sql_counter module doesn't count
Hi , I want to use the sql_counter module in my radius server. The SQL module seems to work correct, but the calculating of the connection time does not return any result because there is no entry at all in the radius database table "radacct" after a test user has logged in or stays logged in. I have no idea where I have to look next. The FreeRadius runs on a Synology NAS and I'm also not sure if all modules are precompiled and usable. My User table radcheck looks like this: username: attribute: op: value: tee Cleartext-Password := abc tee Max-All-Session := 120 the radusergroup is empty. Attached is the radius -X debug message after one test-user has connected. Any hints ? Thanks and Regards Lu FreeRADIUS Version 2.1.10, for host armle-unknown-linux-gnu, built on Mar 14 2013 at 11:55:30 Copyright (C) 1999-2009 The FreeRADIUS server project and contributors. There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. You may redistribute copies of FreeRADIUS under the terms of the GNU General Public License v2. Starting - reading configuration files ... including configuration file /var/packages/RadiusServer/target//etc/raddb/radiusd.conf including configuration file /usr/local/synoradius/rad_listen including configuration file /usr/local/synoradius/rad_port_auth including configuration file /usr/local/synoradius/rad_port_auth including configuration file /usr/local/synoradius/rad_port_auth including configuration file /var/packages/RadiusServer/target//etc/raddb/clients.conf including configuration file /usr/local/synoradius/rad_clients including files in directory /var/packages/RadiusServer/target//etc/raddb/modules/ including configuration file /var/packages/RadiusServer/target//etc/raddb/modules/counter including configuration file /var/packages/RadiusServer/target//etc/raddb/modules/checkval including configuration file /var/packages/RadiusServer/target//etc/raddb/modules/logintime including configuration file /var/packages/RadiusServer/target//etc/raddb/modules/perl including configuration file /var/packages/RadiusServer/target//etc/raddb/modules/detail.log including configuration file /var/packages/RadiusServer/target//etc/raddb/modules/linelog including configuration file /var/packages/RadiusServer/target//etc/raddb/modules/attr_rewrite including configuration file /var/packages/RadiusServer/target//etc/raddb/modules/inner-eap including configuration file /var/packages/RadiusServer/target//etc/raddb/modules/sradutmp including configuration file /var/packages/RadiusServer/target//etc/raddb/modules/preprocess including configuration file /var/packages/RadiusServer/target//etc/raddb/modules/dynamic_clients including configuration file /var/packages/RadiusServer/target//etc/raddb/modules/chap including configuration file /var/packages/RadiusServer/target//etc/raddb/modules/unix including configuration file /var/packages/RadiusServer/target//etc/raddb/modules/realm including configuration file /var/packages/RadiusServer/target//etc/raddb/modules/digest including configuration file /var/packages/RadiusServer/target//etc/raddb/modules/files including configuration file /var/packages/RadiusServer/target//etc/raddb/modules/etc_group including configuration file /var/packages/RadiusServer/target//etc/raddb/modules/wimax including configuration file /var/packages/RadiusServer/target//etc/raddb/modules/ippool including configuration file /var/packages/RadiusServer/target//etc/raddb/modules/radutmp including configuration file /var/packages/RadiusServer/target//etc/raddb/modules/expiration including configuration file /var/packages/RadiusServer/target//etc/raddb/modules/echo including configuration file /var/packages/RadiusServer/target//etc/raddb/modules/sqlcounter_expire_on_login including configuration file /var/packages/RadiusServer/target//etc/raddb/modules/expr including configuration file /var/packages/RadiusServer/target//etc/raddb/modules/mac2vlan including configuration file /var/packages/RadiusServer/target//etc/raddb/modules/krb5 including configuration file /var/packages/RadiusServer/target//etc/raddb/modules/exec including configuration file /var/packages/RadiusServer/target//etc/raddb/modules/always including configuration file /var/packages/RadiusServer/target//etc/raddb/modules/smbpasswd including configuration file /var/packages/RadiusServer/target//etc/raddb/modules/cui including configuration file /var/packages/RadiusServer/target//etc/raddb/modules/pam including configuration file /var/packages/RadiusServer/target//etc/raddb/modules/passwd including configuration file /var/packages/RadiusServer/target//etc/raddb/modules/opendirectory including configuration file /var/packages/RadiusServer/target//etc/raddb/modules/mschap_ad including configuration file /var/packages/RadiusServer/target//etc/raddb/modules/ldap including configuration file /usr/local/synoradius/rad_ldap including configuration file /var/packages/RadiusServer/target//etc/raddb/modules/detail including configuration file /var/packages/RadiusServer/target//etc/raddb/modules/policy including configuration file /var/packages/RadiusServer/target//etc/raddb/modules/mschap including configuration file /var/packages/RadiusServer/target//etc/raddb/modules/detail.example.com including configuration file /var/packages/RadiusServer/target//etc/raddb/modules/attr_filter including configuration file /var/packages/RadiusServer/target//etc/raddb/modules/smsotp including configuration file /var/packages/RadiusServer/target//etc/raddb/modules/acct_unique including configuration file /var/packages/RadiusServer/target//etc/raddb/modules/pap including configuration file /var/packages/RadiusServer/target//etc/raddb/modules/otp including configuration file /var/packages/RadiusServer/target//etc/raddb/modules/mac2ip including configuration file /var/packages/RadiusServer/target//etc/raddb/modules/sql_log including configuration file /var/packages/RadiusServer/target//etc/raddb/modules/ntlm_auth including configuration file /usr/local/synoradius/rad_ntlm_auth including configuration file /var/packages/RadiusServer/target//etc/raddb/eap.conf including configuration file /var/packages/RadiusServer/target//etc/raddb/sql.conf including configuration file /var/packages/RadiusServer/target//etc/raddb/sql/mysql/dialup.conf including configuration file /var/packages/RadiusServer/target//etc/raddb/./counter.conf including configuration file /var/packages/RadiusServer/target//etc/raddb/counter.conf including configuration file /var/packages/RadiusServer/target//etc/raddb/policy.conf including files in directory /var/packages/RadiusServer/target//etc/raddb/sites-enabled/ including configuration file /var/packages/RadiusServer/target//etc/raddb/sites-enabled/inner-tunnel including configuration file /usr/local/synoradius/rad_site_inn including configuration file /usr/local/synoradius/rad_site_inn_local including configuration file /usr/local/synoradius/rad_port_inner including configuration file /var/packages/RadiusServer/target//etc/raddb/sites-enabled/control-socket including configuration file /var/packages/RadiusServer/target//etc/raddb/sites-enabled/default including configuration file /usr/local/synoradius/rad_site_def including configuration file /usr/local/synoradius/rad_site_def_local main { allow_core_dumps = no } including dictionary file /var/packages/RadiusServer/target//etc/raddb/dictionary main { prefix = "/var/packages/RadiusServer/target/" localstatedir = "/var/packages/RadiusServer/target//var" logdir = "/var/packages/RadiusServer/target//var/log/radius" libdir = "/var/packages/RadiusServer/target//lib" radacctdir = "/var/packages/RadiusServer/target//var/log/radius/radacct" hostname_lookups = no max_request_time = 30 cleanup_delay = 5 max_requests = 1024 pidfile = "/var/packages/RadiusServer/target//var/run/radiusd/radiusd.pid" checkrad = "/var/packages/RadiusServer/target//sbin/checkrad" debug_level = 0 proxy_requests = no log { stripped_names = no auth = yes auth_badpass = yes auth_goodpass = no } security { max_attributes = 200 reject_delay = 1 status_server = yes } } radiusd: #### Loading Realms and Home Servers #### radiusd: #### Loading Clients #### client 192.168.178.25/24 { require_message_authenticator = no secret = "xxxx" shortname = "EASYBOX" } client 127.0.0.1/24 { require_message_authenticator = no secret = "xxxx" shortname = "Localhost" } radiusd: #### Instantiating modules #### instantiate { Module: Linked to module rlm_exec Module: Instantiating module "exec" from file /var/packages/RadiusServer/target//etc/raddb/modules/exec exec { wait = no input_pairs = "request" shell_escape = yes } Module: Linked to module rlm_expr Module: Instantiating module "expr" from file /var/packages/RadiusServer/target//etc/raddb/modules/expr Module: Linked to module rlm_expiration Module: Instantiating module "expiration" from file /var/packages/RadiusServer/target//etc/raddb/modules/expiration expiration { reply-message = "Password Has Expired " } Module: Linked to module rlm_logintime Module: Instantiating module "logintime" from file /var/packages/RadiusServer/target//etc/raddb/modules/logintime logintime { reply-message = "You are calling outside your allowed timespan " minimum-timeout = 60 } Module: Linked to module rlm_sql Module: Instantiating module "sql" from file /var/packages/RadiusServer/target//etc/raddb/sql.conf sql { driver = "rlm_sql_mysql" server = "localhost" port = "3306" login = "radius" password = "xxxx" radius_db = "radius" read_groups = yes sqltrace = yes sqltracefile = "/var/packages/RadiusServer/target//var/log/radius/sqltrace.sql" readclients = no deletestalesessions = yes num_sql_socks = 5 lifetime = 0 max_queries = 0 sql_user_name = "%{User-Name}" default_user_profile = "" nas_query = "SELECT id, nasname, shortname, type, secret, server FROM nas" authorize_check_query = "SELECT id, username, attribute, value, op FROM radcheck WHERE username = '%{SQL-User-Name}' ORDER BY id" authorize_reply_query = "SELECT id, username, attribute, value, op FROM radreply WHERE username = '%{SQL-User-Name}' ORDER BY id" authorize_group_check_query = "SELECT id, groupname, attribute, Value, op FROM radgroupcheck WHERE groupname = '%{Sql-Group}' ORDER BY id" authorize_group_reply_query = "SELECT id, groupname, attribute, value, op FROM radgroupreply WHERE groupname = '%{Sql-Group}' ORDER BY id" accounting_onoff_query = " UPDATE radacct SET acctstoptime = '%S', acctsessiontime = unix_timestamp('%S') - unix_timestamp(acctstarttime), acctterminatecause = '%{Acct-Terminate-Cause}', acctstopdelay = %{%{Acct-Delay-Time}:-0} WHERE acctstoptime IS NULL AND nasipaddress = '%{NAS-IP-Address}' AND acctstarttime <= '%S'" accounting_update_query = " UPDATE radacct SET framedipaddress = '%{Framed-IP-Address}', acctsessiontime = '%{Acct-Session-Time}', acctinputoctets = '%{%{Acct-Input-Gigawords}:-0}' << 32 | '%{%{Acct-Input-Octets}:-0}', acctoutputoctets = '%{%{Acct-Output-Gigawords}:-0}' << 32 | '%{%{Acct-Output-Octets}:-0}' WHERE acctsessionid = '%{Acct-Session-Id}' AND username = '%{SQL-User-Name}' AND nasipaddress = '%{NAS-IP-Address}'" accounting_update_query_alt = " INSERT INTO radacct (acctsessionid, acctuniqueid, username, realm, nasipaddress, nasportid, nasporttype, acctstarttime, acctsessiontime, acctauthentic, connectinfo_start, acctinputoctets, acctoutputoctets, calledstationid, callingstationid, servicetype, framedprotocol, framedipaddress, acctstartdelay, xascendsessionsvrkey) VALUES ('%{Acct-Session-Id}', '%{Acct-Unique-Session-Id}', '%{SQL-User-Name}', '%{Realm}', '%{NAS-IP-Address}', '%{NAS-Port}', '%{NAS-Port-Type}', DATE_SUB('%S', INTERVAL (%{%{Acct-Session-Time}:-0} + %{%{Acct-Delay-Time}:-0}) SECOND), '%{Acct-Session-Time}', '%{Acct-Authentic}', '', '%{%{Acct-Input-Gigawords}:-0}' << 32 | '%{%{Acct-Input-Octets}:-0}', '%{%{Acct-Output-Gigawords}:-0}' << 32 | '%{%{Acct-Output-Octets}:-0}', '%{Called-Station-Id}', '%{Calling-Station-Id}', '%{Service-Type}', '%{Framed-Protocol}', '%{Framed-IP-Address}', '0', '%{X-Ascend-Session-Svr-Key}')" accounting_start_query = " INSERT INTO radacct (acctsessionid, acctuniqueid, username, realm, nasipaddress, nasportid, nasporttype, acctstarttime, acctstoptime, acctsessiontime, acctauthentic, connectinfo_start, connectinfo_stop, acctinputoctets, acctoutputoctets, calledstationid, callingstationid, acctterminatecause, servicetype, framedprotocol, framedipaddress, acctstartdelay, acctstopdelay, xascendsessionsvrkey) VALUES ('%{Acct-Session-Id}', '%{Acct-Unique-Session-Id}', '%{SQL-User-Name}', '%{Realm}', '%{NAS-IP-Address}', '%{NAS-Port}', '%{NAS-Port-Type}', '%S', NULL, '0', '%{Acct-Authentic}', '%{Connect-Info}', '', '0', '0', '%{Called-Station-Id}', '%{Calling-Station-Id}', '', '%{Service-Type}', '%{Framed-Protocol}', '%{Framed-IP-Address}', '%{%{Acct-Delay-Time}:-0}', '0', '%{X-Ascend-Session-Svr-Key}')" accounting_start_query_alt = " UPDATE radacct SET acctstarttime = '%S', acctstartdelay = '%{%{Acct-Delay-Time}:-0}', connectinfo_start = '%{Connect-Info}' WHERE acctsessionid = '%{Acct-Session-Id}' AND username = '%{SQL-User-Name}' AND nasipaddress = '%{NAS-IP-Address}'" accounting_stop_query = " UPDATE radacct SET acctstoptime = '%S', acctsessiontime = '%{Acct-Session-Time}', acctinputoctets = '%{%{Acct-Input-Gigawords}:-0}' << 32 | '%{%{Acct-Input-Octets}:-0}', acctoutputoctets = '%{%{Acct-Output-Gigawords}:-0}' << 32 | '%{%{Acct-Output-Octets}:-0}', acctterminatecause = '%{Acct-Terminate-Cause}', acctstopdelay = '%{%{Acct-Delay-Time}:-0}', connectinfo_stop = '%{Connect-Info}' WHERE acctsessionid = '%{Acct-Session-Id}' AND username = '%{SQL-User-Name}' AND nasipaddress = '%{NAS-IP-Address}'" accounting_stop_query_alt = " INSERT INTO radacct (acctsessionid, acctuniqueid, username, realm, nasipaddress, nasportid, nasporttype, acctstarttime, acctstoptime, acctsessiontime, acctauthentic, connectinfo_start, connectinfo_stop, acctinputoctets, acctoutputoctets, calledstationid, callingstationid, acctterminatecause, servicetype, framedprotocol, framedipaddress, acctstartdelay, acctstopdelay) VALUES ('%{Acct-Session-Id}', '%{Acct-Unique-Session-Id}', '%{SQL-User-Name}', '%{Realm}', '%{NAS-IP-Address}', '%{NAS-Port}', '%{NAS-Port-Type}', DATE_SUB('%S', INTERVAL (%{%{Acct-Session-Time}:-0} + %{%{Acct-Delay-Time}:-0}) SECOND), '%S', '%{Acct-Session-Time}', '%{Acct-Authentic}', '', '%{Connect-Info}', '%{%{Acct-Input-Gigawords}:-0}' << 32 | '%{%{Acct-Input-Octets}:-0}', '%{%{Acct-Output-Gigawords}:-0}' << 32 | '%{%{Acct-Output-Octets}:-0}', '%{Called-Station-Id}', '%{Calling-Station-Id}', '%{Acct-Terminate-Cause}', '%{Service-Type}', '%{Framed-Protocol}', '%{Framed-IP-Address}', '0', '%{%{Acct-Delay-Time}:-0}')" group_membership_query = "SELECT groupname FROM radusergroup WHERE username = '%{SQL-User-Name}' ORDER BY priority" connect_failure_retry_delay = 6 simul_count_query = "" simul_verify_query = "SELECT radacctid, acctsessionid, username, nasipaddress, nasportid, framedipaddress, callingstationid, framedprotocol FROM radacct WHERE username = '%{SQL-User-Name}' AND acctstoptime IS NULL" postauth_query = "INSERT INTO radpostauth (username, pass, reply, authdate) VALUES ( '%{User-Name}', '%{%{User-Password}:-%{Chap-Password}}', '%{reply:Packet-Type}', '%S')" safe-characters = "@abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789.-_: /" } rlm_sql (sql): Driver rlm_sql_mysql (module rlm_sql_mysql) loaded and linked rlm_sql (sql): Attempting to connect to radius@localhost:3306/radius rlm_sql (sql): starting 0 rlm_sql (sql): Attempting to connect rlm_sql_mysql #0 rlm_sql_mysql: Starting connect to MySQL server for #0 rlm_sql (sql): Connected new DB handle, #0 rlm_sql (sql): starting 1 rlm_sql (sql): Attempting to connect rlm_sql_mysql #1 rlm_sql_mysql: Starting connect to MySQL server for #1 rlm_sql (sql): Connected new DB handle, #1 rlm_sql (sql): starting 2 rlm_sql (sql): Attempting to connect rlm_sql_mysql #2 rlm_sql_mysql: Starting connect to MySQL server for #2 rlm_sql (sql): Connected new DB handle, #2 rlm_sql (sql): starting 3 rlm_sql (sql): Attempting to connect rlm_sql_mysql #3 rlm_sql_mysql: Starting connect to MySQL server for #3 rlm_sql (sql): Connected new DB handle, #3 rlm_sql (sql): starting 4 rlm_sql (sql): Attempting to connect rlm_sql_mysql #4 rlm_sql_mysql: Starting connect to MySQL server for #4 rlm_sql (sql): Connected new DB handle, #4 } radiusd: #### Loading Virtual Servers #### server inner-tunnel { # from file /usr/local/synoradius/rad_site_inn_local modules { Module: Checking authenticate {...