Freeradius on Ubuntu 19.10

Houman houmie at gmail.com
Thu Dec 19 13:23:09 CET 2019


Hello,

I'll be trying the latest Freeradius on Ubuntu 19.10 and I can't seem to be
able to connect.

Can someone please help me? Something seems to have changed.

Many Thanks,

(4) Received Access-Request Id 128 from 127.0.0.1:48822 to 127.0.0.1:1812
length 157

(4)   User-Name = "houman"

(4)   NAS-Port-Type = Virtual

(4)   Service-Type = Framed-User

(4)   NAS-Port = 3

(4)   NAS-Port-Id = "X-1"

(4)   NAS-IP-Address = 172.31.20.12

(4)   Called-Station-Id = "172.31.20.12[4500]"

(4)   Calling-Station-Id = "185.76.230.248[38823]"

(4)   Acct-Session-Id = "1576757594-3"

(4)   EAP-Message = 0x0200000b01686f756d616e

(4)   NAS-Identifier = "strongSwan"

(4)   Message-Authenticator = 0x7e6d9c86703eecf1dc78e34980d98a68

(4) # Executing section authorize from file
/etc/freeradius/3.0/sites-enabled/default

(4)   authorize {

(4)     update control {

(4)       EXPAND %l

(4)          --> 1576757818

(4)       &Current-Timestamp := 1576757818

(4)     } # update control = noop

(4)     update request {

rlm_sql (sql): Closing connection (3): Hit idle_timeout, was idle for 90
seconds

rlm_sql_mysql: Socket destructor called, closing socket

rlm_sql (sql): Closing connection (4): Hit idle_timeout, was idle for 90
seconds

rlm_sql_mysql: Socket destructor called, closing socket

rlm_sql (sql): Closing connection (0): Hit idle_timeout, was idle for 90
seconds

rlm_sql_mysql: Socket destructor called, closing socket

rlm_sql (sql): Closing connection (5): Hit idle_timeout, was idle for 90
seconds

rlm_sql_mysql: Socket destructor called, closing socket

rlm_sql (sql): Closing connection (1): Hit idle_timeout, was idle for 90
seconds

rlm_sql (sql): You probably need to lower "min"

rlm_sql_mysql: Socket destructor called, closing socket

rlm_sql (sql): Closing connection (6): Hit idle_timeout, was idle for 90
seconds

rlm_sql (sql): You probably need to lower "min"

rlm_sql_mysql: Socket destructor called, closing socket

rlm_sql (sql): Closing connection (2): Hit idle_timeout, was idle for 90
seconds

rlm_sql (sql): You probably need to lower "min"

rlm_sql_mysql: Socket destructor called, closing socket

rlm_sql (sql): 0 of 0 connections in use.  You  may need to increase "spare"

rlm_sql (sql): Opening additional connection (7), 1 of 32 pending slots used

rlm_sql_mysql: Starting connect to MySQL server

rlm_sql_mysql: Connected to database 'radius_db' on xx.xxx.xx.xx via
TCP/IP, server version 8.0.18, protocol version 10

rlm_sql (sql): Reserved connection (7)

rlm_sql (sql): Released connection (7)

Need 2 more connections to reach min connections (3)

rlm_sql (sql): Opening additional connection (8), 1 of 31 pending slots used

rlm_sql_mysql: Starting connect to MySQL server

rlm_sql_mysql: Connected to database 'radius_db' on xx.xxx.xx.xx via
TCP/IP, server version 8.0.18, protocol version 10

(4)       EXPAND %{User-Name}

(4)          --> houman

(4)       SQL-User-Name set to 'houman'

rlm_sql (sql): Reserved connection (7)

(4)       Executing select query: SELECT UNIX_TIMESTAMP(expires_at) FROM
main_db.`user` WHERE main_db.`user`.username ='houman'

rlm_sql (sql): Released connection (7)

(4)       EXPAND %{sql:SELECT UNIX_TIMESTAMP(expires_at) FROM
main_db.`user` WHERE main_db.`user`.username ='%{User-Name}'}

(4)          --> 1735689600

(4)       &Expires-Timestamp := 1735689600

(4)     } # update request = noop

(4)     if (&control:Current-Timestamp > &request:Expires-Timestamp) {

(4)     if (&control:Current-Timestamp > &request:Expires-Timestamp)  ->
FALSE

(4)     policy filter_username {

(4)       if (&User-Name) {

(4)       if (&User-Name)  -> TRUE

(4)       if (&User-Name)  {

(4)         if (&User-Name =~ / /) {

(4)         if (&User-Name =~ / /)  -> FALSE

(4)         if (&User-Name =~ /@[^@]*@/ ) {

(4)         if (&User-Name =~ /@[^@]*@/ )  -> FALSE

(4)         if (&User-Name =~ /\.\./ ) {

(4)         if (&User-Name =~ /\.\./ )  -> FALSE

(4)         if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/))  {

(4)         if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/))   ->
FALSE

