Hi all: I just installed a radius server on a freebsd machine. It seems to be started properly until I am trying to test it with "radtest": host# radtest testing password localhost 10 testing123 radclient:: Failed to find IP address for giraffe radclient: Nothing to send. here is what is in my "clients.conf": client localhost { ipaddr = 127.0.0.1 secret = testing123 require_message_authenticator = no shortname = localhost nastype = other # localhost isn't usually a NAS... } here is what is in file "users": testing Cleartext-Password := "password" here was my test for localhost: host# ping localhost PING localhost (127.0.0.1): 56 data bytes 64 bytes from 127.0.0.1: icmp_seq=0 ttl=64 time=0.028 ms 64 bytes from 127.0.0.1: icmp_seq=1 ttl=64 time=0.011 ms 64 bytes from 127.0.0.1: icmp_seq=2 ttl=64 time=0.012 ms ^C --- localhost ping statistics --- 3 packets transmitted, 3 packets received, 0.0% packet loss round-trip min/avg/max/stddev = 0.011/0.017/0.028/0.008 ms what did I do wrong here? Thanks in advance
thanks. giraffe is the temp hostname (for now).. it is behind a dsl link at this moment and this public address is listed in ddns. once i pointed my /etc/resolv.conf to that ddns provider,the "radtest" worked as it is designed. But why? --- On Sat, 8/28/10, Alan Buxey <A.L.M.Buxey@lboro.ac.uk> wrote:
From: Alan Buxey <A.L.M.Buxey@lboro.ac.uk> Subject: Re: radius newbie question To: "FreeRadius users mailing list" <freeradius-users@lists.freeradius.org> Date: Saturday, August 28, 2010, 11:46 AM Hi,
host# radtest testing password localhost 10 testing123 radclient:: Failed to find IP address for giraffe radclient: Nothing to send.
where does giraffe come from? whats in your /etc/resolv.conf?
alan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Hi all: I got the freeradius server installed, configured but it is not working. Basically it just doesn't respond. \\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ for "clients.conf": client 192.168.10.8 { secret = easy-test shortname = lab-net } for file "users": tester Auth-Type := Local User-Passowrd = "password" Juniper-Local-User-Name = "admin" for file /usr/local/share/freeradius/dictionary.juniper: # VENDOR Juniper 2636 BEGIN-VENDOR Juniper ATTRIBUTE Juniper-Local-User-Name 1 string admin END-VENDOR Juniper on juniper router: radius-server { 192.168.10.10 secret "$9$g04ZjHkPTQnik.5TzAt"; ## SECRET-DATA } somehow juniper router just ignore the calls from the freeradius server: tcpdump: listening on bge0, link-type EN10MB (Ethernet), capture size 96 bytes 21:02:56.043367 IP (tos 0x0, ttl 64, id 36292, offset 0, flags [none], proto UDP (17), length 85) 192.168.255.138.54420 > 192.168.255.128.radius: RADIUS, length: 57 Access Request (1), id: 0x3e, Authenticator: 16af4d9f0f21ace37e0a2d7b3c21d4c7 Username Attribute (1), length: 5, Value: glu 0x0000: 676c 75 Password Attribute (2), length: 18, Value: 0x0000: 8332 de31 d0a1 7ba9 e1f5 1d89 66e6 207b NAS ID Attribute (32), length: 8, Value: lab-r8 0x0000: 6c61 622d 7238 NAS IP Address Attribute (4), length: 6, Value: [|radius] 0x0000: 0a 21:02:59.045142 IP (tos 0x0, ttl 64, id 36294, offset 0, flags [none], proto UDP (17), length 85) 192.168.255.138.54420 > 192.168.255.128.radius: RADIUS, length: 57 Access Request (1), id: 0x3e, Authenticator: 16af4d9f0f21ace37e0a2d7b3c21d4c7 Username Attribute (1), length: 5, Value: glu 0x0000: 676c 75 Password Attribute (2), length: 18, Value: 0x0000: 8332 de31 d0a1 7ba9 e1f5 1d89 66e6 207b NAS ID Attribute (32), length: 8, Value: lab-r8 0x0000: 6c61 622d 7238 NAS IP Address Attribute (4), length: 6, Value: [|radius] 0x0000: 0a 21:03:02.045798 IP (tos 0x0, ttl 64, id 36299, offset 0, flags [none], proto UDP (17), length 85) 192.168.255.138.54420 > 192.168.255.128.radius: RADIUS, length: 57 Access Request (1), id: 0x3e, Authenticator: 16af4d9f0f21ace37e0a2d7b3c21d4c7 Username Attribute (1), length: 5, Value: glu 0x0000: 676c 75 Password Attribute (2), length: 18, Value: 0x0000: 8332 de31 d0a1 7ba9 e1f5 1d89 66e6 207b NAS ID Attribute (32), length: 8, Value: lab-r8 0x0000: 6c61 622d 7238 NAS IP Address Attribute (4), length: 6, Value: [|radius] 0x0000: 0a \\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\
From what i found on internet, freeradius2 suppose to support juniper routers.
any ideas?
First try adding 127.0.0.1 in your clients.conf file and try using radtest in the freeradius machine in order to see if the username/pass "tester" works and you can authenticate and receive the atrributes (Juniper-Local-User-Name). Then launch freeradius with the -X option (it will enable debug messages in your standard output) and try to access to your juniper device meanwhile radiusd is running with the -X option. Sure that an important info will be displayed in the log messages. Hope this helps Regards Hi all: I got the freeradius server installed, configured but it is not working. Basically it just doesn't respond. \\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ for "clients.conf": client 192.168.10.8 { secret = easy-test shortname = lab-net } for file "users": tester Auth-Type := Local User-Passowrd = "password" Juniper-Local-User-Name = "admin" for file /usr/local/share/freeradius/dictionary.juniper: # VENDOR Juniper 2636 BEGIN-VENDOR Juniper ATTRIBUTE Juniper-Local-User-Name 1 string admin END-VENDOR Juniper on juniper router: radius-server { 192.168.10.10 secret "$9$g04ZjHkPTQnik.5TzAt"; ## SECRET-DATA } somehow juniper router just ignore the calls from the freeradius server: tcpdump: listening on bge0, link-type EN10MB (Ethernet), capture size 96 bytes 21:02:56.043367 IP (tos 0x0, ttl 64, id 36292, offset 0, flags [none], proto UDP (17), length 85) 192.168.255.138.54420 > 192.168.255.128.radius: RADIUS, length: 57 Access Request (1), id: 0x3e, Authenticator: 16af4d9f0f21ace37e0a2d7b3c21d4c7 Username Attribute (1), length: 5, Value: glu 0x0000: 676c 75 Password Attribute (2), length: 18, Value: 0x0000: 8332 de31 d0a1 7ba9 e1f5 1d89 66e6 207b NAS ID Attribute (32), length: 8, Value: lab-r8 0x0000: 6c61 622d 7238 NAS IP Address Attribute (4), length: 6, Value: [|radius] 0x0000: 0a 21:02:59.045142 IP (tos 0x0, ttl 64, id 36294, offset 0, flags [none], proto UDP (17), length 85) 192.168.255.138.54420 > 192.168.255.128.radius: RADIUS, length: 57 Access Request (1), id: 0x3e, Authenticator: 16af4d9f0f21ace37e0a2d7b3c21d4c7 Username Attribute (1), length: 5, Value: glu 0x0000: 676c 75 Password Attribute (2), length: 18, Value: 0x0000: 8332 de31 d0a1 7ba9 e1f5 1d89 66e6 207b NAS ID Attribute (32), length: 8, Value: lab-r8 0x0000: 6c61 622d 7238 NAS IP Address Attribute (4), length: 6, Value: [|radius] 0x0000: 0a 21:03:02.045798 IP (tos 0x0, ttl 64, id 36299, offset 0, flags [none], proto UDP (17), length 85) 192.168.255.138.54420 > 192.168.255.128.radius: RADIUS, length: 57 Access Request (1), id: 0x3e, Authenticator: 16af4d9f0f21ace37e0a2d7b3c21d4c7 Username Attribute (1), length: 5, Value: glu 0x0000: 676c 75 Password Attribute (2), length: 18, Value: 0x0000: 8332 de31 d0a1 7ba9 e1f5 1d89 66e6 207b NAS ID Attribute (32), length: 8, Value: lab-r8 0x0000: 6c61 622d 7238 NAS IP Address Attribute (4), length: 6, Value: [|radius] 0x0000: 0a \\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\
From what i found on internet, freeradius2 suppose to support juniper routers.
any ideas? - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
gahn wrote:
I got the freeradius server installed, configured but it is not working. Basically it just doesn't respond.
Have you tried running the server in debugging mode, as suggested in the FAQ, README, "man" page, web pages, and daily on this list? You've given a lot of information... most of which is useless.
for file "users":
tester Auth-Type := Local User-Passowrd = "password" Juniper-Local-User-Name = "admin"
<sigh> Please read the documentation and the FAQ for how to create a "users" file entry. There are a number of mistakes here, including a mis-spelled attribute.
for "clients.conf":
client 192.168.10.8 { secret = easy-test ... on juniper router:
radius-server { 192.168.10.10 secret "$9$g04ZjHkPTQnik.5TzAt"; ## SECRET-DATA
You do realize that those secrets are different, right? And that they should be the same? And that if you ran the server in debugging mode, it would *tell* you this?
somehow juniper router just ignore the calls from the freeradius server:
No. The router is sending a packet, and not receiving a response.
any ideas?
You've done many things wrong. The main one is trying to debug the server by looking at everything *else* in the network. Why not debug the server by looking at the servers behavior? That's what all of the documentation says to do, and it seems rather more logical. Alan DeKok.
Thanks Alan: As a newbie, I need to get back to the basics...:) --- On Sun, 8/29/10, Alan DeKok <aland@deployingradius.com> wrote:
From: Alan DeKok <aland@deployingradius.com> Subject: Re: freeradius2 and juniper router To: "FreeRadius users mailing list" <freeradius-users@lists.freeradius.org> Date: Sunday, August 29, 2010, 12:56 AM gahn wrote:
I got the freeradius server installed, configured but it is not working. Basically it just doesn't respond.
Have you tried running the server in debugging mode, as suggested in the FAQ, README, "man" page, web pages, and daily on this list?
You've given a lot of information... most of which is useless.
for file "users":
tester Auth-Type := Local User-Passowrd = "password"
Juniper-Local-User-Name = "admin"
<sigh> Please read the documentation and the FAQ for how to create a "users" file entry. There are a number of mistakes here, including a mis-spelled attribute.
for "clients.conf":
client 192.168.10.8 { secret = easy-test ... on juniper router:
radius-server { 192.168.10.10 secret "$9$g04ZjHkPTQnik.5TzAt"; ## SECRET-DATA
You do realize that those secrets are different, right? And that they should be the same? And that if you ran the server in debugging mode, it would *tell* you this?
somehow juniper router just ignore the calls from the freeradius server:
No. The router is sending a packet, and not receiving a response.
any ideas?
You've done many things wrong. The main one is trying to debug the server by looking at everything *else* in the network.
Why not debug the server by looking at the servers behavior? That's what all of the documentation says to do, and it seems rather more logical.
Alan DeKok.
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Ok. now I started the server with "radiusd -X" and run "radtest testing password localhost 10 secret test123": bn_1# radtest testing password localhost 10 secret test123 Sending Access-Request of id 158 to 127.0.0.1 port 1812 User-Name = "testing" User-Password = "password" NAS-IP-Address = 192.168.1.29 NAS-Port = 10 Framed-Protocol = PPP radclient: Failed to send packet for ID 158: (unknown error) Sending Access-Request of id 158 to 127.0.0.1 port 1812 User-Name = "testing" User-Password = "password" NAS-IP-Address = 192.168.1.29 NAS-Port = 10 Framed-Protocol = PPP radclient: Failed to send packet for ID 158: (unknown error) Sending Access-Request of id 158 to 127.0.0.1 port 1812 User-Name = "testing" User-Password = "password" NAS-IP-Address = 192.168.1.29 NAS-Port = 10 Framed-Protocol = PPP radclient: Failed to send packet for ID 158: (unknown error) radclient: no response from server for ID 158 socket 3 but the server debug didn't show anything: Listening on authentication address * port 1812 Listening on accounting address * port 1813 Listening on command file /var/run/radiusd/radiusd.sock Listening on proxy address * port 1814 Ready to process requests. where did that "NAS-IP-Address = 192.168.1.29" come from? Thanks in advance --- On Sat, 8/28/10, gahn <ipfreak@yahoo.com> wrote:
From: gahn <ipfreak@yahoo.com> Subject: Re: radius newbie question To: "FreeRadius users mailing list" <freeradius-users@lists.freeradius.org> Date: Saturday, August 28, 2010, 11:56 AM thanks.
giraffe is the temp hostname (for now).. it is behind a dsl link at this moment and this public address is listed in ddns.
once i pointed my /etc/resolv.conf to that ddns provider,the "radtest" worked as it is designed.
But why?
--- On Sat, 8/28/10, Alan Buxey <A.L.M.Buxey@lboro.ac.uk> wrote:
From: Alan Buxey <A.L.M.Buxey@lboro.ac.uk> Subject: Re: radius newbie question To: "FreeRadius users mailing list" <freeradius-users@lists.freeradius.org> Date: Saturday, August 28, 2010, 11:46 AM Hi,
host# radtest testing password localhost 10 testing123 radclient:: Failed to find IP address for giraffe radclient: Nothing to send.
where does giraffe come from? whats in your /etc/resolv.conf?
alan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Hello gahn, that's ithe IP address of an Access Point you're using to connect to the network, or a switch, for example. Matteo Quoting gahn <ipfreak@yahoo.com>:
Ok.
now I started the server with "radiusd -X" and run "radtest testing password localhost 10 secret test123":
bn_1# radtest testing password localhost 10 secret test123 Sending Access-Request of id 158 to 127.0.0.1 port 1812 User-Name = "testing" User-Password = "password" NAS-IP-Address = 192.168.1.29 NAS-Port = 10 Framed-Protocol = PPP radclient: Failed to send packet for ID 158: (unknown error) Sending Access-Request of id 158 to 127.0.0.1 port 1812 User-Name = "testing" User-Password = "password" NAS-IP-Address = 192.168.1.29 NAS-Port = 10 Framed-Protocol = PPP radclient: Failed to send packet for ID 158: (unknown error) Sending Access-Request of id 158 to 127.0.0.1 port 1812 User-Name = "testing" User-Password = "password" NAS-IP-Address = 192.168.1.29 NAS-Port = 10 Framed-Protocol = PPP radclient: Failed to send packet for ID 158: (unknown error) radclient: no response from server for ID 158 socket 3
but the server debug didn't show anything:
Listening on authentication address * port 1812 Listening on accounting address * port 1813 Listening on command file /var/run/radiusd/radiusd.sock Listening on proxy address * port 1814 Ready to process requests.
where did that "NAS-IP-Address = 192.168.1.29" come from?
Thanks in advance
--- On Sat, 8/28/10, gahn <ipfreak@yahoo.com> wrote:
From: gahn <ipfreak@yahoo.com> Subject: Re: radius newbie question To: "FreeRadius users mailing list" <freeradius-users@lists.freeradius.org> Date: Saturday, August 28, 2010, 11:56 AM thanks.
giraffe is the temp hostname (for now).. it is behind a dsl link at this moment and this public address is listed in ddns.
once i pointed my /etc/resolv.conf to that ddns provider,the "radtest" worked as it is designed.
