Comme les serveurs sont sur une distribution Debian, il a été créé un paquetage .deb de FreeRadius. En effet, les paquetages disponibles ne sont pas la dernière version, et celle-ci est nécessaire à cause du support TTLS. La description de la création du paquetage est faite en annexe 1.
Toute la procédure d'authentification avec les fichiers de configuration nécessaires à Freeradius sont visibles figure 20.
Il est à noter que la syntaxe de ce fichier est très sensible : il faut que la procédure de test soit écrite sur une seule ligne, sinon FreeRadius ne la comprend pas. Il est par contre possible d'écrire les actions à réaliser sur plusieurs lignes.
Pour installer l'accounting, il faut installer un serveur MySQL et demander à FreeRadius d'utiliser ce serveur pour enregistrer les connexions [Hassell2]. Tout se configure dans le fichier /etc/freeradius/sql.conf. Dans ce fichier est indiqué le nom de la base, le serveur qui la supporte, le compte et le mot de passe nécessaire pour se connecter.
Au niveau du serveur MySQL, il faut utiliser un schéma de base existant : il est disponible dans le fichier /usr/local/freeradius/freeradius-server-2.1.1/debian/tmp/etc/freeradius/sql/mysql/schema.sql (cf. "Procédure d'installation" ci-dessous)
Il faut ensuite créer la base de données accounting vide puis utiliser le schéma pour construire les tables. La sécurité de cette base de données peut être faite en limitant les droits à l'utilisateur utilisé par FreeRadius pour se connecter. Il suffit de lui autoriser les droits de SELECT, INSERT et UPDATE.
Une fois fait, nous pouvons demander à FreeRadius de gérer l'accounting, en activant la section dans le fichier sites-available/default, et en mettant 'sql' comme support d'enregistrement. L'annexe 1 contient les fichiers de configuration utilisés par le site CNRS.
Traces d'install octobre 2008 : ******************************* srv# mkdir -p /usr/local/freeradius/freeradius-server-2.1.1 srv# apt-get update srv# apt-get install fakeroot # pour compiler le package Recuperer les sources sur ftp://ftp.freeradius.org/pub/radius : --------------------------------------------------------------- srv# cd /usr/local/freeradius srv# tar xvf freeradius-server-2.1.1.tar.gz srv# cd /usr/local/freeradius/freeradius-server-2.1.1 Corriger le bug en huntgroups si une entree matche pour une meme adresse : -------------------------------------------------------------------------- cf. http://bugs.freeradius.org/show_bug.cgi?id=233 Exemple : Tous8021x NAS-IP-Address == 192.168.240.131 TEST8021x NAS-IP-Address == 192.168.240.131 par defaut il sortait dès la 1ere entrée srv# vi /usr/local/freeradius/freeradius-server-2.1.1/src/modules/rlm_preprocess/rlm_preprocess.c vers ligne 400, corriger comme ci-dessous : /* * We've matched the huntgroup, so add it in * to the list of request pairs. */ //vp = pairfind(request_pairs, PW_HUNTGROUP_NAME); //if (!vp) { { vp = radius_paircreate(request, &request->packet->vps, PW_HUNTGROUP_NAME, PW_TYPE_STRING); strlcpy(vp->vp_strvalue, i->name, sizeof(vp->vp_strvalue)); vp->length = strlen(vp->vp_strvalue); } r = RLM_MODULE_OK; } //break; } On va résoudre les dépendances : -------------------------------- srv# vi debian/control Build-Depends: debhelper (>= 5), dpatch (>= 2), dpkg-dev (>= 1.13.19), autotools-dev, libtool (>= 1.5), libltdl3-dev, libpam0g-dev, libmysqlclient15-dev | libmysqlclient-dev, libgdbm-dev, libldap2-dev, libsasl2-dev, libiodbc2-dev, libkrb5-dev, libperl-dev, libpcap-dev, python-dev, snmp, libsnmp9-dev | libsnmp-dev, libpq-dev, libssl-dev srv# apt-get install debhelper dpatch dpkg-dev autotools-dev libtool srv# apt-get install libgdbm-dev libldap2-dev libsasl2-dev libiodbc2-dev libkrb5-dev libperl-dev libpcap-dev python-dev srv# apt-get install snmp libpq-dev libssl-dev srv# apt-get install libmysqlclient15-dev libsnmp9-dev srv# apt-get install libltdl3-dev Pour que le patch s'applique correctement il faut modifier "raddb/radiusd.conf.in" : ------------------------------------------------------------------------------------ pidfile = ${run_dir}/${name}.pid -> pidfile = ${run_dir}/radiusd.pid Creation du package : --------------------- srv# dpkg-buildpackage -rfakeroot -d srv# cd /usr/local/freeradius srv# ll -rw-r--r-- 1 root staff 3648766 2008-10-14 14:49 freeradius-server-2.1.1.tar.gz -rw-r--r-- 1 root staff 3665355 2008-10-14 16:05 freeradius_2.1.1-0.tar.gz -rw-r--r-- 1 root staff 709 2008-10-14 16:05 freeradius_2.1.1-0.dsc -rw-r--r-- 1 root staff 130518 2008-10-14 16:08 freeradius-dialupadmin_2.1.1-0_all.deb drwxrwxr-x 15 root root 4096 2008-10-14 16:08 freeradius-server-2.1.1/ -rw-r--r-- 1 root staff 27972 2008-10-14 16:08 freeradius-postgresql_2.1.1-0_amd64.deb -rw-r--r-- 1 root staff 22424 2008-10-14 16:08 freeradius-mysql_2.1.1-0_amd64.deb -rw-r--r-- 1 root staff 39718 2008-10-14 16:08 freeradius-ldap_2.1.1-0_amd64.deb -rw-r--r-- 1 root staff 22708 2008-10-14 16:08 freeradius-krb5_2.1.1-0_amd64.deb -rw-r--r-- 1 root staff 22090 2008-10-14 16:08 freeradius-iodbc_2.1.1-0_amd64.deb -rw-r--r-- 1 root staff 1679274 2008-10-14 16:08 freeradius_2.1.1-0_amd64.deb -rw-r--r-- 1 root staff 1139032 2008-10-14 16:08 freeradius-dbg_2.1.1-0_amd64.deb -rw-r--r-- 1 root staff 2663 2008-10-14 16:08 freeradius_2.1.1-0_amd64.changes On vérifie si il y a bien les supports TLS et TTLS : ---------------------------------------------------- srv# dpkg --contents freeradius_2.1.1-0_amd64.deb | grep tls.so lrwxrwxrwx root/root 0 2008-09-30 10:07 ./usr/lib/freeradius/rlm_eap_tls.so -> rlm_eap_tls-2.1.1.so lrwxrwxrwx root/root 0 2008-09-30 10:07 ./usr/lib/freeradius/rlm_eap_ttls.so -> rlm_eap_ttls-2.1.1.so srv# apt-get install freeradius srv# apt-get install freeradius-ldap srv# apt-get install freeradius-mysql srv# chown freerad /etc/freeradius/certs/radius.grenoble.cnrs.fr.key On installe now le package ainsi cree (Freeadius + le support LDAP (rlm_ldap)): ------------------------------------------------------------------------------- dpkg -i freeradius_2.1.1-0_amd64.deb freeradius-ldap_2.1.1-0_amd64.deb freeradius-mysql_2.1.1-0_amd64.deb -> Setting up freeradius-ldap (2.1.1-0) ... Restarting FreeRADIUS server: freeradius. Setting up freeradius-mysql (2.1.1-0) ... Restarting FreeRADIUS server: freeradius. srv2.../freeradius #> PS free USER PPID PID %CPU COMMAND freerad 1 11098 0.0 /usr/sbin/freeradius Certificats du serveur : ------------------------ On copie les fichiers du certificat (le radius.grenoble.cnrs.fr.crt et le radius.grenoble.cnrs.fr.key) dans le répertoire /etc/freeradius/certs. Copier également un fichier CACNRS.pem qui contient les clés de CNRS et CNRS-Standard. srv# cd /etc/freeradius/certs srv# openssl dhparam -out dh 1024 srv# dd if=/dev/urandom of=random count=10 srv# ll drwxr-s--x 7 root freerad 4.0K 14Oct08 16:23:23 ../ -rw------- 1 root freerad 891 14Oct08 16:26:23 radius.grenoble.cnrs.fr.key -rw-r--r-- 1 root freerad 4.5K 14Oct08 16:26:23 radius.grenoble.cnrs.fr.crt -rw-r--r-- 1 root freerad 2.5K 14Oct08 16:26:23 CACNRS.pem drwxr-s--- 2 root freerad 4.0K 14Oct08 16:26:23 ./ -rw-r--r-- 1 root freerad 245 14Oct08 16:28:55 dh -rw-r----- 1 root freerad 5.0K 14Oct08 16:29:00 random Certains fichiers de confs sont à placer dans des répertoires spécifiques : --------------------------------------------------------------------------- (vous les trouverez dans le chapitre suivant "Fichiers de configuration") Remplacer le fichier default dans le répertoire sites-available. Remplacer les fichiers ldap, detail.log, sql_log et realm dans le répertoire modules. Accounting: ----------- Voir chapitre suivant "Installation DHCP"
# # $Id: acct_users,v 1.4 2003/08/13 16:54:40 aland Exp $ # # This is like the 'users' file, but it is processed only for # accounting packets. # #DEFAULT Acct-Status-Type == Start # Exec-Program = "/path/to/exec/acct/start" # #DEFAULT Acct-Status-Type == Stop # Exec-Program = "/path/to/exec/acct/stop" # # For information on how the attributes from the request are passed # to the program, see 'doc/variables.txt' # #
# Ce fichier permet les reecritures d'attributs selon des regexp. # Inutilise dans ce projet
# # Configuration file for the rlm_attr_filter module. # Please see rlm_attr_filter(5) manpage for more information. # # $Id: attrs,v 1.4.8.1.2.1 2006/11/22 17:00:01 aland Exp $ # # This file contains security and configuration information # for each realm. The first field is the realm name and # can be up to 253 characters in length. This is followed (on # the next line) with the list of filter rules to be used to # decide what attributes and/or values we allow proxy servers # to pass to the NAS for this realm. # # When a proxy-reply packet is received from a home server, # these attributes and values are tested. Only the first match # is used unless the "Fall-Through" variable is set to "Yes". # In that case the rules defined in the DEFAULT case are # processed as well. # # A special realm named "DEFAULT" matches on all realm names. # You can have only one DEFAULT entry. All entries are processed # in the order they appear in this file. The first entry that # matches the login-request will stop processing unless you use # the Fall-Through variable. # # Indented (with the tab character) lines following the first # line indicate the filter rules. # # You can include another `attrs' file with `$INCLUDE attrs.other' # # # This is a complete entry for realm "fisp". Note that there is no # Fall-Through entry so that no DEFAULT entry will be used, and the # server will NOT allow any other a/v pairs other than the ones # listed here. # # These rules allow: # o Only Framed-User Service-Types ( no telnet, rlogin, tcp-clear ) # o PPP sessions ( no SLIP, CSLIP, etc. ) # o dynamic ip assignment ( can't assign a static ip ) # o an idle timeout value set to 600 seconds (10 min) or less # o a max session time set to 28800 seconds (8 hours) or less # #fisp # Service-Type == Framed-User, # Framed-Protocol == PPP, # Framed-IP-Address == 255.255.255.254, # Idle-Timeout <= 600, # Session-Timeout <= 28800 # # This is a complete entry for realm "tisp". Note that there is no # Fall-Through entry so that no DEFAULT entry will be used, and the # server will NOT allow any other a/v pairs other than the ones # listed here. # # These rules allow: # o Only Login-User Service-Type ( no framed/ppp sessions ) # o Telnet sessions only ( no rlogin, tcp-clear ) # o Login hosts of either 192.168.1.1 or 192.168.1.2 # #tisp # Service-Type == Login-User, # Login-Service == Telnet, # Login-TCP-Port == 23, # Login-IP-Host == 192.168.1.1, # Login-IP-Host == 192.168.1.2 # # The following example can be used for a home server which is only # allowed to supply a Reply-Message, a Session-Timeout attribute of # maximum 86400, a Idle-Timeout attribute of maximum 600 and a # Acct-Interim-Interval attribute between 300 and 3600. # All other attributes sent back will be filtered out. # #strictrealm # Reply-Message =* ANY, # Session-Timeout <= 86400, # Idle-Timeout <= 600, # Acct-Interim-Interval >= 300, # Acct-Interim-Interval <= 3600 # # This is a complete entry for realm "spamrealm". Fall-Through is used, # so that the DEFAULT filter rules are used in addition to these. # # These rules allow: # o Force the application of Filter-ID attribute to be returned # in the proxy reply, whether the proxy sent it or not. # o The standard DEFAULT rules as defined below # #spamrealm # Framed-Filter-Id := "nosmtp.in", # Fall-Through = Yes # # The rest of this file contains the DEFAULT entry. # DEFAULT matches with all realm names. (except if the realm previously # matched an entry with no Fall-Through) # # Ne laisse passer que les attributs ci-dessous. # Supprime les attributs qui ne sont pas dans la liste ci-dessous # Utile pour virer les attributs de VLAN etc... DEFAULT Service-Type == Framed-User, Framed-IP-Address == 255.255.255.254, Framed-MTU >= 576, Proxy-State =* ANY, EAP-Message =* ANY, Message-Authenticator =* ANY, State =* ANY, Session-Timeout <= 28800, Idle-Timeout <= 600, Port-Limit <= 2 # Service-Type == Login-User, # Login-Service == Telnet, # Login-Service == Rlogin, # Login-Service == TCP-Clear, # Login-TCP-Port <= 65536, # Framed-IP-Netmask == 255.255.255.255, # Framed-Protocol == PPP, # Framed-Protocol == SLIP, # Framed-Compression == Van-Jacobson-TCP-IP, # Framed-Filter-ID =* ANY, # Reply-Message =* ANY,
# # Configuration file for the rlm_attr_filter module. # Please see rlm_attr_filter(5) manpage for more information. # # $Id: attrs.access_reject,v 1.1 2006/11/22 21:48:35 aland Exp $ # # This configuration file is used to remove almost all of the attributes # From an Access-Reject message. The RFC's say that an Access-Reject # packet can contain only a few attributes. We enforce that here. # DEFAULT EAP-Message =* ANY, State =* ANY, Message-Authenticator =* ANY, Reply-Message =* ANY, Proxy-State =* ANY
# # Configuration file for the rlm_attr_filter module. # Please see rlm_attr_filter(5) manpage for more information. # # $Id: attrs.accounting_response,v 1.1 2006/11/22 21:48:35 aland Exp $ # # This configuration file is used to remove almost all of the attributes # From an Accounting-Response message. The RFC's say that an # Accounting-Response packet can contain only a few attributes. # We enforce that here. # DEFAULT Vendor-Specific =* ANY, Message-Authenticator =* ANY, Proxy-State =* ANY
# # Configuration file for the rlm_attr_filter module. # Please see rlm_attr_filter(5) manpage for more information. # # $Id: attrs.pre-proxy,v 1.1 2005/06/11 16:42:39 nbk Exp $ # # This file contains security and configuration information # for each realm. It can be used be an rlm_attr_filter module # instance to filter attributes before sending packets to the # home server of a realm. # # When a packet is sent to a home server, these attributes # and values are tested. Only the first match is used unless # the "Fall-Through" variable is set to "Yes". In that case # the rules defined in the DEFAULT case are processed as well. # # A special realm named "DEFAULT" matches on all realm names. # You can have only one DEFAULT entry. All entries are processed # in the order they appear in this file. The first entry that # matches the login-request will stop processing unless you use # the Fall-Through variable. # # The first line indicates the realm to which the rules apply. # Indented (with the tab character) lines following the first # line indicate the filter rules. # # This is a complete entry for 'nochap' realm. It allows to send very # basic attributes to the home server. Note that there is no Fall-Through # entry so that no DEFAULT entry will be used. Only the listed attributes # will be sent in the packet, all other attributes will be filtered out. # #nochap # User-Name =* ANY, # User-Password =* ANY, # NAS-Ip-Address =* ANY, # NAS-Identifier =* ANY # The entry for the 'brokenas' realm removes the attribute NAS-Port-Type # if its value is different from 'Ethernet'. Then the default rules are # applied. # #brokenas # NAS-Port-Type == Ethernet # Fall-Through = Yes # The rest of this file contains the DEFAULT entry. # DEFAULT matches with all realm names. DEFAULT User-Name =* ANY, User-Password =* ANY, CHAP-Password =* ANY, CHAP-Challenge =* ANY, State =* ANY, NAS-Ip-Address =* ANY, NAS-Identifier =* ANY, Proxy-State =* ANY
# # clients.conf - client configuration directives # ####################################################################### ####################################################################### # # Definition of a RADIUS client (usually a NAS). # # The information given here over rides anything given in the # 'clients' file, or in the 'naslist' file. The configuration here # contains all of the information from those two files, and allows # for more configuration items. # # The "shortname" is be used for logging. The "nastype", "login" and # "password" fields are mainly used for checkrad and are optional. # # # Defines a RADIUS client. The format is 'client [hostname|ip-address]' # # '127.0.0.1' is another name for 'localhost'. It is enabled by default, # to allow testing of the server after an initial installation. If you # are not going to be permitting RADIUS queries from localhost, we suggest # that you delete, or comment out, this entry. # # # Rules for Prefixes # ------------------ # IPv6 prefixes MUST end with :: or IPv6 Address or hostname # IPv4 Prefixes MUST end with .0 or IPv4 Address or hostname # A hostname is a valid DNS lookup name # # Valid Prefixes # -------------- # For IPv4: # 192.168.1.1/24 # 10.0/8 = 10.0.0.0/16 = 10.0.0.1/8 != 10/8 # 192.168.1.1/32 = 192.168.1.1/0 # hostname/32 = hostname/0 = hostname # (32 or 0 or NULL prefix lengths are treated same) # # For IPv6: # fec0::/64 # fec0::1/100 # fec0::1/128 = fec0::1/0 = fec0::1 # hostname/128 = hostname/0 = hostname # (128 or 0 or NULL prefix lengths are treated same) # # Invalid prefixes # ---------------- # For IPv4: # 1) 192.168/16 # (MUST end with .0) # (replace with 192.168.0/16 or 192.168.0.0/16 or 192.168.1.1/16) # 2) 192.168 # (No Prefix, so it is considered as hostname # and also returns 192.0.0.168 instead of 192.168.0.0) # # For IPv6: # 1) fec0/16 # (MUST end with ::) # (replace with fec0::/16 or fec0::1/16) # 2) fec0:: # (No prefix, so it is considered as hostname) # client 127.0.0.1 { # # The shared secret use to "encrypt" and "sign" packets between # the NAS and FreeRADIUS. You MUST change this secret from the # default, otherwise it's not a secret any more! # # The secret can be any string, up to 8k characters in length. # # Control codes can be entered vi octal encoding, # e.g. "\101\102" == "AB" # Quotation marks can be entered by escaping them, # e.g. "foo\"bar" # secret = RaDCNRSgreCentr1 # # The short name is used as an alias for the fully qualified # domain name, or the IP address. # shortname = localhost # # the following three fields are optional, but may be used by # checkrad.pl for simultaneous use checks # # # The nastype tells 'checkrad.pl' which NAS-specific method to # use to query the NAS for simultaneous use. # # Permitted NAS types are: # # cisco # computone # livingston # max40xx # multitech # netserver # pathras # patton # portslave # tc # usrhiper # other # for all other types # nastype = other # localhost isn't usually a NAS... # # The following two configurations are for future use. # The 'naspasswd' file is currently used to store the NAS # login name and password, which is used by checkrad.pl # when querying the NAS for simultaneous use. # # login = !root # password = someadminpas } # IPv6 Client #client ::1 { # secret = testing123 # shortname = localhost #} # # All IPv6 Site-local clients #client fe80::/16 { # secret = testing123 # shortname = localhost #} #client some.host.org { # secret = testing123 # shortname = localhost #} # # You can now specify one secret for a network of clients. # When a client request comes in, the BEST match is chosen. # i.e. The entry from the smallest possible network. # #client 192.168.0.0/24 { # secret = testing123-1 # shortname = private-network-1 #} # #client 192.168.0.0/16 { # secret = testing123-2 # shortname = private-network-2 #} #client 10.10.10.10 { # # secret and password are mapped through the "secrets" file. # secret = testing123 # shortname = liv1 # # the following three fields are optional, but may be used by # # checkrad.pl for simultaneous usage checks # nastype = livingston # login = !root # password = someadminpas #} ####################################################################### # # Per-socket client lists. The configuration entries are exactly # the same as above, but they are nested inside of a section. # # You can have as many per-socket client lists as you have "listen" # sections, or you can re-use a list among multiple "listen" sections. # #per_socket_clients { # client 192.168.3.4 { # secret = testing123 # } #} # Client local client 147.173.1.27 { secret = RaDCNRSgreCentr1 shortname = localhost nastype = other } # Client EduoRam client 195.220.94.130 { secret = 361de1d213fe896b8894d987d05294d shortname = localhost nastype = other # Ce sera un client Radius } ################################################################################ # Definition de tous les clients potentiel de Radius # plutot que de definir tous les clients par leur adresse IP , il est possible # de definir une classe d'adresses, le secret partage par tous les equipements # NAS devront partager le meme secret. ################################################################################ ##################### ### LABO NANO ### ##################### # WIFI nano client 192.168.64.64 { secret = xxx shortname = AP nastype = other } # Serveur Chillispot Nano client 147.173.70.0/24 { secret = yyy shortname = chillispot nastype = other } client 192.168.64.80 { secret = xxx shortname = switch nastype = cisco } ##################### ### LABO TEST ### ##################### # Switch labo TEST client 192.168.240.11 { secret = bidon shortname = Switch nastype = cisco } # Chillispot labo TEST client 147.173.246.1 { secret = PASSsecretRadius shortname = chillispot nastype = other } # Switch Cisco client 192.168.240.131 { secret = xxx shortname = switch nastype = cisco } # Borne Wifi client 192.168.240.240 { secret = secretpartage shortname = AP nastype = other } ##################### ### Salle de Conf ### ##################### # Borne wifi client 192.168.21.21 { secret = xxx shortname = Wifi nastype = other } # Chillispot client 147.173.21.130/25 { secret = xxx shortname = Chillispot nastype = other } ##################### ### CLIENT TEST ### ##################### client 147.173.1.16 { secret = secretpartage shortname = LISTES nastype = other }
# A placer dans le répertoire sites-available : # authorize { preprocess suffix eap { ok = return } files ldap pap } authenticate { unix Auth-Type LDAP { ldap } eap } preacct { preprocess acct_unique suffix files } accounting { detail unix radutmp sql attr_filter.accounting_response } session { radutmp } post-auth { } pre-proxy { files pre_proxy_log } post-proxy { post_proxy_log attr_filter.post-proxy post_proxy_log_filtre eap Post-Proxy-Type Fail { detail } }
# A placer dans le répertoire modules # # $Id$ # # More examples of doing detail logs. # # Many people want to log authentication requests. # Rather than modifying the server core to print out more # messages, we can use a different instance of the 'detail' # module, to log the authentication requests to a file. # # You will also need to un-comment the 'auth_log' line # in the 'authorize' section, below. # detail auth_log { detailfile = ${radacctdir}/%{Client-IP-Address}/auth-detail-%Y%m%d # # This MUST be 0600, otherwise anyone can read # the users passwords! detailperm = 0600 # You may also strip out passwords completely suppress { User-Password } } # # This module logs authentication reply packets sent # to a NAS. Both Access-Accept and Access-Reject packets # are logged. # # You will also need to un-comment the 'reply_log' line # in the 'post-auth' section, below. # detail reply_log { detailfile = ${radacctdir}/%{Client-IP-Address}/reply-detail-%Y%m%d detailperm = 0600 } # # This module logs packets proxied to a home server. # # You will also need to un-comment the 'pre_proxy_log' line # in the 'pre-proxy' section, below. # detail pre_proxy_log { detailfile = ${radacctdir}/%{Client-IP-Address}/pre-proxy-detail-%Y%m%d # # This MUST be 0600, otherwise anyone can read # the users passwords! detailperm = 0600 # You may also strip out passwords completely #suppress { # User-Password #} } # # This module logs response packets from a home server. # # You will also need to un-comment the 'post_proxy_log' line # in the 'post-proxy' section, below. # detail post_proxy_log { detailfile = ${radacctdir}/%{Client-IP-Address}/post-proxy-detail-%Y%m%d detailperm = 0600 } detail post_proxy_log_filtre { detailfile = ${radacctdir}/%{Client-IP-Address}/post-proxy-detail-%Y%m%d-filtre detailperm = 0600 }
# # This is the master dictionary file, which references the # pre-defined dictionary files included with the server. # # Any new/changed attributes MUST be placed in this file, as # the pre-defined dictionaries SHOULD NOT be edited. # # $Id: dictionary.in,v 1.4 2004/04/14 15:26:20 aland Exp $ # # # The filename given here should be an absolute path. # $INCLUDE /usr/share/freeradius/dictionary # # Place additional attributes or $INCLUDEs here. They will # over-ride the definitions in the pre-defined dictionaries. # # See the 'man' page for 'dictionary' for information on # the format of the dictionary files. # # If you want to add entries to the dictionary file, # which are NOT going to be placed in a RADIUS packet, # add them here. The numbers you pick should be between # 3000 and 4000. # #ATTRIBUTE My-Local-String 3000 string #ATTRIBUTE My-Local-IPAddr 3001 ipaddr #ATTRIBUTE My-Local-Integer 3002 integer
# -*- text -*- # # Whatever you do, do NOT set 'Auth-Type := EAP'. The server # is smart enough to figure this out on its own. The most # common side effect of setting 'Auth-Type := EAP' is that the # users then cannot use ANY other authentication method. # # $Id: eap.conf,v 1.14 2007/04/25 10:06:56 aland Exp $ # eap { # Invoke the default supported EAP type when # EAP-Identity response is received. # # The incoming EAP messages DO NOT specify which EAP # type they will be using, so it MUST be set here. # # For now, only one default EAP type may be used at a time. # # If the EAP-Type attribute is set by another module, # then that EAP type takes precedence over the # default type configured here. # #default_eap_type = md5 default_eap_type = ttls # A list is maintained to correlate EAP-Response # packets with EAP-Request packets. After a # configurable length of time, entries in the list # expire, and are deleted. # timer_expire = 60 # There are many EAP types, but the server has support # for only a limited subset. If the server receives # a request for an EAP type it does not support, then # it normally rejects the request. By setting this # configuration to "yes", you can tell the server to # instead keep processing the request. Another module # MUST then be configured to proxy the request to # another RADIUS server which supports that EAP type. # # If another module is NOT configured to handle the # request, then the request will still end up being # rejected. #ignore_unknown_eap_types = no ignore_unknown_eap_types = yes # Cisco AP1230B firmware 12.2(13)JA1 has a bug. When given # a User-Name attribute in an Access-Accept, it copies one # more byte than it should. # # We can work around it by configurably adding an extra # zero byte. cisco_accounting_username_bug = no # Supported EAP-types # # We do NOT recommend using EAP-MD5 authentication # for wireless connections. It is insecure, and does # not provide for dynamic WEP keys. # # md5 { # } # Cisco LEAP # # We do not recommend using LEAP in new deployments. See: # http://www.securiteam.com/tools/5TP012ACKE.html # # Cisco LEAP uses the MS-CHAP algorithm (but not # the MS-CHAP attributes) to perform it's authentication. # # As a result, LEAP *requires* access to the plain-text # User-Password, or the NT-Password attributes. # 'System' authentication is impossible with LEAP. # # leap { # } # Generic Token Card. # # Currently, this is only permitted inside of EAP-TTLS, # or EAP-PEAP. The module "challenges" the user with # text, and the response from the user is taken to be # the User-Password. # # Proxying the tunneled EAP-GTC session is a bad idea, # the users password will go over the wire in plain-text, # for anyone to see. # # gtc { # The default challenge, which many clients # ignore.. #challenge = "Password: " # The plain-text response which comes back # is put into a User-Password attribute, # and passed to another module for # authentication. This allows the EAP-GTC # response to be checked against plain-text, # or crypt'd passwords. # # If you say "Local" instead of "PAP", then # the module will look for a User-Password # configured for the request, and do the # authentication itself. # # auth_type = PAP # } ## EAP-TLS # # If OpenSSL was not found at the time the server was # built, the "tls", "ttls", and "peap" sections will # be ignored. # # Otherwise, when the server first starts in debugging # mode, test certificates will be created. See the # "make_cert_command" below for details, and the README # file in raddb/certs # # These test certificates SHOULD NOT be used in a normal # deployment. They are created only to make it easier # to install the server, and to perform some simple # tests with EAP-TLS, TTLS, or PEAP. # # See also: # # http://www.dslreports.com/forum/remark,9286052~mode=flat # tls { # # These is used to simplify later configurations. # certdir = ${raddbdir}/certs cadir = ${raddbdir}/certs #private_key_password = whatever #private_key_file = ${certdir}/server.pem private_key_file = ${certdir}/radius.grenoble.cnrs.fr.key # If Private key & Certificate are located in # the same file, then private_key_file & # certificate_file must contain the same file # name. #certificate_file = ${certdir}/server.pem certificate_file = ${certdir}/radius.grenoble.cnrs.fr.crt # Trusted Root CA list CA_file = ${cadir}/CACNRS.pem # # For DH cipher suites to work, you have to # run OpenSSL to create the DH file first: # # openssl dhparam -out certs/dh 1024 # dh_file = ${certdir}/dh random_file = ${certdir}/random # # This can never exceed the size of a RADIUS # packet (4096 bytes), and is preferably half # that, to accomodate other attributes in # RADIUS packet. On most APs the MAX packet # length is configured between 1500 - 1600 # In these cases, fragment size should be # 1024 or less. # # fragment_size = 1024 # include_length is a flag which is # by default set to yes If set to # yes, Total Length of the message is # included in EVERY packet we send. # If set to no, Total Length of the # message is included ONLY in the # First packet of a fragment series. # # include_length = yes # Check the Certificate Revocation List # # 1) Copy CA certificates and CRLs to same directory. # 2) Execute 'c_rehash <CA certs&CRLs Directory>'. # 'c_rehash' is OpenSSL's command. # 3) Add 'CA_path=<CA certs&CRLs directory>' # to radiusd.conf's tls section. # 4) uncomment the line below. # 5) Restart radiusd # check_crl = yes # # If check_cert_issuer is set, the value will # be checked against the DN of the issuer in # the client certificate. If the values do not # match, the cerficate verification will fail, # rejecting the user. # # check_cert_issuer = "/C=GB/ST=Berkshire/L=Newbury/O=My Company Ltd" # # If check_cert_cn is set, the value will # be xlat'ed and checked against the CN # in the client certificate. If the values # do not match, the certificate verification # will fail rejecting the user. # # This check is done only if the previous # "check_cert_issuer" is not set, or if # the check succeeds. # # check_cert_cn = %{User-Name} # # Set this option to specify the allowed # TLS cipher suites. The format is listed # in "man 1 ciphers". cipher_list = "DEFAULT" # # This configuration entry should be deleted # once the server is running in a normal # configuration. It is here ONLY to make # initial deployments easier. # #make_cert_command = "${certdir}/bootstrap" } # The TTLS module implements the EAP-TTLS protocol, # which can be described as EAP inside of Diameter, # inside of TLS, inside of EAP, inside of RADIUS... # # Surprisingly, it works quite well. # # The TTLS module needs the TLS module to be installed # and configured, in order to use the TLS tunnel # inside of the EAP packet. You will still need to # configure the TLS module, even if you do not want # to deploy EAP-TLS in your network. Users will not # be able to request EAP-TLS, as it requires them to # have a client certificate. EAP-TTLS does not # require a client certificate. # ttls { # The tunneled EAP session needs a default # EAP type which is separate from the one for # the non-tunneled EAP module. Inside of the # TTLS tunnel, we recommend using EAP-MD5. # If the request does not contain an EAP # conversation, then this configuration entry # is ignored. default_eap_type = md5 # The tunneled authentication request does # not usually contain useful attributes # like 'Calling-Station-Id', etc. These # attributes are outside of the tunnel, # and normally unavailable to the tunneled # authentication request. # # By setting this configuration entry to # 'yes', any attribute which NOT in the # tunneled authentication request, but # which IS available outside of the tunnel, # is copied to the tunneled request. # # allowed values: {no, yes} #copy_request_to_tunnel = no copy_request_to_tunnel = yes # The reply attributes sent to the NAS are # usually based on the name of the user # 'outside' of the tunnel (usually # 'anonymous'). If you want to send the # reply attributes based on the user name # inside of the tunnel, then set this # configuration entry to 'yes', and the reply # to the NAS will be taken from the reply to # the tunneled request. # # allowed values: {no, yes} #use_tunneled_reply = no use_tunneled_reply = yes } ################################################## # # !!!!! WARNINGS for Windows compatibility !!!!! # ################################################## # # If you see the server send an Access-Challenge, # and the client never sends another Access-Request, # then # # STOP! # # The server certificate has to have special OID's # in it, or else the Microsoft clients will silently # fail. See the "scripts/xpextensions" file for # details, and the following page: # # http://support.microsoft.com/kb/814394/en-us # # For additional Windows XP SP2 issues, see: # # http://support.microsoft.com/kb/885453/en-us # # Note that we do not necessarily agree with their # explanation... but the fix does appear to work. # ################################################## # # The tunneled EAP session needs a default EAP type # which is separate from the one for the non-tunneled # EAP module. Inside of the TLS/PEAP tunnel, we # recommend using EAP-MS-CHAPv2. # # The PEAP module needs the TLS module to be installed # and configured, in order to use the TLS tunnel # inside of the EAP packet. You will still need to # configure the TLS module, even if you do not want # to deploy EAP-TLS in your network. Users will not # be able to request EAP-TLS, as it requires them to # have a client certificate. EAP-PEAP does not # require a client certificate. # # peap { # The tunneled EAP session needs a default # EAP type which is separate from the one for # the non-tunneled EAP module. Inside of the # PEAP tunnel, we recommend using MS-CHAPv2, # as that is the default type supported by # Windows clients. # default_eap_type = mschapv2 # the PEAP module also has these configuration # items, which are the same as for TTLS. # copy_request_to_tunnel = no # use_tunneled_reply = no # When the tunneled session is proxied, the # home server may not understand EAP-MSCHAP-V2. # Set this entry to "no" to proxy the tunneled # EAP-MSCHAP-V2 as normal MSCHAPv2. # proxy_tunneled_request_as_eap = yes # } # # This takes no configuration. # # Note that it is the EAP MS-CHAPv2 sub-module, not # the main 'mschap' module. # # Note also that in order for this sub-module to work, # the main 'mschap' module MUST ALSO be configured. # # This module is the *Microsoft* implementation of MS-CHAPv2 # in EAP. There is another (incompatible) implementation # of MS-CHAPv2 in EAP by Cisco, which FreeRADIUS does not # currently support. # # mschapv2 { # } }
# hints # # The hints file. This file is used to match # a request, and then add attributes to it. This # process allows a user to login as "bob.ppp" (for example), # and receive a PPP connection, even if the NAS doesn't # ask for PPP. The "hints" file is used to match the # ".ppp" portion of the username, and to add a set of # "user requested PPP" attributes to the request. # # Matching can take place with the the Prefix and Suffix # attributes, just like in the "users" file. # These attributes operate ONLY on the username, though. # # Note that the attributes that are set for each # entry are _NOT_ passed back to the terminal server. # Instead they are added to the information that has # been _SENT_ by the terminal server. # # This extra information can be used in the users file to # match on. Usually this is done in the DEFAULT entries, # of which there can be more than one. # # In addition a matching entry can transform a username # for authentication purposes if the "Strip-User-Name" # variable is set to Yes in an entry (default is Yes). # # A special non-protocol name-value pair called "Hint" # can be set to match on in the "users" file. # # The following is how most ISPs want to set this up. # # Version: $Id: hints,v 1.4 2004/01/29 16:42:43 aland Exp $ # DEFAULT Suffix == ".ppp", Strip-User-Name = Yes Hint = "PPP", Service-Type = Framed-User, Framed-Protocol = PPP DEFAULT Suffix == ".slip", Strip-User-Name = Yes Hint = "SLIP", Service-Type = Framed-User, Framed-Protocol = SLIP DEFAULT Suffix == ".cslip", Strip-User-Name = Yes Hint = "CSLIP", Service-Type = Framed-User, Framed-Protocol = SLIP, Framed-Compression = Van-Jacobson-TCP-IP ###################################################################### # # These entries are old, and commented out by default. # They confuse too many people when "Peter" logs in, and the # server thinks that the user "eter" is asking for PPP. # #DEFAULT Prefix == "U", Strip-User-Name = No # Hint = "UUCP" #DEFAULT Prefix == "P", Strip-User-Name = Yes # Hint = "PPP", # Service-Type = Framed-User, # Framed-Protocol = PPP #DEFAULT Prefix == "S", Strip-User-Name = Yes # Hint = "SLIP", # Service-Type = Framed-User, # Framed-Protocol = SLIP #DEFAULT Prefix == "C", Strip-User-Name = Yes # Hint = "CSLIP", # Service-Type = Framed-User, # Framed-Protocol = SLIP, # Framed-Compression = Van-Jacobson-TCP-IP
# # huntgroups This file defines the `huntgroups' that you have. A # huntgroup is defined by specifying the IP address of # the NAS and possibly a port range. Port can be identified # as just one port, or a range (from-to), and multiple ports # or ranges of ports must be seperated by a comma. For # example: 1,2,3-8 # # Matching is done while RADIUS scans the user file; if it # includes the selection criterium "Huntgroup-Name == XXX" # the huntgroup is looked up in this file to see if it # matches. There can be multiple definitions of the same # huntgroup; the first one that matches will be used. # # This file can also be used to define restricted access # to certain huntgroups. The second and following lines # define the access restrictions (based on username and # UNIX usergroup) for the huntgroup. # # # Our POP in Alphen a/d Rijn has 3 terminal servers. Create a Huntgroup-Name # called Alphen that matches on all three terminal servers. # #alphen NAS-IP-Address == 192.168.2.5 #alphen NAS-IP-Address == 192.168.2.6 #alphen NAS-IP-Address == 192.168.2.7 # # The POP in Delft consists of only one terminal server. # #delft NAS-IP-Address == 192.168.3.5 # # Ports 0-7 on the first terminal server in Alphen are connected to # a huntgroup that is for business users only. Note that only one # of the username or groupname has to match to get access (OR/OR). # # Note that this huntgroup is a subset of the "alphen" huntgroup. # #business NAS-IP-Address == 192.168.2.5, NAS-Port-Id == 0-7 # User-Name = rogerl, # User-Name = henks, # Group = business, # Group = staff ################################################ # Il faut mettre ici tous les NAS disponibles, # # dont les proxies Eduroam # ################################################ ########################### ### EDUROAM ### ########################### # rad1.eduroam.fr Radius_Eduroam NAS-IP-Address == 193.51.182.121 # rad2.eduroam.fr Radius_Eduroam NAS-IP-Address == 130.79.200.23 # radtest.cru.fr Radius_Eduroam NAS-IP-Address == 195.220.94.130 ############################ ### Tous les 802.1x CNRS ### ############################ # Labo de Test Tous8021x NAS-IP-Address == 192.168.240.131 Tous8021x NAS-IP-Address == 192.168.240.240 ########################### ### SALLE DE CONFERENCE ### ########################### # Borne wifi SDCONFwifi NAS-IP-Address == 192.168.21.21 # Chillispot SDCONFchilli NAS-IP-Address == 147.173.21.130 ########################### ### LABO NANO ### ########################### # Chillispot NANOchilli NAS-IP-Address == 147.173.70.1 # Borne Wifi NANOclient8021x NAS-IP-Address == 192.168.64.64 # Switch (a verifier) TODO NANOclient8021x NAS-IP-Address == 192.168.64.80 # Switch (a verifier) TODO NANOclient8021x NAS-IP-Address == 192.168.64.81 ########################### ### LABO TEST ### ########################### # Chillispot TESTChilli NAS-IP-Address == 147.173.246.1, NAS-Identifier == "Chillispot" # OpenVPN TESTvpn NAS-IP-Address == 147.173.246.1, NAS-Identifier == "VPN" # 802.1x : Switch Cisco TEST8021x NAS-IP-Address == 192.168.240.131 TEST8021x NAS-IP-Address == 192.168.240.240 ############################ ### CONNEXIONS LOCALES ### ############################ HUNTLocal NAS-IP-Address == 127.0.0.1 HUNTLocal NAS-IP-Address == 147.173.1.26 HUNTLocal NAS-IP-Address == 147.173.1.27
# A placer dans le répertoire modules # ldap { server = "ldaps://ldap.grenoble.cnrs.fr" identity = "cn=radius,dc=grenoble,dc=cnrs,dc=fr" password = "xxxxxxxx" basedn = "ou=users,dc=grenoble,dc=cnrs,dc=fr" filter = "(|(|(uid=%{%{Stripped-User-Name}:-%{User-Name}})(mail=%{%{Stripped-User-Name}:-%{User-Name}}))(mail=%{%{Stripped-User-Name}:-%{User-Name}}@grenoble.cnrs.fr))" base_filter = "(objectclass=radiusprofile)" ldap_connections_number = 5 timeout = 4 timelimit = 3 net_timeout = 1 tls { start_tls = no } dictionary_mapping = ${confdir}/ldap.attrmap edir_account_policy_check = no groupname_attribute = radiusGroupName groupmembership_filter = "(|(|(uid=%{%{Stripped-User-Name}:-%{User-Name}})(mail=%{%{Stripped-User-Name}:-%{User-Name}}))(mail=%{%{Stripped-User-Name}:-%{User-Name}}@grenoble.cnrs.fr))" groupmembership_attribute = radiusGroupName }
# # Mapping of RADIUS dictionary attributes to LDAP directory attributes # to be used by LDAP authentication and authorization module (rlm_ldap) # # Format: # ItemType RADIUS-Attribute-Name ldapAttributeName # # Where: # ItemType = checkItem or replyItem # RADIUS-Attribute-Name = attribute name in RADIUS dictionary # ldapAttributeName = attribute name in LDAP schema # # If $GENERIC$ is specified as RADIUS-Attribute-Name, the line specifies # a LDAP attribute which can be used to store any RADIUS # attribute/value-pair in LDAP directory. # # You should edit this file to suit it to your needs. # checkItem $GENERIC$ radiusCheckItem replyItem $GENERIC$ radiusReplyItem checkItem Auth-Type radiusAuthType checkItem Simultaneous-Use radiusSimultaneousUse checkItem Called-Station-Id radiusCalledStationId checkItem Calling-Station-Id radiusCallingStationId checkItem LM-Password lmPassword checkItem NT-Password ntPassword checkItem SMB-Account-CTRL-TEXT acctFlags checkItem Expiration radiusExpiration checkItem NAS-IP-Address radiusNASIpAddress replyItem Service-Type radiusServiceType replyItem Framed-Protocol radiusFramedProtocol replyItem Framed-IP-Address radiusFramedIPAddress replyItem Framed-IP-Netmask radiusFramedIPNetmask replyItem Framed-Route radiusFramedRoute replyItem Framed-Routing radiusFramedRouting replyItem Filter-Id radiusFilterId replyItem Framed-MTU radiusFramedMTU replyItem Framed-Compression radiusFramedCompression replyItem Login-IP-Host radiusLoginIPHost replyItem Login-Service radiusLoginService replyItem Login-TCP-Port radiusLoginTCPPort replyItem Callback-Number radiusCallbackNumber replyItem Callback-Id radiusCallbackId replyItem Framed-IPX-Network radiusFramedIPXNetwork replyItem Class radiusClass replyItem Session-Timeout radiusSessionTimeout replyItem Idle-Timeout radiusIdleTimeout replyItem Termination-Action radiusTerminationAction replyItem Login-LAT-Service radiusLoginLATService replyItem Login-LAT-Node radiusLoginLATNode replyItem Login-LAT-Group radiusLoginLATGroup replyItem Framed-AppleTalk-Link radiusFramedAppleTalkLink replyItem Framed-AppleTalk-Network radiusFramedAppleTalkNetwork replyItem Framed-AppleTalk-Zone radiusFramedAppleTalkZone replyItem Port-Limit radiusPortLimit replyItem Login-LAT-Port radiusLoginLATPort replyItem Reply-Message radiusReplyMessage
# # Configuration file for the rlm_files module. # Please see rlm_files(5) manpage for more information. # # $Id: preproxy_users,v 1.3 2005/06/11 21:20:21 nbk Exp $ # # This file is similar to the "users" file. The check items # are compared against the request, but the "reply" items are # used to update the proxied packet, not the reply to the NAS. # # You can use this file to re-write requests which are about to # be sent to a home server. # # # Requests destinated to realm "extisp" are sent to a RADIUS # home server hosted by an other company which doesn't know about # the IP addresses of our NASes. Therefore we replace the value of # the NAS-IP-Address attribute by a unique value we communicated # to them. # #DEFAULT Realm == "extisp" # NAS-IP-Address := 10.1.2.3 # # For all proxied packets, set the User-Name in the proxied packet # to the Stripped-User-Name, if it exists. If not, set it to the # User-Name from the original request. # #DEFAULT # User-Name := `%{Stripped-User-Name:-%{User-Name}}` #DEFAULT Realm == "DEFAULT" DEFAULT NAS-IP-Address := 147.173.1.27
# # proxy.conf - proxy radius and realm configuration directives # # This file is included by default. To disable it, you will need # to modify the PROXY CONFIGURATION section of "radiusd.conf". # # # This entry controls the servers behaviour towards ALL other servers # to which it sends proxy requests. # proxy server { # # Note that as of 2.0, the "synchronous", "retry_delay", # "retry_count", and "dead_time" have all been deprecated. # For backwards compatibility, they are are still accepted # by the server, but they ONLY apply to the old-style realm # configuration. i.e. realms with "authhost" and/or "accthost" # entries. # # i.e. "retry_delay" and "retry_count" have been replaced # with per-home-server configuration. See the "home_server" # example below for details. # # i.e. "dead_time" has been replaced with a per-home-server # "revive_interval". We strongly recommend that this not # be used, however. The new method is much better. # # In 2.0, the server is always "synchronous", and setting # "synchronous = no" is impossible. This simplifies the # server and increases the stability of the network. # # If you need to set "synchronous = no", please send a # message to the list <freeradius-users@lists.freeradius.org> # explaining why this feature is vital for your network. # # If a realm exists, but there are no live home servers for # it, we can fall back to using the "DEFAULT" realm. This is # most useful for accounting, where the server can proxy # accounting requests to home servers, but if they're down, # use a DEFAULT realm that is LOCAL (i.e. accthost = LOCAL), # and then store the packets in the "detail" file. That data # can be later proxied to the home servers by radrelay, when # those home servers come back up again. # Setting this to "yes" may have issues for authentication. # i.e. If you are proxying for two different ISP's, and then # act as a general dial-up for Gric. If one of the first two # ISP's has their RADIUS server go down, you do NOT want to # proxy those requests to GRIC. Instead, you probably want # to just drop the requests on the floor. In that case, set # this value to 'no'. # # allowed values: {yes, no} # # default_fallback = no default_fallback = yes } ####################################################################### # # Configuration for the proxy realms. # # As of 2.0. the old-style "realms" file is deprecated, and is not # used by FreeRADIUS. # # As of 2.0, the "realm" configuration has changed. Instead of # specifying "authhost" and "accthost" in a realm section, the home # servers are specified seperately in a "home_server" section. For # backwards compatibility, you can still use the "authhost" and # "accthost" directives. If you only have one home server for a # realm, it is easier to use the old-style configuration. # # However, if you have multiple servers for a realm, we STRONGLY # suggest moving to the new-style configuration. # # # Load-balancing and failover between home servers is handled via # a "server_pool" section. # # Finally, The "realm" section defines the realm, some options, and # indicates which server pool should be used for the realm. # # This change means that simple configurations now require multiple # ssections to define a realm. However, complex configurations # are much simpler than before, as multiple realms can share the same # server pool. # # That is, realms point to server pools, and server pools point to # home servers. Multiple realms can point to one server pool. One # server pool can point to multiple home servers. Each home server # can appear in one or more pools. # ###################################################################### # # # This section defines a new-style "realm". Note the in version 2.0, # there are many fewer configuration items than in 1.x for a realm. # # Automatic proxying is done via the "realms" module (see "man # rlm_realm"). To manually proxy the request put this entry in the # "users" file: # # #DEFAULT Proxy-To-Realm := "realm_name" # # # Il faut mettre dead_time à 0 pour que la panne d'un Radius d'un membre # EduRoam n'entraine pas l'arret du Radius Proxy Eduroam. dead_time = 0 realm DEFAULT { type = radius # TEST : Le serveur de listes me sert de proxy Eduroam # A VIRER !!! authhost = listes.grenoble.cnrs.fr:1812 accthost = listes.grenoble.cnrs.fr:1813 # authhost = rad1.eduroam.fr:1812 # accthost = rad1.eduroam.fr:1813 secret = secretpartage nostrip } # This realm is used mainly to cancel proxying. You can have # the "realm suffix" module configured to proxy all requests for # a realm, and then later cancel the proxying, based on other # configuration. # # For example, you want to terminate PEAP or EAP-TTLS locally, # you can add the following to the "users" file: # # DEFAULT EAP-Type == PEAP, Proxy-To-Realm := LOCAL # ############################################################################### ### ATTENTION !!! ATTTENTION !!! ATTENTION !!! ### Pour les realms locaux, il ne FAUT PAS mettre de pool de serveur (il ne ### faut rien mettre du tout). Sinon on a une generation de boucle dans les ### proxies !!!! ############################################################################### realm LOCAL { # If we do not specify a server pool, the realm is LOCAL, and # requests are not proxied to it. } # # This realm is for requests which don't have an explicit realm # prefix or suffix. User names like "bob" will match this one. # #realm NULL { # type = radius # authhost = radius.company.com:1600 # accthost = radius.company.com:1601 # secret = testing123 #} ## realm NULL definit pour authentifier les utilisateurs en local. realm NULL { type = radius authhost = LOCAL accthost = LOCAL } # # This realm is for ALL OTHER requests. # #realm DEFAULT { # type = radius # authhost = radius.company.com:1600 # accthost = radius.company.com:1601 # secret = testing123 #} realm creta { type = radius authhost = LOCAL accthost = LOCAL } realm g2elab { type = radius authhost = LOCAL accthost = LOCAL } # Le realm grenoble.cnrs.fr est utilise de l'exterieur (utilisateurs de Grenoble à # Toulouse). Dans ce cas, l'utilisateur ne doit PAS donner son labo. realm grenoble.cnrs.fr { type = radius authhost = LOCAL accthost = LOCAL nostrip } realm lcmi { type = radius authhost = LOCAL accthost = LOCAL } realm lpm2c { type = radius authhost = LOCAL accthost = LOCAL } realm mcbt{ type = radius authhost = LOCAL accthost = LOCAL } realm mcmf { type = radius authhost = LOCAL accthost = LOCAL } realm nano { type = radius authhost = LOCAL accthost = LOCAL } realm test { type = radius authhost = LOCAL accthost = LOCAL }
## ## radiusd.conf -- FreeRADIUS server configuration file. ## ## http://www.freeradius.org/ ## $Id: radiusd.conf.in,v 1.243 2007/05/02 13:25:42 aland Exp $ ## # The location of other config files and # logfiles are declared in this file # # Also general configuration for modules can be done # in this file, it is exported through the API to # modules that ask for it. # # The configuration variables defined here are of the form ${foo} # They are local to this file, and do not change from request to # request. # # The per-request variables are of the form %{Attribute-Name}, and # are taken from the values of the attribute in the incoming # request. See 'doc/variables.txt' for more information. prefix = /usr exec_prefix = /usr sysconfdir = /etc localstatedir = /var sbindir = ${exec_prefix}/sbin logdir = /var/log/freeradius raddbdir = /etc/freeradius radacctdir = ${logdir}/radacct # Location of config and logfiles. confdir = ${raddbdir} run_dir = ${localstatedir}/run/freeradius # # The logging messages for the server are appended to the # tail of this file. # log_file = ${logdir}/radius.log # # Destination for log messages. This can be one of: # # files - log to ${log_file}, as defined above. # syslog - to syslog (see also the log{} section, below) # stdout - standard output # stderr - standard error. # # The command-line option "-X" over-rides this option, and forces # logging to go to stdout. # log_destination = files # # libdir: Where to find the rlm_* modules. # # This should be automatically set at configuration time. # # If the server builds and installs, but fails at execution time # with an 'undefined symbol' error, then you can use the libdir # directive to work around the problem. # # The cause is usually that a library has been installed on your # system in a place where the dynamic linker CANNOT find it. When # executing as root (or another user), your personal environment MAY # be set up to allow the dynamic linker to find the library. When # executing as a daemon, FreeRADIUS MAY NOT have the same # personalized configuration. # # To work around the problem, find out which library contains that symbol, # and add the directory containing that library to the end of 'libdir', # with a colon separating the directory names. NO spaces are allowed. # # e.g. libdir = /usr/local/lib:/opt/package/lib # # You can also try setting the LD_LIBRARY_PATH environment variable # in a script which starts the server. # # If that does not work, then you can re-configure and re-build the # server to NOT use shared libraries, via: # # ./configure --disable-shared # make # make install # libdir = /usr/lib/freeradius # pidfile: Where to place the PID of the RADIUS server. # # The server may be signalled while it's running by using this # file. # # This file is written when ONLY running in daemon mode. # # e.g.: kill -HUP `cat /var/run/freeradius/freeradius.pid` # pidfile = ${run_dir}/freeradius.pid # user/group: The name (or #number) of the user/group to run radiusd as. # # If these are commented out, the server will run as the user/group # that started it. In order to change to a different user/group, you # MUST be root ( or have root privleges ) to start the server. # # We STRONGLY recommend that you run the server with as few permissions # as possible. That is, if you're not using shadow passwords, the # user and group items below should be set to 'nobody'. # # On SCO (ODT 3) use "user = nouser" and "group = nogroup". # # NOTE that some kernels refuse to setgid(group) when the value of # (unsigned)group is above 60000; don't use group nobody on these systems! # # On systems with shadow passwords, you might have to set 'group = shadow' # for the server to be able to read the shadow password file. If you can # authenticate users while in debug mode, but not in daemon mode, it may be # that the debugging mode server is running as a user that can read the # shadow info, and the user listed below can not. # user = freerad group = freerad # max_request_time: The maximum time (in seconds) to handle a request. # # Requests which take more time than this to process may be killed, and # a REJECT message is returned. # # WARNING: If you notice that requests take a long time to be handled, # then this MAY INDICATE a bug in the server, in one of the modules # used to handle a request, OR in your local configuration. # # This problem is most often seen when using an SQL database. If it takes # more than a second or two to receive an answer from the SQL database, # then it probably means that you haven't indexed the database. See your # SQL server documentation for more information. # # Useful range of values: 5 to 120 # max_request_time = 30 # cleanup_delay: The time to wait (in seconds) before cleaning up # a reply which was sent to the NAS. # # The RADIUS request is normally cached internally for a short period # of time, after the reply is sent to the NAS. The reply packet may be # lost in the network, and the NAS will not see it. The NAS will then # re-send the request, and the server will respond quickly with the # cached reply. # # If this value is set too low, then duplicate requests from the NAS # MAY NOT be detected, and will instead be handled as seperate requests. # # If this value is set too high, then the server will cache too many # requests, and some new requests may get blocked. (See 'max_requests'.) # # Useful range of values: 2 to 10 # cleanup_delay = 5 # max_requests: The maximum number of requests which the server keeps # track of. This should be 256 multiplied by the number of clients. # e.g. With 4 clients, this number should be 1024. # # If this number is too low, then when the server becomes busy, # it will not respond to any new requests, until the 'cleanup_delay' # time has passed, and it has removed the old requests. # # If this number is set too high, then the server will use a bit more # memory for no real benefit. # # If you aren't sure what it should be set to, it's better to set it # too high than too low. Setting it to 1000 per client is probably # the highest it should be. # # Useful range of values: 256 to infinity # max_requests = 1024 # listen: Make the server listen on a particular IP address, and send # replies out from that address. This directive is most useful for # hosts with multiple IP addresses on one interface. # # If you want the server to listen on additional addresses, or on # additionnal ports, you can use multiple "listen" sections. # # Each section make the server listen for only one type of packet, # therefore authentication and accounting have to be configured in # different sections. # # The server ignore all "listen" section if you are using '-i' and '-p' # on the command line. # listen { # IP address on which to listen. # Allowed values are: # dotted quad (1.2.3.4) # hostname (radius.example.com) # wildcard (*) ipaddr = * # OR, you can use an IPv6 address, but not both # at the same time. # ipv6addr = :: # any. ::1 == localhost # Port on which to listen. # Allowed values are: # integer port number (1812) # 0 means "use /etc/services for the proper port" port = 0 # Type of packets to listen for. # Allowed values are: # auth listen for authentication packets # acct listen for accounting packets # type = auth # Some systems support binding to an interface, in addition # to the IP address. This feature isn't strictly necessary, # but for sites with many IP addresses on one interface, # it's useful to say "listen on all addresses for eth0". # # If your system does not support this feature, you will # get an error if you try to use it. # # interface = eth0 # Per-socket lists of clients. This is a very useful feature. # # The name here is a reference to a section elsewhere in # radiusd.conf, or clients.conf. Having the name as # a reference allows multiple sockets to use the same # set of clients. # # If this configuration is used, then the global list of clients # is IGNORED for this "listen" section. Take care configuring # this feature, to ensure you don't accidentally disable a # client you need. # # See clients.conf for the configuration of "per_socket_clients". # # clients = per_socket_clients } # This second "listen" section is for listening on the accounting # port, too. # listen { ipaddr = * # ipv6addr = :: port = 0 type = acct # interface = eth0 # clients = per_socket_clients } # hostname_lookups: Log the names of clients or just their IP addresses # e.g., www.freeradius.org (on) or 206.47.27.232 (off). # # The default is 'off' because it would be overall better for the net # if people had to knowingly turn this feature on, since enabling it # means that each client request will result in AT LEAST one lookup # request to the nameserver. Enabling hostname_lookups will also # mean that your server may stop randomly for 30 seconds from time # to time, if the DNS requests take too long. # # Turning hostname lookups off also means that the server won't block # for 30 seconds, if it sees an IP address which has no name associated # with it. # # allowed values: {no, yes} # hostname_lookups = no # Core dumps are a bad thing. This should only be set to 'yes' # if you're debugging a problem with the server. # # allowed values: {no, yes} # allow_core_dumps = no # Regular expressions # # These items are set at configure time. If they're set to "yes", # then setting them to "no" turns off regular expression support. # # If they're set to "no" at configure time, then setting them to "yes" # WILL NOT WORK. It will give you an error. # regular_expressions = yes extended_expressions = yes # # Logging section. The various "log_*" configuration items # will eventually be moved here. # log { # # Which syslog facility to use, if ${log_destination} == "syslog" # # The exact values permitted here are OS-dependent. You probably # don't want to change this. # syslog_facility = daemon } # Log the full User-Name attribute, as it was found in the request. # # allowed values: {no, yes} # log_stripped_names = no # Log authentication requests to the log file. # # allowed values: {no, yes} # log_auth = yes # Log passwords with the authentication requests. # log_auth_badpass - logs password if it's rejected # log_auth_goodpass - logs password if it's correct # # allowed values: {no, yes} # log_auth_badpass = no log_auth_goodpass = no # The program to execute to do concurrency checks. checkrad = ${sbindir}/checkrad # SECURITY CONFIGURATION # # There may be multiple methods of attacking on the server. This # section holds the configuration items which minimize the impact # of those attacks # security { # # max_attributes: The maximum number of attributes # permitted in a RADIUS packet. Packets which have MORE # than this number of attributes in them will be dropped. # # If this number is set too low, then no RADIUS packets # will be accepted. # # If this number is set too high, then an attacker may be # able to send a small number of packets which will cause # the server to use all available memory on the machine. # # Setting this number to 0 means "allow any number of attributes" max_attributes = 200 # # reject_delay: When sending an Access-Reject, it can be # delayed for a few seconds. This may help slow down a DoS # attack. It also helps to slow down people trying to brute-force # crack a users password. # # Setting this number to 0 means "send rejects immediately" # # If this number is set higher than 'cleanup_delay', then the # rejects will be sent at 'cleanup_delay' time, when the request # is deleted from the internal cache of requests. # # Useful ranges: 1 to 5 reject_delay = 1 # # status_server: Whether or not the server will respond # to Status-Server requests. # # When sent a Status-Server message, the server responds with # an Access-Accept or Accounting-Response packet. # # This is mainly useful for administrators who want to "ping" # the server, without adding test users, or creating fake # accounting packets. # # It's also useful when a NAS marks a RADIUS server "dead". # The NAS can periodically "ping" the server with a Status-Server # packet. If the server responds, it must be alive, and the # NAS can start using it for real requests. # status_server = yes } # PROXY CONFIGURATION # # proxy_requests: Turns proxying of RADIUS requests on or off. # # The server has proxying turned on by default. If your system is NOT # set up to proxy requests to another server, then you can turn proxying # off here. This will save a small amount of resources on the server. # # If you have proxying turned off, and your configuration files say # to proxy a request, then an error message will be logged. # # To disable proxying, change the "yes" to "no", and comment the # $INCLUDE line. # # allowed values: {no, yes} # proxy_requests = yes $INCLUDE ${confdir}/proxy.conf # CLIENTS CONFIGURATION # # Client configuration is defined in "clients.conf". # # The 'clients.conf' file contains all of the information from the old # 'clients' and 'naslist' configuration files. We recommend that you # do NOT use 'client's or 'naslist', although they are still # supported. # # Anything listed in 'clients.conf' will take precedence over the # information from the old-style configuration files. # $INCLUDE ${confdir}/clients.conf # SNMP CONFIGURATION # # Snmp configuration is only valid if SNMP support was enabled # at compile time. # # To enable SNMP querying of the server, set the value of the # 'snmp' attribute to 'yes' # snmp = no $INCLUDE ${confdir}/snmp.conf # THREAD POOL CONFIGURATION # # The thread pool is a long-lived group of threads which # take turns (round-robin) handling any incoming requests. # # You probably want to have a few spare threads around, # so that high-load situations can be handled immediately. If you # don't have any spare threads, then the request handling will # be delayed while a new thread is created, and added to the pool. # # You probably don't want too many spare threads around, # otherwise they'll be sitting there taking up resources, and # not doing anything productive. # # The numbers given below should be adequate for most situations. # thread pool { # Number of servers to start initially --- should be a reasonable # ballpark figure. start_servers = 5 # Limit on the total number of servers running. # # If this limit is ever reached, clients will be LOCKED OUT, so it # should NOT BE SET TOO LOW. It is intended mainly as a brake to # keep a runaway server from taking the system with it as it spirals # down... # # You may find that the server is regularly reaching the # 'max_servers' number of threads, and that increasing # 'max_servers' doesn't seem to make much difference. # # If this is the case, then the problem is MOST LIKELY that # your back-end databases are taking too long to respond, and # are preventing the server from responding in a timely manner. # # The solution is NOT do keep increasing the 'max_servers' # value, but instead to fix the underlying cause of the # problem: slow database, or 'hostname_lookups=yes'. # # For more information, see 'max_request_time', above. # max_servers = 32 # Server-pool size regulation. Rather than making you guess # how many servers you need, FreeRADIUS dynamically adapts to # the load it sees, that is, it tries to maintain enough # servers to handle the current load, plus a few spare # servers to handle transient load spikes. # # It does this by periodically checking how many servers are # waiting for a request. If there are fewer than # min_spare_servers, it creates a new spare. If there are # more than max_spare_servers, some of the spares die off. # The default values are probably OK for most sites. # min_spare_servers = 3 max_spare_servers = 10 # There may be memory leaks or resource allocation problems with # the server. If so, set this value to 300 or so, so that the # resources will be cleaned up periodically. # # This should only be necessary if there are serious bugs in the # server which have not yet been fixed. # # '0' is a special value meaning 'infinity', or 'the servers never # exit' max_requests_per_server = 0 } # MODULE CONFIGURATION # # The names and configuration of each module is located in this section. # # After the modules are defined here, they may be referred to by name, # in other sections of this configuration file. # modules { # # Each module has a configuration as follows: # # name [ instance ] { # config_item = value # ... # } # # The 'name' is used to load the 'rlm_name' library # which implements the functionality of the module. # # The 'instance' is optional. To have two different instances # of a module, it first must be referred to by 'name'. # The different copies of the module are then created by # inventing two 'instance' names, e.g. 'instance1' and 'instance2' # # The instance names can then be used in later configuration # INSTEAD of the original 'name'. See the 'radutmp' configuration # below for an example. # # PAP module to authenticate users based on their stored password # # Supports multiple encryption/hash schemes. See "man passwd" # for details. # # The "auto_header" configuration item can be set to "yes". # In this case, the module will look inside of the User-Password # attribute for the headers {crypt}, {clear}, etc., and will # automatically create the attribute on the right-hand side, # with the correct value. It will also automatically handle # Base-64 encoded data, hex strings, and binary data. pap { auto_header = no } # CHAP module # # To authenticate requests containing a CHAP-Password attribute. # chap { authtype = CHAP } # Pluggable Authentication Modules # # For Linux, see: # http://www.kernel.org/pub/linux/libs/pam/index.html # # WARNING: On many systems, the system PAM libraries have # memory leaks! We STRONGLY SUGGEST that you do not # use PAM for authentication, due to those memory leaks. # pam { # # The name to use for PAM authentication. # PAM looks in /etc/pam.d/${pam_auth_name} # for it's configuration. See 'redhat/radiusd-pam' # for a sample PAM configuration file. # # Note that any Pam-Auth attribute set in the 'authorize' # section will over-ride this one. # pam_auth = radiusd } # Unix /etc/passwd style authentication # unix { # As of 1.1.0, the Unix module no longer reads, # or caches /etc/passwd, /etc/shadow, or /etc/group. # If you wish to cache those files, see the passwd # module, above. # # # The location of the "wtmp" file. # This should be moved to it's own module soon. # # The only use for 'radlast'. If you don't use # 'radlast', then you can comment out this item. # radwtmp = ${logdir}/radwtmp } # Extensible Authentication Protocol # # For all EAP related authentications. # Now in another file, because it is very large. # $INCLUDE ${confdir}/eap.conf # Microsoft CHAP authentication # # This module supports MS-CHAP and MS-CHAPv2 authentication. # It also enforces the SMB-Account-Ctrl attribute. # mschap { # # As of 0.9, the mschap module does NOT support # reading from /etc/smbpasswd. # # If you are using /etc/smbpasswd, see the 'passwd' # module for an example of how to use /etc/smbpasswd # if use_mppe is not set to no mschap will # add MS-CHAP-MPPE-Keys for MS-CHAPv1 and # MS-MPPE-Recv-Key/MS-MPPE-Send-Key for MS-CHAPv2 # #use_mppe = no # if mppe is enabled require_encryption makes # encryption moderate # #require_encryption = yes # require_strong always requires 128 bit key # encryption # #require_strong = yes # Windows sends us a username in the form of # DOMAIN\user, but sends the challenge response # based on only the user portion. This hack # corrects for that incorrect behavior. # #with_ntdomain_hack = no # The module can perform authentication itself, OR # use a Windows Domain Controller. This configuration # directive tells the module to call the ntlm_auth # program, which will do the authentication, and return # the NT-Key. Note that you MUST have "winbindd" and # "nmbd" running on the local machine for ntlm_auth # to work. See the ntlm_auth program documentation # for details. # # Be VERY careful when editing the following line! # #ntlm_auth = "/path/to/ntlm_auth --request-nt-key --username=%{Stripped-User-Name:-%{User-Name:-None}} --challenge=%{mschap:Challenge:-00} --nt-response=%{mschap:NT-Response:-00}" } # Lightweight Directory Access Protocol (LDAP) # # This module definition allows you to use LDAP for # authorization and authentication. # # See doc/rlm_ldap for description of configuration options # and sample authorize{} and authenticate{} blocks # # However, LDAP can be used for authentication ONLY when the # Access-Request packet contains a clear-text User-Password # attribute. LDAP authentication will NOT work for any other # authentication method. # # This means that LDAP servers don't understand EAP. If you # force "Auth-Type = LDAP", and then send the server a # request containing EAP authentication, then authentication # WILL NOT WORK. # # The solution is to use the default configuration, which does # work. # # Setting "Auth-Type = LDAP" is ALMOST ALWAYS WRONG. We # really can't emphasize this enough. # ldap { server = "ldaps://ldap.grenoble.cnrs.fr" identity = "cn=rad,dc=grenoble,dc=cnrs,dc=fr" password = "XXXXXXX" basedn = "ou=users,dc=grenoble,dc=cnrs,dc=fr" #filter = "(uid=%{Stripped-User-Name:-%{User-Name}})" filter = "(|(|(uid=%{Stripped-User-Name:-%{User-Name}})(mail=%{Stripped-User-Name:-%{User-Name}}))(mail=%{Stripped-User-Name:-%{User-Name}}@grenoble.cnrs.fr))" base_filter = "(objectclass=radiusprofile)" # How many connections to keep open to the LDAP server. # This saves time over opening a new LDAP socket for # every authentication request. ldap_connections_number = 5 # seconds to wait for LDAP query to finish. default: 20 timeout = 4 # seconds LDAP server has to process the query (server-side # time limit). default: 20 # # LDAP_OPT_TIMELIMIT is set to this value. timelimit = 3 # # seconds to wait for response of the server. (network # failures) default: 10 # # LDAP_OPT_NETWORK_TIMEOUT is set to this value. net_timeout = 1 # # This subsection configures the tls related items # that control how FreeRADIUS connects to an LDAP # server. It contains all of the "tls_*" configuration # entries used in older versions of FreeRADIUS. Those # configuration entries can still be used, but we recommend # using these. # tls { # Set this to 'yes' to use TLS encrypted connections # to the LDAP database by using the StartTLS extended # operation. # # The StartTLS operation is supposed to be # used with normal ldap connections instead of # using ldaps (port 689) connections start_tls = no # cacertfile = /path/to/cacert.pem # cacertdir = /path/to/ca/dir/ # certfile = /path/to/radius.crt # keyfile = /path/to/radius.key # randfile = /path/to/rnd # Certificate Verification requirements. Can be: # "never" (don't even bother trying) # "allow" (try, but don't fail if the cerificate # can't be verified) # "demand" (fail if the certificate doesn't verify.) # # The default is "allow" # require_cert = "demand" } # default_profile = "cn=radprofile,ou=dialup,o=My Org,c=UA" # profile_attribute = "radiusProfileDn" # access_attr = "dialupAccess" # Mapping of RADIUS dictionary attributes to LDAP # directory attributes. dictionary_mapping = ${raddbdir}/ldap.attrmap # Set password_attribute = nspmPassword to get the # user's password from a Novell eDirectory # backend. This will work ONLY IF FreeRADIUS has been # built with the --with-edir configure option. # # password_attribute = userPassword # As of 1.1.0, the LDAP module will auto-discover # the password headers (which are non-standard). # It will use the following table to map passwords # to RADIUS attributes. The PAP module (see above) # can then automatically determine the hashing # method to use to authenticate the user. # # Header Attribute # ------ --------- # {clear} User-Password # {cleartext} User-Password # {md5} MD5-Password # {smd5} SMD5-Password # {crypt} Crypt-Password # {sha} SHA-Password # {ssha} SSHA-Password # {nt} NT-Password # {ns-mta-md5} NS-MTA-MD5-Password # # # The headers are compared in a case-insensitive manner. # The format of the password in LDAP (base 64-encoded, hex, # clear-text, whatever) is not that important. The PAP # module will figure it out. # # The default for "auto_header" is "no", to enable backwards # compatibility with the "password_header" directive, # which is now deprecated. If this is set to "yes", # then the above table will be used, and the # "password_header" directive will be ignored. #auto_header = yes # Un-comment the following to disable Novell # eDirectory account policy check and intruder # detection. This will work *only if* FreeRADIUS is # configured to build with --with-edir option. # edir_account_policy_check = no # # Group membership checking. Disabled by default. # # groupname_attribute = cn groupname_attribute = radiusGroupName # Lorsque l'on veut tester le radiusGroupName, il faut changer # le filtre en mettant : # groupmembership_filter = "(|(&(objectClass=GroupOfNames)(member=%{Ldap-UserDn}))(&(objectClass=GroupOfUniqueNames)(uniquemember=%{Ldap-UserDn})))" groupmembership_filter = "(|(|(uid=%{Stripped-User-Name:-%{User-Name}})(mail=%{Stripped-User-Name:-%{User-Name}}))(mail=%{Stripped-User-Name:-%{User-Name}}@grenoble.cnrs.fr))" groupmembership_attribute = radiusGroupName # compare_check_items = yes # do_xlat = yes # access_attr_used_for_allow = yes # # By default, if the packet contains a User-Password, # and no other module is configured to handle the # authentication, the LDAP module sets itself to do # LDAP bind for authentication. # # THIS WILL ONLY WORK FOR PAP AUTHENTICATION. # # THIS WILL NOT WORK FOR CHAP, MS-CHAP, or 802.1x (EAP). # # You can disable this behavior by setting the following # configuration entry to "no". # # allowed values: {no, yes} # set_auth_type = yes # ldap_debug: debug flag for LDAP SDK # (see OpenLDAP documentation). Set this to enable # huge amounts of LDAP debugging on the screen. # You should only use this if you are an LDAP expert. # # default: 0x0000 (no debugging messages) # Example:(LDAP_DEBUG_FILTER+LDAP_DEBUG_CONNS) #ldap_debug = 0x0028 } # passwd module allows to do authorization via any passwd-like # file and to extract any attributes from these modules # # parameters are: # filename - path to filename # format - format for filename record. This parameters # correlates record in the passwd file and RADIUS # attributes. # # Field marked as '*' is key field. That is, the parameter # with this name from the request is used to search for # the record from passwd file # Attribute marked as '=' is added to reply_itmes instead # of default configure_itmes # Attribute marked as '~' is added to request_items # # Field marked as ',' may contain a comma separated list # of attributes. # hashsize - hashtable size. If 0 or not specified records are not # stored in memory and file is red on every request. # allowmultiplekeys - if few records for every key are allowed # ignorenislike - ignore NIS-related records # delimiter - symbol to use as a field separator in passwd file, # for format ':' symbol is always used. '\0', '\n' are # not allowed # # An example configuration for using /etc/smbpasswd. # #passwd etc_smbpasswd { # filename = /etc/smbpasswd # format = "*User-Name::LM-Password:NT-Password:SMB-Account-CTRL-TEXT::" # hashsize = 100 # ignorenislike = no # allowmultiplekeys = no #} # Similar configuration, for the /etc/group file. Adds a Group-Name # attribute for every group that the user is member of. # #passwd etc_group { # filename = /etc/group # format = "=Group-Name:::*,User-Name" # hashsize = 50 # ignorenislike = yes # allowmultiplekeys = yes # delimiter = ":" #} # Realm module, for proxying. # # You can have multiple instances of the realm module to # support multiple realm syntaxs at the same time. The # search order is defined by the order in the authorize and # preacct sections. # # Four config options: # format - must be "prefix" or "suffix" # The special cases of "DEFAULT" # and "NULL" are allowed, too. # delimiter - must be a single character # 'realm/username' # # Using this entry, IPASS users have their realm set to "IPASS". # realm IPASS { # format = prefix # delimiter = "/" # } # 'username@realm' # realm suffix { format = suffix delimiter = "@" ignore_default = no ignore_null = no } # 'username%realm' # # realm realmpercent { # format = suffix # delimiter = "%" # } # # 'domain\user' # # realm ntdomain { # format = prefix # delimiter = "\\" # } # A simple value checking module # # It can be used to check if an attribute value in the request # matches a (possibly multi valued) attribute in the check # items This can be used for example for caller-id # authentication. For the module to run, both the request # attribute and the check items attribute must exist # # i.e. # A user has an ldap entry with 2 radiusCallingStationId # attributes with values "12345678" and "12345679". If we # enable rlm_checkval, then any request which contains a # Calling-Station-Id with one of those two values will be # accepted. Requests with other values for # Calling-Station-Id will be rejected. # # Regular expressions in the check attribute value are allowed # as long as the operator is '=~' # checkval { # The attribute to look for in the request item-name = Calling-Station-Id # The attribute to look for in check items. Can be multi valued check-name = Calling-Station-Id # The data type. Can be # string,integer,ipaddr,date,abinary,octets data-type = string # If set to yes and we dont find the item-name attribute in the # request then we send back a reject # DEFAULT is no #notfound-reject = no } # rewrite arbitrary packets. Useful in accounting and authorization. # # # The module can also use the Rewrite-Rule attribute. If it # is set and matches the name of the module instance, then # that module instance will be the only one which runs. # # Also if new_attribute is set to yes then a new attribute # will be created containing the value replacewith and it # will be added to searchin (packet, reply, proxy, proxy_reply or config). # searchfor,ignore_case and max_matches will be ignored in that case. # # Backreferences are supported: %{0} will contain the string the whole match # and %{1} to %{8} will contain the contents of the 1st to the 8th parentheses # # If max_matches is greater than one the backreferences will correspond to the # first match # #attr_rewrite sanecallerid { # attribute = Called-Station-Id # may be "packet", "reply", "proxy", "proxy_reply" or "config" # searchin = packet # searchfor = "[+ ]" # replacewith = "" # ignore_case = no # new_attribute = no # max_matches = 10 # ## If set to yes then the replace string will be appended to the original string # append = no #} # Preprocess the incoming RADIUS request, before handing it off # to other modules. # # This module processes the 'huntgroups' and 'hints' files. # In addition, it re-writes some weird attributes created # by some NASes, and converts the attributes into a form which # is a little more standard. # preprocess { huntgroups = ${confdir}/huntgroups hints = ${confdir}/hints # This hack changes Ascend's wierd port numberings # to standard 0-??? port numbers so that the "+" works # for IP address assignments. with_ascend_hack = no ascend_channels_per_line = 23 # Windows NT machines often authenticate themselves as # NT_DOMAIN\username # # If this is set to 'yes', then the NT_DOMAIN portion # of the user-name is silently discarded. # # This configuration entry SHOULD NOT be used. # See the "realms" module for a better way to handle # NT domains. with_ntdomain_hack = no # Specialix Jetstream 8500 24 port access server. # # If the user name is 10 characters or longer, a "/" # and the excess characters after the 10th are # appended to the user name. # # If you're not running that NAS, you don't need # this hack. with_specialix_jetstream_hack = no # Cisco (and Quintum in Cisco mode) sends it's VSA attributes # with the attribute name *again* in the string, like: # # H323-Attribute = "h323-attribute=value". # # If this configuration item is set to 'yes', then # the redundant data in the the attribute text is stripped # out. The result is: # # H323-Attribute = "value" # # If you're not running a Cisco or Quintum NAS, you don't # need this hack. with_cisco_vsa_hack = no } # Livingston-style 'users' file # files { # The default key attribute to use for matches. The content # of this attribute is used to match the "name" of the # entry. #key = "%{Stripped-User-Name:-%{User-Name}}" usersfile = ${confdir}/users acctusersfile = ${confdir}/acct_users preproxy_usersfile = ${confdir}/preproxy_users # If you want to use the old Cistron 'users' file # with FreeRADIUS, you should change the next line # to 'compat = cistron'. You can the copy your 'users' # file from Cistron. compat = no } # Write a detailed log of all accounting records received. # detail { # Note that we do NOT use NAS-IP-Address here, as # that attribute MAY BE from the originating NAS, and # NOT from the proxy which actually sent us the # request. The Client-IP-Address attribute is ALWAYS # the address of the client which sent us the # request. # # The following line creates a new detail file for # every radius client (by IP address or hostname). # In addition, a new detail file is created every # day, so that the detail file doesn't have to go # through a 'log rotation' # # If your detail files are large, you may also want # to add a ':%H' (see doc/variables.txt) to the end # of it, to create a new detail file every hour, e.g.: # # ..../detail-%Y%m%d:%H # # This will create a new detail file for every hour. # detailfile = ${radacctdir}/%{Client-IP-Address}/detail-%Y%m%d # # The Unix-style permissions on the 'detail' file. # # The detail file often contains secret or private # information about users. So by keeping the file # permissions restrictive, we can prevent unwanted # people from seeing that information. detailperm = 0600 # # Every entry in the detail file has a header which # is a timestamp. By default, we use the ctime # format (see "man ctime" for details). # # The header can be customized by editing this # string. See "doc/variables.txt" for a description # of what can be put here. # header = "%t" # # Certain attributes such as User-Password may be # "sensitive", so they should not be printed in the # detail file. This section lists the attributes # that should be suppressed. # # The attributes should be listed one to a line. # #suppress { # User-Password #} } # # Many people want to log authentication requests. # Rather than modifying the server core to print out more # messages, we can use a different instance of the 'detail' # module, to log the authentication requests to a file. # # You will also need to un-comment the 'auth_log' line # in the 'authorize' section, below. # # detail auth_log { # detailfile = ${radacctdir}/%{Client-IP-Address}/auth-detail-%Y%m%d # # This MUST be 0600, otherwise anyone can read # the users passwords! # detailperm = 0600 # You may also strip out passwords completely #suppress { # User-Password #} # } # # This module logs authentication reply packets sent # to a NAS. Both Access-Accept and Access-Reject packets # are logged. # # You will also need to un-comment the 'reply_log' line # in the 'post-auth' section, below. # # detail reply_log { # detailfile = ${radacctdir}/%{Client-IP-Address}/reply-detail-%Y%m%d # detailperm = 0600 # } # # This module logs packets proxied to a home server. # # You will also need to un-comment the 'pre_proxy_log' line # in the 'pre-proxy' section, below. # detail pre_proxy_log { detailfile = ${radacctdir}/%{Client-IP-Address}/pre-proxy-detail-%Y%m%d # # This MUST be 0600, otherwise anyone can read # the users passwords! # detailperm = 0600 # You may also strip out passwords completely #suppress { # User-Password #} } # # This module logs response packets from a home server. # # You will also need to un-comment the 'post_proxy_log' line # in the 'post-proxy' section, below. # detail post_proxy_log { detailfile = ${radacctdir}/%{Client-IP-Address}/post-proxy-detail-%Y%m%d detailperm = 0600 } detail post_proxy_log_filtre { detailfile = ${radacctdir}/%{Client-IP-Address}/post-proxy-detail-%Y%m%d-filtre detailperm = 0600 } # # The rlm_sql_log module appends the SQL queries in a log # file which is read later by the radsqlrelay program. # # This module only performs the dynamic expansion of the # variables found in the SQL statements. No operation is # executed on the database server. (this could be done # later by an external program) That means the module is # useful only with non-"SELECT" statements. # # See rlm_sql_log(5) manpage. # # sql_log { # path = ${radacctdir}/sql-relay # acct_table = "radacct" # postauth_table = "radpostauth" # # Start = "INSERT INTO ${acct_table} (AcctSessionId, UserName, \ # NASIPAddress, FramedIPAddress, AcctStartTime, AcctStopTime, \ # AcctSessionTime, AcctTerminateCause) VALUES \ # ('%{Acct-Session-Id}', '%{User-Name}', '%{NAS-IP-Address}', \ # '%{Framed-IP-Address}', '%S', '0', '0', '');" # Stop = "INSERT INTO ${acct_table} (AcctSessionId, UserName, \ # NASIPAddress, FramedIPAddress, AcctStartTime, AcctStopTime, \ # AcctSessionTime, AcctTerminateCause) VALUES \ # ('%{Acct-Session-Id}', '%{User-Name}', '%{NAS-IP-Address}', \ # '%{Framed-IP-Address}', '0', '%S', '%{Acct-Session-Time}', \ # '%{Acct-Terminate-Cause}');" # Alive = "INSERT INTO ${acct_table} (AcctSessionId, UserName, \ # NASIPAddress, FramedIPAddress, AcctStartTime, AcctStopTime, \ # AcctSessionTime, AcctTerminateCause) VALUES \ # ('%{Acct-Session-Id}', '%{User-Name}', '%{NAS-IP-Address}', \ # '%{Framed-IP-Address}', '0', '0', '%{Acct-Session-Time}','');" # # Post-Auth = "INSERT INTO ${postauth_table} \ # (user, pass, reply, date) VALUES \ # ('%{User-Name}', '%{User-Password:-Chap-Password}', \ # '%{reply:Packet-Type}', '%S');" # } # # Create a unique accounting session Id. Many NASes re-use # or repeat values for Acct-Session-Id, causing no end of # confusion. # # This module will add a (probably) unique session id # to an accounting packet based on the attributes listed # below found in the packet. See doc/rlm_acct_unique for # more information. # acct_unique { key = "User-Name, Acct-Session-Id, NAS-IP-Address, Client-IP-Address, NAS-Port" } # Include another file