problems with queries and user database in mysql and freeradius
VU VAN HUNG
vanhung2205 at gmail.com
Sat Apr 24 13:22:27 CEST 2010
Hi all,
I'm trying to manage the users in freeradius with mysql. Users can log
in wireless network successfully but I get 2 problems.
1. Only post-authenticate query's implemented to insert information to
radpostauth table in radius database. Accouting queries for accounting
table in database're not implemented.
2. When I only use sql to manage users, I totally dont configure in
users file of freeradius, users cant login to network.
I hope someones will help me solve these problems.
Here my out put from radiusd -X command:
rad_recv: Access-Request packet from host 192.168.0.2 port 1024, id=141,
length=145
User-Name = "hung"
NAS-IP-Address = 192.168.0.2
NAS-Port = 0
Called-Station-Id = "00-1E-E5-9B-9A-FE:LCK"
Calling-Station-Id = "00-17-C4-8C-2C-C8"
Framed-MTU = 1400
NAS-Port-Type = Wireless-802.11
Connect-Info = "CONNECT 11Mbps 802.11b"
EAP-Message = 0x020000090168756e67
Message-Authenticator = 0x92a2c1dd019f55542bef82c3b6b122b9
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
[eap] EAP packet type response id 0 length 9
[eap] No EAP Start, assuming it's an on-going EAP conversation
++[eap] returns updated
++[unix] returns notfound
[files] users: Matched entry hung at line 91
++[files] returns ok
[sql] expand: %{Stripped-User-Name} ->
[sql] expand: %{User-Name} -> hung
[sql] expand: %{%{User-Name}:-DEFAULT} -> hung
[sql] expand: %{%{Stripped-User-Name}:-%{%{User-Name}:-DEFAULT}} -> hung
[sql] sql_set_user escaped user --> 'hung'
rlm_sql (sql): Reserving sql socket id: 4
[sql] expand: SELECT id, username, attribute, op, value
FROM radcheck WHERE username = '%{SQL-User-Name}' ORDER
BY id -> SELECT id, username, attribute, op, value FROM
radcheck WHERE username = 'hung' ORDER BY id
[sql] expand: SELECT groupname FROM usergroup
WHERE username = '%{SQL-User-Name}' ORDER BY priority ->
SELECT groupname FROM usergroup WHERE username =
'hung' ORDER BY priority
[sql] expand: SELECT id, groupname, attribute, op,
Value FROM radgroupcheck WHERE groupname =
'%{Sql-Group}' ORDER BY id -> SELECT id, groupname,
attribute, op, Value FROM radgroupcheck
WHERE groupname = 'WLANgroup' ORDER BY id
[sql] User found in group WLANgroup
[sql] expand: SELECT id, groupname, attribute, op,
Value FROM radgroupreply WHERE groupname =
'%{Sql-Group}' ORDER BY id -> SELECT id, groupname,
attribute, op, Value FROM radgroupreply
WHERE groupname = 'WLANgroup' ORDER BY id
rlm_sql (sql): Released sql socket id: 4
++[sql] returns ok
++[expiration] returns noop
++[logintime] returns noop
[pap] Found existing Auth-Type, not changing it.
