problems with queries and user database in mysql and freeradius

VU VAN HUNG vanhung2205 at gmail.com
Sat Apr 24 13:22:27 CEST 2010


Hi all,
I'm trying to manage the users in freeradius with mysql. Users can log 
in wireless network successfully but I get 2 problems.
1. Only post-authenticate query's implemented to insert information to  
radpostauth table in radius database. Accouting queries for accounting 
table in database're not implemented.
2. When I only use sql to manage users, I totally dont configure in 
users file of freeradius, users cant login to network.
I hope someones will help me solve these problems.
Here my out put from radiusd -X command:

rad_recv: Access-Request packet from host 192.168.0.2 port 1024, id=141, 
length=145
    User-Name = "hung"
    NAS-IP-Address = 192.168.0.2
    NAS-Port = 0
    Called-Station-Id = "00-1E-E5-9B-9A-FE:LCK"
    Calling-Station-Id = "00-17-C4-8C-2C-C8"
    Framed-MTU = 1400
    NAS-Port-Type = Wireless-802.11
    Connect-Info = "CONNECT 11Mbps 802.11b"
    EAP-Message = 0x020000090168756e67
    Message-Authenticator = 0x92a2c1dd019f55542bef82c3b6b122b9
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
[eap] EAP packet type response id 0 length 9
[eap] No EAP Start, assuming it's an on-going EAP conversation
++[eap] returns updated
++[unix] returns notfound
[files] users: Matched entry hung at line 91
++[files] returns ok
[sql]     expand: %{Stripped-User-Name} ->
[sql]     expand: %{User-Name} -> hung
[sql]     expand: %{%{User-Name}:-DEFAULT} -> hung
[sql]     expand: %{%{Stripped-User-Name}:-%{%{User-Name}:-DEFAULT}} -> hung
[sql] sql_set_user escaped user --> 'hung'
rlm_sql (sql): Reserving sql socket id: 4
[sql]     expand: SELECT id, username, attribute, op, value           
FROM radcheck           WHERE username = '%{SQL-User-Name}'        ORDER 
BY id -> SELECT id, username, attribute, op, value           FROM 
radcheck           WHERE username = 'hung'        ORDER BY id
[sql]     expand: SELECT groupname           FROM usergroup           
WHERE username = '%{SQL-User-Name}'           ORDER BY priority -> 
SELECT groupname           FROM usergroup           WHERE username = 
'hung'           ORDER BY priority
[sql]     expand: SELECT id, groupname, attribute,            op, 
Value           FROM radgroupcheck           WHERE groupname = 
'%{Sql-Group}'           ORDER BY id -> SELECT id, groupname, 
attribute,            op, Value           FROM radgroupcheck           
WHERE groupname = 'WLANgroup'           ORDER BY id
[sql] User found in group WLANgroup
[sql]     expand: SELECT id, groupname, attribute,            op, 
Value           FROM radgroupreply           WHERE groupname = 
'%{Sql-Group}'           ORDER BY id -> SELECT id, groupname, 
attribute,            op, Value           FROM radgroupreply           
WHERE groupname = 'WLANgroup'           ORDER BY id
rlm_sql (sql): Released sql socket id: 4
++[sql] returns ok
++[expiration] returns noop
++[logintime] returns noop
[pap] Found existing Auth-Type, not changing it.
