sql_counter module doesn't count
lucia
j.eskobar at gmx.de
Mon Aug 12 22:54:13 CEST 2013
Hi ,
I want to use the sql_counter module in my radius server.
The SQL module seems to work correct, but the calculating of the
connection time does not return any result because there is no entry
at all in the radius database table "radacct" after a test user has
logged in or stays logged in.
I have no idea where I have to look next. The FreeRadius runs on a
Synology NAS and I'm also not sure if all modules are precompiled and
usable.
My User table radcheck looks like this:
username: attribute: op: value:
tee Cleartext-Password := abc
tee Max-All-Session := 120
the radusergroup is empty.
Attached is the radius -X debug message after one test-user has connected.
Any hints ?
Thanks and Regards
Lu
FreeRADIUS Version 2.1.10, for host armle-unknown-linux-gnu, built on
Mar 14 2013 at 11:55:30
Copyright (C) 1999-2009 The FreeRADIUS server project and contributors.
There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A
PARTICULAR PURPOSE.
You may redistribute copies of FreeRADIUS under the terms of the
GNU General Public License v2.
Starting - reading configuration files ...
including configuration file
/var/packages/RadiusServer/target//etc/raddb/radiusd.conf
including configuration file /usr/local/synoradius/rad_listen
including configuration file /usr/local/synoradius/rad_port_auth
including configuration file /usr/local/synoradius/rad_port_auth
including configuration file /usr/local/synoradius/rad_port_auth
including configuration file
/var/packages/RadiusServer/target//etc/raddb/clients.conf
including configuration file /usr/local/synoradius/rad_clients
including files in directory
/var/packages/RadiusServer/target//etc/raddb/modules/
including configuration file
/var/packages/RadiusServer/target//etc/raddb/modules/counter
including configuration file
/var/packages/RadiusServer/target//etc/raddb/modules/checkval
including configuration file
/var/packages/RadiusServer/target//etc/raddb/modules/logintime
including configuration file
/var/packages/RadiusServer/target//etc/raddb/modules/perl
including configuration file
/var/packages/RadiusServer/target//etc/raddb/modules/detail.log
including configuration file
/var/packages/RadiusServer/target//etc/raddb/modules/linelog
including configuration file
/var/packages/RadiusServer/target//etc/raddb/modules/attr_rewrite
including configuration file
/var/packages/RadiusServer/target//etc/raddb/modules/inner-eap
including configuration file
/var/packages/RadiusServer/target//etc/raddb/modules/sradutmp
including configuration file
/var/packages/RadiusServer/target//etc/raddb/modules/preprocess
including configuration file
/var/packages/RadiusServer/target//etc/raddb/modules/dynamic_clients
including configuration file
/var/packages/RadiusServer/target//etc/raddb/modules/chap
including configuration file
/var/packages/RadiusServer/target//etc/raddb/modules/unix
including configuration file
/var/packages/RadiusServer/target//etc/raddb/modules/realm
including configuration file
/var/packages/RadiusServer/target//etc/raddb/modules/digest
including configuration file
/var/packages/RadiusServer/target//etc/raddb/modules/files
including configuration file
/var/packages/RadiusServer/target//etc/raddb/modules/etc_group
including configuration file
/var/packages/RadiusServer/target//etc/raddb/modules/wimax
including configuration file
/var/packages/RadiusServer/target//etc/raddb/modules/ippool
including configuration file
/var/packages/RadiusServer/target//etc/raddb/modules/radutmp
including configuration file
/var/packages/RadiusServer/target//etc/raddb/modules/expiration
including configuration file
/var/packages/RadiusServer/target//etc/raddb/modules/echo
including configuration file
/var/packages/RadiusServer/target//etc/raddb/modules/sqlcounter_expire_on_login
including configuration file
/var/packages/RadiusServer/target//etc/raddb/modules/expr
including configuration file
/var/packages/RadiusServer/target//etc/raddb/modules/mac2vlan
including configuration file
/var/packages/RadiusServer/target//etc/raddb/modules/krb5
including configuration file
/var/packages/RadiusServer/target//etc/raddb/modules/exec
including configuration file
/var/packages/RadiusServer/target//etc/raddb/modules/always
including configuration file
/var/packages/RadiusServer/target//etc/raddb/modules/smbpasswd
including configuration file
/var/packages/RadiusServer/target//etc/raddb/modules/cui
including configuration file
/var/packages/RadiusServer/target//etc/raddb/modules/pam
including configuration file
/var/packages/RadiusServer/target//etc/raddb/modules/passwd
including configuration file
/var/packages/RadiusServer/target//etc/raddb/modules/opendirectory
including configuration file
/var/packages/RadiusServer/target//etc/raddb/modules/mschap_ad
including configuration file
/var/packages/RadiusServer/target//etc/raddb/modules/ldap
including configuration file /usr/local/synoradius/rad_ldap
including configuration file
/var/packages/RadiusServer/target//etc/raddb/modules/detail
including configuration file
/var/packages/RadiusServer/target//etc/raddb/modules/policy
including configuration file
/var/packages/RadiusServer/target//etc/raddb/modules/mschap
including configuration file
/var/packages/RadiusServer/target//etc/raddb/modules/detail.example.com
including configuration file
/var/packages/RadiusServer/target//etc/raddb/modules/attr_filter
including configuration file
/var/packages/RadiusServer/target//etc/raddb/modules/smsotp
including configuration file
/var/packages/RadiusServer/target//etc/raddb/modules/acct_unique
including configuration file
/var/packages/RadiusServer/target//etc/raddb/modules/pap
including configuration file
/var/packages/RadiusServer/target//etc/raddb/modules/otp
including configuration file
/var/packages/RadiusServer/target//etc/raddb/modules/mac2ip
including configuration file
/var/packages/RadiusServer/target//etc/raddb/modules/sql_log
including configuration file
/var/packages/RadiusServer/target//etc/raddb/modules/ntlm_auth
including configuration file /usr/local/synoradius/rad_ntlm_auth
including configuration file
/var/packages/RadiusServer/target//etc/raddb/eap.conf
including configuration file
/var/packages/RadiusServer/target//etc/raddb/sql.conf
including configuration file
/var/packages/RadiusServer/target//etc/raddb/sql/mysql/dialup.conf
including configuration file
/var/packages/RadiusServer/target//etc/raddb/./counter.conf
including configuration file
/var/packages/RadiusServer/target//etc/raddb/counter.conf
including configuration file
/var/packages/RadiusServer/target//etc/raddb/policy.conf
including files in directory
/var/packages/RadiusServer/target//etc/raddb/sites-enabled/
including configuration file
/var/packages/RadiusServer/target//etc/raddb/sites-enabled/inner-tunnel
including configuration file /usr/local/synoradius/rad_site_inn
including configuration file /usr/local/synoradius/rad_site_inn_local
including configuration file /usr/local/synoradius/rad_port_inner
including configuration file
/var/packages/RadiusServer/target//etc/raddb/sites-enabled/control-socket
including configuration file
/var/packages/RadiusServer/target//etc/raddb/sites-enabled/default
including configuration file /usr/local/synoradius/rad_site_def
including configuration file /usr/local/synoradius/rad_site_def_local
main {
allow_core_dumps = no
}
including dictionary file
/var/packages/RadiusServer/target//etc/raddb/dictionary
main {
prefix = "/var/packages/RadiusServer/target/"
localstatedir = "/var/packages/RadiusServer/target//var"
logdir = "/var/packages/RadiusServer/target//var/log/radius"
libdir = "/var/packages/RadiusServer/target//lib"
radacctdir =
"/var/packages/RadiusServer/target//var/log/radius/radacct"
hostname_lookups = no
max_request_time = 30
cleanup_delay = 5
max_requests = 1024
pidfile =
"/var/packages/RadiusServer/target//var/run/radiusd/radiusd.pid"
checkrad = "/var/packages/RadiusServer/target//sbin/checkrad"
debug_level = 0
proxy_requests = no
log {
stripped_names = no
auth = yes
auth_badpass = yes
auth_goodpass = no
}
security {
max_attributes = 200
reject_delay = 1
status_server = yes
}
}
radiusd: #### Loading Realms and Home Servers ####
radiusd: #### Loading Clients ####
client 192.168.178.25/24 {
require_message_authenticator = no
secret = "xxxx"
shortname = "EASYBOX"
}
client 127.0.0.1/24 {
require_message_authenticator = no
secret = "xxxx"
shortname = "Localhost"
}
radiusd: #### Instantiating modules ####
instantiate {
Module: Linked to module rlm_exec
Module: Instantiating module "exec" from file
/var/packages/RadiusServer/target//etc/raddb/modules/exec
exec {
wait = no
input_pairs = "request"
shell_escape = yes
}
Module: Linked to module rlm_expr
Module: Instantiating module "expr" from file
/var/packages/RadiusServer/target//etc/raddb/modules/expr
Module: Linked to module rlm_expiration
