Linksys WIFI Authentication using freeradius?

Michel Bulgado michel at casa.co.cu
Fri Dec 9 16:15:26 CET 2011


  On 12/08/2011 10:06 PM, Fajar A. Nugraha wrote:
> On Fri, Dec 9, 2011 at 9:39 AM,<michel at casa.co.cu>  wrote:
>> Michel Bulgado<michel at casa.co.cu>  escribió:
>>
>>>   On 12/08/2011 04:26 PM, Fajar A. Nugraha wrote:
>>>> On Fri, Dec 9, 2011 at 4:11 AM, Michel Bulgado<michel at casa.co.cu>    wrote:
>>>>> After the user to authenticate and connect to wireless, I noticed that
>>>>> the
>>>>> table "RadAcct" was empty, probing the inner-tunnel file found this:
>>>>>
>>>>> There are no accounting Requests inside of EAP-TTLS or PEAP tunnels.
>>>>>
>>>>> What other variants, I can choose to run the accounting?
>>>> sites-available/default
>>>>
>>>> look for "sql" in accounting section.
>>>>
>>> This is my accounting section in /etc/raddb/sites-available/default
>>>
>>> accounting {
>>>     detail
>>>     sql
>>> }
>>>
>>> And don't work
>>>
>>> Michel
>>
>>
>>
>> Hello again
>>
>> As confirmed in my previous email, I have a problem, I have configured
>> freeradius supports tunneled TLS or TTLS best known for, my users can
>> connect using a username and password, but after connecting, not performing
>> the accounting in mysql, I was reviewing seconds
> Let's go back to the basics.
>
> Does your NAS send accounting packets? (hint: run FR in debug mode,
> then get a client to connect and disconnect)
> Some NAS (last time I tried with dd-wrt) it can authenticate using
> EAP, but it can't send accounting packet.
>

Hi Fajar

I run radiusd in debug mode :

This is the output of the request:


rad_recv: Access-Request packet from host 192.168.25.15 port 32771, 
id=125, length=121
     User-Name = "michel"
     NAS-IP-Address = 192.168.30.1
     NAS-Port = 0
     Called-Station-Id = "00-1E-E5-F4-7B-21"
     Calling-Station-Id = "00-1F-E1-2B-28-57"
     Framed-MTU = 1400
     NAS-Port-Type = Wireless-802.11
     EAP-Message = 0x0201000b016d696368656c
     Message-Authenticator = 0x72d68fa1027b67d016dd173b01c92dcf
+- entering group authorize {...}
++[preprocess] returns ok
[eap] EAP packet type response id 1 length 11
[eap] No EAP Start, assuming it's an on-going EAP conversation
++[eap] returns updated
[sql]     expand: %{User-Name} -> michel
[sql] sql_set_user escaped user --> 'michel'
rlm_sql (sql): Reserving sql socket id: 3
[sql]     expand: SELECT id, username, attribute, value, op           
FROM radcheck           WHERE username = '%{SQL-User-Name}'           
ORDER BY id -> SELECT id, username, attribute, value, op           FROM 
radcheck           WHERE username = 'michel'           ORDER BY id
[sql] User found in radcheck table
[sql]     expand: SELECT id, username, attribute, value, op           
FROM radreply           WHERE username = '%{SQL-User-Name}'           
ORDER BY id -> SELECT id, username, attribute, value, op           FROM 
radreply           WHERE username = 'michel'           ORDER BY id
[sql]     expand: SELECT groupname           FROM radusergroup           
WHERE username = '%{SQL-User-Name}'           ORDER BY priority -> 
SELECT groupname           FROM radusergroup           WHERE username = 
'michel'           ORDER BY priority
[sql]     expand: SELECT id, groupname, attribute,           Value, 
op           FROM radgroupcheck           WHERE groupname = 
'%{Sql-Group}'           ORDER BY id -> SELECT id, groupname, 
