problems with queries and user database in mysql and freeradius
Hi all, I'm trying to manage the users in freeradius with mysql. Users can log in wireless network successfully but I get 2 problems. 1. Only post-authenticate query's implemented to insert information to radpostauth table in radius database. Accouting queries for accounting table in database're not implemented. 2. When I only use sql to manage users, I totally dont configure in users file of freeradius, users cant login to network. I hope someones will help me solve these problems. Here my out put from radiusd -X command: rad_recv: Access-Request packet from host 192.168.0.2 port 1024, id=141, length=145 User-Name = "hung" NAS-IP-Address = 192.168.0.2 NAS-Port = 0 Called-Station-Id = "00-1E-E5-9B-9A-FE:LCK" Calling-Station-Id = "00-17-C4-8C-2C-C8" Framed-MTU = 1400 NAS-Port-Type = Wireless-802.11 Connect-Info = "CONNECT 11Mbps 802.11b" EAP-Message = 0x020000090168756e67 Message-Authenticator = 0x92a2c1dd019f55542bef82c3b6b122b9 +- entering group authorize {...} ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop [eap] EAP packet type response id 0 length 9 [eap] No EAP Start, assuming it's an on-going EAP conversation ++[eap] returns updated ++[unix] returns notfound [files] users: Matched entry hung at line 91 ++[files] returns ok [sql] expand: %{Stripped-User-Name} -> [sql] expand: %{User-Name} -> hung [sql] expand: %{%{User-Name}:-DEFAULT} -> hung [sql] expand: %{%{Stripped-User-Name}:-%{%{User-Name}:-DEFAULT}} -> hung [sql] sql_set_user escaped user --> 'hung' rlm_sql (sql): Reserving sql socket id: 4 [sql] expand: SELECT id, username, attribute, op, value FROM radcheck WHERE username = '%{SQL-User-Name}' ORDER BY id -> SELECT id, username, attribute, op, value FROM radcheck WHERE username = 'hung' ORDER BY id [sql] expand: SELECT groupname FROM usergroup WHERE username = '%{SQL-User-Name}' ORDER BY priority -> SELECT groupname FROM usergroup WHERE username = 'hung' ORDER BY priority [sql] expand: SELECT id, groupname, attribute, op, Value FROM radgroupcheck WHERE groupname = '%{Sql-Group}' ORDER BY id -> SELECT id, groupname, attribute, op, Value FROM radgroupcheck WHERE groupname = 'WLANgroup' ORDER BY id [sql] User found in group WLANgroup [sql] expand: SELECT id, groupname, attribute, op, Value FROM radgroupreply WHERE groupname = '%{Sql-Group}' ORDER BY id -> SELECT id, groupname, attribute, op, Value FROM radgroupreply WHERE groupname = 'WLANgroup' ORDER BY id rlm_sql (sql): Released sql socket id: 4 ++[sql] returns ok ++[expiration] returns noop ++[logintime] returns noop [pap] Found existing Auth-Type, not changing it. ++[pap] returns noop Found Auth-Type = EAP +- entering group authenticate {...} [eap] EAP Identity [eap] processing type tls [tls] Initiate [tls] Start returned 1 ++[eap] returns handled Sending Access-Challenge of id 141 to 192.168.0.2 port 1024 EAP-Message = 0x010100061520 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x09945ffc09954a3c3aef342532c8f473 Finished request 0. Going to the next request Waking up in 4.9 seconds. rad_recv: Access-Request packet from host 192.168.0.2 port 1024, id=141, length=145 Sending duplicate reply to client localhost port 1024 - ID: 141 Sending Access-Challenge of id 141 to 192.168.0.2 port 1024 Waking up in 4.9 seconds. rad_recv: Access-Request packet from host 192.168.0.2 port 1024, id=142, length=160 User-Name = "hung" NAS-IP-Address = 192.168.0.2 NAS-Port = 0 Called-Station-Id = "00-1E-E5-9B-9A-FE:LCK" Calling-Station-Id = "00-17-C4-8C-2C-C8" Framed-MTU = 1400 NAS-Port-Type = Wireless-802.11 Connect-Info = "CONNECT 11Mbps 802.11b" EAP-Message = 0x020100060319 State = 0x09945ffc09954a3c3aef342532c8f473 Message-Authenticator = 0x560713ad902723d908cff078aab76337 +- entering group authorize {...} ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop [eap] EAP packet type response id 1 length 6 [eap] No EAP Start, assuming it's an on-going EAP conversation ++[eap] returns updated ++[unix] returns notfound [files] users: Matched entry hung at line 91 ++[files] returns ok [sql] expand: %{Stripped-User-Name} -> [sql] expand: %{User-Name} -> hung [sql] expand: %{%{User-Name}:-DEFAULT} -> hung [sql] expand: %{%{Stripped-User-Name}:-%{%{User-Name}:-DEFAULT}} -> hung [sql] sql_set_user escaped user --> 'hung' rlm_sql (sql): Reserving sql socket id: 3 [sql] expand: SELECT id, username, attribute, op, value FROM radcheck WHERE username = '%{SQL-User-Name}' ORDER BY id -> SELECT id, username, attribute, op, value FROM radcheck WHERE username = 'hung' ORDER BY id [sql] expand: SELECT groupname FROM usergroup WHERE username = '%{SQL-User-Name}' ORDER BY priority -> SELECT groupname FROM usergroup WHERE username = 'hung' ORDER BY priority [sql] expand: SELECT id, groupname, attribute, op, Value FROM radgroupcheck WHERE groupname = '%{Sql-Group}' ORDER BY id -> SELECT id, groupname, attribute, op, Value FROM radgroupcheck WHERE groupname = 'WLANgroup' ORDER BY id [sql] User found in group WLANgroup [sql] expand: SELECT id, groupname, attribute, op, Value FROM radgroupreply WHERE groupname = '%{Sql-Group}' ORDER BY id -> SELECT id, groupname, attribute, op, Value FROM radgroupreply WHERE groupname = 'WLANgroup' ORDER BY id rlm_sql (sql): Released sql socket id: 3 ++[sql] returns ok ++[expiration] returns noop ++[logintime] returns noop [pap] Found existing Auth-Type, not changing it. ++[pap] returns noop Found Auth-Type = EAP +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP NAK [eap] EAP-NAK asked for EAP-Type/peap [eap] processing type tls [tls] Initiate [tls] Start returned 1 ++[eap] returns handled Sending Access-Challenge of id 142 to 192.168.0.2 port 1024 EAP-Message = 0x010200061920 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x09945ffc0896463c3aef342532c8f473 Finished request 1. Going to the next request Waking up in 4.9 seconds. rad_recv: Access-Request packet from host 192.168.0.2 port 1024, id=142, length=160 Sending duplicate reply to client localhost port 1024 - ID: 142 Sending Access-Challenge of id 142 to 192.168.0.2 port 1024 Waking up in 4.9 seconds. rad_recv: Access-Request packet from host 192.168.0.2 port 1024, id=143, length=269 User-Name = "hung" NAS-IP-Address = 192.168.0.2 NAS-Port = 0 Called-Station-Id = "00-1E-E5-9B-9A-FE:LCK" Calling-Station-Id = "00-17-C4-8C-2C-C8" Framed-MTU = 1400 NAS-Port-Type = Wireless-802.11 Connect-Info = "CONNECT 11Mbps 802.11b" EAP-Message = 0x0202007319800000006916030100640100006003014bd2cf75559dcf135bad3683a9e474a9bfb30ea41bb1056c87962735e7d2c468000018002f00350005000ac009c00ac013c01400320038001300040100001f00000009000700000468756e67000a00080006001700180019000b00020100 State = 0x09945ffc0896463c3aef342532c8f473 Message-Authenticator = 0x8ab641908fcc4ccab026238b80b5b38d +- entering group authorize {...} ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop [eap] EAP packet type response id 2 length 115 [eap] Continuing tunnel setup. ++[eap] returns ok Found Auth-Type = EAP +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/peap [eap] processing type peap [peap] processing EAP-TLS TLS Length 105 [peap] Length Included [peap] eaptls_verify returned 11 [peap] (other): before/accept initialization [peap] TLS_accept: before/accept initialization [peap] <<< TLS 1.0 Handshake [length 0064], ClientHello [peap] TLS_accept: SSLv3 read client hello A [peap] >>> TLS 1.0 Handshake [length 002a], ServerHello [peap] TLS_accept: SSLv3 write server hello A [peap] >>> TLS 1.0 Handshake [length 064d], Certificate [peap] TLS_accept: SSLv3 write certificate A [peap] >>> TLS 1.0 Handshake [length 0004], ServerHelloDone [peap] TLS_accept: SSLv3 write server done A [peap] TLS_accept: SSLv3 flush data [peap] TLS_accept: Need to read more