Freeradius-Users
Threads by month
- ----- 2026 -----
- July
- June
- May
- April
- March
- February
- January
- ----- 2025 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2024 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2023 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2022 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2021 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2020 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2019 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2018 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2017 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2016 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2015 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2014 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2013 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2012 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2011 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2010 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2009 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2008 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2007 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2006 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2005 -----
- December
- November
- October
- September
- August
- July
- June
- May
November 2011
- 114 participants
- 148 discussions
The thread link posted has already git several answers in it...and ends quite clearly. Why are you trying to drag this up again? Some coursework?
alan
1
0
-----------------------------------------
FreeRadius Version: 2.1.10
-----------------------------------------
Hello All,
I've been going in circles for days on how to come up with a
workaround to get simultaneous-use checking working on my FreeRadius +
PEAP MSCHAPv2 deployment. I have read through seemingly all of the
posts... I suspect certain areas which might be causing the problem:
1) my NAS does not seem to be sending accounting information. The
radacct table is empty & this is also visible in the debugs. There is
no area to set up RADIUS accounting on the NAS (it's a cheap netgear)
and it doesn't appear to send accounting packets by default.
2) "checkrad.pl" is not being called automatically when no accounting
data is being returned by "simul_count_query". I have the NAS type
set to "cisco" to trigger checkrad.pl for troubleshooting purposes,
but it doesn't seem to do any good.
First of all - is it possible to do simultaneous-use checking if the
NAS doesn't send radius accounting packets? Can the radius server
somehow autonomously keep track of this without packets from the NAS?
If not, is there another application which will fulfill this function?
Do I need to move to radutmp?
Any input and guidance would be greatly appreciated. Details are below.
thanks in advance!
Erik
==========================================
RELEVANT CONFIGURATIONS (some output omitted):
------------------------------------------------------------------------------------
------------------------------------------
/etc/freeradius/radiusd.conf
modules {
$INCLUDE sql.conf
$INCLUDE sql/mysql/counter.conf
}
------------------------------------------
/etc/freeradius/sql/mysql/dialup.conf
simul_count_query = "SELECT COUNT(*) \
#FROM ${acct_table1} \
#WHERE username = '%{SQL-User-Name}' \
#AND acctstoptime IS NULL"
# simul_verify_query = "SELECT radacctid, acctsessionid, username, \
nasipaddress, nasportid, framedipaddress, \
callingstationid, framedprotocol \
FROM ${acct_table1} \
WHERE username = '%{SQL-User-Name}' \
AND acctstoptime IS NULL"
------------------------------------------
/etc/freeradius/sites-available/default
authorize {
#sql is the first option in the authorize list.
sql
}
accounting {
# For Simultaneous-Use tracking.
#
# Due to packet losses in the network, the data here
# may be incorrect. There is little we can do about it.
# radutmp
# sradutmp
}
session {
# radutmp
#
# See "Simultaneous Use Checking Queries" in sql.conf
sql
}
post-auth {
sql
}
------------------------------------------
/etc/freeradius/sites-available/inner-tunnel
authorize {
#sql is the first option in the authorize list.
sql
}
# *** THERE IS NO ACCOUNTING SECTION***
session {
# radutmp
#
# See "Simultaneous Use Checking Queries" in sql.conf
sql
}
post-auth {
sql
}
==================
MYSQL INFO:
------------------------------------
mysql> SELECT * FROM radgroupcheck;
+----+---------------------------+------------------+----+--------+
| id | groupname | attribute | op | value |
+----+---------------------------+------------------+----+--------+
| 1 | daloRADIUS-Disabled-Users | Auth-Type | := | Reject |
| 3 | sandruid-ap-wifi | Simultaneous-Use | := | 1 |
+----+---------------------------+------------------+----+--------+
mysql> SELECT * FROM radusergroup;
+----------+------------------+----------+
| username | groupname | priority |
+----------+------------------+----------+
| lynnae | sandruid-ap-wifi | 0 |
+----------+------------------+----------+
1 row in set (0.00 sec)
mysql> SELECT * FROM nas;
+----+---------------+------------------+-------+-------+--------+--------+-----------+-------------+
| id | nasname | shortname | type | ports | secret |
server | community | description |
+----+---------------+------------------+-------+-------+--------+--------+-----------+-------------+
| 5 | 192.168.2.254 | sandruid-ap-wifi | cisco | 0 | xxxx | NULL
| | |
+----+---------------+------------------+-------+-------+--------+--------+-----------+-------------+
5 rows in set (0.00 sec)
==================
freeradius -X DEBUG:
------------------------------------
Ready to process requests.
rad_recv: Access-Request packet from host 192.168.2.254 port 2060,
id=118, length=149
User-Name = "lynnae"
NAS-IP-Address = 192.168.2.254
NAS-Port = 0
Called-Station-Id = "30-46-9A-0E-B4-DF:druid"
Calling-Station-Id = "7C-61-93-9E-3A-D9"
Framed-MTU = 1400
NAS-Port-Type = Wireless-802.11
Connect-Info = "CONNECT 0Mbps 802.11"
EAP-Message = 0x0200000b016c796e6e6165
Message-Authenticator = 0x8c1acd761b639cf66ea60d2d7f512b4b
# Executing section authorize from file /etc/freeradius/sites-enabled/default
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
++[digest] returns noop
[suffix] No '@' in User-Name = "lynnae", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] EAP packet type response id 0 length 11
[eap] No EAP Start, assuming it's an on-going EAP conversation
++[eap] returns updated
++[files] returns noop
[sql] expand: %{User-Name} -> lynnae
[sql] sql_set_user escaped user --> 'lynnae'
rlm_sql (sql): Reserving sql socket id: 4
[sql] expand: SELECT id, username, attribute, value, op
FROM radcheck WHERE username = '%{SQL-User-Name}'
ORDER BY id -> SELECT id, username, attribute, value, op
FROM radcheck WHERE username = 'lynnae' ORDER BY
id
rlm_sql_mysql: query: SELECT id, username, attribute, value, op
FROM radcheck WHERE username = 'lynnae' ORDER
BY id
[sql] User found in radcheck table
[sql] expand: SELECT id, username, attribute, value, op
FROM radreply WHERE username = '%{SQL-User-Name}'
ORDER BY id -> SELECT id, username, attribute, value, op
FROM radreply WHERE username = 'lynnae' ORDER BY
id
rlm_sql_mysql: query: SELECT id, username, attribute, value, op
FROM radreply WHERE username = 'lynnae' ORDER
BY id
[sql] expand: SELECT groupname FROM radusergroup
WHERE username = '%{SQL-User-Name}' ORDER BY priority ->
SELECT groupname FROM radusergroup WHERE username
= 'lynnae' ORDER BY priority
rlm_sql_mysql: query: SELECT groupname FROM radusergroup
WHERE username = 'lynnae' ORDER BY priority
[sql] expand: SELECT id, groupname, attribute, Value, op
FROM radgroupcheck WHERE groupname = '%{Sql-Group}'
ORDER BY id -> SELECT id, groupname, attribute,
Value, op FROM radgroupcheck WHERE groupname =
'sandruid-ap-wifi' ORDER BY id
rlm_sql_mysql: query: SELECT id, groupname, attribute,
Value, op FROM radgroupcheck WHERE groupname =
'sandruid-ap-wifi' ORDER BY id
[sql] User found in group sandruid-ap-wifi
[sql] expand: SELECT id, groupname, attribute, value, op
FROM radgroupreply WHERE groupname = '%{Sql-Group}'
ORDER BY id -> SELECT id, groupname, attribute,
value, op FROM radgroupreply WHERE groupname =
'sandruid-ap-wifi' ORDER BY id
rlm_sql_mysql: query: SELECT id, groupname, attribute,
value, op FROM radgroupreply WHERE groupname =
'sandruid-ap-wifi' ORDER BY id
rlm_sql (sql): Released sql socket id: 4
++[sql] returns ok
++[expiration] returns noop
++[logintime] returns noop
[pap] WARNING: Auth-Type already set. Not setting to PAP
++[pap] returns noop
Found Auth-Type = EAP
# Executing group from file /etc/freeradius/sites-enabled/default
+- entering group authenticate {...}
[eap] EAP Identity
[eap] processing type md5
rlm_eap_md5: Issuing Challenge
++[eap] returns handled
Sending Access-Challenge of id 118 to 192.168.2.254 port 2060
EAP-Message = 0x010100160410e2f76fece48e6e2f4257c55e4d843858
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x9157e73c9156e36f0d908f26ca869d55
Finished request 157.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 192.168.2.254 port 2060,
id=119, length=162
User-Name = "lynnae"
NAS-IP-Address = 192.168.2.254
NAS-Port = 0
Called-Station-Id = "30-46-9A-0E-B4-DF:druid"
Calling-Station-Id = "7C-61-93-9E-3A-D9"
Framed-MTU = 1400
NAS-Port-Type = Wireless-802.11
Connect-Info = "CONNECT 0Mbps 802.11"
EAP-Message = 0x020100060319
State = 0x9157e73c9156e36f0d908f26ca869d55
Message-Authenticator = 0x3662b294c2a55a1a6a4a428d5d35c2ea
# Executing section authorize from file /etc/freeradius/sites-enabled/default
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
++[digest] returns noop
[suffix] No '@' in User-Name = "lynnae", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] EAP packet type response id 1 length 6
[eap] No EAP Start, assuming it's an on-going EAP conversation
++[eap] returns updated
++[files] returns noop
[sql] expand: %{User-Name} -> lynnae
[sql] sql_set_user escaped user --> 'lynnae'
rlm_sql (sql): Reserving sql socket id: 3
[sql] expand: SELECT id, username, attribute, value, op
FROM radcheck WHERE username = '%{SQL-User-Name}'
ORDER BY id -> SELECT id, username, attribute, value, op
FROM radcheck WHERE username = 'lynnae' ORDER BY
id
rlm_sql_mysql: query: SELECT id, username, attribute, value, op
FROM radcheck WHERE username = 'lynnae' ORDER
BY id
[sql] User found in radcheck table
[sql] expand: SELECT id, username, attribute, value, op
FROM radreply WHERE username = '%{SQL-User-Name}'
ORDER BY id -> SELECT id, username, attribute, value, op
FROM radreply WHERE username = 'lynnae' ORDER BY
id
rlm_sql_mysql: query: SELECT id, username, attribute, value, op
FROM radreply WHERE username = 'lynnae' ORDER
BY id
[sql] expand: SELECT groupname FROM radusergroup
WHERE username = '%{SQL-User-Name}' ORDER BY priority ->
SELECT groupname FROM radusergroup WHERE username
= 'lynnae' ORDER BY priority
rlm_sql_mysql: query: SELECT groupname FROM radusergroup
WHERE username = 'lynnae' ORDER BY priority
[sql] expand: SELECT id, groupname, attribute, Value, op
FROM radgroupcheck WHERE groupname = '%{Sql-Group}'
ORDER BY id -> SELECT id, groupname, attribute,
Value, op FROM radgroupcheck WHERE groupname =
'sandruid-ap-wifi' ORDER BY id
rlm_sql_mysql: query: SELECT id, groupname, attribute,
Value, op FROM radgroupcheck WHERE groupname =
'sandruid-ap-wifi' ORDER BY id
[sql] User found in group sandruid-ap-wifi
[sql] expand: SELECT id, groupname, attribute, value, op
FROM radgroupreply WHERE groupname = '%{Sql-Group}'
ORDER BY id -> SELECT id, groupname, attribute,
value, op FROM radgroupreply WHERE groupname =
'sandruid-ap-wifi' ORDER BY id
rlm_sql_mysql: query: SELECT id, groupname, attribute,
value, op FROM radgroupreply WHERE groupname =
'sandruid-ap-wifi' ORDER BY id
rlm_sql (sql): Released sql socket id: 3
++[sql] returns ok
++[expiration] returns noop
++[logintime] returns noop
[pap] WARNING: Auth-Type already set. Not setting to PAP
++[pap] returns noop
Found Auth-Type = EAP
# Executing group from file /etc/freeradius/sites-enabled/default
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP NAK
[eap] EAP-NAK asked for EAP-Type/peap
[eap] processing type tls
[tls] Initiate
[tls] Start returned 1
++[eap] returns handled
Sending Access-Challenge of id 119 to 192.168.2.254 port 2060
EAP-Message = 0x010200061920
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x9157e73c9055fe6f0d908f26ca869d55
Finished request 158.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 192.168.2.254 port 2060,
id=120, length=356
User-Name = "lynnae"
NAS-IP-Address = 192.168.2.254
NAS-Port = 0
Called-Station-Id = "30-46-9A-0E-B4-DF:druid"
Calling-Station-Id = "7C-61-93-9E-3A-D9"
Framed-MTU = 1400
NAS-Port-Type = Wireless-802.11
Connect-Info = "CONNECT 0Mbps 802.11"
EAP-Message =
0x020200c81980000000be16030100b9010000b503014eb96cde36b927c58e37146cce91cc535a6cceef3b8b365f9f7b526d985674c6000048c014c00a00390038c00fc0050035c012c00800160013c00dc003000ac013c00900330032c00ec004002fc011c007c00cc002000500040015001200090014001100080006000300ff01000044000b000403000102000a00340032000100020003000400050006000700080009000a000b000c000d000e000f001000110012001300140015001600170018001900230000
State = 0x9157e73c9055fe6f0d908f26ca869d55
Message-Authenticator = 0x58c13369bc0531e540918c6bcb3ec054
# Executing section authorize from file /etc/freeradius/sites-enabled/default
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
++[digest] returns noop
[suffix] No '@' in User-Name = "lynnae", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] EAP packet type response id 2 length 200
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
# Executing group from file /etc/freeradius/sites-enabled/default
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
TLS Length 190
[peap] Length Included
[peap] eaptls_verify returned 11
[peap] (other): before/accept initialization
[peap] TLS_accept: before/accept initialization
[peap] <<< TLS 1.0 Handshake [length 00b9], ClientHello
[peap] TLS_accept: SSLv3 read client hello A
[peap] >>> TLS 1.0 Handshake [length 0031], ServerHello
[peap] TLS_accept: SSLv3 write server hello A
[peap] >>> TLS 1.0 Handshake [length 02ac], Certificate
[peap] TLS_accept: SSLv3 write certificate A
[peap] >>> TLS 1.0 Handshake [length 020d], ServerKeyExchange
[peap] TLS_accept: SSLv3 write key exchange A
[peap] >>> TLS 1.0 Handshake [length 0004], ServerHelloDone
[peap] TLS_accept: SSLv3 write server done A
[peap] TLS_accept: SSLv3 flush data
[peap] TLS_accept: Need to read more data: SSLv3 read client certificate A
In SSL Handshake Phase
In SSL Accept mode
[peap] eaptls_process returned 13
[peap] EAPTLS_HANDLED
++[eap] returns handled
Sending Access-Challenge of id 120 to 192.168.2.254 port 2060
EAP-Message =
0x0103040019c00000050216030100310200002d03014eb96cd031034c50878f40ccde3ec71c2bf95397b94f9fc063d800c4c8543e33000039000005ff0100010016030102ac0b0002a80002a50002a23082029e30820186020900ba602d424ee828d3300d06092a864886f70d01010505003011310f300d060355040313067562756e7475301e170d3131303930363232333030395a170d3231303930333232333030395a3011310f300d060355040313067562756e747530820122300d06092a864886f70d01010105000382010f003082010a0282010100d8caabd35a6bf19d2a5b06c9df870fa04b710184efaa79762f6d2ece6126e7e0a79cbe5e2b
EAP-Message =
0x8ada5c5e816ecea3840944040ee02305a09715f224801793c8d9265d0a1be4fdc666d1913dddb400341390ff579a75fac7860a458fd9d8445a9be140fe8143d8965779fb012ab699b1ab3c7513a40a2c2781dd061171c3850832a1fd01ec9bce0cdbbe94b25da3c27c10d79da9b316d2f8a63534b2369453b07cf5a14eada2eb01b7a00f479e618feedd4b2ab2dfe526fa45e8d0d797f6ac98e45df382f560308018a1c71bd9bb983047852db765a85cff42de810a094eebc958f307e2ef7995f69ff92ada392bef1e7da1e44126b0de749b16c4c645a49cc494730203010001300d06092a864886f70d010105050003820101008d044ec666f3055f91
EAP-Message =
0x2f64a62addb6bafde8746bcaf0d398f287e6a5ef2ab0e1b3501a9d96924aa46c3d7ddfcacad68497a1b9209af095df62462d02192aa1b11e87520837fa12bfe836f405b71424a973a9ed85c70f0cd769d6f177b63af672cbf4e82101a598579a1b9824f038a74c93e3e39f1ce93b84f1195e9b7165c89052370847e9274836535a3818a6c60d064c8dd6f4b3c78e35ab5d707a81d6e5e80763da0be8c3653a46444a3d7435b88570d62165157fb679769dcd740fc1f36f4c08187cc3eb077238bf12bab3dbfbba681a180f29e7ab2e419cb5881c2f8caeaf71984eb6a068cf5bb143f2ed407ecc845e8e0a6e04fc5e86164e84a3bfdf54160301020d0c
EAP-Message =
0x0002090080de63877f5ef98ff1ae9d37718a63c89acf13780489524343e6498e734475060fffc46408e77f4021506a063624393308ff58ddf742be1ff813f9f6e1f08261374e51a8e829a6845b8f6253a74dad0c471a3a3445bf0f408db087aa6e88d96490fe375677d9c356f4e2cef235a61b37efa4ca5f2473c1d5c75515a4a0987f3e9b0001020080c3cbfcfa065b6a956d98a8196f32e524fef9bcd90fbe3830f0b02663705fa45bb6eb6632c8258cca123163ad2b5746c4e597ca25685d3f9c56ee64edf871ec56b7d7e6b94b7d67adf6dd8f3bbcccad25a05e8c41406027e1e6459df0387ee4f55d8ed9c61fa56e344dd1224577bfd65a832e83
EAP-Message = 0x5c20a25f6b1f80f4cbe3d650
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x9157e73c9354fe6f0d908f26ca869d55
Finished request 159.
