eap/ttls proxy: No EAP session matching the State variable.
Kadlecsik Jozsef
kadlec at mail.kfki.hu
Wed Sep 1 11:06:26 CEST 2010
Hi,
We have a working freeradius setup, with one exception: when guests try to
authenticate (EduRoam) it always fails. The setup is EAP/TTLS and what we
tested so far: wpa_supplicant/Windows Vista behind D-Link DWS-3024;
wpa_supplicant behind Linksys WRT45GL; eapol_test running directly at the
radius server machine.
We run freeradius 2.1.9 - the proxy server we communicate with runs
freeradius-1.0.1-3.RHEL4.5.
What can be the reason of the problem? A misconfiguration on our part? Or
a compatibility issue? Other partners reportedly can use that proxy server
successfully, our users too when they are guests at other places.
Here follows the output of eapol_test:
Reading configuration file 'config'
ap_scan=1
ctrl_interface='/var/run/wpa_supplicant'
Line: 3 - start of a new network block
ssid - hexdump_ascii(len=7):
65 64 75 72 6f 61 6d eduroam
scan_ssid=0 (0x0)
proto: 0x3
key_mgmt: 0x1
pairwise: 0x18
group: 0x18
eap methods - hexdump(len=16): 00 00 00 00 15 00 00 00 00 00 00 00 00 00 00 00
anonymous_identity - hexdump_ascii(len=26):
61 6e 6f 6e 79 6d 6f 75 73 40 74 65 73 7a 74 2e anonymous at teszt.
65 64 75 72 6f 61 6d 2e 68 75 eduroam.hu
ca_path - hexdump_ascii(len=14):
2f 65 74 63 2f 73 73 6c 2f 63 65 72 74 73 /etc/ssl/certs
identity - hexdump_ascii(len=23):
6b 61 64 6c 65 63 40 74 65 73 7a 74 2e 65 64 75 kadlec at teszt.edu
72 6f 61 6d 2e 68 75 roam.hu
password - hexdump_ascii(len=8):
XX XX XX XX XX XX XX XX XXXXXX
phase2 - hexdump_ascii(len=8):
61 75 74 68 3d 50 41 50 auth=PAP
Priority group 0
id=0 ssid='eduroam'
Authentication server 148.6.0.31:1812
RADIUS local address: 127.0.0.1:43327
EAPOL: SUPP_PAE entering state DISCONNECTED
EAPOL: KEY_RX entering state NO_KEY_RECEIVE
EAPOL: SUPP_BE entering state INITIALIZE
EAP: EAP entering state DISABLED
EAPOL: External notification - portValid=0
EAPOL: External notification - portEnabled=1
EAPOL: SUPP_PAE entering state CONNECTING
EAPOL: SUPP_BE entering state IDLE
EAP: EAP entering state INITIALIZE
EAP: EAP entering state IDLE
Sending fake EAP-Request-Identity
EAPOL: Received EAP-Packet frame
EAPOL: SUPP_PAE entering state RESTART
EAP: EAP entering state INITIALIZE
EAP: EAP entering state IDLE
EAPOL: SUPP_PAE entering state AUTHENTICATING
EAPOL: SUPP_BE entering state REQUEST
EAPOL: getSuppRsp
EAP: EAP entering state RECEIVED
EAP: Received EAP-Request id=0 method=1 vendor=0 vendorMethod=0
EAP: EAP entering state IDENTITY
CTRL-EVENT-EAP-STARTED EAP authentication started
EAP: EAP-Request Identity data - hexdump_ascii(len=0):
EAP: using anonymous identity - hexdump_ascii(len=26):
61 6e 6f 6e 79 6d 6f 75 73 40 74 65 73 7a 74 2e anonymous at teszt.
65 64 75 72 6f 61 6d 2e 68 75 eduroam.hu
EAP: EAP entering state SEND_RESPONSE
EAP: EAP entering state IDLE
EAPOL: SUPP_BE entering state RESPONSE
EAPOL: txSuppRsp
WPA: eapol_test_eapol_send(type=0 len=31)
TX EAP -> RADIUS - hexdump(len=31): 02 00 00 1f 01 61 6e 6f 6e 79 6d 6f 75 73 40 74 65 73 7a 74 2e 65 64 75 72 6f 61 6d 2e 68 75
Encapsulating EAP message into a RADIUS packet
Learned identity from EAP-Response-Identity - hexdump(len=26): 61 6e 6f 6e 79 6d 6f 75 73 40 74 65 73 7a 74 2e 65 64 75 72 6f 61 6d 2e 68 75
Sending RADIUS message to authentication server
RADIUS message: code=1 (Access-Request) identifier=0 length=160
Attribute 1 (User-Name) length=28
Value: 'anonymous at teszt.eduroam.hu'
Attribute 4 (NAS-IP-Address) length=6
Value: 127.0.0.1
Attribute 31 (Calling-Station-Id) length=19
Value: '02-00-00-00-00-01'
Attribute 12 (Framed-MTU) length=6
Value: 1400
Attribute 61 (NAS-Port-Type) length=6
Value: 19
Attribute 77 (Connect-Info) length=24
Value: 'CONNECT 11Mbps 802.11b'
Attribute 79 (EAP-Message) length=33
Value: 02 00 00 1f 01 61 6e 6f 6e 79 6d 6f 75 73 40 74 65 73 7a 74 2e 65 64 75 72 6f 61 6d 2e 68 75
Attribute 80 (Message-Authenticator) length=18
Value: 70 6e 57 1e dc ed 36 e3 3c fa 25 dd cf fa 74 c1
Next RADIUS client retransmit in 3 seconds
EAPOL: SUPP_BE entering state RECEIVE
Received 80 bytes from RADIUS server
Received RADIUS message
RADIUS message: code=11 (Access-Challenge) identifier=0 length=80
Attribute 79 (EAP-Message) length=24
Value: 01 01 00 16 04 10 22 d3 f4 e0 40 54 d1 41 de 2d b7 47 ed 24 dd ba
Attribute 80 (Message-Authenticator) length=18
Value: 5f 4c 2d 96 f6 19 04 e5 12 f0 4f 8e ed 6c ae c7
Attribute 24 (State) length=18
Value: 83 69 c1 18 5f 3a bd 42 77 dd 09 89 23 78 83 a5
STA 02:00:00:00:00:01: Received RADIUS packet matched with a pending request, round trip time 0.00 sec
RADIUS packet matching with station
decapsulated EAP packet (code=1 id=1 len=22) from RADIUS server: EAP-Request-MD5 (4)
EAPOL: Received EAP-Packet frame
EAPOL: SUPP_BE entering state REQUEST
EAPOL: getSuppRsp
EAP: EAP entering state RECEIVED
EAP: Received EAP-Request id=1 method=4 vendor=0 vendorMethod=0
EAP: EAP entering state GET_METHOD
EAP: configuration does not allow: vendor 0 method 4
EAP: vendor 0 method 4 not allowed
EAP: Building EAP-Nak (requested type 4 vendor=0 method=0 not allowed)
EAP: allowed methods - hexdump(len=1): 15
EAP: EAP entering state SEND_RESPONSE
EAP: EAP entering state IDLE
EAPOL: SUPP_BE entering state RESPONSE
EAPOL: txSuppRsp
WPA: eapol_test_eapol_send(type=0 len=6)
TX EAP -> RADIUS - hexdump(len=6): 02 01 00 06 03 15
Encapsulating EAP message into a RADIUS packet
Copied RADIUS State Attribute
Sending RADIUS message to authentication server
RADIUS message: code=1 (Access-Request) identifier=1 length=153
Attribute 1 (User-Name) length=28
Value: 'anonymous at teszt.eduroam.hu'
Attribute 4 (NAS-IP-Address) length=6
Value: 127.0.0.1
Attribute 31 (Calling-Station-Id) length=19
Value: '02-00-00-00-00-01'
Attribute 12 (Framed-MTU) length=6
Value: 1400
Attribute 61 (NAS-Port-Type) length=6
Value: 19
Attribute 77 (Connect-Info) length=24
Value: 'CONNECT 11Mbps 802.11b'
Attribute 79 (EAP-Message) length=8
Value: 02 01 00 06 03 15
Attribute 24 (State) length=18
Value: 83 69 c1 18 5f 3a bd 42 77 dd 09 89 23 78 83 a5
Attribute 80 (Message-Authenticator) length=18
Value: 58 cd ca e3 8a ac bb 23 e6 22 0e 72 24 ef 56 27
Next RADIUS client retransmit in 3 seconds
EAPOL: SUPP_BE entering state RECEIVE
Received 64 bytes from RADIUS server
Received RADIUS message
RADIUS message: code=11 (Access-Challenge) identifier=1 length=64
Attribute 79 (EAP-Message) length=8
Value: 01 02 00 06 15 20
Attribute 80 (Message-Authenticator) length=18
Value: 29 b0 ab fc 91 ab 54 b8 ba 53 37 75 36 90 52 6a
Attribute 24 (State) length=18
Value: 44 79 a4 5f ed 64 34 ea 95 59 f7 21 7d 23 51 e7
STA 02:00:00:00:00:01: Received RADIUS packet matched with a pending request, round trip time 0.00 sec
RADIUS packet matching with station
decapsulated EAP packet (code=1 id=2 len=6) from RADIUS server: EAP-Request-TTLS (21)
EAPOL: Received EAP-Packet frame
EAPOL: SUPP_BE entering state REQUEST
EAPOL: getSuppRsp
EAP: EAP entering state RECEIVED
EAP: Received EAP-Request id=2 method=21 vendor=0 vendorMethod=0
EAP: EAP entering state GET_METHOD
EAP: Initialize selected EAP method: vendor 0 method 21 (TTLS)
EAP-TTLS: Phase2 type: PAP
CTRL-EVENT-EAP-METHOD EAP vendor 0 method 21 (TTLS) selected
EAP: EAP entering state METHOD
SSL: Received packet(len=6) - Flags 0x20
EAP-TTLS: Start (server ver=0, own ver=0)
TLS: using phase1 config options
TLS: Trusted root certificate(s) loaded
EAP-TTLS: Start
SSL: (where=0x10 ret=0x1)
SSL: (where=0x1001 ret=0x1)
SSL: SSL_connect:before/connect initialization
SSL: (where=0x1001 ret=0x1)
SSL: SSL_connect:SSLv3 write client hello A
SSL: (where=0x1002 ret=0xffffffff)
SSL: SSL_connect:error in SSLv3 read server hello A
SSL: SSL_connect - want more data
SSL: 87 bytes pending from ssl_out
SSL: 87 bytes left to be sent out (of total 87 bytes)
EAP: method process -> ignore=FALSE methodState=MAY_CONT decision=FAIL
EAP: EAP entering state SEND_RESPONSE
EAP: EAP entering state IDLE
EAPOL: SUPP_BE entering state RESPONSE
EAPOL: txSuppRsp
WPA: eapol_test_eapol_send(type=0 len=93)
TX EAP -> RADIUS - hexdump(len=93): 02 02 00 5d 15 00 16 03 01 00 52 01 00 00 4e 03 01 4c 7d 06 b5 35 a7 02 a3 28 f3 ce 39 c4 66 ca 50 01 f7 88 dc 64 fb 4f a8 7d 35 02 30 a4 0c 2c e9 00 00 26 00 39 00 38 00 35 00 16 00 13 00 0a 00 33 00 32 00 2f 00 05 00 04 00 15 00 12 00 09 00 14 00 11 00 08 00 06 00 03 02 01 00
Encapsulating EAP message into a RADIUS packet
Copied RADIUS State Attribute
Sending RADIUS message to authentication server
RADIUS message: code=1 (Access-Request) identifier=2 length=240
Attribute 1 (User-Name) length=28
Value: 'anonymous at teszt.eduroam.hu'
Attribute 4 (NAS-IP-Address) length=6
Value: 127.0.0.1
Attribute 31 (Calling-Station-Id) length=19
Value: '02-00-00-00-00-01'
Attribute 12 (Framed-MTU) length=6
Value: 1400
Attribute 61 (NAS-Port-Type) length=6
Value: 19
Attribute 77 (Connect-Info) length=24
Value: 'CONNECT 11Mbps 802.11b'
Attribute 79 (EAP-Message) length=95
Value: 02 02 00 5d 15 00 16 03 01 00 52 01 00 00 4e 03 01 4c 7d 06 b5 35 a7 02 a3 28 f3 ce 39 c4 66 ca 50 01 f7 88 dc 64 fb 4f a8 7d 35 02 30 a4 0c 2c e9 00 00 26 00 39 00 38 00 35 00 16 00 13 00 0a 00 33 00 32 00 2f 00 05 00 04 00 15 00 12 00 09 00 14 00 11 00 08 00 06 00 03 02 01 00
Attribute 24 (State) length=18
Value: 44 79 a4 5f ed 64 34 ea 95 59 f7 21 7d 23 51 e7
Attribute 80 (Message-Authenticator) length=18
Value: 33 8c 32 7f 4f 8e f7 b0 23 41 94 98 3b 9d 10 4e
Next RADIUS client retransmit in 3 seconds
EAPOL: SUPP_BE entering state RECEIVE
Received 20 bytes from RADIUS server
Received RADIUS message
RADIUS message: code=3 (Access-Reject) identifier=2 length=20
STA 02:00:00:00:00:01: Received RADIUS packet matched with a pending request, round trip time 1.00 sec
Allowing RADIUS Access-Reject without Message-Authenticator since it does not include EAP-Message
RADIUS packet matching with station
could not extract EAP-Message from RADIUS message
EAPOL: EAP key not available
EAP: deinitialize previously used EAP method (21, TTLS) at EAP deinit
MPPE keys OK: 0 mismatch: 1
FAILURE
And the debugging log of our freeradius server:
FreeRADIUS Version 2.1.9, for host i486-pc-linux-gnu, built on Aug 25 2010 at 10:18:45
Copyright (C) 1999-2009 The FreeRADIUS server project and contributors.