data: SSLv3 read client certificate A In SSL Handshake Phase In SSL Accept mode [peap] eaptls_process returned 13 [peap] EAPTLS_HANDLED ++[eap] returns handled Sending Access-Challenge of id 143 to 192.168.0.2 port 1024 EAP-Message = 0x0103040019c00000068a160301002a0200002603014bd2cf409a6a57e5fe1a1492df4cbc2d97e673a9396e6d4c284bcc6e179f173700002f00160301064d0b0006490006460002ac308202a830820211a003020102020101300d06092a864886f70d010105050030818d310b300906035504061302564e310e300c0603550408130548616e6f69310e300c0603550407130548616e6f69310e300c060355040a130552444c6162310d300b060355040b130457694669311930170603550403131072646c61622e64796e646e732e6f72673124302206092a864886f70d010901161576616e68756e673232303540676d61696c2e636f6d301e170d3039 EAP-Message = 0x303832363134343030365a170d3130303832363134343030365a30818c310b300906035504061302564e310e300c0603550408130548616e6f69310e300c0603550407130548616e6f69310e300c060355040a130552444c6162310d300b060355040b130457694669311930170603550403131072646c61622e64796e646e732e6f72673123302106092a864886f70d010901161476616e68756e673232303540676d61692e636f6d30819f300d06092a864886f70d010101050003818d0030818902818100cbb2548bc6b9f5f479f8a668c32adcb12f40edd244b4be5b345a05a6b8b2d68ec997cbfd16899c008c467b5f8a06e3604a4733d15d894b EAP-Message = 0x8752303cd883bdcff91214653a6044e3a9d7c24d75eb159a3f8165baf58fb648ac3abf1ec06e585329474ff339c271f8812cb8a31a0e84861a7bf1377247190bf063d41b20133aabc30203010001a317301530130603551d25040c300a06082b06010505070301300d06092a864886f70d0101050500038181008a82f9fd8b6c61b2279312122efec7b7303147a41a61f2aa53b2f1266b18e42032769322040f063d2dfac0472969c9c15c0c343fbf27fb0c1bf07da10d251deba4b5016625e889f8494e909db87fe8b4bff43bee51ad62202e97baeb3280371e2e261f376934ac4398c0f62abd49eb03e5392c7356d5befc4527ef00b3cc63be000394 EAP-Message = 0x30820390308202f9a003020102020900e80a8ba193c27c94300d06092a864886f70d010105050030818d310b300906035504061302564e310e300c0603550408130548616e6f69310e300c0603550407130548616e6f69310e300c060355040a130552444c6162310d300b060355040b130457694669311930170603550403131072646c61622e64796e646e732e6f72673124302206092a864886f70d010901161576616e68756e673232303540676d61696c2e636f6d301e170d3039303832363134333030305a170d3139303832343134333030305a30818d310b300906035504061302564e310e300c0603550408130548616e6f69310e300c0603 EAP-Message = 0x550407130548616e6f69310e Message-Authenticator = 0x00000000000000000000000000000000 State = 0x09945ffc0b97463c3aef342532c8f473 Finished request 2. Going to the next request Waking up in 4.9 seconds. rad_recv: Access-Request packet from host 192.168.0.2 port 1024, id=143, length=269 Sending duplicate reply to client localhost port 1024 - ID: 143 Sending Access-Challenge of id 143 to 192.168.0.2 port 1024 Waking up in 4.9 seconds. rad_recv: Access-Request packet from host 192.168.0.2 port 1024, id=144, length=160 User-Name = "hung" NAS-IP-Address = 192.168.0.2 NAS-Port = 0 Called-Station-Id = "00-1E-E5-9B-9A-FE:LCK" Calling-Station-Id = "00-17-C4-8C-2C-C8" Framed-MTU = 1400 NAS-Port-Type = Wireless-802.11 Connect-Info = "CONNECT 11Mbps 802.11b" EAP-Message = 0x020300061900 State = 0x09945ffc0b97463c3aef342532c8f473 Message-Authenticator = 0x8cacb8e566ba71bec2174474eebc8af6 +- entering group authorize {...} ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop [eap] EAP packet type response id 3 length 6 [eap] Continuing tunnel setup. ++[eap] returns ok Found Auth-Type = EAP +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/peap [eap] processing type peap [peap] processing EAP-TLS [peap] Received TLS ACK [peap] ACK handshake fragment handler [peap] eaptls_verify returned 1 [peap] eaptls_process returned 13 [peap] EAPTLS_HANDLED ++[eap] returns handled Sending Access-Challenge of id 144 to 192.168.0.2 port 1024 EAP-Message = 