Freeradius-Users
Threads by month
- ----- 2026 -----
- July
- June
- May
- April
- March
- February
- January
- ----- 2025 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2024 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2023 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2022 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2021 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2020 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2019 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2018 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2017 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2016 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2015 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2014 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2013 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2012 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2011 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2010 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2009 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2008 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2007 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2006 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2005 -----
- December
- November
- October
- September
- August
- July
- June
- May
December 2018
- 41 participants
- 52 discussions
Hi,
I am trying to allocate a string in Cisco-AV Pair and send it as reply
attribute, It works till the length is 247 chars when it becomes 248
nothing is sent back.. and when it is > 248 radius gives malformed packet
error(This is no problem)
But when it is 248 and nothing is sent back. It becomes a big problem as
some security risks arise. Please help
update reply {
Cisco-AVPair = "url-redirect-acl=Web_Auth"
Cisco-AVPair += "%{exec:/bin/cat
/usr/local/etc/raddb/test}"
}
When string length is 248
~ echo 'Service-Type="Call-Check",User-Name="ff:ff:ff:ff:ff:ff"' |
radclient -x 127.0.0.1:1812 auth testing123
Sent Access-Request Id 7 from 0.0.0.0:55619 to 127.0.0.1:1812 length 45
Service-Type = Call-Check
User-Name = "ff:ff:ff:ff:ff:ff"
Received Access-Accept Id 7 from 127.0.0.1:1812 to 0.0.0.0:0 length 53
Cisco-AVPair = "url-redirect-acl=Web_Auth"
~ cat test
url-redirect=
https://abcdef.abc.in:8443/register.php?eu=kMd3HIyURkpxYd%2BxLUCYTG%2B2Oqce…
=======================================================
When string length is <248
~ echo 'Service-Type="Call-Check",User-Name="ff:ff:ff:ff:ff:ff"' |
radclient -x 127.0.0.1:1812 auth testing123
Sent Access-Request Id 224 from 0.0.0.0:41832 to 127.0.0.1:1812 length 45
Service-Type = Call-Check
User-Name = "ff:ff:ff:ff:ff:ff"
Received Access-Accept Id 224 from 127.0.0.1:1812 to 0.0.0.0:0 length 308
Cisco-AVPair = "url-redirect-acl=Web_Auth"
Cisco-AVPair = "url-redirect=
https://abcdef.abc.in:8443/register.php?eu=kMd3HIyURkpxYd%2BxLUCYTG%2B2Oqce…
"
~ cat test
url-redirect=
https://abcdef.abc.in:8443/register.php?eu=kMd3HIyURkpxYd%2BxLUCYTG%2B2Oqce…
Regards,
Mail: 8zero2.in(a)gmail.com
Facebook: www.facebook.com/8zero2
Twitter: @8zero2_in
Blog: blog.8zero2.in
2
4
Hi dear list.
I will migrate an old freeradius server v2.x o the lastest v 3.0.17.
REading the documentation about I see that the file policy.conf that I use
in v2 to rewrite the calledstationid in accounting, in not used in v3.
In old v2, I have this policy:
rewrite.called_station_id {
if((Called-Station-Id) && "%{Called-Station-Id}" =~
/^%{config:policy.mac-addr}(:(.+))?$/i) {
update request {
Called-Station-Id :=
"%{tolower:%{1}%{2}%{3}%{4}%{5}%{6}}"
}
# SSID component?
if ("%{8}") {
update request {
Called-Station-Id :=
"%{Called-Station-Id}"
}
}
updated
}
else {
update request {
Called-Station-Id :=
"%{tolower:%{Called-Station-Id}}"
}
}
}
then I enable it in sites-availables/default:
authorize {
rewrite.called_station_id
rewrite.calling_station_id
...
}
How can I do this in v3.0.x?
Best regards!!
--
*C. Andrés Gómez R.*
2
2
Respected All,
Can i get md5 password from CHAP-Password and CHAP-Challenge in external
php script in freeradius 2.2.6.?
If, Yes than please suggest me the way to get md5 password.
Thank you.
Warm regards
Imdadali Kadiwala
2
1
I come accross a blog
https://frasertweedale.github.io/blog-redhat/posts/2017-08-14-ad-cs.html
which suggests that **In AD CS, the template to use is indicated by an
X.509 extension in the certificate signing request (CSR). The template
specifier can be one of two extensions.**
So if I just run command **make server.csr** and do nothing, the cert
request against windows CA would fail as I met before. Because an X509
extension should be added in CSR.
Something like :
------------------
Attributes:
Requested Extensions:
1.3.6.1.4.1.311.20.2: # Your Cert template OID
.....
-----------------
As it's hard to add this extension, so here is a way to fix the error I met
before.
1. In MS CA, create your server template, duplicate `computer` and name
it as `temp-computer`, please make sure DNS name is unchecked in Subject
Alternative Name of `temp-computer`. As this required FreeRadius is a
member of MS Active directory.
2. change server.cnf and make sever.csr.
3. copy server.csr to MS CA.
4. Run-->cmd, run
----------------
certreq -submit -attrib “CertificateTemplate:temp-computer"
--------------
A window pops up, choose your server.csr file.
5. Done, save your certificate and copy to Freeradius server
/etc/raddb/certs/
--------
An alternative way is copying MS CA to Freeraidus and signing a server
certiificate. I'll skip this one.
Over, good luck.
Hope some could fix the scripts of Makefile, add cert template required by
MS CA. :)
Merry X-mas !!!
1
1
Hi All,
Is there a way to update user's password at the NAS (etc/passwd) if the password is changed at freeRADIUS /etc/freeradius/users file??
In other words, does freeRADIUS server notifies/sends new password to the NAS??
-Deepak Bhagat
2
1
Dear support,
This my log:
# tail -f /var/log/radius/radius.log
Info: Loaded virtual server <default>
Warning: Ignoring "ldap" (see raddb/mods-available/README.rst)
Info: Loaded virtual server default
Info: # Skipping contents of 'if' as it is always 'false' -- /etc/raddb/sites-enabled/inner-tunnel:330
Info: Loaded virtual server inner-tunnel
Info: Ready to process requests
Info: Need 4 more connections to reach 10 spares
Info: rlm_sql (sql): Opening additional connection (6), 1 of 26 pending slots used
ERROR: (0) pam: ERROR: pam_authenticate failed: Authentication failure
Auth: (0) Login incorrect (pam: pam_authenticate failed: Authentication failure): [linux/linux@123]
Best regards,
Debug radius -X
(3) Received Access-Request Id 1 from 172.26.10.34:63261 to 172.24.0.10:1812 length 45
(3) User-Name = "linux"
(3) User-Password = "linux@123"
(3) # Executing section authorize from file /etc/raddb/sites-enabled/default
(3) authorize {
(3) policy filter_username {
(3) if (&User-Name) {
(3) if (&User-Name) -> TRUE
(3) if (&User-Name) {
(3) if (&User-Name =~ / /) {
(3) if (&User-Name =~ / /) -> FALSE
(3) if (&User-Name =~ /@[^@]*@/ ) {
(3) if (&User-Name =~ /@[^@]*@/ ) -> FALSE
(3) if (&User-Name =~ /\.\./ ) {
(3) if (&User-Name =~ /\.\./ ) -> FALSE
(3) if ((&User-Name =~ /@/) && (&User-Name !~ /(a)(.+)\.(.+)$/)) {
(3) if ((&User-Name =~ /@/) && (&User-Name !~ /(a)(.+)\.(.+)$/)) -> FALSE
(3) if (&User-Name =~ /\.$/) {
(3) if (&User-Name =~ /\.$/) -> FALSE
(3) if (&User-Name =~ /(a)\./) {
(3) if (&User-Name =~ /(a)\./) -> FALSE
(3) } # if (&User-Name) = notfound
(3) } # policy filter_username = notfound
(3) [preprocess] = ok
(3) auth_log: EXPAND /var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d
(3) auth_log: --> /var/log/radius/radacct/172.26.10.34/auth-detail-20181221
(3) auth_log: /var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d expands to /var/log/radius/radacct/172.26.10.34/auth-detail-20181221
(3) auth_log: EXPAND %t
(3) auth_log: --> Fri Dec 21 10:56:45 2018
(3) [auth_log] = ok
(3) [chap] = noop
(3) [mschap] = noop
(3) [digest] = noop
(3) suffix: Checking for suffix after "@"
(3) suffix: No '@' in User-Name = "linux", looking up realm NULL
(3) suffix: No such realm "NULL"
(3) [suffix] = noop
(3) eap: No EAP-Message, not doing EAP
(3) [eap] = noop
(3) files: Failed resolving UID: No error
(3) files: users: Matched entry DEFAULT at line 221
(3) [files] = ok
(3) sql: EXPAND %{User-Name}
(3) sql: --> linux
(3) sql: SQL-User-Name set to 'linux'
rlm_sql (sql): Closing connection (1): Hit idle_timeout, was idle for 76 seconds
rlm_sql_mysql: Socket destructor called, closing socket
rlm_sql (sql): Closing connection (6): Hit idle_timeout, was idle for 76 seconds
rlm_sql_mysql: Socket destructor called, closing socket
rlm_sql (sql): Closing connection (2): Hit idle_timeout, was idle for 76 seconds
rlm_sql_mysql: Socket destructor called, closing socket
rlm_sql (sql): Closing connection (3): Hit idle_timeout, was idle for 67 seconds
rlm_sql_mysql: Socket destructor called, closing socket
rlm_sql (sql): Closing connection (7): Hit idle_timeout, was idle for 67 seconds
rlm_sql_mysql: Socket destructor called, closing socket
rlm_sql (sql): Closing connection (4): Hit idle_timeout, was idle for 67 seconds
rlm_sql_mysql: Socket destructor called, closing socket
rlm_sql (sql): Reserved connection (0)
(3) sql: EXPAND SELECT id, username, attribute, value, op FROM radcheck WHERE username = '%{SQL-User-Name}' ORDER BY id
(3) sql: --> SELECT id, username, attribute, value, op FROM radcheck WHERE username = 'linux' ORDER BY id
(3) sql: Executing select query: SELECT id, username, attribute, value, op FROM radcheck WHERE username = 'linux' ORDER BY id
(3) sql: User found in radcheck table
(3) sql: Conditional check items matched, merging assignment check items
(3) sql: MD5-Password := 0x6662656262336539353530303464363162623635616539376331656239616333
(3) sql: EXPAND SELECT id, username, attribute, value, op FROM radreply WHERE username = '%{SQL-User-Name}' ORDER BY id
(3) sql: --> SELECT id, username, attribute, value, op FROM radreply WHERE username = 'linux' ORDER BY id
(3) sql: Executing select query: SELECT id, username, attribute, value, op FROM radreply WHERE username = 'linux' ORDER BY id
(3) sql: EXPAND SELECT groupname FROM radusergroup WHERE username = '%{SQL-User-Name}' ORDER BY priority
(3) sql: --> SELECT groupname FROM radusergroup WHERE username = 'linux' ORDER BY priority
(3) sql: Executing select query: SELECT groupname FROM radusergroup WHERE username = 'linux' ORDER BY priority
(3) sql: User not found in any groups
rlm_sql (sql): Released connection (0)
Need 7 more connections to reach 10 spares
rlm_sql (sql): Opening additional connection (9), 1 of 29 pending slots used
rlm_sql_mysql: Starting connect to MySQL server
rlm_sql_mysql: Connected to database 'radiusdb' on Localhost via UNIX socket, server version 10.3.11-MariaDB, protocol version 10
(3) [sql] = ok
(3) [expiration] = noop
(3) [logintime] = noop
(3) pap: Normalizing MD5-Password from hex encoding, 32 bytes -> 16 bytes
(3) pap: WARNING: Auth-Type already set. Not setting to PAP
(3) [pap] = noop
(3) } # authorize = ok
(3) Found Auth-Type = pam
(3) # Executing group from file /etc/raddb/sites-enabled/default
(3) authenticate {
(3) pam: Using pamauth string "radiusd" for pam.conf lookup
(3) pam: ERROR: pam_authenticate failed: Authentication failure
(3) [pam] = reject
(3) } # authenticate = reject
(3) Failed to authenticate the user
(3) Login incorrect (pam: pam_authenticate failed: Authentication failure): [linux/linux@123] (from client private-net1e port 0)
(3) Using Post-Auth-Type Reject
(3) # Executing group from file /etc/raddb/sites-enabled/default
(3) Post-Auth-Type REJECT {
(3) sql: EXPAND .query
(3) sql: --> .query
(3) sql: Using query template 'query'
rlm_sql (sql): Reserved connection (8)
(3) sql: EXPAND %{User-Name}
(3) sql: --> linux
(3) sql: SQL-User-Name set to 'linux'
(3) sql: EXPAND INSERT INTO radpostauth (username, pass, reply, authdate) VALUES ( '%{SQL-User-Name}', '%{%{User-Password}:-%{Chap-Password}}', '%{reply:Packet-Type}', '%S')
(3) sql: --> INSERT INTO radpostauth (username, pass, reply, authdate) VALUES ( 'linux', 'linux@123', 'Access-Reject', '2018-12-21 10:56:45.628824')
(3) sql: Executing query: INSERT INTO radpostauth (username, pass, reply, authdate) VALUES ( 'linux', 'linux@123', 'Access-Reject', '2018-12-21 10:56:45.628824')
(3) sql: SQL query returned: success
(3) sql: 1 record(s) updated
rlm_sql (sql): Released connection (8)
(3) [sql] = ok
(3) attr_filter.access_reject: EXPAND %{User-Name}
(3) attr_filter.access_reject: --> linux
(3) attr_filter.access_reject: Matched entry DEFAULT at line 11
(3) [attr_filter.access_reject] = updated
(3) [eap] = noop
(3) policy remove_reply_message_if_eap {
(3) if (&reply:EAP-Message && &reply:Reply-Message) {
(3) if (&reply:EAP-Message && &reply:Reply-Message) -> FALSE
(3) else {
(3) [noop] = noop
(3) } # else = noop
(3) } # policy remove_reply_message_if_eap = noop
(3) } # Post-Auth-Type REJECT = updated
(3) Delaying response for 1.000000 seconds
Waking up in 0.3 seconds.
Waking up in 0.6 seconds.
(3) Sending delayed response
(3) Sent Access-Reject Id 1 from 172.24.0.10:1812 to 172.26.10.34:63261 length 20
Waking up in 3.9 seconds.
(3) Cleaning up request packet ID 1 with timestamp +91
Ready to process requests
Sum Soklang
Senior Network System Engineer
Cambo Technology ISP Co. Ltd.
+855 (0) 99 999 208
From: freeradius-users-request(a)lists.freeradius.org
Sent: Friday, December 21, 2018 10:36 AM
To: freeradius-users(a)lists.freeradius.org
Subject: Freeradius-Users Digest, Vol 164, Issue 44
Send Freeradius-Users mailing list submissions to
freeradius-users(a)lists.freeradius.org
To subscribe or unsubscribe via the World Wide Web, visit
http://lists.freeradius.org/mailman/listinfo/freeradius-users
or, via email, send a message with subject or body 'help' to
freeradius-users-request(a)lists.freeradius.org
You can reach the person managing the list at
freeradius-users-owner(a)lists.freeradius.org
When replying, please edit your Subject line so it is more specific
than "Re: Contents of Freeradius-Users digest..."
Today's Topics:
1. Re: Ms-Chap + NT-Password (Alan DeKok)
2. Re: Ms-Chap + NT-Password (Anton Kiryushkin)
3. Re: Ms-Chap + NT-Password (Alan DeKok)
4. RE: Freeradius-Users Digest, Vol 164, Issue 43 (soklang.sum)
----------------------------------------------------------------------
Message: 1
Date: Thu, 20 Dec 2018 16:06:05 -0500
From: Alan DeKok <aland(a)deployingradius.com>
To: FreeRadius users mailing list
<freeradius-users(a)lists.freeradius.org>
Subject: Re: Ms-Chap + NT-Password
Message-ID: <1AD55C6B-C125-4B3B-BEB9-45FFF80D38A7(a)deployingradius.com>
Content-Type: text/plain; charset=us-ascii
On Dec 20, 2018, at 3:52 PM, Anton Kiryushkin <swood(a)fotofor.biz> wrote:
>
> Hello, Alan.
>
> I checked it.
>
> Let me show you full log:
>
> Thu Dec 20 01:10:08 2018 : Debug: (138) User-Name = "
> anonymous(a)espressif.com"
Please post the log from "radiusd -X" as suggested *EVERYWHERE* in the documentation.
For some unknown reason people recently seem to be ignoring all of the documentation that says to post "radiusd -X". This is mentioned in the "man" page, the Wiki, and in the email you get when you join the list.
Out of general principle, I'm going to ignore messages which fail to follow the documentation.
Re-post this with the *correct* debug log, and I will read it.
Alan DeKok.
------------------------------
Message: 2
Date: Thu, 20 Dec 2018 23:18:00 +0000
From: Anton Kiryushkin <swood(a)fotofor.biz>
To: FreeRadius users mailing list
<freeradius-users(a)lists.freeradius.org>
Subject: Re: Ms-Chap + NT-Password
Message-ID:
<CAM_jxg2Lf_HKfGd3kU4qdbdQmq+SkUbc=-Tvk=W0+jYdzQs1OQ(a)mail.gmail.com>
Content-Type: text/plain; charset="UTF-8"
Hello, Alan.
You're right. My fault. Please see log below:
(9) User-Name = "testlogin"
(9) NAS-Port = 215
(9) State = 0x5d9ac8cb5bb0d1b476356bca7bc2305b
(9) EAP-Message =
0x022a00681900170303005d0000000000000002301470a7306238a494e48f971e6c3870bb09639041141c00594ceaf49ffe07ac3d0ecdb68988c165ca8f370152e4cc61bf8065410eb9cf70432c800237bc3f4b089aaa37633688a6abe470d7f72aacf17e16110ef7
(9) Message-Authenticator = 0x3a5c65e42a9d0494a1805e850396ff75
(9) Acct-Session-Id = "8O2.1x811d36760006c7c6"
(9) NAS-Port-Id = "ge-3/0/40.0"
(9) Calling-Station-Id = "2c-4d-54-65-19-3b"
(9) Called-Station-Id = "88-e0-f3-b0-d6-00"
(9) NAS-IP-Address = 192.168.7.2
(9) NAS-Identifier = "sw-ex6210"
(9) NAS-Port-Type = Ethernet
(9) session-state: No cached attributes
(9) # Executing section authorize from file /etc/raddb/sites-enabled/default
(9) authorize {
(9) if (!control:Cleartext-Password && &User-Password) {
(9) if (!control:Cleartext-Password && &User-Password) -> FALSE
(9) if (config:User-Password && config:Cleartext-Password) {
(9) if (config:User-Password && config:Cleartext-Password) -> FALSE
(9) [preprocess] = ok
(9) [chap] = noop
(9) [mschap] = noop
(9) suffix: Checking for suffix after "@"
(9) suffix: No '@' in User-Name = "testlogin", looking up realm NULL
(9) suffix: No such realm "NULL"
(9) [suffix] = noop
(9) eap: Peer sent EAP Response (code 2) ID 42 length 104
(9) eap: Continuing tunnel setup
(9) [eap] = ok
(9) } # authorize = ok
(9) Found Auth-Type = eap
(9) # Executing group from file /etc/raddb/sites-enabled/default
(9) authenticate {
(9) eap: Expiring EAP session with state 0x1b445c8e1b6e4610
(9) eap: Finished EAP session with state 0x5d9ac8cb5bb0d1b4
(9) eap: Previous EAP request found for state 0x5d9ac8cb5bb0d1b4, released
from the list
(9) eap: Peer sent packet with method EAP PEAP (25)
(9) eap: Calling submodule eap_peap to process data
(9) eap_peap: Continuing EAP-TLS
(9) eap_peap: [eaptls verify] = ok
(9) eap_peap: Done initial handshake
(9) eap_peap: [eaptls process] = ok
(9) eap_peap: Session established. Decoding tunneled attributes
(9) eap_peap: PEAP state phase2
(9) eap_peap: EAP method MSCHAPv2 (26)
(9) eap_peap: Got tunneled request
(9) eap_peap: EAP-Message =
0x022a00491a022a0044314bdbebd0c0d0e6a8932b5fcdc388361a00000000000000004318685452e8005b97b446f5c1c0d23265bc1198557b1aa900646d697472792e616e616e796576
(9) eap_peap: Setting User-Name to testlogin
(9) eap_peap: Sending tunneled request to default
(9) eap_peap: EAP-Message =
0x022a00491a022a0044314bdbebd0c0d0e6a8932b5fcdc388361a00000000000000004318685452e8005b97b446f5c1c0d23265bc1198557b1aa900646d697472792e616e616e796576
(9) eap_peap: FreeRADIUS-Proxied-To = 127.0.0.1
(9) eap_peap: User-Name = "testlogin"
(9) eap_peap: State = 0x1b445c8e1b6e4610f294f492105a1239
(9) Virtual server default received request
(9) EAP-Message =
0x022a00491a022a0044314bdbebd0c0d0e6a8932b5fcdc388361a00000000000000004318685452e8005b97b446f5c1c0d23265bc1198557b1aa900646d697472792e616e616e796576
(9) FreeRADIUS-Proxied-To = 127.0.0.1
(9) User-Name = "testlogin"
(9) State = 0x1b445c8e1b6e4610f294f492105a1239
(9) WARNING: Outer and inner identities are the same. User privacy is
compromised.
(9) server default {
(9) session-state: No cached attributes
(9) # Executing section authorize from file
/etc/raddb/sites-enabled/default
(9) authorize {
(9) if (!control:Cleartext-Password && &User-Password) {
(9) if (!control:Cleartext-Password && &User-Password) -> FALSE
(9) if (config:User-Password && config:Cleartext-Password) {
(9) if (config:User-Password && config:Cleartext-Password) -> FALSE
(9) [preprocess] = ok
(9) [chap] = noop
(9) [mschap] = noop
(9) suffix: Checking for suffix after "@"
(9) suffix: No '@' in User-Name = "testlogin", looking up realm NULL
(9) suffix: No such realm "NULL"
(9) [suffix] = noop
(9) eap: Peer sent EAP Response (code 2) ID 42 length 73
(9) eap: No EAP Start, assuming it's an on-going EAP conversation
(9) [eap] = updated
(9) sql-wifi: EXPAND %{User-Name}
(9) sql-wifi: --> testlogin
(9) sql-wifi: SQL-User-Name set to 'testlogin'
rlm_sql (sql-wifi): Reserved connection (2)
(9) sql-wifi: EXPAND SELECT wifi_id as id, username, 'NT-Password' as
attribute, pass_hash, ':=' as op FROM userstable WHERE username =
'%{SQL-User-Name}' ORDER BY id
(9) sql-wifi: --> SELECT wifi_id as id, username, 'NT-Password' as
attribute, pass_hash, ':=' as op FROM userstable WHERE username =
'testlogin' ORDER BY id
(9) sql-wifi: Executing select query: SELECT wifi_id as id, username,
'NT-Password' as attribute, pass_hash, ':=' as op FROM userstable WHERE
username = 'testlogin' ORDER BY id
(9) sql-wifi: User found in radcheck table
(9) sql-wifi: Conditional check items matched, merging assignment check
items
(9) sql-wifi: NT-Password :=
0x6336623331333036323736373866653636626166393538616561356566363138
(9) sql-wifi: EXPAND SELECT wifi_id as id, username, 'NT-Password' as
attribute, pass_hash, ':=' as op FROM userstable WHERE username =
'%{SQL-User-Name}' ORDER BY id
(9) sql-wifi: --> SELECT wifi_id as id, username, 'NT-Password' as
attribute, pass_hash, ':=' as op FROM userstable WHERE username =
'testlogin' ORDER BY id
(9) sql-wifi: Executing select query: SELECT wifi_id as id, username,
'NT-Password' as attribute, pass_hash, ':=' as op FROM userstable WHERE
username = 'testlogin' ORDER BY id
(9) sql-wifi: User found in radreply table, merging reply items
(9) sql-wifi: NT-Password :=
0x6336623331333036323736373866653636626166393538616561356566363138
(9) sql-wifi: EXPAND SELECT 'OfficeWifi' as GroupName FROM userstable WHERE
UserName='%{SQL-User-Name}'
(9) sql-wifi: --> SELECT 'OfficeWifi' as GroupName FROM userstable WHERE
UserName='testlogin'
(9) sql-wifi: Executing select query: SELECT 'OfficeWifi' as GroupName FROM
userstable WHERE UserName='testlogin'
(9) sql-wifi: User found in the group table
(9) sql-wifi: EXPAND SELECT wifi_id as id, 'OfficeWifi' as GroupName,
'NT-Password' as attribute, password, ':=' as op FROM userstable
WHERE Username = '%{SQL-User-Name}' ORDER BY id
(9) sql-wifi: --> SELECT wifi_id as id, 'OfficeWifi' as GroupName,
'NT-Password' as attribute, password, ':=' as op FROM userstable
WHERE Username = 'testlogin' ORDER BY id
(9) sql-wifi: Executing select query: SELECT wifi_id as id, 'OfficeWifi' as
GroupName, 'NT-Password' as attribute, password, ':=' as op FROM userstable
WHERE Username = 'testlogin' ORDER BY id
(9) sql-wifi: Group "OfficeWifi": Conditional check items matched
(9) sql-wifi: Group "OfficeWifi": Merging assignment check items
(9) sql-wifi: NT-Password := 0x61675648496e73416b666d41
(9) sql-wifi: EXPAND SELECT wifi_id as id, 'OfficeWifi' as GroupName,
'NT-Password' as attribute, password, ':=' as op FROM userstable
WHERE Username = '%{SQL-User-Name}' ORDER BY id
(9) sql-wifi: --> SELECT wifi_id as id, 'OfficeWifi' as GroupName,
'NT-Password' as attribute, password, ':=' as op FROM userstable
WHERE Username = 'testlogin' ORDER BY id
(9) sql-wifi: Executing select query: SELECT wifi_id as id, 'OfficeWifi' as
GroupName, 'NT-Password' as attribute, password, ':=' as op FROM
userstable WHERE Username = 'testlogin' ORDER BY id
(9) sql-wifi: Group "OfficeWifi": Merging reply items
(9) sql-wifi: NT-Password := 0x61675648496e73416b666d41
rlm_sql (sql-wifi): Released connection (2)
(9) [sql-wifi] = ok
(9) pap: WARNING: Auth-Type already set. Not setting to PAP
(9) [pap] = noop
(9) } # authorize = updated
(9) Found Auth-Type = eap
(9) # Executing group from file /etc/raddb/sites-enabled/default
(9) authenticate {
(9) eap: Expiring EAP session with state 0x1b445c8e1b6e4610
(9) eap: Finished EAP session with state 0x1b445c8e1b6e4610
(9) eap: Previous EAP request found for state 0x1b445c8e1b6e4610, released
from the list
(9) eap: Peer sent packet with method EAP MSCHAPv2 (26)
(9) eap: Calling submodule eap_mschapv2 to process data
(9) eap_mschapv2: # Executing group from file
/etc/raddb/sites-enabled/default
(9) eap_mschapv2: Auth-Type MS-CHAP {
(9) mschap: WARNING: NT-Password found but incorrect length, expected 16
bytes got 12 bytes. Authentication may fail
(9) mschap: WARNING: No Cleartext-Password configured. Cannot create
NT-Password
(9) mschap: WARNING: No Cleartext-Password configured. Cannot create
LM-Password
(9) mschap: Creating challenge hash with username: testlogin
(9) mschap: Client is using MS-CHAPv2
(9) mschap: ERROR: FAILED: No NT/LM-Password. Cannot perform authentication
(9) mschap: ERROR: MS-CHAP2-Response is incorrect
(9) [mschap] = reject
(9) } # Auth-Type MS-CHAP = reject
чт, 20 дек. 2018 г. в 21:06, Alan DeKok <aland(a)deployingradius.com>:
> On Dec 20, 2018, at 3:52 PM, Anton Kiryushkin <swood(a)fotofor.biz> wrote:
> >
> > Hello, Alan.
> >
> > I checked it.
> >
> > Let me show you full log:
> >
> > Thu Dec 20 01:10:08 2018 : Debug: (138) User-Name = "
> > anonymous(a)espressif.com"
>
> Please post the log from "radiusd -X" as suggested *EVERYWHERE* in the
> documentation.
>
> For some unknown reason people recently seem to be ignoring all of the
> documentation that says to post "radiusd -X". This is mentioned in the
> "man" page, the Wiki, and in the email you get when you join the list.
>
> Out of general principle, I'm going to ignore messages which fail to
> follow the documentation.
>
> Re-post this with the *correct* debug log, and I will read it.
>
> Alan DeKok.
>
>
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
--
Best regards,
Anton Kiryushkin
------------------------------
Message: 3
Date: Thu, 20 Dec 2018 19:13:12 -0500
From: Alan DeKok <aland(a)deployingradius.com>
To: FreeRadius users mailing list
<freeradius-users(a)lists.freeradius.org>
Subject: Re: Ms-Chap + NT-Password
Message-ID: <CF585B0B-C5DC-4341-9620-1879A9BD52C0(a)deployingradius.com>
Content-Type: text/plain; charset=us-ascii
On Dec 20, 2018, at 6:18 PM, Anton Kiryushkin <swood(a)fotofor.biz> wrote:
> You're right. My fault. Please see log below:
Thanks.
> ...
> (9) sql-wifi: Conditional check items matched, merging assignment check
> items
> (9) sql-wifi: NT-Password :=
> 0x6336623331333036323736373866653636626166393538616561356566363138
Again... that's all ASCII data. You've taken the hex form of the string:
c6b3130627678fe66baf958aea5ef618
And instead of just putting this into SQL:
NT-Password := 0xc6b3130627678fe66baf958aea5ef618
You've converted the ASCII representation to hex again... and then set that as the NT password.
Don't do that.
> ...
> (9) eap_mschapv2: Auth-Type MS-CHAP {
> (9) mschap: WARNING: NT-Password found but incorrect length, expected 16
> bytes got 12 bytes. Authentication may fail
And the NT password is mangled, as noted above.
Why are you converting the hex string to ASCII *twice*? Just take the output of smbencrypt, put a "0x" in front of it, and set it as NT-Password in the database:
Again:
$ smbencrypt hello
LM Hash NT Hash
-------------------------------- --------------------------------
FDA95FBECA288D44AAD3B435B51404EE 066DDFD4EF0E9CD7C256FE77191EF43C
And then:
NT-Password := 0x066DDFD4EF0E9CD7C256FE77191EF43C
You *don't* have to hex-encode the hex output of smbencrypt.
Alan DeKok.
------------------------------
Message: 4
Date: Fri, 21 Dec 2018 10:35:31 +0700
From: "soklang.sum" <soklang.sum(a)cambotech.com>
To: "freeradius-users(a)lists.freeradius.org"
<freeradius-users(a)lists.freeradius.org>
Subject: RE: Freeradius-Users Digest, Vol 164, Issue 43
Message-ID: <5c1c5f83.1c69fb81.e454f.3e46(a)mx.google.com>
Content-Type: text/plain; charset="utf-8"
Dear Support,
I would like to add google authenticator with freeradius. Please kindly assist to support as possible.
When I enable in /etc/freeradius/users
# Instruct FreeRADIUS to use PAM to authenticate users
DEFAULT Auth-Type := PAM
Username and password always reject PAM of user in MySQL.
Best regards,
Sum Soklang
Senior Network System Engineer
Cambo Technology ISP Co. Ltd.
+855 (0) 99 999 208
From: freeradius-users-request(a)lists.freeradius.org
Sent: Friday, December 21, 2018 3:54 AM
To: freeradius-users(a)lists.freeradius.org
Subject: Freeradius-Users Digest, Vol 164, Issue 43
Send Freeradius-Users mailing list submissions to
freeradius-users(a)lists.freeradius.org
To subscribe or unsubscribe via the World Wide Web, visit
http://lists.freeradius.org/mailman/listinfo/freeradius-users
or, via email, send a message with subject or body 'help' to
freeradius-users-request(a)lists.freeradius.org
You can reach the person managing the list at
freeradius-users-owner(a)lists.freeradius.org
When replying, please edit your Subject line so it is more specific
than "Re: Contents of Freeradius-Users digest..."
