Accounting to MySQL not working
Christoph Schwabl
christoph.schwabl at gmx.at
Thu May 27 21:44:52 CEST 2010
I can not find a configuration mistake, the same configuration is
working with freeradius 2.0.4
If I set "sqltrace = yes", I do not get a trace file in
/var/log/freeradius with v2.1.8 (this is working with 2.0.4)
Attached is the debug log. Maybe someone has an idea, what is going wrong
Are there any changes between 2.0.4 and 2.1.8 for sql accounting, which
have to be configured to get accounting into mysql working in 2.1.8?
many thanks
christoph
debian1:/etc/freeradius# freeradius -X
FreeRADIUS Version 2.1.8, for host i486-pc-linux-gnu, built on May 26 2010 at 14:52:49
Copyright (C) 1999-2009 The FreeRADIUS server project and contributors.
There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A
PARTICULAR PURPOSE.
You may redistribute copies of FreeRADIUS under the terms of the
GNU General Public License v2.
Starting - reading configuration files ...
including configuration file /etc/freeradius/radiusd.conf
including configuration file /etc/freeradius/proxy.conf
including configuration file /etc/freeradius/clients.conf
including files in directory /etc/freeradius/modules/
including configuration file /etc/freeradius/modules/mschap
including configuration file /etc/freeradius/modules/always
including configuration file /etc/freeradius/modules/policy
including configuration file /etc/freeradius/modules/ldap
including configuration file /etc/freeradius/modules/sqlcounter_expire_on_login
including configuration file /etc/freeradius/modules/sradutmp
including configuration file /etc/freeradius/modules/digest
including configuration file /etc/freeradius/modules/expr
including configuration file /etc/freeradius/modules/detail.log
including configuration file /etc/freeradius/modules/smbpasswd
including configuration file /etc/freeradius/modules/detail.example.com
including configuration file /etc/freeradius/modules/inner-eap
including configuration file /etc/freeradius/modules/perl
including configuration file /etc/freeradius/modules/pap
including configuration file /etc/freeradius/modules/ippool
including configuration file /etc/freeradius/modules/wimax
including configuration file /etc/freeradius/modules/realm
including configuration file /etc/freeradius/modules/otp
including configuration file /etc/freeradius/modules/counter
including configuration file /etc/freeradius/modules/attr_rewrite
including configuration file /etc/freeradius/modules/echo
including configuration file /etc/freeradius/modules/krb5
including configuration file /etc/freeradius/modules/exec
including configuration file /etc/freeradius/modules/pam
including configuration file /etc/freeradius/modules/chap
including configuration file /etc/freeradius/modules/linelog
including configuration file /etc/freeradius/modules/unix
including configuration file /etc/freeradius/modules/passwd
including configuration file /etc/freeradius/modules/checkval
including configuration file /etc/freeradius/modules/etc_group
including configuration file /etc/freeradius/modules/ntlm_auth
including configuration file /etc/freeradius/modules/acct_unique
including configuration file /etc/freeradius/modules/sql_log
including configuration file /etc/freeradius/modules/radutmp
including configuration file /etc/freeradius/modules/attr_filter
including configuration file /etc/freeradius/modules/cui
including configuration file /etc/freeradius/modules/files
including configuration file /etc/freeradius/modules/smsotp
including configuration file /etc/freeradius/modules/logintime
including configuration file /etc/freeradius/modules/mac2vlan
including configuration file /etc/freeradius/modules/expiration
including configuration file /etc/freeradius/modules/detail
including configuration file /etc/freeradius/modules/mac2ip
including configuration file /etc/freeradius/modules/preprocess
including configuration file /etc/freeradius/eap.conf
including configuration file /etc/freeradius/sql.conf
including configuration file /etc/freeradius/sql/mysql/dialup.conf
including configuration file /etc/freeradius/policy.conf
including files in directory /etc/freeradius/sites-enabled/
including configuration file /etc/freeradius/sites-enabled/default.original
including configuration file /etc/freeradius/sites-enabled/inner-tunnel.original
including configuration file /etc/freeradius/sites-enabled/inner-tunnel
including configuration file /etc/freeradius/sites-enabled/default
main {
user = "freerad"
group = "freerad"
allow_core_dumps = no
}
including dictionary file /etc/freeradius/dictionary
main {
prefix = "/usr"
localstatedir = "/var"
logdir = "/var/log/freeradius"
libdir = "/usr/lib/freeradius"
radacctdir = "/var/log/freeradius/radacct"
hostname_lookups = no
max_request_time = 30
cleanup_delay = 5
max_requests = 1024
pidfile = "/var/run/freeradius/freeradius.pid"
checkrad = "/usr/sbin/checkrad"
debug_level = 0
proxy_requests = yes
log {
stripped_names = no
auth = no
auth_badpass = no
auth_goodpass = no
}
security {
max_attributes = 200
reject_delay = 1
status_server = yes
}
}
radiusd: #### Loading Realms and Home Servers ####
proxy server {
retry_delay = 5
retry_count = 3
default_fallback = no
dead_time = 120
wake_all_if_all_dead = no
}
home_server localhost {
ipaddr = 127.0.0.1
port = 1812
type = "auth"
secret = "testing123"
response_window = 20
max_outstanding = 65536
require_message_authenticator = no
zombie_period = 40
status_check = "status-server"
ping_interval = 30
check_interval = 30
num_answers_to_alive = 3
num_pings_to_alive = 3
revive_interval = 120
status_check_timeout = 4
irt = 2
mrt = 16
mrc = 5
mrd = 30
}
home_server_pool my_auth_failover {
type = fail-over
home_server = localhost
}
realm example.com {
auth_pool = my_auth_failover
}
realm LOCAL {
}
radiusd: #### Loading Clients ####
client localhost {
ipaddr = 127.0.0.1
require_message_authenticator = no
secret = "testing123"
nastype = "other"
}
radiusd: #### Instantiating modules ####
instantiate {
Module: Linked to module rlm_exec
Module: Instantiating exec
exec {
wait = no
input_pairs = "request"
shell_escape = yes
}
Module: Linked to module rlm_expr
Module: Instantiating expr
Module: Linked to module rlm_expiration
Module: Instantiating expiration
expiration {
reply-message = "Password Has Expired "
}
Module: Linked to module rlm_logintime
Module: Instantiating logintime
logintime {
reply-message = "You are calling outside your allowed timespan "
minimum-timeout = 60
}
}
radiusd: #### Loading Virtual Servers ####
server inner-tunnel {
modules {
Module: Checking authenticate {...} for more modules to load
Module: Linked to module rlm_pap
Module: Instantiating pap
pap {
encryption_scheme = "auto"
auto_header = no
}
Module: Linked to module rlm_chap
Module: Instantiating chap
Module: Linked to module rlm_mschap
Module: Instantiating mschap
mschap {
use_mppe = yes
require_encryption = no
require_strong = no
with_ntdomain_hack = no
}
Module: Linked to module rlm_unix
Module: Instantiating unix
unix {
radwtmp = "/var/log/freeradius/radwtmp"
}
Module: Linked to module rlm_eap
Module: Instantiating eap
eap {
default_eap_type = "tls"
timer_expire = 60
ignore_unknown_eap_types = no
cisco_accounting_username_bug = no
max_sessions = 4096
}
Module: Linked to sub-module rlm_eap_md5
Module: Instantiating eap-md5
Module: Linked to sub-module rlm_eap_leap
Module: Instantiating eap-leap
Module: Linked to sub-module rlm_eap_gtc
Module: Instantiating eap-gtc
gtc {
challenge = "Password: "
auth_type = "PAP"
}
Module: Linked to sub-module rlm_eap_tls
Module: Instantiating eap-tls
tls {
rsa_key_exchange = no
dh_key_exchange = yes
rsa_key_length = 512
dh_key_length = 512
verify_depth = 0
pem_file_type = yes
private_key_file = "/etc/freeradius/certs/server.key.pem"
certificate_file = "/etc/freeradius/certs/server.cert.pem"
CA_file = "/etc/freeradius/certs/cacert.pem"
private_key_password = "mypassword"
dh_file = "/etc/freeradius/certs/dh"
random_file = "/etc/freeradius/certs/random"
fragment_size = 1024
include_length = yes
check_crl = no
cipher_list = "DEFAULT"
make_cert_command = "/etc/freeradius/certs/bootstrap"
cache {
enable = no
lifetime = 24
max_entries = 255
}
}
Module: Linked to sub-module rlm_eap_ttls
Module: Instantiating eap-ttls
ttls {
default_eap_type = "md5"
copy_request_to_tunnel = no
use_tunneled_reply = no
virtual_server = "inner-tunnel"
include_length = yes
}
Module: Linked to sub-module rlm_eap_peap
Module: Instantiating eap-peap
peap {
default_eap_type = "mschapv2"
copy_request_to_tunnel = no
use_tunneled_reply = no
proxy_tunneled_request_as_eap = yes
virtual_server = "inner-tunnel"
}
Module: Linked to sub-module rlm_eap_mschapv2
Module: Instantiating eap-mschapv2
mschapv2 {
with_ntdomain_hack = no
}
Module: Checking authorize {...} for more modules to load
Module: Linked to module rlm_realm
Module: Instantiating suffix
realm suffix {
format = "suffix"
delimiter = "@"
ignore_default = no
ignore_null = no
}
Module: Linked to module rlm_files
Module: Instantiating files
files {
usersfile = "/etc/freeradius/users"
acctusersfile = "/etc/freeradius/acct_users"
preproxy_usersfile = "/etc/freeradius/preproxy_users"
compat = "no"
}
Module: Checking session {...} for more modules to load
Module: Linked to module rlm_radutmp
Module: Instantiating radutmp
radutmp {
filename = "/var/log/freeradius/radutmp"
username = "%{User-Name}"
case_sensitive = yes
check_with_nas = yes
perm = 384
callerid = yes
}
Module: Checking post-proxy {...} for more modules to load
Module: Checking post-auth {...} for more modules to load
Module: Linked to module rlm_attr_filter
Module: Instantiating attr_filter.access_reject
attr_filter attr_filter.access_reject {
attrsfile = "/etc/freeradius/attrs.access_reject"
key = "%{User-Name}"
}
} # modules
} # server
server inner-tunnel {
modules {
