Hi Alan, Below is the results from radiusd -X (debug mode), while logging in: rad_recv: Access-Request packet from host xx.xx.xx.79 port 40379, id=79, length=138 User-Name = "test" NAS-Port-Type = Virtual Service-Type = Framed-User NAS-Port = 53 NAS-Port-Id = "ios" NAS-IP-Address = xx.xx.xx.79 Called-Station-Id = "xx.xx.xx.79[4500]" Calling-Station-Id = "xx.xx.xx.150[32055]" EAP-Message = 0x02000009016a646f65 NAS-Identifier = "strongSwan" Message-Authenticator = 0x13a0846c40f521e3c009161546f6f3fb # Executing section authorize from file /etc/raddb/sites-enabled/default +- entering group authorize {...} ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop ++[digest] returns noop [suffix] No '@' in User-Name = "test", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop [eap] EAP packet type response id 0 length 9 [eap] No EAP Start, assuming it's an on-going EAP conversation ++[eap] returns updated ++[files] returns noop [ldap] performing user authorization for test [ldap] expand: (&(uid=%u)) -> (&(uid=test)) [ldap] expand: ou=People,dc=company,dc=com -> ou=People,dc=company,dc=com [ldap] ldap_get_conn: Checking Id: 0 [ldap] ldap_get_conn: Got Id: 0 [ldap] attempting LDAP reconnection [ldap] (re)connect to xx.xx.xx.126:389, authentication 0 [ldap] bind as cn=Admin,dc=company,dc=com/xxxx to xx.xx.xx.126:389 [ldap] waiting for bind result ... [ldap] Bind was successful [ldap] performing search in ou=People,dc=company,dc=com, with filter (&(uid=test)) [ldap] looking for check items in directory... [ldap] userPassword -> User-Password == "password" [ldap] userPassword -> Password-With-Header == "password" [ldap] sambaNtPassword -> NT-Password == 0x38424235443 [ldap] looking for reply items in directory... [ldap] user test authorized to use remote access [ldap] ldap_release_conn: Release Id: 0 ++[ldap] returns ok ++[expiration] returns noop ++[logintime] returns noop [pap] Config already contains "known good" password. Ignoring Password-With-Header [pap] Normalizing NT-Password from hex encoding [pap] WARNING: Auth-Type already set. Not setting to PAP ++[pap] returns noop Found Auth-Type = EAP !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!! Replacing User-Password in config items with Cleartext-Password. !!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!! Please update your configuration so that the "known good" !!! !!! clear text password is in Cleartext-Password, and not in User-Password. !!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! # Executing group from file /etc/raddb/sites-enabled/default +- entering group authenticate {...} [eap] EAP Identity [eap] processing type md5 rlm_eap_md5: Issuing Challenge ++[eap] returns handled Sending Access-Challenge of id 79 to xx.xx.xx.79 port 40379 EAP-Message = 0x010100160410c73f50e02103b6473c8f5ed51995e29f Message-Authenticator = 0x00000000000000000000000000000000 State = 0x2310bb7d2311bf963fc3fbc63c331669 Finished request 0. Going to the next request Waking up in 4.9 seconds. rad_recv: Access-Request packet from host xx.xx.xx.79 port 40379, id=80, length=169 User-Name = "test" NAS-Port-Type = Virtual Service-Type = Framed-User NAS-Port = 53 NAS-Port-Id = "ios" NAS-IP-Address = xx.xx.xx.79 Called-Station-Id = "xx.xx.xx.79[4500]" Calling-Station-Id = "xx.xx.xx.150[32055]" EAP-Message = 0x020100160410958ab4a6a9b38188febc74cc0c573b96 NAS-Identifier = "strongSwan" State = 0x2310bb7d2311bf963fc3fbc63c331669 Message-Authenticator = 0xdb77c116ca06726a60a2d3a224bc2e22 # Executing section authorize from file /etc/raddb/sites-enabled/default +- entering group authorize {...} ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop ++[digest] returns noop [suffix] No '@' in User-Name = "test", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop [eap] EAP packet type response id 1 length 22 [eap] No EAP Start, assuming it's an on-going EAP conversation ++[eap] returns updated ++[files] returns noop [ldap] performing user authorization for test [ldap] expand: (&(uid=%u)) -> (&(uid=test)) [ldap] expand: ou=People,dc=company,dc=com -> ou=People,dc=company,dc=com [ldap] ldap_get_conn: Checking Id: 0 [ldap] ldap_get_conn: Got Id: 0 [ldap] performing search in ou=People,dc=company,dc=com, with filter (&(uid=test)) [ldap] looking for check items in directory... [ldap] userPassword -> User-Password == "password" [ldap] userPassword -> Password-With-Header == "password" [ldap] sambaNtPassword -> NT-Password == 0x38424235443 [ldap] looking for reply items in directory... [ldap] user test authorized to use remote access [ldap] ldap_release_conn: Release Id: 0 ++[ldap] returns ok ++[expiration] returns noop ++[logintime] returns noop [pap] Config already contains "known good" password. Ignoring Password-With-Header [pap] Normalizing NT-Password from hex encoding [pap] WARNING: Auth-Type already set. Not setting to PAP ++[pap] returns noop Found Auth-Type = EAP !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!! Replacing User-Password in config items with Cleartext-Password. !!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!! Please update your configuration so that the "known good" !!! !!! clear text password is in Cleartext-Password, and not in User-Password. !!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! # Executing group from file /etc/raddb/sites-enabled/default +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/md5 [eap] processing type md5 [eap] Freeing handler ++[eap] returns ok Login OK: [test] (from client localhost port 53 cli xx.xx.xx.150[32055]) # Executing section post-auth from file /etc/raddb/sites-enabled/default +- entering group post-auth {...} ++[exec] returns noop Sending Access-Accept of id 80 to xx.xx.xx.79 port 40379 EAP-Message = 0x03010004 Message-Authenticator = 0x00000000000000000000000000000000 User-Name = "test" Finished request 1. Going to the next request Waking up in 4.9 seconds. Cleaning up request 0 ID 79 with timestamp +20 Cleaning up request 1 ID 80 with timestamp +20 Ready to process requests. -----Original Message----- From: freeradius-users-bounces+me=company.com@lists.freeradius.org [mailto:freeradius-users-bounces+me=company.com@lists.freeradius.org] On Behalf Of A.L.M.Buxey@lboro.ac.uk Sent: Thursday, October 03, 2013 1:32 AM To: FreeRadius users mailing list Subject: Re: radwho not working Hi,
I would like to display the active Radius connections. When I run radwho I get the following results (showing nothing but the titles) even though I know I have an active connection:
using the utmp/wtmp modules? what does your FreeRADIUS debug show when someone logging in? alan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html