rlm_mschap: FAILED: MS-CHAP2-Response is incorrect
Frank Reimann
iksc20 at gmail.com
Mon May 11 10:26:35 CEST 2009
Hi all
We have a strange propmlem with our RADIUS Server.
I'm not the RADIUS expert and take over this Server and configuration... :-(
>From time to time the users are not able to login, sometime it works and
sometime it works only from 1 or 2 accesspopints (we have 10 accesspoints).
Attached you'll find the configuration and a snap from the RADIUS-log in
debugmode.
Accesspoints are Linksys WRT54GL with Tomato 1.23
We are running FreeRadius 2.0.5 on Gentoo Linux 2.6.27-r27.
Could it be if we running FreeRadius on another OS we have less problems ?!?
Thanks a lot !
Best wishes, Frank
Errormessages from radiusd -X:
rad_recv: Access-Request packet from host 10.0.0.15 port 2048, id=6,
length=139
User-Name = "hummel.daniel"
NAS-IP-Address = 10.0.0.15
Called-Station-Id = "00226b8df369"
Calling-Station-Id = "001de03c1333"
NAS-Identifier = "00226b8df369"
NAS-Port = 28
Framed-MTU = 1400
NAS-Port-Type = Wireless-802.11
EAP-Message = 0x020000120168756d6d656c2e64616e69656c
Message-Authenticator = 0xc4150c77c1b15ce73bb23597f026471a
+- entering group authorize
expand: %{User-Name} -> hummel.daniel
rlm_sql (sql): sql_set_user escaped user --> 'hummel.daniel'
rlm_sql (sql): Reserving sql socket id: 1
expand: SELECT id, username, attribute, value, op FROM
radcheck WHERE username = '%{SQL-User-Name}' ORDER BY id
-> SELECT id, username, attribute, value, op FROM
radcheck WHERE username = 'hummel.daniel' ORDER BY id
rlm_sql (sql): User found in radcheck table
expand: SELECT id, username, attribute, value, op FROM
radreply WHERE username = '%{SQL-User-Name}' ORDER BY id
-> SELECT id, username, attribute, value, op FROM
radreply WHERE username = 'hummel.daniel' ORDER BY id
expand: SELECT groupname FROM radusergroup WHERE
username = '%{SQL-User-Name}' ORDER BY priority -> SELECT
groupname FROM radusergroup WHERE username =
'hummel.daniel' ORDER BY priority
rlm_sql (sql): Released sql socket id: 1
++[sql] returns ok
++[files] returns noop
++[mschap] returns noop
rlm_eap: EAP packet type response id 0 length 18
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
++[eap] returns updated
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
+- entering group authenticate
rlm_eap: EAP Identity
rlm_eap: processing type tls
rlm_eap_tls: Initiate
rlm_eap_tls: Start returned 1
++[eap] returns handled
Sending Access-Challenge of id 6 to 10.0.0.15 port 2048
EAP-Message = 0x010100061520
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xe01ba3a4e01ab604a48cd5e81844c9b7
Finished request 92.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 10.0.0.15 port 2048, id=6,
length=145
Cleaning up request 92 ID 6 with timestamp +1637
User-Name = "hummel.daniel"
NAS-IP-Address = 10.0.0.15
Called-Station-Id = "00226b8df369"
Calling-Station-Id = "001de03c1333"
NAS-Identifier = "00226b8df369"
NAS-Port = 28
Framed-MTU = 1400
State = 0xe01ba3a4e01ab604a48cd5e81844c9b7
NAS-Port-Type = Wireless-802.11
EAP-Message = 0x020100060319
Message-Authenticator = 0x0b24d65028ad5d79b81610cd54488cfa
+- entering group authorize
expand: %{User-Name} -> hummel.daniel
rlm_sql (sql): sql_set_user escaped user --> 'hummel.daniel'
