Freeradius and users in mysql database

classic Classic list List threaded Threaded
2 messages Options
| Threaded
Open this post in threaded view
|

Freeradius and users in mysql database

Mwonge Richard
I have configured freeradius EAP-TLS/PEAP and it works fine if i put my users  
in the users file. I tried to store my users in mysql databases but it seem  
not to work well. Can anyone help below are the logs
 
 sql: authorize_check_query = "SELECT id,UserName,Attribute,Value,op FROM
radcheck WHERE Username = '%{SQL-User-Name}' ORDER BY id"
 sql: authorize_reply_query = "SELECT id,UserName,Attribute,Value,op FROM
radreply WHERE Username = '%{SQL-User-Name}' ORDER BY id"
 sql: authorize_group_check_query = "SELECT
radgroupcheck.id,radgroupcheck.GroupName,radgroupcheck.Attribute,radgroupcheck.Value,radgroupcheck.op  
FROM radgroupcheck,usergroup WHERE usergroup.Username = '%{SQL-User-Name}'
AND usergroup.GroupName = radgroupcheck.GroupName ORDER BY radgroupcheck.id"
 sql: authorize_group_reply_query = "SELECT
radgroupreply.id,radgroupreply.GroupName,radgroupreply.Attribute,radgroupreply.Value,radgroupreply.op  
FROM radgroupreply,usergroup WHERE usergroup.Username = '%{SQL-User-Name}'
AND usergroup.GroupName = radgroupreply.GroupName ORDER BY radgroupreply.id"
 sql: accounting_onoff_query = "UPDATE radacct SET AcctStopTime='%S',
AcctSessionTime=unix_timestamp('%S') - unix_timestamp(AcctStartTime),
AcctTerminateCause='%{Acct-Terminate-Cause}', AcctStopDelay =
'%{Acct-Delay-Time}' WHERE AcctSessionTime=0 AND AcctStopTime=0 AND
NASIPAddress= '%{NAS-IP-Address}' AND AcctStartTime <= '%S'"
 sql: accounting_update_query = "UPDATE radacct ? SET FramedIPAddress =
'%{Framed-IP-Address}', ? AcctSessionTime = '%{Acct-Session-Time}', ?
AcctInputOctets = '%{Acct-Input-Octets}', ? AcctOutputOctets =
'%{Acct-Output-Octets}' ? WHERE AcctSessionId = '%{Acct-Session-Id}' ? AND
UserName = '%{SQL-User-Name}' ? AND NASIPAddress= '%{NAS-IP-Address}'"
 sql: accounting_update_query_alt = "INSERT into radacct (AcctSessionId,
AcctUniqueId, UserName, Realm, NASIPAddress, NASPortId, NASPortType,
AcctStartTime, AcctSessionTime, AcctAuthentic, ConnectInfo_start,
AcctInputOctets, AcctOutputOctets, CalledStationId, CallingStationId,
ServiceType, FramedProtocol, FramedIPAddress, AcctStartDelay)
values('%{Acct-Session-Id}', '%{Acct-Unique-Session-Id}', '%{SQL-User-Name}',
'%{Realm}', '%{NAS-IP-Address}', '%{NAS-Port}', '%{NAS-Port-Type}',
DATE_SUB('%S',INTERVAL (%{Acct-Session-Time:-0} + %{Acct-Delay-Time:-0})
SECOND), '%{Acct-Session-Time}', '%{Acct-Authentic}', '',
'%{Acct-Input-Octets}', '%{Acct-Output-Octets}', '%{Called-Station-Id}',
'%{Calling-Station-Id}', '%{Service-Type}', '%{Framed-Protocol}',
'%{Framed-IP-Address}', '0')"
 sql: accounting_start_query = "INSERT into radacct (AcctSessionId,
AcctUniqueId, UserName, Realm, NASIPAddress, NASPortId, NASPortType,
AcctStartTime, AcctStopTime, AcctSessionTime, AcctAuthentic,
ConnectInfo_start, ConnectInfo_stop, AcctInputOctets, AcctOutputOctets,
CalledStationId, CallingStationId, AcctTerminateCause, ServiceType,
FramedProtocol, FramedIPAddress, AcctStartDelay, AcctStopDelay)
values('%{Acct-Session-Id}', '%{Acct-Unique-Session-Id}', '%{SQL-User-Name}',
'%{Realm}', '%{NAS-IP-Address}', '%{NAS-Port}', '%{NAS-Port-Type}', '%S',
'0', '0', '%{Acct-Authentic}', '%{Connect-Info}', '', '0', '0',
'%{Called-Station-Id}', '%{Calling-Station-Id}', '', '%{Service-Type}',
'%{Framed-Protocol}', '%{Framed-IP-Address}', '%{Acct-Delay-Time}', '0')"
 sql: accounting_start_query_alt = "UPDATE radacct SET AcctStartTime = '%S',
AcctStartDelay = '%{Acct-Delay-Time}', ConnectInfo_start = '%{Connect-Info}'
WHERE AcctSessionId = '%{Acct-Session-Id}' AND UserName = '%{SQL-User-Name}'
AND NASIPAddress = '%{NAS-IP-Address}'"
 sql: accounting_stop_query = "UPDATE radacct SET AcctStopTime = '%S',
AcctSessionTime = '%{Acct-Session-Time}', AcctInputOctets =
'%{Acct-Input-Octets}', AcctOutputOctets = '%{Acct-Output-Octets}',
AcctTerminateCause = '%{Acct-Terminate-Cause}', AcctStopDelay =
'%{Acct-Delay-Time}', ConnectInfo_stop = '%{Connect-Info}' WHERE
AcctSessionId = '%{Acct-Session-Id}' AND UserName = '%{SQL-User-Name}' AND
NASIPAddress = '%{NAS-IP-Address}'"
 sql: accounting_stop_query_alt = "INSERT into radacct (AcctSessionId,
AcctUniqueId, UserName, Realm, NASIPAddress, NASPortId, NASPortType,
AcctStartTime, AcctStopTime, AcctSessionTime, AcctAuthentic,
ConnectInfo_start, ConnectInfo_stop, AcctInputOctets, AcctOutputOctets,
CalledStationId, CallingStationId, AcctTerminateCause, ServiceType,
FramedProtocol, FramedIPAddress, AcctStartDelay, AcctStopDelay)
values('%{Acct-Session-Id}', '%{Acct-Unique-Session-Id}', '%{SQL-User-Name}',
'%{Realm}', '%{NAS-IP-Address}', '%{NAS-Port}', '%{NAS-Port-Type}',
DATE_SUB('%S', INTERVAL (%{Acct-Session-Time:-0} + %{Acct-Delay-Time:-0})
SECOND), '%S', '%{Acct-Session-Time}', '%{Acct-Authentic}', '',
'%{Connect-Info}', '%{Acct-Input-Octets}', '%{Acct-Output-Octets}',
'%{Called-Station-Id}', '%{Calling-Station-Id}', '%{Acct-Terminate-Cause}',
'%{Service-Type}', '%{Framed-Protocol}', '%{Framed-IP-Address}', '0',
'%{Acct-Delay-Time}')"
 sql: group_membership_query = "SELECT GroupName FROM usergroup WHERE
UserName='%{SQL-User-Name}'"
 sql: connect_failure_retry_delay = 60
 sql: simul_count_query = "SELECT COUNT(*) FROM radacct WHERE
UserName='%{SQL-User-Name}' AND AcctStopTime = 0"
 sql: simul_verify_query = "SELECT RadAcctId, AcctSessionId, UserName,
NASIPAddress, NASPortId, FramedIPAddress, CallingStationId, FramedProtocol
FROM radacct WHERE UserName='%{SQL-User-Name}' AND AcctStopTime = 0"
 sql: postauth_table = "radpostauth"
 sql: postauth_query = "INSERT into radpostauth (id, user, pass, reply, date)
values ('', '%{User-Name}', '%{User-Password:-Chap-Password}',
'%{reply:Packet-Type}', NOW())"
 sql: safe-characters =
"@abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789.-_: /"
rlm_sql (sql): Driver rlm_sql_mysql (module rlm_sql_mysql) loaded and linked
