Freeradius-Users
Threads by month
- ----- 2026 -----
- July
- June
- May
- April
- March
- February
- January
- ----- 2025 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2024 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2023 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2022 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2021 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2020 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2019 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2018 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2017 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2016 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2015 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2014 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2013 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2012 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2011 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2010 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2009 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2008 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2007 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2006 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2005 -----
- December
- November
- October
- September
- August
- July
- June
- May
May 2007
- 175 participants
- 277 discussions
Dear guys
I am comming with new problem now i have enable POD packet of disconnet on cisco router and now i m trying to disconnect user with radclient command but i got this output
[root@radius ~]# cat packet.txt
Acct-Session-Id=0000C476
User-Name=mlpm607
X-Ascend-Session-Svr-Key=396830D9
NAS-IP-Address=192.168.1.1
[root@radius ~]# cat packet.txt | radclient -x 192.168.1.1:1700 disconnect tulip786
Sending Disconnect-Request of id 115 to 192.168.1.1 port 1700
Acct-Session-Id = "0000C476"
User-Name = "mlpm607"
X-Ascend-Session-Svr-Key = "396830D9"
NAS-IP-Address = 192.168.1.1
rad_recv: Disconnect-NAK packet from host 192.168.1.1:1700, id=115, length=41
Reply-Message = "No Matching Session"
why user not disconnect from NAS but user still login on NAS ?????
$ cat ~/satish/url.txt
System administrator ( Data Center )
please visit this site
http://linux.tulipit.com
---------------------------------
Heres a new way to find what you're looking for - Yahoo! Answers
4
4
Center for Internet Security - Call for Participation for FreeRADIUS Benchmark
by Dave Shackleford 11 May '07
by Dave Shackleford 11 May '07
11 May '07
***Thanks to moderators for allowing this post - it's for a good
cause!***
Hi folks, I'd like to introduce myself. My name is Dave Shackleford, and
I represent the Center for Internet Security. Some of you may know of
us, and some of you may not.
CIS is a non-profit that coordinates teams of volunteers who collaborate
to create benchmark guides for securing systems. Many of you may have
used some of the CIS tools to score your systems against the benchmarks
at one time or another, and thousands of people download the benchmarks
and scoring tools every month. We are actively seeking IT and security
professionals to participate in the benchmark development process. We
are also looking for anyone experienced in Java and/or XML programming
to assist with our newest scoring tool development (contact me
off-list).
We are about to begin the consensus process for a FreeRADIUS security
benchmark. Time commitments are minimal, all you need to do is go and
sign up on the mailing list and provide some input to the group on the
benchmark draft when it's released. We always have a team leader who
puts together the initial draft, pulling from a variety of sources; this
is then sent to the mailing list for review and comment. After a
consensus is reached, we publish it. We also list participants' names on
our "Honor Roll" page at http://www.cisecurity.org/honor_roll.html.
Our benchmarks are gaining a lot of attention right now. We are
mentioned specifically in the PCI DSS (section 2.2), we are working with
NIST to develop tools and content, and a lot more. If you would like to
participate, please visit the site and sign up. We won't send you any
unsolicited email, just the list postings for benchmark development.
Also, please feel free to sign up for anything not mentioned below, we
will be working on all of the benchmarks over the course of the next
year or so. There are also lots of opportunities to earn CPE credits for
participation.
If you have any questions, please reply to me off-list (dshackleford at
cisecurity dot org). Thanks for your help! -Dave
1. FreeRADIUS Benchmark (OpenLDAP will also be discussed here)
MAILING LIST:
http://lists.cisecurity.org/mailman/listinfo/access-controls
Also the Virtualization Benchmark (may interest some)
MAILING LIST:
http://lists.cisecurity.org/mailman/listinfo/vm-security-benchmark
Note: This list will benefit from varied backgrounds and skill sets.
2
1
Dear all
Thanks for the information.I am not able to do successful authentication still.
These are my configurations
I have copied my root.pem and server.pem to /etc/raddb/certs directory
1.My eap.conf file is like this
eap {
default_eap_type = tls
timer_expire = 60
ignore_unknown_eap_types = no
cisco_accounting_username_bug = no
## EAP-TLS
tls {
private_key_password = password
private_key_file = /etc/raddb/certs/07xwifi.pem
certificate_file = /etc/raddb/certs/07xwifi.pem
CA_file = /etc/raddb/certs/root.pem
dh_file = /etc/raddb/certs/dh
random_file = /etc/raddb/certs/random
fragment_size = 1024
include_length = yes
}
peap {
default_eap_type = tls
}
}
2 radiusd.conf (only authorize and authentication section)
nstantiate {
}
authorize {
preprocess
mschap
eap
files
}
# Authentication.
authenticate {
Auth-Type MS-CHAP {
mschap
}
eap
}
3 I havn;t modified users file since its eap-tls authentication
Giude me any modification required further for eap-tls certificate based authentication.
Regards
Anoop
> That the server is working as expected.
>
> Alan DeKok.
> TLS_accept: Need to read more data: SSLv3 read client certificate A
> In SSL Handshake Phase
> In SSL Accept mode
> eaptls_process returned 13
>
>
> eaptls_verify returned 1
> eaptls_process returned 13
>
> What is these debug messages indicate...
>
> Anoop
2
1
Hi list
While doing eap-tls authentication i am getting the following debug message.Anybody please clarify.
TLS_accept: Need to read more data: SSLv3 read client certificate A
In SSL Handshake Phase
In SSL Accept mode
eaptls_process returned 13
eaptls_verify returned 1
eaptls_process returned 13
What is these debug messages indicate...
Anoop
2
1
Hello,
I am VERY new to radius and need some guidance...I have read the configuration instructions and have searched the freeradius mail archives to no avail...
We are trying to set up Oracle to use radius/ldap and racf for the authentication. Oracle (10g on Solaris) --> Radius (on Solaris) --> LDAP (on Z/os) --> RACF (authenticate and pass back to Oracle ok or not ok to connect).
Radius is installed and I have followed the instructions provided by IBM to set up RACF/LDAP and Radius in the document http://www.redbooks.ibm.com/abstracts/sg246482.html chapter 9. However when I run radtest I cannot get a successful return. Also a log file is not being generated on the logdir and I have confirmed by adding a foo file manually that the id does have permission to write to the log directory....I have tried many variations of the radius.conf....Any ideas or guidance would be very appreciated.
Here is the output when running radiusd -X:
/opt/local/etc/raddb>radiusd -X
Starting - reading configuration files ...
reread_config: reading radiusd.conf
Config: including file: /opt/local/etc/raddb/clients.conf
Config: including file: /opt/local/etc/raddb/snmp.conf
Config: including file: /opt/local/etc/raddb/eap.conf
main: prefix = "/opt/local"
main: localstatedir = "/opt/local/var"
main: logdir = "/opt/local/var/log/radius"
main: libdir = "/opt/local/lib"
main: radacctdir = "/opt/local/var/log/radius/radacct"
main: hostname_lookups = no
main: max_request_time = 30
main: cleanup_delay = 5
main: max_requests = 1024
main: delete_blocked_requests = 0
main: port = 0
main: allow_core_dumps = no
main: log_stripped_names = no
main: log_file = "/opt/local/var/log/radius/radius.log"
main: log_auth = yes
main: log_auth_badpass = yes
main: log_auth_goodpass = no
main: pidfile = "/opt/local/var/run/radiusd/radiusd.pid"
main: user = "(null)"
main: group = "(null)"
main: usercollide = no
main: lower_user = "no"
main: lower_pass = "no"
main: nospace_user = "no"
main: nospace_pass = "no"
main: checkrad = "/opt/local/sbin/checkrad"
main: proxy_requests = no
security: max_attributes = 200
security: reject_delay = 1
security: status_server = no
main: debug_level = 0
read_config_files: reading dictionary
read_config_files: reading naslist
Using deprecated naslist file. Support for this will go away soon.
read_config_files: reading clients
read_config_files: reading realms
radiusd: entering modules setup
Module: Library search path is /opt/local/lib
Module: Loaded exec
exec: wait = yes
exec: program = "(null)"
exec: input_pairs = "request"
exec: output_pairs = "(null)"
exec: packet_type = "(null)"
rlm_exec: Wait=yes but no output defined. Did you mean output=none?
Module: Instantiated exec (exec)
Module: Loaded expr
Module: Instantiated expr (expr)
Module: Loaded PAP
pap: encryption_scheme = "crypt"
pap: auto_header = yes
Module: Instantiated pap (pap)
Module: Loaded CHAP
Module: Instantiated chap (chap)
Module: Loaded MS-CHAP
mschap: use_mppe = yes
mschap: require_encryption = no
mschap: require_strong = no
mschap: with_ntdomain_hack = no
mschap: passwd = "(null)"
mschap: ntlm_auth = "(null)"
Module: Instantiated mschap (mschap)
Module: Loaded System
unix: cache = no
unix: passwd = "(null)"
unix: shadow = "(null)"
unix: group = "(null)"
unix: radwtmp = "/opt/local/var/log/radius/radwtmp"
unix: usegroup = no
unix: cache_reload = 600
Module: Instantiated unix (unix)
Module: Loaded eap
eap: default_eap_type = "md5"
eap: timer_expire = 60
eap: ignore_unknown_eap_types = no
eap: cisco_accounting_username_bug = no
rlm_eap: Loaded and initialized type md5
rlm_eap: Loaded and initialized type leap
gtc: challenge = "Password: "
gtc: auth_type = "PAP"
rlm_eap: Loaded and initialized type gtc
mschapv2: with_ntdomain_hack = no
rlm_eap: Loaded and initialized type mschapv2
Module: Instantiated eap (eap)
Module: Loaded preprocess
preprocess: huntgroups = "/opt/local/etc/raddb/huntgroups"
preprocess: hints = "/opt/local/etc/raddb/hints"
preprocess: with_ascend_hack = no
preprocess: ascend_channels_per_line = 23
preprocess: with_ntdomain_hack = no
preprocess: with_specialix_jetstream_hack = no
preprocess: with_cisco_vsa_hack = no
preprocess: with_alvarion_vsa_hack = no
Module: Instantiated preprocess (preprocess)
Module: Loaded detail
detail: detailfile = "/opt/local/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d"
detail: detailperm = 384
detail: dirperm = 493
detail: locking = no
Module: Instantiated detail (auth_log)
Module: Loaded realm
realm: format = "suffix"
realm: delimiter = "@"
realm: ignore_default = yes
realm: ignore_null = yes
Module: Instantiated realm (suffix)
Module: Loaded files
files: usersfile = "/opt/local/etc/raddb/users"
files: acctusersfile = "/opt/local/etc/raddb/acct_users"
files: preproxy_usersfile = "/opt/local/etc/raddb/preproxy_users"
files: compat = "no"
Module: Instantiated files (files)
Module: Loaded Acct-Unique-Session-Id
acct_unique: key = "User-Name, Acct-Session-Id, NAS-IP-Address, Client-IP-Address, NAS-Port"
Module: Instantiated acct_unique (acct_unique)
detail: detailfile = "/opt/local/var/log/radius/radacct/%{Client-IP-Address}/detail-%Y%m%d"
detail: detailperm = 384
detail: dirperm = 493
detail: locking = no
Module: Instantiated detail (detail)
Module: Loaded radutmp
radutmp: filename = "/opt/local/var/log/radius/radutmp"
radutmp: username = "%{User-Name}"
radutmp: case_sensitive = yes
radutmp: check_with_nas = yes
radutmp: perm = 384
radutmp: callerid = yes
Module: Instantiated radutmp (radutmp)
Listening on authentication *:1812
Listening on accounting *:1813
Ready to process requests.
rad_recv: Access-Request packet from host 10.71.175.19:36661, id=228, length=59
User-Name = "NBCTST1"
User-Password = "testpwd"
NAS-IP-Address = 255.255.255.255
NAS-Port = 0
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 0
modcall[authorize]: module "preprocess" returns ok for request 0
radius_xlat: '/opt/local/var/log/radius/radacct/10.71.175.19/auth-detail-20070510'
rlm_detail: /opt/local/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d expands to /opt/local/var/log/radius/radacct/10.71.175.19/auth-detail-20070510
modcall[authorize]: module "auth_log" returns ok for request 0
modcall[authorize]: module "chap" returns noop for request 0
modcall[authorize]: module "mschap" returns noop for request 0
rlm_realm: No '@' in User-Name = "NBCTST1", skipping NULL due to config.
modcall[authorize]: module "suffix" returns noop for request 0
rlm_eap: No EAP-Message, not doing EAP
modcall[authorize]: module "eap" returns noop for request 0
users: Matched entry DEFAULT at line 152
modcall[authorize]: module "files" returns ok for request 0
rlm_pap: WARNING! No "known good" password found for the user. Authentication may fail because of this.
modcall[authorize]: module "pap" returns noop for request 0
modcall: leaving group authorize (returns ok) for request 0
rad_check_password: Found Auth-Type System
auth: type "System"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 0
modcall[authenticate]: module "unix" returns notfound for request 0
modcall: leaving group authenticate (returns notfound) for request 0
auth: Failed to validate the user.
Login incorrect: [NBCTST1/testpwd] (from client denord01 port 0)
Delaying request 0 for 1 seconds
Finished request 0
Going to the next request
--- Walking the entire request list ---
Waking up in 1 seconds...
--- Walking the entire request list ---
Waking up in 1 seconds...
--- Walking the entire request list ---
Sending Access-Reject of id 228 to 10.71.175.19 port 36661
Waking up in 4 seconds...
--- Walking the entire request list ---
Cleaning up request 0 ID 228 with timestamp 46433e16
Nothing to do. Sleeping until we see a request.
1
0
hi,
i use freeradius with eap -peap and MySQL...but the freeradius don't send an
access-accept at the end of authentication ...the server send an
access-challenge,i don't know what's the problem...
i'use a hp 2650 switch client,and a win xp supplicant,
this is the the result of the debug mode..
Wed May 9 17:51:58 2007 : Info: Starting - reading configuration files ...
Wed May 9 17:51:58 2007 : Debug: reread_config: reading radiusd.conf
Wed May 9 17:51:58 2007 : Debug: Config: including file:
/etc/freeradius/proxy.conf
Wed May 9 17:51:58 2007 : Debug: Config: including file:
/etc/freeradius/clients.conf
Wed May 9 17:51:58 2007 : Debug: Config: including file:
/etc/freeradius/snmp.conf
Wed May 9 17:51:58 2007 : Debug: Config: including file:
/etc/freeradius/eap.conf
Wed May 9 17:51:58 2007 : Debug: Config: including file:
/etc/freeradius/sql.conf
Wed May 9 17:51:58 2007 : Debug: main: prefix = "/usr"
Wed May 9 17:51:58 2007 : Debug: main: localstatedir = "/var"
Wed May 9 17:51:58 2007 : Debug: main: logdir = "/var/log/freeradius"
Wed May 9 17:51:58 2007 : Debug: main: libdir = "/usr/lib/freeradius"
Wed May 9 17:51:58 2007 : Debug: main: radacctdir =
"/var/log/freeradius/radacct"
Wed May 9 17:51:58 2007 : Debug: main: hostname_lookups = no
Wed May 9 17:51:58 2007 : Debug: main: max_request_time = 30
Wed May 9 17:51:58 2007 : Debug: main: cleanup_delay = 5
Wed May 9 17:51:58 2007 : Debug: main: max_requests = 1024
Wed May 9 17:51:58 2007 : Debug: main: delete_blocked_requests = 0
Wed May 9 17:51:58 2007 : Debug: main: port = 0
Wed May 9 17:51:58 2007 : Debug: main: allow_core_dumps = no
Wed May 9 17:51:58 2007 : Debug: main: log_stripped_names = no
Wed May 9 17:51:58 2007 : Debug: main: log_file =
"/var/log/freeradius/radius.log"
Wed May 9 17:51:58 2007 : Debug: main: log_auth = no
Wed May 9 17:51:58 2007 : Debug: main: log_auth_badpass = no
Wed May 9 17:51:58 2007 : Debug: main: log_auth_goodpass = no
Wed May 9 17:51:58 2007 : Debug: main: pidfile =
"/var/run/freeradius/freeradius.pid"
Wed May 9 17:51:58 2007 : Debug: main: bind_address = 192.168.0.1 IP
address [192.168.0.1]
Wed May 9 17:51:58 2007 : Debug: main: user = "freerad"
Wed May 9 17:51:58 2007 : Debug: main: group = "freerad"
Wed May 9 17:51:58 2007 : Debug: main: usercollide = no
Wed May 9 17:51:58 2007 : Debug: main: lower_user = "no"
Wed May 9 17:51:58 2007 : Debug: main: lower_pass = "no"
Wed May 9 17:51:58 2007 : Debug: main: nospace_user = "no"
Wed May 9 17:51:58 2007 : Debug: main: nospace_pass = "no"
Wed May 9 17:51:58 2007 : Debug: main: checkrad = "/usr/sbin/checkrad"
Wed May 9 17:51:58 2007 : Debug: main: proxy_requests = yes
Wed May 9 17:51:58 2007 : Debug: proxy: retry_delay = 5
Wed May 9 17:51:58 2007 : Debug: proxy: retry_count = 3
Wed May 9 17:51:58 2007 : Debug: proxy: synchronous = no
Wed May 9 17:51:58 2007 : Debug: proxy: default_fallback = yes
Wed May 9 17:51:58 2007 : Debug: proxy: dead_time = 120
Wed May 9 17:51:58 2007 : Debug: proxy: post_proxy_authorize = no
Wed May 9 17:51:58 2007 : Debug: proxy: wake_all_if_all_dead = no
Wed May 9 17:51:58 2007 : Debug: security: max_attributes = 200
Wed May 9 17:51:58 2007 : Debug: security: reject_delay = 1
Wed May 9 17:51:58 2007 : Debug: security: status_server = no
Wed May 9 17:51:58 2007 : Debug: main: debug_level = 0
Wed May 9 17:51:58 2007 : Debug: read_config_files: reading dictionary
Wed May 9 17:51:58 2007 : Debug: read_config_files: reading naslist
Wed May 9 17:51:58 2007 : Info: Using deprecated naslist file. Support for
this will go away soon.
Wed May 9 17:51:58 2007 : Debug: read_config_files: reading clients
Wed May 9 17:51:58 2007 : Debug: read_config_files: reading realms
Wed May 9 17:51:58 2007 : Debug: radiusd: entering modules setup
Wed May 9 17:51:58 2007 : Debug: Module: Library search path is
/usr/lib/freeradius
Wed May 9 17:51:58 2007 : Debug: Module: Loaded exec
Wed May 9 17:51:58 2007 : Debug: exec: wait = yes
Wed May 9 17:51:58 2007 : Debug: exec: program = "(null)"
Wed May 9 17:51:58 2007 : Debug: exec: input_pairs = "request"
Wed May 9 17:51:58 2007 : Debug: exec: output_pairs = "(null)"
Wed May 9 17:51:58 2007 : Debug: exec: packet_type = "(null)"
Wed May 9 17:51:58 2007 : Info: rlm_exec: Wait=yes but no output defined.
