radiusd: FreeRADIUS Version 3.0.1, for host x86_64-pc-linux-gnu, built on Apr 15 2014 at 14:04:23 Copyright (C) 1999-2014 The FreeRADIUS server project and contributors There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE You may redistribute copies of FreeRADIUS under the terms of the GNU General Public License For more information about these matters, see the file named COPYRIGHT Starting - reading configuration files ... including dictionary file /etc/freeradius/dictionary including configuration file /etc/freeradius/radiusd.conf including configuration file /etc/freeradius/proxy.conf including configuration file /etc/freeradius/clients.conf including files in directory /etc/freeradius/mods-enabled/ including configuration file /etc/freeradius/mods-enabled/eap including configuration file /etc/freeradius/mods-enabled/always including configuration file /etc/freeradius/mods-enabled/dynamic_clients including configuration file /etc/freeradius/mods-enabled/detail.log including configuration file /etc/freeradius/mods-enabled/detail including configuration file /etc/freeradius/mods-enabled/sradutmp including configuration file /etc/freeradius/mods-enabled/expiration including configuration file /etc/freeradius/mods-enabled/preprocess including configuration file /etc/freeradius/mods-enabled/logintime including configuration file /etc/freeradius/mods-enabled/soh including configuration file /etc/freeradius/mods-enabled/dhcp including configuration file /etc/freeradius/mods-enabled/radutmp including configuration file /etc/freeradius/mods-enabled/digest including configuration file /etc/freeradius/mods-enabled/exec including configuration file /etc/freeradius/mods-enabled/echo including configuration file /etc/freeradius/mods-enabled/replicate including configuration file /etc/freeradius/mods-enabled/cache_eap including configuration file /etc/freeradius/mods-enabled/linelog including configuration file /etc/freeradius/mods-enabled/utf8 including configuration file /etc/freeradius/mods-enabled/attr_filter including configuration file /etc/freeradius/mods-enabled/chap including configuration file /etc/freeradius/mods-enabled/realm including configuration file /etc/freeradius/mods-enabled/passwd including configuration file /etc/freeradius/mods-enabled/ntlm_auth including configuration file /etc/freeradius/mods-enabled/sql including configuration file /etc/freeradius/mods-config/sql/main/mysql/queries.conf including configuration file /etc/freeradius/mods-enabled/sqlcounter including configuration file /etc/freeradius/mods-enabled/pap including configuration file /etc/freeradius/mods-enabled/perl including configuration file /etc/freeradius/mods-enabled/files including configuration file /etc/freeradius/mods-enabled/expr including configuration file /etc/freeradius/mods-enabled/unix including configuration file /etc/freeradius/mods-enabled/mschap including files in directory /etc/freeradius/policy.d/ including configuration file /etc/freeradius/policy.d/eap including configuration file /etc/freeradius/policy.d/cui including configuration file /etc/freeradius/policy.d/operator-name including configuration file /etc/freeradius/policy.d/dhcp including configuration file /etc/freeradius/policy.d/control including configuration file /etc/freeradius/policy.d/filter including configuration file /etc/freeradius/policy.d/canonicalization including configuration file /etc/freeradius/policy.d/accounting including files in directory /etc/freeradius/sites-enabled/ including configuration file /etc/freeradius/sites-enabled/coa including configuration file /etc/freeradius/sites-enabled/inner-tunnel including configuration file /etc/freeradius/sites-enabled/default main { security { user = "freerad" group = "freerad" allow_core_dumps = no } } main { name = "freeradius" prefix = "/usr" localstatedir = "/var" sbindir = "/usr/sbin" logdir = "/var/log/freeradius" run_dir = "/var/run/freeradius" libdir = "/usr/lib/freeradius" radacctdir = "/var/log/freeradius/radacct" hostname_lookups = no max_request_time = 30 cleanup_delay = 5 max_requests = 1024 pidfile = "/var/run/freeradius/freeradius.pid" checkrad = "/usr/sbin/checkrad" debug_level = 0 proxy_requests = no log { stripped_names = no auth = no auth_badpass = no auth_goodpass = no colourise = yes } security { max_attributes = 200 reject_delay = 1 status_server = yes } } radiusd: #### Loading Realms and Home Servers #### proxy server { retry_delay = 5 retry_count = 3 default_fallback = no dead_time = 120 wake_all_if_all_dead = no } home_server localhost { ipaddr = 127.0.0.1 port = 1812 type = "auth" secret = "testing123" response_window = 20 max_outstanding = 65536 zombie_period = 40 status_check = "status-server" ping_interval = 30 check_interval = 30 num_answers_to_alive = 3 revive_interval = 120 status_check_timeout = 4 coa { irt = 2 mrt = 16 mrc = 5 mrd = 30 } limit { max_connections = 16 max_requests = 0 lifetime = 0 idle_timeout = 0 } } home_server_pool my_auth_failover { type = fail-over home_server = localhost } realm example.com { auth_pool = my_auth_failover } realm LOCAL { } radiusd: #### Loading Clients #### client localhost { ipaddr = 127.0.0.1 require_message_authenticator = no secret = "radius" shortname = "localhost" nas_type = "other" proto = "*" limit { max_connections = 16 lifetime = 0 idle_timeout = 30 } } client 27.33.228.125 { require_message_authenticator = no secret = "radius" shortname = "14kimberleyst" nas_type = "mikrotik" limit { max_connections = 16 lifetime = 0 idle_timeout = 30 } } client 220.244.108.10 { require_message_authenticator = no secret = "radius" shortname = "30cookst" nas_type = "mikrotik_snmp" limit { max_connections = 16 lifetime = 0 idle_timeout = 30 } } client 10.1.1.22/24 { require_message_authenticator = no secret = "radius" shortname = "MikroTik" limit { max_connections = 16 lifetime = 0 idle_timeout = 30 } } client 99hamilton.no-ip.biz { require_message_authenticator = no secret = "radius" shortname = "99hamilton" nas_type = "mikrotik" limit { max_connections = 16 lifetime = 0 idle_timeout = 30 } } radiusd: #### Instantiating modules #### instantiate { # Loaded module rlm_sqlcounter # Instantiating module "monthlycounter" from file /etc/freeradius/mods-enabled/sqlcounter sqlcounter monthlycounter { sql_module_instance = "sql" key = "User-Name" query = "SELECT IFNULL((sum(acctinputoctets)+sum(acctoutputoctets)),0) FROM `radacct` WHERE username='%{User-Name}' AND Month(acctstoptime) =(Month(NOW())) AND Year(acctstoptime) = Year(NOW());" reset = "monthly" counter_name = "Max-Monthly-Data-Quota" check_name = "Monthly-Data-Quota" reply_name = "Mikrotik-Recv-Limit" } rlm_sqlcounter: Current Time: 1400760565 [2014-05-22 20:09:25], Next reset 1401552000 [2014-06-01 00:00:00] rlm_sqlcounter: Current Time: 1400760565 [2014-05-22 20:09:25], Prev reset 1398873600 [2014-05-01 00:00:00] } modules { # Loaded module rlm_eap # Instantiating module "eap" from file /etc/freeradius/mods-enabled/eap eap { default_eap_type = "md5" timer_expire = 60 ignore_unknown_eap_types = no mod_accounting_username_bug = no max_sessions = 4096 } # Linked to sub-module rlm_eap_md5 # Linked to sub-module rlm_eap_leap # Linked to sub-module rlm_eap_gtc gtc { challenge = "Password: " auth_type = "PAP" } # Linked to sub-module rlm_eap_tls tls { tls = "tls-common" } tls-config tls-common { rsa_key_exchange = no dh_key_exchange = yes rsa_key_length = 512 dh_key_length = 512 verify_depth = 0 ca_path = "/etc/freeradius/certs" pem_file_type = yes private_key_file = "/etc/freeradius/certs/server.pem" certificate_file = "/etc/freeradius/certs/server.pem" ca_file = "/etc/freeradius/certs/ca.pem" private_key_password = "whatever" dh_file = "/etc/freeradius/certs/dh" fragment_size = 1024 include_length = yes check_crl = no cipher_list = "DEFAULT" ecdh_curve = "prime256v1" cache { enable = yes lifetime = 24 max_entries = 255 } verify { } ocsp { enable = no override_cert_url = yes url = "http://127.0.0.1/ocsp/" use_nonce = yes timeout = 0 softfail = yes } } # Linked to sub-module rlm_eap_ttls ttls { tls = "tls-common" default_eap_type = "md5" copy_request_to_tunnel = no use_tunneled_reply = yes virtual_server = "inner-tunnel" include_length = yes require_client_cert = no } Using cached TLS configuration from previous invocation # Loaded module rlm_always # Instantiating module "fail" from file /etc/freeradius/mods-enabled/always always fail { rcode = "fail" simulcount = 0 mpp = no } # Instantiating module "reject" from file /etc/freeradius/mods-enabled/always always reject { rcode = "reject" simulcount = 0 mpp = no } # Instantiating module "noop" from file /etc/freeradius/mods-enabled/always always noop { rcode = "noop" simulcount = 0 mpp = no } # Instantiating module "handled" from file /etc/freeradius/mods-enabled/always always handled { rcode = "handled" simulcount = 0 mpp = no } # Instantiating module "updated" from file /etc/freeradius/mods-enabled/always always updated { rcode = "updated" simulcount = 0 mpp = no } # Instantiating module "notfound" from file /etc/freeradius/mods-enabled/always always notfound { rcode = "notfound" simulcount = 0 mpp = no } # Instantiating module "ok" from file /etc/freeradius/mods-enabled/always always ok { rcode = "ok" simulcount = 0 mpp = no } # Loaded module rlm_dynamic_clients # Instantiating module "dynamic_clients" from file /etc/freeradius/mods-enabled/dynamic_clients # Loaded module rlm_detail # Instantiating module "auth_log" from file /etc/freeradius/mods-enabled/detail.log detail auth_log { filename = "/var/log/freeradius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d" header = "%t" permissions = 384 dir_permissions = 493 locking = no log_packet_header = no } rlm_detail (auth_log): 'User-Password' suppressed, will not appear in detail output # Instantiating module "reply_log" from file /etc/freeradius/mods-enabled/detail.log detail reply_log { filename = "/var/log/freeradius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/reply-detail-%Y%m%d" header = "%t" permissions = 384 dir_permissions = 493 locking = no log_packet_header = no } # Instantiating module "pre_proxy_log" from file /etc/freeradius/mods-enabled/detail.log detail pre_proxy_log { filename = "/var/log/freeradius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/pre-proxy-detail-%Y%m%d" header = "%t" permissions = 384 dir_permissions = 493 locking = no log_packet_header = no } # Instantiating module "post_proxy_log" from file /etc/freeradius/mods-enabled/detail.log detail post_proxy_log { filename = "/var/log/freeradius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/post-proxy-detail-%Y%m%d" header = "%t" permissions = 384 dir_permissions = 493 locking = no log_packet_header = no } # Instantiating module "detail" from file /etc/freeradius/mods-enabled/detail detail { filename = "/var/log/freeradius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/detail-%Y%m%d" header = "%t" permissions = 384 dir_permissions = 493 locking = no log_packet_header = no } # Loaded module rlm_radutmp # Instantiating module "sradutmp" from file /etc/freeradius/mods-enabled/sradutmp radutmp sradutmp { filename = "/var/log/freeradius/sradutmp" username = "%{User-Name}" case_sensitive = yes check_with_nas = yes permissions = 420 caller_id = no } # Loaded module rlm_expiration # Instantiating module "expiration" from file /etc/freeradius/mods-enabled/expiration # Loaded module rlm_preprocess # Instantiating module "preprocess" from file /etc/freeradius/mods-enabled/preprocess preprocess { huntgroups = "/etc/freeradius/mods-config/preprocess/huntgroups" hints = "/etc/freeradius/mods-config/preprocess/hints" with_ascend_hack = no ascend_channels_per_line = 23 with_ntdomain_hack = no with_specialix_jetstream_hack = no with_cisco_vsa_hack = no with_alvarion_vsa_hack = no } reading pairlist file /etc/freeradius/mods-config/preprocess/huntgroups reading pairlist file /etc/freeradius/mods-config/preprocess/hints # Loaded module rlm_logintime # Instantiating module "logintime" from file /etc/freeradius/mods-enabled/logintime logintime { minimum_timeout = 60 } # Loaded module rlm_soh # Instantiating module "soh" from file /etc/freeradius/mods-enabled/soh soh { dhcp = yes } # Loaded module rlm_dhcp # Instantiating module "dhcp" from file /etc/freeradius/mods-enabled/dhcp # Instantiating module "radutmp" from file /etc/freeradius/mods-enabled/radutmp radutmp { filename = "/var/log/freeradius/radutmp" username = "%{User-Name}" case_sensitive = yes check_with_nas = yes permissions = 384 caller_id = yes } # Loaded module rlm_digest # Instantiating module "digest" from file /etc/freeradius/mods-enabled/digest # Loaded module rlm_exec # Instantiating module "exec" from file /etc/freeradius/mods-enabled/exec exec { wait = no input_pairs = "request" shell_escape = yes timeout = 10 } # Instantiating module "echo" from file /etc/freeradius/mods-enabled/echo exec echo { wait = yes program = "/bin/echo %{User-Name}" input_pairs = "request" output_pairs = "reply" shell_escape = yes } # Loaded module rlm_replicate # Instantiating module "replicate" from file /etc/freeradius/mods-enabled/replicate # Loaded module rlm_cache # Instantiating module "cache_eap" from file /etc/freeradius/mods-enabled/cache_eap cache cache_eap { key = "%{%{control:State}:-%{%{reply:State}:-%{State}}}" ttl = 15 max_entries = 16384 epoch = 0 add_stats = no } # Loaded module rlm_linelog # Instantiating module "linelog" from file /etc/freeradius/mods-enabled/linelog linelog { filename = "/var/log/freeradius/linelog" permissions = 384 format = "This is a log message for %{User-Name}" reference = "%{%{Packet-Type}:-format}" } # Loaded module rlm_utf8 # Instantiating module "utf8" from file /etc/freeradius/mods-enabled/utf8 # Loaded module rlm_attr_filter # Instantiating module "attr_filter.post-proxy" from file /etc/freeradius/mods-enabled/attr_filter attr_filter attr_filter.post-proxy { filename = "/etc/freeradius/mods-config/attr_filter/post-proxy" key = "%{Realm}" relaxed = no } reading pairlist file /etc/freeradius/mods-config/attr_filter/post-proxy # Instantiating module "attr_filter.pre-proxy" from file /etc/freeradius/mods-enabled/attr_filter attr_filter attr_filter.pre-proxy { filename = "/etc/freeradius/mods-config/attr_filter/pre-proxy" key = "%{Realm}" relaxed = no } reading pairlist file /etc/freeradius/mods-config/attr_filter/pre-proxy # Instantiating module "attr_filter.access_reject" from file /etc/freeradius/mods-enabled/attr_filter attr_filter attr_filter.access_reject { filename = "/etc/freeradius/mods-config/attr_filter/access_reject" key = "%{User-Name}" relaxed = no } reading pairlist file /etc/freeradius/mods-config/attr_filter/access_reject # Instantiating module "attr_filter.access_challenge" from file /etc/freeradius/mods-enabled/attr_filter attr_filter attr_filter.access_challenge { filename = "/etc/freeradius/mods-config/attr_filter/access_challenge" key = "%{User-Name}" relaxed = no } reading pairlist file /etc/freeradius/mods-config/attr_filter/access_challenge # Instantiating module "attr_filter.accounting_response" from file /etc/freeradius/mods-enabled/attr_filter attr_filter attr_filter.accounting_response { filename = "/etc/freeradius/mods-config/attr_filter/accounting_response" key = "%{User-Name}" relaxed = no } reading pairlist file /etc/freeradius/mods-config/attr_filter/accounting_response # Loaded module rlm_chap # Instantiating module "chap" from file /etc/freeradius/mods-enabled/chap # Loaded module rlm_realm # Instantiating module "IPASS" from file /etc/freeradius/mods-enabled/realm realm IPASS { format = "prefix" delimiter = "/" ignore_default = no ignore_null = no } # Instantiating module "suffix" from file /etc/freeradius/mods-enabled/realm realm suffix { format = "suffix" delimiter = "@" ignore_default = no ignore_null = no } # Instantiating module "realmpercent" from file /etc/freeradius/mods-enabled/realm realm realmpercent { format = "suffix" delimiter = "%" ignore_default = no ignore_null = no } # Instantiating module "ntdomain" from file /etc/freeradius/mods-enabled/realm realm ntdomain { format = "prefix" delimiter = "\" ignore_default = no ignore_null = no } # Loaded module rlm_passwd # Instantiating module "etc_passwd" from file /etc/freeradius/mods-enabled/passwd passwd etc_passwd { filename = "/etc/passwd" format = "*User-Name:Crypt-Password:" delimiter = ":" ignore_nislike = no ignore_empty = yes allow_multiple_keys = no hash_size = 100 } rlm_passwd: nfields: 3 keyfield 0(User-Name) listable: no # Instantiating module "ntlm_auth" from file /etc/freeradius/mods-enabled/ntlm_auth exec ntlm_auth { wait = yes program = "/path/to/ntlm_auth --request-nt-key --domain=MYDOMAIN --username=%{mschap:User-Name} --password=%{User-Password}" shell_escape = yes } # Loaded module rlm_sql # Instantiating module "sql" from file /etc/freeradius/mods-enabled/sql sql { driver = "rlm_sql_mysql" server = "localhost" port = "3306" login = "radius" password = "fheman" radius_db = "radius" read_groups = yes read_clients = yes delete_stale_sessions = yes sql_user_name = "%{User-Name}" default_user_profile = "" client_query = "SELECT id, nasname, shortname, type, secret, server FROM nas" authorize_check_query = "SELECT id, username, attribute, value, op FROM radcheck WHERE username = '%{SQL-User-Name}' ORDER BY id" authorize_reply_query = "SELECT id, username, attribute, value, op FROM radreply WHERE username = '%{SQL-User-Name}' ORDER BY id" authorize_group_check_query = "SELECT id, groupname, attribute, Value, op FROM radgroupcheck WHERE groupname = '%{Sql-Group}' ORDER BY id" authorize_group_reply_query = "SELECT id, groupname, attribute, value, op FROM radgroupreply WHERE groupname = '%{Sql-Group}' ORDER BY id" group_membership_query = "SELECT groupname FROM radusergroup WHERE username = '%{SQL-User-Name}' ORDER BY priority" simul_count_query = "SELECT COUNT(*) FROM radacct WHERE username = '%{SQL-User-Name}' AND acctstoptime IS NULL" simul_verify_query = "SELECT radacctid, acctsessionid, username, nasipaddress, nasportid, framedipaddress, callingstationid, framedprotocol FROM radacct WHERE username = '%{SQL-User-Name}' AND acctstoptime IS NULL" safe_characters = "@abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789.-_: /" } accounting { reference = "%{tolower:type.%{Acct-Status-Type}.query}" } post-auth { reference = ".query" } mysql { tls { } } rlm_sql (sql): Driver rlm_sql_mysql (module rlm_sql_mysql) loaded and linked rlm_sql (sql): Attempting to connect to database "radius" rlm_sql (sql): Initialising connection pool pool { start = 5 min = 4 max = 10 spare = 3 uses = 0 lifetime = 0 cleanup_delay = 5 idle_timeout = 60 spread = no } rlm_sql (sql): Opening additional connection (0) rlm_sql_mysql: Starting connect to MySQL server rlm_sql (sql): Opening additional connection (1) rlm_sql_mysql: Starting connect to MySQL server rlm_sql (sql): Opening additional connection (2) rlm_sql_mysql: Starting connect to MySQL server rlm_sql (sql): Opening additional connection (3) rlm_sql_mysql: Starting connect to MySQL server rlm_sql (sql): Opening additional connection (4) rlm_sql_mysql: Starting connect to MySQL server rlm_sql (sql): Processing generate_sql_clients rlm_sql (sql) in generate_sql_clients: query is SELECT id, nasname, shortname, type, secret, server FROM nas rlm_sql (sql): Reserved connection (4) rlm_sql (sql): Executing query: 'SELECT id, nasname, shortname, type, secret, server FROM nas' rlm_sql (sql): Adding client 192.1 (adfa) to global clients list rlm_sql (192.0.0.1): Client "adfa" (sql) added rlm_sql (sql): Released connection (4) # Instantiating module "dailycounter" from file /etc/freeradius/mods-enabled/sqlcounter sqlcounter dailycounter { sql_module_instance = "sql" key = "User-Name" query = "SELECT IFNULL(TIME_TO_SEC(TIMEDIFF(NOW(), MIN(AcctStartTime))),0) FROM `radacct` WHERE UserName='%{User-Name}' ORDER BY AcctStartTime LIMIT 1;" reset = "daily" counter_name = "Daily-Session-Time" check_name = "Max-Daily-Session" reply_name = "Session-Timeout" } rlm_sqlcounter: Current Time: 1400760566 [2014-05-22 20:09:26], Next reset 1400774400 [2014-05-23 00:00:00] rlm_sqlcounter: Current Time: 1400760566 [2014-05-22 20:09:26], Prev reset 1400688000 [2014-05-22 00:00:00] # Loaded module rlm_pap # Instantiating module "pap" from file /etc/freeradius/mods-enabled/pap pap { auto_header = yes normalise = yes } # Loaded module rlm_perl # Instantiating module "perl" from file /etc/freeradius/mods-enabled/perl perl { filename = "/etc/freeradius/mods-config/perl/example.pl" func_authorize = "authorize" func_authenticate = "authenticate" func_post_auth = "post_auth" func_accounting = "accounting" func_preacct = "preacct" func_checksimul = "checksimul" func_detach = "detach" func_xlat = "xlat" func_pre_proxy = "pre_proxy" func_post_proxy = "post_proxy" func_recv_coa = "recv_coa" func_send_coa = "send_coa" } # Loaded module rlm_files # Instantiating module "files" from file /etc/freeradius/mods-enabled/files files { filename = "/etc/freeradius/mods-config/files/authorize" usersfile = "/etc/freeradius/mods-config/files/authorize" acctusersfile = "/etc/freeradius/mods-config/files/accounting" preproxy_usersfile = "/etc/freeradius/mods-config/files/pre-proxy" compat = "no" } reading pairlist file /etc/freeradius/mods-config/files/authorize reading pairlist file /etc/freeradius/mods-config/files/authorize reading pairlist file /etc/freeradius/mods-config/files/accounting reading pairlist file /etc/freeradius/mods-config/files/pre-proxy # Loaded module rlm_expr # Instantiating module "expr" from file /etc/freeradius/mods-enabled/expr expr { safe_characters = "@abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789.-_: /" } # Loaded module rlm_unix # Instantiating module "unix" from file /etc/freeradius/mods-enabled/unix unix { radwtmp = "/var/log/freeradius/radwtmp" } # Loaded module rlm_mschap # Instantiating module "mschap" from file /etc/freeradius/mods-enabled/mschap mschap { use_mppe = yes require_encryption = no require_strong = no with_ntdomain_hack = yes passchange { } allow_retry = yes } } # modules radiusd: #### Loading Virtual Servers #### server { # from file /etc/freeradius/radiusd.conf } # server server coa { # from file /etc/freeradius/sites-enabled/coa # Loading recv-coa {...} # Loading send-coa {...} } # server coa server inner-tunnel { # from file /etc/freeradius/sites-enabled/inner-tunnel # Loading authenticate {...} # Loading authorize {...} WARNING: Ignoring "ldap" (see raddb/mods-available/README.rst) # Loading session {...} # Loading post-proxy {...} # Loading post-auth {...} } # server inner-tunnel server default { # from file /etc/freeradius/sites-enabled/default # Creating Auth-Type = digest # Loading authenticate {...} # Loading authorize {...} # Loading preacct {...} # Loading virtual module acct_unique # Loading accounting {...} # Loading session {...} # Loading post-proxy {...} # Loading post-auth {...