-- freeradius -X freeradius: FreeRADIUS Version 2.2.8, for host x86_64-pc-linux-gnu, built on Apr 5 2016 at 13:40:43 Copyright (C) 1999-2015 The FreeRADIUS server project and contributors. There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. You may redistribute copies of FreeRADIUS under the terms of the GNU General Public License. For more information about these matters, see the file named COPYRIGHT. Starting - reading configuration files ... including configuration file /etc/freeradius/radiusd.conf including configuration file /etc/freeradius/proxy.conf including configuration file /etc/freeradius/clients.conf including files in directory /etc/freeradius/modules/ including configuration file /etc/freeradius/modules/unix including configuration file /etc/freeradius/modules/opendirectory including configuration file /etc/freeradius/modules/inner-eap including configuration file /etc/freeradius/modules/redis including configuration file /etc/freeradius/modules/cache including configuration file /etc/freeradius/modules/ippool including configuration file /etc/freeradius/modules/pap including configuration file /etc/freeradius/modules/files including configuration file /etc/freeradius/modules/realm including configuration file /etc/freeradius/modules/attr_filter including configuration file /etc/freeradius/modules/linelog including configuration file /etc/freeradius/modules/wimax including configuration file /etc/freeradius/modules/attr_rewrite including configuration file /etc/freeradius/modules/pam including configuration file /etc/freeradius/modules/checkval including configuration file /etc/freeradius/modules/cui including configuration file /etc/freeradius/modules/otp including configuration file /etc/freeradius/modules/rediswho including configuration file /etc/freeradius/modules/exec including configuration file /etc/freeradius/modules/echo including configuration file /etc/freeradius/modules/perl including configuration file /etc/freeradius/modules/mac2vlan including configuration file /etc/freeradius/modules/sql_log including configuration file /etc/freeradius/modules/passwd including configuration file /etc/freeradius/modules/replicate including configuration file /etc/freeradius/modules/preprocess including configuration file /etc/freeradius/modules/dynamic_clients including configuration file /etc/freeradius/modules/chap including configuration file /etc/freeradius/modules/detail including configuration file /etc/freeradius/modules/detail.log including configuration file /etc/freeradius/modules/counter including configuration file /etc/freeradius/modules/ldap including configuration file /etc/freeradius/modules/radutmp including configuration file /etc/freeradius/modules/smbpasswd including configuration file /etc/freeradius/modules/digest including configuration file /etc/freeradius/modules/mschap including configuration file /etc/freeradius/modules/radrelay including configuration file /etc/freeradius/modules/acct_unique including configuration file /etc/freeradius/modules/expr including configuration file /etc/freeradius/modules/soh including configuration file /etc/freeradius/modules/expiration including configuration file /etc/freeradius/modules/policy including configuration file /etc/freeradius/modules/smsotp including configuration file /etc/freeradius/modules/dhcp_sqlippool including configuration file /etc/freeradius/modules/detail.example.com including configuration file /etc/freeradius/modules/krb5 including configuration file /etc/freeradius/modules/sradutmp including configuration file /etc/freeradius/modules/mac2ip including configuration file /etc/freeradius/modules/ntlm_auth including configuration file /etc/freeradius/modules/etc_group including configuration file /etc/freeradius/modules/logintime including configuration file /etc/freeradius/modules/sqlcounter_expire_on_login including configuration file /etc/freeradius/modules/always including configuration file /etc/freeradius/eap.conf including configuration file /etc/freeradius/sql.conf including configuration file /etc/freeradius/sql/mysql/dialup.conf including configuration file /etc/freeradius/policy.conf including files in directory /etc/freeradius/sites-enabled/ including configuration file /etc/freeradius/sites-enabled/default including configuration file /etc/freeradius/sites-enabled/inner-tunnel main { user = "freerad" group = "freerad" allow_core_dumps = no } including dictionary file /etc/freeradius/dictionary main { name = "freeradius" prefix = "/usr" localstatedir = "/var" sbindir = "/usr/sbin" logdir = "/var/log/freeradius" run_dir = "/var/run/freeradius" libdir = "/usr/lib/freeradius" radacctdir = "/var/log/freeradius/radacct" hostname_lookups = no max_request_time = 30 cleanup_delay = 5 max_requests = 1024 pidfile = "/var/run/freeradius/freeradius.pid" checkrad = "/usr/sbin/checkrad" debug_level = 0 proxy_requests = yes log { stripped_names = no auth = no auth_badpass = no auth_goodpass = no } security { max_attributes = 200 reject_delay = 1 status_server = yes allow_vulnerable_openssl = no } } radiusd: #### Loading Realms and Home Servers #### proxy server { retry_delay = 5 retry_count = 3 default_fallback = no dead_time = 120 wake_all_if_all_dead = no } home_server localhost { ipaddr = 127.0.0.1 port = 1812 type = "auth" secret = "testing123" response_window = 20 max_outstanding = 65536 require_message_authenticator = yes zombie_period = 40 status_check = "status-server" ping_interval = 30 check_interval = 30 num_answers_to_alive = 3 num_pings_to_alive = 3 revive_interval = 120 status_check_timeout = 4 coa { irt = 2 mrt = 16 mrc = 5 mrd = 30 } } home_server_pool my_auth_failover { type = fail-over home_server = localhost } realm example.com { auth_pool = my_auth_failover } realm LOCAL { } radiusd: #### Loading Clients #### client localhost { ipaddr = 127.0.0.1 require_message_authenticator = no secret = "testing123" nastype = "other" } radiusd: #### Instantiating modules #### instantiate { Module: Linked to module rlm_exec Module: Instantiating module "exec" from file /etc/freeradius/modules/exec exec { wait = no input_pairs = "request" shell_escape = yes timeout = 10 } Module: Linked to module rlm_expr Module: Instantiating module "expr" from file /etc/freeradius/modules/expr Module: Linked to module rlm_expiration Module: Instantiating module "expiration" from file /etc/freeradius/modules/expiration expiration { reply-message = "Password Has Expired " } Module: Linked to module rlm_logintime Module: Instantiating module "logintime" from file /etc/freeradius/modules/logintime logintime { reply-message = "You are calling outside your allowed timespan " minimum-timeout = 60 } } radiusd: #### Loading Virtual Servers #### server { # from file /etc/freeradius/radiusd.conf modules { Module: Creating Auth-Type = digest Module: Checking authenticate {...} for more modules to load Module: Linked to module rlm_pap Module: Instantiating module "pap" from file /etc/freeradius/modules/pap pap { encryption_scheme = "auto" auto_header = no } Module: Linked to module rlm_chap Module: Instantiating module "chap" from file /etc/freeradius/modules/chap Module: Linked to module rlm_mschap Module: Instantiating module "mschap" from file /etc/freeradius/modules/mschap mschap { use_mppe = yes require_encryption = no require_strong = no with_ntdomain_hack = no allow_retry = yes } Module: Linked to module rlm_digest Module: Instantiating module "digest" from file /etc/freeradius/modules/digest Module: Linked to module rlm_unix Module: Instantiating module "unix" from file /etc/freeradius/modules/unix unix { radwtmp = "/var/log/freeradius/radwtmp" } Module: Linked to module rlm_eap Module: Instantiating module "eap" from file /etc/freeradius/eap.conf eap { default_eap_type = "md5" timer_expire = 60 ignore_unknown_eap_types = no cisco_accounting_username_bug = no max_sessions = 1024 } Module: Linked to sub-module rlm_eap_md5 Module: Instantiating eap-md5 Module: Linked to sub-module rlm_eap_leap Module: Instantiating eap-leap Module: Linked to sub-module rlm_eap_gtc Module: Instantiating eap-gtc gtc { challenge = "Password: " auth_type = "PAP" } Module: Linked to sub-module rlm_eap_tls Module: Instantiating eap-tls tls { rsa_key_exchange = no dh_key_exchange = yes rsa_key_length = 512 dh_key_length = 512 verify_depth = 0 CA_path = "/etc/freeradius/certs" pem_file_type = yes private_key_file = "/etc/freeradius/certs/server.key" certificate_file = "/etc/freeradius/certs/server.pem" CA_file = "/etc/freeradius/certs/ca.pem" private_key_password = "whatever" dh_file = "/etc/freeradius/certs/dh" random_file = "/dev/urandom" fragment_size = 1024 include_length = yes check_crl = no check_all_crl = no cipher_list = "DEFAULT" make_cert_command = "/etc/freeradius/certs/bootstrap" ecdh_curve = "prime256v1" cache { enable = no lifetime = 24 max_entries = 255 } verify { } ocsp { enable = no override_cert_url = yes url = "http://127.0.0.1/ocsp/" use_nonce = yes timeout = 0 softfail = no } } Module: Linked to sub-module rlm_eap_ttls Module: Instantiating eap-ttls ttls { default_eap_type = "md5" copy_request_to_tunnel = no use_tunneled_reply = no virtual_server = "inner-tunnel" include_length = yes } Module: Linked to sub-module rlm_eap_peap Module: Instantiating eap-peap peap { default_eap_type = "mschapv2" copy_request_to_tunnel = no use_tunneled_reply = no proxy_tunneled_request_as_eap = yes virtual_server = "inner-tunnel" soh = no } Module: Linked to sub-module rlm_eap_mschapv2 Module: Instantiating eap-mschapv2 mschapv2 { with_ntdomain_hack = no send_error = no } Module: Checking authorize {...} for more modules to load Module: Linked to module rlm_preprocess Module: Instantiating module "preprocess" from file /etc/freeradius/modules/preprocess preprocess { huntgroups = "/etc/freeradius/huntgroups" hints = "/etc/freeradius/hints" with_ascend_hack = no ascend_channels_per_line = 23 with_ntdomain_hack = no with_specialix_jetstream_hack = no with_cisco_vsa_hack = no with_alvarion_vsa_hack = no } reading pairlist file /etc/freeradius/huntgroups reading pairlist file /etc/freeradius/hints Module: Linked to module rlm_realm Module: Instantiating module "suffix" from file /etc/freeradius/modules/realm realm suffix { format = "suffix" delimiter = "@" ignore_default = no ignore_null = no } Module: Linked to module rlm_sql Module: Instantiating module "sql" from file /etc/freeradius/sql.conf sql { driver = "rlm_sql_mysql" server = "localhost" port = "" login = "root" password = "abcd1234!@" radius_db = "radius" read_groups = yes sqltrace = no sqltracefile = "/var/log/freeradius/sqltrace.sql" readclients = yes deletestalesessions = yes num_sql_socks = 32 lifetime = 0 max_queries = 0 sql_user_name = "%{User-Name}" default_user_profile = "" nas_query = "SELECT id, nasname, shortname, type, secret, server FROM nas" authorize_check_query = "SELECT id, username, attribute, value, op FROM radcheck WHERE username = '%{SQL-User-Name}' ORDER BY id" authorize_reply_query = "SELECT id, username, attribute, value, op FROM radreply WHERE username = '%{SQL-User-Name}' ORDER BY id" authorize_group_check_query = "SELECT id, groupname, attribute, Value, op FROM radgroupcheck WHERE groupname = '%{Sql-Group}' ORDER BY id" authorize_group_reply_query = "SELECT id, groupname, attribute, value, op FROM radgroupreply WHERE groupname = '%{Sql-Group}' ORDER BY id" accounting_onoff_query = " UPDATE radacct SET acctstoptime = '%S', acctsessiontime = unix_timestamp('%S') - unix_timestamp(acctstarttime), acctterminatecause = '%{Acct-Terminate-Cause}', acctstopdelay = %{%{Acct-Delay-Time}:-0} WHERE acctstoptime IS NULL AND nasipaddress = '%{NAS-IP-Address}' AND acctstarttime <= '%S'" accounting_update_query = " UPDATE radacct SET framedipaddress = '%{Framed-IP-Address}', acctsessiontime = '%{%{Acct-Session-Time}:-0}', acctinputoctets = '%{%{Acct-Input-Gigawords}:-0}' << 32 | '%{%{Acct-Input-Octets}:-0}', acctoutputoctets = '%{%{Acct-Output-Gigawords}:-0}' << 32 | '%{%{Acct-Output-Octets}:-0}' WHERE acctsessionid = '%{Acct-Session-Id}' AND username = '%{SQL-User-Name}' AND nasipaddress = '%{NAS-IP-Address}'" accounting_update_query_alt = " INSERT INTO radacct (acctsessionid, acctuniqueid, username, realm, nasipaddress, nasportid, nasporttype, acctstarttime, acctsessiontime, acctauthentic, connectinfo_start, acctinputoctets, acctoutputoctets, calledstationid, callingstationid, servicetype, framedprotocol, framedipaddress, acctstartdelay, xascendsessionsvrkey) VALUES ('%{Acct-Session-Id}', '%{Acct-Unique-Session-Id}', '%{SQL-User-Name}', '%{Realm}', '%{NAS-IP-Address}', '%{NAS-Port}', '%{NAS-Port-Type}', DATE_SUB('%S', INTERVAL (%{%{Acct-Session-Time}:-0} + %{%{Acct-Delay-Time}:-0}) SECOND), '%{%{Acct-Session-Time}:-0}', '%{Acct-Authentic}', '', '%{%{Acct-Input-Gigawords}:-0}' << 32 | '%{%{Acct-Input-Octets}:-0}', '%{%{Acct-Output-Gigawords}:-0}' << 32 | '%{%{Acct-Output-Octets}:-0}', '%{Called-Station-Id}', '%{Calling-Station-Id}', '%{Service-Type}', '%{Framed-Protocol}', '%{Framed-IP-Address}', '0', '%{X-Ascend-Session-Svr-Key}')" accounting_start_query = " INSERT INTO radacct (acctsessionid, acctuniqueid, username, realm, nasipaddress, nasportid, nasporttype, acctstarttime, acctstoptime, acctsessiontime, acctauthentic, connectinfo_start, connectinfo_stop, acctinputoctets, acctoutputoctets, calledstationid, callingstationid, acctterminatecause, servicetype, framedprotocol, framedipaddress, acctstartdelay, acctstopdelay, xascendsessionsvrkey) VALUES ('%{Acct-Session-Id}', '%{Acct-Unique-Session-Id}', '%{SQL-User-Name}', '%{Realm}', '%{NAS-IP-Address}', '%{NAS-Port}', '%{NAS-Port-Type}', '%S', NULL, '0', '%{Acct-Authentic}', '%{Connect-Info}', '', '0', '0', '%{Called-Station-Id}', '%{Calling-Station-Id}', '', '%{Service-Type}', '%{Framed-Protocol}', '%{Framed-IP-Address}', '%{%{Acct-Delay-Time}:-0}', '0', '%{X-Ascend-Session-Svr-Key}')" accounting_start_query_alt = " UPDATE radacct SET acctstarttime = '%S', acctstartdelay = '%{%{Acct-Delay-Time}:-0}', connectinfo_start = '%{Connect-Info}' WHERE acctsessionid = '%{Acct-Session-Id}' AND username = '%{SQL-User-Name}' AND nasipaddress = '%{NAS-IP-Address}'" accounting_stop_query = " UPDATE radacct SET acctstoptime = '%S', acctsessiontime = '%{%{Acct-Session-Time}:-0}', acctinputoctets = '%{%{Acct-Input-Gigawords}:-0}' << 32 | '%{%{Acct-Input-Octets}:-0}', acctoutputoctets = '%{%{Acct-Output-Gigawords}:-0}' << 32 | '%{%{Acct-Output-Octets}:-0}', acctterminatecause = '%{Acct-Terminate-Cause}', acctstopdelay = '%{%{Acct-Delay-Time}:-0}', connectinfo_stop = '%{Connect-Info}' WHERE acctsessionid = '%{Acct-Session-Id}' AND username = '%{SQL-User-Name}' AND nasipaddress = '%{NAS-IP-Address}'" accounting_stop_query_alt = " INSERT INTO radacct (acctsessionid, acctuniqueid, username, realm, nasipaddress, nasportid, nasporttype, acctstarttime, acctstoptime, acctsessiontime, acctauthentic, connectinfo_start, connectinfo_stop, acctinputoctets, acctoutputoctets, calledstationid, callingstationid, acctterminatecause, servicetype, framedprotocol, framedipaddress, acctstartdelay, acctstopdelay) VALUES ('%{Acct-Session-Id}', '%{Acct-Unique-Session-Id}', '%{SQL-User-Name}', '%{Realm}', '%{NAS-IP-Address}', '%{NAS-Port}', '%{NAS-Port-Type}', DATE_SUB('%S', INTERVAL (%{%{Acct-Session-Time}:-0} + %{%{Acct-Delay-Time}:-0}) SECOND), '%S', '%{%{Acct-Session-Time}:-0}', '%{Acct-Authentic}', '', '%{Connect-Info}', '%{%{Acct-Input-Gigawords}:-0}' << 32 | '%{%{Acct-Input-Octets}:-0}', '%{%{Acct-Output-Gigawords}:-0}' << 32 | '%{%{Acct-Output-Octets}:-0}', '%{Called-Station-Id}', '%{Calling-Station-Id}', '%{Acct-Terminate-Cause}', '%{Service-Type}', '%{Framed-Protocol}', '%{Framed-IP-Address}', '0', '%{%{Acct-Delay-Time}:-0}')" group_membership_query = "SELECT groupname FROM radusergroup WHERE username = '%{SQL-User-Name}' ORDER BY priority" connect_failure_retry_delay = 60 simul_count_query = "SELECT COUNT(*) FROM radacct WHERE username = '%{SQL-User-Name}' AND acctstoptime IS NULL" simul_verify_query = "SELECT radacctid, acctsessionid, username, nasipaddress, nasportid, framedipaddress, callingstationid, framedprotocol FROM radacct WHERE username = '%{SQL-User-Name}' AND acctstoptime IS NULL" postauth_query = "INSERT INTO radpostauth (username, pass, reply, authdate) VALUES ( '%{User-Name}', '%{%{User-Password}:-%{Chap-Password}}', '%{reply:Packet-Type}', '%S')" safe-characters = "@abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789.