Dear all With free radius 1.1.6 i am getting the following debug messages.Still authnticationi is not happenig [root@anoop raddb]# radiusd -X Starting - reading configuration files ... reread_config: reading radiusd.conf Config: including file: /etc/raddb/proxy.conf Config: including file: /etc/raddb/clients.conf Config: including file: /etc/raddb/snmp.conf Config: including file: /etc/raddb/eap.conf Config: including file: /etc/raddb/sql.conf main: prefix = \"/usr/local\" main: localstatedir = \"/usr/local/var\" main: logdir = \"/usr/local/var/log/radius\" main: libdir = \"/usr/local/lib\" main: radacctdir = \"/usr/local/var/log/radius/radacct\" main: hostname_lookups = no main: snmp = no main: max_request_time = 30 main: cleanup_delay = 5 main: max_requests = 1024 main: delete_blocked_requests = 0 main: port = 0 main: allow_core_dumps = no main: log_stripped_names = no main: log_file = \"/usr/local/var/log/radius/radius.log\" main: log_auth = no main: log_auth_badpass = no main: log_auth_goodpass = no main: pidfile = \"/usr/local/var/run/radiusd/radiusd.pid\" main: user = \"(null)\" main: group = \"(null)\" main: usercollide = no main: lower_user = \"no\" main: lower_pass = \"no\" main: nospace_user = \"no\" main: nospace_pass = \"no\" main: checkrad = \"/usr/local/sbin/checkrad\" main: proxy_requests = yes proxy: retry_delay = 5 proxy: retry_count = 3 proxy: synchronous = no proxy: default_fallback = yes proxy: dead_time = 120 proxy: post_proxy_authorize = no proxy: wake_all_if_all_dead = no security: max_attributes = 200 security: reject_delay = 1 security: status_server = no main: debug_level = 0 read_config_files: reading dictionary read_config_files: reading naslist Using deprecated naslist file. Support for this will go away soon. read_config_files: reading clients read_config_files: reading realms radiusd: entering modules setup Module: Library search path is /usr/local/lib Module: Loaded exec exec: wait = yes exec: program = \"(null)\" exec: input_pairs = \"request\" exec: output_pairs = \"(null)\" exec: packet_type = \"(null)\" rlm_exec: Wait=yes but no output defined. Did you mean output=none? Module: Instantiated exec (exec) Module: Loaded expr Module: Instantiated expr (expr) Module: Loaded System unix: cache = no unix: passwd = \"(null)\" unix: shadow = \"(null)\" unix: group = \"(null)\" unix: radwtmp = \"/usr/local/var/log/radius/radwtmp\" unix: usegroup = no unix: cache_reload = 600 Module: Instantiated unix (unix) Module: Loaded eap eap: default_eap_type = \"tls\" eap: timer_expire = 60 eap: ignore_unknown_eap_types = no eap: cisco_accounting_username_bug = no tls: rsa_key_exchange = no tls: dh_key_exchange = yes tls: rsa_key_length = 512 tls: dh_key_length = 512 tls: verify_depth = 0 tls: CA_path = \"(null)\" tls: pem_file_type = yes tls: private_key_file = \"/etc/1x/07xwifi.pem\" tls: certificate_file = \"/etc/1x/07xwifi.pem\" tls: CA_file = \"/etc/1x/root.pem\" tls: private_key_password = \"password\" tls: dh_file = \"/etc/1x/DH\" tls: random_file = \"/etc/1x/random\" tls: fragment_size = 1024 tls: include_length = yes tls: check_crl = no tls: check_cert_cn = \"(null)\" tls: cipher_list = \"(null)\" tls: check_cert_issuer = \"(null)\" rlm_eap_tls: Loading the certificate file as a chain rlm_eap: Loaded and initialized type tls Module: Instantiated eap (eap) Module: Loaded preprocess preprocess: huntgroups = \"/etc/raddb/huntgroups\" preprocess: hints = \"/etc/raddb/hints\" preprocess: with_ascend_hack = no preprocess: ascend_channels_per_line = 23 preprocess: with_ntdomain_hack = no preprocess: with_specialix_jetstream_hack = no preprocess: with_cisco_vsa_hack = no preprocess: with_alvarion_vsa_hack = no Module: Instantiated preprocess (preprocess) Module: Loaded realm realm: format = \"suffix\" realm: delimiter = \"@\" realm: ignore_default = no realm: ignore_null = no Module: Instantiated realm (suffix) Module: Loaded files files: usersfile = \"/etc/raddb/users\" files: acctusersfile = \"/etc/raddb/acct_users\" files: preproxy_usersfile = \"/etc/raddb/preproxy_users\" files: compat = \"no\" Module: Instantiated files (files) Module: Loaded PAP pap: encryption_scheme = \"crypt\" pap: auto_header = yes Module: Instantiated pap (pap) Module: Loaded Acct-Unique-Session-Id acct_unique: key = \"User-Name, Acct-Session-Id, NAS-IP-Address, Client-IP-Addre ss, NAS-Port\" Module: Instantiated acct_unique (acct_unique) Module: Loaded detail detail: detailfile = \"/usr/local/var/log/radius/radacct/%{Client-IP-Address}/de tail-%Y%m%d\" detail: detailperm = 384 detail: dirperm = 493 detail: locking = no Module: Instantiated detail (detail) Module: Loaded radutmp radutmp: filename = \"/usr/local/var/log/radius/radutmp\" radutmp: username = \"%{User-Name}\" radutmp: case_sensitive = yes radutmp: check_with_nas = yes radutmp: perm = 384 radutmp: callerid = yes Module: Instantiated radutmp (radutmp) Listening on authentication *:1812 Listening on accounting *:1813 Ready to process requests. rad_recv: Access-Request packet from host 192.168.0.50:1026, id=0, length=197 Message-Authenticator = 0x58682b62b2334fb6e661df414bc30e61 Service-Type = Framed-User User-Name = \"anoop07\" Framed-MTU = 1488 Called-Station-Id = \"00-0F-3D-AF-DD-C2:default\" Calling-Station-Id = \"00-0E-35-F3-A1-67\" NAS-Identifier = \"D-Link Access Point\" NAS-Port-Type = Wireless-802.11 Connect-Info = \"CONNECT 54Mbps 802.11g\" EAP-Message = 0x0200000c01616e6f6f703037 NAS-IP-Address = 192.168.0.50 NAS-Port = 1 NAS-Port-Id = \"STA port # 1\" Processing the authorize section of radiusd.conf modcall: entering group authorize for request 0 modcall[authorize]: module \"preprocess\" returns ok for request 0 rlm_realm: No \'@\' in User-Name = \"anoop07\", looking up realm NULL rlm_realm: No such realm \"NULL\" modcall[authorize]: module \"suffix\" returns noop for request 0 rlm_eap: EAP packet type response id 0 length 12 rlm_eap: No EAP Start, assuming it\'s an on-going EAP conversation modcall[authorize]: module \"eap\" returns updated for request 0 users: Matched entry DEFAULT at line 153 users: Matched entry DEFAULT at line 172 modcall[authorize]: module \"files\" returns ok for request 0 rlm_pap: WARNING! No \"known good\" password found for the user. Authentication m ay fail because of this. modcall[authorize]: module \"pap\" returns noop for request 0 modcall: leaving group authorize (returns updated) for request 0 rad_check_password: Found Auth-Type EAP auth: type \"EAP\" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 0 rlm_eap: EAP Identity rlm_eap: processing type tls rlm_eap_tls: Requiring client