Module: Instantiating module "expiration" from file
/var/packages/RadiusServer/target//etc/raddb/modules/expiration
expiration {
reply-message = "Password Has Expired "
}
Module: Linked to module rlm_logintime
Module: Instantiating module "logintime" from file
/var/packages/RadiusServer/target//etc/raddb/modules/logintime
logintime {
reply-message = "You are calling outside your allowed timespan "
minimum-timeout = 60
}
Module: Linked to module rlm_sql
Module: Instantiating module "sql" from file
/var/packages/RadiusServer/target//etc/raddb/sql.conf
sql {
driver = "rlm_sql_mysql"
server = "localhost"
port = "3306"
login = "radius"
password = "xxxx"
radius_db = "radius"
read_groups = yes
sqltrace = yes
sqltracefile =
"/var/packages/RadiusServer/target//var/log/radius/sqltrace.sql"
readclients = no
deletestalesessions = yes
num_sql_socks = 5
lifetime = 0
max_queries = 0
sql_user_name = "%{User-Name}"
default_user_profile = ""
nas_query = "SELECT id, nasname, shortname, type, secret, server
FROM nas"
authorize_check_query = "SELECT id, username, attribute, value,
op FROM radcheck WHERE username =
'%{SQL-User-Name}' ORDER BY id"
authorize_reply_query = "SELECT id, username, attribute, value,
op FROM radreply WHERE username =
'%{SQL-User-Name}' ORDER BY id"
authorize_group_check_query = "SELECT id, groupname,
attribute, Value, op FROM radgroupcheck
WHERE groupname = '%{Sql-Group}' ORDER BY id"
authorize_group_reply_query = "SELECT id, groupname,
attribute, value, op FROM radgroupreply
WHERE groupname = '%{Sql-Group}' ORDER BY id"
accounting_onoff_query = " UPDATE radacct SET
acctstoptime = '%S', acctsessiontime = unix_timestamp('%S') -
unix_timestamp(acctstarttime), acctterminatecause =
'%{Acct-Terminate-Cause}', acctstopdelay =
%{%{Acct-Delay-Time}:-0} WHERE acctstoptime IS NULL
AND nasipaddress = '%{NAS-IP-Address}' AND
acctstarttime <= '%S'"
accounting_update_query = " UPDATE radacct
SET framedipaddress = '%{Framed-IP-Address}',
acctsessiontime = '%{Acct-Session-Time}',
acctinputoctets = '%{%{Acct-Input-Gigawords}:-0}' << 32 |
'%{%{Acct-Input-Octets}:-0}', acctoutputoctets =
'%{%{Acct-Output-Gigawords}:-0}' << 32 |
'%{%{Acct-Output-Octets}:-0}' WHERE acctsessionid =
'%{Acct-Session-Id}' AND username =
'%{SQL-User-Name}' AND nasipaddress = '%{NAS-IP-Address}'"
accounting_update_query_alt = " INSERT INTO
radacct (acctsessionid, acctuniqueid,
username, realm, nasipaddress,
nasportid, nasporttype, acctstarttime,
acctsessiontime, acctauthentic, connectinfo_start,
acctinputoctets, acctoutputoctets, calledstationid,
callingstationid, servicetype, framedprotocol,
framedipaddress, acctstartdelay,
xascendsessionsvrkey) VALUES ('%{Acct-Session-Id}',
'%{Acct-Unique-Session-Id}', '%{SQL-User-Name}',
'%{Realm}', '%{NAS-IP-Address}', '%{NAS-Port}',
'%{NAS-Port-Type}', DATE_SUB('%S', INTERVAL
(%{%{Acct-Session-Time}:-0} + %{%{Acct-Delay-Time}:-0}) SECOND),
'%{Acct-Session-Time}', '%{Acct-Authentic}',
'', '%{%{Acct-Input-Gigawords}:-0}' << 32 |
'%{%{Acct-Input-Octets}:-0}', '%{%{Acct-Output-Gigawords}:-0}' << 32 |
'%{%{Acct-Output-Octets}:-0}', '%{Called-Station-Id}',
'%{Calling-Station-Id}', '%{Service-Type}',
'%{Framed-Protocol}', '%{Framed-IP-Address}', '0',
'%{X-Ascend-Session-Svr-Key}')"
accounting_start_query = " INSERT INTO
radacct (acctsessionid, acctuniqueid,
username, realm, nasipaddress,
nasportid, nasporttype, acctstarttime,
acctstoptime, acctsessiontime, acctauthentic,
connectinfo_start, connectinfo_stop, acctinputoctets,
acctoutputoctets, calledstationid, callingstationid,
acctterminatecause, servicetype, framedprotocol,
framedipaddress, acctstartdelay, acctstopdelay,
xascendsessionsvrkey) VALUES ('%{Acct-Session-Id}',
'%{Acct-Unique-Session-Id}', '%{SQL-User-Name}',
'%{Realm}', '%{NAS-IP-Address}', '%{NAS-Port}',
'%{NAS-Port-Type}', '%S', NULL, '0', '%{Acct-Authentic}',
'%{Connect-Info}', '', '0', '0', '%{Called-Station-Id}',
'%{Calling-Station-Id}', '', '%{Service-Type}', '%{Framed-Protocol}',
'%{Framed-IP-Address}', '%{%{Acct-Delay-Time}:-0}', '0',
'%{X-Ascend-Session-Svr-Key}')"
accounting_start_query_alt = " UPDATE radacct
SET acctstarttime = '%S', acctstartdelay =
'%{%{Acct-Delay-Time}:-0}', connectinfo_start =
'%{Connect-Info}' WHERE acctsessionid =
'%{Acct-Session-Id}' AND username =
'%{SQL-User-Name}' AND nasipaddress = '%{NAS-IP-Address}'"
accounting_stop_query = " UPDATE radacct SET
acctstoptime = '%S', acctsessiontime = '%{Acct-Session-Time}',
acctinputoctets = '%{%{Acct-Input-Gigawords}:-0}' << 32 |
'%{%{Acct-Input-Octets}:-0}', acctoutputoctets =
'%{%{Acct-Output-Gigawords}:-0}' << 32 |
'%{%{Acct-Output-Octets}:-0}', acctterminatecause =
'%{Acct-Terminate-Cause}', acctstopdelay =
'%{%{Acct-Delay-Time}:-0}', connectinfo_stop =
'%{Connect-Info}' WHERE acctsessionid =
'%{Acct-Session-Id}' AND username =
'%{SQL-User-Name}' AND nasipaddress = '%{NAS-IP-Address}'"
accounting_stop_query_alt = " INSERT INTO
radacct (acctsessionid, acctuniqueid, username,
realm, nasipaddress, nasportid, nasporttype, acctstarttime,
acctstoptime, acctsessiontime, acctauthentic, connectinfo_start,
connectinfo_stop, acctinputoctets, acctoutputoctets, calledstationid,
callingstationid, acctterminatecause, servicetype, framedprotocol,
framedipaddress, acctstartdelay, acctstopdelay) VALUES
('%{Acct-Session-Id}', '%{Acct-Unique-Session-Id}',
'%{SQL-User-Name}', '%{Realm}', '%{NAS-IP-Address}',
'%{NAS-Port}', '%{NAS-Port-Type}',
DATE_SUB('%S', INTERVAL (%{%{Acct-Session-Time}:-0}
+ %{%{Acct-Delay-Time}:-0}) SECOND), '%S',
'%{Acct-Session-Time}', '%{Acct-Authentic}', '',
'%{Connect-Info}', '%{%{Acct-Input-Gigawords}:-0}' << 32 |
'%{%{Acct-Input-Octets}:-0}', '%{%{Acct-Output-Gigawords}:-0}' << 32 |
'%{%{Acct-Output-Octets}:-0}', '%{Called-Station-Id}',
'%{Calling-Station-Id}', '%{Acct-Terminate-Cause}',
'%{Service-Type}', '%{Framed-Protocol}',
'%{Framed-IP-Address}', '0', '%{%{Acct-Delay-Time}:-0}')"
group_membership_query = "SELECT groupname FROM
radusergroup WHERE username = '%{SQL-User-Name}' ORDER BY
priority"
connect_failure_retry_delay = 6
simul_count_query = ""
simul_verify_query = "SELECT radacctid, acctsessionid,
username, nasipaddress, nasportid,
framedipaddress, callingstationid,
framedprotocol FROM
radacct WHERE username =
'%{SQL-User-Name}' AND acctstoptime IS NULL"
postauth_query = "INSERT INTO radpostauth
(username, pass, reply, authdate) VALUES (
'%{User-Name}', '%{%{User-Password}:-%{Chap-Password}}',
'%{reply:Packet-Type}', '%S')"
safe-characters =
"@abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789.-_: /"
}
rlm_sql (sql): Driver rlm_sql_mysql (module rlm_sql_mysql) loaded and linked
rlm_sql (sql): Attempting to connect to radius at localhost:3306/radius
rlm_sql (sql): starting 0
rlm_sql (sql): Attempting to connect rlm_sql_mysql #0
rlm_sql_mysql: Starting connect to MySQL server for #0
rlm_sql (sql): Connected new DB handle, #0
rlm_sql (sql): starting 1
rlm_sql (sql): Attempting to connect rlm_sql_mysql #1
rlm_sql_mysql: Starting connect to MySQL server for #1
rlm_sql (sql): Connected new DB handle, #1
rlm_sql (sql): starting 2
rlm_sql (sql): Attempting to connect rlm_sql_mysql #2
rlm_sql_mysql: Starting connect to MySQL server for #2
rlm_sql (sql): Connected new DB handle, #2
rlm_sql (sql): starting 3
rlm_sql (sql): Attempting to connect rlm_sql_mysql #3
rlm_sql_mysql: Starting connect to MySQL server for #3
rlm_sql (sql): Connected new DB handle, #3
rlm_sql (sql): starting 4
rlm_sql (sql): Attempting to connect rlm_sql_mysql #4
rlm_sql_mysql: Starting connect to MySQL server for #4
rlm_sql (sql): Connected new DB handle, #4
}
radiusd: #### Loading Virtual Servers ####
server inner-tunnel { # from file /usr/local/synoradius/rad_site_inn_local
modules {
Module: Checking authenticate {...} for more modules to load
Module: Linked to module rlm_pap
Module: Instantiating module "pap" from file
/var/packages/RadiusServer/target//etc/raddb/modules/pap
pap {
encryption_scheme = "auto"
auto_header = no
}
Module: Linked to module rlm_chap
Module: Instantiating module "chap" from file
/var/packages/RadiusServer/target//etc/raddb/modules/chap
Module: Linked to module rlm_mschap
Module: Instantiating module "mschap" from file
/var/packages/RadiusServer/target//etc/raddb/modules/mschap
mschap {
use_mppe = yes
require_encryption = no
require_strong = no
with_ntdomain_hack = yes
}
Module: Linked to module rlm_unix
Module: Instantiating module "unix" from file
/var/packages/RadiusServer/target//etc/raddb/modules/unix
unix {
radwtmp = "/var/packages/RadiusServer/target//var/log/radius/radwtmp"
}
Module: Linked to module rlm_eap
Module: Instantiating module "eap" from file
/var/packages/RadiusServer/target//etc/raddb/eap.conf
eap {
default_eap_type = "mschapv2"
timer_expire = 60
ignore_unknown_eap_types = no
cisco_accounting_username_bug = no
max_sessions = 4096
}
Module: Linked to sub-module rlm_eap_md5
Module: Instantiating eap-md5
Module: Linked to sub-module rlm_eap_leap
Module: Instantiating eap-leap
