Nie jesteś zalogowany.
Jeśli nie posiadasz konta, zarejestruj je już teraz! Pozwoli Ci ono w pełni korzystać z naszego serwisu. Spamerom dziękujemy!
Ogłoszenie
Prosimy o pomoc dla małej Julki — przekaż 1% podatku na Fundacji Dzieciom zdazyć z Pomocą.
Więcej informacji na dug.net.pl/pomagamy/.
#51 2007-04-02 12:02:10
szewczyk - 
Stary wyjadacz :P
- szewczyk
- Stary wyjadacz :P
- Zarejestrowany: 2006-12-03
Re: radius z czym to sie je ?
Jak zrobić w radius aby powiązać mac klienta z jego IP dla serwera PPPoE.
chodzi mi o to aby userzy nie logowali sie wielokrotnie na to samo konto oraz niewymieniali kontami midzy sobą
Offline
#52 2007-05-01 20:35:21
ukasz - Użytkownik
- ukasz
- Użytkownik
- Skąd: wroclaw
- Zarejestrowany: 2006-06-21
Re: radius z czym to sie je ?
przymiezylem sie do dialupadmina i powiem ze kupsko.
Kod:
ukasz:/usr/share/freeradius-dialupadmin/sql# mysql -u radius -p radius < badusers.sql Enter password: ERROR 1067 (42000) at line 4: Invalid default value for 'id'
jak wy dodajecie odejmujecie userow w radiusie uzywajacym mysqla ?
[img]http://wiblo.pl/wilk/userbars/debian_user_black.png[/img]
Offline
#53 2007-05-02 00:06:03
szewczyk - Stary wyjadacz :P
- szewczyk
- Stary wyjadacz :P
- Zarejestrowany: 2006-12-03
Re: radius z czym to sie je ?
wywal default z bazy , tu objaśnienie : http://forums.mysql.com/read.php?121,85307,93507
Offline
#54 2007-09-05 11:27:24
masonix - Użytkownik
- masonix
- Użytkownik
- Skąd: Bielsko-Biała
- Zarejestrowany: 2006-04-07
Re: radius z czym to sie je ?
Mam zainstalowanego radiusa z repo z etcha skonfigurowany jest na utoryzację PEAP bez baz danych
Wszystko niby ok ale przy radteście mnie nie wpuszcza:
Kod:
krzysiek:~# radtest 127.0.0.1 testing123 127.0.0.1 0 testing123
Sending Access-Request of id 40 to 127.0.0.1 port 1812
User-Name = "127.0.0.1"
User-Password = "testing123"
NAS-IP-Address = 255.255.255.255
NAS-Port = 0
Re-sending Access-Request of id 40 to 127.0.0.1 port 1812
User-Name = "127.0.0.1"
User-Password = "testing123"
NAS-IP-Address = 255.255.255.255
NAS-Port = 0
rad_recv: Access-Reject packet from host 127.0.0.1:1812, id=40, length=20
Kod:
Mon Aug 20 23:02:56 2007 : Info: Using deprecated naslist file. Support for this will go away soon. Mon Aug 20 23:02:56 2007 : Info: rlm_exec: Wait=yes but no output defined. Did you mean output=none? Mon Aug 20 23:02:57 2007 : Info: Ready to process requests. Tue Aug 21 12:58:21 2007 : Auth: Login incorrect: [127.0.0.1/testing123] (from client localhost port 0)
konfigi mam defaultowe a peap mam ustawiony tak http://canabsd.org/wp-content/files/radius/eap.conf.txt
Ale dlaczego mnie nie wpuszcza?
[url=http://userbars.org][img]http://img209.imageshack.us/img209/3974/debiancu6.png[/img][/url]
[url=http://userbars.org][img]http://img89.imageshack.us/img89/6861/bashqm1.png[/img][/url]
Offline
#55 2008-05-04 17:38:04
siarka2107 - Użyszkodnik DUG
- siarka2107
- Użyszkodnik DUG
- Skąd: Warszawa
- Zarejestrowany: 2006-04-05
Re: radius z czym to sie je ?
mam problem z połączeniem radiusa z pppoe, nie chce tego opierać na bazie danych tylko na pliku users, moje configi wyglądają tak:
[url=http://paste.org/index.php?id=2752]radius.conf[/url]
[url=http://paste.org/index.php?id=2753]client.conf[/url]
[url=http://paste.org/index.php?id=2754]eap.conf[/url]
[url=http://paste.org/index.php?id=2755]users[/url]
błąd jaki mi wywala przy próbie wdzwonienia nalogin:siarka haslo:zaqwsx
jest następujący:
Kod:
Trwa weryfikowanie nazwy użytkownika i hasła... Błąd 691: Dosęp został wzbroniony ponieważ nazwa użytkownika i/lub hasło nie są prawidłowe w tej domenie.
polecenie daje następujące wyniki
Kod:
debian1:/home/siarka# radtest siarka zaqwsx localhost 0 zaqwsx
Sending Access-Request of id 254 to 127.0.0.1 port 1812
User-Name = "siarka"
User-Password = "zaqwsx"
NAS-IP-Address = 255.255.255.255
NAS-Port = 0
Re-sending Access-Request of id 254 to 127.0.0.1 port 1812
User-Name = "siarka"
User-Password = "zaqwsx"
NAS-IP-Address = 255.255.255.255
NAS-Port = 0
rad_recv: Access-Reject packet from host 127.0.0.1:1812, id=254, length=20
rad_verify: Received Access-Reject packet from client 127.0.0.1 port 1812 with invalid signature (err=2)! (Shared secret is incorrect.)
debian1:/home/siarka#ma ktoś może jakies pomysły
Offline
#56 2008-05-10 12:49:37
siarka2107 - Użyszkodnik DUG
- siarka2107
- Użyszkodnik DUG
- Skąd: Warszawa
- Zarejestrowany: 2006-04-05
Re: radius z czym to sie je ?
no ok robie to na mysql, jak testuje usera z serwera radtestem to jest ok:
Kod:
debian1:/usr/share/freeradius-dialupadmin/sql# radtest siarka zaqwsx 127.0.0.1 0 testing123
Sending Access-Request of id 16 to 127.0.0.1 port 1812
User-Name = "siarka"
User-Password = "zaqwsx"
NAS-IP-Address = 255.255.255.255
NAS-Port = 0
rad_recv: Access-Accept packet from host 127.0.0.1:1812, id=16, length=44
Framed-Protocol = PPP
Framed-IP-Address = 10.0.128.11
Framed-MTU = 1492
Framed-IP-Netmask = 255.255.255.254a to log z serwera radius:
Kod:
Starting - reading configuration files ...
reread_config: reading radiusd.conf
Config: including file: /etc/freeradius/proxy.conf
Config: including file: /etc/freeradius/clients.conf
Config: including file: /etc/freeradius/snmp.conf
Config: including file: /etc/freeradius/eap.conf
Config: including file: /etc/freeradius/sql.conf
main: prefix = "/usr"
main: localstatedir = "/var"
main: logdir = "/var/log/freeradius"
main: libdir = "/usr/lib/freeradius"
main: radacctdir = "/var/log/freeradius/radacct"
main: hostname_lookups = no
main: snmp = no
main: max_request_time = 30
main: cleanup_delay = 5
main: max_requests = 1024
main: delete_blocked_requests = 0
main: port = 0
main: allow_core_dumps = no
main: log_stripped_names = no
main: log_file = "/var/log/freeradius/radius.log"
main: log_auth = no
main: log_auth_badpass = no
main: log_auth_goodpass = no
main: pidfile = "/var/run/freeradius/freeradius.pid"
main: user = "freerad"
main: group = "freerad"
main: usercollide = no
main: lower_user = "no"
main: lower_pass = "no"
main: nospace_user = "no"
main: nospace_pass = "no"
main: checkrad = "/usr/sbin/checkrad"
main: proxy_requests = yes
proxy: retry_delay = 5
proxy: retry_count = 3
proxy: synchronous = no
proxy: default_fallback = yes
proxy: dead_time = 120
proxy: post_proxy_authorize = no
proxy: wake_all_if_all_dead = no
security: max_attributes = 200
security: reject_delay = 1
security: status_server = no
main: debug_level = 0
read_config_files: reading dictionary
read_config_files: reading naslist
Using deprecated naslist file. Support for this will go away soon.
read_config_files: reading clients
read_config_files: reading realms
radiusd: entering modules setup
Module: Library search path is /usr/lib/freeradius
Module: Loaded eap
eap: default_eap_type = "peap"
eap: timer_expire = 60
eap: ignore_unknown_eap_types = no
eap: cisco_accounting_username_bug = no
tls: rsa_key_exchange = no
tls: dh_key_exchange = yes
tls: rsa_key_length = 512
tls: dh_key_length = 512
tls: verify_depth = 0
tls: CA_path = "(null)"
tls: pem_file_type = yes
tls: private_key_file = "/etc/freeradius/certs/cert-srv.pem"
tls: certificate_file = "/etc/freeradius/certs/cert-srv.pem"
tls: CA_file = "/etc/freeradius/certs/demoCA/cacert.pem"
tls: private_key_password = "whatever"
tls: dh_file = "/etc/freeradius/certs/dh"
tls: random_file = "/etc/freeradius/certs/random"
tls: fragment_size = 1024
tls: include_length = yes
tls: check_crl = no
tls: check_cert_cn = "(null)"
tls: cipher_list = "(null)"
tls: check_cert_issuer = "(null)"
rlm_eap_tls: Loading the certificate file as a chain
WARNING: rlm_eap_tls: Unable to set DH parameters. DH cipher suites may not work!