} for more modules to load Module: Linked to module rlm_pap Module: Instantiating module "pap" from file /var/packages/RadiusServer/target//etc/raddb/modules/pap pap { encryption_scheme = "auto" auto_header = no } Module: Linked to module rlm_chap Module: Instantiating module "chap" from file /var/packages/RadiusServer/target//etc/raddb/modules/chap Module: Linked to module rlm_mschap Module: Instantiating module "mschap" from file /var/packages/RadiusServer/target//etc/raddb/modules/mschap mschap { use_mppe = yes require_encryption = no require_strong = no with_ntdomain_hack = yes } Module: Linked to module rlm_unix Module: Instantiating module "unix" from file /var/packages/RadiusServer/target//etc/raddb/modules/unix unix { radwtmp = "/var/packages/RadiusServer/target//var/log/radius/radwtmp" } Module: Linked to module rlm_eap Module: Instantiating module "eap" from file /var/packages/RadiusServer/target//etc/raddb/eap.conf eap { default_eap_type = "mschapv2" timer_expire = 60 ignore_unknown_eap_types = no cisco_accounting_username_bug = no max_sessions = 4096 } Module: Linked to sub-module rlm_eap_md5 Module: Instantiating eap-md5 Module: Linked to sub-module rlm_eap_leap Module: Instantiating eap-leap Module: Linked to sub-module rlm_eap_gtc Module: Instantiating eap-gtc gtc { challenge = "Password: " auth_type = "PAP" } Module: Linked to sub-module rlm_eap_tls Module: Instantiating eap-tls tls { rsa_key_exchange = no dh_key_exchange = yes rsa_key_length = 512 dh_key_length = 512 verify_depth = 0 CA_path = "/usr/syno/etc/ssl/ssl.crt" pem_file_type = yes private_key_file = "/usr/syno/etc/ssl/ssl.key/server.key" certificate_file = "/usr/syno/etc/ssl/ssl.crt/server.crt" CA_file = "/usr/syno/etc/ssl/ssl.crt/ca.crt" private_key_password = "12345" dh_file = "/var/packages/RadiusServer/target//etc/raddb/certs/dh" random_file = "/var/packages/RadiusServer/target//etc/raddb/certs/random" fragment_size = 1024 include_length = yes check_crl = no cipher_list = "DEFAULT" verify { } } Module: Linked to sub-module rlm_eap_ttls Module: Instantiating eap-ttls ttls { default_eap_type = "mschapv2" copy_request_to_tunnel = no use_tunneled_reply = no virtual_server = "inner-tunnel" include_length = yes } Module: Linked to sub-module rlm_eap_peap Module: Instantiating eap-peap peap { default_eap_type = "mschapv2" copy_request_to_tunnel = no use_tunneled_reply = no proxy_tunneled_request_as_eap = yes virtual_server = "inner-tunnel" } Module: Linked to sub-module rlm_eap_mschapv2 Module: Instantiating eap-mschapv2 mschapv2 { with_ntdomain_hack = no } Module: Checking authorize {...} for more modules to load Module: Linked to module rlm_realm Module: Instantiating module "suffix" from file /var/packages/RadiusServer/target//etc/raddb/modules/realm realm suffix { format = "suffix" delimiter = "@" ignore_default = no ignore_null = no } Module: Linked to module rlm_files Module: Instantiating module "files" from file /var/packages/RadiusServer/target//etc/raddb/modules/files files { usersfile = "/var/packages/RadiusServer/target//etc/raddb/users" acctusersfile = "/var/packages/RadiusServer/target//etc/raddb/acct_users" preproxy_usersfile = "/var/packages/RadiusServer/target//etc/raddb/preproxy_users" compat = "no" } Module: Linked to module rlm_passwd Module: Instantiating module "smbpasswd" from file /var/packages/RadiusServer/target//etc/raddb/modules/smbpasswd passwd smbpasswd { filename = "/usr/syno/etc/private/smbpasswd" format = "*User-Name::LM-Password:NT-Password:SMB-Account-CTRL-TEXT::" delimiter = ":" ignorenislike = no ignoreempty = yes allowmultiplekeys = no hashsize = 100 } rlm_passwd: nfields: 7 keyfield 0(User-Name) listable: no Module: Checking session {...} for more modules to load Module: Linked to module rlm_radutmp Module: Instantiating module "radutmp" from file /var/packages/RadiusServer/target//etc/raddb/modules/radutmp radutmp { filename = "/var/packages/RadiusServer/target//var/log/radius/radutmp" username = "%{User-Name}" case_sensitive = yes check_with_nas = yes perm = 384 callerid = yes } Module: Checking post-proxy {...} for more modules to load Module: Checking post-auth {...} for more modules to load Module: Linked to module rlm_attr_filter Module: Instantiating module "attr_filter.access_reject" from file /var/packages/RadiusServer/target//etc/raddb/modules/attr_filter attr_filter attr_filter.access_reject { attrsfile = "/var/packages/RadiusServer/target//etc/raddb/attrs.access_reject" key = "%{User-Name}" } } # modules } # server server { # from file /var/packages/RadiusServer/target//etc/raddb/radiusd.conf modules { Module: Checking authenticate {...} for more modules to load Module: Linked to module rlm_digest Module: Instantiating module "digest" from file /var/packages/RadiusServer/target//etc/raddb/modules/digest Module: Checking authorize {...} for more modules to load Module: Linked to module rlm_preprocess Module: Instantiating module "preprocess" from file /var/packages/RadiusServer/target//etc/raddb/modules/preprocess preprocess { huntgroups = "/var/packages/RadiusServer/target//etc/raddb/huntgroups" hints = "/var/packages/RadiusServer/target//etc/raddb/hints" with_ascend_hack = no ascend_channels_per_line = 23 with_ntdomain_hack = no with_specialix_jetstream_hack = no with_cisco_vsa_hack = no with_alvarion_vsa_hack = no } Module: Linked to module rlm_sqlcounter Module: Instantiating module "noresetcounter" from file /var/packages/RadiusServer/target//etc/raddb/counter.conf sqlcounter noresetcounter { counter-name = "Max-All-Session-Time" check-name = "Max-All-Session" key = "User-Name" sqlmod-inst = "sql" query = "SELECT IFNULL(SUM(AcctSessionTime),0) FROM radacct WHERE UserName='%{%k}'" reset = "never" safe-characters = "@abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789.-_: /" } rlm_sqlcounter: Reply attribute set to Session-Timeout. rlm_sqlcounter: Counter attribute Max-All-Session-Time is number 11273 rlm_sqlcounter: Check attribute Max-All-Session is number 11274 rlm_sqlcounter: Current Time: 1376339087 [2013-08-12 23:24:47], Next reset 0 [2013-08-12 23:00:00] rlm_sqlcounter: Current Time: 1376339087 [2013-08-12 23:24:47], Prev reset 0 [2013-08-12 23:00:00] Module: Instantiating module "dailycounter" from file /var/packages/RadiusServer/target//etc/raddb/counter.conf sqlcounter dailycounter { counter-name = "Daily-Session-Time" check-name = "Max-Daily-Session" reply-name = "Session-Timeout" key = "User-Name" sqlmod-inst = "sql" query = "SELECT SUM(acctsessiontime - GREATEST((%b - UNIX_TIMESTAMP(acctstarttime)), 0)) FROM radacct WHERE username = '%{%k}' AND UNIX_TIMESTAMP(acctstarttime) + acctsessiontime > '%b'" reset = "daily" safe-characters = "@abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789.-_: /" } rlm_sqlcounter: Reply attribute Session-Timeout is number 27 rlm_sqlcounter: Counter attribute Daily-Session-Time is number 11275 rlm_sqlcounter: Check attribute Max-Daily-Session is number 11276 rlm_sqlcounter: Current Time: 1376339087 [2013-08-12 23:24:47], Next reset 1376341200 [2013-08-13 00:00:00] rlm_sqlcounter: Current Time: 1376339087 [2013-08-12 23:24:47], Prev reset 1376254800 [2013-08-12 00:00:00] Module: Instantiating module "monthlycounter" from file /var/packages/RadiusServer/target//etc/raddb/counter.conf sqlcounter monthlycounter { counter-name = "Monthly-Session-Time" check-name = "Max-Monthly-Session" reply-name = "Session-Timeout" key = "User-Name" sqlmod-inst = "sql" query = "SELECT SUM(acctsessiontime - GREATEST((%b - UNIX_TIMESTAMP(acctstarttime)), 0)) FROM radacct WHERE username='%{%k}' AND UNIX_TIMESTAMP(acctstarttime) + acctsessiontime > '%b'" reset = "monthly" safe-characters = "@abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789.-_: /" } rlm_sqlcounter: Reply attribute Session-Timeout is number 27 rlm_sqlcounter: Counter attribute Monthly-Session-Time is number 11277 rlm_sqlcounter: Check attribute Max-Monthly-Session is number 11278 rlm_sqlcounter: Current Time: 1376339087 [2013-08-12 23:24:47], Next reset 1377982800 [2013-09-01 00:00:00] rlm_sqlcounter: Current Time: 1376339087 [2013-08-12 23:24:47], Prev reset 1375304400 [2013-08-01 00:00:00] Module: Checking preacct {...} for more modules to load Module: Linked to module rlm_acct_unique Module: Instantiating module "acct_unique" from file /var/packages/RadiusServer/target//etc/raddb/modules/acct_unique acct_unique { key = "User-Name, Acct-Session-Id, NAS-IP-Address, Client-IP-Address, NAS-Port" } Module: Checking accounting {...} for more modules to load Module: Linked to module rlm_detail Module: Instantiating module "detail" from file /var/packages/RadiusServer/target//etc/raddb/modules/detail detail { detailfile = "/var/packages/RadiusServer/target//var/log/radius/radacct/%{Client-IP-Address}/detail-%Y%m%d" header = "%t" detailperm = 384 dirperm = 493 locking = no log_packet_header = no } Module: Instantiating module "attr_filter.accounting_response" from file /var/packages/RadiusServer/target//etc/raddb/modules/attr_filter attr_filter attr_filter.accounting_response { attrsfile = "/var/packages/RadiusServer/target//etc/raddb/attrs.accounting_response" key = "%{User-Name}" } Module: Checking session {...