Re[2]: Unifi wifi SSHA passwords freeradius
Сергей Черевко
ink.dude at mail.ru
Wed Feb 12 15:43:43 CET 2020
Hi! I start freeradius -X
and here is logs
users «amohova», «dgalitskov» for example
(108138) Received Accounting-Request Id 181 from 10.10.3.232:32811 to 10.10.2.40:1813 length 191
(108138) Acct-Status-Type = Start
(108138) Acct-Authentic = RADIUS
(108138) User-Name = "amohova"
(108138) NAS-IP-Address = 10.10.3.232
(108138) Framed-IP-Address = 10.10.60.202
(108138) NAS-Identifier = "b4fbe4867b30"
(108138) Called-Station-Id = "B4-FB-E4-86-7B-30:FC"
(108138) NAS-Port-Type = Wireless-802.11
(108138) Service-Type = Framed-User
(108138) Calling-Station-Id = "F8-4E-73-1B-3F-BD"
(108138) Connect-Info = "CONNECT 0Mbps 802.11g"
(108138) Acct-Session-Id = "1C9CE0FE0511C51C"
(108138) WLAN-Pairwise-Cipher = 1027076
(108138) WLAN-Group-Cipher = 1027076
(108138) WLAN-AKM-Suite = 1027073
(108138) Event-Timestamp = "Feb 12 2020 17:40:08 MSK"
(108138) Acct-Delay-Time = 0
(108138) # Executing section preacct from file /etc/freeradius/3.0/sites-enabled/default
(108138) preacct {
(108138) [preprocess] = ok
(108138) policy acct_unique {
(108138) update request {
(108138) &Tmp-String-9 := "ai:"
(108138) } # update request = noop
(108138) if (("%{hex:&Class}" =~ /^%{hex:&Tmp-String-9}/) && ("%{string:&Class}" =~ /^ai:([0-9a-f]{32})/i)) {
(108138) EXPAND %{hex:&Class}
(108138) -->
(108138) EXPAND ^%{hex:&Tmp-String-9}
(108138) --> ^61693a
(108138) if (("%{hex:&Class}" =~ /^%{hex:&Tmp-String-9}/) && ("%{string:&Class}" =~ /^ai:([0-9a-f]{32})/i)) -> FALSE
(108138) else {
(108138) update request {
(108138) EXPAND %{md5:%{User-Name},%{Acct-Session-ID},%{%{NAS-IPv6-Address}:-%{NAS-IP-Address}},%{NAS-Identifier},%{NAS-Port-ID},%{NAS-Port}}
(108138) --> da23bf2eae0a20950b70b61b493c3156
(108138) &Acct-Unique-Session-Id := da23bf2eae0a20950b70b61b493c3156
(108138) } # update request = noop
(108138) } # else = noop
(108138) } # policy acct_unique = noop
(108138) suffix: Checking for suffix after "@"
(108138) suffix: No '@' in User-Name = "amohova", looking up realm NULL
(108138) suffix: No such realm "NULL"
(108138) [suffix] = noop
(108138) [files] = noop
(108138) } # preacct = ok
(108138) # Executing section accounting from file /etc/freeradius/3.0/sites-enabled/default
(108138) accounting {
(108138) detail: EXPAND /var/log/freeradius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/detail-%Y%m%d
(108138) detail: --> /var/log/freeradius/radacct/10.10.3.232/detail-20200212
(108138) detail: /var/log/freeradius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/detail-%Y%m%d expands to /var/log/freeradius/radacct/10.10.3.232/detail-20200212
(108138) detail: EXPAND %t
(108138) detail: --> Wed Feb 12 17:40:08 2020
(108138) [detail] = ok
(108138) [unix] = ok
(108138) [exec] = noop
(108138) attr_filter.accounting_response: EXPAND %{User-Name}
(108138) attr_filter.accounting_response: --> amohova
(108138) attr_filter.accounting_response: Matched entry DEFAULT at line 12
(108138) [attr_filter.accounting_response] = updated
(108138) } # accounting = updated
(108138) Sent Accounting-Response Id 181 from 10.10.2.40:1813 to 10.10.3.232:32811 length 0
(108138) Finished request
(108138) Cleaning up request packet ID 181 with timestamp +200672
Waking up in 3.0 seconds.