++[pap] returns noop
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] EAP Identity
[eap] processing type tls
[tls] Initiate
[tls] Start returned 1
++[eap] returns handled
Sending Access-Challenge of id 141 to 192.168.0.2 port 1024
    EAP-Message = 0x010100061520
    Message-Authenticator = 0x00000000000000000000000000000000
    State = 0x09945ffc09954a3c3aef342532c8f473
Finished request 0.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 192.168.0.2 port 1024, id=141, 
length=145
Sending duplicate reply to client localhost port 1024 - ID: 141
Sending Access-Challenge of id 141 to 192.168.0.2 port 1024
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 192.168.0.2 port 1024, id=142, 
length=160
    User-Name = "hung"
    NAS-IP-Address = 192.168.0.2
    NAS-Port = 0
    Called-Station-Id = "00-1E-E5-9B-9A-FE:LCK"
    Calling-Station-Id = "00-17-C4-8C-2C-C8"
    Framed-MTU = 1400
    NAS-Port-Type = Wireless-802.11
    Connect-Info = "CONNECT 11Mbps 802.11b"
    EAP-Message = 0x020100060319
    State = 0x09945ffc09954a3c3aef342532c8f473
    Message-Authenticator = 0x560713ad902723d908cff078aab76337
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
[eap] EAP packet type response id 1 length 6
[eap] No EAP Start, assuming it's an on-going EAP conversation
++[eap] returns updated
++[unix] returns notfound
[files] users: Matched entry hung at line 91
++[files] returns ok
[sql]     expand: %{Stripped-User-Name} ->
[sql]     expand: %{User-Name} -> hung
[sql]     expand: %{%{User-Name}:-DEFAULT} -> hung
[sql]     expand: %{%{Stripped-User-Name}:-%{%{User-Name}:-DEFAULT}} -> hung
[sql] sql_set_user escaped user --> 'hung'
rlm_sql (sql): Reserving sql socket id: 3
[sql]     expand: SELECT id, username, attribute, op, value           
FROM radcheck           WHERE username = '%{SQL-User-Name}'        ORDER 
BY id -> SELECT id, username, attribute, op, value           FROM 
radcheck           WHERE username = 'hung'        ORDER BY id
[sql]     expand: SELECT groupname           FROM usergroup           
WHERE username = '%{SQL-User-Name}'           ORDER BY priority -> 
SELECT groupname           FROM usergroup           WHERE username = 
'hung'           ORDER BY priority
[sql]     expand: SELECT id, groupname, attribute,            op, 
Value           FROM radgroupcheck           WHERE groupname = 
'%{Sql-Group}'           ORDER BY id -> SELECT id, groupname, 
attribute,            op, Value           FROM radgroupcheck           
WHERE groupname = 'WLANgroup'           ORDER BY id
[sql] User found in group WLANgroup
[sql]     expand: SELECT id, groupname, attribute,            op, 
Value           FROM radgroupreply           WHERE groupname = 
'%{Sql-Group}'           ORDER BY id -> SELECT id, groupname, 
attribute,            op, Value           FROM radgroupreply           
WHERE groupname = 'WLANgroup'           ORDER BY id
rlm_sql (sql): Released sql socket id: 3
++[sql] returns ok
++[expiration] returns noop
++[logintime] returns noop
[pap] Found existing Auth-Type, not changing it.
++[pap] returns noop
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP NAK
[eap] EAP-NAK asked for EAP-Type/peap
[eap] processing type tls
[tls] Initiate
[tls] Start returned 1
++[eap] returns handled
Sending Access-Challenge of id 142 to 192.168.0.2 port 1024
    EAP-Message = 0x010200061920
    Message-Authenticator = 0x00000000000000000000000000000000
    State = 0x09945ffc0896463c3aef342532c8f473
Finished request 1.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 192.168.0.2 port 1024, id=142, 
length=160
Sending duplicate reply to client localhost port 1024 - ID: 142
Sending Access-Challenge of id 142 to 192.168.0.2 port 1024
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 192.168.0.2 port 1024, id=143, 
length=269
    User-Name = "hung"
    NAS-IP-Address = 192.168.0.2
    NAS-Port = 0
    Called-Station-Id = "00-1E-E5-9B-9A-FE:LCK"
    Calling-Station-Id = "00-17-C4-8C-2C-C8"
    Framed-MTU = 1400
    NAS-Port-Type = Wireless-802.11
