Is there any way, to define all this options only in the mysql-database, because I prefer to manage all user and devices in one database. I don't want to manage a second database or file, like the users file.
Btw. what about the "copy_request_to_tunnel" option in eap.conf. I tried already "no" and "yes" but no success. Could this perhaps a way to solve this problem? Thanks so far. Canram. ----- Michael Griego wrote ----- Actually, this has to do with the tunnelled request. PEAP does not copy this attribute into the tunnelled request, so your comparison fails. You'll need to do this check on the outside of the tunnel, such as: canram FreeRADIUS-Proxied-To !* "", Calling-Station-Id != "000d88522f1f", Auth-Type := Reject canram FreeRADIUS-Proxied-To == 127.0.0.1, User-Password == "123123" The above lines may wrap, but each is on its own separate line. --Mike On Mon, 2004-05-24 at 17:14, Anson Rinesmith wrote: > Maybe your OP needs to be := > Just something you could try, before an educated answer happens by. > > > -----Original Message----- > > From: [EMAIL PROTECTED] > > [mailto:freeradius- [EMAIL PROTECTED] On Behalf Of > > Stefan Grünbaum > > Sent: Monday, May 24, 2004 4:21 PM > > To: [EMAIL PROTECTED] > > Subject: Problem using "Calling-Station-Id"-Attribute in radcheck > > > > Hello, > > > > I´m using Freeradius (May,24,2004) with Mysql and PEAP for > > Authentication of a Wireless-Lan Client. If I only check Username & > > Password, everything works fine. > > > > Now, I want also to check the MAC-Address of this Wireless-Lan > > Client. Therefore I added the "Calling-Station-Id"-Attribute to the > > radcheck table. > > > > > > mysql> select * from radcheck; > > +----+----------+--------------------+----+--------------+ > > | id | UserName | Attribute | op | Value | > > +----+----------+--------------------+----+--------------+ > > | 1 | canram | User-Password | == | 123123 | > > | 2 | canram | Calling-Station-Id | == | 000d88522f1f | > > +----+----------+--------------------+----+--------------+ > > 2 rows in set (0.00 sec) > > > > > > Unfortunatelly, freeradius cannot validate this user anymore. Are > > there any config-files I have to change? Please see the > > freeradiusdebug output below. > > > > -------------------------------------------------------------------- > > ---- > > ---------------- > > rad_recv: Access-Request packet from host 192.168.200.245:2048, id=0, > > length=125 > > User-Name = "canram" > > NAS-IP-Address = 192.168.200.245 > > Called-Station-Id = "0006253bdc49" > > Calling-Station-Id = "000d88522f1f" > > NAS-Identifier = "0006253bdc49" > > NAS-Port = 34 > > Framed-MTU = 1400 > > NAS-Port-Type = Wireless-802.11 > > EAP-Message = 0x0200000b0163616e72616d > > Message-Authenticator = 0xfc56758dc0f3401bff35dc7ff7661def > > Processing the authorize section of radiusd.conf > > modcall: entering group authorize for request 0 > > modcall[authorize]: module "preprocess" returns ok for request 0 > > modcall[authorize]: module "chap" returns noop for request 0 > > modcall[authorize]: module "mschap" returns noop for request 0 > > rlm_realm: No '@' in User-Name = "canram", looking up realm NULL > > rlm_realm: No such realm "NULL" > > modcall[authorize]: module "suffix" returns noop for request 0 > > rlm_eap: EAP packet type response id 0 length 11 > > rlm_eap: No EAP Start, assuming it's an on-going EAP conversation > > modcall[authorize]: module "eap" returns updated for request 0 > > modcall[authorize]: module "files" returns notfound for request 0 > > radius_xlat: 'canram' > > rlm_sql (sql): sql_set_user escaped user --> 'canram' > > radius_xlat: 'SELECT id,UserName,Attribute,Value,op FROM radcheck WHERE > > Username = 'canram' ORDER BY id' rlm_sql (sql): Reserving sql socket id: > > 4 > > radius_xlat: 'SELECT > > radgroupcheck.id,radgroupcheck.GroupName,radgroupcheck.Attribute,radgrou > > pcheck.Value,radgroupcheck.op FROM radgroupcheck,usergroup WHERE > > usergroup.Username = 'canram' AND usergroup.GroupName = > > radgroupcheck.GroupName ORDER BY radgroupcheck.id' > > radius_xlat: 'SELECT id,UserName,Attribute,Value,op FROM radreply WHERE > > Username = 'canram' ORDER BY id' > > radius_xlat: 'SELECT > > radgroupreply.id,radgroupreply.GroupName,radgroupreply.Attribute,radgrou > > preply.Value,radgroupreply.op FROM radgroupreply,usergroup WHERE > > usergroup.Username = 'canram' AND usergroup.GroupName = > > radgroupreply.GroupName ORDER BY radgroupreply.id' rlm_sql (sql): > > Released sql socket id: 4 > > modcall[authorize]: module "sql" returns ok for request 0 > > modcall: group authorize returns updated for request 0 > > rad_check_password: Found Auth-Type EAP > > auth: type "EAP" > > Processing the authenticate section of radiusd.conf > > modcall: entering group authenticate for request 0 > > rlm_eap: EAP Identity > > rlm_eap: processing type md5 > > rlm_eap_md5: Issuing Challenge > > modcall[authenticate]: module "eap" returns handled for request 0 > > modcall: group authenticate returns handled for request 0 Sending > > Access-Challenge of id 0 to 192.168.200.245:2048 > > EAP-Message = 0x0101001604100f6fa9e8b28c56ac8f9621226c76b4ae > > Message-Authenticator = 0x00000000000000000000000000000000 > > State = 0xde6114c592a60d68537235ef5398a9b4 > > Finished request 0 > > Going to the next request > > --- Walking the entire request list --- > > Waking up in 6 seconds... > > rad_recv: Access-Request packet from host 192.168.200.245:2048, id=0, > > length=138 > > User-Name = "canram" > > NAS-IP-Address = 192.168.200.245 > > Called-Station-Id = "0006253bdc49" > > Calling-Station-Id = "000d88522f1f" > > NAS-Identifier = "0006253bdc49" > > NAS-Port = 34 > > Framed-MTU = 1400 > > State = 0xde6114c592a60d68537235ef5398a9b4 > > NAS-Port-Type = Wireless-802.11 > > EAP-Message = 0x020100060319 > > Message-Authenticator = 0xdeaffa0daedbb6a175f225a568170aa8 > > Processing the authorize section of radiusd.conf > > modcall: entering group authorize for request 1 > > modcall[authorize]: module "preprocess" returns ok for request 1 > > modcall[authorize]: module "chap" returns noop for request 1 > > modcall[authorize]: module "mschap" returns noop for request 1 > > rlm_realm: No '@' in User-Name = "canram", looking up realm NULL > > rlm_realm: No such realm "NULL" > > modcall[authorize]: module "suffix" returns noop for request 1 > > rlm_eap: EAP packet type response id 1 length 6 > > rlm_eap: No EAP Start, assuming it's an on-going EAP conversation > > modcall[authorize]: module "eap" returns updated for request 1 > > modcall[authorize]: module "files" returns notfound for request 1 > > radius_xlat: 'canram' > > rlm_sql (sql): sql_set_user escaped user --> 'canram' > > radius_xlat: 'SELECT id,UserName,Attribute,Value,op FROM radcheck WHERE > > Username = 'canram' ORDER BY id' rlm_sql (sql): Reserving sql socket id: > > 3 > > radius_xlat: 'SELECT > > radgroupcheck.id,radgroupcheck.GroupName,radgroupcheck.Attribute,radgrou > > pcheck.Value,radgroupcheck.op FROM radgroupcheck,usergroup WHERE > > usergroup.Username = 'canram' AND usergroup.GroupName = > > radgroupcheck.GroupName ORDER BY radgroupcheck.id' > > radius_xlat: 'SELECT id,UserName,Attribute,Value,op FROM radreply WHERE > > Username = 'canram' ORDER BY id' > > radius_xlat: 'SELECT > > radgroupreply.id,radgroupreply.GroupName,radgroupreply.Attribute,radgrou > > preply.Value,radgroupreply.op FROM radgroupreply,usergroup WHERE > > usergroup.Username = 'canram' AND usergroup.GroupName = > > radgroupreply.GroupName ORDER BY radgroupreply.id' rlm_sql (sql): > > Released sql socket id: 3 > > modcall[authorize]: module "sql" returns ok for request 1 > > modcall: group authorize returns updated for request 1 > > rad_check_password: Found Auth-Type EAP > > auth: type "EAP" > > Processing the authenticate section of radiusd.conf > > modcall: entering group authenticate for request 1 > > rlm_eap: Request found, released from the list > > rlm_eap: EAP NAK > > rlm_eap: EAP-NAK asked for EAP-Type/peap > > rlm_eap: processing type tls > > rlm_eap_tls: Initiate > > rlm_eap_tls: Start returned 1 > > modcall[authenticate]: module "eap" returns handled for request 1 > > modcall: group authenticate returns handled for request 1 Sending > > Access-Challenge of id 0 to 192.168.200.245:2048 > > EAP-Message = 0x010200061920 > > Message-Authenticator = 0x00000000000000000000000000000000 > > State = 0xc4e92696c6aeeb274498b25d26396c08 > > Finished request 1 > > Going to the next request > > rl_next: returning NULL > > Waking up in 6 seconds... > > rad_recv: Access-Request packet from host 192.168.200.245:2048, id=0, > > length=212 > > User-Name = "canram" > > NAS-IP-Address = 192.168.200.245 > > Called-Station-Id = "0006253bdc49" > > Calling-Station-Id = "000d88522f1f" > > NAS-Identifier = "0006253bdc49" > > NAS-Port = 34 > > Framed-MTU = 1400 > > State = 0xc4e92696c6aeeb274498b25d26396c08 > > NAS-Port-Type = Wireless-802.11 > > EAP-Message = > > 0x0202005019800000004616030100410100003d03014080713d0564ca6edc71302e4aae > > 719f109ec79e84b0fc7fffc07838a3aa42f000001600040005000a000900640062000300 > > 060013001200630100 > > Message-Authenticator = 0x4e10e88d93fd4e8ba2838b85d22c7a17 > > Processing the authorize section of radiusd.conf > > modcall: entering group authorize for request 2 > > modcall[authorize]: module "preprocess" returns ok for request 2 > > modcall[authorize]: module "chap" returns noop for request 2 > > modcall[authorize]: module "mschap" returns noop for request 2 > > rlm_realm: No '@' in User-Name = "canram", looking up realm NULL > > rlm_realm: No such realm "NULL" > > modcall[authorize]: module "suffix" returns noop for request 2 > > rlm_eap: EAP packet type response id 2 length 80 > > rlm_eap: No EAP Start, assuming it's an on-going EAP conversation > > modcall[authorize]: module "eap" returns updated for request 2 > > modcall[authorize]: module "files" returns notfound for request 2 > > radius_xlat: 'canram' > > rlm_sql (sql): sql_set_user escaped user --> 'canram' > > radius_xlat: 'SELECT id,UserName,Attribute,Value,op FROM radcheck WHERE > > Username = 'canram' ORDER BY id' rlm_sql (sql): Reserving sql socket id: > > 2 > > radius_xlat: 'SELECT > > radgroupcheck.id,radgroupcheck.GroupName,radgroupcheck.Attribute,radgrou > > pcheck.Value,radgroupcheck.op FROM radgroupcheck,usergroup WHERE > > usergroup.Username = 'canram' AND usergroup.GroupName = > > radgroupcheck.GroupName ORDER BY radgroupcheck.id' > > radius_xlat: 'SELECT id,UserName,Attribute,Value,op FROM radreply WHERE > > Username = 'canram' ORDER BY id' > > radius_xlat: 'SELECT > > radgroupreply.id,radgroupreply.GroupName,radgroupreply.Attribute,radgrou > > preply.Value,radgroupreply.op FROM radgroupreply,usergroup WHERE > > usergroup.Username = 'canram' AND usergroup.GroupName = > > radgroupreply.GroupName ORDER BY radgroupreply.id' rlm_sql (sql): > > Released sql socket id: 2 > > modcall[authorize]: module "sql" returns ok for request 2 > > modcall: group authorize returns updated for request 2 > > rad_check_password: Found Auth-Type EAP > > auth: type "EAP" > > Processing the authenticate section of radiusd.conf > > modcall: entering group authenticate for request 2 > > rlm_eap: Request found, released from the list > > rlm_eap: EAP/peap > > rlm_eap: processing type peap > > rlm_eap_peap: Authenticate > > rlm_eap_tls: processing TLS > > rlm_eap_tls: Length Included > > eaptls_verify returned 11 > > (other): before/accept initialization > > TLS_accept: before/accept initialization > > rlm_eap_tls: <<< TLS 1.0 Handshake [length 0041], ClientHello > > TLS_accept: SSLv3 read client hello A > > rlm_eap_tls: >>> TLS 1.0 Handshake [length 004a], ServerHello > > TLS_accept: SSLv3 write server hello A > > rlm_eap_tls: >>> TLS 1.0 Handshake [length 0694], Certificate > > TLS_accept: SSLv3 write certificate A > > rlm_eap_tls: >>> TLS 1.0 Handshake [length 0004], ServerHelloDone > > TLS_accept: SSLv3 write server done A > > TLS_accept: SSLv3 flush data > > TLS_accept:error in SSLv3 read client certificate A > > In SSL Handshake Phase > > In SSL Accept mode > > eaptls_process returned 13 > > rlm_eap_peap: EAPTLS_HANDLED > > modcall[authenticate]: module "eap" returns handled for request 2 > > modcall: group authenticate returns handled for request 2 Sending > > Access-Challenge of id 0 to 192.168.200.245:2048 > > EAP-Message = > > 0x0103040a19c0000006f1160301004a020000460301408060e25e0fc92a3564521abd4c > > 59d56e68cc5af590e0f6384737eb7867be092010970973b392195dc8161946fc4f64f0e4 > > 06bec17ab0bb3390aa4016130dd12400040016030106940b00069000068d0002cd308202 > > c930820232a003020102020102300d06092a864886f70d010104050030819f310b300906 > > 03550406130243413111300f0603550408130850726f76696e6365311230100603550407 > > 1309536f6d65204369747931153013060355040a130c4f7267616e697a6174696f6e3112 > > 3010060355040b13096c6f63616c686f7374311b301906035504031312436c69656e7420 > > 6365 > > EAP-Message = > > 0x7274696669636174653121301f06092a864886f70d0109011612636c69656e74406578 > > 616d706c652e636f6d301e170d3034303132353133323631305a170d3035303132343133 > > 323631305a30819b310b30090603550406130243413111300f0603550408130850726f76 > > 696e63653112301006035504071309536f6d65204369747931153013060355040a130c4f > > 7267616e697a6174696f6e31123010060355040b13096c6f63616c686f73743119301706 > > 035504031310526f6f74206365727469666963617465311f301d06092a864886f70d0109 > > 011610726f6f74406578616d706c652e636f6d30819f300d06092a864886f70d01010105 > > 0003 > > EAP-Message = > > 0x818d0030818902818100dac525422bfedb082629a2cba44b3449c90d0ab462fb72c843 > > 4a782098863d7eb7d7e70028c2b7ad555a51cc756cf4fa1d7091615ab450d5289553ae66 > > 16aff014a55085d6b8fb4aee98638e426175cdd36c665c63cda177d34920eb30585edc87 > > 73999c2980f81ad4638bbbea1c82d054023db7ef24a3ec1c3f6241a903d7f30203010001 > > a317301530130603551d25040c300a06082b06010505070301300d06092a864886f70d01 > > 01040500038181007a2d921b1cf13bf2982a9178ec9ede6d88edc178a2e8bd40a0a06fb6 > > f0769957884cd7084537083496fd184165293f583c8e8240eb68e042c94b15752e4c07e8 > > 0d09 > > EAP-Message = > > 0x779afa3dd55c24fa54ac292d77205d1c2477ed30d59f57caf9bd21ff2a8d16cc0911c5 > > 0e4f295763fcb60efa3c3d2d0e43850f6e6fbe284902f6e83503650003ba308203b63082 > > 031fa003020102020100300d06092a864886f70d010104050030819f310b300906035504 > > 06130243413111300f0603550408130850726f76696e6365311230100603550407130953 > > 6f6d65204369747931153013060355040a130c4f7267616e697a6174696f6e3112301006 > > 0355040b13096c6f63616c686f7374311b301906035504031312436c69656e7420636572 > > 74696669636174653121301f06092a864886f70d0109011612636c69656e74406578616d > > 706c > > EAP-Message = 0x652e636f6d301e170d3034303132353133323630375a > > Message-Authenticator = 0x00000000000000000000000000000000 > > State = 0xebaa8eb795cefc4c602f3dd8aec3e97b > > Finished request 2 > > Going to the next request > > rl_next: returning NULL > > Waking up in 6 seconds... > > rad_recv: Access-Request packet from host 192.168.200.245:2048, id=0, > > length=138 > > User-Name = "canram" > > NAS-IP-Address = 192.168.200.245 > > Called-Station-Id = "0006253bdc49" > > Calling-Station-Id = "000d88522f1f" > > NAS-Identifier = "0006253bdc49" > > NAS-Port = 34 > > Framed-MTU = 1400 > > State = 0xebaa8eb795cefc4c602f3dd8aec3e97b > > NAS-Port-Type = Wireless-802.11 > > EAP-Message = 0x020300061900 > > Message-Authenticator = 0xefb2ab8e5c7c38823dc5d885a5f7b4aa > > Processing the authorize section of radiusd.conf > > modcall: entering group authorize for request 3 > > modcall[authorize]: module "preprocess" returns ok for request 3 > > modcall[authorize]: module "chap" returns noop for request 3 > > modcall[authorize]: module "mschap" returns noop for request 3 > > rlm_realm: No '@' in User-Name = "canram", looking up realm NULL > > rlm_realm: No such realm "NULL" > > modcall[authorize]: module "suffix" returns noop for request 3 > > rlm_eap: EAP packet type response id 3 length 6 > > rlm_eap: No EAP Start, assuming it's an on-going EAP conversation > > modcall[authorize]: module "eap" returns updated for request 3 > > modcall[authorize]: module "files" returns notfound for request 3 > > radius_xlat: 'canram' > > rlm_sql (sql): sql_set_user escaped user --> 'canram' > > radius_xlat: 'SELECT id,UserName,Attribute,Value,op FROM radcheck WHERE > > Username = 'canram' ORDER BY id' rlm_sql (sql): Reserving sql socket id: > > 1 > > radius_xlat: 'SELECT > > radgroupcheck.id,radgroupcheck.GroupName,radgroupcheck.Attribute,radgrou > > pcheck.Value,radgroupcheck.op FROM radgroupcheck,usergroup WHERE > > usergroup.Username = 'canram' AND usergroup.GroupName = > > radgroupcheck.GroupName ORDER BY radgroupcheck.id' > > radius_xlat: 'SELECT id,UserName,Attribute,Value,op FROM radreply WHERE > > Username = 'canram' ORDER BY id' > > radius_xlat: 'SELECT > > radgroupreply.id,radgroupreply.GroupName,radgroupreply.Attribute,radgrou > > preply.Value,radgroupreply.op FROM radgroupreply,usergroup WHERE > > usergroup.Username = 'canram' AND usergroup.GroupName = > > radgroupreply.GroupName ORDER BY radgroupreply.id' rlm_sql (sql): > > Released sql socket id: 1 > > modcall[authorize]: module "sql" returns ok for request 3 > > modcall: group authorize returns updated for request 3 > > rad_check_password: Found Auth-Type EAP > > auth: type "EAP" > > Processing the authenticate section of radiusd.conf > > modcall: entering