rlm_sql (sql): Reserving sql socket id: 0
expand: SELECT id, username, attribute, value, op FROM
radcheck WHERE username = '%{SQL-User-Name}' ORDER BY id
-> SELECT id, username, attribute, value, op FROM
radcheck WHERE username = 'hummel.daniel' ORDER BY id
rlm_sql (sql): User found in radcheck table
expand: SELECT id, username, attribute, value, op FROM
radreply WHERE username = '%{SQL-User-Name}' ORDER BY id
-> SELECT id, username, attribute, value, op FROM
radreply WHERE username = 'hummel.daniel' ORDER BY id
expand: SELECT groupname FROM radusergroup WHERE
username = '%{SQL-User-Name}' ORDER BY priority -> SELECT
groupname FROM radusergroup WHERE username =
'hummel.daniel' ORDER BY priority
rlm_sql (sql): Released sql socket id: 0
++[sql] returns ok
++[files] returns noop
++[mschap] returns noop
rlm_eap: EAP packet type response id 1 length 6
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
++[eap] returns updated
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
+- entering group authenticate
rlm_eap: Request found, released from the list
rlm_eap: EAP NAK
rlm_eap: EAP-NAK asked for EAP-Type/peap
rlm_eap: processing type tls
rlm_eap_tls: Initiate
rlm_eap_tls: Start returned 1
++[eap] returns handled
Sending Access-Challenge of id 6 to 10.0.0.15 port 2048
EAP-Message = 0x010200061920
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xe01ba3a4e119ba04a48cd5e81844c9b7
Finished request 93.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 10.0.0.15 port 2048, id=6,
length=295
Cleaning up request 93 ID 6 with timestamp +1637
User-Name = "hummel.daniel"
NAS-IP-Address = 10.0.0.15
Called-Station-Id = "00226b8df369"
Calling-Station-Id = "001de03c1333"
NAS-Identifier = "00226b8df369"
NAS-Port = 28
Framed-MTU = 1400
State = 0xe01ba3a4e119ba04a48cd5e81844c9b7
NAS-Port-Type = Wireless-802.11
EAP-Message =
0x0202009c198000000092160301008d01000089030149f72cc806e92a43ee6904dca25525651e77e998da5d0ededbd5753bb07ed85220af386935a49b3f5b9c4783516e0333469c78eb2cfad74151d5b753d674ee628c0018002f00350005000ac009c00ac013c01400320038001300040100002800000012001000000d68756d6d656c2e64616e69656c000a00080006001700180019000b00020100
Message-Authenticator = 0xa26fd49f5c488c892a756621fb54de36
+- entering group authorize
expand: %{User-Name} -> hummel.daniel
rlm_sql (sql): sql_set_user escaped user --> 'hummel.daniel'
rlm_sql (sql): Reserving sql socket id: 4
expand: SELECT id, username, attribute, value, op FROM
radcheck WHERE username = '%{SQL-User-Name}' ORDER BY id
-> SELECT id, username, attribute, value, op FROM
radcheck WHERE username = 'hummel.daniel' ORDER BY id
rlm_sql (sql): User found in radcheck table
expand: SELECT id, username, attribute, value, op FROM
radreply WHERE username = '%{SQL-User-Name}' ORDER BY id
-> SELECT id, username, attribute, value, op FROM
radreply WHERE username = 'hummel.daniel' ORDER BY id
expand: SELECT groupname FROM radusergroup WHERE
username = '%{SQL-User-Name}' ORDER BY priority -> SELECT
groupname FROM radusergroup WHERE username =
'hummel.daniel' ORDER BY priority
rlm_sql (sql): Released sql socket id: 4
++[sql] returns ok
++[files] returns noop
++[mschap] returns noop
rlm_eap: EAP packet type response id 2 length 156
rlm_eap: Continuing tunnel setup.
