freeRADIUS for switch authentication

Gab Quidilla gbquidilla21 at gmail.com
Mon Jul 8 09:00:22 CEST 2013


Sorry for not including it in the first post, freeradius version used is
the latest in CentOS repo.

The output on the first post is for the web-based login, I forgot that I
only configured it on console login

Here is the output:



Ready to process requests.
rad_recv: Access-Request packet from host 10.141.1.129 port 49154, id=0,
length=91
        User-Name = "md5password"
        User-Password = "qwerty"
        Cisco-AVPair = "shell:priv-lvl=1"
        NAS-IP-Address = 10.141.1.129
        Acct-Session-Id = "05000022"
# Executing section authorize from file /etc/raddb/sites-enabled/default
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
++[digest] returns noop
[suffix] No '@' in User-Name = "md5password", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] No EAP-Message, not doing EAP
++[eap] returns noop
++[files] returns noop
[sql]   expand: %{User-Name} -> md5password
[sql] sql_set_user escaped user --> 'md5password'
rlm_sql (sql): Reserving sql socket id: 3
[sql]   expand: SELECT id, username, attribute, value, op           FROM
radcheck           WHERE username = '%{SQL-User-Name}'           ORDER BY
id -> SELECT id, username, attribute, value, op           FROM
radcheck           WHERE username = 'md5password'           ORDER BY id
[sql] User found in radcheck table
[sql]   expand: SELECT id, username, attribute, value, op           FROM
radreply           WHERE username = '%{SQL-User-Name}'           ORDER BY
id -> SELECT id, username, attribute, value, op           FROM
radreply           WHERE username = 'md5password'           ORDER BY id
[sql]   expand: SELECT groupname           FROM radusergroup
WHERE username = '%{SQL-User-Name}'           ORDER BY priority -> SELECT
groupname           FROM radusergroup           WHERE username =
'md5password'           ORDER BY priority
rlm_sql (sql): Released sql socket id: 3
++[sql] returns ok
++[expiration] returns noop
++[logintime] returns noop
[pap] Normalizing MD5-Password from hex encoding
++[pap] returns updated
Found Auth-Type = PAP
# Executing group from file /etc/raddb/sites-enabled/default
+- entering group PAP {...}
[pap] login attempt with password "qwerty"
[pap] Using MD5 encryption.
[pap] User authenticated successfully
++[pap] returns ok
Login OK: [md5password] (from client MAAX port 0)
# Executing section post-auth from file /etc/raddb/sites-enabled/default
+- entering group post-auth {...}
++[exec] returns noop
Sending Access-Accept of id 0 to 10.141.1.129 port 49154
Finished request 0.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Accounting-Request packet from host 10.141.1.129 port 49154,
id=0, length=88
        User-Name = "md5password"
        NAS-IP-Address = 10.141.1.129
        Called-Station-Id = "10.141.1.129"
        Calling-Station-Id = "10.141.59.3"
        Acct-Status-Type = Start
        Acct-Session-Id = "05000022"
        Acct-Authentic = RADIUS
# Executing section preacct from file /etc/raddb/sites-enabled/default
+- entering group preacct {...}
++[preprocess] returns ok
[acct_unique] WARNING: Attribute NAS-Port was not found in request, unique
ID MAY be inconsistent
[acct_unique] Hashing ',Client-IP-Address = 10.141.1.129,NAS-IP-Address =
10.141.1.129,Acct-Session-Id = "05000022",User-Name = "md5password"'
[acct_unique] Acct-Unique-Session-ID = "ca6b399649f9703b".
++[acct_unique] returns ok
[suffix] No '@' in User-Name = "md5password", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
++[files] returns noop
# Executing section accounting from file /etc/raddb/sites-enabled/default
+- entering group accounting {...}
[detail]        expand: %{Packet-Src-IP-Address} -> 10.141.1.129
[detail]        expand:
/var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/detail-%Y%m%d
-> /var/log/radius/radacct/10.141.1.129/detail-20130708
[detail]
/var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/detail-%Y%m%d
expands to /var/log/radius/radacct/10.141.1.129/detail-20130708
[detail]        expand: %t -> Mon Jul  8 14:55:20 2013
++[detail] returns ok
++[unix] returns noop
[radutmp]       expand: /var/log/radius/radutmp -> /var/log/radius/radutmp
[radutmp]       expand: %{User-Name} -> md5password
  rlm_radutmp: No NAS-Port seen.  Cannot do anything.
  rlm_radumtp: WARNING: checkrad will probably not work!
++[radutmp] returns noop
[sql]   expand: %{User-Name} -> md5password
[sql] sql_set_user escaped user --> 'md5password'
[sql]   expand: %{Acct-Delay-Time} ->
[sql]   ... expanding second conditional
[sql]   expand:            INSERT INTO radacct
(acctsessionid,    acctuniqueid,     username,
realm,            nasipaddress,     nasportid,
nasporttype,      acctstarttime,    acctstoptime,
acctsessiontime,  acctauthentic,    connectinfo_start,
connectinfo_stop, acctinputoctets,  acctoutputoctets,
calledstationid,  callingstationid, acctterminatecause,
servicetype,      framedprotocol,   framedipaddress,
acctstartdelay,   acctstopdelay,    xascendsessionsvrkey)
VALUES             ('%{Acct-Session-Id}',
'%{Acct-Unique-Session-Id}',              '%{SQL-User-Name}',
'%{Realm}', '%{NAS-IP-Address}', '%{NAS-Port}',
'%{NAS-Port-Type}', '%S', NULL,              '0', '%{Acct-Authentic}',
'%{Connect-Info}',              '', '0', '0',
'%{Called-Station-Id}', '%{Calling-Station-Id}', '',
'%{Service-Type}', '%{Framed-Protocol}', '%{Framed-IP-Address}',
rlm_sql (sql): Reserving sql socket id: 2
rlm_sql (sql): Released sql socket id: 2
++[sql] returns ok
++[exec] returns noop
[attr_filter.accounting_response]       expand: %{User-Name} -> md5password
attr_filter: Matched entry DEFAULT at line 12
++[attr_filter.accounting_response] returns updated
Sending Accounting-Response of id 0 to 10.141.1.129 port 49154
Finished request 1.
Cleaning up request 1 ID 0 with timestamp +19
Going to the next request
Waking up in 4.9 seconds.
Cleaning up request 0 ID 0 with timestamp +19
Ready to process requests.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20130708/fbb33099/attachment-0001.html>


More information about the Freeradius-Users mailing list