I'm running FreeRADIUS 2.1.1.

My config block in the post-auth section of the inner-tunnel server currently reads:

       update outer.reply {
               User-Name := "testing-%{User-Name}"

FR does indeed appear to be using this block:

   expand: testing-%{User-Name} -> testing-jg4461
++[outer.reply] returns ok

Authenticating with outer ID "qwerty99" and inner ID "jg4461" gives output as in the attached log, included to give context. The outer server is "uobresnet" and the inner one is still called "inner-tunnel".

So it seems to me like FR is doing what it is being asked to do, but maybe this isn't the right thing. Previous tests showed that setting the outer ID in the "uobresnet" server does make the NAS use the right username.

If anyone can shed any light on this, I'd be very grateful.


Alan DeKok wrote:
Jonathan Gazeley wrote:
When added in the "inner-tunnel" server, this block has no effect on the
content of the Access-Accept packets (as shown by radiusd -X).

  Which version are you running?  Is it *using* that entry you added?

  Alan DeKok.
rad_recv: Access-Request packet from host port 32770, id=48, 
        User-Name = "qwerty99"
        Calling-Station-Id = "00-15-AF-CB-1E-27"
        Called-Station-Id = "00-16-C7-71-A1-20:ResNet-Wireless"
        NAS-Port = 29
        NAS-IP-Address =
        NAS-Identifier = "wism1"
        Airespace-Wlan-Id = 7
        Service-Type = Framed-User
        Framed-MTU = 1300
        NAS-Port-Type = Wireless-802.11
        Tunnel-Type:0 = VLAN
        Tunnel-Medium-Type:0 = IEEE-802
        Tunnel-Private-Group-Id:0 = "509"
        EAP-Message = 0x0202000d017177657274793939
        Message-Authenticator = 0xa489b89767d25a5321fb294fe2bb7318
server uobresnet {
+- entering group authorize {...}
++[preprocess] returns ok
[auth_log]      expand: 
/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d -> 
[auth_log] /var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d 
expands to /var/log/radius/radacct/
[auth_log]      expand: %t -> Fri Jan 30 14:17:14 2009
++[auth_log] returns ok
++[mschap] returns noop
[suffix] No '@' in User-Name = "qwerty99", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] EAP packet type response id 2 length 13
[eap] No EAP Start, assuming it's an on-going EAP conversation
++[eap] returns updated
[files] users: Matched entry DEFAULT at line 180
++[files] returns ok
++[expiration] returns noop
++[logintime] returns noop
[pap] WARNING! No "known good" password found for the user.  Authentication may 
fail because of this.
++[pap] returns noop
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] EAP Identity
[eap] processing type tls
[tls] Initiate
[tls] Start returned 1
++[eap] returns handled
} # server uobresnet
Sending Access-Challenge of id 48 to port 32770
        Acct-Interim-Interval = 600
        EAP-Message = 0x010300061520
        Message-Authenticator = 0x00000000000000000000000000000000
        State = 0xbcf702b7bcf4177cb8f89cfa1efb626b
Finished request 0.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host port 32770, id=49, 
        User-Name = "qwerty99"
        Calling-Station-Id = "00-15-AF-CB-1E-27"
        Called-Station-Id = "00-16-C7-71-A1-20:ResNet-Wireless"
        NAS-Port = 29
        NAS-IP-Address =
        NAS-Identifier = "wism1"
        Airespace-Wlan-Id = 7
        Service-Type = Framed-User
        Framed-MTU = 1300
        NAS-Port-Type = Wireless-802.11
        Tunnel-Type:0 = VLAN
        Tunnel-Medium-Type:0 = IEEE-802
        Tunnel-Private-Group-Id:0 = "509"
        EAP-Message = 
        State = 0xbcf702b7bcf4177cb8f89cfa1efb626b
        Message-Authenticator = 0xcc68643b3b3e55b15ed6b5a9428f1631
server uobresnet {
+- entering group authorize {...}
++[preprocess] returns ok
[auth_log]      expand: 
/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d -> 
