Help with Freeradius + MySQL Problem....
Ale Luna
ale-luna at argentina.com
Mon Jan 18 16:43:54 CET 2010
Hi to all
I have the following problem with my FreeRADIUS 2.1.8 + MySQL 5.0.75-0ubuntu10.2
I configure my Freeradius in the most basic configuration like You recommend in your SQL HOWTO and I can Authenticate an
user whit the users file and everithing runs very well with all my users ....
Now I configure It with MySQL and My Freeradius is talking with MySQL but I Can't get an Access-Accept to my users
If I run a radtest, I can have an Access-Accept but when I run with my Laptop using Windows XP SP3 I only have an
Access-Reject...
This is my radiusd -X output, when I run my radtest and I can get an Access-Accept
root at servidor1-desktop:/usr/local/etc/raddb# radtest alexmoon prueba 127.0.0.1 1812 testing123
rad_recv: Access-Request packet from host 127.0.0.1 port 32878, id=165, length=60
User-Name = "alexmoon"
User-Password = "prueba"
NAS-IP-Address = 127.0.1.1
NAS-Port = 1812
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
[suffix] No '@' in User-Name = "alexmoon", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] No EAP-Message, not doing EAP
++[eap] returns noop
++[unix] returns notfound
++[files] returns noop
[sql] expand: %{User-Name} -> alexmoon
[sql] sql_set_user escaped user --> 'alexmoon'
rlm_sql (sql): Reserving sql socket id: 4
[sql] expand: SELECT id, username, attribute, value, op FROM radcheck WHERE username = '%{SQL-User-Name}' ORDER BY id -> SELECT id, username, attribute, value, op FROM radcheck WHERE username = 'alexmoon' ORDER BY id
[sql] User found in radcheck table
[sql] expand: SELECT id, username, attribute, value, op FROM radreply WHERE username = '%{SQL-User-Name}' ORDER BY id -> SELECT id, username, attribute, value, op FROM radreply WHERE username = 'alexmoon' ORDER BY id
[sql] expand: SELECT groupname FROM radusergroup WHERE username = '%{SQL-User-Name}' ORDER BY priority -> SELECT groupname FROM radusergroup WHERE username = 'alexmoon' ORDER BY priority
[sql] expand: SELECT id, groupname, attribute, Value, op FROM radgroupcheck WHERE groupname = '%{Sql-Group}' ORDER BY id -> SELECT id, groupname, attribute, Value, op FROM radgroupcheck WHERE groupname = 'dynamic' ORDER BY id
[sql] User found in group dynamic
[sql] expand: SELECT id, groupname, attribute, value, op FROM radgroupreply WHERE groupname = '%{Sql-Group}' ORDER BY id -> SELECT id, groupname, attribute, value, op FROM radgroupreply WHERE groupname = 'dynamic' ORDER BY id
rlm_sql (sql): Released sql socket id: 4
++[sql] returns ok
++[expiration] returns noop
++[logintime] returns noop
++[pap] returns updated
Found Auth-Type = PAP
+- entering group PAP {...}
[pap] login attempt with password "prueba"
[pap] Using clear text password "prueba"
[pap] User authenticated successfully
++[pap] returns ok
+- entering group post-auth {...}
++[exec] returns noop
Sending Access-Accept of id 165 to 127.0.0.1 port 32878
Service-Type := Framed-User
Framed-Protocol := PPP
Framed-Compression := Van-Jacobson-TCP-IP
Framed-MTU := 1500
Finished request 0.
Going to the next request
Waking up in 4.9 seconds.
Cleaning up request 0 ID 165 with timestamp +129
Ready to process requests.
################################################################################################
And this is my radiusd -X Output with the same user when I try to authenticate my laptop, is a very large output
and I can see it is doing more than 1, 2, 3,.... request and only in the first I can see the sql interaction...