Going to the next request
Waking up in 4.8 seconds.
rad_recv: Access-Request packet from host 192.168.2.254 port 2060,
id=121, length=162
User-Name = "lynnae"
NAS-IP-Address = 192.168.2.254
NAS-Port = 0
Called-Station-Id = "30-46-9A-0E-B4-DF:druid"
Calling-Station-Id = "7C-61-93-9E-3A-D9"
Framed-MTU = 1400
NAS-Port-Type = Wireless-802.11
Connect-Info = "CONNECT 0Mbps 802.11"
EAP-Message = 0x020300061900
State = 0x9157e73c9354fe6f0d908f26ca869d55
Message-Authenticator = 0x7fc90e410524d7826b376a1391760fa9
# Executing section authorize from file /etc/freeradius/sites-enabled/default
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
++[digest] returns noop
[suffix] No '@' in User-Name = "lynnae", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] EAP packet type response id 3 length 6
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
# Executing group from file /etc/freeradius/sites-enabled/default
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
[peap] Received TLS ACK
[peap] ACK handshake fragment handler
[peap] eaptls_verify returned 1
[peap] eaptls_process returned 13
[peap] EAPTLS_HANDLED
++[eap] returns handled
Sending Access-Challenge of id 121 to 192.168.2.254 port 2060
EAP-Message =
0x01040112190057010011f1609cfe2fda9cb118e3fcbfb7c4d390cab430a2ced912018992b28ad8c010d4f5404304128996c2ca020da6d662b74f4a1bd67224754c6c01d03b934f906d98608d3bbef927db99d9732cf3e1e4c4a9f2b98460e26ec7271f7931727575efa3332866f4bc1eafabef8fb4e5a44ae23559787695e88c743728df1e2451bcba22c15f78206758ff9856a69f60aec28a219aacba2a870c717b9facedf6c61786176fb6f27e8f482bdff8de46e496b7ba94761441791053429639438efa89e3b32a4d73a321729114b83d3a8ea2213aaee4641b8b50d4608b82f0c349c3f629af1badc84b8f777b95b831161fa68c653486a74cac
EAP-Message = 0x30ee27a67e3b9b7cc910134516030100040e000000
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x9157e73c9253fe6f0d908f26ca869d55
Finished request 160.
Going to the next request
Waking up in 4.8 seconds.
rad_recv: Access-Request packet from host 192.168.2.254 port 2060,
id=122, length=364
User-Name = "lynnae"
NAS-IP-Address = 192.168.2.254
NAS-Port = 0
Called-Station-Id = "30-46-9A-0E-B4-DF:druid"
Calling-Station-Id = "7C-61-93-9E-3A-D9"
Framed-MTU = 1400
NAS-Port-Type = Wireless-802.11
Connect-Info = "CONNECT 0Mbps 802.11"
EAP-Message =
0x020400d01980000000c6160301008610000082008018689ae4a8f52df5785b79e717bc67f68621f527174b6b5393d1dc4e2487e1cbb18ec0ec67288a81385e234080d150b98cc81c52017495484a046b6cded6bfbc7da09cd4616c1dea539343470fb24dde135acada9517638269f02b7d4b06205934d49449e7357a30e397a648af3d2f0a8bac7e530b544ff1e9df8e7e3aa357a714030100010116030100305ef69b7e3eba1c4cfdfbd73c39ea32c801e076a3f79c753950ab03e82d937937ec91ec8edda3823d2fc0487854fd994f
State = 0x9157e73c9253fe6f0d908f26ca869d55
Message-Authenticator = 0x5f0a331b39ab99f4c09a28139714ec92
# Executing section authorize from file /etc/freeradius/sites-enabled/default
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
++[digest] returns noop
[suffix] No '@' in User-Name = "lynnae", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] EAP packet type response id 4 length 208
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
# Executing group from file /etc/freeradius/sites-enabled/default
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
TLS Length 198
[peap] Length Included
[peap] eaptls_verify returned 11
[peap] <<< TLS 1.0 Handshake [length 0086], ClientKeyExchange
[peap] TLS_accept: SSLv3 read client key exchange A
[peap] <<< TLS 1.0 ChangeCipherSpec [length 0001]
[peap] <<< TLS 1.0 Handshake [length 0010], Finished
[peap] TLS_accept: SSLv3 read finished A
[peap] >>> TLS 1.0 ChangeCipherSpec [length 0001]
[peap] TLS_accept: SSLv3 write change cipher spec A
[peap] >>> TLS 1.0 Handshake [length 0010], Finished
[peap] TLS_accept: SSLv3 write finished A
[peap] TLS_accept: SSLv3 flush data
[peap] (other): SSL negotiation finished successfully
SSL Connection Established
[peap] eaptls_process returned 13
[peap] EAPTLS_HANDLED
++[eap] returns handled
Sending Access-Challenge of id 122 to 192.168.2.254 port 2060
EAP-Message =
0x010500411900140301000101160301003068692cc43c639c3be14d995f0aa394ff34f50e4bd6ce5518ae5d56436b6ad7e3394992cc8b975b61cefc5d27a9e148e8
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x9157e73c9552fe6f0d908f26ca869d55
Finished request 161.
Going to the next request
Waking up in 4.7 seconds.
rad_recv: Access-Request packet from host 192.168.2.254 port 2060,
id=123, length=162
User-Name = "lynnae"
NAS-IP-Address = 192.168.2.254
NAS-Port = 0
Called-Station-Id = "30-46-9A-0E-B4-DF:druid"
Calling-Station-Id = "7C-61-93-9E-3A-D9"
Framed-MTU = 1400
NAS-Port-Type = Wireless-802.11
Connect-Info = "CONNECT 0Mbps 802.11"
EAP-Message = 0x020500061900
State = 0x9157e73c9552fe6f0d908f26ca869d55
Message-Authenticator = 0xaef5497d9e086a476ff8842b93bf4ed8
# Executing section authorize from file /etc/freeradius/sites-enabled/default
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
++[digest] returns noop
[suffix] No '@' in User-Name = "lynnae", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] EAP packet type response id 5 length 6
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
# Executing group from file /etc/freeradius/sites-enabled/default
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
[peap] Received TLS ACK
[peap] ACK handshake is finished
[peap] eaptls_verify returned 3
[peap] eaptls_process returned 3
[peap] EAPTLS_SUCCESS
[peap] Session established. Decoding tunneled attributes.
[peap] Peap state TUNNEL ESTABLISHED
++[eap] returns handled
Sending Access-Challenge of id 123 to 192.168.2.254 port 2060
EAP-Message =
0x0106002b190017030100207a68818b0219bcaf564d36a844a8c1ede5fe9524fd56adf41092e879f17ae0b3
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x9157e73c9451fe6f0d908f26ca869d55
Finished request 162.
Going to the next request
Waking up in 4.7 seconds.
rad_recv: Access-Request packet from host 192.168.2.254 port 2060,
id=124, length=236
User-Name = "lynnae"
NAS-IP-Address = 192.168.2.254
NAS-Port = 0
Called-Station-Id = "30-46-9A-0E-B4-DF:druid"
Calling-Station-Id = "7C-61-93-9E-3A-D9"
Framed-MTU = 1400
NAS-Port-Type = Wireless-802.11
Connect-Info = "CONNECT 0Mbps 802.11"
EAP-Message =
0x02060050190017030100203b93320a17f41554a43fba3feca2938482da372060063c1e79e814e8bb7f52f617030100205ec652417c1a7fd7b5f04adda23f3c7ab0c964a6d124c19883efb97b15b4214e
State = 0x9157e73c9451fe6f0d908f26ca869d55
Message-Authenticator = 0x7f4879d7969ab3029d282075490d5058
# Executing section authorize from file /etc/freeradius/sites-enabled/default
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
++[digest] returns noop
[suffix] No '@' in User-Name = "lynnae", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] EAP packet type response id 6 length 80
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
# Executing group from file /etc/freeradius/sites-enabled/default
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
[peap] eaptls_verify returned 7
[peap] Done initial handshake
[peap] eaptls_process returned 7
[peap] EAPTLS_OK
[peap] Session established. Decoding tunneled attributes.
[peap] Peap state WAITING FOR INNER IDENTITY
[peap] Identity - lynnae
[peap] Got inner identity 'lynnae'
[peap] Setting default EAP type for tunneled EAP session.
[peap] Got tunneled request
EAP-Message = 0x0206000b016c796e6e6165
server {
PEAP: Setting User-Name to lynnae
Sending tunneled request
EAP-Message = 0x0206000b016c796e6e6165
FreeRADIUS-Proxied-To = 127.0.0.1
User-Name = "lynnae"
server inner-tunnel {
# Executing section authorize from file
/etc/freeradius/sites-enabled/inner-tunnel
+- entering group authorize {...}
[sql] expand: %{User-Name} -> lynnae
[sql] sql_set_user escaped user --> 'lynnae'
rlm_sql (sql): Reserving sql socket id: 2
[sql] expand: SELECT id, username, attribute, value, op
FROM radcheck WHERE username = '%{SQL-User-Name}'
ORDER BY id -> SELECT id, username, attribute, value, op
FROM radcheck WHERE username = 'lynnae' ORDER BY
id
rlm_sql_mysql: query: SELECT id, username, attribute, value, op
FROM radcheck WHERE username = 'lynnae' ORDER
BY id
[sql] User found in radcheck table
[sql] expand: SELECT id, username, attribute, value, op
FROM radreply WHERE username = '%{SQL-User-Name}'
ORDER BY id -> SELECT id, username, attribute, value, op
FROM radreply WHERE username = 'lynnae' ORDER BY
id
rlm_sql_mysql: query: SELECT id, username, attribute, value, op
FROM radreply WHERE username = 'lynnae' ORDER
BY id
[sql] expand: SELECT groupname FROM radusergroup
WHERE username = '%{SQL-User-Name}' ORDER BY priority ->
SELECT groupname FROM radusergroup WHERE username
= 'lynnae' ORDER BY priority
rlm_sql_mysql: query: SELECT groupname FROM radusergroup
WHERE username = 'lynnae' ORDER BY priority
[sql] expand: SELECT id, groupname, attribute, Value, op
FROM radgroupcheck WHERE groupname = '%{Sql-Group}'
ORDER BY id -> SELECT id, groupname, attribute,
Value, op FROM radgroupcheck WHERE groupname =
'sandruid-ap-wifi' ORDER BY id
rlm_sql_mysql: query: SELECT id, groupname, attribute,
Value, op FROM radgroupcheck WHERE groupname =
'sandruid-ap-wifi' ORDER BY id
[sql] User found in group sandruid-ap-wifi
[sql] expand: SELECT id, groupname, attribute, value, op
FROM radgroupreply WHERE groupname = '%{Sql-Group}'
ORDER BY id -> SELECT id, groupname, attribute,
value, op FROM radgroupreply WHERE groupname =
'sandruid-ap-wifi' ORDER BY id
rlm_sql_mysql: query: SELECT id, groupname, attribute,
value, op FROM radgroupreply WHERE groupname =
'sandruid-ap-wifi' ORDER BY id
rlm_sql (sql): Released sql socket id: 2
++[sql] returns ok
++[chap] returns noop
++[mschap] returns noop
[suffix] No '@' in User-Name = "lynnae", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
++[control] returns noop
[eap] EAP packet type response id 6 length 11
[eap] No EAP Start, assuming it's an on-going EAP conversation
++[eap] returns updated
[sql] expand: %{User-Name} -> lynnae
[sql] sql_set_user escaped user --> 'lynnae'
rlm_sql (sql): Reserving sql socket id: 1
[sql] expand: SELECT id, username, attribute, value, op
FROM radcheck WHERE username = '%{SQL-User-Name}'
ORDER BY id -> SELECT id, username, attribute, value, op
FROM radcheck WHERE username = 'lynnae' ORDER BY
id
rlm_sql_mysql: query: SELECT id, username, attribute, value, op
FROM radcheck WHERE username = 'lynnae' ORDER
BY id
[sql] User found in radcheck table
[sql] expand: SELECT id, username, attribute, value, op
FROM radreply WHERE username = '%{SQL-User-Name}'
ORDER BY id -> SELECT id, username, attribute, value, op
FROM radreply WHERE username = 'lynnae' ORDER BY
id
rlm_sql_mysql: query: SELECT id, username, attribute, value, op
FROM radreply WHERE username = 'lynnae' ORDER
BY id
[sql] expand: SELECT groupname FROM radusergroup
WHERE username = '%{SQL-User-Name}' ORDER BY priority ->
SELECT groupname FROM radusergroup WHERE username
= 'lynnae' ORDER BY priority
rlm_sql_mysql: query: SELECT groupname FROM radusergroup
WHERE username = 'lynnae' ORDER BY priority
[sql] expand: SELECT id, groupname, attribute, Value, op
FROM radgroupcheck WHERE groupname = '%{Sql-Group}'
ORDER BY id -> SELECT id, groupname, attribute,
Value, op FROM radgroupcheck WHERE groupname =
'sandruid-ap-wifi' ORDER BY id
rlm_sql_mysql: query: SELECT id, groupname, attribute,
Value, op FROM radgroupcheck WHERE groupname =
'sandruid-ap-wifi' ORDER BY id
[sql] User found in group sandruid-ap-wifi
[sql] expand: SELECT id, groupname, attribute, value, op
FROM radgroupreply WHERE groupname = '%{Sql-Group}'
ORDER BY id -> SELECT id, groupname, attribute,
value, op FROM radgroupreply WHERE groupname =
'sandruid-ap-wifi' ORDER BY id
rlm_sql_mysql: query: SELECT id, groupname, attribute,
value, op FROM radgroupreply WHERE groupname =
'sandruid-ap-wifi' ORDER BY id
rlm_sql (sql): Released sql socket id: 1
++[sql] returns ok
++[expiration] returns noop
++[logintime] returns noop
[pap] WARNING: Auth-Type already set. Not setting to PAP
++[pap] returns noop
Found Auth-Type = EAP
# Executing group from file /etc/freeradius/sites-enabled/inner-tunnel
+- entering group authenticate {...}
[eap] EAP Identity
[eap] processing type mschapv2
rlm_eap_mschapv2: Issuing Challenge
++[eap] returns handled
} # server inner-tunnel
[peap] Got tunneled reply code 11
EAP-Message =
0x010700201a0107001b10a49f4b340cb74751d41eab71dea1c3656c796e6e6165
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xcb0b5cb7cb0c46c5e8b7890586a66df5
[peap] Got tunneled reply RADIUS code 11
EAP-Message =
0x010700201a0107001b10a49f4b340cb74751d41eab71dea1c3656c796e6e6165
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xcb0b5cb7cb0c46c5e8b7890586a66df5
[peap] Got tunneled Access-Challenge
++[eap] returns handled
Sending Access-Challenge of id 124 to 192.168.2.254 port 2060
EAP-Message =
0x0107004b190017030100404bb93a159a1c6d5bb5237d89e435ce74303486a45960d329c8428887d26c3b7c4b02086ec9719bb16228a893b0bc411d2d0c714900f86713ea810d5abcdff4ec
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x9157e73c9750fe6f0d908f26ca869d55
Finished request 163.
