Freeradius-Users
Threads by month
- ----- 2026 -----
- July
- June
- May
- April
- March
- February
- January
- ----- 2025 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2024 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2023 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2022 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2021 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2020 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2019 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2018 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2017 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2016 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2015 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2014 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2013 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2012 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2011 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2010 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2009 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2008 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2007 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2006 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2005 -----
- December
- November
- October
- September
- August
- July
- June
- May
September 2014
- 105 participants
- 190 discussions
Himanshu Pandey wrote:
> Suppose for auth requests I want the statistics of authorize module. So
> in listen.c I have seen a function call ret_code=process_authorize();.
> So whatever is the ret_code of this module according to that a server
> replies to NAS.
That's not what you originally said.
The server DOES keep track of statistics per listener. And prints
them out. See the radmin "help" command.
> If you find this OK, the same thing I will follow for Accounting and
> Authentication requests as well.
There's no need.
Alan DeKok.
1
0
Hello everyone, I was observing my debug mode on server and I notice, when
I am logging out a user the radius server make the same 3 times! It is
normal behavior ??? I have configure my FreeRadius to work with MySQL.
Here is my log:
Ready to process requests
Received Accounting-Request Id 198 from 192.168.40.101:58545 to
192.168.40.12:1813 length 194
Acct-Status-Type = Stop
Acct-Terminate-Cause = User-Request
NAS-Port-Type = Wireless-802.11
Calling-Station-Id = '30:39:26:86:CC:EA'
Called-Station-Id = 'hotspot1'
NAS-Port-Id = 'citystore_test'
User-Name = 'user1'
NAS-Port = 2151678022
Acct-Session-Id = '80400046'
Framed-IP-Address = 10.5.50.254
Mikrotik-Host-IP = 10.5.50.254
Event-Timestamp = 'Sep 24 2014 14:28:16 EEST'
Acct-Input-Octets = 2197666
Acct-Output-Octets = 18331654
Acct-Input-Gigawords = 0
Acct-Output-Gigawords = 0
Acct-Input-Packets = 16603
Acct-Output-Packets = 16236
Acct-Session-Time = 1448
NAS-Identifier = 'MikroTik'
Acct-Delay-Time = 0
NAS-IP-Address = 192.168.40.101
(5) Received Accounting-Request packet from host 192.168.40.101 port 58545,
id=198, length=194
(5) Acct-Status-Type = Stop
(5) Acct-Terminate-Cause = User-Request
(5) NAS-Port-Type = Wireless-802.11
(5) Calling-Station-Id = '30:39:26:86:CC:EA'
(5) Called-Station-Id = 'hotspot1'
(5) NAS-Port-Id = 'citystore_test'
(5) User-Name = 'user1'
(5) NAS-Port = 2151678022
(5) Acct-Session-Id = '80400046'
(5) Framed-IP-Address = 10.5.50.254
(5) Mikrotik-Host-IP = 10.5.50.254
(5) Event-Timestamp = 'Sep 24 2014 14:28:16 EEST'
(5) Acct-Input-Octets = 2197666
(5) Acct-Output-Octets = 18331654
(5) Acct-Input-Gigawords = 0
(5) Acct-Output-Gigawords = 0
(5) Acct-Input-Packets = 16603
(5) Acct-Output-Packets = 16236
(5) Acct-Session-Time = 1448
(5) NAS-Identifier = 'MikroTik'
(5) Acct-Delay-Time = 0
(5) NAS-IP-Address = 192.168.40.101
(5) # Executing section preacct from file
/etc/freeradius/sites-enabled/default
(5) preacct {
(5) [preprocess] = ok
(5) acct_unique acct_unique {
(5) if ("%{string:Class}" =~ /ai:([0-9a-f]{32})/i)
(5) EXPAND %{string:Class}
(5) -->
(5) if ("%{string:Class}" =~ /ai:([0-9a-f]{32})/i) -> FALSE
(5) else else {
(5) update request {
(5) EXPAND
%{md5:%{User-Name},%{Acct-Session-ID},%{%{NAS-IPv6-Address}:-%{NAS-IP-Address}},%{NAS-Identifier},%{NAS-Port-ID},%{NAS-Port}}
(5) --> cd7c5cd7ff1adea4aeffeb8b6c859901
(5) Acct-Unique-Session-Id := "cd7c5cd7ff1adea4aeffeb8b6c859901"
(5) } # update request = noop
(5) } # else else = noop
(5) } # acct_unique acct_unique = noop
(5) suffix : Checking for suffix after "@"
(5) suffix : No '@' in User-Name = "user1", looking up realm NULL
(5) suffix : No such realm "NULL"
(5) [suffix] = noop
(5) [files] = noop
(5) } # preacct = ok
(5) # Executing section accounting from file
/etc/freeradius/sites-enabled/default
(5) accounting {
(5) detail : EXPAND
/var/log/freeradius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/detail-%Y%m%d
(5) detail : --> /var/log/freeradius/radacct/
192.168.40.101/detail-20140925
(5) detail :
/var/log/freeradius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/detail-%Y%m%d
expands to /var/log/freeradius/radacct/192.168.40.101/detail-20140925
(5) detail : EXPAND %t
(5) detail : --> Thu Sep 25 14:24:47 2014
(5) [detail] = ok
(5) [unix] = ok
(5) radutmp : EXPAND /var/log/freeradius/radutmp
(5) radutmp : --> /var/log/freeradius/radutmp
(5) radutmp : EXPAND %{User-Name}
(5) radutmp : --> user1
(5) [radutmp] = ok
(5) sql : EXPAND %{tolower:type.%{Acct-Status-Type}.query}
(5) sql : --> type.stop.query
(5) sql : Using query template 'query'
rlm_sql (sql): Reserved connection (6)
(5) sql : EXPAND %{User-Name}
(5) sql : --> user1
(5) sql : SQL-User-Name set to 'user1'
(5) sql : EXPAND UPDATE radacct SET acctstoptime =
FROM_UNIXTIME(%{integer:Event-Timestamp}), acctsessiontime =
'%{Acct-Session-Time}', acctinputoctets = '%{%{Acct-Input-Gigawords}:-0}'
<< 32 | '%{%{Acct-Input-Octets}:-0}', acctoutputoctets =
'%{%{Acct-Output-Gigawords}:-0}' << 32 | '%{%{Acct-Output-Octets}:-0}',
acctterminatecause = '%{Acct-Terminate-Cause}', connectinfo_stop =
'%{Connect-Info}' WHERE acctsessionid = '%{Acct-Session-Id}' AND username =
'%{SQL-User-Name}' AND nasipaddress = '%{NAS-IP-Address}'
(5) sql : --> UPDATE radacct SET acctstoptime =
FROM_UNIXTIME(1411558096), acctsessiontime = '1448', acctinputoctets = '0'
<< 32 | '2197666', acctoutputoctets = '0' << 32 | '18331654',
acctterminatecause = 'User-Request', connectinfo_stop = '' WHERE
acctsessionid = '80400046' AND username = 'user1' AND nasipaddress =
'192.168.40.101'
rlm_sql (sql): Executing query: 'UPDATE radacct SET acctstoptime =
FROM_UNIXTIME(1411558096), acctsessiontime = '1448', acctinputoctets = '0'
<< 32 | '2197666', acctoutputoctets = '0' << 32 | '18331654',
acctterminatecause = 'User-Request', connectinfo_stop = '' WHERE
acctsessionid = '80400046' AND username = 'user1' AND nasipaddress =
'192.168.40.101''
rlm_sql_mysql: Rows matched: 1 Changed: 1 Warnings: 0
rlm_sql (sql): Released connection (6)
rlm_sql (sql): 0 of 3 connections in use. Need more spares
rlm_sql (sql): Opening additional connection (7)
rlm_sql_mysql: Starting connect to MySQL server
rlm_sql (sql): Closing connection (5): Hit idle_timeout, was idle for 1449
seconds
rlm_sql (sql): You probably need to lower "min"
rlm_sql_mysql: Socket destructor called, closing socket
rlm_sql (sql): Closing connection (4): Hit idle_timeout, was idle for 1467
seconds
rlm_sql (sql): You probably need to lower "min"
rlm_sql_mysql: Socket destructor called, closing socket
(5) [sql] = ok
(5) [exec] = noop
(5) attr_filter.accounting_response : EXPAND %{User-Name}
(5) attr_filter.accounting_response : --> user1
(5) attr_filter.accounting_response : Matched entry DEFAULT at line 12
(5) [attr_filter.accounting_response] = updated
(5) } # accounting = updated
(5) Sending Accounting-Response packet to host 192.168.40.101 port 58545,
id=198, length=0
Sending Accounting-Response Id 198 from 192.168.40.12:1813 to
192.168.40.101:58545
(5) Finished request
(5) Cleaning up request packet ID 198 with timestamp +1572
Received Accounting-Request Id 198 from 192.168.40.101:58545 to
192.168.40.12:1813 length 194
Acct-Status-Type = Stop
Acct-Terminate-Cause = User-Request
NAS-Port-Type = Wireless-802.11
Calling-Station-Id = '30:39:26:86:CC:EA'
Called-Station-Id = 'hotspot1'
NAS-Port-Id = 'citystore_test'
User-Name = 'user1'
NAS-Port = 2151678022
Acct-Session-Id = '80400046'
Framed-IP-Address = 10.5.50.254
Mikrotik-Host-IP = 10.5.50.254
Event-Timestamp = 'Sep 24 2014 14:28:16 EEST'
Acct-Input-Octets = 2197666
Acct-Output-Octets = 18331654
Acct-Input-Gigawords = 0
Acct-Output-Gigawords = 0
Acct-Input-Packets = 16603
Acct-Output-Packets = 16236
Acct-Session-Time = 1448
NAS-Identifier = 'MikroTik'
Acct-Delay-Time = 0
NAS-IP-Address = 192.168.40.101
(6) Received Accounting-Request packet from host 192.168.40.101 port 58545,
id=198, length=194
(6) Acct-Status-Type = Stop
(6) Acct-Terminate-Cause = User-Request
(6) NAS-Port-Type = Wireless-802.11
(6) Calling-Station-Id = '30:39:26:86:CC:EA'
(6) Called-Station-Id = 'hotspot1'
(6) NAS-Port-Id = 'citystore_test'
(6) User-Name = 'user1'
(6) NAS-Port = 2151678022
(6) Acct-Session-Id = '80400046'
(6) Framed-IP-Address = 10.5.50.254
(6) Mikrotik-Host-IP = 10.5.50.254
(6) Event-Timestamp = 'Sep 24 2014 14:28:16 EEST'
(6) Acct-Input-Octets = 2197666
(6) Acct-Output-Octets = 18331654
(6) Acct-Input-Gigawords = 0
(6) Acct-Output-Gigawords = 0
(6) Acct-Input-Packets = 16603
(6) Acct-Output-Packets = 16236
(6) Acct-Session-Time = 1448
(6) NAS-Identifier = 'MikroTik'
(6) Acct-Delay-Time = 0
(6) NAS-IP-Address = 192.168.40.101
(6) # Executing section preacct from file
/etc/freeradius/sites-enabled/default
(6) preacct {
(6) [preprocess] = ok
(6) acct_unique acct_unique {
(6) if ("%{string:Class}" =~ /ai:([0-9a-f]{32})/i)
(6) EXPAND %{string:Class}
(6) -->
(6) if ("%{string:Class}" =~ /ai:([0-9a-f]{32})/i) -> FALSE
(6) else else {
(6) update request {
(6) EXPAND
%{md5:%{User-Name},%{Acct-Session-ID},%{%{NAS-IPv6-Address}:-%{NAS-IP-Address}},%{NAS-Identifier},%{NAS-Port-ID},%{NAS-Port}}
(6) --> cd7c5cd7ff1adea4aeffeb8b6c859901
(6) Acct-Unique-Session-Id := "cd7c5cd7ff1adea4aeffeb8b6c859901"
(6) } # update request = noop
(6) } # else else = noop
(6) } # acct_unique acct_unique = noop
(6) suffix : Checking for suffix after "@"
(6) suffix : No '@' in User-Name = "user1", looking up realm NULL
(6) suffix : No such realm "NULL"
(6) [suffix] = noop
(6) [files] = noop
(6) } # preacct = ok
(6) # Executing section accounting from file
/etc/freeradius/sites-enabled/default
(6) accounting {
(6) detail : EXPAND
/var/log/freeradius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/detail-%Y%m%d
(6) detail : --> /var/log/freeradius/radacct/
192.168.40.101/detail-20140925
(6) detail :
/var/log/freeradius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/detail-%Y%m%d
expands to /var/log/freeradius/radacct/192.168.40.101/detail-20140925
(6) detail : EXPAND %t
(6) detail : --> Thu Sep 25 14:24:47 2014
(6) [detail] = ok
(6) [unix] = ok
(6) radutmp : EXPAND /var/log/freeradius/radutmp
(6) radutmp : --> /var/log/freeradius/radutmp
(6) radutmp : EXPAND %{User-Name}
(6) radutmp : --> user1
(6) WARNING: radutmp : Logout for NAS mikrotik port 2151678022, but no
Login record
(6) [radutmp] = ok
(6) sql : EXPAND %{tolower:type.%{Acct-Status-Type}.query}
(6) sql : --> type.stop.query
(6) sql : Using query template 'query'
rlm_sql (sql): Reserved connection (7)
(6) sql : EXPAND %{User-Name}
(6) sql : --> user1
(6) sql : SQL-User-Name set to 'user1'
(6) sql : EXPAND UPDATE radacct SET acctstoptime =
FROM_UNIXTIME(%{integer:Event-Timestamp}), acctsessiontime =
'%{Acct-Session-Time}', acctinputoctets = '%{%{Acct-Input-Gigawords}:-0}'
<< 32 | '%{%{Acct-Input-Octets}:-0}', acctoutputoctets =
'%{%{Acct-Output-Gigawords}:-0}' << 32 | '%{%{Acct-Output-Octets}:-0}',
acctterminatecause = '%{Acct-Terminate-Cause}', connectinfo_stop =
'%{Connect-Info}' WHERE acctsessionid = '%{Acct-Session-Id}' AND username =
'%{SQL-User-Name}' AND nasipaddress = '%{NAS-IP-Address}'
(6) sql : --> UPDATE radacct SET acctstoptime =
FROM_UNIXTIME(1411558096), acctsessiontime = '1448', acctinputoctets = '0'
<< 32 | '2197666', acctoutputoctets = '0' << 32 | '18331654',
acctterminatecause = 'User-Request', connectinfo_stop = '' WHERE
acctsessionid = '80400046' AND username = 'user1' AND nasipaddress =
'192.168.40.101'
rlm_sql (sql): Executing query: 'UPDATE radacct SET acctstoptime =
FROM_UNIXTIME(1411558096), acctsessiontime = '1448', acctinputoctets = '0'
<< 32 | '2197666', acctoutputoctets = '0' << 32 | '18331654',
acctterminatecause = 'User-Request', connectinfo_stop = '' WHERE
acctsessionid = '80400046' AND username = 'user1' AND nasipaddress =
'192.168.40.101''
rlm_sql_mysql: Rows matched: 1 Changed: 0 Warnings: 0
rlm_sql (sql): Released connection (7)
(6) [sql] = ok
(6) [exec] = noop
(6) attr_filter.accounting_response : EXPAND %{User-Name}
(6) attr_filter.accounting_response : --> user1
(6) attr_filter.accounting_response : Matched entry DEFAULT at line 12
(6) [attr_filter.accounting_response] = updated
(6) } # accounting = updated
(6) Sending Accounting-Response packet to host 192.168.40.101 port 58545,
id=198, length=0
Sending Accounting-Response Id 198 from 192.168.40.12:1813 to
192.168.40.101:58545
(6) Finished request
Waking up in 0.3 seconds.