WARNING: Fix this by running the OpenSSL command listed in eap.conf
rlm_eap: Loaded and initialized type tls
peap: default_eap_type = "mschapv2"
peap: copy_request_to_tunnel = no
peap: use_tunneled_reply = no
peap: proxy_tunneled_request_as_eap = yes
rlm_eap: Loaded and initialized type peap
mschapv2: with_ntdomain_hack = no
rlm_eap: Loaded and initialized type mschapv2
Module: Instantiated eap (eap)
Module: Loaded MS-CHAP
mschap: use_mppe = no
mschap: require_encryption = no
mschap: require_strong = no
mschap: with_ntdomain_hack = no
mschap: passwd = "(null)"
mschap: ntlm_auth = "(null)"
Module: Instantiated mschap (mschap)
Module: Loaded SQL
sql: driver = "rlm_sql_mysql"
sql: server = "localhost"
sql: port = ""
sql: login = "root"
sql: password = "miki"
sql: radius_db = "radius"
sql: nas_table = "nas"
sql: sqltrace = no
sql: sqltracefile = "/var/log/freeradius/sqltrace.sql"
sql: readclients = no
sql: deletestalesessions = yes
sql: num_sql_socks = 5
sql: sql_user_name = "%{User-Name}"
sql: default_user_profile = ""
sql: query_on_not_found = no
sql: authorize_check_query = "SELECT id, UserName, Attribute, Value, op FROM radcheck WHERE Username = '%{SQL-User-Name}' ORDER BY id"
sql: authorize_reply_query = "SELECT id, UserName, Attribute, Value, op FROM radreply WHERE Username = '%{SQL-User-Name}' ORDER BY id"
sql: authorize_group_check_query = "SELECT radgroupcheck.id,radgroupcheck.GroupName,radgroupcheck.Attribute,radgroupcheck.Value,radgroupcheck.op FROM radgroupcheck,usergroup WHERE usergroup.Username = '%{SQL-User-Name}' AND usergroup.GroupName = radgroupcheck.GroupName ORDER BY radgroupcheck.id"
sql: authorize_group_reply_query = "SELECT radgroupreply.id,radgroupreply.GroupName,radgroupreply.Attribute,radgroupreply.Value,radgroupreply.op FROM radgroupreply,usergroup WHERE usergroup.Username = '%{SQL-User-Name}' AND usergroup.GroupName = radgroupreply.GroupName ORDER BY radgroupreply.id"
sql: accounting_onoff_query = "UPDATE radacct SET AcctStopTime='%S', AcctSessionTime=unix_timestamp('%S') - unix_timestamp(AcctStartTime), AcctTerminateCause='%{Acct-Terminate-Cause}', AcctStopDelay = '%{Acct-Delay-Time}' WHERE AcctSessionTime=0 AND AcctStopTime=0 AND NASIPAddress= '%{NAS-IP-Address}' AND AcctStartTime <= '%S'"
sql: accounting_update_query = " UPDATE radacct SET FramedIPAddress = '%{Framed-IP-Address}', AcctSessionTime = '%{Acct-Session-Time}', AcctInputOctets = '%{Acct-Input-Gigawords:-0}' << 32 | '%{Acct-Input-Octets:-0}', AcctOutputOctets = '%{Acct-Output-Gigawords:-0}' << 32 | '%{Acct-Output-Octets:-0}' WHERE AcctSessionId = '%{Acct-Session-Id}' AND UserName = '%{SQL-User-Name}' AND NASIPAddress = '%{NAS-IP-Address}'"
sql: accounting_update_query_alt = " INSERT INTO radacct (AcctSessionId, AcctUniqueId, UserName, Realm, NASIPAddress, NASPortId, NASPortType, AcctStartTime, AcctSessionTime, AcctAuthentic, ConnectInfo_start, AcctInputOctets, AcctOutputOctets, CalledStationId, CallingStationId, ServiceType, FramedProtocol, FramedIPAddress, AcctStartDelay, XAscendSessionSvrKey) VALUES ('%{Acct-Session-Id}', '%{Acct-Unique-Session-Id}', '%{SQL-User-Name}', '%{Realm}', '%{NAS-IP-Address}', '%{NAS-Port}', '%{NAS-Port-Type}', DATE_SUB('%S', INTERVAL (%{Acct-Session-Time:-0} + %{Acct-Delay-Time:-0}) SECOND), '%{Acct-Session-Time}', '%{Acct-Authentic}', '', '%{Acct-Input-Gigawords:-0}' << 32 | '%{Acct-Input-Octets:-0}', '%{Acct-Output-Gigawords:-0}' << 32 | '%{Acct-Output-Octets:-0}', '%{Called-Station-Id}', '%{Calling-Station-Id}', '%{Service-Type}', '%{Framed-Protocol}', '%{Framed-IP-Address}', '0', '%{X-Ascend-Session-Svr-Key}')"
sql: accounting_start_query = " INSERT INTO radacct (AcctSessionId, AcctUniqueId, UserName, Realm, NASIPAddress, NASPortId, NASPortType, AcctStartTime, AcctStopTime, AcctSessionTime, AcctAuthentic, ConnectInfo_start, ConnectInfo_stop, AcctInputOctets, AcctOutputOctets, CalledStationId, CallingStationId, AcctTerminateCause, ServiceType, FramedProtocol, FramedIPAddress, AcctStartDelay, AcctStopDelay, XAscendSessionSvrKey) VALUES ('%{Acct-Session-Id}', '%{Acct-Unique-Session-Id}', '%{SQL-User-Name}', '%{Realm}', '%{NAS-IP-Address}', '%{NAS-Port}', '%{NAS-Port-Type}', '%S', '0', '0', '%{Acct-Authentic}', '%{Connect-Info}', '', '0', '0', '%{Called-Station-Id}', '%{Calling-Station-Id}', '', '%{Service-Type}', '%{Framed-Protocol}', '%{Framed-IP-Address}', '%{Acct-Delay-Time:-0}', '0', '%{X-Ascend-Session-Svr-Key}')"
sql: accounting_start_query_alt = "UPDATE radacct SET AcctStartTime = '%S', AcctStartDelay = '%{Acct-Delay-Time}', ConnectInfo_start = '%{Connect-Info}' WHERE AcctSessionId = '%{Acct-Session-Id}' AND UserName = '%{SQL-User-Name}' AND NASIPAddress = '%{NAS-IP-Address}'"
sql: accounting_stop_query = " UPDATE radacct SET AcctStopTime = '%S', AcctSessionTime = '%{Acct-Session-Time}', AcctInputOctets = '%{Acct-Input-Gigawords:-0}' << 32 | '%{Acct-Input-Octets:-0}', AcctOutputOctets = '%{Acct-Output-Gigawords:-0}' << 32 | '%{Acct-Output-Octets:-0}', AcctTerminateCause = '%{Acct-Terminate-Cause}', AcctStopDelay = '%{Acct-Delay-Time:-0}', ConnectInfo_stop = '%{Connect-Info}' WHERE AcctSessionId = '%{Acct-Session-Id}' AND UserName = '%{SQL-User-Name}' AND NASIPAddress = '%{NAS-IP-Address}'"
sql: accounting_stop_query_alt = " INSERT INTO radacct (AcctSessionId, AcctUniqueId, UserName, Realm, NASIPAddress, NASPortId, NASPortType, AcctStartTime, AcctStopTime, AcctSessionTime, AcctAuthentic, ConnectInfo_start, ConnectInfo_stop, AcctInputOctets, AcctOutputOctets, CalledStationId, CallingStationId, AcctTerminateCause, ServiceType, FramedProtocol, FramedIPAddress, AcctStartDelay, AcctStopDelay) VALUES ('%{Acct-Session-Id}', '%{Acct-Unique-Session-Id}', '%{SQL-User-Name}', '%{Realm}', '%{NAS-IP-Address}', '%{NAS-Port}', '%{NAS-Port-Type}', DATE_SUB('%S', INTERVAL (%{Acct-Session-Time:-0} + %{Acct-Delay-Time:-0}) SECOND), '%S', '%{Acct-Session-Time}', '%{Acct-Authentic}', '', '%{Connect-Info}', '%{Acct-Input-Gigawords:-0}' << 32 | '%{Acct-Input-Octets:-0}', '%{Acct-Output-Gigawords:-0}' << 32 | '%{Acct-Output-Octets:-0}', '%{Called-Station-Id}', '%{Calling-Station-Id}', '%{Acct-Terminate-Cause}', '%{Service-Type}', '%{Framed-Protocol}', '%{Framed-IP-Address}', '0', '%{Acct-Delay-Time:-0}')"
sql: group_membership_query = "SELECT GroupName FROM usergroup WHERE UserName='%{SQL-User-Name}'"
sql: connect_failure_retry_delay = 60
sql: simul_count_query = ""
sql: simul_verify_query = "SELECT RadAcctId, AcctSessionId, UserName, NASIPAddress, NASPortId, FramedIPAddress, CallingStationId, FramedProtocol FROM radacct WHERE UserName='%{SQL-User-Name}' AND AcctStopTime = 0"
sql: postauth_query = "INSERT into radpostauth (user, pass, reply, date) values ('%{User-Name}', '%{User-Password:-Chap-Password}', '%{reply:Packet-Type}', NOW())"
sql: safe-characters = "@abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789.-_: /"
rlm_sql (sql): Driver rlm_sql_mysql (module rlm_sql_mysql) loaded and linked
rlm_sql (sql): Attempting to connect to root@localhost:/radius
rlm_sql (sql): starting 0
rlm_sql (sql): Attempting to connect rlm_sql_mysql #0
rlm_sql_mysql: Starting connect to MySQL server for #0
rlm_sql (sql): Connected new DB handle, #0
rlm_sql (sql): starting 1
rlm_sql (sql): Attempting to connect rlm_sql_mysql #1
rlm_sql_mysql: Starting connect to MySQL server for #1
rlm_sql (sql): Connected new DB handle, #1
rlm_sql (sql): starting 2
rlm_sql (sql): Attempting to connect rlm_sql_mysql #2
rlm_sql_mysql: Starting connect to MySQL server for #2
rlm_sql (sql): Connected new DB handle, #2
rlm_sql (sql): starting 3
rlm_sql (sql): Attempting to connect rlm_sql_mysql #3
rlm_sql_mysql: Starting connect to MySQL server for #3
rlm_sql (sql): Connected new DB handle, #3
rlm_sql (sql): starting 4
rlm_sql (sql): Attempting to connect rlm_sql_mysql #4
rlm_sql_mysql: Starting connect to MySQL server for #4
rlm_sql (sql): Connected new DB handle, #4
Module: Instantiated sql (sql)
Module: Loaded radutmp
radutmp: filename = "/var/log/freeradius/radutmp"
radutmp: username = "%{User-Name}"
radutmp: case_sensitive = yes
radutmp: check_with_nas = yes
radutmp: perm = 384
radutmp: callerid = yes
Module: Instantiated radutmp (radutmp)
Listening on authentication *:1812
Listening on accounting *:1813
Ready to process requests.
rad_recv: Access-Request packet from host 127.0.0.1:32817, id=30, length=58
User-Name = "siarka"
User-Password = "zaqwsx"
NAS-IP-Address = 255.255.255.255
NAS-Port = 0
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 0
radius_xlat: 'siarka'
rlm_sql (sql): sql_set_user escaped user --> 'siarka'
radius_xlat: 'SELECT id, UserName, Attribute, Value, op FROM radcheck WHERE Username = 'siarka' ORDER BY id'
rlm_sql (sql): Reserving sql socket id: 4
radius_xlat: 'SELECT radgroupcheck.id,radgroupcheck.GroupName,radgroupcheck.Attribute,radgroupcheck.Value,radgroupcheck.op FROM radgroupcheck,usergroup WHERE usergroup.Username = 'siarka' AND usergroup.GroupName = radgroupcheck.GroupName ORDER BY radgroupcheck.id'
radius_xlat: 'SELECT id, UserName, Attribute, Value, op FROM radreply WHERE Username = 'siarka' ORDER BY id'
radius_xlat: 'SELECT radgroupreply.id,radgroupreply.GroupName,radgroupreply.Attribute,radgroupreply.Value,radgroupreply.op FROM radgroupreply,usergroup WHERE usergroup.Username = 'siarka' AND usergroup.GroupName = radgroupreply.GroupName ORDER BY radgroupreply.id'
rlm_sql (sql): Released sql socket id: 4
modcall[authorize]: module "sql" returns ok for request 0
modcall[authorize]: module "mschap" returns noop for request 0
modcall: leaving group authorize (returns ok) for request 0
auth: type Local
auth: user supplied User-Password matches local User-Password
Sending Access-Accept of id 30 to 127.0.0.1 port 32817
Framed-Protocol = PPP
Framed-IP-Address = 10.0.128.11
Framed-MTU = 1492
Framed-IP-Netmask = 255.255.255.254
Finished request 0
Going to the next request
--- Walking the entire request list ---
Waking up in 6 seconds...
