pppoe+mysql+Framed-IP-Address
I have just run pppoe server with freeradius pppeo user radius.so and radattr.so modules It works ok, but clients gets 'random' IP addreses... I need static IP (like that in /etc/ppp/chap-secrets last column). I try to add 1 record to my mysql, so I have: mysql> SELECT id, UserName, Attribute, Value, op FROM radcheck WHERE Username = 'norbert' ORDER BY id -> ; +-----+----------+-------------------+---------------+----+ | id | UserName | Attribute | Value | op | +-----+----------+-------------------+---------------+----+ | 77 | norbert | User-Password | xxxxxxxx | == | | 258 | norbert | Framed-IP-Address | 82.177.xx.yy | := | +-----+----------+-------------------+---------------+----+ but I still gets IP addresses like 10.67.15.1 ..., not 82.177.xx.yy my example access-request contains Framed-Protocol = PPP: Packet-Type = Access-Request Fri Mar 17 15:25:22 2006 Service-Type = Framed-User Framed-Protocol = PPP User-Name = "norbert" CHAP-Challenge = 0x4aaccdf7f520730e84f58bc4018c04217b97 CHAP-Password = 0xb6fe48120b0aed82ffdb4d782f3b51cd6a NAS-IP-Address = 127.0.0.1 NAS-Port = 0 Client-IP-Address = 10.10.10.248 What I should do? norbert
"Norbert Grochal" <norboro@celpol.pl> wrote:
| 77 | norbert | User-Password | xxxxxxxx | == | ... CHAP-Challenge = 0x4aaccdf7f520730e84f58bc4018c04217b97 CHAP-Password = 0xb6fe48120b0aed82ffdb4d782f3b51cd6a
There is no User-Password in the packet, so using '==' for comarison will never result in a match. use ':=' Alan DeKok.
| 77 | norbert | User-Password | xxxxxxxx | == | ... CHAP-Challenge = 0x4aaccdf7f520730e84f58bc4018c04217b97 CHAP-Password = 0xb6fe48120b0aed82ffdb4d782f3b51cd6a
There is no User-Password in the packet, so using '==' for comarison will never result in a match.
but it still works with '==', why? I see radius gets username from peap message (if it is not in identity) and do the sql query (it returns 1 row) and gets the password also from peap message and then says rlm_eap_peap: Tunneled data is valid. rlm_eap_peap: Success Of course the password must be correct :-). Can anybode describe how the rlm_sql works? What does it do? there is not much in documentation for rlm_sql. norbert
"Norbert Grochal" <norboro@celpol.pl> wrote:
There is no User-Password in the packet, so using '==' for comarison will never result in a match.
but it still works with '==', why?
You didn't post debug logs showing it working. I suspect it doesn't. As for your original question about IP addresses, you put the IP into the radcheck table, not radreply. Alan DeKok.
but it still works with '==', why?
You didn't post debug logs showing it working. I suspect it doesn't.
OK. Logs are here. User typed 'Jan Nowak' in Identity field, but in my database there is UserName='jnovak'. This log was generated when I have '==' in radcheck table. There are 9 Access-Request packets (always 9): rad_recv: Access-Request packet from host 10.10.10.120:3072, id=172, length=185 User-Name = "Jan Nowak" NAS-IP-Address = 10.10.10.120 NAS-Port = 0 Called-Station-Id = "00304f410101" Calling-Station-Id = "000e2e740202" NAS-Identifier = "Realtek Access Point. 8181" Framed-MTU = 1400 NAS-Port-Type = Wireless-802.11 Service-Type = Framed-User Connect-Info = "CONNECT 11Mbps 802.11b" EAP-Message = 0x02000013014d61726975737a20426f63687261 Message-Authenticator = 0xe12c581fdff458cd955c5e8227772a94 Processing the authorize section of radiusd.conf modcall: entering group authorize for request 9453 modcall[authorize]: module "preprocess" returns ok for request 9453 radius_xlat: '/usr/local/var/log/radius/radacct/10.10.10.120/auth-detail-20060317' rlm_detail: /usr/local/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d expands to /usr/local/var/log/radius/radacct/10.10.10.120/auth-detail-20060317 modcall[authorize]: module "auth_log" returns ok for request 9453 modcall[authorize]: module "chap" returns noop for request 9453 modcall[authorize]: module "mschap" returns noop for request 9453 rlm_realm: No '@' in User-Name = "Jan Nowak", looking up realm NULL rlm_realm: No such realm "NULL" modcall[authorize]: module "suffix" returns noop for request 9453 rlm_eap: EAP packet type response id 0 length 19 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 9453 modcall[authorize]: module "files" returns notfound for request 9453 radius_xlat: 'Jan Nowak' rlm_sql (sql): sql_set_user escaped user --> 'Jan Nowak' radius_xlat: 'SELECT id, UserName, Attribute, Value, op FROM radcheck WHERE Username = 'Jan Nowak' ORDER BY id' rlm_sql (sql): Reserving sql socket id: 4 rlm_sql (sql): User Jan Nowak not found in radcheck radius_xlat: 'SELECT radgroupcheck.id,radgroupcheck.GroupName,radgroupcheck.Attribute,radgroupcheck.Value,radgroupcheck.op FROM radgroupcheck,usergroup WHERE usergroup.Username = 'Jan Nowak' AND usergroup.GroupName = radgroupcheck.GroupName ORDER BY radgroupcheck.id' radius_xlat: 'SELECT radgroupreply.id,radgroupreply.GroupName,radgroupreply.Attribute,radgroupreply.Value,radgroupreply.op FROM radgroupreply,usergroup WHERE usergroup.Username = 'Jan Nowak' AND usergroup.GroupName = radgroupreply.GroupName ORDER BY radgroupreply.id' rlm_sql (sql): User Jan Nowak not found in radgroupcheck rlm_sql (sql): Released sql socket id: 4 rlm_sql (sql): User not found modcall[authorize]: module "sql" returns notfound for request 9453 modcall: leaving group authorize (returns updated) for request 9453 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 9453 rlm_eap: EAP Identity rlm_eap: processing type tls rlm_eap_tls: Initiate rlm_eap_tls: Start returned 1 modcall[authenticate]: module "eap" returns handled for request 9453 modcall: leaving group authenticate (returns handled) for request 9453 Sending Access-Challenge of id 172 to 10.10.10.120 port 3072 EAP-Message = 0x010100061920 Message-Authenticator = 0x00000000000000000000000000000000 State = 0xa5d902c4e64ab1f874fa7be83778e61e Finished request 9453 Going to the next request --- Walking the entire request list --- Waking up in 3 seconds... rad_recv: Access-Request packet from host 10.10.10.120:3072, id=173, length=284 User-Name = "Jan Nowak" NAS-IP-Address = 10.10.10.120 NAS-Port = 0 Called-Station-Id = "00304f410101" Calling-Station-Id = "000e2e740202" NAS-Identifier = "Realtek Access Point. 