eap with MySQL don't work
awal.mohamadou
awal.mohamadou at laposte.net
Wed Nov 23 16:53:16 CET 2005
help! help! need help please!
i've been knocking my head on the wall searching why my
freeradius server is not working. can someone help me please?
these are my log when trying to connect:
(i'm using a cisco Aironet 1100 series AP with a MySQL 4.1.11
database on my freeradius 1.0.2 my OS is fedora core 4 trying
to connect with a windowsXP PRO)
please someone for help!
tarting - reading configuration files ...
reread_config: reading radiusd.conf
Config: including file: /etc/raddb/proxy.conf
Config: including file: /etc/raddb/clients.conf
Config: including file: /etc/raddb/snmp.conf
Config: including file: /etc/raddb/eap.conf
Config: including file: /etc/raddb/sql.conf
main: prefix = "/usr"
main: localstatedir = "/var"
main: logdir = "/var/log/radius"
main: libdir = "/usr/lib"
main: radacctdir = "/var/log/radius/radacct"
main: hostname_lookups = no
main: max_request_time = 30
main: cleanup_delay = 6
main: max_requests = 1024
main: delete_blocked_requests = 0
main: port = 0
main: allow_core_dumps = no
main: log_stripped_names = no
main: log_file = "/var/log/radius/radius.log"
main: log_auth = yes
main: log_auth_badpass = yes
main: log_auth_goodpass = yes
main: pidfile = "/var/run/radiusd/radiusd.pid"
main: user = "radiusd"
main: group = "radiusd"
main: usercollide = no
main: lower_user = "no"
main: lower_pass = "no"
main: nospace_user = "no"
main: nospace_pass = "no"
main: checkrad = "/usr/sbin/checkrad"
main: proxy_requests = yes
proxy: retry_delay = 5
proxy: retry_count = 3
proxy: synchronous = yes
proxy: default_fallback = no
proxy: dead_time = 120
proxy: post_proxy_authorize = no
proxy: wake_all_if_all_dead = no
security: max_attributes = 200
security: reject_delay = 1
security: status_server = yes
main: debug_level = 0
read_config_files: reading dictionary
read_config_files: reading naslist
Using deprecated naslist file. Support for this will go away
soon.
read_config_files: reading clients
read_config_files: reading realms
radiusd: entering modules setup
Module: Library search path is /usr/lib
Module: Loaded exec
exec: wait = yes
exec: program = "(null)"
exec: input_pairs = "request"
exec: output_pairs = "(null)"
exec: packet_type = "(null)"
rlm_exec: Wait=yes but no output defined. Did you mean
output=none?
Module: Instantiated exec (exec)
Module: Loaded expr
Module: Instantiated expr (expr)
Module: Loaded PAP
pap: encryption_scheme = "crypt"
Module: Instantiated pap (pap)
Module: Loaded CHAP
Module: Instantiated chap (chap)
Module: Loaded MS-CHAP
mschap: use_mppe = yes
mschap: require_encryption = yes
mschap: require_strong = yes
mschap: with_ntdomain_hack = yes
mschap: passwd = "(null)"
mschap: authtype = "MS-CHAP"
mschap: ntlm_auth = "(null)"
Module: Instantiated mschap (mschap)
Module: Loaded System
unix: cache = no
unix: passwd = "/etc/passwd"
unix: shadow = "/etc/shadow"
unix: group = "/etc/group"
unix: radwtmp = "/var/log/radius/radwtmp"
unix: usegroup = no
unix: cache_reload = 600
Module: Instantiated unix (unix)
Module: Loaded eap
eap: default_eap_type = "peap"
eap: timer_expire = 60
eap: ignore_unknown_eap_types = no
eap: cisco_accounting_username_bug = no
gtc: challenge = "Password: "
gtc: auth_type = "PAP"
rlm_eap: Loaded and initialized type gtc
tls: rsa_key_exchange = no
tls: dh_key_exchange = yes
tls: rsa_key_length = 512
tls: dh_key_length = 512
tls: verify_depth = 0
tls: CA_path = "(null)"
tls: pem_file_type = yes
tls: private_key_file = "/etc/raddb/certs/cert-srv.pem"
tls: certificate_file = "/etc/raddb/certs/cert-srv.pem"
tls: CA_file = "/etc/raddb/certs/demoCA/cacert.pem"
tls: private_key_password = "whatever"
tls: dh_file = "/etc/raddb/certs/dh"
tls: random_file = "/etc/raddb/certs/random"
