Freeradius-Users Digest, Vol 26, Issue 34

Apangshu Saha apangshu at gmail.com
Mon Jun 11 17:32:41 CEST 2007


Hi martin,
i have enabled all the following things in eap.conf....but still the
supplicant shows attempting to authenticate.....i am using winXp as
supplicant.....what will be the configuration setting in winxp....it asks
log in name..password..and domain name...what is that domain name.....i am
giving the user name and password as same as i have written in "users" file
in RADIUS server....but what should i put in domain name....you plz help me
how should i set the supplicant......

with thanks...
apangshu

eap {
>                 default_eap_type = peap
>                 timer_expire     = 60
>                 ignore_unknown_eap_types = no
>                 cisco_accounting_username_bug = no
>
>                 md5 {
>                 }
>
>                 tls {
> ...
>                 }
>
>                 ttls {
> ...
>                 }
>                  peap {
> ...
>                 }
> >>>                mschapv2 {
> >>>                }
>         }
>
On 6/11/07, freeradius-users-request at lists.freeradius.org <
freeradius-users-request at lists.freeradius.org> wrote:
>
> Send Freeradius-Users mailing list submissions to
>         freeradius-users at lists.freeradius.org
>
> To subscribe or unsubscribe via the World Wide Web, visit
>         http://lists.freeradius.org/mailman/listinfo/freeradius-users
> or, via email, send a message with subject or body 'help' to
>         freeradius-users-request at lists.freeradius.org
>
> You can reach the person managing the list at
>         freeradius-users-owner at lists.freeradius.org
>
> When replying, please edit your Subject line so it is more specific
> than "Re: Contents of Freeradius-Users digest..."
>
>
> Today's Topics:
>
>    1. help in setting up PEAP in freeRADIUS with winXp (Apangshu Saha)
>
>
> ----------------------------------------------------------------------
>
> Message: 1
> Date: Mon, 11 Jun 2007 20:38:36 +0530
> From: "Apangshu Saha" <apangshu at gmail.com>
> Subject: help in setting up PEAP in freeRADIUS with winXp
> To: freeradius-users at lists.freeradius.org
> Message-ID:
>         <c52421460706110808x6fe85e32w7e88da881b7938a5 at mail.gmail.com>
> Content-Type: text/plain; charset="iso-8859-1"
>
> Hi Martin,
> Thanks for your reply.Everything you mentioned is configured in eap.conf
> file.Still i am facing the problem.
> Plz let me know how to proceed to fix it.
>
> With thanks...
> Apangshu
>
> On 6/11/07, freeradius-users-request at lists.freeradius.org <
> freeradius-users-request at lists.freeradius.org> wrote:
> >
> > Send Freeradius-Users mailing list submissions to
> >         freeradius-users at lists.freeradius.org
> >
> > To subscribe or unsubscribe via the World Wide Web, visit
> >         http://lists.freeradius.org/mailman/listinfo/freeradius-users
> > or, via email, send a message with subject or body 'help' to
> >         freeradius-users-request at lists.freeradius.org
> >
> > You can reach the person managing the list at
> >         freeradius-users-owner at lists.freeradius.org
> >
> > When replying, please edit your Subject line so it is more specific
> > than "Re: Contents of Freeradius-Users digest..."
> >
> >
> > Today's Topics:
> >
> >    1. Re: help in setting up PEAP in freeRADIUS with winXp
> >       supplicant (Martin Gadbois)
> >    2. Re: Freeradius as a secondary (Jeff)
> >    3. Re: Big "VSA + Proxy" problem (Guilherme Franco)
> >
> >
> > ----------------------------------------------------------------------
> >
> > Message: 1
> > Date: Mon, 11 Jun 2007 09:28:27 -0400
> > From: Martin Gadbois <martin.gadbois at colubris.com>
> > Subject: Re: help in setting up PEAP in freeRADIUS with winXp
> >         supplicant
> > To: FreeRadius users mailing list
> >         <freeradius-users at lists.freeradius.org>
> > Message-ID: <466D4DFB.1020704 at colubris.com>
> > Content-Type: text/plain; charset=UTF-8
> >
> > -----BEGIN PGP SIGNED MESSAGE-----
> > Hash: SHA1
> >
> > Apangshu Saha wrote:
> >
> > >   rad_check_password:  Found Auth-Type EAP
> > > auth: type "EAP"
> > >   Processing the authenticate section of radiusd.conf
> > > modcall: entering group authenticate for request 5
> > >   rlm_eap: EAP Identity
> > >  rlm_eap: No such EAP type mschapv2
> > >   rlm_eap: Failed in EAP select
> > >   modcall[authenticate]: module "eap" returns invalid for request 5
> > > modcall: leaving group authenticate (returns invalid) for request 5
> > > auth: Failed to validate the user.
> > >   PEAP: Tunneled authentication was rejected.
> > >   rlm_eap_peap: FAILURE
> >
> > Do you have mschap enabled in your eap.conf?
> >
> >         eap {
> >                 default_eap_type = peap
> >                 timer_expire     = 60
> >                 ignore_unknown_eap_types = no
> >                 cisco_accounting_username_bug = no
> >
> >                 md5 {
> >                 }
> >
> >                 tls {
> > ...
> >                 }
> >
> >                 ttls {
> > ...