8181" NAS-Port-Type = Wireless-802.11 Service-Type = Framed-User Connect-Info = "CONNECT 11Mbps 802.11b" EAP-Message = 0x0201006a198000000060160301005b010000570301441b3c365de4870d0aa728036bbb3241beb94a4454df3e953c70b8543976c17800003000390038003500160013000a00330032002f0066000500040065006400630062006000150012000900140011000800030100 State = 0xa5d902c4e64ab1f874fa7be83778e61e Message-Authenticator = 0xa2f42db50764094ad6cf90bd7b6c3484 Processing the authorize section of radiusd.conf modcall: entering group authorize for request 9454 modcall[authorize]: module "preprocess" returns ok for request 9454 radius_xlat: '/usr/local/var/log/radius/radacct/10.10.10.120/auth-detail-20060317' rlm_detail: /usr/local/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d expands to /usr/local/var/log/radius/radacct/10.10.10.120/auth-detail-20060317 modcall[authorize]: module "auth_log" returns ok for request 9454 modcall[authorize]: module "chap" returns noop for request 9454 modcall[authorize]: module "mschap" returns noop for request 9454 rlm_realm: No '@' in User-Name = "Jan Nowak", looking up realm NULL rlm_realm: No such realm "NULL" modcall[authorize]: module "suffix" returns noop for request 9454 rlm_eap: EAP packet type response id 1 length 106 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 9454 modcall[authorize]: module "files" returns notfound for request 9454 radius_xlat: 'Jan Nowak' rlm_sql (sql): sql_set_user escaped user --> 'Jan Nowak' radius_xlat: 'SELECT id, UserName, Attribute, Value, op FROM radcheck WHERE Username = 'Jan Nowak' ORDER BY id' rlm_sql (sql): Reserving sql socket id: 3 rlm_sql (sql): User Jan Nowak not found in radcheck radius_xlat: 'SELECT radgroupcheck.id,radgroupcheck.GroupName,radgroupcheck.Attribute,radgroupcheck.Value,radgroupcheck.op FROM radgroupcheck,usergroup WHERE usergroup.Username = 'Jan Nowak' AND usergroup.GroupName = radgroupcheck.GroupName ORDER BY radgroupcheck.id' radius_xlat: 'SELECT radgroupreply.id,radgroupreply.GroupName,radgroupreply.Attribute,radgroupreply.Value,radgroupreply.op FROM radgroupreply,usergroup WHERE usergroup.Username = 'Jan Nowak' AND usergroup.GroupName = radgroupreply.GroupName ORDER BY radgroupreply.id' rlm_sql (sql): User Jan Nowak not found in radgroupcheck rlm_sql (sql): Released sql socket id: 3 rlm_sql (sql): User not found modcall[authorize]: module "sql" returns notfound for request 9454 modcall: leaving group authorize (returns updated) for request 9454 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 9454 rlm_eap: Request found, released from the list rlm_eap: EAP/peap rlm_eap: processing type peap rlm_eap_peap: Authenticate rlm_eap_tls: processing TLS rlm_eap_tls: Length Included eaptls_verify returned 11 (other): before/accept initialization TLS_accept: before/accept initialization rlm_eap_tls: <<< TLS 1.0 Handshake [length 005b], ClientHello TLS_accept: SSLv3 read client hello A rlm_eap_tls: >>> TLS 1.0 Handshake [length 004a], ServerHello TLS_accept: SSLv3 write server hello A rlm_eap_tls: >>> TLS 1.0 Handshake [length 05c2], Certificate TLS_accept: SSLv3 write certificate A rlm_eap_tls: >>> TLS 1.0 Handshake [length 0004], ServerHelloDone TLS_accept: SSLv3 write server done A TLS_accept: SSLv3 flush data TLS_accept:error in SSLv3 read client certificate A In SSL Handshake Phase In SSL Accept mode eaptls_process returned 13 rlm_eap_peap: EAPTLS_HANDLED modcall[authenticate]: module "eap" returns handled for request 9454 modcall: leaving group authenticate (returns handled) for request 9454 Sending Access-Challenge of id 173 to 10.10.10.120 port 3072 EAP-Message = 0x0102040a19c00000061f160301004a020000460301441b3c8a09a768656cc8b18679ddde800cf69824f2ff21174a806fdf90524bae20705a153e92631a2faefae233c6f6ba484b654b4334523215e1c66bb00b8c112b00350016030105c20b0005be0005bb00027d30820279308201e2a003020102020106300d06092a864886f70d01010505003070310b300906035504061302504c310f300d0603550408130650756c617779310f300d0603550407130650756c617779310f300d060355040a130643656c706f6c310f300d0603550403130643656c706f6c311d301b06092a864886f70d010901160e696e666f4063656c706f6c2e706c301e170d EAP-Message = 0x3036303230383136303835365a170d3037303230383136303835365a307c310b300906035504061302504c310f300d0603550408130650756c617779310f300d0603550407130650756c617779310f300d060355040a130643656c706f6c3119301706035504031310526f6f74206365727469666963617465311f301d06092a864886f70d0109011610726f6f74406578616d706c652e636f6d30819f300d06092a864886f70d010101050003818d0030818902818100ebeb0db2d95e9d54a40db86f4fafa7aaa6a8e7a75181742c25d6c0f2117bb200f547fca9a00d338ad20d216471aff05550cb29e5e7c7b277856a4ec02893b332ca2520dde6cf EAP-Message = 0x677f98d92fd5e2e8f66327d8f4a0d87a7439fcceb82bd0bf13a97bd750e51731af6353b6db2e1a9f7af0696846b7b3f56988886c64734e022a590203010001a317301530130603551d25040c300a06082b06010505070301300d06092a864886f70d0101050500038181006f20918ccc91f8537e50000d363d8bbf338547236c25a5cd63bea4c988af28528d3facc091eba2a40b50f21ce46900983cc2c600c73e4e432ef2620b8afe0b790144b574c949a7edf263de59097ca5f2a31845920d001e3653a214b89362eee7892c80a33f9e207960a03ca0eb5f1eff01306ad6813c9967582c18a78bd715e8000338308203343082029da0030201020209 EAP-Message = 0x008508d88838ca3017300d06092a864886f70d01010505003070310b300906035504061302504c310f300d0603550408130650756c617779310f300d0603550407130650756c617779310f300d060355040a130643656c706f6c310f300d0603550403130643656c706f6c311d301b06092a864886f70d010901160e696e666f4063656c706f6c2e706c301e170d3036303230383136303835355a170d3136303230383136303835355a3070310b300906035504061302504c310f300d0603550408130650756c617779310f300d0603550407130650756c617779310f300d060355040a130643656c706f6c310f300d0603550403130643656c706f6c EAP-Message = 0x311d301b06092a864886f70d010901160e696e666f40 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x39bc601df9e4a78007d463f02d64bc8b Finished request 9454 Going to the next request --- Walking the entire request list --- Waking up in 1 seconds... rad_recv: Access-Request packet from host 10.10.10.120:3072, id=174, length=184 User-Name = "Jan Nowak" NAS-IP-Address = 10.10.10.120 NAS-Port = 0 Called-Station-Id = "00304f410101" Calling-Station-Id = "000e2e740202" NAS-Identifier = "Realtek Access Point. 8181" NAS-Port-Type = Wireless-802.11 Service-Type = Framed-User Connect-Info = "CONNECT 11Mbps 802.11b" EAP-Message = 0x020200061900 State = 0x39bc601df9e4a78007d463f02d64bc8b Message-Authenticator = 0xbdde1e97a46552df02cc8539ef9b73f0 Processing the authorize section of radiusd.conf modcall: entering group authorize for request 9455 modcall[authorize]: module "preprocess" returns ok for request 9455 radius_xlat: '/usr/local/var/log/radius/radacct/10.10.10.120/auth-detail-20060317' rlm_detail: /usr/local/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d expands to /usr/local/var/log/radius/radacct/10.10.10.120/auth-detail-20060317 modcall[authorize]: module "auth_log" returns ok for request 9455 modcall[authorize]: module "chap" returns noop for request 9455 modcall[authorize]: module "mschap" returns noop for request 9455 rlm_realm: No '@' in User-Name = "Jan Nowak", looking up realm NULL rlm_realm: No such realm "NULL" modcall[authorize]: module "suffix" returns noop for request 9455 rlm_eap: EAP packet type response id 2 length 6 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 9455 modcall[authorize]: module "files" returns notfound for request 9455 radius_xlat: 'Jan Nowak' rlm_sql (sql): sql_set_user escaped user --> 'Jan Nowak' radius_xlat: 'SELECT id, UserName, Attribute, Value, op FROM radcheck WHERE Username = 'Jan Nowak' ORDER BY id' rlm_sql (sql): Reserving sql socket id: 2 rlm_sql (sql): User Jan Nowak not found in radcheck radius_xlat: 'SELECT radgroupcheck.id,radgroupcheck.GroupName,radgroupcheck.Attribute,radgroupcheck.Value,radgroupcheck.op FROM radgroupcheck,usergroup WHERE usergroup.Username = 'Jan Nowak' AND usergroup.GroupName = radgroupcheck.GroupName ORDER BY radgroupcheck.id' radius_xlat: 'SELECT