Class Attribute Missing for Anonymous Users
Selahattin Cilek
selahattin_cilek at hotmail.com
Sat Sep 23 07:16:33 CEST 2017
On 21.09.2017 23:06, Alan DeKok wrote:
> On Sep 21, 2017, at 3:31 PM, Selahattin Cilek <selahattin_cilek at hotmail.com> wrote:
>> I use FreeRADIUS 3.0.15 and for some strange reason, the Unifi APs
>> refuse to append the Class attribute for those users that use anonymous
>> identity.
>>
>> Here are 4 accounting packets that were generated by the same UAP for
>> the same user. When she does not use anonymous identity, we see the
>> Class attribute. But when she *does* use anonymous identity, the Class
>> attribute goes missing:
> That's not good.
>
>> I think the UAP is trying to protect the user's privacy and I hate that.
> It's not supposed to be smart. It's supposed to do what the RADIUS server tells it to do.
>
>> I will definitely get in touch with Ubnt and ask them to change this
>> behaviour.
> That's the best approach.
>
>> But is there anything I can do on the FreeRADIUS server to
>> make sure that the Class attribute is present in all accounting packets?
> No. The AP creates the accounting packets. No amount of poking FreeRADIUS will fix a broken AP.
>
> Alan DeKok.
>
>
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
I installed FreeRADIUS 2.2.9 and copied the configuration of a running
site and ran some tests. I am afraid that does not happen with
FreeRADIUS 2.2.9. So I believe it has something to do with the
configuration of FreeRADIUS 3.0.15.
Module: Linked to module rlm_mschap
Module: Instantiating module "mschap" from file
/usr/local/etc/raddb/modules/mschap
mschap {
use_mppe = yes
require_encryption = no
require_strong = no
with_ntdomain_hack = yes
allow_retry = yes
}
Module: Instantiating module "motp" from file
/usr/local/etc/raddb/modules/motp
exec motp {
wait = yes
program = "/usr/local/bin/bash
/usr/local/etc/raddb/scripts/otpverify.sh %{request:User-Name}
%{request:User-Password} %{reply:MOTP-Init-Secret} %{rep
ly:MOTP-PIN} %{reply:MOTP-Offset}"
input_pairs = "request"
shell_escape = yes
}
Module: Linked to module rlm_digest
Module: Instantiating module "digest" from file
/usr/local/etc/raddb/modules/digest
Module: Linked to module rlm_unix
Module: Instantiating module "unix" from file
/usr/local/etc/raddb/modules/unix
unix {
radwtmp = "/var/log/radwtmp"
}
Module: Linked to module rlm_eap
Module: Instantiating module "eap" from file /usr/local/etc/raddb/eap.conf
eap {
default_eap_type = "ttls"
timer_expire = 60
ignore_unknown_eap_types = no
cisco_accounting_username_bug = no
max_sessions = 4096
}
Module: Linked to sub-module rlm_eap_tls
Module: Instantiating eap-tls
tls {
rsa_key_exchange = no
dh_key_exchange = yes
rsa_key_length = 512
dh_key_length = 512
verify_depth = 0
CA_path = "/usr/local/etc/raddb/certs"
pem_file_type = yes
private_key_file = "/usr/local/etc/raddb/certs/server_key.pem"
certificate_file = "/usr/local/etc/raddb/certs/server_cert.pem"
CA_file = "/usr/local/etc/raddb/certs/ca_cert.pem"
dh_file = "/usr/local/etc/raddb/certs/dh"
random_file = "/usr/local/etc/raddb/certs/random"
fragment_size = 1024
include_length = yes
check_crl = no
check_all_crl = no
cipher_list = "DEFAULT"
ecdh_curve = "prime256v1"
cache {
enable = no
lifetime = 24
max_entries = 255
}
verify {
}
ocsp {
enable = no
override_cert_url = no
url = "http://127.0.0.1/ocsp/"
use_nonce = yes
timeout = 0
softfail = no
}
}
Module: Linked to sub-module rlm_eap_ttls
Module: Instantiating eap-ttls
ttls {
default_eap_type = "tls"
copy_request_to_tunnel = yes
use_tunneled_reply = yes
include_length = yes
}
Module: Linked to sub-module rlm_eap_peap
Module: Instantiating eap-peap
peap {
default_eap_type = "tls"
copy_request_to_tunnel = yes
use_tunneled_reply = yes
proxy_tunneled_request_as_eap = yes
soh = no
}
Module: Linked to sub-module rlm_eap_mschapv2
Module: Instantiating eap-mschapv2
mschapv2 {
with_ntdomain_hack = no
send_error = no
}
Module: Checking authorize {...} for more modules to load
Module: Linked to module rlm_preprocess
Module: Instantiating module "preprocess" from file
/usr/local/etc/raddb/modules/preprocess
preprocess {
huntgroups = "/usr/local/etc/raddb/huntgroups"
hints = "/usr/local/etc/raddb/hints"
with_ascend_hack = no
ascend_channels_per_line = 23
with_ntdomain_hack = no
with_specialix_jetstream_hack = no
with_cisco_vsa_hack = no
with_alvarion_vsa_hack = no
}
reading pairlist file /usr/local/etc/raddb/huntgroups
reading pairlist file /usr/local/etc/raddb/hints
Module: Linked to module rlm_realm
Module: Instantiating module "suffix" from file
/usr/local/etc/raddb/modules/realm
realm suffix {
format = "suffix"
delimiter = "@"
ignore_default = no
ignore_null = yes
}
Module: Instantiating module "ntdomain" from file
/usr/local/etc/raddb/modules/realm
realm ntdomain {
format = "prefix"
delimiter = "\"
ignore_default = no
ignore_null = yes
}
Module: Linked to module rlm_files
Module: Instantiating module "files" from file
/usr/local/etc/raddb/modules/files
files {
usersfile = "/usr/local/etc/raddb/users"
acctusersfile = "/usr/local/etc/raddb/acct_users"
preproxy_usersfile = "/usr/local/etc/raddb/preproxy_users"
compat = "no"
}
reading pairlist file /usr/local/etc/raddb/users
reading pairlist file /usr/local/etc/raddb/acct_users
reading pairlist file /usr/local/etc/raddb/preproxy_users
Module: Linked to module rlm_sql
Module: Instantiating module "sql" from file /usr/local/etc/raddb/sql.conf
sql {
driver = "rlm_sql_mysql"
server = "localhost"
port = "3306"
login = "raduser"
password = "0000"
radius_db = "raddb"
read_groups = yes
sqltrace = no
sqltracefile = "/var/log/sqltrace.sql"
readclients = yes
deletestalesessions = yes
num_sql_socks = 5
lifetime = 0
max_queries = 0
sql_user_name = "%{User-Name}"
default_user_profile = ""
nas_query = "CALL load_clients()"
authorize_check_query = "CALL authorize_check('%{SQL-User-Name}')"
authorize_reply_query = "CALL authorize_reply('%{SQL-User-Name}')"
authorize_group_check_query = "CALL
authorize_group_check('%{Sql-Group}')"
authorize_group_reply_query = "CALL
authorize_group_reply('%{Sql-Group}')"
accounting_onoff_query = "CALL accounting_on_off
('%{Acct-Status-Type}' , '%{Called-Station-Id}')"
accounting_update_query = "CALL accounting_update
('%{Acct-Session-Id}','%{Called-Station-Id}','%{Calling-Station-Id}','%{Acct-Session-Time}','%{Acct-
Input-Octets}','%{Acct-Input-Gigawords}','%{Acct-Output-Octets}','%{Acct-Output-Gigawords}')"