> >                 }
> >                  peap {
> > ...
> >                 }
> > >>>                mschapv2 {
> > >>>                }
> >         }
> >
> >
> > - --
> > ==============         +---------------------------------------------+
> > Martin Gadbois         | "Please answer by yes or no.                |
> > Sr. SW Designer        | Uncooperative user waste precious CPU time" |
> > Colubris Networks Inc. | -- The Andromeda Strain, M. Crichton, 1969  |
> > -----BEGIN PGP SIGNATURE-----
> > Version: GnuPG v1.4.5 (GNU/Linux)
> > Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
> >
> > iD8DBQFGbU379Y3/iTTCEDkRAhz+AJkBQD2iH/pJHGSFwVdBnNcFAMdILACgomOf
> > vZhC4ftJ7IjYZXP+1oTcjQI=
> > =YvGQ
> > -----END PGP SIGNATURE-----
> >
> >
> > ------------------------------
> >
> > Message: 2
> > Date: Mon, 11 Jun 2007 10:28:37 -0400
> > From: Jeff <jeffa at jahelpdesk.com>
> > Subject: Re: Freeradius as a secondary
> > To: "FreeRadius users mailing list"
> >         <freeradius-users at lists.freeradius.org>
> > Message-ID: <20070611142837.c0c38dfd at ns1.jahelpdesk.com>
> > Content-Type: text/plain; charset="us-ascii"
> >
> > Ok new issue thats eluding me
> > I uninstalled version 1. then installed version 2
> >
> > anyway. i resetup the configs and made sure my services file is 1645
> > radius and 1646 for acct as before
> > anyway
> > when i do a auth with ntradping all connects aok
> > when i do anykind of an accouting request, stop start update i get error
> > 10054
> > which i read may mean check the port which it apperas i am set aok
> unless
> > i am missing something
> >
> > NEXT
> > Nothing is going into the radacct dir for detail file either or is it
> > being created
> >
> > Also when i do a /etc/init.d/freeradius start or restart everything is
> aok
> > when i do a /etc/init.d/freeradius reload I see in the radius log that
> its
> > saying there is errors in the radius config
> >
> > Anyway anyone have any ideas?
> >       _____
> >
> >   From: Peter Nixon [mailto:listuser at peternixon.net]
> > To: FreeRadius users mailing list [mailto:
> > freeradius-users at lists.freeradius.org]
> > Sent: Sun, 10 Jun 2007 19:43:58 -0400
> > Subject: Re: Freeradius as a secondary
> >
> > On Sun 10 Jun 2007, Jeff wrote:
> > > I am using the version installed through software update on opensuse
> >
> > You may wish to use my updated packages at:
> > http://software.opensuse.org/download/network:/aaa/
> >
> > Just add is as a software repository in YaST. (ie.
> > http://software.opensuse.org/download/network:/aaa/openSUSE_10.2/)
> >
> > Cheers
> >
> > --
> >
> > Peter Nixon
> > http://www.peternixon.net/
> > PGP Key: http://www.peternixon.net/public.asc
> > -
> > List info/subscribe/unsubscribe? See
> > http://www.freeradius.org/list/users.html
> >
> >
> >
> > -------------- next part --------------
> > An HTML attachment was scrubbed...
> > URL:
> >
> https://lists.freeradius.org/pipermail/freeradius-users/attachments/20070611/ba461c21/attachment-0001.html
> >
> > ------------------------------
> >
> > Message: 3
> > Date: Mon, 11 Jun 2007 11:50:26 -0300
> > From: "Guilherme Franco" <guilhermefranco at gmail.com>
> > Subject: Re: Big "VSA + Proxy" problem
> > To: "FreeRadius users mailing list"
> >         <freeradius-users at lists.freeradius.org>
> > Message-ID:
> >         <5e239f520706110750me7fca81weab5378ca94d39ea at mail.gmail.com>
> > Content-Type: text/plain; charset=ISO-8859-1; format=flowed
> >
> > Hello Mr. Alan,
> >
> > Thank you for answering.
> >
> > Below, you will find a working local authentication, user
> > steve at local.com (without proxy), where the VSA "ERX-Service-Bundle" is
> > found in radreply (although the debug doesn't says that) and sent back
> > to the B-RAS:
> >
> > rad_recv: Access-Request packet from host 192.168.1.1:50000, id=29,
> > length=238
> > Mon Jun 11 11:18:18 2007 : Debug: --- Walking the entire request list
> ---
> > Mon Jun 11 11:18:18 2007 : Debug: Waking up in 31 seconds...