--- Walking the entire request list ---
Cleaning up request 0 ID 30 with timestamp 48256824
Nothing to do. Sleeping until we see a request.natomiast jak loguje się z windowsa dostaje błąd taki jak w poście wyżej, a radius odpalony freeradius -X nie zwraca nic, tak jakby serwer pppoe nie komunikował się z nim, moje pliki konfiguracyjne to
Kod:
#radius.conf
prefix = /usr
exec_prefix = /usr
sysconfdir = /etc
localstatedir = /var
sbindir = ${exec_prefix}/sbin
logdir = /var/log/freeradius
raddbdir = /etc/freeradius
radacctdir = ${logdir}/radacct
confdir = ${raddbdir}
run_dir = ${localstatedir}/run/freeradius
log_file = ${logdir}/radius.log
libdir = /usr/lib/freeradius
pidfile = ${run_dir}/freeradius.pid
user = freerad
group = freerad
max_request_time = 30
delete_blocked_requests = no
cleanup_delay = 5
max_requests = 1024
bind_address = *
port = 0
hostname_lookups = no
allow_core_dumps = no
regular_expressions = yes
extended_expressions = yes
log_stripped_names = no
log_auth = no
log_auth_badpass = no
log_auth_goodpass = no
usercollide = no
lower_user = no
lower_pass = no
nospace_user = no
nospace_pass = no
checkrad = ${sbindir}/checkrad
security {
max_attributes = 200
reject_delay = 1
status_server = no
}
proxy_requests = yes
$INCLUDE ${confdir}/proxy.conf
$INCLUDE ${confdir}/clients.conf
snmp = no
$INCLUDE ${confdir}/snmp.conf
thread pool {
start_servers = 5
max_servers = 32
min_spare_servers = 3
max_spare_servers = 10
max_requests_per_server = 0
}
modules {
pap {
encryption_scheme = clear
}
chap {
authtype = CHAP
}
$INCLUDE ${confdir}/eap.conf
mschap {
authtype = MS-CHAP
use_mppe = no
with_ntdomain_hack = no
}
realm suffix {
format = suffix
delimiter = "@"
ignore_default = no
ignore_null = no
}
preprocess {
huntgroups = ${confdir}/huntgroups
hints = ${confdir}/hints
with_ascend_hack = no
ascend_channels_per_line = 23
with_ntdomain_hack = no
with_specialix_jetstream_hack = no
with_cisco_vsa_hack = no
}
detail {
detailfile = ${radacctdir}/%{Client-IP-Address}/detail-%Y%m%d
detailperm = 0600
}
$INCLUDE ${confdir}/sql.conf
radutmp {
filename = ${logdir}/radutmp
username = %{User-Name}
case_sensitive = yes
check_with_nas = yes
perm = 0600
callerid = "yes"
}
radutmp sradutmp {
filename = ${logdir}/sradutmp
perm = 0644
callerid = "no"
}
attr_filter {
attrsfile = ${confdir}/attrs
}
counter daily {
filename = ${raddbdir}/db.daily
key = User-Name
count-attribute = Acct-Session-Time
reset = daily
counter-name = Daily-Session-Time
check-name = Max-Daily-Session
allowed-servicetype = Framed-User
cache-size = 5000
}
sqlcounter dailycounter {
counter-name = Daily-Session-Time
check-name = Max-Daily-Session
sqlmod-inst = sql
key = User-Name
reset = daily
query = "SELECT SUM(AcctSessionTime - \
GREATEST((%b - UNIX_TIMESTAMP(AcctStartTime)), 0)) \
FROM radacct WHERE UserName='%{%k}' AND \
UNIX_TIMESTAMP(AcctStartTime) + AcctSessionTime > '%b'"
}
sqlcounter monthlycounter {
counter-name = Monthly-Session-Time
check-name = Max-Monthly-Session
sqlmod-inst = sql
key = User-Name
reset = monthly
query = "SELECT SUM(AcctSessionTime - \
GREATEST((%b - UNIX_TIMESTAMP(AcctStartTime)), 0)) \
FROM radacct WHERE UserName='%{%k}' AND \
UNIX_TIMESTAMP(AcctStartTime) + AcctSessionTime > '%b'"
}
always fail {
rcode = fail
}
always reject {
rcode = reject
}
always ok {
rcode = ok
simulcount = 0
mpp = no
}
expr {
}
digest {
}
exec {
wait = yes
input_pairs = request
}
exec echo {
wait = yes
program = "/bin/echo %{User-Name}"
input_pairs = request
output_pairs = reply
}
}
instantiate {
}
authorize {
sql
mschap
}
authenticate {
eap
mschap
}
preacct {
}
accounting {
sql
}
session {
radutmp
}
post-auth {
}
pre-proxy {
}
post-proxy {
}Kod:
#clients.conf
client 127.0.0.1 {
secret = testing123
shortname = localhost
}Kod:
#eap.conf
eap {
default_eap_type = peap
timer_expire = 60
ignore_unknown_eap_types = no
cisco_accounting_username_bug = no
tls {
private_key_password = whatever
private_key_file = ${raddbdir}/certs/cert-srv.pem
certificate_file = ${raddbdir}/certs/cert-srv.pem
CA_file = ${raddbdir}/certs/demoCA/cacert.pem
dh_file = ${raddbdir}/certs/dh
random_file = ${raddbdir}/certs/random
}
peap {
default_eap_type = mschapv2
}
mschapv2 {
}
}Kod:
#sql.conf
sql {
driver = "rlm_sql_mysql"
server = "localhost"
login = "root"
password = "miki"
radius_db = "radius"
acct_table1 = "radacct"
acct_table2 = "radacct"
postauth_table = "radpostauth"
authcheck_table = "radcheck"
authreply_table = "radreply"
groupcheck_table = "radgroupcheck"
groupreply_table = "radgroupreply"
usergroup_table = "usergroup"
nas_table = "nas"
deletestalesessions = yes
sqltrace = no
sqltracefile = ${logdir}/sqltrace.sql
num_sql_socks = 5
connect_failure_retry_delay = 60
sql_user_name = "%{User-Name}"
authorize_check_query = "SELECT id, UserName, Attribute, Value, op \
FROM ${authcheck_table} \
WHERE Username = '%{SQL-User-Name}' \
ORDER BY id"
authorize_reply_query = "SELECT id, UserName, Attribute, Value, op \
FROM ${authreply_table} \
WHERE Username = '%{SQL-User-Name}' \
ORDER BY id"
authorize_group_check_query = "SELECT ${groupcheck_table}.id,${groupcheck_table}.GroupName,${groupcheck_table}.Attri$
authorize_group_reply_query = "SELECT ${groupreply_table}.id,${groupreply_table}.GroupName,${groupreply_table}.Attri$
accounting_onoff_query = "UPDATE ${acct_table1} SET AcctStopTime='%S', AcctSessionTime=unix_timestamp('%S') - unix_t$
accounting_update_query = " \
UPDATE ${acct_table1} \
SET \
FramedIPAddress = '%{Framed-IP-Address}', \
AcctSessionTime = '%{Acct-Session-Time}', \
AcctInputOctets = '%{Acct-Input-Gigawords:-0}' << 32 | \
'%{Acct-Input-Octets:-0}', \
AcctOutputOctets = '%{Acct-Output-Gigawords:-0}' << 32 | \
'%{Acct-Output-Octets:-0}' \
WHERE AcctSessionId = '%{Acct-Session-Id}' \
AND UserName = '%{SQL-User-Name}' \
AND NASIPAddress = '%{NAS-IP-Address}'"
accounting_update_query_alt = " \
INSERT INTO ${acct_table1} \
(AcctSessionId, AcctUniqueId, UserName, \
Realm, NASIPAddress, NASPortId, \
NASPortType, AcctStartTime, AcctSessionTime, \
AcctAuthentic, ConnectInfo_start, AcctInputOctets, \
AcctOutputOctets, CalledStationId, CallingStationId, \
ServiceType, FramedProtocol, FramedIPAddress, \
AcctStartDelay, XAscendSessionSvrKey) \
VALUES \
('%{Acct-Session-Id}', '%{Acct-Unique-Session-Id}', \
'%{SQL-User-Name}', \
'%{Realm}', '%{NAS-IP-Address}', '%{NAS-Port}', \
'%{NAS-Port-Type}', \
DATE_SUB('%S', \
INTERVAL (%{Acct-Session-Time:-0} + \
%{Acct-Delay-Time:-0}) SECOND), \
'%{Acct-Session-Time}', \
'%{Acct-Authentic}', '', \
'%{Acct-Input-Gigawords:-0}' << 32 | \
'%{Acct-Input-Octets:-0}', \
'%{Acct-Output-Gigawords:-0}' << 32 | \
'%{Acct-Output-Octets:-0}', \
'%{Called-Station-Id}', '%{Calling-Station-Id}', \
'%{Service-Type}', '%{Framed-Protocol}', \
'%{Framed-IP-Address}', \
'0', '%{X-Ascend-Session-Svr-Key}')"
accounting_start_query = " \
INSERT INTO ${acct_table1} \
(AcctSessionId, AcctUniqueId, UserName, \
Realm, NASIPAddress, NASPortId, \
NASPortType, AcctStartTime, AcctStopTime, \
AcctSessionTime, AcctAuthentic, ConnectInfo_start, \
ConnectInfo_stop, AcctInputOctets, AcctOutputOctets, \
CalledStationId, CallingStationId, AcctTerminateCause, \
ServiceType, FramedProtocol, FramedIPAddress, \
AcctStartDelay, AcctStopDelay, XAscendSessionSvrKey) \
VALUES \
('%{Acct-Session-Id}', '%{Acct-Unique-Session-Id}', \
'%{SQL-User-Name}', \
'%{Realm}', '%{NAS-IP-Address}', '%{NAS-Port}', \
'%{NAS-Port-Type}', '%S', '0', \
'0', '%{Acct-Authentic}', '%{Connect-Info}', \
'', '0', '0', \
'%{Called-Station-Id}', '%{Calling-Station-Id}', '', \
'%{Service-Type}', '%{Framed-Protocol}', '%{Framed-IP-Address}', \
'%{Acct-Delay-Time:-0}', '0', '%{X-Ascend-Session-Svr-Key}')"
accounting_start_query_alt = "UPDATE ${acct_table1} SET AcctStartTime = '%S', AcctStartDelay = '%{Acct-Delay-Time}'$
accounting_stop_query = " \
UPDATE ${acct_table2} SET \
AcctStopTime = '%S', \
AcctSessionTime = '%{Acct-Session-Time}', \
AcctInputOctets = '%{Acct-Input-Gigawords:-0}' << 32 | \
'%{Acct-Input-Octets:-0}', \
AcctOutputOctets = '%{Acct-Output-Gigawords:-0}' << 32 | \
'%{Acct-Output-Octets:-0}', \
AcctTerminateCause = '%{Acct-Terminate-Cause}', \
AcctStopDelay = '%{Acct-Delay-Time:-0}', \
ConnectInfo_stop = '%{Connect-Info}' \
WHERE AcctSessionId = '%{Acct-Session-Id}' \
AND UserName = '%{SQL-User-Name}' \
AND NASIPAddress = '%{NAS-IP-Address}'"
accounting_stop_query_alt = " \
INSERT INTO ${acct_table2} \
(AcctSessionId, AcctUniqueId, UserName, \
Realm, NASIPAddress, NASPortId, \
NASPortType, AcctStartTime, AcctStopTime, \
AcctSessionTime, AcctAuthentic, ConnectInfo_start, \
ConnectInfo_stop, AcctInputOctets, AcctOutputOctets, \
CalledStationId, CallingStationId, AcctTerminateCause, \
ServiceType, FramedProtocol, FramedIPAddress, \
AcctStartDelay, AcctStopDelay) \
VALUES \
('%{Acct-Session-Id}', '%{Acct-Unique-Session-Id}', \
'%{SQL-User-Name}', \
'%{Realm}', '%{NAS-IP-Address}', '%{NAS-Port}', \
'%{NAS-Port-Type}', \
DATE_SUB('%S', \
INTERVAL (%{Acct-Session-Time:-0} + \
%{Acct-Delay-Time:-0}) SECOND), \
'%S', '%{Acct-Session-Time}', '%{Acct-Authentic}', '', \
'%{Connect-Info}', \
'%{Acct-Input-Gigawords:-0}' << 32 | \
'%{Acct-Input-Octets:-0}', \
'%{Acct-Output-Gigawords:-0}' << 32 | \
'%{Acct-Output-Octets:-0}', \
'%{Called-Station-Id}', '%{Calling-Station-Id}', \
'%{Acct-Terminate-Cause}', \
'%{Service-Type}', '%{Framed-Protocol}', '%{Framed-IP-Address}', \
'0', '%{Acct-Delay-Time:-0}')"
simul_verify_query = "SELECT RadAcctId, AcctSessionId, UserName, \
NASIPAddress, NASPortId, FramedIPAddress, \
CallingStationId, FramedProtocol \
FROM ${acct_table1} \
WHERE UserName='%{SQL-User-Name}' \
AND AcctStopTime = 0"
group_membership_query = "SELECT GroupName FROM ${usergroup_table} WHERE UserName='%{SQL-User-Name}'"
postauth_query = "INSERT into ${postauth_table} (user, pass, reply, date) values ('%{User-Name}', '%{User-Password:-$
}Kod:
#/etc/ppp/options plugin radius.so plugin radattr.so plugin rp-pppoe.so require-mschap-v2 ms-dns 194.204.152.34 ms-dns 194.204.159.1 auth crtscts lock mru 1492 mtu 1492 debug lcp-echo-interval 60 lcp-echo-failure 8 noipx nobsdcomp nodeflate nopcomp
Kod:
#/etc/ppp/pppoe-server-options require-mschap-v2 mtu 1492 mru 1492
już nie mam do tego mocy jakby pppoe nie komunikowało się z radiusem, no ale tak jakby wszystko było ok bo w logach widać że moduły się ładują
Kod:
#cat /var/log/mesages ... May 10 10:56:06 debian1 pppd[4343]: Plugin radius.so loaded. May 10 10:56:06 debian1 pppd[4343]: RADIUS plugin initialized. May 10 10:56:06 debian1 pppd[4343]: Plugin radattr.so loaded. May 10 10:56:06 debian1 pppd[4343]: RADATTR plugin initialized. May 10 10:56:06 debian1 pppd[4343]: Plugin rp-pppoe.so loaded. May 10 10:56:06 debian1 pppd[4343]: pppd 2.4.4 started by root, uid 0 May 10 10:56:06 debian1 pppd[4343]: Using interface ppp0 May 10 10:56:06 debian1 pppd[4343]: Connect: ppp0 <--> /dev/pts/1 May 10 10:56:08 debian1 pppd[4343]: Peer siarka failed CHAP authentication May 10 10:56:08 debian1 pppd[4343]: Connection terminated. May 10 10:56:08 debian1 pppd[4343]: Terminating on signal 15 May 10 10:56:08 debian1 pppd[4343]: Exit. May 10 11:12:25 debian1 -- MARK -- May 10 11:32:25 debian1 -- MARK --
a
Kod:
#cat /var/log/pppoe-connect-errors ... pppoe: read (asyncReadFromPPP): Session 6: Input/output error pppoe: read (asyncReadFromPPP): Session 2: Input/output error pppoe: read (asyncReadFromPPP): Session 2: Input/output error pppoe: read (asyncReadFromPPP): Session 7: Input/output error pppoe: read (asyncReadFromPPP): Session 3: Input/output error pppoe: read (asyncReadFromPPP): Session 8: Input/output error pppoe: read (asyncReadFromPPP): Session 1: Input/output error pppoe: read (asyncReadFromPPP): Session 1: Input/output error pppoe: read (asyncReadFromPPP): Session 9: Input/output error pppoe: read (asyncReadFromPPP): Session 3: Input/output error pppoe: read (asyncReadFromPPP): Session 2: Input/output error pppoe: read (asyncReadFromPPP): Session 2: Input/output error pppoe: read (asyncReadFromPPP): Session 10: Input/output error pppoe: read (asyncReadFromPPP): Session 4: Input/output error pppoe: read (asyncReadFromPPP): Session 3: Input/output error pppoe: read (asyncReadFromPPP): Session 11: Input/output error pppoe: read (asyncReadFromPPP): Session 12: Input/output error pppoe: read (asyncReadFromPPP): Session 4: Input/output error pppoe: read (asyncReadFromPPP): Session 3: Input/output error pppoe: read (asyncReadFromPPP): Session 13: Input/output error pppoe: read (asyncReadFromPPP): Session 2: Input/output error pppoe: read (asyncReadFromPPP): Session 3: Input/output error pppoe: read (asyncReadFromPPP): Session 4: Input/output error pppoe: read (asyncReadFromPPP): Session 4: Input/output error pppoe: read (asyncReadFromPPP): Session 14: Input/output error pppoe: read (asyncReadFromPPP): Session 5: Input/output error pppoe: read (asyncReadFromPPP): Session 6: Input/output error pppoe: read (asyncReadFromPPP): Session 7: Input/output error pppoe: read (asyncReadFromPPP): Session 8: Input/output error pppoe: read (asyncReadFromPPP): Session 5: Input/output error
co mam z tym zrobić, już nie mam mocy do tego
Offline
#57 2008-09-18 14:44:37
siarka2107 - Użyszkodnik DUG
- siarka2107
- Użyszkodnik DUG
- Skąd: Warszawa
- Zarejestrowany: 2006-04-05
Re: radius z czym to sie je ?
