freeradius 3 + mysql configure
Hello freeradius users, i install a freeradius 3 with mysql and daloradius on ubuntu 14.04 lts. Now i trie to get the radius authentification working with a hp procurve 2530 switch. But the Radius Server does not send any Access-Accept Message. Only Access-Challanges will send tot he switch: Logfile: Fri Feb 26 09:09:12 2016 : Debug: Server was built with: Fri Feb 26 09:09:12 2016 : Debug: accounting : yes Fri Feb 26 09:09:12 2016 : Debug: authentication : yes Fri Feb 26 09:09:12 2016 : Debug: ascend-binary-attributes : yes Fri Feb 26 09:09:12 2016 : Debug: coa : yes Fri Feb 26 09:09:12 2016 : Debug: control-socket : yes Fri Feb 26 09:09:12 2016 : Debug: detail : yes Fri Feb 26 09:09:12 2016 : Debug: dhcp : yes Fri Feb 26 09:09:12 2016 : Debug: dynamic-clients : yes Fri Feb 26 09:09:12 2016 : Debug: osfc2 : no Fri Feb 26 09:09:12 2016 : Debug: proxy : yes Fri Feb 26 09:09:12 2016 : Debug: regex-pcre : no Fri Feb 26 09:09:12 2016 : Debug: regex-posix : yes Fri Feb 26 09:09:12 2016 : Debug: regex-posix-extended : yes Fri Feb 26 09:09:12 2016 : Debug: session-management : yes Fri Feb 26 09:09:12 2016 : Debug: stats : yes Fri Feb 26 09:09:12 2016 : Debug: tcp : yes Fri Feb 26 09:09:12 2016 : Debug: threads : yes Fri Feb 26 09:09:12 2016 : Debug: tls : yes Fri Feb 26 09:09:12 2016 : Debug: unlang : yes Fri Feb 26 09:09:12 2016 : Debug: vmps : yes Fri Feb 26 09:09:12 2016 : Debug: developer : no Fri Feb 26 09:09:12 2016 : Debug: Server core libs: Fri Feb 26 09:09:12 2016 : Debug: freeradius-server : 3.0.10 Fri Feb 26 09:09:12 2016 : Debug: talloc : 2.0.* Fri Feb 26 09:09:12 2016 : Debug: ssl : 1.0.1f release Fri Feb 26 09:09:12 2016 : Debug: Endianness: Fri Feb 26 09:09:12 2016 : Debug: little Fri Feb 26 09:09:12 2016 : Debug: Compilation flags: Fri Feb 26 09:09:12 2016 : Info: Copyright (C) 1999-2015 The FreeRADIUS server project and contributors Fri Feb 26 09:09:12 2016 : Info: There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A Fri Feb 26 09:09:12 2016 : Info: PARTICULAR PURPOSE Fri Feb 26 09:09:12 2016 : Info: You may redistribute copies of FreeRADIUS under the terms of the Fri Feb 26 09:09:12 2016 : Info: GNU General Public License Fri Feb 26 09:09:12 2016 : Info: For more information about these matters, see the file named COPYRIGHT Fri Feb 26 09:09:12 2016 : Info: Starting - reading configuration files ... Fri Feb 26 09:09:12 2016 : Debug: including dictionary file /usr/share/freeradius/dictionary Fri Feb 26 09:09:12 2016 : Debug: including dictionary file /usr/share/freeradius/dictionary.dhcp Fri Feb 26 09:09:12 2016 : Debug: including dictionary file /usr/share/freeradius/dictionary.vqp Fri Feb 26 09:09:12 2016 : Debug: including dictionary file /etc/freeradius/dictionary Fri Feb 26 09:09:12 2016 : Debug: including configuration file /etc/freeradius/radiusd.conf Fri Feb 26 09:09:12 2016 : Debug: including configuration file /etc/freeradius/proxy.conf Fri Feb 26 09:09:12 2016 : Debug: including configuration file /etc/freeradius/clients.conf Fri Feb 26 09:09:12 2016 : Debug: including files in directory /etc/freeradius/mods-enabled/ Fri Feb 26 09:09:12 2016 : Debug: including configuration file /etc/freeradius/mods-enabled/linelog Fri Feb 26 09:09:12 2016 : Debug: including configuration file /etc/freeradius/mods-enabled/soh Fri Feb 26 09:09:12 2016 : Debug: including configuration file /etc/freeradius/mods-enabled/passwd Fri Feb 26 09:09:12 2016 : Debug: including configuration file /etc/freeradius/mods-enabled/replicate Fri Feb 26 09:09:12 2016 : Debug: including configuration file /etc/freeradius/mods-enabled/dynamic_clients Fri Feb 26 09:09:12 2016 : Debug: including configuration file /etc/freeradius/mods-enabled/mschap Fri Feb 26 09:09:12 2016 : Debug: including configuration file /etc/freeradius/mods-enabled/expr Fri Feb 26 09:09:12 2016 : Debug: including configuration file /etc/freeradius/mods-enabled/cache_eap Fri Feb 26 09:09:12 2016 : Debug: including configuration file /etc/freeradius/mods-enabled/files Fri Feb 26 09:09:12 2016 : Debug: including configuration file /etc/freeradius/mods-enabled/unpack Fri Feb 26 09:09:12 2016 : Debug: including configuration file /etc/freeradius/mods-enabled/detail.log Fri Feb 26 09:09:12 2016 : Debug: including configuration file /etc/freeradius/mods-enabled/utf8 Fri Feb 26 09:09:12 2016 : Debug: including configuration file /etc/freeradius/mods-enabled/always Fri Feb 26 09:09:12 2016 : Debug: including configuration file /etc/freeradius/mods-enabled/unix Fri Feb 26 09:09:12 2016 : Debug: including configuration file /etc/freeradius/mods-enabled/chap Fri Feb 26 09:09:12 2016 : Debug: including configuration file /etc/freeradius/mods-enabled/detail Fri Feb 26 09:09:12 2016 : Debug: including configuration file /etc/freeradius/mods-enabled/ntlm_auth Fri Feb 26 09:09:12 2016 : Debug: including configuration file /etc/freeradius/mods-enabled/attr_filter Fri Feb 26 09:09:12 2016 : Debug: including configuration file /etc/freeradius/mods-enabled/preprocess Fri Feb 26 09:09:12 2016 : Debug: including configuration file /etc/freeradius/mods-enabled/realm Fri Feb 26 09:09:12 2016 : Debug: including configuration file /etc/freeradius/mods-enabled/exec Fri Feb 26 09:09:12 2016 : Debug: including configuration file /etc/freeradius/mods-enabled/sql Fri Feb 26 09:09:12 2016 : Debug: including configuration file /etc/freeradius/mods-config/sql/main/sqlite/queries.conf Fri Feb 26 09:09:12 2016 : Debug: including configuration file /etc/freeradius/mods-enabled/logintime Fri Feb 26 09:09:12 2016 : Debug: including configuration file /etc/freeradius/mods-enabled/sradutmp Fri Feb 26 09:09:12 2016 : Debug: including configuration file /etc/freeradius/mods-enabled/digest Fri Feb 26 09:09:12 2016 : Debug: including configuration file /etc/freeradius/mods-enabled/radutmp Fri Feb 26 09:09:12 2016 : Debug: including configuration file /etc/freeradius/mods-enabled/eap Fri Feb 26 09:09:12 2016 : Debug: including configuration file /etc/freeradius/mods-enabled/pap Fri Feb 26 09:09:12 2016 : Debug: including configuration file /etc/freeradius/mods-enabled/expiration Fri Feb 26 09:09:12 2016 : Debug: including configuration file /etc/freeradius/mods-enabled/echo Fri Feb 26 09:09:12 2016 : Debug: including files in directory /etc/freeradius/policy.d/ Fri Feb 26 09:09:12 2016 : Debug: including configuration file /etc/freeradius/policy.d/abfab-tr Fri Feb 26 09:09:12 2016 : Debug: including configuration file /etc/freeradius/policy.d/control Fri Feb 26 09:09:12 2016 : Debug: including configuration file /etc/freeradius/policy.d/cui Fri Feb 26 09:09:12 2016 : Debug: OPTIMIZING (${policy.cui_require_operator_name} == yes) --> FALSE Fri Feb 26 09:09:12 2016 : Debug: OPTIMIZING (no == yes) --> FALSE Fri Feb 26 09:09:12 2016 : Debug: OPTIMIZING (${policy.cui_require_operator_name} == yes) --> FALSE Fri Feb 26 09:09:12 2016 : Debug: OPTIMIZING (no == yes) --> FALSE Fri Feb 26 09:09:12 2016 : Debug: including configuration file /etc/freeradius/policy.d/dhcp Fri Feb 26 09:09:12 2016 : Debug: including configuration file /etc/freeradius/policy.d/accounting Fri Feb 26 09:09:12 2016 : Debug: including configuration file /etc/freeradius/policy.d/canonicalization Fri Feb 26 09:09:12 2016 : Debug: including configuration file /etc/freeradius/policy.d/debug Fri Feb 26 09:09:12 2016 : Debug: including configuration file /etc/freeradius/policy.d/operator-name Fri Feb 26 09:09:12 2016 : Debug: including configuration file /etc/freeradius/policy.d/filter Fri Feb 26 09:09:12 2016 : Debug: including configuration file /etc/freeradius/policy.d/eap Fri Feb 26 09:09:12 2016 : Debug: including files in directory /etc/freeradius/sites-enabled/ Fri Feb 26 09:09:12 2016 : Debug: including configuration file /etc/freeradius/sites-enabled/default Fri Feb 26 09:09:12 2016 : Debug: including configuration file /etc/freeradius/sites-enabled/inner-tunnel Fri Feb 26 09:09:12 2016 : Debug: including files in directory /etc/freeradius/sites-enabled/ Fri Feb 26 09:09:12 2016 : Debug: including configuration file /etc/freeradius/sites-enabled/default Fri Feb 26 09:09:12 2016 : Debug: including configuration file /etc/freeradius/sites-enabled/inner-tunnel Fri Feb 26 09:09:12 2016 : Debug: main { Fri Feb 26 09:09:12 2016 : Debug: security { Fri Feb 26 09:09:12 2016 : Debug: user = "freerad" Fri Feb 26 09:09:12 2016 : Debug: group = "freerad" Fri Feb 26 09:09:12 2016 : Debug: allow_core_dumps = no Fri Feb 26 09:09:12 2016 : Warning: /etc/freeradius/radiusd.conf[462]: The item 'max_attributes' is defined, but is unused by the configuration Fri Feb 26 09:09:12 2016 : Warning: /etc/freeradius/radiusd.conf[480]: The item 'reject_delay' is defined, but is unused by the configuration Fri Feb 26 09:09:12 2016 : Warning: /etc/freeradius/radiusd.conf[500]: The item 'status_server' is defined, but is unused by the configuration Fri Feb 26 09:09:12 2016 : Debug: } Fri Feb 26 09:09:12 2016 : Debug: name = "freeradius" Fri Feb 26 09:09:12 2016 : Debug: prefix = "/usr" Fri Feb 26 09:09:12 2016 : Debug: localstatedir = "/var" Fri Feb 26 09:09:12 2016 : Debug: logdir = "/var/log/freeradius" Fri Feb 26 09:09:12 2016 : Debug: run_dir = "/var/run/freeradius" Fri Feb 26 09:09:12 2016 : Warning: /etc/freeradius/radiusd.conf[55]: The item 'sysconfdir' is defined, but is unused by the configuration Fri Feb 26 09:09:12 2016 : Warning: /etc/freeradius/radiusd.conf[67]: The item 'confdir' is defined, but is unused by the configuration Fri Feb 26 09:09:12 2016 : Warning: /etc/freeradius/radiusd.conf[74]: The item 'db_dir' is defined, but is unused by the configuration Fri Feb 26 09:09:12 2016 : Warning: /etc/freeradius/radiusd.conf[108]: The item 'libdir' is defined, but is unused by the configuration Fri Feb 26 09:09:12 2016 : Warning: /etc/freeradius/radiusd.conf[119]: The item 'pidfile' is defined, but is unused by the configuration Fri Feb 26 09:09:12 2016 : Warning: /etc/freeradius/radiusd.conf[140]: The item 'correct_escapes' is defined, but is unused by the configuration Fri Feb 26 09:09:12 2016 : Warning: /etc/freeradius/radiusd.conf[194]: The item 'max_request_time' is defined, but is unused by the configuration Fri Feb 26 09:09:12 2016 : Warning: /etc/freeradius/radiusd.conf[213]: The item 'cleanup_delay' is defined, but is unused by the configuration Fri Feb 26 09:09:12 2016 : Warning: /etc/freeradius/radiusd.conf[250]: The item 'hostname_lookups' is defined, but is unused by the configuration Fri Feb 26 09:09:12 2016 : Warning: /etc/freeradius/radiusd.conf[372]: The item 'checkrad' is defined, but is unused by the configuration Fri Feb 26 09:09:12 2016 : Warning: /etc/freeradius/radiusd.conf[521]: The item 'proxy_requests' is defined, but is unused by the configuration Fri Feb 26 09:09:12 2016 : Debug: } Fri Feb 26 09:09:12 2016 : Debug: main { Fri Feb 26 09:09:12 2016 : Debug: name = "freeradius" Fri Feb 26 09:09:12 2016 : Debug: prefix = "/usr" Fri Feb 26 09:09:12 2016 : Debug: localstatedir = "/var" Fri Feb 26 09:09:12 2016 : Debug: sbindir = "/usr/sbin" Fri Feb 26 09:09:12 2016 : Debug: logdir = "/var/log/freeradius" Fri Feb 26 09:09:12 2016 : Debug: run_dir = "/var/run/freeradius" Fri Feb 26 09:09:12 2016 : Debug: libdir = "/usr/lib/freeradius" Fri Feb 26 09:09:12 2016 : Debug: radacctdir = "/var/log/freeradius/radacct" Fri Feb 26 09:09:12 2016 : Debug: hostname_lookups = no Fri Feb 26 09:09:12 2016 : Debug: max_request_time = 30 Fri Feb 26 09:09:12 2016 : Debug: cleanup_delay = 5 Fri Feb 26 09:09:12 2016 : Debug: max_requests = 16384 Fri Feb 26 09:09:12 2016 : Debug: pidfile = "/var/run/freeradius/freeradius.pid" Fri Feb 26 09:09:12 2016 : Debug: checkrad = "/usr/sbin/checkrad" Fri Feb 26 09:09:12 2016 : Debug: debug_level = 0 Fri Feb 26 09:09:12 2016 : Debug: proxy_requests = yes Fri Feb 26 09:09:12 2016 : Debug: log { Fri Feb 26 09:09:12 2016 : Debug: stripped_names = no Fri Feb 26 09:09:12 2016 : Debug: auth = no Fri Feb 26 09:09:12 2016 : Debug: auth_badpass = no Fri Feb 26 09:09:12 2016 : Debug: auth_goodpass = no Fri Feb 26 09:09:12 2016 : Debug: colourise = yes Fri Feb 26 09:09:12 2016 : Debug: msg_denied = "You are already logged in - access denied" Fri Feb 26 09:09:12 2016 : Warning: /etc/freeradius/radiusd.conf[268]: The item 'destination' is defined, but is unused by the configuration Fri Feb 26 09:09:12 2016 : Warning: /etc/freeradius/radiusd.conf[285]: The item 'file' is defined, but is unused by the configuration Fri Feb 26 09:09:12 2016 : Warning: /etc/freeradius/radiusd.conf[331]: The item 'syslog_facility' is defined, but is unused by the configuration Fri Feb 26 09:09:12 2016 : Debug: } Fri Feb 26 09:09:12 2016 : Debug: resources { Fri Feb 26 09:09:12 2016 : Debug: } Fri Feb 26 09:09:12 2016 : Debug: security { Fri Feb 26 09:09:12 2016 : Debug: max_attributes = 200 Fri Feb 26 09:09:12 2016 : Debug: reject_delay = 1.000000 Fri Feb 26 09:09:12 2016 : Debug: status_server = yes Fri Feb 26 09:09:12 2016 : Debug: } Fri Feb 26 09:09:12 2016 : Warning: /etc/freeradius/radiusd.conf[55]: The item 'sysconfdir' is defined, but is unused by the configuration Fri Feb 26 09:09:12 2016 : Warning: /etc/freeradius/radiusd.conf[67]: The item 'confdir' is defined, but is unused by the configuration Fri Feb 26 09:09:12 2016 : Warning: /etc/freeradius/radiusd.conf[74]: The item 'db_dir' is defined, but is unused by the configuration Fri Feb 26 09:09:12 2016 : Warning: /etc/freeradius/radiusd.conf[140]: The item 'correct_escapes' is defined, but is unused by the configuration Fri Feb 26 09:09:12 2016 : Debug: } Fri Feb 26 09:09:12 2016 : Debug: radiusd: #### Loading Realms and Home Servers #### Fri Feb 26 09:09:12 2016 : Debug: proxy server { Fri Feb 26 09:09:12 2016 : Debug: retry_delay = 5 Fri Feb 26 09:09:12 2016 : Debug: retry_count = 3 Fri Feb 26 09:09:12 2016 : Debug: default_fallback = no Fri Feb 26 09:09:12 2016 : Debug: dead_time = 120 Fri Feb 26 09:09:12 2016 : Debug: wake_all_if_all_dead = no Fri Feb 26 09:09:12 2016 : Debug: } Fri Feb 26 09:09:12 2016 : Debug: home_server localhost { Fri Feb 26 09:09:12 2016 : Debug: ipaddr = 127.0.0.1 Fri Feb 26 09:09:12 2016 : Debug: port = 1812 Fri Feb 26 09:09:12 2016 : Debug: type = "auth" Fri Feb 26 09:09:12 2016 : Debug: secret = "testing123" Fri Feb 26 09:09:12 2016 : Debug: response_window = 20.000000 Fri Feb 26 09:09:12 2016 : Debug: response_timeouts = 1 Fri Feb 26 09:09:12 2016 : Debug: max_outstanding = 65536 Fri Feb 26 09:09:12 2016 : Debug: zombie_period = 40 Fri Feb 26 09:09:12 2016 : Debug: status_check = "status-server" Fri Feb 26 09:09:12 2016 : Debug: ping_interval = 30 Fri Feb 26 09:09:12 2016 : Debug: check_interval = 30 Fri Feb 26 09:09:12 2016 : Debug: check_timeout = 4 Fri Feb 26 09:09:12 2016 : Debug: num_answers_to_alive = 3 Fri Feb 26 09:09:12 2016 : Debug: revive_interval = 120 Fri Feb 26 09:09:12 2016 : Debug: limit { Fri Feb 26 09:09:12 2016 : Debug: max_connections = 16 Fri Feb 26 09:09:12 2016 : Debug: max_requests = 0 Fri Feb 26 09:09:12 2016 : Debug: lifetime = 0 Fri Feb 26 09:09:12 2016 : Debug: idle_timeout = 0 Fri Feb 26 09:09:12 2016 : Debug: } Fri Feb 26 09:09:12 2016 : Debug: coa { Fri Feb 26 09:09:12 2016 : Debug: irt = 2 Fri Feb 26 09:09:12 2016 : Debug: mrt = 16 Fri Feb 26 09:09:12 2016 : Debug: mrc = 5 Fri Feb 26 09:09:12 2016 : Debug: mrd = 30 Fri Feb 26 09:09:12 2016 : Debug: } Fri Feb 26 09:09:12 2016 : Debug: } Fri Feb 26 09:09:12 2016 : Debug: home_server_pool my_auth_failover { Fri Feb 26 09:09:12 2016 : Debug: type = fail-over Fri Feb 26 09:09:12 2016 : Debug: home_server = localhost Fri Feb 26 09:09:12 2016 : Debug: } Fri Feb 26 09:09:12 2016 : Debug: realm example.com { Fri Feb 26 09:09:12 2016 : Debug: auth_pool = my_auth_failover Fri Feb 26 09:09:12 2016 : Debug: } Fri Feb 26 09:09:12 2016 : Debug: realm LOCAL { Fri Feb 26 09:09:12 2016 : Debug: } Fri Feb 26 09:09:12 2016 : Debug: radiusd: #### Loading Clients #### Fri Feb 26 09:09:12 2016 : Debug: client localhost { Fri Feb 26 09:09:12 2016 : Debug: ipaddr = 127.0.0.1 Fri Feb 26 09:09:12 2016 : Debug: require_message_authenticator = no Fri Feb 26 09:09:12 2016 : Debug: secret = "testing123" Fri Feb 26 09:09:12 2016 : Debug: nas_type = "other" Fri Feb 26 09:09:12 2016 : Debug: proto = "*" Fri Feb 26 09:09:12 2016 : Debug: limit { Fri Feb 26 09:09:12 2016 : Debug: max_connections = 16 Fri Feb 26 09:09:12 2016 : Debug: lifetime = 0 Fri Feb 26 09:09:12 2016 : Debug: idle_timeout = 30 Fri Feb 26 09:09:12 2016 : Debug: } Fri Feb 26 09:09:12 2016 : Debug: } Fri Feb 26 09:09:12 2016 : Debug: Adding client 127.0.0.1/32 (127.0.0.1) to prefix tree 32 Fri Feb 26 09:09:12 2016 : Debug: client localhost_ipv6 { Fri Feb 26 09:09:12 2016 : Debug: ipv6addr = ::1 Fri Feb 26 09:09:12 2016 : Debug: require_message_authenticator = no Fri Feb 26 09:09:12 2016 : Debug: secret = "testing123" Fri Feb 26 09:09:12 2016 : Debug: limit { Fri Feb 26 09:09:12 2016 : Debug: max_connections = 16 Fri Feb 26 09:09:12 2016 : Debug: lifetime = 0 Fri Feb 26 09:09:12 2016 : Debug: idle_timeout = 30 Fri Feb 26 09:09:12 2016 : Debug: } Fri Feb 26 09:09:12 2016 : Debug: } Fri Feb 26 09:09:12 2016 : Debug: Adding client ::1/128 (::1) to prefix tree 128 Fri Feb 26 09:09:12 2016 : Info: Debugger not attached Fri Feb 26 09:09:12 2016 : Debug: # Creating Auth-Type = digest Fri Feb 26 09:09:12 2016 : Debug: radiusd: #### Instantiating modules #### Fri Feb 26 09:09:12 2016 : Debug: Loading library using absolute path "/usr/lib/freeradius/rlm_linelog.so" Fri Feb 26 09:09:12 2016 : Debug: Loaded rlm_linelog, checking if it's valid Fri Feb 26 09:09:12 2016 : Debug: # Loaded module rlm_linelog Fri Feb 26 09:09:12 2016 : Debug: # Loading module "linelog" from file /etc/freeradius/mods-enabled/linelog Fri Feb 26 09:09:12 2016 : Debug: linelog { Fri Feb 26 09:09:12 2016 : Debug: filename = "/var/log/freeradius/linelog" Fri Feb 26 09:09:12 2016 : Debug: escape_filenames = no Fri Feb 26 09:09:12 2016 : Debug: syslog_severity = "info" Fri Feb 26 09:09:12 2016 : Debug: permissions = 384 Fri Feb 26 09:09:12 2016 : Debug: format = "This is a log message for %{User-Name}" Fri Feb 26 09:09:12 2016 : Debug: reference = "messages.%{%{reply:Packet-Type}:-default}" Fri Feb 26 09:09:12 2016 : Debug: } Fri Feb 26 09:09:12 2016 : Debug: # Loading module "log_accounting" from file /etc/freeradius/mods-enabled/linelog Fri Feb 26 09:09:12 2016 : Debug: linelog log_accounting { Fri Feb 26 09:09:12 2016 : Debug: filename = "/var/log/freeradius/linelog-accounting" Fri Feb 26 09:09:12 2016 : Debug: escape_filenames = no Fri Feb 26 09:09:12 2016 : Debug: syslog_severity = "info" Fri Feb 26 09:09:12 2016 : Debug: permissions = 384 Fri Feb 26 09:09:12 2016 : Debug: format = "" Fri Feb 26 09:09:12 2016 : Debug: reference = "Accounting-Request.%{%{Acct-Status-Type}:-unknown}" Fri Feb 26 09:09:12 2016 : Debug: } Fri Feb 26 09:09:12 2016 : Debug: Loading library using absolute path "/usr/lib/freeradius/rlm_soh.so" Fri Feb 26 09:09:12 2016 : Debug: Loaded rlm_soh, checking if it's valid Fri Feb 26 09:09:12 2016 : Debug: # Loaded module rlm_soh Fri Feb 26 09:09:12 2016 : Debug: # Loading module "soh" from file /etc/freeradius/mods-enabled/soh Fri Feb 26 09:09:12 2016 : Debug: soh { Fri Feb 26 09:09:12 2016 : Debug: dhcp = yes Fri Feb 26 09:09:12 2016 : Debug: } Fri Feb 26 09:09:12 2016 : Debug: Loading library using absolute path "/usr/lib/freeradius/rlm_passwd.so" Fri Feb 26 09:09:12 2016 : Debug: Loaded rlm_passwd, checking if it's valid Fri Feb 26 09:09:12 2016 : Debug: # Loaded module rlm_passwd Fri Feb 26 09:09:12 2016 : Debug: # Loading module "etc_passwd" from file /etc/freeradius/mods-enabled/passwd Fri Feb 26 09:09:12 2016 : Debug: passwd etc_passwd { Fri Feb 26 09:09:12 2016 : Debug: filename = "/etc/passwd" Fri Feb 26 09:09:12 2016 : Debug: format = "*User-Name:Crypt-Password:" Fri Feb 26 09:09:12 2016 : Debug: delimiter = ":" Fri Feb 26 09:09:12 2016 : Debug: ignore_nislike = no Fri Feb 26 09:09:12 2016 : Debug: ignore_empty = yes Fri Feb 26 09:09:12 2016 : Debug: allow_multiple_keys = no Fri Feb 26 09:09:12 2016 : Debug: hash_size = 100 Fri Feb 26 09:09:12 2016 : Debug: } Fri Feb 26 09:09:12 2016 : Debug: Loading library using absolute path "/usr/lib/freeradius/rlm_replicate.so" Fri Feb 26 09:09:12 2016 : Debug: Loaded rlm_replicate, checking if it's valid Fri Feb 26 09:09:12 2016 : Debug: # Loaded module rlm_replicate Fri Feb 26 09:09:12 2016 : Debug: # Loading module "replicate" from file /etc/freeradius/mods-enabled/replicate Fri Feb 26 09:09:12 2016 : Debug: Loading library using absolute path "/usr/lib/freeradius/rlm_dynamic_clients.so" Fri Feb 26 09:09:12 2016 : Debug: Loaded rlm_dynamic_clients, checking if it's valid Fri Feb 26 09:09:12 2016 : Debug: # Loaded module rlm_dynamic_clients Fri Feb 26 09:09:12 2016 : Debug: # Loading module "dynamic_clients" from file /etc/freeradius/mods-enabled/dynamic_clients Fri Feb 26 09:09:12 2016 : Debug: Loading library using absolute path "/usr/lib/freeradius/rlm_mschap.so" Fri Feb 26 09:09:12 2016 : Debug: Loaded rlm_mschap, checking if it's valid Fri Feb 26 09:09:12 2016 : Debug: # Loaded module rlm_mschap Fri Feb 26 09:09:12 2016 : Debug: # Loading module "mschap" from file /etc/freeradius/mods-enabled/mschap Fri Feb 26 09:09:12 2016 : Debug: mschap { Fri Feb 26 09:09:12 2016 : Debug: use_mppe = yes Fri Feb 26 09:09:12 2016 : Debug: require_encryption = no Fri Feb 26 09:09:12 2016 : Debug: require_strong = no Fri Feb 26 09:09:12 2016 : Debug: with_ntdomain_hack = yes Fri Feb 26 09:09:12 2016 : Debug: passchange { Fri Feb 26 09:09:12 2016 : Debug: } Fri Feb 26 09:09:12 2016 : Debug: allow_retry = yes Fri Feb 26 09:09:12 2016 : Debug: } Fri Feb 26 09:09:12 2016 : Debug: Loading library using absolute path "/usr/lib/freeradius/rlm_expr.so" Fri Feb 26 09:09:12 2016 : Debug: Loaded rlm_expr, checking if it's valid Fri Feb 26 09:09:12 2016 : Debug: # Loaded module rlm_expr Fri Feb 26 09:09:12 2016 : Debug: # Loading module "expr" from file /etc/freeradius/mods-enabled/expr Fri Feb 26 09:09:12 2016 : Debug: expr { Fri Feb 26 09:09:12 2016 : Debug: safe_characters = "@abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789.-_: /äéöüàâæçèéêëîïôœùûüaÿÄÉÖÜßÀÂÆÇÈÉÊËÎÏÔŒÙÛÜŸ" Fri Feb 26 09:09:12 2016 : Debug: } Fri Feb 26 09:09:12 2016 : Debug: Loading library using absolute path "/usr/lib/freeradius/rlm_cache.so" Fri Feb 26 09:09:12 2016 : Debug: Loaded rlm_cache, checking if it's valid Fri Feb 26 09:09:12 2016 : Debug: # Loaded module rlm_cache Fri Feb 26 09:09:12 2016 : Debug: # Loading module "cache_eap" from file /etc/freeradius/mods-enabled/cache_eap Fri Feb 26 09:09:12 2016 : Debug: cache cache_eap { Fri Feb 26 09:09:12 2016 : Debug: driver = "rlm_cache_rbtree" Fri Feb 26 09:09:12 2016 : Debug: key = "%{%{control:State}:-%{%{reply:State}:-%{State}}}" Fri Feb 26 09:09:12 2016 : Debug: ttl = 15 Fri Feb 26 09:09:12 2016 : Debug: max_entries = 0 Fri Feb 26 09:09:12 2016 : Debug: epoch = 0 Fri Feb 26 09:09:12 2016 : Debug: add_stats = no Fri Feb 26 09:09:12 2016 : Debug: } Fri Feb 26 09:09:12 2016 : Debug: Loading library using absolute path "/usr/lib/freeradius/rlm_files.so" Fri Feb 26 09:09:12 2016 : Debug: Loaded rlm_files, checking if it's valid Fri Feb 26 09:09:12 2016 : Debug: # Loaded module rlm_files Fri Feb 26 09:09:12 2016 : Debug: # Loading module "files" from file /etc/freeradius/mods-enabled/files Fri Feb 26 09:09:12 2016 : Debug: files { Fri Feb 26 09:09:12 2016 : Debug: filename = "/etc/freeradius/mods-config/files/authorize" Fri Feb 26 09:09:12 2016 : Debug: acctusersfile = "/etc/freeradius/mods-config/files/accounting" Fri Feb 26 09:09:12 2016 : Debug: preproxy_usersfile = "/etc/freeradius/mods-config/files/pre-proxy" Fri Feb 26 09:09:12 2016 : Debug: } Fri Feb 26 09:09:12 2016 : Debug: Loading library using absolute path "/usr/lib/freeradius/rlm_unpack.so" Fri Feb 26 09:09:12 2016 : Debug: Loaded rlm_unpack, checking if it's valid Fri Feb 26 09:09:12 2016 : Debug: # Loaded module rlm_unpack Fri Feb 26 09:09:12 2016 : Debug: # Loading module "unpack" from file /etc/freeradius/mods-enabled/unpack Fri Feb 26 09:09:12 2016 : Debug: Loading library using absolute path "/usr/lib/freeradius/rlm_detail.so" Fri Feb 26 09:09:12 2016 : Debug: Loaded rlm_detail, checking if it's valid Fri Feb 26 09:09:12 2016 : Debug: # Loaded module rlm_detail Fri Feb 26 09:09:12 2016 : Debug: # Loading module "auth_log" from file /etc/freeradius/mods-enabled/detail.log Fri Feb 26 09:09:12 2016 : Debug: detail auth_log { Fri Feb 26 09:09:12 2016 : Debug: filename = "/var/log/freeradius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d" Fri Feb 26 09:09:12 2016 : Debug: header = "%t" Fri Feb 26 09:09:12 2016 : Debug: permissions = 384 Fri Feb 26 09:09:12 2016 : Debug: locking = no Fri Feb 26 09:09:12 2016 : Debug: escape_filenames = no Fri Feb 26 09:09:12 2016 : Debug: log_packet_header = no Fri Feb 26 09:09:12 2016 : Debug: } Fri Feb 26 09:09:12 2016 : Debug: # Loading module "reply_log" from file /etc/freeradius/mods-enabled/detail.log Fri Feb 26 09:09:12 2016 : Debug: detail reply_log { Fri Feb 26 09:09:12 2016 : Debug: filename = "/var/log/freeradius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/reply-detail-%Y%m%d" Fri Feb 26 09:09:12 2016 : Debug: header = "%t" Fri Feb 26 09:09:12 2016 : Debug: permissions = 384 Fri Feb 26 09:09:12 2016 : Debug: locking = no Fri Feb 26 09:09:12 2016 : Debug: escape_filenames = no Fri Feb 26 09:09:12 2016 : Debug: log_packet_header = no Fri Feb 26 09:09:12 2016 : Debug: } Fri Feb 26 09:09:12 2016 : Debug: # Loading module "pre_proxy_log" from file /etc/freeradius/mods-enabled/detail.log Fri Feb 26 09:09:12 2016 : Debug: detail pre_proxy_log { Fri Feb 26 09:09:12 2016 : Debug: filename = "/var/log/freeradius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/pre-proxy-detail-%Y%m%d" Fri Feb 26 09:09:12 2016 : Debug: header = "%t" Fri Feb 26 09:09:12 2016 : Debug: permissions = 384 Fri Feb 26 09:09:12 2016 : Debug: locking = no Fri Feb 26 09:09:12 2016 : Debug: escape_filenames = no Fri Feb 26 09:09:12 2016 : Debug: log_packet_header = no Fri Feb 26 09:09:12 2016 : Debug: } Fri Feb 26 09:09:12 2016 : Debug: # Loading module "post_proxy_log" from file /etc/freeradius/mods-enabled/detail.log Fri Feb 26 09:09:12 2016 : Debug: detail post_proxy_log { Fri Feb 26 09:09:12 2016 : Debug: filename = "/var/log/freeradius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/post-proxy-detail-%Y%m%d" Fri Feb 26 09:09:12 2016 : Debug: header = "%t" Fri Feb 26 09:09:12 2016 : Debug: permissions = 384 Fri Feb 26 09:09:12 2016 : Debug: locking = no Fri Feb 26 09:09:12 2016 : Debug: escape_filenames = no Fri Feb 26 09:09:12 2016 : Debug: log_packet_header = no Fri Feb 26 09:09:12 2016 : Debug: } Fri Feb 26 09:09:12 2016 : Debug: Loading library using absolute path "/usr/lib/freeradius/rlm_utf8.so" Fri Feb 26 09:09:12 2016 : Debug: Loaded rlm_utf8, checking if it's valid Fri Feb 26 09:09:12 2016 : Debug: # Loaded module rlm_utf8 Fri Feb 26 09:09:12 2016 : Debug: # Loading module "utf8" from file /etc/freeradius/mods-enabled/utf8 Fri Feb 26 09:09:12 2016 : Debug: Loading library using absolute path "/usr/lib/freeradius/rlm_always.so" Fri Feb 26 09:09:12 2016 : Debug: Loaded rlm_always, checking if it's valid Fri Feb 26 09:09:12 2016 : Debug: # Loaded module rlm_always Fri Feb 26 09:09:12 2016 : Debug: # Loading module "reject" from file /etc/freeradius/mods-enabled/always Fri Feb 26 09:09:12 2016 : Debug: always reject { Fri Feb 26 09:09:12 2016 : Debug: rcode = "reject" Fri Feb 26 09:09:12 2016 : Debug: simulcount = 0 Fri Feb 26 09:09:12 2016 : Debug: mpp = no Fri Feb 26 09:09:12 2016 : Debug: } Fri Feb 26 09:09:12 2016 : Debug: # Loading module "fail" from file /etc/freeradius/mods-enabled/always Fri Feb 26 09:09:12 2016 : Debug: always fail { Fri Feb 26 09:09:12 2016 : Debug: rcode = "fail" Fri Feb 26 09:09:12 2016 : Debug: simulcount = 0 Fri Feb 26 09:09:12 2016 : Debug: mpp = no Fri Feb 26 09:09:12 2016 : Debug: } Fri Feb 26 09:09:12 2016 : Debug: # Loading module "ok" from file /etc/freeradius/mods-enabled/always Fri Feb 26 09:09:12 2016 : Debug: always ok { Fri Feb 26 09:09:12 2016 : Debug: rcode = "ok" Fri Feb 26 09:09:12 2016 : Debug: simulcount = 0 Fri Feb 26 09:09:12 2016 : Debug: mpp = no Fri Feb 26 09:09:12 2016 : Debug: } Fri Feb 26 09:09:12 2016 : Debug: # Loading module "handled" from file /etc/freeradius/mods-enabled/always Fri Feb 26 09:09:12 2016 : Debug: always handled { Fri Feb 26 09:09:12 2016 : Debug: rcode = "handled" Fri Feb 26 09:09:12 2016 : Debug: simulcount = 0 Fri Feb 26 09:09:12 2016 : Debug: mpp = no Fri Feb 26 09:09:12 2016 : Debug: } Fri Feb 26 09:09:12 2016 : Debug: # Loading module "invalid" from file /etc/freeradius/mods-enabled/always Fri Feb 26 09:09:12 2016 : Debug: always invalid { Fri Feb 26 09:09:12 2016 : Debug: rcode = "invalid" Fri Feb 26 09:09:12 2016 : Debug: simulcount = 0 Fri Feb 26 09:09:12 2016 : Debug: mpp = no Fri Feb 26 09:09:12 2016 : Debug: } Fri Feb 26 09:09:12 2016 : Debug: # Loading module "userlock" from file /etc/freeradius/mods-enabled/always Fri Feb 26 09:09:12 2016 : Debug: always userlock { Fri Feb 26 09:09:12 2016 : Debug: rcode = "userlock" Fri Feb 26 09:09:12 2016 : Debug: simulcount = 0 Fri Feb 26 09:09:12 2016 : Debug: mpp = no Fri Feb 26 09:09:12 2016 : Debug: } Fri Feb 26 09:09:12 2016 : Debug: # Loading module "notfound" from file /etc/freeradius/mods-enabled/always Fri Feb 26 09:09:12 2016 : Debug: always notfound { Fri Feb 26 09:09:12 2016 : Debug: rcode = "notfound" Fri Feb 26 09:09:12 2016 : Debug: simulcount = 0 Fri Feb 26 09:09:12 2016 : Debug: mpp = no Fri Feb 26 09:09:12 2016 : Debug: } Fri Feb 26 09:09:12 2016 : Debug: # Loading module "noop" from file /etc/freeradius/mods-enabled/always Fri Feb 26 09:09:12 2016 : Debug: always noop { Fri Feb 26 09:09:12 2016 : Debug: rcode = "noop" Fri Feb 26 09:09:12 2016 : Debug: simulcount = 0 Fri Feb 26 09:09:12 2016 : Debug: mpp = no Fri Feb 26 09:09:12 2016 : Debug: } Fri Feb 26 09:09:12 2016 : Debug: # Loading module "updated" from file /etc/freeradius/mods-enabled/always Fri Feb 26 09:09:12 2016 : Debug: always updated { Fri Feb 26 09:09:12 2016 : Debug: rcode = "updated" Fri Feb 26 09:09:12 2016 : Debug: simulcount = 0 Fri Feb 26 09:09:12 2016 : Debug: mpp = no Fri Feb 26 09:09:12 2016 : Debug: } Fri Feb 26 09:09:12 2016 : Debug: Loading library using absolute path "/usr/lib/freeradius/rlm_unix.so" Fri Feb 26 09:09:12 2016 : Debug: Loaded rlm_unix, checking if it's valid Fri Feb 26 09:09:12 2016 : Debug: # Loaded module rlm_unix Fri Feb 26 09:09:12 2016 : Debug: # Loading module "unix" from file /etc/freeradius/mods-enabled/unix Fri Feb 26 09:09:12 2016 : Debug: unix { Fri Feb 26 09:09:12 2016 : Debug: radwtmp = "/var/log/freeradius/radwtmp" Fri Feb 26 09:09:12 2016 : Debug: } Fri Feb 26 09:09:12 2016 : Debug: Creating attribute Unix-Group Fri Feb 26 09:09:12 2016 : Debug: Loading library using absolute path "/usr/lib/freeradius/rlm_chap.so" Fri Feb 26 09:09:12 2016 : Debug: Loaded rlm_chap, checking if it's valid Fri Feb 26 09:09:12 2016 : Debug: # Loaded module rlm_chap Fri Feb 26 09:09:12 2016 : Debug: # Loading module "chap" from file /etc/freeradius/mods-enabled/chap Fri Feb 26 09:09:12 2016 : Debug: # Loading module "detail" from file /etc/freeradius/mods-enabled/detail Fri Feb 26 09:09:12 2016 : Debug: detail { Fri Feb 26 09:09:12 2016 : Debug: filename = "/var/log/freeradius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/detail-%Y%m%d" Fri Feb 26 09:09:12 2016 : Debug: header = "%t" Fri Feb 26 09:09:12 2016 : Debug: permissions = 384 Fri Feb 26 09:09:12 2016 : Debug: locking = no Fri Feb 26 09:09:12 2016 : Debug: escape_filenames = no Fri Feb 26 09:09:12 2016 : Debug: log_packet_header = no Fri Feb 26 09:09:12 2016 : Debug: } Fri Feb 26 09:09:12 2016 : Debug: Loading library using absolute path "/usr/lib/freeradius/rlm_exec.so" Fri Feb 26 09:09:12 2016 : Debug: Loaded rlm_exec, checking if it's valid Fri Feb 26 09:09:12 2016 : Debug: # Loaded module rlm_exec Fri Feb 26 09:09:12 2016 : Debug: # Loading module "ntlm_auth" from file /etc/freeradius/mods-enabled/ntlm_auth Fri Feb 26 09:09:12 2016 : Debug: exec ntlm_auth { Fri Feb 26 09:09:12 2016 : Debug: wait = yes Fri Feb 26 09:09:12 2016 : Debug: program = "/path/to/ntlm_auth --request-nt-key --domain=MYDOMAIN --username=%{mschap:User-Name} --password=%{User-Password}" Fri Feb 26 09:09:12 2016 : Debug: shell_escape = yes Fri Feb 26 09:09:12 2016 : Debug: } Fri Feb 26 09:09:12 2016 : Debug: Loading library using absolute path "/usr/lib/freeradius/rlm_attr_filter.so" Fri Feb 26 09:09:12 2016 : Debug: Loaded rlm_attr_filter, checking if it's valid Fri Feb 26 09:09:12 2016 : Debug: # Loaded module rlm_attr_filter Fri Feb 26 09:09:12 2016 : Debug: # Loading module "attr_filter.post-proxy" from file /etc/freeradius/mods-enabled/attr_filter Fri Feb 26 09:09:12 2016 : Debug: attr_filter attr_filter.post-proxy { Fri Feb 26 09:09:12 2016 : Debug: filename = "/etc/freeradius/mods-config/attr_filter/post-proxy" Fri Feb 26 09:09:12 2016 : Debug: key = "%{Realm}" Fri Feb 26 09:09:12 2016 : Debug: relaxed = no Fri Feb 26 09:09:12 2016 : Debug: } Fri Feb 26 09:09:12 2016 : Debug: # Loading module "attr_filter.pre-proxy" from file /etc/freeradius/mods-enabled/attr_filter Fri Feb 26 09:09:12 2016 : Debug: attr_filter attr_filter.pre-proxy { Fri Feb 26 09:09:12 2016 : Debug: filename = "/etc/freeradius/mods-config/attr_filter/pre-proxy" Fri Feb 26 09:09:12 2016 : Debug: key = "%{Realm}" Fri Feb 26 09:09:12 2016 : Debug: relaxed = no Fri Feb 26 09:09:12 2016 : Debug: } Fri Feb 26 09:09:12 2016 : Debug: # Loading module "attr_filter.access_reject" from file /etc/freeradius/mods-enabled/attr_filter Fri Feb 26 09:09:12 2016 : Debug: attr_filter attr_filter.access_reject { Fri Feb 26 09:09:12 2016 : Debug: filename = "/etc/freeradius/mods-config/attr_filter/access_reject" Fri Feb 26 09:09:12 2016 : Debug: key = "%{User-Name}" Fri Feb 26 09:09:12 2016 : Debug: relaxed = no Fri Feb 26 09:09:12 2016 : Debug: } Fri Feb 26 09:09:12 2016 : Debug: # Loading module "attr_filter.access_challenge" from file /etc/freeradius/mods-enabled/attr_filter Fri Feb 26 09:09:12 2016 : Debug: attr_filter attr_filter.access_challenge { Fri Feb 26 09:09:12 2016 : Debug: filename = "/etc/freeradius/mods-config/attr_filter/access_challenge" Fri Feb 26 09:09:12 2016 : Debug: key = "%{User-Name}" Fri Feb 26 09:09:12 2016 : Debug: relaxed = no Fri Feb 26 09:09:12 2016 : Debug: } Fri Feb 26 09:09:12 2016 : Debug: # Loading module "attr_filter.accounting_response" from file /etc/freeradius/mods-enabled/attr_filter Fri Feb 26 09:09:12 2016 : Debug: attr_filter attr_filter.accounting_response { Fri Feb 26 09:09:12 2016 : Debug: filename = "/etc/freeradius/mods-config/attr_filter/accounting_response" Fri Feb 26 09:09:12 2016 : Debug: key = "%{User-Name}" Fri Feb 26 09:09:12 2016 : Debug: relaxed = no Fri Feb 26 09:09:12 2016 : Debug: } Fri Feb 26 09:09:12 2016 : Debug: Loading library using absolute path "/usr/lib/freeradius/rlm_preprocess.so" Fri Feb 26 09:09:12 2016 : Debug: Loaded rlm_preprocess, checking if it's valid Fri Feb 26 09:09:12 2016 : Debug: # Loaded module rlm_preprocess Fri Feb 26 09:09:12 2016 : Debug: # Loading module "preprocess" from file /etc/freeradius/mods-enabled/preprocess Fri Feb 26 09:09:12 2016 : Debug: preprocess { Fri Feb 26 09:09:12 2016 : Debug: huntgroups = "/etc/freeradius/mods-config/preprocess/huntgroups" Fri Feb 26 09:09:12 2016 : Debug: hints = "/etc/freeradius/mods-config/preprocess/hints" Fri Feb 26 09:09:12 2016 : Debug: with_ascend_hack = no Fri Feb 26 09:09:12 2016 : Debug: ascend_channels_per_line = 23 Fri Feb 26 09:09:12 2016 : Debug: with_ntdomain_hack = no Fri Feb 26 09:09:12 2016 : Debug: with_specialix_jetstream_hack = no Fri Feb 26 09:09:12 2016 : Debug: with_cisco_vsa_hack = no Fri Feb 26 09:09:12 2016 : Debug: with_alvarion_vsa_hack = no Fri Feb 26 09:09:12 2016 : Debug: } Fri Feb 26 09:09:12 2016 : Debug: Loading library using absolute path "/usr/lib/freeradius/rlm_realm.so" Fri Feb 26 09:09:12 2016 : Debug: Loaded rlm_realm, checking if it's valid Fri Feb 26 09:09:12 2016 : Debug: # Loaded module rlm_realm Fri Feb 26 09:09:12 2016 : Debug: # Loading module "IPASS" from file /etc/freeradius/mods-enabled/realm Fri Feb 26 09:09:12 2016 : Debug: realm IPASS { Fri Feb 26 09:09:12 2016 : Debug: format = "prefix" Fri Feb 26 09:09:12 2016 : Debug: delimiter = "/" Fri Feb 26 09:09:12 2016 : Debug: ignore_default = no Fri Feb 26 09:09:12 2016 : Debug: ignore_null = no Fri Feb 26 09:09:12 2016 : Debug: } Fri Feb 26 09:09:12 2016 : Debug: # Loading module "suffix" from file /etc/freeradius/mods-enabled/realm Fri Feb 26 09:09:12 2016 : Debug: realm suffix { Fri Feb 26 09:09:12 2016 : Debug: format = "suffix" Fri Feb 26 09:09:12 2016 : Debug: delimiter = "@" Fri Feb 26 09:09:12 2016 : Debug: ignore_default = no Fri Feb 26 09:09:12 2016 : Debug: ignore_null = no Fri Feb 26 09:09:12 2016 : Debug: } Fri Feb 26 09:09:12 2016 : Debug: # Loading module "realmpercent" from file /etc/freeradius/mods-enabled/realm Fri Feb 26 09:09:12 2016 : Debug: realm realmpercent { Fri Feb 26 09:09:12 2016 : Debug: format = "suffix" Fri Feb 26 09:09:12 2016 : Debug: delimiter = "%" Fri Feb 26 09:09:12 2016 : Debug: ignore_default = no Fri Feb 26 09:09:12 2016 : Debug: ignore_null = no Fri Feb 26 09:09:12 2016 : Debug: } Fri Feb 26 09:09:12 2016 : Debug: # Loading module "ntdomain" from file /etc/freeradius/mods-enabled/realm Fri Feb 26 09:09:12 2016 : Debug: realm ntdomain { Fri Feb 26 09:09:12 2016 : Debug: format = "prefix" Fri Feb 26 09:09:12 2016 : Debug: delimiter = "\\" Fri Feb 26 09:09:12 2016 : Debug: ignore_default = no Fri Feb 26 09:09:12 2016 : Debug: ignore_null = no Fri Feb 26 09:09:12 2016 : Debug: } Fri Feb 26 09:09:12 2016 : Debug: # Loading module "exec" from file /etc/freeradius/mods-enabled/exec Fri Feb 26 09:09:12 2016 : Debug: exec { Fri Feb 26 09:09:12 2016 : Debug: wait = no Fri Feb 26 09:09:12 2016 : Debug: input_pairs = "request" Fri Feb 26 09:09:12 2016 : Debug: shell_escape = yes Fri Feb 26 09:09:12 2016 : Debug: timeout = 10 Fri Feb 26 09:09:12 2016 : Debug: } Fri Feb 26 09:09:12 2016 : Debug: Loading library using absolute path "/usr/lib/freeradius/rlm_sql.so" Fri Feb 26 09:09:12 2016 : Debug: Loaded rlm_sql, checking if it's valid Fri Feb 26 09:09:12 2016 : Debug: # Loaded module rlm_sql Fri Feb 26 09:09:12 2016 : Debug: # Loading module "sql" from file /etc/freeradius/mods-enabled/sql Fri Feb 26 09:09:12 2016 : Debug: sql { Fri Feb 26 09:09:12 2016 : Debug: driver = "rlm_sql_mysql" Fri Feb 26 09:09:12 2016 : Debug: server = "localhost" Fri Feb 26 09:09:12 2016 : Debug: port = 3306 Fri Feb 26 09:09:12 2016 : Debug: login = "freeradius" Fri Feb 26 09:09:12 2016 : Debug: password = "radius123" Fri Feb 26 09:09:12 2016 : Debug: radius_db = "radius" Fri Feb 26 09:09:12 2016 : Debug: read_groups = yes Fri Feb 26 09:09:12 2016 : Debug: read_profiles = yes Fri Feb 26 09:09:12 2016 : Debug: read_clients = yes Fri Feb 26 09:09:12 2016 : Debug: delete_stale_sessions = yes Fri Feb 26 09:09:12 2016 : Debug: sql_user_name = "%{User-Name}" Fri Feb 26 09:09:12 2016 : Debug: default_user_profile = "" Fri Feb 26 09:09:12 2016 : Debug: client_query = "SELECT id, nasname, shortname, type, secret, server FROM nas" Fri Feb 26 09:09:12 2016 : Debug: authorize_check_query = "SELECT id, username, attribute, value, op FROM radcheck WHERE username = '%{SQL-User-Name}' ORDER BY id" Fri Feb 26 09:09:12 2016 : Debug: authorize_reply_query = "SELECT id, username, attribute, value, op FROM radreply WHERE username = '%{SQL-User-Name}' ORDER BY id" Fri Feb 26 09:09:12 2016 : Debug: authorize_group_check_query = "SELECT id, groupname, attribute, Value, op FROM radgroupcheck WHERE groupname = '%{SQL-Group}' ORDER BY id" Fri Feb 26 09:09:12 2016 : Debug: authorize_group_reply_query = "SELECT id, groupname, attribute, value, op FROM radgroupreply WHERE groupname = '%{SQL-Group}' ORDER BY id" Fri Feb 26 09:09:12 2016 : Debug: group_membership_query = "SELECT groupname FROM radusergroup WHERE username = '%{SQL-User-Name}' ORDER BY priority" Fri Feb 26 09:09:12 2016 : Debug: simul_verify_query = "SELECT radacctid, acctsessionid, username, nasipaddress, nasportid, framedipaddress, callingstationid, framedprotocol FROM radacct WHERE username = '%{SQL-Group}' AND acctstoptime IS NULL" Fri Feb 26 09:09:12 2016 : Debug: safe_characters = "@abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789.