} # Loading virtual module remove_reply_message_if_eap # Loading virtual module remove_reply_message_if_eap } # server default radiusd: #### Opening IP addresses and Ports #### listen { type = "coa" server = "coa" ipaddr = * port = 3799 } listen { type = "auth" ipaddr = 127.0.0.1 port = 18120 } listen { type = "auth" ipaddr = * port = 135 limit { max_connections = 16 lifetime = 0 idle_timeout = 30 } } listen { type = "acct" ipaddr = * port = 139 limit { max_connections = 16 lifetime = 0 idle_timeout = 30 } } Listening on coa address * port 3799 as server coa Listening on auth address 127.0.0.1 port 18120 as server inner-tunnel Listening on auth address * port 135 as server default Listening on acct address * port 139 as server default Ready to process requests. rad_recv: Access-Request packet from host 27.33.228.125 port 44994, id=185, length=208 Service-Type = Framed-User Framed-MTU = 1400 User-Name = 'bob' NAS-Port-Id = 'wlan4' NAS-Port-Type = Wireless-802.11 Acct-Session-Id = '8280001c' Acct-Multi-Session-Id = '02-0C-42-B7-A9-5E-D0-22-BE-BA-2A-1E-82-80-00-00-00-00-00-1A' Calling-Station-Id = 'D0-22-BE-BA-2A-1E' Called-Station-Id = '02-0C-42-B7-A9-5E:HOME' EAP-Message = 0x0200000801626f62 Message-Authenticator = 0xa38ab6388cd8e705c5d68cda4f72c469 NAS-Identifier = 'MikroTik' NAS-IP-Address = 27.33.228.125 (0) # Executing section authorize from file /etc/freeradius/sites-enabled/default (0) authorize { (0) ? if (User-Name) (0) ? if (User-Name) -> TRUE (0) if (User-Name) { (0) expand: "%{User-Name}" -> 'bob' (0) SQL-User-Name set to 'bob' rlm_sql (sql): Reserved connection (4) rlm_sql (sql): Executing query: 'UPDATE radacct set AcctStopTime=ADDDATE(AcctStartTime,INTERVAL AcctSessionTime SECOND), AcctTerminateCause='Clear-Stale Session' WHERE UserName='bob' and CallingStationId='D0-22-BE-BA-2A-1E' and AcctStopTime is null' (0) SQL query affected no rows rlm_sql (sql): Released connection (4) rlm_sql (sql): Closing connection (0): Too many free connections (5 > 3) rlm_sql_mysql: Socket destructor called, closing socket (0) expand: "%{sql:UPDATE radacct set AcctStopTime=ADDDATE(AcctStartTime,INTERVAL AcctSessionTime SECOND), AcctTerminateCause='Clear-Stale Session' WHERE UserName='%{User-Name}' and CallingStationId='%{Calling-Station-Id}' and AcctStopTime is null}" -> '' (0) } # if (User-Name) = notfound (0) [preprocess] = ok (0) [chap] = noop (0) [mschap] = noop (0) eap : EAP packet type response id 0 length 8 (0) eap : EAP-Identity reply, returning 'ok' so we can short-circuit the rest of authorize (0) [eap] = ok (0) } # authorize = ok (0) Found Auth-Type = EAP (0) # Executing group from file /etc/freeradius/sites-enabled/default (0) authenticate { (0) eap : Peer sent Identity (1) (0) eap : Calling eap_md5 to process EAP data rlm_eap_md5: Issuing Challenge (0) eap : New EAP session, adding 'State' attribute to reply 0x81ba6a5e81bb6ebf (0) [eap] = handled (0) } # authenticate = handled Sending Access-Challenge of id 185 from 10.1.1.2 port 135 to 27.33.228.125 port 44994 EAP-Message = 0x010100160410386b349f3aaaa37037c92729bc97dce3 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x81ba6a5e81bb6ebfba73ebc70ca94f60 (0) Finished request 0. Waking up in 0.3 seconds. rad_recv: Access-Request packet from host 27.33.228.125 port 55150, id=186, length=224 Service-Type = Framed-User Framed-MTU = 1400 User-Name = 'bob' State = 0x81ba6a5e81bb6ebfba73ebc70ca94f60 NAS-Port-Id = 'wlan4' NAS-Port-Type = Wireless-802.11 Acct-Session-Id = '8280001c' Acct-Multi-Session-Id = '02-0C-42-B7-A9-5E-D0-22-BE-BA-2A-1E-82-80-00-00-00-00-00-1A' Calling-Station-Id = 'D0-22-BE-BA-2A-1E' Called-Station-Id = '02-0C-42-B7-A9-5E:HOME' EAP-Message = 0x020100060315 Message-Authenticator = 0xfb2ac4e3ab7aae1f8142af01fc0f5667 NAS-Identifier = 'MikroTik' NAS-IP-Address = 27.33.228.125 (1) # Executing section authorize from file /etc/freeradius/sites-enabled/default (1) authorize { (1) ? if (User-Name) (1) ? if (User-Name) -> TRUE (1) if (User-Name) { (1) expand: "%{User-Name}" -> 'bob' (1) SQL-User-Name set to 'bob' rlm_sql (sql): Reserved connection (4) rlm_sql (sql): Executing query: 'UPDATE radacct set AcctStopTime=ADDDATE(AcctStartTime,INTERVAL AcctSessionTime SECOND), AcctTerminateCause='Clear-Stale Session' WHERE UserName='bob' and CallingStationId='D0-22-BE-BA-2A-1E' and AcctStopTime is null' (1) SQL query affected no rows rlm_sql (sql): Released connection (4) (1) expand: "%{sql:UPDATE radacct set AcctStopTime=ADDDATE(AcctStartTime,INTERVAL AcctSessionTime SECOND), AcctTerminateCause='Clear-Stale Session' WHERE UserName='%{User-Name}' and CallingStationId='%{Calling-Station-Id}' and AcctStopTime is null}" -> '' (1) } # if (User-Name) = notfound (1) [preprocess] = ok (1) [chap] = noop (1) [mschap] = noop (1) eap : EAP packet type response id 1 length 6 (1) eap : No EAP Start, assuming it's an on-going EAP conversation (1) [eap] = updated (1) [files] = noop (1) sql : expand: "%{User-Name}" -> 'bob' (1) sql : SQL-User-Name set to 'bob' rlm_sql (sql): Reserved connection (4) (1) sql : expand: "SELECT id, username, attribute, value, op FROM radcheck WHERE username = '%{SQL-User-Name}' ORDER BY id" -> 'SELECT id, username, attribute, value, op FROM radcheck WHERE username = 'bob' ORDER BY id' rlm_sql (sql): Executing query: 'SELECT id, username, attribute, value, op FROM radcheck WHERE username = 'bob' ORDER BY id' (1) sql : User found in radcheck table (1) sql : Check items matched (1) sql : expand: "SELECT id, username, attribute, value, op FROM radreply WHERE username = '%{SQL-User-Name}' ORDER BY id" -> 'SELECT id, username, attribute, value, op FROM radreply WHERE username = 'bob' ORDER BY id' rlm_sql (sql): Executing query: 'SELECT id, username, attribute, value, op FROM radreply WHERE username = 'bob' ORDER BY id' (1) sql : User found in radreply table (1) sql : expand: "SELECT groupname FROM radusergroup WHERE username = '%{SQL-User-Name}' ORDER BY priority" -> 'SELECT groupname FROM radusergroup WHERE username = 'bob' ORDER BY priority' rlm_sql (sql): Executing query: 'SELECT groupname FROM radusergroup WHERE username = 'bob' ORDER BY priority' rlm_sql (sql): Released connection (4) (1) [-sql] = ok (1) [expiration] = noop (1) [logintime] = noop (1) WARNING: pap : Auth-Type already set. Not setting to PAP (1) [pap] = noop (1) monthlycounter : Entering module authorize code (1) monthlycounter : Could not find Check item value pair (1) [monthlycounter] = noop (1) } # authorize = updated (1) Found Auth-Type = EAP (1) # Executing group from file /etc/freeradius/sites-enabled/default (1) authenticate { (1) eap : Expiring EAP session with state 0x81ba6a5e81bb6ebf (1) eap : Finished EAP session with state 0x81ba6a5e81bb6ebf (1) eap : Previous EAP request found for state 0x81ba6a5e81bb6ebf, released from the list (1) eap : Peer sent NAK (3) (1) eap : Found mutually acceptable type TTLS (21) (1) eap : Calling eap_ttls to process EAP data (1) eap_ttls : Flushing SSL sessions (of #0) (1) eap_ttls : Initiate (1) eap_ttls : Start returned 1 (1) eap : New EAP session, adding 'State' attribute to reply 0x81ba6a5e80b87fbf (1) [eap] = handled (1) } # authenticate = handled Sending Access-Challenge of id 186 from 10.1.1.2 port 135 to 27.33.228.125 port 55150 Mikrotik-Recv-Limit = 2097152 EAP-Message = 0x010200061520 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x81ba6a5e80b87fbfba73ebc70ca94f60 (1) Finished request 1. Waking up in 0.2 seconds. rad_recv: Access-Request packet from host 27.33.228.125 port 35287, id=187, length=422 Service-Type = Framed-User Framed-MTU = 1400 User-Name = 'bob' State = 0x81ba6a5e80b87fbfba73ebc70ca94f60 NAS-Port-Id = 'wlan4' NAS-Port-Type = Wireless-802.11 Acct-Session-Id = '8280001c' Acct-Multi-Session-Id = '02-0C-42-B7-A9-5E-D0-22-BE-BA-2A-1E-82-80-00-00-00-00-00-1A' Calling-Station-Id = 'D0-22-BE-BA-2A-1E' Called-Station-Id = '02-0C-42-B7-A9-5E:HOME' EAP-Message = 0x020200cc150016030100c1010000bd0301537de904c5fdc558e4509d95842d969bf50fe0b6042f6944dd63c98342bf30fa000054c014c00ac022c02100390038c00fc0050035c012c008c01cc01b00160013c00dc003000ac013c009c01fc01e00330032c00ec004002fc011c007c00cc002000500040015001200090014001100080006000300ff01000040000b000403000102000a00340032000e000d0019000b000c00180009000a00160017000800060007001400150004000500120013000100020003000f00100011 Message-Authenticator = 0xc8ae4cda15c77a21410197b95922c790 NAS-Identifier = 'MikroTik' NAS-IP-Address = 27.33.228.125 (2) # Executing section authorize from file /etc/freeradius/sites-enabled/default (2) authorize { (2) ? if (User-Name) (2) ? if (User-Name) -> TRUE (2) if (User-Name) { (2) expand: "%{User-Name}" -> 'bob' (2) SQL-User-Name set to 'bob' rlm_sql (sql): Reserved connection (4) rlm_sql (sql): Executing query: 'UPDATE radacct set AcctStopTime=ADDDATE(AcctStartTime,INTERVAL AcctSessionTime SECOND), AcctTerminateCause='Clear-Stale Session' WHERE UserName='bob' and CallingStationId='D0-22-BE-BA-2A-1E' and AcctStopTime is null' (2) SQL query affected no rows rlm_sql (sql): Released connection (4) (2) expand: "%{sql:UPDATE radacct set AcctStopTime=ADDDATE(AcctStartTime,INTERVAL AcctSessionTime SECOND), AcctTerminateCause='Clear-Stale Session' WHERE UserName='%{User-Name}' and CallingStationId='%{Calling-Station-Id}' and AcctStopTime is null}" -> '' (2) } # if (User-Name) = notfound (2) [preprocess] = ok (2) [chap] = noop (2) [mschap] = noop (2) eap : EAP packet type response id 2 length 204 (2) eap : Continuing tunnel setup. (2) [eap] = ok (2) } # authorize = ok (2) Found Auth-Type = EAP (2) # Executing group from file /etc/freeradius/sites-enabled/default (2) authenticate { (2) eap : Expiring EAP session with state 0x81ba6a5e80b87fbf (2) eap : Finished EAP session with state 0x81ba6a5e80b87fbf (2) eap : Previous EAP request found for state 0x81ba6a5e80b87fbf, released from the list (2) eap : Peer sent TTLS (21) (2) eap : EAP TTLS (21) (2) eap : Calling eap_ttls to process EAP data (2) eap_ttls : Authenticate (2) eap_ttls : processing EAP-TLS (2) eap_ttls : eaptls_verify returned 7 (2) eap_ttls : Done initial handshake (2) eap_ttls : (other): before/accept initialization (2) eap_ttls : TLS_accept: before/accept initialization (2) eap_ttls : <<< TLS 1.0 Handshake [length 00c1], ClientHello (2) eap_ttls : TLS_accept: SSLv3 read client hello A (2) eap_ttls : >>> TLS 1.0 Handshake [length 0059], ServerHello (2) eap_ttls : TLS_accept: SSLv3 write server hello A (2) eap_ttls : >>> TLS 1.0 Handshake [length 08d0], Certificate (2) eap_ttls : TLS_accept: SSLv3 write certificate A (2) eap_ttls : >>> TLS 1.0 Handshake [length 014b], ServerKeyExchange (2) eap_ttls : TLS_accept: SSLv3 write key exchange A (2) eap_ttls : >>> TLS 1.0 Handshake [length 0004], ServerHelloDone (2) eap_ttls : TLS_accept: SSLv3 write server done A (2) eap_ttls : TLS_accept: SSLv3 flush data (2) eap_ttls : TLS_accept: Need to read more data: SSLv3 read client certificate A In SSL Handshake Phase In SSL Accept mode (2) eap_ttls : eaptls_process returned 13 (2) eap : New EAP session, adding 'State' attribute to reply 0x81ba6a5e83b97fbf (2) [eap] = handled (2) } # authenticate = handled Sending Access-Challenge of id 187 from 10.1.1.2 port 135 to 27.33.228.125 port 35287 EAP-Message = Message-Authenticator = 0x00000000000000000000000000000000 State = 0x81ba6a5e83b97fbfba73ebc70ca94f60 (2) Finished request 2. Waking up in 0.1 seconds. rad_recv: Access-Request packet from host 27.33.228.125 port 41903, id=188, length=224 Service-Type = Framed-User Framed-MTU = 1400 User-Name = 'bob' State = 0x81ba6a5e83b97fbfba73ebc70ca94f60 NAS-Port-Id = 'wlan4' NAS-Port-Type = Wireless-802.11 Acct-Session-Id = '8280001c' Acct-Multi-Session-Id = '02-0C-42-B7-A9-5E-D0-22-BE-BA-2A-1E-82-80-00-00-00-00-00-1A' Calling-Station-Id = 'D0-22-BE-BA-2A-1E' Called-Station-Id = '02-0C-42-B7-A9-5E:HOME' EAP-Message = 0x020300061500 Message-Authenticator = 0x5a45ccbbcad2a5b1a4e35bde5428bbec NAS-Identifier = 'MikroTik' NAS-IP-Address = 27.33.228.125 (3) # Executing section authorize from file /etc/freeradius/sites-enabled/default (3) authorize { (3) ? if (User-Name) (3) ? if (User-Name) -> TRUE (3) if (User-Name) { (3) expand: "%{User-Name}" -> 'bob' (3) SQL-User-Name set to 'bob' rlm_sql (sql): Reserved connection (4) rlm_sql (sql): Executing query: 'UPDATE radacct set AcctStopTime=ADDDATE(AcctStartTime,INTERVAL AcctSessionTime SECOND), AcctTerminateCause='Clear-Stale Session' WHERE UserName='bob' and CallingStationId='D0-22-BE-BA-2A-1E' and AcctStopTime is null' (3) SQL query affected no rows rlm_sql (sql): Released connection (4) (3) expand: "%{sql:UPDATE radacct set AcctStopTime=ADDDATE(AcctStartTime,INTERVAL AcctSessionTime SECOND), AcctTerminateCause='Clear-Stale Session' WHERE UserName='%{User-Name}' and CallingStationId='%{Calling-Station-Id}' and AcctStopTime is null}" -> '' (3) } # if (User-Name) = notfound (3) [preprocess] = ok (3) [chap] = noop (3) [mschap] = noop (3) eap : EAP packet type response id 3 length 6 (3) eap : Continuing tunnel setup. (3) [eap] = ok (3) } # authorize = ok (3) Found Auth-Type = EAP (3) # Executing group from file /etc/freeradius/sites-enabled/default (3) authenticate { (3) eap : Expiring EAP session with state 0x81ba6a5e83b97fbf (3) eap : Finished EAP session with state 0x81ba6a5e83b97fbf (3) eap : Previous EAP request found for state 0x81ba6a5e83b97fbf, released from the list (3) eap : Peer sent TTLS (21) (3) eap : EAP TTLS (21) (3) eap : Calling eap_ttls to process EAP data (3) eap_ttls : Authenticate (3) eap_ttls : processing EAP-TLS (3) eap_ttls : Received TLS ACK (3) eap_ttls : Received TLS ACK (3) eap_ttls : ACK handshake fragment handler (3) eap_ttls : eaptls_verify returned 1 (3) eap_ttls : eaptls_process returned 13 (3) eap : New EAP session, adding 'State' attribute to reply 0x81ba6a5e82be7fbf (3) [eap] = handled (3) } # authenticate = handled Sending Access-Challenge of id 188 from 10.1.1.2 port 135 to 27.33.228.125 port 41903 EAP-Message = Message-Authenticator = 0x00000000000000000000000000000000 State = 0x81ba6a5e82be7fbfba73ebc70ca94f60 (3) Finished request 3. rad_recv: Access-Request packet from host 27.33.228.125 port 40030, id=189, length=224 Service-Type = Framed-User Framed-MTU = 1400 User-Name = 'bob' State = 0x81ba6a5e82be7fbfba73ebc70ca94f60 NAS-Port-Id = 'wlan4' NAS-Port-Type = Wireless-802.11 Acct-Session-Id = '8280001c' Acct-Multi-Session-Id = '02-0C-42-B7-A9-5E-D0-22-BE-BA-2A-1E-82-80-00-00-00-00-00-1A' Calling-Station-Id = 'D0-22-BE-BA-2A-1E' Called-Station-Id = '02-0C-42-B7-A9-5E:HOME' EAP-Message = 0x020400061500 Message-Authenticator = 0xf2d412699a5d16f9db569e1f576bd61d NAS-Identifier = 'MikroTik' NAS-IP-Address = 27.33.228.125 (4) # Executing section authorize from file /etc/freeradius/sites-enabled/default (4) authorize { (4) ? if (User-Name) (4) ? if (User-Name) -> TRUE (4) if (User-Name) { (4) expand: "%{User-Name}" -> 'bob' (4) SQL-User-Name set to 'bob' rlm_sql (sql): Reserved connection (4) rlm_sql (sql): Executing query: 'UPDATE radacct set AcctStopTime=ADDDATE(AcctStartTime,INTERVAL AcctSessionTime SECOND), AcctTerminateCause='Clear-Stale Session' WHERE UserName='bob' and CallingStationId='D0-22-BE-BA-2A-1E' and AcctStopTime is null' (4) SQL query affected no rows rlm_sql (sql): Released connection (4) (4) expand: "%{sql:UPDATE radacct set AcctStopTime=ADDDATE(AcctStartTime,INTERVAL AcctSessionTime SECOND), AcctTerminateCause='Clear-Stale