Witam! wyczesałem w sieci jakiś [url=http://daloradius.xdsl.by/]panel[/url] do zarządzania freeradiusem. Czy ktoś to już instalował? Jakie wrażenia? Bardziej funkcjonalne niż dialupadmin?
Ostatnio edytowany przez siarka2107 (2008-09-18 14:44:51)
Offline
#58 2011-07-26 12:47:06
czeri - Użytkownik
- czeri
- Użytkownik
- Zarejestrowany: 2011-07-08
Re: radius z czym to sie je ?
Czy ma ktoś działająca konfigurację freeradiusa z mysql-em u mnie się dziwnie zachowuje, przy radteście mam Access Accept, ale przy próbie połączenie poprzez Access Pointa jest już Access Reject
a tutaj kawałek log-a z próby autoryzacji
Kod:
rad_recv: Access-Request packet from host 192.168.0.50 port 3072, id=88, length=171
User-Name = "testowy"
NAS-IP-Address = 192.168.0.50
NAS-Port = 0
Called-Station-Id = "00195b54c564"
Calling-Station-Id = "001f5bb7c6a0"
NAS-Identifier = "Realtek Access Point. 8181"
Framed-MTU = 1400
NAS-Port-Type = Wireless-802.11
Service-Type = Framed-User
Connect-Info = "CONNECT 11Mbps 802.11b"
EAP-Message = 0x0200000c01746573746f7779
Message-Authenticator = 0x9c403cb938f9054d2a4b88c47904f41a
# Executing section authorize from file /etc/freeradius/sites-enabled/default
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
++[digest] returns noop
[suffix] No '@' in User-Name = "testowy", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] EAP packet type response id 0 length 12
[eap] No EAP Start, assuming it's an on-going EAP conversation
++[eap] returns updated
++[files] returns noop
[sql] expand: %{User-Name} -> testowy
[sql] sql_set_user escaped user --> 'testowy'
rlm_sql (sql): Reserving sql socket id: 0
[sql] expand: SELECT id, username, attribute, value, op FROM radcheck WHERE username = '%{SQL-User-Name}' ORDER BY id -> SELECT id, username, attribute, value, op FROM radcheck WHERE username = 'testowy' ORDER BY id
[sql] User found in radcheck table
[sql] expand: SELECT id, username, attribute, value, op FROM radreply WHERE username = '%{SQL-User-Name}' ORDER BY id -> SELECT id, username, attribute, value, op FROM radreply WHERE username = 'testowy' ORDER BY id
[sql] expand: SELECT groupname FROM radusergroup WHERE username = '%{SQL-User-Name}' ORDER BY priority -> SELECT groupname FROM radusergroup WHERE username = 'testowy' ORDER BY priority
[sql] expand: SELECT id, groupname, attribute, Value, op FROM radgroupcheck WHERE groupname = '%{Sql-Group}' ORDER BY id -> SELECT id, groupname, attribute, Value, op FROM radgroupcheck WHERE groupname = 'dynamic' ORDER BY id
[sql] User found in group dynamic
[sql] expand: SELECT id, groupname, attribute, value, op FROM radgroupreply WHERE groupname = '%{Sql-Group}' ORDER BY id -> SELECT id, groupname, attribute, value, op FROM radgroupreply WHERE groupname = 'dynamic' ORDER BY id
rlm_sql (sql): Released sql socket id: 0
++[sql] returns ok
++[expiration] returns noop
++[logintime] returns noop
[pap] WARNING: Auth-Type already set. Not setting to PAP
++[pap] returns noop
Found Auth-Type = EAP
# Executing group from file /etc/freeradius/sites-enabled/default
+- entering group authenticate {...}
[eap] EAP Identity
[eap] processing type tls
[tls] Initiate
[tls] Start returned 1
++[eap] returns handled
Sending Access-Challenge of id 88 to 192.168.0.50 port 3072
Framed-Compression := Van-Jacobson-TCP-IP
Framed-Protocol := PPP
Service-Type := Framed-User
Acct-Interim-Interval = 60
EAP-Message = 0x010100061920
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xa1f64f15a1f7569a763d1454183188c5
Finished request 118.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 192.168.0.50 port 3072, id=89, length=283
User-Name = "testowy"
NAS-IP-Address = 192.168.0.50
NAS-Port = 0
Called-Station-Id = "00195b54c564"
Calling-Station-Id = "001f5bb7c6a0"
NAS-Identifier = "Realtek Access Point. 8181"
NAS-Port-Type = Wireless-802.11
Service-Type = Framed-User
Connect-Info = "CONNECT 11Mbps 802.11b"
EAP-Message = 0x0201007019800000006616030100610100005d03014e2eb385e01a6d91147621ac4747a7f9ec5fcb0fee10b8935142bc28fe6801e2000036002f000500040035000a000900030008000600320033003800390016001500140013001200110034003a0018001b001a0017001900010100
State = 0xa1f64f15a1f7569a763d1454183188c5
Message-Authenticator = 0xb1da151f82e55fe55f786db876bd6f7e
# Executing section authorize from file /etc/freeradius/sites-enabled/default
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
++[digest] returns noop
[suffix] No '@' in User-Name = "testowy", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] EAP packet type response id 1 length 112
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
# Executing group from file /etc/freeradius/sites-enabled/default
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
TLS Length 102
[peap] Length Included
[peap] eaptls_verify returned 11
[peap] (other): before/accept initialization
[peap] TLS_accept: before/accept initialization
[peap] <<< TLS 1.0 Handshake [length 0061], ClientHello
[peap] TLS_accept: SSLv3 read client hello A
[peap] >>> TLS 1.0 Handshake [length 002a], ServerHello
[peap] TLS_accept: SSLv3 write server hello A
[peap] >>> TLS 1.0 Handshake [length 0898], Certificate
[peap] TLS_accept: SSLv3 write certificate A
[peap] >>> TLS 1.0 Handshake [length 0004], ServerHelloDone
[peap] TLS_accept: SSLv3 write server done A
[peap] TLS_accept: SSLv3 flush data
[peap] TLS_accept: Need to read more data: SSLv3 read client certificate A
In SSL Handshake Phase
In SSL Accept mode
[peap] eaptls_process returned 13
[peap] EAPTLS_HANDLED
++[eap] returns handled
Sending Access-Challenge of id 89 to 192.168.0.50 port 3072
EAP-Message = 0x0102040019c0000008d5160301002a0200002603014e2eb37e08f5db2f5210fe1870e7f5dc20f2c53bfc1a4f4a24d5161174a3835500002f0016030108980b0008940008910003c0308203bc308202a4a003020102020101300d06092a864886f70d010104050030819d310b300906035504061302504c311e301c06035504081315546573746f77792d7365727765722d5261646975733110300e06035504071307476c697769636531173015060355040a130e6d6f6a616669726d612e6d7366743123302106092a864886f70d010901161461646d696e406d6f6a616669726d612e6d736674311e301c06035504031315546573746f777920736572
EAP-Message = 0x77657220526164697573301e170d3131303732353130323930375a170d3132303732343130323930375a30818b310b300906035504061302504c311e301c06035504081315546573746f77792d7365727765722d52616469757331173015060355040a130e6d6f6a616669726d612e6d736674311e301c06035504031315546573746f777920736572776572205261646975733123302106092a864886f70d010901161461646d696e406d6f6a616669726d612e6d73667430820122300d06092a864886f70d01010105000382010f003082010a0282010100e2daabd09ce51c439f8b5eff0f219cb0b782791c81281a0b42e84fa516c122f19b29c859
EAP-Message = 0x97646cf76979ff20847d16eaf70b028d15accb75fb7b5ae623765dedc22d46fd10afe8eed1659383fc9fe93d17072214d7aa64e56cdeea4ebba50aa4936226af2351151408732af5c49b9d8c874c4d0a6ac4a743d1a2590b321e9212cb0844e63504504c087475cd7cf38cf53741becf07e86dd2d8b32b99cb8786bb9fda40165c6965c5ce55e146a4e560ceed8a8c3d86257a6a7b1deec35e7716ca15375abe3358967d95aa64008c97ad99f32028d0ee980ed8a7f7cd2fe0e416e3aa0bf3df51819fb9a41931332fa150dd4a31e784d2fb77ed8828926e2a51b0eb0203010001a317301530130603551d25040c300a06082b06010505070301300d06
EAP-Message = 0x092a864886f70d01010405000382010100397fe79947a20eb81767871d27ccbf7227b1b1f0ef95a39b467f94d4d103292e49648c220f75de08d3c84d5eadd7648c9244da352ab3ba1618d21ef74d755c44e19ff3b3ae8a9f5e216c94b3ff50fdc575f20cb793aa9d8709595896e0a19b684658aae559b49b3c7279bc791fe235842094a43bc9a0fef8ee680fe8d0bb22cc472f3fac8b54075eaf69f3301815ab105e0b20f44b05aad8f278d8a96b3402bade97f1cf0aea85a700b170383d55e1e07abdbcbd26abbe876dc2b357fd70a48180e32290b552a67b0dcfe107065bf491041b40d3f275e30aaaa72d9e0fd1ecbed7a9dbc5960a2c3b7283808c
EAP-Message = 0xb7796012c194c0cbc1bc07f2
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xa1f64f15a0f4569a763d1454183188c5
Finished request 119.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 192.168.0.50 port 3072, id=90, length=177
User-Name = "testowy"
NAS-IP-Address = 192.168.0.50
NAS-Port = 0
Called-Station-Id = "00195b54c564"
Calling-Station-Id = "001f5bb7c6a0"
NAS-Identifier = "Realtek Access Point. 8181"
NAS-Port-Type = Wireless-802.11
Service-Type = Framed-User
Connect-Info = "CONNECT 11Mbps 802.11b"
EAP-Message = 0x020200061900
State = 0xa1f64f15a0f4569a763d1454183188c5
Message-Authenticator = 0x8d765c32a362553b1338592dd4e9998e
# Executing section authorize from file /etc/freeradius/sites-enabled/default
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
++[digest] returns noop
[suffix] No '@' in User-Name = "testowy", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] EAP packet type response id 2 length 6
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
# Executing group from file /etc/freeradius/sites-enabled/default
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
[peap] Received TLS ACK
[peap] ACK handshake fragment handler
[peap] eaptls_verify returned 1
[peap] eaptls_process returned 13
[peap] EAPTLS_HANDLED
++[eap] returns handled
Sending Access-Challenge of id 90 to 192.168.0.50 port 3072
EAP-Message = 0x010303fc194060dd6ceffa0fcbb70004cb308204c7308203afa003020102020900c4f93f99acb1433b300d06092a864886f70d010105050030819d310b300906035504061302504c311e301c06035504081315546573746f77792d7365727765722d5261646975733110300e06035504071307476c697769636531173015060355040a130e6d6f6a616669726d612e6d7366743123302106092a864886f70d010901161461646d696e406d6f6a616669726d612e6d736674311e301c06035504031315546573746f77792073657277657220526164697573301e170d3131303732353130323930375a170d3236303732313130323930375a30819d310b