0x0104029a1900300c060355040a130552444c6162310d300b060355040b130457694669311930170603550403131072646c61622e64796e646e732e6f72673124302206092a864886f70d010901161576616e68756e673232303540676d61696c2e636f6d30819f300d06092a864886f70d010101050003818d0030818902818100db279fc63201483390df79f70080f551dbb699f6bd461bededff1a1d548f29c517859ad8c89aaf674c72e85a37ea305da0fa9a50ad28ca93fb5fda9a345231c086d50e0fd0ce5551420cd3281e051d8d952009be0a3d65e8aabc03d1d2dae6406bdf522d9710bbdf37f23e346d46ea3633fb3e58da4e81c1535f837f EAP-Message = 0x7fbb3d910203010001a381f53081f2301d0603551d0e0416041496a25a81024c4bff542ee201512e84777edc2a403081c20603551d230481ba3081b7801496a25a81024c4bff542ee201512e84777edc2a40a18193a4819030818d310b300906035504061302564e310e300c0603550408130548616e6f69310e300c0603550407130548616e6f69310e300c060355040a130552444c6162310d300b060355040b130457694669311930170603550403131072646c61622e64796e646e732e6f72673124302206092a864886f70d010901161576616e68756e673232303540676d61696c2e636f6d820900e80a8ba193c27c94300c0603551d13040530 EAP-Message = 0x030101ff300d06092a864886f70d010105050003818100762232f9975b93ae7c95735de73d8b722b16c08674a432c929d5660a34feb33a8c442febe85711a7896e361135cfa3df658bca5b3a7691d348742553977f0c0fba660f53f160fea98c0357e33351f35e61f0f98a7f2f57d323de73af18c20c4b625201c1362b8af3322c8163240e5ec11cb487c74d704b358bfa74f9e802a5cf16030100040e000000 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x09945ffc0a90463c3aef342532c8f473 Finished request 3. Going to the next request Waking up in 4.9 seconds. rad_recv: Access-Request packet from host 192.168.0.2 port 1024, id=144, length=160 Sending duplicate reply to client localhost port 1024 - ID: 144 Sending Access-Challenge of id 144 to 192.168.0.2 port 1024 Waking up in 4.9 seconds. rad_recv: Access-Request packet from host 192.168.0.2 port 1024, id=145, length=362 User-Name = "hung" NAS-IP-Address = 192.168.0.2 NAS-Port = 0 Called-Station-Id = "00-1E-E5-9B-9A-FE:LCK" Calling-Station-Id = "00-17-C4-8C-2C-C8" Framed-MTU = 1400 NAS-Port-Type = Wireless-802.11 Connect-Info = "CONNECT 11Mbps 802.11b" EAP-Message = 0x020400d01980000000c616030100861000008200808bdbfebac8c74565753b3f8a8407ab1489924b16358d622636bc5f6d224b7b6f516804af047ddd2342e2d7651d788f565d1ebde3f4746e9a1e498998e5d8223a04f481646860d0f735b12904fa67b7001cb2d1428b9fcfe9b5ec66d067a4a28756e74f1b29c5ec2eb30665be3c1a40cd127c5760e539656abdfc7829a2a840fd14030100010116030100307afc94045eaa1c6c00ddaa8e21fbed34668792dc480c7131028eef9753b1e7bed95dcf1cb69ecdd1a26b54c68da374b3 State = 0x09945ffc0a90463c3aef342532c8f473 Message-Authenticator = 0x595e4031385d17e480ca50188f4b019a +- entering group authorize {...} ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop [eap] EAP packet type response id 4 length 208 [eap] Continuing tunnel setup. ++[eap] returns ok Found Auth-Type = EAP +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/peap [eap] processing type peap [peap] processing EAP-TLS TLS Length 198 [peap] Length Included [peap] eaptls_verify returned 11 [peap] <<< TLS 1.0 Handshake [length 0086], ClientKeyExchange [peap] TLS_accept: SSLv3 read client key exchange A [peap] <<< TLS 1.0 ChangeCipherSpec [length 0001] [peap] <<< TLS 1.0 Handshake [length 0010], Finished [peap] TLS_accept: SSLv3 read finished A [peap] >>> TLS 1.0 ChangeCipherSpec [length 0001] [peap] TLS_accept: SSLv3 write change cipher spec A [peap] >>> TLS 1.0 Handshake [length 0010], Finished [peap] TLS_accept: SSLv3 write finished A [peap] TLS_accept: SSLv3 flush data [peap] (other): SSL negotiation finished successfully SSL Connection Established [peap] eaptls_process returned 13 [peap] EAPTLS_HANDLED ++[eap] returns handled Sending Access-Challenge of id 145 to 192.168.0.2 port 1024 EAP-Message = 0x0105004119001403010001011603010030d186e5c8b303934b35fef80891656d7ca02e857ccc105c53ee51251bb29383aec5847385a24d91f0eb84a84baa1660e6 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x09945ffc0d91463c3aef342532c8f473 Finished request 