radgroupreply.id,radgroupreply.GroupName,radgroupreply.Attribute,radgroupreply.Value,radgroupreply.op FROM radgroupreply,usergroup WHERE usergroup.Username = 'Jan Nowak' AND usergroup.GroupName = radgroupreply.GroupName ORDER BY radgroupreply.id' rlm_sql (sql): User Jan Nowak not found in radgroupcheck rlm_sql (sql): Released sql socket id: 2 rlm_sql (sql): User not found modcall[authorize]: module "sql" returns notfound for request 9455 modcall: leaving group authorize (returns updated) for request 9455 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 9455 rlm_eap: Request found, released from the list rlm_eap: EAP/peap rlm_eap: processing type peap rlm_eap_peap: Authenticate rlm_eap_tls: processing TLS rlm_eap_tls: Received EAP-TLS ACK message rlm_eap_tls: ack handshake fragment handler eaptls_verify returned 1 eaptls_process returned 13 rlm_eap_peap: EAPTLS_HANDLED modcall[authenticate]: module "eap" returns handled for request 9455 modcall: leaving group authenticate (returns handled) for request 9455 Sending Access-Challenge of id 174 to 10.10.10.120 port 3072 EAP-Message = 0x01030225190063656c706f6c2e706c30819f300d06092a864886f70d010101050003818d0030818902818100c6a272deb4e88d4fd091d201eb153463f3bd9d8015ed90360716b033653057a27c3d3a8a840d1f726b5360507c9ab3cb5ff08b8315bee6dbc02e3434bafc38f793ee8d82b8c15ddcf2dfa78dcdf95704ceb8ce36ef2d0b0562ce7c88222b365ce3cfc40ad861f3ef02055c093c65d6812678adc00e089617f4189fe108f389d90203010001a381d53081d2301d0603551d0e041604145d45399694ebd5b9cdf7bd6b27a5b418f88413c13081a20603551d2304819a30819780145d45399694ebd5b9cdf7bd6b27a5b418f88413c1a174a4 EAP-Message = 0x723070310b300906035504061302504c310f300d0603550408130650756c617779310f300d0603550407130650756c617779310f300d060355040a130643656c706f6c310f300d0603550403130643656c706f6c311d301b06092a864886f70d010901160e696e666f4063656c706f6c2e706c8209008508d88838ca3017300c0603551d13040530030101ff300d06092a864886f70d01010505000381810012bc30f40f58289abe69e7374fe8ea10654d0aa787eb2bdc75a9cfc84a3f5c9952352891a0066825fafc39d5d08b17bf2c0a54abf532ae0d4792bfe6b6d4679ec7755f33e6684cff5493382a54fb9a6a1c37a43305d5e97d01c250110345 EAP-Message = 0x8f64217513a840d631791e07033eeda981df532b1763f5f87b9f317567435f6744ae16030100040e000000 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x6c9fce16240772070594508206d342ea Finished request 9455 Going to the next request Cleaning up request 9453 ID 172 with timestamp 441b3c88 Waking up in 1 seconds... rad_recv: Access-Request packet from host 10.10.10.120:3072, id=175, length=386 User-Name = "Jan Nowak" NAS-IP-Address = 10.10.10.120 NAS-Port = 0 Called-Station-Id = "00304f410101" Calling-Station-Id = "000e2e740202" NAS-Identifier = "Realtek Access Point. 8181" NAS-Port-Type = Wireless-802.11 Service-Type = Framed-User Connect-Info = "CONNECT 11Mbps 802.11b" EAP-Message = 0x020300d01980000000c6160301008610000082008034a4f389ddbdd9aced47fcfa2641368883f421cd3a27d949beb6f276a1ff80ed701ca6c162bb045d96c48500a396b932c9a339f9acb89e02114990de2158a146a04d8870701947b3a521c6079ea729b8bd0ea4d3f108e48d61303564d17c3a98ee44d1a0c214ec630fd613086980216ec4484a6709e88dd859f302c5cfe8b34c140301000101160301003059bee7596974bc04d86dff8874981c8a9ee9c293484236e3b9d27af08c941e529bd39298734f0e5bf6137f7f409a15e3 State = 0x6c9fce16240772070594508206d342ea Message-Authenticator = 0x9992ae79a46b3e5e68ca932f3fac5102 Processing the authorize section of radiusd.conf modcall: entering group authorize for request 9456 modcall[authorize]: module "preprocess" returns ok for request 9456 radius_xlat: '/usr/local/var/log/radius/radacct/10.10.10.120/auth-detail-20060317' rlm_detail: /usr/local/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d expands to /usr/local/var/log/radius/radacct/10.10.10.120/auth-detail-20060317 modcall[authorize]: module "auth_log" returns ok for request 9456 modcall[authorize]: module "chap" returns noop for request 9456 modcall[authorize]: module "mschap" returns noop for request 9456 rlm_realm: No '@' in User-Name = "Jan Nowak", looking up realm NULL rlm_realm: No such realm "NULL" modcall[authorize]: module "suffix" returns noop for request 9456 rlm_eap: EAP packet type response id 3 length 208 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 9456 modcall[authorize]: module "files" returns notfound for request 9456 radius_xlat: 'Jan Nowak' rlm_sql (sql): sql_set_user escaped user --> 'Jan Nowak' radius_xlat: 'SELECT id, UserName, Attribute, Value, op FROM radcheck WHERE Username = 'Jan Nowak' ORDER BY id' rlm_sql (sql): Reserving sql socket id: 1 rlm_sql (sql): User Jan Nowak not found in radcheck radius_xlat: 'SELECT radgroupcheck.id,radgroupcheck.GroupName,radgroupcheck.Attribute,radgroupcheck.Value,radgroupcheck.op FROM radgroupcheck,usergroup WHERE usergroup.Username = 'Jan Nowak' AND usergroup.GroupName = radgroupcheck.GroupName ORDER BY radgroupcheck.id' radius_xlat: 'SELECT radgroupreply.id,radgroupreply.GroupName,radgroupreply.Attribute,radgroupreply.Value,radgroupreply.op FROM radgroupreply,usergroup WHERE usergroup.Username = 'Jan Nowak' AND usergroup.GroupName = radgroupreply.GroupName ORDER BY radgroupreply.id' rlm_sql (sql): User Jan Nowak not found in radgroupcheck rlm_sql (sql): Released sql socket id: 1 rlm_sql (sql): User not found modcall[authorize]: module "sql" returns notfound for request 9456 modcall: leaving group authorize (returns updated) for request 9456 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 9456 rlm_eap: Request found, released from the list rlm_eap: EAP/peap rlm_eap: processing type peap rlm_eap_peap: Authenticate rlm_eap_tls: processing TLS rlm_eap_tls: Length Included eaptls_verify returned 11 rlm_eap_tls: <<< TLS 1.0 Handshake [length 0086], ClientKeyExchange TLS_accept: SSLv3 read client key exchange A rlm_eap_tls: <<< TLS 1.0 ChangeCipherSpec [length 0001] rlm_eap_tls: <<< TLS 1.0 Handshake [length 0010], Finished TLS_accept: SSLv3 read finished A rlm_eap_tls: >>> TLS 1.0 ChangeCipherSpec [length 0001] TLS_accept: SSLv3 write change cipher spec A rlm_eap_tls: >>> TLS 1.0 Handshake [length 0010], Finished TLS_accept: SSLv3 write finished A TLS_accept: SSLv3 flush data (other): SSL negotiation finished successfully SSL Connection Established eaptls_process returned 13 rlm_eap_peap: EAPTLS_HANDLED modcall[authenticate]: module "eap" returns handled for request 9456 modcall: leaving group authenticate (returns handled) for request 9456 Sending Access-Challenge of id 175 to 10.10.10.120 port 3072 EAP-Message = 0x0104004119001403010001011603010030a2f7faa3fbebc41632ed2e335484845b0b28e35e7079546689712be59f70f7eb6bb4a7b279b996c3246c1dec798cabef Message-Authenticator = 0x00000000000000000000000000000000 State = 0xa636d37307db295290e7df7739d79677 Finished request 9456 Going to the next request --- Walking the entire request list --- Waking up in 2 seconds... rad_recv: Access-Request packet from host 10.10.10.120:3072, id=176, length=184 User-Name = "Jan Nowak" NAS-IP-Address = 10.10.10.120 NAS-Port = 0 Called-Station-Id = "00304f410101" Calling-Station-Id = "000e2e740202" NAS-Identifier = "Realtek Access Point. 