-_: /" } rlm_sql (sql): Driver rlm_sql_mysql (module rlm_sql_mysql) loaded and linked rlm_sql (sql): Attempting to connect to root@localhost:/radius rlm_sql (sql): starting 0 rlm_sql (sql): Attempting to connect rlm_sql_mysql #0 rlm_sql_mysql: Starting connect to MySQL server for #0 rlm_sql (sql): Connected new DB handle, #0 rlm_sql (sql): starting 1 rlm_sql (sql): Attempting to connect rlm_sql_mysql #1 rlm_sql_mysql: Starting connect to MySQL server for #1 rlm_sql (sql): Connected new DB handle, #1 rlm_sql (sql): starting 2 rlm_sql (sql): Attempting to connect rlm_sql_mysql #2 rlm_sql_mysql: Starting connect to MySQL server for #2 rlm_sql (sql): Connected new DB handle, #2 rlm_sql (sql): starting 3 rlm_sql (sql): Attempting to connect rlm_sql_mysql #3 rlm_sql_mysql: Starting connect to MySQL server for #3 rlm_sql (sql): Connected new DB handle, #3 rlm_sql (sql): starting 4 rlm_sql (sql): Attempting to connect rlm_sql_mysql #4 rlm_sql_mysql: Starting connect to MySQL server for #4 rlm_sql (sql): Connected new DB handle, #4 rlm_sql (sql): starting 5 rlm_sql (sql): Attempting to connect rlm_sql_mysql #5 rlm_sql_mysql: Starting connect to MySQL server for #5 rlm_sql (sql): Connected new DB handle, #5 rlm_sql (sql): starting 6 rlm_sql (sql): Attempting to connect rlm_sql_mysql #6 rlm_sql_mysql: Starting connect to MySQL server for #6 rlm_sql (sql): Connected new DB handle, #6 rlm_sql (sql): starting 7 rlm_sql (sql): Attempting to connect rlm_sql_mysql #7 rlm_sql_mysql: Starting connect to MySQL server for #7 rlm_sql (sql): Connected new DB handle, #7 rlm_sql (sql): starting 8 rlm_sql (sql): Attempting to connect rlm_sql_mysql #8 rlm_sql_mysql: Starting connect to MySQL server for #8 rlm_sql (sql): Connected new DB handle, #8 rlm_sql (sql): starting 9 rlm_sql (sql): Attempting to connect rlm_sql_mysql #9 rlm_sql_mysql: Starting connect to MySQL server for #9 rlm_sql (sql): Connected new DB handle, #9 rlm_sql (sql): starting 10 rlm_sql (sql): Attempting to connect rlm_sql_mysql #10 rlm_sql_mysql: Starting connect to MySQL server for #10 rlm_sql (sql): Connected new DB handle, #10 rlm_sql (sql): starting 11 rlm_sql (sql): Attempting to connect rlm_sql_mysql #11 rlm_sql_mysql: Starting connect to MySQL server for #11 rlm_sql (sql): Connected new DB handle, #11 rlm_sql (sql): starting 12 rlm_sql (sql): Attempting to connect rlm_sql_mysql #12 rlm_sql_mysql: Starting connect to MySQL server for #12 rlm_sql (sql): Connected new DB handle, #12 rlm_sql (sql): starting 13 rlm_sql (sql): Attempting to connect rlm_sql_mysql #13 rlm_sql_mysql: Starting connect to MySQL server for #13 rlm_sql (sql): Connected new DB handle, #13 rlm_sql (sql): starting 14 rlm_sql (sql): Attempting to connect rlm_sql_mysql #14 rlm_sql_mysql: Starting connect to MySQL server for #14 rlm_sql (sql): Connected new DB handle, #14 rlm_sql (sql): starting 15 rlm_sql (sql): Attempting to connect rlm_sql_mysql #15 rlm_sql_mysql: Starting connect to MySQL server for #15 rlm_sql (sql): Connected new DB handle, #15 rlm_sql (sql): starting 16 rlm_sql (sql): Attempting to connect rlm_sql_mysql #16 rlm_sql_mysql: Starting connect to MySQL server for #16 rlm_sql (sql): Connected new DB handle, #16 rlm_sql (sql): starting 17 rlm_sql (sql): Attempting to connect rlm_sql_mysql #17 rlm_sql_mysql: Starting connect to MySQL server for #17 rlm_sql (sql): Connected new DB handle, #17 rlm_sql (sql): starting 18 rlm_sql (sql): Attempting to connect rlm_sql_mysql #18 rlm_sql_mysql: Starting connect to MySQL server for #18 rlm_sql (sql): Connected new DB handle, #18 rlm_sql (sql): starting 19 rlm_sql (sql): Attempting to connect rlm_sql_mysql #19 rlm_sql_mysql: Starting connect to MySQL server for #19 rlm_sql (sql): Connected new DB handle, #19 rlm_sql (sql): starting 20 rlm_sql (sql): Attempting to connect rlm_sql_mysql #20 rlm_sql_mysql: Starting connect to MySQL server for #20 rlm_sql (sql): Connected new DB handle, #20 rlm_sql (sql): starting 21 rlm_sql (sql): Attempting to connect rlm_sql_mysql #21 rlm_sql_mysql: Starting connect to MySQL server for #21 rlm_sql (sql): Connected new DB handle, #21 rlm_sql (sql): starting 22 rlm_sql (sql): Attempting to connect rlm_sql_mysql #22 rlm_sql_mysql: Starting connect to MySQL server for #22 rlm_sql (sql): Connected new DB handle, #22 rlm_sql (sql): starting 23 rlm_sql (sql): Attempting to connect rlm_sql_mysql #23 rlm_sql_mysql: Starting connect to MySQL server for #23 rlm_sql (sql): Connected new DB handle, #23 rlm_sql (sql): starting 24 rlm_sql (sql): Attempting to connect rlm_sql_mysql #24 rlm_sql_mysql: Starting connect to MySQL server for #24 rlm_sql (sql): Connected new DB handle, #24 rlm_sql (sql): starting 25 rlm_sql (sql): Attempting to connect rlm_sql_mysql #25 rlm_sql_mysql: Starting connect to MySQL server for #25 rlm_sql (sql): Connected new DB handle, #25 rlm_sql (sql): starting 26 rlm_sql (sql): Attempting to connect rlm_sql_mysql #26 rlm_sql_mysql: Starting connect to MySQL server for #26 rlm_sql (sql): Connected new DB handle, #26 rlm_sql (sql): starting 27 rlm_sql (sql): Attempting to connect rlm_sql_mysql #27 rlm_sql_mysql: Starting connect to MySQL server for #27 rlm_sql (sql): Connected new DB handle, #27 rlm_sql (sql): starting 28 rlm_sql (sql): Attempting to connect rlm_sql_mysql #28 rlm_sql_mysql: Starting connect to MySQL server for #28 rlm_sql (sql): Connected new DB handle, #28 rlm_sql (sql): starting 29 rlm_sql (sql): Attempting to connect rlm_sql_mysql #29 rlm_sql_mysql: Starting connect to MySQL server for #29 rlm_sql (sql): Connected new DB handle, #29 rlm_sql (sql): starting 30 rlm_sql (sql): Attempting to connect rlm_sql_mysql #30 rlm_sql_mysql: Starting connect to MySQL server for #30 rlm_sql (sql): Connected new DB handle, #30 rlm_sql (sql): starting 31 rlm_sql (sql): Attempting to connect rlm_sql_mysql #31 rlm_sql_mysql: Starting connect to MySQL server for #31 rlm_sql (sql): Connected new DB handle, #31 rlm_sql (sql): Processing generate_sql_clients rlm_sql (sql) in generate_sql_clients: query is SELECT id, nasname, shortname, type, secret, server FROM nas rlm_sql (sql): Reserving sql socket id: 31 rlm_sql (sql): Read entry nasname=0.0.0.0/0,shortname=myNAS,secret=abcd1234 rlm_sql (sql): Adding client 0.0.0.0 (myNAS, server=) to clients list rlm_sql (sql): Released sql socket id: 31 Module: Checking preacct {...} for more modules to load Module: Linked to module rlm_acct_unique Module: Instantiating module "acct_unique" from file /etc/freeradius/modules/acct_unique acct_unique { key = "User-Name, Acct-Session-Id, NAS-IP-Address, NAS-Identifier, NAS-Port" } Module: Linked to module rlm_files Module: Instantiating module "files" from file /etc/freeradius/modules/files files { usersfile = "/etc/freeradius/users" acctusersfile = "/etc/freeradius/acct_users" preproxy_usersfile = "/etc/freeradius/preproxy_users" compat = "no" } reading pairlist file /etc/freeradius/users reading pairlist file /etc/freeradius/acct_users reading pairlist file /etc/freeradius/preproxy_users Module: Checking accounting {...} for more modules to load Module: Linked to module rlm_attr_filter Module: Instantiating module "attr_filter.accounting_response" from file /etc/freeradius/modules/attr_filter attr_filter attr_filter.accounting_response { attrsfile = "/etc/freeradius/attrs.accounting_response" key = "%{User-Name}" relaxed = no } reading pairlist file /etc/freeradius/attrs.accounting_response Module: Checking session {...} for more modules to load Module: Checking post-proxy {...} for more modules to load Module: Checking post-auth {...} for more modules to load Module: Instantiating module "attr_filter.access_reject" from file /etc/freeradius/modules/attr_filter attr_filter attr_filter.access_reject { attrsfile = "/etc/freeradius/attrs.access_reject" key = "%{User-Name}" relaxed = no } reading pairlist file /etc/freeradius/attrs.access_reject } # modules } # server server inner-tunnel { # from file /etc/freeradius/sites-enabled/inner-tunnel modules { Module: Checking authenticate {...} for more modules to load Module: Checking authorize {...} for more modules to load Module: Checking session {...} for more modules to load Module: Linked to module rlm_radutmp Module: Instantiating module "radutmp" from file /etc/freeradius/modules/radutmp radutmp { filename = "/var/log/freeradius/radutmp" username = "%{User-Name}" case_sensitive = yes check_with_nas = yes perm = 384 callerid = yes } Module: Checking post-proxy {...} for more modules to load Module: Checking post-auth {...} for more modules to load } # modules } # server radiusd: #### Opening IP addresses and Ports #### listen { type = "auth" ipaddr = * port = 0 } listen { type = "acct" ipaddr = * port = 0 } listen { type = "auth" ipaddr = 127.0.0.1 port = 18120 } ... adding new socket proxy address * port 60664 Listening on authentication address * port 1812 Listening on accounting address * port 1813 Listening on authentication address 127.0.0.1 port 18120 as server inner-tunnel Listening on proxy address * port 1814 Ready to process requests. rad_recv: Access-Request packet from host 196.207.98.170 port 56683, id=18, length=145 User-Name = "steve" NAS-Port = 0 Called-Station-Id = "70-62-B8-6F-87-EA:game-5GHz" Calling-Station-Id = "C0-EE-FB-FD-A9-B0" Framed-MTU = 1400 NAS-Port-Type = Wireless-802.11 Connect-Info = "CONNECT 0Mbps 802.11" EAP-Message = 0x0200000a017374657665 Message-Authenticator = 0xe806afb738857b1c8456ec79ef20d7d8 # Executing section authorize from file /etc/freeradius/sites-enabled/default +group authorize { ++[preprocess] = ok ++[chap] = noop ++[mschap] = noop ++[digest] = noop [suffix] No '@' in User-Name = "steve", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] = noop [eap] EAP packet type response id 0 length 10 [eap] No EAP Start, assuming it's an on-going EAP conversation ++[eap] = updated [sql] expand: %{User-Name} -> steve [sql] sql_set_user escaped user --> 'steve' rlm_sql (sql): Reserving sql socket id: 30 [sql] expand: SELECT id, username, attribute, value, op FROM radcheck WHERE username = '%{SQL-User-Name}' ORDER BY id -> SELECT id, username, attribute, value, op FROM radcheck WHERE username = 'steve' ORDER BY id [sql] expand: SELECT groupname FROM radusergroup WHERE username = '%{SQL-User-Name}' ORDER BY priority -> SELECT groupname FROM radusergroup WHERE username = 'steve' ORDER BY priority rlm_sql (sql): Released sql socket id: 30 [sql] User steve not found ++[sql] = notfound ++[expiration] = noop ++[logintime] = noop [pap] WARNING! No "known good" password found for the user. Authentication may fail because of this. ++[pap] = noop +} # group authorize = updated Found Auth-Type = EAP # Executing group from file /etc/freeradius/sites-enabled/default +group authenticate { [eap] EAP Identity [eap] processing type md5 rlm_eap_md5: Issuing Challenge ++[eap] = handled +} # group authenticate = handled Sending Access-Challenge of id 18 to 196.207.98.170 port 56683 EAP-Message = 0x010100160410ee747e29a9c5c839a67ce73a859a2468 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x05d5bfbb05d4bba1d031160d2b743392 Finished request 0. Going to the next request Waking up in 4.9 seconds. rad_recv: Access-Request packet from host 196.207.98.170 port 56683, id=19, length=159 User-Name = "steve" NAS-Port = 0 Called-Station-Id = "70-62-B8-6F-87-EA:game-5GHz" Calling-Station-Id = "C0-EE-FB-FD-A9-B0" Framed-MTU = 1400 NAS-Port-Type = Wireless-802.11 Connect-Info = "CONNECT 0Mbps 802.11" EAP-Message = 0x020100060319 State = 0x05d5bfbb05d4bba1d031160d2b743392 Message-Authenticator = 0x09a1f0e7512501ad42bc24dd6ee431af # Executing section authorize from file /etc/freeradius/sites-enabled/default +group authorize { ++[preprocess] = ok ++[chap] = noop ++[mschap] = noop ++[digest] = noop [suffix] No '@' in User-Name = "steve", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] = noop [eap] EAP packet type response id 1 length 6 [eap] No EAP Start, assuming it's an on-going EAP conversation ++[eap] = updated [sql] expand: %{User-Name} -> steve [sql] sql_set_user escaped user --> 'steve' rlm_sql (sql): Reserving sql socket id: 29 [sql] expand: SELECT id, username, attribute, value, op FROM radcheck WHERE username = '%{SQL-User-Name}' ORDER BY id -> SELECT id, username, attribute, value, op FROM radcheck WHERE username = 'steve' ORDER BY id [sql] expand: SELECT groupname FROM radusergroup WHERE username = '%{SQL-User-Name}' ORDER BY priority -> SELECT groupname FROM radusergroup WHERE username = 'steve' ORDER BY priority rlm_sql (sql): Released sql socket id: 29 [sql] User steve not found ++[sql] = notfound ++[expiration] = noop ++[logintime] = noop [pap] WARNING! No "known good" password found for the user. Authentication may fail because of this. ++[pap] = noop +} # group authorize = updated Found Auth-Type = EAP # Executing group from file /etc/freeradius/sites-enabled/default +group authenticate { [eap] Request found, released from the list [eap] EAP NAK [eap] EAP-NAK asked for EAP-Type/peap [eap] processing type tls [tls] Initiate [tls] Start returned 1 ++[eap] = handled +} # group authenticate = handled Sending Access-Challenge of id 19 to 196.207.98.170 port 56683 EAP-Message = 0x010200061920 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x05d5bfbb04d7a6a1d031160d2b743392 Finished request 1. Going to the next request Waking up in 4.6 seconds. rad_recv: Access-Request packet from host 196.207.98.170 port 56683, id=20, length=328 User-Name = "steve" NAS-Port = 0 Called-Station-Id = "70-62-B8-6F-87-EA:game-5GHz" Calling-Station-Id = "C0-EE-FB-FD-A9-B0" Framed-MTU = 1400 NAS-Port-Type = Wireless-802.11 Connect-Info = "CONNECT 0Mbps 802.11" EAP-Message = 0x020200af1980000000a516030100a00100009c0303f280d868f06e6dfa3e3b44a57eb237d96bf56beaa3e9fc86f7ef32016c0b6a5000003ec02cc030009fc02bc02f009ecca9cca8c00ac024c014c0280039006bc009c023c013c02700330067c007c011009d009c0035003d002f003c00050004000a01000035ff0100010000170000000d001600140601060305010503040104030301030302010203000b00020100000a00080006001700180019 