certificate rlm_eap_tls: Initiate rlm_eap_tls: Start returned 1 modcall[authenticate]: module \"eap\" returns handled for request 0 modcall: leaving group authenticate (returns handled) for request 0 Sending Access-Challenge of id 0 to 192.168.0.50 port 1026 Framed-IP-Address = 255.255.255.254 Framed-MTU = 576 Service-Type = Framed-User EAP-Message = 0x010100060d20 Message-Authenticator = 0x00000000000000000000000000000000 State = 0xf149907fc590a6e39f01cbbd9619107b Finished request 0 Going to the next request --- Walking the entire request list --- Waking up in 6 seconds... rad_recv: Access-Request packet from host 192.168.0.50:1026, id=1, length=299 Message-Authenticator = 0x4fd5a9fe11d848f8f7a1324997be4a8e Service-Type = Framed-User User-Name = \"anoop07\" Framed-MTU = 1488 State = 0xf149907fc590a6e39f01cbbd9619107b Called-Station-Id = \"00-0F-3D-AF-DD-C2:default\" Calling-Station-Id = \"00-0E-35-F3-A1-67\" NAS-Identifier = \"D-Link Access Point\" NAS-Port-Type = Wireless-802.11 Connect-Info = \"CONNECT 54Mbps 802.11g\" EAP-Message = 0x020100600d800000005616030100510100004d03014642cb0590f008 20866efd284d568c69cde48b6530bced71bd7a674a2a46e36e103102d6b9e079cbcf0242e2192803 fe40001600040005000a000900640062000300060013001200630100 NAS-IP-Address = 192.168.0.50 NAS-Port = 1 NAS-Port-Id = \"STA port # 1\" Processing the authorize section of radiusd.conf modcall: entering group authorize for request 1 modcall[authorize]: module \"preprocess\" returns ok for request 1 rlm_realm: No \'@\' in User-Name = \"anoop07\", looking up realm NULL rlm_realm: No such realm \"NULL\" modcall[authorize]: module \"suffix\" returns noop for request 1 rlm_eap: EAP packet type response id 1 length 96 rlm_eap: No EAP Start, assuming it\'s an on-going EAP conversation modcall[authorize]: module \"eap\" returns updated for request 1 users: Matched entry DEFAULT at line 153 users: Matched entry DEFAULT at line 172 modcall[authorize]: module \"files\" returns ok for request 1 rlm_pap: WARNING! No \"known good\" password found for the user. Authentication m ay fail because of this. modcall[authorize]: module \"pap\" returns noop for request 1 modcall: leaving group authorize (returns updated) for request 1 rad_check_password: Found Auth-Type EAP auth: type \"EAP\" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 1 rlm_eap: Request found, released from the list rlm_eap: EAP/tls rlm_eap: processing type tls rlm_eap_tls: Authenticate rlm_eap_tls: processing TLS rlm_eap_tls: Length Included eaptls_verify returned 11 (other): before/accept initialization TLS_accept: before/accept initialization rlm_eap_tls: <<< TLS 1.0 Handshake [length 0051], ClientHello TLS_accept: SSLv3 read client hello A rlm_eap_tls: >>> TLS 1.0 Handshake [length 004a], ServerHello TLS_accept: SSLv3 write server hello A rlm_eap_tls: >>> TLS 1.0 Handshake [length 04bf], Certificate TLS_accept: SSLv3 write certificate A rlm_eap_tls: >>> TLS 1.0 Handshake [length 004c], CertificateRequest TLS_accept: SSLv3 write certificate request A TLS_accept: SSLv3 flush data TLS_accept: Need to read more data: SSLv3 read client certificate A In SSL Handshake Phase In SSL Accept mode eaptls_process returned 13 modcall[authenticate]: module \"eap\" returns handled for request 1 modcall: leaving group authenticate (returns handled) for request 1 Sending Access-Challenge of id 1 to 192.168.0.50 port 1026 Framed-IP-Address = 255.255.255.254 Framed-MTU = 576 Service-Type = Framed-User EAP-Message = 0x0102040a0dc000000564160301004a0200004603014642cb066051eb 4f14285a58bcd1249829d97ad27f846524d57f7a25b0a3981720143a0cfecdd12ac8ec78c09d87f3 05ba498dcfe95c07b2b76e9b8510cfc644fd00040016030104bf0b0004bb0004b800022c30820228 30820191a003020102020101300d06092a864886f70d0101040500303b310b300906035504061302 494e310b300906035504081302544e310d300b060355040a1304536966793110300e060355040313 0730377877696669301e170d3037303131323135333533305a170d3038303131323135333533305a 3060310b300906035504061302494e310b3009060355040813 EAP-Message = 0x02544e310d300b060355040a1304536966793110300e060355040313 07303778776966693123302106092a864886f70d0109011614616e6f6f705f634073696679636f72 702e636f6d30819f300d06092a864886f70d010101050003818d0030818902818100d2bbbe35bc8a 47709632284aff484695385e69c3522f63da46834f9586a420bda380889693fa77fedd9ed4290e6f 9ff4436721775294fc65a38fea098f18975b34b5063de27220e18a07d433cbb6e19aeb3f84b012f7 c20071dd280457a932634bbe50f438cc2ee6f4d65fa395a10bdecc4bf9087979ec45af000940e186 ed290203010001a317301530130603551d25040c300a06082b EAP-Message = 0x06010505070301300d06092a864886f70d0101040500038181000afe a7f2a8a9cffe60baa8f779353c523457f8237faeff81ba5f2c22664c70b6b2fb58c8967ca4a4c847 b80e1d5a6cc4558ffa1d161614f374d8b5efd565aa66045b192b3ac3da82c81c4a99fc10cfe473f9 ac258ef99b16cbd335004677694a05addae48c6a9dcdb26b86ddb56c635266c33c7de75865435326 92e5220d30b100028630820282308201eba003020102020100300d06092a864886f70d0101040500 303b310b300906035504061302494e310b300906035504081302544e310d300b060355040a130453 6966793110300e0603550403130730377877696669301e170d EAP-Message = 0x3037303131323135333435305a170d3038303131323135333435305a 303b310b300906035504061302494e310b300906035504081302544e310d300b060355040a130453 6966793110300e060355040313073037787769666930819f300d06092a864886f70d010101050003 818d0030818902818100ba8b07a479bb6ce9adf2d8bc6ac9cf214506dfc039cb10c3b4d27d1bbc08 2caff0bb77424819728977f04b32e231a3c4755a65823b366f1a604f15ce6c499883ab7d2757a5a2 c07a11e75b7a00d6c55a8fb7443b202a25a3cdaad39579b2d8f4c09c974056f0c8666fff754d5748 36fcaf105200fcd5df5158e2b387310c4ed90203010001a381 EAP-Message = 0x95308192301d0603551d0e041604149eda6f69065423 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x2fdcf333629491d0e1c1ee647458de64 Finished request 1 Going to the next request Waking up in 6 seconds... rad_recv: Access-Request packet from host 192.168.0.50:1026, id=2, length=209 Message-Authenticator = 0x4ad9312009d92ce8a0efb591a5179928 Service-Type = Framed-User User-Name = \"anoop07\" Framed-MTU = 1488 State = 0x2fdcf333629491d0e1c1ee647458de64 Called-Station-Id = \"00-0F-3D-AF-DD-C2:default\" Calling-Station-Id = \"00-0E-35-F3-A1-67\" NAS-Identifier = \"D-Link Access Point\" NAS-Port-Type = Wireless-802.11 Connect-Info = \"CONNECT 54Mbps 802.11g\" EAP-Message = 0x020200060d00 NAS-IP-Address = 192.168.0.50 NAS-Port = 1 NAS-Port-Id = \"STA port # 1\" Processing the authorize section of radiusd.conf modcall: entering group authorize for request 2 modcall[authorize]: module \"preprocess\" returns ok for request 2 rlm_realm: No \'@\' in User-Name = \"anoop07\", looking up realm NULL rlm_realm: No such