Are you using sql as users database ?
 
I've done a FreeRadius for authentication my wireless users but I've used Ldap+Samba as users database.
 
I have done EAP-TLS and everything worked.
 
search for EAP-TLS in freeradius maillist and too for maiconlp. it's likely you will find my post. it's showing all step for create ldap + Samba.
 
 
 
 

 
2011/3/29 <freeradius-users-request@lists.freeradius.org>
Send Freeradius-Users mailing list submissions to
       freeradius-users@lists.freeradius.org

To subscribe or unsubscribe via the World Wide Web, visit
       http://lists.freeradius.org/mailman/listinfo/freeradius-users
or, via email, send a message with subject or body 'help' to
       freeradius-users-request@lists.freeradius.org

You can reach the person managing the list at
       freeradius-users-owner@lists.freeradius.org

When replying, please edit your Subject line so it is more specific
than "Re: Contents of Freeradius-Users digest..."


Today's Topics:

  1. EAP-TTLS Problem (Milosh Droxy)


----------------------------------------------------------------------

Message: 1
Date: Tue, 29 Mar 2011 16:10:41 +0430
From: Milosh Droxy <droxy.net@gmail.com>
Subject: EAP-TTLS Problem
To: freeradius-users@lists.freeradius.org
Message-ID:
       <AANLkTim1pbcg7w30RLQj-iMTW7BTVCxtHGN_Nc3xS6Rm@mail.gmail.com>
Content-Type: text/plain; charset="iso-8859-1"

Hi

ok, I've been searching and testing for about a week now. I'm quite sure
I've read almost every topic related to my problem on this mailing-list and
others. and I was afraid to ask for help because I've never posted on a
mailing list or a forum and I was really afraid of Alan DeKoK.
The Problem:
I'm trying to use Freeradius to authenticate users using EAP-TTLS MSCHAP,
with no success.
I use "FreeRADIUS Version 2.1.10, for host x86_64-unknown-linux-gnu". on a
Ubuntu 10.04 64bit Server.
I've used these devices as clients
two Ubiquiti devices (http://www.ubnt.com/nanobridge) (one as AP and one as
client)
A TP-Link TL-WR542G as AP and my laptop (running ubuntu 10.10) as client.
(and an iPad)
(There were NO Windows XP in any of my tests, so it's not a Microsoft issue)

and I've used eapol_test, with successful results, the problem only shows
when I try to authenticate remotely. since the eapol_test results were fine
I wont post the output here. (or should I ?)

and here is the output for when I try to authenticate remotely (the output
is exactly the same with any combination I've tried)