    Connect-Info = "CONNECT 11Mbps 802.11b"
    EAP-Message = 
0x0202007319800000006916030100640100006003014bd2cf75559dcf135bad3683a9e474a9bfb30ea41bb1056c87962735e7d2c468000018002f00350005000ac009c00ac013c01400320038001300040100001f00000009000700000468756e67000a00080006001700180019000b00020100
    State = 0x09945ffc0896463c3aef342532c8f473
    Message-Authenticator = 0x8ab641908fcc4ccab026238b80b5b38d
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
[eap] EAP packet type response id 2 length 115
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
  TLS Length 105
[peap] Length Included
[peap] eaptls_verify returned 11
[peap]     (other): before/accept initialization
[peap]     TLS_accept: before/accept initialization
[peap] <<< TLS 1.0 Handshake [length 0064], ClientHello 
[peap]     TLS_accept: SSLv3 read client hello A
[peap] >>> TLS 1.0 Handshake [length 002a], ServerHello 
[peap]     TLS_accept: SSLv3 write server hello A
[peap] >>> TLS 1.0 Handshake [length 064d], Certificate 
[peap]     TLS_accept: SSLv3 write certificate A
[peap] >>> TLS 1.0 Handshake [length 0004], ServerHelloDone 
[peap]     TLS_accept: SSLv3 write server done A
[peap]     TLS_accept: SSLv3 flush data
[peap]     TLS_accept: Need to read more data: SSLv3 read client 
certificate A
In SSL Handshake Phase
In SSL Accept mode 
[peap] eaptls_process returned 13
[peap] EAPTLS_HANDLED
++[eap] returns handled
Sending Access-Challenge of id 143 to 192.168.0.2 port 1024
    EAP-Message = 
0x0103040019c00000068a160301002a0200002603014bd2cf409a6a57e5fe1a1492df4cbc2d97e673a9396e6d4c284bcc6e179f173700002f00160301064d0b0006490006460002ac308202a830820211a003020102020101300d06092a864886f70d010105050030818d310b300906035504061302564e310e300c0603550408130548616e6f69310e300c0603550407130548616e6f69310e300c060355040a130552444c6162310d300b060355040b130457694669311930170603550403131072646c61622e64796e646e732e6f72673124302206092a864886f70d010901161576616e68756e673232303540676d61696c2e636f6d301e170d3039
    EAP-Message = 
0x303832363134343030365a170d3130303832363134343030365a30818c310b300906035504061302564e310e300c0603550408130548616e6f69310e300c0603550407130548616e6f69310e300c060355040a130552444c6162310d300b060355040b130457694669311930170603550403131072646c61622e64796e646e732e6f72673123302106092a864886f70d010901161476616e68756e673232303540676d61692e636f6d30819f300d06092a864886f70d010101050003818d0030818902818100cbb2548bc6b9f5f479f8a668c32adcb12f40edd244b4be5b345a05a6b8b2d68ec997cbfd16899c008c467b5f8a06e3604a4733d15d894b
    EAP-Message = 
0x8752303cd883bdcff91214653a6044e3a9d7c24d75eb159a3f8165baf58fb648ac3abf1ec06e585329474ff339c271f8812cb8a31a0e84861a7bf1377247190bf063d41b20133aabc30203010001a317301530130603551d25040c300a06082b06010505070301300d06092a864886f70d0101050500038181008a82f9fd8b6c61b2279312122efec7b7303147a41a61f2aa53b2f1266b18e42032769322040f063d2dfac0472969c9c15c0c343fbf27fb0c1bf07da10d251deba4b5016625e889f8494e909db87fe8b4bff43bee51ad62202e97baeb3280371e2e261f376934ac4398c0f62abd49eb03e5392c7356d5befc4527ef00b3cc63be000394
    EAP-Message = 
0x30820390308202f9a003020102020900e80a8ba193c27c94300d06092a864886f70d010105050030818d310b300906035504061302564e310e300c0603550408130548616e6f69310e300c0603550407130548616e6f69310e300c060355040a130552444c6162310d300b060355040b130457694669311930170603550403131072646c61622e64796e646e732e6f72673124302206092a864886f70d010901161576616e68756e673232303540676d61696c2e636f6d301e170d3039303832363134333030305a170d3139303832343134333030305a30818d310b300906035504061302564e310e300c0603550408130548616e6f69310e300c0603
    EAP-Message = 0x550407130548616e6f69310e
    Message-Authenticator = 0x00000000000000000000000000000000
    State = 0x09945ffc0b97463c3aef342532c8f473
Finished request 2.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 192.168.0.2 port 1024, id=143, 
length=269
Sending duplicate reply to client localhost port 1024 - ID: 143
Sending Access-Challenge of id 143 to 192.168.0.2 port 1024
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 192.168.0.2 port 1024, id=144, 
length=160