EAP-Message = 0x300906035504061302504c311e301c06035504081315546573746f77792d7365727765722d5261646975733110300e06035504071307476c697769636531173015060355040a130e6d6f6a616669726d612e6d7366743123302106092a864886f70d010901161461646d696e406d6f6a616669726d612e6d736674311e301c06035504031315546573746f7779207365727765722052616469757330820122300d06092a864886f70d01010105000382010f003082010a0282010100d37fd65285c8d264144f2981c919946b1a810793c7eea5b9e67243e5f26ec536e68626abcd36d96397df5fdcc25a318f5db45e8921442df37e143370e10273dcfd
EAP-Message = 0x27f50c323e87ff976c268327b0e6efb197c55b3fc1cade1eeb938fca34d6c51c4ee12d3bee873aa243e9b987ac219ff3b739401cc0bd28b7600ea3ca089a8c8412fc2ba3db1e335070ec1ec7b723db4a9cc75aa010e42f4cb64fe4fb4f3e63a48ee794deac87e9058ff0dac274e79d1d304eed69430c4b28c62588dfb93f8cc9a4c586842e64bf47fac091b6118dc6c061c4e626ff54bf6c1bcca2a996f0e636403c898d7ad307daf73b6beeebb1becac34a81d95036304732d97ae04ae7d90203010001a382010630820102301d0603551d0e0416041441994cd3908979a0b145821ee2bd07dbfdf2fb4b3081d20603551d230481ca3081c780144199
EAP-Message = 0x4cd3908979a0b145821ee2bd07dbfdf2fb4ba181a3a481a030819d310b300906035504061302504c311e301c06035504081315546573746f77792d7365727765722d5261646975733110300e06035504071307476c697769636531173015060355040a130e6d6f6a616669726d612e6d7366743123302106092a864886f70d010901161461646d696e406d6f6a616669726d612e6d736674311e301c06035504031315546573746f77792073657277657220526164697573820900c4f93f99acb1433b300c0603551d13040530030101ff300d06092a864886f70d01010505000382010100af01bbe56fe921b4b636d5f06a6bc92ad8547d3d4c8515a0
EAP-Message = 0x073275103cc352ce
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xa1f64f15a3f5569a763d1454183188c5
Finished request 120.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 192.168.0.50 port 3072, id=91, length=177
User-Name = "testowy"
NAS-IP-Address = 192.168.0.50
NAS-Port = 0
Called-Station-Id = "00195b54c564"
Calling-Station-Id = "001f5bb7c6a0"
NAS-Identifier = "Realtek Access Point. 8181"
NAS-Port-Type = Wireless-802.11
Service-Type = Framed-User
Connect-Info = "CONNECT 11Mbps 802.11b"
EAP-Message = 0x020300061900
State = 0xa1f64f15a3f5569a763d1454183188c5
Message-Authenticator = 0x072ba593db5f551081e4a539ef55ce3f
# Executing section authorize from file /etc/freeradius/sites-enabled/default
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
++[digest] returns noop
[suffix] No '@' in User-Name = "testowy", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] EAP packet type response id 3 length 6
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
# Executing group from file /etc/freeradius/sites-enabled/default
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
[peap] Received TLS ACK
[peap] ACK handshake fragment handler
[peap] eaptls_verify returned 1
[peap] eaptls_process returned 13
[peap] EAPTLS_HANDLED
++[eap] returns handled
Sending Access-Challenge of id 91 to 192.168.0.50 port 3072
EAP-Message = 0x010400ef1900bf7e96d7d1c36f3afa6a41334f5cf78ceb22788df7ebc7f30b8ae507f69277b05542d1361b766ce5e276af295b9ce45615d4441da9b8f0ce286eaa0708d7e1c50688f7b979323b9783a6b0fcb2d74a1ec50b729e9e826afb0af7915fcc47286d07a4ed6fe09b78bdaef7a28628f3d75e096af8f7ccdb69b26b20afd6a2346846fba6f4d97ed754659b9bec954ec4321eb3d7f04b70bcb9da83c515e955e3c599895c088a14b762376b7b573f25627bae4b6ff964e5c0f64a9a61ee806e2547fd839706a651dac2b0c84b8a85ec9f928562bda0f805a727f585f966664f11f5d516030100040e000000
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xa1f64f15a2f2569a763d1454183188c5
Finished request 121.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 192.168.0.50 port 3072, id=92, length=509
User-Name = "testowy"
NAS-IP-Address = 192.168.0.50
NAS-Port = 0
Called-Station-Id = "00195b54c564"
Calling-Station-Id = "001f5bb7c6a0"
NAS-Identifier = "Realtek Access Point. 8181"
NAS-Port-Type = Wireless-802.11
Service-Type = Framed-User
Connect-Info = "CONNECT 11Mbps 802.11b"
EAP-Message = 0x0204015019800000014616030101061000010201006c81b0b55f5b762cc0225d9be7fad24bc92b9d2226eea855517e912c8230d252a4561cd8a3d98fb60f2e45c3b45fd5f0ae303fdd2ec8669ed4c60c5230dc81765a4403126c56b2577d4776edab68ee6ecfbc9bfb6682318f83a14883033a9bf3b9f3fbe8515bf151cff3a04beaadceeed58042af667d6f2545952dc876d80a1c6d79ecfb80a3b48e9513f9a481d0f49a1ca347aa719c2a2769400e4bdfec0bdd7d3ae724532ed511f14ba50537181cdd94ef833b064aa22b3a0c105e8ee662010b0a4c0199ebc9fdb0f47de9267cf3db6524ae26891a9d702e82bd3c6f70f7423901ef985924c113
EAP-Message = 0x081a24ed3a67ce7f11ec4e7da4ed605fdbd0f4b34783ac02140301000101160301003015dcbf9358d4287cf0bf23785b28cf8a28671ae8bf26ca0bcbb83736e86a167046897ccde6a1cc302fdff63dbea1e8a7
State = 0xa1f64f15a2f2569a763d1454183188c5
Message-Authenticator = 0xd3f1bcee2e135d6e0dd7cea12df40ddd
# Executing section authorize from file /etc/freeradius/sites-enabled/default
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
++[digest] returns noop
[suffix] No '@' in User-Name = "testowy", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] EAP packet type response id 4 length 253
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
# Executing group from file /etc/freeradius/sites-enabled/default
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
TLS Length 326
[peap] Length Included
[peap] eaptls_verify returned 11
[peap] <<< TLS 1.0 Handshake [length 0106], ClientKeyExchange
[peap] TLS_accept: SSLv3 read client key exchange A
[peap] <<< TLS 1.0 ChangeCipherSpec [length 0001]
[peap] <<< TLS 1.0 Handshake [length 0010], Finished
[peap] TLS_accept: SSLv3 read finished A
[peap] >>> TLS 1.0 ChangeCipherSpec [length 0001]
[peap] TLS_accept: SSLv3 write change cipher spec A
[peap] >>> TLS 1.0 Handshake [length 0010], Finished
[peap] TLS_accept: SSLv3 write finished A
[peap] TLS_accept: SSLv3 flush data
[peap] (other): SSL negotiation finished successfully
SSL Connection Established
[peap] eaptls_process returned 13
[peap] EAPTLS_HANDLED
++[eap] returns handled
Sending Access-Challenge of id 92 to 192.168.0.50 port 3072
EAP-Message = 0x01050041190014030100010116030100307df718c3da88cc588aa69f49af0ad1ee2e9ef675ceac06b98ce9f62d4c3ea9e30fb8b8f7bc4a32f1e85437cf756f4c85
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xa1f64f15a5f3569a763d1454183188c5
Finished request 122.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 192.168.0.50 port 3072, id=93, length=177
User-Name = "testowy"
NAS-IP-Address = 192.168.0.50
NAS-Port = 0
Called-Station-Id = "00195b54c564"
Calling-Station-Id = "001f5bb7c6a0"
NAS-Identifier = "Realtek Access Point. 8181"
NAS-Port-Type = Wireless-802.11
Service-Type = Framed-User
Connect-Info = "CONNECT 11Mbps 802.11b"
EAP-Message = 0x020500061900
State = 0xa1f64f15a5f3569a763d1454183188c5
Message-Authenticator = 0xb91f8ce515ac62637a97fab9fd09df68
# Executing section authorize from file /etc/freeradius/sites-enabled/default
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
++[digest] returns noop
[suffix] No '@' in User-Name = "testowy", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] EAP packet type response id 5 length 6
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
# Executing group from file /etc/freeradius/sites-enabled/default
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
[peap] Received TLS ACK
[peap] ACK handshake is finished
[peap] eaptls_verify returned 3
[peap] eaptls_process returned 3
[peap] EAPTLS_SUCCESS
[peap] Session established. Decoding tunneled attributes.
[peap] Peap state TUNNEL ESTABLISHED
++[eap] returns handled
Sending Access-Challenge of id 93 to 192.168.0.50 port 3072
EAP-Message = 0x0106002b19001703010020dab3397299de0ff2a8bc993ef3250be1783b962e2f8b9213f4052a7f0836982f
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xa1f64f15a4f0569a763d1454183188c5
Finished request 123.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 192.168.0.50 port 3072, id=94, length=214
User-Name = "testowy"
NAS-IP-Address = 192.168.0.50
NAS-Port = 0
Called-Station-Id = "00195b54c564"
Calling-Station-Id = "001f5bb7c6a0"
NAS-Identifier = "Realtek Access Point. 8181"
NAS-Port-Type = Wireless-802.11
Service-Type = Framed-User
Connect-Info = "CONNECT 11Mbps 802.11b"
EAP-Message = 0x0206002b1900170301002073013cd164215fe70aafece2409f5cb656fbdbeee8eaf7cf4a01bc23269fc929
State = 0xa1f64f15a4f0569a763d1454183188c5
Message-Authenticator = 0xc38c3462115c3733d063822d28edcd59
# Executing section authorize from file /etc/freeradius/sites-enabled/default
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
++[digest] returns noop
[suffix] No '@' in User-Name = "testowy", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] EAP packet type response id 6 length 43
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
# Executing group from file /etc/freeradius/sites-enabled/default
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
[peap] eaptls_verify returned 7
[peap] Done initial handshake
[peap] eaptls_process returned 7
[peap] EAPTLS_OK
[peap] Session established. Decoding tunneled attributes.
[peap] Peap state WAITING FOR INNER IDENTITY
[peap] Identity - testowy
[peap] Got inner identity 'testowy'
[peap] Setting default EAP type for tunneled EAP session.