Going to the next request
Waking up in 4.7 seconds.
rad_recv: Access-Request packet from host 192.168.2.254 port 2060,
id=125, length=300
User-Name = "lynnae"
NAS-IP-Address = 192.168.2.254
NAS-Port = 0
Called-Station-Id = "30-46-9A-0E-B4-DF:druid"
Calling-Station-Id = "7C-61-93-9E-3A-D9"
Framed-MTU = 1400
NAS-Port-Type = Wireless-802.11
Connect-Info = "CONNECT 0Mbps 802.11"
EAP-Message =
0x02070090190017030100200ad8c74abf696c3e28f1105016b9135fdbc9774b4de57cbeb2bc8255627527ad1703010060bb7a27cab3edffb2b489d65cc6890be1037a4c145325ebd5b7916ef97bb95f9fe6d7287532542d2b4b3d134a8e0d0dc6e30a406768e6f56c2221dc012fb9b8b336f3a923770fc669b7f1057a0ebbb6d4c433d9a31569b04e3f7141147c50ca9d
State = 0x9157e73c9750fe6f0d908f26ca869d55
Message-Authenticator = 0x2b81c4d7dc683889d77dc4b66c5aa4c3
# Executing section authorize from file /etc/freeradius/sites-enabled/default
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
++[digest] returns noop
[suffix] No '@' in User-Name = "lynnae", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] EAP packet type response id 7 length 144
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
# Executing group from file /etc/freeradius/sites-enabled/default
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
[peap] eaptls_verify returned 7
[peap] Done initial handshake
[peap] eaptls_process returned 7
[peap] EAPTLS_OK
[peap] Session established. Decoding tunneled attributes.
[peap] Peap state phase2
[peap] EAP type mschapv2
[peap] Got tunneled request
EAP-Message =
0x020700411a0207003c31831e0af9085ee3ef21b1cf05b6f1023600000000000000005f21df5f4a1fe749346f35f30ee425be58039c49d4f4f0d1006c796e6e6165
server {
PEAP: Setting User-Name to lynnae
Sending tunneled request
EAP-Message =
0x020700411a0207003c31831e0af9085ee3ef21b1cf05b6f1023600000000000000005f21df5f4a1fe749346f35f30ee425be58039c49d4f4f0d1006c796e6e6165
FreeRADIUS-Proxied-To = 127.0.0.1
User-Name = "lynnae"
State = 0xcb0b5cb7cb0c46c5e8b7890586a66df5
server inner-tunnel {
# Executing section authorize from file
/etc/freeradius/sites-enabled/inner-tunnel
+- entering group authorize {...}
[sql] expand: %{User-Name} -> lynnae
[sql] sql_set_user escaped user --> 'lynnae'
rlm_sql (sql): Reserving sql socket id: 0
[sql] expand: SELECT id, username, attribute, value, op
FROM radcheck WHERE username = '%{SQL-User-Name}'
ORDER BY id -> SELECT id, username, attribute, value, op
FROM radcheck WHERE username = 'lynnae' ORDER BY
id
rlm_sql_mysql: query: SELECT id, username, attribute, value, op
FROM radcheck WHERE username = 'lynnae' ORDER
BY id
[sql] User found in radcheck table
[sql] expand: SELECT id, username, attribute, value, op
FROM radreply WHERE username = '%{SQL-User-Name}'
ORDER BY id -> SELECT id, username, attribute, value, op
FROM radreply WHERE username = 'lynnae' ORDER BY
id
rlm_sql_mysql: query: SELECT id, username, attribute, value, op
FROM radreply WHERE username = 'lynnae' ORDER
BY id
[sql] expand: SELECT groupname FROM radusergroup
WHERE username = '%{SQL-User-Name}' ORDER BY priority ->
SELECT groupname FROM radusergroup WHERE username
= 'lynnae' ORDER BY priority
rlm_sql_mysql: query: SELECT groupname FROM radusergroup
WHERE username = 'lynnae' ORDER BY priority
[sql] expand: SELECT id, groupname, attribute, Value, op
FROM radgroupcheck WHERE groupname = '%{Sql-Group}'
ORDER BY id -> SELECT id, groupname, attribute,
Value, op FROM radgroupcheck WHERE groupname =
'sandruid-ap-wifi' ORDER BY id
rlm_sql_mysql: query: SELECT id, groupname, attribute,
Value, op FROM radgroupcheck WHERE groupname =
'sandruid-ap-wifi' ORDER BY id
[sql] User found in group sandruid-ap-wifi
[sql] expand: SELECT id, groupname, attribute, value, op
FROM radgroupreply WHERE groupname = '%{Sql-Group}'
ORDER BY id -> SELECT id, groupname, attribute,
value, op FROM radgroupreply WHERE groupname =
'sandruid-ap-wifi' ORDER BY id
rlm_sql_mysql: query: SELECT id, groupname, attribute,
value, op FROM radgroupreply WHERE groupname =
'sandruid-ap-wifi' ORDER BY id
rlm_sql (sql): Released sql socket id: 0
++[sql] returns ok
++[chap] returns noop
++[mschap] returns noop
[suffix] No '@' in User-Name = "lynnae", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
++[control] returns noop
[eap] EAP packet type response id 7 length 65
[eap] No EAP Start, assuming it's an on-going EAP conversation
++[eap] returns updated
[sql] expand: %{User-Name} -> lynnae
[sql] sql_set_user escaped user --> 'lynnae'
rlm_sql (sql): Reserving sql socket id: 4
[sql] expand: SELECT id, username, attribute, value, op
FROM radcheck WHERE username = '%{SQL-User-Name}'
ORDER BY id -> SELECT id, username, attribute, value, op
FROM radcheck WHERE username = 'lynnae' ORDER BY
id
rlm_sql_mysql: query: SELECT id, username, attribute, value, op
FROM radcheck WHERE username = 'lynnae' ORDER
BY id
[sql] User found in radcheck table
[sql] expand: SELECT id, username, attribute, value, op
FROM radreply WHERE username = '%{SQL-User-Name}'
ORDER BY id -> SELECT id, username, attribute, value, op
FROM radreply WHERE username = 'lynnae' ORDER BY
id
rlm_sql_mysql: query: SELECT id, username, attribute, value, op
FROM radreply WHERE username = 'lynnae' ORDER
BY id
[sql] expand: SELECT groupname FROM radusergroup
WHERE username = '%{SQL-User-Name}' ORDER BY priority ->
SELECT groupname FROM radusergroup WHERE username
= 'lynnae' ORDER BY priority
rlm_sql_mysql: query: SELECT groupname FROM radusergroup
WHERE username = 'lynnae' ORDER BY priority
[sql] expand: SELECT id, groupname, attribute, Value, op
FROM radgroupcheck WHERE groupname = '%{Sql-Group}'
ORDER BY id -> SELECT id, groupname, attribute,
Value, op FROM radgroupcheck WHERE groupname =
'sandruid-ap-wifi' ORDER BY id
rlm_sql_mysql: query: SELECT id, groupname, attribute,
Value, op FROM radgroupcheck WHERE groupname =
'sandruid-ap-wifi' ORDER BY id
[sql] User found in group sandruid-ap-wifi
[sql] expand: SELECT id, groupname, attribute, value, op
FROM radgroupreply WHERE groupname = '%{Sql-Group}'
ORDER BY id -> SELECT id, groupname, attribute,
value, op FROM radgroupreply WHERE groupname =
'sandruid-ap-wifi' ORDER BY id
rlm_sql_mysql: query: SELECT id, groupname, attribute,
value, op FROM radgroupreply WHERE groupname =
'sandruid-ap-wifi' ORDER BY id
rlm_sql (sql): Released sql socket id: 4
++[sql] returns ok
++[expiration] returns noop
++[logintime] returns noop
[pap] WARNING: Auth-Type already set. Not setting to PAP
++[pap] returns noop
Found Auth-Type = EAP
# Executing group from file /etc/freeradius/sites-enabled/inner-tunnel
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/mschapv2
[eap] processing type mschapv2
[mschapv2] # Executing group from file
/etc/freeradius/sites-enabled/inner-tunnel
[mschapv2] +- entering group MS-CHAP {...}
[mschap] Creating challenge hash with username: lynnae
[mschap] Told to do MS-CHAPv2 for lynnae with NT-Password
[mschap] adding MS-CHAPv2 MPPE keys
++[mschap] returns ok
MSCHAP Success
++[eap] returns handled
} # server inner-tunnel
[peap] Got tunneled reply code 11
EAP-Message =
0x010800331a0307002e533d41304337333331334131393842343535453932393139314536373931423133323236343832444536
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xcb0b5cb7ca0346c5e8b7890586a66df5
[peap] Got tunneled reply RADIUS code 11
EAP-Message =
0x010800331a0307002e533d41304337333331334131393842343535453932393139314536373931423133323236343832444536
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xcb0b5cb7ca0346c5e8b7890586a66df5
[peap] Got tunneled Access-Challenge
++[eap] returns handled
Sending Access-Challenge of id 125 to 192.168.2.254 port 2060
EAP-Message =
0x0108005b19001703010050d4ef871ef051eee9064cbccd470060a8b87bb932e68b1bccbb4e785482d44706047401c585a1bff2b413de10675f0879a882c7eab49a9e6021420798515a86b6038a8492a06e6a9f4aa3d52247dcbdb3
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x9157e73c965ffe6f0d908f26ca869d55
Finished request 164.
Going to the next request
Waking up in 4.7 seconds.
rad_recv: Access-Request packet from host 192.168.2.254 port 2060,
id=126, length=236
User-Name = "lynnae"
NAS-IP-Address = 192.168.2.254
NAS-Port = 0
Called-Station-Id = "30-46-9A-0E-B4-DF:druid"
Calling-Station-Id = "7C-61-93-9E-3A-D9"
Framed-MTU = 1400
NAS-Port-Type = Wireless-802.11
Connect-Info = "CONNECT 0Mbps 802.11"
EAP-Message =
0x0208005019001703010020c7a82ee86578ced416e7b235e6a7dc0e820e535a79e74b51e898a5ee2987a19617030100207ccbea411a1626f94f5346f51111cc82a43507e66fdd3085253b682bd18f3e12
State = 0x9157e73c965ffe6f0d908f26ca869d55
Message-Authenticator = 0x99343416c2852adf5b655e9243d67783
# Executing section authorize from file /etc/freeradius/sites-enabled/default
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
++[digest] returns noop
[suffix] No '@' in User-Name = "lynnae", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] EAP packet type response id 8 length 80
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
# Executing group from file /etc/freeradius/sites-enabled/default
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
[peap] eaptls_verify returned 7
[peap] Done initial handshake
[peap] eaptls_process returned 7
[peap] EAPTLS_OK
[peap] Session established. Decoding tunneled attributes.