Today's Topics:
1. Re: why user dosn`t connect ? (Alan DeKok)
2. Re: why user dosn`t connect ? (Alan Buxey)
3. Re: Capacity calculation (Alan Buxey)
4. Re: why user dosn`t connect ? (تعلم البرمجة)
5. Re: why user dosn`t connect ? (Alan Buxey)
6. Re: why user dosn`t connect ? (Alan DeKok)
7. Re: why user dosn`t connect ? (Alan Buxey)
8. Re: Ms-Chap + NT-Password (Anton Kiryushkin)
----------------------------------------------------------------------
Message: 1
Date: Thu, 20 Dec 2018 10:18:33 -0500
From: Alan DeKok <aland(a)deployingradius.com>
To: FreeRadius users mailing list
<freeradius-users(a)lists.freeradius.org>
Subject: Re: why user dosn`t connect ?
Message-ID: <C061CF1B-7A61-493D-AE3F-6D1FF10E92AB(a)deployingradius.com>
Content-Type: text/plain; charset=utf-8
> On Dec 20, 2018, at 9:51 AM, تعلم البرمجة <mido2010bona(a)gmail.xn--com-yx0a> wrote:
>
> but why not added to radacct !!
If you're going to reply to your own messages, then PLEASE edit them so you don't post thousands of lines of the same debug output.
As for why there's no accounting packets, this is in the FAQ.
The NAS is supposed to send accounting packets. Poking FreeRADIUS won't magically make the NAS send accounting packets.
Go configure the NAS.
Alan DeKok.
------------------------------
Message: 2
Date: Thu, 20 Dec 2018 17:12:29 +0000
From: Alan Buxey <alan.buxey(a)gmail.com>
To: FreeRadius users mailing list
<freeradius-users(a)lists.freeradius.org>
Subject: Re: why user dosn`t connect ?
Message-ID:
<CAOVYXj9dPO6m_PxKAxd1HL0_AZVC+n6174-8ZKMxt4=O7z=vpQ(a)mail.gmail.com>
Content-Type: text/plain; charset="UTF-8"
hi,
but why not added to radacct !!
>
because the packet received by the server was an access-request, not an
accounting-start, interim update or stop. so no accounting
things were done.
alan
------------------------------
Message: 3
Date: Thu, 20 Dec 2018 17:18:23 +0000
From: Alan Buxey <alan.buxey(a)gmail.com>
To: FreeRadius users mailing list
<freeradius-users(a)lists.freeradius.org>
Subject: Re: Capacity calculation
Message-ID:
<CAOVYXj9Jgz3-JOgi-iM6Jejp=vTYaKgsfu-kWUKx9Ku5PKJaVw(a)mail.gmail.com>
Content-Type: text/plain; charset="UTF-8"
hi,
I want to understand how much TPS freeRADIUS will support for below
> configuration along with postgresql DB
>
>
as Nathan has said - this all depends on your configuration, requirements,
processes/policies that need to be dealt with, etc
you can easily do some local benchmarking on a local VM to work out
requirements for scaling - obviously the memory
requirement will be related to DB requirements (caching etc) - usually the
system will be constrained by steps such as
DB inserts etc (if doing live ones) rather than CPU - small institutions
could probably run FR on a RaspberryPi ...
alan
------------------------------
Message: 4
Date: Thu, 20 Dec 2018 19:21:27 +0200
From: تعلم البرمجة <mido2010bona(a)gmail.com>
To: freeradius-users(a)lists.freeradius.org
Subject: Re: why user dosn`t connect ?
Message-ID:
<CACe-uLw4kUSF6xP_tLH34EhvzZsmmYxs2GV9hCL09fbFa7qoOA(a)mail.gmail.com>
Content-Type: text/plain; charset="UTF-8"
thanks allan , i get this error message "User or Chap Password in
non-access request"
>
>
------------------------------
Message: 5
Date: Thu, 20 Dec 2018 17:22:39 +0000
From: Alan Buxey <alan.buxey(a)gmail.com>
To: FreeRadius users mailing list
<freeradius-users(a)lists.freeradius.org>
Subject: Re: why user dosn`t connect ?
Message-ID:
<CAOVYXj-hicmjZVHAMVNpYE_yqrkWT_9G-bBbBGf_=W+BV8TVqQ(a)mail.gmail.com>
Content-Type: text/plain; charset="UTF-8"
hi,
your sending access requests to port 1813 of the server?
alan
On Thu, 20 Dec 2018 at 17:22, تعلم البرمجة <mido2010bona(a)gmail.com>
wrote:
> thanks allan , i get this error message "User or Chap Password in
> non-access request"
>
> >
> >
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
------------------------------
Message: 6
Date: Thu, 20 Dec 2018 12:24:35 -0500
From: Alan DeKok <aland(a)deployingradius.com>
To: FreeRadius users mailing list
<freeradius-users(a)lists.freeradius.org>
Subject: Re: why user dosn`t connect ?
Message-ID: <7BBEF01A-206F-46DB-BF3E-2FE7326F31F7(a)deployingradius.com>
Content-Type: text/plain; charset=utf-8
> On Dec 20, 2018, at 12:21 PM, تعلم البرمجة <mido2010bona(a)gmail.xn--com-yx0a> wrote:
>
> thanks allan , i get this error message "User or Chap Password in
> non-access request"
That message doesn't come from FreeRADIUS.
Alan DeKok.
------------------------------
Message: 7
Date: Thu, 20 Dec 2018 17:27:06 +0000
From: Alan Buxey <alan.buxey(a)gmail.com>
To: FreeRadius users mailing list
<freeradius-users(a)lists.freeradius.org>
Subject: Re: why user dosn`t connect ?
Message-ID:
<CAOVYXj8c4XNngZ3-XAbxLk69WsDaQpDVgV65b42KfhEfHJQ=wg(a)mail.gmail.com>
Content-Type: text/plain; charset="UTF-8"
indeed, looks like its from php-radius
https://github.com/LawnGnome/php-radius
alan
------------------------------
Message: 8
Date: Thu, 20 Dec 2018 20:52:14 +0000
From: Anton Kiryushkin <swood(a)fotofor.biz>
To: FreeRadius users mailing list
<freeradius-users(a)lists.freeradius.org>
Subject: Re: Ms-Chap + NT-Password
Message-ID:
<CAM_jxg1hM8OLdKf0yHP6KkoXSRL+aCkfQHqk0ezQX+r1KPXcDw(a)mail.gmail.com>
Content-Type: text/plain; charset="UTF-8"
Hello, Alan.
I checked it.
Let me show you full log:
Thu Dec 20 01:10:08 2018 : Debug: (138) User-Name = "
anonymous(a)espressif.com"
Thu Dec 20 01:10:08 2018 : Debug: (138) Chargeable-User-Identity = 0x00
Thu Dec 20 01:10:08 2018 : Debug: (138) Location-Capable = Civic-Location
Thu Dec 20 01:10:08 2018 : Debug: (138) Calling-Station-Id =
"38-2b-78-03-ee-70"
Thu Dec 20 01:10:08 2018 : Debug: (138) Called-Station-Id =
"cc-46-d6-09-ed-50:BD"
Thu Dec 20 01:10:08 2018 : Debug: (138) NAS-Port = 13
Thu Dec 20 01:10:08 2018 : Debug: (138) Cisco-AVPair =
"audit-session-id=c0a807c8000000015ba9aa3b"
Thu Dec 20 01:10:08 2018 : Debug: (138) Acct-Session-Id =
"5ba9aa3b/38:2b:78:03:ee:70/1"
Thu Dec 20 01:10:08 2018 : Debug: (138) NAS-IP-Address = 192.168.1.200
Thu Dec 20 01:10:08 2018 : Debug: (138) NAS-Identifier = "wc-5508"
Thu Dec 20 01:10:08 2018 : Debug: (138) Airespace-Wlan-Id = 14
Thu Dec 20 01:10:08 2018 : Debug: (138) Service-Type = Framed-User
Thu Dec 20 01:10:08 2018 : Debug: (138) Framed-MTU = 1300
Thu Dec 20 01:10:08 2018 : Debug: (138) NAS-Port-Type = Wireless-802.11
Thu Dec 20 01:10:08 2018 : Debug: (138) Tunnel-Type:0 = VLAN
Thu Dec 20 01:10:08 2018 : Debug: (138) Tunnel-Medium-Type:0 = IEEE-802
Thu Dec 20 01:10:08 2018 : Debug: (138) Tunnel-Private-Group-Id:0 = "14"
Thu Dec 20 01:10:08 2018 : Debug: (138) EAP-Message =
0x0207007b19001703020070493c43a0045e1a736402d6353c2ebfd02b02b3da47074e8043e42814d384055eb07d8a3fdf5fc763651fee8a9c19e2525e0450f5bee24195a432757be658ec4fec63f0d1a904eaed55de4f98bc097aca893e67f8761a530e374122b3ba2c61eab23cf1af3ecd9ab8edf2907b
Thu Dec 20 01:10:08 2018 : Debug: (138) State =
0x9a0fd4fc9e08cd9b875e606333810d4e
Thu Dec 20 01:10:08 2018 : Debug: (138) Message-Authenticator =
0x3b8a82762eef0a453f82a36821b263f2
Thu Dec 20 01:10:08 2018 : Debug: (138) session-state: No cached attributes
Thu Dec 20 01:10:08 2018 : Debug: (138) # Executing section authorize from
file /etc/raddb/sites-enabled/default
Thu Dec 20 01:10:08 2018 : Debug: (138) authorize {
Thu Dec 20 01:10:08 2018 : Debug: (138) if (!control:Cleartext-Password
&& &User-Password) {
Thu Dec 20 01:10:08 2018 : Debug: (138) if (!control:Cleartext-Password
&& &User-Password) -> FALSE
Thu Dec 20 01:10:08 2018 : Debug: (138) if (config:User-Password &&
config:Cleartext-Password) {
Thu Dec 20 01:10:08 2018 : Debug: (138) if (config:User-Password &&
config:Cleartext-Password) -> FALSE
Thu Dec 20 01:10:08 2018 : Debug: (138) modsingle[authorize]: calling
preprocess (rlm_preprocess)
Thu Dec 20 01:10:08 2018 : Debug: (138) modsingle[authorize]: returned
from preprocess (rlm_preprocess)
Thu Dec 20 01:10:08 2018 : Debug: (138) [preprocess] = ok
Thu Dec 20 01:10:08 2018 : Debug: (138) modsingle[authorize]: calling
chap (rlm_chap)
Thu Dec 20 01:10:08 2018 : Debug: (138) modsingle[authorize]: returned
from chap (rlm_chap)
Thu Dec 20 01:10:08 2018 : Debug: (138) [chap] = noop
Thu Dec 20 01:10:08 2018 : Debug: (138) modsingle[authorize]: calling
mschap (rlm_mschap)
Thu Dec 20 01:10:08 2018 : Debug: (138) modsingle[authorize]: returned
from mschap (rlm_mschap)
Thu Dec 20 01:10:08 2018 : Debug: (138) [mschap] = noop
Thu Dec 20 01:10:08 2018 : Debug: (138) modsingle[authorize]: calling
suffix (rlm_realm)
Thu Dec 20 01:10:08 2018 : Debug: (138) suffix: Checking for suffix after
"@"
Thu Dec 20 01:10:08 2018 : Debug: (138) suffix: Looking up realm "
espressif.com" for User-Name = "anonymous(a)espressif.com"
Thu Dec 20 01:10:08 2018 : Debug: (138) suffix: No such realm "espressif.com
"
Thu Dec 20 01:10:08 2018 : Debug: (138) modsingle[authorize]: returned
from suffix (rlm_realm)
Thu Dec 20 01:10:08 2018 : Debug: (138) [suffix] = noop
Thu Dec 20 01:10:08 2018 : Debug: (138) modsingle[authorize]: calling
eap (rlm_eap)
Thu Dec 20 01:10:08 2018 : Debug: (138) eap: Peer sent EAP Response (code
2) ID 7 length 123
Thu Dec 20 01:10:08 2018 : Debug: (138) eap: Continuing tunnel setup
Thu Dec 20 01:10:08 2018 : Debug: (138) modsingle[authorize]: returned
from eap (rlm_eap)
Thu Dec 20 01:10:08 2018 : Debug: (138) [eap] = ok
Thu Dec 20 01:10:08 2018 : Debug: (138) } # authorize = ok
Thu Dec 20 01:10:08 2018 : Debug: (138) Found Auth-Type = eap
Thu Dec 20 01:10:08 2018 : Debug: (138) # Executing group from file
/etc/raddb/sites-enabled/default
Thu Dec 20 01:10:08 2018 : Debug: (138) authenticate {
Thu Dec 20 01:10:08 2018 : Debug: (138) modsingle[authenticate]:
calling eap (rlm_eap)
Thu Dec 20 01:10:08 2018 : Debug: (138) eap: Expiring EAP session with
state 0x0d5314a80d540ec8
Thu Dec 20 01:10:08 2018 : Debug: (138) eap: Finished EAP session with
state 0x9a0fd4fc9e08cd9b
Thu Dec 20 01:10:08 2018 : Debug: (138) eap: Previous EAP request found for
state 0x9a0fd4fc9e08cd9b, released from the list
Thu Dec 20 01:10:08 2018 : Debug: (138) eap: Peer sent packet with method
EAP PEAP (25)
Thu Dec 20 01:10:08 2018 : Debug: (138) eap: Calling submodule eap_peap to
process data
Thu Dec 20 01:10:08 2018 : Debug: (138) eap_peap: Continuing EAP-TLS
Thu Dec 20 01:10:08 2018 : Debug: (138) eap_peap: Peer sent flags ---
Thu Dec 20 01:10:08 2018 : Debug: (138) eap_peap: [eaptls verify] = ok
Thu Dec 20 01:10:08 2018 : Debug: (138) eap_peap: Done initial handshake
Thu Dec 20 01:10:08 2018 : Debug: Ignoring cbtls_msg call with pseudo
content type 256, version 0
Thu Dec 20 01:10:08 2018 : Debug: (138) eap_peap: [eaptls process] = ok
Thu Dec 20 01:10:08 2018 : Debug: (138) eap_peap: Session established.
Decoding tunneled attributes
Thu Dec 20 01:10:08 2018 : Debug: (138) eap_peap: PEAP state phase2
Thu Dec 20 01:10:08 2018 : Debug: (138) eap_peap: EAP method MSCHAPv2 (26)
Thu Dec 20 01:10:08 2018 : Debug: (138) eap_peap: Got tunneled request
Thu Dec 20 01:10:08 2018 : Debug: (138) eap_peap: EAP-Message =
0x020700441a0207003f3199f6449a50fa3b50be389565dde6ae4b0000000000000000e78496d30625840ded712d0b260d96bead07a7fdd950530a00792e6c696c656b6f76
Thu Dec 20 01:10:08 2018 : Debug: (138) eap_peap: Setting User-Name to
testlogin
Thu Dec 20 01:10:08 2018 : Debug: (138) eap_peap: Sending tunneled request
to default
Thu Dec 20 01:10:08 2018 : Debug: (138) eap_peap: EAP-Message =
0x020700441a0207003f3199f6449a50fa3b50be389565dde6ae4b0000000000000000e78496d30625840ded712d0b260d96bead07a7fdd950530a00792e6c696c656b6f76
Thu Dec 20 01:10:08 2018 : Debug: (138) eap_peap: FreeRADIUS-Proxied-To =
127.0.0.1
Thu Dec 20 01:10:08 2018 : Debug: (138) eap_peap: User-Name = “testlogin"
Thu Dec 20 01:10:08 2018 : Debug: (138) eap_peap: State =
0x0d5314a80d540ec8eca17483a9cfe203
Thu Dec 20 01:10:08 2018 : Debug: (138) Virtual server default received
request
Thu Dec 20 01:10:08 2018 : Debug: (138) EAP-Message =
0x020700441a0207003f3199f6449a50fa3b50be389565dde6ae4b0000000000000000e78496d30625840ded712d0b260d96bead07a7fdd950530a00792e6c696c656b6f76
Thu Dec 20 01:10:08 2018 : Debug: (138) FreeRADIUS-Proxied-To = 127.0.0.1
Thu Dec 20 01:10:08 2018 : Debug: (138) User-Name = "testlogin "
Thu Dec 20 01:10:08 2018 : Debug: (138) State =
0x0d5314a80d540ec8eca17483a9cfe203
Thu Dec 20 01:10:08 2018 : Debug: (138) server default {
Thu Dec 20 01:10:08 2018 : Debug: (138) session-state: No cached
attributes
Thu Dec 20 01:10:08 2018 : Debug: (138) # Executing section authorize
from file /etc/raddb/sites-enabled/default
Thu Dec 20 01:10:08 2018 : Debug: (138) authorize {
Thu Dec 20 01:10:08 2018 : Debug: (138) if
(!control:Cleartext-Password && &User-Password) {
Thu Dec 20 01:10:08 2018 : Debug: (138) if
(!control:Cleartext-Password && &User-Password) -> FALSE
Thu Dec 20 01:10:08 2018 : Debug: (138) if (config:User-Password &&
config:Cleartext-Password) {
Thu Dec 20 01:10:08 2018 : Debug: (138) if (config:User-Password &&
config:Cleartext-Password) -> FALSE
Thu Dec 20 01:10:08 2018 : Debug: (138) modsingle[authorize]: calling
preprocess (rlm_preprocess)
Thu Dec 20 01:10:08 2018 : Debug: (138) modsingle[authorize]:
returned from preprocess (rlm_preprocess)
Thu Dec 20 01:10:08 2018 : Debug: (138) [preprocess] = ok
Thu Dec 20 01:10:08 2018 : Debug: (138) modsingle[authorize]: calling
chap (rlm_chap)
Thu Dec 20 01:10:08 2018 : Debug: (138) modsingle[authorize]:
returned from chap (rlm_chap)
Thu Dec 20 01:10:08 2018 : Debug: (138) [chap] = noop
Thu Dec 20 01:10:08 2018 : Debug: (138) modsingle[authorize]: calling
mschap (rlm_mschap)
Thu Dec 20 01:10:08 2018 : Debug: (138) modsingle[authorize]:
returned from mschap (rlm_mschap)
Thu Dec 20 01:10:08 2018 : Debug: (138) [mschap] = noop
Thu Dec 20 01:10:08 2018 : Debug: (138) modsingle[authorize]: calling
suffix (rlm_realm)
Thu Dec 20 01:10:08 2018 : Debug: (138) suffix: Checking for suffix after
"@"
Thu Dec 20 01:10:08 2018 : Debug: (138) suffix: No '@' in User-Name =
“testlogin", looking up realm NULL
Thu Dec 20 01:10:08 2018 : Debug: (138) suffix: No such realm "NULL"
Thu Dec 20 01:10:08 2018 : Debug: (138) modsingle[authorize]:
returned from suffix (rlm_realm)
Thu Dec 20 01:10:08 2018 : Debug: (138) [suffix] = noop
Thu Dec 20 01:10:08 2018 : Debug: (138) modsingle[authorize]: calling
eap (rlm_eap)
Thu Dec 20 01:10:08 2018 : Debug: (138) eap: Peer sent EAP Response (code
2) ID 7 length 68
Thu Dec 20 01:10:08 2018 : Debug: (138) eap: No EAP Start, assuming it's an
on-going EAP conversation
Thu Dec 20 01:10:08 2018 : Debug: (138) modsingle[authorize]:
returned from eap (rlm_eap)
Thu Dec 20 01:10:08 2018 : Debug: (138) [eap] = updated
Thu Dec 20 01:10:08 2018 : Debug: (138) modsingle[authorize]: calling
sql-wifi (rlm_sql)
Thu Dec 20 01:10:08 2018 : Debug: %{User-Name}
Thu Dec 20 01:10:08 2018 : Debug: Parsed xlat tree:
Thu Dec 20 01:10:08 2018 : Debug: attribute --> User-Name
Thu Dec 20 01:10:08 2018 : Debug: (138) sql-wifi: EXPAND %{User-Name}
Thu Dec 20 01:10:08 2018 : Debug: (138) sql-wifi: --> testlogin
Thu Dec 20 01:10:08 2018 : Debug: (138) sql-wifi: SQL-User-Name set to
’testlogin'
Thu Dec 20 01:10:08 2018 : Info: rlm_sql (sql-wifi): Closing connection
(28): Hit idle_timeout, was idle for 80 seconds
Thu Dec 20 01:10:08 2018 : Debug: rlm_sql (sql-wifi): You probably need to
lower "min"
Thu Dec 20 01:10:08 2018 : Debug: rlm_sql_mysql: Socket destructor called,
closing socket
Thu Dec 20 01:10:08 2018 : Debug: rlm_sql (sql-wifi): Reserved connection
(19)
Thu Dec 20 01:10:08 2018 : Debug: SELECT wifi_id as id, UserName,
'NT-Password' as attribute, pass_hash, ':=' as op FROM userstable WHERE
username = '%{SQL-User-Name}' ORDER BY id
Thu Dec 20 01:10:08 2018 : Debug: Parsed xlat tree:
Thu Dec 20 01:10:08 2018 : Debug: literal --> SELECT wifi_id as id,
UserName, 'NT-Password' as attribute, pass_hash, ':=' as op FROM
userstable WHERE username = '
Thu Dec 20 01:10:08 2018 : Debug: attribute --> SQL-User-Name
Thu Dec 20 01:10:08 2018 : Debug: literal --> ' ORDER BY id
Thu Dec 20 01:10:08 2018 : Debug: (138) sql-wifi: EXPAND SELECT wifi_id as
id, UserName, 'NT-Password' as attribute, pass_hash, ':=' as op FROM
userstable WHERE username = '%{SQL-User-Name}' ORDER BY id
Thu Dec 20 01:10:08 2018 : Debug: (138) sql-wifi: --> SELECT wifi_id as
id, UserName, 'NT-Password' as attribute, pass_hash, ':=' as op FROM
userstable WHERE username = ’testlogin' ORDER BY id
Thu Dec 20 01:10:08 2018 : Debug: (138) sql-wifi: Executing select query:
SELECT wifi_id as id, UserName, 'NT-Password' as attribute, pass_hash, ':='
as op FROM userstable WHERE username = ’testlogin' ORDER BY id
Thu Dec 20 01:10:08 2018 : Debug: (138) sql-wifi: User found in radcheck
table
Thu Dec 20 01:10:08 2018 : Debug: (138) sql-wifi: Conditional check items
matched, merging assignment check items
Thu Dec 20 01:10:08 2018 : Debug: (138) sql-wifi: NT-Password :=
0x3161666532333532663366363365333136376163646230306136646366386235
Thu Dec 20 01:10:08 2018 : Debug: (138) sql-wifi: ::: FROM 1 TO 1 MAX 2
Thu Dec 20 01:10:08 2018 : Debug: (138) sql-wifi: ::: Examining NT-Password
Thu Dec 20 01:10:08 2018 : Debug: (138) sql-wifi: ::: APPENDING NT-Password
FROM 0 TO 1
Thu Dec 20 01:10:08 2018 : Debug: (138) sql-wifi: ::: TO in 1 out 1
Thu Dec 20 01:10:08 2018 : Debug: (138) sql-wifi: ::: to[0] = Auth-Type
Thu Dec 20 01:10:08 2018 : Debug: SELECT wifi_id as id, username,
'NT-Password' as attribute, pass_hash, ':=' as op FROM userstable WHERE
username = '%{SQL-User-Name}' ORDER BY id
Thu Dec 20 01:10:08 2018 : Debug: Parsed xlat tree:
Thu Dec 20 01:10:08 2018 : Debug: literal --> SELECT wifi_id as id,
username, 'NT-Password' as attribute, pass_hash, ':=' as op FROM
userstable WHERE username = '
Thu Dec 20 01:10:08 2018 : Debug: attribute --> SQL-User-Name
Thu Dec 20 01:10:08 2018 : Debug: literal --> ' ORDER BY id
Thu Dec 20 01:10:08 2018 : Debug: (138) sql-wifi: EXPAND SELECT wifi_id as
id, username, 'NT-Password' as attribute, pass_hash, ':=' as op FROM
userstable WHERE username = '%{SQL-User-Name}' ORDER BY id
Thu Dec 20 01:10:08 2018 : Debug: (138) sql-wifi: --> SELECT wifi_id as
id, username, 'NT-Password' as attribute, pass_hash, ':=' as op FROM
userstable WHERE username = ’testlogin' ORDER BY id
Thu Dec 20 01:10:08 2018 : Debug: (138) sql-wifi: Executing select query:
SELECT wifi_id as id, username, 'NT-Password' as attribute, pass_hash, ':='
as op FROM userstable WHERE username = ’testlogin' ORDER BY id
Thu Dec 20 01:10:08 2018 : Debug: (138) sql-wifi: User found in radreply
table, merging reply items
Thu Dec 20 01:10:08 2018 : Debug: (138) sql-wifi: NT-Password :=
0x3161666532333532663366363365333136376163646230306136646366386235
Thu Dec 20 01:10:08 2018 : Debug: (138) sql-wifi: ::: FROM 1 TO 0 MAX 1
Thu Dec 20 01:10:08 2018 : Debug: (138) sql-wifi: ::: Examining NT-Password
Thu Dec 20 01:10:08 2018 : Debug: (138) sql-wifi: ::: APPENDING NT-Password
FROM 0 TO 0
Thu Dec 20 01:10:08 2018 : Debug: (138) sql-wifi: ::: TO in 0 out 0
Thu Dec 20 01:10:08 2018 : Debug: (138) sql-wifi: ... falling-through to
group processing
Thu Dec 20 01:10:08 2018 : Debug: SELECT 'OfficeWifi' as GroupName FROM
userstable WHERE UserName='%{SQL-User-Name}'
Thu Dec 20 01:10:08 2018 : Debug: Parsed xlat tree:
Thu Dec 20 01:10:08 2018 : Debug: literal --> SELECT 'OfficeWifi' as
GroupName FROM userstable WHERE UserName='
Thu Dec 20 01:10:08 2018 : Debug: attribute --> SQL-User-Name
Thu Dec 20 01:10:08 2018 : Debug: literal --> '
Thu Dec 20 01:10:08 2018 : Debug: (138) sql-wifi: EXPAND SELECT
'OfficeWifi' as GroupName FROM userstable WHERE UserName='%{SQL-User-Name}'
Thu Dec 20 01:10:08 2018 : Debug: (138) sql-wifi: --> SELECT
'OfficeWifi' as GroupName FROM userstable WHERE UserName='testlogin'
Thu Dec 20 01:10:08 2018 : Debug: (138) sql-wifi: Executing select query:
SELECT 'OfficeWifi' as GroupName FROM userstable WHERE UserName='testlogin'
Thu Dec 20 01:10:08 2018 : Debug: (138) sql-wifi: User found in the group
table
Thu Dec 20 01:10:08 2018 : Debug: SELECT wifi_id as id, 'OfficeWifi' as
GroupName, 'NT-Password' as attribute, password, ':=' as op FROM userstable
WHERE Username = '%{SQL-User-Name}' ORDER BY id
Thu Dec 20 01:10:08 2018 : Debug: Parsed xlat tree:
Thu Dec 20 01:10:08 2018 : Debug: literal --> SELECT wifi_id as id,
'OfficeWifi' as GroupName, 'NT-Password' as attribute, password, ':='
as op FROM
userstable WHERE Username = '
Thu Dec 20 01:10:08 2018 : Debug: attribute --> SQL-User-Name
Thu Dec 20 01:10:08 2018 : Debug: literal --> ' ORDER BY id
Thu Dec 20 01:10:08 2018 : Debug: (138) sql-wifi: EXPAND SELECT wifi_id as
id, 'OfficeWifi' as GroupName, 'NT-Password' as attribute, password, ':='
as op FROM userstable WHERE Username = '%{SQL-User-Name}'
ORDER BY id
Thu Dec 20 01:10:08 2018 : Debug: (138) sql-wifi: --> SELECT wifi_id as
id, 'OfficeWifi' as GroupName, 'NT-Password' as attribute, password, ':='
as op FROM userstable WHERE Username = ’testlogin'
ORDER BY id
Thu Dec 20 01:10:08 2018 : Debug: (138) sql-wifi: Executing select query:
SELECT wifi_id as id, 'OfficeWifi' as GroupName, 'NT-Password' as
attribute, password, ':=' as op FROM userstable WHERE Username =
'testlogin' ORDER BY id
Thu Dec 20 01:10:08 2018 : Debug: (138) sql-wifi: Group "OfficeWifi":
Conditional check items matched
Thu Dec 20 01:10:08 2018 : Debug: (138) sql-wifi: Group "OfficeWifi":
Merging assignment check items
Thu Dec 20 01:10:08 2018 : Debug: (138) sql-wifi: NT-Password :=
0x696e616d6974414c545a694e3039393021
Thu Dec 20 01:10:08 2018 : Debug: (138) sql-wifi: ::: FROM 1 TO 2 MAX 3
Thu Dec 20 01:10:08 2018 : Debug: (138) sql-wifi: ::: Examining NT-Password
Thu Dec 20 01:10:08 2018 : Debug: (138) sql-wifi: ::: OVERWRITING
NT-Password FROM 0 TO 1
Thu Dec 20 01:10:08 2018 : Debug: (138) sql-wifi: ::: TO in 2 out 2
Thu Dec 20 01:10:08 2018 : Debug: (138) sql-wifi: ::: to[0] = Auth-Type
Thu Dec 20 01:10:08 2018 : Debug: (138) sql-wifi: ::: to[1] = NT-Password
Thu Dec 20 01:10:08 2018 : Debug: SELECT wifi_id as id, 'OfficeWifi' as
GroupName, 'NT-Password' as attribute, password, ':=' as op FROM
userstable WHERE Username = '%{SQL-User-Name}' ORDER BY
id
Thu Dec 20 01:10:08 2018 : Debug: Parsed xlat tree:
Thu Dec 20 01:10:08 2018 : Debug: literal --> SELECT wifi_id as id,
'OfficeWifi' as GroupName, 'NT-Password' as attribute, password, ':=' as op
FROM userstable WHERE Username = '
Thu Dec 20 01:10:08 2018 : Debug: attribute --> SQL-User-Name
Thu Dec 20 01:10:08 2018 : Debug: literal --> ' ORDER BY id
Thu Dec 20 01:10:08 2018 : Debug: (138) sql-wifi: EXPAND SELECT wifi_id as
id, 'OfficeWifi' as GroupName, 'NT-Password' as attribute, password, ':='
as op FROM userstable WHERE Username = '%{SQL-User-Name}'
ORDER BY id
Thu Dec 20 01:10:08 2018 : Debug: (138) sql-wifi: --> SELECT wifi_id as
id, 'OfficeWifi' as GroupName, 'NT-Password' as attribute, password, ':='
as op FROM userstable WHERE Username = 'testlogin'
ORDER BY id
Thu Dec 20 01:10:08 2018 : Debug: (138) sql-wifi: Executing select query:
SELECT wifi_id as id, 'OfficeWifi' as GroupName, 'NT-Password' as
attribute, password, ':=' as op FROM userstable WHERE
Username = 'testlogin' ORDER BY id
Thu Dec 20 01:10:08 2018 : Debug: (138) sql-wifi: Group "OfficeWifi":
Merging reply items
Thu Dec 20 01:10:08 2018 : Debug: (138) sql-wifi: NT-Password :=
0x696e616d6974414c545a694e3039393021
Thu Dec 20 01:10:08 2018 : Debug: (138) sql-wifi: ::: FROM 1 TO 1 MAX 2
Thu Dec 20 01:10:08 2018 : Debug: (138) sql-wifi: ::: Examining NT-Password
Thu Dec 20 01:10:08 2018 : Debug: (138) sql-wifi: ::: OVERWRITING
NT-Password FROM 0 TO 0
Thu Dec 20 01:10:08 2018 : Debug: (138) sql-wifi: ::: TO in 1 out 1
Thu Dec 20 01:10:08 2018 : Debug: (138) sql-wifi: ::: to[0] = NT-Password
Thu Dec 20 01:10:08 2018 : Debug: (138) sql-wifi: ... falling-through to
profile processing
Thu Dec 20 01:10:08 2018 : Debug: rlm_sql (sql-wifi): Released connection
(19)
Thu Dec 20 01:10:08 2018 : Info: Need 1 more connections to reach min
connections (5)
Thu Dec 20 01:10:08 2018 : Info: rlm_sql (sql-wifi): Opening additional
connection (30), 1 of 6 pending slots used
Thu Dec 20 01:10:08 2018 : Debug: rlm_sql_mysql: Starting connect to MySQL
server
Thu Dec 20 01:10:08 2018 : Debug: rlm_sql_mysql: Connected to database
'vpn_wifi' on 127.0.0.1 via TCP/IP, server version 5.7.19-17-log, protocol
version 10
Thu Dec 20 01:10:08 2018 : Debug: (138) modsingle[authorize]:
returned from sql-wifi (rlm_sql)
Thu Dec 20 01:10:08 2018 : Debug: (138) [sql-wifi] = ok
Thu Dec 20 01:10:08 2018 : Debug: (138) modsingle[authorize]: calling
pap (rlm_pap)
Thu Dec 20 01:10:08 2018 : WARNING: (138) pap: Auth-Type already set. Not
setting to PAP
Thu Dec 20 01:10:08 2018 : Debug: (138) modsingle[authorize]:
returned from pap (rlm_pap)
Thu Dec 20 01:10:08 2018 : Debug: (138) [pap] = noop
Thu Dec 20 01:10:08 2018 : Debug: (138) } # authorize = updated
Thu Dec 20 01:10:08 2018 : Debug: (138) Found Auth-Type = eap
Thu Dec 20 01:10:08 2018 : Debug: (138) # Executing group from file
/etc/raddb/sites-enabled/default
Thu Dec 20 01:10:08 2018 : Debug: (138) authenticate {
Thu Dec 20 01:10:08 2018 : Debug: (138) modsingle[authenticate]:
calling eap (rlm_eap)
Thu Dec 20 01:10:08 2018 : Debug: (138) eap: Expiring EAP session with
state 0x0d5314a80d540ec8
Thu Dec 20 01:10:08 2018 : Debug: (138) eap: Finished EAP session with
state 0x0d5314a80d540ec8
Thu Dec 20 01:10:08 2018 : Debug: (138) eap: Previous EAP request found for
state 0x0d5314a80d540ec8, released from the list
Thu Dec 20 01:10:08 2018 : Debug: (138) eap: Peer sent packet with method
EAP MSCHAPv2 (26)
Thu Dec 20 01:10:08 2018 : Debug: (138) eap: Calling submodule eap_mschapv2
to process data
Thu Dec 20 01:10:08 2018 : Debug: (138) eap_mschapv2: # Executing group
from file /etc/raddb/sites-enabled/default
Thu Dec 20 01:10:08 2018 : Debug: (138) eap_mschapv2: Auth-Type MS-CHAP {
Thu Dec 20 01:10:08 2018 : Debug: (138) eap_mschapv2:
modsingle[authenticate]: calling mschap (rlm_mschap)
Thu Dec 20 01:10:08 2018 : WARNING: (138) mschap: NT-Password found but
incorrect length, expected 16 bytes got 17 bytes. Authentication may fail
Thu Dec 20 01:10:08 2018 : WARNING: (138) mschap: No Cleartext-Password
configured. Cannot create NT-Password
Thu Dec 20 01:10:08 2018 : WARNING: (138) mschap: No Cleartext-Password
configured. Cannot create LM-Password
Thu Dec 20 01:10:08 2018 : Debug: (138) mschap: Creating challenge hash
with username: testlogin
Thu Dec 20 01:10:08 2018 : Debug: (138) mschap: Client is using MS-CHAPv2
Thu Dec 20 01:10:08 2018 : ERROR: (138) mschap: FAILED: No NT/LM-Password.