There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A
PARTICULAR PURPOSE.
You may redistribute copies of FreeRADIUS under the terms of the
GNU General Public License v2.
Starting - reading configuration files ...
including configuration file /etc/freeradius/radiusd.conf
including configuration file /etc/freeradius/proxy.conf
including configuration file /etc/freeradius/clients.conf
including files in directory /etc/freeradius/modules/
including configuration file /etc/freeradius/modules/always
including configuration file /etc/freeradius/modules/attr_filter
including configuration file /etc/freeradius/modules/attr_rewrite
including configuration file /etc/freeradius/modules/chap
including configuration file /etc/freeradius/modules/checkval
including configuration file /etc/freeradius/modules/counter
including configuration file /etc/freeradius/modules/detail
including configuration file /etc/freeradius/modules/detail.example.com
including configuration file /etc/freeradius/modules/detail.log
including configuration file /etc/freeradius/modules/digest
including configuration file /etc/freeradius/modules/echo
including configuration file /etc/freeradius/modules/etc_group
including configuration file /etc/freeradius/modules/exec
including configuration file /etc/freeradius/modules/expiration
including configuration file /etc/freeradius/modules/expr
including configuration file /etc/freeradius/modules/files
including configuration file /etc/freeradius/modules/inner-eap
including configuration file /etc/freeradius/modules/ippool
including configuration file /etc/freeradius/modules/krb5
including configuration file /etc/freeradius/modules/ldap
including configuration file /etc/freeradius/modules/linelog
including configuration file /etc/freeradius/modules/logintime
including configuration file /etc/freeradius/modules/mac2ip
including configuration file /etc/freeradius/modules/mac2vlan
including configuration file /etc/freeradius/modules/mschap
including configuration file /etc/freeradius/modules/pam
including configuration file /etc/freeradius/modules/pap
including configuration file /etc/freeradius/modules/passwd
including configuration file /etc/freeradius/modules/policy
including configuration file /etc/freeradius/modules/preprocess
including configuration file /etc/freeradius/modules/radutmp
including configuration file /etc/freeradius/modules/realm
including configuration file /etc/freeradius/modules/smbpasswd
including configuration file /etc/freeradius/modules/sql_log
including configuration file /etc/freeradius/modules/sradutmp
including configuration file /etc/freeradius/modules/unix
including configuration file /etc/freeradius/modules/wimax
including configuration file /etc/freeradius/modules/kemping_files
including configuration file /etc/freeradius/modules/eduroam_files
including configuration file /etc/freeradius/modules/rmki_files
including configuration file /etc/freeradius/modules/cui
including configuration file /etc/freeradius/modules/mschap.dpkg-dist
including configuration file /etc/freeradius/modules/ntlm_auth
including configuration file /etc/freeradius/modules/otp
including configuration file /etc/freeradius/modules/perl
including configuration file /etc/freeradius/modules/smsotp
including configuration file /etc/freeradius/modules/sqlcounter_expire_on_login
including configuration file /etc/freeradius/modules/acct_unique
including configuration file /etc/freeradius/eap.conf
including configuration file /etc/freeradius/sql.conf
including configuration file /etc/freeradius/sql/mysql/eduroam_external.conf
including configuration file /etc/freeradius/sql/mysql/eduroam_external.conf
including configuration file /etc/freeradius/sql/mysql/eduroam.conf
including configuration file /etc/freeradius/sql/mysql/eduroam.conf
including configuration file /etc/freeradius/sql/mysql/rmki.conf
including configuration file /etc/freeradius/sql/mysql/rmki.conf
including configuration file /etc/freeradius/policy.conf
including files in directory /etc/freeradius/sites-enabled/
including configuration file /etc/freeradius/sites-enabled/eduroam
including configuration file /etc/freeradius/sites-enabled/default
including configuration file /etc/freeradius/sites-enabled/rmki
main {
allow_core_dumps = no
}
including dictionary file /etc/freeradius/dictionary
main {
prefix = "/usr"
localstatedir = "/var"
logdir = "/var/log/freeradius"
libdir = "/usr/lib/freeradius"
radacctdir = "/var/log/freeradius/radacct"
hostname_lookups = no
max_request_time = 30
cleanup_delay = 5
max_requests = 1024
pidfile = "/var/run/freeradius/freeradius.pid"
checkrad = "/usr/sbin/checkrad"
debug_level = 0
proxy_requests = yes
log {
stripped_names = no
auth = yes
auth_badpass = no
auth_goodpass = no
}
security {
max_attributes = 200
reject_delay = 1
status_server = yes
}
}
radiusd: #### Loading Realms and Home Servers ####
proxy server {
retry_delay = 5
retry_count = 3
default_fallback = no
dead_time = 120
wake_all_if_all_dead = no
}
home_server localhost {
ipaddr = 127.0.0.1
port = 1812
type = "auth"
secret = "XXXXX"
response_window = 20
max_outstanding = 65536
zombie_period = 40
status_check = "status-server"
ping_interval = 30
check_interval = 30
num_answers_to_alive = 3
num_pings_to_alive = 3
revive_interval = 120
status_check_timeout = 4
irt = 2
mrt = 16
mrc = 5
mrd = 30
}
home_server_pool my_auth_failover {
type = fail-over
home_server = localhost
}
realm sunserv.kfki.hu {
auth_pool = my_auth_failover
}
realm LOCAL {
}
home_server radius1.eduroam.hu {
ipaddr = 195.111.98.4
port = 1812
type = "auth"
secret = "XXXXX"
response_window = 20
max_outstanding = 65536
zombie_period = 40
status_check = "status-server"
ping_interval = 30
check_interval = 30
num_answers_to_alive = 3
num_pings_to_alive = 3
revive_interval = 120
status_check_timeout = 4
irt = 2
mrt = 16
mrc = 5
mrd = 30
}
home_server radius2.eduroam.hu {
ipaddr = 195.111.98.12
port = 1812
type = "auth"
secret = "XXXXX"
response_window = 20
max_outstanding = 65536
zombie_period = 40
status_check = "status-server"
ping_interval = 30
check_interval = 30
num_answers_to_alive = 3
num_pings_to_alive = 3
revive_interval = 120
status_check_timeout = 4
irt = 2
mrt = 16
mrc = 5
mrd = 30
}
home_server_pool radius.eduroam.hu {
type = fail-over
home_server = radius1.eduroam.hu
home_server = radius2.eduroam.hu
}
realm UP {
auth_pool = radius.eduroam.hu
nostrip
}
radiusd: #### Loading Clients ####
client localhost {
ipaddr = 127.0.0.1
require_message_authenticator = no
secret = "XXXXX"
nastype = "other"
}
radiusd: #### Instantiating modules ####
instantiate {
Module: Linked to module rlm_expr
Module: Instantiating expr
}
radiusd: #### Loading Virtual Servers ####
server eduroam {
modules {
Module: Checking authenticate {...} for more modules to load
Module: Linked to module rlm_pap
Module: Instantiating pap
pap {
encryption_scheme = "auto"
auto_header = yes
}
Module: Linked to module rlm_chap
Module: Instantiating chap
Module: Linked to module rlm_mschap
Module: Instantiating mschap
mschap {
use_mppe = yes
require_encryption = no
require_strong = no
with_ntdomain_hack = yes
}
Module: Linked to module rlm_eap
Module: Instantiating eap
eap {
default_eap_type = "ttls"
timer_expire = 60
ignore_unknown_eap_types = no
cisco_accounting_username_bug = no
max_sessions = 2048
}
Module: Linked to sub-module rlm_eap_md5
Module: Instantiating eap-md5
Module: Linked to sub-module rlm_eap_gtc
Module: Instantiating eap-gtc
gtc {
challenge = "Password: "
auth_type = "PAP"
}
Module: Linked to sub-module rlm_eap_tls
Module: Instantiating eap-tls
tls {
rsa_key_exchange = no
dh_key_exchange = yes
rsa_key_length = 512
dh_key_length = 512
verify_depth = 0
pem_file_type = yes
private_key_file = "/etc/freeradius/certs/radius_key.pem"
certificate_file = "/etc/freeradius/certs/radius_pub.pem"
CA_file = "/etc/freeradius/certs/kfki_ca.pem"
dh_file = "/etc/freeradius/certs/dh"
random_file = "/dev/urandom"
fragment_size = 1024
include_length = yes
check_crl = no
cipher_list = "DEFAULT"
cache {
enable = no
lifetime = 1
max_entries = 255
}
}
Module: Linked to sub-module rlm_eap_ttls
Module: Instantiating eap-ttls
ttls {
default_eap_type = "md5"
copy_request_to_tunnel = no
use_tunneled_reply = no
include_length = yes
}
Module: Linked to sub-module rlm_eap_peap
Module: Instantiating eap-peap
peap {
default_eap_type = "mschapv2"
copy_request_to_tunnel = no
use_tunneled_reply = no
proxy_tunneled_request_as_eap = yes
}
Module: Linked to sub-module rlm_eap_mschapv2
Module: Instantiating eap-mschapv2
mschapv2 {
with_ntdomain_hack = no
}
Module: Checking authorize {...} for more modules to load
Module: Linked to module rlm_preprocess
Module: Instantiating preprocess
preprocess {
huntgroups = "/etc/freeradius/huntgroups"
hints = "/etc/freeradius/hints"
with_ascend_hack = no
ascend_channels_per_line = 23
with_ntdomain_hack = no
with_specialix_jetstream_hack = no
with_cisco_vsa_hack = no
with_alvarion_vsa_hack = no
}
Module: Linked to module rlm_detail
Module: Instantiating auth_log
detail auth_log {
detailfile = "/var/log/freeradius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d"
header = "%t"
detailperm = 384
dirperm = 493
locking = no
log_packet_header = no
}
Module: Linked to module rlm_files