[peap] Peap state phase2
[peap] EAP type mschapv2
[peap] Got tunneled request
EAP-Message = 0x020800061a03
server {
PEAP: Setting User-Name to lynnae
Sending tunneled request
EAP-Message = 0x020800061a03
FreeRADIUS-Proxied-To = 127.0.0.1
User-Name = "lynnae"
State = 0xcb0b5cb7ca0346c5e8b7890586a66df5
server inner-tunnel {
# Executing section authorize from file
/etc/freeradius/sites-enabled/inner-tunnel
+- entering group authorize {...}
[sql] expand: %{User-Name} -> lynnae
[sql] sql_set_user escaped user --> 'lynnae'
rlm_sql (sql): Reserving sql socket id: 3
[sql] expand: SELECT id, username, attribute, value, op
FROM radcheck WHERE username = '%{SQL-User-Name}'
ORDER BY id -> SELECT id, username, attribute, value, op
FROM radcheck WHERE username = 'lynnae' ORDER BY
id
rlm_sql_mysql: query: SELECT id, username, attribute, value, op
FROM radcheck WHERE username = 'lynnae' ORDER
BY id
[sql] User found in radcheck table
[sql] expand: SELECT id, username, attribute, value, op
FROM radreply WHERE username = '%{SQL-User-Name}'
ORDER BY id -> SELECT id, username, attribute, value, op
FROM radreply WHERE username = 'lynnae' ORDER BY
id
rlm_sql_mysql: query: SELECT id, username, attribute, value, op
FROM radreply WHERE username = 'lynnae' ORDER
BY id
[sql] expand: SELECT groupname FROM radusergroup
WHERE username = '%{SQL-User-Name}' ORDER BY priority ->
SELECT groupname FROM radusergroup WHERE username
= 'lynnae' ORDER BY priority
rlm_sql_mysql: query: SELECT groupname FROM radusergroup
WHERE username = 'lynnae' ORDER BY priority
[sql] expand: SELECT id, groupname, attribute, Value, op
FROM radgroupcheck WHERE groupname = '%{Sql-Group}'
ORDER BY id -> SELECT id, groupname, attribute,
Value, op FROM radgroupcheck WHERE groupname =
'sandruid-ap-wifi' ORDER BY id
rlm_sql_mysql: query: SELECT id, groupname, attribute,
Value, op FROM radgroupcheck WHERE groupname =
'sandruid-ap-wifi' ORDER BY id
[sql] User found in group sandruid-ap-wifi
[sql] expand: SELECT id, groupname, attribute, value, op
FROM radgroupreply WHERE groupname = '%{Sql-Group}'
ORDER BY id -> SELECT id, groupname, attribute,
value, op FROM radgroupreply WHERE groupname =
'sandruid-ap-wifi' ORDER BY id
rlm_sql_mysql: query: SELECT id, groupname, attribute,
value, op FROM radgroupreply WHERE groupname =
'sandruid-ap-wifi' ORDER BY id
rlm_sql (sql): Released sql socket id: 3
++[sql] returns ok
++[chap] returns noop
++[mschap] returns noop
[suffix] No '@' in User-Name = "lynnae", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
++[control] returns noop
[eap] EAP packet type response id 8 length 6
[eap] No EAP Start, assuming it's an on-going EAP conversation
++[eap] returns updated
[sql] expand: %{User-Name} -> lynnae
[sql] sql_set_user escaped user --> 'lynnae'
rlm_sql (sql): Reserving sql socket id: 2
[sql] expand: SELECT id, username, attribute, value, op
FROM radcheck WHERE username = '%{SQL-User-Name}'
ORDER BY id -> SELECT id, username, attribute, value, op
FROM radcheck WHERE username = 'lynnae' ORDER BY
id
rlm_sql_mysql: query: SELECT id, username, attribute, value, op
FROM radcheck WHERE username = 'lynnae' ORDER
BY id
[sql] User found in radcheck table
[sql] expand: SELECT id, username, attribute, value, op
FROM radreply WHERE username = '%{SQL-User-Name}'
ORDER BY id -> SELECT id, username, attribute, value, op
FROM radreply WHERE username = 'lynnae' ORDER BY
id
rlm_sql_mysql: query: SELECT id, username, attribute, value, op
FROM radreply WHERE username = 'lynnae' ORDER
BY id
[sql] expand: SELECT groupname FROM radusergroup
WHERE username = '%{SQL-User-Name}' ORDER BY priority ->
SELECT groupname FROM radusergroup WHERE username
= 'lynnae' ORDER BY priority
rlm_sql_mysql: query: SELECT groupname FROM radusergroup
WHERE username = 'lynnae' ORDER BY priority
[sql] expand: SELECT id, groupname, attribute, Value, op
FROM radgroupcheck WHERE groupname = '%{Sql-Group}'
ORDER BY id -> SELECT id, groupname, attribute,
Value, op FROM radgroupcheck WHERE groupname =
'sandruid-ap-wifi' ORDER BY id
rlm_sql_mysql: query: SELECT id, groupname, attribute,
Value, op FROM radgroupcheck WHERE groupname =
'sandruid-ap-wifi' ORDER BY id
[sql] User found in group sandruid-ap-wifi
[sql] expand: SELECT id, groupname, attribute, value, op
FROM radgroupreply WHERE groupname = '%{Sql-Group}'
ORDER BY id -> SELECT id, groupname, attribute,
value, op FROM radgroupreply WHERE groupname =
'sandruid-ap-wifi' ORDER BY id
rlm_sql_mysql: query: SELECT id, groupname, attribute,
value, op FROM radgroupreply WHERE groupname =
'sandruid-ap-wifi' ORDER BY id
rlm_sql (sql): Released sql socket id: 2
++[sql] returns ok
++[expiration] returns noop
++[logintime] returns noop
[pap] WARNING: Auth-Type already set. Not setting to PAP
++[pap] returns noop
Found Auth-Type = EAP
# Executing group from file /etc/freeradius/sites-enabled/inner-tunnel
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/mschapv2
[eap] processing type mschapv2
[eap] Freeing handler
++[eap] returns ok
# Executing section session from file /etc/freeradius/sites-enabled/inner-tunnel
+- entering group session {...}
[sql] expand: %{User-Name} -> lynnae
[sql] sql_set_user escaped user --> 'lynnae'
[sql] expand: SELECT COUNT(*) #FROM
radacct #WHERE username =
'%{SQL-User-Name}' #AND acctstoptime IS
NULL -> SELECT COUNT(*) #FROM radacct
#WHERE username = 'lynnae'
#AND acctstoptime IS NULL
rlm_sql (sql): Reserving sql socket id: 1
rlm_sql_mysql: query: SELECT COUNT(*)
#FROM radacct #WHERE username = 'lynnae'
#AND acctstoptime IS NULL
[sql] expand: SELECT radacctid, acctsessionid, username,
nasipaddress, nasportid, framedipaddress,
callingstationid, framedprotocol
FROM radacct WHERE
username = '%{SQL-User-Name}' AND
acctstoptime IS NULL -> SELECT radacctid, acctsessionid, username,
nasipaddress, nasportid, framedipaddress,
callingstationid, framedprotocol
FROM radacct
WHERE username = 'lynnae' AND
acctstoptime IS NULL
rlm_sql_mysql: query: SELECT radacctid, acctsessionid, username,
nasipaddress, nasportid, framedipaddress,
callingstationid, framedprotocol
FROM radacct WHERE
username = 'lynnae' AND acctstoptime IS
NULL
rlm_sql (sql): Released sql socket id: 1
++[sql] returns ok
# Executing section post-auth from file
/etc/freeradius/sites-enabled/inner-tunnel
+- entering group post-auth {...}
[sql] expand: %{User-Name} -> lynnae
[sql] sql_set_user escaped user --> 'lynnae'
[sql] expand: %{User-Password} ->
[sql] ... expanding second conditional
[sql] expand: %{Chap-Password} ->
[sql] expand: INSERT INTO radpostauth
(username, pass, reply, authdate) VALUES (
'%{User-Name}',
'%{%{User-Password}:-%{Chap-Password}}',
'%{reply:Packet-Type}', '%S') -> INSERT INTO radpostauth
(username, pass, reply, authdate)
VALUES ( 'lynnae',
'', 'Access-Accept', '2011-11-08 10:54:24')
[sql] expand: /var/log/freeradius/sqltrace.sql ->
/var/log/freeradius/sqltrace.sql
rlm_sql (sql) in sql_postauth: query is INSERT INTO radpostauth
(username, pass, reply, authdate)
VALUES ( 'lynnae',
'', 'Access-Accept', '2011-11-08
10:54:24')
rlm_sql (sql): Reserving sql socket id: 0
rlm_sql_mysql: query: INSERT INTO radpostauth
(username, pass, reply, authdate) VALUES (
'lynnae', '',
'Access-Accept', '2011-11-08 10:54:24')
rlm_sql (sql): Released sql socket id: 0
++[sql] returns ok
} # server inner-tunnel
[peap] Got tunneled reply code 2
MS-MPPE-Encryption-Policy = 0x00000001
MS-MPPE-Encryption-Types = 0x00000006
MS-MPPE-Send-Key = 0x64d23cb7d938395e60b2bc98eb9667b1
MS-MPPE-Recv-Key = 0x1cf788005312432f10b9b54e6ada00ca
EAP-Message = 0x03080004
Message-Authenticator = 0x00000000000000000000000000000000
User-Name = "lynnae"
[peap] Got tunneled reply RADIUS code 2
MS-MPPE-Encryption-Policy = 0x00000001
MS-MPPE-Encryption-Types = 0x00000006
MS-MPPE-Send-Key = 0x64d23cb7d938395e60b2bc98eb9667b1
MS-MPPE-Recv-Key = 0x1cf788005312432f10b9b54e6ada00ca
EAP-Message = 0x03080004
Message-Authenticator = 0x00000000000000000000000000000000
User-Name = "lynnae"
[peap] Tunneled authentication was successful.
[peap] SUCCESS
++[eap] returns handled
Sending Access-Challenge of id 126 to 192.168.2.254 port 2060
EAP-Message =
0x0109002b190017030100203b08dfc30d197b615b6fd93ace4064321d2d342373d79450163e1d77d966c2f1
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x9157e73c995efe6f0d908f26ca869d55
Finished request 165.
Going to the next request
Waking up in 4.7 seconds.
rad_recv: Access-Request packet from host 192.168.2.254 port 2060,
id=127, length=236
User-Name = "lynnae"
NAS-IP-Address = 192.168.2.254
NAS-Port = 0
Called-Station-Id = "30-46-9A-0E-B4-DF:druid"
Calling-Station-Id = "7C-61-93-9E-3A-D9"
Framed-MTU = 1400
NAS-Port-Type = Wireless-802.11
Connect-Info = "CONNECT 0Mbps 802.11"
EAP-Message =
0x0209005019001703010020bed5ff20d6475746ddae396e91ec11a0c3fbfd81efa0edbe1c567395bf43547b170301002007b4740b564efd19a9e3400e8847bf04f4260b75a7e9983f4d5f6d60fe05273b
State = 0x9157e73c995efe6f0d908f26ca869d55
Message-Authenticator = 0xc7bf139807bb5c02c88262210dea9c27
# Executing section authorize from file /etc/freeradius/sites-enabled/default
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
++[digest] returns noop
[suffix] No '@' in User-Name = "lynnae", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] EAP packet type response id 9 length 80
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
# Executing group from file /etc/freeradius/sites-enabled/default
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
[peap] eaptls_verify returned 7
[peap] Done initial handshake
[peap] eaptls_process returned 7
[peap] EAPTLS_OK
[peap] Session established. Decoding tunneled attributes.
[peap] Peap state send tlv success
[peap] Received EAP-TLV response.
[peap] Success
[eap] Freeing handler
++[eap] returns ok
# Executing section post-auth from file /etc/freeradius/sites-enabled/default
+- entering group post-auth {...}
[sql] expand: %{User-Name} -> lynnae
[sql] sql_set_user escaped user --> 'lynnae'
[sql] expand: %{User-Password} ->
[sql] ... expanding second conditional
[sql] expand: %{Chap-Password} ->
[sql] expand: INSERT INTO radpostauth
(username, pass, reply, authdate) VALUES (
'%{User-Name}',
'%{%{User-Password}:-%{Chap-Password}}',
'%{reply:Packet-Type}', '%S') -> INSERT INTO radpostauth
(username, pass, reply, authdate)
VALUES ( 'lynnae',
'', 'Access-Accept', '2011-11-08 10:54:24')
[sql] expand: /var/log/freeradius/sqltrace.sql ->
/var/log/freeradius/sqltrace.sql
rlm_sql (sql) in sql_postauth: query is INSERT INTO radpostauth
(username, pass, reply, authdate)
VALUES ( 'lynnae',
'', 'Access-Accept', '2011-11-08
10:54:24')
rlm_sql (sql): Reserving sql socket id: 4
rlm_sql_mysql: query: INSERT INTO radpostauth
(username, pass, reply, authdate) VALUES (
'lynnae', '',
'Access-Accept', '2011-11-08 10:54:24')
rlm_sql (sql): Released sql socket id: 4
++[sql] returns ok
++[exec] returns noop
Sending Access-Accept of id 127 to 192.168.2.254 port 2060
3
7
Hi,
I have configured FreeRadius to authenticate against LDAP. I have installed
and configured FreeRadius in FreeBSD Server and LDAP is already set up in
another server. I configured as below: (Changes on file are shown on bold
letter)
*/usr/local/etc/raddb/modules/ldap :*
ldap {
# Define the LDAP server and the base domain name
server = *"localhost"*
basedn = *"dc=example,dc=com"*
# Define which attribute from an LDAP "ldapsearch" query
# is the password. Create a filter to extract the password
# from the "ldapsearch" output
password_attribute = "userPassword"
filter = "(uid=%{Stripped-User-Name:-%{User-Name}})"
# The following are RADIUS defaults
start_tls = no
dictionary_mapping = ${raddbdir}/ldap.attrmap
ldap_connections_number = 5
timeout = 4
timelimit = 3
net_timeout = 1
}
*/usr/local/etc/raddb/sites-enabled/default :*
authorize {
...
...
#
# The ldap module will set Auth-Type to LDAP if it has not
# already been set
Ldap
...
...
}
Auth-Type LDAP {
ldap
}
Also, same type of modifications has been done on :
*/usr/local/etc/raddb/sites-enabled/inner-tunnel*
Also, change has been made to users file adding LDAP user authentication.
But when I run radiusd -X command to run freeradius on debug mode, it gives
following error:
/usr/local/etc/raddb/modules/ldap[29]: Failed to link to module 'rlm_ldap':
file not found
/usr/local/etc/raddb/sites-enabled/inner-tunnel[237]: Failed to load module
"ldap".
/usr/local/etc/raddb/sites-enabled/inner-tunnel[237]: Failed to parse "ldap"
entry.
I don't know what to do? I would appreciate anyone's idea.
Should I need to configure anything if I have freeradius server on one
machine and LDAP server on another machine. They are not on same
machine/host.
Thanks
--
View this message in context: http://freeradius.1045715.n5.nabble.com/Problem-FreeRadius-Authentication-u…
Sent from the FreeRadius - User mailing list archive at Nabble.com.
2
3
Sorry, CTRL+Enter is not a good keyboard on Monday Morning ;)
So, I return to the NAS some VSAs depending LDAP Group like this :
if (Ldap-Group == "MyGroup") {
update reply {
# Rules for Cisco Routeurs
Service-Type = NAS-Prompt-User
cisco-avpair = "shell:priv-lvl=15"
# Rule for 3Com Access
Service-Type += Login-User
Login-Service += Telnet
Login-Service += 3com-50
H3C-Exec_Privilege = 3
3Com-User-Access-Level = 3Com-Manager
#AV-Pair for F5 BigIP LTM Access (see /usr/share/freeradius/dictionnary.f5)
F5-LTM-User-Role = Manager
F5-LTM-User-Info-1 = myGroup
F5-LTM-User-Partition = Common
F5-LTM-User-Shell = bpsh
Etc
.
Is there any to check a NAS attribute to split replies, with sort of VSAs
groups for each NAS type, in post-auth ?
I have the following nas table :
mysql> describe nas;
+-------------+--------------+------+-----+---------------+----------------+
| Field | Type | Null | Key | Default | Extra |
+-------------+--------------+------+-----+---------------+----------------+
| id | int(10) | NO | PRI | NULL | auto_increment |
| nasname | varchar(128) | NO | MUL | NULL | |
| shortname | varchar(32) | YES | | NULL | |
| type | varchar(30) | YES | | other | |
| ports | int(5) | YES | | NULL | |
| secret | varchar(60) | NO | | secret | |
| server | varchar(64) | YES | | NULL | |
| community | varchar(50) | YES | | NULL | |
| description | varchar(200) | YES | | RADIUS Client | |
+-------------+--------------+------+-----+---------------+----------------+
Thanks in advance for your help !
Fabien VINCENT
Ingénieur Réseaux & Sécurité / ASSR Produits
Niveau 3 - Infrastructure & Produits
<mailto:fabien.vincent@coreye.fr> fabien.vincent(a)coreye.fr
coreye
Parc de la Haute Borne
22, rue Hergé
59650 Villeneuve d'Ascq
<http://www.pictime.com/> www.pictime.com
De : Vincent, Fabien
Envoyé : lundi 7 novembre 2011 10:31
À : 'freeradius-users(a)lists.freeradius.org'
Objet : NAS in sql and returning specific VSAs
Hi all,
I have one question about Free Radius and NAS in sql database.
I return to the NAS some VSAs depending LDAP User-Group like this :
Fabien VINCENT
Ingénieur Réseaux & Sécurité / ASSR Produits
Niveau 3 - Infrastructure & Produits
<mailto:fabien.vincent@coreye.fr> fabien.vincent(a)coreye.fr
coreye
Parc de la Haute Borne
22, rue Hergé
59650 Villeneuve d'Ascq
<http://www.pictime.com/> www.pictime.com
3
4
Hi all,
Im using FreeRadius to authenticate admin users on Firewall / Load Balancer
webui.
Actually my configuration works well, but I just tried to had a new Load
Balancer with Radius Auth, but Ive a strange message :
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 10.15.50.251 port 27705, id=236,
length=94
User-Name = "myuser"
User-Password = "pass"
NAS-IP-Address = 10.10.10.10
NAS-Identifier = "httpd"
NAS-Port = 26680
NAS-Port-Type = Virtual
Service-Type = Authenticate-Only
Calling-Station-Id = "192.168.0.1"
server NULL {
No such virtual server NULL
Invalid user: [myuser] (from client NAS-SHORTNAME port 26680 cli
192.168.0.1)
} # server NULL
Using Post-Auth-Type Reject
No such virtual server NULL
Delaying reject of request 2 for 1 seconds
Going to the next request
What is this message ? No such virtual server NULL
Why this works for existing configuration and adding a new NAS to sql
database is giving this result ?