(4)         if (&User-Name =~ /\.$/)  {

(4)         if (&User-Name =~ /\.$/)   -> FALSE

(4)         if (&User-Name =~ /@\./)  {

(4)         if (&User-Name =~ /@\./)   -> FALSE

(4)       } # if (&User-Name)  = noop

(4)     } # policy filter_username = noop

(4)     [preprocess] = ok

(4)     [chap] = noop

(4)     [mschap] = noop

(4)     [digest] = noop

(4) suffix: Checking for suffix after "@"

(4) suffix: No '@' in User-Name = "houman", looking up realm NULL

(4) suffix: No such realm "NULL"

(4)     [suffix] = noop

(4) eap: Peer sent EAP Response (code 2) ID 0 length 11

(4) eap: EAP-Identity reply, returning 'ok' so we can short-circuit the
rest of authorize

(4)     [eap] = ok

(4)   } # authorize = ok

(4) Found Auth-Type = eap

(4) # Executing group from file /etc/freeradius/3.0/sites-enabled/default

(4)   authenticate {

(4) eap: Peer sent packet with method EAP Identity (1)

(4) eap: Calling submodule eap_md5 to process data

(4) eap_md5: Issuing MD5 Challenge

(4) eap: Sending EAP Request (code 1) ID 1 length 22

(4) eap: EAP session adding &reply:State = 0xa17deb22a17ceffe

(4)     [eap] = handled

(4)   } # authenticate = handled

(4) Using Post-Auth-Type Challenge

(4) # Executing group from file /etc/freeradius/3.0/sites-enabled/default

(4)   Challenge { ... } # empty sub-section is ignored

(4) Sent Access-Challenge Id 128 from 127.0.0.1:1812 to 127.0.0.1:48822
length 0

(4)   EAP-Message = 0x0101001604103a8af45976daf8a272f4e1044cbca4ea

(4)   Message-Authenticator = 0x00000000000000000000000000000000

(4)   State = 0xa17deb22a17ceffef01faedaf7cde45b

(4) Finished request

Waking up in 4.9 seconds.

(5) Received Access-Request Id 129 from 127.0.0.1:48822 to 127.0.0.1:1812
length 170

(5)   User-Name = "houman"

(5)   NAS-Port-Type = Virtual

(5)   Service-Type = Framed-User

(5)   NAS-Port = 3

(5)   NAS-Port-Id = "X-1"

(5)   NAS-IP-Address = 172.31.20.12

(5)   Called-Station-Id = "172.31.20.12[4500]"

(5)   Calling-Station-Id = "185.76.230.248[38823]"

(5)   Acct-Session-Id = "1576757594-3"

(5)   EAP-Message = 0x02010006031a

(5)   NAS-Identifier = "strongSwan"

(5)   State = 0xa17deb22a17ceffef01faedaf7cde45b

(5)   Message-Authenticator = 0x72dac90f5d0d96fc8992a391980d751b

(5) session-state: No cached attributes

(5) # Executing section authorize from file
/etc/freeradius/3.0/sites-enabled/default

(5)   authorize {

(5)     update control {

(5)       EXPAND %l

(5)          --> 1576757818

(5)       &Current-Timestamp := 1576757818

(5)     } # update control = noop

(5)     update request {

rlm_sql (sql): Reserved connection (8)

rlm_sql (sql): Released connection (8)

(5)       EXPAND %{User-Name}

(5)          --> houman

(5)       SQL-User-Name set to 'houman'

rlm_sql (sql): Reserved connection (7)

(5)       Executing select query: SELECT UNIX_TIMESTAMP(expires_at) FROM
main_db.`user` WHERE main_db.`user`.username ='houman'

rlm_sql (sql): Released connection (7)

(5)       EXPAND %{sql:SELECT UNIX_TIMESTAMP(expires_at) FROM
main_db.`user` WHERE main_db.`user`.username ='%{User-Name}'}