Module: Instantiating eduroam_files
files eduroam_files {
usersfile = "/etc/freeradius/users.eduroam"
acctusersfile = "/etc/freeradius/acct_users"
preproxy_usersfile = "/etc/freeradius/preproxy_users"
compat = "no"
}
Module: Linked to module rlm_sql
Module: Instantiating internal_eduroam_sql0
sql internal_eduroam_sql0 {
driver = "rlm_sql_mysql"
server = "mdb0.kfki.hu"
port = ""
login = "XXXXX"
password = "XXXX"
radius_db = "postfilter_replicated"
read_groups = yes
sqltrace = yes
sqltracefile = "/var/log/freeradius/sqltrace.sql"
readclients = no
deletestalesessions = no
num_sql_socks = 3
lifetime = 0
max_queries = 0
sql_user_name = "%{User-Name}"
default_user_profile = ""
nas_query = "SELECT _userid, 'foo', 'foo', 'foo', 'foo' FROM user WHERE _address = '_never_match'"
authorize_check_query = "SELECT _userid, _address, 'Password', _passwd, ':=' FROM user WHERE _address = '%{SQL-User-Name}' and _passwd != '' and (_hidden = 0 or _address like '%%@eduroam.kfki.hu') ORDER BY _userid"
authorize_reply_query = "SELECT _userid, _address, 'foo', 'foo', '==' FROM user WHERE _address = '_never_match'"
authorize_group_check_query = "SELECT _userid, _address, 'foo', 'foo', '==' FROM radgroupcheck WHERE _address = '_never_match'"
authorize_group_reply_query = "SELECT _userid, _address, 'foo', 'foo', '==' FROM radgroupcheck WHERE _address = '_never_match'"
accounting_onoff_query = " UPDATE radacct SET acctstoptime = '%S', acctsessiontime = unix_timestamp('%S') - unix_timestamp(acctstarttime), acctterminatecause = '%{Acct-Terminate-Cause}', acctstopdelay = %{%{Acct-Delay-Time}:-0} WHERE acctstoptime IS NULL AND nasipaddress = '%{NAS-IP-Address}' AND acctstarttime <= '%S'"
accounting_update_query = " UPDATE radacct SET framedipaddress = '%{Framed-IP-Address}', acctsessiontime = '%{Acct-Session-Time}', acctinputoctets = '%{%{Acct-Input-Gigawords}:-0}' << 32 | '%{%{Acct-Input-Octets}:-0}', acctoutputoctets = '%{%{Acct-Output-Gigawords}:-0}' << 32 | '%{%{Acct-Output-Octets}:-0}' WHERE acctsessionid = '%{Acct-Session-Id}' AND username = '%{SQL-User-Name}' AND nasipaddress = '%{NAS-IP-Address}'"
accounting_update_query_alt = " INSERT INTO radacct (acctsessionid, acctuniqueid, username, realm, nasipaddress, nasportid, nasporttype, acctstarttime, acctsessiontime, acctauthentic, connectinfo_start, acctinputoctets, acctoutputoctets, calledstationid, callingstationid, servicetype, framedprotocol, framedipaddress, acctstartdelay, xascendsessionsvrkey) VALUES ('%{Acct-Session-Id}', '%{Acct-Unique-Session-Id}', '%{SQL-User-Name}', '%{Realm}', '%{NAS-IP-Address}', '%{NAS-Port}', '%{NAS-Port-Type}', DATE_SUB('%S', INTERVAL (%{%{Acct-Session-Time}:-0} + %{%{Acct-Delay-Time}:-0}) SECOND), '%{Acct-Session-Time}', '%{Acct-Authentic}', '', '%{%{Acct-Input-Gigawor
ds}:-0}' << 32 | '%{%{Acct-Input-Octets}:-0}', '%{%{Acct-Output-Gigawords}:-0}' << 32 | '%{%{Acct-Output-Octets}:-0}', '%{Called-Station-Id}', '%{Calling-Station-Id}', '%{Service-Type}', '%{Framed-Protocol}', '%{Framed-IP-Address}', '0', '%{X-Ascend-Session-Svr-Key}')"
accounting_start_query = " INSERT INTO radacct (acctsessionid, acctuniqueid, username, realm, nasipaddress, nasportid, nasporttype, acctstarttime, acctstoptime, acctsessiontime, acctauthentic, connectinfo_start, connectinfo_stop, acctinputoctets, acctoutputoctets, calledstationid, callingstationid, acctterminatecause, servicetype, framedprotocol, framedipaddress, acctstartdelay, acctstopdelay, xascendsessionsvrkey) VALUES ('%{Acct-Session-Id}', '%{Acct-Unique-Session-Id}', '%{SQL-User-Name}', '%{Realm}', '%{NAS-IP-Address}', '%{NAS-Port}', '%{NAS-Port-Type}', '%S', NULL, '0', '%{Acct-Authentic}', '%{Connect-Info}', '', '0', '0', '%{Called-Station-Id}', '%{Calling-Station-Id}', '', '%{Service-Type}', '%{Fra
med-Protocol}', '%{Framed-IP-Address}', '%{%{Acct-Delay-Time}:-0}', '0', '%{X-Ascend-Session-Svr-Key}')"
accounting_start_query_alt = " UPDATE radacct SET acctstarttime = '%S', acctstartdelay = '%{%{Acct-Delay-Time}:-0}', connectinfo_start = '%{Connect-Info}' WHERE acctsessionid = '%{Acct-Session-Id}' AND username = '%{SQL-User-Name}' AND nasipaddress = '%{NAS-IP-Address}'"
accounting_stop_query = " UPDATE radacct SET acctstoptime = '%S', acctsessiontime = '%{Acct-Session-Time}', acctinputoctets = '%{%{Acct-Input-Gigawords}:-0}' << 32 | '%{%{Acct-Input-Octets}:-0}', acctoutputoctets = '%{%{Acct-Output-Gigawords}:-0}' << 32 | '%{%{Acct-Output-Octets}:-0}', acctterminatecause = '%{Acct-Terminate-Cause}', acctstopdelay = '%{%{Acct-Delay-Time}:-0}', connectinfo_stop = '%{Connect-Info}' WHERE acctsessionid = '%{Acct-Session-Id}' AND username = '%{SQL-User-Name}' AND nasipaddress = '%{NAS-IP-Address}'"
accounting_stop_query_alt = " INSERT INTO radacct (acctsessionid, acctuniqueid, username, realm, nasipaddress, nasportid, nasporttype, acctstarttime, acctstoptime, acctsessiontime, acctauthentic, connectinfo_start, connectinfo_stop, acctinputoctets, acctoutputoctets, calledstationid, callingstationid, acctterminatecause, servicetype, framedprotocol, framedipaddress, acctstartdelay, acctstopdelay) VALUES ('%{Acct-Session-Id}', '%{Acct-Unique-Session-Id}', '%{SQL-User-Name}', '%{Realm}', '%{NAS-IP-Address}', '%{NAS-Port}', '%{NAS-Port-Type}', DATE_SUB('%S', INTERVAL (%{%{Acct-Session-Time}:-0} + %{%{Acct-Delay-Time}:-0}) SECOND), '%S', '%{Acct-Session-Time}', '%{Acct-Authentic}', '', '%{Connect-Info}', '%{%{Acct-Input-Gig
awords}:-0}' << 32 | '%{%{Acct-Input-Octets}:-0}', '%{%{Acct-Output-Gigawords}:-0}' << 32 | '%{%{Acct-Output-Octets}:-0}', '%{Called-Station-Id}', '%{Calling-Station-Id}', '%{Acct-Terminate-Cause}', '%{Service-Type}', '%{Framed-Protocol}', '%{Framed-IP-Address}', '0', '%{%{Acct-Delay-Time}:-0}')"
group_membership_query = "SELECT 'foo' FROM user WHERE _address = '_never_match'"
connect_failure_retry_delay = 60
simul_count_query = ""
simul_verify_query = "SELECT radacctid, acctsessionid, username, nasipaddress, nasportid, framedipaddress, callingstationid, framedprotocol FROM radacct WHERE username = '%{SQL-User-Name}' AND acctstoptime IS NULL"
postauth_query = "INSERT INTO radpostauth (username, pass, reply, authdate) VALUES ( '%{User-Name}', '%{%{User-Password}:-%{Chap-Password}}', '%{reply:Packet-Type}', '%S')"
safe-characters = "@abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789.-_: /"
}
rlm_sql (internal_eduroam_sql0): Driver rlm_sql_mysql (module rlm_sql_mysql) loaded and linked
rlm_sql (internal_eduroam_sql0): Attempting to connect to freeradius at mdb0.kfki.hu:/postfilter_replicated
rlm_sql (internal_eduroam_sql0): starting 0
rlm_sql (internal_eduroam_sql0): Attempting to connect rlm_sql_mysql #0
rlm_sql_mysql: Starting connect to MySQL server for #0
rlm_sql (internal_eduroam_sql0): Connected new DB handle, #0
rlm_sql (internal_eduroam_sql0): starting 1
rlm_sql (internal_eduroam_sql0): Attempting to connect rlm_sql_mysql #1
rlm_sql_mysql: Starting connect to MySQL server for #1
rlm_sql (internal_eduroam_sql0): Connected new DB handle, #1
rlm_sql (internal_eduroam_sql0): starting 2
rlm_sql (internal_eduroam_sql0): Attempting to connect rlm_sql_mysql #2
rlm_sql_mysql: Starting connect to MySQL server for #2
rlm_sql (internal_eduroam_sql0): Connected new DB handle, #2
Module: Instantiating internal_eduroam_sql1
sql internal_eduroam_sql1 {
driver = "rlm_sql_mysql"
server = "mdb1.kfki.hu"
port = ""
login = "XXXXX"
password = "XXXXX"
radius_db = "postfilter_replicated"
read_groups = yes
sqltrace = yes
sqltracefile = "/var/log/freeradius/sqltrace.sql"
readclients = no
deletestalesessions = no
num_sql_socks = 3
lifetime = 0
max_queries = 0
sql_user_name = "%{User-Name}"
default_user_profile = ""
nas_query = "SELECT _userid, 'foo', 'foo', 'foo', 'foo' FROM user WHERE _address = '_never_match'"
authorize_check_query = "SELECT _userid, _address, 'Password', _passwd, ':=' FROM user WHERE _address = '%{SQL-User-Name}' and _passwd != '' and (_hidden = 0 or _address like '%%@eduroam.kfki.hu') ORDER BY _userid"
authorize_reply_query = "SELECT _userid, _address, 'foo', 'foo', '==' FROM user WHERE _address = '_never_match'"
authorize_group_check_query = "SELECT _userid, _address, 'foo', 'foo', '==' FROM radgroupcheck WHERE _address = '_never_match'"
authorize_group_reply_query = "SELECT _userid, _address, 'foo', 'foo', '==' FROM radgroupcheck WHERE _address = '_never_match'"
accounting_onoff_query = " UPDATE radacct SET acctstoptime = '%S', acctsessiontime = unix_timestamp('%S') - unix_timestamp(acctstarttime), acctterminatecause = '%{Acct-Terminate-Cause}', acctstopdelay = %{%{Acct-Delay-Time}:-0} WHERE acctstoptime IS NULL AND nasipaddress = '%{NAS-IP-Address}' AND acctstarttime <= '%S'"
accounting_update_query = " UPDATE radacct SET framedipaddress = '%{Framed-IP-Address}', acctsessiontime = '%{Acct-Session-Time}', acctinputoctets = '%{%{Acct-Input-Gigawords}:-0}' << 32 | '%{%{Acct-Input-Octets}:-0}', acctoutputoctets = '%{%{Acct-Output-Gigawords}:-0}' << 32 | '%{%{Acct-Output-Octets}:-0}' WHERE acctsessionid = '%{Acct-Session-Id}' AND username = '%{SQL-User-Name}' AND nasipaddress = '%{NAS-IP-Address}'"