Thanks in advance for your help !
Fabien VINCENT
Ingénieur Réseaux & Sécurité / ASSR Produits
Niveau 3 - Infrastructure & Produits
<mailto:fabien.vincent@coreye.fr> fabien.vincent(a)coreye.fr
2
2
Hello
My name is Remon and I would like to know your opinion about the next
problem and my ldap module configuration:
I have an authentication system base on: freeradius-2.1.7 and OpenLdap
2.3.30.
Our users are authenticated against LDAP and it is getting back a role
(student or Employee).
Recently I have changed the ldap topology and after that we are having a
lot of problems.
the radius log show us a lot of lines like:
Error: Discarding duplicate request from client xxxxxxx port 32841 - ID:
112 due to unfinished request 421
Error: rlm_ldap: All ldap connections are in use
I read some post about this problem, and they say that the problem could be
a slow connection with Ldap or a indexing problem of the ldap,
My question is,
if the reason of this problem could be my ldap module configuration and
the type of filter that I use for searching the users in the diferents
groups or only depend on ldap server configuration?
First of all, my new ldap structure is like:
dc=company,
dc=com--------------------------------------ou--------------------------------------------ou=radius
(groupOfNames, radiusprofile)
|
| | cn=student
|
|ou=groups (groupOfNames) vlan-parameters
cn=users |-
cn=student
member (user1,......) | cn= employee
| |-
cn=employee vlan-parameters
|-
user1 member
(user2,......)
|- user2
|- .......
My server version is freeradius-sderver-2.1.7
My ldap module configuration is:
server = "xxx.xxx.xxx.xxx"
identity = "cn=xxxx,dc=yyy,dc=zz"
password = sssss
basedn = "dc=yyy,dc=zz"
filter = "(uid=%{Stripped-User-Name})"
groupmembership_filter =
"(&(objectClass=groupOfNames)(member=%{control:LDAP-UserDn}))"
access_attr = "uid"
password_attribute = Cleartext-Password
ldap_connections_number = 200
timeout = 4
timelimit = 3
net_timeout = 1
tls {
start_tls = no
}
dictionary_mapping = ${confdir}/ldap.attrmap
edir_account_policy_check = no
I send you the output when a user "student13" is authenticated :
Tue Nov 8 10:05:54 2011 : Info: FreeRADIUS Version 2.1.7, for host
i686-pc-linux-gnu, built on Feb 11 2010 at 17:23:35
Tue Nov 8 10:05:54 2011 : Info: Copyright (C) 1999-2009 The FreeRADIUS
server project and contributors.
Tue Nov 8 10:05:54 2011 : Info: There is NO warranty; not even for
MERCHANTABILITY or FITNESS FOR A
Tue Nov 8 10:05:54 2011 : Info: PARTICULAR PURPOSE.
Tue Nov 8 10:05:54 2011 : Info: You may redistribute copies of FreeRADIUS
under the terms of the
Tue Nov 8 10:05:54 2011 : Info: GNU General Public License v2.
Tue Nov 8 10:05:54 2011 : Info: Starting - reading configuration files ...
Tue Nov 8 10:05:54 2011 : Debug: including configuration file
/usr/local/etc/raddb/radiusd.conf
Tue Nov 8 10:05:54 2011 : Debug: including configuration file
/usr/local/etc/raddb/proxy.conf
Tue Nov 8 10:05:54 2011 : Debug: including configuration file
/usr/local/etc/raddb/clients.conf
Tue Nov 8 10:05:54 2011 : Debug: including files in directory
/usr/local/etc/raddb/modules/
Tue Nov 8 10:05:54 2011 : Debug: including configuration file
/usr/local/etc/raddb/modules/policy
Tue Nov 8 10:05:54 2011 : Debug: including configuration file
/usr/local/etc/raddb/modules/unix
Tue Nov 8 10:05:54 2011 : Debug: including configuration file
/usr/local/etc/raddb/modules/echo
Tue Nov 8 10:05:54 2011 : Debug: including configuration file
/usr/local/etc/raddb/modules/smbpasswd
Tue Nov 8 10:05:54 2011 : Debug: including configuration file
/usr/local/etc/raddb/modules/acct_unique
Tue Nov 8 10:05:54 2011 : Debug: including configuration file
/usr/local/etc/raddb/modules/files
Tue Nov 8 10:05:54 2011 : Debug: including configuration file
/usr/local/etc/raddb/modules/detail.log
Tue Nov 8 10:05:54 2011 : Debug: including configuration file
/usr/local/etc/raddb/modules/checkval
Tue Nov 8 10:05:54 2011 : Debug: including configuration file
/usr/local/etc/raddb/modules/etc_group
Tue Nov 8 10:05:54 2011 : Debug: including configuration file
/usr/local/etc/raddb/modules/pam
Tue Nov 8 10:05:54 2011 : Debug: including configuration file
/usr/local/etc/raddb/modules/ippool
Tue Nov 8 10:05:54 2011 : Debug: including configuration file
/usr/local/etc/raddb/modules/chap
Tue Nov 8 10:05:54 2011 : Debug: including configuration file
/usr/local/etc/raddb/modules/detail
Tue Nov 8 10:05:54 2011 : Debug: including configuration file
/usr/local/etc/raddb/modules/krb5
Tue Nov 8 10:05:54 2011 : Debug: including configuration file
/usr/local/etc/raddb/modules/passwd
Tue Nov 8 10:05:54 2011 : Debug: including configuration file
/usr/local/etc/raddb/modules/inner-eap
Tue Nov 8 10:05:54 2011 : Debug: including configuration file
/usr/local/etc/raddb/modules/detail.example.com
Tue Nov 8 10:05:54 2011 : Debug: including configuration file
/usr/local/etc/raddb/modules/logintime
Tue Nov 8 10:05:54 2011 : Debug: including configuration file
/usr/local/etc/raddb/modules/expiration
Tue Nov 8 10:05:54 2011 : Debug: including configuration file
/usr/local/etc/raddb/modules/mac2ip
Tue Nov 8 10:05:54 2011 : Debug: including configuration file
/usr/local/etc/raddb/modules/attr_filter
Tue Nov 8 10:05:54 2011 : Debug: including configuration file
/usr/local/etc/raddb/modules/smsotp
Tue Nov 8 10:05:54 2011 : Debug: including configuration file
/usr/local/etc/raddb/modules/mschap
Tue Nov 8 10:05:54 2011 : Debug: including configuration file
/usr/local/etc/raddb/modules/counter
Tue Nov 8 10:05:54 2011 : Debug: including configuration file
/usr/local/etc/raddb/modules/pap
Tue Nov 8 10:05:54 2011 : Debug: including configuration file
/usr/local/etc/raddb/modules/digest
Tue Nov 8 10:05:54 2011 : Debug: including configuration file
/usr/local/etc/raddb/modules/expr
Tue Nov 8 10:05:54 2011 : Debug: including configuration file
/usr/local/etc/raddb/modules/preprocess
Tue Nov 8 10:05:54 2011 : Debug: including configuration file
/usr/local/etc/raddb/modules/sradutmp
Tue Nov 8 10:05:54 2011 : Debug: including configuration file
/usr/local/etc/raddb/modules/otp
Tue Nov 8 10:05:54 2011 : Debug: including configuration file
/usr/local/etc/raddb/modules/wimax
Tue Nov 8 10:05:54 2011 : Debug: including configuration file
/usr/local/etc/raddb/modules/realm
Tue Nov 8 10:05:54 2011 : Debug: including configuration file
/usr/local/etc/raddb/modules/radutmp
Tue Nov 8 10:05:54 2011 : Debug: including configuration file
/usr/local/etc/raddb/modules/perl
Tue Nov 8 10:05:54 2011 : Debug: including configuration file
/usr/local/etc/raddb/modules/cui
Tue Nov 8 10:05:54 2011 : Debug: including configuration file
/usr/local/etc/raddb/modules/mac2vlan
Tue Nov 8 10:05:54 2011 : Debug: including configuration file
/usr/local/etc/raddb/modules/linelog
Tue Nov 8 10:05:54 2011 : Debug: including configuration file
/usr/local/etc/raddb/modules/always
Tue Nov 8 10:05:54 2011 : Debug: including configuration file
/usr/local/etc/raddb/modules/sqlcounter_expire_on_login
Tue Nov 8 10:05:54 2011 : Debug: including configuration file
/usr/local/etc/raddb/modules/exec
Tue Nov 8 10:05:54 2011 : Debug: including configuration file
/usr/local/etc/raddb/modules/sql_log
Tue Nov 8 10:05:54 2011 : Debug: including configuration file
/usr/local/etc/raddb/modules/ldap
Tue Nov 8 10:05:54 2011 : Debug: including configuration file
/usr/local/etc/raddb/modules/attr_rewrite
Tue Nov 8 10:05:54 2011 : Debug: including configuration file
/usr/local/etc/raddb/eap.conf
Tue Nov 8 10:05:54 2011 : Debug: including configuration file
/usr/local/etc/raddb/policy.conf
Tue Nov 8 10:05:54 2011 : Debug: including configuration file
/usr/local/etc/raddb/sites-enabled/default
Tue Nov 8 10:05:54 2011 : Debug: including configuration file
/usr/local/etc/raddb/sites-enabled/control-socket
Tue Nov 8 10:05:54 2011 : Debug: including configuration file
/usr/local/etc/raddb/sites-enabled/inner-tunnel
Tue Nov 8 10:05:54 2011 : Debug: group = freerad
Tue Nov 8 10:05:54 2011 : Debug: user = freerad
Tue Nov 8 10:05:54 2011 : Debug: including dictionary file
/usr/local/etc/raddb/dictionary
Tue Nov 8 10:05:54 2011 : Debug: main {
Tue Nov 8 10:05:54 2011 : Debug: prefix = "/usr/local"
Tue Nov 8 10:05:54 2011 : Debug: localstatedir = "/usr/local/var"
Tue Nov 8 10:05:54 2011 : Debug: logdir = "/usr/local/var/log/radius"
Tue Nov 8 10:05:54 2011 : Debug: libdir = "/usr/local/lib"
Tue Nov 8 10:05:54 2011 : Debug: radacctdir =
"/usr/local/var/log/radius/radacct"
Tue Nov 8 10:05:54 2011 : Debug: hostname_lookups = no
Tue Nov 8 10:05:54 2011 : Debug: max_request_time = 30
Tue Nov 8 10:05:54 2011 : Debug: cleanup_delay = 5
Tue Nov 8 10:05:54 2011 : Debug: max_requests = 1024
Tue Nov 8 10:05:54 2011 : Debug: allow_core_dumps = no
Tue Nov 8 10:05:54 2011 : Debug: pidfile =
"/usr/local/var/run/radiusd/radiusd.pid"
Tue Nov 8 10:05:54 2011 : Debug: checkrad = "/usr/local/sbin/checkrad"
Tue Nov 8 10:05:54 2011 : Debug: debug_level = 0
Tue Nov 8 10:05:54 2011 : Debug: proxy_requests = yes
Tue Nov 8 10:05:54 2011 : Debug: log {
Tue Nov 8 10:05:54 2011 : Debug: stripped_names = no
Tue Nov 8 10:05:54 2011 : Debug: auth = yes
Tue Nov 8 10:05:54 2011 : Debug: auth_badpass = no
Tue Nov 8 10:05:54 2011 : Debug: auth_goodpass = no
Tue Nov 8 10:05:54 2011 : Debug: }
Tue Nov 8 10:05:54 2011 : Debug: security {
Tue Nov 8 10:05:54 2011 : Debug: max_attributes = 200
Tue Nov 8 10:05:54 2011 : Debug: reject_delay = 1
Tue Nov 8 10:05:54 2011 : Debug: status_server = yes
Tue Nov 8 10:05:54 2011 : Debug: }
Tue Nov 8 10:05:54 2011 : Debug: }
Tue Nov 8 10:05:54 2011 : Debug: radiusd: #### Loading Realms and Home
Servers ####
Tue Nov 8 10:05:54 2011 : Debug: proxy server {
Tue Nov 8 10:05:54 2011 : Debug: retry_delay = 5
Tue Nov 8 10:05:54 2011 : Debug: retry_count = 3
Tue Nov 8 10:05:54 2011 : Debug: default_fallback = yes
Tue Nov 8 10:05:54 2011 : Debug: dead_time = 120
Tue Nov 8 10:05:54 2011 : Debug: wake_all_if_all_dead = no
Tue Nov 8 10:05:54 2011 : Debug: }
Tue Nov 8 10:05:54 2011 : Debug: realm LOCAL {
Tue Nov 8 10:05:54 2011 : Debug: }
Tue Nov 8 10:05:54 2011 : Debug: realm NULL {
Tue Nov 8 10:05:54 2011 : Debug: }
Tue Nov 8 10:05:54 2011 : Debug: home_server radius_proxy {
Tue Nov 8 10:05:54 2011 : Debug: ipaddr = xxx.xxx.xxx.xxx
Tue Nov 8 10:05:54 2011 : Debug: port = 1812
Tue Nov 8 10:05:54 2011 : Debug: type = "auth+acct"
Tue Nov 8 10:05:54 2011 : Debug: secret = "xxxxxxx"
Tue Nov 8 10:05:54 2011 : Debug: response_window = 20
Tue Nov 8 10:05:54 2011 : Debug: max_outstanding = 65536
Tue Nov 8 10:05:54 2011 : Debug: zombie_period = 40
Tue Nov 8 10:05:54 2011 : Debug: status_check = "none"
Tue Nov 8 10:05:54 2011 : Debug: ping_interval = 30
Tue Nov 8 10:05:54 2011 : Debug: check_interval = 30
Tue Nov 8 10:05:54 2011 : Debug: num_answers_to_alive = 3
Tue Nov 8 10:05:54 2011 : Debug: num_pings_to_alive = 3
Tue Nov 8 10:05:54 2011 : Debug: revive_interval = 60
Tue Nov 8 10:05:54 2011 : Debug: status_check_timeout = 4
Tue Nov 8 10:05:54 2011 : Debug: irt = 2
Tue Nov 8 10:05:54 2011 : Debug: mrt = 16
Tue Nov 8 10:05:54 2011 : Debug: mrc = 5
Tue Nov 8 10:05:54 2011 : Debug: mrd = 30
Tue Nov 8 10:05:54 2011 : Debug: }
Tue Nov 8 10:05:54 2011 : Debug: home_server radius_24 {
Tue Nov 8 10:05:54 2011 : Debug: ipaddr = xxx.xxx.xxx.xxx
Tue Nov 8 10:05:54 2011 : Debug: port = 1812
Tue Nov 8 10:05:54 2011 : Debug: type = "auth+acct"
Tue Nov 8 10:05:54 2011 : Debug: secret = "xxxxxxx"
Tue Nov 8 10:05:54 2011 : Debug: response_window = 20
Tue Nov 8 10:05:54 2011 : Debug: max_outstanding = 65536
Tue Nov 8 10:05:54 2011 : Debug: zombie_period = 40
Tue Nov 8 10:05:54 2011 : Debug: status_check = "none"