realm \"NULL\" modcall[authorize]: module \"suffix\" returns noop for request 2 rlm_eap: EAP packet type response id 2 length 6 rlm_eap: No EAP Start, assuming it\'s an on-going EAP conversation modcall[authorize]: module \"eap\" returns updated for request 2 users: Matched entry DEFAULT at line 153 users: Matched entry DEFAULT at line 172 modcall[authorize]: module \"files\" returns ok for request 2 rlm_pap: WARNING! No \"known good\" password found for the user. Authentication m ay fail because of this. modcall[authorize]: module \"pap\" returns noop for request 2 modcall: leaving group authorize (returns updated) for request 2 rad_check_password: Found Auth-Type EAP auth: type \"EAP\" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 2 rlm_eap: Request found, released from the list rlm_eap: EAP/tls rlm_eap: processing type tls rlm_eap_tls: Authenticate rlm_eap_tls: processing TLS rlm_eap_tls: Received EAP-TLS ACK message rlm_eap_tls: ack handshake fragment handler eaptls_verify returned 1 eaptls_process returned 13 modcall[authenticate]: module \"eap\" returns handled for request 2 modcall: leaving group authenticate (returns handled) for request 2 Sending Access-Challenge of id 2 to 192.168.0.50 port 1026 Framed-IP-Address = 255.255.255.254 Framed-MTU = 576 Service-Type = Framed-User EAP-Message = 0x0103016e0d80000005647ec1c9e4d07a608e0e6dcd730f3063060355 1d23045c305a80149eda6f690654237ec1c9e4d07a608e0e6dcd730fa13fa43d303b310b30090603 5504061302494e310b300906035504081302544e310d300b060355040a1304536966793110300e06 03550403130730377877696669820100300c0603551d13040530030101ff300d06092a864886f70d 0101040500038181006b514f008b6a77757fc73ddbe9d54e4ea925a1ab9ce80ad7895d6d19661d8b 8558d0e359876aac023aa52d4273e00407b9b588b30dbc35c5911bc89d2d99677e0ec8dea17fece3 5d0b4dfab8775ba73eaeb0a0998bcdf1437cff0a1031f6a5b1 EAP-Message = 0x7e8bcdc01e2e964cb256f49d947eea2cfd42989aef397fa438be294f a3dc7a3d160301004c0d000044020102003f003d303b310b300906035504061302494e310b300906 035504081302544e310d300b060355040a1304536966793110300e06035504031307303778776966 690e000000 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x8312be86097e0bba014e67facd670e26 Finished request 2 Going to the next request Waking up in 6 seconds... rad_recv: Access-Request packet from host 192.168.0.50:1026, id=3, length=209 Message-Authenticator = 0xd1d028ef0c35ada1104dae076b233114 Service-Type = Framed-User User-Name = \"anoop07\" Framed-MTU = 1488 State = 0x8312be86097e0bba014e67facd670e26 Called-Station-Id = \"00-0F-3D-AF-DD-C2:default\" Calling-Station-Id = \"00-0E-35-F3-A1-67\" NAS-Identifier = \"D-Link Access Point\" NAS-Port-Type = Wireless-802.11 Connect-Info = \"CONNECT 54Mbps 802.11g\" EAP-Message = 0x020300060d00 NAS-IP-Address = 192.168.0.50 NAS-Port = 1 NAS-Port-Id = \"STA port # 1\" Processing the authorize section of radiusd.conf modcall: entering group authorize for request 3 modcall[authorize]: module \"preprocess\" returns ok for request 3 rlm_realm: No \'@\' in User-Name = \"anoop07\", looking up realm NULL rlm_realm: No such realm \"NULL\" modcall[authorize]: module \"suffix\" returns noop for request 3 rlm_eap: EAP packet type response id 3 length 6 rlm_eap: No EAP Start, assuming it\'s an on-going EAP conversation modcall[authorize]: module \"eap\" returns updated for request 3 users: Matched entry DEFAULT at line 153 users: Matched entry DEFAULT at line 172 modcall[authorize]: module \"files\" returns ok for request 3 rlm_pap: WARNING! No \"known good\" password found for the user. Authentication m ay fail because of this. modcall[authorize]: module \"pap\" returns noop for request 3 modcall: leaving group authorize (returns updated) for request 3 rad_check_password: Found Auth-Type EAP auth: type \"EAP\" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 3 rlm_eap: Request found, released from the list rlm_eap: EAP/tls rlm_eap: processing type tls rlm_eap_tls: Authenticate rlm_eap_tls: processing TLS rlm_eap_tls: Received EAP-TLS ACK message rlm_eap_tls: ack handshake fragment handler eaptls_verify returned 1 eaptls_process returned 13 modcall[authenticate]: module \"eap\" returns handled for request 3 modcall: leaving group authenticate (returns handled) for request 3 Sending Access-Challenge of id 3 to 192.168.0.50 port 1026 Framed-IP-Address = 255.255.255.254 Framed-MTU = 576 Service-Type = Framed-User EAP-Message = 0x0104000a0d8000000000 Message-Authenticator = 0x00000000000000000000000000000000 State = 0xc08d54ac02795c8e31c2f7865a609bd5 Finished request 3 Going to the next request Waking up in 6 seconds... --- Walking the entire request list --- Cleaning up request 0 ID 0 with timestamp 4642cb06 Cleaning up request 1 ID 1 with timestamp 4642cb06 Cleaning up request 2 ID 2 with timestamp 4642cb06 Cleaning up request 3 ID 3 with timestamp 4642cb06 Nothing to do. Sleeping until we see a request. [root@anoop raddb]# Wat is the meaning of --- TLS_accept: SSLv3 write certificate request A TLS_accept: SSLv3 flush data TLS_accept: Need to read more data: SSLv3 read client certificate A In SSL Handshake Phase In SSL Accept mode eaptls_process returned 13---- this in eap_process returned 13 in the debug log as well as ---rlm_eap: No EAP Start, assuming it\'s an on-going EAP conversation---- Regards Anoop Quoting freeradius-users-request@lists.freeradius.org:
Send Freeradius-Users mailing list submissions to freeradius-users@lists.freeradius.org
To subscribe or unsubscribe via the World Wide Web, visit http://lists.freeradius.org/mailman/listinfo/freeradius-users or, via email, send a message with subject or body \'help\' to freeradius-users-request@lists.freeradius.org
You can reach the person managing the list at freeradius-users-owner@lists.freeradius.org
When replying, please edit your Subject line so it is more specific than \"Re: Contents of Freeradius-Users digest...\"
Today\'s Topics:
1. RE: FR with MySQL - Stored Procedures (Gunther) 2. Re: freeradius & redback sms (Alan DeKok) 3. Re: Date expansion fails for inner encryption tunnel log files. (Alan DeKok) 4. Re: 1.1.6 with rlm_sqlippool: ip=[] len=0 (Alan DeKok) 5. Re: ttls problem (tevfik)
----------------------------------------------------------------------
Message: 1 Date: Thu, 10 May 2007 03:15:09 -0400 From: \"Gunther\" <freeradius@caribsms.com> Subject: RE: FR with MySQL - Stored Procedures To: \"\'FreeRadius users mailing list\'\" <freeradius-users@lists.freeradius.org> Message-ID: <001a01c792d2$f23b79c0$0419a8c0@ultra3> Content-Type: text/plain; charset=\"US-ASCII\"
Did some further research on the MySQL - FR Stored Procedure (SP) problem.