++[pap] returns noop
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] EAP Identity
[eap] processing type tls
[tls] Initiate
[tls] Start returned 1
++[eap] returns handled
Sending Access-Challenge of id 141 to 192.168.0.2 port 1024
EAP-Message = 0x010100061520
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x09945ffc09954a3c3aef342532c8f473
Finished request 0.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 192.168.0.2 port 1024, id=141,
length=145
Sending duplicate reply to client localhost port 1024 - ID: 141
Sending Access-Challenge of id 141 to 192.168.0.2 port 1024
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 192.168.0.2 port 1024, id=142,
length=160
User-Name = "hung"
NAS-IP-Address = 192.168.0.2
NAS-Port = 0
Called-Station-Id = "00-1E-E5-9B-9A-FE:LCK"
Calling-Station-Id = "00-17-C4-8C-2C-C8"
Framed-MTU = 1400
NAS-Port-Type = Wireless-802.11
Connect-Info = "CONNECT 11Mbps 802.11b"
EAP-Message = 0x020100060319
State = 0x09945ffc09954a3c3aef342532c8f473
Message-Authenticator = 0x560713ad902723d908cff078aab76337
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
[eap] EAP packet type response id 1 length 6
[eap] No EAP Start, assuming it's an on-going EAP conversation
++[eap] returns updated
++[unix] returns notfound
[files] users: Matched entry hung at line 91
++[files] returns ok
[sql] expand: %{Stripped-User-Name} ->
[sql] expand: %{User-Name} -> hung
[sql] expand: %{%{User-Name}:-DEFAULT} -> hung
[sql] expand: %{%{Stripped-User-Name}:-%{%{User-Name}:-DEFAULT}} -> hung
[sql] sql_set_user escaped user --> 'hung'
rlm_sql (sql): Reserving sql socket id: 3
[sql] expand: SELECT id, username, attribute, op, value
FROM radcheck WHERE username = '%{SQL-User-Name}' ORDER
BY id -> SELECT id, username, attribute, op, value FROM
radcheck WHERE username = 'hung' ORDER BY id
[sql] expand: SELECT groupname FROM usergroup
WHERE username = '%{SQL-User-Name}' ORDER BY priority ->
SELECT groupname FROM usergroup WHERE username =
'hung' ORDER BY priority
[sql] expand: SELECT id, groupname, attribute, op,
Value FROM radgroupcheck WHERE groupname =
'%{Sql-Group}' ORDER BY id -> SELECT id, groupname,
attribute, op, Value FROM radgroupcheck
WHERE groupname = 'WLANgroup' ORDER BY id
[sql] User found in group WLANgroup
[sql] expand: SELECT id, groupname, attribute, op,
Value FROM radgroupreply WHERE groupname =
'%{Sql-Group}' ORDER BY id -> SELECT id, groupname,
attribute, op, Value FROM radgroupreply
WHERE groupname = 'WLANgroup' ORDER BY id
rlm_sql (sql): Released sql socket id: 3
++[sql] returns ok
++[expiration] returns noop
++[logintime] returns noop
[pap] Found existing Auth-Type, not changing it.
++[pap] returns noop
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP NAK
[eap] EAP-NAK asked for EAP-Type/peap
[eap] processing type tls
[tls] Initiate
[tls] Start returned 1
++[eap] returns handled
Sending Access-Challenge of id 142 to 192.168.0.2 port 1024
EAP-Message = 0x010200061920
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x09945ffc0896463c3aef342532c8f473
Finished request 1.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 192.168.0.2 port 1024, id=142,
length=160
Sending duplicate reply to client localhost port 1024 - ID: 142
Sending Access-Challenge of id 142 to 192.168.0.2 port 1024
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 192.168.0.2 port 1024, id=143,
length=269
User-Name = "hung"
NAS-IP-Address = 192.168.0.2
NAS-Port = 0
Called-Station-Id = "00-1E-E5-9B-9A-FE:LCK"
Calling-Station-Id = "00-17-C4-8C-2C-C8"
Framed-MTU = 1400
NAS-Port-Type = Wireless-802.11
Connect-Info = "CONNECT 11Mbps 802.11b"
EAP-Message =
0x0202007319800000006916030100640100006003014bd2cf75559dcf135bad3683a9e474a9bfb30ea41bb1056c87962735e7d2c468000018002f00350005000ac009c00ac013c01400320038001300040100001f00000009000700000468756e67000a00080006001700180019000b00020100