accounting_update_query_alt = " INSERT INTO radacct (acctsessionid, acctuniqueid, username, realm, nasipaddress, nasportid, nasporttype, acctstarttime, acctsessiontime, acctauthentic, connectinfo_start, acctinputoctets, acctoutputoctets, calledstationid, callingstationid, servicetype, framedprotocol, framedipaddress, acctstartdelay, xascendsessionsvrkey) VALUES ('%{Acct-Session-Id}', '%{Acct-Unique-Session-Id}', '%{SQL-User-Name}', '%{Realm}', '%{NAS-IP-Address}', '%{NAS-Port}', '%{NAS-Port-Type}', DATE_SUB('%S', INTERVAL (%{%{Acct-Session-Time}:-0} + %{%{Acct-Delay-Time}:-0}) SECOND), '%{Acct-Session-Time}', '%{Acct-Authentic}', '', '%{%{Acct-Input-Gigawor
ds}:-0}' << 32 | '%{%{Acct-Input-Octets}:-0}', '%{%{Acct-Output-Gigawords}:-0}' << 32 | '%{%{Acct-Output-Octets}:-0}', '%{Called-Station-Id}', '%{Calling-Station-Id}', '%{Service-Type}', '%{Framed-Protocol}', '%{Framed-IP-Address}', '0', '%{X-Ascend-Session-Svr-Key}')"
accounting_start_query = " INSERT INTO radacct (acctsessionid, acctuniqueid, username, realm, nasipaddress, nasportid, nasporttype, acctstarttime, acctstoptime, acctsessiontime, acctauthentic, connectinfo_start, connectinfo_stop, acctinputoctets, acctoutputoctets, calledstationid, callingstationid, acctterminatecause, servicetype, framedprotocol, framedipaddress, acctstartdelay, acctstopdelay, xascendsessionsvrkey) VALUES ('%{Acct-Session-Id}', '%{Acct-Unique-Session-Id}', '%{SQL-User-Name}', '%{Realm}', '%{NAS-IP-Address}', '%{NAS-Port}', '%{NAS-Port-Type}', '%S', NULL, '0', '%{Acct-Authentic}', '%{Connect-Info}', '', '0', '0', '%{Called-Station-Id}', '%{Calling-Station-Id}', '', '%{Service-Type}', '%{Fra
med-Protocol}', '%{Framed-IP-Address}', '%{%{Acct-Delay-Time}:-0}', '0', '%{X-Ascend-Session-Svr-Key}')"
accounting_start_query_alt = " UPDATE radacct SET acctstarttime = '%S', acctstartdelay = '%{%{Acct-Delay-Time}:-0}', connectinfo_start = '%{Connect-Info}' WHERE acctsessionid = '%{Acct-Session-Id}' AND username = '%{SQL-User-Name}' AND nasipaddress = '%{NAS-IP-Address}'"
accounting_stop_query = " UPDATE radacct SET acctstoptime = '%S', acctsessiontime = '%{Acct-Session-Time}', acctinputoctets = '%{%{Acct-Input-Gigawords}:-0}' << 32 | '%{%{Acct-Input-Octets}:-0}', acctoutputoctets = '%{%{Acct-Output-Gigawords}:-0}' << 32 | '%{%{Acct-Output-Octets}:-0}', acctterminatecause = '%{Acct-Terminate-Cause}', acctstopdelay = '%{%{Acct-Delay-Time}:-0}', connectinfo_stop = '%{Connect-Info}' WHERE acctsessionid = '%{Acct-Session-Id}' AND username = '%{SQL-User-Name}' AND nasipaddress = '%{NAS-IP-Address}'"
accounting_stop_query_alt = " INSERT INTO radacct (acctsessionid, acctuniqueid, username, realm, nasipaddress, nasportid, nasporttype, acctstarttime, acctstoptime, acctsessiontime, acctauthentic, connectinfo_start, connectinfo_stop, acctinputoctets, acctoutputoctets, calledstationid, callingstationid, acctterminatecause, servicetype, framedprotocol, framedipaddress, acctstartdelay, acctstopdelay) VALUES ('%{Acct-Session-Id}', '%{Acct-Unique-Session-Id}', '%{SQL-User-Name}', '%{Realm}', '%{NAS-IP-Address}', '%{NAS-Port}', '%{NAS-Port-Type}', DATE_SUB('%S', INTERVAL (%{%{Acct-Session-Time}:-0} + %{%{Acct-Delay-Time}:-0}) SECOND), '%S', '%{Acct-Session-Time}', '%{Acct-Authentic}', '', '%{Connect-Info}', '%{%{Acct-Input-Gig
awords}:-0}' << 32 | '%{%{Acct-Input-Octets}:-0}', '%{%{Acct-Output-Gigawords}:-0}' << 32 | '%{%{Acct-Output-Octets}:-0}', '%{Called-Station-Id}', '%{Calling-Station-Id}', '%{Acct-Terminate-Cause}', '%{Service-Type}', '%{Framed-Protocol}', '%{Framed-IP-Address}', '0', '%{%{Acct-Delay-Time}:-0}')"
group_membership_query = "SELECT 'foo' FROM user WHERE _address = '_never_match'"
connect_failure_retry_delay = 60
simul_count_query = ""
simul_verify_query = "SELECT radacctid, acctsessionid, username, nasipaddress, nasportid, framedipaddress, callingstationid, framedprotocol FROM radacct WHERE username = '%{SQL-User-Name}' AND acctstoptime IS NULL"
postauth_query = "INSERT INTO radpostauth (username, pass, reply, authdate) VALUES ( '%{User-Name}', '%{%{User-Password}:-%{Chap-Password}}', '%{reply:Packet-Type}', '%S')"
safe-characters = "@abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789.-_: /"
}
rlm_sql (internal_eduroam_sql1): Driver rlm_sql_mysql (module rlm_sql_mysql) loaded and linked
rlm_sql (internal_eduroam_sql1): Attempting to connect to freeradius at mdb1.kfki.hu:/postfilter_replicated
rlm_sql (internal_eduroam_sql1): starting 0
rlm_sql (internal_eduroam_sql1): Attempting to connect rlm_sql_mysql #0
rlm_sql_mysql: Starting connect to MySQL server for #0
rlm_sql (internal_eduroam_sql1): Connected new DB handle, #0
rlm_sql (internal_eduroam_sql1): starting 1
rlm_sql (internal_eduroam_sql1): Attempting to connect rlm_sql_mysql #1
rlm_sql_mysql: Starting connect to MySQL server for #1
rlm_sql (internal_eduroam_sql1): Connected new DB handle, #1
rlm_sql (internal_eduroam_sql1): starting 2
rlm_sql (internal_eduroam_sql1): Attempting to connect rlm_sql_mysql #2
rlm_sql_mysql: Starting connect to MySQL server for #2
rlm_sql (internal_eduroam_sql1): Connected new DB handle, #2
Module: Checking preacct {...} for more modules to load
Module: Linked to module rlm_acct_unique
Module: Instantiating acct_unique
acct_unique {
key = "User-Name, Acct-Session-Id, NAS-IP-Address, Client-IP-Address, NAS-Port"
}
Module: Checking accounting {...} for more modules to load
Module: Instantiating detail
detail {
detailfile = "/var/log/freeradius/radacct/%{Client-IP-Address}/detail-%Y%m%d"
header = "%t"
detailperm = 384
dirperm = 493
locking = no
log_packet_header = no
}
Module: Linked to module rlm_radutmp
Module: Instantiating radutmp
radutmp {
filename = "/var/log/freeradius/radutmp"
username = "%{User-Name}"
case_sensitive = yes
check_with_nas = yes
perm = 384
callerid = yes
}
Module: Checking session {...} for more modules to load
Module: Checking pre-proxy {...} for more modules to load
Module: Instantiating pre_proxy_log
detail pre_proxy_log {
detailfile = "/var/log/freeradius/radacct/%{Client-IP-Address}/pre-proxy-detail-%Y%m%d"
header = "%t"
detailperm = 384
dirperm = 493
locking = no
log_packet_header = no
}
Module: Checking post-proxy {...} for more modules to load
Module: Instantiating post_proxy_log
detail post_proxy_log {
detailfile = "/var/log/freeradius/radacct/%{Client-IP-Address}/post-proxy-detail-%Y%m%d"
header = "%t"
detailperm = 384
dirperm = 493
locking = no
log_packet_header = no
}
Module: Checking post-auth {...} for more modules to load
Module: Instantiating reply_log
detail reply_log {
detailfile = "/var/log/freeradius/radacct/%{Client-IP-Address}/reply-detail-%Y%m%d"
header = "%t"
detailperm = 384
dirperm = 493
locking = no
log_packet_header = no
}
} # modules
} # server
server rmki {
modules {
Module: Checking authenticate {...} for more modules to load
Module: Checking authorize {...} for more modules to load
Module: Instantiating rmki_files
files rmki_files {
usersfile = "/etc/freeradius/users.rmki"
acctusersfile = "/etc/freeradius/acct_users"
preproxy_usersfile = "/etc/freeradius/preproxy_users"
compat = "no"
}
Module: Instantiating rmki_sql0
sql rmki_sql0 {
driver = "rlm_sql_mysql"
server = "mdb0.kfki.hu"
port = ""
login = "XXXXX"
password = "XXXXX"
radius_db = "postfilter_replicated"
read_groups = yes
sqltrace = yes
sqltracefile = "/var/log/freeradius/sqltrace.sql"
readclients = no
deletestalesessions = no
num_sql_socks = 3
lifetime = 0
max_queries = 0
sql_user_name = "%{User-Name}"
default_user_profile = ""
nas_query = "SELECT _userid, 'foo', 'foo', 'foo', 'foo' FROM user WHERE _address = '_never_match'"
authorize_check_query = "SELECT user._userid, user._address, 'Password', user._passwd, ':=' FROM user, attributes WHERE user._address = '%{SQL-User-Name}' and user._passwd != '' and user._hidden = 0 and (user._address like '%%@rmki.kfki.hu' or (attributes._address = '%{SQL-User-Name}' and attributes._key = 'o' and attributes._value = 'RMKI'))"
authorize_reply_query = "SELECT _userid, _address, 'foo', 'foo', '==' FROM user WHERE _address = '_never_match'"
authorize_group_check_query = "SELECT _userid, _address, 'foo', 'foo', '==' FROM radgroupcheck WHERE _address = '_never_match'"
authorize_group_reply_query = "SELECT _userid, _address, 'foo', 'foo', '==' FROM radgroupcheck WHERE _address = '_never_match'"
accounting_onoff_query = " UPDATE radacct SET acctstoptime = '%S', acctsessiontime = unix_timestamp('%S') - unix_timestamp(acctstarttime), acctterminatecause = '%{Acct-Terminate-Cause}', acctstopdelay = %{%{Acct-Delay-Time}:-0} WHERE acctstoptime IS NULL AND nasipaddress = '%{NAS-IP-Address}' AND acctstarttime <= '%S'"
accounting_update_query = " UPDATE radacct SET framedipaddress = '%{Framed-IP-Address}', acctsessiontime = '%{Acct-Session-Time}', acctinputoctets = '%{%{Acct-Input-Gigawords}:-0}' << 32 | '%{%{Acct-Input-Octets}:-0}', acctoutputoctets = '%{%{Acct-Output-Gigawords}:-0}' << 32 | '%{%{Acct-Output-Octets}:-0}' WHERE acctsessionid = '%{Acct-Session-Id}' AND username = '%{SQL-User-Name}' AND nasipaddress = '%{NAS-IP-Address}'"
accounting_update_query_alt = " INSERT INTO radacct (acctsessionid, acctuniqueid, username, realm, nasipaddress, nasportid, nasporttype, acctstarttime, acctsessiontime, acctauthentic, connectinfo_start, acctinputoctets, acctoutputoctets, calledstationid, callingstationid, servicetype, framedprotocol, framedipaddress, acctstartdelay, xascendsessionsvrkey) VALUES ('%{Acct-Session-Id}', '%{Acct-Unique-Session-Id}', '%{SQL-User-Name}', '%{Realm}', '%{NAS-IP-Address}', '%{NAS-Port}', '%{NAS-Port-Type}', DATE_SUB('%S', INTERVAL (%{%{Acct-Session-Time}:-0} + %{%{Acct-Delay-Time}:-0}) SECOND), '%{Acct-Session-Time}', '%{Acct-Authentic}', '', '%{%{Acct-Input-Gigawor