Session' WHERE UserName='%{User-Name}' and CallingStationId='%{Calling-Station-Id}' and AcctStopTime is null}" -> '' (4) } # if (User-Name) = notfound (4) [preprocess] = ok (4) [chap] = noop (4) [mschap] = noop (4) eap : EAP packet type response id 4 length 6 (4) eap : Continuing tunnel setup. (4) [eap] = ok (4) } # authorize = ok (4) Found Auth-Type = EAP (4) # Executing group from file /etc/freeradius/sites-enabled/default (4) authenticate { (4) eap : Expiring EAP session with state 0x81ba6a5e82be7fbf (4) eap : Finished EAP session with state 0x81ba6a5e82be7fbf (4) eap : Previous EAP request found for state 0x81ba6a5e82be7fbf, released from the list (4) eap : Peer sent TTLS (21) (4) eap : EAP TTLS (21) (4) eap : Calling eap_ttls to process EAP data (4) eap_ttls : Authenticate (4) eap_ttls : processing EAP-TLS (4) eap_ttls : Received TLS ACK (4) eap_ttls : Received TLS ACK (4) eap_ttls : ACK handshake fragment handler (4) eap_ttls : eaptls_verify returned 1 (4) eap_ttls : eaptls_process returned 13 (4) eap : New EAP session, adding 'State' attribute to reply 0x81ba6a5e85bf7fbf (4) [eap] = handled (4) } # authenticate = handled Sending Access-Challenge of id 189 from 10.1.1.2 port 135 to 27.33.228.125 port 40030 EAP-Message = Message-Authenticator = 0x00000000000000000000000000000000 State = 0x81ba6a5e85bf7fbfba73ebc70ca94f60 (4) Finished request 4. rad_recv: Access-Request packet from host 27.33.228.125 port 53992, id=190, length=358 Service-Type = Framed-User Framed-MTU = 1400 User-Name = 'bob' State = 0x81ba6a5e85bf7fbfba73ebc70ca94f60 NAS-Port-Id = 'wlan4' NAS-Port-Type = Wireless-802.11 Acct-Session-Id = '8280001c' Acct-Multi-Session-Id = '02-0C-42-B7-A9-5E-D0-22-BE-BA-2A-1E-82-80-00-00-00-00-00-1A' Calling-Station-Id = 'D0-22-BE-BA-2A-1E' Called-Station-Id = '02-0C-42-B7-A9-5E:HOME' EAP-Message = 0x0205008c15001603010046100000424104309535fb07e2701a66c4ce6bc6895a5ae629aeff3e6a4a459b57d3da847ff7d2e7ff0a675586bd5c0f22a8cde2cb06d29476b8d95a3028528a636853ff1db052140301000101160301003002913ad92cb4936b9d161e38f7fb9eadaa2ee5608a240ad495666a8f90a750fbed5d89f5719d2d8fb6856a5e1d542e6b Message-Authenticator = 0x5869e26b8b33cb85f5fdc956d55aeaed NAS-Identifier = 'MikroTik' NAS-IP-Address = 27.33.228.125 (5) # Executing section authorize from file /etc/freeradius/sites-enabled/default (5) authorize { (5) ? if (User-Name) (5) ? if (User-Name) -> TRUE (5) if (User-Name) { (5) expand: "%{User-Name}" -> 'bob' (5) SQL-User-Name set to 'bob' rlm_sql (sql): Reserved connection (4) rlm_sql (sql): Executing query: 'UPDATE radacct set AcctStopTime=ADDDATE(AcctStartTime,INTERVAL AcctSessionTime SECOND), AcctTerminateCause='Clear-Stale Session' WHERE UserName='bob' and CallingStationId='D0-22-BE-BA-2A-1E' and AcctStopTime is null' (5) SQL query affected no rows rlm_sql (sql): Released connection (4) rlm_sql (sql): Closing connection (1): Too many free connections (4 > 3) rlm_sql_mysql: Socket destructor called, closing socket (5) expand: "%{sql:UPDATE radacct set AcctStopTime=ADDDATE(AcctStartTime,INTERVAL AcctSessionTime SECOND), AcctTerminateCause='Clear-Stale Session' WHERE UserName='%{User-Name}' and CallingStationId='%{Calling-Station-Id}' and AcctStopTime is null}" -> '' (5) } # if (User-Name) = notfound (5) [preprocess] = ok (5) [chap] = noop (5) [mschap] = noop (5) eap : EAP packet type response id 5 length 140 (5) eap : Continuing tunnel setup. (5) [eap] = ok (5) } # authorize = ok (5) Found Auth-Type = EAP (5) # Executing group from file /etc/freeradius/sites-enabled/default (5) authenticate { (5) eap : Expiring EAP session with state 0x81ba6a5e85bf7fbf (5) eap : Finished EAP session with state 0x81ba6a5e85bf7fbf (5) eap : Previous EAP request found for state 0x81ba6a5e85bf7fbf, released from the list (5) eap : Peer sent TTLS (21) (5) eap : EAP TTLS (21) (5) eap : Calling eap_ttls to process EAP data (5) eap_ttls : Authenticate (5) eap_ttls : processing EAP-TLS (5) eap_ttls : eaptls_verify returned 7 (5) eap_ttls : Done initial handshake (5) eap_ttls : <<< TLS 1.0 Handshake [length 0046], ClientKeyExchange (5) eap_ttls : TLS_accept: SSLv3 read client key exchange A (5) eap_ttls : <<< TLS 1.0 ChangeCipherSpec [length 0001] (5) eap_ttls : <<< TLS 1.0 Handshake [length 0010], Finished (5) eap_ttls : TLS_accept: SSLv3 read finished A (5) eap_ttls : >>> TLS 1.0 ChangeCipherSpec [length 0001] (5) eap_ttls : TLS_accept: SSLv3 write change cipher spec A (5) eap_ttls : >>> TLS 1.0 Handshake [length 0010], Finished (5) eap_ttls : TLS_accept: SSLv3 write finished A (5) eap_ttls : TLS_accept: SSLv3 flush data SSL: adding session 7baa9025a99eba7e87a2af6a9333a1f09414b6a5afb49019e841afcf329d5a65 to cache (5) eap_ttls : (other): SSL negotiation finished successfully SSL Connection Established (5) eap_ttls : eaptls_process returned 13 (5) eap : New EAP session, adding 'State' attribute to reply 0x81ba6a5e84bc7fbf (5) [eap] = handled (5) } # authenticate = handled Sending Access-Challenge of id 190 from 10.1.1.2 port 135 to 27.33.228.125 port 53992 EAP-Message = 0x0106004515800000003b14030100010116030100308286b9eb3241f2ceedaf57e5e0d9352c9a41818de47fe3e583b5252798757eca3c13b3d30950cb5cb96d8fa19d33f8c5 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x81ba6a5e84bc7fbfba73ebc70ca94f60 (5) Finished request 5. rad_recv: Access-Request packet from host 27.33.228.125 port 52005, id=191, length=314 Service-Type = Framed-User Framed-MTU = 1400 User-Name = 'bob' State = 0x81ba6a5e84bc7fbfba73ebc70ca94f60 NAS-Port-Id = 'wlan4' NAS-Port-Type = Wireless-802.11 Acct-Session-Id = '8280001c' Acct-Multi-Session-Id = '02-0C-42-B7-A9-5E-D0-22-BE-BA-2A-1E-82-80-00-00-00-00-00-1A' Calling-Station-Id = 'D0-22-BE-BA-2A-1E' Called-Station-Id = '02-0C-42-B7-A9-5E:HOME' EAP-Message = 0x020600601500170301002083576086deddfaca1b563c1c3f0876f9553109cc75d0a1f13a613435e6f3b7da170301003005a005115d0753845ca4f6596d0d094a1e35423a0985ff684ef4a49d3953c393a7ab417da2df7474972295365a0c69b4 Message-Authenticator = 0xbed74c79231cae37271e75206659bb03 NAS-Identifier = 'MikroTik' NAS-IP-Address = 27.33.228.125 (6) # Executing section authorize from file /etc/freeradius/sites-enabled/default (6) authorize { (6) ? if (User-Name) (6) ? if (User-Name) -> TRUE (6) if (User-Name) { (6) expand: "%{User-Name}" -> 'bob' (6) SQL-User-Name set to 'bob' rlm_sql (sql): Reserved connection (4) rlm_sql (sql): Executing query: 'UPDATE radacct set AcctStopTime=ADDDATE(AcctStartTime,INTERVAL AcctSessionTime SECOND), AcctTerminateCause='Clear-Stale Session' WHERE UserName='bob' and CallingStationId='D0-22-BE-BA-2A-1E' and AcctStopTime is null' (6) SQL query affected no rows rlm_sql (sql): Released connection (4) (6) expand: "%{sql:UPDATE radacct set AcctStopTime=ADDDATE(AcctStartTime,INTERVAL AcctSessionTime SECOND), AcctTerminateCause='Clear-Stale Session' WHERE UserName='%{User-Name}' and CallingStationId='%{Calling-Station-Id}' and AcctStopTime is null}" -> '' (6) } # if (User-Name) = notfound (6) [preprocess] = ok (6) [chap] = noop (6) [mschap] = noop (6) eap : EAP packet type response id 6 length 96 (6) eap : Continuing tunnel setup. (6) [eap] = ok (6) } # authorize = ok (6) Found Auth-Type = EAP (6) # Executing group from file /etc/freeradius/sites-enabled/default (6) authenticate { (6) eap : Expiring EAP session with state 0x81ba6a5e84bc7fbf (6) eap : Finished EAP session with state 0x81ba6a5e84bc7fbf (6) eap : Previous EAP request found for state 0x81ba6a5e84bc7fbf, released from the list (6) eap : Peer sent TTLS (21) (6) eap : EAP TTLS (21) (6) eap : Calling eap_ttls to process EAP data (6) eap_ttls : Authenticate (6) eap_ttls : processing EAP-TLS (6) eap_ttls : eaptls_verify returned 7 (6) eap_ttls : Done initial handshake (6) eap_ttls : eaptls_process returned 7 (6) eap_ttls : Session established. Proceeding to decode tunneled attributes. (6) eap_ttls : Got tunneled request EAP-Message = 0x0200000801626f62 (6) eap_ttls : Got tunneled identity of bob (6) eap_ttls : Setting default EAP type for tunneled EAP session. (6) eap_ttls : Sending tunneled request EAP-Message = 0x0200000801626f62 User-Name = 'bob' server inner-tunnel { (6) # Executing section authorize from file /etc/freeradius/sites-enabled/inner-tunnel (6) authorize { (6) [chap] = noop (6) [mschap] = noop (6) suffix : No '@' in User-Name = "bob", looking up realm NULL (6) suffix : No such realm "NULL" (6) [suffix] = noop (6) update control { (6) Proxy-To-Realm := 'LOCAL' (6) } # update control = noop (6) eap : EAP packet type response id 0 length 8 (6) eap : EAP-Identity reply, returning 'ok' so we can short-circuit the rest of authorize (6) [eap] = ok (6) } # authorize = ok (6) Found Auth-Type = EAP (6) # Executing group from file /etc/freeradius/sites-enabled/inner-tunnel (6) authenticate { (6) eap : Peer sent Identity (1) (6) eap : Calling eap_md5 to process EAP data rlm_eap_md5: Issuing Challenge (6) eap : New EAP session, adding 'State' attribute to reply 0x91c3310d91c235d5 (6) [eap] = handled (6) } # authenticate = handled } # server inner-tunnel (6) eap_ttls : Got tunneled reply code 11 EAP-Message = 0x01010016041020c353d04d0d37820d08116da77ee9c8 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x91c3310d91c235d51e9e39fe7055ddc3 (6) eap_ttls : Got tunneled Access-Challenge (6) eap : New EAP session, adding 'State' attribute to reply 0x81ba6a5e87bd7fbf (6) [eap] = handled (6) } # authenticate = handled Sending Access-Challenge of id 191 from 10.1.1.2 port 135 to 27.33.228.125 port 52005 EAP-Message = 0x0107004f1580000000451703010040e9ee198cd6ef3134ed9dd4fbcc65449820abdb26cd5ad04045540efefdaea4eadaa13888e5167ce712a48ecd565f827ec2835d4d69b33ab6411ceeaae13b142f Message-Authenticator = 0x00000000000000000000000000000000 State = 0x81ba6a5e87bd7fbfba73ebc70ca94f60 (6) Finished request 6. Waking up in 0.1 seconds. rad_recv: Access-Request packet from host 27.33.228.125 port 45471, id=192, length=330 Service-Type = Framed-User Framed-MTU = 1400 User-Name = 'bob' State = 0x81ba6a5e87bd7fbfba73ebc70ca94f60 NAS-Port-Id = 'wlan4' NAS-Port-Type = Wireless-802.11 Acct-Session-Id = '8280001c' Acct-Multi-Session-Id = '02-0C-42-B7-A9-5E-D0-22-BE-BA-2A-1E-82-80-00-00-00-00-00-1A' Calling-Station-Id = 'D0-22-BE-BA-2A-1E' Called-Station-Id = '02-0C-42-B7-A9-5E:HOME' EAP-Message = 0x0207007015001703010020945e0c05304ec2d9b78e1625adca3bbf681d5ff4c828a24d8f90b09abe2cf9cb1703010040f1ab59c3fbf2dd63cb79eba14cbbe7ac793e624459900409c75b50a237722e302e3d78ef0b8e9e51dae66bc5fd5a4f2858e848063f2f1cbc1b4b44cba37466d4 Message-Authenticator = 0xf56870dbccbc928b277cfb6a6102c37d NAS-Identifier = 'MikroTik' NAS-IP-Address = 27.33.228.125 (7) # Executing section authorize from file /etc/freeradius/sites-enabled/default (7) authorize { (7) ? if (User-Name) (7) ? if (User-Name) -> TRUE (7) if (User-Name) { (7) expand: "%{User-Name}" -> 'bob' (7) SQL-User-Name set to 'bob' rlm_sql (sql): Reserved connection (4) rlm_sql (sql): Executing query: 'UPDATE radacct set AcctStopTime=ADDDATE(AcctStartTime,INTERVAL AcctSessionTime SECOND), AcctTerminateCause='Clear-Stale Session' WHERE UserName='bob' and CallingStationId='D0-22-BE-BA-2A-1E' and AcctStopTime is null' (7) SQL query affected no rows rlm_sql (sql): Released connection (4) (7) expand: "%{sql:UPDATE radacct set AcctStopTime=ADDDATE(AcctStartTime,INTERVAL AcctSessionTime SECOND), AcctTerminateCause='Clear-Stale Session' WHERE UserName='%{User-Name}' and CallingStationId='%{Calling-Station-Id}' and AcctStopTime is null}" -> '' (7) } # if (User-Name) = notfound (7) [preprocess] = ok (7) [chap] = noop (7) [mschap] = noop (7) eap : EAP packet type response id 7 length 112 (7) eap : Continuing tunnel setup. (7) [eap] = ok (7) } # authorize = ok (7) Found Auth-Type = EAP (7) # Executing group from file /etc/freeradius/sites-enabled/default (7) authenticate { (7) eap : Expiring EAP session with state 0x91c3310d91c235d5 (7) eap : Finished EAP session with state 0x81ba6a5e87bd7fbf (7) eap : Previous EAP request found for state 0x81ba6a5e87bd7fbf, released from the list (7) eap : Peer sent TTLS (21) (7) eap : EAP TTLS (21) (7) eap : Calling eap_ttls to process EAP data (7) eap_ttls : Authenticate (7) eap_ttls : processing EAP-TLS (7) eap_ttls : eaptls_verify returned 7 (7) eap_ttls : Done initial handshake (7) eap_ttls : eaptls_process returned 7 (7) eap_ttls : Session established. Proceeding to decode tunneled attributes. (7) eap_ttls : Got tunneled request EAP-Message = 0x0201001604108fb92000173750bfa8c06171db316ce4 (7) eap_ttls : Sending tunneled request EAP-Message = 0x0201001604108fb92000173750bfa8c06171db316ce4 User-Name = 'bob' State = 0x91c3310d91c235d51e9e39fe7055ddc3 server inner-tunnel { (7) # Executing section authorize from file /etc/freeradius/sites-enabled/inner-tunnel (7) authorize { (7) [chap] = noop (7) [mschap] = noop (7) suffix : No '@' in User-Name = "bob", looking up realm NULL (7) suffix : No such realm "NULL" (7) [suffix] = noop (7) update control { (7) Proxy-To-Realm := 'LOCAL' (7) } # update control = noop (7) eap : EAP packet type response id 1 length 22 (7) eap : No EAP Start, assuming it's an on-going EAP conversation (7) [eap] = updated (7) [files] = noop (7) sql : expand: "%{User-Name}" -> 'bob' (7) sql : SQL-User-Name set to 'bob' rlm_sql (sql): Reserved connection (4) (7) sql : expand: "SELECT id, username, attribute, value, op FROM radcheck WHERE username = '%{SQL-User-Name}' ORDER BY id" -> 'SELECT id, username, attribute, value, op FROM radcheck WHERE username = 'bob' ORDER BY id' rlm_sql (sql): Executing query: 'SELECT id, username, attribute, value, op FROM radcheck WHERE username = 'bob' ORDER BY id' (7) sql : User found in radcheck table (7) sql : Check items matched (7) sql : expand: "SELECT id, username, attribute, value, op FROM radreply WHERE username = '%{SQL-User-Name}' ORDER BY id" -> 'SELECT id, username, attribute, value, op FROM radreply WHERE username = 'bob' ORDER BY id' rlm_sql (sql): Executing query: 'SELECT id, username, attribute, value, op FROM radreply WHERE username = 'bob' ORDER BY id' (7) sql : User found in radreply table (7) sql : expand: "SELECT groupname FROM radusergroup WHERE username = '%{SQL-User-Name}' ORDER BY priority" -> 'SELECT groupname FROM radusergroup WHERE username = 'bob' ORDER BY priority' rlm_sql (sql): Executing query: 'SELECT groupname FROM radusergroup WHERE username = 'bob' ORDER BY priority' rlm_sql (sql): Released connection (4) (7) [-sql] = ok (7) [expiration] = noop (7) [logintime] = noop (7) WARNING: pap : Auth-Type already set. Not setting to PAP (7) [pap] = noop (7) } # authorize = updated (7) Found Auth-Type = EAP (7) # Executing group from file /etc/freeradius/sites-enabled/inner-tunnel (7) authenticate { (7) eap : Expiring EAP session with state 0x91c3310d91c235d5 (7) eap : Finished EAP session with state 0x91c3310d91c235d5 (7) eap : Previous EAP request found for state 0x91c3310d91c235d5, released from the list (7) eap : Peer sent MD5 (4) (7) eap : EAP MD5 (4) (7) eap : Calling eap_md5 to process EAP data (7) eap : Freeing handler (7) [eap] = ok (7) } # authenticate = ok (7) # Executing section post-auth from file /etc/freeradius/sites-enabled/inner-tunnel (7) post-auth { (7) sql : expand: ".query" -> '.query' (7) sql : Using query template 'query' rlm_sql (sql): Reserved connection (4) (7) sql : expand: "%{User-Name}" -> 'bob' (7) sql : SQL-User-Name set