FreeRADIUS Version 2.1.10, for host x86_64-unknown-linux-gnu, built on Mar
5 2011 at 07:22:25
Starting - reading configuration files ...
including configuration file /usr/local/etc/raddb/radiusd.conf
including configuration file /usr/local/etc/raddb/proxy.conf
including configuration file /usr/local/etc/raddb/clients.conf
including files in directory /usr/local/etc/raddb/modules/
including configuration file /usr/local/etc/raddb/modules/ntlm_auth
including configuration file /usr/local/etc/raddb/modules/sradutmp
including configuration file /usr/local/etc/raddb/modules/dynamic_clients
including configuration file /usr/local/etc/raddb/modules/realm
including configuration file /usr/local/etc/raddb/modules/attr_rewrite
including configuration file /usr/local/etc/raddb/modules/mac2vlan
including configuration file /usr/local/etc/raddb/modules/linelog
including configuration file /usr/local/etc/raddb/modules/logintime
including configuration file /usr/local/etc/raddb/modules/always
including configuration file /usr/local/etc/raddb/modules/mschap
including configuration file /usr/local/etc/raddb/modules/etc_group
including configuration file /usr/local/etc/raddb/modules/detail.log
including configuration file /usr/local/etc/raddb/modules/checkval
including configuration file /usr/local/etc/raddb/modules/detail.example.com
including configuration file /usr/local/etc/raddb/modules/expiration
including configuration file
/usr/local/etc/raddb/modules/sqlcounter_expire_on_login
including configuration file /usr/local/etc/raddb/modules/policy
including configuration file /usr/local/etc/raddb/modules/inner-eap
including configuration file /usr/local/etc/raddb/modules/ippool
including configuration file /usr/local/etc/raddb/modules/passwd
including configuration file /usr/local/etc/raddb/modules/detail
including configuration file /usr/local/etc/raddb/modules/smbpasswd
including configuration file /usr/local/etc/raddb/modules/ldap
including configuration file /usr/local/etc/raddb/modules/unix
including configuration file /usr/local/etc/raddb/modules/chap
including configuration file /usr/local/etc/raddb/modules/preprocess
including configuration file /usr/local/etc/raddb/modules/files
including configuration file /usr/local/etc/raddb/modules/digest
including configuration file /usr/local/etc/raddb/modules/acct_unique
including configuration file /usr/local/etc/raddb/modules/attr_filter
including configuration file /usr/local/etc/raddb/modules/otp
including configuration file /usr/local/etc/raddb/modules/exec
including configuration file /usr/local/etc/raddb/modules/sql_log
including configuration file /usr/local/etc/raddb/modules/echo
including configuration file /usr/local/etc/raddb/modules/cui
including configuration file /usr/local/etc/raddb/modules/counter
including configuration file /usr/local/etc/raddb/modules/smsotp
including configuration file /usr/local/etc/raddb/modules/expr
including configuration file /usr/local/etc/raddb/modules/wimax
including configuration file /usr/local/etc/raddb/modules/perl
including configuration file /usr/local/etc/raddb/modules/pam
including configuration file /usr/local/etc/raddb/modules/radutmp
including configuration file /usr/local/etc/raddb/modules/opendirectory
including configuration file /usr/local/etc/raddb/modules/krb5
including configuration file /usr/local/etc/raddb/modules/mac2ip
including configuration file /usr/local/etc/raddb/modules/pap
including configuration file /usr/local/etc/raddb/eap.conf
including configuration file /usr/local/etc/raddb/sql.conf
including configuration file /usr/local/etc/raddb/sql/mysql/dialup.conf