-_: /" Fri Feb 26 09:09:12 2016 : Debug: accounting { Fri Feb 26 09:09:12 2016 : Debug: reference = "%{tolower:type.%{Acct-Status-Type}.query}" Fri Feb 26 09:09:12 2016 : Debug: type { Fri Feb 26 09:09:12 2016 : Debug: accounting-on { Fri Feb 26 09:09:12 2016 : Debug: query = "UPDATE radacct SET acctstoptime = %{%{integer:Event-Timestamp}:-date('now')}, acctsessiontime = (%{%{integer:Event-Timestamp}:-strftime('%%s', 'now')} - strftime('%%s', acctstarttime)), acctterminatecause = '%{Acct-Terminate-Cause}' WHERE acctstoptime IS NULL AND nasipaddress = '%{NAS-IP-Address}' AND acctstarttime <= %{integer:Event-Timestamp}" Fri Feb 26 09:09:12 2016 : Debug: } Fri Feb 26 09:09:12 2016 : Debug: accounting-off { Fri Feb 26 09:09:12 2016 : Debug: query = "UPDATE radacct SET acctstoptime = %{%{integer:Event-Timestamp}:-date('now')}, acctsessiontime = (%{%{integer:Event-Timestamp}:-strftime('%%s', 'now')} - strftime('%%s', acctstarttime)), acctterminatecause = '%{Acct-Terminate-Cause}' WHERE acctstoptime IS NULL AND nasipaddress = '%{NAS-IP-Address}' AND acctstarttime <= %{integer:Event-Timestamp}" Fri Feb 26 09:09:12 2016 : Debug: } Fri Feb 26 09:09:12 2016 : Debug: start { Fri Feb 26 09:09:12 2016 : Debug: query = "INSERT INTO radacct (acctsessionid, acctuniqueid, username, realm, nasipaddress, nasportid, nasporttype, acctstarttime, acctupdatetime, acctstoptime, acctsessiontime, acctauthentic, connectinfo_start, connectinfo_stop, acctinputoctets, acctoutputoctets, calledstationid, callingstationid, acctterminatecause, servicetype, framedprotocol, framedipaddress) VALUES ('%{Acct-Session-Id}', '%{Acct-Unique-Session-Id}', '%{SQL-User-Name}', '%{Realm}', '%{NAS-IP-Address}', '%{%{NAS-Port-ID}:-%{NAS-Port}}', '%{NAS-Port-Type}', %{%{integer:Event-Timestamp}:-date('now')}, %{%{integer:Event-Timestamp}:-date('now')}, NULL, '0', '%{Acct-Authentic}', '%{Connect-Info}', '', '0', '0', '%{Called-Station-Id}', '%{Calling-Station-Id}', '', '%{Service-Type}', '%{Framed-Protocol}', '%{Framed-IP-Address}')" Fri Feb 26 09:09:12 2016 : Debug: } Fri Feb 26 09:09:12 2016 : Debug: interim-update { Fri Feb 26 09:09:12 2016 : Debug: query = "UPDATE radacct SET acctupdatetime = %{%{integer:Event-Timestamp}:-date('now')}, acctinterval = 0, framedipaddress = '%{Framed-IP-Address}', acctsessiontime = %{%{Acct-Session-Time}:-NULL}, acctinputoctets = %{%{Acct-Input-Gigawords}:-0} << 32 | %{%{Acct-Input-Octets}:-0}, acctoutputoctets = %{%{Acct-Output-Gigawords}:-0} << 32 | %{%{Acct-Output-Octets}:-0} WHERE AcctUniqueId = '%{Acct-Unique-Session-Id}'" Fri Feb 26 09:09:12 2016 : Debug: } Fri Feb 26 09:09:12 2016 : Debug: stop { Fri Feb 26 09:09:12 2016 : Debug: query = "UPDATE radacct SET acctstoptime = %{%{integer:Event-Timestamp}:-date('now')}, acctsessiontime = %{%{Acct-Session-Time}:-NULL}, acctinputoctets = %{%{Acct-Input-Gigawords}:-0} << 32 | %{%{Acct-Input-Octets}:-0}, acctoutputoctets = %{%{Acct-Output-Gigawords}:-0} << 32 | %{%{Acct-Output-Octets}:-0}, acctterminatecause = '%{Acct-Terminate-Cause}', connectinfo_stop = '%{Connect-Info}' WHERE AcctUniqueId = '%{Acct-Unique-Session-Id}'" Fri Feb 26 09:09:12 2016 : Debug: } Fri Feb 26 09:09:12 2016 : Debug: } Fri Feb 26 09:09:12 2016 : Debug: } Fri Feb 26 09:09:12 2016 : Debug: post-auth { Fri Feb 26 09:09:12 2016 : Debug: reference = ".query" Fri Feb 26 09:09:12 2016 : Debug: query = "INSERT INTO radpostauth (username, pass, reply, authdate) VALUES ( '%{SQL-User-Name}', '%{%{User-Password}:-%{Chap-Password}}', '%{reply:Packet-Type}', '%S')" Fri Feb 26 09:09:12 2016 : Debug: } Fri Feb 26 09:09:12 2016 : Debug: } Fri Feb 26 09:09:12 2016 : Debug: Loading library using absolute path "/usr/lib/freeradius/rlm_sql_mysql.so" Fri Feb 26 09:09:12 2016 : Info: rlm_sql (sql): Driver rlm_sql_mysql (module rlm_sql_mysql) loaded and linked Fri Feb 26 09:09:12 2016 : Debug: Creating attribute SQL-Group Fri Feb 26 09:09:12 2016 : Debug: Loading library using absolute path "/usr/lib/freeradius/rlm_logintime.so" Fri Feb 26 09:09:12 2016 : Debug: Loaded rlm_logintime, checking if it's valid Fri Feb 26 09:09:12 2016 : Debug: # Loaded module rlm_logintime Fri Feb 26 09:09:12 2016 : Debug: # Loading module "logintime" from file /etc/freeradius/mods-enabled/logintime Fri Feb 26 09:09:12 2016 : Debug: logintime { Fri Feb 26 09:09:12 2016 : Debug: minimum_timeout = 60 Fri Feb 26 09:09:12 2016 : Debug: } Fri Feb 26 09:09:12 2016 : Debug: Loading library using absolute path "/usr/lib/freeradius/rlm_radutmp.so" Fri Feb 26 09:09:12 2016 : Debug: Loaded rlm_radutmp, checking if it's valid Fri Feb 26 09:09:12 2016 : Debug: # Loaded module rlm_radutmp Fri Feb 26 09:09:12 2016 : Debug: # Loading module "sradutmp" from file /etc/freeradius/mods-enabled/sradutmp Fri Feb 26 09:09:12 2016 : Debug: radutmp sradutmp { Fri Feb 26 09:09:12 2016 : Debug: filename = "/var/log/freeradius/sradutmp" Fri Feb 26 09:09:12 2016 : Debug: username = "%{User-Name}" Fri Feb 26 09:09:12 2016 : Debug: case_sensitive = yes Fri Feb 26 09:09:12 2016 : Debug: check_with_nas = yes Fri Feb 26 09:09:12 2016 : Debug: permissions = 420 Fri Feb 26 09:09:12 2016 : Debug: caller_id = no Fri Feb 26 09:09:12 2016 : Debug: } Fri Feb 26 09:09:12 2016 : Debug: Loading library using absolute path "/usr/lib/freeradius/rlm_digest.so" Fri Feb 26 09:09:12 2016 : Debug: Loaded rlm_digest, checking if it's valid Fri Feb 26 09:09:12 2016 : Debug: # Loaded module rlm_digest Fri Feb 26 09:09:12 2016 : Debug: # Loading module "digest" from file /etc/freeradius/mods-enabled/digest Fri Feb 26 09:09:12 2016 : Debug: # Loading module "radutmp" from file /etc/freeradius/mods-enabled/radutmp Fri Feb 26 09:09:12 2016 : Debug: radutmp { Fri Feb 26 09:09:12 2016 : Debug: filename = "/var/log/freeradius/radutmp" Fri Feb 26 09:09:12 2016 : Debug: username = "%{User-Name}" Fri Feb 26 09:09:12 2016 : Debug: case_sensitive = yes Fri Feb 26 09:09:12 2016 : Debug: check_with_nas = yes Fri Feb 26 09:09:12 2016 : Debug: permissions = 384 Fri Feb 26 09:09:12 2016 : Debug: caller_id = yes Fri Feb 26 09:09:12 2016 : Debug: } Fri Feb 26 09:09:12 2016 : Debug: Loading library using absolute path "/usr/lib/freeradius/rlm_eap.so" Fri Feb 26 09:09:12 2016 : Debug: Loaded rlm_eap, checking if it's valid Fri Feb 26 09:09:12 2016 : Debug: # Loaded module rlm_eap Fri Feb 26 09:09:12 2016 : Debug: # Loading module "eap" from file /etc/freeradius/mods-enabled/eap Fri Feb 26 09:09:12 2016 : Debug: eap { Fri Feb 26 09:09:12 2016 : Debug: default_eap_type = "md5" Fri Feb 26 09:09:12 2016 : Debug: timer_expire = 60 Fri Feb 26 09:09:12 2016 : Debug: ignore_unknown_eap_types = no Fri Feb 26 09:09:12 2016 : Debug: cisco_accounting_username_bug = no Fri Feb 26 09:09:12 2016 : Debug: max_sessions = 16384 Fri Feb 26 09:09:12 2016 : Debug: } Fri Feb 26 09:09:12 2016 : Debug: Loading library using absolute path "/usr/lib/freeradius/rlm_pap.so" Fri Feb 26 09:09:12 2016 : Debug: Loaded rlm_pap, checking if it's valid Fri Feb 26 09:09:12 2016 : Debug: # Loaded module rlm_pap Fri Feb 26 09:09:12 2016 : Debug: # Loading module "pap" from file /etc/freeradius/mods-enabled/pap Fri Feb 26 09:09:12 2016 : Debug: pap { Fri Feb 26 09:09:12 2016 : Debug: normalise = yes Fri Feb 26 09:09:12 2016 : Debug: } Fri Feb 26 09:09:12 2016 : Debug: Loading library using absolute path "/usr/lib/freeradius/rlm_expiration.so" Fri Feb 26 09:09:12 2016 : Debug: Loaded rlm_expiration, checking if it's valid Fri Feb 26 09:09:12 2016 : Debug: # Loaded module rlm_expiration Fri Feb 26 09:09:12 2016 : Debug: # Loading module "expiration" from file /etc/freeradius/mods-enabled/expiration Fri Feb 26 09:09:12 2016 : Debug: # Loading module "echo" from file /etc/freeradius/mods-enabled/echo Fri Feb 26 09:09:12 2016 : Debug: exec echo { Fri Feb 26 09:09:12 2016 : Debug: wait = yes Fri Feb 26 09:09:12 2016 : Debug: program = "/bin/echo %{User-Name}" Fri Feb 26 09:09:12 2016 : Debug: input_pairs = "request" Fri Feb 26 09:09:12 2016 : Debug: output_pairs = "reply" Fri Feb 26 09:09:12 2016 : Debug: shell_escape = yes Fri Feb 26 09:09:12 2016 : Debug: } Fri Feb 26 09:09:12 2016 : Debug: instantiate { Fri Feb 26 09:09:12 2016 : Debug: } Fri Feb 26 09:09:12 2016 : Debug: modules { Fri Feb 26 09:09:12 2016 : Debug: # Instantiating module "linelog" from file /etc/freeradius/mods-enabled/linelog Fri Feb 26 09:09:12 2016 : Debug: # Instantiating module "log_accounting" from file /etc/freeradius/mods-enabled/linelog Fri Feb 26 09:09:12 2016 : Debug: # Instantiating module "etc_passwd" from file /etc/freeradius/mods-enabled/passwd Fri Feb 26 09:09:12 2016 : Debug: rlm_passwd: nfields: 3 keyfield 0(User-Name) listable: no Fri Feb 26 09:09:12 2016 : Debug: # Instantiating module "mschap" from file /etc/freeradius/mods-enabled/mschap Fri Feb 26 09:09:12 2016 : Debug: rlm_mschap (mschap): using internal authentication Fri Feb 26 09:09:12 2016 : Debug: # Instantiating module "cache_eap" from file /etc/freeradius/mods-enabled/cache_eap Fri Feb 26 09:09:12 2016 : Debug: Loading library using absolute path "/usr/lib/freeradius/rlm_cache_rbtree.so" Fri Feb 26 09:09:12 2016 : Debug: rlm_cache (cache_eap): Driver rlm_cache_rbtree (module rlm_cache_rbtree) loaded and linked Fri Feb 26 09:09:12 2016 : Debug: # Instantiating module "files" from file /etc/freeradius/mods-enabled/files Fri Feb 26 09:09:12 2016 : Debug: reading pairlist file /etc/freeradius/mods-config/files/authorize Fri Feb 26 09:09:12 2016 : Debug: reading pairlist file /etc/freeradius/mods-config/files/accounting Fri Feb 26 09:09:12 2016 : Debug: reading pairlist file /etc/freeradius/mods-config/files/pre-proxy Fri Feb 26 09:09:12 2016 : Debug: # Instantiating module "auth_log" from file /etc/freeradius/mods-enabled/detail.log Fri Feb 26 09:09:12 2016 : Debug: rlm_detail (auth_log): 'User-Password' suppressed, will not appear in detail output Fri Feb 26 09:09:12 2016 : Debug: # Instantiating module "reply_log" from file /etc/freeradius/mods-enabled/detail.log Fri Feb 26 09:09:12 2016 : Debug: # Instantiating module "pre_proxy_log" from file /etc/freeradius/mods-enabled/detail.log Fri Feb 26 09:09:12 2016 : Debug: # Instantiating module "post_proxy_log" from file /etc/freeradius/mods-enabled/detail.log Fri Feb 26 09:09:12 2016 : Debug: # Instantiating module "reject" from file /etc/freeradius/mods-enabled/always Fri Feb 26 09:09:12 2016 : Debug: # Instantiating module "fail" from file /etc/freeradius/mods-enabled/always Fri Feb 26 09:09:12 2016 : Debug: # Instantiating module "ok" from file /etc/freeradius/mods-enabled/always Fri Feb 26 09:09:12 2016 : Debug: # Instantiating module "handled" from file /etc/freeradius/mods-enabled/always Fri Feb 26 09:09:12 2016 : Debug: # Instantiating module "invalid" from file /etc/freeradius/mods-enabled/always Fri Feb 26 09:09:12 2016 : Debug: # Instantiating module "userlock" from file /etc/freeradius/mods-enabled/always Fri Feb 26 09:09:12 2016 : Debug: # Instantiating module "notfound" from file /etc/freeradius/mods-enabled/always Fri Feb 26 09:09:12 2016 : Debug: # Instantiating module "noop" from file /etc/freeradius/mods-enabled/always Fri Feb 26 09:09:12 2016 : Debug: # Instantiating module "updated" from file /etc/freeradius/mods-enabled/always Fri Feb 26 09:09:12 2016 : Debug: # Instantiating module "detail" from file /etc/freeradius/mods-enabled/detail Fri Feb 26 09:09:12 2016 : Debug: # Instantiating module "attr_filter.post-proxy" from file /etc/freeradius/mods-enabled/attr_filter Fri Feb 26 09:09:12 2016 : Debug: reading pairlist file /etc/freeradius/mods-config/attr_filter/post-proxy Fri Feb 26 09:09:12 2016 : Debug: # Instantiating module "attr_filter.pre-proxy" from file /etc/freeradius/mods-enabled/attr_filter Fri Feb 26 09:09:12 2016 : Debug: reading pairlist file /etc/freeradius/mods-config/attr_filter/pre-proxy Fri Feb 26 09:09:12 2016 : Debug: # Instantiating module "attr_filter.access_reject" from file /etc/freeradius/mods-enabled/attr_filter Fri Feb 26 09:09:12 2016 : Debug: reading pairlist file /etc/freeradius/mods-config/attr_filter/access_reject Fri Feb 26 09:09:12 2016 : Warning: [/etc/freeradius/mods-config/attr_filter/access_reject]:11 Check item "FreeRADIUS-Response-Delay" found in filter list for realm "DEFAULT". Fri Feb 26 09:09:12 2016 : Warning: [/etc/freeradius/mods-config/attr_filter/access_reject]:11 Check item "FreeRADIUS-Response-Delay-USec" found in filter list for realm "DEFAULT". Fri Feb 26 09:09:12 2016 : Debug: # Instantiating module "attr_filter.access_challenge" from file /etc/freeradius/mods-enabled/attr_filter Fri Feb 26 09:09:12 2016 : Debug: reading pairlist file /etc/freeradius/mods-config/attr_filter/access_challenge Fri Feb 26 09:09:12 2016 : Debug: # Instantiating module "attr_filter.accounting_response" from file /etc/freeradius/mods-enabled/attr_filter Fri Feb 26 09:09:12 2016 : Debug: reading pairlist file /etc/freeradius/mods-config/attr_filter/accounting_response Fri Feb 26 09:09:12 2016 : Debug: # Instantiating module "preprocess" from file /etc/freeradius/mods-enabled/preprocess Fri Feb 26 09:09:12 2016 : Debug: reading pairlist file /etc/freeradius/mods-config/preprocess/huntgroups Fri Feb 26 09:09:12 2016 : Debug: reading pairlist file /etc/freeradius/mods-config/preprocess/hints Fri Feb 26 09:09:12 2016 : Debug: # Instantiating module "IPASS" from file /etc/freeradius/mods-enabled/realm Fri Feb 26 09:09:12 2016 : Debug: # Instantiating module "suffix" from file /etc/freeradius/mods-enabled/realm Fri Feb 26 09:09:12 2016 : Debug: # Instantiating module "realmpercent" from file /etc/freeradius/mods-enabled/realm Fri Feb 26 09:09:12 2016 : Debug: # Instantiating module "ntdomain" from file /etc/freeradius/mods-enabled/realm Fri Feb 26 09:09:12 2016 : Debug: # Instantiating module "sql" from file /etc/freeradius/mods-enabled/sql Fri Feb 26 09:09:12 2016 : Info: rlm_sql_mysql: libmysql version: 5.5.47 Fri Feb 26 09:09:12 2016 : Debug: mysql { Fri Feb 26 09:09:12 2016 : Debug: tls { Fri Feb 26 09:09:12 2016 : Debug: } Fri Feb 26 09:09:12 2016 : Debug: warnings = "auto" Fri Feb 26 09:09:12 2016 : Debug: } Fri Feb 26 09:09:12 2016 : Info: rlm_sql (sql): Attempting to connect to database "radius" Fri Feb 26 09:09:12 2016 : Debug: rlm_sql (sql): Using local pool section Fri Feb 26 09:09:12 2016 : Debug: rlm_sql (sql): No pool reference found for config item "sql.pool" Fri Feb 26 09:09:12 2016 : Debug: rlm_sql (sql): Initialising connection pool Fri Feb 26 09:09:12 2016 : Debug: pool { Fri Feb 26 09:09:12 2016 : Debug: start = 5 Fri Feb 26 09:09:12 2016 : Debug: min = 3 Fri Feb 26 09:09:12 2016 : Debug: max = 32 Fri Feb 26 09:09:12 2016 : Debug: spare = 10 Fri Feb 26 09:09:12 2016 : Debug: uses = 0 Fri Feb 26 09:09:12 2016 : Debug: lifetime = 0 Fri Feb 26 09:09:12 2016 : Debug: cleanup_interval = 30 Fri Feb 26 09:09:12 2016 : Debug: idle_timeout = 60 Fri Feb 26 09:09:12 2016 : Debug: retry_delay = 30 Fri Feb 26 09:09:12 2016 : Debug: spread = no Fri Feb 26 09:09:12 2016 : Debug: } Fri Feb 26 09:09:12 2016 : Info: rlm_sql (sql): Opening additional connection (0), 1 of 32 pending slots used Fri Feb 26 09:09:12 2016 : Debug: rlm_sql_mysql: Starting connect to MySQL server Fri Feb 26 09:09:12 2016 : Debug: rlm_sql_mysql: Connected to database 'radius' on Localhost via UNIX socket, server version 5.5.47-0ubuntu0.14.04.1, protocol version 10 Fri Feb 26 09:09:12 2016 : Info: rlm_sql (sql): Opening additional connection (1), 1 of 31 pending slots used Fri Feb 26 09:09:12 2016 : Debug: rlm_sql_mysql: Starting connect to MySQL server Fri Feb 26 09:09:12 2016 : Debug: rlm_sql_mysql: Connected to database 'radius' on Localhost via UNIX socket, server version 5.5.47-0ubuntu0.14.04.1, protocol version 10 Fri Feb 26 09:09:12 2016 : Info: rlm_sql (sql): Opening additional connection (2), 1 of 30 pending slots used Fri Feb 26 09:09:12 2016 : Debug: rlm_sql_mysql: Starting connect to MySQL server Fri Feb 26 09:09:12 2016 : Debug: rlm_sql_mysql: Connected to database 'radius' on Localhost via UNIX socket, server version 5.5.47-0ubuntu0.14.04.1, protocol version 10 Fri Feb 26 09:09:12 2016 : Info: rlm_sql (sql): Opening additional connection (3), 1 of 29 pending slots used Fri Feb 26 09:09:12 2016 : Debug: rlm_sql_mysql: Starting connect to MySQL server Fri Feb 26 09:09:12 2016 : Debug: rlm_sql_mysql: Connected to database 'radius' on Localhost via UNIX socket, server version 5.5.47-0ubuntu0.14.04.1, protocol version 10 Fri Feb 26 09:09:12 2016 : Info: rlm_sql (sql): Opening additional connection (4), 1 of 28 pending slots used Fri Feb 26 09:09:12 2016 : Debug: rlm_sql_mysql: Starting connect to MySQL server Fri Feb 26 09:09:12 2016 : Debug: rlm_sql_mysql: Connected to database 'radius' on Localhost via UNIX socket, server version 5.5.47-0ubuntu0.14.04.1, protocol version 10 Fri Feb 26 09:09:12 2016 : Debug: rlm_sql (sql): Adding pool reference 0x1e41e70 to config item "sql.pool" Fri Feb 26 09:09:12 2016 : Debug: rlm_sql (sql): Processing generate_sql_clients Fri Feb 26 09:09:12 2016 : Debug: rlm_sql (sql) in generate_sql_clients: query is SELECT id, nasname, shortname, type, secret, server FROM nas Fri Feb 26 09:09:12 2016 : Debug: rlm_sql (sql): Reserved connection (0) Fri Feb 26 09:09:12 2016 : Debug: rlm_sql (sql): Executing select query: SELECT id, nasname, shortname, type, secret, server FROM nas Fri Feb 26 09:09:12 2016 : Debug: rlm_sql (sql): Adding client 192.168.6.0/24 () to global clients list Fri Feb 26 09:09:12 2016 : Debug: Adding client 192.168.6.0/24 (192.168.6.0) to prefix tree 24 Fri Feb 26 09:09:12 2016 : Debug: rlm_sql (192.168.6.0): Client "" (sql) added Fri Feb 26 09:09:12 2016 : Debug: rlm_sql (sql): Released connection (0) Fri Feb 26 09:09:12 2016 : Info: rlm_sql (sql): Need 5 more connections to reach 10 spares Fri Feb 26 09:09:12 2016 : Info: rlm_sql (sql): Opening additional connection (5), 1 of 27 pending slots used Fri Feb 26 09:09:12 2016 : Debug: rlm_sql_mysql: Starting connect to MySQL server Fri Feb 26 09:09:12 2016 : Debug: rlm_sql_mysql: Connected to database 'radius' on Localhost via UNIX socket, server version 5.5.47-0ubuntu0.14.04.1, protocol version 10 Fri Feb 26 09:09:12 2016 : Debug: # Instantiating module "logintime" from file /etc/freeradius/mods-enabled/logintime Fri Feb 26 09:09:12 2016 : Debug: # Instantiating module "eap" from file /etc/freeradius/mods-enabled/eap Fri Feb 26 09:09:12 2016 : Debug: Loading library using absolute path "/usr/lib/freeradius/rlm_eap_md5.so" Fri Feb 26 09:09:12 2016 : Debug: # Linked to sub-module rlm_eap_md5 Fri Feb 26 09:09:12 2016 : Debug: Loading library using absolute path "/usr/lib/freeradius/rlm_eap_leap.so" Fri Feb 26 09:09:12 2016 : Debug: # Linked to sub-module rlm_eap_leap Fri Feb 26 09:09:12 2016 : Debug: Loading library using absolute path "/usr/lib/freeradius/rlm_eap_gtc.so" Fri Feb 26 09:09:12 2016 : Debug: # Linked to sub-module rlm_eap_gtc Fri Feb 26 09:09:12 2016 : Debug: gtc { Fri Feb 26 09:09:12 2016 : Debug: challenge = "Password: " Fri Feb 26 09:09:12 2016 : Debug: auth_type = "PAP" Fri Feb 26 09:09:12 2016 : Debug: } Fri Feb 26 09:09:12 2016 : Debug: Loading library using absolute path "/usr/lib/freeradius/rlm_eap_tls.so" Fri Feb 26 09:09:12 2016 : Debug: # Linked to sub-module rlm_eap_tls Fri Feb 26 09:09:12 2016 : Debug: tls { Fri Feb 26 09:09:12 2016 : Debug: tls = "tls-common" Fri Feb 26 09:09:12 2016 : Debug: } Fri Feb 26 09:09:12 2016 : Debug: tls-config tls-common { Fri Feb 26 09:09:12 2016 : Debug: rsa_key_exchange = no Fri Feb 26 09:09:12 2016 : Debug: dh_key_exchange = yes Fri Feb 26 09:09:12 2016 : Debug: rsa_key_length = 512 Fri Feb 26 09:09:12 2016 : Debug: dh_key_length = 512 Fri Feb 26 09:09:12 2016 : Debug: verify_depth = 0 Fri Feb 26 09:09:12 2016 : Debug: ca_path = "/etc/freeradius/certs" Fri Feb 26 09:09:12 2016 : Debug: pem_file_type = yes Fri Feb 26 09:09:12 2016 : Debug: private_key_file = "/etc/freeradius/certs/server.pem" Fri Feb 26 09:09:12 2016 : Debug: certificate_file = "/etc/freeradius/certs/server.pem" Fri Feb 26 09:09:12 2016 : Debug: ca_file = "/etc/freeradius/certs/ca.pem" Fri Feb 26 09:09:12 2016 : Debug: private_key_password = "whatever" Fri Feb 26 09:09:12 2016 : Debug: dh_file = "/etc/freeradius/certs/dh" Fri Feb 26 09:09:12 2016 : Debug: fragment_size = 1024 Fri Feb 26 09:09:12 2016 : Debug: include_length = yes Fri Feb 26 09:09:12 2016 : Debug: check_crl = no Fri Feb 26 09:09:12 2016 : Debug: check_all_crl = no Fri Feb 26 09:09:12 2016 : Debug: cipher_list = "DEFAULT" Fri Feb 26 09:09:12 2016 : Debug: ecdh_curve = "prime256v1" Fri Feb 26 09:09:12 2016 : Debug: cache { Fri Feb 26 09:09:12 2016 : Debug: enable = yes Fri Feb 26 09:09:12 2016 : Debug: lifetime = 24 Fri Feb 26 09:09:12 2016 : Debug: max_entries = 255 Fri Feb 26 09:09:12 2016 : Debug: } Fri Feb 26 09:09:12 2016 : Debug: verify { Fri Feb 26 09:09:12 2016 : Debug: } Fri Feb 26 09:09:12 2016 : Debug: ocsp { Fri Feb 26 09:09:12 2016 : Debug: enable = no Fri Feb 26 09:09:12 2016 : Debug: override_cert_url = yes Fri Feb 26 09:09:12 2016 : Debug: url = "http://127.0.0.1/ocsp/" Fri Feb 26 09:09:12 2016 : Debug: use_nonce = yes Fri Feb 26 09:09:12 2016 : Debug: timeout = 0 Fri Feb 26 09:09:12 2016 : Debug: softfail = no Fri Feb 26 09:09:12 2016 : Debug: } Fri Feb 26 09:09:12 2016 : Debug: } Fri Feb 26 09:09:12 2016 : Debug: Loading library using absolute path "/usr/lib/freeradius/rlm_eap_ttls.so" Fri Feb 26 09:09:12 2016 : Debug: # Linked to sub-module rlm_eap_ttls Fri Feb 26 09:09:12 2016 : Debug: ttls { Fri Feb 26 09:09:12 2016 : Debug: tls = "tls-common" Fri Feb 26 09:09:12 2016 : Debug: default_eap_type = "md5" Fri Feb 26 09:09:12 2016 : Debug: copy_request_to_tunnel = no Fri Feb 26 09:09:12 2016 : Debug: use_tunneled_reply = yes Fri Feb 26 09:09:12 2016 : Debug: virtual_server = "inner-tunnel" Fri Feb 26 09:09:12 2016 : Debug: include_length = yes Fri Feb 26 09:09:12 2016 : Debug: require_client_cert = no Fri Feb 26 09:09:12 2016 : Debug: } Fri Feb 26 09:09:12 2016 : Debug: tls: Using cached TLS configuration from previous invocation Fri Feb 26 09:09:12 2016 : Debug: Loading library using absolute path "/usr/lib/freeradius/rlm_eap_peap.so" Fri Feb 26 09:09:12 2016 : Debug: # Linked to sub-module rlm_eap_peap Fri Feb 26 09:09:12 2016 : Debug: peap { Fri Feb 26 09:09:12 2016 : Debug: tls = "tls-common" Fri Feb 26 09:09:12 2016 : Debug: default_eap_type = "mschapv2" Fri Feb 26 09:09:12 2016 : Debug: copy_request_to_tunnel = yes Fri Feb 26 09:09:12 2016 : Debug: use_tunneled_reply = yes Fri Feb 26 09:09:12 2016 : Debug: proxy_tunneled_request_as_eap = yes Fri Feb 26 09:09:12 2016 : Debug: virtual_server = "inner-tunnel" Fri Feb 26 09:09:12 2016 : Debug: soh = no Fri Feb 26 09:09:12 2016 : Debug: require_client_cert = no Fri Feb 26 09:09:12 2016 : Debug: } Fri Feb 26 09:09:12 2016 : Debug: tls: Using cached TLS configuration from previous invocation Fri Feb 26 09:09:12 2016 : Debug: Loading library using absolute path "/usr/lib/freeradius/rlm_eap_mschapv2.so" Fri Feb 26 09:09:12 2016 : Debug: # Linked to sub-module rlm_eap_mschapv2 Fri Feb 26 09:09:12 2016 : Debug: mschapv2 { Fri Feb 26 09:09:12 2016 : Debug: with_ntdomain_hack = no Fri Feb 26 09:09:12 2016 : Debug: send_error = no Fri Feb 26 09:09:12 2016 : Debug: } Fri Feb 26 09:09:12 2016 : Debug: # Instantiating module "pap" from file /etc/freeradius/mods-enabled/pap Fri Feb 26 09:09:12 2016 : Debug: # Instantiating module "expiration" from file /etc/freeradius/mods-enabled/expiration Fri Feb 26 09:09:12 2016 : Debug: } # modules Fri Feb 26 09:09:12 2016 : Debug: radiusd: #### Loading Virtual Servers #### Fri Feb 26 09:09:12 2016 : Debug: server { # from file /etc/freeradius/radiusd.conf Fri Feb 26 09:09:12 2016 : Debug: } # server Fri Feb 26 09:09:12 2016 : Debug: server default { # from file /etc/freeradius/sites-enabled/default Fri Feb 26 09:09:12 2016 : Debug: authenticate { Fri Feb 26 09:09:12 2016 : Debug: group { Fri Feb 26 09:09:12 2016 : Debug: pap Fri Feb 26 09:09:12 2016 : Debug: } Fri Feb 26 09:09:12 2016 : Debug: group { Fri Feb 26 09:09:12 2016 : Debug: chap Fri Feb 26 09:09:12 2016 : Debug: } Fri Feb 26 09:09:12 2016 : Debug: group { Fri Feb 26 09:09:12 2016 : Debug: mschap Fri Feb 26 09:09:12 2016 : Debug: } Fri Feb 26 09:09:12 2016 : Debug: digest Fri Feb 26 09:09:12 2016 : Debug: eap Fri Feb 26 09:09:12 2016 : Debug: } # authenticate Fri Feb 26 09:09:12 2016 : Debug: authorize { Fri Feb 26 09:09:12 2016 : Debug: preprocess Fri Feb 26 09:09:12 2016 : Debug: chap Fri Feb 26 09:09:12 2016 : Debug: mschap Fri Feb 26 09:09:12 2016 : Debug: digest Fri Feb 26 09:09:12 2016 : Debug: suffix Fri Feb 26 09:09:12 2016 : Debug: eap Fri Feb 26 09:09:12 2016 : Debug: sql Fri Feb 26 09:09:12 2016 : Warning: Ignoring "ldap" (see raddb/mods-available/README.rst) Fri Feb 26 09:09:12 2016 : Debug: expiration Fri Feb 26 09:09:12 2016 : Debug: logintime Fri Feb 26 09:09:12 2016 : Debug: pap Fri Feb 26 09:09:12 2016 : Debug: } # authorize Fri Feb 26 09:09:12 2016 : Debug: preacct { Fri Feb 26 09:09:12 2016 : Debug: preprocess Fri Feb 26 09:09:12 2016 : Debug: policy acct_unique { Fri Feb 26 09:09:12 2016 : Debug: if ("%{string:Class}" =~ /ai:([0-9a-f]{32})/) { Fri Feb 26 09:09:12 2016 : Debug: update { Fri Feb 26 09:09:12 2016 : Debug: &Acct-Unique-Session-Id := "%{md5:%{1},%{Acct-Session-ID}}" Fri Feb 26 09:09:12 2016 : Debug: } Fri Feb 26 09:09:12 2016 : Debug: } Fri Feb 26 09:09:12 2016 : Debug: else { Fri Feb 26 09:09:12 2016 : Debug: update { Fri Feb 26 09:09:12 2016 : Debug: &Acct-Unique-Session-Id := "%{md5:%{User-Name},%{Acct-Session-ID},%{%{NAS-IPv6-Address}:-%{NAS-IP-Address}},%{NAS-Identifier},%{NAS-Port-ID},%{NAS-Port}}" Fri Feb 26 09:09:12 2016 : Debug: } Fri Feb 26 09:09:12 2016 : Debug: } Fri Feb 26 09:09:12 2016 : Debug: } Fri Feb 26 09:09:12 2016 : Debug: suffix Fri Feb 26 09:09:12 2016 : Debug: } # preacct Fri Feb 26 09:09:12 2016 : Debug: accounting { Fri Feb 26 09:09:12 2016 : Debug: detail Fri Feb 26 09:09:12 2016 : Debug: unix Fri Feb 26 09:09:12 2016 : Debug: radutmp Fri Feb 26 09:09:12 2016 : Debug: sql Fri Feb 26 09:09:12 2016 : Debug: exec Fri Feb 26 09:09:12 2016 : Debug: attr_filter.accounting_response Fri Feb 26 09:09:12 2016 : Debug: } # accounting Fri Feb 26 09:09:12 2016 : Debug: session { Fri Feb 26 09:09:12 2016 : Debug: radutmp Fri Feb 26 09:09:12 2016 : Debug: sql Fri Feb 26 09:09:12 2016 : Debug: } # session Fri Feb 26 09:09:12 2016 : Debug: post-proxy { Fri Feb 26 09:09:12 2016 : Debug: eap Fri Feb 26 09:09:12 2016 : Debug: } # post-proxy Fri Feb 26 09:09:12 2016 : Debug: post-auth { Fri Feb 26 09:09:12 2016 : Debug: update { Fri Feb 26 09:09:12 2016 : Debug: &reply[*] += &session-state[*] Fri Feb 26 09:09:12 2016 : Debug: } Fri Feb 26 09:09:12 2016 : Debug: sql Fri Feb 26 09:09:12 2016 : Debug: exec Fri Feb 26 09:09:12 2016 : Debug: group { Fri Feb 26 09:09:12 2016 : Debug: sql Fri Feb 26 09:09:12 2016 : Debug: attr_filter.access_reject Fri Feb 26 09:09:12 2016 : Debug: eap Fri Feb 26 09:09:12 2016 : Debug: policy remove_reply_message_if_eap { Fri Feb 26 09:09:12 2016 : Debug: if (&reply:EAP-Message && &reply:Reply-Message) { Fri Feb 26 09:09:12 2016 : Debug: update { Fri Feb 26 09:09:12 2016 : Debug: &reply:Reply-Message !* ANY Fri Feb 26 09:09:12 2016 : Debug: } Fri Feb 26 09:09:12 2016 : Debug: } Fri Feb 26 09:09:12 2016 : Debug: else { Fri Feb 26 09:09:12 2016 : Debug: noop Fri Feb 26 09:09:12 2016 : Debug: } Fri Feb 26 09:09:12 2016 : Debug: } Fri Feb 26 09:09:12 2016 : Debug: } Fri Feb 26 09:09:12 2016 : Debug: } # post-auth Fri Feb 26 09:09:12 2016 : Debug: } # server default Fri Feb 26 09:09:12 2016 : Debug: server inner-tunnel { # from file /etc/freeradius/sites-enabled/inner-tunnel Fri Feb 26 09:09:12 2016 : Debug: authenticate { Fri Feb 26 09:09:12 2016 : Debug: group { Fri Feb 26 09:09:12 2016 : Debug: pap Fri Feb 26 09:09:12 2016 : Debug: } Fri Feb 26 09:09:12 2016 : Debug: group { Fri Feb 26 09:09:12 2016 : Debug: chap Fri Feb 26 09:09:12 2016 : Debug: } Fri Feb 26 09:09:12 2016 : Debug: group { Fri Feb 26 09:09:12 2016 : Debug: mschap Fri Feb 26 09:09:12 2016 : Debug: } Fri Feb 26 09:09:12 2016 : Debug: eap Fri Feb 26 09:09:12 2016 : Debug: } # authenticate Fri Feb 26 09:09:12 2016 : Debug: authorize { Fri Feb 26 09:09:12 2016 : Debug: chap Fri Feb 26 09:09:12 2016 : Debug: mschap Fri Feb 26 09:09:12 2016 : Debug: suffix Fri Feb 26 09:09:12 2016 : Debug: update { Fri Feb 26 09:09:12 2016 : Debug: &control:Proxy-To-Realm := LOCAL Fri Feb 26 09:09:12 2016 : Debug: } Fri Feb 26 09:09:12 2016 : Debug: eap Fri Feb 26 09:09:12 2016 : Debug: sql Fri Feb 26 09:09:12 2016 : Debug: expiration Fri Feb 26 09:09:12 2016 : Debug: logintime Fri Feb 26 09:09:12 2016 : Debug: pap Fri Feb 26 09:09:12 2016 : Debug: } # authorize Fri Feb 26 09:09:12 2016 : Debug: session { Fri Feb 26 09:09:12 2016 : Debug: radutmp Fri Feb 26 09:09:12 2016 : Debug: sql Fri Feb 26 09:09:12 2016 : Debug: } # session Fri Feb 26 09:09:12 2016 : Debug: post-proxy { Fri Feb 26 09:09:12 2016 : Debug: eap Fri Feb 26 09:09:12 2016 : Debug: } # post-proxy Fri Feb 26 09:09:12 2016 : Debug: post-auth { Fri Feb 26 09:09:12 2016 : Debug: sql Fri Feb 26 09:09:12 2016 : Debug: group { Fri Feb 26 09:09:12 2016 : Debug: sql Fri Feb 26 09:09:12 2016 : Debug: attr_filter.access_reject Fri Feb 26 09:09:12 2016 : Debug: update { Fri Feb 26 09:09:12 2016 : Debug: &outer.session-state:Module-Failure-Message := &Module-Failure-Message Fri Feb 26 09:09:12 2016 : Debug: } Fri Feb 26 09:09:12 2016 : Debug: } Fri Feb 26 09:09:12 2016 : Debug: } # post-auth Fri Feb 26 09:09:12 2016 : Debug: } # server inner-tunnel Fri Feb 26 09:09:12 2016 : Debug: Created signal pipe. Read end FD 11, write end FD 12 Fri Feb 26 09:09:12 2016 : Debug: radiusd: #### Opening IP addresses and Ports #### Fri Feb 26 09:09:12 2016 : Debug: Loading library using absolute path "/usr/lib/freeradius/proto_auth.so" Fri Feb 26 09:09:12 2016 : Debug: Failed with error: /usr/lib/freeradius/proto_auth.so: cannot open shared object file: No such file or directory Fri Feb 26 09:09:12 2016 : Debug: Library file not found Fri Feb 26 09:09:12 2016 : Debug: Loading library using linker search path(s) Fri Feb 26 09:09:12 2016 : Debug: Defaults : /lib:/usr/lib Fri Feb 26 09:09:12 2016 : Debug: Failed with error: proto_auth.so: cannot open shared object file: No such file or directory Fri Feb 26 09:09:12 2016 : Debug: listen { Fri Feb 26 09:09:12 2016 : Debug: type = "auth" Fri Feb 26 09:09:12 2016 : Debug: ipaddr = * Fri Feb 26 09:09:12 2016 : Debug: port = 0 Fri Feb 26 09:09:12 2016 : Debug: limit { Fri Feb 26 09:09:12 2016 : Debug: max_connections = 16 Fri Feb 26 09:09:12 2016 : Debug: lifetime = 0 Fri Feb 26 09:09:12 2016 : Debug: idle_timeout = 30 Fri Feb 26 09:09:12 2016 : Debug: } Fri Feb 26 09:09:12 2016 : Debug: } Fri Feb 26 09:09:12 2016 : Debug: Loading library using absolute path "/usr/lib/freeradius/proto_acct.so" Fri Feb 26 09:09:12 2016 : Debug: Failed with error: /usr/lib/freeradius/proto_acct.so: cannot open shared object file: No such file or directory Fri Feb 26 09:09:12 2016 : Debug: Library file not found Fri Feb 26 09:09:12 2016 : Debug: Loading library using linker search path(s) Fri Feb 26 09:09:12 2016 : Debug: Defaults : /lib:/usr/lib Fri Feb 26 09:09:12 2016 : Debug: Failed with error: proto_acct.so: cannot open shared object file: No such file or directory Fri Feb 26 09:09:12 2016 : Debug: listen { Fri Feb 26 09:09:12 2016 : Debug: type = "acct" Fri Feb 26 09:09:12 2016 : Debug: ipaddr = * Fri Feb 26 09:09:12 2016 : Debug: port = 0 Fri Feb 26 09:09:12 2016 : Debug: limit { Fri Feb 26 09:09:12 2016 : Debug: max_connections = 16 Fri Feb 26 09:09:12 2016 : Debug: lifetime = 0 Fri Feb 26 09:09:12 2016 : Debug: idle_timeout = 30 Fri Feb 26 09:09:12 2016 : Debug: } Fri Feb 26 09:09:12 2016 : Debug: } Fri Feb 26 09:09:12 2016 : Debug: Loading library using absolute path "/usr/lib/freeradius/proto_auth.so" Fri Feb 26 09:09:12 2016 : Debug: Failed with error: /usr/lib/freeradius/proto_auth.so: cannot open shared object file: No such file or directory Fri Feb 26 09:09:12 2016 : Debug: Library file not found Fri Feb 26 09:09:12 2016 : Debug: Loading library using linker search path(s) Fri Feb 26 09:09:12 2016 : Debug: Defaults : /lib:/usr/lib Fri Feb 26 09:09:12 2016 : Debug: Failed with error: proto_auth.so: cannot open shared object file: No such file or directory Fri Feb 26 09:09:12 2016 : Debug: listen { Fri Feb 26 09:09:12 2016 : Debug: type = "auth" Fri Feb 26 09:09:12 2016 : Debug: ipv6addr = :: Fri Feb 26 09:09:12 2016 : Debug: port = 0 Fri Feb 26 09:09:12 2016 : Debug: limit { Fri Feb 26 09:09:12 2016 : Debug: max_connections = 16 Fri Feb 26 09:09:12 2016 : Debug: lifetime = 0 Fri Feb 26 09:09:12 2016 : Debug: idle_timeout = 30 Fri Feb 26 09:09:12 2016 : Debug: } Fri Feb 26 09:09:12 2016 : Debug: } Fri Feb 26 09:09:12 2016 : Debug: Loading library using absolute path "/usr/lib/freeradius/proto_acct.so" Fri Feb 26 09:09:12 2016 : Debug: Failed with error: /usr/lib/freeradius/proto_acct.so: cannot open shared object file: No such file or directory Fri Feb 26 09:09:12 2016 : Debug: Library file not found Fri Feb 26 09:09:12 2016 : Debug: Loading library using linker search path(s) Fri Feb 26 09:09:12 2016 : Debug: Defaults : /lib:/usr/lib Fri Feb 26 09:09:12 2016 : Debug: Failed with error: proto_acct.so: cannot open shared object file: No such file or directory Fri Feb 26 09:09:12 2016 : Debug: listen { Fri Feb 26 09:09:12 2016 : Debug: type = "acct" Fri Feb 26 09:09:12 2016 : Debug: ipv6addr = :: Fri Feb 26 09:09:12 2016 : Debug: port = 0 Fri Feb 26 09:09:12 2016 : Debug: limit { Fri Feb 26 09:09:12 2016 : Debug: max_connections = 16 Fri Feb 26 09:09:12 2016 : Debug: lifetime = 0 Fri Feb 26 09:09:12 2016 : Debug: idle_timeout = 30 Fri Feb 26 09:09:12 2016 : Debug: } Fri Feb 26 09:09:12 2016 : Debug: } Fri Feb 26 09:09:12 2016 : Debug: Loading library using absolute path "/usr/lib/freeradius/proto_auth.so" Fri Feb 26 09:09:12 2016 : Debug: Failed with error: /usr/lib/freeradius/proto_auth.so: cannot open shared object file: No such file or directory Fri Feb 26 09:09:12 2016 : Debug: Library file not found Fri Feb 26 09:09:12 2016 : Debug: Loading library using linker search path(s) Fri Feb 26 09:09:12 2016 : Debug: Defaults : /lib:/usr/lib Fri Feb 26 09:09:12 2016 : Debug: Failed with error: proto_auth.so: cannot open shared object file: No such file or directory Fri Feb 26 09:09:12 2016 : Debug: listen { Fri Feb 26 09:09:12 2016 : Debug: type = "auth" Fri Feb 26 09:09:12 2016 : Debug: ipaddr = 127.0.0.1 Fri Feb 26 09:09:12 2016 : Debug: port = 18120 Fri Feb 26 09:09:12 2016 : Debug: } Fri Feb 26 09:09:12 2016 : Debug: Listening on auth address * port 1812 bound to server default Fri Feb 26 09:09:12 2016 : Debug: Listening on acct address * port 1813 bound to server default Fri Feb 26 09:09:12 2016 : Debug: Listening on auth address :: port 1812 bound to server default Fri Feb 26 09:09:12 2016 : Debug: Listening on acct address :: port 1813 bound to server default Fri Feb 26 09:09:12 2016 : Debug: Listening on auth address 127.0.0.1 port 18120 bound to server inner-tunnel Fri Feb 26 09:09:12 2016 : Debug: Opened new proxy socket 'proxy address * port 52333' Fri Feb 26 09:09:12 2016 : Debug: Listening on proxy address * port 52333 Fri Feb 26 09:09:12 2016 : Debug: Opened new proxy socket 'proxy address :: port 52096' Fri Feb 26 09:09:12 2016 : Debug: Listening on proxy address :: port 52096 Fri Feb 26 09:09:12 2016 : Info: Ready to process requests Fri Feb 26 09:09:20 2016 : Debug: (0) Received Access-Request Id 94 from 192.168.6.211:1812 to 192.168.1.65:1812 length 116 Fri Feb 26 09:09:20 2016 : Debug: (0) User-Name = "test" Fri Feb 26 09:09:20 2016 : Debug: (0) NAS-IP-Address = 211.6.168.192 Fri Feb 26 09:09:20 2016 : Debug: (0) NAS-Identifier = "SWITCH01-TEST" Fri Feb 26 09:09:20 2016 : Debug: (0) NAS-Port-Type = Virtual Fri Feb 26 09:09:20 2016 : Debug: (0) Service-Type = NAS-Prompt-User Fri Feb 26 09:09:20 2016 : Debug: (0) EAP-Message = 0x020000090174657374 Fri Feb 26 09:09:20 2016 : Debug: (0) Message-Authenticator = 0xad23178550d4d9d40cd4ea363c3c6eef Fri Feb 26 09:09:20 2016 : Debug: (0) MS-RAS-Vendor = 184549376 Fri Feb 26 09:09:20 2016 : Debug: (0) Calling-Station-Id = "192.168.14.114" Fri Feb 26 09:09:20 2016 : Debug: (0) session-state: No State attribute Fri Feb 26 09:09:20 2016 : Debug: (0) # Executing section authorize from file /etc/freeradius/sites-enabled/default Fri Feb 26 09:09:20 2016 : Debug: (0) authorize { Fri Feb 26 09:09:20 2016 : Debug: (0) modsingle[authorize]: calling preprocess (rlm_preprocess) for request 0 Fri Feb 26 09:09:20 2016 : Debug: (0) modsingle[authorize]: returned from preprocess (rlm_preprocess) for request 0 Fri Feb 26 09:09:20 2016 : Debug: (0) [preprocess] = ok Fri Feb 26 09:09:20 2016 : Debug: (0) modsingle[authorize]: calling chap (rlm_chap) for request 0 Fri Feb 26 09:09:20 2016 : Debug: (0) modsingle[authorize]: returned from chap (rlm_chap) for request 0 Fri Feb 26 09:09:20 2016 : Debug: (0) [chap] = noop Fri Feb 26 09:09:20 2016 : Debug: (0) modsingle[authorize]: calling mschap (rlm_mschap) for request 0 Fri Feb 26 09:09:20 2016 : Debug: (0) modsingle[authorize]: returned from mschap (rlm_mschap) for request 0 Fri Feb 26 09:09:20 2016 : Debug: (0) [mschap] = noop Fri Feb 26 09:09:20 2016 : Debug: (0) modsingle[authorize]: calling digest (rlm_digest) for request 0 Fri Feb 26 09:09:20 2016 : Debug: (0) modsingle[authorize]: returned from digest (rlm_digest) for request 0 Fri Feb 26 09:09:20 2016 : Debug: (0) [digest] = noop Fri Feb 26 09:09:20 2016 : Debug: (0) modsingle[authorize]: calling suffix (rlm_realm) for request 0 Fri Feb 26 09:09:20 2016 : Debug: (0) suffix: Checking for suffix after "@" Fri Feb 26 09:09:20 2016 : Debug: (0) suffix: No '@' in User-Name = "test", looking up realm NULL Fri Feb 26 09:09:20 2016 : Debug: (0) suffix: No such realm "NULL" Fri Feb 26 09:09:20 2016 : Debug: (0) modsingle[authorize]: returned from suffix (rlm_realm) for request 0 Fri Feb 26 09:09:20 2016 : Debug: (0) [suffix] = noop Fri Feb 26 09:09:20 2016 : Debug: (0) modsingle[authorize]: calling eap (rlm_eap) for request 0 Fri Feb 26 09:09:20 2016 : Debug: (0) eap: Peer sent EAP Response (code 2) ID 0 length 9 Fri Feb 26 09:09:20 2016 : Debug: (0) eap: EAP-Identity reply, returning 'ok' so we can short-circuit the rest of authorize Fri Feb 26 09:09:20 2016 : Debug: (0) modsingle[authorize]: returned from eap (rlm_eap) for request 0 Fri Feb 26 09:09:20 2016 : Debug: (0) [eap] = ok Fri Feb 26 09:09:20 2016 : Debug: (0) } # authorize = ok Fri Feb 26 09:09:20 2016 : Debug: (0) Found Auth-Type = EAP Fri Feb 26 09:09:20 2016 : Debug: (0) # Executing group from file /etc/freeradius/sites-enabled/default Fri Feb 26 09:09:20 2016 : Debug: (0) authenticate { Fri Feb 26 09:09:20 2016 : Debug: (0) modsingle[authenticate]: calling eap (rlm_eap) for request 0 Fri Feb 26 09:09:20 2016 : Debug: (0) eap: Peer sent packet with method EAP Identity (1) Fri Feb 26 09:09:20 2016 : Debug: (0) eap: Calling submodule eap_md5 to process data Fri Feb 26 09:09:20 2016 : Debug: (0) eap_md5: Issuing MD5 Challenge Fri Feb 26 09:09:20 2016 : Debug: (0) eap: Sending EAP Request (code 1) ID 1 length 22 Fri Feb 26 09:09:20 2016 : Debug: (0) eap: EAP session adding &reply:State = 0x49d1e9bb49d0ed66 Fri Feb 26 09:09:20 2016 : Debug: (0) modsingle[authenticate]: returned from eap (rlm_eap) for request 0 Fri Feb 26 09:09:20 2016 : Debug: (0) [eap] = handled Fri Feb 26 09:09:20 2016 : Debug: (0) } # authenticate = handled Fri Feb 26 09:09:20 2016 : Debug: (0) Using Post-Auth-Type Challenge Fri Feb 26 09:09:20 2016 : Debug: (0) Post-Auth-Type sub-section not found. Ignoring. Fri Feb 26 09:09:20 2016 : Debug: (0) # Executing group from file /etc/freeradius/sites-enabled/default Fri Feb 26 09:09:20 2016 : Debug: (0) session-state: Nothing to cache Fri Feb 26 09:09:20 2016 : Debug: (0) Sent Access-Challenge Id 94 from 192.168.1.65:1812 to 192.168.6.211:1812 length 0 Fri Feb 26 09:09:20 2016 : Debug: (0) EAP-Message = 0x010100160410cf9fddc333bc02de4f7986fbf39093f9 Fri Feb 26 09:09:20 2016 : Debug: (0) Message-Authenticator = 0x00000000000000000000000000000000 Fri Feb 26 09:09:20 2016 : Debug: (0) State = 0x49d1e9bb49d0ed6604270874f25476f7 Fri Feb 26 09:09:20 2016 : Debug: (0) Finished request Fri Feb 26 09:09:20 2016 : Debug: Waking up in 4.9 seconds. Fri Feb 26 09:09:20 2016 : Debug: (1) Received Access-Request Id 95 from 192.168.6.211:1812 to 192.168.1.65:1812 length 131 Fri Feb 26 09:09:20 2016 : Debug: (1) User-Name = "test" Fri Feb 26 09:09:20 2016 : Debug: (1) NAS-IP-Address = 211.6.168.192 Fri Feb 26 09:09:20 2016 : Debug: (1) NAS-Identifier = "SWITCH01-TEST" Fri Feb 26 09:09:20 2016 : Debug: (1) NAS-Port-Type = Virtual Fri Feb 26 09:09:20 2016 : Debug: (1) Service-Type = NAS-Prompt-User Fri Feb 26 09:09:20 2016 : Debug: (1) State = 0x49d1e9bb49d0ed6604270874f25476f7 Fri Feb 26 09:09:20 2016 : Debug: (1) EAP-Message = 0x020100060319 Fri Feb 26 09:09:20 2016 : Debug: (1) Message-Authenticator = 0xc3f34c4d541be70e121ca7c8c01784c1 Fri Feb 26 09:09:20 2016 : Debug: (1) MS-RAS-Vendor = 184549376 Fri Feb 26 09:09:20 2016 : Debug: (1) Calling-Station-Id = "192.168.14.114" Fri Feb 26 09:09:20 2016 : Debug: (1) session-state: No cached attributes Fri Feb 26 09:09:20 2016 : Debug: (1) # Executing section authorize from file /etc/freeradius/sites-enabled/default Fri Feb 26 09:09:20 2016 : Debug: (1) authorize { Fri Feb 26 09:09:20 2016 : Debug: (1) modsingle[authorize]: calling preprocess (rlm_preprocess) for request 1 Fri Feb 26 09:09:20 2016 : Debug: (1) modsingle[authorize]: returned from preprocess (rlm_preprocess) for request 1 Fri Feb 26 09:09:20 2016 : Debug: (1) [preprocess] = ok Fri Feb 26 09:09:20 2016 : Debug: (1) modsingle[authorize]: calling chap (rlm_chap) for request 1 Fri Feb 26 09:09:20 2016 : Debug: (1) modsingle[authorize]: returned from chap (rlm_chap) for request 1 Fri Feb 26 09:09:20 2016 : Debug: (1) [chap] = noop Fri Feb 26 09:09:20 2016 : Debug: (1) modsingle[authorize]: calling mschap (rlm_mschap) for request 1 Fri Feb 26 09:09:20 2016 : Debug: (1) modsingle[authorize]: returned from mschap (rlm_mschap) for request 1 Fri Feb 26 09:09:20 2016 : Debug: (1) [mschap] = noop Fri Feb 26 09:09:20 2016 : Debug: (1) modsingle[authorize]: calling digest (rlm_digest) for request 1 Fri Feb 26 09:09:20 2016 : Debug: (1) modsingle[authorize]: returned from digest (rlm_digest) for request 1 Fri Feb 26 09:09:20 2016 : Debug: (1) [digest] = noop Fri Feb 26 09:09:20 2016 : Debug: (1) modsingle[authorize]: calling suffix (rlm_realm) for request 1 Fri Feb 26 09:09:20 2016 : Debug: (1) suffix: Checking for suffix after "@" Fri Feb 26 09:09:20 2016 : Debug: (1) suffix: No '@' in User-Name = "test", looking up realm NULL Fri Feb 26 09:09:20 2016 : Debug: (1) suffix: No such realm "NULL" Fri Feb 26 09:09:20 2016 : Debug: (1) modsingle[authorize]: returned from suffix (rlm_realm) for request 1 Fri Feb 26 09:09:20 2016 : Debug: (1) [suffix] = noop Fri Feb 26 09:09:20 2016 : Debug: (1) modsingle[authorize]: calling eap (rlm_eap) for request 1 Fri Feb 26 09:09:20 2016 : Debug: (1) eap: Peer sent EAP Response (code 2) ID 1 length 6 Fri Feb 26 09:09:20 2016 : Debug: (1) eap: No EAP Start, assuming it's an on-going EAP conversation Fri Feb 26 09:09:20 2016 : Debug: (1) modsingle[authorize]: returned from eap (rlm_eap) for request 1 Fri Feb 26 09:09:20 2016 : Debug: (1) [eap] = updated Fri Feb 26 09:09:20 2016 : Debug: (1) modsingle[authorize]: calling sql (rlm_sql) for request 1 Fri Feb 26 09:09:20 2016 : Debug: %{User-Name} Fri Feb 26 09:09:20 2016 : Debug: Parsed xlat tree: Fri Feb 26 09:09:20 2016 : Debug: attribute --> User-Name Fri Feb 26 09:09:20 2016 : Debug: (1) sql: EXPAND %{User-Name} Fri Feb 26 09:09:20 2016 : Debug: (1) sql: --> test Fri Feb 26 09:09:20 2016 : Debug: (1) sql: SQL-User-Name set to 'test' Fri Feb 26 09:09:20 2016 : Debug: (1) sql: ::: FROM 1 TO 12 MAX 13 Fri Feb 26 09:09:20 2016 : Debug: (1) sql: ::: Examining SQL-User-Name Fri Feb 26 09:09:20 2016 : Debug: (1) sql: ::: APPENDING SQL-User-Name FROM 0 TO 12 Fri Feb 26 09:09:20 2016 : Debug: (1) sql: ::: TO in 12 out 12 Fri Feb 26 09:09:20 2016 : Debug: (1) sql: ::: to[0] = User-Name Fri Feb 26 09:09:20 2016 : Debug: (1) sql: ::: to[1] = NAS-IP-Address Fri Feb 26 09:09:20 2016 : Debug: (1) sql: ::: to[2] = NAS-Identifier Fri Feb 26 09:09:20 2016 : Debug: (1) sql: ::: to[3] = NAS-Port-Type Fri Feb 26 09:09:20 2016 : Debug: (1) sql: ::: to[4] = Service-Type Fri Feb 26 09:09:20 2016 : Debug: (1) sql: ::: to[5] = State Fri Feb 26 09:09:20 2016 : Debug: (1) sql: ::: to[6] = EAP-Message Fri Feb 26 09:09:20 2016 : Debug: (1) sql: ::: to[7] = Message-Authenticator Fri Feb 26 09:09:20 2016 : Debug: (1) sql: ::: to[8] = MS-RAS-Vendor Fri Feb 26 09:09:20 2016 : Debug: (1) sql: ::: to[9] = Calling-Station-Id Fri Feb 26 09:09:20 2016 : Debug: (1) sql: ::: to[10] = Event-Timestamp Fri Feb 26 09:09:20 2016 : Debug: (1) sql: ::: to[11] = EAP-Type Fri Feb 26 09:09:20 2016 : Debug: rlm_sql (sql): Reserved connection (1) Fri Feb 26 09:09:20 2016 : Debug: SELECT id, username, attribute, value, op FROM radcheck WHERE username = '%{SQL-User-Name}' ORDER BY id Fri Feb 26 09:09:20 2016 : Debug: Parsed xlat tree: Fri Feb 26 09:09:20 2016 : Debug: literal --> SELECT id, username, attribute, value, op FROM radcheck WHERE username = ' Fri Feb 26 09:09:20 2016 : Debug: attribute --> SQL-User-Name Fri Feb 26 09:09:20 2016 : Debug: literal --> ' ORDER BY id Fri Feb 26 09:09:20 2016 : Debug: (1) sql: EXPAND SELECT id, username, attribute, value, op FROM radcheck WHERE username = '%{SQL-User-Name}' ORDER BY id Fri Feb 26 09:09:20 2016 : Debug: (1) sql: --> SELECT id, username, attribute, value, op FROM radcheck WHERE username = 'test' ORDER BY id Fri Feb 26 09:09:20 2016 : Debug: (1) sql: Executing select query: SELECT id, username, attribute, value, op FROM radcheck WHERE username = 'test' ORDER BY id Fri Feb 26 09:09:20 2016 : Debug: (1) sql: User found in radcheck table Fri Feb 26 09:09:20 2016 : Debug: (1) sql: Conditional check items matched, merging assignment check items Fri Feb 26 09:09:20 2016 : Debug: (1) sql: Cleartext-Password := "test" Fri Feb 26 09:09:20 2016 : Debug: (1) sql: ::: FROM 1 TO 1 MAX 2 Fri Feb 26 09:09:20 2016 : Debug: (1) sql: ::: Examining Cleartext-Password Fri Feb 26 09:09:20 2016 : Debug: (1) sql: ::: APPENDING Cleartext-Password FROM 0 TO 1 Fri Feb 26 09:09:20 2016 : Debug: (1) sql: ::: TO in 1 out 1 Fri Feb 26 09:09:20 2016 : Debug: (1) sql: ::: to[0] = Auth-Type Fri Feb 26 09:09:20 2016 : Debug: SELECT id, username, attribute, value, op FROM radreply WHERE username = '%{SQL-User-Name}' ORDER BY id Fri Feb 26 09:09:20 2016 : Debug: Parsed xlat tree: Fri Feb 26 09:09:20 2016 : Debug: literal --> SELECT id, username, attribute, value, op FROM radreply WHERE username = ' Fri Feb 26 09:09:20 2016 : Debug: attribute --> SQL-User-Name Fri Feb 26 09:09:20 2016 : Debug: literal --> ' ORDER BY id Fri Feb 26 09:09:20 2016 : Debug: (1) sql: EXPAND SELECT id, username, attribute, value, op FROM radreply WHERE username = '%{SQL-User-Name}' ORDER BY id Fri Feb 26 09:09:20 2016 : Debug: (1) sql: --> SELECT id, username, attribute, value, op FROM radreply WHERE username = 'test' ORDER BY id Fri Feb 26 09:09:20 2016 : Debug: (1) sql: Executing select query: SELECT id, username, attribute, value, op FROM radreply WHERE username = 'test' ORDER BY id Fri Feb 26 09:09:20 2016 : Debug: (1) sql: ... falling-through to group processing Fri Feb 26 09:09:20 2016 : Debug: SELECT groupname FROM radusergroup WHERE username = '%{SQL-User-Name}' ORDER BY priority Fri Feb 26 09:09:20 2016 : Debug: Parsed xlat tree: Fri Feb 26 09:09:20 2016 : Debug: literal --> SELECT groupname FROM radusergroup WHERE username = ' Fri Feb 26 09:09:20 2016 : Debug: attribute --> SQL-User-Name Fri Feb 26 09:09:20 2016 : Debug: literal --> ' ORDER BY priority Fri Feb 26 09:09:20 2016 : Debug: (1) sql: EXPAND SELECT groupname FROM radusergroup WHERE username = '%{SQL-User-Name}' ORDER BY priority Fri Feb 26 09:09:20 2016 : Debug: (1) sql: --> SELECT groupname FROM radusergroup WHERE username = 'test' ORDER BY priority Fri Feb 26 09:09:20 2016 : Debug: (1) sql: Executing select query: SELECT groupname FROM radusergroup WHERE username = 'test' ORDER BY priority Fri Feb 26 09:09:20 2016 : Debug: (1) sql: User found in the group table Fri Feb 26 09:09:20 2016 : Debug: SELECT id, groupname, attribute, Value, op FROM radgroupcheck WHERE groupname = '%{SQL-Group}' ORDER BY id Fri Feb 26 09:09:20 2016 : Debug: Parsed xlat tree: Fri Feb 26 09:09:20 2016 : Debug: literal --> SELECT id, groupname, attribute, Value, op FROM radgroupcheck WHERE groupname = ' Fri Feb 26 09:09:20 2016 : Debug: attribute --> SQL-Group Fri Feb 26 09:09:20 2016 : Debug: literal --> ' ORDER BY id Fri Feb 26 09:09:20 2016 : Debug: (1) sql: EXPAND SELECT id, groupname, attribute, Value, op FROM radgroupcheck WHERE groupname = '%{SQL-Group}' ORDER BY id Fri Feb 26 09:09:20 2016 : Debug: (1) sql: --> SELECT id, groupname, attribute, Value, op FROM radgroupcheck WHERE groupname = 'HP-Procurve-Switch' ORDER BY id Fri Feb 26 09:09:20 2016 : Debug: (1) sql: Executing select query: SELECT id, groupname, attribute, Value, op FROM radgroupcheck WHERE groupname = 'HP-Procurve-Switch' ORDER BY id Fri Feb 26 09:09:20 2016 : Debug: (1) sql: Group "HP-Procurve-Switch": Conditional check items matched Fri Feb 26 09:09:20 2016 : Debug: (1) sql: Group "HP-Procurve-Switch": Merging assignment check items Fri Feb 26 09:09:20 2016 : Debug: (1) sql: ::: FROM 0 TO 2 MAX 2 Fri Feb 26 09:09:20 2016 : Debug: (1) sql: ::: TO in 2 out 2 Fri Feb 26 09:09:20 2016 : Debug: (1) sql: ::: to[0] = Auth-Type Fri Feb 26 09:09:20 2016 : Debug: (1) sql: ::: to[1] = Cleartext-Password Fri Feb 26 09:09:20 2016 : Debug: SELECT id, groupname, attribute, value, op FROM radgroupreply WHERE groupname = '%{SQL-Group}' ORDER BY id Fri Feb 26 09:09:20 2016 : Debug: Parsed xlat tree: Fri Feb 26 09:09:20 2016 : Debug: literal --> SELECT id, groupname, attribute, value, op FROM radgroupreply WHERE groupname = ' Fri Feb 26 09:09:20 2016 : Debug: attribute --> SQL-Group Fri Feb 26 09:09:20 2016 : Debug: literal --> ' ORDER BY id Fri Feb 26 09:09:20 2016 : Debug: (1) sql: EXPAND SELECT id, groupname, attribute, value, op FROM radgroupreply WHERE groupname = '%{SQL-Group}' ORDER BY id Fri Feb 26 09:09:20 2016 : Debug: (1) sql: --> SELECT id, groupname, attribute, value, op FROM radgroupreply WHERE groupname = 'HP-Procurve-Switch' ORDER BY id Fri Feb 26 09:09:20 2016 : Debug: (1) sql: Executing select query: SELECT id, groupname, attribute, value, op FROM radgroupreply WHERE groupname = 'HP-Procurve-Switch' ORDER BY id Fri Feb 26 09:09:20 2016 : Debug: (1) sql: Group "HP-Procurve-Switch": Merging reply items Fri Feb 26 09:09:20 2016 : Debug: (1) sql: Service-Type = Administrative-User Fri Feb 26 09:09:20 2016 : Debug: (1) sql: ::: FROM 1 TO 0 MAX 1 Fri Feb 26 09:09:20 2016 : Debug: (1) sql: ::: Examining Service-Type Fri Feb 26 09:09:20 2016 : Debug: (1) sql: ::: APPENDING Service-Type FROM 0 TO 0 Fri Feb 26 09:09:20 2016 : Debug: (1) sql: ::: TO in 0 out 0 Fri Feb 26 09:09:20 2016 : Debug: (1) sql: ... falling-through to profile processing Fri Feb 26 09:09:20 2016 : Debug: rlm_sql (sql): Released connection (1) Fri Feb 26 09:09:20 2016 : Info: rlm_sql (sql): Need 4 more connections to reach 10 spares Fri Feb 26 09:09:20 2016 : Info: rlm_sql (sql): Opening additional connection (6), 1 of 26 pending slots used Fri Feb 26 09:09:20 2016 : Debug: rlm_sql_mysql: Starting connect to MySQL server Fri Feb 26 09:09:20 2016 : Debug: rlm_sql_mysql: Connected to database 'radius' on Localhost via UNIX socket, server version 5.5.47-0ubuntu0.14.04.1, protocol version 10 Fri Feb 26 09:09:20 2016 : Debug: (1) modsingle[authorize]: returned from sql (rlm_sql) for request 1 Fri Feb 26 09:09:20 2016 : Debug: (1) [sql] = ok Fri Feb 26 09:09:20 2016 : Debug: (1) modsingle[authorize]: calling expiration (rlm_expiration) for request 1 Fri Feb 26 09:09:20 2016 : Debug: (1) modsingle[authorize]: returned from expiration (rlm_expiration) for request 1 Fri Feb 26 09:09:20 2016 : Debug: (1) [expiration] = noop Fri Feb 26 09:09:20 2016 : Debug: (1) modsingle[authorize]: calling logintime (rlm_logintime) for request 1 Fri Feb 26 09:09:20 2016 : Debug: (1) modsingle[authorize]: returned from logintime (rlm_logintime) for request 1 Fri Feb 26 09:09:20 2016 : Debug: (1) [logintime] = noop Fri Feb 26 09:09:20 2016 : Debug: (1) modsingle[authorize]: calling pap (rlm_pap) for request 1 Fri Feb 26 09:09:20 2016 : WARNING: (1) pap: Auth-Type already set. Not setting to PAP Fri Feb 26 09:09:20 2016 : Debug: (1) modsingle[authorize]: returned from pap (rlm_pap) for request 1 Fri Feb 26 09:09:20 2016 : Debug: (1) [pap] = noop Fri Feb 26 09:09:20 2016 : Debug: (1) } # authorize = updated Fri Feb 26 09:09:20 2016 : Debug: (1) Found Auth-Type = EAP Fri Feb 26 09:09:20 2016 : Debug: (1) # Executing group from file /etc/freeradius/sites-enabled/default Fri Feb 26 09:09:20 2016 : Debug: (1) authenticate { Fri Feb 26 09:09:20 2016 : Debug: (1) modsingle[authenticate]: calling eap (rlm_eap) for request 1 Fri Feb 26 09:09:20 2016 : Debug: (1) eap: Expiring EAP session with state 0x49d1e9bb49d0ed66 Fri Feb 26 09:09:20 2016 : Debug: (1) eap: Finished EAP session with state 0x49d1e9bb49d0ed66 Fri Feb 26 09:09:20 2016 : Debug: (1) eap: Previous EAP request found for state 0x49d1e9bb49d0ed66, released from the list Fri Feb 26 09:09:20 2016 : Debug: (1) eap: Peer sent packet with method EAP NAK (3) Fri Feb 26 09:09:20 2016 : Debug: (1) eap: Found mutually acceptable type PEAP (25) Fri Feb 26 09:09:20 2016 : Debug: (1) eap: Calling submodule eap_peap to process data Fri Feb 26 09:09:20 2016 : Debug: (1) eap_peap: Initiating new EAP-TLS session Fri Feb 26 09:09:20 2016 : Debug: (1) eap_peap: Flushing SSL sessions (of #0) Fri Feb 26 09:09:20 2016 : Debug: (1) eap_peap: [eaptls start] = request Fri Feb 26 09:09:20 2016 : Debug: (1) eap: Sending EAP Request (code 1) ID 2 length 6 Fri Feb 26 09:09:20 2016 : Debug: (1) eap: EAP session adding &reply:State = 0x49d1e9bb48d3f066 Fri Feb 26 09:09:20 2016 : Debug: (1) modsingle[authenticate]: returned from eap (rlm_eap) for request 1 Fri Feb 26 09:09:20 2016 : Debug: (1) [eap] = handled Fri Feb 26 09:09:20 2016 : Debug: (1) } # authenticate = handled Fri Feb 26 09:09:20 2016 : Debug: (1) Using Post-Auth-Type Challenge Fri Feb 26 09:09:20 2016 : Debug: (1) Post-Auth-Type sub-section not found. Ignoring. Fri Feb 26 09:09:20 2016 : Debug: (1) # Executing group from file /etc/freeradius/sites-enabled/default Fri Feb 26 09:09:20 2016 : Debug: (1) session-state: Nothing to cache Fri Feb 26 09:09:20 2016 : Debug: (1) Sent Access-Challenge Id 95 from 192.168.1.65:1812 to 192.168.6.211:1812 length 0 Fri Feb 26 09:09:20 2016 : Debug: (1) Service-Type = Administrative-User Fri Feb 26 09:09:20 2016 : Debug: (1) EAP-Message = 0x010200061920 Fri Feb 26 09:09:20 2016 : Debug: (1) Message-Authenticator = 0x00000000000000000000000000000000 Fri Feb 26 09:09:20 2016 : Debug: (1) State = 0x49d1e9bb48d3f06604270874f25476f7 Fri Feb 26 09:09:20 2016 : Debug: (1) Finished request Fri Feb 26 09:09:20 2016 : Debug: Waking up in 4.9 seconds. Fri Feb 26 09:09:20 2016 : Debug: (2) Received Access-Request Id 96 from 192.168.6.211:1812 to 192.168.1.65:1812 length 211 Fri Feb 26 09:09:20 2016 : Debug: (2) User-Name = "test" Fri Feb 26 09:09:20 2016 : Debug: (2) NAS-IP-Address = 211.6.168.192 Fri Feb 26 09:09:20 2016 : Debug: (2) NAS-Identifier = "SWITCH01-TEST" Fri Feb 26 09:09:20 2016 : Debug: (2) NAS-Port-Type = Virtual Fri Feb 26 09:09:20 2016 : Debug: (2) Service-Type = NAS-Prompt-User Fri Feb 26 09:09:20 2016 : Debug: (2) State = 0x49d1e9bb48d3f06604270874f25476f7 Fri Feb 26 09:09:20 2016 : Debug: (2) EAP-Message = 0x020200561900160303004b010000470303f469e888bc5f0be285d0034944e649c51126cce388e1c602d6e68b3d32077ec600000c003d0035003c002f000a000901000012000d000e000c060105010401030102010101 Fri Feb 26 09:09:20 2016 : Debug: (2) Message-Authenticator = 0x2ce1bdbb10507e63da3523deaea3b9ac Fri Feb 26 09:09:20 2016 : Debug: (2) MS-RAS-Vendor = 184549376 Fri Feb 26 09:09:20 2016 : Debug: (2) Calling-Station-Id = "192.168.14.114" Fri Feb 26 09:09:20 2016 : Debug: (2) session-state: No cached attributes Fri Feb 26 09:09:20 2016 : Debug: (2) # Executing section authorize from file /etc/freeradius/sites-enabled/default Fri Feb 26 09:09:20 2016 : Debug: (2) authorize { Fri Feb 26 09:09:20 2016 : Debug: (2) modsingle[authorize]: calling preprocess (rlm_preprocess) for request 2 Fri Feb 26 09:09:20 2016 : Debug: (2) modsingle[authorize]: returned from preprocess (rlm_preprocess) for request 2 Fri Feb 26 09:09:20 2016 : Debug: (2) [preprocess] = ok Fri Feb 26 09:09:20 2016 : Debug: (2) modsingle[authorize]: calling chap (rlm_chap) for request 2 Fri Feb 26 09:09:20 2016 : Debug: (2) modsingle[authorize]: returned from chap (rlm_chap) for request 2 Fri Feb 26 09:09:20 2016 : Debug: (2) [chap] = noop Fri Feb 26 09:09:20 2016 : Debug: (2) modsingle[authorize]: calling mschap (rlm_mschap) for request 2 Fri Feb 26 09:09:20 2016 : Debug: (2) modsingle[authorize]: returned from mschap (rlm_mschap) for request 2 Fri Feb 26 09:09:20 2016 : Debug: (2) [mschap] = noop Fri Feb 26 09:09:20 2016 : Debug: (2) modsingle[authorize]: calling digest (rlm_digest) for request 2 Fri Feb 26 09:09:20 2016 : Debug: (2) modsingle[authorize]: returned from digest (rlm_digest) for request 2 Fri Feb 26 09:09:20 2016 : Debug: (2) [digest] = noop Fri Feb 26 09:09:20 2016 : Debug: (2) modsingle[authorize]: calling suffix (rlm_realm) for request 2 Fri Feb 26 09:09:20 2016 : Debug: (2) suffix: Checking for suffix after "@" Fri Feb 26 09:09:20 2016 : Debug: (2) suffix: No '@' in User-Name = "test", looking up realm NULL Fri Feb 26 09:09:20 2016 : Debug: (2) suffix: No such realm "NULL" Fri Feb 26 09:09:20 2016 : Debug: (2) modsingle[authorize]: returned from suffix (rlm_realm) for request 2 Fri Feb 26 09:09:20 2016 : Debug: (2) [suffix] = noop Fri Feb 26 09:09:20 2016 : Debug: (2) modsingle[authorize]: calling eap (rlm_eap) for request 2 Fri Feb 26 09:09:20 2016 : Debug: (2) eap: Peer sent EAP Response (code 2) ID 2 length 86 Fri Feb 26 09:09:20 2016 : Debug: (2) eap: Continuing tunnel setup Fri Feb 26 09:09:20 2016 : Debug: (2) modsingle[authorize]: returned from eap (rlm_eap) for request 2 Fri Feb 26 09:09:20 2016 : Debug: (2) [eap] = ok Fri Feb 26 09:09:20 2016 : Debug: (2) } # authorize = ok Fri Feb 26 09:09:20 2016 : Debug: (2) Found Auth-Type = EAP Fri Feb 26 09:09:20 2016 : Debug: (2) # Executing group from file /etc/freeradius/sites-enabled/default Fri Feb 26 09:09:20 2016 : Debug: (2) authenticate { Fri Feb 26 09:09:20 2016 : Debug: (2) modsingle[authenticate]: calling eap (rlm_eap) for request 2 Fri Feb 26 09:09:20 2016 : Debug: (2) eap: Expiring EAP session with state 0x49d1e9bb48d3f066 Fri Feb 26 09:09:20 2016 : Debug: (2) eap: Finished EAP session with state 0x49d1e9bb48d3f066 Fri Feb 26 09:09:20 2016 : Debug: (2) eap: Previous EAP request found for state 0x49d1e9bb48d3f066, released from the list Fri Feb 26 09:09:20 2016 : Debug: (2) eap: Peer sent packet with method EAP PEAP (25) Fri Feb 26 09:09:20 2016 : Debug: (2) eap: Calling submodule eap_peap to process data Fri Feb 26 09:09:20 2016 : Debug: (2) eap_peap: Continuing EAP-TLS Fri Feb 26 09:09:20 2016 : Debug: (2) eap_peap: Peer sent flags --- Fri Feb 26 09:09:20 2016 : Debug: (2) eap_peap: [eaptls verify] = ok Fri Feb 26 09:09:20 2016 : Debug: (2) eap_peap: Done initial handshake Fri Feb 26 09:09:20 2016 : Debug: (2) eap_peap: (other): before/accept initialization Fri Feb 26 09:09:20 2016 : Debug: (2) eap_peap: TLS_accept: before/accept initialization Fri Feb 26 09:09:20 2016 : Debug: (2) eap_peap: <<< TLS 1.2 [length 004b] Fri Feb 26 09:09:20 2016 : Debug: (2) eap_peap: TLS_accept: SSLv3 read client hello A Fri Feb 26 09:09:20 2016 : Debug: (2) eap_peap: >>> TLS 1.2 [length 004a] Fri Feb 26 09:09:20 2016 : Debug: (2) eap_peap: TLS_accept: SSLv3 write server hello A Fri Feb 26 09:09:20 2016 : Debug: (2) eap_peap: >>> TLS 1.2 [length 08d3] Fri Feb 26 09:09:20 2016 : Debug: (2) eap_peap: TLS_accept: SSLv3 write certificate A Fri Feb 26 09:09:20 2016 : Debug: (2) eap_peap: >>> TLS 1.2 [length 0004] Fri Feb 26 09:09:20 2016 : Debug: (2) eap_peap: TLS_accept: SSLv3 write server done A Fri Feb 26 09:09:20 2016 : Debug: (2) eap_peap: TLS_accept: SSLv3 flush data Fri Feb 26 09:09:20 2016 : Debug: (2) eap_peap: TLS_accept: Need to read more data: SSLv3 read client certificate A Fri Feb 26 09:09:20 2016 : Debug: (2) eap_peap: TLS_accept: Need to read more data: SSLv3 read client certificate A Fri Feb 26 09:09:20 2016 : Debug: (2) eap_peap: In SSL Handshake Phase Fri Feb 26 09:09:20 2016 : Debug: (2) eap_peap: In SSL Accept mode Fri Feb 26 09:09:20 2016 : Debug: (2) eap_peap: [eaptls process] = handled Fri Feb 26 09:09:20 2016 : Debug: (2) eap: Sending EAP Request (code 1) ID 3 length 1004 Fri Feb 26 09:09:20 2016 : Debug: (2) eap: EAP session adding &reply:State = 0x49d1e9bb4bd2f066 Fri Feb 26 09:09:20 2016 : Debug: (2) modsingle[authenticate]: returned from eap (rlm_eap) for request 2 Fri Feb 26 09:09:20 2016 : Debug: (2) [eap] = handled Fri Feb 26 09:09:20 2016 : Debug: (2) } # authenticate = handled Fri Feb 26 09:09:20 2016 : Debug: (2) Using Post-Auth-Type Challenge Fri Feb 26 09:09:20 2016 : Debug: (2) Post-Auth-Type sub-section not found. Ignoring. Fri Feb 26 09:09:20 2016 : Debug: (2) # Executing group from file /etc/freeradius/sites-enabled/default Fri Feb 26 09:09:20 2016 : Debug: (2) session-state: Nothing to cache Fri Feb 26 09:09:20 2016 : Debug: (2) Sent Access-Challenge Id 96 from 192.168.1.65:1812 to 192.168.6.211:1812 length 0 Fri Feb 26 09:09:20 2016 : Debug: (2) EAP-Message = 0x010303ec19c000000930160303004a02000046030354fe36731b467feb5884257e28f240b1ec929d24c9e32152f69a15b29383707a200887f19083730e7634c25242b95cf3766946898850934650cbef5fdc96063735003d0016030308d30b0008cf0008cc0003de308203da308202c2a0030201020201 Fri Feb 26 09:09:20 2016 : Debug: (2) Message-Authenticator = 0x00000000000000000000000000000000 Fri Feb 26 09:09:20 2016 : Debug: (2) State = 0x49d1e9bb4bd2f06604270874f25476f7 Fri Feb 26 09:09:20 2016 : Debug: (2) Finished request Fri Feb 26 09:09:20 2016 : Debug: Waking up in 4.9 seconds. Fri Feb 26 09:09:20 2016 : Debug: (3) Received Access-Request Id 97 from 192.168.6.211:1812 to 192.168.1.65:1812 length 131 Fri Feb 26 09:09:20 2016 : Debug: (3) User-Name = "test" Fri Feb 26 09:09:20 2016 : Debug: (3) NAS-IP-Address = 211.6.168.192 Fri Feb 26 09:09:20 2016 : Debug: (3) NAS-Identifier = "SWITCH01-TEST" Fri Feb 26 09:09:20 2016 : Debug: (3) NAS-Port-Type = Virtual Fri Feb 26 09:09:20 2016 : Debug: (3) Service-Type = NAS-Prompt-User Fri Feb 26 09:09:20 2016 : Debug: (3) State = 0x49d1e9bb4bd2f06604270874f25476f7 Fri Feb 26 09:09:20 2016 : Debug: (3) EAP-Message = 0x020300061900 Fri Feb 26 09:09:20 2016 : Debug: (3) Message-Authenticator = 0x0b12f8d3e8972bbd6ac1b77f1e73f4da Fri Feb 26 09:09:20 2016 : Debug: (3) MS-RAS-Vendor = 184549376 Fri Feb 26 09:09:20 2016 : Debug: (3) Calling-Station-Id = "192.168.14.114" Fri Feb 26 09:09:20 2016 : Debug: (3) session-state: No cached attributes Fri Feb 26 09:09:20 2016 : Debug: (3) # Executing section authorize from file /etc/freeradius/sites-enabled/default Fri Feb 26 09:09:20 2016 : Debug: (3) authorize { Fri Feb 26 09:09:20 2016 : Debug: (3) modsingle[authorize]: calling preprocess (rlm_preprocess) for request 3 Fri Feb 26 09:09:20 2016 : Debug: (3) modsingle[authorize]: returned from preprocess (rlm_preprocess) for request 3 Fri Feb 26 09:09:20 2016 : Debug: (3) [preprocess] = ok Fri Feb 26 09:09:20 2016 : Debug: (3) modsingle[authorize]: calling chap (rlm_chap) for request 3 Fri Feb 26 09:09:20 2016 : Debug: (3) modsingle[authorize]: returned from chap (rlm_chap) for request 3 Fri Feb 26 09:09:20 2016 : Debug: (3) [chap] = noop Fri Feb 26 09:09:20 2016 : Debug: (3) modsingle[authorize]: calling mschap (rlm_mschap) for request 3 Fri Feb 26 09:09:20 2016 : Debug: (3) modsingle[authorize]: returned from mschap (rlm_mschap) for request 3 Fri Feb 26 09:09:20 2016 : Debug: (3) [mschap] = noop Fri Feb 26 09:09:20 2016 : Debug: (3) modsingle[authorize]: calling digest (rlm_digest) for request 3 Fri Feb 26 09:09:20 2016 : Debug: (3) modsingle[authorize]: returned from digest (rlm_digest) for request 3 Fri Feb 26 09:09:20 2016 : Debug: (3) [digest] = noop Fri Feb 26 09:09:20 2016 : Debug: (3) modsingle[authorize]: calling suffix (rlm_realm) for request 3 Fri Feb 26 09:09:20 2016 : Debug: (3) suffix: Checking for suffix after "@" Fri Feb 26 09:09:20 2016 : Debug: (3) suffix: No '@' in User-Name = "test", looking up realm NULL Fri Feb 26 09:09:20 2016 : Debug: (3) suffix: No such realm "NULL" Fri Feb 26 09:09:20 2016 : Debug: (3) modsingle[authorize]: returned from suffix (rlm_realm) for request 3 Fri Feb 26 09:09:20 2016 : Debug: (3) [suffix] = noop Fri Feb 26 09:09:20 2016 : Debug: (3) modsingle[authorize]: calling eap (rlm_eap) for request 3 Fri Feb 26 09:09:20 2016 : Debug: (3) eap: Peer sent EAP Response (code 2) ID 3 length 6 Fri Feb 26 09:09:20 2016 : Debug: (3) eap: Continuing tunnel setup Fri Feb 26 09:09:20 2016 : Debug: (3) modsingle[authorize]: returned from eap (rlm_eap) for request 3 Fri Feb 26 09:09:20 2016 : Debug: (3) [eap] = ok Fri Feb 26 09:09:20 2016 : Debug: (3) } # authorize = ok Fri Feb 26 09:09:20 2016 : Debug: (3) Found Auth-Type = EAP Fri Feb 26 09:09:20 2016 : Debug: (3) # Executing group from file /etc/freeradius/sites-enabled/default Fri Feb 26 09:09:20 2016 : Debug: (3) authenticate { Fri Feb 26 09:09:20 2016 : Debug: (3) modsingle[authenticate]: calling eap (rlm_eap) for request 3 Fri Feb 26 09:09:20 2016 : Debug: (3) eap: Expiring EAP session with state 0x49d1e9bb4bd2f066 Fri Feb 26 09:09:20 2016 : Debug: (3) eap: Finished EAP session with state 0x49d1e9bb4bd2f066 Fri Feb 26 09:09:20 2016 : Debug: (3) eap: Previous EAP request found for state 0x49d1e9bb4bd2f066, released from the list Fri Feb 26 09:09:20 2016 : Debug: (3) eap: Peer sent packet with method EAP PEAP (25) Fri Feb 26 09:09:20 2016 : Debug: (3) eap: Calling submodule eap_peap to process data Fri Feb 26 09:09:20 2016 : Debug: (3) eap_peap: Continuing EAP-TLS Fri Feb 26 09:09:20 2016 : Debug: (3) eap_peap: Peer sent flags --- Fri Feb 26 09:09:20 2016 : Debug: (3) eap_peap: Peer ACKed our handshake fragment Fri Feb 26 09:09:20 2016 : Debug: (3) eap_peap: [eaptls verify] = request Fri Feb 26 09:09:20 2016 : Debug: (3) eap_peap: [eaptls process] = handled Fri Feb 26 09:09:20 2016 : Debug: (3) eap: Sending EAP Request (code 1) ID 4 length 1000 Fri Feb 26 09:09:20 2016 : Debug: (3) eap: EAP session adding &reply:State = 0x49d1e9bb4ad5f066 Fri Feb 26 09:09:20 2016 : Debug: (3) modsingle[authenticate]: returned from eap (rlm_eap) for request 3 Fri Feb 26 09:09:20 2016 : Debug: (3) [eap] = handled Fri Feb 26 09:09:20 2016 : Debug: (3) } # authenticate = handled Fri Feb 26 09:09:20 2016 : Debug: (3) Using Post-Auth-Type Challenge Fri Feb 26 09:09:20 2016 : Debug: (3) Post-Auth-Type sub-section not found. Ignoring. Fri Feb 26 09:09:20 2016 : Debug: (3) # Executing group from file /etc/freeradius/sites-enabled/default Fri Feb 26 09:09:20 2016 : Debug: (3) session-state: Nothing to cache Fri Feb 26 09:09:20 2016 : Debug: (3) Sent Access-Challenge Id 97 from 192.168.1.65:1812 to 192.168.6.211:1812 length 0 Fri Feb 26 09:09:20 2016 : Debug: (3) EAP-Message = 0x010403e8194037f46e0cd6a1c7903aa76984aa8740c82df8d7e54ac0028e4acb7016fb031b9e8d801916efbc80b0502432c9edfe776560ac6860c8c92f7dcc0602db1761dd3cdeedc764a04c9323ec69c92a4cae841cb61bfcde2132df31e7d70004e8308204e4308203cca0030201020209008811b646 Fri Feb 26 09:09:20 2016 : Debug: (3) Message-Authenticator = 0x00000000000000000000000000000000 Fri Feb 26 09:09:20 2016 : Debug: (3) State = 0x49d1e9bb4ad5f06604270874f25476f7 Fri Feb 26 09:09:20 2016 : Debug: (3) Finished request Fri Feb 26 09:09:20 2016 : Debug: Waking up in 4.9 seconds. Fri Feb 26 09:09:20 2016 : Debug: (4) Received Access-Request Id 98 from 192.168.6.211:1812 to 192.168.1.65:1812 length 131 Fri Feb 26 09:09:20 2016 : Debug: (4) User-Name = "test" Fri Feb 26 09:09:20 2016 : Debug: (4) NAS-IP-Address = 211.6.168.192 Fri Feb 26 09:09:20 2016 : Debug: (4) NAS-Identifier = "SWITCH01-TEST" Fri Feb 26 09:09:20 2016 : Debug: (4) NAS-Port-Type = Virtual Fri Feb 26 09:09:20 2016 : Debug: (4) Service-Type = NAS-Prompt-User Fri Feb 26 09:09:20 2016 : Debug: (4) State = 0x49d1e9bb4ad5f06604270874f25476f7 Fri Feb 26 09:09:20 2016 : Debug: (4) EAP-Message = 0x020400061900 Fri Feb 26 09:09:20 2016 : Debug: (4) Message-Authenticator = 0x2b99fbc2e77e6ad0efb2e85b90a62f18 Fri Feb 26 09:09:20 2016 : Debug: (4) MS-RAS-Vendor = 184549376 Fri Feb 26 09:09:20 2016 : Debug: (4) Calling-Station-Id = "192.168.14.114" Fri Feb 26 09:09:20 2016 : Debug: (4) session-state: No cached attributes Fri Feb 26 09:09:20 2016 : Debug: (4) # Executing section authorize from file /etc/freeradius/sites-enabled/default Fri Feb 26 09:09:20 2016 : Debug: (4) authorize { Fri Feb 26 09:09:20 2016 : Debug: (4) modsingle[authorize]: calling preprocess (rlm_preprocess) for request 4 Fri Feb 26 09:09:20 2016 : Debug: (4) modsingle[authorize]: returned from preprocess (rlm_preprocess) for request 4 Fri Feb 26 09:09:20 2016 : Debug: (4) [preprocess] = ok Fri Feb 26 09:09:20 2016 : Debug: (4) modsingle[authorize]: calling chap (rlm_chap) for request 4 Fri Feb 26 09:09:20 2016 : Debug: (4) modsingle[authorize]: returned from chap (rlm_chap) for request 4 Fri Feb 26 09:09:20 2016 : Debug: (4) [chap] = noop Fri Feb 26 09:09:20 2016 : Debug: (4) modsingle[authorize]: calling mschap (rlm_mschap) for request 4 Fri Feb 26 09:09:20 2016 : Debug: (4) modsingle[authorize]: returned from mschap (rlm_mschap) for request 4 Fri Feb 26 09:09:20 2016 : Debug: (4) [mschap] = noop Fri Feb 26 09:09:20 2016 : Debug: (4) modsingle[authorize]: calling digest (rlm_digest) for request 4 Fri Feb 26 09:09:20 2016 : Debug: (4) modsingle[authorize]: returned from digest (rlm_digest) for request 4 Fri Feb 26 09:09:20 2016 : Debug: (4) [digest] = noop Fri Feb 26 09:09:20 2016 : Debug: (4) modsingle[authorize]: calling suffix (rlm_realm) for request 4 Fri Feb 26 09:09:20 2016 : Debug: (4) suffix: Checking for suffix after "@" Fri Feb 26 09:09:20 2016 : Debug: (4) suffix: No '@' in User-Name = "test", looking up realm NULL Fri Feb 26 09:09:20 2016 : Debug: (4) suffix: No such realm "NULL" Fri Feb 26 09:09:20 2016 : Debug: (4) modsingle[authorize]: returned from suffix (rlm_realm) for request 4 Fri Feb 26 09:09:20 2016 : Debug: (4) [suffix] = noop Fri Feb 26 09:09:20 2016 : Debug: (4) modsingle[authorize]: calling eap (rlm_eap) for request 4 Fri Feb 26 09:09:20 2016 : Debug: (4) eap: Peer sent EAP Response (code 2) ID 4 length 6 Fri Feb 26 09:09:20 2016 : Debug: (4) eap: Continuing tunnel setup Fri Feb 26 09:09:20 2016 : Debug: (4) modsingle[authorize]: returned from eap (rlm_eap) for request 4 Fri Feb 26 09:09:20 2016 : Debug: (4) [eap] = ok Fri Feb 26 09:09:20 2016 : Debug: (4) } # authorize = ok Fri Feb 26 09:09:20 2016 : Debug: (4) Found Auth-Type = EAP Fri Feb 26 09:09:20 2016 : Debug: (4) # Executing group from file /etc/freeradius/sites-enabled/default Fri Feb 26 09:09:20 2016 : Debug: (4) authenticate { Fri Feb 26 09:09:20 2016 : Debug: (4) modsingle[authenticate]: calling eap (rlm_eap) for request 4 Fri Feb 26 09:09:20 2016 : Debug: (4) eap: Expiring EAP session with state 0x49d1e9bb4ad5f066 Fri Feb 26 09:09:20 2016 : Debug: (4) eap: Finished EAP session with state 0x49d1e9bb4ad5f066 Fri Feb 26 09:09:20 2016 : Debug: (4) eap: Previous EAP request found for state 0x49d1e9bb4ad5f066, released from the list Fri Feb 26 09:09:20 2016 : Debug: (4) eap: Peer sent packet with method EAP PEAP (25) Fri Feb 26 09:09:20 2016 : Debug: (4) eap: Calling submodule eap_peap to process data Fri Feb 26 09:09:20 2016 : Debug: (4) eap_peap: Continuing EAP-TLS Fri Feb 26 09:09:20 2016 : Debug: (4) eap_peap: Peer sent flags --- Fri Feb 26 09:09:20 2016 : Debug: (4) eap_peap: Peer ACKed our handshake fragment Fri Feb 26 09:09:20 2016 : Debug: (4) eap_peap: [eaptls verify] = request Fri Feb 26 09:09:20 2016 : Debug: (4) eap_peap: [eaptls process] = handled Fri Feb 26 09:09:20 2016 : Debug: (4) eap: Sending EAP Request (code 1) ID 5 length 370 Fri Feb 26 09:09:20 2016 : Debug: (4) eap: EAP session adding &reply:State = 0x49d1e9bb4dd4f066 Fri Feb 26 09:09:20 2016 : Debug: (4) modsingle[authenticate]: returned from eap (rlm_eap) for request 4 Fri Feb 26 09:09:20 2016 : Debug: (4) [eap] = handled Fri Feb 26 09:09:20 2016 : Debug: (4) } # authenticate = handled Fri Feb 26 09:09:20 2016 : Debug: (4) Using Post-Auth-Type Challenge Fri Feb 26 09:09:20 2016 : Debug: (4) Post-Auth-Type sub-section not found. Ignoring. Fri Feb 26 09:09:20 2016 : Debug: (4) # Executing group from file /etc/freeradius/sites-enabled/default Fri Feb 26 09:09:20 2016 : Debug: (4) session-state: Nothing to cache Fri Feb 26 09:09:20 2016 : Debug: (4) Sent Access-Challenge Id 98 from 192.168.1.65:1812 to 192.168.6.211:1812 length 0 Fri Feb 26 09:09:20 2016 : Debug: (4) EAP-Message = 0x010501721900b646e6d0eb27300f0603551d130101ff040530030101ff30360603551d1f042f302d302ba029a0278625687474703a2f2f7777772e6578616d706c652e6f72672f6578616d706c655f63612e63726c300d06092a864886f70d01010b050003820101004e489dea74691aee9abfa8bd8500 Fri Feb 26 09:09:20 2016 : Debug: (4) Message-Authenticator = 0x00000000000000000000000000000000 Fri Feb 26 09:09:20 2016 : Debug: (4) State = 0x49d1e9bb4dd4f06604270874f25476f7 Fri Feb 26 09:09:20 2016 : Debug: (4) Finished request Fri Feb 26 09:09:20 2016 : Debug: Waking up in 4.9 seconds. Fri Feb 26 09:09:25 2016 : Debug: (0) Cleaning up request packet ID 94 with timestamp +8 Fri Feb 26 09:09:25 2016 : Debug: (1) Cleaning up request packet ID 95 with timestamp +8 Fri Feb 26 09:09:25 2016 : Debug: (2) Cleaning up request packet ID 96 with timestamp +8 Fri Feb 26 09:09:25 2016 : Debug: (3) Cleaning up request packet ID 97 with timestamp +8 Fri Feb 26 09:09:25 2016 : Debug: (4) Cleaning up request packet ID 98 with timestamp +8 Fri Feb 26 09:09:25 2016 : Info: Ready to process requests Can anyone help me? Best regards jonas
On Fri, Feb 26, 2016 at 5:11 PM, Kiefer, Jonas <jonas.kiefer@classen.de> wrote:
Hello freeradius users,