    User-Name = "hung"
    NAS-IP-Address = 192.168.0.2
    NAS-Port = 0
    Called-Station-Id = "00-1E-E5-9B-9A-FE:LCK"
    Calling-Station-Id = "00-17-C4-8C-2C-C8"
    Framed-MTU = 1400
    NAS-Port-Type = Wireless-802.11
    Connect-Info = "CONNECT 11Mbps 802.11b"
    EAP-Message = 0x020300061900
    State = 0x09945ffc0b97463c3aef342532c8f473
    Message-Authenticator = 0x8cacb8e566ba71bec2174474eebc8af6
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
[eap] EAP packet type response id 3 length 6
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
[peap] Received TLS ACK
[peap] ACK handshake fragment handler
[peap] eaptls_verify returned 1
[peap] eaptls_process returned 13
[peap] EAPTLS_HANDLED
++[eap] returns handled
Sending Access-Challenge of id 144 to 192.168.0.2 port 1024
    EAP-Message = 
0x0104029a1900300c060355040a130552444c6162310d300b060355040b130457694669311930170603550403131072646c61622e64796e646e732e6f72673124302206092a864886f70d010901161576616e68756e673232303540676d61696c2e636f6d30819f300d06092a864886f70d010101050003818d0030818902818100db279fc63201483390df79f70080f551dbb699f6bd461bededff1a1d548f29c517859ad8c89aaf674c72e85a37ea305da0fa9a50ad28ca93fb5fda9a345231c086d50e0fd0ce5551420cd3281e051d8d952009be0a3d65e8aabc03d1d2dae6406bdf522d9710bbdf37f23e346d46ea3633fb3e58da4e81c1535f837f
    EAP-Message = 
0x7fbb3d910203010001a381f53081f2301d0603551d0e0416041496a25a81024c4bff542ee201512e84777edc2a403081c20603551d230481ba3081b7801496a25a81024c4bff542ee201512e84777edc2a40a18193a4819030818d310b300906035504061302564e310e300c0603550408130548616e6f69310e300c0603550407130548616e6f69310e300c060355040a130552444c6162310d300b060355040b130457694669311930170603550403131072646c61622e64796e646e732e6f72673124302206092a864886f70d010901161576616e68756e673232303540676d61696c2e636f6d820900e80a8ba193c27c94300c0603551d13040530
    EAP-Message = 
0x030101ff300d06092a864886f70d010105050003818100762232f9975b93ae7c95735de73d8b722b16c08674a432c929d5660a34feb33a8c442febe85711a7896e361135cfa3df658bca5b3a7691d348742553977f0c0fba660f53f160fea98c0357e33351f35e61f0f98a7f2f57d323de73af18c20c4b625201c1362b8af3322c8163240e5ec11cb487c74d704b358bfa74f9e802a5cf16030100040e000000
    Message-Authenticator = 0x00000000000000000000000000000000
    State = 0x09945ffc0a90463c3aef342532c8f473
Finished request 3.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 192.168.0.2 port 1024, id=144, 
length=160
Sending duplicate reply to client localhost port 1024 - ID: 144
Sending Access-Challenge of id 144 to 192.168.0.2 port 1024
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 192.168.0.2 port 1024, id=145, 
length=362
    User-Name = "hung"
    NAS-IP-Address = 192.168.0.2
    NAS-Port = 0
    Called-Station-Id = "00-1E-E5-9B-9A-FE:LCK"
    Calling-Station-Id = "00-17-C4-8C-2C-C8"
    Framed-MTU = 1400
    NAS-Port-Type = Wireless-802.11
    Connect-Info = "CONNECT 11Mbps 802.11b"
    EAP-Message = 
0x020400d01980000000c616030100861000008200808bdbfebac8c74565753b3f8a8407ab1489924b16358d622636bc5f6d224b7b6f516804af047ddd2342e2d7651d788f565d1ebde3f4746e9a1e498998e5d8223a04f481646860d0f735b12904fa67b7001cb2d1428b9fcfe9b5ec66d067a4a28756e74f1b29c5ec2eb30665be3c1a40cd127c5760e539656abdfc7829a2a840fd14030100010116030100307afc94045eaa1c6c00ddaa8e21fbed34668792dc480c7131028eef9753b1e7bed95dcf1cb69ecdd1a26b54c68da374b3
    State = 0x09945ffc0a90463c3aef342532c8f473
    Message-Authenticator = 0x595e4031385d17e480ca50188f4b019a
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
[eap] EAP packet type response id 4 length 208
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
  TLS Length 198
[peap] Length Included
[peap] eaptls_verify returned 11
[peap] <<< TLS 1.0 Handshake [length 0086], ClientKeyExchange 
[peap]     TLS_accept: SSLv3 read client key exchange A
[peap] <<< TLS 1.0 ChangeCipherSpec [length 0001] 
[peap] <<< TLS 1.0 Handshake [length 0010], Finished 
[peap]     TLS_accept: SSLv3 read finished A
[peap] >>> TLS 1.0 ChangeCipherSpec [length 0001] 
[peap]     TLS_accept: SSLv3 write change cipher spec A