But why?
--- On Sat, 8/28/10, Alan Buxey <A.L.M.Buxey@lboro.ac.uk> wrote:
From: Alan Buxey <A.L.M.Buxey@lboro.ac.uk> Subject: Re: radius newbie question To: "FreeRadius users mailing list" <freeradius-users@lists.freeradius.org> Date: Saturday, August 28, 2010, 11:46 AM Hi,
host# radtest testing password localhost 10 testing123 radclient:: Failed to find IP address for giraffe radclient: Nothing to send.
where does giraffe come from? whats in your /etc/resolv.conf?
alan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
---------------------------------------------------------------- This message was sent using IMP, the Internet Messaging Program.
Thanks. Matteo: But I don't have this 192.168.1.29 in my network and I have not configured any NAS yet. it was just genetic tests based on "radtest"... --- On Mon, 8/30/10, matteo@crs4.it <matteo@crs4.it> wrote:
From: matteo@crs4.it <matteo@crs4.it> Subject: Re: radius newbie question To: freeradius-users@lists.freeradius.org Date: Monday, August 30, 2010, 10:33 AM Hello gahn, that's ithe IP address of an Access Point you're using to connect to the network, or a switch, for example. Matteo
Quoting gahn <ipfreak@yahoo.com>:
Ok.
now I started the server with "radiusd -X" and run "radtest testing password localhost 10 secret test123":
bn_1# radtest testing password localhost 10 secret test123 Sending Access-Request of id 158 to 127.0.0.1 port 1812 User-Name = "testing" User-Password = "password" NAS-IP-Address = 192.168.1.29 NAS-Port = 10 Framed-Protocol = PPP radclient: Failed to send packet for ID 158: (unknown error) Sending Access-Request of id 158 to 127.0.0.1 port 1812 User-Name = "testing" User-Password = "password" NAS-IP-Address = 192.168.1.29 NAS-Port = 10 Framed-Protocol = PPP radclient: Failed to send packet for ID 158: (unknown error) Sending Access-Request of id 158 to 127.0.0.1 port 1812 User-Name = "testing" User-Password = "password" NAS-IP-Address = 192.168.1.29 NAS-Port = 10 Framed-Protocol = PPP radclient: Failed to send packet for ID 158: (unknown error) radclient: no response from server for ID 158 socket 3
but the server debug didn't show anything:
Listening on authentication address * port 1812 Listening on accounting address * port 1813 Listening on command file /var/run/radiusd/radiusd.sock Listening on proxy address * port 1814 Ready to process requests.
where did that "NAS-IP-Address = 192.168.1.29" come from?
Thanks in advance
--- On Sat, 8/28/10, gahn <ipfreak@yahoo.com> wrote:
From: gahn <ipfreak@yahoo.com> Subject: Re: radius newbie question To: "FreeRadius users mailing list" <freeradius-users@lists.freeradius.org> Date: Saturday, August 28, 2010, 11:56 AM thanks.
giraffe is the temp hostname (for now).. it is behind a dsl link at this moment and this public address is listed in ddns.
once i pointed my /etc/resolv.conf to that ddns provider,the "radtest" worked as it is designed.
But why?
--- On Sat, 8/28/10, Alan Buxey <A.L.M.Buxey@lboro.ac.uk> wrote:
From: Alan Buxey <A.L.M.Buxey@lboro.ac.uk> Subject: Re: radius newbie question To: "FreeRadius users mailing list" <freeradius-users@lists.freeradius.org> Date: Saturday, August 28, 2010, 11:46 AM Hi,
host# radtest testing password localhost 10 testing123 radclient:: Failed to find IP address for giraffe radclient: Nothing to send.
where does giraffe come from? whats in your /etc/resolv.conf?
alan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
---------------------------------------------------------------- This message was sent using IMP, the Internet Messaging Program.
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Hello! I got to work my freeradius configuration for the following environment: *Freeradius client is a wifi access point, wifi-clients can connect via wpa2-enterprise / eap-peap *i'm still using test certificates *The data-Backend is a mysql-storage with a different table structure that default. The queries that I've changed work correctly. This has been tested *My tests are done with a linux wifi-client using wpa_supplicant and kde-frontends Now my goal is to tell the NAS to assign every wifi-packet to a certain VLAN. I don't need to have a dynamic assignment of VLAN based on usernames or something else. One VLAN would be sufficient. The solution I found was to insert the following lines into the radgroupreply table (splitted up into the correct columns...): Tunnel-Type = 13 Tunnel-Medium-Type = 6 Tunnel-Private-Group-Id = 10 After I've done this entry, I hoped that it would work, but it didn't. There is no dialogue that contains such information. Below I pasted such a dialogue. Can you please help me to find the problem and a working solution for it? I'm not sure if eap/peap and tunnelling is working in the correct way... Thank you! Marten rad_recv: Access-Request packet from host 172.20.160.40 port 32768, id=165, length=261 User-Name = "marpap" NAS-IP-Address = 172.20.160.40 NAS-Port = 0 Called-Station-Id = "00-18-84-A2-7D-C5:ABH-Radiustest" Calling-Station-Id = "00-60-B3-63-4E-03" Framed-MTU = 1400 NAS-Port-Type = Wireless-802.11 Connect-Info = "CONNECT 0Mbps 802.11" EAP-Message = 0x02a100601900170301002008e9b2a352735ed2407406268dd56051d9adc7798d3cda8b660c740ba3871bd6170301003042f11b790723eaeeed249cadbf49997f453b7806afe61b6a40af64c3995ecc43952584e4d7e221c4596e9479d56be47a State = 0x4135755949946c07b29c66b8d618b063 Message-Authenticator = 0x9ab8793841a539e9a2086d12d79b2b38 +- entering group authorize {...} ++[preprocess] returns ok ++[mschap] returns noop [eap] EAP packet type response id 161 length 96 [eap] Continuing tunnel setup. ++[eap] returns ok Found Auth-Type = EAP +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/peap [eap] processing type peap [peap] processing EAP-TLS [peap] eaptls_verify returned 7 [peap] Done initial handshake [peap] eaptls_process returned 7 [peap] EAPTLS_OK [peap] Session established. Decoding tunneled attributes. [peap] Received EAP-TLV response. [peap] Success [eap] Freeing handler ++[eap] returns ok +- entering group post-auth {...} [sql] expand: %{User-Name} -> marpap [sql] sql_set_user escaped user --> 'marpap' [sql] expand: %{User-Password} -> [sql] ... expanding second conditional [sql] expand: %{Chap-Password} -> [sql] expand: INSERT INTO radpostauth (username, pass, reply, authdate) VALUES ( '%{User-Name}', '%{%{User-Password}:-%{Chap-Password}}', '%{reply:Packet-Type}', '%S') -> INSERT INTO radpostauth (username, pass, reply, authdate) VALUES ( 'marpap', '', 'Access-Accept', '2010-08-30 17:54:46') [sql] expand: /var/log/freeradius/sqltrace.sql -> /var/log/freeradius/sqltrace.sql rlm_sql (sql) in sql_postauth: query is INSERT INTO radpostauth (username, pass, reply, authdate) VALUES ( 'marpap', '', 'Access-Accept', '2010-08-30 17:54:46') rlm_sql (sql): Reserving sql socket id: 4 rlm_sql_mysql: query: INSERT INTO radpostauth (username, pass, reply, authdate) VALUES ( 'marpap', '', 'Access-Accept', '2010-08-30 17:54:46') rlm_sql (sql): Released sql socket id: 4 ++[sql] returns ok ++[exec] returns noop Sending Access-Accept of id 165 to 172.20.160.40 port 32768 MS-MPPE-Recv-Key = 0x63de979ef48495f1fe3db129c78383084c9d5661e2e14b85c89a4596e96756eb MS-MPPE-Send-Key = 0x010d4434923d42929b0d7d1b595e991391bf7c0ec6a70ee391591593fac04815 EAP-Message = 0x03a10004 Message-Authenticator = 0x00000000000000000000000000000000 User-Name = "marpap" Finished request 9. Going to the next request Waking up in 4.8 seconds. gahn schrieb:
Thanks. Matteo:
But I don't have this 192.168.1.29 in my network and I have not configured any NAS yet. it was just genetic tests based on "radtest"...
--- On Mon, 8/30/10, matteo@crs4.it <matteo@crs4.it> wrote:
From: matteo@crs4.it <matteo@crs4.it> Subject: Re: radius newbie question To: freeradius-users@lists.freeradius.org Date: Monday, August 30, 2010, 10:33 AM Hello gahn, that's ithe IP address of an Access Point you're using to connect to the network, or a switch, for example. Matteo
Quoting gahn <ipfreak@yahoo.com>:
Ok.
now I started the server with "radiusd -X" and run
"radtest testing
password localhost 10 secret test123":
bn_1# radtest testing password localhost 10 secret
test123
Sending Access-Request of id 158 to 127.0.0.1 port
1812
User-Name =
"testing"
User-Password =
"password"
NAS-IP-Address =
192.168.1.29
NAS-Port = 10 Framed-Protocol
= PPP
radclient: Failed to send packet for ID 158: (unknown
error)
Sending Access-Request of id 158 to 127.0.0.1 port
1812
User-Name =
"testing"
User-Password =
"password"
NAS-IP-Address =
192.168.1.29
NAS-Port = 10 Framed-Protocol
= PPP
radclient: Failed to send packet for ID 158: (unknown
error)
Sending Access-Request of id 158 to 127.0.0.1 port
1812
User-Name =
"testing"
User-Password =
"password"
NAS-IP-Address =
192.168.1.29
NAS-Port = 10 Framed-Protocol
= PPP
radclient: Failed to send packet for ID 158: (unknown
error)
radclient: no response from server for ID 158 socket
3
but the server debug didn't show anything:
Listening on authentication address * port 1812 Listening on accounting address * port 1813 Listening on command file
/var/run/radiusd/radiusd.sock
Listening on proxy address * port 1814 Ready to process requests.
where did that "NAS-IP-Address = 192.168.1.29" come
from?
Thanks in advance
--- On Sat, 8/28/10, gahn <ipfreak@yahoo.com>
wrote:
From: gahn <ipfreak@yahoo.com> Subject: Re: radius newbie question To: "FreeRadius users mailing list" <freeradius-users@lists.freeradius.org> Date: Saturday, August 28, 2010, 11:56 AM thanks.
giraffe is the temp hostname (for now).. it is
behind a dsl
link at this moment and this public address is
listed in
ddns.
once i pointed my /etc/resolv.conf to that ddns provider,the "radtest" worked as it is designed.
But why?
--- On Sat, 8/28/10, Alan Buxey <A.L.M.Buxey@lboro.ac.uk> wrote:
From: Alan Buxey <A.L.M.Buxey@lboro.ac.uk> Subject: Re: radius newbie question To: "FreeRadius users mailing
list"
<freeradius-users@lists.freeradius.org>
Date: Saturday, August 28, 2010, 11:46 AM Hi,
host# radtest testing password localhost
10
testing123
radclient:: Failed to find IP address
for
giraffe
radclient: Nothing to send.
where does giraffe come from? whats in
your
/etc/resolv.conf?
alan - List info/subscribe/unsubscribe?
See
http://www.freeradius.org/list/users.html
- List info/subscribe/unsubscribe?
See
- List info/subscribe/unsubscribe?
See
---------------------------------------------------------------- This message was sent using IMP, the Internet Messaging Program.
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Marten Pape wrote:
Now my goal is to tell the NAS to assign every wifi-packet to a certain VLAN. I don't need to have a dynamic assignment of VLAN based on usernames or something else. One VLAN would be sufficient.
You can assign the vlan in the "post-auth" section.
The solution I found was to insert the following lines into the radgroupreply table (splitted up into the correct columns...): Tunnel-Type = 13 Tunnel-Medium-Type = 6 Tunnel-Private-Group-Id = 10
After I've done this entry, I hoped that it would work, but it didn't.
From the debug log you posted, it's clear that you didn't enable the "sql" module in the "authorize" section. Alan DeKok.
Alan DeKok schrieb:
Marten Pape wrote:
Now my goal is to tell the NAS to assign every wifi-packet to a certain VLAN. I don't need to have a dynamic assignment of VLAN based on usernames or something else. One VLAN would be sufficient.
You can assign the vlan in the "post-auth" section.
Now, I did it in the sites-available/default files / post-auth section: update reply { Tunnel-Type := 13 Tunnel-Medium-Type = 6 Tunnel-Private-Group-ID = 123 } But it seems, that the access point does not assign the traffic to a certain VLAN and, as far as I know, this access point is able to do that. Do you see anything else, going wrong? The debug log of a new connection try is attached below.
The solution I found was to insert the following lines into the radgroupreply table (splitted up into the correct columns...): Tunnel-Type = 13 Tunnel-Medium-Type = 6 Tunnel-Private-Group-Id = 10
After I've done this entry, I hoped that it would work, but it didn't.
From the debug log you posted, it's clear that you didn't enable the "sql" module in the "authorize" section.
