Freeradius-Users
Threads by month
- ----- 2026 -----
- July
- June
- May
- April
- March
- February
- January
- ----- 2025 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2024 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2023 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2022 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2021 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2020 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2019 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2018 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2017 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2016 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2015 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2014 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2013 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2012 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2011 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2010 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2009 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2008 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2007 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2006 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2005 -----
- December
- November
- October
- September
- August
- July
- June
- May
October 2016
- 64 participants
- 91 discussions
Hello all,
Are there any convenient way to deploy 801.1x WiFi profile and CA
certificate to Android device?
I have checked Google MDM but it don't allows unattended CA installation to
regular devices.
I'm sorry if this message will be considered offtopic here.
Thank you.
--
Bogdan Rudas
Head of Minsk IT Support Department
Exadel Inc.
http://www.exadel.com/
E-mail: brudas(a)exadel.com
Skype ID: bogdan.rudas
--
CONFIDENTIALITY NOTICE: This email and files attached to it are
confidential. If you are not the intended recipient you are hereby notified
that using, copying, distributing or taking any action in reliance on the
contents of this information is strictly prohibited. If you have received
this email in error please notify the sender and delete this email.
3
2
19 Oct '16
>Not anyone had an idea about this request???
AFAIK the users file is only invoked when you are actually the
authentication end-point. If you're proxying, this does not happen.
Use unlang in the post-proxy section to add the attribute manually.
And finally, *do* upgrade. 2.2.8 is DEAD, even if it's the last version
available for Ubuntu. You can spin your own by following the Debian
instructions on the FreeRADIUS Wiki.
Stefan Paetow
Moonshot Industry & Research Liaison Coordinator
t: +44 (0)1235 822 125
gpg: 0x3FCE5142
xmpp: stefanp(a)jabber.dev.ja.net
skype: stefan.paetow.janet
jisc.ac.uk
Jisc is a registered charity (number 1149740) and a company limited by
guarantee which is registered in England under Company No. 5747339, VAT
No. GB 197 0632 86. Jisc¹s registered office is: One Castlepark, Tower
Hill, Bristol, BS2 0JA. T 0203 697 5800.
>
1
0
19 Oct '16
Hello!
Not anyone had an idea about this request???
dk8hi wrote:
> Message: 1
> Date: Tue, 11 Oct 2016 09:21:17 +0200
> From: "Dr. Karl-Heinz Pape" <dk8hi(a)web.de>
> To: freeradius-users(a)lists.freeradius.org
> Subject: Attributes from users File not added to Proxy Response
> Message-ID:
> <trinity-537189d4-54f2-4aca-b1d7-817543ecd3cd-1476170477506@3capp-webde-bap42>
>
> Content-Type: text/plain; charset="UTF-8"
>
> Hello!
> I am running FreeRADIUS Version 2.2.8 (the latest version available for
> my current Ubuntu set-up).
> The FreeRADIUS acts as a proxy and forwards the request to another
> RADIUS.
> The answer is received and the information in the user file seems to be
> processed
> (which can be seen from the double Auth-Type listed in the debug
> output, and yes,
> I removed the Auth-Type from the users file and it still does not
> work).
> Now the additional attributes from the users file are NOT added to the
> response of the FreeRADIUS
> to the NAS.
> With an earlier version of FreeRADIUS these attributes had been added,
> as I can see from old
> Wireshark dumps of the RADIUS communication.
> The Context-Name = dsl would be required by the RedBack NAS to find the
> correct context!
> Am I missing something?
> Thanks in advance
> Karl-Heinz
Please see my original request in: Freeradius-Users Digest, Vol 138, Issue 23
*************************************************
2
1
Long delay on response to PPPoE NAS (Mikrotik) on FreeRadius 3.0.12 + MySQL
by Nataniel Klug 18 Oct '16
by Nataniel Klug 18 Oct '16
18 Oct '16
Hello,
I am trying to upgrade my FreeRadius servers to version 3.0.12. We are
making some changes in the structure of the company and this is going to be
needed. Today I run FreeRadius 2.1.10 and I make my check and accounting on
MySQL and IPPool on PostgreSQL.
Now I am changing the structure to FreeRadius 3.0.12 and all check,
accounting and ippool going to a MaxScale/MariaDB cluster. I've already
tested the MariaDB server and all requests are being replied in 0,006
seconds. It's fast enough right now. I compiled from source FreeRadius
3.0.12 on a Debian 8.6 (Linux HA-Radius-2 3.16.0-4-amd64 #1 SMP Debian
3.16.36-1+deb8u1 (2016-09-03) x86_64 GNU/Linux).
The problem is that for some reason FreeRadius is taking a long time to
answer to NAS Access-Request and the NAS send a lot of requests to receive
an answer. Bellow I show a FreeRadius log and later I will explain what I
saw in this (for the purpose of this log I disabled SQL IPPool and
Simultaneous-Check):
Ready to process requests
(0) Received Access-Request Id 17 from 187.19.96.40:35728 to
172.31.255.188:1812 length 136
(0) Service-Type = Framed-User
(0) Framed-Protocol = PPP
(0) NAS-Port = 15728647
(0) NAS-Port-Type = Ethernet
(0) User-Name = "teste-sql"
(0) Calling-Station-Id = "E4:8D:8C:EC:90:A2"
(0) Called-Station-Id = "CSC-755-rt-01"
(0) NAS-Port-Id = "vlan14"
(0) User-Password = "senha34"
(0) NAS-Identifier = "CSC-755-rt-01"
(0) NAS-IP-Address = 187.19.96.40
(0) # Executing section authorize from file
/usr/local/etc/raddb/sites-enabled/default
(0) authorize {
(0) sql: EXPAND %{User-Name}
(0) sql: --> teste-sql
(0) sql: SQL-User-Name set to 'teste-sql'
rlm_sql (sql): Reserved connection (1)
(0) sql: EXPAND SELECT id, username, attribute, value, op FROM radcheck
WHERE username = '%{SQL-User-Name}' ORDER BY id
(0) sql: --> SELECT id, username, attribute, value, op FROM radcheck
WHERE username = 'teste-sql' ORDER BY id
(0) sql: Executing select query: SELECT id, username, attribute, value, op
FROM radcheck WHERE username = 'teste-sql' ORDER BY id
(0) sql: User found in radcheck table
(0) sql: Conditional check items matched, merging assignment check items
(0) sql: Crypt-Password := "w54qGtgpcqSaw"
(0) sql: Pool-Name := "main_pool"
(0) sql: EXPAND SELECT id, username, attribute, value, op FROM radreply
WHERE username = '%{SQL-User-Name}' ORDER BY id
(0) sql: --> SELECT id, username, attribute, value, op FROM radreply
WHERE username = 'teste-sql' ORDER BY id
(0) sql: Executing select query: SELECT id, username, attribute, value, op
FROM radreply WHERE username = 'teste-sql' ORDER BY id
(0) sql: EXPAND SELECT groupname FROM radusergroup WHERE username =
'%{SQL-User-Name}' ORDER BY priority
(0) sql: --> SELECT groupname FROM radusergroup WHERE username =
'teste-sql' ORDER BY priority
(0) sql: Executing select query: SELECT groupname FROM radusergroup WHERE
username = 'teste-sql' ORDER BY priority
(0) sql: User found in the group table
(0) sql: EXPAND SELECT id, groupname, attribute, Value, op FROM
radgroupcheck WHERE groupname = '%{SQL-Group}' ORDER BY id
(0) sql: --> SELECT id, groupname, attribute, Value, op FROM
radgroupcheck WHERE groupname = 'grupo-teste-sql' ORDER BY id
(0) sql: Executing select query: SELECT id, groupname, attribute, Value, op
FROM radgroupcheck WHERE groupname = 'grupo-teste-sql' ORDER BY id
(0) sql: Group "grupo-teste-sql": Conditional check items matched
(0) sql: Group "grupo-teste-sql": Merging assignment check items
(0) sql: Simultaneous-Use := 1
(0) sql: EXPAND SELECT id, groupname, attribute, value, op FROM
radgroupreply WHERE groupname = '%{SQL-Group}' ORDER BY id
(0) sql: --> SELECT id, groupname, attribute, value, op FROM
radgroupreply WHERE groupname = 'grupo-teste-sql' ORDER BY id
(0) sql: Executing select query: SELECT id, groupname, attribute, value, op
FROM radgroupreply WHERE groupname = 'grupo-teste-sql' ORDER BY id
(0) sql: Group "grupo-teste-sql": Merging reply items
(0) sql: Mikrotik-Rate-Limit := "32k"
rlm_sql (sql): Released connection (1)
rlm_sql (sql): Closing connection (2), from 10 unused connections
rlm_sql_mysql: Socket destructor called, closing socket
(0) [sql] = ok
(0) [pap] = updated
(0) } # authorize = updated
(0) Found Auth-Type = PAP
(0) # Executing group from file /usr/local/etc/raddb/sites-enabled/default
(0) Auth-Type PAP {
(0) pap: Login attempt with password
(0) pap: Comparing with "known-good" Crypt-password
(0) pap: User authenticated successfully
(0) [pap] = ok
(0) } # Auth-Type PAP = ok
(0) # Executing section session from file
/usr/local/etc/raddb/sites-enabled/default
(0) session {
(0) sql: EXPAND %{User-Name}
(0) sql: --> teste-sql
(0) sql: SQL-User-Name set to 'teste-sql'
(0) sql: EXPAND SELECT COUNT(*) FROM radacct WHERE username =
'%{SQL-User-Name}' AND acctstoptime IS NULL
(0) sql: --> SELECT COUNT(*) FROM radacct WHERE username = 'teste-sql'
AND acctstoptime IS NULL
rlm_sql (sql): Reserved connection (3)
(0) sql: Executing select query: SELECT COUNT(*) FROM radacct WHERE
username = 'teste-sql' AND acctstoptime IS NULL
rlm_sql (sql): Released connection (3)
(0) [sql] = ok
(0) } # session = ok
(0) Login OK: [teste-sql] (from client CSC-755-rt-01 port 15728647 cli
E4:8D:8C:EC:90:A2)
(0) Sent Access-Accept Id 17 from 172.31.255.188:1812 to 187.19.96.40:35728
length 0
(0) Mikrotik-Rate-Limit = "32k"
(0) Finished request
Waking up in 1.9 seconds.
(0) Cleaning up request packet ID 17 with timestamp +47
Ready to process requests
(1) Received Access-Request Id 17 from 187.19.96.40:35728 to
172.31.255.188:1812 length 136
(1) Service-Type = Framed-User
(1) Framed-Protocol = PPP
(1) NAS-Port = 15728647
(1) NAS-Port-Type = Ethernet
(1) User-Name = "teste-sql"
(1) Calling-Station-Id = "E4:8D:8C:EC:90:A2"
(1) Called-Station-Id = "CSC-755-rt-01"
(1) NAS-Port-Id = "vlan14"
(1) User-Password = "senha34"
(1) NAS-Identifier = "CSC-755-rt-01"
(1) NAS-IP-Address = 187.19.96.40
(1) # Executing section authorize from file
/usr/local/etc/raddb/sites-enabled/default
(1) authorize {
(1) sql: EXPAND %{User-Name}
(1) sql: --> teste-sql
(1) sql: SQL-User-Name set to 'teste-sql'
rlm_sql (sql): Reserved connection (4)
(1) sql: EXPAND SELECT id, username, attribute, value, op FROM radcheck
WHERE username = '%{SQL-User-Name}' ORDER BY id
(1) sql: --> SELECT id, username, attribute, value, op FROM radcheck
WHERE username = 'teste-sql' ORDER BY id
(1) sql: Executing select query: SELECT id, username, attribute, value, op
FROM radcheck WHERE username = 'teste-sql' ORDER BY id
(1) sql: User found in radcheck table
(1) sql: Conditional check items matched, merging assignment check items
(1) sql: Crypt-Password := "w54qGtgpcqSaw"
(1) sql: Pool-Name := "main_pool"
(1) sql: EXPAND SELECT id, username, attribute, value, op FROM radreply
WHERE username = '%{SQL-User-Name}' ORDER BY id
(1) sql: --> SELECT id, username, attribute, value, op FROM radreply
WHERE username = 'teste-sql' ORDER BY id
(1) sql: Executing select query: SELECT id, username, attribute, value, op
FROM radreply WHERE username = 'teste-sql' ORDER BY id
(1) sql: EXPAND SELECT groupname FROM radusergroup WHERE username =
'%{SQL-User-Name}' ORDER BY priority
(1) sql: --> SELECT groupname FROM radusergroup WHERE username =
'teste-sql' ORDER BY priority
(1) sql: Executing select query: SELECT groupname FROM radusergroup WHERE
username = 'teste-sql' ORDER BY priority
(1) sql: User found in the group table
(1) sql: EXPAND SELECT id, groupname, attribute, Value, op FROM
radgroupcheck WHERE groupname = '%{SQL-Group}' ORDER BY id
(1) sql: --> SELECT id, groupname, attribute, Value, op FROM
radgroupcheck WHERE groupname = 'grupo-teste-sql' ORDER BY id
(1) sql: Executing select query: SELECT id, groupname, attribute, Value, op
FROM radgroupcheck WHERE groupname = 'grupo-teste-sql' ORDER BY id
(1) sql: Group "grupo-teste-sql": Conditional check items matched
(1) sql: Group "grupo-teste-sql": Merging assignment check items
(1) sql: Simultaneous-Use := 1
(1) sql: EXPAND SELECT id, groupname, attribute, value, op FROM
radgroupreply WHERE groupname = '%{SQL-Group}' ORDER BY id
(1) sql: --> SELECT id, groupname, attribute, value, op FROM
radgroupreply WHERE groupname = 'grupo-teste-sql' ORDER BY id
(1) sql: Executing select query: SELECT id, groupname, attribute, value, op
FROM radgroupreply WHERE groupname = 'grupo-teste-sql' ORDER BY id
(1) sql: Group "grupo-teste-sql": Merging reply items
(1) sql: Mikrotik-Rate-Limit := "32k"
rlm_sql (sql): Released connection (4)
rlm_sql (sql): Closing connection (5), from 9 unused connections
rlm_sql_mysql: Socket destructor called, closing socket
(1) [sql] = ok
(1) [pap] = updated
(1) } # authorize = updated
(1) Found Auth-Type = PAP
(1) # Executing group from file /usr/local/etc/raddb/sites-enabled/default
(1) Auth-Type PAP {
(1) pap: Login attempt with password
(1) pap: Comparing with "known-good" Crypt-password
(1) pap: User authenticated successfully
(1) [pap] = ok
(1) } # Auth-Type PAP = ok
(1) # Executing section session from file
/usr/local/etc/raddb/sites-enabled/default
(1) session {
(1) sql: EXPAND %{User-Name}
(1) sql: --> teste-sql
(1) sql: SQL-User-Name set to 'teste-sql'
(1) sql: EXPAND SELECT COUNT(*) FROM radacct WHERE username =
'%{SQL-User-Name}' AND acctstoptime IS NULL
(1) sql: --> SELECT COUNT(*) FROM radacct WHERE username = 'teste-sql'
AND acctstoptime IS NULL
rlm_sql (sql): Reserved connection (6)
(1) sql: Executing select query: SELECT COUNT(*) FROM radacct WHERE
username = 'teste-sql' AND acctstoptime IS NULL
rlm_sql (sql): Released connection (6)
(1) [sql] = ok
(1) } # session = ok
(1) Login OK: [teste-sql] (from client CSC-755-rt-01 port 15728647 cli
E4:8D:8C:EC:90:A2)
(1) Sent Access-Accept Id 17 from 172.31.255.188:1812 to 187.19.96.40:35728
length 0
(1) Mikrotik-Rate-Limit = "32k"
(1) Finished request
Waking up in 1.9 seconds.