Did you mean output=none?
Wed May 9 17:51:58 2007 : Debug: Module: Instantiated exec (exec)
Wed May 9 17:51:58 2007 : Debug: Module: Loaded expr
Wed May 9 17:51:58 2007 : Debug: Module: Instantiated expr (expr)
Wed May 9 17:51:58 2007 : Debug: Module: Loaded PAP
Wed May 9 17:51:58 2007 : Debug: pap: encryption_scheme = "crypt"
Wed May 9 17:51:58 2007 : Debug: Module: Instantiated pap (pap)
Wed May 9 17:51:58 2007 : Debug: Module: Loaded CHAP
Wed May 9 17:51:58 2007 : Debug: Module: Instantiated chap (chap)
Wed May 9 17:51:58 2007 : Debug: Module: Loaded MS-CHAP
Wed May 9 17:51:58 2007 : Debug: mschap: use_mppe = yes
Wed May 9 17:51:58 2007 : Debug: mschap: require_encryption = yes
Wed May 9 17:51:58 2007 : Debug: mschap: require_strong = yes
Wed May 9 17:51:58 2007 : Debug: mschap: with_ntdomain_hack = no
Wed May 9 17:51:58 2007 : Debug: mschap: passwd = "(null)"
Wed May 9 17:51:58 2007 : Debug: mschap: ntlm_auth = "(null)"
Wed May 9 17:51:58 2007 : Debug: Module: Instantiated mschap (mschap)
Wed May 9 17:51:58 2007 : Debug: Module: Loaded eap
Wed May 9 17:51:58 2007 : Debug: eap: default_eap_type = "peap"
Wed May 9 17:51:58 2007 : Debug: eap: timer_expire = 60
Wed May 9 17:51:58 2007 : Debug: eap: ignore_unknown_eap_types = no
Wed May 9 17:51:58 2007 : Debug: eap: cisco_accounting_username_bug = no
Wed May 9 17:51:58 2007 : Debug: rlm_eap: Loaded and initialized type md5
Wed May 9 17:51:58 2007 : Debug: rlm_eap: Loaded and initialized type leap
Wed May 9 17:51:58 2007 : Debug: tls: rsa_key_exchange = no
Wed May 9 17:51:58 2007 : Debug: tls: dh_key_exchange = yes
Wed May 9 17:51:58 2007 : Debug: tls: rsa_key_length = 512
Wed May 9 17:51:58 2007 : Debug: tls: dh_key_length = 512
Wed May 9 17:51:58 2007 : Debug: tls: verify_depth = 0
Wed May 9 17:51:58 2007 : Debug: tls: CA_path = "(null)"
Wed May 9 17:51:58 2007 : Debug: tls: pem_file_type = yes
Wed May 9 17:51:58 2007 : Debug: tls: private_key_file =
"/etc/freeradius/certs/cert-srv.pem"
Wed May 9 17:51:58 2007 : Debug: tls: certificate_file =
"/etc/freeradius/certs/cert-srv.pem"
Wed May 9 17:51:58 2007 : Debug: tls: CA_file =
"/etc/freeradius/certs/demoCA/cacert.pem"
Wed May 9 17:51:58 2007 : Debug: tls: private_key_password = "whatever"
Wed May 9 17:51:58 2007 : Debug: tls: dh_file = "/etc/freeradius/certs/dh"
Wed May 9 17:51:58 2007 : Debug: tls: random_file =
"/etc/freeradius/certs/random"
Wed May 9 17:51:58 2007 : Debug: tls: fragment_size = 1024
Wed May 9 17:51:58 2007 : Debug: tls: include_length = yes
Wed May 9 17:51:58 2007 : Debug: tls: check_crl = no
Wed May 9 17:51:58 2007 : Debug: tls: check_cert_cn = "(null)"
Wed May 9 17:51:58 2007 : Debug: tls: cipher_list = "(null)"
Wed May 9 17:51:58 2007 : Debug: tls: check_cert_issuer = "(null)"
Wed May 9 17:51:58 2007 : Info: rlm_eap_tls: Loading the certificate file
as a chain
Wed May 9 17:51:58 2007 : Debug: rlm_eap: Loaded and initialized type tls
Wed May 9 17:51:58 2007 : Debug: peap: default_eap_type = "mschapv2"
Wed May 9 17:51:58 2007 : Debug: peap: copy_request_to_tunnel = no
Wed May 9 17:51:58 2007 : Debug: peap: use_tunneled_reply = yes
Wed May 9 17:51:58 2007 : Debug: peap: proxy_tunneled_request_as_eap = yes
Wed May 9 17:51:58 2007 : Debug: rlm_eap: Loaded and initialized type peap
Wed May 9 17:51:58 2007 : Debug: mschapv2: with_ntdomain_hack = no
Wed May 9 17:51:58 2007 : Debug: rlm_eap: Loaded and initialized type
mschapv2
Wed May 9 17:51:58 2007 : Debug: Module: Instantiated eap (eap)
Wed May 9 17:51:58 2007 : Debug: Module: Loaded preprocess
Wed May 9 17:51:58 2007 : Debug: preprocess: huntgroups =
"/etc/freeradius/huntgroups"
Wed May 9 17:51:58 2007 : Debug: preprocess: hints =
"/etc/freeradius/hints"
Wed May 9 17:51:58 2007 : Debug: preprocess: with_ascend_hack = no
Wed May 9 17:51:58 2007 : Debug: preprocess: ascend_channels_per_line = 23
Wed May 9 17:51:58 2007 : Debug: preprocess: with_ntdomain_hack = no
Wed May 9 17:51:58 2007 : Debug: preprocess: with_specialix_jetstream_hack
= no
Wed May 9 17:51:58 2007 : Debug: preprocess: with_cisco_vsa_hack = no
Wed May 9 17:51:58 2007 : Debug: preprocess: with_alvarion_vsa_hack = no
Wed May 9 17:51:58 2007 : Debug: Module: Instantiated preprocess
(preprocess)
Wed May 9 17:51:58 2007 : Debug: Module: Loaded realm
Wed May 9 17:51:58 2007 : Debug: realm: format = "suffix"
Wed May 9 17:51:58 2007 : Debug: realm: delimiter = "@"
Wed May 9 17:51:58 2007 : Debug: realm: ignore_default = no
Wed May 9 17:51:58 2007 : Debug: realm: ignore_null = no
Wed May 9 17:51:58 2007 : Debug: Module: Instantiated realm (suffix)
Wed May 9 17:51:58 2007 : Debug: Module: Loaded SQL
Wed May 9 17:51:58 2007 : Debug: sql: driver = "rlm_sql_mysql"
Wed May 9 17:51:58 2007 : Debug: sql: server = "localhost"
Wed May 9 17:51:58 2007 : Debug: sql: port = ""
Wed May 9 17:51:58 2007 : Debug: sql: login = "radius"
Wed May 9 17:51:58 2007 : Debug: sql: password = "cisonline"
Wed May 9 17:51:58 2007 : Debug: sql: radius_db = "radius"
Wed May 9 17:51:58 2007 : Debug: sql: nas_table = "nas"
Wed May 9 17:51:58 2007 : Debug: sql: sqltrace = no
Wed May 9 17:51:58 2007 : Debug: sql: sqltracefile =
"/var/log/freeradius/sqltrace.sql"
Wed May 9 17:51:58 2007 : Debug: sql: readclients = no
Wed May 9 17:51:58 2007 : Debug: sql: deletestalesessions = yes
Wed May 9 17:51:58 2007 : Debug: sql: num_sql_socks = 5
Wed May 9 17:51:58 2007 : Debug: sql: sql_user_name = "%{User-Name}"
Wed May 9 17:51:58 2007 : Debug: sql: default_user_profile = ""
Wed May 9 17:51:58 2007 : Debug: sql: query_on_not_found = no
Wed May 9 17:51:58 2007 : Debug: sql: authorize_check_query = "SELECT id,
UserName, Attribute, Value, op FROM radcheck WHERE
Username = '%{SQL-User-Name}' ORDER BY id"
Wed May 9 17:51:58 2007 : Debug: sql: authorize_reply_query = "SELECT id,
UserName, Attribute, Value, op FROM radreply WHERE
Username = '%{SQL-User-Name}' ORDER BY id"
Wed May 9 17:51:58 2007 : Debug: sql: authorize_group_check_query =
"SELECT
radgroupcheck.id,radgroupcheck.GroupName,radgroupcheck.Attribute,radgroupcheck.Value,radgroupcheck.op
FROM radgroupcheck,usergroup WHERE usergroup.Username = '%{SQL-User-Name}'
AND usergroup.GroupName = radgroupcheck.GroupName ORDER BY radgroupcheck.id"
Wed May 9 17:51:58 2007 : Debug: sql: authorize_group_reply_query =
"SELECT
radgroupreply.id,radgroupreply.GroupName,radgroupreply.Attribute,radgroupreply.Value,radgroupreply.op
FROM radgroupreply,usergroup WHERE usergroup.Username = '%{SQL-User-Name}'
AND usergroup.GroupName = radgroupreply.GroupName ORDER BY radgroupreply.id"
Wed May 9 17:51:58 2007 : Debug: sql: accounting_onoff_query = "UPDATE
radacct SET AcctStopTime='%S', AcctSessionTime=unix_timestamp('%S') -
unix_timestamp(AcctStartTime), AcctTerminateCause='%{Acct-Terminate-Cause}',
AcctStopDelay = '%{Acct-Delay-Time}' WHERE AcctSessionTime=0 AND
AcctStopTime=0 AND NASIPAddress= '%{NAS-IP-Address}' AND AcctStartTime <=
'%S'"
Wed May 9 17:51:58 2007 : Debug: sql: accounting_update_query = "UPDATE
radacct SET FramedIPAddress = '%{Framed-IP-Address}',
AcctSessionTime = '%{Acct-Session-Time}', AcctInputOctets =
'%{Acct-Input-Octets}', AcctOutputOctets = '%{Acct-Output-Octets}'
WHERE AcctSessionId = '%{Acct-Session-Id}' AND UserName
= '%{SQL-User-Name}' AND NASIPAddress= '%{NAS-IP-Address}'"
Wed May 9 17:51:58 2007 : Debug: sql: accounting_update_query_alt =
"INSERT into radacct (AcctSessionId, AcctUniqueId, UserName, Realm,
NASIPAddress, NASPortId, NASPortType, AcctStartTime, AcctSessionTime,
AcctAuthentic, ConnectInfo_start, AcctInputOctets, AcctOutputOctets,
CalledStationId, CallingStationId, ServiceType, FramedProtocol,
FramedIPAddress, AcctStartDelay) values('%{Acct-Session-Id}',
'%{Acct-Unique-Session-Id}', '%{SQL-User-Name}', '%{Realm}',
'%{NAS-IP-Address}', '%{NAS-Port}', '%{NAS-Port-Type}',
DATE_SUB('%S',INTERVAL (%{Acct-Session-Time:-0} + %{Acct-Delay-Time:-0})
SECOND), '%{Acct-Session-Time}', '%{Acct-Authentic}', '',
'%{Acct-Input-Octets}', '%{Acct-Output-Octets}', '%{Called-Station-Id}',
'%{Calling-Station-Id}', '%{Service-Type}', '%{Framed-Protocol}',
'%{Framed-IP-Address}', '0')"
Wed May 9 17:51:58 2007 : Debug: sql: accounting_start_query = "INSERT
into radacct (AcctSessionId, AcctUniqueId, UserName, Realm, NASIPAddress,
NASPortId, NASPortType, AcctStartTime, AcctStopTime, AcctSessionTime,
AcctAuthentic, ConnectInfo_start, ConnectInfo_stop, AcctInputOctets,
AcctOutputOctets, CalledStationId, CallingStationId, AcctTerminateCause,
ServiceType, FramedProtocol, FramedIPAddress, AcctStartDelay, AcctStopDelay)
values('%{Acct-Session-Id}', '%{Acct-Unique-Session-Id}',
'%{SQL-User-Name}', '%{Realm}', '%{NAS-IP-Address}', '%{NAS-Port}',
'%{NAS-Port-Type}', '%S', '0', '0', '%{Acct-Authentic}', '%{Connect-Info}',
'', '0', '0', '%{Called-Station-Id}', '%{Calling-Station-Id}', '',
'%{Service-Type}', '%{Framed-Protocol}', '%{Framed-IP-Address}',
'%{Acct-Delay-Time}', '0')"
Wed May 9 17:51:58 2007 : Debug: sql: accounting_start_query_alt = "UPDATE
radacct SET AcctStartTime = '%S', AcctStartDelay = '%{Acct-Delay-Time}',
ConnectInfo_start = '%{Connect-Info}' WHERE AcctSessionId =
'%{Acct-Session-Id}' AND UserName = '%{SQL-User-Name}' AND NASIPAddress =
'%{NAS-IP-Address}'"
Wed May 9 17:51:58 2007 : Debug: sql: accounting_stop_query = "UPDATE
radacct SET AcctStopTime = '%S', AcctSessionTime = '%{Acct-Session-Time}',
AcctInputOctets = '%{Acct-Input-Octets}', AcctOutputOctets =
'%{Acct-Output-Octets}', AcctTerminateCause = '%{Acct-Terminate-Cause}',
AcctStopDelay = '%{Acct-Delay-Time}', ConnectInfo_stop = '%{Connect-Info}'
WHERE AcctSessionId = '%{Acct-Session-Id}' AND UserName = '%{SQL-User-Name}'
AND NASIPAddress = '%{NAS-IP-Address}'"
Wed May 9 17:51:58 2007 : Debug: sql: accounting_stop_query_alt = "INSERT
into radacct (AcctSessionId, AcctUniqueId, UserName, Realm, NASIPAddress,
NASPortId, NASPortType, AcctStartTime, AcctStopTime, AcctSessionTime,
AcctAuthentic, ConnectInfo_start, ConnectInfo_stop, AcctInputOctets,
AcctOutputOctets, CalledStationId, CallingStationId, AcctTerminateCause,
ServiceType, FramedProtocol, FramedIPAddress, AcctStartDelay, AcctStopDelay)
values('%{Acct-Session-Id}', '%{Acct-Unique-Session-Id}',
'%{SQL-User-Name}', '%{Realm}', '%{NAS-IP-Address}', '%{NAS-Port}',
'%{NAS-Port-Type}', DATE_SUB('%S', INTERVAL (%{Acct-Session-Time:-0} +
%{Acct-Delay-Time:-0}) SECOND), '%S', '%{Acct-Session-Time}',
'%{Acct-Authentic}', '', '%{Connect-Info}', '%{Acct-Input-Octets}',
'%{Acct-Output-Octets}', '%{Called-Station-Id}', '%{Calling-Station-Id}',
'%{Acct-Terminate-Cause}', '%{Service-Type}', '%{Framed-Protocol}',
'%{Framed-IP-Address}', '0', '%{Acct-Delay-Time}')"
Wed May 9 17:51:58 2007 : Debug: sql: group_membership_query = "SELECT
GroupName FROM usergroup WHERE UserName='%{SQL-User-Name}'"
Wed May 9 17:51:58 2007 : Debug: sql: connect_failure_retry_delay = 60
Wed May 9 17:51:58 2007 : Debug: sql: simul_count_query = ""
Wed May 9 17:51:58 2007 : Debug: sql: simul_verify_query = "SELECT
RadAcctId, AcctSessionId, UserName, NASIPAddress, NASPortId,
FramedIPAddress, CallingStationId, FramedProtocol FROM radacct WHERE
UserName='%{SQL-User-Name}' AND AcctStopTime = 0"
Wed May 9 17:51:58 2007 : Debug: sql: postauth_query = "INSERT into
radpostauth (id, user, pass, reply, date) values ('', '%{User-Name}',
'%{User-Password:-Chap-Password}', '%{reply:Packet-Type}', NOW())"
Wed May 9 17:51:58 2007 : Debug: sql: safe-characters =
"@abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789.-_: /"
Wed May 9 17:51:58 2007 : Info: rlm_sql (sql): Driver rlm_sql_mysql (module
rlm_sql_mysql) loaded and linked
Wed May 9 17:51:58 2007 : Info: rlm_sql (sql): Attempting to connect to
radius@localhost:/radius
Wed May 9 17:51:58 2007 : Debug: rlm_sql (sql): starting 0
Wed May 9 17:51:58 2007 : Debug: rlm_sql (sql): Attempting to connect
rlm_sql_mysql #0
Wed May 9 17:51:58 2007 : Info: rlm_sql_mysql: Starting connect to MySQL
server for #0
Wed May 9 17:51:58 2007 : Debug: rlm_sql (sql): Connected new DB handle, #0
Wed May 9 17:51:58 2007 : Debug: rlm_sql (sql): starting 1
Wed May 9 17:51:58 2007 : Debug: rlm_sql (sql): Attempting to connect
rlm_sql_mysql #1
Wed May 9 17:51:58 2007 : Info: rlm_sql_mysql: Starting connect to MySQL
server for #1
Wed May 9 17:51:58 2007 : Debug: rlm_sql (sql): Connected new DB handle, #1
Wed May 9 17:51:58 2007 : Debug: rlm_sql (sql): starting 2
Wed May 9 17:51:58 2007 : Debug: rlm_sql (sql): Attempting to connect
rlm_sql_mysql #2
Wed May 9 17:51:58 2007 : Info: rlm_sql_mysql: Starting connect to MySQL
server for #2
Wed May 9 17:51:58 2007 : Debug: rlm_sql (sql): Connected new DB handle, #2
Wed May 9 17:51:58 2007 : Debug: rlm_sql (sql): starting 3
Wed May 9 17:51:58 2007 : Debug: rlm_sql (sql): Attempting to connect
rlm_sql_mysql #3
Wed May 9 17:51:58 2007 : Info: rlm_sql_mysql: Starting connect to MySQL
server for #3
Wed May 9 17:51:58 2007 : Debug: rlm_sql (sql): Connected new DB handle, #3
Wed May 9 17:51:58 2007 : Debug: rlm_sql (sql): starting 4
Wed May 9 17:51:58 2007 : Debug: rlm_sql (sql): Attempting to connect
rlm_sql_mysql #4
Wed May 9 17:51:58 2007 : Info: rlm_sql_mysql: Starting connect to MySQL
server for #4
Wed May 9 17:51:58 2007 : Debug: rlm_sql (sql): Connected new DB handle, #4
Wed May 9 17:51:58 2007 : Debug: Module: Instantiated sql (sql)
Wed May 9 17:51:58 2007 : Debug: Module: Loaded Acct-Unique-Session-Id
Wed May 9 17:51:58 2007 : Debug: acct_unique: key = "User-Name,
Acct-Session-Id, NAS-IP-Address, Client-IP-Address, NAS-Port"
Wed May 9 17:51:58 2007 : Debug: Module: Instantiated acct_unique
(acct_unique)
Wed May 9 17:51:58 2007 : Debug: Module: Loaded detail
Wed May 9 17:51:58 2007 : Debug: detail: detailfile =
"/var/log/freeradius/radacct/%{Client-IP-Address}/detail-%Y%m%d"
Wed May 9 17:51:58 2007 : Debug: detail: detailperm = 384
Wed May 9 17:51:58 2007 : Debug: detail: dirperm = 493
Wed May 9 17:51:58 2007 : Debug: detail: locking = no
Wed May 9 17:51:58 2007 : Debug: Module: Instantiated detail (detail)
Wed May 9 17:51:58 2007 : Debug: Module: Loaded System
Wed May 9 17:51:58 2007 : Debug: unix: cache = no
Wed May 9 17:51:58 2007 : Debug: unix: passwd = "(null)"
Wed May 9 17:51:58 2007 : Debug: unix: shadow = "/etc/shadow"
Wed May 9 17:51:58 2007 : Debug: unix: group = "(null)"
Wed May 9 17:51:58 2007 : Debug: unix: radwtmp =
"/var/log/freeradius/radwtmp"
Wed May 9 17:51:58 2007 : Debug: unix: usegroup = no
Wed May 9 17:51:58 2007 : Debug: unix: cache_reload = 600
Wed May 9 17:51:58 2007 : Debug: Module: Instantiated unix (unix)
Wed May 9 17:51:58 2007 : Debug: Module: Loaded radutmp
Wed May 9 17:51:58 2007 : Debug: radutmp: filename =
"/var/log/freeradius/radutmp"
Wed May 9 17:51:58 2007 : Debug: radutmp: username = "%{User-Name}"
Wed May 9 17:51:58 2007 : Debug: radutmp: case_sensitive = yes
Wed May 9 17:51:58 2007 : Debug: radutmp: check_with_nas = yes
Wed May 9 17:51:58 2007 : Debug: radutmp: perm = 384
Wed May 9 17:51:58 2007 : Debug: radutmp: callerid = yes
Wed May 9 17:51:58 2007 : Debug: Module: Instantiated radutmp (radutmp)
Wed May 9 17:51:58 2007 : Debug: Listening on authentication
192.168.0.1:1812
Wed May 9 17:51:58 2007 : Debug: Listening on accounting 192.168.0.1:1813
Wed May 9 17:51:58 2007 : Info: Ready to process requests.