4. Going to the next request Waking up in 4.9 seconds. rad_recv: Access-Request packet from host 192.168.0.2 port 1024, id=145, length=362 Sending duplicate reply to client localhost port 1024 - ID: 145 Sending Access-Challenge of id 145 to 192.168.0.2 port 1024 Waking up in 4.9 seconds. rad_recv: Access-Request packet from host 192.168.0.2 port 1024, id=146, length=160 User-Name = "hung" NAS-IP-Address = 192.168.0.2 NAS-Port = 0 Called-Station-Id = "00-1E-E5-9B-9A-FE:LCK" Calling-Station-Id = "00-17-C4-8C-2C-C8" Framed-MTU = 1400 NAS-Port-Type = Wireless-802.11 Connect-Info = "CONNECT 11Mbps 802.11b" EAP-Message = 0x020500061900 State = 0x09945ffc0d91463c3aef342532c8f473 Message-Authenticator = 0xc42da73879b55cd71893e88f31e3bf8a +- entering group authorize {...} ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop [eap] EAP packet type response id 5 length 6 [eap] Continuing tunnel setup. ++[eap] returns ok Found Auth-Type = EAP +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/peap [eap] processing type peap [peap] processing EAP-TLS [peap] Received TLS ACK [peap] ACK handshake is finished [peap] eaptls_verify returned 3 [peap] eaptls_process returned 3 [peap] EAPTLS_SUCCESS ++[eap] returns handled Sending Access-Challenge of id 146 to 192.168.0.2 port 1024 EAP-Message = 0x0106002b1900170301002097aac09de2eee9a724ca523994a0eb3ec20127d56dd8f609ca7e49a9ab523d99 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x09945ffc0c92463c3aef342532c8f473 Finished request 5. Going to the next request Waking up in 4.9 seconds. rad_recv: Access-Request packet from host 192.168.0.2 port 1024, id=146, length=160 Sending duplicate reply to client localhost port 1024 - ID: 146 Sending Access-Challenge of id 146 to 192.168.0.2 port 1024 Waking up in 4.9 seconds. rad_recv: Access-Request packet from host 192.168.0.2 port 1024, id=147, length=197 User-Name = "hung" NAS-IP-Address = 192.168.0.2 NAS-Port = 0 Called-Station-Id = "00-1E-E5-9B-9A-FE:LCK" Calling-Station-Id = "00-17-C4-8C-2C-C8" Framed-MTU = 1400 NAS-Port-Type = Wireless-802.11 Connect-Info = "CONNECT 11Mbps 802.11b" EAP-Message = 0x0206002b190017030100202af709546e11ea1a32e4357f545b7e2a7d35adc1ac61d77ff88857c763d007ee State = 0x09945ffc0c92463c3aef342532c8f473 Message-Authenticator = 0x48ce7e5ce68eb823fb9b31aa5a37c4e0 +- entering group authorize {...} ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop [eap] EAP packet type response id 6 length 43 [eap] Continuing tunnel setup. ++[eap] returns ok Found Auth-Type = EAP +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/peap [eap] processing type peap [peap] processing EAP-TLS [peap] eaptls_verify returned 7 [peap] Done initial handshake [peap] eaptls_process returned 7 [peap] EAPTLS_OK [peap] Session established. Decoding tunneled attributes. [peap] Identity - hung [peap] Got tunneled request EAP-Message = 0x020600090168756e67 server { PEAP: Got tunneled identity of hung PEAP: Setting default EAP type for tunneled EAP session. PEAP: Setting User-Name to hung Sending tunneled request EAP-Message = 0x020600090168756e67 FreeRADIUS-Proxied-To = 127.0.0.1 User-Name = "hung" server inner-tunnel { +- entering group authorize {...} ++[chap] returns noop ++[mschap] returns noop ++[unix] returns notfound [suffix] No '@' in User-Name = "hung", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop ++[control] returns noop [eap] EAP packet type response id 6 length 9 [eap] No EAP Start, assuming it's an on-going EAP conversation ++[eap] returns updated [files] users: Matched entry hung at line 91 ++[files] returns ok ++[expiration] returns noop ++[logintime] returns noop [pap] Found existing Auth-Type, not changing it. ++[pap] returns noop Found Auth-Type = EAP +- entering group authenticate {...