group authenticate for request 3 > > rlm_eap: Request found, released from the list > > rlm_eap: EAP/peap > > rlm_eap: processing type peap > > rlm_eap_peap: Authenticate > > rlm_eap_tls: processing TLS > > rlm_eap_tls: Received EAP-TLS ACK message > > rlm_eap_tls: ack handshake fragment handler > > eaptls_verify returned 1 > > eaptls_process returned 13 > > rlm_eap_peap: EAPTLS_HANDLED > > modcall[authenticate]: module "eap" returns handled for request 3 > > modcall: group authenticate returns handled for request 3 Sending > > Access-Challenge of id 0 to 192.168.200.245:2048 > > EAP-Message = > > 0x010402f71900170d3036303132343133323630375a30819f310b300906035504061302 > > 43413111300f0603550408130850726f76696e63653112301006035504071309536f6d65 > > 204369747931153013060355040a130c4f7267616e697a6174696f6e3112301006035504 > > 0b13096c6f63616c686f7374311b301906035504031312436c69656e7420636572746966 > > 69636174653121301f06092a864886f70d0109011612636c69656e74406578616d706c65 > > 2e636f6d30819f300d06092a864886f70d010101050003818d0030818902818100d4c5b1 > > 9724f164acf1ffb189db1c8fbff4f14396ea7cb1e90f78d69451725377895dfe52ccb99b > > 41e8 > > EAP-Message = > > 0x0ddeb58b127a943f4f58cbc562878192fbdc6fece9f871e7c130d35cf5188817e9b133 > > 249edd2a1c75d31043ae87553cec7a77ef26aa7d74281db9b77e17c6446c5dd9b188b432 > > 50ca0229963722a123a726b00b4027fd0203010001a381ff3081fc301d0603551d0e0416 > > 041468d36d3e1ee7bc9d5a057021c363da1365d1ade33081cc0603551d230481c43081c1 > > 801468d36d3e1ee7bc9d5a057021c363da1365d1ade3a181a5a481a230819f310b300906 > > 03550406130243413111300f0603550408130850726f76696e6365311230100603550407 > > 1309536f6d65204369747931153013060355040a130c4f7267616e697a6174696f6e3112 > > 3010 > > EAP-Message = > > 0x060355040b13096c6f63616c686f7374311b301906035504031312436c69656e742063 > > 657274696669636174653121301f06092a864886f70d0109011612636c69656e74406578 > > 616d706c652e636f6d820100300c0603551d13040530030101ff300d06092a864886f70d > > 01010405000381810033c00b66b1e579ef73a06798252dab8d5e5511fc00fd276d80d12f > > 834777c6743fdc2743fca1507704e4bc0979e4f60ac3ad9ee83e6f347369229d1f77229b > > a2e982359da563024a00163dba6d6c986c0bad28af85132ff8f0d76501bf1b7c2dff658c > > e1e62c01997b6e64e3e8d4373354ce9912847651539063b85bbc5485c516030100040e00 > > 0000 > > Message-Authenticator = 0x00000000000000000000000000000000 > > State = 0x6a152788b489851c529373300800ea88 > > Finished request 3 > > Going to the next request > > rl_next: returning NULL > > Waking up in 6 seconds... > > rad_recv: Access-Request packet from host 192.168.200.245:2048, id=0, > > length=324 > > User-Name = "canram" > > NAS-IP-Address = 192.168.200.245 > > Called-Station-Id = "0006253bdc49" > > Calling-Station-Id = "000d88522f1f" > > NAS-Identifier = "0006253bdc49" > > NAS-Port = 34 > > Framed-MTU = 1400 > > State = 0x6a152788b489851c529373300800ea88 > > NAS-Port-Type = Wireless-802.11 > > EAP-Message = > > 0x020400c01980000000b616030100861000008200801f42c9b951196547dc8c43ef65be > > 2148d01bcbd702e16c55078873d4098cb4fadd4ac91d260377e0280578b8fc1d74a9a472 > > 41c5972ae1618a5f06efeff4f0dc239af9c1566186eea8c2f6fd55305293c50abb73ef6e > > 9421e077280477350d119026b363a7e668bfb4dda35abd1009e952a80378669b08e9ec19 > > f03389bc52761403010001011603010020e7907e3423de290d3b633c00f480f232aaf5a4 > > f964a32869da048a760e4a9aca > > Message-Authenticator = 0x4b7e2c057c569a6cbb2307fe2fab0100 > > Processing the authorize section of radiusd.conf > > modcall: entering group authorize for request 4 > > modcall[authorize]: module "preprocess" returns ok for request 4 > > modcall[authorize]: module "chap" returns noop for request 4 > > modcall[authorize]: module "mschap" returns noop for request 4 > > rlm_realm: No '@' in User-Name = "canram", looking up realm NULL > > rlm_realm: No such realm "NULL" > > modcall[authorize]: module "suffix" returns noop for request 4 > > rlm_eap: EAP packet type response id 4 length 192 > > rlm_eap: No EAP Start, assuming it's an on-going EAP conversation > > modcall[authorize]: module "eap" returns updated for request 4 > > modcall[authorize]: module "files" returns notfound for request 4 > > radius_xlat: 'canram' > > rlm_sql (sql): sql_set_user escaped user --> 'canram' > > radius_xlat: 'SELECT id,UserName,Attribute,Value,op FROM radcheck WHERE > > Username = 'canram' ORDER BY id' rlm_sql (sql): Reserving sql socket id: > > 0 > > radius_xlat: 'SELECT > > radgroupcheck.id,radgroupcheck.GroupName,radgroupcheck.Attribute,radgrou > > pcheck.Value,radgroupcheck.op FROM radgroupcheck,usergroup WHERE > > usergroup.Username = 'canram' AND usergroup.GroupName = > > radgroupcheck.GroupName ORDER BY radgroupcheck.id' > > radius_xlat: 'SELECT id,UserName,Attribute,Value,op FROM radreply WHERE > > Username = 'canram' ORDER BY id' > > radius_xlat: 'SELECT > > radgroupreply.id,radgroupreply.GroupName,radgroupreply.Attribute,radgrou > > preply.Value,radgroupreply.op FROM radgroupreply,usergroup WHERE > > usergroup.Username = 'canram' AND usergroup.GroupName = > > radgroupreply.GroupName ORDER BY radgroupreply.id' rlm_sql (sql): > > Released sql socket id: 0 > > modcall[authorize]: module "sql" returns ok for request 4 > > modcall: group authorize returns updated for request 4 > > rad_check_password: Found Auth-Type EAP > > auth: type "EAP" > > Processing the authenticate section of radiusd.conf > > modcall: entering group authenticate for request 4 > > rlm_eap: Request found, released from the list > > rlm_eap: EAP/peap > > rlm_eap: processing type peap > > rlm_eap_peap: Authenticate > > rlm_eap_tls: processing TLS > > rlm_eap_tls: Length Included > > eaptls_verify returned 11 > > rlm_eap_tls: <<< TLS 1.0 Handshake [length 0086], ClientKeyExchange > > TLS_accept: SSLv3 read client key exchange A > > rlm_eap_tls: <<< TLS 1.0 