sql_counter module doesn't count

lucia j.eskobar at gmx.de
Mon Aug 12 22:54:13 CEST 2013


Hi ,
  I want to use the sql_counter module in my radius server.
The SQL module seems to work correct, but the calculating of the
connection time does not return any result because there is no entry
at all in the radius database table "radacct" after a test user has 
logged in or stays logged in.

I have no idea where I have to look next. The FreeRadius runs on a 
Synology NAS and I'm also not sure if all modules are precompiled and 
usable.

My User table radcheck looks like this:

username:    attribute:                        op:    value:
tee                Cleartext-Password    :=        abc
tee                Max-All-Session          :=        120

the radusergroup is empty.

Attached is the radius -X debug message after one test-user has connected.

Any hints ?


Thanks and Regards
Lu

FreeRADIUS Version 2.1.10, for host armle-unknown-linux-gnu, built on 
Mar 14 2013 at 11:55:30
Copyright (C) 1999-2009 The FreeRADIUS server project and contributors.
There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A
PARTICULAR PURPOSE.
You may redistribute copies of FreeRADIUS under the terms of the
GNU General Public License v2.
Starting - reading configuration files ...
including configuration file 
/var/packages/RadiusServer/target//etc/raddb/radiusd.conf
including configuration file /usr/local/synoradius/rad_listen
including configuration file /usr/local/synoradius/rad_port_auth
including configuration file /usr/local/synoradius/rad_port_auth
including configuration file /usr/local/synoradius/rad_port_auth
including configuration file 
/var/packages/RadiusServer/target//etc/raddb/clients.conf
including configuration file /usr/local/synoradius/rad_clients
including files in directory 
/var/packages/RadiusServer/target//etc/raddb/modules/
including configuration file 
/var/packages/RadiusServer/target//etc/raddb/modules/counter
including configuration file 
/var/packages/RadiusServer/target//etc/raddb/modules/checkval
including configuration file 
/var/packages/RadiusServer/target//etc/raddb/modules/logintime
including configuration file 
/var/packages/RadiusServer/target//etc/raddb/modules/perl
including configuration file 
/var/packages/RadiusServer/target//etc/raddb/modules/detail.log
including configuration file 
/var/packages/RadiusServer/target//etc/raddb/modules/linelog
including configuration file 
/var/packages/RadiusServer/target//etc/raddb/modules/attr_rewrite
including configuration file 
/var/packages/RadiusServer/target//etc/raddb/modules/inner-eap
including configuration file 
/var/packages/RadiusServer/target//etc/raddb/modules/sradutmp
including configuration file 
/var/packages/RadiusServer/target//etc/raddb/modules/preprocess
including configuration file 
/var/packages/RadiusServer/target//etc/raddb/modules/dynamic_clients
including configuration file 
/var/packages/RadiusServer/target//etc/raddb/modules/chap
including configuration file 
/var/packages/RadiusServer/target//etc/raddb/modules/unix
including configuration file 
/var/packages/RadiusServer/target//etc/raddb/modules/realm
including configuration file 
/var/packages/RadiusServer/target//etc/raddb/modules/digest
including configuration file 
/var/packages/RadiusServer/target//etc/raddb/modules/files
including configuration file 
/var/packages/RadiusServer/target//etc/raddb/modules/etc_group
including configuration file 
/var/packages/RadiusServer/target//etc/raddb/modules/wimax
including configuration file 
/var/packages/RadiusServer/target//etc/raddb/modules/ippool
including configuration file 
/var/packages/RadiusServer/target//etc/raddb/modules/radutmp
including configuration file 
/var/packages/RadiusServer/target//etc/raddb/modules/expiration
including configuration file 
/var/packages/RadiusServer/target//etc/raddb/modules/echo
including configuration file 
/var/packages/RadiusServer/target//etc/raddb/modules/sqlcounter_expire_on_login
including configuration file 
/var/packages/RadiusServer/target//etc/raddb/modules/expr
including configuration file 
/var/packages/RadiusServer/target//etc/raddb/modules/mac2vlan
including configuration file 
/var/packages/RadiusServer/target//etc/raddb/modules/krb5
including configuration file 
/var/packages/RadiusServer/target//etc/raddb/modules/exec
including configuration file 
/var/packages/RadiusServer/target//etc/raddb/modules/always
including configuration file 
/var/packages/RadiusServer/target//etc/raddb/modules/smbpasswd
including configuration file 
/var/packages/RadiusServer/target//etc/raddb/modules/cui
including configuration file 
/var/packages/RadiusServer/target//etc/raddb/modules/pam
including configuration file 
/var/packages/RadiusServer/target//etc/raddb/modules/passwd
including configuration file 
/var/packages/RadiusServer/target//etc/raddb/modules/opendirectory
including configuration file 
/var/packages/RadiusServer/target//etc/raddb/modules/mschap_ad
including configuration file 
/var/packages/RadiusServer/target//etc/raddb/modules/ldap
including configuration file /usr/local/synoradius/rad_ldap
including configuration file 
/var/packages/RadiusServer/target//etc/raddb/modules/detail
including configuration file 
/var/packages/RadiusServer/target//etc/raddb/modules/policy
including configuration file 
/var/packages/RadiusServer/target//etc/raddb/modules/mschap
including configuration file 
/var/packages/RadiusServer/target//etc/raddb/modules/detail.example.com
including configuration file 
/var/packages/RadiusServer/target//etc/raddb/modules/attr_filter
including configuration file 
/var/packages/RadiusServer/target//etc/raddb/modules/smsotp
including configuration file 
/var/packages/RadiusServer/target//etc/raddb/modules/acct_unique
including configuration file 
/var/packages/RadiusServer/target//etc/raddb/modules/pap
including configuration file 
/var/packages/RadiusServer/target//etc/raddb/modules/otp
including configuration file 
/var/packages/RadiusServer/target//etc/raddb/modules/mac2ip
including configuration file 
/var/packages/RadiusServer/target//etc/raddb/modules/sql_log
including configuration file 
/var/packages/RadiusServer/target//etc/raddb/modules/ntlm_auth
including configuration file /usr/local/synoradius/rad_ntlm_auth
including configuration file 
/var/packages/RadiusServer/target//etc/raddb/eap.conf
including configuration file 
/var/packages/RadiusServer/target//etc/raddb/sql.conf
including configuration file 
/var/packages/RadiusServer/target//etc/raddb/sql/mysql/dialup.conf
including configuration file 
/var/packages/RadiusServer/target//etc/raddb/./counter.conf
including configuration file 
/var/packages/RadiusServer/target//etc/raddb/counter.conf
including configuration file 
/var/packages/RadiusServer/target//etc/raddb/policy.conf
including files in directory 
/var/packages/RadiusServer/target//etc/raddb/sites-enabled/
including configuration file 
/var/packages/RadiusServer/target//etc/raddb/sites-enabled/inner-tunnel
including configuration file /usr/local/synoradius/rad_site_inn
including configuration file /usr/local/synoradius/rad_site_inn_local
including configuration file /usr/local/synoradius/rad_port_inner
including configuration file 
/var/packages/RadiusServer/target//etc/raddb/sites-enabled/control-socket
including configuration file 
/var/packages/RadiusServer/target//etc/raddb/sites-enabled/default
including configuration file /usr/local/synoradius/rad_site_def
including configuration file /usr/local/synoradius/rad_site_def_local
main {
     allow_core_dumps = no
}
including dictionary file 
/var/packages/RadiusServer/target//etc/raddb/dictionary
main {
     prefix = "/var/packages/RadiusServer/target/"
     localstatedir = "/var/packages/RadiusServer/target//var"
     logdir = "/var/packages/RadiusServer/target//var/log/radius"
     libdir = "/var/packages/RadiusServer/target//lib"
     radacctdir = 
"/var/packages/RadiusServer/target//var/log/radius/radacct"
     hostname_lookups = no
     max_request_time = 30
     cleanup_delay = 5
     max_requests = 1024
     pidfile = 
"/var/packages/RadiusServer/target//var/run/radiusd/radiusd.pid"
     checkrad = "/var/packages/RadiusServer/target//sbin/checkrad"
     debug_level = 0
     proxy_requests = no
  log {
     stripped_names = no
     auth = yes
     auth_badpass = yes
     auth_goodpass = no
  }
  security {
     max_attributes = 200
     reject_delay = 1
     status_server = yes
  }
}
radiusd: #### Loading Realms and Home Servers ####
radiusd: #### Loading Clients ####
  client 192.168.178.25/24 {
     require_message_authenticator = no
     secret = "xxxx"
     shortname = "EASYBOX"
  }
  client 127.0.0.1/24 {
     require_message_authenticator = no
     secret = "xxxx"
     shortname = "Localhost"
  }
radiusd: #### Instantiating modules ####
  instantiate {
  Module: Linked to module rlm_exec
  Module: Instantiating module "exec" from file 
/var/packages/RadiusServer/target//etc/raddb/modules/exec
   exec {
     wait = no
     input_pairs = "request"
     shell_escape = yes
   }
  Module: Linked to module rlm_expr
  Module: Instantiating module "expr" from file 
/var/packages/RadiusServer/target//etc/raddb/modules/expr
  Module: Linked to module rlm_expiration
  Module: Instantiating module "expiration" from file 
/var/packages/RadiusServer/target//etc/raddb/modules/expiration
   expiration {
     reply-message = "Password Has Expired  "
   }
  Module: Linked to module rlm_logintime
  Module: Instantiating module "logintime" from file 
/var/packages/RadiusServer/target//etc/raddb/modules/logintime
   logintime {
     reply-message = "You are calling outside your allowed timespan "
     minimum-timeout = 60
   }
  Module: Linked to module rlm_sql
  Module: Instantiating module "sql" from file 
/var/packages/RadiusServer/target//etc/raddb/sql.conf
   sql {
     driver = "rlm_sql_mysql"
     server = "localhost"