mhmm it is enabled (=listed) in sites-available/default and sites-available/inner-tunnel. Do you want to see these files? Thanks Marten Pape
Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
==================================================================================== rad_recv: Access-Request packet from host 172.20.160.171 port 1812, id=2, length=135 User-Name = "marpap" Framed-MTU = 1400 NAS-Port-Type = Wireless-802.11 NAS-Port = 0 NAS-Identifier = "default\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000" Calling-Station-Id = "00-60-b3-63-4e-03" EAP-Message = 0x0201000b016d6172706170 NAS-IP-Address = 172.20.160.171 Message-Authenticator = 0x4c68db4ae1e988fdc7b61ccd1375f3b7 +- entering group authorize {...} ++[preprocess] returns ok ++[mschap] returns noop [eap] EAP packet type response id 1 length 11 [eap] No EAP Start, assuming it's an on-going EAP conversation ++[eap] returns updated [sql] expand: %{User-Name} -> marpap [sql] sql_set_user escaped user --> 'marpap' rlm_sql (sql): Reserving sql socket id: 4 [sql] expand: SELECT logins.id, logins.username, radcheck.attribute, logins.pass_lm, radcheck.op FROM radcheck, logins WHERE logins.username = '%{SQL-User-Name}' AND radcheck.id='1' AND (SELECT internet_accounts.aktiv FROM internet_accounts, logins WHERE logins.username='%{SQL-User-Name}' AND logins.account_id = internet_accounts.account_id) = 'yes' ORDER BY id -> SELECT logins.id, logins.username, radcheck.attribute, logins.pass_lm, radcheck.op FROM radcheck, logins WHERE logins.username = 'marpap' AND radcheck.id='1' AND (SELECT internet_accounts.aktiv FROM internet_accounts, logins WHERE logins.username='marpap' AND logins.account_id = internet_accounts.account_id) = 'yes' ORDER BY id rlm_sql_mysql: query: SELECT logins.id, logins.username, radcheck.attribute, logins.pass_lm, radcheck.op FROM radcheck, logins WHERE logins.username = 'marpap' AND radcheck.id='1' AND (SELECT internet_accounts.aktiv FROM internet_accounts, logins WHERE logins.username='marpap' AND logins.account_id = internet_accounts.account_id) = 'yes' ORDER BY id [sql] User found in radcheck table [sql] expand: SELECT logins.id, logins.username, radreply.attribute, logins.pass_lm, radreply.op FROM radreply, logins WHERE logins.username = '%{SQL-User-Name}' AND radreply.id='1' AND (SELECT internet_accounts.aktiv FROM internet_accounts, logins WHERE logins.username='%{SQL-User-Name}' AND logins.account_id = internet_accounts.account_id) = 'yes' ORDER BY id -> SELECT logins.id, logins.username, radreply.attribute, logins.pass_lm, radreply.op FROM radreply, logins WHERE logins.username = 'marpap' AND radreply.id='1' AND (SELECT internet_accounts.aktiv FROM internet_accounts, logins WHERE logins.username='marpap' AND logins.account_id = internet_accounts.account_id) = 'yes' ORDER BY id rlm_sql_mysql: query: SELECT logins.id, logins.username, radreply.attribute, logins.pass_lm, radreply.op FROM radreply, logins WHERE logins.username = 'marpap' AND radreply.id='1' AND (SELECT internet_accounts.aktiv FROM internet_accounts, logins WHERE logins.username='marpap' AND logins.account_id = internet_accounts.account_id) = 'yes' ORDER BY id [sql] expand: SELECT groupname FROM radusergroup WHERE username = '%{SQL-User-Name}' ORDER BY priority -> SELECT groupname FROM radusergroup WHERE username = 'marpap' ORDER BY priority rlm_sql_mysql: query: SELECT groupname FROM radusergroup WHERE username = 'marpap' ORDER BY priority rlm_sql (sql): Released sql socket id: 4 ++[sql] returns ok Found Auth-Type = EAP +- entering group authenticate {...} [eap] EAP Identity [eap] processing type md5 rlm_eap_md5: Issuing Challenge ++[eap] returns handled Sending Access-Challenge of id 2 to 172.20.160.171 port 1812 EAP-Message = 0x010200160410cc89b3225a82d01a8654a32775f9e4f6 Message-Authenticator = 0x00000000000000000000000000000000 State = 0xe259fe12e25bfa2c7c464fa29a32360e Finished request 0. Going to the next request Waking up in 4.9 seconds. rad_recv: Access-Request packet from host 172.20.160.171 port 1812, id=3, length=148 User-Name = "marpap" Framed-MTU = 1400 NAS-Port-Type = Wireless-802.11 NAS-Port = 0 NAS-Identifier = "default\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000" Calling-Station-Id = "00-60-b3-63-4e-03" EAP-Message = 0x020200060319 State = 0xe259fe12e25bfa2c7c464fa29a32360e NAS-IP-Address = 172.20.160.171 Message-Authenticator = 0xfb2d0002328c7451026bb0e9277431bf +- entering group authorize {...} ++[preprocess] returns ok ++[mschap] returns noop [eap] EAP packet type response id 2 length 6 [eap] No EAP Start, assuming it's an on-going EAP conversation ++[eap] returns updated [sql] expand: %{User-Name} -> marpap [sql] sql_set_user escaped user --> 'marpap' rlm_sql (sql): Reserving sql socket id: 3 [sql] expand: SELECT logins.id, logins.username, radcheck.attribute, logins.pass_lm, radcheck.op FROM radcheck, logins WHERE logins.username = '%{SQL-User-Name}' AND radcheck.id='1' AND (SELECT internet_accounts.aktiv FROM internet_accounts, logins WHERE logins.username='%{SQL-User-Name}' AND logins.account_id = internet_accounts.account_id) = 'yes' ORDER BY id -> SELECT logins.id, logins.username, radcheck.attribute, logins.pass_lm, radcheck.op FROM radcheck, logins WHERE logins.username = 'marpap' AND radcheck.id='1' AND (SELECT internet_accounts.aktiv FROM internet_accounts, logins WHERE logins.username='marpap' AND logins.account_id = internet_accounts.account_id) = 'yes' ORDER BY id rlm_sql_mysql: query: SELECT logins.id, logins.username, radcheck.attribute, logins.pass_lm, radcheck.op FROM radcheck, logins WHERE logins.username = 'marpap' AND radcheck.id='1' AND (SELECT internet_accounts.aktiv FROM internet_accounts, logins WHERE logins.username='marpap' AND logins.account_id = internet_accounts.account_id) = 'yes' ORDER BY id [sql] User found in radcheck table [sql] expand: SELECT logins.id, logins.username, radreply.attribute, logins.pass_lm, radreply.op FROM radreply, logins WHERE logins.username = '%{SQL-User-Name}' AND radreply.id='1' AND (SELECT internet_accounts.aktiv FROM internet_accounts, logins WHERE logins.username='%{SQL-User-Name}' AND logins.account_id = internet_accounts.account_id) = 'yes' ORDER BY id -> SELECT logins.id, logins.username, radreply.attribute, logins.pass_lm, radreply.op FROM radreply, logins WHERE logins.username = 'marpap' AND radreply.id='1' AND (SELECT internet_accounts.aktiv FROM internet_accounts, logins WHERE logins.username='marpap' AND logins.account_id = internet_accounts.account_id) = 'yes' ORDER BY id rlm_sql_mysql: query: SELECT logins.id, logins.username, radreply.attribute, logins.pass_lm, radreply.op FROM radreply, logins WHERE logins.username = 'marpap' AND radreply.id='1' AND (SELECT internet_accounts.aktiv FROM internet_accounts, logins WHERE logins.username='marpap' AND logins.account_id = internet_accounts.account_id) = 'yes' ORDER BY id [sql] expand: SELECT groupname FROM radusergroup WHERE username = '%{SQL-User-Name}' ORDER BY priority -> SELECT groupname FROM radusergroup WHERE username = 'marpap' ORDER BY priority rlm_sql_mysql: query: SELECT groupname FROM radusergroup WHERE username = 'marpap' ORDER BY priority rlm_sql (sql): Released sql socket id: 3 ++[sql] returns ok Found Auth-Type = EAP +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP NAK [eap] EAP-NAK asked for EAP-Type/peap [eap] processing type tls [tls] Initiate [tls] Start returned 1 ++[eap] returns handled Sending Access-Challenge of id 3 to 172.20.160.171 port 1812 EAP-Message = 0x010300061920 Message-Authenticator = 0x00000000000000000000000000000000 State = 0xe259fe12e35ae72c7c464fa29a32360e Finished request 1. Going to the next request Waking up in 4.7 seconds. rad_recv: Access-Request packet from host 172.20.160.171 port 1812, id=4, length=407 User-Name = "marpap" Framed-MTU = 1400 NAS-Port-Type = Wireless-802.11 NAS-Port = 0 NAS-Identifier = "default\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000" Calling-Station-Id = "00-60-b3-63-4e-03" EAP-Message = 0x020301071980000000fd16030100f8010000f403014c7d20f3fa216ccffbe4c3766774a615b3df331dd1b6c5a8e71d6418f000af1300002600390038003500160013000a00330032002f000500040015001200090014001100080006000302010000a4002300a06f3f44d1030e19f01a26014ebb90bb4d30ebedf651941a44c981c2725fa7f74d497304a67e3fcc2a3238341f64c879a94462bb6ec961c0d0c30f1e7aab938ab83be023485226f47cab774aab19cdec8869894da7545c478fffe6a2bf0323a2cf6e0b6e281c20cd9cc341d2da3ba4dfc637cbd82e61a0c31c166878c05b5ea6c22786596da21587619cff7e60f02c26cc6428b89a6557 EAP-Message = 0xb602f6a821cd661755c5 State = 0xe259fe12e35ae72c7c464fa29a32360e NAS-IP-Address = 172.20.160.171 Message-Authenticator = 0xb64933ff5487a81eb73845fe3b883de1 +- entering group authorize {...} ++[preprocess] returns ok ++[mschap] returns noop [eap] EAP packet type response id 3 length 253 [eap] Continuing tunnel setup. ++[eap] returns ok Found Auth-Type = EAP +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/peap [eap] processing type peap [peap] processing EAP-TLS TLS Length 253 [peap] Length Included [peap] eaptls_verify returned 11 [peap] (other): before/accept initialization [peap] TLS_accept: before/accept initialization [peap] <<< TLS 1.0 Handshake [length 00f8], ClientHello [peap] TLS_accept: SSLv3 read client hello A [peap] >>> TLS 1.0 Handshake [length 0030], ServerHello [peap] TLS_accept: SSLv3 write server hello A [peap] >>> TLS 1.0 Handshake [length 066b], Certificate [peap] TLS_accept: SSLv3 write certificate A [peap] >>> TLS 1.0 Handshake [length 010d], ServerKeyExchange [peap] TLS_accept: SSLv3 write key exchange A [peap] >>> TLS 1.0 Handshake [length 0004], ServerHelloDone [peap] TLS_accept: SSLv3 write server done A [peap] TLS_accept: SSLv3 flush data [peap] TLS_accept: Need to read more data: SSLv3 read client certificate A In SSL Handshake Phase In SSL Accept mode [peap] eaptls_process returned 13 [peap] EAPTLS_HANDLED ++[eap] returns handled Sending Access-Challenge of id 4 to 172.20.160.171 port 1812 EAP-Message = 0x0104040019c0000007c016030100300200002c03014c7d26c25b5679783a15c69df1d7e20cf3e8a8d601a8b4a8b0d90d816944de6900003901000400230000160301066b0b0006670006640002cb308202c730820230a003020102020101300d06092a864886f70d0101050500308192310b3009060355040613024445310b300906035504081302425731143012060355040a130b41424820756e642052534831183016060355040b130f496e7465726e65747475746f72656e311830160603550403130f496e7465726e65747475746f72656e312c302a06092a864886f70d010901161d696e7465726e6574406162682e756e692d6b61726c737275 EAP-Message = 0x68652e6465301e170d3130303432393132353032305a170d3131303432393132353032305a3081a6310b3009060355040613024445310b300906035504081302425731123010060355040713094b61726c737275686531143012060355040a130b41424820756e642052534831183016060355040b130f496e7465726e65747475746f72656e311830160603550403130f496e7465726e65747475746f72656e312c302a06092a864886f70d010901161d696e7465726e6574406162682e756e692d6b61726c73727568652e646530819f300d06092a864886f70d010101050003818d0030818902818100e37557356ce2962b24717823a65441ba1bcf EAP-Message = 0x86283adbe99e40434effc0828ffdd4310d26c5d6a6b394c9e6de115e8a1dfe28c044dc5a8c42de5116cc21fd09b9d755bde7e08b9915ab79bf5fe6aed64e54e7fb4493bd5744310d0deea244a55f235f3d8cf20f759c59de8248cc8a60f246ee46197100d9859e20e21baa2230250203010001a317301530130603551d25040c300a06082b06010505070301300d06092a864886f70d0101050500038181004eeb94bcddd320b658bc280887659ff063462714947a0b8c5755bc3868c8407395974494f6b519671a1987a73c3595c6fe5466b0a99d40548fd6036cedcb4a5aa0cd364b3e7d16cf4955381ada37724840a29709975f823293e29bda0fd0 EAP-Message = 0x21972fe49cd753d971dcde764b8a60ec5e424ed95c54aaacbc89a92daee26094c01b0003933082038f308202f8a003020102020100300d06092a864886f70d0101050500308192310b3009060355040613024445310b300906035504081302425731143012060355040a130b41424820756e642052534831183016060355040b130f496e7465726e65747475746f72656e311830160603550403130f496e7465726e65747475746f72656e312c302a06092a864886f70d010901161d696e7465726e6574406162682e756e692d6b61726c73727568652e6465301e170d3130303432393132333933315a170d3133303432383132333933315a30819231 EAP-Message = 0x0b3009060355040613024445 Message-Authenticator = 0x00000000000000000000000000000000 State = 0xe259fe12e05de72c7c464fa29a32360e Finished request 2. Going to the next request Waking up in 3.7 seconds. rad_recv: Access-Request packet from host 172.20.160.171 port 1812, id=5, length=148 User-Name = "marpap" Framed-MTU = 1400 NAS-Port-Type = Wireless-802.11 NAS-Port = 0 NAS-Identifier = "default\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000" Calling-Station-Id = "00-60-b3-63-4e-03" EAP-Message = 0x020400061900 State = 0xe259fe12e05de72c7c464fa29a32360e NAS-IP-Address = 172.20.160.171 Message-Authenticator = 0xbe1d186150159736a954c6531efa002c +- entering group authorize {...