 0x0603551d0f0404030201c6300f0603551d130101ff040530030101ff301d0603551d0e041604140531afcf5f726f0182cc53ee960e4a53f8687bf430818d0603551d1f048185308182303ea03ca03a8638687474703a2f2f696e6f636573616373322e636f7270726f6f742e6e65742f43657274456e726f6c6c2f494e4f2d4345532d43412e63726c3040a03ea03c863a66696c653a2f2f5c5c696e6f636573616373322e636f7270726f6f742e6e65745c43657274456e726f6c6c5c494e4f2d4345532d43412e63726c301006092b06010401823715010403020100300d06092a864886f70d010105050003818100a3eea55c46c0fa3d1cac6fa04e
EAP-Message = 0x91a9f530133facb67f69835f8e7b389fa2d0
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x02a27b743dbcf852e5d08c96ccf2522b
Finished request 2
Going to the next request
Waking up in 6 seconds...
rad_recv: Access-Request packet from host 192.168.1.1:1645, id=41, length=151
User-Name = "DOMAIN\\testuser"
Service-Type = Framed-User
Framed-MTU = 1500
Called-Station-Id = "00-19-AA-2C-8F-03"
Calling-Station-Id = "00-08-74-46-2A-A5"
EAP-Message = 0x020500061900
Message-Authenticator = 0xd6811650c78d31a1bbdf1865603d3648
NAS-Port = 50001
NAS-Port-Type = Ethernet
State = 0x02a27b743dbcf852e5d08c96ccf2522b
NAS-IP-Address = 192.168.1.1
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 3
rlm_eap: EAP packet type response id 5 length 6
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 3
users: Matched entry DEFAULT at line 1
modcall[authorize]: module "files" returns ok for request 3
modcall: leaving group authorize (returns updated) for request 3
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 3
rlm_eap: Request found, released from the list
rlm_eap: EAP/peap
rlm_eap: processing type peap
rlm_eap_peap: Authenticate
rlm_eap_tls: processing TLS
rlm_eap_tls: Received EAP-TLS ACK message
rlm_eap_tls: ack handshake fragment handler
eaptls_verify returned 1
eaptls_process returned 13
rlm_eap_peap: EAPTLS_HANDLED
modcall[authenticate]: module "eap" returns handled for request 3
modcall: leaving group authenticate (returns handled) for request 3
Sending Access-Challenge of id 41 to 192.168.1.1 port 1645
Tunnel-Type:0 = VLAN
Tunnel-Medium-Type:0 = IEEE-802
Tunnel-Private-Group-Id:0 = "vlanX"
EAP-Message = 0x010600701900dbff8395b2eecf4ff75d35aab631de6621a8a96949ad6f63abc615b5714293a8d4e23d6248cea124a8fce49a67f5bdef8bbf0cb12f58375bb72154f29bd69b8ed6df9ea14c1ed5d83bae339f1a23503923e1d7a4839f8139393a0ccfb5cce9fe1116030100040e000000
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x7aedd96540c2242a267e0424a4c9cbff
Finished request 3
Going to the next request
Waking up in 6 seconds...
rad_recv: Access-Request packet from host 192.168.1.1:1645, id=42, length=337
User-Name = "DOMAIN\\testuser"
Service-Type = Framed-User
Framed-MTU = 1500
Called-Station-Id = "00-19-AA-2C-8F-03"
Calling-Station-Id = "00-08-74-46-2A-A5"
EAP-Message = 0x020600c01980000000b6160301008610000082008041592edd109fc742430339b195f3331b296a316d33bc4a1d2ad4b8ee94d3f8b1dffc35e9e5c43f55a57cdf20ce0c9dbeca20f7845d878c6f99478055e2c44925b19832f4dd8733c3191d8a71b1d29f7ab23582096afd195e6f1d744171e72418851e9e26b960b3becca6d411b06d8a226063d6766f6a995958f05229a9a26b361403010001011603010020a5c032ec42c1f401f46d26a7beee41c9d7d53ca2a81b0f39eda4f53358a0785f
Message-Authenticator = 0xcee410317912a566868d80e5464ecd6f
NAS-Port = 50001
NAS-Port-Type = Ethernet
State = 0x7aedd96540c2242a267e0424a4c9cbff
NAS-IP-Address = 192.168.1.1
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 4
rlm_eap: EAP packet type response id 6 length 192
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 4
users: Matched entry DEFAULT at line 1
modcall[authorize]: module "files" returns ok for request 4
modcall: leaving group authorize (returns updated) for request 4
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 4
rlm_eap: Request found, released from the list
rlm_eap: EAP/peap
rlm_eap: processing type peap
rlm_eap_peap: Authenticate
rlm_eap_tls: processing TLS
rlm_eap_tls: Length Included
eaptls_verify returned 11
rlm_eap_tls: <<< TLS 1.0 Handshake [length 0086], ClientKeyExchange
TLS_accept: SSLv3 read client key exchange A
rlm_eap_tls: <<< TLS 1.0 ChangeCipherSpec [length 0001]
rlm_eap_tls: <<< TLS 1.0 Handshake [length 0010], Finished
TLS_accept: SSLv3 read finished A
rlm_eap_tls: >>> TLS 1.0 ChangeCipherSpec [length 0001]
TLS_accept: SSLv3 write change cipher spec A
rlm_eap_tls: >>> TLS 1.0 Handshake [length 0010], Finished
TLS_accept: SSLv3 write finished A
TLS_accept: SSLv3 flush data
(other): SSL negotiation finished successfully
rlm_eap: SSL error error:00000000:lib(0):func(0):reason(0)
SSL Connection Established
eaptls_process returned 13
rlm_eap_peap: EAPTLS_HANDLED
modcall[authenticate]: module "eap" returns handled for request 4
modcall: leaving group authenticate (returns handled) for request 4
Sending Access-Challenge of id 42 to 192.168.1.1 port 1645
Tunnel-Type:0 = VLAN
Tunnel-Medium-Type:0 = IEEE-802
Tunnel-Private-Group-Id:0 = "vlanX"
EAP-Message = 0x0107003119001403010001011603010020fefca61bf40214a8674a24a744408e2795478ad43134b5d51fcda813c83db9f9
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x84dbafc4fc829bf55dde2305fe57301d
Finished request 4
Going to the next request
Waking up in 6 seconds...
rad_recv: Access-Request packet from host 192.168.1.1:1645, id=43, length=151
User-Name = "DOMAIN\\testuser"
Service-Type = Framed-User
Framed-MTU = 1500
Called-Station-Id = "00-19-AA-2C-8F-03"
Calling-Station-Id = "00-08-74-46-2A-A5"
EAP-Message = 0x020700061900
Message-Authenticator = 0x68c215c3eec41520df4f6ec8077a54b2
NAS-Port = 50001
NAS-Port-Type = Ethernet
State = 0x84dbafc4fc829bf55dde2305fe57301d
NAS-IP-Address = 192.168.1.1
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 5
rlm_eap: EAP packet type response id 7 length 6
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 5
users: Matched entry DEFAULT at line 1
modcall[authorize]: module "files" returns ok for request 5
modcall: leaving group authorize (returns updated) for request 5
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 5
rlm_eap: Request found, released from the list
rlm_eap: EAP/peap
rlm_eap: processing type peap
rlm_eap_peap: Authenticate
rlm_eap_tls: processing TLS
rlm_eap_tls: Received EAP-TLS ACK message
rlm_eap_tls: ack handshake is finished
eaptls_verify returned 3
eaptls_process returned 3
rlm_eap_peap: EAPTLS_SUCCESS
modcall[authenticate]: module "eap" returns handled for request 5
modcall: leaving group authenticate (returns handled) for request 5
Sending Access-Challenge of id 43 to 192.168.1.1 port 1645
Tunnel-Type:0 = VLAN
Tunnel-Medium-Type:0 = IEEE-802
Tunnel-Private-Group-Id:0 = "vlanX"
EAP-Message = 0x01080020190017030100151c2a8c3c0c99b55e4921f4ba75e5c39e27c47f5011
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x28cc94d72d7a29ad80708e0c77706331
Finished request 5
Going to the next request
Waking up in 6 seconds...
rad_recv: Access-Request packet from host 192.168.1.1:1645, id=44, length=190
User-Name = "DOMAIN\\testuser"
Service-Type = Framed-User
Framed-MTU = 1500
Called-Station-Id = "00-19-AA-2C-8F-03"
Calling-Station-Id = "00-08-74-46-2A-A5"
EAP-Message = 0x0208002d1900170301002220a8f31f4e1afb10a647d8177fc5d434c42609050977ee8eb3c2f8041f5807db237b
Message-Authenticator = 0x473b21fd979924a3323bb151624d0f18
NAS-Port = 50001
NAS-Port-Type = Ethernet
State = 0x28cc94d72d7a29ad80708e0c77706331
NAS-IP-Address = 192.168.1.1
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 6
rlm_eap: EAP packet type response id 8 length 45
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 6
users: Matched entry DEFAULT at line 1
modcall[authorize]: module "files" returns ok for request 6
modcall: leaving group authorize (returns updated) for request 6
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 6
rlm_eap: Request found, released from the list
rlm_eap: EAP/peap
rlm_eap: processing type peap
rlm_eap_peap: Authenticate
rlm_eap_tls: processing TLS
eaptls_verify returned 7
rlm_eap_tls: Done initial handshake
eaptls_process returned 7
rlm_eap_peap: EAPTLS_OK
rlm_eap_peap: Session established. Decoding tunneled attributes.
rlm_eap_peap: Identity - DOMAIN\testuser
rlm_eap_peap: Tunneled data is valid.
PEAP: Got tunneled identity of DOMAIN\testuser
PEAP: Setting default EAP type for tunneled EAP session.