     port = "3306"
     login = "radius"
     password = "xxxx"
     radius_db = "radius"
     read_groups = yes
     sqltrace = yes
     sqltracefile = 
"/var/packages/RadiusServer/target//var/log/radius/sqltrace.sql"
     readclients = no
     deletestalesessions = yes
     num_sql_socks = 5
     lifetime = 0
     max_queries = 0
     sql_user_name = "%{User-Name}"
     default_user_profile = ""
     nas_query = "SELECT id, nasname, shortname, type, secret, server 
FROM nas"
     authorize_check_query = "SELECT id, username, attribute, value, 
op           FROM radcheck           WHERE username = 
'%{SQL-User-Name}'           ORDER BY id"
     authorize_reply_query = "SELECT id, username, attribute, value, 
op           FROM radreply           WHERE username = 
'%{SQL-User-Name}'           ORDER BY id"
     authorize_group_check_query = "SELECT id, groupname, 
attribute,           Value, op           FROM radgroupcheck           
WHERE groupname = '%{Sql-Group}' ORDER BY id"
     authorize_group_reply_query = "SELECT id, groupname, 
attribute,           value, op           FROM radgroupreply           
WHERE groupname = '%{Sql-Group}' ORDER BY id"
     accounting_onoff_query = "          UPDATE radacct SET              
acctstoptime       =  '%S', acctsessiontime    =  unix_timestamp('%S') - 
unix_timestamp(acctstarttime),              acctterminatecause = 
'%{Acct-Terminate-Cause}',              acctstopdelay      = 
%{%{Acct-Delay-Time}:-0}           WHERE acctstoptime IS NULL           
AND nasipaddress      = '%{NAS-IP-Address}'           AND 
acctstarttime     <= '%S'"
     accounting_update_query = "           UPDATE radacct 
SET              framedipaddress = '%{Framed-IP-Address}',              
acctsessiontime     = '%{Acct-Session-Time}',              
acctinputoctets     = '%{%{Acct-Input-Gigawords}:-0}'  << 32 | 
'%{%{Acct-Input-Octets}:-0}',              acctoutputoctets    = 
'%{%{Acct-Output-Gigawords}:-0}' << 32 | 
'%{%{Acct-Output-Octets}:-0}'           WHERE acctsessionid = 
'%{Acct-Session-Id}'           AND username        = 
'%{SQL-User-Name}'           AND nasipaddress    = '%{NAS-IP-Address}'"
     accounting_update_query_alt = "           INSERT INTO 
radacct             (acctsessionid,    acctuniqueid, 
username,              realm,            nasipaddress, 
nasportid,              nasporttype,      acctstarttime, 
acctsessiontime,              acctauthentic,    connectinfo_start, 
acctinputoctets,              acctoutputoctets, calledstationid, 
callingstationid,              servicetype,      framedprotocol, 
framedipaddress,              acctstartdelay, 
xascendsessionsvrkey)           VALUES ('%{Acct-Session-Id}', 
'%{Acct-Unique-Session-Id}', '%{SQL-User-Name}',              
'%{Realm}', '%{NAS-IP-Address}', '%{NAS-Port}',              
'%{NAS-Port-Type}', DATE_SUB('%S',                       INTERVAL 
(%{%{Acct-Session-Time}:-0} + %{%{Acct-Delay-Time}:-0}) SECOND), 
'%{Acct-Session-Time}',              '%{Acct-Authentic}', 
'',              '%{%{Acct-Input-Gigawords}:-0}' << 32 |              
'%{%{Acct-Input-Octets}:-0}', '%{%{Acct-Output-Gigawords}:-0}' << 32 | 
'%{%{Acct-Output-Octets}:-0}',              '%{Called-Station-Id}', 
'%{Calling-Station-Id}',              '%{Service-Type}', 
'%{Framed-Protocol}', '%{Framed-IP-Address}',              '0', 
'%{X-Ascend-Session-Svr-Key}')"
     accounting_start_query = "           INSERT INTO 
radacct             (acctsessionid,    acctuniqueid, 
username,              realm,            nasipaddress, 
nasportid,              nasporttype,      acctstarttime, 
acctstoptime,              acctsessiontime,  acctauthentic, 
connectinfo_start,              connectinfo_stop, acctinputoctets, 
acctoutputoctets,              calledstationid,  callingstationid, 
acctterminatecause,              servicetype,      framedprotocol, 
framedipaddress,              acctstartdelay,   acctstopdelay, 
xascendsessionsvrkey)           VALUES ('%{Acct-Session-Id}', 
'%{Acct-Unique-Session-Id}', '%{SQL-User-Name}',              
'%{Realm}', '%{NAS-IP-Address}', '%{NAS-Port}',              
'%{NAS-Port-Type}', '%S', NULL,              '0', '%{Acct-Authentic}', 
'%{Connect-Info}',              '', '0', '0', '%{Called-Station-Id}', 
'%{Calling-Station-Id}', '', '%{Service-Type}', '%{Framed-Protocol}', 
'%{Framed-IP-Address}',              '%{%{Acct-Delay-Time}:-0}', '0', 
'%{X-Ascend-Session-Svr-Key}')"
     accounting_start_query_alt = "           UPDATE radacct 
SET              acctstarttime     = '%S', acctstartdelay    = 
'%{%{Acct-Delay-Time}:-0}', connectinfo_start = 
'%{Connect-Info}'           WHERE acctsessionid = 
'%{Acct-Session-Id}'           AND username         = 
'%{SQL-User-Name}'           AND nasipaddress     = '%{NAS-IP-Address}'"
     accounting_stop_query = "           UPDATE radacct SET              
acctstoptime       = '%S', acctsessiontime    = '%{Acct-Session-Time}', 
acctinputoctets    = '%{%{Acct-Input-Gigawords}:-0}' << 32 | 
'%{%{Acct-Input-Octets}:-0}',              acctoutputoctets   = 
'%{%{Acct-Output-Gigawords}:-0}' << 32 | 
'%{%{Acct-Output-Octets}:-0}',              acctterminatecause = 
'%{Acct-Terminate-Cause}',              acctstopdelay      = 
'%{%{Acct-Delay-Time}:-0}',              connectinfo_stop   = 
'%{Connect-Info}'           WHERE acctsessionid   = 
'%{Acct-Session-Id}'           AND username          = 
'%{SQL-User-Name}'           AND nasipaddress      = '%{NAS-IP-Address}'"
     accounting_stop_query_alt = "           INSERT INTO 
radacct             (acctsessionid, acctuniqueid, username,              
realm, nasipaddress, nasportid, nasporttype, acctstarttime, 
acctstoptime, acctsessiontime, acctauthentic, connectinfo_start, 
connectinfo_stop, acctinputoctets, acctoutputoctets, calledstationid, 
callingstationid, acctterminatecause, servicetype, framedprotocol, 
framedipaddress, acctstartdelay, acctstopdelay)           VALUES 
('%{Acct-Session-Id}', '%{Acct-Unique-Session-Id}', 
'%{SQL-User-Name}',              '%{Realm}', '%{NAS-IP-Address}', 
'%{NAS-Port}',              '%{NAS-Port-Type}', 
DATE_SUB('%S',                  INTERVAL (%{%{Acct-Session-Time}:-0} 
+                  %{%{Acct-Delay-Time}:-0}) SECOND), '%S', 
'%{Acct-Session-Time}', '%{Acct-Authentic}', '', 
'%{Connect-Info}',              '%{%{Acct-Input-Gigawords}:-0}' << 32 | 
'%{%{Acct-Input-Octets}:-0}', '%{%{Acct-Output-Gigawords}:-0}' << 32 | 
'%{%{Acct-Output-Octets}:-0}',              '%{Called-Station-Id}', 
'%{Calling-Station-Id}', '%{Acct-Terminate-Cause}',              
'%{Service-Type}', '%{Framed-Protocol}', 
'%{Framed-IP-Address}',              '0', '%{%{Acct-Delay-Time}:-0}')"
     group_membership_query = "SELECT groupname           FROM 
radusergroup           WHERE username = '%{SQL-User-Name}' ORDER BY 
priority"
     connect_failure_retry_delay = 6
     simul_count_query = ""
     simul_verify_query = "SELECT radacctid, acctsessionid, 
username,                                nasipaddress, nasportid, 
framedipaddress,                                callingstationid, 
framedprotocol                                FROM 
radacct                                WHERE username = 
'%{SQL-User-Name}'                                AND acctstoptime IS NULL"
     postauth_query = "INSERT INTO radpostauth                           
(username, pass, reply, authdate)                           VALUES ( 
'%{User-Name}', '%{%{User-Password}:-%{Chap-Password}}', 
'%{reply:Packet-Type}', '%S')"
     safe-characters = 
"@abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789.-_: /"
   }
rlm_sql (sql): Driver rlm_sql_mysql (module rlm_sql_mysql) loaded and linked
rlm_sql (sql): Attempting to connect to radius at localhost:3306/radius
rlm_sql (sql): starting 0
rlm_sql (sql): Attempting to connect rlm_sql_mysql #0
rlm_sql_mysql: Starting connect to MySQL server for #0
rlm_sql (sql): Connected new DB handle, #0
rlm_sql (sql): starting 1
rlm_sql (sql): Attempting to connect rlm_sql_mysql #1
rlm_sql_mysql: Starting connect to MySQL server for #1
rlm_sql (sql): Connected new DB handle, #1
rlm_sql (sql): starting 2
rlm_sql (sql): Attempting to connect rlm_sql_mysql #2
rlm_sql_mysql: Starting connect to MySQL server for #2
rlm_sql (sql): Connected new DB handle, #2
rlm_sql (sql): starting 3
rlm_sql (sql): Attempting to connect rlm_sql_mysql #3
rlm_sql_mysql: Starting connect to MySQL server for #3
rlm_sql (sql): Connected new DB handle, #3
rlm_sql (sql): starting 4
rlm_sql (sql): Attempting to connect rlm_sql_mysql #4
rlm_sql_mysql: Starting connect to MySQL server for #4
rlm_sql (sql): Connected new DB handle, #4
  }
radiusd: #### Loading Virtual Servers ####
server inner-tunnel { # from file /usr/local/synoradius/rad_site_inn_local
  modules {
  Module: Checking authenticate {...} for more modules to load
  Module: Linked to module rlm_pap
  Module: Instantiating module "pap" from file 
/var/packages/RadiusServer/target//etc/raddb/modules/pap
   pap {
     encryption_scheme = "auto"
     auto_header = no
   }
  Module: Linked to module rlm_chap
  Module: Instantiating module "chap" from file 
/var/packages/RadiusServer/target//etc/raddb/modules/chap
  Module: Linked to module rlm_mschap
  Module: Instantiating module "mschap" from file 
/var/packages/RadiusServer/target//etc/raddb/modules/mschap
   mschap {
     use_mppe = yes
     require_encryption = no
     require_strong = no
     with_ntdomain_hack = yes
   }
  Module: Linked to module rlm_unix
  Module: Instantiating module "unix" from file 
/var/packages/RadiusServer/target//etc/raddb/modules/unix
   unix {
     radwtmp = "/var/packages/RadiusServer/target//var/log/radius/radwtmp"
   }
  Module: Linked to module rlm_eap
  Module: Instantiating module "eap" from file 
/var/packages/RadiusServer/target//etc/raddb/eap.conf
   eap {
     default_eap_type = "mschapv2"
     timer_expire = 60
     ignore_unknown_eap_types = no