rad_recv: Access-Request packet from host 192.168.0.254:1039, id=71,
length=201
Framed-MTU = 1480
NAS-IP-Address = 172.17.1.10
NAS-Identifier = "CIS2650"
User-Name = "david"
Service-Type = Framed-User
Framed-Protocol = PPP
NAS-Port = 39
NAS-Port-Type = Ethernet
NAS-Port-Id = "39"
Called-Station-Id = "00-19-bb-6a-2d-80"
Calling-Station-Id = "00-11-25-d6-ab-1a"
Connect-Info = "CONNECT Ethernet 100Mbps Full duplex"
Tunnel-Type:0 = VLAN
Tunnel-Medium-Type:0 = IEEE-802
Tunnel-Private-Group-Id:0 = "3"
EAP-Message = 0x0201000c0170726174657369
Message-Authenticator = 0x0bce6099ad4417ee86a75d1549a6b2f2
Wed May 9 17:54:37 2007 : Debug: Processing the authorize section of
radiusd.conf
Wed May 9 17:54:37 2007 : Debug: modcall: entering group authorize for
request 0
Wed May 9 17:54:37 2007 : Debug: modsingle[authorize]: calling preprocess
(rlm_preprocess) for request 0
Wed May 9 17:54:37 2007 : Debug: modsingle[authorize]: returned from
preprocess (rlm_preprocess) for request 0
Wed May 9 17:54:37 2007 : Debug: modcall[authorize]: module "preprocess"
returns ok for request 0
Wed May 9 17:54:37 2007 : Debug: modsingle[authorize]: calling chap
(rlm_chap) for request 0
Wed May 9 17:54:37 2007 : Debug: modsingle[authorize]: returned from chap
(rlm_chap) for request 0
Wed May 9 17:54:37 2007 : Debug: modcall[authorize]: module "chap"
returns noop for request 0
Wed May 9 17:54:37 2007 : Debug: modsingle[authorize]: calling mschap
(rlm_mschap) for request 0
Wed May 9 17:54:37 2007 : Debug: modsingle[authorize]: returned from
mschap (rlm_mschap) for request 0
Wed May 9 17:54:37 2007 : Debug: modcall[authorize]: module "mschap"
returns noop for request 0
Wed May 9 17:54:37 2007 : Debug: modsingle[authorize]: calling suffix
(rlm_realm) for request 0
Wed May 9 17:54:37 2007 : Debug: rlm_realm: No '@' in User-Name =
"david", looking up realm NULL
Wed May 9 17:54:37 2007 : Debug: rlm_realm: No such realm "NULL"
Wed May 9 17:54:37 2007 : Debug: modsingle[authorize]: returned from
suffix (rlm_realm) for request 0
Wed May 9 17:54:37 2007 : Debug: modcall[authorize]: module "suffix"
returns noop for request 0
Wed May 9 17:54:37 2007 : Debug: modsingle[authorize]: calling eap
(rlm_eap) for request 0
Wed May 9 17:54:37 2007 : Debug: rlm_eap: EAP packet type response id 1
length 12
Wed May 9 17:54:37 2007 : Debug: rlm_eap: No EAP Start, assuming it's an
on-going EAP conversation
Wed May 9 17:54:37 2007 : Debug: modsingle[authorize]: returned from eap
(rlm_eap) for request 0
Wed May 9 17:54:37 2007 : Debug: modcall[authorize]: module "eap" returns
updated for request 0
Wed May 9 17:54:37 2007 : Debug: modsingle[authorize]: calling sql
(rlm_sql) for request 0
Wed May 9 17:54:37 2007 : Debug: radius_xlat: 'david'
Wed May 9 17:54:37 2007 : Debug: rlm_sql (sql): sql_set_user escaped user
--> 'david'
Wed May 9 17:54:37 2007 : Debug: radius_xlat: 'SELECT id, UserName,
Attribute, Value, op FROM radcheck WHERE Username =
'david' ORDER BY id'
Wed May 9 17:54:37 2007 : Debug: rlm_sql (sql): Reserving sql socket id: 4
Wed May 9 17:54:37 2007 : Debug: radius_xlat: 'SELECT
radgroupcheck.id,radgroupcheck.GroupName,radgroupcheck.Attribute,radgroupcheck.Value,radgroupcheck.op
FROM radgroupcheck,usergroup WHERE usergroup.Username = 'david' AND
usergroup.GroupName = radgroupcheck.GroupName ORDER BY radgroupcheck.id'
Wed May 9 17:54:37 2007 : Debug: radius_xlat: 'SELECT id, UserName,
Attribute, Value, op FROM radreply WHERE Username =
'david' ORDER BY id'
Wed May 9 17:54:37 2007 : Debug: radius_xlat: 'SELECT
radgroupreply.id,radgroupreply.GroupName,radgroupreply.Attribute,radgroupreply.Value,radgroupreply.op
FROM radgroupreply,usergroup WHERE usergroup.Username = 'david' AND
usergroup.GroupName = radgroupreply.GroupName ORDER BY radgroupreply.id'
Wed May 9 17:54:37 2007 : Debug: rlm_sql (sql): Released sql socket id: 4
Wed May 9 17:54:37 2007 : Debug: modsingle[authorize]: returned from sql
(rlm_sql) for request 0
Wed May 9 17:54:37 2007 : Debug: modcall[authorize]: module "sql" returns
ok for request 0
Wed May 9 17:54:37 2007 : Debug: modcall: leaving group authorize (returns
updated) for request 0
Wed May 9 17:54:37 2007 : Debug: rad_check_password: Found Auth-Type EAP
Wed May 9 17:54:37 2007 : Debug: auth: type "EAP"
Wed May 9 17:54:37 2007 : Debug: Processing the authenticate section of
radiusd.conf
Wed May 9 17:54:37 2007 : Debug: modcall: entering group authenticate for
request 0
Wed May 9 17:54:37 2007 : Debug: modsingle[authenticate]: calling eap
(rlm_eap) for request 0
Wed May 9 17:54:37 2007 : Debug: rlm_eap: EAP Identity
Wed May 9 17:54:37 2007 : Debug: rlm_eap: processing type tls
Wed May 9 17:54:37 2007 : Debug: rlm_eap_tls: Initiate
Wed May 9 17:54:37 2007 : Debug: rlm_eap_tls: Start returned 1
Wed May 9 17:54:37 2007 : Debug: modsingle[authenticate]: returned from
eap (rlm_eap) for request 0
Wed May 9 17:54:37 2007 : Debug: modcall[authenticate]: module "eap"
returns handled for request 0
Wed May 9 17:54:37 2007 : Debug: modcall: leaving group authenticate
(returns handled) for request 0
Sending Access-Challenge of id 71 to 192.168.0.254 port 1039
Tunnel-Type:0 = VLAN
Tunnel-Medium-Type:0 = IEEE-802
Tunnel-Private-Group-Id:0 = "1"
EAP-Message = 0x010200061920
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x1d29dc63e3727a27017d56d212ebbe51
Wed May 9 17:54:37 2007 : Debug: Finished request 0
Wed May 9 17:54:37 2007 : Debug: Going to the next request
Wed May 9 17:54:37 2007 : Debug: --- Walking the entire request list ---
Wed May 9 17:54:37 2007 : Debug: Waking up in 6 seconds...
rad_recv: Access-Request packet from host 192.168.0.254:1039, id=72,
length=287
Framed-MTU = 1480
NAS-IP-Address = 172.17.1.10
NAS-Identifier = "CIS2650"
User-Name = "david"
Service-Type = Framed-User
Framed-Protocol = PPP
NAS-Port = 39
NAS-Port-Type = Ethernet
NAS-Port-Id = "39"
Called-Station-Id = "00-19-bb-6a-2d-80"
Calling-Station-Id = "00-11-25-d6-ab-1a"
Connect-Info = "CONNECT Ethernet 100Mbps Full duplex"
Tunnel-Type:0 = VLAN
Tunnel-Medium-Type:0 = IEEE-802
Tunnel-Private-Group-Id:0 = "3"
State = 0x1d29dc63e3727a27017d56d212ebbe51
EAP-Message =
0x0202005019800000004616030100410100003d03014641eeacad5de1cf91cb82312b724ce969405f00152ecb9fe36317d9e794505500001600040005000a000900640062000300060013001200630100
Message-Authenticator = 0x848b664f7ebf5d0c45b92e1ea6dcbf29
Wed May 9 17:54:37 2007 : Debug: Processing the authorize section of
radiusd.conf
Wed May 9 17:54:37 2007 : Debug: modcall: entering group authorize for
request 1
Wed May 9 17:54:37 2007 : Debug: modsingle[authorize]: calling preprocess
(rlm_preprocess) for request 1
Wed May 9 17:54:37 2007 : Debug: modsingle[authorize]: returned from
preprocess (rlm_preprocess) for request 1
Wed May 9 17:54:37 2007 : Debug: modcall[authorize]: module "preprocess"
returns ok for request 1
Wed May 9 17:54:37 2007 : Debug: modsingle[authorize]: calling chap
(rlm_chap) for request 1
Wed May 9 17:54:37 2007 : Debug: modsingle[authorize]: returned from chap
(rlm_chap) for request 1
Wed May 9 17:54:37 2007 : Debug: modcall[authorize]: module "chap"
returns noop for request 1
Wed May 9 17:54:37 2007 : Debug: modsingle[authorize]: calling mschap
(rlm_mschap) for request 1
Wed May 9 17:54:37 2007 : Debug: modsingle[authorize]: returned from
mschap (rlm_mschap) for request 1
Wed May 9 17:54:37 2007 : Debug: modcall[authorize]: module "mschap"
returns noop for request 1
Wed May 9 17:54:37 2007 : Debug: modsingle[authorize]: calling suffix
(rlm_realm) for request 1
Wed May 9 17:54:37 2007 : Debug: rlm_realm: No '@' in User-Name =
"david", looking up realm NULL
Wed May 9 17:54:37 2007 : Debug: rlm_realm: No such realm "NULL"
Wed May 9 17:54:37 2007 : Debug: modsingle[authorize]: returned from
suffix (rlm_realm) for request 1
Wed May 9 17:54:37 2007 : Debug: modcall[authorize]: module "suffix"
returns noop for request 1
Wed May 9 17:54:37 2007 : Debug: modsingle[authorize]: calling eap
(rlm_eap) for request 1
Wed May 9 17:54:37 2007 : Debug: rlm_eap: EAP packet type response id 2
length 80
Wed May 9 17:54:37 2007 : Debug: rlm_eap: No EAP Start, assuming it's an
on-going EAP conversation
Wed May 9 17:54:37 2007 : Debug: modsingle[authorize]: returned from eap
(rlm_eap) for request 1
Wed May 9 17:54:37 2007 : Debug: modcall[authorize]: module "eap" returns
updated for request 1
Wed May 9 17:54:37 2007 : Debug: modsingle[authorize]: calling sql
(rlm_sql) for request 1
Wed May 9 17:54:37 2007 : Debug: radius_xlat: 'david'
Wed May 9 17:54:37 2007 : Debug: rlm_sql (sql): sql_set_user escaped user
--> 'david'
Wed May 9 17:54:37 2007 : Debug: radius_xlat: 'SELECT id, UserName,
Attribute, Value, op FROM radcheck WHERE Username =
'david' ORDER BY id'
Wed May 9 17:54:37 2007 : Debug: rlm_sql (sql): Reserving sql socket id: 3
Wed May 9 17:54:37 2007 : Debug: radius_xlat: 'SELECT
radgroupcheck.id,radgroupcheck.GroupName,radgroupcheck.Attribute,radgroupcheck.Value,radgroupcheck.op
FROM radgroupcheck,usergroup WHERE usergroup.Username = 'david' AND
usergroup.GroupName = radgroupcheck.GroupName ORDER BY radgroupcheck.id'
Wed May 9 17:54:37 2007 : Debug: radius_xlat: 'SELECT id, UserName,
Attribute, Value, op FROM radreply WHERE Username =
'david' ORDER BY id'
Wed May 9 17:54:37 2007 : Debug: radius_xlat: 'SELECT
radgroupreply.id,radgroupreply.GroupName,radgroupreply.Attribute,radgroupreply.Value,radgroupreply.op
FROM radgroupreply,usergroup WHERE usergroup.Username = 'david' AND
usergroup.GroupName = radgroupreply.GroupName ORDER BY radgroupreply.id'
Wed May 9 17:54:37 2007 : Debug: rlm_sql (sql): Released sql socket id: 3
Wed May 9 17:54:37 2007 : Debug: modsingle[authorize]: returned from sql
(rlm_sql) for request 1
Wed May 9 17:54:37 2007 : Debug: modcall[authorize]: module "sql" returns
ok for request 1
Wed May 9 17:54:37 2007 : Debug: modcall: leaving group authorize (returns
updated) for request 1
Wed May 9 17:54:37 2007 : Debug: rad_check_password: Found Auth-Type EAP
Wed May 9 17:54:37 2007 : Debug: auth: type "EAP"
Wed May 9 17:54:37 2007 : Debug: Processing the authenticate section of
radiusd.conf
Wed May 9 17:54:37 2007 : Debug: modcall: entering group authenticate for
request 1
Wed May 9 17:54:37 2007 : Debug: modsingle[authenticate]: calling eap
(rlm_eap) for request 1
Wed May 9 17:54:37 2007 : Debug: rlm_eap: Request found, released from
the list
Wed May 9 17:54:37 2007 : Debug: rlm_eap: EAP/peap
Wed May 9 17:54:37 2007 : Debug: rlm_eap: processing type peap
Wed May 9 17:54:37 2007 : Debug: rlm_eap_peap: Authenticate
Wed May 9 17:54:37 2007 : Debug: rlm_eap_tls: processing TLS
Wed May 9 17:54:37 2007 : Debug: rlm_eap_tls: Length Included
Wed May 9 17:54:37 2007 : Debug: eaptls_verify returned 11
Wed May 9 17:54:37 2007 : Debug: (other): before/accept initialization
Wed May 9 17:54:37 2007 : Debug: TLS_accept: before/accept
initialization
Wed May 9 17:54:37 2007 : Debug: rlm_eap_tls: <<< TLS 1.0 Handshake
[length 0041], ClientHello
Wed May 9 17:54:37 2007 : Debug: TLS_accept: SSLv3 read client hello A
Wed May 9 17:54:37 2007 : Debug: rlm_eap_tls: >>> TLS 1.0 Handshake
[length 004a], ServerHello
Wed May 9 17:54:37 2007 : Debug: TLS_accept: SSLv3 write server hello A
Wed May 9 17:54:37 2007 : Debug: rlm_eap_tls: >>> TLS 1.0 Handshake
[length 0346], Certificate
Wed May 9 17:54:37 2007 : Debug: TLS_accept: SSLv3 write certificate A
Wed May 9 17:54:37 2007 : Debug: rlm_eap_tls: >>> TLS 1.0 Handshake
[length 0004], ServerHelloDone
Wed May 9 17:54:37 2007 : Debug: TLS_accept: SSLv3 write server done A
Wed May 9 17:54:37 2007 : Debug: TLS_accept: SSLv3 flush data
Wed May 9 17:54:37 2007 : Error: TLS_accept:error in SSLv3 read client
certificate A
Wed May 9 17:54:37 2007 : Error: rlm_eap: SSL error
error:00000000:lib(0):func(0):reason(0)
Wed May 9 17:54:37 2007 : Debug: In SSL Handshake Phase
Wed May 9 17:54:37 2007 : Debug: In SSL Accept mode
Wed May 9 17:54:37 2007 : Debug: eaptls_process returned 13
Wed May 9 17:54:37 2007 : Debug: rlm_eap_peap: EAPTLS_HANDLED
Wed May 9 17:54:37 2007 : Debug: modsingle[authenticate]: returned from
eap (rlm_eap) for request 1
Wed May 9 17:54:37 2007 : Debug: modcall[authenticate]: module "eap"
returns handled for request 1
Wed May 9 17:54:37 2007 : Debug: modcall: leaving group authenticate
(returns handled) for request 1
Sending Access-Challenge of id 72 to 192.168.0.254 port 1039
Tunnel-Type:0 = VLAN
Tunnel-Medium-Type:0 = IEEE-802
Tunnel-Private-Group-Id:0 = "1"
EAP-Message =
0x010303a91900160301004a0200004603014641eebd4b0257f30568312508ce9d844da2ab8cdbc40e8bbfc011c7854f405e20d80a80e573f163f60573e9abfe1cf11719e3ebf6f8aa6607cac262017cc3521f00040016030103460b00034200033f00033c3082033830820220a003020102020102300d06092a864886f70d01010505003053310b3009060355040613024155311330110603550408130a536f6d652d53746174653121301f060355040a1318496e7465726e6574205769646769747320507479204c7464310c300a06035504031303636973301e170d3037303530333038303232355a170d3038303530323038303232355a3053310b30
EAP-Message =
0x09060355040613024155311330110603550408130a536f6d652d53746174653121301f060355040a1318496e7465726e6574205769646769747320507479204c7464310c300a0603550403130363697330820122300d06092a864886f70d01010105000382010f003082010a0282010100be1f23b9bf021191c28df0d121a868f37aa0ed8650dfd3525c9bfd9782dd4528e7f670981ee608eb3c3b01334cff4532b4b59b3b132e71abdf2634bf00fc7234404f255291e3888816de19ea9c80b283a52d0f8cace67230d172f7ddcea6e0bd6793924b5d1c98c7cb80ea60f9a9b97757bf90420dcd25ddb79a500f4ef79f59dd0ae5b81fb6522f8d042a31
EAP-Message =
0x6d2f0720a8dc00f73ad27bc737294cac8eeb7c914a7afa577c1532e34712f752a7a77e65e45350cf88a9d366f4d9bcc9ff4bb7611938a20f8534655fbfe0d205ef65eb408c91e3b1988d19144227aa8081ddcc94854619e0daadc64e0460d18ccaff05ac3163c3ca681aff1fcb62bab71a771a230203010001a317301530130603551d25040c300a06082b06010505070301300d06092a864886f70d01010505000382010100339dc8986a5c60e942fcf5e76230fde8b3e75d73a8fc182512262617ec74b358d20452512e25bfc44d594cfaa100674207adb9f267d369ff7d5a6deb558b7cbd538aa5ccd4b44030be51acde4dc3ac940ec4c37335f277
EAP-Message =
0x5246554e7c031fd501578b605daa683c51c0d38c12b48f088b2360a2bd6f4ae8edaf53617335befcb7e3eafe8c99e6adcd944b9e6da0a21acb056763d11b6e32a53d6bb3bb93d6dbfb8cc373f07f6efb2e9cf38ced2b04a43af28a00432d3bd936276b26a0f66540af127ed392a6cd83b89626ddcad0c090af2f239e05127baf8df9659dba0f0280415a9a6569c23dcbc22f3c2a2922826f56e5b1bd90f2a4c979ac2e52efb019932e16030100040e000000
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xc5018df96803d9ee44a6047b590c6057
Wed May 9 17:54:37 2007 : Debug: Finished request 1
Wed May 9 17:54:37 2007 : Debug: Going to the next request
Wed May 9 17:54:37 2007 : Debug: Waking up in 6 seconds...