} [eap] EAP Identity [eap] processing type mschapv2 rlm_eap_mschapv2: Issuing Challenge ++[eap] returns handled } # server inner-tunnel [peap] Got tunneled reply code 11 EAP-Message = 0x0107001e1a01070019101fca91b0376148a4f0fd4f6fa463445968756e67 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x30ed615030ea7b7f26980120ae4d5ea2 [peap] Got tunneled reply RADIUS code 11 EAP-Message = 0x0107001e1a01070019101fca91b0376148a4f0fd4f6fa463445968756e67 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x30ed615030ea7b7f26980120ae4d5ea2 [peap] Got tunneled Access-Challenge ++[eap] returns handled Sending Access-Challenge of id 147 to 192.168.0.2 port 1024 EAP-Message = 0x0107003b19001703010030acea34ba364c5e7ad6a748a9ad768753e24608fa64111fa3786eade542a1ab9611abc97fdc9e45a65d62a5b2317adea1 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x09945ffc0f93463c3aef342532c8f473 Finished request 6. Going to the next request Waking up in 4.9 seconds. rad_recv: Access-Request packet from host 192.168.0.2 port 1024, id=147, length=197 Sending duplicate reply to client localhost port 1024 - ID: 147 Sending Access-Challenge of id 147 to 192.168.0.2 port 1024 Waking up in 4.9 seconds. rad_recv: Access-Request packet from host 192.168.0.2 port 1024, id=148, length=245 User-Name = "hung" NAS-IP-Address = 192.168.0.2 NAS-Port = 0 Called-Station-Id = "00-1E-E5-9B-9A-FE:LCK" Calling-Station-Id = "00-17-C4-8C-2C-C8" Framed-MTU = 1400 NAS-Port-Type = Wireless-802.11 Connect-Info = "CONNECT 11Mbps 802.11b" EAP-Message = 0x0207005b190017030100503789c52759d13397450310d73512e08eab78acec6f019d37dfb1d3bc627faa0f0ea70db5264992c2c1ba9ef72a38e467ff0f361a444a4f66e8714f431d7ba75f1d2fd6f9b35f6be9398a051eb51c4cee State = 0x09945ffc0f93463c3aef342532c8f473 Message-Authenticator = 0xdd99eadb80af6786062cf4532a2ac7b3 +- entering group authorize {...} ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop [eap] EAP packet type response id 7 length 91 [eap] Continuing tunnel setup. ++[eap] returns ok Found Auth-Type = EAP +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/peap [eap] processing type peap [peap] processing EAP-TLS [peap] eaptls_verify returned 7 [peap] Done initial handshake [peap] eaptls_process returned 7 [peap] EAPTLS_OK [peap] Session established. Decoding tunneled attributes. [peap] EAP type mschapv2 [peap] Got tunneled request EAP-Message = 0x0207003f1a0207003a31b24df754018372abc900adb6c80448f60000000000000000242bcdf9531f27acab4fb7646ebd16c9dfe3993dc54aa9630068756e67 server { PEAP: Setting User-Name to hung Sending tunneled request EAP-Message = 0x0207003f1a0207003a31b24df754018372abc900adb6c80448f60000000000000000242bcdf9531f27acab4fb7646ebd16c9dfe3993dc54aa9630068756e67 FreeRADIUS-Proxied-To = 127.0.0.1 User-Name = "hung" State = 0x30ed615030ea7b7f26980120ae4d5ea2 server inner-tunnel { +- entering group authorize {...} ++[chap] returns noop ++[mschap] returns noop ++[unix] returns notfound [suffix] No '@' in User-Name = "hung", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop ++[control] returns noop [eap] EAP packet type response id 7 length 63 [eap] No EAP Start, assuming it's an on-going EAP conversation ++[eap] returns updated [files] users: Matched entry hung at line 91 ++[files] returns ok ++[expiration] returns noop ++[logintime] returns noop [pap] Found existing Auth-Type, not changing it. ++[pap] returns noop Found Auth-Type = EAP +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/mschapv2 [eap] processing type mschapv2 [mschapv2] +- entering group MS-CHAP {...