When calling the SP, MySQL always returns two results. One is the actual result and the other is the number of affected rows, which is different to a normal e.g. SELECT query.
SP: mysql> call CheckIt(\'myString\'); +--------+ | result | +--------+ | 10 | (result is correct) +--------+ 1 row in set (0.00 sec)
Query OK, 0 rows affected (0.00 sec) <-- Result plus the number of affected rows!
Normal Query: mysql> select 25 AS result; +--------+ | result | +--------+ | 25 | +--------+ 1 row in set (0.00 sec) <--- Normal query with one result
-------- MYSQL 5.0 Ref manual ---- If you write C programs that use the CALL SQL statement to execute stored procedures that produce result sets, you must set the CLIENT_MULTI_RESULTS flag, either explicitly, or implicitly by setting CLIENT_MULTI_STATEMENTS when you call mysql_real_connect(). This is because each such stored procedure produces multiple results: the result sets returned by statements executed within the procedure, as well as a result to indicate the call status. To process the result of a CALL statement, use a loop that calls mysql_next_result() to determine whether there are more results.
The following procedure outlines a suggested strategy for handling multiple statements: 1. Pass CLIENT_MULTI_STATEMENTS to mysql_real_connect(), to fully enable multiple-statement execution and multiple-result processing. 2. After calling mysql_query() or mysql_real_query() and verifying that it succeeds, enter a loop within which you process statement results. 3. For each iteration of the loop, handle the current statement result, retrieving either a result set or an affected-rows count. If an error occurs, exit the loop. 4. At the end of the loop, call mysql_next_result() to check whether another result exists and initiate retrieval for it if so. If no more results are available, exit the loop. ----------------------------------
Just for a test, I added a very quick and dirty \'mysql_next_result\' into the sql_free_result function of \"sql_mysql.c\" in row 292 of FR 1.1.6, the same location Thomas used the
..... if (sqlsocket->row == NULL) { return sql_check_error(mysql_errno(mysql_sock->sock)); } mysql_next_result(mysql_sock->sock); /* eat the number of affected rows result */ return 0; } .....
As a result I do not get the 2014 error anymore and everything seems to be working fine. Since I do not really know the implications of just adding this command, maybe one of the experts could help out here.
In an ealier posting 3 days ago I said that the problem is not really stored procedure related ... but it is! Once the SP is called at least once other queries will have errors too.
Gunther
FR 1.1.6 - MySQL 5.0.41 - CentOS 4.4
------------------------------
Message: 2 Date: Thu, 10 May 2007 09:27:45 +0200 From: Alan DeKok <aland@deployingradius.com> Subject: Re: freeradius & redback sms To: FreeRadius users mailing list <freeradius-users@lists.freeradius.org> Message-ID: <4642C971.3060509@deployingradius.com> Content-Type: text/plain; charset=ISO-8859-1
Samson Martinez wrote:
We are currently using a Redback SMS 500 to terminate PPPoE sessions for client desktops. Up until now an older Steelbelted Radius server has been used to authenticate RADIUS requests forwarded by the Redback and it\'s worked ok. We want to transfer the RADIUS support to a freeradius installation but I am having a bit of a fit trying to get it to work.
See \"radsniff\" from the current release. Watch the packets going TO your old RADIUS server, and the responses comign BACK from it. Configure FreeRADIUS to respond to requests with the same attributes.
The NAS has no idea which server you\'re running. All it sees is the attributes in the packet.
The solution is to first find out what needs to be sent back, and then make FreeRADIUS send the correct response. There is no magic, and there is no need to fight with any configuration.
The redback log looks like you\'re not sending back the correct attributes. If you don\'t know what attributes to send back, you WILL NOT be able to solve the problem.
Alan DeKok. -- http://deployingradius.com - The web site of the book http://deployingradius.com/blog/ - The blog
------------------------------
Message: 3 Date: Thu, 10 May 2007 09:39:36 +0200 From: Alan DeKok <aland@deployingradius.com> Subject: Re: Date expansion fails for inner encryption tunnel log files. To: FreeRadius users mailing list <freeradius-users@lists.freeradius.org> Message-ID: <4642CC38.9050204@deployingradius.com> Content-Type: text/plain; charset=ISO-8859-1
Arran Cudbard-Bell wrote:
Firstly is is possible to specify return codes for users files depending on matched sections ? Or will the files module always return ok ?
You can\'t specify return codes from the \"users\" file.
Secondly, whats considered decent throughput in terms of (serial) requests per second... With none of the SQL or LDAP checking i\'m getting around 300ish requests per second ;
That\'s a little low, to be honest. My tests on a dual core 1.8GHz intel show 25k PAP requests per second from localhost to localhost. That\'s rather different from what you\'re seeing.
Unless you mean 300 full EAP-TLS/TTLS/PEAP authentications per second. That\'s pretty fast, considering that almost all of the CPU time is spent doing RSA key operations. And with 5-10 RADIUS packets per EAP authentication, that\'s 3k requests/s, not 300.
We have a user base of around 10,000 users with a absolute maximum of
4,000 logged in at any one time, and two Dual Core 2.13ghz 64bit Apple
Xserves with basic load balancing.
It\'s obvious that the SQL server is lagging behind, and the LDAP cluster is on some ageing Xserves so probably isn\'t performing at it\'s peak...
If you have any recommended figures that I could aim for, would be very useful.
For plain PAP: 10k+ requests/s would be expected. For EAP, substantially less than that.