accounting_update_query_alt = "CALL accounting_update
('%{Acct-Session-Id}','%{Called-Station-Id}','%{Calling-Station-Id}','%{Acct-Session-Time}','%{A
cct-Input-Octets}','%{Acct-Input-Gigawords}','%{Acct-Output-Octets}','%{Acct-Output-Gigawords}')"
accounting_start_query = "CALL accounting_start
('%{Acct-Session-Id}','%{SQL-User-Name}','%{Class}','%{NAS-IP-Address}','%{Called-Station-Id}','%{Call
ing-Station-Id}')"
accounting_start_query_alt = "CALL accounting_start
('%{Acct-Session-Id}','%{SQL-User-Name}','%{Class}','%{NAS-IP-Address}','%{Called-Station-Id}','%{
Calling-Station-Id}')"
accounting_stop_query = "CALL accounting_stop
('%{Acct-Session-Id}','%{SQL-User-Name}','%{Called-Station-Id}','%{Calling-Station-Id}','%{Acct-Session-
Time}','%{Acct-Input-Octets}','%{Acct-Input-Gigawords}','%{Acct-Output-Octets}','%{Acct-Output-Gigawords}','%{Acct-Terminate-Cause}')"
accounting_stop_query_alt = "CALL accounting_stop
('%{Acct-Session-Id}','%{SQL-User-Name}','%{Called-Station-Id}','%{Calling-Station-Id}','%{Acct-Sess
ion-Time}','%{Acct-Input-Octets}','%{Acct-Input-Gigawords}','%{Acct-Output-Octets}','%{Acct-Output-Gigawords}','%{Acct-Terminate-Cause}')"
group_membership_query = "CALL
group_membership('%{SQL-User-Name}')"
connect_failure_retry_delay = 60
simul_count_query = "CALL simul_count('%{SQL-User-Name}')"
simul_verify_query = ""
postauth_query = ""
safe-characters =
"@abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789.-_: /"
}
rlm_sql (sql): Driver rlm_sql_mysql (module rlm_sql_mysql) loaded and linked
rlm_sql (sql): Attempting to connect to raduser at localhost:3306/raddb
rlm_sql (sql): starting 0
rlm_sql (sql): Attempting to connect rlm_sql_mysql #0
rlm_sql_mysql: Starting connect to MySQL server for #0
rlm_sql (sql): Connected new DB handle, #0
rlm_sql (sql): starting 1
rlm_sql (sql): Attempting to connect rlm_sql_mysql #1
rlm_sql_mysql: Starting connect to MySQL server for #1
rlm_sql (sql): Connected new DB handle, #1
rlm_sql (sql): starting 2
rlm_sql (sql): Attempting to connect rlm_sql_mysql #2
rlm_sql_mysql: Starting connect to MySQL server for #2
rlm_sql (sql): Connected new DB handle, #2
rlm_sql (sql): starting 3
rlm_sql (sql): Attempting to connect rlm_sql_mysql #3
rlm_sql_mysql: Starting connect to MySQL server for #3
rlm_sql (sql): Connected new DB handle, #3
rlm_sql (sql): starting 4
rlm_sql (sql): Attempting to connect rlm_sql_mysql #4
rlm_sql_mysql: Starting connect to MySQL server for #4
rlm_sql (sql): Connected new DB handle, #4
rlm_sql (sql): Processing generate_sql_clients
rlm_sql (sql) in generate_sql_clients: query is CALL load_clients()
rlm_sql (sql): Reserving sql socket id: 4
rlm_sql (sql): Read entry nasname=192.168.0.4,shortname=HOME_AP,secret=0000
rlm_sql (sql): Adding client 192.168.0.4 (HOME_AP, server=<none>) to
clients list
rlm_sql (sql): Released sql socket id: 4
Module: Linked to module rlm_checkval
Module: Instantiating module "checkval" from file
/usr/local/etc/raddb/modules/checkval
checkval {
item-name = "Calling-Station-Id"
check-name = "Calling-Station-Id"
data-type = "string"
notfound-reject = no
}
rlm_checkval: Registered name Calling-Station-Id for attribute 31
Module: Checking preacct {...} for more modules to load
Module: Checking accounting {...} for more modules to load
Module: Linked to module rlm_detail
Module: Instantiating module "detail" from file
/usr/local/etc/raddb/modules/detail
detail {
detailfile =
"/var/log/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/detail_%Y_%m_%d"
header = "%t"
detailperm = 384
dirperm = 493
locking = no
log_packet_header = no
escape_filenames = no
}
Module: Instantiating module "datacounterdaily" from file
/usr/local/etc/raddb/modules/datacounter_acct
exec datacounterdaily {
wait = no
program = "/bin/echo hi"
input_pairs = "request"
shell_escape = yes
}
Module: Instantiating module "datacounterweekly" from file
/usr/local/etc/raddb/modules/datacounter_acct
exec datacounterweekly {
wait = no
program = "/bin/echo hi"
input_pairs = "request"
shell_escape = yes
}
Module: Instantiating module "datacountermonthly" from file
/usr/local/etc/raddb/modules/datacounter_acct
exec datacountermonthly {
wait = no
program = "/bin/echo hi"
input_pairs = "request"
shell_escape = yes
}
Module: Instantiating module "datacounterforever" from file
/usr/local/etc/raddb/modules/datacounter_acct
exec datacounterforever {
wait = no
program = "/usr/local/bin/bash
/usr/local/etc/raddb/scripts/datacounter_acct.sh %{request:User-Name}
%{request:Calling-Station-Id} %{request:NAS-IP-Ad
dress} %{request:Class} %{request:Acct-Status-Type}"
input_pairs = "request"
shell_escape = yes
}
Module: Linked to module rlm_attr_filter
Module: Instantiating module "attr_filter.accounting_response" from
file /usr/local/etc/raddb/modules/attr_filter
attr_filter attr_filter.accounting_response {
attrsfile = "/usr/local/etc/raddb/attrs.accounting_response"
key = "%{User-Name}"
relaxed = no
}
reading pairlist file /usr/local/etc/raddb/attrs.accounting_response
Module: Checking session {...} for more modules to load
Module: Checking pre-proxy {...} for more modules to load
Module: Instantiating module "attr_filter.pre-proxy" from file
/usr/local/etc/raddb/modules/attr_filter
attr_filter attr_filter.pre-proxy {
attrsfile = "/usr/local/etc/raddb/attrs.pre-proxy"
key = "%{Realm}"
relaxed = no
}
reading pairlist file /usr/local/etc/raddb/attrs.pre-proxy
Module: Checking post-proxy {...} for more modules to load
Module: Instantiating module "attr_filter.post-proxy" from file
/usr/local/etc/raddb/modules/attr_filter
attr_filter attr_filter.post-proxy {
attrsfile = "/usr/local/etc/raddb/attrs"
key = "%{Realm}"
relaxed = no
}
reading pairlist file /usr/local/etc/raddb/attrs
Module: Checking post-auth {...} for more modules to load
Module: Instantiating module "attr_filter.access_reject" from file
/usr/local/etc/raddb/modules/attr_filter
attr_filter attr_filter.access_reject {
attrsfile = "/usr/local/etc/raddb/attrs.access_reject"
key = "%{User-Name}"
relaxed = no
}
reading pairlist file /usr/local/etc/raddb/attrs.access_reject
} # modules
} # server
radiusd: #### Opening IP addresses and Ports ####
listen {
type = "auth"
ipaddr = 192.168.0.1
port = 1812
}
listen {
type = "acct"
ipaddr = 192.168.0.1
port = 1813
}
Listening on authentication address 192.168.0.1 port 1812
Listening on accounting address 192.168.0.1 port 1813
Listening on proxy address 192.168.0.1 port 1814
Ready to process requests.