i install a freeradius 3 with mysql and daloradius on ubuntu 14.04 lts. Now i trie to get the radius authentification working with a hp procurve 2530 switch. But the Radius Server does not send any Access-Accept Message. Only Access-Challanges will send tot he switch:
Logfile: Fri Feb 26 09:09:12 2016 : Debug: Server was built with:
(1) Please use "freeradius -X". Or better yet, start by reading http://wiki.freeradius.org/guide/Troubleshooting . There's a link at the bottom that might help you read the resulting log (2) You have weird errors: Fri Feb 26 09:09:12 2016 : Debug: Loading library using absolute path "/usr/lib/freeradius/proto_auth.so" Fri Feb 26 09:09:12 2016 : Debug: Failed with error: /usr/lib/freeradius/proto_auth.so: cannot open shared object file: No such file or directory Which config did you use as template? Note that you can NOT simply copy-paste FR2's config (even if you adjust the path). Start from scratch, edit the config files by hand (3) As suggested on (1), Make small, discrete changes to the configuration files. So for example: - fresh install, test with 'radtest' using an entry in users file - enable db, test with radtest again (it should use pap by default, which is easier to debug) - if THAT works, try radtest again, but this time with "-t mschap" - if THAT also work, try again with your actual switch -- Fajar
Hallo, i change the settings on the switch to pap and it work: Copyright (C) 1999-2015 The FreeRADIUS server project and contributors There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE You may redistribute copies of FreeRADIUS under the terms of the GNU General Public License For more information about these matters, see the file named COPYRIGHT Starting - reading configuration files ... including dictionary file /usr/share/freeradius/dictionary including dictionary file /usr/share/freeradius/dictionary.dhcp including dictionary file /usr/share/freeradius/dictionary.vqp including dictionary file /etc/freeradius/dictionary including configuration file /etc/freeradius/radiusd.conf including configuration file /etc/freeradius/proxy.conf including configuration file /etc/freeradius/clients.conf including files in directory /etc/freeradius/mods-enabled/ including configuration file /etc/freeradius/mods-enabled/linelog including configuration file /etc/freeradius/mods-enabled/soh including configuration file /etc/freeradius/mods-enabled/passwd including configuration file /etc/freeradius/mods-enabled/replicate including configuration file /etc/freeradius/mods-enabled/dynamic_clients including configuration file /etc/freeradius/mods-enabled/mschap including configuration file /etc/freeradius/mods-enabled/expr including configuration file /etc/freeradius/mods-enabled/cache_eap including configuration file /etc/freeradius/mods-enabled/files including configuration file /etc/freeradius/mods-enabled/unpack including configuration file /etc/freeradius/mods-enabled/detail.log including configuration file /etc/freeradius/mods-enabled/utf8 including configuration file /etc/freeradius/mods-enabled/always including configuration file /etc/freeradius/mods-enabled/unix including configuration file /etc/freeradius/mods-enabled/chap including configuration file /etc/freeradius/mods-enabled/detail including configuration file /etc/freeradius/mods-enabled/ntlm_auth including configuration file /etc/freeradius/mods-enabled/attr_filter including configuration file /etc/freeradius/mods-enabled/preprocess including configuration file /etc/freeradius/mods-enabled/realm including configuration file /etc/freeradius/mods-enabled/exec including configuration file /etc/freeradius/mods-enabled/sql including configuration file /etc/freeradius/mods-config/sql/main/mysql/queries.conf including configuration file /etc/freeradius/mods-enabled/logintime including configuration file /etc/freeradius/mods-enabled/sradutmp including configuration file /etc/freeradius/mods-enabled/digest including configuration file /etc/freeradius/mods-enabled/radutmp including configuration file /etc/freeradius/mods-enabled/eap including configuration file /etc/freeradius/mods-enabled/pap including configuration file /etc/freeradius/mods-enabled/expiration including configuration file /etc/freeradius/mods-enabled/echo including files in directory /etc/freeradius/policy.d/ including configuration file /etc/freeradius/policy.d/abfab-tr including configuration file /etc/freeradius/policy.d/control including configuration file /etc/freeradius/policy.d/cui including configuration file /etc/freeradius/policy.d/dhcp including configuration file /etc/freeradius/policy.d/accounting including configuration file /etc/freeradius/policy.d/canonicalization including configuration file /etc/freeradius/policy.d/debug including configuration file /etc/freeradius/policy.d/operator-name including configuration file /etc/freeradius/policy.d/filter including configuration file /etc/freeradius/policy.d/eap including files in directory /etc/freeradius/sites-enabled/ including configuration file /etc/freeradius/sites-enabled/default including configuration file /etc/freeradius/sites-enabled/inner-tunnel including files in directory /etc/freeradius/sites-enabled/ including configuration file /etc/freeradius/sites-enabled/default including configuration file /etc/freeradius/sites-enabled/inner-tunnel main { security { user = "freerad" group = "freerad" allow_core_dumps = no } name = "freeradius" prefix = "/usr" localstatedir = "/var" logdir = "/var/log/freeradius" run_dir = "/var/run/freeradius" } main { name = "freeradius" prefix = "/usr" localstatedir = "/var" sbindir = "/usr/sbin" logdir = "/var/log/freeradius" run_dir = "/var/run/freeradius" libdir = "/usr/lib/freeradius" radacctdir = "/var/log/freeradius/radacct" hostname_lookups = no max_request_time = 30 cleanup_delay = 5 max_requests = 16384 pidfile = "/var/run/freeradius/freeradius.pid" checkrad = "/usr/sbin/checkrad" debug_level = 0 proxy_requests = yes log { stripped_names = no auth = no auth_badpass = no auth_goodpass = no colourise = yes msg_denied = "You are already logged in - access denied" } resources { } security { max_attributes = 200 reject_delay = 1.000000 status_server = yes } } radiusd: #### Loading Realms and Home Servers #### proxy server { retry_delay = 5 retry_count = 3 default_fallback = no dead_time = 120 wake_all_if_all_dead = no } home_server localhost { ipaddr = 127.0.0.1 port = 1812 type = "auth" secret = <<< secret >>> response_window = 20.000000 response_timeouts = 1 max_outstanding = 65536 zombie_period = 40 status_check = "status-server" ping_interval = 30 check_interval = 30 check_timeout = 4 num_answers_to_alive = 3 revive_interval = 120 limit { max_connections = 16 max_requests = 0 lifetime = 0 idle_timeout = 0 } coa { irt = 2 mrt = 16 mrc = 5 mrd = 30 } } home_server_pool my_auth_failover { type = fail-over home_server = localhost } realm example.com { auth_pool = my_auth_failover } realm LOCAL { } radiusd: #### Loading Clients #### client localhost { ipaddr = 127.0.0.1 require_message_authenticator = no secret = <<< secret >>> nas_type = "other" proto = "*" limit { max_connections = 16 lifetime = 0 idle_timeout = 30 } } client localhost_ipv6 { ipv6addr = ::1 require_message_authenticator = no secret = <<< secret >>> limit { max_connections = 16 lifetime = 0 idle_timeout = 30 } } Debugger not attached # Creating Auth-Type = digest radiusd: #### Instantiating modules #### # Loaded module rlm_linelog # Loading module "linelog" from file /etc/freeradius/mods-enabled/linelog linelog { filename = "/var/log/freeradius/linelog" escape_filenames = no syslog_severity = "info" permissions = 384 format = "This is a log message for %{User-Name}" reference = "messages.%{%{reply:Packet-Type}:-default}" } # Loading module "log_accounting" from file /etc/freeradius/mods-enabled/linelog linelog log_accounting { filename = "/var/log/freeradius/linelog-accounting" escape_filenames = no syslog_severity = "info" permissions = 384 format = "" reference = "Accounting-Request.%{%{Acct-Status-Type}:-unknown}" } # Loaded module rlm_soh # Loading module "soh" from file /etc/freeradius/mods-enabled/soh soh { dhcp = yes } # Loaded module rlm_passwd # Loading module "etc_passwd" from file /etc/freeradius/mods-enabled/passwd passwd etc_passwd { filename = "/etc/passwd" format = "*User-Name:Crypt-Password:" delimiter = ":" ignore_nislike = no ignore_empty = yes allow_multiple_keys = no hash_size = 100 } # Loaded module rlm_replicate # Loading module "replicate" from file /etc/freeradius/mods-enabled/replicate # Loaded module rlm_dynamic_clients # Loading module "dynamic_clients" from file /etc/freeradius/mods-enabled/dynamic_clients # Loaded module rlm_mschap # Loading module "mschap" from file /etc/freeradius/mods-enabled/mschap mschap { use_mppe = yes require_encryption = no require_strong = no with_ntdomain_hack = yes passchange { } allow_retry = yes } # Loaded module rlm_expr # Loading module "expr" from file /etc/freeradius/mods-enabled/expr expr { safe_characters = "@abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789.-_: /äéöüàâæçèéêëîïôœùûüaÿÄÉÖÜßÀÂÆÇÈÉÊËÎÏÔŒÙÛÜŸ" } # Loaded module rlm_cache # Loading module "cache_eap" from file /etc/freeradius/mods-enabled/cache_eap cache cache_eap { driver = "rlm_cache_rbtree" key = "%{%{control:State}:-%{%{reply:State}:-%{State}}}" ttl = 15 max_entries = 0 epoch = 0 add_stats = no } # Loaded module rlm_files # Loading module "files" from file /etc/freeradius/mods-enabled/files files { filename = "/etc/freeradius/mods-config/files/authorize" acctusersfile = "/etc/freeradius/mods-config/files/accounting" preproxy_usersfile = "/etc/freeradius/mods-config/files/pre-proxy" } # Loaded module rlm_unpack # Loading module "unpack" from file /etc/freeradius/mods-enabled/unpack # Loaded module rlm_detail # Loading module "auth_log" from file /etc/freeradius/mods-enabled/detail.log detail auth_log { filename = "/var/log/freeradius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d" header = "%t" permissions = 384 locking = no escape_filenames = no log_packet_header = no } # Loading module "reply_log" from file /etc/freeradius/mods-enabled/detail.log detail reply_log { filename = "/var/log/freeradius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/reply-detail-%Y%m%d" header = "%t" permissions = 384 locking = no escape_filenames = no log_packet_header = no } # Loading module "pre_proxy_log" from file /etc/freeradius/mods-enabled/detail.log detail pre_proxy_log { filename = "/var/log/freeradius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/pre-proxy-detail-%Y%m%d" header = "%t" permissions = 384 locking = no escape_filenames = no log_packet_header = no } # Loading module "post_proxy_log" from file /etc/freeradius/mods-enabled/detail.log detail post_proxy_log { filename = "/var/log/freeradius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/post-proxy-detail-%Y%m%d" header = "%t" permissions = 384 locking = no escape_filenames = no log_packet_header = no } # Loaded module rlm_utf8 # Loading module "utf8" from file /etc/freeradius/mods-enabled/utf8 # Loaded module rlm_always # Loading module "reject" from file /etc/freeradius/mods-enabled/always always reject { rcode = "reject" simulcount = 0 mpp = no } # Loading module "fail" from file /etc/freeradius/mods-enabled/always always fail { rcode = "fail" simulcount = 0 mpp = no } # Loading module "ok" from file /etc/freeradius/mods-enabled/always always ok { rcode = "ok" simulcount = 0 mpp = no } # Loading module "handled" from file /etc/freeradius/mods-enabled/always always handled { rcode = "handled" simulcount = 0 mpp = no } # Loading module "invalid" from file /etc/freeradius/mods-enabled/always always invalid { rcode = "invalid" simulcount = 0 mpp = no } # Loading module "userlock" from file /etc/freeradius/mods-enabled/always always userlock { rcode = "userlock" simulcount = 0 mpp = no } # Loading module "notfound" from file /etc/freeradius/mods-enabled/always always notfound { rcode = "notfound" simulcount = 0 mpp = no } # Loading module "noop" from file /etc/freeradius/mods-enabled/always always noop { rcode = "noop" simulcount = 0 mpp = no } # Loading module "updated" from file /etc/freeradius/mods-enabled/always always updated { rcode = "updated" simulcount = 0 mpp = no } # Loaded module rlm_unix # Loading module "unix" from file /etc/freeradius/mods-enabled/unix unix { radwtmp = "/var/log/freeradius/radwtmp" } Creating attribute Unix-Group # Loaded module rlm_chap # Loading module "chap" from file /etc/freeradius/mods-enabled/chap # Loading module "detail" from file /etc/freeradius/mods-enabled/detail detail { filename = "/var/log/freeradius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/detail-%Y%m%d" header = "%t" permissions = 384 locking = no escape_filenames = no log_packet_header = no } # Loaded module rlm_exec # Loading module "ntlm_auth" from file /etc/freeradius/mods-enabled/ntlm_auth exec ntlm_auth { wait = yes program = "/path/to/ntlm_auth --request-nt-key --domain=MYDOMAIN --username=%{mschap:User-Name} --password=%{User-Password}" shell_escape = yes } # Loaded module rlm_attr_filter # Loading module "attr_filter.post-proxy" from file /etc/freeradius/mods-enabled/attr_filter attr_filter attr_filter.post-proxy { filename = "/etc/freeradius/mods-config/attr_filter/post-proxy" key = "%{Realm}" relaxed = no } # Loading module "attr_filter.pre-proxy" from file /etc/freeradius/mods-enabled/attr_filter attr_filter attr_filter.pre-proxy { filename = "/etc/freeradius/mods-config/attr_filter/pre-proxy" key = "%{Realm}" relaxed = no } # Loading module "attr_filter.access_reject" from file /etc/freeradius/mods-enabled/attr_filter attr_filter attr_filter.access_reject { filename = "/etc/freeradius/mods-config/attr_filter/access_reject" key = "%{User-Name}" relaxed = no } # Loading module "attr_filter.access_challenge" from file /etc/freeradius/mods-enabled/attr_filter attr_filter attr_filter.access_challenge { filename = "/etc/freeradius/mods-config/attr_filter/access_challenge" key = "%{User-Name}" relaxed = no } # Loading module "attr_filter.accounting_response" from file /etc/freeradius/mods-enabled/attr_filter attr_filter attr_filter.accounting_response { filename = "/etc/freeradius/mods-config/attr_filter/accounting_response" key = "%{User-Name}" relaxed = no } # Loaded module rlm_preprocess # Loading module "preprocess" from file /etc/freeradius/mods-enabled/preprocess preprocess { huntgroups = "/etc/freeradius/mods-config/preprocess/huntgroups" hints = "/etc/freeradius/mods-config/preprocess/hints" with_ascend_hack = no ascend_channels_per_line = 23 with_ntdomain_hack = no with_specialix_jetstream_hack = no with_cisco_vsa_hack = no with_alvarion_vsa_hack = no } # Loaded module rlm_realm # Loading module "IPASS" from file /etc/freeradius/mods-enabled/realm realm IPASS { format = "prefix" delimiter = "/" ignore_default = no ignore_null = no } # Loading module "suffix" from file /etc/freeradius/mods-enabled/realm realm suffix { format = "suffix" delimiter = "@" ignore_default = no ignore_null = no } # Loading module "realmpercent" from file /etc/freeradius/mods-enabled/realm realm realmpercent { format = "suffix" delimiter = "%" ignore_default = no ignore_null = no } # Loading module "ntdomain" from file /etc/freeradius/mods-enabled/realm realm ntdomain { format = "prefix" delimiter = "\\" ignore_default = no ignore_null = no } # Loading module "exec" from file /etc/freeradius/mods-enabled/exec exec { wait = no input_pairs = "request" shell_escape = yes timeout = 10 } # Loaded module rlm_sql # Loading module "sql" from file /etc/freeradius/mods-enabled/sql sql { driver = "rlm_sql_mysql" server = "localhost" port = 3306 login = "freeradius" password = <<< secret >>> radius_db = "radius" read_groups = yes read_profiles = yes read_clients = yes delete_stale_sessions = yes sql_user_name = "%{User-Name}" default_user_profile = "" client_query = "SELECT id, nasname, shortname, type, secret, server FROM nas" authorize_check_query = "SELECT id, username, attribute, value, op FROM radcheck WHERE username = '%{SQL-User-Name}' ORDER BY id" authorize_reply_query = "SELECT id, username, attribute, value, op FROM radreply WHERE username = '%{SQL-User-Name}' ORDER BY id" authorize_group_check_query = "SELECT id, groupname, attribute, Value, op FROM radgroupcheck WHERE groupname = '%{SQL-Group}' ORDER BY id" authorize_group_reply_query = "SELECT id, groupname, attribute, value, op FROM radgroupreply WHERE groupname = '%{SQL-Group}' ORDER BY id" group_membership_query = "SELECT groupname FROM radusergroup WHERE username = '%{SQL-User-Name}' ORDER BY priority" simul_verify_query = "SELECT radacctid, acctsessionid, username, nasipaddress, nasportid, framedipaddress, callingstationid, framedprotocol FROM radacct WHERE username = '%{SQL-User-Name}' AND acctstoptime IS NULL" safe_characters = "@abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789.-_: /" accounting { reference = "%{tolower:type.%{Acct-Status-Type}.query}" type { accounting-on { query = "UPDATE radacct SET acctstoptime = FROM_UNIXTIME(%{integer:Event-Timestamp}), acctsessiontime = '%{integer:Event-Timestamp}' - UNIX_TIMESTAMP(acctstarttime), acctterminatecause = '%{%{Acct-Terminate-Cause}:-NAS-Reboot}' WHERE acctstoptime IS NULL AND nasipaddress = '%{NAS-IP-Address}' AND acctstarttime <= FROM_UNIXTIME(%{integer:Event-Timestamp})" } accounting-off { query = "UPDATE radacct SET acctstoptime = FROM_UNIXTIME(%{integer:Event-Timestamp}), acctsessiontime = '%{integer:Event-Timestamp}' - UNIX_TIMESTAMP(acctstarttime), acctterminatecause = '%{%{Acct-Terminate-Cause}:-NAS-Reboot}' WHERE acctstoptime IS NULL AND nasipaddress = '%{NAS-IP-Address}' AND acctstarttime <= FROM_UNIXTIME(%{integer:Event-Timestamp})" } start { query = "INSERT INTO radacct (acctsessionid, acctuniqueid, username, realm, nasipaddress, nasportid, nasporttype, acctstarttime, acctupdatetime, acctstoptime, acctsessiontime, acctauthentic, connectinfo_start, connectinfo_stop, acctinputoctets, acctoutputoctets, calledstationid, callingstationid, acctterminatecause, servicetype, framedprotocol, framedipaddress) VALUES ('%{Acct-Session-Id}', '%{Acct-Unique-Session-Id}', '%{SQL-User-Name}', '%{Realm}', '%{NAS-IP-Address}', '%{%{NAS-Port-ID}:-%{NAS-Port}}', '%{NAS-Port-Type}', FROM_UNIXTIME(%{integer:Event-Timestamp}), FROM_UNIXTIME(%{integer:Event-Timestamp}), NULL, '0', '%{Acct-Authentic}', '%{Connect-Info}', '', '0', '0', '%{Called-Station-Id}', '%{Calling-Station-Id}', '', '%{Service-Type}', '%{Framed-Protocol}', '%{Framed-IP-Address}')" } interim-update { query = "UPDATE radacct SET acctupdatetime = (@acctupdatetime_old:=acctupdatetime), acctupdatetime = FROM_UNIXTIME(%{integer:Event-Timestamp}), acctinterval = %{integer:Event-Timestamp} - UNIX_TIMESTAMP(@acctupdatetime_old), framedipaddress = '%{Framed-IP-Address}', acctsessiontime = %{%{Acct-Session-Time}:-NULL}, acctinputoctets = '%{%{Acct-Input-Gigawords}:-0}' << 32 | '%{%{Acct-Input-Octets}:-0}', acctoutputoctets = '%{%{Acct-Output-Gigawords}:-0}' << 32 | '%{%{Acct-Output-Octets}:-0}' WHERE AcctUniqueId = '%{Acct-Unique-Session-Id}'" } stop { query = "UPDATE radacct SET acctstoptime = FROM_UNIXTIME(%{integer:Event-Timestamp}), acctsessiontime = %{%{Acct-Session-Time}:-NULL}, acctinputoctets = '%{%{Acct-Input-Gigawords}:-0}' << 32 | '%{%{Acct-Input-Octets}:-0}', acctoutputoctets = '%{%{Acct-Output-Gigawords}:-0}' << 32 | '%{%{Acct-Output-Octets}:-0}', acctterminatecause = '%{Acct-Terminate-Cause}', connectinfo_stop = '%{Connect-Info}' WHERE AcctUniqueId = '%{Acct-Unique-Session-Id}'" } } } post-auth { reference = ".query" query = "INSERT INTO radpostauth (username, pass, reply, authdate) VALUES ( '%{SQL-User-Name}', '%{%{User-Password}:-%{Chap-Password}}', '%{reply:Packet-Type}', '%S')" } } rlm_sql (sql): Driver rlm_sql_mysql (module rlm_sql_mysql) loaded and linked Creating attribute SQL-Group # Loaded module rlm_logintime # Loading module "logintime" from file /etc/freeradius/mods-enabled/logintime logintime { minimum_timeout = 60 } # Loaded module rlm_radutmp # Loading module "sradutmp" from file /etc/freeradius/mods-enabled/sradutmp radutmp sradutmp { filename = "/var/log/freeradius/sradutmp" username = "%{User-Name}" case_sensitive = yes check_with_nas = yes permissions = 420 caller_id = no } # Loaded module rlm_digest # Loading module "digest" from file /etc/freeradius/mods-enabled/digest # Loading module "radutmp" from file /etc/freeradius/mods-enabled/radutmp radutmp { filename = "/var/log/freeradius/radutmp" username = "%{User-Name}" case_sensitive = yes check_with_nas = yes permissions = 384 caller_id = yes } # Loaded module rlm_eap # Loading module "eap" from file /etc/freeradius/mods-enabled/eap eap { default_eap_type = "md5" timer_expire = 60 ignore_unknown_eap_types = no cisco_accounting_username_bug = no max_sessions = 16384 } # Loaded module rlm_pap # Loading module "pap" from file /etc/freeradius/mods-enabled/pap pap { normalise = yes } # Loaded module rlm_expiration # Loading module "expiration" from file /etc/freeradius/mods-enabled/expiration # Loading module "echo" from file /etc/freeradius/mods-enabled/echo exec echo { wait = yes program = "/bin/echo %{User-Name}" input_pairs = "request" output_pairs = "reply" shell_escape = yes } instantiate { } modules { # Instantiating module "linelog" from file /etc/freeradius/mods-enabled/linelog # Instantiating module "log_accounting" from file /etc/freeradius/mods-enabled/linelog # Instantiating module "etc_passwd" from file /etc/freeradius/mods-enabled/passwd rlm_passwd: nfields: 3 keyfield 0(User-Name) listable: no # Instantiating module "mschap" from file /etc/freeradius/mods-enabled/mschap rlm_mschap (mschap): using internal authentication # Instantiating module "cache_eap" from file /etc/freeradius/mods-enabled/cache_eap rlm_cache (cache_eap): Driver rlm_cache_rbtree (module rlm_cache_rbtree) loaded and linked # Instantiating module "files" from file /etc/freeradius/mods-enabled/files reading pairlist file /etc/freeradius/mods-config/files/authorize reading pairlist file /etc/freeradius/mods-config/files/accounting reading pairlist file /etc/freeradius/mods-config/files/pre-proxy # Instantiating module "auth_log" from file /etc/freeradius/mods-enabled/detail.log rlm_detail (auth_log): 'User-Password' suppressed, will not appear in detail output # Instantiating module "reply_log" from file /etc/freeradius/mods-enabled/detail.log # Instantiating module "pre_proxy_log" from file /etc/freeradius/mods-enabled/detail.log # Instantiating module "post_proxy_log" from file /etc/freeradius/mods-enabled/detail.log # Instantiating module "reject" from file /etc/freeradius/mods-enabled/always # Instantiating module "fail" from file /etc/freeradius/mods-enabled/always # Instantiating module "ok" from file /etc/freeradius/mods-enabled/always # Instantiating module "handled" from file /etc/freeradius/mods-enabled/always # Instantiating module "invalid" from file /etc/freeradius/mods-enabled/always # Instantiating module "userlock" from file /etc/freeradius/mods-enabled/always # Instantiating module "notfound" from file /etc/freeradius/mods-enabled/always # Instantiating module "noop" from file /etc/freeradius/mods-enabled/always # Instantiating module "updated" from file /etc/freeradius/mods-enabled/always # Instantiating module "detail" from file /etc/freeradius/mods-enabled/detail # Instantiating module "attr_filter.post-proxy" from file /etc/freeradius/mods-enabled/attr_filter reading pairlist file /etc/freeradius/mods-config/attr_filter/post-proxy # Instantiating module "attr_filter.pre-proxy" from file /etc/freeradius/mods-enabled/attr_filter reading pairlist file /etc/freeradius/mods-config/attr_filter/pre-proxy # Instantiating module "attr_filter.access_reject" from file /etc/freeradius/mods-enabled/attr_filter reading pairlist file /etc/freeradius/mods-config/attr_filter/access_reject [/etc/freeradius/mods-config/attr_filter/access_reject]:11 Check item "FreeRADIUS-Response-Delay" found in filter list for realm "DEFAULT". [/etc/freeradius/mods-config/attr_filter/access_reject]:11 Check item "FreeRADIUS-Response-Delay-USec" found in filter list for realm "DEFAULT". # Instantiating module "attr_filter.access_challenge" from file /etc/freeradius/mods-enabled/attr_filter reading pairlist file /etc/freeradius/mods-config/attr_filter/access_challenge # Instantiating module "attr_filter.accounting_response" from file /etc/freeradius/mods-enabled/attr_filter reading pairlist file /etc/freeradius/mods-config/attr_filter/accounting_response # Instantiating module "preprocess" from file /etc/freeradius/mods-enabled/preprocess reading pairlist file /etc/freeradius/mods-config/preprocess/huntgroups reading pairlist file /etc/freeradius/mods-config/preprocess/hints # Instantiating module "IPASS" from file /etc/freeradius/mods-enabled/realm # Instantiating module "suffix" from file /etc/freeradius/mods-enabled/realm # Instantiating module "realmpercent" from file /etc/freeradius/mods-enabled/realm # Instantiating module "ntdomain" from file /etc/freeradius/mods-enabled/realm # Instantiating module "sql" from file /etc/freeradius/mods-enabled/sql rlm_sql_mysql: libmysql version: 5.5.47 mysql { tls { } warnings = "auto" } rlm_sql (sql): Attempting to connect to database "radius" rlm_sql (sql): Initialising connection pool pool { start = 5 min = 3 max = 32 spare = 10 uses = 0 lifetime = 0 cleanup_interval = 30 idle_timeout = 60 retry_delay = 30 spread = no } rlm_sql (sql): Opening additional connection (0), 1 of 32 pending slots used rlm_sql_mysql: Starting connect to MySQL server rlm_sql_mysql: Connected to database 'radius' on Localhost via UNIX socket, server version 5.5.47-0ubuntu0.14.04.1, protocol version 10 rlm_sql (sql): Opening additional connection (1), 1 of 31 pending slots used rlm_sql_mysql: Starting connect to MySQL server rlm_sql_mysql: Connected to database 'radius' on Localhost via UNIX socket, server version 5.5.47-0ubuntu0.14.04.1, protocol version 10 rlm_sql (sql): Opening additional connection (2), 1 of 30 pending slots used rlm_sql_mysql: Starting connect to MySQL server rlm_sql_mysql: Connected to database 'radius' on Localhost via UNIX socket, server version 5.5.47-0ubuntu0.14.04.1, protocol version 10 rlm_sql (sql): Opening additional connection (3), 1 of 29 pending slots used rlm_sql_mysql: Starting connect to MySQL server rlm_sql_mysql: Connected to database 'radius' on Localhost via UNIX socket, server version 5.5.47-0ubuntu0.14.04.1, protocol version 10 rlm_sql (sql): Opening additional connection (4), 1 of 28 pending slots used rlm_sql_mysql: Starting connect to MySQL server rlm_sql_mysql: Connected to database 'radius' on Localhost via UNIX socket, server version 5.5.47-0ubuntu0.14.04.1, protocol version 10 rlm_sql (sql): Processing generate_sql_clients rlm_sql (sql) in generate_sql_clients: query is SELECT id, nasname, shortname, type, secret, server FROM nas rlm_sql (sql): Reserved connection (0) rlm_sql (sql): Executing select query: SELECT id, nasname, shortname, type, secret, server FROM nas rlm_sql (sql): Adding client 192.168.6.0/24 () to global clients list rlm_sql (192.168.6.0): Client "" (sql) added rlm_sql (sql): Released connection (0) rlm_sql (sql): Need 5 more connections to reach 10 spares rlm_sql (sql): Opening additional connection (5), 1 of 27 pending slots used rlm_sql_mysql: Starting connect to MySQL server rlm_sql_mysql: Connected to database 'radius' on Localhost via UNIX socket, server version 5.5.47-0ubuntu0.14.04.1, protocol version 10 # Instantiating module "logintime" from file /etc/freeradius/mods-enabled/logintime # Instantiating module "eap" from file /etc/freeradius/mods-enabled/eap # Linked to sub-module rlm_eap_md5 # Linked to sub-module rlm_eap_leap # Linked to sub-module rlm_eap_gtc gtc { challenge = "Password: " auth_type = "PAP" } # Linked to sub-module rlm_eap_tls tls { tls = "tls-common" } tls-config tls-common { rsa_key_exchange = no dh_key_exchange = yes rsa_key_length = 512 dh_key_length = 512 verify_depth = 0 ca_path = "/etc/freeradius/certs" pem_file_type = yes private_key_file = "/etc/freeradius/certs/server.pem" certificate_file = "/etc/freeradius/certs/server.pem" ca_file = "/etc/freeradius/certs/ca.pem" private_key_password = <<< secret >>> dh_file = "/etc/freeradius/certs/dh" fragment_size = 1024 include_length = yes check_crl = no check_all_crl = no cipher_list = "DEFAULT" ecdh_curve = "prime256v1" cache { enable = yes lifetime = 24 max_entries = 255 } verify { } ocsp { enable = no override_cert_url = yes url = "http://127.0.0.1/ocsp/" use_nonce = yes timeout = 0 softfail = no } } # Linked to sub-module rlm_eap_ttls ttls { tls = "tls-common" default_eap_type = "md5" copy_request_to_tunnel = yes use_tunneled_reply = yes virtual_server = "inner-tunnel" include_length = yes require_client_cert = no } tls: Using cached TLS configuration from previous invocation # Linked to sub-module rlm_eap_peap peap { tls = "tls-common" default_eap_type = "mschapv2" copy_request_to_tunnel = yes use_tunneled_reply = yes proxy_tunneled_request_as_eap = yes virtual_server = "inner-tunnel" soh = no require_client_cert = no } tls: Using cached TLS configuration from previous invocation # Linked to sub-module rlm_eap_mschapv2 mschapv2 { with_ntdomain_hack = no send_error = no } # Instantiating module "pap" from file /etc/freeradius/mods-enabled/pap # Instantiating module "expiration" from file /etc/freeradius/mods-enabled/expiration } # modules radiusd: #### Loading Virtual Servers #### server { # from file /etc/freeradius/radiusd.conf } # server server default { # from file /etc/freeradius/sites-enabled/default # Loading authenticate {...} # Loading authorize {...} Ignoring "ldap" (see raddb/mods-available/README.rst) # Loading preacct {...} # Loading accounting {...} # Loading session {...} # Loading post-proxy {...} # Loading post-auth {...} } # server default server inner-tunnel { # from file /etc/freeradius/sites-enabled/inner-tunnel # Loading authenticate {...} # Loading authorize {...} # Loading session {...} # Loading post-proxy {...} # Loading post-auth {...} } # server inner-tunnel radiusd: #### Opening IP addresses and Ports #### listen { type = "auth" ipaddr = * port = 0 limit { max_connections = 16 lifetime = 0 idle_timeout = 30 } } listen { type = "acct" ipaddr = * port = 0 limit { max_connections = 16 lifetime = 0 idle_timeout = 30 } } listen { type = "auth" ipv6addr = :: port = 0 limit { max_connections = 16 lifetime = 0 idle_timeout = 30 } } listen { type = "acct" ipv6addr = :: port = 0 limit { max_connections = 16 lifetime = 0 idle_timeout = 30 } } listen { type = "auth" ipaddr = 127.0.0.1 port = 18120 } Listening on auth address * port 1812 bound to server default Listening on acct address * port 1813 bound to server default Listening on auth address :: port 1812 bound to server default Listening on acct address :: port 1813 bound to server default Listening on auth address 127.0.0.1 port 18120 bound to server inner-tunnel Listening on proxy address * port 58009 Listening on proxy address :: port 55775 Ready to process requests (0) Received Access-Request Id 130 from 192.168.6.211:1812 to 192.168.1.65:1812 length 123 (0) User-Name = "test" (0) User-Password = "test" (0) NAS-IP-Address = 192.168.6.211 (0) NAS-Identifier = "SWITCH01-TEST" (0) NAS-Port-Type = Virtual (0) Service-Type = NAS-Prompt-User (0) Message-Authenticator = 0x7a3a2c3673acce98403c6124d0bd1ef8 (0) MS-RAS-Vendor = 11 (0) Calling-Station-Id = "192.168.14.114" (0) # Executing section authorize from file /etc/freeradius/sites-enabled/default (0) authorize { (0) [preprocess] = ok (0) [chap] = noop (0) [mschap] = noop (0) [digest] = noop (0) suffix: Checking for suffix after "@" (0) suffix: No '@' in User-Name = "test", looking up realm NULL (0) suffix: No such realm "NULL" (0) [suffix] = noop (0) eap: No EAP-Message, not doing EAP (0) [eap] = noop (0) sql: EXPAND %{User-Name} (0) sql: --> test (0) sql: SQL-User-Name set to 'test' rlm_sql (sql): Reserved connection (1) (0) sql: EXPAND SELECT id, username, attribute, value, op FROM radcheck WHERE username = '%{SQL-User-Name}' ORDER BY id (0) sql: --> SELECT id, username, attribute, value, op FROM radcheck WHERE username = 'test' ORDER BY id (0) sql: Executing select query: SELECT id, username, attribute, value, op FROM radcheck WHERE username = 'test' ORDER BY id (0) sql: User found in radcheck table (0) sql: Conditional check items matched, merging assignment check items (0) sql: Cleartext-Password := "test" (0) sql: EXPAND SELECT id, username, attribute, value, op FROM radreply WHERE username = '%{SQL-User-Name}' ORDER BY id (0) sql: --> SELECT id, username, attribute, value, op FROM radreply WHERE username = 'test' ORDER BY id (0) sql: Executing select query: SELECT id, username, attribute, value, op FROM radreply WHERE username = 'test' ORDER BY id (0) sql: EXPAND SELECT groupname FROM radusergroup WHERE username = '%{SQL-User-Name}' ORDER BY priority (0) sql: --> SELECT groupname FROM radusergroup WHERE username = 'test' ORDER BY priority (0) sql: Executing select query: SELECT groupname FROM radusergroup WHERE username = 'test' ORDER BY priority (0) sql: User found in the group table (0) sql: EXPAND SELECT id, groupname, attribute, Value, op FROM radgroupcheck WHERE groupname = '%{SQL-Group}' ORDER BY id (0) sql: --> SELECT id, groupname, attribute, Value, op FROM radgroupcheck WHERE groupname = 'HP-Procurve-Switch' ORDER BY id (0) sql: Executing select query: SELECT id, groupname, attribute, Value, op FROM radgroupcheck WHERE groupname = 'HP-Procurve-Switch' ORDER BY id (0) sql: Group "HP-Procurve-Switch": Conditional check items matched (0) sql: Group "HP-Procurve-Switch": Merging assignment check items (0) sql: EXPAND SELECT id, groupname, attribute, value, op FROM radgroupreply WHERE groupname = '%{SQL-Group}' ORDER BY id (0) sql: --> SELECT id, groupname, attribute, value, op FROM radgroupreply WHERE groupname = 'HP-Procurve-Switch' ORDER BY id (0) sql: Executing select query: SELECT id, groupname, attribute, value, op FROM radgroupreply WHERE groupname = 'HP-Procurve-Switch' ORDER BY id (0) sql: Group "HP-Procurve-Switch": Merging reply items (0) sql: Service-Type = Administrative-User rlm_sql (sql): Released connection (1) rlm_sql (sql): Need 4 more connections to reach 10 spares rlm_sql (sql): Opening additional connection (6), 1 of 26 pending slots used rlm_sql_mysql: Starting connect to MySQL server rlm_sql_mysql: Connected to database 'radius' on Localhost via UNIX socket, server version 5.5.47-0ubuntu0.14.04.1, protocol version 10 (0) [sql] = ok (0) [expiration] = noop (0) [logintime] = noop (0) [pap] = updated (0) } # authorize = updated (0) Found Auth-Type = PAP (0) # Executing group from file /etc/freeradius/sites-enabled/default (0) Auth-Type PAP { (0) pap: Login attempt with password (0) pap: Comparing with "known good" Cleartext-Password (0) pap: User authenticated successfully (0) [pap] = ok (0) } # Auth-Type PAP = ok (0) # Executing section post-auth from file /etc/freeradius/sites-enabled/default (0) post-auth { (0) update { (0) No attributes updated (0) } # update = noop (0) sql: EXPAND .query (0) sql: --> .query (0) sql: Using query template 'query' rlm_sql (sql): Reserved connection (2) (0) sql: EXPAND %{User-Name} (0) sql: --> test (0) sql: SQL-User-Name set to 'test' (0) sql: EXPAND INSERT INTO radpostauth (username, pass, reply, authdate) VALUES ( '%{SQL-User-Name}', '%{%{User-Password}:-%{Chap-Password}}', '%{reply:Packet-Type}', '%S') (0) sql: --> INSERT INTO radpostauth (username, pass, reply, authdate) VALUES ( 'test', 'test', 'Access-Accept', '2016-02-26 10:05:15') (0) sql: Executing query: INSERT INTO radpostauth (username, pass, reply, authdate) VALUES ( 'test', 'test', 'Access-Accept', '2016-02-26 10:05:15') (0) sql: SQL query returned: success (0) sql: 1 record(s) updated rlm_sql (sql): Released connection (2) (0) [sql] = ok (0) [exec] = noop (0) } # post-auth = ok (0) Sent Access-Accept Id 130 from 192.168.1.65:1812 to 192.168.6.211:1812 length 0 (0) Service-Type = Administrative-User (0) Finished request Waking up in 4.9 seconds. (0) Cleaning up request packet ID 130 with timestamp +11 But i will use the safe variant. Best regards jonas -----Ursprüngliche Nachricht----- Von: Freeradius-Users [mailto:freeradius-users-bounces+jonas.kiefer=classen.de@lists.freeradius.org] Im Auftrag von Fajar A. Nugraha Gesendet: Freitag, 26. Februar 2016 11:26 An: FreeRadius users mailing list <freeradius-users@lists.freeradius.org> Betreff: Re: freeradius 3 + mysql configure On Fri, Feb 26, 2016 at 5:11 PM, Kiefer, Jonas <jonas.kiefer@classen.de> wrote:
Hello freeradius users,
i install a freeradius 3 with mysql and daloradius on ubuntu 14.04 lts. Now i trie to get the radius authentification working with a hp procurve 2530 switch. But the Radius Server does not send any Access-Accept Message. Only Access-Challanges will send tot he switch:
Logfile: Fri Feb 26 09:09:12 2016 : Debug: Server was built with:
(1) Please use "freeradius -X". Or better yet, start by reading http://wiki.freeradius.org/guide/Troubleshooting . There's a link at the bottom that might help you read the resulting log (2) You have weird errors: Fri Feb 26 09:09:12 2016 : Debug: Loading library using absolute path "/usr/lib/freeradius/proto_auth.so" Fri Feb 26 09:09:12 2016 : Debug: Failed with error: /usr/lib/freeradius/proto_auth.so: cannot open shared object file: No such file or directory Which config did you use as template? Note that you can NOT simply copy-paste FR2's config (even if you adjust the path). Start from scratch, edit the config files by hand (3) As suggested on (1), Make small, discrete changes to the configuration files. So for example: - fresh install, test with 'radtest' using an entry in users file - enable db, test with radtest again (it should use pap by default, which is easier to debug) - if THAT works, try radtest again, but this time with "-t mschap" - if THAT also work, try again with your actual switch -- Fajar - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
On Fri, Feb 26, 2016 at 6:10 PM, Kiefer, Jonas <jonas.kiefer@classen.de> wrote:
Hallo,
i change the settings on the switch to pap and it work:
Glad to hear that
(0) Cleaning up request packet ID 130 with timestamp +11
But i will use the safe variant.