including configuration file /usr/local/etc/raddb/policy.conf
including files in directory /usr/local/etc/raddb/sites-enabled/
including configuration file /usr/local/etc/raddb/sites-enabled/default
including configuration file /usr/local/etc/raddb/sites-enabled/inner-tunnel
including configuration file
/usr/local/etc/raddb/sites-enabled/control-socket
main {
   allow_core_dumps = no
}
including dictionary file /usr/local/etc/raddb/dictionary
main {
   prefix = "/usr/local"
   localstatedir = "/usr/local/var"
   logdir = "/usr/local/var/log/radius"
   libdir = "/usr/local/lib"
   radacctdir = "/usr/local/var/log/radius/radacct"
   hostname_lookups = no
   max_request_time = 30
   cleanup_delay = 5
   max_requests = 1024
   pidfile = "/usr/local/var/run/radiusd/radiusd.pid"
   checkrad = "/usr/local/sbin/checkrad"
   debug_level = 0
   proxy_requests = yes
 log {
   stripped_names = no
   auth = no
   auth_badpass = no
   auth_goodpass = no
 }
 security {
   max_attributes = 200
   reject_delay = 1
   status_server = yes
 }
}
radiusd: #### Loading Realms and Home Servers ####
 proxy server {
   retry_delay = 5
   retry_count = 3
   default_fallback = no
   dead_time = 120
   wake_all_if_all_dead = no
 }
 home_server localhost {
   ipaddr = 127.0.0.1
   port = 1812
   type = "auth"
   secret = "testing123"
   response_window = 20
   max_outstanding = 65536
   require_message_authenticator = yes
   zombie_period = 40
   status_check = "status-server"
   ping_interval = 30
   check_interval = 30
   num_answers_to_alive = 3
   num_pings_to_alive = 3
   revive_interval = 120
   status_check_timeout = 4
   irt = 2
   mrt = 16
   mrc = 5
   mrd = 30
 }
 home_server_pool my_auth_failover {
   type = fail-over
   home_server = localhost
 }
 realm example.com {
   auth_pool = my_auth_failover
 }
 realm LOCAL {
 }
radiusd: #### Loading Clients ####
 client localhost {
   ipaddr = 127.0.0.1
   require_message_authenticator = no
   secret = "testing123"
   nastype = "other"
 }
radiusd: #### Instantiating modules ####
 instantiate {
 Module: Linked to module rlm_exec
 Module: Instantiating module "exec" from file
/usr/local/etc/raddb/modules/exec
 exec {
   wait = no
   input_pairs = "request"
   shell_escape = yes
 }
 Module: Linked to module rlm_expr
 Module: Instantiating module "expr" from file
/usr/local/etc/raddb/modules/expr
 Module: Linked to module rlm_expiration
 Module: Instantiating module "expiration" from file
/usr/local/etc/raddb/modules/expiration
 expiration {
   reply-message = "Password Has Expired  "
 }
 Module: Linked to module rlm_logintime
 Module: Instantiating module "logintime" from file
/usr/local/etc/raddb/modules/logintime
 logintime {
   reply-message = "You are calling outside your allowed timespan  "
   minimum-timeout = 60
 }
 }
radiusd: #### Loading Virtual Servers ####
server inner-tunnel { # from file
/usr/local/etc/raddb/sites-enabled/inner-tunnel
 modules {
 Module: Checking authenticate {...} for more modules to load
 Module: Linked to module rlm_pap
 Module: Instantiating module "pap" from file
/usr/local/etc/raddb/modules/pap
 pap {
   encryption_scheme = "auto"
   auto_header = no
 }
 Module: Linked to module rlm_chap
 Module: Instantiating module "chap" from file
/usr/local/etc/raddb/modules/chap
 Module: Linked to module rlm_mschap
 Module: Instantiating module "mschap" from file
/usr/local/etc/raddb/modules/mschap
 mschap {
   use_mppe = yes
   require_encryption = yes
   require_strong = yes
   with_ntdomain_hack = no
 }
 Module: Linked to module rlm_unix
 Module: Instantiating module "unix" from file
/usr/local/etc/raddb/modules/unix
 unix {
   radwtmp = "/usr/local/var/log/radius/radwtmp"
