Hi all We have a strange propmlem with our RADIUS Server. I'm not the RADIUS expert and take over this Server and configuration... :-(
From time to time the users are not able to login, sometime it works and sometime it works only from 1 or 2 accesspopints (we have 10 accesspoints).
Attached you'll find the configuration and a snap from the RADIUS-log in debugmode. Accesspoints are Linksys WRT54GL with Tomato 1.23 We are running FreeRadius 2.0.5 on Gentoo Linux 2.6.27-r27. Could it be if we running FreeRadius on another OS we have less problems ?!? Thanks a lot ! Best wishes, Frank Errormessages from radiusd -X: rad_recv: Access-Request packet from host 10.0.0.15 port 2048, id=6, length=139 User-Name = "hummel.daniel" NAS-IP-Address = 10.0.0.15 Called-Station-Id = "00226b8df369" Calling-Station-Id = "001de03c1333" NAS-Identifier = "00226b8df369" NAS-Port = 28 Framed-MTU = 1400 NAS-Port-Type = Wireless-802.11 EAP-Message = 0x020000120168756d6d656c2e64616e69656c Message-Authenticator = 0xc4150c77c1b15ce73bb23597f026471a +- entering group authorize expand: %{User-Name} -> hummel.daniel rlm_sql (sql): sql_set_user escaped user --> 'hummel.daniel' rlm_sql (sql): Reserving sql socket id: 1 expand: SELECT id, username, attribute, value, op FROM radcheck WHERE username = '%{SQL-User-Name}' ORDER BY id -> SELECT id, username, attribute, value, op FROM radcheck WHERE username = 'hummel.daniel' ORDER BY id rlm_sql (sql): User found in radcheck table expand: SELECT id, username, attribute, value, op FROM radreply WHERE username = '%{SQL-User-Name}' ORDER BY id -> SELECT id, username, attribute, value, op FROM radreply WHERE username = 'hummel.daniel' ORDER BY id expand: SELECT groupname FROM radusergroup WHERE username = '%{SQL-User-Name}' ORDER BY priority -> SELECT groupname FROM radusergroup WHERE username = 'hummel.daniel' ORDER BY priority rlm_sql (sql): Released sql socket id: 1 ++[sql] returns ok ++[files] returns noop ++[mschap] returns noop rlm_eap: EAP packet type response id 0 length 18 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation ++[eap] returns updated rad_check_password: Found Auth-Type EAP auth: type "EAP" +- entering group authenticate rlm_eap: EAP Identity rlm_eap: processing type tls rlm_eap_tls: Initiate rlm_eap_tls: Start returned 1 ++[eap] returns handled Sending Access-Challenge of id 6 to 10.0.0.15 port 2048 EAP-Message = 0x010100061520 Message-Authenticator = 0x00000000000000000000000000000000 State = 0xe01ba3a4e01ab604a48cd5e81844c9b7 Finished request 92. Going to the next request Waking up in 4.9 seconds. rad_recv: Access-Request packet from host 10.0.0.15 port 2048, id=6, length=145 Cleaning up request 92 ID 6 with timestamp +1637 User-Name = "hummel.daniel" NAS-IP-Address = 10.0.0.15 Called-Station-Id = "00226b8df369" Calling-Station-Id = "001de03c1333" NAS-Identifier = "00226b8df369" NAS-Port = 28 Framed-MTU = 1400 State = 0xe01ba3a4e01ab604a48cd5e81844c9b7 NAS-Port-Type = Wireless-802.11 EAP-Message = 0x020100060319 Message-Authenticator = 0x0b24d65028ad5d79b81610cd54488cfa +- entering group authorize expand: %{User-Name} -> hummel.daniel rlm_sql (sql): sql_set_user escaped user --> 'hummel.daniel' rlm_sql (sql): Reserving sql socket id: 0 expand: SELECT id, username, attribute, value, op FROM radcheck WHERE username = '%{SQL-User-Name}' ORDER BY id -> SELECT