(5)          --> 1735689600

(5)       &Expires-Timestamp := 1735689600

(5)     } # update request = noop

(5)     if (&control:Current-Timestamp > &request:Expires-Timestamp) {

(5)     if (&control:Current-Timestamp > &request:Expires-Timestamp)  ->
FALSE

(5)     policy filter_username {

(5)       if (&User-Name) {

(5)       if (&User-Name)  -> TRUE

(5)       if (&User-Name)  {

(5)         if (&User-Name =~ / /) {

(5)         if (&User-Name =~ / /)  -> FALSE

(5)         if (&User-Name =~ /@[^@]*@/ ) {

(5)         if (&User-Name =~ /@[^@]*@/ )  -> FALSE

(5)         if (&User-Name =~ /\.\./ ) {

(5)         if (&User-Name =~ /\.\./ )  -> FALSE

(5)         if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/))  {

(5)         if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/))   ->
FALSE

(5)         if (&User-Name =~ /\.$/)  {

(5)         if (&User-Name =~ /\.$/)   -> FALSE

(5)         if (&User-Name =~ /@\./)  {

(5)         if (&User-Name =~ /@\./)   -> FALSE

(5)       } # if (&User-Name)  = noop

(5)     } # policy filter_username = noop

(5)     [preprocess] = ok

(5)     [chap] = noop

(5)     [mschap] = noop

(5)     [digest] = noop

(5) suffix: Checking for suffix after "@"

(5) suffix: No '@' in User-Name = "houman", looking up realm NULL

(5) suffix: No such realm "NULL"

(5)     [suffix] = noop

(5) eap: Peer sent EAP Response (code 2) ID 1 length 6

(5) eap: No EAP Start, assuming it's an on-going EAP conversation

(5)     [eap] = updated

(5) sql: EXPAND %{User-Name}

(5) sql:    --> houman

(5) sql: SQL-User-Name set to 'houman'

rlm_sql (sql): Reserved connection (8)

(5) sql: EXPAND SELECT id, username, attribute, value, op FROM radcheck
WHERE username = '%{SQL-User-Name}' ORDER BY id

(5) sql:    --> SELECT id, username, attribute, value, op FROM radcheck
WHERE username = 'houman' ORDER BY id

(5) sql: Executing select query: SELECT id, username, attribute, value, op
FROM radcheck WHERE username = 'houman' ORDER BY id

(5) sql: User found in radcheck table

(5) sql: Conditional check items matched, merging assignment check items

(5) sql:   Cleartext-Password := "houman at lovesyou"

(5) sql: EXPAND SELECT id, username, attribute, value, op FROM radreply
WHERE username = '%{SQL-User-Name}' ORDER BY id

(5) sql:    --> SELECT id, username, attribute, value, op FROM radreply
WHERE username = 'houman' ORDER BY id

(5) sql: Executing select query: SELECT id, username, attribute, value, op
FROM radreply WHERE username = 'houman' ORDER BY id

rlm_sql (sql): Reserved connection (7)

rlm_sql (sql): Released connection (7)

(5) sql: EXPAND SELECT groupname FROM radusergroup WHERE username =
'%{SQL-User-Name}' ORDER BY priority

(5) sql:    --> SELECT groupname FROM radusergroup WHERE username =
'houman' ORDER BY priority

(5) sql: Executing select query: SELECT groupname FROM radusergroup WHERE
username = 'houman' ORDER BY priority

(5) sql: User not found in any groups

rlm_sql (sql): Released connection (8)

(5)     [sql] = ok

(5)     [expiration] = noop

(5)     [logintime] = noop

(5) pap: WARNING: Auth-Type already set.  Not setting to PAP

(5)     [pap] = noop

(5)   } # authorize = updated

(5) Found Auth-Type = eap

(5) # Executing group from file /etc/freeradius/3.0/sites-enabled/default

(5)   authenticate {

(5) eap: Expiring EAP session with state 0xa17deb22a17ceffe

(5) eap: Finished EAP session with state 0xa17deb22a17ceffe

(5) eap: Previous EAP request found for state 0xa17deb22a17ceffe, released
from the list

(5) eap: Peer sent packet with method EAP NAK (3)

(5) eap: Found mutually acceptable type MSCHAPv2 (26)

(5) eap: Calling submodule eap_mschapv2 to process data

(5) eap_mschapv2: Issuing Challenge

(5) eap: Sending EAP Request (code 1) ID 2 length 43

(5) eap: EAP session adding &reply:State = 0xa17deb22a07ff1fe

(5)     [eap] = handled

(5)   } # authenticate = handled

(5) Using Post-Auth-Type Challenge

(5) # Executing group from file /etc/freeradius/3.0/sites-enabled/default

(5)   Challenge { ... } # empty sub-section is ignored

(5) Sent Access-Challenge Id 129 from 127.0.0.1:1812 to 127.0.0.1:48822
length 0

(5)   EAP-Message =
0x0102002b1a01020026109ea8499d23b221fe286e0553b2afd879667265657261646975732d332e302e3139

(5)   Message-Authenticator = 0x00000000000000000000000000000000

(5)   State = 0xa17deb22a07ff1fef01faedaf7cde45b

(5) Finished request

Waking up in 4.8 seconds.