ds}:-0}' << 32 | '%{%{Acct-Input-Octets}:-0}', '%{%{Acct-Output-Gigawords}:-0}' << 32 | '%{%{Acct-Output-Octets}:-0}', '%{Called-Station-Id}', '%{Calling-Station-Id}', '%{Service-Type}', '%{Framed-Protocol}', '%{Framed-IP-Address}', '0', '%{X-Ascend-Session-Svr-Key}')"
accounting_start_query = " INSERT INTO radacct (acctsessionid, acctuniqueid, username, realm, nasipaddress, nasportid, nasporttype, acctstarttime, acctstoptime, acctsessiontime, acctauthentic, connectinfo_start, connectinfo_stop, acctinputoctets, acctoutputoctets, calledstationid, callingstationid, acctterminatecause, servicetype, framedprotocol, framedipaddress, acctstartdelay, acctstopdelay, xascendsessionsvrkey) VALUES ('%{Acct-Session-Id}', '%{Acct-Unique-Session-Id}', '%{SQL-User-Name}', '%{Realm}', '%{NAS-IP-Address}', '%{NAS-Port}', '%{NAS-Port-Type}', '%S', NULL, '0', '%{Acct-Authentic}', '%{Connect-Info}', '', '0', '0', '%{Called-Station-Id}', '%{Calling-Station-Id}', '', '%{Service-Type}', '%{Fra
med-Protocol}', '%{Framed-IP-Address}', '%{%{Acct-Delay-Time}:-0}', '0', '%{X-Ascend-Session-Svr-Key}')"
accounting_start_query_alt = " UPDATE radacct SET acctstarttime = '%S', acctstartdelay = '%{%{Acct-Delay-Time}:-0}', connectinfo_start = '%{Connect-Info}' WHERE acctsessionid = '%{Acct-Session-Id}' AND username = '%{SQL-User-Name}' AND nasipaddress = '%{NAS-IP-Address}'"
accounting_stop_query = " UPDATE radacct SET acctstoptime = '%S', acctsessiontime = '%{Acct-Session-Time}', acctinputoctets = '%{%{Acct-Input-Gigawords}:-0}' << 32 | '%{%{Acct-Input-Octets}:-0}', acctoutputoctets = '%{%{Acct-Output-Gigawords}:-0}' << 32 | '%{%{Acct-Output-Octets}:-0}', acctterminatecause = '%{Acct-Terminate-Cause}', acctstopdelay = '%{%{Acct-Delay-Time}:-0}', connectinfo_stop = '%{Connect-Info}' WHERE acctsessionid = '%{Acct-Session-Id}' AND username = '%{SQL-User-Name}' AND nasipaddress = '%{NAS-IP-Address}'"
accounting_stop_query_alt = " INSERT INTO radacct (acctsessionid, acctuniqueid, username, realm, nasipaddress, nasportid, nasporttype, acctstarttime, acctstoptime, acctsessiontime, acctauthentic, connectinfo_start, connectinfo_stop, acctinputoctets, acctoutputoctets, calledstationid, callingstationid, acctterminatecause, servicetype, framedprotocol, framedipaddress, acctstartdelay, acctstopdelay) VALUES ('%{Acct-Session-Id}', '%{Acct-Unique-Session-Id}', '%{SQL-User-Name}', '%{Realm}', '%{NAS-IP-Address}', '%{NAS-Port}', '%{NAS-Port-Type}', DATE_SUB('%S', INTERVAL (%{%{Acct-Session-Time}:-0} + %{%{Acct-Delay-Time}:-0}) SECOND), '%S', '%{Acct-Session-Time}', '%{Acct-Authentic}', '', '%{Connect-Info}', '%{%{Acct-Input-Gig
awords}:-0}' << 32 | '%{%{Acct-Input-Octets}:-0}', '%{%{Acct-Output-Gigawords}:-0}' << 32 | '%{%{Acct-Output-Octets}:-0}', '%{Called-Station-Id}', '%{Calling-Station-Id}', '%{Acct-Terminate-Cause}', '%{Service-Type}', '%{Framed-Protocol}', '%{Framed-IP-Address}', '0', '%{%{Acct-Delay-Time}:-0}')"
group_membership_query = "SELECT 'foo' FROM user WHERE _address = '_never_match'"
connect_failure_retry_delay = 60
simul_count_query = ""
simul_verify_query = "SELECT radacctid, acctsessionid, username, nasipaddress, nasportid, framedipaddress, callingstationid, framedprotocol FROM radacct WHERE username = '%{SQL-User-Name}' AND acctstoptime IS NULL"
postauth_query = "INSERT INTO radpostauth (username, pass, reply, authdate) VALUES ( '%{User-Name}', '%{%{User-Password}:-%{Chap-Password}}', '%{reply:Packet-Type}', '%S')"
safe-characters = "@abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789.-_: /"
}
rlm_sql (rmki_sql0): Driver rlm_sql_mysql (module rlm_sql_mysql) loaded and linked
rlm_sql (rmki_sql0): Attempting to connect to freeradius at mdb0.kfki.hu:/postfilter_replicated
rlm_sql (rmki_sql0): starting 0
rlm_sql (rmki_sql0): Attempting to connect rlm_sql_mysql #0
rlm_sql_mysql: Starting connect to MySQL server for #0
rlm_sql (rmki_sql0): Connected new DB handle, #0
rlm_sql (rmki_sql0): starting 1
rlm_sql (rmki_sql0): Attempting to connect rlm_sql_mysql #1
rlm_sql_mysql: Starting connect to MySQL server for #1
rlm_sql (rmki_sql0): Connected new DB handle, #1
rlm_sql (rmki_sql0): starting 2
rlm_sql (rmki_sql0): Attempting to connect rlm_sql_mysql #2
rlm_sql_mysql: Starting connect to MySQL server for #2
rlm_sql (rmki_sql0): Connected new DB handle, #2
Module: Instantiating rmki_sql1
sql rmki_sql1 {
driver = "rlm_sql_mysql"
server = "mdb1.kfki.hu"
port = ""
login = "XXXXXX"
password = "XXXXX"
radius_db = "postfilter_replicated"
read_groups = yes
sqltrace = yes
sqltracefile = "/var/log/freeradius/sqltrace.sql"
readclients = no
deletestalesessions = no
num_sql_socks = 3
lifetime = 0
max_queries = 0
sql_user_name = "%{User-Name}"
default_user_profile = ""
nas_query = "SELECT _userid, 'foo', 'foo', 'foo', 'foo' FROM user WHERE _address = '_never_match'"
authorize_check_query = "SELECT user._userid, user._address, 'Password', user._passwd, ':=' FROM user, attributes WHERE user._address = '%{SQL-User-Name}' and user._passwd != '' and user._hidden = 0 and (user._address like '%%@rmki.kfki.hu' or (attributes._address = '%{SQL-User-Name}' and attributes._key = 'o' and attributes._value = 'RMKI'))"
authorize_reply_query = "SELECT _userid, _address, 'foo', 'foo', '==' FROM user WHERE _address = '_never_match'"
authorize_group_check_query = "SELECT _userid, _address, 'foo', 'foo', '==' FROM radgroupcheck WHERE _address = '_never_match'"
authorize_group_reply_query = "SELECT _userid, _address, 'foo', 'foo', '==' FROM radgroupcheck WHERE _address = '_never_match'"
accounting_onoff_query = " UPDATE radacct SET acctstoptime = '%S', acctsessiontime = unix_timestamp('%S') - unix_timestamp(acctstarttime), acctterminatecause = '%{Acct-Terminate-Cause}', acctstopdelay = %{%{Acct-Delay-Time}:-0} WHERE acctstoptime IS NULL AND nasipaddress = '%{NAS-IP-Address}' AND acctstarttime <= '%S'"
accounting_update_query = " UPDATE radacct SET framedipaddress = '%{Framed-IP-Address}', acctsessiontime = '%{Acct-Session-Time}', acctinputoctets = '%{%{Acct-Input-Gigawords}:-0}' << 32 | '%{%{Acct-Input-Octets}:-0}', acctoutputoctets = '%{%{Acct-Output-Gigawords}:-0}' << 32 | '%{%{Acct-Output-Octets}:-0}' WHERE acctsessionid = '%{Acct-Session-Id}' AND username = '%{SQL-User-Name}' AND nasipaddress = '%{NAS-IP-Address}'"
accounting_update_query_alt = " INSERT INTO radacct (acctsessionid, acctuniqueid, username, realm, nasipaddress, nasportid, nasporttype, acctstarttime, acctsessiontime, acctauthentic, connectinfo_start, acctinputoctets, acctoutputoctets, calledstationid, callingstationid, servicetype, framedprotocol, framedipaddress, acctstartdelay, xascendsessionsvrkey) VALUES ('%{Acct-Session-Id}', '%{Acct-Unique-Session-Id}', '%{SQL-User-Name}', '%{Realm}', '%{NAS-IP-Address}', '%{NAS-Port}', '%{NAS-Port-Type}', DATE_SUB('%S', INTERVAL (%{%{Acct-Session-Time}:-0} + %{%{Acct-Delay-Time}:-0}) SECOND), '%{Acct-Session-Time}', '%{Acct-Authentic}', '', '%{%{Acct-Input-Gigawor
ds}:-0}' << 32 | '%{%{Acct-Input-Octets}:-0}', '%{%{Acct-Output-Gigawords}:-0}' << 32 | '%{%{Acct-Output-Octets}:-0}', '%{Called-Station-Id}', '%{Calling-Station-Id}', '%{Service-Type}', '%{Framed-Protocol}', '%{Framed-IP-Address}', '0', '%{X-Ascend-Session-Svr-Key}')"
accounting_start_query = " INSERT INTO radacct (acctsessionid, acctuniqueid, username, realm, nasipaddress, nasportid, nasporttype, acctstarttime, acctstoptime, acctsessiontime, acctauthentic, connectinfo_start, connectinfo_stop, acctinputoctets, acctoutputoctets, calledstationid, callingstationid, acctterminatecause, servicetype, framedprotocol, framedipaddress, acctstartdelay, acctstopdelay, xascendsessionsvrkey) VALUES ('%{Acct-Session-Id}', '%{Acct-Unique-Session-Id}', '%{SQL-User-Name}', '%{Realm}', '%{NAS-IP-Address}', '%{NAS-Port}', '%{NAS-Port-Type}', '%S', NULL, '0', '%{Acct-Authentic}', '%{Connect-Info}', '', '0', '0', '%{Called-Station-Id}', '%{Calling-Station-Id}', '', '%{Service-Type}', '%{Fra
med-Protocol}', '%{Framed-IP-Address}', '%{%{Acct-Delay-Time}:-0}', '0', '%{X-Ascend-Session-Svr-Key}')"
accounting_start_query_alt = " UPDATE radacct SET acctstarttime = '%S', acctstartdelay = '%{%{Acct-Delay-Time}:-0}', connectinfo_start = '%{Connect-Info}' WHERE acctsessionid = '%{Acct-Session-Id}' AND username = '%{SQL-User-Name}' AND nasipaddress = '%{NAS-IP-Address}'"
accounting_stop_query = " UPDATE radacct SET acctstoptime = '%S', acctsessiontime = '%{Acct-Session-Time}', acctinputoctets = '%{%{Acct-Input-Gigawords}:-0}' << 32 | '%{%{Acct-Input-Octets}:-0}', acctoutputoctets = '%{%{Acct-Output-Gigawords}:-0}' << 32 | '%{%{Acct-Output-Octets}:-0}', acctterminatecause = '%{Acct-Terminate-Cause}', acctstopdelay = '%{%{Acct-Delay-Time}:-0}', connectinfo_stop = '%{Connect-Info}' WHERE acctsessionid = '%{Acct-Session-Id}' AND username = '%{SQL-User-Name}' AND nasipaddress = '%{NAS-IP-Address}'"