(1) Cleaning up request packet ID 17 with timestamp +50
Ready to process requests
(2) Received Access-Request Id 17 from 187.19.96.40:35728 to
172.31.255.188:1812 length 136
(2) Service-Type = Framed-User
(2) Framed-Protocol = PPP
(2) NAS-Port = 15728647
(2) NAS-Port-Type = Ethernet
(2) User-Name = "teste-sql"
(2) Calling-Station-Id = "E4:8D:8C:EC:90:A2"
(2) Called-Station-Id = "CSC-755-rt-01"
(2) NAS-Port-Id = "vlan14"
(2) User-Password = "senha34"
(2) NAS-Identifier = "CSC-755-rt-01"
(2) NAS-IP-Address = 187.19.96.40
(2) # Executing section authorize from file
/usr/local/etc/raddb/sites-enabled/default
(2) authorize {
(2) sql: EXPAND %{User-Name}
(2) sql: --> teste-sql
(2) sql: SQL-User-Name set to 'teste-sql'
rlm_sql (sql): Reserved connection (7)
(2) sql: EXPAND SELECT id, username, attribute, value, op FROM radcheck
WHERE username = '%{SQL-User-Name}' ORDER BY id
(2) sql: --> SELECT id, username, attribute, value, op FROM radcheck
WHERE username = 'teste-sql' ORDER BY id
(2) sql: Executing select query: SELECT id, username, attribute, value, op
FROM radcheck WHERE username = 'teste-sql' ORDER BY id
(2) sql: User found in radcheck table
(2) sql: Conditional check items matched, merging assignment check items
(2) sql: Crypt-Password := "w54qGtgpcqSaw"
(2) sql: Pool-Name := "main_pool"
(2) sql: EXPAND SELECT id, username, attribute, value, op FROM radreply
WHERE username = '%{SQL-User-Name}' ORDER BY id
(2) sql: --> SELECT id, username, attribute, value, op FROM radreply
WHERE username = 'teste-sql' ORDER BY id
(2) sql: Executing select query: SELECT id, username, attribute, value, op
FROM radreply WHERE username = 'teste-sql' ORDER BY id
(2) sql: EXPAND SELECT groupname FROM radusergroup WHERE username =
'%{SQL-User-Name}' ORDER BY priority
(2) sql: --> SELECT groupname FROM radusergroup WHERE username =
'teste-sql' ORDER BY priority
(2) sql: Executing select query: SELECT groupname FROM radusergroup WHERE
username = 'teste-sql' ORDER BY priority
(2) sql: User found in the group table
(2) sql: EXPAND SELECT id, groupname, attribute, Value, op FROM
radgroupcheck WHERE groupname = '%{SQL-Group}' ORDER BY id
(2) sql: --> SELECT id, groupname, attribute, Value, op FROM
radgroupcheck WHERE groupname = 'grupo-teste-sql' ORDER BY id
(2) sql: Executing select query: SELECT id, groupname, attribute, Value, op
FROM radgroupcheck WHERE groupname = 'grupo-teste-sql' ORDER BY id
(2) sql: Group "grupo-teste-sql": Conditional check items matched
(2) sql: Group "grupo-teste-sql": Merging assignment check items
(2) sql: Simultaneous-Use := 1
(2) sql: EXPAND SELECT id, groupname, attribute, value, op FROM
radgroupreply WHERE groupname = '%{SQL-Group}' ORDER BY id
(2) sql: --> SELECT id, groupname, attribute, value, op FROM
radgroupreply WHERE groupname = 'grupo-teste-sql' ORDER BY id
(2) sql: Executing select query: SELECT id, groupname, attribute, value, op
FROM radgroupreply WHERE groupname = 'grupo-teste-sql' ORDER BY id
(2) sql: Group "grupo-teste-sql": Merging reply items
(2) sql: Mikrotik-Rate-Limit := "32k"
rlm_sql (sql): Released connection (7)
rlm_sql (sql): Closing connection (8), from 8 unused connections
rlm_sql_mysql: Socket destructor called, closing socket
(2) [sql] = ok
(2) [pap] = updated
(2) } # authorize = updated
(2) Found Auth-Type = PAP
(2) # Executing group from file /usr/local/etc/raddb/sites-enabled/default
(2) Auth-Type PAP {
(2) pap: Login attempt with password
(2) pap: Comparing with "known-good" Crypt-password
(2) pap: User authenticated successfully
(2) [pap] = ok
(2) } # Auth-Type PAP = ok
(2) # Executing section session from file
/usr/local/etc/raddb/sites-enabled/default
(2) session {
(2) sql: EXPAND %{User-Name}
(2) sql: --> teste-sql
(2) sql: SQL-User-Name set to 'teste-sql'
(2) sql: EXPAND SELECT COUNT(*) FROM radacct WHERE username =
'%{SQL-User-Name}' AND acctstoptime IS NULL
(2) sql: --> SELECT COUNT(*) FROM radacct WHERE username = 'teste-sql'
AND acctstoptime IS NULL
rlm_sql (sql): Reserved connection (9)
(2) sql: Executing select query: SELECT COUNT(*) FROM radacct WHERE
username = 'teste-sql' AND acctstoptime IS NULL
rlm_sql (sql): Released connection (9)
(2) [sql] = ok
(2) } # session = ok
(2) Login OK: [teste-sql] (from client CSC-755-rt-01 port 15728647 cli
E4:8D:8C:EC:90:A2)
(2) Sent Access-Accept Id 17 from 172.31.255.188:1812 to 187.19.96.40:35728
length 0
(2) Mikrotik-Rate-Limit = "32k"
(2) Finished request
Waking up in 1.9 seconds.
(2) Cleaning up request packet ID 17 with timestamp +53
Ready to process requests
(3) Received Access-Request Id 18 from 187.19.96.40:36982 to
172.31.255.188:1812 length 136
(3) Service-Type = Framed-User
(3) Framed-Protocol = PPP
(3) NAS-Port = 15728648
(3) NAS-Port-Type = Ethernet
(3) User-Name = "teste-sql"
(3) Calling-Station-Id = "E4:8D:8C:EC:90:A2"
(3) Called-Station-Id = "CSC-755-rt-01"
(3) NAS-Port-Id = "vlan14"
(3) User-Password = "senha34"
(3) NAS-Identifier = "CSC-755-rt-01"
(3) NAS-IP-Address = 187.19.96.40
(3) # Executing section authorize from file
/usr/local/etc/raddb/sites-enabled/default
(3) authorize {
(3) sql: EXPAND %{User-Name}
(3) sql: --> teste-sql
(3) sql: SQL-User-Name set to 'teste-sql'
rlm_sql (sql): Reserved connection (10)
(3) sql: EXPAND SELECT id, username, attribute, value, op FROM radcheck
WHERE username = '%{SQL-User-Name}' ORDER BY id
(3) sql: --> SELECT id, username, attribute, value, op FROM radcheck
WHERE username = 'teste-sql' ORDER BY id
(3) sql: Executing select query: SELECT id, username, attribute, value, op
FROM radcheck WHERE username = 'teste-sql' ORDER BY id
(3) sql: User found in radcheck table
(3) sql: Conditional check items matched, merging assignment check items
(3) sql: Crypt-Password := "w54qGtgpcqSaw"
(3) sql: Pool-Name := "main_pool"
(3) sql: EXPAND SELECT id, username, attribute, value, op FROM radreply
WHERE username = '%{SQL-User-Name}' ORDER BY id
(3) sql: --> SELECT id, username, attribute, value, op FROM radreply
WHERE username = 'teste-sql' ORDER BY id
(3) sql: Executing select query: SELECT id, username, attribute, value, op
FROM radreply WHERE username = 'teste-sql' ORDER BY id
(3) sql: EXPAND SELECT groupname FROM radusergroup WHERE username =
'%{SQL-User-Name}' ORDER BY priority
(3) sql: --> SELECT groupname FROM radusergroup WHERE username =
'teste-sql' ORDER BY priority
(3) sql: Executing select query: SELECT groupname FROM radusergroup WHERE
username = 'teste-sql' ORDER BY priority
(3) sql: User found in the group table
(3) sql: EXPAND SELECT id, groupname, attribute, Value, op FROM
radgroupcheck WHERE groupname = '%{SQL-Group}' ORDER BY id
(3) sql: --> SELECT id, groupname, attribute, Value, op FROM
radgroupcheck WHERE groupname = 'grupo-teste-sql' ORDER BY id
(3) sql: Executing select query: SELECT id, groupname, attribute, Value, op
FROM radgroupcheck WHERE groupname = 'grupo-teste-sql' ORDER BY id
(3) sql: Group "grupo-teste-sql": Conditional check items matched
(3) sql: Group "grupo-teste-sql": Merging assignment check items
(3) sql: Simultaneous-Use := 1
(3) sql: EXPAND SELECT id, groupname, attribute, value, op FROM
radgroupreply WHERE groupname = '%{SQL-Group}' ORDER BY id
(3) sql: --> SELECT id, groupname, attribute, value, op FROM
radgroupreply WHERE groupname = 'grupo-teste-sql' ORDER BY id
(3) sql: Executing select query: SELECT id, groupname, attribute, value, op
FROM radgroupreply WHERE groupname = 'grupo-teste-sql' ORDER BY id
(3) sql: Group "grupo-teste-sql": Merging reply items
(3) sql: Mikrotik-Rate-Limit := "32k"
rlm_sql (sql): Released connection (10)
rlm_sql (sql): Closing connection (11), from 7 unused connections
rlm_sql_mysql: Socket destructor called, closing socket
(3) [sql] = ok
(3) [pap] = updated
(3) } # authorize = updated
(3) Found Auth-Type = PAP
(3) # Executing group from file /usr/local/etc/raddb/sites-enabled/default
(3) Auth-Type PAP {
(3) pap: Login attempt with password
(3) pap: Comparing with "known-good" Crypt-password
(3) pap: User authenticated successfully
(3) [pap] = ok
(3) } # Auth-Type PAP = ok
(3) # Executing section session from file
/usr/local/etc/raddb/sites-enabled/default
(3) session {
(3) sql: EXPAND %{User-Name}
(3) sql: --> teste-sql
(3) sql: SQL-User-Name set to 'teste-sql'
(3) sql: EXPAND SELECT COUNT(*) FROM radacct WHERE username =
'%{SQL-User-Name}' AND acctstoptime IS NULL
(3) sql: --> SELECT COUNT(*) FROM radacct WHERE username = 'teste-sql'
AND acctstoptime IS NULL
rlm_sql (sql): Reserved connection (12)
(3) sql: Executing select query: SELECT COUNT(*) FROM radacct WHERE
username = 'teste-sql' AND acctstoptime IS NULL
rlm_sql (sql): Released connection (12)
(3) [sql] = ok
(3) } # session = ok
(3) Login OK: [teste-sql] (from client CSC-755-rt-01 port 15728648 cli
E4:8D:8C:EC:90:A2)
(3) Sent Access-Accept Id 18 from 172.31.255.188:1812 to 187.19.96.40:36982
length 0
(3) Mikrotik-Rate-Limit = "32k"
(3) Finished request
Waking up in 1.9 seconds.