(6) Received Access-Request Id 130 from 127.0.0.1:48822 to 127.0.0.1:1812
length 229

(6)   User-Name = "houman"

(6)   NAS-Port-Type = Virtual

(6)   Service-Type = Framed-User

(6)   NAS-Port = 3

(6)   NAS-Port-Id = "X-1"

(6)   NAS-IP-Address = 172.31.20.12

(6)   Called-Station-Id = "172.31.20.12[4500]"

(6)   Calling-Station-Id = "185.76.230.248[38823]"

(6)   Acct-Session-Id = "1576757594-3"

(6)   EAP-Message =
0x020200411a0202003c316473cdfd9ba7577369c536ec1a3732170000000000000000bdd8d54efc713f6c117e2db89759acfa868367fc3920267200686f756d616e

(6)   NAS-Identifier = "strongSwan"

(6)   State = 0xa17deb22a07ff1fef01faedaf7cde45b

(6)   Message-Authenticator = 0xe167fa7a298b2393526a662c1298ce92

(6) session-state: No cached attributes

(6) # Executing section authorize from file
/etc/freeradius/3.0/sites-enabled/default

(6)   authorize {

(6)     update control {

(6)       EXPAND %l

(6)          --> 1576757818

(6)       &Current-Timestamp := 1576757818

(6)     } # update control = noop

(6)     update request {

rlm_sql (sql): Reserved connection (8)

rlm_sql (sql): Released connection (8)

(6)       EXPAND %{User-Name}

(6)          --> houman

(6)       SQL-User-Name set to 'houman'

rlm_sql (sql): Reserved connection (7)

(6)       Executing select query: SELECT UNIX_TIMESTAMP(expires_at) FROM
main_db.`user` WHERE main_db.`user`.username ='houman'

rlm_sql (sql): Released connection (7)

(6)       EXPAND %{sql:SELECT UNIX_TIMESTAMP(expires_at) FROM
main_db.`user` WHERE main_db.`user`.username ='%{User-Name}'}

(6)          --> 1735689600

(6)       &Expires-Timestamp := 1735689600

(6)     } # update request = noop

(6)     if (&control:Current-Timestamp > &request:Expires-Timestamp) {

(6)     if (&control:Current-Timestamp > &request:Expires-Timestamp)  ->
FALSE

(6)     policy filter_username {

(6)       if (&User-Name) {

(6)       if (&User-Name)  -> TRUE

(6)       if (&User-Name)  {

(6)         if (&User-Name =~ / /) {

(6)         if (&User-Name =~ / /)  -> FALSE

(6)         if (&User-Name =~ /@[^@]*@/ ) {

(6)         if (&User-Name =~ /@[^@]*@/ )  -> FALSE

(6)         if (&User-Name =~ /\.\./ ) {

(6)         if (&User-Name =~ /\.\./ )  -> FALSE

(6)         if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/))  {

(6)         if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/))   ->
FALSE

(6)         if (&User-Name =~ /\.$/)  {

(6)         if (&User-Name =~ /\.$/)   -> FALSE

(6)         if (&User-Name =~ /@\./)  {

(6)         if (&User-Name =~ /@\./)   -> FALSE

(6)       } # if (&User-Name)  = noop

(6)     } # policy filter_username = noop

(6)     [preprocess] = ok

(6)     [chap] = noop

(6)     [mschap] = noop

(6)     [digest] = noop

(6) suffix: Checking for suffix after "@"

(6) suffix: No '@' in User-Name = "houman", looking up realm NULL

(6) suffix: No such realm "NULL"

(6)     [suffix] = noop

(6) eap: Peer sent EAP Response (code 2) ID 2 length 65

(6) eap: No EAP Start, assuming it's an on-going EAP conversation

(6)     [eap] = updated

(6) sql: EXPAND %{User-Name}

(6) sql:    --> houman

(6) sql: SQL-User-Name set to 'houman'

rlm_sql (sql): Reserved connection (8)

(6) sql: EXPAND SELECT id, username, attribute, value, op FROM radcheck
WHERE username = '%{SQL-User-Name}' ORDER BY id

(6) sql:    --> SELECT id, username, attribute, value, op FROM radcheck
WHERE username = 'houman' ORDER BY id

(6) sql: Executing select query: SELECT id, username, attribute, value, op
FROM radcheck WHERE username = 'houman' ORDER BY id