[auth_log] /var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d 
expands to /var/log/radius/radacct/
[auth_log]      expand: %t -> Fri Jan 30 14:17:14 2009
++[auth_log] returns ok
++[mschap] returns noop
[suffix] No '@' in User-Name = "qwerty99", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] EAP packet type response id 3 length 117
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/ttls
[eap] processing type ttls
[ttls] Authenticate
[ttls] processing EAP-TLS
[ttls] eaptls_verify returned 7 
[ttls] Done initial handshake
[ttls]     (other): before/accept initialization 
[ttls]     TLS_accept: before/accept initialization 
[ttls] <<< TLS 1.0 Handshake [length 006a], ClientHello  
[ttls]     TLS_accept: SSLv3 read client hello A 
[ttls] >>> TLS 1.0 Handshake [length 002a], ServerHello  
[ttls]     TLS_accept: SSLv3 write server hello A 
[ttls] >>> TLS 1.0 Handshake [length 08c3], Certificate  
[ttls]     TLS_accept: SSLv3 write certificate A 
[ttls] >>> TLS 1.0 Handshake [length 018d], ServerKeyExchange  
[ttls]     TLS_accept: SSLv3 write key exchange A 
[ttls] >>> TLS 1.0 Handshake [length 0004], ServerHelloDone  
[ttls]     TLS_accept: SSLv3 write server done A 
[ttls]     TLS_accept: SSLv3 flush data 
[ttls]     TLS_accept: Need to read more data: SSLv3 read client certificate A
In SSL Handshake Phase 
In SSL Accept mode  
[ttls] eaptls_process returned 13 
++[eap] returns handled
} # server uobresnet
Sending Access-Challenge of id 49 to port 32770
        EAP-Message = 
        EAP-Message = 
        EAP-Message = 
        EAP-Message = 
        EAP-Message = 0xc451b0aaa2c0dc33fe3842ed
        Message-Authenticator = 0x00000000000000000000000000000000
        State = 0xbcf702b7bdf3177cb8f89cfa1efb626b
Finished request 1.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host port 32770, id=50, 
        User-Name = "qwerty99"
        Calling-Station-Id = "00-15-AF-CB-1E-27"
        Called-Station-Id = "00-16-C7-71-A1-20:ResNet-Wireless"
        NAS-Port = 29
        NAS-IP-Address =
        NAS-Identifier = "wism1"
        Airespace-Wlan-Id = 7
        Service-Type = Framed-User
        Framed-MTU = 1300
        NAS-Port-Type = Wireless-802.11
        Tunnel-Type:0 = VLAN
        Tunnel-Medium-Type:0 = IEEE-802
        Tunnel-Private-Group-Id:0 = "509"
        EAP-Message = 0x020400061500
        State = 0xbcf702b7bdf3177cb8f89cfa1efb626b
        Message-Authenticator = 0x169415cf461a620510aedc38f1959105
server uobresnet {
+- entering group authorize {...}
++[preprocess] returns ok
[auth_log]      expand: 
/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d -> 
[auth_log] /var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d 
expands to /var/log/radius/radacct/
[auth_log]      expand: %t -> Fri Jan 30 14:17:14 2009
++[auth_log] returns ok
++[mschap] returns noop
[suffix] No '@' in User-Name = "qwerty99", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] EAP packet type response id 4 length 6
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/ttls
[eap] processing type ttls
[ttls] Authenticate
[ttls] processing EAP-TLS
[ttls] Received TLS ACK
[ttls] ACK handshake fragment handler
[ttls] eaptls_verify returned 1 
[ttls] eaptls_process returned 13 
++[eap] returns handled
} # server uobresnet
Sending Access-Challenge of id 50 to port 32770
        EAP-Message = 
        EAP-Message = 
        EAP-Message = 
        EAP-Message = 
        EAP-Message = 0x544520436f72706f72617469
        Message-Authenticator = 0x00000000000000000000000000000000
        State = 0xbcf702b7bef2177cb8f89cfa1efb626b
Finished request 2.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host port 32770, id=51, 
        User-Name = "qwerty99"
        Calling-Station-Id = "00-15-AF-CB-1E-27"
        Called-Station-Id = "00-16-C7-71-A1-20:ResNet-Wireless"