[peap] >>> TLS 1.0 Handshake [length 0010], Finished 
[peap]     TLS_accept: SSLv3 write finished A
[peap]     TLS_accept: SSLv3 flush data
[peap]     (other): SSL negotiation finished successfully
SSL Connection Established
[peap] eaptls_process returned 13
[peap] EAPTLS_HANDLED
++[eap] returns handled
Sending Access-Challenge of id 145 to 192.168.0.2 port 1024
    EAP-Message = 
0x0105004119001403010001011603010030d186e5c8b303934b35fef80891656d7ca02e857ccc105c53ee51251bb29383aec5847385a24d91f0eb84a84baa1660e6
    Message-Authenticator = 0x00000000000000000000000000000000
    State = 0x09945ffc0d91463c3aef342532c8f473
Finished request 4.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 192.168.0.2 port 1024, id=145, 
length=362
Sending duplicate reply to client localhost port 1024 - ID: 145
Sending Access-Challenge of id 145 to 192.168.0.2 port 1024
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 192.168.0.2 port 1024, id=146, 
length=160
    User-Name = "hung"
    NAS-IP-Address = 192.168.0.2
    NAS-Port = 0
    Called-Station-Id = "00-1E-E5-9B-9A-FE:LCK"
    Calling-Station-Id = "00-17-C4-8C-2C-C8"
    Framed-MTU = 1400
    NAS-Port-Type = Wireless-802.11
    Connect-Info = "CONNECT 11Mbps 802.11b"
    EAP-Message = 0x020500061900
    State = 0x09945ffc0d91463c3aef342532c8f473
    Message-Authenticator = 0xc42da73879b55cd71893e88f31e3bf8a
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
[eap] EAP packet type response id 5 length 6
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
[peap] Received TLS ACK
[peap] ACK handshake is finished
[peap] eaptls_verify returned 3
[peap] eaptls_process returned 3
[peap] EAPTLS_SUCCESS
++[eap] returns handled
Sending Access-Challenge of id 146 to 192.168.0.2 port 1024
    EAP-Message = 
0x0106002b1900170301002097aac09de2eee9a724ca523994a0eb3ec20127d56dd8f609ca7e49a9ab523d99
    Message-Authenticator = 0x00000000000000000000000000000000
    State = 0x09945ffc0c92463c3aef342532c8f473
Finished request 5.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 192.168.0.2 port 1024, id=146, 
length=160
Sending duplicate reply to client localhost port 1024 - ID: 146
Sending Access-Challenge of id 146 to 192.168.0.2 port 1024
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 192.168.0.2 port 1024, id=147, 
length=197
    User-Name = "hung"
    NAS-IP-Address = 192.168.0.2
    NAS-Port = 0
    Called-Station-Id = "00-1E-E5-9B-9A-FE:LCK"
    Calling-Station-Id = "00-17-C4-8C-2C-C8"
    Framed-MTU = 1400
    NAS-Port-Type = Wireless-802.11
    Connect-Info = "CONNECT 11Mbps 802.11b"
    EAP-Message = 
0x0206002b190017030100202af709546e11ea1a32e4357f545b7e2a7d35adc1ac61d77ff88857c763d007ee
    State = 0x09945ffc0c92463c3aef342532c8f473
    Message-Authenticator = 0x48ce7e5ce68eb823fb9b31aa5a37c4e0
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
[eap] EAP packet type response id 6 length 43
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
[peap] eaptls_verify returned 7
[peap] Done initial handshake
[peap] eaptls_process returned 7
[peap] EAPTLS_OK
[peap] Session established.  Decoding tunneled attributes.
[peap] Identity - hung
[peap] Got tunneled request
    EAP-Message = 0x020600090168756e67
server  {
  PEAP: Got tunneled identity of hung
  PEAP: Setting default EAP type for tunneled EAP session.
  PEAP: Setting User-Name to hung
Sending tunneled request
    EAP-Message = 0x020600090168756e67
    FreeRADIUS-Proxied-To = 127.0.0.1
    User-Name = "hung"
server inner-tunnel {
+- entering group authorize {...}
++[chap] returns noop
++[mschap] returns noop
++[unix] returns notfound
[suffix] No '@' in User-Name = "hung", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
++[control] returns noop
[eap] EAP packet type response id 6 length 9
[eap] No EAP Start, assuming it's an on-going EAP conversation
++[eap] returns updated
[files] users: Matched entry hung at line 91
++[files] returns ok
++[expiration] returns noop
++[logintime] returns noop
[pap] Found existing Auth-Type, not changing it.