PEAP: Setting User-Name to DOMAIN\testuser
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 6
rlm_eap: EAP packet type response id 8 length 22
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 6
users: Matched entry DEFAULT at line 1
modcall[authorize]: module "files" returns ok for request 6
modcall: leaving group authorize (returns updated) for request 6
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 6
rlm_eap: EAP Identity
rlm_eap: processing type mschapv2
rlm_eap_mschapv2: Issuing Challenge
modcall[authenticate]: module "eap" returns handled for request 6
modcall: leaving group authenticate (returns handled) for request 6
PEAP: Got tunneled Access-Challenge
modcall[authenticate]: module "eap" returns handled for request 6
modcall: leaving group authenticate (returns handled) for request 6
Sending Access-Challenge of id 44 to 192.168.1.1 port 1645
Tunnel-Type:0 = VLAN
Tunnel-Medium-Type:0 = IEEE-802
Tunnel-Private-Group-Id:0 = "vlanX"
EAP-Message = 0x0109004219001703010037dfcb5591de4c7a22576166fe485dac01fa4bf329838e9a52075e34d60fb88a44b1ca1c1a613596f8f3229d76528804705cc80524c9d03a
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x33eadcfaac046aed67ca9098faaa2927
Finished request 6
Going to the next request
Waking up in 6 seconds...
rad_recv: Access-Request packet from host 192.168.1.1:1645, id=45, length=244
User-Name = "DOMAIN\\testuser"
Service-Type = Framed-User
Framed-MTU = 1500
Called-Station-Id = "00-19-AA-2C-8F-03"
Calling-Station-Id = "00-08-74-46-2A-A5"
EAP-Message = 0x02090063190017030100585809205c332fd978f5caf5249f239c285a36684ac4b3db2a5c5126a9d83a48a4f0399ac6b9368cba8c23e91ea2b28643a5b679aa0ce0bc096fb91772d0e25bbb7ab8c1c393ad0a6ff1390f08fe575ec1f3aa65aa2d632aa2
Message-Authenticator = 0x973387facc75ffe21b452d6d0792f299
NAS-Port = 50001
NAS-Port-Type = Ethernet
State = 0x33eadcfaac046aed67ca9098faaa2927
NAS-IP-Address = 192.168.1.1
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 7
rlm_eap: EAP packet type response id 9 length 99
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 7
users: Matched entry DEFAULT at line 1
modcall[authorize]: module "files" returns ok for request 7
modcall: leaving group authorize (returns updated) for request 7
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 7
rlm_eap: Request found, released from the list
rlm_eap: EAP/peap
rlm_eap: processing type peap
rlm_eap_peap: Authenticate
rlm_eap_tls: processing TLS
eaptls_verify returned 7
rlm_eap_tls: Done initial handshake
eaptls_process returned 7
rlm_eap_peap: EAPTLS_OK
rlm_eap_peap: Session established. Decoding tunneled attributes.
rlm_eap_peap: EAP type mschapv2
rlm_eap_peap: Tunneled data is valid.
PEAP: Setting User-Name to DOMAIN\testuser
PEAP: Adding old state with 77 f6
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 7
rlm_eap: EAP packet type response id 9 length 76
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 7
users: Matched entry DEFAULT at line 1
modcall[authorize]: module "files" returns ok for request 7
modcall: leaving group authorize (returns updated) for request 7
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 7
rlm_eap: Request found, released from the list
rlm_eap: EAP/mschapv2
rlm_eap: processing type mschapv2
Processing the authenticate section of radiusd.conf
modcall: entering group MS-CHAP for request 7
rlm_mschap: No User-Password configured. Cannot create LM-Password.
rlm_mschap: No User-Password configured. Cannot create NT-Password.
rlm_mschap: Told to do MS-CHAPv2 for testuser with NT-Password
radius_xlat: Running registered xlat function of module mschap for string 'NT-Domain'
radius_xlat: Running registered xlat function of module mschap for string 'User-Name'
radius_xlat: Running registered xlat function of module mschap for string 'Challenge'
mschap2: 03
radius_xlat: Running registered xlat function of module mschap for string 'NT-Response'
radius_xlat: '/opt/samba/bin/ntlm_auth --request-nt-key --domain=DOMAIN --username=testuser --challenge=c61ad7019723b68d --nt-response=70fb1b0438208667d0bac6eb895ea8644b413566785d5785'
Exec-Program: /opt/samba/bin/ntlm_auth --request-nt-key --domain=DOMAIN --username=testuser --challenge=c61ad7019723b68d --nt-response=70fb1b0438208667d0bac6eb895ea8644b413566785d5785
Exec-Program output: Logon failure (0xc000006d)
Exec-Program-Wait: plaintext: Logon failure (0xc000006d)
Exec-Program: returned: 1
rlm_mschap: External script failed.
rlm_mschap: FAILED: MS-CHAP2-Response is incorrect
modcall[authenticate]: module "mschap" returns reject for request 7
modcall: leaving group MS-CHAP (returns reject) for request 7
rlm_eap: Freeing handler
modcall[authenticate]: module "eap" returns reject for request 7
modcall: leaving group authenticate (returns reject) for request 7
auth: Failed to validate the user.
PEAP: Tunneled authentication was rejected.
rlm_eap_peap: FAILURE
modcall[authenticate]: module "eap" returns handled for request 7
modcall: leaving group authenticate (returns handled) for request 7
Sending Access-Challenge of id 45 to 192.168.1.1 port 1645
Tunnel-Type:0 = VLAN
Tunnel-Medium-Type:0 = IEEE-802
Tunnel-Private-Group-Id:0 = "vlanX"
EAP-Message = 0x010a00261900170301001b3ffcb99afafe29c89fa4affeb4d1e75070457ba622dfc56ec0f2c6
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xa6d1473e96c7a14c29a8f17fc89a3671
Finished request 7
Going to the next request
Waking up in 6 seconds...
rad_recv: Access-Request packet from host 192.168.1.1:1645, id=46, length=183
User-Name = "DOMAIN\\testuser"
Service-Type = Framed-User
Framed-MTU = 1500
Called-Station-Id = "00-19-AA-2C-8F-03"
Calling-Station-Id = "00-08-74-46-2A-A5"
EAP-Message = 0x020a00261900170301001b0bcaa64a94c7d49ee3af36354ce0441251bb53a91d33b73f0d5953
Message-Authenticator = 0xe45d9f748e60859d612b2ed26966c765
NAS-Port = 50001
NAS-Port-Type = Ethernet
State = 0xa6d1473e96c7a14c29a8f17fc89a3671
NAS-IP-Address = 192.168.1.1
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 8
rlm_eap: EAP packet type response id 10 length 38
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 8
users: Matched entry DEFAULT at line 1
modcall[authorize]: module "files" returns ok for request 8
modcall: leaving group authorize (returns updated) for request 8
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 8
rlm_eap: Request found, released from the list
rlm_eap: EAP/peap
rlm_eap: processing type peap
rlm_eap_peap: Authenticate
rlm_eap_tls: processing TLS
eaptls_verify returned 7
rlm_eap_tls: Done initial handshake
eaptls_process returned 7
rlm_eap_peap: EAPTLS_OK
rlm_eap_peap: Session established. Decoding tunneled attributes.
rlm_eap_peap: Received EAP-TLV response.
rlm_eap_peap: Tunneled data is valid.
rlm_eap_peap: Had sent TLV failure. User was rejcted rejected earlier in this session.
rlm_eap: Handler failed in EAP/peap
rlm_eap: Failed in EAP select
modcall[authenticate]: module "eap" returns invalid for request 8
modcall: leaving group authenticate (returns invalid) for request 8
auth: Failed to validate the user.
Delaying request 8 for 1 seconds
Finished request 8
Going to the next request
Waking up in 6 seconds...
rad_recv: Access-Request packet from host 192.168.1.1:1645, id=46, length=183
Sending Access-Reject of id 46 to 192.168.1.1 port 1645
EAP-Message = 0x040a0004
Message-Authenticator = 0x00000000000000000000000000000000
--- Walking the entire request list ---
Cleaning up request 0 ID 38 with timestamp 457998f5
Cleaning up request 1 ID 39 with timestamp 457998f5
Cleaning up request 2 ID 40 with timestamp 457998f5
Cleaning up request 3 ID 41 with timestamp 457998f5
Cleaning up request 4 ID 42 with timestamp 457998f5
Cleaning up request 5 ID 43 with timestamp 457998f5
Cleaning up request 6 ID 44 with timestamp 457998f5
Cleaning up request 7 ID 45 with timestamp 457998f5
Cleaning up request 8 ID 46 with timestamp 457998f5
Nothing to do. Sleeping until we see a request.
rad_recv: Access-Request packet from host 192.168.1.1:1645, id=47, length=149
User-Name = "DOMAIN\\testuser"
Service-Type = Framed-User
Framed-MTU = 1500
Called-Station-Id = "00-19-AA-2C-8F-03"
Calling-Station-Id = "00-08-74-46-2A-A5"
EAP-Message = 0x0202001601434f5250524f4f545c7467646f72686531
Message-Authenticator = 0x956d87ecbd35d2f1f9079f33f7e1238e
NAS-Port = 50001
NAS-Port-Type = Ethernet
NAS-IP-Address = 192.168.1.1
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 9
rlm_eap: EAP packet type response id 2 length 22
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 9
users: Matched entry DEFAULT at line 1
modcall[authorize]: module "files" returns ok for request 9
modcall: leaving group authorize (returns updated) for request 9
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 9
rlm_eap: EAP Identity
rlm_eap: processing type tls
rlm_eap_tls: Initiate
rlm_eap_tls: Start returned 1
modcall[authenticate]: module "eap" returns handled for request 9
modcall: leaving group authenticate (returns handled) for request 9
Sending Access-Challenge of id 47 to 192.168.1.1 port 1645
Tunnel-Type:0 = VLAN
Tunnel-Medium-Type:0 = IEEE-802
Tunnel-Private-Group-Id:0 = "vlanX"
EAP-Message = 0x010300061920
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x0c208d59dc2577205f327cbfac00af89
Finished request 9
Going to the next request
--- Walking the entire request list ---
Waking up in 6 seconds...