rlm_sql (sql): Attempting to connect to root@localhost:/radius
rlm_sql (sql): starting 0
rlm_sql (sql): Attempting to connect rlm_sql_mysql #0
rlm_sql_mysql: Starting connect to MySQL server for #0
rlm_sql (sql): Connected new DB handle, #0
rlm_sql (sql): starting 1
rlm_sql (sql): Attempting to connect rlm_sql_mysql #1
rlm_sql_mysql: Starting connect to MySQL server for #1
rlm_sql (sql): Connected new DB handle, #1
rlm_sql (sql): starting 2
rlm_sql (sql): Attempting to connect rlm_sql_mysql #2
rlm_sql_mysql: Starting connect to MySQL server for #2
rlm_sql (sql): Connected new DB handle, #2
rlm_sql (sql): starting 3
rlm_sql (sql): Attempting to connect rlm_sql_mysql #3
rlm_sql_mysql: Starting connect to MySQL server for #3
rlm_sql (sql): Connected new DB handle, #3
rlm_sql (sql): starting 4
rlm_sql (sql): Attempting to connect rlm_sql_mysql #4
rlm_sql_mysql: Starting connect to MySQL server for #4
rlm_sql (sql): Connected new DB handle, #4
rlm_sql (sql): - generate_sql_clients
rlm_sql (sql): Query: SELECT * FROM nas
rlm_sql (sql): Reserving sql socket id: 4
rlm_sql (sql): Released sql socket id: 4
Module: Instantiated sql (sql)  
Module: Loaded Acct-Unique-Session-Id  
 acct_unique: key = "User-Name, Acct-Session-Id, NAS-IP-Address,
Client-IP-Address, NAS-Port"
Module: Instantiated acct_unique (acct_unique)  
Module: Loaded detail  
 detail: detailfile =
"/var/log/radius/radacct/%{Client-IP-Address}/detail-%Y%m%d"
 detail: detailperm = 384
 detail: dirperm = 493
 detail: locking = no
Module: Instantiated detail (detail)  
Module: Loaded radutmp  
 radutmp: filename = "/var/log/radius/radutmp"
 radutmp: username = "%{User-Name}"
 radutmp: case_sensitive = yes
 radutmp: check_with_nas = yes
 radutmp: perm = 384
 radutmp: callerid = yes
Module: Instantiated radutmp (radutmp)  
Listening on authentication *:1812
Listening on accounting *:1813
Listening on proxy *:1814
Ready to process requests.
rad_recv: Access-Request packet from host 131.107.2.192:6001, id=224,
length=134
        User-Name = "john"
        NAS-IP-Address = 131.107.2.192
        Called-Station-Id = "00-20-A6-56-70-D5:ISU"
        Calling-Station-Id = "00-02-2D-34-1F-58"
        NAS-Identifier = "AP4000ComputerLab"
        Framed-MTU = 1400
        NAS-Port-Type = Wireless-802.11
        EAP-Message = 0x02030009016a6f686e
        Message-Authenticator = 0xbc738ceabbb2fa0e9d0ddefd35d481c8
  Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 0
  modcall[authorize]: module "preprocess" returns ok for request 0
  modcall[authorize]: module "chap" returns noop for request 0
  modcall[authorize]: module "mschap" returns noop for request 0
    rlm_realm: No '@' in User-Name = "john", looking up realm NULL
    rlm_realm: No such realm "NULL"
  modcall[authorize]: module "suffix" returns noop for request 0
  rlm_eap: EAP packet type response id 3 length 9
  rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
  modcall[authorize]: module "eap" returns updated for request 0
    users: Matched entry DEFAULT at line 156
  modcall[authorize]: module "files" returns ok for request 0
radius_xlat:  'john'
rlm_sql (sql): sql_set_user escaped user --> 'john'
radius_xlat:  'SELECT id,UserName,Attribute,Value,op FROM radcheck WHERE
Username = 'john' ORDER BY id'
rlm_sql (sql): Reserving sql socket id: 3
radius_xlat:  'SELECT
radgroupcheck.id,radgroupcheck.GroupName,radgroupcheck.Attribute,radgroupcheck.Value,radgroupcheck.op  
FROM radgroupcheck,usergroup WHERE usergroup.Username = 'john' AND
usergroup.GroupName = radgroupcheck.GroupName ORDER BY radgroupcheck.id'
radius_xlat:  'SELECT id,UserName,Attribute,Value,op FROM radreply WHERE
Username = 'john' ORDER BY id'
radius_xlat:  'SELECT
radgroupreply.id,radgroupreply.GroupName,radgroupreply.Attribute,radgroupreply.Value,radgroupreply.op  
FROM radgroupreply,usergroup WHERE usergroup.Username = 'john' AND
usergroup.GroupName = radgroupreply.GroupName ORDER BY radgroupreply.id'
rlm_sql (sql): Released sql socket id: 3
  modcall[authorize]: module "sql" returns ok for request 0
modcall: group authorize returns updated for request 0
  rad_check_password:  Found Auth-Type EAP
auth: type "EAP"
  Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 0
  rlm_eap: EAP Identity
  rlm_eap: processing type tls
  rlm_eap_tls: Initiate
  rlm_eap_tls: Start returned 1
  modcall[authenticate]: module "eap" returns handled for request 0
modcall: group authenticate returns handled for request 0
Sending Access-Challenge of id 224 to 131.107.2.192:6001
        EAP-Message = 0x010400061920
        Message-Authenticator = 0x00000000000000000000000000000000
        State = 0xf51688c6ea4158918eae93b08a0acd4b
Finished request 0
Going to the next request
--- Walking the entire request list ---
Waking up in 6 seconds...
rad_recv: Access-Request packet from host 131.107.2.192:6001, id=225,
length=223
        User-Name = "john"
        NAS-IP-Address = 131.107.2.192
        Called-Station-Id = "00-20-A6-56-70-D5:ISU"
        Calling-Station-Id = "00-02-2D-34-1F-58"
        NAS-Identifier = "AP4000ComputerLab"
        State = 0xf51688c6ea4158918eae93b08a0acd4b
        Framed-MTU = 1400
        NAS-Port-Type = Wireless-802.11
        EAP-Message =
0x0204005019800000004616030100410100003d0301429425f62dcbcbd365af5cc323a6ab8932fd22bd74e77077eb07e2c8ec3db53800001600040005000a000900640062000300060013001200630100
        Message-Authenticator = 0x71a690867bd1fcc2c2f0979ec62cce13
  Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 1
  modcall[authorize]: module "preprocess" returns ok for request 1
  modcall[authorize]: module "chap" returns noop for request 1
  modcall[authorize]: module "mschap" returns noop for request 1
    rlm_realm: No '@' in User-Name = "john", looking up realm NULL
    rlm_realm: No such realm "NULL"
  modcall[authorize]: module "suffix" returns noop for request 1
  rlm_eap: EAP packet type response id 4 length 80
  rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