attribute,           Value, op           FROM radgroupcheck           
WHERE groupname = 'Computacion'           ORDER BY id
[sql] User found in group Computacion
[sql]     expand: SELECT id, groupname, attribute,           value, 
op           FROM radgroupreply           WHERE groupname = 
'%{Sql-Group}'           ORDER BY id -> SELECT id, groupname, 
attribute,           value, op           FROM radgroupreply           
WHERE groupname = 'Computacion'           ORDER BY id
rlm_sql (sql): Released sql socket id: 3
++[sql] returns ok
rlm_checkval: Item Name: Calling-Station-Id, Value: 00-1F-E1-2B-28-57
rlm_checkval: Value Name: Calling-Station-Id, Value: 00-1F-E1-2B-28-57
++[checkval] returns ok
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] EAP Identity
[eap] processing type tls
[tls] Initiate
[tls] Start returned 1
++[eap] returns handled
Sending Access-Challenge of id 125 to 192.168.25.15 port 32771
     Framed-Compression := Van-Jacobson-TCP-IP
     Framed-Protocol := PPP
     Service-Type := Framed-User
     Acct-Interim-Interval = 60
     EAP-Message = 0x010200061520
     Message-Authenticator = 0x00000000000000000000000000000000
     State = 0xa86f76f4a86d635fb1337e0b98514b2f
Finished request 0.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 192.168.25.15 port 32771, 
id=126, length=240
     User-Name = "michel"
     NAS-IP-Address = 192.168.30.1
     NAS-Port = 0
     Called-Station-Id = "00-1E-E5-F4-7B-21"
     Calling-Station-Id = "00-1F-E1-2B-28-57"
     Framed-MTU = 1400
     NAS-Port-Type = Wireless-802.11
     EAP-Message = 
0x0202007015800000006616030100610100005d03014ee2247053e29359e617993c10c473b4005b225795041ba292b2e85d81f47f5500003600390038003500160013000a00330032002f0007006600050004006300620061001500120009006500640060001400110008000600030100
     State = 0xa86f76f4a86d635fb1337e0b98514b2f
     Message-Authenticator = 0x5694aee708105901b70a2e10b65dd5e9
+- entering group authorize {...}
++[preprocess] returns ok
[eap] EAP packet type response id 2 length 112
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/ttls
[eap] processing type ttls
[ttls] Authenticate
[ttls] processing EAP-TLS
   TLS Length 102
[ttls] Length Included
[ttls] eaptls_verify returned 11
[ttls]     (other): before/accept initialization
[ttls]     TLS_accept: before/accept initialization
[ttls] <<< TLS 1.0 Handshake [length 0061], ClientHello
[ttls]     TLS_accept: SSLv3 read client hello A
[ttls] >>> TLS 1.0 Handshake [length 002a], ServerHello
[ttls]     TLS_accept: SSLv3 write server hello A
[ttls] >>> TLS 1.0 Handshake [length 08d7], Certificate
[ttls]     TLS_accept: SSLv3 write certificate A
[ttls] >>> TLS 1.0 Handshake [length 020d], ServerKeyExchange
[ttls]     TLS_accept: SSLv3 write key exchange A
[ttls] >>> TLS 1.0 Handshake [length 0004], ServerHelloDone
[ttls]     TLS_accept: SSLv3 write server done A
[ttls]     TLS_accept: SSLv3 flush data
[ttls]     TLS_accept: Need to read more data: SSLv3 read client 
certificate A
In SSL Handshake Phase
In SSL Accept mode
[ttls] eaptls_process returned 13
++[eap] returns handled
Sending Access-Challenge of id 126 to 192.168.25.15 port 32771
     EAP-Message = 