} ++[preprocess] returns ok ++[mschap] returns noop [eap] EAP packet type response id 4 length 6 [eap] Continuing tunnel setup. ++[eap] returns ok Found Auth-Type = EAP +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/peap [eap] processing type peap [peap] processing EAP-TLS [peap] Received TLS ACK [peap] ACK handshake fragment handler [peap] eaptls_verify returned 1 [peap] eaptls_process returned 13 [peap] EAPTLS_HANDLED ++[eap] returns handled Sending Access-Challenge of id 5 to 172.20.160.171 port 1812 EAP-Message = 0x010503d01900310b300906035504081302425731143012060355040a130b41424820756e642052534831183016060355040b130f496e7465726e65747475746f72656e311830160603550403130f496e7465726e65747475746f72656e312c302a06092a864886f70d010901161d696e7465726e6574406162682e756e692d6b61726c73727568652e646530819f300d06092a864886f70d010101050003818d0030818902818100c111b48452ef2ce1ed2f09ae837d35631ae023ed67b8c0f4e954280344bed7b623a40a1e8f44dd778d8f9e4b4c7d1fc52b9c0c0bece2446a7a742b7974df4fde3c2277f9e1c3afb0b633f2e6d146a85ca1d6b0a6ff EAP-Message = 0x7e198320efe37208296b8b974b42024adeb4b4a8fec17666ef702f5a0406bb9d506e79613d2e02ce4171590203010001a381f23081ef301d0603551d0e04160414e6292f8ee610197b0e952c3ceaee6de6898029253081bf0603551d230481b73081b48014e6292f8ee610197b0e952c3ceaee6de689802925a18198a48195308192310b3009060355040613024445310b300906035504081302425731143012060355040a130b41424820756e642052534831183016060355040b130f496e7465726e65747475746f72656e311830160603550403130f496e7465726e65747475746f72656e312c302a06092a864886f70d010901161d696e7465726e EAP-Message = 0x6574406162682e756e692d6b61726c73727568652e6465820100300c0603551d13040530030101ff300d06092a864886f70d010105050003818100a4f951a1a0cf7d1d9ea06b944351512c3f498fedca5da170a3ca057c2e03d143d37ad8bafe2f647afc67f99191c0b14e891323c7f2a2dc2babcfec7959a9ab88b5f66235d586b6eb13541338e2db423c3b3ace184be71bb8e1538f37880d2ce2501fe1f3c3fb22b1eeb6af7fb180e91d037109f6df113f8001fbc00bdf752289160301010d0c00010900409a1fe380d6584eedb413c8212ecff8cb0671793d5baf315842054b754ed5aeb883ea1bee3bc8843ddaf1aa6d8a604ce0f478ba662c0584 EAP-Message = 0x7de987277998c963ab0001020040379238420cf45d32ee9ed5dfdf3107fd726373dfcd34e425f7d9f0107f6cf6c67490032b2e37954bea5f4c58fa0a373cd5692b71194546b24c1bb92444fbf2df0080be55fa60e63eceb40fd8c34486d5f76fc8ffeefb483139c55657ffd755ea15dd306f67946f33fcb990dbbd5dfdc7a6ef9ed7307d175c00747278ebd8989ae3b7363866caea9b0ca6bd8e93eda3c64fe19d215db5c69a49414730f72ce0d557b5f259d48cd19ea73b1ce25a77e23452ea36671c4fbd7777a3353f40371e2b6c0916030100040e000000 Message-Authenticator = 0x00000000000000000000000000000000 State = 0xe259fe12e15ce72c7c464fa29a32360e Finished request 3. Going to the next request Waking up in 2.7 seconds. rad_recv: Access-Request packet from host 172.20.160.171 port 1812, id=6, length=286 User-Name = "marpap" Framed-MTU = 1400 NAS-Port-Type = Wireless-802.11 NAS-Port = 0 NAS-Identifier = "default\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000" Calling-Station-Id = "00-60-b3-63-4e-03" EAP-Message = 0x02050090198000000086160301004610000042004086ff635b6acd5edf3bbdeb989141e8aacf8f374c373dd882d88ed24328f184363c5f0d3034135aeed659c48e3eddeeba361ee37ff418c94051213436a2ce322514030100010116030100308d883a4e915796bfadced45c11620bf8ab5943d0d3b23f67029d2696b6cfba3c4bb39b004274d45af9383e7b65a64a8c State = 0xe259fe12e15ce72c7c464fa29a32360e NAS-IP-Address = 172.20.160.171 Message-Authenticator = 0x9bc8be05544e6e946523cc2a2cd6f950 +- entering group authorize {...} ++[preprocess] returns ok ++[mschap] returns noop [eap] EAP packet type response id 5 length 144 [eap] Continuing tunnel setup. ++[eap] returns ok Found Auth-Type = EAP +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/peap [eap] processing type peap [peap] processing EAP-TLS TLS Length 134 [peap] Length Included [peap] eaptls_verify returned 11 [peap] <<< TLS 1.0 Handshake [length 0046], ClientKeyExchange [peap] TLS_accept: SSLv3 read client key exchange A [peap] <<< TLS 1.0 ChangeCipherSpec [length 0001] [peap] <<< TLS 1.0 Handshake [length 0010], Finished [peap] TLS_accept: SSLv3 read finished A [peap] >>> TLS 1.0 Handshake [length 00aa]??? [peap] TLS_accept: unknown state [peap] >>> TLS 1.0 ChangeCipherSpec [length 0001] [peap] TLS_accept: SSLv3 write change cipher spec A [peap] >>> TLS 1.0 Handshake [length 0010], Finished [peap] TLS_accept: SSLv3 write finished A [peap] TLS_accept: SSLv3 flush data [peap] (other): SSL negotiation finished successfully SSL Connection Established [peap] eaptls_process returned 13 [peap] EAPTLS_HANDLED ++[eap] returns handled Sending Access-Challenge of id 6 to 172.20.160.171 port 1812 EAP-Message = 0x010600f0190016030100aa040000a60000000000a0cf73dfba597c06dd86bb94a2b382e913bc6b8bc5e660d5f86ff3707aeab944ddf1d4bebeffd1afd0154af8fd2e551d8168209a799662bfe471cdf2a2707205cc8236d1ec06f44d75910ada87a68160569275f406c0b0d12eeb51594d1c9efe026d2c5d1a971e2a56f9dcfce385e335b1e0ad7c8bc23e720aa0ce542f3002d8d6948a0042dde52904ee0b104121d0d5190973d56a37372c6a86ba216031e81b091403010001011603010030d3783002e4f5fbaf016aa04bce082458dfcfe4cf932b4d264bab5e3f83d62cac67cf557a75c9590667105a2451962373 Message-Authenticator = 0x00000000000000000000000000000000 State = 0xe259fe12e65fe72c7c464fa29a32360e Finished request 4. Going to the next request Waking up in 1.7 seconds. rad_recv: Access-Request packet from host 172.20.160.171 port 1812, id=7, length=148 User-Name = "marpap" Framed-MTU = 1400 NAS-Port-Type = Wireless-802.11 NAS-Port = 0 NAS-Identifier = "default\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000" Calling-Station-Id = "00-60-b3-63-4e-03" EAP-Message = 0x020600061900 State = 0xe259fe12e65fe72c7c464fa29a32360e NAS-IP-Address = 172.20.160.171 Message-Authenticator = 0xbd22b652240bed2cae865dd7d624f7df +- entering group authorize {...} ++[preprocess] returns ok ++[mschap] returns noop [eap] EAP packet type response id 6 length 6 [eap] Continuing tunnel setup. ++[eap] returns ok Found Auth-Type = EAP +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/peap [eap] processing type peap [peap] processing EAP-TLS [peap] Received TLS ACK [peap] ACK handshake is finished [peap] eaptls_verify returned 3 [peap] eaptls_process returned 3 [peap] EAPTLS_SUCCESS ++[eap] returns handled Sending Access-Challenge of id 7 to 172.20.160.171 port 1812 EAP-Message = 0x0107002b190017030100203cdcb53ac51156f2c11810063c218c6481a6451c580fe83d6b014b56207e88d9 Message-Authenticator = 0x00000000000000000000000000000000 State = 0xe259fe12e75ee72c7c464fa29a32360e Finished request 5. Going to the next request Waking up in 0.7 seconds. Cleaning up request 0 ID 2 with timestamp +6 Waking up in 0.2 seconds. Cleaning up request 1 ID 3 with timestamp +6 Waking up in 1.0 seconds. rad_recv: Access-Request packet from host 172.20.160.171 port 1812, id=8, length=238 User-Name = "marpap" Framed-MTU = 1400 NAS-Port-Type = Wireless-802.11 NAS-Port = 0 NAS-Identifier = "default\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000" Calling-Station-Id = "00-60-b3-63-4e-03" EAP-Message = 0x02070060190017030100202b298c4cb2829f58d430afcd835386a5f1d8d5406a4ecfe378729bd47041c4ba170301003060ae2c4208d05100e3d595095b3e3f9908f1954b2f1a310c889c623d751d0037feff76628ac672c3f8f7d82e29c2bfd8 State = 0xe259fe12e75ee72c7c464fa29a32360e NAS-IP-Address = 172.20.160.171 Message-Authenticator = 0xaf8eafe2466000e8be56847385ea807e +- entering group authorize {...} ++[preprocess] returns ok ++[mschap] returns noop [eap] EAP packet type response id 7 length 96 [eap] Continuing tunnel setup. ++[eap] returns ok Found Auth-Type = EAP +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/peap [eap] processing type peap [peap] processing EAP-TLS [peap] eaptls_verify returned 7 [peap] Done initial handshake [peap] eaptls_process returned 7 [peap] EAPTLS_OK [peap] Session established. Decoding tunneled attributes. [peap] Identity - marpap [peap] Got tunneled request EAP-Message = 0x0207000b016d6172706170 server { PEAP: Got tunneled identity of marpap PEAP: Setting default EAP type for tunneled EAP session. PEAP: Setting User-Name to marpap Sending tunneled request EAP-Message = 0x0207000b016d6172706170 FreeRADIUS-Proxied-To = 127.0.0.1 User-Name = "marpap" server inner-tunnel { +- entering group authorize {...} ++[control] returns notfound [eap] EAP packet type response id 7 length 11 [eap] No EAP Start, assuming it's an on-going EAP conversation ++[eap] returns updated [sql] expand: %{User-Name} -> marpap [sql] sql_set_user escaped user --> 'marpap' rlm_sql (sql): Reserving sql socket id: 2 [sql] expand: SELECT logins.id, logins.username, radcheck.attribute, logins.pass_lm, radcheck.op FROM radcheck, logins WHERE logins.username = '%{SQL-User-Name}' AND radcheck.id='1' AND (SELECT internet_accounts.aktiv FROM internet_accounts, logins WHERE logins.username='%{SQL-User-Name}' AND logins.account_id = internet_accounts.account_id) = 'yes' ORDER BY id -> SELECT logins.id, logins.username, radcheck.attribute, logins.pass_lm, radcheck.op FROM radcheck, logins WHERE logins.username = 'marpap' AND radcheck.id='1' AND (SELECT internet_accounts.aktiv FROM internet_accounts, logins WHERE logins.username='marpap' AND logins.account_id = internet_accounts.account_id) = 'yes' ORDER BY id rlm_sql_mysql: query: SELECT logins.id, logins.username, radcheck.attribute, logins.pass_lm, radcheck.op FROM radcheck, logins WHERE logins.username = 'marpap' AND radcheck.id='1' AND (SELECT internet_accounts.aktiv FROM internet_accounts, logins WHERE logins.username='marpap' AND logins.account_id = internet_accounts.account_id) = 'yes' ORDER BY id [sql] User found in radcheck table [sql] expand: SELECT logins.id, logins.username, radreply.attribute, logins.pass_lm, radreply.op FROM radreply, logins WHERE logins.username = '%{SQL-User-Name}' AND radreply.id='1' AND (SELECT internet_accounts.aktiv FROM internet_accounts, logins WHERE logins.username='%{SQL-User-Name}' AND logins.account_id = internet_accounts.account_id) = 'yes' ORDER BY id -> SELECT logins.id, logins.username, radreply.attribute, logins.pass_lm, radreply.op FROM radreply, logins WHERE logins.username = 'marpap' AND radreply.id='1' AND (SELECT internet_accounts.aktiv FROM internet_accounts, logins WHERE logins.username='marpap' AND logins.account_id = internet_accounts.account_id) = 'yes' ORDER BY id rlm_sql_mysql: query: SELECT logins.id, logins.username, radreply.attribute, logins.pass_lm, radreply.op FROM radreply, logins WHERE logins.username = 'marpap' AND radreply.id='1' AND (SELECT internet_accounts.aktiv FROM internet_accounts, logins WHERE logins.username='marpap' AND logins.account_id = internet_accounts.account_id) = 'yes' ORDER BY id [sql] expand: SELECT groupname FROM radusergroup WHERE username = '%{SQL-User-Name}' ORDER BY priority -> SELECT groupname FROM radusergroup WHERE username = 'marpap' ORDER BY priority rlm_sql_mysql: query: SELECT groupname FROM radusergroup WHERE username = 'marpap' ORDER BY priority rlm_sql (sql): Released sql socket id: 2 ++[sql] returns ok Found Auth-Type = EAP +- entering group authenticate {...} [eap] EAP Identity [eap] processing type mschapv2 rlm_eap_mschapv2: Issuing Challenge ++[eap] returns handled } # server inner-tunnel [peap] Got tunneled reply code 11 EAP-Message = 0x010800201a0108001b10c6b081df2c654a8a679008b2e2710fd06d6172706170 Message-Authenticator = 0x00000000000000000000000000000000 State = 0xf0d328dff0db32c653a8b81dca2d1d07 [peap] Got tunneled reply RADIUS code 11 EAP-Message = 0x010800201a0108001b10c6b081df2c654a8a679008b2e2710fd06d6172706170 Message-Authenticator = 0x00000000000000000000000000000000 State = 0xf0d328dff0db32c653a8b81dca2d1d07 [peap] Got tunneled Access-Challenge ++[eap] returns handled Sending Access-Challenge of id 8 to 172.20.160.171 port 1812 EAP-Message = 0x0108004b19001703010040cc4756e012ff1f167cd3af426d562ac651c31423c3f17f33e094c76b3dcd8cd2cb7880071a9c86e39ce1e98e547c5e2895a12afab3f12e4063a79ef085f183eb Message-Authenticator = 0x00000000000000000000000000000000 State = 0xe259fe12e451e72c7c464fa29a32360e Finished request 6. Going to the next request Waking up in 0.9 seconds. Cleaning up request 2 ID 4 with timestamp +7 rad_recv: Access-Request packet from host 172.20.160.171 port 1812, id=9, length=286 User-Name = "marpap" Framed-MTU = 1400 NAS-Port-Type = Wireless-802.11 NAS-Port = 0 NAS-Identifier = "default\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000" Calling-Station-Id = "00-60-b3-63-4e-03" EAP-Message = 0x0208009019001703010020db117f6a4213a280b8c8b81dc380515a3c51cad1936497f49e4c135a8d32a68c1703010060d899c5bec375f74915ec3830ac88e1af2fe071a96f8e36cb48d28b2aceee47360bc8b810f5f9521fbbf65ca4ca01873d8ebb2d1dcbc0a982056579268993fe86b4a39705c7c625fc95bd9787eca3336611165d19354e8a1c6140634daa94d75e State = 0xe259fe12e451e72c7c464fa29a32360e NAS-IP-Address = 172.20.160.171 Message-Authenticator = 0x394906002929a9ade62c13af2f0fb812 +- entering group authorize {...} ++[preprocess] returns ok ++[mschap] returns noop [eap] EAP packet type response id 8 length 144 [eap] Continuing tunnel setup. ++[eap] returns ok Found Auth-Type = EAP +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/peap [eap] processing type peap [peap] processing EAP-TLS [peap] eaptls_verify returned 7 [peap] Done initial handshake [peap] eaptls_process returned 7 [peap] EAPTLS_OK [peap] Session established. Decoding tunneled attributes. [peap] EAP type mschapv2 [peap] Got tunneled request EAP-Message = 0x020800411a0208003c319638518d9abfbbd6fd487bfc22202f550000000000000000258a4493454de759c37caa281d4f4fff8ef0e602b2507b97006d6172706170 server { PEAP: Setting User-Name to marpap Sending tunneled request EAP-Message = 0x020800411a0208003c319638518d9abfbbd6fd487bfc22202f550000000000000000258a4493454de759c37caa281d4f4fff8ef0e602b2507b97006d6172706170 FreeRADIUS-Proxied-To = 127.0.0.1 User-Name = "marpap" State = 0xf0d328dff0db32c653a8b81dca2d1d07 server inner-tunnel { +- entering group authorize {...