Tue Nov 8 10:05:54 2011 : Debug: ping_interval = 30
Tue Nov 8 10:05:54 2011 : Debug: check_interval = 30
Tue Nov 8 10:05:54 2011 : Debug: num_answers_to_alive = 3
Tue Nov 8 10:05:54 2011 : Debug: num_pings_to_alive = 3
Tue Nov 8 10:05:54 2011 : Debug: revive_interval = 60
Tue Nov 8 10:05:54 2011 : Debug: status_check_timeout = 4
Tue Nov 8 10:05:54 2011 : Debug: irt = 2
Tue Nov 8 10:05:54 2011 : Debug: mrt = 16
Tue Nov 8 10:05:54 2011 : Debug: mrc = 5
Tue Nov 8 10:05:54 2011 : Debug: mrd = 30
Tue Nov 8 10:05:54 2011 : Debug: }
Tue Nov 8 10:05:54 2011 : Debug: home_server_pool radius_29 {
Tue Nov 8 10:05:54 2011 : Debug: type = fail-over
Tue Nov 8 10:05:54 2011 : Debug: home_server = radius_24
Tue Nov 8 10:05:54 2011 : Debug: }
Tue Nov 8 10:05:54 2011 : Debug: radiusd: #### Loading Clients ####
Tue Nov 8 10:05:54 2011 : Debug: client localhost {
Tue Nov 8 10:05:54 2011 : Debug: ipaddr = 127.0.0.1
Tue Nov 8 10:05:54 2011 : Debug: require_message_authenticator = no
Tue Nov 8 10:05:54 2011 : Debug: secret = "xxxxxx"
Tue Nov 8 10:05:54 2011 : Debug: shortname = "localhost"
Tue Nov 8 10:05:54 2011 : Debug: }
Tue Nov 8 10:05:54 2011 : Debug: radiusd: #### Instantiating modules ####
Tue Nov 8 10:05:54 2011 : Debug: instantiate {
Tue Nov 8 10:05:54 2011 : Debug: (Loaded rlm_exec, checking if it's
valid)
Tue Nov 8 10:05:54 2011 : Debug: Module: Linked to module rlm_exec
Tue Nov 8 10:05:54 2011 : Debug: Module: Instantiating exec
Tue Nov 8 10:05:54 2011 : Debug: exec {
Tue Nov 8 10:05:54 2011 : Debug: wait = no
Tue Nov 8 10:05:54 2011 : Debug: input_pairs = "request"
Tue Nov 8 10:05:54 2011 : Debug: shell_escape = yes
Tue Nov 8 10:05:54 2011 : Debug: }
Tue Nov 8 10:05:54 2011 : Debug: (Loaded rlm_expr, checking if it's
valid)
Tue Nov 8 10:05:54 2011 : Debug: Module: Linked to module rlm_expr
Tue Nov 8 10:05:54 2011 : Debug: Module: Instantiating expr
Tue Nov 8 10:05:54 2011 : Debug: (Loaded rlm_expiration, checking if
it's valid)
Tue Nov 8 10:05:54 2011 : Debug: Module: Linked to module rlm_expiration
Tue Nov 8 10:05:54 2011 : Debug: Module: Instantiating expiration
Tue Nov 8 10:05:54 2011 : Debug: expiration {
Tue Nov 8 10:05:54 2011 : Debug: reply-message = "Password Has
Expired "
Tue Nov 8 10:05:54 2011 : Debug: }
Tue Nov 8 10:05:54 2011 : Debug: (Loaded rlm_logintime, checking if
it's valid)
Tue Nov 8 10:05:54 2011 : Debug: Module: Linked to module rlm_logintime
Tue Nov 8 10:05:54 2011 : Debug: Module: Instantiating logintime
Tue Nov 8 10:05:54 2011 : Debug: logintime {
Tue Nov 8 10:05:54 2011 : Debug: reply-message = "You are calling
outside your allowed timespan "
Tue Nov 8 10:05:54 2011 : Debug: minimum-timeout = 60
Tue Nov 8 10:05:54 2011 : Debug: }
Tue Nov 8 10:05:54 2011 : Debug: }
Tue Nov 8 10:05:54 2011 : Debug: radiusd: #### Loading Virtual Servers ####
Tue Nov 8 10:05:54 2011 : Debug: server wifi2 {
Tue Nov 8 10:05:54 2011 : Debug: modules {
Tue Nov 8 10:05:54 2011 : Debug: Module: Checking authenticate {...} for
more modules to load
Tue Nov 8 10:05:54 2011 : Debug: (Loaded rlm_pap, checking if it's
valid)
Tue Nov 8 10:05:54 2011 : Debug: Module: Linked to module rlm_pap
Tue Nov 8 10:05:54 2011 : Debug: Module: Instantiating pap
Tue Nov 8 10:05:54 2011 : Debug: pap {
Tue Nov 8 10:05:54 2011 : Debug: encryption_scheme = "auto"
Tue Nov 8 10:05:54 2011 : Debug: auto_header = no
Tue Nov 8 10:05:54 2011 : Debug: }
Tue Nov 8 10:05:54 2011 : Debug: (Loaded rlm_unix, checking if it's
valid)
Tue Nov 8 10:05:54 2011 : Debug: Module: Linked to module rlm_unix
Tue Nov 8 10:05:54 2011 : Debug: Module: Instantiating unix
Tue Nov 8 10:05:54 2011 : Debug: unix {
Tue Nov 8 10:05:54 2011 : Debug: radwtmp =
"/usr/local/var/log/radius/radwtmp"
Tue Nov 8 10:05:54 2011 : Debug: }
Tue Nov 8 10:05:54 2011 : Debug: (Loaded rlm_ldap, checking if it's
valid)
Tue Nov 8 10:05:54 2011 : Debug: Module: Linked to module rlm_ldap
Tue Nov 8 10:05:54 2011 : Debug: Module: Instantiating ldap
Tue Nov 8 10:05:54 2011 : Debug: ldap {
Tue Nov 8 10:05:54 2011 : Debug: server = "xxx.xxx.xxx.xxx"
Tue Nov 8 10:05:54 2011 : Debug: port = 389
Tue Nov 8 10:05:54 2011 : Debug: password = "xxxxxx"
Tue Nov 8 10:05:54 2011 : Debug: identity =
"cn=admin,dc=company,dc=com"
Tue Nov 8 10:05:54 2011 : Debug: net_timeout = 50
Tue Nov 8 10:05:54 2011 : Debug: timeout = 50
Tue Nov 8 10:05:54 2011 : Debug: timelimit = 10
Tue Nov 8 10:05:54 2011 : Debug: tls_mode = no
Tue Nov 8 10:05:54 2011 : Debug: start_tls = no
Tue Nov 8 10:05:54 2011 : Debug: tls_require_cert = "allow"
Tue Nov 8 10:05:54 2011 : Debug: tls {
Tue Nov 8 10:05:54 2011 : Debug: start_tls = no
Tue Nov 8 10:05:54 2011 : Debug: require_cert = "allow"
Tue Nov 8 10:05:54 2011 : Debug: }
Tue Nov 8 10:05:54 2011 : Debug: basedn = "dc=company,dc=com"
Tue Nov 8 10:05:54 2011 : Debug: filter = "(uid=%{Stripped-User-Name})"
Tue Nov 8 10:05:54 2011 : Debug: base_filter =
"(objectclass=radiusprofile)"
Tue Nov 8 10:05:54 2011 : Debug: password_attribute =
"Cleartext-Password"
Tue Nov 8 10:05:54 2011 : Debug: auto_header = no
Tue Nov 8 10:05:54 2011 : Debug: access_attr = "uid"
Tue Nov 8 10:05:54 2011 : Debug: access_attr_used_for_allow = yes
Tue Nov 8 10:05:54 2011 : Debug: groupname_attribute = "cn"
Tue Nov 8 10:05:54 2011 : Debug: groupmembership_filter =
"(&(objectClass=groupOfNames)(member=%{control:LDAP-UserDn}))"
Tue Nov 8 10:05:54 2011 : Debug: dictionary_mapping =
"/usr/local/etc/raddb/ldap.attrmap"
Tue Nov 8 10:05:54 2011 : Debug: ldap_debug = 0
Tue Nov 8 10:05:54 2011 : Debug: ldap_connections_number = 200
Tue Nov 8 10:05:54 2011 : Debug: compare_check_items = no
Tue Nov 8 10:05:54 2011 : Debug: do_xlat = yes
Tue Nov 8 10:05:54 2011 : Debug: set_auth_type = yes
Tue Nov 8 10:05:54 2011 : Debug: }
Tue Nov 8 10:05:54 2011 : Debug: rlm_ldap: Registering ldap_groupcmp for
Ldap-Group
Tue Nov 8 10:05:54 2011 : Debug: rlm_ldap: Registering ldap_xlat with
xlat_name ldap
Tue Nov 8 10:05:54 2011 : Debug: rlm_ldap: reading ldap<->radius mappings
from file /usr/local/etc/raddb/ldap.attrmap
Tue Nov 8 10:05:54 2011 : Debug: rlm_ldap: LDAP radiusCheckItem mapped to
RADIUS $GENERIC$
Tue Nov 8 10:05:54 2011 : Debug: rlm_ldap: LDAP radiusReplyItem mapped to
RADIUS $GENERIC$
Tue Nov 8 10:05:54 2011 : Debug: rlm_ldap: LDAP radiusAuthType mapped to
RADIUS Auth-Type
Tue Nov 8 10:05:54 2011 : Debug: rlm_ldap: LDAP radiusSimultaneousUse
mapped to RADIUS Simultaneous-Use
Tue Nov 8 10:05:54 2011 : Debug: rlm_ldap: LDAP radiusCalledStationId
mapped to RADIUS Called-Station-Id
Tue Nov 8 10:05:54 2011 : Debug: rlm_ldap: LDAP radiusCallingStationId
mapped to RADIUS Calling-Station-Id
Tue Nov 8 10:05:54 2011 : Debug: rlm_ldap: LDAP sambaLmPassword mapped to
RADIUS LM-Password
Tue Nov 8 10:05:54 2011 : Debug: rlm_ldap: LDAP sambaNtPassword mapped to
RADIUS NT-Password
Tue Nov 8 10:05:54 2011 : Debug: rlm_ldap: LDAP acctFlags mapped to RADIUS
SMB-Account-CTRL-TEXT
Tue Nov 8 10:05:54 2011 : Debug: rlm_ldap: LDAP radiusExpiration mapped to
RADIUS Expiration
Tue Nov 8 10:05:54 2011 : Debug: rlm_ldap: LDAP radiusNASIpAddress mapped
to RADIUS NAS-IP-Address
Tue Nov 8 10:05:54 2011 : Debug: rlm_ldap: LDAP radiusServiceType mapped
to RADIUS Service-Type
Tue Nov 8 10:05:54 2011 : Debug: rlm_ldap: LDAP radiusFramedProtocol
mapped to RADIUS Framed-Protocol
Tue Nov 8 10:05:54 2011 : Debug: rlm_ldap: LDAP radiusFramedIPAddress
mapped to RADIUS Framed-IP-Address
Tue Nov 8 10:05:54 2011 : Debug: rlm_ldap: LDAP radiusFramedIPNetmask
mapped to RADIUS Framed-IP-Netmask
Tue Nov 8 10:05:54 2011 : Debug: rlm_ldap: LDAP radiusFramedRoute mapped
to RADIUS Framed-Route
Tue Nov 8 10:05:54 2011 : Debug: rlm_ldap: LDAP radiusFramedRouting mapped
to RADIUS Framed-Routing
Tue Nov 8 10:05:54 2011 : Debug: rlm_ldap: LDAP radiusFilterId mapped to
RADIUS Filter-Id
Tue Nov 8 10:05:54 2011 : Debug: rlm_ldap: LDAP radiusFramedMTU mapped to
RADIUS Framed-MTU
Tue Nov 8 10:05:54 2011 : Debug: rlm_ldap: LDAP radiusFramedCompression
mapped to RADIUS Framed-Compression
Tue Nov 8 10:05:54 2011 : Debug: rlm_ldap: LDAP radiusLoginService mapped
to RADIUS Login-Service
Tue Nov 8 10:05:54 2011 : Debug: rlm_ldap: LDAP radiusLoginTCPPort mapped
to RADIUS Login-TCP-Port
Tue Nov 8 10:05:54 2011 : Debug: rlm_ldap: LDAP radiusCallbackNumber
mapped to RADIUS Callback-Number
Tue Nov 8 10:05:54 2011 : Debug: rlm_ldap: LDAP radiusCallbackId mapped to
RADIUS Callback-Id
Tue Nov 8 10:05:54 2011 : Debug: rlm_ldap: LDAP radiusFramedIPXNetwork
mapped to RADIUS Framed-IPX-Network
Tue Nov 8 10:05:54 2011 : Debug: rlm_ldap: LDAP radiusClass mapped to
RADIUS Class
Tue Nov 8 10:05:54 2011 : Debug: rlm_ldap: LDAP radiusSessionTimeout
mapped to RADIUS Session-Timeout
Tue Nov 8 10:05:54 2011 : Debug: rlm_ldap: LDAP radiusIdleTimeout mapped
to RADIUS Idle-Timeout
Tue Nov 8 10:05:54 2011 : Debug: rlm_ldap: LDAP radiusTerminationAction
mapped to RADIUS Termination-Action
Tue Nov 8 10:05:54 2011 : Debug: rlm_ldap: LDAP radiusLoginLATService
mapped to RADIUS Login-LAT-Service
Tue Nov 8 10:05:54 2011 : Debug: rlm_ldap: LDAP radiusLoginLATNode mapped
to RADIUS Login-LAT-Node
Tue Nov 8 10:05:54 2011 : Debug: rlm_ldap: LDAP radiusLoginLATGroup mapped
to RADIUS Login-LAT-Group
Tue Nov 8 10:05:54 2011 : Debug: rlm_ldap: LDAP radiusFramedAppleTalkLink
mapped to RADIUS Framed-AppleTalk-Link
Tue Nov 8 10:05:54 2011 : Debug: rlm_ldap: LDAP
radiusFramedAppleTalkNetwork mapped to RADIUS Framed-AppleTalk-Network
Tue Nov 8 10:05:54 2011 : Debug: rlm_ldap: LDAP radiusFramedAppleTalkZone
mapped to RADIUS Framed-AppleTalk-Zone
Tue Nov 8 10:05:54 2011 : Debug: rlm_ldap: LDAP radiusPortLimit mapped to
RADIUS Port-Limit
Tue Nov 8 10:05:54 2011 : Debug: rlm_ldap: LDAP radiusLoginLATPort mapped
to RADIUS Login-LAT-Port
Tue Nov 8 10:05:54 2011 : Debug: rlm_ldap: LDAP radiusReplyMessage mapped
to RADIUS Reply-Message
Tue Nov 8 10:05:54 2011 : Debug: rlm_ldap: LDAP radiusTunnelType mapped to
RADIUS Tunnel-Type
Tue Nov 8 10:05:54 2011 : Debug: rlm_ldap: LDAP radiusTunnelMediumType
mapped to RADIUS Tunnel-Medium-Type
Tue Nov 8 10:05:54 2011 : Debug: rlm_ldap: LDAP radiusTunnelPrivateGroupId
mapped to RADIUS Tunnel-Private-Group-Id
Tue Nov 8 10:05:54 2011 : Debug: conns: 0x8174a38
Tue Nov 8 10:05:54 2011 : Debug: (Loaded rlm_eap, checking if it's
valid)
Tue Nov 8 10:05:54 2011 : Debug: Module: Linked to module rlm_eap
Tue Nov 8 10:05:54 2011 : Debug: Module: Instantiating eap
Tue Nov 8 10:05:54 2011 : Debug: eap {
Tue Nov 8 10:05:54 2011 : Debug: default_eap_type = "tls"
Tue Nov 8 10:05:54 2011 : Debug: timer_expire = 60
Tue Nov 8 10:05:54 2011 : Debug: ignore_unknown_eap_types = no
Tue Nov 8 10:05:54 2011 : Debug: cisco_accounting_username_bug = no
Tue Nov 8 10:05:54 2011 : Debug: max_sessions = 2048
Tue Nov 8 10:05:54 2011 : Debug: }
Tue Nov 8 10:05:54 2011 : Debug: Module: Linked to sub-module rlm_eap_md5
Tue Nov 8 10:05:54 2011 : Debug: Module: Instantiating eap-md5
Tue Nov 8 10:05:54 2011 : Debug: Module: Linked to sub-module rlm_eap_leap
Tue Nov 8 10:05:54 2011 : Debug: Module: Instantiating eap-leap
Tue Nov 8 10:05:54 2011 : Debug: Module: Linked to sub-module rlm_eap_gtc
Tue Nov 8 10:05:54 2011 : Debug: Module: Instantiating eap-gtc
Tue Nov 8 10:05:54 2011 : Debug: gtc {
Tue Nov 8 10:05:54 2011 : Debug: challenge = "Password: "
Tue Nov 8 10:05:54 2011 : Debug: auth_type = "PAP"
Tue Nov 8 10:05:54 2011 : Debug: }
Tue Nov 8 10:05:54 2011 : Debug: Module: Linked to sub-module rlm_eap_tls
Tue Nov 8 10:05:54 2011 : Debug: Module: Instantiating eap-tls
Tue Nov 8 10:05:54 2011 : Debug: tls {
Tue Nov 8 10:05:54 2011 : Debug: rsa_key_exchange = no
Tue Nov 8 10:05:54 2011 : Debug: dh_key_exchange = yes