Module: Linked to sub-module rlm_eap_gtc
Module: Instantiating eap-gtc
gtc {
challenge = "Password: "
auth_type = "PAP"
}
Module: Linked to sub-module rlm_eap_tls
Module: Instantiating eap-tls
tls {
rsa_key_exchange = no
dh_key_exchange = yes
rsa_key_length = 512
dh_key_length = 512
verify_depth = 0
CA_path = "/usr/syno/etc/ssl/ssl.crt"
pem_file_type = yes
private_key_file = "/usr/syno/etc/ssl/ssl.key/server.key"
certificate_file = "/usr/syno/etc/ssl/ssl.crt/server.crt"
CA_file = "/usr/syno/etc/ssl/ssl.crt/ca.crt"
private_key_password = "12345"
dh_file = "/var/packages/RadiusServer/target//etc/raddb/certs/dh"
random_file =
"/var/packages/RadiusServer/target//etc/raddb/certs/random"
fragment_size = 1024
include_length = yes
check_crl = no
cipher_list = "DEFAULT"
verify {
}
}
Module: Linked to sub-module rlm_eap_ttls
Module: Instantiating eap-ttls
ttls {
default_eap_type = "mschapv2"
copy_request_to_tunnel = no
use_tunneled_reply = no
virtual_server = "inner-tunnel"
include_length = yes
}
Module: Linked to sub-module rlm_eap_peap
Module: Instantiating eap-peap
peap {
default_eap_type = "mschapv2"
copy_request_to_tunnel = no
use_tunneled_reply = no
proxy_tunneled_request_as_eap = yes
virtual_server = "inner-tunnel"
}
Module: Linked to sub-module rlm_eap_mschapv2
Module: Instantiating eap-mschapv2
mschapv2 {
with_ntdomain_hack = no
}
Module: Checking authorize {...} for more modules to load
Module: Linked to module rlm_realm
Module: Instantiating module "suffix" from file
/var/packages/RadiusServer/target//etc/raddb/modules/realm
realm suffix {
format = "suffix"
delimiter = "@"
ignore_default = no
ignore_null = no
}
Module: Linked to module rlm_files
Module: Instantiating module "files" from file
/var/packages/RadiusServer/target//etc/raddb/modules/files
files {
usersfile = "/var/packages/RadiusServer/target//etc/raddb/users"
acctusersfile =
"/var/packages/RadiusServer/target//etc/raddb/acct_users"
preproxy_usersfile =
"/var/packages/RadiusServer/target//etc/raddb/preproxy_users"
compat = "no"
}
Module: Linked to module rlm_passwd
Module: Instantiating module "smbpasswd" from file
/var/packages/RadiusServer/target//etc/raddb/modules/smbpasswd
passwd smbpasswd {
filename = "/usr/syno/etc/private/smbpasswd"
format = "*User-Name::LM-Password:NT-Password:SMB-Account-CTRL-TEXT::"
delimiter = ":"
ignorenislike = no
ignoreempty = yes
allowmultiplekeys = no
hashsize = 100
}
rlm_passwd: nfields: 7 keyfield 0(User-Name) listable: no
Module: Checking session {...} for more modules to load
Module: Linked to module rlm_radutmp
Module: Instantiating module "radutmp" from file
/var/packages/RadiusServer/target//etc/raddb/modules/radutmp
radutmp {
filename = "/var/packages/RadiusServer/target//var/log/radius/radutmp"
username = "%{User-Name}"
case_sensitive = yes
check_with_nas = yes
perm = 384
callerid = yes
}
Module: Checking post-proxy {...} for more modules to load
Module: Checking post-auth {...} for more modules to load
Module: Linked to module rlm_attr_filter
Module: Instantiating module "attr_filter.access_reject" from file
/var/packages/RadiusServer/target//etc/raddb/modules/attr_filter
attr_filter attr_filter.access_reject {
attrsfile =
"/var/packages/RadiusServer/target//etc/raddb/attrs.access_reject"
key = "%{User-Name}"
}
} # modules
} # server
server { # from file
/var/packages/RadiusServer/target//etc/raddb/radiusd.conf
modules {
Module: Checking authenticate {...} for more modules to load
Module: Linked to module rlm_digest
Module: Instantiating module "digest" from file
/var/packages/RadiusServer/target//etc/raddb/modules/digest
Module: Checking authorize {...} for more modules to load
Module: Linked to module rlm_preprocess
Module: Instantiating module "preprocess" from file
/var/packages/RadiusServer/target//etc/raddb/modules/preprocess
preprocess {
huntgroups = "/var/packages/RadiusServer/target//etc/raddb/huntgroups"
hints = "/var/packages/RadiusServer/target//etc/raddb/hints"
with_ascend_hack = no
ascend_channels_per_line = 23
with_ntdomain_hack = no
with_specialix_jetstream_hack = no
with_cisco_vsa_hack = no
with_alvarion_vsa_hack = no
}
Module: Linked to module rlm_sqlcounter
Module: Instantiating module "noresetcounter" from file
/var/packages/RadiusServer/target//etc/raddb/counter.conf
sqlcounter noresetcounter {
counter-name = "Max-All-Session-Time"
check-name = "Max-All-Session"
key = "User-Name"
sqlmod-inst = "sql"
query = "SELECT IFNULL(SUM(AcctSessionTime),0) FROM radacct WHERE
UserName='%{%k}'"
reset = "never"
safe-characters =
"@abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789.-_: /"
}
rlm_sqlcounter: Reply attribute set to Session-Timeout.
rlm_sqlcounter: Counter attribute Max-All-Session-Time is number 11273
rlm_sqlcounter: Check attribute Max-All-Session is number 11274
rlm_sqlcounter: Current Time: 1376339087 [2013-08-12 23:24:47], Next
reset 0 [2013-08-12 23:00:00]
rlm_sqlcounter: Current Time: 1376339087 [2013-08-12 23:24:47], Prev
reset 0 [2013-08-12 23:00:00]
Module: Instantiating module "dailycounter" from file
/var/packages/RadiusServer/target//etc/raddb/counter.conf
sqlcounter dailycounter {
counter-name = "Daily-Session-Time"
check-name = "Max-Daily-Session"
reply-name = "Session-Timeout"
key = "User-Name"
sqlmod-inst = "sql"
query = "SELECT SUM(acctsessiontime - GREATEST((%b -
UNIX_TIMESTAMP(acctstarttime)), 0)) FROM radacct WHERE username =
'%{%k}' AND UNIX_TIMESTAMP(acctstarttime) + acctsessiontime > '%b'"
reset = "daily"
safe-characters =
"@abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789.-_: /"
}
rlm_sqlcounter: Reply attribute Session-Timeout is number 27
rlm_sqlcounter: Counter attribute Daily-Session-Time is number 11275
rlm_sqlcounter: Check attribute Max-Daily-Session is number 11276
rlm_sqlcounter: Current Time: 1376339087 [2013-08-12 23:24:47], Next
reset 1376341200 [2013-08-13 00:00:00]
rlm_sqlcounter: Current Time: 1376339087 [2013-08-12 23:24:47], Prev
reset 1376254800 [2013-08-12 00:00:00]
Module: Instantiating module "monthlycounter" from file
/var/packages/RadiusServer/target//etc/raddb/counter.conf
sqlcounter monthlycounter {
counter-name = "Monthly-Session-Time"
check-name = "Max-Monthly-Session"
reply-name = "Session-Timeout"
key = "User-Name"
sqlmod-inst = "sql"
query = "SELECT SUM(acctsessiontime - GREATEST((%b -
UNIX_TIMESTAMP(acctstarttime)), 0)) FROM radacct WHERE username='%{%k}'
AND UNIX_TIMESTAMP(acctstarttime) + acctsessiontime > '%b'"
reset = "monthly"
safe-characters =
"@abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789.-_: /"
}
rlm_sqlcounter: Reply attribute Session-Timeout is number 27
rlm_sqlcounter: Counter attribute Monthly-Session-Time is number 11277
rlm_sqlcounter: Check attribute Max-Monthly-Session is number 11278
rlm_sqlcounter: Current Time: 1376339087 [2013-08-12 23:24:47], Next
reset 1377982800 [2013-09-01 00:00:00]
rlm_sqlcounter: Current Time: 1376339087 [2013-08-12 23:24:47], Prev
reset 1375304400 [2013-08-01 00:00:00]
Module: Checking preacct {...} for more modules to load
Module: Linked to module rlm_acct_unique
Module: Instantiating module "acct_unique" from file
/var/packages/RadiusServer/target//etc/raddb/modules/acct_unique
acct_unique {
key = "User-Name, Acct-Session-Id, NAS-IP-Address,
Client-IP-Address, NAS-Port"
}
Module: Checking accounting {...} for more modules to load
Module: Linked to module rlm_detail
Module: Instantiating module "detail" from file
/var/packages/RadiusServer/target//etc/raddb/modules/detail
detail {
detailfile =
"/var/packages/RadiusServer/target//var/log/radius/radacct/%{Client-IP-Address}/detail-%Y%m%d"
header = "%t"
detailperm = 384
dirperm = 493
locking = no
log_packet_header = no
}
Module: Instantiating module "attr_filter.accounting_response" from
file /var/packages/RadiusServer/target//etc/raddb/modules/attr_filter
attr_filter attr_filter.accounting_response {
attrsfile =
"/var/packages/RadiusServer/target//etc/raddb/attrs.accounting_response"
key = "%{User-Name}"
}
Module: Checking session {...} for more modules to load
Module: Checking post-proxy {...} for more modules to load
Module: Checking post-auth {...} for more modules to load
} # modules
} # server
radiusd: #### Opening IP addresses and Ports ####
listen {
type = "auth"
ipaddr = 192.168.178.24
port = 1812
}
listen {
type = "auth"
ipaddr = 127.0.0.1
port = 1812
}
listen {
type = "auth"
ipaddr = 10.8.0.1
port = 1812
}
listen {
type = "control"
listen {
socket =
"/var/packages/RadiusServer/target//var/run/radiusd/radiusd.sock"
}
}
listen {
type = "auth"
ipaddr = 127.0.0.1
port = 18120
}
Listening on authentication address 192.168.178.24 port 1812
Listening on authentication address 127.0.0.1 port 1812
Listening on authentication address 10.8.0.1 port 1812
Listening on command file
/var/packages/RadiusServer/target//var/run/radiusd/radiusd.sock
Listening on authentication address 127.0.0.1 port 18120 as server
inner-tunnel
Ready to process requests.