} ++[control] returns notfound [eap] EAP packet type response id 8 length 65 [eap] No EAP Start, assuming it's an on-going EAP conversation ++[eap] returns updated [sql] expand: %{User-Name} -> marpap [sql] sql_set_user escaped user --> 'marpap' rlm_sql (sql): Reserving sql socket id: 1 [sql] expand: SELECT logins.id, logins.username, radcheck.attribute, logins.pass_lm, radcheck.op FROM radcheck, logins WHERE logins.username = '%{SQL-User-Name}' AND radcheck.id='1' AND (SELECT internet_accounts.aktiv FROM internet_accounts, logins WHERE logins.username='%{SQL-User-Name}' AND logins.account_id = internet_accounts.account_id) = 'yes' ORDER BY id -> SELECT logins.id, logins.username, radcheck.attribute, logins.pass_lm, radcheck.op FROM radcheck, logins WHERE logins.username = 'marpap' AND radcheck.id='1' AND (SELECT internet_accounts.aktiv FROM internet_accounts, logins WHERE logins.username='marpap' AND logins.account_id = internet_accounts.account_id) = 'yes' ORDER BY id rlm_sql_mysql: query: SELECT logins.id, logins.username, radcheck.attribute, logins.pass_lm, radcheck.op FROM radcheck, logins WHERE logins.username = 'marpap' AND radcheck.id='1' AND (SELECT internet_accounts.aktiv FROM internet_accounts, logins WHERE logins.username='marpap' AND logins.account_id = internet_accounts.account_id) = 'yes' ORDER BY id [sql] User found in radcheck table [sql] expand: SELECT logins.id, logins.username, radreply.attribute, logins.pass_lm, radreply.op FROM radreply, logins WHERE logins.username = '%{SQL-User-Name}' AND radreply.id='1' AND (SELECT internet_accounts.aktiv FROM internet_accounts, logins WHERE logins.username='%{SQL-User-Name}' AND logins.account_id = internet_accounts.account_id) = 'yes' ORDER BY id -> SELECT logins.id, logins.username, radreply.attribute, logins.pass_lm, radreply.op FROM radreply, logins WHERE logins.username = 'marpap' AND radreply.id='1' AND (SELECT internet_accounts.aktiv FROM internet_accounts, logins WHERE logins.username='marpap' AND logins.account_id = internet_accounts.account_id) = 'yes' ORDER BY id rlm_sql_mysql: query: SELECT logins.id, logins.username, radreply.attribute, logins.pass_lm, radreply.op FROM radreply, logins WHERE logins.username = 'marpap' AND radreply.id='1' AND (SELECT internet_accounts.aktiv FROM internet_accounts, logins WHERE logins.username='marpap' AND logins.account_id = internet_accounts.account_id) = 'yes' ORDER BY id [sql] expand: SELECT groupname FROM radusergroup WHERE username = '%{SQL-User-Name}' ORDER BY priority -> SELECT groupname FROM radusergroup WHERE username = 'marpap' ORDER BY priority rlm_sql_mysql: query: SELECT groupname FROM radusergroup WHERE username = 'marpap' ORDER BY priority rlm_sql (sql): Released sql socket id: 1 ++[sql] returns ok Found Auth-Type = EAP +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/mschapv2 [eap] processing type mschapv2 [mschapv2] +- entering group MS-CHAP {...} [mschap] No Cleartext-Password configured. Cannot create LM-Password. [mschap] Found NT-Password [mschap] Told to do MS-CHAPv2 for marpap with NT-Password [mschap] adding MS-CHAPv2 MPPE keys ++[mschap] returns ok MSCHAP Success ++[eap] returns handled } # server inner-tunnel [peap] Got tunneled reply code 11 EAP-Message = 0x010900331a0308002e533d30353236444342323142323145443233394546424239413037363239343134344332353942354536 Message-Authenticator = 0x00000000000000000000000000000000 State = 0xf0d328dff1da32c653a8b81dca2d1d07 [peap] Got tunneled reply RADIUS code 11 EAP-Message = 0x010900331a0308002e533d30353236444342323142323145443233394546424239413037363239343134344332353942354536 Message-Authenticator = 0x00000000000000000000000000000000 State = 0xf0d328dff1da32c653a8b81dca2d1d07 [peap] Got tunneled Access-Challenge ++[eap] returns handled Sending Access-Challenge of id 9 to 172.20.160.171 port 1812 EAP-Message = 0x0109005b1900170301005017a3a02c28820c047a06d62f0a2f2e30a8501c919a40426b8c6bb7b26dae2a52c5f65713700c8357e92a0c5e2767eaa6d91058d996c754ef5404b13473395d1de1e107dbf8031d8a634aaeae0decd8ce Message-Authenticator = 0x00000000000000000000000000000000 State = 0xe259fe12e550e72c7c464fa29a32360e Finished request 7. Going to the next request Waking up in 0.9 seconds. Cleaning up request 3 ID 5 with timestamp +8 Waking up in 1.0 seconds. rad_recv: Access-Request packet from host 172.20.160.171 port 1812, id=10, length=222 User-Name = "marpap" Framed-MTU = 1400 NAS-Port-Type = Wireless-802.11 NAS-Port = 0 NAS-Identifier = "default\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000" Calling-Station-Id = "00-60-b3-63-4e-03" EAP-Message = 0x0209005019001703010020ea45ba7ab2126e05b40327975bb649779f732691225d8b13c8095e196ceef48c170301002017fcf2f1e53c0a8fc2b1cd312abd77e62e0306c7d4f4bcc6fe2f24f04ee35732 State = 0xe259fe12e550e72c7c464fa29a32360e NAS-IP-Address = 172.20.160.171 Message-Authenticator = 0xb6867159aae4b6a8241660c47a794da2 +- entering group authorize {...} ++[preprocess] returns ok ++[mschap] returns noop [eap] EAP packet type response id 9 length 80 [eap] Continuing tunnel setup. ++[eap] returns ok Found Auth-Type = EAP +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/peap [eap] processing type peap [peap] processing EAP-TLS [peap] eaptls_verify returned 7 [peap] Done initial handshake [peap] eaptls_process returned 7 [peap] EAPTLS_OK [peap] Session established. Decoding tunneled attributes. [peap] EAP type mschapv2 [peap] Got tunneled request EAP-Message = 0x020900061a03 server { PEAP: Setting User-Name to marpap Sending tunneled request EAP-Message = 0x020900061a03 FreeRADIUS-Proxied-To = 127.0.0.1 User-Name = "marpap" State = 0xf0d328dff1da32c653a8b81dca2d1d07 server inner-tunnel { +- entering group authorize {...} ++[control] returns notfound [eap] EAP packet type response id 9 length 6 [eap] No EAP Start, assuming it's an on-going EAP conversation ++[eap] returns updated [sql] expand: %{User-Name} -> marpap [sql] sql_set_user escaped user --> 'marpap' rlm_sql (sql): Reserving sql socket id: 0 [sql] expand: SELECT logins.id, logins.username, radcheck.attribute, logins.pass_lm, radcheck.op FROM radcheck, logins WHERE logins.username = '%{SQL-User-Name}' AND radcheck.id='1' AND (SELECT internet_accounts.aktiv FROM internet_accounts, logins WHERE logins.username='%{SQL-User-Name}' AND logins.account_id = internet_accounts.account_id) = 'yes' ORDER BY id -> SELECT logins.id, logins.username, radcheck.attribute, logins.pass_lm, radcheck.op FROM radcheck, logins WHERE logins.username = 'marpap' AND radcheck.id='1' AND (SELECT internet_accounts.aktiv FROM internet_accounts, logins WHERE logins.username='marpap' AND logins.account_id = internet_accounts.account_id) = 'yes' ORDER BY id rlm_sql_mysql: query: SELECT logins.id, logins.username, radcheck.attribute, logins.pass_lm, radcheck.op FROM radcheck, logins WHERE logins.username = 'marpap' AND radcheck.id='1' AND (SELECT internet_accounts.aktiv FROM internet_accounts, logins WHERE logins.username='marpap' AND logins.account_id = internet_accounts.account_id) = 'yes' ORDER BY id [sql] User found in radcheck table [sql] expand: SELECT logins.id, logins.username, radreply.attribute, logins.pass_lm, radreply.op FROM radreply, logins WHERE logins.username = '%{SQL-User-Name}' AND radreply.id='1' AND (SELECT internet_accounts.aktiv FROM internet_accounts, logins WHERE logins.username='%{SQL-User-Name}' AND logins.account_id = internet_accounts.account_id) = 'yes' ORDER BY id -> SELECT logins.id, logins.username, radreply.attribute, logins.pass_lm, radreply.op FROM radreply, logins WHERE logins.username = 'marpap' AND radreply.id='1' AND (SELECT internet_accounts.aktiv FROM internet_accounts, logins WHERE logins.username='marpap' AND logins.account_id = internet_accounts.account_id) = 'yes' ORDER BY id rlm_sql_mysql: query: SELECT logins.id, logins.username, radreply.attribute, logins.pass_lm, radreply.op FROM radreply, logins WHERE logins.username = 'marpap' AND radreply.id='1' AND (SELECT internet_accounts.aktiv FROM internet_accounts, logins WHERE logins.username='marpap' AND logins.account_id = internet_accounts.account_id) = 'yes' ORDER BY id [sql] expand: SELECT groupname FROM radusergroup WHERE username = '%{SQL-User-Name}' ORDER BY priority -> SELECT groupname FROM radusergroup WHERE username = 'marpap' ORDER BY priority rlm_sql_mysql: query: SELECT groupname FROM radusergroup WHERE username = 'marpap' ORDER BY priority rlm_sql (sql): Released sql socket id: 0 ++[sql] returns ok Found Auth-Type = EAP +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/mschapv2 [eap] processing type mschapv2 [eap] Freeing handler ++[eap] returns ok WARNING: Empty section. Using default return values. } # server inner-tunnel [peap] Got tunneled reply code 2 EAP-Message = 0x03090004 Message-Authenticator = 0x00000000000000000000000000000000 User-Name = "marpap" [peap] Got tunneled reply RADIUS code 2 EAP-Message = 0x03090004 Message-Authenticator = 0x00000000000000000000000000000000 User-Name = "marpap" [peap] Tunneled authentication was successful. [peap] SUCCESS ++[eap] returns handled Sending Access-Challenge of id 10 to 172.20.160.171 port 1812 EAP-Message = 0x010a003b190017030100308d1101b1c350d4328ebe3ce50675f915848a0c09c7ac0114cc569409948903d28694d60747d490ad19887f2e657a701a Message-Authenticator = 0x00000000000000000000000000000000 State = 0xe259fe12ea53e72c7c464fa29a32360e Finished request 8. Going to the next request Waking up in 0.9 seconds. Cleaning up request 4 ID 6 with timestamp +9 Waking up in 1.0 seconds. rad_recv: Access-Request packet from host 172.20.160.171 port 1812, id=11, length=238 User-Name = "marpap" Framed-MTU = 1400 NAS-Port-Type = Wireless-802.11 NAS-Port = 0 NAS-Identifier = "default\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000" Calling-Station-Id = "00-60-b3-63-4e-03" EAP-Message = 0x020a0060190017030100201246b2d46e1ba6b660948078c75ecb1c32333ae90a280a5b371b072cb28a65231703010030bcbc8fec75782b5f139c2a090733a5602a62fb27f26f5cbcf02425c34279a49107f659f3775b8a533cd226fc6588c2f1 State = 0xe259fe12ea53e72c7c464fa29a32360e NAS-IP-Address = 172.20.160.171 Message-Authenticator = 0x5233cb5b3343b5ea0db86d94bf4150d9 +- entering group authorize {...} ++[preprocess] returns ok ++[mschap] returns noop [eap] EAP packet type response id 10 length 96 [eap] Continuing tunnel setup. ++[eap] returns ok Found Auth-Type = EAP +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/peap [eap] processing type peap [peap] processing EAP-TLS [peap] eaptls_verify returned 7 [peap] Done initial handshake [peap] eaptls_process returned 7 [peap] EAPTLS_OK [peap] Session established. Decoding tunneled attributes. [peap] Received EAP-TLV response. [peap] Success [eap] Freeing handler ++[eap] returns ok +- entering group post-auth {...} ++[reply] returns noop [sql] expand: %{User-Name} -> marpap [sql] sql_set_user escaped user --> 'marpap' [sql] expand: %{User-Password} -> [sql] ... expanding second conditional [sql] expand: %{Chap-Password} -> [sql] expand: INSERT INTO radpostauth (username, pass, reply, authdate) VALUES ( '%{User-Name}', '%{%{User-Password}:-%{Chap-Password}}', '%{reply:Packet-Type}', '%S') -> INSERT INTO radpostauth (username, pass, reply, authdate) VALUES ( 'marpap', '', 'Access-Accept', '2010-08-31 17:59:05') [sql] expand: /var/log/freeradius/sqltrace.sql -> /var/log/freeradius/sqltrace.sql rlm_sql (sql) in sql_postauth: query is INSERT INTO radpostauth (username, pass, reply, authdate) VALUES ( 'marpap', '', 'Access-Accept', '2010-08-31 17:59:05') rlm_sql (sql): Reserving sql socket id: 4 rlm_sql_mysql: query: INSERT INTO radpostauth (username, pass, reply, authdate) VALUES ( 'marpap', '', 'Access-Accept', '2010-08-31 17:59:05') rlm_sql (sql): Released sql socket id: 4 ++[sql] returns ok ++[exec] returns noop Sending Access-Accept of id 11 to 172.20.160.171 port 1812 MS-MPPE-Recv-Key = 0x35b16df4a592e9da418da46ab5164210166ad66293fd8831c5dec7d2f7eb1a8d MS-MPPE-Send-Key = 0x0709cee111f7985f495c7208fe4ceb3b57b1657f9fc10762578ba41ba9727b85 EAP-Message = 0x030a0004 Message-Authenticator = 0x00000000000000000000000000000000 User-Name = "marpap" Tunnel-Type:0 = VLAN Tunnel-Medium-Type:0 = IEEE-802 Tunnel-Private-Group-Id:0 = "123" Finished request 9. Going to the next request Waking up in 0.9 seconds. Cleaning up request 5 ID 7 with timestamp +10 Waking up in 1.0 seconds. Cleaning up request 6 ID 8 with timestamp +11 Waking up in 0.9 seconds. Cleaning up request 7 ID 9 with timestamp +12 Waking up in 0.9 seconds. Cleaning up request 8 ID 10 with timestamp +13 Waking up in 0.9 seconds. Cleaning up request 9 ID 11 with timestamp +14 Ready to process requests.
Alan DeKok schrieb:
Marten Pape wrote:
Now my goal is to tell the NAS to assign every wifi-packet to a certain VLAN. I don't need to have a dynamic assignment of VLAN based on usernames or something else. One VLAN would be sufficient.
You can assign the vlan in the "post-auth" section.
Now, I added this answer to the sites-available/default -> post-auth section: update reply { Tunnel-Type := 13 Tunnel-Medium-Type = 6 Tunnel-Private-Group-ID = 123 } But the access point doesn't seem to tag this traffic with the vlan-ID 123. As far as I know, this access point is able to do that. Do you see anything else going wrong? The debug log of a new connection try is attached below.
The solution I found was to insert the following lines into the radgroupreply table (splitted up into the correct columns...): Tunnel-Type = 13 Tunnel-Medium-Type = 6 Tunnel-Private-Group-Id = 10
After I've done this entry, I hoped that it would work, but it didn't.
From the debug log you posted, it's clear that you didn't enable the "sql" module in the "authorize" section.