} for more modules to load Module: Checking post-proxy {...} for more modules to load Module: Checking post-auth {...} for more modules to load } # modules } # server radiusd: #### Opening IP addresses and Ports #### listen { type = "auth" ipaddr = 192.168.178.24 port = 1812 } listen { type = "auth" ipaddr = 127.0.0.1 port = 1812 } listen { type = "auth" ipaddr = 10.8.0.1 port = 1812 } listen { type = "control" listen { socket = "/var/packages/RadiusServer/target//var/run/radiusd/radiusd.sock" } } listen { type = "auth" ipaddr = 127.0.0.1 port = 18120 } Listening on authentication address 192.168.178.24 port 1812 Listening on authentication address 127.0.0.1 port 1812 Listening on authentication address 10.8.0.1 port 1812 Listening on command file /var/packages/RadiusServer/target//var/run/radiusd/radiusd.sock Listening on authentication address 127.0.0.1 port 18120 as server inner-tunnel Ready to process requests. rad_recv: Access-Request packet from host 192.168.178.25 port 32888, id=2, length=148 User-Name = "tee" NAS-IP-Address = 0.0.0.0 Called-Station-Id = "7C-4F-B5-FE-BD-14:SEHR_GEHEIM" Calling-Station-Id = "14-89-FD-DA-ED-19" NAS-Identifier = "BOSS-SYNOLOGY" NAS-Port = 29 Service-Type = Framed-User Framed-MTU = 1400 NAS-Port-Type = Wireless-802.11 EAP-Message = 0x0202000801746565 Message-Authenticator = 0xf59055370165c1ac3839db5f8195752c SYNOUserGet failed. [0x1D00 user_db_get.c:63] # Executing section authorize from file /usr/local/synoradius/rad_site_def_local +- entering group authorize {...} ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop ++[digest] returns noop [suffix] No '@' in User-Name = "tee", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop [eap] EAP packet type response id 2 length 8 [eap] No EAP Start, assuming it's an on-going EAP conversation ++[eap] returns updated ++[unix] returns notfound ++[smbpasswd] returns notfound ++[expiration] returns noop ++[logintime] returns noop [sql] expand: %{User-Name} -> tee [sql] sql_set_user escaped user --> 'tee' rlm_sql (sql): Reserving sql socket id: 4 [sql] expand: SELECT id, username, attribute, value, op FROM radcheck WHERE username = '%{SQL-User-Name}' ORDER BY id -> SELECT id, username, attribute, value, op FROM radcheck WHERE username = 'tee' ORDER BY id rlm_sql_mysql: query: SELECT id, username, attribute, value, op FROM radcheck WHERE username = 'tee' ORDER BY id [sql] User found in radcheck table [sql] expand: SELECT id, username, attribute, value, op FROM radreply WHERE username = '%{SQL-User-Name}' ORDER BY id -> SELECT id, username, attribute, value, op FROM radreply WHERE username = 'tee' ORDER BY id rlm_sql_mysql: query: SELECT id, username, attribute, value, op FROM radreply WHERE username = 'tee' ORDER BY id [sql] expand: SELECT groupname FROM radusergroup WHERE username = '%{SQL-User-Name}' ORDER BY priority -> SELECT groupname FROM radusergroup WHERE username = 'tee' ORDER BY priority rlm_sql_mysql: query: SELECT groupname FROM radusergroup WHERE username = 'tee' ORDER BY priority rlm_sql (sql): Released sql socket id: 4 ++[sql] returns ok rlm_sqlcounter: Entering module authorize code sqlcounter_expand: 'SELECT IFNULL(SUM(AcctSessionTime),0) FROM radacct WHERE UserName='%{User-Name}'' [noresetcounter] expand: SELECT IFNULL(SUM(AcctSessionTime),0) FROM radacct WHERE UserName='%{User-Name}' -> SELECT IFNULL(SUM(AcctSessionTime),0) FROM radacct WHERE UserName='tee' sqlcounter_expand: '%{sql:SELECT IFNULL(SUM(AcctSessionTime),0) FROM radacct WHERE UserName='tee'}' [noresetcounter] sql_xlat [noresetcounter] expand: %{User-Name} -> tee [noresetcounter] sql_set_user escaped user --> 'tee' [noresetcounter] expand: SELECT IFNULL(SUM(AcctSessionTime),0) FROM radacct WHERE UserName='tee' -> SELECT IFNULL(SUM(AcctSessionTime),0) FROM radacct WHERE UserName='tee' [noresetcounter] expand: /var/packages/RadiusServer/target//var/log/radius/sqltrace.sql -> /var/packages/RadiusServer/target//var/log/radius/sqltrace.sql rlm_sql (sql): Reserving sql socket id: 3 rlm_sql_mysql: query: SELECT IFNULL(SUM(AcctSessionTime),0) FROM radacct WHERE UserName='tee' [noresetcounter] sql_xlat finished rlm_sql (sql): Released sql socket id: 3 [noresetcounter] expand: %{sql:SELECT IFNULL(SUM(AcctSessionTime),0) FROM radacct WHERE UserName='tee'} -> 0 rlm_sqlcounter: Check item is greater than query result rlm_sqlcounter: Authorized user tee, check_item=10, counter=0 rlm_sqlcounter: Sent Reply-Item for user tee, Type=Session-Timeout, value=10 ++[noresetcounter] returns ok rlm_sqlcounter: Entering module authorize code rlm_sqlcounter: Could not find Check item value pair ++[dailycounter] returns noop rlm_sqlcounter: Entering module authorize code rlm_sqlcounter: Could not find Check item value pair ++[monthlycounter] returns noop [pap] WARNING: Auth-Type already set. Not setting to PAP ++[pap] returns noop Found Auth-Type = EAP # Executing group from file /usr/local/synoradius/rad_site_def_local +- entering group authenticate {...} [eap] EAP Identity [eap] processing type mschapv2 rlm_eap_mschapv2: Issuing Challenge ++[eap] returns handled Sending Access-Challenge of id 2 to 192.168.178.25 port 32888 Session-Timeout = 10 EAP-Message = 0x0103001d1a01030018102526be8601cef6396823d8998c0b6b83746565 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x80f6878580f59d56ed034e3134225de2 Finished request 0. Going to the next request Waking up in 4.9 seconds. rad_recv: Access-Request packet from host 192.168.178.25 port 32889, id=3, length=164 User-Name = "tee" NAS-IP-Address = 0.0.0.0 Called-Station-Id = "7C-4F-B5-FE-BD-14:SEHR_GEHEIM" Calling-Station-Id = "14-89-FD-DA-ED-19" NAS-Identifier = "BOSS-SYNOLOGY" NAS-Port = 29 Service-Type = Framed-User Framed-MTU = 1400 NAS-Port-Type = Wireless-802.11 State = 0x80f6878580f59d56ed034e3134225de2 EAP-Message = 0x020300060319 Message-Authenticator = 0xee84edb24a2bb9a12f35e3a403393663 SYNOUserGet failed. [0x1D00 user_db_get.c:63] # Executing section authorize from file /usr/local/synoradius/rad_site_def_local +- entering group authorize {...} ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop ++[digest] returns noop [suffix] No '@' in User-Name = "tee", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop [eap] EAP packet type response id 3 length 6 [eap] No EAP Start, assuming it's an on-going EAP conversation ++[eap] returns updated ++[unix] returns notfound ++[smbpasswd] returns notfound ++[expiration] returns noop ++[logintime] returns noop [sql] expand: %{User-Name} -> tee [sql] sql_set_user escaped user --> 'tee' rlm_sql (sql): Reserving sql socket id: 2 [sql] expand: SELECT id, username, attribute, value, op FROM radcheck WHERE username = '%{SQL-User-Name}' ORDER BY id -> SELECT id, username, attribute, value, op FROM radcheck WHERE username = 'tee' ORDER BY id rlm_sql_mysql: query: SELECT id, username, attribute, value, op FROM radcheck WHERE username = 'tee' ORDER BY id [sql] User found in radcheck table [sql] expand: SELECT id, username, attribute, value, op FROM radreply WHERE username = '%{SQL-User-Name}' ORDER BY id -> SELECT id, username, attribute, value, op FROM radreply WHERE username = 'tee' ORDER BY id rlm_sql_mysql: query: SELECT id, username, attribute, value, op FROM radreply WHERE username = 'tee' ORDER BY id [sql] expand: SELECT groupname FROM radusergroup WHERE username = '%{SQL-User-Name}' ORDER BY priority -> SELECT groupname FROM radusergroup WHERE username = 'tee' ORDER BY priority rlm_sql_mysql: query: SELECT groupname FROM radusergroup WHERE username = 'tee' ORDER BY priority rlm_sql (sql): Released sql socket id: 2 ++[sql] returns ok rlm_sqlcounter: Entering module authorize code sqlcounter_expand: 'SELECT IFNULL(SUM(AcctSessionTime),0) FROM radacct WHERE UserName='%{User-Name}'' [noresetcounter] expand: SELECT IFNULL(SUM(AcctSessionTime),0) FROM radacct WHERE UserName='%{User-Name}' -> SELECT IFNULL(SUM(AcctSessionTime),0) FROM radacct WHERE UserName='tee' sqlcounter_expand: '%{sql:SELECT IFNULL(SUM(AcctSessionTime),0) FROM radacct WHERE UserName='tee'}' [noresetcounter] sql_xlat [noresetcounter] expand: %{User-Name} -> tee [noresetcounter] sql_set_user escaped user --> 'tee' [noresetcounter] expand: SELECT IFNULL(SUM(AcctSessionTime),0) FROM radacct WHERE UserName='tee' -> SELECT IFNULL(SUM(AcctSessionTime),0) FROM radacct WHERE