rad_recv: Access-Request packet from host 192.168.178.25 port 32888,
id=2, length=148
User-Name = "tee"
NAS-IP-Address = 0.0.0.0
Called-Station-Id = "7C-4F-B5-FE-BD-14:SEHR_GEHEIM"
Calling-Station-Id = "14-89-FD-DA-ED-19"
NAS-Identifier = "BOSS-SYNOLOGY"
NAS-Port = 29
Service-Type = Framed-User
Framed-MTU = 1400
NAS-Port-Type = Wireless-802.11
EAP-Message = 0x0202000801746565
Message-Authenticator = 0xf59055370165c1ac3839db5f8195752c
SYNOUserGet failed. [0x1D00 user_db_get.c:63]
# Executing section authorize from file
/usr/local/synoradius/rad_site_def_local
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
++[digest] returns noop
[suffix] No '@' in User-Name = "tee", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] EAP packet type response id 2 length 8
[eap] No EAP Start, assuming it's an on-going EAP conversation
++[eap] returns updated
++[unix] returns notfound
++[smbpasswd] returns notfound
++[expiration] returns noop
++[logintime] returns noop
[sql] expand: %{User-Name} -> tee
[sql] sql_set_user escaped user --> 'tee'
rlm_sql (sql): Reserving sql socket id: 4
[sql] expand: SELECT id, username, attribute, value, op
FROM radcheck WHERE username = '%{SQL-User-Name}'
ORDER BY id -> SELECT id, username, attribute, value, op FROM
radcheck WHERE username = 'tee' ORDER BY id
rlm_sql_mysql: query: SELECT id, username, attribute, value,
op FROM radcheck WHERE username = 'tee'
ORDER BY id
[sql] User found in radcheck table
[sql] expand: SELECT id, username, attribute, value, op
FROM radreply WHERE username = '%{SQL-User-Name}'
ORDER BY id -> SELECT id, username, attribute, value, op FROM
radreply WHERE username = 'tee' ORDER BY id
rlm_sql_mysql: query: SELECT id, username, attribute, value,
op FROM radreply WHERE username = 'tee'
ORDER BY id
[sql] expand: SELECT groupname FROM radusergroup
WHERE username = '%{SQL-User-Name}' ORDER BY priority -> SELECT
groupname FROM radusergroup WHERE username =
'tee' ORDER BY priority
rlm_sql_mysql: query: SELECT groupname FROM
radusergroup WHERE username = 'tee' ORDER BY priority
rlm_sql (sql): Released sql socket id: 4
++[sql] returns ok
rlm_sqlcounter: Entering module authorize code
sqlcounter_expand: 'SELECT IFNULL(SUM(AcctSessionTime),0) FROM radacct
WHERE UserName='%{User-Name}''
[noresetcounter] expand: SELECT IFNULL(SUM(AcctSessionTime),0) FROM
radacct WHERE UserName='%{User-Name}' -> SELECT
IFNULL(SUM(AcctSessionTime),0) FROM radacct WHERE UserName='tee'
sqlcounter_expand: '%{sql:SELECT IFNULL(SUM(AcctSessionTime),0) FROM
radacct WHERE UserName='tee'}'
[noresetcounter] sql_xlat
[noresetcounter] expand: %{User-Name} -> tee
[noresetcounter] sql_set_user escaped user --> 'tee'
[noresetcounter] expand: SELECT IFNULL(SUM(AcctSessionTime),0) FROM
radacct WHERE UserName='tee' -> SELECT IFNULL(SUM(AcctSessionTime),0)
FROM radacct WHERE UserName='tee'
[noresetcounter] expand:
/var/packages/RadiusServer/target//var/log/radius/sqltrace.sql ->
/var/packages/RadiusServer/target//var/log/radius/sqltrace.sql
rlm_sql (sql): Reserving sql socket id: 3
rlm_sql_mysql: query: SELECT IFNULL(SUM(AcctSessionTime),0) FROM
radacct WHERE UserName='tee'
[noresetcounter] sql_xlat finished
rlm_sql (sql): Released sql socket id: 3
[noresetcounter] expand: %{sql:SELECT IFNULL(SUM(AcctSessionTime),0)
FROM radacct WHERE UserName='tee'} -> 0
rlm_sqlcounter: Check item is greater than query result
rlm_sqlcounter: Authorized user tee, check_item=10, counter=0
rlm_sqlcounter: Sent Reply-Item for user tee, Type=Session-Timeout, value=10
++[noresetcounter] returns ok
rlm_sqlcounter: Entering module authorize code
rlm_sqlcounter: Could not find Check item value pair
++[dailycounter] returns noop
rlm_sqlcounter: Entering module authorize code
rlm_sqlcounter: Could not find Check item value pair
++[monthlycounter] returns noop
[pap] WARNING: Auth-Type already set. Not setting to PAP
++[pap] returns noop
Found Auth-Type = EAP
# Executing group from file /usr/local/synoradius/rad_site_def_local
+- entering group authenticate {...}
[eap] EAP Identity
[eap] processing type mschapv2
rlm_eap_mschapv2: Issuing Challenge
++[eap] returns handled
Sending Access-Challenge of id 2 to 192.168.178.25 port 32888
Session-Timeout = 10
EAP-Message =
0x0103001d1a01030018102526be8601cef6396823d8998c0b6b83746565
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x80f6878580f59d56ed034e3134225de2
Finished request 0.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 192.168.178.25 port 32889,
id=3, length=164
User-Name = "tee"
NAS-IP-Address = 0.0.0.0
Called-Station-Id = "7C-4F-B5-FE-BD-14:SEHR_GEHEIM"
Calling-Station-Id = "14-89-FD-DA-ED-19"
NAS-Identifier = "BOSS-SYNOLOGY"
NAS-Port = 29
Service-Type = Framed-User
Framed-MTU = 1400
NAS-Port-Type = Wireless-802.11
State = 0x80f6878580f59d56ed034e3134225de2
EAP-Message = 0x020300060319
Message-Authenticator = 0xee84edb24a2bb9a12f35e3a403393663
SYNOUserGet failed. [0x1D00 user_db_get.c:63]
# Executing section authorize from file
/usr/local/synoradius/rad_site_def_local
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
++[digest] returns noop
[suffix] No '@' in User-Name = "tee", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] EAP packet type response id 3 length 6
[eap] No EAP Start, assuming it's an on-going EAP conversation
++[eap] returns updated
++[unix] returns notfound
++[smbpasswd] returns notfound
++[expiration] returns noop
++[logintime] returns noop
[sql] expand: %{User-Name} -> tee
[sql] sql_set_user escaped user --> 'tee'
rlm_sql (sql): Reserving sql socket id: 2
[sql] expand: SELECT id, username, attribute, value, op
FROM radcheck WHERE username = '%{SQL-User-Name}'
ORDER BY id -> SELECT id, username, attribute, value, op FROM
radcheck WHERE username = 'tee' ORDER BY id
rlm_sql_mysql: query: SELECT id, username, attribute, value,
op FROM radcheck WHERE username = 'tee'
ORDER BY id
[sql] User found in radcheck table
[sql] expand: SELECT id, username, attribute, value, op
FROM radreply WHERE username = '%{SQL-User-Name}'
ORDER BY id -> SELECT id, username, attribute, value, op FROM
radreply WHERE username = 'tee' ORDER BY id
rlm_sql_mysql: query: SELECT id, username, attribute, value,
op FROM radreply WHERE username = 'tee'
ORDER BY id
[sql] expand: SELECT groupname FROM radusergroup
WHERE username = '%{SQL-User-Name}' ORDER BY priority -> SELECT
groupname FROM radusergroup WHERE username =
'tee' ORDER BY priority
rlm_sql_mysql: query: SELECT groupname FROM
radusergroup WHERE username = 'tee' ORDER BY priority
rlm_sql (sql): Released sql socket id: 2
++[sql] returns ok
rlm_sqlcounter: Entering module authorize code
sqlcounter_expand: 'SELECT IFNULL(SUM(AcctSessionTime),0) FROM radacct
WHERE UserName='%{User-Name}''
[noresetcounter] expand: SELECT IFNULL(SUM(AcctSessionTime),0) FROM
radacct WHERE UserName='%{User-Name}' -> SELECT
IFNULL(SUM(AcctSessionTime),0) FROM radacct WHERE UserName='tee'
sqlcounter_expand: '%{sql:SELECT IFNULL(SUM(AcctSessionTime),0) FROM
radacct WHERE UserName='tee'}'
[noresetcounter] sql_xlat
[noresetcounter] expand: %{User-Name} -> tee
[noresetcounter] sql_set_user escaped user --> 'tee'
[noresetcounter] expand: SELECT IFNULL(SUM(AcctSessionTime),0) FROM
radacct WHERE UserName='tee' -> SELECT IFNULL(SUM(AcctSessionTime),0)
FROM radacct WHERE UserName='tee'
[noresetcounter] expand:
/var/packages/RadiusServer/target//var/log/radius/sqltrace.sql ->
/var/packages/RadiusServer/target//var/log/radius/sqltrace.sql
rlm_sql (sql): Reserving sql socket id: 1
rlm_sql_mysql: query: SELECT IFNULL(SUM(AcctSessionTime),0) FROM
radacct WHERE UserName='tee'
[noresetcounter] sql_xlat finished
rlm_sql (sql): Released sql socket id: 1
[noresetcounter] expand: %{sql:SELECT IFNULL(SUM(AcctSessionTime),0)
FROM radacct WHERE UserName='tee'} -> 0
rlm_sqlcounter: Check item is greater than query result
rlm_sqlcounter: Authorized user tee, check_item=10, counter=0
rlm_sqlcounter: Sent Reply-Item for user tee, Type=Session-Timeout, value=10
++[noresetcounter] returns ok
rlm_sqlcounter: Entering module authorize code
rlm_sqlcounter: Could not find Check item value pair
++[dailycounter] returns noop
rlm_sqlcounter: Entering module authorize code
rlm_sqlcounter: Could not find Check item value pair
++[monthlycounter] returns noop
[pap] WARNING: Auth-Type already set. Not setting to PAP
++[pap] returns noop
Found Auth-Type = EAP
# Executing group from file /usr/local/synoradius/rad_site_def_local
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP NAK