(6) sql: User found in radcheck table

(6) sql: Conditional check items matched, merging assignment check items

(6) sql:   Cleartext-Password := "houman at lovesyou"

(6) sql: EXPAND SELECT id, username, attribute, value, op FROM radreply
WHERE username = '%{SQL-User-Name}' ORDER BY id

(6) sql:    --> SELECT id, username, attribute, value, op FROM radreply
WHERE username = 'houman' ORDER BY id

(6) sql: Executing select query: SELECT id, username, attribute, value, op
FROM radreply WHERE username = 'houman' ORDER BY id

rlm_sql (sql): Reserved connection (7)

rlm_sql (sql): Released connection (7)

(6) sql: EXPAND SELECT groupname FROM radusergroup WHERE username =
'%{SQL-User-Name}' ORDER BY priority

(6) sql:    --> SELECT groupname FROM radusergroup WHERE username =
'houman' ORDER BY priority

(6) sql: Executing select query: SELECT groupname FROM radusergroup WHERE
username = 'houman' ORDER BY priority

(6) sql: User not found in any groups

rlm_sql (sql): Released connection (8)

(6)     [sql] = ok

(6)     [expiration] = noop

(6)     [logintime] = noop

(6) pap: WARNING: Auth-Type already set.  Not setting to PAP

(6)     [pap] = noop

(6)   } # authorize = updated

(6) Found Auth-Type = eap

(6) # Executing group from file /etc/freeradius/3.0/sites-enabled/default

(6)   authenticate {

(6) eap: Expiring EAP session with state 0xa17deb22a07ff1fe

(6) eap: Finished EAP session with state 0xa17deb22a07ff1fe

(6) eap: Previous EAP request found for state 0xa17deb22a07ff1fe, released
from the list

(6) eap: Peer sent packet with method EAP MSCHAPv2 (26)

(6) eap: Calling submodule eap_mschapv2 to process data

(6) eap_mschapv2: # Executing group from file
/etc/freeradius/3.0/sites-enabled/default

(6) eap_mschapv2:   authenticate {

(6) mschap: Found Cleartext-Password, hashing to create NT-Password

(6) mschap: Found Cleartext-Password, hashing to create LM-Password

(6) mschap: Creating challenge hash with username: houman

(6) mschap: Client is using MS-CHAPv2

(6) mschap: Adding MS-CHAPv2 MPPE keys

(6) eap_mschapv2:     [mschap] = ok

(6) eap_mschapv2:   } # authenticate = ok

(6) eap_mschapv2: MSCHAP Success

(6) eap: Sending EAP Request (code 1) ID 3 length 51

(6) eap: EAP session adding &reply:State = 0xa17deb22a37ef1fe

(6)     [eap] = handled

(6)   } # authenticate = handled

(6) Using Post-Auth-Type Challenge

(6) # Executing group from file /etc/freeradius/3.0/sites-enabled/default

(6)   Challenge { ... } # empty sub-section is ignored

(6) Sent Access-Challenge Id 130 from 127.0.0.1:1812 to 127.0.0.1:48822
length 0

(6)   EAP-Message =
0x010300331a0302002e533d33303232453237443943444437313237423132413042323041304536444630314333323741323538

(6)   Message-Authenticator = 0x00000000000000000000000000000000

(6)   State = 0xa17deb22a37ef1fef01faedaf7cde45b

(6) Finished request

Waking up in 4.7 seconds.

(7) Received Access-Request Id 131 from 127.0.0.1:48822 to 127.0.0.1:1812
length 170

(7)   User-Name = "houman"

(7)   NAS-Port-Type = Virtual

(7)   Service-Type = Framed-User

(7)   NAS-Port = 3

(7)   NAS-Port-Id = "X-1"

(7)   NAS-IP-Address = 172.31.20.12

(7)   Called-Station-Id = "172.31.20.12[4500]"

(7)   Calling-Station-Id = "185.76.230.248[38823]"

(7)   Acct-Session-Id = "1576757594-3"

(7)   EAP-Message = 0x020300061a03

(7)   NAS-Identifier = "strongSwan"

(7)   State = 0xa17deb22a37ef1fef01faedaf7cde45b

(7)   Message-Authenticator = 0x23f98c032ec4bbd63d42cd63c25f36f7

(7) session-state: No cached attributes

(7) # Executing section authorize from file
/etc/freeradius/3.0/sites-enabled/default

(7)   authorize {

(7)     update control {

(7)       EXPAND %l

(7)          --> 1576757818

(7)       &Current-Timestamp := 1576757818

(7)     } # update control = noop

(7)     update request {

rlm_sql (sql): Reserved connection (8)

rlm_sql (sql): Released connection (8)

