EAP-PEAP with NT-Password stored in mysql database
Hi, First apologize my english, j'm french. So, i'm trying to use EAP-PEAP with freeradius 2.1 and i have some questions. I didn't create any certificat.....can i use the certificate of freeradius? (i have a warning "Unable to set DH parameters") My passwords are encrypted with NT-hashes, is it ok to use eap-peap for? Is it normal the message : "[eap] No EAP-Message, not doing EA" ? i don't use the default virtual server, i only use one file....l3_wifi_peap (where i use sql_auth for auth and sql_acct for accounting) here are my files: _radiusd.conf :_ prefix = /usr exec_prefix = /usr sysconfdir = /etc localstatedir = /var sbindir = ${exec_prefix}/sbin logdir = /var/log/freeradius raddbdir = /etc/freeradius radacctdir = ${logdir}/radacct name = freeradius confdir = ${raddbdir} run_dir = ${localstatedir}/run/${name} db_dir = ${raddbdir} libdir = /usr/lib/freeradius pidfile = ${run_dir}/${name}.pid user = freerad group = freerad max_request_time = 30 cleanup_delay = 5 max_requests = 1024 listen { type = auth ipaddr = * port = 0 } listen { ipaddr = * port = 0 type = acct } hostname_lookups = no allow_core_dumps = no regular_expressions = yes extended_expressions = yes log { destination = files file = ${logdir}/radius.log syslog_facility = daemon stripped_names = no auth = no auth_badpass = no auth_goodpass = no } checkrad = ${sbindir}/checkrad security { max_attributes = 200 reject_delay = 1 status_server = yes } proxy_requests = yes $INCLUDE proxy.conf $INCLUDE clients.conf thread pool { start_servers = 5 max_servers = 32 min_spare_servers = 3 max_spare_servers = 10 max_requests_per_server = 0 } modules { $INCLUDE ${confdir}/modules/ $INCLUDE eap-peap.conf $INCLUDE sql-peap.conf } instantiate { exec expr expiration logintime } $INCLUDE policy.conf $INCLUDE sites-enabled/ eap.conf: eap { default_eap_type = peap timer_expire = 60 ignore_unknown_eap_types = no cisco_accounting_username_bug = no max_sessions = 4096 tls { certdir = ${confdir}/certs cadir = ${confdir}/certs private_key_password = whatever private_key_file = ${certdir}/server.key certificate_file = ${certdir}/server.pem CA_file = ${cadir}/ca.pem dh_file = ${certdir}/dh random_file = /dev/urandom fragment_size = 1024 include_length = yes check_crl = no cipher_list = "DEFAULT" make_cert_command = "${certdir}/bootstrap" } ttls { default_eap_type = md5 copy_request_to_tunnel = no use_tunneled_reply = no virtual_server = "l3_wifi.peap" } peap { default_eap_type = mschapv2 copy_request_to_tunnel = no use_tunneled_reply = no virtual_server = "l3_wifi.peap" } mschapv2 { } } virtual server l3_wifi_peap: authorize { preprocess eap { ok = return } sql_auth } authenticate { Auth-Type MS-CHAP { mschap } } preacct { preprocess acct_unique suffixUnable to set DH parameters files } accounting { detail radutmp sql_acct attr_filter.accounting_response } session { radutmp } post-auth { exec Post-Auth-Type REJECT { attr_filter.access_reject } } _here are the queries to mysql database__:_ authorize_check_query = "SELECT uid, mail, 'NT-Password' AS attribute, NTPassword, '==' AS op \ FROM ${authcheck_table} \ WHERE mail = '%{SQL-User-Name}' \ ORDER BY uid" authorize_reply_query = "SELECT uid, mail, 'Trapeze-SSID' AS attribute, 'WIFI' AS radiusTunnelPrivateGroupId, '=' AS op \ FROM ${authreply_table} \ WHERE mail = '%{SQL-User-Name}' \ ORDER BY uid authcheck_table =_authreply_table +---------+--------------------------------+----------------------------------+ | uid | mail | NTPassword | +---------+--------------------------------+----------------------------------+ | E999999 | alan.cox@test.fr | 18500da21668b63e900cc555c092e020 | +---------+--------------------------------+----------------------------------+ _and finaly the freeradiux -X output :_ FreeRADIUS Version 2.1.12, for host x86_64-pc-linux-gnu, built on Sep 11 2012 at 17:47:58 Copyright (C) 1999-2009 The FreeRADIUS server project and contributors. There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. You may redistribute copies of FreeRADIUS under the terms of the GNU General Public License v2. Starting - reading configuration files ... including configuration file /etc/freeradius/radiusd.conf including configuration file /etc/freeradius/proxy.conf including configuration file /etc/freeradius/clients.conf including files in directory /etc/freeradius/modules/ including configuration file /etc/freeradius/modules/cui including configuration file /etc/freeradius/modules/pam including configuration file /etc/freeradius/modules/pap including configuration file /etc/freeradius/modules/otp including configuration file /etc/freeradius/modules/soh including configuration file /etc/freeradius/modules/chap including configuration file /etc/freeradius/modules/echo including configuration file /etc/freeradius/modules/exec including configuration file /etc/freeradius/modules/expr including configuration file /etc/freeradius/modules/ldap including configuration file /etc/freeradius/modules/krb5 including configuration file /etc/freeradius/modules/perl including configuration file /etc/freeradius/modules/unix including configuration file /etc/freeradius/modules/inner-eap including configuration file /etc/freeradius/modules/radutmp including configuration file /etc/freeradius/modules/counter including configuration file /etc/freeradius/modules/opendirectory including configuration file /etc/freeradius/modules/acct_unique including configuration file /etc/freeradius/modules/files including configuration file /etc/freeradius/modules/realm including configuration file /etc/freeradius/modules/redis including configuration file /etc/freeradius/modules/wimax including configuration file /etc/freeradius/modules/mac2vlan including configuration file /etc/freeradius/modules/replicate including configuration file /etc/freeradius/modules/linelog including configuration file /etc/freeradius/modules/sqlcounter_expire_on_login including configuration file /etc/freeradius/modules/detail.example.com including configuration file /etc/freeradius/modules/checkval including configuration file /etc/freeradius/modules/ntlm_auth including configuration file /etc/freeradius/modules/logintime including configuration file /etc/freeradius/modules/sql_log including configuration file /etc/freeradius/modules/sradutmp including configuration file /etc/freeradius/modules/always including configuration file /etc/freeradius/modules/attr_rewrite including configuration file /etc/freeradius/modules/detail including configuration file /etc/freeradius/modules/digest including configuration file /etc/freeradius/modules/dynamic_clients including configuration file /etc/freeradius/modules/ippool including configuration file /etc/freeradius/modules/mac2ip including configuration file /etc/freeradius/modules/mschap including configuration