Help with Freeradius + MySQL Problem....
Hi to all I have the following problem with my FreeRADIUS 2.1.8 + MySQL 5.0.75-0ubuntu10.2 I configure my Freeradius in the most basic configuration like You recommend in your SQL HOWTO and I can Authenticate an user whit the users file and everithing runs very well with all my users .... Now I configure It with MySQL and My Freeradius is talking with MySQL but I Can't get an Access-Accept to my users If I run a radtest, I can have an Access-Accept but when I run with my Laptop using Windows XP SP3 I only have an Access-Reject... This is my radiusd -X output, when I run my radtest and I can get an Access-Accept root@servidor1-desktop:/usr/local/etc/raddb# radtest alexmoon prueba 127.0.0.1 1812 testing123 rad_recv: Access-Request packet from host 127.0.0.1 port 32878, id=165, length=60 User-Name = "alexmoon" User-Password = "prueba" NAS-IP-Address = 127.0.1.1 NAS-Port = 1812 +- entering group authorize {...} ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop [suffix] No '@' in User-Name = "alexmoon", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop [eap] No EAP-Message, not doing EAP ++[eap] returns noop ++[unix] returns notfound ++[files] returns noop [sql] expand: %{User-Name} -> alexmoon [sql] sql_set_user escaped user --> 'alexmoon' rlm_sql (sql): Reserving sql socket id: 4 [sql] expand: SELECT id, username, attribute, value, op FROM radcheck WHERE username = '%{SQL-User-Name}' ORDER BY id -> SELECT id, username, attribute, value, op FROM radcheck WHERE username = 'alexmoon' ORDER BY id [sql] User found in radcheck table [sql] expand: SELECT id, username, attribute, value, op FROM radreply WHERE username = '%{SQL-User-Name}' ORDER BY id -> SELECT id, username, attribute, value, op FROM radreply WHERE username = 'alexmoon' ORDER BY id [sql] expand: SELECT groupname FROM radusergroup WHERE username = '%{SQL-User-Name}' ORDER BY priority -> SELECT groupname FROM radusergroup WHERE username = 'alexmoon' ORDER BY priority [sql] expand: SELECT id, groupname, attribute, Value, op FROM radgroupcheck WHERE groupname = '%{Sql-Group}' ORDER BY id -> SELECT id, groupname, attribute, Value, op FROM radgroupcheck WHERE groupname = 'dynamic' ORDER BY id [sql] User found in group dynamic [sql] expand: SELECT id, groupname, attribute, value, op FROM radgroupreply WHERE groupname = '%{Sql-Group}' ORDER BY id -> SELECT id, groupname, attribute, value, op FROM radgroupreply WHERE groupname = 'dynamic' ORDER BY id rlm_sql (sql): Released sql socket id: 4 ++[sql] returns ok ++[expiration] returns noop ++[logintime] returns noop ++[pap] returns updated Found Auth-Type = PAP +- entering group PAP {...} [pap] login attempt with password "prueba" [pap] Using clear text password "prueba" [pap] User authenticated successfully ++[pap] returns ok +- entering group post-auth {...} ++[exec] returns noop Sending Access-Accept of id 165 to 127.0.0.1 port 32878 Service-Type := Framed-User Framed-Protocol := PPP Framed-Compression := Van-Jacobson-TCP-IP Framed-MTU := 1500 Finished request 0. Going to the next request Waking up in 4.9 seconds. Cleaning up request 0 ID 165 with timestamp +129 Ready to process requests. ################################################################################################ And this is my radiusd -X Output with the same user when I try to authenticate my laptop, is a very large output and I can see it is doing more than 1, 2, 3,.... request and only in the first I can see the sql interaction... rad_recv: Access-Request packet from host 192.168.1.10 port 1060, id=0, length=178 Message-Authenticator = 0x98fe26e9ef295e0939b045b3c3883ba9 Service-Type = Framed-User User-Name = "alexmoon" Framed-MTU = 1488 Called-Station-Id = "00-21-27-FB-5A-10:TP-LINK" Calling-Station-Id = "00-22-68-B7-EE-D7" NAS-Port-Type = Wireless-802.11 Connect-Info = "CONNECT 54Mbps 802.11g" EAP-Message = 0x0200000d01616c65786d6f6f6e NAS-IP-Address = 192.168.1.5 NAS-Port = 1 NAS-Port-Id = "STA port # 1" +- entering group authorize {...} ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop [suffix] No '@' in User-Name = "alexmoon", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop [eap] EAP packet type response id 0 length 13 [eap] No EAP Start, assuming it's an on-going EAP conversation ++[eap] returns updated ++[unix] returns notfound ++[files] returns noop [sql] expand: %{User-Name} -> alexmoon [sql] sql_set_user escaped user --> 'alexmoon' rlm_sql (sql): Reserving sql socket id: 2 [sql] expand: SELECT id, username, attribute, value, op FROM radcheck WHERE username = '%{SQL-User-Name}' ORDER BY id -> SELECT id, username, attribute, value, op FROM radcheck WHERE username = 'alexmoon' ORDER BY id [sql] User found in radcheck table [sql] expand: SELECT id, username, attribute, value, op FROM radreply WHERE username = '%{SQL-User-Name}' ORDER BY id -> SELECT id, username, attribute, value, op FROM radreply WHERE username = 'alexmoon' ORDER BY id [sql] expand: SELECT groupname FROM radusergroup WHERE username = '%{SQL-User-Name}' ORDER BY priority -> SELECT groupname FROM radusergroup WHERE username = 'alexmoon' ORDER BY priority [sql] expand: SELECT id, groupname, attribute, Value, op FROM radgroupcheck WHERE groupname = '%{Sql-Group}' ORDER BY id -> SELECT id, groupname, attribute, Value, op FROM radgroupcheck WHERE groupname = 'dynamic' ORDER BY id [sql] User found in group dynamic [sql] expand: SELECT id, groupname, attribute, value, op FROM radgroupreply WHERE groupname = '%{Sql-Group}' ORDER BY id -> SELECT id, groupname, attribute, value, op FROM radgroupreply WHERE groupname = 'dynamic' ORDER BY id rlm_sql (sql): Released sql socket id: 2 ++[sql] returns ok ++[expiration] returns noop ++[logintime] returns noop [pap] Found existing Auth-Type, not changing it. ++[pap] returns noop Found Auth-Type = EAP +- entering group authenticate {...} [eap] EAP Identity [eap] processing type md5 rlm_eap_md5: Issuing Challenge ++[eap] returns handled Sending Access-Challenge of id 0 to 192.168.1.10 port 1060 Service-Type := Framed-User Framed-Protocol := PPP Framed-Compression := Van-Jacobson-TCP-IP Framed-MTU := 1500 EAP-Message = 0x010100160410739d9907d0f007e8a5b9bf9e6ceedeb2 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x043a00db043b04154cf77263c06ef160 Finished request 10. Going to the next request Waking up in 4.9 seconds. rad_recv: Access-Request packet from host 192.168.1.10 port 1060, id=1, length=189 Message-Authenticator = 0x90c2a53ea79f5b5fcff2ff4effa6c9c9 Service-Type = Framed-User User-Name = "alexmoon" Framed-MTU = 1488 State = 0x043a00db043b04154cf77263c06ef160 Called-Station-Id = "00-21-27-FB-5A-10:TP-LINK" Calling-Station-Id = "00-22-68-B7-EE-D7" NAS-Port-Type = Wireless-802.11 Connect-Info = "CONNECT 54Mbps 802.11g" EAP-Message = 0x020100060319 NAS-IP-Address = 192.168.1.5 NAS-Port = 1 NAS-Port-Id = "STA port # 1" +- entering group authorize {...} ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop [suffix] No '@' in User-Name = "alexmoon", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop [eap] EAP packet type response id 1 length 6 [eap] No EAP Start, assuming it's an on-going EAP conversation ++[eap] returns updated ++[unix] returns notfound ++[files] returns noop [sql] expand: %{User-Name} -> alexmoon [sql] sql_set_user escaped user --> 'alexmoon' rlm_sql (sql): Reserving sql socket id: 1 [sql] expand: SELECT id, username, attribute, value, op FROM radcheck WHERE username = '%{SQL-User-Name}' ORDER BY id -> SELECT id, username, attribute, value, op FROM radcheck WHERE username = 'alexmoon' ORDER BY id [sql] User found in radcheck table [sql] expand: SELECT id, username, attribute, value, op FROM radreply WHERE username = '%{SQL-User-Name}' ORDER BY id -> SELECT id, username, attribute, value, op FROM radreply WHERE username = 'alexmoon' ORDER BY id [sql] expand: SELECT groupname FROM radusergroup WHERE username = '%{SQL-User-Name}' ORDER BY priority -> SELECT groupname FROM radusergroup WHERE username = 'alexmoon' ORDER BY priority [sql] expand: SELECT id, groupname, attribute, Value, op FROM radgroupcheck WHERE groupname = '%{Sql-Group}' ORDER BY id -> SELECT id, groupname, attribute, Value, op FROM radgroupcheck WHERE groupname = 'dynamic' ORDER BY id [sql] User found in group dynamic [sql] expand: SELECT id, groupname, attribute, value, op FROM radgroupreply WHERE groupname = '%{Sql-Group}' ORDER BY id -> SELECT id, groupname, attribute, value, op FROM radgroupreply WHERE groupname = 'dynamic' ORDER BY id rlm_sql (sql): Released sql socket id: 1 ++[sql] returns ok ++[expiration] returns noop ++[logintime] returns noop [pap] Found existing Auth-Type, not changing it. ++[pap] returns noop Found Auth-Type = EAP +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP NAK [eap] EAP-NAK asked for EAP-Type/peap [eap] processing type tls [tls] Initiate [tls] Start returned 1 ++[eap] returns handled Sending Access-Challenge of id 1 to 192.168.1.10 port 1060 Service-Type := Framed-User Framed-Protocol := PPP Framed-Compression := Van-Jacobson-TCP-IP Framed-MTU := 1500 EAP-Message = 0x010200061920 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x043a00db053819154cf77263c06ef160 Finished request 11. Going to the next request Waking up in 4.9 seconds. rad_recv: Access-Request packet from host 192.168.1.10 port 1060, id=2, length=263 Message-Authenticator = 0xeeb28ab0ada1ad4ba26125a9d6c10d0c Service-Type = Framed-User User-Name = "alexmoon" Framed-MTU = 1488 State = 0x043a00db053819154cf77263c06ef160 Called-Station-Id = "00-21-27-FB-5A-10:TP-LINK" Calling-Station-Id = "00-22-68-B7-EE-D7" NAS-Port-Type = Wireless-802.11 Connect-Info = "CONNECT 54Mbps 802.11g" EAP-Message = 0x0202005019800000004616030100410100003d03014b4fad659a9ce2fbeb4f5ffea969ffa643916fb5fe5947f16116d57cdbd2507a00001600040005000a000900640062000300060013001200630100 NAS-IP-Address = 192.168.1.5 NAS-Port = 1 NAS-Port-Id = "STA port # 1" +- entering group authorize {...} ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop [suffix] No '@' in User-Name = "alexmoon", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop [eap] EAP packet type response id 2 length 80 [eap] Continuing tunnel setup. ++[eap] returns ok Found Auth-Type = EAP +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/peap [eap] processing type peap [peap] processing EAP-TLS TLS Length 70 [peap] Length Included [peap] eaptls_verify returned 11 [peap] (other): before/accept initialization [peap] TLS_accept: before/accept initialization [peap] <<< TLS 1.0 Handshake [length 0041], ClientHello [peap] TLS_accept: SSLv3 read client hello A [peap] >>> TLS 1.0 Handshake [length 002a], ServerHello [peap] TLS_accept: SSLv3 write server hello A [peap] >>> TLS 1.0 Handshake [length 085e], Certificate [peap] TLS_accept: SSLv3 write certificate A [peap] >>> TLS 1.0 Handshake [length 0004], ServerHelloDone [peap] TLS_accept: SSLv3 write server done A [peap] TLS_accept: SSLv3 flush data [peap] TLS_accept: Need to read more data: SSLv3 read client certificate A In SSL Handshake Phase In SSL Accept mode [peap] eaptls_process returned 13 [peap] EAPTLS_HANDLED ++[eap] returns handled Sending Access-Challenge of id 2 to 192.168.1.10 port 1060 EAP-Message = 0x0103040019c00000089b160301002a0200002603014b4fad608e1611c18dd5080c12aa082cfa8dbab65a830ff3d7f424f6a876d40700000400160301085e0b00085a0008570003a6308203a23082028aa003020102020101300d06092a864886f70d0101040500308193310b3009060355040613024652310f300d060355040813065261646975733112301006035504071309536f6d65776865726531153013060355040a130c4578616d706c6520496e632e3120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d312630240603550403131d4578616d706c6520436572746966696361746520417574686f72697479 EAP-Message = 0x301e170d3039313232343138323330365a170d3130313232343138323330365a307c310b3009060355040613024652310f300d0603550408130652616469757331153013060355040a130c4578616d706c6520496e632e312330210603550403131a4578616d706c65205365727665722043657274696669636174653120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d30820122300d06092a864886f70d01010105000382010f003082010a0282010100cf4dc6ad3d327155612f45f3a965c735dd65532ed0d3b9abb36a4e8a15c7650f375fc676baddfbafd21fba35dad2819fa96aa3dbee1849eb8f945049b6bb EAP-Message = 0x6ab5cd9a58a1a4f661dce9a69e81422473bed1c7a47f708abdc60fd13b1c29fdef726b675346e590013ea3cae14bbb57c8b1582d0e5c6c02a4c4dec2a24dbfcc984f04f0cef38473118b210722e07d7c28b1f6d4520b85dcd4bf36744920f63535dbf5a4700464fb667b30ac94afa0c407905ea03d5977095f804fffdda7834cbb5ac049d498465f24b71be83d8ae93d015530b760a5080dbe28c2456797b34e1dc478a32906cadfb203d8b11a4fb4b1e90538f20fe427d0e34f047c3ca198543bf30203010001a317301530130603551d25040c300a06082b06010505070301300d06092a864886f70d0101040500038201010003c62e5e0d0244b6f5 EAP-Message = 0x9925e951afecbeb0abf6f3a3e953bdfc1c85048b10d067ed86802d4dcd24ce16f5f6432e202dd5e91ce09a405e5f4f218406ca5e4172f15d392905f70a4d3a4512140c307fd68abac0255be7e3b551b3b4a6c63ae85bbb451dc136fc5f937d8789bdd5a5f9167ed5e75a50e4f847becb0e87c52e45cfc59f0363036d4a198e6b972c0d759e9f457c2d34946b5c220e3f7d49f01eb6f507333d3295720a1fc945b35c372a99974c54b72f5436739626328fec5ce6d4e5ca5e2149a3b92369400777cce709b3cde7af38a12d1b2b26d8de204a049257ecb700f901e156bede5e82ab6cdbf4428a9ef5bbf80f0b55ab5e9144e6f074407e350004ab308204 EAP-Message = 