> > Mon Jun 11 11:18:18 2007 : Debug: Thread 2 got semaphore
> > Mon Jun 11 11:18:18 2007 : Debug: Thread 2 handling request 1, (1
> > handled so far)
> >         User-Password = "testing"
> >         User-Name = "steve at local.com"
> >         Acct-Session-Id = "erx atm 3/2.42:100.132:0002097381"
> >         Service-Type = Framed-User
> >         Framed-Protocol = PPP
> >         ERX-Pppoe-Description = "pppoe 12:34:56:78:9a:bc"
> >         Calling-Station-Id = "#BRAS-03#this is a description#100#132"
> >         Connect-Info = "speed:UBR:12000"
> >         NAS-Port-Type = xDSL
> >         NAS-Port = 845414532
> >         NAS-Port-Id = "atm 3/2.42:100.132"
> >         NAS-IP-Address = 192.168.1.1
> >         NAS-Identifier = "BRAS-03"
> > Mon Jun 11 11:18:18 2007 : Debug:   Processing the authorize section
> > of radiusd.conf
> > Mon Jun 11 11:18:18 2007 : Debug: modcall: entering group authorize
> > for request 1
> > Mon Jun 11 11:18:18 2007 : Debug:   modsingle[authorize]: calling
> > preprocess (rlm_preprocess) for request 1
> > Mon Jun 11 11:18:18 2007 : Debug:   modsingle[authorize]: returned
> > from preprocess (rlm_preprocess) for request 1
> > Mon Jun 11 11:18:18 2007 : Debug:   modcall[authorize]: module
> > "preprocess" returns ok for request 1
> > Mon Jun 11 11:18:18 2007 : Debug:   modsingle[authorize]: calling
> > auth_log (rlm_detail) for request 1
> > Mon Jun 11 11:18:18 2007 : Debug: radius_xlat:
> > '/usr/local/var/log/radius/radacct/192.168.1.1/auth-detail-20070611'
> > Mon Jun 11 11:18:18 2007 : Debug: rlm_detail:
> >
> /usr/local/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d
> > expands to
> > /usr/local/var/log/radius/radacct/192.168.1.1/auth-detail-20070611
> > Mon Jun 11 11:18:18 2007 : Debug:   modsingle[authorize]: returned
> > from auth_log (rlm_detail) for request 1
> > Mon Jun 11 11:18:18 2007 : Debug:   modcall[authorize]: module
> > "auth_log" returns ok for request 1
> > Mon Jun 11 11:18:18 2007 : Debug:   modsingle[authorize]: calling chap
> > (rlm_chap) for request 1
> > Mon Jun 11 11:18:18 2007 : Debug:   modsingle[authorize]: returned
> > from chap (rlm_chap) for request 1
> > Mon Jun 11 11:18:18 2007 : Debug:   modcall[authorize]: module "chap"
> > returns noop for request 1
> > Mon Jun 11 11:18:18 2007 : Debug:   modsingle[authorize]: calling
> > suffix (rlm_realm) for request 1
> > Mon Jun 11 11:18:18 2007 : Debug:     rlm_realm: Looking up realm
> > "local.com" for User-Name = "steve at local.com"
> > Mon Jun 11 11:18:18 2007 : Debug:     rlm_realm: No such realm "
> local.com"
> > Mon Jun 11 11:18:18 2007 : Debug:   modsingle[authorize]: returned
> > from suffix (rlm_realm) for request 1
> > Mon Jun 11 11:18:18 2007 : Debug:   modcall[authorize]: module
> > "suffix" returns noop for request 1
> > Mon Jun 11 11:18:18 2007 : Debug:   modsingle[authorize]: calling
> > files (rlm_files) for request 1
> > Mon Jun 11 11:18:18 2007 : Debug:     users: Matched entry DEFAULT at
> line
> > 171
> > Mon Jun 11 11:18:18 2007 : Debug:     users: Matched entry DEFAULT at
> line
> > 183
> > Mon Jun 11 11:18:18 2007 : Debug:   modsingle[authorize]: returned
> > from files (rlm_files) for request 1
> > Mon Jun 11 11:18:18 2007 : Debug:   modcall[authorize]: module "files"
> > returns ok for request 1
> > Mon Jun 11 11:18:18 2007 : Debug:   modsingle[authorize]: calling sql
> > (rlm_sql) for request 1
> > Mon Jun 11 11:18:18 2007 : Debug: radius_xlat:  'steve at local.com'
> > Mon Jun 11 11:18:18 2007 : Debug: rlm_sql (sql): sql_set_user escaped
> > user --> 'steve at local.com'
> > Mon Jun 11 11:18:18 2007 : Debug: radius_xlat:  'SELECT
> > id,UserName,Attribute,Value,op FROM radcheck WHERE Username =
> > 'steve at local.com' ORDER BY id'
> > Mon Jun 11 11:18:18 2007 : Debug: rlm_sql (sql): Reserving sql socket
> id:
> > 30
> > Mon Jun 11 11:18:18 2007 : Debug: radius_xlat:  'SELECT