Module: Checking authenticate {...} for more modules to load
Module: Checking authorize {...} for more modules to load
Module: Linked to module rlm_sql
Module: Instantiating sql
sql {
driver = "rlm_sql_mysql"
server = "localhost"
port = ""
login = "radius"
password = "radpass"
radius_db = "radius"
read_groups = yes
sqltrace = yes
sqltracefile = "/var/log/freeradius/sqltrace.sql"
readclients = yes
deletestalesessions = yes
num_sql_socks = 5
lifetime = 0
max_queries = 0
sql_user_name = "%{User-Name}"
default_user_profile = ""
nas_query = "SELECT id, nasname, shortname, type, secret FROM nas"
authorize_check_query = "SELECT id, username, attribute, value, op FROM radcheck WHERE username = '%{SQL-User-Name}' ORDER BY id"
authorize_reply_query = "SELECT id, username, attribute, value, op FROM radreply WHERE username = '%{SQL-User-Name}' ORDER BY id"
authorize_group_check_query = "SELECT id, groupname, attribute, Value, op FROM radgroupcheck WHERE groupname = '%{Sql-Group}' ORDER BY id"
authorize_group_reply_query = "SELECT id, groupname, attribute, value, op FROM radgroupreply WHERE groupname = '%{Sql-Group}' ORDER BY id"
accounting_onoff_query = " UPDATE radacct SET acctstoptime = '%S', acctsessiontime = unix_timestamp('%S') - unix_timestamp(acctstarttime), acctterminatecause = '%{Acct-Terminate-Cause}', acctstopdelay = %{%{Acct-Delay-Time}:-0} WHERE acctstoptime IS NULL AND nasipaddress = '%{NAS-IP-Address}' AND acctstarttime <= '%S'"
accounting_update_query = " UPDATE radacct SET framedipaddress = '%{Framed-IP-Address}', acctsessiontime = '%{Acct-Session-Time}', acctinputoctets = '%{%{Acct-Input-Gigawords}:-0}' << 32 | '%{%{Acct-Input-Octets}:-0}', acctoutputoctets = '%{%{Acct-Output-Gigawords}:-0}' << 32 | '%{%{Acct-Output-Octets}:-0}' WHERE acctsessionid = '%{Acct-Session-Id}' AND username = '%{SQL-User-Name}' AND nasipaddress = '%{NAS-IP-Address}'"
accounting_update_query_alt = " INSERT INTO radacct (acctsessionid, acctuniqueid, username, realm, nasipaddress, nasportid, nasporttype, acctstarttime, acctsessiontime, acctauthentic, connectinfo_start, acctinputoctets, acctoutputoctets, calledstationid, callingstationid, servicetype, framedprotocol, framedipaddress, acctstartdelay, xascendsessionsvrkey) VALUES ('%{Acct-Session-Id}', '%{Acct-Unique-Session-Id}', '%{SQL-User-Name}', '%{Realm}', '%{NAS-IP-Address}', '%{NAS-Port}', '%{NAS-Port-Type}', DATE_SUB('%S', INTERVAL (%{%{Acct-Session-Time}:-0} + %{%{Acct-Delay-Time}:-0}) SECOND), '%{Acct-Session-Time}', '%{Acct-Authentic}', '', '%{%{Acct-Input-Gigawords}:-0}' << 32 | '%{%{Acct-Input-Octets}:-0}', '%{%{Acct-Output-Gigawords}:-0}' << 32 | '%{%{Acct-Output-Octets}:-0}', '%{Called-Station-Id}', '%{Calling-Station-Id}', '%{Service-Type}', '%{Framed-Protocol}', '%{Framed-IP-Address}', '0', '%{X-Ascend-Session-Svr-Key}')"
accounting_start_query = " INSERT INTO radacct (acctsessionid, acctuniqueid, username, realm, nasipaddress, nasportid, nasporttype, acctstarttime, acctstoptime, acctsessiontime, acctauthentic, connectinfo_start, connectinfo_stop, acctinputoctets, acctoutputoctets, calledstationid, callingstationid, acctterminatecause, servicetype, framedprotocol, framedipaddress, acctstartdelay, acctstopdelay, xascendsessionsvrkey) VALUES ('%{Acct-Session-Id}', '%{Acct-Unique-Session-Id}', '%{SQL-User-Name}', '%{Realm}', '%{NAS-IP-Address}', '%{NAS-Port}', '%{NAS-Port-Type}', '%S', NULL, '0', '%{Acct-Authentic}', '%{Connect-Info}', '', '0', '0', '%{Called-Station-Id}', '%{Calling-Station-Id}', '', '%{Service-Type}', '%{Framed-Protocol}', '%{Framed-IP-Address}', '%{%{Acct-Delay-Time}:-0}', '0', '%{X-Ascend-Session-Svr-Key}')"
accounting_start_query_alt = " UPDATE radacct SET acctstarttime = '%S', acctstartdelay = '%{%{Acct-Delay-Time}:-0}', connectinfo_start = '%{Connect-Info}' WHERE acctsessionid = '%{Acct-Session-Id}' AND username = '%{SQL-User-Name}' AND nasipaddress = '%{NAS-IP-Address}'"
accounting_stop_query = " UPDATE radacct SET acctstoptime = '%S', acctsessiontime = '%{Acct-Session-Time}', acctinputoctets = '%{%{Acct-Input-Gigawords}:-0}' << 32 | '%{%{Acct-Input-Octets}:-0}', acctoutputoctets = '%{%{Acct-Output-Gigawords}:-0}' << 32 | '%{%{Acct-Output-Octets}:-0}', acctterminatecause = '%{Acct-Terminate-Cause}', acctstopdelay = '%{%{Acct-Delay-Time}:-0}', connectinfo_stop = '%{Connect-Info}' WHERE acctsessionid = '%{Acct-Session-Id}' AND username = '%{SQL-User-Name}' AND nasipaddress = '%{NAS-IP-Address}'"
accounting_stop_query_alt = " INSERT INTO radacct (acctsessionid, acctuniqueid, username, realm, nasipaddress, nasportid, nasporttype, acctstarttime, acctstoptime, acctsessiontime, acctauthentic, connectinfo_start, connectinfo_stop, acctinputoctets, acctoutputoctets, calledstationid, callingstationid, acctterminatecause, servicetype, framedprotocol, framedipaddress, acctstartdelay, acctstopdelay) VALUES ('%{Acct-Session-Id}', '%{Acct-Unique-Session-Id}', '%{SQL-User-Name}', '%{Realm}', '%{NAS-IP-Address}', '%{NAS-Port}', '%{NAS-Port-Type}', DATE_SUB('%S', INTERVAL (%{%{Acct-Session-Time}:-0} + %{%{Acct-Delay-Time}:-0}) SECOND), '%S', '%{Acct-Session-Time}', '%{Acct-Authentic}', '', '%{Connect-Info}', '%{%{Acct-Input-Gigawords}:-0}' << 32 | '%{%{Acct-Input-Octets}:-0}', '%{%{Acct-Output-Gigawords}:-0}' << 32 | '%{%{Acct-Output-Octets}:-0}', '%{Called-Station-Id}', '%{Calling-Station-Id}', '%{Acct-Terminate-Cause}', '%{Service-Type}', '%{Framed-Protocol}', '%{Framed-IP-Address}', '0', '%{%{Acct-Delay-Time}:-0}')"
group_membership_query = "SELECT groupname FROM radusergroup WHERE username = '%{SQL-User-Name}' ORDER BY priority"
connect_failure_retry_delay = 60
simul_count_query = ""
simul_verify_query = "SELECT radacctid, acctsessionid, username, nasipaddress, nasportid, framedipaddress, callingstationid, framedprotocol FROM radacct WHERE username = '%{SQL-User-Name}' AND acctstoptime IS NULL"
postauth_query = "INSERT INTO radpostauth (username, pass, reply, authdate) VALUES ( '%{User-Name}', '%{%{User-Password}:-%{Chap-Password}}', '%{reply:Packet-Type}', '%S')"
safe-characters = "@abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789.-_: /"
}
rlm_sql (sql): Driver rlm_sql_mysql (module rlm_sql_mysql) loaded and linked
rlm_sql (sql): Attempting to connect to radius at localhost:/radius
rlm_sql (sql): starting 0
rlm_sql (sql): Attempting to connect rlm_sql_mysql #0
rlm_sql_mysql: Starting connect to MySQL server for #0
rlm_sql (sql): Connected new DB handle, #0
rlm_sql (sql): starting 1
rlm_sql (sql): Attempting to connect rlm_sql_mysql #1
rlm_sql_mysql: Starting connect to MySQL server for #1
rlm_sql (sql): Connected new DB handle, #1
rlm_sql (sql): starting 2
rlm_sql (sql): Attempting to connect rlm_sql_mysql #2
rlm_sql_mysql: Starting connect to MySQL server for #2
rlm_sql (sql): Connected new DB handle, #2
rlm_sql (sql): starting 3
rlm_sql (sql): Attempting to connect rlm_sql_mysql #3
rlm_sql_mysql: Starting connect to MySQL server for #3
rlm_sql (sql): Connected new DB handle, #3
rlm_sql (sql): starting 4
rlm_sql (sql): Attempting to connect rlm_sql_mysql #4
rlm_sql_mysql: Starting connect to MySQL server for #4
rlm_sql (sql): Connected new DB handle, #4
rlm_sql (sql): Processing generate_sql_clients
rlm_sql (sql) in generate_sql_clients: query is SELECT id, nasname, shortname, type, secret FROM nas
rlm_sql (sql): Reserving sql socket id: 4
rlm_sql_mysql: query: SELECT id, nasname, shortname, type, secret FROM nas
rlm_sql (sql): Read entry nasname=192.168.1.10,shortname=Cisco_AP,secret=mysecret
rlm_sql (sql): Adding client 192.168.1.10 (Cisco_AP, server=<none>) to clients list
rlm_sql (sql): Read entry nasname=172.31.30.253,shortname=Cisco_AP1231G,secret=mysecret
rlm_sql (sql): Adding client 172.31.30.253 (Cisco_AP1231G, server=<none>) to clients list
rlm_sql (sql): Read entry nasname=172.31.30.248,shortname=Cisco_WS-C2960G-24TC-L,secret=mysecret
rlm_sql (sql): Adding client 172.31.30.248 (Cisco_WS-C2960G-24TC-L, server=<none>) to clients list
rlm_sql (sql): Released sql socket id: 4
Module: Checking session {...} for more modules to load
Module: Checking post-proxy {...} for more modules to load
Module: Checking post-auth {...} for more modules to load
} # modules
} # server
server {
modules {
Module: Checking authenticate {...} for more modules to load
Module: Checking authorize {...} for more modules to load
Module: Linked to module rlm_preprocess
Module: Instantiating preprocess
preprocess {
huntgroups = "/etc/freeradius/huntgroups"
hints = "/etc/freeradius/hints"
with_ascend_hack = no
ascend_channels_per_line = 23
with_ntdomain_hack = no
with_specialix_jetstream_hack = no
with_cisco_vsa_hack = no
with_alvarion_vsa_hack = no
}
Module: Checking preacct {...} for more modules to load
Module: Linked to module rlm_acct_unique
Module: Instantiating acct_unique
acct_unique {
key = "User-Name, Acct-Session-Id, NAS-IP-Address, Client-IP-Address, NAS-Port"
}
Module: Checking accounting {...} for more modules to load
Module: Linked to module rlm_detail
Module: Instantiating detail
detail {
detailfile = "/var/log/freeradius/radacct/%{Client-IP-Address}/detail-%Y%m%d"
header = "%t"
detailperm = 384
dirperm = 493
locking = no
log_packet_header = no
}
Module: Instantiating attr_filter.accounting_response
attr_filter attr_filter.accounting_response {
attrsfile = "/etc/freeradius/attrs.accounting_response"
key = "%{User-Name}"
}
Module: Checking session {...} for more modules to load
Module: Checking post-proxy {...} for more modules to load
Module: Checking post-auth {...} for more modules to load
} # modules
} # server
radiusd: #### Opening IP addresses and Ports ####
listen {
type = "auth"
ipaddr = *
port = 0
}
listen {
type = "acct"
ipaddr = *
port = 0
}
Listening on authentication address * port 1812
Listening on accounting address * port 1813
Listening on proxy address * port 1814
Ready to process requests.