0xa73082038fa0030201020209 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x043a00db063919154cf77263c06ef160 Finished request 12. Going to the next request Waking up in 4.9 seconds. rad_recv: Access-Request packet from host 192.168.1.10 port 1060, id=3, length=189 Message-Authenticator = 0xb6576d7ee5e01e197c632fe7d20f45a1 Service-Type = Framed-User User-Name = "alexmoon" Framed-MTU = 1488 State = 0x043a00db063919154cf77263c06ef160 Called-Station-Id = "00-21-27-FB-5A-10:TP-LINK" Calling-Station-Id = "00-22-68-B7-EE-D7" NAS-Port-Type = Wireless-802.11 Connect-Info = "CONNECT 54Mbps 802.11g" EAP-Message = 0x020300061900 NAS-IP-Address = 192.168.1.5 NAS-Port = 1 NAS-Port-Id = "STA port # 1" +- entering group authorize {...} ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop [suffix] No '@' in User-Name = "alexmoon", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop [eap] EAP packet type response id 3 length 6 [eap] Continuing tunnel setup. ++[eap] returns ok Found Auth-Type = EAP +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/peap [eap] processing type peap [peap] processing EAP-TLS [peap] Received TLS ACK [peap] ACK handshake fragment handler [peap] eaptls_verify returned 1 [peap] eaptls_process returned 13 [peap] EAPTLS_HANDLED ++[eap] returns handled Sending Access-Challenge of id 3 to 192.168.1.10 port 1060 EAP-Message = 0x010403fc194000b526c63ec2860c41300d06092a864886f70d0101050500308193310b3009060355040613024652310f300d060355040813065261646975733112301006035504071309536f6d65776865726531153013060355040a130c4578616d706c6520496e632e3120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d312630240603550403131d4578616d706c6520436572746966696361746520417574686f72697479301e170d3039313232343138323330365a170d3130313232343138323330365a308193310b3009060355040613024652310f300d060355040813065261646975733112301006035504 EAP-Message = 0x071309536f6d65776865726531153013060355040a130c4578616d706c6520496e632e3120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d312630240603550403131d4578616d706c6520436572746966696361746520417574686f7269747930820122300d06092a864886f70d01010105000382010f003082010a0282010100af53216f4070226b6621456467b8083ec8228e3c839fccd9b8133d19a065df275fea1450334ce0bb9942a863872efe551ed4f1a1adfd541eb5d1e918be984db37964a4c137153f3db595dd7d0dccddbc5a5104df68e170a6eda0d63f2bb866451c254e3a49c4f4f3e1f6071e7e65d1 EAP-Message = 0x489f4144e709bfe07d05d66fc198985555dd7f1c03216c5d71a074ac4bddadec93aadba95434368ccea897fb5ad0e16ebe9a7e2813961563f7b282f63ad653dfe16fca332e5cf93c9c47b3bc6a5af350d74676d425f0d47865ad0999ce9491ef5fe1f2d1c9b8d9b78e9b6f92b0d14d663c61f26261d65e41450b7cad7d729d2c1e5215081bb4ae3dab3e09532ad597f13f0203010001a381fb3081f8301d0603551d0e041604141254e57464a345c8860b1e1368ce66bf1a2de5423081c80603551d230481c03081bd80141254e57464a345c8860b1e1368ce66bf1a2de542a18199a48196308193310b3009060355040613024652310f300d06035504 EAP-Message = 0x0813065261646975733112301006035504071309536f6d65776865726531153013060355040a130c4578616d706c6520496e632e3120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d312630240603550403131d4578616d706c6520436572746966696361746520417574686f72697479820900b526c63ec2860c41300c0603551d13040530030101ff300d06092a864886f70d0101050500038201010085166fde34033935062c9a1f91962eb3a64d55a9d0766ac75d9cc485c761eb793c76264323c8a5b665d12f821cc685509791ef32bc042d6f45380ce11393384b634483d3386b856654560cfb3758ccc63b30 EAP-Message = 0x71fc430f72b2c81d Message-Authenticator = 0x00000000000000000000000000000000 State = 0x043a00db073e19154cf77263c06ef160 Finished request 13. Going to the next request Waking up in 4.9 seconds. rad_recv: Access-Request packet from host 192.168.1.10 port 1060, id=4, length=189 Message-Authenticator = 0xb377f7d0c4cb51758726ca050fd7146f Service-Type = Framed-User User-Name = "alexmoon" Framed-MTU = 1488 State = 0x043a00db073e19154cf77263c06ef160 Called-Station-Id = "00-21-27-FB-5A-10:TP-LINK" Calling-Station-Id = "00-22-68-B7-EE-D7" NAS-Port-Type = Wireless-802.11 Connect-Info = "CONNECT 54Mbps 802.11g" EAP-Message = 0x020400061900 NAS-IP-Address = 192.168.1.5 NAS-Port = 1 NAS-Port-Id = "STA port # 1" +- entering group authorize {...} ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop [suffix] No '@' in User-Name = "alexmoon", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop [eap] EAP packet type response id 4 length 6 [eap] Continuing tunnel setup. ++[eap] returns ok Found Auth-Type = EAP +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/peap [eap] processing type peap [peap] processing EAP-TLS [peap] Received TLS ACK [peap] ACK handshake fragment handler [peap] eaptls_verify returned 1 [peap] eaptls_process returned 13 [peap] EAPTLS_HANDLED ++[eap] returns handled Sending Access-Challenge of id 4 to 192.168.1.10 port 1060 EAP-Message = 0x010500b51900794b79ea841348662131dd8b2859030e05ae6e25eb94aeeb47189dfcad0ac73fbe13bc40052ea36862e34b18ae12dd66466c5db8690b7e915696e287191d756618c6690ab8a82b0e9e63070a5beb6de3ce93a78f31894b85c798381dc69e976b052b80b01ecc3d3acb7bf8141aa124094d24b808a32a304ab9174e2e484918c7f5067e9b9126c4e14a479c915bbef300845ad0674216abb7b198b2ff6531d2f59f6c5bdc625216030100040e000000 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x043a00db003f19154cf77263c06ef160 Finished request 14. Going to the next request Waking up in 4.8 seconds. rad_recv: Access-Request packet from host 192.168.1.10 port 1060, id=5, length=505 Message-Authenticator = 0x1027e3e1828740fbe58c5a21c7b36a7f Service-Type = Framed-User User-Name = "alexmoon" Framed-MTU = 1488 State = 0x043a00db003f19154cf77263c06ef160 Called-Station-Id = "00-21-27-FB-5A-10:TP-LINK" Calling-Station-Id = "00-22-68-B7-EE-D7" NAS-Port-Type = Wireless-802.11 Connect-Info = "CONNECT 54Mbps 802.11g" EAP-Message = 0x0205014019800000013616030101061000010201001d150b43732d1df67a2c9954e40dbd0d4b1a3942a1bf6105668d17322943422740a559b73ddb1ea538586ee1e22620c4d3cd7ce369f1cd14d6eba6d31a190ffb8d6fce52fb9f4693e44343b7d989754d8a7a6e5ee16b4b5a3ebb2937a589cab9bff4332f49ef53da68507b8bd5a96ba94d8060ec0f044c49f4759ff41d0032b1a4b34dc6c757900387e066af1ad174439e715b01a23eb989691755772e8f377fc99f4c4d7e66c82e77cf4eadc5041adcd97210283b9155398c3af6465e84b299fd0140c9ef4e0a70438af3f60e0a7a083b360ba8caef281fc5dec4df0ab765c9ac14e0299ff96b9e EAP-Message = 0xb195517d78c1fb27bacce08d8595e6d0a735e11b894c3d5e14030100010116030100205c494488b295571f372cddd27008921d743a867ac158300c73d88eb53cdcd6c0 NAS-IP-Address = 192.168.1.5 NAS-Port = 1 NAS-Port-Id = "STA port # 1" +- entering group authorize {...} ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop [suffix] No '@' in User-Name = "alexmoon", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop [eap] EAP packet type response id 5 length 253 [eap] Continuing tunnel setup. ++[eap] returns ok Found Auth-Type = EAP +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/peap [eap] processing type peap [peap] processing EAP-TLS TLS Length 310 [peap] Length Included [peap] eaptls_verify returned 11 [peap] <<< TLS 1.0 Handshake [length 0106], ClientKeyExchange [peap] TLS_accept: SSLv3 read client key exchange A [peap] <<< TLS 1.0 ChangeCipherSpec [length 0001] [peap] <<< TLS 1.0 Handshake [length 0010], Finished [peap] TLS_accept: SSLv3 read finished A [peap] >>> TLS 1.0 ChangeCipherSpec [length 0001] [peap] TLS_accept: SSLv3 write change cipher spec A [peap] >>> TLS 1.0 Handshake [length 0010], Finished [peap] TLS_accept: SSLv3 write finished A [peap] TLS_accept: SSLv3 flush data [peap] (other): SSL negotiation finished successfully SSL Connection Established [peap] eaptls_process returned 13 [peap] EAPTLS_HANDLED ++[eap] returns handled Sending Access-Challenge of id 5 to 192.168.1.10 port 1060 EAP-Message = 0x010600311900140301000101160301002067fe1793f016565d10b02851ee1a7248c50e5406b4074453e24b318bb0989a20 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x043a00db013c19154cf77263c06ef160 Finished request 15. Going to the next request Waking up in 4.7 seconds. rad_recv: Access-Request packet from host 192.168.1.10 port 1060, id=6, length=505 Message-Authenticator = 0x728299ab490caf6af3905238fb92df7a Service-Type = Framed-User User-Name = "alexmoon" Framed-MTU = 1488 State = 0xd59750e4d191490045b22f12f1b8e43e Called-Station-Id = "00-21-27-FB-5A-10:TP-LINK" Calling-Station-Id = "00-22-68-B7-EE-D7" NAS-Port-Type = Wireless-802.11 Connect-Info = "CONNECT 54Mbps 802.11g" EAP-Message = 0x020601401980000001361603010106100001020100abda5c21ed9ff50be717e2d776b293bc884bbd72c165f9493208a21442db65d253bcd44a2756a1106d21af9d68b4f242185e9b96a2f63de4fbb3999acfccb21124ca1f7d3d9586b0e3d0993f08d0d1971c6a20b653efee63056ef7cbb2e5d43e922aff8ec8c99ebe3f11fe3f1c87521b7d82f58a8dfea2f0719a87118c13122a7036fa65acc6dfcd79d244dd8b7fe6298eba29ddabf42ef10efb449328499585a9eeab013a42da816cd0dce04745a1c595f9d8c9169957c87a7fef626825a0254db8c2ab08ea84c61bf57d8991f98cb56978e10f5ffae23d025080a755dd1b162fe2643f66ff92c3 EAP-Message = 0xcdef94ee28aaa02fdae268614bf4dcd5f1492f1d4dc40ad51403010001011603010020edefeea82fcb88158e3b7734a649469f8942ca0f600b945360e10ff5f1b237ab NAS-IP-Address = 192.168.1.5 NAS-Port = 1 NAS-Port-Id = "STA port # 1" +- entering group authorize {...} ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop [suffix] No '@' in User-Name = "alexmoon", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop [eap] EAP packet type response id 6 length 253 [eap] Continuing tunnel setup. ++[eap] returns ok Found Auth-Type = EAP +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/peap [eap] processing type peap [peap] processing EAP-TLS TLS Length 310 [peap] Length Included [peap] eaptls_verify returned 11 [peap] <<< TLS 1.0 Handshake [length 0106], ClientKeyExchange [peap] TLS_accept: SSLv3 read client key exchange A [peap] <<< TLS 1.0 ChangeCipherSpec [length 0001] [peap] <<< TLS 1.0 Handshake [length 0010], Finished [peap] TLS_accept: SSLv3 read finished A [peap] >>> TLS 1.0 ChangeCipherSpec [length 0001] [peap] TLS_accept: SSLv3 write change cipher spec A [peap] >>> TLS 1.0 Handshake [length 0010], Finished [peap] TLS_accept: SSLv3 write finished A [peap] TLS_accept: SSLv3 flush data [peap] (other): SSL negotiation finished successfully SSL Connection Established [peap] eaptls_process returned 13 [peap] EAPTLS_HANDLED ++[eap] returns handled Sending Access-Challenge of id 6 to 192.168.1.10 port 1060 EAP-Message = 0x01070031190014030100010116030100200ce6d1a797311fb8320943f625858c9ed525457cf7b530143b24685f2d00ce32 Message-Authenticator = 0x00000000000000000000000000000000 State = 0xd59750e4d090490045b22f12f1b8e43e Finished request 16. Going to the next request Waking up in 3.7 seconds. rad_recv: Access-Request packet from host 192.168.1.10 port 1060, id=7, length=189 Message-Authenticator = 0xf6156e7f878a80e329008af8da8b1d67 Service-Type = Framed-User User-Name = "alexmoon" Framed-MTU = 1488 State = 0xd59750e4d090490045b22f12f1b8e43e Called-Station-Id = "00-21-27-FB-5A-10:TP-LINK" Calling-Station-Id = "00-22-68-B7-EE-D7" NAS-Port-Type = Wireless-802.11 Connect-Info = "CONNECT 54Mbps 802.11g" EAP-Message = 0x020700061900 NAS-IP-Address = 192.168.1.5 NAS-Port = 1 NAS-Port-Id = "STA port # 1" +- entering group authorize {...} ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop [suffix] No '@' in User-Name = "alexmoon", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop [eap] EAP packet type response id 7 length 6 [eap] Continuing tunnel setup. ++[eap] returns ok Found Auth-Type = EAP +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/peap [eap] processing type peap [peap] processing EAP-TLS [peap] Received TLS ACK [peap] ACK handshake is finished [peap] eaptls_verify returned 3 [peap] eaptls_process returned 3 [peap] EAPTLS_SUCCESS ++[eap] returns handled Sending Access-Challenge of id 7 to 192.168.1.10 port 1060 EAP-Message = 0x0108002019001703010015bd2ca6dc31201cbac2765c94ad5303ba4129260bf8 Message-Authenticator = 0x00000000000000000000000000000000 State = 0xd59750e4d39f490045b22f12f1b8e43e Finished request 17. Going to the next request Waking up in 2.7 seconds. rad_recv: Access-Request packet from host 192.168.1.10 port 1060, id=8, length=219 Message-Authenticator = 0xd4d619972ac59c3378c8cbbfa0c8b0aa Service-Type = Framed-User User-Name = "alexmoon" Framed-MTU = 1488 State = 0xd59750e4d39f490045b22f12f1b8e43e Called-Station-Id = "00-21-27-FB-5A-10:TP-LINK" Calling-Station-Id = "00-22-68-B7-EE-D7" NAS-Port-Type = Wireless-802.11 Connect-Info = "CONNECT 54Mbps 802.11g" EAP-Message = 0x0208002419001703010019b852857840f2598aa6f763c8cf37968914ee607f6b8d338b5a NAS-IP-Address = 192.168.1.5 NAS-Port = 1 NAS-Port-Id = "STA port # 1" +- entering group authorize {...} ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop [suffix] No '@' in User-Name = "alexmoon", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop [eap] EAP packet type response id 8 length 36 [eap] Continuing tunnel setup. ++[eap] returns ok Found Auth-Type = EAP +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/peap [eap] processing type peap [peap] processing EAP-TLS [peap] eaptls_verify returned 7 [peap] Done initial handshake [peap] eaptls_process returned 7 [peap] EAPTLS_OK [peap] Session established. Decoding tunneled attributes. [peap] Identity - alexmoon [peap] Got tunneled request EAP-Message = 0x0208000d01616c65786d6f6f6e server { PEAP: Got tunneled identity of alexmoon PEAP: Setting default EAP type for tunneled EAP session. PEAP: Setting User-Name to alexmoon Sending tunneled request EAP-Message = 0x0208000d01616c65786d6f6f6e FreeRADIUS-Proxied-To = 127.0.0.1 User-Name = "alexmoon" Service-Type = Framed-User Framed-MTU = 1488 Called-Station-Id = "00-21-27-FB-5A-10:TP-LINK" Calling-Station-Id = "00-22-68-B7-EE-D7" NAS-Port-Type = Wireless-802.11 Connect-Info = "CONNECT 54Mbps 802.11g" NAS-IP-Address = 192.168.1.5 NAS-Port = 1 NAS-Port-Id = "STA port # 1" server inner-tunnel { +- entering group authorize {...