++[eap] returns ok
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
+- entering group authenticate
rlm_eap: Request found, released from the list
rlm_eap: EAP/peap
rlm_eap: processing type peap
rlm_eap_peap: Authenticate
rlm_eap_tls: processing TLS
TLS Length 146
rlm_eap_tls: Length Included
eaptls_verify returned 11
(other): before/accept initialization
TLS_accept: before/accept initialization
rlm_eap_tls: <<< TLS 1.0 Handshake [length 008d], ClientHello
TLS_accept: SSLv3 read client hello A
rlm_eap_tls: >>> TLS 1.0 Handshake [length 004a], ServerHello
TLS_accept: SSLv3 write server hello A
rlm_eap_tls: >>> TLS 1.0 Handshake [length 087d], Certificate
TLS_accept: SSLv3 write certificate A
rlm_eap_tls: >>> TLS 1.0 Handshake [length 0004], ServerHelloDone
TLS_accept: SSLv3 write server done A
TLS_accept: SSLv3 flush data
TLS_accept: Need to read more data: SSLv3 read client certificate A
In SSL Handshake Phase
In SSL Accept mode
eaptls_process returned 13
rlm_eap_peap: EAPTLS_HANDLED
++[eap] returns handled
Sending Access-Challenge of id 6 to 10.0.0.15 port 2048
EAP-Message =
0x0103040019c0000008da160301004a02000046030149f71dc1279696bdfc3a39e5703d22d4088664135cd33f3acc30e4f54fe26fe520d50fe4ef8ff0d044ccaf9bae0ff85f02096806a0789312e930c82521d30dd182002f00160301087d0b0008790008760003b5308203b130820299a003020102020101300d06092a864886f70d0101040500308198310b3009060355040613024b53310e300c060355040813054d4e5446533111300f060355040713085355564152454b413111300f060355040a13085357495353434f59312b302906092a864886f70d010901161c434f4d43454e2e5357495353434f59405654472e41444d494e2e4348312630
EAP-Message =
0x240603550403131d5377697373496e74205377697373436f79204365727469666963617465301e170d3038313132363039333731375a170d3039313132363039333731375a308185310b3009060355040613024b53310e300c060355040813054d4e5446533111300f060355040a13085357495353434f59312630240603550403131d5377697373496e74205377697373436f79204365727469666963617465312b302906092a864886f70d010901161c434f4d43454e2e5357495353434f59405654472e41444d494e2e434830820122300d06092a864886f70d01010105000382010f003082010a0282010100a9f605a518d65a8f655d463a3ac5bc
EAP-Message =
0xd0cfd1ba53f38d27ff83ffa6b817dee8c36d785ab3ff4073eaa7c083aa5b9e8c5850b2e3e42b19387a41db367dcf83922e36d5a7d3a65161faf295430975d3bfad5a05caed7476df6b7379f5abb50ac3bf5ba5a8e5fcbfeabb909b5eefb6064bdc08a4bb08b2e9b424bcdf78899961b1b589c30ce8844ec2fd1e7bb2f39e6fea73a6c24bd5c5637a6d0252204269ff643c70f4b25ceb139e96ef390ae158a020e8fa2536e267e82061635325f6fffd2efad24fe27138844fbdf0fa3d9e19445edd460967c2b06c27f82054449cde1e9dc4ce1019a0c6a4367a189cbeb6b9327a0d80b51d25711600e3bc9c9e29d3b5c75b0203010001a3173015301306
EAP-Message =
0x03551d25040c300a06082b06010505070301300d06092a864886f70d010104050003820101009be1f41d9e69695373cba465b1b2351da861cbda4a7f2ab090190a4eeb1d34213396a433b5f2b91d2de5fec116446ccbf453a88dccdfb81ca7ecd82009fc8d22d7189db99494c33efd6fb3f0fef7cd936fb84102fc89a2b3358189621396c81739d7a2355602f5e1bd345aedb0418e6c565657811996940234d7c6815a199fcdea7930f351be5b7fd778f15f64ca729059445eab1af1b87c1129b27ae17c14a09c22ae483daf3f7d31bbecc93bbdc057c4a7a4313c65a5b8d3f27cd0a9ce6ce2150db313ea46d435e1fde6725e1d02a62c36d59704dd79
EAP-Message = 0x2828d76b689c221f2176580a
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xe01ba3a4e218ba04a48cd5e81844c9b7
Finished request 94.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 10.0.0.15 port 2048, id=6,