file /etc/freeradius/modules/smbpasswd including configuration file /etc/freeradius/modules/passwd including configuration file /etc/freeradius/modules/policy including configuration file /etc/freeradius/modules/smsotp including configuration file /etc/freeradius/modules/etc_group including configuration file /etc/freeradius/modules/preprocess including configuration file /etc/freeradius/modules/attr_filter including configuration file /etc/freeradius/modules/detail.log including configuration file /etc/freeradius/modules/rediswho including configuration file /etc/freeradius/modules/expiration including configuration file /etc/freeradius/eap-peap.conf including configuration file /etc/freeradius/sql-peap.conf including configuration file /etc/freeradius/policy.conf including files in directory /etc/freeradius/sites-enabled/ including configuration file /etc/freeradius/sites-enabled/l3_wifi.peap main { user = "freerad" group = "freerad" allow_core_dumps = no } including dictionary file /etc/freeradius/dictionary main { name = "freeradius" prefix = "/usr" localstatedir = "/var" sbindir = "/usr/sbin" logdir = "/var/log/freeradius" run_dir = "/var/run/freeradius" libdir = "/usr/lib/freeradius" radacctdir = "/var/log/freeradius/radacct" hostname_lookups = no max_request_time = 30 cleanup_delay = 5 max_requests = 1024 pidfile = "/var/run/freeradius/freeradius.pid" checkrad = "/usr/sbin/checkrad" debug_level = 0 proxy_requests = yes log { stripped_names = no auth = no auth_badpass = no auth_goodpass = no } security { max_attributes = 200 reject_delay = 1 status_server = yes } } radiusd: #### Loading Realms and Home Servers #### proxy server { retry_delay = 5 retry_count = 3 default_fallback = no dead_time = 120 wake_all_if_all_dead = no } home_server localhost { ipaddr = 127.0.0.1 port = 1812 type = "auth" secret = "testing123" response_window = 20 max_outstanding = 65536 require_message_authenticator = yes zombie_period = 40 status_check = "status-server" ping_interval = 30 check_interval = 30 num_answers_to_alive = 3 num_pings_to_alive = 3 revive_interval = 120 status_check_timeout = 4 coa { irt = 2 mrt = 16 mrc = 5 mrd = 30 } } home_server_pool my_auth_failover { type = fail-over home_server = localhost } realm example.com { auth_pool = my_auth_failover } realm LOCAL { } radiusd: #### Loading Clients #### client localhost { ipaddr = 127.0.0.1 require_message_authenticator = no secret = "testing123" nastype = "other" } client 192.168.58.10 { require_message_authenticator = no secret = "*******" shortname = "192.168.58.10" nastype = "trapeze" } radiusd: #### Instantiating modules #### instantiate { Module: Linked to module rlm_exec Module: Instantiating module "exec" from file /etc/freeradius/modules/exec exec { wait = no input_pairs = "request" shell_escape = yes } Module: Linked to module rlm_expr Module: Instantiating module "expr" from file /etc/freeradius/modules/expr Module: Linked to module rlm_expiration Module: Instantiating module "expiration" from file /etc/freeradius/modules/expiration expiration { reply-message = "Password Has Expired " } Module: Linked to module rlm_logintime Module: Instantiating module "logintime" from file /etc/freeradius/modules/logintime logintime { reply-message = "You are calling outside your allowed timespan " minimum-timeout = 60 } } radiusd: #### Loading Virtual Servers #### server { # from file /etc/freeradius/radiusd.conf modules { Module: Creating Post-Auth-Type = REJECT Module: Checking authenticate {...