0x0103040015c000000b26160301002a0200002603014ee22464fc31222fd72e6dfb95090f8d8a8fabaa8198c60e852a329868b156050000390016030108d70b0008d30008d00003d8308203d4308202bca003020102020103300d06092a864886f70d01010405003081aa310b3009060355040613024355311c301a06035504081313436975646164206465206c6120486162616e6131123010060355040713094c6120486162616e61311d301b060355040a131443617361206465206c617320416d6572696361733127302506092a864886f70d0109011618636f6d7075746163696f6e40636173612e63756c742e63753121301f0603550403131843
     EAP-Message = 
0x6572746966696361646f206465204175746f7269646164301e170d3131313230383134303531365a170d3132313230373134303531365a308196310b3009060355040613024355311c301a06035504081313436975646164206465206c6120486162616e61311d301b060355040a131443617361206465206c617320416d6572696361733121301f06035504031318436572746966696361646f2064656c205365727669646f723127302506092a864886f70d0109011618636f6d7075746163696f6e40636173612e63756c742e637530820122300d06092a864886f70d01010105000382010f003082010a0282010100d57576a7332583af627ca1d9
     EAP-Message = 
0x77fc86c55396361bcec202a428b40a88420590fb2d9fa5ee35cf68290385d1b08cb3a4cd236d7ccc3555ab635adbbadb6fd9614c63fac1785e628a4d8437e3ef31dd3de5eac3a2dac83fe13e6414f15ba5044287e048f9c7c34851db1191733b9db7a1b9573a40e65e89e0202ec0a7e2b03b388764f734007e74efeab5cf6c6692ceb1f511b66c46fd845c5a1149e15d5ce67976e5de56ad41d2da391053c2ec80503e2c74b51e5c9553ab8f0392d933b2c78c3495644bf442b1cc86c0781801084c35f224b573f69c5c2efff94cb54d95759af4b8f2561182cfd9047f1505adfb11dfc73a4b1492c81f95428e0beb86252129b50203010001a3173015
     EAP-Message = 
0x30130603551d25040c300a06082b06010505070301300d06092a864886f70d01010405000382010100e2d2320e9170a1b34de52dffbebc93da8d48eb55a5bc3a7c2cce2cf9ff2c3bf1ac1526248f937ee845c5ddb46192e10ffa2f229a4e06b4cbf54dbeff5cf39cb46a958c69fd4aeff29979c69ce7093b4091d2d6073c9f95ca13b9e09248bd500224c4ad2be6d6f80cefe20b8521b99c219e3d6b3775e6db17cc316f4908e366c6dd9f5490fa183b3f5702dd687dd01226563e106638165ef92141313eb0095ecbd8c2cfee087d576cb6a1efeb5a020993d9fb2cde20b85e2c3e103dbe62702dc6c6b17764bf07b5253ce7f02fc3dac70cf7e1e0d1
     EAP-Message = 0x017a1eff3d4b8c66e93d52e3
     Message-Authenticator = 0x00000000000000000000000000000000
     State = 0xa86f76f4a96c635fb1337e0b98514b2f
Finished request 1.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 192.168.25.15 port 32771, 
id=127, length=134
     User-Name = "michel"
     NAS-IP-Address = 192.168.30.1
     NAS-Port = 0
     Called-Station-Id = "00-1E-E5-F4-7B-21"
     Calling-Station-Id = "00-1F-E1-2B-28-57"
     Framed-MTU = 1400
     NAS-Port-Type = Wireless-802.11
     EAP-Message = 0x020300061500
     State = 0xa86f76f4a96c635fb1337e0b98514b2f
     Message-Authenticator = 0xf198d4dbc6aac419c4bdef060225ba28
+- entering group authorize {...}
++[preprocess] returns ok
[eap] EAP packet type response id 3 length 6
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/ttls
[eap] processing type ttls
[ttls] Authenticate
[ttls] processing EAP-TLS
[ttls] Received TLS ACK
[ttls] ACK handshake fragment handler
[ttls] eaptls_verify returned 1
[ttls] eaptls_process returned 13
++[eap] returns handled
Sending Access-Challenge of id 127 to 192.168.25.15 port 32771
     EAP-Message = 
0x0104040015c000000b26e62af205a7501d47c3785e67ac1087e2ed9272998d0982ddd2040d6e7def5a290004f2308204ee308203d6a003020102020900f748ec3ca828a225300d06092a864886f70d01010505003081aa310b3009060355040613024355311c301a06035504081313436975646164206465206c6120486162616e6131123010060355040713094c6120486162616e61311d301b060355040a131443617361206465206c617320416d6572696361733127302506092a864886f70d0109011618636f6d7075746163696f6e40636173612e63756c742e63753121301f06035504031318436572746966696361646f206465204175746f72