++[pap] returns noop
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] EAP Identity
[eap] processing type mschapv2
rlm_eap_mschapv2: Issuing Challenge
++[eap] returns handled
} # server inner-tunnel
[peap] Got tunneled reply code 11
    EAP-Message = 
0x0107001e1a01070019101fca91b0376148a4f0fd4f6fa463445968756e67
    Message-Authenticator = 0x00000000000000000000000000000000
    State = 0x30ed615030ea7b7f26980120ae4d5ea2
[peap] Got tunneled reply RADIUS code 11
    EAP-Message = 
0x0107001e1a01070019101fca91b0376148a4f0fd4f6fa463445968756e67
    Message-Authenticator = 0x00000000000000000000000000000000
    State = 0x30ed615030ea7b7f26980120ae4d5ea2
[peap] Got tunneled Access-Challenge
++[eap] returns handled
Sending Access-Challenge of id 147 to 192.168.0.2 port 1024
    EAP-Message = 
0x0107003b19001703010030acea34ba364c5e7ad6a748a9ad768753e24608fa64111fa3786eade542a1ab9611abc97fdc9e45a65d62a5b2317adea1
    Message-Authenticator = 0x00000000000000000000000000000000
    State = 0x09945ffc0f93463c3aef342532c8f473
Finished request 6.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 192.168.0.2 port 1024, id=147, 
length=197
Sending duplicate reply to client localhost port 1024 - ID: 147
Sending Access-Challenge of id 147 to 192.168.0.2 port 1024
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 192.168.0.2 port 1024, id=148, 
length=245
    User-Name = "hung"
    NAS-IP-Address = 192.168.0.2
    NAS-Port = 0
    Called-Station-Id = "00-1E-E5-9B-9A-FE:LCK"
    Calling-Station-Id = "00-17-C4-8C-2C-C8"
    Framed-MTU = 1400
    NAS-Port-Type = Wireless-802.11
    Connect-Info = "CONNECT 11Mbps 802.11b"
    EAP-Message = 
0x0207005b190017030100503789c52759d13397450310d73512e08eab78acec6f019d37dfb1d3bc627faa0f0ea70db5264992c2c1ba9ef72a38e467ff0f361a444a4f66e8714f431d7ba75f1d2fd6f9b35f6be9398a051eb51c4cee
    State = 0x09945ffc0f93463c3aef342532c8f473
    Message-Authenticator = 0xdd99eadb80af6786062cf4532a2ac7b3
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
[eap] EAP packet type response id 7 length 91
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
[peap] eaptls_verify returned 7
[peap] Done initial handshake
[peap] eaptls_process returned 7
[peap] EAPTLS_OK
[peap] Session established.  Decoding tunneled attributes.
[peap] EAP type mschapv2
[peap] Got tunneled request
    EAP-Message = 
0x0207003f1a0207003a31b24df754018372abc900adb6c80448f60000000000000000242bcdf9531f27acab4fb7646ebd16c9dfe3993dc54aa9630068756e67
server  {
  PEAP: Setting User-Name to hung
Sending tunneled request
    EAP-Message = 
0x0207003f1a0207003a31b24df754018372abc900adb6c80448f60000000000000000242bcdf9531f27acab4fb7646ebd16c9dfe3993dc54aa9630068756e67
    FreeRADIUS-Proxied-To = 127.0.0.1
    User-Name = "hung"
    State = 0x30ed615030ea7b7f26980120ae4d5ea2
server inner-tunnel {
+- entering group authorize {...}
++[chap] returns noop
++[mschap] returns noop
++[unix] returns notfound
[suffix] No '@' in User-Name = "hung", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
++[control] returns noop
[eap] EAP packet type response id 7 length 63
[eap] No EAP Start, assuming it's an on-going EAP conversation
++[eap] returns updated
[files] users: Matched entry hung at line 91
++[files] returns ok
++[expiration] returns noop
++[logintime] returns noop
[pap] Found existing Auth-Type, not changing it.