length=145
Cleaning up request 94 ID 6 with timestamp +1637
User-Name = "hummel.daniel"
NAS-IP-Address = 10.0.0.15
Called-Station-Id = "00226b8df369"
Calling-Station-Id = "001de03c1333"
NAS-Identifier = "00226b8df369"
NAS-Port = 28
Framed-MTU = 1400
State = 0xe01ba3a4e218ba04a48cd5e81844c9b7
NAS-Port-Type = Wireless-802.11
EAP-Message = 0x020300061900
Message-Authenticator = 0xb0cdf7b97da5aa0d76076441bf361fc1
+- entering group authorize
expand: %{User-Name} -> hummel.daniel
rlm_sql (sql): sql_set_user escaped user --> 'hummel.daniel'
rlm_sql (sql): Reserving sql socket id: 3
expand: SELECT id, username, attribute, value, op FROM
radcheck WHERE username = '%{SQL-User-Name}' ORDER BY id
-> SELECT id, username, attribute, value, op FROM
radcheck WHERE username = 'hummel.daniel' ORDER BY id
rlm_sql (sql): User found in radcheck table
expand: SELECT id, username, attribute, value, op FROM
radreply WHERE username = '%{SQL-User-Name}' ORDER BY id
-> SELECT id, username, attribute, value, op FROM
radreply WHERE username = 'hummel.daniel' ORDER BY id
expand: SELECT groupname FROM radusergroup WHERE
username = '%{SQL-User-Name}' ORDER BY priority -> SELECT
groupname FROM radusergroup WHERE username =
'hummel.daniel' ORDER BY priority
rlm_sql (sql): Released sql socket id: 3
++[sql] returns ok
++[files] returns noop
++[mschap] returns noop
rlm_eap: EAP packet type response id 3 length 6
rlm_eap: Continuing tunnel setup.
++[eap] returns ok
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
+- entering group authenticate
rlm_eap: Request found, released from the list
rlm_eap: EAP/peap
rlm_eap: processing type peap
rlm_eap_peap: Authenticate
rlm_eap_tls: processing TLS
rlm_eap_tls: Received EAP-TLS ACK message
rlm_eap_tls: ack handshake fragment handler
eaptls_verify returned 1
eaptls_process returned 13
rlm_eap_peap: EAPTLS_HANDLED
++[eap] returns handled
Radius Configuration:
---------------------
FreeRADIUS Version 2.0.5, for host i486-pc-linux-gnu, built on Jan 10 2009
at 23:27:15
Copyright (C) 1999-2008 The FreeRADIUS server project and contributors.
There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A
PARTICULAR PURPOSE.
You may redistribute copies of FreeRADIUS under the terms of the
GNU General Public License v2.
Starting - reading configuration files ...
including configuration file /etc/raddb/radiusd.conf
including configuration file /etc/raddb/clients.conf
including configuration file /etc/raddb/eap.conf
including configuration file /etc/raddb/sql.conf
including configuration file /etc/raddb/sql/mysql/dialup.conf
including configuration file /etc/raddb/sql/mysql/counter.conf
including dictionary file /etc/raddb/dictionary
main {
prefix = "/usr"
localstatedir = "/var"
logdir = "/var/log/radius"
libdir = "/usr/lib"
radacctdir = "/var/log/radius/radacct"
hostname_lookups = no
max_request_time = 60
cleanup_delay = 5
max_requests = 51200
allow_core_dumps = no
pidfile = "/var/run/radiusd.pid"
checkrad = "/usr/sbin/checkrad"
debug_level = 0
proxy_requests = yes
log {
stripped_names = yes
auth = yes
auth_badpass = yes
auth_goodpass = yes
}
}
client 10.0.0.9 {
require_message_authenticator = no
secret = "xxx"
shortname = "TuXp_Test"
nastype = "other"
}
client 10.0.0.10 {
require_message_authenticator = no
secret = "xxx"
shortname = "Casa_A"
nastype = "other"
}
client 10.0.0.11 {
require_message_authenticator = no