     EAP-Message = 
0x69646164301e170d3131313230383134303531365a170d3132313230373134303531365a3081aa310b3009060355040613024355311c301a06035504081313436975646164206465206c6120486162616e6131123010060355040713094c6120486162616e61311d301b060355040a131443617361206465206c617320416d6572696361733127302506092a864886f70d0109011618636f6d7075746163696f6e40636173612e63756c742e63753121301f06035504031318436572746966696361646f206465204175746f726964616430820122300d06092a864886f70d01010105000382010f003082010a0282010100f52aae6d2dfa2141001d2a
     EAP-Message = 
0x9541a676d0639d9b4bef36f4a3bce6881af19b89c8fcd08135eb3241e8da66c959f13fb6178d698515c55ed09efbc4c4e61db406c6fa9a4fb887bf6dc033112d8a7a8458549a35a67cf94657ea63b285153e88700c889ec2faa7f15ee0af229dcfe84348f7d7e0052097866ca33a80c36a7c40839ddde3875bc17e19045925a16a2d7fa1c3391cfb0f1d9391ba930aca386e0c7f52b94b6f4d18892e71357280b2403c03eacc385d9ae3ad35b9dabfd615504c9fb1dec653a76ec9a179b32d58983ecddbbf3dcaaec07f2a240ffa5edeeda0b0204629b94798d635e645069f0d12ca30094fbeb777ca3cbbf4f8497d76982f400f050203010001a38201
     EAP-Message = 
0x133082010f301d0603551d0e04160414b072beac79b158235aaa0656f01f1dcc205f27763081df0603551d230481d73081d48014b072beac79b158235aaa0656f01f1dcc205f2776a181b0a481ad3081aa310b3009060355040613024355311c301a06035504081313436975646164206465206c6120486162616e6131123010060355040713094c6120486162616e61311d301b060355040a131443617361206465206c617320416d6572696361733127302506092a864886f70d0109011618636f6d7075746163696f6e40636173612e63756c742e63753121301f06035504031318436572746966696361646f206465204175746f72696461648209
     EAP-Message = 0x00f748ec3ca828a225300c06
     Message-Authenticator = 0x00000000000000000000000000000000
     State = 0xa86f76f4aa6b635fb1337e0b98514b2f
Finished request 2.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 192.168.25.15 port 32771, 
id=128, length=134
     User-Name = "michel"
     NAS-IP-Address = 192.168.30.1
     NAS-Port = 0
     Called-Station-Id = "00-1E-E5-F4-7B-21"
     Calling-Station-Id = "00-1F-E1-2B-28-57"
     Framed-MTU = 1400
     NAS-Port-Type = Wireless-802.11
     EAP-Message = 0x020400061500
     State = 0xa86f76f4aa6b635fb1337e0b98514b2f
     Message-Authenticator = 0x733083435506c2fd5710480ec62621e7
+- entering group authorize {...}
++[preprocess] returns ok
[eap] EAP packet type response id 4 length 6
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/ttls
[eap] processing type ttls
[ttls] Authenticate
[ttls] processing EAP-TLS
[ttls] Received TLS ACK
[ttls] ACK handshake fragment handler
[ttls] eaptls_verify returned 1
[ttls] eaptls_process returned 13
++[eap] returns handled
Sending Access-Challenge of id 128 to 192.168.25.15 port 32771
     EAP-Message = 
0x01050344158000000b2603551d13040530030101ff300d06092a864886f70d010105050003820101004d2c051b8cea5b64d04c742985238a5d7894b2c46ebca82d5b6a7863eb3d32cbe0924ec229f2a665d769af1650d8ae6b845cad219b4c6fbdda34734729954c0342cf24b4aa4add2167e4357536629673f1f3a804cb5eae27f0d09f58bb82443c60f9b66851aa04d53e3b06971f4c8b87679729fef8b3605d2c9a2cc4bdb52e611d43f37a9acd83caa73d9cf0d24e5763ab62c67aa0398a8361941001c7d562191eed395ad4c64c31e7be21f959327386cd9b00862b2159b71166e51e61ec0b52ebcd03ca40fe974954bf2358c5adae5eb90d5d3c
     EAP-Message = 