[peap] Got tunneled request
EAP-Message = 0x0206000c01746573746f7779
server {
PEAP: Setting User-Name to testowy
Sending tunneled request
EAP-Message = 0x0206000c01746573746f7779
FreeRADIUS-Proxied-To = 127.0.0.1
User-Name = "testowy"
server inner-tunnel {
# Executing section authorize from file /etc/freeradius/sites-enabled/inner-tunnel
+- entering group authorize {...}
++[chap] returns noop
++[mschap] returns noop
[suffix] No '@' in User-Name = "testowy", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
++[control] returns noop
[eap] EAP packet type response id 6 length 12
[eap] No EAP Start, assuming it's an on-going EAP conversation
++[eap] returns updated
++[files] returns noop
++[expiration] returns noop
++[logintime] returns noop
++[pap] returns noop
Found Auth-Type = EAP
# Executing group from file /etc/freeradius/sites-enabled/inner-tunnel
+- entering group authenticate {...}
[eap] EAP Identity
[eap] processing type mschapv2
rlm_eap_mschapv2: Issuing Challenge
++[eap] returns handled
} # server inner-tunnel
[peap] Got tunneled reply code 11
EAP-Message = 0x010700211a0107001c100d3171aed7cc4a741658563681eff1b4746573746f7779
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xab8ed8b9ab89c27fcbed212554a26243
[peap] Got tunneled reply RADIUS code 11
EAP-Message = 0x010700211a0107001c100d3171aed7cc4a741658563681eff1b4746573746f7779
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xab8ed8b9ab89c27fcbed212554a26243
[peap] Got tunneled Access-Challenge
++[eap] returns handled
Sending Access-Challenge of id 94 to 192.168.0.50 port 3072
EAP-Message = 0x0107004b19001703010040c27b75ea78def78485b1e95577aa62dc38af48af5bf9a9e18b33be0fd6709e05e21fae5cddb7dcd5741126944242af85ce9f54bc7c7a6690c7b867be0a5d4663
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xa1f64f15a7f1569a763d1454183188c5
Finished request 124.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 192.168.0.50 port 3072, id=95, length=278
User-Name = "testowy"
NAS-IP-Address = 192.168.0.50
NAS-Port = 0
Called-Station-Id = "00195b54c564"
Calling-Station-Id = "001f5bb7c6a0"
NAS-Identifier = "Realtek Access Point. 8181"
NAS-Port-Type = Wireless-802.11
Service-Type = Framed-User
Connect-Info = "CONNECT 11Mbps 802.11b"
EAP-Message = 0x0207006b190017030100609b1f2a3f7907e240599b271f3e99dae14174040de3a1918a8db023876c52843d32809d42d378235a00db9176364141a9d72119b5ed0eb9b788f919d163d4d7dccb094836db84e1390e34e8029b17177cdf4950a6c6eeaec91aa3ea226d059542
State = 0xa1f64f15a7f1569a763d1454183188c5
Message-Authenticator = 0xa975c53e429a60a6ef74f5c2dc6e786d
# Executing section authorize from file /etc/freeradius/sites-enabled/default
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
++[digest] returns noop
[suffix] No '@' in User-Name = "testowy", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] EAP packet type response id 7 length 107
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
# Executing group from file /etc/freeradius/sites-enabled/default
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
[peap] eaptls_verify returned 7
[peap] Done initial handshake
[peap] eaptls_process returned 7
[peap] EAPTLS_OK
[peap] Session established. Decoding tunneled attributes.
[peap] Peap state phase2
[peap] EAP type mschapv2
[peap] Got tunneled request
EAP-Message = 0x020700421a0207003d3150a2951cda46745b42f5b251faba81680000000000000000290c72834deca6154e610e7a4f8bcf1c265a0ab0ee48336400746573746f7779
server {
PEAP: Setting User-Name to testowy
Sending tunneled request
EAP-Message = 0x020700421a0207003d3150a2951cda46745b42f5b251faba81680000000000000000290c72834deca6154e610e7a4f8bcf1c265a0ab0ee48336400746573746f7779
FreeRADIUS-Proxied-To = 127.0.0.1
User-Name = "testowy"
State = 0xab8ed8b9ab89c27fcbed212554a26243
server inner-tunnel {
# Executing section authorize from file /etc/freeradius/sites-enabled/inner-tunnel
+- entering group authorize {...}
++[chap] returns noop
++[mschap] returns noop
[suffix] No '@' in User-Name = "testowy", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
++[control] returns noop
[eap] EAP packet type response id 7 length 66
[eap] No EAP Start, assuming it's an on-going EAP conversation
++[eap] returns updated
++[files] returns noop
++[expiration] returns noop
++[logintime] returns noop
++[pap] returns noop
Found Auth-Type = EAP
# Executing group from file /etc/freeradius/sites-enabled/inner-tunnel
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/mschapv2
[eap] processing type mschapv2
[mschapv2] # Executing group from file /etc/freeradius/sites-enabled/inner-tunnel
[mschapv2] +- entering group MS-CHAP {...}
[mschap] No Cleartext-Password configured. Cannot create LM-Password.
[mschap] No Cleartext-Password configured. Cannot create NT-Password.
[mschap] Creating challenge hash with username: testowy
[mschap] Told to do MS-CHAPv2 for testowy with NT-Password
[mschap] FAILED: No NT/LM-Password. Cannot perform authentication.
[mschap] FAILED: MS-CHAP2-Response is incorrect
++[mschap] returns reject
[eap] Freeing handler
++[eap] returns reject
Failed to authenticate the user.
} # server inner-tunnel
[peap] Got tunneled reply code 3
MS-CHAP-Error = "\007E=691 R=1"
EAP-Message = 0x04070004
Message-Authenticator = 0x00000000000000000000000000000000
[peap] Got tunneled reply RADIUS code 3
MS-CHAP-Error = "\007E=691 R=1"
EAP-Message = 0x04070004
Message-Authenticator = 0x00000000000000000000000000000000
[peap] Tunneled authentication was rejected.
[peap] FAILURE
++[eap] returns handled
Sending Access-Challenge of id 95 to 192.168.0.50 port 3072
EAP-Message = 0x0108002b1900170301002014d288641077ffd09e9abc0e8776dfd6a3b9684b81c2db249aa4e44971301bb1
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xa1f64f15a6fe569a763d1454183188c5
Finished request 125.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 192.168.0.50 port 3072, id=96, length=214
User-Name = "testowy"
NAS-IP-Address = 192.168.0.50
NAS-Port = 0
Called-Station-Id = "00195b54c564"
Calling-Station-Id = "001f5bb7c6a0"
NAS-Identifier = "Realtek Access Point. 8181"
NAS-Port-Type = Wireless-802.11
Service-Type = Framed-User
Connect-Info = "CONNECT 11Mbps 802.11b"
EAP-Message = 0x0208002b19001703010020667f53d9bbc455f185465e9c8b592b6ec9d3f3ab929c44b802644e424a511ddc
State = 0xa1f64f15a6fe569a763d1454183188c5
Message-Authenticator = 0x46bb46cf4d16a6ae01d58f09fda4856a
# Executing section authorize from file /etc/freeradius/sites-enabled/default
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
++[digest] returns noop
[suffix] No '@' in User-Name = "testowy", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] EAP packet type response id 8 length 43
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
# Executing group from file /etc/freeradius/sites-enabled/default
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
[peap] eaptls_verify returned 7
[peap] Done initial handshake
[peap] eaptls_process returned 7
[peap] EAPTLS_OK
[peap] Session established. Decoding tunneled attributes.
[peap] Peap state send tlv failure
[peap] Received EAP-TLV response.
[peap] The users session was previously rejected: returning reject (again.)
[peap] *** This means you need to read the PREVIOUS messages in the debug output
[peap] *** to find out the reason why the user was rejected.
[peap] *** Look for "reject" or "fail". Those earlier messages will tell you.
[peap] *** what went wrong, and how to fix the problem.
[eap] Handler failed in EAP/peap
[eap] Failed in EAP select
++[eap] returns invalid
Failed to authenticate the user.
Using Post-Auth-Type Reject
# Executing group from file /etc/freeradius/sites-enabled/default
+- entering group REJECT {...}
[attr_filter.access_reject] expand: %{User-Name} -> testowy
attr_filter: Matched entry DEFAULT at line 11
++[attr_filter.access_reject] returns updated
Delaying reject of request 126 for 1 seconds
Going to the next request
Waking up in 0.9 seconds.
Sending delayed reject for request 126
Sending Access-Reject of id 96 to 192.168.0.50 port 3072
EAP-Message = 0x04080004
Message-Authenticator = 0x00000000000000000000000000000000
Waking up in 3.8 seconds.
Cleaning up request 118 ID 88 with timestamp +296
Cleaning up request 119 ID 89 with timestamp +296
Cleaning up request 120 ID 90 with timestamp +296
Cleaning up request 121 ID 91 with timestamp +296
Cleaning up request 122 ID 92 with timestamp +296
Cleaning up request 123 ID 93 with timestamp +296
Cleaning up request 124 ID 94 with timestamp +296
Cleaning up request 125 ID 95 with timestamp +296
Waking up in 1.0 seconds.
Cleaning up request 126 ID 96 with timestamp +296
Ready to process requests.Ten sam użytkownik radtest:
Kod:
FreeRADIUS Version 2.1.10, for host i486-pc-linux-gnu, built on Nov 14 2010 at 20:41:03
Copyright (C) 1999-2009 The FreeRADIUS server project and contributors.
There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A
PARTICULAR PURPOSE.
You may redistribute copies of FreeRADIUS under the terms of the
GNU General Public License v2.
Starting - reading configuration files ...