(7)       EXPAND %{User-Name}

(7)          --> houman

(7)       SQL-User-Name set to 'houman'

rlm_sql (sql): Reserved connection (7)

(7)       Executing select query: SELECT UNIX_TIMESTAMP(expires_at) FROM
main_db.`user` WHERE main_db.`user`.username ='houman'

rlm_sql (sql): Released connection (7)

(7)       EXPAND %{sql:SELECT UNIX_TIMESTAMP(expires_at) FROM
main_db.`user` WHERE main_db.`user`.username ='%{User-Name}'}

(7)          --> 1735689600

(7)       &Expires-Timestamp := 1735689600

(7)     } # update request = noop

(7)     if (&control:Current-Timestamp > &request:Expires-Timestamp) {

(7)     if (&control:Current-Timestamp > &request:Expires-Timestamp)  ->
FALSE

(7)     policy filter_username {

(7)       if (&User-Name) {

(7)       if (&User-Name)  -> TRUE

(7)       if (&User-Name)  {

(7)         if (&User-Name =~ / /) {

(7)         if (&User-Name =~ / /)  -> FALSE

(7)         if (&User-Name =~ /@[^@]*@/ ) {

(7)         if (&User-Name =~ /@[^@]*@/ )  -> FALSE

(7)         if (&User-Name =~ /\.\./ ) {

(7)         if (&User-Name =~ /\.\./ )  -> FALSE

(7)         if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/))  {

(7)         if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/))   ->
FALSE

(7)         if (&User-Name =~ /\.$/)  {

(7)         if (&User-Name =~ /\.$/)   -> FALSE

(7)         if (&User-Name =~ /@\./)  {

(7)         if (&User-Name =~ /@\./)   -> FALSE

(7)       } # if (&User-Name)  = noop

(7)     } # policy filter_username = noop

(7)     [preprocess] = ok

(7)     [chap] = noop

(7)     [mschap] = noop

(7)     [digest] = noop

(7) suffix: Checking for suffix after "@"

(7) suffix: No '@' in User-Name = "houman", looking up realm NULL

(7) suffix: No such realm "NULL"

(7)     [suffix] = noop

(7) eap: Peer sent EAP Response (code 2) ID 3 length 6

(7) eap: No EAP Start, assuming it's an on-going EAP conversation

(7)     [eap] = updated

(7) sql: EXPAND %{User-Name}

(7) sql:    --> houman

(7) sql: SQL-User-Name set to 'houman'

rlm_sql (sql): Reserved connection (8)

(7) sql: EXPAND SELECT id, username, attribute, value, op FROM radcheck
WHERE username = '%{SQL-User-Name}' ORDER BY id

(7) sql:    --> SELECT id, username, attribute, value, op FROM radcheck
WHERE username = 'houman' ORDER BY id

(7) sql: Executing select query: SELECT id, username, attribute, value, op
FROM radcheck WHERE username = 'houman' ORDER BY id

(7) sql: User found in radcheck table

(7) sql: Conditional check items matched, merging assignment check items

(7) sql:   Cleartext-Password := "houman at lovesyou"

(7) sql: EXPAND SELECT id, username, attribute, value, op FROM radreply
WHERE username = '%{SQL-User-Name}' ORDER BY id

(7) sql:    --> SELECT id, username, attribute, value, op FROM radreply
WHERE username = 'houman' ORDER BY id

(7) sql: Executing select query: SELECT id, username, attribute, value, op
FROM radreply WHERE username = 'houman' ORDER BY id

rlm_sql (sql): Reserved connection (7)

rlm_sql (sql): Released connection (7)

Need 1 more connections to reach min connections (3)

rlm_sql (sql): Opening additional connection (9), 1 of 30 pending slots used

rlm_sql_mysql: Starting connect to MySQL server

rlm_sql_mysql: Connected to database 'radius_db' on xx.xxx.xx.xx via
TCP/IP, server version 8.0.18, protocol version 10

(7) sql: EXPAND SELECT groupname FROM radusergroup WHERE username =
'%{SQL-User-Name}' ORDER BY priority

(7) sql:    --> SELECT groupname FROM radusergroup WHERE username =
'houman' ORDER BY priority

(7) sql: Executing select query: SELECT groupname FROM radusergroup WHERE
username = 'houman' ORDER BY priority

(7) sql: User not found in any groups

rlm_sql (sql): Released connection (8)