        NAS-Port = 29
        NAS-IP-Address =
        NAS-Identifier = "wism1"
        Airespace-Wlan-Id = 7
        Service-Type = Framed-User
        Framed-MTU = 1300
        NAS-Port-Type = Wireless-802.11
        Tunnel-Type:0 = VLAN
        Tunnel-Medium-Type:0 = IEEE-802
        Tunnel-Private-Group-Id:0 = "509"
        EAP-Message = 0x020500061500
        State = 0xbcf702b7bef2177cb8f89cfa1efb626b
        Message-Authenticator = 0x71d3de51a235ec70c0fdcf3ab04f6905
server uobresnet {
+- entering group authorize {...}
++[preprocess] returns ok
[auth_log]      expand: 
/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d -> 
[auth_log] /var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d 
expands to /var/log/radius/radacct/
[auth_log]      expand: %t -> Fri Jan 30 14:17:14 2009
++[auth_log] returns ok
++[mschap] returns noop
[suffix] No '@' in User-Name = "qwerty99", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] EAP packet type response id 5 length 6
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/ttls
[eap] processing type ttls
[ttls] Authenticate
[ttls] processing EAP-TLS
[ttls] Received TLS ACK
[ttls] ACK handshake fragment handler
[ttls] eaptls_verify returned 1 
[ttls] eaptls_process returned 13 
++[eap] returns handled
} # server uobresnet
Sending Access-Challenge of id 51 to port 32770
        EAP-Message = 
        EAP-Message = 
        EAP-Message = 
        Message-Authenticator = 0x00000000000000000000000000000000
        State = 0xbcf702b7bff1177cb8f89cfa1efb626b
Finished request 3.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host port 32770, id=52, 
        User-Name = "qwerty99"
        Calling-Station-Id = "00-15-AF-CB-1E-27"
        Called-Station-Id = "00-16-C7-71-A1-20:ResNet-Wireless"
        NAS-Port = 29
        NAS-IP-Address =
        NAS-Identifier = "wism1"
        Airespace-Wlan-Id = 7
        Service-Type = Framed-User
        Framed-MTU = 1300
        NAS-Port-Type = Wireless-802.11
        Tunnel-Type:0 = VLAN
        Tunnel-Medium-Type:0 = IEEE-802
        Tunnel-Private-Group-Id:0 = "509"
        EAP-Message = 
        State = 0xbcf702b7bff1177cb8f89cfa1efb626b
        Message-Authenticator = 0x60565907ca976c522c29461ff6c035ec
server uobresnet {
+- entering group authorize {...}
++[preprocess] returns ok
[auth_log]      expand: 
/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d -> 
[auth_log] /var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d 
expands to /var/log/radius/radacct/
[auth_log]      expand: %t -> Fri Jan 30 14:17:14 2009
++[auth_log] returns ok
++[mschap] returns noop
[suffix] No '@' in User-Name = "qwerty99", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] EAP packet type response id 6 length 204
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/ttls
[eap] processing type ttls
[ttls] Authenticate
[ttls] processing EAP-TLS
[ttls] eaptls_verify returned 7 
[ttls] Done initial handshake
[ttls] <<< TLS 1.0 Handshake [length 0086], ClientKeyExchange  
[ttls]     TLS_accept: SSLv3 read client key exchange A 
[ttls] <<< TLS 1.0 ChangeCipherSpec [length 0001]  
[ttls] <<< TLS 1.0 Handshake [length 0010], Finished  
[ttls]     TLS_accept: SSLv3 read finished A 
[ttls] >>> TLS 1.0 ChangeCipherSpec [length 0001]  
[ttls]     TLS_accept: SSLv3 write change cipher spec A 
[ttls] >>> TLS 1.0 Handshake [length 0010], Finished  
[ttls]     TLS_accept: SSLv3 write finished A 
[ttls]     TLS_accept: SSLv3 flush data 
[ttls]     (other): SSL negotiation finished successfully 
SSL Connection Established 
[ttls] eaptls_process returned 13 
++[eap] returns handled
} # server uobresnet
Sending Access-Challenge of id 52 to port 32770
        EAP-Message = 
        Message-Authenticator = 0x00000000000000000000000000000000
        State = 0xbcf702b7b8f0177cb8f89cfa1efb626b
Finished request 4.