rad_recv: Access-Request packet from host 192.168.0.254:1039, id=73,
length=213
Framed-MTU = 1480
NAS-IP-Address = 172.17.1.10
NAS-Identifier = "CIS2650"
User-Name = "david"
Service-Type = Framed-User
Framed-Protocol = PPP
NAS-Port = 39
NAS-Port-Type = Ethernet
NAS-Port-Id = "39"
Called-Station-Id = "00-19-bb-6a-2d-80"
Calling-Station-Id = "00-11-25-d6-ab-1a"
Connect-Info = "CONNECT Ethernet 100Mbps Full duplex"
Tunnel-Type:0 = VLAN
Tunnel-Medium-Type:0 = IEEE-802
Tunnel-Private-Group-Id:0 = "3"
State = 0xc5018df96803d9ee44a6047b590c6057
EAP-Message = 0x020300061900
Message-Authenticator = 0x1ada415bcaa4a23684361400292abc59
Wed May 9 17:54:38 2007 : Debug: Processing the authorize section of
radiusd.conf
Wed May 9 17:54:38 2007 : Debug: modcall: entering group authorize for
request 2
Wed May 9 17:54:38 2007 : Debug: modsingle[authorize]: calling preprocess
(rlm_preprocess) for request 2
Wed May 9 17:54:38 2007 : Debug: modsingle[authorize]: returned from
preprocess (rlm_preprocess) for request 2
Wed May 9 17:54:38 2007 : Debug: modcall[authorize]: module "preprocess"
returns ok for request 2
Wed May 9 17:54:38 2007 : Debug: modsingle[authorize]: calling chap
(rlm_chap) for request 2
Wed May 9 17:54:38 2007 : Debug: modsingle[authorize]: returned from chap
(rlm_chap) for request 2
Wed May 9 17:54:38 2007 : Debug: modcall[authorize]: module "chap"
returns noop for request 2
Wed May 9 17:54:38 2007 : Debug: modsingle[authorize]: calling mschap
(rlm_mschap) for request 2
Wed May 9 17:54:38 2007 : Debug: modsingle[authorize]: returned from
mschap (rlm_mschap) for request 2
Wed May 9 17:54:38 2007 : Debug: modcall[authorize]: module "mschap"
returns noop for request 2
Wed May 9 17:54:38 2007 : Debug: modsingle[authorize]: calling suffix
(rlm_realm) for request 2
Wed May 9 17:54:38 2007 : Debug: rlm_realm: No '@' in User-Name =
"david", looking up realm NULL
Wed May 9 17:54:38 2007 : Debug: rlm_realm: No such realm "NULL"
Wed May 9 17:54:38 2007 : Debug: modsingle[authorize]: returned from
suffix (rlm_realm) for request 2
Wed May 9 17:54:38 2007 : Debug: modcall[authorize]: module "suffix"
returns noop for request 2
Wed May 9 17:54:38 2007 : Debug: modsingle[authorize]: calling eap
(rlm_eap) for request 2
Wed May 9 17:54:38 2007 : Debug: rlm_eap: EAP packet type response id 3
length 6
Wed May 9 17:54:38 2007 : Debug: rlm_eap: No EAP Start, assuming it's an
on-going EAP conversation
Wed May 9 17:54:38 2007 : Debug: modsingle[authorize]: returned from eap
(rlm_eap) for request 2
Wed May 9 17:54:38 2007 : Debug: modcall[authorize]: module "eap" returns
updated for request 2
Wed May 9 17:54:38 2007 : Debug: modsingle[authorize]: calling sql
(rlm_sql) for request 2
Wed May 9 17:54:38 2007 : Debug: radius_xlat: 'david'
Wed May 9 17:54:38 2007 : Debug: rlm_sql (sql): sql_set_user escaped user
--> 'david'
Wed May 9 17:54:38 2007 : Debug: radius_xlat: 'SELECT id, UserName,
Attribute, Value, op FROM radcheck WHERE Username =
'david' ORDER BY id'
Wed May 9 17:54:38 2007 : Debug: rlm_sql (sql): Reserving sql socket id: 2
Wed May 9 17:54:38 2007 : Debug: radius_xlat: 'SELECT
radgroupcheck.id,radgroupcheck.GroupName,radgroupcheck.Attribute,radgroupcheck.Value,radgroupcheck.op
FROM radgroupcheck,usergroup WHERE usergroup.Username = 'david' AND
usergroup.GroupName = radgroupcheck.GroupName ORDER BY radgroupcheck.id'
Wed May 9 17:54:38 2007 : Debug: radius_xlat: 'SELECT id, UserName,
Attribute, Value, op FROM radreply WHERE Username =
'david' ORDER BY id'
Wed May 9 17:54:38 2007 : Debug: radius_xlat: 'SELECT
radgroupreply.id,radgroupreply.GroupName,radgroupreply.Attribute,radgroupreply.Value,radgroupreply.op
FROM radgroupreply,usergroup WHERE usergroup.Username = 'david' AND
usergroup.GroupName = radgroupreply.GroupName ORDER BY radgroupreply.id'
Wed May 9 17:54:38 2007 : Debug: rlm_sql (sql): Released sql socket id: 2
Wed May 9 17:54:38 2007 : Debug: modsingle[authorize]: returned from sql
(rlm_sql) for request 2
Wed May 9 17:54:38 2007 : Debug: modcall[authorize]: module "sql" returns
ok for request 2
Wed May 9 17:54:38 2007 : Debug: modcall: leaving group authorize (returns
updated) for request 2
Wed May 9 17:54:38 2007 : Debug: rad_check_password: Found Auth-Type EAP
Wed May 9 17:54:38 2007 : Debug: auth: type "EAP"
Wed May 9 17:54:38 2007 : Debug: Processing the authenticate section of
radiusd.conf
Wed May 9 17:54:38 2007 : Debug: modcall: entering group authenticate for
request 2
Wed May 9 17:54:38 2007 : Debug: modsingle[authenticate]: calling eap
(rlm_eap) for request 2
Wed May 9 17:54:38 2007 : Debug: rlm_eap: Request found, released from
the list
Wed May 9 17:54:38 2007 : Debug: rlm_eap: EAP/peap
Wed May 9 17:54:38 2007 : Debug: rlm_eap: processing type peap
Wed May 9 17:54:38 2007 : Debug: rlm_eap_peap: Authenticate
Wed May 9 17:54:38 2007 : Debug: rlm_eap_tls: processing TLS
Wed May 9 17:54:38 2007 : Debug: rlm_eap_tls: Received EAP-TLS ACK message
Wed May 9 17:54:38 2007 : Debug: rlm_eap_tls: ack handshake fragment
handler
Wed May 9 17:54:38 2007 : Debug: eaptls_verify returned 1
Wed May 9 17:54:38 2007 : Debug: eaptls_process returned 13
Wed May 9 17:54:38 2007 : Debug: rlm_eap_peap: EAPTLS_HANDLED
Wed May 9 17:54:38 2007 : Debug: modsingle[authenticate]: returned from
eap (rlm_eap) for request 2
Wed May 9 17:54:38 2007 : Debug: modcall[authenticate]: module "eap"
returns handled for request 2
Wed May 9 17:54:38 2007 : Debug: modcall: leaving group authenticate
(returns handled) for request 2
Sending Access-Challenge of id 73 to 192.168.0.254 port 1039
Tunnel-Type:0 = VLAN
Tunnel-Medium-Type:0 = IEEE-802
Tunnel-Private-Group-Id:0 = "1"
EAP-Message = 0x010400061900
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xe7a8882c93b992e5d2c3b9eab695e62a
Wed May 9 17:54:38 2007 : Debug: Finished request 2
Wed May 9 17:54:38 2007 : Debug: Going to the next request
Wed May 9 17:54:38 2007 : Debug: --- Walking the entire request list ---
Wed May 9 17:54:38 2007 : Debug: Waking up in 5 seconds...
Wed May 9 17:54:43 2007 : Debug: --- Walking the entire request list ---
Wed May 9 17:54:43 2007 : Debug: Cleaning up request 0 ID 71 with timestamp
4641eebd
Wed May 9 17:54:43 2007 : Debug: Cleaning up request 1 ID 72 with timestamp
4641eebd
Wed May 9 17:54:43 2007 : Debug: Waking up in 1 seconds...
Wed May 9 17:54:44 2007 : Debug: --- Walking the entire request list ---
Wed May 9 17:54:44 2007 : Debug: Cleaning up request 2 ID 73 with timestamp
4641eebe
Wed May 9 17:54:44 2007 : Debug: Nothing to do. Sleeping until we see a
request.
david
_________________________________________________________________
Personalizza la tua casella di posta con Windows Live Hotmail!
http://imagine-windowslive.com/hotmail/default.aspx?locale=it#5
3
2
Dear All,
I need to execute two queries using radius in sql.conf.
i tried to put two queries like this :
in the file i have accounting_update_query_alt = "query_1"
i made it accounting_update_query_alt = "query_1 ; query_2"
but i got an error from MySql concerning the second section '; query_2'
how can i do it ??
Thanks
Amr el-Saeed
1
0
Hi all
I am trying to do eap-tls authentication with 1.1.6.My xp client is saying attempting to authenticate.
So in the output i got when i tried to connect in debug mode is
Starting - reading configuration files ...
reread_config: reading radiusd.conf
Config: including file: /etc/raddb/proxy.conf
Config: including file: /etc/raddb/clients.conf
Config: including file: /etc/raddb/snmp.conf
Config: including file: /etc/raddb/eap.conf
Config: including file: /etc/raddb/sql.conf
main: prefix = \\\"/usr/local\\\"
main: localstatedir = \\\"/usr/local/var\\\"
main: logdir = \\\"/usr/local/var/log/radius\\\"
main: libdir = \\\"/usr/local/lib\\\"
main: radacctdir = \\\"/usr/local/var/log/radius/radacct\\\"
main: hostname_lookups = no
main: snmp = no
main: max_request_time = 30
main: cleanup_delay = 5
main: max_requests = 1024
main: delete_blocked_requests = 0
main: port = 0
main: allow_core_dumps = no
main: log_stripped_names = no
main: log_file = \\\"/usr/local/var/log/radius/radius.log\\\"
main: log_auth = no
main: log_auth_badpass = no
main: log_auth_goodpass = no
main: pidfile = \\\"/usr/local/var/run/radiusd/radiusd.pid\\\"
main: user = \\\"(null)\\\"
main: group = \\\"(null)\\\"
main: usercollide = no
main: lower_user = \\\"no\\\"
main: lower_pass = \\\"no\\\"
main: nospace_user = \\\"no\\\"
main: nospace_pass = \\\"no\\\"
main: checkrad = \\\"/usr/local/sbin/checkrad\\\"
main: proxy_requests = yes
proxy: retry_delay = 5
proxy: retry_count = 3
proxy: synchronous = no
proxy: default_fallback = yes
proxy: dead_time = 120
proxy: post_proxy_authorize = no
proxy: wake_all_if_all_dead = no
security: max_attributes = 200
security: reject_delay = 1
security: status_server = no
main: debug_level = 0
read_config_files: reading dictionary
read_config_files: reading naslist
Using deprecated naslist file. Support for this will go away soon.
read_config_files: reading clients
read_config_files: reading realms
radiusd: entering modules setup
Module: Library search path is /usr/local/lib
Module: Loaded exec
exec: wait = yes
exec: program = \\\"(null)\\\"
exec: input_pairs = \\\"request\\\"
exec: output_pairs = \\\"(null)\\\"
exec: packet_type = \\\"(null)\\\"
rlm_exec: Wait=yes but no output defined. Did you mean output=none?
Module: Instantiated exec (exec)
Module: Loaded expr
Module: Instantiated expr (expr)
Module: Loaded System
unix: cache = no
unix: passwd = \\\"(null)\\\"
unix: shadow = \\\"(null)\\\"
unix: group = \\\"(null)\\\"
unix: radwtmp = \\\"/usr/local/var/log/radius/radwtmp\\\"
unix: usegroup = no
unix: cache_reload = 600
Module: Instantiated unix (unix)
Module: Loaded eap
eap: default_eap_type = \\\"tls\\\"
eap: timer_expire = 60
eap: ignore_unknown_eap_types = no
eap: cisco_accounting_username_bug = no
tls: rsa_key_exchange = no
tls: dh_key_exchange = yes
tls: rsa_key_length = 512
tls: dh_key_length = 512
tls: verify_depth = 0
tls: CA_path = \\\"(null)\\\"
tls: pem_file_type = yes
tls: private_key_file = \\\"/etc/1x/07xwifi.pem\\\"
tls: certificate_file = \\\"/etc/1x/07xwifi.pem\\\"
tls: CA_file = \\\"/etc/1x/root.pem\\\"
tls: private_key_password = \\\"password\\\"
tls: dh_file = \\\"/etc/1x/DH\\\"
tls: random_file = \\\"/etc/1x/random\\\"
tls: fragment_size = 1024
tls: include_length = yes
tls: check_crl = no
tls: check_cert_cn = \\\"(null)\\\"
tls: cipher_list = \\\"(null)\\\"
tls: check_cert_issuer = \\\"(null)\\\"
rlm_eap_tls: Loading the certificate file as a chain
rlm_eap: Loaded and initialized type tls
Module: Instantiated eap (eap)
Module: Loaded preprocess
preprocess: huntgroups = \\\"/etc/raddb/huntgroups\\\"
preprocess: hints = \\\"/etc/raddb/hints\\\"
preprocess: with_ascend_hack = no
preprocess: ascend_channels_per_line = 23
preprocess: with_ntdomain_hack = no
preprocess: with_specialix_jetstream_hack = no
preprocess: with_cisco_vsa_hack = no
preprocess: with_alvarion_vsa_hack = no
Module: Instantiated preprocess (preprocess)
Module: Loaded realm
realm: format = \\\"suffix\\\"
realm: delimiter = \\\"@\\\"
realm: ignore_default = no
realm: ignore_null = no
Module: Instantiated realm (suffix)
Module: Loaded files
files: usersfile = \\\"/etc/raddb/users\\\"
files: acctusersfile = \\\"/etc/raddb/acct_users\\\"
files: preproxy_usersfile = \\\"/etc/raddb/preproxy_users\\\"
files: compat = \\\"no\\\"
Module: Instantiated files (files)
Module: Loaded PAP
pap: encryption_scheme = \\\"crypt\\\"
pap: auto_header = yes
Module: Instantiated pap (pap)
Module: Loaded Acct-Unique-Session-Id
acct_unique: key = \\\"User-Name, Acct-Session-Id, NAS-IP-Address,
Client-IP-Addre ss, NAS-Port\\\"
Module: Instantiated acct_unique (acct_unique)
Module: Loaded detail
detail: detailfile =
\\\"/usr/local/var/log/radius/radacct/%{Client-IP-Address}/de
tail-%Y%m%d\\\"
detail: detailperm = 384
detail: dirperm = 493
detail: locking = no
Module: Instantiated detail (detail)
Module: Loaded radutmp
radutmp: filename = \\\"/usr/local/var/log/radius/radutmp\\\"
radutmp: username = \\\"%{User-Name}\\\"
radutmp: case_sensitive = yes
radutmp: check_with_nas = yes
radutmp: perm = 384
radutmp: callerid = yes
Module: Instantiated radutmp (radutmp)
Listening on authentication *:1812
Listening on accounting *:1813
Ready to process requests.
rad_recv: Access-Request packet from host 192.168.0.50:1026, id=0, length=197
Message-Authenticator = 0x58682b62b2334fb6e661df414bc30e61
Service-Type = Framed-User
User-Name = \\\"anoop07\\\"
Framed-MTU = 1488
Called-Station-Id = \\\"00-0F-3D-AF-DD-C2:default\\\"
Calling-Station-Id = \\\"00-0E-35-F3-A1-67\\\"
NAS-Identifier = \\\"D-Link Access Point\\\"
NAS-Port-Type = Wireless-802.11
Connect-Info = \\\"CONNECT 54Mbps 802.11g\\\"
EAP-Message = 0x0200000c01616e6f6f703037
NAS-IP-Address = 192.168.0.50
NAS-Port = 1
NAS-Port-Id = \\\"STA port # 1\\\"
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 0
modcall[authorize]: module \\\"preprocess\\\" returns ok for request 0
rlm_realm: No \\\'@\\\' in User-Name = \\\"anoop07\\\", looking up realm
NULL
rlm_realm: No such realm \\\"NULL\\\"
modcall[authorize]: module \\\"suffix\\\" returns noop for request 0
rlm_eap: EAP packet type response id 0 length 12
rlm_eap: No EAP Start, assuming it\\\'s an on-going EAP conversation
modcall[authorize]: module \\\"eap\\\" returns updated for request 0
users: Matched entry DEFAULT at line 153
users: Matched entry DEFAULT at line 172
modcall[authorize]: module \\\"files\\\" returns ok for request 0
rlm_pap: WARNING! No \\\"known good\\\" password found for the user.