     cisco_accounting_username_bug = no
     max_sessions = 4096
   }
  Module: Linked to sub-module rlm_eap_md5
  Module: Instantiating eap-md5
  Module: Linked to sub-module rlm_eap_leap
  Module: Instantiating eap-leap
  Module: Linked to sub-module rlm_eap_gtc
  Module: Instantiating eap-gtc
    gtc {
     challenge = "Password: "
     auth_type = "PAP"
    }
  Module: Linked to sub-module rlm_eap_tls
  Module: Instantiating eap-tls
    tls {
     rsa_key_exchange = no
     dh_key_exchange = yes
     rsa_key_length = 512
     dh_key_length = 512
     verify_depth = 0
     CA_path = "/usr/syno/etc/ssl/ssl.crt"
     pem_file_type = yes
     private_key_file = "/usr/syno/etc/ssl/ssl.key/server.key"
     certificate_file = "/usr/syno/etc/ssl/ssl.crt/server.crt"
     CA_file = "/usr/syno/etc/ssl/ssl.crt/ca.crt"
     private_key_password = "12345"
     dh_file = "/var/packages/RadiusServer/target//etc/raddb/certs/dh"
     random_file = 
"/var/packages/RadiusServer/target//etc/raddb/certs/random"
     fragment_size = 1024
     include_length = yes
     check_crl = no
     cipher_list = "DEFAULT"
     verify {
     }
    }
  Module: Linked to sub-module rlm_eap_ttls
  Module: Instantiating eap-ttls
    ttls {
     default_eap_type = "mschapv2"
     copy_request_to_tunnel = no
     use_tunneled_reply = no
     virtual_server = "inner-tunnel"
     include_length = yes
    }
  Module: Linked to sub-module rlm_eap_peap
  Module: Instantiating eap-peap
    peap {
     default_eap_type = "mschapv2"
     copy_request_to_tunnel = no
     use_tunneled_reply = no
     proxy_tunneled_request_as_eap = yes
     virtual_server = "inner-tunnel"
    }
  Module: Linked to sub-module rlm_eap_mschapv2
  Module: Instantiating eap-mschapv2
    mschapv2 {
     with_ntdomain_hack = no
    }
  Module: Checking authorize {...} for more modules to load
  Module: Linked to module rlm_realm
  Module: Instantiating module "suffix" from file 
/var/packages/RadiusServer/target//etc/raddb/modules/realm
   realm suffix {
     format = "suffix"
     delimiter = "@"
     ignore_default = no
     ignore_null = no
   }
  Module: Linked to module rlm_files
  Module: Instantiating module "files" from file 
/var/packages/RadiusServer/target//etc/raddb/modules/files
   files {
     usersfile = "/var/packages/RadiusServer/target//etc/raddb/users"
     acctusersfile = 
"/var/packages/RadiusServer/target//etc/raddb/acct_users"
     preproxy_usersfile = 
"/var/packages/RadiusServer/target//etc/raddb/preproxy_users"
     compat = "no"
   }
  Module: Linked to module rlm_passwd
  Module: Instantiating module "smbpasswd" from file 
/var/packages/RadiusServer/target//etc/raddb/modules/smbpasswd
   passwd smbpasswd {
     filename = "/usr/syno/etc/private/smbpasswd"
     format = "*User-Name::LM-Password:NT-Password:SMB-Account-CTRL-TEXT::"
     delimiter = ":"
     ignorenislike = no
     ignoreempty = yes
     allowmultiplekeys = no
     hashsize = 100
   }
rlm_passwd: nfields: 7 keyfield 0(User-Name) listable: no
  Module: Checking session {...} for more modules to load
  Module: Linked to module rlm_radutmp
  Module: Instantiating module "radutmp" from file 
/var/packages/RadiusServer/target//etc/raddb/modules/radutmp
   radutmp {
     filename = "/var/packages/RadiusServer/target//var/log/radius/radutmp"
     username = "%{User-Name}"
     case_sensitive = yes
     check_with_nas = yes
     perm = 384
     callerid = yes
   }
  Module: Checking post-proxy {...} for more modules to load
  Module: Checking post-auth {...} for more modules to load
  Module: Linked to module rlm_attr_filter
  Module: Instantiating module "attr_filter.access_reject" from file 
/var/packages/RadiusServer/target//etc/raddb/modules/attr_filter
   attr_filter attr_filter.access_reject {
     attrsfile = 
"/var/packages/RadiusServer/target//etc/raddb/attrs.access_reject"
     key = "%{User-Name}"
   }
  } # modules
} # server
server { # from file 
/var/packages/RadiusServer/target//etc/raddb/radiusd.conf
  modules {
  Module: Checking authenticate {...} for more modules to load
  Module: Linked to module rlm_digest
  Module: Instantiating module "digest" from file 
/var/packages/RadiusServer/target//etc/raddb/modules/digest
  Module: Checking authorize {...} for more modules to load
  Module: Linked to module rlm_preprocess
  Module: Instantiating module "preprocess" from file 
/var/packages/RadiusServer/target//etc/raddb/modules/preprocess
   preprocess {
     huntgroups = "/var/packages/RadiusServer/target//etc/raddb/huntgroups"
     hints = "/var/packages/RadiusServer/target//etc/raddb/hints"
     with_ascend_hack = no
     ascend_channels_per_line = 23
     with_ntdomain_hack = no
     with_specialix_jetstream_hack = no
     with_cisco_vsa_hack = no
     with_alvarion_vsa_hack = no
   }
  Module: Linked to module rlm_sqlcounter
  Module: Instantiating module "noresetcounter" from file 
/var/packages/RadiusServer/target//etc/raddb/counter.conf
   sqlcounter noresetcounter {
     counter-name = "Max-All-Session-Time"
     check-name = "Max-All-Session"
     key = "User-Name"
     sqlmod-inst = "sql"
     query = "SELECT IFNULL(SUM(AcctSessionTime),0) FROM radacct WHERE 
UserName='%{%k}'"
     reset = "never"
     safe-characters = 
"@abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789.-_: /"
   }
rlm_sqlcounter: Reply attribute set to Session-Timeout.
rlm_sqlcounter: Counter attribute Max-All-Session-Time is number 11273
rlm_sqlcounter: Check attribute Max-All-Session is number 11274
rlm_sqlcounter: Current Time: 1376339087 [2013-08-12 23:24:47], Next 
reset 0 [2013-08-12 23:00:00]
rlm_sqlcounter: Current Time: 1376339087 [2013-08-12 23:24:47], Prev 
reset 0 [2013-08-12 23:00:00]
  Module: Instantiating module "dailycounter" from file 
/var/packages/RadiusServer/target//etc/raddb/counter.conf
   sqlcounter dailycounter {
     counter-name = "Daily-Session-Time"
     check-name = "Max-Daily-Session"
     reply-name = "Session-Timeout"
     key = "User-Name"
     sqlmod-inst = "sql"
     query = "SELECT SUM(acctsessiontime - GREATEST((%b - 
UNIX_TIMESTAMP(acctstarttime)), 0)) FROM radacct WHERE username = 
'%{%k}' AND UNIX_TIMESTAMP(acctstarttime) + acctsessiontime > '%b'"
     reset = "daily"
     safe-characters = 
"@abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789.-_: /"
   }
rlm_sqlcounter: Reply attribute Session-Timeout is number 27
rlm_sqlcounter: Counter attribute Daily-Session-Time is number 11275
rlm_sqlcounter: Check attribute Max-Daily-Session is number 11276
rlm_sqlcounter: Current Time: 1376339087 [2013-08-12 23:24:47], Next 
reset 1376341200 [2013-08-13 00:00:00]
rlm_sqlcounter: Current Time: 1376339087 [2013-08-12 23:24:47], Prev 
reset 1376254800 [2013-08-12 00:00:00]
  Module: Instantiating module "monthlycounter" from file 
/var/packages/RadiusServer/target//etc/raddb/counter.conf
   sqlcounter monthlycounter {
     counter-name = "Monthly-Session-Time"
     check-name = "Max-Monthly-Session"
     reply-name = "Session-Timeout"
     key = "User-Name"
     sqlmod-inst = "sql"
     query = "SELECT SUM(acctsessiontime - GREATEST((%b - 
UNIX_TIMESTAMP(acctstarttime)), 0)) FROM radacct WHERE username='%{%k}' 
AND UNIX_TIMESTAMP(acctstarttime) + acctsessiontime > '%b'"
     reset = "monthly"
     safe-characters = 
"@abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789.-_: /"
   }
rlm_sqlcounter: Reply attribute Session-Timeout is number 27
rlm_sqlcounter: Counter attribute Monthly-Session-Time is number 11277
rlm_sqlcounter: Check attribute Max-Monthly-Session is number 11278
rlm_sqlcounter: Current Time: 1376339087 [2013-08-12 23:24:47], Next 
reset 1377982800 [2013-09-01 00:00:00]
rlm_sqlcounter: Current Time: 1376339087 [2013-08-12 23:24:47], Prev 
reset 1375304400 [2013-08-01 00:00:00]
  Module: Checking preacct {...} for more modules to load
  Module: Linked to module rlm_acct_unique
  Module: Instantiating module "acct_unique" from file 
/var/packages/RadiusServer/target//etc/raddb/modules/acct_unique
   acct_unique {
     key = "User-Name, Acct-Session-Id, NAS-IP-Address, 
Client-IP-Address, NAS-Port"
   }
  Module: Checking accounting {...} for more modules to load
  Module: Linked to module rlm_detail
  Module: Instantiating module "detail" from file 
/var/packages/RadiusServer/target//etc/raddb/modules/detail
   detail {
     detailfile = 
"/var/packages/RadiusServer/target//var/log/radius/radacct/%{Client-IP-Address}/detail-%Y%m%d"
     header = "%t"
     detailperm = 384
     dirperm = 493
     locking = no
     log_packet_header = no
   }
  Module: Instantiating module "attr_filter.accounting_response" from 
file /var/packages/RadiusServer/target//etc/raddb/modules/attr_filter
   attr_filter attr_filter.accounting_response {
     attrsfile = 
"/var/packages/RadiusServer/target//etc/raddb/attrs.accounting_response"
     key = "%{User-Name}"
   }
  Module: Checking session {...} for more modules to load
  Module: Checking post-proxy {...} for more modules to load
  Module: Checking post-auth {...} for more modules to load
  } # modules
} # server
radiusd: #### Opening IP addresses and Ports ####
listen {
     type = "auth"
     ipaddr = 192.168.178.24
     port = 1812
}
listen {
     type = "auth"
     ipaddr = 127.0.0.1
     port = 1812
}
listen {
     type = "auth"
     ipaddr = 10.8.0.1
     port = 1812
}
listen {
     type = "control"
  listen {
     socket = 
"/var/packages/RadiusServer/target//var/run/radiusd/radiusd.sock"
  }
}
listen {
     type = "auth"
     ipaddr = 127.0.0.1
     port = 18120
}
Listening on authentication address 192.168.178.24 port 1812
Listening on authentication address 127.0.0.1 port 1812
Listening on authentication address 10.8.0.1 port 1812
Listening on command file 
/var/packages/RadiusServer/target//var/run/radiusd/radiusd.sock
Listening on authentication address 127.0.0.1 port 18120 as server 
inner-tunnel
Ready to process requests.