> > radgroupcheck.id,radgroupcheck.GroupName,radgroupcheck.Attribute,
> > radgroupcheck.Value,radgroupcheck.op
> > FROM radgroupcheck,usergroup WHERE usergroup.Username =
> > 'steve at local.com' AND usergroup.GroupName = radgroupcheck.GroupName
> > ORDER BY radgroupcheck.id'
> > Mon Jun 11 11:18:18 2007 : Debug: radius_xlat:  'SELECT
> > id,UserName,Attribute,Value,op FROM radreply WHERE Username =
> > 'steve at local.com' ORDER BY id'
> > Mon Jun 11 11:18:18 2007 : Debug: radius_xlat:  'SELECT
> > radgroupreply.id,radgroupreply.GroupName,radgroupreply.Attribute,
> > radgroupreply.Value,radgroupreply.op
> > FROM radgroupreply,usergroup WHERE usergroup.Username =
> > 'steve at local.com' AND usergroup.GroupName = radgroupreply.GroupName
> > ORDER BY radgroupreply.id'
> > Mon Jun 11 11:18:18 2007 : Debug: rlm_sql (sql): Released sql socket id:
> > 30
> > Mon Jun 11 11:18:18 2007 : Debug:   modsingle[authorize]: returned
> > from sql (rlm_sql) for request 1
> > Mon Jun 11 11:18:18 2007 : Debug:   modcall[authorize]: module "sql"
> > returns ok for request 1
> > Mon Jun 11 11:18:18 2007 : Debug:   modsingle[authorize]: calling pap
> > (rlm_pap) for request 1
> > Mon Jun 11 11:18:18 2007 : Debug:   modsingle[authorize]: returned
> > from pap (rlm_pap) for request 1
> > Mon Jun 11 11:18:18 2007 : Debug:   modcall[authorize]: module "pap"
> > returns updated for request 1
> > Mon Jun 11 11:18:18 2007 : Debug: modcall: leaving group authorize
> > (returns updated) for request 1
> > Mon Jun 11 11:18:18 2007 : Debug:   rad_check_password:  Found Auth-Type
> > pap
> > Mon Jun 11 11:18:18 2007 : Debug: auth: type "PAP"
> > Mon Jun 11 11:18:18 2007 : Debug:   Processing the authenticate
> > section of radiusd.conf
> > Mon Jun 11 11:18:18 2007 : Debug: modcall: entering group PAP for
> request
> > 1
> > Mon Jun 11 11:18:18 2007 : Debug:   modsingle[authenticate]: calling
> > pap (rlm_pap) for request 1
> > Mon Jun 11 11:18:18 2007 : Debug: rlm_pap: login attempt with password
> > testing
> > Mon Jun 11 11:18:18 2007 : Debug: rlm_pap: Using clear text password.
> > Mon Jun 11 11:18:18 2007 : Debug: rlm_pap: User authenticated
> succesfully
> > Mon Jun 11 11:18:18 2007 : Debug:   modsingle[authenticate]: returned
> > from pap (rlm_pap) for request 1
> > Mon Jun 11 11:18:18 2007 : Debug:   modcall[authenticate]: module
> > "pap" returns ok for request 1
> > Mon Jun 11 11:18:18 2007 : Debug: modcall: leaving group PAP (returns
> > ok) for request 1
> > Mon Jun 11 11:18:18 2007 : Auth: Login OK: [steve at local.com] (from
> > client ERX-3 port 845414532 cli #BRAS-03#this is a
> > description#100#132)
> > Mon Jun 11 11:18:18 2007 : Debug:   Processing the post-auth section
> > of radiusd.conf
> > Mon Jun 11 11:18:18 2007 : Debug: modcall: entering group post-auth
> > for request 1
> > Mon Jun 11 11:18:18 2007 : Debug:   modsingle[post-auth]: calling pool
> > (rlm_sqlippool) for request 0
> > Mon Jun 11 11:18:18 2007 : Debug: Value Of the Pool-Name is [FIX] and
> > its [3] Chars
> > Mon Jun 11 11:18:18 2007 : Debug: rlm_sql (sql_postgresql): Reserving
> > sql socket id: 30
> > Mon Jun 11 11:18:18 2007 : Debug: radius_xlat:  'BEGIN'
> > Mon Jun 11 11:18:18 2007 : Debug: rlm_sql_postgresql: Status:
> > PGRES_COMMAND_OK
> > Mon Jun 11 11:18:18 2007 : Debug: rlm_sql_postgresql: affected rows =
> > Mon Jun 11 11:18:18 2007 : Debug: radius_xlat:  'UPDATE radippool
> > SET nasipaddress = '', pool_key = 0, callingstationid = '',
> > expiry_time = 'now'::timestamp(0) - '1 second'::interval   WHERE
> > nasipaddress = '192.168.1.1' and pool_key = 'pppoe 12:34:56:78:9a:bc''
> > Mon Jun 11 11:18:18 2007 : Debug: rlm_sql_postgresql: Status:
> > PGRES_COMMAND_OK
> > Mon Jun 11 11:18:18 2007 : Debug: rlm_sql_postgresql: affected rows = 0
> > Mon Jun 11 11:18:18 2007 : Debug: radius_xlat:  'select
> > pool('steve at local.com','FIX','#BRAS-03#this is a
> > description#100#134')'