Received Accounting-Request Id 198 from 192.168.40.101:58545 to
192.168.40.12:1813 length 194
(6) Cleaning up request packet ID 198 with timestamp +1572
Acct-Status-Type = Stop
Acct-Terminate-Cause = User-Request
NAS-Port-Type = Wireless-802.11
Calling-Station-Id = '30:39:26:86:CC:EA'
Called-Station-Id = 'hotspot1'
NAS-Port-Id = 'citystore_test'
User-Name = 'user1'
NAS-Port = 2151678022
Acct-Session-Id = '80400046'
Framed-IP-Address = 10.5.50.254
Mikrotik-Host-IP = 10.5.50.254
Event-Timestamp = 'Sep 24 2014 14:28:16 EEST'
Acct-Input-Octets = 2197666
Acct-Output-Octets = 18331654
Acct-Input-Gigawords = 0
Acct-Output-Gigawords = 0
Acct-Input-Packets = 16603
Acct-Output-Packets = 16236
Acct-Session-Time = 1448
NAS-Identifier = 'MikroTik'
Acct-Delay-Time = 1
NAS-IP-Address = 192.168.40.101
(7) Received Accounting-Request packet from host 192.168.40.101 port 58545,
id=198, length=194
(7) Acct-Status-Type = Stop
(7) Acct-Terminate-Cause = User-Request
(7) NAS-Port-Type = Wireless-802.11
(7) Calling-Station-Id = '30:39:26:86:CC:EA'
(7) Called-Station-Id = 'hotspot1'
(7) NAS-Port-Id = 'citystore_test'
(7) User-Name = 'user1'
(7) NAS-Port = 2151678022
(7) Acct-Session-Id = '80400046'
(7) Framed-IP-Address = 10.5.50.254
(7) Mikrotik-Host-IP = 10.5.50.254
(7) Event-Timestamp = 'Sep 24 2014 14:28:16 EEST'
(7) Acct-Input-Octets = 2197666
(7) Acct-Output-Octets = 18331654
(7) Acct-Input-Gigawords = 0
(7) Acct-Output-Gigawords = 0
(7) Acct-Input-Packets = 16603
(7) Acct-Output-Packets = 16236
(7) Acct-Session-Time = 1448
(7) NAS-Identifier = 'MikroTik'
(7) Acct-Delay-Time = 1
(7) NAS-IP-Address = 192.168.40.101
(7) # Executing section preacct from file
/etc/freeradius/sites-enabled/default
(7) preacct {
(7) [preprocess] = ok
(7) acct_unique acct_unique {
(7) if ("%{string:Class}" =~ /ai:([0-9a-f]{32})/i)
(7) EXPAND %{string:Class}
(7) -->
(7) if ("%{string:Class}" =~ /ai:([0-9a-f]{32})/i) -> FALSE
(7) else else {
(7) update request {
(7) EXPAND
%{md5:%{User-Name},%{Acct-Session-ID},%{%{NAS-IPv6-Address}:-%{NAS-IP-Address}},%{NAS-Identifier},%{NAS-Port-ID},%{NAS-Port}}
(7) --> cd7c5cd7ff1adea4aeffeb8b6c859901
(7) Acct-Unique-Session-Id := "cd7c5cd7ff1adea4aeffeb8b6c859901"
(7) } # update request = noop
(7) } # else else = noop
(7) } # acct_unique acct_unique = noop
(7) suffix : Checking for suffix after "@"
(7) suffix : No '@' in User-Name = "user1", looking up realm NULL
(7) suffix : No such realm "NULL"
(7) [suffix] = noop
(7) [files] = noop
(7) } # preacct = ok
(7) # Executing section accounting from file
/etc/freeradius/sites-enabled/default
(7) accounting {
(7) detail : EXPAND
/var/log/freeradius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/detail-%Y%m%d
(7) detail : --> /var/log/freeradius/radacct/
192.168.40.101/detail-20140925
(7) detail :
/var/log/freeradius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/detail-%Y%m%d
expands to /var/log/freeradius/radacct/192.168.40.101/detail-20140925
(7) detail : EXPAND %t
(7) detail : --> Thu Sep 25 14:24:47 2014
(7) [detail] = ok
(7) [unix] = ok
(7) radutmp : EXPAND /var/log/freeradius/radutmp
(7) radutmp : --> /var/log/freeradius/radutmp
(7) radutmp : EXPAND %{User-Name}
(7) radutmp : --> user1
(7) WARNING: radutmp : Logout for NAS mikrotik port 2151678022, but no
Login record
(7) [radutmp] = ok
(7) sql : EXPAND %{tolower:type.%{Acct-Status-Type}.query}
(7) sql : --> type.stop.query
(7) sql : Using query template 'query'
rlm_sql (sql): Reserved connection (7)
(7) sql : EXPAND %{User-Name}
(7) sql : --> user1
(7) sql : SQL-User-Name set to 'user1'
(7) sql : EXPAND UPDATE radacct SET acctstoptime =
FROM_UNIXTIME(%{integer:Event-Timestamp}), acctsessiontime =
'%{Acct-Session-Time}', acctinputoctets = '%{%{Acct-Input-Gigawords}:-0}'
<< 32 | '%{%{Acct-Input-Octets}:-0}', acctoutputoctets =
'%{%{Acct-Output-Gigawords}:-0}' << 32 | '%{%{Acct-Output-Octets}:-0}',
acctterminatecause = '%{Acct-Terminate-Cause}', connectinfo_stop =
'%{Connect-Info}' WHERE acctsessionid = '%{Acct-Session-Id}' AND username =
'%{SQL-User-Name}' AND nasipaddress = '%{NAS-IP-Address}'
(7) sql : --> UPDATE radacct SET acctstoptime =
FROM_UNIXTIME(1411558096), acctsessiontime = '1448', acctinputoctets = '0'
<< 32 | '2197666', acctoutputoctets = '0' << 32 | '18331654',
acctterminatecause = 'User-Request', connectinfo_stop = '' WHERE
acctsessionid = '80400046' AND username = 'user1' AND nasipaddress =
'192.168.40.101'
rlm_sql (sql): Executing query: 'UPDATE radacct SET acctstoptime =
FROM_UNIXTIME(1411558096), acctsessiontime = '1448', acctinputoctets = '0'
<< 32 | '2197666', acctoutputoctets = '0' << 32 | '18331654',
acctterminatecause = 'User-Request', connectinfo_stop = '' WHERE
acctsessionid = '80400046' AND username = 'user1' AND nasipaddress =
'192.168.40.101''
rlm_sql_mysql: Rows matched: 1 Changed: 0 Warnings: 0
rlm_sql (sql): Released connection (7)
(7) [sql] = ok
(7) [exec] = noop
(7) attr_filter.accounting_response : EXPAND %{User-Name}
(7) attr_filter.accounting_response : --> user1
(7) attr_filter.accounting_response : Matched entry DEFAULT at line 12
(7) [attr_filter.accounting_response] = updated
(7) } # accounting = updated
(7) Sending Accounting-Response packet to host 192.168.40.101 port 58545,
id=198, length=0
Sending Accounting-Response Id 198 from 192.168.40.12:1813 to
192.168.40.101:58545
(7) Finished request
Waking up in 0.2 seconds.
(7) Cleaning up request packet ID 198 with timestamp +1572
Thanks for your attention and time!
3
3
Dear Alan,
I have an idea, please suggest and correct me if I am wrong or right and this will work or not.
Suppose for auth requests I want the statistics of authorize module. So in listen.c I have seen a function call ret_code=process_authorize();. So whatever is the ret_code of this module according to that a server replies to NAS.
Under this there is a switch statement which deals with ret_code(). So I will take a global structure which consists of module return codes and will update here each return code variable for auth module.
Now for auth requests the moment auth_socket_recv() method is hit I will update my auth request counter so that it keeps track of the no. of auth requests anytime.
If you find this OK, the same thing I will follow for Accounting and Authentication requests as well.
Regards,
Himanshu Pandey
From: Alan DeKok <aland(a)deployingradius.com>
Sent: Thu, 25 Sep 2014 18:35:47
To: FreeRadius users mailing list <freeradius-users(a)lists.freeradius.org>
Subject: Re: Module Statistics in freeradius
Himanshu Pandey wrote:
> Adding something more to it. Like How many auth or accounting request
> received? How many of them failed? How
> many of them were OK,noop,reject etc.
That information isn't tracked.
If you want to modify the source, see src/main/modcall.c. All of the
module handling is done there.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
1
0
Hi List,
- Is anyone know if there is a way to limit the number of attempts to reconnect on failure Wifi
authentication (in Windows or Wifi access point) ?
- Or limit the logs in Freeradius radpostauth ? --> I tried with a sql condition but I think it's a
little heavy. Also it's not very logical to limit the logs.
Thanks.
Nicolas CLO
Industrial and Network Technician
3
3
Dear freeradius-users,
we got freeradius working and are using only eap-tls. Now we are
trying to check if the users MAC-Address is the right one.
Each user gets one public IP-Address (via dhcp); to assure that they
don't do mac-spoofing we need this feature.
Right now our problem is, when using eap-tls, the sql module don't
seem to check the calling-station-id in the radcheck-table against the
calling-station-id in the request.
For the user laptop sql return ok, although the calling-station-ip in
the table is gibberish.
When trying the same thing with the user blub (and using a incorrect
MAC) sql returns user notfound (that is what we want) and the request
gets rejected.
So it don't seems to be a problem with our NAS.
Any idea why this is not working with eap-tls?
What have we done wrong?
Best regards, Benjamin
Our tables are:
radcheck
id | username | attribute | op | value
----+---------------+--------------------+----+-------------------
1 | laptop | Auth-Type | := | EAP
2 | RAT | Auth-Type | := | EAP
3 | laptop | Calling-Station-Id | == | aa-bb-cc-dd-ee-ff
4 | blub | Cleartext-Password | := | password
5 | blub | Calling-Station-Id | == | 00-1c-25-9e-33-05
radius=> select * from radgroupreply;
id | groupname | attribute | op | value
----+-----------+--------------------+----+---------------------
1 | test | Framed-Protocol | := | PPP
2 | test | Service-Type | := | Framed-User
3 | test | Framed-Compression | := | Van-Jacobsen-TCP-IP
All users are in the group 'test'.
FreeRADIUS Version 2.1.12, for host x86_64-pc-linux-gnu, built on Dec
16 2012 at 13:28:43
Copyright (C) 1999-2009 The FreeRADIUS server project and
contributors.
There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A
PARTICULAR PURPOSE.
You may redistribute copies of FreeRADIUS under the terms of the
GNU General Public License v2.