You mean you want to use mschap? Start by using "radtest -t mschap" to help isolate whether it's FR config problem or switch problem. -- Fajar
Hi, i test it with radtest an all -t options. Everytime i get a access-accept reply. Now what is the problem with my switch? With the old server (freeradius 2.x) it works Best regards jonas -----Ursprüngliche Nachricht----- Von: Freeradius-Users [mailto:freeradius-users-bounces+jonas.kiefer=classen.de@lists.freeradius.org] Im Auftrag von Fajar A. Nugraha Gesendet: Freitag, 26. Februar 2016 12:14 An: FreeRadius users mailing list <freeradius-users@lists.freeradius.org> Betreff: Re: freeradius 3 + mysql configure On Fri, Feb 26, 2016 at 6:10 PM, Kiefer, Jonas <jonas.kiefer@classen.de> wrote:
Hallo,
i change the settings on the switch to pap and it work:
Glad to hear that
(0) Cleaning up request packet ID 130 with timestamp +11
But i will use the safe variant.
You mean you want to use mschap? Start by using "radtest -t mschap" to help isolate whether it's FR config problem or switch problem. -- Fajar - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Try with "freeradius -X" (should be easier to read) and the link from FR wiki. At least you know that basic mschap works, so it's probably some config items specific to your switch that needs tweaking. -- Fajar On Mon, Feb 29, 2016 at 3:09 PM, Kiefer, Jonas <jonas.kiefer@classen.de> wrote:
Hi,
i test it with radtest an all -t options. Everytime i get a access-accept reply.
Now what is the problem with my switch? With the old server (freeradius 2.x) it works
Best regards
jonas
-----Ursprüngliche Nachricht----- Von: Freeradius-Users [mailto:freeradius-users-bounces+jonas.kiefer=classen.de@lists.freeradius.org] Im Auftrag von Fajar A. Nugraha Gesendet: Freitag, 26. Februar 2016 12:14 An: FreeRadius users mailing list <freeradius-users@lists.freeradius.org> Betreff: Re: freeradius 3 + mysql configure
On Fri, Feb 26, 2016 at 6:10 PM, Kiefer, Jonas <jonas.kiefer@classen.de> wrote:
Hallo,
i change the settings on the switch to pap and it work:
Glad to hear that
(0) Cleaning up request packet ID 130 with timestamp +11
But i will use the safe variant.
You mean you want to use mschap?
Start by using "radtest -t mschap" to help isolate whether it's FR config problem or switch problem.
-- Fajar - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Here is my debugging output: Copyright (C) 1999-2015 The FreeRADIUS server project and contributors There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE You may redistribute copies of FreeRADIUS under the terms of the GNU General Public License For more information about these matters, see the file named COPYRIGHT Starting - reading configuration files ... including dictionary file /usr/share/freeradius/dictionary including dictionary file /usr/share/freeradius/dictionary.dhcp including dictionary file /usr/share/freeradius/dictionary.vqp including dictionary file /etc/freeradius/dictionary including configuration file /etc/freeradius/radiusd.conf including configuration file /etc/freeradius/proxy.conf including configuration file /etc/freeradius/clients.conf including files in directory /etc/freeradius/mods-enabled/ including configuration file /etc/freeradius/mods-enabled/linelog including configuration file /etc/freeradius/mods-enabled/soh including configuration file /etc/freeradius/mods-enabled/passwd including configuration file /etc/freeradius/mods-enabled/replicate including configuration file /etc/freeradius/mods-enabled/dynamic_clients including configuration file /etc/freeradius/mods-enabled/mschap including configuration file /etc/freeradius/mods-enabled/expr including configuration file /etc/freeradius/mods-enabled/cache_eap including configuration file /etc/freeradius/mods-enabled/files including configuration file /etc/freeradius/mods-enabled/unpack including configuration file /etc/freeradius/mods-enabled/detail.log including configuration file /etc/freeradius/mods-enabled/utf8 including configuration file /etc/freeradius/mods-enabled/always including configuration file /etc/freeradius/mods-enabled/unix including configuration file /etc/freeradius/mods-enabled/chap including configuration file /etc/freeradius/mods-enabled/detail including configuration file /etc/freeradius/mods-enabled/ntlm_auth including configuration file /etc/freeradius/mods-enabled/attr_filter including configuration file /etc/freeradius/mods-enabled/preprocess including configuration file /etc/freeradius/mods-enabled/realm including configuration file /etc/freeradius/mods-enabled/exec including configuration file /etc/freeradius/mods-enabled/sql including configuration file /etc/freeradius/mods-config/sql/main/mysql/queries.conf including configuration file /etc/freeradius/mods-enabled/logintime including configuration file /etc/freeradius/mods-enabled/sradutmp including configuration file /etc/freeradius/mods-enabled/digest including configuration file /etc/freeradius/mods-enabled/radutmp including configuration file /etc/freeradius/mods-enabled/eap including configuration file /etc/freeradius/mods-enabled/pap including configuration file /etc/freeradius/mods-enabled/expiration including configuration file /etc/freeradius/mods-enabled/echo including files in directory /etc/freeradius/policy.d/ including configuration file /etc/freeradius/policy.d/abfab-tr including configuration file /etc/freeradius/policy.d/control including configuration file /etc/freeradius/policy.d/cui including configuration file /etc/freeradius/policy.d/dhcp including configuration file /etc/freeradius/policy.d/accounting including configuration file /etc/freeradius/policy.d/canonicalization including configuration file /etc/freeradius/policy.d/debug including configuration file /etc/freeradius/policy.d/operator-name including configuration file /etc/freeradius/policy.d/filter including configuration file /etc/freeradius/policy.d/eap including files in directory /etc/freeradius/sites-enabled/ including configuration file /etc/freeradius/sites-enabled/default including configuration file /etc/freeradius/sites-enabled/inner-tunnel including files in directory /etc/freeradius/sites-enabled/ including configuration file /etc/freeradius/sites-enabled/default including configuration file /etc/freeradius/sites-enabled/inner-tunnel main { security { user = "freerad" group = "freerad" allow_core_dumps = no } name = "freeradius" prefix = "/usr" localstatedir = "/var" logdir = "/var/log/freeradius" run_dir = "/var/run/freeradius" } main { name = "freeradius" prefix = "/usr" localstatedir = "/var" sbindir = "/usr/sbin" logdir = "/var/log/freeradius" run_dir = "/var/run/freeradius" libdir = "/usr/lib/freeradius" radacctdir = "/var/log/freeradius/radacct" hostname_lookups = no max_request_time = 30 cleanup_delay = 5 max_requests = 16384 pidfile = "/var/run/freeradius/freeradius.pid" checkrad = "/usr/sbin/checkrad" debug_level = 0 proxy_requests = yes log { stripped_names = no auth = no auth_badpass = no auth_goodpass = no colourise = yes msg_denied = "You are already logged in - access denied" } resources { } security { max_attributes = 200 reject_delay = 1.000000 status_server = yes } } radiusd: #### Loading Realms and Home Servers #### proxy server { retry_delay = 5 retry_count = 3 default_fallback = no dead_time = 120 wake_all_if_all_dead = no } home_server localhost { ipaddr = 127.0.0.1 port = 1812 type = "auth" secret = <<< secret >>> response_window = 20.000000 response_timeouts = 1 max_outstanding = 65536 zombie_period = 40 status_check = "status-server" ping_interval = 30 check_interval = 30 check_timeout = 4 num_answers_to_alive = 3 revive_interval = 120 limit { max_connections = 16 max_requests = 0 lifetime = 0 idle_timeout = 0 } coa { irt = 2 mrt = 16 mrc = 5 mrd = 30 } } home_server_pool my_auth_failover { type = fail-over home_server = localhost } realm example.com { auth_pool = my_auth_failover } realm LOCAL { } radiusd: #### Loading Clients #### client localhost { ipaddr = 127.0.0.1 require_message_authenticator = no secret = <<< secret >>> nas_type = "other" proto = "*" limit { max_connections = 16 lifetime = 0 idle_timeout = 30 } } client localhost_ipv6 { ipv6addr = ::1 require_message_authenticator = no secret = <<< secret >>> limit { max_connections = 16 lifetime = 0 idle_timeout = 30 } } Debugger not attached # Creating Auth-Type = digest radiusd: #### Instantiating modules #### # Loaded module rlm_linelog # Loading module "linelog" from file /etc/freeradius/mods-enabled/linelog linelog { filename = "/var/log/freeradius/linelog" escape_filenames = no syslog_severity = "info" permissions = 384 format = "This is a log message for %{User-Name}" reference = "messages.%{%{reply:Packet-Type}:-default}" } # Loading module "log_accounting" from file /etc/freeradius/mods-enabled/linelog linelog log_accounting { filename = "/var/log/freeradius/linelog-accounting" escape_filenames = no syslog_severity = "info" permissions = 384 format = "" reference = "Accounting-Request.%{%{Acct-Status-Type}:-unknown}" } # Loaded module rlm_soh # Loading module "soh" from file /etc/freeradius/mods-enabled/soh soh { dhcp = yes } # Loaded module rlm_passwd # Loading module "etc_passwd" from file /etc/freeradius/mods-enabled/passwd passwd etc_passwd { filename = "/etc/passwd" format = "*User-Name:Crypt-Password:" delimiter = ":" ignore_nislike = no ignore_empty = yes allow_multiple_keys = no hash_size = 100 } # Loaded module rlm_replicate # Loading module "replicate" from file /etc/freeradius/mods-enabled/replicate # Loaded module rlm_dynamic_clients # Loading module "dynamic_clients" from file /etc/freeradius/mods-enabled/dynamic_clients # Loaded module rlm_mschap # Loading module "mschap" from file /etc/freeradius/mods-enabled/mschap mschap { use_mppe = yes require_encryption = no require_strong = no with_ntdomain_hack = yes passchange { } allow_retry = yes } # Loaded module rlm_expr # Loading module "expr" from file /etc/freeradius/mods-enabled/expr expr { safe_characters = "@abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789.-_: /äéöüàâæçèéêëîïôœùûüaÿÄÉÖÜßÀÂÆÇÈÉÊËÎÏÔŒÙÛÜŸ" } # Loaded module rlm_cache # Loading module "cache_eap" from file /etc/freeradius/mods-enabled/cache_eap cache cache_eap { driver = "rlm_cache_rbtree" key = "%{%{control:State}:-%{%{reply:State}:-%{State}}}" ttl = 15 max_entries = 0 epoch = 0 add_stats = no } # Loaded module rlm_files # Loading module "files" from file /etc/freeradius/mods-enabled/files files { filename = "/etc/freeradius/mods-config/files/authorize" acctusersfile = "/etc/freeradius/mods-config/files/accounting" preproxy_usersfile = "/etc/freeradius/mods-config/files/pre-proxy" } # Loaded module rlm_unpack # Loading module "unpack" from file /etc/freeradius/mods-enabled/unpack # Loaded module rlm_detail # Loading module "auth_log" from file /etc/freeradius/mods-enabled/detail.log detail auth_log { filename = "/var/log/freeradius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d" header = "%t" permissions = 384 locking = no escape_filenames = no log_packet_header = no } # Loading module "reply_log" from file /etc/freeradius/mods-enabled/detail.log detail reply_log { filename = "/var/log/freeradius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/reply-detail-%Y%m%d" header = "%t" permissions = 384 locking = no escape_filenames = no log_packet_header = no } # Loading module "pre_proxy_log" from file /etc/freeradius/mods-enabled/detail.log detail pre_proxy_log { filename = "/var/log/freeradius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/pre-proxy-detail-%Y%m%d" header = "%t" permissions = 384 locking = no escape_filenames = no log_packet_header = no } # Loading module "post_proxy_log" from file /etc/freeradius/mods-enabled/detail.log detail post_proxy_log { filename = "/var/log/freeradius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/post-proxy-detail-%Y%m%d" header = "%t" permissions = 384 locking = no escape_filenames = no log_packet_header = no } # Loaded module rlm_utf8 # Loading module "utf8" from file /etc/freeradius/mods-enabled/utf8 # Loaded module rlm_always # Loading module "reject" from file /etc/freeradius/mods-enabled/always always reject { rcode = "reject" simulcount = 0 mpp = no } # Loading module "fail" from file /etc/freeradius/mods-enabled/always always fail { rcode = "fail" simulcount = 0 mpp = no } # Loading module "ok" from file /etc/freeradius/mods-enabled/always always ok { rcode = "ok" simulcount = 0 mpp = no } # Loading module "handled" from file /etc/freeradius/mods-enabled/always always handled { rcode = "handled" simulcount = 0 mpp = no } # Loading module "invalid" from file /etc/freeradius/mods-enabled/always always invalid { rcode = "invalid" simulcount = 0 mpp = no } # Loading module "userlock" from file /etc/freeradius/mods-enabled/always always userlock { rcode = "userlock" simulcount = 0 mpp = no } # Loading module "notfound" from file /etc/freeradius/mods-enabled/always always notfound { rcode = "notfound" simulcount = 0 mpp = no } # Loading module "noop" from file /etc/freeradius/mods-enabled/always always noop { rcode = "noop" simulcount = 0 mpp = no } # Loading module "updated" from file /etc/freeradius/mods-enabled/always always updated { rcode = "updated" simulcount = 0 mpp = no } # Loaded module rlm_unix # Loading module "unix" from file /etc/freeradius/mods-enabled/unix unix { radwtmp = "/var/log/freeradius/radwtmp" } Creating attribute Unix-Group # Loaded module rlm_chap # Loading module "chap" from file /etc/freeradius/mods-enabled/chap # Loading module "detail" from file /etc/freeradius/mods-enabled/detail detail { filename = "/var/log/freeradius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/detail-%Y%m%d" header = "%t" permissions = 384 locking = no escape_filenames = no log_packet_header = no } # Loaded module rlm_exec # Loading module "ntlm_auth" from file /etc/freeradius/mods-enabled/ntlm_auth exec ntlm_auth { wait = yes program = "/path/to/ntlm_auth --request-nt-key --domain=MYDOMAIN --username=%{mschap:User-Name} --password=%{User-Password}" shell_escape = yes } # Loaded module rlm_attr_filter # Loading module "attr_filter.post-proxy" from file /etc/freeradius/mods-enabled/attr_filter attr_filter attr_filter.post-proxy { filename = "/etc/freeradius/mods-config/attr_filter/post-proxy" key = "%{Realm}" relaxed = no } # Loading module "attr_filter.pre-proxy" from file /etc/freeradius/mods-enabled/attr_filter attr_filter attr_filter.pre-proxy { filename = "/etc/freeradius/mods-config/attr_filter/pre-proxy" key = "%{Realm}" relaxed = no } # Loading module "attr_filter.access_reject" from file /etc/freeradius/mods-enabled/attr_filter attr_filter attr_filter.access_reject { filename = "/etc/freeradius/mods-config/attr_filter/access_reject" key = "%{User-Name}" relaxed = no } # Loading module "attr_filter.access_challenge" from file /etc/freeradius/mods-enabled/attr_filter attr_filter attr_filter.access_challenge { filename = "/etc/freeradius/mods-config/attr_filter/access_challenge" key = "%{User-Name}" relaxed = no } # Loading module "attr_filter.accounting_response" from file /etc/freeradius/mods-enabled/attr_filter attr_filter attr_filter.accounting_response { filename = "/etc/freeradius/mods-config/attr_filter/accounting_response" key = "%{User-Name}" relaxed = no } # Loaded module rlm_preprocess # Loading module "preprocess" from file /etc/freeradius/mods-enabled/preprocess preprocess { huntgroups = "/etc/freeradius/mods-config/preprocess/huntgroups" hints = "/etc/freeradius/mods-config/preprocess/hints" with_ascend_hack = no ascend_channels_per_line = 23 with_ntdomain_hack = no with_specialix_jetstream_hack = no with_cisco_vsa_hack = no with_alvarion_vsa_hack = no } # Loaded module rlm_realm # Loading module "IPASS" from file /etc/freeradius/mods-enabled/realm realm IPASS { format = "prefix" delimiter = "/" ignore_default = no ignore_null = no } # Loading module "suffix" from file /etc/freeradius/mods-enabled/realm realm suffix { format = "suffix" delimiter = "@" ignore_default = no ignore_null = no } # Loading module "realmpercent" from file /etc/freeradius/mods-enabled/realm realm realmpercent { format = "suffix" delimiter = "%" ignore_default = no ignore_null = no } # Loading module "ntdomain" from file /etc/freeradius/mods-enabled/realm realm ntdomain { format = "prefix" delimiter = "\\" ignore_default = no ignore_null = no } # Loading module "exec" from file /etc/freeradius/mods-enabled/exec exec { wait = no input_pairs = "request" shell_escape = yes timeout = 10 } # Loaded module rlm_sql # Loading module "sql" from file /etc/freeradius/mods-enabled/sql sql { driver = "rlm_sql_mysql" server = "localhost" port = 3306 login = "freeradius" password = <<< secret >>> radius_db = "radius" read_groups = yes read_profiles = yes read_clients = yes delete_stale_sessions = yes sql_user_name = "%{User-Name}" default_user_profile = "" client_query = "SELECT id, nasname, shortname, type, secret, server FROM nas" authorize_check_query = "SELECT id, username, attribute, value, op FROM radcheck WHERE username = '%{SQL-User-Name}' ORDER BY id" authorize_reply_query = "SELECT id, username, attribute, value, op FROM radreply WHERE username = '%{SQL-User-Name}' ORDER BY id" authorize_group_check_query = "SELECT id, groupname, attribute, Value, op FROM radgroupcheck WHERE groupname = '%{SQL-Group}' ORDER BY id" authorize_group_reply_query = "SELECT id, groupname, attribute, value, op FROM radgroupreply WHERE groupname = '%{SQL-Group}' ORDER BY id" group_membership_query = "SELECT groupname FROM radusergroup WHERE username = '%{SQL-User-Name}' ORDER BY priority" simul_verify_query = "SELECT radacctid, acctsessionid, username, nasipaddress, nasportid, framedipaddress, callingstationid, framedprotocol FROM radacct WHERE username = '%{SQL-User-Name}' AND acctstoptime IS NULL" safe_characters = "@abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789.-_: /" accounting { reference = "%{tolower:type.%{Acct-Status-Type}.query}" type { accounting-on { query = "UPDATE radacct SET acctstoptime = FROM_UNIXTIME(%{integer:Event-Timestamp}), acctsessiontime = '%{integer:Event-Timestamp}' - UNIX_TIMESTAMP(acctstarttime), acctterminatecause = '%{%{Acct-Terminate-Cause}:-NAS-Reboot}' WHERE acctstoptime IS NULL AND nasipaddress = '%{NAS-IP-Address}' AND acctstarttime <= FROM_UNIXTIME(%{integer:Event-Timestamp})" } accounting-off { query = "UPDATE radacct SET acctstoptime = FROM_UNIXTIME(%{integer:Event-Timestamp}), acctsessiontime = '%{integer:Event-Timestamp}' - UNIX_TIMESTAMP(acctstarttime), acctterminatecause = '%{%{Acct-Terminate-Cause}:-NAS-Reboot}' WHERE acctstoptime IS NULL AND nasipaddress = '%{NAS-IP-Address}' AND acctstarttime <= FROM_UNIXTIME(%{integer:Event-Timestamp})" } start { query = "INSERT INTO radacct (acctsessionid, acctuniqueid, username, realm, nasipaddress, nasportid, nasporttype, acctstarttime, acctupdatetime, acctstoptime, acctsessiontime, acctauthentic, connectinfo_start, connectinfo_stop, acctinputoctets, acctoutputoctets, calledstationid, callingstationid, acctterminatecause, servicetype, framedprotocol, framedipaddress) VALUES ('%{Acct-Session-Id}', '%{Acct-Unique-Session-Id}', '%{SQL-User-Name}', '%{Realm}', '%{NAS-IP-Address}', '%{%{NAS-Port-ID}:-%{NAS-Port}}', '%{NAS-Port-Type}', FROM_UNIXTIME(%{integer:Event-Timestamp}), FROM_UNIXTIME(%{integer:Event-Timestamp}), NULL, '0', '%{Acct-Authentic}', '%{Connect-Info}', '', '0', '0', '%{Called-Station-Id}', '%{Calling-Station-Id}', '', '%{Service-Type}', '%{Framed-Protocol}', '%{Framed-IP-Address}')" } interim-update { query = "UPDATE radacct SET acctupdatetime = (@acctupdatetime_old:=acctupdatetime), acctupdatetime = FROM_UNIXTIME(%{integer:Event-Timestamp}), acctinterval = %{integer:Event-Timestamp} - UNIX_TIMESTAMP(@acctupdatetime_old), framedipaddress = '%{Framed-IP-Address}', acctsessiontime = %{%{Acct-Session-Time}:-NULL}, acctinputoctets = '%{%{Acct-Input-Gigawords}:-0}' << 32 | '%{%{Acct-Input-Octets}:-0}', acctoutputoctets = '%{%{Acct-Output-Gigawords}:-0}' << 32 | '%{%{Acct-Output-Octets}:-0}' WHERE AcctUniqueId = '%{Acct-Unique-Session-Id}'" } stop { query = "UPDATE radacct SET acctstoptime = FROM_UNIXTIME(%{integer:Event-Timestamp}), acctsessiontime = %{%{Acct-Session-Time}:-NULL}, acctinputoctets = '%{%{Acct-Input-Gigawords}:-0}' << 32 | '%{%{Acct-Input-Octets}:-0}', acctoutputoctets = '%{%{Acct-Output-Gigawords}:-0}' << 32 | '%{%{Acct-Output-Octets}:-0}', acctterminatecause = '%{Acct-Terminate-Cause}', connectinfo_stop = '%{Connect-Info}' WHERE AcctUniqueId = '%{Acct-Unique-Session-Id}'" } } } post-auth { reference = ".query" query = "INSERT INTO radpostauth (username, pass, reply, authdate) VALUES ( '%{SQL-User-Name}', '%{%{User-Password}:-%{Chap-Password}}', '%{reply:Packet-Type}', '%S')" } } rlm_sql (sql): Driver rlm_sql_mysql (module rlm_sql_mysql) loaded and linked Creating attribute SQL-Group # Loaded module rlm_logintime # Loading module "logintime" from file /etc/freeradius/mods-enabled/logintime logintime { minimum_timeout = 60 } # Loaded module rlm_radutmp # Loading module "sradutmp" from file /etc/freeradius/mods-enabled/sradutmp radutmp sradutmp { filename = "/var/log/freeradius/sradutmp" username = "%{User-Name}" case_sensitive = yes check_with_nas = yes permissions = 420 caller_id = no } # Loaded module rlm_digest # Loading module "digest" from file /etc/freeradius/mods-enabled/digest # Loading module "radutmp" from file /etc/freeradius/mods-enabled/radutmp radutmp { filename = "/var/log/freeradius/radutmp" username = "%{User-Name}" case_sensitive = yes check_with_nas = yes permissions = 384 caller_id = yes } # Loaded module rlm_eap # Loading module "eap" from file /etc/freeradius/mods-enabled/eap eap { default_eap_type = "md5" timer_expire = 60 ignore_unknown_eap_types = no cisco_accounting_username_bug = no max_sessions = 16384 } # Loaded module rlm_pap # Loading module "pap" from file /etc/freeradius/mods-enabled/pap pap { normalise = yes } # Loaded module rlm_expiration # Loading module "expiration" from file /etc/freeradius/mods-enabled/expiration # Loading module "echo" from file /etc/freeradius/mods-enabled/echo exec echo { wait = yes program = "/bin/echo %{User-Name}" input_pairs = "request" output_pairs = "reply" shell_escape = yes } instantiate { } modules { # Instantiating module "linelog" from file /etc/freeradius/mods-enabled/linelog # Instantiating module "log_accounting" from file /etc/freeradius/mods-enabled/linelog # Instantiating module "etc_passwd" from file /etc/freeradius/mods-enabled/passwd rlm_passwd: nfields: 3 keyfield 0(User-Name) listable: no # Instantiating module "mschap" from file /etc/freeradius/mods-enabled/mschap rlm_mschap (mschap): using internal authentication # Instantiating module "cache_eap" from file /etc/freeradius/mods-enabled/cache_eap rlm_cache (cache_eap): Driver rlm_cache_rbtree (module rlm_cache_rbtree) loaded and linked # Instantiating module "files" from file /etc/freeradius/mods-enabled/files reading pairlist file /etc/freeradius/mods-config/files/authorize reading pairlist file /etc/freeradius/mods-config/files/accounting reading pairlist file /etc/freeradius/mods-config/files/pre-proxy # Instantiating module "auth_log" from file /etc/freeradius/mods-enabled/detail.log rlm_detail (auth_log): 'User-Password' suppressed, will not appear in detail output # Instantiating module "reply_log" from file /etc/freeradius/mods-enabled/detail.log # Instantiating module "pre_proxy_log" from file /etc/freeradius/mods-enabled/detail.log # Instantiating module "post_proxy_log" from file /etc/freeradius/mods-enabled/detail.log # Instantiating module "reject" from file /etc/freeradius/mods-enabled/always # Instantiating module "fail" from file /etc/freeradius/mods-enabled/always # Instantiating module "ok" from file /etc/freeradius/mods-enabled/always # Instantiating module "handled" from file /etc/freeradius/mods-enabled/always # Instantiating module "invalid" from file /etc/freeradius/mods-enabled/always # Instantiating module "userlock" from file /etc/freeradius/mods-enabled/always # Instantiating module "notfound" from file /etc/freeradius/mods-enabled/always # Instantiating module "noop" from file /etc/freeradius/mods-enabled/always # Instantiating module "updated" from file /etc/freeradius/mods-enabled/always # Instantiating module "detail" from file /etc/freeradius/mods-enabled/detail # Instantiating module "attr_filter.post-proxy" from file /etc/freeradius/mods-enabled/attr_filter reading pairlist file /etc/freeradius/mods-config/attr_filter/post-proxy # Instantiating module "attr_filter.pre-proxy" from file /etc/freeradius/mods-enabled/attr_filter reading pairlist file /etc/freeradius/mods-config/attr_filter/pre-proxy # Instantiating module "attr_filter.access_reject" from file /etc/freeradius/mods-enabled/attr_filter reading pairlist file /etc/freeradius/mods-config/attr_filter/access_reject [/etc/freeradius/mods-config/attr_filter/access_reject]:11 Check item "FreeRADIUS-Response-Delay" found in filter list for realm "DEFAULT". [/etc/freeradius/mods-config/attr_filter/access_reject]:11 Check item "FreeRADIUS-Response-Delay-USec" found in filter list for realm "DEFAULT". # Instantiating module "attr_filter.access_challenge" from file /etc/freeradius/mods-enabled/attr_filter reading pairlist file /etc/freeradius/mods-config/attr_filter/access_challenge # Instantiating module "attr_filter.accounting_response" from file /etc/freeradius/mods-enabled/attr_filter reading pairlist file /etc/freeradius/mods-config/attr_filter/accounting_response # Instantiating module "preprocess" from file /etc/freeradius/mods-enabled/preprocess reading pairlist file /etc/freeradius/mods-config/preprocess/huntgroups reading pairlist file /etc/freeradius/mods-config/preprocess/hints # Instantiating module "IPASS" from file /etc/freeradius/mods-enabled/realm # Instantiating module "suffix" from file /etc/freeradius/mods-enabled/realm # Instantiating module "realmpercent" from file /etc/freeradius/mods-enabled/realm # Instantiating module "ntdomain" from file /etc/freeradius/mods-enabled/realm # Instantiating module "sql" from file /etc/freeradius/mods-enabled/sql rlm_sql_mysql: libmysql version: 5.5.47 mysql { tls { } warnings = "auto" } rlm_sql (sql): Attempting to connect to database "radius" rlm_sql (sql): Initialising connection pool pool { start = 5 min = 3 max = 32 spare = 10 uses = 0 lifetime = 0 cleanup_interval = 30 idle_timeout = 60 retry_delay = 30 spread = no } rlm_sql (sql): Opening additional connection (0), 1 of 32 pending slots used rlm_sql_mysql: Starting connect to MySQL server rlm_sql_mysql: Connected to database 'radius' on Localhost via UNIX socket, server version 5.5.47-0ubuntu0.14.04.1, protocol version 10 rlm_sql (sql): Opening additional connection (1), 1 of 31 pending slots used rlm_sql_mysql: Starting connect to MySQL server rlm_sql_mysql: Connected to database 'radius' on Localhost via UNIX socket, server version 5.5.47-0ubuntu0.14.04.1, protocol version 10 rlm_sql (sql): Opening additional connection (2), 1 of 30 pending slots used rlm_sql_mysql: Starting connect to MySQL server rlm_sql_mysql: Connected to database 'radius' on Localhost via UNIX socket, server version 5.5.47-0ubuntu0.14.04.1, protocol version 10 rlm_sql (sql): Opening additional connection (3), 1 of 29 pending slots used rlm_sql_mysql: Starting connect to MySQL server rlm_sql_mysql: Connected to database 'radius' on Localhost via UNIX socket, server version 5.5.47-0ubuntu0.14.04.1, protocol version 10 rlm_sql (sql): Opening additional connection (4), 1 of 28 pending slots used rlm_sql_mysql: Starting connect to MySQL server rlm_sql_mysql: Connected to database 'radius' on Localhost via UNIX socket, server version 5.5.47-0ubuntu0.14.04.1, protocol version 10 rlm_sql (sql): Processing generate_sql_clients rlm_sql (sql) in generate_sql_clients: query is SELECT id, nasname, shortname, type, secret, server FROM nas rlm_sql (sql): Reserved connection (0) rlm_sql (sql): Executing select query: SELECT id, nasname, shortname, type, secret, server FROM nas rlm_sql (sql): Adding client 192.168.6.0/24 () to global clients list rlm_sql (192.168.6.0): Client "" (sql) added rlm_sql (sql): Released connection (0) rlm_sql (sql): Need 5 more connections to reach 10 spares rlm_sql (sql): Opening additional connection (5), 1 of 27 pending slots used rlm_sql_mysql: Starting connect to MySQL server rlm_sql_mysql: Connected to database 'radius' on Localhost via UNIX socket, server version 5.5.47-0ubuntu0.14.04.1, protocol version 10 # Instantiating module "logintime" from file /etc/freeradius/mods-enabled/logintime # Instantiating module "eap" from file /etc/freeradius/mods-enabled/eap # Linked to sub-module rlm_eap_md5 # Linked to sub-module rlm_eap_leap # Linked to sub-module rlm_eap_gtc gtc { challenge = "Password: " auth_type = "PAP" } # Linked to sub-module rlm_eap_tls tls { tls = "tls-common" } tls-config tls-common { rsa_key_exchange = no dh_key_exchange = yes rsa_key_length = 512 dh_key_length = 512 verify_depth = 0 ca_path = "/etc/freeradius/certs" pem_file_type = yes private_key_file = "/etc/freeradius/certs/server.pem" certificate_file = "/etc/freeradius/certs/server.pem" ca_file = "/etc/freeradius/certs/ca.pem" private_key_password = <<< secret >>> dh_file = "/etc/freeradius/certs/dh" fragment_size = 1024 include_length = yes check_crl = no check_all_crl = no cipher_list = "DEFAULT" ecdh_curve = "prime256v1" cache { enable = yes lifetime = 24 max_entries = 255 } verify { } ocsp { enable = no override_cert_url = yes url = "http://127.0.0.1/ocsp/" use_nonce = yes timeout = 0 softfail = no } } # Linked to sub-module rlm_eap_ttls ttls { tls = "tls-common" default_eap_type = "md5" copy_request_to_tunnel = yes use_tunneled_reply = yes virtual_server = "inner-tunnel" include_length = yes require_client_cert = no } tls: Using cached TLS configuration from previous invocation # Linked to sub-module rlm_eap_peap peap { tls = "tls-common" default_eap_type = "mschapv2" copy_request_to_tunnel = yes use_tunneled_reply = yes proxy_tunneled_request_as_eap = yes virtual_server = "inner-tunnel" soh = no require_client_cert = no } tls: Using cached TLS configuration from previous invocation # Linked to sub-module rlm_eap_mschapv2 mschapv2 { with_ntdomain_hack = no send_error = no } # Instantiating module "pap" from file /etc/freeradius/mods-enabled/pap # Instantiating module "expiration" from file /etc/freeradius/mods-enabled/expiration } # modules radiusd: #### Loading Virtual Servers #### server { # from file /etc/freeradius/radiusd.conf } # server server default { # from file /etc/freeradius/sites-enabled/default # Loading authenticate {...} # Loading authorize {...} Ignoring "ldap" (see raddb/mods-available/README.rst) # Loading preacct {...} # Loading accounting {...} # Loading session {...} # Loading post-proxy {...} # Loading post-auth {...} } # server default server inner-tunnel { # from file /etc/freeradius/sites-enabled/inner-tunnel # Loading authenticate {...} # Loading authorize {...} # Loading session {...} # Loading post-proxy {...} # Loading post-auth {...} } # server inner-tunnel radiusd: #### Opening IP addresses and Ports #### listen { type = "auth" ipaddr = * port = 0 limit { max_connections = 16 lifetime = 0 idle_timeout = 30 } } listen { type = "acct" ipaddr = * port = 0 limit { max_connections = 16 lifetime = 0 idle_timeout = 30 } } listen { type = "auth" ipv6addr = :: port = 0 limit { max_connections = 16 lifetime = 0 idle_timeout = 30 } } listen { type = "acct" ipv6addr = :: port = 0 limit { max_connections = 16 lifetime = 0 idle_timeout = 30 } } listen { type = "auth" ipaddr = 127.0.0.1 port = 18120 } Listening on auth address * port 1812 bound to server default Listening on acct address * port 1813 bound to server default Listening on auth address :: port 1812 bound to server default Listening on acct address :: port 1813 bound to server default Listening on auth address 127.0.0.1 port 18120 bound to server inner-tunnel Listening on proxy address * port 56852 Listening on proxy address :: port 46949 Ready to process requests (0) Received Access-Request Id 142 from 192.168.6.211:1812 to 192.168.1.65:1812 length 116 (0) User-Name = "test" (0) NAS-IP-Address = 211.6.168.192 (0) NAS-Identifier = "SWITCH01-TEST" (0) NAS-Port-Type = Virtual (0) Service-Type = NAS-Prompt-User (0) EAP-Message = 0x020000090174657374 (0) Message-Authenticator = 0x09f47e5889a574e544d309f02eed6bff (0) MS-RAS-Vendor = 184549376 (0) Calling-Station-Id = "192.168.14.114" (0) # Executing section authorize from file /etc/freeradius/sites-enabled/default (0) authorize { (0) [preprocess] = ok (0) [chap] = noop (0) [mschap] = noop (0) [digest] = noop (0) suffix: Checking for suffix after "@" (0) suffix: No '@' in User-Name = "test", looking up realm NULL (0) suffix: No such realm "NULL" (0) [suffix] = noop (0) eap: Peer sent EAP Response (code 2) ID 0 length 9 (0) eap: EAP-Identity reply, returning 'ok' so we can short-circuit the rest of authorize (0) [eap] = ok (0) } # authorize = ok (0) Found Auth-Type = EAP (0) # Executing group from file /etc/freeradius/sites-enabled/default (0) authenticate { (0) eap: Peer sent packet with method EAP Identity (1) (0) eap: Calling submodule eap_md5 to process data (0) eap_md5: Issuing MD5 Challenge (0) eap: Sending EAP Request (code 1) ID 1 length 22 (0) eap: EAP session adding &reply:State = 0x31e4713d31e575d0 (0) [eap] = handled (0) } # authenticate = handled (0) Using Post-Auth-Type Challenge (0) Post-Auth-Type sub-section not found. Ignoring. (0) # Executing group from file /etc/freeradius/sites-enabled/default (0) Sent Access-Challenge Id 142 from 192.168.1.65:1812 to 192.168.6.211:1812 length 0 (0) EAP-Message = 0x010100160410442da879a91521d167a75b32a8ae997b (0) Message-Authenticator = 0x00000000000000000000000000000000 (0) State = 0x31e4713d31e575d0836ef9e13d15da70 (0) Finished request Waking up in 4.9 seconds. (1) Received Access-Request Id 143 from 192.168.6.211:1812 to 192.168.1.65:1812 length 131 (1) User-Name = "test" (1) NAS-IP-Address = 211.6.168.192 (1) NAS-Identifier = "SWITCH01-TEST" (1) NAS-Port-Type = Virtual (1) Service-Type = NAS-Prompt-User (1) State = 0x31e4713d31e575d0836ef9e13d15da70 (1) EAP-Message = 0x020100060319 (1) Message-Authenticator = 0xd43a7a8945f15d4dfefaa4daf3ea101b (1) MS-RAS-Vendor = 184549376 (1) Calling-Station-Id = "192.168.14.114" (1) session-state: No cached attributes (1) # Executing section authorize from file /etc/freeradius/sites-enabled/default (1) authorize { (1) [preprocess] = ok (1) [chap] = noop (1) [mschap] = noop (1) [digest] = noop (1) suffix: Checking for suffix after "@" (1) suffix: No '@' in User-Name = "test", looking up realm NULL (1) suffix: No such realm "NULL" (1) [suffix] = noop (1) eap: Peer sent EAP Response (code 2) ID 1 length 6 (1) eap: No EAP Start, assuming it's an on-going EAP conversation (1) [eap] = updated (1) sql: EXPAND %{User-Name} (1) sql: --> test (1) sql: SQL-User-Name set to 'test' rlm_sql (sql): Reserved connection (1) (1) sql: EXPAND SELECT id, username, attribute, value, op FROM radcheck WHERE username = '%{SQL-User-Name}' ORDER BY id (1) sql: --> SELECT id, username, attribute, value, op FROM radcheck WHERE username = 'test' ORDER BY id (1) sql: Executing select query: SELECT id, username, attribute, value, op FROM radcheck WHERE username = 'test' ORDER BY id (1) sql: User found in radcheck table (1) sql: Conditional check items matched, merging assignment check items (1) sql: Cleartext-Password := "test" (1) sql: EXPAND SELECT id, username, attribute, value, op FROM radreply WHERE username = '%{SQL-User-Name}' ORDER BY id (1) sql: --> SELECT id, username, attribute, value, op FROM radreply WHERE username = 'test' ORDER BY id (1) sql: Executing select query: SELECT id, username, attribute, value, op FROM radreply WHERE username = 'test' ORDER BY id (1) sql: EXPAND SELECT groupname FROM radusergroup WHERE username = '%{SQL-User-Name}' ORDER BY priority (1) sql: --> SELECT groupname FROM radusergroup WHERE username = 'test' ORDER BY priority (1) sql: Executing select query: SELECT groupname FROM radusergroup WHERE username = 'test' ORDER BY priority (1) sql: User found in the group table (1) sql: EXPAND SELECT id, groupname, attribute, Value, op FROM radgroupcheck WHERE groupname = '%{SQL-Group}' ORDER BY id (1) sql: --> SELECT id, groupname, attribute, Value, op FROM radgroupcheck WHERE groupname = 'HP-Procurve-Switch' ORDER BY id (1) sql: Executing select query: SELECT id, groupname, attribute, Value, op FROM radgroupcheck WHERE groupname = 'HP-Procurve-Switch' ORDER BY id (1) sql: Group "HP-Procurve-Switch": Conditional check items matched (1) sql: Group "HP-Procurve-Switch": Merging assignment check items (1) sql: EXPAND SELECT id, groupname, attribute, value, op FROM radgroupreply WHERE groupname = '%{SQL-Group}' ORDER BY id (1) sql: --> SELECT id, groupname, attribute, value, op FROM radgroupreply WHERE groupname = 'HP-Procurve-Switch' ORDER BY id (1) sql: Executing select query: SELECT id, groupname, attribute, value, op FROM radgroupreply WHERE groupname = 'HP-Procurve-Switch' ORDER BY id (1) sql: Group "HP-Procurve-Switch": Merging reply items (1) sql: Service-Type = Administrative-User rlm_sql (sql): Released connection (1) rlm_sql (sql): Need 4 more connections to reach 10 spares rlm_sql (sql): Opening additional connection (6), 1 of 26 pending slots used rlm_sql_mysql: Starting connect to MySQL server rlm_sql_mysql: Connected to database 'radius' on Localhost via UNIX socket, server version 5.5.47-0ubuntu0.14.04.1, protocol version 10 (1) [sql] = ok (1) [expiration] = noop (1) [logintime] = noop (1) pap: WARNING: Auth-Type already set. Not setting to PAP (1) [pap] = noop (1) } # authorize = updated (1) Found Auth-Type = EAP (1) # Executing group from file /etc/freeradius/sites-enabled/default (1) authenticate { (1) eap: Expiring EAP session with state 0x31e4713d31e575d0 (1) eap: Finished EAP session with state 0x31e4713d31e575d0 (1) eap: Previous EAP request found for state 0x31e4713d31e575d0, released from the list (1) eap: Peer sent packet with method EAP NAK (3) (1) eap: Found mutually acceptable type PEAP (25) (1) eap: Calling submodule eap_peap to process data (1) eap_peap: Initiating new EAP-TLS session (1) eap_peap: Flushing SSL sessions (of #0) (1) eap_peap: [eaptls start] = request (1) eap: Sending EAP Request (code 1) ID 2 length 6 (1) eap: EAP session adding &reply:State = 0x31e4713d30e668d0 (1) [eap] = handled (1) } # authenticate = handled (1) Using Post-Auth-Type Challenge (1) Post-Auth-Type sub-section not found. Ignoring. (1) # Executing group from file /etc/freeradius/sites-enabled/default (1) Sent Access-Challenge Id 143 from 192.168.1.65:1812 to 192.168.6.211:1812 length 0 (1) Service-Type = Administrative-User (1) EAP-Message = 0x010200061920 (1) Message-Authenticator = 0x00000000000000000000000000000000 (1) State = 0x31e4713d30e668d0836ef9e13d15da70 (1) Finished request Waking up in 4.9 seconds. (2) Received Access-Request Id 144 from 192.168.6.211:1812 to 192.168.1.65:1812 length 211 (2) User-Name = "test" (2) NAS-IP-Address = 211.6.168.192 (2) NAS-Identifier = "SWITCH01-TEST" (2) NAS-Port-Type = Virtual (2) Service-Type = NAS-Prompt-User (2) State = 0x31e4713d30e668d0836ef9e13d15da70 (2) EAP-Message = 0x020200561900160303004b010000470303c907bbfc931191c1e88124ddbcbe13daf5daf78c3eb0fb436eaff58e8a14840200000c003d0035003c002f000a000901000012000d000e000c060105010401030102010101 (2) Message-Authenticator = 0xc2da5b51756ce4aa524befbb38c2c31e (2) MS-RAS-Vendor = 184549376 (2) Calling-Station-Id = "192.168.14.114" (2) session-state: No cached attributes (2) # Executing section authorize from file /etc/freeradius/sites-enabled/default (2) authorize { (2) [preprocess] = ok (2) [chap] = noop (2) [mschap] = noop (2) [digest] = noop (2) suffix: Checking for suffix after "@" (2) suffix: No '@' in User-Name = "test", looking up realm NULL (2) suffix: No such realm "NULL" (2) [suffix] = noop (2) eap: Peer sent EAP Response (code 2) ID 2 length 86 (2) eap: Continuing tunnel setup (2) [eap] = ok (2) } # authorize = ok (2) Found Auth-Type = EAP (2) # Executing group from file /etc/freeradius/sites-enabled/default (2) authenticate { (2) eap: Expiring EAP session with state 0x31e4713d30e668d0 (2) eap: Finished EAP session with state 0x31e4713d30e668d0 (2) eap: Previous EAP request found for state 0x31e4713d30e668d0, released from the list (2) eap: Peer sent packet with method EAP PEAP (25) (2) eap: Calling submodule eap_peap to process data (2) eap_peap: Continuing EAP-TLS (2) eap_peap: [eaptls verify] = ok (2) eap_peap: Done initial handshake (2) eap_peap: (other): before/accept initialization (2) eap_peap: TLS_accept: before/accept initialization (2) eap_peap: <<< TLS 1.2 [length 004b] (2) eap_peap: TLS_accept: SSLv3 read client hello A (2) eap_peap: >>> TLS 1.2 [length 004a] (2) eap_peap: TLS_accept: SSLv3 write server hello A (2) eap_peap: >>> TLS 1.2 [length 08d3] (2) eap_peap: TLS_accept: SSLv3 write certificate A (2) eap_peap: >>> TLS 1.2 [length 0004] (2) eap_peap: TLS_accept: SSLv3 write server done A (2) eap_peap: TLS_accept: SSLv3 flush data (2) eap_peap: TLS_accept: Need to read more data: SSLv3 read client certificate A (2) eap_peap: TLS_accept: Need to read more data: SSLv3 read client certificate A (2) eap_peap: In SSL Handshake Phase (2) eap_peap: In SSL Accept mode (2) eap_peap: [eaptls process] = handled (2) eap: Sending EAP Request (code 1) ID 3 length 1004 (2) eap: EAP session adding &reply:State = 0x31e4713d33e768d0 (2) [eap] = handled (2) } # authenticate = handled (2) Using Post-Auth-Type Challenge (2) Post-Auth-Type sub-section not found. Ignoring. (2) # Executing group from file /etc/freeradius/sites-enabled/default (2) Sent Access-Challenge Id 144 from 192.168.1.65:1812 to 192.168.6.211:1812 length 0 (2) EAP-Message = 0x010303ec19c000000930160303004a02000046030362d97aa9683acb4e88915a0e8a5b889b6ec63c7b9d85160751a0b44f28fe4be9205d72e6659d8158c5d4a812ecaeb24de005e80e5adc270317143757eac9ed13fa003d0016030308d30b0008cf0008cc0003de308203da308202c2a0030201020201 (2) Message-Authenticator = 0x00000000000000000000000000000000 (2) State = 0x31e4713d33e768d0836ef9e13d15da70 (2) Finished request Waking up in 4.9 seconds. (3) Received Access-Request Id 145 from 192.168.6.211:1812 to 192.168.1.65:1812 length 131 (3) User-Name = "test" (3) NAS-IP-Address = 211.6.168.192 (3) NAS-Identifier = "SWITCH01-TEST" (3) NAS-Port-Type = Virtual (3) Service-Type = NAS-Prompt-User (3) State = 0x31e4713d33e768d0836ef9e13d15da70 (3) EAP-Message = 0x020300061900 (3) Message-Authenticator = 0x8d1aa8d0d26ccf1b7ed160dabdff7493 (3) MS-RAS-Vendor = 184549376 (3) Calling-Station-Id = "192.168.14.114" (3) session-state: No cached attributes (3) # Executing section authorize from file /etc/freeradius/sites-enabled/default (3) authorize { (3) [preprocess] = ok (3) [chap] = noop (3) [mschap] = noop (3) [digest] = noop (3) suffix: Checking for suffix after "@" (3) suffix: No '@' in User-Name = "test", looking up realm NULL (3) suffix: No such realm "NULL" (3) [suffix] = noop (3) eap: Peer sent EAP Response (code 2) ID 3 length 6 (3) eap: Continuing tunnel setup (3) [eap] = ok (3) } # authorize = ok (3) Found Auth-Type = EAP (3) # Executing group from file /etc/freeradius/sites-enabled/default (3) authenticate { (3) eap: Expiring EAP session with state 0x31e4713d33e768d0 (3) eap: Finished EAP session with state 0x31e4713d33e768d0 (3) eap: Previous EAP request found for state 0x31e4713d33e768d0, released from the list (3) eap: Peer sent packet with method EAP PEAP (25) (3) eap: Calling submodule eap_peap to process data (3) eap_peap: Continuing EAP-TLS (3) eap_peap: Peer ACKed our handshake fragment (3) eap_peap: [eaptls verify] = request (3) eap_peap: [eaptls process] = handled (3) eap: Sending EAP Request (code 1) ID 4 length 1000 (3) eap: EAP session adding &reply:State = 0x31e4713d32e068d0 (3) [eap] = handled (3) } # authenticate = handled (3) Using Post-Auth-Type Challenge (3) Post-Auth-Type sub-section not found. Ignoring. (3) # Executing group from file /etc/freeradius/sites-enabled/default (3) Sent Access-Challenge Id 145 from 192.168.1.65:1812 to 192.168.6.211:1812 length 0 (3) EAP-Message = 0x010403e8194037f46e0cd6a1c7903aa76984aa8740c82df8d7e54ac0028e4acb7016fb031b9e8d801916efbc80b0502432c9edfe776560ac6860c8c92f7dcc0602db1761dd3cdeedc764a04c9323ec69c92a4cae841cb61bfcde2132df31e7d70004e8308204e4308203cca0030201020209008811b646 (3) Message-Authenticator = 0x00000000000000000000000000000000 (3) State = 0x31e4713d32e068d0836ef9e13d15da70 (3) Finished request Waking up in 4.9 seconds. (4) Received Access-Request Id 146 from 192.168.6.211:1812 to 192.168.1.65:1812 length 131 (4) User-Name = "test" (4) NAS-IP-Address = 211.6.168.192 (4) NAS-Identifier = "SWITCH01-TEST" (4) NAS-Port-Type = Virtual (4) Service-Type = NAS-Prompt-User (4) State = 0x31e4713d32e068d0836ef9e13d15da70 (4) EAP-Message = 0x020400061900 (4) Message-Authenticator = 0x9b8e294c82889f4715b6d019d6e14f18 (4) MS-RAS-Vendor = 184549376 (4) Calling-Station-Id = "192.168.14.114" (4) session-state: No cached attributes (4) # Executing section authorize from file /etc/freeradius/sites-enabled/default (4) authorize { (4) [preprocess] = ok (4) [chap] = noop (4) [mschap] = noop (4) [digest] = noop (4) suffix: Checking for suffix after "@" (4) suffix: No '@' in User-Name = "test", looking up realm NULL (4) suffix: No such realm "NULL" (4) [suffix] = noop (4) eap: Peer sent EAP Response (code 2) ID 4 length 6 (4) eap: Continuing tunnel setup (4) [eap] = ok (4) } # authorize = ok (4) Found Auth-Type = EAP (4) # Executing group from file /etc/freeradius/sites-enabled/default (4) authenticate { (4) eap: Expiring EAP session with state 0x31e4713d32e068d0 (4) eap: Finished EAP session with state 0x31e4713d32e068d0 (4) eap: Previous EAP request found for state 0x31e4713d32e068d0, released from the list (4) eap: Peer sent packet with method EAP PEAP (25) (4) eap: Calling submodule eap_peap to process data (4) eap_peap: Continuing EAP-TLS (4) eap_peap: Peer ACKed our handshake fragment (4) eap_peap: [eaptls verify] = request (4) eap_peap: [eaptls process] = handled (4) eap: Sending EAP Request (code 1) ID 5 length 370 (4) eap: EAP session adding &reply:State = 0x31e4713d35e168d0 (4) [eap] = handled (4) } # authenticate = handled (4) Using Post-Auth-Type Challenge (4) Post-Auth-Type sub-section not found. Ignoring. (4) # Executing group from file /etc/freeradius/sites-enabled/default (4) Sent Access-Challenge Id 146 from 192.168.1.65:1812 to 192.168.6.211:1812 length 0 (4) EAP-Message = 0x010501721900b646e6d0eb27300f0603551d130101ff040530030101ff30360603551d1f042f302d302ba029a0278625687474703a2f2f7777772e6578616d706c652e6f72672f6578616d706c655f63612e63726c300d06092a864886f70d01010b050003820101004e489dea74691aee9abfa8bd8500 (4) Message-Authenticator = 0x00000000000000000000000000000000 (4) State = 0x31e4713d35e168d0836ef9e13d15da70 (4) Finished request Waking up in 4.9 seconds. I dont know what i can do to get it running... My switch is an hp 2530-8g I configure the following: radius-server host <NPS ServerIP> key <SecretKey> no telnet-server no web-management aaa authentication login privilege-mode aaa authentication console login peap-mschapv2 local aaa authentication console enable peap-mschapv2 local aaa authentication ssh login peap-mschapv2 local aaa authentication ssh enable peap-mschapv2 local best regards jonas -----Ursprüngliche Nachricht----- Von: Freeradius-Users [mailto:freeradius-users-bounces+jonas.kiefer=classen.de@lists.freeradius.org] Im Auftrag von Fajar A. Nugraha Gesendet: Montag, 29. Februar 2016 09:21 An: FreeRadius users mailing list <freeradius-users@lists.freeradius.org> Betreff: Re: freeradius 3 + mysql configure Try with "freeradius -X" (should be easier to read) and the link from FR wiki. At least you know that basic mschap works, so it's probably some config items specific to your switch that needs tweaking. -- Fajar On Mon, Feb 29, 2016 at 3:09 PM, Kiefer, Jonas <jonas.kiefer@classen.de> wrote:
Hi,
i test it with radtest an all -t options. Everytime i get a access-accept reply.
Now what is the problem with my switch? With the old server (freeradius 2.x) it works
Best regards
jonas
-----Ursprüngliche Nachricht----- Von: Freeradius-Users [mailto:freeradius-users-bounces+jonas.kiefer=classen.de@lists.freerad ius.org] Im Auftrag von Fajar A. Nugraha Gesendet: Freitag, 26. Februar 2016 12:14 An: FreeRadius users mailing list <freeradius-users@lists.freeradius.org> Betreff: Re: freeradius 3 + mysql configure
On Fri, Feb 26, 2016 at 6:10 PM, Kiefer, Jonas <jonas.kiefer@classen.de> wrote:
Hallo,
i change the settings on the switch to pap and it work:
Glad to hear that
(0) Cleaning up request packet ID 130 with timestamp +11
But i will use the safe variant.
You mean you want to use mschap?
Start by using "radtest -t mschap" to help isolate whether it's FR config problem or switch problem.
-- Fajar - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
hi, the request is coming from your switch and doing EAP radtest doesnt do EAP - so radtest wouldnt match same conditions. 2 options.... 1) use another testing tool so you hit the EAP section of the server - eg eapol_test or radeaptest 2) use radtest but point to the inner-tunnel port on the server (if you have that enabled...usually 18120) what you need to do is check the config of 'inner-tunnel' and ensure that the configuration matches your requirements (your default outer server is working when EAP is not in play) alternatively, this is because EAP config isnt correct on the client device - the CA cert RADIUS is using is not known/trusted by the client etc etc...... eapol_test is the tool that will help verify your RADIUS config is okay...once thats all fine then any further issues are generally the client....especially windows clients.... alan
Ah, OK. I forgot you use peap-mschapv2, which needs different testing method: - go to http://networkradius.com/freeradius-documentation/, download "Implementation Chapter 6 – EAP Authentication" - search "6.3.3 PEAP" - get a copy of eapol_test, and follow the instructions (adjust user/pass/secret to you config, obviously) I got a prebuilt copy from https://github.com/CESNET/rad_eap_test/raw/master/bin/eapol_test, then install libnl-3-200, libnl-genl-3-200, libpcsclite1 using apt-get. Compare the output from THAT with your output, the obvious one is that access accept should come in (10), while your log stops at (4). I suggest check your switch logs as to why it stops the ongoing EAP conversation. Or try the latest 3.0.11 from ppa which I uploaded a few days ago (I see you still use 3.0.10), just in case it's a known bug on FR side and was already fixed. -- Fajar
Hi,
I got a prebuilt copy from https://github.com/CESNET/rad_eap_test/raw/master/bin/eapol_test, then install libnl-3-200, libnl-genl-3-200, libpcsclite1 using apt-get.
eapol_test is part of wpa_supplicant. most sensible distros now provide the eapol_test util as part of that package (dumber ones dont do you need to compile eapol_test yourself after getting latest wpa_supplicant source code) if you need to compile, then the libnl packages are important (main library AND the development headers/includes - libnl-dev or libnl-3-dev or whatever they may be on your distro.....) alan
I update to 3.0.11. Now i test it with eapol_test: Server was built with: accounting : yes authentication : yes ascend-binary-attributes : yes coa : yes control-socket : yes detail : yes dhcp : yes dynamic-clients : yes osfc2 : no proxy : yes regex-pcre : no regex-posix : yes regex-posix-extended : yes session-management : yes stats : yes tcp : yes threads : yes tls : yes unlang : yes vmps : yes developer : no Server core libs: freeradius-server : 3.0.11 talloc : 2.0.* ssl : 1.0.1f release Endianness: little Compilation flags: cppflags : -D_FORTIFY_SOURCE=2 cflags : -I/build/freeradius-gSEJVu/freeradius-3.0.11 -I/build/freeradius-gSEJVu/freeradius-3.0.11/src -include /build/freeradius-gSEJVu/freeradius-3.0.11/src/freeradius-devel/autoconf.h -include /build/freeradius-gSEJVu/freeradius-3.0.11/src/freeradius-devel/build.h -include /build/freeradius-gSEJVu/freeradius-3.0.11/src/freeradius-devel/features.h -include /build/freeradius-gSEJVu/freeradius-3.0.11/src/freeradius-devel/radpaths.h -fno-strict-aliasing -g -O2 -fstack-protector --param=ssp-buffer-size=4 -Wformat -Werror=format-security -O2 -Wall -std=c99 -D_GNU_SOURCE -D_REENTRANT -D_POSIX_PTHREAD_SEMANTICS -DOPENSSL_NO_KRB5 -DNDEBUG -DIS_MODULE=1 ldflags : -Wl,-Bsymbolic-functions -Wl,-z,relro libs : -lcrypto -lssl -ltalloc -lcap -lnsl -lresolv -ldl -lpthread -lreadline Copyright (C) 1999-2016 The FreeRADIUS server project and contributors There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE You may redistribute copies of FreeRADIUS under the terms of the GNU General Public License For more information about these matters, see the file named COPYRIGHT Starting - reading configuration files ... including dictionary file /usr/share/freeradius/dictionary including dictionary file /usr/share/freeradius/dictionary.dhcp including dictionary file /usr/share/freeradius/dictionary.vqp including dictionary file /etc/freeradius/dictionary including configuration file /etc/freeradius/radiusd.conf including configuration file /etc/freeradius/proxy.conf including configuration file /etc/freeradius/clients.conf including files in directory /etc/freeradius/mods-enabled/ including configuration file /etc/freeradius/mods-enabled/linelog including configuration file /etc/freeradius/mods-enabled/soh including configuration file /etc/freeradius/mods-enabled/passwd including configuration file /etc/freeradius/mods-enabled/replicate including configuration file /etc/freeradius/mods-enabled/dynamic_clients including configuration file /etc/freeradius/mods-enabled/mschap including configuration file /etc/freeradius/mods-enabled/expr including configuration file /etc/freeradius/mods-enabled/cache_eap including configuration file /etc/freeradius/mods-enabled/files including configuration file /etc/freeradius/mods-enabled/unpack including configuration file /etc/freeradius/mods-enabled/detail.log including configuration file /etc/freeradius/mods-enabled/utf8 including configuration file /etc/freeradius/mods-enabled/always including configuration file /etc/freeradius/mods-enabled/unix including configuration file /etc/freeradius/mods-enabled/chap including configuration file /etc/freeradius/mods-enabled/detail including configuration file /etc/freeradius/mods-enabled/ntlm_auth including configuration file /etc/freeradius/mods-enabled/attr_filter including configuration file /etc/freeradius/mods-enabled/preprocess including configuration file /etc/freeradius/mods-enabled/realm including configuration file /etc/freeradius/mods-enabled/exec including configuration file /etc/freeradius/mods-enabled/sql including configuration file /etc/freeradius/mods-config/sql/main/mysql/queries.conf including configuration file /etc/freeradius/mods-enabled/logintime including configuration file /etc/freeradius/mods-enabled/sradutmp including configuration file /etc/freeradius/mods-enabled/digest including configuration file /etc/freeradius/mods-enabled/radutmp including configuration file /etc/freeradius/mods-enabled/eap including configuration file /etc/freeradius/mods-enabled/pap including configuration file /etc/freeradius/mods-enabled/expiration including configuration file /etc/freeradius/mods-enabled/echo including files in directory /etc/freeradius/policy.d/ including configuration file /etc/freeradius/policy.d/abfab-tr including configuration file /etc/freeradius/policy.d/control including configuration file /etc/freeradius/policy.d/cui including configuration file /etc/freeradius/policy.d/dhcp including configuration file /etc/freeradius/policy.d/accounting including configuration file /etc/freeradius/policy.d/canonicalization including configuration file /etc/freeradius/policy.d/debug including configuration file /etc/freeradius/policy.d/operator-name including configuration file /etc/freeradius/policy.d/filter including configuration file /etc/freeradius/policy.d/eap including files in directory /etc/freeradius/sites-enabled/ including configuration file /etc/freeradius/sites-enabled/default including configuration file /etc/freeradius/sites-enabled/inner-tunnel main { security { user = "freerad" group = "freerad" allow_core_dumps = no } name = "freeradius" prefix = "/usr" localstatedir = "/var" logdir = "/var/log/freeradius" run_dir = "/var/run/freeradius" } main { name = "freeradius" prefix = "/usr" localstatedir = "/var" sbindir = "/usr/sbin" logdir = "/var/log/freeradius" run_dir = "/var/run/freeradius" libdir = "/usr/lib/freeradius" radacctdir = "/var/log/freeradius/radacct" hostname_lookups = no max_request_time = 30 cleanup_delay = 5 max_requests = 16384 pidfile = "/var/run/freeradius/freeradius.pid" checkrad = "/usr/sbin/checkrad" debug_level = 0 proxy_requests = yes log { stripped_names = no auth = no auth_badpass = no auth_goodpass = no colourise = yes msg_denied = "You are already logged in - access denied" } resources { } security { max_attributes = 200 reject_delay = 1.000000 status_server = yes } } radiusd: #### Loading Realms and Home Servers #### proxy server { retry_delay = 5 retry_count = 3 default_fallback = no dead_time = 120 wake_all_if_all_dead = no } home_server localhost { ipaddr = 127.0.0.1 port = 1812 type = "auth" secret = <<< secret >>> response_window = 20.000000 response_timeouts = 1 max_outstanding = 65536 zombie_period = 40 status_check = "status-server" ping_interval = 30 check_interval = 30 check_timeout = 4 num_answers_to_alive = 3 revive_interval = 120 limit { max_connections = 16 max_requests = 0 lifetime = 0 idle_timeout = 0 } coa { irt = 2 mrt = 16 mrc = 5 mrd = 30 } } home_server_pool my_auth_failover { type = fail-over home_server = localhost } realm example.com { auth_pool = my_auth_failover } realm LOCAL { } radiusd: #### Loading Clients #### client localhost { ipaddr = 127.0.0.1 require_message_authenticator = no secret = <<< secret >>> nas_type = "other" proto = "*" limit { max_connections = 16 lifetime = 0 idle_timeout = 30 } } client localhost_ipv6 { ipv6addr = ::1 require_message_authenticator = no secret = <<< secret >>> limit { max_connections = 16 lifetime = 0 idle_timeout = 30 } } Debugger not attached # Creating Auth-Type = PAP # Creating Auth-Type = CHAP # Creating Auth-Type = MS-CHAP # Creating Auth-Type = digest # Creating Auth-Type = eap radiusd: #### Instantiating modules #### modules { # Loaded module rlm_linelog # Loading module "linelog" from file /etc/freeradius/mods-enabled/linelog linelog { filename = "/var/log/freeradius/linelog" escape_filenames = no syslog_severity = "info" permissions = 384 format = "This is a log message for %{User-Name}" reference = "messages.%{%{reply:Packet-Type}:-default}" } # Loading module "log_accounting" from file /etc/freeradius/mods-enabled/linelog linelog log_accounting { filename = "/var/log/freeradius/linelog-accounting" escape_filenames = no syslog_severity = "info" permissions = 384 format = "" reference = "Accounting-Request.%{%{Acct-Status-Type}:-unknown}" } # Loaded module rlm_soh # Loading module "soh" from file /etc/freeradius/mods-enabled/soh soh { dhcp = yes } # Loaded module rlm_passwd # Loading module "etc_passwd" from file /etc/freeradius/mods-enabled/passwd passwd etc_passwd { filename = "/etc/passwd" format = "*User-Name:Crypt-Password:" delimiter = ":" ignore_nislike = no ignore_empty = yes allow_multiple_keys = no hash_size = 100 } # Loaded module rlm_replicate # Loading module "replicate" from file /etc/freeradius/mods-enabled/replicate # Loaded module rlm_dynamic_clients # Loading module "dynamic_clients" from file /etc/freeradius/mods-enabled/dynamic_clients # Loaded module rlm_mschap # Loading module "mschap" from file /etc/freeradius/mods-enabled/mschap mschap { use_mppe = yes require_encryption = no require_strong = no with_ntdomain_hack = yes passchange { } allow_retry = yes } # Loaded module rlm_expr # Loading module "expr" from file /etc/freeradius/mods-enabled/expr expr { safe_characters = "@abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789.-_: /äéöüàâæçèéêëîïôœùûüaÿÄÉÖÜßÀÂÆÇÈÉÊËÎÏÔŒÙÛÜŸ" } # Loaded module rlm_cache # Loading module "cache_eap" from file /etc/freeradius/mods-enabled/cache_eap cache cache_eap { driver = "rlm_cache_rbtree" key = "%{%{control:State}:-%{%{reply:State}:-%{State}}}" ttl = 15 max_entries = 0 epoch = 0 add_stats = no } # Loaded module rlm_files # Loading module "files" from file /etc/freeradius/mods-enabled/files files { filename = "/etc/freeradius/mods-config/files/authorize" acctusersfile = "/etc/freeradius/mods-config/files/accounting" preproxy_usersfile = "/etc/freeradius/mods-config/files/pre-proxy" } # Loaded module rlm_unpack # Loading module "unpack" from file /etc/freeradius/mods-enabled/unpack # Loaded module rlm_detail # Loading module "auth_log" from file /etc/freeradius/mods-enabled/detail.log detail auth_log { filename = "/var/log/freeradius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d" header = "%t" permissions = 384 locking = no escape_filenames = no log_packet_header = no } # Loading module "reply_log" from file /etc/freeradius/mods-enabled/detail.log detail reply_log { filename = "/var/log/freeradius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/reply-detail-%Y%m%d" header = "%t" permissions = 384 locking = no escape_filenames = no log_packet_header = no } # Loading module "pre_proxy_log" from file /etc/freeradius/mods-enabled/detail.log detail pre_proxy_log { filename = "/var/log/freeradius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/pre-proxy-detail-%Y%m%d" header = "%t" permissions = 384 locking = no escape_filenames = no log_packet_header = no } # Loading module "post_proxy_log" from file /etc/freeradius/mods-enabled/detail.log detail post_proxy_log { filename = "/var/log/freeradius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/post-proxy-detail-%Y%m%d" header = "%t" permissions = 384 locking = no escape_filenames = no log_packet_header = no } # Loaded module rlm_utf8 # Loading module "utf8" from file /etc/freeradius/mods-enabled/utf8 # Loaded module rlm_always # Loading module "reject" from file /etc/freeradius/mods-enabled/always always reject { rcode = "reject" simulcount = 0 mpp = no } # Loading module "fail" from file /etc/freeradius/mods-enabled/always always fail { rcode = "fail" simulcount = 0 mpp = no } # Loading module "ok" from file /etc/freeradius/mods-enabled/always always ok { rcode = "ok" simulcount = 0 mpp = no } # Loading module "handled" from file /etc/freeradius/mods-enabled/always always handled { rcode = "handled" simulcount = 0 mpp = no } # Loading module "invalid" from file /etc/freeradius/mods-enabled/always always invalid { rcode = "invalid" simulcount = 0 mpp = no } # Loading module "userlock" from file /etc/freeradius/mods-enabled/always always userlock { rcode = "userlock" simulcount = 0 mpp = no } # Loading module "notfound" from file /etc/freeradius/mods-enabled/always always notfound { rcode = "notfound" simulcount = 0 mpp = no } # Loading module "noop" from file /etc/freeradius/mods-enabled/always always noop { rcode = "noop" simulcount = 0 mpp = no } # Loading module "updated" from file /etc/freeradius/mods-enabled/always always updated { rcode = "updated" simulcount = 0 mpp = no } # Loaded module rlm_unix # Loading module "unix" from file /etc/freeradius/mods-enabled/unix unix { radwtmp = "/var/log/freeradius/radwtmp" } Creating attribute Unix-Group # Loaded module rlm_chap # Loading module "chap" from file /etc/freeradius/mods-enabled/chap # Loading module "detail" from file /etc/freeradius/mods-enabled/detail detail { filename = "/var/log/freeradius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/detail-%Y%m%d" header = "%t" permissions = 384 locking = no escape_filenames = no log_packet_header = no } # Loaded module rlm_exec # Loading module "ntlm_auth" from file /etc/freeradius/mods-enabled/ntlm_auth exec ntlm_auth { wait = yes program = "/path/to/ntlm_auth --request-nt-key --domain=MYDOMAIN --username=%{mschap:User-Name} --password=%{User-Password}" shell_escape = yes } # Loaded module rlm_attr_filter # Loading module "attr_filter.post-proxy" from file /etc/freeradius/mods-enabled/attr_filter attr_filter attr_filter.post-proxy { filename = "/etc/freeradius/mods-config/attr_filter/post-proxy" key = "%{Realm}" relaxed = no } # Loading module "attr_filter.pre-proxy" from file /etc/freeradius/mods-enabled/attr_filter attr_filter attr_filter.pre-proxy { filename = "/etc/freeradius/mods-config/attr_filter/pre-proxy" key = "%{Realm}" relaxed = no } # Loading module "attr_filter.access_reject" from file /etc/freeradius/mods-enabled/attr_filter attr_filter attr_filter.access_reject { filename = "/etc/freeradius/mods-config/attr_filter/access_reject" key = "%{User-Name}" relaxed = no } # Loading module "attr_filter.access_challenge" from file /etc/freeradius/mods-enabled/attr_filter attr_filter attr_filter.access_challenge { filename = "/etc/freeradius/mods-config/attr_filter/access_challenge" key = "%{User-Name}" relaxed = no } # Loading module "attr_filter.accounting_response" from file /etc/freeradius/mods-enabled/attr_filter attr_filter attr_filter.accounting_response { filename = "/etc/freeradius/mods-config/attr_filter/accounting_response" key = "%{User-Name}" relaxed = no } # Loaded module rlm_preprocess # Loading module "preprocess" from file /etc/freeradius/mods-enabled/preprocess preprocess { huntgroups = "/etc/freeradius/mods-config/preprocess/huntgroups" hints = "/etc/freeradius/mods-config/preprocess/hints" with_ascend_hack = no ascend_channels_per_line = 23 with_ntdomain_hack = no with_specialix_jetstream_hack = no with_cisco_vsa_hack = no with_alvarion_vsa_hack = no } # Loaded module rlm_realm # Loading module "IPASS" from file /etc/freeradius/mods-enabled/realm realm IPASS { format = "prefix" delimiter = "/" ignore_default = no ignore_null = no } # Loading module "suffix" from file /etc/freeradius/mods-enabled/realm realm suffix { format = "suffix" delimiter = "@" ignore_default = no ignore_null = no } # Loading module "realmpercent" from file /etc/freeradius/mods-enabled/realm realm realmpercent { format = "suffix" delimiter = "%" ignore_default = no ignore_null = no } # Loading module "ntdomain" from file /etc/freeradius/mods-enabled/realm realm ntdomain { format = "prefix" delimiter = "\\" ignore_default = no ignore_null = no } # Loading module "exec" from file /etc/freeradius/mods-enabled/exec exec { wait = no input_pairs = "request" shell_escape = yes timeout = 10 } # Loaded module rlm_sql # Loading module "sql" from file /etc/freeradius/mods-enabled/sql sql { driver = "rlm_sql_mysql" server = "localhost" port = 3306 login = "freeradius" password = <<< secret >>> radius_db = "radius" read_groups = yes read_profiles = yes read_clients = yes delete_stale_sessions = yes sql_user_name = "%{User-Name}" default_user_profile = "" client_query = "SELECT id, nasname, shortname, type, secret, server FROM nas" authorize_check_query = "SELECT id, username, attribute, value, op FROM radcheck WHERE username = '%{SQL-User-Name}' ORDER BY id" authorize_reply_query = "SELECT id, username, attribute, value, op FROM radreply WHERE username = '%{SQL-User-Name}' ORDER BY id" authorize_group_check_query = "SELECT id, groupname, attribute, Value, op FROM radgroupcheck WHERE groupname = '%{SQL-Group}' ORDER BY id" authorize_group_reply_query = "SELECT id, groupname, attribute, value, op FROM radgroupreply WHERE groupname = '%{SQL-Group}' ORDER BY id" group_membership_query = "SELECT groupname FROM radusergroup WHERE username = '%{SQL-User-Name}' ORDER BY priority" simul_verify_query = "SELECT radacctid, acctsessionid, username, nasipaddress, nasportid, framedipaddress, callingstationid, framedprotocol FROM radacct WHERE username = '%{SQL-User-Name}' AND acctstoptime IS NULL" safe_characters = "@abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789.-_: /" accounting { reference = "%{tolower:type.