State = 0x09945ffc0896463c3aef342532c8f473
Message-Authenticator = 0x8ab641908fcc4ccab026238b80b5b38d
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
[eap] EAP packet type response id 2 length 115
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
TLS Length 105
[peap] Length Included
[peap] eaptls_verify returned 11
[peap] (other): before/accept initialization
[peap] TLS_accept: before/accept initialization
[peap] <<< TLS 1.0 Handshake [length 0064], ClientHello
[peap] TLS_accept: SSLv3 read client hello A
[peap] >>> TLS 1.0 Handshake [length 002a], ServerHello
[peap] TLS_accept: SSLv3 write server hello A
[peap] >>> TLS 1.0 Handshake [length 064d], Certificate
[peap] TLS_accept: SSLv3 write certificate A
[peap] >>> TLS 1.0 Handshake [length 0004], ServerHelloDone
[peap] TLS_accept: SSLv3 write server done A
[peap] TLS_accept: SSLv3 flush data
[peap] TLS_accept: Need to read more data: SSLv3 read client
certificate A
In SSL Handshake Phase
In SSL Accept mode
[peap] eaptls_process returned 13
[peap] EAPTLS_HANDLED
++[eap] returns handled
Sending Access-Challenge of id 143 to 192.168.0.2 port 1024
EAP-Message =
0x0103040019c00000068a160301002a0200002603014bd2cf409a6a57e5fe1a1492df4cbc2d97e673a9396e6d4c284bcc6e179f173700002f00160301064d0b0006490006460002ac308202a830820211a003020102020101300d06092a864886f70d010105050030818d310b300906035504061302564e310e300c0603550408130548616e6f69310e300c0603550407130548616e6f69310e300c060355040a130552444c6162310d300b060355040b130457694669311930170603550403131072646c61622e64796e646e732e6f72673124302206092a864886f70d010901161576616e68756e673232303540676d61696c2e636f6d301e170d3039
EAP-Message =
0x303832363134343030365a170d3130303832363134343030365a30818c310b300906035504061302564e310e300c0603550408130548616e6f69310e300c0603550407130548616e6f69310e300c060355040a130552444c6162310d300b060355040b130457694669311930170603550403131072646c61622e64796e646e732e6f72673123302106092a864886f70d010901161476616e68756e673232303540676d61692e636f6d30819f300d06092a864886f70d010101050003818d0030818902818100cbb2548bc6b9f5f479f8a668c32adcb12f40edd244b4be5b345a05a6b8b2d68ec997cbfd16899c008c467b5f8a06e3604a4733d15d894b
EAP-Message =
0x8752303cd883bdcff91214653a6044e3a9d7c24d75eb159a3f8165baf58fb648ac3abf1ec06e585329474ff339c271f8812cb8a31a0e84861a7bf1377247190bf063d41b20133aabc30203010001a317301530130603551d25040c300a06082b06010505070301300d06092a864886f70d0101050500038181008a82f9fd8b6c61b2279312122efec7b7303147a41a61f2aa53b2f1266b18e42032769322040f063d2dfac0472969c9c15c0c343fbf27fb0c1bf07da10d251deba4b5016625e889f8494e909db87fe8b4bff43bee51ad62202e97baeb3280371e2e261f376934ac4398c0f62abd49eb03e5392c7356d5befc4527ef00b3cc63be000394
EAP-Message =
0x30820390308202f9a003020102020900e80a8ba193c27c94300d06092a864886f70d010105050030818d310b300906035504061302564e310e300c0603550408130548616e6f69310e300c0603550407130548616e6f69310e300c060355040a130552444c6162310d300b060355040b130457694669311930170603550403131072646c61622e64796e646e732e6f72673124302206092a864886f70d010901161576616e68756e673232303540676d61696c2e636f6d301e170d3039303832363134333030305a170d3139303832343134333030305a30818d310b300906035504061302564e310e300c0603550408130548616e6f69310e300c0603
EAP-Message = 0x550407130548616e6f69310e
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x09945ffc0b97463c3aef342532c8f473
Finished request 2.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 192.168.0.2 port 1024, id=143,
length=269
Sending duplicate reply to client localhost port 1024 - ID: 143
Sending Access-Challenge of id 143 to 192.168.0.2 port 1024
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 192.168.0.2 port 1024, id=144,
length=160
User-Name = "hung"
NAS-IP-Address = 192.168.0.2
NAS-Port = 0
Called-Station-Id = "00-1E-E5-9B-9A-FE:LCK"