UserName='tee' [noresetcounter] expand: /var/packages/RadiusServer/target//var/log/radius/sqltrace.sql -> /var/packages/RadiusServer/target//var/log/radius/sqltrace.sql rlm_sql (sql): Reserving sql socket id: 1 rlm_sql_mysql: query: SELECT IFNULL(SUM(AcctSessionTime),0) FROM radacct WHERE UserName='tee' [noresetcounter] sql_xlat finished rlm_sql (sql): Released sql socket id: 1 [noresetcounter] expand: %{sql:SELECT IFNULL(SUM(AcctSessionTime),0) FROM radacct WHERE UserName='tee'} -> 0 rlm_sqlcounter: Check item is greater than query result rlm_sqlcounter: Authorized user tee, check_item=10, counter=0 rlm_sqlcounter: Sent Reply-Item for user tee, Type=Session-Timeout, value=10 ++[noresetcounter] returns ok rlm_sqlcounter: Entering module authorize code rlm_sqlcounter: Could not find Check item value pair ++[dailycounter] returns noop rlm_sqlcounter: Entering module authorize code rlm_sqlcounter: Could not find Check item value pair ++[monthlycounter] returns noop [pap] WARNING: Auth-Type already set. Not setting to PAP ++[pap] returns noop Found Auth-Type = EAP # Executing group from file /usr/local/synoradius/rad_site_def_local +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP NAK [eap] EAP-NAK asked for EAP-Type/peap [eap] processing type tls [tls] Initiate [tls] Start returned 1 ++[eap] returns handled Sending Access-Challenge of id 3 to 192.168.178.25 port 32889 Session-Timeout = 10 EAP-Message = 0x010400061920 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x80f6878581f29e56ed034e3134225de2 Finished request 1. Going to the next request Waking up in 4.9 seconds. rad_recv: Access-Request packet from host 192.168.178.25 port 32890, id=4, length=358 User-Name = "tee" NAS-IP-Address = 0.0.0.0 Called-Station-Id = "7C-4F-B5-FE-BD-14:SEHR_GEHEIM" Calling-Station-Id = "14-89-FD-DA-ED-19" NAS-Identifier = "BOSS-SYNOLOGY" NAS-Port = 29 Service-Type = Framed-User Framed-MTU = 1400 NAS-Port-Type = Wireless-802.11 State = 0x80f6878581f29e56ed034e3134225de2 EAP-Message = 0x020400c81980000000be16030100b9010000b503015209453a90c3ad1dc68b3867c87da1c17aca3b3104bd3f8411b2f706669db885000048c014c00a00390038c00fc0050035c012c00800160013c00dc003000ac013c00900330032c00ec004002fc011c007c00cc002000500040015001200090014001100080006000300ff01000044000b000403000102000a00340032000100020003000400050006000700080009000a000b000c000d000e000f001000110012001300140015001600170018001900230000 Message-Authenticator = 0xa061bb8038b36017614af4150749eb45 SYNOUserGet failed. [0x1D00 user_db_get.c:63] # Executing section authorize from file /usr/local/synoradius/rad_site_def_local +- entering group authorize {...} ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop ++[digest] returns noop [suffix] No '@' in User-Name = "tee", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop [eap] EAP packet type response id 4 length 200 [eap] Continuing tunnel setup. ++[eap] returns ok Found Auth-Type = EAP # Executing group from file /usr/local/synoradius/rad_site_def_local +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/peap [eap] processing type peap [peap] processing EAP-TLS TLS Length 190 [peap] Length Included [peap] eaptls_verify returned 11 [peap] (other): before/accept initialization [peap] TLS_accept: before/accept initialization [peap] <<< TLS 1.0 Handshake [length 00b9], ClientHello [peap] TLS_accept: SSLv3 read client hello A [peap] >>> TLS 1.0 Handshake [length 0031], ServerHello [peap] TLS_accept: SSLv3 write server hello A [peap] >>> TLS 1.0 Handshake [length 068d], Certificate [peap] TLS_accept: SSLv3 write certificate A [peap] >>> TLS 1.0 Handshake [length 018d], ServerKeyExchange [peap] TLS_accept: SSLv3 write key exchange A [peap] >>> TLS 1.0 Handshake [length 0004], ServerHelloDone [peap] TLS_accept: SSLv3 write server done A [peap] TLS_accept: SSLv3 flush data [peap] TLS_accept: Need to read more data: SSLv3 read client certificate A In SSL Handshake Phase In SSL Accept mode [peap] eaptls_process returned 13 [peap] EAPTLS_HANDLED ++[eap] returns handled Sending Access-Challenge of id 4 to 192.168.178.25 port 32890 EAP-Message = 0x0105040019c00000086316030100310200002d0301520944b6b2e68061e8cb6e0810d75b046a7fc240531e641cc6ca21bd7fe212ae000039000005ff01000100160301068d0b00068900068600032f3082032b30820294a00302010202051132211a60300d06092a864886f70d01010505003081a7310b3009060355040613025457310f300d0603550408130654616977616e310f300d0603550407130654616970656931163014060355040a130d53796e6f6c6f677920496e632e311e301c060355040b1315436572746966696361746520417574686f72697479311930170603550403131053796e6f6c6f677920496e632e204341312330210609 EAP-Message = 0x2a864886f70d010901161470726f647563744073796e6f6c6f67792e636f6d301e170d3133303733313136313431335a170d3333303431373136313431335a308196310b3009060355040613025457310f300d0603550408130654616977616e310f300d0603550407130654616970656931163014060355040a130d53796e6f6c6f677920496e632e3111300f060355040b1308465450205465616d311530130603550403130c73796e6f6c6f67792e636f6d3123302106092a864886f70d010901161470726f647563744073796e6f6c6f67792e636f6d30819f300d06092a864886f70d010101050003818d0030818902818100cb8bd49b3ff39917 EAP-Message = 0x1a0e21017d6b4d5c453d099ea419d8b6936d113e108f35aa2479645bd2b9c1f41759efd7c4386c4db0a2931e9d55d3bb8592c9861a56eca4080d40ba4b1854f9d754d076c1a73293c1f80ef990d1c4f115a9a3b2911f16af46cb894772f166323ae0b863d88a1b2a234c5f94ce518875b461fab3ee875a850203010001a3723070301f0603551d1104183016811470726f647563744073796e6f6c6f67792e636f6d303a06096086480186f842010d042d162b6d6f645f73736c2067656e65726174656420637573746f6d20736572766572206365727469666963617465301106096086480186f8420101040403020640300d06092a864886f70d0101 EAP-Message = 0x050500038181009215bcd8253932c648f6a14119b66f48438125886dcbc96eeee7b4cb3e56389c9b6ff5932a9b184e913aacc14408d82f7fe5eb371080139aa50d28326d4bd535f95bb3fd2de3dcb48a9b0d1a7c341e803bf4a76250883d716dca25f0821889a9363896f788462613e51e705dc112cfbb830d4f2b4a92939fa38a47d5c08ed6070003513082034d308202b6a0030201020209009fd19fa01a036ca5300d06092a864886f70d01010505003081a7310b3009060355040613025457310f300d0603550408130654616977616e310f300d0603550407130654616970656931163014060355040a130d53796e6f6c6f677920496e632e311e EAP-Message = 0x301c060355040b1315436572 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x80f6878582f39e56ed034e3134225de2 Finished request 2. Going to the next request Waking up in 4.9 seconds. rad_recv: Access-Request packet from host 192.168.178.25 port 32891, id=5, length=164 User-Name = "tee" NAS-IP-Address = 0.0.0.0 Called-Station-Id = "7C-4F-B5-FE-BD-14:SEHR_GEHEIM" Calling-Station-Id = "14-89-FD-DA-ED-19" NAS-Identifier = "BOSS-SYNOLOGY" NAS-Port = 29 Service-Type = Framed-User Framed-MTU = 1400 NAS-Port-Type = Wireless-802.11 State = 0x80f6878582f39e56ed034e3134225de2 EAP-Message = 0x020500061900 Message-Authenticator = 0xafa2dd19e749573ebea82436d5b89cad SYNOUserGet failed. [0x1D00 user_db_get.c:63] # Executing section authorize from file /usr/local/synoradius/rad_site_def_local +- entering group authorize {...} ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop ++[digest] returns noop [suffix] No '@' in User-Name = "tee", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop [eap] EAP packet type response id 5 length 6 [eap] Continuing tunnel setup. ++[eap] returns ok Found Auth-Type = EAP # Executing group from file /usr/local/synoradius/rad_site_def_local +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/peap [eap] processing type peap [peap] processing EAP-TLS [peap] Received TLS ACK [peap] ACK handshake fragment handler [peap] eaptls_verify returned 1 [peap] eaptls_process returned 13 [peap] EAPTLS_HANDLED ++[eap] returns handled Sending Access-Challenge of id 5 to 192.168.178.25 port 32891 EAP-Message = 0x010603fc1940746966696361746520417574686f72697479311930170603550403131053796e6f6c6f677920496e632e2043413123302106092a864886f70d010901161470726f647563744073796e6f6c6f67792e636f6d301e170d3133303733313136313431325a170d3333303431373136313431325a3081a7310b3009060355040613025457310f300d0603550408130654616977616e310f300d0603550407130654616970656931163014060355040a130d53796e6f6c6f677920496e632e311e301c060355040b1315436572746966696361746520417574686f72697479311930170603550403131053796e6f6c6f677920496e632e204341 EAP-Message = 0x3123302106092a864886f70d010901161470726f647563744073796e6f6c6f67792e636f6d30819f300d06092a864886f70d010101050003818d0030818902818100b5b133c2343ee72c325b5567566e16984e3ad4f964f71d5c676cada2e7a55a8957fd5aa30f7647f72d58206bfd7f13d65be2f1252a12a8dbfa999bc4bfced5676e0604bce97bc997c7c464be66d45af768e05e44dd0f03d4f6e53031c14e078637e764e161ac6b2f90047b7afa8c277c9520ae95491517d552aca0841f3215b10203010001a37f307d301f0603551d1104183016811470726f647563744073796e6f6c6f67792e636f6d300f0603551d13040830060101ff020100 