Alan DeKok. -- http://deployingradius.com - The web site of the book http://deployingradius.com/blog/ - The blog
------------------------------
Message: 4 Date: Thu, 10 May 2007 09:40:13 +0200 From: Alan DeKok <aland@deployingradius.com> Subject: Re: 1.1.6 with rlm_sqlippool: ip=[] len=0 To: FreeRadius users mailing list <freeradius-users@lists.freeradius.org> Message-ID: <4642CC5D.7070602@deployingradius.com> Content-Type: text/plain; charset=ISO-8859-1
Guilherme Franco wrote:
This was happening with 1.1.4 and I thought that 1.1.6 would
correct
this.
Wasn\'t 1.1.6 supposed to work this out?
Which part of the ChangeLog said that?
Alan DeKok. -- http://deployingradius.com - The web site of the book http://deployingradius.com/blog/ - The blog
------------------------------
Message: 5 Date: Thu, 10 May 2007 00:41:14 -0700 (PDT) From: tevfik <tevfikkiziloren@gmail.com> Subject: Re: ttls problem To: freeradius-users@lists.freeradius.org Message-ID: <10408620.post@talk.nabble.com> Content-Type: text/plain; charset=us-ascii
did you configure SecureW2 to allow new connections?
Yes i tried both combinations, nothing is changed.
In addition to this when I enter correct username but wrong password, I got similar debug log which i lised below.
I wasn\'t able to see any problem with ldap configuration because it works with radtest command. (That is when i entered correct usrname but wrong password, I got Access-Rejected message. When both of them was true, I got Access-Accepted)
Is there a problem with my ldap configuration. Is there any weird message in my debug log?
I am dealing with this thing about 20 days. Could anybody tell me whats wrong with it?
Thanks in advance:
My full debug log: (username was entered true, password was entered false ) ------------------------------------------------------------------------------------------------- ldap:~ # radiusd -X -A Starting - reading configuration files ... reread_config: reading radiusd.conf Config: including file: /etc/raddb/proxy.conf Config: including file: /etc/raddb/clients.conf Config: including file: /etc/raddb/snmp.conf Config: including file: /etc/raddb/eap.conf Config: including file: /etc/raddb/sql.conf main: prefix = \"/usr\" main: localstatedir = \"/var\" main: logdir = \"/var/log/radius\" main: libdir = \"/usr/lib/freeradius\" main: radacctdir = \"/var/log/radius/radacct\" main: hostname_lookups = no main: max_request_time = 30 main: cleanup_delay = 5 main: max_requests = 1024 main: delete_blocked_requests = 0 main: port = 0 main: allow_core_dumps = no main: log_stripped_names = no main: log_file = \"/var/log/radius/radius.log\" main: log_auth = no main: log_auth_badpass = no main: log_auth_goodpass = no main: pidfile = \"/var/run/radiusd/radiusd.pid\" main: user = \"radiusd\" main: group = \"radiusd\" main: usercollide = no main: lower_user = \"no\" main: lower_pass = \"no\" main: nospace_user = \"no\" main: nospace_pass = \"no\" main: checkrad = \"/usr/sbin/checkrad\" main: proxy_requests = yes proxy: retry_delay = 5 proxy: retry_count = 3 proxy: synchronous = no proxy: default_fallback = yes proxy: dead_time = 120 proxy: post_proxy_authorize = no proxy: wake_all_if_all_dead = no security: max_attributes = 200 security: reject_delay = 1 security: status_server = no main: debug_level = 0 read_config_files: reading dictionary read_config_files: reading naslist read_config_files: reading clients read_config_files: reading realms radiusd: entering modules setup Module: Library search path is /usr/lib/freeradius Module: Loaded exec exec: wait = yes exec: program = \"(null)\" exec: input_pairs = \"request\" exec: output_pairs = \"(null)\" exec: packet_type = \"(null)\" rlm_exec: Wait=yes but no output defined. Did you mean output=none? Module: Instantiated exec (exec) Module: Loaded expr Module: Instantiated expr (expr) Module: Loaded PAP pap: encryption_scheme = \"crypt\" Module: Instantiated pap (pap) Module: Loaded CHAP Module: Instantiated chap (chap) Module: Loaded MS-CHAP mschap: use_mppe = yes mschap: require_encryption = no mschap: require_strong = no mschap: with_ntdomain_hack = no mschap: passwd = \"(null)\" mschap: authtype = \"MS-CHAP\" mschap: ntlm_auth = \"(null)\" Module: Instantiated mschap (mschap) Module: Loaded System unix: cache = no unix: passwd = \"(null)\" unix: shadow = \"(null)\" unix: group = \"(null)\" unix: radwtmp = \"/var/log/radius/radwtmp\" unix: usegroup = no unix: cache_reload = 600 Module: Instantiated unix (unix) Module: Loaded LDAP ldap: server = \"ldap.anadolu.edu.tr\" ldap: port = 389 ldap: net_timeout = 1 ldap: timeout = 4 ldap: timelimit = 3 ldap: identity = \"\" ldap: tls_mode = no ldap: start_tls = no ldap: tls_cacertfile = \"(null)\" ldap: tls_cacertdir = \"(null)\" ldap: tls_certfile = \"(null)\" ldap: tls_keyfile = \"(null)\" ldap: tls_randfile = \"(null)\" ldap: tls_require_cert = \"allow\" ldap: password = \"\" ldap: basedn = \"ou=people,dc=anadolu,dc=edu,dc=tr\" ldap: filter = \"(uid=%u)\" ldap: base_filter = \"(objectclass=radiusprofile)\" ldap: default_profile = \"(null)\" ldap: profile_attribute = \"(null)\" ldap: password_header = \"(null)\" ldap: password_attribute = \"(null)\" ldap: access_attr = \"(null)\" ldap: groupname_attribute = \"cn\" ldap: groupmembership_filter = \"(|(&(objectClass=GroupOfNames)(member=%{Ldap-UserDn}))(&(objectClass=GroupOfUniqueNames)(uniquemember=%{Ldap-UserDn})))\" ldap: groupmembership_attribute = \"(null)\" ldap: dictionary_mapping = \"/etc/raddb/ldap.attrmap\" ldap: ldap_debug = 0 ldap: ldap_connections_number = 5 ldap: compare_check_items = no ldap: access_attr_used_for_allow = yes ldap: do_xlat = yes ldap: edir_account_policy_check = yes ldap: set_auth_type = yes rlm_ldap: Registering ldap_groupcmp for Ldap-Group rlm_ldap: Creating new attribute ldap_1x-Ldap-Group rlm_ldap: Registering ldap_groupcmp for ldap_1x-Ldap-Group rlm_ldap: Registering ldap_xlat with xlat_name ldap_1x rlm_ldap: Over-riding set_auth_type, as we\'re not listed in the \"authenticate\" section. rlm_ldap: reading