tls: fragment_size = 1024
tls: include_length = yes
tls: check_crl = no
tls: check_cert_cn = "(null)"
rlm_eap: Loaded and initialized type tls
peap: default_eap_type = "mschapv2"
peap: copy_request_to_tunnel = no
peap: use_tunneled_reply = no
peap: proxy_tunneled_request_as_eap = yes
rlm_eap: Loaded and initialized type peap
mschapv2: with_ntdomain_hack = no
rlm_eap: Loaded and initialized type mschapv2
Module: Instantiated eap (eap)
Module: Loaded preprocess
preprocess: huntgroups = "/etc/raddb/huntgroups"
preprocess: hints = "/etc/raddb/hints"
preprocess: with_ascend_hack = no
preprocess: ascend_channels_per_line = 23
preprocess: with_ntdomain_hack = yes
preprocess: with_specialix_jetstream_hack = no
preprocess: with_cisco_vsa_hack = no
Module: Instantiated preprocess (preprocess)
Module: Loaded detail
detail: detailfile =
"/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-
%Y%m%d"
detail: detailperm = 384
detail: dirperm = 493
detail: locking = no
Module: Instantiated detail (auth_log)
Module: Loaded DIGEST
Module: Instantiated digest (digest)
Module: Loaded realm
realm: format = "prefix"
realm: delimiter = "/"
realm: ignore_default = no
realm: ignore_null = no
Module: Instantiated realm (IPASS)
realm: format = "suffix"
realm: delimiter = "@"
realm: ignore_default = no
realm: ignore_null = no
Module: Instantiated realm (suffix)
realm: format = "prefix"
realm: delimiter = "\"
realm: ignore_default = no
realm: ignore_null = no
Module: Instantiated realm (ntdomain)
Module: Loaded files
files: usersfile = "/etc/raddb/users"
files: acctusersfile = "/etc/raddb/acct_users"
files: preproxy_usersfile = "/etc/raddb/preproxy_users"
files: compat = "no"
Module: Instantiated files (files)
Module: Loaded SQL
sql: driver = "rlm_sql_mysql"
sql: server = "localhost"
sql: port = ""
sql: login = "root"
sql: password = ""
sql: radius_db = "radius"
sql: acct_table = "radacct"
sql: acct_table2 = "radacct"
sql: authcheck_table = "radcheck"
sql: authreply_table = "radreply"
sql: groupcheck_table = "radgroupcheck"
sql: groupreply_table = "radgroupreply"
sql: usergroup_table = "usergroup"
sql: nas_table = "nas"
sql: dict_table = "dictionary"
sql: sqltrace = no
sql: sqltracefile = "/var/log/radius/sqltrace.sql"
sql: readclients = no
sql: deletestalesessions = yes
sql: num_sql_socks = 5
sql: sql_user_name =
"%{Stripped-User-Name:-%{User-Name:-DEFAULT}}"
sql: default_user_profile = ""
sql: query_on_not_found = no
sql: authorize_check_query = "SELECT
id,UserName,Attribute,Value,op FROM radche
ck WHERE Username = '%{SQL-User-Name}' ORDER BY id"
sql: authorize_reply_query = "SELECT
id,UserName,Attribute,Value,op FROM radrep
ly WHERE Username = '%{SQL-User-Name}' ORDER BY id"
sql: authorize_group_check_query = "SELECT
radgroupcheck.id,radgroupcheck.Group
Name,radgroupcheck.Attribute,radgroupcheck.Value,radgroupcheck.op
FROM radgroup
check,usergroup WHERE usergroup.Username = '%{SQL-User-Name}'
AND usergroup.Grou
pName = radgroupcheck.GroupName ORDER BY radgroupcheck.id"
sql: authorize_group_reply_query = "SELECT
radgroupreply.id,radgroupreply.Group
Name,radgroupreply.Attribute,radgroupreply.Value,radgroupreply.op
FROM radgroup
reply,usergroup WHERE usergroup.Username = '%{SQL-User-Name}'
AND usergroup.Grou
pName = radgroupreply.GroupName ORDER BY radgroupreply.id"
sql: accounting_onoff_query = "UPDATE radacct SET
AcctStopTime='%S', AcctSessio
nTime=unix_timestamp('%S') - unix_timestamp(AcctStartTime),
AcctTerminateCause='
%{Acct-Terminate-Cause}', AcctStopDelay = '%{Acct-Delay-Time}'
WHERE AcctSession
Time=0 AND AcctStopTime=0 AND NASIPAddress=
'%{NAS-IP-Address}' AND AcctStartTim
e <= '%S'"
sql: accounting_update_query = "UPDATE radacct ? SET
FramedIPAddress = '%{Frame
d-IP-Address}', ? AcctSessionTime = '%{Acct-Session-Time}', ?