Cannot perform authentication
Thu Dec 20 01:10:08 2018 : ERROR: (138) mschap: MS-CHAP2-Response is
incorrect
Thu Dec 20 01:10:08 2018 : Debug: (138) modsingle[authenticate]:
returned from mschap (rlm_mschap)
Thu Dec 20 01:10:08 2018 : Debug: (138) [mschap] = reject
Thu Dec 20 01:10:08 2018 : Debug: (138) } # Auth-Type MS-CHAP = reject
Thu Dec 20 01:10:08 2018 : Debug: (138) eap: Sending EAP Failure (code 4)
ID 7 length 4
Thu Dec 20 01:10:08 2018 : Debug: (138) eap: Freeing handler
Thu Dec 20 01:10:08 2018 : Debug: (138) modsingle[authenticate]:
returned from eap (rlm_eap)
Thu Dec 20 01:10:08 2018 : Debug: (138) [eap] = reject
Thu Dec 20 01:10:08 2018 : Debug: (138) } # authenticate = reject
Thu Dec 20 01:10:08 2018 : Debug: (138) Failed to authenticate the user
Thu Dec 20 01:10:08 2018 : Debug: (138) Using Post-Auth-Type Reject
Thu Dec 20 01:10:08 2018 : Debug: (138) Post-Auth-Type sub-section not
found. Ignoring.
Thu Dec 20 01:10:08 2018 : Auth: (138) Login incorrect (mschap: FAILED:
No NT/LM-Password. Cannot perform authentication): [testlogin/<via
Auth-Type = eap>] (from client WC-5508_ port 0 via TLS tunnel)
Thu Dec 20 01:10:08 2018 : Debug: (138) } # server default
Thu Dec 20 01:10:08 2018 : Debug: (138) Virtual server sending reply
Thu Dec 20 01:10:08 2018 : Debug: (138) NT-Password =
0x696e616d6974414c545a694e3039393021
Thu Dec 20 01:10:08 2018 : Debug: (138) MS-CHAP-Error = "\007E=691 R=1
C=86e3f7442e804d519197bbbf0301334f V=3 M=Authentication rejected"
Thu Dec 20 01:10:08 2018 : Debug: (138) EAP-Message = 0x04070004
Thu Dec 20 01:10:08 2018 : Debug: (138) Message-Authenticator =
0x00000000000000000000000000000000
Thu Dec 20 01:10:08 2018 : Debug: (138) eap_peap: Got tunneled reply code 3
Thu Dec 20 01:10:08 2018 : Debug: (138) eap_peap: NT-Password =
0x696e616d6974414c545a694e3039393021
Thu Dec 20 01:10:08 2018 : Debug: (138) eap_peap: MS-CHAP-Error =
"\007E=691 R=1 C=86e3f7442e804d519197bbbf0301334f V=3 M=Authentication
rejected"
Thu Dec 20 01:10:08 2018 : Debug: (138) eap_peap: EAP-Message = 0x04070004
Thu Dec 20 01:10:08 2018 : Debug: (138) eap_peap: Message-Authenticator =
0x00000000000000000000000000000000
Thu Dec 20 01:10:08 2018 : Debug: (138) eap_peap: Got tunneled reply RADIUS
code 3
Thu Dec 20 01:10:08 2018 : Debug: (138) eap_peap: NT-Password =
0x696e616d6974414c545a694e3039393021
Thu Dec 20 01:10:08 2018 : Debug: (138) eap_peap: MS-CHAP-Error =
"\007E=691 R=1 C=86e3f7442e804d519197bbbf0301334f V=3 M=Authentication
rejected"
Thu Dec 20 01:10:08 2018 : Debug: (138) eap_peap: EAP-Message = 0x04070004
Thu Dec 20 01:10:08 2018 : Debug: (138) eap_peap: Message-Authenticator =
0x00000000000000000000000000000000
Thu Dec 20 01:10:08 2018 : Debug: (138) eap_peap: Tunneled authentication
was rejected
Thu Dec 20 01:10:08 2018 : Debug: (138) eap_peap: FAILURE
Thu Dec 20 01:10:08 2018 : Debug: Ignoring cbtls_msg call with pseudo
content type 256, version 0
Thu Dec 20 01:10:08 2018 : Debug: (138) eap: Sending EAP Request (code 1)
ID 8 length 59
Thu Dec 20 01:10:08 2018 : Debug: (138) eap: EAP session adding
&reply:State = 0x9a0fd4fc9f07cd9b
Thu Dec 20 01:10:08 2018 : Debug: (138) modsingle[authenticate]:
returned from eap (rlm_eap)
Thu Dec 20 01:10:08 2018 : Debug: (138) [eap] = handled
Thu Dec 20 01:10:08 2018 : Debug: (138) } # authenticate = handled
Thu Dec 20 01:10:08 2018 : Debug: (138) Using Post-Auth-Type Challenge
Thu Dec 20 01:10:08 2018 : Debug: (138) Post-Auth-Type sub-section not
found. Ignoring.
Thu Dec 20 01:10:08 2018 : Debug: (138) session-state: Nothing to cache
Could you please explain, what for you mean with "It looks like you've
taken the input password, and then tried to use that as the NT hash."?
Which way I have to use for my case?
And what exactly meaning strings below:
Thu Dec 20 01:10:08 2018 : Debug: (138) sql-wifi: NT-Password :=
0x696e616d6974414c545a694e3039393021
Thu Dec 20 01:10:08 2018 : Debug: (138) sql-wifi: NT-Password :=
0x3161666532333532663366363365333136376163646230306136646366386235
That isn't my real hashes. Yes, I used the same hash as you provided via
smbencrypt.
I can provide with you my full configuration file as well is it could help.
чт, 20 дек. 2018 г. в 11:40, Alan DeKok <aland(a)deployingradius.com>:
> On Dec 20, 2018, at 2:47 AM, Anton Kiryushkin <swood(a)fotofor.biz> wrote:
> >
> > Hello, Matthew.
> >
> > Yes, I have the same fear about the hash.
> > I made it in the two ways:
> > - hash=$(printf '%s' "${pass}" | iconv -t utf16le | openssl md4
> 2>/dev/null
> > | awk '{print $NF}')
> > - smbencrypt
> >
> > Both ways are equal. Which method is right in my case?
>
> smbencrypt it preferred. I use:
>
> $ smbencrypt hello
> LM Hash NT Hash
> -------------------------------- --------------------------------
> FDA95FBECA288D44AAD3B435B51404EE 066DDFD4EF0E9CD7C256FE77191EF43C
>
> And the use the NT hash.
>
> There is just no way that an input password ends up being *all* ASCII
> characters after hashing. It looks like you've taken the input password,
> and then tried to use that as the NT hash.
>
> Alan DeKok.
>
>
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
--
Best regards,
Anton Kiryushkin
------------------------------
Subject: Digest Footer
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
------------------------------
End of Freeradius-Users Digest, Vol 164, Issue 43
*************************************************
------------------------------
Subject: Digest Footer
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
------------------------------
End of Freeradius-Users Digest, Vol 164, Issue 44
*************************************************
1
0
Dear Support,
I would like to add google authenticator with freeradius. Please kindly assist to support as possible.
When I enable in /etc/freeradius/users
# Instruct FreeRADIUS to use PAM to authenticate users
DEFAULT Auth-Type := PAM
Username and password always reject PAM of user in MySQL.
Best regards,
Sum Soklang
Senior Network System Engineer
Cambo Technology ISP Co. Ltd.
+855 (0) 99 999 208
From: freeradius-users-request(a)lists.freeradius.org
Sent: Friday, December 21, 2018 3:54 AM
To: freeradius-users(a)lists.freeradius.org
Subject: Freeradius-Users Digest, Vol 164, Issue 43
Send Freeradius-Users mailing list submissions to
freeradius-users(a)lists.freeradius.org
To subscribe or unsubscribe via the World Wide Web, visit
http://lists.freeradius.org/mailman/listinfo/freeradius-users
or, via email, send a message with subject or body 'help' to
freeradius-users-request(a)lists.freeradius.org
You can reach the person managing the list at
freeradius-users-owner(a)lists.freeradius.org
When replying, please edit your Subject line so it is more specific
than "Re: Contents of Freeradius-Users digest..."
Today's Topics:
1. Re: why user dosn`t connect ? (Alan DeKok)
2. Re: why user dosn`t connect ? (Alan Buxey)
3. Re: Capacity calculation (Alan Buxey)
4. Re: why user dosn`t connect ? (تعلم البرمجة)
5. Re: why user dosn`t connect ? (Alan Buxey)
6. Re: why user dosn`t connect ? (Alan DeKok)
7. Re: why user dosn`t connect ? (Alan Buxey)
8. Re: Ms-Chap + NT-Password (Anton Kiryushkin)
----------------------------------------------------------------------
Message: 1
Date: Thu, 20 Dec 2018 10:18:33 -0500
From: Alan DeKok <aland(a)deployingradius.com>
To: FreeRadius users mailing list
<freeradius-users(a)lists.freeradius.org>
Subject: Re: why user dosn`t connect ?
Message-ID: <C061CF1B-7A61-493D-AE3F-6D1FF10E92AB(a)deployingradius.com>
Content-Type: text/plain; charset=utf-8
> On Dec 20, 2018, at 9:51 AM, تعلم البرمجة <mido2010bona(a)gmail.xn--com-yx0a> wrote:
>
> but why not added to radacct !!
If you're going to reply to your own messages, then PLEASE edit them so you don't post thousands of lines of the same debug output.
As for why there's no accounting packets, this is in the FAQ.
The NAS is supposed to send accounting packets. Poking FreeRADIUS won't magically make the NAS send accounting packets.
Go configure the NAS.
Alan DeKok.
------------------------------
Message: 2
Date: Thu, 20 Dec 2018 17:12:29 +0000
From: Alan Buxey <alan.buxey(a)gmail.com>
To: FreeRadius users mailing list
<freeradius-users(a)lists.freeradius.org>
Subject: Re: why user dosn`t connect ?
Message-ID:
<CAOVYXj9dPO6m_PxKAxd1HL0_AZVC+n6174-8ZKMxt4=O7z=vpQ(a)mail.gmail.com>
Content-Type: text/plain; charset="UTF-8"
hi,
but why not added to radacct !!
>
because the packet received by the server was an access-request, not an
accounting-start, interim update or stop. so no accounting
things were done.
alan
------------------------------
Message: 3
Date: Thu, 20 Dec 2018 17:18:23 +0000
From: Alan Buxey <alan.buxey(a)gmail.com>
To: FreeRadius users mailing list
<freeradius-users(a)lists.freeradius.org>
Subject: Re: Capacity calculation
Message-ID:
<CAOVYXj9Jgz3-JOgi-iM6Jejp=vTYaKgsfu-kWUKx9Ku5PKJaVw(a)mail.gmail.com>
Content-Type: text/plain; charset="UTF-8"
hi,
I want to understand how much TPS freeRADIUS will support for below
> configuration along with postgresql DB
>
>
as Nathan has said - this all depends on your configuration, requirements,
processes/policies that need to be dealt with, etc
you can easily do some local benchmarking on a local VM to work out
requirements for scaling - obviously the memory
requirement will be related to DB requirements (caching etc) - usually the
system will be constrained by steps such as
DB inserts etc (if doing live ones) rather than CPU - small institutions
could probably run FR on a RaspberryPi ...
alan
------------------------------
Message: 4
Date: Thu, 20 Dec 2018 19:21:27 +0200
From: تعلم البرمجة <mido2010bona(a)gmail.com>
To: freeradius-users(a)lists.freeradius.org
Subject: Re: why user dosn`t connect ?
Message-ID:
<CACe-uLw4kUSF6xP_tLH34EhvzZsmmYxs2GV9hCL09fbFa7qoOA(a)mail.gmail.com>
Content-Type: text/plain; charset="UTF-8"
thanks allan , i get this error message "User or Chap Password in
non-access request"
>
>
------------------------------
Message: 5
Date: Thu, 20 Dec 2018 17:22:39 +0000
From: Alan Buxey <alan.buxey(a)gmail.com>
To: FreeRadius users mailing list
<freeradius-users(a)lists.freeradius.org>
Subject: Re: why user dosn`t connect ?
Message-ID:
<CAOVYXj-hicmjZVHAMVNpYE_yqrkWT_9G-bBbBGf_=W+BV8TVqQ(a)mail.gmail.com>
Content-Type: text/plain; charset="UTF-8"
hi,
your sending access requests to port 1813 of the server?
alan
On Thu, 20 Dec 2018 at 17:22, تعلم البرمجة <mido2010bona(a)gmail.com>
wrote:
> thanks allan , i get this error message "User or Chap Password in
> non-access request"
>
> >
> >
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
------------------------------
Message: 6
Date: Thu, 20 Dec 2018 12:24:35 -0500
From: Alan DeKok <aland(a)deployingradius.com>
To: FreeRadius users mailing list
<freeradius-users(a)lists.freeradius.org>
Subject: Re: why user dosn`t connect ?
Message-ID: <7BBEF01A-206F-46DB-BF3E-2FE7326F31F7(a)deployingradius.com>
Content-Type: text/plain; charset=utf-8
> On Dec 20, 2018, at 12:21 PM, تعلم البرمجة <mido2010bona(a)gmail.xn--com-yx0a> wrote:
>
> thanks allan , i get this error message "User or Chap Password in
> non-access request"
That message doesn't come from FreeRADIUS.
Alan DeKok.
------------------------------
Message: 7
Date: Thu, 20 Dec 2018 17:27:06 +0000
From: Alan Buxey <alan.buxey(a)gmail.com>
To: FreeRadius users mailing list
<freeradius-users(a)lists.freeradius.org>
Subject: Re: why user dosn`t connect ?
Message-ID:
<CAOVYXj8c4XNngZ3-XAbxLk69WsDaQpDVgV65b42KfhEfHJQ=wg(a)mail.gmail.com>
Content-Type: text/plain; charset="UTF-8"
indeed, looks like its from php-radius
https://github.com/LawnGnome/php-radius
alan
------------------------------
Message: 8
Date: Thu, 20 Dec 2018 20:52:14 +0000
From: Anton Kiryushkin <swood(a)fotofor.biz>
To: FreeRadius users mailing list
<freeradius-users(a)lists.freeradius.org>
Subject: Re: Ms-Chap + NT-Password
Message-ID:
<CAM_jxg1hM8OLdKf0yHP6KkoXSRL+aCkfQHqk0ezQX+r1KPXcDw(a)mail.gmail.com>
Content-Type: text/plain; charset="UTF-8"
Hello, Alan.
I checked it.
Let me show you full log:
Thu Dec 20 01:10:08 2018 : Debug: (138) User-Name = "
anonymous(a)espressif.com"
Thu Dec 20 01:10:08 2018 : Debug: (138) Chargeable-User-Identity = 0x00
Thu Dec 20 01:10:08 2018 : Debug: (138) Location-Capable = Civic-Location
Thu Dec 20 01:10:08 2018 : Debug: (138) Calling-Station-Id =
"38-2b-78-03-ee-70"
Thu Dec 20 01:10:08 2018 : Debug: (138) Called-Station-Id =
"cc-46-d6-09-ed-50:BD"
Thu Dec 20 01:10:08 2018 : Debug: (138) NAS-Port = 13
Thu Dec 20 01:10:08 2018 : Debug: (138) Cisco-AVPair =
"audit-session-id=c0a807c8000000015ba9aa3b"
Thu Dec 20 01:10:08 2018 : Debug: (138) Acct-Session-Id =
"5ba9aa3b/38:2b:78:03:ee:70/1"
Thu Dec 20 01:10:08 2018 : Debug: (138) NAS-IP-Address = 192.168.1.200
Thu Dec 20 01:10:08 2018 : Debug: (138) NAS-Identifier = "wc-5508"
Thu Dec 20 01:10:08 2018 : Debug: (138) Airespace-Wlan-Id = 14
Thu Dec 20 01:10:08 2018 : Debug: (138) Service-Type = Framed-User
Thu Dec 20 01:10:08 2018 : Debug: (138) Framed-MTU = 1300
Thu Dec 20 01:10:08 2018 : Debug: (138) NAS-Port-Type = Wireless-802.11
Thu Dec 20 01:10:08 2018 : Debug: (138) Tunnel-Type:0 = VLAN
Thu Dec 20 01:10:08 2018 : Debug: (138) Tunnel-Medium-Type:0 = IEEE-802
Thu Dec 20 01:10:08 2018 : Debug: (138) Tunnel-Private-Group-Id:0 = "14"
Thu Dec 20 01:10:08 2018 : Debug: (138) EAP-Message =
0x0207007b19001703020070493c43a0045e1a736402d6353c2ebfd02b02b3da47074e8043e42814d384055eb07d8a3fdf5fc763651fee8a9c19e2525e0450f5bee24195a432757be658ec4fec63f0d1a904eaed55de4f98bc097aca893e67f8761a530e374122b3ba2c61eab23cf1af3ecd9ab8edf2907b
Thu Dec 20 01:10:08 2018 : Debug: (138) State =
0x9a0fd4fc9e08cd9b875e606333810d4e
Thu Dec 20 01:10:08 2018 : Debug: (138) Message-Authenticator =
0x3b8a82762eef0a453f82a36821b263f2
Thu Dec 20 01:10:08 2018 : Debug: (138) session-state: No cached attributes
Thu Dec 20 01:10:08 2018 : Debug: (138) # Executing section authorize from
file /etc/raddb/sites-enabled/default
Thu Dec 20 01:10:08 2018 : Debug: (138) authorize {
Thu Dec 20 01:10:08 2018 : Debug: (138) if (!control:Cleartext-Password
&& &User-Password) {
Thu Dec 20 01:10:08 2018 : Debug: (138) if (!control:Cleartext-Password
&& &User-Password) -> FALSE
Thu Dec 20 01:10:08 2018 : Debug: (138) if (config:User-Password &&
config:Cleartext-Password) {
Thu Dec 20 01:10:08 2018 : Debug: (138) if (config:User-Password &&
config:Cleartext-Password) -> FALSE
Thu Dec 20 01:10:08 2018 : Debug: (138) modsingle[authorize]: calling
preprocess (rlm_preprocess)
Thu Dec 20 01:10:08 2018 : Debug: (138) modsingle[authorize]: returned
from preprocess (rlm_preprocess)
Thu Dec 20 01:10:08 2018 : Debug: (138) [preprocess] = ok
Thu Dec 20 01:10:08 2018 : Debug: (138) modsingle[authorize]: calling
chap (rlm_chap)
Thu Dec 20 01:10:08 2018 : Debug: (138) modsingle[authorize]: returned
from chap (rlm_chap)
Thu Dec 20 01:10:08 2018 : Debug: (138) [chap] = noop
Thu Dec 20 01:10:08 2018 : Debug: (138) modsingle[authorize]: calling
mschap (rlm_mschap)
Thu Dec 20 01:10:08 2018 : Debug: (138) modsingle[authorize]: returned
from mschap (rlm_mschap)
Thu Dec 20 01:10:08 2018 : Debug: (138) [mschap] = noop
Thu Dec 20 01:10:08 2018 : Debug: (138) modsingle[authorize]: calling
suffix (rlm_realm)
Thu Dec 20 01:10:08 2018 : Debug: (138) suffix: Checking for suffix after
"@"
Thu Dec 20 01:10:08 2018 : Debug: (138) suffix: Looking up realm "
espressif.com" for User-Name = "anonymous(a)espressif.com"
Thu Dec 20 01:10:08 2018 : Debug: (138) suffix: No such realm "espressif.com
"
Thu Dec 20 01:10:08 2018 : Debug: (138) modsingle[authorize]: returned
from suffix (rlm_realm)
Thu Dec 20 01:10:08 2018 : Debug: (138) [suffix] = noop
Thu Dec 20 01:10:08 2018 : Debug: (138) modsingle[authorize]: calling
eap (rlm_eap)
Thu Dec 20 01:10:08 2018 : Debug: (138) eap: Peer sent EAP Response (code
2) ID 7 length 123
Thu Dec 20 01:10:08 2018 : Debug: (138) eap: Continuing tunnel setup
Thu Dec 20 01:10:08 2018 : Debug: (138) modsingle[authorize]: returned
from eap (rlm_eap)
Thu Dec 20 01:10:08 2018 : Debug: (138) [eap] = ok
Thu Dec 20 01:10:08 2018 : Debug: (138) } # authorize = ok
Thu Dec 20 01:10:08 2018 : Debug: (138) Found Auth-Type = eap
Thu Dec 20 01:10:08 2018 : Debug: (138) # Executing group from file
/etc/raddb/sites-enabled/default
Thu Dec 20 01:10:08 2018 : Debug: (138) authenticate {
Thu Dec 20 01:10:08 2018 : Debug: (138) modsingle[authenticate]:
calling eap (rlm_eap)
Thu Dec 20 01:10:08 2018 : Debug: (138) eap: Expiring EAP session with
state 0x0d5314a80d540ec8
Thu Dec 20 01:10:08 2018 : Debug: (138) eap: Finished EAP session with
state 0x9a0fd4fc9e08cd9b
Thu Dec 20 01:10:08 2018 : Debug: (138) eap: Previous EAP request found for
state 0x9a0fd4fc9e08cd9b, released from the list
Thu Dec 20 01:10:08 2018 : Debug: (138) eap: Peer sent packet with method
EAP PEAP (25)
Thu Dec 20 01:10:08 2018 : Debug: (138) eap: Calling submodule eap_peap to
process data
Thu Dec 20 01:10:08 2018 : Debug: (138) eap_peap: Continuing EAP-TLS
Thu Dec 20 01:10:08 2018 : Debug: (138) eap_peap: Peer sent flags ---
Thu Dec 20 01:10:08 2018 : Debug: (138) eap_peap: [eaptls verify] = ok
Thu Dec 20 01:10:08 2018 : Debug: (138) eap_peap: Done initial handshake
Thu Dec 20 01:10:08 2018 : Debug: Ignoring cbtls_msg call with pseudo
content type 256, version 0
Thu Dec 20 01:10:08 2018 : Debug: (138) eap_peap: [eaptls process] = ok
Thu Dec 20 01:10:08 2018 : Debug: (138) eap_peap: Session established.