rad_recv: Access-Request packet from host 192.168.1.1:1645, id=48, length=257
User-Name = "DOMAIN\\testuser"
Service-Type = Framed-User
Framed-MTU = 1500
Called-Station-Id = "00-19-AA-2C-8F-03"
Calling-Station-Id = "00-08-74-46-2A-A5"
EAP-Message = 0x0203007019800000006616030100610100005d03014579990cb3f8c006d0888a660f8163cc33a6543ba8996c4c6436238f339115b620c131ee8e347614dd96be74d24d8d0d56dffdbc25b8a27dded39fc3df92bb91d5001600040005000a000900640062000300060013001200630100
Message-Authenticator = 0xeb43847282321ac0066c963b43b9c673
NAS-Port = 50001
NAS-Port-Type = Ethernet
State = 0x0c208d59dc2577205f327cbfac00af89
NAS-IP-Address = 192.168.1.1
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 10
rlm_eap: EAP packet type response id 3 length 112
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 10
users: Matched entry DEFAULT at line 1
modcall[authorize]: module "files" returns ok for request 10
modcall: leaving group authorize (returns updated) for request 10
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 10
rlm_eap: Request found, released from the list
rlm_eap: EAP/peap
rlm_eap: processing type peap
rlm_eap_peap: Authenticate
rlm_eap_tls: processing TLS
rlm_eap_tls: Length Included
eaptls_verify returned 11
(other): before/accept initialization
TLS_accept: before/accept initialization
rlm_eap_tls: <<< TLS 1.0 Handshake [length 0061], ClientHello
TLS_accept: SSLv3 read client hello A
rlm_eap_tls: >>> TLS 1.0 Handshake [length 004a], ServerHello
TLS_accept: SSLv3 write server hello A
rlm_eap_tls: >>> TLS 1.0 Handshake [length 080d], Certificate
TLS_accept: SSLv3 write certificate A
rlm_eap_tls: >>> TLS 1.0 Handshake [length 0004], ServerHelloDone
TLS_accept: SSLv3 write server done A
TLS_accept: SSLv3 flush data
TLS_accept:error in SSLv3 read client certificate A
rlm_eap: SSL error error:00000000:lib(0):func(0):reason(0)
In SSL Handshake Phase
In SSL Accept mode
eaptls_process returned 13
rlm_eap_peap: EAPTLS_HANDLED
modcall[authenticate]: module "eap" returns handled for request 10
modcall: leaving group authenticate (returns handled) for request 10
Sending Access-Challenge of id 48 to 192.168.1.1 port 1645
Tunnel-Type:0 = VLAN
Tunnel-Medium-Type:0 = IEEE-802
Tunnel-Private-Group-Id:0 = "vlanX"
EAP-Message = 0x0104040a19c00000086a160301004a0200004603014579990d967c1d56a8d185c7dc01abf8a6207c7b608b4b176311c434940cdd2d2097e122bab4dc1446d18733d8fc80cbaefc8e1e9e3226d4bef2a7bf35f0beb813000400160301080d0b0008090008060004b6308204b23082041ba003020102020a2e00e9e400000000002a300d06092a864886f70d0101050500306f3128302606092a864886f70d0109011619696e6f2e68656c706465736b407377697373636f6d2e636f6d310b30090603550406130243483121301f060355040a13185377697373636f6d20496e6e6f766174696f6e73204c7464311330110603550403130a494e4f2d4345
EAP-Message = 0x532d4341301e170d3036313032303132323831305a170d3037313032303132333831305a307e311b301906092a864886f70d010901160c726f6f7440767074742e6368310b3009060355040613024348310d300b060355040813044265726e3121301f060355040a13185377697373636f6d20496e6e6f766174696f6e204c74642e3120301e06035504031317696e6f636573766d7073312e73776973737074742e636830819f300d06092a864886f70d010101050003818d0030818902818100bcbadc4b571f51a19389879c2df4b32045fd76516d1afb6b06f96374dac730116958664972ae66216bf6bb9530573daaf005e0ea7018020baa62471f
EAP-Message = 0xf05d3288cec3d40eac124ef80047cc9c853b0f2a925ab042bd1e0ba961de60cc0f1aca95a38b7ca9362977ed79f29de2b83325ff9c8cc4c087b3a7c7283e6fc0c95e1f470203010001a382024430820240301d0603551d0e0416041402827c1fe6af65cb4ed510eee57c81f9845126b33081a80603551d230481a030819d80140531afcf5f726f0182cc53ee960e4a53f8687bf4a173a471306f3128302606092a864886f70d0109011619696e6f2e68656c706465736b407377697373636f6d2e636f6d310b30090603550406130243483121301f060355040a13185377697373636f6d20496e6e6f766174696f6e73204c7464311330110603550403
EAP-Message = 0x130a494e4f2d4345532d4341821050dae873d6e1498e49c13dc445dc31f730818d0603551d1f048185308182303ea03ca03a8638687474703a2f2f696e6f636573616373322e636f7270726f6f742e6e65742f43657274456e726f6c6c2f494e4f2d4345532d43412e63726c3040a03ea03c863a66696c653a2f2f5c5c696e6f636573616373322e636f7270726f6f742e6e65745c43657274456e726f6c6c5c494e4f2d4345532d43412e63726c3081ce06082b060105050701010481c13081be305c06082b060105050730028650687474703a2f2f696e6f636573616373322e636f7270726f6f742e6e65742f43657274456e726f6c6c2f696e6f63
EAP-Message = 0x6573616373322e636f7270726f6f742e6e65745f494e
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x7e54bdce3e0f83476c1d3cc8929b06e2
Finished request 10
Going to the next request
Waking up in 6 seconds...
rad_recv: Access-Request packet from host 192.168.1.1:1645, id=49, length=151
User-Name = "DOMAIN\\testuser"
Service-Type = Framed-User
Framed-MTU = 1500
Called-Station-Id = "00-19-AA-2C-8F-03"
Calling-Station-Id = "00-08-74-46-2A-A5"
EAP-Message = 0x020400061900
Message-Authenticator = 0xdcf1f45087c3f55071c74f33303d6098
NAS-Port = 50001
NAS-Port-Type = Ethernet
State = 0x7e54bdce3e0f83476c1d3cc8929b06e2
NAS-IP-Address = 192.168.1.1
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 11
rlm_eap: EAP packet type response id 4 length 6
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 11
users: Matched entry DEFAULT at line 1
modcall[authorize]: module "files" returns ok for request 11
modcall: leaving group authorize (returns updated) for request 11
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 11
rlm_eap: Request found, released from the list
rlm_eap: EAP/peap
rlm_eap: processing type peap
rlm_eap_peap: Authenticate
rlm_eap_tls: processing TLS
rlm_eap_tls: Received EAP-TLS ACK message
rlm_eap_tls: ack handshake fragment handler
eaptls_verify returned 1
eaptls_process returned 13
rlm_eap_peap: EAPTLS_HANDLED
modcall[authenticate]: module "eap" returns handled for request 11
modcall: leaving group authenticate (returns handled) for request 11
Sending Access-Challenge of id 49 to 192.168.1.1 port 1645
Tunnel-Type:0 = VLAN
Tunnel-Medium-Type:0 = IEEE-802
Tunnel-Private-Group-Id:0 = "vlanX"
EAP-Message = 0x0105040619404f2d4345532d43412e637274305e06082b06010505073002865266696c653a2f2f5c5c696e6f636573616373322e636f7270726f6f742e6e65745c43657274456e726f6c6c5c696e6f636573616373322e636f7270726f6f742e6e65745f494e4f2d4345532d43412e63727430130603551d25040c300a06082b06010505070301300d06092a864886f70d0101050500038181006a5fee48e1a8a5a43794cbaa520aaab4b9105add93c531bf8ce91f8374f08ae40dc04c03d7de7410b29bf3b64e97bf9af15be919096a8b04d021c615a763b01a05fbb572428830e1d1a2ad3cffcff079f524ce745cf8c9c7a2306d0f035eb7072ae63a
EAP-Message = 0x92993d914ff7107b0ae9de3d3d4f19183f6b36383d91c57245f5cb694200034a30820346308202afa003020102021050dae873d6e1498e49c13dc445dc31f7300d06092a864886f70d0101050500306f3128302606092a864886f70d0109011619696e6f2e68656c706465736b407377697373636f6d2e636f6d310b30090603550406130243483121301f060355040a13185377697373636f6d20496e6e6f766174696f6e73204c7464311330110603550403130a494e4f2d4345532d4341301e170d3035303831303136313232315a170d3135303831303136323134325a306f3128302606092a864886f70d0109011619696e6f2e68656c70646573
EAP-Message = 0x6b407377697373636f6d2e636f6d310b30090603550406130243483121301f060355040a13185377697373636f6d20496e6e6f766174696f6e73204c7464311330110603550403130a494e4f2d4345532d434130819f300d06092a864886f70d010101050003818d0030818902818100bcdaa85f50acb0a704320cd308fe56ed5fff84b4ad027b0f8590495c17b15657a52475d8a7e14122f423213dae283a61978f27fa938e14adcc4ff6df9680be9520f576d041923181498768ad8f4e6a2c4c846359444d1ffba19b61d9086ddaa0b74d5ea18dc315482e3e14f43f3c6e937de7029cd2c1de45833fd6c4cf26697d0203010001a381e23081df300b
EAP-Message = 0x0603551d0f0404030201c6300f0603551d130101ff040530030101ff301d0603551d0e041604140531afcf5f726f0182cc53ee960e4a53f8687bf430818d0603551d1f048185308182303ea03ca03a8638687474703a2f2f696e6f636573616373322e636f7270726f6f742e6e65742f43657274456e726f6c6c2f494e4f2d4345532d43412e63726c3040a03ea03c863a66696c653a2f2f5c5c696e6f636573616373322e636f7270726f6f742e6e65745c43657274456e726f6c6c5c494e4f2d4345532d43412e63726c301006092b06010401823715010403020100300d06092a864886f70d010105050003818100a3eea55c46c0fa3d1cac6fa04e
EAP-Message = 0x91a9f530133facb67f69835f8e7b389fa2d0
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x3779029a8e48dc53a1d62d035f619fbd
Finished request 11
Going to the next request
Waking up in 6 seconds...
rad_recv: Access-Request packet from host 192.168.1.1:1645, id=50, length=151
User-Name = "DOMAIN\\testuser"
Service-Type = Framed-User
Framed-MTU = 1500
Called-Station-Id = "00-19-AA-2C-8F-03"
Calling-Station-Id = "00-08-74-46-2A-A5"
EAP-Message = 0x020500061900
Message-Authenticator = 0x83767edf44377d33a3ecde25cd988373
NAS-Port = 50001
NAS-Port-Type = Ethernet
State = 0x3779029a8e48dc53a1d62d035f619fbd
NAS-IP-Address = 192.168.1.1
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 12
rlm_eap: EAP packet type response id 5 length 6
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 12
users: Matched entry DEFAULT at line 1
modcall[authorize]: module "files" returns ok for request 12
modcall: leaving group authorize (returns updated) for request 12
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 12
rlm_eap: Request found, released from the list
rlm_eap: EAP/peap
rlm_eap: processing type peap
rlm_eap_peap: Authenticate
rlm_eap_tls: processing TLS
rlm_eap_tls: Received EAP-TLS ACK message
rlm_eap_tls: ack handshake fragment handler
eaptls_verify returned 1
eaptls_process returned 13
rlm_eap_peap: EAPTLS_HANDLED
modcall[authenticate]: module "eap" returns handled for request 12
modcall: leaving group authenticate (returns handled) for request 12
Sending Access-Challenge of id 50 to 192.168.1.1 port 1645
Tunnel-Type:0 = VLAN
Tunnel-Medium-Type:0 = IEEE-802
Tunnel-Private-Group-Id:0 = "vlanX"
EAP-Message = 0x010600701900dbff8395b2eecf4ff75d35aab631de6621a8a96949ad6f63abc615b5714293a8d4e23d6248cea124a8fce49a67f5bdef8bbf0cb12f58375bb72154f29bd69b8ed6df9ea14c1ed5d83bae339f1a23503923e1d7a4839f8139393a0ccfb5cce9fe1116030100040e000000
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xe5f038edb0f8c3f8e06f0a5f23f410d7
Finished request 12
Going to the next request
Waking up in 6 seconds...