(4) Received Accounting-Request Id 19 from 187.19.96.40:39970 to
172.31.255.188:1813 length 158
(4) Service-Type = Framed-User
(4) Framed-Protocol = PPP
(4) NAS-Port = 15728648
(4) NAS-Port-Type = Ethernet
(4) User-Name = "teste-sql"
(4) Calling-Station-Id = "E4:8D:8C:EC:90:A2"
(4) Called-Station-Id = "CSC-755-rt-01"
(4) NAS-Port-Id = "vlan14"
(4) Acct-Session-Id = "81800003"
(4) Framed-IP-Address = 0.0.0.0
(4) Acct-Authentic = RADIUS
(4) Event-Timestamp = "Oct 18 2016 08:28:53 BRST"
(4) Acct-Status-Type = Start
(4) NAS-Identifier = "CSC-755-rt-01"
(4) Acct-Delay-Time = 0
(4) NAS-IP-Address = 187.19.96.40
(4) # Executing section preacct from file
/usr/local/etc/raddb/sites-enabled/default
(4) preacct {
(4) policy acct_unique {
(4) update request {
(4) Tmp-String-9 := "ai:"
(4) } # update request = noop
(4) if (("%{hex:&Class}" =~ /^%{hex:&Tmp-String-9}/) &&
("%{string:&Class}" =~ /^ai:([0-9a-f]{32})/i)) {
(4) EXPAND %{hex:&Class}
(4) -->
(4) EXPAND ^%{hex:&Tmp-String-9}
(4) --> ^61693a
(4) if (("%{hex:&Class}" =~ /^%{hex:&Tmp-String-9}/) &&
("%{string:&Class}" =~ /^ai:([0-9a-f]{32})/i)) -> FALSE
(4) else {
(4) update request {
(4) EXPAND
%{md5:%{User-Name},%{Acct-Session-ID},%{%{NAS-IPv6-Address}:-%{NAS-IP-Address}},%{NAS-Identifier},%{NAS-Port-ID},%{NAS-Port}}
(4) --> 747ce123cf0bf502dfc1fb210db060a6
(4) &Acct-Unique-Session-Id := 747ce123cf0bf502dfc1fb210db060a6
(4) } # update request = noop
(4) } # else = noop
(4) } # policy acct_unique = noop
(4) } # preacct = noop
(4) # Executing section accounting from file
/usr/local/etc/raddb/sites-enabled/default
(4) accounting {
(4) sql: EXPAND %{tolower:type.%{Acct-Status-Type}.query}
(4) sql: --> type.start.query
(4) sql: Using query template 'query'
rlm_sql (sql): Reserved connection (13)
(4) sql: EXPAND %{User-Name}
(4) sql: --> teste-sql
(4) sql: SQL-User-Name set to 'teste-sql'
(4) sql: EXPAND INSERT INTO radacct (acctsessionid,
acctuniqueid, username, realm,
nasipaddress, nasportid, nasporttype,
acctstarttime, acctupdatetime, acctstoptime,
acctsessiontime, acctauthentic, connectinfo_start,
connectinfo_stop, acctinputoctets, acctoutputoctets,
calledstationid, callingstationid, acctterminatecause,
servicetype, framedprotocol, framedipaddress) VALUES
('%{Acct-Session-Id}', '%{Acct-Unique-Session-Id}', '%{SQL-User-Name}',
'%{Realm}', '%{NAS-IP-Address}', '%{%{NAS-Port-ID}:-%{NAS-Port}}',
'%{NAS-Port-Type}', FROM_UNIXTIME(%{integer:Event-Timestamp}),
FROM_UNIXTIME(%{integer:Event-Timestamp}), NULL, '0', '%{Acct-Authentic}',
'%{Connect-Info}', '', '0', '0', '%{Called-Station-Id}',
'%{Calling-Station-Id}', '', '%{Service-Type}', '%{Framed-Protocol}',
'%{Framed-IP-Address}')
(4) sql: --> INSERT INTO radacct (acctsessionid,
acctuniqueid, username, realm,
nasipaddress, nasportid, nasporttype,
acctstarttime, acctupdatetime, acctstoptime,
acctsessiontime, acctauthentic, connectinfo_start,
connectinfo_stop, acctinputoctets, acctoutputoctets,
calledstationid, callingstationid, acctterminatecause,
servicetype, framedprotocol, framedipaddress) VALUES
('81800003', '747ce123cf0bf502dfc1fb210db060a6', 'teste-sql', '',
'187.19.96.40', 'vlan14', 'Ethernet', FROM_UNIXTIME(1476786533),
FROM_UNIXTIME(1476786533), NULL, '0', 'RADIUS', '', '', '0', '0',
'CSC-755-rt-01', 'E4:8D:8C:EC:90:A2', '', 'Framed-User', 'PPP', '0.0.0.0')
(4) sql: EXPAND /usr/local/var/log/radius/sqllog.sql
(4) sql: --> /usr/local/var/log/radius/sqllog.sql
(4) sql: Executing query: INSERT INTO radacct (acctsessionid,
acctuniqueid, username, realm,
nasipaddress, nasportid, nasporttype, acctstarttime,
acctupdatetime, acctstoptime, acctsessiontime,
acctauthentic, connectinfo_start, connectinfo_stop,
acctinputoctets, acctoutputoctets, calledstationid,
callingstationid, acctterminatecause, servicetype,
framedprotocol, framedipaddress) VALUES ('81800003',
'747ce123cf0bf502dfc1fb210db060a6', 'teste-sql', '', '187.19.96.40',
'vlan14', 'Ethernet', FROM_UNIXTIME(1476786533), FROM_UNIXTIME(1476786533),
NULL, '0', 'RADIUS', '', '', '0', '0', 'CSC-755-rt-01',
'E4:8D:8C:EC:90:A2', '', 'Framed-User', 'PPP', '0.0.0.0')
(4) sql: SQL query returned: success
(4) sql: 1 record(s) updated
rlm_sql (sql): Released connection (13)
(4) [sql] = ok
(4) attr_filter.accounting_response: EXPAND %{User-Name}
(4) attr_filter.accounting_response: --> teste-sql
(4) attr_filter.accounting_response: Matched entry DEFAULT at line 12
(4) [attr_filter.accounting_response] = updated
(4) } # accounting = updated
(4) Sent Accounting-Response Id 19 from 172.31.255.188:1813 to
187.19.96.40:39970 length 0
(4) Finished request
(4) Cleaning up request packet ID 19 with timestamp +56
Waking up in 1.9 seconds.
(3) Cleaning up request packet ID 18 with timestamp +56
Ready to process requests
(5) Received Accounting-Request Id 19 from 187.19.96.40:1073 to
172.31.255.188:1813 length 158
(5) Service-Type = Framed-User
(5) Framed-Protocol = PPP
(5) NAS-Port = 15728648
(5) NAS-Port-Type = Ethernet
(5) User-Name = "teste-sql"
(5) Calling-Station-Id = "E4:8D:8C:EC:90:A2"
(5) Called-Station-Id = "CSC-755-rt-01"
(5) NAS-Port-Id = "vlan14"
(5) Acct-Session-Id = "81800003"
(5) Framed-IP-Address = 0.0.0.0
(5) Acct-Authentic = RADIUS
(5) Event-Timestamp = "Oct 18 2016 08:28:53 BRST"
(5) Acct-Status-Type = Start
(5) NAS-Identifier = "CSC-755-rt-01"
(5) Acct-Delay-Time = 3
(5) NAS-IP-Address = 187.19.96.40
(5) # Executing section preacct from file
/usr/local/etc/raddb/sites-enabled/default
(5) preacct {
(5) policy acct_unique {
(5) update request {
(5) Tmp-String-9 := "ai:"
(5) } # update request = noop
(5) if (("%{hex:&Class}" =~ /^%{hex:&Tmp-String-9}/) &&
("%{string:&Class}" =~ /^ai:([0-9a-f]{32})/i)) {
(5) EXPAND %{hex:&Class}
(5) -->
(5) EXPAND ^%{hex:&Tmp-String-9}
(5) --> ^61693a
(5) if (("%{hex:&Class}" =~ /^%{hex:&Tmp-String-9}/) &&
("%{string:&Class}" =~ /^ai:([0-9a-f]{32})/i)) -> FALSE
(5) else {
(5) update request {
(5) EXPAND
%{md5:%{User-Name},%{Acct-Session-ID},%{%{NAS-IPv6-Address}:-%{NAS-IP-Address}},%{NAS-Identifier},%{NAS-Port-ID},%{NAS-Port}}
(5) --> 747ce123cf0bf502dfc1fb210db060a6
(5) &Acct-Unique-Session-Id := 747ce123cf0bf502dfc1fb210db060a6
(5) } # update request = noop
(5) } # else = noop
(5) } # policy acct_unique = noop
(5) } # preacct = noop
(5) # Executing section accounting from file
/usr/local/etc/raddb/sites-enabled/default
(5) accounting {
(5) sql: EXPAND %{tolower:type.%{Acct-Status-Type}.query}
(5) sql: --> type.start.query
(5) sql: Using query template 'query'
rlm_sql (sql): Reserved connection (14)
(5) sql: EXPAND %{User-Name}
(5) sql: --> teste-sql
(5) sql: SQL-User-Name set to 'teste-sql'
(5) sql: EXPAND INSERT INTO radacct (acctsessionid,
acctuniqueid, username, realm,
nasipaddress, nasportid, nasporttype,
acctstarttime, acctupdatetime, acctstoptime,
acctsessiontime, acctauthentic, connectinfo_start,
connectinfo_stop, acctinputoctets, acctoutputoctets,
calledstationid, callingstationid, acctterminatecause,
servicetype, framedprotocol, framedipaddress) VALUES
('%{Acct-Session-Id}', '%{Acct-Unique-Session-Id}', '%{SQL-User-Name}',
'%{Realm}', '%{NAS-IP-Address}', '%{%{NAS-Port-ID}:-%{NAS-Port}}',
'%{NAS-Port-Type}', FROM_UNIXTIME(%{integer:Event-Timestamp}),
FROM_UNIXTIME(%{integer:Event-Timestamp}), NULL, '0', '%{Acct-Authentic}',
'%{Connect-Info}', '', '0', '0', '%{Called-Station-Id}',
'%{Calling-Station-Id}', '', '%{Service-Type}', '%{Framed-Protocol}',
'%{Framed-IP-Address}')
(5) sql: --> INSERT INTO radacct (acctsessionid,
acctuniqueid, username, realm,
nasipaddress, nasportid, nasporttype,
acctstarttime, acctupdatetime, acctstoptime,
acctsessiontime, acctauthentic, connectinfo_start,
connectinfo_stop, acctinputoctets, acctoutputoctets,
calledstationid, callingstationid, acctterminatecause,
servicetype, framedprotocol, framedipaddress) VALUES
('81800003', '747ce123cf0bf502dfc1fb210db060a6', 'teste-sql', '',
'187.19.96.40', 'vlan14', 'Ethernet', FROM_UNIXTIME(1476786533),
FROM_UNIXTIME(1476786533), NULL, '0', 'RADIUS', '', '', '0', '0',
'CSC-755-rt-01', 'E4:8D:8C:EC:90:A2', '', 'Framed-User', 'PPP', '0.0.0.0')
(5) sql: EXPAND /usr/local/var/log/radius/sqllog.sql
(5) sql: --> /usr/local/var/log/radius/sqllog.sql
(5) sql: Executing query: INSERT INTO radacct (acctsessionid,
acctuniqueid, username, realm,
nasipaddress, nasportid, nasporttype, acctstarttime,
acctupdatetime, acctstoptime, acctsessiontime,
acctauthentic, connectinfo_start, connectinfo_stop,
acctinputoctets, acctoutputoctets, calledstationid,
callingstationid, acctterminatecause, servicetype,
framedprotocol, framedipaddress) VALUES ('81800003',
'747ce123cf0bf502dfc1fb210db060a6', 'teste-sql', '', '187.19.96.40',
'vlan14', 'Ethernet', FROM_UNIXTIME(1476786533), FROM_UNIXTIME(1476786533),
NULL, '0', 'RADIUS', '', '', '0', '0', 'CSC-755-rt-01',
'E4:8D:8C:EC:90:A2', '', 'Framed-User', 'PPP', '0.0.0.0')
(5) sql: rlm_sql_mysql: ERROR 1062 (Duplicate entry
'747ce123cf0bf502dfc1fb210db060a6' for key 'acctuniqueid'): 23000
(5) sql: SQL query returned: need alt query
(5) sql: Trying next query...