id, username, attribute, value, op FROM radcheck WHERE username = 'hummel.daniel' ORDER BY id rlm_sql (sql): User found in radcheck table expand: SELECT id, username, attribute, value, op FROM radreply WHERE username = '%{SQL-User-Name}' ORDER BY id -> SELECT id, username, attribute, value, op FROM radreply WHERE username = 'hummel.daniel' ORDER BY id expand: SELECT groupname FROM radusergroup WHERE username = '%{SQL-User-Name}' ORDER BY priority -> SELECT groupname FROM radusergroup WHERE username = 'hummel.daniel' ORDER BY priority rlm_sql (sql): Released sql socket id: 0 ++[sql] returns ok ++[files] returns noop ++[mschap] returns noop rlm_eap: EAP packet type response id 1 length 6 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation ++[eap] returns updated rad_check_password: Found Auth-Type EAP auth: type "EAP" +- entering group authenticate rlm_eap: Request found, released from the list rlm_eap: EAP NAK rlm_eap: EAP-NAK asked for EAP-Type/peap rlm_eap: processing type tls rlm_eap_tls: Initiate rlm_eap_tls: Start returned 1 ++[eap] returns handled Sending Access-Challenge of id 6 to 10.0.0.15 port 2048 EAP-Message = 0x010200061920 Message-Authenticator = 0x00000000000000000000000000000000 State = 0xe01ba3a4e119ba04a48cd5e81844c9b7 Finished request 93. Going to the next request Waking up in 4.9 seconds. rad_recv: Access-Request packet from host 10.0.0.15 port 2048, id=6, length=295 Cleaning up request 93 ID 6 with timestamp +1637 User-Name = "hummel.daniel" NAS-IP-Address = 10.0.0.15 Called-Station-Id = "00226b8df369" Calling-Station-Id = "001de03c1333" NAS-Identifier = "00226b8df369" NAS-Port = 28 Framed-MTU = 1400 State = 0xe01ba3a4e119ba04a48cd5e81844c9b7 NAS-Port-Type = Wireless-802.11 EAP-Message = 0x0202009c198000000092160301008d01000089030149f72cc806e92a43ee6904dca25525651e77e998da5d0ededbd5753bb07ed85220af386935a49b3f5b9c4783516e0333469c78eb2cfad74151d5b753d674ee628c0018002f00350005000ac009c00ac013c01400320038001300040100002800000012001000000d68756d6d656c2e64616e69656c000a00080006001700180019000b00020100 Message-Authenticator = 0xa26fd49f5c488c892a756621fb54de36 +- entering group authorize expand: %{User-Name} -> hummel.daniel rlm_sql (sql): sql_set_user escaped user --> 'hummel.daniel' rlm_sql (sql): Reserving sql socket id: 4 expand: SELECT id, username, attribute, value, op FROM radcheck WHERE username = '%{SQL-User-Name}' ORDER BY id -> SELECT id, username, attribute, value, op FROM radcheck WHERE username = 'hummel.daniel' ORDER BY id rlm_sql (sql): User found in radcheck table expand: SELECT id, username, attribute, value, op FROM radreply WHERE username = '%{SQL-User-Name}' ORDER BY id -> SELECT id, username, attribute, value, op FROM radreply WHERE username = 'hummel.daniel' ORDER BY id expand: SELECT groupname FROM radusergroup WHERE username = '%{SQL-User-Name}' ORDER BY priority -> SELECT groupname FROM radusergroup WHERE username = 'hummel.daniel' ORDER BY priority rlm_sql (sql): Released sql socket id: 4 ++[sql] returns ok ++[files] returns noop ++[mschap] returns noop rlm_eap: EAP packet type response id 2 length 156 rlm_eap: Continuing tunnel setup. ++[eap] returns ok rad_check_password: Found Auth-Type EAP auth: type "EAP" +- entering group authenticate rlm_eap: Request found, released from the list rlm_eap: EAP/peap rlm_eap: processing type peap rlm_eap_peap: Authenticate rlm_eap_tls: processing TLS TLS Length 146 rlm_eap_tls: Length Included eaptls_verify returned 11 (other): before/accept initialization TLS_accept: before/accept initialization rlm_eap_tls: <<< TLS 1.0 Handshake [length 008d], ClientHello TLS_accept: SSLv3 read client hello A rlm_eap_tls: >>> TLS 1.0 Handshake [length 004a], ServerHello TLS_accept: SSLv3 write server hello A rlm_eap_tls: >>> TLS 1.0 Handshake [length 087d], Certificate TLS_accept: SSLv3 write certificate A rlm_eap_tls: >>> TLS 1.0 Handshake [length 0004], ServerHelloDone TLS_accept: SSLv3 write server done A TLS_accept: SSLv3 flush data TLS_accept: Need to read more data: SSLv3 read client certificate A In SSL Handshake Phase In SSL Accept mode eaptls_process returned 13 rlm_eap_peap: EAPTLS_HANDLED ++[eap] returns handled Sending Access-Challenge of id 6 to 10.0.0.15 port 2048 EAP-Message = 0x0103040019c0000008da160301004a02000046030149f71dc1279696bdfc3a39e5703d22d4088664135cd33f3acc30e4f54fe26fe520d50fe4ef8ff0d044ccaf9bae0ff85f02096806a0789312e930c82521d30dd182002f00160301087d0b0008790008760003b5308203b130820299a003020102020101300d06092a864886f70d0101040500308198310b3009060355040613024b53310e300c060355040813054d4e5446533111300f060355040713085355564152454b413111300f060355040a13085357495353434f59312b302906092a864886f70d010901161c434f4d43454e2e5357495353434f59405654472e41444d494e2e4348312630 EAP-Message = 0x240603550403131d5377697373496e74205377697373436f79204365727469666963617465301e170d3038313132363039333731375a170d3039313132363039333731375a308185310b3009060355040613024b53310e300c060355040813054d4e5446533111300f060355040a13085357495353434f59312630240603550403131d5377697373496e74205377697373436f79204365727469666963617465312b302906092a864886f70d010901161c434f4d43454e2e5357495353434f59405654472e41444d494e2e434830820122300d06092a864886f70d01010105000382010f003082010a0282010100a9f605a518d65a8f655d463a3ac5bc EAP-Message = 0xd0cfd1ba53f38d27ff83ffa6b817dee8c36d785ab3ff4073eaa7c083aa5b9e8c5850b2e3e42b19387a41db367dcf83922e36d5a7d3a65161faf295430975d3bfad5a05caed7476df6b7379f5abb50ac3bf5ba5a8e5fcbfeabb909b5eefb6064bdc08a4bb08b2e9b424bcdf78899961b1b589c30ce8844ec2fd1e7bb2f39e6fea73a6c24bd5c5637a6d0252204269ff643c70f4b25ceb139e96ef390ae158a020e8fa2536e267e82061635325f6fffd2efad24fe27138844fbdf0fa3d9e19445edd460967c2b06c27f82054449cde1e9dc4ce1019a0c6a4367a189cbeb6b9327a0d80b51d25711600e3bc9c9e29d3b5c75b0203010001a3173015301306 EAP-Message = 0x03551d25040c300a06082b06010505070301300d06092a864886f70d010104050003820101009be1f41d9e69695373cba465b1b2351da861cbda4a7f2ab090190a4eeb1d34213396a433b5f2b91d2de5fec116446ccbf453a88dccdfb81ca7ecd82009fc8d22d7189db99494c33efd6fb3f0fef7cd936fb84102fc89a2b3358189621396c81739d7a2355602f5e1bd345aedb0418e6c565657811996940234d7c6815a199fcdea7930f351be5b7fd778f15f64ca729059445eab1af1b87c1129b27ae17c14a09c22ae483daf3f7d31bbecc93bbdc057c4a7a4313c65a5b8d3f27cd0a9ce6ce2150db313ea46d435e1fde6725e1d02a62c36d59704dd79 EAP-Message = 0x2828d76b689c221f2176580a Message-Authenticator = 0x00000000000000000000000000000000 State = 0xe01ba3a4e218ba04a48cd5e81844c9b7 Finished request 94. Going to the next request Waking up in 4.9 seconds. rad_recv: Access-Request packet from host 10.0.0.15 port 2048, id=6, length=145 Cleaning up request 94 ID 6 with timestamp +1637 User-Name = "hummel.daniel" NAS-IP-Address = 10.0.0.15 Called-Station-Id = "00226b8df369" Calling-Station-Id = "001de03c1333" NAS-Identifier = "00226b8df369" NAS-Port = 28 Framed-MTU = 1400 State = 0xe01ba3a4e218ba04a48cd5e81844c9b7 NAS-Port-Type = Wireless-802.11 EAP-Message = 0x020300061900 Message-Authenticator = 0xb0cdf7b97da5aa0d76076441bf361fc1 +- entering group authorize expand: %{User-Name} -> hummel.daniel rlm_sql (sql): sql_set_user escaped user --> 'hummel.daniel' rlm_sql (sql): Reserving sql socket id: 3 expand: SELECT id, username, attribute, value, op FROM radcheck WHERE username = '%{SQL-User-Name}' ORDER BY id -> SELECT id, username, attribute, value, op FROM radcheck WHERE username = 'hummel.daniel' ORDER BY id rlm_sql (sql): User found in radcheck table expand: SELECT id, username, attribute, value, op FROM radreply WHERE username = '%{SQL-User-Name}' ORDER BY id -> SELECT id, username, attribute, value, op FROM radreply WHERE username = 'hummel.daniel' ORDER BY id expand: SELECT groupname FROM radusergroup WHERE username = '%{SQL-User-Name}' ORDER BY priority -> SELECT groupname FROM radusergroup WHERE username = 'hummel.daniel' ORDER BY priority rlm_sql (sql): Released sql socket id: 3 ++[sql] returns ok ++[files] returns noop ++[mschap] returns noop rlm_eap: EAP packet type response id 3 length 6 rlm_eap: Continuing tunnel setup. ++[eap] returns ok rad_check_password: Found Auth-Type EAP auth: type "EAP" +- entering group authenticate rlm_eap: Request found, released from the list rlm_eap: EAP/peap rlm_eap: processing type peap rlm_eap_peap: Authenticate rlm_eap_tls: processing TLS rlm_eap_tls: Received EAP-TLS ACK message rlm_eap_tls: ack handshake fragment handler eaptls_verify returned 1 eaptls_process returned 13 rlm_eap_peap: EAPTLS_HANDLED ++[eap] returns handled Radius Configuration: --------------------- FreeRADIUS Version 2.0.5, for host i486-pc-linux-gnu, built on Jan 10 2009 at 23:27:15 Copyright (C) 1999-2008 The FreeRADIUS server project and contributors. There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. You may redistribute copies of FreeRADIUS under the terms of the GNU General Public License v2. Starting - reading configuration files ... including configuration file /etc/raddb/radiusd.conf including configuration file /etc/raddb/clients.conf including configuration file /etc/raddb/eap.conf including configuration file /etc/raddb/sql.conf including configuration file /etc/raddb/sql/mysql/dialup.conf including configuration file /etc/raddb/sql/mysql/counter.conf including dictionary file /etc/raddb/dictionary main { prefix = "/usr" localstatedir = "/var" logdir = "/var/log/radius" libdir = "/usr/lib" radacctdir = "/var/log/radius/radacct" hostname_lookups = no max_request_time = 60 cleanup_delay = 5 max_requests = 51200 allow_core_dumps = no pidfile = "/var/run/radiusd.pid" checkrad = "/usr/sbin/checkrad" debug_level = 0 proxy_requests = yes log { stripped_names = yes auth = yes auth_badpass = yes auth_goodpass = yes } } client 10.0.0.9 { require_message_authenticator = no secret = "xxx" shortname = "TuXp_Test" nastype = "other" } client 10.0.0.10 { require_message_authenticator = no secret = "xxx" shortname = "Casa_A" nastype = "other" } client 10.0.0.11 { require_message_authenticator = no secret = "xxx" shortname = "Casa_B" nastype = "other" } client 10.0.0.12 { require_message_authenticator = no secret = "xxx" shortname = "Casa_C" nastype = "other" } client 10.0.0.13 { require_message_authenticator = no secret = "xxx" shortname = "Casa_D" nastype = "other" } client 10.0.0.14 { require_message_authenticator = no secret = "xxx" shortname = "Casa_E" nastype = "other" } client 10.0.0.15 { require_message_authenticator = no secret = "xxx" shortname = "Casa_F" nastype = "other" } client 10.0.0.16 { require_message_authenticator = no secret = "xxx" shortname = "Casa_G" nastype = "other" } client 10.0.0.17 { require_message_authenticator = no secret = "xxx" shortname = "Casa_H" nastype = "other" } client 10.0.0.18 { require_message_authenticator = no secret = "xxx" shortname = "Casa_I" nastype = "other" } client 10.0.0.19 { require_message_authenticator = no secret = "xxx" shortname = "Casa_J" nastype = "other" } client 127.0.0.1 { require_message_authenticator = no secret = "xxx" shortname = "Local" nastype = "other" } radiusd: #### Loading Realms and Home Servers #### radiusd: #### Instantiating modules #### radiusd: #### Loading Virtual Servers #### server { modules { Module: Checking authenticate {...} for more modules to load Module: Linked to module rlm_mschap Module: Instantiating mschap mschap { use_mppe = yes require_encryption = no require_strong = no with_ntdomain_hack = yes } Module: Linked to module rlm_eap Module: Instantiating eap eap { default_eap_type = "ttls" timer_expire = 90 ignore_unknown_eap_types = no cisco_accounting_username_bug = no } Module: Linked to sub-module rlm_eap_md5 Module: Instantiating eap-md5 Module: Linked to sub-module rlm_eap_mschapv2 Module: Instantiating eap-mschapv2 mschapv2 { with_ntdomain_hack = no } Module: Linked to sub-module rlm_eap_tls Module: Instantiating eap-tls tls { rsa_key_exchange = no dh_key_exchange = yes rsa_key_length = 512 dh_key_length = 512 verify_depth = 0 pem_file_type = yes private_key_file = "/etc/raddb/certs/server.pem" certificate_file = "/etc/raddb/certs/server.pem" CA_file = "/etc/raddb/certs/ca.pem" private_key_password = "ab3z742fg4med" dh_file = "/etc/raddb/certs/dh" random_file = "/etc/raddb/certs/random" fragment_size = 1024 include_length = yes check_crl = no } Module: Linked to sub-module rlm_eap_ttls Module: Instantiating eap-ttls ttls { default_eap_type = "md5" copy_request_to_tunnel = no use_tunneled_reply = no } Module: Linked to sub-module rlm_eap_peap Module: Instantiating eap-peap peap { default_eap_type = "mschapv2" copy_request_to_tunnel = no use_tunneled_reply = no proxy_tunneled_request_as_eap = yes } Module: Checking authorize {...} for more modules to load Module: Linked to module rlm_sql Module: Instantiating sql sql { driver = "rlm_sql_mysql" server = "localhost" port = "" login = "radius" password = "XXXXX" radius_db = "radius" read_groups = yes sqltrace = no sqltracefile = "/var/log/radius/sqltrace.sql" readclients = no deletestalesessions = yes num_sql_socks = 5 sql_user_name = "%{User-Name}" default_user_profile = "" nas_query = "SELECT id, nasname, shortname, type, secret FROM nas" authorize_check_query = "SELECT id, username, attribute, value, op FROM radcheck WHERE username = '%{SQL-User-Name}' ORDER BY id" authorize_reply_query = "SELECT id, username, attribute, value, op FROM radreply WHERE username = '%{SQL-User-Name}' ORDER BY id" authorize_group_check_query = "SELECT id, groupname, attribute, Value, op FROM radgroupcheck WHERE groupname = '%{Sql-Group}' ORDER BY id" authorize_group_reply_query = "SELECT id, groupname, attribute, value, op FROM radgroupreply WHERE groupname = '%{Sql-Group}' ORDER BY id" accounting_onoff_query = " UPDATE radacct SET acctstoptime = '%S', acctsessiontime = unix_timestamp('%S') - unix_timestamp(acctstarttime), acctterminatecause = '%{Acct-Terminate-Cause}', acctstopdelay = %{%{Acct-Delay-Time}:-0} WHERE acctstoptime IS NULL AND nasipaddress = '%{NAS-IP-Address}' AND acctstarttime <= '%S'" accounting_update_query = " UPDATE radacct SET framedipaddress = '%{Framed-IP-Address}', acctsessiontime = '%{Acct-Session-Time}', acctinputoctets = '%{%{Acct-Input-Gigawords}:-0}' << 32 | '%{%{Acct-Input-Octets}:-0}', acctoutputoctets = '%{%{Acct-Output-Gigawords}:-0}' << 32 | '%{%{Acct-Output-Octets}:-0}' WHERE acctsessionid = '%{Acct-Session-Id}' AND username = '%{SQL-User-Name}' AND nasipaddress = '%{NAS-IP-Address}'" accounting_update_query_alt = " INSERT INTO radacct (acctsessionid, acctuniqueid, username, realm, nasipaddress, nasportid, nasporttype, acctstarttime, acctsessiontime, acctauthentic, connectinfo_start, acctinputoctets, acctoutputoctets, calledstationid, callingstationid, servicetype, framedprotocol, framedipaddress, acctstartdelay, xascendsessionsvrkey) VALUES ('%{Acct-Session-Id}', '%{Acct-Unique-Session-Id}', '%{SQL-User-Name}', '%{Realm}', '%{NAS-IP-Address}', '%{NAS-Port}', '%{NAS-Port-Type}', DATE_SUB('%S', INTERVAL (%{%{Acct-Session-Time}:-0} + %{%{Acct-Delay-Time}:-0}) SECOND), '%{Acct-Session-Time}', '%{Acct-Authentic}', '', '%{%{Acct-Input-Gigawords}:-0}' << 32 | '%{%{Acct-Input-Octets}:-0}', '%{%{Acct-Output-Gigawords}:-0}' << 32 | '%{%{Acct-Output-Octets}:-0}', '%{Called-Station-Id}', '%{Calling-Station-Id}', '%{Service-Type}', '%{Framed-Protocol}', '%{Framed-IP-Address}', '0', '%{X-Ascend-Session-Svr-Key}')" accounting_start_query = " INSERT INTO radacct (acctsessionid, acctuniqueid, username, realm, nasipaddress, nasportid, nasporttype, acctstarttime, acctstoptime, acctsessiontime, acctauthentic, connectinfo_start, connectinfo_stop, acctinputoctets, acctoutputoctets, calledstationid, callingstationid, acctterminatecause, servicetype, framedprotocol, framedipaddress, acctstartdelay, acctstopdelay, xascendsessionsvrkey) VALUES ('%{Acct-Session-Id}', '%{Acct-Unique-Session-Id}', '%{SQL-User-Name}', '%{Realm}', '%{NAS-IP-Address}', '%{NAS-Port}', '%{NAS-Port-Type}', '%S', NULL, '0', '%{Acct-Authentic}', '%{Connect-Info}', '', '0', '0', '%{Called-Station-Id}', '%{Calling-Station-Id}', '', '%{Service-Type}', '%{Framed-Protocol}', '%{Framed-IP-Address}', '%{%{Acct-Delay-Time}:-0}', '0', '%{X-Ascend-Session-Svr-Key}')" accounting_start_query_alt = " UPDATE radacct SET acctstarttime = '%S', acctstartdelay = '%{%{Acct-Delay-Time}:-0}', connectinfo_start = '%{Connect-Info}' WHERE acctsessionid = '%{Acct-Session-Id}' AND username = '%{SQL-User-Name}' AND nasipaddress = '%{NAS-IP-Address}'" accounting_stop_query = " UPDATE radacct SET acctstoptime = '%S', acctsessiontime = '%{Acct-Session-Time}', acctinputoctets = '%{%{Acct-Input-Gigawords}:-0}' << 32 | '%{%{Acct-Input-Octets}:-0}', acctoutputoctets = '%{%{Acct-Output-Gigawords}:-0}' << 32 | '%{%{Acct-Output-Octets}:-0}', acctterminatecause = '%{Acct-Terminate-Cause}', acctstopdelay = '%{%{Acct-Delay-Time}:-0}', connectinfo_stop = '%{Connect-Info}' WHERE