rad_recv: Access-Request packet from host 192.168.1.1:1645, id=51, length=337
User-Name = "DOMAIN\\testuser"
Service-Type = Framed-User
Framed-MTU = 1500
Called-Station-Id = "00-19-AA-2C-8F-03"
Calling-Station-Id = "00-08-74-46-2A-A5"
EAP-Message = 0x020600c01980000000b6160301008610000082008036b1acf72df2a0e0aea88ccdca72785802c8e7cf7cc809cbc1cd2970526bddd05f407a1ba93a4c9ced40e5657569189acf8c3aa31d4066ad7d0485cdb25f33eee747cca76116a0f2531df2402036a15a8899a25e241056b7bbd467a074c4113184f88103702ec427de5614b21844988a02cee2ddc2f70bbc51c8a7363b6ed97e140301000101160301002047274e9ee0b53905bee7cbe41e7544504fe13dee7413181a9e75c5fb3db96dc3
Message-Authenticator = 0x330e5ade3dc6c1b98211db9a1749ee4e
NAS-Port = 50001
NAS-Port-Type = Ethernet
State = 0xe5f038edb0f8c3f8e06f0a5f23f410d7
NAS-IP-Address = 192.168.1.1
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 13
rlm_eap: EAP packet type response id 6 length 192
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 13
users: Matched entry DEFAULT at line 1
modcall[authorize]: module "files" returns ok for request 13
modcall: leaving group authorize (returns updated) for request 13
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 13
rlm_eap: Request found, released from the list
rlm_eap: EAP/peap
rlm_eap: processing type peap
rlm_eap_peap: Authenticate
rlm_eap_tls: processing TLS
rlm_eap_tls: Length Included
eaptls_verify returned 11
rlm_eap_tls: <<< TLS 1.0 Handshake [length 0086], ClientKeyExchange
TLS_accept: SSLv3 read client key exchange A
rlm_eap_tls: <<< TLS 1.0 ChangeCipherSpec [length 0001]
rlm_eap_tls: <<< TLS 1.0 Handshake [length 0010], Finished
TLS_accept: SSLv3 read finished A
rlm_eap_tls: >>> TLS 1.0 ChangeCipherSpec [length 0001]
TLS_accept: SSLv3 write change cipher spec A
rlm_eap_tls: >>> TLS 1.0 Handshake [length 0010], Finished
TLS_accept: SSLv3 write finished A
TLS_accept: SSLv3 flush data
(other): SSL negotiation finished successfully
rlm_eap: SSL error error:00000000:lib(0):func(0):reason(0)
SSL Connection Established
eaptls_process returned 13
rlm_eap_peap: EAPTLS_HANDLED
modcall[authenticate]: module "eap" returns handled for request 13
modcall: leaving group authenticate (returns handled) for request 13
Sending Access-Challenge of id 51 to 192.168.1.1 port 1645
Tunnel-Type:0 = VLAN
Tunnel-Medium-Type:0 = IEEE-802
Tunnel-Private-Group-Id:0 = "vlanX"
EAP-Message = 0x0107003119001403010001011603010020ae982aadb0779708c8ac084a0c27220bd931ddd0dc1027d641df762da01e7c13
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x60cfa0a5edf7c174c3514cd7c7f65a7b
Finished request 13
Going to the next request
Waking up in 6 seconds...
rad_recv: Access-Request packet from host 192.168.1.1:1645, id=52, length=151
User-Name = "DOMAIN\\testuser"
Service-Type = Framed-User
Framed-MTU = 1500
Called-Station-Id = "00-19-AA-2C-8F-03"
Calling-Station-Id = "00-08-74-46-2A-A5"
EAP-Message = 0x020700061900
Message-Authenticator = 0xbf723e37c3551867e362981b36faa978
NAS-Port = 50001
NAS-Port-Type = Ethernet
State = 0x60cfa0a5edf7c174c3514cd7c7f65a7b
NAS-IP-Address = 192.168.1.1
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 14
rlm_eap: EAP packet type response id 7 length 6
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 14
users: Matched entry DEFAULT at line 1
modcall[authorize]: module "files" returns ok for request 14
modcall: leaving group authorize (returns updated) for request 14
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 14
rlm_eap: Request found, released from the list
rlm_eap: EAP/peap
rlm_eap: processing type peap
rlm_eap_peap: Authenticate
rlm_eap_tls: processing TLS
rlm_eap_tls: Received EAP-TLS ACK message
rlm_eap_tls: ack handshake is finished
eaptls_verify returned 3
eaptls_process returned 3
rlm_eap_peap: EAPTLS_SUCCESS
modcall[authenticate]: module "eap" returns handled for request 14
modcall: leaving group authenticate (returns handled) for request 14
Sending Access-Challenge of id 52 to 192.168.1.1 port 1645
Tunnel-Type:0 = VLAN
Tunnel-Medium-Type:0 = IEEE-802
Tunnel-Private-Group-Id:0 = "vlanX"
EAP-Message = 0x010800201900170301001555db2701383a4dab60e28f0db0e824c4581a5671fe
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x852de9dd7e19d1a5c923bf08c10a13c2
Finished request 14
Going to the next request
Waking up in 6 seconds...
rad_recv: Access-Request packet from host 192.168.1.1:1645, id=53, length=190
User-Name = "DOMAIN\\testuser"
Service-Type = Framed-User
Framed-MTU = 1500
Called-Station-Id = "00-19-AA-2C-8F-03"
Calling-Station-Id = "00-08-74-46-2A-A5"
EAP-Message = 0x0208002d1900170301002288a7cafb3268a1d1350f7c6ba7666503b80405e48ba79e8a7682b8ffd3e63a7f6dbc
Message-Authenticator = 0x1b06f7ed2260a697d6b3be1df34d3c52
NAS-Port = 50001
NAS-Port-Type = Ethernet
State = 0x852de9dd7e19d1a5c923bf08c10a13c2
NAS-IP-Address = 192.168.1.1
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 15
rlm_eap: EAP packet type response id 8 length 45
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 15
users: Matched entry DEFAULT at line 1
modcall[authorize]: module "files" returns ok for request 15
modcall: leaving group authorize (returns updated) for request 15
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 15
rlm_eap: Request found, released from the list
rlm_eap: EAP/peap
rlm_eap: processing type peap
rlm_eap_peap: Authenticate
rlm_eap_tls: processing TLS
eaptls_verify returned 7
rlm_eap_tls: Done initial handshake
eaptls_process returned 7
rlm_eap_peap: EAPTLS_OK
rlm_eap_peap: Session established. Decoding tunneled attributes.
rlm_eap_peap: Identity - DOMAIN\testuser
rlm_eap_peap: Tunneled data is valid.
PEAP: Got tunneled identity of DOMAIN\testuser
PEAP: Setting default EAP type for tunneled EAP session.
PEAP: Setting User-Name to DOMAIN\testuser
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 15
rlm_eap: EAP packet type response id 8 length 22
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 15
users: Matched entry DEFAULT at line 1
modcall[authorize]: module "files" returns ok for request 15
modcall: leaving group authorize (returns updated) for request 15
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 15
rlm_eap: EAP Identity
rlm_eap: processing type mschapv2
rlm_eap_mschapv2: Issuing Challenge
modcall[authenticate]: module "eap" returns handled for request 15
modcall: leaving group authenticate (returns handled) for request 15
PEAP: Got tunneled Access-Challenge
modcall[authenticate]: module "eap" returns handled for request 15
modcall: leaving group authenticate (returns handled) for request 15
Sending Access-Challenge of id 53 to 192.168.1.1 port 1645
Tunnel-Type:0 = VLAN
Tunnel-Medium-Type:0 = IEEE-802
Tunnel-Private-Group-Id:0 = "vlanX"
EAP-Message = 0x0109004219001703010037427780b211d9581c91a92c2976cd7fb11800d9f8e18fc1dc475d70c0e3e1668a78ece916102069c7b5ed11416e729ce39933f80533fbc6
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xded8de88766f4bccc413a3a23bcb5270
Finished request 15
Going to the next request
Waking up in 6 seconds...
rad_recv: Access-Request packet from host 192.168.1.1:1645, id=54, length=244
User-Name = "DOMAIN\\testuser"
Service-Type = Framed-User
Framed-MTU = 1500
Called-Station-Id = "00-19-AA-2C-8F-03"
Calling-Station-Id = "00-08-74-46-2A-A5"
EAP-Message = 0x02090063190017030100586094e3cc1d9e1f5856e8bccf4b82654c4ad75cd04c6a10fff6623b01356111bab02ff75ae23eb1c7b4aca810edccf35de1270f93ef9ff0e89440443ef866c918f23c945db147426c108f8ad6928e748d34bd10486dbe1a5f
Message-Authenticator = 0xcf3d72e3d06990d7daa371a4a33f8053
NAS-Port = 50001
NAS-Port-Type = Ethernet
State = 0xded8de88766f4bccc413a3a23bcb5270
NAS-IP-Address = 192.168.1.1
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 16
rlm_eap: EAP packet type response id 9 length 99
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 16
users: Matched entry DEFAULT at line 1
modcall[authorize]: module "files" returns ok for request 16
modcall: leaving group authorize (returns updated) for request 16
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 16
rlm_eap: Request found, released from the list
rlm_eap: EAP/peap
rlm_eap: processing type peap
rlm_eap_peap: Authenticate
rlm_eap_tls: processing TLS
eaptls_verify returned 7
rlm_eap_tls: Done initial handshake
eaptls_process returned 7
rlm_eap_peap: EAPTLS_OK
rlm_eap_peap: Session established. Decoding tunneled attributes.
rlm_eap_peap: EAP type mschapv2
rlm_eap_peap: Tunneled data is valid.
PEAP: Setting User-Name to DOMAIN\testuser
PEAP: Adding old state with db be
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 16
rlm_eap: EAP packet type response id 9 length 76
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 16
users: Matched entry DEFAULT at line 1
modcall[authorize]: module "files" returns ok for request 16
modcall: leaving group authorize (returns updated) for request 16
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 16
rlm_eap: Request found, released from the list
rlm_eap: EAP/mschapv2
rlm_eap: processing type mschapv2
Processing the authenticate section of radiusd.conf
modcall: entering group MS-CHAP for request 16
rlm_mschap: No User-Password configured. Cannot create LM-Password.
rlm_mschap: No User-Password configured. Cannot create NT-Password.
rlm_mschap: Told to do MS-CHAPv2 for testuser with NT-Password
radius_xlat: Running registered xlat function of module mschap for string 'NT-Domain'
radius_xlat: Running registered xlat function of module mschap for string 'User-Name'
radius_xlat: Running registered xlat function of module mschap for string 'Challenge'
mschap2: ae
radius_xlat: Running registered xlat function of module mschap for string 'NT-Response'
radius_xlat: '/opt/samba/bin/ntlm_auth --request-nt-key --domain=DOMAIN --username=testuser --challenge=aea3ef9fe78f8ac2 --nt-response=8c6a735e29ed7cddb8c02ae601424aca79d115544324731d'
Exec-Program: /opt/samba/bin/ntlm_auth --request-nt-key --domain=DOMAIN --username=testuser --challenge=aea3ef9fe78f8ac2 --nt-response=8c6a735e29ed7cddb8c02ae601424aca79d115544324731d
Exec-Program output: NT_KEY: 12047FA4AC9D0AA0F53475F2FA2D03AF
Exec-Program-Wait: plaintext: NT_KEY: 12047FA4AC9D0AA0F53475F2FA2D03AF
Exec-Program: returned: 0
modcall[authenticate]: module "mschap" returns ok for request 16
modcall: leaving group MS-CHAP (returns ok) for request 16
MSCHAP Success
modcall[authenticate]: module "eap" returns handled for request 16
modcall: leaving group authenticate (returns handled) for request 16
PEAP: Got tunneled Access-Challenge
modcall[authenticate]: module "eap" returns handled for request 16
modcall: leaving group authenticate (returns handled) for request 16
Sending Access-Challenge of id 54 to 192.168.1.1 port 1645
Tunnel-Type:0 = VLAN
Tunnel-Medium-Type:0 = IEEE-802
Tunnel-Private-Group-Id:0 = "vlanX"
EAP-Message = 0x010a004a1900170301003fef7905b2d4365d2237b81630423bc384d7bcb02b1b174a194bd45d2fd6cb233fe98fd93c30e1ebaa50e34ea3a409e352a990e1ed2c665b91344766a9f52135
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x05c6c7c2066a6d23236f6a02c7b62783
Finished request 16
Going to the next request
Waking up in 6 seconds...