secret = "xxx"
shortname = "Casa_B"
nastype = "other"
}
client 10.0.0.12 {
require_message_authenticator = no
secret = "xxx"
shortname = "Casa_C"
nastype = "other"
}
client 10.0.0.13 {
require_message_authenticator = no
secret = "xxx"
shortname = "Casa_D"
nastype = "other"
}
client 10.0.0.14 {
require_message_authenticator = no
secret = "xxx"
shortname = "Casa_E"
nastype = "other"
}
client 10.0.0.15 {
require_message_authenticator = no
secret = "xxx"
shortname = "Casa_F"
nastype = "other"
}
client 10.0.0.16 {
require_message_authenticator = no
secret = "xxx"
shortname = "Casa_G"
nastype = "other"
}
client 10.0.0.17 {
require_message_authenticator = no
secret = "xxx"
shortname = "Casa_H"
nastype = "other"
}
client 10.0.0.18 {
require_message_authenticator = no
secret = "xxx"
shortname = "Casa_I"
nastype = "other"
}
client 10.0.0.19 {
require_message_authenticator = no
secret = "xxx"
shortname = "Casa_J"
nastype = "other"
}
client 127.0.0.1 {
require_message_authenticator = no
secret = "xxx"
shortname = "Local"
nastype = "other"
}
radiusd: #### Loading Realms and Home Servers ####
radiusd: #### Instantiating modules ####
radiusd: #### Loading Virtual Servers ####
server {
modules {
Module: Checking authenticate {...} for more modules to load
Module: Linked to module rlm_mschap
Module: Instantiating mschap
mschap {
use_mppe = yes
require_encryption = no
require_strong = no
with_ntdomain_hack = yes
}
Module: Linked to module rlm_eap
Module: Instantiating eap
eap {
default_eap_type = "ttls"
timer_expire = 90
ignore_unknown_eap_types = no
cisco_accounting_username_bug = no
}
Module: Linked to sub-module rlm_eap_md5
Module: Instantiating eap-md5
Module: Linked to sub-module rlm_eap_mschapv2
Module: Instantiating eap-mschapv2
mschapv2 {
with_ntdomain_hack = no
}
Module: Linked to sub-module rlm_eap_tls
Module: Instantiating eap-tls
tls {
rsa_key_exchange = no
dh_key_exchange = yes
rsa_key_length = 512
dh_key_length = 512
verify_depth = 0
pem_file_type = yes
private_key_file = "/etc/raddb/certs/server.pem"
certificate_file = "/etc/raddb/certs/server.pem"
CA_file = "/etc/raddb/certs/ca.pem"
private_key_password = "ab3z742fg4med"
dh_file = "/etc/raddb/certs/dh"
random_file = "/etc/raddb/certs/random"
fragment_size = 1024
include_length = yes
check_crl = no
}
Module: Linked to sub-module rlm_eap_ttls
Module: Instantiating eap-ttls
ttls {
default_eap_type = "md5"
copy_request_to_tunnel = no
use_tunneled_reply = no
}
Module: Linked to sub-module rlm_eap_peap
Module: Instantiating eap-peap
peap {
default_eap_type = "mschapv2"
copy_request_to_tunnel = no
use_tunneled_reply = no
proxy_tunneled_request_as_eap = yes
}
Module: Checking authorize {...} for more modules to load
Module: Linked to module rlm_sql
Module: Instantiating sql
sql {
driver = "rlm_sql_mysql"
server = "localhost"
port = ""
login = "radius"
password = "XXXXX"
radius_db = "radius"
read_groups = yes
sqltrace = no
sqltracefile = "/var/log/radius/sqltrace.sql"
readclients = no
deletestalesessions = yes
num_sql_socks = 5
sql_user_name = "%{User-Name}"
default_user_profile = ""
nas_query = "SELECT id, nasname, shortname, type, secret FROM nas"
authorize_check_query = "SELECT id, username, attribute, value,
op FROM radcheck WHERE username =
'%{SQL-User-Name}' ORDER BY id"
authorize_reply_query = "SELECT id, username, attribute, value,
op FROM radreply WHERE username =