acctsessionid = '%{Acct-Session-Id}' AND username = '%{SQL-User-Name}' AND nasipaddress = '%{NAS-IP-Address}'" accounting_stop_query_alt = " INSERT INTO radacct (acctsessionid, acctuniqueid, username, realm, nasipaddress, nasportid, nasporttype, acctstarttime, acctstoptime, acctsessiontime, acctauthentic, connectinfo_start, connectinfo_stop, acctinputoctets, acctoutputoctets, calledstationid, callingstationid, acctterminatecause, servicetype, framedprotocol, framedipaddress, acctstartdelay, acctstopdelay) VALUES ('%{Acct-Session-Id}', '%{Acct-Unique-Session-Id}', '%{SQL-User-Name}', '%{Realm}', '%{NAS-IP-Address}', '%{NAS-Port}', '%{NAS-Port-Type}', DATE_SUB('%S', INTERVAL (%{%{Acct-Session-Time}:-0} + %{%{Acct-Delay-Time}:-0}) SECOND), '%S', '%{Acct-Session-Time}', '%{Acct-Authentic}', '', '%{Connect-Info}', '%{%{Acct-Input-Gigawords}:-0}' << 32 | '%{%{Acct-Input-Octets}:-0}', '%{%{Acct-Output-Gigawords}:-0}' << 32 | '%{%{Acct-Output-Octets}:-0}', '%{Called-Station-Id}', '%{Calling-Station-Id}', '%{Acct-Terminate-Cause}', '%{Service-Type}', '%{Framed-Protocol}', '%{Framed-IP-Address}', '0', '%{%{Acct-Delay-Time}:-0}')" group_membership_query = "SELECT groupname FROM radusergroup WHERE username = '%{SQL-User-Name}' ORDER BY priority" connect_failure_retry_delay = 60 simul_count_query = "" simul_verify_query = "SELECT radacctid, acctsessionid, username, nasipaddress, nasportid, framedipaddress, callingstationid, framedprotocol FROM radacct WHERE username = '%{SQL-User-Name}' AND acctstoptime IS NULL" postauth_query = "INSERT INTO userinfo (username, mac, date, tag) VALUES ( '%{User-Name}', '%{Calling-Station-Id}', '%S', '%{Nas-IP-Address}' )" safe-characters = "@abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789.-_: /" } rlm_sql (sql): Driver rlm_sql_mysql (module rlm_sql_mysql) loaded and linked rlm_sql (sql): Attempting to connect to radius@localhost:/radius rlm_sql (sql): starting 0 rlm_sql (sql): Attempting to connect rlm_sql_mysql #0 rlm_sql_mysql: Starting connect to MySQL server for #0 rlm_sql (sql): Connected new DB handle, #0 rlm_sql (sql): starting 1 rlm_sql (sql): Attempting to connect rlm_sql_mysql #1 rlm_sql_mysql: Starting connect to MySQL server for #1 rlm_sql (sql): Connected new DB handle, #1 rlm_sql (sql): starting 2 rlm_sql (sql): Attempting to connect rlm_sql_mysql #2 rlm_sql_mysql: Starting connect to MySQL server for #2 rlm_sql (sql): Connected new DB handle, #2 rlm_sql (sql): starting 3 rlm_sql (sql): Attempting to connect rlm_sql_mysql #3 rlm_sql_mysql: Starting connect to MySQL server for #3 rlm_sql (sql): Connected new DB handle, #3 rlm_sql (sql): starting 4 rlm_sql (sql): Attempting to connect rlm_sql_mysql #4 rlm_sql_mysql: Starting connect to MySQL server for #4 rlm_sql (sql): Connected new DB handle, #4 Module: Linked to module rlm_files Module: Instantiating files files { usersfile = "/etc/raddb/users" compat = "no" } Module: Checking post-auth {...