  modcall[authorize]: module "eap" returns updated for request 1
    users: Matched entry DEFAULT at line 156
  modcall[authorize]: module "files" returns ok for request 1
radius_xlat:  'john'
rlm_sql (sql): sql_set_user escaped user --> 'john'
radius_xlat:  'SELECT id,UserName,Attribute,Value,op FROM radcheck WHERE
Username = 'john' ORDER BY id'
rlm_sql (sql): Reserving sql socket id: 2
radius_xlat:  'SELECT
radgroupcheck.id,radgroupcheck.GroupName,radgroupcheck.Attribute,radgroupcheck.Value,radgroupcheck.op  
FROM radgroupcheck,usergroup WHERE usergroup.Username = 'john' AND
usergroup.GroupName = radgroupcheck.GroupName ORDER BY radgroupcheck.id'
radius_xlat:  'SELECT id,UserName,Attribute,Value,op FROM radreply WHERE
Username = 'john' ORDER BY id'
radius_xlat:  'SELECT
radgroupreply.id,radgroupreply.GroupName,radgroupreply.Attribute,radgroupreply.Value,radgroupreply.op  
FROM radgroupreply,usergroup WHERE usergroup.Username = 'john' AND
usergroup.GroupName = radgroupreply.GroupName ORDER BY radgroupreply.id'
rlm_sql (sql): Released sql socket id: 2
  modcall[authorize]: module "sql" returns ok for request 1
modcall: group authorize returns updated for request 1
  rad_check_password:  Found Auth-Type EAP
auth: type "EAP"
  Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 1
  rlm_eap: Request found, released from the list
  rlm_eap: EAP/peap
  rlm_eap: processing type peap
  rlm_eap_peap: Authenticate
  rlm_eap_tls: processing TLS
rlm_eap_tls:  Length Included
  eaptls_verify returned 11  
    (other): before/accept initialization  
    TLS_accept: before/accept initialization  
  rlm_eap_tls: <<< TLS 1.0 Handshake [length 0041], ClientHello  
    TLS_accept: SSLv3 read client hello A  
  rlm_eap_tls: >>> TLS 1.0 Handshake [length 004a], ServerHello  
    TLS_accept: SSLv3 write server hello A  
  rlm_eap_tls: >>> TLS 1.0 Handshake [length 0673], Certificate  
    TLS_accept: SSLv3 write certificate A  
  rlm_eap_tls: >>> TLS 1.0 Handshake [length 0004], ServerHelloDone  
    TLS_accept: SSLv3 write server done A  
    TLS_accept: SSLv3 flush data  
    TLS_accept:error in SSLv3 read client certificate A  
In SSL Handshake Phase  
In SSL Accept mode  
  eaptls_process returned 13  
  rlm_eap_peap: EAPTLS_HANDLED
  modcall[authenticate]: module "eap" returns handled for request 1
modcall: group authenticate returns handled for request 1
Sending Access-Challenge of id 225 to 131.107.2.192:6001
        EAP-Message =
0x0105040a19c0000006d0160301004a0200004603014294883079a7dd2784a1eacf5325e3fe4533d937d8d7b0ac270c3ad0aaf32c55206e065861e726c50c15108a030e61ba4c6b60e5ef64751e7a21e3f550afbf432d00040016030106730b00066f00066c0002c1308202bd30820226a003020102020102300d06092a864886f70d0101040500308198310b30090603550406130255473110300e060355040813074b414d50414c413110300e060355040713074b414d50414c4131273025060355040a131e494e5445524e4154494f4e414c205343484f4f4c204f46205547414e4441311b301906035504031312436c69656e742063657274696669
        EAP-Message =
0x63617465311f301d06092a864886f70d0109011610726d776f6e676540667463752e6f7267301e170d3035303532303039333633375a170d3135303531383039333633375a308196310b30090603550406130255473110300e060355040813074b414d50414c413110300e060355040713074b414d50414c4131273025060355040a131e494e5445524e4154494f4e414c205343484f4f4c204f46205547414e44413119301706035504031310526f6f74206365727469666963617465311f301d06092a864886f70d0109011610726d776f6e676540667463752e6f726730819f300d06092a864886f70d010101050003818d0030818902818100bbdd
        EAP-Message =
0x6646d7891292ac6fa08b669a92642e17c7c68d67cfbb969334ca1b9966e259521a919ab636ec7989e792f26f0ff8aa13520d1197a632e7e6d9e06faa5016847af8d248f3fc49498e967ea74b03a63b00ccc5ede26f43fd968af8e8c2719c1c18a7b0a2d47d0f3aed47977cf3b14b29275e584747dcca931685b5be73dba90203010001a317301530130603551d25040c300a06082b06010505070301300d06092a864886f70d01010405000381810010213c65920e31554503bb58cdb51f8ac3bd895fa29999ecb00f98e15d91f02d5b032d454a0d58b292d310d4732f691704d17550f18205efa337045e64d76a2076dbb34a16c395109ec8095a8d2c
        EAP-Message =
0xe0c369c2e2ab3eb39ec5100cf13b0d508991de833b1c2a356cd8606d60561f2a6cb59488462ff14c64c7822685acb22bec260003a5308203a13082030aa003020102020100300d06092a864886f70d0101040500308198310b30090603550406130255473110300e060355040813074b414d50414c413110300e060355040713074b414d50414c4131273025060355040a131e494e5445524e4154494f4e414c205343484f4f4c204f46205547414e4441311b301906035504031312436c69656e74206365727469666963617465311f301d06092a864886f70d0109011610726d776f6e676540667463752e6f7267301e170d30353035323030393336
        EAP-Message = 0x33365a170d3135303531383039333633365a30819831
        Message-Authenticator = 0x00000000000000000000000000000000
        State = 0xc178128b76c47a764e8d916d478d870b
Finished request 1
Going to the next request
Waking up in 6 seconds...
rad_recv: Access-Request packet from host 131.107.2.192:6001, id=226,
length=149
        User-Name = "john"
        NAS-IP-Address = 131.107.2.192
        Called-Station-Id = "00-20-A6-56-70-D5:ISU"
        Calling-Station-Id = "00-02-2D-34-1F-58"
        NAS-Identifier = "AP4000ComputerLab"
        State = 0xc178128b76c47a764e8d916d478d870b
        Framed-MTU = 1400
        NAS-Port-Type = Wireless-802.11
        EAP-Message = 0x020500061900
        Message-Authenticator = 0xa640556820108e6a251b15b08b719367
  Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 2
  modcall[authorize]: module "preprocess" returns ok for request 2
  modcall[authorize]: module "chap" returns noop for request 2
  modcall[authorize]: module "mschap" returns noop for request 2
    rlm_realm: No '@' in User-Name = "john", looking up realm NULL
    rlm_realm: No such realm "NULL"
  modcall[authorize]: module "suffix" returns noop for request 2
  rlm_eap: EAP packet type response id 5 length 6
  rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
  modcall[authorize]: module "eap" returns updated for request 2
    users: Matched entry DEFAULT at line 156