> > Mon Jun 11 11:18:19 2007 : Debug: rlm_sql_postgresql: Status:
> > PGRES_TUPLES_OK
> > Mon Jun 11 11:18:19 2007 : Debug: rlm_sql_postgresql: affected rows =
> > Mon Jun 11 11:18:19 2007 : Info: rlm_sqlippool: ip=[10.10.10.1] len=14
> > Mon Jun 11 11:18:19 2007 : Debug: radius_xlat:  'UPDATE radippool
> > SET nasipaddress = '192.168.1.1', pool_key = 'pppoe
> > 12:34:56:78:9a:bc',   callingstationid = '#BRAS-03#this is a
> > description#100#134', username = 'steve at local.com',   expiry_time =
> > 'now'::timestamp(0) + '3600 second'::interval   WHERE framedipaddress
> > = '10.10.10.1''
> > Mon Jun 11 11:18:19 2007 : Debug: rlm_sql_postgresql: Status:
> > PGRES_COMMAND_OK
> > Mon Jun 11 11:18:19 2007 : Debug: rlm_sql_postgresql: affected rows = 1
> > Mon Jun 11 11:18:19 2007 : Debug: rlm_sqlippool: Allocated IP
> > 10.10.10.1 [8ec25ec9]
> > Mon Jun 11 11:18:19 2007 : Debug: radius_xlat:  'COMMIT'
> > Mon Jun 11 11:18:19 2007 : Debug: rlm_sql_postgresql: Status:
> > PGRES_COMMAND_OK
> > Mon Jun 11 11:18:19 2007 : Debug: rlm_sql_postgresql: affected rows =
> > Mon Jun 11 11:18:19 2007 : Debug: rlm_sql (sql_postgresql): Released
> > sql socket id: 30
> > Mon Jun 11 11:18:19 2007 : Debug:   modsingle[post-auth]: returned
> > from pool (rlm_sqlippool) for request 0
> > Mon Jun 11 11:18:19 2007 : Debug:   modcall[post-auth]: module "pool"
> > returns ok for request 0
> > Mon Jun 11 11:18:19 2007 : Debug:   modsingle[post-auth]: calling
> > sql_log (rlm_sql_log) for request 0
> > Mon Jun 11 11:18:19 2007 : Debug: rlm_sql_log (sql_log): Processing
> > sql_log_postauth
> > Mon Jun 11 11:18:19 2007 : Debug: radius_xlat:  'INSERT INTO
> > radpostauth                   ?? (username, pass, reply, authdate)
> > VALUES                            ?? ('steve at local.com', 'testing',
> >      ?? 'Access-Accept', TO_DATE('2007-06-11 11:18:18','yyyy-mm-dd
> > hh24:mi:ss'))'
> > Mon Jun 11 11:18:19 2007 : Debug: radius_xlat:
> > '/usr/local/var/log/radius/radacct/sql-relay'
> > Mon Jun 11 11:18:19 2007 : Debug:   modsingle[post-auth]: returned
> > from sql_log (rlm_sql_log) for request 0
> > Mon Jun 11 11:18:19 2007 : Debug:   modcall[post-auth]: module
> > "sql_log" returns ok for request 0
> > Mon Jun 11 11:18:19 2007 : Debug: modcall: leaving group post-auth
> > (returns ok) for request 0
> > Sending Access-Accept of id 30 to 192.168.1.1 port 50000
> >         X-Ascend-Client-Primary-DNS := 172.16.1.1
> >         X-Ascend-Client-Secondary-DNS := 172.16.1.2
> >         X-Ascend-Client-Assign-DNS := DNS-Assign-Yes
> >         ERX-Virtual-Router-Name := "default"
> >         ERX-Service-Bundle := "test1"
> >         Framed-IP-Address = 10.10.10.1
> > Mon Jun 11 11:18:19 2007 : Debug: Finished request 0
> >
> > ---------------
> >
> > Now, steve at proxy.com gets authenticated, but in a proxied realm (this
> > user is also in radreply):
> >
> > rad_recv: Access-Request packet from host 192.168.1.1:50000, id=30,
> > length=250
> > Mon Jun 11 11:02:10 2007 : Debug: --- Walking the entire request list
> ---
> > Mon Jun 11 11:02:10 2007 : Debug: Thread 1 got semaphore
> > Mon Jun 11 11:02:10 2007 : Debug: Thread 1 handling request 0, (1
> > handled so far)
> >         User-Password = "testing"
> >         User-Name = "steve at proxy.com"
> >         Acct-Session-Id = "erx atm 3/2.42:100.133:0002097382"
> >         Service-Type = Framed-User
> >         Framed-Protocol = PPP
> >         ERX-Pppoe-Description = "pppoe 12:34:56:78:9a:bc"
> >         Calling-Station-Id = "#BRAS-03#this is a description#100#133"
> >         Connect-Info = "speed:UBR:12000"
> >         NAS-Port-Type = xDSL
> >         NAS-Port = 845414533
> >         NAS-Port-Id = "atm 3/2.42:100.133"
> >         NAS-IP-Address = 192.168.1.1
> >         NAS-Identifier = "BRAS-03"
> > Mon Jun 11 11:02:10 2007 : Debug:   Processing the authorize section
> > of radiusd.conf
> > Mon Jun 11 11:02:10 2007 : Debug: Waking up in 31 seconds...