rad_recv: Access-Request packet from host 192.168.178.25 port 32888, 
id=2, length=148
     User-Name = "tee"
     NAS-IP-Address = 0.0.0.0
     Called-Station-Id = "7C-4F-B5-FE-BD-14:SEHR_GEHEIM"
     Calling-Station-Id = "14-89-FD-DA-ED-19"
     NAS-Identifier = "BOSS-SYNOLOGY"
     NAS-Port = 29
     Service-Type = Framed-User
     Framed-MTU = 1400
     NAS-Port-Type = Wireless-802.11
     EAP-Message = 0x0202000801746565
     Message-Authenticator = 0xf59055370165c1ac3839db5f8195752c
SYNOUserGet failed. [0x1D00 user_db_get.c:63]
# Executing section authorize from file 
/usr/local/synoradius/rad_site_def_local
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
++[digest] returns noop
[suffix] No '@' in User-Name = "tee", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] EAP packet type response id 2 length 8
[eap] No EAP Start, assuming it's an on-going EAP conversation
++[eap] returns updated
++[unix] returns notfound
++[smbpasswd] returns notfound
++[expiration] returns noop
++[logintime] returns noop
[sql]     expand: %{User-Name} -> tee
[sql] sql_set_user escaped user --> 'tee'
rlm_sql (sql): Reserving sql socket id: 4
[sql]     expand: SELECT id, username, attribute, value, op           
FROM radcheck           WHERE username = '%{SQL-User-Name}'           
ORDER BY id -> SELECT id, username, attribute, value, op           FROM 
radcheck           WHERE username = 'tee'           ORDER BY id
rlm_sql_mysql: query:  SELECT id, username, attribute, value, 
op           FROM radcheck           WHERE username = 'tee'           
ORDER BY id
[sql] User found in radcheck table
[sql]     expand: SELECT id, username, attribute, value, op           
FROM radreply           WHERE username = '%{SQL-User-Name}'           
ORDER BY id -> SELECT id, username, attribute, value, op           FROM 
radreply           WHERE username = 'tee'           ORDER BY id
rlm_sql_mysql: query:  SELECT id, username, attribute, value, 
op           FROM radreply           WHERE username = 'tee'           
ORDER BY id
[sql]     expand: SELECT groupname           FROM radusergroup           
WHERE username = '%{SQL-User-Name}' ORDER BY priority -> SELECT 
groupname           FROM radusergroup           WHERE username = 
'tee'           ORDER BY priority
rlm_sql_mysql: query:  SELECT groupname           FROM 
radusergroup           WHERE username = 'tee'           ORDER BY priority
rlm_sql (sql): Released sql socket id: 4
++[sql] returns ok
rlm_sqlcounter: Entering module authorize code
sqlcounter_expand:  'SELECT IFNULL(SUM(AcctSessionTime),0) FROM radacct 
WHERE UserName='%{User-Name}''
[noresetcounter]     expand: SELECT IFNULL(SUM(AcctSessionTime),0) FROM 
radacct WHERE UserName='%{User-Name}' -> SELECT 
IFNULL(SUM(AcctSessionTime),0) FROM radacct WHERE UserName='tee'
sqlcounter_expand:  '%{sql:SELECT IFNULL(SUM(AcctSessionTime),0) FROM 
radacct WHERE UserName='tee'}'
[noresetcounter] sql_xlat
[noresetcounter]     expand: %{User-Name} -> tee
[noresetcounter] sql_set_user escaped user --> 'tee'
[noresetcounter]     expand: SELECT IFNULL(SUM(AcctSessionTime),0) FROM 
radacct WHERE UserName='tee' -> SELECT IFNULL(SUM(AcctSessionTime),0) 
FROM radacct WHERE UserName='tee'
[noresetcounter]     expand: 
/var/packages/RadiusServer/target//var/log/radius/sqltrace.sql -> 
/var/packages/RadiusServer/target//var/log/radius/sqltrace.sql
rlm_sql (sql): Reserving sql socket id: 3
rlm_sql_mysql: query:  SELECT IFNULL(SUM(AcctSessionTime),0) FROM 
radacct WHERE UserName='tee'
[noresetcounter] sql_xlat finished
rlm_sql (sql): Released sql socket id: 3
[noresetcounter]     expand: %{sql:SELECT IFNULL(SUM(AcctSessionTime),0) 
FROM radacct WHERE UserName='tee'} -> 0
rlm_sqlcounter: Check item is greater than query result
rlm_sqlcounter: Authorized user tee, check_item=10, counter=0
rlm_sqlcounter: Sent Reply-Item for user tee, Type=Session-Timeout, value=10
++[noresetcounter] returns ok
rlm_sqlcounter: Entering module authorize code
rlm_sqlcounter: Could not find Check item value pair
++[dailycounter] returns noop
rlm_sqlcounter: Entering module authorize code
rlm_sqlcounter: Could not find Check item value pair
++[monthlycounter] returns noop
[pap] WARNING: Auth-Type already set.  Not setting to PAP
++[pap] returns noop
Found Auth-Type = EAP
# Executing group from file /usr/local/synoradius/rad_site_def_local
+- entering group authenticate {...}
[eap] EAP Identity
[eap] processing type mschapv2
rlm_eap_mschapv2: Issuing Challenge
++[eap] returns handled
Sending Access-Challenge of id 2 to 192.168.178.25 port 32888
     Session-Timeout = 10
     EAP-Message = 
0x0103001d1a01030018102526be8601cef6396823d8998c0b6b83746565
     Message-Authenticator = 0x00000000000000000000000000000000
     State = 0x80f6878580f59d56ed034e3134225de2
Finished request 0.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 192.168.178.25 port 32889, 
id=3, length=164
     User-Name = "tee"
     NAS-IP-Address = 0.0.0.0
     Called-Station-Id = "7C-4F-B5-FE-BD-14:SEHR_GEHEIM"
     Calling-Station-Id = "14-89-FD-DA-ED-19"
     NAS-Identifier = "BOSS-SYNOLOGY"
     NAS-Port = 29
     Service-Type = Framed-User
     Framed-MTU = 1400
     NAS-Port-Type = Wireless-802.11
     State = 0x80f6878580f59d56ed034e3134225de2
     EAP-Message = 0x020300060319
     Message-Authenticator = 0xee84edb24a2bb9a12f35e3a403393663
SYNOUserGet failed. [0x1D00 user_db_get.c:63]
# Executing section authorize from file 
/usr/local/synoradius/rad_site_def_local
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
++[digest] returns noop
[suffix] No '@' in User-Name = "tee", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] EAP packet type response id 3 length 6
[eap] No EAP Start, assuming it's an on-going EAP conversation
++[eap] returns updated
++[unix] returns notfound
++[smbpasswd] returns notfound
++[expiration] returns noop
++[logintime] returns noop
[sql]     expand: %{User-Name} -> tee
[sql] sql_set_user escaped user --> 'tee'
rlm_sql (sql): Reserving sql socket id: 2
[sql]     expand: SELECT id, username, attribute, value, op           
FROM radcheck           WHERE username = '%{SQL-User-Name}'           
ORDER BY id -> SELECT id, username, attribute, value, op           FROM 
radcheck           WHERE username = 'tee'           ORDER BY id
rlm_sql_mysql: query:  SELECT id, username, attribute, value, 
op           FROM radcheck           WHERE username = 'tee'           
ORDER BY id
[sql] User found in radcheck table
[sql]     expand: SELECT id, username, attribute, value, op           
FROM radreply           WHERE username = '%{SQL-User-Name}'           
ORDER BY id -> SELECT id, username, attribute, value, op           FROM 
radreply           WHERE username = 'tee'           ORDER BY id
rlm_sql_mysql: query:  SELECT id, username, attribute, value, 
op           FROM radreply           WHERE username = 'tee'           
ORDER BY id
[sql]     expand: SELECT groupname           FROM radusergroup           
WHERE username = '%{SQL-User-Name}' ORDER BY priority -> SELECT 
groupname           FROM radusergroup           WHERE username = 
'tee'           ORDER BY priority
rlm_sql_mysql: query:  SELECT groupname           FROM 
radusergroup           WHERE username = 'tee'           ORDER BY priority
rlm_sql (sql): Released sql socket id: 2
++[sql] returns ok
rlm_sqlcounter: Entering module authorize code
sqlcounter_expand:  'SELECT IFNULL(SUM(AcctSessionTime),0) FROM radacct 
WHERE UserName='%{User-Name}''
[noresetcounter]     expand: SELECT IFNULL(SUM(AcctSessionTime),0) FROM 
radacct WHERE UserName='%{User-Name}' -> SELECT 
IFNULL(SUM(AcctSessionTime),0) FROM radacct WHERE UserName='tee'
sqlcounter_expand:  '%{sql:SELECT IFNULL(SUM(AcctSessionTime),0) FROM 
radacct WHERE UserName='tee'}'
[noresetcounter] sql_xlat
[noresetcounter]     expand: %{User-Name} -> tee
[noresetcounter] sql_set_user escaped user --> 'tee'
[noresetcounter]     expand: SELECT IFNULL(SUM(AcctSessionTime),0) FROM 
radacct WHERE UserName='tee' -> SELECT IFNULL(SUM(AcctSessionTime),0) 
FROM radacct WHERE UserName='tee'
[noresetcounter]     expand: 
/var/packages/RadiusServer/target//var/log/radius/sqltrace.sql -> 
/var/packages/RadiusServer/target//var/log/radius/sqltrace.sql
rlm_sql (sql): Reserving sql socket id: 1
rlm_sql_mysql: query:  SELECT IFNULL(SUM(AcctSessionTime),0) FROM 
radacct WHERE UserName='tee'
[noresetcounter] sql_xlat finished
rlm_sql (sql): Released sql socket id: 1
[noresetcounter]     expand: %{sql:SELECT IFNULL(SUM(AcctSessionTime),0) 
FROM radacct WHERE UserName='tee'} -> 0
rlm_sqlcounter: Check item is greater than query result
rlm_sqlcounter: Authorized user tee, check_item=10, counter=0
rlm_sqlcounter: Sent Reply-Item for user tee, Type=Session-Timeout, value=10
++[noresetcounter] returns ok
rlm_sqlcounter: Entering module authorize code
rlm_sqlcounter: Could not find Check item value pair
++[dailycounter] returns noop
rlm_sqlcounter: Entering module authorize code
rlm_sqlcounter: Could not find Check item value pair