(108139) Received Accounting-Request Id 174 from 10.10.3.233:40969 to 10.10.2.40:1813 length 242
(108139) Acct-Status-Type = Stop
(108139) Acct-Authentic = RADIUS
(108139) User-Name = "dgalitskov"
(108139) NAS-IP-Address = 10.10.3.233
(108139) Framed-IP-Address = 10.10.60.54
(108139) NAS-Identifier = "7483c271f552"
(108139) Called-Station-Id = "74-83-C2-71-F5-52:FC"
(108139) NAS-Port-Type = Wireless-802.11
(108139) Service-Type = Framed-User
(108139) Calling-Station-Id = "E4-B2-FB-44-EF-D6"
(108139) Connect-Info = "CONNECT 0Mbps 802.11a"
(108139) Acct-Session-Id = "B0CE1AA98E2E130C"
(108139) WLAN-Pairwise-Cipher = 1027076
(108139) WLAN-Group-Cipher = 1027076
(108139) WLAN-AKM-Suite = 1027073
(108139) Event-Timestamp = "Feb 12 2020 17:40:09 MSK"
(108139) Acct-Delay-Time = 0
(108139) Acct-Session-Time = 207
(108139) Acct-Input-Packets = 22
(108139) Acct-Output-Packets = 22
(108139) Acct-Input-Octets = 2136
(108139) Acct-Input-Gigawords = 0
(108139) Acct-Output-Octets = 6010
(108139) Acct-Output-Gigawords = 0
(108139) Acct-Terminate-Cause = User-Request
(108139) # Executing section preacct from file /etc/freeradius/3.0/sites-enabled/default
(108139) preacct {
(108139) [preprocess] = ok
(108139) policy acct_unique {
(108139) update request {
(108139) &Tmp-String-9 := "ai:"
(108139) } # update request = noop
(108139) if (("%{hex:&Class}" =~ /^%{hex:&Tmp-String-9}/) && ("%{string:&Class}" =~ /^ai:([0-9a-f]{32})/i)) {
(108139) EXPAND %{hex:&Class}
(108139) -->
(108139) EXPAND ^%{hex:&Tmp-String-9}
(108139) --> ^61693a
(108139) if (("%{hex:&Class}" =~ /^%{hex:&Tmp-String-9}/) && ("%{string:&Class}" =~ /^ai:([0-9a-f]{32})/i)) -> FALSE
(108139) else {
(108139) update request {
(108139) EXPAND %{md5:%{User-Name},%{Acct-Session-ID},%{%{NAS-IPv6-Address}:-%{NAS-IP-Address}},%{NAS-Identifier},%{NAS-Port-ID},%{NAS-Port}}
(108139) --> 116a41339a3b573987c5fd7f78ea55cf
(108139) &Acct-Unique-Session-Id := 116a41339a3b573987c5fd7f78ea55cf
(108139) } # update request = noop
(108139) } # else = noop
(108139) } # policy acct_unique = noop
(108139) suffix: Checking for suffix after "@"
(108139) suffix: No '@' in User-Name = "dgalitskov", looking up realm NULL
(108139) suffix: No such realm "NULL"
(108139) [suffix] = noop
(108139) [files] = noop
(108139) } # preacct = ok
(108139) # Executing section accounting from file /etc/freeradius/3.0/sites-enabled/default
(108139) accounting {
(108139) detail: EXPAND /var/log/freeradius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/detail-%Y%m%d
(108139) detail: --> /var/log/freeradius/radacct/10.10.3.233/detail-20200212
(108139) detail: /var/log/freeradius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/detail-%Y%m%d expands to /var/log/freeradius/radacct/10.10.3.233/detail-20200212
(108139) detail: EXPAND %t
(108139) detail: --> Wed Feb 12 17:40:09 2020
(108139) [detail] = ok
(108139) [unix] = ok
(108139) [exec] = noop
(108139) attr_filter.accounting_response: EXPAND %{User-Name}
(108139) attr_filter.accounting_response: --> dgalitskov
(108139) attr_filter.accounting_response: Matched entry DEFAULT at line 12
(108139) [attr_filter.accounting_response] = updated
(108139) } # accounting = updated
(108139) Sent Accounting-Response Id 174 from 10.10.2.40:1813 to 10.10.3.233:40969 length 0
(108139) Finished request
(108139) Cleaning up request packet ID 174 with timestamp +200673
Waking up in 2.4 seconds.