 }
 Module: Linked to module rlm_eap
 Module: Instantiating module "eap" from file /usr/local/etc/raddb/eap.conf
 eap {
   default_eap_type = "ttls"
   timer_expire = 60
   ignore_unknown_eap_types = no
   cisco_accounting_username_bug = no
   max_sessions = 4096
 }
 Module: Linked to sub-module rlm_eap_md5
 Module: Instantiating eap-md5
 Module: Linked to sub-module rlm_eap_leap
 Module: Instantiating eap-leap
 Module: Linked to sub-module rlm_eap_gtc
 Module: Instantiating eap-gtc
  gtc {
   challenge = "Password: "
   auth_type = "PAP"
  }
 Module: Linked to sub-module rlm_eap_tls
 Module: Instantiating eap-tls
  tls {
   rsa_key_exchange = no
   dh_key_exchange = yes
   rsa_key_length = 512
   dh_key_length = 512
   verify_depth = 0
   CA_path = "/usr/local/etc/raddb/mycerts"
   pem_file_type = yes
   private_key_file = "/usr/local/etc/raddb/mycerts/server_keycert.pem"
   certificate_file = "/usr/local/etc/raddb/mycerts/server_keycert.pem"
   private_key_password = "usetheserver"
   dh_file = "/usr/local/etc/raddb/mycerts/dh"
   random_file = "/usr/local/etc/raddb/mycerts/random"
   fragment_size = 1024
   include_length = yes
   check_crl = no
   cipher_list = "DEFAULT"
   make_cert_command = "/usr/local/etc/raddb/mycerts/bootstrap"
   cache {
   enable = no
   lifetime = 24
   max_entries = 255
   }
   verify {
   }
  }
 Module: Linked to sub-module rlm_eap_ttls
 Module: Instantiating eap-ttls
  ttls {
   default_eap_type = "mschapv2"
   copy_request_to_tunnel = no
   use_tunneled_reply = yes
   include_length = yes
  }
 Module: Linked to sub-module rlm_eap_mschapv2
 Module: Instantiating eap-mschapv2
  mschapv2 {
   with_ntdomain_hack = no
  }
 Module: Checking authorize {...} for more modules to load
 Module: Linked to module rlm_realm
 Module: Instantiating module "suffix" from file
/usr/local/etc/raddb/modules/realm
 realm suffix {
   format = "suffix"
   delimiter = "@"
   ignore_default = no
   ignore_null = no
 }
 Module: Linked to module rlm_files
 Module: Instantiating module "files" from file
/usr/local/etc/raddb/modules/files
 files {
   usersfile = "/usr/local/etc/raddb/users"
   acctusersfile = "/usr/local/etc/raddb/acct_users"
   preproxy_usersfile = "/usr/local/etc/raddb/preproxy_users"
   compat = "no"
 }
 Module: Checking session {...} for more modules to load
 Module: Linked to module rlm_radutmp
 Module: Instantiating module "radutmp" from file
/usr/local/etc/raddb/modules/radutmp
 radutmp {
   filename = "/usr/local/var/log/radius/radutmp"
   username = "%{User-Name}"
   case_sensitive = yes
   check_with_nas = yes
   perm = 384
   callerid = yes
 }
 Module: Checking post-proxy {...} for more modules to load
 Module: Checking post-auth {...} for more modules to load
 Module: Linked to module rlm_attr_filter
 Module: Instantiating module "attr_filter.access_reject" from file
/usr/local/etc/raddb/modules/attr_filter
 attr_filter attr_filter.access_reject {
   attrsfile = "/usr/local/etc/raddb/attrs.access_reject"
   key = "%{User-Name}"
 }
 } # modules
} # server
server { # from file /usr/local/etc/raddb/radiusd.conf
 modules {
 Module: Checking authenticate {...} for more modules to load
 Module: Linked to module rlm_digest
 Module: Instantiating module "digest" from file
/usr/local/etc/raddb/modules/digest
 Module: Checking authorize {...} for more modules to load
 Module: Linked to module rlm_preprocess
 Module: Instantiating module "preprocess" from file
/usr/local/etc/raddb/modules/preprocess
 preprocess {
   huntgroups = "/usr/local/etc/raddb/huntgroups"
   hints = "/usr/local/etc/raddb/hints"
   with_ascend_hack = no
