Re[2]: Unifi wifi SSHA passwords freeradius

Сергей Черевко ink.dude at mail.ru
Wed Feb 12 15:43:43 CET 2020


Hi! I start freeradius -X
 
and here is logs
 
users «amohova», «dgalitskov» for example
 
(108138) Received Accounting-Request Id 181 from 10.10.3.232:32811 to 10.10.2.40:1813 length 191
(108138)   Acct-Status-Type = Start                                                                                      
(108138)   Acct-Authentic = RADIUS                                             
(108138)   User-Name = "amohova"                                                                                                                                                     
(108138)   NAS-IP-Address = 10.10.3.232   
(108138)   Framed-IP-Address = 10.10.60.202                                                     
(108138)   NAS-Identifier = "b4fbe4867b30"                             
(108138)   Called-Station-Id = "B4-FB-E4-86-7B-30:FC"
(108138)   NAS-Port-Type = Wireless-802.11
(108138)   Service-Type = Framed-User                        
(108138)   Calling-Station-Id = "F8-4E-73-1B-3F-BD"        
(108138)   Connect-Info = "CONNECT 0Mbps 802.11g"                                          
(108138)   Acct-Session-Id = "1C9CE0FE0511C51C"         
(108138)   WLAN-Pairwise-Cipher = 1027076                                                                                
(108138)   WLAN-Group-Cipher = 1027076                                                     
(108138)   WLAN-AKM-Suite = 1027073                                                                                                                                                  
(108138)   Event-Timestamp = "Feb 12 2020 17:40:08 MSK"          
(108138)   Acct-Delay-Time = 0                  
(108138) # Executing section preacct from file /etc/freeradius/3.0/sites-enabled/default        
(108138)   preacct {                  
(108138)     [preprocess] = ok     
(108138)     policy acct_unique {                            
(108138)       update request {                         
(108138)         &Tmp-String-9 := "ai:"                                   
(108138)       } # update request = noop                
(108138)       if (("%{hex:&Class}" =~ /^%{hex:&Tmp-String-9}/) &&          ("%{string:&Class}" =~ /^ai:([0-9a-f]{32})/i)) {
(108138)       EXPAND %{hex:&Class}                                                        
(108138)          -->                
(108138)       EXPAND ^%{hex:&Tmp-String-9}                      
(108138)          --> ^61693a                    
(108138)       if (("%{hex:&Class}" =~ /^%{hex:&Tmp-String-9}/) &&          ("%{string:&Class}" =~ /^ai:([0-9a-f]{32})/i))  -> FALSE
(108138)       else {                                                                   
(108138)         update request {                                
(108138)           EXPAND %{md5:%{User-Name},%{Acct-Session-ID},%{%{NAS-IPv6-Address}:-%{NAS-IP-Address}},%{NAS-Identifier},%{NAS-Port-ID},%{NAS-Port}}
(108138)              --> da23bf2eae0a20950b70b61b493c3156       
(108138)           &Acct-Unique-Session-Id := da23bf2eae0a20950b70b61b493c3156
(108138)         } # update request = noop                       
(108138)       } # else = noop                                   
(108138)     } # policy acct_unique = noop                                                                                  
(108138) suffix: Checking for suffix after "@"                   
(108138) suffix: No '@' in User-Name = "amohova", looking up realm NULL
(108138) suffix: No such realm "NULL"                                              
(108138)     [suffix] = noop        
(108138)     [files] = noop                                                                                                         
(108138)   } # preacct = ok                        
(108138) # Executing section accounting from file /etc/freeradius/3.0/sites-enabled/default
(108138)   accounting {                                                                                                                                
(108138) detail: EXPAND /var/log/freeradius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/detail-%Y%m%d
(108138) detail:    --> /var/log/freeradius/radacct/10.10.3.232/detail-20200212                                     
(108138) detail: /var/log/freeradius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/detail-%Y%m%d expands to /var/log/freeradius/radacct/10.10.3.232/detail-20200212
(108138) detail: EXPAND %t                                                                                                  
(108138) detail:    --> Wed Feb 12 17:40:08 2020
(108138)     [detail] = ok                    
(108138)     [unix] = ok                                                  
(108138)     [exec] = noop           
(108138) attr_filter.accounting_response: EXPAND %{User-Name}                                                                       
(108138) attr_filter.accounting_response:    --> amohova
(108138) attr_filter.accounting_response: Matched entry DEFAULT at line 12
(108138)     [attr_filter.accounting_response] = updated                                                                                               
(108138)   } # accounting = updated                                                             
(108138) Sent Accounting-Response Id 181 from 10.10.2.40:1813 to 10.10.3.232:32811 length 0                              
(108138) Finished request                                                      
(108138) Cleaning up request packet ID 181 with timestamp +200672                                                                                                                    
Waking up in 3.0 seconds.                 
(108139) Received Accounting-Request Id 174 from 10.10.3.233:40969 to 10.10.2.40:1813 length 242
(108139)   Acct-Status-Type = Stop                                     
(108139)   Acct-Authentic = RADIUS                   
(108139)   User-Name = "dgalitskov"       
(108139)   NAS-IP-Address = 10.10.3.233                      