rad_recv: Access-Request packet from host 192.168.1.10 port 1645, id=42, length=168
User-Name = "chris"
Framed-MTU = 1400
Called-Station-Id = "0011.2177.4ad0"
Calling-Station-Id = "001f.3b1c.b52f"
Cisco-AVPair = "ssid=radiustestcisco"
Service-Type = Login-User
Message-Authenticator = 0x22cfd06dc63fecbf514249a82dbde4bc
EAP-Message = 0x0202000a016368726973
NAS-Port-Type = Wireless-802.11
Cisco-NAS-Port = "262"
NAS-Port = 262
NAS-IP-Address = 192.168.1.10
NAS-Identifier = "Cisco_AP"
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
[suffix] No '@' in User-Name = "chris", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] EAP packet type response id 2 length 10
[eap] No EAP Start, assuming it's an on-going EAP conversation
++[eap] returns updated
++[unix] returns notfound
++[files] returns noop
++[expiration] returns noop
++[logintime] returns noop
[pap] WARNING! No "known good" password found for the user. Authentication may fail because of this.
++[pap] returns noop
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] EAP Identity
[eap] processing type tls
[tls] Requiring client certificate
[tls] Initiate
[tls] Start returned 1
++[eap] returns handled
Sending Access-Challenge of id 42 to 192.168.1.10 port 1645
EAP-Message = 0x010300060d20
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x2a57504e2a545dbe928d38fe8a093633
Finished request 0.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 192.168.1.10 port 1645, id=43, length=182
User-Name = "chris"
Framed-MTU = 1400
Called-Station-Id = "0011.2177.4ad0"
Calling-Station-Id = "001f.3b1c.b52f"
Cisco-AVPair = "ssid=radiustestcisco"
Service-Type = Login-User
Message-Authenticator = 0xb4d10334ac7e9423fadf06a64e93148e
EAP-Message = 0x020300060319
NAS-Port-Type = Wireless-802.11
Cisco-NAS-Port = "262"
NAS-Port = 262
State = 0x2a57504e2a545dbe928d38fe8a093633
NAS-IP-Address = 192.168.1.10
NAS-Identifier = "Cisco_AP"
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
[suffix] No '@' in User-Name = "chris", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] EAP packet type response id 3 length 6
[eap] No EAP Start, assuming it's an on-going EAP conversation
++[eap] returns updated
++[unix] returns notfound
++[files] returns noop
++[expiration] returns noop
++[logintime] returns noop
[pap] WARNING! No "known good" password found for the user. Authentication may fail because of this.
++[pap] returns noop
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP NAK
[eap] EAP-NAK asked for EAP-Type/peap
[eap] processing type tls
[tls] Initiate
[tls] Start returned 1
++[eap] returns handled
Sending Access-Challenge of id 43 to 192.168.1.10 port 1645
EAP-Message = 0x010400061920
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x2a57504e2b5349be928d38fe8a093633
Finished request 1.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 192.168.1.10 port 1645, id=44, length=256
User-Name = "chris"
Framed-MTU = 1400
Called-Station-Id = "0011.2177.4ad0"
Calling-Station-Id = "001f.3b1c.b52f"
Cisco-AVPair = "ssid=radiustestcisco"
Service-Type = Login-User
Message-Authenticator = 0x78cb50ec9624393e3ba785cd6a41707a
EAP-Message = 0x0204005019800000004616030100410100003d03014bfec8a9af308f129cd86d09c6f33eecf203e7f6c3aaba167d503a5f626e2b8200001600040005000a000900640062000300060013001200630100
NAS-Port-Type = Wireless-802.11
Cisco-NAS-Port = "262"
NAS-Port = 262
State = 0x2a57504e2b5349be928d38fe8a093633
NAS-IP-Address = 192.168.1.10
NAS-Identifier = "Cisco_AP"
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
[suffix] No '@' in User-Name = "chris", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] EAP packet type response id 4 length 80
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
TLS Length 70
[peap] Length Included
[peap] eaptls_verify returned 11
[peap] (other): before/accept initialization
[peap] TLS_accept: before/accept initialization
[peap] <<< TLS 1.0 Handshake [length 0041], ClientHello
[peap] TLS_accept: SSLv3 read client hello A
[peap] >>> TLS 1.0 Handshake [length 002a], ServerHello
[peap] TLS_accept: SSLv3 write server hello A
[peap] >>> TLS 1.0 Handshake [length 06b2], Certificate
[peap] TLS_accept: SSLv3 write certificate A
[peap] >>> TLS 1.0 Handshake [length 0004], ServerHelloDone
[peap] TLS_accept: SSLv3 write server done A
[peap] TLS_accept: SSLv3 flush data
[peap] TLS_accept: Need to read more data: SSLv3 read client certificate A
In SSL Handshake Phase
In SSL Accept mode
[peap] eaptls_process returned 13
[peap] EAPTLS_HANDLED
++[eap] returns handled
Sending Access-Challenge of id 44 to 192.168.1.10 port 1645
EAP-Message = 0x0105040019c0000006ef160301002a0200002603014bfee4dee0768006b29fde90060810230ebda962e851a9a527405f300df187890000040016030106b20b0006ae0006ab000309308203053082026ea003020102020102300d06092a864886f70d0101050500308195310b3009060355040613024154311630140603550408140d4c6f7765725f4175737472696131143012060355040a130b5363687761626c2e6e657431143012060355040b130b5363687761626c2e6e6574311730150603550403130e5363687761626c2e6e65742d43413129302706092a864886f70d010901161a696330376231353440746563686e696b756d2d7769656e2e
EAP-Message = 0x6174301e170d3130303532333139323131305a170d3131303532333139323131305a307e310b3009060355040613024154311630140603550408140d4c6f7765725f4175737472696131143012060355040a130b5363687761626c2e6e6574311630140603550403130d5261646975732d5365727665723129302706092a864886f70d010901161a696330376231353440746563686e696b756d2d7769656e2e617430819f300d06092a864886f70d010101050003818d0030818902818100c076dfb4ca1826d6f8166a822bf8ef8f05024382a22b0f40cac4d5bcbbeb39b4fea2f247784ad35476e6f15e5d25e1082b7105a216d8b430ecd74ffe12b1
EAP-Message = 0xd7fc89e68e8a4e1958ef92d3015e1fba2b2e8efac20a7d22d90592c2f374e4ce4be5306cdaa61121145f7e8d972778510bfe3c3b58505a041ee26c77da8e70980c1b0203010001a37b307930090603551d1304023000302c06096086480186f842010d041f161d4f70656e53534c2047656e657261746564204365727469666963617465301d0603551d0e04160414a5a0219f3c3ae954e9bcb791eb6669a1bc8db633301f0603551d23041830168014632dc26d8307decc9b180a907e907fe8f19a2cd1300d06092a864886f70d0101050500038181006808aa2a5dd77a9a228ac9c2b82e8fe4e468e45970677657e0288f23601cd5e79208016f4fd2
EAP-Message = 0x0037d0a06fe7d7e61f80ffba10155acf394d621d2ffee66633f1b274668dda7bb38a97f76607758fa0ecdac86e7eb51b49e51f6f4bd472c7a87b9d6a5f538d8c540869c3a79ec56b2cd7da9c494386f76e6dcc77c664a44ca84800039c3082039830820301a003020102020100300d06092a864886f70d0101050500308195310b3009060355040613024154311630140603550408140d4c6f7765725f4175737472696131143012060355040a130b5363687761626c2e6e657431143012060355040b130b5363687761626c2e6e6574311730150603550403130e5363687761626c2e6e65742d43413129302706092a864886f70d010901161a696330
EAP-Message = 0x376231353440746563686e69
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x2a57504e285249be928d38fe8a093633
Finished request 2.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 192.168.1.10 port 1645, id=45, length=182
User-Name = "chris"
Framed-MTU = 1400
Called-Station-Id = "0011.2177.4ad0"
Calling-Station-Id = "001f.3b1c.b52f"
Cisco-AVPair = "ssid=radiustestcisco"
Service-Type = Login-User
Message-Authenticator = 0x698467b0d28c3e269d82c5600b82d950
EAP-Message = 0x020500061900
NAS-Port-Type = Wireless-802.11
Cisco-NAS-Port = "262"
NAS-Port = 262
State = 0x2a57504e285249be928d38fe8a093633
NAS-IP-Address = 192.168.1.10
NAS-Identifier = "Cisco_AP"
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
[suffix] No '@' in User-Name = "chris", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] EAP packet type response id 5 length 6
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
[peap] Received TLS ACK
[peap] ACK handshake fragment handler
[peap] eaptls_verify returned 1
[peap] eaptls_process returned 13
[peap] EAPTLS_HANDLED
++[eap] returns handled
Sending Access-Challenge of id 45 to 192.168.1.10 port 1645
EAP-Message = 0x010602ff19006b756d2d7769656e2e6174301e170d3130303532333138323933335a170d3133303532323138323933335a308195310b3009060355040613024154311630140603550408140d4c6f7765725f4175737472696131143012060355040a130b5363687761626c2e6e657431143012060355040b130b5363687761626c2e6e6574311730150603550403130e5363687761626c2e6e65742d43413129302706092a864886f70d010901161a696330376231353440746563686e696b756d2d7769656e2e617430819f300d06092a864886f70d010101050003818d0030818902818100d305ff986137a39af2a65dfbe42d90c224442cf302d6f1
EAP-Message = 0x7249eab3c9cb0915a470d7553391ac03c815960288d42f632360d53b6837e9a9f5fa3e33726400c94f9d5a20fc360fd7c3bef040082dc27fdbc6106f51451e9985926d0efcf101989391ec314fee1499c34215e9c6cf8a0dcc60034b434f650efd2c13bf3a8757d2d10203010001a381f53081f2301d0603551d0e04160414632dc26d8307decc9b180a907e907fe8f19a2cd13081c20603551d230481ba3081b78014632dc26d8307decc9b180a907e907fe8f19a2cd1a1819ba48198308195310b3009060355040613024154311630140603550408140d4c6f7765725f4175737472696131143012060355040a130b5363687761626c2e6e65743114