EAP-Message = 0x303606096086480186f842010d042916276d6f645f73736c2067656e65726174656420637573746f6d204341206365727469666963617465301106096086480186f8420101040403020204300d06092a864886f70d0101050500038181002456f5d7e49a3cf41f5cd5b7f785e9880ad4748e80a614f20b311b44b38e3473b057088573cf4c4b4a78c0447b290964bf09c31f9f7aba5135f3afec170ebd75d978971ede94fd8790ab4e1cf34044f6e5b81cf3d50043195de029497756df668ab2f30b9eb59b32eaddd5cc8ac37e0dafdf87c13f976a1d9557e56f1e703315160301018d0c0001890080ba686466df6626c54cb03b6bbb2eb1522c8d2c8b EAP-Message = 0xcdec316e5dceff84790a957f998ba7f1f109022e0e0c1f488cf51205d0d52a037fd93eb516aa86077df28d768f06c9a5538c860e17447be3d586bd2eba6930a1f07bd0b6abf3411783100e25d2b072097153a03081a6ced3e1ba10949d76a45c7e45f7a21ffe9ebc356bf2db00010200806b20fdffec6f7616b1ac0792a9ee1f111049b7f8071650e56d23fcdd7f3415fc04dc2f5be34de147b3b0ac318d0417ffe53e92f66712f1cafcebe3f1393b90563d5efd20a07ce8bc537cb002dd9ecc8d8cc638d0e4f489af364445e2dabee94c19213b4b64a28ce00d2ef4e6b73a50635d7287f0a7320a8ca7c1d5e244f8d72e00803f5fca5ed430815840c6 EAP-Message = 0xca51c8a72b134129 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x80f6878583f09e56ed034e3134225de2 Finished request 3. Going to the next request Waking up in 4.8 seconds. rad_recv: Access-Request packet from host 192.168.178.25 port 32892, id=6, length=164 User-Name = "tee" NAS-IP-Address = 0.0.0.0 Called-Station-Id = "7C-4F-B5-FE-BD-14:SEHR_GEHEIM" Calling-Station-Id = "14-89-FD-DA-ED-19" NAS-Identifier = "BOSS-SYNOLOGY" NAS-Port = 29 Service-Type = Framed-User Framed-MTU = 1400 NAS-Port-Type = Wireless-802.11 State = 0x80f6878583f09e56ed034e3134225de2 EAP-Message = 0x020600061900 Message-Authenticator = 0xad5cb37a135449788276514fb81fb9fd SYNOUserGet failed. [0x1D00 user_db_get.c:63] # Executing section authorize from file /usr/local/synoradius/rad_site_def_local +- entering group authorize {...} ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop ++[digest] returns noop [suffix] No '@' in User-Name = "tee", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop [eap] EAP packet type response id 6 length 6 [eap] Continuing tunnel setup. ++[eap] returns ok Found Auth-Type = EAP # Executing group from file /usr/local/synoradius/rad_site_def_local +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/peap [eap] processing type peap [peap] processing EAP-TLS [peap] Received TLS ACK [peap] ACK handshake fragment handler [peap] eaptls_verify returned 1 [peap] eaptls_process returned 13 [peap] EAPTLS_HANDLED ++[eap] returns handled Sending Access-Challenge of id 6 to 192.168.178.25 port 32892 EAP-Message = 0x0107007d19005de838683537a84f610da2c4f9a1369bd6e9ca9fd0aa2b44cd7d84186e925f4c2db27fb7d62b54caa6830c26a0160954a854648dc84a6205ad79d9cceafae9732b8d41d72935baeff7ce5c37dc82b4574ffe9cca9d7c460e1a15badc88c75a6d43f843c3108256f4ade50967559816030100040e000000 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x80f6878584f19e56ed034e3134225de2 Finished request 4. Going to the next request Waking up in 4.8 seconds. rad_recv: Access-Request packet from host 192.168.178.25 port 32893, id=7, length=366 User-Name = "tee" NAS-IP-Address = 0.0.0.0 Called-Station-Id = "7C-4F-B5-FE-BD-14:SEHR_GEHEIM" Calling-Station-Id = "14-89-FD-DA-ED-19" NAS-Identifier = "BOSS-SYNOLOGY" NAS-Port = 29 Service-Type = Framed-User Framed-MTU = 1400 NAS-Port-Type = Wireless-802.11 State = 0x80f6878584f19e56ed034e3134225de2 EAP-Message = 0x020700d01980000000c616030100861000008200808bdd91a9487dccff09234e723cee7ba21725e2a670592009c304699865f930e253859f4b20ba934f14dda2549b720816e2b91162a41e36ed46e0a1959e7072400110121bfee72de20d31145db146f527147ebecd9c1f454c025b5d023b689ab64afba2ad9f20924f18a392ebaf2c0a5130b5f9fa444c25f817f7ecfa4972f192140301000101160301003060d9a90b7ed3fd213a43238d564c566728df397a55a7eee655ddb648c1740bd72181631eb7261cc0eceb52424e8fbfc8 Message-Authenticator = 0x256730f0831061eae27cb1af7157bfe9 SYNOUserGet failed. [0x1D00 user_db_get.c:63] # Executing section authorize from file /usr/local/synoradius/rad_site_def_local +- entering group authorize {...} ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop ++[digest] returns noop [suffix] No '@' in User-Name = "tee", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop [eap] EAP packet type response id 7 length 208 [eap] Continuing tunnel setup. ++[eap] returns ok Found Auth-Type = EAP # Executing group from file /usr/local/synoradius/rad_site_def_local +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/peap [eap] processing type peap [peap] processing EAP-TLS TLS Length 198 [peap] Length Included [peap] eaptls_verify returned 11 [peap] <<< TLS 1.0 Handshake [length 0086], ClientKeyExchange [peap] TLS_accept: SSLv3 read client key exchange A [peap] <<< TLS 1.0 ChangeCipherSpec [length 0001] [peap] <<< TLS 1.0 Handshake [length 0010], Finished [peap] TLS_accept: SSLv3 read finished A [peap] >>> TLS 1.0 ChangeCipherSpec [length 0001] [peap] TLS_accept: SSLv3 write change cipher spec A [peap] >>> TLS 1.0 Handshake [length 0010], Finished [peap] TLS_accept: SSLv3 write finished A [peap] TLS_accept: SSLv3 flush data [peap] (other): SSL negotiation finished successfully SSL Connection Established [peap] eaptls_process returned 13 [peap] EAPTLS_HANDLED ++[eap] returns handled Sending Access-Challenge of id 7 to 192.168.178.25 port 32893 EAP-Message = 0x0108004119001403010001011603010030b8d1cdfe3b2fe4ea114acf6db4bc356e3985ce457b3a1149c84cbfcb02ac65bc4d33d0eb2f8a6e950401633ce4600303 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x80f6878585fe9e56ed034e3134225de2 Finished request 5. Going to the next request Waking up in 4.7 seconds. rad_recv: Access-Request packet from host 192.168.178.25 port 32894, id=8, length=164 User-Name = "tee" NAS-IP-Address = 0.0.0.0 Called-Station-Id = "7C-4F-B5-FE-BD-14:SEHR_GEHEIM" Calling-Station-Id = "14-89-FD-DA-ED-19" NAS-Identifier = "BOSS-SYNOLOGY" NAS-Port = 29 Service-Type = Framed-User Framed-MTU = 1400 NAS-Port-Type = Wireless-802.11 State = 0x80f6878585fe9e56ed034e3134225de2 EAP-Message = 0x020800061900 Message-Authenticator = 0xd8b885a775bd422295146389e760a062 SYNOUserGet failed. [0x1D00 user_db_get.c:63] # Executing section authorize from file /usr/local/synoradius/rad_site_def_local +- entering group authorize {...} ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop ++[digest] returns noop [suffix] No '@' in User-Name = "tee", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop [eap] EAP packet type response id 8 length 6 [eap] Continuing tunnel setup. ++[eap] returns ok Found Auth-Type = EAP # Executing group from file /usr/local/synoradius/rad_site_def_local +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/peap [eap] processing type peap [peap] processing EAP-TLS [peap] Received TLS ACK [peap] ACK handshake is finished [peap] eaptls_verify returned 3 [peap] eaptls_process returned 3 [peap] EAPTLS_SUCCESS [peap] Session established. Decoding tunneled attributes. [peap] Peap state TUNNEL ESTABLISHED ++[eap] returns handled Sending Access-Challenge of id 8 to 192.168.178.25 port 32894 EAP-Message = 0x0109002b190017030100200fd631ca65f225634251679efe7524102e6ad544f576ef00a2f996ac9c4dad67 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x80f6878586ff9e56ed034e3134225de2 Finished request 6. Going to the next request Waking up in 4.7 seconds. rad_recv: Access-Request packet from host 192.168.178.25 port 32895, id=9, length=238 User-Name = "tee" NAS-IP-Address = 0.0.0.0 Called-Station-Id = "7C-4F-B5-FE-BD-14:SEHR_GEHEIM" Calling-Station-Id = "14-89-FD-DA-ED-19" NAS-Identifier = "BOSS-SYNOLOGY" NAS-Port = 29 Service-Type = Framed-User Framed-MTU = 1400 NAS-Port-Type = Wireless-802.11 State = 0x80f6878586ff9e56ed034e3134225de2 EAP-Message = 0x0209005019001703010020a08078622a79e75a566a35e37ef4bf984a4bb904335403eadcdc445bc7bd908a1703010020b0718794786e96045ed88030e9a94236d4ad1672637efb413176da2c3ad27586 Message-Authenticator = 0xf5b1df8093a72c9530258fe6969a9fc2 SYNOUserGet failed. [0x1D00 user_db_get.c:63] # Executing section authorize from file /usr/local/synoradius/rad_site_def_local +- entering group authorize {...} ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop ++[digest] returns noop [suffix] No '@' in User-Name = "tee", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop [eap] EAP packet type response id 9 length 80 [eap] Continuing tunnel setup. ++[eap] returns ok Found Auth-Type = EAP # Executing group from file /usr/local/synoradius/rad_site_def_local +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/peap [eap] processing type peap [peap] processing EAP-TLS [peap] eaptls_verify returned 7 [peap] Done initial handshake [peap] eaptls_process returned 7 [peap] EAPTLS_OK [peap] Session established. Decoding tunneled attributes. [peap] Peap state WAITING FOR INNER IDENTITY [peap] Identity - tee [peap] Got inner identity 'tee' [peap] Setting default EAP type for tunneled EAP session. [peap] Got tunneled request EAP-Message = 0x0209000801746565 server { PEAP: Setting User-Name to tee Sending tunneled request EAP-Message = 0x0209000801746565 FreeRADIUS-Proxied-To = 127.0.0.1 User-Name = "tee" server inner-tunnel { SYNOUserGet failed. [0x1D00 user_db_get.c:63] # Executing section authorize from file /usr/local/synoradius/rad_site_inn_local +- entering group authorize {...} ++[chap] returns noop ++[mschap] returns noop ++[unix] returns notfound [suffix] No '@' in User-Name = "tee", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop ++[control] returns noop [eap] EAP packet type response id 9 length 8 [eap] No EAP Start, assuming it's an on-going EAP conversation ++[eap] returns updated ++[files] returns noop ++[smbpasswd] returns notfound ++[expiration] returns noop ++[logintime] returns noop ++[pap] returns noop [sql] expand: %{User-Name} -> tee [sql] sql_set_user escaped user --> 'tee' rlm_sql (sql): Reserving sql socket id: 0 [sql] expand: SELECT id, username, attribute, value, op FROM radcheck WHERE username = '%{SQL-User-Name}' ORDER BY id -> SELECT id, username, attribute, value, op FROM radcheck WHERE username = 'tee' ORDER BY id rlm_sql_mysql: query: SELECT id, username, attribute, value, op FROM radcheck WHERE username = 'tee' ORDER BY id [sql] User found in radcheck table [sql] expand: SELECT id, username, attribute, value, op FROM radreply WHERE username = '%{SQL-User-Name}' ORDER BY id -> SELECT id, username, attribute, value, op FROM radreply WHERE username = 'tee' ORDER BY id rlm_sql_mysql: query: SELECT id, username, attribute, value, op FROM radreply WHERE username = 'tee' ORDER BY id [sql] expand: SELECT groupname FROM radusergroup WHERE username = '%{SQL-User-Name}' ORDER BY priority -> SELECT groupname FROM radusergroup WHERE username = 'tee' ORDER BY priority rlm_sql_mysql: query: SELECT groupname FROM radusergroup WHERE username = 'tee' ORDER BY priority rlm_sql (sql): Released sql socket id: 0 ++[sql] returns ok WARNING: You set Proxy-To-Realm = LOCAL, but the realm does not exist! Cancelling invalid proxy request. Found Auth-Type = EAP # Executing group from file /usr/local/synoradius/rad_site_inn_local +- entering group authenticate {...} [eap] EAP Identity [eap] processing type mschapv2 rlm_eap_mschapv2: Issuing Challenge ++[eap] returns handled } # server inner-tunnel [peap] Got tunneled reply code 11 EAP-Message = 0x010a001d1a010a001810d3f23e8332d772ee6ed7d8e7e96aa314746565 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x84e0dc4b84eac6443eb91adc9df1aaf2 [peap] Got tunneled reply RADIUS code 11 EAP-Message = 0x010a001d1a010a001810d3f23e8332d772ee6ed7d8e7e96aa314746565 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x84e0dc4b84eac6443eb91adc9df1aaf2 [peap] Got tunneled Access-Challenge ++[eap] returns handled Sending Access-Challenge of id 9 to 192.168.178.25 port 32895 EAP-Message = 0x010a003b19001703010030712667073febde764e5f2c9db3f756e283ff2180010ab6ce8279b275dd91f1dab7b11915d8ee1b08d53646ca76c74294 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x80f6878587fc9e56ed034e3134225de2 Finished request 7. Going to the next request Waking up in 4.7 seconds. rad_recv: Access-Request packet from host 192.168.178.25 port 32896, id=10, length=286 User-Name = "tee" NAS-IP-Address = 0.0.0.0 Called-Station-Id = "7C-4F-B5-FE-BD-14:SEHR_GEHEIM" Calling-Station-Id = "14-89-FD-DA-ED-19" NAS-Identifier = "BOSS-SYNOLOGY" NAS-Port = 29 Service-Type = Framed-User Framed-MTU = 1400 NAS-Port-Type = Wireless-802.11 State = 0x80f6878587fc9e56ed034e3134225de2 EAP-Message = 0x020a00801900170301002003b67ac299e85321ff1f02a3fc4882edd957bc03194e8c379bb77f1c79dd009f1703010050b262cbf37cc08590f1736c2e90141e8457f4b7af8e7abbfaef9060ff03a5a2ada76be693ba95f5a159215119aaab21924173f17ec2dbe6d6da2cb99804725379fbd6272198e5cab8587acceaea7dda0b Message-Authenticator = 0x44e004b74fa78cf01a38d274530d7614 SYNOUserGet failed. [0x1D00 user_db_get.c:63] # Executing section authorize from file /usr/local/synoradius/rad_site_def_local +- entering group authorize {...} ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop ++[digest] returns noop [suffix] No '@' in User-Name = "tee", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop [eap] EAP packet type response id 10 length 128 [eap] Continuing tunnel setup. ++[eap] returns ok Found Auth-Type = EAP # Executing group from file /usr/local/synoradius/rad_site_def_local +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/peap [eap] processing type peap [peap] processing EAP-TLS [peap] eaptls_verify returned 7 [peap] Done initial handshake [peap] eaptls_process returned 7 [peap] EAPTLS_OK [peap] Session established. Decoding tunneled attributes. [peap] Peap state phase2 [peap] EAP type mschapv2 [peap] Got tunneled request EAP-Message = 0x020a003e1a020a003931d5f758f1aeada35c250ccbf62fdedb1200000000000000001d3c61fd341515c0c945528dc1af927b453748b44030955400746565 server { PEAP: Setting User-Name to tee Sending tunneled request EAP-Message = 0x020a003e1a020a003931d5f758f1aeada35c250ccbf62fdedb1200000000000000001d3c61fd341515c0c945528dc1af927b453748b44030955400746565 FreeRADIUS-Proxied-To = 127.0.0.1 User-Name = "tee" State = 0x84e0dc4b84eac6443eb91adc9df1aaf2 server inner-tunnel { SYNOUserGet failed. [0x1D00 user_db_get.c:63] # Executing section authorize from file /usr/local/synoradius/rad_site_inn_local +- entering group authorize {...} ++[chap] returns noop ++[mschap] returns noop ++[unix] returns notfound [suffix] No '@' in User-Name = "tee", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop ++[control] returns noop [eap] EAP packet type response id 10 length 62 [eap] No EAP Start, assuming it's an on-going EAP conversation ++[eap] returns updated ++[files] returns noop ++[smbpasswd] returns notfound ++[expiration] returns noop ++[logintime] returns noop ++[pap] returns noop [sql] expand: %{User-Name} -> tee [sql] sql_set_user escaped user --> 'tee' rlm_sql (sql): Reserving sql socket id: 4 [sql] expand: SELECT id, username, attribute, value, op FROM radcheck WHERE username = '%{SQL-User-Name}' ORDER BY id -> SELECT id, username, attribute, value, op FROM radcheck WHERE username = 'tee' ORDER BY id rlm_sql_mysql: query: SELECT id, username, attribute, value, op FROM radcheck WHERE username = 'tee' ORDER BY id [sql] User found in radcheck table [sql] expand: SELECT id, username, attribute, value, op FROM radreply WHERE username = '%{SQL-User-Name}' ORDER BY id -> SELECT id, username, attribute, value, op FROM radreply WHERE username = 'tee' ORDER BY id rlm_sql_mysql: query: SELECT id, username, attribute, value, op FROM radreply WHERE username = 'tee' ORDER BY id [sql] expand: SELECT groupname FROM radusergroup WHERE username = '%{SQL-User-Name}' ORDER BY priority -> SELECT groupname FROM radusergroup WHERE username = 'tee' ORDER BY priority rlm_sql_mysql: query: SELECT groupname FROM radusergroup WHERE username = 'tee' ORDER BY priority rlm_sql (sql): Released sql socket id: 4 ++[sql] returns ok WARNING: You set Proxy-To-Realm = LOCAL, but the realm does not exist! Cancelling invalid proxy request. Found Auth-Type = EAP # Executing group from file /usr/local/synoradius/rad_site_inn_local +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/mschapv2 [eap] processing type mschapv2 [mschapv2] # Executing group from file /usr/local/synoradius/rad_site_inn_local [mschapv2] +- entering group MS-CHAP {...