%{Acct-Status-Type}.query}" type { accounting-on { query = "UPDATE radacct SET acctstoptime = FROM_UNIXTIME(%{integer:Event-Timestamp}), acctsessiontime = '%{integer:Event-Timestamp}' - UNIX_TIMESTAMP(acctstarttime), acctterminatecause = '%{%{Acct-Terminate-Cause}:-NAS-Reboot}' WHERE acctstoptime IS NULL AND nasipaddress = '%{NAS-IP-Address}' AND acctstarttime <= FROM_UNIXTIME(%{integer:Event-Timestamp})" } accounting-off { query = "UPDATE radacct SET acctstoptime = FROM_UNIXTIME(%{integer:Event-Timestamp}), acctsessiontime = '%{integer:Event-Timestamp}' - UNIX_TIMESTAMP(acctstarttime), acctterminatecause = '%{%{Acct-Terminate-Cause}:-NAS-Reboot}' WHERE acctstoptime IS NULL AND nasipaddress = '%{NAS-IP-Address}' AND acctstarttime <= FROM_UNIXTIME(%{integer:Event-Timestamp})" } start { query = "INSERT INTO radacct (acctsessionid, acctuniqueid, username, realm, nasipaddress, nasportid, nasporttype, acctstarttime, acctupdatetime, acctstoptime, acctsessiontime, acctauthentic, connectinfo_start, connectinfo_stop, acctinputoctets, acctoutputoctets, calledstationid, callingstationid, acctterminatecause, servicetype, framedprotocol, framedipaddress) VALUES ('%{Acct-Session-Id}', '%{Acct-Unique-Session-Id}', '%{SQL-User-Name}', '%{Realm}', '%{NAS-IP-Address}', '%{%{NAS-Port-ID}:-%{NAS-Port}}', '%{NAS-Port-Type}', FROM_UNIXTIME(%{integer:Event-Timestamp}), FROM_UNIXTIME(%{integer:Event-Timestamp}), NULL, '0', '%{Acct-Authentic}', '%{Connect-Info}', '', '0', '0', '%{Called-Station-Id}', '%{Calling-Station-Id}', '', '%{Service-Type}', '%{Framed-Protocol}', '%{Framed-IP-Address}')" } interim-update { query = "UPDATE radacct SET acctupdatetime = (@acctupdatetime_old:=acctupdatetime), acctupdatetime = FROM_UNIXTIME(%{integer:Event-Timestamp}), acctinterval = %{integer:Event-Timestamp} - UNIX_TIMESTAMP(@acctupdatetime_old), framedipaddress = '%{Framed-IP-Address}', acctsessiontime = %{%{Acct-Session-Time}:-NULL}, acctinputoctets = '%{%{Acct-Input-Gigawords}:-0}' << 32 | '%{%{Acct-Input-Octets}:-0}', acctoutputoctets = '%{%{Acct-Output-Gigawords}:-0}' << 32 | '%{%{Acct-Output-Octets}:-0}' WHERE AcctUniqueId = '%{Acct-Unique-Session-Id}'" } stop { query = "UPDATE radacct SET acctstoptime = FROM_UNIXTIME(%{integer:Event-Timestamp}), acctsessiontime = %{%{Acct-Session-Time}:-NULL}, acctinputoctets = '%{%{Acct-Input-Gigawords}:-0}' << 32 | '%{%{Acct-Input-Octets}:-0}', acctoutputoctets = '%{%{Acct-Output-Gigawords}:-0}' << 32 | '%{%{Acct-Output-Octets}:-0}', acctterminatecause = '%{Acct-Terminate-Cause}', connectinfo_stop = '%{Connect-Info}' WHERE AcctUniqueId = '%{Acct-Unique-Session-Id}'" } } } post-auth { reference = ".query" query = "INSERT INTO radpostauth (username, pass, reply, authdate) VALUES ( '%{SQL-User-Name}', '%{%{User-Password}:-%{Chap-Password}}', '%{reply:Packet-Type}', '%S')" } } rlm_sql (sql): Driver rlm_sql_mysql (module rlm_sql_mysql) loaded and linked Creating attribute SQL-Group # Loaded module rlm_logintime # Loading module "logintime" from file /etc/freeradius/mods-enabled/logintime logintime { minimum_timeout = 60 } # Loaded module rlm_radutmp # Loading module "sradutmp" from file /etc/freeradius/mods-enabled/sradutmp radutmp sradutmp { filename = "/var/log/freeradius/sradutmp" username = "%{User-Name}" case_sensitive = yes check_with_nas = yes permissions = 420 caller_id = no } # Loaded module rlm_digest # Loading module "digest" from file /etc/freeradius/mods-enabled/digest # Loading module "radutmp" from file /etc/freeradius/mods-enabled/radutmp radutmp { filename = "/var/log/freeradius/radutmp" username = "%{User-Name}" case_sensitive = yes check_with_nas = yes permissions = 384 caller_id = yes } # Loaded module rlm_eap # Loading module "eap" from file /etc/freeradius/mods-enabled/eap eap { default_eap_type = "md5" timer_expire = 60 ignore_unknown_eap_types = no cisco_accounting_username_bug = no max_sessions = 16384 } # Loaded module rlm_pap # Loading module "pap" from file /etc/freeradius/mods-enabled/pap pap { normalise = yes } # Loaded module rlm_expiration # Loading module "expiration" from file /etc/freeradius/mods-enabled/expiration # Loading module "echo" from file /etc/freeradius/mods-enabled/echo exec echo { wait = yes program = "/bin/echo %{User-Name}" input_pairs = "request" output_pairs = "reply" shell_escape = yes } instantiate { } # Instantiating module "linelog" from file /etc/freeradius/mods-enabled/linelog # Instantiating module "log_accounting" from file /etc/freeradius/mods-enabled/linelog # Instantiating module "etc_passwd" from file /etc/freeradius/mods-enabled/passwd rlm_passwd: nfields: 3 keyfield 0(User-Name) listable: no # Instantiating module "mschap" from file /etc/freeradius/mods-enabled/mschap rlm_mschap (mschap): using internal authentication # Instantiating module "cache_eap" from file /etc/freeradius/mods-enabled/cache_eap rlm_cache (cache_eap): Driver rlm_cache_rbtree (module rlm_cache_rbtree) loaded and linked # Instantiating module "files" from file /etc/freeradius/mods-enabled/files reading pairlist file /etc/freeradius/mods-config/files/authorize reading pairlist file /etc/freeradius/mods-config/files/accounting reading pairlist file /etc/freeradius/mods-config/files/pre-proxy # Instantiating module "auth_log" from file /etc/freeradius/mods-enabled/detail.log rlm_detail (auth_log): 'User-Password' suppressed, will not appear in detail output # Instantiating module "reply_log" from file /etc/freeradius/mods-enabled/detail.log # Instantiating module "pre_proxy_log" from file /etc/freeradius/mods-enabled/detail.log # Instantiating module "post_proxy_log" from file /etc/freeradius/mods-enabled/detail.log # Instantiating module "reject" from file /etc/freeradius/mods-enabled/always # Instantiating module "fail" from file /etc/freeradius/mods-enabled/always # Instantiating module "ok" from file /etc/freeradius/mods-enabled/always # Instantiating module "handled" from file /etc/freeradius/mods-enabled/always # Instantiating module "invalid" from file /etc/freeradius/mods-enabled/always # Instantiating module "userlock" from file /etc/freeradius/mods-enabled/always # Instantiating module "notfound" from file /etc/freeradius/mods-enabled/always # Instantiating module "noop" from file /etc/freeradius/mods-enabled/always # Instantiating module "updated" from file /etc/freeradius/mods-enabled/always # Instantiating module "detail" from file /etc/freeradius/mods-enabled/detail # Instantiating module "attr_filter.post-proxy" from file /etc/freeradius/mods-enabled/attr_filter reading pairlist file /etc/freeradius/mods-config/attr_filter/post-proxy # Instantiating module "attr_filter.pre-proxy" from file /etc/freeradius/mods-enabled/attr_filter reading pairlist file /etc/freeradius/mods-config/attr_filter/pre-proxy # Instantiating module "attr_filter.access_reject" from file /etc/freeradius/mods-enabled/attr_filter reading pairlist file /etc/freeradius/mods-config/attr_filter/access_reject [/etc/freeradius/mods-config/attr_filter/access_reject]:11 Check item "FreeRADIUS-Response-Delay" found in filter list for realm "DEFAULT". [/etc/freeradius/mods-config/attr_filter/access_reject]:11 Check item "FreeRADIUS-Response-Delay-USec" found in filter list for realm "DEFAULT". # Instantiating module "attr_filter.access_challenge" from file /etc/freeradius/mods-enabled/attr_filter reading pairlist file /etc/freeradius/mods-config/attr_filter/access_challenge # Instantiating module "attr_filter.accounting_response" from file /etc/freeradius/mods-enabled/attr_filter reading pairlist file /etc/freeradius/mods-config/attr_filter/accounting_response # Instantiating module "preprocess" from file /etc/freeradius/mods-enabled/preprocess reading pairlist file /etc/freeradius/mods-config/preprocess/huntgroups reading pairlist file /etc/freeradius/mods-config/preprocess/hints # Instantiating module "IPASS" from file /etc/freeradius/mods-enabled/realm # Instantiating module "suffix" from file /etc/freeradius/mods-enabled/realm # Instantiating module "realmpercent" from file /etc/freeradius/mods-enabled/realm # Instantiating module "ntdomain" from file /etc/freeradius/mods-enabled/realm # Instantiating module "sql" from file /etc/freeradius/mods-enabled/sql rlm_sql_mysql: libmysql version: 5.5.47 mysql { tls { } warnings = "auto" } rlm_sql (sql): Attempting to connect to database "radius" rlm_sql (sql): Initialising connection pool pool { start = 5 min = 3 max = 32 spare = 10 uses = 0 lifetime = 0 cleanup_interval = 30 idle_timeout = 60 retry_delay = 30 spread = no } rlm_sql (sql): Opening additional connection (0), 1 of 32 pending slots used rlm_sql_mysql: Starting connect to MySQL server rlm_sql_mysql: Connected to database 'radius' on Localhost via UNIX socket, server version 5.5.47-0ubuntu0.14.04.1, protocol version 10 rlm_sql (sql): Opening additional connection (1), 1 of 31 pending slots used rlm_sql_mysql: Starting connect to MySQL server rlm_sql_mysql: Connected to database 'radius' on Localhost via UNIX socket, server version 5.5.47-0ubuntu0.14.04.1, protocol version 10 rlm_sql (sql): Opening additional connection (2), 1 of 30 pending slots used rlm_sql_mysql: Starting connect to MySQL server rlm_sql_mysql: Connected to database 'radius' on Localhost via UNIX socket, server version 5.5.47-0ubuntu0.14.04.1, protocol version 10 rlm_sql (sql): Opening additional connection (3), 1 of 29 pending slots used rlm_sql_mysql: Starting connect to MySQL server rlm_sql_mysql: Connected to database 'radius' on Localhost via UNIX socket, server version 5.5.47-0ubuntu0.14.04.1, protocol version 10 rlm_sql (sql): Opening additional connection (4), 1 of 28 pending slots used rlm_sql_mysql: Starting connect to MySQL server rlm_sql_mysql: Connected to database 'radius' on Localhost via UNIX socket, server version 5.5.47-0ubuntu0.14.04.1, protocol version 10 rlm_sql (sql): Processing generate_sql_clients rlm_sql (sql) in generate_sql_clients: query is SELECT id, nasname, shortname, type, secret, server FROM nas rlm_sql (sql): Reserved connection (0) rlm_sql (sql): Executing select query: SELECT id, nasname, shortname, type, secret, server FROM nas rlm_sql (sql): Adding client 192.168.6.0/24 () to global clients list rlm_sql (192.168.6.0): Client "" (sql) added rlm_sql (sql): Released connection (0) rlm_sql (sql): Need 5 more connections to reach 10 spares rlm_sql (sql): Opening additional connection (5), 1 of 27 pending slots used rlm_sql_mysql: Starting connect to MySQL server rlm_sql_mysql: Connected to database 'radius' on Localhost via UNIX socket, server version 5.5.47-0ubuntu0.14.04.1, protocol version 10 # Instantiating module "logintime" from file /etc/freeradius/mods-enabled/logintime # Instantiating module "eap" from file /etc/freeradius/mods-enabled/eap # Linked to sub-module rlm_eap_md5 # Linked to sub-module rlm_eap_leap # Linked to sub-module rlm_eap_gtc gtc { challenge = "Password: " auth_type = "PAP" } # Linked to sub-module rlm_eap_tls tls { tls = "tls-common" } tls-config tls-common { verify_depth = 0 ca_path = "/etc/freeradius/certs" pem_file_type = yes private_key_file = "/etc/freeradius/certs/server.pem" certificate_file = "/etc/freeradius/certs/server.pem" ca_file = "/etc/freeradius/certs/ca.pem" private_key_password = <<< secret >>> dh_file = "/etc/freeradius/certs/dh" fragment_size = 1024 include_length = yes auto_chain = yes check_crl = no check_all_crl = no cipher_list = "DEFAULT" ecdh_curve = "prime256v1" cache { enable = yes lifetime = 24 max_entries = 255 } verify { skip_if_ocsp_ok = no } ocsp { enable = no override_cert_url = yes url = "http://127.0.0.1/ocsp/" use_nonce = yes timeout = 0 softfail = no } } # Linked to sub-module rlm_eap_ttls ttls { tls = "tls-common" default_eap_type = "md5" copy_request_to_tunnel = no use_tunneled_reply = no virtual_server = "inner-tunnel" include_length = yes require_client_cert = no } tls: Using cached TLS configuration from previous invocation # Linked to sub-module rlm_eap_peap peap { tls = "tls-common" default_eap_type = "mschapv2" copy_request_to_tunnel = no use_tunneled_reply = no proxy_tunneled_request_as_eap = yes virtual_server = "inner-tunnel" soh = no require_client_cert = no } tls: Using cached TLS configuration from previous invocation # Linked to sub-module rlm_eap_mschapv2 mschapv2 { with_ntdomain_hack = no send_error = no } # Instantiating module "pap" from file /etc/freeradius/mods-enabled/pap # Instantiating module "expiration" from file /etc/freeradius/mods-enabled/expiration } # modules radiusd: #### Loading Virtual Servers #### server { # from file /etc/freeradius/radiusd.conf } # server server default { # from file /etc/freeradius/sites-enabled/default # Loading authenticate {...} # Loading authorize {...} Ignoring "ldap" (see raddb/mods-available/README.rst) # Loading preacct {...} # Loading accounting {...} # Loading session {...} # Loading post-proxy {...} # Loading post-auth {...} } # server default server inner-tunnel { # from file /etc/freeradius/sites-enabled/inner-tunnel # Loading authenticate {...} # Loading authorize {...} # Loading session {...} # Loading post-proxy {...} # Loading post-auth {...} } # server inner-tunnel radiusd: #### Opening IP addresses and Ports #### listen { type = "auth" ipaddr = * port = 0 limit { max_connections = 16 lifetime = 0 idle_timeout = 30 } } listen { type = "acct" ipaddr = * port = 0 limit { max_connections = 16 lifetime = 0 idle_timeout = 30 } } listen { type = "auth" ipv6addr = :: port = 0 limit { max_connections = 16 lifetime = 0 idle_timeout = 30 } } listen { type = "acct" ipv6addr = :: port = 0 limit { max_connections = 16 lifetime = 0 idle_timeout = 30 } } listen { type = "auth" ipaddr = 127.0.0.1 port = 18120 } Listening on auth address * port 1812 bound to server default Listening on acct address * port 1813 bound to server default Listening on auth address :: port 1812 bound to server default Listening on acct address :: port 1813 bound to server default Listening on auth address 127.0.0.1 port 18120 bound to server inner-tunnel Listening on proxy address * port 49665 Listening on proxy address :: port 51993 Ready to process requests (0) Received Access-Request Id 0 from 127.0.0.1:38324 to 127.0.0.1:1812 length 116 (0) User-Name = "test" (0) NAS-IP-Address = 127.0.0.1 (0) Calling-Station-Id = "02-00-00-00-00-01" (0) Framed-MTU = 1400 (0) NAS-Port-Type = Wireless-802.11 (0) Connect-Info = "CONNECT 11Mbps 802.11b" (0) EAP-Message = 0x020000090174657374 (0) Message-Authenticator = 0xcab480d132c90f18c483ad015e32a426 (0) # Executing section authorize from file /etc/freeradius/sites-enabled/default (0) authorize { (0) [preprocess] = ok (0) [chap] = noop (0) [mschap] = noop (0) [digest] = noop (0) suffix: Checking for suffix after "@" (0) suffix: No '@' in User-Name = "test", looking up realm NULL (0) suffix: No such realm "NULL" (0) [suffix] = noop (0) eap: Peer sent EAP Response (code 2) ID 0 length 9 (0) eap: EAP-Identity reply, returning 'ok' so we can short-circuit the rest of authorize (0) [eap] = ok (0) } # authorize = ok (0) Found Auth-Type = eap (0) # Executing group from file /etc/freeradius/sites-enabled/default (0) authenticate { (0) eap: Peer sent packet with method EAP Identity (1) (0) eap: Calling submodule eap_md5 to process data (0) eap_md5: Issuing MD5 Challenge (0) eap: Sending EAP Request (code 1) ID 1 length 22 (0) eap: EAP session adding &reply:State = 0xa68523cba68427dc (0) [eap] = handled (0) } # authenticate = handled (0) Using Post-Auth-Type Challenge (0) Post-Auth-Type sub-section not found. Ignoring. (0) # Executing group from file /etc/freeradius/sites-enabled/default (0) Sent Access-Challenge Id 0 from 127.0.0.1:1812 to 127.0.0.1:38324 length 0 (0) EAP-Message = 0x01010016041004021f08188657393d0ac659a51c5662 (0) Message-Authenticator = 0x00000000000000000000000000000000 (0) State = 0xa68523cba68427dc7e7bb043b5521a10 (0) Finished request Waking up in 4.9 seconds. (1) Received Access-Request Id 1 from 127.0.0.1:38324 to 127.0.0.1:1812 length 131 (1) User-Name = "test" (1) NAS-IP-Address = 127.0.0.1 (1) Calling-Station-Id = "02-00-00-00-00-01" (1) Framed-MTU = 1400 (1) NAS-Port-Type = Wireless-802.11 (1) Connect-Info = "CONNECT 11Mbps 802.11b" (1) EAP-Message = 0x020100060319 (1) State = 0xa68523cba68427dc7e7bb043b5521a10 (1) Message-Authenticator = 0x0b7d983f222c5e8535d5068143ca8e5d (1) session-state: No cached attributes (1) # Executing section authorize from file /etc/freeradius/sites-enabled/default (1) authorize { (1) [preprocess] = ok (1) [chap] = noop (1) [mschap] = noop (1) [digest] = noop (1) suffix: Checking for suffix after "@" (1) suffix: No '@' in User-Name = "test", looking up realm NULL (1) suffix: No such realm "NULL" (1) [suffix] = noop (1) eap: Peer sent EAP Response (code 2) ID 1 length 6 (1) eap: No EAP Start, assuming it's an on-going EAP conversation (1) [eap] = updated (1) [files] = noop (1) sql: EXPAND %{User-Name} (1) sql: --> test (1) sql: SQL-User-Name set to 'test' rlm_sql (sql): Reserved connection (1) (1) sql: EXPAND SELECT id, username, attribute, value, op FROM radcheck WHERE username = '%{SQL-User-Name}' ORDER BY id (1) sql: --> SELECT id, username, attribute, value, op FROM radcheck WHERE username = 'test' ORDER BY id (1) sql: Executing select query: SELECT id, username, attribute, value, op FROM radcheck WHERE username = 'test' ORDER BY id (1) sql: User found in radcheck table (1) sql: Conditional check items matched, merging assignment check items (1) sql: Cleartext-Password := "test" (1) sql: EXPAND SELECT id, username, attribute, value, op FROM radreply WHERE username = '%{SQL-User-Name}' ORDER BY id (1) sql: --> SELECT id, username, attribute, value, op FROM radreply WHERE username = 'test' ORDER BY id (1) sql: Executing select query: SELECT id, username, attribute, value, op FROM radreply WHERE username = 'test' ORDER BY id (1) sql: EXPAND SELECT groupname FROM radusergroup WHERE username = '%{SQL-User-Name}' ORDER BY priority (1) sql: --> SELECT groupname FROM radusergroup WHERE username = 'test' ORDER BY priority (1) sql: Executing select query: SELECT groupname FROM radusergroup WHERE username = 'test' ORDER BY priority (1) sql: User found in the group table (1) sql: EXPAND SELECT id, groupname, attribute, Value, op FROM radgroupcheck WHERE groupname = '%{SQL-Group}' ORDER BY id (1) sql: --> SELECT id, groupname, attribute, Value, op FROM radgroupcheck WHERE groupname = 'HP-Procurve-Switch' ORDER BY id (1) sql: Executing select query: SELECT id, groupname, attribute, Value, op FROM radgroupcheck WHERE groupname = 'HP-Procurve-Switch' ORDER BY id (1) sql: Group "HP-Procurve-Switch": Conditional check items matched (1) sql: Group "HP-Procurve-Switch": Merging assignment check items (1) sql: EXPAND SELECT id, groupname, attribute, value, op FROM radgroupreply WHERE groupname = '%{SQL-Group}' ORDER BY id (1) sql: --> SELECT id, groupname, attribute, value, op FROM radgroupreply WHERE groupname = 'HP-Procurve-Switch' ORDER BY id (1) sql: Executing select query: SELECT id, groupname, attribute, value, op FROM radgroupreply WHERE groupname = 'HP-Procurve-Switch' ORDER BY id (1) sql: Group "HP-Procurve-Switch": Merging reply items (1) sql: Service-Type = Administrative-User rlm_sql (sql): Released connection (1) rlm_sql (sql): Need 4 more connections to reach 10 spares rlm_sql (sql): Opening additional connection (6), 1 of 26 pending slots used rlm_sql_mysql: Starting connect to MySQL server rlm_sql_mysql: Connected to database 'radius' on Localhost via UNIX socket, server version 5.5.47-0ubuntu0.14.04.1, protocol version 10 (1) [sql] = ok (1) [expiration] = noop (1) [logintime] = noop (1) pap: WARNING: Auth-Type already set. Not setting to PAP (1) [pap] = noop (1) } # authorize = updated (1) Found Auth-Type = eap (1) # Executing group from file /etc/freeradius/sites-enabled/default (1) authenticate { (1) eap: Expiring EAP session with state 0xa68523cba68427dc (1) eap: Finished EAP session with state 0xa68523cba68427dc (1) eap: Previous EAP request found for state 0xa68523cba68427dc, released from the list (1) eap: Peer sent packet with method EAP NAK (3) (1) eap: Found mutually acceptable type PEAP (25) (1) eap: Calling submodule eap_peap to process data (1) eap_peap: Initiating new EAP-TLS session (1) eap_peap: Flushing SSL sessions (of #0) (1) eap_peap: [eaptls start] = request (1) eap: Sending EAP Request (code 1) ID 2 length 6 (1) eap: EAP session adding &reply:State = 0xa68523cba7873adc (1) [eap] = handled (1) } # authenticate = handled (1) Using Post-Auth-Type Challenge (1) Post-Auth-Type sub-section not found. Ignoring. (1) # Executing group from file /etc/freeradius/sites-enabled/default (1) Sent Access-Challenge Id 1 from 127.0.0.1:1812 to 127.0.0.1:38324 length 0 (1) Service-Type = Administrative-User (1) EAP-Message = 0x010200061920 (1) Message-Authenticator = 0x00000000000000000000000000000000 (1) State = 0xa68523cba7873adc7e7bb043b5521a10 (1) Finished request Waking up in 4.9 seconds. (2) Received Access-Request Id 2 from 127.0.0.1:38324 to 127.0.0.1:1812 length 422 (2) User-Name = "test" (2) NAS-IP-Address = 127.0.0.1 (2) Calling-Station-Id = "02-00-00-00-00-01" (2) Framed-MTU = 1400 (2) NAS-Port-Type = Wireless-802.11 (2) Connect-Info = "CONNECT 11Mbps 802.11b" (2) EAP-Message = 0x0202012719800000011d160301011801000114030383fcbcc67fa94b38a067540ee6046aa743925691082a7023681e625761e133c1000082c030c02cc028c024c014c00a00a3009f006b006a0039003800880087c032c02ec02ac026c00fc005009d003d00350084c012c00800160013c00dc003000ac0 (2) State = 0xa68523cba7873adc7e7bb043b5521a10 (2) Message-Authenticator = 0xf752aa77a7dd5f1a9c0f4021bca83091 (2) session-state: No cached attributes (2) # Executing section authorize from file /etc/freeradius/sites-enabled/default (2) authorize { (2) [preprocess] = ok (2) [chap] = noop (2) [mschap] = noop (2) [digest] = noop (2) suffix: Checking for suffix after "@" (2) suffix: No '@' in User-Name = "test", looking up realm NULL (2) suffix: No such realm "NULL" (2) [suffix] = noop (2) eap: Peer sent EAP Response (code 2) ID 2 length 295 (2) eap: Continuing tunnel setup (2) [eap] = ok (2) } # authorize = ok (2) Found Auth-Type = eap (2) # Executing group from file /etc/freeradius/sites-enabled/default (2) authenticate { (2) eap: Expiring EAP session with state 0xa68523cba7873adc (2) eap: Finished EAP session with state 0xa68523cba7873adc (2) eap: Previous EAP request found for state 0xa68523cba7873adc, released from the list (2) eap: Peer sent packet with method EAP PEAP (25) (2) eap: Calling submodule eap_peap to process data (2) eap_peap: Continuing EAP-TLS (2) eap_peap: Peer indicated complete TLS record size will be 285 bytes (2) eap_peap: Got complete TLS record (285 bytes) (2) eap_peap: [eaptls verify] = length included (2) eap_peap: (other): before/accept initialization (2) eap_peap: TLS_accept: before/accept initialization (2) eap_peap: <<< recv TLS 1.2 [length 0118] (2) eap_peap: TLS_accept: SSLv3 read client hello A (2) eap_peap: >>> send TLS 1.2 [length 005e] (2) eap_peap: TLS_accept: SSLv3 write server hello A (2) eap_peap: >>> send TLS 1.2 [length 08d3] (2) eap_peap: TLS_accept: SSLv3 write certificate A (2) eap_peap: >>> send TLS 1.2 [length 014d] (2) eap_peap: TLS_accept: SSLv3 write key exchange A (2) eap_peap: >>> send TLS 1.2 [length 0004] (2) eap_peap: TLS_accept: SSLv3 write server done A (2) eap_peap: TLS_accept: SSLv3 flush data (2) eap_peap: TLS_accept: Need to read more data: SSLv3 read client certificate A (2) eap_peap: TLS_accept: Need to read more data: SSLv3 read client certificate A (2) eap_peap: In SSL Handshake Phase (2) eap_peap: In SSL Accept mode (2) eap_peap: [eaptls process] = handled (2) eap: Sending EAP Request (code 1) ID 3 length 1004 (2) eap: EAP session adding &reply:State = 0xa68523cba4863adc (2) [eap] = handled (2) } # authenticate = handled (2) Using Post-Auth-Type Challenge (2) Post-Auth-Type sub-section not found. Ignoring. (2) # Executing group from file /etc/freeradius/sites-enabled/default (2) Sent Access-Challenge Id 2 from 127.0.0.1:1812 to 127.0.0.1:38324 length 0 (2) EAP-Message = 0x010303ec19c000000a96160303005e0200005a03031aac7c5482d3c4c900057b03ab7af95b4ad0e97fb264a5108aff853a4e1cd4d6200c307b1665e9b4501860575573ab8813b8b8039fd2349c1a8f416e8a16e065bfc030000012ff01000100000b000403000102000f00010116030308d30b0008cf00 (2) Message-Authenticator = 0x00000000000000000000000000000000 (2) State = 0xa68523cba4863adc7e7bb043b5521a10 (2) Finished request Waking up in 4.9 seconds. (3) Received Access-Request Id 3 from 127.0.0.1:38324 to 127.0.0.1:1812 length 131 (3) User-Name = "test" (3) NAS-IP-Address = 127.0.0.1 (3) Calling-Station-Id = "02-00-00-00-00-01" (3) Framed-MTU = 1400 (3) NAS-Port-Type = Wireless-802.11 (3) Connect-Info = "CONNECT 11Mbps 802.11b" (3) EAP-Message = 0x020300061900 (3) State = 0xa68523cba4863adc7e7bb043b5521a10 (3) Message-Authenticator = 0xd6eb943426cfd5c2bcefcaa6e0da246e (3) session-state: No cached attributes (3) # Executing section authorize from file /etc/freeradius/sites-enabled/default (3) authorize { (3) [preprocess] = ok (3) [chap] = noop (3) [mschap] = noop (3) [digest] = noop (3) suffix: Checking for suffix after "@" (3) suffix: No '@' in User-Name = "test", looking up realm NULL (3) suffix: No such realm "NULL" (3) [suffix] = noop (3) eap: Peer sent EAP Response (code 2) ID 3 length 6 (3) eap: Continuing tunnel setup (3) [eap] = ok (3) } # authorize = ok (3) Found Auth-Type = eap (3) # Executing group from file /etc/freeradius/sites-enabled/default (3) authenticate { (3) eap: Expiring EAP session with state 0xa68523cba4863adc (3) eap: Finished EAP session with state 0xa68523cba4863adc (3) eap: Previous EAP request found for state 0xa68523cba4863adc, released from the list (3) eap: Peer sent packet with method EAP PEAP (25) (3) eap: Calling submodule eap_peap to process data (3) eap_peap: Continuing EAP-TLS (3) eap_peap: Peer ACKed our handshake fragment (3) eap_peap: [eaptls verify] = request (3) eap_peap: [eaptls process] = handled (3) eap: Sending EAP Request (code 1) ID 4 length 1000 (3) eap: EAP session adding &reply:State = 0xa68523cba5813adc (3) [eap] = handled (3) } # authenticate = handled (3) Using Post-Auth-Type Challenge (3) Post-Auth-Type sub-section not found. Ignoring. (3) # Executing group from file /etc/freeradius/sites-enabled/default (3) Sent Access-Challenge Id 3 from 127.0.0.1:1812 to 127.0.0.1:38324 length 0 (3) EAP-Message = 0x010403e81940c95554ec3639736689cf3b9c8353d56a5685b43c37f46e0cd6a1c7903aa76984aa8740c82df8d7e54ac0028e4acb7016fb031b9e8d801916efbc80b0502432c9edfe776560ac6860c8c92f7dcc0602db1761dd3cdeedc764a04c9323ec69c92a4cae841cb61bfcde2132df31e7d70004e8 (3) Message-Authenticator = 0x00000000000000000000000000000000 (3) State = 0xa68523cba5813adc7e7bb043b5521a10 (3) Finished request Waking up in 4.9 seconds. (4) Received Access-Request Id 4 from 127.0.0.1:38324 to 127.0.0.1:1812 length 131 (4) User-Name = "test" (4) NAS-IP-Address = 127.0.0.1 (4) Calling-Station-Id = "02-00-00-00-00-01" (4) Framed-MTU = 1400 (4) NAS-Port-Type = Wireless-802.11 (4) Connect-Info = "CONNECT 11Mbps 802.11b" (4) EAP-Message = 0x020400061900 (4) State = 0xa68523cba5813adc7e7bb043b5521a10 (4) Message-Authenticator = 0xa0d9b819b68dc6139aa47e27008c5302 (4) session-state: No cached attributes (4) # Executing section authorize from file /etc/freeradius/sites-enabled/default (4) authorize { (4) [preprocess] = ok (4) [chap] = noop (4) [mschap] = noop (4) [digest] = noop (4) suffix: Checking for suffix after "@" (4) suffix: No '@' in User-Name = "test", looking up realm NULL (4) suffix: No such realm "NULL" (4) [suffix] = noop (4) eap: Peer sent EAP Response (code 2) ID 4 length 6 (4) eap: Continuing tunnel setup (4) [eap] = ok (4) } # authorize = ok (4) Found Auth-Type = eap (4) # Executing group from file /etc/freeradius/sites-enabled/default (4) authenticate { (4) eap: Expiring EAP session with state 0xa68523cba5813adc (4) eap: Finished EAP session with state 0xa68523cba5813adc (4) eap: Previous EAP request found for state 0xa68523cba5813adc, released from the list (4) eap: Peer sent packet with method EAP PEAP (25) (4) eap: Calling submodule eap_peap to process data (4) eap_peap: Continuing EAP-TLS (4) eap_peap: Peer ACKed our handshake fragment (4) eap_peap: [eaptls verify] = request (4) eap_peap: [eaptls process] = handled (4) eap: Sending EAP Request (code 1) ID 5 length 728 (4) eap: EAP session adding &reply:State = 0xa68523cba2803adc (4) [eap] = handled (4) } # authenticate = handled (4) Using Post-Auth-Type Challenge (4) Post-Auth-Type sub-section not found. Ignoring. (4) # Executing group from file /etc/freeradius/sites-enabled/default (4) Sent Access-Challenge Id 4 from 127.0.0.1:1812 to 127.0.0.1:38324 length 0 (4) EAP-Message = 0x010502d81900696361746520417574686f726974798209008811b646e6d0eb27300f0603551d130101ff040530030101ff30360603551d1f042f302d302ba029a0278625687474703a2f2f7777772e6578616d706c652e6f72672f6578616d706c655f63612e63726c300d06092a864886f70d01010b05 (4) Message-Authenticator = 0x00000000000000000000000000000000 (4) State = 0xa68523cba2803adc7e7bb043b5521a10 (4) Finished request Waking up in 4.9 seconds. (5) Received Access-Request Id 5 from 127.0.0.1:38324 to 127.0.0.1:1812 length 261 (5) User-Name = "test" (5) NAS-IP-Address = 127.0.0.1 (5) Calling-Station-Id = "02-00-00-00-00-01" (5) Framed-MTU = 1400 (5) NAS-Port-Type = Wireless-802.11 (5) Connect-Info = "CONNECT 11Mbps 802.11b" (5) EAP-Message = 0x0205008819800000007e16030300461000004241046f921dd77b6c2958de5cf0c47f2938a1591dbe3bcf005182706ad530d544d19b72769c632897d969caa590f01b0c47f75eb91f94206b475723e67b8062e20e65140303000101160303002834e045351687f90db5f1a4bfded04bb589a879ac9c5045 (5) State = 0xa68523cba2803adc7e7bb043b5521a10 (5) Message-Authenticator = 0xe9f189023217228ed0e0bddb03382945 (5) session-state: No cached attributes (5) # Executing section authorize from file /etc/freeradius/sites-enabled/default (5) authorize { (5) [preprocess] = ok (5) [chap] = noop (5) [mschap] = noop (5) [digest] = noop (5) suffix: Checking for suffix after "@" (5) suffix: No '@' in User-Name = "test", looking up realm NULL (5) suffix: No such realm "NULL" (5) [suffix] = noop (5) eap: Peer sent EAP Response (code 2) ID 5 length 136 (5) eap: Continuing tunnel setup (5) [eap] = ok (5) } # authorize = ok (5) Found Auth-Type = eap (5) # Executing group from file /etc/freeradius/sites-enabled/default (5) authenticate { (5) eap: Expiring EAP session with state 0xa68523cba2803adc (5) eap: Finished EAP session with state 0xa68523cba2803adc (5) eap: Previous EAP request found for state 0xa68523cba2803adc, released from the list (5) eap: Peer sent packet with method EAP PEAP (25) (5) eap: Calling submodule eap_peap to process data (5) eap_peap: Continuing EAP-TLS (5) eap_peap: Peer indicated complete TLS record size will be 126 bytes (5) eap_peap: Got complete TLS record (126 bytes) (5) eap_peap: [eaptls verify] = length included (5) eap_peap: <<< recv TLS 1.2 [length 0046] (5) eap_peap: TLS_accept: SSLv3 read client key exchange A (5) eap_peap: <<< recv TLS 1.2 [length 0001] (5) eap_peap: <<< recv TLS 1.2 [length 0010] (5) eap_peap: TLS_accept: SSLv3 read finished A (5) eap_peap: >>> send TLS 1.2 [length 0001] (5) eap_peap: TLS_accept: SSLv3 write change cipher spec A (5) eap_peap: >>> send TLS 1.2 [length 0010] (5) eap_peap: TLS_accept: SSLv3 write finished A (5) eap_peap: TLS_accept: SSLv3 flush data (5) eap_peap: (other): SSL negotiation finished successfully (5) eap_peap: SSL Connection Established (5) eap_peap: [eaptls process] = handled (5) eap: Sending EAP Request (code 1) ID 6 length 57 (5) eap: EAP session adding &reply:State = 0xa68523cba3833adc (5) [eap] = handled (5) } # authenticate = handled (5) Using Post-Auth-Type Challenge (5) Post-Auth-Type sub-section not found. Ignoring. (5) # Executing group from file /etc/freeradius/sites-enabled/default (5) Sent Access-Challenge Id 5 from 127.0.0.1:1812 to 127.0.0.1:38324 length 0 (5) EAP-Message = 0x0106003919001403030001011603030028260eec14593487157836b9501118ea063d58c7e98cb379f88ea7419cc8beb0913eb4084ea59f4ec7 (5) Message-Authenticator = 0x00000000000000000000000000000000 (5) State = 0xa68523cba3833adc7e7bb043b5521a10 (5) Finished request Waking up in 4.9 seconds. (6) Received Access-Request Id 6 from 127.0.0.1:38324 to 127.0.0.1:1812 length 131 (6) User-Name = "test" (6) NAS-IP-Address = 127.0.0.1 (6) Calling-Station-Id = "02-00-00-00-00-01" (6) Framed-MTU = 1400 (6) NAS-Port-Type = Wireless-802.11 (6) Connect-Info = "CONNECT 11Mbps 802.11b" (6) EAP-Message = 0x020600061900 (6) State = 0xa68523cba3833adc7e7bb043b5521a10 (6) Message-Authenticator = 0xa9c1aa9273354eef787b04c1f51c6dd1 (6) session-state: No cached attributes (6) # Executing section authorize from file /etc/freeradius/sites-enabled/default (6) authorize { (6) [preprocess] = ok (6) [chap] = noop (6) [mschap] = noop (6) [digest] = noop (6) suffix: Checking for suffix after "@" (6) suffix: No '@' in User-Name = "test", looking up realm NULL (6) suffix: No such realm "NULL" (6) [suffix] = noop (6) eap: Peer sent EAP Response (code 2) ID 6 length 6 (6) eap: Continuing tunnel setup (6) [eap] = ok (6) } # authorize = ok (6) Found Auth-Type = eap (6) # Executing group from file /etc/freeradius/sites-enabled/default (6) authenticate { (6) eap: Expiring EAP session with state 0xa68523cba3833adc (6) eap: Finished EAP session with state 0xa68523cba3833adc (6) eap: Previous EAP request found for state 0xa68523cba3833adc, released from the list (6) eap: Peer sent packet with method EAP PEAP (25) (6) eap: Calling submodule eap_peap to process data (6) eap_peap: Continuing EAP-TLS (6) eap_peap: Peer ACKed our handshake fragment. handshake is finished (6) eap_peap: [eaptls verify] = success (6) eap_peap: [eaptls process] = success (6) eap_peap: Session established. Decoding tunneled attributes (6) eap_peap: PEAP state TUNNEL ESTABLISHED (6) eap: Sending EAP Request (code 1) ID 7 length 40 (6) eap: EAP session adding &reply:State = 0xa68523cba0823adc (6) [eap] = handled (6) } # authenticate = handled (6) Using Post-Auth-Type Challenge (6) Post-Auth-Type sub-section not found. Ignoring. (6) # Executing group from file /etc/freeradius/sites-enabled/default (6) Sent Access-Challenge Id 6 from 127.0.0.1:1812 to 127.0.0.1:38324 length 0 (6) EAP-Message = 0x010700281900170303001d260eec1459348716dcd84e1b049016871dee5e6971582e526c7f7234f5 (6) Message-Authenticator = 0x00000000000000000000000000000000 (6) State = 0xa68523cba0823adc7e7bb043b5521a10 (6) Finished request Waking up in 4.9 seconds. (7) Received Access-Request Id 7 from 127.0.0.1:38324 to 127.0.0.1:1812 length 165 (7) User-Name = "test" (7) NAS-IP-Address = 127.0.0.1 (7) Calling-Station-Id = "02-00-00-00-00-01" (7) Framed-MTU = 1400 (7) NAS-Port-Type = Wireless-802.11 (7) Connect-Info = "CONNECT 11Mbps 802.11b" (7) EAP-Message = 0x020700281900170303001d34e045351687f90eba586c8db7a35b9241d051cc496c86c5809c009240 (7) State = 0xa68523cba0823adc7e7bb043b5521a10 (7) Message-Authenticator = 0xe6808f99d9cde4096851064eb486018f (7) session-state: No cached attributes (7) # Executing section authorize from file /etc/freeradius/sites-enabled/default (7) authorize { (7) [preprocess] = ok (7) [chap] = noop (7) [mschap] = noop (7) [digest] = noop (7) suffix: Checking for suffix after "@" (7) suffix: No '@' in User-Name = "test", looking up realm NULL (7) suffix: No such realm "NULL" (7) [suffix] = noop (7) eap: Peer sent EAP Response (code 2) ID 7 length 40 (7) eap: Continuing tunnel setup (7) [eap] = ok (7) } # authorize = ok (7) Found Auth-Type = eap (7) # Executing group from file /etc/freeradius/sites-enabled/default (7) authenticate { (7) eap: Expiring EAP session with state 0xa68523cba0823adc (7) eap: Finished EAP session with state 0xa68523cba0823adc (7) eap: Previous EAP request found for state 0xa68523cba0823adc, released from the list (7) eap: Peer sent packet with method EAP PEAP (25) (7) eap: Calling submodule eap_peap to process data (7) eap_peap: Continuing EAP-TLS (7) eap_peap: [eaptls verify] = ok (7) eap_peap: Done initial handshake (7) eap_peap: [eaptls process] = ok (7) eap_peap: Session established. Decoding tunneled attributes (7) eap_peap: PEAP state WAITING FOR INNER IDENTITY (7) eap_peap: Identity - test (7) eap_peap: Got inner identity 'test' (7) eap_peap: Setting default EAP type for tunneled EAP session (7) eap_peap: Got tunneled request (7) eap_peap: EAP-Message = 0x020700090174657374 (7) eap_peap: Setting User-Name to test (7) eap_peap: Sending tunneled request to inner-tunnel (7) eap_peap: EAP-Message = 0x020700090174657374 (7) eap_peap: FreeRADIUS-Proxied-To = 127.0.0.1 (7) eap_peap: User-Name = "test" (7) Virtual server inner-tunnel received request (7) EAP-Message = 0x020700090174657374 (7) FreeRADIUS-Proxied-To = 127.0.0.1 (7) User-Name = "test" (7) WARNING: Outer and inner identities are the same. User privacy is compromised. (7) server inner-tunnel { (7) # Executing section authorize from file /etc/freeradius/sites-enabled/inner-tunnel (7) authorize { (7) [chap] = noop (7) [mschap] = noop (7) suffix: Checking for suffix after "@" (7) suffix: No '@' in User-Name = "test", looking up realm NULL (7) suffix: No such realm "NULL" (7) [suffix] = noop (7) update control { (7) &Proxy-To-Realm := LOCAL (7) } # update control = noop (7) eap: Peer sent EAP Response (code 2) ID 7 length 9 (7) eap: EAP-Identity reply, returning 'ok' so we can short-circuit the rest of authorize (7) [eap] = ok (7) } # authorize = ok (7) Found Auth-Type = eap (7) # Executing group from file /etc/freeradius/sites-enabled/inner-tunnel (7) authenticate { (7) eap: Peer sent packet with method EAP Identity (1) (7) eap: Calling submodule eap_mschapv2 to process data (7) eap_mschapv2: Issuing Challenge (7) eap: Sending EAP Request (code 1) ID 8 length 43 (7) eap: EAP session adding &reply:State = 0x7c7066777c787c6a (7) [eap] = handled (7) } # authenticate = handled (7) } # server inner-tunnel (7) Virtual server sending reply (7) EAP-Message = 0x0108002b1a01080026106905ce69907b7d6ba20f77ee0e93ad6e667265657261646975732d332e302e3131 (7) Message-Authenticator = 0x00000000000000000000000000000000 (7) State = 0x7c7066777c787c6a62c5a9f8e30e2ca1 (7) eap_peap: Got tunneled reply code 11 (7) eap_peap: EAP-Message = 0x0108002b1a01080026106905ce69907b7d6ba20f77ee0e93ad6e667265657261646975732d332e302e3131 (7) eap_peap: Message-Authenticator = 0x00000000000000000000000000000000 (7) eap_peap: State = 0x7c7066777c787c6a62c5a9f8e30e2ca1 (7) eap_peap: Got tunneled reply RADIUS code 11 (7) eap_peap: EAP-Message = 0x0108002b1a01080026106905ce69907b7d6ba20f77ee0e93ad6e667265657261646975732d332e302e3131 (7) eap_peap: Message-Authenticator = 0x00000000000000000000000000000000 (7) eap_peap: State = 0x7c7066777c787c6a62c5a9f8e30e2ca1 (7) eap_peap: Got tunneled Access-Challenge (7) eap: Sending EAP Request (code 1) ID 8 length 74 (7) eap: EAP session adding &reply:State = 0xa68523cba18d3adc (7) [eap] = handled (7) } # authenticate = handled (7) Using Post-Auth-Type Challenge (7) Post-Auth-Type sub-section not found. Ignoring. (7) # Executing group from file /etc/freeradius/sites-enabled/default (7) Sent Access-Challenge Id 7 from 127.0.0.1:1812 to 127.0.0.1:38324 length 0 (7) EAP-Message = 0x0108004a1900170303003f260eec1459348717b1b4e264707bc049f07ed41b289aad192cc05cac8fd35d48ac9687b41b694c9d48eb9ed8dd8ac87c5d2b347520d74a6d4c4de3df3a1d60 (7) Message-Authenticator = 0x00000000000000000000000000000000 (7) State = 0xa68523cba18d3adc7e7bb043b5521a10 (7) Finished request Waking up in 4.9 seconds. (8) Received Access-Request Id 8 from 127.0.0.1:38324 to 127.0.0.1:1812 length 219 (8) User-Name = "test" (8) NAS-IP-Address = 127.0.0.1 (8) Calling-Station-Id = "02-00-00-00-00-01" (8) Framed-MTU = 1400 (8) NAS-Port-Type = Wireless-802.11 (8) Connect-Info = "CONNECT 11Mbps 802.11b" (8) EAP-Message = 0x0208005e1900170303005334e045351687f90f2cc06a6b0a43c8ef990bed01be1f423d2540862198fe1483e8874de627855d332009a666ff22c037b916f74c82bec135bf5b29e445e9e757cd4533f7283d68fe52e60c05fa371e5e36d94c (8) State = 0xa68523cba18d3adc7e7bb043b5521a10 (8) Message-Authenticator = 0x14ee914b560fabd2cbca8b6ae264cb5a (8) session-state: No cached attributes (8) # Executing section authorize from file /etc/freeradius/sites-enabled/default (8) authorize { (8) [preprocess] = ok (8) [chap] = noop (8) [mschap] = noop (8) [digest] = noop (8) suffix: Checking for suffix after "@" (8) suffix: No '@' in User-Name = "test", looking up realm NULL (8) suffix: No such realm "NULL" (8) [suffix] = noop (8) eap: Peer sent EAP Response (code 2) ID 8 length 94 (8) eap: Continuing tunnel setup (8) [eap] = ok (8) } # authorize = ok (8) Found Auth-Type = eap (8) # Executing group from file /etc/freeradius/sites-enabled/default (8) authenticate { (8) eap: Expiring EAP session with state 0x7c7066777c787c6a (8) eap: Finished EAP session with state 0xa68523cba18d3adc (8) eap: Previous EAP request found for state 0xa68523cba18d3adc, released from the list (8) eap: Peer sent packet with method EAP PEAP (25) (8) eap: Calling submodule eap_peap to process data (8) eap_peap: Continuing EAP-TLS (8) eap_peap: [eaptls verify] = ok (8) eap_peap: Done initial handshake (8) eap_peap: [eaptls process] = ok (8) eap_peap: Session established. Decoding tunneled attributes (8) eap_peap: PEAP state phase2 (8) eap_peap: EAP method MSCHAPv2 (26) (8) eap_peap: Got tunneled request (8) eap_peap: EAP-Message = 0x0208003f1a0208003a3107ce11c027214e2ed2c8d683adef00c7000000000000000042271c778f902e9e150a4386a1762c39cbfa0e3bd5921c330074657374 (8) eap_peap: Setting User-Name to test (8) eap_peap: Sending tunneled request to inner-tunnel (8) eap_peap: EAP-Message = 