rad_recv: Access-Request packet from host 192.168.1.10 port 1060, id=0, length=178
Message-Authenticator = 0x98fe26e9ef295e0939b045b3c3883ba9
Service-Type = Framed-User
User-Name = "alexmoon"
Framed-MTU = 1488
Called-Station-Id = "00-21-27-FB-5A-10:TP-LINK"
Calling-Station-Id = "00-22-68-B7-EE-D7"
NAS-Port-Type = Wireless-802.11
Connect-Info = "CONNECT 54Mbps 802.11g"
EAP-Message = 0x0200000d01616c65786d6f6f6e
NAS-IP-Address = 192.168.1.5
NAS-Port = 1
NAS-Port-Id = "STA port # 1"
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
[suffix] No '@' in User-Name = "alexmoon", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] EAP packet type response id 0 length 13
[eap] No EAP Start, assuming it's an on-going EAP conversation
++[eap] returns updated
++[unix] returns notfound
++[files] returns noop
[sql] expand: %{User-Name} -> alexmoon
[sql] sql_set_user escaped user --> 'alexmoon'
rlm_sql (sql): Reserving sql socket id: 2
[sql] expand: SELECT id, username, attribute, value, op FROM radcheck WHERE username = '%{SQL-User-Name}' ORDER BY id -> SELECT id, username, attribute, value, op FROM radcheck WHERE username = 'alexmoon' ORDER BY id
[sql] User found in radcheck table
[sql] expand: SELECT id, username, attribute, value, op FROM radreply WHERE username = '%{SQL-User-Name}' ORDER BY id -> SELECT id, username, attribute, value, op FROM radreply WHERE username = 'alexmoon' ORDER BY id
[sql] expand: SELECT groupname FROM radusergroup WHERE username = '%{SQL-User-Name}' ORDER BY priority -> SELECT groupname FROM radusergroup WHERE username = 'alexmoon' ORDER BY priority
[sql] expand: SELECT id, groupname, attribute, Value, op FROM radgroupcheck WHERE groupname = '%{Sql-Group}' ORDER BY id -> SELECT id, groupname, attribute, Value, op FROM radgroupcheck WHERE groupname = 'dynamic' ORDER BY id
[sql] User found in group dynamic
[sql] expand: SELECT id, groupname, attribute, value, op FROM radgroupreply WHERE groupname = '%{Sql-Group}' ORDER BY id -> SELECT id, groupname, attribute, value, op FROM radgroupreply WHERE groupname = 'dynamic' ORDER BY id
rlm_sql (sql): Released sql socket id: 2
++[sql] returns ok
++[expiration] returns noop
++[logintime] returns noop
[pap] Found existing Auth-Type, not changing it.
++[pap] returns noop
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] EAP Identity
[eap] processing type md5
rlm_eap_md5: Issuing Challenge
++[eap] returns handled
Sending Access-Challenge of id 0 to 192.168.1.10 port 1060
Service-Type := Framed-User
Framed-Protocol := PPP
Framed-Compression := Van-Jacobson-TCP-IP
Framed-MTU := 1500
EAP-Message = 0x010100160410739d9907d0f007e8a5b9bf9e6ceedeb2
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x043a00db043b04154cf77263c06ef160
Finished request 10.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 192.168.1.10 port 1060, id=1, length=189
Message-Authenticator = 0x90c2a53ea79f5b5fcff2ff4effa6c9c9
Service-Type = Framed-User
User-Name = "alexmoon"
Framed-MTU = 1488
State = 0x043a00db043b04154cf77263c06ef160
Called-Station-Id = "00-21-27-FB-5A-10:TP-LINK"
Calling-Station-Id = "00-22-68-B7-EE-D7"
NAS-Port-Type = Wireless-802.11
Connect-Info = "CONNECT 54Mbps 802.11g"
EAP-Message = 0x020100060319
NAS-IP-Address = 192.168.1.5
NAS-Port = 1
NAS-Port-Id = "STA port # 1"
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
[suffix] No '@' in User-Name = "alexmoon", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] EAP packet type response id 1 length 6
[eap] No EAP Start, assuming it's an on-going EAP conversation
++[eap] returns updated
++[unix] returns notfound
++[files] returns noop
[sql] expand: %{User-Name} -> alexmoon
[sql] sql_set_user escaped user --> 'alexmoon'
rlm_sql (sql): Reserving sql socket id: 1
[sql] expand: SELECT id, username, attribute, value, op FROM radcheck WHERE username = '%{SQL-User-Name}' ORDER BY id -> SELECT id, username, attribute, value, op FROM radcheck WHERE username = 'alexmoon' ORDER BY id
[sql] User found in radcheck table
[sql] expand: SELECT id, username, attribute, value, op FROM radreply WHERE username = '%{SQL-User-Name}' ORDER BY id -> SELECT id, username, attribute, value, op FROM radreply WHERE username = 'alexmoon' ORDER BY id
[sql] expand: SELECT groupname FROM radusergroup WHERE username = '%{SQL-User-Name}' ORDER BY priority -> SELECT groupname FROM radusergroup WHERE username = 'alexmoon' ORDER BY priority
[sql] expand: SELECT id, groupname, attribute, Value, op FROM radgroupcheck WHERE groupname = '%{Sql-Group}' ORDER BY id -> SELECT id, groupname, attribute, Value, op FROM radgroupcheck WHERE groupname = 'dynamic' ORDER BY id
[sql] User found in group dynamic
[sql] expand: SELECT id, groupname, attribute, value, op FROM radgroupreply WHERE groupname = '%{Sql-Group}' ORDER BY id -> SELECT id, groupname, attribute, value, op FROM radgroupreply WHERE groupname = 'dynamic' ORDER BY id
rlm_sql (sql): Released sql socket id: 1
++[sql] returns ok
++[expiration] returns noop
++[logintime] returns noop
[pap] Found existing Auth-Type, not changing it.