Going to the next request
Waking up in 4.8 seconds.
rad_recv: Access-Request packet from host port 32770, id=53, 
        User-Name = "qwerty99"
        Calling-Station-Id = "00-15-AF-CB-1E-27"
        Called-Station-Id = "00-16-C7-71-A1-20:ResNet-Wireless"
        NAS-Port = 29
        NAS-IP-Address =
        NAS-Identifier = "wism1"
        Airespace-Wlan-Id = 7
        Service-Type = Framed-User
        Framed-MTU = 1300
        NAS-Port-Type = Wireless-802.11
        Tunnel-Type:0 = VLAN
        Tunnel-Medium-Type:0 = IEEE-802
        Tunnel-Private-Group-Id:0 = "509"
        EAP-Message = 
        State = 0xbcf702b7b8f0177cb8f89cfa1efb626b
        Message-Authenticator = 0x551597ad43c56909f6cc5934b414a9bb
server uobresnet {
+- entering group authorize {...}
++[preprocess] returns ok
[auth_log]      expand: 
/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d -> 
[auth_log] /var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d 
expands to /var/log/radius/radacct/
[auth_log]      expand: %t -> Fri Jan 30 14:17:14 2009
++[auth_log] returns ok
++[mschap] returns noop
[suffix] No '@' in User-Name = "qwerty99", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] EAP packet type response id 7 length 176
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/ttls
[eap] processing type ttls
[ttls] Authenticate
[ttls] processing EAP-TLS
[ttls] eaptls_verify returned 7 
[ttls] Done initial handshake
[ttls] eaptls_process returned 7 
[ttls] Session established.  Proceeding to decode tunneled attributes.
[ttls] Got tunneled request
        User-Name = "jg4461"
        MS-CHAP-Challenge = 0xff305fa4db71a85589d826790108164c
        MS-CHAP2-Response = 
        FreeRADIUS-Proxied-To =
[ttls] Sending tunneled request
        User-Name = "jg4461"
        MS-CHAP-Challenge = 0xff305fa4db71a85589d826790108164c
        MS-CHAP2-Response = 
        FreeRADIUS-Proxied-To =
server inner-tunnel {
+- entering group authorize {...}
[mschap] Found MS-CHAP attributes.  Setting 'Auth-Type  = mschap'
++[mschap] returns ok
[suffix] No '@' in User-Name = "jg4461", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] No EAP-Message, not doing EAP
++[eap] returns noop
[files] users: Matched entry DEFAULT at line 180
++[files] returns ok
++[expiration] returns noop
++[logintime] returns noop
++? if ("%{User-Name}")
        expand: %{User-Name} -> jg4461
? Evaluating ("%{User-Name}") -> TRUE
++? if ("%{User-Name}") -> TRUE
++- entering if ("%{User-Name}") {...}
+++? if (`/usr/local/etc/raddb/scripts/UserLookup.pl %{User-Name}`)
        expand: %{User-Name} -> jg4461
Exec-Program output: 0
Exec-Program-Wait: plaintext: 0
Exec-Program: returned: 0
? Evaluating (`/usr/local/etc/raddb/scripts/UserLookup.pl %{User-Name}`) -> 
+++? if (`/usr/local/etc/raddb/scripts/UserLookup.pl %{User-Name}`) -> FALSE
++- if ("%{User-Name}") returns noop
[pap] WARNING! No "known good" password found for the user.  Authentication may 
fail because of this.
++[pap] returns noop
Found Auth-Type = MSCHAP
+- entering group MS-CHAP {...}
[mschap] No Cleartext-Password configured.  Cannot create LM-Password.
[mschap] No Cleartext-Password configured.  Cannot create NT-Password.