(5) sql: EXPAND UPDATE radacct SET acctstarttime =
FROM_UNIXTIME(%{integer:Event-Timestamp}), acctupdatetime =
FROM_UNIXTIME(%{integer:Event-Timestamp}), connectinfo_start =
'%{Connect-Info}' WHERE AcctUniqueId = '%{Acct-Unique-Session-Id}'
(5) sql: --> UPDATE radacct SET acctstarttime =
FROM_UNIXTIME(1476786533), acctupdatetime = FROM_UNIXTIME(1476786533),
connectinfo_start = '' WHERE AcctUniqueId =
'747ce123cf0bf502dfc1fb210db060a6'
(5) sql: EXPAND /usr/local/var/log/radius/sqllog.sql
(5) sql: --> /usr/local/var/log/radius/sqllog.sql
(5) sql: Executing query: UPDATE radacct SET acctstarttime =
FROM_UNIXTIME(1476786533), acctupdatetime = FROM_UNIXTIME(1476786533),
connectinfo_start = '' WHERE AcctUniqueId =
'747ce123cf0bf502dfc1fb210db060a6'
rlm_sql_mysql: Rows matched: 1 Changed: 0 Warnings: 0
(5) sql: SQL query returned: success
(5) sql: 1 record(s) updated
rlm_sql (sql): Released connection (14)
rlm_sql (sql): Closing connection (15), from 6 unused connections
rlm_sql_mysql: Socket destructor called, closing socket
(5) [sql] = ok
(5) attr_filter.accounting_response: EXPAND %{User-Name}
(5) attr_filter.accounting_response: --> teste-sql
(5) attr_filter.accounting_response: Matched entry DEFAULT at line 12
(5) [attr_filter.accounting_response] = updated
(5) } # accounting = updated
(5) Sent Accounting-Response Id 19 from 172.31.255.188:1813 to
187.19.96.40:1073 length 0
(5) Finished request
(5) Cleaning up request packet ID 19 with timestamp +59
Ready to process requests
(6) Received Accounting-Request Id 20 from 187.19.96.40:35154 to
172.31.255.188:1813 length 206
(6) Service-Type = Framed-User
(6) Framed-Protocol = PPP
(6) NAS-Port = 15728648
(6) NAS-Port-Type = Ethernet
(6) User-Name = "teste-sql"
(6) Calling-Station-Id = "E4:8D:8C:EC:90:A2"
(6) Called-Station-Id = "CSC-755-rt-01"
(6) NAS-Port-Id = "vlan14"
(6) Acct-Session-Id = "81800003"
(6) Framed-IP-Address = 0.0.0.0
(6) Acct-Authentic = RADIUS
(6) Event-Timestamp = "Oct 18 2016 08:29:07 BRST"
(6) Acct-Session-Time = 14
(6) Acct-Input-Octets = 65
(6) Acct-Input-Gigawords = 0
(6) Acct-Input-Packets = 6
(6) Acct-Output-Octets = 50
(6) Acct-Output-Gigawords = 0
(6) Acct-Output-Packets = 7
(6) Acct-Status-Type = Stop
(6) Acct-Terminate-Cause = User-Request
(6) NAS-Identifier = "CSC-755-rt-01"
(6) Acct-Delay-Time = 0
(6) NAS-IP-Address = 187.19.96.40
(6) # Executing section preacct from file
/usr/local/etc/raddb/sites-enabled/default
(6) preacct {
(6) policy acct_unique {
(6) update request {
(6) Tmp-String-9 := "ai:"
(6) } # update request = noop
(6) if (("%{hex:&Class}" =~ /^%{hex:&Tmp-String-9}/) &&
("%{string:&Class}" =~ /^ai:([0-9a-f]{32})/i)) {
(6) EXPAND %{hex:&Class}
(6) -->
(6) EXPAND ^%{hex:&Tmp-String-9}
(6) --> ^61693a
(6) if (("%{hex:&Class}" =~ /^%{hex:&Tmp-String-9}/) &&
("%{string:&Class}" =~ /^ai:([0-9a-f]{32})/i)) -> FALSE
(6) else {
(6) update request {
(6) EXPAND
%{md5:%{User-Name},%{Acct-Session-ID},%{%{NAS-IPv6-Address}:-%{NAS-IP-Address}},%{NAS-Identifier},%{NAS-Port-ID},%{NAS-Port}}
(6) --> 747ce123cf0bf502dfc1fb210db060a6
(6) &Acct-Unique-Session-Id := 747ce123cf0bf502dfc1fb210db060a6
(6) } # update request = noop
(6) } # else = noop
(6) } # policy acct_unique = noop
(6) } # preacct = noop
(6) # Executing section accounting from file
/usr/local/etc/raddb/sites-enabled/default
(6) accounting {
(6) sql: EXPAND %{tolower:type.%{Acct-Status-Type}.query}
(6) sql: --> type.stop.query
(6) sql: Using query template 'query'
rlm_sql (sql): Closing connection (16): Hit idle_timeout, was idle for 70
seconds
rlm_sql_mysql: Socket destructor called, closing socket
rlm_sql (sql): Closing connection (17): Hit idle_timeout, was idle for 70
seconds
rlm_sql_mysql: Socket destructor called, closing socket
rlm_sql (sql): Closing connection (18): Hit idle_timeout, was idle for 70
seconds
rlm_sql_mysql: Socket destructor called, closing socket
rlm_sql (sql): Closing connection (19): Hit idle_timeout, was idle for 70
seconds
rlm_sql_mysql: Socket destructor called, closing socket
rlm_sql (sql): Closing connection (20): Hit idle_timeout, was idle for 70
seconds
rlm_sql_mysql: Socket destructor called, closing socket
rlm_sql (sql): Closing connection (21): Hit idle_timeout, was idle for 70
seconds
rlm_sql_mysql: Socket destructor called, closing socket
rlm_sql (sql): Closing connection (22): Hit idle_timeout, was idle for 70
seconds
rlm_sql_mysql: Socket destructor called, closing socket
rlm_sql (sql): Closing connection (23): Hit idle_timeout, was idle for 70
seconds
rlm_sql_mysql: Socket destructor called, closing socket
rlm_sql (sql): Closing connection (24): Hit idle_timeout, was idle for 70
seconds
rlm_sql_mysql: Socket destructor called, closing socket
rlm_sql (sql): Closing connection (25): Hit idle_timeout, was idle for 70
seconds
rlm_sql_mysql: Socket destructor called, closing socket
rlm_sql (sql): Closing connection (26): Hit idle_timeout, was idle for 70
seconds
rlm_sql_mysql: Socket destructor called, closing socket
rlm_sql (sql): Closing connection (27): Hit idle_timeout, was idle for 70
seconds
rlm_sql_mysql: Socket destructor called, closing socket
rlm_sql (sql): Closing connection (28): Hit idle_timeout, was idle for 70
seconds
rlm_sql_mysql: Socket destructor called, closing socket
rlm_sql (sql): Closing connection (29): Hit idle_timeout, was idle for 70
seconds
rlm_sql_mysql: Socket destructor called, closing socket
rlm_sql (sql): Closing connection (0): Hit idle_timeout, was idle for 70
seconds
rlm_sql_mysql: Socket destructor called, closing socket
rlm_sql (sql): Reserved connection (1)
(6) sql: EXPAND %{User-Name}
(6) sql: --> teste-sql
(6) sql: SQL-User-Name set to 'teste-sql'
(6) sql: EXPAND UPDATE radacct SET acctstoptime =
FROM_UNIXTIME(%{integer:Event-Timestamp}), acctsessiontime =
%{%{Acct-Session-Time}:-NULL}, acctinputoctets =
'%{%{Acct-Input-Gigawords}:-0}' << 32 | '%{%{Acct-Input-Octets}:-0}',
acctoutputoctets = '%{%{Acct-Output-Gigawords}:-0}' << 32 |
'%{%{Acct-Output-Octets}:-0}', acctterminatecause =
'%{Acct-Terminate-Cause}', connectinfo_stop = '%{Connect-Info}' WHERE
AcctUniqueId = '%{Acct-Unique-Session-Id}'
(6) sql: --> UPDATE radacct SET acctstoptime =
FROM_UNIXTIME(1476786547), acctsessiontime = 14, acctinputoctets = '0'
<< 32 | '65', acctoutputoctets = '0' << 32 | '50', acctterminatecause =
'User-Request', connectinfo_stop = '' WHERE AcctUniqueId =
'747ce123cf0bf502dfc1fb210db060a6'
(6) sql: EXPAND /usr/local/var/log/radius/sqllog.sql
(6) sql: --> /usr/local/var/log/radius/sqllog.sql
(6) sql: Executing query: UPDATE radacct SET acctstoptime =
FROM_UNIXTIME(1476786547), acctsessiontime = 14, acctinputoctets = '0'
<< 32 | '65', acctoutputoctets = '0' << 32 | '50', acctterminatecause =
'User-Request', connectinfo_stop = '' WHERE AcctUniqueId =
'747ce123cf0bf502dfc1fb210db060a6'
rlm_sql_mysql: Rows matched: 1 Changed: 1 Warnings: 0
(6) sql: SQL query returned: success
(6) sql: 1 record(s) updated
rlm_sql (sql): Released connection (1)
(6) [sql] = ok
(6) attr_filter.accounting_response: EXPAND %{User-Name}
(6) attr_filter.accounting_response: --> teste-sql
(6) attr_filter.accounting_response: Matched entry DEFAULT at line 12
(6) [attr_filter.accounting_response] = updated
(6) } # accounting = updated
(6) Sent Accounting-Response Id 20 from 172.31.255.188:1813 to
187.19.96.40:35154 length 0
(6) Finished request
(6) Cleaning up request packet ID 20 with timestamp +70
Ready to process requests
(7) Received Accounting-Request Id 20 from 187.19.96.40:35154 to
172.31.255.188:1813 length 206
(7) Service-Type = Framed-User
(7) Framed-Protocol = PPP
(7) NAS-Port = 15728648
(7) NAS-Port-Type = Ethernet
(7) User-Name = "teste-sql"
(7) Calling-Station-Id = "E4:8D:8C:EC:90:A2"
(7) Called-Station-Id = "CSC-755-rt-01"
(7) NAS-Port-Id = "vlan14"
(7) Acct-Session-Id = "81800003"
(7) Framed-IP-Address = 0.0.0.0
(7) Acct-Authentic = RADIUS
(7) Event-Timestamp = "Oct 18 2016 08:29:07 BRST"
(7) Acct-Session-Time = 14
(7) Acct-Input-Octets = 65
(7) Acct-Input-Gigawords = 0
(7) Acct-Input-Packets = 6
(7) Acct-Output-Octets = 50
(7) Acct-Output-Gigawords = 0
(7) Acct-Output-Packets = 7
(7) Acct-Status-Type = Stop
(7) Acct-Terminate-Cause = User-Request
(7) NAS-Identifier = "CSC-755-rt-01"
(7) Acct-Delay-Time = 3
(7) NAS-IP-Address = 187.19.96.40
(7) # Executing section preacct from file
/usr/local/etc/raddb/sites-enabled/default
(7) preacct {
(7) policy acct_unique {
(7) update request {
(7) Tmp-String-9 := "ai:"
(7) } # update request = noop
(7) if (("%{hex:&Class}" =~ /^%{hex:&Tmp-String-9}/) &&
("%{string:&Class}" =~ /^ai:([0-9a-f]{32})/i)) {
(7) EXPAND %{hex:&Class}
(7) -->
(7) EXPAND ^%{hex:&Tmp-String-9}
(7) --> ^61693a
(7) if (("%{hex:&Class}" =~ /^%{hex:&Tmp-String-9}/) &&
("%{string:&Class}" =~ /^ai:([0-9a-f]{32})/i)) -> FALSE
(7) else {
(7) update request {
(7) EXPAND
%{md5:%{User-Name},%{Acct-Session-ID},%{%{NAS-IPv6-Address}:-%{NAS-IP-Address}},%{NAS-Identifier},%{NAS-Port-ID},%{NAS-Port}}
(7) --> 747ce123cf0bf502dfc1fb210db060a6
(7) &Acct-Unique-Session-Id := 747ce123cf0bf502dfc1fb210db060a6
(7) } # update request = noop
(7) } # else = noop
(7) } # policy acct_unique = noop
(7) } # preacct = noop
(7) # Executing section accounting from file
/usr/local/etc/raddb/sites-enabled/default
(7) accounting {
(7) sql: EXPAND %{tolower:type.%{Acct-Status-Type}.query}
(7) sql: --> type.stop.query
(7) sql: Using query template 'query'
rlm_sql (sql): Reserved connection (3)
(7) sql: EXPAND %{User-Name}
(7) sql: --> teste-sql
(7) sql: SQL-User-Name set to 'teste-sql'
(7) sql: EXPAND UPDATE radacct SET acctstoptime =
FROM_UNIXTIME(%{integer:Event-Timestamp}), acctsessiontime =
%{%{Acct-Session-Time}:-NULL}, acctinputoctets =
'%{%{Acct-Input-Gigawords}:-0}' << 32 | '%{%{Acct-Input-Octets}:-0}',
acctoutputoctets = '%{%{Acct-Output-Gigawords}:-0}' << 32 |
'%{%{Acct-Output-Octets}:-0}', acctterminatecause =
'%{Acct-Terminate-Cause}', connectinfo_stop = '%{Connect-Info}' WHERE
AcctUniqueId = '%{Acct-Unique-Session-Id}'
(7) sql: --> UPDATE radacct SET acctstoptime =
FROM_UNIXTIME(1476786547), acctsessiontime = 14, acctinputoctets = '0'
<< 32 | '65', acctoutputoctets = '0' << 32 | '50', acctterminatecause =
'User-Request', connectinfo_stop = '' WHERE AcctUniqueId =
'747ce123cf0bf502dfc1fb210db060a6'
(7) sql: EXPAND /usr/local/var/log/radius/sqllog.sql
(7) sql: --> /usr/local/var/log/radius/sqllog.sql