++[monthlycounter] returns noop
[pap] WARNING: Auth-Type already set.  Not setting to PAP
++[pap] returns noop
Found Auth-Type = EAP
# Executing group from file /usr/local/synoradius/rad_site_def_local
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP NAK
[eap] EAP-NAK asked for EAP-Type/peap
[eap] processing type tls
[tls] Initiate
[tls] Start returned 1
++[eap] returns handled
Sending Access-Challenge of id 3 to 192.168.178.25 port 32889
     Session-Timeout = 10
     EAP-Message = 0x010400061920
     Message-Authenticator = 0x00000000000000000000000000000000
     State = 0x80f6878581f29e56ed034e3134225de2
Finished request 1.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 192.168.178.25 port 32890, 
id=4, length=358
     User-Name = "tee"
     NAS-IP-Address = 0.0.0.0
     Called-Station-Id = "7C-4F-B5-FE-BD-14:SEHR_GEHEIM"
     Calling-Station-Id = "14-89-FD-DA-ED-19"
     NAS-Identifier = "BOSS-SYNOLOGY"
     NAS-Port = 29
     Service-Type = Framed-User
     Framed-MTU = 1400
     NAS-Port-Type = Wireless-802.11
     State = 0x80f6878581f29e56ed034e3134225de2
     EAP-Message = 
0x020400c81980000000be16030100b9010000b503015209453a90c3ad1dc68b3867c87da1c17aca3b3104bd3f8411b2f706669db885000048c014c00a00390038c00fc0050035c012c00800160013c00dc003000ac013c00900330032c00ec004002fc011c007c00cc002000500040015001200090014001100080006000300ff01000044000b000403000102000a00340032000100020003000400050006000700080009000a000b000c000d000e000f001000110012001300140015001600170018001900230000
     Message-Authenticator = 0xa061bb8038b36017614af4150749eb45
SYNOUserGet failed. [0x1D00 user_db_get.c:63]
# Executing section authorize from file 
/usr/local/synoradius/rad_site_def_local
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
++[digest] returns noop
[suffix] No '@' in User-Name = "tee", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] EAP packet type response id 4 length 200
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
# Executing group from file /usr/local/synoradius/rad_site_def_local
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
   TLS Length 190
[peap] Length Included
[peap] eaptls_verify returned 11
[peap]     (other): before/accept initialization
[peap]     TLS_accept: before/accept initialization
[peap] <<< TLS 1.0 Handshake [length 00b9], ClientHello
[peap]     TLS_accept: SSLv3 read client hello A
[peap] >>> TLS 1.0 Handshake [length 0031], ServerHello
[peap]     TLS_accept: SSLv3 write server hello A
[peap] >>> TLS 1.0 Handshake [length 068d], Certificate
[peap]     TLS_accept: SSLv3 write certificate A
[peap] >>> TLS 1.0 Handshake [length 018d], ServerKeyExchange
[peap]     TLS_accept: SSLv3 write key exchange A
[peap] >>> TLS 1.0 Handshake [length 0004], ServerHelloDone
[peap]     TLS_accept: SSLv3 write server done A
[peap]     TLS_accept: SSLv3 flush data
[peap]     TLS_accept: Need to read more data: SSLv3 read client 
certificate A
In SSL Handshake Phase
In SSL Accept mode
[peap] eaptls_process returned 13
[peap] EAPTLS_HANDLED
++[eap] returns handled
Sending Access-Challenge of id 4 to 192.168.178.25 port 32890
     EAP-Message = 
0x0105040019c00000086316030100310200002d0301520944b6b2e68061e8cb6e0810d75b046a7fc240531e641cc6ca21bd7fe212ae000039000005ff01000100160301068d0b00068900068600032f3082032b30820294a00302010202051132211a60300d06092a864886f70d01010505003081a7310b3009060355040613025457310f300d0603550408130654616977616e310f300d0603550407130654616970656931163014060355040a130d53796e6f6c6f677920496e632e311e301c060355040b1315436572746966696361746520417574686f72697479311930170603550403131053796e6f6c6f677920496e632e204341312330210609
     EAP-Message = 
0x2a864886f70d010901161470726f647563744073796e6f6c6f67792e636f6d301e170d3133303733313136313431335a170d3333303431373136313431335a308196310b3009060355040613025457310f300d0603550408130654616977616e310f300d0603550407130654616970656931163014060355040a130d53796e6f6c6f677920496e632e3111300f060355040b1308465450205465616d311530130603550403130c73796e6f6c6f67792e636f6d3123302106092a864886f70d010901161470726f647563744073796e6f6c6f67792e636f6d30819f300d06092a864886f70d010101050003818d0030818902818100cb8bd49b3ff39917
     EAP-Message = 
0x1a0e21017d6b4d5c453d099ea419d8b6936d113e108f35aa2479645bd2b9c1f41759efd7c4386c4db0a2931e9d55d3bb8592c9861a56eca4080d40ba4b1854f9d754d076c1a73293c1f80ef990d1c4f115a9a3b2911f16af46cb894772f166323ae0b863d88a1b2a234c5f94ce518875b461fab3ee875a850203010001a3723070301f0603551d1104183016811470726f647563744073796e6f6c6f67792e636f6d303a06096086480186f842010d042d162b6d6f645f73736c2067656e65726174656420637573746f6d20736572766572206365727469666963617465301106096086480186f8420101040403020640300d06092a864886f70d0101
     EAP-Message = 
0x050500038181009215bcd8253932c648f6a14119b66f48438125886dcbc96eeee7b4cb3e56389c9b6ff5932a9b184e913aacc14408d82f7fe5eb371080139aa50d28326d4bd535f95bb3fd2de3dcb48a9b0d1a7c341e803bf4a76250883d716dca25f0821889a9363896f788462613e51e705dc112cfbb830d4f2b4a92939fa38a47d5c08ed6070003513082034d308202b6a0030201020209009fd19fa01a036ca5300d06092a864886f70d01010505003081a7310b3009060355040613025457310f300d0603550408130654616977616e310f300d0603550407130654616970656931163014060355040a130d53796e6f6c6f677920496e632e311e
     EAP-Message = 0x301c060355040b1315436572
     Message-Authenticator = 0x00000000000000000000000000000000
     State = 0x80f6878582f39e56ed034e3134225de2
Finished request 2.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 192.168.178.25 port 32891, 
id=5, length=164
     User-Name = "tee"
     NAS-IP-Address = 0.0.0.0
     Called-Station-Id = "7C-4F-B5-FE-BD-14:SEHR_GEHEIM"
     Calling-Station-Id = "14-89-FD-DA-ED-19"
     NAS-Identifier = "BOSS-SYNOLOGY"
     NAS-Port = 29
     Service-Type = Framed-User
     Framed-MTU = 1400
     NAS-Port-Type = Wireless-802.11
     State = 0x80f6878582f39e56ed034e3134225de2
     EAP-Message = 0x020500061900
     Message-Authenticator = 0xafa2dd19e749573ebea82436d5b89cad
SYNOUserGet failed. [0x1D00 user_db_get.c:63]
# Executing section authorize from file 
/usr/local/synoradius/rad_site_def_local
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
++[digest] returns noop
[suffix] No '@' in User-Name = "tee", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] EAP packet type response id 5 length 6
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
# Executing group from file /usr/local/synoradius/rad_site_def_local
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
[peap] Received TLS ACK
[peap] ACK handshake fragment handler
[peap] eaptls_verify returned 1
[peap] eaptls_process returned 13
[peap] EAPTLS_HANDLED
++[eap] returns handled
Sending Access-Challenge of id 5 to 192.168.178.25 port 32891
     EAP-Message = 
0x010603fc1940746966696361746520417574686f72697479311930170603550403131053796e6f6c6f677920496e632e2043413123302106092a864886f70d010901161470726f647563744073796e6f6c6f67792e636f6d301e170d3133303733313136313431325a170d3333303431373136313431325a3081a7310b3009060355040613025457310f300d0603550408130654616977616e310f300d0603550407130654616970656931163014060355040a130d53796e6f6c6f677920496e632e311e301c060355040b1315436572746966696361746520417574686f72697479311930170603550403131053796e6f6c6f677920496e632e204341
     EAP-Message = 
0x3123302106092a864886f70d010901161470726f647563744073796e6f6c6f67792e636f6d30819f300d06092a864886f70d010101050003818d0030818902818100b5b133c2343ee72c325b5567566e16984e3ad4f964f71d5c676cada2e7a55a8957fd5aa30f7647f72d58206bfd7f13d65be2f1252a12a8dbfa999bc4bfced5676e0604bce97bc997c7c464be66d45af768e05e44dd0f03d4f6e53031c14e078637e764e161ac6b2f90047b7afa8c277c9520ae95491517d552aca0841f3215b10203010001a37f307d301f0603551d1104183016811470726f647563744073796e6f6c6f67792e636f6d300f0603551d13040830060101ff020100
     EAP-Message = 
0x303606096086480186f842010d042916276d6f645f73736c2067656e65726174656420637573746f6d204341206365727469666963617465301106096086480186f8420101040403020204300d06092a864886f70d0101050500038181002456f5d7e49a3cf41f5cd5b7f785e9880ad4748e80a614f20b311b44b38e3473b057088573cf4c4b4a78c0447b290964bf09c31f9f7aba5135f3afec170ebd75d978971ede94fd8790ab4e1cf34044f6e5b81cf3d50043195de029497756df668ab2f30b9eb59b32eaddd5cc8ac37e0dafdf87c13f976a1d9557e56f1e703315160301018d0c0001890080ba686466df6626c54cb03b6bbb2eb1522c8d2c8b
     EAP-Message = 
0xcdec316e5dceff84790a957f998ba7f1f109022e0e0c1f488cf51205d0d52a037fd93eb516aa86077df28d768f06c9a5538c860e17447be3d586bd2eba6930a1f07bd0b6abf3411783100e25d2b072097153a03081a6ced3e1ba10949d76a45c7e45f7a21ffe9ebc356bf2db00010200806b20fdffec6f7616b1ac0792a9ee1f111049b7f8071650e56d23fcdd7f3415fc04dc2f5be34de147b3b0ac318d0417ffe53e92f66712f1cafcebe3f1393b90563d5efd20a07ce8bc537cb002dd9ecc8d8cc638d0e4f489af364445e2dabee94c19213b4b64a28ce00d2ef4e6b73a50635d7287f0a7320a8ca7c1d5e244f8d72e00803f5fca5ed430815840c6
     EAP-Message = 0xca51c8a72b134129
     Message-Authenticator = 0x00000000000000000000000000000000
     State = 0x80f6878583f09e56ed034e3134225de2
Finished request 3.