++[pap] returns noop
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP NAK
[eap] EAP-NAK asked for EAP-Type/peap
[eap] processing type tls
[tls] Initiate
[tls] Start returned 1
++[eap] returns handled
Sending Access-Challenge of id 1 to 192.168.1.10 port 1060
Service-Type := Framed-User
Framed-Protocol := PPP
Framed-Compression := Van-Jacobson-TCP-IP
Framed-MTU := 1500
EAP-Message = 0x010200061920
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x043a00db053819154cf77263c06ef160
Finished request 11.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 192.168.1.10 port 1060, id=2, length=263
Message-Authenticator = 0xeeb28ab0ada1ad4ba26125a9d6c10d0c
Service-Type = Framed-User
User-Name = "alexmoon"
Framed-MTU = 1488
State = 0x043a00db053819154cf77263c06ef160
Called-Station-Id = "00-21-27-FB-5A-10:TP-LINK"
Calling-Station-Id = "00-22-68-B7-EE-D7"
NAS-Port-Type = Wireless-802.11
Connect-Info = "CONNECT 54Mbps 802.11g"
EAP-Message = 0x0202005019800000004616030100410100003d03014b4fad659a9ce2fbeb4f5ffea969ffa643916fb5fe5947f16116d57cdbd2507a00001600040005000a000900640062000300060013001200630100
NAS-IP-Address = 192.168.1.5
NAS-Port = 1
NAS-Port-Id = "STA port # 1"
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
[suffix] No '@' in User-Name = "alexmoon", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] EAP packet type response id 2 length 80
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
TLS Length 70
[peap] Length Included
[peap] eaptls_verify returned 11
[peap] (other): before/accept initialization
[peap] TLS_accept: before/accept initialization
[peap] <<< TLS 1.0 Handshake [length 0041], ClientHello
[peap] TLS_accept: SSLv3 read client hello A
[peap] >>> TLS 1.0 Handshake [length 002a], ServerHello
[peap] TLS_accept: SSLv3 write server hello A
[peap] >>> TLS 1.0 Handshake [length 085e], Certificate
[peap] TLS_accept: SSLv3 write certificate A
[peap] >>> TLS 1.0 Handshake [length 0004], ServerHelloDone
[peap] TLS_accept: SSLv3 write server done A
[peap] TLS_accept: SSLv3 flush data
[peap] TLS_accept: Need to read more data: SSLv3 read client certificate A
In SSL Handshake Phase
In SSL Accept mode
[peap] eaptls_process returned 13
[peap] EAPTLS_HANDLED
++[eap] returns handled
Sending Access-Challenge of id 2 to 192.168.1.10 port 1060
EAP-Message = 0x0103040019c00000089b160301002a0200002603014b4fad608e1611c18dd5080c12aa082cfa8dbab65a830ff3d7f424f6a876d40700000400160301085e0b00085a0008570003a6308203a23082028aa003020102020101300d06092a864886f70d0101040500308193310b3009060355040613024652310f300d060355040813065261646975733112301006035504071309536f6d65776865726531153013060355040a130c4578616d706c6520496e632e3120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d312630240603550403131d4578616d706c6520436572746966696361746520417574686f72697479
EAP-Message = 0x301e170d3039313232343138323330365a170d3130313232343138323330365a307c310b3009060355040613024652310f300d0603550408130652616469757331153013060355040a130c4578616d706c6520496e632e312330210603550403131a4578616d706c65205365727665722043657274696669636174653120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d30820122300d06092a864886f70d01010105000382010f003082010a0282010100cf4dc6ad3d327155612f45f3a965c735dd65532ed0d3b9abb36a4e8a15c7650f375fc676baddfbafd21fba35dad2819fa96aa3dbee1849eb8f945049b6bb
EAP-Message = 0x6ab5cd9a58a1a4f661dce9a69e81422473bed1c7a47f708abdc60fd13b1c29fdef726b675346e590013ea3cae14bbb57c8b1582d0e5c6c02a4c4dec2a24dbfcc984f04f0cef38473118b210722e07d7c28b1f6d4520b85dcd4bf36744920f63535dbf5a4700464fb667b30ac94afa0c407905ea03d5977095f804fffdda7834cbb5ac049d498465f24b71be83d8ae93d015530b760a5080dbe28c2456797b34e1dc478a32906cadfb203d8b11a4fb4b1e90538f20fe427d0e34f047c3ca198543bf30203010001a317301530130603551d25040c300a06082b06010505070301300d06092a864886f70d0101040500038201010003c62e5e0d0244b6f5
EAP-Message = 0x9925e951afecbeb0abf6f3a3e953bdfc1c85048b10d067ed86802d4dcd24ce16f5f6432e202dd5e91ce09a405e5f4f218406ca5e4172f15d392905f70a4d3a4512140c307fd68abac0255be7e3b551b3b4a6c63ae85bbb451dc136fc5f937d8789bdd5a5f9167ed5e75a50e4f847becb0e87c52e45cfc59f0363036d4a198e6b972c0d759e9f457c2d34946b5c220e3f7d49f01eb6f507333d3295720a1fc945b35c372a99974c54b72f5436739626328fec5ce6d4e5ca5e2149a3b92369400777cce709b3cde7af38a12d1b2b26d8de204a049257ecb700f901e156bede5e82ab6cdbf4428a9ef5bbf80f0b55ab5e9144e6f074407e350004ab308204
EAP-Message = 0xa73082038fa0030201020209
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x043a00db063919154cf77263c06ef160
Finished request 12.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 192.168.1.10 port 1060, id=3, length=189