0x6378ec8c9129f38c01979ba6cb8b3d2a1e8bd1ae7097042240ad6a2bfe0c7a537d9ea76b5de5ad41d06e7d75160301020d0c0002090080d91db7001ab465a9e32ce323cc9e535996eb3414cfb54938a255cdb74cc6de3609438a4e925cc8a759e9879e3bb1b68ab14bfe541180a7ccb857cb563b342dcee2571f99813d14eab540d34a00e8f1938792a3edf9a6e624b2dd509e6609eb80505243fa2d157896406d82f51e955d12358f23b918a496c34cd95e248d893ebb00010200802ceb7f0694badf2de08b8657905f5761743646e601c9707fe47964cd91f47a8548dcdda5f9b43b0a98d1e520471ddcd7536ed217e9fef8c3c928cc32fa2768eac8
     EAP-Message = 
0x1bfa63f64bc0ad3758e72a5dfd2fa94e5348eac08f761991ac773eb020d11a470749d79333052e43f0fd2ed3b2c4becdbc2e0c47e1c49d68b2adc481f1d7bb010069314ceff1c53856cba2ebb8185ffa1057fbe79c472719727f6a2f7acf8e330e4dd1a6fea8d0fca9946289ad808f55d558190769155fa58d2db6bd3c4eb9b563d7f1ef5f45b4d7c20a5b92a4200c75a2f494646a60364e1e670665206402e3b46933665c5a8bbb0d4237ec533c0f94720fa1032f2ce6569aa396aad891329edd9b9d78e7568341690d8fce0fff717451997e64f30d0a3c2157ba387028a314aa4d4ae4a6869dca63e1acda9b1328479576b32da7d83637a738879381
     EAP-Message = 
0x2199a2e4737dee3b09178f0f5118b3d279fe6ef5e0f46ee7ead1e91e336c1a609b30e2b17a3e201551c55fded7f06ca449bdf1ae825a7a8dfa5798adfa017556bb2e7aef16030100040e000000
     Message-Authenticator = 0x00000000000000000000000000000000
     State = 0xa86f76f4ab6a635fb1337e0b98514b2f
Finished request 3.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 192.168.25.15 port 32771, 
id=129, length=336
     User-Name = "michel"
     NAS-IP-Address = 192.168.30.1
     NAS-Port = 0
     Called-Station-Id = "00-1E-E5-F4-7B-21"
     Calling-Station-Id = "00-1F-E1-2B-28-57"
     Framed-MTU = 1400
     NAS-Port-Type = Wireless-802.11
     EAP-Message = 
0x020500d01580000000c61603010086100000820080bd0e0d270c383b42e29ecc66c3a593e6cae447f746f04bd0121ae9b23501a9a914ee40895ccb2c6f1c6e8f8d93733adf138963e1245262f0551c0d4ae354df565e2255c6ab9c8c565c2e3a488ffc0ec61c3886751900c0ffba40428cd49fc98444119d1869c38f0191ae2ad6f09b47e5ec95e1f2c869daa17975bd922392dc911403010001011603010030c942db851014bdd56963fe47985deca4eea56d75828cc4f110b16dd390320495bc76eb481ebae3f10fd0663b4d7eff8a
     State = 0xa86f76f4ab6a635fb1337e0b98514b2f
     Message-Authenticator = 0x15bfb65c504550c1336866f41c2e83ca
+- entering group authorize {...}
++[preprocess] returns ok
[eap] EAP packet type response id 5 length 208
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/ttls
[eap] processing type ttls
[ttls] Authenticate
[ttls] processing EAP-TLS
   TLS Length 198
[ttls] Length Included
[ttls] eaptls_verify returned 11
[ttls] <<< TLS 1.0 Handshake [length 0086], ClientKeyExchange
[ttls]     TLS_accept: SSLv3 read client key exchange A
[ttls] <<< TLS 1.0 ChangeCipherSpec [length 0001]
[ttls] <<< TLS 1.0 Handshake [length 0010], Finished
[ttls]     TLS_accept: SSLv3 read finished A
[ttls] >>> TLS 1.0 ChangeCipherSpec [length 0001]
[ttls]     TLS_accept: SSLv3 write change cipher spec A
[ttls] >>> TLS 1.0 Handshake [length 0010], Finished
[ttls]     TLS_accept: SSLv3 write finished A
[ttls]     TLS_accept: SSLv3 flush data
[ttls]     (other): SSL negotiation finished successfully
SSL Connection Established
[ttls] eaptls_process returned 13
++[eap] returns handled
Sending Access-Challenge of id 129 to 192.168.25.15 port 32771
     EAP-Message = 
0x0106004515800000003b140301000101160301003033123d4a6842016e35751f216c9e91cbdbe15ff55afed821df65e05b102d2bf27a9250573a71471ce51c606a31060e6a
     Message-Authenticator = 0x00000000000000000000000000000000
     State = 0xa86f76f4ac69635fb1337e0b98514b2f
Finished request 4.