Calling-Station-Id = "00-17-C4-8C-2C-C8"
Framed-MTU = 1400
NAS-Port-Type = Wireless-802.11
Connect-Info = "CONNECT 11Mbps 802.11b"
EAP-Message = 0x020300061900
State = 0x09945ffc0b97463c3aef342532c8f473
Message-Authenticator = 0x8cacb8e566ba71bec2174474eebc8af6
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
[eap] EAP packet type response id 3 length 6
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
[peap] Received TLS ACK
[peap] ACK handshake fragment handler
[peap] eaptls_verify returned 1
[peap] eaptls_process returned 13
[peap] EAPTLS_HANDLED
++[eap] returns handled
Sending Access-Challenge of id 144 to 192.168.0.2 port 1024
EAP-Message =
0x0104029a1900300c060355040a130552444c6162310d300b060355040b130457694669311930170603550403131072646c61622e64796e646e732e6f72673124302206092a864886f70d010901161576616e68756e673232303540676d61696c2e636f6d30819f300d06092a864886f70d010101050003818d0030818902818100db279fc63201483390df79f70080f551dbb699f6bd461bededff1a1d548f29c517859ad8c89aaf674c72e85a37ea305da0fa9a50ad28ca93fb5fda9a345231c086d50e0fd0ce5551420cd3281e051d8d952009be0a3d65e8aabc03d1d2dae6406bdf522d9710bbdf37f23e346d46ea3633fb3e58da4e81c1535f837f
EAP-Message =
0x7fbb3d910203010001a381f53081f2301d0603551d0e0416041496a25a81024c4bff542ee201512e84777edc2a403081c20603551d230481ba3081b7801496a25a81024c4bff542ee201512e84777edc2a40a18193a4819030818d310b300906035504061302564e310e300c0603550408130548616e6f69310e300c0603550407130548616e6f69310e300c060355040a130552444c6162310d300b060355040b130457694669311930170603550403131072646c61622e64796e646e732e6f72673124302206092a864886f70d010901161576616e68756e673232303540676d61696c2e636f6d820900e80a8ba193c27c94300c0603551d13040530
EAP-Message =
0x030101ff300d06092a864886f70d010105050003818100762232f9975b93ae7c95735de73d8b722b16c08674a432c929d5660a34feb33a8c442febe85711a7896e361135cfa3df658bca5b3a7691d348742553977f0c0fba660f53f160fea98c0357e33351f35e61f0f98a7f2f57d323de73af18c20c4b625201c1362b8af3322c8163240e5ec11cb487c74d704b358bfa74f9e802a5cf16030100040e000000
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x09945ffc0a90463c3aef342532c8f473
Finished request 3.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 192.168.0.2 port 1024, id=144,
length=160
Sending duplicate reply to client localhost port 1024 - ID: 144
Sending Access-Challenge of id 144 to 192.168.0.2 port 1024
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 192.168.0.2 port 1024, id=145,
length=362
User-Name = "hung"
NAS-IP-Address = 192.168.0.2
NAS-Port = 0
Called-Station-Id = "00-1E-E5-9B-9A-FE:LCK"
Calling-Station-Id = "00-17-C4-8C-2C-C8"
Framed-MTU = 1400
NAS-Port-Type = Wireless-802.11
Connect-Info = "CONNECT 11Mbps 802.11b"
EAP-Message =
0x020400d01980000000c616030100861000008200808bdbfebac8c74565753b3f8a8407ab1489924b16358d622636bc5f6d224b7b6f516804af047ddd2342e2d7651d788f565d1ebde3f4746e9a1e498998e5d8223a04f481646860d0f735b12904fa67b7001cb2d1428b9fcfe9b5ec66d067a4a28756e74f1b29c5ec2eb30665be3c1a40cd127c5760e539656abdfc7829a2a840fd14030100010116030100307afc94045eaa1c6c00ddaa8e21fbed34668792dc480c7131028eef9753b1e7bed95dcf1cb69ecdd1a26b54c68da374b3
State = 0x09945ffc0a90463c3aef342532c8f473
Message-Authenticator = 0x595e4031385d17e480ca50188f4b019a
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
[eap] EAP packet type response id 4 length 208
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
TLS Length 198
[peap] Length Included
[peap] eaptls_verify returned 11
[peap] <<< TLS 1.0 Handshake [length 0086], ClientKeyExchange
[peap] TLS_accept: SSLv3 read client key exchange A
[peap] <<< TLS 1.0 ChangeCipherSpec [length 0001]
[peap] <<< TLS 1.0 Handshake [length 0010], Finished
[peap] TLS_accept: SSLv3 read finished A
[peap] >>> TLS 1.0 ChangeCipherSpec [length 0001]
[peap] TLS_accept: SSLv3 write change cipher spec A