rad_recv: Access-Request packet from host 192.168.0.4 port 58586, id=1,
length=169
User-Name = "anonymous"
NAS-Identifier = "802aa8ac1ef9"
NAS-Port = 0
Called-Station-Id = "82-2A-A8-AD-1E-F9:SCILEK.NET"
Calling-Station-Id = "00-26-C6-72-D2-F8"
Framed-MTU = 1400
NAS-Port-Type = Wireless-802.11
Connect-Info = "CONNECT 0Mbps 802.11b"
EAP-Message = 0x0269000e01616e6f6e796d6f7573
Message-Authenticator = 0x6f32e006c6b27ccb58bc8bc78e2e3205
# Executing section authorize from file
/usr/local/etc/raddb/sites-enabled/default
+group authorize {
++[preprocess] = ok
++[digest] = noop
[suffix] No '@' in User-Name = "anonymous", skipping NULL due to config.
++[suffix] = noop
[ntdomain] No '\' in User-Name = "anonymous", skipping NULL due to config.
++[ntdomain] = noop
[eap] EAP packet type response id 105 length 14
[eap] No EAP Start, assuming it's an on-going EAP conversation
++[eap] = updated
++[files] = noop
++policy redundant {
[sql] expand: %{User-Name} -> anonymous
[sql] sql_set_user escaped user --> 'anonymous'
rlm_sql (sql): Reserving sql socket id: 3
[sql] expand: CALL authorize_check('%{SQL-User-Name}') -> CALL
authorize_check('anonymous')
[sql] expand: CALL group_membership('%{SQL-User-Name}') -> CALL
group_membership('anonymous')
rlm_sql (sql): Released sql socket id: 3
[sql] User anonymous not found
+++[sql] = notfound
++} # policy redundant = notfound
rlm_counter: Entering module authorize code
rlm_counter: Could not find Check item value pair
++[daily] = noop
rlm_counter: Entering module authorize code
rlm_counter: Could not find Check item value pair
++[weekly] = noop
rlm_counter: Entering module authorize code
rlm_counter: Could not find Check item value pair
++[monthly] = noop
rlm_counter: Entering module authorize code
rlm_counter: Could not find Check item value pair
++[forever] = noop
rlm_checkval: Item Name: Calling-Station-Id, Value: 00-26-C6-72-D2-F8
rlm_checkval: Could not find attribute named Calling-Station-Id in check
pairs
++[checkval] = notfound
++[expiration] = noop
++[logintime] = noop
[pap] WARNING! No "known good" password found for the user.
Authentication may fail because of this.
++[pap] = noop
+} # group authorize = updated
Found Auth-Type = EAP
# Executing group from file /usr/local/etc/raddb/sites-enabled/default
+group authenticate {
[eap] EAP Identity
[eap] processing type tls
[tls] Initiate
[tls] Start returned 1
++[eap] = handled
+} # group authenticate = handled
Sending Access-Challenge of id 1 to 192.168.0.4 port 58586
EAP-Message = 0x016a00061520
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xb4e4aad6b48ebf06e52e0c33b4e5fbf2
Finished request 0.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 192.168.0.4 port 58586, id=2,
length=229
User-Name = "anonymous"
NAS-Identifier = "802aa8ac1ef9"
NAS-Port = 0
Called-Station-Id = "82-2A-A8-AD-1E-F9:SCILEK.NET"
Calling-Station-Id = "00-26-C6-72-D2-F8"
Framed-MTU = 1400
NAS-Port-Type = Wireless-802.11
Connect-Info = "CONNECT 0Mbps 802.11b"
EAP-Message =
0x026a00381500160301002d01000029030142cf0aea5e88ab95c9cd6c305f61ffe159fd853caed9c07396f71d58332932f8000002000a0100
State = 0xb4e4aad6b48ebf06e52e0c33b4e5fbf2
Message-Authenticator = 0x6c0f70c11638cf5a316b0cd395bad365
# Executing section authorize from file
/usr/local/etc/raddb/sites-enabled/default
+group authorize {
++[preprocess] = ok
++[digest] = noop
[suffix] No '@' in User-Name = "anonymous", skipping NULL due to config.
++[suffix] = noop
[ntdomain] No '\' in User-Name = "anonymous", skipping NULL due to config.
++[ntdomain] = noop
[eap] EAP packet type response id 106 length 56
[eap] Continuing tunnel setup.