} ++[chap] returns noop ++[mschap] returns noop ++[unix] returns notfound [suffix] No '@' in User-Name = "alexmoon", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop ++[control] returns noop [eap] EAP packet type response id 8 length 13 [eap] No EAP Start, assuming it's an on-going EAP conversation ++[eap] returns updated ++[files] returns noop ++[expiration] returns noop ++[logintime] returns noop ++[pap] returns noop Found Auth-Type = EAP +- entering group authenticate {...} [eap] EAP Identity [eap] processing type mschapv2 rlm_eap_mschapv2: Issuing Challenge ++[eap] returns handled } # server inner-tunnel [peap] Got tunneled reply code 11 EAP-Message = 0x010900221a0109001d10df7423b52603b13210d2ab29758122cd616c65786d6f6f6e Message-Authenticator = 0x00000000000000000000000000000000 State = 0x236e171123670dd05b80bcbd90b4450f [peap] Got tunneled reply RADIUS code 11 EAP-Message = 0x010900221a0109001d10df7423b52603b13210d2ab29758122cd616c65786d6f6f6e Message-Authenticator = 0x00000000000000000000000000000000 State = 0x236e171123670dd05b80bcbd90b4450f [peap] Got tunneled Access-Challenge ++[eap] returns handled Sending Access-Challenge of id 8 to 192.168.1.10 port 1060 EAP-Message = 0x010900391900170301002e34b8040eee73493cdbab2165d4af7b7b846dc28272752c8c870a55590c2961a1467130f4273c935663d362439ebf Message-Authenticator = 0x00000000000000000000000000000000 State = 0xd59750e4d29e490045b22f12f1b8e43e Finished request 18. Going to the next request Waking up in 2.6 seconds. rad_recv: Access-Request packet from host 192.168.1.10 port 1060, id=9, length=273 Message-Authenticator = 0xe240978f209e4bbe0dc03c770b583d4e Service-Type = Framed-User User-Name = "alexmoon" Framed-MTU = 1488 State = 0xd59750e4d29e490045b22f12f1b8e43e Called-Station-Id = "00-21-27-FB-5A-10:TP-LINK" Calling-Station-Id = "00-22-68-B7-EE-D7" NAS-Port-Type = Wireless-802.11 Connect-Info = "CONNECT 54Mbps 802.11g" EAP-Message = 0x0209005a1900170301004f0a8979df9593c6ea1ae7efbd97b57e6c69ce5269a3191f1cee64f80be2e37da7808f7867320332f9f5234c4e1b9efc74068bcef6c9a838994b8067c79dba9d4cdf8070b7a72e47759ac67e977924a9 NAS-IP-Address = 192.168.1.5 NAS-Port = 1 NAS-Port-Id = "STA port # 1" +- entering group authorize {...} ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop [suffix] No '@' in User-Name = "alexmoon", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop [eap] EAP packet type response id 9 length 90 [eap] Continuing tunnel setup. ++[eap] returns ok Found Auth-Type = EAP +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/peap [eap] processing type peap [peap] processing EAP-TLS [peap] eaptls_verify returned 7 [peap] Done initial handshake [peap] eaptls_process returned 7 [peap] EAPTLS_OK [peap] Session established. Decoding tunneled attributes. [peap] EAP type mschapv2 [peap] Got tunneled request EAP-Message = 0x020900431a0209003e314bb8a0e4a2fed3fb7f36852ae21d2c6f0000000000000000ad31edb3c40dd7c7b3479ebdea4885e099f63702c6eb18f800616c65786d6f6f6e server { PEAP: Setting User-Name to alexmoon Sending tunneled request EAP-Message = 0x020900431a0209003e314bb8a0e4a2fed3fb7f36852ae21d2c6f0000000000000000ad31edb3c40dd7c7b3479ebdea4885e099f63702c6eb18f800616c65786d6f6f6e FreeRADIUS-Proxied-To = 127.0.0.1 User-Name = "alexmoon" State = 0x236e171123670dd05b80bcbd90b4450f Service-Type = Framed-User Framed-MTU = 1488 Called-Station-Id = "00-21-27-FB-5A-10:TP-LINK" Calling-Station-Id = "00-22-68-B7-EE-D7" NAS-Port-Type = Wireless-802.11 Connect-Info = "CONNECT 54Mbps 802.11g" NAS-IP-Address = 192.168.1.5 NAS-Port = 1 NAS-Port-Id = "STA port # 1" server inner-tunnel { +- entering group authorize {...