Well, the thing is, that is is enabled in both files - "default" and "inner-tunnel" (virtual servers) Thanks, Marten Pape
Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
================================================ ==========debug log================================ ================================================ rad_recv: Access-Request packet from host 172.20.160.171 port 1812, id=2, length=135 User-Name = "marpap" Framed-MTU = 1400 NAS-Port-Type = Wireless-802.11 NAS-Port = 0 NAS-Identifier = "default\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000" Calling-Station-Id = "00-60-b3-63-4e-03" EAP-Message = 0x0201000b016d6172706170 NAS-IP-Address = 172.20.160.171 Message-Authenticator = 0x4c68db4ae1e988fdc7b61ccd1375f3b7 +- entering group authorize {...} ++[preprocess] returns ok ++[mschap] returns noop [eap] EAP packet type response id 1 length 11 [eap] No EAP Start, assuming it's an on-going EAP conversation ++[eap] returns updated [sql] expand: %{User-Name} -> marpap [sql] sql_set_user escaped user --> 'marpap' rlm_sql (sql): Reserving sql socket id: 4 [sql] expand: SELECT logins.id, logins.username, radcheck.attribute, logins.pass_lm, radcheck.op FROM radcheck, logins WHERE logins.username = '%{SQL-User-Name}' AND radcheck.id='1' AND (SELECT internet_accounts.aktiv FROM internet_accounts, logins WHERE logins.username='%{SQL-User-Name}' AND logins.account_id = internet_accounts.account_id) = 'yes' ORDER BY id -> SELECT logins.id, logins.username, radcheck.attribute, logins.pass_lm, radcheck.op FROM radcheck, logins WHERE logins.username = 'marpap' AND radcheck.id='1' AND (SELECT internet_accounts.aktiv FROM internet_accounts, logins WHERE logins.username='marpap' AND logins.account_id = internet_accounts.account_id) = 'yes' ORDER BY id rlm_sql_mysql: query: SELECT logins.id, logins.username, radcheck.attribute, logins.pass_lm, radcheck.op FROM radcheck, logins WHERE logins.username = 'marpap' AND radcheck.id='1' AND (SELECT internet_accounts.aktiv FROM internet_accounts, logins WHERE logins.username='marpap' AND logins.account_id = internet_accounts.account_id) = 'yes' ORDER BY id [sql] User found in radcheck table [sql] expand: SELECT logins.id, logins.username, radreply.attribute, logins.pass_lm, radreply.op FROM radreply, logins WHERE logins.username = '%{SQL-User-Name}' AND radreply.id='1' AND (SELECT internet_accounts.aktiv FROM internet_accounts, logins WHERE logins.username='%{SQL-User-Name}' AND logins.account_id = internet_accounts.account_id) = 'yes' ORDER BY id -> SELECT logins.id, logins.username, radreply.attribute, logins.pass_lm, radreply.op FROM radreply, logins WHERE logins.username = 'marpap' AND radreply.id='1' AND (SELECT internet_accounts.aktiv FROM internet_accounts, logins WHERE logins.username='marpap' AND logins.account_id = internet_accounts.account_id) = 'yes' ORDER BY id rlm_sql_mysql: query: SELECT logins.id, logins.username, radreply.attribute, logins.pass_lm, radreply.op FROM radreply, logins WHERE logins.username = 'marpap' AND radreply.id='1' AND (SELECT internet_accounts.aktiv FROM internet_accounts, logins WHERE logins.username='marpap' AND logins.account_id = internet_accounts.account_id) = 'yes' ORDER BY id [sql] expand: SELECT groupname FROM radusergroup WHERE username = '%{SQL-User-Name}' ORDER BY priority -> SELECT groupname FROM radusergroup WHERE username = 'marpap' ORDER BY priority rlm_sql_mysql: query: SELECT groupname FROM radusergroup WHERE username = 'marpap' ORDER BY priority rlm_sql (sql): Released sql socket id: 4 ++[sql] returns ok Found Auth-Type = EAP +- entering group authenticate {...} [eap] EAP Identity [eap] processing type md5 rlm_eap_md5: Issuing Challenge ++[eap] returns handled Sending Access-Challenge of id 2 to 172.20.160.171 port 1812 EAP-Message = 0x010200160410cc89b3225a82d01a8654a32775f9e4f6 Message-Authenticator = 0x00000000000000000000000000000000 State = 0xe259fe12e25bfa2c7c464fa29a32360e Finished request 0. Going to the next request Waking up in 4.9 seconds. rad_recv: Access-Request packet from host 172.20.160.171 port 1812, id=3, length=148 User-Name = "marpap" Framed-MTU = 1400 NAS-Port-Type = Wireless-802.11 NAS-Port = 0 NAS-Identifier = "default\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000" Calling-Station-Id = "00-60-b3-63-4e-03" EAP-Message = 0x020200060319 State = 0xe259fe12e25bfa2c7c464fa29a32360e NAS-IP-Address = 172.20.160.171 Message-Authenticator = 0xfb2d0002328c7451026bb0e9277431bf +- entering group authorize {...} ++[preprocess] returns ok ++[mschap] returns noop [eap] EAP packet type response id 2 length 6 [eap] No EAP Start, assuming it's an on-going EAP conversation ++[eap] returns updated [sql] expand: %{User-Name} -> marpap [sql] sql_set_user escaped user --> 'marpap' rlm_sql (sql): Reserving sql socket id: 3 [sql] expand: SELECT logins.id, logins.username, radcheck.attribute, logins.pass_lm, radcheck.op FROM radcheck, logins WHERE logins.username = '%{SQL-User-Name}' AND radcheck.id='1' AND (SELECT internet_accounts.aktiv FROM internet_accounts, logins WHERE logins.username='%{SQL-User-Name}' AND logins.account_id = internet_accounts.account_id) = 'yes' ORDER BY id -> SELECT logins.id, logins.username, radcheck.attribute, logins.pass_lm, radcheck.op FROM radcheck, logins WHERE logins.username = 'marpap' AND radcheck.id='1' AND (SELECT internet_accounts.aktiv FROM internet_accounts, logins WHERE logins.username='marpap' AND logins.account_id = internet_accounts.account_id) = 'yes' ORDER BY id rlm_sql_mysql: query: SELECT logins.id, logins.username, radcheck.attribute, logins.pass_lm, radcheck.op FROM radcheck, logins WHERE logins.username = 'marpap' AND radcheck.id='1' AND (SELECT internet_accounts.aktiv FROM internet_accounts, logins WHERE logins.username='marpap' AND logins.account_id = internet_accounts.account_id) = 'yes' ORDER BY id [sql] User found in radcheck table [sql] expand: SELECT logins.id, logins.username, radreply.attribute, logins.pass_lm, radreply.op FROM radreply, logins WHERE logins.username = '%{SQL-User-Name}' AND radreply.id='1' AND (SELECT internet_accounts.aktiv FROM internet_accounts, logins WHERE logins.username='%{SQL-User-Name}' AND logins.account_id = internet_accounts.account_id) = 'yes' ORDER BY id -> SELECT logins.id, logins.username, radreply.attribute, logins.pass_lm, radreply.op FROM radreply, logins WHERE logins.username = 'marpap' AND radreply.id='1' AND (SELECT internet_accounts.aktiv FROM internet_accounts, logins WHERE logins.username='marpap' AND logins.account_id = internet_accounts.account_id) = 'yes' ORDER BY id rlm_sql_mysql: query: SELECT logins.id, logins.username, radreply.attribute, logins.pass_lm, radreply.op FROM radreply, logins WHERE logins.username = 'marpap' AND radreply.id='1' AND (SELECT internet_accounts.aktiv FROM internet_accounts, logins WHERE logins.username='marpap' AND logins.account_id = internet_accounts.account_id) = 'yes' ORDER BY id [sql] expand: SELECT groupname FROM radusergroup WHERE username = '%{SQL-User-Name}' ORDER BY priority -> SELECT groupname FROM radusergroup WHERE username = 'marpap' ORDER BY priority rlm_sql_mysql: query: SELECT groupname FROM radusergroup WHERE username = 'marpap' ORDER BY priority rlm_sql (sql): Released sql socket id: 3 ++[sql] returns ok Found Auth-Type = EAP +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP NAK [eap] EAP-NAK asked for EAP-Type/peap [eap] processing type tls [tls] Initiate [tls] Start returned 1 ++[eap] returns handled Sending Access-Challenge of id 3 to 172.20.160.171 port 1812 EAP-Message = 0x010300061920 Message-Authenticator = 0x00000000000000000000000000000000 State = 0xe259fe12e35ae72c7c464fa29a32360e Finished request 1. Going to the next request Waking up in 4.7 seconds. rad_recv: Access-Request packet from host 172.20.160.171 port 1812, id=4, length=407 User-Name = "marpap" Framed-MTU = 1400 NAS-Port-Type = Wireless-802.11 NAS-Port = 0 NAS-Identifier = "default\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000" Calling-Station-Id = "00-60-b3-63-4e-03" EAP-Message = 0x020301071980000000fd16030100f8010000f403014c7d20f3fa216ccffbe4c3766774a615b3df331dd1b6c5a8e71d6418f000af1300002600390038003500160013000a00330032002f000500040015001200090014001100080006000302010000a4002300a06f3f44d1030e19f01a26014ebb90bb4d30ebedf651941a44c981c2725fa7f74d497304a67e3fcc2a3238341f64c879a94462bb6ec961c0d0c30f1e7aab938ab83be023485226f47cab774aab19cdec8869894da7545c478fffe6a2bf0323a2cf6e0b6e281c20cd9cc341d2da3ba4dfc637cbd82e61a0c31c166878c05b5ea6c22786596da21587619cff7e60f02c26cc6428b89a6557 EAP-Message = 0xb602f6a821cd661755c5 State = 0xe259fe12e35ae72c7c464fa29a32360e NAS-IP-Address = 172.20.160.171 Message-Authenticator = 0xb64933ff5487a81eb73845fe3b883de1 +- entering group authorize {...} ++[preprocess] returns ok ++[mschap] returns noop [eap] EAP packet type response id 3 length 253 [eap] Continuing tunnel setup. ++[eap] returns ok Found Auth-Type = EAP +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/peap [eap] processing type peap [peap] processing EAP-TLS TLS Length 253 [peap] Length Included [peap] eaptls_verify returned 11 [peap] (other): before/accept initialization [peap] TLS_accept: before/accept initialization [peap] <<< TLS 1.0 Handshake [length 00f8], ClientHello [peap] TLS_accept: SSLv3 read client hello A [peap] >>> TLS 1.0 Handshake [length 0030], ServerHello [peap] TLS_accept: SSLv3 write server hello A [peap] >>> TLS 1.0 Handshake [length 066b], Certificate [peap] TLS_accept: SSLv3 write certificate A [peap] >>> TLS 1.0 Handshake [length 010d], ServerKeyExchange [peap] TLS_accept: SSLv3 write key exchange A [peap] >>> TLS 1.0 Handshake [length 0004], ServerHelloDone [peap] TLS_accept: SSLv3 write server done A [peap] TLS_accept: SSLv3 flush data [peap] TLS_accept: Need to read more data: SSLv3 read client certificate A In SSL Handshake Phase In SSL Accept mode [peap] eaptls_process returned 13 [peap] EAPTLS_HANDLED ++[eap] returns handled Sending Access-Challenge of id 4 to 172.20.160.171 port 1812 EAP-Message = 0x0104040019c0000007c016030100300200002c03014c7d26c25b5679783a15c69df1d7e20cf3e8a8d601a8b4a8b0d90d816944de6900003901000400230000160301066b0b0006670006640002cb308202c730820230a003020102020101300d06092a864886f70d0101050500308192310b3009060355040613024445310b300906035504081302425731143012060355040a130b41424820756e642052534831183016060355040b130f496e7465726e65747475746f72656e311830160603550403130f496e7465726e65747475746f72656e312c302a06092a864886f70d010901161d696e7465726e6574406162682e756e692d6b61726c737275 EAP-Message = 0x68652e6465301e170d3130303432393132353032305a170d3131303432393132353032305a3081a6310b3009060355040613024445310b300906035504081302425731123010060355040713094b61726c737275686531143012060355040a130b41424820756e642052534831183016060355040b130f496e7465726e65747475746f72656e311830160603550403130f496e7465726e65747475746f72656e312c302a06092a864886f70d010901161d696e7465726e6574406162682e756e692d6b61726c73727568652e646530819f300d06092a864886f70d010101050003818d0030818902818100e37557356ce2962b24717823a65441ba1bcf EAP-Message = 0x86283adbe99e40434effc0828ffdd4310d26c5d6a6b394c9e6de115e8a1dfe28c044dc5a8c42de5116cc21fd09b9d755bde7e08b9915ab79bf5fe6aed64e54e7fb4493bd5744310d0deea244a55f235f3d8cf20f759c59de8248cc8a60f246ee46197100d9859e20e21baa2230250203010001a317301530130603551d25040c300a06082b06010505070301300d06092a864886f70d0101050500038181004eeb94bcddd320b658bc280887659ff063462714947a0b8c5755bc3868c8407395974494f6b519671a1987a73c3595c6fe5466b0a99d40548fd6036cedcb4a5aa0cd364b3e7d16cf4955381ada37724840a29709975f823293e29bda0fd0 EAP-Message = 0x21972fe49cd753d971dcde764b8a60ec5e424ed95c54aaacbc89a92daee26094c01b0003933082038f308202f8a003020102020100300d06092a864886f70d0101050500308192310b3009060355040613024445310b300906035504081302425731143012060355040a130b41424820756e642052534831183016060355040b130f496e7465726e65747475746f72656e311830160603550403130f496e7465726e65747475746f72656e312c302a06092a864886f70d010901161d696e7465726e6574406162682e756e692d6b61726c73727568652e6465301e170d3130303432393132333933315a170d3133303432383132333933315a30819231 EAP-Message = 0x0b3009060355040613024445 Message-Authenticator = 0x00000000000000000000000000000000 State = 0xe259fe12e05de72c7c464fa29a32360e Finished request 2. Going to the next request Waking up in 3.7 seconds. rad_recv: Access-Request packet from host 172.20.160.171 port 1812, id=5, length=148 User-Name = "marpap" Framed-MTU = 1400 NAS-Port-Type = Wireless-802.11 NAS-Port = 0 NAS-Identifier = "default\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000" Calling-Station-Id = "00-60-b3-63-4e-03" EAP-Message = 0x020400061900 State = 0xe259fe12e05de72c7c464fa29a32360e NAS-IP-Address = 172.20.160.171 Message-Authenticator = 0xbe1d186150159736a954c6531efa002c +- entering group authorize {...