[eap] EAP-NAK asked for EAP-Type/peap
[eap] processing type tls
[tls] Initiate
[tls] Start returned 1
++[eap] returns handled
Sending Access-Challenge of id 3 to 192.168.178.25 port 32889
Session-Timeout = 10
EAP-Message = 0x010400061920
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x80f6878581f29e56ed034e3134225de2
Finished request 1.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 192.168.178.25 port 32890,
id=4, length=358
User-Name = "tee"
NAS-IP-Address = 0.0.0.0
Called-Station-Id = "7C-4F-B5-FE-BD-14:SEHR_GEHEIM"
Calling-Station-Id = "14-89-FD-DA-ED-19"
NAS-Identifier = "BOSS-SYNOLOGY"
NAS-Port = 29
Service-Type = Framed-User
Framed-MTU = 1400
NAS-Port-Type = Wireless-802.11
State = 0x80f6878581f29e56ed034e3134225de2
EAP-Message =
0x020400c81980000000be16030100b9010000b503015209453a90c3ad1dc68b3867c87da1c17aca3b3104bd3f8411b2f706669db885000048c014c00a00390038c00fc0050035c012c00800160013c00dc003000ac013c00900330032c00ec004002fc011c007c00cc002000500040015001200090014001100080006000300ff01000044000b000403000102000a00340032000100020003000400050006000700080009000a000b000c000d000e000f001000110012001300140015001600170018001900230000
Message-Authenticator = 0xa061bb8038b36017614af4150749eb45
SYNOUserGet failed. [0x1D00 user_db_get.c:63]
# Executing section authorize from file
/usr/local/synoradius/rad_site_def_local
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
++[digest] returns noop
[suffix] No '@' in User-Name = "tee", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] EAP packet type response id 4 length 200
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
# Executing group from file /usr/local/synoradius/rad_site_def_local
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
TLS Length 190
[peap] Length Included
[peap] eaptls_verify returned 11
[peap] (other): before/accept initialization
[peap] TLS_accept: before/accept initialization
[peap] <<< TLS 1.0 Handshake [length 00b9], ClientHello
[peap] TLS_accept: SSLv3 read client hello A
[peap] >>> TLS 1.0 Handshake [length 0031], ServerHello
[peap] TLS_accept: SSLv3 write server hello A
[peap] >>> TLS 1.0 Handshake [length 068d], Certificate
[peap] TLS_accept: SSLv3 write certificate A
[peap] >>> TLS 1.0 Handshake [length 018d], ServerKeyExchange
[peap] TLS_accept: SSLv3 write key exchange A
[peap] >>> TLS 1.0 Handshake [length 0004], ServerHelloDone
[peap] TLS_accept: SSLv3 write server done A
[peap] TLS_accept: SSLv3 flush data
[peap] TLS_accept: Need to read more data: SSLv3 read client
certificate A
In SSL Handshake Phase
In SSL Accept mode
[peap] eaptls_process returned 13
[peap] EAPTLS_HANDLED
++[eap] returns handled
Sending Access-Challenge of id 4 to 192.168.178.25 port 32890
EAP-Message =
0x0105040019c00000086316030100310200002d0301520944b6b2e68061e8cb6e0810d75b046a7fc240531e641cc6ca21bd7fe212ae000039000005ff01000100160301068d0b00068900068600032f3082032b30820294a00302010202051132211a60300d06092a864886f70d01010505003081a7310b3009060355040613025457310f300d0603550408130654616977616e310f300d0603550407130654616970656931163014060355040a130d53796e6f6c6f677920496e632e311e301c060355040b1315436572746966696361746520417574686f72697479311930170603550403131053796e6f6c6f677920496e632e204341312330210609
EAP-Message =
0x2a864886f70d010901161470726f647563744073796e6f6c6f67792e636f6d301e170d3133303733313136313431335a170d3333303431373136313431335a308196310b3009060355040613025457310f300d0603550408130654616977616e310f300d0603550407130654616970656931163014060355040a130d53796e6f6c6f677920496e632e3111300f060355040b1308465450205465616d311530130603550403130c73796e6f6c6f67792e636f6d3123302106092a864886f70d010901161470726f647563744073796e6f6c6f67792e636f6d30819f300d06092a864886f70d010101050003818d0030818902818100cb8bd49b3ff39917
EAP-Message =
0x1a0e21017d6b4d5c453d099ea419d8b6936d113e108f35aa2479645bd2b9c1f41759efd7c4386c4db0a2931e9d55d3bb8592c9861a56eca4080d40ba4b1854f9d754d076c1a73293c1f80ef990d1c4f115a9a3b2911f16af46cb894772f166323ae0b863d88a1b2a234c5f94ce518875b461fab3ee875a850203010001a3723070301f0603551d1104183016811470726f647563744073796e6f6c6f67792e636f6d303a06096086480186f842010d042d162b6d6f645f73736c2067656e65726174656420637573746f6d20736572766572206365727469666963617465301106096086480186f8420101040403020640300d06092a864886f70d0101
EAP-Message =
0x050500038181009215bcd8253932c648f6a14119b66f48438125886dcbc96eeee7b4cb3e56389c9b6ff5932a9b184e913aacc14408d82f7fe5eb371080139aa50d28326d4bd535f95bb3fd2de3dcb48a9b0d1a7c341e803bf4a76250883d716dca25f0821889a9363896f788462613e51e705dc112cfbb830d4f2b4a92939fa38a47d5c08ed6070003513082034d308202b6a0030201020209009fd19fa01a036ca5300d06092a864886f70d01010505003081a7310b3009060355040613025457310f300d0603550408130654616977616e310f300d0603550407130654616970656931163014060355040a130d53796e6f6c6f677920496e632e311e
EAP-Message = 0x301c060355040b1315436572
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x80f6878582f39e56ed034e3134225de2
Finished request 2.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 192.168.178.25 port 32891,
id=5, length=164
User-Name = "tee"
NAS-IP-Address = 0.0.0.0
Called-Station-Id = "7C-4F-B5-FE-BD-14:SEHR_GEHEIM"
Calling-Station-Id = "14-89-FD-DA-ED-19"
NAS-Identifier = "BOSS-SYNOLOGY"
NAS-Port = 29
Service-Type = Framed-User
Framed-MTU = 1400
NAS-Port-Type = Wireless-802.11
State = 0x80f6878582f39e56ed034e3134225de2
EAP-Message = 0x020500061900
Message-Authenticator = 0xafa2dd19e749573ebea82436d5b89cad
SYNOUserGet failed. [0x1D00 user_db_get.c:63]
# Executing section authorize from file
/usr/local/synoradius/rad_site_def_local
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
++[digest] returns noop
[suffix] No '@' in User-Name = "tee", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] EAP packet type response id 5 length 6
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
# Executing group from file /usr/local/synoradius/rad_site_def_local
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
[peap] Received TLS ACK
[peap] ACK handshake fragment handler
[peap] eaptls_verify returned 1
[peap] eaptls_process returned 13
[peap] EAPTLS_HANDLED
++[eap] returns handled
Sending Access-Challenge of id 5 to 192.168.178.25 port 32891
EAP-Message =
0x010603fc1940746966696361746520417574686f72697479311930170603550403131053796e6f6c6f677920496e632e2043413123302106092a864886f70d010901161470726f647563744073796e6f6c6f67792e636f6d301e170d3133303733313136313431325a170d3333303431373136313431325a3081a7310b3009060355040613025457310f300d0603550408130654616977616e310f300d0603550407130654616970656931163014060355040a130d53796e6f6c6f677920496e632e311e301c060355040b1315436572746966696361746520417574686f72697479311930170603550403131053796e6f6c6f677920496e632e204341
EAP-Message =
0x3123302106092a864886f70d010901161470726f647563744073796e6f6c6f67792e636f6d30819f300d06092a864886f70d010101050003818d0030818902818100b5b133c2343ee72c325b5567566e16984e3ad4f964f71d5c676cada2e7a55a8957fd5aa30f7647f72d58206bfd7f13d65be2f1252a12a8dbfa999bc4bfced5676e0604bce97bc997c7c464be66d45af768e05e44dd0f03d4f6e53031c14e078637e764e161ac6b2f90047b7afa8c277c9520ae95491517d552aca0841f3215b10203010001a37f307d301f0603551d1104183016811470726f647563744073796e6f6c6f67792e636f6d300f0603551d13040830060101ff020100
EAP-Message =
0x303606096086480186f842010d042916276d6f645f73736c2067656e65726174656420637573746f6d204341206365727469666963617465301106096086480186f8420101040403020204300d06092a864886f70d0101050500038181002456f5d7e49a3cf41f5cd5b7f785e9880ad4748e80a614f20b311b44b38e3473b057088573cf4c4b4a78c0447b290964bf09c31f9f7aba5135f3afec170ebd75d978971ede94fd8790ab4e1cf34044f6e5b81cf3d50043195de029497756df668ab2f30b9eb59b32eaddd5cc8ac37e0dafdf87c13f976a1d9557e56f1e703315160301018d0c0001890080ba686466df6626c54cb03b6bbb2eb1522c8d2c8b
EAP-Message =
0xcdec316e5dceff84790a957f998ba7f1f109022e0e0c1f488cf51205d0d52a037fd93eb516aa86077df28d768f06c9a5538c860e17447be3d586bd2eba6930a1f07bd0b6abf3411783100e25d2b072097153a03081a6ced3e1ba10949d76a45c7e45f7a21ffe9ebc356bf2db00010200806b20fdffec6f7616b1ac0792a9ee1f111049b7f8071650e56d23fcdd7f3415fc04dc2f5be34de147b3b0ac318d0417ffe53e92f66712f1cafcebe3f1393b90563d5efd20a07ce8bc537cb002dd9ecc8d8cc638d0e4f489af364445e2dabee94c19213b4b64a28ce00d2ef4e6b73a50635d7287f0a7320a8ca7c1d5e244f8d72e00803f5fca5ed430815840c6
EAP-Message = 0xca51c8a72b134129
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x80f6878583f09e56ed034e3134225de2
Finished request 3.