  modcall[authorize]: module "files" returns ok for request 2
radius_xlat:  'john'
rlm_sql (sql): sql_set_user escaped user --> 'john'
radius_xlat:  'SELECT id,UserName,Attribute,Value,op FROM radcheck WHERE
Username = 'john' ORDER BY id'
rlm_sql (sql): Reserving sql socket id: 1
radius_xlat:  'SELECT
radgroupcheck.id,radgroupcheck.GroupName,radgroupcheck.Attribute,radgroupcheck.Value,radgroupcheck.op  
FROM radgroupcheck,usergroup WHERE usergroup.Username = 'john' AND
usergroup.GroupName = radgroupcheck.GroupName ORDER BY radgroupcheck.id'
radius_xlat:  'SELECT id,UserName,Attribute,Value,op FROM radreply WHERE
Username = 'john' ORDER BY id'
radius_xlat:  'SELECT
radgroupreply.id,radgroupreply.GroupName,radgroupreply.Attribute,radgroupreply.Value,radgroupreply.op  
FROM radgroupreply,usergroup WHERE usergroup.Username = 'john' AND
usergroup.GroupName = radgroupreply.GroupName ORDER BY radgroupreply.id'
rlm_sql (sql): Released sql socket id: 1
  modcall[authorize]: module "sql" returns ok for request 2
modcall: group authorize returns updated for request 2
  rad_check_password:  Found Auth-Type EAP
auth: type "EAP"
  Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 2
  rlm_eap: Request found, released from the list
  rlm_eap: EAP/peap
  rlm_eap: processing type peap
  rlm_eap_peap: Authenticate
  rlm_eap_tls: processing TLS
rlm_eap_tls: Received EAP-TLS ACK message
  rlm_eap_tls: ack handshake fragment handler
  eaptls_verify returned 1  
  eaptls_process returned 13  
  rlm_eap_peap: EAPTLS_HANDLED
  modcall[authenticate]: module "eap" returns handled for request 2
modcall: group authenticate returns handled for request 2
Sending Access-Challenge of id 226 to 131.107.2.192:6001
        EAP-Message =
0x010602d619000b30090603550406130255473110300e060355040813074b414d50414c413110300e060355040713074b414d50414c4131273025060355040a131e494e5445524e4154494f4e414c205343484f4f4c204f46205547414e4441311b301906035504031312436c69656e74206365727469666963617465311f301d06092a864886f70d0109011610726d776f6e676540667463752e6f726730819f300d06092a864886f70d010101050003818d0030818902818100cf08ff8e4a7e121806253bea7781bc823803f14a3d0c4cdec1c0c884d74b2822db6c5e5dd41a5587e2efa68e2881eefbcef886b99be1a5b3cb274d0f6a19e780dffa6d
        EAP-Message =
0x714ec55077e203a2952a42ab76d50b0463d245ad7dfbd708bdd280b365e1b648e5c06f472e0aa7588175f936689108057a78053759747feb3d4d6b96850203010001a381f83081f5301d0603551d0e0416041423e197f3d59dd0ba8d57e175785f05c7b62a5cec3081c50603551d230481bd3081ba801423e197f3d59dd0ba8d57e175785f05c7b62a5ceca1819ea4819b308198310b30090603550406130255473110300e060355040813074b414d50414c413110300e060355040713074b414d50414c4131273025060355040a131e494e5445524e4154494f4e414c205343484f4f4c204f46205547414e4441311b301906035504031312436c6965
        EAP-Message =
0x6e74206365727469666963617465311f301d06092a864886f70d0109011610726d776f6e676540667463752e6f7267820100300c0603551d13040530030101ff300d06092a864886f70d0101040500038181003af2af1482eace90ba3a8f813e100540bc736ee6c0d3bbc546e2653869a7b40875376a6b6eecae8989b5c503fcea0d2ab12773eea524afe9d8ada80aad34e60ac70179ad8b9da725aa4014cbb2453b355718b4070d2e81c30cc67cb180547b4990f255f1691300a080bc329c731f008179f4bf9ed4bf3ef378fbb22078882b3e16030100040e000000
        Message-Authenticator = 0x00000000000000000000000000000000
        State = 0x9753628b1f2d2f9956064d3b26f5afd1
Finished request 2
Going to the next request
Waking up in 6 seconds...
rad_recv: Access-Request packet from host 131.107.2.192:6001, id=227,
length=335
        User-Name = "john"
        NAS-IP-Address = 131.107.2.192
        Called-Station-Id = "00-20-A6-56-70-D5:ISU"
        Calling-Station-Id = "00-02-2D-34-1F-58"
        NAS-Identifier = "AP4000ComputerLab"
        State = 0x9753628b1f2d2f9956064d3b26f5afd1
        Framed-MTU = 1400
        NAS-Port-Type = Wireless-802.11
        EAP-Message =
0x020600c01980000000b6160301008610000082008084c05a63ccf982ee61c870a8e67b21342c5458031033d9206dd9fcdeb9a2ff561abf3001e9a145791400424e2d1a89b8da45c79cbaac7e75ab46490b54d3c7fc3125e91c6072d317b122ca49e84ade500e8f34a7df71fad4c3f4c2d285f5373d63ca5cac3aae1e92059f45e11f53f5e1e4671349d80a714e636815e71b2ef2351403010001011603010020a4aebd562373d74d97c03d17afc3b9d42267af32634dcd79e57e6fd95edf4bb0
        Message-Authenticator = 0x24644f35fee3ae6199a5b4e708952248
  Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 3
  modcall[authorize]: module "preprocess" returns ok for request 3
  modcall[authorize]: module "chap" returns noop for request 3
  modcall[authorize]: module "mschap" returns noop for request 3
    rlm_realm: No '@' in User-Name = "john", looking up realm NULL
    rlm_realm: No such realm "NULL"
  modcall[authorize]: module "suffix" returns noop for request 3
  rlm_eap: EAP packet type response id 6 length 192
  rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
  modcall[authorize]: module "eap" returns updated for request 3
    users: Matched entry DEFAULT at line 156
  modcall[authorize]: module "files" returns ok for request 3
radius_xlat:  'john'
rlm_sql (sql): sql_set_user escaped user --> 'john'
radius_xlat:  'SELECT id,UserName,Attribute,Value,op FROM radcheck WHERE
Username = 'john' ORDER BY id'
rlm_sql (sql): Reserving sql socket id: 0
radius_xlat:  'SELECT
radgroupcheck.id,radgroupcheck.GroupName,radgroupcheck.Attribute,radgroupcheck.Value,radgroupcheck.op  
FROM radgroupcheck,usergroup WHERE usergroup.Username = 'john' AND
usergroup.GroupName = radgroupcheck.GroupName ORDER BY radgroupcheck.id'
radius_xlat:  'SELECT id,UserName,Attribute,Value,op FROM radreply WHERE
Username = 'john' ORDER BY id'
radius_xlat:  'SELECT
radgroupreply.id,radgroupreply.GroupName,radgroupreply.Attribute,radgroupreply.Value,radgroupreply.op  
FROM radgroupreply,usergroup WHERE usergroup.Username = 'john' AND
usergroup.GroupName = radgroupreply.GroupName ORDER BY radgroupreply.id'
rlm_sql (sql): Released sql socket id: 0
  modcall[authorize]: module "sql" returns ok for request 3