Authentication m ay fail because of this.
modcall[authorize]: module \\\"pap\\\" returns noop for request 0
modcall: leaving group authorize (returns updated) for request 0
rad_check_password: Found Auth-Type EAP
auth: type \\\"EAP\\\"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 0
rlm_eap: EAP Identity
rlm_eap: processing type tls
rlm_eap_tls: Requiring client certificate
rlm_eap_tls: Initiate
rlm_eap_tls: Start returned 1
modcall[authenticate]: module \\\"eap\\\" returns handled for request 0
modcall: leaving group authenticate (returns handled) for request 0
Sending Access-Challenge of id 0 to 192.168.0.50 port 1026
Framed-IP-Address = 255.255.255.254
Framed-MTU = 576
Service-Type = Framed-User
EAP-Message = 0x010100060d20
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xf149907fc590a6e39f01cbbd9619107b
Finished request 0
Going to the next request
--- Walking the entire request list ---
Waking up in 6 seconds...
rad_recv: Access-Request packet from host 192.168.0.50:1026, id=1, length=299
Message-Authenticator = 0x4fd5a9fe11d848f8f7a1324997be4a8e
Service-Type = Framed-User
User-Name = \\\"anoop07\\\"
Framed-MTU = 1488
State = 0xf149907fc590a6e39f01cbbd9619107b
Called-Station-Id = \\\"00-0F-3D-AF-DD-C2:default\\\"
Calling-Station-Id = \\\"00-0E-35-F3-A1-67\\\"
NAS-Identifier = \\\"D-Link Access Point\\\"
NAS-Port-Type = Wireless-802.11
Connect-Info = \\\"CONNECT 54Mbps 802.11g\\\"
EAP-Message = 0x020100600d800000005616030100510100004d03014642cb0590f008
20866efd284d568c69cde48b6530bced71bd7a674a2a46e36e103102d6b9e079cbcf0242e2192803
fe40001600040005000a000900640062000300060013001200630100
NAS-IP-Address = 192.168.0.50
NAS-Port = 1
NAS-Port-Id = \\\"STA port # 1\\\"
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 1
modcall[authorize]: module \\\"preprocess\\\" returns ok for request 1
rlm_realm: No \\\'@\\\' in User-Name = \\\"anoop07\\\", looking up realm
NULL
rlm_realm: No such realm \\\"NULL\\\"
modcall[authorize]: module \\\"suffix\\\" returns noop for request 1
rlm_eap: EAP packet type response id 1 length 96
rlm_eap: No EAP Start, assuming it\\\'s an on-going EAP conversation
modcall[authorize]: module \\\"eap\\\" returns updated for request 1
users: Matched entry DEFAULT at line 153
users: Matched entry DEFAULT at line 172
modcall[authorize]: module \\\"files\\\" returns ok for request 1
rlm_pap: WARNING! No \\\"known good\\\" password found for the user.
Authentication m ay fail because of this.
modcall[authorize]: module \\\"pap\\\" returns noop for request 1
modcall: leaving group authorize (returns updated) for request 1
rad_check_password: Found Auth-Type EAP
auth: type \\\"EAP\\\"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 1
rlm_eap: Request found, released from the list
rlm_eap: EAP/tls
rlm_eap: processing type tls
rlm_eap_tls: Authenticate
rlm_eap_tls: processing TLS
rlm_eap_tls: Length Included
eaptls_verify returned 11
(other): before/accept initialization
TLS_accept: before/accept initialization
rlm_eap_tls: <<< TLS 1.0 Handshake [length 0051], ClientHello
TLS_accept: SSLv3 read client hello A
rlm_eap_tls: >>> TLS 1.0 Handshake [length 004a], ServerHello
TLS_accept: SSLv3 write server hello A
rlm_eap_tls: >>> TLS 1.0 Handshake [length 04bf], Certificate
TLS_accept: SSLv3 write certificate A
rlm_eap_tls: >>> TLS 1.0 Handshake [length 004c], CertificateRequest
TLS_accept: SSLv3 write certificate request A
TLS_accept: SSLv3 flush data
TLS_accept: Need to read more data: SSLv3 read client certificate A
In SSL Handshake Phase
In SSL Accept mode
eaptls_process returned 13
modcall[authenticate]: module \\\"eap\\\" returns handled for request 1
modcall: leaving group authenticate (returns handled) for request 1
Sending Access-Challenge of id 1 to 192.168.0.50 port 1026
Framed-IP-Address = 255.255.255.254
Framed-MTU = 576
Service-Type = Framed-User
EAP-Message = 0x0102040a0dc000000564160301004a0200004603014642cb066051eb
4f14285a58bcd1249829d97ad27f846524d57f7a25b0a3981720143a0cfecdd12ac8ec78c09d87f3
05ba498dcfe95c07b2b76e9b8510cfc644fd00040016030104bf0b0004bb0004b800022c30820228
30820191a003020102020101300d06092a864886f70d0101040500303b310b300906035504061302
494e310b300906035504081302544e310d300b060355040a1304536966793110300e060355040313
0730377877696669301e170d3037303131323135333533305a170d3038303131323135333533305a
3060310b300906035504061302494e310b3009060355040813
EAP-Message = 0x02544e310d300b060355040a1304536966793110300e060355040313
07303778776966693123302106092a864886f70d0109011614616e6f6f705f634073696679636f72
702e636f6d30819f300d06092a864886f70d010101050003818d0030818902818100d2bbbe35bc8a
47709632284aff484695385e69c3522f63da46834f9586a420bda380889693fa77fedd9ed4290e6f
9ff4436721775294fc65a38fea098f18975b34b5063de27220e18a07d433cbb6e19aeb3f84b012f7
c20071dd280457a932634bbe50f438cc2ee6f4d65fa395a10bdecc4bf9087979ec45af000940e186
ed290203010001a317301530130603551d25040c300a06082b
EAP-Message = 0x06010505070301300d06092a864886f70d0101040500038181000afe
a7f2a8a9cffe60baa8f779353c523457f8237faeff81ba5f2c22664c70b6b2fb58c8967ca4a4c847
b80e1d5a6cc4558ffa1d161614f374d8b5efd565aa66045b192b3ac3da82c81c4a99fc10cfe473f9
ac258ef99b16cbd335004677694a05addae48c6a9dcdb26b86ddb56c635266c33c7de75865435326
92e5220d30b100028630820282308201eba003020102020100300d06092a864886f70d0101040500
303b310b300906035504061302494e310b300906035504081302544e310d300b060355040a130453
6966793110300e0603550403130730377877696669301e170d
EAP-Message = 0x3037303131323135333435305a170d3038303131323135333435305a
303b310b300906035504061302494e310b300906035504081302544e310d300b060355040a130453
6966793110300e060355040313073037787769666930819f300d06092a864886f70d010101050003
818d0030818902818100ba8b07a479bb6ce9adf2d8bc6ac9cf214506dfc039cb10c3b4d27d1bbc08
2caff0bb77424819728977f04b32e231a3c4755a65823b366f1a604f15ce6c499883ab7d2757a5a2
c07a11e75b7a00d6c55a8fb7443b202a25a3cdaad39579b2d8f4c09c974056f0c8666fff754d5748
36fcaf105200fcd5df5158e2b387310c4ed90203010001a381
EAP-Message = 0x95308192301d0603551d0e041604149eda6f69065423
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x2fdcf333629491d0e1c1ee647458de64
Finished request 1
Going to the next request
Waking up in 6 seconds...
rad_recv: Access-Request packet from host 192.168.0.50:1026, id=2, length=209
Message-Authenticator = 0x4ad9312009d92ce8a0efb591a5179928
Service-Type = Framed-User
User-Name = \\\"anoop07\\\"
Framed-MTU = 1488
State = 0x2fdcf333629491d0e1c1ee647458de64
Called-Station-Id = \\\"00-0F-3D-AF-DD-C2:default\\\"
Calling-Station-Id = \\\"00-0E-35-F3-A1-67\\\"
NAS-Identifier = \\\"D-Link Access Point\\\"
NAS-Port-Type = Wireless-802.11
Connect-Info = \\\"CONNECT 54Mbps 802.11g\\\"
EAP-Message = 0x020200060d00
NAS-IP-Address = 192.168.0.50
NAS-Port = 1
NAS-Port-Id = \\\"STA port # 1\\\"
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 2
modcall[authorize]: module \\\"preprocess\\\" returns ok for request 2
rlm_realm: No \\\'@\\\' in User-Name = \\\"anoop07\\\", looking up realm
NULL
rlm_realm: No such realm \\\"NULL\\\"
modcall[authorize]: module \\\"suffix\\\" returns noop for request 2
rlm_eap: EAP packet type response id 2 length 6
rlm_eap: No EAP Start, assuming it\\\'s an on-going EAP conversation
modcall[authorize]: module \\\"eap\\\" returns updated for request 2
users: Matched entry DEFAULT at line 153
users: Matched entry DEFAULT at line 172
modcall[authorize]: module \\\"files\\\" returns ok for request 2
rlm_pap: WARNING! No \\\"known good\\\" password found for the user.
Authentication m ay fail because of this.
modcall[authorize]: module \\\"pap\\\" returns noop for request 2
modcall: leaving group authorize (returns updated) for request 2
rad_check_password: Found Auth-Type EAP
auth: type \\\"EAP\\\"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 2
rlm_eap: Request found, released from the list
rlm_eap: EAP/tls
rlm_eap: processing type tls
rlm_eap_tls: Authenticate
rlm_eap_tls: processing TLS
rlm_eap_tls: Received EAP-TLS ACK message
rlm_eap_tls: ack handshake fragment handler
eaptls_verify returned 1
eaptls_process returned 13
modcall[authenticate]: module \\\"eap\\\" returns handled for request 2
modcall: leaving group authenticate (returns handled) for request 2
Sending Access-Challenge of id 2 to 192.168.0.50 port 1026
Framed-IP-Address = 255.255.255.254
Framed-MTU = 576
Service-Type = Framed-User
EAP-Message = 0x0103016e0d80000005647ec1c9e4d07a608e0e6dcd730f3063060355
1d23045c305a80149eda6f690654237ec1c9e4d07a608e0e6dcd730fa13fa43d303b310b30090603
5504061302494e310b300906035504081302544e310d300b060355040a1304536966793110300e06
03550403130730377877696669820100300c0603551d13040530030101ff300d06092a864886f70d
0101040500038181006b514f008b6a77757fc73ddbe9d54e4ea925a1ab9ce80ad7895d6d19661d8b
8558d0e359876aac023aa52d4273e00407b9b588b30dbc35c5911bc89d2d99677e0ec8dea17fece3
5d0b4dfab8775ba73eaeb0a0998bcdf1437cff0a1031f6a5b1
EAP-Message = 0x7e8bcdc01e2e964cb256f49d947eea2cfd42989aef397fa438be294f
a3dc7a3d160301004c0d000044020102003f003d303b310b300906035504061302494e310b300906
035504081302544e310d300b060355040a1304536966793110300e06035504031307303778776966
690e000000
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x8312be86097e0bba014e67facd670e26
Finished request 2
Going to the next request
Waking up in 6 seconds...
rad_recv: Access-Request packet from host 192.168.0.50:1026, id=3, length=209
Message-Authenticator = 0xd1d028ef0c35ada1104dae076b233114
Service-Type = Framed-User
User-Name = \\\"anoop07\\\"
Framed-MTU = 1488
State = 0x8312be86097e0bba014e67facd670e26
Called-Station-Id = \\\"00-0F-3D-AF-DD-C2:default\\\"
Calling-Station-Id = \\\"00-0E-35-F3-A1-67\\\"
NAS-Identifier = \\\"D-Link Access Point\\\"
NAS-Port-Type = Wireless-802.11
Connect-Info = \\\"CONNECT 54Mbps 802.11g\\\"
EAP-Message = 0x020300060d00
NAS-IP-Address = 192.168.0.50
NAS-Port = 1
NAS-Port-Id = \\\"STA port # 1\\\"
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 3
modcall[authorize]: module \\\"preprocess\\\" returns ok for request 3
rlm_realm: No \\\'@\\\' in User-Name = \\\"anoop07\\\", looking up realm
NULL
rlm_realm: No such realm \\\"NULL\\\"
modcall[authorize]: module \\\"suffix\\\" returns noop for request 3
rlm_eap: EAP packet type response id 3 length 6
rlm_eap: No EAP Start, assuming it\\\'s an on-going EAP conversation
modcall[authorize]: module \\\"eap\\\" returns updated for request 3
users: Matched entry DEFAULT at line 153
users: Matched entry DEFAULT at line 172
modcall[authorize]: module \\\"files\\\" returns ok for request 3
rlm_pap: WARNING! No \\\"known good\\\" password found for the user.
Authentication m ay fail because of this.
modcall[authorize]: module \\\"pap\\\" returns noop for request 3
modcall: leaving group authorize (returns updated) for request 3
rad_check_password: Found Auth-Type EAP
auth: type \\\"EAP\\\"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 3
rlm_eap: Request found, released from the list
rlm_eap: EAP/tls
rlm_eap: processing type tls
rlm_eap_tls: Authenticate
rlm_eap_tls: processing TLS
rlm_eap_tls: Received EAP-TLS ACK message
rlm_eap_tls: ack handshake fragment handler
eaptls_verify returned 1
eaptls_process returned 13
modcall[authenticate]: module \\\"eap\\\" returns handled for request 3
modcall: leaving group authenticate (returns handled) for request 3
Sending Access-Challenge of id 3 to 192.168.0.50 port 1026
Framed-IP-Address = 255.255.255.254
Framed-MTU = 576
Service-Type = Framed-User
EAP-Message = 0x0104000a0d8000000000
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xc08d54ac02795c8e31c2f7865a609bd5
Finished request 3
Going to the next request
Waking up in 6 seconds...
--- Walking the entire request list ---
Cleaning up request 0 ID 0 with timestamp 4642cb06
Cleaning up request 1 ID 1 with timestamp 4642cb06
Cleaning up request 2 ID 2 with timestamp 4642cb06
Cleaning up request 3 ID 3 with timestamp 4642cb06
Nothing to do. Sleeping until we see a request.
[root@anoop raddb]#
Regards
Anoop
essage: 3
Date: Thu, 10 May 2007 11:45:42 +0200
From: inverse <inverse(a)ngi.it>
Subject: Re: eap-tls authentication with free radius 1.1.5
To: \"FreeRadius users mailing list\"
<freeradius-users(a)lists.freeradius.org>
Message-ID:
<32deb3e30705100245t4c9ff9cay66d7c99ea0e34a44(a)mail.gmail.com>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
On 5/10/07, anoop_c(a)sifycorp.com <anoop_c(a)sifycorp.com> wrote:
anoop, please fix your quoting.
Configurations are not interchangeable between the snapshot tree,
1.1.5 and 1.1.6
1
0
Dear all
With free radius 1.1.6 i am getting the following debug messages.Still authnticationi is not happenig
[root@anoop raddb]# radiusd -X
Starting - reading configuration files ...
reread_config: reading radiusd.conf
Config: including file: /etc/raddb/proxy.conf
Config: including file: /etc/raddb/clients.conf
Config: including file: /etc/raddb/snmp.conf
Config: including file: /etc/raddb/eap.conf
Config: including file: /etc/raddb/sql.conf
main: prefix = \"/usr/local\"
main: localstatedir = \"/usr/local/var\"
main: logdir = \"/usr/local/var/log/radius\"
main: libdir = \"/usr/local/lib\"
main: radacctdir = \"/usr/local/var/log/radius/radacct\"
main: hostname_lookups = no
main: snmp = no
main: max_request_time = 30
main: cleanup_delay = 5
main: max_requests = 1024
main: delete_blocked_requests = 0
main: port = 0
main: allow_core_dumps = no
main: log_stripped_names = no
main: log_file = \"/usr/local/var/log/radius/radius.log\"
main: log_auth = no
main: log_auth_badpass = no
main: log_auth_goodpass = no
main: pidfile = \"/usr/local/var/run/radiusd/radiusd.pid\"
main: user = \"(null)\"
main: group = \"(null)\"
main: usercollide = no
main: lower_user = \"no\"
main: lower_pass = \"no\"
main: nospace_user = \"no\"
main: nospace_pass = \"no\"
main: checkrad = \"/usr/local/sbin/checkrad\"
main: proxy_requests = yes
proxy: retry_delay = 5
proxy: retry_count = 3
proxy: synchronous = no
proxy: default_fallback = yes
proxy: dead_time = 120
proxy: post_proxy_authorize = no
proxy: wake_all_if_all_dead = no
security: max_attributes = 200
security: reject_delay = 1
security: status_server = no
main: debug_level = 0
read_config_files: reading dictionary
read_config_files: reading naslist
Using deprecated naslist file. Support for this will go away soon.
read_config_files: reading clients
read_config_files: reading realms
radiusd: entering modules setup
Module: Library search path is /usr/local/lib
Module: Loaded exec
exec: wait = yes
exec: program = \"(null)\"
exec: input_pairs = \"request\"
exec: output_pairs = \"(null)\"
exec: packet_type = \"(null)\"
rlm_exec: Wait=yes but no output defined. Did you mean output=none?