} ++[preprocess] returns ok ++[mschap] returns noop [eap] EAP packet type response id 4 length 6 [eap] Continuing tunnel setup. ++[eap] returns ok Found Auth-Type = EAP +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/peap [eap] processing type peap [peap] processing EAP-TLS [peap] Received TLS ACK [peap] ACK handshake fragment handler [peap] eaptls_verify returned 1 [peap] eaptls_process returned 13 [peap] EAPTLS_HANDLED ++[eap] returns handled Sending Access-Challenge of id 5 to 172.20.160.171 port 1812 EAP-Message = 0x010503d01900310b300906035504081302425731143012060355040a130b41424820756e642052534831183016060355040b130f496e7465726e65747475746f72656e311830160603550403130f496e7465726e65747475746f72656e312c302a06092a864886f70d010901161d696e7465726e6574406162682e756e692d6b61726c73727568652e646530819f300d06092a864886f70d010101050003818d0030818902818100c111b48452ef2ce1ed2f09ae837d35631ae023ed67b8c0f4e954280344bed7b623a40a1e8f44dd778d8f9e4b4c7d1fc52b9c0c0bece2446a7a742b7974df4fde3c2277f9e1c3afb0b633f2e6d146a85ca1d6b0a6ff EAP-Message = 0x7e198320efe37208296b8b974b42024adeb4b4a8fec17666ef702f5a0406bb9d506e79613d2e02ce4171590203010001a381f23081ef301d0603551d0e04160414e6292f8ee610197b0e952c3ceaee6de6898029253081bf0603551d230481b73081b48014e6292f8ee610197b0e952c3ceaee6de689802925a18198a48195308192310b3009060355040613024445310b300906035504081302425731143012060355040a130b41424820756e642052534831183016060355040b130f496e7465726e65747475746f72656e311830160603550403130f496e7465726e65747475746f72656e312c302a06092a864886f70d010901161d696e7465726e EAP-Message = 0x6574406162682e756e692d6b61726c73727568652e6465820100300c0603551d13040530030101ff300d06092a864886f70d010105050003818100a4f951a1a0cf7d1d9ea06b944351512c3f498fedca5da170a3ca057c2e03d143d37ad8bafe2f647afc67f99191c0b14e891323c7f2a2dc2babcfec7959a9ab88b5f66235d586b6eb13541338e2db423c3b3ace184be71bb8e1538f37880d2ce2501fe1f3c3fb22b1eeb6af7fb180e91d037109f6df113f8001fbc00bdf752289160301010d0c00010900409a1fe380d6584eedb413c8212ecff8cb0671793d5baf315842054b754ed5aeb883ea1bee3bc8843ddaf1aa6d8a604ce0f478ba662c0584 EAP-Message = 0x7de987277998c963ab0001020040379238420cf45d32ee9ed5dfdf3107fd726373dfcd34e425f7d9f0107f6cf6c67490032b2e37954bea5f4c58fa0a373cd5692b71194546b24c1bb92444fbf2df0080be55fa60e63eceb40fd8c34486d5f76fc8ffeefb483139c55657ffd755ea15dd306f67946f33fcb990dbbd5dfdc7a6ef9ed7307d175c00747278ebd8989ae3b7363866caea9b0ca6bd8e93eda3c64fe19d215db5c69a49414730f72ce0d557b5f259d48cd19ea73b1ce25a77e23452ea36671c4fbd7777a3353f40371e2b6c0916030100040e000000 Message-Authenticator = 0x00000000000000000000000000000000 State = 0xe259fe12e15ce72c7c464fa29a32360e Finished request 3. Going to the next request Waking up in 2.7 seconds. rad_recv: Access-Request packet from host 172.20.160.171 port 1812, id=6, length=286 User-Name = "marpap" Framed-MTU = 1400 NAS-Port-Type = Wireless-802.11 NAS-Port = 0 NAS-Identifier = "default\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000" Calling-Station-Id = "00-60-b3-63-4e-03" EAP-Message = 0x02050090198000000086160301004610000042004086ff635b6acd5edf3bbdeb989141e8aacf8f374c373dd882d88ed24328f184363c5f0d3034135aeed659c48e3eddeeba361ee37ff418c94051213436a2ce322514030100010116030100308d883a4e915796bfadced45c11620bf8ab5943d0d3b23f67029d2696b6cfba3c4bb39b004274d45af9383e7b65a64a8c State = 0xe259fe12e15ce72c7c464fa29a32360e NAS-IP-Address = 172.20.160.171 Message-Authenticator = 0x9bc8be05544e6e946523cc2a2cd6f950 +- entering group authorize {...} ++[preprocess] returns ok ++[mschap] returns noop [eap] EAP packet type response id 5 length 144 [eap] Continuing tunnel setup. ++[eap] returns ok Found Auth-Type = EAP +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/peap [eap] processing type peap [peap] processing EAP-TLS TLS Length 134 [peap] Length Included [peap] eaptls_verify returned 11 [peap] <<< TLS 1.0 Handshake [length 0046], ClientKeyExchange [peap] TLS_accept: SSLv3 read client key exchange A [peap] <<< TLS 1.0 ChangeCipherSpec [length 0001] [peap] <<< TLS 1.0 Handshake [length 0010], Finished [peap] TLS_accept: SSLv3 read finished A [peap] >>> TLS 1.0 Handshake [length 00aa]??? [peap] TLS_accept: unknown state [peap] >>> TLS 1.0 ChangeCipherSpec [length 0001] [peap] TLS_accept: SSLv3 write change cipher spec A [peap] >>> TLS 1.0 Handshake [length 0010], Finished [peap] TLS_accept: SSLv3 write finished A [peap] TLS_accept: SSLv3 flush data [peap] (other): SSL negotiation finished successfully SSL Connection Established [peap] eaptls_process returned 13 [peap] EAPTLS_HANDLED ++[eap] returns handled Sending Access-Challenge of id 6 to 172.20.160.171 port 1812 EAP-Message = 0x010600f0190016030100aa040000a60000000000a0cf73dfba597c06dd86bb94a2b382e913bc6b8bc5e660d5f86ff3707aeab944ddf1d4bebeffd1afd0154af8fd2e551d8168209a799662bfe471cdf2a2707205cc8236d1ec06f44d75910ada87a68160569275f406c0b0d12eeb51594d1c9efe026d2c5d1a971e2a56f9dcfce385e335b1e0ad7c8bc23e720aa0ce542f3002d8d6948a0042dde52904ee0b104121d0d5190973d56a37372c6a86ba216031e81b091403010001011603010030d3783002e4f5fbaf016aa04bce082458dfcfe4cf932b4d264bab5e3f83d62cac67cf557a75c9590667105a2451962373 Message-Authenticator = 0x00000000000000000000000000000000 State = 0xe259fe12e65fe72c7c464fa29a32360e Finished request 4. Going to the next request Waking up in 1.7 seconds. rad_recv: Access-Request packet from host 172.20.160.171 port 1812, id=7, length=148 User-Name = "marpap" Framed-MTU = 1400 NAS-Port-Type = Wireless-802.11 NAS-Port = 0 NAS-Identifier = "default\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000" Calling-Station-Id = "00-60-b3-63-4e-03" EAP-Message = 0x020600061900 State = 0xe259fe12e65fe72c7c464fa29a32360e NAS-IP-Address = 172.20.160.171 Message-Authenticator = 0xbd22b652240bed2cae865dd7d624f7df +- entering group authorize {...} ++[preprocess] returns ok ++[mschap] returns noop [eap] EAP packet type response id 6 length 6 [eap] Continuing tunnel setup. ++[eap] returns ok Found Auth-Type = EAP +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/peap [eap] processing type peap [peap] processing EAP-TLS [peap] Received TLS ACK [peap] ACK handshake is finished [peap] eaptls_verify returned 3 [peap] eaptls_process returned 3 [peap] EAPTLS_SUCCESS ++[eap] returns handled Sending Access-Challenge of id 7 to 172.20.160.171 port 1812 EAP-Message = 0x0107002b190017030100203cdcb53ac51156f2c11810063c218c6481a6451c580fe83d6b014b56207e88d9 Message-Authenticator = 0x00000000000000000000000000000000 State = 0xe259fe12e75ee72c7c464fa29a32360e Finished request 5. Going to the next request Waking up in 0.7 seconds. Cleaning up request 0 ID 2 with timestamp +6 Waking up in 0.2 seconds. Cleaning up request 1 ID 3 with timestamp +6 Waking up in 1.0 seconds. rad_recv: Access-Request packet from host 172.20.160.171 port 1812, id=8, length=238 User-Name = "marpap" Framed-MTU = 1400 NAS-Port-Type = Wireless-802.11 NAS-Port = 0 NAS-Identifier = "default\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000" Calling-Station-Id = "00-60-b3-63-4e-03" EAP-Message = 0x02070060190017030100202b298c4cb2829f58d430afcd835386a5f1d8d5406a4ecfe378729bd47041c4ba170301003060ae2c4208d05100e3d595095b3e3f9908f1954b2f1a310c889c623d751d0037feff76628ac672c3f8f7d82e29c2bfd8 State = 0xe259fe12e75ee72c7c464fa29a32360e NAS-IP-Address = 172.20.160.171 Message-Authenticator = 0xaf8eafe2466000e8be56847385ea807e +- entering group authorize {...} ++[preprocess] returns ok ++[mschap] returns noop [eap] EAP packet type response id 7 length 96 [eap] Continuing tunnel setup. ++[eap] returns ok Found Auth-Type = EAP +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/peap [eap] processing type peap [peap] processing EAP-TLS [peap] eaptls_verify returned 7 [peap] Done initial handshake [peap] eaptls_process returned 7 [peap] EAPTLS_OK [peap] Session established. Decoding tunneled attributes. [peap] Identity - marpap [peap] Got tunneled request EAP-Message = 0x0207000b016d6172706170 server { PEAP: Got tunneled identity of marpap PEAP: Setting default EAP type for tunneled EAP session. PEAP: Setting User-Name to marpap Sending tunneled request EAP-Message = 0x0207000b016d6172706170 FreeRADIUS-Proxied-To = 127.0.0.1 User-Name = "marpap" server inner-tunnel { +- entering group authorize {...} ++[control] returns notfound [eap] EAP packet type response id 7 length 11 [eap] No EAP Start, assuming it's an on-going EAP conversation ++[eap] returns updated [sql] expand: %{User-Name} -> marpap [sql] sql_set_user escaped user --> 'marpap' rlm_sql (sql): Reserving sql socket id: 2 [sql] expand: SELECT logins.id, logins.username, radcheck.attribute, logins.pass_lm, radcheck.op FROM radcheck, logins WHERE logins.username = '%{SQL-User-Name}' AND radcheck.id='1' AND (SELECT internet_accounts.aktiv FROM internet_accounts, logins WHERE logins.username='%{SQL-User-Name}' AND logins.account_id = internet_accounts.account_id) = 'yes' ORDER BY id -> SELECT logins.id, logins.username, radcheck.attribute, logins.pass_lm, radcheck.op FROM radcheck, logins WHERE logins.username = 'marpap' AND radcheck.id='1' AND (SELECT internet_accounts.aktiv FROM internet_accounts, logins WHERE logins.username='marpap' AND logins.account_id = internet_accounts.account_id) = 'yes' ORDER BY id rlm_sql_mysql: query: SELECT logins.id, logins.username, radcheck.attribute, logins.pass_lm, radcheck.op FROM radcheck, logins WHERE logins.username = 'marpap' AND radcheck.id='1' AND (SELECT internet_accounts.aktiv FROM internet_accounts, logins WHERE logins.username='marpap' AND logins.account_id = internet_accounts.account_id) = 'yes' ORDER BY id [sql] User found in radcheck table [sql] expand: SELECT logins.id, logins.username, radreply.attribute, logins.pass_lm, radreply.op FROM radreply, logins WHERE logins.username = '%{SQL-User-Name}' AND radreply.id='1' AND (SELECT internet_accounts.aktiv FROM internet_accounts, logins WHERE logins.username='%{SQL-User-Name}' AND logins.account_id = internet_accounts.account_id) = 'yes' ORDER BY id -> SELECT logins.id, logins.username, radreply.attribute, logins.pass_lm, radreply.op FROM radreply, logins WHERE logins.username = 'marpap' AND radreply.id='1' AND (SELECT internet_accounts.aktiv FROM internet_accounts, logins WHERE logins.username='marpap' AND logins.account_id = internet_accounts.account_id) = 'yes' ORDER BY id rlm_sql_mysql: query: SELECT logins.id, logins.username, radreply.attribute, logins.pass_lm, radreply.op FROM radreply, logins WHERE logins.username = 'marpap' AND radreply.id='1' AND (SELECT internet_accounts.aktiv FROM internet_accounts, logins WHERE logins.username='marpap' AND logins.account_id = internet_accounts.account_id) = 'yes' ORDER BY id [sql] expand: SELECT groupname FROM radusergroup WHERE username = '%{SQL-User-Name}' ORDER BY priority -> SELECT groupname FROM radusergroup WHERE username = 'marpap' ORDER BY priority rlm_sql_mysql: query: SELECT groupname FROM radusergroup WHERE username = 'marpap' ORDER BY priority rlm_sql (sql): Released sql socket id: 2 ++[sql] returns ok Found Auth-Type = EAP +- entering group authenticate {...} [eap] EAP Identity [eap] processing type mschapv2 rlm_eap_mschapv2: Issuing Challenge ++[eap] returns handled } # server inner-tunnel [peap] Got tunneled reply code 11 EAP-Message = 0x010800201a0108001b10c6b081df2c654a8a679008b2e2710fd06d6172706170 Message-Authenticator = 0x00000000000000000000000000000000 State = 0xf0d328dff0db32c653a8b81dca2d1d07 [peap] Got tunneled reply RADIUS code 11 EAP-Message = 0x010800201a0108001b10c6b081df2c654a8a679008b2e2710fd06d6172706170 Message-Authenticator = 0x00000000000000000000000000000000 State = 0xf0d328dff0db32c653a8b81dca2d1d07 [peap] Got tunneled Access-Challenge ++[eap] returns handled Sending Access-Challenge of id 8 to 172.20.160.171 port 1812 EAP-Message = 0x0108004b19001703010040cc4756e012ff1f167cd3af426d562ac651c31423c3f17f33e094c76b3dcd8cd2cb7880071a9c86e39ce1e98e547c5e2895a12afab3f12e4063a79ef085f183eb Message-Authenticator = 0x00000000000000000000000000000000 State = 0xe259fe12e451e72c7c464fa29a32360e Finished request 6. Going to the next request Waking up in 0.9 seconds. Cleaning up request 2 ID 4 with timestamp +7 rad_recv: Access-Request packet from host 172.20.160.171 port 1812, id=9, length=286 User-Name = "marpap" Framed-MTU = 1400 NAS-Port-Type = Wireless-802.11 NAS-Port = 0 NAS-Identifier = "default\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000" Calling-Station-Id = "00-60-b3-63-4e-03" EAP-Message = 0x0208009019001703010020db117f6a4213a280b8c8b81dc380515a3c51cad1936497f49e4c135a8d32a68c1703010060d899c5bec375f74915ec3830ac88e1af2fe071a96f8e36cb48d28b2aceee47360bc8b810f5f9521fbbf65ca4ca01873d8ebb2d1dcbc0a982056579268993fe86b4a39705c7c625fc95bd9787eca3336611165d19354e8a1c6140634daa94d75e State = 0xe259fe12e451e72c7c464fa29a32360e NAS-IP-Address = 172.20.160.171 Message-Authenticator = 0x394906002929a9ade62c13af2f0fb812 +- entering group authorize {...} ++[preprocess] returns ok ++[mschap] returns noop [eap] EAP packet type response id 8 length 144 [eap] Continuing tunnel setup. ++[eap] returns ok Found Auth-Type = EAP +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/peap [eap] processing type peap [peap] processing EAP-TLS [peap] eaptls_verify returned 7 [peap] Done initial handshake [peap] eaptls_process returned 7 [peap] EAPTLS_OK [peap] Session established. Decoding tunneled attributes. [peap] EAP type mschapv2 [peap] Got tunneled request EAP-Message = 0x020800411a0208003c319638518d9abfbbd6fd487bfc22202f550000000000000000258a4493454de759c37caa281d4f4fff8ef0e602b2507b97006d6172706170 server { PEAP: Setting User-Name to marpap Sending tunneled request EAP-Message = 0x020800411a0208003c319638518d9abfbbd6fd487bfc22202f550000000000000000258a4493454de759c37caa281d4f4fff8ef0e602b2507b97006d6172706170 FreeRADIUS-Proxied-To = 127.0.0.1 User-Name = "marpap" State = 0xf0d328dff0db32c653a8b81dca2d1d07 server inner-tunnel { +- entering group authorize {...