(108139)   Framed-IP-Address = 10.10.60.54                 
(108139)   NAS-Identifier = "7483c271f552"                                                 
(108139)   Called-Station-Id = "74-83-C2-71-F5-52:FC"   
(108139)   NAS-Port-Type = Wireless-802.11                                                                               
(108139)   Service-Type = Framed-User                                                      
(108139)   Calling-Station-Id = "E4-B2-FB-44-EF-D6"                                                                                                                                  
(108139)   Connect-Info = "CONNECT 0Mbps 802.11a"                
(108139)   Acct-Session-Id = "B0CE1AA98E2E130C"
(108139)   WLAN-Pairwise-Cipher = 1027076                                                       
(108139)   WLAN-Group-Cipher = 1027076
(108139)   WLAN-AKM-Suite = 1027073
(108139)   Event-Timestamp = "Feb 12 2020 17:40:09 MSK"      
(108139)   Acct-Delay-Time = 0                          
(108139)   Acct-Session-Time = 207                                        
(108139)   Acct-Input-Packets = 22                      
(108139)   Acct-Output-Packets = 22                                                                                         
(108139)   Acct-Input-Octets = 2136                                                        
(108139)   Acct-Input-Gigawords = 0  
(108139)   Acct-Output-Octets = 6010                             
(108139)   Acct-Output-Gigawords = 0             
(108139)   Acct-Terminate-Cause = User-Request                                                                                      
(108139) # Executing section preacct from file /etc/freeradius/3.0/sites-enabled/default
(108139)   preacct {                                             
(108139)     [preprocess] = ok                                                                                                                         
(108139)     policy acct_unique {                                
(108139)       update request {                                               
(108139)         &Tmp-String-9 := "ai:"                          
(108139)       } # update request = noop                         
(108139)       if (("%{hex:&Class}" =~ /^%{hex:&Tmp-String-9}/) &&          ("%{string:&Class}" =~ /^ai:([0-9a-f]{32})/i)) {
(108139)       EXPAND %{hex:&Class}                              
(108139)          -->                                                  
(108139)       EXPAND ^%{hex:&Tmp-String-9}
(108139)          --> ^61693a       
(108139)       if (("%{hex:&Class}" =~ /^%{hex:&Tmp-String-9}/) &&          ("%{string:&Class}" =~ /^ai:([0-9a-f]{32})/i))  -> FALSE
(108139)       else {                              
(108139)         update request {                                                          
(108139)           EXPAND %{md5:%{User-Name},%{Acct-Session-ID},%{%{NAS-IPv6-Address}:-%{NAS-IP-Address}},%{NAS-Identifier},%{NAS-Port-ID},%{NAS-Port}}
(108139)              --> 116a41339a3b573987c5fd7f78ea55cf                                                               
(108139)           &Acct-Unique-Session-Id := 116a41339a3b573987c5fd7f78ea55cf                                      
(108139)         } # update request = noop                                                                                                                                           
(108139)       } # else = noop                                                                                              
(108139)     } # policy acct_unique = noop      
(108139) suffix: Checking for suffix after "@"
(108139) suffix: No '@' in User-Name = "dgalitskov", looking up realm NULL
(108139) suffix: No such realm "NULL"
(108139)     [suffix] = noop                                                                                                        
(108139)     [files] = noop                             
(108139)   } # preacct = ok                                               
(108139) # Executing section accounting from file /etc/freeradius/3.0/sites-enabled/default                                                            
(108139)   accounting {                                                                         
(108139) detail: EXPAND /var/log/freeradius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/detail-%Y%m%d
(108139) detail:    --> /var/log/freeradius/radacct/10.10.3.233/detail-20200212
(108139) detail: /var/log/freeradius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/detail-%Y%m%d expands to /var/log/freeradius/radacct/10.10.3.233/detail-20200212
(108139) detail: EXPAND %t                
(108139) detail:    --> Wed Feb 12 17:40:09 2020                                                
(108139)     [detail] = ok                                             
(108139)     [unix] = ok                             
(108139)     [exec] = noop                
(108139) attr_filter.accounting_response: EXPAND %{User-Name}
(108139) attr_filter.accounting_response:    --> dgalitskov
(108139) attr_filter.accounting_response: Matched entry DEFAULT at line 12                 
(108139)     [attr_filter.accounting_response] = updated
(108139)   } # accounting = updated                                                                                      
(108139) Sent Accounting-Response Id 174 from 10.10.2.40:1813 to 10.10.3.233:40969 length 0
(108139) Finished request                                                                                                                                                            
(108139) Cleaning up request packet ID 174 with timestamp +200673
Waking up in 2.4 seconds.                       
(108140) Received Accounting-Request Id 182 from 10.10.3.232:32811 to 10.10.2.40:1813 length 233
(108140)   Acct-Status-Type = Stop    
(108140)   Acct-Authentic = RADIUS
(108140)   User-Name = "amohova"                             
(108140)   NAS-IP-Address = 10.10.3.232                 
(108140)   Framed-IP-Address = 10.10.60.202                               