Starting - reading configuration files ...
including configuration file /etc/freeradius/radiusd.conf
including configuration file /etc/freeradius/proxy.conf
including configuration file /etc/freeradius/clients.conf
including files in directory /etc/freeradius/modules/
including configuration file /etc/freeradius/modules/mac2ip
including configuration file /etc/freeradius/modules/wimax
including configuration file /etc/freeradius/modules/attr_filter
including configuration file /etc/freeradius/modules/realm
including configuration file /etc/freeradius/modules/sradutmp
including configuration file /etc/freeradius/modules/etc_group
including configuration file /etc/freeradius/modules/ldap
including configuration file /etc/freeradius/modules/soh
including configuration file /etc/freeradius/modules/dynamic_clients
including configuration file /etc/freeradius/modules/echo
including configuration file /etc/freeradius/modules/counter
including configuration file /etc/freeradius/modules/files
including configuration file /etc/freeradius/modules/checkval
including configuration file /etc/freeradius/modules/replicate
including configuration file /etc/freeradius/modules/logintime
including configuration file
/etc/freeradius/modules/sqlcounter_expire_on_login
including configuration file /etc/freeradius/modules/exec
including configuration file /etc/freeradius/modules/expr
including configuration file /etc/freeradius/modules/detail.log
including configuration file /etc/freeradius/modules/preprocess
including configuration file /etc/freeradius/modules/attr_rewrite
including configuration file /etc/freeradius/modules/mac2vlan
including configuration file /etc/freeradius/modules/digest
including configuration file /etc/freeradius/modules/policy
including configuration file /etc/freeradius/modules/pap
including configuration file /etc/freeradius/modules/detail
including configuration file /etc/freeradius/modules/mschap
including configuration file /etc/freeradius/modules/chap
including configuration file /etc/freeradius/modules/linelog
including configuration file /etc/freeradius/modules/redis
including configuration file /etc/freeradius/modules/krb5
including configuration file /etc/freeradius/modules/ippool
including configuration file /etc/freeradius/modules/pam
including configuration file /etc/freeradius/modules/radutmp
including configuration file /etc/freeradius/modules/sql_log
including configuration file /etc/freeradius/modules/acct_unique
including configuration file /etc/freeradius/modules/opendirectory
including configuration file /etc/freeradius/modules/otp
including configuration file /etc/freeradius/modules/unix
including configuration file
/etc/freeradius/modules/detail.example.com
including configuration file /etc/freeradius/modules/expiration
including configuration file /etc/freeradius/modules/passwd
including configuration file /etc/freeradius/modules/ntlm_auth
including configuration file /etc/freeradius/modules/perl
including configuration file /etc/freeradius/modules/rediswho
including configuration file /etc/freeradius/modules/always
including configuration file /etc/freeradius/modules/smsotp
including configuration file /etc/freeradius/modules/smbpasswd
including configuration file /etc/freeradius/modules/inner-eap
including configuration file /etc/freeradius/modules/cui
including configuration file /etc/freeradius/eap.conf
including configuration file /etc/freeradius/sql.conf
including configuration file
/etc/freeradius/sql/postgresql/dialup.conf
including configuration file /etc/freeradius/policy.conf
including files in directory /etc/freeradius/sites-enabled/
including configuration file /etc/freeradius/sites-enabled/default
including configuration file
/etc/freeradius/sites-enabled/inner-tunnel
main {
user = "freerad"
group = "freerad"
allow_core_dumps = no
}
including dictionary file /etc/freeradius/dictionary
main {
name = "freeradius"
prefix = "/usr"
localstatedir = "/var"
sbindir = "/usr/sbin"
logdir = "/var/log/freeradius"
run_dir = "/var/run/freeradius"
libdir = "/usr/lib/freeradius"
radacctdir = "/var/log/freeradius/radacct"
hostname_lookups = no
max_request_time = 30
cleanup_delay = 5
max_requests = 1024
pidfile = "/var/run/freeradius/freeradius.pid"
checkrad = "/usr/sbin/checkrad"
debug_level = 0
proxy_requests = yes
log {
stripped_names = no
auth = no
auth_badpass = no
auth_goodpass = no
}
security {
max_attributes = 200
reject_delay = 1
status_server = yes
}
}
radiusd: #### Loading Realms and Home Servers ####
proxy server {
retry_delay = 5
retry_count = 3
default_fallback = no
dead_time = 120
wake_all_if_all_dead = no
}
home_server localhost {
ipaddr = 127.0.0.1
port = 1812
type = "auth"
secret = "testing123"
response_window = 20
max_outstanding = 65536
require_message_authenticator = yes
zombie_period = 40
status_check = "status-server"
ping_interval = 30
check_interval = 30
num_answers_to_alive = 3
num_pings_to_alive = 3
revive_interval = 120
status_check_timeout = 4
coa {
irt = 2
mrt = 16
mrc = 5
mrd = 30
}
}
home_server_pool my_auth_failover {
type = fail-over
home_server = localhost
}
realm example.com {
auth_pool = my_auth_failover
}
realm LOCAL {
}
radiusd: #### Loading Clients ####
client localhost {
ipaddr = 127.0.0.1
require_message_authenticator = no
secret = "somesecret"
nastype = "other"
}
client 192.168.0.201 {
require_message_authenticator = no
secret = "somesecret"
login = "operator"
password = "password"
}
client 192.168.0.240 {
require_message_authenticator = no
secret = "somesecret"
login = "operator"
password = "password"
}
radiusd: #### Instantiating modules ####
instantiate {
Module: Linked to module rlm_exec
Module: Instantiating module "exec" from file
/etc/freeradius/modules/exec
exec {
wait = no
input_pairs = "request"
shell_escape = yes
}
Module: Linked to module rlm_expr
Module: Instantiating module "expr" from file
/etc/freeradius/modules/expr
Module: Linked to module rlm_expiration
Module: Instantiating module "expiration" from file
/etc/freeradius/modules/expiration
expiration {
reply-message = "Password Has Expired "
}
Module: Linked to module rlm_logintime
Module: Instantiating module "logintime" from file
/etc/freeradius/modules/logintime
logintime {
reply-message = "You are calling outside your allowed timespan "
minimum-timeout = 60
}
}
radiusd: #### Loading Virtual Servers ####
server { # from file /etc/freeradius/radiusd.conf
modules {
Module: Creating Auth-Type = digest
Module: Creating Post-Auth-Type = REJECT
Module: Checking authenticate {...} for more modules to load
Module: Linked to module rlm_pap
Module: Instantiating module "pap" from file
/etc/freeradius/modules/pap
pap {
encryption_scheme = "auto"
auto_header = no
}
Module: Linked to module rlm_chap
Module: Instantiating module "chap" from file
/etc/freeradius/modules/chap
Module: Linked to module rlm_mschap
Module: Instantiating module "mschap" from file
/etc/freeradius/modules/mschap
mschap {
use_mppe = yes
require_encryption = no
require_strong = no
with_ntdomain_hack = no
allow_retry = yes
}
Module: Linked to module rlm_digest
Module: Instantiating module "digest" from file
/etc/freeradius/modules/digest
Module: Linked to module rlm_unix
Module: Instantiating module "unix" from file
/etc/freeradius/modules/unix
unix {
radwtmp = "/var/log/freeradius/radwtmp"
}
Module: Linked to module rlm_eap
Module: Instantiating module "eap" from file
/etc/freeradius/eap.conf
eap {
default_eap_type = "tls"
timer_expire = 60
ignore_unknown_eap_types = no
cisco_accounting_username_bug = no
max_sessions = 4096
}
Module: Linked to sub-module rlm_eap_tls
Module: Instantiating eap-tls
tls {
rsa_key_exchange = no
dh_key_exchange = yes
rsa_key_length = 512
dh_key_length = 512
verify_depth = 0
CA_path = "/etc/freeradius/certs"
pem_file_type = yes
private_key_file = "/etc/freeradius/certs/server.key"
certificate_file = "/etc/freeradius/certs/server.pem"
CA_file = "/etc/freeradius/certs/ca.pem"
private_key_password = "secretpw"
dh_file = "/etc/freeradius/certs/dh"
random_file = "/dev/urandom"
fragment_size = 1024
include_length = yes
check_crl = no
cipher_list = "DEFAULT"
make_cert_command = "/etc/freeradius/certs/bootstrap"
ecdh_curve = "prime256v1"
cache {
enable = no
lifetime = 24
max_entries = 255
}
verify {
}
}
Module: Linked to sub-module rlm_eap_mschapv2
Module: Instantiating eap-mschapv2
mschapv2 {
with_ntdomain_hack = no
send_error = no
}
Module: Checking authorize {...} for more modules to load
Module: Linked to module rlm_preprocess
Module: Instantiating module "preprocess" from file
/etc/freeradius/modules/preprocess
preprocess {
huntgroups = "/etc/freeradius/huntgroups"
hints = "/etc/freeradius/hints"
with_ascend_hack = no
ascend_channels_per_line = 23
with_ntdomain_hack = no
with_specialix_jetstream_hack = no
with_cisco_vsa_hack = no
with_alvarion_vsa_hack = no
}
Module: Linked to module rlm_realm
Module: Instantiating module "suffix" from file
/etc/freeradius/modules/realm
realm suffix {
format = "suffix"
delimiter = "@"
ignore_default = no
ignore_null = no
}
Module: Linked to module rlm_sql
Module: Instantiating module "sql" from file
/etc/freeradius/sql.conf
sql {
driver = "rlm_sql_postgresql"
server = "localhost"
port = ""
login = "radius"
password = "password"
radius_db = "radius"
read_groups = yes
sqltrace = no
sqltracefile = "/var/log/freeradius/sqltrace.sql"
readclients = no
deletestalesessions = yes
num_sql_socks = 5
lifetime = 0
max_queries = 0
sql_user_name = "%{User-Name}"
default_user_profile = ""
nas_query = "SELECT id, nasname, shortname, type, secret, server FROM
nas"
authorize_check_query = "SELECT id, UserName, Attribute, Value, Op
FROM radcheck WHERE Username = '%{SQL-User-Name}' ORDER BY id"
authorize_reply_query = "SELECT id, UserName, Attribute, Value, Op
FROM radreply WHERE Username = '%{SQL-User-Name}' ORDER BY id"
authorize_group_check_query = "SELECT id, GroupName, Attribute, Value,
op FROM radgroupcheck WHERE GroupName = '%{Sql-Group}' ORDER BY
id"
authorize_group_reply_query = "SELECT id, GroupName, Attribute, Value,
op FROM radgroupreply WHERE GroupName = '%{Sql-Group}' ORDER BY
id"
accounting_onoff_query = "UPDATE radacct SET AcctStopTime =
('%S'::timestamp - '%{%{Acct-Delay-Time}:-0}'::interval),
AcctSessionTime = (EXTRACT(EPOCH FROM ('%S'::timestamp with time zone
- AcctStartTime::timestamp with time zone -
'%{%{Acct-Delay-Time}:-0}'::interval)))::BIGINT, AcctTerminateCause
= '%{Acct-Terminate-Cause}', AcctStopDelay = 0 WHERE AcctStopTime
IS NULL AND NASIPAddress= '%{NAS-IP-Address}' AND AcctStartTime <=
'%S'::timestamp"
accounting_update_query = "UPDATE radacct SET FramedIPAddress =
NULLIF('%{Framed-IP-Address}', '')::inet, AcctSessionTime =
'%{Acct-Session-Time}', AcctInputOctets =
(('%{%{Acct-Input-Gigawords}:-0}'::bigint << 32) +
'%{%{Acct-Input-Octets}:-0}'::bigint), AcctOutputOctets =
(('%{%{Acct-Output-Gigawords}:-0}'::bigint << 32) +