Message-Authenticator = 0xb6576d7ee5e01e197c632fe7d20f45a1
Service-Type = Framed-User
User-Name = "alexmoon"
Framed-MTU = 1488
State = 0x043a00db063919154cf77263c06ef160
Called-Station-Id = "00-21-27-FB-5A-10:TP-LINK"
Calling-Station-Id = "00-22-68-B7-EE-D7"
NAS-Port-Type = Wireless-802.11
Connect-Info = "CONNECT 54Mbps 802.11g"
EAP-Message = 0x020300061900
NAS-IP-Address = 192.168.1.5
NAS-Port = 1
NAS-Port-Id = "STA port # 1"
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
[suffix] No '@' in User-Name = "alexmoon", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] EAP packet type response id 3 length 6
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
[peap] Received TLS ACK
[peap] ACK handshake fragment handler
[peap] eaptls_verify returned 1
[peap] eaptls_process returned 13
[peap] EAPTLS_HANDLED
++[eap] returns handled
Sending Access-Challenge of id 3 to 192.168.1.10 port 1060
EAP-Message = 0x010403fc194000b526c63ec2860c41300d06092a864886f70d0101050500308193310b3009060355040613024652310f300d060355040813065261646975733112301006035504071309536f6d65776865726531153013060355040a130c4578616d706c6520496e632e3120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d312630240603550403131d4578616d706c6520436572746966696361746520417574686f72697479301e170d3039313232343138323330365a170d3130313232343138323330365a308193310b3009060355040613024652310f300d060355040813065261646975733112301006035504
EAP-Message = 0x071309536f6d65776865726531153013060355040a130c4578616d706c6520496e632e3120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d312630240603550403131d4578616d706c6520436572746966696361746520417574686f7269747930820122300d06092a864886f70d01010105000382010f003082010a0282010100af53216f4070226b6621456467b8083ec8228e3c839fccd9b8133d19a065df275fea1450334ce0bb9942a863872efe551ed4f1a1adfd541eb5d1e918be984db37964a4c137153f3db595dd7d0dccddbc5a5104df68e170a6eda0d63f2bb866451c254e3a49c4f4f3e1f6071e7e65d1
EAP-Message = 0x489f4144e709bfe07d05d66fc198985555dd7f1c03216c5d71a074ac4bddadec93aadba95434368ccea897fb5ad0e16ebe9a7e2813961563f7b282f63ad653dfe16fca332e5cf93c9c47b3bc6a5af350d74676d425f0d47865ad0999ce9491ef5fe1f2d1c9b8d9b78e9b6f92b0d14d663c61f26261d65e41450b7cad7d729d2c1e5215081bb4ae3dab3e09532ad597f13f0203010001a381fb3081f8301d0603551d0e041604141254e57464a345c8860b1e1368ce66bf1a2de5423081c80603551d230481c03081bd80141254e57464a345c8860b1e1368ce66bf1a2de542a18199a48196308193310b3009060355040613024652310f300d06035504
EAP-Message = 0x0813065261646975733112301006035504071309536f6d65776865726531153013060355040a130c4578616d706c6520496e632e3120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d312630240603550403131d4578616d706c6520436572746966696361746520417574686f72697479820900b526c63ec2860c41300c0603551d13040530030101ff300d06092a864886f70d0101050500038201010085166fde34033935062c9a1f91962eb3a64d55a9d0766ac75d9cc485c761eb793c76264323c8a5b665d12f821cc685509791ef32bc042d6f45380ce11393384b634483d3386b856654560cfb3758ccc63b30
EAP-Message = 0x71fc430f72b2c81d
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x043a00db073e19154cf77263c06ef160
Finished request 13.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 192.168.1.10 port 1060, id=4, length=189
Message-Authenticator = 0xb377f7d0c4cb51758726ca050fd7146f
Service-Type = Framed-User
User-Name = "alexmoon"
Framed-MTU = 1488
State = 0x043a00db073e19154cf77263c06ef160
Called-Station-Id = "00-21-27-FB-5A-10:TP-LINK"
Calling-Station-Id = "00-22-68-B7-EE-D7"
NAS-Port-Type = Wireless-802.11
Connect-Info = "CONNECT 54Mbps 802.11g"
EAP-Message = 0x020400061900
NAS-IP-Address = 192.168.1.5
NAS-Port = 1
NAS-Port-Id = "STA port # 1"
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
[suffix] No '@' in User-Name = "alexmoon", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] EAP packet type response id 4 length 6
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
[peap] Received TLS ACK
[peap] ACK handshake fragment handler
[peap] eaptls_verify returned 1
[peap] eaptls_process returned 13
[peap] EAPTLS_HANDLED
++[eap] returns handled
Sending Access-Challenge of id 4 to 192.168.1.10 port 1060
EAP-Message = 0x010500b51900794b79ea841348662131dd8b2859030e05ae6e25eb94aeeb47189dfcad0ac73fbe13bc40052ea36862e34b18ae12dd66466c5db8690b7e915696e287191d756618c6690ab8a82b0e9e63070a5beb6de3ce93a78f31894b85c798381dc69e976b052b80b01ecc3d3acb7bf8141aa124094d24b808a32a304ab9174e2e484918c7f5067e9b9126c4e14a479c915bbef300845ad0674216abb7b198b2ff6531d2f59f6c5bdc625216030100040e000000
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x043a00db003f19154cf77263c06ef160
Finished request 14.