} [mschap] Creating challenge hash with username: tee [mschap] Told to do MS-CHAPv2 for tee with NT-Password [mschap] adding MS-CHAPv2 MPPE keys ++[mschap] returns ok MSCHAP Success ++[eap] returns handled } # server inner-tunnel [peap] Got tunneled reply code 11 EAP-Message = 0x010b00331a030a002e533d32454434413437374342463839453230343834304331374634463043353430354332304645444245 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x84e0dc4b85ebc6443eb91adc9df1aaf2 [peap] Got tunneled reply RADIUS code 11 EAP-Message = 0x010b00331a030a002e533d32454434413437374342463839453230343834304331374634463043353430354332304645444245 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x84e0dc4b85ebc6443eb91adc9df1aaf2 [peap] Got tunneled Access-Challenge ++[eap] returns handled Sending Access-Challenge of id 10 to 192.168.178.25 port 32896 EAP-Message = 0x010b005b1900170301005020edf875c62bb996bc491fcb19c1123e1096f555e9ba6ee0f34c057c5c4c3e2211b14d6c3a1ee5d7ab2640d0745727308bcfd4cfdfa2e35da333788efc3c56999be2ef703b63f5c41dc1fb594803acf6 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x80f6878588fd9e56ed034e3134225de2 Finished request 8. Going to the next request Waking up in 4.7 seconds. rad_recv: Access-Request packet from host 192.168.178.25 port 32897, id=11, length=238 User-Name = "tee" NAS-IP-Address = 0.0.0.0 Called-Station-Id = "7C-4F-B5-FE-BD-14:SEHR_GEHEIM" Calling-Station-Id = "14-89-FD-DA-ED-19" NAS-Identifier = "BOSS-SYNOLOGY" NAS-Port = 29 Service-Type = Framed-User Framed-MTU = 1400 NAS-Port-Type = Wireless-802.11 State = 0x80f6878588fd9e56ed034e3134225de2 EAP-Message = 0x020b0050190017030100207d3776e8c3c71e5d5abf3b53d0169beea9e8992f69e2e0bcd672964a460e841617030100206780143ad9c9892791d2440461e354dc14baf8e535682315095dfea3ecd6b3a1 Message-Authenticator = 0x4977fb9bef33eaa2d73876471b3a527c SYNOUserGet failed. [0x1D00 user_db_get.c:63] # Executing section authorize from file /usr/local/synoradius/rad_site_def_local +- entering group authorize {...} ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop ++[digest] returns noop [suffix] No '@' in User-Name = "tee", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop [eap] EAP packet type response id 11 length 80 [eap] Continuing tunnel setup. ++[eap] returns ok Found Auth-Type = EAP # Executing group from file /usr/local/synoradius/rad_site_def_local +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/peap [eap] processing type peap [peap] processing EAP-TLS [peap] eaptls_verify returned 7 [peap] Done initial handshake [peap] eaptls_process returned 7 [peap] EAPTLS_OK [peap] Session established. Decoding tunneled attributes. [peap] Peap state phase2 [peap] EAP type mschapv2 [peap] Got tunneled request EAP-Message = 0x020b00061a03 server { PEAP: Setting User-Name to tee Sending tunneled request EAP-Message = 0x020b00061a03 FreeRADIUS-Proxied-To = 127.0.0.1 User-Name = "tee" State = 0x84e0dc4b85ebc6443eb91adc9df1aaf2 server inner-tunnel { SYNOUserGet failed. [0x1D00 user_db_get.c:63] # Executing section authorize from file /usr/local/synoradius/rad_site_inn_local +- entering group authorize {...} ++[chap] returns noop ++[mschap] returns noop ++[unix] returns notfound [suffix] No '@' in User-Name = "tee", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop ++[control] returns noop [eap] EAP packet type response id 11 length 6 [eap] No EAP Start, assuming it's an on-going EAP conversation ++[eap] returns updated ++[files] returns noop ++[smbpasswd] returns notfound ++[expiration] returns noop ++[logintime] returns noop ++[pap] returns noop [sql] expand: %{User-Name} -> tee [sql] sql_set_user escaped user --> 'tee' rlm_sql (sql): Reserving sql socket id: 3 [sql] expand: SELECT id, username, attribute, value, op FROM radcheck WHERE username = '%{SQL-User-Name}' ORDER BY id -> SELECT id, username, attribute, value, op FROM radcheck WHERE username = 'tee' ORDER BY id rlm_sql_mysql: query: SELECT id, username, attribute, value, op FROM radcheck WHERE username = 'tee' ORDER BY id [sql] User found in radcheck table [sql] expand: SELECT id, username, attribute, value, op FROM radreply WHERE username = '%{SQL-User-Name}' ORDER BY id -> SELECT id, username, attribute, value, op FROM radreply WHERE username = 'tee' ORDER BY id rlm_sql_mysql: query: SELECT id, username, attribute, value, op FROM radreply WHERE username = 'tee' ORDER BY id [sql] expand: SELECT groupname FROM radusergroup WHERE username = '%{SQL-User-Name}' ORDER BY priority -> SELECT groupname FROM radusergroup WHERE username = 'tee' ORDER BY priority rlm_sql_mysql: query: SELECT groupname FROM radusergroup WHERE username = 'tee' ORDER BY priority rlm_sql (sql): Released sql socket id: 3 ++[sql] returns ok WARNING: You set Proxy-To-Realm = LOCAL, but the realm does not exist! Cancelling invalid proxy request. Found Auth-Type = EAP # Executing group from file /usr/local/synoradius/rad_site_inn_local +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/mschapv2 [eap] processing type mschapv2 [eap] Freeing handler ++[eap] returns ok Login OK: [tee] (from client EASYBOX port 0 via TLS tunnel) WARNING: Empty post-auth section. Using default return values. # Executing section post-auth from file /usr/local/synoradius/rad_site_inn_local } # server inner-tunnel [peap] Got tunneled reply code 2 MS-MPPE-Encryption-Policy = 0x00000001 MS-MPPE-Encryption-Types = 0x00000006 MS-MPPE-Send-Key = 0x40d8b3413d25f4013c2a3ae154c437ac MS-MPPE-Recv-Key = 0xf5a477c13c1244e08cd8f0d853c4865e EAP-Message = 0x030b0004 Message-Authenticator = 0x00000000000000000000000000000000 User-Name = "tee" [peap] Got tunneled reply RADIUS code 2 MS-MPPE-Encryption-Policy = 0x00000001 MS-MPPE-Encryption-Types = 0x00000006 MS-MPPE-Send-Key = 0x40d8b3413d25f4013c2a3ae154c437ac MS-MPPE-Recv-Key = 0xf5a477c13c1244e08cd8f0d853c4865e EAP-Message = 0x030b0004 Message-Authenticator = 0x00000000000000000000000000000000 User-Name = "tee" [peap] Tunneled authentication was successful. [peap] SUCCESS ++[eap] returns handled Sending Access-Challenge of id 11 to 192.168.178.25 port 32897 EAP-Message = 0x010c002b190017030100209b99f254f989d6a0e266af1df740bfd7f858aa9be34ded07ca32eea655c957d9 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x80f6878589fa9e56ed034e3134225de2 Finished request 9. Going to the next request Waking up in 4.7 seconds. rad_recv: Access-Request packet from host 192.168.178.25 port 32898, id=12, length=238 User-Name = "tee" NAS-IP-Address = 0.0.0.0 Called-Station-Id = "7C-4F-B5-FE-BD-14:SEHR_GEHEIM" Calling-Station-Id = "14-89-FD-DA-ED-19" NAS-Identifier = "BOSS-SYNOLOGY" NAS-Port = 29 Service-Type = Framed-User Framed-MTU = 1400 NAS-Port-Type = Wireless-802.11 State = 0x80f6878589fa9e56ed034e3134225de2 EAP-Message = 0x020c0050190017030100203457dd4974e320f48bb2ea9959f91a702adc65898bb24317aca624fc47854c43170301002011476f7edc9a493c77d431caf59a5d613cf8bfc339c4c150ca2381ca5e7191ba Message-Authenticator = 0x00f7c3ad38840def38f7aa0c62632bbc SYNOUserGet failed. [0x1D00 user_db_get.c:63] # Executing section authorize from file /usr/local/synoradius/rad_site_def_local +- entering group authorize {...} ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop ++[digest] returns noop [suffix] No '@' in User-Name = "tee", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop [eap] EAP packet type response id 12 length 80 [eap] Continuing tunnel setup. ++[eap] returns ok Found Auth-Type = EAP # Executing group from file /usr/local/synoradius/rad_site_def_local +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/peap [eap] processing type peap [peap] processing EAP-TLS [peap] eaptls_verify returned 7 [peap] Done initial handshake [peap] eaptls_process returned 7 [peap] EAPTLS_OK [peap] Session established. Decoding tunneled attributes. [peap] Peap state send tlv success [peap] Received EAP-TLV response. [peap] Success [eap] Freeing handler ++[eap] returns ok Login OK: [tee] (from client EASYBOX port 29 cli 14-89-FD-DA-ED-19) # Executing section post-auth from file /usr/local/synoradius/rad_site_def_local +- entering group post-auth {...} ++[exec] returns noop Sending Access-Accept of id 12 to 192.168.178.25 port 32898 MS-MPPE-Recv-Key = 0xe3cd1d3d8847bb78c279ac58d6e6c42cdaebdc4c82cb41b506ee08c319b6b748 MS-MPPE-Send-Key = 0x24cef9cb1a537db7be194b7dd4465ad0a374a79a30926c05f1e8e549b0ca92d9 EAP-Message = 0x030c0004 Message-Authenticator = 0x00000000000000000000000000000000 User-Name = "tee" Finished request 10. Going to the next request Waking up in 4.6 seconds. Cleaning up request 0 ID 2 with timestamp +39 Cleaning up request 1 ID 3 with timestamp +39 Cleaning up request 2 ID 4 with timestamp +39 Cleaning up request 3 ID 5 with timestamp +39 Cleaning up request 4 ID 6 with timestamp +39 Cleaning up request 5 ID 7 with timestamp +39 Cleaning up request 6 ID 8 with timestamp +39 Cleaning up request 7 ID 9 with timestamp +39 Cleaning up request 8 ID 10 with timestamp +39 Cleaning up request 9 ID 11 with timestamp +39 Cleaning up request 10 ID 12 with timestamp +40 Ready to process requests.
participants (1)
-
lucia