Going to the next request
Waking up in 4.8 seconds.
rad_recv: Access-Request packet from host 192.168.178.25 port 32892,
id=6, length=164
User-Name = "tee"
NAS-IP-Address = 0.0.0.0
Called-Station-Id = "7C-4F-B5-FE-BD-14:SEHR_GEHEIM"
Calling-Station-Id = "14-89-FD-DA-ED-19"
NAS-Identifier = "BOSS-SYNOLOGY"
NAS-Port = 29
Service-Type = Framed-User
Framed-MTU = 1400
NAS-Port-Type = Wireless-802.11
State = 0x80f6878583f09e56ed034e3134225de2
EAP-Message = 0x020600061900
Message-Authenticator = 0xad5cb37a135449788276514fb81fb9fd
SYNOUserGet failed. [0x1D00 user_db_get.c:63]
# Executing section authorize from file
/usr/local/synoradius/rad_site_def_local
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
++[digest] returns noop
[suffix] No '@' in User-Name = "tee", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] EAP packet type response id 6 length 6
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
# Executing group from file /usr/local/synoradius/rad_site_def_local
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
[peap] Received TLS ACK
[peap] ACK handshake fragment handler
[peap] eaptls_verify returned 1
[peap] eaptls_process returned 13
[peap] EAPTLS_HANDLED
++[eap] returns handled
Sending Access-Challenge of id 6 to 192.168.178.25 port 32892
EAP-Message =
0x0107007d19005de838683537a84f610da2c4f9a1369bd6e9ca9fd0aa2b44cd7d84186e925f4c2db27fb7d62b54caa6830c26a0160954a854648dc84a6205ad79d9cceafae9732b8d41d72935baeff7ce5c37dc82b4574ffe9cca9d7c460e1a15badc88c75a6d43f843c3108256f4ade50967559816030100040e000000
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x80f6878584f19e56ed034e3134225de2
Finished request 4.
Going to the next request
Waking up in 4.8 seconds.
rad_recv: Access-Request packet from host 192.168.178.25 port 32893,
id=7, length=366
User-Name = "tee"
NAS-IP-Address = 0.0.0.0
Called-Station-Id = "7C-4F-B5-FE-BD-14:SEHR_GEHEIM"
Calling-Station-Id = "14-89-FD-DA-ED-19"
NAS-Identifier = "BOSS-SYNOLOGY"
NAS-Port = 29
Service-Type = Framed-User
Framed-MTU = 1400
NAS-Port-Type = Wireless-802.11
State = 0x80f6878584f19e56ed034e3134225de2
EAP-Message =
0x020700d01980000000c616030100861000008200808bdd91a9487dccff09234e723cee7ba21725e2a670592009c304699865f930e253859f4b20ba934f14dda2549b720816e2b91162a41e36ed46e0a1959e7072400110121bfee72de20d31145db146f527147ebecd9c1f454c025b5d023b689ab64afba2ad9f20924f18a392ebaf2c0a5130b5f9fa444c25f817f7ecfa4972f192140301000101160301003060d9a90b7ed3fd213a43238d564c566728df397a55a7eee655ddb648c1740bd72181631eb7261cc0eceb52424e8fbfc8
Message-Authenticator = 0x256730f0831061eae27cb1af7157bfe9
SYNOUserGet failed. [0x1D00 user_db_get.c:63]
# Executing section authorize from file
/usr/local/synoradius/rad_site_def_local
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
++[digest] returns noop
[suffix] No '@' in User-Name = "tee", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] EAP packet type response id 7 length 208
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
# Executing group from file /usr/local/synoradius/rad_site_def_local
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
TLS Length 198
[peap] Length Included
[peap] eaptls_verify returned 11
[peap] <<< TLS 1.0 Handshake [length 0086], ClientKeyExchange
[peap] TLS_accept: SSLv3 read client key exchange A
[peap] <<< TLS 1.0 ChangeCipherSpec [length 0001]
[peap] <<< TLS 1.0 Handshake [length 0010], Finished
[peap] TLS_accept: SSLv3 read finished A
[peap] >>> TLS 1.0 ChangeCipherSpec [length 0001]
[peap] TLS_accept: SSLv3 write change cipher spec A
[peap] >>> TLS 1.0 Handshake [length 0010], Finished
[peap] TLS_accept: SSLv3 write finished A
[peap] TLS_accept: SSLv3 flush data
[peap] (other): SSL negotiation finished successfully
SSL Connection Established
[peap] eaptls_process returned 13
[peap] EAPTLS_HANDLED
++[eap] returns handled
Sending Access-Challenge of id 7 to 192.168.178.25 port 32893
EAP-Message =
0x0108004119001403010001011603010030b8d1cdfe3b2fe4ea114acf6db4bc356e3985ce457b3a1149c84cbfcb02ac65bc4d33d0eb2f8a6e950401633ce4600303
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x80f6878585fe9e56ed034e3134225de2
Finished request 5.
Going to the next request
Waking up in 4.7 seconds.
rad_recv: Access-Request packet from host 192.168.178.25 port 32894,
id=8, length=164
User-Name = "tee"
NAS-IP-Address = 0.0.0.0
Called-Station-Id = "7C-4F-B5-FE-BD-14:SEHR_GEHEIM"
Calling-Station-Id = "14-89-FD-DA-ED-19"
NAS-Identifier = "BOSS-SYNOLOGY"
NAS-Port = 29
Service-Type = Framed-User
Framed-MTU = 1400
NAS-Port-Type = Wireless-802.11
State = 0x80f6878585fe9e56ed034e3134225de2
EAP-Message = 0x020800061900
Message-Authenticator = 0xd8b885a775bd422295146389e760a062
SYNOUserGet failed. [0x1D00 user_db_get.c:63]
# Executing section authorize from file
/usr/local/synoradius/rad_site_def_local
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
++[digest] returns noop
[suffix] No '@' in User-Name = "tee", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] EAP packet type response id 8 length 6
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
# Executing group from file /usr/local/synoradius/rad_site_def_local
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
[peap] Received TLS ACK
[peap] ACK handshake is finished
[peap] eaptls_verify returned 3
[peap] eaptls_process returned 3
[peap] EAPTLS_SUCCESS
[peap] Session established. Decoding tunneled attributes.
[peap] Peap state TUNNEL ESTABLISHED
++[eap] returns handled
Sending Access-Challenge of id 8 to 192.168.178.25 port 32894
EAP-Message =
0x0109002b190017030100200fd631ca65f225634251679efe7524102e6ad544f576ef00a2f996ac9c4dad67
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x80f6878586ff9e56ed034e3134225de2
Finished request 6.
Going to the next request
Waking up in 4.7 seconds.
rad_recv: Access-Request packet from host 192.168.178.25 port 32895,
id=9, length=238
User-Name = "tee"
NAS-IP-Address = 0.0.0.0
Called-Station-Id = "7C-4F-B5-FE-BD-14:SEHR_GEHEIM"
Calling-Station-Id = "14-89-FD-DA-ED-19"
NAS-Identifier = "BOSS-SYNOLOGY"
NAS-Port = 29
Service-Type = Framed-User
Framed-MTU = 1400
NAS-Port-Type = Wireless-802.11
State = 0x80f6878586ff9e56ed034e3134225de2
EAP-Message =
0x0209005019001703010020a08078622a79e75a566a35e37ef4bf984a4bb904335403eadcdc445bc7bd908a1703010020b0718794786e96045ed88030e9a94236d4ad1672637efb413176da2c3ad27586
Message-Authenticator = 0xf5b1df8093a72c9530258fe6969a9fc2
SYNOUserGet failed. [0x1D00 user_db_get.c:63]
# Executing section authorize from file
/usr/local/synoradius/rad_site_def_local
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
++[digest] returns noop
[suffix] No '@' in User-Name = "tee", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] EAP packet type response id 9 length 80
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
# Executing group from file /usr/local/synoradius/rad_site_def_local
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
[peap] eaptls_verify returned 7
[peap] Done initial handshake
[peap] eaptls_process returned 7
[peap] EAPTLS_OK
[peap] Session established. Decoding tunneled attributes.