State = 0x05d5bfbb04d7a6a1d031160d2b743392 Message-Authenticator = 0x035c04eefffe26b0360e5a82e487f469 # Executing section authorize from file /etc/freeradius/sites-enabled/default +group authorize { ++[preprocess] = ok ++[chap] = noop ++[mschap] = noop ++[digest] = noop [suffix] No '@' in User-Name = "steve", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] = noop [eap] EAP packet type response id 2 length 175 [eap] Continuing tunnel setup. ++[eap] = ok +} # group authorize = ok Found Auth-Type = EAP # Executing group from file /etc/freeradius/sites-enabled/default +group authenticate { [eap] Request found, released from the list [eap] EAP/peap [eap] processing type peap [peap] processing EAP-TLS TLS Length 165 [peap] Length Included [peap] eaptls_verify returned 11 [peap] (other): before/accept initialization [peap] TLS_accept: before/accept initialization [peap] <<< Unknown TLS version [length 0005] [peap] <<< Unknown TLS version [length 00a0] [peap] TLS_accept: unknown state [peap] >>> Unknown TLS version [length 0005] [peap] >>> Unknown TLS version [length 0039] [peap] TLS_accept: unknown state [peap] >>> Unknown TLS version [length 0005] [peap] >>> Unknown TLS version [length 0308] [peap] TLS_accept: unknown state [peap] >>> Unknown TLS version [length 0005] [peap] >>> Unknown TLS version [length 014d] [peap] TLS_accept: unknown state [peap] >>> Unknown TLS version [length 0005] [peap] >>> Unknown TLS version [length 0004] [peap] TLS_accept: unknown state [peap] TLS_accept: unknown state [peap] TLS_accept: unknown state [peap] TLS_accept: Need to read more data: unknown state [peap] TLS_accept: Need to read more data: unknown state In SSL Handshake Phase In SSL Accept mode [peap] eaptls_process returned 13 [peap] EAPTLS_HANDLED ++[eap] = handled +} # group authenticate = handled Sending Access-Challenge of id 20 to 196.207.98.170 port 56683 EAP-Message = 0x0103040019c0000004a616030300390200003503032eb6243fa9699c7272d88644771c373a81e8c9e14934d4982b041ad4b523920100c03000000dff01000100000b00040300010216030303080b0003040003010002fe308202fa308201e2a003020102020900f85ea253321d0b7c300d06092a864886f70d01010b050030353133303106035504030c2a69702d3137322d33312d372d3230332e75732d776573742d322e636f6d707574652e696e7465726e616c301e170d3137303632303039343333305a170d3237303631383039343333305a30353133303106035504030c2a69702d3137322d33312d372d3230332e75732d776573742d322e63 EAP-Message = 0x6f6d707574652e696e7465726e616c30820122300d06092a864886f70d01010105000382010f003082010a0282010100e627dd66d20145c56752b92dac7cf966d1049974716b8f289054ff1f7fb1ae3cfef00d5fa97aa98ee104320d83763b92132453c392bc2f7adb7972a778c9e088a453b1393d4f8219e3fcb7e0398f4eb4408808348fef5b3d5165e8bc9923cf554373f1b98aeaeb23524c82faa4478fdc964c8886218810ada08f07a6199227b3a9b91668dd10d257a17ec50e098e18ec7be2cc2a83267113dc53ff5693475685e44832782aba7e9e4337a1fc6a8380705f0547ae87d9ca5ddc7ea87e9908458c83e0282e2fa388af5aca1791be EAP-Message = 0x8572399ee9c396512ab6e06f6e8e79b15849732c20b23c3a0f26297da93d91335f8d4329ba28ffe20d49e3de4ec4d1ec20e9f90203010001a30d300b30090603551d1304023000300d06092a864886f70d01010b050003820101001378b4c2895def4fc731b2cda7fce6a09b3a4f22dd0152c8aa3a8cf88c3c0ee103b1c846c0b1109f19ada5d6b689780cdf34694bc8c6cd697e3efdbf31781435ad10719101f2e6d0977cb52d27ce9b52b2d2871a2dd784b0641102c87d734460528e5497785f9260aca783a4e95f69f20b0a6b90fb322e6940e4e5f540d99f350b43a8350ce70758a613f18e2c428375df7d4aac4266d7b3983e7f0b72f5c9ca4bb0 EAP-Message = 0xdf931f70a16ee9284b221cffaaf26d6d06cc14cfb373f600b09283776a334d02104789fc166afca7faaf12ab47fc4f78137177069fbf8a4bc6d2d25db64c5e2fbce4afc1cffcb00994c9d97f53461a6a3f1f5e35837bcc86b93e828cffa9160303014d0c00014903001741040b2aff1bc437808934223f2f5bb21137a35c21ab8c6d56d70ec3e12772fd66d73e4caa4a85e9137406018d6329610d9819bd97dd4fc614a292cc50eca62eed02060101007f30a2e3b42f179c26490ad781fa89b8e1012f57c38fe73802498dfa9b3abe8bad1e5eb644a0e4f21452f6096bd8e3c93111eb37f2d9a7ed92c660dbe9568de92fed14864e4d3982b9104a6eba EAP-Message = 0xdb5ebbef131e66a90dea257a Message-Authenticator = 0x00000000000000000000000000000000 State = 0x05d5bfbb07d6a6a1d031160d2b743392 Finished request 2. Going to the next request Waking up in 4.3 seconds. rad_recv: Access-Request packet from host 196.207.98.170 port 56683, id=21, length=159 User-Name = "steve" NAS-Port = 0 Called-Station-Id = "70-62-B8-6F-87-EA:game-5GHz" Calling-Station-Id = "C0-EE-FB-FD-A9-B0" Framed-MTU = 1400 NAS-Port-Type = Wireless-802.11 Connect-Info = "CONNECT 0Mbps 802.11" EAP-Message = 0x020300061900 State = 0x05d5bfbb07d6a6a1d031160d2b743392 Message-Authenticator = 0xff00ae194b01d6345f619e7c1647cccd # Executing section authorize from file /etc/freeradius/sites-enabled/default +group authorize { ++[preprocess] = ok ++[chap] = noop ++[mschap] = noop ++[digest] = noop [suffix] No '@' in User-Name = "steve", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] = noop [eap] EAP packet type response id 3 length 6 [eap] Continuing tunnel setup. ++[eap] = ok +} # group authorize = ok Found Auth-Type = EAP # Executing group from file /etc/freeradius/sites-enabled/default +group authenticate { [eap] Request found, released from the list [eap] EAP/peap [eap] processing type peap [peap] processing EAP-TLS [peap] Received TLS ACK [peap] ACK handshake fragment handler [peap] eaptls_verify returned 1 [peap] eaptls_process returned 13 [peap] EAPTLS_HANDLED ++[eap] = handled +} # group authenticate = handled Sending Access-Challenge of id 21 to 196.207.98.170 port 56683 EAP-Message = 0x010400b619009323b4ecad904480f0586cf1e019f11fd397fba940b6f6e43263f93db7f2f97353404b9cce8413fff919191a964bfa29fb35daf885e85cc14451a55205ca9467c78ae9640b342c53d645c384fa30335c1c5c886605cdb13e1c7c81f578b6a7e5ad816b8a6a093b4a351ee546634f34cd0558028bb131a395dafd64a6fddf7be3a202ee45e08df4e3e9062b5b2183cc2959c67c991b913998e0c34fd8b83ba24ab66215f0e1ceab16030300040e000000 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x05d5bfbb06d1a6a1d031160d2b743392 Finished request 3. Going to the next request Waking up in 4.0 seconds. rad_recv: Access-Request packet from host 196.207.98.170 port 56683, id=22, length=289 User-Name = "steve" NAS-Port = 0 Called-Station-Id = "70-62-B8-6F-87-EA:game-5GHz" Calling-Station-Id = "C0-EE-FB-FD-A9-B0" Framed-MTU = 1400 NAS-Port-Type = Wireless-802.11 Connect-Info = "CONNECT 0Mbps 802.11" EAP-Message = 0x0204008819800000007e160303004610000042410409b914fc6499062ff7a82de2c49ce32dee584e1d8f5fc984c3267729be8e0a59446557127f60431d18fee2ef642405e5bf3a0e61d60d41089079860964c974a3140303000101160303002800000000000000004afafff93b5211773c35cdf0db1d11720b2f3991320a70da7207093ec259438a State = 0x05d5bfbb06d1a6a1d031160d2b743392 Message-Authenticator = 0x0b6c4d61c4a91068b583782c870066b9 # Executing section authorize from file /etc/freeradius/sites-enabled/default +group authorize { ++[preprocess] = ok ++[chap] = noop ++[mschap] = noop ++[digest] = noop [suffix] No '@' in User-Name = "steve", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] = noop [eap] EAP packet type response id 4 length 136 [eap] Continuing tunnel setup. ++[eap] = ok +} # group authorize = ok Found Auth-Type = EAP # Executing group from file /etc/freeradius/sites-enabled/default +group authenticate { [eap] Request found, released from the list [eap] EAP/peap [eap] processing type peap [peap] processing EAP-TLS TLS Length 126 [peap] Length Included [peap] eaptls_verify returned 11 [peap] <<< Unknown TLS version [length 0005] [peap] <<< Unknown TLS version [length 0046] [peap] TLS_accept: unknown state [peap] TLS_accept: unknown state [peap] <<< Unknown TLS version [length 0005] [peap] <<< Unknown TLS version [length 0001] [peap] <<< Unknown TLS version [length 0005] [peap] <<< Unknown TLS version [length 0010] [peap] TLS_accept: unknown state [peap] >>> Unknown TLS version [length 0005] [peap] >>> Unknown TLS version [length 0001] [peap] TLS_accept: unknown state [peap] >>> Unknown TLS version [length 0005] [peap] >>> Unknown TLS version [length 0010] [peap] TLS_accept: unknown state [peap] TLS_accept: unknown state [peap] (other): SSL negotiation finished successfully SSL Connection Established [peap] eaptls_process returned 13 [peap] EAPTLS_HANDLED ++[eap] = handled +} # group authenticate = handled Sending Access-Challenge of id 22 to 196.207.98.170 port 56683 EAP-Message = 0x0105003919001403030001011603030028d8a7c10d1a6bf5a7f16808776e1850565aa52383b26c79788b511acb5b8809defb7d7e0852ca99b8 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x05d5bfbb01d0a6a1d031160d2b743392 Finished request 4. Going to the next request Waking up in 3.7 seconds. rad_recv: Access-Request packet from host 196.207.98.170 port 56683, id=23, length=159 User-Name = "steve" NAS-Port = 0 Called-Station-Id = "70-62-B8-6F-87-EA:game-5GHz" Calling-Station-Id = "C0-EE-FB-FD-A9-B0" Framed-MTU = 1400 NAS-Port-Type = Wireless-802.11 Connect-Info = "CONNECT 0Mbps 802.11" EAP-Message = 0x020500061900 State = 0x05d5bfbb01d0a6a1d031160d2b743392 Message-Authenticator = 0x0f7a88f893a6cb3d90a32318948e67ec # Executing section authorize from file /etc/freeradius/sites-enabled/default +group authorize { ++[preprocess] = ok ++[chap] = noop ++[mschap] = noop ++[digest] = noop [suffix] No '@' in User-Name = "steve", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] = noop [eap] EAP packet type response id 5 length 6 [eap] Continuing tunnel setup. ++[eap] = ok +} # group authorize = ok Found Auth-Type = EAP # Executing group from file /etc/freeradius/sites-enabled/default +group authenticate { [eap] Request found, released from the list [eap] EAP/peap [eap] processing type peap [peap] processing EAP-TLS [peap] Received TLS ACK [peap] ACK handshake is finished [peap] eaptls_verify returned 3 [peap] eaptls_process returned 3 [peap] EAPTLS_SUCCESS [peap] Session established. Decoding tunneled attributes. [peap] Peap state TUNNEL ESTABLISHED [peap] >>> Unknown TLS version [length 0005] ++[eap] = handled +} # group authenticate = handled Sending Access-Challenge of id 23 to 196.207.98.170 port 56683 EAP-Message = 0x010600281900170303001dd8a7c10d1a6bf5a89e1e2afb1ddd0c3bdfe5aacbfef7106cd88fa4c3bd Message-Authenticator = 0x00000000000000000000000000000000 State = 0x05d5bfbb00d3a6a1d031160d2b743392 Finished request 5. Going to the next request Waking up in 3.4 seconds. rad_recv: Access-Request packet from host 196.207.98.170 port 56683, id=24, length=194 User-Name = "steve" NAS-Port = 0 Called-Station-Id = "70-62-B8-6F-87-EA:game-5GHz" Calling-Station-Id = "C0-EE-FB-FD-A9-B0" Framed-MTU = 1400 NAS-Port-Type = Wireless-802.11 Connect-Info = "CONNECT 0Mbps 802.11" EAP-Message = 0x020600291900170303001e0000000000000001f14e3b30c81812f1da737e295935b477906f1a32da08 State = 0x05d5bfbb00d3a6a1d031160d2b743392 Message-Authenticator = 0xecd45eed2f9c859d29f468719fca7109 # Executing section authorize from file /etc/freeradius/sites-enabled/default +group authorize { ++[preprocess] = ok ++[chap] = noop ++[mschap] = noop ++[digest] = noop [suffix] No '@' in User-Name = "steve", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] = noop [eap] EAP packet type response id 6 length 41 [eap] Continuing tunnel setup. ++[eap] = ok +} # group authorize = ok Found Auth-Type = EAP # Executing group from file /etc/freeradius/sites-enabled/default +group authenticate { [eap] Request found, released from the list [eap] EAP/peap [eap] processing type peap [peap] processing EAP-TLS [peap] eaptls_verify returned 7 [peap] Done initial handshake [peap] <<< Unknown TLS version [length 0005] [peap] eaptls_process returned 7 [peap] EAPTLS_OK [peap] Session established. Decoding tunneled attributes. [peap] Peap state WAITING FOR INNER IDENTITY [peap] Identity - steve [peap] Got inner identity 'steve' [peap] Setting default EAP type for tunneled EAP session. [peap] Got tunneled request EAP-Message = 0x0206000a017374657665 server { [peap] Setting User-Name to steve Sending tunneled request EAP-Message = 0x0206000a017374657665 FreeRADIUS-Proxied-To = 127.0.0.1 User-Name = "steve" server inner-tunnel { # Executing section authorize from file /etc/freeradius/sites-enabled/inner-tunnel +group authorize { ++[chap] = noop ++[mschap] = noop [suffix] No '@' in User-Name = "steve", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] = noop ++update control { ++} # update control = noop [eap] EAP packet type response id 6 length 10 [eap] No EAP Start, assuming it's an on-going EAP conversation ++[eap] = updated ++[files] = noop [sql] expand: %{User-Name} -> steve [sql] sql_set_user escaped user --> 'steve' rlm_sql (sql): Reserving sql socket id: 28 [sql] expand: SELECT id, username, attribute, value, op FROM radcheck WHERE username = '%{SQL-User-Name}' ORDER BY id -> SELECT id, username, attribute, value, op FROM radcheck WHERE username = 'steve' ORDER BY id [sql] expand: SELECT groupname FROM radusergroup WHERE username = '%{SQL-User-Name}' ORDER BY priority -> SELECT groupname FROM radusergroup WHERE username = 'steve' ORDER BY priority rlm_sql (sql): Released sql socket id: 28 [sql] User steve not found ++[sql] = notfound ++[expiration] = noop ++[logintime] = noop ++[pap] = noop +} # group authorize = updated Found Auth-Type = EAP # Executing group from file /etc/freeradius/sites-enabled/inner-tunnel +group authenticate { [eap] EAP Identity [eap] processing type mschapv2 rlm_eap_mschapv2: Issuing Challenge ++[eap] = handled +} # group authenticate = handled } # server inner-tunnel [peap] Got tunneled reply code 11 EAP-Message = 0x0107001f1a0107001a10aac30a86c2f386f090f30c3df20e03e87374657665 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x1e24ab431e23b164074b800d8daa20bc [peap] Got tunneled reply RADIUS code Access-Challenge EAP-Message = 0x0107001f1a0107001a10aac30a86c2f386f090f30c3df20e03e87374657665 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x1e24ab431e23b164074b800d8daa20bc [peap] Got tunneled Access-Challenge [peap] >>> Unknown TLS version [length 0005] ++[eap] = handled +} # group authenticate = handled Sending Access-Challenge of id 24 to 196.207.98.170 port 56683 EAP-Message = 0x0107003e19001703030033d8a7c10d1a6bf5a9f25a878333fbcc18f64fb1b157b7d682ca489cc0becb21f368b912d552950c0bbb33869e33736ccf201948 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x05d5bfbb03d2a6a1d031160d2b743392 Finished request 6. Going to the next request Waking up in 3.1 seconds. rad_recv: Access-Request packet from host 196.207.98.170 port 56683, id=25, length=248 User-Name = "steve" NAS-Port = 0 Called-Station-Id = "70-62-B8-6F-87-EA:game-5GHz" Calling-Station-Id = "C0-EE-FB-FD-A9-B0" Framed-MTU = 1400 NAS-Port-Type = Wireless-802.11 Connect-Info = "CONNECT 0Mbps 802.11" EAP-Message = 0x0207005f190017030300540000000000000002c94e771907cedcbb1badd6b891e061d9c19d35234b316fca80d8c6544e6e545cb06b916767bdea30d23588706b2d6a92a1f97e7514a0d0ffeb73e6e4dc60ba28a54277ff5d62f6d480e2d3e9 State = 0x05d5bfbb03d2a6a1d031160d2b743392 Message-Authenticator = 0x517676f504122cc57aa10eb98cf3d258 # Executing section authorize from file /etc/freeradius/sites-enabled/default +group authorize { ++[preprocess] = ok ++[chap] = noop ++[mschap] = noop ++[digest] = noop [suffix] No '@' in User-Name = "steve", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] = noop [eap] EAP packet type response id 7 length 95 [eap] Continuing tunnel setup. ++[eap] = ok +} # group authorize = ok Found Auth-Type = EAP # Executing group from file /etc/freeradius/sites-enabled/default +group authenticate { [eap] Request found, released from the list [eap] EAP/peap [eap] processing type peap [peap] processing EAP-TLS [peap] eaptls_verify returned 7 [peap] Done initial handshake [peap] <<< Unknown TLS version [length 0005] [peap] eaptls_process returned 7 [peap] EAPTLS_OK [peap] Session established. Decoding tunneled attributes. [peap] Peap state phase2 [peap] EAP type mschapv2 [peap] Got tunneled request EAP-Message = 0x020700401a0207003b31be7ae0be4ceb90b367f7824d483da39300000000000000009b7c15b94d293b8304fcb6507590f869746ef2e07c97ee5f007374657665 server { [peap] Setting User-Name to steve Sending tunneled request EAP-Message = 0x020700401a0207003b31be7ae0be4ceb90b367f7824d483da39300000000000000009b7c15b94d293b8304fcb6507590f869746ef2e07c97ee5f007374657665 FreeRADIUS-Proxied-To = 127.0.0.1 User-Name = "steve" State = 0x1e24ab431e23b164074b800d8daa20bc server inner-tunnel { # Executing section authorize from file /etc/freeradius/sites-enabled/inner-tunnel +group authorize { ++[chap] = noop ++[mschap] = noop [suffix] No '@' in User-Name = "steve", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] = noop ++update control { ++} # update control = noop [eap] EAP packet type response id 7 length 64 [eap] No EAP Start, assuming it's an on-going EAP conversation ++[eap] = updated ++[files] = noop [sql] expand: %{User-Name} -> steve [sql] sql_set_user escaped user --> 'steve' rlm_sql (sql): Reserving sql socket id: 27 [sql] expand: SELECT id, username, attribute, value, op FROM radcheck WHERE username = '%{SQL-User-Name}' ORDER BY id -> SELECT id, username, attribute, value, op FROM radcheck WHERE username = 'steve' ORDER BY id [sql] expand: SELECT groupname FROM radusergroup WHERE username = '%{SQL-User-Name}' ORDER BY priority -> SELECT groupname FROM radusergroup WHERE username = 'steve' ORDER BY priority rlm_sql (sql): Released sql socket id: 27 [sql] User steve not found ++[sql] = notfound ++[expiration] = noop ++[logintime] = noop ++[pap] = noop +} # group authorize = updated Found Auth-Type = EAP # Executing group from file /etc/freeradius/sites-enabled/inner-tunnel +group authenticate { [eap] Request found, released from the list [eap] EAP/mschapv2 [eap] processing type mschapv2 [mschapv2] # Executing group from file /etc/freeradius/sites-enabled/inner-tunnel [mschapv2] +group MS-CHAP { [mschap] No Cleartext-Password configured. Cannot create LM-Password. [mschap] No Cleartext-Password configured. Cannot create NT-Password. [mschap] Creating challenge hash with username: steve [mschap] Client is using MS-CHAPv2 for steve, we need NT-Password [mschap] FAILED: No NT/LM-Password. Cannot perform authentication. [mschap] FAILED: MS-CHAP2-Response is incorrect ++[mschap] = reject +} # group MS-CHAP = reject [eap] Freeing handler ++[eap] = reject +} # group authenticate = reject Failed to authenticate the user. Using Post-Auth-Type Reject # Executing group from file /etc/freeradius/sites-enabled/inner-tunnel +group REJECT { [sql] expand: %{User-Name} -> steve [sql] sql_set_user escaped user --> 'steve' [sql] expand: %{User-Password} -> [sql] ... expanding second conditional [sql] expand: %{Chap-Password} -> [sql] expand: INSERT INTO radpostauth (username, pass, reply, authdate) VALUES ( '%{User-Name}', '%{%{User-Password}:-%{Chap-Password}}', '%{reply:Packet-Type}', '%S') -> INSERT INTO radpostauth (username, pass, reply, authdate) VALUES ( 'steve', '', 'Access-Reject', '2017-06-20 19:32:26') rlm_sql (sql) in sql_postauth: query is INSERT INTO radpostauth (username, pass, reply, authdate) VALUES ( 'steve', '', 'Access-Reject', '2017-06-20 19:32:26') rlm_sql (sql): Reserving sql socket id: 26 rlm_sql (sql): Released sql socket id: 26 ++[sql] = ok [attr_filter.access_reject] expand: %{User-Name} -> steve attr_filter: Matched entry DEFAULT at line 11 ++[attr_filter.access_reject] = updated +} # group REJECT = updated } # server inner-tunnel [peap] Got tunneled reply code 3 MS-CHAP-Error = "\007E=691 R=1" EAP-Message = 0x04070004 Message-Authenticator = 0x00000000000000000000000000000000 [peap] Got tunneled reply RADIUS code Access-Reject MS-CHAP-Error = "\007E=691 R=1" EAP-Message = 0x04070004 Message-Authenticator = 0x00000000000000000000000000000000 [peap] Tunneled authentication was rejected. [peap] FAILURE [peap] >>> Unknown TLS version [length 0005] ++[eap] = handled +} # group authenticate = handled Sending Access-Challenge of id 25 to 196.207.98.170 port 56683 EAP-Message = 0x0108002e19001703030023d8a7c10d1a6bf5aa3dfdbc8a5c8b0ec61b978797ba8edeb2b73b5d4a3f4c21569e86a9 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x05d5bfbb02dda6a1d031160d2b743392 Finished request 7. Going to the next request Waking up in 2.8 seconds. rad_recv: Access-Request packet from host 196.207.98.170 port 56683, id=26, length=199 User-Name = "steve" NAS-Port = 0 Called-Station-Id = "70-62-B8-6F-87-EA:game-5GHz" Calling-Station-Id = "C0-EE-FB-FD-A9-B0" Framed-MTU = 1400 NAS-Port-Type = Wireless-802.11 Connect-Info = "CONNECT 0Mbps 802.11" EAP-Message = 0x0208002e1900170303002300000000000000035e1de871cb382e6b2cb3c3854c73f5fc9e447cfe0f7aaa092c72e1 State = 0x05d5bfbb02dda6a1d031160d2b743392 Message-Authenticator = 0x59c4b2be078dd515923c68860dbc61db # Executing section authorize from file /etc/freeradius/sites-enabled/default +group authorize { ++[preprocess] = ok ++[chap] = noop ++[mschap] = noop ++[digest] = noop [suffix] No '@' in User-Name = "steve", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] = noop [eap] EAP packet type response id 8 length 46 [eap] Continuing tunnel setup. ++[eap] = ok +} # group authorize = ok Found Auth-Type = EAP # Executing group from file /etc/freeradius/sites-enabled/default +group authenticate { [eap] Request found, released from the list [eap] EAP/peap [eap] processing type peap [peap] processing EAP-TLS [peap] eaptls_verify returned 7 [peap] Done initial handshake [peap] <<< Unknown TLS version [length 0005] [peap] eaptls_process returned 7 [peap] EAPTLS_OK [peap] Session established. Decoding tunneled attributes. [peap] Peap state send tlv failure [peap] Received EAP-TLV response. [peap] The users session was previously rejected: returning reject (again.) [peap] *** This means you need to read the PREVIOUS messages in the debug output [peap] *** to find out the reason why the user was rejected. [peap] *** Look for "reject" or "fail". Those earlier messages will tell you. [peap] *** what went wrong, and how to fix the problem. [eap] Handler failed in EAP/peap [eap] Failed in EAP select ++[eap] = invalid +} # group authenticate = invalid Failed to authenticate the user. Using Post-Auth-Type Reject # Executing group from file /etc/freeradius/sites-enabled/default +group REJECT { [eap] Reply already contained an EAP-Message, not inserting EAP-Failure ++[eap] = noop [attr_filter.access_reject] expand: %{User-Name} -> steve attr_filter: Matched entry DEFAULT at line 11 ++[attr_filter.access_reject] = updated +} # group REJECT = updated Delaying reject of request 8 for 1 seconds Going to the next request Waking up in 0.9 seconds. Sending delayed reject for request 8 Sending Access-Reject of id 26 to 196.207.98.170 port 56683 EAP-Message = 0x04080004 Message-Authenticator = 0x00000000000000000000000000000000 Waking up in 1.5 seconds. Cleaning up request 0 ID 18 with timestamp +7 Waking up in 0.3 seconds. Cleaning up request 1 ID 19 with timestamp +7 Waking up in 0.3 seconds. Cleaning up request 2 ID 20 with timestamp +8 Waking up in 0.3 seconds. Cleaning up request 3 ID 21 with timestamp +8 Waking up in 0.3 seconds. Cleaning up request 4 ID 22 with timestamp +8 Waking up in 0.3 seconds. Cleaning up request 5 ID 23 with timestamp +9 Waking up in 0.3 seconds. Cleaning up request 6 ID 24 with timestamp +9 Waking up in 0.3 seconds. Cleaning up request 7 ID 25 with timestamp +9 Waking up in 1.3 seconds. Cleaning up request 8 ID 26 with timestamp +9 Ready to process requests. rad_recv: Access-Request packet from host 196.207.98.170 port 56683, id=27, length=145 User-Name = "steve" NAS-Port = 0 Called-Station-Id = "70-62-B8-6F-87-EA:game-5GHz" Calling-Station-Id = "C0-EE-FB-FD-A9-B0" Framed-MTU = 1400 NAS-Port-Type = Wireless-802.11 Connect-Info = "CONNECT 0Mbps 802.11" EAP-Message = 0x0200000a017374657665 Message-Authenticator = 0x563a2e2ee63fdca6ff47310a6f5b69b6 # Executing section authorize from file /etc/freeradius/sites-enabled/default +group authorize { ++[preprocess] = ok ++[chap] = noop ++[mschap] = noop ++[digest] = noop [suffix] No '@' in User-Name = "steve", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] = noop [eap] EAP packet type response id 0 length 10 [eap] No EAP Start, assuming it's an on-going EAP conversation ++[eap] = updated [sql] expand: %{User-Name} -> steve [sql] sql_set_user escaped user --> 'steve' rlm_sql (sql): Reserving sql socket id: 25 [sql] expand: SELECT id, username, attribute, value, op FROM radcheck WHERE username = '%{SQL-User-Name}' ORDER BY id -> SELECT id, username, attribute, value, op FROM radcheck WHERE username = 'steve' ORDER BY id [sql] expand: SELECT groupname FROM radusergroup WHERE username = '%{SQL-User-Name}' ORDER BY priority -> SELECT groupname FROM radusergroup WHERE username = 'steve' ORDER BY priority rlm_sql (sql): Released sql socket id: 25 [sql] User steve not found ++[sql] = notfound ++[expiration] = noop ++[logintime] = noop [pap] WARNING! No "known good" password found for the user. Authentication may fail because of this. ++[pap] = noop +} # group authorize = updated Found Auth-Type = EAP # Executing group from file /etc/freeradius/sites-enabled/default +group authenticate { [eap] EAP Identity [eap] processing type md5 rlm_eap_md5: Issuing Challenge ++[eap] = handled +} # group authenticate = handled Sending Access-Challenge of id 27 to 196.207.98.170 port 56683 EAP-Message = 0x010100160410570dbc161c2efc7ef993f9276b2cfa8f Message-Authenticator = 0x00000000000000000000000000000000 State = 0x165d9357165c978e82ce9530c2a4d43b Finished request 9. Going to the next request Waking up in 4.9 seconds. rad_recv: Access-Request packet from host 196.207.98.170 port 56683, id=28, length=159 User-Name = "steve" NAS-Port = 0 Called-Station-Id = "70-62-B8-6F-87-EA:game-5GHz" Calling-Station-Id = "C0-EE-FB-FD-A9-B0" Framed-MTU = 1400 NAS-Port-Type = Wireless-802.11 Connect-Info = "CONNECT 0Mbps 802.11" EAP-Message = 0x020100060319 State = 0x165d9357165c978e82ce9530c2a4d43b Message-Authenticator = 0x590594c079bc2f4df7a61ff4505c92d0 # Executing section authorize from file /etc/freeradius/sites-enabled/default +group authorize { ++[preprocess] = ok ++[chap] = noop ++[mschap] = noop ++[digest] = noop [suffix] No '@' in User-Name = "steve", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] = noop [eap] EAP packet type response id 1 length 6 [eap] No EAP Start, assuming it's an on-going EAP conversation ++[eap] = updated [sql] expand: %{User-Name} -> steve [sql] sql_set_user escaped user --> 'steve' rlm_sql (sql): Reserving sql socket id: 24 [sql] expand: SELECT id, username, attribute, value, op FROM radcheck WHERE username = '%{SQL-User-Name}' ORDER BY id -> SELECT id, username, attribute, value, op FROM radcheck WHERE username = 'steve' ORDER BY id [sql] expand: SELECT groupname FROM radusergroup WHERE username = '%{SQL-User-Name}' ORDER BY priority -> SELECT groupname FROM radusergroup WHERE username = 'steve' ORDER BY priority rlm_sql (sql): Released sql socket id: 24 [sql] User steve not found ++[sql] = notfound ++[expiration] = noop ++[logintime] = noop [pap] WARNING! No "known good" password found for the user. Authentication may fail because of this. ++[pap] = noop +} # group authorize = updated Found Auth-Type = EAP # Executing group from file /etc/freeradius/sites-enabled/default +group authenticate { [eap] Request found, released from the list [eap] EAP NAK [eap] EAP-NAK asked for EAP-Type/peap [eap] processing type tls [tls] Initiate [tls] Start returned 1 ++[eap] = handled +} # group authenticate = handled Sending Access-Challenge of id 28 to 196.207.98.170 port 56683 EAP-Message = 0x010200061920 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x165d9357175f8a8e82ce9530c2a4d43b Finished request 10. Going to the next request Waking up in 4.6 seconds. rad_recv: Access-Request packet from host 196.207.98.170 port 56683, id=29, length=328 User-Name = "steve" NAS-Port = 0 Called-Station-Id = "70-62-B8-6F-87-EA:game-5GHz" Calling-Station-Id = "C0-EE-FB-FD-A9-B0" Framed-MTU = 1400 NAS-Port-Type = Wireless-802.11 Connect-Info = "CONNECT 0Mbps 802.11" EAP-Message = 0x020200af1980000000a516030100a00100009c03030d4d95ac3ec2195ceda25e05673a0a07e01286fb3bae12b5e527838dd42f252b00003ec02cc030009fc02bc02f009ecca9cca8c00ac024c014c0280039006bc009c023c013c02700330067c007c011009d009c0035003d002f003c00050004000a01000035ff0100010000170000000d001600140601060305010503040104030301030302010203000b00020100000a00080006001700180019 State = 0x165d9357175f8a8e82ce9530c2a4d43b Message-Authenticator = 0xcb3ac96fa8f3a6293f4ef8ef67983b96 # Executing section authorize from file /etc/freeradius/sites-enabled/default +group authorize { ++[preprocess] = ok ++[chap] = noop ++[mschap] = noop ++[digest] = noop [suffix] No '@' in User-Name = "steve", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] = noop [eap] EAP packet type response id 2 length 175 [eap] Continuing tunnel setup. ++[eap] = ok +} # group authorize = ok Found Auth-Type = EAP # Executing group from file /etc/freeradius/sites-enabled/default +group authenticate { [eap] Request found, released from the list [eap] EAP/peap [eap] processing type peap [peap] processing EAP-TLS TLS Length 165 [peap] Length Included [peap] eaptls_verify returned 11 [peap] (other): before/accept initialization [peap] TLS_accept: before/accept initialization [peap] <<< Unknown TLS version [length 0005] [peap] <<< Unknown TLS version [length 00a0] [peap] TLS_accept: unknown state [peap] >>> Unknown TLS version [length 0005] [peap] >>> Unknown TLS version [length 0039] [peap] TLS_accept: unknown state [peap] >>> Unknown TLS version [length 0005] [peap] >>> Unknown TLS version [length 0308] [peap] TLS_accept: unknown state [peap] >>> Unknown TLS version [length 0005] [peap] >>> Unknown TLS version [length 014d] [peap] TLS_accept: unknown state [peap] >>> Unknown TLS version [length 0005] [peap] >>> Unknown TLS version [length 0004] [peap] TLS_accept: unknown state [peap] TLS_accept: unknown state [peap] TLS_accept: unknown state [peap] TLS_accept: Need to read more data: unknown state [peap] TLS_accept: Need to read more data: unknown state In SSL Handshake Phase In SSL Accept mode [peap] eaptls_process returned 13 [peap] EAPTLS_HANDLED ++[eap] = handled +} # group authenticate = handled Sending Access-Challenge of id 29 to 196.207.98.170 port 56683 EAP-Message = 