} for more modules to load Module: Linked to module rlm_mschap Module: Instantiating module "mschap" from file /etc/freeradius/modules/mschap mschap { use_mppe = yes require_encryption = no require_strong = no with_ntdomain_hack = no allow_retry = yes } Module: Linked to module rlm_eap Module: Instantiating module "eap" from file /etc/freeradius/eap-peap.conf eap { default_eap_type = "peap" timer_expire = 60 ignore_unknown_eap_types = no cisco_accounting_username_bug = no max_sessions = 4096 } Module: Linked to sub-module rlm_eap_tls Module: Instantiating eap-tls tls { rsa_key_exchange = no dh_key_exchange = yes rsa_key_length = 512 dh_key_length = 512 verify_depth = 0 pem_file_type = yes private_key_file = "/etc/freeradius/certs/server.key" certificate_file = "/etc/freeradius/certs/server.pem" CA_file = "/etc/freeradius/certs/ca.pem" private_key_password = "whatever" dh_file = "/etc/freeradius/certs/dh" random_file = "/dev/urandom" fragment_size = 1024 include_length = yes check_crl = no cipher_list = "DEFAULT" make_cert_command = "/etc/freeradius/certs/bootstrap" ecdh_curve = "prime256v1" } WARNING: rlm_eap_tls: Unable to set DH parameters. DH cipher suites may not work! WARNING: Fix this by running the OpenSSL command listed in eap.conf Module: Linked to sub-module rlm_eap_ttls Module: Instantiating eap-ttls ttls { default_eap_type = "md5" copy_request_to_tunnel = no use_tunneled_reply = no virtual_server = "l3_wifi.peap" include_length = yes } Module: Linked to sub-module rlm_eap_peap Module: Instantiating eap-peap peap { default_eap_type = "mschapv2" copy_request_to_tunnel = no use_tunneled_reply = no proxy_tunneled_request_as_eap = yes virtual_server = "l3_wifi.peap" soh = no } Module: Linked to sub-module rlm_eap_mschapv2 Module: Instantiating eap-mschapv2 mschapv2 { with_ntdomain_hack = no send_error = no } Module: Checking authorize {...} for more modules to load Module: Linked to module rlm_preprocess Module: Instantiating module "preprocess" from file /etc/freeradius/modules/preprocess preprocess { huntgroups = "/etc/freeradius/huntgroups" hints = "/etc/freeradius/hints" with_ascend_hack = no ascend_channels_per_line = 23 with_ntdomain_hack = no with_specialix_jetstream_hack = no with_cisco_vsa_hack = no with_alvarion_vsa_hack = no } Module: Linked to module rlm_sql Module: Instantiating module "sql_auth" from file /etc/freeradius/sql-peap.conf sql sql_auth { driver = "rlm_sql_mysql" server = "********************" port = "" login = "********" password = "*************" radius_db = "**********" read_groups = yes sqltrace = no sqltracefile = "/var/log/freeradius/sqltrace.sql" readclients = no deletestalesessions = no num_sql_socks = 5 lifetime = 0 max_queries = 0 sql_user_name = "%{User-Name}" default_user_profile = "" nas_query = "SELECT id,nasname,shortname,type,secret FROM nas" authorize_check_query = "SELECT uid, mail, 'NT-Password' AS attribute, NTPassword, '==' AS op FROM dsi_radius WHERE mail = '%{SQL-User-Name}' ORDER BY uid" authorize_reply_query = "SELECT uid, mail, 'Trapeze-SSID' AS attribute, 'WIFI' AS radiusTunnelPrivateGroupId, '=' AS op FROM dsi_radius WHERE mail = '%{SQL-User-Name}' ORDER BY uid" authorize_group_check_query = "" authorize_group_reply_query = "" accounting_onoff_query = "" accounting_update_query = "" accounting_update_query_alt = "" accounting_start_query = "" accounting_start_query_alt = "" accounting_stop_query = "" accounting_stop_query_alt = "" connect_failure_retry_delay = 60 simul_count_query = "" simul_verify_query = "" postauth_query = "" safe-characters = "@abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789.