including configuration file /etc/freeradius/radiusd.conf
including configuration file /etc/freeradius/proxy.conf
including configuration file /etc/freeradius/clients.conf
including files in directory /etc/freeradius/modules/
including configuration file /etc/freeradius/modules/exec
including configuration file /etc/freeradius/modules/linelog
including configuration file /etc/freeradius/modules/unix
including configuration file /etc/freeradius/modules/acct_unique
including configuration file /etc/freeradius/modules/krb5
including configuration file /etc/freeradius/modules/counter
including configuration file /etc/freeradius/modules/detail.example.com
including configuration file /etc/freeradius/modules/mac2vlan
including configuration file /etc/freeradius/modules/expiration
including configuration file /etc/freeradius/modules/realm
including configuration file /etc/freeradius/modules/sql_log
including configuration file /etc/freeradius/modules/always
including configuration file /etc/freeradius/modules/ldap
including configuration file /etc/freeradius/modules/attr_rewrite
including configuration file /etc/freeradius/modules/attr_filter
including configuration file /etc/freeradius/modules/otp
including configuration file /etc/freeradius/modules/smsotp
including configuration file /etc/freeradius/modules/detail
including configuration file /etc/freeradius/modules/chap
including configuration file /etc/freeradius/modules/policy
including configuration file /etc/freeradius/modules/sradutmp
including configuration file /etc/freeradius/modules/ippool
including configuration file /etc/freeradius/modules/mac2ip
including configuration file /etc/freeradius/modules/smbpasswd
including configuration file /etc/freeradius/modules/pam
including configuration file /etc/freeradius/modules/cui
including configuration file /etc/freeradius/modules/opendirectory
including configuration file /etc/freeradius/modules/digest
including configuration file /etc/freeradius/modules/etc_group
including configuration file /etc/freeradius/modules/wimax
including configuration file /etc/freeradius/modules/expr
including configuration file /etc/freeradius/modules/detail.log
including configuration file /etc/freeradius/modules/checkval
including configuration file /etc/freeradius/modules/dynamic_clients
including configuration file /etc/freeradius/modules/perl
including configuration file /etc/freeradius/modules/files
including configuration file /etc/freeradius/modules/ntlm_auth
including configuration file /etc/freeradius/modules/preprocess
including configuration file /etc/freeradius/modules/pap
including configuration file /etc/freeradius/modules/mschap
including configuration file /etc/freeradius/modules/sqlcounter_expire_on_login
including configuration file /etc/freeradius/modules/radutmp
including configuration file /etc/freeradius/modules/passwd
including configuration file /etc/freeradius/modules/logintime
including configuration file /etc/freeradius/modules/inner-eap
including configuration file /etc/freeradius/modules/echo
including configuration file /etc/freeradius/eap.conf
including configuration file /etc/freeradius/sql.conf
including configuration file /etc/freeradius/sql/mysql/dialup.conf
including configuration file /etc/freeradius/policy.conf
including files in directory /etc/freeradius/sites-enabled/
including configuration file /etc/freeradius/sites-enabled/default
including configuration file /etc/freeradius/sites-enabled/inner-tunnel
main {
user = "freerad"
group = "freerad"
allow_core_dumps = no
}
including dictionary file /etc/freeradius/dictionary
main {
prefix = "/usr"
localstatedir = "/var"
logdir = "/var/log/freeradius"
libdir = "/usr/lib/freeradius"
radacctdir = "/var/log/freeradius/radacct"
hostname_lookups = no
max_request_time = 30
cleanup_delay = 5
max_requests = 1024
pidfile = "/var/run/freeradius/freeradius.pid"
checkrad = "/usr/sbin/checkrad"
debug_level = 0
proxy_requests = yes
log {
stripped_names = no
auth = no
auth_badpass = no
auth_goodpass = no
}
security {
max_attributes = 200
reject_delay = 1
status_server = yes
}
}
radiusd: #### Loading Realms and Home Servers ####
proxy server {
retry_delay = 5
retry_count = 3
default_fallback = no
dead_time = 120
wake_all_if_all_dead = no
}
home_server localhost {
ipaddr = 127.0.0.1
port = 1812
type = "auth"
secret = "testing123"
response_window = 20
max_outstanding = 65536
require_message_authenticator = yes
zombie_period = 40
status_check = "status-server"
ping_interval = 30
check_interval = 30
num_answers_to_alive = 3
num_pings_to_alive = 3
revive_interval = 120
status_check_timeout = 4
irt = 2
mrt = 16
mrc = 5
mrd = 30
}
home_server_pool my_auth_failover {
type = fail-over
home_server = localhost
}
realm example.com {
auth_pool = my_auth_failover
}
realm LOCAL {
}
radiusd: #### Loading Clients ####
client localhost {
ipaddr = 127.0.0.1
require_message_authenticator = no
secret = "testing123"
nastype = "other"
}
client 192.168.0.0/24 {
require_message_authenticator = no
secret = "testing123"
}
radiusd: #### Instantiating modules ####
instantiate {
Module: Linked to module rlm_exec
Module: Instantiating module "exec" from file /etc/freeradius/modules/exec
exec {
wait = no
input_pairs = "request"
shell_escape = yes
}
Module: Linked to module rlm_expr
Module: Instantiating module "expr" from file /etc/freeradius/modules/expr
Module: Linked to module rlm_expiration
Module: Instantiating module "expiration" from file /etc/freeradius/modules/expiration
expiration {
reply-message = "Password Has Expired "
}
Module: Linked to module rlm_logintime
Module: Instantiating module "logintime" from file /etc/freeradius/modules/logintime
logintime {
reply-message = "You are calling outside your allowed timespan "
minimum-timeout = 60
}
}
radiusd: #### Loading Virtual Servers ####
server inner-tunnel { # from file /etc/freeradius/sites-enabled/inner-tunnel
modules {
Module: Checking authenticate {...} for more modules to load
Module: Linked to module rlm_pap
Module: Instantiating module "pap" from file /etc/freeradius/modules/pap
pap {
encryption_scheme = "auto"
auto_header = no
}
Module: Linked to module rlm_chap
Module: Instantiating module "chap" from file /etc/freeradius/modules/chap
Module: Linked to module rlm_mschap
Module: Instantiating module "mschap" from file /etc/freeradius/modules/mschap
mschap {
use_mppe = yes
require_encryption = no
require_strong = no
with_ntdomain_hack = no
}
Module: Linked to module rlm_unix
Module: Instantiating module "unix" from file /etc/freeradius/modules/unix
unix {
radwtmp = "/var/log/freeradius/radwtmp"
}
Module: Linked to module rlm_eap
Module: Instantiating module "eap" from file /etc/freeradius/eap.conf
eap {
default_eap_type = "peap"
timer_expire = 60
ignore_unknown_eap_types = no
cisco_accounting_username_bug = no
max_sessions = 4096
}
Module: Linked to sub-module rlm_eap_md5
Module: Instantiating eap-md5
Module: Linked to sub-module rlm_eap_leap
Module: Instantiating eap-leap
Module: Linked to sub-module rlm_eap_gtc
Module: Instantiating eap-gtc
gtc {
challenge = "Password: "
auth_type = "PAP"
}
Module: Linked to sub-module rlm_eap_tls
Module: Instantiating eap-tls
tls {
rsa_key_exchange = no
dh_key_exchange = yes
rsa_key_length = 512
dh_key_length = 512
verify_depth = 0
CA_path = "/etc/freeradius/certs"
pem_file_type = yes
private_key_file = "/etc/freeradius/certs/server.key"
certificate_file = "/etc/freeradius/certs/server.pem"
CA_file = "/etc/freeradius/certs/ca.pem"
private_key_password = "testing123"
dh_file = "/etc/freeradius/certs/dh"
random_file = "/dev/urandom"
fragment_size = 1024
include_length = yes
check_crl = no
cipher_list = "DEFAULT"
make_cert_command = "/etc/freeradius/certs/bootstrap"
cache {
enable = no
lifetime = 24
max_entries = 255
}
verify {
}
}
Module: Linked to sub-module rlm_eap_ttls
Module: Instantiating eap-ttls
ttls {
default_eap_type = "md5"
copy_request_to_tunnel = no
use_tunneled_reply = no
virtual_server = "inner-tunnel"
include_length = yes
}
Module: Linked to sub-module rlm_eap_peap
Module: Instantiating eap-peap
peap {
default_eap_type = "mschapv2"
copy_request_to_tunnel = no
use_tunneled_reply = no
proxy_tunneled_request_as_eap = yes
virtual_server = "inner-tunnel"
}
Module: Linked to sub-module rlm_eap_mschapv2
Module: Instantiating eap-mschapv2
mschapv2 {
with_ntdomain_hack = no
}
Module: Checking authorize {...} for more modules to load
Module: Linked to module rlm_realm
Module: Instantiating module "suffix" from file /etc/freeradius/modules/realm
realm suffix {
format = "suffix"
delimiter = "@"
ignore_default = no
ignore_null = no
}
Module: Linked to module rlm_files
Module: Instantiating module "files" from file /etc/freeradius/modules/files
files {
usersfile = "/etc/freeradius/users"
acctusersfile = "/etc/freeradius/acct_users"
preproxy_usersfile = "/etc/freeradius/preproxy_users"
compat = "no"
}
Module: Checking session {...} for more modules to load
Module: Linked to module rlm_radutmp
Module: Instantiating module "radutmp" from file /etc/freeradius/modules/radutmp
radutmp {
filename = "/var/log/freeradius/radutmp"
username = "%{User-Name}"
case_sensitive = yes
check_with_nas = yes
perm = 384
callerid = yes
}
Module: Checking post-proxy {...} for more modules to load
Module: Checking post-auth {...} for more modules to load
Module: Linked to module rlm_attr_filter
Module: Instantiating module "attr_filter.access_reject" from file /etc/freeradius/modules/attr_filter
attr_filter attr_filter.access_reject {
attrsfile = "/etc/freeradius/attrs.access_reject"
key = "%{User-Name}"
}
} # modules
} # server
server { # from file /etc/freeradius/radiusd.conf
modules {
Module: Checking authenticate {...} for more modules to load
Module: Linked to module rlm_digest
Module: Instantiating module "digest" from file /etc/freeradius/modules/digest
Module: Checking authorize {...} for more modules to load
Module: Linked to module rlm_preprocess
Module: Instantiating module "preprocess" from file /etc/freeradius/modules/preprocess
preprocess {
huntgroups = "/etc/freeradius/huntgroups"
hints = "/etc/freeradius/hints"
with_ascend_hack = no
ascend_channels_per_line = 23
with_ntdomain_hack = no
with_specialix_jetstream_hack = no
with_cisco_vsa_hack = no
with_alvarion_vsa_hack = no
}
Module: Linked to module rlm_sql
Module: Instantiating module "sql" from file /etc/freeradius/sql.conf
sql {
driver = "rlm_sql_mysql"
server = "localhost"
port = ""
login = "root"
password = "zaq12wsx"
radius_db = "radius"
read_groups = yes
sqltrace = no
sqltracefile = "/var/log/freeradius/sqltrace.sql"
readclients = no
deletestalesessions = yes
num_sql_socks = 5
lifetime = 0
max_queries = 0
sql_user_name = "%{User-Name}"
default_user_profile = ""
nas_query = "SELECT id, nasname, shortname, type, secret, server FROM nas"
authorize_check_query = "SELECT id, username, attribute, value, op FROM radcheck WHERE username = '%{SQL-User-Name}' ORDER BY id"
authorize_reply_query = "SELECT id, username, attribute, value, op FROM radreply WHERE username = '%{SQL-User-Name}' ORDER BY id"
authorize_group_check_query = "SELECT id, groupname, attribute, Value, op FROM radgroupcheck WHERE groupname = '%{Sql-Group}' ORDER BY id"
authorize_group_reply_query = "SELECT id, groupname, attribute, value, op FROM radgroupreply WHERE groupname = '%{Sql-Group}' ORDER BY id"
accounting_onoff_query = " UPDATE radacct SET acctstoptime = '%S', acctsessiontime = unix_timestamp('%S') - unix_timestamp(acctstarttime), acctterminatecause = '%{Acct-Terminate-Cause}', acctstopdelay = %{%{Acct-Delay-Time}:-0} WHERE acctstoptime IS NULL AND nasipaddress = '%{NAS-IP-Address}' AND acctstarttime <= '%S'"
accounting_update_query = " UPDATE radacct SET framedipaddress = '%{Framed-IP-Address}', acctsessiontime = '%{Acct-Session-Time}', acctinputoctets = '%{%{Acct-Input-Gigawords}:-0}' << 32 | '%{%{Acct-Input-Octets}:-0}', acctoutputoctets = '%{%{Acct-Output-Gigawords}:-0}' << 32 | '%{%{Acct-Output-Octets}:-0}' WHERE acctsessionid = '%{Acct-Session-Id}' AND username = '%{SQL-User-Name}' AND nasipaddress = '%{NAS-IP-Address}'"