0x0103040019c0000004a616030300390200003503032f2fd41de1c75ceb1dc16b2f79f399a964c5cd74f862f1dd0657614bd164d36400c03000000dff01000100000b00040300010216030303080b0003040003010002fe308202fa308201e2a003020102020900f85ea253321d0b7c300d06092a864886f70d01010b050030353133303106035504030c2a69702d3137322d33312d372d3230332e75732d776573742d322e636f6d707574652e696e7465726e616c301e170d3137303632303039343333305a170d3237303631383039343333305a30353133303106035504030c2a69702d3137322d33312d372d3230332e75732d776573742d322e63 EAP-Message = 0x6f6d707574652e696e7465726e616c30820122300d06092a864886f70d01010105000382010f003082010a0282010100e627dd66d20145c56752b92dac7cf966d1049974716b8f289054ff1f7fb1ae3cfef00d5fa97aa98ee104320d83763b92132453c392bc2f7adb7972a778c9e088a453b1393d4f8219e3fcb7e0398f4eb4408808348fef5b3d5165e8bc9923cf554373f1b98aeaeb23524c82faa4478fdc964c8886218810ada08f07a6199227b3a9b91668dd10d257a17ec50e098e18ec7be2cc2a83267113dc53ff5693475685e44832782aba7e9e4337a1fc6a8380705f0547ae87d9ca5ddc7ea87e9908458c83e0282e2fa388af5aca1791be EAP-Message = 0x8572399ee9c396512ab6e06f6e8e79b15849732c20b23c3a0f26297da93d91335f8d4329ba28ffe20d49e3de4ec4d1ec20e9f90203010001a30d300b30090603551d1304023000300d06092a864886f70d01010b050003820101001378b4c2895def4fc731b2cda7fce6a09b3a4f22dd0152c8aa3a8cf88c3c0ee103b1c846c0b1109f19ada5d6b689780cdf34694bc8c6cd697e3efdbf31781435ad10719101f2e6d0977cb52d27ce9b52b2d2871a2dd784b0641102c87d734460528e5497785f9260aca783a4e95f69f20b0a6b90fb322e6940e4e5f540d99f350b43a8350ce70758a613f18e2c428375df7d4aac4266d7b3983e7f0b72f5c9ca4bb0 EAP-Message = 0xdf931f70a16ee9284b221cffaaf26d6d06cc14cfb373f600b09283776a334d02104789fc166afca7faaf12ab47fc4f78137177069fbf8a4bc6d2d25db64c5e2fbce4afc1cffcb00994c9d97f53461a6a3f1f5e35837bcc86b93e828cffa9160303014d0c0001490300174104e7f7c859ff3ddb57293833229bb0d09a1d0ed484f8eeeb37b22262f34678b7222d633dd6f747bb055655afef0cb0e6879b1972186a71501f4fcef2a6009f438e0601010095e73d5b5f2add1933bc9d0a5d3eb3739b4067f598cd1ccd0fc3b76d1a077329f18a745e49a18820fe8bf8d64a0ab80c01c836044b85e91339250de54aca819302633cc55fc5b8cd8ad53838f1 EAP-Message = 0xb379565689b6a8b56f4255cf Message-Authenticator = 0x00000000000000000000000000000000 State = 0x165d9357145e8a8e82ce9530c2a4d43b Finished request 11. Going to the next request Waking up in 4.3 seconds. rad_recv: Access-Request packet from host 196.207.98.170 port 56683, id=30, length=159 User-Name = "steve" NAS-Port = 0 Called-Station-Id = "70-62-B8-6F-87-EA:game-5GHz" Calling-Station-Id = "C0-EE-FB-FD-A9-B0" Framed-MTU = 1400 NAS-Port-Type = Wireless-802.11 Connect-Info = "CONNECT 0Mbps 802.11" EAP-Message = 0x020300061900 State = 0x165d9357145e8a8e82ce9530c2a4d43b Message-Authenticator = 0x9eaea8ac82c669723c51e610957f1baf # Executing section authorize from file /etc/freeradius/sites-enabled/default +group authorize { ++[preprocess] = ok ++[chap] = noop ++[mschap] = noop ++[digest] = noop [suffix] No '@' in User-Name = "steve", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] = noop [eap] EAP packet type response id 3 length 6 [eap] Continuing tunnel setup. ++[eap] = ok +} # group authorize = ok Found Auth-Type = EAP # Executing group from file /etc/freeradius/sites-enabled/default +group authenticate { [eap] Request found, released from the list [eap] EAP/peap [eap] processing type peap [peap] processing EAP-TLS [peap] Received TLS ACK [peap] ACK handshake fragment handler [peap] eaptls_verify returned 1 [peap] eaptls_process returned 13 [peap] EAPTLS_HANDLED ++[eap] = handled +} # group authenticate = handled Sending Access-Challenge of id 30 to 196.207.98.170 port 56683 EAP-Message = 0x010400b61900a6f6056b52d4b8ba7e321e3fa02d1be4891638721001b6ce0db98933ce2bdd86e24f09e6f10cd256a9c82d42e56ecd8c96749f8326f4f9b4dbd5149499bdfcdde8f13e64c48bb87863db6a566a71e285e1e4e4755250963f61d60d85741841b39c3417b094480a4b78381f29699afab1d1e69b5aca47180671f92ec80a8d499a535c133a937a3ee45ac4e4a703cf59df0b24f8c646e6a0c47d17063daeb04b6bc9c0be1fec13e516030300040e000000 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x165d935715598a8e82ce9530c2a4d43b Finished request 12. Going to the next request Waking up in 4.0 seconds. rad_recv: Access-Request packet from host 196.207.98.170 port 56683, id=31, length=289 User-Name = "steve" NAS-Port = 0 Called-Station-Id = "70-62-B8-6F-87-EA:game-5GHz" Calling-Station-Id = "C0-EE-FB-FD-A9-B0" Framed-MTU = 1400 NAS-Port-Type = Wireless-802.11 Connect-Info = "CONNECT 0Mbps 802.11" EAP-Message = 0x0204008819800000007e160303004610000042410439878e977d66e41adba6ea4e16940aada966be5bfcbd720dc98f84d8ac049d1a6820e9a5ae77306f1cc1f02f2ea82045869893a3c98542978d9ab05904050f3414030300010116030300280000000000000000dfb32e7e402e6d7f8ad7e2e5bb1bf5c59dcd2b24204b0c9be31e8234e08aa81d State = 0x165d935715598a8e82ce9530c2a4d43b Message-Authenticator = 0x560b27305270903f8e39b437de87e3f8 # Executing section authorize from file /etc/freeradius/sites-enabled/default +group authorize { ++[preprocess] = ok ++[chap] = noop ++[mschap] = noop ++[digest] = noop [suffix] No '@' in User-Name = "steve", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] = noop [eap] EAP packet type response id 4 length 136 [eap] Continuing tunnel setup. ++[eap] = ok +} # group authorize = ok Found Auth-Type = EAP # Executing group from file /etc/freeradius/sites-enabled/default +group authenticate { [eap] Request found, released from the list [eap] EAP/peap [eap] processing type peap [peap] processing EAP-TLS TLS Length 126 [peap] Length Included [peap] eaptls_verify returned 11 [peap] <<< Unknown TLS version [length 0005] [peap] <<< Unknown TLS version [length 0046] [peap] TLS_accept: unknown state [peap] TLS_accept: unknown state [peap] <<< Unknown TLS version [length 0005] [peap] <<< Unknown TLS version [length 0001] [peap] <<< Unknown TLS version [length 0005] [peap] <<< Unknown TLS version [length 0010] [peap] TLS_accept: unknown state [peap] >>> Unknown TLS version [length 0005] [peap] >>> Unknown TLS version [length 0001] [peap] TLS_accept: unknown state [peap] >>> Unknown TLS version [length 0005] [peap] >>> Unknown TLS version [length 0010] [peap] TLS_accept: unknown state [peap] TLS_accept: unknown state [peap] (other): SSL negotiation finished successfully SSL Connection Established [peap] eaptls_process returned 13 [peap] EAPTLS_HANDLED ++[eap] = handled +} # group authenticate = handled Sending Access-Challenge of id 31 to 196.207.98.170 port 56683 EAP-Message = 0x0105003919001403030001011603030028289b459f3bb4f057d642f7391a183a7abc4f077c18a5c3042fe81c8d222e952e38edf8118e52ead7 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x165d935712588a8e82ce9530c2a4d43b Finished request 13. Going to the next request Waking up in 3.7 seconds. rad_recv: Access-Request packet from host 196.207.98.170 port 56683, id=32, length=159 User-Name = "steve" NAS-Port = 0 Called-Station-Id = "70-62-B8-6F-87-EA:game-5GHz" Calling-Station-Id = "C0-EE-FB-FD-A9-B0" Framed-MTU = 1400 NAS-Port-Type = Wireless-802.11 Connect-Info = "CONNECT 0Mbps 802.11" EAP-Message = 0x020500061900 State = 0x165d935712588a8e82ce9530c2a4d43b Message-Authenticator = 0xbd5970dee191a592a0c79cb3c3141764 # Executing section authorize from file /etc/freeradius/sites-enabled/default +group authorize { ++[preprocess] = ok ++[chap] = noop ++[mschap] = noop ++[digest] = noop [suffix] No '@' in User-Name = "steve", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] = noop [eap] EAP packet type response id 5 length 6 [eap] Continuing tunnel setup. ++[eap] = ok +} # group authorize = ok Found Auth-Type = EAP # Executing group from file /etc/freeradius/sites-enabled/default +group authenticate { [eap] Request found, released from the list [eap] EAP/peap [eap] processing type peap [peap] processing EAP-TLS [peap] Received TLS ACK [peap] ACK handshake is finished [peap] eaptls_verify returned 3 [peap] eaptls_process returned 3 [peap] EAPTLS_SUCCESS [peap] Session established. Decoding tunneled attributes. [peap] Peap state TUNNEL ESTABLISHED [peap] >>> Unknown TLS version [length 0005] ++[eap] = handled +} # group authenticate = handled Sending Access-Challenge of id 32 to 196.207.98.170 port 56683 EAP-Message = 0x010600281900170303001d289b459f3bb4f0580eb33f06a58dd7a8532c5ba248aa442f1a03077c6c Message-Authenticator = 0x00000000000000000000000000000000 State = 0x165d9357135b8a8e82ce9530c2a4d43b Finished request 14. Going to the next request Waking up in 3.4 seconds. rad_recv: Access-Request packet from host 196.207.98.170 port 56683, id=33, length=194 User-Name = "steve" NAS-Port = 0 Called-Station-Id = "70-62-B8-6F-87-EA:game-5GHz" Calling-Station-Id = "C0-EE-FB-FD-A9-B0" Framed-MTU = 1400 NAS-Port-Type = Wireless-802.11 Connect-Info = "CONNECT 0Mbps 802.11" EAP-Message = 0x020600291900170303001e00000000000000018adcab5560ca8df24267b801534bc158331ccfd60c11 State = 0x165d9357135b8a8e82ce9530c2a4d43b Message-Authenticator = 0x53392e49df79c97dac6b0de5f894e1de # Executing section authorize from file /etc/freeradius/sites-enabled/default +group authorize { ++[preprocess] = ok ++[chap] = noop ++[mschap] = noop ++[digest] = noop [suffix] No '@' in User-Name = "steve", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] = noop [eap] EAP packet type response id 6 length 41 [eap] Continuing tunnel setup. ++[eap] = ok +} # group authorize = ok Found Auth-Type = EAP # Executing group from file /etc/freeradius/sites-enabled/default +group authenticate { [eap] Request found, released from the list [eap] EAP/peap [eap] processing type peap [peap] processing EAP-TLS [peap] eaptls_verify returned 7 [peap] Done initial handshake [peap] <<< Unknown TLS version [length 0005] [peap] eaptls_process returned 7 [peap] EAPTLS_OK [peap] Session established. Decoding tunneled attributes. [peap] Peap state WAITING FOR INNER IDENTITY [peap] Identity - steve [peap] Got inner identity 'steve' [peap] Setting default EAP type for tunneled EAP session. [peap] Got tunneled request EAP-Message = 0x0206000a017374657665 server { [peap] Setting User-Name to steve Sending tunneled request EAP-Message = 0x0206000a017374657665 FreeRADIUS-Proxied-To = 127.0.0.1 User-Name = "steve" server inner-tunnel { # Executing section authorize from file /etc/freeradius/sites-enabled/inner-tunnel +group authorize { ++[chap] = noop ++[mschap] = noop [suffix] No '@' in User-Name = "steve", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] = noop ++update control { ++} # update control = noop [eap] EAP packet type response id 6 length 10 [eap] No EAP Start, assuming it's an on-going EAP conversation ++[eap] = updated ++[files] = noop [sql] expand: %{User-Name} -> steve [sql] sql_set_user escaped user --> 'steve' rlm_sql (sql): Reserving sql socket id: 23 [sql] expand: SELECT id, username, attribute, value, op FROM radcheck WHERE username = '%{SQL-User-Name}' ORDER BY id -> SELECT id, username, attribute, value, op FROM radcheck WHERE username = 'steve' ORDER BY id [sql] expand: SELECT groupname FROM radusergroup WHERE username = '%{SQL-User-Name}' ORDER BY priority -> SELECT groupname FROM radusergroup WHERE username = 'steve' ORDER BY priority rlm_sql (sql): Released sql socket id: 23 [sql] User steve not found ++[sql] = notfound ++[expiration] = noop ++[logintime] = noop ++[pap] = noop +} # group authorize = updated Found Auth-Type = EAP # Executing group from file /etc/freeradius/sites-enabled/inner-tunnel +group authenticate { [eap] EAP Identity [eap] processing type mschapv2 rlm_eap_mschapv2: Issuing Challenge ++[eap] = handled +} # group authenticate = handled } # server inner-tunnel [peap] Got tunneled reply code 11 EAP-Message = 0x0107001f1a0107001a107407b5a85b2dbb5623f894875eeed38b7374657665 Message-Authenticator = 0x00000000000000000000000000000000 State = 0xe405d95ce402c32fe02bb5191ec618fc [peap] Got tunneled reply RADIUS code Access-Challenge EAP-Message = 0x0107001f1a0107001a107407b5a85b2dbb5623f894875eeed38b7374657665 Message-Authenticator = 0x00000000000000000000000000000000 State = 0xe405d95ce402c32fe02bb5191ec618fc [peap] Got tunneled Access-Challenge [peap] >>> Unknown TLS version [length 0005] ++[eap] = handled +} # group authenticate = handled Sending Access-Challenge of id 33 to 196.207.98.170 port 56683 EAP-Message = 0x0107003e19001703030033289b459f3bb4f059c77a0d8e585a4ec9be2f8de376d93d77a2bccefdaccf15a1c01279be4fdb2639215bc4be799f7366118629 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x165d9357105a8a8e82ce9530c2a4d43b Finished request 15. Going to the next request Waking up in 3.1 seconds. rad_recv: Access-Request packet from host 196.207.98.170 port 56683, id=34, length=248 User-Name = "steve" NAS-Port = 0 Called-Station-Id = "70-62-B8-6F-87-EA:game-5GHz" Calling-Station-Id = "C0-EE-FB-FD-A9-B0" Framed-MTU = 1400 NAS-Port-Type = Wireless-802.11 Connect-Info = "CONNECT 0Mbps 802.11" EAP-Message = 0x0207005f190017030300540000000000000002728eaef4b521debcbd9dbe9a0940a281f6773865ea360f2eb215e390c7a72d0eeea38b232e21f058b27545027c5713b5c1df347abf684725748f3015388d6d21b91c3dfa50beb5ec759b7d78 State = 0x165d9357105a8a8e82ce9530c2a4d43b Message-Authenticator = 0x42ff5e220193fc32aae9cf20fad3c7e1 # Executing section authorize from file /etc/freeradius/sites-enabled/default +group authorize { ++[preprocess] = ok ++[chap] = noop ++[mschap] = noop ++[digest] = noop [suffix] No '@' in User-Name = "steve", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] = noop [eap] EAP packet type response id 7 length 95 [eap] Continuing tunnel setup. ++[eap] = ok +} # group authorize = ok Found Auth-Type = EAP # Executing group from file /etc/freeradius/sites-enabled/default +group authenticate { [eap] Request found, released from the list [eap] EAP/peap [eap] processing type peap [peap] processing EAP-TLS [peap] eaptls_verify returned 7 [peap] Done initial handshake [peap] <<< Unknown TLS version [length 0005] [peap] eaptls_process returned 7 [peap] EAPTLS_OK [peap] Session established. Decoding tunneled attributes. [peap] Peap state phase2 [peap] EAP type mschapv2 [peap] Got tunneled request EAP-Message = 0x020700401a0207003b314028fb8ac3abe482990dee6be19a7c530000000000000000fbbb9dd89f28410e6ea27980170976116d56e17d9b8690ec007374657665 server { [peap] Setting User-Name to steve Sending tunneled request EAP-Message = 0x020700401a0207003b314028fb8ac3abe482990dee6be19a7c530000000000000000fbbb9dd89f28410e6ea27980170976116d56e17d9b8690ec007374657665 FreeRADIUS-Proxied-To = 127.0.0.1 User-Name = "steve" State = 0xe405d95ce402c32fe02bb5191ec618fc server inner-tunnel { # Executing section authorize from file /etc/freeradius/sites-enabled/inner-tunnel +group authorize { ++[chap] = noop ++[mschap] = noop [suffix] No '@' in User-Name = "steve", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] = noop ++update control { ++} # update control = noop [eap] EAP packet type response id 7 length 64 [eap] No EAP Start, assuming it's an on-going EAP conversation ++[eap] = updated ++[files] = noop [sql] expand: %{User-Name} -> steve [sql] sql_set_user escaped user --> 'steve' rlm_sql (sql): Reserving sql socket id: 22 [sql] expand: SELECT id, username, attribute, value, op FROM radcheck WHERE username = '%{SQL-User-Name}' ORDER BY id -> SELECT id, username, attribute, value, op FROM radcheck WHERE username = 'steve' ORDER BY id [sql] expand: SELECT groupname FROM radusergroup WHERE username = '%{SQL-User-Name}' ORDER BY priority -> SELECT groupname FROM radusergroup