> > Mon Jun 11 11:02:10 2007 : Debug: modcall: entering group authorize
> > for request 0
> > Mon Jun 11 11:02:10 2007 : Debug:   modsingle[authorize]: calling
> > preprocess (rlm_preprocess) for request 0
> > Mon Jun 11 11:02:10 2007 : Debug: Threads: total/active/spare threads =
> > 5/1/4
> > Mon Jun 11 11:02:10 2007 : Debug:   modsingle[authorize]: returned
> > from preprocess (rlm_preprocess) for request 0
> > Mon Jun 11 11:02:10 2007 : Debug:   modcall[authorize]: module
> > "preprocess" returns ok for request 0
> > Mon Jun 11 11:02:10 2007 : Debug:   modsingle[authorize]: calling
> > auth_log (rlm_detail) for request 0
> > Mon Jun 11 11:02:10 2007 : Debug: radius_xlat:
> > '/usr/local/var/log/radius/radacct/192.168.1.1/auth-detail-20070611'
> > Mon Jun 11 11:02:10 2007 : Debug: rlm_detail:
> >
> /usr/local/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d
> > expands to
> > /usr/local/var/log/radius/radacct/192.168.1.1/auth-detail-20070611
> > Mon Jun 11 11:02:10 2007 : Debug:   modsingle[authorize]: returned
> > from auth_log (rlm_detail) for request 0
> > Mon Jun 11 11:02:10 2007 : Debug:   modcall[authorize]: module
> > "auth_log" returns ok for request 0
> > Mon Jun 11 11:02:10 2007 : Debug:   modsingle[authorize]: calling chap
> > (rlm_chap) for request 0
> > Mon Jun 11 11:02:10 2007 : Debug:   modsingle[authorize]: returned
> > from chap (rlm_chap) for request 0
> > Mon Jun 11 11:02:10 2007 : Debug:   modcall[authorize]: module "chap"
> > returns noop for request 0
> > Mon Jun 11 11:02:10 2007 : Debug:   modsingle[authorize]: calling
> > suffix (rlm_realm) for request 0
> > Mon Jun 11 11:02:10 2007 : Debug:     rlm_realm: Looking up realm
> > "proxy.com" for User-Name = "steve at proxy.com"
> > Mon Jun 11 11:02:10 2007 : Debug:     rlm_realm: Found realm "proxy.com"
> > Mon Jun 11 11:02:10 2007 : Debug:     rlm_realm: Adding
> > Stripped-User-Name = "steve"
> > Mon Jun 11 11:02:10 2007 : Debug:     rlm_realm: Proxying request from
> > user steve to realm proxy.com
> > Mon Jun 11 11:02:10 2007 : Debug:     rlm_realm: Adding Realm = "
> proxy.com
> > "
> > Mon Jun 11 11:02:10 2007 : Debug:     rlm_realm: Preparing to proxy
> > authentication request to realm "proxy.com"
> > Mon Jun 11 11:02:10 2007 : Debug:   modsingle[authorize]: returned
> > from suffix (rlm_realm) for request 0
> > Mon Jun 11 11:02:10 2007 : Debug:   modcall[authorize]: module
> > "suffix" returns updated for request 0
> > Mon Jun 11 11:02:10 2007 : Debug:   modsingle[authorize]: calling
> > files (rlm_files) for request 0
> > Mon Jun 11 11:02:10 2007 : Debug:     users: Matched entry DEFAULT at
> line
> > 171
> > Mon Jun 11 11:02:10 2007 : Debug:     users: Matched entry DEFAULT at
> line
> > 183
> > Mon Jun 11 11:02:10 2007 : Debug:   modsingle[authorize]: returned
> > from files (rlm_files) for request 0
> > Mon Jun 11 11:02:10 2007 : Debug:   modcall[authorize]: module "files"
> > returns ok for request 0
> > Mon Jun 11 11:02:10 2007 : Debug:   modsingle[authorize]: calling sql
> > (rlm_sql) for request 0
> > Mon Jun 11 11:02:10 2007 : Debug: radius_xlat:  'steve at proxy.com'
> > Mon Jun 11 11:02:10 2007 : Debug: rlm_sql (sql): sql_set_user escaped
> > user --> 'steve at proxy.com' ORDER BY id'
> > Mon Jun 11 11:02:10 2007 : Debug: rlm_sql (sql): Reserving sql socket
> id:
> > 31
> > Mon Jun 11 11:02:10 2007 : Debug: radius_xlat:  'SELECT
> > radgroupcheck.id,radgroupcheck.GroupName,radgroupcheck.Attribute,
> > radgroupcheck.Value,radgroupcheck.op
> > FROM radgroupcheck,usergroup WHERE usergroup.Username =
> > 'steve at proxy.com' AND usergroup.GroupName = radgroupcheck.GroupName
> > ORDER BY radgroupcheck.id'
> > Mon Jun 11 11:02:10 2007 : Debug: radius_xlat:  'SELECT
> > id,UserName,Attribute,Value,op FROM radreply WHERE Username =
> > 'steve at proxy.com' ORDER BY id'
> > Mon Jun 11 11:02:10 2007 : Debug: radius_xlat:  'SELECT
> > radgroupreply.id,radgroupreply.GroupName,radgroupreply.Attribute,
> > radgroupreply.Value,radgroupreply.op
> > FROM radgroupreply,usergroup WHERE usergroup.Username =
> > 'steve at proxy.com' AND usergroup.GroupName = radgroupreply.GroupName
> > ORDER BY radgroupreply.id'
> > Mon Jun 11 11:02:10 2007 : Debug: rlm_sql (sql): Released sql socket id:
> > 31
> > Mon Jun 11 11:02:10 2007 : Debug:   modsingle[authorize]: returned