[peap] >>> TLS 1.0 Handshake [length 0010], Finished
[peap] TLS_accept: SSLv3 write finished A
[peap] TLS_accept: SSLv3 flush data
[peap] (other): SSL negotiation finished successfully
SSL Connection Established
[peap] eaptls_process returned 13
[peap] EAPTLS_HANDLED
++[eap] returns handled
Sending Access-Challenge of id 145 to 192.168.0.2 port 1024
EAP-Message =
0x0105004119001403010001011603010030d186e5c8b303934b35fef80891656d7ca02e857ccc105c53ee51251bb29383aec5847385a24d91f0eb84a84baa1660e6
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x09945ffc0d91463c3aef342532c8f473
Finished request 4.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 192.168.0.2 port 1024, id=145,
length=362
Sending duplicate reply to client localhost port 1024 - ID: 145
Sending Access-Challenge of id 145 to 192.168.0.2 port 1024
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 192.168.0.2 port 1024, id=146,
length=160
User-Name = "hung"
NAS-IP-Address = 192.168.0.2
NAS-Port = 0
Called-Station-Id = "00-1E-E5-9B-9A-FE:LCK"
Calling-Station-Id = "00-17-C4-8C-2C-C8"
Framed-MTU = 1400
NAS-Port-Type = Wireless-802.11
Connect-Info = "CONNECT 11Mbps 802.11b"
EAP-Message = 0x020500061900
State = 0x09945ffc0d91463c3aef342532c8f473
Message-Authenticator = 0xc42da73879b55cd71893e88f31e3bf8a
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
[eap] EAP packet type response id 5 length 6
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
[peap] Received TLS ACK
[peap] ACK handshake is finished
[peap] eaptls_verify returned 3
[peap] eaptls_process returned 3
[peap] EAPTLS_SUCCESS
++[eap] returns handled
Sending Access-Challenge of id 146 to 192.168.0.2 port 1024
EAP-Message =
0x0106002b1900170301002097aac09de2eee9a724ca523994a0eb3ec20127d56dd8f609ca7e49a9ab523d99
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x09945ffc0c92463c3aef342532c8f473
Finished request 5.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 192.168.0.2 port 1024, id=146,
length=160
Sending duplicate reply to client localhost port 1024 - ID: 146
Sending Access-Challenge of id 146 to 192.168.0.2 port 1024
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 192.168.0.2 port 1024, id=147,
length=197
User-Name = "hung"
NAS-IP-Address = 192.168.0.2
NAS-Port = 0
Called-Station-Id = "00-1E-E5-9B-9A-FE:LCK"
Calling-Station-Id = "00-17-C4-8C-2C-C8"
Framed-MTU = 1400
NAS-Port-Type = Wireless-802.11
Connect-Info = "CONNECT 11Mbps 802.11b"
EAP-Message =
0x0206002b190017030100202af709546e11ea1a32e4357f545b7e2a7d35adc1ac61d77ff88857c763d007ee
State = 0x09945ffc0c92463c3aef342532c8f473
Message-Authenticator = 0x48ce7e5ce68eb823fb9b31aa5a37c4e0
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
[eap] EAP packet type response id 6 length 43
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
[peap] eaptls_verify returned 7
[peap] Done initial handshake
[peap] eaptls_process returned 7
[peap] EAPTLS_OK
[peap] Session established. Decoding tunneled attributes.
[peap] Identity - hung
[peap] Got tunneled request
EAP-Message = 0x020600090168756e67
server {
PEAP: Got tunneled identity of hung
PEAP: Setting default EAP type for tunneled EAP session.
PEAP: Setting User-Name to hung
Sending tunneled request
EAP-Message = 0x020600090168756e67
FreeRADIUS-Proxied-To = 127.0.0.1
User-Name = "hung"
server inner-tunnel {
+- entering group authorize {...}
++[chap] returns noop
++[mschap] returns noop
++[unix] returns notfound
[suffix] No '@' in User-Name = "hung", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
++[control] returns noop
[eap] EAP packet type response id 6 length 9
[eap] No EAP Start, assuming it's an on-going EAP conversation
++[eap] returns updated
[files] users: Matched entry hung at line 91
++[files] returns ok
++[expiration] returns noop
++[logintime] returns noop
[pap] Found existing Auth-Type, not changing it.