[mschap] Told to do MS-CHAPv2 for jg4461 with NT-Password
[mschap] WARNING: Deprecated conditional expansion ":-".  See "man unlang" for 
[mschap] WARNING: Deprecated conditional expansion ":-".  See "man unlang" for 
[mschap]        expand: --username=%{Stripped-User-Name:-%{User-Name:-None}} -> 
[mschap]  mschap2: ff
[mschap]        expand: --challenge=%{mschap:Challenge:-00} -> 
[mschap]        expand: --nt-response=%{mschap:NT-Response:-00} -> 
Exec-Program output: NT_KEY: D86E6EA7E8BF7B443494C45046862DAE 
Exec-Program-Wait: plaintext: NT_KEY: D86E6EA7E8BF7B443494C45046862DAE 
Exec-Program: returned: 0
[mschap] adding MS-CHAPv2 MPPE keys
++[mschap] returns ok
Login OK: [jg4461] (from client WISM-1 port 0 via TLS tunnel)
+- entering group post-auth {...}
[sql]   expand: %{User-Name} -> jg4461
[sql] sql_set_user escaped user --> 'jg4461'
[sql]   expand: %{User-Password} -> 
[sql]   expand: %{Chap-Password} -> 
[sql]   expand: INSERT INTO radpostauth                           (username, 
pass, reply, authdate)                           VALUES (                       
'%{reply:Packet-Type}', '%S') -> INSERT INTO radpostauth                        
   (username, pass, reply, authdate)                           VALUES (         
                  'jg4461',                           '',                       
    'Access-Accept', '2009-01-30 14:17:14')
rlm_sql (sql) in sql_postauth: query is INSERT INTO radpostauth                 
          (username, pass, reply, authdate)                           VALUES (  
                         'jg4461',                           '',                
           'Access-Accept', '2009-01-30 14:17:14')
rlm_sql (sql): Reserving sql socket id: 4
rlm_sql (sql): Released sql socket id: 4
++[sql] returns ok
        expand: testing-%{User-Name} -> testing-jg4461
++[outer.reply] returns ok
} # server inner-tunnel
[ttls] Got tunneled reply code 2
        Acct-Interim-Interval = 600
        MS-CHAP2-Success = 
        MS-MPPE-Recv-Key = 0x01ad9a928819149b915d883998666ced
        MS-MPPE-Send-Key = 0xaa00c20e66cbc3d2f567156c45951213
        MS-MPPE-Encryption-Policy = 0x00000002
        MS-MPPE-Encryption-Types = 0x00000004
[ttls] Got tunneled Access-Accept
[ttls] Got MS-CHAP2-Success, tunneling it to the client in a challenge.
++[eap] returns handled
} # server uobresnet
Sending Access-Challenge of id 53 to port 32770
        User-Name = "testing-jg4461"
        EAP-Message = 
        Message-Authenticator = 0x00000000000000000000000000000000
        State = 0xbcf702b7b9ff177cb8f89cfa1efb626b
Finished request 5.
Going to the next request
Waking up in 4.5 seconds.
rad_recv: Access-Request packet from host port 32770, id=54, 
        User-Name = "qwerty99"
        Calling-Station-Id = "00-15-AF-CB-1E-27"
        Called-Station-Id = "00-16-C7-71-A1-20:ResNet-Wireless"
        NAS-Port = 29
        NAS-IP-Address =
        NAS-Identifier = "wism1"
        Airespace-Wlan-Id = 7
        Service-Type = Framed-User
        Framed-MTU = 1300
        NAS-Port-Type = Wireless-802.11
        Tunnel-Type:0 = VLAN
        Tunnel-Medium-Type:0 = IEEE-802
        Tunnel-Private-Group-Id:0 = "509"
        EAP-Message = 0x020800061500
        State = 0xbcf702b7b9ff177cb8f89cfa1efb626b
        Message-Authenticator = 0x9901c773af1b971e6c4935c5d4ff3771
server uobresnet {
+- entering group authorize {...}
++[preprocess] returns ok
[auth_log]      expand: 
/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d -> 
[auth_log] /var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d 
expands to /var/log/radius/radacct/
[auth_log]      expand: %t -> Fri Jan 30 14:17:15 2009
++[auth_log] returns ok
++[mschap] returns noop
[suffix] No '@' in User-Name = "qwerty99", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] EAP packet type response id 8 length 6
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/ttls
[eap] processing type ttls
[ttls] Authenticate
[ttls] processing EAP-TLS
[ttls] Received TLS ACK
[ttls] ACK handshake is finished
[ttls] eaptls_verify returned 3 
[ttls] eaptls_process returned 3 
[eap] Freeing handler
++[eap] returns ok
Login OK: [qwerty99] (from client WISM-1 port 29 cli 00-15-AF-CB-1E-27)
+- entering group post-auth {...}
[reply_log]     expand: 
/var/log/radius/radacct/%{Client-IP-Address}/reply-detail-%Y%m%d -> 
[reply_log] /var/log/radius/radacct/%{Client-IP-Address}/reply-detail-%Y%m%d 
expands to /var/log/radius/radacct/
[reply_log]     expand: %t -> Fri Jan 30 14:17:15 2009
++[reply_log] returns ok
} # server uobresnet
Sending Access-Accept of id 54 to port 32770
        MS-MPPE-Recv-Key = 
        MS-MPPE-Send-Key = 
        EAP-Message = 0x03080004
        Message-Authenticator = 0x00000000000000000000000000000000
        User-Name = "qwerty99"
Finished request 6.