ChangeCipherSpec [length 0001] > > rlm_eap_tls: <<< TLS 1.0 Handshake [length 0010], Finished > > TLS_accept: SSLv3 read finished A > > rlm_eap_tls: >>> TLS 1.0 ChangeCipherSpec [length 0001] > > TLS_accept: SSLv3 write change cipher spec A > > rlm_eap_tls: >>> TLS 1.0 Handshake [length 0010], Finished > > TLS_accept: SSLv3 write finished A > > TLS_accept: SSLv3 flush data > > (other): SSL negotiation finished successfully > > SSL Connection Established > > eaptls_process returned 13 > > rlm_eap_peap: EAPTLS_HANDLED > > modcall[authenticate]: module "eap" returns handled for request 4 > > modcall: group authenticate returns handled for request 4 Sending > > Access-Challenge of id 0 to 192.168.200.245:2048 > > EAP-Message = > > 0x0105003119001403010001011603010020431f3453d67a09c5a957714ac4f830a3d644 > > ce9e3fd240d727d820158f78e3b3 > > Message-Authenticator = 0x00000000000000000000000000000000 > > State = 0x91506b3601ce44bf616c82aee1b8a1dd > > Finished request 4 > > Going to the next request > > rl_next: returning NULL > > Waking up in 6 seconds... > > rad_recv: Access-Request packet from host 192.168.200.245:2048, id=0, > > length=138 > > User-Name = "canram" > > NAS-IP-Address = 192.168.200.245 > > Called-Station-Id = "0006253bdc49" > > Calling-Station-Id = "000d88522f1f" > > NAS-Identifier = "0006253bdc49" > > NAS-Port = 34 > > Framed-MTU = 1400 > > State = 0x91506b3601ce44bf616c82aee1b8a1dd > > NAS-Port-Type = Wireless-802.11 > > EAP-Message = 0x020500061900 > > Message-Authenticator = 0x1b77af8cebe2792f73db2e06b0c126e2 > > Processing the authorize section of radiusd.conf > > modcall: entering group authorize for request 5 > > modcall[authorize]: module "preprocess" returns ok for request 5 > > modcall[authorize]: module "chap" returns noop for request 5 > > modcall[authorize]: module "mschap" returns noop for request 5 > > rlm_realm: No '@' in User-Name = "canram", looking up realm NULL > > rlm_realm: No such realm "NULL" > > modcall[authorize]: module "suffix" returns noop for request 5 > > rlm_eap: EAP packet type response id 5 length 6 > > rlm_eap: No EAP Start, assuming it's an on-going EAP conversation > > modcall[authorize]: module "eap" returns updated for request 5 > > modcall[authorize]: module "files" returns notfound for request 5 > > radius_xlat: 'canram' > > rlm_sql (sql): sql_set_user escaped user --> 'canram' > > radius_xlat: 'SELECT id,UserName,Attribute,Value,op FROM radcheck WHERE > > Username = 'canram' ORDER BY id' rlm_sql (sql): Reserving sql socket id: > > 4 > > radius_xlat: 'SELECT > > radgroupcheck.id,radgroupcheck.GroupName,radgroupcheck.Attribute,radgrou > > pcheck.Value,radgroupcheck.op FROM radgroupcheck,usergroup WHERE > > usergroup.Username = 'canram' AND usergroup.GroupName = > > radgroupcheck.GroupName ORDER BY radgroupcheck.id' > > radius_xlat: 'SELECT id,UserName,Attribute,Value,op FROM radreply WHERE > > Username = 'canram' ORDER BY id' > > radius_xlat: 'SELECT > > radgroupreply.id,radgroupreply.GroupName,radgroupreply.Attribute,radgrou > > preply.Value,radgroupreply.op FROM radgroupreply,usergroup WHERE > > usergroup.Username = 'canram' AND usergroup.GroupName = > > radgroupreply.GroupName ORDER BY radgroupreply.id' rlm_sql (sql): > > Released sql socket id: 4 > > modcall[authorize]: module "sql" returns ok for request 5 > > modcall: group authorize returns updated for request 5 > > rad_check_password: Found Auth-Type EAP > > auth: type "EAP" > > Processing the authenticate section of radiusd.conf > > modcall: entering group authenticate for request 5 > > rlm_eap: Request found, released from the list > > rlm_eap: EAP/peap > > rlm_eap: processing type peap > > rlm_eap_peap: Authenticate > > rlm_eap_tls: processing TLS > > rlm_eap_tls: Received EAP-TLS ACK message > > rlm_eap_tls: ack handshake is finished > > eaptls_verify returned 3 > > eaptls_process returned 3 > > rlm_eap_peap: EAPTLS_SUCCESS > > modcall[authenticate]: module "eap" returns handled for request 5 > > modcall: group authenticate returns handled for request 5 Sending > > Access-Challenge of id 0 to 192.168.200.245:2048 > > EAP-Message = > > 0x010600201900170301001580226ede7d9c14ff5aa8565689635df95fced9e354 > > Message-Authenticator = 0x00000000000000000000000000000000 > > State = 0x3c5b2e9d5500d67553a162ec846cdcf0 > > Finished request 5 > > Going to the next request > > rl_next: returning NULL > > Waking up in 6 seconds... > > rad_recv: Access-Request packet from host 192.168.200.245:2048, id=0, > > length=166 > > User-Name = "canram" > > NAS-IP-Address = 192.168.200.245 > > Called-Station-Id = "0006253bdc49" > > Calling-Station-Id = "000d88522f1f" > > NAS-Identifier = "0006253bdc49" > > NAS-Port = 34 > > Framed-MTU = 1400 > > State = 0x3c5b2e9d5500d67553a162ec846cdcf0 > > NAS-Port-Type = Wireless-802.11 > > EAP-Message = > > 0x020600221900170301001701de6926f3b38c60e24dd22eb94fe5fc5ca00dac4d41e7 > > Message-Authenticator = 0x9b6126ebe5c8c82b44f8d954390a302d > > Processing the authorize section of radiusd.conf > > modcall: entering group authorize for request 6 > > modcall[authorize]: module "preprocess" returns ok for request 6 > > modcall[authorize]: module "chap" returns noop for request 6 > > modcall[authorize]: module "mschap" returns noop for request 6 > > rlm_realm: No '@' in User-Name = "canram", looking up realm NULL > > rlm_realm: No such realm "NULL" > > modcall[authorize]: module "suffix" returns noop for request 6 > > rlm_eap: EAP packet type response id 6 length 34 > > rlm_eap: No EAP Start, assuming it's an on-going EAP conversation > > modcall[authorize]: module "eap" returns updated for request 6 > > modcall[authorize]: module "files" returns notfound for request 6 > > radius_xlat: 'canram' > > rlm_sql (sql): sql_set_user escaped user --> 'canram' > > radius_xlat: 