} [mschap] Told to do MS-CHAPv2 for hung with NT-Password [mschap] adding MS-CHAPv2 MPPE keys ++[mschap] returns ok MSCHAP Success ++[eap] returns handled } # server inner-tunnel [peap] Got tunneled reply code 11 EAP-Message = 0x010800331a0307002e533d41333639313132464332374139353243333343313436463641343541374544324336414134374644 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x30ed615031e57b7f26980120ae4d5ea2 [peap] Got tunneled reply RADIUS code 11 EAP-Message = 0x010800331a0307002e533d41333639313132464332374139353243333343313436463641343541374544324336414134374644 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x30ed615031e57b7f26980120ae4d5ea2 [peap] Got tunneled Access-Challenge ++[eap] returns handled Sending Access-Challenge of id 148 to 192.168.0.2 port 1024 EAP-Message = 0x0108005b19001703010050812b12ad6be4c0b58ae49a03fe16a9e759fcc568963d94b6423571c49e72eb71a4a0f5e6117355df6ef454be2d74d0e113d3bf0cb53e2498f4f3d05404c828e2a5613a7d7811c2ac8dc5ea13c3d514f8 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x09945ffc0e9c463c3aef342532c8f473 Finished request 7. Going to the next request Waking up in 4.9 seconds. rad_recv: Access-Request packet from host 192.168.0.2 port 1024, id=148, length=245 Sending duplicate reply to client localhost port 1024 - ID: 148 Sending Access-Challenge of id 148 to 192.168.0.2 port 1024 Waking up in 4.9 seconds. rad_recv: Access-Request packet from host 192.168.0.2 port 1024, id=149, length=197 User-Name = "hung" NAS-IP-Address = 192.168.0.2 NAS-Port = 0 Called-Station-Id = "00-1E-E5-9B-9A-FE:LCK" Calling-Station-Id = "00-17-C4-8C-2C-C8" Framed-MTU = 1400 NAS-Port-Type = Wireless-802.11 Connect-Info = "CONNECT 11Mbps 802.11b" EAP-Message = 0x0208002b1900170301002023eabd68c252532f45928e383355c30f57be2542522f577cfad2c81ae1361533 State = 0x09945ffc0e9c463c3aef342532c8f473 Message-Authenticator = 0xf0514d6e47fd75079ce8653f0c07a816 +- entering group authorize {...} ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop [eap] EAP packet type response id 8 length 43 [eap] Continuing tunnel setup. ++[eap] returns ok Found Auth-Type = EAP +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/peap [eap] processing type peap [peap] processing EAP-TLS [peap] eaptls_verify returned 7 [peap] Done initial handshake [peap] eaptls_process returned 7 [peap] EAPTLS_OK [peap] Session established. Decoding tunneled attributes. [peap] EAP type mschapv2 [peap] Got tunneled request EAP-Message = 0x020800061a03 server { PEAP: Setting User-Name to hung Sending tunneled request EAP-Message = 0x020800061a03 FreeRADIUS-Proxied-To = 127.0.0.1 User-Name = "hung" State = 0x30ed615031e57b7f26980120ae4d5ea2 server inner-tunnel { +- entering group authorize {...} ++[chap] returns noop ++[mschap] returns noop ++[unix] returns notfound [suffix] No '@' in User-Name = "hung", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop ++[control] returns noop [eap] EAP packet type response id 8 length 6 [eap] No EAP Start, assuming it's an on-going EAP conversation ++[eap] returns updated [files] users: Matched entry hung at line 91 ++[files] returns ok ++[expiration] returns noop ++[logintime] returns noop [pap] Found existing Auth-Type, not changing it. ++[pap] returns noop Found Auth-Type = EAP +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/mschapv2 [eap] processing type mschapv2 [eap] Freeing handler ++[eap] returns ok Login OK: [hung] (from client localhost port 0 via TLS tunnel) } # server inner-tunnel [peap] Got tunneled reply code 2 EAP-Message = 0x03080004 Message-Authenticator = 0x00000000000000000000000000000000 User-Name = "hung" [peap] Got tunneled reply RADIUS code 2 EAP-Message = 0x03080004 Message-Authenticator = 0x00000000000000000000000000000000 User-Name = "hung" [peap] Tunneled authentication was successful. [peap] SUCCESS ++[eap] returns handled Sending Access-Challenge of id 149 to 192.168.0.2 port 1024 EAP-Message = 0x0109002b19001703010020d3bceac5711dc8705f5ef1be9a9033a2a48bdcabf76210563e5702faabac60c6 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x09945ffc019d463c3aef342532c8f473 Finished request 8. Going to the next request Waking up in 4.9 seconds. rad_recv: Access-Request packet from host 192.168.0.2 port 1024, id=149, length=197 Sending duplicate reply to client localhost port 1024 - ID: 149 Sending