   ascend_channels_per_line = 23
   with_ntdomain_hack = no
   with_specialix_jetstream_hack = no
   with_cisco_vsa_hack = no
   with_alvarion_vsa_hack = no
 }
 Module: Linked to module rlm_sql
 Module: Instantiating module "sql" from file /usr/local/etc/raddb/sql.conf
 sql {
   driver = "rlm_sql_mysql"
   server = "127.0.0.1"
   port = ""
   login = "radius"
   password = "*************"
   radius_db = "radius"
   read_groups = yes
   sqltrace = no
   sqltracefile = "/usr/local/var/log/radius/sqltrace.sql"
   readclients = yes
   deletestalesessions = yes
   num_sql_socks = 5
   lifetime = 0
   max_queries = 0
   sql_user_name = "%{User-Name}"
   default_user_profile = ""
   nas_query = "SELECT id, nasname, shortname, type, secret, server FROM
nas"
   authorize_check_query = "SELECT id, username, attribute, value,
op           FROM radcheck           WHERE username =
'%{SQL-User-Name}'           ORDER BY id"
   authorize_reply_query = "SELECT id, username, attribute, value,
op           FROM radreply           WHERE username =
'%{SQL-User-Name}'           ORDER BY id"
   authorize_group_check_query = "SELECT id, groupname,
attribute,           Value, op           FROM radgroupcheck           WHERE
groupname = '%{Sql-Group}'           ORDER BY id"
   authorize_group_reply_query = "SELECT id, groupname,
attribute,           value, op           FROM radgroupreply           WHERE
groupname = '%{Sql-Group}'           ORDER BY id"
   accounting_onoff_query = "          UPDATE radacct
SET              acctstoptime       =  '%S',              acctsessiontime
=  unix_timestamp('%S') -
unix_timestamp(acctstarttime),              acctterminatecause =
'%{Acct-Terminate-Cause}',              acctstopdelay      =
%{%{Acct-Delay-Time}:-0}           WHERE acctstoptime IS NULL           AND
nasipaddress      =  '%{NAS-IP-Address}'           AND acctstarttime     <=
'%S'"
   accounting_update_query = "           UPDATE radacct
SET              framedipaddress = '%{Framed-IP-Address}',
acctsessiontime     = '%{Acct-Session-Time}',
acctinputoctets     = '%{%{Acct-Input-Gigawords}:-0}'  << 32
|
'%{%{Acct-Input-Octets}:-0}',              acctoutputoctets    =
'%{%{Acct-Output-Gigawords}:-0}' << 32 |
'%{%{Acct-Output-Octets}:-0}'           WHERE acctsessionid =
'%{Acct-Session-Id}'           AND username        =
'%{SQL-User-Name}'           AND nasipaddress    = '%{NAS-IP-Address}'"
   accounting_update_query_alt = "           INSERT INTO
radacct             (acctsessionid,    acctuniqueid,
username,              realm,            nasipaddress,
nasportid,              nasporttype,      acctstarttime,
acctsessiontime,              acctauthentic,    connectinfo_start,
acctinputoctets,              acctoutputoctets, calledstationid,
callingstationid,              servicetype,      framedprotocol,
framedipaddress,              acctstartdelay,
xascendsessionsvrkey)           VALUES             ('%{Acct-Session-Id}',
'%{Acct-Unique-Session-Id}',              '%{SQL-User-Name}',
'%{Realm}', '%{NAS-IP-Address}', '%{NAS-Port}',
'%{NAS-Port-Type}',              DATE_SUB('%S',
INTERVAL (%{%{Acct-Session-Time}:-0} +
%{%{Acct-Delay-Time}:-0}) SECOND),
'%{Acct-Session-Time}',              '%{Acct-Authentic}', '',
'%{%{Acct-Input-Gigawords}:-0}' << 32 |
'%{%{Acct-Input-Octets}:-0}',              '%{%{Acct-Output-Gigawords}:-0}'
<< 32 |              '%{%{Acct-Output-Octets}:-0}',
'%{Called-Station-Id}', '%{Calling-Station-Id}',
'%{Service-Type}', '%{Framed-Protocol}',
'%{Framed-IP-Address}',              '0', '%{X-Ascend-Session-Svr-Key}')"
   accounting_start_query = "           INSERT INTO radacct
(acctsessionid,    acctuniqueid,     username,