EAP-Message = 0x3012060355040b130b5363687761626c2e6e6574311730150603550403130e5363687761626c2e6e65742d43413129302706092a864886f70d010901161a696330376231353440746563686e696b756d2d7769656e2e6174820100300c0603551d13040530030101ff300d06092a864886f70d0101050500038181009236a8cf95590161376d1becd4213648842298bbe09648a6263465ed08b5325268c5aa5d9fd5fb32319377fe81bfce29f8ad9f9241f35be74d8fbef2a1c29239e97e6835400816845639a076e1f95301d37ce8b3fca6c5b5d3bed63d2f6fe3f5cb1c8648783d01283680551056ea2d919a46c1d98be744b2b65a0834e8f2d25c16
EAP-Message = 0x030100040e000000
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x2a57504e295149be928d38fe8a093633
Finished request 3.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 192.168.1.10 port 1645, id=46, length=368
User-Name = "chris"
Framed-MTU = 1400
Called-Station-Id = "0011.2177.4ad0"
Calling-Station-Id = "001f.3b1c.b52f"
Cisco-AVPair = "ssid=radiustestcisco"
Service-Type = Login-User
Message-Authenticator = 0xfe04315ca4d84902dd13a58bd71dd7f0
EAP-Message = 0x020600c01980000000b61603010086100000820080a1a442990f66d32b18c6d054886e412902b439cba985eb63f7809bd8394649c93227fbdf089e3f5fef1ff748eee9553341cae08a11fa26a926dd04b973b96b249f51adee496b933ba5bbdd1959f7e4f0d878237f7f859d7e8116e2adf304359fe4ed8b26f7cb678b082ecd50b9e5bba62494cea3c11c6e51f34df4abaefc15ae1403010001011603010020241c787022411a0acff94053f3f00d5a92194ea21d88d6bfcd1700489b165eb2
NAS-Port-Type = Wireless-802.11
Cisco-NAS-Port = "262"
NAS-Port = 262
State = 0x2a57504e295149be928d38fe8a093633
NAS-IP-Address = 192.168.1.10
NAS-Identifier = "Cisco_AP"
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
[suffix] No '@' in User-Name = "chris", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] EAP packet type response id 6 length 192
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
TLS Length 182
[peap] Length Included
[peap] eaptls_verify returned 11
[peap] <<< TLS 1.0 Handshake [length 0086], ClientKeyExchange
[peap] TLS_accept: SSLv3 read client key exchange A
[peap] <<< TLS 1.0 ChangeCipherSpec [length 0001]
[peap] <<< TLS 1.0 Handshake [length 0010], Finished
[peap] TLS_accept: SSLv3 read finished A
[peap] >>> TLS 1.0 ChangeCipherSpec [length 0001]
[peap] TLS_accept: SSLv3 write change cipher spec A
[peap] >>> TLS 1.0 Handshake [length 0010], Finished
[peap] TLS_accept: SSLv3 write finished A
[peap] TLS_accept: SSLv3 flush data
[peap] (other): SSL negotiation finished successfully
SSL Connection Established
[peap] eaptls_process returned 13
[peap] EAPTLS_HANDLED
++[eap] returns handled
Sending Access-Challenge of id 46 to 192.168.1.10 port 1645
EAP-Message = 0x010700311900140301000101160301002083c7875a3344c6050c92fcd8e88972a8f8b0ddefc984dad1d20df2671a823f74
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x2a57504e2e5049be928d38fe8a093633
Finished request 4.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 192.168.1.10 port 1645, id=47, length=182
User-Name = "chris"
Framed-MTU = 1400
Called-Station-Id = "0011.2177.4ad0"
Calling-Station-Id = "001f.3b1c.b52f"
Cisco-AVPair = "ssid=radiustestcisco"
Service-Type = Login-User
Message-Authenticator = 0xfe1cc5aea07c71076eb9d75df14f9fa1
EAP-Message = 0x020700061900
NAS-Port-Type = Wireless-802.11
Cisco-NAS-Port = "262"
NAS-Port = 262
State = 0x2a57504e2e5049be928d38fe8a093633
NAS-IP-Address = 192.168.1.10
NAS-Identifier = "Cisco_AP"
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
[suffix] No '@' in User-Name = "chris", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] EAP packet type response id 7 length 6
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
[peap] Received TLS ACK
[peap] ACK handshake is finished
[peap] eaptls_verify returned 3
[peap] eaptls_process returned 3
[peap] EAPTLS_SUCCESS
++[eap] returns handled
Sending Access-Challenge of id 47 to 192.168.1.10 port 1645
EAP-Message = 0x010800201900170301001537b1ff16f2991962d9e5cdd6622dba1795f0d966f5
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x2a57504e2f5f49be928d38fe8a093633
Finished request 5.
Going to the next request
Waking up in 4.8 seconds.
rad_recv: Access-Request packet from host 192.168.1.10 port 1645, id=48, length=209
User-Name = "chris"
Framed-MTU = 1400
Called-Station-Id = "0011.2177.4ad0"
Calling-Station-Id = "001f.3b1c.b52f"
Cisco-AVPair = "ssid=radiustestcisco"
Service-Type = Login-User
Message-Authenticator = 0x95f51b2629c891e1d9f2ff4c523e59f2
EAP-Message = 0x0208002119001703010016d5c2538464285a414d16c0bf45604e1b2d80578d883d
NAS-Port-Type = Wireless-802.11
Cisco-NAS-Port = "262"
NAS-Port = 262
State = 0x2a57504e2f5f49be928d38fe8a093633
NAS-IP-Address = 192.168.1.10
NAS-Identifier = "Cisco_AP"
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
[suffix] No '@' in User-Name = "chris", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] EAP packet type response id 8 length 33
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
[peap] eaptls_verify returned 7
[peap] Done initial handshake
[peap] eaptls_process returned 7
[peap] EAPTLS_OK
[peap] Session established. Decoding tunneled attributes.
[peap] Identity - chris
[peap] Got tunneled request
EAP-Message = 0x0208000a016368726973
server {
PEAP: Got tunneled identity of chris
PEAP: Setting default EAP type for tunneled EAP session.
PEAP: Setting User-Name to chris
Sending tunneled request
EAP-Message = 0x0208000a016368726973
FreeRADIUS-Proxied-To = 127.0.0.1
User-Name = "chris"
server inner-tunnel {
+- entering group authorize {...}
++[chap] returns noop
++[mschap] returns noop
++[unix] returns notfound
[suffix] No '@' in User-Name = "chris", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
++[control] returns noop
[eap] EAP packet type response id 8 length 10
[eap] No EAP Start, assuming it's an on-going EAP conversation
++[eap] returns updated
++[files] returns noop
[sql] expand: %{User-Name} -> chris
[sql] sql_set_user escaped user --> 'chris'
rlm_sql (sql): Reserving sql socket id: 3
[sql] expand: SELECT id, username, attribute, value, op FROM radcheck WHERE username = '%{SQL-User-Name}' ORDER BY id -> SELECT id, username, attribute, value, op FROM radcheck WHERE username = 'chris' ORDER BY id
rlm_sql_mysql: query: SELECT id, username, attribute, value, op FROM radcheck WHERE username = 'chris' ORDER BY id
[sql] expand: SELECT groupname FROM radusergroup WHERE username = '%{SQL-User-Name}' ORDER BY priority -> SELECT groupname FROM radusergroup WHERE username = 'chris' ORDER BY priority
rlm_sql_mysql: query: SELECT groupname FROM radusergroup WHERE username = 'chris' ORDER BY priority
rlm_sql (sql): Released sql socket id: 3
[sql] User chris not found
++[sql] returns notfound
++[expiration] returns noop
++[logintime] returns noop
++[pap] returns noop
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] EAP Identity
[eap] processing type mschapv2
rlm_eap_mschapv2: Issuing Challenge
++[eap] returns handled
} # server inner-tunnel
[peap] Got tunneled reply code 11
EAP-Message = 0x0109001f1a0109001a1079f5c25544b00bc0f15b8fbc43a40c3e6368726973
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x4142dcbf414bc68e27f56993db94fcab
[peap] Got tunneled reply RADIUS code 11
EAP-Message = 0x0109001f1a0109001a1079f5c25544b00bc0f15b8fbc43a40c3e6368726973
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x4142dcbf414bc68e27f56993db94fcab
[peap] Got tunneled Access-Challenge
++[eap] returns handled
Sending Access-Challenge of id 48 to 192.168.1.10 port 1645
EAP-Message = 0x010900361900170301002b805c707b1f70c6625534c3c2a6e26434026db66d4fdcd89d27ec4a257d2b6ce559622dcda979ce1bfcb4b3
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x2a57504e2c5e49be928d38fe8a093633
Finished request 6.
Going to the next request
Waking up in 4.8 seconds.
rad_recv: Access-Request packet from host 192.168.1.10 port 1645, id=49, length=263
User-Name = "chris"
Framed-MTU = 1400
Called-Station-Id = "0011.2177.4ad0"
Calling-Station-Id = "001f.3b1c.b52f"
Cisco-AVPair = "ssid=radiustestcisco"
Service-Type = Login-User
Message-Authenticator = 0xce135006c1f2580cee501a2249444c19
EAP-Message = 0x020900571900170301004c8f55f00e9d272d8ace2d0de9dc62a696b94e82c97e870dc87471faa7bbcc3e92640458000deec8d1e3626335f91cde205ad6ee999c5e642f8dd3efcf1e7df7eb68ab248084208aebde9a4437
NAS-Port-Type = Wireless-802.11
Cisco-NAS-Port = "262"
NAS-Port = 262
State = 0x2a57504e2c5e49be928d38fe8a093633
NAS-IP-Address = 192.168.1.10
NAS-Identifier = "Cisco_AP"
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
[suffix] No '@' in User-Name = "chris", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] EAP packet type response id 9 length 87
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
[peap] eaptls_verify returned 7
[peap] Done initial handshake
[peap] eaptls_process returned 7
[peap] EAPTLS_OK
[peap] Session established. Decoding tunneled attributes.