'%{SQL-User-Name}' ORDER BY id"
authorize_group_check_query = "SELECT id, groupname,
attribute, Value, op FROM radgroupcheck WHERE
groupname = '%{Sql-Group}' ORDER BY id"
authorize_group_reply_query = "SELECT id, groupname,
attribute, value, op FROM radgroupreply WHERE
groupname = '%{Sql-Group}' ORDER BY id"
accounting_onoff_query = " UPDATE radacct
SET acctstoptime = '%S', acctsessiontime
= unix_timestamp('%S') -
unix_timestamp(acctstarttime), acctterminatecause =
'%{Acct-Terminate-Cause}', acctstopdelay =
%{%{Acct-Delay-Time}:-0} WHERE acctstoptime IS NULL AND
nasipaddress = '%{NAS-IP-Address}' AND acctstarttime <=
'%S'"
accounting_update_query = " UPDATE radacct
SET framedipaddress = '%{Framed-IP-Address}',
acctsessiontime = '%{Acct-Session-Time}',
acctinputoctets = '%{%{Acct-Input-Gigawords}:-0}' << 32
|
'%{%{Acct-Input-Octets}:-0}', acctoutputoctets =
'%{%{Acct-Output-Gigawords}:-0}' << 32 |
'%{%{Acct-Output-Octets}:-0}' WHERE acctsessionid =
'%{Acct-Session-Id}' AND username =
'%{SQL-User-Name}' AND nasipaddress = '%{NAS-IP-Address}'"
accounting_update_query_alt = " INSERT INTO
radacct (acctsessionid, acctuniqueid,
username, realm, nasipaddress,
nasportid, nasporttype, acctstarttime,
acctsessiontime, acctauthentic, connectinfo_start,
acctinputoctets, acctoutputoctets, calledstationid,
callingstationid, servicetype, framedprotocol,
framedipaddress, acctstartdelay,
xascendsessionsvrkey) VALUES ('%{Acct-Session-Id}',
'%{Acct-Unique-Session-Id}', '%{SQL-User-Name}',
'%{Realm}', '%{NAS-IP-Address}', '%{NAS-Port}',
'%{NAS-Port-Type}', DATE_SUB('%S',
INTERVAL (%{%{Acct-Session-Time}:-0} +
%{%{Acct-Delay-Time}:-0}) SECOND),
'%{Acct-Session-Time}', '%{Acct-Authentic}', '',
'%{%{Acct-Input-Gigawords}:-0}' << 32 |
'%{%{Acct-Input-Octets}:-0}', '%{%{Acct-Output-Gigawords}:-0}'
<< 32 | '%{%{Acct-Output-Octets}:-0}',
'%{Called-Station-Id}', '%{Calling-Station-Id}',
'%{Service-Type}', '%{Framed-Protocol}',
'%{Framed-IP-Address}', '0', '%{X-Ascend-Session-Svr-Key}')"
accounting_start_query = " INSERT INTO radacct
(acctsessionid, acctuniqueid, username,
realm, nasipaddress, nasportid,
nasporttype, acctstarttime, acctstoptime,
acctsessiontime, acctauthentic, connectinfo_start,
connectinfo_stop, acctinputoctets, acctoutputoctets,
calledstationid, callingstationid, acctterminatecause,
servicetype, framedprotocol, framedipaddress,
acctstartdelay, acctstopdelay, xascendsessionsvrkey)
VALUES ('%{Acct-Session-Id}',
'%{Acct-Unique-Session-Id}', '%{SQL-User-Name}',
'%{Realm}', '%{NAS-IP-Address}', '%{NAS-Port}',
'%{NAS-Port-Type}', '%S', NULL, '0', '%{Acct-Authentic}',
'%{Connect-Info}', '', '0', '0',
'%{Called-Station-Id}', '%{Calling-Station-Id}', '',
'%{Service-Type}', '%{Framed-Protocol}',
'%{Framed-IP-Address}', '%{%{Acct-Delay-Time}:-0}', '0',
'%{X-Ascend-Session-Svr-Key}')"
accounting_start_query_alt = " UPDATE radacct SET
acctstarttime = '%S', acctstartdelay =
'%{%{Acct-Delay-Time}:-0}', connectinfo_start =
'%{Connect-Info}' WHERE acctsessionid =
'%{Acct-Session-Id}' AND username =
'%{SQL-User-Name}' AND nasipaddress = '%{NAS-IP-Address}'"
accounting_stop_query = " UPDATE radacct SET
acctstoptime = '%S', acctsessiontime =
'%{Acct-Session-Time}', acctinputoctets =
'%{%{Acct-Input-Gigawords}:-0}' << 32 |
'%{%{Acct-Input-Octets}:-0}', acctoutputoctets =
'%{%{Acct-Output-Gigawords}:-0}' << 32 |
'%{%{Acct-Output-Octets}:-0}', acctterminatecause =