AcctInputOctets =
'%{Acct-Input-Octets}', ? AcctOutputOctets =
'%{Acct-Output-Octets}' ? WHERE Acc
tSessionId = '%{Acct-Session-Id}' ? AND UserName =
'%{SQL-User-Name}' ? AND NASI
PAddress= '%{NAS-IP-Address}'"
sql: accounting_update_query_alt = "INSERT into radacct
(AcctSessionId, AcctUni
queId, UserName, Realm, NASIPAddress, NASPortId, NASPortType,
AcctStartTime, Acc
tSessionTime, AcctAuthentic, ConnectInfo_start,
AcctInputOctets, AcctOutputOctet
s, CalledStationId, CallingStationId, ServiceType,
FramedProtocol, FramedIPAddre
ss, AcctStartDelay) values('%{Acct-Session-Id}',
'%{Acct-Unique-Session-Id}', '%
{SQL-User-Name}', '%{Realm}', '%{NAS-IP-Address}',
'%{NAS-Port}', '%{NAS-Port-Ty
pe}', DATE_SUB('%S',INTERVAL (%{Acct-Session-Time:-0} +
%{Acct-Delay-Time:-0}) S
ECOND), '%{Acct-Session-Time}', '%{Acct-Authentic}', '',
'%{Acct-Input-Octets}',
'%{Acct-Output-Octets}', '%{Called-Station-Id}',
'%{Calling-Station-Id}', '%{Se
rvice-Type}', '%{Framed-Protocol}', '%{Framed-IP-Address}', '0')"
sql: accounting_start_query = "INSERT into radacct
(AcctSessionId, AcctUniqueId
, UserName, Realm, NASIPAddress, NASPortId, NASPortType,
AcctStartTime, AcctStop
Time, AcctSessionTime, AcctAuthentic, ConnectInfo_start,
ConnectInfo_stop, AcctI
nputOctets, AcctOutputOctets, CalledStationId,
CallingStationId, AcctTerminateCa
use, ServiceType, FramedProtocol, FramedIPAddress,
AcctStartDelay, AcctStopDelay
) values('%{Acct-Session-Id}', '%{Acct-Unique-Session-Id}',
'%{SQL-User-Name}',
'%{Realm}', '%{NAS-IP-Address}', '%{NAS-Port}',
'%{NAS-Port-Type}', '%S', '0', '
0', '%{Acct-Authentic}', '%{Connect-Info}', '', '0', '0',
'%{Called-Station-Id}'
, '%{Calling-Station-Id}', '', '%{Service-Type}',
'%{Framed-Protocol}', '%{Frame
d-IP-Address}', '%{Acct-Delay-Time}', '0')"
sql: accounting_start_query_alt = "UPDATE radacct SET
AcctStartTime = '%S', Acc
tStartDelay = '%{Acct-Delay-Time}', ConnectInfo_start =
'%{Connect-Info}' WHERE
AcctSessionId = '%{Acct-Session-Id}' AND UserName =
'%{SQL-User-Name}' AND NASIP
Address = '%{NAS-IP-Address}'"
sql: accounting_stop_query = "UPDATE radacct SET AcctStopTime
= '%S', AcctSessi
onTime = '%{Acct-Session-Time}', AcctInputOctets =
'%{Acct-Input-Octets}', AcctO
utputOctets = '%{Acct-Output-Octets}', AcctTerminateCause =
'%{Acct-Terminate-Ca
use}', AcctStopDelay = '%{Acct-Delay-Time}', ConnectInfo_stop
= '%{Connect-Info}
' WHERE AcctSessionId = '%{Acct-Session-Id}' AND UserName =
'%{SQL-User-Name}' A
ND NASIPAddress = '%{NAS-IP-Address}'"
sql: accounting_stop_query_alt = "INSERT into radacct
(AcctSessionId, AcctUniqu
eId, UserName, Realm, NASIPAddress, NASPortId, NASPortType,
AcctStartTime, AcctS
topTime, AcctSessionTime, AcctAuthentic, ConnectInfo_start,
ConnectInfo_stop, Ac
ctInputOctets, AcctOutputOctets, CalledStationId,
CallingStationId, AcctTerminat
eCause, ServiceType, FramedProtocol, FramedIPAddress,
AcctStartDelay, AcctStopDe
lay) values('%{Acct-Session-Id}', '%{Acct-Unique-Session-Id}',