8181" NAS-Port-Type = Wireless-802.11 Service-Type = Framed-User Connect-Info = "CONNECT 11Mbps 802.11b" EAP-Message = 0x020400061900 State = 0xa636d37307db295290e7df7739d79677 Message-Authenticator = 0xfceece1ee08078c131ae49f1db6449f9 Processing the authorize section of radiusd.conf modcall: entering group authorize for request 9457 modcall[authorize]: module "preprocess" returns ok for request 9457 radius_xlat: '/usr/local/var/log/radius/radacct/10.10.10.120/auth-detail-20060317' rlm_detail: /usr/local/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d expands to /usr/local/var/log/radius/radacct/10.10.10.120/auth-detail-20060317 modcall[authorize]: module "auth_log" returns ok for request 9457 modcall[authorize]: module "chap" returns noop for request 9457 modcall[authorize]: module "mschap" returns noop for request 9457 rlm_realm: No '@' in User-Name = "Jan Nowak", looking up realm NULL rlm_realm: No such realm "NULL" modcall[authorize]: module "suffix" returns noop for request 9457 rlm_eap: EAP packet type response id 4 length 6 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 9457 modcall[authorize]: module "files" returns notfound for request 9457 radius_xlat: 'Jan Nowak' rlm_sql (sql): sql_set_user escaped user --> 'Jan Nowak' radius_xlat: 'SELECT id, UserName, Attribute, Value, op FROM radcheck WHERE Username = 'Jan Nowak' ORDER BY id' rlm_sql (sql): Reserving sql socket id: 0 rlm_sql (sql): User Jan Nowak not found in radcheck radius_xlat: 'SELECT radgroupcheck.id,radgroupcheck.GroupName,radgroupcheck.Attribute,radgroupcheck.Value,radgroupcheck.op FROM radgroupcheck,usergroup WHERE usergroup.Username = 'Jan Nowak' AND usergroup.GroupName = radgroupcheck.GroupName ORDER BY radgroupcheck.id' radius_xlat: 'SELECT radgroupreply.id,radgroupreply.GroupName,radgroupreply.Attribute,radgroupreply.Value,radgroupreply.op FROM radgroupreply,usergroup WHERE usergroup.Username = 'Jan Nowak' AND usergroup.GroupName = radgroupreply.GroupName ORDER BY radgroupreply.id' rlm_sql (sql): User Jan Nowak not found in radgroupcheck rlm_sql (sql): Released sql socket id: 0 rlm_sql (sql): User not found modcall[authorize]: module "sql" returns notfound for request 9457 modcall: leaving group authorize (returns updated) for request 9457 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 9457 rlm_eap: Request found, released from the list rlm_eap: EAP/peap rlm_eap: processing type peap rlm_eap_peap: Authenticate rlm_eap_tls: processing TLS rlm_eap_tls: Received EAP-TLS ACK message rlm_eap_tls: ack handshake is finished eaptls_verify returned 3 eaptls_process returned 3 rlm_eap_peap: EAPTLS_SUCCESS modcall[authenticate]: module "eap" returns handled for request 9457 modcall: leaving group authenticate (returns handled) for request 9457 Sending Access-Challenge of id 176 to 10.10.10.120 port 3072 EAP-Message = 0x0105005019001703010020bd830fbec3a1c307909e7422327b1aebff1cb58d781b4feaac2482a3f256fa4e1703010020ad704bf0795f035099a7a0538da3c0338afaaaf4fafd4362c4d448786e0ab514 Message-Authenticator = 0x00000000000000000000000000000000 State = 0xe7f4493ca439636cb18339943bbc97eb Finished request 9457 Going to the next request Waking up in 2 seconds... rad_recv: Access-Request packet from host 10.10.10.120:3072, id=177, length=258 User-Name = "Jan Nowak" NAS-IP-Address = 10.10.10.120 NAS-Port = 0 Called-Station-Id = "00304f410101" Calling-Station-Id = "000e2e740202" NAS-Identifier = "Realtek Access Point. 8181" NAS-Port-Type = Wireless-802.11 Service-Type = Framed-User Connect-Info = "CONNECT 11Mbps 802.11b" EAP-Message = 0x0205005019001703010020d18e6483f879255c064ed23ac9a78ec7117545a359498d17c554bd3c304748eb17030100209b5f644be27b277f0b531d0b1acfa898620711d83364491306265248a4991fde State = 0xe7f4493ca439636cb18339943bbc97eb Message-Authenticator = 0x143e2a227b53ccee2c8d2c3d04e7cad2 Processing the authorize section of radiusd.conf modcall: entering group authorize for request 9458 modcall[authorize]: module "preprocess" returns ok for request 9458 radius_xlat: '/usr/local/var/log/radius/radacct/10.10.10.120/auth-detail-20060317' rlm_detail: /usr/local/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d expands to /usr/local/var/log/radius/radacct/10.10.10.120/auth-detail-20060317 modcall[authorize]: module "auth_log" returns ok for request 9458 modcall[authorize]: module "chap" returns noop for request 9458 modcall[authorize]: module "mschap" returns noop for request 9458 rlm_realm: No '@' in User-Name = "Jan Nowak", looking up realm NULL rlm_realm: No such realm "NULL" modcall[authorize]: module "suffix" returns noop for request 9458 rlm_eap: EAP packet type response id 5 length 80 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 9458 modcall[authorize]: module "files" returns notfound for request 9458 radius_xlat: 'Jan Nowak' rlm_sql (sql): sql_set_user escaped user --> 'Jan Nowak' radius_xlat: 'SELECT id, UserName, Attribute, Value, op FROM radcheck WHERE Username = 'Jan Nowak' ORDER BY id' rlm_sql (sql): Reserving sql socket id: 4 rlm_sql (sql): User Jan Nowak not found in radcheck radius_xlat: 'SELECT radgroupcheck.id,radgroupcheck.GroupName,radgroupcheck.Attribute,radgroupcheck.Value,radgroupcheck.op FROM radgroupcheck,usergroup WHERE usergroup.Username = 'Jan Nowak' AND usergroup.GroupName = radgroupcheck.GroupName ORDER BY radgroupcheck.id' radius_xlat: 'SELECT radgroupreply.id,radgroupreply.GroupName,radgroupreply.Attribute,radgroupreply.Value,radgroupreply.op FROM radgroupreply,usergroup WHERE usergroup.Username = 'Jan Nowak' AND usergroup.GroupName = radgroupreply.GroupName ORDER BY radgroupreply.id' rlm_sql (sql): User Jan Nowak not found in radgroupcheck rlm_sql (sql): Released sql socket id: 4 rlm_sql (sql): User not found modcall[authorize]: module "sql" returns notfound for request 9458 modcall: leaving group authorize (returns updated) for request 9458 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 9458 rlm_eap: Request found, released from the list rlm_eap: EAP/peap rlm_eap: processing type peap rlm_eap_peap: Authenticate rlm_eap_tls: processing TLS eaptls_verify returned 7 rlm_eap_tls: Done initial handshake eaptls_process returned 7 rlm_eap_peap: EAPTLS_OK rlm_eap_peap: Session established. Decoding tunneled attributes. rlm_eap_peap: Identity - jnovak rlm_eap_peap: Tunneled data is valid. PEAP: Got tunneled identity of jnovak PEAP: Setting default EAP type for tunneled EAP session. PEAP: Setting User-Name to jnovak Processing the authorize section of radiusd.conf modcall: entering group authorize for request 9458 modcall[authorize]: module "preprocess" returns ok for request 9458 radius_xlat: '/usr/local/var/log/radius/radacct/127.0.0.1/auth-detail-20060317' rlm_detail: /usr/local/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d expands to /usr/local/var/log/radius/radacct/127.0.0.1/auth-detail-20060317 modcall[authorize]: module "auth_log" returns ok for request 9458 modcall[authorize]: module "chap" returns noop for request 9458 modcall[authorize]: module "mschap" returns noop for request 9458 rlm_realm: No '@' in User-Name = "jnovak", looking up realm NULL rlm_realm: No such realm "NULL" modcall[authorize]: module "suffix" returns noop for request 