ldap<->radius mappings from file /etc/raddb/ldap.attrmap rlm_ldap: LDAP radiusCheckItem mapped to RADIUS $GENERIC$ rlm_ldap: LDAP radiusReplyItem mapped to RADIUS $GENERIC$ rlm_ldap: LDAP radiusAuthType mapped to RADIUS Auth-Type rlm_ldap: LDAP radiusSimultaneousUse mapped to RADIUS Simultaneous-Use rlm_ldap: LDAP radiusCalledStationId mapped to RADIUS Called-Station-Id rlm_ldap: LDAP radiusCallingStationId mapped to RADIUS Calling-Station-Id rlm_ldap: LDAP lmPassword mapped to RADIUS LM-Password rlm_ldap: LDAP ntPassword mapped to RADIUS NT-Password rlm_ldap: LDAP acctFlags mapped to RADIUS SMB-Account-CTRL-TEXT rlm_ldap: LDAP radiusExpiration mapped to RADIUS Expiration rlm_ldap: LDAP radiusServiceType mapped to RADIUS Service-Type rlm_ldap: LDAP radiusFramedProtocol mapped to RADIUS Framed-Protocol rlm_ldap: LDAP radiusFramedIPAddress mapped to RADIUS Framed-IP-Address rlm_ldap: LDAP radiusFramedIPNetmask mapped to RADIUS Framed-IP-Netmask rlm_ldap: LDAP radiusFramedRoute mapped to RADIUS Framed-Route rlm_ldap: LDAP radiusFramedRouting mapped to RADIUS Framed-Routing rlm_ldap: LDAP radiusFilterId mapped to RADIUS Filter-Id rlm_ldap: LDAP radiusFramedMTU mapped to RADIUS Framed-MTU rlm_ldap: LDAP radiusFramedCompression mapped to RADIUS Framed-Compression rlm_ldap: LDAP radiusLoginIPHost mapped to RADIUS Login-IP-Host rlm_ldap: LDAP radiusLoginService mapped to RADIUS Login-Service rlm_ldap: LDAP radiusLoginTCPPort mapped to RADIUS Login-TCP-Port rlm_ldap: LDAP radiusCallbackNumber mapped to RADIUS Callback-Number rlm_ldap: LDAP radiusCallbackId mapped to RADIUS Callback-Id rlm_ldap: LDAP radiusFramedIPXNetwork mapped to RADIUS Framed-IPX-Network rlm_ldap: LDAP radiusClass mapped to RADIUS Class rlm_ldap: LDAP radiusSessionTimeout mapped to RADIUS Session-Timeout rlm_ldap: LDAP radiusIdleTimeout mapped to RADIUS Idle-Timeout rlm_ldap: LDAP radiusTerminationAction mapped to RADIUS Termination-Action rlm_ldap: LDAP radiusLoginLATService mapped to RADIUS Login-LAT-Service rlm_ldap: LDAP radiusLoginLATNode mapped to RADIUS Login-LAT-Node rlm_ldap: LDAP radiusLoginLATGroup mapped to RADIUS Login-LAT-Group rlm_ldap: LDAP radiusFramedAppleTalkLink mapped to RADIUS Framed-AppleTalk-Link rlm_ldap: LDAP radiusFramedAppleTalkNetwork mapped to RADIUS Framed-AppleTalk-Network rlm_ldap: LDAP radiusFramedAppleTalkZone mapped to RADIUS Framed-AppleTalk-Zone rlm_ldap: LDAP radiusPortLimit mapped to RADIUS Port-Limit rlm_ldap: LDAP radiusLoginLATPort mapped to RADIUS Login-LAT-Port conns: 0x800d0420 Module: Instantiated ldap (ldap_1x) Module: Loaded eap eap: default_eap_type = \"ttls\" eap: timer_expire = 60 eap: ignore_unknown_eap_types = no eap: cisco_accounting_username_bug = no rlm_eap: Loaded and initialized type md5 rlm_eap: Loaded and initialized type leap gtc: challenge = \"Password: \" gtc: auth_type = \"PAP\" rlm_eap: Loaded and initialized type gtc tls: rsa_key_exchange = no tls: dh_key_exchange = yes tls: rsa_key_length = 512 tls: dh_key_length = 512 tls: verify_depth = 0 tls: CA_path = \"(null)\" tls: pem_file_type = yes tls: private_key_file = \"/etc/raddb/certs/server_keycert.pem\" tls: certificate_file = \"/etc/raddb/certs/server_keycert.pem\" tls: CA_file = \"/etc/raddb/certs/cacert.pem\" tls: private_key_password = \"1234\" tls: dh_file = \"/etc/raddb/certs/dh\" tls: random_file = \"/etc/raddb/certs/random\" tls: fragment_size = 1024 tls: include_length = yes tls: check_crl = no tls: check_cert_cn = \"(null)\" rlm_eap_tls: Loading the certificate file as a chain rlm_eap: Loaded and initialized type tls ttls: default_eap_type = \"md5\" ttls: copy_request_to_tunnel = yes ttls: use_tunneled_reply = no rlm_eap: Loaded and initialized type ttls mschapv2: with_ntdomain_hack = no rlm_eap: Loaded and initialized type mschapv2 Module: Instantiated eap (eap) Module: Loaded preprocess preprocess: huntgroups = \"/etc/raddb/huntgroups\" preprocess: hints = \"/etc/raddb/hints\" preprocess: with_ascend_hack = no preprocess: ascend_channels_per_line = 23 preprocess: with_ntdomain_hack = no preprocess: with_specialix_jetstream_hack = no preprocess: with_cisco_vsa_hack = no Module: Instantiated preprocess (preprocess) Module: Loaded realm realm: format = \"suffix\" realm: delimiter = \"@\" realm: ignore_default = yes realm: ignore_null = yes Module: Instantiated realm (suffix) Module: Loaded files files: usersfile = \"/etc/raddb/users\" files: acctusersfile = \"/etc/raddb/acct_users\" files: preproxy_usersfile = \"/etc/raddb/preproxy_users\" files: compat = \"no\" Module: Instantiated files (files) Module: Loaded Acct-Unique-Session-Id acct_unique: key = \"User-Name, Acct-Session-Id, NAS-IP-Address, Client-IP-Address, NAS-Port\" Module: Instantiated acct_unique (acct_unique) Module: Loaded detail detail: detailfile = \"/var/log/radius/radacct/%{Client-IP-Address}/detail-%Y%m%d\" detail: detailperm = 384 detail: dirperm = 493 detail: locking = no Module: Instantiated detail (detail) Module: Loaded radutmp radutmp: filename = \"/var/log/radius/radutmp\" radutmp: username = \"%{User-Name}\" radutmp: case_sensitive = yes radutmp: check_with_nas = yes radutmp: perm = 384 radutmp: callerid = yes Module: Instantiated radutmp (radutmp) Listening on authentication *:1812 Listening on accounting *:1813 Ready to process requests. rad_recv: Access-Request packet from host 10.10.7.203:1645, id=146, length=139 User-Name = \"tkiziloren\" Framed-MTU = 1400 Called-Station-Id = \"0017.0e85.f190\" Calling-Station-Id = \"0011.2fb9.d08b\" Service-Type = Login-User Message-Authenticator = 0x4bf1be37ab5fc1598c68bd249777d10d EAP-Message = 0x0202000f01746b697a696c6f72656e NAS-Port-Type = Wireless-802.11 NAS-Port = 322 NAS-IP-Address = 10.10.7.203 NAS-Identifier = \"testbaum\" Processing the authorize section of radiusd.conf modcall: entering group authorize for request 0 modcall[authorize]: module \"preprocess\" returns ok for request 0 modcall[authorize]: module \"chap\" returns noop for request 0 modcall[authorize]: module \"mschap\" returns noop for request 