realm,            nasipaddress,     nasportid,
nasporttype,      acctstarttime,    acctstoptime,
acctsessiontime,  acctauthentic,    connectinfo_start,
connectinfo_stop, acctinputoctets,  acctoutputoctets,
calledstationid,  callingstationid, acctterminatecause,
servicetype,      framedprotocol,   framedipaddress,
acctstartdelay,   acctstopdelay,    xascendsessionsvrkey)
VALUES             ('%{Acct-Session-Id}',
'%{Acct-Unique-Session-Id}',              '%{SQL-User-Name}',
'%{Realm}', '%{NAS-IP-Address}', '%{NAS-Port}',
'%{NAS-Port-Type}', '%S', NULL,              '0', '%{Acct-Authentic}',
'%{Connect-Info}',              '', '0', '0',
'%{Called-Station-Id}', '%{Calling-Station-Id}', '',
'%{Service-Type}', '%{Framed-Protocol}',
'%{Framed-IP-Address}',              '%{%{Acct-Delay-Time}:-0}', '0',
'%{X-Ascend-Session-Svr-Key}')"
   accounting_start_query_alt = "           UPDATE radacct SET
acctstarttime     = '%S',              acctstartdelay    =
'%{%{Acct-Delay-Time}:-0}',              connectinfo_start =
'%{Connect-Info}'           WHERE acctsessionid  =
'%{Acct-Session-Id}'           AND username         =
'%{SQL-User-Name}'           AND nasipaddress     = '%{NAS-IP-Address}'"
   accounting_stop_query = "           UPDATE radacct SET
acctstoptime       = '%S',              acctsessiontime    =
'%{Acct-Session-Time}',              acctinputoctets    =
'%{%{Acct-Input-Gigawords}:-0}' << 32 |
'%{%{Acct-Input-Octets}:-0}',              acctoutputoctets   =
'%{%{Acct-Output-Gigawords}:-0}' << 32 |
'%{%{Acct-Output-Octets}:-0}',              acctterminatecause =
'%{Acct-Terminate-Cause}',              acctstopdelay      =
'%{%{Acct-Delay-Time}:-0}',              connectinfo_stop   =
'%{Connect-Info}'           WHERE acctsessionid   =
'%{Acct-Session-Id}'           AND username          =
'%{SQL-User-Name}'           AND nasipaddress      = '%{NAS-IP-Address}'"
   accounting_stop_query_alt = "           INSERT INTO radacct
(acctsessionid, acctuniqueid, username,              realm, nasipaddress,
nasportid,              nasporttype, acctstarttime,
acctstoptime,              acctsessiontime, acctauthentic,
connectinfo_start,              connectinfo_stop, acctinputoctets,
acctoutputoctets,              calledstationid, callingstationid,
acctterminatecause,              servicetype, framedprotocol,
framedipaddress,              acctstartdelay, acctstopdelay)
VALUES             ('%{Acct-Session-Id}',
'%{Acct-Unique-Session-Id}',              '%{SQL-User-Name}',
'%{Realm}', '%{NAS-IP-Address}', '%{NAS-Port}',
'%{NAS-Port-Type}',              DATE_SUB('%S',                  INTERVAL
(%{%{Acct-Session-Time}:-0} +                  %{%{Acct-Delay-Time}:-0})
SECOND),              '%S', '%{Acct-Session-Time}', '%{Acct-Authentic}',
'',              '%{Connect-Info}',
'%{%{Acct-Input-Gigawords}:-0}' << 32 |
'%{%{Acct-Input-Octets}:-0}',              '%{%{Acct-Output-Gigawords}:-0}'
<< 32 |              '%{%{Acct-Output-Octets}:-0}',
'%{Called-Station-Id}', '%{Calling-Station-Id}',
'%{Acct-Terminate-Cause}',              '%{Service-Type}',
'%{Framed-Protocol}', '%{Framed-IP-Address}',              '0',
'%{%{Acct-Delay-Time}:-0}')"
   group_membership_query = "SELECT groupname           FROM
radusergroup           WHERE username = '%{SQL-User-Name}'           ORDER
BY priority"
   connect_failure_retry_delay = 60
   simul_count_query = ""
   simul_verify_query = "SELECT radacctid, acctsessionid,
username,                                nasipaddress, nasportid,
framedipaddress,                                callingstationid,
framedprotocol                                FROM