(7) sql: Executing query: UPDATE radacct SET acctstoptime =
FROM_UNIXTIME(1476786547), acctsessiontime = 14, acctinputoctets = '0'
<< 32 | '65', acctoutputoctets = '0' << 32 | '50', acctterminatecause =
'User-Request', connectinfo_stop = '' WHERE AcctUniqueId =
'747ce123cf0bf502dfc1fb210db060a6'
rlm_sql_mysql: Rows matched: 1 Changed: 0 Warnings: 0
(7) sql: SQL query returned: success
(7) sql: 1 record(s) updated
rlm_sql (sql): Released connection (3)
(7) [sql] = ok
(7) attr_filter.accounting_response: EXPAND %{User-Name}
(7) attr_filter.accounting_response: --> teste-sql
(7) attr_filter.accounting_response: Matched entry DEFAULT at line 12
(7) [attr_filter.accounting_response] = updated
(7) } # accounting = updated
(7) Sent Accounting-Response Id 20 from 172.31.255.188:1813 to
187.19.96.40:35154 length 0
(7) Finished request
(7) Cleaning up request packet ID 20 with timestamp +73
Ready to process requests
(8) Received Accounting-Request Id 20 from 187.19.96.40:35154 to
172.31.255.188:1813 length 206
(8) Service-Type = Framed-User
(8) Framed-Protocol = PPP
(8) NAS-Port = 15728648
(8) NAS-Port-Type = Ethernet
(8) User-Name = "teste-sql"
(8) Calling-Station-Id = "E4:8D:8C:EC:90:A2"
(8) Called-Station-Id = "CSC-755-rt-01"
(8) NAS-Port-Id = "vlan14"
(8) Acct-Session-Id = "81800003"
(8) Framed-IP-Address = 0.0.0.0
(8) Acct-Authentic = RADIUS
(8) Event-Timestamp = "Oct 18 2016 08:29:07 BRST"
(8) Acct-Session-Time = 14
(8) Acct-Input-Octets = 65
(8) Acct-Input-Gigawords = 0
(8) Acct-Input-Packets = 6
(8) Acct-Output-Octets = 50
(8) Acct-Output-Gigawords = 0
(8) Acct-Output-Packets = 7
(8) Acct-Status-Type = Stop
(8) Acct-Terminate-Cause = User-Request
(8) NAS-Identifier = "CSC-755-rt-01"
(8) Acct-Delay-Time = 6
(8) NAS-IP-Address = 187.19.96.40
(8) # Executing section preacct from file
/usr/local/etc/raddb/sites-enabled/default
(8) preacct {
(8) policy acct_unique {
(8) update request {
(8) Tmp-String-9 := "ai:"
(8) } # update request = noop
(8) if (("%{hex:&Class}" =~ /^%{hex:&Tmp-String-9}/) &&
("%{string:&Class}" =~ /^ai:([0-9a-f]{32})/i)) {
(8) EXPAND %{hex:&Class}
(8) -->
(8) EXPAND ^%{hex:&Tmp-String-9}
(8) --> ^61693a
(8) if (("%{hex:&Class}" =~ /^%{hex:&Tmp-String-9}/) &&
("%{string:&Class}" =~ /^ai:([0-9a-f]{32})/i)) -> FALSE
(8) else {
(8) update request {
(8) EXPAND
%{md5:%{User-Name},%{Acct-Session-ID},%{%{NAS-IPv6-Address}:-%{NAS-IP-Address}},%{NAS-Identifier},%{NAS-Port-ID},%{NAS-Port}}
(8) --> 747ce123cf0bf502dfc1fb210db060a6
(8) &Acct-Unique-Session-Id := 747ce123cf0bf502dfc1fb210db060a6
(8) } # update request = noop
(8) } # else = noop
(8) } # policy acct_unique = noop
(8) } # preacct = noop
(8) # Executing section accounting from file
/usr/local/etc/raddb/sites-enabled/default
(8) accounting {
(8) sql: EXPAND %{tolower:type.%{Acct-Status-Type}.query}
(8) sql: --> type.stop.query
(8) sql: Using query template 'query'
rlm_sql (sql): Reserved connection (4)
(8) sql: EXPAND %{User-Name}
(8) sql: --> teste-sql
(8) sql: SQL-User-Name set to 'teste-sql'
(8) sql: EXPAND UPDATE radacct SET acctstoptime =
FROM_UNIXTIME(%{integer:Event-Timestamp}), acctsessiontime =
%{%{Acct-Session-Time}:-NULL}, acctinputoctets =
'%{%{Acct-Input-Gigawords}:-0}' << 32 | '%{%{Acct-Input-Octets}:-0}',
acctoutputoctets = '%{%{Acct-Output-Gigawords}:-0}' << 32 |
'%{%{Acct-Output-Octets}:-0}', acctterminatecause =
'%{Acct-Terminate-Cause}', connectinfo_stop = '%{Connect-Info}' WHERE
AcctUniqueId = '%{Acct-Unique-Session-Id}'
(8) sql: --> UPDATE radacct SET acctstoptime =
FROM_UNIXTIME(1476786547), acctsessiontime = 14, acctinputoctets = '0'
<< 32 | '65', acctoutputoctets = '0' << 32 | '50', acctterminatecause =
'User-Request', connectinfo_stop = '' WHERE AcctUniqueId =
'747ce123cf0bf502dfc1fb210db060a6'
(8) sql: EXPAND /usr/local/var/log/radius/sqllog.sql
(8) sql: --> /usr/local/var/log/radius/sqllog.sql
(8) sql: Executing query: UPDATE radacct SET acctstoptime =
FROM_UNIXTIME(1476786547), acctsessiontime = 14, acctinputoctets = '0'
<< 32 | '65', acctoutputoctets = '0' << 32 | '50', acctterminatecause =
'User-Request', connectinfo_stop = '' WHERE AcctUniqueId =
'747ce123cf0bf502dfc1fb210db060a6'
rlm_sql_mysql: Rows matched: 1 Changed: 0 Warnings: 0
(8) sql: SQL query returned: success
(8) sql: 1 record(s) updated
rlm_sql (sql): Released connection (4)
(8) [sql] = ok
(8) attr_filter.accounting_response: EXPAND %{User-Name}
(8) attr_filter.accounting_response: --> teste-sql
(8) attr_filter.accounting_response: Matched entry DEFAULT at line 12
(8) [attr_filter.accounting_response] = updated
(8) } # accounting = updated
(8) Sent Accounting-Response Id 20 from 172.31.255.188:1813 to
187.19.96.40:35154 length 0
(8) Finished request
(8) Cleaning up request packet ID 20 with timestamp +76
Ready to process requests
This is just one connection running and I saw that 0, 1, 2 and 3 are all
Access-Request:
(0) Received Access-Request Id 17 from 187.19.96.40:35728 to
172.31.255.188:1812 length 136
(0) Login OK: [teste-sql] (from client CSC-755-rt-01 port 15728647 cli
E4:8D:8C:EC:90:A2)
(1) Received Access-Request Id 17 from 187.19.96.40:35728 to
172.31.255.188:1812 length 136
(1) Login OK: [teste-sql] (from client CSC-755-rt-01 port 15728647 cli
E4:8D:8C:EC:90:A2)
(2) Received Access-Request Id 17 from 187.19.96.40:35728 to
172.31.255.188:1812 length 136
(2) Login OK: [teste-sql] (from client CSC-755-rt-01 port 15728647 cli
E4:8D:8C:EC:90:A2)
(3) Received Access-Request Id 18 from 187.19.96.40:36982 to
172.31.255.188:1812 length 136
(3) Login OK: [teste-sql] (from client CSC-755-rt-01 port 15728648 cli
E4:8D:8C:EC:90:A2)
But for some reasons I can't find the only Accounting-Request is made to
connection number 3 (NAS-Port = 15728648):
(4) Received Accounting-Request Id 19 from 187.19.96.40:39970 to
172.31.255.188:1813 length 158
(4) Service-Type = Framed-User
(4) Framed-Protocol = PPP
(4) NAS-Port = 15728648
(4) NAS-Port-Type = Ethernet
(4) User-Name = "teste-sql"
(4) Calling-Station-Id = "E4:8D:8C:EC:90:A2"
(4) Called-Station-Id = "CSC-755-rt-01"
(4) NAS-Port-Id = "vlan14"
(4) Acct-Session-Id = "81800003"
(4) Framed-IP-Address = 0.0.0.0
(4) Acct-Authentic = RADIUS
(4) Event-Timestamp = "Oct 18 2016 08:28:53 BRST"
(4) Acct-Status-Type = Start
(4) NAS-Identifier = "CSC-755-rt-01"
(4) Acct-Delay-Time = 0
(4) NAS-IP-Address = 187.19.96.40
Them, again I have a repeated Accounting-Request that I can't explain on
number 5:
(5) Received Accounting-Request Id 19 from 187.19.96.40:1073 to
172.31.255.188:1813 length 158
(5) Service-Type = Framed-User
(5) Framed-Protocol = PPP
(5) NAS-Port = 15728648
(5) NAS-Port-Type = Ethernet
(5) User-Name = "teste-sql"
(5) Calling-Station-Id = "E4:8D:8C:EC:90:A2"
(5) Called-Station-Id = "CSC-755-rt-01"
(5) NAS-Port-Id = "vlan14"
(5) Acct-Session-Id = "81800003"
(5) Framed-IP-Address = 0.0.0.0
(5) Acct-Authentic = RADIUS
(5) Event-Timestamp = "Oct 18 2016 08:28:53 BRST"
(5) Acct-Status-Type = Start
(5) NAS-Identifier = "CSC-755-rt-01"
(5) Acct-Delay-Time = 3
(5) NAS-IP-Address = 187.19.96.40
the Acct-Delay-Time is set to 3 (seconds) which is the exact time set to
PPPoE NAS Server as a Radius Timeout:
[admin@CSC-755-rt-01] > radius print detail
Flags: X - disabled
0 service=ppp called-id="" domain="" address=172.31.255.188
secret="testing123"
authentication-port=1812 accounting-port=1813 timeout=3s
accounting-backup=no realm=""
src-address=187.19.96.40
Then the Radius register an Accounting-Request as stop when I stop the test
connection:
(6) Received Accounting-Request Id 20 from 187.19.96.40:35154 to
172.31.255.188:1813 length 206
(6) Service-Type = Framed-User
(6) Framed-Protocol = PPP
(6) NAS-Port = 15728648
(6) NAS-Port-Type = Ethernet
(6) User-Name = "teste-sql"
(6) Calling-Station-Id = "E4:8D:8C:EC:90:A2"
(6) Called-Station-Id = "CSC-755-rt-01"
(6) NAS-Port-Id = "vlan14"
(6) Acct-Session-Id = "81800003"
(6) Framed-IP-Address = 0.0.0.0
(6) Acct-Authentic = RADIUS
(6) Event-Timestamp = "Oct 18 2016 08:29:07 BRST"
(6) Acct-Session-Time = 14
(6) Acct-Input-Octets = 65
(6) Acct-Input-Gigawords = 0
(6) Acct-Input-Packets = 6
(6) Acct-Output-Octets = 50
(6) Acct-Output-Gigawords = 0
(6) Acct-Output-Packets = 7
(6) Acct-Status-Type = Stop
(6) Acct-Terminate-Cause = User-Request
(6) NAS-Identifier = "CSC-755-rt-01"
(6) Acct-Delay-Time = 0
(6) NAS-IP-Address = 187.19.96.40
And again, exact 3 seconds later, a new request as number 7:
(7) Received Accounting-Request Id 20 from 187.19.96.40:35154 to
172.31.255.188:1813 length 206
(7) Service-Type = Framed-User
(7) Framed-Protocol = PPP
(7) NAS-Port = 15728648
(7) NAS-Port-Type = Ethernet
(7) User-Name = "teste-sql"
(7) Calling-Station-Id = "E4:8D:8C:EC:90:A2"
(7) Called-Station-Id = "CSC-755-rt-01"
(7) NAS-Port-Id = "vlan14"
(7) Acct-Session-Id = "81800003"
(7) Framed-IP-Address = 0.0.0.0
(7) Acct-Authentic = RADIUS
(7) Event-Timestamp = "Oct 18 2016 08:29:07 BRST"
(7) Acct-Session-Time = 14
(7) Acct-Input-Octets = 65
(7) Acct-Input-Gigawords = 0
(7) Acct-Input-Packets = 6
(7) Acct-Output-Octets = 50
(7) Acct-Output-Gigawords = 0
(7) Acct-Output-Packets = 7
(7) Acct-Status-Type = Stop
(7) Acct-Terminate-Cause = User-Request
(7) NAS-Identifier = "CSC-755-rt-01"
(7) Acct-Delay-Time = 3
(7) NAS-IP-Address = 187.19.96.40
And in this I have a third try with 6 seconds as request 8:
(8) Received Accounting-Request Id 20 from 187.19.96.40:35154 to
172.31.255.188:1813 length 206
(8) Service-Type = Framed-User
(8) Framed-Protocol = PPP
(8) NAS-Port = 15728648
(8) NAS-Port-Type = Ethernet
(8) User-Name = "teste-sql"
(8) Calling-Station-Id = "E4:8D:8C:EC:90:A2"
(8) Called-Station-Id = "CSC-755-rt-01"
(8) NAS-Port-Id = "vlan14"
(8) Acct-Session-Id = "81800003"
(8) Framed-IP-Address = 0.0.0.0
(8) Acct-Authentic = RADIUS
(8) Event-Timestamp = "Oct 18 2016 08:29:07 BRST"
(8) Acct-Session-Time = 14
(8) Acct-Input-Octets = 65
(8) Acct-Input-Gigawords = 0
(8) Acct-Input-Packets = 6
(8) Acct-Output-Octets = 50
(8) Acct-Output-Gigawords = 0
(8) Acct-Output-Packets = 7
(8) Acct-Status-Type = Stop
(8) Acct-Terminate-Cause = User-Request
(8) NAS-Identifier = "CSC-755-rt-01"
(8) Acct-Delay-Time = 6
(8) NAS-IP-Address = 187.19.96.40
I know there is something I am missing in FreeRadius but I am not being
able to find out what. I hope someone can help me something I didn't see.
The NAS configuration is the same I use on older FreeRadius version (and
it's working fine).