rad_recv: Access-Request packet from host 192.168.1.1:1645, id=55, length=174
User-Name = "DOMAIN\\testuser"
Service-Type = Framed-User
Framed-MTU = 1500
Called-Station-Id = "00-19-AA-2C-8F-03"
Calling-Station-Id = "00-08-74-46-2A-A5"
EAP-Message = 0x020a001d1900170301001237f99735d4db2ad15b56ba7ca23d6bd3d6c4
Message-Authenticator = 0xb07169c8d70f58fe956cb729d91eb15f
NAS-Port = 50001
NAS-Port-Type = Ethernet
State = 0x05c6c7c2066a6d23236f6a02c7b62783
NAS-IP-Address = 192.168.1.1
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 17
rlm_eap: EAP packet type response id 10 length 29
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 17
users: Matched entry DEFAULT at line 1
modcall[authorize]: module "files" returns ok for request 17
modcall: leaving group authorize (returns updated) for request 17
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 17
rlm_eap: Request found, released from the list
rlm_eap: EAP/peap
rlm_eap: processing type peap
rlm_eap_peap: Authenticate
rlm_eap_tls: processing TLS
eaptls_verify returned 7
rlm_eap_tls: Done initial handshake
eaptls_process returned 7
rlm_eap_peap: EAPTLS_OK
rlm_eap_peap: Session established. Decoding tunneled attributes.
rlm_eap_peap: EAP type mschapv2
rlm_eap_peap: Tunneled data is valid.
PEAP: Setting User-Name to DOMAIN\testuser
PEAP: Adding old state with 91 d5
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 17
rlm_eap: EAP packet type response id 10 length 6
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 17
users: Matched entry DEFAULT at line 1
modcall[authorize]: module "files" returns ok for request 17
modcall: leaving group authorize (returns updated) for request 17
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 17
rlm_eap: Request found, released from the list
rlm_eap: EAP/mschapv2
rlm_eap: processing type mschapv2
rlm_eap: Freeing handler
modcall[authenticate]: module "eap" returns ok for request 17
modcall: leaving group authenticate (returns ok) for request 17
PEAP: Tunneled authentication was successful.
rlm_eap_peap: SUCCESS
modcall[authenticate]: module "eap" returns handled for request 17
modcall: leaving group authenticate (returns handled) for request 17
Sending Access-Challenge of id 55 to 192.168.1.1 port 1645
Tunnel-Type:0 = VLAN
Tunnel-Medium-Type:0 = IEEE-802
Tunnel-Private-Group-Id:0 = "vlanX"
EAP-Message = 0x010b00261900170301001b92a97899d7d36a01ce0773c89ec1912d02c257d4c5bb24239e1b84
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x898f8d49a4dfd4d1e5c301eb592f532a
Finished request 17
Going to the next request
Waking up in 6 seconds...
rad_recv: Access-Request packet from host 192.168.1.1:1645, id=56, length=183
User-Name = "DOMAIN\\testuser"
Service-Type = Framed-User
Framed-MTU = 1500
Called-Station-Id = "00-19-AA-2C-8F-03"
Calling-Station-Id = "00-08-74-46-2A-A5"
EAP-Message = 0x020b00261900170301001b2b96f40aa3319766d8adf76e850b1f0bd44117041db965f51cf0b5
Message-Authenticator = 0x3f0853b193e36a8d7b85d734713703a0
NAS-Port = 50001
NAS-Port-Type = Ethernet
State = 0x898f8d49a4dfd4d1e5c301eb592f532a
NAS-IP-Address = 192.168.1.1
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 18
rlm_eap: EAP packet type response id 11 length 38
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 18
users: Matched entry DEFAULT at line 1
modcall[authorize]: module "files" returns ok for request 18
modcall: leaving group authorize (returns updated) for request 18
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 18
rlm_eap: Request found, released from the list
rlm_eap: EAP/peap
rlm_eap: processing type peap
rlm_eap_peap: Authenticate
rlm_eap_tls: processing TLS
eaptls_verify returned 7
rlm_eap_tls: Done initial handshake
eaptls_process returned 7
rlm_eap_peap: EAPTLS_OK
rlm_eap_peap: Session established. Decoding tunneled attributes.
rlm_eap_peap: Received EAP-TLV response.
rlm_eap_peap: Tunneled data is valid.
rlm_eap_peap: Success
rlm_eap: Freeing handler
modcall[authenticate]: module "eap" returns ok for request 18
modcall: leaving group authenticate (returns ok) for request 18
Sending Access-Accept of id 56 to 192.168.1.1 port 1645
Tunnel-Type:0 = VLAN
Tunnel-Medium-Type:0 = IEEE-802
Tunnel-Private-Group-Id:0 = "vlanX"
MS-MPPE-Recv-Key = 0x1c8f0ede465ed8d7250bfd67396e340423ff2859327f38942b13a210030ad18c
MS-MPPE-Send-Key = 0xc12ccf7491c816122c7a2bd30eb177d2add2b23897493492288f1647c850d06f
EAP-Message = 0x030b0004
Message-Authenticator = 0x00000000000000000000000000000000
User-Name = "DOMAIN\\testuser"
Finished request 18
Going to the next request
Waking up in 6 seconds...
--- Walking the entire request list ---
Cleaning up request 9 ID 47 with timestamp 4579990d
Cleaning up request 10 ID 48 with timestamp 4579990d
Cleaning up request 11 ID 49 with timestamp 4579990d
Cleaning up request 12 ID 50 with timestamp 4579990d
Cleaning up request 13 ID 51 with timestamp 4579990d
Cleaning up request 14 ID 52 with timestamp 4579990d
Cleaning up request 15 ID 53 with timestamp 4579990d
Cleaning up request 16 ID 54 with timestamp 4579990d
Cleaning up request 17 ID 55 with timestamp 4579990d
Cleaning up request 18 ID 56 with timestamp 4579990d
Nothing to do. Sleeping until we see a request.
3
6
> Hi,
> I have written a module for use with freeRADIUS which seems to
work
> fine and dandy on my desktop Fedora box. However when I drop this
> module and config on one of the production (and now test) Debian
> Sarge boxes running the same initial config with same version of
> freeRADIUS I get :
>
> /usr/sbin/freeradius: relocation error: /usr/lib/perl5/auto/DBI/
> DBI.so: undefined symbol: Perl_Gthr_key_ptr
>
> and freeRADIUS obvioulsy refuses to start.
>
I solved it by starting freeradius (and changing the startup scripts)
using
LD_PRELOAD=/usr/lib/libperl.so freeradius $freeradiusargs
J.
2
1
Hi Folks,
I'm using freeradius-1.1.3_1 on FreeBSD 6.2-PRERELEASE and
mysql-server-5.0.27.
My database connection is ok, and I'm sucessfully authorizeing on MySQL
databse. After user connection, a entry is added on radpostauth table.
My problem is cause there is no entry on radacct table. Here is an
authentication:
[root@mercury /usr/local/etc/raddb]# radtest brt adsl 127.0.0.1 0 teste
Sending Access-Request of id 206 to 127.0.0.1 port 1812
User-Name = "brt"
User-Password = "adsl"
NAS-IP-Address = 255.255.255.255
NAS-Port = 0
rad_recv: Access-Accept packet from host 127.0.0.1:1812, id=206, length=20
And here the result of radiusd -X:
[root@mercury /usr/local/etc/raddb]# radiusd -X
Starting - reading configuration files ...
reread_config: reading radiusd.conf
Config: including file: /usr/local/etc/raddb/clients.conf
Config: including file: /usr/local/etc/raddb/eap.conf
Config: including file: /usr/local/etc/raddb/sql.conf
main: prefix = "/usr/local"
main: localstatedir = "/var"
main: logdir = "/var/log"
main: libdir = "/usr/local/lib"
main: radacctdir = "/var/log/radacct"
main: hostname_lookups = no
main: max_request_time = 30
main: cleanup_delay = 5
main: max_requests = 768000
main: delete_blocked_requests = 0
main: port = 1812
main: allow_core_dumps = no
main: log_stripped_names = no
main: log_file = "/var/log/radius.log"
main: log_auth = yes
main: log_auth_badpass = yes
main: log_auth_goodpass = yes
main: pidfile = "/var/run/radiusd/radiusd.pid"
main: user = "nobody"
main: group = "nobody"
main: usercollide = no
main: lower_user = "no"
main: lower_pass = "no"
main: nospace_user = "no"
main: nospace_pass = "no"
main: checkrad = "/usr/local/sbin/checkrad"
main: proxy_requests = no
security: max_attributes = 200
security: reject_delay = 1
security: status_server = no
main: debug_level = 0
read_config_files: reading dictionary
read_config_files: reading naslist
read_config_files: reading clients
read_config_files: reading realms
radiusd: entering modules setup
Module: Library search path is /usr/local/lib
Module: Loaded exec
exec: wait = yes
exec: program = "(null)"
exec: input_pairs = "request"
exec: output_pairs = "(null)"
exec: packet_type = "(null)"
rlm_exec: Wait=yes but no output defined. Did you mean output=none?