that has the SQL-related configuration. # This is another file only because it tends to be big. # $INCLUDE ${confdir}/sql.conf # For Cisco VoIP specific accounting with Postgresql, # use: ${confdir}/sql/postgresql-voip-postpaid.conf # # You will also need the sql schema from: # src/billing/cisco_h323_db_schema-postgres.sql # Note: This config can be use AS WELL AS the standard sql # config if you need SQL based Auth # Write a 'utmp' style file, of which users are currently # logged in, and where they've logged in from. # # This file is used mainly for Simultaneous-Use checking, # and also 'radwho', to see who's currently logged in. # radutmp { # Where the file is stored. It's not a log file, # so it doesn't need rotating. # filename = ${logdir}/radutmp # The field in the packet to key on for the # 'user' name, If you have other fields which you want # to use to key on to control Simultaneous-Use, # then you can use them here. # # Note, however, that the size of the field in the # 'utmp' data structure is small, around 32 # characters, so that will limit the possible choices # of keys. # # You may want instead: %{Stripped-User-Name:-%{User-Name}} username = %{User-Name} # Whether or not we want to treat "user" the same # as "USER", or "User". Some systems have problems # with case sensitivity, so this should be set to # 'no' to enable the comparisons of the key attribute # to be case insensitive. # case_sensitive = yes # Accounting information may be lost, so the user MAY # have logged off of the NAS, but we haven't noticed. # If so, we can verify this information with the NAS, # # If we want to believe the 'utmp' file, then this # configuration entry can be set to 'no'. # check_with_nas = yes # Set the file permissions, as the contents of this file # are usually private. perm = 0600 callerid = "yes" } # "Safe" radutmp - does not contain caller ID, so it can be # world-readable, and radwho can work for normal users, without # exposing any information that isn't already exposed by who(1). # # This is another 'instance' of the radutmp module, but it is given # then name "sradutmp" to identify it later in the "accounting" # section. radutmp sradutmp { filename = ${logdir}/sradutmp perm = 0644 callerid = "no" } # attr_filter - filters the attributes received in replies from # proxied servers, to make sure we send back to our RADIUS client # only allowed attributes. attr_filter attr_filter.post-proxy { attrsfile = ${confdir}/attrs } # attr_filter - filters the attributes in the packets we send to # the RADIUS home servers. attr_filter attr_filter.pre-proxy { attrsfile = ${confdir}/attrs.pre-proxy } # Enforce RFC requirements on the contents of Access-Reject # packets. See the comments at the top of the file for # more details. # attr_filter attr_filter.access_reject { key = %{User-Name} attrsfile = ${confdir}/attrs.access_reject } # Enforce RFC requirements on the contents of the # Accounting-Response packets. See the comments at the # top of the file for more details. # attr_filter attr_filter.accounting_response { key = %{User-Name} attrsfile = ${confdir}/attrs.accounting_response } # counter module: # This module takes an attribute (count-attribute). # It also takes a key, and creates a counter for each unique # key. The count is incremented when accounting packets are # received by the server. The value of the increment depends # on the attribute type. # If the attribute is Acct-Session-Time or of an integer type we add # the value of the attribute. If it is anything else we increase the # counter by one. # # The 'reset' parameter defines when the counters are all reset to # zero. It can be hourly, daily, weekly, monthly or never. # # hourly: Reset on 00:00 of every hour # daily: Reset on 00:00:00 every day # weekly: Reset on 00:00:00 on sunday # monthly: Reset on 00:00:00 of the first day of each month # # It can also be user defined. It should be of the form: # num[hdwm] where: # h: hours, d: days, w: weeks, m: months # If the letter is ommited days will be assumed. In example: # reset = 10h (reset every 10 hours) # reset = 12 (reset every 12 days) # # # The check-name attribute defines an attribute which will be # registered by the counter module and can be used to set the # maximum allowed value for the counter after which the user # is rejected. # Something like: # # DEFAULT Max-Daily-Session := 36000 # Fall-Through = 1 # # You should add the counter module in the instantiate # section so that it registers check-name before the files # module reads the users file. # # If check-name is set and the user is to be rejected then we # send back a Reply-Message and we log a Failure-Message in # the radius.log # If the count attribute is Acct-Session-Time then on each login # we send back the remaining online time as a Session-Timeout attribute # ELSE and if the reply-name is set, we send back that attribute. # The reply-name attribute MUST be of an integer type. # # The counter-name can also be used instead of using the check-name # like below: # # DEFAULT Daily-Session-Time > 3600, Auth-Type = Reject # Reply-Message = "You've used up more than one hour today" # # The allowed-servicetype attribute can be used to only take # into account specific sessions. For example if a user first # logs in through a login menu and then selects ppp there will # be two sessions. One for Login-User and one for Framed-User # service type. We only need to take into account the second one. # # The module should be added in the instantiate, authorize and # accounting sections. Make sure that in the authorize # section it comes after any module which sets the # 'check-name' attribute. # counter daily { filename = ${raddbdir}/db.daily key = User-Name count-attribute = Acct-Session-Time reset = daily counter-name = Daily-Session-Time check-name = Max-Daily-Session reply-name = Session-Timeout allowed-servicetype = Framed-User cache-size = 5000 } # # This module is an SQL enabled version of the counter module. # # Rather than maintaining seperate (GDBM) databases of # accounting info for each counter, this module uses the data # stored in the raddacct table by the sql modules. This # module NEVER does any database INSERTs or UPDATEs. It is # totally dependent on the SQL module to process Accounting # packets. # # The 'sqlmod_inst' parameter holds the instance of the sql # module to use when querying the SQL database. Normally it # is just "sql". If you define more and one SQL module # instance (usually for failover situations), you can # specify which module has access to the Accounting Data # (radacct table). # # The 'reset' parameter defines when the counters are all # reset to zero. It can be hourly, daily, weekly, monthly or # never. It can also be user defined. It should be of the # form: # num[hdwm] where: # h: hours, d: days, w: weeks, m: months # If the letter is ommited days will be assumed. In example: # reset = 10h (reset every 10 hours) # reset = 12 (reset every 12 days) # # The 'key' parameter specifies the unique identifier for the # counter records (usually 'User-Name'). # # The 'query' parameter specifies the SQL query used to get # the current Counter value from the database. There are 3 # parameters that can be used in the query: # %k 'key' parameter # %b unix time value of beginning of reset period # %e unix time value of end of reset period # # The 'check-name' parameter is the name of the 'check' # attribute to use to access the counter in the 'users' file # or SQL radcheck or radcheckgroup tables. # # DEFAULT Max-Daily-Session > 3600, Auth-Type = Reject # Reply-Message = "You've used up more than one hour today" # sqlcounter dailycounter { counter-name = Daily-Session-Time check-name = Max-Daily-Session reply-name = Session-Timeout sqlmod-inst = sql key = User-Name reset = daily # This query properly handles calls that span from the # previous reset period into the current period but # involves more work for the SQL server than those # below # For mysql: query = "SELECT SUM(AcctSessionTime - \ GREATEST((%b - UNIX_TIMESTAMP(AcctStartTime)), 0)) \ FROM radacct WHERE UserName='%{%k}' AND \ UNIX_TIMESTAMP(AcctStartTime) + AcctSessionTime > '%b'" # For postgresql: # query = "SELECT SUM(AcctSessionTime - \ # GREATER((%b - AcctStartTime::ABSTIME::INT4), 0)) \ # FROM radacct WHERE UserName='%{%k}' AND \ # AcctStartTime::ABSTIME::INT4 + AcctSessionTime > '%b'" # This query ignores calls that started in a previous # reset period and continue into into this one. But it # is a little easier on the SQL server # For mysql: # query = "SELECT SUM(AcctSessionTime) FROM radacct WHERE \ # UserName='%{%k}' AND AcctStartTime > FROM_UNIXTIME('%b')" # For postgresql: # query = "SELECT SUM(AcctSessionTime) FROM radacct WHERE \ # UserName='%{%k}' AND AND AcctStartTime::ABSTIME::INT4 > '%b'" # This query is the same as above, but demonstrates an # additional counter parameter '%e' which is the # timestamp for the end of the period # For mysql: # query = "SELECT SUM(AcctSessionTime) FROM radacct \ # WHERE UserName='%{%k}' AND AcctStartTime BETWEEN \ # FROM_UNIXTIME('%b') AND FROM_UNIXTIME('%e')" # For postgresql: # query = "SELECT SUM(AcctSessionTime) FROM radacct \ # WHERE UserName='%{%k}' AND AcctStartTime::ABSTIME::INT4 \ # BETWEEN '%b' AND '%e'" } sqlcounter monthlycounter { counter-name = Monthly-Session-Time check-name = Max-Monthly-Session reply-name = Session-Timeout sqlmod-inst = sql key = User-Name reset = monthly # This query properly handles calls that span from the # previous reset period into the current period but # involves more work for the SQL server than those # below # The same notes above about the differences between mysql # versus postgres queries apply here. query = "SELECT SUM(AcctSessionTime - \ GREATEST((%b - UNIX_TIMESTAMP(AcctStartTime)), 0)) \ FROM radacct WHERE UserName='%{%k}' AND \ UNIX_TIMESTAMP(AcctStartTime) + AcctSessionTime > '%b'" # This query ignores calls that started in a previous # reset period and continue into into this one. But it # is a little easier on the SQL server # query = "SELECT SUM(AcctSessionTime) FROM radacct WHERE \ # UserName='%{%k}' AND AcctStartTime > FROM_UNIXTIME('%b')" # This query is the same as above, but demonstrates an # additional counter parameter '%e' which is the # timestamp for the end of the period # query = "SELECT SUM(AcctSessionTime) FROM radacct \ # WHERE UserName='%{%k}' AND AcctStartTime BETWEEN \ # FROM_UNIXTIME('%b') AND FROM_UNIXTIME('%e')" } # # The "always" module is here for debugging purposes. Each # instance simply returns the same result, always, without # doing anything. always fail { rcode = fail } always reject { rcode = reject } always ok { rcode = ok simulcount = 0 mpp = no } # # The 'expression' module currently has no configuration. # # This module is useful only for 'xlat'. To use it, # put 'exec' into the 'instantiate' section. You can then # do dynamic translation of attributes like: # # Attribute-Name = `%{expr:2 + 3 + %{exec: uid -u}}` # # The value of the attribute will be replaced with the output # of the program which is executed. Due to RADIUS protocol # limitations, any output over 253 bytes will be ignored. # # The module also registers a few paircompare functions expr { } # # The 'digest' module currently has no configuration. # # "Digest" authentication against a Cisco SIP server. # See 'doc/rfc/draft-sterman-aaa-sip-00.txt' for details # on performing digest authentication for Cisco SIP servers. # digest { } # # The expiration module. This handles the Expiration attribute # It should be included in the *end* of the authorize section # in order to handle user Expiration. It should also be included # in the instantiate section in order to register the Expiration # compare function # expiration { # # The Reply-Message which will be sent back in case the # account has expired. Dynamic substitution is supported # reply-message = "Password Has Expired\r\n" # reply-message = "Your account has expired, %{User-Name}\r\n" } # The logintime module. This handles the Login-Time, # Current-Time, and Time-Of-Day attributes. It should be # included in the *end* of the authorize section in order to # handle Login-Time checks. It should also be included in the # instantiate section in order to register the Current-Time # and Time-Of-Day comparison functions. # # When the Login-Time attribute is set to some value, and the # user has bene permitted to log in, a Session-Timeout is # calculated based on the remaining time. See "doc/README". # logintime { # # The Reply-Message which will be sent back in case # the account is calling outside of the allowed # timespan. Dynamic substitution is supported. # reply-message = "You are calling outside your allowed timespan\r\n" # reply-message = "Outside allowed timespan (%{check:Login-Time}), %{User-Name}\r\n" # The minimum timeout (in seconds) a user is allowed # to have. If the calculated timeout is lower we don't # allow the logon. Some NASes do not handle values # lower than 60 seconds well. minimum-timeout = 60 } # # Execute external programs # # This module is useful only for 'xlat'. To use it, # put 'exec' into the 'instantiate' section. You can then # do dynamic translation of attributes like: # # Attribute-Name = `%{exec:/path/to/program args}` # # The value of the attribute will be replaced with the output # of the program which is executed. Due to RADIUS protocol # limitations, any output over 253 bytes will be ignored. # # The RADIUS attributes from the user request will be placed # into environment variables of the executed program, as # described in 'doc/variables.txt' # exec { wait = no input_pairs = request shell_escape = yes output = none } # # This is a more general example of the execute module. # # This one is called "echo". # # Attribute-Name = `%{echo:/path/to/program args}` # # If you wish to execute an external program in more than # one section (e.g. 'authorize', 'pre_proxy', etc), then it # is probably best to define a different instance of the # 'exec' module for every section. # # The return value of the program run determines the result # of the exec instance call as follows: # (See doc/configurable_failover for details) # # < 0 : fail the module failed # = 0 : ok the module succeeded # = 1 : reject the module rejected the user # = 2 : fail the module failed # = 3 : ok the module succeeded # = 4 : handled the module has done everything to handle the request # = 5 : invalid the user's configuration entry was invalid # = 6 : userlock the user was locked out # = 7 : notfound the user was not found # = 8 : noop the module did nothing # = 9 : updated the module updated information in the request # > 9 : fail the module failed # exec echo { # # Wait for the program to finish. # # If we do NOT wait, then the program is "fire and # forget", and any output attributes from it are ignored. # # If we are looking for the program to output # attributes, and want to add those attributes to the # request, then we MUST wait for the program to # finish, and therefore set 'wait=yes' # # allowed values: {no, yes} wait = yes # # The name of the program to execute, and it's # arguments. Dynamic translation is done on this # field, so things like the following example will # work. # program = "/bin/echo %{User-Name}" # # The attributes which are placed into the # environment variables for the program. # # Allowed values are: # # request attributes from the request # config attributes from the configuration items list # reply attributes from the reply # proxy-request attributes from the proxy request # proxy-reply attributes from the proxy reply # # Note that some attributes may not exist at some # stages. e.g. There may be no proxy-reply # attributes if this module is used in the # 'authorize' section. # input_pairs = request # # Where to place the output attributes (if any) from # the executed program. The values allowed, and the # restrictions as to availability, are the same as # for the input_pairs. # output_pairs = reply # # When to execute the program. If the packet # type does NOT match what's listed here, then # the module does NOT execute the program. # # For a list of allowed packet types, see # the 'dictionary' file, and look for VALUEs # of the Packet-Type attribute. # # By default, the module executes on ANY packet. # Un-comment out the following line to tell the # module to execute only if an Access-Accept is # being sent to the NAS. # #packet_type = Access-Accept # # Should we escape the environment variables? # # If this is set, all the RADIUS attributes # are capitalised and dashes replaced with # underscores. Also, RADIUS values are surrounded # with double-quotes. # # That is to say: User-Name=BobUser => USER_NAME="BobUser" shell_escape = yes } # Do server side ip pool management. Should be added in post-auth and # accounting sections. # # The module also requires the existance of the Pool-Name # attribute. That way the administrator can add the Pool-Name # attribute in the user profiles and use different pools # for different users. The Pool-Name attribute is a *check* item not # a reply item. # The Pool-Name should be set to the ippool module instance name or to # DEFAULT to match any module. # # Example: # radiusd.conf: ippool students { [...] } # ippool teachers { [...] } # users file : DEFAULT Group == students, Pool-Name := "students" # DEFAULT Group == teachers, Pool-Name := "teachers" # DEFAULT Group == other, Pool-Name := "DEFAULT" # # ********* IF YOU CHANGE THE RANGE PARAMETERS YOU MUST ********* # ********* THEN ERASE THE DB FILES ********* # ippool main_pool { # range-start,range-stop: The start and end ip # addresses for the ip pool range-start = 192.168.1.1 range-stop = 192.168.3.254 # netmask: The network mask used for the ip's netmask = 255.255.255.0 # cache-size: The gdbm cache size for the db # files. Should be equal to the number of ip's # available in the ip pool cache-size = 800 # session-db: The main db file used to allocate ip's to clients session-db = ${raddbdir}/db.ippool # ip-index: Helper db index file used in multilink ip-index = ${raddbdir}/db.ipindex # override: Will this ippool override a Framed-IP-Address already set override = no # maximum-timeout: If not zero specifies the maximum time in seconds an # entry may be active. Default: 0 maximum-timeout = 0 # The key to use for the session database (which holds the allocated ip's) # normally it should just be the nas ip/port (which is the default) #key = "%{NAS-IP-Address} %{NAS-Port}" } # $INCLUDE ${confdir}/sqlippool.conf # OTP token support. Not included by default. # $INCLUDE ${confdir}/otp.conf # # Implements Login-Time, Current-Time, and Time-Of-Day # logintime { # # Don't worry about anything here for now.. # } # # Kerberos. See doc/rlm_krb5 for minimal docs. # # krb5 { # keytab = /path/to/keytab # service_principal = name_of_principle # } } #server { # Instantiation # # This section orders the loading of the modules. Modules # listed here will get loaded BEFORE the later sections like # authorize, authenticate, etc. get examined. # # This section is not strictly needed. When a section like # authorize refers to a module, it's automatically loaded and # initialized. However, some modules may not be listed in any # of the following sections, so they can be listed here. # # Also, listing modules here ensures that you have control over # the order in which they are initalized. If one module needs # something defined by another module, you can list them in order # here, and ensure that the configuration will be OK. # instantiate { # # Allows the execution of external scripts. # The entire command line (and output) must fit into 253 bytes. # # e.g. Framed-Pool = `%{exec:/bin/echo foo}` exec # # The expression module doesn't do authorization, # authentication, or accounting. It only does dynamic # translation, of the form: # # Session-Timeout = `%{expr:2 + 3}` # # So the module needs to be instantiated, but CANNOT be # listed in any other section. See 'doc/rlm_expr' for # more information. # expr # # We add the counter module here so that it registers # the check-name attribute before any module which sets # it # daily # expiration # logintime # subsections here can be thought of as "virtual" modules. # # e.g. If you have two redundant SQL servers, and you want to # use them in the authorize and accounting sections, you could # place a "redundant" block in each section, containing the # exact same text. Or, you could uncomment the following # lines, and list "redundant_sql" in the authorize and # accounting sections. # #redundant redundant_sql { # sql1 # sql2 #} } # Authorization. First preprocess (hints and huntgroups files), # then realms, and finally look in the "users" file. # # The order of the realm modules will determine the order that # we try to find a matching realm. # # Make *sure* that 'preprocess' comes before any realm if you # need to setup hints for the remote radius server authorize { # # The preprocess module takes care of sanitizing some bizarre # attributes in the request, and turning them into attributes # which are more standard. # # It takes care of processing the 'raddb/hints' and the # 'raddb/huntgroups' files. # # It also adds the %{Client-IP-Address} attribute to the request. preprocess # # If you want to have a log of authentication requests, # un-comment the following line, and the 'detail auth_log' # section, above. # auth_log # # The chap module will set 'Auth-Type := CHAP' if we are # handling a CHAP request and Auth-Type has not already been set # chap # # If the users are logging in with an MS-CHAP-Challenge # attribute for authentication, the mschap module will find # the MS-CHAP-Challenge attribute, and add 'Auth-Type := MS-CHAP' # to the request, which will cause the server to then use # the mschap module for authentication. # mschap # # Pull crypt'd passwords from /etc/passwd or /etc/shadow, # using the system API's to get the password. If you want # to read /etc/passwd or /etc/shadow directly, see the # passwd module, above. # # unix # # If you have a Cisco SIP server authenticating against # FreeRADIUS, uncomment the following line, and the 'digest' # line in the 'authenticate' section. # digest # # Look for IPASS style 'realm/', and if not found, look for # '@realm', and decide whether or not to proxy, based on # that. # IPASS # # If you are using multiple kinds of realms, you probably # want to set "ignore_null = yes" for all of them. # Otherwise, when the first style of realm doesn't match, # the other styles won't be checked. # suffix # ntdomain # # This module takes care of EAP-MD5, EAP-TLS, and EAP-LEAP # authentication. # # It also sets the EAP-Type attribute in the request # attribute list to the EAP type from the packet. # # As of 2.0, the EAP module returns "ok" in the authorize stage # for TTLS and PEAP. In 1.x, it never returned "ok" here, so # this change is compatible with older configurations. # # The example below uses module failover to avoid querying all # of the following modules if the EAP module returns "ok". # Therefore, your LDAP and/or SQL servers will not be queried # for the many packets that go back and forth to set up TTLS # or PEAP. The load on those servers will therefore be reduced. # # eap eap { ok = return } # # Read the 'users' file files # # Look in an SQL database. The schema of the database # is meant to mirror the "users" file. # # See "Authorization Queries" in sql.conf # sql # # If you are using /etc/smbpasswd, and are also doing # mschap authentication, the un-comment this line, and # configure the 'etc_smbpasswd' module, above. # etc_smbpasswd # # The ldap module will set Auth-Type to LDAP if it has not # already been set # ldap Autz-Type LDAP { ldap } # # Enforce daily limits on time spent logged in. # daily # # Use the checkval module # checkval #expiration # logintime # # If no other module has claimed responsibility for # authentication, then try to use PAP. This allows the # other modules listed above to add a "known good" password # to the request, and to do nothing else. The PAP module # will then see that password, and use it to do PAP # authentication. # # This module should be listed last, so that the other modules # get a chance to set Auth-Type for themselves. # pap } # Authentication. # # # This section lists which modules are available for authentication. # Note that it does NOT mean 'try each module in order'. It means # that a module from the 'authorize' section adds a configuration # attribute 'Auth-Type := FOO'. That authentication type is then # used to pick the apropriate module from the list below. # # In general, you SHOULD NOT set the Auth-Type attribute. The server # will figure it out on its own, and will do the right thing. The # most common side effect of erroneously setting the Auth-Type # attribute is that one authentication method will work, but the # others will not. # # The common reasons to set the Auth-Type attribute by hand # is to either forcibly reject the user, or forcibly accept him. # authenticate { # # PAP authentication, when a back-end database listed # in the 'authorize' section supplies a password. The # password can be clear-text, or encrypted. # Auth-Type PAP { # pap # } # # Most people want CHAP authentication # A back-end database listed in the 'authorize' section # MUST supply a CLEAR TEXT password. Encrypted passwords # won't work. # Auth-Type CHAP { # chap # } # # MSCHAP authentication. # Auth-Type MS-CHAP { # mschap # } # # If you have a Cisco SIP server authenticating against # FreeRADIUS, uncomment the following line, and the 'digest' # line in the 'authorize' section. # digest # # Pluggable Authentication Modules. # pam # # See 'man getpwent' for information on how the 'unix' # module checks the users password. Note that packets # containing CHAP-Password attributes CANNOT be authenticated # against /etc/passwd! See the FAQ for details. # # unix # Uncomment it if you want to use ldap for authentication # # Note that this means "check plain-text password against # the ldap database", which means that EAP won't work, # as it does not supply a plain-text password. Auth-Type LDAP { ldap } # # Allow EAP authentication. eap } # # Pre-accounting. Decide which accounting type to use. # preacct { preprocess # # Ensure that we have a semi-unique identifier for every # request, and many NAS boxes are broken. acct_unique # # Look for IPASS-style 'realm/', and if not found, look for # '@realm', and decide whether or not to proxy, based on # that. # # Accounting requests are generally proxied to the same # home server as authentication requests. # IPASS suffix # ntdomain # # Read the 'acct_users' file files } # # Accounting. Log the accounting data. # accounting { # # Create a 'detail'ed log of the packets. # Note that accounting requests which are proxied # are also logged in the detail file. detail # daily # Update the wtmp file # # If you don't use "radlast", you can delete this line. unix # # For Simultaneous-Use tracking. # # Due to packet losses in the network, the data here # may be incorrect. There is little we can do about it. radutmp # sradutmp # Return an address to the IP Pool when we see a stop record. # main_pool # # Log traffic to an SQL database. # # See "Accounting queries" in sql.conf sql # # Instead of sending the query to the SQL server, # write it into a log file. # # sql_log # Cisco VoIP specific bulk accounting # pgsql-voip # Filter attributes from the accounting response. attr_filter.accounting_response } # Session database, used for checking Simultaneous-Use. Either the radutmp # or rlm_sql module can handle this. # The rlm_sql module is *much* faster session { radutmp # # See "Simultaneous Use Checking Queries" in sql.conf # sql } # Post-Authentication # Once we KNOW that the user has been authenticated, there are # additional steps we can take. post-auth { # Get an address from the IP Pool. # main_pool # # If you want to have a log of authentication replies, # un-comment the following line, and the 'detail reply_log' # section, above. # reply_log # # After authenticating the user, do another SQL query. # # See "Authentication Logging Queries" in sql.conf # sql # # Instead of sending the query to the SQL server, # write it into a log file. # # sql_log # # Un-comment the following if you have set # 'edir_account_policy_check = yes' in the ldap module sub-section of # the 'modules' section. # # ldap # # Access-Reject packets are sent through the REJECT sub-section of the # post-auth section. # # Add the ldap module name (or instance) if you have set # 'edir_account_policy_check = yes' in the ldap module configuration # #Post-Auth-Type REJECT { #attr_filter.access_reject #} } # # When the server decides to proxy a request to a home server, # the proxied request is first passed through the pre-proxy # stage. This stage can re-write the request, or decide to # cancel the proxy. # # Only a few modules currently have this method. # pre-proxy { # attr_rewrite # Uncomment the following line if you want to change attributes # as defined in the preproxy_users file. files # Uncomment the following line if you want to filter requests # sent to remote servers based on the rules defined in the # 'attrs.pre-proxy' file. # attr_filter.pre-proxy # If you want to have a log of packets proxied to a home # server, un-comment the following line, and the # 'detail pre_proxy_log' section, above. pre_proxy_log } # # When the server receives a reply to a request it proxied # to a home server, the request may be massaged here, in the # post-proxy stage. # post-proxy { # If you want to have a log of replies from a home server, # un-comment the following line, and the 'detail post_proxy_log' # section, above. post_proxy_log # attr_rewrite # Uncomment the following line if you want to filter replies from # remote proxies based on the rules defined in the 'attrs' file. attr_filter.post-proxy # Rajout d'un deuxieme log apres le filtrage pour pouvoir voir par # diff les attributs qui ont été supprimés post_proxy_log_filtre # # If you are proxying LEAP, you MUST configure the EAP # module, and you MUST list it here, in the post-proxy # stage. # # You MUST also use the 'nostrip' option in the 'realm' # configuration. Otherwise, the User-Name attribute # in the proxied request will not match the user name # hidden inside of the EAP packet, and the end server will # reject the EAP request. # eap # # If the server tries to proxy a request and fails, then the # request is processed through the modules in this section. # # The main use of this section is to permit robust proxying # of accounting packets. The server can be configured to # proxy accounting packets as part of normal processing. # Then, if the home server goes down, accounting packets can # be logged to a local "detail" file, for processing with # radrelay. When the home server comes back up, radrelay # will read the detail file, and send the packets to the # home server. # # With this configuration, the server always responds to # Accounting-Requests from the NAS, but only writes # accounting packets to disk if the home server is down. # Post-Proxy-Type Fail { detail } } #}
# A placer dans le répertoire modules # # $Id$ # Realm module, for proxying. # # You can have multiple instances of the realm module to # support multiple realm syntaxs at the same time. The # search order is defined by the order that the modules are listed # in the authorize and preacct sections. # # Four config options: # format - must be "prefix" or "suffix" # The special cases of "DEFAULT" # and "NULL" are allowed, too. # delimiter - must be a single character # 'realm/username' # # Using this entry, IPASS users have their realm set to "IPASS". realm IPASS { format = prefix delimiter = "/" } # 'username@realm' # realm suffix { format = suffix delimiter = "@" ignore_default = no ignore_null = no } # 'username%realm' # realm realmpercent { format = suffix delimiter = "%" } # # 'domain\user' # realm ntdomain { format = prefix delimiter = "\\" }
# # snmp.conf - snmp configuration directives # # This file is *NOT* included by default. To enable it, you will need # to modify the SNMP CONFIGURATION section of "radiusd.conf". # ####################################################################### ####################################################################### # # SNMP configuration # # NOTE: This part is only working if your radiusd is compiled with SNMP # support. # # smux_password: Password used for SMUX registration. # # Specifies password used when connecting to the SNMP master agent. # This must match the password as configured on the agent. The OID # used to register the radius subagent is 1.3.6.1.4.1.3317.1.3.1. # A sample entry for the ucd-snmp deamon looks like this: # # smuxpeer .1.3.6.1.4.1.3317.1.3.1 verysecret # # A sample entry for AIX 4.3 is: # # smux 1.3.6.1.4.1.3317.1.3.1 verysecret # # The default password is an empty password. # #smux_password = verysecret # # snmp_write_access: # # Controls if write access to the radiusd via SNMP is enabled or not. # Set this value to yes, if you want to be able to reload radiusd from # your network management station. # # For this to work, you also have to make sure that your master agent # is configured to allow SNMP set requests. For security reasons, this # setting defaults to no. # # allowed values: {no, yes} # #snmp_write_access = yes
# $Id: sql.conf,v 1.57 2006/10/14 16:02:53 pnixon Exp $ # # Configuration for the SQL module # # The database schemas are available at: # # doc/examples/*.sql # sql { ## Database type you wish to connect to: # driver = "rlm_sql_freetds" # driver = "rlm_sql_iodbc" driver = "rlm_sql_mysql" # driver = "rlm_sql_oracle" # driver = "rlm_sql_postgresql" # driver = "rlm_sql_unixodbc" ## Also see the bottom of this file to modify which SQL dialect you use ## Connection info: server = "localhost" login = "AcctRadius" password = "PWDAcct" ## Database table configuration for everything except Oracle radius_db = "accounting" ## If you are using Oracle then use this instead # radius_db = "(DESCRIPTION=(ADDRESS=(PROTOCOL=TCP)(HOST=localhost)(PORT=1521))(CONNECT_DATA=(SID=your_sid)))" ## If you want both stop and start records logged to the ## same SQL table, leave this as is. If you want them in ## different tables, put the start table in acct_table1 ## and stop table in acct_table2 acct_table1 = "radacct" acct_table2 = "radacct" ## Allow for storing data after authentication postauth_table = "radpostauth" authcheck_table = "radcheck" authreply_table = "radreply" groupcheck_table = "radgroupcheck" groupreply_table = "radgroupreply" ## Table to keep group info usergroup_table = "radusergroup" ## If set to 'yes' (default) we read the group tables ## If set to 'no' the user MUST have Fall-Through = Yes in the radreply table # read_groups = yes ## Table to keep radius client info nas_table = "nas" ## Set to 'yes' to read radius clients from the database ('nas' table) # readclients = yes ## Remove stale session if checkrad does not see a double login deletestalesessions = yes ## Print all SQL statements when in debug mode (-x) sqltrace = yes sqltracefile = ${logdir}/sqltrace.sql ## number of sql connections to make to server num_sql_socks = 5 ## number of seconds to dely retrying on a failed database ## connection (per_socket) connect_failure_retry_delay = 60 # $Id: mysql-dialup.conf,v 1.1 2006/08/31 22:10:41 pnixon Exp $ # # FreeRADIUS "dialup" SQL Queries for the MySQL Dialect # Safe characters list for sql queries. Everything else is replaced # with their mime-encoded equivalents. # The default list should be ok #safe-characters = "@abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789.-_: /" ####################################################################### # Query config: Username ####################################################################### # This is the username that will get substituted, escaped, and added # as attribute 'SQL-User-Name'. '%{SQL-User-Name}' should be used below # everywhere a username substitution is needed so you you can be sure # the username passed from the client is escaped properly. # # Uncomment the next line, if you want the sql_user_name to mean: # # Use Stripped-User-Name, if it's there. # Else use User-Name, if it's there, # Else use hard-coded string "DEFAULT" as the user name. #sql_user_name = "%{Stripped-User-Name:-%{User-Name:-DEFAULT}}" # sql_user_name = "%{User-Name}" ####################################################################### # Default profile ####################################################################### # This is the default profile. It is found in SQL by group membership. # That means that this profile must be a member of at least one group # which will contain the corresponding check and reply items. # This profile will be queried in the authorize section for every user. # The point is to assign all users a default profile without having to # manually add each one to a group that will contain the profile. # The SQL module will also honor the User-Profile attribute. This # attribute can be set anywhere in the authorize section (ie the users # file). It is found exactly as the default profile is found. # If it is set then it will *overwrite* the default profile setting. # The idea is to select profiles based on checks on the incoming packets, # not on user group membership. For example: # -- users file -- # DEFAULT Service-Type == Outbound-User, User-Profile := "outbound" # DEFAULT Service-Type == Framed-User, User-Profile := "framed" # # By default the default_user_profile is not set # #default_user_profile = "DEFAULT" ####################################################################### # NAS Query ####################################################################### # This query retrieves the radius clients # # 0. Row ID (currently unused) # 1. Name (or IP address) # 2. Shortname # 3. Type # 4. Secret ####################################################################### nas_query = "SELECT id, nasname, shortname, type, secret FROM ${nas_table}" ####################################################################### # Authorization Queries ####################################################################### # These queries compare the check items for the user # in ${authcheck_table} and setup the reply items in # ${authreply_table}. You can use any query/tables # you want, but the return data for each row MUST # be in the following order: # # 0. Row ID (currently unused) # 1. UserName/GroupName # 2. Item Attr Name # 3. Item Attr Value # 4. Item Attr Operation ####################################################################### # Use these for case sensitive usernames. # authorize_check_query = "SELECT id, UserName, Attribute, Value, op \ # FROM ${authcheck_table} \ # WHERE Username = BINARY '%{SQL-User-Name}' \ # ORDER BY id" # authorize_reply_query = "SELECT id, UserName, Attribute, Value, op \ # FROM ${authreply_table} \ # WHERE Username = BINARY '%{SQL-User-Name}' \ # ORDER BY id" # The default queries are case insensitive. (for compatibility with # older versions of FreeRADIUS) authorize_check_query = "SELECT id, UserName, Attribute, Value, op \ FROM ${authcheck_table} \ WHERE Username = '%{SQL-User-Name}' \ ORDER BY id" authorize_reply_query = "SELECT id, UserName, Attribute, Value, op \ FROM ${authreply_table} \ WHERE Username = '%{SQL-User-Name}' \ ORDER BY id" # Use these for case sensitive usernames. # group_membership_query = "SELECT GroupName \ # FROM ${usergroup_table} \ # WHERE UserName = BINARY '%{SQL-User-Name}' \ # ORDER BY priority" group_membership_query = "SELECT GroupName \ FROM ${usergroup_table} \ WHERE UserName = '%{SQL-User-Name}' \ ORDER BY priority" authorize_group_check_query = "SELECT id, GroupName, Attribute, Value, op \ FROM ${groupcheck_table} \ WHERE GroupName = '%{Sql-Group}' \ ORDER BY id" authorize_group_reply_query = "SELECT id, GroupName, Attribute, Value, op \ FROM ${groupreply_table} \ WHERE GroupName = '%{Sql-Group}' \ ORDER BY id" ####################################################################### # Accounting Queries ####################################################################### # accounting_onoff_query - query for Accounting On/Off packets # accounting_update_query - query for Accounting update packets # accounting_update_query_alt - query for Accounting update packets # (alternate in case first query fails) # accounting_start_query - query for Accounting start packets # accounting_start_query_alt - query for Accounting start packets # (alternate in case first query fails) # accounting_stop_query - query for Accounting stop packets # accounting_stop_query_alt - query for Accounting start packets # (alternate in case first query doesn't # affect any existing rows in the table) ####################################################################### accounting_onoff_query = "UPDATE ${acct_table1} SET AcctStopTime='%S', AcctSessionTime=unix_timestamp('%S') - unix_timestamp(AcctStartTime), AcctTerminateCause='%{Acct-Terminate-Cause}', AcctStopDelay = %{Acct-Delay-Time:-0} WHERE AcctSessionTime=0 AND AcctStopTime=0 AND NASIPAddress= '%{NAS-IP-Address}' AND AcctStartTime <= '%S'" accounting_update_query = "UPDATE ${acct_table1} \ SET FramedIPAddress = '%{Framed-IP-Address}', \ AcctSessionTime = '%{Acct-Session-Time}', \ AcctInputOctets = '%{Acct-Input-Octets}', \ AcctOutputOctets = '%{Acct-Output-Octets}' \ WHERE AcctSessionId = '%{Acct-Session-Id}' \ AND UserName = '%{SQL-User-Name}' \ AND NASIPAddress= '%{NAS-IP-Address}'" accounting_update_query_alt = "INSERT into ${acct_table1} (AcctSessionId, AcctUniqueId, UserName, Realm, NASIPAddress, NASPortId, NASPortType, AcctStartTime, AcctSessionTime, AcctAuthentic, ConnectInfo_start, AcctInputOctets, AcctOutputOctets, CalledStationId, CallingStationId, ServiceType, FramedProtocol, FramedIPAddress, AcctStartDelay) values('%{Acct-Session-Id}', '%{Acct-Unique-Session-Id}', '%{SQL-User-Name}', '%{Realm}', '%{NAS-IP-Address}', '%{NAS-Port}', '%{NAS-Port-Type}', DATE_SUB('%S',INTERVAL (%{%{Acct-Session-Time}:-{0}} + %{%{Acct-Delay-Time}:-{0}}) SECOND), '%{Acct-Session-Time}', '%{Acct-Authentic}', '', '%{Acct-Input-Octets}', '%{Acct-Output-Octets}', '%{Called-Station-Id}', '%{Calling-Station-Id}', '%{Service-Type}', '%{Framed-Protocol}', '%{Framed-IP-Address}', '0')" accounting_start_query = "INSERT into ${acct_table1} (AcctSessionId, AcctUniqueId, UserName, Realm, NASIPAddress, NASPortId, NASPortType, AcctStartTime, AcctStopTime, AcctSessionTime, AcctAuthentic, ConnectInfo_start, ConnectInfo_stop, AcctInputOctets, AcctOutputOctets, CalledStationId, CallingStationId, AcctTerminateCause, ServiceType, FramedProtocol, FramedIPAddress, AcctStartDelay, AcctStopDelay) values('%{Acct-Session-Id}', '%{Acct-Unique-Session-Id}', '%{SQL-User-Name}', '%{Realm}', '%{NAS-IP-Address}', '%{NAS-Port}', '%{NAS-Port-Type}', '%S', '0', '0', '%{Acct-Authentic}', '%{Connect-Info}', '', '0', '0', '%{Called-Station-Id}', '%{Calling-Station-Id}', '', '%{Service-Type}', '%{Framed-Protocol}', '%{Framed-IP-Address}', '%{%{Acct-Delay-Time}:-{0}}', '0')" accounting_start_query_alt = "UPDATE ${acct_table1} SET AcctStartTime = '%S', AcctStartDelay = '%{%{Acct-Delay-Time}:-{0}}', ConnectInfo_start = '%{Connect-Info}' WHERE AcctSessionId = '%{Acct-Session-Id}' AND UserName = '%{SQL-User-Name}' AND NASIPAddress = '%{NAS-IP-Address}'" accounting_stop_query = "UPDATE ${acct_table2} SET AcctStopTime = '%S', AcctSessionTime = '%{Acct-Session-Time}', AcctInputOctets = '%{Acct-Input-Octets}', AcctOutputOctets = '%{Acct-Output-Octets}', AcctTerminateCause = '%{Acct-Terminate-Cause}', AcctStopDelay = '%{%{Acct-Delay-Time}:-{0}}', ConnectInfo_stop = '%{Connect-Info}' WHERE AcctSessionId = '%{Acct-Session-Id}' AND UserName = '%{SQL-User-Name}' AND NASIPAddress = '%{NAS-IP-Address}'" accounting_stop_query_alt = "INSERT into ${acct_table2} (AcctSessionId, AcctUniqueId, UserName, Realm, NASIPAddress, NASPortId, NASPortType, AcctStartTime, AcctStopTime, AcctSessionTime, AcctAuthentic, ConnectInfo_start, ConnectInfo_stop, AcctInputOctets, AcctOutputOctets, CalledStationId, CallingStationId, AcctTerminateCause, ServiceType, FramedProtocol, FramedIPAddress, AcctStartDelay, AcctStopDelay) values('%{Acct-Session-Id}', '%{Acct-Unique-Session-Id}', '%{SQL-User-Name}', '%{Realm}', '%{NAS-IP-Address}', '%{NAS-Port}', '%{NAS-Port-Type}', DATE_SUB('%S', INTERVAL (%{%{Acct-Session-Time}:-{0}} + %{%{Acct-Delay-Time}:-{0}}) SECOND), '%S', '%{Acct-Session-Time}', '%{Acct-Authentic}', '', '%{Connect-Info}', '%{Acct-Input-Octets}', '%{Acct-Output-Octets}', '%{Called-Station-Id}', '%{Calling-Station-Id}', '%{Acct-Terminate-Cause}', '%{Service-Type}', '%{Framed-Protocol}', '%{Framed-IP-Address}', '0', '%{%{Acct-Delay-Time}:-{0}}')" ####################################################################### # Simultaneous Use Checking Queries ####################################################################### # simul_count_query - query for the number of current connections # - If this is not defined, no simultaneouls use checking # - will be performed by this module instance # simul_verify_query - query to return details of current connections for verification # - Leave blank or commented out to disable verification step # - Note that the returned field order should not be changed. ####################################################################### # Uncomment simul_count_query to enable simultaneous use checking # simul_count_query = "SELECT COUNT(*) FROM ${acct_table1} WHERE UserName='%{SQL-User-Name}' AND AcctStopTime = 0" simul_verify_query = "SELECT RadAcctId, AcctSessionId, UserName, NASIPAddress, NASPortId, FramedIPAddress, CallingStationId, FramedProtocol FROM ${acct_table1} WHERE UserName='%{SQL-User-Name}' AND AcctStopTime = 0" ####################################################################### # Authentication Logging Queries ####################################################################### # postauth_query - Insert some info after authentication ####################################################################### postauth_query = "INSERT into ${postauth_table} (id, user, pass, reply, date) values ('', '%{User-Name}', '%{User-Password:-{Chap-Password}}', '%{reply:Packet-Type}', '%S')" ## Uncomment the appropriate config file for your SQL dialect # $INCLUDE ${confdir}/sql/mssql-dialup.conf #$INCLUDE ${confdir}/sql/mysql-dialup.conf #$INCLUDE ${confdir}/sql/mysql/dialup.conf # $INCLUDE ${confdir}/sql/oracle-dialup.conf # $INCLUDE ${confdir}/sql/postgresql-dialup.conf }
# -*- text -*- # # $Id$ # # The rlm_sql_log module appends the SQL queries in a log # file which is read later by the radsqlrelay program. # # This module only performs the dynamic expansion of the # variables found in the SQL statements. No operation is # executed on the database server. (this could be done # later by an external program) That means the module is # useful only with non-"SELECT" statements. # # See rlm_sql_log(5) manpage. # # This same functionality could also be implemented by logging # to a "detail" file, reading that, and then writing to SQL. # See raddb/sites-available/buffered-sql for an example. # sql_log { path = "${radacctdir}/sql-relay" acct_table = "radacct" postauth_table = "radpostauth" sql_user_name = "%{%{User-Name}:-%{DEFAULT}}" Start = "INSERT INTO ${acct_table} (AcctSessionId, UserName, \ NASIPAddress, FramedIPAddress, AcctStartTime, AcctStopTime, \ AcctSessionTime, AcctTerminateCause) VALUES \ ('%{Acct-Session-Id}', '%{User-Name}', '%{NAS-IP-Address}', \ '%{Framed-IP-Address}', '%S', '0', '0', '');" Stop = "INSERT INTO ${acct_table} (AcctSessionId, UserName, \ NASIPAddress, FramedIPAddress, AcctStartTime, AcctStopTime, \ AcctSessionTime, AcctTerminateCause) VALUES \ ('%{Acct-Session-Id}', '%{User-Name}', '%{NAS-IP-Address}', \ '%{Framed-IP-Address}', '0', '%S', '%{Acct-Session-Time}', \ '%{Acct-Terminate-Cause}');" Alive = "INSERT INTO ${acct_table} (AcctSessionId, UserName, \ NASIPAddress, FramedIPAddress, AcctStartTime, AcctStopTime, \ AcctSessionTime, AcctTerminateCause) VALUES \ ('%{Acct-Session-Id}', '%{User-Name}', '%{NAS-IP-Address}', \ '%{Framed-IP-Address}', '0', '0', '%{Acct-Session-Time}','');" Post-Auth = "INSERT INTO ${postauth_table} \ (username, pass, reply, authdate) VALUES \ ('%{User-Name}', '%{%{User-Password}:-%{Chap-Password}}', \ '%{reply:Packet-Type}', '%S');" }
# # Please read the documentation file ../doc/processing_users_file, # or 'man 5 users' (after installing the server) for more information. # # This file contains authentication security and configuration # information for each user. Accounting requests are NOT processed # through this file. Instead, see 'acct_users', in this directory. # # The first field is the user's name and can be up to # 253 characters in length. This is followed (on the same line) with # the list of authentication requirements for that user. This can # include password, comm server name, comm server port number, protocol # type (perhaps set by the "hints" file), and huntgroup name (set by # the "huntgroups" file). # # If you are not sure why a particular reply is being sent by the # server, then run the server in debugging mode (radiusd -X), and # you will see which entries in this file are matched. # # When an authentication request is received from the comm server, # these values are tested. Only the first match is used unless the # "Fall-Through" variable is set to "Yes". # # A special user named "DEFAULT" matches on all usernames. # You can have several DEFAULT entries. All entries are processed # in the order they appear in this file. The first entry that # matches the login-request will stop processing unless you use # the Fall-Through variable. # # If you use the database support to turn this file into a .db or .dbm # file, the DEFAULT entries _have_ to be at the end of this file and # you can't have multiple entries for one username. # # Indented (with the tab character) lines following the first # line indicate the configuration values to be passed back to # the comm server to allow the initiation of a user session. # This can include things like the PPP configuration values # or the host to log the user onto. # # You can include another `users' file with `$INCLUDE users.other' # # # For a list of RADIUS attributes, and links to their definitions, # see: # # http://www.freeradius.org/rfc/attributes.html # # # Deny access for a specific user. Note that this entry MUST # be before any other 'Auth-Type' attribute which results in the user # being authenticated. # # Note that there is NO 'Fall-Through' attribute, so the user will not # be given any additional resources. # #lameuser Auth-Type := Reject # Reply-Message = "Your account has been disabled." # # Deny access for a group of users. # # Note that there is NO 'Fall-Through' attribute, so the user will not # be given any additional resources. # #DEFAULT Group == "disabled", Auth-Type := Reject # Reply-Message = "Your account has been disabled." # # # This is a complete entry for "steve". Note that there is no Fall-Through # entry so that no DEFAULT entry will be used, and the user will NOT # get any attributes in addition to the ones listed here. # #steve User-Password := "testing" # Service-Type = Framed-User, # Framed-Protocol = PPP, # Framed-IP-Address = 172.16.3.33, # Framed-IP-Netmask = 255.255.255.0, # Framed-Routing = Broadcast-Listen, # Framed-Filter-Id = "std.ppp", # Framed-MTU = 1500, # Framed-Compression = Van-Jacobsen-TCP-IP # # This is an entry for a user with a space in their name. # Note the double quotes surrounding the name. # #"John Doe" User-Password := "hello" # Reply-Message = "Hello, %{User-Name}" # # Dial user back and telnet to the default host for that port # #Deg User-Password := "ge55ged" # Service-Type = Callback-Login-User, # Login-IP-Host = 0.0.0.0, # Callback-Number = "9,5551212", # Login-Service = Telnet, # Login-TCP-Port = Telnet # # Another complete entry. After the user "dialbk" has logged in, the # connection will be broken and the user will be dialed back after which # he will get a connection to the host "timeshare1". # #dialbk User-Password := "callme" # Service-Type = Callback-Login-User, # Login-IP-Host = timeshare1, # Login-Service = PortMaster, # Callback-Number = "9,1-800-555-1212" # # user "swilson" will only get a static IP number if he logs in with # a framed protocol on a terminal server in Alphen (see the huntgroups file). # # Note that by setting "Fall-Through", other attributes will be added from # the following DEFAULT entries # #swilson Service-Type == Framed-User, Huntgroup-Name == "alphen" # Framed-IP-Address = 192.168.1.65, # Fall-Through = Yes # # If the user logs in as 'username.shell', then authenticate them # against the system database, give them shell access, and stop processing # the rest of the file. # #DEFAULT Suffix == ".shell", Auth-Type := System # Service-Type = Login-User, # Login-Service = Telnet, # Login-IP-Host = your.shell.machine # # The rest of this file contains the several DEFAULT entries. # DEFAULT entries match with all login names. # Note that DEFAULT entries can also Fall-Through (see first entry). # A name-value pair from a DEFAULT entry will _NEVER_ override # an already existing name-value pair. # # # Set up different IP address pools for the terminal servers. # Note that the "+" behind the IP address means that this is the "base" # IP address. The Port-Id (S0, S1 etc) will be added to it. # #DEFAULT Service-Type == Framed-User, Huntgroup-Name == "alphen" # Framed-IP-Address = 192.168.1.32+, # Fall-Through = Yes #DEFAULT Service-Type == Framed-User, Huntgroup-Name == "delft" # Framed-IP-Address = 192.168.2.32+, # Fall-Through = Yes # # Sample defaults for all framed connections. # #DEFAULT Service-Type == Framed-User # Framed-IP-Address = 255.255.255.254, # Framed-MTU = 576, # Service-Type = Framed-User, # Fall-Through = Yes # # Default for PPP: dynamic IP address, PPP mode, VJ-compression. # NOTE: we do not use Hint = "PPP", since PPP might also be auto-detected # by the terminal server in which case there may not be a "P" suffix. # The terminal server sends "Framed-Protocol = PPP" for auto PPP. # #DEFAULT Framed-Protocol == PPP # Framed-Protocol = PPP, # Framed-Compression = Van-Jacobson-TCP-IP # # Default for CSLIP: dynamic IP address, SLIP mode, VJ-compression. # #DEFAULT Hint == "CSLIP" # Framed-Protocol = SLIP, # Framed-Compression = Van-Jacobson-TCP-IP # # Default for SLIP: dynamic IP address, SLIP mode. # #DEFAULT Hint == "SLIP" # Framed-Protocol = SLIP # # Last default: rlogin to our main server. # #DEFAULT # Service-Type = Login-User, # Login-Service = Rlogin, # Login-IP-Host = shellbox.ispdomain.com # # # # Last default: shell on the local terminal server. # # # DEFAULT # Service-Type = Administrative-User # On no match, the user is denied access. ################################################################################ ## Quelques commentaires : ## ## - Toutes les lignes doivent commencer par DEFAULT (c'est-a-dire TOUS les ## utilisateurs correspondent) ## - == -> Est égal à ## - := -> Créé un attribut avec la valeur passée ## - Le Reply-Message sont glissés dans chaque réponse (que l'authentification ## ait fonctionné ou pas) ## - Il faut mettre TOUTE la ligne de tests sur une SEULE ligne ## - La liste des attributs possible est disponible dans le fichier ## /usr/share/doc/freeradius/rfc/attributes.html ################################################################################ ################################################################################ # REJETS DEFINITIFS # Le proxy national reçoit de très nombreuses requêtes pour l'identifiant # "anonymous@myabc.com". # D'ailleurs, tant qu'à faire, vous pouvez filtrer tout ce qui est destiné à # ".com" DEFAULT User-Name =~ ".*@.*\.[Cc][Oo][Mm]$", Auth-Type := Reject ################################################################################ ################################################################################ # ACCPETATIONS DEFINITIVES #DEFAULT User-Name =~ ".*@.*\.[Cc][Oo][Mm]$" ################################################################################ ################################################################################ # - Roaming Site : On peut mettre une auth 802.1x du style # DEFAULT Huntgroup-Name=="Site8021x", Autz-Type := "ldap", Ldap-Group == "interneTEST", Realm=="test" # Tunnel-Type = VLAN, # Tunnel-Medium-Type = IEEE-802, # Tunnel-Private-Group-ID = 240 # avec dans huntgroups Site8021x== Tous les NAS du polygone. # # - Cas de l'utilisateur Eduroam : Si authentifie, on le met dans le VLAN # invite (remplace post.proxy) # DEFAULT Huntgroup-Name == "TEST8021x", Realm == "DEFAULT" # Tunnel-Type = VLAN, # Tunnel-Medium-Type = IEEE-802, # Tunnel-Private-Group-ID = 245 ################################################################################ ################################################################################ # Utilisateurs CNRS sur Eduroam # Nos utilisateurs sont en train de demander une authentification sur EduRoam # Les utilisateurs de la branche visiteurs doivent etre rejetes. ################################################################################ # On rejette les visiteurs DEFAULT Proxy-State =* ANY, User-Name =~ "^visiteur.*@grenoble.cnrs.fr$", Auth-Type := Reject # On laisse passer les communications du EAP dans le tunnel (obligatoire car # on refuse tout, dont grenoble.cnrs.fr) DEFAULT Proxy-State =* ANY, Realm == "grenoble.cnrs.fr" # On fait l'authentification une fois que l'on a tous les parametres pour la # faire (une fois que tout EAP est termine) DEFAULT Freeradius-Proxied-To == 127.0.0.1, Realm == "grenoble.cnrs.fr", Autz-Type := "ldap" ################################################################################ # Les laboratoires et départements locaux ################################################################################ ################### ### TEST LOCAUX ### ################### ## On veut que les tests locaux (depuis la machine 127.0.0.1) soient valides DEFAULT Huntgroup-Name == "HUNTLocal" #################### ### ROAMING SITE ### #################### ## Pour que les utilisateurs du site puissent se connecter dans leur VLAN ## interne, si ils ont le droit de le faire dans le RadiusGroupName. ## Ce cas se propose quand les utilisateurs mettent user@labo comme ## authentification 802.1x. # Il faudra rajouter les labos hors Institut Neel # CAS 2 DU CAHIER DES CHARGES : DEFAULT Huntgroup-Name == "Tous8021x", Autz-Type := "ldap", Realm == "mcbt", Ldap-Group == "interneMCBT" Tunnel-Type = VLAN, Tunnel-Medium-Type = IEEE-802, Tunnel-Private-Group-ID = 48 DEFAULT Huntgroup-Name == "Tous8021x", Autz-Type := "ldap", Realm == "mcmf", Ldap-Group == "interneMCMF" Tunnel-Type = VLAN, Tunnel-Medium-Type = IEEE-802, Tunnel-Private-Group-ID = 144 DEFAULT Huntgroup-Name == "Tous8021x", Autz-Type := "ldap", Realm == "nano", Ldap-Group == "interneNANO" Tunnel-Type = VLAN, Tunnel-Medium-Type = IEEE-802, Tunnel-Private-Group-ID = 64 DEFAULT Huntgroup-Name == "Tous8021x", Autz-Type := "ldap", Realm == "test", Ldap-Group == "interneTEST" Tunnel-Type = VLAN, Tunnel-Medium-Type = IEEE-802, Tunnel-Private-Group-ID = 240 #################### ### LABO DE TEST ### #################### # CAS 1 DU CAHIER DES CHARGES : # Depuis Chilli, dès que l'on est authentifié LDAP, on est connecté # Fonctionne aussi avec les utilisateurs Eduroam (sans authentification LDAP # puisqu'ils se trouvent en proxy) DEFAULT Huntgroup-Name == "TESTChilli", Autz-Type := "ldap" # CAS 3 DU CAHIER DES CHARGES : # On met le 802.1x dans le VLAN interne si l'authentification LDAP fonctionne # et que l'on vient des membres du Huntgroup "TEST8021x". # Si on ne met pas Autz-Type := "ldap", il n'y a pas d'authentification # (l'utilisateur est donc rejeté car EAP ne connait pas l'utilisateur) # On peut mettre le Realm==NULL plutot que =~"NULL|test" car on traite le cas # avant (ATTENTION : PATCH RADIUS HUNTGROUP MULTIPLE OBLIGATOIRE) DEFAULT Huntgroup-Name == "TEST8021x", Autz-Type := "ldap", Realm =~ "NULL|test$|grenoble.cnrs.fr$", Ldap-Group == "interneTEST" Tunnel-Type = VLAN, Tunnel-Medium-Type = IEEE-802, Tunnel-Private-Group-ID = 240 # CAS 4 DU CAHIER DES CHARGES : # On met un utilisateur qui a un RGN invite du Labo # dans le VLAN Invite DEFAULT Huntgroup-Name == "TEST8021x", Autz-Type := "ldap", Realm =~ "NULL|test$|grenoble.cnrs.fr$", Ldap-Group == "inviteTEST" Tunnel-Type = VLAN, Tunnel-Medium-Type = IEEE-802, Tunnel-Private-Group-ID = 245 # CAS 5 DU CAHIER DES CHARGES : # On met un utilisateur interne quelque part dans le site # dans le VLAN Invite si le Realm est NULL ou labo local # Comme le test du Ldap-Group est passe directement a LDAP, on ne peut pas # cumuler cette regle avec le cas 4. DEFAULT Huntgroup-Name == "TEST8021x", Autz-Type := "ldap", Realm =~ "NULL|test$|grenoble.cnrs.fr$", Ldap-Group == "interne*" Tunnel-Type = VLAN, Tunnel-Medium-Type = IEEE-802, Tunnel-Private-Group-ID = 245 # CAS 6 DU CAHIER DES CHARGES : # Un utilisateur d'EduRoam se connecte en 802.1x. On le met dans le VLAN invite # du laboratoire correspondant. # Il faut bien penser à filtrer les requêtes de post-proxy pour supprimer les # attributs Tunnel* qui pourraient être passés par les proxies distants. En # effet, 'users' ne peut surcharger les attributs, juste les créer (voir le # fichier attrs). DEFAULT Huntgroup-Name == "TEST8021x", Realm == "DEFAULT" Tunnel-Type = VLAN, Tunnel-Medium-Type = IEEE-802, Tunnel-Private-Group-ID = 245 ################################################################################ # Refus de tout le reste DEFAULT Auth-Type := Reject ################################################################################ ### CONFIGURATIONS DE TEST ################################################################################ # Verification si le 802.1x met dans le VLAN interne du reseau de test apres une # authentification LDAP. # On met le 802.1x dans le VLAN interne si l'authentification LDAP fonctionne # et que l'on vient des membres du Huntgroup "TEST8021x". # Si on ne met pas Autz-Type := "ldap", il n'y a pas d'authentification # (l'utilisateur est donc rejeté car EAP ne connait pas l'utilisateur) #DEFAULT Huntgroup-Name == "TEST8021x", Autz-Type := "ldap" # Tunnel-Type = VLAN, # Tunnel-Medium-Type = IEEE-802, # Tunnel-Private-Group-ID = 240 # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # Comme le Ldap-Group est directement envoye dans la requete LDAP, on peut # mettre un Ldap-Group == "interne*" #DEFAULT Huntgroup-Name == "TEST8021x", Autz-Type := "ldap", Realm =~ "NULL|test", Ldap-Group == "interne*" # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # #
Fri Sep 21 15:27:12 2007 : Info: Starting - reading configuration files ... Fri Sep 21 15:27:12 2007 : Debug: reread_config: reading radiusd.conf Fri Sep 21 15:27:12 2007 : Debug: Config: including file: /etc/freeradius/proxy.conf Fri Sep 21 15:27:12 2007 : Debug: Config: including file: /etc/freeradius/clients.conf Fri Sep 21 15:27:12 2007 : Debug: Config: including file: /etc/freeradius/snmp.conf Fri Sep 21 15:27:12 2007 : Debug: Config: including file: /etc/freeradius/eap.conf Fri Sep 21 15:27:12 2007 : Debug: Config: including file: /etc/freeradius/sql.conf Fri Sep 21 15:27:12 2007 : Debug: main: prefix = "/usr" Fri Sep 21 15:27:12 2007 : Debug: main: localstatedir = "/var" Fri Sep 21 15:27:12 2007 : Debug: main: logdir = "/var/log/freeradius" Fri Sep 21 15:27:12 2007 : Debug: main: libdir = "/usr/lib/freeradius" Fri Sep 21 15:27:12 2007 : Debug: main: radacctdir = "/var/log/freeradius/radacct" Fri Sep 21 15:27:12 2007 : Debug: main: hostname_lookups = no Fri Sep 21 15:27:12 2007 : Debug: main: snmp = no Fri Sep 21 15:27:12 2007 : Debug: main: max_request_time = 30 Fri Sep 21 15:27:12 2007 : Debug: main: cleanup_delay = 5 Fri Sep 21 15:27:12 2007 : Debug: main: max_requests = 1024 Fri Sep 21 15:27:12 2007 : Debug: main: delete_blocked_requests = 0 Fri Sep 21 15:27:12 2007 : Debug: main: port = 1812 Fri Sep 21 15:27:12 2007 : Debug: main: allow_core_dumps = no Fri Sep 21 15:27:12 2007 : Debug: main: log_stripped_names = no Fri Sep 21 15:27:12 2007 : Debug: main: log_file = "/var/log/freeradius/radius.log" Fri Sep 21 15:27:12 2007 : Debug: main: log_auth = yes Fri Sep 21 15:27:12 2007 : Debug: main: log_auth_badpass = no Fri Sep 21 15:27:12 2007 : Debug: main: log_auth_goodpass = no Fri Sep 21 15:27:12 2007 : Debug: main: pidfile = "/var/run/freeradius/freeradius.pid" Fri Sep 21 15:27:12 2007 : Debug: main: user = "freerad" Fri Sep 21 15:27:12 2007 : Debug: main: group = "freerad" Fri Sep 21 15:27:12 2007 : Debug: main: usercollide = no Fri Sep 21 15:27:12 2007 : Debug: main: lower_user = "no" Fri Sep 21 15:27:12 2007 : Debug: main: lower_pass = "no" Fri Sep 21 15:27:12 2007 : Debug: main: nospace_user = "no" Fri Sep 21 15:27:12 2007 : Debug: main: nospace_pass = "no" Fri Sep 21 15:27:12 2007 : Debug: main: checkrad = "/usr/sbin/checkrad" Fri Sep 21 15:27:12 2007 : Debug: main: proxy_requests = yes Fri Sep 21 15:27:12 2007 : Debug: proxy: retry_delay = 5 Fri Sep 21 15:27:12 2007 : Debug: proxy: retry_count = 3 Fri Sep 21 15:27:12 2007 : Debug: proxy: synchronous = no Fri Sep 21 15:27:12 2007 : Debug: proxy: default_fallback = yes Fri Sep 21 15:27:12 2007 : Debug: proxy: dead_time = 120 Fri Sep 21 15:27:12 2007 : Debug: proxy: post_proxy_authorize = yes Fri Sep 21 15:27:12 2007 : Debug: proxy: wake_all_if_all_dead = no Fri Sep 21 15:27:12 2007 : Debug: security: max_attributes = 200 Fri Sep 21 15:27:12 2007 : Debug: security: reject_delay = 1 Fri Sep 21 15:27:12 2007 : Debug: security: status_server = yes Fri Sep 21 15:27:12 2007 : Debug: main: debug_level = 0 Fri Sep 21 15:27:12 2007 : Debug: read_config_files: reading dictionary Fri Sep 21 15:27:12 2007 : Debug: read_config_files: reading naslist Fri Sep 21 15:27:12 2007 : Debug: read_config_files: reading clients Fri Sep 21 15:27:12 2007 : Debug: read_config_files: reading realms Fri Sep 21 15:27:12 2007 : Debug: listen: port = 0 Fri Sep 21 15:27:12 2007 : Debug: listen: type = "auth" Fri Sep 21 15:27:12 2007 : Debug: listen: port = 0 Fri Sep 21 15:27:12 2007 : Debug: listen: type = "acct" Fri Sep 21 15:27:12 2007 : Debug: radiusd: entering modules setup Fri Sep 21 15:27:12 2007 : Debug: Module: Library search path is /usr/lib/freeradius Fri Sep 21 15:27:12 2007 : Debug: Module: Loaded exec Fri Sep 21 15:27:12 2007 : Debug: exec: wait = no Fri Sep 21 15:27:12 2007 : Debug: exec: program = "(null)" Fri Sep 21 15:27:12 2007 : Debug: exec: input_pairs = "request" Fri Sep 21 15:27:12 2007 : Debug: exec: output_pairs = "(null)" Fri Sep 21 15:27:12 2007 : Debug: exec: packet_type = "(null)" Fri Sep 21 15:27:12 2007 : Debug: Module: Instantiated exec (exec) Fri Sep 21 15:27:12 2007 : Debug: Module: Loaded expr Fri Sep 21 15:27:12 2007 : Debug: Module: Instantiated expr (expr) Fri Sep 21 15:27:12 2007 : Debug: Module: Loaded LDAP Fri Sep 21 15:27:12 2007 : Debug: ldap: server = "ldaps://ldap.grenoble.cnrs.fr" Fri Sep 21 15:27:12 2007 : Debug: ldap: port = 389 Fri Sep 21 15:27:12 2007 : Debug: ldap: net_timeout = 1 Fri Sep 21 15:27:12 2007 : Debug: ldap: timeout = 4 Fri Sep 21 15:27:12 2007 : Debug: ldap: timelimit = 3 Fri Sep 21 15:27:12 2007 : Debug: ldap: identity = "cn=rad,dc=grenoble,dc=cnrs,dc=fr" Fri Sep 21 15:27:12 2007 : Debug: ldap: tls_mode = no Fri Sep 21 15:27:12 2007 : Debug: ldap: start_tls = no Fri Sep 21 15:27:12 2007 : Debug: ldap: tls_cacertfile = "(null)" Fri Sep 21 15:27:12 2007 : Debug: ldap: tls_cacertdir = "(null)" Fri Sep 21 15:27:12 2007 : Debug: ldap: tls_certfile = "(null)" Fri Sep 21 15:27:12 2007 : Debug: ldap: tls_keyfile = "(null)" Fri Sep 21 15:27:12 2007 : Debug: ldap: tls_randfile = "(null)" Fri Sep 21 15:27:12 2007 : Debug: ldap: tls_require_cert = "allow" Fri Sep 21 15:27:12 2007 : Debug: ldap: password = "XXXXXXX" Fri Sep 21 15:27:12 2007 : Debug: ldap: basedn = "ou=users,dc=grenoble,dc=cnrs,dc=fr" Fri Sep 21 15:27:12 2007 : Debug: ldap: filter = "(|(|(uid=%{Stripped-User-Name:-%{User-Name}})(mail=%{Stripped-User-Name:-%{User-Name}}))(mail=%{Stripped-User-Name:-%{User-Name}}@grenoble.cnrs.fr))" Fri Sep 21 15:27:12 2007 : Debug: ldap: base_filter = "(objectclass=radiusprofile)" Fri Sep 21 15:27:12 2007 : Debug: ldap: default_profile = "(null)" Fri Sep 21 15:27:12 2007 : Debug: ldap: profile_attribute = "(null)" Fri Sep 21 15:27:12 2007 : Debug: ldap: password_header = "(null)" Fri Sep 21 15:27:12 2007 : Debug: ldap: password_attribute = "(null)" Fri Sep 21 15:27:12 2007 : Debug: ldap: access_attr = "(null)" Fri Sep 21 15:27:12 2007 : Debug: ldap: groupname_attribute = "radiusGroupName" Fri Sep 21 15:27:12 2007 : Debug: ldap: groupmembership_filter = "(|(|(uid=%{Stripped-User-Name:-%{User-Name}})(mail=%{Stripped-User-Name:-%{User-Name}}))(mail=%{Stripped-User-Name:-%{User-Name}}@grenoble.cnrs.fr))" Fri Sep 21 15:27:12 2007 : Debug: ldap: groupmembership_attribute = "radiusGroupName" Fri Sep 21 15:27:12 2007 : Debug: ldap: dictionary_mapping = "/etc/freeradius/ldap.attrmap" Fri Sep 21 15:27:12 2007 : Debug: ldap: ldap_debug = 0 Fri Sep 21 15:27:12 2007 : Debug: ldap: ldap_connections_number = 5 Fri Sep 21 15:27:12 2007 : Debug: ldap: compare_check_items = no Fri Sep 21 15:27:12 2007 : Debug: ldap: access_attr_used_for_allow = yes Fri Sep 21 15:27:12 2007 : Debug: ldap: do_xlat = yes Fri Sep 21 15:27:12 2007 : Debug: ldap: edir_account_policy_check = no Fri Sep 21 15:27:12 2007 : Debug: ldap: set_auth_type = yes Fri Sep 21 15:27:12 2007 : Debug: rlm_ldap: Registering ldap_groupcmp for Ldap-Group Fri Sep 21 15:27:12 2007 : Debug: rlm_ldap: Registering ldap_xlat with xlat_name ldap Fri Sep 21 15:27:12 2007 : Debug: rlm_ldap: reading ldap<->radius mappings from file /etc/freeradius/ldap.attrmap Fri Sep 21 15:27:12 2007 : Debug: rlm_ldap: LDAP radiusCheckItem mapped to RADIUS $GENERIC$ Fri Sep 21 15:27:12 2007 : Debug: rlm_ldap: LDAP radiusReplyItem mapped to RADIUS $GENERIC$ Fri Sep 21 15:27:12 2007 : Debug: rlm_ldap: LDAP radiusAuthType mapped to RADIUS Auth-Type Fri Sep 21 15:27:12 2007 : Debug: rlm_ldap: LDAP radiusSimultaneousUse mapped to RADIUS Simultaneous-Use Fri Sep 21 15:27:12 2007 : Debug: rlm_ldap: LDAP radiusCalledStationId mapped to RADIUS Called-Station-Id Fri Sep 21 15:27:12 2007 : Debug: rlm_ldap: LDAP radiusCallingStationId mapped to RADIUS Calling-Station-Id Fri Sep 21 15:27:12 2007 : Debug: rlm_ldap: LDAP lmPassword mapped to RADIUS LM-Password Fri Sep 21 15:27:12 2007 : Debug: rlm_ldap: LDAP ntPassword mapped to RADIUS NT-Password Fri Sep 21 15:27:12 2007 : Debug: rlm_ldap: LDAP acctFlags mapped to RADIUS SMB-Account-CTRL-TEXT Fri Sep 21 15:27:12 2007 : Debug: rlm_ldap: LDAP radiusExpiration mapped to RADIUS Expiration Fri Sep 21 15:27:12 2007 : Debug: rlm_ldap: LDAP radiusNASIpAddress mapped to RADIUS NAS-IP-Address Fri Sep 21 15:27:12 2007 : Debug: rlm_ldap: LDAP radiusServiceType mapped to RADIUS Service-Type Fri Sep 21 15:27:12 2007 : Debug: rlm_ldap: LDAP radiusFramedProtocol mapped to RADIUS Framed-Protocol Fri Sep 21 15:27:12 2007 : Debug: rlm_ldap: LDAP radiusFramedIPAddress mapped to RADIUS Framed-IP-Address Fri Sep 21 15:27:12 2007 : Debug: rlm_ldap: LDAP radiusFramedIPNetmask mapped to RADIUS Framed-IP-Netmask Fri Sep 21 15:27:12 2007 : Debug: rlm_ldap: LDAP radiusFramedRoute mapped to RADIUS Framed-Route Fri Sep 21 15:27:12 2007 : Debug: rlm_ldap: LDAP radiusFramedRouting mapped to RADIUS Framed-Routing Fri Sep 21 15:27:12 2007 : Debug: rlm_ldap: LDAP radiusFilterId mapped to RADIUS Filter-Id Fri Sep 21 15:27:12 2007 : Debug: rlm_ldap: LDAP radiusFramedMTU mapped to RADIUS Framed-MTU Fri Sep 21 15:27:12 2007 : Debug: rlm_ldap: LDAP radiusFramedCompression mapped to RADIUS Framed-Compression Fri Sep 21 15:27:12 2007 : Debug: rlm_ldap: LDAP radiusLoginIPHost mapped to RADIUS Login-IP-Host Fri Sep 21 15:27:12 2007 : Debug: rlm_ldap: LDAP radiusLoginService mapped to RADIUS Login-Service Fri Sep 21 15:27:12 2007 : Debug: rlm_ldap: LDAP radiusLoginTCPPort mapped to RADIUS Login-TCP-Port Fri Sep 21 15:27:12 2007 : Debug: rlm_ldap: LDAP radiusCallbackNumber mapped to RADIUS Callback-Number Fri Sep 21 15:27:12 2007 : Debug: rlm_ldap: LDAP radiusCallbackId mapped to RADIUS Callback-Id Fri Sep 21 15:27:12 2007 : Debug: rlm_ldap: LDAP radiusFramedIPXNetwork mapped to RADIUS Framed-IPX-Network Fri Sep 21 15:27:12 2007 : Debug: rlm_ldap: LDAP radiusClass mapped to RADIUS Class Fri Sep 21 15:27:12 2007 : Debug: rlm_ldap: LDAP radiusSessionTimeout mapped to RADIUS Session-Timeout Fri Sep 21 15:27:12 2007 : Debug: rlm_ldap: LDAP radiusIdleTimeout mapped to RADIUS Idle-Timeout Fri Sep 21 15:27:12 2007 : Debug: rlm_ldap: LDAP radiusTerminationAction mapped to RADIUS Termination-Action Fri Sep 21 15:27:12 2007 : Debug: rlm_ldap: LDAP radiusLoginLATService mapped to RADIUS Login-LAT-Service Fri Sep 21 15:27:12 2007 : Debug: rlm_ldap: LDAP radiusLoginLATNode mapped to RADIUS Login-LAT-Node Fri Sep 21 15:27:12 2007 : Debug: rlm_ldap: LDAP radiusLoginLATGroup mapped to RADIUS Login-LAT-Group Fri Sep 21 15:27:12 2007 : Debug: rlm_ldap: LDAP radiusFramedAppleTalkLink mapped to RADIUS Framed-AppleTalk-Link Fri Sep 21 15:27:12 2007 : Debug: rlm_ldap: LDAP radiusFramedAppleTalkNetwork mapped to RADIUS Framed-AppleTalk-Network Fri Sep 21 15:27:12 2007 : Debug: rlm_ldap: LDAP radiusFramedAppleTalkZone mapped to RADIUS Framed-AppleTalk-Zone Fri Sep 21 15:27:12 2007 : Debug: rlm_ldap: LDAP radiusPortLimit mapped to RADIUS Port-Limit Fri Sep 21 15:27:12 2007 : Debug: rlm_ldap: LDAP radiusLoginLATPort mapped to RADIUS Login-LAT-Port Fri Sep 21 15:27:12 2007 : Debug: rlm_ldap: LDAP radiusReplyMessage mapped to RADIUS Reply-Message Fri Sep 21 15:27:12 2007 : Debug: conns: 0x5555557bc4c0 Fri Sep 21 15:27:12 2007 : Debug: Module: Instantiated ldap (ldap) Fri Sep 21 15:27:12 2007 : Debug: Module: Loaded eap Fri Sep 21 15:27:12 2007 : Debug: eap: default_eap_type = "ttls" Fri Sep 21 15:27:12 2007 : Debug: eap: timer_expire = 60 Fri Sep 21 15:27:12 2007 : Debug: eap: ignore_unknown_eap_types = yes Fri Sep 21 15:27:12 2007 : Debug: eap: cisco_accounting_username_bug = no Fri Sep 21 15:27:12 2007 : Debug: tls: rsa_key_exchange = no Fri Sep 21 15:27:12 2007 : Debug: tls: dh_key_exchange = yes Fri Sep 21 15:27:12 2007 : Debug: tls: rsa_key_length = 512 Fri Sep 21 15:27:12 2007 : Debug: tls: dh_key_length = 512 Fri Sep 21 15:27:12 2007 : Debug: tls: verify_depth = 0 Fri Sep 21 15:27:12 2007 : Debug: tls: CA_path = "(null)" Fri Sep 21 15:27:12 2007 : Debug: tls: pem_file_type = yes Fri Sep 21 15:27:12 2007 : Debug: tls: private_key_file = "/etc/freeradius/certs/radius.grenoble.cnrs.fr.key" Fri Sep 21 15:27:12 2007 : Debug: tls: certificate_file = "/etc/freeradius/certs/radius.grenoble.cnrs.fr.crt" Fri Sep 21 15:27:12 2007 : Debug: tls: CA_file = "/etc/freeradius/certs/CACNRS.pem" Fri Sep 21 15:27:12 2007 : Debug: tls: private_key_password = "(null)" Fri Sep 21 15:27:12 2007 : Debug: tls: dh_file = "/etc/freeradius/certs/dh" Fri Sep 21 15:27:12 2007 : Debug: tls: random_file = "/etc/freeradius/certs/random" Fri Sep 21 15:27:12 2007 : Debug: tls: fragment_size = 1024 Fri Sep 21 15:27:12 2007 : Debug: tls: include_length = yes Fri Sep 21 15:27:12 2007 : Debug: tls: check_crl = no Fri Sep 21 15:27:12 2007 : Debug: tls: check_cert_cn = "(null)" Fri Sep 21 15:27:12 2007 : Debug: tls: cipher_list = "DEFAULT" Fri Sep 21 15:27:12 2007 : Debug: tls: check_cert_issuer = "(null)" Fri Sep 21 15:27:12 2007 : Info: rlm_eap_tls: Loading the certificate file as a chain Fri Sep 21 15:27:12 2007 : Debug: rlm_eap: Loaded and initialized type tls Fri Sep 21 15:27:12 2007 : Debug: ttls: default_eap_type = "md5" Fri Sep 21 15:27:12 2007 : Debug: ttls: copy_request_to_tunnel = yes Fri Sep 21 15:27:12 2007 : Debug: ttls: use_tunneled_reply = yes Fri Sep 21 15:27:12 2007 : Debug: rlm_eap: Loaded and initialized type ttls Fri Sep 21 15:27:12 2007 : Debug: Module: Instantiated eap (eap) Fri Sep 21 15:27:12 2007 : Debug: Module: Loaded preprocess Fri Sep 21 15:27:12 2007 : Debug: preprocess: huntgroups = "/etc/freeradius/huntgroups" Fri Sep 21 15:27:12 2007 : Debug: preprocess: hints = "/etc/freeradius/hints" Fri Sep 21 15:27:12 2007 : Debug: preprocess: with_ascend_hack = no Fri Sep 21 15:27:12 2007 : Debug: preprocess: ascend_channels_per_line = 23 Fri Sep 21 15:27:12 2007 : Debug: preprocess: with_ntdomain_hack = no Fri Sep 21 15:27:12 2007 : Debug: preprocess: with_specialix_jetstream_hack = no Fri Sep 21 15:27:12 2007 : Debug: preprocess: with_cisco_vsa_hack = no Fri Sep 21 15:27:12 2007 : Debug: preprocess: with_alvarion_vsa_hack = no Fri Sep 21 15:27:12 2007 : Debug: Module: Instantiated preprocess (preprocess) Fri Sep 21 15:27:12 2007 : Debug: Module: Loaded realm Fri Sep 21 15:27:12 2007 : Debug: realm: format = "suffix" Fri Sep 21 15:27:12 2007 : Debug: realm: delimiter = "@" Fri Sep 21 15:27:12 2007 : Debug: realm: ignore_default = no Fri Sep 21 15:27:12 2007 : Debug: realm: ignore_null = no Fri Sep 21 15:27:12 2007 : Debug: Module: Instantiated realm (suffix) Fri Sep 21 15:27:12 2007 : Debug: Module: Loaded files Fri Sep 21 15:27:12 2007 : Debug: files: usersfile = "/etc/freeradius/users" Fri Sep 21 15:27:12 2007 : Debug: files: acctusersfile = "/etc/freeradius/acct_users" Fri Sep 21 15:27:12 2007 : Debug: files: preproxy_usersfile = "/etc/freeradius/preproxy_users" Fri Sep 21 15:27:12 2007 : Debug: files: compat = "no" Fri Sep 21 15:27:12 2007 : Debug: Module: Instantiated files (files) Fri Sep 21 15:27:12 2007 : Debug: Module: Loaded PAP Fri Sep 21 15:27:12 2007 : Debug: pap: encryption_scheme = "crypt" Fri Sep 21 15:27:12 2007 : Debug: pap: auto_header = no Fri Sep 21 15:27:12 2007 : Debug: Module: Instantiated pap (pap) Fri Sep 21 15:27:12 2007 : Debug: Module: Loaded Acct-Unique-Session-Id Fri Sep 21 15:27:12 2007 : Debug: acct_unique: key = "User-Name, Acct-Session-Id, NAS-IP-Address, Client-IP-Address, NAS-Port" Fri Sep 21 15:27:12 2007 : Debug: Module: Instantiated acct_unique (acct_unique) Fri Sep 21 15:27:12 2007 : Debug: Module: Loaded detail Fri Sep 21 15:27:12 2007 : Debug: detail: detailfile = "/var/log/freeradius/radacct/%{Client-IP-Address}/detail-%Y%m%d" Fri Sep 21 15:27:12 2007 : Debug: detail: detailperm = 384 Fri Sep 21 15:27:12 2007 : Debug: detail: dirperm = 493 Fri Sep 21 15:27:12 2007 : Debug: detail: locking = no Fri Sep 21 15:27:12 2007 : Debug: Module: Instantiated detail (detail) Fri Sep 21 15:27:12 2007 : Debug: Module: Loaded System Fri Sep 21 15:27:12 2007 : Debug: unix: cache = no Fri Sep 21 15:27:12 2007 : Debug: unix: passwd = "(null)" Fri Sep 21 15:27:12 2007 : Debug: unix: shadow = "(null)" Fri Sep 21 15:27:12 2007 : Debug: unix: group = "(null)" Fri Sep 21 15:27:12 2007 : Debug: unix: radwtmp = "/var/log/freeradius/radwtmp" Fri Sep 21 15:27:12 2007 : Debug: unix: usegroup = no Fri Sep 21 15:27:12 2007 : Debug: unix: cache_reload = 600 Fri Sep 21 15:27:12 2007 : Debug: Module: Instantiated unix (unix) Fri Sep 21 15:27:12 2007 : Debug: Module: Loaded radutmp Fri Sep 21 15:27:12 2007 : Debug: radutmp: filename = "/var/log/freeradius/radutmp" Fri Sep 21 15:27:12 2007 : Debug: radutmp: username = "%{User-Name}" Fri Sep 21 15:27:12 2007 : Debug: radutmp: case_sensitive = yes Fri Sep 21 15:27:12 2007 : Debug: radutmp: check_with_nas = yes Fri Sep 21 15:27:12 2007 : Debug: radutmp: perm = 384 Fri Sep 21 15:27:12 2007 : Debug: radutmp: callerid = yes Fri Sep 21 15:27:12 2007 : Debug: Module: Instantiated radutmp (radutmp) Fri Sep 21 15:27:12 2007 : Debug: Module: Loaded SQL Fri Sep 21 15:27:12 2007 : Debug: sql: driver = "rlm_sql_mysql" Fri Sep 21 15:27:12 2007 : Debug: sql: server = "localhost" Fri Sep 21 15:27:12 2007 : Debug: sql: port = "" Fri Sep 21 15:27:12 2007 : Debug: sql: login = "AcctRadius" Fri Sep 21 15:27:12 2007 : Debug: sql: password = "AcctRadius" Fri Sep 21 15:27:12 2007 : Debug: sql: radius_db = "accounting" Fri Sep 21 15:27:12 2007 : Debug: sql: nas_table = "nas" Fri Sep 21 15:27:12 2007 : Debug: sql: sqltrace = yes Fri Sep 21 15:27:12 2007 : Debug: sql: sqltracefile = "/var/log/freeradius/sqltrace.sql" Fri Sep 21 15:27:12 2007 : Debug: sql: readclients = no Fri Sep 21 15:27:12 2007 : Debug: sql: deletestalesessions = yes Fri Sep 21 15:27:12 2007 : Debug: sql: num_sql_socks = 5 Fri Sep 21 15:27:12 2007 : Debug: sql: sql_user_name = "%{User-Name}" Fri Sep 21 15:27:12 2007 : Debug: sql: default_user_profile = "" Fri Sep 21 15:27:12 2007 : Debug: sql: query_on_not_found = no Fri Sep 21 15:27:12 2007 : Debug: sql: authorize_check_query = "SELECT id, UserName, Attribute, Value, op FROM radcheck WHERE Username = '%{SQL-User-Name}' ORDER BY id" Fri Sep 21 15:27:12 2007 : Debug: sql: authorize_reply_query = "SELECT id, UserName, Attribute, Value, op FROM radreply WHERE Username = '%{SQL-User-Name}' ORDER BY id" Fri Sep 21 15:27:12 2007 : Debug: sql: authorize_group_check_query = "SELECT id, GroupName, Attribute, Value, op FROM radgroupcheck WHERE GroupName = '%{Sql-Group}' ORDER BY id" Fri Sep 21 15:27:12 2007 : Debug: sql: authorize_group_reply_query = "SELECT id, GroupName, Attribute, Value, op FROM radgroupreply WHERE GroupName = '%{Sql-Group}' ORDER BY id" Fri Sep 21 15:27:12 2007 : Debug: sql: accounting_onoff_query = "UPDATE radacct SET AcctStopTime='%S', AcctSessionTime=unix_timestamp('%S') - unix_timestamp(AcctStartTime), AcctTerminateCause='%{Acct-Terminate-Cause}', AcctStopDelay = %{Acct-Delay-Time:-0} WHERE AcctSessionTime=0 AND AcctStopTime=0 AND NASIPAddress= '%{NAS-IP-Address}' AND AcctStartTime <= '%S'" Fri Sep 21 15:27:12 2007 : Debug: sql: accounting_update_query = "UPDATE radacct SET FramedIPAddress = '%{Framed-IP-Address}', AcctSessionTime = '%{Acct-Session-Time}', AcctInputOctets = '%{Acct-Input-Octets}', AcctOutputOctets = '%{Acct-Output-Octets}' WHERE AcctSessionId = '%{Acct-Session-Id}' AND UserName = '%{SQL-User-Name}' AND NASIPAddress= '%{NAS-IP-Address}'" Fri Sep 21 15:27:12 2007 : Debug: sql: accounting_update_query_alt = "INSERT into radacct (AcctSessionId, AcctUniqueId, UserName, Realm, NASIPAddress, NASPortId, NASPortType, AcctStartTime, AcctSessionTime, AcctAuthentic, ConnectInfo_start, AcctInputOctets, AcctOutputOctets, CalledStationId, CallingStationId, ServiceType, FramedProtocol, FramedIPAddress, AcctStartDelay) values('%{Acct-Session-Id}', '%{Acct-Unique-Session-Id}', '%{SQL-User-Name}', '%{Realm}', '%{NAS-IP-Address}', '%{NAS-Port}', '%{NAS-Port-Type}', DATE_SUB('%S',INTERVAL (%{Acct-Session-Time:-0} + %{Acct-Delay-Time:-0}) SECOND), '%{Acct-Session-Time}', '%{Acct-Authentic}', '', '%{Acct-Input-Octets}', '%{Acct-Output-Octets}', '%{Called-Station-Id}', '%{Calling-Station-Id}', '%{Service-Type}', '%{Framed-Protocol}', '%{Framed-IP-Address}', '0')" Fri Sep 21 15:27:12 2007 : Debug: sql: accounting_start_query = "INSERT into radacct (AcctSessionId, AcctUniqueId, UserName, Realm, NASIPAddress, NASPortId, NASPortType, AcctStartTime, AcctStopTime, AcctSessionTime, AcctAuthentic, ConnectInfo_start, ConnectInfo_stop, AcctInputOctets, AcctOutputOctets, CalledStationId, CallingStationId, AcctTerminateCause, ServiceType, FramedProtocol, FramedIPAddress, AcctStartDelay, AcctStopDelay) values('%{Acct-Session-Id}', '%{Acct-Unique-Session-Id}', '%{SQL-User-Name}', '%{Realm}', '%{NAS-IP-Address}', '%{NAS-Port}', '%{NAS-Port-Type}', '%S', '0', '0', '%{Acct-Authentic}', '%{Connect-Info}', '', '0', '0', '%{Called-Station-Id}', '%{Calling-Station-Id}', '', '%{Service-Type}', '%{Framed-Protocol}', '%{Framed-IP-Address}', '%{Acct-Delay-Time:-0}', '0')" Fri Sep 21 15:27:12 2007 : Debug: sql: accounting_start_query_alt = "UPDATE radacct SET AcctStartTime = '%S', AcctStartDelay = '%{Acct-Delay-Time:-0}', ConnectInfo_start = '%{Connect-Info}' WHERE AcctSessionId = '%{Acct-Session-Id}' AND UserName = '%{SQL-User-Name}' AND NASIPAddress = '%{NAS-IP-Address}'" Fri Sep 21 15:27:12 2007 : Debug: sql: accounting_stop_query = "UPDATE radacct SET AcctStopTime = '%S', AcctSessionTime = '%{Acct-Session-Time}', AcctInputOctets = '%{Acct-Input-Octets}', AcctOutputOctets = '%{Acct-Output-Octets}', AcctTerminateCause = '%{Acct-Terminate-Cause}', AcctStopDelay = '%{Acct-Delay-Time:-0}', ConnectInfo_stop = '%{Connect-Info}' WHERE AcctSessionId = '%{Acct-Session-Id}' AND UserName = '%{SQL-User-Name}' AND NASIPAddress = '%{NAS-IP-Address}'" Fri Sep 21 15:27:12 2007 : Debug: sql: accounting_stop_query_alt = "INSERT into radacct (AcctSessionId, AcctUniqueId, UserName, Realm, NASIPAddress, NASPortId, NASPortType, AcctStartTime, AcctStopTime, AcctSessionTime, AcctAuthentic, ConnectInfo_start, ConnectInfo_stop, AcctInputOctets, AcctOutputOctets, CalledStationId, CallingStationId, AcctTerminateCause, ServiceType, FramedProtocol, FramedIPAddress, AcctStartDelay, AcctStopDelay) values('%{Acct-Session-Id}', '%{Acct-Unique-Session-Id}', '%{SQL-User-Name}', '%{Realm}', '%{NAS-IP-Address}', '%{NAS-Port}', '%{NAS-Port-Type}', DATE_SUB('%S', INTERVAL (%{Acct-Session-Time:-0} + %{Acct-Delay-Time:-0}) SECOND), '%S', '%{Acct-Session-Time}', '%{Acct-Authentic}', '', '%{Connect-Info}', '%{Acct-Input-Octets}', '%{Acct-Output-Octets}', '%{Called-Station-Id}', '%{Calling-Station-Id}', '%{Acct-Terminate-Cause}', '%{Service-Type}', '%{Framed-Protocol}', '%{Framed-IP-Address}', '0', '%{Acct-Delay-Time:-0}')" Fri Sep 21 15:27:12 2007 : Debug: sql: group_membership_query = "SELECT GroupName FROM radusergroup WHERE UserName = '%{SQL-User-Name}' ORDER BY priority" Fri Sep 21 15:27:12 2007 : Debug: sql: connect_failure_retry_delay = 60 Fri Sep 21 15:27:12 2007 : Debug: sql: simul_count_query = "" Fri Sep 21 15:27:12 2007 : Debug: sql: simul_verify_query = "SELECT RadAcctId, AcctSessionId, UserName, NASIPAddress, NASPortId, FramedIPAddress, CallingStationId, FramedProtocol FROM radacct WHERE UserName='%{SQL-User-Name}' AND AcctStopTime = 0" Fri Sep 21 15:27:12 2007 : Debug: sql: postauth_query = "INSERT into radpostauth (id, user, pass, reply, date) values ('', '%{User-Name}', '%{User-Password:-Chap-Password}', '%{reply:Packet-Type}', '%S')" Fri Sep 21 15:27:12 2007 : Debug: sql: safe-characters = "@abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789.