Atenciosamente,
*Nataniel Klug* | nataniel.klug(a)gmail.com
2
2
Hi Folks,
Is anybody succeessfully getting statistics from a 'status' type port
using v3.1.x? It works as expected with 3.0.x, but with 3.1 I only get
a plain 'Access-Accept'
-=-
$ echo "Message-Authenticator = 0x00, FreeRADIUS-Statistics-Type = 3" |
radclient -x localhost:18121 status adminsecret
Sent Status-Server Id 101 from 0.0.0.0:44494 to 127.0.0.1:18121 length 50
Message-Authenticator = 0x00
FreeRADIUS-Statistics-Type = Auth-Acct
Received Access-Accept Id 101 from 127.0.0.1:18121 to 0.0.0.0:0 via lo
length 20
-=-
The only change to the stock config is linking sites-available/status
into sites-enabled:
-=-
[...]
server status { # from file /usr/local/etc/raddb/sites-enabled/status
} # server status
radiusd: #### Opening IP addresses and Ports ####
Listening on auth address * port 1812 bound to server default
Listening on acct address * port 1813 bound to server default
Listening on auth address :: port 1812 bound to server default
Listening on acct address :: port 1813 bound to server default
Listening on auth address 127.0.0.1 port 18120 bound to server inner-tunnel
Listening on status address 127.0.0.1 port 18121 bound to server status
Listening on proxy address * port 60122
Listening on proxy address :: port 59166
Ready to process requests
(1) Received Status-Server Id 101 from 127.0.0.1:44494 to
127.0.0.1:18121 via lo length 50
(1) Message-Authenticator = 0xc7dc212dc934b93eba6845d5ca0d9594
(1) FreeRADIUS-Statistics-Type = Auth-Acct
(1) Running Autz-Type Status-Server from file
/usr/local/etc/raddb/sites-enabled/status
(1) Autz-Type Status-Server {
(1) ok (ok)
(1) } # Autz-Type Status-Server (ok)
(1) Processing SNMP stats request
(1) Sent Access-Accept Id 101 from 127.0.0.1:18121 to 127.0.0.1:44494
via lo length 0
(1) Finished request
Waking up in 4.9 seconds.
(1) Cleaning up request packet ID 101 with timestamp +10
Ready to process requests
-=-
ta,
Graham
2
1
Graham -
In response to: "Is anybody succeessfully getting statistics from a 'status' type port
using v3.1.x? It works as expected with 3.0.x, but with 3.1 I only get
a plain 'Access-Accept'"
Interesting. I am seeing this issue with 3.0.11. I used to get statistics just fine
when running version 2. After upgrading to 3.0.11 I noticed I only receive
an Access-Accept. I just hadn't had time to look into it any further. Were
you using 3.0.11 when you received statistics or something prior to 3.0.11?
Doug Wussler
Florida State University.
________________________________
From: Freeradius-Users <freeradius-users-bounces+doug.wussler=fsu.edu(a)lists.freeradius.org> on behalf of freeradius-users-request(a)lists.freeradius.org <freeradius-users-request(a)lists.freeradius.org>
Sent: Tuesday, October 18, 2016 6:00 AM
To: freeradius-users(a)lists.freeradius.org
Subject: Freeradius-Users Digest, Vol 138, Issue 39
Send Freeradius-Users mailing list submissions to
freeradius-users(a)lists.freeradius.org
To subscribe or unsubscribe via the World Wide Web, visit
http://lists.freeradius.org/mailman/listinfo/freeradius-users
or, via email, send a message with subject or body 'help' to
freeradius-users-request(a)lists.freeradius.org
You can reach the person managing the list at
freeradius-users-owner(a)lists.freeradius.org
When replying, please edit your Subject line so it is more specific
than "Re: Contents of Freeradius-Users digest..."
Today's Topics:
1. Re: Linelog & radmin (Peter Balsianok)
2. Re: Linelog & radmin (Alan DeKok)
3. Re: Use of buffered-sql for logging auth data to db (Alan DeKok)
4. Re: split_username_nai clobbering user-name? (Alan DeKok)
5. Re: EAP-TTLS not working (Marlen Caemmerer)
6. No statistics being returned with 3.1.x status site
(Graham Clinch)
----------------------------------------------------------------------
Message: 1
Date: Mon, 17 Oct 2016 19:33:06 +0200
From: Peter Balsianok <balsianok.peter(a)gmail.com>
To: FreeRadius users mailing list
<freeradius-users(a)lists.freeradius.org>
Subject: Re: Linelog & radmin
Message-ID:
<CANNcOyyTGGkdE=Os=_Hm4hMxXYHi895nq367Wj3TF2F6kPzXqw(a)mail.gmail.com>
Content-Type: text/plain; charset=UTF-8
Well, i need to have the content of REQUEST,CONTROL & REPLY for solving
customer trouble tickets. I want to have it on the same place as main log.
I see benefit to have HUPing in the rad_linelog (e.g. log rotation). At
this moment i have only one options, after log rotation i have to restart
whole server.
Linelog configuration:
linelog log_request {
filename = ${log.file}
format = "%t : Info: REQUEST(%{User-Name}): %{pairs:request:}"
}
linelog log_control {
filename = ${log.file}
format = "%t : Info: CONTROL(%{User-Name}): %{pairs:control:}"
}
linelog log_proxy_request {
filename = ${log.file}
format = "%t : Info: PROXY-REQUEST(%{User-Name}): %{pairs:proxy-request:}"
}
linelog log_reply {
filename = ${log.file}
format = "%t : Info REPLY(%{User-Name}): %{pairs:reply:}"
}
linelog log_proxy_reply {
filename = ${log.file}
format = "%t : Info PROXY-REPLY(%{User-Name}):
Packet-Type=%{proxy-reply:Packet-Type} %{pairs:proxy-reply:}"
}
On Mon, Oct 17, 2016 at 5:36 PM, Alan DeKok <aland(a)deployingradius.com>
wrote:
> On Oct 17, 2016, at 4:29 AM, Peter Balsianok <balsianok.peter(a)gmail.com>
> wrote:
> >
> > Hi,
> >
> > When i use radmin ... -e 'hup main.log', linelog (log_request,
> log_control
> > & log_reply) will not write information into main.log. Why ?
>
> linelog doesn't write messages to the main log. You can configure it to
> write to the same *filename*. But that's different.
>
> And if you HUP the main log, you didn't HUP linelog, and so it doesn't
> change.
>
> Perhaps you could explain how you've configured linelog, and why you
> expect that HUPing the main log will also cause linelog to get HUP'd, too.
>
> Alan DeKok.
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/
> list/users.html
------------------------------
Message: 2
Date: Mon, 17 Oct 2016 14:52:27 -0400
From: Alan DeKok <aland(a)deployingradius.com>
To: FreeRadius users mailing list
<freeradius-users(a)lists.freeradius.org>
Subject: Re: Linelog & radmin
Message-ID: <7A5E56C8-FF2C-451E-B5A1-642839579F66(a)deployingradius.com>
Content-Type: text/plain; charset=us-ascii
On Oct 17, 2016, at 1:33 PM, Peter Balsianok <balsianok.peter(a)gmail.com> wrote:
>
> Well, i need to have the content of REQUEST,CONTROL & REPLY for solving
> customer trouble tickets. I want to have it on the same place as main log.
Why does it need to be the same place as the main log? It shouldn't matter that much.
> I see benefit to have HUPing in the rad_linelog (e.g. log rotation). At
> this moment i have only one options, after log rotation i have to restart
> whole server.
You can HUP main.log, and then HUP each linelog module individually. Some messages may go to the old file, but it should generally work.
Or, send a patch which has the linelog module do logging via the main log API. The problem will then go away.
Alan DeKok.
------------------------------
Message: 3
Date: Mon, 17 Oct 2016 14:53:34 -0400
From: Alan DeKok <aland(a)deployingradius.com>
To: FreeRadius users mailing list
<freeradius-users(a)lists.freeradius.org>
Subject: Re: Use of buffered-sql for logging auth data to db
Message-ID: <28744D61-135B-443F-B2F6-D9A4B262F4D3(a)deployingradius.com>
Content-Type: text/plain; charset=us-ascii
On Oct 17, 2016, at 11:46 AM, Alex Sharaz <alex.sharaz(a)york.ac.uk> wrote:
>
> Question - can you use the FR 3.0.x control interface to get some form of
> status of any db pools being used, or even any errors generated when
> writing to a DB ?
radmin> help
Will print out all of the commands that are available.
> Failing that, guess I could grep radius.log looking for specific text
> strings relating to
> Error: rlm_sql (sql): Last connection attempt failed, waiting 30 seconds
> before retrying
Yes.
We're looking at fixing this all for 4.0... but that may require some re-design.
Alan DeKok.
------------------------------
Message: 4
Date: Mon, 17 Oct 2016 15:49:21 -0400
From: Alan DeKok <aland(a)deployingradius.com>
To: FreeRadius users mailing list
<freeradius-users(a)lists.freeradius.org>
Subject: Re: split_username_nai clobbering user-name?
Message-ID: <2ECCFC3A-BBEC-444A-AC65-1891D0F227CD(a)deployingradius.com>
Content-Type: text/plain; charset=us-ascii
On Oct 17, 2016, at 11:53 AM, Adam Bishop <Adam.Bishop(a)jisc.ac.uk> wrote:
>
> Hopefully the final issue I have porting this config!
>
> I'm using the suffix module for proxying, and the split_username_nai policy.
>
> If I put suffix before split, everything is fine. If I put split before suffix, proxying breaks because the suffix module seems to use Stripped-User-Name.
Yes. That's by design, unfortunately. It's so you can have multiple prefixes / suffixes, and have the modules just do the right thing.
> For my configuration, I don't think it matters which order I call the module and the policy in, but I'm surprised by the behaviour - I can't see the policy updating the User-Name entry.
It updates the Stripped-User-Name. Which is the default user name for suffix, LDAP lookups, etc.
You can just write some "unlang" yourself to re-implement the "suffix" module.
Alan DeKok.
------------------------------
Message: 5
Date: Mon, 17 Oct 2016 22:39:08 +0200
From: Marlen Caemmerer <caemmerer(a)ash-berlin.eu>
To: FreeRadius users mailing list
<freeradius-users(a)lists.freeradius.org>
Subject: Re: EAP-TTLS not working
Message-ID: <1a2fabbd2a396bd2885b9bf4ccc36107(a)ash-berlin.eu>
Content-Type: text/plain; charset=UTF-8
Am 2016-10-17 15:57, schrieb Alan DeKok:
>> On Oct 17, 2016, at 9:35 AM, Marlen Caemmerer <caemmerer(a)ash-berlin.eu> wrote:
>>
>> This is the debug output of a client that connected.
>
> There's no final Access-Accept in the debug output.
>
> And if you're debugging issues with clients not connecting, you need to show the debug output for a client which doesn't connect.
Sorry for not being precise. I wanted to write you have the output of
the regarding Mac client that cannot connect.
Windows 8/10 are working fine, though.
Mit freundlichen Grüßen
Marlen Caemmerer
--
************************************************
Alice Salomon Hochschule
Computerzentrum
Marlen Caemmerer
Alice-Salomon-Platz 5
12627 Berlin
Email: caemmerer(a)ash-berlin.eu
************************************************
------------------------------
Message: 6
Date: Mon, 17 Oct 2016 23:20:14 +0100
From: Graham Clinch <g.clinch(a)lancaster.ac.uk>
To: FreeRadius users mailing list
<freeradius-users(a)lists.freeradius.org>
Subject: No statistics being returned with 3.1.x status site
Message-ID: <edc4177a-7e7b-2eb5-62d9-8fc6afc8c1a3(a)lancaster.ac.uk>
Content-Type: text/plain; charset=utf-8; format=flowed
Hi Folks,
Is anybody succeessfully getting statistics from a 'status' type port
using v3.1.x? It works as expected with 3.0.x, but with 3.1 I only get
a plain 'Access-Accept'
-=-
$ echo "Message-Authenticator = 0x00, FreeRADIUS-Statistics-Type = 3" |
radclient -x localhost:18121 status adminsecret
Sent Status-Server Id 101 from 0.0.0.0:44494 to 127.0.0.1:18121 length 50
Message-Authenticator = 0x00
FreeRADIUS-Statistics-Type = Auth-Acct
Received Access-Accept Id 101 from 127.0.0.1:18121 to 0.0.0.0:0 via lo
length 20
-=-
The only change to the stock config is linking sites-available/status
into sites-enabled:
-=-
[...]
server status { # from file /usr/local/etc/raddb/sites-enabled/status
} # server status
radiusd: #### Opening IP addresses and Ports ####
Listening on auth address * port 1812 bound to server default
Listening on acct address * port 1813 bound to server default
Listening on auth address :: port 1812 bound to server default
Listening on acct address :: port 1813 bound to server default
Listening on auth address 127.0.0.1 port 18120 bound to server inner-tunnel
Listening on status address 127.0.0.1 port 18121 bound to server status
Listening on proxy address * port 60122
Listening on proxy address :: port 59166
Ready to process requests
(1) Received Status-Server Id 101 from 127.0.0.1:44494 to
127.0.0.1:18121 via lo length 50
(1) Message-Authenticator = 0xc7dc212dc934b93eba6845d5ca0d9594
(1) FreeRADIUS-Statistics-Type = Auth-Acct
(1) Running Autz-Type Status-Server from file
/usr/local/etc/raddb/sites-enabled/status
(1) Autz-Type Status-Server {
(1) ok (ok)
(1) } # Autz-Type Status-Server (ok)
(1) Processing SNMP stats request
(1) Sent Access-Accept Id 101 from 127.0.0.1:18121 to 127.0.0.1:44494
via lo length 0
(1) Finished request
Waking up in 4.9 seconds.