modcall: group authorize returns updated for request 3
  rad_check_password:  Found Auth-Type EAP
auth: type "EAP"
  Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 3
  rlm_eap: Request found, released from the list
  rlm_eap: EAP/peap
  rlm_eap: processing type peap
  rlm_eap_peap: Authenticate
  rlm_eap_tls: processing TLS
rlm_eap_tls:  Length Included
  eaptls_verify returned 11  
  rlm_eap_tls: <<< TLS 1.0 Handshake [length 0086], ClientKeyExchange  
    TLS_accept: SSLv3 read client key exchange A  
  rlm_eap_tls: <<< TLS 1.0 ChangeCipherSpec [length 0001]  
  rlm_eap_tls: <<< TLS 1.0 Handshake [length 0010], Finished  
    TLS_accept: SSLv3 read finished A  
  rlm_eap_tls: >>> TLS 1.0 ChangeCipherSpec [length 0001]  
    TLS_accept: SSLv3 write change cipher spec A  
  rlm_eap_tls: >>> TLS 1.0 Handshake [length 0010], Finished  
    TLS_accept: SSLv3 write finished A  
    TLS_accept: SSLv3 flush data  
    (other): SSL negotiation finished successfully  
SSL Connection Established  
  eaptls_process returned 13  
  rlm_eap_peap: EAPTLS_HANDLED
  modcall[authenticate]: module "eap" returns handled for request 3
modcall: group authenticate returns handled for request 3
Sending Access-Challenge of id 227 to 131.107.2.192:6001
        EAP-Message =
0x010700311900140301000101160301002012bcea664940e2dfc6db67f26de873ac069e9bb6e33dbd53a107d0070e94f905
        Message-Authenticator = 0x00000000000000000000000000000000
        State = 0x9319ed6ebc1e130f27ea48a0933f28db
Finished request 3
Going to the next request
Waking up in 6 seconds...
rad_recv: Access-Request packet from host 131.107.2.192:6001, id=228,
length=149
        User-Name = "john"
        NAS-IP-Address = 131.107.2.192
        Called-Station-Id = "00-20-A6-56-70-D5:ISU"
        Calling-Station-Id = "00-02-2D-34-1F-58"
        NAS-Identifier = "AP4000ComputerLab"
        State = 0x9319ed6ebc1e130f27ea48a0933f28db
        Framed-MTU = 1400
        NAS-Port-Type = Wireless-802.11
        EAP-Message = 0x020700061900
        Message-Authenticator = 0x891f410461f147a74414c735315044d6
  Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 4
  modcall[authorize]: module "preprocess" returns ok for request 4
  modcall[authorize]: module "chap" returns noop for request 4
  modcall[authorize]: module "mschap" returns noop for request 4
    rlm_realm: No '@' in User-Name = "john", looking up realm NULL
    rlm_realm: No such realm "NULL"
  modcall[authorize]: module "suffix" returns noop for request 4
  rlm_eap: EAP packet type response id 7 length 6
  rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
  modcall[authorize]: module "eap" returns updated for request 4
    users: Matched entry DEFAULT at line 156
  modcall[authorize]: module "files" returns ok for request 4
radius_xlat:  'john'
rlm_sql (sql): sql_set_user escaped user --> 'john'
radius_xlat:  'SELECT id,UserName,Attribute,Value,op FROM radcheck WHERE
Username = 'john' ORDER BY id'
rlm_sql (sql): Reserving sql socket id: 4
radius_xlat:  'SELECT
radgroupcheck.id,radgroupcheck.GroupName,radgroupcheck.Attribute,radgroupcheck.Value,radgroupcheck.op  
FROM radgroupcheck,usergroup WHERE usergroup.Username = 'john' AND
usergroup.GroupName = radgroupcheck.GroupName ORDER BY radgroupcheck.id'
radius_xlat:  'SELECT id,UserName,Attribute,Value,op FROM radreply WHERE
Username = 'john' ORDER BY id'
radius_xlat:  'SELECT
radgroupreply.id,radgroupreply.GroupName,radgroupreply.Attribute,radgroupreply.Value,radgroupreply.op  
FROM radgroupreply,usergroup WHERE usergroup.Username = 'john' AND
usergroup.GroupName = radgroupreply.GroupName ORDER BY radgroupreply.id'
rlm_sql (sql): Released sql socket id: 4
  modcall[authorize]: module "sql" returns ok for request 4
modcall: group authorize returns updated for request 4
  rad_check_password:  Found Auth-Type EAP
auth: type "EAP"
  Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 4
  rlm_eap: Request found, released from the list
  rlm_eap: EAP/peap
  rlm_eap: processing type peap
  rlm_eap_peap: Authenticate
  rlm_eap_tls: processing TLS
rlm_eap_tls: Received EAP-TLS ACK message
  rlm_eap_tls: ack handshake is finished
  eaptls_verify returned 3  
  eaptls_process returned 3  
  rlm_eap_peap: EAPTLS_SUCCESS
  modcall[authenticate]: module "eap" returns handled for request 4
modcall: group authenticate returns handled for request 4
Sending Access-Challenge of id 228 to 131.107.2.192:6001
        EAP-Message =
0x01080020190017030100150f1c431d5d034595a4789ab248a52f1aa1a6d71285
        Message-Authenticator = 0x00000000000000000000000000000000
        State = 0x108aa382a1058e76692edbad59aa9845
Finished request 4
Going to the next request
Waking up in 6 seconds...
rad_recv: Access-Request packet from host 131.107.2.192:6001, id=229,
length=175
        User-Name = "john"
        NAS-IP-Address = 131.107.2.192
        Called-Station-Id = "00-20-A6-56-70-D5:ISU"
        Calling-Station-Id = "00-02-2D-34-1F-58"
        NAS-Identifier = "AP4000ComputerLab"
        State = 0x108aa382a1058e76692edbad59aa9845
        Framed-MTU = 1400
        NAS-Port-Type = Wireless-802.11
        EAP-Message =
0x020800201900170301001549ed1ebc2b03db1709aafd4387c168e840a2a589f4
        Message-Authenticator = 0x8c731afc184a05a0d43ec46db0bc911b
  Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 5
  modcall[authorize]: module "preprocess" returns ok for request 5
  modcall[authorize]: module "chap" returns noop for request 5
  modcall[authorize]: module "mschap" returns noop for request 5
    rlm_realm: No '@' in User-Name = "john", looking up realm NULL
    rlm_realm: No such realm "NULL"
  modcall[authorize]: module "suffix" returns noop for request 5
  rlm_eap: EAP packet type response id 8 length 32
  rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
  modcall[authorize]: module "eap" returns updated for request 5
    users: Matched entry DEFAULT at line 156
  modcall[authorize]: module "files" returns ok for request 5
radius_xlat:  'john'