++[eap] = ok
+} # group authorize = ok
Found Auth-Type = EAP
# Executing group from file /usr/local/etc/raddb/sites-enabled/default
+group authenticate {
[eap] Request found, released from the list
[eap] EAP/ttls
[eap] processing type ttls
[ttls] Authenticate
[ttls] processing EAP-TLS
[ttls] eaptls_verify returned 7
[ttls] Done initial handshake
[ttls] (other): before/accept initialization
[ttls] TLS_accept: before/accept initialization
[ttls] <<< TLS 1.0 Handshake [length 002d], ClientHello
[ttls] TLS_accept: SSLv3 read client hello A
[ttls] >>> TLS 1.0 Handshake [length 002a], ServerHello
[ttls] TLS_accept: SSLv3 write server hello A
[ttls] >>> TLS 1.0 Handshake [length 09d4], Certificate
[ttls] TLS_accept: SSLv3 write certificate A
[ttls] >>> TLS 1.0 Handshake [length 0004], ServerHelloDone
[ttls] TLS_accept: SSLv3 write server done A
[ttls] TLS_accept: SSLv3 flush data
[ttls] TLS_accept: Need to read more data: SSLv3 read client
certificate A
[ttls] TLS_accept: Need to read more data: SSLv3 read client
certificate A
In SSL Handshake Phase
In SSL Accept mode
[ttls] eaptls_process returned 13
++[eap] = handled
+} # group authenticate = handled
Sending Access-Challenge of id 2 to 192.168.0.4 port 58586
EAP-Message =
0x016b040015c000000a11160301002a020000260301cc599cac1c9998ef1bb2ef491c5ece75006101e1e0cce61e0cb713413823ce4a00000a0016030109d40b0009d000
09cd00051830820514308203fca003020102020101300d06092a864886f70d01010b0500308195310b3009060355040613025553310e300c060355040813055465786173310f300d06035504071306
41757374696e31263024060355040a131d4578616d706c6520436572746966696361746520417574686f726974793120301e06092a864886f70d01090116116365727473406578616d706c652e636f
6d311b301906035504031312667265657261646975732d74656d702d
EAP-Message =
0x6361301e170d3137303733303134313733355a170d3237303732383134313733355a308199310b3009060355040613025553310e300c06035504081305546578617331
0f300d0603550407130641757374696e31263024060355040a131d4578616d706c6520436572746966696361746520417574686f726974793120301e06092a864886f70d0109011611636572747340
6578616d706c652e636f6d311f301d06035504031316667265657261646975732d74656d702d73657276657230820122300d06092a864886f70d01010105000382010f003082010a0282010100ddd5
f66f6f917fc94c6c27ed5e2272405c8c673a3131263b560b62cf2cc1
EAP-Message =
0x06cc35c6aeb5564b2c8760930b7bb6a906ac59032fa6b94ed42b5f6e242f9af92dae3a3ce7b65141402fca918675d370c43784bb54f5ecfdc33b4c0e223ca4f70b0448
428aff1c9dfcd14c1e9e0a220d86707689a32850a7431ae40bb7fd975cd53efdd9b3f29799e3c5ee160f9d7c9ffc8afb6d17a775aff57cf7e90f96512fa13c32346ea12daddab9526cc1362b496e73
5e9b17957cf39a906c83fbe5ef4515bc5b9f69ce61ae2b90d5b4ce4765913cc02d5af73eb76949dc40c2bf5cf97e867b249fdafcfafef27e850e8cef9783a41d218ebc401ae2c24cc33a7b0173980a
470203010001a38201673082016330090603551d1304023000301106
EAP-Message =
0x096086480186f8420101040403020640303306096086480186f842010d042616244f70656e53534c2047656e6572617465642053657276657220436572746966696361
7465301d0603551d0e041604143bccd27850c43399eca9a78deeaece12a07db23f3081c20603551d230481ba3081b780141146326f07c5778d5978fe8a2de29dbefed4d028a1819ba4819830819531
0b3009060355040613025553310e300c060355040813055465786173310f300d0603550407130641757374696e31263024060355040a131d4578616d706c6520436572746966696361746520417574
686f726974793120301e06092a864886f70d01090116116365727473
EAP-Message = 0x406578616d706c652e636f6d
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xb4e4aad6b58fbf06e52e0c33b4e5fbf2
Finished request 1.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 192.168.0.4 port 58586, id=3,
length=179
User-Name = "anonymous"
NAS-Identifier = "802aa8ac1ef9"
NAS-Port = 0
Called-Station-Id = "82-2A-A8-AD-1E-F9:SCILEK.NET"
Calling-Station-Id = "00-26-C6-72-D2-F8"
Framed-MTU = 1400
NAS-Port-Type = Wireless-802.11
Connect-Info = "CONNECT 0Mbps 802.11b"
EAP-Message = 0x026b00061500
State = 0xb4e4aad6b58fbf06e52e0c33b4e5fbf2
Message-Authenticator = 0x2bba9c81e5bad331d4791bcdb1ef4148
# Executing section authorize from file
/usr/local/etc/raddb/sites-enabled/default
+group authorize {
++[preprocess] = ok
++[digest] = noop
[suffix] No '@' in User-Name = "anonymous", skipping NULL due to config.
++[suffix] = noop
[ntdomain] No '\' in User-Name = "anonymous", skipping NULL due to config.
++[ntdomain] = noop
[eap] EAP packet type response id 107 length 6
[eap] Continuing tunnel setup.
++[eap] = ok
+} # group authorize = ok
Found Auth-Type = EAP
# Executing group from file /usr/local/etc/raddb/sites-enabled/default
+group authenticate {
[eap] Request found, released from the list
[eap] EAP/ttls
[eap] processing type ttls
[ttls] Authenticate
[ttls] processing EAP-TLS
[ttls] Received TLS ACK
[ttls] ACK handshake fragment handler
[ttls] eaptls_verify returned 1
[ttls] eaptls_process returned 13
++[eap] = handled
+} # group authenticate = handled
Sending Access-Challenge of id 3 to 192.168.0.4 port 58586
EAP-Message =
0x016c040015c000000a11311b301906035504031312667265657261646975732d74656d702d6361820100301d0603551d250416301406082b0601050507030106082b06
010505080202300b0603551d0f0404030205a0300d06092a864886f70d01010b050003820101003147e47b5eb3976d2548a90a93dc0afe1183c5260799cca812e1ed0892f4bc59475cbd7bf0ee3e46
55c7afb725b7c1f679faeebbaecb2161463532a52c33637ddfee62e11aa141971967655f19adf91b4eb5b366cd42d264feae1d04d5cc5e68cfb962cfb552caf218a306218cc4a5ea5bc29401a72f5f
a658efe97156e4f35158a786f3817f7733b177ae0a2fcf1c08798833
EAP-Message =
0x2d103cb690f842a82b040588366a6755ed81de0a3e5cd12d1417be924d7e98fc2d6a9e4eb08107c25ac05902840ef7d7e5e8a0d2993b69ca0873dd149f5dcc23285521
dd028906a2c4e2ceef8c6b0fd43c1a9f55915b5a02b022100b90abc16125f5b091d626ec9c6b25f62f1a0004af308204ab30820393a003020102020100300d06092a864886f70d01010b0500308195
310b3009060355040613025553310e300c060355040813055465786173310f300d0603550407130641757374696e31263024060355040a131d4578616d706c65204365727469666963617465204175
74686f726974793120301e06092a864886f70d010901161163657274
EAP-Message =
0x73406578616d706c652e636f6d311b301906035504031312667265657261646975732d74656d702d6361301e170d3137303733303134313733355a170d323730373238
3134313733355a308195310b3009060355040613025553310e300c060355040813055465786173310f300d0603550407130641757374696e31263024060355040a131d4578616d706c652043657274
6966696361746520417574686f726974793120301e06092a864886f70d01090116116365727473406578616d706c652e636f6d311b301906035504031312667265657261646975732d74656d702d63
6130820122300d06092a864886f70d01010105000382010f00308201
EAP-Message =
0x0a0282010100d7ed60120b3344c7e822913cd56b439dbbdd3a830d921986cd2dc226fdaea6ad35812c32fe239692addb43f4f8fee8dd6b9b224610611b2dcf79e8febc
50d9daa743b19e6aa485fe488970e262761d5dbf12dfcb690bd65d9a04efd6d8d66f5f5a0985b355a562f8e20c896a912b0ef79754570acec27b656d62c646f5e09c2249f429a3b51566b70cf385b4
bf597d56d261c23149b9bdeacfe438524a33f7041c69bfa73d306e73d669856e9203a527a8c8de0f6a6311b07d0b08d6fbab65e2421f08425c88c8c9d1a8fe0f5c057780ad6128197a2281c9505c72
9e6baf6a1ca287e7fa5ec44940e1ba92019638e59efffa9ae07b75a7
EAP-Message = 0xb4e4bf9850926106ed020301
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xb4e4aad6b688bf06e52e0c33b4e5fbf2
Finished request 2.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 192.168.0.4 port 58586, id=4,
length=179
User-Name = "anonymous"
NAS-Identifier = "802aa8ac1ef9"
NAS-Port = 0
Called-Station-Id = "82-2A-A8-AD-1E-F9:SCILEK.NET"
Calling-Station-Id = "00-26-C6-72-D2-F8"
Framed-MTU = 1400
NAS-Port-Type = Wireless-802.11
Connect-Info = "CONNECT 0Mbps 802.11b"
EAP-Message = 0x026c00061500
State = 0xb4e4aad6b688bf06e52e0c33b4e5fbf2
Message-Authenticator = 0xf6ea48856d66fad97dd4520f114c239a
# Executing section authorize from file
/usr/local/etc/raddb/sites-enabled/default
+group authorize {
++[preprocess] = ok
++[digest] = noop
[suffix] No '@' in User-Name = "anonymous", skipping NULL due to config.