'%{%{Acct-Output-Octets}:-0}'::bigint) WHERE AcctSessionId =
'%{Acct-Session-Id}' AND UserName = '%{SQL-User-Name}' AND
NASIPAddress= '%{NAS-IP-Address}' AND AcctStopTime IS NULL"
accounting_update_query_alt = "INSERT INTO radacct (AcctSessionId,
AcctUniqueId, UserName, Realm, NASIPAddress, NASPortId, NASPortType,
AcctStartTime, AcctSessionTime, AcctAuthentic, AcctInputOctets,
AcctOutputOctets, CalledStationId, CallingStationId, ServiceType,
FramedProtocol, FramedIPAddress, XAscendSessionSvrKey)
VALUES('%{Acct-Session-Id}', '%{Acct-Unique-Session-Id}',
'%{SQL-User-Name}', NULLIF('%{Realm}', ''), '%{NAS-IP-Address}',
%{%{NAS-Port}:-NULL}, '%{NAS-Port-Type}', ('%S'::timestamp -
'%{%{Acct-Delay-Time}:-0}'::interval -
'%{%{Acct-Session-Time}:-0}'::interval), '%{Acct-Session-Time}',
'%{Acct-Authentic}', (('%{%{Acct-Input-Gigawords}:-0}'::bigint <<
32) + '%{%{Acct-Input-Octets}:-0}'::bigint),
(('%{%{Acct-Output-Gigawords}:-0}'::bigint << 32) +
'%{%{Acct-Output-Octets}:-0}'::bigint), '%{Called-Station-Id}',
'%{Calling-Station-Id}', '%{Service-Type}', '%{Framed-Protocol}',
NULLIF('%{Framed-IP-Address}', '')::inet,
'%{X-Ascend-Session-Svr-Key}')"
accounting_start_query = "INSERT INTO radacct (AcctSessionId,
AcctUniqueId, UserName, Realm, NASIPAddress, NASPortId,
NASPortType, AcctStartTime, AcctAuthentic, ConnectInfo_start,
CalledStationId, CallingStationId, ServiceType, FramedProtocol,
FramedIPAddress, AcctStartDelay, XAscendSessionSvrKey)
VALUES('%{Acct-Session-Id}', '%{Acct-Unique-Session-Id}',
'%{SQL-User-Name}', NULLIF('%{Realm}', ''), '%{NAS-IP-Address}',
%{%{NAS-Port}:-NULL}, '%{NAS-Port-Type}', ('%S'::timestamp -
'%{%{Acct-Delay-Time}:-0}'::interval), '%{Acct-Authentic}',
'%{Connect-Info}', '%{Called-Station-Id}',
'%{Calling-Station-Id}', '%{Service-Type}', '%{Framed-Protocol}',
NULLIF('%{Framed-IP-Address}', '')::inet, 0,
'%{X-Ascend-Session-Svr-Key}')"
accounting_start_query_alt = "UPDATE radacct SET AcctStartTime =
('%S'::timestamp - '%{%{Acct-Delay-Time}:-0}'::interval),
AcctStartDelay = 0, ConnectInfo_start = '%{Connect-Info}' WHERE
AcctSessionId = '%{Acct-Session-Id}' AND UserName =
'%{SQL-User-Name}' AND NASIPAddress = '%{NAS-IP-Address}' AND
AcctStopTime IS NULL"
accounting_stop_query = "UPDATE radacct SET AcctStopTime =
('%S'::timestamp - '%{%{Acct-Delay-Time}:-0}'::interval),
AcctSessionTime = CASE WHEN '%{Acct-Session-Time}' = '' THEN
(EXTRACT(EPOCH FROM ('%S'::TIMESTAMP WITH TIME ZONE -
AcctStartTime::TIMESTAMP WITH TIME ZONE -
'%{%{Acct-Delay-Time}:-0}'::INTERVAL)))::BIGINT ELSE
NULLIF('%{Acct-Session-Time}','')::BIGINT END, AcctInputOctets =
(('%{%{Acct-Input-Gigawords}:-0}'::bigint << 32) +
'%{%{Acct-Input-Octets}:-0}'::bigint), AcctOutputOctets =
(('%{%{Acct-Output-Gigawords}:-0}'::bigint << 32) +
'%{%{Acct-Output-Octets}:-0}'::bigint), AcctTerminateCause =
'%{Acct-Terminate-Cause}', AcctStopDelay = 0, FramedIPAddress =
NULLIF('%{Framed-IP-Address}', '')::inet, ConnectInfo_stop =
'%{Connect-Info}' WHERE AcctSessionId = '%{Acct-Session-Id}' AND
UserName = '%{SQL-User-Name}' AND NASIPAddress = '%{NAS-IP-Address}'
AND AcctStopTime IS NULL"
accounting_stop_query_alt = "INSERT INTO radacct (AcctSessionId,
AcctUniqueId, UserName, Realm, NASIPAddress, NASPortId, NASPortType,
AcctStartTime, AcctStopTime, AcctSessionTime, AcctAuthentic,
ConnectInfo_stop, AcctInputOctets, AcctOutputOctets, CalledStationId,
CallingStationId, AcctTerminateCause, ServiceType, FramedProtocol,
FramedIPAddress, AcctStopDelay) values('%{Acct-Session-Id}',
'%{Acct-Unique-Session-Id}', '%{SQL-User-Name}',
NULLIF('%{Realm}', ''), '%{NAS-IP-Address}', %{%{NAS-Port}:-NULL},
'%{NAS-Port-Type}', ('%S'::timestamp -
'%{%{Acct-Delay-Time}:-0}'::interval -
'%{%{Acct-Session-Time}:-0}'::interval), ('%S'::timestamp -
'%{%{Acct-Delay-Time}:-0}'::interval), NULLIF('%{Acct-Session-Time}',
'')::bigint, '%{Acct-Authentic}', '%{Connect-Info}',
(('%{%{Acct-Input-Gigawords}:-0}'::bigint << 32) +
'%{%{Acct-Input-Octets}:-0}'::bigint),
(('%{%{Acct-Output-Gigawords}:-0}'::bigint << 32) +
'%{%{Acct-Output-Octets}:-0}'::bigint), '%{Called-Station-Id}',
'%{Calling-Station-Id}', '%{Acct-Terminate-Cause}',
'%{Service-Type}', '%{Framed-Protocol}',
NULLIF('%{Framed-IP-Address}', '')::inet, 0)"
group_membership_query = "SELECT GroupName FROM radusergroup WHERE
UserName='%{SQL-User-Name}' ORDER BY priority"
connect_failure_retry_delay = 60
simul_count_query = ""
simul_verify_query = ""
postauth_query = "INSERT INTO radpostauth (username, pass, reply,
authdate) VALUES ('%{User-Name}',
'%{%{User-Password}:-Chap-Password}', '%{reply:Packet-Type}', NOW())"
safe-characters =
"@abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789.-_:
/"
}
rlm_sql (sql): Driver rlm_sql_postgresql (module rlm_sql_postgresql)
loaded and linked
rlm_sql (sql): Attempting to connect to radius@localhost:/radius
rlm_sql (sql): starting 0
rlm_sql (sql): Attempting to connect rlm_sql_postgresql #0
rlm_sql (sql): Connected new DB handle, #0
rlm_sql (sql): starting 1
rlm_sql (sql): Attempting to connect rlm_sql_postgresql #1
rlm_sql (sql): Connected new DB handle, #1
rlm_sql (sql): starting 2
rlm_sql (sql): Attempting to connect rlm_sql_postgresql #2
rlm_sql (sql): Connected new DB handle, #2
rlm_sql (sql): starting 3
rlm_sql (sql): Attempting to connect rlm_sql_postgresql #3
rlm_sql (sql): Connected new DB handle, #3
rlm_sql (sql): starting 4
rlm_sql (sql): Attempting to connect rlm_sql_postgresql #4
rlm_sql (sql): Connected new DB handle, #4
Module: Checking preacct {...} for more modules to load
Module: Linked to module rlm_acct_unique
Module: Instantiating module "acct_unique" from file
/etc/freeradius/modules/acct_unique
acct_unique {
key = "User-Name, Acct-Session-Id, NAS-IP-Address, Client-IP-Address,
NAS-Port"
}
Module: Linked to module rlm_files
Module: Instantiating module "files" from file
/etc/freeradius/modules/files
files {
usersfile = "/etc/freeradius/users"
acctusersfile = "/etc/freeradius/acct_users"
preproxy_usersfile = "/etc/freeradius/preproxy_users"
compat = "no"
}
Module: Checking accounting {...} for more modules to load
Module: Linked to module rlm_detail
Module: Instantiating module "detail" from file
/etc/freeradius/modules/detail
detail {
detailfile =
"/var/log/freeradius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/detail-%Y%m%d"
header = "%t"
detailperm = 384
dirperm = 493
locking = no
log_packet_header = no
}
Module: Linked to module rlm_radutmp
Module: Instantiating module "radutmp" from file
/etc/freeradius/modules/radutmp
radutmp {
filename = "/var/log/freeradius/radutmp"
username = "%{User-Name}"
case_sensitive = yes
check_with_nas = yes
perm = 384
callerid = yes
}
Module: Linked to module rlm_attr_filter
Module: Instantiating module "attr_filter.accounting_response" from
file /etc/freeradius/modules/attr_filter
attr_filter attr_filter.accounting_response {
attrsfile = "/etc/freeradius/attrs.accounting_response"
key = "%{User-Name}"
relaxed = no
}
Module: Checking session {...} for more modules to load
Module: Checking post-proxy {...} for more modules to load
Module: Checking post-auth {...} for more modules to load
Module: Instantiating module "attr_filter.access_reject" from file
/etc/freeradius/modules/attr_filter
attr_filter attr_filter.access_reject {
attrsfile = "/etc/freeradius/attrs.access_reject"
key = "%{User-Name}"
relaxed = no
}
} # modules
} # server
server inner-tunnel { # from file
/etc/freeradius/sites-enabled/inner-tunnel
modules {
Module: Checking authenticate {...} for more modules to load
Module: Checking authorize {...} for more modules to load
Module: Checking session {...} for more modules to load
Module: Checking post-proxy {...} for more modules to load
Module: Checking post-auth {...} for more modules to load
} # modules
} # server
radiusd: #### Opening IP addresses and Ports ####
listen {
type = "auth"
ipaddr = *
port = 0
}
listen {
type = "acct"
ipaddr = *
port = 0
}
listen {
type = "auth"
ipaddr = 127.0.0.1
port = 18120
}
... adding new socket proxy address * port 36698
Listening on authentication address * port 1812
Listening on accounting address * port 1813
Listening on authentication address 127.0.0.1 port 18120 as server
inner-tunnel
Listening on proxy address * port 1814
Ready to process requests.
rad_recv: Access-Request packet from host 192.168.0.201 port 1024,
id=35, length=209
Framed-MTU = 1480
NAS-IP-Address = 192.168.0.201
NAS-Identifier = "sw2"
User-Name = "laptop"
Service-Type = Framed-User
Framed-Protocol = PPP
NAS-Port = 2
NAS-Port-Type = Ethernet
NAS-Port-Id = "2"
Called-Station-Id = "00-1b-3f-33-26-40"
Calling-Station-Id = "00-1c-25-9e-33-05"
Connect-Info = "CONNECT Ethernet 1000Mbps Full duplex"
Tunnel-Type:0 = VLAN
Tunnel-Medium-Type:0 = IEEE-802
Tunnel-Private-Group-Id:0 = "1"
EAP-Message = 0x02010012017369656c6e65746c6170746f70
Message-Authenticator = 0x0f86b899b3c80565b75a145e2e24cf1a
# Executing section authorize from file
/etc/freeradius/sites-enabled/default
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
++[digest] returns noop
[suffix] No '@' in User-Name = "laptop", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] EAP packet type response id 1 length 18
[eap] No EAP Start, assuming it's an on-going EAP conversation
++[eap] returns updated
[sql] expand: %{User-Name} -> laptop
[sql] sql_set_user escaped user --> 'laptop'
rlm_sql (sql): Reserving sql socket id: 4
[sql] expand: SELECT id, UserName, Attribute, Value, Op FROM
radcheck WHERE Username = '%{SQL-User-Name}' ORDER BY id -> SELECT
id, UserName, Attribute, Value, Op FROM radcheck WHERE Username =
'laptop' ORDER BY id
rlm_sql_postgresql: Status: PGRES_TUPLES_OK
rlm_sql_postgresql: query affected rows = 2 , fields = 5
[sql] expand: SELECT GroupName FROM radusergroup WHERE
UserName='%{SQL-User-Name}' ORDER BY priority -> SELECT GroupName FROM
radusergroup WHERE UserName='laptop' ORDER BY priority
rlm_sql_postgresql: Status: PGRES_TUPLES_OK
rlm_sql_postgresql: query affected rows = 1 , fields = 1
[sql] expand: SELECT id, GroupName, Attribute, Value, op FROM
radgroupcheck WHERE GroupName = '%{Sql-Group}' ORDER BY id ->
SELECT id, GroupName, Attribute, Value, op FROM radgroupcheck WHERE
GroupName = 'test' ORDER BY id
rlm_sql_postgresql: Status: PGRES_TUPLES_OK
rlm_sql_postgresql: query affected rows = 0 , fields = 5
[sql] User found in group test
[sql] expand: SELECT id, GroupName, Attribute, Value, op FROM
radgroupreply WHERE GroupName = '%{Sql-Group}' ORDER BY id ->
SELECT id, GroupName, Attribute, Value, op FROM radgroupreply WHERE
GroupName = 'test' ORDER BY id
rlm_sql_postgresql: Status: PGRES_TUPLES_OK
rlm_sql_postgresql: query affected rows = 3 , fields = 5
rlm_sql (sql): Released sql socket id: 4
++[sql] returns ok
++[expiration] returns noop
++[logintime] returns noop
[pap] WARNING! No "known good" password found for the user.
Authentication may fail because of this.