Going to the next request
Waking up in 4.8 seconds.
rad_recv: Access-Request packet from host 192.168.25.15 port 32771, 
id=130, length=240
     User-Name = "michel"
     NAS-IP-Address = 192.168.30.1
     NAS-Port = 0
     Called-Station-Id = "00-1E-E5-F4-7B-21"
     Calling-Station-Id = "00-1F-E1-2B-28-57"
     Framed-MTU = 1400
     NAS-Port-Type = Wireless-802.11
     EAP-Message = 
0x0206007015001703010020d5141f0692c34b252a63135bb285cf36c75bf5fbeb7225465599981ac9c51c76170301004015fc3a9de13e30b96141101250b48fed4824d60415dd99090d301715e6827ae00700f3bbcd6284335d5cb86008ccc3ed2fa3a099e777231f02089478a72a6fa9
     State = 0xa86f76f4ac69635fb1337e0b98514b2f
     Message-Authenticator = 0x211db68e0847241824b6b0b0ccd11acf
+- entering group authorize {...}
++[preprocess] returns ok
[eap] EAP packet type response id 6 length 112
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/ttls
[eap] processing type ttls
[ttls] Authenticate
[ttls] processing EAP-TLS
[ttls] eaptls_verify returned 7
[ttls] Done initial handshake
[ttls] eaptls_process returned 7
[ttls] Session established.  Proceeding to decode tunneled attributes.
[ttls] Got tunneled request
     User-Name = "michel"
     User-Password = "xxxxx"
     FreeRADIUS-Proxied-To = 127.0.0.1
[ttls] Sending tunneled request
     User-Name = "michel"
     User-Password = "xxxxx"
     FreeRADIUS-Proxied-To = 127.0.0.1
server inner-tunnel {
+- entering group authorize {...}
[sql]     expand: %{User-Name} -> michel
[sql] sql_set_user escaped user --> 'michel'
rlm_sql (sql): Reserving sql socket id: 2
[sql]     expand: SELECT id, username, attribute, value, op           
FROM radcheck           WHERE username = '%{SQL-User-Name}'           
ORDER BY id -> SELECT id, username, attribute, value, op           FROM 
radcheck           WHERE username = 'michel'           ORDER BY id
[sql] User found in radcheck table
[sql]     expand: SELECT id, username, attribute, value, op           
FROM radreply           WHERE username = '%{SQL-User-Name}'           
ORDER BY id -> SELECT id, username, attribute, value, op           FROM 
radreply           WHERE username = 'michel'           ORDER BY id
[sql]     expand: SELECT groupname           FROM radusergroup           
WHERE username = '%{SQL-User-Name}'           ORDER BY priority -> 
SELECT groupname           FROM radusergroup           WHERE username = 
'michel'           ORDER BY priority
[sql]     expand: SELECT id, groupname, attribute,           Value, 
op           FROM radgroupcheck           WHERE groupname = 
'%{Sql-Group}'           ORDER BY id -> SELECT id, groupname, 
attribute,           Value, op           FROM radgroupcheck           
WHERE groupname = 'Computacion'           ORDER BY id
[sql] User found in group Computacion
[sql]     expand: SELECT id, groupname, attribute,           value, 
op           FROM radgroupreply           WHERE groupname = 
'%{Sql-Group}'           ORDER BY id -> SELECT id, groupname, 
attribute,           value, op           FROM radgroupreply           
WHERE groupname = 'Computacion'           ORDER BY id
rlm_sql (sql): Released sql socket id: 2
++[sql] returns ok
[pap] Normalizing MD5-Password from hex encoding
++[pap] returns updated
Found Auth-Type = PAP
+- entering group PAP {...}
[pap] login attempt with password "xxxxx"
[pap] Using MD5 encryption.