Module: Instantiated exec (exec)
Module: Loaded expr
Module: Instantiated expr (expr)
Module: Loaded PAP
pap: encryption_scheme = "crypt"
Module: Instantiated pap (pap)
Module: Loaded CHAP
Module: Instantiated chap (chap)
Module: Loaded MS-CHAP
mschap: use_mppe = yes
mschap: require_encryption = no
mschap: require_strong = no
mschap: with_ntdomain_hack = no
mschap: passwd = "(null)"
mschap: ntlm_auth = "(null)"
Module: Instantiated mschap (mschap)
Module: Loaded System
unix: cache = no
unix: passwd = "(null)"
unix: shadow = "(null)"
unix: group = "(null)"
unix: radwtmp = "/var/log/radwtmp"
unix: usegroup = no
unix: cache_reload = 600
Module: Instantiated unix (unix)
Module: Loaded eap
eap: default_eap_type = "md5"
eap: timer_expire = 60
eap: ignore_unknown_eap_types = no
eap: cisco_accounting_username_bug = no
rlm_eap: Loaded and initialized type md5
rlm_eap: Loaded and initialized type leap
gtc: challenge = "Password: "
gtc: auth_type = "PAP"
rlm_eap: Loaded and initialized type gtc
mschapv2: with_ntdomain_hack = no
rlm_eap: Loaded and initialized type mschapv2
Module: Instantiated eap (eap)
Module: Loaded preprocess
preprocess: huntgroups = "/usr/local/etc/raddb/huntgroups"
preprocess: hints = "/usr/local/etc/raddb/hints"
preprocess: with_ascend_hack = no
preprocess: ascend_channels_per_line = 23
preprocess: with_ntdomain_hack = no
preprocess: with_specialix_jetstream_hack = no
preprocess: with_cisco_vsa_hack = no
preprocess: with_alvarion_vsa_hack = no
Module: Instantiated preprocess (preprocess)
Module: Loaded SQL
sql: driver = "rlm_sql_mysql"
sql: server = "localhost"
sql: port = ""
sql: login = "radius"
sql: password = "radius"
sql: radius_db = "radius-test"
sql: nas_table = "nas"
sql: sqltrace = no
sql: sqltracefile = "/var/log/sqltrace.sql"
sql: readclients = no
sql: deletestalesessions = yes
sql: num_sql_socks = 5
sql: sql_user_name = "%{User-Name}"
sql: default_user_profile = ""
sql: query_on_not_found = no
sql: authorize_check_query = "SELECT id, UserName, Attribute, Value,
op FROM radcheck WHERE Username =
'%{SQL-User-Name}' ORDER BY id"
sql: authorize_reply_query = "SELECT id, UserName, Attribute, Value,
op FROM radreply WHERE Username =
'%{SQL-User-Name}' ORDER BY id"
sql: authorize_group_check_query = "SELECT
radgroupcheck.id,radgroupcheck.GroupName,radgroupcheck.Attribute,radgroupcheck.Value,radgroupcheck.op
FROM radgroupcheck,usergroup WHERE usergroup.Username =
'%{SQL-User-Name}' AND usergroup.GroupName = radgroupcheck.GroupName
ORDER BY radgroupcheck.id"
sql: authorize_group_reply_query = "SELECT
radgroupreply.id,radgroupreply.GroupName,radgroupreply.Attribute,radgroupreply.Value,radgroupreply.op
FROM radgroupreply,usergroup WHERE usergroup.Username =
'%{SQL-User-Name}' AND usergroup.GroupName = radgroupreply.GroupName
ORDER BY radgroupreply.id"
sql: accounting_onoff_query = "UPDATE radacct SET AcctStopTime='%S',
AcctSessionTime=unix_timestamp('%S') - unix_timestamp(AcctStartTime),
AcctTerminateCause='%{Acct-Terminate-Cause}', AcctStopDelay =
'%{Acct-Delay-Time}' WHERE AcctSessionTime=0 AND AcctStopTime=0 AND
NASIPAddress= '%{NAS-IP-Address}' AND AcctStartTime <= '%S'"
sql: accounting_update_query = "UPDATE radacct SET
FramedIPAddress = '%{Framed-IP-Address}', AcctSessionTime =
'%{Acct-Session-Time}', AcctInputOctets =
'%{Acct-Input-Octets}', AcctOutputOctets =
'%{Acct-Output-Octets}' WHERE AcctSessionId =
'%{Acct-Session-Id}' AND UserName =
'%{SQL-User-Name}' AND NASIPAddress= '%{NAS-IP-Address}'"
sql: accounting_update_query_alt = "INSERT into radacct (AcctSessionId,
AcctUniqueId, UserName, Realm, NASIPAddress, NASPortId, NASPortType,
AcctStartTime, AcctSessionTime, AcctAuthentic, ConnectInfo_start,
AcctInputOctets, AcctOutputOctets, CalledStationId, CallingStationId,
ServiceType, FramedProtocol, FramedIPAddress, AcctStartDelay)
values('%{Acct-Session-Id}', '%{Acct-Unique-Session-Id}',
'%{SQL-User-Name}', '%{Realm}', '%{NAS-IP-Address}', '%{NAS-Port}',
'%{NAS-Port-Type}', DATE_SUB('%S',INTERVAL (%{Acct-Session-Time:-0} +
%{Acct-Delay-Time:-0}) SECOND), '%{Acct-Session-Time}',
'%{Acct-Authentic}', '', '%{Acct-Input-Octets}',
'%{Acct-Output-Octets}', '%{Called-Station-Id}',
'%{Calling-Station-Id}', '%{Service-Type}', '%{Framed-Protocol}',
'%{Framed-IP-Address}', '0')"
sql: accounting_start_query = "INSERT into radacct (AcctSessionId,
AcctUniqueId, UserName, Realm, NASIPAddress, NASPortId, NASPortType,
AcctStartTime, AcctStopTime, AcctSessionTime, AcctAuthentic,
ConnectInfo_start, ConnectInfo_stop, AcctInputOctets, AcctOutputOctets,
CalledStationId, CallingStationId, AcctTerminateCause, ServiceType,
FramedProtocol, FramedIPAddress, AcctStartDelay, AcctStopDelay)
values('%{Acct-Session-Id}', '%{Acct-Unique-Session-Id}',
'%{SQL-User-Name}', '%{Realm}', '%{NAS-IP-Address}', '%{NAS-Port}',
'%{NAS-Port-Type}', '%S', '0', '0', '%{Acct-Authentic}',
'%{Connect-Info}', '', '0', '0', '%{Called-Station-Id}',
'%{Calling-Station-Id}', '', '%{Service-Type}', '%{Framed-Protocol}',
'%{Framed-IP-Address}', '%{Acct-Delay-Time}', '0')"
sql: accounting_start_query_alt = "UPDATE radacct SET AcctStartTime =
'%S', AcctStartDelay = '%{Acct-Delay-Time}', ConnectInfo_start =
'%{Connect-Info}' WHERE AcctSessionId = '%{Acct-Session-Id}' AND
UserName = '%{SQL-User-Name}' AND NASIPAddress = '%{NAS-IP-Address}'"
sql: accounting_stop_query = "UPDATE radacct SET AcctStopTime = '%S',
AcctSessionTime = '%{Acct-Session-Time}', AcctInputOctets =
'%{Acct-Input-Octets}', AcctOutputOctets = '%{Acct-Output-Octets}',
AcctTerminateCause = '%{Acct-Terminate-Cause}', AcctStopDelay =
'%{Acct-Delay-Time}', ConnectInfo_stop = '%{Connect-Info}' WHERE
AcctSessionId = '%{Acct-Session-Id}' AND UserName = '%{SQL-User-Name}'
AND NASIPAddress = '%{NAS-IP-Address}'"
sql: accounting_stop_query_alt = "INSERT into radacct (AcctSessionId,
AcctUniqueId, UserName, Realm, NASIPAddress, NASPortId, NASPortType,
AcctStartTime, AcctStopTime, AcctSessionTime, AcctAuthentic,
ConnectInfo_start, ConnectInfo_stop, AcctInputOctets, AcctOutputOctets,
CalledStationId, CallingStationId, AcctTerminateCause, ServiceType,
FramedProtocol, FramedIPAddress, AcctStartDelay, AcctStopDelay)
values('%{Acct-Session-Id}', '%{Acct-Unique-Session-Id}',
'%{SQL-User-Name}', '%{Realm}', '%{NAS-IP-Address}', '%{NAS-Port}',
'%{NAS-Port-Type}', DATE_SUB('%S', INTERVAL (%{Acct-Session-Time:-0} +
%{Acct-Delay-Time:-0}) SECOND), '%S', '%{Acct-Session-Time}',
'%{Acct-Authentic}', '', '%{Connect-Info}', '%{Acct-Input-Octets}',
'%{Acct-Output-Octets}', '%{Called-Station-Id}',
'%{Calling-Station-Id}', '%{Acct-Terminate-Cause}', '%{Service-Type}',
'%{Framed-Protocol}', '%{Framed-IP-Address}', '0', '%{Acct-Delay-Time}')"
sql: group_membership_query = "SELECT GroupName FROM usergroup WHERE
UserName='%{SQL-User-Name}'"
sql: connect_failure_retry_delay = 60
sql: simul_count_query = "SELECT COUNT(*) FROM radacct WHERE
UserName='%{SQL-User-Name}' AND AcctStopTime = 0"
sql: simul_verify_query = "SELECT RadAcctId, AcctSessionId, UserName,
NASIPAddress, NASPortId, FramedIPAddress, CallingStationId,
FramedProtocol FROM radacct WHERE UserName='%{SQL-User-Name}' AND
AcctStopTime = 0"
sql: postauth_query = "INSERT into radpostauth (id, user, pass, reply,
date) values ('', '%{User-Name}', '%{User-Password:-Chap-Password}',
'%{reply:Packet-Type}', NOW())"
sql: safe-characters =
"@abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789.-_: /"
rlm_sql (sql): Driver rlm_sql_mysql (module rlm_sql_mysql) loaded and linked
rlm_sql (sql): Attempting to connect to radius@localhost:/radius-test
rlm_sql (sql): starting 0
rlm_sql (sql): Attempting to connect rlm_sql_mysql #0
rlm_sql_mysql: Starting connect to MySQL server for #0
rlm_sql (sql): Connected new DB handle, #0
rlm_sql (sql): starting 1
rlm_sql (sql): Attempting to connect rlm_sql_mysql #1
rlm_sql_mysql: Starting connect to MySQL server for #1
rlm_sql (sql): Connected new DB handle, #1
rlm_sql (sql): starting 2
rlm_sql (sql): Attempting to connect rlm_sql_mysql #2
rlm_sql_mysql: Starting connect to MySQL server for #2
rlm_sql (sql): Connected new DB handle, #2
rlm_sql (sql): starting 3
rlm_sql (sql): Attempting to connect rlm_sql_mysql #3
rlm_sql_mysql: Starting connect to MySQL server for #3
rlm_sql (sql): Connected new DB handle, #3
rlm_sql (sql): starting 4
rlm_sql (sql): Attempting to connect rlm_sql_mysql #4
rlm_sql_mysql: Starting connect to MySQL server for #4
rlm_sql (sql): Connected new DB handle, #4
Module: Instantiated sql (sql)
Module: Loaded Acct-Unique-Session-Id
acct_unique: key = "User-Name, Acct-Session-Id, NAS-IP-Address,
Client-IP-Address, NAS-Port"
Module: Instantiated acct_unique (acct_unique)
Module: Loaded realm
realm: format = "suffix"
realm: delimiter = "@"
realm: ignore_default = no
realm: ignore_null = no
Module: Instantiated realm (suffix)
Module: Loaded files
files: usersfile = "/usr/local/etc/raddb/users"
files: acctusersfile = "/usr/local/etc/raddb/acct_users"
files: preproxy_usersfile = "/usr/local/etc/raddb/preproxy_users"
files: compat = "no"
Module: Instantiated files (files)
Module: Loaded detail
detail: detailfile = "/var/log/radacct/%{Client-IP-Address}/detail-%Y%m%d"
detail: detailperm = 384
detail: dirperm = 493
detail: locking = no
Module: Instantiated detail (detail)
Module: Loaded radutmp
radutmp: filename = "/var/log/radutmp"
radutmp: username = "%{User-Name}"
radutmp: case_sensitive = yes
radutmp: check_with_nas = yes
radutmp: perm = 384
radutmp: callerid = yes
Module: Instantiated radutmp (radutmp)
Listening on authentication *:1812
Listening on accounting *:1813
Ready to process requests.