Going to the next request
Waking up in 4.8 seconds.
rad_recv: Access-Request packet from host 192.168.1.10 port 1060, id=5, length=505
Message-Authenticator = 0x1027e3e1828740fbe58c5a21c7b36a7f
Service-Type = Framed-User
User-Name = "alexmoon"
Framed-MTU = 1488
State = 0x043a00db003f19154cf77263c06ef160
Called-Station-Id = "00-21-27-FB-5A-10:TP-LINK"
Calling-Station-Id = "00-22-68-B7-EE-D7"
NAS-Port-Type = Wireless-802.11
Connect-Info = "CONNECT 54Mbps 802.11g"
EAP-Message = 0x0205014019800000013616030101061000010201001d150b43732d1df67a2c9954e40dbd0d4b1a3942a1bf6105668d17322943422740a559b73ddb1ea538586ee1e22620c4d3cd7ce369f1cd14d6eba6d31a190ffb8d6fce52fb9f4693e44343b7d989754d8a7a6e5ee16b4b5a3ebb2937a589cab9bff4332f49ef53da68507b8bd5a96ba94d8060ec0f044c49f4759ff41d0032b1a4b34dc6c757900387e066af1ad174439e715b01a23eb989691755772e8f377fc99f4c4d7e66c82e77cf4eadc5041adcd97210283b9155398c3af6465e84b299fd0140c9ef4e0a70438af3f60e0a7a083b360ba8caef281fc5dec4df0ab765c9ac14e0299ff96b9e
EAP-Message = 0xb195517d78c1fb27bacce08d8595e6d0a735e11b894c3d5e14030100010116030100205c494488b295571f372cddd27008921d743a867ac158300c73d88eb53cdcd6c0
NAS-IP-Address = 192.168.1.5
NAS-Port = 1
NAS-Port-Id = "STA port # 1"
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
[suffix] No '@' in User-Name = "alexmoon", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] EAP packet type response id 5 length 253
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
TLS Length 310
[peap] Length Included
[peap] eaptls_verify returned 11
[peap] <<< TLS 1.0 Handshake [length 0106], ClientKeyExchange
[peap] TLS_accept: SSLv3 read client key exchange A
[peap] <<< TLS 1.0 ChangeCipherSpec [length 0001]
[peap] <<< TLS 1.0 Handshake [length 0010], Finished
[peap] TLS_accept: SSLv3 read finished A
[peap] >>> TLS 1.0 ChangeCipherSpec [length 0001]
[peap] TLS_accept: SSLv3 write change cipher spec A
[peap] >>> TLS 1.0 Handshake [length 0010], Finished
[peap] TLS_accept: SSLv3 write finished A
[peap] TLS_accept: SSLv3 flush data
[peap] (other): SSL negotiation finished successfully
SSL Connection Established
[peap] eaptls_process returned 13
[peap] EAPTLS_HANDLED
++[eap] returns handled
Sending Access-Challenge of id 5 to 192.168.1.10 port 1060
EAP-Message = 0x010600311900140301000101160301002067fe1793f016565d10b02851ee1a7248c50e5406b4074453e24b318bb0989a20
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x043a00db013c19154cf77263c06ef160
Finished request 15.
Going to the next request
Waking up in 4.7 seconds.