9458 rlm_eap: EAP packet type response id 5 length 11 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 9458 modcall[authorize]: module "files" returns notfound for request 9458 radius_xlat: 'jnovak' rlm_sql (sql): sql_set_user escaped user --> 'jnovak' radius_xlat: 'SELECT id, UserName, Attribute, Value, op FROM radcheck WHERE Username = 'jnovak' ORDER BY id' rlm_sql (sql): Reserving sql socket id: 3 radius_xlat: 'SELECT radgroupcheck.id,radgroupcheck.GroupName,radgroupcheck.Attribute,radgroupcheck.Value,radgroupcheck.op FROM radgroupcheck,usergroup WHERE usergroup.Username = 'jnovak' AND usergroup.GroupName = radgroupcheck.GroupName ORDER BY radgroupcheck.id' radius_xlat: 'SELECT id, UserName, Attribute, Value, op FROM radreply WHERE Username = 'jnovak' ORDER BY id' radius_xlat: 'SELECT radgroupreply.id,radgroupreply.GroupName,radgroupreply.Attribute,radgroupreply.Value,radgroupreply.op FROM radgroupreply,usergroup WHERE usergroup.Username = 'jnovak' AND usergroup.GroupName = radgroupreply.GroupName ORDER BY radgroupreply.id' rlm_sql (sql): Released sql socket id: 3 modcall[authorize]: module "sql" returns ok for request 9458 modcall: leaving group authorize (returns updated) for request 9458 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 9458 rlm_eap: EAP Identity rlm_eap: processing type mschapv2 rlm_eap_mschapv2: Issuing Challenge modcall[authenticate]: module "eap" returns handled for request 9458 modcall: leaving group authenticate (returns handled) for request 9458 PEAP: Got tunneled Access-Challenge modcall[authenticate]: module "eap" returns handled for request 9458 modcall: leaving group authenticate (returns handled) for request 9458 Sending Access-Challenge of id 177 to 10.10.10.120 port 3072 EAP-Message = 0x0106007019001703010020e967380a94e405afb2fbdc4c7650dcb48443811739fdd10472f403bd102b7b401703010040bd21e59a5e4278909348c2cb50bdbd896c9b1db1d01e74df01991c329c777e75c6200582537fc3a285ae96a1776cb44be3379b700519ddd3a2821c7665efe620 Message-Authenticator = 0x00000000000000000000000000000000 State = 0xa3a93732efb58f656e2869bdb474a4d9 Finished request 9458 Going to the next request Waking up in 2 seconds... rad_recv: Access-Request packet from host 10.10.10.120:3072, id=178, length=322 User-Name = "Jan Nowak" NAS-IP-Address = 10.10.10.120 NAS-Port = 0 Called-Station-Id = "00304f410101" Calling-Station-Id = "000e2e740202" NAS-Identifier = "Realtek Access Point. 8181" NAS-Port-Type = Wireless-802.11 Service-Type = Framed-User Connect-Info = "CONNECT 11Mbps 802.11b" EAP-Message = 0x02060090190017030100201033c32f606a99453db42109fe6b3f57d4f9b977c9dd2979e6784c310b5a93881703010060af38ac49655fa128a12d32cd747c742f0e8e14c9524b4410f9f4185fc178270a6fd43e218af569d971caee2e13a3e9453a6b3491dd337a2f84968f1839a9ad42e6504a131e49225c38e5bdf111fbe0c4318b054a87d16459ed4a5aa6ba12a25b State = 0xa3a93732efb58f656e2869bdb474a4d9 Message-Authenticator = 0x8ab6955c72eacc390d4c71af6bdc5368 Processing the authorize section of radiusd.conf modcall: entering group authorize for request 9459 modcall[authorize]: module "preprocess" returns ok for request 9459 radius_xlat: '/usr/local/var/log/radius/radacct/10.10.10.120/auth-detail-20060317' rlm_detail: /usr/local/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d expands to /usr/local/var/log/radius/radacct/10.10.10.120/auth-detail-20060317 modcall[authorize]: module "auth_log" returns ok for request 9459 modcall[authorize]: module "chap" returns noop for request 9459 modcall[authorize]: module "mschap" returns noop for request 9459 rlm_realm: No '@' in User-Name = "Jan Nowak", looking up realm NULL rlm_realm: No such realm "NULL" modcall[authorize]: module "suffix" returns noop for request 9459 rlm_eap: EAP packet type response id 6 length 144 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 9459 modcall[authorize]: module "files" returns notfound for request 9459 radius_xlat: 'Jan Nowak' rlm_sql (sql): sql_set_user escaped user --> 'Jan Nowak' radius_xlat: 'SELECT id, UserName, Attribute, Value, op FROM radcheck WHERE Username = 'Jan Nowak' ORDER BY id' rlm_sql (sql): Reserving sql socket id: 2 rlm_sql (sql): User Jan Nowak not found in radcheck radius_xlat: 'SELECT radgroupcheck.id,radgroupcheck.GroupName,radgroupcheck.Attribute,radgroupcheck.Value,radgroupcheck.op FROM radgroupcheck,usergroup WHERE usergroup.Username = 'Jan Nowak' AND usergroup.GroupName = radgroupcheck.GroupName ORDER BY radgroupcheck.id' radius_xlat: 'SELECT radgroupreply.id,radgroupreply.GroupName,radgroupreply.Attribute,radgroupreply.Value,radgroupreply.op FROM radgroupreply,usergroup WHERE usergroup.Username = 'Jan Nowak' AND usergroup.GroupName = radgroupreply.GroupName ORDER BY radgroupreply.id' rlm_sql (sql): User Jan Nowak not found in radgroupcheck rlm_sql (sql): Released sql socket id: 2 rlm_sql (sql): User not found modcall[authorize]: module "sql" returns notfound for request 9459 modcall: leaving group authorize (returns updated) for request 9459 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 9459 rlm_eap: Request found, released from the list rlm_eap: EAP/peap rlm_eap: processing type peap rlm_eap_peap: Authenticate rlm_eap_tls: processing TLS eaptls_verify returned 7 rlm_eap_tls: Done initial handshake eaptls_process returned 7 rlm_eap_peap: EAPTLS_OK rlm_eap_peap: Session established. Decoding tunneled attributes. rlm_eap_peap: EAP type mschapv2 rlm_eap_peap: Tunneled data is valid. PEAP: Setting User-Name to jnovak PEAP: Adding old state with 5f c5 Processing the authorize section of radiusd.conf modcall: entering group authorize for request 9459 modcall[authorize]: module "preprocess" returns ok for request 9459 radius_xlat: '/usr/local/var/log/radius/radacct/127.0.0.1/auth-detail-20060317' rlm_detail: /usr/local/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d expands to /usr/local/var/log/radius/radacct/127.0.0.1/auth-detail-20060317 modcall[authorize]: module "auth_log" returns ok for request 9459 modcall[authorize]: module "chap" returns noop for request 9459 modcall[authorize]: module "mschap" returns noop for request 9459 rlm_realm: No '@' in User-Name = "jnovak", looking up realm NULL rlm_realm: No such realm "NULL" modcall[authorize]: module "suffix" returns noop for request 9459 rlm_eap: EAP packet type response id 6 length 65 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 9459 modcall[authorize]: module "files" returns notfound for request 9459 radius_xlat: 'jnovak' rlm_sql (sql): sql_set_user escaped user --> 'jnovak' radius_xlat: 'SELECT id, UserName, Attribute, Value, op FROM radcheck WHERE Username = 'jnovak' ORDER BY id' rlm_sql (sql): Reserving sql socket id: 1 radius_xlat: 'SELECT radgroupcheck.id,radgroupcheck.GroupName,radgroupcheck.Attribute,radgroupcheck.Value,radgroupcheck.op FROM radgroupcheck,usergroup WHERE usergroup.Username = 'jnovak' AND usergroup.GroupName = radgroupcheck.GroupName ORDER BY radgroupcheck.id' radius_xlat: 'SELECT id, UserName, Attribute, Value, op FROM radreply WHERE Username = 'jnovak' ORDER BY id' radius_xlat: 'SELECT radgroupreply.id,radgroupreply.GroupName,radgroupreply.Attribute,radgroupreply.Value,radgroupreply.op