accounting_update_query_alt = " INSERT INTO radacct (acctsessionid, acctuniqueid, username, realm, nasipaddress, nasportid, nasporttype, acctstarttime, acctsessiontime, acctauthentic, connectinfo_start, acctinputoctets, acctoutputoctets, calledstationid, callingstationid, servicetype, framedprotocol, framedipaddress, acctstartdelay, xascendsessionsvrkey) VALUES ('%{Acct-Session-Id}', '%{Acct-Unique-Session-Id}', '%{SQL-User-Name}', '%{Realm}', '%{NAS-IP-Address}', '%{NAS-Port}', '%{NAS-Port-Type}', DATE_SUB('%S', INTERVAL (%{%{Acct-Session-Time}:-0} + %{%{Acct-Delay-Time}:-0}) SECOND), '%{Acct-Session-Time}', '%{Acct-Authentic}', '', '%{%{Acct-Input-Gigawords}:-0}' << 32 | '%{%{Acct-Input-Octets}:-0}', '%{%{Acct-Output-Gigawords}:-0}' << 32 | '%{%{Acct-Output-Octets}:-0}', '%{Called-Station-Id}', '%{Calling-Station-Id}', '%{Service-Type}', '%{Framed-Protocol}', '%{Framed-IP-Address}', '0', '%{X-Ascend-Session-Svr-Key}')"
accounting_start_query = " INSERT INTO radacct (acctsessionid, acctuniqueid, username, realm, nasipaddress, nasportid, nasporttype, acctstarttime, acctstoptime, acctsessiontime, acctauthentic, connectinfo_start, connectinfo_stop, acctinputoctets, acctoutputoctets, calledstationid, callingstationid, acctterminatecause, servicetype, framedprotocol, framedipaddress, acctstartdelay, acctstopdelay, xascendsessionsvrkey) VALUES ('%{Acct-Session-Id}', '%{Acct-Unique-Session-Id}', '%{SQL-User-Name}', '%{Realm}', '%{NAS-IP-Address}', '%{NAS-Port}', '%{NAS-Port-Type}', '%S', NULL, '0', '%{Acct-Authentic}', '%{Connect-Info}', '', '0', '0', '%{Called-Station-Id}', '%{Calling-Station-Id}', '', '%{Service-Type}', '%{Framed-Protocol}', '%{Framed-IP-Address}', '%{%{Acct-Delay-Time}:-0}', '0', '%{X-Ascend-Session-Svr-Key}')"
accounting_start_query_alt = " UPDATE radacct SET acctstarttime = '%S', acctstartdelay = '%{%{Acct-Delay-Time}:-0}', connectinfo_start = '%{Connect-Info}' WHERE acctsessionid = '%{Acct-Session-Id}' AND username = '%{SQL-User-Name}' AND nasipaddress = '%{NAS-IP-Address}'"
accounting_stop_query = " UPDATE radacct SET acctstoptime = '%S', acctsessiontime = '%{Acct-Session-Time}', acctinputoctets = '%{%{Acct-Input-Gigawords}:-0}' << 32 | '%{%{Acct-Input-Octets}:-0}', acctoutputoctets = '%{%{Acct-Output-Gigawords}:-0}' << 32 | '%{%{Acct-Output-Octets}:-0}', acctterminatecause = '%{Acct-Terminate-Cause}', acctstopdelay = '%{%{Acct-Delay-Time}:-0}', connectinfo_stop = '%{Connect-Info}' WHERE acctsessionid = '%{Acct-Session-Id}' AND username = '%{SQL-User-Name}' AND nasipaddress = '%{NAS-IP-Address}'"
accounting_stop_query_alt = " INSERT INTO radacct (acctsessionid, acctuniqueid, username, realm, nasipaddress, nasportid, nasporttype, acctstarttime, acctstoptime, acctsessiontime, acctauthentic, connectinfo_start, connectinfo_stop, acctinputoctets, acctoutputoctets, calledstationid, callingstationid, acctterminatecause, servicetype, framedprotocol, framedipaddress, acctstartdelay, acctstopdelay) VALUES ('%{Acct-Session-Id}', '%{Acct-Unique-Session-Id}', '%{SQL-User-Name}', '%{Realm}', '%{NAS-IP-Address}', '%{NAS-Port}', '%{NAS-Port-Type}', DATE_SUB('%S', INTERVAL (%{%{Acct-Session-Time}:-0} + %{%{Acct-Delay-Time}:-0}) SECOND), '%S', '%{Acct-Session-Time}', '%{Acct-Authentic}', '', '%{Connect-Info}', '%{%{Acct-Input-Gigawords}:-0}' << 32 | '%{%{Acct-Input-Octets}:-0}', '%{%{Acct-Output-Gigawords}:-0}' << 32 | '%{%{Acct-Output-Octets}:-0}', '%{Called-Station-Id}', '%{Calling-Station-Id}', '%{Acct-Terminate-Cause}', '%{Service-Type}', '%{Framed-Protocol}', '%{Framed-IP-Address}', '0', '%{%{Acct-Delay-Time}:-0}')"
group_membership_query = "SELECT groupname FROM radusergroup WHERE username = '%{SQL-User-Name}' ORDER BY priority"
connect_failure_retry_delay = 60
simul_count_query = ""
simul_verify_query = "SELECT radacctid, acctsessionid, username, nasipaddress, nasportid, framedipaddress, callingstationid, framedprotocol FROM radacct WHERE username = '%{SQL-User-Name}' AND acctstoptime IS NULL"
postauth_query = "INSERT INTO radpostauth (username, pass, reply, authdate) VALUES ( '%{User-Name}', '%{%{User-Password}:-%{Chap-Password}}', '%{reply:Packet-Type}', '%S')"
safe-characters = "@abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789.-_: /"
}
rlm_sql (sql): Driver rlm_sql_mysql (module rlm_sql_mysql) loaded and linked
rlm_sql (sql): Attempting to connect to root@localhost:/radius
rlm_sql (sql): starting 0
rlm_sql (sql): Attempting to connect rlm_sql_mysql #0
rlm_sql_mysql: Starting connect to MySQL server for #0
rlm_sql (sql): Connected new DB handle, #0
rlm_sql (sql): starting 1
rlm_sql (sql): Attempting to connect rlm_sql_mysql #1
rlm_sql_mysql: Starting connect to MySQL server for #1
rlm_sql (sql): Connected new DB handle, #1
rlm_sql (sql): starting 2
rlm_sql (sql): Attempting to connect rlm_sql_mysql #2
rlm_sql_mysql: Starting connect to MySQL server for #2
rlm_sql (sql): Connected new DB handle, #2
rlm_sql (sql): starting 3
rlm_sql (sql): Attempting to connect rlm_sql_mysql #3
rlm_sql_mysql: Starting connect to MySQL server for #3
rlm_sql (sql): Connected new DB handle, #3
rlm_sql (sql): starting 4
rlm_sql (sql): Attempting to connect rlm_sql_mysql #4
rlm_sql_mysql: Starting connect to MySQL server for #4
rlm_sql (sql): Connected new DB handle, #4
Module: Checking preacct {...} for more modules to load
Module: Linked to module rlm_acct_unique
Module: Instantiating module "acct_unique" from file /etc/freeradius/modules/acct_unique
acct_unique {
key = "User-Name, Acct-Session-Id, NAS-IP-Address, Client-IP-Address, NAS-Port"
}
Module: Checking accounting {...} for more modules to load
Module: Linked to module rlm_detail
Module: Instantiating module "detail" from file /etc/freeradius/modules/detail
detail {
detailfile = "/var/log/freeradius/radacct/%{Client-IP-Address}/detail-%Y%m%d"
header = "%t"
detailperm = 384
dirperm = 493
locking = no
log_packet_header = no
}
Module: Instantiating module "attr_filter.accounting_response" from file /etc/freeradius/modules/attr_filter
attr_filter attr_filter.accounting_response {
attrsfile = "/etc/freeradius/attrs.accounting_response"
key = "%{User-Name}"
}
Module: Checking session {...} for more modules to load
Module: Checking post-proxy {...} for more modules to load
Module: Checking post-auth {...} for more modules to load
} # modules
} # server
radiusd: #### Opening IP addresses and Ports ####
listen {
type = "auth"
ipaddr = *
port = 0
}
listen {
type = "acct"
ipaddr = *
port = 0
}
listen {
type = "auth"
ipaddr = 127.0.0.1
port = 18120
}
Listening on authentication address * port 1812
Listening on accounting address * port 1813
Listening on authentication address 127.0.0.1 port 18120 as server inner-tunnel
Listening on proxy address * port 1814
Ready to process requests.
rad_recv: Access-Request packet from host 127.0.0.1 port 53148, id=5, length=59
User-Name = "testowy"
User-Password = "password"
NAS-IP-Address = 127.0.1.1
NAS-Port = 0
# Executing section authorize from file /etc/freeradius/sites-enabled/default
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
++[digest] returns noop
[suffix] No '@' in User-Name = "testowy", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] No EAP-Message, not doing EAP
++[eap] returns noop
++[files] returns noop
[sql] expand: %{User-Name} -> testowy
[sql] sql_set_user escaped user --> 'testowy'
rlm_sql (sql): Reserving sql socket id: 4
[sql] expand: SELECT id, username, attribute, value, op FROM radcheck WHERE username = '%{SQL-User-Name}' ORDER BY id -> SELECT id, username, attribute, value, op FROM radcheck WHERE username = 'testowy' ORDER BY id
[sql] User found in radcheck table
[sql] expand: SELECT id, username, attribute, value, op FROM radreply WHERE username = '%{SQL-User-Name}' ORDER BY id -> SELECT id, username, attribute, value, op FROM radreply WHERE username = 'testowy' ORDER BY id
[sql] expand: SELECT groupname FROM radusergroup WHERE username = '%{SQL-User-Name}' ORDER BY priority -> SELECT groupname FROM radusergroup WHERE username = 'testowy' ORDER BY priority
[sql] expand: SELECT id, groupname, attribute, Value, op FROM radgroupcheck WHERE groupname = '%{Sql-Group}' ORDER BY id -> SELECT id, groupname, attribute, Value, op FROM radgroupcheck WHERE groupname = 'dynamic' ORDER BY id
[sql] User found in group dynamic
[sql] expand: SELECT id, groupname, attribute, value, op FROM radgroupreply WHERE groupname = '%{Sql-Group}' ORDER BY id -> SELECT id, groupname, attribute, value, op FROM radgroupreply WHERE groupname = 'dynamic' ORDER BY id
rlm_sql (sql): Released sql socket id: 4
++[sql] returns ok
++[expiration] returns noop
++[logintime] returns noop
++[pap] returns updated
Found Auth-Type = PAP
# Executing group from file /etc/freeradius/sites-enabled/default
+- entering group PAP {...}
[pap] login attempt with password "password"
[pap] Using clear text password "password"
[pap] User authenticated successfully
++[pap] returns ok
# Executing section post-auth from file /etc/freeradius/sites-enabled/default
+- entering group post-auth {...}
[sql] expand: %{User-Name} -> testowy
[sql] sql_set_user escaped user --> 'testowy'
[sql] expand: %{User-Password} -> password
[sql] expand: INSERT INTO radpostauth (username, pass, reply, authdate) VALUES ( '%{User-Name}', '%{%{User-Password}:-%{Chap-Password}}', '%{reply:Packet-Type}', '%S') -> INSERT INTO radpostauth (username, pass, reply, authdate) VALUES ( 'testowy', 'password', 'Access-Accept', '2011-07-26 14:38:36')
rlm_sql (sql) in sql_postauth: query is INSERT INTO radpostauth (username, pass, reply, authdate) VALUES ( 'testowy', 'password', 'Access-Accept', '2011-07-26 14:38:36')
rlm_sql (sql): Reserving sql socket id: 3
rlm_sql (sql): Released sql socket id: 3
++[sql] returns ok
++[exec] returns noop
Sending Access-Accept of id 5 to 127.0.0.1 port 53148
Framed-Compression := Van-Jacobson-TCP-IP
Framed-Protocol := PPP
Service-Type := Framed-User
Acct-Interim-Interval = 60
Finished request 0.
Going to the next request
Waking up in 4.9 seconds.
Cleaning up request 0 ID 5 with timestamp +13
Ready to process requests.Ostatnio edytowany przez czeri (2011-07-26 14:39:56)
Offline
Informacje debugowania
| Time (s) | Query |
|---|---|
| 0.00008 | SET CHARSET latin2 |
| 0.00004 | SET NAMES latin2 |
| 0.00148 | SELECT u.*, g.*, o.logged FROM punbb_users AS u INNER JOIN punbb_groups AS g ON u.group_id=g.g_id LEFT JOIN punbb_online AS o ON o.ident='18.221.68.196' WHERE u.id=1 |
| 0.00073 | REPLACE INTO punbb_online (user_id, ident, logged) VALUES(1, '18.221.68.196', 1732192421) |
| 0.00047 | SELECT * FROM punbb_online WHERE logged<1732192121 |
| 0.00062 | SELECT topic_id FROM punbb_posts WHERE id=59507 |
| 0.00005 | SELECT id FROM punbb_posts WHERE topic_id=5075 ORDER BY posted |
| 0.00036 | SELECT t.subject, t.closed, t.num_replies, t.sticky, f.id AS forum_id, f.forum_name, f.moderators, fp.post_replies, 0 FROM punbb_topics AS t INNER JOIN punbb_forums AS f ON f.id=t.forum_id LEFT JOIN punbb_forum_perms AS fp ON (fp.forum_id=f.id AND fp.group_id=3) WHERE (fp.read_forum IS NULL OR fp.read_forum=1) AND t.id=5075 AND t.moved_to IS NULL |
| 0.00023 | SELECT search_for, replace_with FROM punbb_censoring |
| 0.00856 | SELECT u.email, u.title, u.url, u.location, u.use_avatar, u.signature, u.email_setting, u.num_posts, u.registered, u.admin_note, p.id, p.poster AS username, p.poster_id, p.poster_ip, p.poster_email, p.message, p.hide_smilies, p.posted, p.edited, p.edited_by, g.g_id, g.g_user_title, o.user_id AS is_online FROM punbb_posts AS p INNER JOIN punbb_users AS u ON u.id=p.poster_id INNER JOIN punbb_groups AS g ON g.g_id=u.group_id LEFT JOIN punbb_online AS o ON (o.user_id=u.id AND o.user_id!=1 AND o.idle=0) WHERE p.topic_id=5075 ORDER BY p.id LIMIT 50,25 |
| 0.00108 | UPDATE punbb_topics SET num_views=num_views+1 WHERE id=5075 |
| Total query time: 0.0137 s | |