Decoding tunneled attributes
Thu Dec 20 01:10:08 2018 : Debug: (138) eap_peap: PEAP state phase2
Thu Dec 20 01:10:08 2018 : Debug: (138) eap_peap: EAP method MSCHAPv2 (26)
Thu Dec 20 01:10:08 2018 : Debug: (138) eap_peap: Got tunneled request
Thu Dec 20 01:10:08 2018 : Debug: (138) eap_peap: EAP-Message =
0x020700441a0207003f3199f6449a50fa3b50be389565dde6ae4b0000000000000000e78496d30625840ded712d0b260d96bead07a7fdd950530a00792e6c696c656b6f76
Thu Dec 20 01:10:08 2018 : Debug: (138) eap_peap: Setting User-Name to
testlogin
Thu Dec 20 01:10:08 2018 : Debug: (138) eap_peap: Sending tunneled request
to default
Thu Dec 20 01:10:08 2018 : Debug: (138) eap_peap: EAP-Message =
0x020700441a0207003f3199f6449a50fa3b50be389565dde6ae4b0000000000000000e78496d30625840ded712d0b260d96bead07a7fdd950530a00792e6c696c656b6f76
Thu Dec 20 01:10:08 2018 : Debug: (138) eap_peap: FreeRADIUS-Proxied-To =
127.0.0.1
Thu Dec 20 01:10:08 2018 : Debug: (138) eap_peap: User-Name = “testlogin"
Thu Dec 20 01:10:08 2018 : Debug: (138) eap_peap: State =
0x0d5314a80d540ec8eca17483a9cfe203
Thu Dec 20 01:10:08 2018 : Debug: (138) Virtual server default received
request
Thu Dec 20 01:10:08 2018 : Debug: (138) EAP-Message =
0x020700441a0207003f3199f6449a50fa3b50be389565dde6ae4b0000000000000000e78496d30625840ded712d0b260d96bead07a7fdd950530a00792e6c696c656b6f76
Thu Dec 20 01:10:08 2018 : Debug: (138) FreeRADIUS-Proxied-To = 127.0.0.1
Thu Dec 20 01:10:08 2018 : Debug: (138) User-Name = "testlogin "
Thu Dec 20 01:10:08 2018 : Debug: (138) State =
0x0d5314a80d540ec8eca17483a9cfe203
Thu Dec 20 01:10:08 2018 : Debug: (138) server default {
Thu Dec 20 01:10:08 2018 : Debug: (138) session-state: No cached
attributes
Thu Dec 20 01:10:08 2018 : Debug: (138) # Executing section authorize
from file /etc/raddb/sites-enabled/default
Thu Dec 20 01:10:08 2018 : Debug: (138) authorize {
Thu Dec 20 01:10:08 2018 : Debug: (138) if
(!control:Cleartext-Password && &User-Password) {
Thu Dec 20 01:10:08 2018 : Debug: (138) if
(!control:Cleartext-Password && &User-Password) -> FALSE
Thu Dec 20 01:10:08 2018 : Debug: (138) if (config:User-Password &&
config:Cleartext-Password) {
Thu Dec 20 01:10:08 2018 : Debug: (138) if (config:User-Password &&
config:Cleartext-Password) -> FALSE
Thu Dec 20 01:10:08 2018 : Debug: (138) modsingle[authorize]: calling
preprocess (rlm_preprocess)
Thu Dec 20 01:10:08 2018 : Debug: (138) modsingle[authorize]:
returned from preprocess (rlm_preprocess)
Thu Dec 20 01:10:08 2018 : Debug: (138) [preprocess] = ok
Thu Dec 20 01:10:08 2018 : Debug: (138) modsingle[authorize]: calling
chap (rlm_chap)
Thu Dec 20 01:10:08 2018 : Debug: (138) modsingle[authorize]:
returned from chap (rlm_chap)
Thu Dec 20 01:10:08 2018 : Debug: (138) [chap] = noop
Thu Dec 20 01:10:08 2018 : Debug: (138) modsingle[authorize]: calling
mschap (rlm_mschap)
Thu Dec 20 01:10:08 2018 : Debug: (138) modsingle[authorize]:
returned from mschap (rlm_mschap)
Thu Dec 20 01:10:08 2018 : Debug: (138) [mschap] = noop
Thu Dec 20 01:10:08 2018 : Debug: (138) modsingle[authorize]: calling
suffix (rlm_realm)
Thu Dec 20 01:10:08 2018 : Debug: (138) suffix: Checking for suffix after
"@"
Thu Dec 20 01:10:08 2018 : Debug: (138) suffix: No '@' in User-Name =
“testlogin", looking up realm NULL
Thu Dec 20 01:10:08 2018 : Debug: (138) suffix: No such realm "NULL"
Thu Dec 20 01:10:08 2018 : Debug: (138) modsingle[authorize]:
returned from suffix (rlm_realm)
Thu Dec 20 01:10:08 2018 : Debug: (138) [suffix] = noop
Thu Dec 20 01:10:08 2018 : Debug: (138) modsingle[authorize]: calling
eap (rlm_eap)
Thu Dec 20 01:10:08 2018 : Debug: (138) eap: Peer sent EAP Response (code
2) ID 7 length 68
Thu Dec 20 01:10:08 2018 : Debug: (138) eap: No EAP Start, assuming it's an
on-going EAP conversation
Thu Dec 20 01:10:08 2018 : Debug: (138) modsingle[authorize]:
returned from eap (rlm_eap)
Thu Dec 20 01:10:08 2018 : Debug: (138) [eap] = updated
Thu Dec 20 01:10:08 2018 : Debug: (138) modsingle[authorize]: calling
sql-wifi (rlm_sql)
Thu Dec 20 01:10:08 2018 : Debug: %{User-Name}
Thu Dec 20 01:10:08 2018 : Debug: Parsed xlat tree:
Thu Dec 20 01:10:08 2018 : Debug: attribute --> User-Name
Thu Dec 20 01:10:08 2018 : Debug: (138) sql-wifi: EXPAND %{User-Name}
Thu Dec 20 01:10:08 2018 : Debug: (138) sql-wifi: --> testlogin
Thu Dec 20 01:10:08 2018 : Debug: (138) sql-wifi: SQL-User-Name set to
’testlogin'
Thu Dec 20 01:10:08 2018 : Info: rlm_sql (sql-wifi): Closing connection
(28): Hit idle_timeout, was idle for 80 seconds
Thu Dec 20 01:10:08 2018 : Debug: rlm_sql (sql-wifi): You probably need to
lower "min"
Thu Dec 20 01:10:08 2018 : Debug: rlm_sql_mysql: Socket destructor called,
closing socket
Thu Dec 20 01:10:08 2018 : Debug: rlm_sql (sql-wifi): Reserved connection
(19)
Thu Dec 20 01:10:08 2018 : Debug: SELECT wifi_id as id, UserName,
'NT-Password' as attribute, pass_hash, ':=' as op FROM userstable WHERE
username = '%{SQL-User-Name}' ORDER BY id
Thu Dec 20 01:10:08 2018 : Debug: Parsed xlat tree:
Thu Dec 20 01:10:08 2018 : Debug: literal --> SELECT wifi_id as id,
UserName, 'NT-Password' as attribute, pass_hash, ':=' as op FROM
userstable WHERE username = '
Thu Dec 20 01:10:08 2018 : Debug: attribute --> SQL-User-Name
Thu Dec 20 01:10:08 2018 : Debug: literal --> ' ORDER BY id
Thu Dec 20 01:10:08 2018 : Debug: (138) sql-wifi: EXPAND SELECT wifi_id as
id, UserName, 'NT-Password' as attribute, pass_hash, ':=' as op FROM
userstable WHERE username = '%{SQL-User-Name}' ORDER BY id
Thu Dec 20 01:10:08 2018 : Debug: (138) sql-wifi: --> SELECT wifi_id as
id, UserName, 'NT-Password' as attribute, pass_hash, ':=' as op FROM
userstable WHERE username = ’testlogin' ORDER BY id
Thu Dec 20 01:10:08 2018 : Debug: (138) sql-wifi: Executing select query:
SELECT wifi_id as id, UserName, 'NT-Password' as attribute, pass_hash, ':='
as op FROM userstable WHERE username = ’testlogin' ORDER BY id
Thu Dec 20 01:10:08 2018 : Debug: (138) sql-wifi: User found in radcheck
table
Thu Dec 20 01:10:08 2018 : Debug: (138) sql-wifi: Conditional check items
matched, merging assignment check items
Thu Dec 20 01:10:08 2018 : Debug: (138) sql-wifi: NT-Password :=
0x3161666532333532663366363365333136376163646230306136646366386235
Thu Dec 20 01:10:08 2018 : Debug: (138) sql-wifi: ::: FROM 1 TO 1 MAX 2
Thu Dec 20 01:10:08 2018 : Debug: (138) sql-wifi: ::: Examining NT-Password
Thu Dec 20 01:10:08 2018 : Debug: (138) sql-wifi: ::: APPENDING NT-Password
FROM 0 TO 1
Thu Dec 20 01:10:08 2018 : Debug: (138) sql-wifi: ::: TO in 1 out 1
Thu Dec 20 01:10:08 2018 : Debug: (138) sql-wifi: ::: to[0] = Auth-Type
Thu Dec 20 01:10:08 2018 : Debug: SELECT wifi_id as id, username,
'NT-Password' as attribute, pass_hash, ':=' as op FROM userstable WHERE
username = '%{SQL-User-Name}' ORDER BY id
Thu Dec 20 01:10:08 2018 : Debug: Parsed xlat tree:
Thu Dec 20 01:10:08 2018 : Debug: literal --> SELECT wifi_id as id,
username, 'NT-Password' as attribute, pass_hash, ':=' as op FROM
userstable WHERE username = '
Thu Dec 20 01:10:08 2018 : Debug: attribute --> SQL-User-Name
Thu Dec 20 01:10:08 2018 : Debug: literal --> ' ORDER BY id
Thu Dec 20 01:10:08 2018 : Debug: (138) sql-wifi: EXPAND SELECT wifi_id as
id, username, 'NT-Password' as attribute, pass_hash, ':=' as op FROM
userstable WHERE username = '%{SQL-User-Name}' ORDER BY id
Thu Dec 20 01:10:08 2018 : Debug: (138) sql-wifi: --> SELECT wifi_id as
id, username, 'NT-Password' as attribute, pass_hash, ':=' as op FROM
userstable WHERE username = ’testlogin' ORDER BY id
Thu Dec 20 01:10:08 2018 : Debug: (138) sql-wifi: Executing select query:
SELECT wifi_id as id, username, 'NT-Password' as attribute, pass_hash, ':='
as op FROM userstable WHERE username = ’testlogin' ORDER BY id
Thu Dec 20 01:10:08 2018 : Debug: (138) sql-wifi: User found in radreply
table, merging reply items
Thu Dec 20 01:10:08 2018 : Debug: (138) sql-wifi: NT-Password :=
0x3161666532333532663366363365333136376163646230306136646366386235
Thu Dec 20 01:10:08 2018 : Debug: (138) sql-wifi: ::: FROM 1 TO 0 MAX 1
Thu Dec 20 01:10:08 2018 : Debug: (138) sql-wifi: ::: Examining NT-Password
Thu Dec 20 01:10:08 2018 : Debug: (138) sql-wifi: ::: APPENDING NT-Password
FROM 0 TO 0
Thu Dec 20 01:10:08 2018 : Debug: (138) sql-wifi: ::: TO in 0 out 0
Thu Dec 20 01:10:08 2018 : Debug: (138) sql-wifi: ... falling-through to
group processing
Thu Dec 20 01:10:08 2018 : Debug: SELECT 'OfficeWifi' as GroupName FROM
userstable WHERE UserName='%{SQL-User-Name}'
Thu Dec 20 01:10:08 2018 : Debug: Parsed xlat tree:
Thu Dec 20 01:10:08 2018 : Debug: literal --> SELECT 'OfficeWifi' as
GroupName FROM userstable WHERE UserName='
Thu Dec 20 01:10:08 2018 : Debug: attribute --> SQL-User-Name
Thu Dec 20 01:10:08 2018 : Debug: literal --> '
Thu Dec 20 01:10:08 2018 : Debug: (138) sql-wifi: EXPAND SELECT
'OfficeWifi' as GroupName FROM userstable WHERE UserName='%{SQL-User-Name}'
Thu Dec 20 01:10:08 2018 : Debug: (138) sql-wifi: --> SELECT
'OfficeWifi' as GroupName FROM userstable WHERE UserName='testlogin'
Thu Dec 20 01:10:08 2018 : Debug: (138) sql-wifi: Executing select query:
SELECT 'OfficeWifi' as GroupName FROM userstable WHERE UserName='testlogin'
Thu Dec 20 01:10:08 2018 : Debug: (138) sql-wifi: User found in the group
table
Thu Dec 20 01:10:08 2018 : Debug: SELECT wifi_id as id, 'OfficeWifi' as
GroupName, 'NT-Password' as attribute, password, ':=' as op FROM userstable
WHERE Username = '%{SQL-User-Name}' ORDER BY id
Thu Dec 20 01:10:08 2018 : Debug: Parsed xlat tree:
Thu Dec 20 01:10:08 2018 : Debug: literal --> SELECT wifi_id as id,
'OfficeWifi' as GroupName, 'NT-Password' as attribute, password, ':='
as op FROM
userstable WHERE Username = '
Thu Dec 20 01:10:08 2018 : Debug: attribute --> SQL-User-Name
Thu Dec 20 01:10:08 2018 : Debug: literal --> ' ORDER BY id
Thu Dec 20 01:10:08 2018 : Debug: (138) sql-wifi: EXPAND SELECT wifi_id as
id, 'OfficeWifi' as GroupName, 'NT-Password' as attribute, password, ':='
as op FROM userstable WHERE Username = '%{SQL-User-Name}'
ORDER BY id
Thu Dec 20 01:10:08 2018 : Debug: (138) sql-wifi: --> SELECT wifi_id as
id, 'OfficeWifi' as GroupName, 'NT-Password' as attribute, password, ':='
as op FROM userstable WHERE Username = ’testlogin'
ORDER BY id
Thu Dec 20 01:10:08 2018 : Debug: (138) sql-wifi: Executing select query:
SELECT wifi_id as id, 'OfficeWifi' as GroupName, 'NT-Password' as
attribute, password, ':=' as op FROM userstable WHERE Username =
'testlogin' ORDER BY id
Thu Dec 20 01:10:08 2018 : Debug: (138) sql-wifi: Group "OfficeWifi":
Conditional check items matched
Thu Dec 20 01:10:08 2018 : Debug: (138) sql-wifi: Group "OfficeWifi":
Merging assignment check items
Thu Dec 20 01:10:08 2018 : Debug: (138) sql-wifi: NT-Password :=
0x696e616d6974414c545a694e3039393021
Thu Dec 20 01:10:08 2018 : Debug: (138) sql-wifi: ::: FROM 1 TO 2 MAX 3
Thu Dec 20 01:10:08 2018 : Debug: (138) sql-wifi: ::: Examining NT-Password
Thu Dec 20 01:10:08 2018 : Debug: (138) sql-wifi: ::: OVERWRITING
NT-Password FROM 0 TO 1
Thu Dec 20 01:10:08 2018 : Debug: (138) sql-wifi: ::: TO in 2 out 2
Thu Dec 20 01:10:08 2018 : Debug: (138) sql-wifi: ::: to[0] = Auth-Type
Thu Dec 20 01:10:08 2018 : Debug: (138) sql-wifi: ::: to[1] = NT-Password
Thu Dec 20 01:10:08 2018 : Debug: SELECT wifi_id as id, 'OfficeWifi' as
GroupName, 'NT-Password' as attribute, password, ':=' as op FROM
userstable WHERE Username = '%{SQL-User-Name}' ORDER BY
id
Thu Dec 20 01:10:08 2018 : Debug: Parsed xlat tree:
Thu Dec 20 01:10:08 2018 : Debug: literal --> SELECT wifi_id as id,
'OfficeWifi' as GroupName, 'NT-Password' as attribute, password, ':=' as op
FROM userstable WHERE Username = '
Thu Dec 20 01:10:08 2018 : Debug: attribute --> SQL-User-Name
Thu Dec 20 01:10:08 2018 : Debug: literal --> ' ORDER BY id
Thu Dec 20 01:10:08 2018 : Debug: (138) sql-wifi: EXPAND SELECT wifi_id as
id, 'OfficeWifi' as GroupName, 'NT-Password' as attribute, password, ':='
as op FROM userstable WHERE Username = '%{SQL-User-Name}'
ORDER BY id
Thu Dec 20 01:10:08 2018 : Debug: (138) sql-wifi: --> SELECT wifi_id as
id, 'OfficeWifi' as GroupName, 'NT-Password' as attribute, password, ':='
as op FROM userstable WHERE Username = 'testlogin'
ORDER BY id
Thu Dec 20 01:10:08 2018 : Debug: (138) sql-wifi: Executing select query:
SELECT wifi_id as id, 'OfficeWifi' as GroupName, 'NT-Password' as
attribute, password, ':=' as op FROM userstable WHERE
Username = 'testlogin' ORDER BY id
Thu Dec 20 01:10:08 2018 : Debug: (138) sql-wifi: Group "OfficeWifi":
Merging reply items
Thu Dec 20 01:10:08 2018 : Debug: (138) sql-wifi: NT-Password :=
0x696e616d6974414c545a694e3039393021
Thu Dec 20 01:10:08 2018 : Debug: (138) sql-wifi: ::: FROM 1 TO 1 MAX 2
Thu Dec 20 01:10:08 2018 : Debug: (138) sql-wifi: ::: Examining NT-Password
Thu Dec 20 01:10:08 2018 : Debug: (138) sql-wifi: ::: OVERWRITING
NT-Password FROM 0 TO 0
Thu Dec 20 01:10:08 2018 : Debug: (138) sql-wifi: ::: TO in 1 out 1
Thu Dec 20 01:10:08 2018 : Debug: (138) sql-wifi: ::: to[0] = NT-Password
Thu Dec 20 01:10:08 2018 : Debug: (138) sql-wifi: ... falling-through to
profile processing
Thu Dec 20 01:10:08 2018 : Debug: rlm_sql (sql-wifi): Released connection
(19)
Thu Dec 20 01:10:08 2018 : Info: Need 1 more connections to reach min
connections (5)
Thu Dec 20 01:10:08 2018 : Info: rlm_sql (sql-wifi): Opening additional
connection (30), 1 of 6 pending slots used
Thu Dec 20 01:10:08 2018 : Debug: rlm_sql_mysql: Starting connect to MySQL
server
Thu Dec 20 01:10:08 2018 : Debug: rlm_sql_mysql: Connected to database
'vpn_wifi' on 127.0.0.1 via TCP/IP, server version 5.7.19-17-log, protocol
version 10
Thu Dec 20 01:10:08 2018 : Debug: (138) modsingle[authorize]:
returned from sql-wifi (rlm_sql)
Thu Dec 20 01:10:08 2018 : Debug: (138) [sql-wifi] = ok
Thu Dec 20 01:10:08 2018 : Debug: (138) modsingle[authorize]: calling
pap (rlm_pap)
Thu Dec 20 01:10:08 2018 : WARNING: (138) pap: Auth-Type already set. Not
setting to PAP
Thu Dec 20 01:10:08 2018 : Debug: (138) modsingle[authorize]:
returned from pap (rlm_pap)
Thu Dec 20 01:10:08 2018 : Debug: (138) [pap] = noop
Thu Dec 20 01:10:08 2018 : Debug: (138) } # authorize = updated
Thu Dec 20 01:10:08 2018 : Debug: (138) Found Auth-Type = eap
Thu Dec 20 01:10:08 2018 : Debug: (138) # Executing group from file
/etc/raddb/sites-enabled/default
Thu Dec 20 01:10:08 2018 : Debug: (138) authenticate {
Thu Dec 20 01:10:08 2018 : Debug: (138) modsingle[authenticate]:
calling eap (rlm_eap)
Thu Dec 20 01:10:08 2018 : Debug: (138) eap: Expiring EAP session with
state 0x0d5314a80d540ec8
Thu Dec 20 01:10:08 2018 : Debug: (138) eap: Finished EAP session with
state 0x0d5314a80d540ec8
Thu Dec 20 01:10:08 2018 : Debug: (138) eap: Previous EAP request found for
state 0x0d5314a80d540ec8, released from the list
Thu Dec 20 01:10:08 2018 : Debug: (138) eap: Peer sent packet with method
EAP MSCHAPv2 (26)
Thu Dec 20 01:10:08 2018 : Debug: (138) eap: Calling submodule eap_mschapv2
to process data
Thu Dec 20 01:10:08 2018 : Debug: (138) eap_mschapv2: # Executing group
from file /etc/raddb/sites-enabled/default
Thu Dec 20 01:10:08 2018 : Debug: (138) eap_mschapv2: Auth-Type MS-CHAP {
Thu Dec 20 01:10:08 2018 : Debug: (138) eap_mschapv2:
modsingle[authenticate]: calling mschap (rlm_mschap)
Thu Dec 20 01:10:08 2018 : WARNING: (138) mschap: NT-Password found but
incorrect length, expected 16 bytes got 17 bytes. Authentication may fail
Thu Dec 20 01:10:08 2018 : WARNING: (138) mschap: No Cleartext-Password
configured. Cannot create NT-Password
Thu Dec 20 01:10:08 2018 : WARNING: (138) mschap: No Cleartext-Password
configured. Cannot create LM-Password
Thu Dec 20 01:10:08 2018 : Debug: (138) mschap: Creating challenge hash
with username: testlogin
Thu Dec 20 01:10:08 2018 : Debug: (138) mschap: Client is using MS-CHAPv2
Thu Dec 20 01:10:08 2018 : ERROR: (138) mschap: FAILED: No NT/LM-Password.
Cannot perform authentication
Thu Dec 20 01:10:08 2018 : ERROR: (138) mschap: MS-CHAP2-Response is
incorrect
Thu Dec 20 01:10:08 2018 : Debug: (138) modsingle[authenticate]:
returned from mschap (rlm_mschap)
Thu Dec 20 01:10:08 2018 : Debug: (138) [mschap] = reject
Thu Dec 20 01:10:08 2018 : Debug: (138) } # Auth-Type MS-CHAP = reject
Thu Dec 20 01:10:08 2018 : Debug: (138) eap: Sending EAP Failure (code 4)
ID 7 length 4
Thu Dec 20 01:10:08 2018 : Debug: (138) eap: Freeing handler
Thu Dec 20 01:10:08 2018 : Debug: (138) modsingle[authenticate]:
returned from eap (rlm_eap)
Thu Dec 20 01:10:08 2018 : Debug: (138) [eap] = reject
Thu Dec 20 01:10:08 2018 : Debug: (138) } # authenticate = reject
Thu Dec 20 01:10:08 2018 : Debug: (138) Failed to authenticate the user
Thu Dec 20 01:10:08 2018 : Debug: (138) Using Post-Auth-Type Reject
Thu Dec 20 01:10:08 2018 : Debug: (138) Post-Auth-Type sub-section not
found. Ignoring.
Thu Dec 20 01:10:08 2018 : Auth: (138) Login incorrect (mschap: FAILED:
No NT/LM-Password. Cannot perform authentication): [testlogin/<via
Auth-Type = eap>] (from client WC-5508_ port 0 via TLS tunnel)
Thu Dec 20 01:10:08 2018 : Debug: (138) } # server default
Thu Dec 20 01:10:08 2018 : Debug: (138) Virtual server sending reply
Thu Dec 20 01:10:08 2018 : Debug: (138) NT-Password =
0x696e616d6974414c545a694e3039393021
Thu Dec 20 01:10:08 2018 : Debug: (138) MS-CHAP-Error = "\007E=691 R=1
C=86e3f7442e804d519197bbbf0301334f V=3 M=Authentication rejected"
Thu Dec 20 01:10:08 2018 : Debug: (138) EAP-Message = 0x04070004
Thu Dec 20 01:10:08 2018 : Debug: (138) Message-Authenticator =
0x00000000000000000000000000000000
Thu Dec 20 01:10:08 2018 : Debug: (138) eap_peap: Got tunneled reply code 3
Thu Dec 20 01:10:08 2018 : Debug: (138) eap_peap: NT-Password =
0x696e616d6974414c545a694e3039393021
Thu Dec 20 01:10:08 2018 : Debug: (138) eap_peap: MS-CHAP-Error =
"\007E=691 R=1 C=86e3f7442e804d519197bbbf0301334f V=3 M=Authentication
rejected"
Thu Dec 20 01:10:08 2018 : Debug: (138) eap_peap: EAP-Message = 0x04070004
Thu Dec 20 01:10:08 2018 : Debug: (138) eap_peap: Message-Authenticator =
0x00000000000000000000000000000000
Thu Dec 20 01:10:08 2018 : Debug: (138) eap_peap: Got tunneled reply RADIUS
code 3
Thu Dec 20 01:10:08 2018 : Debug: (138) eap_peap: NT-Password =
0x696e616d6974414c545a694e3039393021
Thu Dec 20 01:10:08 2018 : Debug: (138) eap_peap: MS-CHAP-Error =
"\007E=691 R=1 C=86e3f7442e804d519197bbbf0301334f V=3 M=Authentication
rejected"
Thu Dec 20 01:10:08 2018 : Debug: (138) eap_peap: EAP-Message = 0x04070004
Thu Dec 20 01:10:08 2018 : Debug: (138) eap_peap: Message-Authenticator =
0x00000000000000000000000000000000
Thu Dec 20 01:10:08 2018 : Debug: (138) eap_peap: Tunneled authentication
was rejected
Thu Dec 20 01:10:08 2018 : Debug: (138) eap_peap: FAILURE
Thu Dec 20 01:10:08 2018 : Debug: Ignoring cbtls_msg call with pseudo
content type 256, version 0
Thu Dec 20 01:10:08 2018 : Debug: (138) eap: Sending EAP Request (code 1)
ID 8 length 59
Thu Dec 20 01:10:08 2018 : Debug: (138) eap: EAP session adding
&reply:State = 0x9a0fd4fc9f07cd9b
Thu Dec 20 01:10:08 2018 : Debug: (138) modsingle[authenticate]:
returned from eap (rlm_eap)
Thu Dec 20 01:10:08 2018 : Debug: (138) [eap] = handled
Thu Dec 20 01:10:08 2018 : Debug: (138) } # authenticate = handled
Thu Dec 20 01:10:08 2018 : Debug: (138) Using Post-Auth-Type Challenge
Thu Dec 20 01:10:08 2018 : Debug: (138) Post-Auth-Type sub-section not
found. Ignoring.
Thu Dec 20 01:10:08 2018 : Debug: (138) session-state: Nothing to cache
Could you please explain, what for you mean with "It looks like you've
taken the input password, and then tried to use that as the NT hash."?
Which way I have to use for my case?
And what exactly meaning strings below:
Thu Dec 20 01:10:08 2018 : Debug: (138) sql-wifi: NT-Password :=
0x696e616d6974414c545a694e3039393021
Thu Dec 20 01:10:08 2018 : Debug: (138) sql-wifi: NT-Password :=
0x3161666532333532663366363365333136376163646230306136646366386235
That isn't my real hashes. Yes, I used the same hash as you provided via
smbencrypt.
I can provide with you my full configuration file as well is it could help.
чт, 20 дек. 2018 г. в 11:40, Alan DeKok <aland(a)deployingradius.com>:
> On Dec 20, 2018, at 2:47 AM, Anton Kiryushkin <swood(a)fotofor.biz> wrote:
> >
> > Hello, Matthew.
> >
> > Yes, I have the same fear about the hash.
> > I made it in the two ways:
> > - hash=$(printf '%s' "${pass}" | iconv -t utf16le | openssl md4
> 2>/dev/null
> > | awk '{print $NF}')
> > - smbencrypt
> >
> > Both ways are equal. Which method is right in my case?
>
> smbencrypt it preferred. I use:
>
> $ smbencrypt hello
> LM Hash NT Hash
> -------------------------------- --------------------------------
> FDA95FBECA288D44AAD3B435B51404EE 066DDFD4EF0E9CD7C256FE77191EF43C
>
> And the use the NT hash.
>
> There is just no way that an input password ends up being *all* ASCII
> characters after hashing. It looks like you've taken the input password,
> and then tried to use that as the NT hash.
>
> Alan DeKok.
>
>
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
--
Best regards,
Anton Kiryushkin
------------------------------
Subject: Digest Footer
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
------------------------------
End of Freeradius-Users Digest, Vol 164, Issue 43
*************************************************
1
0
hello , i have username test and password test in database but this user
after authenticated success disconnect !
sorry for my english and this is my log
Thu Dec 20 15:55:19 2018 : Debug: (0) Found Auth-Type = PAP
Thu Dec 20 15:55:19 2018 : Debug: (0) # Executing group from file
/etc/freeradius/sites-enabled/default
Thu Dec 20 15:55:19 2018 : Debug: (0) Auth-Type PAP {
Thu Dec 20 15:55:19 2018 : Debug: (0) modsingle[authenticate]: calling
pap (rlm_pap) for request 0
Thu Dec 20 15:55:19 2018 : Debug: (0) pap: Login attempt with password
"test" (4)
Thu Dec 20 15:55:19 2018 : Debug: (0) pap: Comparing with "known good"
Cleartext-Password "test" (4)
Thu Dec 20 15:55:19 2018 : Debug: (0) pap: User authenticated successfully
Thu Dec 20 15:55:19 2018 : Debug: (0) modsingle[authenticate]: returned
from pap (rlm_pap) for request 0
Thu Dec 20 15:55:19 2018 : Debug: (0) [pap] = ok
Thu Dec 20 15:55:19 2018 : Debug: (0) } # Auth-Type PAP = ok
Thu Dec 20 15:55:19 2018 : Debug: (0) # Executing section session from file
/etc/freeradius/sites-enabled/default
Thu Dec 20 15:55:19 2018 : Debug: (0) session {
Thu Dec 20 15:55:19 2018 : Debug: (0) modsingle[session]: calling sql
(rlm_sql) for request 0
Thu Dec 20 15:55:19 2018 : Debug: %{User-Name}
Thu Dec 20 15:55:19 2018 : Debug: Parsed xlat tree:
Thu Dec 20 15:55:19 2018 : Debug: attribute --> User-Name
Thu Dec 20 15:55:19 2018 : Debug: (0) sql: EXPAND %{User-Name}
Thu Dec 20 15:55:19 2018 : Debug: (0) sql: --> test
Thu Dec 20 15:55:19 2018 : Debug: (0) sql: SQL-User-Name set to 'test'
Thu Dec 20 15:55:19 2018 : Debug: (0) sql: ::: FROM 1 TO 13 MAX 14
Thu Dec 20 15:55:19 2018 : Debug: (0) sql: ::: Examining SQL-User-Name
Thu Dec 20 15:55:19 2018 : Debug: (0) sql: ::: APPENDING SQL-User-Name FROM
0 TO 13
Thu Dec 20 15:55:19 2018 : Debug: (0) sql: ::: TO in 13 out 13
Thu Dec 20 15:55:19 2018 : Debug: (0) sql: ::: to[0] = NAS-IP-Address
Thu Dec 20 15:55:19 2018 : Debug: (0) sql: ::: to[1] = Framed-Protocol
Thu Dec 20 15:55:19 2018 : Debug: (0) sql: ::: to[2] = Service-Type
Thu Dec 20 15:55:19 2018 : Debug: (0) sql: ::: to[3] = Framed-IP-Address
Thu Dec 20 15:55:19 2018 : Debug: (0) sql: ::: to[4] = Calling-Station-Id
Thu Dec 20 15:55:19 2018 : Debug: (0) sql: ::: to[5] = NAS-Identifier
Thu Dec 20 15:55:19 2018 : Debug: (0) sql: ::: to[6] = Acct-Session-Id
Thu Dec 20 15:55:19 2018 : Debug: (0) sql: ::: to[7] = NAS-Port-Type
Thu Dec 20 15:55:19 2018 : Debug: (0) sql: ::: to[8] = Acct-Status-Type
Thu Dec 20 15:55:19 2018 : Debug: (0) sql: ::: to[9] = Acct-Delay-Time
Thu Dec 20 15:55:19 2018 : Debug: (0) sql: ::: to[10] = Port-Limit
Thu Dec 20 15:55:19 2018 : Debug: (0) sql: ::: to[11] = User-Name
Thu Dec 20 15:55:19 2018 : Debug: (0) sql: ::: to[12] = User-Password
Thu Dec 20 15:55:19 2018 : Debug: SELECT COUNT(*) FROM radacct WHERE
username = '%{SQL-User-Name}' AND acctstoptime IS NULL
Thu Dec 20 15:55:19 2018 : Debug: Parsed xlat tree:
Thu Dec 20 15:55:19 2018 : Debug: literal --> SELECT COUNT(*) FROM radacct
WHERE username = '
Thu Dec 20 15:55:19 2018 : Debug: attribute --> SQL-User-Name
Thu Dec 20 15:55:19 2018 : Debug: literal --> ' AND acctstoptime IS NULL
Thu Dec 20 15:55:19 2018 : Debug: (0) sql: EXPAND SELECT COUNT(*) FROM
radacct WHERE username = '%{SQL-User-Name}' AND acctstoptime IS NULL
Thu Dec 20 15:55:19 2018 : Debug: (0) sql: --> SELECT COUNT(*) FROM
radacct WHERE username = 'test' AND acctstoptime IS NULL
Thu Dec 20 15:55:19 2018 : Debug: rlm_sql (sql): Reserved connection (2)
Thu Dec 20 15:55:19 2018 : Debug: (0) sql: Executing select query: SELECT
COUNT(*) FROM radacct WHERE username = 'test' AND acctstoptime IS NULL
Thu Dec 20 15:55:19 2018 : Debug: rlm_sql (sql): Released connection (2)
Thu Dec 20 15:55:19 2018 : Debug: (0) modsingle[session]: returned from
sql (rlm_sql) for request 0
Thu Dec 20 15:55:19 2018 : Debug: (0) [sql] = ok
Thu Dec 20 15:55:19 2018 : Debug: (0) } # session = ok
Thu Dec 20 15:55:19 2018 : Debug: (0) # Executing section post-auth from
file /etc/freeradius/sites-enabled/default
Thu Dec 20 15:55:19 2018 : Debug: (0) post-auth {
Thu Dec 20 15:55:19 2018 : Debug: (0) modsingle[post-auth]: calling sql
(rlm_sql) for request 0
Thu Dec 20 15:55:19 2018 : Debug: .query
Thu Dec 20 15:55:19 2018 : Debug: Parsed xlat tree:
Thu Dec 20 15:55:19 2018 : Debug: literal --> .query
Thu Dec 20 15:55:19 2018 : Debug: (0) sql: EXPAND .query
Thu Dec 20 15:55:19 2018 : Debug: (0) sql: --> .query
Thu Dec 20 15:55:19 2018 : Debug: (0) sql: Using query template 'query'
Thu Dec 20 15:55:19 2018 : Debug: rlm_sql (sql): Reserved connection (3)
Thu Dec 20 15:55:19 2018 : Debug: %{User-Name}
Thu Dec 20 15:55:19 2018 : Debug: Parsed xlat tree:
Thu Dec 20 15:55:19 2018 : Debug: attribute --> User-Name
Thu Dec 20 15:55:19 2018 : Debug: (0) sql: EXPAND %{User-Name}
Thu Dec 20 15:55:19 2018 : Debug: (0) sql: --> test
Thu Dec 20 15:55:19 2018 : Debug: (0) sql: SQL-User-Name set to 'test'
Thu Dec 20 15:55:19 2018 : Debug: (0) sql: ::: FROM 1 TO 13 MAX 14
Thu Dec 20 15:55:19 2018 : Debug: (0) sql: ::: Examining SQL-User-Name
Thu Dec 20 15:55:19 2018 : Debug: (0) sql: ::: APPENDING SQL-User-Name FROM
0 TO 13
Thu Dec 20 15:55:19 2018 : Debug: (0) sql: ::: TO in 13 out 13
Thu Dec 20 15:55:19 2018 : Debug: (0) sql: ::: to[0] = NAS-IP-Address
Thu Dec 20 15:55:19 2018 : Debug: (0) sql: ::: to[1] = Framed-Protocol
Thu Dec 20 15:55:19 2018 : Debug: (0) sql: ::: to[2] = Service-Type
Thu Dec 20 15:55:19 2018 : Debug: (0) sql: ::: to[3] = Framed-IP-Address
Thu Dec 20 15:55:19 2018 : Debug: (0) sql: ::: to[4] = Calling-Station-Id
Thu Dec 20 15:55:19 2018 : Debug: (0) sql: ::: to[5] = NAS-Identifier
Thu Dec 20 15:55:19 2018 : Debug: (0) sql: ::: to[6] = Acct-Session-Id
Thu Dec 20 15:55:19 2018 : Debug: (0) sql: ::: to[7] = NAS-Port-Type
Thu Dec 20 15:55:19 2018 : Debug: (0) sql: ::: to[8] = Acct-Status-Type
Thu Dec 20 15:55:19 2018 : Debug: (0) sql: ::: to[9] = Acct-Delay-Time
Thu Dec 20 15:55:19 2018 : Debug: (0) sql: ::: to[10] = Port-Limit
Thu Dec 20 15:55:19 2018 : Debug: (0) sql: ::: to[11] = User-Name
Thu Dec 20 15:55:19 2018 : Debug: (0) sql: ::: to[12] = User-Password
Thu Dec 20 15:55:19 2018 : Debug: INSERT INTO radpostauth (username, pass,
reply, authdate, nasipaddress, macaddress,framedipaddress) VALUES (
'%{SQL-User-Name}', '%{%{User-Password}:-%{Chap-Password}}',
'%{reply:Packet-Type}', CURRENT_TIMESTAMP(),'%{NAS-IP-Address}',
'%{Calling-Station-ID}', '%{Framed-IP-Address}' )
Thu Dec 20 15:55:19 2018 : Debug: Parsed xlat tree:
Thu Dec 20 15:55:19 2018 : Debug: literal --> INSERT INTO radpostauth
(username, pass, reply, authdate, nasipaddress, macaddress,framedipaddress)
VALUES ( '
Thu Dec 20 15:55:19 2018 : Debug: attribute --> SQL-User-Name
Thu Dec 20 15:55:19 2018 : Debug: literal --> ', '
Thu Dec 20 15:55:19 2018 : Debug: if {
Thu Dec 20 15:55:19 2018 : Debug: attribute --> User-Password
Thu Dec 20 15:55:19 2018 : Debug: }
Thu Dec 20 15:55:19 2018 : Debug: else {
Thu Dec 20 15:55:19 2018 : Debug: attribute --> CHAP-Password
Thu Dec 20 15:55:19 2018 : Debug: }
Thu Dec 20 15:55:19 2018 : Debug: literal --> ', '
Thu Dec 20 15:55:19 2018 : Debug: attribute --> Packet-Type
Thu Dec 20 15:55:19 2018 : Debug: literal --> ', CURRENT_TIMESTAMP(),'
Thu Dec 20 15:55:19 2018 : Debug: attribute --> NAS-IP-Address
Thu Dec 20 15:55:19 2018 : Debug: literal --> ', '
Thu Dec 20 15:55:19 2018 : Debug: attribute --> Calling-Station-Id
Thu Dec 20 15:55:19 2018 : Debug: literal --> ', '
Thu Dec 20 15:55:19 2018 : Debug: attribute --> Framed-IP-Address
Thu Dec 20 15:55:19 2018 : Debug: literal --> ' )
Thu Dec 20 15:55:19 2018 : Debug: (0) sql: EXPAND INSERT INTO radpostauth
(username, pass, reply, authdate, nasipaddress, macaddress,framedipaddress)
VALUES ( '%{SQL-User-Name}', '%{%{User-Password}:-%{Chap-Password}}',
'%{reply:Packet-Type}', CURRENT_TIMESTAMP(),'%{NAS-IP-Address}',
'%{Calling-Station-ID}', '%{Framed-IP-Address}' )
Thu Dec 20 15:55:19 2018 : Debug: (0) sql: --> INSERT INTO radpostauth
(username, pass, reply, authdate, nasipaddress, macaddress,framedipaddress)
VALUES ( 'test', 'test', 'Access-Accept', CURRENT_TIMESTAMP(),'10.40.47.1',
'10.40.47.200', '10.40.47.200' )
Thu Dec 20 15:55:19 2018 : Debug: (0) sql: Executing query: INSERT INTO
radpostauth (username, pass, reply, authdate, nasipaddress,
macaddress,framedipaddress) VALUES ( 'test', 'test', 'Access-Accept',
CURRENT_TIMESTAMP(),'10.40.47.1', '10.40.47.200', '10.40.47.200' )
Thu Dec 20 15:55:19 2018 : Debug: (0) sql: SQL query returned: success
Thu Dec 20 15:55:19 2018 : Debug: (0) sql: 1 record(s) updated
Thu Dec 20 15:55:19 2018 : Debug: rlm_sql (sql): Released connection (3)
Thu Dec 20 15:55:19 2018 : Debug: (0) modsingle[post-auth]: returned
from sql (rlm_sql) for request 0
Thu Dec 20 15:55:19 2018 : Debug: (0) [sql] = ok
Thu Dec 20 15:55:19 2018 : Debug: (0) } # post-auth = ok
Thu Dec 20 15:55:19 2018 : Debug: (0) Sent Access-Accept Id 1 from
127.0.0.1:1812 to 127.0.0.1:55162 length 0
Thu Dec 20 15:55:19 2018 : Debug: (0) Mikrotik-Rate-Limit := "5120k/0 0/0
0/0 0/0 8"
Thu Dec 20 15:55:19 2018 : Debug: (0) Session-Timeout = 2669467
Thu Dec 20 15:55:19 2018 : Debug: (0) Finished request
Thu Dec 20 15:55:19 2018 : Debug: Waking up in 4.9 seconds.