[pap] User authenticated successfully
++[pap] returns ok
+- entering group session {...}
++[sql] returns noop
   WARNING: Empty section.  Using default return values.
} # server inner-tunnel
[ttls] Got tunneled reply code 2
     Framed-Compression := Van-Jacobson-TCP-IP
     Framed-Protocol := PPP
     Service-Type := Framed-User
     Acct-Interim-Interval = 60
[ttls] Got tunneled Access-Accept
[eap] Freeing handler
++[eap] returns ok
+- entering group post-auth {...}
[reply_log]     expand: 
/var/log/radius/radacct/%{Client-IP-Address}/reply-detail-%Y%m%d -> 
/var/log/radius/radacct/192.168.25.15/reply-detail-20111209
[reply_log] 
/var/log/radius/radacct/%{Client-IP-Address}/reply-detail-%Y%m%d expands 
to /var/log/radius/radacct/192.168.25.15/reply-detail-20111209
[reply_log]     expand: %t -> Fri Dec  9 10:08:20 2011
++[reply_log] returns ok
[sql]     expand: %{User-Name} -> michel
[sql] sql_set_user escaped user --> 'michel'
[sql]     expand: %{User-Password} ->
[sql]     expand: %{Chap-Password} ->
[sql]     expand: INSERT INTO radpostauth                           
(username, pass, reply, authdate)                           VALUES 
(                           '%{User-Name}',                           
'%{%{User-Password}:-%{Chap-Password}}',                           
'%{reply:Packet-Type}', '%S') -> INSERT INTO 
radpostauth                           (username, pass, reply, 
authdate)                           VALUES (                           
'michel',                           '',                           
'Access-Accept', '2011-12-09 10:08:20')
rlm_sql (sql) in sql_postauth: query is INSERT INTO 
radpostauth                           (username, pass, reply, 
authdate)                           VALUES (                           
'michel',                           '',                           
'Access-Accept', '2011-12-09 10:08:20')
rlm_sql (sql): Reserving sql socket id: 1
rlm_sql (sql): Released sql socket id: 1
++[sql] returns ok
Sending Access-Accept of id 130 to 192.168.25.15 port 32771
     MS-MPPE-Recv-Key = 
0x1ea6c98931e212cac0d8115539d9f54a3b1a4b68b651e66da7c27b58c192dff5
     MS-MPPE-Send-Key = 
0x2e85032cb54145d7527d3c0c4e75d36e33d615fa73059ef62aa782dbdde687d9
     EAP-Message = 0x03060004
     Message-Authenticator = 0x00000000000000000000000000000000
     User-Name = "michel"
Finished request 5.
Going to the next request
Waking up in 4.7 seconds.
Cleaning up request 0 ID 125 with timestamp +5
Cleaning up request 1 ID 126 with timestamp +5
Cleaning up request 2 ID 127 with timestamp +5
Cleaning up request 3 ID 128 with timestamp +5
Waking up in 0.1 seconds.
Cleaning up request 4 ID 129 with timestamp +5
Cleaning up request 5 ID 130 with timestamp +5
Ready to process requests.



So, i don't see accounting packet, could be supressed by the TTLS or 
Linkys Router dont send that packet in stream?


Regards

Michel




More information about the Freeradius-Users mailing list