Access-Challenge of id 149 to 192.168.0.2 port 1024 Waking up in 4.9 seconds. rad_recv: Access-Request packet from host 192.168.0.2 port 1024, id=150, length=197 User-Name = "hung" NAS-IP-Address = 192.168.0.2 NAS-Port = 0 Called-Station-Id = "00-1E-E5-9B-9A-FE:LCK" Calling-Station-Id = "00-17-C4-8C-2C-C8" Framed-MTU = 1400 NAS-Port-Type = Wireless-802.11 Connect-Info = "CONNECT 11Mbps 802.11b" EAP-Message = 0x0209002b19001703010020a2816416dff2d67ddae415cc3fae80715929de76149607a7757c14e83541027b State = 0x09945ffc019d463c3aef342532c8f473 Message-Authenticator = 0x262c8d17f695699416cc9819a38c84b5 +- entering group authorize {...} ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop [eap] EAP packet type response id 9 length 43 [eap] Continuing tunnel setup. ++[eap] returns ok Found Auth-Type = EAP +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/peap [eap] processing type peap [peap] processing EAP-TLS [peap] eaptls_verify returned 7 [peap] Done initial handshake [peap] eaptls_process returned 7 [peap] EAPTLS_OK [peap] Session established. Decoding tunneled attributes. [peap] Received EAP-TLV response. [peap] Success [eap] Freeing handler ++[eap] returns ok Login OK: [hung] (from client localhost port 0 cli 00-17-C4-8C-2C-C8) +- entering group post-auth {...} [reply_log] expand: /usr/local/var/log/radius/radacct/%{Client-IP-Address}/reply-detail-%Y%m%d -> /usr/local/var/log/radius/radacct/192.168.0.2/reply-detail-20100424 [reply_log] /usr/local/var/log/radius/radacct/%{Client-IP-Address}/reply-detail-%Y%m%d expands to /usr/local/var/log/radius/radacct/192.168.0.2/reply-detail-20100424 [reply_log] expand: %t -> Sat Apr 24 07:00:16 2010 ++[reply_log] returns ok [sql] expand: %{Stripped-User-Name} -> [sql] expand: %{User-Name} -> hung [sql] expand: %{%{User-Name}:-DEFAULT} -> hung [sql] expand: %{%{Stripped-User-Name}:-%{%{User-Name}:-DEFAULT}} -> hung [sql] sql_set_user escaped user --> 'hung' [sql] expand: INSERT INTO radpostauth (username,pass,reply, authdate) VALUES ( '%{User-Name}', '%{User-Password}', '%{reply:Packet-Type}', '%S') -> INSERT INTO radpostauth (username,pass,reply, authdate) VALUES ( 'hung', '', 'Access-Accept', '2010-04-24 07:00:16') rlm_sql (sql) in sql_postauth: query is INSERT INTO radpostauth (username,pass,reply, authdate) VALUES ( 'hung', '', 'Access-Accept', '2010-04-24 07:00:16') rlm_sql (sql): Reserving sql socket id: 2 rlm_sql (sql): Released sql socket id: 2 ++[sql] returns ok ++[exec] returns noop Sending Access-Accept of id 150 to 192.168.0.2 port 1024 MS-MPPE-Recv-Key = 0x3013440c697761f69a75e70dcc006e7aa69349f107589f89a488212b6a11cc9e MS-MPPE-Send-Key = 0xf35fc13294fa122fd2c858a086bf73a8b0830443c080c1c443253b57c9e7f59a EAP-Message = 0x03090004 Message-Authenticator = 0x00000000000000000000000000000000 User-Name = "hung" Finished request 9. Going to the next request Waking up in 4.8 seconds. rad_recv: Access-Request packet from host 192.168.0.2 port 1024, id=150, length=197 Sending duplicate reply to client localhost port 1024 - ID: 150 Sending Access-Accept of id 150 to 192.168.0.2 port 1024 Waking up in 4.8 seconds. Cleaning up request 0 ID 141 with timestamp +9 Cleaning up request 1 ID 142 with timestamp +9 Cleaning up request 2 ID 143 with timestamp +9 Cleaning up request 3 ID 144 with timestamp +9 Cleaning up request 4 ID 145 with timestamp +9 Cleaning up request 5 ID 146 with timestamp +9 Cleaning up request 6 ID 147 with timestamp +9 Cleaning up request 7 ID 148 with timestamp +9 Cleaning up request 8 ID 149 with timestamp +9 Cleaning up request 9 ID 150 with timestamp +9 Ready to process requests. Ready to process requests. Exiting normally. rlm_sql (sql): Closing sqlsocket 4 rlm_sql (sql): Closing sqlsocket 3 rlm_sql (sql): Closing sqlsocket 2 rlm_sql (sql): Closing sqlsocket 1 rlm_sql (sql): Closing sqlsocket 0 Many thanks, Vu Hung.
participants (1)
-
VU VAN HUNG