[peap] EAP type mschapv2
[peap] Got tunneled request
EAP-Message = 0x020900401a0209003b31d9895626ae505b45cc1d66c2c280a51b0000000000000000616262f28d61e3200b280fb86915d4249cda5ce81cb0eb85006368726973
server {
PEAP: Setting User-Name to chris
Sending tunneled request
EAP-Message = 0x020900401a0209003b31d9895626ae505b45cc1d66c2c280a51b0000000000000000616262f28d61e3200b280fb86915d4249cda5ce81cb0eb85006368726973
FreeRADIUS-Proxied-To = 127.0.0.1
User-Name = "chris"
State = 0x4142dcbf414bc68e27f56993db94fcab
server inner-tunnel {
+- entering group authorize {...}
++[chap] returns noop
++[mschap] returns noop
++[unix] returns notfound
[suffix] No '@' in User-Name = "chris", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
++[control] returns noop
[eap] EAP packet type response id 9 length 64
[eap] No EAP Start, assuming it's an on-going EAP conversation
++[eap] returns updated
++[files] returns noop
[sql] expand: %{User-Name} -> chris
[sql] sql_set_user escaped user --> 'chris'
rlm_sql (sql): Reserving sql socket id: 2
[sql] expand: SELECT id, username, attribute, value, op FROM radcheck WHERE username = '%{SQL-User-Name}' ORDER BY id -> SELECT id, username, attribute, value, op FROM radcheck WHERE username = 'chris' ORDER BY id
rlm_sql_mysql: query: SELECT id, username, attribute, value, op FROM radcheck WHERE username = 'chris' ORDER BY id
[sql] expand: SELECT groupname FROM radusergroup WHERE username = '%{SQL-User-Name}' ORDER BY priority -> SELECT groupname FROM radusergroup WHERE username = 'chris' ORDER BY priority
rlm_sql_mysql: query: SELECT groupname FROM radusergroup WHERE username = 'chris' ORDER BY priority
rlm_sql (sql): Released sql socket id: 2
[sql] User chris not found
++[sql] returns notfound
++[expiration] returns noop
++[logintime] returns noop
++[pap] returns noop
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/mschapv2
[eap] processing type mschapv2
[mschapv2] +- entering group MS-CHAP {...}
[mschap] No Cleartext-Password configured. Cannot create LM-Password.
[mschap] No Cleartext-Password configured. Cannot create NT-Password.
[mschap] Told to do MS-CHAPv2 for chris with NT-Password
[mschap] FAILED: No NT/LM-Password. Cannot perform authentication.
[mschap] FAILED: MS-CHAP2-Response is incorrect
++[mschap] returns reject
[eap] Freeing handler
++[eap] returns reject
Failed to authenticate the user.
} # server inner-tunnel
[peap] Got tunneled reply code 3
MS-CHAP-Error = "\tE=691 R=1"
EAP-Message = 0x04090004
Message-Authenticator = 0x00000000000000000000000000000000
[peap] Got tunneled reply RADIUS code 3
MS-CHAP-Error = "\tE=691 R=1"
EAP-Message = 0x04090004
Message-Authenticator = 0x00000000000000000000000000000000
[peap] Tunneled authentication was rejected.
[peap] FAILURE
++[eap] returns handled
Sending Access-Challenge of id 49 to 192.168.1.10 port 1645
EAP-Message = 0x010a00261900170301001b9c07a0c0242faf6113db6baa2b33210089aa118dfbbb9751b1cd6d
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x2a57504e2d5d49be928d38fe8a093633
Finished request 7.
Going to the next request
Waking up in 4.8 seconds.
rad_recv: Access-Request packet from host 192.168.1.10 port 1645, id=50, length=214
User-Name = "chris"
Framed-MTU = 1400
Called-Station-Id = "0011.2177.4ad0"
Calling-Station-Id = "001f.3b1c.b52f"
Cisco-AVPair = "ssid=radiustestcisco"
Service-Type = Login-User
Message-Authenticator = 0xc639c2cc4551af2bc718150dfa60f892
EAP-Message = 0x020a00261900170301001b0ce6b16ef513e3b7e6393c2ae7004cf9a398eca7c5d1bd3ab24656
NAS-Port-Type = Wireless-802.11
Cisco-NAS-Port = "262"
NAS-Port = 262
State = 0x2a57504e2d5d49be928d38fe8a093633
NAS-IP-Address = 192.168.1.10
NAS-Identifier = "Cisco_AP"
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
[suffix] No '@' in User-Name = "chris", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] EAP packet type response id 10 length 38
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
[peap] eaptls_verify returned 7
[peap] Done initial handshake
[peap] eaptls_process returned 7
[peap] EAPTLS_OK
[peap] Session established. Decoding tunneled attributes.
[peap] Received EAP-TLV response.
[peap] Had sent TLV failure. User was rejected earlier in this session.
[eap] Handler failed in EAP/peap
[eap] Failed in EAP select
++[eap] returns invalid
Failed to authenticate the user.
Using Post-Auth-Type Reject
+- entering group REJECT {...}
[attr_filter.access_reject] expand: %{User-Name} -> chris
attr_filter: Matched entry DEFAULT at line 11
++[attr_filter.access_reject] returns updated
Delaying reject of request 8 for 1 seconds
Going to the next request
Waking up in 0.9 seconds.
Sending delayed reject for request 8
Sending Access-Reject of id 50 to 192.168.1.10 port 1645
EAP-Message = 0x040a0004
Message-Authenticator = 0x00000000000000000000000000000000
Waking up in 3.7 seconds.
Cleaning up request 0 ID 42 with timestamp +9
Cleaning up request 1 ID 43 with timestamp +9
Cleaning up request 2 ID 44 with timestamp +9
Cleaning up request 3 ID 45 with timestamp +9
Cleaning up request 4 ID 46 with timestamp +9
Cleaning up request 5 ID 47 with timestamp +9
Cleaning up request 6 ID 48 with timestamp +9
Cleaning up request 7 ID 49 with timestamp +10
Waking up in 0.9 seconds.
Cleaning up request 8 ID 50 with timestamp +10
Ready to process requests.
rad_recv: Access-Request packet from host 192.168.1.10 port 1645, id=51, length=174
User-Name = "chrissql"
Framed-MTU = 1400
Called-Station-Id = "0011.2177.4ad0"
Calling-Station-Id = "001f.3b1c.b52f"
Cisco-AVPair = "ssid=radiustestcisco"
Service-Type = Login-User
Message-Authenticator = 0xc37cf023eb2115ac9cdeb0c30aca92ee
EAP-Message = 0x0202000d01636872697373716c
NAS-Port-Type = Wireless-802.11
Cisco-NAS-Port = "263"
NAS-Port = 263
NAS-IP-Address = 192.168.1.10
NAS-Identifier = "Cisco_AP"
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
[suffix] No '@' in User-Name = "chrissql", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] EAP packet type response id 2 length 13
[eap] No EAP Start, assuming it's an on-going EAP conversation
++[eap] returns updated
++[unix] returns notfound
++[files] returns noop
++[expiration] returns noop
++[logintime] returns noop
[pap] WARNING! No "known good" password found for the user. Authentication may fail because of this.
++[pap] returns noop
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] EAP Identity
[eap] processing type tls
[tls] Requiring client certificate
[tls] Initiate
[tls] Start returned 1
++[eap] returns handled
Sending Access-Challenge of id 51 to 192.168.1.10 port 1645
EAP-Message = 0x010300060d20
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xff17d477ff14d96bf87c1a0825a175c5
Finished request 9.
Going to the next request
Waking up in 4.10 seconds.
rad_recv: Access-Request packet from host 192.168.1.10 port 1645, id=52, length=185
User-Name = "chrissql"
Framed-MTU = 1400
Called-Station-Id = "0011.2177.4ad0"
Calling-Station-Id = "001f.3b1c.b52f"
Cisco-AVPair = "ssid=radiustestcisco"
Service-Type = Login-User
Message-Authenticator = 0xf9712edb6aafa44cabbcb1ddd7f55cbb
EAP-Message = 0x020300060319
NAS-Port-Type = Wireless-802.11
Cisco-NAS-Port = "263"
NAS-Port = 263
State = 0xff17d477ff14d96bf87c1a0825a175c5
NAS-IP-Address = 192.168.1.10
NAS-Identifier = "Cisco_AP"
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
[suffix] No '@' in User-Name = "chrissql", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] EAP packet type response id 3 length 6
[eap] No EAP Start, assuming it's an on-going EAP conversation
++[eap] returns updated
++[unix] returns notfound
++[files] returns noop
++[expiration] returns noop
++[logintime] returns noop
[pap] WARNING! No "known good" password found for the user. Authentication may fail because of this.