'%{Acct-Terminate-Cause}', acctstopdelay =
'%{%{Acct-Delay-Time}:-0}', connectinfo_stop =
'%{Connect-Info}' WHERE acctsessionid =
'%{Acct-Session-Id}' AND username =
'%{SQL-User-Name}' AND nasipaddress = '%{NAS-IP-Address}'"
accounting_stop_query_alt = " INSERT INTO radacct
(acctsessionid, acctuniqueid, username, realm, nasipaddress,
nasportid, nasporttype, acctstarttime,
acctstoptime, acctsessiontime, acctauthentic,
connectinfo_start, connectinfo_stop, acctinputoctets,
acctoutputoctets, calledstationid, callingstationid,
acctterminatecause, servicetype, framedprotocol,
framedipaddress, acctstartdelay, acctstopdelay)
VALUES ('%{Acct-Session-Id}',
'%{Acct-Unique-Session-Id}', '%{SQL-User-Name}',
'%{Realm}', '%{NAS-IP-Address}', '%{NAS-Port}',
'%{NAS-Port-Type}', DATE_SUB('%S', INTERVAL
(%{%{Acct-Session-Time}:-0} + %{%{Acct-Delay-Time}:-0})
SECOND), '%S', '%{Acct-Session-Time}', '%{Acct-Authentic}',
'', '%{Connect-Info}',
'%{%{Acct-Input-Gigawords}:-0}' << 32 |
'%{%{Acct-Input-Octets}:-0}', '%{%{Acct-Output-Gigawords}:-0}'
<< 32 | '%{%{Acct-Output-Octets}:-0}',
'%{Called-Station-Id}', '%{Calling-Station-Id}',
'%{Acct-Terminate-Cause}', '%{Service-Type}',
'%{Framed-Protocol}', '%{Framed-IP-Address}', '0',
'%{%{Acct-Delay-Time}:-0}')"
group_membership_query = "SELECT groupname FROM
radusergroup WHERE username = '%{SQL-User-Name}' ORDER
BY priority"
connect_failure_retry_delay = 60
simul_count_query = ""
simul_verify_query = "SELECT radacctid, acctsessionid,
username, nasipaddress, nasportid,
framedipaddress, callingstationid,
framedprotocol FROM
radacct WHERE username =
'%{SQL-User-Name}' AND acctstoptime IS NULL"
postauth_query = "INSERT INTO userinfo
(username, mac, date, tag) VALUES
( '%{User-Name}',
'%{Calling-Station-Id}', '%S',
'%{Nas-IP-Address}' )"
safe-characters =
"@abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789.-_: /"
}
rlm_sql (sql): Driver rlm_sql_mysql (module rlm_sql_mysql) loaded and linked
rlm_sql (sql): Attempting to connect to radius at localhost:/radius
rlm_sql (sql): starting 0
rlm_sql (sql): Attempting to connect rlm_sql_mysql #0
rlm_sql_mysql: Starting connect to MySQL server for #0
rlm_sql (sql): Connected new DB handle, #0
rlm_sql (sql): starting 1
rlm_sql (sql): Attempting to connect rlm_sql_mysql #1
rlm_sql_mysql: Starting connect to MySQL server for #1
rlm_sql (sql): Connected new DB handle, #1
rlm_sql (sql): starting 2
rlm_sql (sql): Attempting to connect rlm_sql_mysql #2
rlm_sql_mysql: Starting connect to MySQL server for #2
rlm_sql (sql): Connected new DB handle, #2
rlm_sql (sql): starting 3
rlm_sql (sql): Attempting to connect rlm_sql_mysql #3
rlm_sql_mysql: Starting connect to MySQL server for #3
rlm_sql (sql): Connected new DB handle, #3
rlm_sql (sql): starting 4
rlm_sql (sql): Attempting to connect rlm_sql_mysql #4
rlm_sql_mysql: Starting connect to MySQL server for #4
rlm_sql (sql): Connected new DB handle, #4
Module: Linked to module rlm_files
Module: Instantiating files
files {
usersfile = "/etc/raddb/users"
compat = "no"
}
Module: Checking post-auth {...} for more modules to load
}
}
radiusd: #### Opening IP addresses and Ports ####
listen {
type = "auth"
ipaddr = 10.0.0.1
port = 1812
}
main {
snmp = no
smux_password = ""
snmp_write_access = no
}
Listening on authentication address 10.0.0.1 port 1812
Listening on proxy address 10.0.0.1 port 1814
Ready to process requests.