-_: /" } rlm_sql Creating new attribute sql_auth-SQL-Group rlm_sql (sql_auth): Driver rlm_sql_mysql (module rlm_sql_mysql) loaded and linked rlm_sql (sql_auth): Attempting to connect to *************************************** rlm_sql (sql_auth): starting 0 rlm_sql (sql_auth): Attempting to connect rlm_sql_mysql #0 rlm_sql_mysql: Starting connect to MySQL server for #0 rlm_sql (sql_auth): Connected new DB handle, #0 rlm_sql (sql_auth): starting 1 rlm_sql (sql_auth): Attempting to connect rlm_sql_mysql #1 rlm_sql_mysql: Starting connect to MySQL server for #1 rlm_sql (sql_auth): Connected new DB handle, #1 rlm_sql (sql_auth): starting 2 rlm_sql (sql_auth): Attempting to connect rlm_sql_mysql #2 rlm_sql_mysql: Starting connect to MySQL server for #2 rlm_sql (sql_auth): Connected new DB handle, #2 rlm_sql (sql_auth): starting 3 rlm_sql (sql_auth): Attempting to connect rlm_sql_mysql #3 rlm_sql_mysql: Starting connect to MySQL server for #3 rlm_sql (sql_auth): Connected new DB handle, #3 rlm_sql (sql_auth): starting 4 rlm_sql (sql_auth): Attempting to connect rlm_sql_mysql #4 rlm_sql_mysql: Starting connect to MySQL server for #4 rlm_sql (sql_auth): Connected new DB handle, #4 Module: Checking preacct {...} for more modules to load Module: Linked to module rlm_acct_unique Module: Instantiating module "acct_unique" from file /etc/freeradius/modules/acct_unique acct_unique { key = "User-Name, Acct-Session-Id, NAS-IP-Address, Client-IP-Address, NAS-Port" } Module: Linked to module rlm_realm Module: Instantiating module "suffix" from file /etc/freeradius/modules/realm realm suffix { format = "suffix" delimiter = "@" ignore_default = no ignore_null = no } Module: Linked to module rlm_files Module: Instantiating module "files" from file /etc/freeradius/modules/files files { usersfile = "/etc/freeradius/users" acctusersfile = "/etc/freeradius/acct_users" preproxy_usersfile = "/etc/freeradius/preproxy_users" compat = "no" } Module: Checking accounting {...} for more modules to load Module: Linked to module rlm_detail Module: Instantiating module "detail" from file /etc/freeradius/modules/detail detail { detailfile = "/var/log/freeradius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/detail-%Y%m%d" header = "%t" detailperm = 384 dirperm = 493 locking = no log_packet_header = no } Module: Linked to module rlm_radutmp Module: Instantiating module "radutmp" from file /etc/freeradius/modules/radutmp radutmp { filename = "/var/log/freeradius/radutmp" username = "%{User-Name}" case_sensitive = yes check_with_nas = yes perm = 384 callerid = yes } Module: Instantiating module "sql_acct" from file /etc/freeradius/sql-peap.conf sql sql_acct { driver = "rlm_sql_mysql" server = "**********************" port = "" login = "****************" password = "***************" radius_db = "****************" read_groups = yes sqltrace = yes sqltracefile = "/var/log/freeradius/sqltrace.sql" readclients = no deletestalesessions = yes num_sql_socks = 5 lifetime = 0 max_queries = 0 sql_user_name = "%{User-Name}" default_user_profile = "" nas_query = "SELECT id,nasname,shortname,type,secret FROM nas" authorize_check_query = "" authorize_group_check_query = "" authorize_group_reply_query = "" accounting_onoff_query = " UPDATE radacct SET acctstoptime = '%S', acctsessiontime = unix_timestamp('%S') - unix_timestamp(acctstarttime), acctterminatecause = '%{Acct-Terminate-Cause}', acctstopdelay = %{%{Acct-Delay-Time}:-0} WHERE acctstoptime IS NULL AND nasipaddress = '%{NAS-IP-Address}' AND acctstarttime <= '%S'" accounting_update_query = " UPDATE radacct SET framedipaddress = '%{Framed-IP-Address}', acctsessiontime = '%{Acct-Session-Time}', acctinputoctets = '%{%{Acct-Input-Gigawords}:-0}' << 32 | '%{%{Acct-Input-Octets}:-0}', acctoutputoctets = '%{%{Acct-Output-Gigawords}:-0}' << 32 | '%{%{Acct-Output-Octets}:-0}' WHERE acctsessionid = '%{Acct-Session-Id}' AND username = '%{SQL-User-Name}' AND nasipaddress = '%{NAS-IP-Address}'" accounting_update_query_alt = " INSERT INTO radacct (acctsessionid, acctuniqueid, username, realm, nasipaddress, nasportid, nasporttype, acctstarttime, acctsessiontime, acctauthentic, connectinfo_start, acctinputoctets, acctoutputoctets, calledstationid, callingstationid, servicetype, framedprotocol, framedipaddress, acctstartdelay, xascendsessionsvrkey) VALUES ('%{Acct-Session-Id}', '%{Acct-Unique-Session-Id}', '%{SQL-User-Name}', '%{Realm}', '%{NAS-IP-Address}', '%{NAS-Port}', '%{NAS-Port-Type}', DATE_SUB('%S', INTERVAL (%{%{Acct-Session-Time}:-0} + %{%{Acct-Delay-Time}:-0}) SECOND), '%{Acct-Session-Time}', '%{Acct-Authentic}', '', '%{%{Acct-Input-Gigawords}:-0}' << 32 | '%{%{Acct-Input-Octets}:-0}', '%{%{Acct-Output-Gigawords}:-0}' << 32 | '%{%{Acct-Output-Octets}:-0}', '%{Called-Station-Id}', '%{Calling-Station-Id}', '%{Service-Type}', '%{Framed-Protocol}', '%{Framed-IP-Address}', '0', '%{X-Ascend-Session-Svr-Key}')" accounting_start_query = " INSERT INTO radacct (acctsessionid, acctuniqueid, username, realm, nasipaddress, nasportid, nasporttype, acctstarttime, acctstoptime, acctsessiontime, acctauthentic, connectinfo_start, connectinfo_stop, acctinputoctets, acctoutputoctets, calledstationid, callingstationid, acctterminatecause, servicetype, framedprotocol, framedipaddress, acctstartdelay, acctstopdelay, xascendsessionsvrkey) VALUES ('%{Acct-Session-Id}', '%{Acct-Unique-Session-Id}', '%{SQL-User-Name}', '%{Realm}', '%{NAS-IP-Address}', '%{NAS-Port}', '%{NAS-Port-Type}', '%S', NULL, '0', '%{Acct-Authentic}', '%{Connect-Info}', '', '0', '0', '%{Called-Station-Id}', '%{Calling-Station-Id}', '', '%{Service-Type}', '%{Framed-Protocol}', '%{Framed-IP-Address}', '%{%{Acct-Delay-Time}:-0}', '0', '%{X-Ascend-Session-Svr-Key}')" accounting_start_query_alt = " UPDATE radacct SET acctstarttime = '%S', acctstartdelay = '%{%{Acct-Delay-Time}:-0}', connectinfo_start = '%{Connect-Info}' WHERE acctsessionid = '%{Acct-Session-Id}' AND username = '%{SQL-User-Name}' AND nasipaddress = '%{NAS-IP-Address}'" accounting_stop_query = " UPDATE radacct SET acctstoptime = '%S', acctsessiontime = '%{Acct-Session-Time}', acctinputoctets = '%{%{Acct-Input-Gigawords}:-0}' << 32 | '%{%{Acct-Input-Octets}:-0}', acctoutputoctets = '%{%{Acct-Output-Gigawords}:-0}' << 32 | '%{%{Acct-Output-Octets}:-0}', acctterminatecause = '%{Acct-Terminate-Cause}', acctstopdelay = '%{%{Acct-Delay-Time}:-0}', connectinfo_stop = '%{Connect-Info}' WHERE acctsessionid = '%{Acct-Session-Id}' AND username = '%{SQL-User-Name}' AND nasipaddress = '%{NAS-IP-Address}'" accounting_stop_query_alt = " INSERT INTO