radacct                                WHERE username =
'%{SQL-User-Name}'                                AND acctstoptime IS NULL"
   postauth_query = "INSERT INTO radpostauth
(username, pass, reply, authdate)                           VALUES
(                           '%{User-Name}',
'%{%{User-Password}:-%{Chap-Password}}',
'%{reply:Packet-Type}', '%S')"
   safe-characters =
"@abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789.-_: /"
 }
rlm_sql (sql): Driver rlm_sql_mysql (module rlm_sql_mysql) loaded and linked
rlm_sql (sql): Attempting to connect to radius@127.0.0.1:/radius
rlm_sql (sql): starting 0
rlm_sql (sql): Attempting to connect rlm_sql_mysql #0
rlm_sql_mysql: Starting connect to MySQL server for #0
rlm_sql (sql): Connected new DB handle, #0
rlm_sql (sql): starting 1
rlm_sql (sql): Attempting to connect rlm_sql_mysql #1
rlm_sql_mysql: Starting connect to MySQL server for #1
rlm_sql (sql): Connected new DB handle, #1
rlm_sql (sql): starting 2
rlm_sql (sql): Attempting to connect rlm_sql_mysql #2
rlm_sql_mysql: Starting connect to MySQL server for #2
rlm_sql (sql): Connected new DB handle, #2
rlm_sql (sql): starting 3
rlm_sql (sql): Attempting to connect rlm_sql_mysql #3
rlm_sql_mysql: Starting connect to MySQL server for #3
rlm_sql (sql): Connected new DB handle, #3
rlm_sql (sql): starting 4
rlm_sql (sql): Attempting to connect rlm_sql_mysql #4
rlm_sql_mysql: Starting connect to MySQL server for #4
rlm_sql (sql): Connected new DB handle, #4
rlm_sql (sql): Processing generate_sql_clients
rlm_sql (sql) in generate_sql_clients: query is SELECT id, nasname,
shortname, type, secret, server FROM nas
rlm_sql (sql): Reserving sql socket id: 4
rlm_sql (sql): Read entry nasname=10.10.10.145,shortname=ubnt,secret=testing
rlm_sql (sql): Adding client 10.10.10.145 (ubnt, server=<none>) to clients
list
rlm_sql (sql): Read entry nasname=10.10.10.89,shortname=AP,secret=testing
rlm_sql (sql): Adding client 10.10.10.89 (AP, server=<none>) to clients list
rlm_sql (sql): Released sql socket id: 4
 Module: Checking preacct {...} for more modules to load
 Module: Linked to module rlm_acct_unique
 Module: Instantiating module "acct_unique" from file
/usr/local/etc/raddb/modules/acct_unique
 acct_unique {
   key = "User-Name, Acct-Session-Id, NAS-IP-Address, Client-IP-Address,
NAS-Port"
 }
 Module: Checking accounting {...} for more modules to load
 Module: Linked to module rlm_detail
 Module: Instantiating module "detail" from file
/usr/local/etc/raddb/modules/detail
 detail {
   detailfile =
"/usr/local/var/log/radius/radacct/%{Client-IP-Address}/detail-%Y%m%d"
   header = "%t"
   detailperm = 384
   dirperm = 493
   locking = no
   log_packet_header = no
 }
 Module: Instantiating module "attr_filter.accounting_response" from file
/usr/local/etc/raddb/modules/attr_filter
 attr_filter attr_filter.accounting_response {
   attrsfile = "/usr/local/etc/raddb/attrs.accounting_response"
   key = "%{User-Name}"
 }
 Module: Checking session {...} for more modules to load
 Module: Checking post-proxy {...} for more modules to load
 Module: Checking post-auth {...} for more modules to load
 } # modules
} # server
radiusd: #### Opening IP addresses and Ports ####
listen {
   type = "auth"
   ipaddr = *
   port = 0
}
listen {
   type = "acct"
   ipaddr = *
   port = 0
}
listen {
   type = "control"
 listen {
   socket = "/usr/local/var/run/radiusd/radiusd.sock"
 }
}
listen {
   type = "auth"
   ipaddr = 127.0.0.1
   port = 18120
}
Listening on authentication address * port 1812
Listening on accounting address * port 1813
Listening on command file /usr/local/var/run/radiusd/radiusd.sock