Going to the next request
Waking up in 4.8 seconds.
rad_recv: Access-Request packet from host 192.168.178.25 port 32892, 
id=6, length=164
     User-Name = "tee"
     NAS-IP-Address = 0.0.0.0
     Called-Station-Id = "7C-4F-B5-FE-BD-14:SEHR_GEHEIM"
     Calling-Station-Id = "14-89-FD-DA-ED-19"
     NAS-Identifier = "BOSS-SYNOLOGY"
     NAS-Port = 29
     Service-Type = Framed-User
     Framed-MTU = 1400
     NAS-Port-Type = Wireless-802.11
     State = 0x80f6878583f09e56ed034e3134225de2
     EAP-Message = 0x020600061900
     Message-Authenticator = 0xad5cb37a135449788276514fb81fb9fd
SYNOUserGet failed. [0x1D00 user_db_get.c:63]
# Executing section authorize from file 
/usr/local/synoradius/rad_site_def_local
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
++[digest] returns noop
[suffix] No '@' in User-Name = "tee", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] EAP packet type response id 6 length 6
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
# Executing group from file /usr/local/synoradius/rad_site_def_local
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
[peap] Received TLS ACK
[peap] ACK handshake fragment handler
[peap] eaptls_verify returned 1
[peap] eaptls_process returned 13
[peap] EAPTLS_HANDLED
++[eap] returns handled
Sending Access-Challenge of id 6 to 192.168.178.25 port 32892
     EAP-Message = 
0x0107007d19005de838683537a84f610da2c4f9a1369bd6e9ca9fd0aa2b44cd7d84186e925f4c2db27fb7d62b54caa6830c26a0160954a854648dc84a6205ad79d9cceafae9732b8d41d72935baeff7ce5c37dc82b4574ffe9cca9d7c460e1a15badc88c75a6d43f843c3108256f4ade50967559816030100040e000000
     Message-Authenticator = 0x00000000000000000000000000000000
     State = 0x80f6878584f19e56ed034e3134225de2
Finished request 4.
Going to the next request
Waking up in 4.8 seconds.
rad_recv: Access-Request packet from host 192.168.178.25 port 32893, 
id=7, length=366
     User-Name = "tee"
     NAS-IP-Address = 0.0.0.0
     Called-Station-Id = "7C-4F-B5-FE-BD-14:SEHR_GEHEIM"
     Calling-Station-Id = "14-89-FD-DA-ED-19"
     NAS-Identifier = "BOSS-SYNOLOGY"
     NAS-Port = 29
     Service-Type = Framed-User
     Framed-MTU = 1400
     NAS-Port-Type = Wireless-802.11
     State = 0x80f6878584f19e56ed034e3134225de2
     EAP-Message = 
0x020700d01980000000c616030100861000008200808bdd91a9487dccff09234e723cee7ba21725e2a670592009c304699865f930e253859f4b20ba934f14dda2549b720816e2b91162a41e36ed46e0a1959e7072400110121bfee72de20d31145db146f527147ebecd9c1f454c025b5d023b689ab64afba2ad9f20924f18a392ebaf2c0a5130b5f9fa444c25f817f7ecfa4972f192140301000101160301003060d9a90b7ed3fd213a43238d564c566728df397a55a7eee655ddb648c1740bd72181631eb7261cc0eceb52424e8fbfc8
     Message-Authenticator = 0x256730f0831061eae27cb1af7157bfe9
SYNOUserGet failed. [0x1D00 user_db_get.c:63]
# Executing section authorize from file 
/usr/local/synoradius/rad_site_def_local
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
++[digest] returns noop
[suffix] No '@' in User-Name = "tee", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] EAP packet type response id 7 length 208
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
# Executing group from file /usr/local/synoradius/rad_site_def_local
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
   TLS Length 198
[peap] Length Included
[peap] eaptls_verify returned 11
[peap] <<< TLS 1.0 Handshake [length 0086], ClientKeyExchange
[peap]     TLS_accept: SSLv3 read client key exchange A
[peap] <<< TLS 1.0 ChangeCipherSpec [length 0001]
[peap] <<< TLS 1.0 Handshake [length 0010], Finished
[peap]     TLS_accept: SSLv3 read finished A
[peap] >>> TLS 1.0 ChangeCipherSpec [length 0001]
[peap]     TLS_accept: SSLv3 write change cipher spec A
[peap] >>> TLS 1.0 Handshake [length 0010], Finished
[peap]     TLS_accept: SSLv3 write finished A
[peap]     TLS_accept: SSLv3 flush data
[peap]     (other): SSL negotiation finished successfully
SSL Connection Established
[peap] eaptls_process returned 13
[peap] EAPTLS_HANDLED
++[eap] returns handled
Sending Access-Challenge of id 7 to 192.168.178.25 port 32893
     EAP-Message = 
0x0108004119001403010001011603010030b8d1cdfe3b2fe4ea114acf6db4bc356e3985ce457b3a1149c84cbfcb02ac65bc4d33d0eb2f8a6e950401633ce4600303
     Message-Authenticator = 0x00000000000000000000000000000000
     State = 0x80f6878585fe9e56ed034e3134225de2
Finished request 5.
Going to the next request
Waking up in 4.7 seconds.
rad_recv: Access-Request packet from host 192.168.178.25 port 32894, 
id=8, length=164
     User-Name = "tee"
     NAS-IP-Address = 0.0.0.0
     Called-Station-Id = "7C-4F-B5-FE-BD-14:SEHR_GEHEIM"
     Calling-Station-Id = "14-89-FD-DA-ED-19"
     NAS-Identifier = "BOSS-SYNOLOGY"
     NAS-Port = 29
     Service-Type = Framed-User
     Framed-MTU = 1400
     NAS-Port-Type = Wireless-802.11
     State = 0x80f6878585fe9e56ed034e3134225de2
     EAP-Message = 0x020800061900
     Message-Authenticator = 0xd8b885a775bd422295146389e760a062
SYNOUserGet failed. [0x1D00 user_db_get.c:63]
# Executing section authorize from file 
/usr/local/synoradius/rad_site_def_local
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
++[digest] returns noop
[suffix] No '@' in User-Name = "tee", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] EAP packet type response id 8 length 6
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
# Executing group from file /usr/local/synoradius/rad_site_def_local
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
[peap] Received TLS ACK
[peap] ACK handshake is finished
[peap] eaptls_verify returned 3
[peap] eaptls_process returned 3
[peap] EAPTLS_SUCCESS
[peap] Session established.  Decoding tunneled attributes.
[peap] Peap state TUNNEL ESTABLISHED
++[eap] returns handled
Sending Access-Challenge of id 8 to 192.168.178.25 port 32894
     EAP-Message = 
0x0109002b190017030100200fd631ca65f225634251679efe7524102e6ad544f576ef00a2f996ac9c4dad67
     Message-Authenticator = 0x00000000000000000000000000000000
     State = 0x80f6878586ff9e56ed034e3134225de2
Finished request 6.
Going to the next request
Waking up in 4.7 seconds.
rad_recv: Access-Request packet from host 192.168.178.25 port 32895, 
id=9, length=238
     User-Name = "tee"
     NAS-IP-Address = 0.0.0.0
     Called-Station-Id = "7C-4F-B5-FE-BD-14:SEHR_GEHEIM"
     Calling-Station-Id = "14-89-FD-DA-ED-19"
     NAS-Identifier = "BOSS-SYNOLOGY"
     NAS-Port = 29
     Service-Type = Framed-User
     Framed-MTU = 1400
     NAS-Port-Type = Wireless-802.11
     State = 0x80f6878586ff9e56ed034e3134225de2
     EAP-Message = 
0x0209005019001703010020a08078622a79e75a566a35e37ef4bf984a4bb904335403eadcdc445bc7bd908a1703010020b0718794786e96045ed88030e9a94236d4ad1672637efb413176da2c3ad27586
     Message-Authenticator = 0xf5b1df8093a72c9530258fe6969a9fc2
SYNOUserGet failed. [0x1D00 user_db_get.c:63]
# Executing section authorize from file 
/usr/local/synoradius/rad_site_def_local
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
++[digest] returns noop
[suffix] No '@' in User-Name = "tee", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] EAP packet type response id 9 length 80
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
# Executing group from file /usr/local/synoradius/rad_site_def_local
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
[peap] eaptls_verify returned 7
[peap] Done initial handshake
[peap] eaptls_process returned 7
[peap] EAPTLS_OK
[peap] Session established.  Decoding tunneled attributes.