rad_recv: Access-Request packet from host 127.0.0.1:51938, id=206, length=55
User-Name = "brt"
User-Password = "adsl"
NAS-IP-Address = 255.255.255.255
NAS-Port = 0
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 0
modcall[authorize]: module "preprocess" returns ok for request 0
radius_xlat: 'brt'
rlm_sql (sql): sql_set_user escaped user --> 'brt'
radius_xlat: 'SELECT id, UserName, Attribute, Value, op FROM
radcheck WHERE Username = 'brt' ORDER BY id'
rlm_sql (sql): Reserving sql socket id: 4
radius_xlat: 'SELECT
radgroupcheck.id,radgroupcheck.GroupName,radgroupcheck.Attribute,radgroupcheck.Value,radgroupcheck.op
FROM radgroupcheck,usergroup WHERE usergroup.Username = 'brt' AND
usergroup.GroupName = radgroupcheck.GroupName ORDER BY radgroupcheck.id'
radius_xlat: 'SELECT id, UserName, Attribute, Value, op FROM
radreply WHERE Username = 'brt' ORDER BY id'
radius_xlat: 'SELECT
radgroupreply.id,radgroupreply.GroupName,radgroupreply.Attribute,radgroupreply.Value,radgroupreply.op
FROM radgroupreply,usergroup WHERE usergroup.Username = 'brt' AND
usergroup.GroupName = radgroupreply.GroupName ORDER BY radgroupreply.id'
rlm_sql (sql): Released sql socket id: 4
modcall[authorize]: module "sql" returns ok for request 0
modcall: leaving group authorize (returns ok) for request 0
auth: type Local
auth: user supplied User-Password matches local User-Password
Processing the session section of radiusd.conf
modcall: entering group session for request 0
radius_xlat: '/var/log/radutmp'
radius_xlat: 'brt'
modcall[session]: module "radutmp" returns ok for request 0
modcall: leaving group session (returns ok) for request 0
Login OK: [brt/adsl] (from client localhost port 0)
Processing the post-auth section of radiusd.conf
modcall: entering group post-auth for request 0
rlm_sql (sql): Processing sql_postauth
radius_xlat: 'brt'
rlm_sql (sql): sql_set_user escaped user --> 'brt'
radius_xlat: 'INSERT into radpostauth (id, user, pass, reply, date)
values ('', 'brt', 'adsl', 'Access-Accept', NOW())'
rlm_sql (sql) in sql_postauth: query is INSERT into radpostauth (id,
user, pass, reply, date) values ('', 'brt', 'adsl', 'Access-Accept', NOW())
rlm_sql (sql): Reserving sql socket id: 3
rlm_sql (sql): Released sql socket id: 3
modcall[post-auth]: module "sql" returns ok for request 0
modcall: leaving group post-auth (returns ok) for request 0
Sending Access-Accept of id 206 to 127.0.0.1 port 51938
Finished request 0
Going to the next request
--- Walking the entire request list ---
Waking up in 6 seconds...
--- Walking the entire request list ---
Cleaning up request 0 ID 206 with timestamp 457ede6a
Nothing to do. Sleeping until we see a request.
^C
Does somebody knows why there is no entry on my radacct table?
Thank you,
Felipe Neuwald.
4
6
I am going in circles here and not getting anywhere. I will try to
describe what I want to do starting with huntgroups.
huntgroup:
All NAS-IP-Address == 10.213.226.1
All NAS-IP-Address == 10.213.226.2
All NAS-IP-Address == 10.213.226.3
All NAS-IP-Address == 192.168.224.5
All NAS-IP-Address == 192.168.224.36
All NAS-IP-Address == 172.213.226.46
Bldg1 NAS-IP-Address == 10.213.226.1
Bldg1 NAS-IP-Address == 10.213.226.2
Bldg1 NAS-IP-Address == 10.213.226.3
Bldg1 NAS-IP-Address == 192.168.224.5
Bldg1 NAS-IP-Address == 192.168.224.36
Bldg2 NAS-IP-Address == 172.213.226.46
UnitA NAS-IP-Address == 10.213.226.1
UnitA NAS-IP-Address == 10.213.226.2
UnitA NAS-IP-Address == 10.213.226.3
UnitA NAS-IP-Address == 172.213.226.46
UnitB NAS-IP-Address == 192.168.224.5
UnitB NAS-IP-Address == 192.168.224.36
UnitB NAS-IP-Address == 172.213.226.46
UnitAB NAS-IP-Address == 172.213.226.46
TypeVPN NAS-IP-Address == 192.168.224.5
TypeGW NAS-IP-Address == 192.168.224.36
===========================
Now, what I need is multiple proxy statements for each. For example I want
For each group below, in addition to what is listed, I want default to
fall through to (proxy to):
realm DEFAULT {
type = radius
authhost = highered.edu
accthost = highered.edu
nostrip
===================
"All" Authenticate with a Null Realm
or
Authenticate user(a)generic.edu
"Bldg1" Authenticate with a Null Realm
or
Authenticate user(a)generic.edu
"UnitA" Authenticate with user(a)unita.generic.edu
or
Authenticate with Null Realm
or
Authenticate user(a)generic.edu
But NOT
user(a)unitb.generic.edu
"UnitB" Authenticate with user(a)unitb.generic.edu
or
Authenticate with Null Realm
or
Authenticate user(a)generic.edu
but NOT
user(a)unita.generic.edu
"UnitAB" Authenticate with user(a)unita.generic.edu
or
Authenticate with user(a)unitb.generic.edu
or
user(a)generic.edu
or
Null realm
"TypeVPN" Authenticate ONLY with Null Realm
So I can add these as DEFAULT users in the users file, based on
huntgroup, but from there I am at a loss as to what entry to put and the
config in proxy.conf to match.
I think I could do the following
users:
DEFAULT Huntgroup-Name == TypeVPN, Proxy-To-Realm := realm1.edu
DEFAULT Huntgroup-Name == TypeGW, Proxy-To-Realm := realm2.edu
DEFAULT Huntgroup-Name == UnitAB, Proxy-To-Realm := realm3.edu
DEFAULT Huntgroup-Name == UnitA, Proxy-To-Realm := realm4.edu
DEFAULT Huntgroup-Name == UnitB, Proxy-To-Realm := realm5.edu
DEFAULT Huntgroup-Name == BLDG1, Proxy-To-Realm := realm6.edu
DEFAULT Huntgroup-Name == Bldg2, Proxy-To-Realm := realm7.edu
DEFAULT Huntgroup-Name == All, Proxy-To-Realm := realm8.edu
But how can I get them to only allow certain @realms? Is there a way to
define in here something like this?
DEFAULT Huntgroup-Name == UnitA, *(a)unita.generic.edu Proxy-To-Realm :=
realm4.edu
but then in proxy.conf how can I keep it so it does not allow UnitA
users to authenticate on UnitB NAS's (unless it is a UnitAB)but still
allows user(a)generic.edu, Null and DEFAULT proxy as mentioned above?
I have looked at the mailing list and found many setups, but none seem
to take into account the actual realm a user tries to log into.
Thanks.
--
Walter Reynolds
Principle Systems Security Development Engineer
Information Technology Central Services
University of Michigan
(734)615-9438
2
1
Hello everyone,
I started to use freeradius only a couple weeks ago. My job is to use
rlm_jradius module to forward username/password to my own authentication
application, it works fine with radclient.
But when I was trying to use windows RAS (vpn server) as freeradius'
client, from freeradius' output, I can see that there is no user-password.
Any idea why this happens?
I am using freeradius 1.1.2 on Redhat enterprise Linux version 4.