Tue Nov 8 10:05:54 2011 : Debug: rsa_key_length = 512
Tue Nov 8 10:05:54 2011 : Debug: dh_key_length = 512
Tue Nov 8 10:05:54 2011 : Debug: verify_depth = 0
Tue Nov 8 10:05:54 2011 : Debug: pem_file_type = yes
Tue Nov 8 10:05:54 2011 : Debug: private_key_file =
"/usr/local/etc/raddb/eduroam_CA/10076494/radius.es_privatekey.pem"
Tue Nov 8 10:05:54 2011 : Debug: certificate_file =
"/usr/local/etc/raddb/eduroam_CA/10076494/10076494.crt"
Tue Nov 8 10:05:54 2011 : Debug: CA_file =
"/usr/local/etc/raddb/eduroam_CA/10076494/TERENASSL_PATH.pem"
Tue Nov 8 10:05:54 2011 : Debug: dh_file =
"/usr/local/etc/raddb/eduroam_CA/10076494/dh"
Tue Nov 8 10:05:54 2011 : Debug: random_file =
"/usr/local/etc/raddb/eduroam_CA/10076494/random"
Tue Nov 8 10:05:54 2011 : Debug: fragment_size = 1024
Tue Nov 8 10:05:54 2011 : Debug: include_length = yes
Tue Nov 8 10:05:54 2011 : Debug: check_crl = no
Tue Nov 8 10:05:54 2011 : Debug: cipher_list = "DEFAULT"
Tue Nov 8 10:05:54 2011 : Debug: }
Tue Nov 8 10:05:54 2011 : Debug: Module: Linked to sub-module rlm_eap_ttls
Tue Nov 8 10:05:54 2011 : Debug: Module: Instantiating eap-ttls
Tue Nov 8 10:05:54 2011 : Debug: ttls {
Tue Nov 8 10:05:54 2011 : Debug: default_eap_type = "md5"
Tue Nov 8 10:05:54 2011 : Debug: copy_request_to_tunnel = no
Tue Nov 8 10:05:54 2011 : Debug: use_tunneled_reply = yes
Tue Nov 8 10:05:54 2011 : Debug: virtual_server = "wifi2"
Tue Nov 8 10:05:54 2011 : Debug: include_length = yes
Tue Nov 8 10:05:54 2011 : Debug: }
Tue Nov 8 10:05:54 2011 : Debug: Module: Linked to sub-module rlm_eap_peap
Tue Nov 8 10:05:54 2011 : Debug: Module: Instantiating eap-peap
Tue Nov 8 10:05:54 2011 : Debug: peap {
Tue Nov 8 10:05:54 2011 : Debug: default_eap_type = "mschapv2"
Tue Nov 8 10:05:54 2011 : Debug: copy_request_to_tunnel = no
Tue Nov 8 10:05:54 2011 : Debug: use_tunneled_reply = yes
Tue Nov 8 10:05:54 2011 : Debug: proxy_tunneled_request_as_eap = yes
Tue Nov 8 10:05:54 2011 : Debug: virtual_server = "inner-tunnel"
Tue Nov 8 10:05:54 2011 : Debug: }
Tue Nov 8 10:05:54 2011 : Debug: Module: Linked to sub-module
rlm_eap_mschapv2
Tue Nov 8 10:05:54 2011 : Debug: Module: Instantiating eap-mschapv2
Tue Nov 8 10:05:54 2011 : Debug: mschapv2 {
Tue Nov 8 10:05:54 2011 : Debug: with_ntdomain_hack = no
Tue Nov 8 10:05:54 2011 : Debug: }
Tue Nov 8 10:05:54 2011 : Debug: Module: Checking authorize {...} for
more modules to load
Tue Nov 8 10:05:54 2011 : Debug: (Loaded rlm_detail, checking if it's
valid)
Tue Nov 8 10:05:54 2011 : Debug: Module: Linked to module rlm_detail
Tue Nov 8 10:05:54 2011 : Debug: Module: Instantiating auth_log
Tue Nov 8 10:05:54 2011 : Debug: detail auth_log {
Tue Nov 8 10:05:54 2011 : Debug: detailfile =
"/usr/local/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d"
Tue Nov 8 10:05:54 2011 : Debug: header = "%t"
Tue Nov 8 10:05:54 2011 : Debug: detailperm = 384
Tue Nov 8 10:05:54 2011 : Debug: dirperm = 493
Tue Nov 8 10:05:54 2011 : Debug: locking = no
Tue Nov 8 10:05:54 2011 : Debug: log_packet_header = no
Tue Nov 8 10:05:54 2011 : Debug: }
Tue Nov 8 10:05:54 2011 : Debug: (Loaded rlm_preprocess, checking if
it's valid)
Tue Nov 8 10:05:54 2011 : Debug: Module: Linked to module rlm_preprocess
Tue Nov 8 10:05:54 2011 : Debug: Module: Instantiating preprocess
Tue Nov 8 10:05:54 2011 : Debug: preprocess {
Tue Nov 8 10:05:54 2011 : Debug: huntgroups =
"/usr/local/etc/raddb/huntgroups"
Tue Nov 8 10:05:54 2011 : Debug: hints = "/usr/local/etc/raddb/hints"
Tue Nov 8 10:05:54 2011 : Debug: with_ascend_hack = no
Tue Nov 8 10:05:54 2011 : Debug: ascend_channels_per_line = 23
Tue Nov 8 10:05:54 2011 : Debug: with_ntdomain_hack = no
Tue Nov 8 10:05:54 2011 : Debug: with_specialix_jetstream_hack = no
Tue Nov 8 10:05:54 2011 : Debug: with_cisco_vsa_hack = no
Tue Nov 8 10:05:54 2011 : Debug: with_alvarion_vsa_hack = no
Tue Nov 8 10:05:54 2011 : Debug: }
Tue Nov 8 10:05:54 2011 : Debug: (Loaded rlm_realm, checking if it's
valid)
Tue Nov 8 10:05:54 2011 : Debug: Module: Linked to module rlm_realm
Tue Nov 8 10:05:54 2011 : Debug: Module: Instantiating suffix
Tue Nov 8 10:05:54 2011 : Debug: realm suffix {
Tue Nov 8 10:05:54 2011 : Debug: format = "suffix"
Tue Nov 8 10:05:54 2011 : Debug: delimiter = "@"
Tue Nov 8 10:05:54 2011 : Debug: ignore_default = no
Tue Nov 8 10:05:54 2011 : Debug: ignore_null = no
Tue Nov 8 10:05:54 2011 : Debug: }
Tue Nov 8 10:05:54 2011 : Debug: (Loaded rlm_files, checking if it's
valid)
Tue Nov 8 10:05:54 2011 : Debug: Module: Linked to module rlm_files
Tue Nov 8 10:05:54 2011 : Debug: Module: Instantiating files
Tue Nov 8 10:05:54 2011 : Debug: files {
Tue Nov 8 10:05:54 2011 : Debug: usersfile =
"/usr/local/etc/raddb/users"
Tue Nov 8 10:05:54 2011 : Debug: acctusersfile =
"/usr/local/etc/raddb/acct_users"
Tue Nov 8 10:05:54 2011 : Debug: preproxy_usersfile =
"/usr/local/etc/raddb/preproxy_users"
Tue Nov 8 10:05:54 2011 : Debug: compat = "no"
Tue Nov 8 10:05:54 2011 : Debug: }
Tue Nov 8 10:05:54 2011 : Debug: Module: Checking preacct {...} for more
modules to load
Tue Nov 8 10:05:54 2011 : Debug: (Loaded rlm_acct_unique, checking if
it's valid)
Tue Nov 8 10:05:54 2011 : Debug: Module: Linked to module rlm_acct_unique
Tue Nov 8 10:05:54 2011 : Debug: Module: Instantiating acct_unique
Tue Nov 8 10:05:54 2011 : Debug: acct_unique {
Tue Nov 8 10:05:54 2011 : Debug: key = "User-Name, Acct-Session-Id,
NAS-IP-Address, Client-IP-Address, NAS-Port"
Tue Nov 8 10:05:54 2011 : Debug: }
Tue Nov 8 10:05:54 2011 : Debug: Module: Checking accounting {...} for
more modules to load
Tue Nov 8 10:05:54 2011 : Debug: Module: Instantiating detail
Tue Nov 8 10:05:54 2011 : Debug: detail {
Tue Nov 8 10:05:54 2011 : Debug: detailfile =
"/usr/local/var/log/radius/radacct/%{Client-IP-Address}/detail-%Y%m%d"
Tue Nov 8 10:05:54 2011 : Debug: header = "%t"
Tue Nov 8 10:05:54 2011 : Debug: detailperm = 384
Tue Nov 8 10:05:54 2011 : Debug: dirperm = 493
Tue Nov 8 10:05:54 2011 : Debug: locking = no
Tue Nov 8 10:05:54 2011 : Debug: log_packet_header = no
Tue Nov 8 10:05:54 2011 : Debug: }
Tue Nov 8 10:05:54 2011 : Debug: (Loaded rlm_always, checking if it's
valid)
Tue Nov 8 10:05:54 2011 : Debug: Module: Linked to module rlm_always
Tue Nov 8 10:05:54 2011 : Debug: Module: Instantiating ok
Tue Nov 8 10:05:54 2011 : Debug: always ok {
Tue Nov 8 10:05:54 2011 : Debug: rcode = "ok"
Tue Nov 8 10:05:54 2011 : Debug: simulcount = 0
Tue Nov 8 10:05:54 2011 : Debug: mpp = no
Tue Nov 8 10:05:54 2011 : Debug: }
Tue Nov 8 10:05:54 2011 : Debug: Module: Checking session {...} for more
modules to load
Tue Nov 8 10:05:54 2011 : Debug: (Loaded rlm_radutmp, checking if it's
valid)
Tue Nov 8 10:05:54 2011 : Debug: Module: Linked to module rlm_radutmp
Tue Nov 8 10:05:54 2011 : Debug: Module: Instantiating radutmp
Tue Nov 8 10:05:54 2011 : Debug: radutmp {
Tue Nov 8 10:05:54 2011 : Debug: filename =
"/usr/local/var/log/radius/radutmp"
Tue Nov 8 10:05:54 2011 : Debug: username = "%{User-Name}"
Tue Nov 8 10:05:54 2011 : Debug: case_sensitive = yes
Tue Nov 8 10:05:54 2011 : Debug: check_with_nas = yes
Tue Nov 8 10:05:54 2011 : Debug: perm = 384
Tue Nov 8 10:05:54 2011 : Debug: callerid = yes
Tue Nov 8 10:05:54 2011 : Debug: }
Tue Nov 8 10:05:54 2011 : Debug: Module: Checking post-proxy {...} for
more modules to load
Tue Nov 8 10:05:54 2011 : Debug: Module: Checking post-auth {...} for
more modules to load
Tue Nov 8 10:05:54 2011 : Debug: (Loaded rlm_attr_filter, checking if
it's valid)
Tue Nov 8 10:05:54 2011 : Debug: Module: Linked to module rlm_attr_filter
Tue Nov 8 10:05:54 2011 : Debug: Module: Instantiating
attr_filter.access_reject
Tue Nov 8 10:05:54 2011 : Debug: attr_filter attr_filter.access_reject {
Tue Nov 8 10:05:54 2011 : Debug: attrsfile =
"/usr/local/etc/raddb/attrs.access_reject"
Tue Nov 8 10:05:54 2011 : Debug: key = "%{User-Name}"
Tue Nov 8 10:05:54 2011 : Debug: }
Tue Nov 8 10:05:54 2011 : Debug: } # modules
Tue Nov 8 10:05:54 2011 : Debug: } # server
Tue Nov 8 10:05:54 2011 : Debug: server inner-tunnel {
Tue Nov 8 10:05:54 2011 : Debug: modules {
Tue Nov 8 10:05:54 2011 : Debug: Module: Checking authenticate {...} for
more modules to load
Tue Nov 8 10:05:54 2011 : Debug: (Loaded rlm_chap, checking if it's
valid)
Tue Nov 8 10:05:54 2011 : Debug: Module: Linked to module rlm_chap
Tue Nov 8 10:05:54 2011 : Debug: Module: Instantiating chap
Tue Nov 8 10:05:54 2011 : Debug: (Loaded rlm_mschap, checking if it's
valid)
Tue Nov 8 10:05:54 2011 : Debug: Module: Linked to module rlm_mschap
Tue Nov 8 10:05:54 2011 : Debug: Module: Instantiating mschap
Tue Nov 8 10:05:54 2011 : Debug: mschap {
Tue Nov 8 10:05:54 2011 : Debug: use_mppe = yes
Tue Nov 8 10:05:54 2011 : Debug: require_encryption = no
Tue Nov 8 10:05:54 2011 : Debug: require_strong = no
Tue Nov 8 10:05:54 2011 : Debug: with_ntdomain_hack = yes
Tue Nov 8 10:05:54 2011 : Debug: }
Tue Nov 8 10:05:54 2011 : Debug: Module: Checking authorize {...} for
more modules to load
Tue Nov 8 10:05:54 2011 : Debug: Module: Checking session {...} for more
modules to load
Tue Nov 8 10:05:54 2011 : Debug: Module: Checking post-proxy {...} for
more modules to load
Tue Nov 8 10:05:54 2011 : Debug: Module: Checking post-auth {...} for
more modules to load
Tue Nov 8 10:05:54 2011 : Debug: } # modules
Tue Nov 8 10:05:54 2011 : Debug: } # server
Tue Nov 8 10:05:54 2011 : Debug: server {
Tue Nov 8 10:05:54 2011 : Debug: modules {
Tue Nov 8 10:05:54 2011 : Debug: Module: Checking authenticate {...} for
more modules to load
Tue Nov 8 10:05:54 2011 : Debug: Module: Checking authorize {...} for
more modules to load
Tue Nov 8 10:05:54 2011 : Debug: Module: Checking preacct {...} for more
modules to load
Tue Nov 8 10:05:54 2011 : Debug: Module: Checking accounting {...} for
more modules to load
Tue Nov 8 10:05:54 2011 : Debug: Module: Instantiating
attr_filter.accounting_response
Tue Nov 8 10:05:54 2011 : Debug: attr_filter
attr_filter.accounting_response {
Tue Nov 8 10:05:54 2011 : Debug: attrsfile =
"/usr/local/etc/raddb/attrs.accounting_response"
Tue Nov 8 10:05:54 2011 : Debug: key = "%{User-Name}"
Tue Nov 8 10:05:54 2011 : Debug: }
Tue Nov 8 10:05:54 2011 : Debug: Module: Checking session {...} for more
modules to load
Tue Nov 8 10:05:54 2011 : Debug: Module: Checking post-proxy {...} for
more modules to load
Tue Nov 8 10:05:54 2011 : Debug: Module: Checking post-auth {...} for
more modules to load
Tue Nov 8 10:05:54 2011 : Debug: } # modules
Tue Nov 8 10:05:54 2011 : Debug: } # server
Tue Nov 8 10:05:54 2011 : Debug: radiusd: #### Opening IP addresses and
Ports ####
Tue Nov 8 10:05:54 2011 : Debug: listen {
Tue Nov 8 10:05:54 2011 : Debug: type = "auth"
Tue Nov 8 10:05:54 2011 : Debug: ipaddr = *
Tue Nov 8 10:05:54 2011 : Debug: port = 0
Tue Nov 8 10:05:54 2011 : Debug: }
Tue Nov 8 10:05:54 2011 : Debug: listen {
Tue Nov 8 10:05:54 2011 : Debug: type = "acct"
Tue Nov 8 10:05:54 2011 : Debug: ipaddr = *
Tue Nov 8 10:05:54 2011 : Debug: port = 0
Tue Nov 8 10:05:54 2011 : Debug: }
Tue Nov 8 10:05:54 2011 : Debug: listen {
Tue Nov 8 10:05:54 2011 : Debug: type = "control"
Tue Nov 8 10:05:54 2011 : Debug: listen {
Tue Nov 8 10:05:54 2011 : Debug: socket =
"/usr/local/var/run/radiusd/radiusd.sock"
Tue Nov 8 10:05:54 2011 : Debug: }
Tue Nov 8 10:05:54 2011 : Debug: }
Tue Nov 8 10:05:54 2011 : Debug: Listening on authentication address *
port 1812
Tue Nov 8 10:05:54 2011 : Debug: Listening on accounting address * port
1813
Tue Nov 8 10:05:54 2011 : Debug: Listening on command file
/usr/local/var/run/radiusd/radiusd.sock
Tue Nov 8 10:05:54 2011 : Debug: Listening on proxy address * port 1814
Tue Nov 8 10:05:54 2011 : Debug: Ready to process requests.