(1) Cleaning up request packet ID 101 with timestamp +10
Ready to process requests
-=-
ta,
Graham
------------------------------
Subject: Digest Footer
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
FreeRADIUS -- users' list info<http://www.freeradius.org/list/users.html>
www.freeradius.org
Users' List Information. The freeradius-users mailing list is for users of the FreeRADIUS server not Cistron's server! There are a few house-rules to which we'd like ...
------------------------------
End of Freeradius-Users Digest, Vol 138, Issue 39
*************************************************
2
1
Any plans to offer the intermediate class that's described on the network
radius website in the near future?
Dustin
Yelladogenterprises(a)gmail.com
1
0
Hopefully the final issue I have porting this config!
I'm using the suffix module for proxying, and the split_username_nai policy.
If I put suffix before split, everything is fine. If I put split before suffix, proxying breaks because the suffix module seems to use Stripped-User-Name.
For my configuration, I don't think it matters which order I call the module and the policy in, but I'm surprised by the behaviour - I can't see the policy updating the User-Name entry.
Failure:
(58) policy split_username_nai {
(58) if (&User-Name && (&User-Name =~ /^([^@]*)(@([-[:alnum:]]+\.[-[:alnum:].]+))?$/)) {
No matches
Adding 4 matches
(58) if (&User-Name && (&User-Name =~ /^([^@]*)(@([-[:alnum:]]+\.[-[:alnum:].]+))?$/)) -> TRUE
(58) if (&User-Name && (&User-Name =~ /^([^@]*)(@([-[:alnum:]]+\.[-[:alnum:].]+))?$/)) {
(58) update request {
(58) 1/4 Found: anonymous (10)
(58) EXPAND %{1}
(58) --> anonymous
(58) &Stripped-User-Name := anonymous
(58) 3/4 Found: dev.ja.net (11)
(58) EXPAND %{3}
(58) --> dev.ja.net
(58) &Stripped-User-Domain = dev.ja.net
(58) } # update request = noop
(58) modsingle[authorize]: calling updated (rlm_always)
(58) modsingle[authorize]: returned from updated (rlm_always)
(58) [updated] = updated
(58) } # if (&User-Name && (&User-Name =~ /^([^@]*)(@([-[:alnum:]]+\.[-[:alnum:].]+))?$/)) = updated
(58) ... skipping else: Preceding "if" was taken
(58) } # policy split_username_nai = updated
(58) modsingle[authorize]: calling suffix (rlm_realm)
(58) suffix: Checking for suffix after "@"
(58) suffix: No '@' in User-Name = "anonymous", looking up realm NULL
(58) suffix: No trust router configured, skipping dynamic realm lookup
(58) suffix: No such realm "NULL"
(58) modsingle[authorize]: returned from suffix (rlm_realm)
(58) [suffix] = noop
Success:
(58) modsingle[authorize]: calling suffix (rlm_realm)
(58) suffix: Checking for suffix after "@"
(58) suffix: Looking up realm "dev.ja.net" for User-Name = "anonymous(a)dev.ja.net"
(58) suffix: No trust router configured, skipping dynamic realm lookup
(58) suffix: No such realm "dev.ja.net"
(58) modsingle[authorize]: returned from suffix (rlm_realm)
(58) [suffix] = noop
(58) policy split_username_nai {
(58) if (&User-Name && (&User-Name =~ /^([^@]*)(@([-[:alnum:]]+\.[-[:alnum:].]+))?$/)) {
No matches
Adding 4 matches
(58) if (&User-Name && (&User-Name =~ /^([^@]*)(@([-[:alnum:]]+\.[-[:alnum:].]+))?$/)) -> TRUE
(58) if (&User-Name && (&User-Name =~ /^([^@]*)(@([-[:alnum:]]+\.[-[:alnum:].]+))?$/)) {
(58) update request {
(58) 1/4 Found: anonymous (10)
(58) EXPAND %{1}
(58) --> anonymous
(58) &Stripped-User-Name := anonymous
(58) 3/4 Found: dev.ja.net (11)
(58) EXPAND %{3}
(58) --> dev.ja.net
(58) &Stripped-User-Domain = dev.ja.net
(58) } # update request = noop
(58) modsingle[authorize]: calling updated (rlm_always)
(58) modsingle[authorize]: returned from updated (rlm_always)
(58) [updated] = updated
(58) } # if (&User-Name && (&User-Name =~ /^([^@]*)(@([-[:alnum:]]+\.[-[:alnum:].]+))?$/)) = updated
(58) ... skipping else: Preceding "if" was taken
(58) } # policy split_username_nai = updated
Regards,
Adam Bishop
gpg: E75B 1F92 6407 DFDF 9F1C BF10 C993 2504 6609 D460
jisc.ac.uk
Jisc is a registered charity (number 1149740) and a company limited by guarantee which is registered in England under Company No. 5747339, VAT No. GB 197 0632 86. Jisc’s registered office is: One Castlepark, Tower Hill, Bristol, BS2 0JA. T 0203 697 5800.
Jisc Services Limited is a wholly owned Jisc subsidiary and a company limited by guarantee which is registered in England under company number 2881024, VAT number GB 197 0632 86. The registered office is: One Castle Park, Tower Hill, Bristol BS2 0JA. T 0203 697 5800.
2
2
FR 3.0.12
Is the use of the buffered-sql virtual host just for processing accounting
data ?
What about radpostauth data ?
Just set up the buffered-sql config and I can see that a file called
detail.work has been created .... with Accounting packets in it. Is this
file supposed to change size as records get processed?
currently just using a file called detail and not detail-<timestamp .....>
A
3
6
Hi,
When i use radmin ... -e 'hup main.log', linelog (log_request, log_control
& log_reply) will not write information into main.log. Why ?
Before calling radmin (main.log):
Mon Oct 17 10:13:15 2016 : Info: REQUEST(stefan.kudacek(a)orangenet.sk):
User-Name = "stefan.kudacek(a)orangenet.sk", User-Password = "???",
Service-Type = Framed-User, Framed-Protocol = PPP, NAS-Identifier =
"N-101-BA-BAS-10", NAS-Port = 83951616, NAS-Real-Port = 1358957324,
NAS-Port-Type = Virtual, NAS-Port-Id = "5/1 vlan-id 2828 pppoe 13058",
Medium-Type = DSL, Mac-Addr = "e8-94-f6-c3-ea-70", Platform-Type = 6,
OS-Version = "12.1.1.10p1", Agent-Circuit-Id =
0x4d4154555f433532382d323223313132353539303236232061746d20322f35343a312e3332,
ADSL-Agent-Circuit-Id =
0x4d4154555f433532382d323223313132353539303236232061746d20322f35343a312e3332,
Event-Timestamp = "Oct 17 2016 10:13:15 CEST", NAS-IP-Address =
213.151.237.216, Huntgroup-Name = "BRAS"
Mon Oct 17 10:13:15 2016 : Info REPLY(stefan.kudacek(a)orangenet.sk):
Framed-Protocol = PPP, Context-Name = "INET", Qos-Policing-Profile-Name =
"in1024K", Qos-Policy-Queuing = "pwfq8192K", Subscriber-Profile-Name =
"IPv6_SUBS", Service-Type = Framed-User, Class = 0x30333133393232333937,
Bind-Int-Interface-Name = "Virtual-Template6", Qos-Metering-Profile-Name =
"down8192K"
Mon Oct 17 10:13:15 2016 : Auth: (0) Login OK: [
stefan.kudacek(a)orangenet.sk/???] (from client BRAS1(Massmarket) port
83951616)
After calling radmin (main.log):
Mon Oct 17 10:17:35 2016 : Auth: (10) Login OK: [
stefan.kudacek(a)orangenet.sk/???] (from client BRAS1(Massmarket) port
83941716)
Debug output:
Server was built with:
accounting : yes
authentication : yes
ascend-binary-attributes : yes
coa : yes
control-socket : yes
detail : yes
dhcp : yes
dynamic-clients : yes
osfc2 : no
proxy : yes
regex-pcre : no
regex-posix : yes
regex-posix-extended : yes
session-management : yes
stats : yes
tcp : yes
threads : yes
tls : yes
unlang : yes
vmps : yes
developer : yes
Server core libs:
freeradius-server : 3.0.11
talloc : 2.0.*
ssl : 0.9.8b release
Endianness:
little
Compilation flags:
cppflags :
cflags : -I/home/radiusd/freeradius-server-3.0.11
-I/home/radiusd/freeradius-server-3.0.11/src -include
/home/radiusd/freeradius-server-3.0.11/src/freeradius-devel/autoconf.h
-include
/home/radiusd/freeradius-server-3.0.11/src/freeradius-devel/build.h
-include
/home/radiusd/freeradius-server-3.0.11/src/freeradius-devel/features.h
-include
/home/radiusd/freeradius-server-3.0.11/src/freeradius-devel/radpaths.h
-fno-strict-aliasing -g3 -Wall -std=c99 -D_GNU_SOURCE -D_REENTRANT
-D_POSIX_PTHREAD_SEMANTICS -DOPENSSL_NO_KRB5 -Wshadow -Wpointer-arith
-Wcast-qual -Wcast-align -Wwrite-strings -Wstrict-prototypes
-Wmissing-prototypes -Wmissing-declarations -Wnested-externs -W
-Wredundant-decls -Wundef -Wformat-y2k -Wno-format-extra-args
-Wno-format-zero-length -Wno-cast-align -Wformat-nonliteral
-Wformat-security -Wformat=2 -DWITH_VERIFY_PTR=1 -DIS_MODULE=1
ldflags :
libs : -lcrypto -lssl -ltalloc -lnsl -lresolv -ldl -lpthread
Copyright (C) 1999-2016 The FreeRADIUS server project and contributors
There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A
PARTICULAR PURPOSE
You may redistribute copies of FreeRADIUS under the terms of the
GNU General Public License
For more information about these matters, see the file named COPYRIGHT
Starting - reading configuration files ...