Thank you
Jeffrey
rad_recv: Access-Request packet from host 192.168.2.151:1382, id=8,
length=289
Acct-Session-Id = "108"
NAS-IP-Address = 192.168.2.151
Service-Type = Framed-User
Framed-Protocol = PPP
NAS-Port = 129
MS-RAS-Vendor = 311
MS-RAS-Version = "MSRASV5.20"
NAS-Port-Type = Virtual
Tunnel-Type:0 = PPTP
Tunnel-Medium-Type:0 = IP
Calling-Station-Id = "10.11.14.105"
Tunnel-Client-Endpoint:0 = "10.11.14.105"
Microsoft-Attr-35 = 0x4d5352415356352e3030
Microsoft-Attr-34 = 0x4d535241532d312d4a454646324b
User-Name = "dvmh00000055(a)DVVPN.COM"
MS-CHAP-Challenge = 0xe6e76c750472fb5879986d8b8e75df6e
MS-CHAP2-Response =
0x0000f21eb6c0b591297af094964bb6e9417c0000000000000000f990636a5a5237f4c3456225c9c475b07004e32cb758fdf2
Message-Authenticator = 0x25fa1bd20b0a0f3fa273ae4fc66eb8d5
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 0
modcall[authorize]: module "preprocess" returns ok for request 0
modcall[authorize]: module "chap" returns noop for request 0
rlm_mschap: Found MS-CHAP attributes. Setting 'Auth-Type = mschap'
modcall[authorize]: module "mschap" returns ok for request 0
rlm_realm: Looking up realm "DVVPN.COM" for User-Name =
"dvmh00000055(a)DVVPN.COM"
rlm_realm: No such realm "DVVPN.COM"
modcall[authorize]: module "suffix" returns noop for request 0
rlm_eap: No EAP-Message, not doing EAP
modcall[authorize]: module "eap" returns noop for request 0
users: Matched entry DEFAULT at line 152
users: Matched entry DEFAULT at line 171
users: Matched entry DEFAULT at line 183
modcall[authorize]: module "files" returns ok for request 0
rlm_jradius: packing attribute Acct-Session-Id (type: 44; len: 3)
rlm_jradius: packing attribute NAS-IP-Address (type: 4; len: 4)
rlm_jradius: packing attribute Service-Type (type: 6; len: 4)
rlm_jradius: packing attribute Framed-Protocol (type: 7; len: 4)
rlm_jradius: packing attribute NAS-Port (type: 5; len: 4)
rlm_jradius: packing attribute MS-RAS-Vendor (type: 20381705; len: 4)
rlm_jradius: packing attribute MS-RAS-Version (type: 20381714; len: 10)
rlm_jradius: packing attribute NAS-Port-Type (type: 61; len: 4)
rlm_jradius: packing attribute Tunnel-Type (type: 64; len: 4)
rlm_jradius: packing attribute Tunnel-Medium-Type (type: 65; len: 4)
rlm_jradius: packing attribute Calling-Station-Id (type: 31; len: 12)
rlm_jradius: packing attribute Tunnel-Client-Endpoint (type: 66; len: 12)
rlm_jradius: packing attribute Microsoft-Attr-35 (type: 20381731; len: 10)
rlm_jradius: packing attribute Microsoft-Attr-34 (type: 20381730; len: 14)
rlm_jradius: packing attribute User-Name (type: 1; len: 22)
rlm_jradius: packing attribute MS-CHAP-Challenge (type: 20381707; len: 16)
rlm_jradius: packing attribute MS-CHAP2-Response (type: 20381721; len: 50)
rlm_jradius: packing attribute Message-Authenticator (type: 80; len: 16)
rlm_jradius: packing attribute Client-IP-Address (type: 1052; len: 4)
rlm_jradius: packing packet with code: 1 (attr length: 429)
rlm_jradius: packing attribute Framed-IP-Address (type: 8; len: 4)
rlm_jradius: packing attribute Framed-MTU (type: 12; len: 4)
rlm_jradius: packing attribute Service-Type (type: 6; len: 4)
rlm_jradius: packing attribute Framed-Protocol (type: 7; len: 4)
rlm_jradius: packing attribute Framed-Compression (type: 13; len: 4)
rlm_jradius: packing packet with code: 0 (attr length: 80)
rlm_jradius: packing attribute Auth-Type (type: 1000; len: 4)
rlm_jradius: packing attribute Service-Type (type: 6; len: 4)
rlm_jradius: packing attribute Framed-Protocol (type: 7; len: 4)
rlm_jradius: sending 586 bytes to jradius server
rlm_jradius: return code 8; receiving 2 packets
rlm_jradius: reading packet: code=1 len=429
rlm_jradius: reading attribute: type=44; len=3
rlm_jradius: reading attribute: type=4; len=4
rlm_jradius: reading attribute: type=6; len=4
rlm_jradius: reading attribute: type=7; len=4
rlm_jradius: reading attribute: type=5; len=4
rlm_jradius: reading attribute: type=20381705; len=4
rlm_jradius: reading attribute: type=20381714; len=10
rlm_jradius: reading attribute: type=61; len=4
rlm_jradius: reading attribute: type=64; len=4
rlm_jradius: reading attribute: type=65; len=4
rlm_jradius: reading attribute: type=31; len=12
rlm_jradius: reading attribute: type=66; len=12
rlm_jradius: reading attribute: type=20381731; len=10
rlm_jradius: received attribute we do not recognize (type: 20381731)
rlm_jradius: reading attribute: type=20381730; len=14
rlm_jradius: received attribute we do not recognize (type: 20381730)
rlm_jradius: reading attribute: type=1; len=22
rlm_jradius: reading attribute: type=20381707; len=16
rlm_jradius: reading attribute: type=20381721; len=50
rlm_jradius: reading attribute: type=80; len=16
rlm_jradius: reading attribute: type=1052; len=4
rlm_jradius: reading packet: code=0 len=80
rlm_jradius: reading attribute: type=8; len=4
rlm_jradius: reading attribute: type=12; len=4
rlm_jradius: reading attribute: type=6; len=4
rlm_jradius: reading attribute: type=7; len=4
rlm_jradius: reading attribute: type=13; len=4
rlm_jradius: reading request: config_item: len=48
rlm_jradius: reading attribute: type=1000; len=4
rlm_jradius: reading attribute: type=6; len=4
rlm_jradius: reading attribute: type=7; len=4
modcall[authorize]: module "jradius" returns updated for request 0
modcall: leaving group authorize (returns updated) for request 0
rad_check_password: Found Auth-Type
auth: type "MS-CHAP"
Processing the authenticate section of radiusd.conf
modcall: entering group MS-CHAP for request 0
rlm_mschap: No User-Password configured. Cannot create LM-Password.
rlm_mschap: No User-Password configured. Cannot create NT-Password.
rlm_mschap: Told to do MS-CHAPv2 for dvmh00000055(a)DVVPN.COM with
NT-Password
rlm_mschap: FAILED: No NT/LM-Password. Cannot perform authentication.
rlm_mschap: FAILED: MS-CHAP2-Response is incorrect
modcall[authenticate]: module "mschap" returns reject for request 0
modcall: leaving group MS-CHAP (returns reject) for request 0
auth: Failed to validate the user.
Login incorrect: [dvmh00000055(a)DVVPN.COM/<no User-Password attribute>]
(from client jeff2003 port 129 cli 10.11.14.105)
Found Post-Auth-Type
Processing the post-auth section of radiusd.conf
modcall: entering group REJECT for request 0
rlm_jradius: packing attribute Acct-Session-Id (type: 44; len: 3)
rlm_jradius: packing attribute NAS-IP-Address (type: 4; len: 4)
rlm_jradius: packing attribute Service-Type (type: 6; len: 4)
rlm_jradius: packing attribute Framed-Protocol (type: 7; len: 4)
rlm_jradius: packing attribute NAS-Port (type: 5; len: 4)
rlm_jradius: packing attribute MS-RAS-Vendor (type: 20381705; len: 4)
rlm_jradius: packing attribute MS-RAS-Version (type: 20381714; len: 10)
rlm_jradius: packing attribute NAS-Port-Type (type: 61; len: 4)
rlm_jradius: packing attribute Tunnel-Type (type: 64; len: 4)
rlm_jradius: packing attribute Tunnel-Medium-Type (type: 65; len: 4)
rlm_jradius: packing attribute Calling-Station-Id (type: 31; len: 12)
rlm_jradius: packing attribute Tunnel-Client-Endpoint (type: 66; len: 12)
rlm_jradius: packing attribute User-Name (type: 1; len: 22)
rlm_jradius: packing attribute MS-CHAP-Challenge (type: 20381707; len: 16)
rlm_jradius: packing attribute MS-CHAP2-Response (type: 20381721; len: 50)
rlm_jradius: packing attribute Message-Authenticator (type: 80; len: 16)
rlm_jradius: packing attribute Client-IP-Address (type: 1052; len: 4)
rlm_jradius: packing packet with code: 1 (attr length: 381)
rlm_jradius: packing attribute Framed-IP-Address (type: 8; len: 4)
rlm_jradius: packing attribute Framed-MTU (type: 12; len: 4)
rlm_jradius: packing attribute Service-Type (type: 6; len: 4)
rlm_jradius: packing attribute Framed-Protocol (type: 7; len: 4)
rlm_jradius: packing attribute Framed-Compression (type: 13; len: 4)
rlm_jradius: packing attribute MS-CHAP-Error (type: 20381698; len: 10)
rlm_jradius: packing packet with code: 3 (attr length: 102)
rlm_jradius: packing attribute Auth-Type (type: 1000; len: 4)
rlm_jradius: packing attribute Service-Type (type: 6; len: 4)
rlm_jradius: packing attribute Framed-Protocol (type: 7; len: 4)
rlm_jradius: packing attribute Post-Auth-Type (type: 1014; len: 4)
rlm_jradius: sending 576 bytes to jradius server
rlm_jradius: return code 7; receiving 2 packets
rlm_jradius: reading packet: code=1 len=381
rlm_jradius: reading attribute: type=44; len=3
rlm_jradius: reading attribute: type=4; len=4
rlm_jradius: reading attribute: type=6; len=4
rlm_jradius: reading attribute: type=7; len=4
rlm_jradius: reading attribute: type=5; len=4
rlm_jradius: reading attribute: type=20381705; len=4
rlm_jradius: reading attribute: type=20381714; len=10
rlm_jradius: reading attribute: type=61; len=4
rlm_jradius: reading attribute: type=64; len=4
rlm_jradius: reading attribute: type=65; len=4
rlm_jradius: reading attribute: type=31; len=12
rlm_jradius: reading attribute: type=66; len=12
rlm_jradius: reading attribute: type=1; len=22
rlm_jradius: reading attribute: type=20381707; len=16
rlm_jradius: reading attribute: type=20381721; len=50
rlm_jradius: reading attribute: type=80; len=16
rlm_jradius: reading attribute: type=1052; len=4
rlm_jradius: reading packet: code=3 len=102
rlm_jradius: reading attribute: type=8; len=4
rlm_jradius: reading attribute: type=12; len=4
rlm_jradius: reading attribute: type=6; len=4
rlm_jradius: reading attribute: type=7; len=4
rlm_jradius: reading attribute: type=13; len=4
rlm_jradius: reading attribute: type=20381698; len=10
rlm_jradius: reading request: config_item: len=64
rlm_jradius: reading attribute: type=1000; len=4
rlm_jradius: reading attribute: type=6; len=4
rlm_jradius: reading attribute: type=7; len=4
rlm_jradius: reading attribute: type=1014; len=4
modcall[post-auth]: module "jradius" returns noop for request 0
modcall: leaving group REJECT (returns noop) for request 0
Delaying request 0 for 1 seconds
Finished request 0
Going to the next request
--- Walking the entire request list ---
Waking up in 1 seconds...
--- Walking the entire request list ---
Sending Access-Reject of id 8 to 192.168.2.151 port 1382
Waking up in 3 seconds...
--- Walking the entire request list ---
Cleaning up request 0 ID 8 with timestamp 457dbde0
Nothing to do. Sleeping until we see a request.
_________________________________________________________________
与世界各地的朋友进行交流,免费下载 Live Messenger;
http://get.live.com/messenger/overview
2
2
On Tue, 2006-12-12 at 22:35 +0100,
freeradius-users-request(a)lists.freeradius.org wrote:
> Sean wrote:
> > Hi Alan, Thanks for all the help last night. I've made a lot of
> > progress today. Max-Daily-Session is now being recognised as a valid
> > attribute and users with the attribute are being authenticated. The
> > problem I now have is that the users are being disconnected after
> their
> > allocated time has expired but they can log back in again straight
> away
> > instead of having to wait 24 hours.
>
> Is the NAS sending accounting packets? If not, the server has no
> way
> of knowing that the time was used up.
Yes it is. It's a Linksys 54G running DD-WRT and Chillispot. The
accounting works for Max-All-Session and Expiration. Also the user is
disconnected after the correct time has elapsed under Max-Daily-Session.
The problem is that he can log back on again straight away, instead of
having to wait twenty four hours.
>
> Did you list "sql" in the "accounting" section? If not, the
> accounting information won't be written to SQL.
Yes sql is listed in accounting and the accounting information is being
written into radacct.
I think the problem might be in my sql code in sql.conf. I'll puzzle
over it tonight although it works fine with the other attributes.
Regards,
Sean
>
> Alan DeKok.
2
1
I have a working freeradius system that is logging the hardware
addresses of the users as they successfully connect through the system.
I would like to also match the userid to the hardware address, and try
as I might I cannot really figure/find out how to do that. Can someone
show me the way or point me to something that does?
thanks,
Dan
1
0