++[suffix] = noop
[ntdomain] No '\' in User-Name = "anonymous", skipping NULL due to config.
++[ntdomain] = noop
[eap] EAP packet type response id 108 length 6
[eap] Continuing tunnel setup.
++[eap] = ok
+} # group authorize = ok
Found Auth-Type = EAP
# Executing group from file /usr/local/etc/raddb/sites-enabled/default
+group authenticate {
[eap] Request found, released from the list
[eap] EAP/ttls
[eap] processing type ttls
[ttls] Authenticate
[ttls] processing EAP-TLS
[ttls] Received TLS ACK
[ttls] ACK handshake fragment handler
[ttls] eaptls_verify returned 1
[ttls] eaptls_process returned 13
++[eap] = handled
+} # group authenticate = handled
Sending Access-Challenge of id 4 to 192.168.0.4 port 58586
EAP-Message =
0x016d022f158000000a110001a38201023081ff301d0603551d0e041604141146326f07c5778d5978fe8a2de29dbefed4d0283081c20603551d230481ba3081b7801411
46326f07c5778d5978fe8a2de29dbefed4d028a1819ba48198308195310b3009060355040613025553310e300c060355040813055465786173310f300d0603550407130641757374696e3126302406
0355040a131d4578616d706c6520436572746966696361746520417574686f726974793120301e06092a864886f70d01090116116365727473406578616d706c652e636f6d311b3019060355040313
12667265657261646975732d74656d702d6361820100300c0603551d
EAP-Message =
0x13040530030101ff300b0603551d0f040403020106300d06092a864886f70d01010b0500038201010041e0078d94ddb8aa76266f78eff1bea1fe843f9051f25a7bda07
1af1c52660eb9bfbb42050e76f952465e5460c75c6fcf1f78139fc793b849d1ace4e08c64ebb670d52aa371b14825948cffbb62b99c464dd7ccb55f17ecbeacebd3ba2109423636b8a4e461a86cb43
01e143a27fdc25011ee292cfa7c7c6fa79cd996544d0f210866079b8cccfbaf3634fb4a7b57525e514da5dd63400aeeb837d2e09ef7f917ad5a2a64ba8a28b3560a4c7fe17dadf9d4f9c98a9acc312
8b6170ff025191886951e17b9d50627c50c2c43d8073b35b57b52ec8
EAP-Message =
0x37f0cff5a87110fc1519e1d7fd66eb0c5f6419ca6e91974a3499bf546ca486c8765b459d018728e245bf900116030100040e000000
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xb4e4aad6b789bf06e52e0c33b4e5fbf2
Finished request 3.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 192.168.0.4 port 58586, id=5,
length=499
User-Name = "anonymous"
NAS-Identifier = "802aa8ac1ef9"
NAS-Port = 0
Called-Station-Id = "82-2A-A8-AD-1E-F9:SCILEK.NET"
Calling-Station-Id = "00-26-C6-72-D2-F8"
Framed-MTU = 1400
NAS-Port-Type = Wireless-802.11
Connect-Info = "CONNECT 0Mbps 802.11b"
EAP-Message =
0x026d014415001603010106100001020100a2567e8f00963ec0e82064a375ecb2492d3a40cdb21fcd3cf802f5a7a9a8b01d927f0182e0869855b8dae16e3d2f14e9045f
4b822a5d8732914005ec5daf364d3ef966301b46153fb8a0a7c477a99bab945a8baaec315e245bd8a9bc84a239707aa56b3b3e6baaab8b6fa509250fb1311bd2b7600014d06269be9261ce9ae2d55c
35abfded59288cfecc054b80d4e875eeaf02278da4c3fc55667660ca0e26a94e043bdb958e927a7fd02e739107de0851317eae4e88e969c28af29c7ff588c1c156ba6f51b711fab2859821e92fff8b
367c750c2e892d92689b0311858333b347e1ab4f4f1e9e57898f4a4d
EAP-Message =
0x238051ca5fd5cc9d2a5659d11575a3b0112a090a1403010001011603010028ef7a4920c4c3c713f84b77cfa15822957cdc6e94cca75134d9c548f3784bab6d1dc22009
4bb47b2a
State = 0xb4e4aad6b789bf06e52e0c33b4e5fbf2
Message-Authenticator = 0x90611aec292e409758bab4236eb791e9
# Executing section authorize from file
/usr/local/etc/raddb/sites-enabled/default
+group authorize {
++[preprocess] = ok
++[digest] = noop
[suffix] No '@' in User-Name = "anonymous", skipping NULL due to config.
++[suffix] = noop
[ntdomain] No '\' in User-Name = "anonymous", skipping NULL due to config.
++[ntdomain] = noop
[eap] EAP packet type response id 109 length 253
[eap] Continuing tunnel setup.
++[eap] = ok
+} # group authorize = ok
Found Auth-Type = EAP
# Executing group from file /usr/local/etc/raddb/sites-enabled/default
+group authenticate {
[eap] Request found, released from the list
[eap] EAP/ttls
[eap] processing type ttls
[ttls] Authenticate
[ttls] processing EAP-TLS
[ttls] eaptls_verify returned 7
[ttls] Done initial handshake
[ttls] <<< TLS 1.0 Handshake [length 0106], ClientKeyExchange
[ttls] TLS_accept: SSLv3 read client key exchange A
[ttls] TLS_accept: SSLv3 read certificate verify A
[ttls] <<< TLS 1.0 ChangeCipherSpec [length 0001]
[ttls] <<< TLS 1.0 Handshake [length 0010], Finished
[ttls] TLS_accept: SSLv3 read finished A
[ttls] >>> TLS 1.0 ChangeCipherSpec [length 0001]
[ttls] TLS_accept: SSLv3 write change cipher spec A
[ttls] >>> TLS 1.0 Handshake [length 0010], Finished
[ttls] TLS_accept: SSLv3 write finished A
[ttls] TLS_accept: SSLv3 flush data
[ttls] (other): SSL negotiation finished successfully
SSL Connection Established
[ttls] eaptls_process returned 13
++[eap] = handled
+} # group authenticate = handled
Sending Access-Challenge of id 5 to 192.168.0.4 port 58586
EAP-Message =
0x016e003d158000000033140301000101160301002893952457d51f458aa7d6a68db5db3edb2cbcc07daff3cada6eaca13f3465ff559ac90b8f7b86c912
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xb4e4aad6b08abf06e52e0c33b4e5fbf2
Finished request 4.