++[pap] returns noop
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/mschapv2
[eap] processing type mschapv2
[mschapv2] +- entering group MS-CHAP {...}
[mschap] Told to do MS-CHAPv2 for hung with NT-Password
[mschap] adding MS-CHAPv2 MPPE keys
++[mschap] returns ok
MSCHAP Success
++[eap] returns handled
} # server inner-tunnel
[peap] Got tunneled reply code 11
    EAP-Message = 
0x010800331a0307002e533d41333639313132464332374139353243333343313436463641343541374544324336414134374644
    Message-Authenticator = 0x00000000000000000000000000000000
    State = 0x30ed615031e57b7f26980120ae4d5ea2
[peap] Got tunneled reply RADIUS code 11
    EAP-Message = 
0x010800331a0307002e533d41333639313132464332374139353243333343313436463641343541374544324336414134374644
    Message-Authenticator = 0x00000000000000000000000000000000
    State = 0x30ed615031e57b7f26980120ae4d5ea2
[peap] Got tunneled Access-Challenge
++[eap] returns handled
Sending Access-Challenge of id 148 to 192.168.0.2 port 1024
    EAP-Message = 
0x0108005b19001703010050812b12ad6be4c0b58ae49a03fe16a9e759fcc568963d94b6423571c49e72eb71a4a0f5e6117355df6ef454be2d74d0e113d3bf0cb53e2498f4f3d05404c828e2a5613a7d7811c2ac8dc5ea13c3d514f8
    Message-Authenticator = 0x00000000000000000000000000000000
    State = 0x09945ffc0e9c463c3aef342532c8f473
Finished request 7.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 192.168.0.2 port 1024, id=148, 
length=245
Sending duplicate reply to client localhost port 1024 - ID: 148
Sending Access-Challenge of id 148 to 192.168.0.2 port 1024
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 192.168.0.2 port 1024, id=149, 
length=197
    User-Name = "hung"
    NAS-IP-Address = 192.168.0.2
    NAS-Port = 0
    Called-Station-Id = "00-1E-E5-9B-9A-FE:LCK"
    Calling-Station-Id = "00-17-C4-8C-2C-C8"
    Framed-MTU = 1400
    NAS-Port-Type = Wireless-802.11
    Connect-Info = "CONNECT 11Mbps 802.11b"
    EAP-Message = 
0x0208002b1900170301002023eabd68c252532f45928e383355c30f57be2542522f577cfad2c81ae1361533
    State = 0x09945ffc0e9c463c3aef342532c8f473
    Message-Authenticator = 0xf0514d6e47fd75079ce8653f0c07a816
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
[eap] EAP packet type response id 8 length 43
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
[peap] eaptls_verify returned 7
[peap] Done initial handshake
[peap] eaptls_process returned 7
[peap] EAPTLS_OK
[peap] Session established.  Decoding tunneled attributes.
[peap] EAP type mschapv2
[peap] Got tunneled request
    EAP-Message = 0x020800061a03
server  {
  PEAP: Setting User-Name to hung
Sending tunneled request
    EAP-Message = 0x020800061a03
    FreeRADIUS-Proxied-To = 127.0.0.1
    User-Name = "hung"
    State = 0x30ed615031e57b7f26980120ae4d5ea2
server inner-tunnel {
+- entering group authorize {...}
++[chap] returns noop
++[mschap] returns noop
++[unix] returns notfound
[suffix] No '@' in User-Name = "hung", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
++[control] returns noop
[eap] EAP packet type response id 8 length 6
[eap] No EAP Start, assuming it's an on-going EAP conversation
++[eap] returns updated
[files] users: Matched entry hung at line 91
++[files] returns ok
++[expiration] returns noop
++[logintime] returns noop
[pap] Found existing Auth-Type, not changing it.
++[pap] returns noop
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/mschapv2
[eap] processing type mschapv2
[eap] Freeing handler
++[eap] returns ok
Login OK: [hung] (from client localhost port 0 via TLS tunnel)
} # server inner-tunnel
[peap] Got tunneled reply code 2
    EAP-Message = 0x03080004
    Message-Authenticator = 0x00000000000000000000000000000000
    User-Name = "hung"
[peap] Got tunneled reply RADIUS code 2
    EAP-Message = 0x03080004
    Message-Authenticator = 0x00000000000000000000000000000000
    User-Name = "hung"
[peap] Tunneled authentication was successful.
[peap] SUCCESS
++[eap] returns handled
Sending Access-Challenge of id 149 to 192.168.0.2 port 1024
    EAP-Message = 
0x0109002b19001703010020d3bceac5711dc8705f5ef1be9a9033a2a48bdcabf76210563e5702faabac60c6
    Message-Authenticator = 0x00000000000000000000000000000000
    State = 0x09945ffc019d463c3aef342532c8f473
Finished request 8.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 192.168.0.2 port 1024, id=149, 
length=197
Sending duplicate reply to client localhost port 1024 - ID: 149
Sending Access-Challenge of id 149 to 192.168.0.2 port 1024
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 192.168.0.2 port 1024, id=150, 
length=197
    User-Name = "hung"
    NAS-IP-Address = 192.168.0.2
    NAS-Port = 0
    Called-Station-Id = "00-1E-E5-9B-9A-FE:LCK"
    Calling-Station-Id = "00-17-C4-8C-2C-C8"
    Framed-MTU = 1400
    NAS-Port-Type = Wireless-802.11
    Connect-Info = "CONNECT 11Mbps 802.11b"
    EAP-Message = 
0x0209002b19001703010020a2816416dff2d67ddae415cc3fae80715929de76149607a7757c14e83541027b
    State = 0x09945ffc019d463c3aef342532c8f473
    Message-Authenticator = 0x262c8d17f695699416cc9819a38c84b5
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
[eap] EAP packet type response id 9 length 43
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
[peap] eaptls_verify returned 7
[peap] Done initial handshake
[peap] eaptls_process returned 7
[peap] EAPTLS_OK
[peap] Session established.  Decoding tunneled attributes.