-_: /" Fri Sep 21 15:27:12 2007 : Info: rlm_sql (sql): Driver rlm_sql_mysql (module rlm_sql_mysql) loaded and linked Fri Sep 21 15:27:12 2007 : Info: rlm_sql (sql): Attempting to connect to AcctRadius@localhost:/accounting Fri Sep 21 15:27:12 2007 : Debug: rlm_sql (sql): starting 0 Fri Sep 21 15:27:12 2007 : Debug: rlm_sql (sql): Attempting to connect rlm_sql_mysql #0 Fri Sep 21 15:27:12 2007 : Info: rlm_sql_mysql: Starting connect to MySQL server for #0 Fri Sep 21 15:27:12 2007 : Debug: rlm_sql (sql): Connected new DB handle, #0 Fri Sep 21 15:27:12 2007 : Debug: rlm_sql (sql): starting 1 Fri Sep 21 15:27:12 2007 : Debug: rlm_sql (sql): Attempting to connect rlm_sql_mysql #1 Fri Sep 21 15:27:12 2007 : Info: rlm_sql_mysql: Starting connect to MySQL server for #1 Fri Sep 21 15:27:12 2007 : Debug: rlm_sql (sql): Connected new DB handle, #1 Fri Sep 21 15:27:12 2007 : Debug: rlm_sql (sql): starting 2 Fri Sep 21 15:27:12 2007 : Debug: rlm_sql (sql): Attempting to connect rlm_sql_mysql #2 Fri Sep 21 15:27:12 2007 : Info: rlm_sql_mysql: Starting connect to MySQL server for #2 Fri Sep 21 15:27:12 2007 : Debug: rlm_sql (sql): Connected new DB handle, #2 Fri Sep 21 15:27:12 2007 : Debug: rlm_sql (sql): starting 3 Fri Sep 21 15:27:12 2007 : Debug: rlm_sql (sql): Attempting to connect rlm_sql_mysql #3 Fri Sep 21 15:27:12 2007 : Info: rlm_sql_mysql: Starting connect to MySQL server for #3 Fri Sep 21 15:27:12 2007 : Debug: rlm_sql (sql): Connected new DB handle, #3 Fri Sep 21 15:27:12 2007 : Debug: rlm_sql (sql): starting 4 Fri Sep 21 15:27:12 2007 : Debug: rlm_sql (sql): Attempting to connect rlm_sql_mysql #4 Fri Sep 21 15:27:12 2007 : Info: rlm_sql_mysql: Starting connect to MySQL server for #4 Fri Sep 21 15:27:12 2007 : Debug: rlm_sql (sql): Connected new DB handle, #4 Fri Sep 21 15:27:12 2007 : Debug: Module: Instantiated sql (sql) Fri Sep 21 15:27:12 2007 : Debug: Module: Loaded attr_filter Fri Sep 21 15:27:12 2007 : Debug: attr_filter: attrsfile = "/etc/freeradius/attrs.accounting_response" Fri Sep 21 15:27:12 2007 : Error: rlm_attr_filter: Authorize method will be deprecated. Fri Sep 21 15:27:12 2007 : Debug: Module: Instantiated attr_filter (attr_filter.accounting_response) Fri Sep 21 15:27:12 2007 : Debug: detail: detailfile = "/var/log/freeradius/radacct/%{Client-IP-Address}/pre-proxy-detail-%Y%m%d" Fri Sep 21 15:27:12 2007 : Debug: detail: detailperm = 384 Fri Sep 21 15:27:12 2007 : Debug: detail: dirperm = 493 Fri Sep 21 15:27:12 2007 : Debug: detail: locking = no Fri Sep 21 15:27:12 2007 : Debug: Module: Instantiated detail (pre_proxy_log) Fri Sep 21 15:27:12 2007 : Debug: detail: detailfile = "/var/log/freeradius/radacct/%{Client-IP-Address}/post-proxy-detail-%Y%m%d" Fri Sep 21 15:27:12 2007 : Debug: detail: detailperm = 384 Fri Sep 21 15:27:12 2007 : Debug: detail: dirperm = 493 Fri Sep 21 15:27:12 2007 : Debug: detail: locking = no Fri Sep 21 15:27:12 2007 : Debug: Module: Instantiated detail (post_proxy_log) Fri Sep 21 15:27:12 2007 : Debug: attr_filter: attrsfile = "/etc/freeradius/attrs" Fri Sep 21 15:27:12 2007 : Error: rlm_attr_filter: Authorize method will be deprecated. Fri Sep 21 15:27:12 2007 : Debug: Module: Instantiated attr_filter (attr_filter.post-proxy) Fri Sep 21 15:27:12 2007 : Debug: detail: detailfile = "/var/log/freeradius/radacct/%{Client-IP-Address}/post-proxy-detail-%Y%m%d-filtre" Fri Sep 21 15:27:12 2007 : Debug: detail: detailperm = 384 Fri Sep 21 15:27:12 2007 : Debug: detail: dirperm = 493 Fri Sep 21 15:27:12 2007 : Debug: detail: locking = no Fri Sep 21 15:27:12 2007 : Debug: Module: Instantiated detail (post_proxy_log_filtre) Fri Sep 21 15:27:12 2007 : Debug: Listening on authentication *:1812 Fri Sep 21 15:27:12 2007 : Debug: Listening on accounting *:1813 Fri Sep 21 15:27:12 2007 : Debug: Listening on proxy *:1814 Fri Sep 21 15:27:12 2007 : Info: Ready to process requests. rad_recv: Access-Request packet from host 147.173.246.1:32772, id=0, length=208 User-Name = "cric@domtest.fr" User-Password = "XXXXXXX" NAS-IP-Address = 147.173.246.1 Service-Type = Login-User Framed-IP-Address = 10.8.246.2 Calling-Station-Id = "00-30-13-C5-96-6D" Called-Station-Id = "00-E0-81-25-CB-01" NAS-Identifier = "Chillispot" Acct-Session-Id = "46f3c68900000000" NAS-Port-Type = Wireless-802.11 NAS-Port = 0 Message-Authenticator = 0xeb3a683ada75eb71ea1b13eee516a217 WISPr-Logoff-URL = "http://10.8.246.1:3990/logoff" Fri Sep 21 15:27:31 2007 : Debug: Processing the authorize section of radiusd.conf Fri Sep 21 15:27:31 2007 : Debug: modcall: entering group authorize for request 0 Fri Sep 21 15:27:31 2007 : Debug: modsingle[authorize]: calling preprocess (rlm_preprocess) for request 0 Fri Sep 21 15:27:31 2007 : Debug: modsingle[authorize]: returned from preprocess (rlm_preprocess) for request 0 Fri Sep 21 15:27:31 2007 : Debug: modcall[authorize]: module "preprocess" returns ok for request 0 Fri Sep 21 15:27:31 2007 : Debug: modsingle[authorize]: calling suffix (rlm_realm) for request 0 Fri Sep 21 15:27:31 2007 : Debug: rlm_realm: Looking up realm "domtest.fr" for User-Name = "cric@domtest.fr" Fri Sep 21 15:27:31 2007 : Debug: rlm_realm: Found realm "DEFAULT" Fri Sep 21 15:27:31 2007 : Debug: rlm_realm: Proxying request from user cric to realm DEFAULT Fri Sep 21 15:27:31 2007 : Debug: rlm_realm: Adding Realm = "DEFAULT" Fri Sep 21 15:27:31 2007 : Debug: rlm_realm: Preparing to proxy authentication request to realm "DEFAULT" Fri Sep 21 15:27:31 2007 : Debug: modsingle[authorize]: returned from suffix (rlm_realm) for request 0 Fri Sep 21 15:27:31 2007 : Debug: modcall[authorize]: module "suffix" returns updated for request 0 Fri Sep 21 15:27:31 2007 : Debug: modsingle[authorize]: calling eap (rlm_eap) for request 0 Fri Sep 21 15:27:31 2007 : Debug: rlm_eap: No EAP-Message, not doing EAP Fri Sep 21 15:27:31 2007 : Debug: modsingle[authorize]: returned from eap (rlm_eap) for request 0 Fri Sep 21 15:27:31 2007 : Debug: modcall[authorize]: module "eap" returns noop for request 0 Fri Sep 21 15:27:31 2007 : Debug: modsingle[authorize]: calling files (rlm_files) for request 0 Fri Sep 21 15:27:31 2007 : Debug: users: Matched entry DEFAULT at line 308 Fri Sep 21 15:27:31 2007 : Debug: modsingle[authorize]: returned from files (rlm_files) for request 0 Fri Sep 21 15:27:31 2007 : Debug: modcall[authorize]: module "files" returns ok for request 0 Fri Sep 21 15:27:31 2007 : Debug: modsingle[authorize]: calling pap (rlm_pap) for request 0 Fri Sep 21 15:27:31 2007 : Debug: modsingle[authorize]: returned from pap (rlm_pap) for request 0 Fri Sep 21 15:27:31 2007 : Debug: modcall[authorize]: module "pap" returns noop for request 0 Fri Sep 21 15:27:31 2007 : Debug: modcall: leaving group authorize (returns updated) for request 0 Fri Sep 21 15:27:31 2007 : Debug: Found Autz-Type ldap Fri Sep 21 15:27:31 2007 : Debug: Processing the authorize section of radiusd.conf Fri Sep 21 15:27:31 2007 : Debug: modcall: entering group LDAP for request 0 Fri Sep 21 15:27:31 2007 : Debug: modsingle[authorize]: calling ldap (rlm_ldap) for request 0 Fri Sep 21 15:27:31 2007 : Debug: rlm_ldap: - authorize Fri Sep 21 15:27:31 2007 : Debug: rlm_ldap: performing user authorization for cric@domtest.fr Fri Sep 21 15:27:31 2007 : Debug: radius_xlat: '(|(|(uid=cric@domtest.fr)(mail=cric@domtest.fr))(mail=cric@domtest.fr@grenoble.cnrs.fr))' Fri Sep 21 15:27:31 2007 : Debug: radius_xlat: 'ou=users,dc=grenoble,dc=cnrs,dc=fr' Fri Sep 21 15:27:31 2007 : Debug: rlm_ldap: ldap_get_conn: Checking Id: 0 Fri Sep 21 15:27:31 2007 : Debug: rlm_ldap: ldap_get_conn: Got Id: 0 Fri Sep 21 15:27:31 2007 : Debug: rlm_ldap: attempting LDAP reconnection Fri Sep 21 15:27:31 2007 : Debug: rlm_ldap: (re)connect to ldaps://ldap.grenoble.cnrs.fr, authentication 0 Fri Sep 21 15:27:31 2007 : Debug: rlm_ldap: bind as cn=rad,dc=grenoble,dc=cnrs,dc=fr/XXXXXXX to ldaps://ldap.grenoble.cnrs.fr Fri Sep 21 15:27:31 2007 : Debug: rlm_ldap: waiting for bind result ... Fri Sep 21 15:27:31 2007 : Debug: rlm_ldap: Bind was successful Fri Sep 21 15:27:31 2007 : Debug: rlm_ldap: performing search in ou=users,dc=grenoble,dc=cnrs,dc=fr, with filter (|(|(uid=cric@domtest.fr)(mail=cric@domtest.fr))(mail=cric@domtest.fr@grenoble.cnrs.fr)) Fri Sep 21 15:27:31 2007 : Debug: rlm_ldap: object not found or got ambiguous search result Fri Sep 21 15:27:31 2007 : Debug: rlm_ldap: search failed Fri Sep 21 15:27:31 2007 : Debug: rlm_ldap: ldap_release_conn: Release Id: 0 Fri Sep 21 15:27:31 2007 : Debug: modsingle[authorize]: returned from ldap (rlm_ldap) for request 0 Fri Sep 21 15:27:31 2007 : Debug: modcall[authorize]: module "ldap" returns notfound for request 0 Fri Sep 21 15:27:31 2007 : Debug: modcall: leaving group LDAP (returns notfound) for request 0 Fri Sep 21 15:27:31 2007 : Debug: Processing the pre-proxy section of radiusd.conf Fri Sep 21 15:27:31 2007 : Debug: modcall: entering group pre-proxy for request 0 Fri Sep 21 15:27:31 2007 : Debug: modsingle[pre-proxy]: calling files (rlm_files) for request 0 Fri Sep 21 15:27:31 2007 : Debug: preproxy_users: Matched entry DEFAULT at line 34 Fri Sep 21 15:27:31 2007 : Debug: modsingle[pre-proxy]: returned from files (rlm_files) for request 0 Fri Sep 21 15:27:31 2007 : Debug: modcall[pre-proxy]: module "files" returns ok for request 0 Fri Sep 21 15:27:31 2007 : Debug: modsingle[pre-proxy]: calling pre_proxy_log (rlm_detail) for request 0 Fri Sep 21 15:27:31 2007 : Debug: radius_xlat: '/var/log/freeradius/radacct/147.173.246.1/pre-proxy-detail-20070921' Fri Sep 21 15:27:31 2007 : Debug: rlm_detail: /var/log/freeradius/radacct/%{Client-IP-Address}/pre-proxy-detail-%Y%m%d expands to /var/log/freeradius/radacct/147.173.246.1/pre-proxy-detail-20070921 Fri Sep 21 15:27:31 2007 : Debug: modsingle[pre-proxy]: returned from pre_proxy_log (rlm_detail) for request 0 Fri Sep 21 15:27:31 2007 : Debug: modcall[pre-proxy]: module "pre_proxy_log" returns ok for request 0 Fri Sep 21 15:27:31 2007 : Debug: modcall: leaving group pre-proxy (returns ok) for request 0 Fri Sep 21 15:27:31 2007 : Debug: proxy: creating 1001ad93:1812 Fri Sep 21 15:27:31 2007 : Debug: proxy: allocating 1001ad93:1812 0 Sending Access-Request of id 0 to 147.173.1.16 port 1812 User-Name = "cric@domtest.fr" User-Password = "XXXXXXX" NAS-IP-Address := 147.173.1.27 Service-Type = Login-User Framed-IP-Address = 10.8.246.2 Calling-Station-Id = "00-30-13-C5-96-6D" Called-Station-Id = "00-E0-81-25-CB-01" NAS-Identifier = "Chillispot" Acct-Session-Id = "46f3c68900000000" NAS-Port-Type = Wireless-802.11 NAS-Port = 0 Message-Authenticator = 0x00000000000000000000000000000000 WISPr-Logoff-URL = "http://10.8.246.1:3990/logoff" Proxy-State = 0x30 Fri Sep 21 15:27:31 2007 : Debug: --- Walking the entire request list --- Fri Sep 21 15:27:31 2007 : Debug: Waking up in 6 seconds... rad_recv: Access-Accept packet from host 147.173.1.16:1812, id=0, length=40 Fri Sep 21 15:27:31 2007 : Debug: proxy: de-allocating 1001ad93:1812 0 Tunnel-Type:0 = VLAN Tunnel-Medium-Type:0 = IEEE-802 Tunnel-Private-Group-Id:0 = "240" Proxy-State = 0x30 Fri Sep 21 15:27:31 2007 : Debug: Processing the post-proxy section of radiusd.conf Fri Sep 21 15:27:31 2007 : Debug: modcall: entering group post-proxy for request 0 Fri Sep 21 15:27:31 2007 : Debug: modsingle[post-proxy]: calling post_proxy_log (rlm_detail) for request 0 Fri Sep 21 15:27:31 2007 : Debug: radius_xlat: '/var/log/freeradius/radacct/147.173.246.1/post-proxy-detail-20070921' Fri Sep 21 15:27:31 2007 : Debug: rlm_detail: /var/log/freeradius/radacct/%{Client-IP-Address}/post-proxy-detail-%Y%m%d expands to /var/log/freeradius/radacct/147.173.246.1/post-proxy-detail-20070921 Fri Sep 21 15:27:31 2007 : Debug: modsingle[post-proxy]: returned from post_proxy_log (rlm_detail) for request 0 Fri Sep 21 15:27:31 2007 : Debug: modcall[post-proxy]: module "post_proxy_log" returns ok for request 0 Fri Sep 21 15:27:31 2007 : Debug: modsingle[post-proxy]: calling attr_filter.post-proxy (rlm_attr_filter) for request 0 Fri Sep 21 15:27:31 2007 : Debug: attr_filter: Matched entry DEFAULT at line 106 Fri Sep 21 15:27:31 2007 : Debug: modsingle[post-proxy]: returned from attr_filter.post-proxy (rlm_attr_filter) for request 0 Fri Sep 21 15:27:31 2007 : Debug: modcall[post-proxy]: module "attr_filter.post-proxy" returns updated for request 0 Fri Sep 21 15:27:31 2007 : Debug: modsingle[post-proxy]: calling post_proxy_log_filtre (rlm_detail) for request 0 Fri Sep 21 15:27:31 2007 : Debug: radius_xlat: '/var/log/freeradius/radacct/147.173.246.1/post-proxy-detail-20070921-filtre' Fri Sep 21 15:27:31 2007 : Debug: rlm_detail: /var/log/freeradius/radacct/%{Client-IP-Address}/post-proxy-detail-%Y%m%d-filtre expands to /var/log/freeradius/radacct/147.173.246.1/post-proxy-detail-20070921-filtre Fri Sep 21 15:27:31 2007 : Debug: modsingle[post-proxy]: returned from post_proxy_log_filtre (rlm_detail) for request 0 Fri Sep 21 15:27:31 2007 : Debug: modcall[post-proxy]: module "post_proxy_log_filtre" returns ok for request 0 Fri Sep 21 15:27:31 2007 : Debug: modsingle[post-proxy]: calling eap (rlm_eap) for request 0 Fri Sep 21 15:27:31 2007 : Debug: modsingle[post-proxy]: returned from eap (rlm_eap) for request 0 Fri Sep 21 15:27:31 2007 : Debug: modcall[post-proxy]: module "eap" returns noop for request 0 Fri Sep 21 15:27:31 2007 : Debug: modcall: leaving group post-proxy (returns updated) for request 0 Fri Sep 21 15:27:31 2007 : Debug: Processing the authorize section of radiusd.conf Fri Sep 21 15:27:31 2007 : Debug: modcall: entering group authorize for request 0 Fri Sep 21 15:27:31 2007 : Debug: modsingle[authorize]: calling preprocess (rlm_preprocess) for request 0 Fri Sep 21 15:27:31 2007 : Debug: modsingle[authorize]: returned from preprocess (rlm_preprocess) for request 0 Fri Sep 21 15:27:31 2007 : Debug: modcall[authorize]: module "preprocess" returns ok for request 0 Fri Sep 21 15:27:31 2007 : Debug: modsingle[authorize]: calling suffix (rlm_realm) for request 0 Fri Sep 21 15:27:31 2007 : Debug: rlm_realm: Proxy reply, or no User-Name. Ignoring. Fri Sep 21 15:27:31 2007 : Debug: modsingle[authorize]: returned from suffix (rlm_realm) for request 0 Fri Sep 21 15:27:31 2007 : Debug: modcall[authorize]: module "suffix" returns noop for request 0 Fri Sep 21 15:27:31 2007 : Debug: modsingle[authorize]: calling eap (rlm_eap) for request 0 Fri Sep 21 15:27:31 2007 : Debug: modsingle[authorize]: returned from eap (rlm_eap) for request 0 Fri Sep 21 15:27:31 2007 : Debug: modcall[authorize]: module "eap" returns noop for request 0 Fri Sep 21 15:27:31 2007 : Debug: modsingle[authorize]: calling files (rlm_files) for request 0 Fri Sep 21 15:27:31 2007 : Debug: users: Matched entry DEFAULT at line 308 Fri Sep 21 15:27:31 2007 : Debug: modsingle[authorize]: returned from files (rlm_files) for request 0 Fri Sep 21 15:27:31 2007 : Debug: modcall[authorize]: module "files" returns ok for request 0 Fri Sep 21 15:27:31 2007 : Debug: modsingle[authorize]: calling pap (rlm_pap) for request 0 Fri Sep 21 15:27:31 2007 : Debug: modsingle[authorize]: returned from pap (rlm_pap) for request 0 Fri Sep 21 15:27:31 2007 : Debug: modcall[authorize]: module "pap" returns noop for request 0 Fri Sep 21 15:27:31 2007 : Debug: modcall: leaving group authorize (returns ok) for request 0 Fri Sep 21 15:27:31 2007 : Debug: Found Autz-Type ldap Fri Sep 21 15:27:31 2007 : Debug: Processing the authorize section of radiusd.conf Fri Sep 21 15:27:31 2007 : Debug: modcall: entering group LDAP for request 0 Fri Sep 21 15:27:31 2007 : Debug: modsingle[authorize]: calling ldap (rlm_ldap) for request 0 Fri Sep 21 15:27:31 2007 : Debug: rlm_ldap: - authorize Fri Sep 21 15:27:31 2007 : Debug: rlm_ldap: performing user authorization for cric@domtest.fr Fri Sep 21 15:27:31 2007 : Debug: radius_xlat: '(|(|(uid=cric@domtest.fr)(mail=cric@domtest.fr))(mail=cric@domtest.fr@grenoble.cnrs.fr))' Fri Sep 21 15:27:31 2007 : Debug: radius_xlat: 'ou=users,dc=grenoble,dc=cnrs,dc=fr' Fri Sep 21 15:27:31 2007 : Debug: rlm_ldap: ldap_get_conn: Checking Id: 0 Fri Sep 21 15:27:31 2007 : Debug: rlm_ldap: ldap_get_conn: Got Id: 0 Fri Sep 21 15:27:31 2007 : Debug: rlm_ldap: performing search in ou=users,dc=grenoble,dc=cnrs,dc=fr, with filter (|(|(uid=cric@domtest.fr)(mail=cric@domtest.fr))(mail=cric@domtest.fr@grenoble.cnrs.fr)) Fri Sep 21 15:27:31 2007 : Debug: rlm_ldap: object not found or got ambiguous search result Fri Sep 21 15:27:31 2007 : Debug: rlm_ldap: search failed Fri Sep 21 15:27:31 2007 : Debug: rlm_ldap: ldap_release_conn: Release Id: 0 Fri Sep 21 15:27:31 2007 : Debug: modsingle[authorize]: returned from ldap (rlm_ldap) for request 0 Fri Sep 21 15:27:31 2007 : Debug: modcall[authorize]: module "ldap" returns notfound for request 0 Fri Sep 21 15:27:31 2007 : Debug: modcall: leaving group LDAP (returns notfound) for request 0 Fri Sep 21 15:27:31 2007 : Debug: rad_check_password: Found Auth-Type Fri Sep 21 15:27:31 2007 : Debug: rad_check_password: Auth-Type = Accept, accepting the user Fri Sep 21 15:27:31 2007 : Auth: Login OK: [cric@domtest.fr] (from client chillispot port 0 cli 00-30-13-C5-96-6D) Sending Access-Accept of id 0 to 147.173.246.1 port 32772 Fri Sep 21 15:27:31 2007 : Debug: Finished request 0 Fri Sep 21 15:27:31 2007 : Debug: Going to the next request Fri Sep 21 15:27:31 2007 : Debug: rl_next: returning NULL Fri Sep 21 15:27:31 2007 : Debug: Waking up in 6 seconds... rad_recv: Accounting-Request packet from host 147.173.246.1:32770, id=10, length=145 Acct-Status-Type = Start User-Name = "cric@domtest.fr" Calling-Station-Id = "00-30-13-C5-96-6D" Called-Station-Id = "00-E0-81-25-CB-01" NAS-Port-Type = Wireless-802.11 NAS-Port = 0 NAS-Port-Id = "00000000" NAS-IP-Address = 147.173.246.1 NAS-Identifier = "Chillispot" Framed-IP-Address = 10.8.246.2 Acct-Session-Id = "46f3c68900000000" Fri Sep 21 15:27:31 2007 : Debug: Processing the preacct section of radiusd.conf Fri Sep 21 15:27:31 2007 : Debug: modcall: entering group preacct for request 1 Fri Sep 21 15:27:31 2007 : Debug: modsingle[preacct]: calling preprocess (rlm_preprocess) for request 1 Fri Sep 21 15:27:31 2007 : Debug: modsingle[preacct]: returned from preprocess (rlm_preprocess) for request 1 Fri Sep 21 15:27:31 2007 : Debug: modcall[preacct]: module "preprocess" returns noop for request 1 Fri Sep 21 15:27:31 2007 : Debug: modsingle[preacct]: calling acct_unique (rlm_acct_unique) for request 1 Fri Sep 21 15:27:31 2007 : Debug: rlm_acct_unique: Hashing 'NAS-Port = 0,Client-IP-Address = 147.173.246.1,NAS-IP-Address = 147.173.246.1,Acct-Session-Id = "46f3c68900000000",User-Name = "cric@domtest.fr"' Fri Sep 21 15:27:31 2007 : Debug: rlm_acct_unique: Acct-Unique-Session-ID = "1d9fbeddaa77f344". Fri Sep 21 15:27:31 2007 : Debug: modsingle[preacct]: returned from acct_unique (rlm_acct_unique) for request 1 Fri Sep 21 15:27:31 2007 : Debug: modcall[preacct]: module "acct_unique" returns ok for request 1 Fri Sep 21 15:27:31 2007 : Debug: modsingle[preacct]: calling suffix (rlm_realm) for request 1 Fri Sep 21 15:27:31 2007 : Debug: rlm_realm: Looking up realm "domtest.fr" for User-Name = "cric@domtest.fr" Fri Sep 21 15:27:31 2007 : Debug: rlm_realm: Found realm "DEFAULT" Fri Sep 21 15:27:31 2007 : Debug: rlm_realm: Proxying request from user cric to realm DEFAULT Fri Sep 21 15:27:31 2007 : Debug: rlm_realm: Adding Realm = "DEFAULT" Fri Sep 21 15:27:31 2007 : Debug: rlm_realm: Preparing to proxy accounting request to realm "DEFAULT" Fri Sep 21 15:27:31 2007 : Debug: modsingle[preacct]: returned from suffix (rlm_realm) for request 1 Fri Sep 21 15:27:31 2007 : Debug: modcall[preacct]: module "suffix" returns updated for request 1 Fri Sep 21 15:27:31 2007 : Debug: modsingle[preacct]: calling files (rlm_files) for request 1 Fri Sep 21 15:27:31 2007 : Debug: modsingle[preacct]: returned from files (rlm_files) for request 1 Fri Sep 21 15:27:31 2007 : Debug: modcall[preacct]: module "files" returns noop for request 1 Fri Sep 21 15:27:31 2007 : Debug: modcall: leaving group preacct (returns updated) for request 1 Fri Sep 21 15:27:31 2007 : Debug: Processing the accounting section of radiusd.conf Fri Sep 21 15:27:31 2007 : Debug: modcall: entering group accounting for request 1 Fri Sep 21 15:27:31 2007 : Debug: modsingle[accounting]: calling detail (rlm_detail) for request 1 Fri Sep 21 15:27:31 2007 : Debug: radius_xlat: '/var/log/freeradius/radacct/147.173.246.1/detail-20070921' Fri Sep 21 15:27:31 2007 : Debug: rlm_detail: /var/log/freeradius/radacct/%{Client-IP-Address}/detail-%Y%m%d expands to /var/log/freeradius/radacct/147.173.246.1/detail-20070921 Fri Sep 21 15:27:31 2007 : Debug: rlm_detail: Freeradius-Proxied-To set to 147.173.1.16 Fri Sep 21 15:27:31 2007 : Debug: modsingle[accounting]: returned from detail (rlm_detail) for request 1 Fri Sep 21 15:27:31 2007 : Debug: modcall[accounting]: module "detail" returns ok for request 1 Fri Sep 21 15:27:31 2007 : Debug: modsingle[accounting]: calling unix (rlm_unix) for request 1 Fri Sep 21 15:27:31 2007 : Debug: modsingle[accounting]: returned from unix (rlm_unix) for request 1 Fri Sep 21 15:27:31 2007 : Debug: modcall[accounting]: module "unix" returns ok for request 1 Fri Sep 21 15:27:31 2007 : Debug: modsingle[accounting]: calling radutmp (rlm_radutmp) for request 1 Fri Sep 21 15:27:31 2007 : Debug: radius_xlat: '/var/log/freeradius/radutmp' Fri Sep 21 15:27:31 2007 : Debug: radius_xlat: 'cric@domtest.fr' Fri Sep 21 15:27:31 2007 : Debug: modsingle[accounting]: returned from radutmp (rlm_radutmp) for request 1 Fri Sep 21 15:27:31 2007 : Debug: modcall[accounting]: module "radutmp" returns ok for request 1 Fri Sep 21 15:27:31 2007 : Debug: modsingle[accounting]: calling sql (rlm_sql) for request 1 Fri Sep 21 15:27:31 2007 : Debug: radius_xlat: 'cric@domtest.fr' Fri Sep 21 15:27:31 2007 : Debug: rlm_sql (sql): sql_set_user escaped user --> 'cric@domtest.fr' Fri Sep 21 15:27:31 2007 : Debug: radius_xlat: 'INSERT into radacct (AcctSessionId, AcctUniqueId, UserName, Realm, NASIPAddress, NASPortId, NASPortType, AcctStartTime, AcctStopTime, AcctSessionTime, AcctAuthentic, ConnectInfo_start, ConnectInfo_stop, AcctInputOctets, AcctOutputOctets, CalledStationId, CallingStationId, AcctTerminateCause, ServiceType, FramedProtocol, FramedIPAddress, AcctStartDelay, AcctStopDelay) values('46f3c68900000000', '1d9fbeddaa77f344', 'cric@domtest.fr', 'DEFAULT', '147.173.246.1', '0', 'Wireless-802.11', '2007-09-21 15:27:31', '0', '0', '', '', '', '0', '0', '00-E0-81-25-CB-01', '00-30-13-C5-96-6D', '', '', '', '10.8.246.2', '0', '0')' Fri Sep 21 15:27:31 2007 : Debug: radius_xlat: '/var/log/freeradius/sqltrace.sql' Fri Sep 21 15:27:31 2007 : Debug: rlm_sql (sql): Reserving sql socket id: 4 Fri Sep 21 15:27:31 2007 : Debug: rlm_sql_mysql: query: INSERT into radacct (AcctSessionId, AcctUniqueId, UserName, Realm, NASIPAddress, NASPortId, NASPortType, AcctStartTime, AcctStopTime, AcctSessionTime, AcctAuthentic, ConnectInfo_start, ConnectInfo_stop, AcctInputOctets, AcctOutputOctets, CalledStationId, CallingStationId, AcctTerminateCause, ServiceType, FramedProtocol, FramedIPAddress, AcctStartDelay, AcctStopDelay) values('46f3c68900000000', '1d9fbeddaa77f344', 'cric@domtest.fr', 'DEFAULT', '147.173.246.1', '0', 'Wireless-802.11', '2007-09-21 15:27:31', '0', '0', '', '', '', '0', '0', '00-E0-81-25-CB-01', '00-30-13-C5-96-6D', '', '', '', '10.8.246.2', '0', '0') Fri Sep 21 15:27:31 2007 : Debug: rlm_sql (sql): Released sql socket id: 4 Fri Sep 21 15:27:31 2007 : Debug: modsingle[accounting]: returned from sql (rlm_sql) for request 1 Fri Sep 21 15:27:31 2007 : Debug: modcall[accounting]: module "sql" returns ok for request 1 Fri Sep 21 15:27:31 2007 : Debug: modsingle[accounting]: calling attr_filter.accounting_response (rlm_attr_filter) for request 1 Fri Sep 21 15:27:31 2007 : Debug: attr_filter: Matched entry DEFAULT at line 12 Fri Sep 21 15:27:31 2007 : Debug: modsingle[accounting]: returned from attr_filter.accounting_response (rlm_attr_filter) for request 1 Fri Sep 21 15:27:31 2007 : Debug: modcall[accounting]: module "attr_filter.accounting_response" returns updated for request 1 Fri Sep 21 15:27:31 2007 : Debug: modcall: leaving group accounting (returns updated) for request 1 Fri Sep 21 15:27:31 2007 : Debug: Processing the pre-proxy section of radiusd.conf Fri Sep 21 15:27:31 2007 : Debug: modcall: entering group pre-proxy for request 1 Fri Sep 21 15:27:31 2007 : Debug: modsingle[pre-proxy]: calling files (rlm_files) for request 1 Fri Sep 21 15:27:31 2007 : Debug: preproxy_users: Matched entry DEFAULT at line 34 Fri Sep 21 15:27:31 2007 : Debug: modsingle[pre-proxy]: returned from files (rlm_files) for request 1 Fri Sep 21 15:27:31 2007 : Debug: modcall[pre-proxy]: module "files" returns ok for request 1 Fri Sep 21 15:27:31 2007 : Debug: modsingle[pre-proxy]: calling pre_proxy_log (rlm_detail) for request 1 Fri Sep 21 15:27:31 2007 : Debug: radius_xlat: '/var/log/freeradius/radacct//pre-proxy-detail-20070921' Fri Sep 21 15:27:31 2007 : Debug: rlm_detail: /var/log/freeradius/radacct/%{Client-IP-Address}/pre-proxy-detail-%Y%m%d expands to /var/log/freeradius/radacct//pre-proxy-detail-20070921 Fri Sep 21 15:27:31 2007 : Debug: modsingle[pre-proxy]: returned from pre_proxy_log (rlm_detail) for request 1 Fri Sep 21 15:27:31 2007 : Debug: modcall[pre-proxy]: module "pre_proxy_log" returns ok for request 1 Fri Sep 21 15:27:31 2007 : Debug: modcall: leaving group pre-proxy (returns ok) for request 1 Fri Sep 21 15:27:31 2007 : Debug: proxy: creating 1001ad93:1813 Fri Sep 21 15:27:31 2007 : Debug: proxy: allocating 1001ad93:1813 0 Sending Accounting-Request of id 0 to 147.173.1.16 port 1813 Proxy-State = 0x3130 NAS-IP-Address := 147.173.1.27 Fri Sep 21 15:27:31 2007 : Debug: Waking up in 6 seconds... rad_recv: Accounting-Response packet from host 147.173.1.16:1813, id=0, length=24 Fri Sep 21 15:27:31 2007 : Debug: proxy: de-allocating 1001ad93:1813 0 Proxy-State = 0x3130 Fri Sep 21 15:27:31 2007 : Debug: Processing the post-proxy section of radiusd.conf Fri Sep 21 15:27:31 2007 : Debug: modcall: entering group post-proxy for request 1 Fri Sep 21 15:27:31 2007 : Debug: modsingle[post-proxy]: calling post_proxy_log (rlm_detail) for request 1 Fri Sep 21 15:27:31 2007 : Debug: radius_xlat: '/var/log/freeradius/radacct//post-proxy-detail-20070921' Fri Sep 21 15:27:31 2007 : Debug: rlm_detail: /var/log/freeradius/radacct/%{Client-IP-Address}/post-proxy-detail-%Y%m%d expands to /var/log/freeradius/radacct//post-proxy-detail-20070921 Fri Sep 21 15:27:31 2007 : Debug: modsingle[post-proxy]: returned from post_proxy_log (rlm_detail) for request 1 Fri Sep 21 15:27:31 2007 : Debug: modcall[post-proxy]: module "post_proxy_log" returns ok for request 1 Fri Sep 21 15:27:31 2007 : Debug: modsingle[post-proxy]: calling attr_filter.post-proxy (rlm_attr_filter) for request 1 Fri Sep 21 15:27:31 2007 : Debug: attr_filter: Matched entry DEFAULT at line 106 Fri Sep 21 15:27:31 2007 : Debug: modsingle[post-proxy]: returned from attr_filter.post-proxy (rlm_attr_filter) for request 1 Fri Sep 21 15:27:31 2007 : Debug: modcall[post-proxy]: module "attr_filter.post-proxy" returns updated for request 1 Fri Sep 21 15:27:31 2007 : Debug: modsingle[post-proxy]: calling post_proxy_log_filtre (rlm_detail) for request 1 Fri Sep 21 15:27:31 2007 : Debug: radius_xlat: '/var/log/freeradius/radacct//post-proxy-detail-20070921-filtre' Fri Sep 21 15:27:31 2007 : Debug: rlm_detail: /var/log/freeradius/radacct/%{Client-IP-Address}/post-proxy-detail-%Y%m%d-filtre expands to /var/log/freeradius/radacct//post-proxy-detail-20070921-filtre Fri Sep 21 15:27:31 2007 : Debug: modsingle[post-proxy]: returned from post_proxy_log_filtre (rlm_detail) for request 1 Fri Sep 21 15:27:31 2007 : Debug: modcall[post-proxy]: module "post_proxy_log_filtre" returns ok for request 1 Fri Sep 21 15:27:31 2007 : Debug: modsingle[post-proxy]: calling eap (rlm_eap) for request 1 Fri Sep 21 15:27:31 2007 : Debug: modsingle[post-proxy]: returned from eap (rlm_eap) for request 1 Fri Sep 21 15:27:31 2007 : Debug: modcall[post-proxy]: module "eap" returns noop for request 1 Fri Sep 21 15:27:31 2007 : Debug: modcall: leaving group post-proxy (returns updated) for request 1 Sending Accounting-Response of id 10 to 147.173.246.1 port 32770 Fri Sep 21 15:27:31 2007 : Debug: Finished request 1 Fri Sep 21 15:27:31 2007 : Debug: Going to the next request Fri Sep 21 15:27:31 2007 : Debug: Cleaning up request 1 ID 10 with timestamp 46f3c6c3 Fri Sep 21 15:27:31 2007 : Debug: rl_next: returning NULL Fri Sep 21 15:27:31 2007 : Debug: Waking up in 6 seconds... Fri Sep 21 15:27:37 2007 : Debug: --- Walking the entire request list --- Fri Sep 21 15:27:37 2007 : Debug: Cleaning up request 0 ID 0 with timestamp 46f3c6c3 Fri Sep 21 15:27:37 2007 : Debug: Nothing to do. Sleeping until we see a request. rad_recv: Accounting-Request packet from host 147.173.246.1:32770, id=11, length=193 Acct-Status-Type = Stop User-Name = "cric@domtest.fr" Calling-Station-Id = "00-30-13-C5-96-6D" Called-Station-Id = "00-E0-81-25-CB-01" NAS-Port-Type = Wireless-802.11 NAS-Port = 0 NAS-Port-Id = "00000000" NAS-IP-Address = 147.173.246.1 NAS-Identifier = "Chillispot" Framed-IP-Address = 10.8.246.2 Acct-Session-Id = "46f3c68900000000" Acct-Input-Octets = 4868 Acct-Output-Octets = 12525 Acct-Input-Gigawords = 0 Acct-Output-Gigawords = 0 Acct-Input-Packets = 29 Acct-Output-Packets = 26 Acct-Session-Time = 12 Acct-Terminate-Cause = User-Request Fri Sep 21 15:27:43 2007 : Debug: Processing the preacct section of radiusd.conf Fri Sep 21 15:27:43 2007 : Debug: modcall: entering group preacct for request 2 Fri Sep 21 15:27:43 2007 : Debug: modsingle[preacct]: calling preprocess (rlm_preprocess) for request 2 Fri Sep 21 15:27:43 2007 : Debug: modsingle[preacct]: returned from preprocess (rlm_preprocess) for request 2 Fri Sep 21 15:27:43 2007 : Debug: modcall[preacct]: module "preprocess" returns noop for request 2 Fri Sep 21 15:27:43 2007 : Debug: modsingle[preacct]: calling acct_unique (rlm_acct_unique) for request 2 Fri Sep 21 15:27:43 2007 : Debug: rlm_acct_unique: Hashing 'NAS-Port = 0,Client-IP-Address = 147.173.246.1,NAS-IP-Address = 147.173.246.1,Acct-Session-Id = "46f3c68900000000",User-Name = "cric@domtest.fr"' Fri Sep 21 15:27:43 2007 : Debug: rlm_acct_unique: Acct-Unique-Session-ID = "1d9fbeddaa77f344". Fri Sep 21 15:27:43 2007 : Debug: modsingle[preacct]: returned from acct_unique (rlm_acct_unique) for request 2 Fri Sep 21 15:27:43 2007 : Debug: modcall[preacct]: module "acct_unique" returns ok for request 2 Fri Sep 21 15:27:43 2007 : Debug: modsingle[preacct]: calling suffix (rlm_realm) for request 2 Fri Sep 21 15:27:43 2007 : Debug: rlm_realm: Looking up realm "domtest.fr" for User-Name = "cric@domtest.fr" Fri Sep 21 15:27:43 2007 : Debug: rlm_realm: Found realm "DEFAULT" Fri Sep 21 15:27:43 2007 : Debug: rlm_realm: Proxying request from user cric to realm DEFAULT Fri Sep 21 15:27:43 2007 : Debug: rlm_realm: Adding Realm = "DEFAULT" Fri Sep 21 15:27:43 2007 : Debug: rlm_realm: Preparing to proxy accounting request to realm "DEFAULT" Fri Sep 21 15:27:43 2007 : Debug: modsingle[preacct]: returned from suffix (rlm_realm) for request 2 Fri Sep 21 15:27:43 2007 : Debug: modcall[preacct]: module "suffix" returns updated for request 2 Fri Sep 21 15:27:43 2007 : Debug: modsingle[preacct]: calling files (rlm_files) for request 2 Fri Sep 21 15:27:43 2007 : Debug: modsingle[preacct]: returned from files (rlm_files) for request 2 Fri Sep 21 15:27:43 2007 : Debug: modcall[preacct]: module "files" returns noop for request 2 Fri Sep 21 15:27:43 2007 : Debug: modcall: leaving group preacct (returns updated) for request 2 Fri Sep 21 15:27:43 2007 : Debug: Processing the accounting section of radiusd.conf Fri Sep 21 15:27:43 2007 : Debug: modcall: entering group accounting for request 2 Fri Sep 21 15:27:43 2007 : Debug: modsingle[accounting]: calling detail (rlm_detail) for request 2 Fri Sep 21 15:27:43 2007 : Debug: radius_xlat: '/var/log/freeradius/radacct/147.173.246.1/detail-20070921' Fri Sep 21 15:27:43 2007 : Debug: rlm_detail: /var/log/freeradius/radacct/%{Client-IP-Address}/detail-%Y%m%d expands to /var/log/freeradius/radacct/147.173.246.1/detail-20070921 Fri Sep 21 15:27:43 2007 : Debug: rlm_detail: Freeradius-Proxied-To set to 147.173.1.16 Fri Sep 21 15:27:43 2007 : Debug: modsingle[accounting]: returned from detail (rlm_detail) for request 2 Fri Sep 21 15:27:43 2007 : Debug: modcall[accounting]: module "detail" returns ok for request 2 Fri Sep 21 15:27:43 2007 : Debug: modsingle[accounting]: calling unix (rlm_unix) for request 2 Fri Sep 21 15:27:43 2007 : Debug: modsingle[accounting]: returned from unix (rlm_unix) for request 2 Fri Sep 21 15:27:43 2007 : Debug: modcall[accounting]: module "unix" returns ok for request 2 Fri Sep 21 15:27:43 2007 : Debug: modsingle[accounting]: calling radutmp (rlm_radutmp) for request 2 Fri Sep 21 15:27:43 2007 : Debug: radius_xlat: '/var/log/freeradius/radutmp' Fri Sep 21 15:27:43 2007 : Debug: radius_xlat: 'cric@domtest.fr' Fri Sep 21 15:27:43 2007 : Debug: modsingle[accounting]: returned from radutmp (rlm_radutmp) for request 2 Fri Sep 21 15:27:43 2007 : Debug: modcall[accounting]: module "radutmp" returns ok for request 2 Fri Sep 21 15:27:43 2007 : Debug: modsingle[accounting]: calling sql (rlm_sql) for request 2 Fri Sep 21 15:27:43 2007 : Debug: radius_xlat: 'cric@domtest.fr' Fri Sep 21 15:27:43 2007 : Debug: rlm_sql (sql): sql_set_user escaped user --> 'cric@domtest.fr' Fri Sep 21 15:27:43 2007 : Debug: radius_xlat: 'UPDATE radacct SET AcctStopTime = '2007-09-21 15:27:43', AcctSessionTime = '12', AcctInputOctets = '4868', AcctOutputOctets = '12525', AcctTerminateCause = 'User-Request', AcctStopDelay = '0', ConnectInfo_stop = '' WHERE AcctSessionId = '46f3c68900000000' AND UserName = 'cric@domtest.fr' AND NASIPAddress = '147.173.246.1'' Fri Sep 21 15:27:43 2007 : Debug: radius_xlat: '/var/log/freeradius/sqltrace.sql' Fri Sep 21 15:27:43 2007 : Debug: rlm_sql (sql): Reserving sql socket id: 3 Fri Sep 21 15:27:43 2007 : Debug: rlm_sql_mysql: query: UPDATE radacct SET AcctStopTime = '2007-09-21 15:27:43', AcctSessionTime = '12', AcctInputOctets = '4868', AcctOutputOctets = '12525', AcctTerminateCause = 'User-Request', AcctStopDelay = '0', ConnectInfo_stop = '' WHERE AcctSessionId = '46f3c68900000000' AND UserName = 'cric@domtest.fr' AND NASIPAddress = '147.173.246.1' Fri Sep 21 15:27:43 2007 : Debug: rlm_sql (sql): Released sql socket id: 3 Fri Sep 21 15:27:43 2007 : Debug: modsingle[accounting]: returned from sql (rlm_sql) for request 2 Fri Sep 21 15:27:43 2007 : Debug: modcall[accounting]: module "sql" returns ok for request 2 Fri Sep 21 15:27:43 2007 : Debug: modsingle[accounting]: calling attr_filter.accounting_response (rlm_attr_filter) for request 2 Fri Sep 21 15:27:43 2007 : Debug: attr_filter: Matched entry DEFAULT at line 12 Fri Sep 21 15:27:43 2007 : Debug: modsingle[accounting]: returned from attr_filter.accounting_response (rlm_attr_filter) for request 2 Fri Sep 21 15:27:43 2007 : Debug: modcall[accounting]: module "attr_filter.accounting_response" returns updated for request 2 Fri Sep 21 15:27:43 2007 : Debug: modcall: leaving group accounting (returns updated) for request 2 Fri Sep 21 15:27:43 2007 : Debug: Processing the pre-proxy section of radiusd.conf Fri Sep 21 15:27:43 2007 : Debug: modcall: entering group pre-proxy for request 2 Fri Sep 21 15:27:43 2007 : Debug: modsingle[pre-proxy]: calling files (rlm_files) for request 2 Fri Sep 21 15:27:43 2007 : Debug: preproxy_users: Matched entry DEFAULT at line 34 Fri Sep 21 15:27:43 2007 : Debug: modsingle[pre-proxy]: returned from files (rlm_files) for request 2 Fri Sep 21 15:27:43 2007 : Debug: modcall[pre-proxy]: module "files" returns ok for request 2 Fri Sep 21 15:27:43 2007 : Debug: modsingle[pre-proxy]: calling pre_proxy_log (rlm_detail) for request 2 Fri Sep 21 15:27:43 2007 : Debug: radius_xlat: '/var/log/freeradius/radacct//pre-proxy-detail-20070921' Fri Sep 21 15:27:43 2007 : Debug: rlm_detail: /var/log/freeradius/radacct/%{Client-IP-Address}/pre-proxy-detail-%Y%m%d expands to /var/log/freeradius/radacct//pre-proxy-detail-20070921 Fri Sep 21 15:27:43 2007 : Debug: modsingle[pre-proxy]: returned from pre_proxy_log (rlm_detail) for request 2 Fri Sep 21 15:27:43 2007 : Debug: modcall[pre-proxy]: module "pre_proxy_log" returns ok for request 2 Fri Sep 21 15:27:43 2007 : Debug: modcall: leaving group pre-proxy (returns ok) for request 2 Fri Sep 21 15:27:43 2007 : Debug: proxy: allocating 1001ad93:1813 1 Sending Accounting-Request of id 1 to 147.173.1.16 port 1813 Proxy-State = 0x3131 NAS-IP-Address := 147.173.1.27 Fri Sep 21 15:27:43 2007 : Debug: --- Walking the entire request list --- Fri Sep 21 15:27:43 2007 : Debug: Waking up in 6 seconds... rad_recv: Accounting-Response packet from host 147.173.1.16:1813, id=1, length=24 Fri Sep 21 15:27:43 2007 : Debug: proxy: de-allocating 1001ad93:1813 1 Proxy-State = 0x3131 Fri Sep 21 15:27:43 2007 : Debug: Processing the post-proxy section of radiusd.conf Fri Sep 21 15:27:43 2007 : Debug: modcall: entering group post-proxy for request 2 Fri Sep 21 15:27:43 2007 : Debug: modsingle[post-proxy]: calling post_proxy_log (rlm_detail) for request 2 Fri Sep 21 15:27:43 2007 : Debug: radius_xlat: '/var/log/freeradius/radacct//post-proxy-detail-20070921' Fri Sep 21 15:27:43 2007 : Debug: rlm_detail: /var/log/freeradius/radacct/%{Client-IP-Address}/post-proxy-detail-%Y%m%d expands to /var/log/freeradius/radacct//post-proxy-detail-20070921 Fri Sep 21 15:27:43 2007 : Debug: modsingle[post-proxy]: returned from post_proxy_log (rlm_detail) for request 2 Fri Sep 21 15:27:43 2007 : Debug: modcall[post-proxy]: module "post_proxy_log" returns ok for request 2 Fri Sep 21 15:27:43 2007 : Debug: modsingle[post-proxy]: calling attr_filter.post-proxy (rlm_attr_filter) for request 2 Fri Sep 21 15:27:43 2007 : Debug: attr_filter: Matched entry DEFAULT at line 106 Fri Sep 21 15:27:43 2007 : Debug: modsingle[post-proxy]: returned from attr_filter.post-proxy (rlm_attr_filter) for request 2 Fri Sep 21 15:27:43 2007 : Debug: modcall[post-proxy]: module "attr_filter.post-proxy" returns updated for request 2 Fri Sep 21 15:27:43 2007 : Debug: modsingle[post-proxy]: calling post_proxy_log_filtre (rlm_detail) for request 2 Fri Sep 21 15:27:43 2007 : Debug: radius_xlat: '/var/log/freeradius/radacct//post-proxy-detail-20070921-filtre' Fri Sep 21 15:27:43 2007 : Debug: rlm_detail: /var/log/freeradius/radacct/%{Client-IP-Address}/post-proxy-detail-%Y%m%d-filtre expands to /var/log/freeradius/radacct//post-proxy-detail-20070921-filtre Fri Sep 21 15:27:43 2007 : Debug: modsingle[post-proxy]: returned from post_proxy_log_filtre (rlm_detail) for request 2 Fri Sep 21 15:27:43 2007 : Debug: modcall[post-proxy]: module "post_proxy_log_filtre" returns ok for request 2 Fri Sep 21 15:27:43 2007 : Debug: modsingle[post-proxy]: calling eap (rlm_eap) for request 2 Fri Sep 21 15:27:43 2007 : Debug: modsingle[post-proxy]: returned from eap (rlm_eap) for request 2 Fri Sep 21 15:27:43 2007 : Debug: modcall[post-proxy]: module "eap" returns noop for request 2 Fri Sep 21 15:27:43 2007 : Debug: modcall: leaving group post-proxy (returns updated) for request 2 Sending Accounting-Response of id 11 to 147.173.246.1 port 32770 Fri Sep 21 15:27:43 2007 : Debug: Finished request 2 Fri Sep 21 15:27:43 2007 : Debug: Going to the next request Fri Sep 21 15:27:43 2007 : Debug: rl_next: returning NULL Fri Sep 21 15:27:43 2007 : Debug: Cleaning up request 2 ID 11 with timestamp 46f3c6cf Fri Sep 21 15:27:43 2007 : Debug: rl_next: returning NULL Fri Sep 21 15:27:43 2007 : Debug: Waking up in 6 seconds...
Fri Sep 21 15:25:57 2007 : Info: Starting - reading configuration files ... Fri Sep 21 15:25:57 2007 : Debug: reread_config: reading radiusd.conf Fri Sep 21 15:25:57 2007 : Debug: Config: including file: /etc/freeradius/proxy.conf Fri Sep 21 15:25:57 2007 : Debug: Config: including file: /etc/freeradius/clients.conf Fri Sep 21 15:25:57 2007 : Debug: Config: including file: /etc/freeradius/snmp.conf Fri Sep 21 15:25:57 2007 : Debug: Config: including file: /etc/freeradius/eap.conf Fri Sep 21 15:25:57 2007 : Debug: Config: including file: /etc/freeradius/sql.conf Fri Sep 21 15:25:57 2007 : Debug: main: prefix = "/usr" Fri Sep 21 15:25:57 2007 : Debug: main: localstatedir = "/var" Fri Sep 21 15:25:57 2007 : Debug: main: logdir = "/var/log/freeradius" Fri Sep 21 15:25:57 2007 : Debug: main: libdir = "/usr/lib/freeradius" Fri Sep 21 15:25:57 2007 : Debug: main: radacctdir = "/var/log/freeradius/radacct" Fri Sep 21 15:25:57 2007 : Debug: main: hostname_lookups = no Fri Sep 21 15:25:57 2007 : Debug: main: snmp = no Fri Sep 21 15:25:57 2007 : Debug: main: max_request_time = 30 Fri Sep 21 15:25:57 2007 : Debug: main: cleanup_delay = 5 Fri Sep 21 15:25:57 2007 : Debug: main: max_requests = 1024 Fri Sep 21 15:25:57 2007 : Debug: main: delete_blocked_requests = 0 Fri Sep 21 15:25:57 2007 : Debug: main: port = 1812 Fri Sep 21 15:25:57 2007 : Debug: main: allow_core_dumps = no Fri Sep 21 15:25:57 2007 : Debug: main: log_stripped_names = no Fri Sep 21 15:25:57 2007 : Debug: main: log_file = "/var/log/freeradius/radius.log" Fri Sep 21 15:25:57 2007 : Debug: main: log_auth = yes Fri Sep 21 15:25:57 2007 : Debug: main: log_auth_badpass = no Fri Sep 21 15:25:57 2007 : Debug: main: log_auth_goodpass = no Fri Sep 21 15:25:57 2007 : Debug: main: pidfile = "/var/run/freeradius/freeradius.pid" Fri Sep 21 15:25:57 2007 : Debug: main: user = "freerad" Fri Sep 21 15:25:57 2007 : Debug: main: group = "freerad" Fri Sep 21 15:25:57 2007 : Debug: main: usercollide = no Fri Sep 21 15:25:57 2007 : Debug: main: lower_user = "no" Fri Sep 21 15:25:57 2007 : Debug: main: lower_pass = "no" Fri Sep 21 15:25:57 2007 : Debug: main: nospace_user = "no" Fri Sep 21 15:25:57 2007 : Debug: main: nospace_pass = "no" Fri Sep 21 15:25:57 2007 : Debug: main: checkrad = "/usr/sbin/checkrad" Fri Sep 21 15:25:57 2007 : Debug: main: proxy_requests = yes Fri Sep 21 15:25:57 2007 : Debug: proxy: retry_delay = 5 Fri Sep 21 15:25:57 2007 : Debug: proxy: retry_count = 3 Fri Sep 21 15:25:57 2007 : Debug: proxy: synchronous = no Fri Sep 21 15:25:57 2007 : Debug: proxy: default_fallback = yes Fri Sep 21 15:25:57 2007 : Debug: proxy: dead_time = 120 Fri Sep 21 15:25:57 2007 : Debug: proxy: post_proxy_authorize = yes Fri Sep 21 15:25:57 2007 : Debug: proxy: wake_all_if_all_dead = no Fri Sep 21 15:25:57 2007 : Debug: security: max_attributes = 200 Fri Sep 21 15:25:57 2007 : Debug: security: reject_delay = 1 Fri Sep 21 15:25:57 2007 : Debug: security: status_server = yes Fri Sep 21 15:25:57 2007 : Debug: main: debug_level = 0 Fri Sep 21 15:25:57 2007 : Debug: read_config_files: reading dictionary Fri Sep 21 15:25:57 2007 : Debug: read_config_files: reading naslist Fri Sep 21 15:25:57 2007 : Debug: read_config_files: reading clients Fri Sep 21 15:25:57 2007 : Debug: read_config_files: reading realms Fri Sep 21 15:25:57 2007 : Debug: listen: port = 0 Fri Sep 21 15:25:57 2007 : Debug: listen: type = "auth" Fri Sep 21 15:25:57 2007 : Debug: listen: port = 0 Fri Sep 21 15:25:57 2007 : Debug: listen: type = "acct" Fri Sep 21 15:25:57 2007 : Debug: radiusd: entering modules setup Fri Sep 21 15:25:57 2007 : Debug: Module: Library search path is /usr/lib/freeradius Fri Sep 21 15:25:57 2007 : Debug: Module: Loaded exec Fri Sep 21 15:25:57 2007 : Debug: exec: wait = no Fri Sep 21 15:25:57 2007 : Debug: exec: program = "(null)" Fri Sep 21 15:25:57 2007 : Debug: exec: input_pairs = "request" Fri Sep 21 15:25:57 2007 : Debug: exec: output_pairs = "(null)" Fri Sep 21 15:25:57 2007 : Debug: exec: packet_type = "(null)" Fri Sep 21 15:25:57 2007 : Debug: Module: Instantiated exec (exec) Fri Sep 21 15:25:57 2007 : Debug: Module: Loaded expr Fri Sep 21 15:25:57 2007 : Debug: Module: Instantiated expr (expr) Fri Sep 21 15:25:57 2007 : Debug: Module: Loaded LDAP Fri Sep 21 15:25:57 2007 : Debug: ldap: server = "ldaps://ldap.grenoble.cnrs.fr" Fri Sep 21 15:25:57 2007 : Debug: ldap: port = 389 Fri Sep 21 15:25:57 2007 : Debug: ldap: net_timeout = 1 Fri Sep 21 15:25:57 2007 : Debug: ldap: timeout = 4 Fri Sep 21 15:25:57 2007 : Debug: ldap: timelimit = 3 Fri Sep 21 15:25:57 2007 : Debug: ldap: identity = "cn=rad,dc=grenoble,dc=cnrs,dc=fr" Fri Sep 21 15:25:57 2007 : Debug: ldap: tls_mode = no Fri Sep 21 15:25:57 2007 : Debug: ldap: start_tls = no Fri Sep 21 15:25:57 2007 : Debug: ldap: tls_cacertfile = "(null)" Fri Sep 21 15:25:57 2007 : Debug: ldap: tls_cacertdir = "(null)" Fri Sep 21 15:25:57 2007 : Debug: ldap: tls_certfile = "(null)" Fri Sep 21 15:25:57 2007 : Debug: ldap: tls_keyfile = "(null)" Fri Sep 21 15:25:57 2007 : Debug: ldap: tls_randfile = "(null)" Fri Sep 21 15:25:57 2007 : Debug: ldap: tls_require_cert = "allow" Fri Sep 21 15:25:57 2007 : Debug: ldap: password = "XXXXXXX" Fri Sep 21 15:25:57 2007 : Debug: ldap: basedn = "ou=users,dc=grenoble,dc=cnrs,dc=fr" Fri Sep 21 15:25:57 2007 : Debug: ldap: filter = "(|(|(uid=%{Stripped-User-Name:-%{User-Name}})(mail=%{Stripped-User-Name:-%{User-Name}}))(mail=%{Stripped-User-Name:-%{User-Name}}@grenoble.cnrs.fr))" Fri Sep 21 15:25:57 2007 : Debug: ldap: base_filter = "(objectclass=radiusprofile)" Fri Sep 21 15:25:57 2007 : Debug: ldap: default_profile = "(null)" Fri Sep 21 15:25:57 2007 : Debug: ldap: profile_attribute = "(null)" Fri Sep 21 15:25:57 2007 : Debug: ldap: password_header = "(null)" Fri Sep 21 15:25:57 2007 : Debug: ldap: password_attribute = "(null)" Fri Sep 21 15:25:57 2007 : Debug: ldap: access_attr = "(null)" Fri Sep 21 15:25:57 2007 : Debug: ldap: groupname_attribute = "radiusGroupName" Fri Sep 21 15:25:57 2007 : Debug: ldap: groupmembership_filter = "(|(|(uid=%{Stripped-User-Name:-%{User-Name}})(mail=%{Stripped-User-Name:-%{User-Name}}))(mail=%{Stripped-User-Name:-%{User-Name}}@grenoble.cnrs.fr))" Fri Sep 21 15:25:57 2007 : Debug: ldap: groupmembership_attribute = "radiusGroupName" Fri Sep 21 15:25:57 2007 : Debug: ldap: dictionary_mapping = "/etc/freeradius/ldap.attrmap" Fri Sep 21 15:25:57 2007 : Debug: ldap: ldap_debug = 0 Fri Sep 21 15:25:57 2007 : Debug: ldap: ldap_connections_number = 5 Fri Sep 21 15:25:57 2007 : Debug: ldap: compare_check_items = no Fri Sep 21 15:25:57 2007 : Debug: ldap: access_attr_used_for_allow = yes Fri Sep 21 15:25:57 2007 : Debug: ldap: do_xlat = yes Fri Sep 21 15:25:57 2007 : Debug: ldap: edir_account_policy_check = no Fri Sep 21 15:25:57 2007 : Debug: ldap: set_auth_type = yes Fri Sep 21 15:25:57 2007 : Debug: rlm_ldap: Registering ldap_groupcmp for Ldap-Group Fri Sep 21 15:25:57 2007 : Debug: rlm_ldap: Registering ldap_xlat with xlat_name ldap Fri Sep 21 15:25:57 2007 : Debug: rlm_ldap: reading ldap<->radius mappings from file /etc/freeradius/ldap.attrmap Fri Sep 21 15:25:57 2007 : Debug: rlm_ldap: LDAP radiusCheckItem mapped to RADIUS $GENERIC$ Fri Sep 21 15:25:57 2007 : Debug: rlm_ldap: LDAP radiusReplyItem mapped to RADIUS $GENERIC$ Fri Sep 21 15:25:57 2007 : Debug: rlm_ldap: LDAP radiusAuthType mapped to RADIUS Auth-Type Fri Sep 21 15:25:57 2007 : Debug: rlm_ldap: LDAP radiusSimultaneousUse mapped to RADIUS Simultaneous-Use Fri Sep 21 15:25:57 2007 : Debug: rlm_ldap: LDAP radiusCalledStationId mapped to RADIUS Called-Station-Id Fri Sep 21 15:25:57 2007 : Debug: rlm_ldap: LDAP radiusCallingStationId mapped to RADIUS Calling-Station-Id Fri Sep 21 15:25:57 2007 : Debug: rlm_ldap: LDAP lmPassword mapped to RADIUS LM-Password Fri Sep 21 15:25:57 2007 : Debug: rlm_ldap: LDAP ntPassword mapped to RADIUS NT-Password Fri Sep 21 15:25:57 2007 : Debug: rlm_ldap: LDAP acctFlags mapped to RADIUS SMB-Account-CTRL-TEXT Fri Sep 21 15:25:57 2007 : Debug: rlm_ldap: LDAP radiusExpiration mapped to RADIUS Expiration Fri Sep 21 15:25:57 2007 : Debug: rlm_ldap: LDAP radiusNASIpAddress mapped to RADIUS NAS-IP-Address Fri Sep 21 15:25:57 2007 : Debug: rlm_ldap: LDAP radiusServiceType mapped to RADIUS Service-Type Fri Sep 21 15:25:57 2007 : Debug: rlm_ldap: LDAP radiusFramedProtocol mapped to RADIUS Framed-Protocol Fri Sep 21 15:25:57 2007 : Debug: rlm_ldap: LDAP radiusFramedIPAddress mapped to RADIUS Framed-IP-Address Fri Sep 21 15:25:57 2007 : Debug: rlm_ldap: LDAP radiusFramedIPNetmask mapped to RADIUS Framed-IP-Netmask Fri Sep 21 15:25:57 2007 : Debug: rlm_ldap: LDAP radiusFramedRoute mapped to RADIUS Framed-Route Fri Sep 21 15:25:57 2007 : Debug: rlm_ldap: LDAP radiusFramedRouting mapped to RADIUS Framed-Routing Fri Sep 21 15:25:57 2007 : Debug: rlm_ldap: LDAP radiusFilterId mapped to RADIUS Filter-Id Fri Sep 21 15:25:57 2007 : Debug: rlm_ldap: LDAP radiusFramedMTU mapped to RADIUS Framed-MTU Fri Sep 21 15:25:57 2007 : Debug: rlm_ldap: LDAP radiusFramedCompression mapped to RADIUS Framed-Compression Fri Sep 21 15:25:57 2007 : Debug: rlm_ldap: LDAP radiusLoginIPHost mapped to RADIUS Login-IP-Host Fri Sep 21 15:25:57 2007 : Debug: rlm_ldap: LDAP radiusLoginService mapped to RADIUS Login-Service Fri Sep 21 15:25:57 2007 : Debug: rlm_ldap: LDAP radiusLoginTCPPort mapped to RADIUS Login-TCP-Port Fri Sep 21 15:25:57 2007 : Debug: rlm_ldap: LDAP radiusCallbackNumber mapped to RADIUS Callback-Number Fri Sep 21 15:25:57 2007 : Debug: rlm_ldap: LDAP radiusCallbackId mapped to RADIUS Callback-Id Fri Sep 21 15:25:57 2007 : Debug: rlm_ldap: LDAP radiusFramedIPXNetwork mapped to RADIUS Framed-IPX-Network Fri Sep 21 15:25:57 2007 : Debug: rlm_ldap: LDAP radiusClass mapped to RADIUS Class Fri Sep 21 15:25:57 2007 : Debug: rlm_ldap: LDAP