Module: Instantiated exec (exec)
Module: Loaded expr
Module: Instantiated expr (expr)
Module: Loaded System
unix: cache = no
unix: passwd = \"(null)\"
unix: shadow = \"(null)\"
unix: group = \"(null)\"
unix: radwtmp = \"/usr/local/var/log/radius/radwtmp\"
unix: usegroup = no
unix: cache_reload = 600
Module: Instantiated unix (unix)
Module: Loaded eap
eap: default_eap_type = \"tls\"
eap: timer_expire = 60
eap: ignore_unknown_eap_types = no
eap: cisco_accounting_username_bug = no
tls: rsa_key_exchange = no
tls: dh_key_exchange = yes
tls: rsa_key_length = 512
tls: dh_key_length = 512
tls: verify_depth = 0
tls: CA_path = \"(null)\"
tls: pem_file_type = yes
tls: private_key_file = \"/etc/1x/07xwifi.pem\"
tls: certificate_file = \"/etc/1x/07xwifi.pem\"
tls: CA_file = \"/etc/1x/root.pem\"
tls: private_key_password = \"password\"
tls: dh_file = \"/etc/1x/DH\"
tls: random_file = \"/etc/1x/random\"
tls: fragment_size = 1024
tls: include_length = yes
tls: check_crl = no
tls: check_cert_cn = \"(null)\"
tls: cipher_list = \"(null)\"
tls: check_cert_issuer = \"(null)\"
rlm_eap_tls: Loading the certificate file as a chain
rlm_eap: Loaded and initialized type tls
Module: Instantiated eap (eap)
Module: Loaded preprocess
preprocess: huntgroups = \"/etc/raddb/huntgroups\"
preprocess: hints = \"/etc/raddb/hints\"
preprocess: with_ascend_hack = no
preprocess: ascend_channels_per_line = 23
preprocess: with_ntdomain_hack = no
preprocess: with_specialix_jetstream_hack = no
preprocess: with_cisco_vsa_hack = no
preprocess: with_alvarion_vsa_hack = no
Module: Instantiated preprocess (preprocess)
Module: Loaded realm
realm: format = \"suffix\"
realm: delimiter = \"@\"
realm: ignore_default = no
realm: ignore_null = no
Module: Instantiated realm (suffix)
Module: Loaded files
files: usersfile = \"/etc/raddb/users\"
files: acctusersfile = \"/etc/raddb/acct_users\"
files: preproxy_usersfile = \"/etc/raddb/preproxy_users\"
files: compat = \"no\"
Module: Instantiated files (files)
Module: Loaded PAP
pap: encryption_scheme = \"crypt\"
pap: auto_header = yes
Module: Instantiated pap (pap)
Module: Loaded Acct-Unique-Session-Id
acct_unique: key = \"User-Name, Acct-Session-Id, NAS-IP-Address, Client-IP-Addre ss, NAS-Port\"
Module: Instantiated acct_unique (acct_unique)
Module: Loaded detail
detail: detailfile = \"/usr/local/var/log/radius/radacct/%{Client-IP-Address}/de tail-%Y%m%d\"
detail: detailperm = 384
detail: dirperm = 493
detail: locking = no
Module: Instantiated detail (detail)
Module: Loaded radutmp
radutmp: filename = \"/usr/local/var/log/radius/radutmp\"
radutmp: username = \"%{User-Name}\"
radutmp: case_sensitive = yes
radutmp: check_with_nas = yes
radutmp: perm = 384
radutmp: callerid = yes
Module: Instantiated radutmp (radutmp)
Listening on authentication *:1812
Listening on accounting *:1813
Ready to process requests.
rad_recv: Access-Request packet from host 192.168.0.50:1026, id=0, length=197
Message-Authenticator = 0x58682b62b2334fb6e661df414bc30e61
Service-Type = Framed-User
User-Name = \"anoop07\"
Framed-MTU = 1488
Called-Station-Id = \"00-0F-3D-AF-DD-C2:default\"
Calling-Station-Id = \"00-0E-35-F3-A1-67\"
NAS-Identifier = \"D-Link Access Point\"
NAS-Port-Type = Wireless-802.11
Connect-Info = \"CONNECT 54Mbps 802.11g\"
EAP-Message = 0x0200000c01616e6f6f703037
NAS-IP-Address = 192.168.0.50
NAS-Port = 1
NAS-Port-Id = \"STA port # 1\"
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 0
modcall[authorize]: module \"preprocess\" returns ok for request 0
rlm_realm: No \'@\' in User-Name = \"anoop07\", looking up realm NULL
rlm_realm: No such realm \"NULL\"
modcall[authorize]: module \"suffix\" returns noop for request 0
rlm_eap: EAP packet type response id 0 length 12
rlm_eap: No EAP Start, assuming it\'s an on-going EAP conversation
modcall[authorize]: module \"eap\" returns updated for request 0
users: Matched entry DEFAULT at line 153
users: Matched entry DEFAULT at line 172
modcall[authorize]: module \"files\" returns ok for request 0
rlm_pap: WARNING! No \"known good\" password found for the user. Authentication m ay fail because of this.
modcall[authorize]: module \"pap\" returns noop for request 0
modcall: leaving group authorize (returns updated) for request 0
rad_check_password: Found Auth-Type EAP
auth: type \"EAP\"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 0
rlm_eap: EAP Identity
rlm_eap: processing type tls
rlm_eap_tls: Requiring client certificate
rlm_eap_tls: Initiate
rlm_eap_tls: Start returned 1
modcall[authenticate]: module \"eap\" returns handled for request 0
modcall: leaving group authenticate (returns handled) for request 0
Sending Access-Challenge of id 0 to 192.168.0.50 port 1026
Framed-IP-Address = 255.255.255.254
Framed-MTU = 576
Service-Type = Framed-User
EAP-Message = 0x010100060d20
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xf149907fc590a6e39f01cbbd9619107b
Finished request 0
Going to the next request
--- Walking the entire request list ---
Waking up in 6 seconds...
rad_recv: Access-Request packet from host 192.168.0.50:1026, id=1, length=299
Message-Authenticator = 0x4fd5a9fe11d848f8f7a1324997be4a8e
Service-Type = Framed-User
User-Name = \"anoop07\"
Framed-MTU = 1488
State = 0xf149907fc590a6e39f01cbbd9619107b
Called-Station-Id = \"00-0F-3D-AF-DD-C2:default\"
Calling-Station-Id = \"00-0E-35-F3-A1-67\"
NAS-Identifier = \"D-Link Access Point\"
NAS-Port-Type = Wireless-802.11
Connect-Info = \"CONNECT 54Mbps 802.11g\"
EAP-Message = 0x020100600d800000005616030100510100004d03014642cb0590f008 20866efd284d568c69cde48b6530bced71bd7a674a2a46e36e103102d6b9e079cbcf0242e2192803 fe40001600040005000a000900640062000300060013001200630100
NAS-IP-Address = 192.168.0.50
NAS-Port = 1
NAS-Port-Id = \"STA port # 1\"
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 1
modcall[authorize]: module \"preprocess\" returns ok for request 1
rlm_realm: No \'@\' in User-Name = \"anoop07\", looking up realm NULL
rlm_realm: No such realm \"NULL\"
modcall[authorize]: module \"suffix\" returns noop for request 1
rlm_eap: EAP packet type response id 1 length 96
rlm_eap: No EAP Start, assuming it\'s an on-going EAP conversation
modcall[authorize]: module \"eap\" returns updated for request 1
users: Matched entry DEFAULT at line 153
users: Matched entry DEFAULT at line 172
modcall[authorize]: module \"files\" returns ok for request 1
rlm_pap: WARNING! No \"known good\" password found for the user. Authentication m ay fail because of this.
modcall[authorize]: module \"pap\" returns noop for request 1
modcall: leaving group authorize (returns updated) for request 1
rad_check_password: Found Auth-Type EAP
auth: type \"EAP\"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 1
rlm_eap: Request found, released from the list
rlm_eap: EAP/tls
rlm_eap: processing type tls
rlm_eap_tls: Authenticate
rlm_eap_tls: processing TLS
rlm_eap_tls: Length Included
eaptls_verify returned 11
(other): before/accept initialization
TLS_accept: before/accept initialization
rlm_eap_tls: <<< TLS 1.0 Handshake [length 0051], ClientHello
TLS_accept: SSLv3 read client hello A
rlm_eap_tls: >>> TLS 1.0 Handshake [length 004a], ServerHello
TLS_accept: SSLv3 write server hello A
rlm_eap_tls: >>> TLS 1.0 Handshake [length 04bf], Certificate
TLS_accept: SSLv3 write certificate A
rlm_eap_tls: >>> TLS 1.0 Handshake [length 004c], CertificateRequest
TLS_accept: SSLv3 write certificate request A
TLS_accept: SSLv3 flush data
TLS_accept: Need to read more data: SSLv3 read client certificate A
In SSL Handshake Phase
In SSL Accept mode
eaptls_process returned 13
modcall[authenticate]: module \"eap\" returns handled for request 1
modcall: leaving group authenticate (returns handled) for request 1
Sending Access-Challenge of id 1 to 192.168.0.50 port 1026
Framed-IP-Address = 255.255.255.254
Framed-MTU = 576
Service-Type = Framed-User
EAP-Message = 0x0102040a0dc000000564160301004a0200004603014642cb066051eb 4f14285a58bcd1249829d97ad27f846524d57f7a25b0a3981720143a0cfecdd12ac8ec78c09d87f3 05ba498dcfe95c07b2b76e9b8510cfc644fd00040016030104bf0b0004bb0004b800022c30820228 30820191a003020102020101300d06092a864886f70d0101040500303b310b300906035504061302 494e310b300906035504081302544e310d300b060355040a1304536966793110300e060355040313 0730377877696669301e170d3037303131323135333533305a170d3038303131323135333533305a 3060310b300906035504061302494e310b3009060355040813
EAP-Message = 0x02544e310d300b060355040a1304536966793110300e060355040313 07303778776966693123302106092a864886f70d0109011614616e6f6f705f634073696679636f72 702e636f6d30819f300d06092a864886f70d010101050003818d0030818902818100d2bbbe35bc8a 47709632284aff484695385e69c3522f63da46834f9586a420bda380889693fa77fedd9ed4290e6f 9ff4436721775294fc65a38fea098f18975b34b5063de27220e18a07d433cbb6e19aeb3f84b012f7 c20071dd280457a932634bbe50f438cc2ee6f4d65fa395a10bdecc4bf9087979ec45af000940e186 ed290203010001a317301530130603551d25040c300a06082b
EAP-Message = 0x06010505070301300d06092a864886f70d0101040500038181000afe a7f2a8a9cffe60baa8f779353c523457f8237faeff81ba5f2c22664c70b6b2fb58c8967ca4a4c847 b80e1d5a6cc4558ffa1d161614f374d8b5efd565aa66045b192b3ac3da82c81c4a99fc10cfe473f9 ac258ef99b16cbd335004677694a05addae48c6a9dcdb26b86ddb56c635266c33c7de75865435326 92e5220d30b100028630820282308201eba003020102020100300d06092a864886f70d0101040500 303b310b300906035504061302494e310b300906035504081302544e310d300b060355040a130453 6966793110300e0603550403130730377877696669301e170d
EAP-Message = 0x3037303131323135333435305a170d3038303131323135333435305a 303b310b300906035504061302494e310b300906035504081302544e310d300b060355040a130453 6966793110300e060355040313073037787769666930819f300d06092a864886f70d010101050003 818d0030818902818100ba8b07a479bb6ce9adf2d8bc6ac9cf214506dfc039cb10c3b4d27d1bbc08 2caff0bb77424819728977f04b32e231a3c4755a65823b366f1a604f15ce6c499883ab7d2757a5a2 c07a11e75b7a00d6c55a8fb7443b202a25a3cdaad39579b2d8f4c09c974056f0c8666fff754d5748 36fcaf105200fcd5df5158e2b387310c4ed90203010001a381
EAP-Message = 0x95308192301d0603551d0e041604149eda6f69065423
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x2fdcf333629491d0e1c1ee647458de64
Finished request 1
Going to the next request
Waking up in 6 seconds...
rad_recv: Access-Request packet from host 192.168.0.50:1026, id=2, length=209
Message-Authenticator = 0x4ad9312009d92ce8a0efb591a5179928
Service-Type = Framed-User
User-Name = \"anoop07\"
Framed-MTU = 1488
State = 0x2fdcf333629491d0e1c1ee647458de64
Called-Station-Id = \"00-0F-3D-AF-DD-C2:default\"
Calling-Station-Id = \"00-0E-35-F3-A1-67\"
NAS-Identifier = \"D-Link Access Point\"
NAS-Port-Type = Wireless-802.11
Connect-Info = \"CONNECT 54Mbps 802.11g\"
EAP-Message = 0x020200060d00
NAS-IP-Address = 192.168.0.50
NAS-Port = 1
NAS-Port-Id = \"STA port # 1\"
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 2
modcall[authorize]: module \"preprocess\" returns ok for request 2
rlm_realm: No \'@\' in User-Name = \"anoop07\", looking up realm NULL
rlm_realm: No such realm \"NULL\"
modcall[authorize]: module \"suffix\" returns noop for request 2
rlm_eap: EAP packet type response id 2 length 6
rlm_eap: No EAP Start, assuming it\'s an on-going EAP conversation
modcall[authorize]: module \"eap\" returns updated for request 2
users: Matched entry DEFAULT at line 153
users: Matched entry DEFAULT at line 172
modcall[authorize]: module \"files\" returns ok for request 2
rlm_pap: WARNING! No \"known good\" password found for the user. Authentication m ay fail because of this.
modcall[authorize]: module \"pap\" returns noop for request 2
modcall: leaving group authorize (returns updated) for request 2
rad_check_password: Found Auth-Type EAP
auth: type \"EAP\"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 2
rlm_eap: Request found, released from the list
rlm_eap: EAP/tls
rlm_eap: processing type tls
rlm_eap_tls: Authenticate
rlm_eap_tls: processing TLS
rlm_eap_tls: Received EAP-TLS ACK message
rlm_eap_tls: ack handshake fragment handler
eaptls_verify returned 1
eaptls_process returned 13
modcall[authenticate]: module \"eap\" returns handled for request 2
modcall: leaving group authenticate (returns handled) for request 2
Sending Access-Challenge of id 2 to 192.168.0.50 port 1026
Framed-IP-Address = 255.255.255.254
Framed-MTU = 576
Service-Type = Framed-User
EAP-Message = 0x0103016e0d80000005647ec1c9e4d07a608e0e6dcd730f3063060355 1d23045c305a80149eda6f690654237ec1c9e4d07a608e0e6dcd730fa13fa43d303b310b30090603 5504061302494e310b300906035504081302544e310d300b060355040a1304536966793110300e06 03550403130730377877696669820100300c0603551d13040530030101ff300d06092a864886f70d 0101040500038181006b514f008b6a77757fc73ddbe9d54e4ea925a1ab9ce80ad7895d6d19661d8b 8558d0e359876aac023aa52d4273e00407b9b588b30dbc35c5911bc89d2d99677e0ec8dea17fece3 5d0b4dfab8775ba73eaeb0a0998bcdf1437cff0a1031f6a5b1
EAP-Message = 0x7e8bcdc01e2e964cb256f49d947eea2cfd42989aef397fa438be294f a3dc7a3d160301004c0d000044020102003f003d303b310b300906035504061302494e310b300906 035504081302544e310d300b060355040a1304536966793110300e06035504031307303778776966 690e000000
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x8312be86097e0bba014e67facd670e26
Finished request 2
Going to the next request
Waking up in 6 seconds...
rad_recv: Access-Request packet from host 192.168.0.50:1026, id=3, length=209
Message-Authenticator = 0xd1d028ef0c35ada1104dae076b233114
Service-Type = Framed-User
User-Name = \"anoop07\"
Framed-MTU = 1488
State = 0x8312be86097e0bba014e67facd670e26
Called-Station-Id = \"00-0F-3D-AF-DD-C2:default\"
Calling-Station-Id = \"00-0E-35-F3-A1-67\"
NAS-Identifier = \"D-Link Access Point\"
NAS-Port-Type = Wireless-802.11
Connect-Info = \"CONNECT 54Mbps 802.11g\"
EAP-Message = 0x020300060d00
NAS-IP-Address = 192.168.0.50
NAS-Port = 1
NAS-Port-Id = \"STA port # 1\"
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 3
modcall[authorize]: module \"preprocess\" returns ok for request 3
rlm_realm: No \'@\' in User-Name = \"anoop07\", looking up realm NULL
rlm_realm: No such realm \"NULL\"
modcall[authorize]: module \"suffix\" returns noop for request 3
rlm_eap: EAP packet type response id 3 length 6
rlm_eap: No EAP Start, assuming it\'s an on-going EAP conversation
modcall[authorize]: module \"eap\" returns updated for request 3
users: Matched entry DEFAULT at line 153
users: Matched entry DEFAULT at line 172
modcall[authorize]: module \"files\" returns ok for request 3
rlm_pap: WARNING! No \"known good\" password found for the user. Authentication m ay fail because of this.
modcall[authorize]: module \"pap\" returns noop for request 3
modcall: leaving group authorize (returns updated) for request 3
rad_check_password: Found Auth-Type EAP
auth: type \"EAP\"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 3
rlm_eap: Request found, released from the list
rlm_eap: EAP/tls
rlm_eap: processing type tls
rlm_eap_tls: Authenticate
rlm_eap_tls: processing TLS
rlm_eap_tls: Received EAP-TLS ACK message
rlm_eap_tls: ack handshake fragment handler
eaptls_verify returned 1
eaptls_process returned 13
modcall[authenticate]: module \"eap\" returns handled for request 3
modcall: leaving group authenticate (returns handled) for request 3
Sending Access-Challenge of id 3 to 192.168.0.50 port 1026
Framed-IP-Address = 255.255.255.254
Framed-MTU = 576
Service-Type = Framed-User
EAP-Message = 0x0104000a0d8000000000
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xc08d54ac02795c8e31c2f7865a609bd5
Finished request 3
Going to the next request
Waking up in 6 seconds...
--- Walking the entire request list ---
Cleaning up request 0 ID 0 with timestamp 4642cb06
Cleaning up request 1 ID 1 with timestamp 4642cb06
Cleaning up request 2 ID 2 with timestamp 4642cb06
Cleaning up request 3 ID 3 with timestamp 4642cb06
Nothing to do. Sleeping until we see a request.
[root@anoop raddb]#
Wat is the meaning of
--- TLS_accept: SSLv3 write certificate request A
TLS_accept: SSLv3 flush data
TLS_accept: Need to read more data: SSLv3 read client certificate A
In SSL Handshake Phase
In SSL Accept mode
eaptls_process returned 13----
this in eap_process returned 13 in the debug log
as well as
---rlm_eap: No EAP Start, assuming it\'s an on-going EAP conversation----
Regards
Anoop
Quoting freeradius-users-request(a)lists.freeradius.org:
> Send Freeradius-Users mailing list submissions to
> freeradius-users(a)lists.freeradius.org
>
> To subscribe or unsubscribe via the World Wide Web, visit
> http://lists.freeradius.org/mailman/listinfo/freeradius-users
> or, via email, send a message with subject or body \'help\' to
> freeradius-users-request(a)lists.freeradius.org
>
> You can reach the person managing the list at
> freeradius-users-owner(a)lists.freeradius.org
>
> When replying, please edit your Subject line so it is more specific
> than \"Re: Contents of Freeradius-Users digest...\"
>
>
> Today\'s Topics:
>
> 1. RE: FR with MySQL - Stored Procedures (Gunther)
> 2. Re: freeradius & redback sms (Alan DeKok)
> 3. Re: Date expansion fails for inner encryption tunnel log
> files. (Alan DeKok)
> 4. Re: 1.1.6 with rlm_sqlippool: ip=[] len=0 (Alan DeKok)
> 5. Re: ttls problem (tevfik)
>
>
> ----------------------------------------------------------------------
>
> Message: 1
> Date: Thu, 10 May 2007 03:15:09 -0400
> From: \"Gunther\" <freeradius(a)caribsms.com>
> Subject: RE: FR with MySQL - Stored Procedures
> To: \"\'FreeRadius users mailing list\'\"
> <freeradius-users(a)lists.freeradius.org>
> Message-ID: <001a01c792d2$f23b79c0$0419a8c0@ultra3>
> Content-Type: text/plain; charset=\"US-ASCII\"
>
> Did some further research on the MySQL - FR Stored Procedure (SP)
> problem.
>
> When calling the SP, MySQL always returns two results. One is the
> actual
> result and
> the other is the number of affected rows, which is different to a
> normal
> e.g. SELECT query.
>
> SP:
> mysql> call CheckIt(\'myString\');
> +--------+
> | result |
> +--------+
> | 10 | (result is correct)
> +--------+
> 1 row in set (0.00 sec)
>
> Query OK, 0 rows affected (0.00 sec) <-- Result plus the number of
> affected
> rows!