WHERE username = 'steve' ORDER BY priority rlm_sql (sql): Released sql socket id: 22 [sql] User steve not found ++[sql] = notfound ++[expiration] = noop ++[logintime] = noop ++[pap] = noop +} # group authorize = updated Found Auth-Type = EAP # Executing group from file /etc/freeradius/sites-enabled/inner-tunnel +group authenticate { [eap] Request found, released from the list [eap] EAP/mschapv2 [eap] processing type mschapv2 [mschapv2] # Executing group from file /etc/freeradius/sites-enabled/inner-tunnel [mschapv2] +group MS-CHAP { [mschap] No Cleartext-Password configured. Cannot create LM-Password. [mschap] No Cleartext-Password configured. Cannot create NT-Password. [mschap] Creating challenge hash with username: steve [mschap] Client is using MS-CHAPv2 for steve, we need NT-Password [mschap] FAILED: No NT/LM-Password. Cannot perform authentication. [mschap] FAILED: MS-CHAP2-Response is incorrect ++[mschap] = reject +} # group MS-CHAP = reject [eap] Freeing handler ++[eap] = reject +} # group authenticate = reject Failed to authenticate the user. Using Post-Auth-Type Reject # Executing group from file /etc/freeradius/sites-enabled/inner-tunnel +group REJECT { [sql] expand: %{User-Name} -> steve [sql] sql_set_user escaped user --> 'steve' [sql] expand: %{User-Password} -> [sql] ... expanding second conditional [sql] expand: %{Chap-Password} -> [sql] expand: INSERT INTO radpostauth (username, pass, reply, authdate) VALUES ( '%{User-Name}', '%{%{User-Password}:-%{Chap-Password}}', '%{reply:Packet-Type}', '%S') -> INSERT INTO radpostauth (username, pass, reply, authdate) VALUES ( 'steve', '', 'Access-Reject', '2017-06-20 19:32:37') rlm_sql (sql) in sql_postauth: query is INSERT INTO radpostauth (username, pass, reply, authdate) VALUES ( 'steve', '', 'Access-Reject', '2017-06-20 19:32:37') rlm_sql (sql): Reserving sql socket id: 21 rlm_sql (sql): Released sql socket id: 21 ++[sql] = ok [attr_filter.access_reject] expand: %{User-Name} -> steve attr_filter: Matched entry DEFAULT at line 11 ++[attr_filter.access_reject] = updated +} # group REJECT = updated } # server inner-tunnel [peap] Got tunneled reply code 3 MS-CHAP-Error = "\007E=691 R=1" EAP-Message = 0x04070004 Message-Authenticator = 0x00000000000000000000000000000000 [peap] Got tunneled reply RADIUS code Access-Reject MS-CHAP-Error = "\007E=691 R=1" EAP-Message = 0x04070004 Message-Authenticator = 0x00000000000000000000000000000000 [peap] Tunneled authentication was rejected. [peap] FAILURE [peap] >>> Unknown TLS version [length 0005] ++[eap] = handled +} # group authenticate = handled Sending Access-Challenge of id 34 to 196.207.98.170 port 56683 EAP-Message = 0x0108002e19001703030023289b459f3bb4f05a1f5e39fd58fe388440c99c13dac2df5beeba53c8e0882f236c5bfb Message-Authenticator = 0x00000000000000000000000000000000 State = 0x165d935711558a8e82ce9530c2a4d43b Finished request 16. Going to the next request Waking up in 2.8 seconds. rad_recv: Access-Request packet from host 196.207.98.170 port 56683, id=35, length=199 User-Name = "steve" NAS-Port = 0 Called-Station-Id = "70-62-B8-6F-87-EA:game-5GHz" Calling-Station-Id = "C0-EE-FB-FD-A9-B0" Framed-MTU = 1400 NAS-Port-Type = Wireless-802.11 Connect-Info = "CONNECT 0Mbps 802.11" EAP-Message = 0x0208002e1900170303002300000000000000032c98b011507b06eb33446583175fdc580594326fc763e1024ca50c State = 0x165d935711558a8e82ce9530c2a4d43b Message-Authenticator = 0x962136286b086b542e28a822875217bc # Executing section authorize from file /etc/freeradius/sites-enabled/default +group authorize { ++[preprocess] = ok ++[chap] = noop ++[mschap] = noop ++[digest] = noop [suffix] No '@' in User-Name = "steve", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] = noop [eap] EAP packet type response id 8 length 46 [eap] Continuing tunnel setup. ++[eap] = ok +} # group authorize = ok Found Auth-Type = EAP # Executing group from file /etc/freeradius/sites-enabled/default +group authenticate { [eap] Request found, released from the list [eap] EAP/peap [eap] processing type peap [peap] processing EAP-TLS [peap] eaptls_verify returned 7 [peap] Done initial handshake [peap] <<< Unknown TLS version [length 0005] [peap] eaptls_process returned 7 [peap] EAPTLS_OK [peap] Session established. Decoding tunneled attributes. [peap] Peap state send tlv failure [peap] Received EAP-TLV response. [peap] The users session was previously rejected: returning reject (again.) [peap] *** This means you need to read the PREVIOUS messages in the debug output [peap] *** to find out the reason why the user was rejected. [peap] *** Look for "reject" or "fail". Those earlier messages will tell you. [peap] *** what went wrong, and how to fix the problem. [eap] Handler failed in EAP/peap [eap] Failed in EAP select ++[eap] = invalid +} # group authenticate = invalid Failed to authenticate the user. Using Post-Auth-Type Reject # Executing group from file /etc/freeradius/sites-enabled/default +group REJECT { [eap] Reply already contained an EAP-Message, not inserting EAP-Failure ++[eap] = noop [attr_filter.access_reject] expand: %{User-Name} -> steve attr_filter: Matched entry DEFAULT at line 11 ++[attr_filter.access_reject] = updated +} # group REJECT = updated Delaying reject of request 17 for 1 seconds Going to the next request Waking up in 0.9 seconds. Sending delayed reject for request 17 Sending Access-Reject of id 35 to 196.207.98.170 port 56683 EAP-Message = 0x04080004 Message-Authenticator = 0x00000000000000000000000000000000 Waking up in 1.5 seconds. Cleaning up request 9 ID 27 with timestamp +18 Waking up in 0.3 seconds. Cleaning up request 10 ID 28 with timestamp +18 Waking up in 0.3 seconds. Cleaning up request 11 ID 29 with timestamp +18 Waking up in 0.3 seconds. Cleaning up request 12 ID 30 with timestamp +19 Waking up in 0.3 seconds. Cleaning up request 13 ID 31 with timestamp +19 Waking up in 0.3 seconds. Cleaning up request 14 ID 32 with timestamp +19 Waking up in 0.3 seconds. Cleaning up request 15 ID 33 with timestamp +19 Waking up in 0.3 seconds. Cleaning up request 16 ID 34 with timestamp +20 Waking up in 1.3 seconds. Cleaning up request 17 ID 35 with timestamp +20 Ready to process requests. rad_recv: Access-Request packet from host 196.207.98.170 port 56683, id=36, length=147 User-Name = "beyond" NAS-Port = 0 Called-Station-Id = "70-62-B8-6F-87-EA:game-5GHz" Calling-Station-Id = "C0-EE-FB-FD-A9-B0" Framed-MTU = 1400 NAS-Port-Type = Wireless-802.11 Connect-Info = "CONNECT 0Mbps 802.11" EAP-Message = 0x0200000b016265796f6e64 Message-Authenticator = 0x6dcb0e7a81b69f80f593ee7812a6ecc6 # Executing section authorize from file /etc/freeradius/sites-enabled/default +group authorize { ++[preprocess] = ok ++[chap] = noop ++[mschap] = noop ++[digest] = noop [suffix] No '@' in User-Name = "beyond", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] = noop [eap] EAP packet type response id 0 length 11 [eap] No EAP Start, assuming it's an on-going EAP conversation ++[eap] = updated [sql] expand: %{User-Name} -> beyond [sql] sql_set_user escaped user --> 'beyond' rlm_sql (sql): Reserving sql socket id: 20 [sql] expand: SELECT id, username, attribute, value, op FROM radcheck WHERE username = '%{SQL-User-Name}' ORDER BY id -> SELECT id, username, attribute, value, op FROM radcheck WHERE username = 'beyond' ORDER BY id [sql] User found in radcheck table [sql] expand: SELECT id, username, attribute, value, op FROM radreply WHERE username = '%{SQL-User-Name}' ORDER BY id -> SELECT id, username, attribute, value, op FROM radreply WHERE username = 'beyond' ORDER BY id [sql] expand: SELECT groupname FROM radusergroup WHERE username = '%{SQL-User-Name}' ORDER BY priority -> SELECT groupname FROM radusergroup WHERE username = 'beyond' ORDER BY priority [sql] expand: SELECT id, groupname, attribute, Value, op FROM radgroupcheck WHERE groupname = '%{Sql-Group}' ORDER BY id -> SELECT id, groupname, attribute, Value, op FROM radgroupcheck WHERE groupname = 'testservice' ORDER BY id [sql] User found in group testservice [sql] expand: SELECT id, groupname, attribute, value, op FROM radgroupreply WHERE groupname = '%{Sql-Group}' ORDER BY id -> SELECT id, groupname, attribute, value, op FROM radgroupreply WHERE groupname = 'testservice' ORDER BY id rlm_sql (sql): Released sql socket id: 20 ++[sql] = ok [expiration] Checking Expiration time: 'June 21 2017 00:00:00' ++[expiration] = ok ++[logintime] = noop [pap] WARNING: Auth-Type already set. Not setting to PAP ++[pap] = noop +} # group authorize = updated Found Auth-Type = EAP !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!! Replacing User-Password in config items with Cleartext-Password. !!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!! Please update your configuration so that the "known good" !!! !!! clear text password is in Cleartext-Password, and not in User-Password. !!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! # Executing group from file /etc/freeradius/sites-enabled/default +group authenticate { [eap] EAP Identity [eap] processing type md5 rlm_eap_md5: Issuing Challenge ++[eap] = handled +} # group authenticate = handled Sending Access-Challenge of id 36 to 196.207.98.170 port 56683 Ascend-Xmit-Rate := 524288 Ascend-Data-Rate := 131072 Framed-Pool := "internet" Session-Timeout = 16028 EAP-Message = 0x01010016041037c970705689b18c88116f8803d91906 Message-Authenticator = 0x00000000000000000000000000000000 State = 0xa950d66ea951d29708ca1a44e5554367 Finished request 18. Going to the next request Waking up in 4.9 seconds. rad_recv: Access-Request packet from host 196.207.98.170 port 56683, id=37, length=160 User-Name = "beyond" NAS-Port = 0 Called-Station-Id = "70-62-B8-6F-87-EA:game-5GHz" Calling-Station-Id = "C0-EE-FB-FD-A9-B0" Framed-MTU = 1400 NAS-Port-Type = Wireless-802.11 Connect-Info = "CONNECT 0Mbps 802.11" EAP-Message = 0x020100060319 State = 0xa950d66ea951d29708ca1a44e5554367 Message-Authenticator = 0xea3118f7e609743f0ef8cc8aae8b1e74 # Executing section authorize from file /etc/freeradius/sites-enabled/default +group authorize { ++[preprocess] = ok ++[chap] = noop ++[mschap] = noop ++[digest] = noop [suffix] No '@' in User-Name = "beyond", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] = noop [eap] EAP packet type response id 1 length 6 [eap] No EAP Start, assuming it's an on-going EAP conversation ++[eap] = updated [sql] expand: %{User-Name} -> beyond [sql] sql_set_user escaped user --> 'beyond' rlm_sql (sql): Reserving sql socket id: 19 [sql] expand: SELECT id, username, attribute, value, op FROM radcheck WHERE username = '%{SQL-User-Name}' ORDER BY id -> SELECT id, username, attribute, value, op FROM radcheck WHERE username = 'beyond' ORDER BY id [sql] User found in radcheck table [sql] expand: SELECT id, username, attribute, value, op FROM radreply WHERE username = '%{SQL-User-Name}' ORDER BY id -> SELECT id, username, attribute, value, op FROM radreply WHERE username = 'beyond' ORDER BY id [sql] expand: SELECT groupname FROM radusergroup WHERE username = '%{SQL-User-Name}' ORDER BY priority -> SELECT groupname FROM radusergroup WHERE username = 'beyond' ORDER BY priority [sql] expand: SELECT id, groupname, attribute, Value, op FROM radgroupcheck WHERE groupname = '%{Sql-Group}' ORDER BY id -> SELECT id, groupname, attribute, Value, op FROM radgroupcheck WHERE groupname = 'testservice' ORDER BY id [sql] User found in group testservice [sql] expand: SELECT id, groupname, attribute, value, op FROM radgroupreply WHERE groupname = '%{Sql-Group}' ORDER BY id -> SELECT id, groupname, attribute, value, op FROM radgroupreply WHERE groupname = 'testservice' ORDER BY id rlm_sql (sql): Released sql socket id: 19 ++[sql] = ok [expiration] Checking Expiration time: 'June 21 2017 00:00:00' ++[expiration] = ok ++[logintime] = noop [pap] WARNING: Auth-Type already set. Not setting to PAP ++[pap] = noop +} # group authorize = updated Found Auth-Type = EAP !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!! Replacing User-Password in config items with Cleartext-Password. !!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!! Please update your configuration so that the "known good" !!! !!! clear text password is in Cleartext-Password, and not in User-Password. !!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! # Executing group from file /etc/freeradius/sites-enabled/default +group authenticate { [eap] Request found, released from the list [eap] EAP NAK [eap] EAP-NAK asked for EAP-Type/peap [eap] processing type tls [tls] Initiate [tls] Start returned 1 ++[eap] = handled +} # group authenticate = handled Sending Access-Challenge of id 37 to 196.207.98.170 port 56683 Ascend-Xmit-Rate := 524288 Ascend-Data-Rate := 131072 Framed-Pool := "internet" Session-Timeout = 16028 EAP-Message = 0x010200061920 Message-Authenticator = 0x00000000000000000000000000000000 State = 0xa950d66ea852cf9708ca1a44e5554367 Finished request 19. Going to the next request Waking up in 4.6 seconds. rad_recv: Access-Request packet from host 196.207.98.170 port 56683, id=38, length=329 User-Name = "beyond" NAS-Port = 0 Called-Station-Id = "70-62-B8-6F-87-EA:game-5GHz" Calling-Station-Id = "C0-EE-FB-FD-A9-B0" Framed-MTU = 1400 NAS-Port-Type = Wireless-802.11 Connect-Info = "CONNECT 0Mbps 802.11" EAP-Message = 0x020200af1980000000a516030100a00100009c0303d301f0c425b48f8e3e0f8115a3b954a226032343fec223aa0f1f41078c8b593e00003ec02cc030009fc02bc02f009ecca9cca8c00ac024c014c0280039006bc009c023c013c02700330067c007c011009d009c0035003d002f003c00050004000a01000035ff0100010000170000000d001600140601060305010503040104030301030302010203000b00020100000a00080006001700180019 State = 0xa950d66ea852cf9708ca1a44e5554367 Message-Authenticator = 0x8cb372601037ba7e21e86c214c2fe1a7 # Executing section authorize from file /etc/freeradius/sites-enabled/default +group authorize { ++[preprocess] = ok ++[chap] = noop ++[mschap] = noop ++[digest] = noop [suffix] No '@' in User-Name = "beyond", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] = noop [eap] EAP packet type response id 2 length 175 [eap] Continuing tunnel setup. ++[eap] = ok +} # group authorize = ok Found Auth-Type = EAP # Executing group from file /etc/freeradius/sites-enabled/default +group authenticate { [eap] Request found, released from the list [eap] EAP/peap [eap] processing type peap [peap] processing EAP-TLS TLS Length 165 [peap] Length Included [peap] eaptls_verify returned 11 [peap] (other): before/accept initialization [peap] TLS_accept: before/accept initialization [peap] <<< Unknown TLS version [length 0005] [peap] <<< Unknown TLS version [length 00a0] [peap] TLS_accept: unknown state [peap] >>> Unknown TLS version [length 0005] [peap] >>> Unknown TLS version [length 0039] [peap] TLS_accept: unknown state [peap] >>> Unknown TLS version [length 0005] [peap] >>> Unknown TLS version [length 0308] [peap] TLS_accept: unknown state [peap] >>> Unknown TLS version [length 0005] [peap] >>> Unknown TLS version [length 014d] [peap] TLS_accept: unknown state [peap] >>> Unknown TLS version [length 0005] [peap] >>> Unknown TLS version [length 0004] [peap] TLS_accept: unknown state [peap] TLS_accept: unknown state [peap] TLS_accept: unknown state [peap] TLS_accept: Need to read more data: unknown state [peap] TLS_accept: Need to read more data: unknown state In SSL Handshake Phase In SSL Accept mode [peap] eaptls_process returned 13 [peap] EAPTLS_HANDLED ++[eap] = handled +} # group authenticate = handled Sending Access-Challenge of id 38 to 196.207.98.170 port 56683 EAP-Message = 0x0103040019c0000004a616030300390200003503037b9961dd15d12d0f90704200743cfd1f4cf3b5ea6aade18840aeefc90a03edd600c03000000dff01000100000b00040300010216030303080b0003040003010002fe308202fa308201e2a003020102020900f85ea253321d0b7c300d06092a864886f70d01010b050030353133303106035504030c2a69702d3137322d33312d372d3230332e75732d776573742d322e636f6d707574652e696e7465726e616c301e170d3137303632303039343333305a170d3237303631383039343333305a30353133303106035504030c2a69702d3137322d33312d372d3230332e75732d776573742d322e63 EAP-Message = 0x6f6d707574652e696e7465726e616c30820122300d06092a864886f70d01010105000382010f003082010a0282010100e627dd66d20145c56752b92dac7cf966d1049974716b8f289054ff1f7fb1ae3cfef00d5fa97aa98ee104320d83763b92132453c392bc2f7adb7972a778c9e088a453b1393d4f8219e3fcb7e0398f4eb4408808348fef5b3d5165e8bc9923cf554373f1b98aeaeb23524c82faa4478fdc964c8886218810ada08f07a6199227b3a9b91668dd10d257a17ec50e098e18ec7be2cc2a83267113dc53ff5693475685e44832782aba7e9e4337a1fc6a8380705f0547ae87d9ca5ddc7ea87e9908458c83e0282e2fa388af5aca1791be EAP-Message = 0x8572399ee9c396512ab6e06f6e8e79b15849732c20b23c3a0f26297da93d91335f8d4329ba28ffe20d49e3de4ec4d1ec20e9f90203010001a30d300b30090603551d1304023000300d06092a864886f70d01010b050003820101001378b4c2895def4fc731b2cda7fce6a09b3a4f22dd0152c8aa3a8cf88c3c0ee103b1c846c0b1109f19ada5d6b689780cdf34694bc8c6cd697e3efdbf31781435ad10719101f2e6d0977cb52d27ce9b52b2d2871a2dd784b0641102c87d734460528e5497785f9260aca783a4e95f69f20b0a6b90fb322e6940e4e5f540d99f350b43a8350ce70758a613f18e2c428375df7d4aac4266d7b3983e7f0b72f5c9ca4bb0 EAP-Message = 0xdf931f70a16ee9284b221cffaaf26d6d06cc14cfb373f600b09283776a334d02104789fc166afca7faaf12ab47fc4f78137177069fbf8a4bc6d2d25db64c5e2fbce4afc1cffcb00994c9d97f53461a6a3f1f5e35837bcc86b93e828cffa9160303014d0c0001490300174104e757b304a0d4eea38ef7b0c28d170a6cf6829b5c25470af4e13ff66ed36c509b3f6f8ba7fa54f2f09ae54a7c2da760f57592334f71311a09c43b4fc62554b24a060101005de96c47da22ebebe3e16de81b6f5aadf5f777a05ef393196ac66d5d38dee58827e2c0cb78410401b2429d05f868108641d5a89263404b0492c756e6d973de5aa6e0ab54b74286b10f78c574f3 EAP-Message = 0x288cf32940d3f70b0657b1a6 Message-Authenticator = 0x00000000000000000000000000000000 State = 0xa950d66eab53cf9708ca1a44e5554367 Finished request 20. Going to the next request Waking up in 4.3 seconds. rad_recv: Access-Request packet from host 196.207.98.170 port 56683, id=39, length=160 User-Name = "beyond" NAS-Port = 0 Called-Station-Id = "70-62-B8-6F-87-EA:game-5GHz" Calling-Station-Id = "C0-EE-FB-FD-A9-B0" Framed-MTU = 1400 NAS-Port-Type = Wireless-802.11 Connect-Info = "CONNECT 0Mbps 802.11" EAP-Message = 0x020300061900 State = 0xa950d66eab53cf9708ca1a44e5554367 Message-Authenticator = 0xfdfb61361564482e38fea927c353682d # Executing section authorize from file /etc/freeradius/sites-enabled/default +group authorize { ++[preprocess] = ok ++[chap] = noop ++[mschap] = noop ++[digest] = noop [suffix] No '@' in User-Name = "beyond", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] = noop [eap] EAP packet type response id 3 length 6 [eap] Continuing tunnel setup. ++[eap] = ok +} # group authorize = ok Found Auth-Type = EAP # Executing group from file /etc/freeradius/sites-enabled/default +group authenticate { [eap] Request found, released from the list [eap] EAP/peap [eap] processing type peap [peap] processing EAP-TLS [peap] Received TLS ACK [peap] ACK handshake fragment handler [peap] eaptls_verify returned 1 [peap] eaptls_process returned 13 [peap] EAPTLS_HANDLED ++[eap] = handled +} # group authenticate = handled Sending Access-Challenge of id 39 to 196.207.98.170 port 56683 EAP-Message = 0x010400b6190051fc56d49d534ffac940b452b2d3c5479bdf7b668879756aa2dc2d3ed74696e71a42042df81ae9f6d9ff5ec9f98e2cc43b75bb3f0c9e3a8a26cf37c7a47c88055eb405b1102c8c3d6c286b3c75a548b732eedef5a2d7b5706a8b6a296408228e8a8d9e6d154579f380ba3cdb7d612a202bf314109e722fae63f562d32ce2f4a3aeacff6fd0c72a942ba78c778a050c564f0c273a75218f1b3166eed60d99aa38a13aec3dfca54016030300040e000000 Message-Authenticator = 0x00000000000000000000000000000000 State = 0xa950d66eaa54cf9708ca1a44e5554367 Finished request 21. Going to the next request Waking up in 4.0 seconds. rad_recv: Access-Request packet from host 196.207.98.170 port 56683, id=40, length=290 User-Name = "beyond" NAS-Port = 0 Called-Station-Id = "70-62-B8-6F-87-EA:game-5GHz" Calling-Station-Id = "C0-EE-FB-FD-A9-B0" Framed-MTU = 1400 NAS-Port-Type = Wireless-802.11 Connect-Info = "CONNECT 0Mbps 802.11" EAP-Message = 0x0204008819800000007e160303004610000042410404773abb22f2474663d7a2ca220feaccd18a14d198795b03d3a0fdd3a91bf1aa8f7b935967e50f182f840d5f5b91c807c7c02430789ee1f69ba688c5015bc4ed1403030001011603030028000000000000000055e7c6216dd93ee385ae3ca6987287057f59197ebde08363093423e002561371 State = 0xa950d66eaa54cf9708ca1a44e5554367 Message-Authenticator = 0xa38bdbc7048bfeb6668ab65b2546b629 # Executing section authorize from file /etc/freeradius/sites-enabled/default +group authorize { ++[preprocess] = ok ++[chap] = noop ++[mschap] = noop ++[digest] = noop [suffix] No '@' in User-Name = "beyond", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] = noop [eap] EAP packet type response id 4 length 136 [eap] Continuing tunnel setup. ++[eap] = ok +} # group authorize = ok Found Auth-Type = EAP # Executing group from file /etc/freeradius/sites-enabled/default +group authenticate { [eap] Request found, released from the list [eap] EAP/peap [eap] processing type peap [peap] processing EAP-TLS TLS Length 126 [peap] Length Included [peap] eaptls_verify returned 11 [peap] <<< Unknown TLS version [length 0005] [peap] <<< Unknown TLS version [length 0046] [peap] TLS_accept: unknown state [peap] TLS_accept: unknown state [peap] <<< Unknown TLS version [length 0005] [peap] <<< Unknown TLS version [length 0001] [peap] <<< Unknown TLS version [length 0005] [peap] <<< Unknown TLS version [length 0010] [peap] TLS_accept: unknown state [peap] >>> Unknown TLS version [length 0005] [peap] >>> Unknown TLS version [length 0001] [peap] TLS_accept: unknown state [peap] >>> Unknown TLS version [length 0005] [peap] >>> Unknown TLS version [length 0010] [peap] TLS_accept: unknown state [peap] TLS_accept: unknown state [peap] (other): SSL negotiation finished successfully SSL Connection Established [peap] eaptls_process returned 13 [peap] EAPTLS_HANDLED ++[eap] = handled +} # group authenticate = handled Sending Access-Challenge of id 40 to 196.207.98.170 port 56683 EAP-Message = 0x01050039190014030300010116030300289680cf322a3d768c2d19344db7aceae72e27b1dd732d7836a932fedb2c3fa4afec45522cb5104c0c Message-Authenticator = 0x00000000000000000000000000000000 State = 0xa950d66ead55cf9708ca1a44e5554367 Finished request 22. Going to the next request Waking up in 3.7 seconds. rad_recv: Access-Request packet from host 196.207.98.170 port 56683, id=41, length=160 User-Name = "beyond" NAS-Port = 0 Called-Station-Id = "70-62-B8-6F-87-EA:game-5GHz" Calling-Station-Id = "C0-EE-FB-FD-A9-B0" Framed-MTU = 1400 NAS-Port-Type = Wireless-802.11 Connect-Info = "CONNECT 0Mbps 802.11" EAP-Message = 0x020500061900 State = 0xa950d66ead55cf9708ca1a44e5554367 Message-Authenticator = 0x92ed49fbbce35140904a6349ed6f5a7b # Executing section authorize from file /etc/freeradius/sites-enabled/default +group authorize { ++[preprocess] = ok ++[chap] = noop ++[mschap] = noop ++[digest] = noop [suffix] No '@' in User-Name = "beyond", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] = noop [eap] EAP packet type response id 5 length 6 [eap] Continuing tunnel setup. ++[eap] = ok +} # group authorize = ok Found Auth-Type = EAP # Executing group from file /etc/freeradius/sites-enabled/default +group authenticate { [eap] Request found, released from the list [eap] EAP/peap [eap] processing type peap [peap] processing EAP-TLS [peap] Received TLS ACK [peap] ACK handshake is finished [peap] eaptls_verify returned 3 [peap] eaptls_process returned 3 [peap] EAPTLS_SUCCESS [peap] Session established. Decoding tunneled attributes. [peap] Peap state TUNNEL ESTABLISHED [peap] >>> Unknown TLS version [length 0005] ++[eap] = handled +} # group authenticate = handled Sending Access-Challenge of id 41 to 196.207.98.170 port 56683 EAP-Message = 0x010600281900170303001d9680cf322a3d768d5dd603ac5f24b0bc9b2f50ab23c3541325d834d848 Message-Authenticator = 0x00000000000000000000000000000000 State = 0xa950d66eac56cf9708ca1a44e5554367 Finished request 23. Going to the next request Waking up in 3.4 seconds. rad_recv: Access-Request packet from host 196.207.98.170 port 56683, id=42, length=196 User-Name = "beyond" NAS-Port = 0 Called-Station-Id = "70-62-B8-6F-87-EA:game-5GHz" Calling-Station-Id = "C0-EE-FB-FD-A9-B0" Framed-MTU = 1400 NAS-Port-Type = Wireless-802.11 Connect-Info = "CONNECT 0Mbps 802.11" EAP-Message = 0x0206002a1900170303001f000000000000000172dce6b25841313c383fc00a926a619fd75e8c4abb64cc State = 0xa950d66eac56cf9708ca1a44e5554367 Message-Authenticator = 0xbd7feed3b0ec89bfae5cff768b270d70 # Executing section authorize from file /etc/freeradius/sites-enabled/default +group authorize { ++[preprocess] = ok ++[chap] = noop ++[mschap] = noop ++[digest] = noop [suffix] No '@' in User-Name = "beyond", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] = noop [eap] EAP packet type response id 6 length 42 [eap] Continuing tunnel setup. ++[eap] = ok +} # group authorize = ok Found Auth-Type = EAP # Executing group from file /etc/freeradius/sites-enabled/default +group authenticate { [eap] Request found, released from the list [eap] EAP/peap [eap] processing type peap [peap] processing EAP-TLS [peap] eaptls_verify returned 7 [peap] Done initial handshake [peap] <<< Unknown TLS version [length 0005] [peap] eaptls_process returned 7 [peap] EAPTLS_OK [peap] Session established. Decoding tunneled attributes. [peap] Peap state WAITING FOR INNER IDENTITY [peap] Identity - beyond [peap] Got inner identity 'beyond' [peap] Setting default EAP type for tunneled EAP session. [peap] Got tunneled request EAP-Message = 0x0206000b016265796f6e64 server { [peap] Setting User-Name to beyond Sending tunneled request EAP-Message = 0x0206000b016265796f6e64 FreeRADIUS-Proxied-To = 127.0.0.1 User-Name = "beyond" server inner-tunnel { # Executing section authorize from file /etc/freeradius/sites-enabled/inner-tunnel +group authorize { ++[chap] = noop ++[mschap] = noop [suffix] No '@' in User-Name = "beyond", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] = noop ++update control { ++} # update control = noop [eap] EAP packet type response id 6 length 11 [eap] No EAP Start, assuming it's an on-going EAP conversation ++[eap] = updated ++[files] = noop [sql] expand: %{User-Name} -> beyond [sql] sql_set_user escaped user --> 'beyond' rlm_sql (sql): Reserving sql socket id: 18 [sql] expand: SELECT id, username, attribute, value, op FROM radcheck WHERE username = '%{SQL-User-Name}' ORDER BY id -> SELECT id, username, attribute, value, op FROM radcheck WHERE username = 'beyond' ORDER BY id [sql] User found in radcheck table [sql] expand: SELECT id, username, attribute, value, op FROM radreply WHERE username = '%{SQL-User-Name}' ORDER BY id -> SELECT id, username, attribute, value, op FROM radreply WHERE username = 'beyond' ORDER BY id [sql] expand: SELECT groupname FROM radusergroup WHERE username = '%{SQL-User-Name}' ORDER BY priority -> SELECT groupname FROM radusergroup WHERE username = 'beyond' ORDER BY priority [sql] expand: SELECT id, groupname, attribute, Value, op FROM radgroupcheck WHERE groupname = '%{Sql-Group}' ORDER BY id -> SELECT id, groupname, attribute, Value, op FROM radgroupcheck WHERE groupname = 'testservice' ORDER BY id [sql] User found in group testservice [sql] expand: SELECT id, groupname, attribute, value, op FROM radgroupreply WHERE groupname = '%{Sql-Group}' ORDER BY id -> SELECT id, groupname, attribute, value, op FROM radgroupreply WHERE groupname = 'testservice' ORDER BY id rlm_sql (sql): Released sql socket id: 18 ++[sql] = ok [expiration] Checking Expiration time: 'June 21 2017 00:00:00' ++[expiration] = ok ++[logintime] = noop [pap] WARNING: Auth-Type already set. Not setting to PAP ++[pap] = noop +} # group authorize = updated Found Auth-Type = EAP !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!! Replacing User-Password in config items with Cleartext-Password. !!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!! Please update your configuration so that the "known good" !!! !!! clear text password is in Cleartext-Password, and not in User-Password. !!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! # Executing group from file /etc/freeradius/sites-enabled/inner-tunnel +group authenticate { [eap] EAP Identity [eap] processing type mschapv2 rlm_eap_mschapv2: Issuing Challenge ++[eap] = handled +} # group authenticate = handled } # server inner-tunnel [peap] Got tunneled reply code 11 Ascend-Xmit-Rate := 524288 Ascend-Data-Rate := 131072 Framed-Pool := "internet" Session-Timeout = 16027 EAP-Message = 0x010700201a0107001b1055fdbaded40b7fb7f8a7ce25166479a96265796f6e64 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x27ead3e627edc95a65dc87308a278213 [peap] Got tunneled reply RADIUS code Access-Challenge Ascend-Xmit-Rate := 524288 Ascend-Data-Rate := 131072 Framed-Pool := "internet" Session-Timeout = 16027 EAP-Message = 0x010700201a0107001b1055fdbaded40b7fb7f8a7ce25166479a96265796f6e64 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x27ead3e627edc95a65dc87308a278213 [peap] Got tunneled Access-Challenge [peap] >>> Unknown TLS version [length 0005] ++[eap] = handled +} # group authenticate = handled Sending Access-Challenge of id 42 to 196.207.98.170 port 56683 EAP-Message = 0x0107003f190017030300349680cf322a3d768ee941aebf9af12651f49310595a34eee4dd848882f047d042d6f9b8f826e48617806a15fdf52197b1d28b0c09 Message-Authenticator = 0x00000000000000000000000000000000 State = 0xa950d66eaf57cf9708ca1a44e5554367 Finished request 24. Going to the next request Waking up in 3.1 seconds. rad_recv: Access-Request packet from host 196.207.98.170 port 56683, id=43, length=250 User-Name = "beyond" NAS-Port = 0 Called-Station-Id = "70-62-B8-6F-87-EA:game-5GHz" Calling-Station-Id = "C0-EE-FB-FD-A9-B0" Framed-MTU = 1400 NAS-Port-Type = Wireless-802.11 Connect-Info = "CONNECT 0Mbps 802.11" EAP-Message = 0x02070060190017030300550000000000000002db04986ac5f5d83de823d47acd77eb1991ee70787f6b1a965e4d33703312d860661a5f42b5fe11dac135d48fb884d22083824953546473598935f0e6a582c47e4d2dfa61abaed9a688c0cf98d6 State = 0xa950d66eaf57cf9708ca1a44e5554367 Message-Authenticator = 0x7a62ce64f021a02ac151368f32307374 # Executing section authorize from file /etc/freeradius/sites-enabled/default +group authorize { ++[preprocess] = ok ++[chap] = noop ++[mschap] = noop ++[digest] = noop [suffix] No '@' in User-Name = "beyond", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] = noop [eap] EAP packet type response id 7 length 96 [eap] Continuing tunnel setup. ++[eap] = ok +} # group authorize = ok Found