radiusSessionTimeout mapped to RADIUS Session-Timeout Fri Sep 21 15:25:57 2007 : Debug: rlm_ldap: LDAP radiusIdleTimeout mapped to RADIUS Idle-Timeout Fri Sep 21 15:25:57 2007 : Debug: rlm_ldap: LDAP radiusTerminationAction mapped to RADIUS Termination-Action Fri Sep 21 15:25:57 2007 : Debug: rlm_ldap: LDAP radiusLoginLATService mapped to RADIUS Login-LAT-Service Fri Sep 21 15:25:57 2007 : Debug: rlm_ldap: LDAP radiusLoginLATNode mapped to RADIUS Login-LAT-Node Fri Sep 21 15:25:57 2007 : Debug: rlm_ldap: LDAP radiusLoginLATGroup mapped to RADIUS Login-LAT-Group Fri Sep 21 15:25:57 2007 : Debug: rlm_ldap: LDAP radiusFramedAppleTalkLink mapped to RADIUS Framed-AppleTalk-Link Fri Sep 21 15:25:57 2007 : Debug: rlm_ldap: LDAP radiusFramedAppleTalkNetwork mapped to RADIUS Framed-AppleTalk-Network Fri Sep 21 15:25:57 2007 : Debug: rlm_ldap: LDAP radiusFramedAppleTalkZone mapped to RADIUS Framed-AppleTalk-Zone Fri Sep 21 15:25:57 2007 : Debug: rlm_ldap: LDAP radiusPortLimit mapped to RADIUS Port-Limit Fri Sep 21 15:25:57 2007 : Debug: rlm_ldap: LDAP radiusLoginLATPort mapped to RADIUS Login-LAT-Port Fri Sep 21 15:25:57 2007 : Debug: rlm_ldap: LDAP radiusReplyMessage mapped to RADIUS Reply-Message Fri Sep 21 15:25:57 2007 : Debug: conns: 0x5555557bc4c0 Fri Sep 21 15:25:57 2007 : Debug: Module: Instantiated ldap (ldap) Fri Sep 21 15:25:57 2007 : Debug: Module: Loaded eap Fri Sep 21 15:25:57 2007 : Debug: eap: default_eap_type = "ttls" Fri Sep 21 15:25:57 2007 : Debug: eap: timer_expire = 60 Fri Sep 21 15:25:57 2007 : Debug: eap: ignore_unknown_eap_types = yes Fri Sep 21 15:25:57 2007 : Debug: eap: cisco_accounting_username_bug = no Fri Sep 21 15:25:57 2007 : Debug: tls: rsa_key_exchange = no Fri Sep 21 15:25:57 2007 : Debug: tls: dh_key_exchange = yes Fri Sep 21 15:25:57 2007 : Debug: tls: rsa_key_length = 512 Fri Sep 21 15:25:57 2007 : Debug: tls: dh_key_length = 512 Fri Sep 21 15:25:57 2007 : Debug: tls: verify_depth = 0 Fri Sep 21 15:25:57 2007 : Debug: tls: CA_path = "(null)" Fri Sep 21 15:25:57 2007 : Debug: tls: pem_file_type = yes Fri Sep 21 15:25:57 2007 : Debug: tls: private_key_file = "/etc/freeradius/certs/radius.grenoble.cnrs.fr.key" Fri Sep 21 15:25:57 2007 : Debug: tls: certificate_file = "/etc/freeradius/certs/radius.grenoble.cnrs.fr.crt" Fri Sep 21 15:25:57 2007 : Debug: tls: CA_file = "/etc/freeradius/certs/CACNRS.pem" Fri Sep 21 15:25:57 2007 : Debug: tls: private_key_password = "(null)" Fri Sep 21 15:25:57 2007 : Debug: tls: dh_file = "/etc/freeradius/certs/dh" Fri Sep 21 15:25:57 2007 : Debug: tls: random_file = "/etc/freeradius/certs/random" Fri Sep 21 15:25:57 2007 : Debug: tls: fragment_size = 1024 Fri Sep 21 15:25:57 2007 : Debug: tls: include_length = yes Fri Sep 21 15:25:57 2007 : Debug: tls: check_crl = no Fri Sep 21 15:25:57 2007 : Debug: tls: check_cert_cn = "(null)" Fri Sep 21 15:25:57 2007 : Debug: tls: cipher_list = "DEFAULT" Fri Sep 21 15:25:57 2007 : Debug: tls: check_cert_issuer = "(null)" Fri Sep 21 15:25:57 2007 : Info: rlm_eap_tls: Loading the certificate file as a chain Fri Sep 21 15:25:57 2007 : Debug: rlm_eap: Loaded and initialized type tls Fri Sep 21 15:25:57 2007 : Debug: ttls: default_eap_type = "md5" Fri Sep 21 15:25:57 2007 : Debug: ttls: copy_request_to_tunnel = yes Fri Sep 21 15:25:57 2007 : Debug: ttls: use_tunneled_reply = yes Fri Sep 21 15:25:57 2007 : Debug: rlm_eap: Loaded and initialized type ttls Fri Sep 21 15:25:57 2007 : Debug: Module: Instantiated eap (eap) Fri Sep 21 15:25:57 2007 : Debug: Module: Loaded preprocess Fri Sep 21 15:25:57 2007 : Debug: preprocess: huntgroups = "/etc/freeradius/huntgroups" Fri Sep 21 15:25:57 2007 : Debug: preprocess: hints = "/etc/freeradius/hints" Fri Sep 21 15:25:57 2007 : Debug: preprocess: with_ascend_hack = no Fri Sep 21 15:25:57 2007 : Debug: preprocess: ascend_channels_per_line = 23 Fri Sep 21 15:25:57 2007 : Debug: preprocess: with_ntdomain_hack = no Fri Sep 21 15:25:57 2007 : Debug: preprocess: with_specialix_jetstream_hack = no Fri Sep 21 15:25:57 2007 : Debug: preprocess: with_cisco_vsa_hack = no Fri Sep 21 15:25:57 2007 : Debug: preprocess: with_alvarion_vsa_hack = no Fri Sep 21 15:25:57 2007 : Debug: Module: Instantiated preprocess (preprocess) Fri Sep 21 15:25:57 2007 : Debug: Module: Loaded realm Fri Sep 21 15:25:57 2007 : Debug: realm: format = "suffix" Fri Sep 21 15:25:57 2007 : Debug: realm: delimiter = "@" Fri Sep 21 15:25:57 2007 : Debug: realm: ignore_default = no Fri Sep 21 15:25:57 2007 : Debug: realm: ignore_null = no Fri Sep 21 15:25:57 2007 : Debug: Module: Instantiated realm (suffix) Fri Sep 21 15:25:57 2007 : Debug: Module: Loaded files Fri Sep 21 15:25:57 2007 : Debug: files: usersfile = "/etc/freeradius/users" Fri Sep 21 15:25:57 2007 : Debug: files: acctusersfile = "/etc/freeradius/acct_users" Fri Sep 21 15:25:57 2007 : Debug: files: preproxy_usersfile = "/etc/freeradius/preproxy_users" Fri Sep 21 15:25:57 2007 : Debug: files: compat = "no" Fri Sep 21 15:25:57 2007 : Debug: Module: Instantiated files (files) Fri Sep 21 15:25:57 2007 : Debug: Module: Loaded PAP Fri Sep 21 15:25:57 2007 : Debug: pap: encryption_scheme = "crypt" Fri Sep 21 15:25:57 2007 : Debug: pap: auto_header = no Fri Sep 21 15:25:57 2007 : Debug: Module: Instantiated pap (pap) Fri Sep 21 15:25:57 2007 : Debug: Module: Loaded Acct-Unique-Session-Id Fri Sep 21 15:25:57 2007 : Debug: acct_unique: key = "User-Name, Acct-Session-Id, NAS-IP-Address, Client-IP-Address, NAS-Port" Fri Sep 21 15:25:57 2007 : Debug: Module: Instantiated acct_unique (acct_unique) Fri Sep 21 15:25:57 2007 : Debug: Module: Loaded detail Fri Sep 21 15:25:57 2007 : Debug: detail: detailfile = "/var/log/freeradius/radacct/%{Client-IP-Address}/detail-%Y%m%d" Fri Sep 21 15:25:57 2007 : Debug: detail: detailperm = 384 Fri Sep 21 15:25:57 2007 : Debug: detail: dirperm = 493 Fri Sep 21 15:25:57 2007 : Debug: detail: locking = no Fri Sep 21 15:25:57 2007 : Debug: Module: Instantiated detail (detail) Fri Sep 21 15:25:57 2007 : Debug: Module: Loaded System Fri Sep 21 15:25:57 2007 : Debug: unix: cache = no Fri Sep 21 15:25:57 2007 : Debug: unix: passwd = "(null)" Fri Sep 21 15:25:57 2007 : Debug: unix: shadow = "(null)" Fri Sep 21 15:25:57 2007 : Debug: unix: group = "(null)" Fri Sep 21 15:25:57 2007 : Debug: unix: radwtmp = "/var/log/freeradius/radwtmp" Fri Sep 21 15:25:57 2007 : Debug: unix: usegroup = no Fri Sep 21 15:25:57 2007 : Debug: unix: cache_reload = 600 Fri Sep 21 15:25:57 2007 : Debug: Module: Instantiated unix (unix) Fri Sep 21 15:25:57 2007 : Debug: Module: Loaded radutmp Fri Sep 21 15:25:57 2007 : Debug: radutmp: filename = "/var/log/freeradius/radutmp" Fri Sep 21 15:25:57 2007 : Debug: radutmp: username = "%{User-Name}" Fri Sep 21 15:25:57 2007 : Debug: radutmp: case_sensitive = yes Fri Sep 21 15:25:57 2007 : Debug: radutmp: check_with_nas = yes Fri Sep 21 15:25:57 2007 : Debug: radutmp: perm = 384 Fri Sep 21 15:25:57 2007 : Debug: radutmp: callerid = yes Fri Sep 21 15:25:57 2007 : Debug: Module: Instantiated radutmp (radutmp) Fri Sep 21 15:25:57 2007 : Debug: Module: Loaded SQL Fri Sep 21 15:25:57 2007 : Debug: sql: driver = "rlm_sql_mysql" Fri Sep 21 15:25:57 2007 : Debug: sql: server = "localhost" Fri Sep 21 15:25:57 2007 : Debug: sql: port = "" Fri Sep 21 15:25:57 2007 : Debug: sql: login = "AcctRadius" Fri Sep 21 15:25:57 2007 : Debug: sql: password = "AcctRadius" Fri Sep 21 15:25:57 2007 : Debug: sql: radius_db = "accounting" Fri Sep 21 15:25:57 2007 : Debug: sql: nas_table = "nas" Fri Sep 21 15:25:57 2007 : Debug: sql: sqltrace = yes Fri Sep 21 15:25:57 2007 : Debug: sql: sqltracefile = "/var/log/freeradius/sqltrace.sql" Fri Sep 21 15:25:57 2007 : Debug: sql: readclients = no Fri Sep 21 15:25:57 2007 : Debug: sql: deletestalesessions = yes Fri Sep 21 15:25:57 2007 : Debug: sql: num_sql_socks = 5 Fri Sep 21 15:25:57 2007 : Debug: sql: sql_user_name = "%{User-Name}" Fri Sep 21 15:25:57 2007 : Debug: sql: default_user_profile = "" Fri Sep 21 15:25:57 2007 : Debug: sql: query_on_not_found = no Fri Sep 21 15:25:57 2007 : Debug: sql: authorize_check_query = "SELECT id, UserName, Attribute, Value, op FROM radcheck WHERE Username = '%{SQL-User-Name}' ORDER BY id" Fri Sep 21 15:25:57 2007 : Debug: sql: authorize_reply_query = "SELECT id, UserName, Attribute, Value, op FROM radreply WHERE Username = '%{SQL-User-Name}' ORDER BY id" Fri Sep 21 15:25:57 2007 : Debug: sql: authorize_group_check_query = "SELECT id, GroupName, Attribute, Value, op FROM radgroupcheck WHERE GroupName = '%{Sql-Group}' ORDER BY id" Fri Sep 21 15:25:57 2007 : Debug: sql: authorize_group_reply_query = "SELECT id, GroupName, Attribute, Value, op FROM radgroupreply WHERE GroupName = '%{Sql-Group}' ORDER BY id" Fri Sep 21 15:25:57 2007 : Debug: sql: accounting_onoff_query = "UPDATE radacct SET AcctStopTime='%S', AcctSessionTime=unix_timestamp('%S') - unix_timestamp(AcctStartTime), AcctTerminateCause='%{Acct-Terminate-Cause}', AcctStopDelay = %{Acct-Delay-Time:-0} WHERE AcctSessionTime=0 AND AcctStopTime=0 AND NASIPAddress= '%{NAS-IP-Address}' AND AcctStartTime <= '%S'" Fri Sep 21 15:25:57 2007 : Debug: sql: accounting_update_query = "UPDATE radacct SET FramedIPAddress = '%{Framed-IP-Address}', AcctSessionTime = '%{Acct-Session-Time}', AcctInputOctets = '%{Acct-Input-Octets}', AcctOutputOctets = '%{Acct-Output-Octets}' WHERE AcctSessionId = '%{Acct-Session-Id}' AND UserName = '%{SQL-User-Name}' AND NASIPAddress= '%{NAS-IP-Address}'" Fri Sep 21 15:25:57 2007 : Debug: sql: accounting_update_query_alt = "INSERT into radacct (AcctSessionId, AcctUniqueId, UserName, Realm, NASIPAddress, NASPortId, NASPortType, AcctStartTime, AcctSessionTime, AcctAuthentic, ConnectInfo_start, AcctInputOctets, AcctOutputOctets, CalledStationId, CallingStationId, ServiceType, FramedProtocol, FramedIPAddress, AcctStartDelay) values('%{Acct-Session-Id}', '%{Acct-Unique-Session-Id}', '%{SQL-User-Name}', '%{Realm}', '%{NAS-IP-Address}', '%{NAS-Port}', '%{NAS-Port-Type}', DATE_SUB('%S',INTERVAL (%{Acct-Session-Time:-0} + %{Acct-Delay-Time:-0}) SECOND), '%{Acct-Session-Time}', '%{Acct-Authentic}', '', '%{Acct-Input-Octets}', '%{Acct-Output-Octets}', '%{Called-Station-Id}', '%{Calling-Station-Id}', '%{Service-Type}', '%{Framed-Protocol}', '%{Framed-IP-Address}', '0')" Fri Sep 21 15:25:57 2007 : Debug: sql: accounting_start_query = "INSERT into radacct (AcctSessionId, AcctUniqueId, UserName, Realm, NASIPAddress, NASPortId, NASPortType, AcctStartTime, AcctStopTime, AcctSessionTime, AcctAuthentic, ConnectInfo_start, ConnectInfo_stop, AcctInputOctets, AcctOutputOctets, CalledStationId, CallingStationId, AcctTerminateCause, ServiceType, FramedProtocol, FramedIPAddress, AcctStartDelay, AcctStopDelay) values('%{Acct-Session-Id}', '%{Acct-Unique-Session-Id}', '%{SQL-User-Name}', '%{Realm}', '%{NAS-IP-Address}', '%{NAS-Port}', '%{NAS-Port-Type}', '%S', '0', '0', '%{Acct-Authentic}', '%{Connect-Info}', '', '0', '0', '%{Called-Station-Id}', '%{Calling-Station-Id}', '', '%{Service-Type}', '%{Framed-Protocol}', '%{Framed-IP-Address}', '%{Acct-Delay-Time:-0}', '0')" Fri Sep 21 15:25:57 2007 : Debug: sql: accounting_start_query_alt = "UPDATE radacct SET AcctStartTime = '%S', AcctStartDelay = '%{Acct-Delay-Time:-0}', ConnectInfo_start = '%{Connect-Info}' WHERE AcctSessionId = '%{Acct-Session-Id}' AND UserName = '%{SQL-User-Name}' AND NASIPAddress = '%{NAS-IP-Address}'" Fri Sep 21 15:25:57 2007 : Debug: sql: accounting_stop_query = "UPDATE radacct SET AcctStopTime = '%S', AcctSessionTime = '%{Acct-Session-Time}', AcctInputOctets = '%{Acct-Input-Octets}', AcctOutputOctets = '%{Acct-Output-Octets}', AcctTerminateCause = '%{Acct-Terminate-Cause}', AcctStopDelay = '%{Acct-Delay-Time:-0}', ConnectInfo_stop = '%{Connect-Info}' WHERE AcctSessionId = '%{Acct-Session-Id}' AND UserName = '%{SQL-User-Name}' AND NASIPAddress = '%{NAS-IP-Address}'" Fri Sep 21 15:25:57 2007 : Debug: sql: accounting_stop_query_alt = "INSERT into radacct (AcctSessionId, AcctUniqueId, UserName, Realm, NASIPAddress, NASPortId, NASPortType, AcctStartTime, AcctStopTime, AcctSessionTime, AcctAuthentic, ConnectInfo_start, ConnectInfo_stop, AcctInputOctets, AcctOutputOctets, CalledStationId, CallingStationId, AcctTerminateCause, ServiceType, FramedProtocol, FramedIPAddress, AcctStartDelay, AcctStopDelay) values('%{Acct-Session-Id}', '%{Acct-Unique-Session-Id}', '%{SQL-User-Name}', '%{Realm}', '%{NAS-IP-Address}', '%{NAS-Port}', '%{NAS-Port-Type}', DATE_SUB('%S', INTERVAL (%{Acct-Session-Time:-0} + %{Acct-Delay-Time:-0}) SECOND), '%S', '%{Acct-Session-Time}', '%{Acct-Authentic}', '', '%{Connect-Info}', '%{Acct-Input-Octets}', '%{Acct-Output-Octets}', '%{Called-Station-Id}', '%{Calling-Station-Id}', '%{Acct-Terminate-Cause}', '%{Service-Type}', '%{Framed-Protocol}', '%{Framed-IP-Address}', '0', '%{Acct-Delay-Time:-0}')" Fri Sep 21 15:25:57 2007 : Debug: sql: group_membership_query = "SELECT GroupName FROM radusergroup WHERE UserName = '%{SQL-User-Name}' ORDER BY priority" Fri Sep 21 15:25:57 2007 : Debug: sql: connect_failure_retry_delay = 60 Fri Sep 21 15:25:57 2007 : Debug: sql: simul_count_query = "" Fri Sep 21 15:25:57 2007 : Debug: sql: simul_verify_query = "SELECT RadAcctId, AcctSessionId, UserName, NASIPAddress, NASPortId, FramedIPAddress, CallingStationId, FramedProtocol FROM radacct WHERE UserName='%{SQL-User-Name}' AND AcctStopTime = 0" Fri Sep 21 15:25:57 2007 : Debug: sql: postauth_query = "INSERT into radpostauth (id, user, pass, reply, date) values ('', '%{User-Name}', '%{User-Password:-Chap-Password}', '%{reply:Packet-Type}', '%S')" Fri Sep 21 15:25:57 2007 : Debug: sql: safe-characters = "@abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789.-_: /" Fri Sep 21 15:25:57 2007 : Info: rlm_sql (sql): Driver rlm_sql_mysql (module rlm_sql_mysql) loaded and linked Fri Sep 21 15:25:57 2007 : Info: rlm_sql (sql): Attempting to connect to AcctRadius@localhost:/accounting Fri Sep 21 15:25:57 2007 : Debug: rlm_sql (sql): starting 0 Fri Sep 21 15:25:57 2007 : Debug: rlm_sql (sql): Attempting to connect rlm_sql_mysql #0 Fri Sep 21 15:25:57 2007 : Info: rlm_sql_mysql: Starting connect to MySQL server for #0 Fri Sep 21 15:25:57 2007 : Debug: rlm_sql (sql): Connected new DB handle, #0 Fri Sep 21 15:25:57 2007 : Debug: rlm_sql (sql): starting 1 Fri Sep 21 15:25:57 2007 : Debug: rlm_sql (sql): Attempting to connect rlm_sql_mysql #1 Fri Sep 21 15:25:57 2007 : Info: rlm_sql_mysql: Starting connect to MySQL server for #1 Fri Sep 21 15:25:57 2007 : Debug: rlm_sql (sql): Connected new DB handle, #1 Fri Sep 21 15:25:57 2007 : Debug: rlm_sql (sql): starting 2 Fri Sep 21 15:25:57 2007 : Debug: rlm_sql (sql): Attempting to connect rlm_sql_mysql #2 Fri Sep 21 15:25:57 2007 : Info: rlm_sql_mysql: Starting connect to MySQL server for #2 Fri Sep 21 15:25:57 2007 : Debug: rlm_sql (sql): Connected new DB handle, #2 Fri Sep 21 15:25:57 2007 : Debug: rlm_sql (sql): starting 3 Fri Sep 21 15:25:57 2007 : Debug: rlm_sql (sql): Attempting to connect rlm_sql_mysql #3 Fri Sep 21 15:25:57 2007 : Info: rlm_sql_mysql: Starting connect to MySQL server for #3 Fri Sep 21 15:25:57 2007 : Debug: rlm_sql (sql): Connected new DB handle, #3 Fri Sep 21 15:25:57 2007 : Debug: rlm_sql (sql): starting 4 Fri Sep 21 15:25:57 2007 : Debug: rlm_sql (sql): Attempting to connect rlm_sql_mysql #4 Fri Sep 21 15:25:57 2007 : Info: rlm_sql_mysql: Starting connect to MySQL server for #4 Fri Sep 21 15:25:57 2007 : Debug: rlm_sql (sql): Connected new DB handle, #4 Fri Sep 21 15:25:57 2007 : Debug: Module: Instantiated sql (sql) Fri Sep 21 15:25:57 2007 : Debug: Module: Loaded attr_filter Fri Sep 21 15:25:57 2007 : Debug: attr_filter: attrsfile = "/etc/freeradius/attrs.accounting_response" Fri Sep 21 15:25:57 2007 : Error: rlm_attr_filter: Authorize method will be deprecated. Fri Sep 21 15:25:57 2007 : Debug: Module: Instantiated attr_filter (attr_filter.accounting_response) Fri Sep 21 15:25:57 2007 : Debug: detail: detailfile = "/var/log/freeradius/radacct/%{Client-IP-Address}/pre-proxy-detail-%Y%m%d" Fri Sep 21 15:25:57 2007 : Debug: detail: detailperm = 384 Fri Sep 21 15:25:57 2007 : Debug: detail: dirperm = 493 Fri Sep 21 15:25:57 2007 : Debug: detail: locking = no Fri Sep 21 15:25:57 2007 : Debug: Module: Instantiated detail (pre_proxy_log) Fri Sep 21 15:25:57 2007 : Debug: detail: detailfile = "/var/log/freeradius/radacct/%{Client-IP-Address}/post-proxy-detail-%Y%m%d" Fri Sep 21 15:25:57 2007 : Debug: detail: detailperm = 384 Fri Sep 21 15:25:57 2007 : Debug: detail: dirperm = 493 Fri Sep 21 15:25:57 2007 : Debug: detail: locking = no Fri Sep 21 15:25:57 2007 : Debug: Module: Instantiated detail (post_proxy_log) Fri Sep 21 15:25:57 2007 : Debug: attr_filter: attrsfile = "/etc/freeradius/attrs" Fri Sep 21 15:25:57 2007 : Error: rlm_attr_filter: Authorize method will be deprecated. Fri Sep 21 15:25:57 2007 : Debug: Module: Instantiated attr_filter (attr_filter.post-proxy) Fri Sep 21 15:25:57 2007 : Debug: detail: detailfile = "/var/log/freeradius/radacct/%{Client-IP-Address}/post-proxy-detail-%Y%m%d-filtre" Fri Sep 21 15:25:57 2007 : Debug: detail: detailperm = 384 Fri Sep 21 15:25:57 2007 : Debug: detail: dirperm = 493 Fri Sep 21 15:25:57 2007 : Debug: detail: locking = no Fri Sep 21 15:25:57 2007 : Debug: Module: Instantiated detail (post_proxy_log_filtre) Fri Sep 21 15:25:57 2007 : Debug: Listening on authentication *:1812 Fri Sep 21 15:25:57 2007 : Debug: Listening on accounting *:1813 Fri Sep 21 15:25:57 2007 : Debug: Listening on proxy *:1814 Fri Sep 21 15:25:57 2007 : Info: Ready to process requests. rad_recv: Access-Request packet from host 147.173.246.1:32772, id=0, length=206 User-Name = "richard.heral" User-Password = "XXXXXXX" NAS-IP-Address = 147.173.246.1 Service-Type = Login-User Framed-IP-Address = 10.8.246.2 Calling-Station-Id = "00-30-13-C5-96-6D" Called-Station-Id = "00-E0-81-25-CB-01" NAS-Identifier = "Chillispot" Acct-Session-Id = "46f3c65d00000000" NAS-Port-Type = Wireless-802.11 NAS-Port = 0 Message-Authenticator = 0xda4bb7ea22081db2078edfc35089efed WISPr-Logoff-URL = "http://10.8.246.1:3990/logoff" Fri Sep 21 15:26:06 2007 : Debug: Processing the authorize section of radiusd.conf Fri Sep 21 15:26:06 2007 : Debug: modcall: entering group authorize for request 0 Fri Sep 21 15:26:06 2007 : Debug: modsingle[authorize]: calling preprocess (rlm_preprocess) for request 0 Fri Sep 21 15:26:06 2007 : Debug: modsingle[authorize]: returned from preprocess (rlm_preprocess) for request 0 Fri Sep 21 15:26:06 2007 : Debug: modcall[authorize]: module "preprocess" returns ok for request 0 Fri Sep 21 15:26:06 2007 : Debug: modsingle[authorize]: calling suffix (rlm_realm) for request 0 Fri Sep 21 15:26:06 2007 : Debug: rlm_realm: No '@' in User-Name = "richard.heral", looking up realm NULL Fri Sep 21 15:26:06 2007 : Debug: rlm_realm: Found realm "NULL" Fri Sep 21 15:26:06 2007 : Debug: rlm_realm: Adding Stripped-User-Name = "richard.heral" Fri Sep 21 15:26:06 2007 : Debug: rlm_realm: Proxying request from user richard.heral to realm NULL Fri Sep 21 15:26:06 2007 : Debug: rlm_realm: Adding Realm = "NULL" Fri Sep 21 15:26:06 2007 : Debug: rlm_realm: Authentication realm is LOCAL. Fri Sep 21 15:26:06 2007 : Debug: modsingle[authorize]: returned from suffix (rlm_realm) for request 0 Fri Sep 21 15:26:06 2007 : Debug: modcall[authorize]: module "suffix" returns noop for request 0 Fri Sep 21 15:26:06 2007 : Debug: modsingle[authorize]: calling eap (rlm_eap) for request 0 Fri Sep 21 15:26:06 2007 : Debug: rlm_eap: No EAP-Message, not doing EAP Fri Sep 21 15:26:06 2007 : Debug: modsingle[authorize]: returned from eap (rlm_eap) for request 0 Fri Sep 21 15:26:06 2007 : Debug: modcall[authorize]: module "eap" returns noop for request 0 Fri Sep 21 15:26:06 2007 : Debug: modsingle[authorize]: calling files (rlm_files) for request 0 Fri Sep 21 15:26:06 2007 : Debug: users: Matched entry DEFAULT at line 308 Fri Sep 21 15:26:06 2007 : Debug: modsingle[authorize]: returned from files (rlm_files) for request 0 Fri Sep 21 15:26:06 2007 : Debug: modcall[authorize]: module "files" returns ok for request 0 Fri Sep 21 15:26:06 2007 : Debug: modsingle[authorize]: calling pap (rlm_pap) for request 0 Fri Sep 21 15:26:06 2007 : Debug: rlm_pap: WARNING! No "known good" password found for the user. Authentication may fail because of this. Fri Sep 21 15:26:06 2007 : Debug: modsingle[authorize]: returned from pap (rlm_pap) for request 0 Fri Sep 21 15:26:06 2007 : Debug: modcall[authorize]: module "pap" returns noop for request 0 Fri Sep 21 15:26:06 2007 : Debug: modcall: leaving group authorize (returns ok) for request 0 Fri Sep 21 15:26:06 2007 : Debug: Found Autz-Type ldap Fri Sep 21 15:26:06 2007 : Debug: Processing the authorize section of radiusd.conf Fri Sep 21 15:26:06 2007 : Debug: modcall: entering group LDAP for request 0 Fri Sep 21 15:26:06 2007 : Debug: modsingle[authorize]: calling ldap (rlm_ldap) for request 0 Fri Sep 21 15:26:06 2007 : Debug: rlm_ldap: - authorize Fri Sep 21 15:26:06 2007 : Debug: rlm_ldap: performing user authorization for richard.heral Fri Sep 21 15:26:06 2007 : Debug: radius_xlat: '(|(|(uid=richard.heral)(mail=richard.heral))(mail=richard.heral@grenoble.cnrs.fr))' Fri Sep 21 15:26:06 2007 : Debug: radius_xlat: 'ou=users,dc=grenoble,dc=cnrs,dc=fr' Fri Sep 21 15:26:06 2007 : Debug: rlm_ldap: ldap_get_conn: Checking Id: 0 Fri Sep 21 15:26:06 2007 : Debug: rlm_ldap: ldap_get_conn: Got Id: 0 Fri Sep 21 15:26:06 2007 : Debug: rlm_ldap: attempting LDAP reconnection Fri Sep 21 15:26:06 2007 : Debug: rlm_ldap: (re)connect to ldaps://ldap.grenoble.cnrs.fr, authentication 0 Fri Sep 21 15:26:06 2007 : Debug: rlm_ldap: bind as cn=rad,dc=grenoble,dc=cnrs,dc=fr/XXXXXXX to ldaps://ldap.grenoble.cnrs.fr Fri Sep 21 15:26:06 2007 : Debug: rlm_ldap: waiting for bind result ... Fri Sep 21 15:26:06 2007 : Debug: rlm_ldap: Bind was successful Fri Sep 21 15:26:06 2007 : Debug: rlm_ldap: performing search in ou=users,dc=grenoble,dc=cnrs,dc=fr, with filter (|(|(uid=richard.heral)(mail=richard.heral))(mail=richard.heral@grenoble.cnrs.fr)) Fri Sep 21 15:26:06 2007 : Debug: rlm_ldap: No default NMAS login sequence Fri Sep 21 15:26:06 2007 : Debug: rlm_ldap: looking for check items in directory... Fri Sep 21 15:26:06 2007 : Debug: rlm_ldap: looking for reply items in directory... Fri Sep 21 15:26:06 2007 : Debug: rlm_ldap: Setting Auth-Type = ldap Fri Sep 21 15:26:06 2007 : Debug: rlm_ldap: user richard.heral authorized to use remote access Fri Sep 21 15:26:06 2007 : Debug: rlm_ldap: ldap_release_conn: Release Id: 0 Fri Sep 21 15:26:06 2007 : Debug: modsingle[authorize]: returned from ldap (rlm_ldap) for request 0 Fri Sep 21 15:26:06 2007 : Debug: modcall[authorize]: module "ldap" returns ok for request 0 Fri Sep 21 15:26:06 2007 : Debug: modcall: leaving group LDAP (returns ok) for request 0 Fri Sep 21 15:26:06 2007 : Debug: rad_check_password: Found Auth-Type ldap Fri Sep 21 15:26:06 2007 : Debug: auth: type "LDAP" Fri Sep 21 15:26:06 2007 : Debug: Processing the authenticate section of radiusd.conf Fri Sep 21 15:26:06 2007 : Debug: modcall: entering group LDAP for request 0 Fri Sep 21 15:26:06 2007 : Debug: modsingle[authenticate]: calling ldap (rlm_ldap) for request 0 Fri Sep 21 15:26:06 2007 : Debug: rlm_ldap: - authenticate Fri Sep 21 15:26:06 2007 : Debug: rlm_ldap: login attempt by "richard.heral" with password "XXXXXXX" Fri Sep 21 15:26:06 2007 : Debug: rlm_ldap: user DN: uid=richard.heral,ou=invites,ou=users,dc=grenoble,dc=cnrs,dc=fr Fri Sep 21 15:26:06 2007 : Debug: rlm_ldap: (re)connect to ldaps://ldap.grenoble.cnrs.fr, authentication 1 Fri Sep 21 15:26:06 2007 : Debug: rlm_ldap: bind as uid=richard.heral,ou=invites,ou=users,dc=grenoble,dc=cnrs,dc=fr/XXXXXXX to ldaps://ldap.grenoble.cnrs.fr Fri Sep 21 15:26:06 2007 : Debug: rlm_ldap: waiting for bind result ... Fri Sep 21 15:26:06 2007 : Debug: rlm_ldap: Bind was successful Fri Sep 21 15:26:06 2007 : Debug: rlm_ldap: user richard.heral authenticated succesfully Fri Sep 21 15:26:06 2007 : Debug: modsingle[authenticate]: returned from ldap (rlm_ldap) for request 0 Fri Sep 21 15:26:06 2007 : Debug: modcall[authenticate]: module "ldap" returns ok for request 0 Fri Sep 21 15:26:06 2007 : Debug: modcall: leaving group LDAP (returns ok) for request 0 Fri Sep 21 15:26:06 2007 : Auth: Login OK: [richard.heral] (from client chillispot port 0 cli 00-30-13-C5-96-6D) Sending Access-Accept of id 0 to 147.173.246.1 port 32772 Fri Sep 21 15:26:06 2007 : Debug: Finished request 0 Fri Sep 21 15:26:06 2007 : Debug: Going to the next request Fri Sep 21 15:26:06 2007 : Debug: --- Walking the entire request list --- Fri Sep 21 15:26:06 2007 : Debug: Waking up in 6 seconds... rad_recv: Accounting-Request packet from host 147.173.246.1:32770, id=8, length=143 Acct-Status-Type = Start User-Name = "richard.heral" Calling-Station-Id = "00-30-13-C5-96-6D" Called-Station-Id = "00-E0-81-25-CB-01" NAS-Port-Type = Wireless-802.11 NAS-Port = 0 NAS-Port-Id = "00000000" NAS-IP-Address = 147.173.246.1 NAS-Identifier = "Chillispot" Framed-IP-Address = 10.8.246.2 Acct-Session-Id = "46f3c65d00000000" Fri Sep 21 15:26:06 2007 : Debug: Processing the preacct section of radiusd.conf Fri Sep 21 15:26:06 2007 : Debug: modcall: entering group preacct for request 1 Fri Sep 21 15:26:06 2007 : Debug: modsingle[preacct]: calling preprocess (rlm_preprocess) for request 1 Fri Sep 21 15:26:06 2007 : Debug: modsingle[preacct]: returned from preprocess (rlm_preprocess) for request 1 Fri Sep 21 15:26:06 2007 : Debug: modcall[preacct]: module "preprocess" returns noop for request 1 Fri Sep 21 15:26:06 2007 : Debug: modsingle[preacct]: calling acct_unique (rlm_acct_unique) for request 1 Fri Sep 21 15:26:06 2007 : Debug: rlm_acct_unique: Hashing 'NAS-Port = 0,Client-IP-Address = 147.173.246.1,NAS-IP-Address = 147.173.246.1,Acct-Session-Id = "46f3c65d00000000",User-Name = "richard.heral"' Fri Sep 21 15:26:06 2007 : Debug: rlm_acct_unique: Acct-Unique-Session-ID = "98930fcf180d5039". Fri Sep 21 15:26:06 2007 : Debug: modsingle[preacct]: returned from acct_unique (rlm_acct_unique) for request 1 Fri Sep 21 15:26:06 2007 : Debug: modcall[preacct]: module "acct_unique" returns ok for request 1 Fri Sep 21 15:26:06 2007 : Debug: modsingle[preacct]: calling suffix (rlm_realm) for request 1 Fri Sep 21 15:26:06 2007 : Debug: rlm_realm: No '@' in User-Name = "richard.heral", looking up realm NULL Fri Sep 21 15:26:06 2007 : Debug: rlm_realm: Found realm "NULL" Fri Sep 21 15:26:06 2007 : Debug: rlm_realm: Adding Stripped-User-Name = "richard.heral" Fri Sep 21 15:26:06 2007 : Debug: rlm_realm: Proxying request from user richard.heral to realm NULL Fri Sep 21 15:26:06 2007 : Debug: rlm_realm: Adding Realm = "NULL" Fri Sep 21 15:26:06 2007 : Debug: rlm_realm: Accounting realm is LOCAL. Fri Sep 21 15:26:06 2007 : Debug: modsingle[preacct]: returned from suffix (rlm_realm) for request 1 Fri Sep 21 15:26:06 2007 : Debug: modcall[preacct]: module "suffix" returns noop for request 1 Fri Sep 21 15:26:06 2007 : Debug: modsingle[preacct]: calling files (rlm_files) for request 1 Fri Sep 21 15:26:06 2007 : Debug: modsingle[preacct]: returned from files (rlm_files) for request 1 Fri Sep 21 15:26:06 2007 : Debug: modcall[preacct]: module "files" returns noop for request 1 Fri Sep 21 15:26:06 2007 : Debug: modcall: leaving group preacct (returns ok) for request 1 Fri Sep 21 15:26:06 2007 : Debug: Processing the accounting section of radiusd.conf Fri Sep 21 15:26:06 2007 : Debug: modcall: entering group accounting for request 1 Fri Sep 21 15:26:06 2007 : Debug: modsingle[accounting]: calling detail (rlm_detail) for request 1 Fri Sep 21 15:26:06 2007 : Debug: radius_xlat: '/var/log/freeradius/radacct/147.173.246.1/detail-20070921' Fri Sep 21 15:26:06 2007 : Debug: rlm_detail: /var/log/freeradius/radacct/%{Client-IP-Address}/detail-%Y%m%d expands to /var/log/freeradius/radacct/147.173.246.1/detail-20070921 Fri Sep 21 15:26:06 2007 : Debug: modsingle[accounting]: returned from detail (rlm_detail) for request 1 Fri Sep 21 15:26:06 2007 : Debug: modcall[accounting]: module "detail" returns ok for request 1 Fri Sep 21 15:26:06 2007 : Debug: modsingle[accounting]: calling unix (rlm_unix) for request 1 Fri Sep 21 15:26:06 2007 : Debug: modsingle[accounting]: returned from unix (rlm_unix) for request 1 Fri Sep 21 15:26:06 2007 : Debug: modcall[accounting]: module "unix" returns ok for request 1 Fri Sep 21 15:26:06 2007 : Debug: modsingle[accounting]: calling radutmp (rlm_radutmp) for request 1 Fri Sep 21 15:26:06 2007 : Debug: radius_xlat: '/var/log/freeradius/radutmp' Fri Sep 21 15:26:06 2007 : Debug: radius_xlat: 'richard.heral' Fri Sep 21 15:26:06 2007 : Debug: modsingle[accounting]: returned from radutmp (rlm_radutmp) for request 1 Fri Sep 21 15:26:06 2007 : Debug: modcall[accounting]: module "radutmp" returns ok for request 1 Fri Sep 21 15:26:06 2007 : Debug: modsingle[accounting]: calling sql (rlm_sql) for request 1 Fri Sep 21 15:26:06 2007 : Debug: radius_xlat: 'richard.heral' Fri Sep 21 15:26:06 2007 : Debug: rlm_sql (sql): sql_set_user escaped user --> 'richard.heral' Fri Sep 21 15:26:06 2007 : Debug: radius_xlat: 'INSERT into radacct (AcctSessionId, AcctUniqueId, UserName, Realm, NASIPAddress, NASPortId, NASPortType, AcctStartTime, AcctStopTime, AcctSessionTime, AcctAuthentic, ConnectInfo_start, ConnectInfo_stop, AcctInputOctets, AcctOutputOctets, CalledStationId, CallingStationId, AcctTerminateCause, ServiceType, FramedProtocol, FramedIPAddress, AcctStartDelay, AcctStopDelay) values('46f3c65d00000000', '98930fcf180d5039', 'richard.heral', 'NULL', '147.173.246.1', '0', 'Wireless-802.11', '2007-09-21 15:26:06', '0', '0', '', '', '', '0', '0', '00-E0-81-25-CB-01', '00-30-13-C5-96-6D', '', '', '', '10.8.246.2', '0', '0')' Fri Sep 21 15:26:06 2007 : Debug: radius_xlat: '/var/log/freeradius/sqltrace.sql' Fri Sep 21 15:26:06 2007 : Debug: rlm_sql (sql): Reserving sql socket id: 4 Fri Sep 21 15:26:06 2007 : Debug: rlm_sql_mysql: query: INSERT into radacct (AcctSessionId, AcctUniqueId, UserName, Realm, NASIPAddress, NASPortId, NASPortType, AcctStartTime, AcctStopTime, AcctSessionTime, AcctAuthentic, ConnectInfo_start, ConnectInfo_stop, AcctInputOctets, AcctOutputOctets, CalledStationId, CallingStationId, AcctTerminateCause, ServiceType, FramedProtocol, FramedIPAddress, AcctStartDelay, AcctStopDelay) values('46f3c65d00000000', '98930fcf180d5039', 'richard.heral', 'NULL', '147.173.246.1', '0', 'Wireless-802.11', '2007-09-21 15:26:06', '0', '0', '', '', '', '0', '0', '00-E0-81-25-CB-01', '00-30-13-C5-96-6D', '', '', '', '10.8.246.2', '0', '0') Fri Sep 21 15:26:06 2007 : Debug: rlm_sql (sql): Released sql socket id: 4 Fri Sep 21 15:26:06 2007 : Debug: modsingle[accounting]: returned from sql (rlm_sql) for request 1 Fri Sep 21 15:26:06 2007 : Debug: modcall[accounting]: module "sql" returns ok for request 1 Fri Sep 21 15:26:06 2007 : Debug: modsingle[accounting]: calling attr_filter.accounting_response (rlm_attr_filter) for request 1 Fri Sep 21 15:26:06 2007 : Debug: attr_filter: Matched entry DEFAULT at line 12 Fri Sep 21 15:26:06 2007 : Debug: modsingle[accounting]: returned from attr_filter.accounting_response (rlm_attr_filter) for request 1 Fri Sep 21 15:26:06 2007 : Debug: modcall[accounting]: module "attr_filter.accounting_response" returns updated for request 1 Fri Sep 21 15:26:06 2007 : Debug: modcall: leaving group accounting (returns updated) for request 1 Sending Accounting-Response of id 8 to 147.173.246.1 port 32770 Fri Sep 21 15:26:06 2007 : Debug: Finished request 1 Fri Sep 21 15:26:06 2007 : Debug: Going to the next request Fri Sep 21 15:26:06 2007 : Debug: Cleaning up request 1 ID 8 with timestamp 46f3c66e Fri Sep 21 15:26:06 2007 : Debug: rl_next: returning NULL Fri Sep 21 15:26:06 2007 : Debug: Waking up in 6 seconds... Fri Sep 21 15:26:12 2007 : Debug: --- Walking the entire request list --- Fri Sep 21 15:26:12 2007 : Debug: Cleaning up request 0 ID 0 with timestamp 46f3c66e Fri Sep 21 15:26:12 2007 : Debug: Nothing to do. Sleeping until we see a request. rad_recv: Accounting-Request packet from host 147.173.246.1:32770, id=9, length=191 Acct-Status-Type = Stop User-Name = "richard.heral" Calling-Station-Id = "00-30-13-C5-96-6D" Called-Station-Id = "00-E0-81-25-CB-01" NAS-Port-Type = Wireless-802.11 NAS-Port = 0 NAS-Port-Id = "00000000" NAS-IP-Address = 147.173.246.1 NAS-Identifier = "Chillispot" Framed-IP-Address = 10.8.246.2 Acct-Session-Id = "46f3c65d00000000" Acct-Input-Octets = 5257 Acct-Output-Octets = 11947 Acct-Input-Gigawords = 0 Acct-Output-Gigawords = 0 Acct-Input-Packets = 33 Acct-Output-Packets = 27 Acct-Session-Time = 27 Acct-Terminate-Cause = User-Request Fri Sep 21 15:26:33 2007 : Debug: Processing the preacct section of radiusd.conf Fri Sep 21 15:26:33 2007 : Debug: modcall: entering group preacct for request 2 Fri Sep 21 15:26:33 2007 : Debug: modsingle[preacct]: calling preprocess (rlm_preprocess) for request 2 Fri Sep 21 15:26:33 2007 : Debug: modsingle[preacct]: returned from preprocess (rlm_preprocess) for request 2 Fri Sep 21 15:26:33 2007 : Debug: modcall[preacct]: module "preprocess" returns noop for request 2 Fri Sep 21 15:26:33 2007 : Debug: modsingle[preacct]: calling acct_unique (rlm_acct_unique) for request 2 Fri Sep 21 15:26:33 2007 : Debug: rlm_acct_unique: Hashing 'NAS-Port = 0,Client-IP-Address = 147.173.246.1,NAS-IP-Address = 147.173.246.1,Acct-Session-Id = "46f3c65d00000000",User-Name = "richard.heral"' Fri Sep 21 15:26:33 2007 : Debug: rlm_acct_unique: Acct-Unique-Session-ID = "98930fcf180d5039". Fri Sep 21 15:26:33 2007 : Debug: modsingle[preacct]: returned from acct_unique (rlm_acct_unique) for request 2 Fri Sep 21 15:26:33 2007 : Debug: modcall[preacct]: module "acct_unique" returns ok for request 2 Fri Sep 21 15:26:33 2007 : Debug: modsingle[preacct]: calling suffix (rlm_realm) for request 2 Fri Sep 21 15:26:33 2007 : Debug: rlm_realm: No '@' in User-Name = "richard.heral", looking up realm NULL Fri Sep 21 15:26:33 2007 : Debug: rlm_realm: Found realm "NULL" Fri Sep 21 15:26:33 2007 : Debug: rlm_realm: Adding Stripped-User-Name = "richard.heral" Fri Sep 21 15:26:33 2007 : Debug: rlm_realm: Proxying request from user richard.heral to realm NULL Fri Sep 21 15:26:33 2007 : Debug: rlm_realm: Adding Realm = "NULL" Fri Sep 21 15:26:33 2007 : Debug: rlm_realm: Accounting realm is LOCAL. Fri Sep 21 15:26:33 2007 : Debug: modsingle[preacct]: returned from suffix (rlm_realm) for request 2 Fri Sep 21 15:26:33 2007 : Debug: modcall[preacct]: module "suffix" returns noop for request 2 Fri Sep 21 15:26:33 2007 : Debug: modsingle[preacct]: calling files (rlm_files) for request 2 Fri Sep 21 15:26:33 2007 : Debug: modsingle[preacct]: returned from files (rlm_files) for request 2 Fri Sep 21 15:26:33 2007 : Debug: modcall[preacct]: module "files" returns noop for request 2 Fri Sep 21 15:26:33 2007 : Debug: modcall: leaving group preacct (returns ok) for request 2 Fri Sep 21 15:26:33 2007 : Debug: Processing the accounting section of radiusd.conf Fri Sep 21 15:26:33 2007 : Debug: modcall: entering group accounting for request 2 Fri Sep 21 15:26:33 2007 : Debug: modsingle[accounting]: calling detail (rlm_detail) for request 2 Fri Sep 21 15:26:33 2007 : Debug: radius_xlat: '/var/log/freeradius/radacct/147.173.246.1/detail-20070921' Fri Sep 21 15:26:33 2007 : Debug: rlm_detail: /var/log/freeradius/radacct/%{Client-IP-Address}/detail-%Y%m%d expands to /var/log/freeradius/radacct/147.173.246.1/detail-20070921 Fri Sep 21 15:26:33 2007 : Debug: modsingle[accounting]: returned from detail (rlm_detail) for request 2 Fri Sep 21 15:26:33 2007 : Debug: modcall[accounting]: module "detail" returns ok for request 2 Fri Sep 21 15:26:33 2007 : Debug: modsingle[accounting]: calling unix (rlm_unix) for request 2 Fri Sep 21 15:26:33 2007 : Debug: modsingle[accounting]: returned from unix (rlm_unix) for request 2 Fri Sep 21 15:26:33 2007 : Debug: modcall[accounting]: module "unix" returns ok for request 2 Fri Sep 21 15:26:33 2007 : Debug: modsingle[accounting]: calling radutmp (rlm_radutmp) for request 2 Fri Sep 21 15:26:33 2007 : Debug: radius_xlat: '/var/log/freeradius/radutmp' Fri Sep 21 15:26:33 2007 : Debug: radius_xlat: 'richard.heral' Fri Sep 21 15:26:33 2007 : Debug: modsingle[accounting]: returned from radutmp (rlm_radutmp) for request 2 Fri Sep 21 15:26:33 2007 : Debug: modcall[accounting]: module "radutmp" returns ok for request 2 Fri Sep 21 15:26:33 2007 : Debug: modsingle[accounting]: calling sql (rlm_sql) for request 2 Fri Sep 21 15:26:33 2007 : Debug: radius_xlat: 'richard.heral' Fri Sep 21 15:26:33 2007 : Debug: rlm_sql (sql): sql_set_user escaped user --> 'richard.heral' Fri Sep 21 15:26:33 2007 : Debug: radius_xlat: 'UPDATE radacct SET AcctStopTime = '2007-09-21 15:26:33', AcctSessionTime = '27', AcctInputOctets = '5257', AcctOutputOctets = '11947', AcctTerminateCause = 'User-Request', AcctStopDelay = '0', ConnectInfo_stop = '' WHERE AcctSessionId = '46f3c65d00000000' AND UserName = 'richard.heral' AND NASIPAddress = '147.173.246.1'' Fri Sep 21 15:26:33 2007 : Debug: radius_xlat: '/var/log/freeradius/sqltrace.sql' Fri Sep 21 15:26:33 2007 : Debug: rlm_sql (sql): Reserving sql socket id: 3 Fri Sep 21 15:26:33 2007 : Debug: rlm_sql_mysql: query: UPDATE radacct SET AcctStopTime = '2007-09-21 15:26:33', AcctSessionTime = '27', AcctInputOctets = '5257', AcctOutputOctets = '11947', AcctTerminateCause = 'User-Request', AcctStopDelay = '0', ConnectInfo_stop = '' WHERE AcctSessionId = '46f3c65d00000000' AND UserName = 'richard.heral' AND NASIPAddress = '147.173.246.1' Fri Sep 21 15:26:33 2007 : Debug: rlm_sql (sql): Released sql socket id: 3 Fri Sep 21 15:26:33 2007 : Debug: modsingle[accounting]: returned from sql (rlm_sql) for request 2 Fri Sep 21 15:26:33 2007 : Debug: modcall[accounting]: module "sql" returns ok for request 2 Fri Sep 21 15:26:33 2007 : Debug: modsingle[accounting]: calling attr_filter.accounting_response (rlm_attr_filter) for request 2 Fri Sep 21 15:26:33 2007 : Debug: attr_filter: Matched entry DEFAULT at line 12 Fri Sep 21 15:26:33 2007 : Debug: modsingle[accounting]: returned from attr_filter.accounting_response (rlm_attr_filter) for request 2 Fri Sep 21 15:26:33 2007 : Debug: modcall[accounting]: module "attr_filter.accounting_response" returns updated for request 2 Fri Sep 21 15:26:33 2007 : Debug: modcall: leaving group accounting (returns updated) for request 2 Sending Accounting-Response of id 9 to 147.173.246.1 port 32770 Fri Sep 21 15:26:33 2007 : Debug: Finished request 2 Fri Sep 21 15:26:33 2007 : Debug: Going to the next request Fri Sep 21 15:26:33 2007 : Debug: --- Walking the entire request list --- Fri Sep 21 15:26:33 2007 : Debug: Cleaning up request 2 ID 9 with timestamp 46f3c689 Fri Sep 21 15:26:33 2007 : Debug: Nothing to do. Sleeping until we see a request.