FROM radgroupreply,usergroup WHERE usergroup.Username = 'jnovak' AND usergroup.GroupName = radgroupreply.GroupName ORDER BY radgroupreply.id' rlm_sql (sql): Released sql socket id: 1 modcall[authorize]: module "sql" returns ok for request 9459 modcall: leaving group authorize (returns updated) for request 9459 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 9459 rlm_eap: Request found, released from the list rlm_eap: EAP/mschapv2 rlm_eap: processing type mschapv2 Processing the authenticate section of radiusd.conf modcall: entering group MS-CHAP for request 9459 rlm_mschap: Told to do MS-CHAPv2 for jnovak with NT-Password rlm_mschap: adding MS-CHAPv2 MPPE keys modcall[authenticate]: module "mschap" returns ok for request 9459 modcall: leaving group MS-CHAP (returns ok) for request 9459 MSCHAP Success modcall[authenticate]: module "eap" returns handled for request 9459 modcall: leaving group authenticate (returns handled) for request 9459 PEAP: Got tunneled Access-Challenge modcall[authenticate]: module "eap" returns handled for request 9459 modcall: leaving group authenticate (returns handled) for request 9459 Sending Access-Challenge of id 178 to 10.10.10.120 port 3072 EAP-Message = 0x0107008019001703010020a31e64af966a0a07666b89cbf5f270dad3746fde5c04de489cc8dc007f4f5f2517030100506ee1aaf5fdd1035e28d1e17ec8dcd921408131bfad8ec38d169167cedaec28c2e5c9fbd12be70a414f4a46b0f285398e2964aa3da797824508984fb0c18cc28b155b4b27679a762ea7d7af18f6719974 Message-Authenticator = 0x00000000000000000000000000000000 State = 0xf088e70ad7f57009d357e9ec239d3945 Finished request 9459 Going to the next request Waking up in 2 seconds... rad_recv: Access-Request packet from host 10.10.10.120:3072, id=179, length=258 User-Name = "Jan Nowak" NAS-IP-Address = 10.10.10.120 NAS-Port = 0 Called-Station-Id = "00304f410101" Calling-Station-Id = "000e2e740202" NAS-Identifier = "Realtek Access Point. 8181" NAS-Port-Type = Wireless-802.11 Service-Type = Framed-User Connect-Info = "CONNECT 11Mbps 802.11b" EAP-Message = 0x020700501900170301002061953fd7cd6062ed3d060c2217bc6071397eebc0e9200c8f93e5d3e27f8f29001703010020e255fa52030a457dd6187954eb2088e85b15f5f9f7144422bf843a01230384c0 State = 0xf088e70ad7f57009d357e9ec239d3945 Message-Authenticator = 0x5f668992afa71ade1c7e536d70eeaea2 Processing the authorize section of radiusd.conf modcall: entering group authorize for request 9460 modcall[authorize]: module "preprocess" returns ok for request 9460 radius_xlat: '/usr/local/var/log/radius/radacct/10.10.10.120/auth-detail-20060317' rlm_detail: /usr/local/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d expands to /usr/local/var/log/radius/radacct/10.10.10.120/auth-detail-20060317 modcall[authorize]: module "auth_log" returns ok for request 9460 modcall[authorize]: module "chap" returns noop for request 9460 modcall[authorize]: module "mschap" returns noop for request 9460 rlm_realm: No '@' in User-Name = "Jan Nowak", looking up realm NULL rlm_realm: No such realm "NULL" modcall[authorize]: module "suffix" returns noop for request 9460 rlm_eap: EAP packet type response id 7 length 80 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 9460 modcall[authorize]: module "files" returns notfound for request 9460 radius_xlat: 'Jan Nowak' rlm_sql (sql): sql_set_user escaped user --> 'Jan Nowak' radius_xlat: 'SELECT id, UserName, Attribute, Value, op FROM radcheck WHERE Username = 'Jan Nowak' ORDER BY id' rlm_sql (sql): Reserving sql socket id: 0 rlm_sql (sql): User Jan Nowak not found in radcheck radius_xlat: 'SELECT radgroupcheck.id,radgroupcheck.GroupName,radgroupcheck.Attribute,radgroupcheck.Value,radgroupcheck.op FROM radgroupcheck,usergroup WHERE usergroup.Username = 'Jan Nowak' AND usergroup.GroupName = radgroupcheck.GroupName ORDER BY radgroupcheck.id' radius_xlat: 'SELECT radgroupreply.id,radgroupreply.GroupName,radgroupreply.Attribute,radgroupreply.Value,radgroupreply.op FROM radgroupreply,usergroup WHERE usergroup.Username = 'Jan Nowak' AND usergroup.GroupName = radgroupreply.GroupName ORDER BY radgroupreply.id' rlm_sql (sql): User Jan Nowak not found in radgroupcheck rlm_sql (sql): Released sql socket id: 0 rlm_sql (sql): User not found modcall[authorize]: module "sql" returns notfound for request 9460 modcall: leaving group authorize (returns updated) for request 9460 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 9460 rlm_eap: Request found, released from the list rlm_eap: EAP/peap rlm_eap: processing type peap rlm_eap_peap: Authenticate rlm_eap_tls: processing TLS eaptls_verify returned 7 rlm_eap_tls: Done initial handshake eaptls_process returned 7 rlm_eap_peap: EAPTLS_OK rlm_eap_peap: Session established. Decoding tunneled attributes. rlm_eap_peap: EAP type mschapv2 rlm_eap_peap: Tunneled data is valid. PEAP: Setting User-Name to jnovak PEAP: Adding old state with 09 60 Processing the authorize section of radiusd.conf modcall: entering group authorize for request 9460 modcall[authorize]: module "preprocess" returns ok for request 9460 radius_xlat: '/usr/local/var/log/radius/radacct/127.0.0.1/auth-detail-20060317' rlm_detail: /usr/local/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d expands to /usr/local/var/log/radius/radacct/127.0.0.1/auth-detail-20060317 modcall[authorize]: module "auth_log" returns ok for request 9460 modcall[authorize]: module "chap" returns noop for request 9460 modcall[authorize]: module "mschap" returns noop for request 9460 rlm_realm: No '@' in User-Name = "jnovak", looking up realm NULL rlm_realm: No such realm "NULL" modcall[authorize]: module "suffix" returns noop for request 9460 rlm_eap: EAP packet type response id 7 length 6 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 9460 modcall[authorize]: module "files" returns notfound for request 9460 radius_xlat: 'jnovak' rlm_sql (sql): sql_set_user escaped user --> 'jnovak' radius_xlat: 'SELECT id, UserName, Attribute, Value, op FROM radcheck WHERE Username = 'jnovak' ORDER BY id' rlm_sql (sql): Reserving sql socket id: 4 radius_xlat: 'SELECT radgroupcheck.id,radgroupcheck.GroupName,radgroupcheck.Attribute,radgroupcheck.Value,radgroupcheck.op FROM radgroupcheck,usergroup WHERE usergroup.Username = 'jnovak' AND usergroup.GroupName = radgroupcheck.GroupName ORDER BY radgroupcheck.id' radius_xlat: 'SELECT id, UserName, Attribute, Value, op FROM radreply WHERE Username = 'jnovak' ORDER BY id' radius_xlat: 'SELECT radgroupreply.id,radgroupreply.GroupName,radgroupreply.Attribute,radgroupreply.Value,radgroupreply.op FROM radgroupreply,usergroup WHERE usergroup.Username = 'jnovak' AND usergroup.GroupName = radgroupreply.GroupName ORDER BY radgroupreply.id' rlm_sql (sql): Released sql socket id: 4 modcall[authorize]: module "sql" returns ok for request 9460 modcall: leaving group authorize (returns updated) for request 9460 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 9460 rlm_eap: Request found, released from the list rlm_eap: EAP/mschapv2 rlm_eap: processing type mschapv2 rlm_eap: Freeing handler modcall[authenticate]: module "eap" returns ok for request 9460 modcall: leaving group authenticate (returns