Thu Dec 20 15:55:24 2018 : Debug: (0) Cleaning up request packet ID 1 with
timestamp +5
Thu Dec 20 15:55:24 2018 : Info: Ready to process requests
Thu Dec 20 16:11:04 2018 : Debug: (1) Received Access-Request Id 1 from
127.0.0.1:43292 to 127.0.0.1:1812 length 124
Thu Dec 20 16:11:04 2018 : Debug: (1) NAS-IP-Address = 10.40.47.1
Thu Dec 20 16:11:04 2018 : Debug: (1) Framed-Protocol = PPP
Thu Dec 20 16:11:04 2018 : Debug: (1) Service-Type = Login-User
Thu Dec 20 16:11:04 2018 : Debug: (1) Framed-IP-Address = 10.40.47.200
Thu Dec 20 16:11:04 2018 : Debug: (1) Calling-Station-Id = "10.40.47.200"
Thu Dec 20 16:11:04 2018 : Debug: (1) NAS-Identifier = "Ahmed"
Thu Dec 20 16:11:04 2018 : Debug: (1) Acct-Session-Id = "fdfsdfsdf"
Thu Dec 20 16:11:04 2018 : Debug: (1) NAS-Port-Type = PPPoEoE
Thu Dec 20 16:11:04 2018 : Debug: (1) Acct-Status-Type = Interim-Update
Thu Dec 20 16:11:04 2018 : Debug: (1) Acct-Delay-Time = 10
Thu Dec 20 16:11:04 2018 : Debug: (1) Port-Limit = 5
Thu Dec 20 16:11:04 2018 : Debug: (1) User-Name = "test"
Thu Dec 20 16:11:04 2018 : Debug: (1) User-Password = "test"
Thu Dec 20 16:11:04 2018 : Debug: (1) session-state: No State attribute
Thu Dec 20 16:11:04 2018 : Debug: (1) # Executing section authorize from
file /etc/freeradius/sites-enabled/default
Thu Dec 20 16:11:04 2018 : Debug: (1) authorize {
Thu Dec 20 16:11:04 2018 : Debug: (1) update {
Thu Dec 20 16:11:04 2018 : Debug: (1) Executing: /usr/bin/php5
/var/www/html/set_idle_timeout.php %{User-Name}
%{%{User-Password}:-%{Chap-Password}} %{Framed-IP-Address} 3
%{Calling-Station-Id} %{Framed-Protocol} %{NAS-Identifier} :
Thu Dec 20 16:11:04 2018 : Debug: %{User-Name}
Thu Dec 20 16:11:04 2018 : Debug: Parsed xlat tree:
Thu Dec 20 16:11:04 2018 : Debug: attribute --> User-Name
Thu Dec 20 16:11:04 2018 : Debug: (1) EXPAND %{User-Name}
Thu Dec 20 16:11:04 2018 : Debug: (1) --> test
Thu Dec 20 16:11:04 2018 : Debug: %{%{User-Password}:-%{Chap-Password}}
Thu Dec 20 16:11:04 2018 : Debug: Parsed xlat tree:
Thu Dec 20 16:11:04 2018 : Debug: if {
Thu Dec 20 16:11:04 2018 : Debug: attribute --> User-Password
Thu Dec 20 16:11:04 2018 : Debug: }
Thu Dec 20 16:11:04 2018 : Debug: else {
Thu Dec 20 16:11:04 2018 : Debug: attribute --> CHAP-Password
Thu Dec 20 16:11:04 2018 : Debug: }
Thu Dec 20 16:11:04 2018 : Debug: (1) EXPAND
%{%{User-Password}:-%{Chap-Password}}
Thu Dec 20 16:11:04 2018 : Debug: (1) --> test
Thu Dec 20 16:11:04 2018 : Debug: %{Framed-IP-Address}
Thu Dec 20 16:11:04 2018 : Debug: Parsed xlat tree:
Thu Dec 20 16:11:04 2018 : Debug: attribute --> Framed-IP-Address
Thu Dec 20 16:11:04 2018 : Debug: (1) EXPAND %{Framed-IP-Address}
Thu Dec 20 16:11:04 2018 : Debug: (1) --> 10.40.47.200
Thu Dec 20 16:11:04 2018 : Debug: %{Calling-Station-Id}
Thu Dec 20 16:11:04 2018 : Debug: Parsed xlat tree:
Thu Dec 20 16:11:04 2018 : Debug: attribute --> Calling-Station-Id
Thu Dec 20 16:11:04 2018 : Debug: (1) EXPAND %{Calling-Station-Id}
Thu Dec 20 16:11:04 2018 : Debug: (1) --> 10.40.47.200
Thu Dec 20 16:11:04 2018 : Debug: %{Framed-Protocol}
Thu Dec 20 16:11:04 2018 : Debug: Parsed xlat tree:
Thu Dec 20 16:11:04 2018 : Debug: attribute --> Framed-Protocol
Thu Dec 20 16:11:04 2018 : Debug: (1) EXPAND %{Framed-Protocol}
Thu Dec 20 16:11:04 2018 : Debug: (1) --> PPP
Thu Dec 20 16:11:04 2018 : Debug: %{NAS-Identifier}
Thu Dec 20 16:11:04 2018 : Debug: Parsed xlat tree:
Thu Dec 20 16:11:04 2018 : Debug: attribute --> NAS-Identifier
Thu Dec 20 16:11:04 2018 : Debug: (1) EXPAND %{NAS-Identifier}
Thu Dec 20 16:11:04 2018 : Debug: (1) --> Ahmed
Thu Dec 20 16:11:04 2018 : Debug: (1) Program returned code (0) and
output ' Idle-Timeout :='180',Mikrotik-Rate-Limit :="5120k/0 0/0 0/0 0/0
8", Idle-Timeout :='180''
Thu Dec 20 16:11:04 2018 : Debug: (1) control::Idle-Timeout := 180
Thu Dec 20 16:11:04 2018 : Debug: (1) control::Mikrotik-Rate-Limit :=
5120k/0 0/0 0/0 0/0 8
Thu Dec 20 16:11:04 2018 : Debug: (1) control::Idle-Timeout := 180
Thu Dec 20 16:11:04 2018 : Debug: (1) } # update = noop
Thu Dec 20 16:11:04 2018 : Debug: (1) update reply {
Thu Dec 20 16:11:04 2018 : Debug: (1) No attributes updated
Thu Dec 20 16:11:04 2018 : Debug: (1) No attributes updated
Thu Dec 20 16:11:04 2018 : Debug: (1) No attributes updated
Thu Dec 20 16:11:04 2018 : Debug: (1) No attributes updated
Thu Dec 20 16:11:04 2018 : Debug: (1) Mikrotik-Rate-Limit :=
&control:Mikrotik-Rate-Limit -> '5120k/0 0/0 0/0 0/0 8'
Thu Dec 20 16:11:04 2018 : Debug: (1) } # update reply = noop
Thu Dec 20 16:11:04 2018 : Debug: (1) modsingle[authorize]: calling
chap (rlm_chap) for request 1
Thu Dec 20 16:11:04 2018 : Debug: (1) modsingle[authorize]: returned
from chap (rlm_chap) for request 1
Thu Dec 20 16:11:04 2018 : Debug: (1) [chap] = noop
Thu Dec 20 16:11:04 2018 : Debug: (1) modsingle[authorize]: calling
mschap (rlm_mschap) for request 1
Thu Dec 20 16:11:04 2018 : Debug: (1) modsingle[authorize]: returned
from mschap (rlm_mschap) for request 1
Thu Dec 20 16:11:04 2018 : Debug: (1) [mschap] = noop
Thu Dec 20 16:11:04 2018 : Debug: (1) modsingle[authorize]: calling sql
(rlm_sql) for request 1
Thu Dec 20 16:11:04 2018 : Debug: %{User-Name}
Thu Dec 20 16:11:04 2018 : Debug: Parsed xlat tree:
Thu Dec 20 16:11:04 2018 : Debug: attribute --> User-Name
Thu Dec 20 16:11:04 2018 : Debug: (1) sql: EXPAND %{User-Name}
Thu Dec 20 16:11:04 2018 : Debug: (1) sql: --> test
Thu Dec 20 16:11:04 2018 : Debug: (1) sql: SQL-User-Name set to 'test'
Thu Dec 20 16:11:04 2018 : Debug: (1) sql: ::: FROM 1 TO 13 MAX 14
Thu Dec 20 16:11:04 2018 : Debug: (1) sql: ::: Examining SQL-User-Name
Thu Dec 20 16:11:04 2018 : Debug: (1) sql: ::: APPENDING SQL-User-Name FROM
0 TO 13
Thu Dec 20 16:11:04 2018 : Debug: (1) sql: ::: TO in 13 out 13
Thu Dec 20 16:11:04 2018 : Debug: (1) sql: ::: to[0] = NAS-IP-Address
Thu Dec 20 16:11:04 2018 : Debug: (1) sql: ::: to[1] = Framed-Protocol
Thu Dec 20 16:11:04 2018 : Debug: (1) sql: ::: to[2] = Service-Type
Thu Dec 20 16:11:04 2018 : Debug: (1) sql: ::: to[3] = Framed-IP-Address
Thu Dec 20 16:11:04 2018 : Debug: (1) sql: ::: to[4] = Calling-Station-Id
Thu Dec 20 16:11:04 2018 : Debug: (1) sql: ::: to[5] = NAS-Identifier
Thu Dec 20 16:11:04 2018 : Debug: (1) sql: ::: to[6] = Acct-Session-Id
Thu Dec 20 16:11:04 2018 : Debug: (1) sql: ::: to[7] = NAS-Port-Type
Thu Dec 20 16:11:04 2018 : Debug: (1) sql: ::: to[8] = Acct-Status-Type
Thu Dec 20 16:11:04 2018 : Debug: (1) sql: ::: to[9] = Acct-Delay-Time
Thu Dec 20 16:11:04 2018 : Debug: (1) sql: ::: to[10] = Port-Limit
Thu Dec 20 16:11:04 2018 : Debug: (1) sql: ::: to[11] = User-Name
Thu Dec 20 16:11:04 2018 : Debug: (1) sql: ::: to[12] = User-Password
Thu Dec 20 16:11:04 2018 : Info: rlm_sql (sql): Closing connection (4): Hit
idle_timeout, was idle for 950 seconds
Thu Dec 20 16:11:04 2018 : Debug: rlm_sql (sql): You probably need to lower
"min"
Thu Dec 20 16:11:04 2018 : Debug: rlm_sql_mysql: Socket destructor called,
closing socket
Thu Dec 20 16:11:04 2018 : Info: rlm_sql (sql): Closing connection (0): Hit
idle_timeout, was idle for 950 seconds
Thu Dec 20 16:11:04 2018 : Debug: rlm_sql (sql): You probably need to lower
"min"
Thu Dec 20 16:11:04 2018 : Debug: rlm_sql_mysql: Socket destructor called,
closing socket
Thu Dec 20 16:11:04 2018 : Info: rlm_sql (sql): Closing connection (1): Hit
idle_timeout, was idle for 945 seconds
Thu Dec 20 16:11:04 2018 : Debug: rlm_sql (sql): You probably need to lower
"min"
Thu Dec 20 16:11:04 2018 : Debug: rlm_sql_mysql: Socket destructor called,
closing socket
Thu Dec 20 16:11:04 2018 : Info: rlm_sql (sql): Closing connection (2): Hit
idle_timeout, was idle for 945 seconds
Thu Dec 20 16:11:04 2018 : Debug: rlm_sql (sql): You probably need to lower
"min"
Thu Dec 20 16:11:04 2018 : Debug: rlm_sql_mysql: Socket destructor called,
closing socket
Thu Dec 20 16:11:04 2018 : Info: rlm_sql (sql): Closing connection (3): Hit
idle_timeout, was idle for 945 seconds
Thu Dec 20 16:11:04 2018 : Debug: rlm_sql (sql): You probably need to lower
"min"
Thu Dec 20 16:11:04 2018 : Debug: rlm_sql_mysql: Socket destructor called,
closing socket
Thu Dec 20 16:11:04 2018 : Debug: rlm_sql (sql): 0 of 0 connections in
use. You may need to increase "spare"
Thu Dec 20 16:11:04 2018 : Info: rlm_sql (sql): Opening additional
connection (5), 1 of 10 pending slots used
Thu Dec 20 16:11:04 2018 : Debug: rlm_sql_mysql: Starting connect to MySQL
server
Thu Dec 20 16:11:04 2018 : Debug: rlm_sql_mysql: Connected to database
'radius' on Localhost via UNIX socket, server version
5.6.33-0ubuntu0.14.04.1, protocol version 10
Thu Dec 20 16:11:04 2018 : Debug: rlm_sql (sql): Reserved connection (5)
Thu Dec 20 16:11:04 2018 : Debug: SELECT id, username, attribute, value, op
FROM radcheck WHERE username = '%{SQL-User-Name}'AND a='0' ORDER BY id
Thu Dec 20 16:11:04 2018 : Debug: Parsed xlat tree:
Thu Dec 20 16:11:04 2018 : Debug: literal --> SELECT id, username,
attribute, value, op FROM radcheck WHERE username = '
Thu Dec 20 16:11:04 2018 : Debug: attribute --> SQL-User-Name
Thu Dec 20 16:11:04 2018 : Debug: literal --> 'AND a='0' ORDER BY id
Thu Dec 20 16:11:04 2018 : Debug: (1) sql: EXPAND SELECT id, username,
attribute, value, op FROM radcheck WHERE username = '%{SQL-User-Name}'AND
a='0' ORDER BY id
Thu Dec 20 16:11:04 2018 : Debug: (1) sql: --> SELECT id, username,
attribute, value, op FROM radcheck WHERE username = 'test'AND a='0' ORDER
BY id
Thu Dec 20 16:11:04 2018 : Debug: (1) sql: Executing select query: SELECT
id, username, attribute, value, op FROM radcheck WHERE username = 'test'AND
a='0' ORDER BY id
Thu Dec 20 16:11:04 2018 : Debug: (1) sql: User found in radcheck table
Thu Dec 20 16:11:04 2018 : Debug: (1) sql: Conditional check items matched,
merging assignment check items
Thu Dec 20 16:11:04 2018 : Debug: (1) sql: Cleartext-Password := "test"
Thu Dec 20 16:11:04 2018 : Debug: (1) sql: Expiration := "Jan 20 2019
13:26:26 EET"
Thu Dec 20 16:11:04 2018 : Debug: (1) sql: Simultaneous-Use := 1
Thu Dec 20 16:11:04 2018 : Debug: (1) sql: ::: FROM 3 TO 3 MAX 6
Thu Dec 20 16:11:04 2018 : Debug: (1) sql: ::: Examining Cleartext-Password
Thu Dec 20 16:11:04 2018 : Debug: (1) sql: ::: APPENDING Cleartext-Password
FROM 0 TO 3
Thu Dec 20 16:11:04 2018 : Debug: (1) sql: ::: Examining Expiration
Thu Dec 20 16:11:04 2018 : Debug: (1) sql: ::: APPENDING Expiration FROM 1
TO 3
Thu Dec 20 16:11:04 2018 : Debug: (1) sql: ::: Examining Simultaneous-Use
Thu Dec 20 16:11:04 2018 : Debug: (1) sql: ::: APPENDING Simultaneous-Use
FROM 2 TO 3
Thu Dec 20 16:11:04 2018 : Debug: (1) sql: ::: TO in 3 out 3
Thu Dec 20 16:11:04 2018 : Debug: (1) sql: ::: to[0] = Idle-Timeout
Thu Dec 20 16:11:04 2018 : Debug: (1) sql: ::: to[1] = Mikrotik-Rate-Limit
Thu Dec 20 16:11:04 2018 : Debug: (1) sql: ::: to[2] = Idle-Timeout
Thu Dec 20 16:11:04 2018 : Debug: SELECT id, username, attribute, value, op
FROM radreply WHERE username = '%{SQL-User-Name}'AND a='0' ORDER BY id
Thu Dec 20 16:11:04 2018 : Debug: Parsed xlat tree:
Thu Dec 20 16:11:04 2018 : Debug: literal --> SELECT id, username,
attribute, value, op FROM radreply WHERE username = '
Thu Dec 20 16:11:04 2018 : Debug: attribute --> SQL-User-Name
Thu Dec 20 16:11:04 2018 : Debug: literal --> 'AND a='0' ORDER BY id
Thu Dec 20 16:11:04 2018 : Debug: (1) sql: EXPAND SELECT id, username,
attribute, value, op FROM radreply WHERE username = '%{SQL-User-Name}'AND
a='0' ORDER BY id
Thu Dec 20 16:11:04 2018 : Debug: (1) sql: --> SELECT id, username,
attribute, value, op FROM radreply WHERE username = 'test'AND a='0' ORDER
BY id
Thu Dec 20 16:11:04 2018 : Debug: (1) sql: Executing select query: SELECT
id, username, attribute, value, op FROM radreply WHERE username = 'test'AND
a='0' ORDER BY id
Thu Dec 20 16:11:04 2018 : Debug: (1) sql: ... falling-through to group
processing
Thu Dec 20 16:11:04 2018 : Debug: SELECT groupname FROM radusergroup WHERE
username = '%{SQL-User-Name}' ORDER BY priority
Thu Dec 20 16:11:04 2018 : Debug: Parsed xlat tree:
Thu Dec 20 16:11:04 2018 : Debug: literal --> SELECT groupname FROM
radusergroup WHERE username = '
Thu Dec 20 16:11:04 2018 : Debug: attribute --> SQL-User-Name
Thu Dec 20 16:11:04 2018 : Debug: literal --> ' ORDER BY priority
Thu Dec 20 16:11:04 2018 : Debug: (1) sql: EXPAND SELECT groupname FROM
radusergroup WHERE username = '%{SQL-User-Name}' ORDER BY priority
Thu Dec 20 16:11:04 2018 : Debug: (1) sql: --> SELECT groupname FROM
radusergroup WHERE username = 'test' ORDER BY priority
Thu Dec 20 16:11:04 2018 : Debug: (1) sql: Executing select query: SELECT
groupname FROM radusergroup WHERE username = 'test' ORDER BY priority
Thu Dec 20 16:11:04 2018 : Debug: (1) sql: User found in the group table
Thu Dec 20 16:11:04 2018 : Debug: SELECT id, groupname, attribute, Value,
op FROM radgroupcheck WHERE groupname = '%{SQL-Group}' ORDER BY id
Thu Dec 20 16:11:04 2018 : Debug: Parsed xlat tree:
Thu Dec 20 16:11:04 2018 : Debug: literal --> SELECT id, groupname,
attribute, Value, op FROM radgroupcheck WHERE groupname = '
Thu Dec 20 16:11:04 2018 : Debug: attribute --> SQL-Group
Thu Dec 20 16:11:04 2018 : Debug: literal --> ' ORDER BY id
Thu Dec 20 16:11:04 2018 : Debug: (1) sql: EXPAND SELECT id, groupname,
attribute, Value, op FROM radgroupcheck WHERE groupname = '%{SQL-Group}'
ORDER BY id
Thu Dec 20 16:11:04 2018 : Debug: (1) sql: --> SELECT id, groupname,
attribute, Value, op FROM radgroupcheck WHERE groupname =
'=3F=3F=3F=3F=3F=3F=3F=3F=3F=3F 60=3F=3F=3F=3F=3F=3F=3F=3F=3F=3F=3F' ORDER
BY id
Thu Dec 20 16:11:04 2018 : Debug: (1) sql: Executing select query: SELECT
id, groupname, attribute, Value, op FROM radgroupcheck WHERE groupname =
'=3F=3F=3F=3F=3F=3F=3F=3F=3F=3F 60=3F=3F=3F=3F=3F=3F=3F=3F=3F=3F=3F' ORDER
BY id
Thu Dec 20 16:11:04 2018 : Debug: (1) sql: Group "??????????
60???????????": Conditional check items matched
Thu Dec 20 16:11:04 2018 : Debug: (1) sql: Group "??????????