} for more modules to load } } radiusd: #### Opening IP addresses and Ports #### listen { type = "auth" ipaddr = 10.0.0.1 port = 1812 } main { snmp = no smux_password = "" snmp_write_access = no } Listening on authentication address 10.0.0.1 port 1812 Listening on proxy address 10.0.0.1 port 1814 Ready to process requests. rad_recv: Access-Request packet from host 10.0.0.19 port 2048, id=13, length=137 User-Name = "host/WSL-SIR" NAS-IP-Address = 10.0.0.19 Called-Station-Id = "00226b7a37b5" Calling-Station-Id = "00242b2f525b" NAS-Identifier = "00226b7a37b5" NAS-Port = 38 Framed-MTU = 1400 NAS-Port-Type = Wireless-802.11 EAP-Message = 0x0200001101686f73742f57534c2d534952 Message-Authenticator = 0x9fb6b52c90e4c0f844dc91d5fbcea21d +- entering group authorize expand: %{User-Name} -> host/WSL-SIR rlm_sql (sql): sql_set_user escaped user --> 'host/WSL-SIR' rlm_sql (sql): Reserving sql socket id: 4 expand: SELECT id, username, attribute, value, op FROM radcheck WHERE username = '%{SQL-User-Name}' ORDER BY id -> SELECT id, username, attribute, value, op FROM radcheck WHERE username = 'host/WSL-SIR' ORDER BY id expand: SELECT groupname FROM radusergroup WHERE username = '%{SQL-User-Name}' ORDER BY priority -> SELECT groupname FROM radusergroup WHERE username = 'host/WSL-SIR' ORDER BY priority rlm_sql (sql): Released sql socket id: 4 rlm_sql (sql): User host/WSL-SIR not found ++[sql] returns notfound ++[files] returns noop ++[mschap] returns noop rlm_eap: EAP packet type response id 0 length 17 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation ++[eap] returns updated rad_check_password: Found Auth-Type EAP auth: type "EAP" +- entering group authenticate rlm_eap: EAP Identity rlm_eap: processing type tls rlm_eap_tls: Initiate rlm_eap_tls: Start returned 1 ++[eap] returns handled Sending Access-Challenge of id 13 to 10.0.0.19 port 2048 EAP-Message = 0x010100061520 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x9c4fd6cb9c4ec3f5023ff4254ba8f1d5 Finished request 0. Going to the next request Waking up in 4.9 seconds. rad_recv: Access-Request packet from host 10.0.0.19 port 2048, id=13, length=137 Cleaning up request 0 ID 13 with timestamp +234 User-Name = "host/WSL-SIR" NAS-IP-Address = 10.0.0.19 Called-Station-Id = "00226b7a37b5" Calling-Station-Id = "00242b2f525b" NAS-Identifier = "00226b7a37b5" NAS-Port = 38 Framed-MTU = 1400 NAS-Port-Type = Wireless-802.11 EAP-Message = 0x0200001101686f73742f57534c2d534952 Message-Authenticator = 0xe77f186ef1912fceb5fd819815c11fa6 +- entering group authorize expand: %{User-Name} -> host/WSL-SIR rlm_sql (sql): sql_set_user escaped user --> 'host/WSL-SIR' rlm_sql (sql): Reserving sql socket id: 3 expand: SELECT id, username, attribute, value, op FROM radcheck WHERE username = '%{SQL-User-Name}' ORDER BY id -> SELECT id, username, attribute, value, op FROM radcheck WHERE username = 'host/WSL-SIR' ORDER BY id expand: SELECT groupname FROM radusergroup WHERE username = '%{SQL-User-Name}' ORDER BY priority -> SELECT groupname FROM radusergroup WHERE username = 'host/WSL-SIR' ORDER BY priority rlm_sql (sql): Released sql socket id: 3 rlm_sql (sql): User host/WSL-SIR not found ++[sql] returns notfound ++[files] returns noop ++[mschap] returns noop rlm_eap: EAP packet type response id 0 length 17 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation ++[eap] returns updated rad_check_password: Found Auth-Type EAP auth: type "EAP" +- entering group authenticate rlm_eap: EAP Identity rlm_eap: processing type tls rlm_eap_tls: Initiate rlm_eap_tls: Start returned 1 ++[eap] returns handled Sending Access-Challenge of id 13 to 10.0.0.19 port 2048 EAP-Message = 0x010100061520 Message-Authenticator = 0x00000000000000000000000000000000 State = 0xc2248484c2259113db17cab2dbadac35 Finished request 1.