accounting_stop_query_alt = " INSERT INTO radacct (acctsessionid, acctuniqueid, username, realm, nasipaddress, nasportid, nasporttype, acctstarttime, acctstoptime, acctsessiontime, acctauthentic, connectinfo_start, connectinfo_stop, acctinputoctets, acctoutputoctets, calledstationid, callingstationid, acctterminatecause, servicetype, framedprotocol, framedipaddress, acctstartdelay, acctstopdelay) VALUES ('%{Acct-Session-Id}', '%{Acct-Unique-Session-Id}', '%{SQL-User-Name}', '%{Realm}', '%{NAS-IP-Address}', '%{NAS-Port}', '%{NAS-Port-Type}', DATE_SUB('%S', INTERVAL (%{%{Acct-Session-Time}:-0} + %{%{Acct-Delay-Time}:-0}) SECOND), '%S', '%{Acct-Session-Time}', '%{Acct-Authentic}', '', '%{Connect-Info}', '%{%{Acct-Input-Gig
awords}:-0}' << 32 | '%{%{Acct-Input-Octets}:-0}', '%{%{Acct-Output-Gigawords}:-0}' << 32 | '%{%{Acct-Output-Octets}:-0}', '%{Called-Station-Id}', '%{Calling-Station-Id}', '%{Acct-Terminate-Cause}', '%{Service-Type}', '%{Framed-Protocol}', '%{Framed-IP-Address}', '0', '%{%{Acct-Delay-Time}:-0}')"
group_membership_query = "SELECT 'foo' FROM user WHERE _address = '_never_match'"
connect_failure_retry_delay = 60
simul_count_query = ""
simul_verify_query = "SELECT radacctid, acctsessionid, username, nasipaddress, nasportid, framedipaddress, callingstationid, framedprotocol FROM radacct WHERE username = '%{SQL-User-Name}' AND acctstoptime IS NULL"
postauth_query = "INSERT INTO radpostauth (username, pass, reply, authdate) VALUES ( '%{User-Name}', '%{%{User-Password}:-%{Chap-Password}}', '%{reply:Packet-Type}', '%S')"
safe-characters = "@abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789.-_: /"
}
rlm_sql (rmki_sql1): Driver rlm_sql_mysql (module rlm_sql_mysql) loaded and linked
rlm_sql (rmki_sql1): Attempting to connect to freeradius at mdb1.kfki.hu:/postfilter_replicated
rlm_sql (rmki_sql1): starting 0
rlm_sql (rmki_sql1): Attempting to connect rlm_sql_mysql #0
rlm_sql_mysql: Starting connect to MySQL server for #0
rlm_sql (rmki_sql1): Connected new DB handle, #0
rlm_sql (rmki_sql1): starting 1
rlm_sql (rmki_sql1): Attempting to connect rlm_sql_mysql #1
rlm_sql_mysql: Starting connect to MySQL server for #1
rlm_sql (rmki_sql1): Connected new DB handle, #1
rlm_sql (rmki_sql1): starting 2
rlm_sql (rmki_sql1): Attempting to connect rlm_sql_mysql #2
rlm_sql_mysql: Starting connect to MySQL server for #2
rlm_sql (rmki_sql1): Connected new DB handle, #2
Module: Checking preacct {...} for more modules to load
Module: Checking accounting {...} for more modules to load
Module: Checking session {...} for more modules to load
Module: Checking post-proxy {...} for more modules to load
Module: Checking post-auth {...} for more modules to load
} # modules
} # server
server {
modules {
Module: Checking authenticate {...} for more modules to load
Module: Checking authorize {...} for more modules to load
Module: Instantiating files
files {
usersfile = "/etc/freeradius/users"
acctusersfile = "/etc/freeradius/acct_users"
preproxy_usersfile = "/etc/freeradius/preproxy_users"
compat = "no"
}
Module: Instantiating external_eduroam_sql0
sql external_eduroam_sql0 {
driver = "rlm_sql_mysql"
server = "mdb0.kfki.hu"
port = ""
login = "XXXXX"
password = "XXXXX"
radius_db = "postfilter_replicated"
read_groups = yes
sqltrace = yes
sqltracefile = "/var/log/freeradius/sqltrace.sql"
readclients = no
deletestalesessions = no
num_sql_socks = 3
lifetime = 0
max_queries = 0
sql_user_name = "%{User-Name}"
default_user_profile = ""
nas_query = "SELECT _userid, 'foo', 'foo', 'foo', 'foo' FROM user WHERE _address = '_never_match'"
authorize_check_query = "SELECT _userid, _address, 'Password', _passwd, ':=' FROM user WHERE _address = '%{SQL-User-Name}' and _passwd != '' and (_hidden = 0 or _address like '%-test at eduroam.kfki.hu') ORDER BY _userid"
authorize_reply_query = "SELECT _userid, _address, 'foo', 'foo', '==' FROM user WHERE _address = '_never_match'"
authorize_group_check_query = "SELECT _userid, _address, 'foo', 'foo', '==' FROM radgroupcheck WHERE _address = '_never_match'"
authorize_group_reply_query = "SELECT _userid, _address, 'foo', 'foo', '==' FROM radgroupcheck WHERE _address = '_never_match'"
accounting_onoff_query = " UPDATE radacct SET acctstoptime = '%S', acctsessiontime = unix_timestamp('%S') - unix_timestamp(acctstarttime), acctterminatecause = '%{Acct-Terminate-Cause}', acctstopdelay = %{%{Acct-Delay-Time}:-0} WHERE acctstoptime IS NULL AND nasipaddress = '%{NAS-IP-Address}' AND acctstarttime <= '%S'"
accounting_update_query = " UPDATE radacct SET framedipaddress = '%{Framed-IP-Address}', acctsessiontime = '%{Acct-Session-Time}', acctinputoctets = '%{%{Acct-Input-Gigawords}:-0}' << 32 | '%{%{Acct-Input-Octets}:-0}', acctoutputoctets = '%{%{Acct-Output-Gigawords}:-0}' << 32 | '%{%{Acct-Output-Octets}:-0}' WHERE acctsessionid = '%{Acct-Session-Id}' AND username = '%{SQL-User-Name}' AND nasipaddress = '%{NAS-IP-Address}'"
accounting_update_query_alt = " INSERT INTO radacct (acctsessionid, acctuniqueid, username, realm, nasipaddress, nasportid, nasporttype, acctstarttime, acctsessiontime, acctauthentic, connectinfo_start, acctinputoctets, acctoutputoctets, calledstationid, callingstationid, servicetype, framedprotocol, framedipaddress, acctstartdelay, xascendsessionsvrkey) VALUES ('%{Acct-Session-Id}', '%{Acct-Unique-Session-Id}', '%{SQL-User-Name}', '%{Realm}', '%{NAS-IP-Address}', '%{NAS-Port}', '%{NAS-Port-Type}', DATE_SUB('%S', INTERVAL (%{%{Acct-Session-Time}:-0} + %{%{Acct-Delay-Time}:-0}) SECOND), '%{Acct-Session-Time}', '%{Acct-Authentic}', '', '%{%{Acct-Input-Gigawor
ds}:-0}' << 32 | '%{%{Acct-Input-Octets}:-0}', '%{%{Acct-Output-Gigawords}:-0}' << 32 | '%{%{Acct-Output-Octets}:-0}', '%{Called-Station-Id}', '%{Calling-Station-Id}', '%{Service-Type}', '%{Framed-Protocol}', '%{Framed-IP-Address}', '0', '%{X-Ascend-Session-Svr-Key}')"
accounting_start_query = " INSERT INTO radacct (acctsessionid, acctuniqueid, username, realm, nasipaddress, nasportid, nasporttype, acctstarttime, acctstoptime, acctsessiontime, acctauthentic, connectinfo_start, connectinfo_stop, acctinputoctets, acctoutputoctets, calledstationid, callingstationid, acctterminatecause, servicetype, framedprotocol, framedipaddress, acctstartdelay, acctstopdelay, xascendsessionsvrkey) VALUES ('%{Acct-Session-Id}', '%{Acct-Unique-Session-Id}', '%{SQL-User-Name}', '%{Realm}', '%{NAS-IP-Address}', '%{NAS-Port}', '%{NAS-Port-Type}', '%S', NULL, '0', '%{Acct-Authentic}', '%{Connect-Info}', '', '0', '0', '%{Called-Station-Id}', '%{Calling-Station-Id}', '', '%{Service-Type}', '%{Fra
med-Protocol}', '%{Framed-IP-Address}', '%{%{Acct-Delay-Time}:-0}', '0', '%{X-Ascend-Session-Svr-Key}')"
accounting_start_query_alt = " UPDATE radacct SET acctstarttime = '%S', acctstartdelay = '%{%{Acct-Delay-Time}:-0}', connectinfo_start = '%{Connect-Info}' WHERE acctsessionid = '%{Acct-Session-Id}' AND username = '%{SQL-User-Name}' AND nasipaddress = '%{NAS-IP-Address}'"
accounting_stop_query = " UPDATE radacct SET acctstoptime = '%S', acctsessiontime = '%{Acct-Session-Time}', acctinputoctets = '%{%{Acct-Input-Gigawords}:-0}' << 32 | '%{%{Acct-Input-Octets}:-0}', acctoutputoctets = '%{%{Acct-Output-Gigawords}:-0}' << 32 | '%{%{Acct-Output-Octets}:-0}', acctterminatecause = '%{Acct-Terminate-Cause}', acctstopdelay = '%{%{Acct-Delay-Time}:-0}', connectinfo_stop = '%{Connect-Info}' WHERE acctsessionid = '%{Acct-Session-Id}' AND username = '%{SQL-User-Name}' AND nasipaddress = '%{NAS-IP-Address}'"
accounting_stop_query_alt = " INSERT INTO radacct (acctsessionid, acctuniqueid, username, realm, nasipaddress, nasportid, nasporttype, acctstarttime, acctstoptime, acctsessiontime, acctauthentic, connectinfo_start, connectinfo_stop, acctinputoctets, acctoutputoctets, calledstationid, callingstationid, acctterminatecause, servicetype, framedprotocol, framedipaddress, acctstartdelay, acctstopdelay) VALUES ('%{Acct-Session-Id}', '%{Acct-Unique-Session-Id}', '%{SQL-User-Name}', '%{Realm}', '%{NAS-IP-Address}', '%{NAS-Port}', '%{NAS-Port-Type}', DATE_SUB('%S', INTERVAL (%{%{Acct-Session-Time}:-0} + %{%{Acct-Delay-Time}:-0}) SECOND), '%S', '%{Acct-Session-Time}', '%{Acct-Authentic}', '', '%{Connect-Info}', '%{%{Acct-Input-Gig
awords}:-0}' << 32 | '%{%{Acct-Input-Octets}:-0}', '%{%{Acct-Output-Gigawords}:-0}' << 32 | '%{%{Acct-Output-Octets}:-0}', '%{Called-Station-Id}', '%{Calling-Station-Id}', '%{Acct-Terminate-Cause}', '%{Service-Type}', '%{Framed-Protocol}', '%{Framed-IP-Address}', '0', '%{%{Acct-Delay-Time}:-0}')"
group_membership_query = "SELECT 'foo' FROM user WHERE _address = '_never_match'"
connect_failure_retry_delay = 60
simul_count_query = ""
simul_verify_query = "SELECT radacctid, acctsessionid, username, nasipaddress, nasportid, framedipaddress, callingstationid, framedprotocol FROM radacct WHERE username = '%{SQL-User-Name}' AND acctstoptime IS NULL"
postauth_query = "INSERT INTO radpostauth (username, pass, reply, authdate) VALUES ( '%{User-Name}', '%{%{User-Password}:-%{Chap-Password}}', '%{reply:Packet-Type}', '%S')"
safe-characters = "@abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789.-_: /"
}
rlm_sql (external_eduroam_sql0): Driver rlm_sql_mysql (module rlm_sql_mysql) loaded and linked
rlm_sql (external_eduroam_sql0): Attempting to connect to freeradius at mdb0.kfki.hu:/postfilter_replicated
rlm_sql (external_eduroam_sql0): starting 0