Listening on authentication address 127.0.0.1 port 18120 as server
inner-tunnel
Listening on proxy address * port 1814
Ready to process requests.
rad_recv: Access-Request packet from host 10.10.10.89 port 1060, id=0,
length=167
   Message-Authenticator = 0x811ce545876890cc89ddd343bcc3cca9
   Service-Type = Framed-User
   User-Name = "test"
   Framed-MTU = 1488
   Called-Station-Id = "D8-5D-4C-C2-A6-08:TEST"
   Calling-Station-Id = "10-93-E9-1D-10-1B"
   NAS-Port-Type = Wireless-802.11
   Connect-Info = "CONNECT 54Mbps 802.11g"
   EAP-Message = 0x020000090174657374
   NAS-IP-Address = 192.168.1.5
   NAS-Port = 1
   NAS-Port-Id = "STA port # 1"
# Executing section authorize from file
/usr/local/etc/raddb/sites-enabled/default
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
++[digest] returns noop
[suffix] No '@' in User-Name = "test", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] EAP packet type response id 0 length 9
[eap] No EAP Start, assuming it's an on-going EAP conversation
++[eap] returns updated
++[files] returns noop
[sql]     expand: %{User-Name} -> test
[sql] sql_set_user escaped user --> 'test'
rlm_sql (sql): Reserving sql socket id: 3
[sql]     expand: SELECT id, username, attribute, value, op           FROM
radcheck           WHERE username = '%{SQL-User-Name}'           ORDER BY id
-> SELECT id, username, attribute, value, op           FROM
radcheck           WHERE username = 'test'           ORDER BY id
[sql] User found in radcheck table
[sql]     expand: SELECT id, username, attribute, value, op           FROM
radreply           WHERE username = '%{SQL-User-Name}'           ORDER BY id
-> SELECT id, username, attribute, value, op           FROM
radreply           WHERE username = 'test'           ORDER BY id
[sql]     expand: SELECT groupname           FROM radusergroup
WHERE username = '%{SQL-User-Name}'           ORDER BY priority -> SELECT
groupname           FROM radusergroup           WHERE username =
'test'           ORDER BY priority
rlm_sql (sql): Released sql socket id: 3
++[sql] returns ok
++[expiration] returns noop
++[logintime] returns noop
[pap] WARNING: Auth-Type already set.  Not setting to PAP
++[pap] returns noop
Found Auth-Type = EAP
# Executing group from file /usr/local/etc/raddb/sites-enabled/default
+- entering group authenticate {...}
[eap] EAP Identity
[eap] processing type tls
[tls] Initiate
[tls] Start returned 1
++[eap] returns handled
Sending Access-Challenge of id 0 to 10.10.10.89 port 1060
   EAP-Message = 0x010100061520
   Message-Authenticator = 0x00000000000000000000000000000000
   State = 0x829fae86829ebb1a8141bab516e87a11
Finished request 0.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 10.10.10.89 port 1060, id=0,
length=167
Sending duplicate reply to client AP port 1060 - ID: 0
Sending Access-Challenge of id 0 to 10.10.10.89 port 1060
Waking up in 1.8 seconds.
Cleaning up request 0 ID 0 with timestamp +11
WARNING:
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
WARNING: !! EAP session for state 0x829fae86829ebb1a did not finish!
WARNING: !! Please read http://wiki.freeradius.org/Certificate_Compatibility
WARNING:
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
Ready to process requests.

thank you very much
P.S: please forgive my ignorance of the proper way of mailing or explaining
my problem.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.freeradius.org/pipermail/freeradius-users/attachments/20110329/d5c38776/attachment.html>

------------------------------

-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html


End of Freeradius-Users Digest, Vol 71, Issue 130
*************************************************