(7)     [sql] = ok

(7)     [expiration] = noop

(7)     [logintime] = noop

(7) pap: WARNING: Auth-Type already set.  Not setting to PAP

(7)     [pap] = noop

(7)   } # authorize = updated

(7) Found Auth-Type = eap

(7) # Executing group from file /etc/freeradius/3.0/sites-enabled/default

(7)   authenticate {

(7) eap: Expiring EAP session with state 0xa17deb22a37ef1fe

(7) eap: Finished EAP session with state 0xa17deb22a37ef1fe

(7) eap: Previous EAP request found for state 0xa17deb22a37ef1fe, released
from the list

(7) eap: Peer sent packet with method EAP MSCHAPv2 (26)

(7) eap: Calling submodule eap_mschapv2 to process data

(7) eap: Sending EAP Success (code 3) ID 3 length 4

(7) eap: Freeing handler

(7)     [eap] = ok

(7)   } # authenticate = ok

(7) # Executing section post-auth from file
/etc/freeradius/3.0/sites-enabled/default

(7)   post-auth {

(7)     update reply {

(7)       Acct-Interim-Interval = 300

(7)     } # update reply = noop

(7)     if (session-state:User-Name && reply:User-Name && request:User-Name
&& (reply:User-Name == request:User-Name)) {

(7)     if (session-state:User-Name && reply:User-Name && request:User-Name
&& (reply:User-Name == request:User-Name))  -> FALSE

(7)     update {

(7)       No attributes updated for RHS &session-state:

(7)     } # update = noop

(7)     policy sql_session_start.post-auth {

(7)       policy acct_unique {

(7)         update request {

(7)           &Tmp-String-9 := "ai:"

(7)         } # update request = noop

(7)         if (("%{hex:&Class}" =~ /^%{hex:&Tmp-String-9}/) &&
("%{string:&Class}" =~ /^ai:([0-9a-f]{32})/i)) {

(7)         EXPAND %{hex:&Class}

(7)            -->

(7)         EXPAND ^%{hex:&Tmp-String-9}

(7)            --> ^61693a

(7)         if (("%{hex:&Class}" =~ /^%{hex:&Tmp-String-9}/) &&
("%{string:&Class}" =~ /^ai:([0-9a-f]{32})/i))  -> FALSE

(7)         else {

(7)           update request {

(7)             EXPAND
%{md5:%{User-Name},%{Acct-Session-ID},%{%{NAS-IPv6-Address}:-%{NAS-IP-Address}},%{NAS-Identifier},%{NAS-Port-ID},%{NAS-Port}}

(7)                --> 4777c724ef84c2fd714218f9256dac76

(7)             &Acct-Unique-Session-Id := 4777c724ef84c2fd714218f9256dac76

(7)           } # update request = noop

(7)         } # else = noop

(7)       } # policy acct_unique = noop

(7) sql: EXPAND
%{tolower:type.%{%{Acct-Status-Type}:-%{Request-Processing-Stage}}.query}

(7) sql:    --> type.post-auth.query

(7) sql: Using query template 'query'

rlm_sql (sql): Reserved connection (8)

(7) sql: EXPAND %{User-Name}

(7) sql:    --> houman

(7) sql: SQL-User-Name set to 'houman'

(7) sql: EXPAND INSERT INTO radacct (acctsessionid, acctuniqueid, username,
realm, nasipaddress, nasportid, nasporttype, acctstarttime, acctupdatetime,
acctstoptime, acctsessiontime, acctauthentic, connectinfo_start,
connectinfo_stop,
acctinputoctets, acctoutputoctets, calledstationid, callingstationid,
acctterminatecause, servicetype, framedprotocol, framedipaddress,
framedipv6address, framedipv6prefix, framedinterfaceid, delegatedipv6prefix)
VALUES('%{Acct-Session-Id}', '%{Acct-Unique-Session-Id}',
'%{SQL-User-Name}', '%{Realm}',
'%{%{NAS-IPv6-Address}:-%{NAS-IP-Address}}',
NULLIF('%{%{NAS-Port-ID}:-%{NAS-Port}}', ''), '%{NAS-Port-Type}',
FROM_UNIXTIME(%{integer:Event-Timestamp}), NULL, NULL, 0, '',
'%{Connect-Info}', NULL, 0, 0, '%{Called-Station-Id}',
'%{Calling-Station-Id}', NULL, '%{Service-Type}', NULL, '', '', '', '', '')