rlm_sql (external_eduroam_sql0): Attempting to connect rlm_sql_mysql #0
rlm_sql_mysql: Starting connect to MySQL server for #0
rlm_sql (external_eduroam_sql0): Connected new DB handle, #0
rlm_sql (external_eduroam_sql0): starting 1
rlm_sql (external_eduroam_sql0): Attempting to connect rlm_sql_mysql #1
rlm_sql_mysql: Starting connect to MySQL server for #1
rlm_sql (external_eduroam_sql0): Connected new DB handle, #1
rlm_sql (external_eduroam_sql0): starting 2
rlm_sql (external_eduroam_sql0): Attempting to connect rlm_sql_mysql #2
rlm_sql_mysql: Starting connect to MySQL server for #2
rlm_sql (external_eduroam_sql0): Connected new DB handle, #2
Module: Instantiating external_eduroam_sql1
sql external_eduroam_sql1 {
driver = "rlm_sql_mysql"
server = "mdb1.kfki.hu"
port = ""
login = "XXXXX"
password = "XXXXX"
radius_db = "postfilter_replicated"
read_groups = yes
sqltrace = yes
sqltracefile = "/var/log/freeradius/sqltrace.sql"
readclients = no
deletestalesessions = no
num_sql_socks = 3
lifetime = 0
max_queries = 0
sql_user_name = "%{User-Name}"
default_user_profile = ""
nas_query = "SELECT _userid, 'foo', 'foo', 'foo', 'foo' FROM user WHERE _address = '_never_match'"
authorize_check_query = "SELECT _userid, _address, 'Password', _passwd, ':=' FROM user WHERE _address = '%{SQL-User-Name}' and _passwd != '' and (_hidden = 0 or _address like '%-test at eduroam.kfki.hu') ORDER BY _userid"
authorize_reply_query = "SELECT _userid, _address, 'foo', 'foo', '==' FROM user WHERE _address = '_never_match'"
authorize_group_check_query = "SELECT _userid, _address, 'foo', 'foo', '==' FROM radgroupcheck WHERE _address = '_never_match'"
authorize_group_reply_query = "SELECT _userid, _address, 'foo', 'foo', '==' FROM radgroupcheck WHERE _address = '_never_match'"
accounting_onoff_query = " UPDATE radacct SET acctstoptime = '%S', acctsessiontime = unix_timestamp('%S') - unix_timestamp(acctstarttime), acctterminatecause = '%{Acct-Terminate-Cause}', acctstopdelay = %{%{Acct-Delay-Time}:-0} WHERE acctstoptime IS NULL AND nasipaddress = '%{NAS-IP-Address}' AND acctstarttime <= '%S'"
accounting_update_query = " UPDATE radacct SET framedipaddress = '%{Framed-IP-Address}', acctsessiontime = '%{Acct-Session-Time}', acctinputoctets = '%{%{Acct-Input-Gigawords}:-0}' << 32 | '%{%{Acct-Input-Octets}:-0}', acctoutputoctets = '%{%{Acct-Output-Gigawords}:-0}' << 32 | '%{%{Acct-Output-Octets}:-0}' WHERE acctsessionid = '%{Acct-Session-Id}' AND username = '%{SQL-User-Name}' AND nasipaddress = '%{NAS-IP-Address}'"
accounting_update_query_alt = " INSERT INTO radacct (acctsessionid, acctuniqueid, username, realm, nasipaddress, nasportid, nasporttype, acctstarttime, acctsessiontime, acctauthentic, connectinfo_start, acctinputoctets, acctoutputoctets, calledstationid, callingstationid, servicetype, framedprotocol, framedipaddress, acctstartdelay, xascendsessionsvrkey) VALUES ('%{Acct-Session-Id}', '%{Acct-Unique-Session-Id}', '%{SQL-User-Name}', '%{Realm}', '%{NAS-IP-Address}', '%{NAS-Port}', '%{NAS-Port-Type}', DATE_SUB('%S', INTERVAL (%{%{Acct-Session-Time}:-0} + %{%{Acct-Delay-Time}:-0}) SECOND), '%{Acct-Session-Time}', '%{Acct-Authentic}', '', '%{%{Acct-Input-Gigawor
ds}:-0}' << 32 | '%{%{Acct-Input-Octets}:-0}', '%{%{Acct-Output-Gigawords}:-0}' << 32 | '%{%{Acct-Output-Octets}:-0}', '%{Called-Station-Id}', '%{Calling-Station-Id}', '%{Service-Type}', '%{Framed-Protocol}', '%{Framed-IP-Address}', '0', '%{X-Ascend-Session-Svr-Key}')"
accounting_start_query = " INSERT INTO radacct (acctsessionid, acctuniqueid, username, realm, nasipaddress, nasportid, nasporttype, acctstarttime, acctstoptime, acctsessiontime, acctauthentic, connectinfo_start, connectinfo_stop, acctinputoctets, acctoutputoctets, calledstationid, callingstationid, acctterminatecause, servicetype, framedprotocol, framedipaddress, acctstartdelay, acctstopdelay, xascendsessionsvrkey) VALUES ('%{Acct-Session-Id}', '%{Acct-Unique-Session-Id}', '%{SQL-User-Name}', '%{Realm}', '%{NAS-IP-Address}', '%{NAS-Port}', '%{NAS-Port-Type}', '%S', NULL, '0', '%{Acct-Authentic}', '%{Connect-Info}', '', '0', '0', '%{Called-Station-Id}', '%{Calling-Station-Id}', '', '%{Service-Type}', '%{Fra
med-Protocol}', '%{Framed-IP-Address}', '%{%{Acct-Delay-Time}:-0}', '0', '%{X-Ascend-Session-Svr-Key}')"
accounting_start_query_alt = " UPDATE radacct SET acctstarttime = '%S', acctstartdelay = '%{%{Acct-Delay-Time}:-0}', connectinfo_start = '%{Connect-Info}' WHERE acctsessionid = '%{Acct-Session-Id}' AND username = '%{SQL-User-Name}' AND nasipaddress = '%{NAS-IP-Address}'"
accounting_stop_query = " UPDATE radacct SET acctstoptime = '%S', acctsessiontime = '%{Acct-Session-Time}', acctinputoctets = '%{%{Acct-Input-Gigawords}:-0}' << 32 | '%{%{Acct-Input-Octets}:-0}', acctoutputoctets = '%{%{Acct-Output-Gigawords}:-0}' << 32 | '%{%{Acct-Output-Octets}:-0}', acctterminatecause = '%{Acct-Terminate-Cause}', acctstopdelay = '%{%{Acct-Delay-Time}:-0}', connectinfo_stop = '%{Connect-Info}' WHERE acctsessionid = '%{Acct-Session-Id}' AND username = '%{SQL-User-Name}' AND nasipaddress = '%{NAS-IP-Address}'"
accounting_stop_query_alt = " INSERT INTO radacct (acctsessionid, acctuniqueid, username, realm, nasipaddress, nasportid, nasporttype, acctstarttime, acctstoptime, acctsessiontime, acctauthentic, connectinfo_start, connectinfo_stop, acctinputoctets, acctoutputoctets, calledstationid, callingstationid, acctterminatecause, servicetype, framedprotocol, framedipaddress, acctstartdelay, acctstopdelay) VALUES ('%{Acct-Session-Id}', '%{Acct-Unique-Session-Id}', '%{SQL-User-Name}', '%{Realm}', '%{NAS-IP-Address}', '%{NAS-Port}', '%{NAS-Port-Type}', DATE_SUB('%S', INTERVAL (%{%{Acct-Session-Time}:-0} + %{%{Acct-Delay-Time}:-0}) SECOND), '%S', '%{Acct-Session-Time}', '%{Acct-Authentic}', '', '%{Connect-Info}', '%{%{Acct-Input-Gig
awords}:-0}' << 32 | '%{%{Acct-Input-Octets}:-0}', '%{%{Acct-Output-Gigawords}:-0}' << 32 | '%{%{Acct-Output-Octets}:-0}', '%{Called-Station-Id}', '%{Calling-Station-Id}', '%{Acct-Terminate-Cause}', '%{Service-Type}', '%{Framed-Protocol}', '%{Framed-IP-Address}', '0', '%{%{Acct-Delay-Time}:-0}')"
group_membership_query = "SELECT 'foo' FROM user WHERE _address = '_never_match'"
connect_failure_retry_delay = 60
simul_count_query = ""
simul_verify_query = "SELECT radacctid, acctsessionid, username, nasipaddress, nasportid, framedipaddress, callingstationid, framedprotocol FROM radacct WHERE username = '%{SQL-User-Name}' AND acctstoptime IS NULL"
postauth_query = "INSERT INTO radpostauth (username, pass, reply, authdate) VALUES ( '%{User-Name}', '%{%{User-Password}:-%{Chap-Password}}', '%{reply:Packet-Type}', '%S')"
safe-characters = "@abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789.-_: /"
}
rlm_sql (external_eduroam_sql1): Driver rlm_sql_mysql (module rlm_sql_mysql) loaded and linked
rlm_sql (external_eduroam_sql1): Attempting to connect to freeradius at mdb1.kfki.hu:/postfilter_replicated
rlm_sql (external_eduroam_sql1): starting 0
rlm_sql (external_eduroam_sql1): Attempting to connect rlm_sql_mysql #0
rlm_sql_mysql: Starting connect to MySQL server for #0
rlm_sql (external_eduroam_sql1): Connected new DB handle, #0
rlm_sql (external_eduroam_sql1): starting 1
rlm_sql (external_eduroam_sql1): Attempting to connect rlm_sql_mysql #1
rlm_sql_mysql: Starting connect to MySQL server for #1
rlm_sql (external_eduroam_sql1): Connected new DB handle, #1
rlm_sql (external_eduroam_sql1): starting 2
rlm_sql (external_eduroam_sql1): Attempting to connect rlm_sql_mysql #2
rlm_sql_mysql: Starting connect to MySQL server for #2
rlm_sql (external_eduroam_sql1): Connected new DB handle, #2
Module: Checking preacct {...} for more modules to load
Module: Checking accounting {...} for more modules to load
Module: Checking session {...} for more modules to load
Module: Checking post-proxy {...} for more modules to load
Module: Checking post-auth {...} for more modules to load
} # modules
} # server
radiusd: #### Opening IP addresses and Ports ####
listen {
type = "auth"
ipaddr = 148.6.2.30
port = 0
clients = "niif"
client 195.111.98.4 {
require_message_authenticator = no
secret = "XXXXX"
shortname = "radius1.eduroam.hu"
}
client 195.111.98.12 {
require_message_authenticator = no
secret = "XXXXXX"
shortname = "radius2.eduroam.hu"
}
}
listen {
type = "acct"
ipaddr = 148.6.2.30
port = 0
clients = "niif"
}
listen {
type = "auth"
ipaddr = 148.6.0.31
port = 0
clients = "eduroam"
client 148.6.136.130 {
require_message_authenticator = no
secret = "XXXXX"
shortname = "Linksys-WRT160NL-konyvtar"
}
client 148.6.152.0/24 {
require_message_authenticator = no
secret = "XXXXX"
shortname = "rmki-wifi.kfki.hu"
}
client 127.0.0.1 {
require_message_authenticator = no
secret = "XXXXX"
shortname = "eapol_test"
}
}
listen {
type = "auth"
ipaddr = 148.6.0.30
port = 0
clients = "rmki"
client 148.6.152.0/24 {
require_message_authenticator = no
secret = "XXXXXX"
shortname = "rmki-wifi.kfki.hu"
}
}
Listening on authentication address 148.6.2.30 port 1812
Listening on accounting address 148.6.2.30 port 1813
Listening on authentication address 148.6.0.31 port 1812 as server eduroam
Listening on authentication address 148.6.0.30 port 1812 as server rmki
Listening on proxy address 148.6.2.30 port 1814
Ready to process requests.