++[pap] returns noop
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP NAK
[eap] EAP-NAK asked for EAP-Type/peap
[eap] processing type tls
[tls] Initiate
[tls] Start returned 1
++[eap] returns handled
Sending Access-Challenge of id 52 to 192.168.1.10 port 1645
EAP-Message = 0x010400061920
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xff17d477fe13cd6bf87c1a0825a175c5
Finished request 10.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 192.168.1.10 port 1645, id=53, length=259
User-Name = "chrissql"
Framed-MTU = 1400
Called-Station-Id = "0011.2177.4ad0"
Calling-Station-Id = "001f.3b1c.b52f"
Cisco-AVPair = "ssid=radiustestcisco"
Service-Type = Login-User
Message-Authenticator = 0x272e8560693d346925faeb50ac6100f5
EAP-Message = 0x0204005019800000004616030100410100003d03014bfec8b1333e79f791a11bc64753d36384cea40262b2270174ae0abc45f5677e00001600040005000a000900640062000300060013001200630100
NAS-Port-Type = Wireless-802.11
Cisco-NAS-Port = "263"
NAS-Port = 263
State = 0xff17d477fe13cd6bf87c1a0825a175c5
NAS-IP-Address = 192.168.1.10
NAS-Identifier = "Cisco_AP"
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
[suffix] No '@' in User-Name = "chrissql", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] EAP packet type response id 4 length 80
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
TLS Length 70
[peap] Length Included
[peap] eaptls_verify returned 11
[peap] (other): before/accept initialization
[peap] TLS_accept: before/accept initialization
[peap] <<< TLS 1.0 Handshake [length 0041], ClientHello
[peap] TLS_accept: SSLv3 read client hello A
[peap] >>> TLS 1.0 Handshake [length 002a], ServerHello
[peap] TLS_accept: SSLv3 write server hello A
[peap] >>> TLS 1.0 Handshake [length 06b2], Certificate
[peap] TLS_accept: SSLv3 write certificate A
[peap] >>> TLS 1.0 Handshake [length 0004], ServerHelloDone
[peap] TLS_accept: SSLv3 write server done A
[peap] TLS_accept: SSLv3 flush data
[peap] TLS_accept: Need to read more data: SSLv3 read client certificate A
In SSL Handshake Phase
In SSL Accept mode
[peap] eaptls_process returned 13
[peap] EAPTLS_HANDLED
++[eap] returns handled
Sending Access-Challenge of id 53 to 192.168.1.10 port 1645
EAP-Message = 0x0105040019c0000006ef160301002a0200002603014bfee4e768ff790f16fa3eb962dee6d2e9cec08b5d7128a63a392713a6bd12e00000040016030106b20b0006ae0006ab000309308203053082026ea003020102020102300d06092a864886f70d0101050500308195310b3009060355040613024154311630140603550408140d4c6f7765725f4175737472696131143012060355040a130b5363687761626c2e6e657431143012060355040b130b5363687761626c2e6e6574311730150603550403130e5363687761626c2e6e65742d43413129302706092a864886f70d010901161a696330376231353440746563686e696b756d2d7769656e2e
EAP-Message = 0x6174301e170d3130303532333139323131305a170d3131303532333139323131305a307e310b3009060355040613024154311630140603550408140d4c6f7765725f4175737472696131143012060355040a130b5363687761626c2e6e6574311630140603550403130d5261646975732d5365727665723129302706092a864886f70d010901161a696330376231353440746563686e696b756d2d7769656e2e617430819f300d06092a864886f70d010101050003818d0030818902818100c076dfb4ca1826d6f8166a822bf8ef8f05024382a22b0f40cac4d5bcbbeb39b4fea2f247784ad35476e6f15e5d25e1082b7105a216d8b430ecd74ffe12b1
EAP-Message = 0xd7fc89e68e8a4e1958ef92d3015e1fba2b2e8efac20a7d22d90592c2f374e4ce4be5306cdaa61121145f7e8d972778510bfe3c3b58505a041ee26c77da8e70980c1b0203010001a37b307930090603551d1304023000302c06096086480186f842010d041f161d4f70656e53534c2047656e657261746564204365727469666963617465301d0603551d0e04160414a5a0219f3c3ae954e9bcb791eb6669a1bc8db633301f0603551d23041830168014632dc26d8307decc9b180a907e907fe8f19a2cd1300d06092a864886f70d0101050500038181006808aa2a5dd77a9a228ac9c2b82e8fe4e468e45970677657e0288f23601cd5e79208016f4fd2
EAP-Message = 0x0037d0a06fe7d7e61f80ffba10155acf394d621d2ffee66633f1b274668dda7bb38a97f76607758fa0ecdac86e7eb51b49e51f6f4bd472c7a87b9d6a5f538d8c540869c3a79ec56b2cd7da9c494386f76e6dcc77c664a44ca84800039c3082039830820301a003020102020100300d06092a864886f70d0101050500308195310b3009060355040613024154311630140603550408140d4c6f7765725f4175737472696131143012060355040a130b5363687761626c2e6e657431143012060355040b130b5363687761626c2e6e6574311730150603550403130e5363687761626c2e6e65742d43413129302706092a864886f70d010901161a696330
EAP-Message = 0x376231353440746563686e69
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xff17d477fd12cd6bf87c1a0825a175c5
Finished request 11.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 192.168.1.10 port 1645, id=54, length=185
User-Name = "chrissql"
Framed-MTU = 1400
Called-Station-Id = "0011.2177.4ad0"
Calling-Station-Id = "001f.3b1c.b52f"
Cisco-AVPair = "ssid=radiustestcisco"
Service-Type = Login-User
Message-Authenticator = 0x3a801c737ba960f10447e9735062e395
EAP-Message = 0x020500061900
NAS-Port-Type = Wireless-802.11
Cisco-NAS-Port = "263"
NAS-Port = 263
State = 0xff17d477fd12cd6bf87c1a0825a175c5
NAS-IP-Address = 192.168.1.10
NAS-Identifier = "Cisco_AP"
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
[suffix] No '@' in User-Name = "chrissql", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] EAP packet type response id 5 length 6
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
[peap] Received TLS ACK
[peap] ACK handshake fragment handler
[peap] eaptls_verify returned 1
[peap] eaptls_process returned 13
[peap] EAPTLS_HANDLED
++[eap] returns handled
Sending Access-Challenge of id 54 to 192.168.1.10 port 1645
EAP-Message = 0x010602ff19006b756d2d7769656e2e6174301e170d3130303532333138323933335a170d3133303532323138323933335a308195310b3009060355040613024154311630140603550408140d4c6f7765725f4175737472696131143012060355040a130b5363687761626c2e6e657431143012060355040b130b5363687761626c2e6e6574311730150603550403130e5363687761626c2e6e65742d43413129302706092a864886f70d010901161a696330376231353440746563686e696b756d2d7769656e2e617430819f300d06092a864886f70d010101050003818d0030818902818100d305ff986137a39af2a65dfbe42d90c224442cf302d6f1
EAP-Message = 0x7249eab3c9cb0915a470d7553391ac03c815960288d42f632360d53b6837e9a9f5fa3e33726400c94f9d5a20fc360fd7c3bef040082dc27fdbc6106f51451e9985926d0efcf101989391ec314fee1499c34215e9c6cf8a0dcc60034b434f650efd2c13bf3a8757d2d10203010001a381f53081f2301d0603551d0e04160414632dc26d8307decc9b180a907e907fe8f19a2cd13081c20603551d230481ba3081b78014632dc26d8307decc9b180a907e907fe8f19a2cd1a1819ba48198308195310b3009060355040613024154311630140603550408140d4c6f7765725f4175737472696131143012060355040a130b5363687761626c2e6e65743114
EAP-Message = 0x3012060355040b130b5363687761626c2e6e6574311730150603550403130e5363687761626c2e6e65742d43413129302706092a864886f70d010901161a696330376231353440746563686e696b756d2d7769656e2e6174820100300c0603551d13040530030101ff300d06092a864886f70d0101050500038181009236a8cf95590161376d1becd4213648842298bbe09648a6263465ed08b5325268c5aa5d9fd5fb32319377fe81bfce29f8ad9f9241f35be74d8fbef2a1c29239e97e6835400816845639a076e1f95301d37ce8b3fca6c5b5d3bed63d2f6fe3f5cb1c8648783d01283680551056ea2d919a46c1d98be744b2b65a0834e8f2d25c16
EAP-Message = 0x030100040e000000
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xff17d477fc11cd6bf87c1a0825a175c5
Finished request 12.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 192.168.1.10 port 1645, id=55, length=371
User-Name = "chrissql"
Framed-MTU = 1400
Called-Station-Id = "0011.2177.4ad0"
Calling-Station-Id = "001f.3b1c.b52f"
Cisco-AVPair = "ssid=radiustestcisco"
Service-Type = Login-User
Message-Authenticator = 0x8b1bb6cac177c15b40722b18b1fd8a1f
EAP-Message = 0x020600c01980000000b616030100861000008200802395ae24d1a20b9353404e5bef9ec4ad7eb7adae1d2cafd1503148374d8a65128e452779378ac55ecbf917a2e858aca61df080c0287bfd5a4c3b68d5e20493accb156d3273352dc78541313650fce6ec5a1964322a78680f80bcbca3efdb20e822eea0c3979bb48f7285d7ade8dd6f7809c1efa22289920be909a45887339d2014030100010116030100206a52fc4373defc01cf675e2bda5231cd7fd9aa0801d4baa12125c66c13128842
NAS-Port-Type = Wireless-802.11
Cisco-NAS-Port = "263"
NAS-Port = 263
State = 0xff17d477fc11cd6bf87c1a0825a175c5
NAS-IP-Address = 192.168.1.10
NAS-Identifier = "Cisco_AP"
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
[suffix] No '@' in User-Name = "chrissql", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] EAP packet type response id 6 length 192
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
TLS Length 182
[peap] Length Included
[peap] eaptls_verify returned 11
[peap] <<< TLS 1.0 Handshake [length 0086], ClientKeyExchange
[peap] TLS_accept: SSLv3 read client key exchange A
[peap] <<< TLS 1.0 ChangeCipherSpec [length 0001]
[peap] <<< TLS 1.0 Handshake [length 0010], Finished
[peap] TLS_accept: SSLv3 read finished A
[peap] >>> TLS 1.0 ChangeCipherSpec [length 0001]
[peap] TLS_accept: SSLv3 write change cipher spec A
[peap] >>> TLS 1.0 Handshake [length 0010], Finished
[peap] TLS_accept: SSLv3 write finished A
[peap] TLS_accept: SSLv3 flush data
[peap] (other): SSL negotiation finished successfully
SSL Connection Established
[peap] eaptls_process returned 13
[peap] EAPTLS_HANDLED
++[eap] returns handled
Sending Access-Challenge of id 55 to 192.168.1.10 port 1645
EAP-Message = 0x0107003119001403010001011603010020e130bde14f6eefa1110355ca0c0e0f68ca66204ef12fae48f914abe84b91c06a
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xff17d477fb10cd6bf87c1a0825a175c5
Finished request 13.
Going to the next request
Waking up in 4.8 seconds.
rad_recv: Access-Request packet from host 192.168.1.10 port 1645, id=56, length=185
User-Name = "chrissql"
Framed-MTU = 1400
Called-Station-Id = "0011.2177.4ad0"
Calling-Station-Id = "001f.3b1c.b52f"
Cisco-AVPair = "ssid=radiustestcisco"
Service-Type = Login-User
Message-Authenticator = 0xd025603cedc5734c4c8781e910e1804a
EAP-Message = 0x020700061900
NAS-Port-Type = Wireless-802.11
Cisco-NAS-Port = "263"
NAS-Port = 263
State = 0xff17d477fb10cd6bf87c1a0825a175c5
NAS-IP-Address = 192.168.1.10
NAS-Identifier = "Cisco_AP"
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
[suffix] No '@' in User-Name = "chrissql", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] EAP packet type response id 7 length 6
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
[peap] Received TLS ACK
[peap] ACK handshake is finished
[peap] eaptls_verify returned 3
[peap] eaptls_process returned 3
[peap] EAPTLS_SUCCESS
++[eap] returns handled
Sending Access-Challenge of id 56 to 192.168.1.10 port 1645
EAP-Message = 0x0108002019001703010015b85297a41f7429d4aec9b730b423f7215cd88e2e31
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xff17d477fa1fcd6bf87c1a0825a175c5
Finished request 14.