>
> Normal Query:
> mysql> select 25 AS result;
> +--------+
> | result |
> +--------+
> | 25 |
> +--------+
> 1 row in set (0.00 sec) <--- Normal query with one result
>
> -------- MYSQL 5.0 Ref manual ----
> If you write C programs that use the CALL SQL statement to execute
> stored
> procedures that produce result sets, you must set the
> CLIENT_MULTI_RESULTS
> flag, either explicitly, or implicitly by setting
> CLIENT_MULTI_STATEMENTS
> when you call mysql_real_connect(). This is because each such stored
> procedure produces multiple results: the result sets returned by
> statements
> executed within the procedure, as well as a result to indicate the call
> status. To process the result of a CALL statement, use a loop that
> calls
> mysql_next_result() to determine whether there are more results.
>
> The following procedure outlines a suggested strategy for handling
> multiple
> statements:
> 1. Pass CLIENT_MULTI_STATEMENTS to mysql_real_connect(), to fully
> enable
> multiple-statement execution and multiple-result processing.
> 2. After calling mysql_query() or mysql_real_query() and verifying that
> it
> succeeds, enter a loop within which you process statement results.
> 3. For each iteration of the loop, handle the current statement
> result,
> retrieving either a result set or an affected-rows count. If an error
> occurs, exit the loop.
> 4. At the end of the loop, call mysql_next_result() to check whether
> another result exists and initiate retrieval for it if so. If no more
> results are available, exit the loop.
> ----------------------------------
>
> Just for a test, I added a very quick and dirty \'mysql_next_result\' into
> the
> sql_free_result function of
> \"sql_mysql.c\" in row 292 of FR 1.1.6, the same location Thomas used the
>
> .....
> if (sqlsocket->row == NULL) {
> return sql_check_error(mysql_errno(mysql_sock->sock));
> }
> mysql_next_result(mysql_sock->sock); /* eat the number of
> affected
> rows result */
> return 0;
> }
> .....
>
> As a result I do not get the 2014 error anymore and everything seems to
> be
> working fine.
> Since I do not really know the implications of just adding this
> command,
> maybe one of the experts
> could help out here.
>
> In an ealier posting 3 days ago I said that the problem is not really
> stored
> procedure related ...
> but it is! Once the SP is called at least once other queries will have
> errors too.
>
> Gunther
>
> FR 1.1.6 - MySQL 5.0.41 - CentOS 4.4
>
>
>
>
>
> ------------------------------
>
> Message: 2
> Date: Thu, 10 May 2007 09:27:45 +0200
> From: Alan DeKok <aland(a)deployingradius.com>
> Subject: Re: freeradius & redback sms
> To: FreeRadius users mailing list
> <freeradius-users(a)lists.freeradius.org>
> Message-ID: <4642C971.3060509(a)deployingradius.com>
> Content-Type: text/plain; charset=ISO-8859-1
>
> Samson Martinez wrote:
> > We are currently using a Redback SMS 500 to terminate PPPoE sessions
> for
> > client desktops. Up until now an older Steelbelted Radius server has
> > been used to authenticate RADIUS requests forwarded by the Redback
> and
> > it\'s worked ok. We want to transfer the RADIUS support to a
> freeradius
> > installation but I am having a bit of a fit trying to get it to work.
>
> See \"radsniff\" from the current release. Watch the packets going TO
> your old RADIUS server, and the responses comign BACK from it.
> Configure FreeRADIUS to respond to requests with the same attributes.
>
> The NAS has no idea which server you\'re running. All it sees is the
> attributes in the packet.
>
> The solution is to first find out what needs to be sent back, and
> then
> make FreeRADIUS send the correct response. There is no magic, and
> there
> is no need to fight with any configuration.
>
> The redback log looks like you\'re not sending back the correct
> attributes. If you don\'t know what attributes to send back, you WILL
> NOT be able to solve the problem.
>
> Alan DeKok.
> --
> http://deployingradius.com - The web site of the book
> http://deployingradius.com/blog/ - The blog
>
>
> ------------------------------
>
> Message: 3
> Date: Thu, 10 May 2007 09:39:36 +0200
> From: Alan DeKok <aland(a)deployingradius.com>
> Subject: Re: Date expansion fails for inner encryption tunnel log
> files.
> To: FreeRadius users mailing list
> <freeradius-users(a)lists.freeradius.org>
> Message-ID: <4642CC38.9050204(a)deployingradius.com>
> Content-Type: text/plain; charset=ISO-8859-1
>
> Arran Cudbard-Bell wrote:
> > Firstly is is possible to specify return codes for users files
> depending
> > on matched sections ? Or will the files module always return ok ?
>
> You can\'t specify return codes from the \"users\" file.
>
> > Secondly, whats considered decent throughput in terms of (serial)
> > requests per second...
> > With none of the SQL or LDAP checking i\'m getting around 300ish
> requests
> > per second ;
>
> That\'s a little low, to be honest. My tests on a dual core 1.8GHz
> intel show 25k PAP requests per second from localhost to localhost.
> That\'s rather different from what you\'re seeing.
>
> Unless you mean 300 full EAP-TLS/TTLS/PEAP authentications per
> second.
> That\'s pretty fast, considering that almost all of the CPU time is
> spent doing RSA key operations. And with 5-10 RADIUS packets per EAP
> authentication, that\'s 3k requests/s, not 300.
>
> > We have a user base of around 10,000 users with a absolute maximum of
>
> > 4,000 logged in at any one time, and two Dual Core 2.13ghz 64bit Apple
>
> > Xserves with basic load balancing.
> >
> > It\'s obvious that the SQL server is lagging behind, and the LDAP
> cluster
> > is on some ageing Xserves so probably isn\'t performing at it\'s
> peak...
> >
> > If you have any recommended figures that I could aim for, would be
> very
> > useful.
>
> For plain PAP: 10k+ requests/s would be expected. For EAP,
> substantially less than that.
>
> Alan DeKok.
> --
> http://deployingradius.com - The web site of the book
> http://deployingradius.com/blog/ - The blog
>
>
> ------------------------------
>
> Message: 4
> Date: Thu, 10 May 2007 09:40:13 +0200
> From: Alan DeKok <aland(a)deployingradius.com>
> Subject: Re: 1.1.6 with rlm_sqlippool: ip=[] len=0
> To: FreeRadius users mailing list
> <freeradius-users(a)lists.freeradius.org>
> Message-ID: <4642CC5D.7070602(a)deployingradius.com>
> Content-Type: text/plain; charset=ISO-8859-1
>
> Guilherme Franco wrote:
> > This was happening with 1.1.4 and I thought that 1.1.6 would
> correct
> > this.
> >
> > Wasn\'t 1.1.6 supposed to work this out?
>
> Which part of the ChangeLog said that?
>
> Alan DeKok.
> --
> http://deployingradius.com - The web site of the book
> http://deployingradius.com/blog/ - The blog
>
>
> ------------------------------
>
> Message: 5
> Date: Thu, 10 May 2007 00:41:14 -0700 (PDT)
> From: tevfik <tevfikkiziloren(a)gmail.com>
> Subject: Re: ttls problem
> To: freeradius-users(a)lists.freeradius.org
> Message-ID: <10408620.post(a)talk.nabble.com>
> Content-Type: text/plain; charset=us-ascii
>
>
> >did you configure SecureW2 to allow new connections?
>
> Yes i tried both combinations, nothing is changed.
>
> In addition to this when I enter correct username but wrong password, I
> got
> similar debug log which i lised below.
>
> I wasn\'t able to see any problem with ldap configuration because it
> works
> with radtest command. (That is when i entered correct usrname but wrong
> password, I got Access-Rejected message. When both of them was true, I
> got
> Access-Accepted)
>
> Is there a problem with my ldap configuration. Is there any weird
> message in
> my debug log?
>
> I am dealing with this thing about 20 days. Could anybody tell me whats
> wrong with it?
>
> Thanks in advance:
>
> My full debug log: (username was entered true, password was entered
> false )
> -------------------------------------------------------------------------------------------------
> ldap:~ # radiusd -X -A
> Starting - reading configuration files ...
> reread_config: reading radiusd.conf
> Config: including file: /etc/raddb/proxy.conf
> Config: including file: /etc/raddb/clients.conf
> Config: including file: /etc/raddb/snmp.conf
> Config: including file: /etc/raddb/eap.conf
> Config: including file: /etc/raddb/sql.conf
> main: prefix = \"/usr\"
> main: localstatedir = \"/var\"
> main: logdir = \"/var/log/radius\"
> main: libdir = \"/usr/lib/freeradius\"
> main: radacctdir = \"/var/log/radius/radacct\"
> main: hostname_lookups = no
> main: max_request_time = 30
> main: cleanup_delay = 5
> main: max_requests = 1024
> main: delete_blocked_requests = 0
> main: port = 0
> main: allow_core_dumps = no
> main: log_stripped_names = no
> main: log_file = \"/var/log/radius/radius.log\"
> main: log_auth = no
> main: log_auth_badpass = no
> main: log_auth_goodpass = no
> main: pidfile = \"/var/run/radiusd/radiusd.pid\"
> main: user = \"radiusd\"
> main: group = \"radiusd\"
> main: usercollide = no
> main: lower_user = \"no\"
> main: lower_pass = \"no\"
> main: nospace_user = \"no\"
> main: nospace_pass = \"no\"
> main: checkrad = \"/usr/sbin/checkrad\"
> main: proxy_requests = yes
> proxy: retry_delay = 5
> proxy: retry_count = 3
> proxy: synchronous = no
> proxy: default_fallback = yes
> proxy: dead_time = 120
> proxy: post_proxy_authorize = no
> proxy: wake_all_if_all_dead = no
> security: max_attributes = 200
> security: reject_delay = 1
> security: status_server = no
> main: debug_level = 0
> read_config_files: reading dictionary
> read_config_files: reading naslist
> read_config_files: reading clients
> read_config_files: reading realms
> radiusd: entering modules setup
> Module: Library search path is /usr/lib/freeradius
> Module: Loaded exec
> exec: wait = yes
> exec: program = \"(null)\"
> exec: input_pairs = \"request\"
> exec: output_pairs = \"(null)\"
> exec: packet_type = \"(null)\"
> rlm_exec: Wait=yes but no output defined. Did you mean output=none?
> Module: Instantiated exec (exec)
> Module: Loaded expr
> Module: Instantiated expr (expr)
> Module: Loaded PAP
> pap: encryption_scheme = \"crypt\"
> Module: Instantiated pap (pap)
> Module: Loaded CHAP
> Module: Instantiated chap (chap)
> Module: Loaded MS-CHAP
> mschap: use_mppe = yes
> mschap: require_encryption = no
> mschap: require_strong = no
> mschap: with_ntdomain_hack = no
> mschap: passwd = \"(null)\"
> mschap: authtype = \"MS-CHAP\"
> mschap: ntlm_auth = \"(null)\"
> Module: Instantiated mschap (mschap)
> Module: Loaded System
> unix: cache = no
> unix: passwd = \"(null)\"
> unix: shadow = \"(null)\"
> unix: group = \"(null)\"
> unix: radwtmp = \"/var/log/radius/radwtmp\"
> unix: usegroup = no
> unix: cache_reload = 600
> Module: Instantiated unix (unix)
> Module: Loaded LDAP
> ldap: server = \"ldap.anadolu.edu.tr\"
> ldap: port = 389
> ldap: net_timeout = 1
> ldap: timeout = 4
> ldap: timelimit = 3
> ldap: identity = \"\"
> ldap: tls_mode = no
> ldap: start_tls = no
> ldap: tls_cacertfile = \"(null)\"
> ldap: tls_cacertdir = \"(null)\"
> ldap: tls_certfile = \"(null)\"
> ldap: tls_keyfile = \"(null)\"
> ldap: tls_randfile = \"(null)\"
> ldap: tls_require_cert = \"allow\"
> ldap: password = \"\"
> ldap: basedn = \"ou=people,dc=anadolu,dc=edu,dc=tr\"
> ldap: filter = \"(uid=%u)\"
> ldap: base_filter = \"(objectclass=radiusprofile)\"
> ldap: default_profile = \"(null)\"
> ldap: profile_attribute = \"(null)\"
> ldap: password_header = \"(null)\"
> ldap: password_attribute = \"(null)\"
> ldap: access_attr = \"(null)\"
> ldap: groupname_attribute = \"cn\"
> ldap: groupmembership_filter =
> \"(|(&(objectClass=GroupOfNames)(member=%{Ldap-UserDn}))(&(objectClass=GroupOfUniqueNames)(uniquemember=%{Ldap-UserDn})))\"
> ldap: groupmembership_attribute = \"(null)\"
> ldap: dictionary_mapping = \"/etc/raddb/ldap.attrmap\"
> ldap: ldap_debug = 0
> ldap: ldap_connections_number = 5
> ldap: compare_check_items = no
> ldap: access_attr_used_for_allow = yes
> ldap: do_xlat = yes
> ldap: edir_account_policy_check = yes
> ldap: set_auth_type = yes
> rlm_ldap: Registering ldap_groupcmp for Ldap-Group
> rlm_ldap: Creating new attribute ldap_1x-Ldap-Group
> rlm_ldap: Registering ldap_groupcmp for ldap_1x-Ldap-Group
> rlm_ldap: Registering ldap_xlat with xlat_name ldap_1x
> rlm_ldap: Over-riding set_auth_type, as we\'re not listed in the
> \"authenticate\" section.
> rlm_ldap: reading ldap<->radius mappings from file
> /etc/raddb/ldap.attrmap
> rlm_ldap: LDAP radiusCheckItem mapped to RADIUS $GENERIC$
> rlm_ldap: LDAP radiusReplyItem mapped to RADIUS $GENERIC$
> rlm_ldap: LDAP radiusAuthType mapped to RADIUS Auth-Type
> rlm_ldap: LDAP radiusSimultaneousUse mapped to RADIUS Simultaneous-Use
> rlm_ldap: LDAP radiusCalledStationId mapped to RADIUS Called-Station-Id
> rlm_ldap: LDAP radiusCallingStationId mapped to RADIUS
> Calling-Station-Id
> rlm_ldap: LDAP lmPassword mapped to RADIUS LM-Password
> rlm_ldap: LDAP ntPassword mapped to RADIUS NT-Password
> rlm_ldap: LDAP acctFlags mapped to RADIUS SMB-Account-CTRL-TEXT
> rlm_ldap: LDAP radiusExpiration mapped to RADIUS Expiration
> rlm_ldap: LDAP radiusServiceType mapped to RADIUS Service-Type
> rlm_ldap: LDAP radiusFramedProtocol mapped to RADIUS Framed-Protocol
> rlm_ldap: LDAP radiusFramedIPAddress mapped to RADIUS Framed-IP-Address
> rlm_ldap: LDAP radiusFramedIPNetmask mapped to RADIUS Framed-IP-Netmask
> rlm_ldap: LDAP radiusFramedRoute mapped to RADIUS Framed-Route
> rlm_ldap: LDAP radiusFramedRouting mapped to RADIUS Framed-Routing
> rlm_ldap: LDAP radiusFilterId mapped to RADIUS Filter-Id
> rlm_ldap: LDAP radiusFramedMTU mapped to RADIUS Framed-MTU
> rlm_ldap: LDAP radiusFramedCompression mapped to RADIUS
> Framed-Compression
> rlm_ldap: LDAP radiusLoginIPHost mapped to RADIUS Login-IP-Host
> rlm_ldap: LDAP radiusLoginService mapped to RADIUS Login-Service
> rlm_ldap: LDAP radiusLoginTCPPort mapped to RADIUS Login-TCP-Port
> rlm_ldap: LDAP radiusCallbackNumber mapped to RADIUS Callback-Number
> rlm_ldap: LDAP radiusCallbackId mapped to RADIUS Callback-Id
> rlm_ldap: LDAP radiusFramedIPXNetwork mapped to RADIUS
> Framed-IPX-Network
> rlm_ldap: LDAP radiusClass mapped to RADIUS Class
> rlm_ldap: LDAP radiusSessionTimeout mapped to RADIUS Session-Timeout
> rlm_ldap: LDAP radiusIdleTimeout mapped to RADIUS Idle-Timeout
> rlm_ldap: LDAP radiusTerminationAction mapped to RADIUS
> Termination-Action
> rlm_ldap: LDAP radiusLoginLATService mapped to RADIUS Login-LAT-Service
> rlm_ldap: LDAP radiusLoginLATNode mapped to RADIUS Login-LAT-Node
> rlm_ldap: LDAP radiusLoginLATGroup mapped to RADIUS Login-LAT-Group
> rlm_ldap: LDAP radiusFramedAppleTalkLink mapped to RADIUS
> Framed-AppleTalk-Link
> rlm_ldap: LDAP radiusFramedAppleTalkNetwork mapped to RADIUS
> Framed-AppleTalk-Network
> rlm_ldap: LDAP radiusFramedAppleTalkZone mapped to RADIUS
> Framed-AppleTalk-Zone
> rlm_ldap: LDAP radiusPortLimit mapped to RADIUS Port-Limit
> rlm_ldap: LDAP radiusLoginLATPort mapped to RADIUS Login-LAT-Port
> conns: 0x800d0420
> Module: Instantiated ldap (ldap_1x)
> Module: Loaded eap
> eap: default_eap_type = \"ttls\"
> eap: timer_expire = 60
> eap: ignore_unknown_eap_types = no
> eap: cisco_accounting_username_bug = no
> rlm_eap: Loaded and initialized type md5
> rlm_eap: Loaded and initialized type leap
> gtc: challenge = \"Password: \"
> gtc: auth_type = \"PAP\"
> rlm_eap: Loaded and initialized type gtc
> tls: rsa_key_exchange = no
> tls: dh_key_exchange = yes
> tls: rsa_key_length = 512
> tls: dh_key_length = 512
> tls: verify_depth = 0
> tls: CA_path = \"(null)\"
> tls: pem_file_type = yes
> tls: private_key_file = \"/etc/raddb/certs/server_keycert.pem\"
> tls: certificate_file = \"/etc/raddb/certs/server_keycert.pem\"
> tls: CA_file = \"/etc/raddb/certs/cacert.pem\"
> tls: private_key_password = \"1234\"
> tls: dh_file = \"/etc/raddb/certs/dh\"
> tls: random_file = \"/etc/raddb/certs/random\"
> tls: fragment_size = 1024
> tls: include_length = yes
> tls: check_crl = no
> tls: check_cert_cn = \"(null)\"
> rlm_eap_tls: Loading the certificate file as a chain
> rlm_eap: Loaded and initialized type tls
> ttls: default_eap_type = \"md5\"
> ttls: copy_request_to_tunnel = yes
> ttls: use_tunneled_reply = no
> rlm_eap: Loaded and initialized type ttls
> mschapv2: with_ntdomain_hack = no
> rlm_eap: Loaded and initialized type mschapv2
> Module: Instantiated eap (eap)
> Module: Loaded preprocess
> preprocess: huntgroups = \"/etc/raddb/huntgroups\"
> preprocess: hints = \"/etc/raddb/hints\"
> preprocess: with_ascend_hack = no
> preprocess: ascend_channels_per_line = 23
> preprocess: with_ntdomain_hack = no
> preprocess: with_specialix_jetstream_hack = no
> preprocess: with_cisco_vsa_hack = no
> Module: Instantiated preprocess (preprocess)
> Module: Loaded realm
> realm: format = \"suffix\"
> realm: delimiter = \"@\"
> realm: ignore_default = yes
> realm: ignore_null = yes
> Module: Instantiated realm (suffix)
> Module: Loaded files
> files: usersfile = \"/etc/raddb/users\"
> files: acctusersfile = \"/etc/raddb/acct_users\"
> files: preproxy_usersfile = \"/etc/raddb/preproxy_users\"
> files: compat = \"no\"
> Module: Instantiated files (files)
> Module: Loaded Acct-Unique-Session-Id
> acct_unique: key = \"User-Name, Acct-Session-Id, NAS-IP-Address,
> Client-IP-Address, NAS-Port\"
> Module: Instantiated acct_unique (acct_unique)
> Module: Loaded detail
> detail: detailfile =
> \"/var/log/radius/radacct/%{Client-IP-Address}/detail-%Y%m%d\"
> detail: detailperm = 384
> detail: dirperm = 493
> detail: locking = no
> Module: Instantiated detail (detail)
> Module: Loaded radutmp
> radutmp: filename = \"/var/log/radius/radutmp\"
> radutmp: username = \"%{User-Name}\"
> radutmp: case_sensitive = yes
> radutmp: check_with_nas = yes
> radutmp: perm = 384
> radutmp: callerid = yes
> Module: Instantiated radutmp (radutmp)
> Listening on authentication *:1812
> Listening on accounting *:1813
> Ready to process requests.