> > from sql (rlm_sql) for request 0
> > Mon Jun 11 11:02:10 2007 : Debug:   modcall[authorize]: module "sql"
> > returns ok for request 0
> > Mon Jun 11 11:02:10 2007 : Debug:   modsingle[authorize]: calling pap
> > (rlm_pap) for request 0
> > Mon Jun 11 11:02:10 2007 : Debug:   modsingle[authorize]: returned
> > from pap (rlm_pap) for request 0
> > Mon Jun 11 11:02:10 2007 : Debug:   modcall[authorize]: module "pap"
> > returns noop for request 0
> > Mon Jun 11 11:02:10 2007 : Debug: modcall: leaving group authorize
> > (returns updated) for request 0
> > Mon Jun 11 11:02:10 2007 : Debug:  proxy: creating fc229bc8:1812
> > Mon Jun 11 11:02:10 2007 : Debug:  proxy: allocating fc229bc8:1812 0
> > Sending Access-Request of id 0 to 192.168.1.2 port 1812
> >         User-Password = "testing"
> >         User-Name = "steve"
> >         Acct-Session-Id = "erx atm 3/2.42:100.133:0002097382"
> >         Service-Type = Framed-User
> >         Framed-Protocol = PPP
> >         ERX-Pppoe-Description = "pppoe 12:34:56:78:9a:bc"
> >         Calling-Station-Id = "#BRAS-03#this is a description#100#133"
> >         Connect-Info = "speed:UBR:12000"
> >         NAS-Port-Type = xDSL
> >         NAS-Port = 845414533
> >         NAS-Port-Id = "atm 3/2.42:100.133"
> >         NAS-IP-Address = 192.168.1.1
> >         NAS-Identifier = "BRAS-03"
> >         Proxy-State = 0x3330
> > Mon Jun 11 11:02:10 2007 : Debug: Thread 1 waiting to be assigned a
> > request
> > rad_recv: Access-Accept packet from host 192.168.1.2:1812, id=0,
> length=24
> > Mon Jun 11 11:02:10 2007 : Debug:  proxy: de-allocating fc229bc8:1812 0
> > Mon Jun 11 11:02:10 2007 : Debug: rl_next:  returning NULL
> > Mon Jun 11 11:02:10 2007 : Debug: Waking up in 31 seconds...
> > Mon Jun 11 11:02:10 2007 : Debug: Threads: total/active/spare threads =
> > 5/0/5
> > Mon Jun 11 11:02:10 2007 : Debug: Thread 2 got semaphore
> > Mon Jun 11 11:02:10 2007 : Debug: Thread 2 handling request 0, (1
> > handled so far)
> >         Proxy-State = 0x3330
> > Mon Jun 11 11:02:10 2007 : Debug:   Processing the post-proxy section
> > of radiusd.conf
> > Mon Jun 11 11:02:10 2007 : Debug: modcall: entering group post-proxy
> > for request 0
> > Mon Jun 11 11:02:10 2007 : Debug:   modsingle[post-proxy]: calling
> > attr_filter (rlm_attr_filter) for request 0
> > Mon Jun 11 11:02:10 2007 : Debug:  attr_filter: Matched entry
> > proxy.com at line 84
> > Mon Jun 11 11:02:10 2007 : Debug:   modsingle[post-proxy]: returned
> > from attr_filter (rlm_attr_filter) for request 0
> > Mon Jun 11 11:02:10 2007 : Debug:   modcall[post-proxy]: module
> > "attr_filter" returns updated for request 0
> > Mon Jun 11 11:02:10 2007 : Debug: modcall: leaving group post-proxy
> > (returns updated) for request 0
> > Mon Jun 11 11:02:10 2007 : Debug:  authorize: Skipping authorize in
> > post-proxy stage
> > Mon Jun 11 11:02:10 2007 : Debug:   rad_check_password:  Found Auth-Type
> > Mon Jun 11 11:02:10 2007 : Debug:   rad_check_password: Auth-Type =
> > Accept, accepting the user
> > Mon Jun 11 11:02:10 2007 : Auth: Login OK: [steve at proxy.com] (from
> > client ERX-3 port 845414533 cli #BRAS-03#this is a
> > description#100#133)
> > Mon Jun 11 11:02:10 2007 : Debug:   Processing the post-auth section
> > of radiusd.conf
> > Mon Jun 11 11:02:10 2007 : Debug: modcall: entering group post-auth
> > for request 0
> > Mon Jun 11 11:02:10 2007 : Debug:   modsingle[post-auth]: calling pool
> > (rlm_sqlippool) for request 0
> > Mon Jun 11 11:02:10 2007 : Debug: Value Of the Pool-Name is [FIX] and
> > its [3] Chars
> > Mon Jun 11 11:02:10 2007 : Debug: rlm_sql (sql_postgresql): Reserving
> > sql socket id: 30
> > Mon Jun 11 11:02:10 2007 : Debug: radius_xlat:  'BEGIN'
> > Mon Jun 11 11:02:10 2007 : Debug: rlm_sql_postgresql: Status:
> > PGRES_COMMAND_OK
> > Mon Jun 11 11:02:10 2007 : Debug: rlm_sql_postgresql: affected rows =
> > Mon Jun 11 11:02:10 2007 : Debug: radius_xlat:  'UPDATE radippool
> > SET nasipaddress = '', pool_key = 0, callingstationid = '',
> > expiry_time = 'now'::timestamp(0) - '1 second'::interval   WHERE
> > nasipaddress = '192.168.1.1' and pool_key = 'pppoe 12:34:56:78:9a:bc''
> > Mon Jun 11 11:02:10 2007 : Debug: rlm_sql_postgresql: Status:
> > PGRES_COMMAND_OK
> > Mon Jun 11 11:02:10 2007 : Debug: rlm_sql_postgresql: affected rows = 0