radacct (acctsessionid, acctuniqueid, username, realm, nasipaddress, nasportid, nasporttype, acctstarttime, acctstoptime, acctsessiontime, acctauthentic, connectinfo_start, connectinfo_stop, acctinputoctets, acctoutputoctets, calledstationid, callingstationid, acctterminatecause, servicetype, framedprotocol, framedipaddress, acctstartdelay, acctstopdelay) VALUES ('%{Acct-Session-Id}', '%{Acct-Unique-Session-Id}', '%{SQL-User-Name}', '%{Realm}', '%{NAS-IP-Address}', '%{NAS-Port}', '%{NAS-Port-Type}', DATE_SUB('%S', INTERVAL (%{%{Acct-Session-Time}:-0} + %{%{Acct-Delay-Time}:-0}) SECOND), '%S', '%{Acct-Session-Time}', '%{Acct-Authentic}', '', '%{Connect-Info}', '%{%{Acct-Input-Gigawords}:-0}' << 32 | '%{%{Acct-Input-Octets}:-0}', '%{%{Acct-Output-Gigawords}:-0}' << 32 | '%{%{Acct-Output-Octets}:-0}', '%{Called-Station-Id}', '%{Calling-Station-Id}', '%{Acct-Terminate-Cause}', '%{Service-Type}', '%{Framed-Protocol}', '%{Framed-IP-Address}', '0', '%{%{Acct-Delay-Time}:-0}')" connect_failure_retry_delay = 60 simul_count_query = "" simul_verify_query = "SELECT radacctid, acctsessionid, username, nasipaddress, nasportid, framedipaddress, callingstationid, framedprotocol FROM radacct WHERE username = '%{SQL-User-Name}' AND acctstoptime IS NULL" postauth_query = "INSERT INTO radpostauth (username, pass, reply, authdate) VALUES ( '%{User-Name}', '%{%{User-Password}:-%{Chap-Password}}', '%{reply:Packet-Type}', '%S')" safe-characters = "@abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789.-_: /" } rlm_sql Creating new attribute sql_acct-SQL-Group rlm_sql (sql_acct): Driver rlm_sql_mysql (module rlm_sql_mysql) loaded and linked rlm_sql (sql_acct): Attempting to connect to ************************************ rlm_sql (sql_acct): starting 0 rlm_sql (sql_acct): Attempting to connect rlm_sql_mysql #0 rlm_sql_mysql: Starting connect to MySQL server for #0 rlm_sql (sql_acct): Connected new DB handle, #0 rlm_sql (sql_acct): starting 1 rlm_sql (sql_acct): Attempting to connect rlm_sql_mysql #1 rlm_sql_mysql: Starting connect to MySQL server for #1 rlm_sql (sql_acct): Connected new DB handle, #1 rlm_sql (sql_acct): starting 2 rlm_sql (sql_acct): Attempting to connect rlm_sql_mysql #2 rlm_sql_mysql: Starting connect to MySQL server for #2 rlm_sql (sql_acct): Connected new DB handle, #2 rlm_sql (sql_acct): starting 3 rlm_sql (sql_acct): Attempting to connect rlm_sql_mysql #3 rlm_sql_mysql: Starting connect to MySQL server for #3 rlm_sql (sql_acct): Connected new DB handle, #3 rlm_sql (sql_acct): starting 4 rlm_sql (sql_acct): Attempting to connect rlm_sql_mysql #4 rlm_sql_mysql: Starting connect to MySQL server for #4 rlm_sql (sql_acct): Connected new DB handle, #4 Module: Linked to module rlm_attr_filter Module: Instantiating module "attr_filter.accounting_response" from file /etc/freeradius/modules/attr_filter attr_filter attr_filter.accounting_response { attrsfile = "/etc/freeradius/attrs.accounting_response" key = "%{User-Name}" relaxed = no } Module: Checking session {...} for more modules to load Module: Checking post-auth {...