> rad_recv: Access-Request packet from host 10.10.7.203:1645, id=146,
> length=139
> User-Name = \"tkiziloren\"
> Framed-MTU = 1400
> Called-Station-Id = \"0017.0e85.f190\"
> Calling-Station-Id = \"0011.2fb9.d08b\"
> Service-Type = Login-User
> Message-Authenticator = 0x4bf1be37ab5fc1598c68bd249777d10d
> EAP-Message = 0x0202000f01746b697a696c6f72656e
> NAS-Port-Type = Wireless-802.11
> NAS-Port = 322
> NAS-IP-Address = 10.10.7.203
> NAS-Identifier = \"testbaum\"
> Processing the authorize section of radiusd.conf
> modcall: entering group authorize for request 0
> modcall[authorize]: module \"preprocess\" returns ok for request 0
> modcall[authorize]: module \"chap\" returns noop for request 0
> modcall[authorize]: module \"mschap\" returns noop for request 0
> rlm_realm: No \'@\' in User-Name = \"tkiziloren\", skipping NULL due to
> config.
> modcall[authorize]: module \"suffix\" returns noop for request 0
> rlm_eap: EAP packet type response id 2 length 15
> rlm_eap: No EAP Start, assuming it\'s an on-going EAP conversation
> modcall[authorize]: module \"eap\" returns updated for request 0
> users: Matched entry DEFAULT at line 29
> modcall[authorize]: module \"files\" returns ok for request 0
> rlm_ldap: - authorize
> rlm_ldap: performing user authorization for tkiziloren
> radius_xlat: \'(uid=tkiziloren)\'
> radius_xlat: \'ou=people,dc=anadolu,dc=edu,dc=tr\'
> rlm_ldap: ldap_get_conn: Checking Id: 0
> rlm_ldap: ldap_get_conn: Got Id: 0
> rlm_ldap: attempting LDAP reconnection
> rlm_ldap: (re)connect to ldap.anadolu.edu.tr:389, authentication 0
> rlm_ldap: bind as / to ldap.anadolu.edu.tr:389
> rlm_ldap: waiting for bind result ...
> rlm_ldap: Bind was successful
> rlm_ldap: performing search in ou=people,dc=anadolu,dc=edu,dc=tr, with
> filter (uid=tkiziloren)
> rlm_ldap: looking for check items in directory...
> rlm_ldap: looking for reply items in directory...
> rlm_ldap: user tkiziloren authorized to use remote access
> rlm_ldap: ldap_release_conn: Release Id: 0
> modcall[authorize]: module \"ldap_1x\" returns ok for request 0
> modcall: leaving group authorize (returns updated) for request 0
> rad_check_password: Found Auth-Type EAP
> auth: type \"EAP\"
> Processing the authenticate section of radiusd.conf
> modcall: entering group authenticate for request 0
> rlm_eap: EAP Identity
> rlm_eap: processing type tls
> rlm_eap_tls: Initiate
> rlm_eap_tls: Start returned 1
> modcall[authenticate]: module \"eap\" returns handled for request 0
> modcall: leaving group authenticate (returns handled) for request 0
> Sending Access-Challenge of id 146 to 10.10.7.203 port 1645
> EAP-Message = 0x010300061520
> Message-Authenticator = 0x00000000000000000000000000000000
> State = 0x0aacb6009ffcc2e6b40b7487d9b49dce
> Finished request 0
> Going to the next request
> --- Walking the entire request list ---
> Waking up in 6 seconds...
> rad_recv: Access-Request packet from host 10.10.7.203:1645, id=147,
> length=202
> User-Name = \"tkiziloren\"
> Framed-MTU = 1400
> Called-Station-Id = \"0017.0e85.f190\"
> Calling-Station-Id = \"0011.2fb9.d08b\"
> Service-Type = Login-User
> Message-Authenticator = 0xec986e334fed0be253f43e2461d77e42
> EAP-Message =
> 0x0203003c158000000032160301002d01000029030146cbafcad15f26ee9c399c30942cb9a40c438dfa3f0aeb13b9b68e7fd7fa6e64000002000a0100
> NAS-Port-Type = Wireless-802.11
> NAS-Port = 322
> State = 0x0aacb6009ffcc2e6b40b7487d9b49dce
> NAS-IP-Address = 10.10.7.203
> NAS-Identifier = \"testbaum\"
> Processing the authorize section of radiusd.conf
> modcall: entering group authorize for request 1
> modcall[authorize]: module \"preprocess\" returns ok for request 1
> modcall[authorize]: module \"chap\" returns noop for request 1
> modcall[authorize]: module \"mschap\" returns noop for request 1
> rlm_realm: No \'@\' in User-Name = \"tkiziloren\", skipping NULL due to
> config.
> modcall[authorize]: module \"suffix\" returns noop for request 1
> rlm_eap: EAP packet type response id 3 length 60
> rlm_eap: No EAP Start, assuming it\'s an on-going EAP conversation
> modcall[authorize]: module \"eap\" returns updated for request 1
> users: Matched entry DEFAULT at line 29
> modcall[authorize]: module \"files\" returns ok for request 1
> rlm_ldap: - authorize
> rlm_ldap: performing user authorization for tkiziloren
> radius_xlat: \'(uid=tkiziloren)\'
> radius_xlat: \'ou=people,dc=anadolu,dc=edu,dc=tr\'
> rlm_ldap: ldap_get_conn: Checking Id: 0
> rlm_ldap: ldap_get_conn: Got Id: 0
> rlm_ldap: performing search in ou=people,dc=anadolu,dc=edu,dc=tr, with
> filter (uid=tkiziloren)
> rlm_ldap: looking for check items in directory...
> rlm_ldap: looking for reply items in directory...
> rlm_ldap: user tkiziloren authorized to use remote access
> rlm_ldap: ldap_release_conn: Release Id: 0
> modcall[authorize]: module \"ldap_1x\" returns ok for request 1
> modcall: leaving group authorize (returns updated) for request 1
> rad_check_password: Found Auth-Type EAP
> auth: type \"EAP\"
> Processing the authenticate section of radiusd.conf
> modcall: entering group authenticate for request 1
> rlm_eap: Request found, released from the list
> rlm_eap: EAP/ttls
> rlm_eap: processing type ttls
> rlm_eap_ttls: Authenticate
> rlm_eap_tls: processing TLS
> rlm_eap_tls: Length Included
> eaptls_verify returned 11
> (other): before/accept initialization
> TLS_accept: before/accept initialization
> rlm_eap_tls: <<< TLS 1.0 Handshake [length 002d], ClientHello
> TLS_accept: SSLv3 read client hello A
> rlm_eap_tls: >>> TLS 1.0 Handshake [length 004a], ServerHello
> TLS_accept: SSLv3 write server hello A
> rlm_eap_tls: >>> TLS 1.0 Handshake [length 05e7], Certificate
> TLS_accept: SSLv3 write certificate A
> rlm_eap_tls: >>> TLS 1.0 Handshake [length 0004], ServerHelloDone
> TLS_accept: SSLv3 write server done A
> TLS_accept: SSLv3 flush data
> TLS_accept:error in SSLv3 read client certificate A
> In SSL Handshake Phase
> In SSL Accept mode
> eaptls_process returned 13
> modcall[authenticate]: module \"eap\" returns handled for request 1
> modcall: leaving group authenticate (returns handled) for request 1
> Sending Access-Challenge of id 147 to 10.10.7.203 port 1645
> EAP-Message =
> 0x0104040a15c000000644160301004a0200004603014642d682aa7f984a7fcdbc4a6bc13b1d264b81e704929e445b4ebf174c04b7cc20d1ee663783e4d828257c89be8df743bbae47180d8e7bd7a41edc3742644c918a000a0016030105e70b0005e30005e00002c5308202c13082022aa003020102020101300d06092a864886f70d010105050030818f310b300906035504061302545231123010060355040813095452416e61646f6c75311b3019060355040a1312416e61646f6c7520556e6976657273697479310d300b060355040b13044241554d311c301a060355040313136c6461702e616e61646f6c752e6564752e74723122302006092a86
> EAP-Message =
> 0x4886f70d01090116136c64617040616e61646f6c752e6564752e7472301e170d3037303530383130333833325a170d3038303530373130333833325a3081a3310b300906035504061302545231123010060355040813095452416e61646f6c75311230100603550407130945736b697365686972311b3019060355040a1312416e61646f6c7520556e6976657273697479310d300b060355040b13044241554d311c301a060355040313136c6461702e616e61646f6c752e6564752e74723122302006092a864886f70d01090116136c64617040616e61646f6c752e6564752e747230819f300d06092a864886f70d010101050003818d003081890281
> EAP-Message =
> 0x8100aa7e832714838afb5c85df7c60afaf107142a9e077659f216e0b0cee26180413d2ce23bd4551cb0e7243dbae482db8757502159b52b08f8776b1fef8110ea8798dc7bd0db591296d73e37cad9a07ad8b1c1db6360104861ae0405cab03544b1ae33633df6a5403c79bdde9ab57ed2dcfe191f5f34418b555c953351acc461ce70203010001a317301530130603551d25040c300a06082b06010505070301300d06092a864886f70d0101050500038181003c0a0c3e188348ce41725b4c062f8a8570a1bf407bb6ee3504b9df6a18e935fe2f8792c914c2eabadd85e6ea701ec99443a06e436152b7b9fd413cf44fbd09db68cdf3879c76ea673153
> EAP-Message =
> 0xb8adc112064df7b8369c796d37251577569523b465b686408649adbb9f9006148c9e8df035dec411681b9365b9d317f44efd89b9b42b000315308203113082027aa003020102020100300d06092a864886f70d010105050030818f310b300906035504061302545231123010060355040813095452416e61646f6c75311b3019060355040a1312416e61646f6c7520556e6976657273697479310d300b060355040b13044241554d311c301a060355040313136c6461702e616e61646f6c752e6564752e74723122302006092a864886f70d01090116136c64617040616e61646f6c752e6564752e7472301e170d3037303530383130333734345a170d
> EAP-Message = 0x3130303530373130333734345a30818f310b30090603
> Message-Authenticator = 0x00000000000000000000000000000000
> State = 0x2c09c8f35ddc35ecd609188a17165621
> Finished request 1
> Going to the next request
> Waking up in 6 seconds...
> rad_recv: Access-Request packet from host 10.10.7.203:1645, id=148,
> length=148
> User-Name = \"tkiziloren\"
> Framed-MTU = 1400
> Called-Station-Id = \"0017.0e85.f190\"
> Calling-Station-Id = \"0011.2fb9.d08b\"
> Service-Type = Login-User
> Message-Authenticator = 0x9b4e281f16c2c5d3cf691e6e195bea68
> EAP-Message = 0x020400061500
> NAS-Port-Type = Wireless-802.11
> NAS-Port = 322
> State = 0x2c09c8f35ddc35ecd609188a17165621
> NAS-IP-Address = 10.10.7.203
> NAS-Identifier = \"testbaum\"
> Processing the authorize section of radiusd.conf
> modcall: entering group authorize for request 2
> modcall[authorize]: module \"preprocess\" returns ok for request 2
> modcall[authorize]: module \"chap\" returns noop for request 2
> modcall[authorize]: module \"mschap\" returns noop for request 2
> rlm_realm: No \'@\' in User-Name = \"tkiziloren\", skipping NULL due to
> config.
> modcall[authorize]: module \"suffix\" returns noop for request 2
> rlm_eap: EAP packet type response id 4 length 6
> rlm_eap: No EAP Start, assuming it\'s an on-going EAP conversation
> modcall[authorize]: module \"eap\" returns updated for request 2
> users: Matched entry DEFAULT at line 29
> modcall[authorize]: module \"files\" returns ok for request 2
> rlm_ldap: - authorize
> rlm_ldap: performing user authorization for tkiziloren
> radius_xlat: \'(uid=tkiziloren)\'
> radius_xlat: \'ou=people,dc=anadolu,dc=edu,dc=tr\'
> rlm_ldap: ldap_get_conn: Checking Id: 0
> rlm_ldap: ldap_get_conn: Got Id: 0
> rlm_ldap: performing search in ou=people,dc=anadolu,dc=edu,dc=tr, with
> filter (uid=tkiziloren)
> rlm_ldap: looking for check items in directory...
> rlm_ldap: looking for reply items in directory...
> rlm_ldap: user tkiziloren authorized to use remote access
> rlm_ldap: ldap_release_conn: Release Id: 0
> modcall[authorize]: module \"ldap_1x\" returns ok for request 2
> modcall: leaving group authorize (returns updated) for request 2
> rad_check_password: Found Auth-Type EAP
> auth: type \"EAP\"
> Processing the authenticate section of radiusd.conf
> modcall: entering group authenticate for request 2
> rlm_eap: Request found, released from the list
> rlm_eap: EAP/ttls
> rlm_eap: processing type ttls
> rlm_eap_ttls: Authenticate
> rlm_eap_tls: processing TLS
> rlm_eap_tls: Received EAP-TLS ACK message
> rlm_eap_tls: ack handshake fragment handler
> eaptls_verify returned 1
> eaptls_process returned 13
> modcall[authenticate]: module \"eap\" returns handled for request 2
> modcall: leaving group authenticate (returns handled) for request 2
> Sending Access-Challenge of id 148 to 10.10.7.203 port 1645
> EAP-Message =
> 0x0105024e1580000006445504061302545231123010060355040813095452416e61646f6c75311b3019060355040a1312416e61646f6c7520556e6976657273697479310d300b060355040b13044241554d311c301a060355040313136c6461702e616e61646f6c752e6564752e74723122302006092a864886f70d01090116136c64617040616e61646f6c752e6564752e747230819f300d06092a864886f70d010101050003818d0030818902818100f87fe052d754f4586d4e311ea15bb54cd7bbe1e505e648171bfa44c6a1523906cc31d776e4a8113dd3f002e7ddd43868af03076e0f4c57c6791845adc2f7732d909e58267dc127244ebe656f95
> EAP-Message =
> 0xf53a09222a4a3451369f97a04391610dc4b77848268d41b7f9bc37f04654d00abdc0ee376c8aad064e5ac5a5a1595bffeea9b30203010001a37b307930090603551d1304023000302c06096086480186f842010d041f161d4f70656e53534c2047656e657261746564204365727469666963617465301d0603551d0e0416041450fd81eacea4e2d3d18547e154bc515d08630096301f0603551d2304183016801450fd81eacea4e2d3d18547e154bc515d08630096300d06092a864886f70d01010505000381810092f44ed2dade447e098f90432e2a2b58d93139471c0b41d3bbdebf1c2d09e321b43bbe2faad7d8c60e6642f5b6c2746fbb4be07033
> EAP-Message =
> 0x4b77db5093871b2203bf2271cb97b98cc169c03f4f67d7a01261d971dfddc176cce3a42e1dd1e37037060a528db7e8481722e222549b882a93cfa582a29df0f1b401a28e197772410a1f1016030100040e000000
> Message-Authenticator = 0x00000000000000000000000000000000
> State = 0xb63cf9e5375c651683e69b8c2d8543fc
> Finished request 2
> Going to the next request
> Waking up in 6 seconds...
> --- Walking the entire request list ---
> Cleaning up request 0 ID 146 with timestamp 4642d682
> Cleaning up request 1 ID 147 with timestamp 4642d682
> Cleaning up request 2 ID 148 with timestamp 4642d682
> Nothing to do. Sleeping until we see a request.
>
>
>
>
> A.L.M.Buxey wrote:
> >
> > Hi,
> >
> >> However when i try to perform same task by using securew2 on XP
> client,
> >> it
> >> always shows \"attempting to authenticate\",
> >
> > did you configure SecureW2 to allow new connections?
> >
> > alan
> > -
> > List info/subscribe/unsubscribe? See
> > http://www.freeradius.org/list/users.html
> >
> >
>
> --
> View this message in context:
> http://www.nabble.com/ttls-problem-tf3717596.html#a10408620
> Sent from the FreeRadius - User mailing list archive at Nabble.com.
>
>
>
> ------------------------------
>
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
>
>
> End of Freeradius-Users Digest, Vol 25, Issue 36
> ************************************************
>
2
1
O/H Arnnei Speiser έγραψε:
> Hi Guys,
> Any recommendations on the Server minimum configuration - memory, cpu
> etc for using FR with 10k, 20k, 50k users ?
Moved to freeradius-users!!
The number of users is not the major factor. Rather the number of
requests/sec.
Where are the users stored (plain text, ldap, sql)?
Do you perform heavy accounting? To sql?
How many logins do you expect per second,hour,day?
Will you use EAP? If yes will you use one of the SSL versions
(TLS,PEAP,TTLS)?
In general freeradius should not have any problem as long as you set the
thread and/or ldap/sql connection pool parameters large enough for your
specific setup.
The most important thing to check is your authentication and accounting
database not radius itself. Any modern server should be more than
adequate for freeradius.
So check the directives in thread pool { }, the num_sql_socks in
sql.conf and ldap_connections_number in ldap { } (if you are using ldap).
> What would be the main configuration parameters that we have to
> select/set in order to handle a high volume of authentication requests.
> Thanks,
> Arnnei
> ------------------------------------------------------------------------
>
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/devel.html
--
Kostas Kalevras - Network Operations Center
National Technical University of Athens
http://kkalev.wordpress.com
1
0