} ++[control] returns notfound [eap] EAP packet type response id 8 length 65 [eap] No EAP Start, assuming it's an on-going EAP conversation ++[eap] returns updated [sql] expand: %{User-Name} -> marpap [sql] sql_set_user escaped user --> 'marpap' rlm_sql (sql): Reserving sql socket id: 1 [sql] expand: SELECT logins.id, logins.username, radcheck.attribute, logins.pass_lm, radcheck.op FROM radcheck, logins WHERE logins.username = '%{SQL-User-Name}' AND radcheck.id='1' AND (SELECT internet_accounts.aktiv FROM internet_accounts, logins WHERE logins.username='%{SQL-User-Name}' AND logins.account_id = internet_accounts.account_id) = 'yes' ORDER BY id -> SELECT logins.id, logins.username, radcheck.attribute, logins.pass_lm, radcheck.op FROM radcheck, logins WHERE logins.username = 'marpap' AND radcheck.id='1' AND (SELECT internet_accounts.aktiv FROM internet_accounts, logins WHERE logins.username='marpap' AND logins.account_id = internet_accounts.account_id) = 'yes' ORDER BY id rlm_sql_mysql: query: SELECT logins.id, logins.username, radcheck.attribute, logins.pass_lm, radcheck.op FROM radcheck, logins WHERE logins.username = 'marpap' AND radcheck.id='1' AND (SELECT internet_accounts.aktiv FROM internet_accounts, logins WHERE logins.username='marpap' AND logins.account_id = internet_accounts.account_id) = 'yes' ORDER BY id [sql] User found in radcheck table [sql] expand: SELECT logins.id, logins.username, radreply.attribute, logins.pass_lm, radreply.op FROM radreply, logins WHERE logins.username = '%{SQL-User-Name}' AND radreply.id='1' AND (SELECT internet_accounts.aktiv FROM internet_accounts, logins WHERE logins.username='%{SQL-User-Name}' AND logins.account_id = internet_accounts.account_id) = 'yes' ORDER BY id -> SELECT logins.id, logins.username, radreply.attribute, logins.pass_lm, radreply.op FROM radreply, logins WHERE logins.username = 'marpap' AND radreply.id='1' AND (SELECT internet_accounts.aktiv FROM internet_accounts, logins WHERE logins.username='marpap' AND logins.account_id = internet_accounts.account_id) = 'yes' ORDER BY id rlm_sql_mysql: query: SELECT logins.id, logins.username, radreply.attribute, logins.pass_lm, radreply.op FROM radreply, logins WHERE logins.username = 'marpap' AND radreply.id='1' AND (SELECT internet_accounts.aktiv FROM internet_accounts, logins WHERE logins.username='marpap' AND logins.account_id = internet_accounts.account_id) = 'yes' ORDER BY id [sql] expand: SELECT groupname FROM radusergroup WHERE username = '%{SQL-User-Name}' ORDER BY priority -> SELECT groupname FROM radusergroup WHERE username = 'marpap' ORDER BY priority rlm_sql_mysql: query: SELECT groupname FROM radusergroup WHERE username = 'marpap' ORDER BY priority rlm_sql (sql): Released sql socket id: 1 ++[sql] returns ok Found Auth-Type = EAP +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/mschapv2 [eap] processing type mschapv2 [mschapv2] +- entering group MS-CHAP {...} [mschap] No Cleartext-Password configured. Cannot create LM-Password. [mschap] Found NT-Password [mschap] Told to do MS-CHAPv2 for marpap with NT-Password [mschap] adding MS-CHAPv2 MPPE keys ++[mschap] returns ok MSCHAP Success ++[eap] returns handled } # server inner-tunnel [peap] Got tunneled reply code 11 EAP-Message = 0x010900331a0308002e533d30353236444342323142323145443233394546424239413037363239343134344332353942354536 Message-Authenticator = 0x00000000000000000000000000000000 State = 0xf0d328dff1da32c653a8b81dca2d1d07 [peap] Got tunneled reply RADIUS code 11 EAP-Message = 0x010900331a0308002e533d30353236444342323142323145443233394546424239413037363239343134344332353942354536 Message-Authenticator = 0x00000000000000000000000000000000 State = 0xf0d328dff1da32c653a8b81dca2d1d07 [peap] Got tunneled Access-Challenge ++[eap] returns handled Sending Access-Challenge of id 9 to 172.20.160.171 port 1812 EAP-Message = 0x0109005b1900170301005017a3a02c28820c047a06d62f0a2f2e30a8501c919a40426b8c6bb7b26dae2a52c5f65713700c8357e92a0c5e2767eaa6d91058d996c754ef5404b13473395d1de1e107dbf8031d8a634aaeae0decd8ce Message-Authenticator = 0x00000000000000000000000000000000 State = 0xe259fe12e550e72c7c464fa29a32360e Finished request 7. Going to the next request Waking up in 0.9 seconds. Cleaning up request 3 ID 5 with timestamp +8 Waking up in 1.0 seconds. rad_recv: Access-Request packet from host 172.20.160.171 port 1812, id=10, length=222 User-Name = "marpap" Framed-MTU = 1400 NAS-Port-Type = Wireless-802.11 NAS-Port = 0 NAS-Identifier = "default\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000" Calling-Station-Id = "00-60-b3-63-4e-03" EAP-Message = 0x0209005019001703010020ea45ba7ab2126e05b40327975bb649779f732691225d8b13c8095e196ceef48c170301002017fcf2f1e53c0a8fc2b1cd312abd77e62e0306c7d4f4bcc6fe2f24f04ee35732 State = 0xe259fe12e550e72c7c464fa29a32360e NAS-IP-Address = 172.20.160.171 Message-Authenticator = 0xb6867159aae4b6a8241660c47a794da2 +- entering group authorize {...} ++[preprocess] returns ok ++[mschap] returns noop [eap] EAP packet type response id 9 length 80 [eap] Continuing tunnel setup. ++[eap] returns ok Found Auth-Type = EAP +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/peap [eap] processing type peap [peap] processing EAP-TLS [peap] eaptls_verify returned 7 [peap] Done initial handshake [peap] eaptls_process returned 7 [peap] EAPTLS_OK [peap] Session established. Decoding tunneled attributes. [peap] EAP type mschapv2 [peap] Got tunneled request EAP-Message = 0x020900061a03 server { PEAP: Setting User-Name to marpap Sending tunneled request EAP-Message = 0x020900061a03 FreeRADIUS-Proxied-To = 127.0.0.1 User-Name = "marpap" State = 0xf0d328dff1da32c653a8b81dca2d1d07 server inner-tunnel { +- entering group authorize {...} ++[control] returns notfound [eap] EAP packet type response id 9 length 6 [eap] No EAP Start, assuming it's an on-going EAP conversation ++[eap] returns updated [sql] expand: %{User-Name} -> marpap [sql] sql_set_user escaped user --> 'marpap' rlm_sql (sql): Reserving sql socket id: 0 [sql] expand: SELECT logins.id, logins.username, radcheck.attribute, logins.pass_lm, radcheck.op FROM radcheck, logins WHERE logins.username = '%{SQL-User-Name}' AND radcheck.id='1' AND (SELECT internet_accounts.aktiv FROM internet_accounts, logins WHERE logins.username='%{SQL-User-Name}' AND logins.account_id = internet_accounts.account_id) = 'yes' ORDER BY id -> SELECT logins.id, logins.username, radcheck.attribute, logins.pass_lm, radcheck.op FROM radcheck, logins WHERE logins.username = 'marpap' AND radcheck.id='1' AND (SELECT internet_accounts.aktiv FROM internet_accounts, logins WHERE logins.username='marpap' AND logins.account_id = internet_accounts.account_id) = 'yes' ORDER BY id rlm_sql_mysql: query: SELECT logins.id, logins.username, radcheck.attribute, logins.pass_lm, radcheck.op FROM radcheck, logins WHERE logins.username = 'marpap' AND radcheck.id='1' AND (SELECT internet_accounts.aktiv FROM internet_accounts, logins WHERE logins.username='marpap' AND logins.account_id = internet_accounts.account_id) = 'yes' ORDER BY id [sql] User found in radcheck table [sql] expand: SELECT logins.id, logins.username, radreply.attribute, logins.pass_lm, radreply.op FROM radreply, logins WHERE logins.username = '%{SQL-User-Name}' AND radreply.id='1' AND (SELECT internet_accounts.aktiv FROM internet_accounts, logins WHERE logins.username='%{SQL-User-Name}' AND logins.account_id = internet_accounts.account_id) = 'yes' ORDER BY id -> SELECT logins.id, logins.username, radreply.attribute, logins.pass_lm, radreply.op FROM radreply, logins WHERE logins.username = 'marpap' AND radreply.id='1' AND (SELECT internet_accounts.aktiv FROM internet_accounts, logins WHERE logins.username='marpap' AND logins.account_id = internet_accounts.account_id) = 'yes' ORDER BY id rlm_sql_mysql: query: SELECT logins.id, logins.username, radreply.attribute, logins.pass_lm, radreply.op FROM radreply, logins WHERE logins.username = 'marpap' AND radreply.id='1' AND (SELECT internet_accounts.aktiv FROM internet_accounts, logins WHERE logins.username='marpap' AND logins.account_id = internet_accounts.account_id) = 'yes' ORDER BY id [sql] expand: SELECT groupname FROM radusergroup WHERE username = '%{SQL-User-Name}' ORDER BY priority -> SELECT groupname FROM radusergroup WHERE username = 'marpap' ORDER BY priority rlm_sql_mysql: query: SELECT groupname FROM radusergroup WHERE username = 'marpap' ORDER BY priority rlm_sql (sql): Released sql socket id: 0 ++[sql] returns ok Found Auth-Type = EAP +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/mschapv2 [eap] processing type mschapv2 [eap] Freeing handler ++[eap] returns ok WARNING: Empty section. Using default return values. } # server inner-tunnel [peap] Got tunneled reply code 2 EAP-Message = 0x03090004 Message-Authenticator = 0x00000000000000000000000000000000 User-Name = "marpap" [peap] Got tunneled reply RADIUS code 2 EAP-Message = 0x03090004 Message-Authenticator = 0x00000000000000000000000000000000 User-Name = "marpap" [peap] Tunneled authentication was successful. [peap] SUCCESS ++[eap] returns handled Sending Access-Challenge of id 10 to 172.20.160.171 port 1812 EAP-Message = 0x010a003b190017030100308d1101b1c350d4328ebe3ce50675f915848a0c09c7ac0114cc569409948903d28694d60747d490ad19887f2e657a701a Message-Authenticator = 0x00000000000000000000000000000000 State = 0xe259fe12ea53e72c7c464fa29a32360e Finished request 8. Going to the next request Waking up in 0.9 seconds. Cleaning up request 4 ID 6 with timestamp +9 Waking up in 1.0 seconds. rad_recv: Access-Request packet from host 172.20.160.171 port 1812, id=11, length=238 User-Name = "marpap" Framed-MTU = 1400 NAS-Port-Type = Wireless-802.11 NAS-Port = 0 NAS-Identifier = "default\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000" Calling-Station-Id = "00-60-b3-63-4e-03" EAP-Message = 0x020a0060190017030100201246b2d46e1ba6b660948078c75ecb1c32333ae90a280a5b371b072cb28a65231703010030bcbc8fec75782b5f139c2a090733a5602a62fb27f26f5cbcf02425c34279a49107f659f3775b8a533cd226fc6588c2f1 State = 0xe259fe12ea53e72c7c464fa29a32360e NAS-IP-Address = 172.20.160.171 Message-Authenticator = 0x5233cb5b3343b5ea0db86d94bf4150d9 +- entering group authorize {...} ++[preprocess] returns ok ++[mschap] returns noop [eap] EAP packet type response id 10 length 96 [eap] Continuing tunnel setup. ++[eap] returns ok Found Auth-Type = EAP +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/peap [eap] processing type peap [peap] processing EAP-TLS [peap] eaptls_verify returned 7 [peap] Done initial handshake [peap] eaptls_process returned 7 [peap] EAPTLS_OK [peap] Session established. Decoding tunneled attributes. [peap] Received EAP-TLV response. [peap] Success [eap] Freeing handler ++[eap] returns ok +- entering group post-auth {...} ++[reply] returns noop [sql] expand: %{User-Name} -> marpap [sql] sql_set_user escaped user --> 'marpap' [sql] expand: %{User-Password} -> [sql] ... expanding second conditional [sql] expand: %{Chap-Password} -> [sql] expand: INSERT INTO radpostauth (username, pass, reply, authdate) VALUES ( '%{User-Name}', '%{%{User-Password}:-%{Chap-Password}}', '%{reply:Packet-Type}', '%S') -> INSERT INTO radpostauth (username, pass, reply, authdate) VALUES ( 'marpap', '', 'Access-Accept', '2010-08-31 17:59:05') [sql] expand: /var/log/freeradius/sqltrace.sql -> /var/log/freeradius/sqltrace.sql rlm_sql (sql) in sql_postauth: query is INSERT INTO radpostauth (username, pass, reply, authdate) VALUES ( 'marpap', '', 'Access-Accept', '2010-08-31 17:59:05') rlm_sql (sql): Reserving sql socket id: 4 rlm_sql_mysql: query: INSERT INTO radpostauth (username, pass, reply, authdate) VALUES ( 'marpap', '', 'Access-Accept', '2010-08-31 17:59:05') rlm_sql (sql): Released sql socket id: 4 ++[sql] returns ok ++[exec] returns noop Sending Access-Accept of id 11 to 172.20.160.171 port 1812 MS-MPPE-Recv-Key = 0x35b16df4a592e9da418da46ab5164210166ad66293fd8831c5dec7d2f7eb1a8d MS-MPPE-Send-Key = 0x0709cee111f7985f495c7208fe4ceb3b57b1657f9fc10762578ba41ba9727b85 EAP-Message = 0x030a0004 Message-Authenticator = 0x00000000000000000000000000000000 User-Name = "marpap" Tunnel-Type:0 = VLAN Tunnel-Medium-Type:0 = IEEE-802 Tunnel-Private-Group-Id:0 = "123" Finished request 9. Going to the next request Waking up in 0.9 seconds. Cleaning up request 5 ID 7 with timestamp +10 Waking up in 1.0 seconds. Cleaning up request 6 ID 8 with timestamp +11 Waking up in 0.9 seconds. Cleaning up request 7 ID 9 with timestamp +12 Waking up in 0.9 seconds. Cleaning up request 8 ID 10 with timestamp +13 Waking up in 0.9 seconds. Cleaning up request 9 ID 11 with timestamp +14 Ready to process requests.
On Aug 31, 2010, at 8:48 AM, Marten Pape wrote:
Alan DeKok schrieb:
Marten Pape wrote:
Now my goal is to tell the NAS to assign every wifi-packet to a certain VLAN. I don't need to have a dynamic assignment of VLAN based on usernames or something else. One VLAN would be sufficient.
You can assign the vlan in the "post-auth" section.
Now, I added this answer to the sites-available/default -> post-auth section: update reply { Tunnel-Type := 13 Tunnel-Medium-Type = 6 Tunnel-Private-Group-ID = 123 }
But the access point doesn't seem to tag this traffic with the vlan-ID 123. As far as I know, this access point is able to do that. Do you see anything else going wrong? The debug log of a new connection try is attached below.
rlm_sql (sql): Released sql socket id: 4 ++[sql] returns ok ++[exec] returns noop Sending Access-Accept of id 11 to 172.20.160.171 port 1812 MS-MPPE-Recv-Key = 0x35b16df4a592e9da418da46ab5164210166ad66293fd8831c5dec7d2f7eb1a8d MS-MPPE-Send-Key = 0x0709cee111f7985f495c7208fe4ceb3b57b1657f9fc10762578ba41ba9727b85 EAP-Message = 0x030a0004 Message-Authenticator = 0x00000000000000000000000000000000 User-Name = "marpap" Tunnel-Type:0 = VLAN Tunnel-Medium-Type:0 = IEEE-802 Tunnel-Private-Group-Id:0 = "123"
Server is sending back the attributes. Check whether the VLAN must be pre-configured on the NAS in order to be assigned. Else check that the NAS supports dynamic assignment, or that it uses VSAs instead of the RFC attributes. -Arran
participants (7)
-
Alan Buxey -
Alan DeKok -
Arran Cudbard-Bell -
gahn -
Marten Pape -
matteo@crs4.it -
srg