Going to the next request
Waking up in 4.6 seconds.
rad_recv: Access-Request packet from host 192.168.0.4 port 58586, id=6,
length=240
User-Name = "anonymous"
NAS-Identifier = "802aa8ac1ef9"
NAS-Port = 0
Called-Station-Id = "82-2A-A8-AD-1E-F9:SCILEK.NET"
Calling-Station-Id = "00-26-C6-72-D2-F8"
Framed-MTU = 1400
NAS-Port-Type = Wireless-802.11
Connect-Info = "CONNECT 0Mbps 802.11b"
EAP-Message =
0x026e0043150017030100389be64fff33167a8a251fdfb1a94fdaeffc8c379238e4f891c7d403f0af446b92d0ee78a4ee219f9cc9f89f5c04847513f68b63e8ea07aea5
State = 0xb4e4aad6b08abf06e52e0c33b4e5fbf2
Message-Authenticator = 0x0e91867bde1f5e4cb7ab6fcadb7c193e
# Executing section authorize from file
/usr/local/etc/raddb/sites-enabled/default
+group authorize {
++[preprocess] = ok
++[digest] = noop
[suffix] No '@' in User-Name = "anonymous", skipping NULL due to config.
++[suffix] = noop
[ntdomain] No '\' in User-Name = "anonymous", skipping NULL due to config.
++[ntdomain] = noop
[eap] EAP packet type response id 110 length 67
[eap] Continuing tunnel setup.
++[eap] = ok
+} # group authorize = ok
Found Auth-Type = EAP
# Executing group from file /usr/local/etc/raddb/sites-enabled/default
+group authenticate {
[eap] Request found, released from the list
[eap] EAP/ttls
[eap] processing type ttls
[ttls] Authenticate
[ttls] processing EAP-TLS
[ttls] eaptls_verify returned 7
[ttls] Done initial handshake
[ttls] eaptls_process returned 7
[ttls] Session established. Proceeding to decode tunneled attributes.
[ttls] Got tunneled request
User-Name = "scilek"
User-Password = "0000"
FreeRADIUS-Proxied-To = 127.0.0.1
[ttls] Sending tunneled request
User-Name = "scilek"
User-Password = "0000"
FreeRADIUS-Proxied-To = 127.0.0.1
NAS-Identifier = "802aa8ac1ef9"
NAS-Port = 0
Called-Station-Id = "82-2A-A8-AD-1E-F9:SCILEK.NET"
Calling-Station-Id = "00-26-C6-72-D2-F8"
Framed-MTU = 1400
NAS-Port-Type = Wireless-802.11
Connect-Info = "CONNECT 0Mbps 802.11b"
NAS-IP-Address = 192.168.0.4
server {
# Executing section authorize from file
/usr/local/etc/raddb/sites-enabled/default
+group authorize {
++[preprocess] = ok
++[digest] = noop
[suffix] No '@' in User-Name = "scilek", skipping NULL due to config.
++[suffix] = noop
[ntdomain] No '\' in User-Name = "scilek", skipping NULL due to config.
++[ntdomain] = noop
[eap] No EAP-Message, not doing EAP
++[eap] = noop
++[files] = noop
++policy redundant {
[sql] expand: %{User-Name} -> scilek
[sql] sql_set_user escaped user --> 'scilek'
rlm_sql (sql): Reserving sql socket id: 2
[sql] expand: CALL authorize_check('%{SQL-User-Name}') -> CALL
authorize_check('scilek')
[sql] User found in radcheck table
[sql] expand: CALL authorize_reply('%{SQL-User-Name}') -> CALL
authorize_reply('scilek')
[sql] expand: CALL group_membership('%{SQL-User-Name}') -> CALL
group_membership('scilek')
rlm_sql (sql): Released sql socket id: 2
+++[sql] = ok
++} # policy redundant = ok
rlm_counter: Entering module authorize code
rlm_counter: Could not find Check item value pair
++[daily] = noop
rlm_counter: Entering module authorize code
rlm_counter: Could not find Check item value pair
++[weekly] = noop
rlm_counter: Entering module authorize code
rlm_counter: Could not find Check item value pair
++[monthly] = noop
rlm_counter: Entering module authorize code
rlm_counter: Could not find Check item value pair
++[forever] = noop
rlm_checkval: Item Name: Calling-Station-Id, Value: 00-26-C6-72-D2-F8
rlm_checkval: Could not find attribute named Calling-Station-Id in check
pairs
++[checkval] = notfound
++[expiration] = noop
++[logintime] = noop
++[pap] = updated
+} # group authorize = updated
Found Auth-Type = PAP
# Executing group from file /usr/local/etc/raddb/sites-enabled/default
+group PAP {
[pap] login attempt with password "0000"
[pap] Using clear text password "0000"
[pap] User authenticated successfully
++[pap] = ok
+} # group PAP = ok
# Executing section session from file
/usr/local/etc/raddb/sites-enabled/default
+group session {
++policy redundant {
[sql] expand: %{User-Name} -> scilek
[sql] sql_set_user escaped user --> 'scilek'
[sql] expand: CALL simul_count('%{SQL-User-Name}') -> CALL
simul_count('scilek')
rlm_sql (sql): Reserving sql socket id: 1
rlm_sql (sql): Released sql socket id: 1
+++[sql] = ok
++} # policy redundant = ok
+} # group session = ok
expand: ->
Login OK: [scilek] (from client HOME_AP port 0 cli 00-26-C6-72-D2-F8 via
TLS tunnel)
# Executing section post-auth from file
/usr/local/etc/raddb/sites-enabled/default
+group post-auth {
++update reply {
expand: %{User-Name} -> scilek
++} # update reply = noop
Warning: Using a password on the command line interface can be insecure.
Exec output:
[exec] Exec: program returned: 0
++[exec] = ok
+} # group post-auth = ok
} # server
[ttls] Got tunneled reply code Access-Accept
Class = 0x5f7363696c656b
Idle-Timeout = 120
Acct-Interim-Interval = 600
Exec-Program-Wait = "/usr/local/bin/bash
/usr/local/etc/raddb/scripts/datacounter_auth.sh scilek"
User-Name = "scilek"
[ttls] Got tunneled Access-Accept
[eap] Freeing handler
++[eap] = ok
+} # group authenticate = ok
expand: ->
Login OK: [anonymous] (from client HOME_AP port 0 cli 00-26-C6-72-D2-F8)
# Executing section post-auth from file
/usr/local/etc/raddb/sites-enabled/default
+group post-auth {
++update reply {
expand: %{User-Name} -> anonymous
++} # update reply = noop
Warning: Using a password on the command line interface can be insecure.
Exec output:
[exec] Exec: program returned: 0
++[exec] = ok
+} # group post-auth = ok
Sending Access-Accept of id 6 to 192.168.0.4 port 58586
Class = 0x5f7363696c656b
Idle-Timeout = 120
Acct-Interim-Interval = 600
User-Name = "scilek"
MS-MPPE-Recv-Key =
0x2a32e67944b4e75f0a9fcfd85157d957a8b21eb8d6325eb41f90fc3a2017c9be
MS-MPPE-Send-Key =
0x44447512273cc60492a384b34b8feeac525cb064d850920ddf10223b686c0c4e
EAP-Message = 0x036e0004
Message-Authenticator = 0x00000000000000000000000000000000
Finished request 5.