++[pap] returns noop
Found Auth-Type = EAP
# Executing group from file /etc/freeradius/sites-enabled/default
+- entering group authenticate {...}
[eap] EAP Identity
[eap] processing type tls
[tls] Requiring client certificate
[tls] Initiate
[tls] Start returned 1
++[eap] returns handled
Sending Access-Challenge of id 35 to 192.168.0.201 port 1024
Framed-Protocol := PPP
Service-Type := Framed-User
Framed-Compression := Van-Jacobson-TCP-IP
EAP-Message = 0x010200060d20
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x07b3109207b11d36b09a0ff2df4e9786
Finished request 0.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 192.168.0.201 port 1024,
id=36, length=440
Framed-MTU = 1480
NAS-IP-Address = 192.168.0.201
NAS-Identifier = "sw2"
User-Name = "laptop"
Service-Type = Framed-User
Framed-Protocol = PPP
NAS-Port = 2
NAS-Port-Type = Ethernet
NAS-Port-Id = "2"
Called-Station-Id = "00-1b-3f-33-26-40"
Calling-Station-Id = "00-1c-25-9e-33-05"
Connect-Info = "CONNECT Ethernet 1000Mbps Full duplex"
Tunnel-Type:0 = VLAN
Tunnel-Medium-Type:0 = IEEE-802
Tunnel-Private-Group-Id:0 = "1"
State = 0x07b3109207b11d36b09a0ff2df4e9786
EAP-Message =
0x020200e70d0016030100dc010000d8030154240358e334928ae57349df5318f66758b4456a181c619a24a453bd387de2c8000066c014c00ac022c0210039003800880087c00fc00500350084c012c008c01cc01b00160013c00dc003000ac013c009c01fc01e00330032009a009900450044c00ec004002f00960041c011c007c00cc002000500040015001200090014001100080006000300ff01000049000b000403000102000a00340032000e000d0019000b000c00180009000a00160017000800060007001400150004000500120013000100020003000f0010001100230000000f000101
Message-Authenticator = 0xdeb315aa8319160ad3e0a8f45abcd622
# Executing section authorize from file
/etc/freeradius/sites-enabled/default
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
++[digest] returns noop
[suffix] No '@' in User-Name = "laptop", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] EAP packet type response id 2 length 231
[eap] No EAP Start, assuming it's an on-going EAP conversation
++[eap] returns updated
[sql] expand: %{User-Name} -> laptop
[sql] sql_set_user escaped user --> 'laptop'
rlm_sql (sql): Reserving sql socket id: 3
[sql] expand: SELECT id, UserName, Attribute, Value, Op FROM
radcheck WHERE Username = '%{SQL-User-Name}' ORDER BY id -> SELECT
id, UserName, Attribute, Value, Op FROM radcheck WHERE Username =
'laptop' ORDER BY id
rlm_sql_postgresql: Status: PGRES_TUPLES_OK
rlm_sql_postgresql: query affected rows = 2 , fields = 5
[sql] expand: SELECT GroupName FROM radusergroup WHERE
UserName='%{SQL-User-Name}' ORDER BY priority -> SELECT GroupName FROM
radusergroup WHERE UserName='laptop' ORDER BY priority
rlm_sql_postgresql: Status: PGRES_TUPLES_OK
rlm_sql_postgresql: query affected rows = 1 , fields = 1
[sql] expand: SELECT id, GroupName, Attribute, Value, op FROM
radgroupcheck WHERE GroupName = '%{Sql-Group}' ORDER BY id ->
SELECT id, GroupName, Attribute, Value, op FROM radgroupcheck WHERE
GroupName = 'test' ORDER BY id
rlm_sql_postgresql: Status: PGRES_TUPLES_OK
rlm_sql_postgresql: query affected rows = 0 , fields = 5
[sql] User found in group test
[sql] expand: SELECT id, GroupName, Attribute, Value, op FROM
radgroupreply WHERE GroupName = '%{Sql-Group}' ORDER BY id ->
SELECT id, GroupName, Attribute, Value, op FROM radgroupreply WHERE
GroupName = 'test' ORDER BY id
rlm_sql_postgresql: Status: PGRES_TUPLES_OK
rlm_sql_postgresql: query affected rows = 3 , fields = 5
rlm_sql (sql): Released sql socket id: 3
++[sql] returns ok
++[expiration] returns noop
++[logintime] returns noop
++[pap] returns noop
Found Auth-Type = EAP
# Executing group from file /etc/freeradius/sites-enabled/default
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/tls
[eap] processing type tls
[tls] Authenticate
[tls] processing EAP-TLS
[tls] eaptls_verify returned 7
[tls] Done initial handshake
[tls] (other): before/accept initialization
[tls] TLS_accept: before/accept initialization
[tls] <<< TLS 1.0 Handshake [length 00dc], ClientHello
[tls] TLS_accept: SSLv3 read client hello A
[tls] >>> TLS 1.0 Handshake [length 003e], ServerHello
[tls] TLS_accept: SSLv3 write server hello A
[tls] >>> TLS 1.0 Handshake [length 084e], Certificate
[tls] TLS_accept: SSLv3 write certificate A
[tls] >>> TLS 1.0 Handshake [length 014b], ServerKeyExchange
[tls] TLS_accept: SSLv3 write key exchange A
[tls] >>> TLS 1.0 Handshake [length 00a2], CertificateRequest
[tls] TLS_accept: SSLv3 write certificate request A
[tls] TLS_accept: SSLv3 flush data
[tls] TLS_accept: Need to read more data: SSLv3 read client
certificate A
In SSL Handshake Phase
In SSL Accept mode
[tls] eaptls_process returned 13
++[eap] returns handled
Sending Access-Challenge of id 36 to 192.168.0.201 port 1024
Framed-Protocol := PPP
Service-Type := Framed-User
Framed-Compression := Van-Jacobson-TCP-IP
EAP-Message =
0x010304000dc000000a8d160301003e0200003a03015424014593826c5e6a348da5db149e49c19028c000c97ef787bd5f6c99dcb0ff00c014000012ff01000100000b000403000102000f000101160301084e0b00084a0008470003a23082039e30820286a003020102020101300d06092a864886f70d010104050030818f310b3009060355040613024445311630140603550408130d4e69656465727361636873656e3111300f060355040713084272756e7376696731153013060355040a130c5369656c4e657420652e562e3121301f06092a864886f70d0109011612737570706f7274407369656c6e65742e6465311b3019060355040314126672
EAP-Message =
0x6565726164697573407369656c6e6574301e170d3134303630333231303935375a170d3135303532393231303935375a307c310b3009060355040613024445311630140603550408130d4e69656465727361636873656e31153013060355040a130c5369656c4e657420652e562e311b30190603550403141266726565726164697573407369656c6e65743121301f06092a864886f70d0109011612737570706f7274407369656c6e65742e646530820122300d06092a864886f70d01010105000382010f003082010a0282010100c9762cddafffc5c07cbda4837818a0bf2d8991d7d60ced34959b52919406ceea0976fcc3f93f827c18f21409e39d
EAP-Message =
0x1f61fd0e3974c1244992c239ef5dc89a0068c6f0d94179bb344c764112b61cc7af3052ca44c271b2a51953897534bb08df8730f1cfeab65a80ce4d0d44ebbd5f9f8edb38a1aeb8239247889496fd44d88dcdf43d9bc690b5ef8c6d07c676de4f9884749c18d3678a6a0614cc14595c24da3080aa1fcff2a6e3b03a2653126519ffe87906b21d677c0bb8bbe7b8942d69f6f3579dfe6f38139035cc5f3cc0a770e6b6047ccb935f0d430b29f2bee21c488c4e16715383a2e44edf7487eccb3b275981329d3b61af17517803069718ec4e05d10203010001a317301530130603551d25040c300a06082b06010505070301300d06092a864886f70d010104
EAP-Message =
0x050003820101005e31c1a5b1f0d98c53d27298feb3f2b205619f90eef1308b0da9d6de97e2595208ce64b3f0e70ba8a2679503e4c69634d704790107cd53e74ebde931b8bb378910f43c53e83fabe0b27e7cd8722029bb08d332fca5d78e80a5ca81537e882f3aa8af83c22476b35d0586793ae5cdbb787b5e47ec0457ca3ba9ac3b07c7d76c5585779e91428e30c3854f32565106fa01c36ad30febd8fb1fa9cdad0e18ab4a80c68ef295acb4debf1bc1badce44319b73686a608ecf8bfdcdc39ef672c7dd52b158896b2d82308301504cc1c691da03ca4b3b606a68765c28efb82de68bee26a12fba4d541df29d84a6b03407eb659e822cabfccc051
EAP-Message = 0x84987d4416bac3ce663a0004
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x07b3109206b01d36b09a0ff2df4e9786
Finished request 1.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 192.168.0.201 port 1024,
id=37, length=215
Framed-MTU = 1480
NAS-IP-Address = 192.168.0.201
NAS-Identifier = "sw2"
User-Name = "laptop"
Service-Type = Framed-User
Framed-Protocol = PPP
NAS-Port = 2
NAS-Port-Type = Ethernet
NAS-Port-Id = "2"
Called-Station-Id = "00-1b-3f-33-26-40"
Calling-Station-Id = "00-1c-25-9e-33-05"
Connect-Info = "CONNECT Ethernet 1000Mbps Full duplex"
Tunnel-Type:0 = VLAN
Tunnel-Medium-Type:0 = IEEE-802
Tunnel-Private-Group-Id:0 = "1"
State = 0x07b3109206b01d36b09a0ff2df4e9786
EAP-Message = 0x020300060d00
Message-Authenticator = 0x6637ee5e9340fa991ee9045e8fffb4ef
# Executing section authorize from file
/etc/freeradius/sites-enabled/default
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
++[digest] returns noop
[suffix] No '@' in User-Name = "laptop", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] EAP packet type response id 3 length 6
[eap] No EAP Start, assuming it's an on-going EAP conversation
++[eap] returns updated
[sql] expand: %{User-Name} -> laptop
[sql] sql_set_user escaped user --> 'laptop'
rlm_sql (sql): Reserving sql socket id: 2
[sql] expand: SELECT id, UserName, Attribute, Value, Op FROM
radcheck WHERE Username = '%{SQL-User-Name}' ORDER BY id -> SELECT
id, UserName, Attribute, Value, Op FROM radcheck WHERE Username =
'laptop' ORDER BY id
rlm_sql_postgresql: Status: PGRES_TUPLES_OK
rlm_sql_postgresql: query affected rows = 2 , fields = 5
[sql] expand: SELECT GroupName FROM radusergroup WHERE
UserName='%{SQL-User-Name}' ORDER BY priority -> SELECT GroupName FROM
radusergroup WHERE UserName='laptop' ORDER BY priority
rlm_sql_postgresql: Status: PGRES_TUPLES_OK
rlm_sql_postgresql: query affected rows = 1 , fields = 1
[sql] expand: SELECT id, GroupName, Attribute, Value, op FROM
radgroupcheck WHERE GroupName = '%{Sql-Group}' ORDER BY id ->
SELECT id, GroupName, Attribute, Value, op FROM radgroupcheck WHERE
GroupName = 'test' ORDER BY id
rlm_sql_postgresql: Status: PGRES_TUPLES_OK
rlm_sql_postgresql: query affected rows = 0 , fields = 5
[sql] User found in group test
[sql] expand: SELECT id, GroupName, Attribute, Value, op FROM
radgroupreply WHERE GroupName = '%{Sql-Group}' ORDER BY id ->
SELECT id, GroupName, Attribute, Value, op FROM radgroupreply WHERE
GroupName = 'test' ORDER BY id
rlm_sql_postgresql: Status: PGRES_TUPLES_OK
rlm_sql_postgresql: query affected rows = 3 , fields = 5
rlm_sql (sql): Released sql socket id: 2
++[sql] returns ok
++[expiration] returns noop
++[logintime] returns noop
++[pap] returns noop
Found Auth-Type = EAP
# Executing group from file /etc/freeradius/sites-enabled/default
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/tls
[eap] processing type tls
[tls] Authenticate
[tls] processing EAP-TLS
[tls] Received TLS ACK
[tls] ACK handshake fragment handler
[tls] eaptls_verify returned 1
[tls] eaptls_process returned 13
++[eap] returns handled
Sending Access-Challenge of id 37 to 192.168.0.201 port 1024
Framed-Protocol := PPP
Service-Type := Framed-User
Framed-Compression := Van-Jacobson-TCP-IP
EAP-Message =
0x010404000dc000000a8d9f3082049b30820383a00302010202090097606b3e1c8bf851300d06092a864886f70d010105050030818f310b3009060355040613024445311630140603550408130d4e69656465727361636873656e3111300f060355040713084272756e7376696731153013060355040a130c5369656c4e657420652e562e3121301f06092a864886f70d0109011612737570706f7274407369656c6e65742e6465311b30190603550403141266726565726164697573407369656c6e6574301e170d3134303630333231303935375a170d3135303532393231303935375a30818f310b3009060355040613024445311630140603550408
EAP-Message =
0x130d4e69656465727361636873656e3111300f060355040713084272756e7376696731153013060355040a130c5369656c4e657420652e562e3121301f06092a864886f70d0109011612737570706f7274407369656c6e65742e6465311b30190603550403141266726565726164697573407369656c6e657430820122300d06092a864886f70d01010105000382010f003082010a0282010100a4e297c9714cfe6bda4dd3f3ea9f8f1d21e785bd6132b34a478366072b781909f7ac55f59e8a8d5fd79a9a5976b4e3066155a08e2d4627d8ea52833403ee9381470ae165bdc2e2cdd65405535c9a33d81c15c31a1f116e5a925e419e667dc7ab9edac0
EAP-Message =