++[pap] returns noop
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] EAP Identity
[eap] processing type mschapv2
rlm_eap_mschapv2: Issuing Challenge
++[eap] returns handled
} # server inner-tunnel
[peap] Got tunneled reply code 11
EAP-Message =
0x0107001e1a01070019101fca91b0376148a4f0fd4f6fa463445968756e67
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x30ed615030ea7b7f26980120ae4d5ea2
[peap] Got tunneled reply RADIUS code 11
EAP-Message =
0x0107001e1a01070019101fca91b0376148a4f0fd4f6fa463445968756e67
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x30ed615030ea7b7f26980120ae4d5ea2
[peap] Got tunneled Access-Challenge
++[eap] returns handled
Sending Access-Challenge of id 147 to 192.168.0.2 port 1024
EAP-Message =
0x0107003b19001703010030acea34ba364c5e7ad6a748a9ad768753e24608fa64111fa3786eade542a1ab9611abc97fdc9e45a65d62a5b2317adea1
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x09945ffc0f93463c3aef342532c8f473
Finished request 6.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 192.168.0.2 port 1024, id=147,
length=197
Sending duplicate reply to client localhost port 1024 - ID: 147
Sending Access-Challenge of id 147 to 192.168.0.2 port 1024
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 192.168.0.2 port 1024, id=148,
length=245
User-Name = "hung"
NAS-IP-Address = 192.168.0.2
NAS-Port = 0
Called-Station-Id = "00-1E-E5-9B-9A-FE:LCK"
Calling-Station-Id = "00-17-C4-8C-2C-C8"
Framed-MTU = 1400
NAS-Port-Type = Wireless-802.11
Connect-Info = "CONNECT 11Mbps 802.11b"
EAP-Message =
0x0207005b190017030100503789c52759d13397450310d73512e08eab78acec6f019d37dfb1d3bc627faa0f0ea70db5264992c2c1ba9ef72a38e467ff0f361a444a4f66e8714f431d7ba75f1d2fd6f9b35f6be9398a051eb51c4cee
State = 0x09945ffc0f93463c3aef342532c8f473
Message-Authenticator = 0xdd99eadb80af6786062cf4532a2ac7b3
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
[eap] EAP packet type response id 7 length 91
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
[peap] eaptls_verify returned 7
[peap] Done initial handshake
[peap] eaptls_process returned 7
[peap] EAPTLS_OK
[peap] Session established. Decoding tunneled attributes.
[peap] EAP type mschapv2
[peap] Got tunneled request
EAP-Message =
0x0207003f1a0207003a31b24df754018372abc900adb6c80448f60000000000000000242bcdf9531f27acab4fb7646ebd16c9dfe3993dc54aa9630068756e67
server {
PEAP: Setting User-Name to hung
Sending tunneled request
EAP-Message =
0x0207003f1a0207003a31b24df754018372abc900adb6c80448f60000000000000000242bcdf9531f27acab4fb7646ebd16c9dfe3993dc54aa9630068756e67
FreeRADIUS-Proxied-To = 127.0.0.1
User-Name = "hung"
State = 0x30ed615030ea7b7f26980120ae4d5ea2
server inner-tunnel {
+- entering group authorize {...}
++[chap] returns noop
++[mschap] returns noop
++[unix] returns notfound
[suffix] No '@' in User-Name = "hung", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
++[control] returns noop
[eap] EAP packet type response id 7 length 63
[eap] No EAP Start, assuming it's an on-going EAP conversation
++[eap] returns updated
[files] users: Matched entry hung at line 91
++[files] returns ok
++[expiration] returns noop
++[logintime] returns noop
[pap] Found existing Auth-Type, not changing it.