> > Mon Jun 11 11:02:10 2007 : Debug: radius_xlat:  'select
> > pool('steve at proxy.com','FIX','#BRAS-03#this is a
> > description#100#133')'
> > Mon Jun 11 11:02:10 2007 : Debug: rlm_sql_postgresql: Status:
> > PGRES_TUPLES_OK
> > Mon Jun 11 11:02:10 2007 : Debug: rlm_sql_postgresql: affected rows =
> > Mon Jun 11 11:02:10 2007 : Info: rlm_sqlippool: ip=[10.10.10.1] len=13
> > Mon Jun 11 11:02:10 2007 : Debug: radius_xlat:  'UPDATE radippool
> > SET nasipaddress = '192.168.1.1', pool_key = 'pppoe
> > 12:34:56:78:9a:bc',   callingstationid = '#BRAS-03#this is a
> > description#100#133', username = 'steve at proxy.com',   expiry_time =
> > 'now'::timestamp(0) + '3600 second'::interval   WHERE framedipaddress
> > = '10.10.10.1''
> > Mon Jun 11 11:02:10 2007 : Debug: rlm_sql_postgresql: Status:
> > PGRES_COMMAND_OK
> > Mon Jun 11 11:02:10 2007 : Debug: rlm_sql_postgresql: affected rows = 1
> > Mon Jun 11 11:02:10 2007 : Debug: rlm_sqlippool: Allocated IP
> > 10.10.10.1 [97310ebd]
> > Mon Jun 11 11:02:10 2007 : Debug: radius_xlat:  'COMMIT'
> > Mon Jun 11 11:02:10 2007 : Debug: rlm_sql_postgresql: Status:
> > PGRES_COMMAND_OK
> > Mon Jun 11 11:02:10 2007 : Debug: rlm_sql_postgresql: affected rows =
> > Mon Jun 11 11:02:10 2007 : Debug: rlm_sql (sql_postgresql): Released
> > sql socket id: 30
> > Mon Jun 11 11:02:10 2007 : Debug:   modsingle[post-auth]: returned
> > from pool (rlm_sqlippool) for request 0
> > Mon Jun 11 11:02:10 2007 : Debug:   modcall[post-auth]: module "pool"
> > returns ok for request 0
> > Mon Jun 11 11:02:10 2007 : Debug:   modsingle[post-auth]: calling
> > sql_log (rlm_sql_log) for request 0
> > Mon Jun 11 11:02:10 2007 : Debug: rlm_sql_log (sql_log): Processing
> > sql_log_postauth
> > Mon Jun 11 11:02:10 2007 : Debug: radius_xlat:  'INSERT INTO
> > radpostauth                   ?? (username, pass, reply, authdate)
> > VALUES                            ?? ('steve at proxy.com', 'testing',
> >      ?? 'Access-Accept', TO_DATE('2007-06-11 11:02:10','yyyy-mm-dd
> > hh24:mi:ss'))'
> > Mon Jun 11 11:02:10 2007 : Debug: radius_xlat:
> > '/usr/local/var/log/radius/radacct/sql-relay'
> > Mon Jun 11 11:02:10 2007 : Debug:   modsingle[post-auth]: returned
> > from sql_log (rlm_sql_log) for request 0
> > Mon Jun 11 11:02:10 2007 : Debug:   modcall[post-auth]: module
> > "sql_log" returns ok for request 0
> > Mon Jun 11 11:02:10 2007 : Debug: modcall: leaving group post-auth
> > (returns ok) for request 0
> > Sending Access-Accept of id 30 to 192.168.1.1 port 50000
> >         X-Ascend-Client-Primary-DNS := 172.16.1.1
> >         X-Ascend-Client-Secondary-DNS := 172.16.1.2
> >         X-Ascend-Client-Assign-DNS := DNS-Assign-Yes
> >         ERX-Virtual-Router-Name := "default"
> >         Framed-IP-Address = 10.10.10.1
> > Mon Jun 11 11:02:10 2007 : Debug: Finished request 0
> >
> > -------------
> >
> > >   The debug logs will still tell you what modules are being executed,
> > > and when.  That will give information as to *why* it's not being
> added.
> >
> > *Sorry, but where is the VSA "ERX-Service-Bundle" here?
> >
> > >   This is what the post-auth section is for: adding attributes to
> > > packets after a user has been authenticated.
> >
> > *What config shall I put in post-auth to send this VSA back to the
> > B-RAS? Create a module and call it in post-auth?
> >
> > >   This will be better supported in 2.0.0.
> >
> > *Should I install 2.0.0 then? Is it the only way?
> >
> > Thank you very much!
> >
> > Guilherme
> >
> >
> > ------------------------------
> >
> > -
> > List info/subscribe/unsubscribe? See
> > http://www.freeradius.org/list/users.html
> >
> >
> > End of Freeradius-Users Digest, Vol 26, Issue 33
> > ************************************************
> >
> -------------- next part --------------
> An HTML attachment was scrubbed...
> URL:
> https://lists.freeradius.org/pipermail/freeradius-users/attachments/20070611/f189cbae/attachment.html
>
> ------------------------------
>
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
>
>
> End of Freeradius-Users Digest, Vol 26, Issue 34
> ************************************************
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20070611/4a84fd22/attachment.html>


More information about the Freeradius-Users mailing list