0x0208003f1a0208003a3107ce11c027214e2ed2c8d683adef00c7000000000000000042271c778f902e9e150a4386a1762c39cbfa0e3bd5921c330074657374 (8) eap_peap: FreeRADIUS-Proxied-To = 127.0.0.1 (8) eap_peap: User-Name = "test" (8) eap_peap: State = 0x7c7066777c787c6a62c5a9f8e30e2ca1 (8) Virtual server inner-tunnel received request (8) EAP-Message = 0x0208003f1a0208003a3107ce11c027214e2ed2c8d683adef00c7000000000000000042271c778f902e9e150a4386a1762c39cbfa0e3bd5921c330074657374 (8) FreeRADIUS-Proxied-To = 127.0.0.1 (8) User-Name = "test" (8) State = 0x7c7066777c787c6a62c5a9f8e30e2ca1 (8) WARNING: Outer and inner identities are the same. User privacy is compromised. (8) server inner-tunnel { (8) session-state: No cached attributes (8) # Executing section authorize from file /etc/freeradius/sites-enabled/inner-tunnel (8) authorize { (8) [chap] = noop (8) [mschap] = noop (8) suffix: Checking for suffix after "@" (8) suffix: No '@' in User-Name = "test", looking up realm NULL (8) suffix: No such realm "NULL" (8) [suffix] = noop (8) update control { (8) &Proxy-To-Realm := LOCAL (8) } # update control = noop (8) eap: Peer sent EAP Response (code 2) ID 8 length 63 (8) eap: No EAP Start, assuming it's an on-going EAP conversation (8) [eap] = updated (8) [files] = noop (8) sql: EXPAND %{User-Name} (8) sql: --> test (8) sql: SQL-User-Name set to 'test' rlm_sql (sql): Reserved connection (2) (8) sql: EXPAND SELECT id, username, attribute, value, op FROM radcheck WHERE username = '%{SQL-User-Name}' ORDER BY id (8) sql: --> SELECT id, username, attribute, value, op FROM radcheck WHERE username = 'test' ORDER BY id (8) sql: Executing select query: SELECT id, username, attribute, value, op FROM radcheck WHERE username = 'test' ORDER BY id (8) sql: User found in radcheck table (8) sql: Conditional check items matched, merging assignment check items (8) sql: Cleartext-Password := "test" (8) sql: EXPAND SELECT id, username, attribute, value, op FROM radreply WHERE username = '%{SQL-User-Name}' ORDER BY id (8) sql: --> SELECT id, username, attribute, value, op FROM radreply WHERE username = 'test' ORDER BY id (8) sql: Executing select query: SELECT id, username, attribute, value, op FROM radreply WHERE username = 'test' ORDER BY id (8) sql: EXPAND SELECT groupname FROM radusergroup WHERE username = '%{SQL-User-Name}' ORDER BY priority (8) sql: --> SELECT groupname FROM radusergroup WHERE username = 'test' ORDER BY priority (8) sql: Executing select query: SELECT groupname FROM radusergroup WHERE username = 'test' ORDER BY priority (8) sql: User found in the group table (8) sql: EXPAND SELECT id, groupname, attribute, Value, op FROM radgroupcheck WHERE groupname = '%{SQL-Group}' ORDER BY id (8) sql: --> SELECT id, groupname, attribute, Value, op FROM radgroupcheck WHERE groupname = 'HP-Procurve-Switch' ORDER BY id (8) sql: Executing select query: SELECT id, groupname, attribute, Value, op FROM radgroupcheck WHERE groupname = 'HP-Procurve-Switch' ORDER BY id (8) sql: Group "HP-Procurve-Switch": Conditional check items matched (8) sql: Group "HP-Procurve-Switch": Merging assignment check items (8) sql: EXPAND SELECT id, groupname, attribute, value, op FROM radgroupreply WHERE groupname = '%{SQL-Group}' ORDER BY id (8) sql: --> SELECT id, groupname, attribute, value, op FROM radgroupreply WHERE groupname = 'HP-Procurve-Switch' ORDER BY id (8) sql: Executing select query: SELECT id, groupname, attribute, value, op FROM radgroupreply WHERE groupname = 'HP-Procurve-Switch' ORDER BY id (8) sql: Group "HP-Procurve-Switch": Merging reply items (8) sql: Service-Type = Administrative-User rlm_sql (sql): Released connection (2) (8) [sql] = ok (8) [expiration] = noop (8) [logintime] = noop (8) pap: WARNING: Auth-Type already set. Not setting to PAP (8) [pap] = noop (8) } # authorize = updated (8) Found Auth-Type = eap (8) # Executing group from file /etc/freeradius/sites-enabled/inner-tunnel (8) authenticate { (8) eap: Expiring EAP session with state 0x7c7066777c787c6a (8) eap: Finished EAP session with state 0x7c7066777c787c6a (8) eap: Previous EAP request found for state 0x7c7066777c787c6a, released from the list (8) eap: Peer sent packet with method EAP MSCHAPv2 (26) (8) eap: Calling submodule eap_mschapv2 to process data (8) eap_mschapv2: # Executing group from file /etc/freeradius/sites-enabled/inner-tunnel (8) eap_mschapv2: Auth-Type MS-CHAP { (8) mschap: Found Cleartext-Password, hashing to create NT-Password (8) mschap: Found Cleartext-Password, hashing to create LM-Password (8) mschap: Creating challenge hash with username: test (8) mschap: Client is using MS-CHAPv2 (8) mschap: Adding MS-CHAPv2 MPPE keys (8) [mschap] = ok (8) } # Auth-Type MS-CHAP = ok (8) MSCHAP Success (8) eap: Sending EAP Request (code 1) ID 9 length 51 (8) eap: EAP session adding &reply:State = 0x7c7066777d797c6a (8) [eap] = handled (8) } # authenticate = handled (8) } # server inner-tunnel (8) Virtual server sending reply (8) Service-Type = Administrative-User (8) EAP-Message = 0x010900331a0308002e533d31344343334635423536323646303638324141313945304635364130353430353430383235444144 (8) Message-Authenticator = 0x00000000000000000000000000000000 (8) State = 0x7c7066777d797c6a62c5a9f8e30e2ca1 (8) eap_peap: Got tunneled reply code 11 (8) eap_peap: Service-Type = Administrative-User (8) eap_peap: EAP-Message = 0x010900331a0308002e533d31344343334635423536323646303638324141313945304635364130353430353430383235444144 (8) eap_peap: Message-Authenticator = 0x00000000000000000000000000000000 (8) eap_peap: State = 0x7c7066777d797c6a62c5a9f8e30e2ca1 (8) eap_peap: Got tunneled reply RADIUS code 11 (8) eap_peap: Service-Type = Administrative-User (8) eap_peap: EAP-Message = 0x010900331a0308002e533d31344343334635423536323646303638324141313945304635364130353430353430383235444144 (8) eap_peap: Message-Authenticator = 0x00000000000000000000000000000000 (8) eap_peap: State = 0x7c7066777d797c6a62c5a9f8e30e2ca1 (8) eap_peap: Got tunneled Access-Challenge (8) eap: Sending EAP Request (code 1) ID 9 length 82 (8) eap: EAP session adding &reply:State = 0xa68523cbae8c3adc (8) [eap] = handled (8) } # authenticate = handled (8) Using Post-Auth-Type Challenge (8) Post-Auth-Type sub-section not found. Ignoring. (8) # Executing group from file /etc/freeradius/sites-enabled/default (8) Sent Access-Challenge Id 8 from 127.0.0.1:1812 to 127.0.0.1:38324 length 0 (8) EAP-Message = 0x0109005219001703030047260eec1459348718afb63674d8105521d7fc10d455107f4d50fbf12ec05db268169692a4033d222a676f052ee3685998fd6c1154531c4a4b3b69217d3bb42aaaf861b0274a2558 (8) Message-Authenticator = 0x00000000000000000000000000000000 (8) State = 0xa68523cbae8c3adc7e7bb043b5521a10 (8) Finished request Waking up in 4.9 seconds. (9) Received Access-Request Id 9 from 127.0.0.1:38324 to 127.0.0.1:1812 length 162 (9) User-Name = "test" (9) NAS-IP-Address = 127.0.0.1 (9) Calling-Station-Id = "02-00-00-00-00-01" (9) Framed-MTU = 1400 (9) NAS-Port-Type = Wireless-802.11 (9) Connect-Info = "CONNECT 11Mbps 802.11b" (9) EAP-Message = 0x020900251900170303001a34e045351687f9105dffb4ba8855ba9c11961d13dc3577515a5b (9) State = 0xa68523cbae8c3adc7e7bb043b5521a10 (9) Message-Authenticator = 0x809fa908ce712f6d49461bd02cf2826e (9) session-state: No cached attributes (9) # Executing section authorize from file /etc/freeradius/sites-enabled/default (9) authorize { (9) [preprocess] = ok (9) [chap] = noop (9) [mschap] = noop (9) [digest] = noop (9) suffix: Checking for suffix after "@" (9) suffix: No '@' in User-Name = "test", looking up realm NULL (9) suffix: No such realm "NULL" (9) [suffix] = noop (9) eap: Peer sent EAP Response (code 2) ID 9 length 37 (9) eap: Continuing tunnel setup (9) [eap] = ok (9) } # authorize = ok (9) Found Auth-Type = eap (9) # Executing group from file /etc/freeradius/sites-enabled/default (9) authenticate { (9) eap: Expiring EAP session with state 0x7c7066777d797c6a (9) eap: Finished EAP session with state 0xa68523cbae8c3adc (9) eap: Previous EAP request found for state 0xa68523cbae8c3adc, released from the list (9) eap: Peer sent packet with method EAP PEAP (25) (9) eap: Calling submodule eap_peap to process data (9) eap_peap: Continuing EAP-TLS (9) eap_peap: [eaptls verify] = ok (9) eap_peap: Done initial handshake (9) eap_peap: [eaptls process] = ok (9) eap_peap: Session established. Decoding tunneled attributes (9) eap_peap: PEAP state phase2 (9) eap_peap: EAP method MSCHAPv2 (26) (9) eap_peap: Got tunneled request (9) eap_peap: EAP-Message = 0x020900061a03 (9) eap_peap: Setting User-Name to test (9) eap_peap: Sending tunneled request to inner-tunnel (9) eap_peap: EAP-Message = 0x020900061a03 (9) eap_peap: FreeRADIUS-Proxied-To = 127.0.0.1 (9) eap_peap: User-Name = "test" (9) eap_peap: State = 0x7c7066777d797c6a62c5a9f8e30e2ca1 (9) Virtual server inner-tunnel received request (9) EAP-Message = 0x020900061a03 (9) FreeRADIUS-Proxied-To = 127.0.0.1 (9) User-Name = "test" (9) State = 0x7c7066777d797c6a62c5a9f8e30e2ca1 (9) WARNING: Outer and inner identities are the same. User privacy is compromised. (9) server inner-tunnel { (9) session-state: No cached attributes (9) # Executing section authorize from file /etc/freeradius/sites-enabled/inner-tunnel (9) authorize { (9) [chap] = noop (9) [mschap] = noop (9) suffix: Checking for suffix after "@" (9) suffix: No '@' in User-Name = "test", looking up realm NULL (9) suffix: No such realm "NULL" (9) [suffix] = noop (9) update control { (9) &Proxy-To-Realm := LOCAL (9) } # update control = noop (9) eap: Peer sent EAP Response (code 2) ID 9 length 6 (9) eap: No EAP Start, assuming it's an on-going EAP conversation (9) [eap] = updated (9) [files] = noop (9) sql: EXPAND %{User-Name} (9) sql: --> test (9) sql: SQL-User-Name set to 'test' rlm_sql (sql): Reserved connection (3) (9) sql: EXPAND SELECT id, username, attribute, value, op FROM radcheck WHERE username = '%{SQL-User-Name}' ORDER BY id (9) sql: --> SELECT id, username, attribute, value, op FROM radcheck WHERE username = 'test' ORDER BY id (9) sql: Executing select query: SELECT id, username, attribute, value, op FROM radcheck WHERE username = 'test' ORDER BY id (9) sql: User found in radcheck table (9) sql: Conditional check items matched, merging assignment check items (9) sql: Cleartext-Password := "test" (9) sql: EXPAND SELECT id, username, attribute, value, op FROM radreply WHERE username = '%{SQL-User-Name}' ORDER BY id (9) sql: --> SELECT id, username, attribute, value, op FROM radreply WHERE username = 'test' ORDER BY id (9) sql: Executing select query: SELECT id, username, attribute, value, op FROM radreply WHERE username = 'test' ORDER BY id (9) sql: EXPAND SELECT groupname FROM radusergroup WHERE username = '%{SQL-User-Name}' ORDER BY priority (9) sql: --> SELECT groupname FROM radusergroup WHERE username = 'test' ORDER BY priority (9) sql: Executing select query: SELECT groupname FROM radusergroup WHERE username = 'test' ORDER BY priority (9) sql: User found in the group table (9) sql: EXPAND SELECT id, groupname, attribute, Value, op FROM radgroupcheck WHERE groupname = '%{SQL-Group}' ORDER BY id (9) sql: --> SELECT id, groupname, attribute, Value, op FROM radgroupcheck WHERE groupname = 'HP-Procurve-Switch' ORDER BY id (9) sql: Executing select query: SELECT id, groupname, attribute, Value, op FROM radgroupcheck WHERE groupname = 'HP-Procurve-Switch' ORDER BY id (9) sql: Group "HP-Procurve-Switch": Conditional check items matched (9) sql: Group "HP-Procurve-Switch": Merging assignment check items (9) sql: EXPAND SELECT id, groupname, attribute, value, op FROM radgroupreply WHERE groupname = '%{SQL-Group}' ORDER BY id (9) sql: --> SELECT id, groupname, attribute, value, op FROM radgroupreply WHERE groupname = 'HP-Procurve-Switch' ORDER BY id (9) sql: Executing select query: SELECT id, groupname, attribute, value, op FROM radgroupreply WHERE groupname = 'HP-Procurve-Switch' ORDER BY id (9) sql: Group "HP-Procurve-Switch": Merging reply items (9) sql: Service-Type = Administrative-User rlm_sql (sql): Released connection (3) (9) [sql] = ok (9) [expiration] = noop (9) [logintime] = noop (9) pap: WARNING: Auth-Type already set. Not setting to PAP (9) [pap] = noop (9) } # authorize = updated (9) Found Auth-Type = eap (9) # Executing group from file /etc/freeradius/sites-enabled/inner-tunnel (9) authenticate { (9) eap: Expiring EAP session with state 0x7c7066777d797c6a (9) eap: Finished EAP session with state 0x7c7066777d797c6a (9) eap: Previous EAP request found for state 0x7c7066777d797c6a, released from the list (9) eap: Peer sent packet with method EAP MSCHAPv2 (26) (9) eap: Calling submodule eap_mschapv2 to process data (9) eap: Sending EAP Success (code 3) ID 9 length 4 (9) eap: Freeing handler (9) [eap] = ok (9) } # authenticate = ok (9) # Executing section post-auth from file /etc/freeradius/sites-enabled/inner-tunnel (9) post-auth { (9) sql: EXPAND .query (9) sql: --> .query (9) sql: Using query template 'query' rlm_sql (sql): Reserved connection (4) (9) sql: EXPAND %{User-Name} (9) sql: --> test (9) sql: SQL-User-Name set to 'test' (9) sql: EXPAND INSERT INTO radpostauth (username, pass, reply, authdate) VALUES ( '%{SQL-User-Name}', '%{%{User-Password}:-%{Chap-Password}}', '%{reply:Packet-Type}', '%S') (9) sql: --> INSERT INTO radpostauth (username, pass, reply, authdate) VALUES ( 'test', '', 'Access-Accept', '2016-02-29 11:54:39') (9) sql: Executing query: INSERT INTO radpostauth (username, pass, reply, authdate) VALUES ( 'test', '', 'Access-Accept', '2016-02-29 11:54:39') (9) sql: SQL query returned: success (9) sql: 1 record(s) updated rlm_sql (sql): Released connection (4) (9) [sql] = ok (9) } # post-auth = ok (9) } # server inner-tunnel (9) Virtual server sending reply (9) Service-Type = Administrative-User (9) MS-MPPE-Encryption-Policy = Encryption-Allowed (9) MS-MPPE-Encryption-Types = RC4-40or128-bit-Allowed (9) MS-MPPE-Send-Key = 0xa91cd28e1a82764d6ef1321561809e1a (9) MS-MPPE-Recv-Key = 0x91374b0f963a1bbd4254d3dd3c88b518 (9) EAP-Message = 0x03090004 (9) Message-Authenticator = 0x00000000000000000000000000000000 (9) User-Name = "test" (9) eap_peap: Got tunneled reply code 2 (9) eap_peap: Service-Type = Administrative-User (9) eap_peap: MS-MPPE-Encryption-Policy = Encryption-Allowed (9) eap_peap: MS-MPPE-Encryption-Types = RC4-40or128-bit-Allowed (9) eap_peap: MS-MPPE-Send-Key = 0xa91cd28e1a82764d6ef1321561809e1a (9) eap_peap: MS-MPPE-Recv-Key = 0x91374b0f963a1bbd4254d3dd3c88b518 (9) eap_peap: EAP-Message = 0x03090004 (9) eap_peap: Message-Authenticator = 0x00000000000000000000000000000000 (9) eap_peap: User-Name = "test" (9) eap_peap: Got tunneled reply RADIUS code 2 (9) eap_peap: Service-Type = Administrative-User (9) eap_peap: MS-MPPE-Encryption-Policy = Encryption-Allowed (9) eap_peap: MS-MPPE-Encryption-Types = RC4-40or128-bit-Allowed (9) eap_peap: MS-MPPE-Send-Key = 0xa91cd28e1a82764d6ef1321561809e1a (9) eap_peap: MS-MPPE-Recv-Key = 0x91374b0f963a1bbd4254d3dd3c88b518 (9) eap_peap: EAP-Message = 0x03090004 (9) eap_peap: Message-Authenticator = 0x00000000000000000000000000000000 (9) eap_peap: User-Name = "test" (9) eap_peap: Tunneled authentication was successful (9) eap_peap: SUCCESS (9) eap: Sending EAP Request (code 1) ID 10 length 46 (9) eap: EAP session adding &reply:State = 0xa68523cbaf8f3adc (9) [eap] = handled (9) } # authenticate = handled (9) Using Post-Auth-Type Challenge (9) Post-Auth-Type sub-section not found. Ignoring. (9) # Executing group from file /etc/freeradius/sites-enabled/default (9) Sent Access-Challenge Id 9 from 127.0.0.1:1812 to 127.0.0.1:38324 length 0 (9) EAP-Message = 0x010a002e19001703030023260eec1459348719789e5e77ebbe5a17bd671cd80945f43385b8938e438e6a6f8a98fe (9) Message-Authenticator = 0x00000000000000000000000000000000 (9) State = 0xa68523cbaf8f3adc7e7bb043b5521a10 (9) Finished request Waking up in 4.9 seconds. (10) Received Access-Request Id 10 from 127.0.0.1:38324 to 127.0.0.1:1812 length 171 (10) User-Name = "test" (10) NAS-IP-Address = 127.0.0.1 (10) Calling-Station-Id = "02-00-00-00-00-01" (10) Framed-MTU = 1400 (10) NAS-Port-Type = Wireless-802.11 (10) Connect-Info = "CONNECT 11Mbps 802.11b" (10) EAP-Message = 0x020a002e1900170303002334e045351687f911955f9e0ddb302000a1de761dcda72c971fa72b98c707f9b1826675 (10) State = 0xa68523cbaf8f3adc7e7bb043b5521a10 (10) Message-Authenticator = 0xaa92a442092571401ec562df4399899d (10) session-state: No cached attributes (10) # Executing section authorize from file /etc/freeradius/sites-enabled/default (10) authorize { (10) [preprocess] = ok (10) [chap] = noop (10) [mschap] = noop (10) [digest] = noop (10) suffix: Checking for suffix after "@" (10) suffix: No '@' in User-Name = "test", looking up realm NULL (10) suffix: No such realm "NULL" (10) [suffix] = noop (10) eap: Peer sent EAP Response (code 2) ID 10 length 46 (10) eap: Continuing tunnel setup (10) [eap] = ok (10) } # authorize = ok (10) Found Auth-Type = eap (10) # Executing group from file /etc/freeradius/sites-enabled/default (10) authenticate { (10) eap: Expiring EAP session with state 0xa68523cbaf8f3adc (10) eap: Finished EAP session with state 0xa68523cbaf8f3adc (10) eap: Previous EAP request found for state 0xa68523cbaf8f3adc, released from the list (10) eap: Peer sent packet with method EAP PEAP (25) (10) eap: Calling submodule eap_peap to process data (10) eap_peap: Continuing EAP-TLS (10) eap_peap: [eaptls verify] = ok (10) eap_peap: Done initial handshake (10) eap_peap: [eaptls process] = ok (10) eap_peap: Session established. Decoding tunneled attributes (10) eap_peap: PEAP state send tlv success (10) eap_peap: Received EAP-TLV response (10) eap_peap: Success (10) eap_peap: No information to cache: session caching will be disabled for session 0c307b1665e9b4501860575573ab8813b8b8039fd2349c1a8f416e8a16e065bf (10) eap: Sending EAP Success (code 3) ID 10 length 4 (10) eap: Freeing handler (10) [eap] = ok (10) } # authenticate = ok (10) # Executing section post-auth from file /etc/freeradius/sites-enabled/default (10) post-auth { (10) update { (10) No attributes updated (10) } # update = noop (10) sql: EXPAND .query (10) sql: --> .query (10) sql: Using query template 'query' rlm_sql (sql): Reserved connection (0) (10) sql: EXPAND %{User-Name} (10) sql: --> test (10) sql: SQL-User-Name set to 'test' (10) sql: EXPAND INSERT INTO radpostauth (username, pass, reply, authdate) VALUES ( '%{SQL-User-Name}', '%{%{User-Password}:-%{Chap-Password}}', '%{reply:Packet-Type}', '%S') (10) sql: --> INSERT INTO radpostauth (username, pass, reply, authdate) VALUES ( 'test', '', 'Access-Accept', '2016-02-29 11:54:39') (10) sql: Executing query: INSERT INTO radpostauth (username, pass, reply, authdate) VALUES ( 'test', '', 'Access-Accept', '2016-02-29 11:54:39') (10) sql: SQL query returned: success (10) sql: 1 record(s) updated rlm_sql (sql): Released connection (0) (10) [sql] = ok (10) [exec] = noop (10) policy remove_reply_message_if_eap { (10) if (&reply:EAP-Message && &reply:Reply-Message) { (10) if (&reply:EAP-Message && &reply:Reply-Message) -> FALSE (10) else { (10) [noop] = noop (10) } # else = noop (10) } # policy remove_reply_message_if_eap = noop (10) } # post-auth = ok (10) Sent Access-Accept Id 10 from 127.0.0.1:1812 to 127.0.0.1:38324 length 0 (10) MS-MPPE-Recv-Key = 0x8e28a01ba54fcd2b4257211dfe09f542c321fde945f25d2c734c92fcac1fa7e3 (10) MS-MPPE-Send-Key = 0x3c4ad895682d7d978a63e9511f5c82ca52cf6990f720c0a90c60b838bae91925 (10) EAP-Message = 0x030a0004 (10) Message-Authenticator = 0x00000000000000000000000000000000 (10) User-Name = "test" (10) Finished request Waking up in 4.9 seconds. (0) Cleaning up request packet ID 0 with timestamp +5 (1) Cleaning up request packet ID 1 with timestamp +5 (2) Cleaning up request packet ID 2 with timestamp +5 (3) Cleaning up request packet ID 3 with timestamp +5 (4) Cleaning up request packet ID 4 with timestamp +5 (5) Cleaning up request packet ID 5 with timestamp +5 (6) Cleaning up request packet ID 6 with timestamp +5 (7) Cleaning up request packet ID 7 with timestamp +5 (8) Cleaning up request packet ID 8 with timestamp +5 (9) Cleaning up request packet ID 9 with timestamp +5 (10) Cleaning up request packet ID 10 with timestamp +5 Ready to process requests It's a accept reply without the service-type. But i need this at the accept reply. In principle it seems to work fine. -----Ursprüngliche Nachricht----- Von: Freeradius-Users [mailto:freeradius-users-bounces+jonas.kiefer=classen.de@lists.freeradius.org] Im Auftrag von A.L.M.Buxey@lboro.ac.uk Gesendet: Montag, 29. Februar 2016 11:28 An: FreeRadius users mailing list <freeradius-users@lists.freeradius.org> Betreff: Re: freeradius 3 + mysql configure Hi,
I got a prebuilt copy from https://github.com/CESNET/rad_eap_test/raw/master/bin/eapol_test, then install libnl-3-200, libnl-genl-3-200, libpcsclite1 using apt-get.
eapol_test is part of wpa_supplicant. most sensible distros now provide the eapol_test util as part of that package (dumber ones dont do you need to compile eapol_test yourself after getting latest wpa_supplicant source code) if you need to compile, then the libnl packages are important (main library AND the development headers/includes - libnl-dev or libnl-3-dev or whatever they may be on your distro.....) alan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
hi "It's a accept reply without the service-type." - yep, you gleaned that bit. now, why you dont see the service-type? probably because that is being put into the inner-tunnel and you have to expose it to the outer tunnel reply - see examples in the configs alan
Hi, OK after i set copy_request_to_tunnel = yes & use_tunneled_reply = yes in peap section of the eap config file it works as i imagine with. But with the Procurve switch it stops after the 4th request. But why? Best regards jonas -----Ursprüngliche Nachricht----- Von: Freeradius-Users [mailto:freeradius-users-bounces+jonas.kiefer=classen.de@lists.freeradius.org] Im Auftrag von A.L.M.Buxey@lboro.ac.uk Gesendet: Montag, 29. Februar 2016 14:18 An: FreeRadius users mailing list <freeradius-users@lists.freeradius.org> Betreff: Re: freeradius 3 + mysql configure hi "It's a accept reply without the service-type." - yep, you gleaned that bit. now, why you dont see the service-type? probably because that is being put into the inner-tunnel and you have to expose it to the outer tunnel reply - see examples in the configs alan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Hi,
OK after i set copy_request_to_tunnel = yes & use_tunneled_reply = yes in peap section of the eap config file it works as i imagine with. But with the Procurve switch it stops after the 4th request. But why?
upgrade firmware on the device, turn on debugging on the switch to see what its doing or not liking? alan
Hi, thats the dubug output from the procurve: 0000:00:14:48.40 IP mIpAdMCtrl:IPM_NBR_STALE_ALARM: [ 13 reps ] 0000:00:14:49.33 IP mIpAdMCtrl:IPS_AGE_TIMER: 0000:00:14:50.21 LLDP mlldpCtrl: lldp refresh pkt sent out port : 9 0000:00:14:51.10 SNMP mSnmpEvt:Received SNMP_COLDSTART_TIMER_indic message 0000:00:15:11.10 SNMP mSnmpEvt:Received SNMP_COLDSTART_TIMER_indic message 0000:00:15:15.35 LLDP mlldpCtrl: lldp pkt received on port : 9 0000:00:15:15.35 LLDP mlldpCtrl: refresh frame on port : 9. Updating neighbor data ... 0000:00:15:15.35 LLDP mlldpCtrl: lldp : no more MED neighbors 0000:00:15:15.47 IP mIpPktRecv:s=client_IP_jonas(switch_vlan) d=procurve_switch_ip recv 0000:00:15:15.47 IP mIpPktRecv:s=procurve_switch_ip d=client_IP_jonas(switch_vlan) g=192.168.6.254 xmit 0000:00:15:15.48 IP mIpPktRecv:s=client_IP_jonas(switch_vlan) d=procurve_switch_ip recv 0000:00:15:15.48 IP InetServer:s=procurve_switch_ip d=client_IP_jonas(switch_vlan) g=192.168.6.254 xmit 0000:00:15:15.48 IP mIpPktRecv:s=client_IP_jonas(switch_vlan) d=procurve_switch_ip recv 0000:00:15:15.48 IP mIpPktRecv:s=client_IP_jonas(switch_vlan) d=procurve_switch_ip recv 0000:00:15:15.48 IP mIpPktRecv:s=procurve_switch_ip d=client_IP_jonas(switch_vlan) g=192.168.6.254 xmit 0000:00:15:15.53 IP mIpPktRecv:s=client_IP_jonas(switch_vlan) d=procurve_switch_ip recv 0000:00:15:15.73 IP InetServer:s=procurve_switch_ip d=client_IP_jonas(switch_vlan) g=192.168.6.254 xmit 0000:00:15:16.19 IP InetServer:s=procurve_switch_ip d=client_IP_jonas(switch_vlan) g=192.168.6.254 xmit 0000:00:15:16.24 IP mIpPktRecv:s=client_IP_jonas(switch_vlan) d=procurve_switch_ip recv 0000:00:15:16.24 IP mIpPktRecv:s=procurve_switch_ip d=client_IP_jonas(switch_vlan) g=192.168.6.254 xmit 0000:00:15:16.24 IP mIpPktRecv:s=client_IP_jonas(switch_vlan) d=procurve_switch_ip recv 0000:00:15:16.24 IP InetServer:s=procurve_switch_ip d=client_IP_jonas(switch_vlan) g=192.168.6.254 xmit 0000:00:15:16.29 IP mIpPktRecv:s=client_IP_jonas(switch_vlan) d=procurve_switch_ip recv 0000:00:15:18.01 IP mIpPktRecv:s=client_IP_jonas(switch_vlan) d=procurve_switch_ip recv 0000:00:15:18.01 LOGA tSsh0:user_login_lookup: name='test' addr=client_IP_jonas priv=noauth status=SUCCESS 0000:00:15:18.01 IP InetServer:s=procurve_switch_ip d=client_IP_jonas(switch_vlan) g=192.168.6.254 xmit 0000:00:15:18.06 IP mIpPktRecv:s=client_IP_jonas(switch_vlan) d=procurve_switch_ip recv 0000:00:15:19.59 IP mIpPktRecv:s=client_IP_jonas(switch_vlan) d=procurve_switch_ip recv 0000:00:15:19.60 RAD mRadiusCtrl:Received RADIUS MSG: AUTH REQUEST, session: 7, access method: SSH. 0000:00:15:19.60 LOGA mSshAlrm:user_login_lookup: name='test' addr=client_IP_jonas priv=noauth status=SUCCESS 0000:00:15:19.60 RAD mRadiusCtrl:Received RADIUS MSG: DATA, session: 7. 0000:00:15:19.60 RAD mRadiusCtrl:Received RADIUS MSG: DATA, session: 7. 0000:00:15:19.60 IP InetServer:s=procurve_switch_ip d=radius_server_ip(switch_vlan) g=192.168.6.254 xmit 0000:00:15:19.60 RAD mRadiusCtrl:ACCESS REQUEST id: 18 to radius_server_ip session: 7, access method: SSH, User-Name: test, Calling-Station-Id: client_IP_jonas, NAS-IP-Address: 211.6.168.192. 0000:00:15:19.60 IP mIpPktRecv:s=radius_server_ip(switch_vlan) d=procurve_switch_ip recv 0000:00:15:19.60 RAD tRadiusR:ACCESS CHALLENGE id: 18 from radius_server_ip received. 0000:00:15:19.60 IP InetServer:s=procurve_switch_ip d=radius_server_ip(switch_vlan) g=192.168.6.254 xmit 0000:00:15:19.60 RAD tRadiusR:ACCESS REQUEST id: 19 to radius_server_ip session: 7, access method: SSH, User-Name: test, Calling-Station-Id: client_IP_jonas, NAS-IP-Address: 211.6.168.192. 0000:00:15:19.61 IP mIpPktRecv:s=radius_server_ip(switch_vlan) d=procurve_switch_ip recv 0000:00:15:19.61 RAD tRadiusR:ACCESS CHALLENGE id: 19 from radius_server_ip received. 0000:00:15:19.61 IP InetServer:s=procurve_switch_ip d=radius_server_ip(switch_vlan) g=192.168.6.254 xmit 0000:00:15:19.61 RAD tRadiusR:ACCESS REQUEST id: 20 to radius_server_ip session: 7, access method: SSH, User-Name: test, Calling-Station-Id: client_IP_jonas, NAS-IP-Address: 211.6.168.192. 0000:00:15:19.61 IP mIpPktRecv:s=radius_server_ip(switch_vlan) d=procurve_switch_ip recv 0000:00:15:19.61 RAD tRadiusR:ACCESS CHALLENGE id: 20 from radius_server_ip received. 0000:00:15:19.61 IP InetServer:s=procurve_switch_ip d=radius_server_ip(switch_vlan) g=192.168.6.254 xmit 0000:00:15:19.61 RAD tRadiusR:ACCESS REQUEST id: 21 to radius_server_ip session: 7, access method: SSH, User-Name: test, Calling-Station-Id: client_IP_jonas, NAS-IP-Address: 211.6.168.192. 0000:00:15:19.61 IP mIpPktRecv:s=radius_server_ip(switch_vlan) d=procurve_switch_ip recv 0000:00:15:19.61 RAD tRadiusR:ACCESS CHALLENGE id: 21 from radius_server_ip received. 0000:00:15:19.61 IP InetServer:s=procurve_switch_ip d=radius_server_ip(switch_vlan) g=192.168.6.254 xmit 0000:00:15:19.62 RAD tRadiusR:ACCESS REQUEST id: 22 to radius_server_ip session: 7, access method: SSH, User-Name: test, Calling-Station-Id: client_IP_jonas, NAS-IP-Address: 211.6.168.192. 0000:00:15:19.62 RAD tRadiusR:ACCESS CHALLENGE id: 22 from radius_server_ip received. 0000:00:15:19.62 LOGA tRadiusR:user_login_lookup: name='test' addr=client_IP_jonas priv=none status=FAILURE 0000:00:15:19.62 RAD tRadiusR:Removing RADIUS REQUEST id: 22 from queue. 0000:00:15:20.25 LLDP mlldpCtrl: lldp refresh pkt sent out port : 9 0000:00:15:23.13 IP mIpAdMCtrl:IPM_NBR_STALE_ALARM: [ 11 reps ] 0000:00:15:23.30 IP mIpAdMCtrl:IPM_GENMSG: count=1 pending=1 source=local next.msgId=0 0000:00:15:23.30 IP mIpAdMCtrl: IP_ARPADD: flags=0x0 vrf=0 ip=192.168.6.251 ifIndex=207 vlan=2 vid=106 lport=0 mac=000000-000000 &pkt=0 &hcEntry=0 0000:00:15:23.30 IP mIpAdMCtrl:IPM_GENMSG: count=1 pending=1 source=local next.msgId=0 0000:00:15:23.30 IP mIpAdMCtrl: IP_ARPUPDATE: flags=0xc icmpType=136 vrf=0 ip=192.168.6.251 ifIndex=207 mac=000496-8fe99f port=9,9 0000:00:15:25.33 IP mIpAdMCtrl:IPS_AGE_TIMER: ** Total debug messages = 74 I see only at line 0000:00:15:19.62 LOGA a failure. I can not do anything with it.. Now i trie a firmware update -----Ursprüngliche Nachricht----- Von: Freeradius-Users [mailto:freeradius-users-bounces+jonas.kiefer=classen.de@lists.freeradius.org] Im Auftrag von A.L.M.Buxey@lboro.ac.uk Gesendet: Montag, 29. Februar 2016 15:26 An: FreeRadius users mailing list <freeradius-users@lists.freeradius.org> Betreff: Re: freeradius 3 + mysql configure Hi,
OK after i set copy_request_to_tunnel = yes & use_tunneled_reply = yes in peap section of the eap config file it works as i imagine with. But with the Procurve switch it stops after the 4th request. But why?
upgrade firmware on the device, turn on debugging on the switch to see what its doing or not liking? alan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Hi freeradius-users, after the firmware-update of the switch it works fine now. Thanks for your help! Best regards jonas -----Ursprüngliche Nachricht----- Von: Freeradius-Users [mailto:freeradius-users-bounces+jonas.kiefer=classen.de@lists.freeradius.org] Im Auftrag von Kiefer, Jonas Gesendet: Montag, 29. Februar 2016 16:11 An: FreeRadius users mailing list <freeradius-users@lists.freeradius.org> Betreff: AW: freeradius 3 + mysql configure Hi, thats the dubug output from the procurve: 0000:00:14:48.40 IP mIpAdMCtrl:IPM_NBR_STALE_ALARM: [ 13 reps ] 0000:00:14:49.33 IP mIpAdMCtrl:IPS_AGE_TIMER: 0000:00:14:50.21 LLDP mlldpCtrl: lldp refresh pkt sent out port : 9 0000:00:14:51.10 SNMP mSnmpEvt:Received SNMP_COLDSTART_TIMER_indic message 0000:00:15:11.10 SNMP mSnmpEvt:Received SNMP_COLDSTART_TIMER_indic message 0000:00:15:15.35 LLDP mlldpCtrl: lldp pkt received on port : 9 0000:00:15:15.35 LLDP mlldpCtrl: refresh frame on port : 9. Updating neighbor data ... 0000:00:15:15.35 LLDP mlldpCtrl: lldp : no more MED neighbors 0000:00:15:15.47 IP mIpPktRecv:s=client_IP_jonas(switch_vlan) d=procurve_switch_ip recv 0000:00:15:15.47 IP mIpPktRecv:s=procurve_switch_ip d=client_IP_jonas(switch_vlan) g=192.168.6.254 xmit 0000:00:15:15.48 IP mIpPktRecv:s=client_IP_jonas(switch_vlan) d=procurve_switch_ip recv 0000:00:15:15.48 IP InetServer:s=procurve_switch_ip d=client_IP_jonas(switch_vlan) g=192.168.6.254 xmit 0000:00:15:15.48 IP mIpPktRecv:s=client_IP_jonas(switch_vlan) d=procurve_switch_ip recv 0000:00:15:15.48 IP mIpPktRecv:s=client_IP_jonas(switch_vlan) d=procurve_switch_ip recv 0000:00:15:15.48 IP mIpPktRecv:s=procurve_switch_ip d=client_IP_jonas(switch_vlan) g=192.168.6.254 xmit 0000:00:15:15.53 IP mIpPktRecv:s=client_IP_jonas(switch_vlan) d=procurve_switch_ip recv 0000:00:15:15.73 IP InetServer:s=procurve_switch_ip d=client_IP_jonas(switch_vlan) g=192.168.6.254 xmit 0000:00:15:16.19 IP InetServer:s=procurve_switch_ip d=client_IP_jonas(switch_vlan) g=192.168.6.254 xmit 0000:00:15:16.24 IP mIpPktRecv:s=client_IP_jonas(switch_vlan) d=procurve_switch_ip recv 0000:00:15:16.24 IP mIpPktRecv:s=procurve_switch_ip d=client_IP_jonas(switch_vlan) g=192.168.6.254 xmit 0000:00:15:16.24 IP mIpPktRecv:s=client_IP_jonas(switch_vlan) d=procurve_switch_ip recv 0000:00:15:16.24 IP InetServer:s=procurve_switch_ip d=client_IP_jonas(switch_vlan) g=192.168.6.254 xmit 0000:00:15:16.29 IP mIpPktRecv:s=client_IP_jonas(switch_vlan) d=procurve_switch_ip recv 0000:00:15:18.01 IP mIpPktRecv:s=client_IP_jonas(switch_vlan) d=procurve_switch_ip recv 0000:00:15:18.01 LOGA tSsh0:user_login_lookup: name='test' addr=client_IP_jonas priv=noauth status=SUCCESS 0000:00:15:18.01 IP InetServer:s=procurve_switch_ip d=client_IP_jonas(switch_vlan) g=192.168.6.254 xmit 0000:00:15:18.06 IP mIpPktRecv:s=client_IP_jonas(switch_vlan) d=procurve_switch_ip recv 0000:00:15:19.59 IP mIpPktRecv:s=client_IP_jonas(switch_vlan) d=procurve_switch_ip recv 0000:00:15:19.60 RAD mRadiusCtrl:Received RADIUS MSG: AUTH REQUEST, session: 7, access method: SSH. 0000:00:15:19.60 LOGA mSshAlrm:user_login_lookup: name='test' addr=client_IP_jonas priv=noauth status=SUCCESS 0000:00:15:19.60 RAD mRadiusCtrl:Received RADIUS MSG: DATA, session: 7. 0000:00:15:19.60 RAD mRadiusCtrl:Received RADIUS MSG: DATA, session: 7. 0000:00:15:19.60 IP InetServer:s=procurve_switch_ip d=radius_server_ip(switch_vlan) g=192.168.6.254 xmit 0000:00:15:19.60 RAD mRadiusCtrl:ACCESS REQUEST id: 18 to radius_server_ip session: 7, access method: SSH, User-Name: test, Calling-Station-Id: client_IP_jonas, NAS-IP-Address: 211.6.168.192. 0000:00:15:19.60 IP mIpPktRecv:s=radius_server_ip(switch_vlan) d=procurve_switch_ip recv 0000:00:15:19.60 RAD tRadiusR:ACCESS CHALLENGE id: 18 from radius_server_ip received. 0000:00:15:19.60 IP InetServer:s=procurve_switch_ip d=radius_server_ip(switch_vlan) g=192.168.6.254 xmit 0000:00:15:19.60 RAD tRadiusR:ACCESS REQUEST id: 19 to radius_server_ip session: 7, access method: SSH, User-Name: test, Calling-Station-Id: client_IP_jonas, NAS-IP-Address: 211.6.168.192. 0000:00:15:19.61 IP mIpPktRecv:s=radius_server_ip(switch_vlan) d=procurve_switch_ip recv 0000:00:15:19.61 RAD tRadiusR:ACCESS CHALLENGE id: 19 from radius_server_ip received. 0000:00:15:19.61 IP InetServer:s=procurve_switch_ip d=radius_server_ip(switch_vlan) g=192.168.6.254 xmit 0000:00:15:19.61 RAD tRadiusR:ACCESS REQUEST id: 20 to radius_server_ip session: 7, access method: SSH, User-Name: test, Calling-Station-Id: client_IP_jonas, NAS-IP-Address: 211.6.168.192. 0000:00:15:19.61 IP mIpPktRecv:s=radius_server_ip(switch_vlan) d=procurve_switch_ip recv 0000:00:15:19.61 RAD tRadiusR:ACCESS CHALLENGE id: 20 from radius_server_ip received. 0000:00:15:19.61 IP InetServer:s=procurve_switch_ip d=radius_server_ip(switch_vlan) g=192.168.6.254 xmit 0000:00:15:19.61 RAD tRadiusR:ACCESS REQUEST id: 21 to radius_server_ip session: 7, access method: SSH, User-Name: test, Calling-Station-Id: client_IP_jonas, NAS-IP-Address: 211.6.168.192. 0000:00:15:19.61 IP mIpPktRecv:s=radius_server_ip(switch_vlan) d=procurve_switch_ip recv 0000:00:15:19.61 RAD tRadiusR:ACCESS CHALLENGE id: 21 from radius_server_ip received. 0000:00:15:19.61 IP InetServer:s=procurve_switch_ip d=radius_server_ip(switch_vlan) g=192.168.6.254 xmit 0000:00:15:19.62 RAD tRadiusR:ACCESS REQUEST id: 22 to radius_server_ip session: 7, access method: SSH, User-Name: test, Calling-Station-Id: client_IP_jonas, NAS-IP-Address: 211.6.168.192. 0000:00:15:19.62 RAD tRadiusR:ACCESS CHALLENGE id: 22 from radius_server_ip received. 0000:00:15:19.62 LOGA tRadiusR:user_login_lookup: name='test' addr=client_IP_jonas priv=none status=FAILURE 0000:00:15:19.62 RAD tRadiusR:Removing RADIUS REQUEST id: 22 from queue. 0000:00:15:20.25 LLDP mlldpCtrl: lldp refresh pkt sent out port : 9 0000:00:15:23.13 IP mIpAdMCtrl:IPM_NBR_STALE_ALARM: [ 11 reps ] 0000:00:15:23.30 IP mIpAdMCtrl:IPM_GENMSG: count=1 pending=1 source=local next.msgId=0 0000:00:15:23.30 IP mIpAdMCtrl: IP_ARPADD: flags=0x0 vrf=0 ip=192.168.6.251 ifIndex=207 vlan=2 vid=106 lport=0 mac=000000-000000 &pkt=0 &hcEntry=0 0000:00:15:23.30 IP mIpAdMCtrl:IPM_GENMSG: count=1 pending=1 source=local next.msgId=0 0000:00:15:23.30 IP mIpAdMCtrl: IP_ARPUPDATE: flags=0xc icmpType=136 vrf=0 ip=192.168.6.251 ifIndex=207 mac=000496-8fe99f port=9,9 0000:00:15:25.33 IP mIpAdMCtrl:IPS_AGE_TIMER: ** Total debug messages = 74 I see only at line 0000:00:15:19.62 LOGA a failure. I can not do anything with it.. Now i trie a firmware update -----Ursprüngliche Nachricht----- Von: Freeradius-Users [mailto:freeradius-users-bounces+jonas.kiefer=classen.de@lists.freeradius.org] Im Auftrag von A.L.M.Buxey@lboro.ac.uk Gesendet: Montag, 29. Februar 2016 15:26 An: FreeRadius users mailing list <freeradius-users@lists.freeradius.org> Betreff: Re: freeradius 3 + mysql configure Hi,
OK after i set copy_request_to_tunnel = yes & use_tunneled_reply = yes in peap section of the eap config file it works as i imagine with. But with the Procurve switch it stops after the 4th request. But why?
upgrade firmware on the device, turn on debugging on the switch to see what its doing or not liking? alan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
participants (3)
-
A.L.M.Buxey@lboro.ac.uk -
Fajar A. Nugraha -
Kiefer, Jonas