rlm_sql (sql): sql_set_user escaped user --> 'john'
radius_xlat:  'SELECT id,UserName,Attribute,Value,op FROM radcheck WHERE
Username = 'john' ORDER BY id'
rlm_sql (sql): Reserving sql socket id: 3
radius_xlat:  'SELECT
radgroupcheck.id,radgroupcheck.GroupName,radgroupcheck.Attribute,radgroupcheck.Value,radgroupcheck.op  
FROM radgroupcheck,usergroup WHERE usergroup.Username = 'john' AND
usergroup.GroupName = radgroupcheck.GroupName ORDER BY radgroupcheck.id'
radius_xlat:  'SELECT id,UserName,Attribute,Value,op FROM radreply WHERE
Username = 'john' ORDER BY id'
radius_xlat:  'SELECT
radgroupreply.id,radgroupreply.GroupName,radgroupreply.Attribute,radgroupreply.Value,radgroupreply.op  
FROM radgroupreply,usergroup WHERE usergroup.Username = 'john' AND
usergroup.GroupName = radgroupreply.GroupName ORDER BY radgroupreply.id'
rlm_sql (sql): Released sql socket id: 3
  modcall[authorize]: module "sql" returns ok for request 5
modcall: group authorize returns updated for request 5
  rad_check_password:  Found Auth-Type EAP
auth: type "EAP"
  Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 5
  rlm_eap: Request found, released from the list
  rlm_eap: EAP/peap
  rlm_eap: processing type peap
  rlm_eap_peap: Authenticate
  rlm_eap_tls: processing TLS
  eaptls_verify returned 7  
  rlm_eap_tls: Done initial handshake
  eaptls_process returned 7  
  rlm_eap_peap: EAPTLS_OK
  rlm_eap_peap: Session established.  Decoding tunneled attributes.
  rlm_eap_peap: Identity - john
  rlm_eap_peap: Tunneled data is valid.
  PEAP: Got tunneled identity of john
  PEAP: Setting default EAP type for tunneled EAP session.
  PEAP: Setting User-Name to john
  Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 5
  modcall[authorize]: module "preprocess" returns ok for request 5
  modcall[authorize]: module "chap" returns noop for request 5
  modcall[authorize]: module "mschap" returns noop for request 5
    rlm_realm: No '@' in User-Name = "john", looking up realm NULL
    rlm_realm: No such realm "NULL"
  modcall[authorize]: module "suffix" returns noop for request 5
  rlm_eap: EAP packet type response id 8 length 9
  rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
  modcall[authorize]: module "eap" returns updated for request 5
    users: Matched entry DEFAULT at line 156
  modcall[authorize]: module "files" returns ok for request 5
radius_xlat:  'john'
rlm_sql (sql): sql_set_user escaped user --> 'john'
radius_xlat:  'SELECT id,UserName,Attribute,Value,op FROM radcheck WHERE
Username = 'john' ORDER BY id'
rlm_sql (sql): Reserving sql socket id: 2
radius_xlat:  'SELECT
radgroupcheck.id,radgroupcheck.GroupName,radgroupcheck.Attribute,radgroupcheck.Value,radgroupcheck.op  
FROM radgroupcheck,usergroup WHERE usergroup.Username = 'john' AND
usergroup.GroupName = radgroupcheck.GroupName ORDER BY radgroupcheck.id'
radius_xlat:  'SELECT id,UserName,Attribute,Value,op FROM radreply WHERE
Username = 'john' ORDER BY id'
radius_xlat:  'SELECT
radgroupreply.id,radgroupreply.GroupName,radgroupreply.Attribute,radgroupreply.Value,radgroupreply.op  
FROM radgroupreply,usergroup WHERE usergroup.Username = 'john' AND
usergroup.GroupName = radgroupreply.GroupName ORDER BY radgroupreply.id'
rlm_sql (sql): Released sql socket id: 2
  modcall[authorize]: module "sql" returns ok for request 5
modcall: group authorize returns updated for request 5
  rad_check_password:  Found Auth-Type EAP
auth: type "EAP"
  Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 5
  rlm_eap: EAP Identity
  rlm_eap: processing type mschapv2
rlm_eap_mschapv2: Issuing Challenge
  modcall[authenticate]: module "eap" returns handled for request 5
modcall: group authenticate returns handled for request 5
  PEAP: Got tunneled Access-Challenge
  modcall[authenticate]: module "eap" returns handled for request 5
modcall: group authenticate returns handled for request 5
Sending Access-Challenge of id 229 to 131.107.2.192:6001
        EAP-Message =
0x010900351900170301002aaf7f65d8b19c434d2682a23bc45c4c187996aaf7e3dbca34ad0d1c5dd366a701a12302ca1afceac7261f
        Message-Authenticator = 0x00000000000000000000000000000000
        State = 0xa0ce1b5af241d4ed6cd9dd384a84bed0
Finished request 5
Going to the next request
Waking up in 6 seconds...
rad_recv: Access-Request packet from host 131.107.2.192:6001, id=230,
length=229
        User-Name = "john"
        NAS-IP-Address = 131.107.2.192
        Called-Station-Id = "00-20-A6-56-70-D5:ISU"
        Calling-Station-Id = "00-02-2D-34-1F-58"
        NAS-Identifier = "AP4000ComputerLab"
        State = 0xa0ce1b5af241d4ed6cd9dd384a84bed0
        Framed-MTU = 1400
        NAS-Port-Type = Wireless-802.11
        EAP-Message =
0x020900561900170301004bf2f5b597ee2398ed3ed674c965c6b255071fa6a53e515bb1e36add3b088030181f696eb62973cbe0584d81c398f80e9f730a133adea261b60ba06b07ab1d65ff93f88962c59b9e95a2a8c4
        Message-Authenticator = 0x13da2dc3b52f56c935ca6ec177e4a022
  Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 6
  modcall[authorize]: module "preprocess" returns ok for request 6
  modcall[authorize]: module "chap" returns noop for request 6
  modcall[authorize]: module "mschap" returns noop for request 6
    rlm_realm: No '@' in User-Name = "john", looking up realm NULL
    rlm_realm: No such realm "NULL"
  modcall[authorize]: module "suffix" returns noop for request 6
  rlm_eap: EAP packet type response id 9 length 86
  rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
  modcall[authorize]: module "eap" returns updated for request 6
    users: Matched entry DEFAULT at line 156
  modcall[authorize]: module "files" returns ok for request 6
radius_xlat:  'john'
rlm_sql (sql): sql_set_user escaped user --> 'john'
radius_xlat:  'SELECT id,UserName,Attribute,Value,op FROM radcheck WHERE
Username = 'john' ORDER BY id'
rlm_sql (sql): Reserving sql socket id: 1
radius_xlat:  'SELECT
radgroupcheck.id,radgroupcheck.GroupName,radgroupcheck.Attribute,radgroupcheck.Value,radgroupcheck.op  