rad_recv: Access-Request packet from host 192.168.1.10 port 1060, id=6, length=505
Message-Authenticator = 0x728299ab490caf6af3905238fb92df7a
Service-Type = Framed-User
User-Name = "alexmoon"
Framed-MTU = 1488
State = 0xd59750e4d191490045b22f12f1b8e43e
Called-Station-Id = "00-21-27-FB-5A-10:TP-LINK"
Calling-Station-Id = "00-22-68-B7-EE-D7"
NAS-Port-Type = Wireless-802.11
Connect-Info = "CONNECT 54Mbps 802.11g"
EAP-Message = 0x020601401980000001361603010106100001020100abda5c21ed9ff50be717e2d776b293bc884bbd72c165f9493208a21442db65d253bcd44a2756a1106d21af9d68b4f242185e9b96a2f63de4fbb3999acfccb21124ca1f7d3d9586b0e3d0993f08d0d1971c6a20b653efee63056ef7cbb2e5d43e922aff8ec8c99ebe3f11fe3f1c87521b7d82f58a8dfea2f0719a87118c13122a7036fa65acc6dfcd79d244dd8b7fe6298eba29ddabf42ef10efb449328499585a9eeab013a42da816cd0dce04745a1c595f9d8c9169957c87a7fef626825a0254db8c2ab08ea84c61bf57d8991f98cb56978e10f5ffae23d025080a755dd1b162fe2643f66ff92c3
EAP-Message = 0xcdef94ee28aaa02fdae268614bf4dcd5f1492f1d4dc40ad51403010001011603010020edefeea82fcb88158e3b7734a649469f8942ca0f600b945360e10ff5f1b237ab
NAS-IP-Address = 192.168.1.5
NAS-Port = 1
NAS-Port-Id = "STA port # 1"
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
[suffix] No '@' in User-Name = "alexmoon", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] EAP packet type response id 6 length 253
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
TLS Length 310
[peap] Length Included
[peap] eaptls_verify returned 11
[peap] <<< TLS 1.0 Handshake [length 0106], ClientKeyExchange
[peap] TLS_accept: SSLv3 read client key exchange A
[peap] <<< TLS 1.0 ChangeCipherSpec [length 0001]
[peap] <<< TLS 1.0 Handshake [length 0010], Finished
[peap] TLS_accept: SSLv3 read finished A
[peap] >>> TLS 1.0 ChangeCipherSpec [length 0001]
[peap] TLS_accept: SSLv3 write change cipher spec A
[peap] >>> TLS 1.0 Handshake [length 0010], Finished
[peap] TLS_accept: SSLv3 write finished A
[peap] TLS_accept: SSLv3 flush data
[peap] (other): SSL negotiation finished successfully
SSL Connection Established
[peap] eaptls_process returned 13
[peap] EAPTLS_HANDLED
++[eap] returns handled
Sending Access-Challenge of id 6 to 192.168.1.10 port 1060
EAP-Message = 0x01070031190014030100010116030100200ce6d1a797311fb8320943f625858c9ed525457cf7b530143b24685f2d00ce32
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xd59750e4d090490045b22f12f1b8e43e
Finished request 16.
Going to the next request
Waking up in 3.7 seconds.
rad_recv: Access-Request packet from host 192.168.1.10 port 1060, id=7, length=189
Message-Authenticator = 0xf6156e7f878a80e329008af8da8b1d67
Service-Type = Framed-User
User-Name = "alexmoon"
Framed-MTU = 1488
State = 0xd59750e4d090490045b22f12f1b8e43e
Called-Station-Id = "00-21-27-FB-5A-10:TP-LINK"
Calling-Station-Id = "00-22-68-B7-EE-D7"
NAS-Port-Type = Wireless-802.11
Connect-Info = "CONNECT 54Mbps 802.11g"
EAP-Message = 0x020700061900
NAS-IP-Address = 192.168.1.5
NAS-Port = 1
NAS-Port-Id = "STA port # 1"
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
[suffix] No '@' in User-Name = "alexmoon", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] EAP packet type response id 7 length 6
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
[peap] Received TLS ACK
[peap] ACK handshake is finished
[peap] eaptls_verify returned 3
[peap] eaptls_process returned 3
[peap] EAPTLS_SUCCESS
++[eap] returns handled
Sending Access-Challenge of id 7 to 192.168.1.10 port 1060
EAP-Message = 0x0108002019001703010015bd2ca6dc31201cbac2765c94ad5303ba4129260bf8
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xd59750e4d39f490045b22f12f1b8e43e
Finished request 17.
Going to the next request
Waking up in 2.7 seconds.
rad_recv: Access-Request packet from host 192.168.1.10 port 1060, id=8, length=219
Message-Authenticator = 0xd4d619972ac59c3378c8cbbfa0c8b0aa
Service-Type = Framed-User
User-Name = "alexmoon"
Framed-MTU = 1488
State = 0xd59750e4d39f490045b22f12f1b8e43e
Called-Station-Id = "00-21-27-FB-5A-10:TP-LINK"
Calling-Station-Id = "00-22-68-B7-EE-D7"
NAS-Port-Type = Wireless-802.11
Connect-Info = "CONNECT 54Mbps 802.11g"
EAP-Message = 0x0208002419001703010019b852857840f2598aa6f763c8cf37968914ee607f6b8d338b5a
NAS-IP-Address = 192.168.1.5
NAS-Port = 1
NAS-Port-Id = "STA port # 1"
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
[suffix] No '@' in User-Name = "alexmoon", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] EAP packet type response id 8 length 36
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
[peap] eaptls_verify returned 7
[peap] Done initial handshake
[peap] eaptls_process returned 7
[peap] EAPTLS_OK
[peap] Session established. Decoding tunneled attributes.