60???????????": Merging assignment check items
Thu Dec 20 16:11:04 2018 : Debug: (1) sql: ::: FROM 0 TO 6 MAX 6
Thu Dec 20 16:11:04 2018 : Debug: (1) sql: ::: TO in 6 out 6
Thu Dec 20 16:11:04 2018 : Debug: (1) sql: ::: to[0] = Idle-Timeout
Thu Dec 20 16:11:04 2018 : Debug: (1) sql: ::: to[1] = Mikrotik-Rate-Limit
Thu Dec 20 16:11:04 2018 : Debug: (1) sql: ::: to[2] = Idle-Timeout
Thu Dec 20 16:11:04 2018 : Debug: (1) sql: ::: to[3] = Cleartext-Password
Thu Dec 20 16:11:04 2018 : Debug: (1) sql: ::: to[4] = Expiration
Thu Dec 20 16:11:04 2018 : Debug: (1) sql: ::: to[5] = Simultaneous-Use
Thu Dec 20 16:11:04 2018 : Debug: (1) sql: ... falling-through to profile
processing
Thu Dec 20 16:11:04 2018 : Debug: rlm_sql (sql): Released connection (5)
Thu Dec 20 16:11:04 2018 : Info: rlm_sql (sql): Need 4 more connections to
reach 3 spares
Thu Dec 20 16:11:04 2018 : Info: rlm_sql (sql): Opening additional
connection (6), 1 of 9 pending slots used
Thu Dec 20 16:11:04 2018 : Debug: rlm_sql_mysql: Starting connect to MySQL
server
Thu Dec 20 16:11:04 2018 : Debug: rlm_sql_mysql: Connected to database
'radius' on Localhost via UNIX socket, server version
5.6.33-0ubuntu0.14.04.1, protocol version 10
Thu Dec 20 16:11:04 2018 : Debug: (1) modsingle[authorize]: returned
from sql (rlm_sql) for request 1
Thu Dec 20 16:11:04 2018 : Debug: (1) [sql] = ok
Thu Dec 20 16:11:04 2018 : Debug: (1) modsingle[authorize]: calling
expiration (rlm_expiration) for request 1
Thu Dec 20 16:11:04 2018 : Debug: (1) expiration: Account will expire at
'Jan 20 2019 13:26:26 EET'
Thu Dec 20 16:11:04 2018 : Debug: (1) modsingle[authorize]: returned
from expiration (rlm_expiration) for request 1
Thu Dec 20 16:11:04 2018 : Debug: (1) [expiration] = ok
Thu Dec 20 16:11:04 2018 : Debug: (1) if (userlock &&
!"%{control:Tmp-String-1}") {
Thu Dec 20 16:11:04 2018 : Debug: (1) if (userlock &&
!"%{control:Tmp-String-1}") -> FALSE
Thu Dec 20 16:11:04 2018 : Debug: (1) modsingle[authorize]: calling pap
(rlm_pap) for request 1
Thu Dec 20 16:11:04 2018 : Debug: (1) modsingle[authorize]: returned
from pap (rlm_pap) for request 1
Thu Dec 20 16:11:04 2018 : Debug: (1) [pap] = updated
Thu Dec 20 16:11:04 2018 : Debug: (1) } # authorize = updated
Thu Dec 20 16:11:04 2018 : Debug: (1) Found Auth-Type = PAP
Thu Dec 20 16:11:04 2018 : Debug: (1) # Executing group from file
/etc/freeradius/sites-enabled/default
Thu Dec 20 16:11:04 2018 : Debug: (1) Auth-Type PAP {
Thu Dec 20 16:11:04 2018 : Debug: (1) modsingle[authenticate]: calling
pap (rlm_pap) for request 1
Thu Dec 20 16:11:04 2018 : Debug: (1) pap: Login attempt with password
"test" (4)
Thu Dec 20 16:11:04 2018 : Debug: (1) pap: Comparing with "known good"
Cleartext-Password "test" (4)
Thu Dec 20 16:11:04 2018 : Debug: (1) pap: User authenticated successfully
Thu Dec 20 16:11:04 2018 : Debug: (1) modsingle[authenticate]: returned
from pap (rlm_pap) for request 1
Thu Dec 20 16:11:04 2018 : Debug: (1) [pap] = ok
Thu Dec 20 16:11:04 2018 : Debug: (1) } # Auth-Type PAP = ok
Thu Dec 20 16:11:04 2018 : Debug: (1) # Executing section session from file
/etc/freeradius/sites-enabled/default
Thu Dec 20 16:11:04 2018 : Debug: (1) session {
Thu Dec 20 16:11:04 2018 : Debug: (1) modsingle[session]: calling sql
(rlm_sql) for request 1
Thu Dec 20 16:11:04 2018 : Debug: %{User-Name}
Thu Dec 20 16:11:04 2018 : Debug: Parsed xlat tree:
Thu Dec 20 16:11:04 2018 : Debug: attribute --> User-Name
Thu Dec 20 16:11:04 2018 : Debug: (1) sql: EXPAND %{User-Name}
Thu Dec 20 16:11:04 2018 : Debug: (1) sql: --> test
Thu Dec 20 16:11:04 2018 : Debug: (1) sql: SQL-User-Name set to 'test'
Thu Dec 20 16:11:04 2018 : Debug: (1) sql: ::: FROM 1 TO 13 MAX 14
Thu Dec 20 16:11:04 2018 : Debug: (1) sql: ::: Examining SQL-User-Name
Thu Dec 20 16:11:04 2018 : Debug: (1) sql: ::: APPENDING SQL-User-Name FROM
0 TO 13
Thu Dec 20 16:11:04 2018 : Debug: (1) sql: ::: TO in 13 out 13
Thu Dec 20 16:11:04 2018 : Debug: (1) sql: ::: to[0] = NAS-IP-Address
Thu Dec 20 16:11:04 2018 : Debug: (1) sql: ::: to[1] = Framed-Protocol
Thu Dec 20 16:11:04 2018 : Debug: (1) sql: ::: to[2] = Service-Type
Thu Dec 20 16:11:04 2018 : Debug: (1) sql: ::: to[3] = Framed-IP-Address
Thu Dec 20 16:11:04 2018 : Debug: (1) sql: ::: to[4] = Calling-Station-Id
Thu Dec 20 16:11:04 2018 : Debug: (1) sql: ::: to[5] = NAS-Identifier
Thu Dec 20 16:11:04 2018 : Debug: (1) sql: ::: to[6] = Acct-Session-Id
Thu Dec 20 16:11:04 2018 : Debug: (1) sql: ::: to[7] = NAS-Port-Type
Thu Dec 20 16:11:04 2018 : Debug: (1) sql: ::: to[8] = Acct-Status-Type
Thu Dec 20 16:11:04 2018 : Debug: (1) sql: ::: to[9] = Acct-Delay-Time
Thu Dec 20 16:11:04 2018 : Debug: (1) sql: ::: to[10] = Port-Limit
Thu Dec 20 16:11:04 2018 : Debug: (1) sql: ::: to[11] = User-Name
Thu Dec 20 16:11:04 2018 : Debug: (1) sql: ::: to[12] = User-Password
Thu Dec 20 16:11:04 2018 : Debug: SELECT COUNT(*) FROM radacct WHERE
username = '%{SQL-User-Name}' AND acctstoptime IS NULL
Thu Dec 20 16:11:04 2018 : Debug: Parsed xlat tree:
Thu Dec 20 16:11:04 2018 : Debug: literal --> SELECT COUNT(*) FROM radacct
WHERE username = '
Thu Dec 20 16:11:04 2018 : Debug: attribute --> SQL-User-Name
Thu Dec 20 16:11:04 2018 : Debug: literal --> ' AND acctstoptime IS NULL
Thu Dec 20 16:11:04 2018 : Debug: (1) sql: EXPAND SELECT COUNT(*) FROM
radacct WHERE username = '%{SQL-User-Name}' AND acctstoptime IS NULL
Thu Dec 20 16:11:04 2018 : Debug: (1) sql: --> SELECT COUNT(*) FROM
radacct WHERE username = 'test' AND acctstoptime IS NULL
Thu Dec 20 16:11:04 2018 : Debug: rlm_sql (sql): Reserved connection (5)
Thu Dec 20 16:11:04 2018 : Debug: (1) sql: Executing select query: SELECT
COUNT(*) FROM radacct WHERE username = 'test' AND acctstoptime IS NULL
Thu Dec 20 16:11:04 2018 : Debug: rlm_sql (sql): Released connection (5)
Thu Dec 20 16:11:04 2018 : Debug: (1) modsingle[session]: returned from
sql (rlm_sql) for request 1
Thu Dec 20 16:11:04 2018 : Debug: (1) [sql] = ok
Thu Dec 20 16:11:04 2018 : Debug: (1) } # session = ok
Thu Dec 20 16:11:04 2018 : Debug: (1) # Executing section post-auth from
file /etc/freeradius/sites-enabled/default
Thu Dec 20 16:11:04 2018 : Debug: (1) post-auth {
Thu Dec 20 16:11:04 2018 : Debug: (1) modsingle[post-auth]: calling sql
(rlm_sql) for request 1
Thu Dec 20 16:11:04 2018 : Debug: .query
Thu Dec 20 16:11:04 2018 : Debug: Parsed xlat tree:
Thu Dec 20 16:11:04 2018 : Debug: literal --> .query
Thu Dec 20 16:11:04 2018 : Debug: (1) sql: EXPAND .query
Thu Dec 20 16:11:04 2018 : Debug: (1) sql: --> .query
Thu Dec 20 16:11:04 2018 : Debug: (1) sql: Using query template 'query'
Thu Dec 20 16:11:04 2018 : Debug: rlm_sql (sql): Reserved connection (6)
Thu Dec 20 16:11:04 2018 : Debug: %{User-Name}
Thu Dec 20 16:11:04 2018 : Debug: Parsed xlat tree:
Thu Dec 20 16:11:04 2018 : Debug: attribute --> User-Name
Thu Dec 20 16:11:04 2018 : Debug: (1) sql: EXPAND %{User-Name}
Thu Dec 20 16:11:04 2018 : Debug: (1) sql: --> test
Thu Dec 20 16:11:04 2018 : Debug: (1) sql: SQL-User-Name set to 'test'
Thu Dec 20 16:11:04 2018 : Debug: (1) sql: ::: FROM 1 TO 13 MAX 14
Thu Dec 20 16:11:04 2018 : Debug: (1) sql: ::: Examining SQL-User-Name
Thu Dec 20 16:11:04 2018 : Debug: (1) sql: ::: APPENDING SQL-User-Name FROM
0 TO 13
Thu Dec 20 16:11:04 2018 : Debug: (1) sql: ::: TO in 13 out 13
Thu Dec 20 16:11:04 2018 : Debug: (1) sql: ::: to[0] = NAS-IP-Address
Thu Dec 20 16:11:04 2018 : Debug: (1) sql: ::: to[1] = Framed-Protocol
Thu Dec 20 16:11:04 2018 : Debug: (1) sql: ::: to[2] = Service-Type
Thu Dec 20 16:11:04 2018 : Debug: (1) sql: ::: to[3] = Framed-IP-Address
Thu Dec 20 16:11:04 2018 : Debug: (1) sql: ::: to[4] = Calling-Station-Id
Thu Dec 20 16:11:04 2018 : Debug: (1) sql: ::: to[5] = NAS-Identifier
Thu Dec 20 16:11:04 2018 : Debug: (1) sql: ::: to[6] = Acct-Session-Id
Thu Dec 20 16:11:04 2018 : Debug: (1) sql: ::: to[7] = NAS-Port-Type
Thu Dec 20 16:11:04 2018 : Debug: (1) sql: ::: to[8] = Acct-Status-Type
Thu Dec 20 16:11:04 2018 : Debug: (1) sql: ::: to[9] = Acct-Delay-Time
Thu Dec 20 16:11:04 2018 : Debug: (1) sql: ::: to[10] = Port-Limit
Thu Dec 20 16:11:04 2018 : Debug: (1) sql: ::: to[11] = User-Name
Thu Dec 20 16:11:04 2018 : Debug: (1) sql: ::: to[12] = User-Password
Thu Dec 20 16:11:04 2018 : Debug: INSERT INTO radpostauth (username, pass,
reply, authdate, nasipaddress, macaddress,framedipaddress) VALUES (
'%{SQL-User-Name}', '%{%{User-Password}:-%{Chap-Password}}',
'%{reply:Packet-Type}', CURRENT_TIMESTAMP(),'%{NAS-IP-Address}',
'%{Calling-Station-ID}', '%{Framed-IP-Address}' )
Thu Dec 20 16:11:04 2018 : Debug: Parsed xlat tree:
Thu Dec 20 16:11:04 2018 : Debug: literal --> INSERT INTO radpostauth
(username, pass, reply, authdate, nasipaddress, macaddress,framedipaddress)
VALUES ( '
Thu Dec 20 16:11:04 2018 : Debug: attribute --> SQL-User-Name
Thu Dec 20 16:11:04 2018 : Debug: literal --> ', '
Thu Dec 20 16:11:04 2018 : Debug: if {
Thu Dec 20 16:11:04 2018 : Debug: attribute --> User-Password
Thu Dec 20 16:11:04 2018 : Debug: }
Thu Dec 20 16:11:04 2018 : Debug: else {
Thu Dec 20 16:11:04 2018 : Debug: attribute --> CHAP-Password
Thu Dec 20 16:11:04 2018 : Debug: }
Thu Dec 20 16:11:04 2018 : Debug: literal --> ', '
Thu Dec 20 16:11:04 2018 : Debug: attribute --> Packet-Type
Thu Dec 20 16:11:04 2018 : Debug: literal --> ', CURRENT_TIMESTAMP(),'
Thu Dec 20 16:11:04 2018 : Debug: attribute --> NAS-IP-Address
Thu Dec 20 16:11:04 2018 : Debug: literal --> ', '
Thu Dec 20 16:11:04 2018 : Debug: attribute --> Calling-Station-Id
Thu Dec 20 16:11:04 2018 : Debug: literal --> ', '
Thu Dec 20 16:11:04 2018 : Debug: attribute --> Framed-IP-Address
Thu Dec 20 16:11:04 2018 : Debug: literal --> ' )
Thu Dec 20 16:11:04 2018 : Debug: (1) sql: EXPAND INSERT INTO radpostauth
(username, pass, reply, authdate, nasipaddress, macaddress,framedipaddress)
VALUES ( '%{SQL-User-Name}', '%{%{User-Password}:-%{Chap-Password}}',
'%{reply:Packet-Type}', CURRENT_TIMESTAMP(),'%{NAS-IP-Address}',
'%{Calling-Station-ID}', '%{Framed-IP-Address}' )
Thu Dec 20 16:11:04 2018 : Debug: (1) sql: --> INSERT INTO radpostauth
(username, pass, reply, authdate, nasipaddress, macaddress,framedipaddress)
VALUES ( 'test', 'test', 'Access-Accept', CURRENT_TIMESTAMP(),'10.40.47.1',
'10.40.47.200', '10.40.47.200' )
Thu Dec 20 16:11:04 2018 : Debug: (1) sql: Executing query: INSERT INTO
radpostauth (username, pass, reply, authdate, nasipaddress,
macaddress,framedipaddress) VALUES ( 'test', 'test', 'Access-Accept',
CURRENT_TIMESTAMP(),'10.40.47.1', '10.40.47.200', '10.40.47.200' )
Thu Dec 20 16:11:04 2018 : Debug: (1) sql: SQL query returned: success
Thu Dec 20 16:11:04 2018 : Debug: (1) sql: 1 record(s) updated
Thu Dec 20 16:11:04 2018 : Debug: rlm_sql (sql): Released connection (6)
Thu Dec 20 16:11:04 2018 : Debug: (1) modsingle[post-auth]: returned
from sql (rlm_sql) for request 1
Thu Dec 20 16:11:04 2018 : Debug: (1) [sql] = ok
Thu Dec 20 16:11:04 2018 : Debug: (1) } # post-auth = ok
Thu Dec 20 16:11:04 2018 : Debug: (1) Sent Access-Accept Id 1 from
127.0.0.1:1812 to 127.0.0.1:43292 length 0
Thu Dec 20 16:11:04 2018 : Debug: (1) Mikrotik-Rate-Limit := "5120k/0 0/0
0/0 0/0 8"
Thu Dec 20 16:11:04 2018 : Debug: (1) Session-Timeout = 2668522
Thu Dec 20 16:11:04 2018 : Debug: (1) Finished request
Thu Dec 20 16:11:04 2018 : Debug: Waking up in 4.9 seconds.
Thu Dec 20 16:11:09 2018 : Debug: (1) Cleaning up request packet ID 1 with
timestamp +950
Thu Dec 20 16:11:09 2018 : Info: Ready to process requests
ssssssssssss^C
root@Advradius:~# freeradius -X
Server was built with:
accounting : yes
authentication : yes
ascend-binary-attributes : yes
coa : yes
control-socket : yes
detail : yes
dhcp : yes
dynamic-clients : yes
osfc2 : no
proxy : yes
regex-pcre : no
regex-posix : yes
regex-posix-extended : yes
session-management : yes
stats : yes
tcp : yes
threads : yes
tls : yes
unlang : yes
vmps : yes
developer : no
Server core libs:
freeradius-server : 3.0.11
talloc : 2.0.*
ssl : 1.0.1f release
Endianness:
little
Compilation flags:
cppflags : -D_FORTIFY_SOURCE=2
cflags : -I/home/adv/freeradius-server
-I/home/adv/freeradius-server/src -include
/home/adv/freeradius-server/src/freeradius-devel/autoconf.h -include
/home/adv/freeradius-server/src/freeradius-devel/build.h -include
/home/adv/freeradius-server/src/freeradius-devel/features.h -include
/home/adv/freeradius-server/src/freeradius-devel/radpaths.h
-fno-strict-aliasing -g -O2 -fstack-protector --param=ssp-buffer-size=4
-Wformat -Werror=format-security -O2 -Wall -std=c99 -D_GNU_SOURCE
-D_REENTRANT -D_POSIX_PTHREAD_SEMANTICS -DOPENSSL_NO_KRB5 -DNDEBUG
-DIS_MODULE=1
ldflags : -Wl,-Bsymbolic-functions -Wl,-z,relro
libs : -lcrypto -lssl -ltalloc -lcap -lnsl -lresolv -ldl -lpthread
-lreadline
Copyright (C) 1999-2016 The FreeRADIUS server project and contributors
There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A
PARTICULAR PURPOSE
You may redistribute copies of FreeRADIUS under the terms of the
GNU General Public License
For more information about these matters, see the file named COPYRIGHT
Starting - reading configuration files ...
including dictionary file /usr/share/freeradius/dictionary
including dictionary file /usr/share/freeradius/dictionary.dhcp
including dictionary file /usr/share/freeradius/dictionary.vqp
including dictionary file /etc/freeradius/dictionary
including configuration file /etc/freeradius/radiusd.conf
including configuration file /etc/freeradius/proxy.conf
including files in directory /etc/freeradius/mods-enabled/
including configuration file /etc/freeradius/mods-enabled/exec
including configuration file /etc/freeradius/mods-enabled/attr_filter
including configuration file /etc/freeradius/mods-enabled/sql
including configuration file
/etc/freeradius/mods-config/sql/main/mysql/queries.conf
including configuration file /etc/freeradius/mods-enabled/preprocess
including configuration file /etc/freeradius/mods-enabled/expiration
including configuration file /etc/freeradius/mods-enabled/chap
including configuration file /etc/freeradius/mods-enabled/logintime
including configuration file /etc/freeradius/mods-enabled/realm
including configuration file /etc/freeradius/mods-enabled/unix
including configuration file /etc/freeradius/mods-enabled/passwd
including configuration file /etc/freeradius/mods-enabled/digest
including configuration file /etc/freeradius/mods-enabled/ntlm_auth
including configuration file /etc/freeradius/mods-enabled/replicate
including configuration file /etc/freeradius/mods-enabled/detail.log
including configuration file /etc/freeradius/mods-enabled/mschap
including configuration file /etc/freeradius/mods-enabled/detail
including configuration file /etc/freeradius/mods-enabled/echo
including configuration file /etc/freeradius/mods-enabled/unpack
including configuration file /etc/freeradius/mods-enabled/always
including configuration file /etc/freeradius/mods-enabled/cache_eap
including configuration file /etc/freeradius/mods-enabled/radutmp
including configuration file /etc/freeradius/mods-enabled/files
including configuration file /etc/freeradius/mods-enabled/expr
including configuration file /etc/freeradius/mods-enabled/sradutmp
including configuration file /etc/freeradius/mods-enabled/pap
including configuration file /etc/freeradius/mods-enabled/soh
including configuration file /etc/freeradius/mods-enabled/dynamic_clients
including configuration file /etc/freeradius/mods-enabled/linelog
including configuration file /etc/freeradius/mods-enabled/eap
including configuration file /etc/freeradius/mods-enabled/utf8
including files in directory /etc/freeradius/policy.d/
including configuration file /etc/freeradius/policy.d/filter
including configuration file /etc/freeradius/policy.d/operator-name
including configuration file /etc/freeradius/policy.d/abfab-tr
including configuration file /etc/freeradius/policy.d/accounting
including configuration file /etc/freeradius/policy.d/cui
including configuration file /etc/freeradius/policy.d/control
including configuration file /etc/freeradius/policy.d/canonicalization
including configuration file /etc/freeradius/policy.d/dhcp
including configuration file /etc/freeradius/policy.d/eap
including configuration file /etc/freeradius/policy.d/debug
including files in directory /etc/freeradius/sites-enabled/
including configuration file /etc/freeradius/sites-enabled/default
including configuration file /etc/freeradius/sites-enabled/inner-tunnel
main {
security {
user = "freerad"
group = "freerad"
allow_core_dumps = no
}
name = "freeradius"
prefix = "/usr"
localstatedir = "/var"
logdir = "/var/log/freeradius"
run_dir = "/var/run/freeradius"
}
main {
name = "freeradius"
prefix = "/usr"
localstatedir = "/var"
sbindir = "/usr/sbin"
logdir = "/var/log/freeradius"
run_dir = "/var/run/freeradius"
libdir = "/usr/lib/freeradius"
radacctdir = "/var/log/freeradius/radacct"
hostname_lookups = no
max_request_time = 30
cleanup_delay = 5
max_requests = 102400000
pidfile = "/var/run/freeradius/freeradius.pid"
checkrad = "/usr/sbin/checkrad"
debug_level = 0
proxy_requests = yes
log {
stripped_names = no
auth = no
auth_badpass = no
auth_goodpass = no
colourise = yes
msg_denied = "You are already logged in - access denied"
}
resources {
}
security {
max_attributes = 200
reject_delay = 1.000000
status_server = yes
}
}
radiusd: #### Loading Realms and Home Servers ####
proxy server {
retry_delay = 5
retry_count = 3
default_fallback = no
dead_time = 120
wake_all_if_all_dead = no
}
home_server localhost {
ipaddr = 127.0.0.1
port = 1812
type = "auth"
secret = <<< secret >>>
response_window = 20.000000
response_timeouts = 1
max_outstanding = 65536
zombie_period = 40
status_check = "status-server"
ping_interval = 30
check_interval = 30
check_timeout = 4
num_answers_to_alive = 3
revive_interval = 120
limit {
max_connections = 16
max_requests = 0
lifetime = 0
idle_timeout = 0
}
coa {
irt = 2
mrt = 16
mrc = 5
mrd = 30
}
}
home_server_pool my_auth_failover {
type = fail-over
home_server = localhost
}
realm example.com {
auth_pool = my_auth_failover
}
realm LOCAL {
}
radiusd: #### Loading Clients ####
Debugger not attached
# Creating Auth-Type = PAP
# Creating Auth-Type = CHAP
# Creating Auth-Type = MS-CHAP
# Creating Auth-Type = eap
radiusd: #### Instantiating modules ####
modules {
# Loaded module rlm_exec
# Loading module "exec" from file /etc/freeradius/mods-enabled/exec
exec {
wait = no
input_pairs = "request"
shell_escape = yes
timeout = 10
}
# Loaded module rlm_attr_filter
# Loading module "attr_filter.post-proxy" from file
/etc/freeradius/mods-enabled/attr_filter
attr_filter attr_filter.post-proxy {
filename = "/etc/freeradius/mods-config/attr_filter/post-proxy"
key = "%{Realm}"
relaxed = no
}
# Loading module "attr_filter.pre-proxy" from file
/etc/freeradius/mods-enabled/attr_filter
attr_filter attr_filter.pre-proxy {
filename = "/etc/freeradius/mods-config/attr_filter/pre-proxy"
key = "%{Realm}"
relaxed = no
}
# Loading module "attr_filter.access_reject" from file
/etc/freeradius/mods-enabled/attr_filter
attr_filter attr_filter.access_reject {
filename = "/etc/freeradius/mods-config/attr_filter/access_reject"
key = "%{User-Name}"
relaxed = no
}
# Loading module "attr_filter.access_challenge" from file
/etc/freeradius/mods-enabled/attr_filter
attr_filter attr_filter.access_challenge {
filename =
"/etc/freeradius/mods-config/attr_filter/access_challenge"
key = "%{User-Name}"
relaxed = no
}
# Loading module "attr_filter.accounting_response" from file
/etc/freeradius/mods-enabled/attr_filter
attr_filter attr_filter.accounting_response {
filename =
"/etc/freeradius/mods-config/attr_filter/accounting_response"
key = "%{User-Name}"
relaxed = no
}
# Loaded module rlm_sql
# Loading module "sql" from file /etc/freeradius/mods-enabled/sql
sql {
driver = "rlm_sql_mysql"
server = "localhost"
port = 0
login = "root"
password = <<< secret >>>
radius_db = "radius"
read_groups = yes
read_profiles = yes
read_clients = yes
delete_stale_sessions = yes
sql_user_name = "%{User-Name}"
default_user_profile = ""
client_query = "SELECT id, nasname, shortname, type, secret, server
FROM nas"
authorize_check_query = "SELECT id, username, attribute, value, op
FROM radcheck WHERE username = '%{SQL-User-Name}'AND a='0' ORDER BY id"
authorize_reply_query = "SELECT id, username, attribute, value, op
FROM radreply WHERE username = '%{SQL-User-Name}'AND a='0' ORDER BY id"
authorize_group_check_query = "SELECT id, groupname, attribute,
Value, op FROM radgroupcheck WHERE groupname = '%{SQL-Group}' ORDER BY id"
group_membership_query = "SELECT groupname FROM radusergroup WHERE
username = '%{SQL-User-Name}' ORDER BY priority"
simul_count_query = "SELECT COUNT(*) FROM radacct WHERE username =
'%{SQL-User-Name}' AND acctstoptime IS NULL"
safe_characters =
"@abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789.-_: /"
accounting {
reference = "%{tolower:type.%{Acct-Status-Type}.query}"
type {
accounting-on {
query = "UPDATE radacct SET acctstoptime = CURRENT_TIMESTAMP(),
acctsessiontime = unix_timestamp(CURRENT_TIMESTAMP()) -
unix_timestamp(acctstarttime), acctterminatecause =
'%{%{Acct-Terminate-Cause}:-NAS-Reboot}', acctstopdelay =
%{%{Acct-Delay-Time}:-0}, dup = '%{Acct-Session-Id}',
t_session = unix_timestamp(), nas_name =
'%{NAS-Identifier}', t_update = '%{Acct-Interim-Interval}' WHERE
acctstoptime IS NULL AND nasipaddress = '%{NAS-IP-Address}' AND
acctstarttime <= '%S'"
}
accounting-off {
query = "UPDATE radacct SET acctstoptime = CURRENT_TIMESTAMP(),
acctsessiontime = unix_timestamp(CURRENT_TIMESTAMP()) -
unix_timestamp(acctstarttime), acctterminatecause =
'%{%{Acct-Terminate-Cause}:-NAS-Reboot}', acctstopdelay =
%{%{Acct-Delay-Time}:-0}, dup = '%{Acct-Session-Id}',
t_session = unix_timestamp(), nas_name =
'%{NAS-Identifier}', t_update = '%{Acct-Interim-Interval}' WHERE
acctstoptime IS NULL AND nasipaddress = '%{NAS-IP-Address}' AND
acctstarttime <= '%S'"
}
start {
query = "INSERT INTO radacct (acctsessionid,
acctuniqueid, username, realm, nasipaddress,
nasportid, nasporttype,acctstarttime, acctupdatetime,
acctstoptime, acctsessiontime, acctauthentic,
connectinfo_start, connectinfo_stop, acctinputoctets,
acctoutputoctets, calledstationid, callingstationid,
acctterminatecause, servicetype, framedprotocol,
framedipaddress, dup, t_session,
nas_name,groupname,down_uq,up_uq,down_cq,up_cq,up_dq,dwon_dq,time_dq,all_tu,all_tc,id_card,t_update)
VALUES ('%{Acct-Session-Id}', '%{Acct-Unique-Session-Id}',
'%{SQL-User-Name}', '%{Realm}', '%{NAS-IP-Address}',
'%{%{NAS-Port-ID}:-%{NAS-Port}}', '%{NAS-Port-Type}', '%S',
CURRENT_TIMESTAMP(), NULL, '0', '%{Acct-Authentic}', '%{Connect-Info}', '',
'0', '0', '%{Called-Station-Id}', '%{Calling-Station-Id}', '',
'%{Service-Type}', '%{Framed-Protocol}', '%{Framed-IP-Address}',
'%{Acct-Session-Id}', unix_timestamp(), '%{NAS-Identifier}',
COALESCE((SELECT groupname FROM `radusergroup` WHERE username =
'%{SQL-User-Name}'),'0'), COALESCE((SELECT SUM(r1.acctoutputoctets) FROM
radacct as `r1` INNER JOIN userinfo ON (userinfo.username=r1.username)
WHERE r1.username = '%{SQL-User-Name}' AND
UNIX_TIMESTAMP(STR_TO_DATE(r1.acctstarttime, '%%Y-%%m-%%d %%H:%%i:%%s')) >=
userinfo.updatedate),'0'), COALESCE((SELECT SUM(r3.acctinputoctets) FROM
radacct as `r3` INNER JOIN userinfo ON (userinfo.username=r3.username)
WHERE r3.username = '%{SQL-User-Name}' AND
UNIX_TIMESTAMP(STR_TO_DATE(r3.acctstarttime, '%%Y-%%m-%%d %%H:%%i:%%s')) >=
userinfo.updatedate),'0'), COALESCE((SELECT SUM(r2.acctoutputoctets) FROM
radacct as `r2` INNER JOIN radcheck ON (radcheck.username=r2.username AND
radcheck.is_card ='1' ) WHERE r2.username = '%{SQL-User-Name}'),'0'),
COALESCE((SELECT SUM(r4.acctinputoctets) FROM radacct as `r4` INNER JOIN
radcheck ON (radcheck.username=r4.username AND radcheck.is_card ='1' )
WHERE r4.username = '%{SQL-User-Name}'),'0'), COALESCE((SELECT
SUM(`r5`.`acctinputoctets`) FROM `radacct` as `r5` WHERE
DATE_FORMAT(STR_TO_DATE(`r5`.`acctstarttime`,'%%Y-%%m-%%d
%%H:%%i:%%s'),'%%Y-%%m-%%d') = DATE_FORMAT(NOW(),'%%Y-%%m-%%d') AND
r5.username = '%{SQL-User-Name}'),'0'), COALESCE((SELECT
SUM(`r6`.`acctoutputoctets`) FROM `radacct` as `r6` WHERE
DATE_FORMAT(STR_TO_DATE(`r6`.`acctstarttime`,'%%Y-%%m-%%d
%%H:%%i:%%s'),'%%Y-%%m-%%d') = DATE_FORMAT(NOW(),'%%Y-%%m-%%d') AND
r6.username = '%{SQL-User-Name}'),'0'), COALESCE((SELECT
SUM(`r7`.`acctsessiontime`) FROM `radacct` as `r7` WHERE
DATE_FORMAT(STR_TO_DATE(`r7`.`acctstarttime`,'%%Y-%%m-%%d
%%H:%%i:%%s'),'%%Y-%%m-%%d') = DATE_FORMAT(NOW(),'%%Y-%%m-%%d') AND
r7.username = '%{SQL-User-Name}'),'0'), COALESCE((SELECT
SUM(`r8`.`acctsessiontime`) FROM `radacct` `r8` INNER JOIN `userinfo` ON
(`r8`.`username` = `userinfo`.`username`) WHERE
UNIX_TIMESTAMP(STR_TO_DATE(`r8`.`acctstarttime`, '%%Y-%%m-%%d
%%H:%%i:%%s')) >=`userinfo`.`updatedate` AND r8.username =
'%{SQL-User-Name}' ),'0'), COALESCE((SELECT SUM(`r9`.`acctsessiontime`)
FROM `radacct` `r9` INNER JOIN `radcheck` ON(`radcheck`.`username` =
`r9`.`username` AND `radcheck`.`is_card` ='1') WHERE r9.username =
'%{SQL-User-Name}' ),'0'), COALESCE((SELECT `radcheck`.`id_card` FROM
`radacct` `r10` INNER JOIN `radcheck` ON(`radcheck`.`username` =
`r10`.`username` AND `radcheck`.`is_card` ='1') WHERE radcheck.username =
'%{SQL-User-Name}' AND `radcheck`.`attribute`='Cleartext-Password' LIMIT 1
),'0'), '%{Acct-Interim-Interval}' )"
}
interim-update {
query = "UPDATE radacct SET acctupdatetime =
(@acctupdatetime_old:=acctupdatetime), acctupdatetime =
CURRENT_TIMESTAMP(), acctinterval= CURRENT_TIMESTAMP() -
UNIX_TIMESTAMP(@acctupdatetime_old), framedipaddress =
'%{Framed-IP-Address}', acctsessiontime = %{%{Acct-Session-Time}:-NULL},
acctinputoctets = '%{%{Acct-Input-Gigawords}:-0}' << 32 |
'%{%{Acct-Input-Octets}:-0}', acctoutputoctets =
'%{%{Acct-Output-Gigawords}:-0}' << 32 | '%{%{Acct-Output-Octets}:-0}',
dup= '%{Acct-Session-Id}', t_session = unix_timestamp(),
nas_name = '%{NAS-Identifier}', t_update =
'%{Acct-Interim-Interval}' WHERE acctsessionid = '%{Acct-Session-Id}'AND
username = '%{SQL-User-Name}'"
}
stop {
query = "UPDATE radacct SET acctstoptime =
CURRENT_TIMESTAMP(), acctsessiontime = %{%{Acct-Session-Time}:-NULL},
acctinputoctets = '%{%{Acct-Input-Gigawords}:-0}' << 32 |
'%{%{Acct-Input-Octets}:-0}', acctoutputoctets =
'%{%{Acct-Output-Gigawords}:-0}' << 32 | '%{%{Acct-Output-Octets}:-0}',
acctterminatecause = '%{Acct-Terminate-Cause}', connectinfo_stop =
'%{Connect-Info}', dup = '%{Acct-Session-Id}', t_session
= unix_timestamp(), nas_name = '%{NAS-Identifier}',
t_update = '%{Acct-Interim-Interval}' WHERE acctsessionid =
'%{Acct-Session-Id}'AND username = '%{SQL-User-Name}'"
}
}
}
post-auth {
reference = ".query"
query = "INSERT INTO radpostauth (username, pass, reply, authdate,
nasipaddress, macaddress,framedipaddress) VALUES ( '%{SQL-User-Name}',
'%{%{User-Password}:-%{Chap-Password}}', '%{reply:Packet-Type}',
CURRENT_TIMESTAMP(),'%{NAS-IP-Address}', '%{Calling-Station-ID}',
'%{Framed-IP-Address}' )"
}
}
rlm_sql (sql): Driver rlm_sql_mysql (module rlm_sql_mysql) loaded and linked
Creating attribute SQL-Group
# Loaded module rlm_preprocess
# Loading module "preprocess" from file
/etc/freeradius/mods-enabled/preprocess
preprocess {
huntgroups = "/etc/freeradius/mods-config/preprocess/huntgroups"
hints = "/etc/freeradius/mods-config/preprocess/hints"
with_ascend_hack = no
ascend_channels_per_line = 23
with_ntdomain_hack = no
with_specialix_jetstream_hack = no
with_cisco_vsa_hack = no
with_alvarion_vsa_hack = no
}
# Loaded module rlm_expiration
# Loading module "expiration" from file
/etc/freeradius/mods-enabled/expiration
# Loaded module rlm_chap
# Loading module "chap" from file /etc/freeradius/mods-enabled/chap
# Loaded module rlm_logintime
# Loading module "logintime" from file
/etc/freeradius/mods-enabled/logintime
logintime {
minimum_timeout = 60
}
# Loaded module rlm_realm
# Loading module "IPASS" from file /etc/freeradius/mods-enabled/realm
realm IPASS {
format = "prefix"
delimiter = "/"
ignore_default = no
ignore_null = no
}
# Loading module "suffix" from file /etc/freeradius/mods-enabled/realm
realm suffix {
format = "suffix"
delimiter = "@"
ignore_default = no
ignore_null = no
}
# Loading module "realmpercent" from file
/etc/freeradius/mods-enabled/realm
realm realmpercent {
format = "suffix"
delimiter = "%"
ignore_default = no
ignore_null = no
}
# Loading module "ntdomain" from file /etc/freeradius/mods-enabled/realm
realm ntdomain {
format = "prefix"
delimiter = "\\"
ignore_default = no
ignore_null = no
}
# Loaded module rlm_unix
# Loading module "unix" from file /etc/freeradius/mods-enabled/unix
unix {
radwtmp = "/var/log/freeradius/radwtmp"
}
Creating attribute Unix-Group
# Loaded module rlm_passwd
# Loading module "etc_passwd" from file
/etc/freeradius/mods-enabled/passwd
passwd etc_passwd {
filename = "/etc/passwd"
format = "*User-Name:Crypt-Password:"
delimiter = ":"
ignore_nislike = no
ignore_empty = yes
allow_multiple_keys = no
hash_size = 100
}
# Loaded module rlm_digest
# Loading module "digest" from file /etc/freeradius/mods-enabled/digest
# Loading module "ntlm_auth" from file
/etc/freeradius/mods-enabled/ntlm_auth
exec ntlm_auth {
wait = yes
program = "/path/to/ntlm_auth --request-nt-key --domain=MYDOMAIN
--username=%{mschap:User-Name} --password=%{User-Password}"
shell_escape = yes
}
# Loaded module rlm_replicate
# Loading module "replicate" from file
/etc/freeradius/mods-enabled/replicate
# Loaded module rlm_detail
# Loading module "auth_log" from file
/etc/freeradius/mods-enabled/detail.log
detail auth_log {
filename =
"/var/log/freeradius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d"
header = "%t"
permissions = 384
locking = no
escape_filenames = no
log_packet_header = no
}
# Loading module "reply_log" from file
/etc/freeradius/mods-enabled/detail.log
detail reply_log {
filename =
"/var/log/freeradius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/reply-detail-%Y%m%d"
header = "%t"
permissions = 384
locking = no
escape_filenames = no
log_packet_header = no
}
# Loading module "pre_proxy_log" from file
/etc/freeradius/mods-enabled/detail.log
detail pre_proxy_log {
filename =
"/var/log/freeradius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/pre-proxy-detail-%Y%m%d"
header = "%t"
permissions = 384
locking = no
escape_filenames = no
log_packet_header = no
}
# Loading module "post_proxy_log" from file
/etc/freeradius/mods-enabled/detail.log
detail post_proxy_log {
filename =
"/var/log/freeradius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/post-proxy-detail-%Y%m%d"
header = "%t"
permissions = 384
locking = no
escape_filenames = no
log_packet_header = no
}
# Loaded module rlm_mschap
# Loading module "mschap" from file /etc/freeradius/mods-enabled/mschap
mschap {
use_mppe = yes
require_encryption = no
require_strong = no
with_ntdomain_hack = yes
passchange {
}
allow_retry = yes
}
# Loading module "detail" from file /etc/freeradius/mods-enabled/detail
detail {
filename =
"/var/log/freeradius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/detail-%Y%m%d"
header = "%t"
permissions = 384
locking = no
escape_filenames = no
log_packet_header = no
}
# Loading module "echo" from file /etc/freeradius/mods-enabled/echo
exec echo {
wait = yes
program = "/bin/echo %{User-Name}"
input_pairs = "request"
output_pairs = "reply"
shell_escape = yes
}
# Loaded module rlm_unpack
# Loading module "unpack" from file /etc/freeradius/mods-enabled/unpack
# Loaded module rlm_always
# Loading module "reject" from file /etc/freeradius/mods-enabled/always
always reject {
rcode = "reject"
simulcount = 0
mpp = no
}
# Loading module "fail" from file /etc/freeradius/mods-enabled/always
always fail {
rcode = "fail"
simulcount = 0
mpp = no
}
# Loading module "ok" from file /etc/freeradius/mods-enabled/always
always ok {
rcode = "ok"
simulcount = 0
mpp = no
}
# Loading module "handled" from file /etc/freeradius/mods-enabled/always
always handled {
rcode = "handled"
simulcount = 0
mpp = no
}
# Loading module "invalid" from file /etc/freeradius/mods-enabled/always
always invalid {
rcode = "invalid"
simulcount = 0
mpp = no
}
# Loading module "userlock" from file /etc/freeradius/mods-enabled/always
always userlock {
rcode = "userlock"
simulcount = 0
mpp = no
}
# Loading module "notfound" from file /etc/freeradius/mods-enabled/always
always notfound {
rcode = "notfound"
simulcount = 0
mpp = no
}
# Loading module "noop" from file /etc/freeradius/mods-enabled/always
always noop {
rcode = "noop"
simulcount = 0
mpp = no
}
# Loading module "updated" from file /etc/freeradius/mods-enabled/always
always updated {
rcode = "updated"
simulcount = 0
mpp = no
}
# Loaded module rlm_cache
# Loading module "cache_eap" from file
/etc/freeradius/mods-enabled/cache_eap
cache cache_eap {
driver = "rlm_cache_rbtree"
key = "%{%{control:State}:-%{%{reply:State}:-%{State}}}"
ttl = 15
max_entries = 0
epoch = 0
add_stats = no
}
# Loaded module rlm_radutmp
# Loading module "radutmp" from file /etc/freeradius/mods-enabled/radutmp
radutmp {
filename = "/var/log/freeradius/radutmp"
username = "%{User-Name}"
case_sensitive = yes
check_with_nas = yes
permissions = 384
caller_id = yes
}
# Loaded module rlm_files
# Loading module "files" from file /etc/freeradius/mods-enabled/files
files {
filename = "/etc/freeradius/mods-config/files/authorize"
acctusersfile = "/etc/freeradius/mods-config/files/accounting"
preproxy_usersfile = "/etc/freeradius/mods-config/files/pre-proxy"
}
# Loaded module rlm_expr
# Loading module "expr" from file /etc/freeradius/mods-enabled/expr
expr {
safe_characters =
"@abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789.-_:
/äéöüàâæçèéêëîïôœùûüaÿÄÉÖÜßÀÂÆÇÈÉÊËÎÏÔŒÙÛÜŸ"
}
# Loading module "sradutmp" from file
/etc/freeradius/mods-enabled/sradutmp
radutmp sradutmp {
filename = "/var/log/freeradius/sradutmp"
username = "%{User-Name}"
case_sensitive = yes
check_with_nas = yes
permissions = 420
caller_id = no
}
# Loaded module rlm_pap
# Loading module "pap" from file /etc/freeradius/mods-enabled/pap
pap {
normalise = yes
}
# Loaded module rlm_soh
# Loading module "soh" from file /etc/freeradius/mods-enabled/soh
soh {
dhcp = yes
}
# Loaded module rlm_dynamic_clients
# Loading module "dynamic_clients" from file
/etc/freeradius/mods-enabled/dynamic_clients
# Loaded module rlm_linelog
# Loading module "linelog" from file /etc/freeradius/mods-enabled/linelog
linelog {
filename = "/var/log/freeradius/linelog"
escape_filenames = no
syslog_severity = "info"
permissions = 384
format = "This is a log message for %{User-Name}"
reference = "messages.%{%{reply:Packet-Type}:-default}"
}
# Loading module "log_accounting" from file
/etc/freeradius/mods-enabled/linelog
linelog log_accounting {
filename = "/var/log/freeradius/linelog-accounting"
escape_filenames = no
syslog_severity = "info"
permissions = 384
format = ""
reference = "Accounting-Request.%{%{Acct-Status-Type}:-unknown}"
}
# Loaded module rlm_eap
# Loading module "eap" from file /etc/freeradius/mods-enabled/eap
eap {
default_eap_type = "md5"
timer_expire = 60
ignore_unknown_eap_types = no
cisco_accounting_username_bug = no
max_sessions = 102400000
}
# Loaded module rlm_utf8
# Loading module "utf8" from file /etc/freeradius/mods-enabled/utf8
instantiate {
}
# Instantiating module "attr_filter.post-proxy" from file
/etc/freeradius/mods-enabled/attr_filter
reading pairlist file /etc/freeradius/mods-config/attr_filter/post-proxy
# Instantiating module "attr_filter.pre-proxy" from file
/etc/freeradius/mods-enabled/attr_filter
reading pairlist file /etc/freeradius/mods-config/attr_filter/pre-proxy
# Instantiating module "attr_filter.access_reject" from file
/etc/freeradius/mods-enabled/attr_filter
reading pairlist file /etc/freeradius/mods-config/attr_filter/access_reject
[/etc/freeradius/mods-config/attr_filter/access_reject]:11 Check item
"FreeRADIUS-Response-Delay" found in filter list for realm "DEFAULT".