rad_recv: Access-Request packet from host 127.0.0.1 port 43327, id=0, length=160
User-Name = "anonymous at teszt.eduroam.hu"
NAS-IP-Address = 127.0.0.1
Calling-Station-Id = "02-00-00-00-00-01"
Framed-MTU = 1400
NAS-Port-Type = Wireless-802.11
Connect-Info = "CONNECT 11Mbps 802.11b"
EAP-Message = 0x0200001f01616e6f6e796d6f7573407465737a742e656475726f616d2e6875
Message-Authenticator = 0x706e571edced36e33cfa25ddcffa74c1
server eduroam {
+- entering group authorize {...}
++[preprocess] returns ok
[auth_log] expand: /var/log/freeradius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d -> /var/log/freeradius/radacct/127.0.0.1/auth-detail-20100831
[auth_log] /var/log/freeradius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d expands to /var/log/freeradius/radacct/127.0.0.1/auth-detail-20100831
[auth_log] expand: %t -> Tue Aug 31 15:42:13 2010
++[auth_log] returns ok
++[chap] returns noop
++[mschap] returns noop
[eap] EAP packet type response id 0 length 31
[eap] No EAP Start, assuming it's an on-going EAP conversation
++[eap] returns updated
[eduroam_files] expand: %{User-Name} -> anonymous at teszt.eduroam.hu
[eduroam_files] expand: %{User-Name} -> anonymous at teszt.eduroam.hu
[eduroam_files] users: Matched entry DEFAULT at line 214
++[eduroam_files] returns ok
++- entering group {...}
[internal_eduroam_sql0] expand: %{User-Name} -> anonymous at teszt.eduroam.hu
[internal_eduroam_sql0] sql_set_user escaped user --> 'anonymous at teszt.eduroam.hu'
rlm_sql (internal_eduroam_sql0): Reserving sql socket id: 2
[internal_eduroam_sql0] expand: SELECT _userid, _address, 'Password', _passwd, ':=' FROM user WHERE _address = '%{SQL-User-Name}' and _passwd != '' and (_hidden = 0 or _address like '%%@eduroam.kfki.hu') ORDER BY _userid -> SELECT _userid, _address, 'Password', _passwd, ':=' FROM user WHERE _address = 'anonymous at teszt.eduroam.hu' and _passwd != '' and (_hidden = 0 or _address like '%@eduroam.kfki.hu') ORDER BY _userid
rlm_sql_mysql: query: SELECT _userid, _address, 'Password', _passwd, ':=' FROM user WHERE _address = 'anonymous at teszt.eduroam.hu' and _passwd != '' and (_hidden = 0 or _address like '%@eduroam.kfki.hu') ORDER BY _userid
[internal_eduroam_sql0] expand: SELECT 'foo' FROM user WHERE _address = '_never_match' -> SELECT 'foo' FROM user WHERE _address = '_never_match'
rlm_sql_mysql: query: SELECT 'foo' FROM user WHERE _address = '_never_match'
rlm_sql (internal_eduroam_sql0): Released sql socket id: 2
[internal_eduroam_sql0] User anonymous at teszt.eduroam.hu not found
+++[internal_eduroam_sql0] returns notfound
++- group returns notfound
++[pap] returns noop
} # server eduroam
+- entering group pre-proxy {...}
[pre_proxy_log] expand: /var/log/freeradius/radacct/%{Client-IP-Address}/pre-proxy-detail-%Y%m%d -> /var/log/freeradius/radacct/127.0.0.1/pre-proxy-detail-20100831
[pre_proxy_log] /var/log/freeradius/radacct/%{Client-IP-Address}/pre-proxy-detail-%Y%m%d expands to /var/log/freeradius/radacct/127.0.0.1/pre-proxy-detail-20100831
[pre_proxy_log] expand: %t -> Tue Aug 31 15:42:13 2010
++[pre_proxy_log] returns ok
Sending Access-Request of id 135 to 195.111.98.4 port 1812
User-Name = "anonymous at teszt.eduroam.hu"
NAS-IP-Address = 127.0.0.1
Calling-Station-Id = "02-00-00-00-00-01"
Framed-MTU = 1400
NAS-Port-Type = Wireless-802.11
Connect-Info = "CONNECT 11Mbps 802.11b"
EAP-Message = 0x0200001f01616e6f6e796d6f7573407465737a742e656475726f616d2e6875
Message-Authenticator = 0x00000000000000000000000000000000
Proxy-State = 0x30
Proxying request 0 to home server 195.111.98.4 port 1812
Sending Access-Request of id 135 to 195.111.98.4 port 1812
User-Name = "anonymous at teszt.eduroam.hu"
NAS-IP-Address = 127.0.0.1
Calling-Station-Id = "02-00-00-00-00-01"
Framed-MTU = 1400
NAS-Port-Type = Wireless-802.11
Connect-Info = "CONNECT 11Mbps 802.11b"
EAP-Message = 0x0200001f01616e6f6e796d6f7573407465737a742e656475726f616d2e6875
Message-Authenticator = 0x00000000000000000000000000000000
Proxy-State = 0x30
Going to the next request
Waking up in 0.9 seconds.
rad_recv: Access-Challenge packet from host 195.111.98.4 port 1812, id=135, length=83
EAP-Message = 0x01010016041022d3f4e04054d141de2db747ed24ddba
Message-Authenticator = 0x18822b85b96e5f7846c9fbf655d2ce11
State = 0x8369c1185f3abd4277dd0989237883a5
Proxy-State = 0x30
+- entering group post-proxy {...}
[post_proxy_log] expand: /var/log/freeradius/radacct/%{Client-IP-Address}/post-proxy-detail-%Y%m%d -> /var/log/freeradius/radacct/127.0.0.1/post-proxy-detail-20100831
[post_proxy_log] /var/log/freeradius/radacct/%{Client-IP-Address}/post-proxy-detail-%Y%m%d expands to /var/log/freeradius/radacct/127.0.0.1/post-proxy-detail-20100831
[post_proxy_log] expand: %t -> Tue Aug 31 15:42:13 2010
++[post_proxy_log] returns ok
server eduroam {
} # server eduroam
Sending Access-Challenge of id 0 to 127.0.0.1 port 43327
EAP-Message = 0x01010016041022d3f4e04054d141de2db747ed24ddba
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x8369c1185f3abd4277dd0989237883a5
Finished request 0.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 127.0.0.1 port 43327, id=1, length=153
User-Name = "anonymous at teszt.eduroam.hu"
NAS-IP-Address = 127.0.0.1
Calling-Station-Id = "02-00-00-00-00-01"
Framed-MTU = 1400
NAS-Port-Type = Wireless-802.11
Connect-Info = "CONNECT 11Mbps 802.11b"
EAP-Message = 0x020100060315
State = 0x8369c1185f3abd4277dd0989237883a5
Message-Authenticator = 0x58cdcae38aacbb23e6220e7224ef5627
server eduroam {
+- entering group authorize {...}
++[preprocess] returns ok
[auth_log] expand: /var/log/freeradius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d -> /var/log/freeradius/radacct/127.0.0.1/auth-detail-20100831
[auth_log] /var/log/freeradius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d expands to /var/log/freeradius/radacct/127.0.0.1/auth-detail-20100831
[auth_log] expand: %t -> Tue Aug 31 15:42:13 2010
++[auth_log] returns ok
++[chap] returns noop
++[mschap] returns noop
[eap] EAP packet type response id 1 length 6
[eap] No EAP Start, assuming it's an on-going EAP conversation
++[eap] returns updated
[eduroam_files] expand: %{User-Name} -> anonymous at teszt.eduroam.hu
[eduroam_files] expand: %{User-Name} -> anonymous at teszt.eduroam.hu
[eduroam_files] users: Matched entry DEFAULT at line 214
++[eduroam_files] returns ok
++- entering group {...}
[internal_eduroam_sql0] expand: %{User-Name} -> anonymous at teszt.eduroam.hu
[internal_eduroam_sql0] sql_set_user escaped user --> 'anonymous at teszt.eduroam.hu'
rlm_sql (internal_eduroam_sql0): Reserving sql socket id: 1
[internal_eduroam_sql0] expand: SELECT _userid, _address, 'Password', _passwd, ':=' FROM user WHERE _address = '%{SQL-User-Name}' and _passwd != '' and (_hidden = 0 or _address like '%%@eduroam.kfki.hu') ORDER BY _userid -> SELECT _userid, _address, 'Password', _passwd, ':=' FROM user WHERE _address = 'anonymous at teszt.eduroam.hu' and _passwd != '' and (_hidden = 0 or _address like '%@eduroam.kfki.hu') ORDER BY _userid
rlm_sql_mysql: query: SELECT _userid, _address, 'Password', _passwd, ':=' FROM user WHERE _address = 'anonymous at teszt.eduroam.hu' and _passwd != '' and (_hidden = 0 or _address like '%@eduroam.kfki.hu') ORDER BY _userid
[internal_eduroam_sql0] expand: SELECT 'foo' FROM user WHERE _address = '_never_match' -> SELECT 'foo' FROM user WHERE _address = '_never_match'
rlm_sql_mysql: query: SELECT 'foo' FROM user WHERE _address = '_never_match'
rlm_sql (internal_eduroam_sql0): Released sql socket id: 1
[internal_eduroam_sql0] User anonymous at teszt.eduroam.hu not found
+++[internal_eduroam_sql0] returns notfound
++- group returns notfound
++[pap] returns noop
} # server eduroam
+- entering group pre-proxy {...}
[pre_proxy_log] expand: /var/log/freeradius/radacct/%{Client-IP-Address}/pre-proxy-detail-%Y%m%d -> /var/log/freeradius/radacct/127.0.0.1/pre-proxy-detail-20100831
[pre_proxy_log] /var/log/freeradius/radacct/%{Client-IP-Address}/pre-proxy-detail-%Y%m%d expands to /var/log/freeradius/radacct/127.0.0.1/pre-proxy-detail-20100831
[pre_proxy_log] expand: %t -> Tue Aug 31 15:42:13 2010
++[pre_proxy_log] returns ok
Sending Access-Request of id 67 to 195.111.98.4 port 1812
User-Name = "anonymous at teszt.eduroam.hu"
NAS-IP-Address = 127.0.0.1
Calling-Station-Id = "02-00-00-00-00-01"
Framed-MTU = 1400
NAS-Port-Type = Wireless-802.11
Connect-Info = "CONNECT 11Mbps 802.11b"
EAP-Message = 0x020100060315
State = 0x8369c1185f3abd4277dd0989237883a5
Message-Authenticator = 0x00000000000000000000000000000000
Proxy-State = 0x31
Proxying request 1 to home server 195.111.98.4 port 1812
Sending Access-Request of id 67 to 195.111.98.4 port 1812
User-Name = "anonymous at teszt.eduroam.hu"
NAS-IP-Address = 127.0.0.1
Calling-Station-Id = "02-00-00-00-00-01"
Framed-MTU = 1400
NAS-Port-Type = Wireless-802.11
Connect-Info = "CONNECT 11Mbps 802.11b"
EAP-Message = 0x020100060315
State = 0x8369c1185f3abd4277dd0989237883a5
Message-Authenticator = 0x00000000000000000000000000000000
Proxy-State = 0x31
Going to the next request
Waking up in 0.9 seconds.
rad_recv: Access-Challenge packet from host 195.111.98.4 port 1812, id=67, length=67
EAP-Message = 0x010200061520
Message-Authenticator = 0xc986105bccde929701773e5a5bbd4ee9
State = 0x4479a45fed6434ea9559f7217d2351e7
Proxy-State = 0x31
+- entering group post-proxy {...}
[post_proxy_log] expand: /var/log/freeradius/radacct/%{Client-IP-Address}/post-proxy-detail-%Y%m%d -> /var/log/freeradius/radacct/127.0.0.1/post-proxy-detail-20100831
[post_proxy_log] /var/log/freeradius/radacct/%{Client-IP-Address}/post-proxy-detail-%Y%m%d expands to /var/log/freeradius/radacct/127.0.0.1/post-proxy-detail-20100831
[post_proxy_log] expand: %t -> Tue Aug 31 15:42:13 2010
++[post_proxy_log] returns ok
server eduroam {
} # server eduroam
Sending Access-Challenge of id 1 to 127.0.0.1 port 43327
EAP-Message = 0x010200061520
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x4479a45fed6434ea9559f7217d2351e7
Finished request 1.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 127.0.0.1 port 43327, id=2, length=240
User-Name = "anonymous at teszt.eduroam.hu"
NAS-IP-Address = 127.0.0.1
Calling-Station-Id = "02-00-00-00-00-01"
Framed-MTU = 1400
NAS-Port-Type = Wireless-802.11
Connect-Info = "CONNECT 11Mbps 802.11b"
EAP-Message = 0x0202005d150016030100520100004e03014c7d06b535a702a328f3ce39c466ca5001f788dc64fb4fa87d350230a40c2ce900002600390038003500160013000a00330032002f0005000400150012000900140011000800060003020100
State = 0x4479a45fed6434ea9559f7217d2351e7
Message-Authenticator = 0x338c327f4f8ef7b0234194983b9d104e
server eduroam {
+- entering group authorize {...}
++[preprocess] returns ok
[auth_log] expand: /var/log/freeradius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d -> /var/log/freeradius/radacct/127.0.0.1/auth-detail-20100831
[auth_log] /var/log/freeradius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d expands to /var/log/freeradius/radacct/127.0.0.1/auth-detail-20100831
[auth_log] expand: %t -> Tue Aug 31 15:42:13 2010
++[auth_log] returns ok
++[chap] returns noop
++[mschap] returns noop
[eap] EAP packet type response id 2 length 93
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
+- entering group authenticate {...}
rlm_eap: No EAP session matching the State variable.
[eap] Either EAP-request timed out OR EAP-response to an unknown EAP-request
[eap] Failed in handler
++[eap] returns invalid
Failed to authenticate the user.
Login incorrect: [anonymous at teszt.eduroam.hu] (from client eapol_test port 0 cli 02-00-00-00-00-01)
} # server eduroam
Delaying reject of request 2 for 1 seconds
Going to the next request
Waking up in 0.9 seconds.
Sending delayed reject for request 2
Sending Access-Reject of id 2 to 127.0.0.1 port 43327
Waking up in 3.9 seconds.
Best regards,
Jozsef
--
E-mail : kadlec at mail.kfki.hu, kadlec at blackhole.kfki.hu
PGP key: http://www.kfki.hu/~kadlec/pgp_public_key.txt
Address: KFKI Research Institute for Particle and Nuclear Physics
H-1525 Budapest 114, POB. 49, Hungary
More information about the Freeradius-Users
mailing list