'SELECT id,UserName,Attribute,Value,op FROM radcheck WHERE > > Username = 'canram' ORDER BY id' rlm_sql (sql): Reserving sql socket id: > > 3 > > radius_xlat: 'SELECT > > radgroupcheck.id,radgroupcheck.GroupName,radgroupcheck.Attribute,radgrou > > pcheck.Value,radgroupcheck.op FROM radgroupcheck,usergroup WHERE > > usergroup.Username = 'canram' AND usergroup.GroupName = > > radgroupcheck.GroupName ORDER BY radgroupcheck.id' > > radius_xlat: 'SELECT id,UserName,Attribute,Value,op FROM radreply WHERE > > Username = 'canram' ORDER BY id' > > radius_xlat: 'SELECT > > radgroupreply.id,radgroupreply.GroupName,radgroupreply.Attribute,radgrou > > preply.Value,radgroupreply.op FROM radgroupreply,usergroup WHERE > > usergroup.Username = 'canram' AND usergroup.GroupName = > > radgroupreply.GroupName ORDER BY radgroupreply.id' rlm_sql (sql): > > Released sql socket id: 3 > > modcall[authorize]: module "sql" returns ok for request 6 > > modcall: group authorize returns updated for request 6 > > rad_check_password: Found Auth-Type EAP > > auth: type "EAP" > > Processing the authenticate section of radiusd.conf > > modcall: entering group authenticate for request 6 > > rlm_eap: Request found, released from the list > > rlm_eap: EAP/peap > > rlm_eap: processing type peap > > rlm_eap_peap: Authenticate > > rlm_eap_tls: processing TLS > > eaptls_verify returned 7 > > rlm_eap_tls: Done initial handshake > > eaptls_process returned 7 > > rlm_eap_peap: EAPTLS_OK > > rlm_eap_peap: Session established. Decoding tunneled attributes. > > rlm_eap_peap: Identity - canram > > rlm_eap_peap: Tunneled data is valid. > > PEAP: Got tunneled EAP-Message > > EAP-Message = 0x0206000b0163616e72616d > > PEAP: Got tunneled identity of canram > > PEAP: Setting default EAP type for tunneled EAP session. > > PEAP: Setting User-Name to canram > > PEAP: Sending tunneled request > > EAP-Message = 0x0206000b0163616e72616d > > FreeRADIUS-Proxied-To = 127.0.0.1 > > User-Name = "canram" > > Processing the authorize section of radiusd.conf > > modcall: entering group authorize for request 6 > > modcall[authorize]: module "preprocess" returns ok for request 6 > > modcall[authorize]: module "chap" returns noop for request 6 > > modcall[authorize]: module "mschap" returns noop for request 6 > > rlm_realm: No '@' in User-Name = "canram", looking up realm NULL > > rlm_realm: No such realm "NULL" > > modcall[authorize]: module "suffix" returns noop for request 6 > > rlm_eap: EAP packet type response id 6 length 11 > > rlm_eap: No EAP Start, assuming it's an on-going EAP conversation > > modcall[authorize]: module "eap" returns updated for request 6 > > modcall[authorize]: module "files" returns notfound for request 6 > > radius_xlat: 'canram' > > rlm_sql (sql): sql_set_user escaped user --> 'canram' > > radius_xlat: 'SELECT id,UserName,Attribute,Value,op FROM radcheck WHERE > > Username = 'canram' ORDER BY id' rlm_sql (sql): Reserving sql socket id: > > 2 > > radius_xlat: 'SELECT > > radgroupcheck.id,radgroupcheck.GroupName,radgroupcheck.Attribute,radgrou > > pcheck.Value,radgroupcheck.op FROM radgroupcheck,usergroup WHERE > > usergroup.Username = 'canram' AND usergroup.GroupName = > > radgroupcheck.GroupName ORDER BY radgroupcheck.id' > > radius_xlat: 'SELECT id,UserName,Attribute,Value,op FROM radreply WHERE > > Username = 'canram' ORDER BY id' > > radius_xlat: 'SELECT > > radgroupreply.id,radgroupreply.GroupName,radgroupreply.Attribute,radgrou > > preply.Value,radgroupreply.op FROM radgroupreply,usergroup WHERE > > usergroup.Username = 'canram' AND usergroup.GroupName = > > radgroupreply.GroupName ORDER BY radgroupreply.id' rlm_sql (sql): No > > matching entry in the database for request from user [canram] rlm_sql > > (sql): Released sql socket id: 2 > > modcall[authorize]: module "sql" returns notfound for request 6 > > modcall: group authorize returns updated for request 6 > > rad_check_password: Found Auth-Type EAP > > auth: type "EAP" > > Processing the authenticate section of radiusd.conf > > modcall: entering group authenticate for request 6 > > rlm_eap: EAP Identity > > rlm_eap: processing type mschapv2 > > rlm_eap_mschapv2: Issuing Challenge > > modcall[authenticate]: module "eap" returns handled for request 6 > > modcall: group authenticate returns handled for request 6 > > PEAP: Got tunneled reply RADIUS code 11 > > EAP-Message = > > 0x010700201a0107001b1095832a7a34a51cd90bf9b89cac4b205863616e72616d > > Message-Authenticator = 0x00000000000000000000000000000000 > > State = 0x3ae0a424865cfca18bca4fba00c6ec2e > > PEAP: Processing from tunneled session code 0x81711b8 11 > > EAP-Message = > > 0x010700201a0107001b1095832a7a34a51cd90bf9b89cac4b205863616e72616d > > Message-Authenticator = 0x00000000000000000000000000000000 > > State = 0x3ae0a424865cfca18bca4fba00c6ec2e > > PEAP: Got tunneled Access-Challenge > > modcall[authenticate]: module "eap" returns handled for request 6 > > modcall: group authenticate returns handled for request 6 Sending > > Access-Challenge of id 0 to 192.168.200.245:2048 > > EAP-Message = > > 0x010700371900170301002c49522bf26ac96bdefb22d05bb8f8202b7e27bf24143c3da5 > > 066663e4a8aeaebf7ab60c54434d641463bdb214 > > Message-Authenticator = 0x00000000000000000000000000000000 > > State = 0xaf67191da11ad1c702effc5f41e430f5 > > Finished request 6 > > Going to the next request > > rl_next: returning NULL > > Waking up in 6 seconds... > > rad_recv: Access-Request packet from host 192.168.200.245:2048, id=0, > > length=220 > > User-Name = "canram" > > NAS-IP-Address = 192.168.200.245 > > Called-Station-Id = "0006253bdc49" > > Calling-Station-Id = "000d88522f1f" > > NAS-Identifier = "0006253bdc49" > > NAS-Port = 34 > > Framed-MTU = 1400 > > State = 0xaf67191da11ad1c702effc5f41e430f5 > > NAS-Port-Type = Wireless-802.11 > > EAP-Message = > > 0x020700581900170301004d4a86af14b6dfcf46e883a4a91f8617646e963c0b93dee04b > > 16c5be35302ff3bf7a1ef02f8e5bc6668bd9fbda7f1b262756ce7ccd79ee81d545237aeb > > dba862d3f740a13e176d03bb4432d7dab2 > > Message-Authenticator = 0xaaa50f9816037ca646f07b0d11c42dbc > > Processing the authorize section of radiusd.conf > > modcall: entering group authorize for request 7 > > modcall[authorize]: module "preprocess" returns ok for request 7 > > modcall[authorize]: module "chap" returns noop for request 7 > > modcall[authorize]: module "mschap" returns noop for request 7 > > rlm_realm: No '@' in User-Name = "canram", looking up realm NULL > > rlm_realm: No such realm "NULL" > > modcall[authorize]: module "suffix" returns noop for request 7 > > rlm_eap: EAP packet type response id 7 length 88 > > rlm_eap: No EAP Start, assuming it's an on-going EAP conversation > > modcall[authorize]: module "eap" returns updated for request 7 > > modcall[authorize]: module "files" returns notfound for request 7 > > radius_xlat: 'canram' > > rlm_sql (sql): sql_set_user escaped user --> 'canram' > > radius_xlat: 'SELECT id,UserName,Attribute,Value,op FROM radcheck WHERE > > Username = 'canram' ORDER BY id' rlm_sql (sql): Reserving sql socket id: > > 1 > > radius_xlat: 'SELECT > > radgroupcheck.id,radgroupcheck.GroupName,radgroupcheck.Attribute,radgrou > > pcheck.Value,radgroupcheck.op FROM radgroupcheck,usergroup WHERE > > usergroup.Username = 'canram' AND usergroup.GroupName = > > radgroupcheck.GroupName ORDER BY radgroupcheck.id' > > radius_xlat: 'SELECT id,UserName,Attribute,Value,op FROM radreply WHERE > > Username = 'canram' ORDER BY id' > > radius_xlat: 'SELECT > > radgroupreply.id,radgroupreply.GroupName,radgroupreply.Attribute,radgrou > > preply.Value,radgroupreply.op FROM radgroupreply,usergroup WHERE > > usergroup.Username = 'canram' AND usergroup.GroupName = > > radgroupreply.GroupName ORDER BY radgroupreply.id' rlm_sql (sql): > > Released sql socket id: 1 > > modcall[authorize]: module "sql" returns ok for request 7 > > modcall: group authorize returns updated for request 7 > > rad_check_password: Found Auth-Type EAP > > auth: type "EAP" > > Processing the authenticate section of radiusd.conf > > modcall: entering group authenticate for request 7 > > rlm_eap: Request found, released from the list > > rlm_eap: EAP/peap > > rlm_eap: processing type peap > > rlm_eap_peap: Authenticate > > rlm_eap_tls: processing TLS > > eaptls_verify returned 7 > > rlm_eap_tls: Done initial handshake > > eaptls_process returned 7 > > rlm_eap_peap: EAPTLS_OK > > rlm_eap_peap: Session established. Decoding tunneled attributes. > > rlm_eap_peap: EAP type mschapv2 > > rlm_eap_peap: Tunneled data is valid. > > PEAP: Got tunneled EAP-Message > > EAP-Message = > > 0x020700411a0207003c31c5b381bdaee23ea115d7e359f2a047ce000000000000000008 > > 305d778c45ea50e1eb3639c06ee4f38d76377206eba1b40063616e72616d > > PEAP: Setting User-Name to canram > > PEAP: Adding old state with 3a e0 > > PEAP: Sending tunneled request > > EAP-Message = > > 0x020700411a0207003c31c5b381bdaee23ea115d7e359f2a047ce000000000000000008 > > 305d778c45ea50e1eb3639c06ee4f38d76377206eba1b40063616e72616d > > FreeRADIUS-Proxied-To = 127.0.0.1 > > User-Name = "canram" > > State = 0x3ae0a424865cfca18bca4fba00c6ec2e > > Processing the authorize section of radiusd.conf > > modcall: entering group authorize for request 7 > > modcall[authorize]: module "preprocess" returns ok for request 7 > > modcall[authorize]: module "chap" returns noop for request 7 > > modcall[authorize]: module "mschap" returns noop for request 7 > > rlm_realm: No '@' in User-Name = "canram", looking up realm NULL > > rlm_realm: No such realm "NULL" > > modcall[authorize]: module "suffix" returns noop for request 7 > > rlm_eap: EAP packet type response id 7 length 65 > > rlm_eap: No EAP Start, assuming it's an on-going EAP conversation > > modcall[authorize]: module "eap" returns updated for request 7 > > modcall[authorize]: module "files" returns notfound for request 7 > > radius_xlat: 'canram' > > rlm_sql (sql): sql_set_user escaped user --> 'canram' > > radius_xlat: 'SELECT id,UserName,Attribute,Value,op FROM radcheck WHERE > > Username = 'canram' ORDER BY id' rlm_sql (sql): Reserving sql socket id: > > 0 > > radius_xlat: 'SELECT > > radgroupcheck.id,radgroupcheck.GroupName,radgroupcheck.Attribute,radgrou > > pcheck.Value,radgroupcheck.op FROM radgroupcheck,usergroup WHERE > > usergroup.Username = 'canram' AND usergroup.GroupName = > > radgroupcheck.GroupName ORDER BY radgroupcheck.id' > > radius_xlat: 'SELECT id,UserName,Attribute,Value,op FROM radreply WHERE > > Username = 'canram' ORDER BY id' > > radius_xlat: 'SELECT > > radgroupreply.id,radgroupreply.GroupName,radgroupreply.Attribute,radgrou > > preply.Value,radgroupreply.op FROM radgroupreply,usergroup WHERE > > usergroup.Username = 'canram' AND usergroup.GroupName = > > radgroupreply.GroupName ORDER BY radgroupreply.id' rlm_sql (sql): No > > matching entry in the database for request from user [canram] rlm_sql > > (sql): Released sql socket id: 0 > > modcall[authorize]: module "sql" returns notfound for request 7 > > modcall: group authorize returns updated for request 7 > > rad_check_password: Found Auth-Type EAP > > auth: type "EAP" > > Processing the authenticate section of radiusd.conf > > modcall: entering group authenticate for request 7 > > rlm_eap: Request found, released from the list > > rlm_eap: EAP/mschapv2 > > rlm_eap: processing type mschapv2 > > Processing the authenticate section of radiusd.conf > > modcall: entering group Auth-Type for request 7 > > rlm_mschap: No User-Password configured. Cannot create LM-Password. > > rlm_mschap: No User-Password configured. Cannot create NT-Password. > > rlm_mschap: No LM-Password or NT-Password attribute found. Cannot > > perform MS-CHAP authentication. > > modcall[authenticate]: module "mschap" returns fail for request 7 > > modcall: group Auth-Type returns fail for request 7 > > rlm_eap: Freeing handler > > modcall[authenticate]: module "eap" returns reject for request 7 > > modcall: group authenticate returns reject for request 7 > > auth: Failed to validate the user. > > Login incorrect: [canram/<no User-Password attribute>] (from client > > localhost port 0) > > PEAP: Got tunneled reply RADIUS code 3 > > EAP-Message = 0x04070004 > > Message-Authenticator = 0x00000000000000000000000000000000 > > PEAP: Processing from tunneled session code 0x8172100 3 > > EAP-Message = 0x04070004 > > Message-Authenticator = 0x00000000000000000000000000000000 > > PEAP: Tunneled authentication was rejected. > > rlm_eap_peap: FAILURE > > modcall[authenticate]: module "eap" returns handled for request 7 > > modcall: group authenticate returns handled for request 7 Sending > > Access-Challenge of id 0 to 192.168.200.245:2048 > > EAP-Message = > > 0x010800261900170301001ba172a83404fc1aa21d836e1336e45a81c91c9bcc7376d049 > > 0d25e4 > > Message-Authenticator = 0x00000000000000000000000000000000 > > State = 0xad921f7cc0204b10f94e5cff1720ff73 > > Finished request 7 > > Going to the next request > > rl_next: returning NULL > > Waking up in 6 seconds... > > rad_recv: Access-Request packet from host 192.168.200.245:2048, id=0, > > length=170 > > User-Name = "canram" > > NAS-IP-Address = 192.168.200.245 > > Called-Station-Id = "0006253bdc49" > > Calling-Station-Id = "000d88522f1f" > > NAS-Identifier = "0006253bdc49" > > NAS-Port = 34 > > Framed-MTU = 1400 > > State = 0xad921f7cc0204b10f94e5cff1720ff73 > > NAS-Port-Type = Wireless-802.11 > > EAP-Message = > > 0x020800261900170301001b302777624b1d771512e1dbccc509daf8fa19ff85bdf37b68 > > 7303b6 > > Message-Authenticator = 0xba8a8051364f3d55ad4f214da5498d22 > > Processing the authorize section of radiusd.conf > > modcall: entering group authorize for request 8 > > modcall[authorize]: module "preprocess" returns ok for request 8 > > modcall[authorize]: module "chap" returns noop for request 8 > > modcall[authorize]: module "mschap" returns noop for request 8 > > rlm_realm: No '@' in User-Name = "canram", looking up realm NULL > > rlm_realm: No such realm "NULL" > > modcall[authorize]: module "suffix" returns noop for request 8 > > rlm_eap: EAP packet type response id 8 length 38 > > rlm_eap: No EAP Start, assuming it's an on-going EAP conversation > > modcall[authorize]: module "eap" returns updated for request 8 > > modcall[authorize]: module "files" returns notfound for request 8 > > radius_xlat: 'canram' > > rlm_sql (sql): sql_set_user escaped user --> 'canram' > > radius_xlat: 'SELECT id,UserName,Attribute,Value,op FROM radcheck WHERE > > Username = 'canram' ORDER BY id' rlm_sql (sql): Reserving sql socket id: > > 4 > > radius_xlat: 'SELECT > > radgroupcheck.id,radgroupcheck.GroupName,radgroupcheck.Attribute,radgrou > > pcheck.Value,radgroupcheck.op FROM radgroupcheck,usergroup WHERE > > usergroup.Username = 'canram' AND usergroup.GroupName = > > radgroupcheck.GroupName ORDER BY radgroupcheck.id' > > radius_xlat: 'SELECT id,UserName,Attribute,Value,op FROM radreply WHERE > > Username = 'canram' ORDER BY id' > > radius_xlat: 'SELECT > > radgroupreply.id,radgroupreply.GroupName,radgroupreply.Attribute,radgrou > > preply.Value,radgroupreply.op FROM radgroupreply,usergroup WHERE > > usergroup.Username = 'canram' AND usergroup.GroupName = > > radgroupreply.GroupName ORDER BY radgroupreply.id' rlm_sql (sql): > > Released sql socket id: 4 > > modcall[authorize]: module "sql" returns ok for request 8 > > modcall: group authorize returns updated for request 8 > > rad_check_password: Found Auth-Type EAP > > auth: type "EAP" > > Processing the authenticate section of radiusd.conf > > modcall: entering group authenticate for request 8 > > rlm_eap: Request found, released from the list > > rlm_eap: EAP/peap > > rlm_eap: processing type peap > > rlm_eap_peap: Authenticate > > rlm_eap_tls: processing TLS > > eaptls_verify returned 7 > > rlm_eap_tls: Done initial handshake > > eaptls_process returned 7 > > rlm_eap_peap: EAPTLS_OK > > rlm_eap_peap: Session established. Decoding tunneled attributes. > > rlm_eap_peap: Received EAP-TLV response. > > rlm_eap_peap: Tunneled data is valid. > > rlm_eap_peap: Had sent TLV failure, rejecting. > > rlm_eap: Handler failed in EAP/peap > > rlm_eap: Failed in EAP select > > modcall[authenticate]: module "eap" returns invalid for request 8 > > modcall: group authenticate returns invalid for request 8 > > auth: Failed to validate the user. > > Login incorrect: [canram/<no User-Password attribute>] (from client > > linksys port 34 cli 000d88522f1f) Delaying request 8 for 1 seconds > > Finished request 8 Going to the next request > > rl_next: returning NULL > > Waking up in 6 seconds... > > --- Walking the entire request list --- > > Sending Access-Reject of id 0 to 192.168.200.245:2048 > > EAP-Message = 0x04080004 > > Message-Authenticator = 0x00000000000000000000000000000000 > > Cleaning up request 8 ID 0 with timestamp 408060e2 > > Nothing to do. Sleeping until we see a request. > > ------------------------------------------------------------------------ > > -------- > > > > It looks like the PEAP-Module is not working correctly with the > > mysql-Module?! > > > > > > > > - > > List info/subscribe/unsubscribe? See > > http://www.freeradius.org/list/users.html > > > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- --Mike ----------------------------------- Michael Griego Wireless LAN Project Manager The University of Texas at Dallas - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