++[pap] returns noop
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/mschapv2
[eap] processing type mschapv2
[mschapv2] +- entering group MS-CHAP {...}
[mschap] Told to do MS-CHAPv2 for hung with NT-Password
[mschap] adding MS-CHAPv2 MPPE keys
++[mschap] returns ok
MSCHAP Success
++[eap] returns handled
} # server inner-tunnel
[peap] Got tunneled reply code 11
EAP-Message =
0x010800331a0307002e533d41333639313132464332374139353243333343313436463641343541374544324336414134374644
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x30ed615031e57b7f26980120ae4d5ea2
[peap] Got tunneled reply RADIUS code 11
EAP-Message =
0x010800331a0307002e533d41333639313132464332374139353243333343313436463641343541374544324336414134374644
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x30ed615031e57b7f26980120ae4d5ea2
[peap] Got tunneled Access-Challenge
++[eap] returns handled
Sending Access-Challenge of id 148 to 192.168.0.2 port 1024
EAP-Message =
0x0108005b19001703010050812b12ad6be4c0b58ae49a03fe16a9e759fcc568963d94b6423571c49e72eb71a4a0f5e6117355df6ef454be2d74d0e113d3bf0cb53e2498f4f3d05404c828e2a5613a7d7811c2ac8dc5ea13c3d514f8
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x09945ffc0e9c463c3aef342532c8f473
Finished request 7.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 192.168.0.2 port 1024, id=148,
length=245
Sending duplicate reply to client localhost port 1024 - ID: 148
Sending Access-Challenge of id 148 to 192.168.0.2 port 1024
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 192.168.0.2 port 1024, id=149,
length=197
User-Name = "hung"
NAS-IP-Address = 192.168.0.2
NAS-Port = 0
Called-Station-Id = "00-1E-E5-9B-9A-FE:LCK"
Calling-Station-Id = "00-17-C4-8C-2C-C8"
Framed-MTU = 1400
NAS-Port-Type = Wireless-802.11
Connect-Info = "CONNECT 11Mbps 802.11b"
EAP-Message =
0x0208002b1900170301002023eabd68c252532f45928e383355c30f57be2542522f577cfad2c81ae1361533
State = 0x09945ffc0e9c463c3aef342532c8f473
Message-Authenticator = 0xf0514d6e47fd75079ce8653f0c07a816
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
[eap] EAP packet type response id 8 length 43
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
[peap] eaptls_verify returned 7
[peap] Done initial handshake
[peap] eaptls_process returned 7
[peap] EAPTLS_OK
[peap] Session established. Decoding tunneled attributes.
[peap] EAP type mschapv2
[peap] Got tunneled request
EAP-Message = 0x020800061a03
server {
PEAP: Setting User-Name to hung
Sending tunneled request
EAP-Message = 0x020800061a03
FreeRADIUS-Proxied-To = 127.0.0.1
User-Name = "hung"
State = 0x30ed615031e57b7f26980120ae4d5ea2
server inner-tunnel {
+- entering group authorize {...}
++[chap] returns noop
++[mschap] returns noop
++[unix] returns notfound
[suffix] No '@' in User-Name = "hung", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
++[control] returns noop
[eap] EAP packet type response id 8 length 6
[eap] No EAP Start, assuming it's an on-going EAP conversation
++[eap] returns updated
[files] users: Matched entry hung at line 91
++[files] returns ok
++[expiration] returns noop
++[logintime] returns noop
[pap] Found existing Auth-Type, not changing it.
++[pap] returns noop
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/mschapv2
[eap] processing type mschapv2
[eap] Freeing handler
++[eap] returns ok
Login OK: [hung] (from client localhost port 0 via TLS tunnel)
} # server inner-tunnel
[peap] Got tunneled reply code 2
EAP-Message = 0x03080004
Message-Authenticator = 0x00000000000000000000000000000000
User-Name = "hung"
[peap] Got tunneled reply RADIUS code 2
EAP-Message = 0x03080004
Message-Authenticator = 0x00000000000000000000000000000000
User-Name = "hung"
[peap] Tunneled authentication was successful.
[peap] SUCCESS
++[eap] returns handled
Sending Access-Challenge of id 149 to 192.168.0.2 port 1024
EAP-Message =
0x0109002b19001703010020d3bceac5711dc8705f5ef1be9a9033a2a48bdcabf76210563e5702faabac60c6
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x09945ffc019d463c3aef342532c8f473
Finished request 8.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 192.168.0.2 port 1024, id=149,
length=197
Sending duplicate reply to client localhost port 1024 - ID: 149
Sending Access-Challenge of id 149 to 192.168.0.2 port 1024
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 192.168.0.2 port 1024, id=150,
length=197
User-Name = "hung"
NAS-IP-Address = 192.168.0.2
NAS-Port = 0
Called-Station-Id = "00-1E-E5-9B-9A-FE:LCK"
Calling-Station-Id = "00-17-C4-8C-2C-C8"
Framed-MTU = 1400
NAS-Port-Type = Wireless-802.11
Connect-Info = "CONNECT 11Mbps 802.11b"
EAP-Message =
0x0209002b19001703010020a2816416dff2d67ddae415cc3fae80715929de76149607a7757c14e83541027b
State = 0x09945ffc019d463c3aef342532c8f473
Message-Authenticator = 0x262c8d17f695699416cc9819a38c84b5
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
[eap] EAP packet type response id 9 length 43
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
[peap] eaptls_verify returned 7
[peap] Done initial handshake
[peap] eaptls_process returned 7
[peap] EAPTLS_OK
[peap] Session established. Decoding tunneled attributes.