(7) sql:    --> INSERT INTO radacct (acctsessionid, acctuniqueid, username,
realm, nasipaddress, nasportid, nasporttype, acctstarttime, acctupdatetime,
acctstoptime, acctsessiontime, acctauthentic, connectinfo_start,
connectinfo_stop,
acctinputoctets, acctoutputoctets, calledstationid, callingstationid,
acctterminatecause, servicetype, framedprotocol, framedipaddress,
framedipv6address, framedipv6prefix, framedinterfaceid, delegatedipv6prefix)
VALUES('1576757594-3', '4777c724ef84c2fd714218f9256dac76', 'houman', '',
'172.31.20.12', NULLIF('X-1', ''), 'Virtual', FROM_UNIXTIME(1576757818),
NULL, NULL, 0, '', '', NULL, 0, 0, '172.31.20.12=5B4500=5D',
'185.76.230.248=5B38823=5D', NULL, 'Framed-User', NULL, '', '', '', '', '')

(7) sql: Executing query: INSERT INTO radacct (acctsessionid,
acctuniqueid, username,
realm, nasipaddress, nasportid, nasporttype, acctstarttime, acctupdatetime,
acctstoptime, acctsessiontime, acctauthentic, connectinfo_start,
connectinfo_stop,
acctinputoctets, acctoutputoctets, calledstationid, callingstationid,
acctterminatecause, servicetype, framedprotocol, framedipaddress,
framedipv6address, framedipv6prefix, framedinterfaceid, delegatedipv6prefix)
VALUES('1576757594-3', '4777c724ef84c2fd714218f9256dac76', 'houman', '',
'172.31.20.12', NULLIF('X-1', ''), 'Virtual', FROM_UNIXTIME(1576757818),
NULL, NULL, 0, '', '', NULL, 0, 0, '172.31.20.12=5B4500=5D',
'185.76.230.248=5B38823=5D', NULL, 'Framed-User', NULL, '', '', '', '', '')

(7) sql: ERROR: rlm_sql_mysql: ERROR 1054 (Unknown column
'framedipv6address' in 'field list'): 42S22

(7) sql: SQL query returned: server error

rlm_sql (sql): Released connection (8)

(7)       [sql.accounting] = fail

(7)     } # policy sql_session_start.post-auth = fail

(7)   } # post-auth = fail

(7) Using Post-Auth-Type Reject

(7) # Executing group from file /etc/freeradius/3.0/sites-enabled/default

(7)   Post-Auth-Type REJECT {

(7) sql: EXPAND .query

(7) sql:    --> .query

(7) sql: Using query template 'query'

rlm_sql (sql): Reserved connection (7)

(7) sql: EXPAND %{User-Name}

(7) sql:    --> houman

(7) sql: SQL-User-Name set to 'houman'

(7) sql: EXPAND INSERT INTO radpostauth (username, pass, reply, authdate)
VALUES ( '%{SQL-User-Name}', '%{%{User-Password}:-%{Chap-Password}}',
'%{reply:Packet-Type}', '%S')

(7) sql:    --> INSERT INTO radpostauth (username, pass, reply, authdate)
VALUES ( 'houman', '', 'Access-Reject', '2019-12-19 12:16:58')

(7) sql: Executing query: INSERT INTO radpostauth (username, pass, reply,
authdate) VALUES ( 'houman', '', 'Access-Reject', '2019-12-19 12:16:58')

(7) sql: SQL query returned: success

(7) sql: 1 record(s) updated

rlm_sql (sql): Released connection (7)

(7)     [sql] = ok

(7) attr_filter.access_reject: EXPAND %{User-Name}

(7) attr_filter.access_reject:    --> houman

(7) attr_filter.access_reject: Matched entry DEFAULT at line 11

(7)     [attr_filter.access_reject] = updated

(7)     [eap] = noop

(7)     policy remove_reply_message_if_eap {

(7)       if (&reply:EAP-Message && &reply:Reply-Message) {

(7)       if (&reply:EAP-Message && &reply:Reply-Message)  -> FALSE

(7)       else {

(7)         [noop] = noop

(7)       } # else = noop

(7)     } # policy remove_reply_message_if_eap = noop

(7)   } # Post-Auth-Type REJECT = updated

(7) Delaying response for 1.000000 seconds

Waking up in 0.1 seconds.

Waking up in 0.8 seconds.

(7) Sending delayed response

(7) Sent Access-Reject Id 131 from 127.0.0.1:1812 to 127.0.0.1:48822 length
44

(7)   EAP-Message = 0x03030004

(7)   Message-Authenticator = 0x00000000000000000000000000000000

Waking up in 3.5 seconds.

(4) Cleaning up request packet ID 128 with timestamp +95

Waking up in 0.1 seconds.

(5) Cleaning up request packet ID 129 with timestamp +95

Waking up in 0.1 seconds.

(6) Cleaning up request packet ID 130 with timestamp +95

Waking up in 0.2 seconds.

(7) Cleaning up request packet ID 131 with timestamp +95

Ready to process requests


More information about the Freeradius-Users mailing list