0xfbc3edcc9413c0dd44c20058a463e12483304115a189cef5f4c1a9e39b79b9d4c9bd074be68fd5664d1b781561c30624136f0c1df37e56b976ead0ec00337e7fda306d434dce07c828dcbd4596f6c124764a39516f604aed5f967d452f1968b8c20e8e350241fe94f806a708ef08a00d52b966510b67a3ea1f1c86687b35b51eb70920eac263a23bcbdf7e3eabe4b51e7ff10431894e17c25c6b7874d30203010001a381f73081f4301d0603551d0e041604142f967e3138107f1b9738d2539cebe632c35045513081c40603551d230481bc3081b980142f967e3138107f1b9738d2539cebe632c3504551a18195a4819230818f310b30090603550406
EAP-Message =
0x13024445311630140603550408130d4e69656465727361636873656e3111300f060355040713084272756e7376696731153013060355040a130c5369656c4e657420652e562e3121301f06092a864886f70d0109011612737570706f7274407369656c6e65742e6465311b30190603550403141266726565726164697573407369656c6e657482090097606b3e1c8bf851300c0603551d13040530030101ff300d06092a864886f70d0101050500038201010031f4ac37eb4125a30827d22da0b7def59b77619ac322e4a518525f2292057853442634b46b7cb5f69b7944aa3eec90243ee2de1453bb7a2c7ab8fdd02880a21eb2097a382247ace38b95
EAP-Message = 0x2d89e524a87882e45098e69c
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x07b3109205b71d36b09a0ff2df4e9786
Finished request 2.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 192.168.0.201 port 1024,
id=38, length=215
Framed-MTU = 1480
NAS-IP-Address = 192.168.0.201
NAS-Identifier = "sw2"
User-Name = "laptop"
Service-Type = Framed-User
Framed-Protocol = PPP
NAS-Port = 2
NAS-Port-Type = Ethernet
NAS-Port-Id = "2"
Called-Station-Id = "00-1b-3f-33-26-40"
Calling-Station-Id = "00-1c-25-9e-33-05"
Connect-Info = "CONNECT Ethernet 1000Mbps Full duplex"
Tunnel-Type:0 = VLAN
Tunnel-Medium-Type:0 = IEEE-802
Tunnel-Private-Group-Id:0 = "1"
State = 0x07b3109205b71d36b09a0ff2df4e9786
EAP-Message = 0x020400060d00
Message-Authenticator = 0x67716a43b571a9813560079942dae9a7
# Executing section authorize from file
/etc/freeradius/sites-enabled/default
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
++[digest] returns noop
[suffix] No '@' in User-Name = "laptop", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] EAP packet type response id 4 length 6
[eap] No EAP Start, assuming it's an on-going EAP conversation
++[eap] returns updated
[sql] expand: %{User-Name} -> laptop
[sql] sql_set_user escaped user --> 'laptop'
rlm_sql (sql): Reserving sql socket id: 1
[sql] expand: SELECT id, UserName, Attribute, Value, Op FROM
radcheck WHERE Username = '%{SQL-User-Name}' ORDER BY id -> SELECT
id, UserName, Attribute, Value, Op FROM radcheck WHERE Username =
'laptop' ORDER BY id
rlm_sql_postgresql: Status: PGRES_TUPLES_OK
rlm_sql_postgresql: query affected rows = 2 , fields = 5
[sql] expand: SELECT GroupName FROM radusergroup WHERE
UserName='%{SQL-User-Name}' ORDER BY priority -> SELECT GroupName FROM
radusergroup WHERE UserName='laptop' ORDER BY priority
rlm_sql_postgresql: Status: PGRES_TUPLES_OK
rlm_sql_postgresql: query affected rows = 1 , fields = 1
[sql] expand: SELECT id, GroupName, Attribute, Value, op FROM
radgroupcheck WHERE GroupName = '%{Sql-Group}' ORDER BY id ->
SELECT id, GroupName, Attribute, Value, op FROM radgroupcheck WHERE
GroupName = 'test' ORDER BY id
rlm_sql_postgresql: Status: PGRES_TUPLES_OK
rlm_sql_postgresql: query affected rows = 0 , fields = 5
[sql] User found in group test
[sql] expand: SELECT id, GroupName, Attribute, Value, op FROM
radgroupreply WHERE GroupName = '%{Sql-Group}' ORDER BY id ->
SELECT id, GroupName, Attribute, Value, op FROM radgroupreply WHERE
GroupName = 'test' ORDER BY id
rlm_sql_postgresql: Status: PGRES_TUPLES_OK
rlm_sql_postgresql: query affected rows = 3 , fields = 5
rlm_sql (sql): Released sql socket id: 1
++[sql] returns ok
++[expiration] returns noop
++[logintime] returns noop
++[pap] returns noop
Found Auth-Type = EAP
# Executing group from file /etc/freeradius/sites-enabled/default
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/tls
[eap] processing type tls
[tls] Authenticate
[tls] processing EAP-TLS
[tls] Received TLS ACK
[tls] ACK handshake fragment handler
[tls] eaptls_verify returned 1
[tls] eaptls_process returned 13
++[eap] returns handled
Sending Access-Challenge of id 38 to 192.168.0.201 port 1024
Framed-Protocol := PPP
Service-Type := Framed-User
Framed-Compression := Van-Jacobson-TCP-IP
EAP-Message =
0x010502ab0d8000000a8d84121a48832ada64b740ceef48eb4f332e09d19fb4ac04376640c55242f655e13dc49bab876726a782cff2f8a3798415dbb2a427f070fa74de2cfb40b9b7b471df1301e61f188eae20ee1ba40d7768aead0d5343babad7217ed6abee27f1375f8f39651d6c4ff59953e1e1e0f30e705774d614e899e11f31ef7bda6e0a0bf1ae3659419ae9e6ee85024f257f577784e7de07537011f4be32f60559f09634ca3a9b8632a3e73e418d1a2b160301014b0c0001470300174104cc5a9a6ee2d2054a33392efd26743a913855ebc9dd2d92da44b3cee59db08692238af5dd9fb12e46f3928a1822b2c87c0397b0696c0fef3bc92707
EAP-Message =
0xdd4b8485ff01009971ac1185d37527b0e896c6bf25736c0e63ebc42194117bb39afafef61020374abe689e940e31c3159e5e999381b12a2894669e404a73680289034e3ef9c8f74114836670a1eafc18a20575c293ff85cd77de629e8660a1abfc51ecafb0f18420c99300d4035968b4c8e3aa00f35267598e3aa0844799779f9b83b9e3df5ad62afa39ece6328fc743de37124bd988cfe02dd6b0c85af8d9101a2261efffa70726e343bf697cff77720dae455edba0726538b3fb65785598402d5946c11b8fad4cc875f0c81e663a1f77ff7ccf707162ea7dfefb8a6640af8ce67b5d528c9daed9e22e57d05f62dcfbfa8f452df8df9c8ce13c35b9d7
EAP-Message =
0x646b3c835635f1342d3516030100a20d00009a030102400094009230818f310b3009060355040613024445311630140603550408130d4e69656465727361636873656e3111300f060355040713084272756e7376696731153013060355040a130c5369656c4e657420652e562e3121301f06092a864886f70d0109011612737570706f7274407369656c6e65742e6465311b30190603550403141266726565726164697573407369656c6e65740e000000
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x07b3109204b61d36b09a0ff2df4e9786
Finished request 3.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 192.168.0.201 port 1024,
id=39, length=1529
Framed-MTU = 1480
NAS-IP-Address = 192.168.0.201
NAS-Identifier = "sw2"
User-Name = "laptop"
Service-Type = Framed-User
Framed-Protocol = PPP
NAS-Port = 2
NAS-Port-Type = Ethernet
NAS-Port-Id = "2"
Called-Station-Id = "00-1b-3f-33-26-40"
Calling-Station-Id = "00-1c-25-9e-33-05"
Connect-Info = "CONNECT Ethernet 1000Mbps Full duplex"
Tunnel-Type:0 = VLAN
Tunnel-Medium-Type:0 = IEEE-802
Tunnel-Private-Group-Id:0 = "1"
State = 0x07b3109204b61d36b09a0ff2df4e9786
EAP-Message =
0x0205051e0dc0000009e616030108500b00084c0008490003a4308203a030820288a003020102020102300d06092a864886f70d010104050030818f310b3009060355040613024445311630140603550408130d4e69656465727361636873656e3111300f060355040713084272756e7376696731153013060355040a130c5369656c4e657420652e562e3121301f06092a864886f70d0109011612737570706f7274407369656c6e65742e6465311b30190603550403141266726565726164697573407369656c6e6574301e170d3134303630353131343433355a170d3135303533313131343433355a307e310b300906035504061302444531163014
EAP-Message =
0x0603550408130d4e69656465727361636873656e31153013060355040a130c5369656c4e657420652e562e311630140603550403130d7369656c6e65746c6170746f703128302606092a864886f70d01090116197369656c6e65746c6170746f70406578616d706c652e636f6d30820122300d06092a864886f70d01010105000382010f003082010a0282010100c374bf92dc4db1db05191cde2aa1691c8184980fe05d0548b97c99777dcc808390d457f457e7c7e1af9616fad75875acfb5a8780a6a11e5ed65f5945c25354d9cd1d34411849d116e6366e3d1c657a0b1b579fd24f3b889662383611d038d36aba04373367c3be29870f24767fe4f3
EAP-Message =
0xd227fcedaff18e1776eadcfbc7aa78a0805cda6977658e875a2252cda92256ef0a6daec53526a9dc5851cf397acdaec2371c81b5ad164c704a5ff84fb811fb76b5cf8bdece9977bcf74cf346d9fa9cb1050dd91096f188866b00eb91616e023596eb1e5caa4586c0e5ac79ebc81d87892e013deef5c5fb2cb33bff9c38147e7b60889433e7d99588bb25ac8abd9698959b0203010001a317301530130603551d25040c300a06082b06010505070302300d06092a864886f70d010104050003820101007ebb20e618f114a6f3c211afed8fae934b636cb44abdf36d9ffd07d6fe871c30680257fedad1732b8a503aedc43f97cd6c951f302e8c916a9fbe
EAP-Message =
0x1c20b2750f1ff190a82cde9cae29e591c8da44c06fcfae3adfad3d84c02c1b50a032dc7962f5a8a544d0a7f61abc4d71f36a3b00c0f44ecb97ffcd95a9adb582b38c47ac1f74db023d25a3a6f863a81855888272b11c4cc305e29ea94f5ea35b83ee603b2e676023938e1273ad15b0249d73f12962dc4f4f83748c07ae07fdac8fec9e062785b86c77f62c35025bd60c023a9c94ec00bd7edf56979d249f431aaf564b23ebbe6cabcdd70b2d76c5515e96e694824cee61d7d92d980c8b518cecdb91f38ee50400049f3082049b30820383a00302010202090097606b3e1c8bf851300d06092a864886f70d010105050030818f310b3009060355040613
EAP-Message =
0x024445311630140603550408130d4e69656465727361636873656e3111300f060355040713084272756e7376696731153013060355040a130c5369656c4e657420652e562e3121301f06092a864886f70d0109011612737570706f7274407369656c6e65742e6465311b30190603550403141266726565726164697573407369656c6e6574301e170d3134303630333231303935375a170d3135303532393231303935375a30818f310b3009060355040613024445311630140603550408130d4e69656465727361636873656e3111300f060355040713084272756e7376696731153013060355040a130c5369656c4e657420652e562e3121301f0609
EAP-Message =
0x2a864886f70d0109011612737570706f7274407369656c6e65742e6465311b3019060355040314126672656572
Message-Authenticator = 0x37432280ddfc4e86dfffca14d5579f46
# Executing section authorize from file
/etc/freeradius/sites-enabled/default
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
++[digest] returns noop
[suffix] No '@' in User-Name = "laptop", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] EAP packet type response id 5 length 253
[eap] No EAP Start, assuming it's an on-going EAP conversation
++[eap] returns updated
[sql] expand: %{User-Name} -> laptop
[sql] sql_set_user escaped user --> 'laptop'
rlm_sql (sql): Reserving sql socket id: 0
[sql] expand: SELECT id, UserName, Attribute, Value, Op FROM
radcheck WHERE Username = '%{SQL-User-Name}' ORDER BY id -> SELECT
id, UserName, Attribute, Value, Op FROM radcheck WHERE Username =
'laptop' ORDER BY id
rlm_sql_postgresql: Status: PGRES_TUPLES_OK
rlm_sql_postgresql: query affected rows = 2 , fields = 5
[sql] expand: SELECT GroupName FROM radusergroup WHERE
UserName='%{SQL-User-Name}' ORDER BY priority -> SELECT GroupName FROM
radusergroup WHERE UserName='laptop' ORDER BY priority
rlm_sql_postgresql: Status: PGRES_TUPLES_OK
rlm_sql_postgresql: query affected rows = 1 , fields = 1
[sql] expand: SELECT id, GroupName, Attribute, Value, op FROM
radgroupcheck WHERE GroupName = '%{Sql-Group}' ORDER BY id ->
SELECT id, GroupName, Attribute, Value, op FROM radgroupcheck WHERE
GroupName = 'test' ORDER BY id
rlm_sql_postgresql: Status: PGRES_TUPLES_OK
rlm_sql_postgresql: query affected rows = 0 , fields = 5
[sql] User found in group test
[sql] expand: SELECT id, GroupName, Attribute, Value, op FROM
radgroupreply WHERE GroupName = '%{Sql-Group}' ORDER BY id ->
SELECT id, GroupName, Attribute, Value, op FROM radgroupreply WHERE
GroupName = 'test' ORDER BY id
rlm_sql_postgresql: Status: PGRES_TUPLES_OK
rlm_sql_postgresql: query affected rows = 3 , fields = 5
rlm_sql (sql): Released sql socket id: 0
++[sql] returns ok
++[expiration] returns noop
++[logintime] returns noop
++[pap] returns noop
Found Auth-Type = EAP
# Executing group from file /etc/freeradius/sites-enabled/default
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/tls
[eap] processing type tls
[tls] Authenticate
[tls] processing EAP-TLS
TLS Length 2534
[tls] Received EAP-TLS First Fragment of the message
[tls] eaptls_verify returned 9