0 rlm_realm: No \'@\' in User-Name = \"tkiziloren\", skipping NULL due to config. modcall[authorize]: module \"suffix\" returns noop for request 0 rlm_eap: EAP packet type response id 2 length 15 rlm_eap: No EAP Start, assuming it\'s an on-going EAP conversation modcall[authorize]: module \"eap\" returns updated for request 0 users: Matched entry DEFAULT at line 29 modcall[authorize]: module \"files\" returns ok for request 0 rlm_ldap: - authorize rlm_ldap: performing user authorization for tkiziloren radius_xlat: \'(uid=tkiziloren)\' radius_xlat: \'ou=people,dc=anadolu,dc=edu,dc=tr\' rlm_ldap: ldap_get_conn: Checking Id: 0 rlm_ldap: ldap_get_conn: Got Id: 0 rlm_ldap: attempting LDAP reconnection rlm_ldap: (re)connect to ldap.anadolu.edu.tr:389, authentication 0 rlm_ldap: bind as / to ldap.anadolu.edu.tr:389 rlm_ldap: waiting for bind result ... rlm_ldap: Bind was successful rlm_ldap: performing search in ou=people,dc=anadolu,dc=edu,dc=tr, with filter (uid=tkiziloren) rlm_ldap: looking for check items in directory... rlm_ldap: looking for reply items in directory... rlm_ldap: user tkiziloren authorized to use remote access rlm_ldap: ldap_release_conn: Release Id: 0 modcall[authorize]: module \"ldap_1x\" returns ok for request 0 modcall: leaving group authorize (returns updated) for request 0 rad_check_password: Found Auth-Type EAP auth: type \"EAP\" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 0 rlm_eap: EAP Identity rlm_eap: processing type tls rlm_eap_tls: Initiate rlm_eap_tls: Start returned 1 modcall[authenticate]: module \"eap\" returns handled for request 0 modcall: leaving group authenticate (returns handled) for request 0 Sending Access-Challenge of id 146 to 10.10.7.203 port 1645 EAP-Message = 0x010300061520 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x0aacb6009ffcc2e6b40b7487d9b49dce Finished request 0 Going to the next request --- Walking the entire request list --- Waking up in 6 seconds... rad_recv: Access-Request packet from host 10.10.7.203:1645, id=147, length=202 User-Name = \"tkiziloren\" Framed-MTU = 1400 Called-Station-Id = \"0017.0e85.f190\" Calling-Station-Id = \"0011.2fb9.d08b\" Service-Type = Login-User Message-Authenticator = 0xec986e334fed0be253f43e2461d77e42 EAP-Message = 0x0203003c158000000032160301002d01000029030146cbafcad15f26ee9c399c30942cb9a40c438dfa3f0aeb13b9b68e7fd7fa6e64000002000a0100 NAS-Port-Type = Wireless-802.11 NAS-Port = 322 State = 0x0aacb6009ffcc2e6b40b7487d9b49dce NAS-IP-Address = 10.10.7.203 NAS-Identifier = \"testbaum\" Processing the authorize section of radiusd.conf modcall: entering group authorize for request 1 modcall[authorize]: module \"preprocess\" returns ok for request 1 modcall[authorize]: module \"chap\" returns noop for request 1 modcall[authorize]: module \"mschap\" returns noop for request 1 rlm_realm: No \'@\' in User-Name = \"tkiziloren\", skipping NULL due to config. modcall[authorize]: module \"suffix\" returns noop for request 1 rlm_eap: EAP packet type response id 3 length 60 rlm_eap: No EAP Start, assuming it\'s an on-going EAP conversation modcall[authorize]: module \"eap\" returns updated for request 1 users: Matched entry DEFAULT at line 29 modcall[authorize]: module \"files\" returns ok for request 1 rlm_ldap: - authorize rlm_ldap: performing user authorization for tkiziloren radius_xlat: \'(uid=tkiziloren)\' radius_xlat: \'ou=people,dc=anadolu,dc=edu,dc=tr\' rlm_ldap: ldap_get_conn: Checking Id: 0 rlm_ldap: ldap_get_conn: Got Id: 0 rlm_ldap: performing search in ou=people,dc=anadolu,dc=edu,dc=tr, with filter (uid=tkiziloren) rlm_ldap: looking for check items in directory... rlm_ldap: looking for reply items in directory... rlm_ldap: user tkiziloren authorized to use remote access rlm_ldap: ldap_release_conn: Release Id: 0 modcall[authorize]: module \"ldap_1x\" returns ok for request 1 modcall: leaving group authorize (returns updated) for request 1 rad_check_password: Found Auth-Type EAP auth: type \"EAP\" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 1 rlm_eap: Request found, released from the list rlm_eap: EAP/ttls rlm_eap: processing type ttls rlm_eap_ttls: Authenticate rlm_eap_tls: processing TLS rlm_eap_tls: Length Included eaptls_verify returned 11 (other): before/accept initialization TLS_accept: before/accept initialization rlm_eap_tls: <<< TLS 1.0 Handshake [length 002d], ClientHello TLS_accept: SSLv3 read client hello A rlm_eap_tls: >>> TLS 1.0 Handshake [length 004a], ServerHello TLS_accept: SSLv3 write server hello A rlm_eap_tls: >>> TLS 1.0 Handshake [length 05e7], Certificate TLS_accept: SSLv3 write certificate A rlm_eap_tls: >>> TLS 1.0 Handshake [length 0004], ServerHelloDone TLS_accept: SSLv3 write server done A TLS_accept: SSLv3 flush data TLS_accept:error in SSLv3 read client certificate A In SSL Handshake Phase In SSL Accept mode eaptls_process returned 13 modcall[authenticate]: module \"eap\" returns handled for request 1 modcall: leaving group authenticate (returns handled) for request 1 Sending Access-Challenge of id 147 to 10.10.7.203 port 1645 EAP-Message = 0x0104040a15c000000644160301004a0200004603014642d682aa7f984a7fcdbc4a6bc13b1d264b81e704929e445b4ebf174c04b7cc20d1ee663783e4d828257c89be8df743bbae47180d8e7bd7a41edc3742644c918a000a0016030105e70b0005e30005e00002c5308202c13082022aa003020102020101300d06092a864886f70d010105050030818f310b300906035504061302545231123010060355040813095452416e61646f6c75311b3019060355040a1312416e61646f6c7520556e6976657273697479310d300b060355040b13044241554d311c301a060355040313136c6461702e616e61646f6c752e6564752e74723122302006092a86 EAP-Message = 0x4886f70d01090116136c64617040616e61646f6c752e6564752e7472301e170d3037303530383130333833325a170d3038303530373130333833325a3081a3310b300906035504061302545231123010060355040813095452416e61646f6c75311230100603550407130945736b697365686972311b3019060355040a1312416e61646f6c7520556e6976657273697479310d300b060355040b13044241554d311c301a060355040313136c6461702e616e61646f6c752e6564752e74723122302006092a864886f70d01090116136c64617040616e61646f6c752e6564752e747230819f300d06092a864886f70d010101050003818d003081890281 