Going to the next request
Waking up in 4.5 seconds.
rad_recv: Accounting-Request packet from host 192.168.0.4 port 44196,
id=7, length=172
Acct-Session-Id = "59C5EC66-00000000"
Acct-Status-Type = Start
Acct-Authentic = RADIUS
User-Name = "scilek"
Framed-IP-Address = 192.168.1.113
NAS-Identifier = "802aa8ac1ef9"
NAS-Port = 0
Called-Station-Id = "82-2A-A8-AD-1E-F9:SCILEK.NET"
Calling-Station-Id = "00-26-C6-72-D2-F8"
NAS-Port-Type = Wireless-802.11
Connect-Info = "CONNECT 0Mbps 802.11b"
Class = 0x5f7363696c656b
# Executing section preacct from file
/usr/local/etc/raddb/sites-enabled/default
+group preacct {
++[preprocess] = ok
++update request {
expand: %{Acct-Session-Time} ->
... expanding second conditional
expand: %{Acct-Delay-Time} ->
... expanding second conditional
expand: %l - %{%{Acct-Session-Time}:-0} -
%{%{Acct-Delay-Time}:-0} -> 1506143408 - 0 - 0
expand: %{expr: %l - %{%{Acct-Session-Time}:-0} -
%{%{Acct-Delay-Time}:-0}} -> 1506143408
++} # update request = noop
[suffix] No '@' in User-Name = "scilek", skipping NULL due to config.
++[suffix] = noop
[ntdomain] No '\' in User-Name = "scilek", skipping NULL due to config.
++[ntdomain] = noop
++[files] = noop
+} # group preacct = ok
# Executing section accounting from file
/usr/local/etc/raddb/sites-enabled/default
+group accounting {
++? if (Acct-Session-Time == 0)
(Attribute Acct-Session-Time was not found)
? Evaluating (Acct-Session-Time == 0) -> FALSE
++? if (Acct-Session-Time == 0) -> FALSE
[detail] expand: %{Packet-Src-IP-Address} -> 192.168.0.4
[detail] expand:
/var/log/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/detail_%Y_%m_%d
-> /var/log/radacct/192.168.0.4/detail_2017_0
9_23
[detail]
/var/log/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/detail_%Y_%m_%d
expands to /var/log/radacct/192.168.0.4/detail_2017_09_23
[detail] expand: %t -> Sat Sep 23 08:10:08 2017
++[detail] = ok
rlm_counter: We only run on Accounting-Stop packets.
++[daily] = noop
rlm_counter: We only run on Accounting-Stop packets.
++[weekly] = noop
rlm_counter: We only run on Accounting-Stop packets.
++[monthly] = noop
rlm_counter: We only run on Accounting-Stop packets.
++[forever] = noop
++? if ((request:Acct-Status-Type == Stop) || (request:Acct-Status-Type
== Interim-Update))
?? Evaluating (request:Acct-Status-Type == Stop) -> FALSE
?? Evaluating (request:Acct-Status-Type == Interim-Update) -> FALSE
++? if ((request:Acct-Status-Type == Stop) || (request:Acct-Status-Type
== Interim-Update)) -> FALSE
++[unix] = ok
++policy redundant {
[sql] expand: %{User-Name} -> scilek
[sql] sql_set_user escaped user --> 'scilek'
[sql] expand: CALL accounting_start
('%{Acct-Session-Id}','%{SQL-User-Name}','%{Class}','%{NAS-IP-Address}','%{Called-Station-Id}','%{Calling-Station-Id}')
-> CALL accounting_start
('59C5EC66-00000000','scilek','0x5f7363696c656b','192.168.0.4','82-2A-A8-AD-1E-F9:SCILEK.NET','00-26-C6-72-D2-F8')
rlm_sql (sql): Reserving sql socket id: 0
rlm_sql (sql): Released sql socket id: 0
+++[sql] = ok
++} # policy redundant = ok
++[exec] = noop
[attr_filter.accounting_response] expand: %{User-Name} -> scilek
attr_filter: Matched entry DEFAULT at line 12
++[attr_filter.accounting_response] = updated
+} # group accounting = updated
Sending Accounting-Response of id 7 to 192.168.0.4 port 44196
Finished request 6.
Cleaning up request 6 ID 7 with timestamp +13
Going to the next request
Waking up in 4.2 seconds.
Cleaning up request 0 ID 1 with timestamp +12
Cleaning up request 1 ID 2 with timestamp +12
Cleaning up request 2 ID 3 with timestamp +12
Cleaning up request 3 ID 4 with timestamp +12
Cleaning up request 4 ID 5 with timestamp +12
Waking up in 0.1 seconds.
Cleaning up request 5 ID 6 with timestamp +12
Ready to process requests.
rad_recv: Accounting-Request packet from host 192.168.0.4 port 44196,
id=8, length=214
Acct-Session-Id = "59C5EC66-00000000"
Acct-Status-Type = Stop
Acct-Authentic = RADIUS
User-Name = "scilek"
Framed-IP-Address = 192.168.1.113
NAS-Identifier = "802aa8ac1ef9"
NAS-Port = 0
Called-Station-Id = "82-2A-A8-AD-1E-F9:SCILEK.NET"
Calling-Station-Id = "00-26-C6-72-D2-F8"
NAS-Port-Type = Wireless-802.11
Connect-Info = "CONNECT 0Mbps 802.11b"
Class = 0x5f7363696c656b
Acct-Session-Time = 62
Acct-Input-Packets = 2198
Acct-Output-Packets = 1981
Acct-Input-Octets = 2995341
Acct-Output-Octets = 2870213
Event-Timestamp = "Sep 23 2017 08:11:11 +03"
Acct-Terminate-Cause = User-Request
# Executing section preacct from file
/usr/local/etc/raddb/sites-enabled/default
+group preacct {
++[preprocess] = ok
++update request {
expand: %{Acct-Session-Time} -> 62
expand: %{Acct-Delay-Time} ->
... expanding second conditional
expand: %l - %{%{Acct-Session-Time}:-0} -
%{%{Acct-Delay-Time}:-0} -> 1506143469 - 62 - 0
expand: %{expr: %l - %{%{Acct-Session-Time}:-0} -
%{%{Acct-Delay-Time}:-0}} -> 1506143407
++} # update request = noop
[suffix] No '@' in User-Name = "scilek", skipping NULL due to config.
++[suffix] = noop
[ntdomain] No '\' in User-Name = "scilek", skipping NULL due to config.
++[ntdomain] = noop
++[files] = noop
+} # group preacct = ok
# Executing section accounting from file
/usr/local/etc/raddb/sites-enabled/default
+group accounting {
++? if (Acct-Session-Time == 0)
? Evaluating (Acct-Session-Time == 0) -> FALSE
++? if (Acct-Session-Time == 0) -> FALSE
[detail] expand: %{Packet-Src-IP-Address} -> 192.168.0.4
[detail] expand:
/var/log/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/detail_%Y_%m_%d
-> /var/log/radacct/192.168.0.4/detail_2017_0
9_23
[detail]
/var/log/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/detail_%Y_%m_%d
expands to /var/log/radacct/192.168.0.4/detail_2017_09_23
[detail] expand: %t -> Sat Sep 23 08:11:09 2017
++[detail] = ok
rlm_counter: Searching the database for key 'scilek'
rlm_counter: Could not find the requested key in the database.
rlm_counter: User=scilek, New Counter=62.
rlm_counter: Storing new value in database.
rlm_counter: New value stored successfully.