Going to the next request
Waking up in 4.5 seconds.
rad_recv: Accounting-Request packet from host port 32770, id=97, 
        User-Name = "qwerty99"
        NAS-Port = 29
        NAS-IP-Address =
        Framed-IP-Address =
        NAS-Identifier = "wism1"
        Airespace-Wlan-Id = 7
        Acct-Session-Id = "49830bec/00:15:af:cb:1e:27/472"
        Acct-Authentic = RADIUS
        Tunnel-Type:0 = VLAN
        Tunnel-Medium-Type:0 = IEEE-802
        Tunnel-Private-Group-Id:0 = "509"
        Acct-Status-Type = Start
        Calling-Station-Id = ""
        Called-Station-Id = ""
server uobresnet {
+- entering group preacct {...}
++[preprocess] returns ok
[acct_unique] Hashing 'NAS-Port = 29,Client-IP-Address =,NAS-IP-Address =,Acct-Session-Id = 
"49830bec/00:15:af:cb:1e:27/472",User-Name = "qwerty99"'
[acct_unique] Acct-Unique-Session-ID = "ccc508efc405ffa0".
++[acct_unique] returns ok
[suffix] No '@' in User-Name = "qwerty99", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
++[files] returns noop
+- entering group accounting {...}
[detail]        expand: /var/log/radius/radacct/%Y%m/detail-%Y%m%d -> 
[detail] /var/log/radius/radacct/%Y%m/detail-%Y%m%d expands to 
[detail]        expand: %t -> Fri Jan 30 14:17:17 2009
++[detail] returns ok
[sql]   expand: %{User-Name} -> qwerty99
[sql] sql_set_user escaped user --> 'qwerty99'
[sql]   expand: %{Acct-Delay-Time} -> 
[sql]   expand:            INSERT INTO radacct             (acctsessionid,    
acctuniqueid,     username,              realm,            nasipaddress,     
nasportid,              nasporttype,      acctstarttime,    acctstoptime,       
       acctsessiontime,  acctauthentic,    connectinfo_start,              
connectinfo_stop, acctinputoctets,  acctoutputoctets,              
calledstationid,  callingstationid, acctterminatecause,              
servicetype,      framedprotocol,   framedipaddress,              
acctstartdelay,   acctstopdelay,    xascendsessionsvrkey,              
radius_server,    ssid)           VALUES             ('%{Acct-Session-Id}', 
'%{Acct-Unique-Session-Id}',              '%{SQL-User-Name}',              
'%{Realm}', '%{NAS-IP-Address}', '%{NAS-Port}',              
'%{NAS-Port-Type}', '%S', '0',              '0', '%{Acct-Authentic}', 
'%{Connect-Info}',              '', '0', '0',              
'%{Called-Station-Id}', '%{Calling-Station-Id}', '',              
'%{Service-Type}', '%{Framed-Proto
rlm_sql (sql): Reserving sql socket id: 3
rlm_sql (sql): Released sql socket id: 3
++[sql] returns ok
[attr_filter.accounting_response]       expand: %{User-Name} -> qwerty99
 attr_filter: Matched entry DEFAULT at line 12
++[attr_filter.accounting_response] returns updated
} # server uobresnet
Sending Accounting-Response of id 97 to port 32770
Finished request 7.
Cleaning up request 7 ID 97 with timestamp +16
Going to the next request
Waking up in 2.5 seconds.