Going to the next request
Waking up in 4.8 seconds.
rad_recv: Access-Request packet from host 192.168.1.10 port 1645, id=57, length=215
User-Name = "chrissql"
Framed-MTU = 1400
Called-Station-Id = "0011.2177.4ad0"
Calling-Station-Id = "001f.3b1c.b52f"
Cisco-AVPair = "ssid=radiustestcisco"
Service-Type = Login-User
Message-Authenticator = 0x870714066e246f79ca03ea191f2c1a75
EAP-Message = 0x0208002419001703010019f429c37d3b6f891847c78afaad5d27dd0656b071aa6702656d
NAS-Port-Type = Wireless-802.11
Cisco-NAS-Port = "263"
NAS-Port = 263
State = 0xff17d477fa1fcd6bf87c1a0825a175c5
NAS-IP-Address = 192.168.1.10
NAS-Identifier = "Cisco_AP"
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
[suffix] No '@' in User-Name = "chrissql", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] EAP packet type response id 8 length 36
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
[peap] eaptls_verify returned 7
[peap] Done initial handshake
[peap] eaptls_process returned 7
[peap] EAPTLS_OK
[peap] Session established. Decoding tunneled attributes.
[peap] Identity - chrissql
[peap] Got tunneled request
EAP-Message = 0x0208000d01636872697373716c
server {
PEAP: Got tunneled identity of chrissql
PEAP: Setting default EAP type for tunneled EAP session.
PEAP: Setting User-Name to chrissql
Sending tunneled request
EAP-Message = 0x0208000d01636872697373716c
FreeRADIUS-Proxied-To = 127.0.0.1
User-Name = "chrissql"
server inner-tunnel {
+- entering group authorize {...}
++[chap] returns noop
++[mschap] returns noop
++[unix] returns notfound
[suffix] No '@' in User-Name = "chrissql", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
++[control] returns noop
[eap] EAP packet type response id 8 length 13
[eap] No EAP Start, assuming it's an on-going EAP conversation
++[eap] returns updated
++[files] returns noop
[sql] expand: %{User-Name} -> chrissql
[sql] sql_set_user escaped user --> 'chrissql'
rlm_sql (sql): Reserving sql socket id: 1
[sql] expand: SELECT id, username, attribute, value, op FROM radcheck WHERE username = '%{SQL-User-Name}' ORDER BY id -> SELECT id, username, attribute, value, op FROM radcheck WHERE username = 'chrissql' ORDER BY id
rlm_sql_mysql: query: SELECT id, username, attribute, value, op FROM radcheck WHERE username = 'chrissql' ORDER BY id
[sql] User found in radcheck table
[sql] expand: SELECT id, username, attribute, value, op FROM radreply WHERE username = '%{SQL-User-Name}' ORDER BY id -> SELECT id, username, attribute, value, op FROM radreply WHERE username = 'chrissql' ORDER BY id
rlm_sql_mysql: query: SELECT id, username, attribute, value, op FROM radreply WHERE username = 'chrissql' ORDER BY id
[sql] expand: SELECT groupname FROM radusergroup WHERE username = '%{SQL-User-Name}' ORDER BY priority -> SELECT groupname FROM radusergroup WHERE username = 'chrissql' ORDER BY priority
rlm_sql_mysql: query: SELECT groupname FROM radusergroup WHERE username = 'chrissql' ORDER BY priority
rlm_sql (sql): Released sql socket id: 1
++[sql] returns ok
++[expiration] returns noop
++[logintime] returns noop
[pap] Found existing Auth-Type, not changing it.
++[pap] returns noop
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] EAP Identity
[eap] processing type mschapv2
rlm_eap_mschapv2: Issuing Challenge
++[eap] returns handled
} # server inner-tunnel
[peap] Got tunneled reply code 11
EAP-Message = 0x010900221a0109001d10030bdc79736f264c6b0531cc631e8837636872697373716c
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xd7164b7bd71f51be0f03eeb40678ccfd
[peap] Got tunneled reply RADIUS code 11
EAP-Message = 0x010900221a0109001d10030bdc79736f264c6b0531cc631e8837636872697373716c
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xd7164b7bd71f51be0f03eeb40678ccfd
[peap] Got tunneled Access-Challenge
++[eap] returns handled
Sending Access-Challenge of id 57 to 192.168.1.10 port 1645
EAP-Message = 0x010900391900170301002e51c4a2f80ecc00bedba258308b49f01ecdae23669f6097ace8d2acd60afb54b523521dd1146554d5eedbf32466e0
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xff17d477f91ecd6bf87c1a0825a175c5
Finished request 15.
Going to the next request
Waking up in 4.8 seconds.
rad_recv: Access-Request packet from host 192.168.1.10 port 1645, id=58, length=269
User-Name = "chrissql"
Framed-MTU = 1400
Called-Station-Id = "0011.2177.4ad0"
Calling-Station-Id = "001f.3b1c.b52f"
Cisco-AVPair = "ssid=radiustestcisco"
Service-Type = Login-User
Message-Authenticator = 0xd8ae10fe6680baa4991a9b08e02c3e49
EAP-Message = 0x0209005a1900170301004f0b8c081f44aad3068c1e57be1d85784e9880f1d99f54961b6c776ce302093d60d0d587b05a91ef93606a31b9dfadb049c20eb13d83a08f61c2c0457ce15503187dde2201de9cffd9ceab8dfb879c2a
NAS-Port-Type = Wireless-802.11
Cisco-NAS-Port = "263"
NAS-Port = 263
State = 0xff17d477f91ecd6bf87c1a0825a175c5
NAS-IP-Address = 192.168.1.10
NAS-Identifier = "Cisco_AP"
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
[suffix] No '@' in User-Name = "chrissql", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] EAP packet type response id 9 length 90
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
[peap] eaptls_verify returned 7
[peap] Done initial handshake
[peap] eaptls_process returned 7
[peap] EAPTLS_OK
[peap] Session established. Decoding tunneled attributes.
[peap] EAP type mschapv2
[peap] Got tunneled request
EAP-Message = 0x020900431a0209003e31f4d59f2d0653f8ab78aeb54ffd1c95eb0000000000000000553eed11f53c747e1c76c8b90aeaff6822bcf698cf3f1db600636872697373716c
server {
PEAP: Setting User-Name to chrissql
Sending tunneled request
EAP-Message = 0x020900431a0209003e31f4d59f2d0653f8ab78aeb54ffd1c95eb0000000000000000553eed11f53c747e1c76c8b90aeaff6822bcf698cf3f1db600636872697373716c
FreeRADIUS-Proxied-To = 127.0.0.1
User-Name = "chrissql"
State = 0xd7164b7bd71f51be0f03eeb40678ccfd
server inner-tunnel {
+- entering group authorize {...}
++[chap] returns noop
++[mschap] returns noop
++[unix] returns notfound
[suffix] No '@' in User-Name = "chrissql", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
++[control] returns noop
[eap] EAP packet type response id 9 length 67
[eap] No EAP Start, assuming it's an on-going EAP conversation
++[eap] returns updated
++[files] returns noop
[sql] expand: %{User-Name} -> chrissql
[sql] sql_set_user escaped user --> 'chrissql'
rlm_sql (sql): Reserving sql socket id: 0
[sql] expand: SELECT id, username, attribute, value, op FROM radcheck WHERE username = '%{SQL-User-Name}' ORDER BY id -> SELECT id, username, attribute, value, op FROM radcheck WHERE username = 'chrissql' ORDER BY id
rlm_sql_mysql: query: SELECT id, username, attribute, value, op FROM radcheck WHERE username = 'chrissql' ORDER BY id
[sql] User found in radcheck table
[sql] expand: SELECT id, username, attribute, value, op FROM radreply WHERE username = '%{SQL-User-Name}' ORDER BY id -> SELECT id, username, attribute, value, op FROM radreply WHERE username = 'chrissql' ORDER BY id
rlm_sql_mysql: query: SELECT id, username, attribute, value, op FROM radreply WHERE username = 'chrissql' ORDER BY id
[sql] expand: SELECT groupname FROM radusergroup WHERE username = '%{SQL-User-Name}' ORDER BY priority -> SELECT groupname FROM radusergroup WHERE username = 'chrissql' ORDER BY priority
rlm_sql_mysql: query: SELECT groupname FROM radusergroup WHERE username = 'chrissql' ORDER BY priority
rlm_sql (sql): Released sql socket id: 0
++[sql] returns ok
++[expiration] returns noop
++[logintime] returns noop
[pap] Found existing Auth-Type, not changing it.
++[pap] returns noop
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/mschapv2
[eap] processing type mschapv2
[mschapv2] +- entering group MS-CHAP {...}
[mschap] Told to do MS-CHAPv2 for chrissql with NT-Password
[mschap] adding MS-CHAPv2 MPPE keys
++[mschap] returns ok
MSCHAP Success
++[eap] returns handled
} # server inner-tunnel
[peap] Got tunneled reply code 11
EAP-Message = 0x010a00331a0309002e533d44463932423543414344423032303644394131394332344342313736464232443432433937394342
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xd7164b7bd61c51be0f03eeb40678ccfd
[peap] Got tunneled reply RADIUS code 11
EAP-Message = 0x010a00331a0309002e533d44463932423543414344423032303644394131394332344342313736464232443432433937394342
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xd7164b7bd61c51be0f03eeb40678ccfd
[peap] Got tunneled Access-Challenge
++[eap] returns handled
Sending Access-Challenge of id 58 to 192.168.1.10 port 1645
EAP-Message = 0x010a004a1900170301003f960e418a51c403a62e94df282d49cc18c5c42ccd44cd23d83c07cf8bb8f8bf6459e72ed2006b80ec3e03a1649d5ccda7a370e25270737044cf9f0fa28daf63
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xff17d477f81dcd6bf87c1a0825a175c5
Finished request 16.
Going to the next request
Waking up in 4.7 seconds.
rad_recv: Access-Request packet from host 192.168.1.10 port 1645, id=59, length=208
User-Name = "chrissql"
Framed-MTU = 1400
Called-Station-Id = "0011.2177.4ad0"
Calling-Station-Id = "001f.3b1c.b52f"
Cisco-AVPair = "ssid=radiustestcisco"
Service-Type = Login-User
Message-Authenticator = 0xc4f051d99cfba333e6af5caae58c51ef
EAP-Message = 0x020a001d1900170301001210d45bc4442d0bb6f5d798628bdca28b1db2
NAS-Port-Type = Wireless-802.11
Cisco-NAS-Port = "263"
NAS-Port = 263
State = 0xff17d477f81dcd6bf87c1a0825a175c5
NAS-IP-Address = 192.168.1.10
NAS-Identifier = "Cisco_AP"
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
[suffix] No '@' in User-Name = "chrissql", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] EAP packet type response id 10 length 29
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
[peap] eaptls_verify returned 7
[peap] Done initial handshake
[peap] eaptls_process returned 7
[peap] EAPTLS_OK
[peap] Session established. Decoding tunneled attributes.