Auth-Type = EAP # Executing group from file /etc/freeradius/sites-enabled/default +group authenticate { [eap] Request found, released from the list [eap] EAP/peap [eap] processing type peap [peap] processing EAP-TLS [peap] eaptls_verify returned 7 [peap] Done initial handshake [peap] <<< Unknown TLS version [length 0005] [peap] eaptls_process returned 7 [peap] EAPTLS_OK [peap] Session established. Decoding tunneled attributes. [peap] Peap state phase2 [peap] EAP type mschapv2 [peap] Got tunneled request EAP-Message = 0x020700411a0207003c315a657a7fdfd1192b1a88172e5c501c1100000000000000005dcf5d2ed1f2f2e22aa14e53ef1270c2ba66d338e98ac598006265796f6e64 server { [peap] Setting User-Name to beyond Sending tunneled request EAP-Message = 0x020700411a0207003c315a657a7fdfd1192b1a88172e5c501c1100000000000000005dcf5d2ed1f2f2e22aa14e53ef1270c2ba66d338e98ac598006265796f6e64 FreeRADIUS-Proxied-To = 127.0.0.1 User-Name = "beyond" State = 0x27ead3e627edc95a65dc87308a278213 server inner-tunnel { # Executing section authorize from file /etc/freeradius/sites-enabled/inner-tunnel +group authorize { ++[chap] = noop ++[mschap] = noop [suffix] No '@' in User-Name = "beyond", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] = noop ++update control { ++} # update control = noop [eap] EAP packet type response id 7 length 65 [eap] No EAP Start, assuming it's an on-going EAP conversation ++[eap] = updated ++[files] = noop [sql] expand: %{User-Name} -> beyond [sql] sql_set_user escaped user --> 'beyond' rlm_sql (sql): Reserving sql socket id: 17 [sql] expand: SELECT id, username, attribute, value, op FROM radcheck WHERE username = '%{SQL-User-Name}' ORDER BY id -> SELECT id, username, attribute, value, op FROM radcheck WHERE username = 'beyond' ORDER BY id [sql] User found in radcheck table [sql] expand: SELECT id, username, attribute, value, op FROM radreply WHERE username = '%{SQL-User-Name}' ORDER BY id -> SELECT id, username, attribute, value, op FROM radreply WHERE username = 'beyond' ORDER BY id [sql] expand: SELECT groupname FROM radusergroup WHERE username = '%{SQL-User-Name}' ORDER BY priority -> SELECT groupname FROM radusergroup WHERE username = 'beyond' ORDER BY priority [sql] expand: SELECT id, groupname, attribute, Value, op FROM radgroupcheck WHERE groupname = '%{Sql-Group}' ORDER BY id -> SELECT id, groupname, attribute, Value, op FROM radgroupcheck WHERE groupname = 'testservice' ORDER BY id [sql] User found in group testservice [sql] expand: SELECT id, groupname, attribute, value, op FROM radgroupreply WHERE groupname = '%{Sql-Group}' ORDER BY id -> SELECT id, groupname, attribute, value, op FROM radgroupreply WHERE groupname = 'testservice' ORDER BY id rlm_sql (sql): Released sql socket id: 17 ++[sql] = ok [expiration] Checking Expiration time: 'June 21 2017 00:00:00' ++[expiration] = ok ++[logintime] = noop [pap] WARNING: Auth-Type already set. Not setting to PAP ++[pap] = noop +} # group authorize = updated Found Auth-Type = EAP !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!! Replacing User-Password in config items with Cleartext-Password. !!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!! Please update your configuration so that the "known good" !!! !!! clear text password is in Cleartext-Password, and not in User-Password. !!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! # Executing group from file /etc/freeradius/sites-enabled/inner-tunnel +group authenticate { [eap] Request found, released from the list [eap] EAP/mschapv2 [eap] processing type mschapv2 [mschapv2] # Executing group from file /etc/freeradius/sites-enabled/inner-tunnel [mschapv2] +group MS-CHAP { [mschap] Creating challenge hash with username: beyond [mschap] Client is using MS-CHAPv2 for beyond, we need NT-Password [mschap] adding MS-CHAPv2 MPPE keys ++[mschap] = ok +} # group MS-CHAP = ok MSCHAP Success ++[eap] = handled +} # group authenticate = handled } # server inner-tunnel [peap] Got tunneled reply code 11 Ascend-Xmit-Rate := 524288 Ascend-Data-Rate := 131072 Framed-Pool := "internet" Session-Timeout = 16026 EAP-Message = 0x010800331a0307002e533d38323735413135444133313833384533453846383444433043373238443238463631423542454232 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x27ead3e626e2c95a65dc87308a278213 [peap] Got tunneled reply RADIUS code Access-Challenge Ascend-Xmit-Rate := 524288 Ascend-Data-Rate := 131072 Framed-Pool := "internet" Session-Timeout = 16026 EAP-Message = 0x010800331a0307002e533d38323735413135444133313833384533453846383444433043373238443238463631423542454232 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x27ead3e626e2c95a65dc87308a278213 [peap] Got tunneled Access-Challenge [peap] >>> Unknown TLS version [length 0005] ++[eap] = handled +} # group authenticate = handled Sending Access-Challenge of id 43 to 196.207.98.170 port 56683 EAP-Message = 0x01080052190017030300479680cf322a3d768f8f9ec4c8cb37a506a2089333c99a7ecc25be4f1b01191df99ca0092be67c1f7f50433f844849801144b6a3a001a437935f0bb5bc6f60be73a5cf762f87f21f Message-Authenticator = 0x00000000000000000000000000000000 State = 0xa950d66eae58cf9708ca1a44e5554367 Finished request 25. Going to the next request Waking up in 2.8 seconds. rad_recv: Access-Request packet from host 196.207.98.170 port 56683, id=44, length=191 User-Name = "beyond" NAS-Port = 0 Called-Station-Id = "70-62-B8-6F-87-EA:game-5GHz" Calling-Station-Id = "C0-EE-FB-FD-A9-B0" Framed-MTU = 1400 NAS-Port-Type = Wireless-802.11 Connect-Info = "CONNECT 0Mbps 802.11" EAP-Message = 0x020800251900170303001a000000000000000306d30afc88b7e1c4c8066f070f95188cf445 State = 0xa950d66eae58cf9708ca1a44e5554367 Message-Authenticator = 0x7af7c7b611041657b2c845d18171466b # Executing section authorize from file /etc/freeradius/sites-enabled/default +group authorize { ++[preprocess] = ok ++[chap] = noop ++[mschap] = noop ++[digest] = noop [suffix] No '@' in User-Name = "beyond", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] = noop [eap] EAP packet type response id 8 length 37 [eap] Continuing tunnel setup. ++[eap] = ok +} # group authorize = ok Found Auth-Type = EAP # Executing group from file /etc/freeradius/sites-enabled/default +group authenticate { [eap] Request found, released from the list [eap] EAP/peap [eap] processing type peap [peap] processing EAP-TLS [peap] eaptls_verify returned 7 [peap] Done initial handshake [peap] <<< Unknown TLS version [length 0005] [peap] eaptls_process returned 7 [peap] EAPTLS_OK [peap] Session established. Decoding tunneled attributes. [peap] Peap state phase2 [peap] EAP type mschapv2 [peap] Got tunneled request EAP-Message = 0x020800061a03 server { [peap] Setting User-Name to beyond Sending tunneled request EAP-Message = 0x020800061a03 FreeRADIUS-Proxied-To = 127.0.0.1 User-Name = "beyond" State = 0x27ead3e626e2c95a65dc87308a278213 server inner-tunnel { # Executing section authorize from file /etc/freeradius/sites-enabled/inner-tunnel +group authorize { ++[chap] = noop ++[mschap] = noop [suffix] No '@' in User-Name = "beyond", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] = noop ++update control { ++} # update control = noop [eap] EAP packet type response id 8 length 6 [eap] No EAP Start, assuming it's an on-going EAP conversation ++[eap] = updated ++[files] = noop [sql] expand: %{User-Name} -> beyond [sql] sql_set_user escaped user --> 'beyond' rlm_sql (sql): Reserving sql socket id: 16 [sql] expand: SELECT id, username, attribute, value, op FROM radcheck WHERE username = '%{SQL-User-Name}' ORDER BY id -> SELECT id, username, attribute, value, op FROM radcheck WHERE username = 'beyond' ORDER BY id [sql] User found in radcheck table [sql] expand: SELECT id, username, attribute, value, op FROM radreply WHERE username = '%{SQL-User-Name}' ORDER BY id -> SELECT id, username, attribute, value, op FROM radreply WHERE username = 'beyond' ORDER BY id [sql] expand: SELECT groupname FROM radusergroup WHERE username = '%{SQL-User-Name}' ORDER BY priority -> SELECT groupname FROM radusergroup WHERE username = 'beyond' ORDER BY priority [sql] expand: SELECT id, groupname, attribute, Value, op FROM radgroupcheck WHERE groupname = '%{Sql-Group}' ORDER BY id -> SELECT id, groupname, attribute, Value, op FROM radgroupcheck WHERE groupname = 'testservice' ORDER BY id [sql] User found in group testservice [sql] expand: SELECT id, groupname, attribute, value, op FROM radgroupreply WHERE groupname = '%{Sql-Group}' ORDER BY id -> SELECT id, groupname, attribute, value, op FROM radgroupreply WHERE groupname = 'testservice' ORDER BY id rlm_sql (sql): Released sql socket id: 16 ++[sql] = ok [expiration] Checking Expiration time: 'June 21 2017 00:00:00' ++[expiration] = ok ++[logintime] = noop [pap] WARNING: Auth-Type already set. Not setting to PAP ++[pap] = noop +} # group authorize = updated Found Auth-Type = EAP !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!! Replacing User-Password in config items with Cleartext-Password. !!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!! Please update your configuration so that the "known good" !!! !!! clear text password is in Cleartext-Password, and not in User-Password. !!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! # Executing group from file /etc/freeradius/sites-enabled/inner-tunnel +group authenticate { [eap] Request found, released from the list [eap] EAP/mschapv2 [eap] processing type mschapv2 [eap] Freeing handler ++[eap] = ok +} # group authenticate = ok # Executing section post-auth from file /etc/freeradius/sites-enabled/inner-tunnel +group post-auth { [sql] expand: %{User-Name} -> beyond [sql] sql_set_user escaped user --> 'beyond' [sql] expand: %{User-Password} -> [sql] ... expanding second conditional [sql] expand: %{Chap-Password} -> [sql] expand: INSERT INTO radpostauth (username, pass, reply, authdate) VALUES ( '%{User-Name}', '%{%{User-Password}:-%{Chap-Password}}', '%{reply:Packet-Type}', '%S') -> INSERT INTO radpostauth (username, pass, reply, authdate) VALUES ( 'beyond', '', 'Access-Accept', '2017-06-20 19:32:54') rlm_sql (sql) in sql_postauth: query is INSERT INTO radpostauth (username, pass, reply, authdate) VALUES ( 'beyond', '', 'Access-Accept', '2017-06-20 19:32:54') rlm_sql (sql): Reserving sql socket id: 15 rlm_sql (sql): Released sql socket id: 15 ++[sql] = ok +} # group post-auth = ok } # server inner-tunnel [peap] Got tunneled reply code 2 Ascend-Xmit-Rate := 524288 Ascend-Data-Rate := 131072 Framed-Pool := "internet" Session-Timeout = 16026 MS-MPPE-Encryption-Policy = 0x00000001 MS-MPPE-Encryption-Types = 0x00000006 MS-MPPE-Send-Key = 0x2e0d13b8c7b815a2f806ccea9d577c2f MS-MPPE-Recv-Key = 0x15b4a5fff9acdf748dfdc893f70cbd90 EAP-Message = 0x03080004 Message-Authenticator = 0x00000000000000000000000000000000 User-Name = "beyond" [peap] Got tunneled reply RADIUS code Access-Accept Ascend-Xmit-Rate := 524288 Ascend-Data-Rate := 131072 Framed-Pool := "internet" Session-Timeout = 16026 MS-MPPE-Encryption-Policy = 0x00000001 MS-MPPE-Encryption-Types = 0x00000006 MS-MPPE-Send-Key = 0x2e0d13b8c7b815a2f806ccea9d577c2f MS-MPPE-Recv-Key = 0x15b4a5fff9acdf748dfdc893f70cbd90 EAP-Message = 0x03080004 Message-Authenticator = 0x00000000000000000000000000000000 User-Name = "beyond" [peap] Tunneled authentication was successful. [peap] SUCCESS [peap] >>> Unknown TLS version [length 0005] ++[eap] = handled +} # group authenticate = handled Sending Access-Challenge of id 44 to 196.207.98.170 port 56683 EAP-Message = 0x0109002e190017030300239680cf322a3d76907b55e3bd68db220e3616d3465f4b71ef0a5705676268ef007be818 Message-Authenticator = 0x00000000000000000000000000000000 State = 0xa950d66ea159cf9708ca1a44e5554367 Finished request 26. Going to the next request Waking up in 2.5 seconds. rad_recv: Access-Request packet from host 196.207.98.170 port 56683, id=45, length=200 User-Name = "beyond" NAS-Port = 0 Called-Station-Id = "70-62-B8-6F-87-EA:game-5GHz" Calling-Station-Id = "C0-EE-FB-FD-A9-B0" Framed-MTU = 1400 NAS-Port-Type = Wireless-802.11 Connect-Info = "CONNECT 0Mbps 802.11" EAP-Message = 0x0209002e1900170303002300000000000000042a2a89219434fde8d11b1c610f63d5bbf04237fce858aeda5cd2a2 State = 0xa950d66ea159cf9708ca1a44e5554367 Message-Authenticator = 0x995363dc60155d08adf5ed241814b565 # Executing section authorize from file /etc/freeradius/sites-enabled/default +group authorize { ++[preprocess] = ok ++[chap] = noop ++[mschap] = noop ++[digest] = noop [suffix] No '@' in User-Name = "beyond", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] = noop [eap] EAP packet type response id 9 length 46 [eap] Continuing tunnel setup. ++[eap] = ok +} # group authorize = ok Found Auth-Type = EAP # Executing group from file /etc/freeradius/sites-enabled/default +group authenticate { [eap] Request found, released from the list [eap] EAP/peap [eap] processing type peap [peap] processing EAP-TLS [peap] eaptls_verify returned 7 [peap] Done initial handshake [peap] <<< Unknown TLS version [length 0005] [peap] eaptls_process returned 7 [peap] EAPTLS_OK [peap] Session established. Decoding tunneled attributes. [peap] Peap state send tlv success [peap] Received EAP-TLV response. [peap] Success [eap] Freeing handler ++[eap] = ok +} # group authenticate = ok # Executing section post-auth from file /etc/freeradius/sites-enabled/default +group post-auth { [sql] expand: %{User-Name} -> beyond [sql] sql_set_user escaped user --> 'beyond' [sql] expand: %{User-Password} -> [sql] ... expanding second conditional [sql] expand: %{Chap-Password} -> [sql] expand: INSERT INTO radpostauth (username, pass, reply, authdate) VALUES ( '%{User-Name}', '%{%{User-Password}:-%{Chap-Password}}', '%{reply:Packet-Type}', '%S') -> INSERT INTO radpostauth (username, pass, reply, authdate) VALUES ( 'beyond', '', 'Access-Accept', '2017-06-20 19:32:54') rlm_sql (sql) in sql_postauth: query is INSERT INTO radpostauth (username, pass, reply, authdate) VALUES ( 'beyond', '', 'Access-Accept', '2017-06-20 19:32:54') rlm_sql (sql): Reserving sql socket id: 14 rlm_sql (sql): Released sql socket id: 14 ++[sql] = ok ++[exec] = noop +} # group post-auth = ok Sending Access-Accept of id 45 to 196.207.98.170 port 56683 MS-MPPE-Recv-Key = 0x4dcd1e8c51151ba0a2f705199ec30aa071204ac0b0ed4012cb7d783e8ad17cc4 MS-MPPE-Send-Key = 0x4e9d3642903f3e47f97fed6abdde76a93f302a753b95352b75fb112164b2b639 EAP-Message = 0x03090004 Message-Authenticator = 0x00000000000000000000000000000000 User-Name = "beyond" Finished request 27. Going to the next request Waking up in 2.1 seconds. Cleaning up request 18 ID 36 with timestamp +35 Waking up in 0.3 seconds. Cleaning up request 19 ID 37 with timestamp +35 Waking up in 0.3 seconds. Cleaning up request 20 ID 38 with timestamp +35 Waking up in 0.3 seconds. Cleaning up request 21 ID 39 with timestamp +36 Waking up in 0.3 seconds. Cleaning up request 22 ID 40 with timestamp +36 Waking up in 0.3 seconds. Cleaning up request 23 ID 41 with timestamp +36 Waking up in 0.3 seconds. Cleaning up request 24 ID 42 with timestamp +36 Waking up in 0.3 seconds. Cleaning up request 25 ID 43 with timestamp +37 Waking up in 0.3 seconds. Cleaning up request 26 ID 44 with timestamp +37 Waking up in 0.3 seconds. Cleaning up request 27 ID 45 with timestamp +37 Ready to process requests.