[peap] Peap state WAITING FOR INNER IDENTITY
[peap] Identity - tee
[peap] Got inner identity 'tee'
[peap] Setting default EAP type for tunneled EAP session.
[peap] Got tunneled request
     EAP-Message = 0x0209000801746565
server  {
   PEAP: Setting User-Name to tee
Sending tunneled request
     EAP-Message = 0x0209000801746565
     FreeRADIUS-Proxied-To = 127.0.0.1
     User-Name = "tee"
server inner-tunnel {
SYNOUserGet failed. [0x1D00 user_db_get.c:63]
# Executing section authorize from file 
/usr/local/synoradius/rad_site_inn_local
+- entering group authorize {...}
++[chap] returns noop
++[mschap] returns noop
++[unix] returns notfound
[suffix] No '@' in User-Name = "tee", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
++[control] returns noop
[eap] EAP packet type response id 9 length 8
[eap] No EAP Start, assuming it's an on-going EAP conversation
++[eap] returns updated
++[files] returns noop
++[smbpasswd] returns notfound
++[expiration] returns noop
++[logintime] returns noop
++[pap] returns noop
[sql]     expand: %{User-Name} -> tee
[sql] sql_set_user escaped user --> 'tee'
rlm_sql (sql): Reserving sql socket id: 0
[sql]     expand: SELECT id, username, attribute, value, op           
FROM radcheck           WHERE username = '%{SQL-User-Name}'           
ORDER BY id -> SELECT id, username, attribute, value, op           FROM 
radcheck           WHERE username = 'tee'           ORDER BY id
rlm_sql_mysql: query:  SELECT id, username, attribute, value, 
op           FROM radcheck           WHERE username = 'tee'           
ORDER BY id
[sql] User found in radcheck table
[sql]     expand: SELECT id, username, attribute, value, op           
FROM radreply           WHERE username = '%{SQL-User-Name}'           
ORDER BY id -> SELECT id, username, attribute, value, op           FROM 
radreply           WHERE username = 'tee'           ORDER BY id
rlm_sql_mysql: query:  SELECT id, username, attribute, value, 
op           FROM radreply           WHERE username = 'tee'           
ORDER BY id
[sql]     expand: SELECT groupname           FROM radusergroup           
WHERE username = '%{SQL-User-Name}' ORDER BY priority -> SELECT 
groupname           FROM radusergroup           WHERE username = 
'tee'           ORDER BY priority
rlm_sql_mysql: query:  SELECT groupname           FROM 
radusergroup           WHERE username = 'tee'           ORDER BY priority
rlm_sql (sql): Released sql socket id: 0
++[sql] returns ok
WARNING: You set Proxy-To-Realm = LOCAL, but the realm does not exist!  
Cancelling invalid proxy request.
Found Auth-Type = EAP
# Executing group from file /usr/local/synoradius/rad_site_inn_local
+- entering group authenticate {...}
[eap] EAP Identity
[eap] processing type mschapv2
rlm_eap_mschapv2: Issuing Challenge
++[eap] returns handled
} # server inner-tunnel
[peap] Got tunneled reply code 11
     EAP-Message = 
0x010a001d1a010a001810d3f23e8332d772ee6ed7d8e7e96aa314746565
     Message-Authenticator = 0x00000000000000000000000000000000
     State = 0x84e0dc4b84eac6443eb91adc9df1aaf2
[peap] Got tunneled reply RADIUS code 11
     EAP-Message = 
0x010a001d1a010a001810d3f23e8332d772ee6ed7d8e7e96aa314746565
     Message-Authenticator = 0x00000000000000000000000000000000
     State = 0x84e0dc4b84eac6443eb91adc9df1aaf2
[peap] Got tunneled Access-Challenge
++[eap] returns handled
Sending Access-Challenge of id 9 to 192.168.178.25 port 32895
     EAP-Message = 
0x010a003b19001703010030712667073febde764e5f2c9db3f756e283ff2180010ab6ce8279b275dd91f1dab7b11915d8ee1b08d53646ca76c74294
     Message-Authenticator = 0x00000000000000000000000000000000
     State = 0x80f6878587fc9e56ed034e3134225de2
Finished request 7.
Going to the next request
Waking up in 4.7 seconds.
rad_recv: Access-Request packet from host 192.168.178.25 port 32896, 
id=10, length=286
     User-Name = "tee"
     NAS-IP-Address = 0.0.0.0
     Called-Station-Id = "7C-4F-B5-FE-BD-14:SEHR_GEHEIM"
     Calling-Station-Id = "14-89-FD-DA-ED-19"
     NAS-Identifier = "BOSS-SYNOLOGY"
     NAS-Port = 29
     Service-Type = Framed-User
     Framed-MTU = 1400
     NAS-Port-Type = Wireless-802.11
     State = 0x80f6878587fc9e56ed034e3134225de2
     EAP-Message = 
0x020a00801900170301002003b67ac299e85321ff1f02a3fc4882edd957bc03194e8c379bb77f1c79dd009f1703010050b262cbf37cc08590f1736c2e90141e8457f4b7af8e7abbfaef9060ff03a5a2ada76be693ba95f5a159215119aaab21924173f17ec2dbe6d6da2cb99804725379fbd6272198e5cab8587acceaea7dda0b
     Message-Authenticator = 0x44e004b74fa78cf01a38d274530d7614
SYNOUserGet failed. [0x1D00 user_db_get.c:63]
# Executing section authorize from file 
/usr/local/synoradius/rad_site_def_local
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
++[digest] returns noop
[suffix] No '@' in User-Name = "tee", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] EAP packet type response id 10 length 128
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
# Executing group from file /usr/local/synoradius/rad_site_def_local
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
[peap] eaptls_verify returned 7
[peap] Done initial handshake
[peap] eaptls_process returned 7
[peap] EAPTLS_OK
[peap] Session established.  Decoding tunneled attributes.
[peap] Peap state phase2
[peap] EAP type mschapv2
[peap] Got tunneled request
     EAP-Message = 
0x020a003e1a020a003931d5f758f1aeada35c250ccbf62fdedb1200000000000000001d3c61fd341515c0c945528dc1af927b453748b44030955400746565
server  {
   PEAP: Setting User-Name to tee
Sending tunneled request
     EAP-Message = 
0x020a003e1a020a003931d5f758f1aeada35c250ccbf62fdedb1200000000000000001d3c61fd341515c0c945528dc1af927b453748b44030955400746565
     FreeRADIUS-Proxied-To = 127.0.0.1
     User-Name = "tee"
     State = 0x84e0dc4b84eac6443eb91adc9df1aaf2
server inner-tunnel {
SYNOUserGet failed. [0x1D00 user_db_get.c:63]
# Executing section authorize from file 
/usr/local/synoradius/rad_site_inn_local
+- entering group authorize {...}
++[chap] returns noop
++[mschap] returns noop
++[unix] returns notfound
[suffix] No '@' in User-Name = "tee", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
++[control] returns noop
[eap] EAP packet type response id 10 length 62
[eap] No EAP Start, assuming it's an on-going EAP conversation
++[eap] returns updated
++[files] returns noop
++[smbpasswd] returns notfound
++[expiration] returns noop
++[logintime] returns noop
++[pap] returns noop
[sql]     expand: %{User-Name} -> tee
[sql] sql_set_user escaped user --> 'tee'
rlm_sql (sql): Reserving sql socket id: 4
[sql]     expand: SELECT id, username, attribute, value, op           
FROM radcheck           WHERE username = '%{SQL-User-Name}'           
ORDER BY id -> SELECT id, username, attribute, value, op           FROM 
radcheck           WHERE username = 'tee'           ORDER BY id
rlm_sql_mysql: query:  SELECT id, username, attribute, value, 
op           FROM radcheck           WHERE username = 'tee'           
ORDER BY id
[sql] User found in radcheck table
[sql]     expand: SELECT id, username, attribute, value, op           
FROM radreply           WHERE username = '%{SQL-User-Name}'           
ORDER BY id -> SELECT id, username, attribute, value, op           FROM 
radreply           WHERE username = 'tee'           ORDER BY id
rlm_sql_mysql: query:  SELECT id, username, attribute, value, 
op           FROM radreply           WHERE username = 'tee'           
ORDER BY id
[sql]     expand: SELECT groupname           FROM radusergroup           
WHERE username = '%{SQL-User-Name}' ORDER BY priority -> SELECT 
groupname           FROM radusergroup           WHERE username = 
'tee'           ORDER BY priority
rlm_sql_mysql: query:  SELECT groupname           FROM 
radusergroup           WHERE username = 'tee'           ORDER BY priority
rlm_sql (sql): Released sql socket id: 4
++[sql] returns ok
WARNING: You set Proxy-To-Realm = LOCAL, but the realm does not exist!  
Cancelling invalid proxy request.
Found Auth-Type = EAP
# Executing group from file /usr/local/synoradius/rad_site_inn_local
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/mschapv2
[eap] processing type mschapv2
[mschapv2] # Executing group from file 
/usr/local/synoradius/rad_site_inn_local
[mschapv2] +- entering group MS-CHAP {...}
[mschap] Creating challenge hash with username: tee
[mschap] Told to do MS-CHAPv2 for tee with NT-Password
[mschap] adding MS-CHAPv2 MPPE keys
++[mschap] returns ok
MSCHAP Success
++[eap] returns handled
} # server inner-tunnel
[peap] Got tunneled reply code 11
     EAP-Message = 
0x010b00331a030a002e533d32454434413437374342463839453230343834304331374634463043353430354332304645444245
     Message-Authenticator = 0x00000000000000000000000000000000
     State = 0x84e0dc4b85ebc6443eb91adc9df1aaf2
[peap] Got tunneled reply RADIUS code 11
     EAP-Message = 
0x010b00331a030a002e533d32454434413437374342463839453230343834304331374634463043353430354332304645444245
     Message-Authenticator = 0x00000000000000000000000000000000
     State = 0x84e0dc4b85ebc6443eb91adc9df1aaf2
[peap] Got tunneled Access-Challenge
++[eap] returns handled
Sending Access-Challenge of id 10 to 192.168.178.25 port 32896
     EAP-Message = 
0x010b005b1900170301005020edf875c62bb996bc491fcb19c1123e1096f555e9ba6ee0f34c057c5c4c3e2211b14d6c3a1ee5d7ab2640d0745727308bcfd4cfdfa2e35da333788efc3c56999be2ef703b63f5c41dc1fb594803acf6
     Message-Authenticator = 0x00000000000000000000000000000000
     State = 0x80f6878588fd9e56ed034e3134225de2
Finished request 8.