[peap] EAP type mschapv2
[peap] Got tunneled request
EAP-Message = 0x020a00061a03
server {
PEAP: Setting User-Name to chrissql
Sending tunneled request
EAP-Message = 0x020a00061a03
FreeRADIUS-Proxied-To = 127.0.0.1
User-Name = "chrissql"
State = 0xd7164b7bd61c51be0f03eeb40678ccfd
server inner-tunnel {
+- entering group authorize {...}
++[chap] returns noop
++[mschap] returns noop
++[unix] returns notfound
[suffix] No '@' in User-Name = "chrissql", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
++[control] returns noop
[eap] EAP packet type response id 10 length 6
[eap] No EAP Start, assuming it's an on-going EAP conversation
++[eap] returns updated
++[files] returns noop
[sql] expand: %{User-Name} -> chrissql
[sql] sql_set_user escaped user --> 'chrissql'
rlm_sql (sql): Reserving sql socket id: 4
[sql] expand: SELECT id, username, attribute, value, op FROM radcheck WHERE username = '%{SQL-User-Name}' ORDER BY id -> SELECT id, username, attribute, value, op FROM radcheck WHERE username = 'chrissql' ORDER BY id
rlm_sql_mysql: query: SELECT id, username, attribute, value, op FROM radcheck WHERE username = 'chrissql' ORDER BY id
[sql] User found in radcheck table
[sql] expand: SELECT id, username, attribute, value, op FROM radreply WHERE username = '%{SQL-User-Name}' ORDER BY id -> SELECT id, username, attribute, value, op FROM radreply WHERE username = 'chrissql' ORDER BY id
rlm_sql_mysql: query: SELECT id, username, attribute, value, op FROM radreply WHERE username = 'chrissql' ORDER BY id
[sql] expand: SELECT groupname FROM radusergroup WHERE username = '%{SQL-User-Name}' ORDER BY priority -> SELECT groupname FROM radusergroup WHERE username = 'chrissql' ORDER BY priority
rlm_sql_mysql: query: SELECT groupname FROM radusergroup WHERE username = 'chrissql' ORDER BY priority
rlm_sql (sql): Released sql socket id: 4
++[sql] returns ok
++[expiration] returns noop
++[logintime] returns noop
[pap] Found existing Auth-Type, not changing it.
++[pap] returns noop
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/mschapv2
[eap] processing type mschapv2
[eap] Freeing handler
++[eap] returns ok
WARNING: Empty section. Using default return values.
} # server inner-tunnel
[peap] Got tunneled reply code 2
EAP-Message = 0x030a0004
Message-Authenticator = 0x00000000000000000000000000000000
User-Name = "chrissql"
[peap] Got tunneled reply RADIUS code 2
EAP-Message = 0x030a0004
Message-Authenticator = 0x00000000000000000000000000000000
User-Name = "chrissql"
[peap] Tunneled authentication was successful.
[peap] SUCCESS
++[eap] returns handled
Sending Access-Challenge of id 59 to 192.168.1.10 port 1645
EAP-Message = 0x010b00261900170301001b481da9778adc27e9a778b283789fcdb2dea1160cadc2e0b6d8d034
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xff17d477f71ccd6bf87c1a0825a175c5
Finished request 17.
Going to the next request
Waking up in 4.7 seconds.
rad_recv: Access-Request packet from host 192.168.1.10 port 1645, id=60, length=217
User-Name = "chrissql"
Framed-MTU = 1400
Called-Station-Id = "0011.2177.4ad0"
Calling-Station-Id = "001f.3b1c.b52f"
Cisco-AVPair = "ssid=radiustestcisco"
Service-Type = Login-User
Message-Authenticator = 0x93a6dcbe8bf8cf784cff8de728366edc
EAP-Message = 0x020b00261900170301001b838dfcacd81aec495b178bd2dd7d121e107067186fb44a1cb9e430
NAS-Port-Type = Wireless-802.11
Cisco-NAS-Port = "263"
NAS-Port = 263
State = 0xff17d477f71ccd6bf87c1a0825a175c5
NAS-IP-Address = 192.168.1.10
NAS-Identifier = "Cisco_AP"
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
[suffix] No '@' in User-Name = "chrissql", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] EAP packet type response id 11 length 38
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
[peap] eaptls_verify returned 7
[peap] Done initial handshake
[peap] eaptls_process returned 7
[peap] EAPTLS_OK
[peap] Session established. Decoding tunneled attributes.
[peap] Received EAP-TLV response.
[peap] Success
[eap] Freeing handler
++[eap] returns ok
+- entering group post-auth {...}
++[exec] returns noop
Sending Access-Accept of id 60 to 192.168.1.10 port 1645
MS-MPPE-Recv-Key = 0xafb06b17031c50daa2a990816583d7548fd0876bded1be39402156cb9bd5581e
MS-MPPE-Send-Key = 0xbe88618fd6a4a85fca914738da461961a40374fce3b6871ef197f830ecf26035
EAP-Message = 0x030b0004
Message-Authenticator = 0x00000000000000000000000000000000
User-Name = "chrissql"
Finished request 18.
Going to the next request
Waking up in 4.7 seconds.
rad_recv: Accounting-Request packet from host 192.168.1.10 port 1646, id=77, length=234
Acct-Session-Id = "0000000D"
Called-Station-Id = "0011.2177.4ad0"
Calling-Station-Id = "001f.3b1c.b52f"
Cisco-AVPair = "ssid=radiustestcisco"
Cisco-AVPair = "vlan-id=0"
Cisco-AVPair = "nas-location=unspecified"
User-Name = "chrissql"
Cisco-AVPair = "connect-progress=Call Up"
Acct-Authentic = RADIUS
Acct-Status-Type = Start
NAS-Port-Type = Wireless-802.11
Cisco-NAS-Port = "263"
NAS-Port = 263
Service-Type = Framed-User
NAS-IP-Address = 192.168.1.10
Acct-Delay-Time = 0
+- entering group preacct {...}
++[preprocess] returns ok
[acct_unique] Hashing 'NAS-Port = 263,Client-IP-Address = 192.168.1.10,NAS-IP-Address = 192.168.1.10,Acct-Session-Id = "0000000D",User-Name = "chrissql"'
[acct_unique] Acct-Unique-Session-ID = "ddc22f8239f447a4".
++[acct_unique] returns ok
[suffix] No '@' in User-Name = "chrissql", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
++[files] returns noop
+- entering group accounting {...}
[detail] expand: /var/log/freeradius/radacct/%{Client-IP-Address}/detail-%Y%m%d -> /var/log/freeradius/radacct/192.168.1.10/detail-20100527
[detail] /var/log/freeradius/radacct/%{Client-IP-Address}/detail-%Y%m%d expands to /var/log/freeradius/radacct/192.168.1.10/detail-20100527
[detail] expand: %t -> Thu May 27 23:32:23 2010
++[detail] returns ok
++[unix] returns ok
[radutmp] expand: /var/log/freeradius/radutmp -> /var/log/freeradius/radutmp
[radutmp] expand: %{User-Name} -> chrissql
++[radutmp] returns ok
[attr_filter.accounting_response] expand: %{User-Name} -> chrissql
attr_filter: Matched entry DEFAULT at line 12
++[attr_filter.accounting_response] returns updated
Sending Accounting-Response of id 77 to 192.168.1.10 port 1646
Finished request 19.
Cleaning up request 19 ID 77 with timestamp +18
Going to the next request
Waking up in 4.7 seconds.
Cleaning up request 9 ID 51 with timestamp +18
Cleaning up request 10 ID 52 with timestamp +18
Cleaning up request 11 ID 53 with timestamp +18
Cleaning up request 12 ID 54 with timestamp +18
Cleaning up request 13 ID 55 with timestamp +18
Cleaning up request 14 ID 56 with timestamp +18
Cleaning up request 15 ID 57 with timestamp +18
Cleaning up request 16 ID 58 with timestamp +18
Cleaning up request 17 ID 59 with timestamp +18
Cleaning up request 18 ID 60 with timestamp +18
Ready to process requests.
Christoph Schwabl schrieb:
> Hello,
>
> I have a small problem with accounting to mysql.
>
> freeradius 2.1.8
> mysql Ver 14.12 Distrib 5.0.51a, for debian-linux-gnu (i486) using readline 5.2
>
> The NAS is sending accounting data, which I can see in:
>
> more /var/log/freeradius/radacct/192.168.1.10/detail-20100526
> ...
> Wed May 26 23:43:57 2010
> Acct-Session-Id = "00000039"
> Called-Station-Id = "0011.2177.0da4"
> Calling-Station-Id = "001f.3b1c.f25b"
> Cisco-AVPair = "ssid=testradius"
> Cisco-AVPair = "vlan-id=0"
> Cisco-AVPair = "nas-location=unspecified"
> User-Name = "testuser"
> Cisco-AVPair = "connect-progress=Call Up"
> Acct-Session-Time = 237
> Acct-Input-Octets = 35971
> Acct-Output-Octets = 64059
> Acct-Input-Packets = 473
> Acct-Output-Packets = 98
> Acct-Authentic = RADIUS
> Acct-Status-Type = Interim-Update
> NAS-Port-Type = Wireless-802.11
> Cisco-NAS-Port = "296"
> NAS-Port = 296
> Service-Type = Framed-User
> NAS-IP-Address = 192.168.1.10
> Acct-Delay-Time = 0
> Acct-Unique-Session-Id = "4d69927723cb56d8"
> Timestamp = 1274910237
> Request-Authenticator = Verified
>
>
> But I cann't find accounting data in MySQL database.
>
>
> My configuration is:
>
> radiusd.conf
> ==================
> ...
> $INCLUDE sql.conf
> ...
> readclients = yes
> ...
>
>
> sites-enabled/inner-tunnel
> ==================
> ...
> authorize {
> chap
> mschap
> unix
> suffix
> update control {
> Proxy-To-Realm := LOCAL
> }
> eap {
> ok = return
> }
> files
> sql
> expiration
> logintime
> pap
> }
> ...
>
>
> sites-enabled/default
> ==================
> ...
> authorize {
> preprocess
> chap
> mschap
> suffix
> eap {
> ok = return
> }
> unix
> files
> sql
> expiration
> logintime
> pap
> }
> ...
> accounting {
> detail
> unix
> radutmp
> sql
> attr_filter.accounting_response
> }
> ...
>
>
>
> Using users (radcheck) and clients (nas) from MySQL are working well.
> However, accounting into MySQL is not working.
>
> Anybody an idea?
>
> thx & br
> Christoph
>
>
More information about the Freeradius-Users
mailing list