'%{SQL-User-Name}
', '%{Realm}', '%{NAS-IP-Address}', '%{NAS-Port}',
'%{NAS-Port-Type}', DATE_SUB(
'%S', INTERVAL (%{Acct-Session-Time:-0} +
%{Acct-Delay-Time:-0}) SECOND), '%S',
'%{Acct-Session-Time}', '%{Acct-Authentic}', '',
'%{Connect-Info}', '%{Acct-Inpu
t-Octets}', '%{Acct-Output-Octets}', '%{Called-Station-Id}',
'%{Calling-Station-
Id}', '%{Acct-Terminate-Cause}', '%{Service-Type}',
'%{Framed-Protocol}', '%{Fra
med-IP-Address}', '0', '%{Acct-Delay-Time}')"
sql: group_membership_query = "SELECT GroupName FROM
usergroup WHERE UserName='
%{SQL-User-Name}'"
sql: connect_failure_retry_delay = 60
sql: simul_count_query = ""
sql: simul_verify_query = "SELECT RadAcctId, AcctSessionId,
UserName, NASIPAddr
ess, NASPortId, FramedIPAddress, CallingStationId,
FramedProtocol FROM radacct W
HERE UserName='%{SQL-User-Name}' AND AcctStopTime = 0"
sql: postauth_table = "radpostauth"
sql: postauth_query = "INSERT into radpostauth (id, user,
pass, reply, date) va
lues ('', '%{User-Name}', '%{User-Password:-Chap-Password}',
'%{reply:Packet-Typ
e}', NOW())"
sql: safe-characters =
"@abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ01
23456789.-_: /"
rlm_sql (sql): Driver rlm_sql_mysql (module rlm_sql_mysql)
loaded and linked
rlm_sql (sql): Attempting to connect to root at localhost:/radius
rlm_sql (sql): starting 0
rlm_sql (sql): Attempting to connect rlm_sql_mysql #0
rlm_sql_mysql: Starting connect to MySQL server for #0
rlm_sql (sql): Connected new DB handle, #0
rlm_sql (sql): starting 1
rlm_sql (sql): Attempting to connect rlm_sql_mysql #1
rlm_sql_mysql: Starting connect to MySQL server for #1
rlm_sql (sql): Connected new DB handle, #1
rlm_sql (sql): starting 2
rlm_sql (sql): Attempting to connect rlm_sql_mysql #2
rlm_sql_mysql: Starting connect to MySQL server for #2
rlm_sql (sql): Connected new DB handle, #2
rlm_sql (sql): starting 3
rlm_sql (sql): Attempting to connect rlm_sql_mysql #3
rlm_sql_mysql: Starting connect to MySQL server for #3
rlm_sql (sql): Connected new DB handle, #3
rlm_sql (sql): starting 4
rlm_sql (sql): Attempting to connect rlm_sql_mysql #4
rlm_sql_mysql: Starting connect to MySQL server for #4
rlm_sql (sql): Connected new DB handle, #4
Module: Instantiated sql (sql)
Module: Loaded Acct-Unique-Session-Id
acct_unique: key = "User-Name, Acct-Session-Id,
NAS-IP-Address, Client-IP-Addre ss, NAS-Port"
Module: Instantiated acct_unique (acct_unique)
detail: detailfile =
"/var/log/radius/radacct/%{Client-IP-Address}/detail-%Y%m% d"
detail: detailperm = 384
detail: dirperm = 493
detail: locking = no
Module: Instantiated detail (detail)
Module: Loaded radutmp
radutmp: filename = "/var/log/radius/radutmp"
radutmp: username = "%{User-Name}"
radutmp: case_sensitive = yes
radutmp: check_with_nas = yes
radutmp: perm = 384
radutmp: callerid = yes
Module: Instantiated radutmp (radutmp)
Listening on authentication *:1812
Listening on accounting *:1813
Listening on proxy *:1814
Ready to process requests.