ok) for request 9460 Login OK: [jnovak] (from client localhost port 0) Processing the post-auth section of radiusd.conf modcall: entering group post-auth for request 9460 radius_xlat: '/usr/local/var/log/radius/radacct/127.0.0.1/reply-detail-20060317' rlm_detail: /usr/local/var/log/radius/radacct/%{Client-IP-Address}/reply-detail-%Y%m%d expands to /usr/local/var/log/radius/radacct/127.0.0.1/reply-detail-20060317 modcall[post-auth]: module "reply_log" returns ok for request 9460 rlm_sql (sql): Processing sql_postauth radius_xlat: 'jnovak' rlm_sql (sql): sql_set_user escaped user --> 'jnovak' radius_xlat: 'INSERT into radpostauth (id, user, pass, reply, date) values ('', 'jnovak', 'Chap-Password', 'Access-Accept', NOW())' rlm_sql (sql) in sql_postauth: query is INSERT into radpostauth (id, user, pass, reply, date) values ('', 'jnovak', 'Chap-Password', 'Access-Accept', NOW()) rlm_sql (sql): Reserving sql socket id: 3 rlm_sql (sql): Released sql socket id: 3 modcall[post-auth]: module "sql" returns ok for request 9460 modcall: leaving group post-auth (returns ok) for request 9460 PEAP: Tunneled authentication was successful. rlm_eap_peap: SUCCESS modcall[authenticate]: module "eap" returns handled for request 9460 modcall: leaving group authenticate (returns handled) for request 9460 Sending Access-Challenge of id 179 to 10.10.10.120 port 3072 EAP-Message = 0x01080050190017030100209c83d2e118a9b149ac39c2a1b263c8b4a8135d0ee2390aedcf6416b71e33fea917030100202f89b71f344177ad24aef14959db7b69018a121c9bd08c67cb091098cb59c188 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x88b9cdb4c5e09b6fe10e056e00014195 Finished request 9460 Going to the next request Waking up in 2 seconds... rad_recv: Access-Request packet from host 10.10.10.120:3072, id=180, length=258 User-Name = "Jan Nowak" NAS-IP-Address = 10.10.10.120 NAS-Port = 0 Called-Station-Id = "00304f410101" Calling-Station-Id = "000e2e740202" NAS-Identifier = "Realtek Access Point. 8181" NAS-Port-Type = Wireless-802.11 Service-Type = Framed-User Connect-Info = "CONNECT 11Mbps 802.11b" EAP-Message = 0x0208005019001703010020b2711c8c08afb24471bd7cc630f07c4a7cab2cac1a03058f3fddc42b92aec06f17030100203d4f99424afe7a9017d927100d6dd50d1a31ebb6870fc2044b28f27f02eade9f State = 0x88b9cdb4c5e09b6fe10e056e00014195 Message-Authenticator = 0x197dad7442bbba1103bd14df6274f579 Processing the authorize section of radiusd.conf modcall: entering group authorize for request 9461 modcall[authorize]: module "preprocess" returns ok for request 9461 radius_xlat: '/usr/local/var/log/radius/radacct/10.10.10.120/auth-detail-20060317' rlm_detail: /usr/local/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d expands to /usr/local/var/log/radius/radacct/10.10.10.120/auth-detail-20060317 modcall[authorize]: module "auth_log" returns ok for request 9461 modcall[authorize]: module "chap" returns noop for request 9461 modcall[authorize]: module "mschap" returns noop for request 9461 rlm_realm: No '@' in User-Name = "Jan Nowak", looking up realm NULL rlm_realm: No such realm "NULL" modcall[authorize]: module "suffix" returns noop for request 9461 rlm_eap: EAP packet type response id 8 length 80 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 9461 modcall[authorize]: module "files" returns notfound for request 9461 radius_xlat: 'Jan Nowak' rlm_sql (sql): sql_set_user escaped user --> 'Jan Nowak' radius_xlat: 'SELECT id, UserName, Attribute, Value, op FROM radcheck WHERE Username = 'Jan Nowak' ORDER BY id' rlm_sql (sql): Reserving sql socket id: 2 rlm_sql (sql): User Jan Nowak not found in radcheck radius_xlat: 'SELECT radgroupcheck.id,radgroupcheck.GroupName,radgroupcheck.Attribute,radgroupcheck.Value,radgroupcheck.op FROM radgroupcheck,usergroup WHERE usergroup.Username = 'Jan Nowak' AND usergroup.GroupName = radgroupcheck.GroupName ORDER BY radgroupcheck.id' radius_xlat: 'SELECT radgroupreply.id,radgroupreply.GroupName,radgroupreply.Attribute,radgroupreply.Value,radgroupreply.op FROM radgroupreply,usergroup WHERE usergroup.Username = 'Jan Nowak' AND usergroup.GroupName = radgroupreply.GroupName ORDER BY radgroupreply.id' rlm_sql (sql): User Jan Nowak not found in radgroupcheck rlm_sql (sql): Released sql socket id: 2 rlm_sql (sql): User not found modcall[authorize]: module "sql" returns notfound for request 9461 modcall: leaving group authorize (returns updated) for request 9461 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 9461 rlm_eap: Request found, released from the list rlm_eap: EAP/peap rlm_eap: processing type peap rlm_eap_peap: Authenticate rlm_eap_tls: processing TLS eaptls_verify returned 7 rlm_eap_tls: Done initial handshake eaptls_process returned 7 rlm_eap_peap: EAPTLS_OK rlm_eap_peap: Session established. Decoding tunneled attributes. rlm_eap_peap: Received EAP-TLV response. rlm_eap_peap: Tunneled data is valid. rlm_eap_peap: Success rlm_eap: Freeing handler modcall[authenticate]: module "eap" returns ok for request 9461 modcall: leaving group authenticate (returns ok) for request 9461 Login OK: [Jan Nowak] (from client AP120 port 0 cli 000e2e740202) Processing the post-auth section of radiusd.conf modcall: entering group post-auth for request 9461 radius_xlat: '/usr/local/var/log/radius/radacct/10.10.10.120/reply-detail-20060317' rlm_detail: /usr/local/var/log/radius/radacct/%{Client-IP-Address}/reply-detail-%Y%m%d expands to /usr/local/var/log/radius/radacct/10.10.10.120/reply-detail-20060317 modcall[post-auth]: module "reply_log" returns ok for request 9461 rlm_sql (sql): Processing sql_postauth radius_xlat: 'Jan Nowak' rlm_sql (sql): sql_set_user escaped user --> 'Jan Nowak' radius_xlat: 'INSERT into radpostauth (id, user, pass, reply, date) values ('', 'Jan Nowak', 'Chap-Password', 'Access-Accept', NOW())' rlm_sql (sql) in sql_postauth: query is INSERT into radpostauth (id, user, pass, reply, date) values ('', 'Jan Nowak', 'Chap-Password', 'Access-Accept', NOW()) rlm_sql (sql): Reserving sql socket id: 1 rlm_sql (sql): Released sql socket id: 1 modcall[post-auth]: module "sql" returns ok for request 9461 modcall: leaving group post-auth (returns ok) for request 9461 Sending Access-Accept of id 180 to 10.10.10.120 port 3072 MS-MPPE-Recv-Key = 0xa72ae1fffa65dbe1b40c309e85f837da734fd1b6d5df0d2a72b264a3fe5d94c2 MS-MPPE-Send-Key = 0xa44af53fff0b5cfc14f228115a4ba667f15a535154e3a2ffb39a01cfb1fc2d54 EAP-Message = 0x03080004 Message-Authenticator = 0x00000000000000000000000000000000 User-Name = "Jan Nowak" Finished request 9461 Going to the next request Waking up in 2 seconds... --- Walking the entire request list --- Cleaning up request 9454 ID 173 with timestamp 441b3c8a Cleaning up request 9455 ID 174 with timestamp 441b3c8a Waking up in 1 seconds... --- Walking the entire request list --- Cleaning up request 9456 ID 175 with timestamp 441b3c8b Cleaning up request 9457 ID 176 with timestamp 441b3c8b Cleaning up request 9458 ID 177 with timestamp 441b3c8b Cleaning up request 9459 ID 178 with timestamp 441b3c8b Cleaning up request 9460 ID 179 with timestamp 441b3c8b Cleaning up request 9461 ID 180 with timestamp 441b3c8b Nothing to do. Sleeping until we see a request.