[/etc/freeradius/mods-config/attr_filter/access_reject]:11 Check item
"FreeRADIUS-Response-Delay-USec" found in filter list for realm "DEFAULT".
# Instantiating module "attr_filter.access_challenge" from file
/etc/freeradius/mods-enabled/attr_filter
reading pairlist file
/etc/freeradius/mods-config/attr_filter/access_challenge
# Instantiating module "attr_filter.accounting_response" from file
/etc/freeradius/mods-enabled/attr_filter
reading pairlist file
/etc/freeradius/mods-config/attr_filter/accounting_response
# Instantiating module "sql" from file /etc/freeradius/mods-enabled/sql
rlm_sql_mysql: libmysql version: 5.5.62
mysql {
tls {
}
warnings = "auto"
}
rlm_sql (sql): Attempting to connect to database "radius"
rlm_sql (sql): Initialising connection pool
pool {
start = 5
min = 5
max = 10
spare = 3
uses = 0
lifetime = 0
cleanup_interval = 30
idle_timeout = 60
retry_delay = 30
spread = no
}
rlm_sql (sql): Opening additional connection (0), 1 of 10 pending slots used
rlm_sql_mysql: Starting connect to MySQL server
rlm_sql_mysql: Connected to database 'radius' on Localhost via UNIX socket,
server version 5.6.33-0ubuntu0.14.04.1, protocol version 10
rlm_sql (sql): Opening additional connection (1), 1 of 9 pending slots used
rlm_sql_mysql: Starting connect to MySQL server
rlm_sql_mysql: Connected to database 'radius' on Localhost via UNIX socket,
server version 5.6.33-0ubuntu0.14.04.1, protocol version 10
rlm_sql (sql): Opening additional connection (2), 1 of 8 pending slots used
rlm_sql_mysql: Starting connect to MySQL server
rlm_sql_mysql: Connected to database 'radius' on Localhost via UNIX socket,
server version 5.6.33-0ubuntu0.14.04.1, protocol version 10
rlm_sql (sql): Opening additional connection (3), 1 of 7 pending slots used
rlm_sql_mysql: Starting connect to MySQL server
rlm_sql_mysql: Connected to database 'radius' on Localhost via UNIX socket,
server version 5.6.33-0ubuntu0.14.04.1, protocol version 10
rlm_sql (sql): Opening additional connection (4), 1 of 6 pending slots used
rlm_sql_mysql: Starting connect to MySQL server
rlm_sql_mysql: Connected to database 'radius' on Localhost via UNIX socket,
server version 5.6.33-0ubuntu0.14.04.1, protocol version 10
rlm_sql (sql): Processing generate_sql_clients
rlm_sql (sql) in generate_sql_clients: query is SELECT id, nasname,
shortname, type, secret, server FROM nas
rlm_sql (sql): Reserved connection (0)
rlm_sql (sql): Executing select query: SELECT id, nasname, shortname, type,
secret, server FROM nas
rlm_sql (sql): Adding client 10.10.32.2 (????? 5) to global clients list
rlm_sql (10.10.32.2): Client "????? 5" (sql) added
rlm_sql (sql): Adding client 10.10.35.176 (??????? 2) to global clients list
rlm_sql (10.10.35.176): Client "??????? 2" (sql) added
rlm_sql (sql): Adding client 10.10.35.178 (????????) to global clients list
rlm_sql (10.10.35.178): Client "????????" (sql) added
rlm_sql (sql): Adding client 10.10.33.7 (????? ???????) to global clients
list
rlm_sql (10.10.33.7): Client "????? ???????" (sql) added
rlm_sql (sql): Adding client 10.10.35.185 (????? 1) to global clients list
rlm_sql (10.10.35.185): Client "????? 1" (sql) added
rlm_sql (sql): Adding client 10.100.11.18 (???????) to global clients list
rlm_sql (10.100.11.18): Client "???????" (sql) added
rlm_sql (sql): Adding client 10.100.12.2 (??? ??? 1) to global clients list
rlm_sql (10.100.12.2): Client "??? ??? 1" (sql) added
rlm_sql (sql): Adding client 10.100.12.6 (??? ??? 2) to global clients list
rlm_sql (10.100.12.6): Client "??? ??? 2" (sql) added
rlm_sql (sql): Adding client 10.100.12.10 (??? ??? 3) to global clients list
rlm_sql (10.100.12.10): Client "??? ??? 3" (sql) added
rlm_sql (sql): Adding client 10.10.32.25 (????? ??????) to global clients
list
rlm_sql (10.10.32.25): Client "????? ??????" (sql) added
rlm_sql (sql): Adding client 10.10.41.2 (????? 1) to global clients list
rlm_sql (10.10.41.2): Client "????? 1" (sql) added
rlm_sql (sql): Adding client 10.100.13.187 (???? 2) to global clients list
rlm_sql (10.100.13.187): Client "???? 2" (sql) added
rlm_sql (sql): Adding client 10.100.13.188 (???? 3) to global clients list
rlm_sql (10.100.13.188): Client "???? 3" (sql) added
rlm_sql (sql): Adding client 10.10.32.163 (????? ???? 14) to global clients
list
rlm_sql (10.10.32.163): Client "????? ???? 14" (sql) added
rlm_sql (sql): Adding client 10.10.37.4 (????? 2) to global clients list
rlm_sql (10.10.37.4): Client "????? 2" (sql) added
rlm_sql (sql): Adding client 10.10.33.6 (??????? ????????) to global
clients list
rlm_sql (10.10.33.6): Client "??????? ????????" (sql) added
rlm_sql (sql): Adding client 10.10.35.3 (??????? 1) to global clients list
rlm_sql (10.10.35.3): Client "??????? 1" (sql) added
rlm_sql (sql): Adding client 10.10.35.4 (??????) to global clients list
rlm_sql (10.10.35.4): Client "??????" (sql) added
rlm_sql (sql): Adding client 10.10.33.2 (????? 1) to global clients list
rlm_sql (10.10.33.2): Client "????? 1" (sql) added
rlm_sql (sql): Adding client 10.10.33.3 (????? 2) to global clients list
rlm_sql (10.10.33.3): Client "????? 2" (sql) added
rlm_sql (sql): Adding client 10.10.37.3 (????? 1) to global clients list
rlm_sql (10.10.37.3): Client "????? 1" (sql) added
rlm_sql (sql): Adding client 10.10.32.5 (????? 1) to global clients list
rlm_sql (10.10.32.5): Client "????? 1" (sql) added
rlm_sql (sql): Adding client 10.10.32.6 (????? 2) to global clients list
rlm_sql (10.10.32.6): Client "????? 2" (sql) added
rlm_sql (sql): Adding client 10.10.32.7 (????? 3) to global clients list
rlm_sql (10.10.32.7): Client "????? 3" (sql) added
rlm_sql (sql): Adding client 10.10.32.8 (????? 4) to global clients list
rlm_sql (10.10.32.8): Client "????? 4" (sql) added
rlm_sql (sql): Adding client 10.10.35.186 (????? 2) to global clients list
rlm_sql (10.10.35.186): Client "????? 2" (sql) added
rlm_sql (sql): Adding client 10.10.41.3 (????? 2) to global clients list
rlm_sql (10.10.41.3): Client "????? 2" (sql) added
rlm_sql (sql): Adding client 10.10.32.9 (???????? 1) to global clients list
rlm_sql (10.10.32.9): Client "???????? 1" (sql) added
rlm_sql (sql): Adding client 10.10.32.10 (???????? 2) to global clients list
rlm_sql (10.10.32.10): Client "???????? 2" (sql) added
rlm_sql (sql): Adding client 10.10.32.11 (????????) to global clients list
rlm_sql (10.10.32.11): Client "????????" (sql) added
rlm_sql (sql): Adding client 10.10.34.2 (?????? 1) to global clients list
rlm_sql (10.10.34.2): Client "?????? 1" (sql) added
rlm_sql (sql): Adding client 10.10.34.5 (????? ?????? 1) to global clients
list
rlm_sql (10.10.34.5): Client "????? ?????? 1" (sql) added
rlm_sql (sql): Adding client 10.10.37.12 (??????? 1) to global clients list
rlm_sql (10.10.37.12): Client "??????? 1" (sql) added
rlm_sql (sql): Adding client 10.10.37.13 (??????? 2) to global clients list
rlm_sql (10.10.37.13): Client "??????? 2" (sql) added
rlm_sql (sql): Adding client 10.10.34.6 (?????? 4) to global clients list
rlm_sql (10.10.34.6): Client "?????? 4" (sql) added
rlm_sql (sql): Adding client 10.10.34.7 (?????? 5) to global clients list
rlm_sql (10.10.34.7): Client "?????? 5" (sql) added
rlm_sql (sql): Adding client 10.10.37.14 (???????? 1) to global clients list
rlm_sql (10.10.37.14): Client "???????? 1" (sql) added
rlm_sql (sql): Adding client 10.10.37.15 (???????? 2) to global clients list
rlm_sql (10.10.37.15): Client "???????? 2" (sql) added
rlm_sql (sql): Adding client 10.10.32.16 (??? ???????? 1) to global clients
list
rlm_sql (10.10.32.16): Client "??? ???????? 1" (sql) added
rlm_sql (sql): Adding client 10.10.32.17 (??? ???????? 2) to global clients
list
rlm_sql (10.10.32.17): Client "??? ???????? 2" (sql) added
rlm_sql (sql): Adding client 10.100.13.186 (???? 1) to global clients list
rlm_sql (10.100.13.186): Client "???? 1" (sql) added
rlm_sql (sql): Adding client 10.10.32.18 (????? 6) to global clients list
rlm_sql (10.10.32.18): Client "????? 6" (sql) added
rlm_sql (sql): Adding client 10.10.32.19 (????? 7) to global clients list
rlm_sql (10.10.32.19): Client "????? 7" (sql) added
rlm_sql (sql): Adding client 10.254.1.2 (????? ??????? 1) to global clients
list
rlm_sql (10.254.1.2): Client "????? ??????? 1" (sql) added
rlm_sql (sql): Adding client 10.254.1.3 (????? ??????? 2) to global clients
list
rlm_sql (10.254.1.3): Client "????? ??????? 2" (sql) added
rlm_sql (sql): Adding client 10.254.1.4 (????? ??????? 3) to global clients
list
rlm_sql (10.254.1.4): Client "????? ??????? 3" (sql) added
rlm_sql (sql): Adding client 10.254.1.5 (????? ??????? 4) to global clients
list
rlm_sql (10.254.1.5): Client "????? ??????? 4" (sql) added
rlm_sql (sql): Adding client 10.254.2.2 (????? ?????? 1) to global clients
list
rlm_sql (10.254.2.2): Client "????? ?????? 1" (sql) added
rlm_sql (sql): Adding client 10.254.2.5 (????? ?????? 2) to global clients
list
rlm_sql (10.254.2.5): Client "????? ?????? 2" (sql) added
rlm_sql (sql): Adding client 10.10.39.2 (??????????? 1) to global clients
list
rlm_sql (10.10.39.2): Client "??????????? 1" (sql) added
rlm_sql (sql): Adding client 10.10.39.3 (??????????? 2) to global clients
list
rlm_sql (10.10.39.3): Client "??????????? 2" (sql) added
rlm_sql (sql): Adding client 10.10.39.4 (??????????? 3) to global clients
list
rlm_sql (10.10.39.4): Client "??????????? 3" (sql) added
rlm_sql (sql): Adding client 10.10.39.5 (??????????? 4) to global clients
list
rlm_sql (10.10.39.5): Client "??????????? 4" (sql) added
rlm_sql (sql): Adding client 10.10.39.6 (??????????? 5) to global clients
list
rlm_sql (10.10.39.6): Client "??????????? 5" (sql) added
rlm_sql (sql): Adding client 10.10.39.7 (??????????? 6) to global clients
list
rlm_sql (10.10.39.7): Client "??????????? 6" (sql) added
rlm_sql (sql): Adding client 10.10.39.8 (??????????? 7) to global clients
list
rlm_sql (10.10.39.8): Client "??????????? 7" (sql) added
rlm_sql (sql): Adding client 10.10.34.8 (????? ?????? 2) to global clients
list
rlm_sql (10.10.34.8): Client "????? ?????? 2" (sql) added
rlm_sql (sql): Adding client 10.10.32.20 (???????? 3) to global clients list
rlm_sql (10.10.32.20): Client "???????? 3" (sql) added
rlm_sql (sql): Adding client 10.10.32.21 (???????? 4) to global clients list
rlm_sql (10.10.32.21): Client "???????? 4" (sql) added
rlm_sql (sql): Adding client 10.10.40.2 (??????? 1) to global clients list
rlm_sql (10.10.40.2): Client "??????? 1" (sql) added
rlm_sql (sql): Adding client 10.10.40.3 (??????? 2) to global clients list
rlm_sql (10.10.40.3): Client "??????? 2" (sql) added
rlm_sql (sql): Adding client 10.10.32.100 (Carreour Hotspot) to global
clients list
rlm_sql (10.10.32.100): Client "Carreour Hotspot" (sql) added
rlm_sql (sql): Adding client 10.10.32.101 (ALCKEKLEY) to global clients list
rlm_sql (10.10.32.101): Client "ALCKEKLEY" (sql) added
rlm_sql (sql): Adding client 10.10.32.103 (ALMOSTAKBAL) to global clients
list
rlm_sql (10.10.32.103): Client "ALMOSTAKBAL" (sql) added
rlm_sql (sql): Adding client 10.10.32.105 (TRFAC COFFEE) to global clients
list
rlm_sql (10.10.32.105): Client "TRFAC COFFEE" (sql) added
rlm_sql (sql): Adding client 10.10.32.119 (MOHAY COFFEE) to global clients
list
rlm_sql (10.10.32.119): Client "MOHAY COFFEE" (sql) added
rlm_sql (sql): Adding client 10.10.32.133 (KRECH) to global clients list
rlm_sql (10.10.32.133): Client "KRECH" (sql) added
rlm_sql (sql): Adding client 10.10.32.134 (BSEAM) to global clients list
rlm_sql (10.10.32.134): Client "BSEAM" (sql) added
rlm_sql (sql): Adding client 10.10.32.138 (WAKEL BERMOAMER) to global
clients list
rlm_sql (10.10.32.138): Client "WAKEL BERMOAMER" (sql) added
rlm_sql (sql): Adding client 10.10.32.143 (KZEMA) to global clients list
rlm_sql (10.10.32.143): Client "KZEMA" (sql) added
rlm_sql (sql): Adding client 10.10.32.150 (WAKEL SBRATA) to global clients
list
rlm_sql (10.10.32.150): Client "WAKEL SBRATA" (sql) added
rlm_sql (sql): Adding client 10.10.33.5 (ALNZAH HOTEL) to global clients
list
rlm_sql (10.10.33.5): Client "ALNZAH HOTEL" (sql) added
rlm_sql (sql): Adding client 10.10.33.7 (ESTAHAT ALMDKEAL) to global
clients list
Failed to add duplicate client ESTAHAT ALMDKEAL
Failed to add client, possible duplicate?
rlm_sql (sql): Adding client 10.10.33.102 (RACHED COFFEE) to global clients
list
rlm_sql (10.10.33.102): Client "RACHED COFFEE" (sql) added
rlm_sql (sql): Adding client 10.10.33.108 (ALMDKEL COFFEE) to global
clients list
rlm_sql (10.10.33.108): Client "ALMDKEL COFFEE" (sql) added
rlm_sql (sql): Adding client 10.10.33.109 (WAKEL ALMUDAN) to global clients
list
rlm_sql (10.10.33.109): Client "WAKEL ALMUDAN" (sql) added
rlm_sql (sql): Adding client 10.10.33.112 (ALFORECA) to global clients list
rlm_sql (10.10.33.112): Client "ALFORECA" (sql) added
rlm_sql (sql): Adding client 10.10.33.116 (WALED COFFEE) to global clients
list
rlm_sql (10.10.33.116): Client "WALED COFFEE" (sql) added
rlm_sql (sql): Adding client 10.10.33.118 (TANGO COFFEE) to global clients
list
rlm_sql (10.10.33.118): Client "TANGO COFFEE" (sql) added
rlm_sql (sql): Adding client 10.10.33.120 (VILLAGGIO COFFEE) to global
clients list
rlm_sql (10.10.33.120): Client "VILLAGGIO COFFEE" (sql) added
rlm_sql (sql): Adding client 10.10.33.122 (ALHARA) to global clients list
rlm_sql (10.10.33.122): Client "ALHARA" (sql) added
rlm_sql (sql): Adding client 10.10.33.124 (ALMHATA COFFEE) to global
clients list
rlm_sql (10.10.33.124): Client "ALMHATA COFFEE" (sql) added
rlm_sql (sql): Adding client 10.10.33.125 (ALSH3AL COFFEE) to global
clients list
rlm_sql (10.10.33.125): Client "ALSH3AL COFFEE" (sql) added
rlm_sql (sql): Adding client 10.10.33.130 (CASA COFFEE) to global clients
list
rlm_sql (10.10.33.130): Client "CASA COFFEE" (sql) added
rlm_sql (sql): Adding client 10.10.33.131 (OSMAN COFFEE) to global clients
list
rlm_sql (10.10.33.131): Client "OSMAN COFFEE" (sql) added
rlm_sql (sql): Adding client 10.10.33.135 (SEDAZENAB COFFEE) to global
clients list
rlm_sql (10.10.33.135): Client "SEDAZENAB COFFEE" (sql) added
rlm_sql (sql): Adding client 10.10.33.137 (AL3MDA) to global clients list
rlm_sql (10.10.33.137): Client "AL3MDA" (sql) added
rlm_sql (sql): Adding client 10.10.33.139 (ALHANDSA ) to global clients list
rlm_sql (10.10.33.139): Client "ALHANDSA " (sql) added
rlm_sql (sql): Adding client 10.10.33.140 (RAMZ) to global clients list
rlm_sql (10.10.33.140): Client "RAMZ" (sql) added
rlm_sql (sql): Adding client 10.10.33.148 (ALJBE3A ALGDEMA) to global
clients list
rlm_sql (10.10.33.148): Client "ALJBE3A ALGDEMA" (sql) added
rlm_sql (sql): Adding client 10.10.33.154 (ALHNESH COFFEE) to global
clients list
rlm_sql (10.10.33.154): Client "ALHNESH COFFEE" (sql) added
rlm_sql (sql): Adding client 10.10.33.173 (TAXI Coffee) to global clients
list
rlm_sql (10.10.33.173): Client "TAXI Coffee" (sql) added
rlm_sql (sql): Adding client 10.10.33.174 (COSTA COFFEE) to global clients
list
rlm_sql (10.10.33.174): Client "COSTA COFFEE" (sql) added
rlm_sql (sql): Adding client 10.10.33.183 (ALEDMRAL COFFEE) to global
clients list
rlm_sql (10.10.33.183): Client "ALEDMRAL COFFEE" (sql) added
rlm_sql (sql): Adding client 10.10.35.184 (UNO COFFEE) to global clients
list
rlm_sql (10.10.35.184): Client "UNO COFFEE" (sql) added
rlm_sql (sql): Adding client 10.10.33.191 (ALJODA COFFEE) to global clients
list
rlm_sql (10.10.33.191): Client "ALJODA COFFEE" (sql) added
rlm_sql (sql): Adding client 10.10.34.10 (NADE ALWATAN) to global clients
list
rlm_sql (10.10.34.10): Client "NADE ALWATAN" (sql) added
rlm_sql (sql): Adding client 10.10.34.104 (ORCHID COFFEE) to global clients
list
rlm_sql (10.10.34.104): Client "ORCHID COFFEE" (sql) added
rlm_sql (sql): Adding client 10.10.34.121 (WAKEL ALSABREA) to global
clients list
rlm_sql (10.10.34.121): Client "WAKEL ALSABREA" (sql) added
rlm_sql (sql): Adding client 10.10.34.159 (ALHRCHA) to global clients list
rlm_sql (10.10.34.159): Client "ALHRCHA" (sql) added
rlm_sql (sql): Adding client 10.1.34.192 (ABDO COFFEE) to global clients
list
rlm_sql (10.1.34.192): Client "ABDO COFFEE" (sql) added
rlm_sql (sql): Adding client 10.10.35.15 (QURYAN COFFEE) to global clients
list
rlm_sql (10.10.35.15): Client "QURYAN COFFEE" (sql) added
rlm_sql (sql): Adding client 10.10.35.106 (MARTAH) to global clients list
rlm_sql (10.10.35.106): Client "MARTAH" (sql) added
rlm_sql (sql): Adding client 10.10.35.115 (LIBYBA COFFEE) to global clients
list
rlm_sql (10.10.35.115): Client "LIBYBA COFFEE" (sql) added
rlm_sql (sql): Adding client 10.10.35.136 (ALBSATEN) to global clients list
rlm_sql (10.10.35.136): Client "ALBSATEN" (sql) added
rlm_sql (sql): Adding client 10.10.35.146 (DEJNERO COFFEE) to global
clients list
rlm_sql (10.10.35.146): Client "DEJNERO COFFEE" (sql) added
rlm_sql (sql): Adding client 10.10.35.149 (EVIL COFFEE) to global clients
list
rlm_sql (10.10.35.149): Client "EVIL COFFEE" (sql) added
rlm_sql (sql): Adding client 10.10.35.151 (SUGYA COFFEE) to global clients
list
rlm_sql (10.10.35.151): Client "SUGYA COFFEE" (sql) added
rlm_sql (sql): Adding client 10.10.35.160 (ISP_AP1) to global clients list
rlm_sql (10.10.35.160): Client "ISP_AP1" (sql) added
rlm_sql (sql): Adding client 10.10.35.175 (CANOVA COFFEE) to global clients
list
rlm_sql (10.10.35.175): Client "CANOVA COFFEE" (sql) added
rlm_sql (sql): Adding client 10.100.13.4 (JAME3AT NASSER) to global clients
list
rlm_sql (10.100.13.4): Client "JAME3AT NASSER" (sql) added
rlm_sql (sql): Adding client 10.10.32.107 (GREEN COFFEE) to global clients
list
rlm_sql (10.10.32.107): Client "GREEN COFFEE" (sql) added
rlm_sql (sql): Adding client 10.100.13.10 (ALHCEY) to global clients list
rlm_sql (10.100.13.10): Client "ALHCEY" (sql) added
rlm_sql (sql): Adding client 10.10.32.111 (BENS3EB COFFEE) to global
clients list
rlm_sql (10.10.32.111): Client "BENS3EB COFFEE" (sql) added
rlm_sql (sql): Adding client 10.10.35.123 (ALBASHA COFFEE) to global
clients list
rlm_sql (10.10.35.123): Client "ALBASHA COFFEE" (sql) added
rlm_sql (sql): Adding client 10.100.13.127 (WAKEL NASSER) to global clients
list
rlm_sql (10.100.13.127): Client "WAKEL NASSER" (sql) added
rlm_sql (sql): Adding client 10.100.13.128 (MASHTAL NASER) to global
clients list
rlm_sql (10.100.13.128): Client "MASHTAL NASER" (sql) added
rlm_sql (sql): Adding client 10.100.13.129 (ALBSTAN COFFEE) to global
clients list
rlm_sql (10.100.13.129): Client "ALBSTAN COFFEE" (sql) added
rlm_sql (sql): Adding client 10.100.13.142 (BERALWS3) to global clients list
rlm_sql (10.100.13.142): Client "BERALWS3" (sql) added
rlm_sql (sql): Adding client 10.100.13.145 (MASHTAL NASER ALBEHRY) to
global clients list
rlm_sql (10.100.13.145): Client "MASHTAL NASER ALBEHRY" (sql) added
rlm_sql (sql): Adding client 10.100.13.157 (WADYE ALHYE) to global clients
list
rlm_sql (10.100.13.157): Client "WADYE ALHYE" (sql) added
rlm_sql (sql): Adding client 10.10.37.106 (WAKEL WARSFANA) to global
clients list
rlm_sql (10.10.37.106): Client "WAKEL WARSFANA" (sql) added
rlm_sql (sql): Adding client 10.100.13.55 (SAKH COFFEE) to global clients
list
rlm_sql (10.100.13.55): Client "SAKH COFFEE" (sql) added
rlm_sql (sql): Adding client 10.10.35.177 (AL3GRBY) to global clients list
rlm_sql (10.10.35.177): Client "AL3GRBY" (sql) added
rlm_sql (sql): Adding client 10.10.31.107 (BIR HASSAN CAFFEE) to global
clients list
rlm_sql (10.10.31.107): Client "BIR HASSAN CAFFEE" (sql) added
rlm_sql (sql): Adding client 10.10.31.110 (Bir Hassan marwan Coffee) to
global clients list
rlm_sql (10.10.31.110): Client "Bir Hassan marwan Coffee" (sql) added
rlm_sql (sql): Adding client 10.10.31.113 (HOTSPOT MAJDEY) to global
clients list
rlm_sql (10.10.31.113): Client "HOTSPOT MAJDEY" (sql) added
rlm_sql (sql): Adding client 10.10.34.190 (HOTSPOT ABDO) to global clients
list
rlm_sql (10.10.34.190): Client "HOTSPOT ABDO" (sql) added
rlm_sql (sql): Adding client 10.10.35.117 (HOTSPOT CHECIOG) to global
clients list
rlm_sql (10.10.35.117): Client "HOTSPOT CHECIOG" (sql) added
rlm_sql (sql): Adding client 10.10.34.60 (HOTSPOT SMAFRO AB3ESA) to global
clients list
rlm_sql (10.10.34.60): Client "HOTSPOT SMAFRO AB3ESA" (sql) added
rlm_sql (sql): Adding client 10.10.32.61 (HOTSPOT WARCHVANA) to global
clients list
rlm_sql (10.10.32.61): Client "HOTSPOT WARCHVANA" (sql) added
rlm_sql (sql): Adding client 10.10.32.63 (HOTSPOT SU) to global clients list
rlm_sql (10.10.32.63): Client "HOTSPOT SU" (sql) added
rlm_sql (sql): Adding client 10.10.35.132 (HOTSPOT ALHNCHE (BNEYNEY)) to
global clients list
rlm_sql (10.10.35.132): Client "HOTSPOT ALHNCHE (BNEYNEY)" (sql) added
rlm_sql (sql): Adding client 10.10.34.61 (HOTSPOT ALRGATA) to global
clients list
rlm_sql (10.10.34.61): Client "HOTSPOT ALRGATA" (sql) added
rlm_sql (sql): Adding client 10.10.35.110 (Hotspot BN) to global clients
list
rlm_sql (10.10.35.110): Client "Hotspot BN" (sql) added
rlm_sql (sql): Adding client 10.10.33.156 (HOTSPOT KASHF JRBO3) to global
clients list
rlm_sql (10.10.33.156): Client "HOTSPOT KASHF JRBO3" (sql) added
rlm_sql (sql): Adding client 10.10.35.126 (Panorama Cafe) to global clients
list
rlm_sql (10.10.35.126): Client "Panorama Cafe" (sql) added
rlm_sql (sql): Adding client 10.10.37.110 (HOTSPOT WARCHVANA 2) to global
clients list
rlm_sql (10.10.37.110): Client "HOTSPOT WARCHVANA 2" (sql) added
rlm_sql (sql): Adding client 10.10.33.11 (hotspot almudan) to global
clients list
rlm_sql (10.10.33.11): Client "hotspot almudan" (sql) added
rlm_sql (sql): Adding client 10.10.31.108 (home) to global clients list
rlm_sql (10.10.31.108): Client "home" (sql) added
rlm_sql (sql): Adding client 10.10.35.137 (TQAT3 3KRA COFFEE) to global
clients list
rlm_sql (10.10.35.137): Client "TQAT3 3KRA COFFEE" (sql) added
rlm_sql (sql): Adding client 10.10.35.116 (ALSL3A) to global clients list
rlm_sql (10.10.35.116): Client "ALSL3A" (sql) added
rlm_sql (sql): Adding client 10.254.10.2 (HOTSPOT ZWR1_MELANO) to global
clients list
rlm_sql (10.254.10.2): Client "HOTSPOT ZWR1_MELANO" (sql) added
rlm_sql (sql): Adding client 10.10.35.20 (HOTSPOT BEN3AMER) to global
clients list
rlm_sql (10.10.35.20): Client "HOTSPOT BEN3AMER" (sql) added
rlm_sql (sql): Adding client 10.10.35.21 (Billiards Cofe) to global clients
list
rlm_sql (10.10.35.21): Client "Billiards Cofe" (sql) added
rlm_sql (sql): Adding client 10.254.10.3 (hotspot ZW 2) to global clients
list
rlm_sql (10.254.10.3): Client "hotspot ZW 2" (sql) added
rlm_sql (sql): Adding client 10.100.13.70 (Nasser New 2018) to global
clients list
rlm_sql (10.100.13.70): Client "Nasser New 2018" (sql) added
rlm_sql (sql): Adding client 10.254.10.4 (ZWORA malboro) to global clients
list
rlm_sql (10.254.10.4): Client "ZWORA malboro" (sql) added
rlm_sql (sql): Adding client 0.10.35.177 (AL3GRBEY) to global clients list
rlm_sql (0.10.35.177): Client "AL3GRBEY" (sql) added
rlm_sql (sql): Adding client 10.254.1.6 (????? ??????? 5) to global clients
list
rlm_sql (10.254.1.6): Client "????? ??????? 5" (sql) added
rlm_sql (sql): Adding client 10.10.34.9 (????? ?????? 3) to global clients
list
rlm_sql (10.10.34.9): Client "????? ?????? 3" (sql) added
rlm_sql (sql): Adding client 10.80.1.2 (hotspot test 2018) to global
clients list
rlm_sql (10.80.1.2): Client "hotspot test 2018" (sql) added
rlm_sql (sql): Adding client 10.10.34.3 (?????? 2) to global clients list
rlm_sql (10.10.34.3): Client "?????? 2" (sql) added
rlm_sql (sql): Adding client 10.10.34.4 (?????? 3) to global clients list
rlm_sql (10.10.34.4): Client "?????? 3" (sql) added
rlm_sql (sql): Adding client 10.40.47.1 (jkhjkhjk) to global clients list
rlm_sql (10.40.47.1): Client "jkhjkhjk" (sql) added
rlm_sql (sql): Adding client 10.40.47.253 (local) to global clients list
rlm_sql (10.40.47.253): Client "local" (sql) added
rlm_sql (sql): Adding client 127.0.0.1 (gfgfdgfdg) to global clients list
rlm_sql (127.0.0.1): Client "gfgfdgfdg" (sql) added
rlm_sql (sql): Released connection (0)
# Instantiating module "preprocess" from file
/etc/freeradius/mods-enabled/preprocess
reading pairlist file /etc/freeradius/mods-config/preprocess/huntgroups
reading pairlist file /etc/freeradius/mods-config/preprocess/hints
# Instantiating module "expiration" from file
/etc/freeradius/mods-enabled/expiration