rad_recv: Access-Request packet from host 10.0.0.19 port 2048, id=13,
length=137
User-Name = "host/WSL-SIR"
NAS-IP-Address = 10.0.0.19
Called-Station-Id = "00226b7a37b5"
Calling-Station-Id = "00242b2f525b"
NAS-Identifier = "00226b7a37b5"
NAS-Port = 38
Framed-MTU = 1400
NAS-Port-Type = Wireless-802.11
EAP-Message = 0x0200001101686f73742f57534c2d534952
Message-Authenticator = 0x9fb6b52c90e4c0f844dc91d5fbcea21d
+- entering group authorize
expand: %{User-Name} -> host/WSL-SIR
rlm_sql (sql): sql_set_user escaped user --> 'host/WSL-SIR'
rlm_sql (sql): Reserving sql socket id: 4
expand: SELECT id, username, attribute, value, op FROM
radcheck WHERE username = '%{SQL-User-Name}' ORDER BY id
-> SELECT id, username, attribute, value, op FROM
radcheck WHERE username = 'host/WSL-SIR' ORDER BY id
expand: SELECT groupname FROM radusergroup WHERE
username = '%{SQL-User-Name}' ORDER BY priority -> SELECT
groupname FROM radusergroup WHERE username =
'host/WSL-SIR' ORDER BY priority
rlm_sql (sql): Released sql socket id: 4
rlm_sql (sql): User host/WSL-SIR not found
++[sql] returns notfound
++[files] returns noop
++[mschap] returns noop
rlm_eap: EAP packet type response id 0 length 17
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
++[eap] returns updated
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
+- entering group authenticate
rlm_eap: EAP Identity
rlm_eap: processing type tls
rlm_eap_tls: Initiate
rlm_eap_tls: Start returned 1
++[eap] returns handled
Sending Access-Challenge of id 13 to 10.0.0.19 port 2048
EAP-Message = 0x010100061520
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x9c4fd6cb9c4ec3f5023ff4254ba8f1d5
Finished request 0.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 10.0.0.19 port 2048, id=13,
length=137
Cleaning up request 0 ID 13 with timestamp +234
User-Name = "host/WSL-SIR"
NAS-IP-Address = 10.0.0.19
Called-Station-Id = "00226b7a37b5"
Calling-Station-Id = "00242b2f525b"
NAS-Identifier = "00226b7a37b5"
NAS-Port = 38
Framed-MTU = 1400
NAS-Port-Type = Wireless-802.11
EAP-Message = 0x0200001101686f73742f57534c2d534952
Message-Authenticator = 0xe77f186ef1912fceb5fd819815c11fa6
+- entering group authorize
expand: %{User-Name} -> host/WSL-SIR
rlm_sql (sql): sql_set_user escaped user --> 'host/WSL-SIR'
rlm_sql (sql): Reserving sql socket id: 3
expand: SELECT id, username, attribute, value, op FROM
radcheck WHERE username = '%{SQL-User-Name}' ORDER BY id
-> SELECT id, username, attribute, value, op FROM
radcheck WHERE username = 'host/WSL-SIR' ORDER BY id
expand: SELECT groupname FROM radusergroup WHERE
username = '%{SQL-User-Name}' ORDER BY priority -> SELECT
groupname FROM radusergroup WHERE username =
'host/WSL-SIR' ORDER BY priority
rlm_sql (sql): Released sql socket id: 3
rlm_sql (sql): User host/WSL-SIR not found
++[sql] returns notfound
++[files] returns noop
++[mschap] returns noop
rlm_eap: EAP packet type response id 0 length 17
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
++[eap] returns updated
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
+- entering group authenticate
rlm_eap: EAP Identity
rlm_eap: processing type tls
rlm_eap_tls: Initiate
rlm_eap_tls: Start returned 1
++[eap] returns handled
Sending Access-Challenge of id 13 to 10.0.0.19 port 2048
EAP-Message = 0x010100061520
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xc2248484c2259113db17cab2dbadac35
Finished request 1.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20090511/5f523129/attachment.html>
More information about the Freeradius-Users
mailing list