[peap] Identity - alexmoon
[peap] Got tunneled request
EAP-Message = 0x0208000d01616c65786d6f6f6e
server {
PEAP: Got tunneled identity of alexmoon
PEAP: Setting default EAP type for tunneled EAP session.
PEAP: Setting User-Name to alexmoon
Sending tunneled request
EAP-Message = 0x0208000d01616c65786d6f6f6e
FreeRADIUS-Proxied-To = 127.0.0.1
User-Name = "alexmoon"
Service-Type = Framed-User
Framed-MTU = 1488
Called-Station-Id = "00-21-27-FB-5A-10:TP-LINK"
Calling-Station-Id = "00-22-68-B7-EE-D7"
NAS-Port-Type = Wireless-802.11
Connect-Info = "CONNECT 54Mbps 802.11g"
NAS-IP-Address = 192.168.1.5
NAS-Port = 1
NAS-Port-Id = "STA port # 1"
server inner-tunnel {
+- entering group authorize {...}
++[chap] returns noop
++[mschap] returns noop
++[unix] returns notfound
[suffix] No '@' in User-Name = "alexmoon", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
++[control] returns noop
[eap] EAP packet type response id 8 length 13
[eap] No EAP Start, assuming it's an on-going EAP conversation
++[eap] returns updated
++[files] returns noop
++[expiration] returns noop
++[logintime] returns noop
++[pap] returns noop
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] EAP Identity
[eap] processing type mschapv2
rlm_eap_mschapv2: Issuing Challenge
++[eap] returns handled
} # server inner-tunnel
[peap] Got tunneled reply code 11
EAP-Message = 0x010900221a0109001d10df7423b52603b13210d2ab29758122cd616c65786d6f6f6e
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x236e171123670dd05b80bcbd90b4450f
[peap] Got tunneled reply RADIUS code 11
EAP-Message = 0x010900221a0109001d10df7423b52603b13210d2ab29758122cd616c65786d6f6f6e
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x236e171123670dd05b80bcbd90b4450f
[peap] Got tunneled Access-Challenge
++[eap] returns handled
Sending Access-Challenge of id 8 to 192.168.1.10 port 1060
EAP-Message = 0x010900391900170301002e34b8040eee73493cdbab2165d4af7b7b846dc28272752c8c870a55590c2961a1467130f4273c935663d362439ebf
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xd59750e4d29e490045b22f12f1b8e43e
Finished request 18.
Going to the next request
Waking up in 2.6 seconds.
rad_recv: Access-Request packet from host 192.168.1.10 port 1060, id=9, length=273
Message-Authenticator = 0xe240978f209e4bbe0dc03c770b583d4e
Service-Type = Framed-User
User-Name = "alexmoon"
Framed-MTU = 1488
State = 0xd59750e4d29e490045b22f12f1b8e43e
Called-Station-Id = "00-21-27-FB-5A-10:TP-LINK"
Calling-Station-Id = "00-22-68-B7-EE-D7"
NAS-Port-Type = Wireless-802.11
Connect-Info = "CONNECT 54Mbps 802.11g"
EAP-Message = 0x0209005a1900170301004f0a8979df9593c6ea1ae7efbd97b57e6c69ce5269a3191f1cee64f80be2e37da7808f7867320332f9f5234c4e1b9efc74068bcef6c9a838994b8067c79dba9d4cdf8070b7a72e47759ac67e977924a9
NAS-IP-Address = 192.168.1.5
NAS-Port = 1
NAS-Port-Id = "STA port # 1"
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
[suffix] No '@' in User-Name = "alexmoon", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] EAP packet type response id 9 length 90
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
[peap] eaptls_verify returned 7
[peap] Done initial handshake
[peap] eaptls_process returned 7
[peap] EAPTLS_OK
[peap] Session established. Decoding tunneled attributes.
[peap] EAP type mschapv2
[peap] Got tunneled request
EAP-Message = 0x020900431a0209003e314bb8a0e4a2fed3fb7f36852ae21d2c6f0000000000000000ad31edb3c40dd7c7b3479ebdea4885e099f63702c6eb18f800616c65786d6f6f6e
server {
PEAP: Setting User-Name to alexmoon
Sending tunneled request
EAP-Message = 0x020900431a0209003e314bb8a0e4a2fed3fb7f36852ae21d2c6f0000000000000000ad31edb3c40dd7c7b3479ebdea4885e099f63702c6eb18f800616c65786d6f6f6e
FreeRADIUS-Proxied-To = 127.0.0.1
User-Name = "alexmoon"
State = 0x236e171123670dd05b80bcbd90b4450f
Service-Type = Framed-User
Framed-MTU = 1488
Called-Station-Id = "00-21-27-FB-5A-10:TP-LINK"
Calling-Station-Id = "00-22-68-B7-EE-D7"
NAS-Port-Type = Wireless-802.11
Connect-Info = "CONNECT 54Mbps 802.11g"
NAS-IP-Address = 192.168.1.5
NAS-Port = 1
NAS-Port-Id = "STA port # 1"
server inner-tunnel {
+- entering group authorize {...}
++[chap] returns noop
++[mschap] returns noop
++[unix] returns notfound
[suffix] No '@' in User-Name = "alexmoon", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
++[control] returns noop
[eap] EAP packet type response id 9 length 67
[eap] No EAP Start, assuming it's an on-going EAP conversation
++[eap] returns updated
++[files] returns noop
++[expiration] returns noop
++[logintime] returns noop
++[pap] returns noop
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/mschapv2
[eap] processing type mschapv2
[mschapv2] +- entering group MS-CHAP {...}
[mschap] No Cleartext-Password configured. Cannot create LM-Password.