FROM radgroupcheck,usergroup WHERE usergroup.Username = 'john' AND
usergroup.GroupName = radgroupcheck.GroupName ORDER BY radgroupcheck.id'
radius_xlat:  'SELECT id,UserName,Attribute,Value,op FROM radreply WHERE
Username = 'john' ORDER BY id'
radius_xlat:  'SELECT
radgroupreply.id,radgroupreply.GroupName,radgroupreply.Attribute,radgroupreply.Value,radgroupreply.op  
FROM radgroupreply,usergroup WHERE usergroup.Username = 'john' AND
usergroup.GroupName = radgroupreply.GroupName ORDER BY radgroupreply.id'
rlm_sql (sql): Released sql socket id: 1
  modcall[authorize]: module "sql" returns ok for request 6
modcall: group authorize returns updated for request 6
  rad_check_password:  Found Auth-Type EAP
auth: type "EAP"
  Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 6
  rlm_eap: Request found, released from the list
  rlm_eap: EAP/peap
  rlm_eap: processing type peap
  rlm_eap_peap: Authenticate
  rlm_eap_tls: processing TLS
  eaptls_verify returned 7  
  rlm_eap_tls: Done initial handshake
  eaptls_process returned 7  
  rlm_eap_peap: EAPTLS_OK
  rlm_eap_peap: Session established.  Decoding tunneled attributes.
  rlm_eap_peap: EAP type mschapv2
  rlm_eap_peap: Tunneled data is valid.
  PEAP: Setting User-Name to john
  PEAP: Adding old state with 65 e2
  Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 6
  modcall[authorize]: module "preprocess" returns ok for request 6
  modcall[authorize]: module "chap" returns noop for request 6
  modcall[authorize]: module "mschap" returns noop for request 6
    rlm_realm: No '@' in User-Name = "john", looking up realm NULL
    rlm_realm: No such realm "NULL"
  modcall[authorize]: module "suffix" returns noop for request 6
  rlm_eap: EAP packet type response id 9 length 63
  rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
  modcall[authorize]: module "eap" returns updated for request 6
    users: Matched entry DEFAULT at line 156
  modcall[authorize]: module "files" returns ok for request 6
radius_xlat:  'john'
rlm_sql (sql): sql_set_user escaped user --> 'john'
radius_xlat:  'SELECT id,UserName,Attribute,Value,op FROM radcheck WHERE
Username = 'john' ORDER BY id'
rlm_sql (sql): Reserving sql socket id: 0
radius_xlat:  'SELECT
radgroupcheck.id,radgroupcheck.GroupName,radgroupcheck.Attribute,radgroupcheck.Value,radgroupcheck.op  
FROM radgroupcheck,usergroup WHERE usergroup.Username = 'john' AND
usergroup.GroupName = radgroupcheck.GroupName ORDER BY radgroupcheck.id'
radius_xlat:  'SELECT id,UserName,Attribute,Value,op FROM radreply WHERE
Username = 'john' ORDER BY id'
radius_xlat:  'SELECT
radgroupreply.id,radgroupreply.GroupName,radgroupreply.Attribute,radgroupreply.Value,radgroupreply.op  
FROM radgroupreply,usergroup WHERE usergroup.Username = 'john' AND
usergroup.GroupName = radgroupreply.GroupName ORDER BY radgroupreply.id'
rlm_sql (sql): Released sql socket id: 0
  modcall[authorize]: module "sql" returns ok for request 6
modcall: group authorize returns updated for request 6
  rad_check_password:  Found Auth-Type EAP
auth: type "EAP"
  Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 6
  rlm_eap: Request found, released from the list
  rlm_eap: EAP/mschapv2
  rlm_eap: processing type mschapv2
  Processing the authenticate section of radiusd.conf
modcall: entering group Auth-Type for request 6
  rlm_mschap: Told to do MS-CHAPv2 for john with NT-Password
  rlm_mschap: FAILED: MS-CHAP2-Response is incorrect
  modcall[authenticate]: module "mschap" returns reject for request 6
modcall: group Auth-Type returns reject for request 6
  rlm_eap: Freeing handler
  modcall[authenticate]: module "eap" returns reject for request 6
modcall: group authenticate returns reject for request 6
auth: Failed to validate the user.
  PEAP: Tunneled authentication was rejected.
  rlm_eap_peap: FAILURE
  modcall[authenticate]: module "eap" returns handled for request 6
modcall: group authenticate returns handled for request 6
Sending Access-Challenge of id 230 to 131.107.2.192:6001
        EAP-Message =
0x010a00261900170301001bae1998dd97c82757b1599ea99f6dfe62bbd60be996473ea933ff68
        Message-Authenticator = 0x00000000000000000000000000000000
        State = 0x755bfbedfa6869ad81467bd68d09ef92
Finished request 6
Going to the next request
Waking up in 6 seconds...
rad_recv: Access-Request packet from host 131.107.2.192:6001, id=231,
length=181
        User-Name = "john"
        NAS-IP-Address = 131.107.2.192
        Called-Station-Id = "00-20-A6-56-70-D5:ISU"
        Calling-Station-Id = "00-02-2D-34-1F-58"
        NAS-Identifier = "AP4000ComputerLab"
        State = 0x755bfbedfa6869ad81467bd68d09ef92
        Framed-MTU = 1400
        NAS-Port-Type = Wireless-802.11
        EAP-Message =
0x020a00261900170301001b1c6180ac46ae08984abf5e6ceec8716d67f880e4093ac793371de0
        Message-Authenticator = 0x769e40d11b68670e5307238074b09ad6
  Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 7
  modcall[authorize]: module "preprocess" returns ok for request 7
  modcall[authorize]: module "chap" returns noop for request 7
  modcall[authorize]: module "mschap" returns noop for request 7
    rlm_realm: No '@' in User-Name = "john", looking up realm NULL
    rlm_realm: No such realm "NULL"
  modcall[authorize]: module "suffix" returns noop for request 7
  rlm_eap: EAP packet type response id 10 length 38
  rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
  modcall[authorize]: module "eap" returns updated for request 7
    users: Matched entry DEFAULT at line 156
  modcall[authorize]: module "files" returns ok for request 7
radius_xlat:  'john'
rlm_sql (sql): sql_set_user escaped user --> 'john'
radius_xlat:  'SELECT id,UserName,Attribute,Value,op FROM radcheck WHERE
Username = 'john' ORDER BY id'
rlm_sql (sql): Reserving sql socket id: 4
radius_xlat:  'SELECT
radgroupcheck.id,radgroupcheck.GroupName,radgroupcheck.Attribute,radgroupcheck.Value,radgroupcheck.op  
FROM radgroupcheck,usergroup WHERE usergroup.Username = 'john' AND