including dictionary file
/app/radius/freeradius-3.0.11/share/freeradius/dictionary
including dictionary file
/app/radius/freeradius-3.0.11/share/freeradius/dictionary.dhcp
including dictionary file
/app/radius/freeradius-3.0.11/share/freeradius/dictionary.vqp
including dictionary file /app/radius/conf/dsl-massmarket/dictionary
including configuration file /app/radius/conf/dsl-massmarket/radiusd.conf
including configuration file /app/radius/conf/dsl-massmarket/templates.conf
including configuration file /app/radius/conf/dsl-massmarket/clients.conf
including files in directory /app/radius/conf/dsl-massmarket/mods-enabled/
including configuration file
/app/radius/conf/dsl-massmarket/mods-enabled/unpack
including configuration file
/app/radius/conf/dsl-massmarket/mods-enabled/files
including configuration file
/app/radius/conf/dsl-massmarket/mods-enabled/expr
including configuration file
/app/radius/conf/dsl-massmarket/mods-enabled/preprocess
including configuration file
/app/radius/conf/dsl-massmarket/mods-enabled/chap
including configuration file
/app/radius/conf/dsl-massmarket/mods-enabled/attr_filter
including configuration file
/app/radius/conf/dsl-massmarket/mods-enabled/always
including configuration file
/app/radius/conf/dsl-massmarket/mods-enabled/linelog
including configuration file
/app/radius/conf/dsl-massmarket/mods-enabled/perl
including configuration file
/app/radius/conf/dsl-massmarket/mods-enabled/realm
including configuration file
/app/radius/conf/dsl-massmarket/mods-enabled/pap
including files in directory /app/radius/conf/dsl-massmarket/policy-enabled/
including configuration file
/app/radius/conf/dsl-massmarket/policy-enabled/bras
including configuration file
/app/radius/conf/dsl-massmarket/policy-enabled/accounting
including configuration file
/app/radius/conf/dsl-massmarket/policy-enabled/huntgroup
including configuration file
/app/radius/conf/dsl-massmarket/policy-enabled/lns
including configuration file
/app/radius/conf/dsl-massmarket/policy-enabled/username
including configuration file
/app/radius/conf/dsl-massmarket/policy-enabled/nas
including files in directory /app/radius/conf/dsl-massmarket/sites-enabled/
including configuration file
/app/radius/conf/dsl-massmarket/sites-enabled/control-socket
including configuration file
/app/radius/conf/dsl-massmarket/sites-enabled/default
main {
name = "dsl-massmarket"
prefix = "/app/radius/freeradius-v3"
localstatedir = "/app_log/radius/dsl-massmarket/"
sbindir = "/app/radius/freeradius-v3/sbin"
logdir = "/app_log/radius/dsl-massmarket/"
run_dir = "/app_log/radius/dsl-massmarket/"
libdir = "/app/radius/freeradius-v3/lib"
radacctdir = "/app_log/radius/dsl-massmarket//radacct"
panic_action = "gdb -silent -x
/app/radius/conf/dsl-massmarket/panic.gdb %e %p 2>&1 | tee
/app_log/radius/dsl-massmarket//gdb-dsl-massmarket-%p.log"
hostname_lookups = no
max_request_time = 5
cleanup_delay = 2
max_requests = 25600
pidfile = "/app_log/radius/dsl-massmarket//radius.pid"
checkrad = "/app/radius/freeradius-v3/sbin/checkrad"
debug_level = 0
proxy_requests = no
log {
stripped_names = no
auth = yes
auth_badpass = yes
auth_goodpass = yes
colourise = yes
msg_denied = "You are already logged in - access denied"
}
resources {
}
security {
max_attributes = 200
reject_delay = 0.000000
status_server = yes
allow_vulnerable_openssl = "yes"
}
}
radiusd: #### Loading Realms and Home Servers ####
radiusd: #### Loading Clients ####
client localhost {
ipaddr = 127.0.0.1
require_message_authenticator = no
secret = <<< secret >>>
nas_type = "other"
proto = "*"
limit {
max_connections = 16
lifetime = 0
idle_timeout = 30
}
}
client BRAS1(Massmarket) {
ipv4addr =
require_message_authenticator = no
secret = <<< secret >>>
limit {
max_connections = 16
lifetime = 0
idle_timeout = 30
}
}
client BRAS2(Massmarket) {
ipv4addr =
require_message_authenticator = no
secret = <<< secret >>>
limit {
max_connections = 16
lifetime = 0
idle_timeout = 30
}
}
client BRAS3(Massmarket) {
ipv4addr =
require_message_authenticator = no
secret = <<< secret >>>
limit {
max_connections = 16
lifetime = 0
idle_timeout = 30
}
}
client BRAS1(B2B) {
ipv4addr =
require_message_authenticator = no
secret = <<< secret >>>
limit {
max_connections = 16
lifetime = 0
idle_timeout = 30
}
}
client BRAS2(B2B) {
ipv4addr =
require_message_authenticator = no
secret = <<< secret >>>
limit {
max_connections = 16
lifetime = 0
idle_timeout = 30
}
}
Debugger not attached
# Creating Auth-Type = PAP
# Creating Auth-Type = CHAP
radiusd: #### Instantiating modules ####
modules {
# Loaded module rlm_unpack
# Loading module "unpack" from file
/app/radius/conf/dsl-massmarket/mods-enabled/unpack
# Loaded module rlm_files
# Loading module "files" from file
/app/radius/conf/dsl-massmarket/mods-enabled/files
files {
filename =
"/app/radius/conf/dsl-massmarket/mods-config/files/authorize"
usersfile =
"/app/radius/conf/dsl-massmarket/mods-config/files/authorize"
acctusersfile =
"/app/radius/conf/dsl-massmarket/mods-config/files/accounting"
preproxy_usersfile =
"/app/radius/conf/dsl-massmarket/mods-config/files/pre-proxy"
}
# Loaded module rlm_expr
# Loading module "expr" from file
/app/radius/conf/dsl-massmarket/mods-enabled/expr
expr {
safe_characters =
"@abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789.-_:
/äéöüàâæçèéêëîïôœùûüaÿÄÉÖÜßÀÂÆÇÈÉÊËÎÏÔŒÙÛÜŸ"
}
# Loaded module rlm_preprocess
# Loading module "preprocess" from file
/app/radius/conf/dsl-massmarket/mods-enabled/preprocess
preprocess {
with_ascend_hack = no
ascend_channels_per_line = 23
with_ntdomain_hack = no
with_specialix_jetstream_hack = no
with_cisco_vsa_hack = no
with_alvarion_vsa_hack = no
}
# Loaded module rlm_chap
# Loading module "chap" from file
/app/radius/conf/dsl-massmarket/mods-enabled/chap
# Loaded module rlm_attr_filter
# Loading module "attr_filter.post-proxy" from file
/app/radius/conf/dsl-massmarket/mods-enabled/attr_filter
attr_filter attr_filter.post-proxy {
filename =
"/app/radius/conf/dsl-massmarket/mods-config/attr_filter/post-proxy"
key = "%{Realm}"
relaxed = no
}
# Loading module "attr_filter.pre-proxy" from file
/app/radius/conf/dsl-massmarket/mods-enabled/attr_filter
attr_filter attr_filter.pre-proxy {
filename =
"/app/radius/conf/dsl-massmarket/mods-config/attr_filter/pre-proxy"
key = "%{Realm}"
relaxed = no
}
# Loading module "attr_filter.access_reject" from file
/app/radius/conf/dsl-massmarket/mods-enabled/attr_filter
attr_filter attr_filter.access_reject {
filename =
"/app/radius/conf/dsl-massmarket/mods-config/attr_filter/access_reject"
key = "%{User-Name}"
relaxed = no
}
# Loading module "attr_filter.access_challenge" from file
/app/radius/conf/dsl-massmarket/mods-enabled/attr_filter
attr_filter attr_filter.access_challenge {
filename =
"/app/radius/conf/dsl-massmarket/mods-config/attr_filter/access_challenge"
key = "%{User-Name}"
relaxed = no
}
# Loading module "attr_filter.accounting_response" from file
/app/radius/conf/dsl-massmarket/mods-enabled/attr_filter
attr_filter attr_filter.accounting_response {
filename =
"/app/radius/conf/dsl-massmarket/mods-config/attr_filter/accounting_response"
key = "%{User-Name}"
relaxed = no
}
# Loaded module rlm_always
# Loading module "reject" from file
/app/radius/conf/dsl-massmarket/mods-enabled/always
always reject {
rcode = "reject"
simulcount = 0
mpp = no
}
# Loading module "fail" from file
/app/radius/conf/dsl-massmarket/mods-enabled/always
always fail {
rcode = "fail"
simulcount = 0
mpp = no
}
# Loading module "ok" from file
/app/radius/conf/dsl-massmarket/mods-enabled/always
always ok {
rcode = "ok"
simulcount = 0
mpp = no
}
# Loading module "handled" from file
/app/radius/conf/dsl-massmarket/mods-enabled/always
always handled {
rcode = "handled"
simulcount = 0
mpp = no
}
# Loading module "invalid" from file
/app/radius/conf/dsl-massmarket/mods-enabled/always
always invalid {
rcode = "invalid"
simulcount = 0
mpp = no
}
# Loading module "userlock" from file
/app/radius/conf/dsl-massmarket/mods-enabled/always
always userlock {
rcode = "userlock"
simulcount = 0
mpp = no
}
# Loading module "notfound" from file
/app/radius/conf/dsl-massmarket/mods-enabled/always
always notfound {
rcode = "notfound"
simulcount = 0
mpp = no
}
# Loading module "noop" from file
/app/radius/conf/dsl-massmarket/mods-enabled/always
always noop {
rcode = "noop"
simulcount = 0
mpp = no
}
# Loading module "updated" from file
/app/radius/conf/dsl-massmarket/mods-enabled/always
always updated {
rcode = "updated"
simulcount = 0
mpp = no
}
# Loaded module rlm_linelog
# Loading module "log_request" from file
/app/radius/conf/dsl-massmarket/mods-enabled/linelog
linelog log_request {
filename = "/app_log/radius/dsl-massmarket/log.gen"
escape_filenames = no
syslog_severity = "info"
permissions = 384
format = "%t : Info: REQUEST(%{User-Name}): %{pairs:request:}"
}
# Loading module "log_control" from file
/app/radius/conf/dsl-massmarket/mods-enabled/linelog
linelog log_control {
filename = "/app_log/radius/dsl-massmarket/log.gen"
escape_filenames = no
syslog_severity = "info"
permissions = 384
format = "%t : Info: CONTROL(%{User-Name}): %{pairs:control:}"
}
# Loading module "log_proxy_request" from file
/app/radius/conf/dsl-massmarket/mods-enabled/linelog
linelog log_proxy_request {
filename = "/app_log/radius/dsl-massmarket/log.gen"
escape_filenames = no
syslog_severity = "info"
permissions = 384
format = "%t : Info: PROXY-REQUEST(%{User-Name}):
%{pairs:proxy-request:}"
}
# Loading module "log_reply" from file
/app/radius/conf/dsl-massmarket/mods-enabled/linelog
linelog log_reply {
filename = "/app_log/radius/dsl-massmarket/log.gen"
escape_filenames = no
syslog_severity = "info"
permissions = 384
format = "%t : Info REPLY(%{User-Name}): %{pairs:reply:}"
}
# Loading module "log_proxy_reply" from file
/app/radius/conf/dsl-massmarket/mods-enabled/linelog
linelog log_proxy_reply {
filename = "/app_log/radius/dsl-massmarket/log.gen"
escape_filenames = no
syslog_severity = "info"
permissions = 384
format = "%t : Info PROXY-REPLY(%{User-Name}):
Packet-Type=%{proxy-reply:Packet-Type} %{pairs:proxy-reply:}"
}
# Loaded module rlm_perl
# Loading module "perl" from file
/app/radius/conf/dsl-massmarket/mods-enabled/perl
perl {
filename = "/app/radius/conf/dsl-massmarket/mods-config/perl/radius.pm
"
func_authorize = "authorize"
func_authenticate = "authenticate"
func_post_auth = "post_auth"
func_accounting = "accounting"
func_preacct = "preacct"
func_checksimul = "checksimul"
func_detach = "detach"
func_xlat = "xlat"
func_pre_proxy = "pre_proxy"
func_post_proxy = "post_proxy"
func_recv_coa = "recv_coa"
func_send_coa = "send_coa"
}
# Loaded module rlm_realm
# Loading module "suffix" from file
/app/radius/conf/dsl-massmarket/mods-enabled/realm
realm suffix {
format = "suffix"
delimiter = "@"
ignore_default = no
ignore_null = no
}
# Loaded module rlm_pap
# Loading module "pap" from file
/app/radius/conf/dsl-massmarket/mods-enabled/pap
pap {
normalise = yes
}
instantiate {
# Instantiating module "perl" from file
/app/radius/conf/dsl-massmarket/mods-enabled/perl
config {
logdir = /app_log/radius/dsl-massmarket/
confdir = /app/radius/conf/dsl-massmarket/
name = dsl-massmarket
}
rlm_perl: Special Loading groups ...
rlm_perl: Special Info: Cannot stat cache file: No such file or directory
}
# Instantiating module "files" from file
/app/radius/conf/dsl-massmarket/mods-enabled/files
reading pairlist file
/app/radius/conf/dsl-massmarket/mods-config/files/authorize
reading pairlist file
/app/radius/conf/dsl-massmarket/mods-config/files/authorize
reading pairlist file
/app/radius/conf/dsl-massmarket/mods-config/files/accounting
reading pairlist file
/app/radius/conf/dsl-massmarket/mods-config/files/pre-proxy
# Instantiating module "preprocess" from file
/app/radius/conf/dsl-massmarket/mods-enabled/preprocess
# Instantiating module "attr_filter.post-proxy" from file
/app/radius/conf/dsl-massmarket/mods-enabled/attr_filter
reading pairlist file
/app/radius/conf/dsl-massmarket/mods-config/attr_filter/post-proxy
# Instantiating module "attr_filter.pre-proxy" from file
/app/radius/conf/dsl-massmarket/mods-enabled/attr_filter
reading pairlist file
/app/radius/conf/dsl-massmarket/mods-config/attr_filter/pre-proxy
# Instantiating module "attr_filter.access_reject" from file
/app/radius/conf/dsl-massmarket/mods-enabled/attr_filter
reading pairlist file
/app/radius/conf/dsl-massmarket/mods-config/attr_filter/access_reject
# Instantiating module "attr_filter.access_challenge" from file
/app/radius/conf/dsl-massmarket/mods-enabled/attr_filter
reading pairlist file
/app/radius/conf/dsl-massmarket/mods-config/attr_filter/access_challenge
# Instantiating module "attr_filter.accounting_response" from file
/app/radius/conf/dsl-massmarket/mods-enabled/attr_filter
reading pairlist file
/app/radius/conf/dsl-massmarket/mods-config/attr_filter/accounting_response
# Instantiating module "reject" from file
/app/radius/conf/dsl-massmarket/mods-enabled/always
# Instantiating module "fail" from file
/app/radius/conf/dsl-massmarket/mods-enabled/always
# Instantiating module "ok" from file
/app/radius/conf/dsl-massmarket/mods-enabled/always
# Instantiating module "handled" from file
/app/radius/conf/dsl-massmarket/mods-enabled/always
# Instantiating module "invalid" from file
/app/radius/conf/dsl-massmarket/mods-enabled/always
# Instantiating module "userlock" from file
/app/radius/conf/dsl-massmarket/mods-enabled/always
# Instantiating module "notfound" from file
/app/radius/conf/dsl-massmarket/mods-enabled/always
# Instantiating module "noop" from file
/app/radius/conf/dsl-massmarket/mods-enabled/always
# Instantiating module "updated" from file
/app/radius/conf/dsl-massmarket/mods-enabled/always
# Instantiating module "log_request" from file
/app/radius/conf/dsl-massmarket/mods-enabled/linelog
# Instantiating module "log_control" from file
/app/radius/conf/dsl-massmarket/mods-enabled/linelog
# Instantiating module "log_proxy_request" from file
/app/radius/conf/dsl-massmarket/mods-enabled/linelog
# Instantiating module "log_reply" from file
/app/radius/conf/dsl-massmarket/mods-enabled/linelog
# Instantiating module "log_proxy_reply" from file
/app/radius/conf/dsl-massmarket/mods-enabled/linelog
# Instantiating module "suffix" from file
/app/radius/conf/dsl-massmarket/mods-enabled/realm
# Instantiating module "pap" from file
/app/radius/conf/dsl-massmarket/mods-enabled/pap
} # modules
radiusd: #### Loading Virtual Servers ####
server { # from file /app/radius/conf/dsl-massmarket/radiusd.conf
} # server
server default { # from file
/app/radius/conf/dsl-massmarket/sites-enabled/default
# Loading authenticate {...}
# Loading authorize {...}
# Loading post-auth {...}
} # server default
radiusd: #### Opening IP addresses and Ports ####
listen {
type = "control"
listen {
socket = "/app/radius/conf/dsl-massmarket/control.socket"
mode = "rw"
peercred = yes
}
}
listen {
type = "auth"
ipv4addr = *
port = 10812
limit {
max_pps = 0
max_connections = 16
lifetime = 0
idle_timeout = 30
}
}
Listening on command file /app/radius/conf/dsl-massmarket/control.socket
Listening on auth address * port 1812 bound to server default
Ready to process requests
2
3