(108140)   NAS-Identifier = "b4fbe4867b30"              
(108140)   Called-Station-Id = "B4-FB-E4-86-7B-30:FC"                                                                       
(108140)   NAS-Port-Type = Wireless-802.11                                                 
(108140)   Service-Type = Framed-User
(108140)   Calling-Station-Id = "F8-4E-73-1B-3F-BD"              
(108140)   Connect-Info = "CONNECT 0Mbps 802.11g"
(108140)   Acct-Session-Id = "1C9CE0FE0511C51C"                                                                                     
(108140)   WLAN-Pairwise-Cipher = 1027076                                               
(108140)   WLAN-Group-Cipher = 1027076                           
(108140)   WLAN-AKM-Suite = 1027073                                                                                                                    
(108140)   Event-Timestamp = "Feb 12 2020 17:40:11 MSK"          
(108140)   Acct-Delay-Time = 0                                                
(108140)   Acct-Session-Time = 2                                 
(108140)   Acct-Input-Packets = 239                              
(108140)   Acct-Output-Packets = 213                                                                                        
(108140)   Acct-Input-Octets = 61174                             
(108140)   Acct-Input-Gigawords = 0                                    
(108140)   Acct-Output-Octets = 54537      
(108140)   Acct-Output-Gigawords = 0
(108140) # Executing section preacct from file /etc/freeradius/3.0/sites-enabled/default                                            
(108140)   preacct {                               
(108140)     [preprocess] = ok                                                             
(108140)     policy acct_unique {                                                                                                                      
(108140)       update request {                                                                                          
(108140)         &Tmp-String-9 := "ai:"                                                                             
(108140)       } # update request = noop                                                                                                                                             
(108140)       if (("%{hex:&Class}" =~ /^%{hex:&Tmp-String-9}/) &&          ("%{string:&Class}" =~ /^ai:([0-9a-f]{32})/i)) {
(108140)       EXPAND %{hex:&Class}             
(108140)          -->                         
(108140)       EXPAND ^%{hex:&Tmp-String-9}                               
(108140)          --> ^61693a        
(108140)       if (("%{hex:&Class}" =~ /^%{hex:&Tmp-String-9}/) &&          ("%{string:&Class}" =~ /^ai:([0-9a-f]{32})/i))  -> FALSE
(108140)       else {                                   
(108140)         update request {                                         
(108140)           EXPAND %{md5:%{User-Name},%{Acct-Session-ID},%{%{NAS-IPv6-Address}:-%{NAS-IP-Address}},%{NAS-Identifier},%{NAS-Port-ID},%{NAS-Port}}
(108140)              --> da23bf2eae0a20950b70b61b493c3156                                      
(108140)           &Acct-Unique-Session-Id := da23bf2eae0a20950b70b61b493c3156                                           
(108140)         } # update request = noop                                     
(108140)       } # else = noop                                                                                                                                                       
(108140)     } # policy acct_unique = noop
(108140) suffix: Checking for suffix after "@"                                                  
(108140) suffix: No '@' in User-Name = "amohova", looking up realm NULL
(108140) suffix: No such realm "NULL"                
(108140)     [suffix] = noop              
(108140)     [files] = noop                                  
(108140)   } # preacct = ok                                
(108140) # Executing section accounting from file /etc/freeradius/3.0/sites-enabled/default
(108140)   accounting {                                 
(108140) detail: EXPAND /var/log/freeradius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/detail-%Y%m%d
(108140) detail:    --> /var/log/freeradius/radacct/10.10.3.232/detail-20200212            
(108140) detail: /var/log/freeradius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/detail-%Y%m%d expands to /var/log/freeradius/radacct/10.10.3.232/detail-20200212
(108140) detail: EXPAND %t                                       
(108140) detail:    --> Wed Feb 12 17:40:11 2020
(108140)     [detail] = ok                                                                      
(108140)     [unix] = ok              
(108140)     [exec] = noop         
(108140) attr_filter.accounting_response: EXPAND %{User-Name}
(108140) attr_filter.accounting_response:    --> amohova
(108140) attr_filter.accounting_response: Matched entry DEFAULT at line 12
(108140)     [attr_filter.accounting_response] = updated
(108140)   } # accounting = updated                                                                                         
(108140) Sent Accounting-Response Id 182 from 10.10.2.40:1813 to 10.10.3.232:32811 length 0
(108140) Finished request            
(108140) Cleaning up request packet ID 182 with timestamp +200675
  
>Среда, 12 февраля 2020, 16:40 +03:00 от Alan DeKok <aland at deployingradius.com>:
> 
>
>On Feb 12, 2020, at 7:00 AM, Сергей Черевко via Freeradius-Users < freeradius-users at lists.freeradius.org > wrote:
>>
>> Hi, sorry but i don’t understand where i shoud write correct values. in the «sites-enabled\default»? Or in ldap?
>  The default configuration for the "ldap" module works. Don't change it unless you understand what you're changing, and why.
>
>  On top of that, if you have issues with the server, RUN IT IN DEBUG MODE. *Every* piece of documentation says to do this.
>
>  Alan DeKok.
>  
 
 
 
 


More information about the Freeradius-Users mailing list