usergroup.GroupName = radgroupcheck.GroupName ORDER BY radgroupcheck.id'
radius_xlat:  'SELECT id,UserName,Attribute,Value,op FROM radreply WHERE
Username = 'john' ORDER BY id'
radius_xlat:  'SELECT
radgroupreply.id,radgroupreply.GroupName,radgroupreply.Attribute,radgroupreply.Value,radgroupreply.op  
FROM radgroupreply,usergroup WHERE usergroup.Username = 'john' AND
usergroup.GroupName = radgroupreply.GroupName ORDER BY radgroupreply.id'
rlm_sql (sql): Released sql socket id: 4
  modcall[authorize]: module "sql" returns ok for request 7
modcall: group authorize returns updated for request 7
  rad_check_password:  Found Auth-Type EAP
auth: type "EAP"
  Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 7
  rlm_eap: Request found, released from the list
  rlm_eap: EAP/peap
  rlm_eap: processing type peap
  rlm_eap_peap: Authenticate
  rlm_eap_tls: processing TLS
  eaptls_verify returned 7  
  rlm_eap_tls: Done initial handshake
  eaptls_process returned 7  
  rlm_eap_peap: EAPTLS_OK
  rlm_eap_peap: Session established.  Decoding tunneled attributes.
  rlm_eap_peap: Received EAP-TLV response.
  rlm_eap_peap: Tunneled data is valid.
  rlm_eap_peap:  Had sent TLV failure, rejecting.
 rlm_eap: Handler failed in EAP/peap
  rlm_eap: Failed in EAP select
  modcall[authenticate]: module "eap" returns invalid for request 7
modcall: group authenticate returns invalid for request 7
auth: Failed to validate the user.
Delaying request 7 for 1 seconds
Finished request 7
Going to the next request
Waking up in 6 seconds...
rad_recv: Access-Request packet from host 131.107.2.192:6001, id=231,
length=181
Sending Access-Reject of id 231 to 131.107.2.192:6001
        EAP-Message = 0x040a0004
        Message-Authenticator = 0x00000000000000000000000000000000
--- Walking the entire request list ---
Waking up in 3 seconds...
rad_recv: Access-Request packet from host 131.107.2.192:6001, id=232,
length=111
        User-Name = "00-02-2D-34-1F-58"
        User-Password = "atx"
        NAS-IP-Address = 131.107.2.192
        Called-Station-Id = "00-20-A6-56-70-D5:ISU"
        Calling-Station-Id = "00-02-2D-34-1F-58"
        NAS-Port = 0
  Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 8
  modcall[authorize]: module "preprocess" returns ok for request 8
  modcall[authorize]: module "chap" returns noop for request 8
  modcall[authorize]: module "mschap" returns noop for request 8
    rlm_realm: No '@' in User-Name = "00-02-2D-34-1F-58", looking up realm
NULL
    rlm_realm: No such realm "NULL"
  modcall[authorize]: module "suffix" returns noop for request 8
  rlm_eap: No EAP-Message, not doing EAP
  modcall[authorize]: module "eap" returns noop for request 8
    users: Matched entry DEFAULT at line 156
  modcall[authorize]: module "files" returns ok for request 8
radius_xlat:  '00-02-2D-34-1F-58'
rlm_sql (sql): sql_set_user escaped user --> '00-02-2D-34-1F-58'
radius_xlat:  'SELECT id,UserName,Attribute,Value,op FROM radcheck WHERE
Username = '00-02-2D-34-1F-58' ORDER BY id'
rlm_sql (sql): Reserving sql socket id: 3
rlm_sql (sql): User 00-02-2D-34-1F-58 not found in radcheck
radius_xlat:  'SELECT
radgroupcheck.id,radgroupcheck.GroupName,radgroupcheck.Attribute,radgroupcheck.Value,radgroupcheck.op  
FROM radgroupcheck,usergroup WHERE usergroup.Username = '00-02-2D-34-1F-58'
AND usergroup.GroupName = radgroupcheck.GroupName ORDER BY radgroupcheck.id'
radius_xlat:  'SELECT
radgroupreply.id,radgroupreply.GroupName,radgroupreply.Attribute,radgroupreply.Value,radgroupreply.op  
FROM radgroupreply,usergroup WHERE usergroup.Username = '00-02-2D-34-1F-58'
AND usergroup.GroupName = radgroupreply.GroupName ORDER BY radgroupreply.id'
rlm_sql (sql): User 00-02-2D-34-1F-58 not found in radgroupcheck
rlm_sql (sql): User not found
rlm_sql (sql): Released sql socket id: 3
  modcall[authorize]: module "sql" returns notfound for request 8
modcall: group authorize returns ok for request 8
  rad_check_password:  Found Auth-Type EAP
auth: type "EAP"
  Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 8
rlm_eap: EAP-Message not found
rlm_eap: Malformed EAP Message
  modcall[authenticate]: module "eap" returns fail for request 8
modcall: group authenticate returns fail for request 8
auth: Failed to validate the user.
Delaying request 8 for 1 seconds
Finished request 8
Going to the next request
--- Walking the entire request list ---
Waking up in 1 seconds...
--- Walking the entire request list ---
Waking up in 1 seconds...
--- Walking the entire request list ---
Cleaning up request 0 ID 224 with timestamp 42948830
Cleaning up request 1 ID 225 with timestamp 42948830
Cleaning up request 2 ID 226 with timestamp 42948830
Cleaning up request 3 ID 227 with timestamp 42948830
Cleaning up request 4 ID 228 with timestamp 42948830
Cleaning up request 5 ID 229 with timestamp 42948830
Cleaning up request 6 ID 230 with timestamp 42948830
Cleaning up request 7 ID 231 with timestamp 42948830
Sending Access-Reject of id 232 to 131.107.2.192:6001
Waking up in 4 seconds...
--- Walking the entire request list ---
Cleaning up request 8 ID 232 with timestamp 42948834
Nothing to do.  Sleeping until we see a request.
 
 
--  
Open WebMail Project (http://openwebmail.org)
 

-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
| Threaded
Open this post in threaded view
|

Re: Freeradius and users in mysql database

Alan DeKok
"Mwonge Richard" <[hidden email]> wrote:
> I have configured freeradius EAP-TLS/PEAP and it works fine if i put
> my users in the users file. I tried to store my users in mysql
> databases but it seem not to work well. Can anyone help below are
> the logs

  Please READ the logs.

> rlm_sql (sql): User not found

  What does that mean to you?

>   rad_check_password:  Found Auth-Type EAP
> auth: type "EAP"
>   Processing the authenticate section of radiusd.conf
> modcall: entering group authenticate for request 8
> rlm_eap: EAP-Message not found

  Don't set Auth-Type = EAP.

  Alan DeKok.

-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html