# Instantiating module "logintime" from file
/etc/freeradius/mods-enabled/logintime
# Instantiating module "IPASS" from file
/etc/freeradius/mods-enabled/realm
# Instantiating module "suffix" from file
/etc/freeradius/mods-enabled/realm
# Instantiating module "realmpercent" from file
/etc/freeradius/mods-enabled/realm
# Instantiating module "ntdomain" from file
/etc/freeradius/mods-enabled/realm
# Instantiating module "etc_passwd" from file
/etc/freeradius/mods-enabled/passwd
rlm_passwd: nfields: 3 keyfield 0(User-Name) listable: no
# Instantiating module "auth_log" from file
/etc/freeradius/mods-enabled/detail.log
rlm_detail (auth_log): 'User-Password' suppressed, will not appear in
detail output
# Instantiating module "reply_log" from file
/etc/freeradius/mods-enabled/detail.log
# Instantiating module "pre_proxy_log" from file
/etc/freeradius/mods-enabled/detail.log
# Instantiating module "post_proxy_log" from file
/etc/freeradius/mods-enabled/detail.log
# Instantiating module "mschap" from file
/etc/freeradius/mods-enabled/mschap
rlm_mschap (mschap): using internal authentication
# Instantiating module "detail" from file
/etc/freeradius/mods-enabled/detail
# Instantiating module "reject" from file
/etc/freeradius/mods-enabled/always
# Instantiating module "fail" from file
/etc/freeradius/mods-enabled/always
# Instantiating module "ok" from file /etc/freeradius/mods-enabled/always
# Instantiating module "handled" from file
/etc/freeradius/mods-enabled/always
# Instantiating module "invalid" from file
/etc/freeradius/mods-enabled/always
# Instantiating module "userlock" from file
/etc/freeradius/mods-enabled/always
# Instantiating module "notfound" from file
/etc/freeradius/mods-enabled/always
# Instantiating module "noop" from file
/etc/freeradius/mods-enabled/always
# Instantiating module "updated" from file
/etc/freeradius/mods-enabled/always
# Instantiating module "cache_eap" from file
/etc/freeradius/mods-enabled/cache_eap
rlm_cache (cache_eap): Driver rlm_cache_rbtree (module rlm_cache_rbtree)
loaded and linked
# Instantiating module "files" from file
/etc/freeradius/mods-enabled/files
reading pairlist file /etc/freeradius/mods-config/files/authorize
reading pairlist file /etc/freeradius/mods-config/files/accounting
reading pairlist file /etc/freeradius/mods-config/files/pre-proxy
# Instantiating module "pap" from file /etc/freeradius/mods-enabled/pap
# Instantiating module "linelog" from file
/etc/freeradius/mods-enabled/linelog
# Instantiating module "log_accounting" from file
/etc/freeradius/mods-enabled/linelog
# Instantiating module "eap" from file /etc/freeradius/mods-enabled/eap
# Linked to sub-module rlm_eap_md5
# Linked to sub-module rlm_eap_leap
# Linked to sub-module rlm_eap_gtc
gtc {
challenge = "Password: "
auth_type = "PAP"
}
# Linked to sub-module rlm_eap_tls
tls {
tls = "tls-common"
}
tls-config tls-common {
verify_depth = 0
ca_path = "/etc/freeradius/certs"
pem_file_type = yes
private_key_file = "/etc/freeradius/certs/server.pem"
certificate_file = "/etc/freeradius/certs/server.pem"
ca_file = "/etc/freeradius/certs/ca.pem"
private_key_password = <<< secret >>>
dh_file = "/etc/freeradius/certs/dh"
fragment_size = 1024
include_length = yes
auto_chain = yes
check_crl = no
check_all_crl = no
cipher_list = "DEFAULT"
ecdh_curve = "prime256v1"
cache {
enable = yes
lifetime = 24
max_entries = 255
}
verify {
skip_if_ocsp_ok = no
}
ocsp {
enable = no
override_cert_url = yes
url = "http://127.0.0.1/ocsp/"
use_nonce = yes
timeout = 0
softfail = no
}
}
# Linked to sub-module rlm_eap_ttls
ttls {
tls = "tls-common"
default_eap_type = "md5"
copy_request_to_tunnel = no
use_tunneled_reply = no
virtual_server = "inner-tunnel"
include_length = yes
require_client_cert = no
}
tls: Using cached TLS configuration from previous invocation
# Linked to sub-module rlm_eap_peap
peap {
tls = "tls-common"
default_eap_type = "mschapv2"
copy_request_to_tunnel = no
use_tunneled_reply = no
proxy_tunneled_request_as_eap = yes
virtual_server = "inner-tunnel"
soh = no
require_client_cert = no
}
tls: Using cached TLS configuration from previous invocation
# Linked to sub-module rlm_eap_mschapv2
mschapv2 {
with_ntdomain_hack = no
send_error = no
}
} # modules
radiusd: #### Loading Virtual Servers ####
server { # from file /etc/freeradius/radiusd.conf
} # server
server default { # from file /etc/freeradius/sites-enabled/default
# Loading authenticate {...}
# Loading authorize {...}
# Loading preacct {...}
# Loading accounting {...}
# Loading session {...}
# Loading post-auth {...}
} # server default
server inner-tunnel { # from file /etc/freeradius/sites-enabled/inner-tunnel
# Loading authenticate {...}
# Loading authorize {...}
Ignoring "ldap" (see raddb/mods-available/README.rst)
# Loading session {...}
# Loading post-proxy {...}
# Loading post-auth {...}
} # server inner-tunnel
/etc/freeradius/sites-enabled/default[244]: Please change
"%{control:Tmp-String-1}" to &control:Tmp-String-1
radiusd: #### Opening IP addresses and Ports ####
listen {
type = "auth"
ipaddr = *
port = 0
limit {
max_connections = 0
lifetime = 0
idle_timeout = 30
}
}
listen {
type = "acct"
ipaddr = *
port = 0
limit {
max_connections = 16
lifetime = 0
idle_timeout = 30
}
}
listen {
type = "auth"
ipv6addr = ::
port = 0
limit {
max_connections = 16
lifetime = 0
idle_timeout = 30
}
}
listen {
type = "acct"
ipv6addr = ::
port = 0
}
listen {
type = "auth"
ipaddr = 127.0.0.1
port = 18120
}
Listening on auth address * port 1812 bound to server default
Listening on acct address * port 1813 bound to server default
Listening on auth address :: port 1812 bound to server default
Listening on acct address :: port 1813 bound to server default
Listening on auth address 127.0.0.1 port 18120 bound to server inner-tunnel
Listening on proxy address * port 33448
Listening on proxy address :: port 37022
Ready to process requests
(0) Received Access-Request Id 1 from 127.0.0.1:55529 to 127.0.0.1:1812
length 124
(0) NAS-IP-Address = 10.40.47.1
(0) Framed-Protocol = PPP
(0) Service-Type = Login-User
(0) Framed-IP-Address = 10.40.47.200
(0) Calling-Station-Id = "10.40.47.200"
(0) NAS-Identifier = "Ahmed"
(0) Acct-Session-Id = "fdfsdfsdf"
(0) NAS-Port-Type = PPPoEoE
(0) Acct-Status-Type = Interim-Update
(0) Acct-Delay-Time = 10
(0) Port-Limit = 5
(0) User-Name = "test"
(0) User-Password = "test"
(0) # Executing section authorize from file
/etc/freeradius/sites-enabled/default
(0) authorize {
(0) update {
(0) Executing: /usr/bin/php5 /var/www/html/set_idle_timeout.php
%{User-Name} %{%{User-Password}:-%{Chap-Password}} %{Framed-IP-Address} 3
%{Calling-Station-Id} %{Framed-Protocol} %{NAS-Identifier} :
(0) EXPAND %{User-Name}
(0) --> test
(0) EXPAND %{%{User-Password}:-%{Chap-Password}}
(0) --> test
(0) EXPAND %{Framed-IP-Address}
(0) --> 10.40.47.200
(0) EXPAND %{Calling-Station-Id}
(0) --> 10.40.47.200
(0) EXPAND %{Framed-Protocol}
(0) --> PPP
(0) EXPAND %{NAS-Identifier}
(0) --> Ahmed
(0) Program returned code (0) and output ' Idle-Timeout
:='180',Mikrotik-Rate-Limit :="5120k/0 0/0 0/0 0/0 8", Idle-Timeout :='180''
(0) control::Idle-Timeout := 180
(0) control::Mikrotik-Rate-Limit := 5120k/0 0/0 0/0 0/0 8
(0) control::Idle-Timeout := 180
(0) } # update = noop
(0) update reply {
(0) No attributes updated
(0) No attributes updated
(0) No attributes updated
(0) No attributes updated
(0) Mikrotik-Rate-Limit := &control:Mikrotik-Rate-Limit -> '5120k/0
0/0 0/0 0/0 8'
(0) } # update reply = noop
(0) [chap] = noop
(0) [mschap] = noop
(0) sql: EXPAND %{User-Name}
(0) sql: --> test
(0) sql: SQL-User-Name set to 'test'
rlm_sql (sql): Reserved connection (1)
(0) sql: EXPAND SELECT id, username, attribute, value, op FROM radcheck
WHERE username = '%{SQL-User-Name}'AND a='0' ORDER BY id
(0) sql: --> SELECT id, username, attribute, value, op FROM radcheck
WHERE username = 'test'AND a='0' ORDER BY id
(0) sql: Executing select query: SELECT id, username, attribute, value, op
FROM radcheck WHERE username = 'test'AND a='0' ORDER BY id
(0) sql: User found in radcheck table
(0) sql: Conditional check items matched, merging assignment check items
(0) sql: Cleartext-Password := "test"
(0) sql: Expiration := "Jan 20 2019 13:26:26 EET"
(0) sql: Simultaneous-Use := 1
(0) sql: EXPAND SELECT id, username, attribute, value, op FROM radreply
WHERE username = '%{SQL-User-Name}'AND a='0' ORDER BY id
(0) sql: --> SELECT id, username, attribute, value, op FROM radreply
WHERE username = 'test'AND a='0' ORDER BY id
(0) sql: Executing select query: SELECT id, username, attribute, value, op
FROM radreply WHERE username = 'test'AND a='0' ORDER BY id
(0) sql: EXPAND SELECT groupname FROM radusergroup WHERE username =
'%{SQL-User-Name}' ORDER BY priority
(0) sql: --> SELECT groupname FROM radusergroup WHERE username = 'test'
ORDER BY priority
(0) sql: Executing select query: SELECT groupname FROM radusergroup WHERE
username = 'test' ORDER BY priority
(0) sql: User found in the group table
(0) sql: EXPAND SELECT id, groupname, attribute, Value, op FROM
radgroupcheck WHERE groupname = '%{SQL-Group}' ORDER BY id
(0) sql: --> SELECT id, groupname, attribute, Value, op FROM
radgroupcheck WHERE groupname = '=3F=3F=3F=3F=3F=3F=3F=3F=3F=3F
60=3F=3F=3F=3F=3F=3F=3F=3F=3F=3F=3F' ORDER BY id
(0) sql: Executing select query: SELECT id, groupname, attribute, Value, op
FROM radgroupcheck WHERE groupname = '=3F=3F=3F=3F=3F=3F=3F=3F=3F=3F
60=3F=3F=3F=3F=3F=3F=3F=3F=3F=3F=3F' ORDER BY id
(0) sql: Group "?????????? 60???????????": Conditional check items matched
(0) sql: Group "?????????? 60???????????": Merging assignment check items
rlm_sql (sql): Released connection (1)
(0) [sql] = ok
(0) expiration: Account will expire at 'Jan 20 2019 13:26:26 EET'
(0) [expiration] = ok
(0) if (userlock && !"%{control:Tmp-String-1}") {
(0) if (userlock && !"%{control:Tmp-String-1}") -> FALSE
(0) [pap] = updated
(0) } # authorize = updated
(0) Found Auth-Type = PAP
(0) # Executing group from file /etc/freeradius/sites-enabled/default
(0) Auth-Type PAP {
(0) pap: Login attempt with password
(0) pap: Comparing with "known good" Cleartext-Password
(0) pap: User authenticated successfully
(0) [pap] = ok
(0) } # Auth-Type PAP = ok
(0) # Executing section session from file
/etc/freeradius/sites-enabled/default
(0) session {
(0) sql: EXPAND %{User-Name}
(0) sql: --> test
(0) sql: SQL-User-Name set to 'test'
(0) sql: EXPAND SELECT COUNT(*) FROM radacct WHERE username =
'%{SQL-User-Name}' AND acctstoptime IS NULL
(0) sql: --> SELECT COUNT(*) FROM radacct WHERE username = 'test' AND
acctstoptime IS NULL
rlm_sql (sql): Reserved connection (2)
(0) sql: Executing select query: SELECT COUNT(*) FROM radacct WHERE
username = 'test' AND acctstoptime IS NULL
rlm_sql (sql): Released connection (2)
(0) [sql] = ok
(0) } # session = ok
(0) # Executing section post-auth from file
/etc/freeradius/sites-enabled/default
(0) post-auth {
(0) sql: EXPAND .query
(0) sql: --> .query
(0) sql: Using query template 'query'
rlm_sql (sql): Reserved connection (3)
(0) sql: EXPAND %{User-Name}
(0) sql: --> test
(0) sql: SQL-User-Name set to 'test'
(0) sql: EXPAND INSERT INTO radpostauth (username, pass, reply, authdate,
nasipaddress, macaddress,framedipaddress) VALUES ( '%{SQL-User-Name}',
'%{%{User-Password}:-%{Chap-Password}}', '%{reply:Packet-Type}',
CURRENT_TIMESTAMP(),'%{NAS-IP-Address}', '%{Calling-Station-ID}',
'%{Framed-IP-Address}' )
(0) sql: --> INSERT INTO radpostauth (username, pass, reply, authdate,
nasipaddress, macaddress,framedipaddress) VALUES ( 'test', 'test',
'Access-Accept', CURRENT_TIMESTAMP(),'10.40.47.1', '10.40.47.200',
'10.40.47.200' )
(0) sql: Executing query: INSERT INTO radpostauth (username, pass, reply,
authdate, nasipaddress, macaddress,framedipaddress) VALUES ( 'test',
'test', 'Access-Accept', CURRENT_TIMESTAMP(),'10.40.47.1', '10.40.47.200',
'10.40.47.200' )
(0) sql: SQL query returned: success
(0) sql: 1 record(s) updated
rlm_sql (sql): Released connection (3)
(0) [sql] = ok
(0) } # post-auth = ok
(0) Sent Access-Accept Id 1 from 127.0.0.1:1812 to 127.0.0.1:55529 length 0
(0) Mikrotik-Rate-Limit := "5120k/0 0/0 0/0 0/0 8"
(0) Session-Timeout = 2668485
(0) Finished request
Waking up in 4.9 seconds.
(0) Cleaning up request packet ID 1 with timestamp +8
Ready to process requests
3
8
Hello Team,
I want to understand how much TPS freeRADIUS will support for below
configuration along with postgresql DB
Consider postgresql is hosted separately without any capacity limitation.
Option1 : 1GB RAM, 1core CPU
Option2 : 2GB RAM, 1core CPU
Option3 : 4GB RAM, 2core CPU
Option4 : 8GB RAM, 2core CPU
Regards,
Raghu
3
2
Thank you Herwin,
In this Documentation of FreeRadius Passwords, the CHAP and MS-CHAP support
the Cleartext-Password, so can i get the Cleartext-Password in my php
authentication script?
On Wed, Dec 19, 2018 at 4:30 PM <
freeradius-users-request(a)lists.freeradius.org> wrote:
> Send Freeradius-Users mailing list submissions to
> freeradius-users(a)lists.freeradius.org
>
> To subscribe or unsubscribe via the World Wide Web, visit
> http://lists.freeradius.org/mailman/listinfo/freeradius-users
> or, via email, send a message with subject or body 'help' to
> freeradius-users-request(a)lists.freeradius.org
>
> You can reach the person managing the list at
> freeradius-users-owner(a)lists.freeradius.org
>
> When replying, please edit your Subject line so it is more specific
> than "Re: Contents of Freeradius-Users digest..."
>
>
> Today's Topics:
>
> 1. Re: RESTful API (Alan DeKok)
> 2. Re: RESTful API (Daniel Kong)
> 3. Capacity calculation (Raghu nathan)
> 4. Re: Capacity calculation (Nathan Ward)
> 5. plain-text password not get with CHAP (Imdad Hasan)
> 6. Re: plain-text password not get with CHAP (Herwin Weststrate)
>
>
> ----------------------------------------------------------------------
>
> Message: 1
> Date: Tue, 18 Dec 2018 06:56:05 -0500
> From: Alan DeKok <aland(a)deployingradius.com>
> To: FreeRadius users mailing list
> <freeradius-users(a)lists.freeradius.org>
> Subject: Re: RESTful API
> Message-ID: <B1E0A9A8-99D0-413E-96DB-A766824CF2E9(a)deployingradius.com>
> Content-Type: text/plain; charset=us-ascii
>
>
> > On Dec 17, 2018, at 11:15 PM, Daniel Kong <daniel.kongyh(a)gmail.com>
> wrote:
> >
> > I know you guys are very busy helping the rest but I hope you can help me
> > with this. I would like freeradius to authenticate with 3rd party
> > application via REST API. I do have the configuration like below.
> >
> > connect_uri = "http://10.18.6.22:8081/apps/"
> > authenticate {
> > uri = "${..connect_uri}/user/%{User-Name}/%{User-Password}"
> > method = "get"
> > }
>
> OK...
>
> > Problem is that I do not know what to be included in the request and
> > response for every authenticate, authorize, post-auth, and accounting.
> For
> > the response, I just include the HTTP status is sufficient for
> > authentication? How about the response for authorize, post-auth, and
> > accounting?
>
> You don't need to include anything in the response. The documentation
> describes how the module works and what it does.
>
> FreeRADIUS treats the REST API as just another database. There's no
> "requirement" to put anything into SQL, so there's no requirement to put
> anything in REST.
>
> > If the freeRadius is configured to use RESTful API, does other post-auth,
> > authorize, and accounting can be use with mysql so that only
> authentication
> > is using rest?
>
> Yes. You just list "rest" in the authenticate section, and "sql"
> elsewhere.
>
> Alan DeKok.
>
>
>
>
>
> ------------------------------
>
> Message: 2
> Date: Wed, 19 Dec 2018 12:01:30 +0800
> From: Daniel Kong <daniel.kongyh(a)gmail.com>
> To: FreeRadius users mailing list
> <freeradius-users(a)lists.freeradius.org>
> Subject: Re: RESTful API
> Message-ID:
> <
> CALvNz2haTvGQvUadZHMaWVh3gRmAKK44+FTUeeFp30sczSJ4PQ(a)mail.gmail.com>
> Content-Type: text/plain; charset="UTF-8"
>
> Thanks for the feedback, Alan. I have more questions to ask regarding the
> REST authentication. How does the freeRadius know that when to let the user
> to gain access to the resources after invoke REST authentication? Does it
> rely on the REST response http status? Eg. if the 3rd party application
> returns a http status 200 means that the user is authenticated and able to
> use the resource. However if the REST response returns a http status 401
> means that he/she is unauthorized. Does the freeRadius interpret it this
> way?
>
> In order to use REST authentication only while the others like post-auth,
> authorize, and accounting using the sql, I only need to configure the REST
> for authentication. So my configuration would look like this? I just
> comment off post-auth, authorize, and accounting. Correct me if I am wrong.
>
> rest {
> tls {
> ...
> }
>
> authentication {
> }
>
> #authorize {
> #}
>
> #post-auth {
> #}
>
> #accounting {
> #}
>
> pool {
> ...
> }
> }
>
> So after authenticate is successful, freeRadius will do insertion of record
> to radpostauth and radacct table by itself?
>
> Our current usage of freeRadius is with mySQL. So we will insert record to
> radcheck and radreply table while the rest of the table will be handled by
> freeRadius. Now if we are using the REST for authentication, do we still
> need to insert record to radcheck and radreply? Do we still rely on the
> 'Auth-Type' in the radcheck table?
>
> Daniel.
>
>
> On Tue, Dec 18, 2018 at 7:57 PM Alan DeKok <aland(a)deployingradius.com>
> wrote:
>
> >
> > > On Dec 17, 2018, at 11:15 PM, Daniel Kong <daniel.kongyh(a)gmail.com>
> > wrote:
> > >
> > > I know you guys are very busy helping the rest but I hope you can help
> me
> > > with this. I would like freeradius to authenticate with 3rd party
> > > application via REST API. I do have the configuration like below.
> > >
> > > connect_uri = "http://10.18.6.22:8081/apps/"
> > > authenticate {
> > > uri = "${..connect_uri}/user/%{User-Name}/%{User-Password}"
> > > method = "get"
> > > }
> >
> > OK...
> >
> > > Problem is that I do not know what to be included in the request and
> > > response for every authenticate, authorize, post-auth, and accounting.
> > For
> > > the response, I just include the HTTP status is sufficient for
> > > authentication? How about the response for authorize, post-auth, and
> > > accounting?
> >
> > You don't need to include anything in the response. The documentation
> > describes how the module works and what it does.
> >
> > FreeRADIUS treats the REST API as just another database. There's no
> > "requirement" to put anything into SQL, so there's no requirement to put
> > anything in REST.
> >
> > > If the freeRadius is configured to use RESTful API, does other
> post-auth,
> > > authorize, and accounting can be use with mysql so that only
> > authentication
> > > is using rest?
> >
> > Yes. You just list "rest" in the authenticate section, and "sql"
> > elsewhere.
> >
> > Alan DeKok.
> >
> >
> >
> > -
> > List info/subscribe/unsubscribe? See
> > http://www.freeradius.org/list/users.html
>
>
> ------------------------------
>
> Message: 3
> Date: Wed, 19 Dec 2018 14:55:14 +0530
> From: Raghu nathan <raghu.vdm(a)gmail.com>
> To: freeradius-users(a)lists.freeradius.org
> Subject: Capacity calculation
> Message-ID:
> <CAJea6dOy+hHtsOAMpadwatq=
> LrmCLPm4yF7sF55BmhT7ZFKgYA(a)mail.gmail.com>
> Content-Type: text/plain; charset="UTF-8"
>
> Hello Team,
>
> I want to understand how much TPS freeRADIUS will support for below
> configuration along with postgresql DB
>
> Consider postgresql is hosted separately without any capacity limitation.
>
> Option1 : 1GB RAM, 1core CPU
> Option2 : 2GB RAM, 1core CPU
> Option3 : 4GB RAM, 2core CPU
> Option4 : 8GB RAM, 2core CPU
>
> Regards,
> Raghu
>
>
> ------------------------------
>
> Message: 4
> Date: Wed, 19 Dec 2018 23:19:00 +1300
> From: Nathan Ward <lists+freeradius(a)daork.net>
> To: FreeRadius users mailing list
> <freeradius-users(a)lists.freeradius.org>
> Subject: Re: Capacity calculation
> Message-ID: <7C4335D6-CC72-4143-BD10-757C87DE09BF(a)daork.net>
> Content-Type: text/plain; charset=utf-8
>
>
> > On 19/12/2018, at 10:25 PM, Raghu nathan <raghu.vdm(a)gmail.com> wrote:
> >
> > Hello Team,
> >
> > I want to understand how much TPS freeRADIUS will support for below
> > configuration along with postgresql DB
> >
> > Consider postgresql is hosted separately without any capacity limitation.
> >
> > Option1 : 1GB RAM, 1core CPU
> > Option2 : 2GB RAM, 1core CPU
> > Option3 : 4GB RAM, 2core CPU
> > Option4 : 8GB RAM, 2core CPU
>
>
> That depends on:
>
> 1) Your configuration
> 2) Your vm contention (sounds like VMs)
> 3) Your IO, potentially
> 4) Your database speed - database is by *far* the slowest part of this
> 5) Packet types - auth? Accounting?
> 6) What is a “core”?
> 7) How fast is the RAM?
>
> And many, many, many more factors.
>
> To be clear - please do not answer the above questions - they are
> presented as a non-exhaustive list of factors.
>
> You cannot get a reasonable answer on a question like this without testing
> it in your environment with your configuration etc.
> This is why you’ll rarely find “benchmarks” or similar.
>
> There are a myriad of ways to scale FreeRADIUS in almost any direction,
> depending on your workload. If you’ve been tasked with finding out if
> FreeRADIUS can handle your load the answer is almost certainly yes - but
> you may need to do some work to get it to, just as you would with any
> solution.
>
> --
> Nathan Ward
>
>
>
>
> ------------------------------
>
> Message: 5
> Date: Wed, 19 Dec 2018 16:21:55 +0530
> From: Imdad Hasan <imdadalikadiwala0(a)gmail.com>
> To: freeradius-users(a)lists.freeradius.org
> Subject: plain-text password not get with CHAP
> Message-ID:
> <CAPidyMX9D3EQb=
> ixjvo6u-iJCm7Q1v_N9sTBCZKOex5VAeNRAA(a)mail.gmail.com>
> Content-Type: text/plain; charset="UTF-8"
>
> Respected All,
>
> I using Default *Auth-Type = Accept* and *php external script* for custom
> authentication. That is working fine with only pap in PPPoE, But not
> working with CHAP, MS-CHAPv2 etc.
>
> I found one reason was the external script not get the plain-text
> password.Usually i get password in external php script with
> *trim(getenv('USER_PASSWORD'),'"');
> *this env variable.
>
> So, any way to get plain-text password in external script when chap is on
> in mikrotik?
>
> Warm regards
> Imdadali Kadiwala
>
>
> ------------------------------
>
> Message: 6
> Date: Wed, 19 Dec 2018 11:57:27 +0100
> From: Herwin Weststrate <herwin(a)quarantainenet.nl>
> To: freeradius-users(a)lists.freeradius.org
> Subject: Re: plain-text password not get with CHAP
> Message-ID: <c5afe74d-8169-813f-f90c-a3d3b0b2ccb4(a)quarantainenet.nl>
> Content-Type: text/plain; charset=utf-8
>
> On 19-12-18 11:51, Imdad Hasan wrote:
> > Respected All,
> >
> > I using Default *Auth-Type = Accept* and *php external script* for custom
> > authentication. That is working fine with only pap in PPPoE, But not
> > working with CHAP, MS-CHAPv2 etc.
> >
> > I found one reason was the external script not get the plain-text
> > password.Usually i get password in external php script with
> > *trim(getenv('USER_PASSWORD'),'"');
> > *this env variable.
> >
> > So, any way to get plain-text password in external script when chap is on
> > in mikrotik?
>
> No, simply because CHAP and MSCHAP don't send the plaintext password,
> but hashes of the password.
>
> If you have access to the plaintext password in PHP, you could add this
> to the config list and let the chap/mschap modules take care of it (but
> then it would be unlikely you really needed PHP in the first place),
> otherwise you're out of luck.
>
> See http://deployingradius.com/documents/protocols/compatibility.html
> for a list of possible password hashing compatibilities.
>
> --
> Herwin Weststrate
>
>
>
> ------------------------------
>
> Subject: Digest Footer
>
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
>
> ------------------------------
>
> End of Freeradius-Users Digest, Vol 164, Issue 38
> *************************************************
>
1
0