[peap] Peap state WAITING FOR INNER IDENTITY
[peap] Identity - tee
[peap] Got inner identity 'tee'
[peap] Setting default EAP type for tunneled EAP session.
[peap] Got tunneled request
EAP-Message = 0x0209000801746565
server {
PEAP: Setting User-Name to tee
Sending tunneled request
EAP-Message = 0x0209000801746565
FreeRADIUS-Proxied-To = 127.0.0.1
User-Name = "tee"
server inner-tunnel {
SYNOUserGet failed. [0x1D00 user_db_get.c:63]
# Executing section authorize from file
/usr/local/synoradius/rad_site_inn_local
+- entering group authorize {...}
++[chap] returns noop
++[mschap] returns noop
++[unix] returns notfound
[suffix] No '@' in User-Name = "tee", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
++[control] returns noop
[eap] EAP packet type response id 9 length 8
[eap] No EAP Start, assuming it's an on-going EAP conversation
++[eap] returns updated
++[files] returns noop
++[smbpasswd] returns notfound
++[expiration] returns noop
++[logintime] returns noop
++[pap] returns noop
[sql] expand: %{User-Name} -> tee
[sql] sql_set_user escaped user --> 'tee'
rlm_sql (sql): Reserving sql socket id: 0
[sql] expand: SELECT id, username, attribute, value, op
FROM radcheck WHERE username = '%{SQL-User-Name}'
ORDER BY id -> SELECT id, username, attribute, value, op FROM
radcheck WHERE username = 'tee' ORDER BY id
rlm_sql_mysql: query: SELECT id, username, attribute, value,
op FROM radcheck WHERE username = 'tee'
ORDER BY id
[sql] User found in radcheck table
[sql] expand: SELECT id, username, attribute, value, op
FROM radreply WHERE username = '%{SQL-User-Name}'
ORDER BY id -> SELECT id, username, attribute, value, op FROM
radreply WHERE username = 'tee' ORDER BY id
rlm_sql_mysql: query: SELECT id, username, attribute, value,
op FROM radreply WHERE username = 'tee'
ORDER BY id
[sql] expand: SELECT groupname FROM radusergroup
WHERE username = '%{SQL-User-Name}' ORDER BY priority -> SELECT
groupname FROM radusergroup WHERE username =
'tee' ORDER BY priority
rlm_sql_mysql: query: SELECT groupname FROM
radusergroup WHERE username = 'tee' ORDER BY priority
rlm_sql (sql): Released sql socket id: 0
++[sql] returns ok
WARNING: You set Proxy-To-Realm = LOCAL, but the realm does not exist!
Cancelling invalid proxy request.
Found Auth-Type = EAP
# Executing group from file /usr/local/synoradius/rad_site_inn_local
+- entering group authenticate {...}
[eap] EAP Identity
[eap] processing type mschapv2
rlm_eap_mschapv2: Issuing Challenge
++[eap] returns handled
} # server inner-tunnel
[peap] Got tunneled reply code 11
EAP-Message =
0x010a001d1a010a001810d3f23e8332d772ee6ed7d8e7e96aa314746565
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x84e0dc4b84eac6443eb91adc9df1aaf2
[peap] Got tunneled reply RADIUS code 11
EAP-Message =
0x010a001d1a010a001810d3f23e8332d772ee6ed7d8e7e96aa314746565
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x84e0dc4b84eac6443eb91adc9df1aaf2
[peap] Got tunneled Access-Challenge
++[eap] returns handled
Sending Access-Challenge of id 9 to 192.168.178.25 port 32895
EAP-Message =
0x010a003b19001703010030712667073febde764e5f2c9db3f756e283ff2180010ab6ce8279b275dd91f1dab7b11915d8ee1b08d53646ca76c74294
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x80f6878587fc9e56ed034e3134225de2
Finished request 7.
Going to the next request
Waking up in 4.7 seconds.
rad_recv: Access-Request packet from host 192.168.178.25 port 32896,
id=10, length=286
User-Name = "tee"
NAS-IP-Address = 0.0.0.0
Called-Station-Id = "7C-4F-B5-FE-BD-14:SEHR_GEHEIM"
Calling-Station-Id = "14-89-FD-DA-ED-19"
NAS-Identifier = "BOSS-SYNOLOGY"
NAS-Port = 29
Service-Type = Framed-User
Framed-MTU = 1400
NAS-Port-Type = Wireless-802.11
State = 0x80f6878587fc9e56ed034e3134225de2
EAP-Message =
0x020a00801900170301002003b67ac299e85321ff1f02a3fc4882edd957bc03194e8c379bb77f1c79dd009f1703010050b262cbf37cc08590f1736c2e90141e8457f4b7af8e7abbfaef9060ff03a5a2ada76be693ba95f5a159215119aaab21924173f17ec2dbe6d6da2cb99804725379fbd6272198e5cab8587acceaea7dda0b
Message-Authenticator = 0x44e004b74fa78cf01a38d274530d7614
SYNOUserGet failed. [0x1D00 user_db_get.c:63]
# Executing section authorize from file
/usr/local/synoradius/rad_site_def_local
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
++[digest] returns noop
[suffix] No '@' in User-Name = "tee", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] EAP packet type response id 10 length 128
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
# Executing group from file /usr/local/synoradius/rad_site_def_local
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
[peap] eaptls_verify returned 7
[peap] Done initial handshake
[peap] eaptls_process returned 7
[peap] EAPTLS_OK
[peap] Session established. Decoding tunneled attributes.
[peap] Peap state phase2
[peap] EAP type mschapv2
[peap] Got tunneled request
EAP-Message =
0x020a003e1a020a003931d5f758f1aeada35c250ccbf62fdedb1200000000000000001d3c61fd341515c0c945528dc1af927b453748b44030955400746565
server {
PEAP: Setting User-Name to tee
Sending tunneled request
EAP-Message =
0x020a003e1a020a003931d5f758f1aeada35c250ccbf62fdedb1200000000000000001d3c61fd341515c0c945528dc1af927b453748b44030955400746565
FreeRADIUS-Proxied-To = 127.0.0.1
User-Name = "tee"
State = 0x84e0dc4b84eac6443eb91adc9df1aaf2
server inner-tunnel {
SYNOUserGet failed. [0x1D00 user_db_get.c:63]
# Executing section authorize from file
/usr/local/synoradius/rad_site_inn_local
+- entering group authorize {...}
++[chap] returns noop
++[mschap] returns noop
++[unix] returns notfound
[suffix] No '@' in User-Name = "tee", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
++[control] returns noop
[eap] EAP packet type response id 10 length 62
[eap] No EAP Start, assuming it's an on-going EAP conversation
++[eap] returns updated
++[files] returns noop
++[smbpasswd] returns notfound
++[expiration] returns noop
++[logintime] returns noop
++[pap] returns noop
[sql] expand: %{User-Name} -> tee
[sql] sql_set_user escaped user --> 'tee'
rlm_sql (sql): Reserving sql socket id: 4
[sql] expand: SELECT id, username, attribute, value, op
FROM radcheck WHERE username = '%{SQL-User-Name}'
ORDER BY id -> SELECT id, username, attribute, value, op FROM
radcheck WHERE username = 'tee' ORDER BY id
rlm_sql_mysql: query: SELECT id, username, attribute, value,
op FROM radcheck WHERE username = 'tee'
ORDER BY id
[sql] User found in radcheck table
[sql] expand: SELECT id, username, attribute, value, op
FROM radreply WHERE username = '%{SQL-User-Name}'
ORDER BY id -> SELECT id, username, attribute, value, op FROM
radreply WHERE username = 'tee' ORDER BY id
rlm_sql_mysql: query: SELECT id, username, attribute, value,
op FROM radreply WHERE username = 'tee'
ORDER BY id
[sql] expand: SELECT groupname FROM radusergroup
WHERE username = '%{SQL-User-Name}' ORDER BY priority -> SELECT
groupname FROM radusergroup WHERE username =
'tee' ORDER BY priority
rlm_sql_mysql: query: SELECT groupname FROM
radusergroup WHERE username = 'tee' ORDER BY priority
rlm_sql (sql): Released sql socket id: 4
++[sql] returns ok
WARNING: You set Proxy-To-Realm = LOCAL, but the realm does not exist!
Cancelling invalid proxy request.
Found Auth-Type = EAP
# Executing group from file /usr/local/synoradius/rad_site_inn_local
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/mschapv2
[eap] processing type mschapv2
[mschapv2] # Executing group from file
/usr/local/synoradius/rad_site_inn_local
[mschapv2] +- entering group MS-CHAP {...}
[mschap] Creating challenge hash with username: tee
[mschap] Told to do MS-CHAPv2 for tee with NT-Password
[mschap] adding MS-CHAPv2 MPPE keys
++[mschap] returns ok
MSCHAP Success
++[eap] returns handled
} # server inner-tunnel
[peap] Got tunneled reply code 11
EAP-Message =
0x010b00331a030a002e533d32454434413437374342463839453230343834304331374634463043353430354332304645444245
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x84e0dc4b85ebc6443eb91adc9df1aaf2
[peap] Got tunneled reply RADIUS code 11
EAP-Message =
0x010b00331a030a002e533d32454434413437374342463839453230343834304331374634463043353430354332304645444245
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x84e0dc4b85ebc6443eb91adc9df1aaf2
[peap] Got tunneled Access-Challenge
++[eap] returns handled
Sending Access-Challenge of id 10 to 192.168.178.25 port 32896
EAP-Message =
0x010b005b1900170301005020edf875c62bb996bc491fcb19c1123e1096f555e9ba6ee0f34c057c5c4c3e2211b14d6c3a1ee5d7ab2640d0745727308bcfd4cfdfa2e35da333788efc3c56999be2ef703b63f5c41dc1fb594803acf6
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x80f6878588fd9e56ed034e3134225de2
Finished request 8.
