Failure to Process radgroupreply

Andrew Long fursink at gmail.com
Thu Apr 5 14:16:16 CEST 2012


For reference, here is a debug from another account's auth request
which successfully processes radgroupreply and sends the pairs from
that table. The attributes are different here because the NAS is
different and I don't want to confuse it by assigning another vendor's
attributes. I did accidentally have the Nomadix-Bw-Up/Down in this
account's radgrouprely table, and they were also passed correctly
here, though I don't have that debug.


rad_recv: Access-Request packet from host xx.xx.xx.xx port 32772,
id=71, length=244
  Acct-Session-Id = "645dcb12"
  NAS-Port = 10
  NAS-Port-Type = Wireless-802.11
  User-Name = "tup140412"
  Calling-Station-Id = "3C-8B-FE-D8-66-6E"
  Called-Station-Id = "3C-D9-2B-7B-97-37"
  Framed-IP-Address = 192.168.25.92
  MS-CHAP2-Response =
0x4700c5c9e5b0d32cef356ea40cef22e904a400000000000000008ab1f953dbb0a3b342fbdf00518cda391b29bf13efeffd84
  MS-CHAP-Challenge = 0x20a511804f668694117f916ee1ef6a46
  NAS-Identifier = "TW126LK026"
  NAS-IP-Address = xx.xx.xx.xx
  Framed-MTU = 1496
  Connect-Info = "HTTPS"
  Service-Type = Framed-User
  Colubris-AVPair = "vsc-name=HP ProCurve"
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
[mschap] Found MS-CHAP attributes.  Setting 'Auth-Type  = mschap'
++[mschap] returns ok
[suffix] No '@' in User-Name = "tup140412", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[sql]   expand: %{User-Name} -> tup140412
[sql] sql_set_user escaped user --> 'tup140412'
rlm_sql (sql): Reserving sql socket id: 2
[sql]   expand: SELECT id, username, attribute, value, op FROM
radcheck WHERE username = '%{SQL-User-Name}' ORDER BY id -> SELECT id,
username, attribute, value, op FROM radcheck WHERE username =
'tup140412' ORDER BY id
[sql] User found in radcheck table
[sql]   expand: SELECT id, username, attribute, value, op FROM
radreply WHERE username = '%{SQL-User-Name}' ORDER BY id -> SELECT id,
username, attribute, value, op FROM radreply WHERE username =
'tup140412' ORDER BY id
[sql]   expand: SELECT groupname FROM radusergroup WHERE username =
'%{SQL-User-Name}' ORDER BY priority -> SELECT groupname FROM
radusergroup WHERE username = 'tup140412' ORDER BY priority
[sql]   expand: SELECT id, groupname, attribute, Value, op FROM
radgroupcheck WHERE groupname = '%{Sql-Group}' ORDER BY id -> SELECT
id, groupname, attribute, Value, op FROM radgroupcheck WHERE groupname
= 'hieTUPELO-guest-group' ORDER BY id
[sql] User found in group hieTUPELO-guest-group
[sql]   expand: SELECT id, groupname, attribute, value, op FROM
radgroupreply WHERE groupname = '%{Sql-Group}' ORDER BY id -> SELECT
id, groupname, attribute, value, op FROM radgroupreply WHERE groupname
= 'hieTUPELO-guest-group' ORDER BY id
rlm_sql (sql): Released sql socket id: 2
++[sql] returns ok
++[expiration] returns noop
++[logintime] returns noop
rlm_sqlcounter: Entering module authorize code
rlm_sqlcounter: Could not find Check item value pair
++[noresetcounter] returns noop
rlm_sqlcounter: Entering module authorize code
rlm_sqlcounter: Could not find Check item value pair
++[dailycounter] returns noop
rlm_sqlcounter: Entering module authorize code
rlm_sqlcounter: Could not find Check item value pair
++[monthlycounter] returns noop
rlm_sqlcounter: Entering module authorize code
rlm_sqlcounter: Could not find Check item value pair
++[daypasscounter] returns noop
[pap] Found existing Auth-Type, not changing it.
++[pap] returns noop
Found Auth-Type = MSCHAP
+- entering group MS-CHAP {...}
[mschap] Told to do MS-CHAPv2 for tup140412 with NT-Password
[mschap] adding MS-CHAPv2 MPPE keys
++[mschap] returns ok
Login OK: [tup140412] (from client xxx-gateway port 10 cli 3C-8B-FE-D8-66-6E)
+- entering group post-auth {...}
[sql]   expand: %{User-Name} -> tup140412
[sql] sql_set_user escaped user --> 'tup140412'
[sql]   expand: %{User-Password} ->
[sql]   ... expanding second conditional
[sql]   expand: %{Chap-Password} ->
[sql]   expand: INSERT INTO radpostauth (username, pass, reply,
authdate) VALUES ( '%{User-Name}',
'%{%{User-Password}:-%{Chap-Password}}', '%{reply:Packet-Type}', '%S')
-> INSERT INTO radpostauth (username, pass, reply, authdate) VALUES (
'tup140412', '', 'Access-Accept', '2012-04-05 08:01:35')
rlm_sql (sql) in sql_postauth: query is INSERT INTO radpostauth
(username, pass, reply, authdate) VALUES ( 'tup140412', '',
'Access-Accept', '2012-04-05 08:01:35')
rlm_sql (sql): Reserving sql socket id: 1
rlm_sql (sql): Released sql socket id: 1
++[sql] returns ok
++[exec] returns noop
Sending Access-Accept of id 71 to xx.xx.xx.xx port 32772
  Idle-Timeout := 3600 [from radgroupreply]
  Colubris-AVPair += "one-to-one-nat=1" [from radgroupreply]
  Colubris-AVPair += "smtp-redirect=xx.xx.xx.xx" [from radgroupreply]
  MS-CHAP2-Success =
0x47533d46453336353138333746413938383539443430424143443130383539364131454434363631384642
  MS-MPPE-Recv-Key = 0x200ce521f54129a00b8ddbfa0d38a1df
  MS-MPPE-Send-Key = 0x64debbade6a03f53df884e7ef78a7645
  MS-MPPE-Encryption-Policy = 0x00000001
  MS-MPPE-Encryption-Types = 0x00000006


More information about the Freeradius-Users mailing list