rad_recv: Access-Request packet from host xxx.xxx.xxx.xxx port 32928,
id=80, length=61
User-Name = "student13"
User-Password = "xxxxxxx"
NAS-IP-Address = xxx.xxx.xxx.xxx
NAS-Port = 10
Tue Nov 8 10:06:21 2011 : Info: +- entering group authorize {...}
Tue Nov 8 10:06:21 2011 : Info: ++[preprocess] returns ok
Tue Nov 8 10:06:21 2011 : Info: ++[chap] returns noop
Tue Nov 8 10:06:21 2011 : Info: ++[mschap] returns noop
Tue Nov 8 10:06:21 2011 : Info: [suffix] No '@' in User-Name =
"student13", looking up realm NULL
Tue Nov 8 10:06:21 2011 : Info: [suffix] Found realm "NULL"
Tue Nov 8 10:06:21 2011 : Info: [suffix] Adding Stripped-User-Name =
"student13"
Tue Nov 8 10:06:21 2011 : Info: [suffix] Adding Realm = "NULL"
Tue Nov 8 10:06:21 2011 : Info: [suffix] Authentication realm is LOCAL.
Tue Nov 8 10:06:21 2011 : Info: ++[suffix] returns ok
Tue Nov 8 10:06:21 2011 : Info: [eap] No EAP-Message, not doing EAP
Tue Nov 8 10:06:21 2011 : Info: ++[eap] returns noop
Tue Nov 8 10:06:21 2011 : Info: ++[unix] returns notfound
Tue Nov 8 10:06:21 2011 : Debug: rlm_ldap: Entering ldap_groupcmp()
Tue Nov 8 10:06:21 2011 : Info: [files] expand: dc=company,dc=com ->
dc=company,dc=com
Tue Nov 8 10:06:21 2011 : Info: [files] expand:
(uid=%{Stripped-User-Name}) -> (uid=student13)
Tue Nov 8 10:06:21 2011 : Debug: rlm_ldap: ldap_get_conn: Checking Id: 0
Tue Nov 8 10:06:21 2011 : Debug: rlm_ldap: ldap_get_conn: Got Id: 0
Tue Nov 8 10:06:21 2011 : Debug: rlm_ldap: attempting LDAP reconnection
Tue Nov 8 10:06:21 2011 : Debug: rlm_ldap: (re)connect to
xxx.xxx.xxx.xxx:389, authentication 0
Tue Nov 8 10:06:21 2011 : Debug: rlm_ldap: bind as
cn=xxxxx,dc=company,dc=com/pppp to xxx.xxx.xxx.xxx:389
Tue Nov 8 10:06:21 2011 : Debug: rlm_ldap: waiting for bind result ...
Tue Nov 8 10:06:21 2011 : Debug: rlm_ldap: Bind was successful
Tue Nov 8 10:06:21 2011 : Debug: rlm_ldap: performing search in
dc=company,dc=com, with filter (uid=student13)
Tue Nov 8 10:06:22 2011 : Debug: rlm_ldap: ldap_release_conn: Release Id: 0
Tue Nov 8 10:06:22 2011 : Info: [files] expand:
(&(objectClass=groupOfNames)(member=%{control:LDAP-UserDn})) ->
(&(objectClass=groupOfNames)(member=cn\3dstudent13\2ccn\3dusers\2cdc\3dcompany\2cdc\3dcom))
Tue Nov 8 10:06:22 2011 : Debug: rlm_ldap: ldap_get_conn: Checking Id: 0
Tue Nov 8 10:06:22 2011 : Debug: rlm_ldap: ldap_get_conn: Got Id: 0
Tue Nov 8 10:06:22 2011 : Debug: rlm_ldap: performing search in
dc=company,dc=com, with filter
(&(cn=student13)(&(objectClass=groupOfNames)(member=cn\3dstudent13\2ccn\3dusers\2cdc\3dcompany\2cdc\3dcom)))
Tue Nov 8 10:06:22 2011 : Debug: rlm_ldap::ldap_groupcmp: User found in
group student
Tue Nov 8 10:06:22 2011 : Debug: rlm_ldap: ldap_release_conn: Release Id: 0
Tue Nov 8 10:06:22 2011 : Info: [files] users: Matched entry DEFAULT at
line 5
Tue Nov 8 10:06:22 2011 : Info: ++[files] returns ok
Tue Nov 8 10:06:22 2011 : Info: [ldap] performing user authorization for
student13
Tue Nov 8 10:06:22 2011 : Info: [ldap] expand:
(uid=%{Stripped-User-Name}) -> (uid=student13)
Tue Nov 8 10:06:22 2011 : Info: [ldap] expand: dc=company,dc=com ->
dc=company,dc=com
Tue Nov 8 10:06:22 2011 : Debug: rlm_ldap: ldap_get_conn: Checking Id: 0
Tue Nov 8 10:06:22 2011 : Debug: rlm_ldap: ldap_get_conn: Got Id: 0
Tue Nov 8 10:06:22 2011 : Debug: rlm_ldap: performing search in
dc=company,dc=com, with filter (uid=student13)
Tue Nov 8 10:06:23 2011 : Info: [ldap] checking if remote access for
student13 is allowed by uid
Tue Nov 8 10:06:23 2011 : Info: [ldap] looking for check items in
directory...
Tue Nov 8 10:06:23 2011 : Debug: rlm_ldap: sambaNtPassword -> NT-Password
== 0x555463443354631374445413844464334304134353244313042453044433445
Tue Nov 8 10:06:23 2011 : Debug: rlm_ldap: sambaLmPassword -> LM-Password
== 0x4323314245313638353037463743464341414433423433354235313430344545
Tue Nov 8 10:06:23 2011 : Info: [ldap] looking for reply items in
directory...
Tue Nov 8 10:06:23 2011 : Debug: WARNING: No "known good" password was
found in LDAP. Are you sure that the user is configured correctly?
Tue Nov 8 10:06:23 2011 : Info: [ldap] Setting Auth-Type = LDAP
Tue Nov 8 10:06:23 2011 : Info: [ldap] user student13 authorized to use
remote access
Tue Nov 8 10:06:23 2011 : Debug: rlm_ldap: ldap_release_conn: Release Id: 0
Tue Nov 8 10:06:23 2011 : Info: ++[ldap] returns ok
Tue Nov 8 10:06:23 2011 : Info: ++[expiration] returns noop
Tue Nov 8 10:06:23 2011 : Info: ++[logintime] returns noop
Tue Nov 8 10:06:23 2011 : Info: [pap] Normalizing NT-Password from hex
encoding
Tue Nov 8 10:06:23 2011 : Info: [pap] Normalizing LM-Password from hex
encoding
Tue Nov 8 10:06:23 2011 : Info: [pap] Found existing Auth-Type, not
changing it.
Tue Nov 8 10:06:23 2011 : Info: ++[pap] returns noop
Tue Nov 8 10:06:23 2011 : Info: Found Auth-Type = LDAP
Tue Nov 8 10:06:23 2011 : Info: +- entering group LDAP {...}
Tue Nov 8 10:06:23 2011 : Info: [ldap] login attempt by "student13" with
password "xxxxxx"
Tue Nov 8 10:06:23 2011 : Info: [ldap] user DN:
cn=student13,cn=users,dc=company,dc=com
Tue Nov 8 10:06:23 2011 : Debug: rlm_ldap: (re)connect to
xxx.xxx.xxx.xxx:389, authentication 1
Tue Nov 8 10:06:23 2011 : Debug: rlm_ldap: bind as
cn=student13,cn=users,dc=company,dc=com/xxxxxx to xxx.xxx.xxx.xxx:389
Tue Nov 8 10:06:23 2011 : Debug: rlm_ldap: waiting for bind result ...
Tue Nov 8 10:06:23 2011 : Debug: rlm_ldap: Bind was successful
Tue Nov 8 10:06:23 2011 : Info: [ldap] user student13 authenticated
succesfully
Tue Nov 8 10:06:23 2011 : Info: ++[ldap] returns ok
Tue Nov 8 10:06:23 2011 : Auth: Login OK: [student13] (from client radius
port 10)
Tue Nov 8 10:06:23 2011 : Info: +- entering group post-auth {...}
Tue Nov 8 10:06:23 2011 : Info: ++[exec] returns noop
Sending Access-Accept of id 80 to xxx.xxx.xxx.xxx port 32928
Aruba-User-Role = "student"
Tue Nov 8 10:06:23 2011 : Info: Finished request 0.
Tue Nov 8 10:06:23 2011 : Debug: Going to the next request
Tue Nov 8 10:06:23 2011 : Debug: Waking up in 4.9 seconds.
Tue Nov 8 10:06:28 2011 : Info: Cleaning up request 0 ID 80 with timestamp
+27
Tue Nov 8 10:06:28 2011 : Debug: Ready to process requests.
Thank you in advance
Remon
2
1
Hello all,
I have a policy in my post-auth that calculates a hash function based on
the real-identify of the user. The idea is that if the request is EAP-TTLS then I want to
use the User-Name property of the inner tunnel, whereas if the request is for EAP-TLS I
want to use the BUF-Name (if I've got it correctly).
How do I determine in my policy whether we are doing EAP-TLS or EAP-TTLS?
Can anyone help with that 'if' I am looking for?
Thanks a lot in advance,
Panos
2
2
Hi,
I want to install freeradius on RHEL5.
I downloaded tar.bz2.(version 2.1.12)
Run *rpmbuild -ba freeradius.spec*, but get an error:
.........
.........
Requires(rpmlib): rpmlib(CompressedFileNames) <= 3.0.4-1
rpmlib(PayloadFilesHavePrefix) <= 4.0-1
???????? ?? ?????????????(?) ????(?): /usr/lib/rpm/check-files
/var/tmp/freeradius-2.1.12-1-root-root
??????: ?????????(?) ?????????????(?) (?? ?? ???????????(?)) ????(?):
/usr/share/man/man1/smbencrypt.1.gz
/usr/share/man/man5/checkrad.5.gz
/usr/share/man/man8/radconf2xml.8.gz
/usr/share/man/man8/radcrypt.8.gz
/usr/share/man/man8/radsniff.8.gz
/usr/share/man/man8/rlm_dbm_cat.8.gz
/usr/share/man/man8/rlm_dbm_parse.8.gz
?????? ?????? ???????:
?????????(?) ?????????????(?) (?? ?? ???????????(?)) ????(?):
/usr/share/man/man1/smbencrypt.1.gz
/usr/share/man/man5/checkrad.5.gz
/usr/share/man/man8/radconf2xml.8.gz
/usr/share/man/man8/radcrypt.8.gz
/usr/share/man/man8/radsniff.8.gz
/usr/share/man/man8/rlm_dbm_cat.8.gz
/usr/share/man/man8/rlm_dbm_parse.8.gz
What am I doing wrong. What's the problem?
6
12
Hi all,
I have one question about Free Radius and NAS in sql database.
I return to the NAS some VSAs depending LDAP User-Group like this :
Fabien VINCENT
Ingénieur Réseaux & Sécurité / ASSR Produits
Niveau 3 - Infrastructure & Produits
<mailto:fabien.vincent@coreye.fr> fabien.vincent(a)coreye.fr
coreye
Parc de la Haute Borne
22, rue Hergé
59650 Villeneuve d'Ascq
<http://www.pictime.com/> www.pictime.com
1
0
Hello,
I'm sorry for asking such a simple(?) thing, but my lack of understanding is not due to a lack of reading, searching, trial-and-error... I just can't seem to figure out how to reference an ldap attribute in post-auth. Using freeradius 2.1.8, PEAPv0/EAP-MSCHAPv2 with AD for authentication and ldap for authorization works great. As an added functionality, I need to send to the NAS a few extra attributes based on an an ldap attribute "personType". I've added mapping for this attribute, and here's a snippet of the debug output from the authorize section of the virtual server:
...
[ldap] looking for check items in directory...
[ldap] looking for reply items in directory...
[ldap] personType -> Person-Type = "employee"
[ldap] personType -> Person-Type = "fulltime"
[ldap] personType -> Person-Type = "it"
WARNING: No "known good" password was found in LDAP. Are you sure that the user is configured correctly?
[ldap] user tadam authorized to use remote access
[ldap] ldap_release_conn: Release Id: 0
++[ldap] returns ok
...
How do I reference this attribute in a perl script I call from post-auth? It's not in %RAD_REQUEST, %RAD_REPLY, or %RAD_CHECK...
Actually, I can't even figure out how to call it from the post-auth section itself.. I've tried different things, but I'm thinking the following should work:
update reply{
Reply-Message := "Type: %{reply:Person-Type}."
}
Yet, I get:
...
+- entering group post-auth {...}
expand: Type: %{reply:Person-Type}. -> Type: .
++[reply] returns noop
...
Is there something else I need to do to make sure the values returned from the ldap module are saved for reference outside the authorization block?
A.
4
4