[tls] eaptls_process returned 13
++[eap] returns handled
Sending Access-Challenge of id 39 to 192.168.0.201 port 1024
Framed-Protocol := PPP
Service-Type := Framed-User
Framed-Compression := Van-Jacobson-TCP-IP
EAP-Message = 0x010600060d00
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x07b3109203b51d36b09a0ff2df4e9786
Finished request 4.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 192.168.0.201 port 1024,
id=40, length=1457
Framed-MTU = 1480
NAS-IP-Address = 192.168.0.201
NAS-Identifier = "sw2"
User-Name = "laptop"
Service-Type = Framed-User
Framed-Protocol = PPP
NAS-Port = 2
NAS-Port-Type = Ethernet
NAS-Port-Id = "2"
Called-Station-Id = "00-1b-3f-33-26-40"
Calling-Station-Id = "00-1c-25-9e-33-05"
Connect-Info = "CONNECT Ethernet 1000Mbps Full duplex"
Tunnel-Type:0 = VLAN
Tunnel-Medium-Type:0 = IEEE-802
Tunnel-Private-Group-Id:0 = "1"
State = 0x07b3109203b51d36b09a0ff2df4e9786
EAP-Message =
0x020604d80d006164697573407369656c6e657430820122300d06092a864886f70d01010105000382010f003082010a0282010100a4e297c9714cfe6bda4dd3f3ea9f8f1d21e785bd6132b34a478366072b781909f7ac55f59e8a8d5fd79a9a5976b4e3066155a08e2d4627d8ea52833403ee9381470ae165bdc2e2cdd65405535c9a33d81c15c31a1f116e5a925e419e667dc7ab9edac0fbc3edcc9413c0dd44c20058a463e12483304115a189cef5f4c1a9e39b79b9d4c9bd074be68fd5664d1b781561c30624136f0c1df37e56b976ead0ec00337e7fda306d434dce07c828dcbd4596f6c124764a39516f604aed5f967d452f1968b8c20e8e350241
EAP-Message =
0xfe94f806a708ef08a00d52b966510b67a3ea1f1c86687b35b51eb70920eac263a23bcbdf7e3eabe4b51e7ff10431894e17c25c6b7874d30203010001a381f73081f4301d0603551d0e041604142f967e3138107f1b9738d2539cebe632c35045513081c40603551d230481bc3081b980142f967e3138107f1b9738d2539cebe632c3504551a18195a4819230818f310b3009060355040613024445311630140603550408130d4e69656465727361636873656e3111300f060355040713084272756e7376696731153013060355040a130c5369656c4e657420652e562e3121301f06092a864886f70d0109011612737570706f7274407369656c6e6574
EAP-Message =
0x2e6465311b30190603550403141266726565726164697573407369656c6e657482090097606b3e1c8bf851300c0603551d13040530030101ff300d06092a864886f70d0101050500038201010031f4ac37eb4125a30827d22da0b7def59b77619ac322e4a518525f2292057853442634b46b7cb5f69b7944aa3eec90243ee2de1453bb7a2c7ab8fdd02880a21eb2097a382247ace38b952d89e524a87882e45098e69c84121a48832ada64b740ceef48eb4f332e09d19fb4ac04376640c55242f655e13dc49bab876726a782cff2f8a3798415dbb2a427f070fa74de2cfb40b9b7b471df1301e61f188eae20ee1ba40d7768aead0d5343babad7217ed6
EAP-Message =
0xabee27f1375f8f39651d6c4ff59953e1e1e0f30e705774d614e899e11f31ef7bda6e0a0bf1ae3659419ae9e6ee85024f257f577784e7de07537011f4be32f60559f09634ca3a9b8632a3e73e418d1a2b160301004610000042410458338c8f6ed148bd88111afe2fce8e96c8810dc3853b0725e9c07207bfce9282138d5dd8805b243a0c333d0061f9a15ab8e6b3be248f07cb3438826253079a8e16030101060f000102010006b65fd648dfbf608fb6d55ccb4b5bdf02d7ddc26a2a37d304c0fb1a9a02f31931f3190259a5066bbcabd8c20dc9a63d86a48a9cf5855f24a743070b1eeb1e7a61db43ec3e74a50bf6c06e96119ac524e3e1fe12b10200
EAP-Message =
0xa4323f26bf5088cb5b0bd9fe3ac41737e14c748d81b70f1493f35b59c4227ebae48a9ee9f4d133980dbebb66b454c0d5dbf73b6555e2ef6cb5835b894e8102307c2323176e0382a78bb6bb01c7ea88148b22f8e190f8c1d588c90405af7a9457c777986addd30438de612c9ab2d53cf4043f225f8bec7eb348e46d7ef615540c619d1a208de221f493bdb9ee5600e473d8ef652fed27be896fdbbcde1629a4970b61fce18458a305111403010001011603010030dd6ddbede57e7b1c9abcca921bd85e522c673a43539cc2c782bd7a52dcc4b2559dd21e5af0653b8eb7df85eae00557ad
Message-Authenticator = 0xfe25690b8aebdd6f45be8b812b12775b
# Executing section authorize from file
/etc/freeradius/sites-enabled/default
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
++[digest] returns noop
[suffix] No '@' in User-Name = "laptop", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] EAP packet type response id 6 length 253
[eap] No EAP Start, assuming it's an on-going EAP conversation
++[eap] returns updated
[sql] expand: %{User-Name} -> laptop
[sql] sql_set_user escaped user --> 'laptop'
rlm_sql (sql): Reserving sql socket id: 4
[sql] expand: SELECT id, UserName, Attribute, Value, Op FROM
radcheck WHERE Username = '%{SQL-User-Name}' ORDER BY id -> SELECT
id, UserName, Attribute, Value, Op FROM radcheck WHERE Username =
'laptop' ORDER BY id
rlm_sql_postgresql: Status: PGRES_TUPLES_OK
rlm_sql_postgresql: query affected rows = 2 , fields = 5
[sql] expand: SELECT GroupName FROM radusergroup WHERE
UserName='%{SQL-User-Name}' ORDER BY priority -> SELECT GroupName FROM
radusergroup WHERE UserName='laptop' ORDER BY priority
rlm_sql_postgresql: Status: PGRES_TUPLES_OK
rlm_sql_postgresql: query affected rows = 1 , fields = 1
[sql] expand: SELECT id, GroupName, Attribute, Value, op FROM
radgroupcheck WHERE GroupName = '%{Sql-Group}' ORDER BY id ->
SELECT id, GroupName, Attribute, Value, op FROM radgroupcheck WHERE
GroupName = 'test' ORDER BY id
rlm_sql_postgresql: Status: PGRES_TUPLES_OK
rlm_sql_postgresql: query affected rows = 0 , fields = 5
[sql] User found in group test
[sql] expand: SELECT id, GroupName, Attribute, Value, op FROM
radgroupreply WHERE GroupName = '%{Sql-Group}' ORDER BY id ->
SELECT id, GroupName, Attribute, Value, op FROM radgroupreply WHERE
GroupName = 'test' ORDER BY id
rlm_sql_postgresql: Status: PGRES_TUPLES_OK
rlm_sql_postgresql: query affected rows = 3 , fields = 5
rlm_sql (sql): Released sql socket id: 4
++[sql] returns ok
++[expiration] returns noop
++[logintime] returns noop
++[pap] returns noop
Found Auth-Type = EAP
# Executing group from file /etc/freeradius/sites-enabled/default
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/tls
[eap] processing type tls
[tls] Authenticate
[tls] processing EAP-TLS
[tls] eaptls_verify returned 7
[tls] Done initial handshake
[tls] <<< TLS 1.0 Handshake [length 0850], Certificate
[tls] chain-depth=1,
[tls] error=0
[tls] --> User-Name = laptop
[tls] --> BUF-Name = freeradius@sielnet
[tls] --> subject = /C=DE/ST=Niedersachsen/L=Brunsvig/O=SielNet
e.V./emailAddress=support@sielnet.de/CN=freeradius@sielnet
[tls] --> issuer = /C=DE/ST=Niedersachsen/L=Brunsvig/O=SielNet
e.V./emailAddress=support@sielnet.de/CN=freeradius@sielnet
[tls] --> verify return:1
[tls] chain-depth=0,
[tls] error=0
[tls] --> User-Name = laptop
[tls] --> BUF-Name = laptop
[tls] --> subject = /C=DE/ST=Niedersachsen/O=SielNet
e.V./CN=laptop/emailAddress=laptop(a)example.com
[tls] --> issuer = /C=DE/ST=Niedersachsen/L=Brunsvig/O=SielNet
e.V./emailAddress=support@sielnet.de/CN=freeradius@sielnet
[tls] --> verify return:1
[tls] TLS_accept: SSLv3 read client certificate A
[tls] <<< TLS 1.0 Handshake [length 0046], ClientKeyExchange
[tls] TLS_accept: SSLv3 read client key exchange A
[tls] <<< TLS 1.0 Handshake [length 0106], CertificateVerify
[tls] TLS_accept: SSLv3 read certificate verify A
[tls] <<< TLS 1.0 ChangeCipherSpec [length 0001]
[tls] <<< TLS 1.0 Handshake [length 0010], Finished
[tls] TLS_accept: SSLv3 read finished A
[tls] >>> TLS 1.0 ChangeCipherSpec [length 0001]
[tls] TLS_accept: SSLv3 write change cipher spec A
[tls] >>> TLS 1.0 Handshake [length 0010], Finished
[tls] TLS_accept: SSLv3 write finished A
[tls] TLS_accept: SSLv3 flush data
[tls] (other): SSL negotiation finished successfully
SSL Connection Established
[tls] eaptls_process returned 13
++[eap] returns handled
Sending Access-Challenge of id 40 to 192.168.0.201 port 1024
Framed-Protocol := PPP
Service-Type := Framed-User
Framed-Compression := Van-Jacobson-TCP-IP
EAP-Message =
0x010700450d800000003b1403010001011603010030df5e27c36aacfb68feb2beb793bf67e6e9e2fd751c9d56352aa0b4ff37cde26aa321a29631f1791ec6885f516199fe2d
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x07b3109202b41d36b09a0ff2df4e9786
Finished request 5.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 192.168.0.201 port 1024,
id=41, length=215
Framed-MTU = 1480
NAS-IP-Address = 192.168.0.201
NAS-Identifier = "sw2"
User-Name = "laptop"
Service-Type = Framed-User
Framed-Protocol = PPP
NAS-Port = 2
NAS-Port-Type = Ethernet
NAS-Port-Id = "2"
Called-Station-Id = "00-1b-3f-33-26-40"
Calling-Station-Id = "00-1c-25-9e-33-05"
Connect-Info = "CONNECT Ethernet 1000Mbps Full duplex"
Tunnel-Type:0 = VLAN
Tunnel-Medium-Type:0 = IEEE-802
Tunnel-Private-Group-Id:0 = "1"
State = 0x07b3109202b41d36b09a0ff2df4e9786
EAP-Message = 0x020700060d00
Message-Authenticator = 0xa8ca96dceba238a2bc333ced9c87b158
# Executing section authorize from file
/etc/freeradius/sites-enabled/default
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
++[digest] returns noop
[suffix] No '@' in User-Name = "laptop", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] EAP packet type response id 7 length 6
[eap] No EAP Start, assuming it's an on-going EAP conversation
++[eap] returns updated
[sql] expand: %{User-Name} -> laptop
[sql] sql_set_user escaped user --> 'laptop'
rlm_sql (sql): Reserving sql socket id: 3
[sql] expand: SELECT id, UserName, Attribute, Value, Op FROM
radcheck WHERE Username = '%{SQL-User-Name}' ORDER BY id -> SELECT
id, UserName, Attribute, Value, Op FROM radcheck WHERE Username =
'laptop' ORDER BY id
rlm_sql_postgresql: Status: PGRES_TUPLES_OK
rlm_sql_postgresql: query affected rows = 2 , fields = 5
[sql] expand: SELECT GroupName FROM radusergroup WHERE
UserName='%{SQL-User-Name}' ORDER BY priority -> SELECT GroupName FROM
radusergroup WHERE UserName='laptop' ORDER BY priority
rlm_sql_postgresql: Status: PGRES_TUPLES_OK
rlm_sql_postgresql: query affected rows = 1 , fields = 1
[sql] expand: SELECT id, GroupName, Attribute, Value, op FROM
radgroupcheck WHERE GroupName = '%{Sql-Group}' ORDER BY id ->
SELECT id, GroupName, Attribute, Value, op FROM radgroupcheck WHERE
GroupName = 'test' ORDER BY id
rlm_sql_postgresql: Status: PGRES_TUPLES_OK
rlm_sql_postgresql: query affected rows = 0 , fields = 5
[sql] User found in group test
[sql] expand: SELECT id, GroupName, Attribute, Value, op FROM
radgroupreply WHERE GroupName = '%{Sql-Group}' ORDER BY id ->
SELECT id, GroupName, Attribute, Value, op FROM radgroupreply WHERE
GroupName = 'test' ORDER BY id
rlm_sql_postgresql: Status: PGRES_TUPLES_OK
rlm_sql_postgresql: query affected rows = 3 , fields = 5
rlm_sql (sql): Released sql socket id: 3
++[sql] returns ok
++[expiration] returns noop
++[logintime] returns noop
++[pap] returns noop
Found Auth-Type = EAP
# Executing group from file /etc/freeradius/sites-enabled/default
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/tls
[eap] processing type tls
[tls] Authenticate
[tls] processing EAP-TLS
[tls] Received TLS ACK
[tls] ACK handshake is finished
[tls] eaptls_verify returned 3
[tls] eaptls_process returned 3
[tls] Adding user data to cached session
[eap] Freeing handler
++[eap] returns ok
# Executing section post-auth from file
/etc/freeradius/sites-enabled/default
+- entering group post-auth {...}
++[exec] returns noop
Sending Access-Accept of id 41 to 192.168.0.201 port 1024
Framed-Protocol := PPP
Service-Type := Framed-User
Framed-Compression := Van-Jacobson-TCP-IP
MS-MPPE-Recv-Key =
0x95cb3bc08bbc313b973d2ff15bc144a70044889a430a974d04c3fc86b45f87e0
MS-MPPE-Send-Key =
0x155a60ec14c5bc8b6761a39b0edc9c029f95d039179095e2aa695dd8615fd345
EAP-Message = 0x03070004
Message-Authenticator = 0x00000000000000000000000000000000
User-Name = "laptop"
Finished request 6.
Going to the next request
Waking up in 4.9 seconds.