[peap] Received EAP-TLV response.
[peap] Success
[eap] Freeing handler
++[eap] returns ok
Login OK: [hung] (from client localhost port 0 cli 00-17-C4-8C-2C-C8)
+- entering group post-auth {...}
[reply_log] expand:
/usr/local/var/log/radius/radacct/%{Client-IP-Address}/reply-detail-%Y%m%d
-> /usr/local/var/log/radius/radacct/192.168.0.2/reply-detail-20100424
[reply_log]
/usr/local/var/log/radius/radacct/%{Client-IP-Address}/reply-detail-%Y%m%d
expands to
/usr/local/var/log/radius/radacct/192.168.0.2/reply-detail-20100424
[reply_log] expand: %t -> Sat Apr 24 07:00:16 2010
++[reply_log] returns ok
[sql] expand: %{Stripped-User-Name} ->
[sql] expand: %{User-Name} -> hung
[sql] expand: %{%{User-Name}:-DEFAULT} -> hung
[sql] expand: %{%{Stripped-User-Name}:-%{%{User-Name}:-DEFAULT}} -> hung
[sql] sql_set_user escaped user --> 'hung'
[sql] expand: INSERT INTO radpostauth
(username,pass,reply, authdate) VALUES
( '%{User-Name}',
'%{User-Password}', '%{reply:Packet-Type}',
'%S') -> INSERT INTO radpostauth
(username,pass,reply, authdate) VALUES
( 'hung',
'', 'Access-Accept', '2010-04-24 07:00:16')
rlm_sql (sql) in sql_postauth: query is INSERT INTO
radpostauth (username,pass,reply,
authdate) VALUES (
'hung', '', 'Access-Accept',
'2010-04-24 07:00:16')
rlm_sql (sql): Reserving sql socket id: 2
rlm_sql (sql): Released sql socket id: 2
++[sql] returns ok
++[exec] returns noop
Sending Access-Accept of id 150 to 192.168.0.2 port 1024
MS-MPPE-Recv-Key =
0x3013440c697761f69a75e70dcc006e7aa69349f107589f89a488212b6a11cc9e
MS-MPPE-Send-Key =
0xf35fc13294fa122fd2c858a086bf73a8b0830443c080c1c443253b57c9e7f59a
EAP-Message = 0x03090004
Message-Authenticator = 0x00000000000000000000000000000000
User-Name = "hung"
Finished request 9.
Going to the next request
Waking up in 4.8 seconds.
rad_recv: Access-Request packet from host 192.168.0.2 port 1024, id=150,
length=197
Sending duplicate reply to client localhost port 1024 - ID: 150
Sending Access-Accept of id 150 to 192.168.0.2 port 1024
Waking up in 4.8 seconds.
Cleaning up request 0 ID 141 with timestamp +9
Cleaning up request 1 ID 142 with timestamp +9
Cleaning up request 2 ID 143 with timestamp +9
Cleaning up request 3 ID 144 with timestamp +9
Cleaning up request 4 ID 145 with timestamp +9
Cleaning up request 5 ID 146 with timestamp +9
Cleaning up request 6 ID 147 with timestamp +9
Cleaning up request 7 ID 148 with timestamp +9
Cleaning up request 8 ID 149 with timestamp +9
Cleaning up request 9 ID 150 with timestamp +9
Ready to process requests.
Ready to process requests.
Exiting normally.
rlm_sql (sql): Closing sqlsocket 4
rlm_sql (sql): Closing sqlsocket 3
rlm_sql (sql): Closing sqlsocket 2
rlm_sql (sql): Closing sqlsocket 1
rlm_sql (sql): Closing sqlsocket 0
Many thanks,
Vu Hung.
More information about the Freeradius-Users
mailing list