[mschap] No Cleartext-Password configured. Cannot create NT-Password.
[mschap] Told to do MS-CHAPv2 for alexmoon with NT-Password
[mschap] FAILED: No NT/LM-Password. Cannot perform authentication.
[mschap] FAILED: MS-CHAP2-Response is incorrect
++[mschap] returns reject
[eap] Freeing handler
++[eap] returns reject
Failed to authenticate the user.
} # server inner-tunnel
[peap] Got tunneled reply code 3
MS-CHAP-Error = "\tE=691 R=1"
EAP-Message = 0x04090004
Message-Authenticator = 0x00000000000000000000000000000000
[peap] Got tunneled reply RADIUS code 3
MS-CHAP-Error = "\tE=691 R=1"
EAP-Message = 0x04090004
Message-Authenticator = 0x00000000000000000000000000000000
[peap] Tunneled authentication was rejected.
[peap] FAILURE
++[eap] returns handled
Sending Access-Challenge of id 9 to 192.168.1.10 port 1060
EAP-Message = 0x010a00261900170301001bcb26c0900b6c7334a11d90d38d3eae1d4bed0508ec5dcafbe5cf9e
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xd59750e4dd9d490045b22f12f1b8e43e
Finished request 19.
Going to the next request
Waking up in 2.6 seconds.
rad_recv: Access-Request packet from host 192.168.1.10 port 1060, id=10, length=221
Message-Authenticator = 0x30bd3c98fa2126beff67293312dd4d54
Service-Type = Framed-User
User-Name = "alexmoon"
Framed-MTU = 1488
State = 0xd59750e4dd9d490045b22f12f1b8e43e
Called-Station-Id = "00-21-27-FB-5A-10:TP-LINK"
Calling-Station-Id = "00-22-68-B7-EE-D7"
NAS-Port-Type = Wireless-802.11
Connect-Info = "CONNECT 54Mbps 802.11g"
EAP-Message = 0x020a00261900170301001b1cee016d3d76e97133abb3fb9e621ac14d14ed95a56470c731c8c7
NAS-IP-Address = 192.168.1.5
NAS-Port = 1
NAS-Port-Id = "STA port # 1"
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
[suffix] No '@' in User-Name = "alexmoon", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] EAP packet type response id 10 length 38
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
[peap] eaptls_verify returned 7
[peap] Done initial handshake
[peap] eaptls_process returned 7
[peap] EAPTLS_OK
[peap] Session established. Decoding tunneled attributes.
[peap] Received EAP-TLV response.
[peap] Had sent TLV failure. User was rejected earlier in this session.
[eap] Handler failed in EAP/peap
[eap] Failed in EAP select
++[eap] returns invalid
Failed to authenticate the user.
Using Post-Auth-Type Reject
+- entering group REJECT {...}
[attr_filter.access_reject] expand: %{User-Name} -> alexmoon
attr_filter: Matched entry DEFAULT at line 11
++[attr_filter.access_reject] returns updated
Delaying reject of request 20 for 1 seconds
Going to the next request
Waking up in 0.9 seconds.
Sending delayed reject for request 20
Sending Access-Reject of id 10 to 192.168.1.10 port 1060
EAP-Message = 0x040a0004
Message-Authenticator = 0x00000000000000000000000000000000
Waking up in 1.6 seconds.
Cleaning up request 10 ID 0 with timestamp +53
Cleaning up request 11 ID 1 with timestamp +53
Cleaning up request 12 ID 2 with timestamp +53
Cleaning up request 13 ID 3 with timestamp +53
Cleaning up request 14 ID 4 with timestamp +53
Cleaning up request 15 ID 5 with timestamp +53
Waking up in 1.1 seconds.
Cleaning up request 16 ID 6 with timestamp +54
Waking up in 1.0 seconds.
Cleaning up request 17 ID 7 with timestamp +55
Cleaning up request 18 ID 8 with timestamp +55
Cleaning up request 19 ID 9 with timestamp +55
Waking up in 1.0 seconds.
Cleaning up request 20 ID 10 with timestamp +55
Ready to process requests.
##############################################################################################################
If You have any sugestion I really appreciate, Thanks for your time to help me and all the people in this mailing list....
Thank you in advance...
All
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20100118/48301be7/attachment.html>
More information about the Freeradius-Users
mailing list