} ++[chap] returns noop ++[mschap] returns noop ++[unix] returns notfound [suffix] No '@' in User-Name = "alexmoon", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop ++[control] returns noop [eap] EAP packet type response id 9 length 67 [eap] No EAP Start, assuming it's an on-going EAP conversation ++[eap] returns updated ++[files] returns noop ++[expiration] returns noop ++[logintime] returns noop ++[pap] returns noop Found Auth-Type = EAP +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/mschapv2 [eap] processing type mschapv2 [mschapv2] +- entering group MS-CHAP {...} [mschap] No Cleartext-Password configured. Cannot create LM-Password. [mschap] No Cleartext-Password configured. Cannot create NT-Password. [mschap] Told to do MS-CHAPv2 for alexmoon with NT-Password [mschap] FAILED: No NT/LM-Password. Cannot perform authentication. [mschap] FAILED: MS-CHAP2-Response is incorrect ++[mschap] returns reject [eap] Freeing handler ++[eap] returns reject Failed to authenticate the user. } # server inner-tunnel [peap] Got tunneled reply code 3 MS-CHAP-Error = "\tE=691 R=1" EAP-Message = 0x04090004 Message-Authenticator = 0x00000000000000000000000000000000 [peap] Got tunneled reply RADIUS code 3 MS-CHAP-Error = "\tE=691 R=1" EAP-Message = 0x04090004 Message-Authenticator = 0x00000000000000000000000000000000 [peap] Tunneled authentication was rejected. [peap] FAILURE ++[eap] returns handled Sending Access-Challenge of id 9 to 192.168.1.10 port 1060 EAP-Message = 0x010a00261900170301001bcb26c0900b6c7334a11d90d38d3eae1d4bed0508ec5dcafbe5cf9e Message-Authenticator = 0x00000000000000000000000000000000 State = 0xd59750e4dd9d490045b22f12f1b8e43e Finished request 19. Going to the next request Waking up in 2.6 seconds. rad_recv: Access-Request packet from host 192.168.1.10 port 1060, id=10, length=221 Message-Authenticator = 0x30bd3c98fa2126beff67293312dd4d54 Service-Type = Framed-User User-Name = "alexmoon" Framed-MTU = 1488 State = 0xd59750e4dd9d490045b22f12f1b8e43e Called-Station-Id = "00-21-27-FB-5A-10:TP-LINK" Calling-Station-Id = "00-22-68-B7-EE-D7" NAS-Port-Type = Wireless-802.11 Connect-Info = "CONNECT 54Mbps 802.11g" EAP-Message = 0x020a00261900170301001b1cee016d3d76e97133abb3fb9e621ac14d14ed95a56470c731c8c7 NAS-IP-Address = 192.168.1.5 NAS-Port = 1 NAS-Port-Id = "STA port # 1" +- entering group authorize {...} ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop [suffix] No '@' in User-Name = "alexmoon", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop [eap] EAP packet type response id 10 length 38 [eap] Continuing tunnel setup. ++[eap] returns ok Found Auth-Type = EAP +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/peap [eap] processing type peap [peap] processing EAP-TLS [peap] eaptls_verify returned 7 [peap] Done initial handshake [peap] eaptls_process returned 7 [peap] EAPTLS_OK [peap] Session established. Decoding tunneled attributes. [peap] Received EAP-TLV response. [peap] Had sent TLV failure. User was rejected earlier in this session. [eap] Handler failed in EAP/peap [eap] Failed in EAP select ++[eap] returns invalid Failed to authenticate the user. Using Post-Auth-Type Reject +- entering group REJECT {...} [attr_filter.access_reject] expand: %{User-Name} -> alexmoon attr_filter: Matched entry DEFAULT at line 11 ++[attr_filter.access_reject] returns updated Delaying reject of request 20 for 1 seconds Going to the next request Waking up in 0.9 seconds. Sending delayed reject for request 20 Sending Access-Reject of id 10 to 192.168.1.10 port 1060 EAP-Message = 0x040a0004 Message-Authenticator = 0x00000000000000000000000000000000 Waking up in 1.6 seconds. Cleaning up request 10 ID 0 with timestamp +53 Cleaning up request 11 ID 1 with timestamp +53 Cleaning up request 12 ID 2 with timestamp +53 Cleaning up request 13 ID 3 with timestamp +53 Cleaning up request 14 ID 4 with timestamp +53 Cleaning up request 15 ID 5 with timestamp +53 Waking up in 1.1 seconds. Cleaning up request 16 ID 6 with timestamp +54 Waking up in 1.0 seconds. Cleaning up request 17 ID 7 with timestamp +55 Cleaning up request 18 ID 8 with timestamp +55 Cleaning up request 19 ID 9 with timestamp +55 Waking up in 1.0 seconds. Cleaning up request 20 ID 10 with timestamp +55 Ready to process requests. ############################################################################################################## If You have any sugestion I really appreciate, Thanks for your time to help me and all the people in this mailing list.... Thank you in advance... All
hi, got sql defined in your authenticate section of the inner-tunnel (where EAP packets by default get proxied to) ? alan
participants (2)
-
Alan Buxey -
Ale Luna