rad_recv: Access-Request packet from host port 32770, id=131, 
        User-Name = "0019c5357751"
        Called-Station-Id = "00-1c-57-e2-2f-b0:ResNet-Wireless-Consoles"
        Calling-Station-Id = "00-19-c5-35-77-51"
        NAS-Port = 29
        NAS-IP-Address =
        NAS-Identifier = "wism8"
        Airespace-Wlan-Id = 2
        User-Password = "0019c5357751"
        Service-Type = Call-Check
        Framed-MTU = 1300
        NAS-Port-Type = Wireless-802.11
        Tunnel-Type:0 = VLAN
        Tunnel-Medium-Type:0 = IEEE-802
        Tunnel-Private-Group-Id:0 = "495"
server uobconsoles {
+- entering group authorize {...}
++[preprocess] returns ok
[auth_log]      expand: 
/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d -> 
[auth_log] /var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d 
expands to /var/log/radius/radacct/
[auth_log]      expand: %t -> Fri Jan 30 14:17:18 2009
++[auth_log] returns ok
perl_pool: item 0x8e13fe8 asigned new request. Handled so far: 1
found interpetator at address 0x8e13fe8
rlm_perl: Added pair NAS-Port-Type = Wireless-802.11
rlm_perl: Added pair Service-Type = Call-Check
rlm_perl: Added pair Tunnel-Medium-Type = IEEE-802
rlm_perl: Added pair Tunnel-Type = VLAN
rlm_perl: Added pair Calling-Station-Id = 00-19-c5-35-77-51
rlm_perl: Added pair Called-Station-Id = 
rlm_perl: Added pair Airespace-Wlan-Id = 2
rlm_perl: Added pair User-Name = 0019c5357751
rlm_perl: Added pair NAS-Identifier = wism8
rlm_perl: Added pair User-Password = 0019c5357751
rlm_perl: Added pair NAS-Port = 29
rlm_perl: Added pair NAS-IP-Address =
rlm_perl: Added pair Tunnel-Private-Group-Id = 495
rlm_perl: Added pair Framed-MTU = 1300
perl_pool total/active/spare [32/0/32]
Unreserve perl at address 0x8e13fe8
++[perl] returns noop
++[control] returns noop
++[mschap] returns noop
[suffix] No '@' in User-Name = "0019c5357751", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] No EAP-Message, not doing EAP
++[eap] returns noop
[files] users: Matched entry DEFAULT at line 180
++[files] returns ok
++[expiration] returns noop
++[logintime] returns noop
[pap] WARNING! No "known good" password found for the user.  Authentication may 
fail because of this.
++[pap] returns noop
Found Auth-Type = PERL
+- entering group PERL {...}
perl_pool: item 0x9043928 asigned new request. Handled so far: 1
found interpetator at address 0x9043928
rlm_perl: Added pair NAS-Port-Type = Wireless-802.11
rlm_perl: Added pair Service-Type = Call-Check
rlm_perl: Added pair Tunnel-Type = VLAN
rlm_perl: Added pair Tunnel-Medium-Type = IEEE-802
rlm_perl: Added pair Called-Station-Id = 
rlm_perl: Added pair Calling-Station-Id = 00-19-c5-35-77-51
rlm_perl: Added pair Airespace-Wlan-Id = 2
rlm_perl: Added pair User-Name = 0019c5357751
rlm_perl: Added pair NAS-Identifier = wism8
rlm_perl: Added pair User-Password = 0019c5357751
rlm_perl: Added pair NAS-IP-Address =
rlm_perl: Added pair NAS-Port = 29
rlm_perl: Added pair Framed-MTU = 1300
rlm_perl: Added pair Tunnel-Private-Group-Id = 495
rlm_perl: Added pair Acct-Interim-Interval = 600
rlm_perl: Added pair Auth-Type = PERL
perl_pool total/active/spare [32/0/32]
Unreserve perl at address 0x9043928
++[perl] returns ok
Login OK: [0019c5357751] (from client WISM-8 port 29 cli 00-19-c5-35-77-51)
+- entering group post-auth {...}
[reply_log]     expand: 
/var/log/radius/radacct/%{Client-IP-Address}/reply-detail-%Y%m%d -> 
[reply_log] /var/log/radius/radacct/%{Client-IP-Address}/reply-detail-%Y%m%d 
expands to /var/log/radius/radacct/
[reply_log]     expand: %t -> Fri Jan 30 14:17:18 2009
++[reply_log] returns ok
} # server uobconsoles
Sending Access-Accept of id 131 to port 32770
        Acct-Interim-Interval = 600
Finished request 8.
Going to the next request
Waking up in 1.1 seconds.
Cleaning up request 0 ID 48 with timestamp +13
Cleaning up request 1 ID 49 with timestamp +13
Cleaning up request 2 ID 50 with timestamp +13
Cleaning up request 3 ID 51 with timestamp +13
Waking up in 0.1 seconds.
Cleaning up request 4 ID 52 with timestamp +13
Waking up in 0.3 seconds.
Cleaning up request 5 ID 53 with timestamp +13
Cleaning up request 6 ID 54 with timestamp +14
Waking up in 3.3 seconds.
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Reply via email to