to 'bob' (7) sql : expand: "INSERT INTO radpostauth (username, pass, reply, authdate) VALUES ( '%{SQL-User-Name}', '%{%{User-Password}:-%{Chap-Password}}', '%{reply:Packet-Type}', '%S')" -> 'INSERT INTO radpostauth (username, pass, reply, authdate) VALUES ( 'bob', '', 'Access-Accept', '2014-05-22 20:09:41')' rlm_sql (sql): Executing query: 'INSERT INTO radpostauth (username, pass, reply, authdate) VALUES ( 'bob', '', 'Access-Accept', '2014-05-22 20:09:41')' rlm_sql (sql): Released connection (4) (7) [-sql] = ok (7) } # post-auth = ok } # server inner-tunnel (7) eap_ttls : Got tunneled reply code 2 Mikrotik-Recv-Limit = 2097152 EAP-Message = 0x03010004 Message-Authenticator = 0x00000000000000000000000000000000 User-Name = 'bob' (7) eap_ttls : Got tunneled Access-Accept (7) eap_ttls : Saving session 7baa9025a99eba7e87a2af6a9333a1f09414b6a5afb49019e841afcf329d5a65 vps 0x14e9fc0 in the cache (7) eap : Freeing handler rlm_eap_ttls: Freeing handler for user bob (7) [eap] = ok (7) } # authenticate = ok (7) # Executing section post-auth from file /etc/freeradius/sites-enabled/default (7) post-auth { (7) sql : expand: ".query" -> '.query' (7) sql : Using query template 'query' rlm_sql (sql): Reserved connection (4) (7) sql : expand: "%{User-Name}" -> 'bob' (7) sql : SQL-User-Name set to 'bob' (7) sql : expand: "INSERT INTO radpostauth (username, pass, reply, authdate) VALUES ( '%{SQL-User-Name}', '%{%{User-Password}:-%{Chap-Password}}', '%{reply:Packet-Type}', '%S')" -> 'INSERT INTO radpostauth (username, pass, reply, authdate) VALUES ( 'bob', '', 'Access-Accept', '2014-05-22 20:09:41')' rlm_sql (sql): Executing query: 'INSERT INTO radpostauth (username, pass, reply, authdate) VALUES ( 'bob', '', 'Access-Accept', '2014-05-22 20:09:41')' rlm_sql (sql): Released connection (4) (7) [-sql] = ok (7) [exec] = noop (7) remove_reply_message_if_eap remove_reply_message_if_eap { (7) ? if (reply:EAP-Message && reply:Reply-Message) (7) ? if (reply:EAP-Message && reply:Reply-Message) -> FALSE (7) else else { (7) [noop] = noop (7) } # else else = noop (7) } # remove_reply_message_if_eap remove_reply_message_if_eap = noop (7) } # post-auth = ok Sending Access-Accept of id 192 from 10.1.1.2 port 135 to 27.33.228.125 port 45471 Mikrotik-Recv-Limit = 2097152 Message-Authenticator = 0x00000000000000000000000000000000 User-Name = 'bob' MS-MPPE-Recv-Key = 0xc394df7a88fe7b8afc3a868eea55c48693a0468edc98419da0152a1f80f504db MS-MPPE-Send-Key = 0xaf69e4399414cb5e73a1191cfd7711bed30f6c8eaa29f3a036e4bd151a000c81 EAP-Message = 0x03070004 (7) Finished request 7. Waking up in 0.1 seconds. rad_recv: Accounting-Request packet from host 27.33.228.125 port 34350, id=193, length=149 Service-Type = Framed-User NAS-Port-Id = 'wlan4' NAS-Port-Type = Wireless-802.11 User-Name = 'bob' Acct-Session-Id = '8280001c' Acct-Multi-Session-Id = '02-0C-42-B7-A9-5E-D0-22-BE-BA-2A-1E-82-80-00-00-00-00-00-1A' Acct-Authentic = RADIUS Acct-Status-Type = Start NAS-Identifier = 'MikroTik' Acct-Delay-Time = 0 NAS-IP-Address = 27.33.228.125 (8) # Executing section preacct from file /etc/freeradius/sites-enabled/default (8) preacct { (8) [preprocess] = ok (8) acct_unique acct_unique { (8) ? if ("%{string:Class}" =~ /ai:([0-9a-f]{32})/i) (8) expand: "%{string:Class}" -> '' (8) ? if ("%{string:Class}" =~ /ai:([0-9a-f]{32})/i) -> FALSE (8) else else { (8) update request { (8) expand: "%{md5:%{User-Name},%{Acct-Session-ID},%{NAS-IP-Address},%{NAS-Identifier},%{NAS-Port-ID},%{NAS-Port}}" -> 'a563b97a0bf65fc39a0509c43bbdb79a' (8) Acct-Unique-Session-Id := "a563b97a0bf65fc39a0509c43bbdb79a" (8) } # update request = noop (8) } # else else = noop (8) } # acct_unique acct_unique = noop (8) suffix : No '@' in User-Name = "bob", looking up realm NULL (8) suffix : No such realm "NULL" (8) [suffix] = noop (8) [files] = noop (8) } # preacct = ok (8) # Executing section accounting from file /etc/freeradius/sites-enabled/default (8) accounting { (8) detail : expand: "/var/log/freeradius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/detail-%Y%m%d" -> '/var/log/freeradius/radacct/27.33.228.125/detail-20140522' (8) detail : /var/log/freeradius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/detail-%Y%m%d expands to /var/log/freeradius/radacct/27.33.228.125/detail-20140522 (8) detail : expand: "%t" -> 'Thu May 22 20:09:41 2014' (8) [detail] = ok (8) sql : expand: "%{tolower:type.%{Acct-Status-Type}.query}" -> 'type.start.query' (8) sql : Using query template 'query' rlm_sql (sql): Reserved connection (4) (8) sql : expand: "%{User-Name}" -> 'bob' (8) sql : SQL-User-Name set to 'bob' (8) sql : expand: "INSERT INTO radacct (acctsessionid, acctuniqueid, username, realm, nasipaddress, nasportid, nasporttype, acctstarttime, acctupdatetime, acctstoptime, acctsessiontime, acctauthentic, connectinfo_start, connectinfo_stop, acctinputoctets, acctoutputoctets, calledstationid, callingstationid, acctterminatecause, servicetype, framedprotocol, framedipaddress) VALUES ('%{Acct-Session-Id}', '%{Acct-Unique-Session-Id}', '%{SQL-User-Name}', '%{Realm}', '%{NAS-IP-Address}', '%{NAS-Port}', '%{NAS-Port-Type}', FROM_UNIXTIME(%{integer:Event-Timestamp}), FROM_UNIXTIME(%{integer:Event-Timestamp}), NULL, '0', '%{Acct-Authentic}', '%{Connect-Info}', '', '0', '0', '%{Called-Station-Id}', '%{Calling-Station-Id}', '', '%{Service-Type}', '%{Framed-Protocol}', '%{Framed-IP-Address}')" -> 'INSERT INTO radacct (acctsessionid, acctuniqueid, username, realm, nasipaddress, nasportid, nasporttype, acctstarttime, acctupdatetime, acctstoptime, acctsessiontime, acctauthentic, connectinfo_start, connectinfo_stop, acctinputoctets, acctoutputoctets, calledstationid, callingstationid, acctterminatecause, servicetype, framedprotocol, framedipaddress) VALUES ('8280001c', 'a563b97a0bf65fc39a0509c43bbdb79a', 'bob', '', '27.33.228.125', '', 'Wireless-802.11', FROM_UNIXTIME(1400760581), FROM_UNIXTIME(1400760581), NULL, '0', 'RADIUS', '', '', '0', '0', '', '', '', 'Framed-User', '', '')' rlm_sql (sql): Executing query: 'INSERT INTO radacct (acctsessionid, acctuniqueid, username, realm, nasipaddress, nasportid, nasporttype, acctstarttime, acctupdatetime, acctstoptime, acctsessiontime, acctauthentic, connectinfo_start, connectinfo_stop, acctinputoctets, acctoutputoctets, calledstationid, callingstationid, acctterminatecause, servicetype, framedprotocol, framedipaddress) VALUES ('8280001c', 'a563b97a0bf65fc39a0509c43bbdb79a', 'bob', '', '27.33.228.125', '', 'Wireless-802.11', FROM_UNIXTIME(1400760581), FROM_UNIXTIME(1400760581), NULL, '0', 'RADIUS', '', '', '0', '0', '', '', '', 'Framed-User', '', '')' rlm_sql (sql): Released connection (4) (8) [-sql] = ok (8) [exec] = noop (8) attr_filter.accounting_response : expand: "%{User-Name}" -> 'bob' (8) attr_filter.accounting_response : Matched entry DEFAULT at line 12 (8) [attr_filter.accounting_response] = updated (8) } # accounting = updated Sending Accounting-Response of id 193 from 10.1.1.2 port 139 to 27.33.228.125 port 34350 (8) Finished request 8. Waking up in 0.1 seconds. Waking up in 0.1 seconds. (8) Cleaning up request packet ID 193 with timestamp +15 Waking up in 3.9 seconds. (0) Cleaning up request packet ID 185 with timestamp +14 (1) Cleaning up request packet ID 186 with timestamp +14 (2) Cleaning up request packet ID 187 with timestamp +14 (3) Cleaning up request packet ID 188 with timestamp +14 Waking up in 0.1 seconds. (4) Cleaning up request packet ID 189 with timestamp +14 Waking up in 0.1 seconds. (5) Cleaning up request packet ID 190 with timestamp +15 (6) Cleaning up request packet ID 191 with timestamp +15 (7) Cleaning up request packet ID 192 with timestamp +15 Ready to process requests.