++[daily] = ok
rlm_counter: Searching the database for key 'scilek'
rlm_counter: Could not find the requested key in the database.
rlm_counter: User=scilek, New Counter=62.
rlm_counter: Storing new value in database.
rlm_counter: New value stored successfully.
++[weekly] = ok
rlm_counter: Searching the database for key 'scilek'
rlm_counter: Could not find the requested key in the database.
rlm_counter: User=scilek, New Counter=62.
rlm_counter: Storing new value in database.
rlm_counter: New value stored successfully.
++[monthly] = ok
rlm_counter: Searching the database for key 'scilek'
rlm_counter: Could not find the requested key in the database.
rlm_counter: User=scilek, New Counter=62.
rlm_counter: Storing new value in database.
rlm_counter: New value stored successfully.
++[forever] = ok
++? if ((request:Acct-Status-Type == Stop) || (request:Acct-Status-Type
== Interim-Update))
?? Evaluating (request:Acct-Status-Type == Stop) -> TRUE
?? Skipping (request:Acct-Status-Type == Interim-Update)
++? if ((request:Acct-Status-Type == Stop) || (request:Acct-Status-Type
== Interim-Update)) -> TRUE
++if ((request:Acct-Status-Type == Stop) || (request:Acct-Status-Type ==
Interim-Update)) {
+++[datacounterdaily] = ok
+++[datacounterweekly] = ok
+++[datacountermonthly] = ok
[datacounterforever] expand: %{request:User-Name} -> scilek
[datacounterforever] expand: %{request:Calling-Station-Id} ->
00-26-C6-72-D2-F8
[datacounterforever] expand: %{request:NAS-IP-Address} -> 192.168.0.4
[datacounterforever] expand: %{request:Class} -> 0x5f7363696c656b
[datacounterforever] expand: %{request:Acct-Status-Type} -> Stop
+++[datacounterforever] = ok
++} # if ((request:Acct-Status-Type == Stop) ||
(request:Acct-Status-Type == Interim-Update)) = ok
++[unix] = ok
++policy redundant {
[sql] expand: %{User-Name} -> scilek
[sql] sql_set_user escaped user --> 'scilek'
[sql] expand: CALL accounting_stop
('%{Acct-Session-Id}','%{SQL-User-Name}','%{Called-Station-Id}','%{Calling-Station-Id}','%{Acct-Session-Time}','%{Acct-In
put-Octets}','%{Acct-Input-Gigawords}','%{Acct-Output-Octets}','%{Acct-Output-Gigawords}','%{Acct-Terminate-Cause}')
-> CALL accounting_stop ('59C5EC66-000000
00','scilek','82-2A-A8-AD-1E-F9:SCILEK.NET','00-26-C6-72-D2-F8','62','2995341','','2870213','','User-Request')
rlm_sql (sql): Reserving sql socket id: 4
rlm_sql (sql): Released sql socket id: 4
+++[sql] = ok
++} # policy redundant = ok
++[exec] = noop
[attr_filter.accounting_response] expand: %{User-Name} -> scilek
attr_filter: Matched entry DEFAULT at line 12
++[attr_filter.accounting_response] = updated
+} # group accounting = updated
Sending Accounting-Response of id 8 to 192.168.0.4 port 44196
Finished request 7.
Cleaning up request 7 ID 8 with timestamp +74
Going to the next request
Ready to process requests.
rad_recv: Accounting-Request packet from host 192.168.0.4 port 44196,
id=0, length=82
Acct-Status-Type = Accounting-On
Acct-Authentic = RADIUS
NAS-Identifier = "802aa8ac1ef9"
Called-Station-Id = "82-2A-A8-AD-1E-F9:SCILEK.NET"
Acct-Terminate-Cause = NAS-Reboot
# Executing section preacct from file
/usr/local/etc/raddb/sites-enabled/default
+group preacct {
++[preprocess] = ok
++update request {
expand: %{Acct-Session-Time} ->
... expanding second conditional
expand: %{Acct-Delay-Time} ->
... expanding second conditional
expand: %l - %{%{Acct-Session-Time}:-0} -
%{%{Acct-Delay-Time}:-0} -> 1506143521 - 0 - 0
expand: %{expr: %l - %{%{Acct-Session-Time}:-0} -
%{%{Acct-Delay-Time}:-0}} -> 1506143521
++} # update request = noop
[suffix] Proxy reply, or no User-Name. Ignoring.
++[suffix] = ok
[ntdomain] Proxy reply, or no User-Name. Ignoring.
++[ntdomain] = ok
++[files] = noop
+} # group preacct = ok
# Executing section accounting from file
/usr/local/etc/raddb/sites-enabled/default
+group accounting {
++? if (Acct-Session-Time == 0)
(Attribute Acct-Session-Time was not found)
? Evaluating (Acct-Session-Time == 0) -> FALSE
++? if (Acct-Session-Time == 0) -> FALSE
[detail] expand: %{Packet-Src-IP-Address} -> 192.168.0.4
[detail] expand:
/var/log/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/detail_%Y_%m_%d
-> /var/log/radacct/192.168.0.4/detail_2017_0
9_23
[detail]
/var/log/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/detail_%Y_%m_%d
expands to /var/log/radacct/192.168.0.4/detail_2017_09_23
[detail] expand: %t -> Sat Sep 23 08:12:01 2017
++[detail] = ok
rlm_counter: We only run on Accounting-Stop packets.
++[daily] = noop
rlm_counter: We only run on Accounting-Stop packets.
++[weekly] = noop
rlm_counter: We only run on Accounting-Stop packets.
++[monthly] = noop
rlm_counter: We only run on Accounting-Stop packets.
++[forever] = noop
++? if ((request:Acct-Status-Type == Stop) || (request:Acct-Status-Type
== Interim-Update))
?? Evaluating (request:Acct-Status-Type == Stop) -> FALSE
?? Evaluating (request:Acct-Status-Type == Interim-Update) -> FALSE
++? if ((request:Acct-Status-Type == Stop) || (request:Acct-Status-Type
== Interim-Update)) -> FALSE
++[unix] = noop
++policy redundant {
[sql] Received Acct On/Off packet
[sql] expand: CALL accounting_on_off ('%{Acct-Status-Type}' ,
'%{Called-Station-Id}') -> CALL accounting_on_off ('Accounting-On' ,
'82-2A-A8-AD-1E-F9:SCILEK
.NET')
rlm_sql (sql): Reserving sql socket id: 3
rlm_sql_mysql: MYSQL check_error: 1305 received
[sql] Couldn't update SQL accounting for Acct On/Off packet - PROCEDURE
raddb.accounting_on_off does not exist
rlm_sql_mysql: MYSQL check_error: 1305 received
rlm_sql_mysql: Cannot store result
rlm_sql_mysql: MySQL error 'PROCEDURE raddb.accounting_on_off does not
exist'
rlm_sql (sql): Released sql socket id: 3
+++[sql] = fail
++} # policy redundant = fail
+} # group accounting = fail
Finished request 8.
Cleaning up request 8 ID 0 with timestamp +126
Going to the next request
Ready to process requests.
---
This email has been checked for viruses by Avast antivirus software.
https://www.avast.com/antivirus
More information about the Freeradius-Users
mailing list