} for more modules to load Module: Instantiating module "attr_filter.access_reject" from file /etc/freeradius/modules/attr_filter attr_filter attr_filter.access_reject { attrsfile = "/etc/freeradius/attrs.access_reject" key = "%{User-Name}" relaxed = no } } # modules } # server radiusd: #### Opening IP addresses and Ports #### listen { type = "auth" ipaddr = * port = 0 } listen { type = "acct" ipaddr = * port = 0 } ... adding new socket proxy address * port 58995 Listening on authentication address * port 1812 Listening on accounting address * port 1813 Listening on proxy address * port 1814 Ready to process requests. rad_recv: Access-Request packet from host 192.168.58.10 port 20000, id=83, length=136 User-Name = "alan.cox@test.fr" Calling-Station-Id = "74-2F-68-ED-12-1C" Called-Station-Id = "00-0B-0E-AA-36-00:WIFI" NAS-Port = 82 NAS-Port-Type = Wireless-802.11 NAS-IP-Address = 192.168.58.10 NAS-Identifier = "Trapeze" User-Password = "pass" # Executing section authorize from file /etc/freeradius/sites-enabled/l3_wifi.peap +- entering group authorize {...} ++[preprocess] returns ok [eap] No EAP-Message, not doing EA ++[eap] returns noop [sql_auth] expand: %{User-Name} -> alan.cox@test.fr [sql_auth] sql_set_user escaped user --> 'alan.cox@test.fr' rlm_sql (sql_auth): Reserving sql socket id: 4 [sql_auth] expand: SELECT uid, mail, 'NT-Password' AS attribute, NTPassword, '==' AS op FROM dsi_radius WHERE mail = '%{SQL-User-Name}' ORDER BY uid -> SELECT uid, mail, 'NT-Password' AS attribute, NTPassword, '==' AS op FROM dsi_radius WHERE mail = 'alan.cox@test.fr' ORDER BY uid rlm_sql (sql_auth): Released sql socket id: 4 [sql_auth] User alan.cox@test.fr not found ++[sql_auth] returns notfound ERROR: No authenticate method (Auth-Type) found for the request: Rejecting the user Failed to authenticate the user. Using Post-Auth-Type Reject # Executing group from file /etc/freeradius/sites-enabled/l3_wifi.peap +- entering group REJECT {...} [attr_filter.access_reject] expand: %{User-Name} -> alan.cox@test.fr attr_filter: Matched entry DEFAULT at line 11 ++[attr_filter.access_reject] returns updated Delaying reject of request 0 for 1 seconds Going to the next request Waking up in 0.9 seconds. Sending delayed reject for request 0 Sending Access-Reject of id 83 to 192.168.58.10 port 20000 Waking up in 4.9 seconds. Cleaning up request 0 ID 83 with timestamp +65 Ready to process requests. Thank(s for your help!!
On 11/10/12 16:23, Hocine M wrote:
Hi,
First apologize my english, j'm french.
No problem.
i don't use the default virtual server, i only use one file....l3_wifi_peap (where i use sql_auth for auth and sql_acct for accounting)
Your config is broken:
+- entering group authorize {...} ++[preprocess] returns ok [eap] No EAP-Message, not doing EA ++[eap] returns noop [sql_auth] expand: %{User-Name} -> alan.cox@test.fr [sql_auth] sql_set_user escaped user --> 'alan.cox@test.fr' rlm_sql (sql_auth): Reserving sql socket id: 4 [sql_auth] expand: SELECT uid, mail, 'NT-Password' AS attribute, NTPassword, '==' AS op FROM dsi_radius WHERE mail = '%{SQL-User-Name}' ORDER BY uid -> SELECT uid, mail, 'NT-Password' AS attribute, NTPassword, '==' AS op FROM dsi_radius WHERE mail = 'alan.cox@test.fr' ORDER BY uid rlm_sql (sql_auth): Released sql socket id: 4 [sql_auth] User alan.cox@test.fr not found ++[sql_auth] returns notfound ERROR: No authenticate method (Auth-Type) found for the request: Rejecting the user Failed to authenticate the user.
You have edited the default config and broken it. Go back to the default config and start again. Make small changes, testing at each step. Use version control to save each working config. Also - this request is not EAP. You are not testing EAP. Google "eapol_test"
participants (2)
-
Hocine M -
Phil Mayers