EAP-Message = 0x8100aa7e832714838afb5c85df7c60afaf107142a9e077659f216e0b0cee26180413d2ce23bd4551cb0e7243dbae482db8757502159b52b08f8776b1fef8110ea8798dc7bd0db591296d73e37cad9a07ad8b1c1db6360104861ae0405cab03544b1ae33633df6a5403c79bdde9ab57ed2dcfe191f5f34418b555c953351acc461ce70203010001a317301530130603551d25040c300a06082b06010505070301300d06092a864886f70d0101050500038181003c0a0c3e188348ce41725b4c062f8a8570a1bf407bb6ee3504b9df6a18e935fe2f8792c914c2eabadd85e6ea701ec99443a06e436152b7b9fd413cf44fbd09db68cdf3879c76ea673153 EAP-Message = 0xb8adc112064df7b8369c796d37251577569523b465b686408649adbb9f9006148c9e8df035dec411681b9365b9d317f44efd89b9b42b000315308203113082027aa003020102020100300d06092a864886f70d010105050030818f310b300906035504061302545231123010060355040813095452416e61646f6c75311b3019060355040a1312416e61646f6c7520556e6976657273697479310d300b060355040b13044241554d311c301a060355040313136c6461702e616e61646f6c752e6564752e74723122302006092a864886f70d01090116136c64617040616e61646f6c752e6564752e7472301e170d3037303530383130333734345a170d EAP-Message = 0x3130303530373130333734345a30818f310b30090603 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x2c09c8f35ddc35ecd609188a17165621 Finished request 1 Going to the next request Waking up in 6 seconds... rad_recv: Access-Request packet from host 10.10.7.203:1645, id=148, length=148 User-Name = \"tkiziloren\" Framed-MTU = 1400 Called-Station-Id = \"0017.0e85.f190\" Calling-Station-Id = \"0011.2fb9.d08b\" Service-Type = Login-User Message-Authenticator = 0x9b4e281f16c2c5d3cf691e6e195bea68 EAP-Message = 0x020400061500 NAS-Port-Type = Wireless-802.11 NAS-Port = 322 State = 0x2c09c8f35ddc35ecd609188a17165621 NAS-IP-Address = 10.10.7.203 NAS-Identifier = \"testbaum\" Processing the authorize section of radiusd.conf modcall: entering group authorize for request 2 modcall[authorize]: module \"preprocess\" returns ok for request 2 modcall[authorize]: module \"chap\" returns noop for request 2 modcall[authorize]: module \"mschap\" returns noop for request 2 rlm_realm: No \'@\' in User-Name = \"tkiziloren\", skipping NULL due to config. modcall[authorize]: module \"suffix\" returns noop for request 2 rlm_eap: EAP packet type response id 4 length 6 rlm_eap: No EAP Start, assuming it\'s an on-going EAP conversation modcall[authorize]: module \"eap\" returns updated for request 2 users: Matched entry DEFAULT at line 29 modcall[authorize]: module \"files\" returns ok for request 2 rlm_ldap: - authorize rlm_ldap: performing user authorization for tkiziloren radius_xlat: \'(uid=tkiziloren)\' radius_xlat: \'ou=people,dc=anadolu,dc=edu,dc=tr\' rlm_ldap: ldap_get_conn: Checking Id: 0 rlm_ldap: ldap_get_conn: Got Id: 0 rlm_ldap: performing search in ou=people,dc=anadolu,dc=edu,dc=tr, with filter (uid=tkiziloren) rlm_ldap: looking for check items in directory... rlm_ldap: looking for reply items in directory... rlm_ldap: user tkiziloren authorized to use remote access rlm_ldap: ldap_release_conn: Release Id: 0 modcall[authorize]: module \"ldap_1x\" returns ok for request 2 modcall: leaving group authorize (returns updated) for request 2 rad_check_password: Found Auth-Type EAP auth: type \"EAP\" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 2 rlm_eap: Request found, released from the list rlm_eap: EAP/ttls rlm_eap: processing type ttls rlm_eap_ttls: Authenticate rlm_eap_tls: processing TLS rlm_eap_tls: Received EAP-TLS ACK message rlm_eap_tls: ack handshake fragment handler eaptls_verify returned 1 eaptls_process returned 13 modcall[authenticate]: module \"eap\" returns handled for request 2 modcall: leaving group authenticate (returns handled) for request 2 Sending Access-Challenge of id 148 to 10.10.7.203 port 1645 EAP-Message = 0x0105024e1580000006445504061302545231123010060355040813095452416e61646f6c75311b3019060355040a1312416e61646f6c7520556e6976657273697479310d300b060355040b13044241554d311c301a060355040313136c6461702e616e61646f6c752e6564752e74723122302006092a864886f70d01090116136c64617040616e61646f6c752e6564752e747230819f300d06092a864886f70d010101050003818d0030818902818100f87fe052d754f4586d4e311ea15bb54cd7bbe1e505e648171bfa44c6a1523906cc31d776e4a8113dd3f002e7ddd43868af03076e0f4c57c6791845adc2f7732d909e58267dc127244ebe656f95 EAP-Message = 0xf53a09222a4a3451369f97a04391610dc4b77848268d41b7f9bc37f04654d00abdc0ee376c8aad064e5ac5a5a1595bffeea9b30203010001a37b307930090603551d1304023000302c06096086480186f842010d041f161d4f70656e53534c2047656e657261746564204365727469666963617465301d0603551d0e0416041450fd81eacea4e2d3d18547e154bc515d08630096301f0603551d2304183016801450fd81eacea4e2d3d18547e154bc515d08630096300d06092a864886f70d01010505000381810092f44ed2dade447e098f90432e2a2b58d93139471c0b41d3bbdebf1c2d09e321b43bbe2faad7d8c60e6642f5b6c2746fbb4be07033 EAP-Message = 0x4b77db5093871b2203bf2271cb97b98cc169c03f4f67d7a01261d971dfddc176cce3a42e1dd1e37037060a528db7e8481722e222549b882a93cfa582a29df0f1b401a28e197772410a1f1016030100040e000000 Message-Authenticator = 0x00000000000000000000000000000000 State = 0xb63cf9e5375c651683e69b8c2d8543fc Finished request 2 Going to the next request Waking up in 6 seconds... --- Walking the entire request list --- Cleaning up request 0 ID 146 with timestamp 4642d682 Cleaning up request 1 ID 147 with timestamp 4642d682 Cleaning up request 2 ID 148 with timestamp 4642d682 Nothing to do. Sleeping until we see a request.
A.L.M.Buxey wrote:
Hi,
However when i try to perform same task by using securew2 on XP
client,
it always shows \"attempting to authenticate\",
did you configure SecureW2 to allow new connections?
alan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
-- View this message in context: http://www.nabble.com/ttls-problem-tf3717596.html#a10408620 Sent from the FreeRadius - User mailing list archive at Nabble.com.
------------------------------
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
End of Freeradius-Users Digest, Vol 25, Issue 36 ************************************************