Cleaning up request 0 ID 35 with timestamp +7
Cleaning up request 1 ID 36 with timestamp +7
Cleaning up request 2 ID 37 with timestamp +7
Cleaning up request 3 ID 38 with timestamp +7
Cleaning up request 4 ID 39 with timestamp +7
Cleaning up request 5 ID 40 with timestamp +7
Cleaning up request 6 ID 41 with timestamp +7
Ready to process requests.
rad_recv: Accounting-Request packet from host 192.168.0.201 port 1025,
id=42, length=115
Acct-Session-Id = "006A00000004"
Acct-Status-Type = Start
Service-Type = Framed-User
Acct-Authentic = RADIUS
NAS-Port = 2
Calling-Station-Id = "00-1C-25-9E-33-05"
NAS-IP-Address = 192.168.0.201
NAS-Identifier = "sw2"
Framed-IP-Address = 192.168.0.12
User-Name = "laptop"
Acct-Delay-Time = 0
# Executing section preacct from file
/etc/freeradius/sites-enabled/default
+- entering group preacct {...}
++[preprocess] returns ok
[acct_unique] Hashing 'NAS-Port = 2,Client-IP-Address =
192.168.0.201,NAS-IP-Address = 192.168.0.201,Acct-Session-Id =
"006A00000004",User-Name = "laptop"'
[acct_unique] Acct-Unique-Session-ID = "0cae66a72b0dac43".
++[acct_unique] returns ok
[suffix] No '@' in User-Name = "laptop", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
++[files] returns noop
# Executing section accounting from file
/etc/freeradius/sites-enabled/default
+- entering group accounting {...}
[detail] expand: %{Packet-Src-IP-Address} -> 192.168.0.201
[detail] expand:
/var/log/freeradius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/detail-%Y%m%d
-> /var/log/freeradius/radacct/192.168.0.201/detail-20140925
[detail]
/var/log/freeradius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/detail-%Y%m%d
expands to /var/log/freeradius/radacct/192.168.0.201/detail-20140925
[detail] expand: %t -> Thu Sep 25 13:50:10 2014
++[detail] returns ok
++[unix] returns ok
[radutmp] expand: /var/log/freeradius/radutmp ->
/var/log/freeradius/radutmp
[radutmp] expand: %{User-Name} -> laptop
++[radutmp] returns ok
[sql] expand: %{User-Name} -> laptop
[sql] sql_set_user escaped user --> 'laptop'
[sql] expand: %{NAS-Port} -> 2
[sql] expand: %{Acct-Delay-Time} -> 0
[sql] expand: INSERT INTO radacct (AcctSessionId, AcctUniqueId,
UserName, Realm, NASIPAddress, NASPortId, NASPortType,
AcctStartTime, AcctAuthentic, ConnectInfo_start, CalledStationId,
CallingStationId, ServiceType, FramedProtocol, FramedIPAddress,
AcctStartDelay, XAscendSessionSvrKey) VALUES('%{Acct-Session-Id}',
'%{Acct-Unique-Session-Id}', '%{SQL-User-Name}',
NULLIF('%{Realm}', ''), '%{NAS-IP-Address}', %{%{NAS-Port}:-NULL},
'%{NAS-Port-Type}', ('%S'::timestamp -
'%{%{Acct-Delay-Time}:-0}'::interval), '%{Acct-Authentic}',
'%{Connect-Info}', '%{Called-Station-Id}',
'%{Calling-Station-Id}', '%{Service-Type}', '%{Framed-Protocol}',
NULLIF('%{Framed-IP-Address}', '')::inet, 0,
'%{X-Ascend-Session-Svr-Key}') -> INSERT INTO radacct
(AcctSessionId, AcctUniqueId, UserName, Realm, NASIPAddress,
NASPortId, NASPortType, AcctStartTime, AcctAuthentic,
ConnectInfo_start, CalledStationId, CallingStationId, ServiceType,
FramedProtocol, FramedIPAddress, AcctStartDelay,
rlm_sql (sql): Reserving sql socket id: 2
rlm_sql_postgresql: Status: PGRES_COMMAND_OK
rlm_sql_postgresql: query affected rows = 1
rlm_sql (sql): Released sql socket id: 2
++[sql] returns ok
++[exec] returns noop
[attr_filter.accounting_response] expand: %{User-Name} -> laptop
attr_filter: Matched entry DEFAULT at line 12
++[attr_filter.accounting_response] returns updated
Sending Accounting-Response of id 42 to 192.168.0.201 port 1025
Finished request 7.
Cleaning up request 7 ID 42 with timestamp +52
Going to the next request
Ready to process requests.
rad_recv: Accounting-Request packet from host 192.168.0.201 port 1025,
id=43, length=145
Acct-Session-Id = "006A00000004"
Acct-Status-Type = Interim-Update
Service-Type = Framed-User
Acct-Authentic = RADIUS
NAS-Port = 2
Calling-Station-Id = "00-1C-25-9E-33-05"
NAS-IP-Address = 192.168.0.201
NAS-Identifier = "sw2"
Framed-IP-Address = 192.168.0.12
User-Name = "laptop"
Acct-Session-Time = 105
Acct-Input-Octets = 12900
Acct-Output-Octets = 4756
Acct-Input-Packets = 60
Acct-Output-Packets = 18
Acct-Delay-Time = 0
# Executing section preacct from file
/etc/freeradius/sites-enabled/default
+- entering group preacct {...}
++[preprocess] returns ok
[acct_unique] Hashing 'NAS-Port = 2,Client-IP-Address =
192.168.0.201,NAS-IP-Address = 192.168.0.201,Acct-Session-Id =
"006A00000004",User-Name = "laptop"'
[acct_unique] Acct-Unique-Session-ID = "0cae66a72b0dac43".
++[acct_unique] returns ok
[suffix] No '@' in User-Name = "laptop", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
++[files] returns noop
# Executing section accounting from file
/etc/freeradius/sites-enabled/default
+- entering group accounting {...}
[detail] expand: %{Packet-Src-IP-Address} -> 192.168.0.201
[detail] expand:
/var/log/freeradius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/detail-%Y%m%d
-> /var/log/freeradius/radacct/192.168.0.201/detail-20140925
[detail]
/var/log/freeradius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/detail-%Y%m%d
expands to /var/log/freeradius/radacct/192.168.0.201/detail-20140925
[detail] expand: %t -> Thu Sep 25 13:51:10 2014
++[detail] returns ok
++[unix] returns noop
[radutmp] expand: /var/log/freeradius/radutmp ->
/var/log/freeradius/radutmp
[radutmp] expand: %{User-Name} -> laptop
++[radutmp] returns ok
[sql] expand: %{User-Name} -> laptop
[sql] sql_set_user escaped user --> 'laptop'
[sql] expand: %{Acct-Input-Gigawords} ->
[sql] ... expanding second conditional
[sql] expand: %{Acct-Input-Octets} -> 12900
[sql] expand: %{Acct-Output-Gigawords} ->
[sql] ... expanding second conditional
[sql] expand: %{Acct-Output-Octets} -> 4756
[sql] expand: UPDATE radacct SET FramedIPAddress =
NULLIF('%{Framed-IP-Address}', '')::inet, AcctSessionTime =
'%{Acct-Session-Time}', AcctInputOctets =
(('%{%{Acct-Input-Gigawords}:-0}'::bigint << 32) +
'%{%{Acct-Input-Octets}:-0}'::bigint), AcctOutputOctets =
(('%{%{Acct-Output-Gigawords}:-0}'::bigint << 32) +
'%{%{Acct-Output-Octets}:-0}'::bigint) WHERE AcctSessionId =
'%{Acct-Session-Id}' AND UserName = '%{SQL-User-Name}' AND
NASIPAddress= '%{NAS-IP-Address}' AND AcctStopTime IS NULL -> UPDATE
radacct SET FramedIPAddress = NULLIF('192.168.0.12', '')::inet,
AcctSessionTime = '105', AcctInputOctets = (('0'::bigint << 32) +
'12900'::bigint), AcctOutputOctets = (('0'::bigint << 32) +
'4756'::bigint) WHERE AcctSessionId = '006A00000004' AND UserName =
'laptop' AND NASIPAddress= '192.168.0.201' AND AcctStopTime IS NULL
rlm_sql (sql): Reserving sql socket id: 1
rlm_sql_postgresql: Status: PGRES_COMMAND_OK
rlm_sql_postgresql: query affected rows = 1
rlm_sql (sql): Released sql socket id: 1
++[sql] returns ok
++[exec] returns noop
[attr_filter.accounting_response] expand: %{User-Name} -> laptop
attr_filter: Matched entry DEFAULT at line 12
++[attr_filter.accounting_response] returns updated
Sending Accounting-Response of id 43 to 192.168.0.201 port 1025
Finished request 8.
Cleaning up request 8 ID 43 with timestamp +112
Going to the next request
Ready to process requests.
2
2
Himanshu Pandey wrote:
> Adding something more to it. Like How many auth or accounting request
> received? How many of them failed? How
> many of them were OK,noop,reject etc.
That information isn't tracked.
If you want to modify the source, see src/main/modcall.c. All of the
module handling is done there.
Alan DeKok.
1
0
Hello,
I have Cisco Router 7206
working l2tp (vpdn)
how can i configure coa to downgrade or upgrade speed without disconnect
user.
1
0
Somebody please help me to achieve this.
From: "Himanshu Pandey" <pandey_himanshu80(a)rediffmail.com>
Sent: Thu, 25 Sep 2014 15:18:11
To: "freeradius-users(a)lists.freeradius.org" <freeradius-users(a)lists.freeradius.org>
Subject: Re: Module Statistics in freeradius
Hi,
Adding more to it:
Basically count the number of auth request received and the number of responses returned with error code .
Basically count the number of accounting request received and the number of responses returned with error code.
Somebody please help me with this.
Regards,
Himanshu
From: "Himanshu Pandey" <pandey_himanshu80(a)rediffmail.com>
Sent: Thu, 25 Sep 2014 15:00:53
To: "freeradius-users(a)lists.freeradius.org" <freeradius-users(a)lists.freeradius.org>
Subject: Re: Module Statistics in freeradius
Hi,
Adding something more to it. Like How many auth or accounting request received? How many of them failed? How
many of them were OK,noop,reject etc.
Regards,
Sonu
From: "Himanshu Pandey" <pandey_himanshu80(a)rediffmail.com>
Sent: Thu, 25 Sep 2014 11:34:58
To: "freeradius-users(a)lists.freeradius.org" <freeradius-users(a)lists.freeradius.org>, "a.cudbardb(a)freeradius.org" <a.cudbardb(a)freeradius.org>, "aland(a)deployingradius.com" <aland(a)deployingradius.com>
Subject: Module Statistics in freeradius
Dear Friends,
I have a requirement that I want "Module statistics". Meaning, say a module is hit 100 times in a session then the module statistics should consist of the count of say "reject" return code if any, count of say "OK" return code if any,count of say "fail" return code if any, count of say "noop" return code if any and so on and so forth.
I have gone through radmin but it supports module status only. Is there anything in freeradius that supports Module statistics. If "No" then what piece of code to be included or modified and where exactly in freeradius.
Basically how to achieve this.
Regards,
Sonu
Get your own FREE website, FREE domain & FREE mobile app with Company email. Know More >
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Get your own FREE website, FREE domain & FREE mobile app with Company email. Know More >
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Get your own FREE website, FREE domain & FREE mobile app with Company email. Know More >
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
1
0
Hi,
Thank you for yesterday's suggestion.
I am able to run RADIUS server in debug mode.
I have few more queries.
Query1:
When I send a request from IP:1645 port(gateway which acts as Radius
client) to Radius server, i get an error as
"request from unknown client IP.1645 ignored. I get reject message from
server.
Message authenticator is not present in request under AVP attributes.
Query2:
When I send Radius request from one host to another, request reaches server
and server will never respond to the same.
Message authenticate value is present.
I have set message_authenticator value to no in radiusd.conf
Why is the behavior different in these 2 case?
In both the cases I sniffed it on ubuntu PC where server is running. I am
sure request is reaching PC, but I am not sure if its hitting application.
Should I have my Radius user details in my sql table. If yes, can you
please tell me how do I do that. Can you please share the link. I am new to
freeradius and ubuntu as well.
Could you please help me in this regard.
Thanks,
Kavya
2
1
Hello Lalit,
thank for your answer.
i used the same method.
But my issue, it' on the radcheck table. In my last setup, i used a default
entry for my users in the users file. And i would like to do the same thing
on mysql, instead of adding it manually
kinds regard
2014-09-24 14:30 GMT+02:00 Lalit Choudhary <lalitvc(a)gmail.com>:
> Check this link new Freeradius with mysql installation and configuration
> http://lalitvc.wordpress.com/2014/07/03/freeradius-3-0-x-installation-and-c…
>
> On Sep 24, 2014 5:25 PM, Lovasoa Razaka <zulzig(a)gmail.com> wrote:
> >
> > Hello all.
> >
> > I need helps with my setup.
> >
> > Currently, i set up a freeradius server. I only use the next files:
> > eap.conf
> > hints
> > clients.conf
> > users
> > radiusd.conf
> > sites-available/default
> >
> > My solution allow a host with a signed certificate to switch in a
> specific VLAN (802.1X).
> > In my the users file.
> >
> > I added a DEFAULT entry
> > DEFAULT Hint == "host/"
> > Auth-Type := "EAP",
> > Tunnel-type = "13",
> > Tunnel-Medium-Type = "6",
> > Fall-Through = Yes
> > DEFAULT Hint == "host/"
> > Tunnel-Private-Group-ID = "100"
> > Fall-Through = Yes
> >
> > #DEFAULT Hint =="host/"
> > # Tunnel-Private-Group-ID = "200"
> > # Fall-Through = Yes
> >
> > DEFAULT Hint == "host/"
> > Auth-Type = "reject"
> >
> > I would like to migrate this solution on a mysql database, but i didn't
> understood, how i can use a default profil with Mysql.
> >
> > is it the best way to do ? Or mysql is not useful for my solution.
> >
> > thank a lot for your help
1
0