rad_recv: Access-Request packet from host 172.16.47.50:21646,
id=65, length=145
User-Name = "awal"
Framed-MTU = 1400
Called-Station-Id = "00-40-96-A1-9F-C4"
Calling-Station-Id = "00-12-F0-22-79-12"
Message-Authenticator = 0x04eb8fff25ee06be6ea964e1e7a714f7
EAP-Message = 0x020800061900
NAS-Port-Type = Wireless-802.11
NAS-Port = 278
State = 0x3ea1310276e93e8b451633cdf6c3dbf9
Service-Type = Framed-User
NAS-IP-Address = 172.16.47.50
NAS-Identifier = "venus"
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 3
modcall[authorize]: module "preprocess" returns ok for request 3
radius_xlat:
'/var/log/radius/radacct/172.16.47.50/auth-detail-20051123'
rlm_detail:
/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d
expands to
/var/log/radius/radacct/172.16.47.50/auth-detail-20051123
modcall[authorize]: module "auth_log" returns ok for request 3
modcall[authorize]: module "chap" returns noop for request 3
modcall[authorize]: module "mschap" returns noop for request 3
modcall[authorize]: module "digest" returns noop for request 3
rlm_realm: No '/' in User-Name = "awal", looking up realm NULL
rlm_realm: No such realm "NULL"
modcall[authorize]: module "IPASS" returns noop for request 3
rlm_realm: No '@' in User-Name = "awal", looking up realm NULL
rlm_realm: No such realm "NULL"
modcall[authorize]: module "suffix" returns noop for request 3
rlm_realm: No '\' in User-Name = "awal", looking up realm NULL
rlm_realm: No such realm "NULL"
modcall[authorize]: module "ntdomain" returns noop for request 3
rlm_eap: EAP packet type response id 8 length 6
rlm_eap: No EAP Start, assuming it's an on-going EAP
conversation
modcall[authorize]: module "eap" returns updated for request 3
users: Matched entry DEFAULT at line 157
modcall[authorize]: module "files" returns ok for request 3
radius_xlat: 'awal'
rlm_sql (sql): sql_set_user escaped user --> 'awal'
radius_xlat: 'SELECT id,UserName,Attribute,Value,op FROM
radcheck WHERE Username = 'awal' ORDER BY id'
rlm_sql (sql): Reserving sql socket id: 1
radius_xlat: 'SELECT
radgroupcheck.id,radgroupcheck.GroupName,radgroupcheck.Attribute,radgroupcheck.Value,radgroupcheck.op
FROM radgroupcheck,usergroup WHERE usergroup.Username =
'awal' AND usergroup.GroupName = radgroupcheck.GroupName ORDER
BY radgroupcheck.id'
radius_xlat: 'SELECT id,UserName,Attribute,Value,op FROM
radreply WHERE Username = 'awal' ORDER BY id'
rlm_sql: unknown attribute Framed-IP-Adress
rlm_sql (sql): Error getting data from database
radius_xlat: 'SELECT
radgroupreply.id,radgroupreply.GroupName,radgroupreply.Attribute,radgroupreply.Value,radgroupreply.op
FROM radgroupreply,usergroup WHERE usergroup.Username =
'awal' AND usergroup.GroupName = radgroupreply.GroupName ORDER
BY radgroupreply.id'
rlm_sql (sql): Released sql socket id: 1
modcall[authorize]: module "sql" returns ok for request 3
modcall: group authorize returns updated for request 3
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 3
rlm_eap: Request found, released from the list
rlm_eap: EAP/peap
rlm_eap: processing type peap
rlm_eap_peap: Authenticate
rlm_eap_tls: processing TLS
rlm_eap_tls: Received EAP-TLS ACK message
rlm_eap_tls: ack handshake fragment handler
eaptls_verify returned 1
eaptls_process returned 13
rlm_eap_peap: EAPTLS_HANDLED
modcall[authenticate]: module "eap" returns handled for
request 3
modcall: group authenticate returns handled for request 3
Sending Access-Challenge of id 65 to 172.16.47.50:21646
Framed-Compression := Van-Jacobson-TCP-IP
Framed-Protocol := PPP
Service-Type := Framed-User
Framed-MTU := 1500
EAP-Message = 0x010900061900
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x5bac50c93533525d5edae84d4bc5e220
Finished request 3
Going to the next request
Waking up in 6 seconds...
--- Walking the entire request list ---
Cleaning up request 0 ID 62 with timestamp 43849016
Waking up in 1 seconds...
--- Walking the entire request list ---
Cleaning up request 1 ID 63 with timestamp 43849017
Cleaning up request 2 ID 64 with timestamp 43849017
Cleaning up request 3 ID 65 with timestamp 43849017
Nothing to do. Sleeping until we see a request.
Awal.
Accédez au courrier électronique de La Poste : www.laposte.net ;
3615 LAPOSTENET (0,34€/mn) ; tél : 08 92 68 13 50 (0,34€/mn)
More information about the Freeradius-Users
mailing list