Going to the next request
Waking up in 4.7 seconds.
rad_recv: Access-Request packet from host 192.168.178.25 port 32897, 
id=11, length=238
     User-Name = "tee"
     NAS-IP-Address = 0.0.0.0
     Called-Station-Id = "7C-4F-B5-FE-BD-14:SEHR_GEHEIM"
     Calling-Station-Id = "14-89-FD-DA-ED-19"
     NAS-Identifier = "BOSS-SYNOLOGY"
     NAS-Port = 29
     Service-Type = Framed-User
     Framed-MTU = 1400
     NAS-Port-Type = Wireless-802.11
     State = 0x80f6878588fd9e56ed034e3134225de2
     EAP-Message = 
0x020b0050190017030100207d3776e8c3c71e5d5abf3b53d0169beea9e8992f69e2e0bcd672964a460e841617030100206780143ad9c9892791d2440461e354dc14baf8e535682315095dfea3ecd6b3a1
     Message-Authenticator = 0x4977fb9bef33eaa2d73876471b3a527c
SYNOUserGet failed. [0x1D00 user_db_get.c:63]
# Executing section authorize from file 
/usr/local/synoradius/rad_site_def_local
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
++[digest] returns noop
[suffix] No '@' in User-Name = "tee", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] EAP packet type response id 11 length 80
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
# Executing group from file /usr/local/synoradius/rad_site_def_local
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
[peap] eaptls_verify returned 7
[peap] Done initial handshake
[peap] eaptls_process returned 7
[peap] EAPTLS_OK
[peap] Session established.  Decoding tunneled attributes.
[peap] Peap state phase2
[peap] EAP type mschapv2
[peap] Got tunneled request
     EAP-Message = 0x020b00061a03
server  {
   PEAP: Setting User-Name to tee
Sending tunneled request
     EAP-Message = 0x020b00061a03
     FreeRADIUS-Proxied-To = 127.0.0.1
     User-Name = "tee"
     State = 0x84e0dc4b85ebc6443eb91adc9df1aaf2
server inner-tunnel {
SYNOUserGet failed. [0x1D00 user_db_get.c:63]
# Executing section authorize from file 
/usr/local/synoradius/rad_site_inn_local
+- entering group authorize {...}
++[chap] returns noop
++[mschap] returns noop
++[unix] returns notfound
[suffix] No '@' in User-Name = "tee", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
++[control] returns noop
[eap] EAP packet type response id 11 length 6
[eap] No EAP Start, assuming it's an on-going EAP conversation
++[eap] returns updated
++[files] returns noop
++[smbpasswd] returns notfound
++[expiration] returns noop
++[logintime] returns noop
++[pap] returns noop
[sql]     expand: %{User-Name} -> tee
[sql] sql_set_user escaped user --> 'tee'
rlm_sql (sql): Reserving sql socket id: 3
[sql]     expand: SELECT id, username, attribute, value, op           
FROM radcheck           WHERE username = '%{SQL-User-Name}'           
ORDER BY id -> SELECT id, username, attribute, value, op           FROM 
radcheck           WHERE username = 'tee'           ORDER BY id
rlm_sql_mysql: query:  SELECT id, username, attribute, value, 
op           FROM radcheck           WHERE username = 'tee'           
ORDER BY id
[sql] User found in radcheck table
[sql]     expand: SELECT id, username, attribute, value, op           
FROM radreply           WHERE username = '%{SQL-User-Name}'           
ORDER BY id -> SELECT id, username, attribute, value, op           FROM 
radreply           WHERE username = 'tee'           ORDER BY id
rlm_sql_mysql: query:  SELECT id, username, attribute, value, 
op           FROM radreply           WHERE username = 'tee'           
ORDER BY id
[sql]     expand: SELECT groupname           FROM radusergroup           
WHERE username = '%{SQL-User-Name}' ORDER BY priority -> SELECT 
groupname           FROM radusergroup           WHERE username = 
'tee'           ORDER BY priority
rlm_sql_mysql: query:  SELECT groupname           FROM 
radusergroup           WHERE username = 'tee'           ORDER BY priority
rlm_sql (sql): Released sql socket id: 3
++[sql] returns ok
WARNING: You set Proxy-To-Realm = LOCAL, but the realm does not exist!  
Cancelling invalid proxy request.
Found Auth-Type = EAP
# Executing group from file /usr/local/synoradius/rad_site_inn_local
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/mschapv2
[eap] processing type mschapv2
[eap] Freeing handler
++[eap] returns ok
Login OK: [tee] (from client EASYBOX port 0 via TLS tunnel)
   WARNING: Empty post-auth section.  Using default return values.
# Executing section post-auth from file 
/usr/local/synoradius/rad_site_inn_local
} # server inner-tunnel
[peap] Got tunneled reply code 2
     MS-MPPE-Encryption-Policy = 0x00000001
     MS-MPPE-Encryption-Types = 0x00000006
     MS-MPPE-Send-Key = 0x40d8b3413d25f4013c2a3ae154c437ac
     MS-MPPE-Recv-Key = 0xf5a477c13c1244e08cd8f0d853c4865e
     EAP-Message = 0x030b0004
     Message-Authenticator = 0x00000000000000000000000000000000
     User-Name = "tee"
[peap] Got tunneled reply RADIUS code 2
     MS-MPPE-Encryption-Policy = 0x00000001
     MS-MPPE-Encryption-Types = 0x00000006
     MS-MPPE-Send-Key = 0x40d8b3413d25f4013c2a3ae154c437ac
     MS-MPPE-Recv-Key = 0xf5a477c13c1244e08cd8f0d853c4865e
     EAP-Message = 0x030b0004
     Message-Authenticator = 0x00000000000000000000000000000000
     User-Name = "tee"
[peap] Tunneled authentication was successful.
[peap] SUCCESS
++[eap] returns handled
Sending Access-Challenge of id 11 to 192.168.178.25 port 32897
     EAP-Message = 
0x010c002b190017030100209b99f254f989d6a0e266af1df740bfd7f858aa9be34ded07ca32eea655c957d9
     Message-Authenticator = 0x00000000000000000000000000000000
     State = 0x80f6878589fa9e56ed034e3134225de2
Finished request 9.
Going to the next request
Waking up in 4.7 seconds.
rad_recv: Access-Request packet from host 192.168.178.25 port 32898, 
id=12, length=238
     User-Name = "tee"
     NAS-IP-Address = 0.0.0.0
     Called-Station-Id = "7C-4F-B5-FE-BD-14:SEHR_GEHEIM"
     Calling-Station-Id = "14-89-FD-DA-ED-19"
     NAS-Identifier = "BOSS-SYNOLOGY"
     NAS-Port = 29
     Service-Type = Framed-User
     Framed-MTU = 1400
     NAS-Port-Type = Wireless-802.11
     State = 0x80f6878589fa9e56ed034e3134225de2
     EAP-Message = 
0x020c0050190017030100203457dd4974e320f48bb2ea9959f91a702adc65898bb24317aca624fc47854c43170301002011476f7edc9a493c77d431caf59a5d613cf8bfc339c4c150ca2381ca5e7191ba
     Message-Authenticator = 0x00f7c3ad38840def38f7aa0c62632bbc
SYNOUserGet failed. [0x1D00 user_db_get.c:63]
# Executing section authorize from file 
/usr/local/synoradius/rad_site_def_local
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
++[digest] returns noop
[suffix] No '@' in User-Name = "tee", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] EAP packet type response id 12 length 80
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
# Executing group from file /usr/local/synoradius/rad_site_def_local
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
[peap] eaptls_verify returned 7
[peap] Done initial handshake
[peap] eaptls_process returned 7
[peap] EAPTLS_OK
[peap] Session established.  Decoding tunneled attributes.
[peap] Peap state send tlv success
[peap] Received EAP-TLV response.
[peap] Success
[eap] Freeing handler
++[eap] returns ok
Login OK: [tee] (from client EASYBOX port 29 cli 14-89-FD-DA-ED-19)
# Executing section post-auth from file 
/usr/local/synoradius/rad_site_def_local
+- entering group post-auth {...}
++[exec] returns noop
Sending Access-Accept of id 12 to 192.168.178.25 port 32898
     MS-MPPE-Recv-Key = 
0xe3cd1d3d8847bb78c279ac58d6e6c42cdaebdc4c82cb41b506ee08c319b6b748
     MS-MPPE-Send-Key = 
0x24cef9cb1a537db7be194b7dd4465ad0a374a79a30926c05f1e8e549b0ca92d9
     EAP-Message = 0x030c0004
     Message-Authenticator = 0x00000000000000000000000000000000
     User-Name = "tee"
Finished request 10.
Going to the next request
Waking up in 4.6 seconds.
Cleaning up request 0 ID 2 with timestamp +39
Cleaning up request 1 ID 3 with timestamp +39
Cleaning up request 2 ID 4 with timestamp +39
Cleaning up request 3 ID 5 with timestamp +39
Cleaning up request 4 ID 6 with timestamp +39
Cleaning up request 5 ID 7 with timestamp +39
Cleaning up request 6 ID 8 with timestamp +39
Cleaning up request 7 ID 9 with timestamp +39
Cleaning up request 8 ID 10 with timestamp +39
Cleaning up request 9 ID 11 with timestamp +39
Cleaning up request 10 ID 12 with timestamp +40
Ready to process requests.



More information about the Freeradius-Users mailing list