(108140) Received Accounting-Request Id 182 from 10.10.3.232:32811 to 10.10.2.40:1813 length 233
(108140) Acct-Status-Type = Stop
(108140) Acct-Authentic = RADIUS
(108140) User-Name = "amohova"
(108140) NAS-IP-Address = 10.10.3.232
(108140) Framed-IP-Address = 10.10.60.202
(108140) NAS-Identifier = "b4fbe4867b30"
(108140) Called-Station-Id = "B4-FB-E4-86-7B-30:FC"
(108140) NAS-Port-Type = Wireless-802.11
(108140) Service-Type = Framed-User
(108140) Calling-Station-Id = "F8-4E-73-1B-3F-BD"
(108140) Connect-Info = "CONNECT 0Mbps 802.11g"
(108140) Acct-Session-Id = "1C9CE0FE0511C51C"
(108140) WLAN-Pairwise-Cipher = 1027076
(108140) WLAN-Group-Cipher = 1027076
(108140) WLAN-AKM-Suite = 1027073
(108140) Event-Timestamp = "Feb 12 2020 17:40:11 MSK"
(108140) Acct-Delay-Time = 0
(108140) Acct-Session-Time = 2
(108140) Acct-Input-Packets = 239
(108140) Acct-Output-Packets = 213
(108140) Acct-Input-Octets = 61174
(108140) Acct-Input-Gigawords = 0
(108140) Acct-Output-Octets = 54537
(108140) Acct-Output-Gigawords = 0
(108140) # Executing section preacct from file /etc/freeradius/3.0/sites-enabled/default
(108140) preacct {
(108140) [preprocess] = ok
(108140) policy acct_unique {
(108140) update request {
(108140) &Tmp-String-9 := "ai:"
(108140) } # update request = noop
(108140) if (("%{hex:&Class}" =~ /^%{hex:&Tmp-String-9}/) && ("%{string:&Class}" =~ /^ai:([0-9a-f]{32})/i)) {
(108140) EXPAND %{hex:&Class}
(108140) -->
(108140) EXPAND ^%{hex:&Tmp-String-9}
(108140) --> ^61693a
(108140) if (("%{hex:&Class}" =~ /^%{hex:&Tmp-String-9}/) && ("%{string:&Class}" =~ /^ai:([0-9a-f]{32})/i)) -> FALSE
(108140) else {
(108140) update request {
(108140) EXPAND %{md5:%{User-Name},%{Acct-Session-ID},%{%{NAS-IPv6-Address}:-%{NAS-IP-Address}},%{NAS-Identifier},%{NAS-Port-ID},%{NAS-Port}}
(108140) --> da23bf2eae0a20950b70b61b493c3156
(108140) &Acct-Unique-Session-Id := da23bf2eae0a20950b70b61b493c3156
(108140) } # update request = noop
(108140) } # else = noop
(108140) } # policy acct_unique = noop
(108140) suffix: Checking for suffix after "@"
(108140) suffix: No '@' in User-Name = "amohova", looking up realm NULL
(108140) suffix: No such realm "NULL"
(108140) [suffix] = noop
(108140) [files] = noop
(108140) } # preacct = ok
(108140) # Executing section accounting from file /etc/freeradius/3.0/sites-enabled/default
(108140) accounting {
(108140) detail: EXPAND /var/log/freeradius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/detail-%Y%m%d
(108140) detail: --> /var/log/freeradius/radacct/10.10.3.232/detail-20200212
(108140) detail: /var/log/freeradius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/detail-%Y%m%d expands to /var/log/freeradius/radacct/10.10.3.232/detail-20200212
(108140) detail: EXPAND %t
(108140) detail: --> Wed Feb 12 17:40:11 2020
(108140) [detail] = ok
(108140) [unix] = ok
(108140) [exec] = noop
(108140) attr_filter.accounting_response: EXPAND %{User-Name}
(108140) attr_filter.accounting_response: --> amohova
(108140) attr_filter.accounting_response: Matched entry DEFAULT at line 12
(108140) [attr_filter.accounting_response] = updated
(108140) } # accounting = updated
(108140) Sent Accounting-Response Id 182 from 10.10.2.40:1813 to 10.10.3.232:32811 length 0
(108140) Finished request
(108140) Cleaning up request packet ID 182 with timestamp +200675
>Среда, 12 февраля 2020, 16:40 +03:00 от Alan DeKok <aland at deployingradius.com>:
>
>
>On Feb 12, 2020, at 7:00 AM, Сергей Черевко via Freeradius-Users < freeradius-users at lists.freeradius.org > wrote:
>>
>> Hi, sorry but i don’t understand where i shoud write correct values. in the «sites-enabled\default»? Or in ldap?
> The default configuration for the "ldap" module works. Don't change it unless you understand what you're changing, and why.
>
> On top of that, if you have issues with the server, RUN IT IN DEBUG MODE. *Every* piece of documentation says to do this.
>
> Alan DeKok.
>
More information about the Freeradius-Users
mailing list