[peap] Received EAP-TLV response.
[peap] Success
[eap] Freeing handler
++[eap] returns ok
Login OK: [hung] (from client localhost port 0 cli 00-17-C4-8C-2C-C8)
+- entering group post-auth {...}
[reply_log]     expand: 
/usr/local/var/log/radius/radacct/%{Client-IP-Address}/reply-detail-%Y%m%d 
-> /usr/local/var/log/radius/radacct/192.168.0.2/reply-detail-20100424
[reply_log] 
/usr/local/var/log/radius/radacct/%{Client-IP-Address}/reply-detail-%Y%m%d 
expands to 
/usr/local/var/log/radius/radacct/192.168.0.2/reply-detail-20100424
[reply_log]     expand: %t -> Sat Apr 24 07:00:16 2010
++[reply_log] returns ok
[sql]     expand: %{Stripped-User-Name} ->
[sql]     expand: %{User-Name} -> hung
[sql]     expand: %{%{User-Name}:-DEFAULT} -> hung
[sql]     expand: %{%{Stripped-User-Name}:-%{%{User-Name}:-DEFAULT}} -> hung
[sql] sql_set_user escaped user --> 'hung'
[sql]     expand: INSERT INTO radpostauth                           
(username,pass,reply, authdate)                           VALUES 
(                           '%{User-Name}',                    
'%{User-Password}',                          '%{reply:Packet-Type}', 
'%S') -> INSERT INTO radpostauth                           
(username,pass,reply, authdate)                           VALUES 
(                           'hung',                    
'',                          'Access-Accept', '2010-04-24 07:00:16')
rlm_sql (sql) in sql_postauth: query is INSERT INTO 
radpostauth                           (username,pass,reply, 
authdate)                           VALUES (                           
'hung',                    '',                          'Access-Accept', 
'2010-04-24 07:00:16')
rlm_sql (sql): Reserving sql socket id: 2
rlm_sql (sql): Released sql socket id: 2
++[sql] returns ok
++[exec] returns noop
Sending Access-Accept of id 150 to 192.168.0.2 port 1024
    MS-MPPE-Recv-Key = 
0x3013440c697761f69a75e70dcc006e7aa69349f107589f89a488212b6a11cc9e
    MS-MPPE-Send-Key = 
0xf35fc13294fa122fd2c858a086bf73a8b0830443c080c1c443253b57c9e7f59a
    EAP-Message = 0x03090004
    Message-Authenticator = 0x00000000000000000000000000000000
    User-Name = "hung"
Finished request 9.
Going to the next request
Waking up in 4.8 seconds.
rad_recv: Access-Request packet from host 192.168.0.2 port 1024, id=150, 
length=197
Sending duplicate reply to client localhost port 1024 - ID: 150
Sending Access-Accept of id 150 to 192.168.0.2 port 1024
Waking up in 4.8 seconds.
Cleaning up request 0 ID 141 with timestamp +9
Cleaning up request 1 ID 142 with timestamp +9
Cleaning up request 2 ID 143 with timestamp +9
Cleaning up request 3 ID 144 with timestamp +9
Cleaning up request 4 ID 145 with timestamp +9
Cleaning up request 5 ID 146 with timestamp +9
Cleaning up request 6 ID 147 with timestamp +9
Cleaning up request 7 ID 148 with timestamp +9
Cleaning up request 8 ID 149 with timestamp +9
Cleaning up request 9 ID 150 with timestamp +9
Ready to process requests.
Ready to process requests.
Exiting normally.
rlm_sql (sql): Closing sqlsocket 4
rlm_sql (sql): Closing sqlsocket 3
rlm_sql (sql): Closing sqlsocket 2
rlm_sql (sql): Closing sqlsocket 1
rlm_sql (sql): Closing sqlsocket 0


Many thanks,
Vu Hung.



More information about the Freeradius-Users mailing list