Going to the next request
Waking up in 4.7 seconds.
rad_recv: Access-Request packet from host 192.168.178.25 port 32897,
id=11, length=238
User-Name = "tee"
NAS-IP-Address = 0.0.0.0
Called-Station-Id = "7C-4F-B5-FE-BD-14:SEHR_GEHEIM"
Calling-Station-Id = "14-89-FD-DA-ED-19"
NAS-Identifier = "BOSS-SYNOLOGY"
NAS-Port = 29
Service-Type = Framed-User
Framed-MTU = 1400
NAS-Port-Type = Wireless-802.11
State = 0x80f6878588fd9e56ed034e3134225de2
EAP-Message =
0x020b0050190017030100207d3776e8c3c71e5d5abf3b53d0169beea9e8992f69e2e0bcd672964a460e841617030100206780143ad9c9892791d2440461e354dc14baf8e535682315095dfea3ecd6b3a1
Message-Authenticator = 0x4977fb9bef33eaa2d73876471b3a527c
SYNOUserGet failed. [0x1D00 user_db_get.c:63]
# Executing section authorize from file
/usr/local/synoradius/rad_site_def_local
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
++[digest] returns noop
[suffix] No '@' in User-Name = "tee", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] EAP packet type response id 11 length 80
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
# Executing group from file /usr/local/synoradius/rad_site_def_local
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
[peap] eaptls_verify returned 7
[peap] Done initial handshake
[peap] eaptls_process returned 7
[peap] EAPTLS_OK
[peap] Session established. Decoding tunneled attributes.
[peap] Peap state phase2
[peap] EAP type mschapv2
[peap] Got tunneled request
EAP-Message = 0x020b00061a03
server {
PEAP: Setting User-Name to tee
Sending tunneled request
EAP-Message = 0x020b00061a03
FreeRADIUS-Proxied-To = 127.0.0.1
User-Name = "tee"
State = 0x84e0dc4b85ebc6443eb91adc9df1aaf2
server inner-tunnel {
SYNOUserGet failed. [0x1D00 user_db_get.c:63]
# Executing section authorize from file
/usr/local/synoradius/rad_site_inn_local
+- entering group authorize {...}
++[chap] returns noop
++[mschap] returns noop
++[unix] returns notfound
[suffix] No '@' in User-Name = "tee", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
++[control] returns noop
[eap] EAP packet type response id 11 length 6
[eap] No EAP Start, assuming it's an on-going EAP conversation
++[eap] returns updated
++[files] returns noop
++[smbpasswd] returns notfound
++[expiration] returns noop
++[logintime] returns noop
++[pap] returns noop
[sql] expand: %{User-Name} -> tee
[sql] sql_set_user escaped user --> 'tee'
rlm_sql (sql): Reserving sql socket id: 3
[sql] expand: SELECT id, username, attribute, value, op
FROM radcheck WHERE username = '%{SQL-User-Name}'
ORDER BY id -> SELECT id, username, attribute, value, op FROM
radcheck WHERE username = 'tee' ORDER BY id
rlm_sql_mysql: query: SELECT id, username, attribute, value,
op FROM radcheck WHERE username = 'tee'
ORDER BY id
[sql] User found in radcheck table
[sql] expand: SELECT id, username, attribute, value, op
FROM radreply WHERE username = '%{SQL-User-Name}'
ORDER BY id -> SELECT id, username, attribute, value, op FROM
radreply WHERE username = 'tee' ORDER BY id
rlm_sql_mysql: query: SELECT id, username, attribute, value,
op FROM radreply WHERE username = 'tee'
ORDER BY id
[sql] expand: SELECT groupname FROM radusergroup
WHERE username = '%{SQL-User-Name}' ORDER BY priority -> SELECT
groupname FROM radusergroup WHERE username =
'tee' ORDER BY priority
rlm_sql_mysql: query: SELECT groupname FROM
radusergroup WHERE username = 'tee' ORDER BY priority
rlm_sql (sql): Released sql socket id: 3
++[sql] returns ok
WARNING: You set Proxy-To-Realm = LOCAL, but the realm does not exist!
Cancelling invalid proxy request.
Found Auth-Type = EAP
# Executing group from file /usr/local/synoradius/rad_site_inn_local
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/mschapv2
[eap] processing type mschapv2
[eap] Freeing handler
++[eap] returns ok
Login OK: [tee] (from client EASYBOX port 0 via TLS tunnel)
WARNING: Empty post-auth section. Using default return values.
# Executing section post-auth from file
/usr/local/synoradius/rad_site_inn_local
} # server inner-tunnel
[peap] Got tunneled reply code 2
MS-MPPE-Encryption-Policy = 0x00000001
MS-MPPE-Encryption-Types = 0x00000006
MS-MPPE-Send-Key = 0x40d8b3413d25f4013c2a3ae154c437ac
MS-MPPE-Recv-Key = 0xf5a477c13c1244e08cd8f0d853c4865e
EAP-Message = 0x030b0004
Message-Authenticator = 0x00000000000000000000000000000000
User-Name = "tee"
[peap] Got tunneled reply RADIUS code 2
MS-MPPE-Encryption-Policy = 0x00000001
MS-MPPE-Encryption-Types = 0x00000006
MS-MPPE-Send-Key = 0x40d8b3413d25f4013c2a3ae154c437ac
MS-MPPE-Recv-Key = 0xf5a477c13c1244e08cd8f0d853c4865e
EAP-Message = 0x030b0004
Message-Authenticator = 0x00000000000000000000000000000000
User-Name = "tee"
[peap] Tunneled authentication was successful.
[peap] SUCCESS
++[eap] returns handled
Sending Access-Challenge of id 11 to 192.168.178.25 port 32897
EAP-Message =
0x010c002b190017030100209b99f254f989d6a0e266af1df740bfd7f858aa9be34ded07ca32eea655c957d9
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x80f6878589fa9e56ed034e3134225de2
Finished request 9.
Going to the next request
Waking up in 4.7 seconds.
rad_recv: Access-Request packet from host 192.168.178.25 port 32898,
id=12, length=238
User-Name = "tee"
NAS-IP-Address = 0.0.0.0
Called-Station-Id = "7C-4F-B5-FE-BD-14:SEHR_GEHEIM"
Calling-Station-Id = "14-89-FD-DA-ED-19"
NAS-Identifier = "BOSS-SYNOLOGY"
NAS-Port = 29
Service-Type = Framed-User
Framed-MTU = 1400
NAS-Port-Type = Wireless-802.11
State = 0x80f6878589fa9e56ed034e3134225de2
EAP-Message =
0x020c0050190017030100203457dd4974e320f48bb2ea9959f91a702adc65898bb24317aca624fc47854c43170301002011476f7edc9a493c77d431caf59a5d613cf8bfc339c4c150ca2381ca5e7191ba
Message-Authenticator = 0x00f7c3ad38840def38f7aa0c62632bbc
SYNOUserGet failed. [0x1D00 user_db_get.c:63]
# Executing section authorize from file
/usr/local/synoradius/rad_site_def_local
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
++[digest] returns noop
[suffix] No '@' in User-Name = "tee", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] EAP packet type response id 12 length 80
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
# Executing group from file /usr/local/synoradius/rad_site_def_local
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
[peap] eaptls_verify returned 7
[peap] Done initial handshake
[peap] eaptls_process returned 7
[peap] EAPTLS_OK
[peap] Session established. Decoding tunneled attributes.
[peap] Peap state send tlv success
[peap] Received EAP-TLV response.
[peap] Success
[eap] Freeing handler
++[eap] returns ok
Login OK: [tee] (from client EASYBOX port 29 cli 14-89-FD-DA-ED-19)
# Executing section post-auth from file
/usr/local/synoradius/rad_site_def_local
+- entering group post-auth {...}
++[exec] returns noop
Sending Access-Accept of id 12 to 192.168.178.25 port 32898
MS-MPPE-Recv-Key =
0xe3cd1d3d8847bb78c279ac58d6e6c42cdaebdc4c82cb41b506ee08c319b6b748
MS-MPPE-Send-Key =
0x24cef9cb1a537db7be194b7dd4465ad0a374a79a30926c05f1e8e549b0ca92d9
EAP-Message = 0x030c0004
Message-Authenticator = 0x00000000000000000000000000000000
User-Name = "tee"
Finished request 10.
Going to the next request
Waking up in 4.6 seconds.
Cleaning up request 0 ID 2 with timestamp +39
Cleaning up request 1 ID 3 with timestamp +39
Cleaning up request 2 ID 4 with timestamp +39
Cleaning up request 3 ID 5 with timestamp +39
Cleaning up request 4 ID 6 with timestamp +39
Cleaning up request 5 ID 7 with timestamp +39
Cleaning up request 6 ID 8 with timestamp +39
Cleaning up request 7 ID 9 with timestamp +39
Cleaning up request 8 ID 10 with timestamp +39
Cleaning up request 9 ID 11 with timestamp +39
Cleaning up request 10 ID 12 with timestamp +40
Ready to process requests.
More information about the Freeradius-Users
mailing list