As for your original question about IP addresses, you put the IP into the radcheck table, not radreply.
Aha...... (!!!) So...: insert into radreply (UserName,Attribute,op,Value) values ('norbert','Framed-IP-Address',':=','xx.xx.16.124'); AND IT WORKS!!! :):):):):) THANKS!!!!!!!!!!!! Norbert
I just can't get failed messages with Acct Status Type of 15 placed in a MySQL database. The rlm_sql driver outputs an error message referring to an unsupported status type, but I would like to know if it is possible to write this information into the database. FreeRadius currently writes to a flat file. Please help. ~Alan -------------- Error message from FreeRadius debug: rlm_sql (sql): Unsupported Acct-Status-Type = 15 The account type is specified in the RFC and "dictionary.ser" as failed: ## Acct-Status-Type Values ### VALUE Acct-Status-Type Start 1 # RFC2866, acc VALUE Acct-Status-Type Stop 2 # RFC2866, acc VALUE Acct-Status-Type Failed 15 # RFC2866, acc Missed call log from debug output for response code 603 (Decline) and 486 (Busy) which I would like this information written to the database. Acct-Status-Type = Failed Service-Type = Sip-Session Sip-Response-Code = 603 Sip-Method = 1 User-Name = "alan@sip.host.com" Calling-Station-Id = "sip:alan@sip.host.com" Called-Station-Id = "sip:chidu@sip.host.com" Sip-Translated-Request-URI = "sip:chidu@10.180.2.13:5060" Acct-Session-Id = "dc06f80821541776@YWJha2Vy" Sip-To-Tag = "4c4efb52" Sip-From-Tag = "ae6a1764" Sip-Cseq = "1" NAS-Port = 5060 Acct-Delay-Time = 0 NAS-IP-Address = 127.0.0.1 Acct-Status-Type = Failed Service-Type = Sip-Session Sip-Response-Code = 486 Sip-Method = 1 User-Name = "alan@sip.host.com" Calling-Station-Id = "sip:alan@sip.host.com" Called-Station-Id = "sip:chidu@sip.host.com" Sip-Translated-Request-URI = "sip:chidu@10.180.2.13:5060" Acct-Session-Id = "3e49f433b443d02f@YWJha2Vy" Sip-To-Tag = "1e237c68" Sip-From-Tag = "0678bd37" Sip-Cseq = "1" NAS-Port = 5060 Acct-Delay-Time = 0 NAS-IP-Address = 127.0.0.1 Accounting query in "sql.conf": accounting_failed_query = "\ INSERT INTO ${acct_table1} \ (RadAcctId, AcctSessionId, AcctUniqueId, UserName, Realm, NASIPAddress, NASPortId, AcctStartTime, AcctStopTime, AcctSessionTime, \ AcctInputOctets, AcctOutputOctets, CalledStationId, CallingStationId, AcctTerminateCause, ServiceType, FramedProtocol, \ FramedIPAddress, AcctStartDelay, AcctStopDelay, SipResponseCode, SipMethod, SipTranslatedRequestURI, SipToTag, SipFromTag, \ SipRPIDHeader, SourceIP, SourcePort, CanonicalURI) \ VALUES \ (NULL, '%{Acct-Session-Id}', '%{Acct-Unique-Session-Id}', '%{SQL-User-Name}', SUBSTRING_INDEX('%{SQL-User-Name}', '@',-1), \ '%{NAS-IP-Address}', '%{NAS-Port}', '%S', '%S', '0', '0', '0', '%{Called-Station-Id}', '%{Calling-Station-Id}', \ '%{Sip-Response-Code}', '%{Service-Type}', '%{Framed-Protocol}', '%{Framed-IP-Address}', '%{Acct-Delay-Time}', '0', \ '%{Sip-Response-Code}', '%{Sip-Method}', '%{Sip-Translated-Request-URI}', MD5(RAND()), '%{Sip-From-Tag}', '%{Sip-RPId}', \ '%{Source-IP}', '%{Source-Port}', '%{Canonical-URI}')"
"Alan" <abaker@cliquecom.com> wrote:
I just can't get failed messages with Acct Status Type of 15 placed in a MySQL database. The rlm_sql driver outputs an error message referring to an unsupported status type, but I would like to know if it is possible to write this information into the database. FreeRadius currently writes to a flat file. Please help.
The rlm_sql module currently supports only few status types for queries. Adding more queries to the configuration file won't help, because the source code won't look for them. You'll have to edit the source code to support new queries. Alan DeKok.
Are there any fundamental problems with modifying rlm_sql to allow an arbitrary number (and potentially source) of additional queries in relation to how it interacts with the core FR server? What I'm saying is, are there any known issues or caveats preventing this functionality from being added or is it just resources and project priorities? Thanks, Laker --- Alan DeKok <aland@ox.org> wrote:
"Alan" <abaker@cliquecom.com> wrote:
I just can't get failed messages with Acct Status Type of 15 placed in a MySQL database. The rlm_sql driver outputs an error message referring to an unsupported status type, but I would like to know if it is possible to write this information into the database. FreeRadius currently writes to a flat file. Please help.
The rlm_sql module currently supports only few status types for queries. Adding more queries to the configuration file won't help, because the source code won't look for them.
You'll have to edit the source code to support new queries.
Alan DeKok.
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
__________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com
Laker Netman <laker_netman@yahoo.com> wrote:
Are there any fundamental problems with modifying rlm_sql to allow an arbitrary number (and potentially source) of additional queries in relation to how it interacts with the core FR server?
No, because those queries don't interact with the server core.
What I'm saying is, are there any known issues or caveats preventing this functionality from being added or is it just resources and project priorities?
Just time. See rlm_sql_log in the CVS snapshots. The method it uses for picking queries is simpler and more extensible than what's in rlm_sql. It was also written years after rlm_sql, and we've learned a bit since then. Alan DeKok.
participants (4)
-
Alan -
Alan DeKok -
Laker Netman -
Norbert Grochal