Fri Sep 21 15:31:07 2007 : Info: Starting - reading configuration files ... Fri Sep 21 15:31:07 2007 : Debug: reread_config: reading radiusd.conf Fri Sep 21 15:31:07 2007 : Debug: Config: including file: /etc/freeradius/proxy.conf Fri Sep 21 15:31:07 2007 : Debug: Config: including file: /etc/freeradius/clients.conf Fri Sep 21 15:31:07 2007 : Debug: Config: including file: /etc/freeradius/snmp.conf Fri Sep 21 15:31:07 2007 : Debug: Config: including file: /etc/freeradius/eap.conf Fri Sep 21 15:31:07 2007 : Debug: Config: including file: /etc/freeradius/sql.conf Fri Sep 21 15:31:07 2007 : Debug: main: prefix = "/usr" Fri Sep 21 15:31:07 2007 : Debug: main: localstatedir = "/var" Fri Sep 21 15:31:07 2007 : Debug: main: logdir = "/var/log/freeradius" Fri Sep 21 15:31:07 2007 : Debug: main: libdir = "/usr/lib/freeradius" Fri Sep 21 15:31:07 2007 : Debug: main: radacctdir = "/var/log/freeradius/radacct" Fri Sep 21 15:31:07 2007 : Debug: main: hostname_lookups = no Fri Sep 21 15:31:07 2007 : Debug: main: snmp = no Fri Sep 21 15:31:07 2007 : Debug: main: max_request_time = 30 Fri Sep 21 15:31:07 2007 : Debug: main: cleanup_delay = 5 Fri Sep 21 15:31:07 2007 : Debug: main: max_requests = 1024 Fri Sep 21 15:31:07 2007 : Debug: main: delete_blocked_requests = 0 Fri Sep 21 15:31:07 2007 : Debug: main: port = 1812 Fri Sep 21 15:31:07 2007 : Debug: main: allow_core_dumps = no Fri Sep 21 15:31:07 2007 : Debug: main: log_stripped_names = no Fri Sep 21 15:31:07 2007 : Debug: main: log_file = "/var/log/freeradius/radius.log" Fri Sep 21 15:31:07 2007 : Debug: main: log_auth = yes Fri Sep 21 15:31:07 2007 : Debug: main: log_auth_badpass = no Fri Sep 21 15:31:07 2007 : Debug: main: log_auth_goodpass = no Fri Sep 21 15:31:07 2007 : Debug: main: pidfile = "/var/run/freeradius/freeradius.pid" Fri Sep 21 15:31:07 2007 : Debug: main: user = "freerad" Fri Sep 21 15:31:07 2007 : Debug: main: group = "freerad" Fri Sep 21 15:31:07 2007 : Debug: main: usercollide = no Fri Sep 21 15:31:07 2007 : Debug: main: lower_user = "no" Fri Sep 21 15:31:07 2007 : Debug: main: lower_pass = "no" Fri Sep 21 15:31:07 2007 : Debug: main: nospace_user = "no" Fri Sep 21 15:31:07 2007 : Debug: main: nospace_pass = "no" Fri Sep 21 15:31:07 2007 : Debug: main: checkrad = "/usr/sbin/checkrad" Fri Sep 21 15:31:07 2007 : Debug: main: proxy_requests = yes Fri Sep 21 15:31:07 2007 : Debug: proxy: retry_delay = 5 Fri Sep 21 15:31:07 2007 : Debug: proxy: retry_count = 3 Fri Sep 21 15:31:07 2007 : Debug: proxy: synchronous = no Fri Sep 21 15:31:07 2007 : Debug: proxy: default_fallback = yes Fri Sep 21 15:31:07 2007 : Debug: proxy: dead_time = 120 Fri Sep 21 15:31:07 2007 : Debug: proxy: post_proxy_authorize = yes Fri Sep 21 15:31:07 2007 : Debug: proxy: wake_all_if_all_dead = no Fri Sep 21 15:31:07 2007 : Debug: security: max_attributes = 200 Fri Sep 21 15:31:07 2007 : Debug: security: reject_delay = 1 Fri Sep 21 15:31:07 2007 : Debug: security: status_server = yes Fri Sep 21 15:31:07 2007 : Debug: main: debug_level = 0 Fri Sep 21 15:31:07 2007 : Debug: read_config_files: reading dictionary Fri Sep 21 15:31:07 2007 : Debug: read_config_files: reading naslist Fri Sep 21 15:31:07 2007 : Debug: read_config_files: reading clients Fri Sep 21 15:31:07 2007 : Debug: read_config_files: reading realms Fri Sep 21 15:31:07 2007 : Debug: listen: port = 0 Fri Sep 21 15:31:07 2007 : Debug: listen: type = "auth" Fri Sep 21 15:31:07 2007 : Debug: listen: port = 0 Fri Sep 21 15:31:07 2007 : Debug: listen: type = "acct" Fri Sep 21 15:31:07 2007 : Debug: radiusd: entering modules setup Fri Sep 21 15:31:07 2007 : Debug: Module: Library search path is /usr/lib/freeradius Fri Sep 21 15:31:07 2007 : Debug: Module: Loaded exec Fri Sep 21 15:31:07 2007 : Debug: exec: wait = no Fri Sep 21 15:31:07 2007 : Debug: exec: program = "(null)" Fri Sep 21 15:31:07 2007 : Debug: exec: input_pairs = "request" Fri Sep 21 15:31:07 2007 : Debug: exec: output_pairs = "(null)" Fri Sep 21 15:31:07 2007 : Debug: exec: packet_type = "(null)" Fri Sep 21 15:31:07 2007 : Debug: Module: Instantiated exec (exec) Fri Sep 21 15:31:07 2007 : Debug: Module: Loaded expr Fri Sep 21 15:31:07 2007 : Debug: Module: Instantiated expr (expr) Fri Sep 21 15:31:07 2007 : Debug: Module: Loaded LDAP Fri Sep 21 15:31:07 2007 : Debug: ldap: server = "ldaps://ldap.grenoble.cnrs.fr" Fri Sep 21 15:31:07 2007 : Debug: ldap: port = 389 Fri Sep 21 15:31:07 2007 : Debug: ldap: net_timeout = 1 Fri Sep 21 15:31:07 2007 : Debug: ldap: timeout = 4 Fri Sep 21 15:31:07 2007 : Debug: ldap: timelimit = 3 Fri Sep 21 15:31:07 2007 : Debug: ldap: identity = "cn=rad,dc=grenoble,dc=cnrs,dc=fr" Fri Sep 21 15:31:07 2007 : Debug: ldap: tls_mode = no Fri Sep 21 15:31:07 2007 : Debug: ldap: start_tls = no Fri Sep 21 15:31:07 2007 : Debug: ldap: tls_cacertfile = "(null)" Fri Sep 21 15:31:07 2007 : Debug: ldap: tls_cacertdir = "(null)" Fri Sep 21 15:31:07 2007 : Debug: ldap: tls_certfile = "(null)" Fri Sep 21 15:31:07 2007 : Debug: ldap: tls_keyfile = "(null)" Fri Sep 21 15:31:07 2007 : Debug: ldap: tls_randfile = "(null)" Fri Sep 21 15:31:07 2007 : Debug: ldap: tls_require_cert = "allow" Fri Sep 21 15:31:07 2007 : Debug: ldap: password = "XXXXXXX" Fri Sep 21 15:31:07 2007 : Debug: ldap: basedn = "ou=users,dc=grenoble,dc=cnrs,dc=fr" Fri Sep 21 15:31:07 2007 : Debug: ldap: filter = "(|(|(uid=%{Stripped-User-Name:-%{User-Name}})(mail=%{Stripped-User-Name:-%{User-Name}}))(mail=%{Stripped-User-Name:-%{User-Name}}@grenoble.cnrs.fr))" Fri Sep 21 15:31:07 2007 : Debug: ldap: base_filter = "(objectclass=radiusprofile)" Fri Sep 21 15:31:07 2007 : Debug: ldap: default_profile = "(null)" Fri Sep 21 15:31:07 2007 : Debug: ldap: profile_attribute = "(null)" Fri Sep 21 15:31:07 2007 : Debug: ldap: password_header = "(null)" Fri Sep 21 15:31:07 2007 : Debug: ldap: password_attribute = "(null)" Fri Sep 21 15:31:07 2007 : Debug: ldap: access_attr = "(null)" Fri Sep 21 15:31:07 2007 : Debug: ldap: groupname_attribute = "radiusGroupName" Fri Sep 21 15:31:07 2007 : Debug: ldap: groupmembership_filter = "(|(|(uid=%{Stripped-User-Name:-%{User-Name}})(mail=%{Stripped-User-Name:-%{User-Name}}))(mail=%{Stripped-User-Name:-%{User-Name}}@grenoble.cnrs.fr))" Fri Sep 21 15:31:07 2007 : Debug: ldap: groupmembership_attribute = "radiusGroupName" Fri Sep 21 15:31:07 2007 : Debug: ldap: dictionary_mapping = "/etc/freeradius/ldap.attrmap" Fri Sep 21 15:31:07 2007 : Debug: ldap: ldap_debug = 0 Fri Sep 21 15:31:07 2007 : Debug: ldap: ldap_connections_number = 5 Fri Sep 21 15:31:07 2007 : Debug: ldap: compare_check_items = no Fri Sep 21 15:31:07 2007 : Debug: ldap: access_attr_used_for_allow = yes Fri Sep 21 15:31:07 2007 : Debug: ldap: do_xlat = yes Fri Sep 21 15:31:07 2007 : Debug: ldap: edir_account_policy_check = no Fri Sep 21 15:31:07 2007 : Debug: ldap: set_auth_type = yes Fri Sep 21 15:31:07 2007 : Debug: rlm_ldap: Registering ldap_groupcmp for Ldap-Group Fri Sep 21 15:31:07 2007 : Debug: rlm_ldap: Registering ldap_xlat with xlat_name ldap Fri Sep 21 15:31:07 2007 : Debug: rlm_ldap: reading ldap<->radius mappings from file /etc/freeradius/ldap.attrmap Fri Sep 21 15:31:07 2007 : Debug: rlm_ldap: LDAP radiusCheckItem mapped to RADIUS $GENERIC$ Fri Sep 21 15:31:07 2007 : Debug: rlm_ldap: LDAP radiusReplyItem mapped to RADIUS $GENERIC$ Fri Sep 21 15:31:07 2007 : Debug: rlm_ldap: LDAP radiusAuthType mapped to RADIUS Auth-Type Fri Sep 21 15:31:07 2007 : Debug: rlm_ldap: LDAP radiusSimultaneousUse mapped to RADIUS Simultaneous-Use Fri Sep 21 15:31:07 2007 : Debug: rlm_ldap: LDAP radiusCalledStationId mapped to RADIUS Called-Station-Id Fri Sep 21 15:31:07 2007 : Debug: rlm_ldap: LDAP radiusCallingStationId mapped to RADIUS Calling-Station-Id Fri Sep 21 15:31:07 2007 : Debug: rlm_ldap: LDAP lmPassword mapped to RADIUS LM-Password Fri Sep 21 15:31:07 2007 : Debug: rlm_ldap: LDAP ntPassword mapped to RADIUS NT-Password Fri Sep 21 15:31:07 2007 : Debug: rlm_ldap: LDAP acctFlags mapped to RADIUS SMB-Account-CTRL-TEXT Fri Sep 21 15:31:07 2007 : Debug: rlm_ldap: LDAP radiusExpiration mapped to RADIUS Expiration Fri Sep 21 15:31:07 2007 : Debug: rlm_ldap: LDAP radiusNASIpAddress mapped to RADIUS NAS-IP-Address Fri Sep 21 15:31:07 2007 : Debug: rlm_ldap: LDAP radiusServiceType mapped to RADIUS Service-Type Fri Sep 21 15:31:07 2007 : Debug: rlm_ldap: LDAP radiusFramedProtocol mapped to RADIUS Framed-Protocol Fri Sep 21 15:31:07 2007 : Debug: rlm_ldap: LDAP radiusFramedIPAddress mapped to RADIUS Framed-IP-Address Fri Sep 21 15:31:07 2007 : Debug: rlm_ldap: LDAP radiusFramedIPNetmask mapped to RADIUS Framed-IP-Netmask Fri Sep 21 15:31:07 2007 : Debug: rlm_ldap: LDAP radiusFramedRoute mapped to RADIUS Framed-Route Fri Sep 21 15:31:07 2007 : Debug: rlm_ldap: LDAP radiusFramedRouting mapped to RADIUS Framed-Routing Fri Sep 21 15:31:07 2007 : Debug: rlm_ldap: LDAP radiusFilterId mapped to RADIUS Filter-Id Fri Sep 21 15:31:07 2007 : Debug: rlm_ldap: LDAP radiusFramedMTU mapped to RADIUS Framed-MTU Fri Sep 21 15:31:07 2007 : Debug: rlm_ldap: LDAP radiusFramedCompression mapped to RADIUS Framed-Compression Fri Sep 21 15:31:07 2007 : Debug: rlm_ldap: LDAP radiusLoginIPHost mapped to RADIUS Login-IP-Host Fri Sep 21 15:31:07 2007 : Debug: rlm_ldap: LDAP radiusLoginService mapped to RADIUS Login-Service Fri Sep 21 15:31:07 2007 : Debug: rlm_ldap: LDAP radiusLoginTCPPort mapped to RADIUS Login-TCP-Port Fri Sep 21 15:31:07 2007 : Debug: rlm_ldap: LDAP radiusCallbackNumber mapped to RADIUS Callback-Number Fri Sep 21 15:31:07 2007 : Debug: rlm_ldap: LDAP radiusCallbackId mapped to RADIUS Callback-Id Fri Sep 21 15:31:07 2007 : Debug: rlm_ldap: LDAP radiusFramedIPXNetwork mapped to RADIUS Framed-IPX-Network Fri Sep 21 15:31:07 2007 : Debug: rlm_ldap: LDAP radiusClass mapped to RADIUS Class Fri Sep 21 15:31:07 2007 : Debug: rlm_ldap: LDAP radiusSessionTimeout mapped to RADIUS Session-Timeout Fri Sep 21 15:31:07 2007 : Debug: rlm_ldap: LDAP radiusIdleTimeout mapped to RADIUS Idle-Timeout Fri Sep 21 15:31:07 2007 : Debug: rlm_ldap: LDAP radiusTerminationAction mapped to RADIUS Termination-Action Fri Sep 21 15:31:07 2007 : Debug: rlm_ldap: LDAP radiusLoginLATService mapped to RADIUS Login-LAT-Service Fri Sep 21 15:31:07 2007 : Debug: rlm_ldap: LDAP radiusLoginLATNode mapped to RADIUS Login-LAT-Node Fri Sep 21 15:31:07 2007 : Debug: rlm_ldap: LDAP radiusLoginLATGroup mapped to RADIUS Login-LAT-Group Fri Sep 21 15:31:07 2007 : Debug: rlm_ldap: LDAP radiusFramedAppleTalkLink mapped to RADIUS Framed-AppleTalk-Link Fri Sep 21 15:31:07 2007 : Debug: rlm_ldap: LDAP radiusFramedAppleTalkNetwork mapped to RADIUS Framed-AppleTalk-Network Fri Sep 21 15:31:07 2007 : Debug: rlm_ldap: LDAP radiusFramedAppleTalkZone mapped to RADIUS Framed-AppleTalk-Zone Fri Sep 21 15:31:07 2007 : Debug: rlm_ldap: LDAP radiusPortLimit mapped to RADIUS Port-Limit Fri Sep 21 15:31:07 2007 : Debug: rlm_ldap: LDAP radiusLoginLATPort mapped to RADIUS Login-LAT-Port Fri Sep 21 15:31:07 2007 : Debug: rlm_ldap: LDAP radiusReplyMessage mapped to RADIUS Reply-Message Fri Sep 21 15:31:07 2007 : Debug: conns: 0x5555557bc4c0 Fri Sep 21 15:31:07 2007 : Debug: Module: Instantiated ldap (ldap) Fri Sep 21 15:31:07 2007 : Debug: Module: Loaded eap Fri Sep 21 15:31:07 2007 : Debug: eap: default_eap_type = "ttls" Fri Sep 21 15:31:07 2007 : Debug: eap: timer_expire = 60 Fri Sep 21 15:31:07 2007 : Debug: eap: ignore_unknown_eap_types = yes Fri Sep 21 15:31:07 2007 : Debug: eap: cisco_accounting_username_bug = no Fri Sep 21 15:31:07 2007 : Debug: tls: rsa_key_exchange = no Fri Sep 21 15:31:07 2007 : Debug: tls: dh_key_exchange = yes Fri Sep 21 15:31:07 2007 : Debug: tls: rsa_key_length = 512 Fri Sep 21 15:31:07 2007 : Debug: tls: dh_key_length = 512 Fri Sep 21 15:31:07 2007 : Debug: tls: verify_depth = 0 Fri Sep 21 15:31:07 2007 : Debug: tls: CA_path = "(null)" Fri Sep 21 15:31:07 2007 : Debug: tls: pem_file_type = yes Fri Sep 21 15:31:07 2007 : Debug: tls: private_key_file = "/etc/freeradius/certs/radius.grenoble.cnrs.fr.key" Fri Sep 21 15:31:07 2007 : Debug: tls: certificate_file = "/etc/freeradius/certs/radius.grenoble.cnrs.fr.crt" Fri Sep 21 15:31:07 2007 : Debug: tls: CA_file = "/etc/freeradius/certs/CACNRS.pem" Fri Sep 21 15:31:07 2007 : Debug: tls: private_key_password = "(null)" Fri Sep 21 15:31:07 2007 : Debug: tls: dh_file = "/etc/freeradius/certs/dh" Fri Sep 21 15:31:07 2007 : Debug: tls: random_file = "/etc/freeradius/certs/random" Fri Sep 21 15:31:07 2007 : Debug: tls: fragment_size = 1024 Fri Sep 21 15:31:07 2007 : Debug: tls: include_length = yes Fri Sep 21 15:31:07 2007 : Debug: tls: check_crl = no Fri Sep 21 15:31:07 2007 : Debug: tls: check_cert_cn = "(null)" Fri Sep 21 15:31:07 2007 : Debug: tls: cipher_list = "DEFAULT" Fri Sep 21 15:31:07 2007 : Debug: tls: check_cert_issuer = "(null)" Fri Sep 21 15:31:07 2007 : Info: rlm_eap_tls: Loading the certificate file as a chain Fri Sep 21 15:31:07 2007 : Debug: rlm_eap: Loaded and initialized type tls Fri Sep 21 15:31:07 2007 : Debug: ttls: default_eap_type = "md5" Fri Sep 21 15:31:07 2007 : Debug: ttls: copy_request_to_tunnel = yes Fri Sep 21 15:31:07 2007 : Debug: ttls: use_tunneled_reply = yes Fri Sep 21 15:31:07 2007 : Debug: rlm_eap: Loaded and initialized type ttls Fri Sep 21 15:31:07 2007 : Debug: Module: Instantiated eap (eap) Fri Sep 21 15:31:07 2007 : Debug: Module: Loaded preprocess Fri Sep 21 15:31:07 2007 : Debug: preprocess: huntgroups = "/etc/freeradius/huntgroups" Fri Sep 21 15:31:07 2007 : Debug: preprocess: hints = "/etc/freeradius/hints" Fri Sep 21 15:31:07 2007 : Debug: preprocess: with_ascend_hack = no Fri Sep 21 15:31:07 2007 : Debug: preprocess: ascend_channels_per_line = 23 Fri Sep 21 15:31:07 2007 : Debug: preprocess: with_ntdomain_hack = no Fri Sep 21 15:31:07 2007 : Debug: preprocess: with_specialix_jetstream_hack = no Fri Sep 21 15:31:07 2007 : Debug: preprocess: with_cisco_vsa_hack = no Fri Sep 21 15:31:07 2007 : Debug: preprocess: with_alvarion_vsa_hack = no Fri Sep 21 15:31:07 2007 : Debug: Module: Instantiated preprocess (preprocess) Fri Sep 21 15:31:07 2007 : Debug: Module: Loaded realm Fri Sep 21 15:31:07 2007 : Debug: realm: format = "suffix" Fri Sep 21 15:31:07 2007 : Debug: realm: delimiter = "@" Fri Sep 21 15:31:07 2007 : Debug: realm: ignore_default = no Fri Sep 21 15:31:07 2007 : Debug: realm: ignore_null = no Fri Sep 21 15:31:07 2007 : Debug: Module: Instantiated realm (suffix) Fri Sep 21 15:31:07 2007 : Debug: Module: Loaded files Fri Sep 21 15:31:07 2007 : Debug: files: usersfile = "/etc/freeradius/users" Fri Sep 21 15:31:07 2007 : Debug: files: acctusersfile = "/etc/freeradius/acct_users" Fri Sep 21 15:31:07 2007 : Debug: files: preproxy_usersfile = "/etc/freeradius/preproxy_users" Fri Sep 21 15:31:07 2007 : Debug: files: compat = "no" Fri Sep 21 15:31:07 2007 : Debug: Module: Instantiated files (files) Fri Sep 21 15:31:07 2007 : Debug: Module: Loaded PAP Fri Sep 21 15:31:07 2007 : Debug: pap: encryption_scheme = "crypt" Fri Sep 21 15:31:07 2007 : Debug: pap: auto_header = no Fri Sep 21 15:31:07 2007 : Debug: Module: Instantiated pap (pap) Fri Sep 21 15:31:07 2007 : Debug: Module: Loaded Acct-Unique-Session-Id Fri Sep 21 15:31:07 2007 : Debug: acct_unique: key = "User-Name, Acct-Session-Id, NAS-IP-Address, Client-IP-Address, NAS-Port" Fri Sep 21 15:31:07 2007 : Debug: Module: Instantiated acct_unique (acct_unique) Fri Sep 21 15:31:07 2007 : Debug: Module: Loaded detail Fri Sep 21 15:31:07 2007 : Debug: detail: detailfile = "/var/log/freeradius/radacct/%{Client-IP-Address}/detail-%Y%m%d" Fri Sep 21 15:31:07 2007 : Debug: detail: detailperm = 384 Fri Sep 21 15:31:07 2007 : Debug: detail: dirperm = 493 Fri Sep 21 15:31:07 2007 : Debug: detail: locking = no Fri Sep 21 15:31:07 2007 : Debug: Module: Instantiated detail (detail) Fri Sep 21 15:31:07 2007 : Debug: Module: Loaded System Fri Sep 21 15:31:07 2007 : Debug: unix: cache = no Fri Sep 21 15:31:07 2007 : Debug: unix: passwd = "(null)" Fri Sep 21 15:31:07 2007 : Debug: unix: shadow = "(null)" Fri Sep 21 15:31:07 2007 : Debug: unix: group = "(null)" Fri Sep 21 15:31:07 2007 : Debug: unix: radwtmp = "/var/log/freeradius/radwtmp" Fri Sep 21 15:31:07 2007 : Debug: unix: usegroup = no Fri Sep 21 15:31:07 2007 : Debug: unix: cache_reload = 600 Fri Sep 21 15:31:07 2007 : Debug: Module: Instantiated unix (unix) Fri Sep 21 15:31:07 2007 : Debug: Module: Loaded radutmp Fri Sep 21 15:31:07 2007 : Debug: radutmp: filename = "/var/log/freeradius/radutmp" Fri Sep 21 15:31:07 2007 : Debug: radutmp: username = "%{User-Name}" Fri Sep 21 15:31:07 2007 : Debug: radutmp: case_sensitive = yes Fri Sep 21 15:31:07 2007 : Debug: radutmp: check_with_nas = yes Fri Sep 21 15:31:07 2007 : Debug: radutmp: perm = 384 Fri Sep 21 15:31:07 2007 : Debug: radutmp: callerid = yes Fri Sep 21 15:31:07 2007 : Debug: Module: Instantiated radutmp (radutmp) Fri Sep 21 15:31:07 2007 : Debug: Module: Loaded SQL Fri Sep 21 15:31:07 2007 : Debug: sql: driver = "rlm_sql_mysql" Fri Sep 21 15:31:07 2007 : Debug: sql: server = "localhost" Fri Sep 21 15:31:07 2007 : Debug: sql: port = "" Fri Sep 21 15:31:07 2007 : Debug: sql: login = "AcctRadius" Fri Sep 21 15:31:07 2007 : Debug: sql: password = "AcctRadius" Fri Sep 21 15:31:07 2007 : Debug: sql: radius_db = "accounting" Fri Sep 21 15:31:07 2007 : Debug: sql: nas_table = "nas" Fri Sep 21 15:31:07 2007 : Debug: sql: sqltrace = yes Fri Sep 21 15:31:07 2007 : Debug: sql: sqltracefile = "/var/log/freeradius/sqltrace.sql" Fri Sep 21 15:31:07 2007 : Debug: sql: readclients = no Fri Sep 21 15:31:07 2007 : Debug: sql: deletestalesessions = yes Fri Sep 21 15:31:07 2007 : Debug: sql: num_sql_socks = 5 Fri Sep 21 15:31:07 2007 : Debug: sql: sql_user_name = "%{User-Name}" Fri Sep 21 15:31:07 2007 : Debug: sql: default_user_profile = "" Fri Sep 21 15:31:07 2007 : Debug: sql: query_on_not_found = no Fri Sep 21 15:31:07 2007 : Debug: sql: authorize_check_query = "SELECT id, UserName, Attribute, Value, op FROM radcheck WHERE Username = '%{SQL-User-Name}' ORDER BY id" Fri Sep 21 15:31:07 2007 : Debug: sql: authorize_reply_query = "SELECT id, UserName, Attribute, Value, op FROM radreply WHERE Username = '%{SQL-User-Name}' ORDER BY id" Fri Sep 21 15:31:07 2007 : Debug: sql: authorize_group_check_query = "SELECT id, GroupName, Attribute, Value, op FROM radgroupcheck WHERE GroupName = '%{Sql-Group}' ORDER BY id" Fri Sep 21 15:31:07 2007 : Debug: sql: authorize_group_reply_query = "SELECT id, GroupName, Attribute, Value, op FROM radgroupreply WHERE GroupName = '%{Sql-Group}' ORDER BY id" Fri Sep 21 15:31:07 2007 : Debug: sql: accounting_onoff_query = "UPDATE radacct SET AcctStopTime='%S', AcctSessionTime=unix_timestamp('%S') - unix_timestamp(AcctStartTime), AcctTerminateCause='%{Acct-Terminate-Cause}', AcctStopDelay = %{Acct-Delay-Time:-0} WHERE AcctSessionTime=0 AND AcctStopTime=0 AND NASIPAddress= '%{NAS-IP-Address}' AND AcctStartTime <= '%S'" Fri Sep 21 15:31:07 2007 : Debug: sql: accounting_update_query = "UPDATE radacct SET FramedIPAddress = '%{Framed-IP-Address}', AcctSessionTime = '%{Acct-Session-Time}', AcctInputOctets = '%{Acct-Input-Octets}', AcctOutputOctets = '%{Acct-Output-Octets}' WHERE AcctSessionId = '%{Acct-Session-Id}' AND UserName = '%{SQL-User-Name}' AND NASIPAddress= '%{NAS-IP-Address}'" Fri Sep 21 15:31:07 2007 : Debug: sql: accounting_update_query_alt = "INSERT into radacct (AcctSessionId, AcctUniqueId, UserName, Realm, NASIPAddress, NASPortId, NASPortType, AcctStartTime, AcctSessionTime, AcctAuthentic, ConnectInfo_start, AcctInputOctets, AcctOutputOctets, CalledStationId, CallingStationId, ServiceType, FramedProtocol, FramedIPAddress, AcctStartDelay) values('%{Acct-Session-Id}', '%{Acct-Unique-Session-Id}', '%{SQL-User-Name}', '%{Realm}', '%{NAS-IP-Address}', '%{NAS-Port}', '%{NAS-Port-Type}', DATE_SUB('%S',INTERVAL (%{Acct-Session-Time:-0} + %{Acct-Delay-Time:-0}) SECOND), '%{Acct-Session-Time}', '%{Acct-Authentic}', '', '%{Acct-Input-Octets}', '%{Acct-Output-Octets}', '%{Called-Station-Id}', '%{Calling-Station-Id}', '%{Service-Type}', '%{Framed-Protocol}', '%{Framed-IP-Address}', '0')" Fri Sep 21 15:31:07 2007 : Debug: sql: accounting_start_query = "INSERT into radacct (AcctSessionId, AcctUniqueId, UserName, Realm, NASIPAddress, NASPortId, NASPortType, AcctStartTime, AcctStopTime, AcctSessionTime, AcctAuthentic, ConnectInfo_start, ConnectInfo_stop, AcctInputOctets, AcctOutputOctets, CalledStationId, CallingStationId, AcctTerminateCause, ServiceType, FramedProtocol, FramedIPAddress, AcctStartDelay, AcctStopDelay) values('%{Acct-Session-Id}', '%{Acct-Unique-Session-Id}', '%{SQL-User-Name}', '%{Realm}', '%{NAS-IP-Address}', '%{NAS-Port}', '%{NAS-Port-Type}', '%S', '0', '0', '%{Acct-Authentic}', '%{Connect-Info}', '', '0', '0', '%{Called-Station-Id}', '%{Calling-Station-Id}', '', '%{Service-Type}', '%{Framed-Protocol}', '%{Framed-IP-Address}', '%{Acct-Delay-Time:-0}', '0')" Fri Sep 21 15:31:07 2007 : Debug: sql: accounting_start_query_alt = "UPDATE radacct SET AcctStartTime = '%S', AcctStartDelay = '%{Acct-Delay-Time:-0}', ConnectInfo_start = '%{Connect-Info}' WHERE AcctSessionId = '%{Acct-Session-Id}' AND UserName = '%{SQL-User-Name}' AND NASIPAddress = '%{NAS-IP-Address}'" Fri Sep 21 15:31:07 2007 : Debug: sql: accounting_stop_query = "UPDATE radacct SET AcctStopTime = '%S', AcctSessionTime = '%{Acct-Session-Time}', AcctInputOctets = '%{Acct-Input-Octets}', AcctOutputOctets = '%{Acct-Output-Octets}', AcctTerminateCause = '%{Acct-Terminate-Cause}', AcctStopDelay = '%{Acct-Delay-Time:-0}', ConnectInfo_stop = '%{Connect-Info}' WHERE AcctSessionId = '%{Acct-Session-Id}' AND UserName = '%{SQL-User-Name}' AND NASIPAddress = '%{NAS-IP-Address}'" Fri Sep 21 15:31:07 2007 : Debug: sql: accounting_stop_query_alt = "INSERT into radacct (AcctSessionId, AcctUniqueId, UserName, Realm, NASIPAddress, NASPortId, NASPortType, AcctStartTime, AcctStopTime, AcctSessionTime, AcctAuthentic, ConnectInfo_start, ConnectInfo_stop, AcctInputOctets, AcctOutputOctets, CalledStationId, CallingStationId, AcctTerminateCause, ServiceType, FramedProtocol, FramedIPAddress, AcctStartDelay, AcctStopDelay) values('%{Acct-Session-Id}', '%{Acct-Unique-Session-Id}', '%{SQL-User-Name}', '%{Realm}', '%{NAS-IP-Address}', '%{NAS-Port}', '%{NAS-Port-Type}', DATE_SUB('%S', INTERVAL (%{Acct-Session-Time:-0} + %{Acct-Delay-Time:-0}) SECOND), '%S', '%{Acct-Session-Time}', '%{Acct-Authentic}', '', '%{Connect-Info}', '%{Acct-Input-Octets}', '%{Acct-Output-Octets}', '%{Called-Station-Id}', '%{Calling-Station-Id}', '%{Acct-Terminate-Cause}', '%{Service-Type}', '%{Framed-Protocol}', '%{Framed-IP-Address}', '0', '%{Acct-Delay-Time:-0}')" Fri Sep 21 15:31:07 2007 : Debug: sql: group_membership_query = "SELECT GroupName FROM radusergroup WHERE UserName = '%{SQL-User-Name}' ORDER BY priority" Fri Sep 21 15:31:07 2007 : Debug: sql: connect_failure_retry_delay = 60 Fri Sep 21 15:31:07 2007 : Debug: sql: simul_count_query = "" Fri Sep 21 15:31:07 2007 : Debug: sql: simul_verify_query = "SELECT RadAcctId, AcctSessionId, UserName, NASIPAddress, NASPortId, FramedIPAddress, CallingStationId, FramedProtocol FROM radacct WHERE UserName='%{SQL-User-Name}' AND AcctStopTime = 0" Fri Sep 21 15:31:07 2007 : Debug: sql: postauth_query = "INSERT into radpostauth (id, user, pass, reply, date) values ('', '%{User-Name}', '%{User-Password:-Chap-Password}', '%{reply:Packet-Type}', '%S')" Fri Sep 21 15:31:07 2007 : Debug: sql: safe-characters = "@abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789.-_: /" Fri Sep 21 15:31:07 2007 : Info: rlm_sql (sql): Driver rlm_sql_mysql (module rlm_sql_mysql) loaded and linked Fri Sep 21 15:31:07 2007 : Info: rlm_sql (sql): Attempting to connect to AcctRadius@localhost:/accounting Fri Sep 21 15:31:07 2007 : Debug: rlm_sql (sql): starting 0 Fri Sep 21 15:31:07 2007 : Debug: rlm_sql (sql): Attempting to connect rlm_sql_mysql #0 Fri Sep 21 15:31:07 2007 : Info: rlm_sql_mysql: Starting connect to MySQL server for #0 Fri Sep 21 15:31:07 2007 : Debug: rlm_sql (sql): Connected new DB handle, #0 Fri Sep 21 15:31:07 2007 : Debug: rlm_sql (sql): starting 1 Fri Sep 21 15:31:07 2007 : Debug: rlm_sql (sql): Attempting to connect rlm_sql_mysql #1 Fri Sep 21 15:31:07 2007 : Info: rlm_sql_mysql: Starting connect to MySQL server for #1 Fri Sep 21 15:31:07 2007 : Debug: rlm_sql (sql): Connected new DB handle, #1 Fri Sep 21 15:31:07 2007 : Debug: rlm_sql (sql): starting 2 Fri Sep 21 15:31:07 2007 : Debug: rlm_sql (sql): Attempting to connect rlm_sql_mysql #2 Fri Sep 21 15:31:07 2007 : Info: rlm_sql_mysql: Starting connect to MySQL server for #2 Fri Sep 21 15:31:07 2007 : Debug: rlm_sql (sql): Connected new DB handle, #2 Fri Sep 21 15:31:07 2007 : Debug: rlm_sql (sql): starting 3 Fri Sep 21 15:31:07 2007 : Debug: rlm_sql (sql): Attempting to connect rlm_sql_mysql #3 Fri Sep 21 15:31:07 2007 : Info: rlm_sql_mysql: Starting connect to MySQL server for #3 Fri Sep 21 15:31:07 2007 : Debug: rlm_sql (sql): Connected new DB handle, #3 Fri Sep 21 15:31:07 2007 : Debug: rlm_sql (sql): starting 4 Fri Sep 21 15:31:07 2007 : Debug: rlm_sql (sql): Attempting to connect rlm_sql_mysql #4 Fri Sep 21 15:31:07 2007 : Info: rlm_sql_mysql: Starting connect to MySQL server for #4 Fri Sep 21 15:31:07 2007 : Debug: rlm_sql (sql): Connected new DB handle, #4 Fri Sep 21 15:31:07 2007 : Debug: Module: Instantiated sql (sql) Fri Sep 21 15:31:07 2007 : Debug: Module: Loaded attr_filter Fri Sep 21 15:31:07 2007 : Debug: attr_filter: attrsfile = "/etc/freeradius/attrs.accounting_response" Fri Sep 21 15:31:07 2007 : Error: rlm_attr_filter: Authorize method will be deprecated. Fri Sep 21 15:31:07 2007 : Debug: Module: Instantiated attr_filter (attr_filter.accounting_response) Fri Sep 21 15:31:07 2007 : Debug: detail: detailfile = "/var/log/freeradius/radacct/%{Client-IP-Address}/pre-proxy-detail-%Y%m%d" Fri Sep 21 15:31:07 2007 : Debug: detail: detailperm = 384 Fri Sep 21 15:31:07 2007 : Debug: detail: dirperm = 493 Fri Sep 21 15:31:07 2007 : Debug: detail: locking = no Fri Sep 21 15:31:07 2007 : Debug: Module: Instantiated detail (pre_proxy_log) Fri Sep 21 15:31:07 2007 : Debug: detail: detailfile = "/var/log/freeradius/radacct/%{Client-IP-Address}/post-proxy-detail-%Y%m%d" Fri Sep 21 15:31:07 2007 : Debug: detail: detailperm = 384 Fri Sep 21 15:31:07 2007 : Debug: detail: dirperm = 493 Fri Sep 21 15:31:07 2007 : Debug: detail: locking = no Fri Sep 21 15:31:07 2007 : Debug: Module: Instantiated detail (post_proxy_log) Fri Sep 21 15:31:07 2007 : Debug: attr_filter: attrsfile = "/etc/freeradius/attrs" Fri Sep 21 15:31:07 2007 : Error: rlm_attr_filter: Authorize method will be deprecated. Fri Sep 21 15:31:07 2007 : Debug: Module: Instantiated attr_filter (attr_filter.post-proxy) Fri Sep 21 15:31:07 2007 : Debug: detail: detailfile = "/var/log/freeradius/radacct/%{Client-IP-Address}/post-proxy-detail-%Y%m%d-filtre" Fri Sep 21 15:31:07 2007 : Debug: detail: detailperm = 384 Fri Sep 21 15:31:07 2007 : Debug: detail: dirperm = 493 Fri Sep 21 15:31:07 2007 : Debug: detail: locking = no Fri Sep 21 15:31:07 2007 : Debug: Module: Instantiated detail (post_proxy_log_filtre) Fri Sep 21 15:31:07 2007 : Debug: Listening on authentication *:1812 Fri Sep 21 15:31:07 2007 : Debug: Listening on accounting *:1813 Fri Sep 21 15:31:07 2007 : Debug: Listening on proxy *:1814 Fri Sep 21 15:31:07 2007 : Info: Ready to process requests. rad_recv: Access-Request packet from host 192.168.240.131:1812, id=182, length=151 NAS-IP-Address = 192.168.240.131 NAS-Port = 50019 NAS-Port-Type = Ethernet User-Name = "richard.heral@nano" Called-Station-Id = "00-08-A3-72-C9-13" Calling-Station-Id = "00-30-13-C5-96-6D" Service-Type = Framed-User Framed-MTU = 1500 EAP-Message = 0x0200001701726963686172642e686572616c406e616e6f Message-Authenticator = 0x21e9744dfead4621a03687f0ccbfdfd9 Fri Sep 21 15:31:25 2007 : Debug: Processing the authorize section of radiusd.conf Fri Sep 21 15:31:25 2007 : Debug: modcall: entering group authorize for request 0 Fri Sep 21 15:31:25 2007 : Debug: modsingle[authorize]: calling preprocess (rlm_preprocess) for request 0 Fri Sep 21 15:31:25 2007 : Debug: modsingle[authorize]: returned from preprocess (rlm_preprocess) for request 0 Fri Sep 21 15:31:25 2007 : Debug: modcall[authorize]: module "preprocess" returns ok for request 0 Fri Sep 21 15:31:25 2007 : Debug: modsingle[authorize]: calling suffix (rlm_realm) for request 0 Fri Sep 21 15:31:25 2007 : Debug: rlm_realm: Looking up realm "nano" for User-Name = "richard.heral@nano" Fri Sep 21 15:31:25 2007 : Debug: rlm_realm: Found realm "nano" Fri Sep 21 15:31:25 2007 : Debug: rlm_realm: Adding Stripped-User-Name = "richard.heral" Fri Sep 21 15:31:25 2007 : Debug: rlm_realm: Proxying request from user richard.heral to realm nano Fri Sep 21 15:31:25 2007 : Debug: rlm_realm: Adding Realm = "nano" Fri Sep 21 15:31:25 2007 : Debug: rlm_realm: Authentication realm is LOCAL. Fri Sep 21 15:31:25 2007 : Debug: modsingle[authorize]: returned from suffix (rlm_realm) for request 0 Fri Sep 21 15:31:25 2007 : Debug: modcall[authorize]: module "suffix" returns noop for request 0 Fri Sep 21 15:31:25 2007 : Debug: modsingle[authorize]: calling eap (rlm_eap) for request 0 Fri Sep 21 15:31:25 2007 : Debug: rlm_eap: EAP packet type response id 0 length 23 Fri Sep 21 15:31:25 2007 : Debug: rlm_eap: No EAP Start, assuming it's an on-going EAP conversation Fri Sep 21 15:31:25 2007 : Debug: modsingle[authorize]: returned from eap (rlm_eap) for request 0 Fri Sep 21 15:31:25 2007 : Debug: modcall[authorize]: module "eap" returns updated for request 0 Fri Sep 21 15:31:25 2007 : Debug: modsingle[authorize]: calling files (rlm_files) for request 0 Fri Sep 21 15:31:25 2007 : Debug: rlm_ldap: Entering ldap_groupcmp() Fri Sep 21 15:31:25 2007 : Debug: radius_xlat: 'ou=users,dc=grenoble,dc=cnrs,dc=fr' Fri Sep 21 15:31:25 2007 : Debug: radius_xlat: '(|(|(uid=richard.heral)(mail=richard.heral))(mail=richard.heral@grenoble.cnrs.fr))' Fri Sep 21 15:31:25 2007 : Debug: rlm_ldap: ldap_get_conn: Checking Id: 0 Fri Sep 21 15:31:25 2007 : Debug: rlm_ldap: ldap_get_conn: Got Id: 0 Fri Sep 21 15:31:25 2007 : Debug: rlm_ldap: attempting LDAP reconnection Fri Sep 21 15:31:25 2007 : Debug: rlm_ldap: (re)connect to ldaps://ldap.grenoble.cnrs.fr, authentication 0 Fri Sep 21 15:31:25 2007 : Debug: rlm_ldap: bind as cn=rad,dc=grenoble,dc=cnrs,dc=fr/XXXXXXX to ldaps://ldap.grenoble.cnrs.fr Fri Sep 21 15:31:25 2007 : Debug: rlm_ldap: waiting for bind result ... Fri Sep 21 15:31:25 2007 : Debug: rlm_ldap: Bind was successful Fri Sep 21 15:31:25 2007 : Debug: rlm_ldap: performing search in ou=users,dc=grenoble,dc=cnrs,dc=fr, with filter (|(|(uid=richard.heral)(mail=richard.heral))(mail=richard.heral@grenoble.cnrs.fr)) Fri Sep 21 15:31:25 2007 : Debug: rlm_ldap: ldap_release_conn: Release Id: 0 Fri Sep 21 15:31:25 2007 : Debug: radius_xlat: '(|(|(uid=richard.heral)(mail=richard.heral))(mail=richard.heral@grenoble.cnrs.fr))' Fri Sep 21 15:31:25 2007 : Debug: rlm_ldap: ldap_get_conn: Checking Id: 0 Fri Sep 21 15:31:25 2007 : Debug: rlm_ldap: ldap_get_conn: Got Id: 0 Fri Sep 21 15:31:25 2007 : Debug: rlm_ldap: performing search in ou=users,dc=grenoble,dc=cnrs,dc=fr, with filter (&(radiusGroupName=interneNANO)(|(|(uid=richard.heral)(mail=richard.heral))(mail=richard.heral@grenoble.cnrs.fr))) Fri Sep 21 15:31:25 2007 : Debug: rlm_ldap::ldap_groupcmp: User found in group interneNANO Fri Sep 21 15:31:25 2007 : Debug: rlm_ldap: ldap_release_conn: Release Id: 0 Fri Sep 21 15:31:25 2007 : Debug: users: Matched entry DEFAULT at line 291 Fri Sep 21 15:31:25 2007 : Debug: modsingle[authorize]: returned from files (rlm_files) for request 0 Fri Sep 21 15:31:25 2007 : Debug: modcall[authorize]: module "files" returns ok for request 0 Fri Sep 21 15:31:25 2007 : Debug: modsingle[authorize]: calling pap (rlm_pap) for request 0 Fri Sep 21 15:31:25 2007 : Debug: rlm_pap: WARNING! No "known good" password found for the user. Authentication may fail because of this. Fri Sep 21 15:31:25 2007 : Debug: modsingle[authorize]: returned from pap (rlm_pap) for request 0 Fri Sep 21 15:31:25 2007 : Debug: modcall[authorize]: module "pap" returns noop for request 0 Fri Sep 21 15:31:25 2007 : Debug: modcall: leaving group authorize (returns updated) for request 0 Fri Sep 21 15:31:25 2007 : Debug: Found Autz-Type ldap Fri Sep 21 15:31:25 2007 : Debug: Processing the authorize section of radiusd.conf Fri Sep 21 15:31:25 2007 : Debug: modcall: entering group LDAP for request 0 Fri Sep 21 15:31:25 2007 : Debug: modsingle[authorize]: calling ldap (rlm_ldap) for request 0 Fri Sep 21 15:31:25 2007 : Debug: rlm_ldap: - authorize Fri Sep 21 15:31:25 2007 : Debug: rlm_ldap: performing user authorization for richard.heral Fri Sep 21 15:31:25 2007 : Debug: radius_xlat: '(|(|(uid=richard.heral)(mail=richard.heral))(mail=richard.heral@grenoble.cnrs.fr))' Fri Sep 21 15:31:25 2007 : Debug: radius_xlat: 'ou=users,dc=grenoble,dc=cnrs,dc=fr' Fri Sep 21 15:31:25 2007 : Debug: rlm_ldap: ldap_get_conn: Checking Id: 0 Fri Sep 21 15:31:25 2007 : Debug: rlm_ldap: ldap_get_conn: Got Id: 0 Fri Sep 21 15:31:25 2007 : Debug: rlm_ldap: performing search in ou=users,dc=grenoble,dc=cnrs,dc=fr, with filter (|(|(uid=richard.heral)(mail=richard.heral))(mail=richard.heral@grenoble.cnrs.fr)) Fri Sep 21 15:31:25 2007 : Debug: rlm_ldap: No default NMAS login sequence Fri Sep 21 15:31:25 2007 : Debug: rlm_ldap: looking for check items in directory... Fri Sep 21 15:31:25 2007 : Debug: rlm_ldap: looking for reply items in directory... Fri Sep 21 15:31:25 2007 : Debug: rlm_ldap: user richard.heral authorized to use remote access Fri Sep 21 15:31:25 2007 : Debug: rlm_ldap: ldap_release_conn: Release Id: 0 Fri Sep 21 15:31:25 2007 : Debug: modsingle[authorize]: returned from ldap (rlm_ldap) for request 0 Fri Sep 21 15:31:25 2007 : Debug: modcall[authorize]: module "ldap" returns ok for request 0 Fri Sep 21 15:31:25 2007 : Debug: modcall: leaving group LDAP (returns ok) for request 0 Fri Sep 21 15:31:25 2007 : Debug: rad_check_password: Found Auth-Type EAP Fri Sep 21 15:31:25 2007 : Debug: auth: type "EAP" Fri Sep 21 15:31:25 2007 : Debug: Processing the authenticate section of radiusd.conf Fri Sep 21 15:31:25 2007 : Debug: modcall: entering group authenticate for request 0 Fri Sep 21 15:31:25 2007 : Debug: modsingle[authenticate]: calling eap (rlm_eap) for request 0 Fri Sep 21 15:31:25 2007 : Debug: rlm_eap: EAP Identity Fri Sep 21 15:31:25 2007 : Debug: rlm_eap: processing type tls Fri Sep 21 15:31:25 2007 : Debug: rlm_eap_tls: Initiate Fri Sep 21 15:31:25 2007 : Debug: rlm_eap_tls: Start returned 1 Fri Sep 21 15:31:25 2007 : Debug: modsingle[authenticate]: returned from eap (rlm_eap) for request 0 Fri Sep 21 15:31:25 2007 : Debug: modcall[authenticate]: module "eap" returns handled for request 0 Fri Sep 21 15:31:25 2007 : Debug: modcall: leaving group authenticate (returns handled) for request 0 Sending Access-Challenge of id 182 to 192.168.240.131 port 1812 Tunnel-Type:0 = VLAN Tunnel-Medium-Type:0 = IEEE-802 Tunnel-Private-Group-Id:0 = "64" EAP-Message = 0x010100061520 Message-Authenticator = 0x00000000000000000000000000000000 State = 0xeb343f7e1065de62257d179762c80f39 Fri Sep 21 15:31:25 2007 : Debug: Finished request 0 Fri Sep 21 15:31:25 2007 : Debug: Going to the next request Fri Sep 21 15:31:25 2007 : Debug: --- Walking the entire request list --- Fri Sep 21 15:31:25 2007 : Debug: Waking up in 6 seconds... rad_recv: Access-Request packet from host 192.168.240.131:1812, id=183, length=206 NAS-IP-Address = 192.168.240.131 NAS-Port = 50019 NAS-Port-Type = Ethernet User-Name = "richard.heral@nano" Called-Station-Id = "00-08-A3-72-C9-13" Calling-Station-Id = "00-30-13-C5-96-6D" Service-Type = Framed-User Framed-MTU = 1500 State = 0xeb343f7e1065de62257d179762c80f39 EAP-Message = 0x0201003c158000000032160301002d010000290301831cadc6b27354696f5c0cd37761c4f8ff94a8679f974a9ac337928927456a52000002000a0100 Message-Authenticator = 0xc65de951a9822765b197eaa64006b01a Fri Sep 21 15:31:25 2007 : Debug: Processing the authorize section of radiusd.conf Fri Sep 21 15:31:25 2007 : Debug: modcall: entering group authorize for request 1 Fri Sep 21 15:31:25 2007 : Debug: modsingle[authorize]: calling preprocess (rlm_preprocess) for request 1 Fri Sep 21 15:31:25 2007 : Debug: modsingle[authorize]: returned from preprocess (rlm_preprocess) for request 1 Fri Sep 21 15:31:25 2007 : Debug: modcall[authorize]: module "preprocess" returns ok for request 1 Fri Sep 21 15:31:25 2007 : Debug: modsingle[authorize]: calling suffix (rlm_realm) for request 1 Fri Sep 21 15:31:25 2007 : Debug: rlm_realm: Looking up realm "nano" for User-Name = "richard.heral@nano" Fri Sep 21 15:31:25 2007 : Debug: rlm_realm: Found realm "nano" Fri Sep 21 15:31:25 2007 : Debug: rlm_realm: Adding Stripped-User-Name = "richard.heral" Fri Sep 21 15:31:25 2007 : Debug: rlm_realm: Proxying request from user richard.heral to realm nano Fri Sep 21 15:31:25 2007 : Debug: rlm_realm: Adding Realm = "nano" Fri Sep 21 15:31:25 2007 : Debug: rlm_realm: Authentication realm is LOCAL. Fri Sep 21 15:31:25 2007 : Debug: modsingle[authorize]: returned from suffix (rlm_realm) for request 1 Fri Sep 21 15:31:25 2007 : Debug: modcall[authorize]: module "suffix" returns noop for request 1 Fri Sep 21 15:31:25 2007 : Debug: modsingle[authorize]: calling eap (rlm_eap) for request 1 Fri Sep 21 15:31:25 2007 : Debug: rlm_eap: EAP packet type response id 1 length 60 Fri Sep 21 15:31:25 2007 : Debug: rlm_eap: No EAP Start, assuming it's an on-going EAP conversation Fri Sep 21 15:31:25 2007 : Debug: modsingle[authorize]: returned from eap (rlm_eap) for request 1 Fri Sep 21 15:31:25 2007 : Debug: modcall[authorize]: module "eap" returns updated for request 1 Fri Sep 21 15:31:25 2007 : Debug: modsingle[authorize]: calling files (rlm_files) for request 1 Fri Sep 21 15:31:25 2007 : Debug: rlm_ldap: Entering ldap_groupcmp() Fri Sep 21 15:31:25 2007 : Debug: radius_xlat: 'ou=users,dc=grenoble,dc=cnrs,dc=fr' Fri Sep 21 15:31:25 2007 : Debug: radius_xlat: '(|(|(uid=richard.heral)(mail=richard.heral))(mail=richard.heral@grenoble.cnrs.fr))' Fri Sep 21 15:31:25 2007 : Debug: rlm_ldap: ldap_get_conn: Checking Id: 0 Fri Sep 21 15:31:25 2007 : Debug: rlm_ldap: ldap_get_conn: Got Id: 0 Fri Sep 21 15:31:25 2007 : Debug: rlm_ldap: performing search in ou=users,dc=grenoble,dc=cnrs,dc=fr, with filter (|(|(uid=richard.heral)(mail=richard.heral))(mail=richard.heral@grenoble.cnrs.fr)) Fri Sep 21 15:31:25 2007 : Debug: rlm_ldap: ldap_release_conn: Release Id: 0 Fri Sep 21 15:31:25 2007 : Debug: radius_xlat: '(|(|(uid=richard.heral)(mail=richard.heral))(mail=richard.heral@grenoble.cnrs.fr))' Fri Sep 21 15:31:25 2007 : Debug: rlm_ldap: ldap_get_conn: Checking Id: 0 Fri Sep 21 15:31:25 2007 : Debug: rlm_ldap: ldap_get_conn: Got Id: 0 Fri Sep 21 15:31:25 2007 : Debug: rlm_ldap: performing search in ou=users,dc=grenoble,dc=cnrs,dc=fr, with filter (&(radiusGroupName=interneNANO)(|(|(uid=richard.heral)(mail=richard.heral))(mail=richard.heral@grenoble.cnrs.fr))) Fri Sep 21 15:31:25 2007 : Debug: rlm_ldap::ldap_groupcmp: User found in group interneNANO Fri Sep 21 15:31:25 2007 : Debug: rlm_ldap: ldap_release_conn: Release Id: 0 Fri Sep 21 15:31:25 2007 : Debug: users: Matched entry DEFAULT at line 291 Fri Sep 21 15:31:25 2007 : Debug: modsingle[authorize]: returned from files (rlm_files) for request 1 Fri Sep 21 15:31:25 2007 : Debug: modcall[authorize]: module "files" returns ok for request 1 Fri Sep 21 15:31:25 2007 : Debug: modsingle[authorize]: calling pap (rlm_pap) for request 1 Fri Sep 21 15:31:25 2007 : Debug: rlm_pap: WARNING! No "known good" password found for the user. Authentication may fail because of this. Fri Sep 21 15:31:25 2007 : Debug: modsingle[authorize]: returned from pap (rlm_pap) for request 1 Fri Sep 21 15:31:25 2007 : Debug: modcall[authorize]: module "pap" returns noop for request 1 Fri Sep 21 15:31:25 2007 : Debug: modcall: leaving group authorize (returns updated) for request 1 Fri Sep 21 15:31:25 2007 : Debug: Found Autz-Type ldap Fri Sep 21 15:31:25 2007 : Debug: Processing the authorize section of radiusd.conf Fri Sep 21 15:31:25 2007 : Debug: modcall: entering group LDAP for request 1 Fri Sep 21 15:31:25 2007 : Debug: modsingle[authorize]: calling ldap (rlm_ldap) for request 1 Fri Sep 21 15:31:25 2007 : Debug: rlm_ldap: - authorize Fri Sep 21 15:31:25 2007 : Debug: rlm_ldap: performing user authorization for richard.heral Fri Sep 21 15:31:25 2007 : Debug: radius_xlat: '(|(|(uid=richard.heral)(mail=richard.heral))(mail=richard.heral@grenoble.cnrs.fr))' Fri Sep 21 15:31:25 2007 : Debug: radius_xlat: 'ou=users,dc=grenoble,dc=cnrs,dc=fr' Fri Sep 21 15:31:25 2007 : Debug: rlm_ldap: ldap_get_conn: Checking Id: 0 Fri Sep 21 15:31:25 2007 : Debug: rlm_ldap: ldap_get_conn: Got Id: 0 Fri Sep 21 15:31:25 2007 : Debug: rlm_ldap: performing search in ou=users,dc=grenoble,dc=cnrs,dc=fr, with filter (|(|(uid=richard.heral)(mail=richard.heral))(mail=richard.heral@grenoble.cnrs.fr)) Fri Sep 21 15:31:25 2007 : Debug: rlm_ldap: No default NMAS login sequence Fri Sep 21 15:31:25 2007 : Debug: rlm_ldap: looking for check items in directory... Fri Sep 21 15:31:25 2007 : Debug: rlm_ldap: looking for reply items in directory... Fri Sep 21 15:31:25 2007 : Debug: rlm_ldap: user richard.heral authorized to use remote access Fri Sep 21 15:31:25 2007 : Debug: rlm_ldap: ldap_release_conn: Release Id: 0 Fri Sep 21 15:31:25 2007 : Debug: modsingle[authorize]: returned from ldap (rlm_ldap) for request 1 Fri Sep 21 15:31:25 2007 : Debug: modcall[authorize]: module "ldap" returns ok for request 1 Fri Sep 21 15:31:25 2007 : Debug: modcall: leaving group LDAP (returns ok) for request 1 Fri Sep 21 15:31:25 2007 : Debug: rad_check_password: Found Auth-Type EAP Fri Sep 21 15:31:25 2007 : Debug: auth: type "EAP" Fri Sep 21 15:31:25 2007 : Debug: Processing the authenticate section of radiusd.conf Fri Sep 21 15:31:25 2007 : Debug: modcall: entering group authenticate for request 1 Fri Sep 21 15:31:25 2007 : Debug: modsingle[authenticate]: calling eap (rlm_eap) for request 1 Fri Sep 21 15:31:25 2007 : Debug: rlm_eap: Request found, released from the list Fri Sep 21 15:31:25 2007 : Debug: rlm_eap: EAP/ttls Fri Sep 21 15:31:25 2007 : Debug: rlm_eap: processing type ttls Fri Sep 21 15:31:25 2007 : Debug: rlm_eap_ttls: Authenticate Fri Sep 21 15:31:25 2007 : Debug: rlm_eap_tls: processing TLS Fri Sep 21 15:31:25 2007 : Debug: rlm_eap_tls: Length Included Fri Sep 21 15:31:25 2007 : Debug: eaptls_verify returned 11 Fri Sep 21 15:31:25 2007 : Debug: (other): before/accept initialization Fri Sep 21 15:31:25 2007 : Debug: TLS_accept: before/accept initialization Fri Sep 21 15:31:25 2007 : Debug: rlm_eap_tls: <<< TLS 1.0 Handshake [length 002d], ClientHello Fri Sep 21 15:31:25 2007 : Debug: TLS_accept: SSLv3 read client hello A Fri Sep 21 15:31:25 2007 : Debug: rlm_eap_tls: >>> TLS 1.0 Handshake [length 004a], ServerHello Fri Sep 21 15:31:25 2007 : Debug: TLS_accept: SSLv3 write server hello A Fri Sep 21 15:31:25 2007 : Debug: rlm_eap_tls: >>> TLS 1.0 Handshake [length 0af4], Certificate Fri Sep 21 15:31:25 2007 : Debug: TLS_accept: SSLv3 write certificate A Fri Sep 21 15:31:25 2007 : Debug: rlm_eap_tls: >>> TLS 1.0 Handshake [length 0004], ServerHelloDone Fri Sep 21 15:31:25 2007 : Debug: TLS_accept: SSLv3 write server done A Fri Sep 21 15:31:25 2007 : Debug: TLS_accept: SSLv3 flush data Fri Sep 21 15:31:25 2007 : Debug: TLS_accept: Need to read more data: SSLv3 read client certificate A Fri Sep 21 15:31:25 2007 : Debug: In SSL Handshake Phase Fri Sep 21 15:31:25 2007 : Debug: In SSL Accept mode Fri Sep 21 15:31:25 2007 : Debug: eaptls_process returned 13 Fri Sep 21 15:31:25 2007 : Debug: modsingle[authenticate]: returned from eap (rlm_eap) for request 1 Fri Sep 21 15:31:25 2007 : Debug: modcall[authenticate]: module "eap" returns handled for request 1 Fri Sep 21 15:31:25 2007 : Debug: modcall: leaving group authenticate (returns handled) for request 1 Sending Access-Challenge of id 183 to 192.168.240.131 port 1812 Tunnel-Type:0 = VLAN Tunnel-Medium-Type:0 = IEEE-802 Tunnel-Private-Group-Id:0 = "64" EAP-Message = 0x0102040a15c000000b51160301004a02000046030146f3c7ad27a3c59d603cd7e12183626edffca15f7f6f18ef2e9ba87987fbddf620777fb3f4b95d66d2875d716048dc02fec83a778ef6b39f614f34365a266a246d000a001603010af40b000af0000aed00040b30820407308202efa00302010202022aa9300d06092a864886f70d01010505003034310b3009060355040613024652310d300b060355040a1304434e5253311630140603550403130d434e52532d5374616e64617264301e170d3035313133303130323130305a170d3037313133303130323130305a3074310b3009060355040613024652310d300b060355040a1304434e525331 EAP-Message = 0x0e300c060355040b130555505231313120301e060355040313177261646975732e6772656e6f626c652e636e72732e66723124302206092a864886f70d010901161563726963406772656e6f626c652e636e72732e667230819f300d06092a864886f70d010101050003818d0030818902818100df35c7c5f7a9736b6ef45af154865888cb1feb2db74bee23a5d120e00d78f8776297efd28914c82b5e6253cf51b3b30b400dcadf9f96cf661554915043065443c6e22931cfb82ac8fd6af4a31083a57df1b5ac8a604d05e6bc3a02dd1f2b2570cc757346d93c1e8ddcb9f3f24042bcea5f731598f278f8715d1ea042580c3a930203010001a3820165 EAP-Message = 0x30820161300c0603551d130101ff04023000301106096086480186f84201010404030206c0300e0603551d0f0101ff0404030205e0301d0603551d250416301406082b0601050507030106082b06010505070302302f06096086480186f842010d0422162043657274696669636174207365727665757220434e52532d5374616e64617264301d0603551d0e04160414b201d9549927db5f2e5410d6b2b65ead9d77670c30530603551d23044c304a80146759a5e507744903ef05cfcc2ea418d510c89e3ca12fa42d302b310b3009060355040613024652310d300b060355040a1304434e5253310d300b06035504031304434e525382010230220603 EAP-Message = 0x551d11041b301982177261646975732e6772656e6f626c652e636e72732e667230460603551d1f043f303d303ba039a0378635687474703a2f2f63726c732e73657276696365732e636e72732e66722f434e52532d5374616e646172642f6765746465722e63726c300d06092a864886f70d010105050003820101000e12aad10f16c2e9e9dbc19673908f0168a4223139663ab18dadeecdd7106cdedd0f232c94b8e29cfe170ed0c2635518ac66b75bfff4e4cafb094c50eaef77d7990c9a75eda36f4cfb378188fe77368baab090f41d03742ca7c33eae07d8cd96d7268429385a1be32ee728175463a20e171d756011031039315a4b6a0c8923e9aa EAP-Message = 0x4f960ff197f0e929a194b0af6b8d41ce78620d7ef1d0 Message-Authenticator = 0x00000000000000000000000000000000 State = 0xe06fad08a83a4d2a0bd40a2770b3ee38 Fri Sep 21 15:31:25 2007 : Debug: Finished request 1 Fri Sep 21 15:31:25 2007 : Debug: Going to the next request Fri Sep 21 15:31:25 2007 : Debug: Waking up in 6 seconds... rad_recv: Access-Request packet from host 192.168.240.131:1812, id=184, length=152 NAS-IP-Address = 192.168.240.131 NAS-Port = 50019 NAS-Port-Type = Ethernet User-Name = "richard.heral@nano" Called-Station-Id = "00-08-A3-72-C9-13" Calling-Station-Id = "00-30-13-C5-96-6D" Service-Type = Framed-User Framed-MTU = 1500 State = 0xe06fad08a83a4d2a0bd40a2770b3ee38 EAP-Message = 0x020200061500 Message-Authenticator = 0xd933031b9a4658dd508886cd7ddfde9b Fri Sep 21 15:31:25 2007 : Debug: Processing the authorize section of radiusd.conf Fri Sep 21 15:31:25 2007 : Debug: modcall: entering group authorize for request 2 Fri Sep 21 15:31:25 2007 : Debug: modsingle[authorize]: calling preprocess (rlm_preprocess) for request 2 Fri Sep 21 15:31:25 2007 : Debug: modsingle[authorize]: returned from preprocess (rlm_preprocess) for request 2 Fri Sep 21 15:31:25 2007 : Debug: modcall[authorize]: module "preprocess" returns ok for request 2 Fri Sep 21 15:31:25 2007 : Debug: modsingle[authorize]: calling suffix (rlm_realm) for request 2 Fri Sep 21 15:31:25 2007 : Debug: rlm_realm: Looking up realm "nano" for User-Name = "richard.heral@nano" Fri Sep 21 15:31:25 2007 : Debug: rlm_realm: Found realm "nano" Fri Sep 21 15:31:25 2007 : Debug: rlm_realm: Adding Stripped-User-Name = "richard.heral" Fri Sep 21 15:31:25 2007 : Debug: rlm_realm: Proxying request from user richard.heral to realm nano Fri Sep 21 15:31:25 2007 : Debug: rlm_realm: Adding Realm = "nano" Fri Sep 21 15:31:25 2007 : Debug: rlm_realm: Authentication realm is LOCAL. Fri Sep 21 15:31:25 2007 : Debug: modsingle[authorize]: returned from suffix (rlm_realm) for request 2 Fri Sep 21 15:31:25 2007 : Debug: modcall[authorize]: module "suffix" returns noop for request 2 Fri Sep 21 15:31:25 2007 : Debug: modsingle[authorize]: calling eap (rlm_eap) for request 2 Fri Sep 21 15:31:25 2007 : Debug: rlm_eap: EAP packet type response id 2 length 6 Fri Sep 21 15:31:25 2007 : Debug: rlm_eap: No EAP Start, assuming it's an on-going EAP conversation Fri Sep 21 15:31:25 2007 : Debug: modsingle[authorize]: returned from eap (rlm_eap) for request 2 Fri Sep 21 15:31:25 2007 : Debug: modcall[authorize]: module "eap" returns updated for request 2 Fri Sep 21 15:31:25 2007 : Debug: modsingle[authorize]: calling files (rlm_files) for request 2 Fri Sep 21 15:31:25 2007 : Debug: rlm_ldap: Entering ldap_groupcmp() Fri Sep 21 15:31:25 2007 : Debug: radius_xlat: 'ou=users,dc=grenoble,dc=cnrs,dc=fr' Fri Sep 21 15:31:25 2007 : Debug: radius_xlat: '(|(|(uid=richard.heral)(mail=richard.heral))(mail=richard.heral@grenoble.cnrs.fr))' Fri Sep 21 15:31:25 2007 : Debug: rlm_ldap: ldap_get_conn: Checking Id: 0 Fri Sep 21 15:31:25 2007 : Debug: rlm_ldap: ldap_get_conn: Got Id: 0 Fri Sep 21 15:31:25 2007 : Debug: rlm_ldap: performing search in ou=users,dc=grenoble,dc=cnrs,dc=fr, with filter (|(|(uid=richard.heral)(mail=richard.heral))(mail=richard.heral@grenoble.cnrs.fr)) Fri Sep 21 15:31:25 2007 : Debug: rlm_ldap: ldap_release_conn: Release Id: 0 Fri Sep 21 15:31:25 2007 : Debug: radius_xlat: '(|(|(uid=richard.heral)(mail=richard.heral))(mail=richard.heral@grenoble.cnrs.fr))' Fri Sep 21 15:31:25 2007 : Debug: rlm_ldap: ldap_get_conn: Checking Id: 0 Fri Sep 21 15:31:25 2007 : Debug: rlm_ldap: ldap_get_conn: Got Id: 0 Fri Sep 21 15:31:25 2007 : Debug: rlm_ldap: performing search in ou=users,dc=grenoble,dc=cnrs,dc=fr, with filter (&(radiusGroupName=interneNANO)(|(|(uid=richard.heral)(mail=richard.heral))(mail=richard.heral@grenoble.cnrs.fr))) Fri Sep 21 15:31:25 2007 : Debug: rlm_ldap::ldap_groupcmp: User found in group interneNANO Fri Sep 21 15:31:25 2007 : Debug: rlm_ldap: ldap_release_conn: Release Id: 0 Fri Sep 21 15:31:25 2007 : Debug: users: Matched entry DEFAULT at line 291 Fri Sep 21 15:31:25 2007 : Debug: modsingle[authorize]: returned from files (rlm_files) for request 2 Fri Sep 21 15:31:25 2007 : Debug: modcall[authorize]: module "files" returns ok for request 2 Fri Sep 21 15:31:25 2007 : Debug: modsingle[authorize]: calling pap (rlm_pap) for request 2 Fri Sep 21 15:31:25 2007 : Debug: rlm_pap: WARNING! No "known good" password found for the user. Authentication may fail because of this. Fri Sep 21 15:31:25 2007 : Debug: modsingle[authorize]: returned from pap (rlm_pap) for request 2 Fri Sep 21 15:31:25 2007 : Debug: modcall[authorize]: module "pap" returns noop for request 2 Fri Sep 21 15:31:25 2007 : Debug: modcall: leaving group authorize (returns updated) for request 2 Fri Sep 21 15:31:25 2007 : Debug: Found Autz-Type ldap Fri Sep 21 15:31:25 2007 : Debug: Processing the authorize section of radiusd.conf Fri Sep 21 15:31:25 2007 : Debug: modcall: entering group LDAP for request 2 Fri Sep 21 15:31:25 2007 : Debug: modsingle[authorize]: calling ldap (rlm_ldap) for request 2 Fri Sep 21 15:31:25 2007 : Debug: rlm_ldap: - authorize Fri Sep 21 15:31:25 2007 : Debug: rlm_ldap: performing user authorization for richard.heral Fri Sep 21 15:31:25 2007 : Debug: radius_xlat: '(|(|(uid=richard.heral)(mail=richard.heral))(mail=richard.heral@grenoble.cnrs.fr))' Fri Sep 21 15:31:25 2007 : Debug: radius_xlat: 'ou=users,dc=grenoble,dc=cnrs,dc=fr' Fri Sep 21 15:31:25 2007 : Debug: rlm_ldap: ldap_get_conn: Checking Id: 0 Fri Sep 21 15:31:25 2007 : Debug: rlm_ldap: ldap_get_conn: Got Id: 0 Fri Sep 21 15:31:25 2007 : Debug: rlm_ldap: performing search in ou=users,dc=grenoble,dc=cnrs,dc=fr, with filter (|(|(uid=richard.heral)(mail=richard.heral))(mail=richard.heral@grenoble.cnrs.fr)) Fri Sep 21 15:31:25 2007 : Debug: rlm_ldap: No default NMAS login sequence Fri Sep 21 15:31:25 2007 : Debug: rlm_ldap: looking for check items in directory... Fri Sep 21 15:31:25 2007 : Debug: rlm_ldap: looking for reply items in directory... Fri Sep 21 15:31:25 2007 : Debug: rlm_ldap: user richard.heral authorized to use remote access Fri Sep 21 15:31:25 2007 : Debug: rlm_ldap: ldap_release_conn: Release Id: 0 Fri Sep 21 15:31:25 2007 : Debug: modsingle[authorize]: returned from ldap (rlm_ldap) for request 2 Fri Sep 21 15:31:25 2007 : Debug: modcall[authorize]: module "ldap" returns ok for request 2 Fri Sep 21 15:31:25 2007 : Debug: modcall: leaving group LDAP (returns ok) for request 2 Fri Sep 21 15:31:25 2007 : Debug: rad_check_password: Found Auth-Type EAP Fri Sep 21 15:31:25 2007 : Debug: auth: type "EAP" Fri Sep 21 15:31:25 2007 : Debug: Processing the authenticate section of radiusd.conf Fri Sep 21 15:31:25 2007 : Debug: modcall: entering group authenticate for request 2 Fri Sep 21 15:31:25 2007 : Debug: modsingle[authenticate]: calling eap (rlm_eap) for request 2 Fri Sep 21 15:31:25 2007 : Debug: rlm_eap: Request found, released from the list Fri Sep 21 15:31:25 2007 : Debug: rlm_eap: EAP/ttls Fri Sep 21 15:31:25 2007 : Debug: rlm_eap: processing type ttls Fri Sep 21 15:31:25 2007 : Debug: rlm_eap_ttls: Authenticate Fri Sep 21 15:31:25 2007 : Debug: rlm_eap_tls: processing TLS Fri Sep 21 15:31:25 2007 : Debug: rlm_eap_tls: Received EAP-TLS ACK message Fri Sep 21 15:31:25 2007 : Debug: rlm_eap_tls: ack handshake fragment handler Fri Sep 21 15:31:25 2007 : Debug: eaptls_verify returned 1 Fri Sep 21 15:31:25 2007 : Debug: eaptls_process returned 13 Fri Sep 21 15:31:25 2007 : Debug: modsingle[authenticate]: returned from eap (rlm_eap) for request 2 Fri Sep 21 15:31:25 2007 : Debug: modcall[authenticate]: module "eap" returns handled for request 2 Fri Sep 21 15:31:25 2007 : Debug: modcall: leaving group authenticate (returns handled) for request 2 Sending Access-Challenge of id 184 to 192.168.240.131 port 1812 Tunnel-Type:0 = VLAN Tunnel-Medium-Type:0 = IEEE-802 Tunnel-Private-Group-Id:0 = "64" EAP-Message = 0x0103040a15c000000b51aef2010152718af34680242d09db9cfb824a49fb9fa25efb658d57bbf5f56d38a151404c9c6d6e5c14f1d82b180210568b32f2c8543ef9c3ae4ea1d535f7a1fc050ee430fa5d23db9663fa14e907f1f7fd32049d94f09fc1b959718cd615361b16db16dc7122bb17d80003713082036d30820255a003020102020102300d06092a864886f70d0101040500302b310b3009060355040613024652310d300b060355040a1304434e5253310d300b06035504031304434e5253301e170d3031303432373035343634395a170d3131303432353035343634395a3034310b3009060355040613024652310d300b060355040a130443 EAP-Message = 0x4e5253311630140603550403130d434e52532d5374616e6461726430820122300d06092a864886f70d01010105000382010f003082010a0282010100dce11e213d068beabd5eb488db0f9397b46d073d8662002dcaffb54a8ee756a48f612cf1a02aabf62add7c2cbfef75550bac094ee74e61c0e70cf09015451202c28cebc31264e26310182ecb0731d981e5dc29829b3156e2811e8a6fa7e8a958114456835db34e78702ddfb6fd728145d5f1ee4dceefbed53d0c9020459a0980af0f4cda200e80bf3ab3eb2780c0b90fc0a14e40dc3afd6a2abf40d52c7180f9f8ba6be4ea2a00ab2fbe9af0a7766d98299c0f2ff042f218975bc9f6cc195fbac2 EAP-Message = 0xbe12d25cb09094c0b7cb0604ef8f30ed322d7a4af793bba009a4b4ee33cbd0839bb5b5b390de8e901e599c20d54b1eedd74c4f86fa1c3a2aa1e9ac05a09dbf0203010001a3819230818f300c0603551d13040530030101ff301d0603551d0e041604146759a5e507744903ef05cfcc2ea418d510c89e3c30530603551d23044c304a801456eb68b9d25c7e98b5a553c3916f6358c4f96bb7a12fa42d302b310b3009060355040613024652310d300b060355040a1304434e5253310d300b06035504031304434e5253820100300b0603551d0f040403020106300d06092a864886f70d0101040500038201010006034783724590c24ee121d7ab17a901 EAP-Message = 0x5506ca406d55a21d5eebe2142359e409e290f63c8d36060f4ba7262365c2ea069a72bbb88ccb8a5fef7936257e00d7f30694fb8344292637c7eee987ce6c86801b713dd262aff6cd626c530fe67a93008c7b2e33e0411daabe659876f1950774b3e63f5375d54b06364b29c4f6dc8e138040107382ad157b047150b53733f2c864bba1107e36c6adaf6f7052a6d1aeccccbab0e859128f620dad03dd4b2ae8893988512fed61e8b73087db27556d6687a351098061715105be131dd94130fc755f0a969b18ffbe9081b413c0721108fd6a9a6a07bdf4832cb460366407fa3d6aa7b090047683dd33cb34e21798040ba1000368308203643082024ca003 EAP-Message = 0x020102020100300d06092a864886f70d010104050030 Message-Authenticator = 0x00000000000000000000000000000000 State = 0xfe2d154790318198e2e0568f82b2a4ff Fri Sep 21 15:31:25 2007 : Debug: Finished request 2 Fri Sep 21 15:31:25 2007 : Debug: Going to the next request Fri Sep 21 15:31:25 2007 : Debug: Waking up in 6 seconds... rad_recv: Access-Request packet from host 192.168.240.131:1812, id=185, length=152 NAS-IP-Address = 192.168.240.131 NAS-Port = 50019 NAS-Port-Type = Ethernet User-Name = "richard.heral@nano" Called-Station-Id = "00-08-A3-72-C9-13" Calling-Station-Id = "00-30-13-C5-96-6D" Service-Type = Framed-User Framed-MTU = 1500 State = 0xfe2d154790318198e2e0568f82b2a4ff EAP-Message = 0x020300061500 Message-Authenticator = 0xfbd24907726c6f8b725fc3941b1b0b8a Fri Sep 21 15:31:25 2007 : Debug: Processing the authorize section of radiusd.conf Fri Sep 21 15:31:25 2007 : Debug: modcall: entering group authorize for request 3 Fri Sep 21 15:31:25 2007 : Debug: modsingle[authorize]: calling preprocess (rlm_preprocess) for request 3 Fri Sep 21 15:31:25 2007 : Debug: modsingle[authorize]: returned from preprocess (rlm_preprocess) for request 3 Fri Sep 21 15:31:25 2007 : Debug: modcall[authorize]: module "preprocess" returns ok for request 3 Fri Sep 21 15:31:25 2007 : Debug: modsingle[authorize]: calling suffix (rlm_realm) for request 3 Fri Sep 21 15:31:25 2007 : Debug: rlm_realm: Looking up realm "nano" for User-Name = "richard.heral@nano" Fri Sep 21 15:31:25 2007 : Debug: rlm_realm: Found realm "nano" Fri Sep 21 15:31:25 2007 : Debug: rlm_realm: Adding Stripped-User-Name = "richard.heral" Fri Sep 21 15:31:25 2007 : Debug: rlm_realm: Proxying request from user richard.heral to realm nano Fri Sep 21 15:31:25 2007 : Debug: rlm_realm: Adding Realm = "nano" Fri Sep 21 15:31:25 2007 : Debug: rlm_realm: Authentication realm is LOCAL. Fri Sep 21 15:31:25 2007 : Debug: modsingle[authorize]: returned from suffix (rlm_realm) for request 3 Fri Sep 21 15:31:25 2007 : Debug: modcall[authorize]: module "suffix" returns noop for request 3 Fri Sep 21 15:31:25 2007 : Debug: modsingle[authorize]: calling eap (rlm_eap) for request 3 Fri Sep 21 15:31:25 2007 : Debug: rlm_eap: EAP packet type response id 3 length 6 Fri Sep 21 15:31:25 2007 : Debug: rlm_eap: No EAP Start, assuming it's an on-going EAP conversation Fri Sep 21 15:31:25 2007 : Debug: modsingle[authorize]: returned from eap (rlm_eap) for request 3 Fri Sep 21 15:31:25 2007 : Debug: modcall[authorize]: module "eap" returns updated for request 3 Fri Sep 21 15:31:25 2007 : Debug: modsingle[authorize]: calling files (rlm_files) for request 3 Fri Sep 21 15:31:25 2007 : Debug: rlm_ldap: Entering ldap_groupcmp() Fri Sep 21 15:31:25 2007 : Debug: radius_xlat: 'ou=users,dc=grenoble,dc=cnrs,dc=fr' Fri Sep 21 15:31:25 2007 : Debug: radius_xlat: '(|(|(uid=richard.heral)(mail=richard.heral))(mail=richard.heral@grenoble.cnrs.fr))' Fri Sep 21 15:31:25 2007 : Debug: rlm_ldap: ldap_get_conn: Checking Id: 0 Fri Sep 21 15:31:25 2007 : Debug: rlm_ldap: ldap_get_conn: Got Id: 0 Fri Sep 21 15:31:25 2007 : Debug: rlm_ldap: performing search in ou=users,dc=grenoble,dc=cnrs,dc=fr, with filter (|(|(uid=richard.heral)(mail=richard.heral))(mail=richard.heral@grenoble.cnrs.fr)) Fri Sep 21 15:31:25 2007 : Debug: rlm_ldap: ldap_release_conn: Release Id: 0 Fri Sep 21 15:31:25 2007 : Debug: radius_xlat: '(|(|(uid=richard.heral)(mail=richard.heral))(mail=richard.heral@grenoble.cnrs.fr))' Fri Sep 21 15:31:25 2007 : Debug: rlm_ldap: ldap_get_conn: Checking Id: 0 Fri Sep 21 15:31:25 2007 : Debug: rlm_ldap: ldap_get_conn: Got Id: 0 Fri Sep 21 15:31:25 2007 : Debug: rlm_ldap: performing search in ou=users,dc=grenoble,dc=cnrs,dc=fr, with filter (&(radiusGroupName=interneNANO)(|(|(uid=richard.heral)(mail=richard.heral))(mail=richard.heral@grenoble.cnrs.fr))) Fri Sep 21 15:31:25 2007 : Debug: rlm_ldap::ldap_groupcmp: User found in group interneNANO Fri Sep 21 15:31:25 2007 : Debug: rlm_ldap: ldap_release_conn: Release Id: 0 Fri Sep 21 15:31:25 2007 : Debug: users: Matched entry DEFAULT at line 291 Fri Sep 21 15:31:25 2007 : Debug: modsingle[authorize]: returned from files (rlm_files) for request 3 Fri Sep 21 15:31:25 2007 : Debug: modcall[authorize]: module "files" returns ok for request 3 Fri Sep 21 15:31:25 2007 : Debug: modsingle[authorize]: calling pap (rlm_pap) for request 3 Fri Sep 21 15:31:25 2007 : Debug: rlm_pap: WARNING! No "known good" password found for the user. Authentication may fail because of this. Fri Sep 21 15:31:25 2007 : Debug: modsingle[authorize]: returned from pap (rlm_pap) for request 3 Fri Sep 21 15:31:25 2007 : Debug: modcall[authorize]: module "pap" returns noop for request 3 Fri Sep 21 15:31:25 2007 : Debug: modcall: leaving group authorize (returns updated) for request 3 Fri Sep 21 15:31:25 2007 : Debug: Found Autz-Type ldap Fri Sep 21 15:31:25 2007 : Debug: Processing the authorize section of radiusd.conf Fri Sep 21 15:31:25 2007 : Debug: modcall: entering group LDAP for request 3 Fri Sep 21 15:31:25 2007 : Debug: modsingle[authorize]: calling ldap (rlm_ldap) for request 3 Fri Sep 21 15:31:25 2007 : Debug: rlm_ldap: - authorize Fri Sep 21 15:31:25 2007 : Debug: rlm_ldap: performing user authorization for richard.heral Fri Sep 21 15:31:25 2007 : Debug: radius_xlat: '(|(|(uid=richard.heral)(mail=richard.heral))(mail=richard.heral@grenoble.cnrs.fr))' Fri Sep 21 15:31:25 2007 : Debug: radius_xlat: 'ou=users,dc=grenoble,dc=cnrs,dc=fr' Fri Sep 21 15:31:25 2007 : Debug: rlm_ldap: ldap_get_conn: Checking Id: 0 Fri Sep 21 15:31:25 2007 : Debug: rlm_ldap: ldap_get_conn: Got Id: 0 Fri Sep 21 15:31:25 2007 : Debug: rlm_ldap: performing search in ou=users,dc=grenoble,dc=cnrs,dc=fr, with filter (|(|(uid=richard.heral)(mail=richard.heral))(mail=richard.heral@grenoble.cnrs.fr)) Fri Sep 21 15:31:25 2007 : Debug: rlm_ldap: No default NMAS login sequence Fri Sep 21 15:31:25 2007 : Debug: rlm_ldap: looking for check items in directory... Fri Sep 21 15:31:25 2007 : Debug: rlm_ldap: looking for reply items in directory... Fri Sep 21 15:31:25 2007 : Debug: rlm_ldap: user richard.heral authorized to use remote access Fri Sep 21 15:31:25 2007 : Debug: rlm_ldap: ldap_release_conn: Release Id: 0 Fri Sep 21 15:31:25 2007 : Debug: modsingle[authorize]: returned from ldap (rlm_ldap) for request 3 Fri Sep 21 15:31:25 2007 : Debug: modcall[authorize]: module "ldap" returns ok for request 3 Fri Sep 21 15:31:25 2007 : Debug: modcall: leaving group LDAP (returns ok) for request 3 Fri Sep 21 15:31:25 2007 : Debug: rad_check_password: Found Auth-Type EAP Fri Sep 21 15:31:25 2007 : Debug: auth: type "EAP" Fri Sep 21 15:31:25 2007 : Debug: Processing the authenticate section of radiusd.conf Fri Sep 21 15:31:25 2007 : Debug: modcall: entering group authenticate for request 3 Fri Sep 21 15:31:25 2007 : Debug: modsingle[authenticate]: calling eap (rlm_eap) for request 3 Fri Sep 21 15:31:25 2007 : Debug: rlm_eap: Request found, released from the list Fri Sep 21 15:31:25 2007 : Debug: rlm_eap: EAP/ttls Fri Sep 21 15:31:25 2007 : Debug: rlm_eap: processing type ttls Fri Sep 21 15:31:25 2007 : Debug: rlm_eap_ttls: Authenticate Fri Sep 21 15:31:25 2007 : Debug: rlm_eap_tls: processing TLS Fri Sep 21 15:31:25 2007 : Debug: rlm_eap_tls: Received EAP-TLS ACK message Fri Sep 21 15:31:25 2007 : Debug: rlm_eap_tls: ack handshake fragment handler Fri Sep 21 15:31:25 2007 : Debug: eaptls_verify returned 1 Fri Sep 21 15:31:25 2007 : Debug: eaptls_process returned 13 Fri Sep 21 15:31:25 2007 : Debug: modsingle[authenticate]: returned from eap (rlm_eap) for request 3 Fri Sep 21 15:31:25 2007 : Debug: modcall[authenticate]: module "eap" returns handled for request 3 Fri Sep 21 15:31:25 2007 : Debug: modcall: leaving group authenticate (returns handled) for request 3 Sending Access-Challenge of id 185 to 192.168.240.131 port 1812 Tunnel-Type:0 = VLAN Tunnel-Medium-Type:0 = IEEE-802 Tunnel-Private-Group-Id:0 = "64" EAP-Message = 0x0104035b158000000b512b310b3009060355040613024652310d300b060355040a1304434e5253310d300b06035504031304434e5253301e170d3031303432373035343433365a170d3231303432323035343433365a302b310b3009060355040613024652310d300b060355040a1304434e5253310d300b06035504031304434e525330820122300d06092a864886f70d01010105000382010f003082010a0282010100dd77abf1eafc78b514a1dc776256978c2fb754c24c54a6d47d22477b74a9f7e3ad7c55b214f0485d988f02bd9211b6884fc415f56f585bf789b527eaafa0fca08e88868f9f24b6904e24dc67d04f8f7e562d1b280772b11767 EAP-Message = 0xa00edb424ec37cb425a2f88c04b1a9825d8c8fd4837beeaa9fd7d2dbf65b6ec28110d69aab5d881c36ca0564684b8b9ec0509423fdb628b5af5da4dda6c5d3d8572b3ef8b5bac4d8ff12225f24690762e4344a0877ca30bbecd3ed759068a28c717227de15262c2521842a9e5718817223bd661f0fe3b7bd17da12ba1954f41c2d8f715233b1b628b67a68cb9a4d5238fa488cc14b89968fc6175bcbb90e0e815c1ac7343957bd0203010001a3819230818f300c0603551d13040530030101ff301d0603551d0e0416041456eb68b9d25c7e98b5a553c3916f6358c4f96bb730530603551d23044c304a801456eb68b9d25c7e98b5a553c3916f6358c4 EAP-Message = 0xf96bb7a12fa42d302b310b3009060355040613024652310d300b060355040a1304434e5253310d300b06035504031304434e5253820100300b0603551d0f040403020106300d06092a864886f70d0101040500038201010038d7c329bc7a77a25e164749865ed019386ade810802b9a7a002a688b80de24935cee6aaa234d2f9a384379a15e9592bb7bdcc11ae29218f8f9139fa9d77e2e839eaec2ed6ca4847224c65b1d3b66f581b342e8a109d128474a4795257005314c898de816ec50b75a75ae7d335084588f5845098f0073ec5863e2e095aa2dcb6a06b7b37ab9f03706eddf59cc00e05ecb5845b23b489211088adfb2d08e400131c55b38f77 EAP-Message = 0xbe20acdc011c797c670c5a5f4fb99489beab9a2c12b1a863c6628003fd4c7095bdc6e805dacbbe09a61fe96dd2852e43d31f1a5c76fe13766160f964d45878bf7fefe573a343da2a7f77db347972d98ee5a5ed52d0c4464c5f1baa16030100040e000000 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x37d1556b90fee07b59c78aa208bc3125 Fri Sep 21 15:31:25 2007 : Debug: Finished request 3 Fri Sep 21 15:31:25 2007 : Debug: Going to the next request Fri Sep 21 15:31:25 2007 : Debug: Waking up in 6 seconds... rad_recv: Access-Request packet from host 192.168.240.131:1812, id=186, length=346 NAS-IP-Address = 192.168.240.131 NAS-Port = 50019 NAS-Port-Type = Ethernet User-Name = "richard.heral@nano" Called-Station-Id = "00-08-A3-72-C9-13" Calling-Station-Id = "00-30-13-C5-96-6D" Service-Type = Framed-User Framed-MTU = 1500 State = 0x37d1556b90fee07b59c78aa208bc3125 EAP-Message = 0x020400c81580000000be16030100861000008200808ba15bd1497e085bcd7f7d41e96a4d40eb69785d9aae8e0809502d523c1c43338a88189bf254177b4f25740398cbffe5a20dc106f6aa75522b4a25269b2f74c43bdb489fc0c657c546fb12b3bb762ec0b6fc388a5e1b22a096900d9ccf01a9b5f8740dabb72ba284af5b0ebbd409898029427a034375efb0468e8f6549ad57b114030100010116030100287238d80882f1e2b30ef17d62e2b9570d97fec91b36b415c12068f62ca0970f8765f9f0b9b71f8a7d Message-Authenticator = 0xb163435fecf8e2fae3c59d592908218a Fri Sep 21 15:31:25 2007 : Debug: Processing the authorize section of radiusd.conf Fri Sep 21 15:31:25 2007 : Debug: modcall: entering group authorize for request 4 Fri Sep 21 15:31:25 2007 : Debug: modsingle[authorize]: calling preprocess (rlm_preprocess) for request 4 Fri Sep 21 15:31:25 2007 : Debug: modsingle[authorize]: returned from preprocess (rlm_preprocess) for request 4 Fri Sep 21 15:31:25 2007 : Debug: modcall[authorize]: module "preprocess" returns ok for request 4 Fri Sep 21 15:31:25 2007 : Debug: modsingle[authorize]: calling suffix (rlm_realm) for request 4 Fri Sep 21 15:31:25 2007 : Debug: rlm_realm: Looking up realm "nano" for User-Name = "richard.heral@nano" Fri Sep 21 15:31:25 2007 : Debug: rlm_realm: Found realm "nano" Fri Sep 21 15:31:25 2007 : Debug: rlm_realm: Adding Stripped-User-Name = "richard.heral" Fri Sep 21 15:31:25 2007 : Debug: rlm_realm: Proxying request from user richard.heral to realm nano Fri Sep 21 15:31:25 2007 : Debug: rlm_realm: Adding Realm = "nano" Fri Sep 21 15:31:25 2007 : Debug: rlm_realm: Authentication realm is LOCAL. Fri Sep 21 15:31:25 2007 : Debug: modsingle[authorize]: returned from suffix (rlm_realm) for request 4 Fri Sep 21 15:31:25 2007 : Debug: modcall[authorize]: module "suffix" returns noop for request 4 Fri Sep 21 15:31:25 2007 : Debug: modsingle[authorize]: calling eap (rlm_eap) for request 4 Fri Sep 21 15:31:25 2007 : Debug: rlm_eap: EAP packet type response id 4 length 200 Fri Sep 21 15:31:25 2007 : Debug: rlm_eap: No EAP Start, assuming it's an on-going EAP conversation Fri Sep 21 15:31:25 2007 : Debug: modsingle[authorize]: returned from eap (rlm_eap) for request 4 Fri Sep 21 15:31:25 2007 : Debug: modcall[authorize]: module "eap" returns updated for request 4 Fri Sep 21 15:31:25 2007 : Debug: modsingle[authorize]: calling files (rlm_files) for request 4 Fri Sep 21 15:31:25 2007 : Debug: rlm_ldap: Entering ldap_groupcmp() Fri Sep 21 15:31:25 2007 : Debug: radius_xlat: 'ou=users,dc=grenoble,dc=cnrs,dc=fr' Fri Sep 21 15:31:25 2007 : Debug: radius_xlat: '(|(|(uid=richard.heral)(mail=richard.heral))(mail=richard.heral@grenoble.cnrs.fr))' Fri Sep 21 15:31:25 2007 : Debug: rlm_ldap: ldap_get_conn: Checking Id: 0 Fri Sep 21 15:31:25 2007 : Debug: rlm_ldap: ldap_get_conn: Got Id: 0 Fri Sep 21 15:31:25 2007 : Debug: rlm_ldap: performing search in ou=users,dc=grenoble,dc=cnrs,dc=fr, with filter (|(|(uid=richard.heral)(mail=richard.heral))(mail=richard.heral@grenoble.cnrs.fr)) Fri Sep 21 15:31:25 2007 : Debug: rlm_ldap: ldap_release_conn: Release Id: 0 Fri Sep 21 15:31:25 2007 : Debug: radius_xlat: '(|(|(uid=richard.heral)(mail=richard.heral))(mail=richard.heral@grenoble.cnrs.fr))' Fri Sep 21 15:31:25 2007 : Debug: rlm_ldap: ldap_get_conn: Checking Id: 0 Fri Sep 21 15:31:25 2007 : Debug: rlm_ldap: ldap_get_conn: Got Id: 0 Fri Sep 21 15:31:25 2007 : Debug: rlm_ldap: performing search in ou=users,dc=grenoble,dc=cnrs,dc=fr, with filter (&(radiusGroupName=interneNANO)(|(|(uid=richard.heral)(mail=richard.heral))(mail=richard.heral@grenoble.cnrs.fr))) Fri Sep 21 15:31:25 2007 : Debug: rlm_ldap::ldap_groupcmp: User found in group interneNANO Fri Sep 21 15:31:25 2007 : Debug: rlm_ldap: ldap_release_conn: Release Id: 0 Fri Sep 21 15:31:25 2007 : Debug: users: Matched entry DEFAULT at line 291 Fri Sep 21 15:31:25 2007 : Debug: modsingle[authorize]: returned from files (rlm_files) for request 4 Fri Sep 21 15:31:25 2007 : Debug: modcall[authorize]: module "files" returns ok for request 4 Fri Sep 21 15:31:25 2007 : Debug: modsingle[authorize]: calling pap (rlm_pap) for request 4 Fri Sep 21 15:31:25 2007 : Debug: rlm_pap: WARNING! No "known good" password found for the user. Authentication may fail because of this. Fri Sep 21 15:31:25 2007 : Debug: modsingle[authorize]: returned from pap (rlm_pap) for request 4 Fri Sep 21 15:31:25 2007 : Debug: modcall[authorize]: module "pap" returns noop for request 4 Fri Sep 21 15:31:25 2007 : Debug: modcall: leaving group authorize (returns updated) for request 4 Fri Sep 21 15:31:25 2007 : Debug: Found Autz-Type ldap Fri Sep 21 15:31:25 2007 : Debug: Processing the authorize section of radiusd.conf Fri Sep 21 15:31:25 2007 : Debug: modcall: entering group LDAP for request 4 Fri Sep 21 15:31:25 2007 : Debug: modsingle[authorize]: calling ldap (rlm_ldap) for request 4 Fri Sep 21 15:31:25 2007 : Debug: rlm_ldap: - authorize Fri Sep 21 15:31:25 2007 : Debug: rlm_ldap: performing user authorization for richard.heral Fri Sep 21 15:31:25 2007 : Debug: radius_xlat: '(|(|(uid=richard.heral)(mail=richard.heral))(mail=richard.heral@grenoble.cnrs.fr))' Fri Sep 21 15:31:25 2007 : Debug: radius_xlat: 'ou=users,dc=grenoble,dc=cnrs,dc=fr' Fri Sep 21 15:31:25 2007 : Debug: rlm_ldap: ldap_get_conn: Checking Id: 0 Fri Sep 21 15:31:25 2007 : Debug: rlm_ldap: ldap_get_conn: Got Id: 0 Fri Sep 21 15:31:25 2007 : Debug: rlm_ldap: performing search in ou=users,dc=grenoble,dc=cnrs,dc=fr, with filter (|(|(uid=richard.heral)(mail=richard.heral))(mail=richard.heral@grenoble.cnrs.fr)) Fri Sep 21 15:31:25 2007 : Debug: rlm_ldap: No default NMAS login sequence Fri Sep 21 15:31:25 2007 : Debug: rlm_ldap: looking for check items in directory... Fri Sep 21 15:31:25 2007 : Debug: rlm_ldap: looking for reply items in directory... Fri Sep 21 15:31:25 2007 : Debug: rlm_ldap: user richard.heral authorized to use remote access Fri Sep 21 15:31:25 2007 : Debug: rlm_ldap: ldap_release_conn: Release Id: 0 Fri Sep 21 15:31:25 2007 : Debug: modsingle[authorize]: returned from ldap (rlm_ldap) for request 4 Fri Sep 21 15:31:25 2007 : Debug: modcall[authorize]: module "ldap" returns ok for request 4 Fri Sep 21 15:31:25 2007 : Debug: modcall: leaving group LDAP (returns ok) for request 4 Fri Sep 21 15:31:25 2007 : Debug: rad_check_password: Found Auth-Type EAP Fri Sep 21 15:31:25 2007 : Debug: auth: type "EAP" Fri Sep 21 15:31:25 2007 : Debug: Processing the authenticate section of radiusd.conf Fri Sep 21 15:31:25 2007 : Debug: modcall: entering group authenticate for request 4 Fri Sep 21 15:31:25 2007 : Debug: modsingle[authenticate]: calling eap (rlm_eap) for request 4 Fri Sep 21 15:31:25 2007 : Debug: rlm_eap: Request found, released from the list Fri Sep 21 15:31:25 2007 : Debug: rlm_eap: EAP/ttls Fri Sep 21 15:31:25 2007 : Debug: rlm_eap: processing type ttls Fri Sep 21 15:31:25 2007 : Debug: rlm_eap_ttls: Authenticate Fri Sep 21 15:31:25 2007 : Debug: rlm_eap_tls: processing TLS Fri Sep 21 15:31:25 2007 : Debug: rlm_eap_tls: Length Included Fri Sep 21 15:31:25 2007 : Debug: eaptls_verify returned 11 Fri Sep 21 15:31:25 2007 : Debug: rlm_eap_tls: <<< TLS 1.0 Handshake [length 0086], ClientKeyExchange Fri Sep 21 15:31:25 2007 : Debug: TLS_accept: SSLv3 read client key exchange A Fri Sep 21 15:31:25 2007 : Debug: rlm_eap_tls: <<< TLS 1.0 ChangeCipherSpec [length 0001] Fri Sep 21 15:31:25 2007 : Debug: rlm_eap_tls: <<< TLS 1.0 Handshake [length 0010], Finished Fri Sep 21 15:31:25 2007 : Debug: TLS_accept: SSLv3 read finished A Fri Sep 21 15:31:25 2007 : Debug: rlm_eap_tls: >>> TLS 1.0 ChangeCipherSpec [length 0001] Fri Sep 21 15:31:25 2007 : Debug: TLS_accept: SSLv3 write change cipher spec A Fri Sep 21 15:31:25 2007 : Debug: rlm_eap_tls: >>> TLS 1.0 Handshake [length 0010], Finished Fri Sep 21 15:31:25 2007 : Debug: TLS_accept: SSLv3 write finished A Fri Sep 21 15:31:25 2007 : Debug: TLS_accept: SSLv3 flush data Fri Sep 21 15:31:25 2007 : Debug: (other): SSL negotiation finished successfully Fri Sep 21 15:31:25 2007 : Debug: SSL Connection Established Fri Sep 21 15:31:25 2007 : Debug: eaptls_process returned 13 Fri Sep 21 15:31:25 2007 : Debug: modsingle[authenticate]: returned from eap (rlm_eap) for request 4 Fri Sep 21 15:31:25 2007 : Debug: modcall[authenticate]: module "eap" returns handled for request 4 Fri Sep 21 15:31:25 2007 : Debug: modcall: leaving group authenticate (returns handled) for request 4 Sending Access-Challenge of id 186 to 192.168.240.131 port 1812 Tunnel-Type:0 = VLAN Tunnel-Medium-Type:0 = IEEE-802 Tunnel-Private-Group-Id:0 = "64" EAP-Message = 0x0105003d15800000003314030100010116030100284c31960c2915614a6bfbba73104d8025609f6156997edc34829a8c9cb8ee176cf01243ac4607a343 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x9f51f6418c2e751f0d85843bc71cde55 Fri Sep 21 15:31:25 2007 : Debug: Finished request 4 Fri Sep 21 15:31:25 2007 : Debug: Going to the next request Fri Sep 21 15:31:25 2007 : Debug: Waking up in 6 seconds... rad_recv: Access-Request packet from host 192.168.240.131:1812, id=187, length=233 NAS-IP-Address = 192.168.240.131 NAS-Port = 50019 NAS-Port-Type = Ethernet User-Name = "richard.heral@nano" Called-Station-Id = "00-08-A3-72-C9-13" Calling-Station-Id = "00-30-13-C5-96-6D" Service-Type = Framed-User Framed-MTU = 1500 State = 0x9f51f6418c2e751f0d85843bc71cde55 EAP-Message = 0x0205005715800000004d17030100482557e8eba7f3190462fe07c9a37a75eb80ae5119d809f535155b28864b6ab6733692023eb97a37a16c5b0c7b296bf74cee2f6e65916ab5befb3d9f85a028e508a4b6eb801d0e8b73 Message-Authenticator = 0xbf0f5539809545984d6b550a599bac16 Fri Sep 21 15:31:25 2007 : Debug: Processing the authorize section of radiusd.conf Fri Sep 21 15:31:25 2007 : Debug: modcall: entering group authorize for request 5 Fri Sep 21 15:31:25 2007 : Debug: modsingle[authorize]: calling preprocess (rlm_preprocess) for request 5 Fri Sep 21 15:31:25 2007 : Debug: modsingle[authorize]: returned from preprocess (rlm_preprocess) for request 5 Fri Sep 21 15:31:25 2007 : Debug: modcall[authorize]: module "preprocess" returns ok for request 5 Fri Sep 21 15:31:25 2007 : Debug: modsingle[authorize]: calling suffix (rlm_realm) for request 5 Fri Sep 21 15:31:25 2007 : Debug: rlm_realm: Looking up realm "nano" for User-Name = "richard.heral@nano" Fri Sep 21 15:31:25 2007 : Debug: rlm_realm: Found realm "nano" Fri Sep 21 15:31:25 2007 : Debug: rlm_realm: Adding Stripped-User-Name = "richard.heral" Fri Sep 21 15:31:25 2007 : Debug: rlm_realm: Proxying request from user richard.heral to realm nano Fri Sep 21 15:31:25 2007 : Debug: rlm_realm: Adding Realm = "nano" Fri Sep 21 15:31:25 2007 : Debug: rlm_realm: Authentication realm is LOCAL. Fri Sep 21 15:31:25 2007 : Debug: modsingle[authorize]: returned from suffix (rlm_realm) for request 5 Fri Sep 21 15:31:25 2007 : Debug: modcall[authorize]: module "suffix" returns noop for request 5 Fri Sep 21 15:31:25 2007 : Debug: modsingle[authorize]: calling eap (rlm_eap) for request 5 Fri Sep 21 15:31:25 2007 : Debug: rlm_eap: EAP packet type response id 5 length 87 Fri Sep 21 15:31:25 2007 : Debug: rlm_eap: No EAP Start, assuming it's an on-going EAP conversation Fri Sep 21 15:31:25 2007 : Debug: modsingle[authorize]: returned from eap (rlm_eap) for request 5 Fri Sep 21 15:31:25 2007 : Debug: modcall[authorize]: module "eap" returns updated for request 5 Fri Sep 21 15:31:25 2007 : Debug: modsingle[authorize]: calling files (rlm_files) for request 5 Fri Sep 21 15:31:25 2007 : Debug: rlm_ldap: Entering ldap_groupcmp() Fri Sep 21 15:31:25 2007 : Debug: radius_xlat: 'ou=users,dc=grenoble,dc=cnrs,dc=fr' Fri Sep 21 15:31:25 2007 : Debug: radius_xlat: '(|(|(uid=richard.heral)(mail=richard.heral))(mail=richard.heral@grenoble.cnrs.fr))' Fri Sep 21 15:31:25 2007 : Debug: rlm_ldap: ldap_get_conn: Checking Id: 0 Fri Sep 21 15:31:25 2007 : Debug: rlm_ldap: ldap_get_conn: Got Id: 0 Fri Sep 21 15:31:25 2007 : Debug: rlm_ldap: performing search in ou=users,dc=grenoble,dc=cnrs,dc=fr, with filter (|(|(uid=richard.heral)(mail=richard.heral))(mail=richard.heral@grenoble.cnrs.fr)) Fri Sep 21 15:31:25 2007 : Debug: rlm_ldap: ldap_release_conn: Release Id: 0 Fri Sep 21 15:31:25 2007 : Debug: radius_xlat: '(|(|(uid=richard.heral)(mail=richard.heral))(mail=richard.heral@grenoble.cnrs.fr))' Fri Sep 21 15:31:25 2007 : Debug: rlm_ldap: ldap_get_conn: Checking Id: 0 Fri Sep 21 15:31:25 2007 : Debug: rlm_ldap: ldap_get_conn: Got Id: 0 Fri Sep 21 15:31:25 2007 : Debug: rlm_ldap: performing search in ou=users,dc=grenoble,dc=cnrs,dc=fr, with filter (&(radiusGroupName=interneNANO)(|(|(uid=richard.heral)(mail=richard.heral))(mail=richard.heral@grenoble.cnrs.fr))) Fri Sep 21 15:31:25 2007 : Debug: rlm_ldap::ldap_groupcmp: User found in group interneNANO Fri Sep 21 15:31:25 2007 : Debug: rlm_ldap: ldap_release_conn: Release Id: 0 Fri Sep 21 15:31:25 2007 : Debug: users: Matched entry DEFAULT at line 291 Fri Sep 21 15:31:25 2007 : Debug: modsingle[authorize]: returned from files (rlm_files) for request 5 Fri Sep 21 15:31:25 2007 : Debug: modcall[authorize]: module "files" returns ok for request 5 Fri Sep 21 15:31:25 2007 : Debug: modsingle[authorize]: calling pap (rlm_pap) for request 5 Fri Sep 21 15:31:25 2007 : Debug: rlm_pap: WARNING! No "known good" password found for the user. Authentication may fail because of this. Fri Sep 21 15:31:25 2007 : Debug: modsingle[authorize]: returned from pap (rlm_pap) for request 5 Fri Sep 21 15:31:25 2007 : Debug: modcall[authorize]: module "pap" returns noop for request 5 Fri Sep 21 15:31:25 2007 : Debug: modcall: leaving group authorize (returns updated) for request 5 Fri Sep 21 15:31:25 2007 : Debug: Found Autz-Type ldap Fri Sep 21 15:31:25 2007 : Debug: Processing the authorize section of radiusd.conf Fri Sep 21 15:31:25 2007 : Debug: modcall: entering group LDAP for request 5 Fri Sep 21 15:31:25 2007 : Debug: modsingle[authorize]: calling ldap (rlm_ldap) for request 5 Fri Sep 21 15:31:25 2007 : Debug: rlm_ldap: - authorize Fri Sep 21 15:31:25 2007 : Debug: rlm_ldap: performing user authorization for richard.heral Fri Sep 21 15:31:25 2007 : Debug: radius_xlat: '(|(|(uid=richard.heral)(mail=richard.heral))(mail=richard.heral@grenoble.cnrs.fr))' Fri Sep 21 15:31:25 2007 : Debug: radius_xlat: 'ou=users,dc=grenoble,dc=cnrs,dc=fr' Fri Sep 21 15:31:25 2007 : Debug: rlm_ldap: ldap_get_conn: Checking Id: 0 Fri Sep 21 15:31:25 2007 : Debug: rlm_ldap: ldap_get_conn: Got Id: 0 Fri Sep 21 15:31:25 2007 : Debug: rlm_ldap: performing search in ou=users,dc=grenoble,dc=cnrs,dc=fr, with filter (|(|(uid=richard.heral)(mail=richard.heral))(mail=richard.heral@grenoble.cnrs.fr)) Fri Sep 21 15:31:25 2007 : Debug: rlm_ldap: No default NMAS login sequence Fri Sep 21 15:31:25 2007 : Debug: rlm_ldap: looking for check items in directory... Fri Sep 21 15:31:25 2007 : Debug: rlm_ldap: looking for reply items in directory... Fri Sep 21 15:31:25 2007 : Debug: rlm_ldap: user richard.heral authorized to use remote access Fri Sep 21 15:31:25 2007 : Debug: rlm_ldap: ldap_release_conn: Release Id: 0 Fri Sep 21 15:31:25 2007 : Debug: modsingle[authorize]: returned from ldap (rlm_ldap) for request 5 Fri Sep 21 15:31:25 2007 : Debug: modcall[authorize]: module "ldap" returns ok for request 5 Fri Sep 21 15:31:25 2007 : Debug: modcall: leaving group LDAP (returns ok) for request 5 Fri Sep 21 15:31:25 2007 : Debug: rad_check_password: Found Auth-Type EAP Fri Sep 21 15:31:25 2007 : Debug: auth: type "EAP" Fri Sep 21 15:31:25 2007 : Debug: Processing the authenticate section of radiusd.conf Fri Sep 21 15:31:25 2007 : Debug: modcall: entering group authenticate for request 5 Fri Sep 21 15:31:25 2007 : Debug: modsingle[authenticate]: calling eap (rlm_eap) for request 5 Fri Sep 21 15:31:25 2007 : Debug: rlm_eap: Request found, released from the list Fri Sep 21 15:31:25 2007 : Debug: rlm_eap: EAP/ttls Fri Sep 21 15:31:25 2007 : Debug: rlm_eap: processing type ttls Fri Sep 21 15:31:25 2007 : Debug: rlm_eap_ttls: Authenticate Fri Sep 21 15:31:25 2007 : Debug: rlm_eap_tls: processing TLS Fri Sep 21 15:31:25 2007 : Debug: rlm_eap_tls: Length Included Fri Sep 21 15:31:25 2007 : Debug: eaptls_verify returned 11 Fri Sep 21 15:31:25 2007 : Debug: eaptls_process returned 7 Fri Sep 21 15:31:25 2007 : Debug: rlm_eap_ttls: Session established. Proceeding to decode tunneled attributes. TTLS tunnel data in 0000: 00 00 00 01 40 00 00 1a 72 69 63 68 61 72 64 2e TTLS tunnel data in 0010: 68 65 72 61 6c 40 6e 61 6e 6f 00 00 00 00 00 02 TTLS tunnel data in 0020: 40 00 00 10 6c 61 76 63 68 64 6e 37 TTLS: Got tunneled request User-Name = "richard.heral@nano" User-Password = "XXXXXXX" FreeRADIUS-Proxied-To = 127.0.0.1 TTLS: Sending tunneled request User-Name = "richard.heral@nano" User-Password = "XXXXXXX" FreeRADIUS-Proxied-To = 127.0.0.1 NAS-IP-Address = 192.168.240.131 NAS-Port = 50019 NAS-Port-Type = Ethernet Called-Station-Id = "00-08-A3-72-C9-13" Calling-Station-Id = "00-30-13-C5-96-6D" Service-Type = Framed-User Framed-MTU = 1500 Fri Sep 21 15:31:25 2007 : Debug: Processing the authorize section of radiusd.conf Fri Sep 21 15:31:25 2007 : Debug: modcall: entering group authorize for request 5 Fri Sep 21 15:31:25 2007 : Debug: modsingle[authorize]: calling preprocess (rlm_preprocess) for request 5 Fri Sep 21 15:31:25 2007 : Debug: modsingle[authorize]: returned from preprocess (rlm_preprocess) for request 5 Fri Sep 21 15:31:25 2007 : Debug: modcall[authorize]: module "preprocess" returns ok for request 5 Fri Sep 21 15:31:25 2007 : Debug: modsingle[authorize]: calling suffix (rlm_realm) for request 5 Fri Sep 21 15:31:25 2007 : Debug: rlm_realm: Looking up realm "nano" for User-Name = "richard.heral@nano" Fri Sep 21 15:31:25 2007 : Debug: rlm_realm: Found realm "nano" Fri Sep 21 15:31:25 2007 : Debug: rlm_realm: Adding Stripped-User-Name = "richard.heral" Fri Sep 21 15:31:25 2007 : Debug: rlm_realm: Proxying request from user richard.heral to realm nano Fri Sep 21 15:31:25 2007 : Debug: rlm_realm: Adding Realm = "nano" Fri Sep 21 15:31:25 2007 : Debug: rlm_realm: Authentication realm is LOCAL. Fri Sep 21 15:31:25 2007 : Debug: modsingle[authorize]: returned from suffix (rlm_realm) for request 5 Fri Sep 21 15:31:25 2007 : Debug: modcall[authorize]: module "suffix" returns noop for request 5 Fri Sep 21 15:31:25 2007 : Debug: modsingle[authorize]: calling eap (rlm_eap) for request 5 Fri Sep 21 15:31:25 2007 : Debug: rlm_eap: No EAP-Message, not doing EAP Fri Sep 21 15:31:25 2007 : Debug: modsingle[authorize]: returned from eap (rlm_eap) for request 5 Fri Sep 21 15:31:25 2007 : Debug: modcall[authorize]: module "eap" returns noop for request 5 Fri Sep 21 15:31:25 2007 : Debug: modsingle[authorize]: calling files (rlm_files) for request 5 Fri Sep 21 15:31:25 2007 : Debug: rlm_ldap: Entering ldap_groupcmp() Fri Sep 21 15:31:25 2007 : Debug: radius_xlat: 'ou=users,dc=grenoble,dc=cnrs,dc=fr' Fri Sep 21 15:31:25 2007 : Debug: radius_xlat: '(|(|(uid=richard.heral)(mail=richard.heral))(mail=richard.heral@grenoble.cnrs.fr))' Fri Sep 21 15:31:25 2007 : Debug: rlm_ldap: ldap_get_conn: Checking Id: 0 Fri Sep 21 15:31:25 2007 : Debug: rlm_ldap: ldap_get_conn: Got Id: 0 Fri Sep 21 15:31:25 2007 : Debug: rlm_ldap: performing search in ou=users,dc=grenoble,dc=cnrs,dc=fr, with filter (|(|(uid=richard.heral)(mail=richard.heral))(mail=richard.heral@grenoble.cnrs.fr)) Fri Sep 21 15:31:25 2007 : Debug: rlm_ldap: ldap_release_conn: Release Id: 0 Fri Sep 21 15:31:25 2007 : Debug: radius_xlat: '(|(|(uid=richard.heral)(mail=richard.heral))(mail=richard.heral@grenoble.cnrs.fr))' Fri Sep 21 15:31:25 2007 : Debug: rlm_ldap: ldap_get_conn: Checking Id: 0 Fri Sep 21 15:31:25 2007 : Debug: rlm_ldap: ldap_get_conn: Got Id: 0 Fri Sep 21 15:31:25 2007 : Debug: rlm_ldap: performing search in ou=users,dc=grenoble,dc=cnrs,dc=fr, with filter (&(radiusGroupName=interneNANO)(|(|(uid=richard.heral)(mail=richard.heral))(mail=richard.heral@grenoble.cnrs.fr))) Fri Sep 21 15:31:25 2007 : Debug: rlm_ldap::ldap_groupcmp: User found in group interneNANO Fri Sep 21 15:31:25 2007 : Debug: rlm_ldap: ldap_release_conn: Release Id: 0 Fri Sep 21 15:31:25 2007 : Debug: users: Matched entry DEFAULT at line 291 Fri Sep 21 15:31:25 2007 : Debug: modsingle[authorize]: returned from files (rlm_files) for request 5 Fri Sep 21 15:31:25 2007 : Debug: modcall[authorize]: module "files" returns ok for request 5 Fri Sep 21 15:31:25 2007 : Debug: modsingle[authorize]: calling pap (rlm_pap) for request 5 Fri Sep 21 15:31:25 2007 : Debug: rlm_pap: WARNING! No "known good" password found for the user. Authentication may fail because of this. Fri Sep 21 15:31:25 2007 : Debug: modsingle[authorize]: returned from pap (rlm_pap) for request 5 Fri Sep 21 15:31:25 2007 : Debug: modcall[authorize]: module "pap" returns noop for request 5 Fri Sep 21 15:31:25 2007 : Debug: modcall: leaving group authorize (returns ok) for request 5 Fri Sep 21 15:31:25 2007 : Debug: Found Autz-Type ldap Fri Sep 21 15:31:25 2007 : Debug: Processing the authorize section of radiusd.conf Fri Sep 21 15:31:25 2007 : Debug: modcall: entering group LDAP for request 5 Fri Sep 21 15:31:25 2007 : Debug: modsingle[authorize]: calling ldap (rlm_ldap) for request 5 Fri Sep 21 15:31:25 2007 : Debug: rlm_ldap: - authorize Fri Sep 21 15:31:25 2007 : Debug: rlm_ldap: performing user authorization for richard.heral Fri Sep 21 15:31:25 2007 : Debug: radius_xlat: '(|(|(uid=richard.heral)(mail=richard.heral))(mail=richard.heral@grenoble.cnrs.fr))' Fri Sep 21 15:31:25 2007 : Debug: radius_xlat: 'ou=users,dc=grenoble,dc=cnrs,dc=fr' Fri Sep 21 15:31:25 2007 : Debug: rlm_ldap: ldap_get_conn: Checking Id: 0 Fri Sep 21 15:31:25 2007 : Debug: rlm_ldap: ldap_get_conn: Got Id: 0 Fri Sep 21 15:31:25 2007 : Debug: rlm_ldap: performing search in ou=users,dc=grenoble,dc=cnrs,dc=fr, with filter (|(|(uid=richard.heral)(mail=richard.heral))(mail=richard.heral@grenoble.cnrs.fr)) Fri Sep 21 15:31:25 2007 : Debug: rlm_ldap: No default NMAS login sequence Fri Sep 21 15:31:25 2007 : Debug: rlm_ldap: looking for check items in directory... Fri Sep 21 15:31:25 2007 : Debug: rlm_ldap: looking for reply items in directory... Fri Sep 21 15:31:25 2007 : Debug: rlm_ldap: Setting Auth-Type = ldap Fri Sep 21 15:31:25 2007 : Debug: rlm_ldap: user richard.heral authorized to use remote access Fri Sep 21 15:31:25 2007 : Debug: rlm_ldap: ldap_release_conn: Release Id: 0 Fri Sep 21 15:31:25 2007 : Debug: modsingle[authorize]: returned from ldap (rlm_ldap) for request 5 Fri Sep 21 15:31:25 2007 : Debug: modcall[authorize]: module "ldap" returns ok for request 5 Fri Sep 21 15:31:25 2007 : Debug: modcall: leaving group LDAP (returns ok) for request 5 Fri Sep 21 15:31:25 2007 : Debug: rad_check_password: Found Auth-Type ldap Fri Sep 21 15:31:25 2007 : Debug: auth: type "LDAP" Fri Sep 21 15:31:25 2007 : Debug: Processing the authenticate section of radiusd.conf Fri Sep 21 15:31:25 2007 : Debug: modcall: entering group LDAP for request 5 Fri Sep 21 15:31:25 2007 : Debug: modsingle[authenticate]: calling ldap (rlm_ldap) for request 5 Fri Sep 21 15:31:25 2007 : Debug: rlm_ldap: - authenticate Fri Sep 21 15:31:25 2007 : Debug: rlm_ldap: login attempt by "richard.heral" with password "XXXXXXX" Fri Sep 21 15:31:25 2007 : Debug: rlm_ldap: user DN: uid=richard.heral,ou=invites,ou=users,dc=grenoble,dc=cnrs,dc=fr Fri Sep 21 15:31:25 2007 : Debug: rlm_ldap: (re)connect to ldaps://ldap.grenoble.cnrs.fr, authentication 1 Fri Sep 21 15:31:25 2007 : Debug: rlm_ldap: bind as uid=richard.heral,ou=invites,ou=users,dc=grenoble,dc=cnrs,dc=fr/XXXXXXX to ldaps://ldap.grenoble.cnrs.fr Fri Sep 21 15:31:25 2007 : Debug: rlm_ldap: waiting for bind result ... Fri Sep 21 15:31:25 2007 : Debug: rlm_ldap: Bind was successful Fri Sep 21 15:31:25 2007 : Debug: rlm_ldap: user richard.heral authenticated succesfully Fri Sep 21 15:31:25 2007 : Debug: modsingle[authenticate]: returned from ldap (rlm_ldap) for request 5 Fri Sep 21 15:31:25 2007 : Debug: modcall[authenticate]: module "ldap" returns ok for request 5 Fri Sep 21 15:31:25 2007 : Debug: modcall: leaving group LDAP (returns ok) for request 5 Fri Sep 21 15:31:25 2007 : Auth: Login OK: [richard.heral@nano] (from client localhost port 50019 cli 00-30-13-C5-96-6D) TTLS: Got tunneled reply RADIUS code 2 Tunnel-Type:0 = VLAN Tunnel-Medium-Type:0 = IEEE-802 Tunnel-Private-Group-Id:0 = "64" Fri Sep 21 15:31:25 2007 : Debug: TTLS: Got tunneled Access-Accept Fri Sep 21 15:31:25 2007 : Debug: rlm_eap: Freeing handler Fri Sep 21 15:31:25 2007 : Debug: modsingle[authenticate]: returned from eap (rlm_eap) for request 5 Fri Sep 21 15:31:25 2007 : Debug: modcall[authenticate]: module "eap" returns ok for request 5 Fri Sep 21 15:31:25 2007 : Debug: modcall: leaving group authenticate (returns ok) for request 5 Fri Sep 21 15:31:25 2007 : Auth: Login OK: [richard.heral@nano] (from client switch port 50019 cli 00-30-13-C5-96-6D) Sending Access-Accept of id 187 to 192.168.240.131 port 1812 Tunnel-Type:0 = VLAN Tunnel-Medium-Type:0 = IEEE-802 Tunnel-Private-Group-Id:0 = "64" Tunnel-Type:0 = VLAN Tunnel-Medium-Type:0 = IEEE-802 Tunnel-Private-Group-Id:0 = "64" MS-MPPE-Recv-Key = 0x243f35a615de521694feb044f48cd608c64c059e7db74af2538e7289392a834c MS-MPPE-Send-Key = 0xaf1f7dcb2cb65f12c80fcdb79f41963fec8a71c0b61b6b5f546730b5ac7b481e EAP-Message = 0x03050004 Message-Authenticator = 0x00000000000000000000000000000000 User-Name = "richard.heral" Fri Sep 21 15:31:25 2007 : Debug: Finished request 5 Fri Sep 21 15:31:25 2007 : Debug: Going to the next request Fri Sep 21 15:31:25 2007 : Debug: Waking up in 6 seconds... rad_recv: Accounting-Request packet from host 192.168.240.131:1813, id=187, length=177 NAS-IP-Address = 192.168.240.131 NAS-Port = 50019 NAS-Port-Type = Ethernet User-Name = "richard.heral@nano" Called-Station-Id = "00-08-A3-72-C9-13" Calling-Station-Id = "00-30-13-C5-96-6D" Acct-Status-Type = Start Acct-Authentic = RADIUS Acct-Session-Id = "192.168.240.131 richard.heral@nano 09/21/07 13:31:25 00000032" Acct-Delay-Time = 0 Fri Sep 21 15:31:25 2007 : Debug: Processing the preacct section of radiusd.conf Fri Sep 21 15:31:25 2007 : Debug: modcall: entering group preacct for request 6 Fri Sep 21 15:31:25 2007 : Debug: modsingle[preacct]: calling preprocess (rlm_preprocess) for request 6 Fri Sep 21 15:31:25 2007 : Debug: modsingle[preacct]: returned from preprocess (rlm_preprocess) for request 6 Fri Sep 21 15:31:25 2007 : Debug: modcall[preacct]: module "preprocess" returns noop for request 6 Fri Sep 21 15:31:25 2007 : Debug: modsingle[preacct]: calling acct_unique (rlm_acct_unique) for request 6 Fri Sep 21 15:31:25 2007 : Debug: rlm_acct_unique: Hashing 'NAS-Port = 50019,Client-IP-Address = 192.168.240.131,NAS-IP-Address = 192.168.240.131,Acct-Session-Id = "192.168.240.131 richard.heral@nano 09/21/07 13:31:25 00000032",User-Name = "richard.heral@nano"' Fri Sep 21 15:31:25 2007 : Debug: rlm_acct_unique: Acct-Unique-Session-ID = "001b583f347825ec". Fri Sep 21 15:31:25 2007 : Debug: modsingle[preacct]: returned from acct_unique (rlm_acct_unique) for request 6 Fri Sep 21 15:31:25 2007 : Debug: modcall[preacct]: module "acct_unique" returns ok for request 6 Fri Sep 21 15:31:25 2007 : Debug: modsingle[preacct]: calling suffix (rlm_realm) for request 6 Fri Sep 21 15:31:25 2007 : Debug: rlm_realm: Looking up realm "nano" for User-Name = "richard.heral@nano" Fri Sep 21 15:31:25 2007 : Debug: rlm_realm: Found realm "nano" Fri Sep 21 15:31:25 2007 : Debug: rlm_realm: Adding Stripped-User-Name = "richard.heral" Fri Sep 21 15:31:25 2007 : Debug: rlm_realm: Proxying request from user richard.heral to realm nano Fri Sep 21 15:31:25 2007 : Debug: rlm_realm: Adding Realm = "nano" Fri Sep 21 15:31:25 2007 : Debug: rlm_realm: Accounting realm is LOCAL. Fri Sep 21 15:31:25 2007 : Debug: modsingle[preacct]: returned from suffix (rlm_realm) for request 6 Fri Sep 21 15:31:25 2007 : Debug: modcall[preacct]: module "suffix" returns noop for request 6 Fri Sep 21 15:31:25 2007 : Debug: modsingle[preacct]: calling files (rlm_files) for request 6 Fri Sep 21 15:31:25 2007 : Debug: modsingle[preacct]: returned from files (rlm_files) for request 6 Fri Sep 21 15:31:25 2007 : Debug: modcall[preacct]: module "files" returns noop for request 6 Fri Sep 21 15:31:25 2007 : Debug: modcall: leaving group preacct (returns ok) for request 6 Fri Sep 21 15:31:25 2007 : Debug: Processing the accounting section of radiusd.conf Fri Sep 21 15:31:25 2007 : Debug: modcall: entering group accounting for request 6 Fri Sep 21 15:31:25 2007 : Debug: modsingle[accounting]: calling detail (rlm_detail) for request 6 Fri Sep 21 15:31:25 2007 : Debug: radius_xlat: '/var/log/freeradius/radacct/192.168.240.131/detail-20070921' Fri Sep 21 15:31:25 2007 : Debug: rlm_detail: /var/log/freeradius/radacct/%{Client-IP-Address}/detail-%Y%m%d expands to /var/log/freeradius/radacct/192.168.240.131/detail-20070921 Fri Sep 21 15:31:25 2007 : Debug: modsingle[accounting]: returned from detail (rlm_detail) for request 6 Fri Sep 21 15:31:25 2007 : Debug: modcall[accounting]: module "detail" returns ok for request 6 Fri Sep 21 15:31:25 2007 : Debug: modsingle[accounting]: calling unix (rlm_unix) for request 6 Fri Sep 21 15:31:25 2007 : Debug: modsingle[accounting]: returned from unix (rlm_unix) for request 6 Fri Sep 21 15:31:25 2007 : Debug: modcall[accounting]: module "unix" returns ok for request 6 Fri Sep 21 15:31:25 2007 : Debug: modsingle[accounting]: calling radutmp (rlm_radutmp) for request 6 Fri Sep 21 15:31:25 2007 : Debug: radius_xlat: '/var/log/freeradius/radutmp' Fri Sep 21 15:31:25 2007 : Debug: radius_xlat: 'richard.heral@nano' Fri Sep 21 15:31:25 2007 : Debug: modsingle[accounting]: returned from radutmp (rlm_radutmp) for request 6 Fri Sep 21 15:31:25 2007 : Debug: modcall[accounting]: module "radutmp" returns ok for request 6 Fri Sep 21 15:31:25 2007 : Debug: modsingle[accounting]: calling sql (rlm_sql) for request 6 Fri Sep 21 15:31:25 2007 : Debug: radius_xlat: 'richard.heral@nano' Fri Sep 21 15:31:25 2007 : Debug: rlm_sql (sql): sql_set_user escaped user --> 'richard.heral@nano' Fri Sep 21 15:31:25 2007 : Debug: radius_xlat: 'INSERT into radacct (AcctSessionId, AcctUniqueId, UserName, Realm, NASIPAddress, NASPortId, NASPortType, AcctStartTime, AcctStopTime, AcctSessionTime, AcctAuthentic, ConnectInfo_start, ConnectInfo_stop, AcctInputOctets, AcctOutputOctets, CalledStationId, CallingStationId, AcctTerminateCause, ServiceType, FramedProtocol, FramedIPAddress, AcctStartDelay, AcctStopDelay) values('192.168.240.131 richard.heral@nano 09/21/07 13:31:25 00000032', '001b583f347825ec', 'richard.heral@nano', 'nano', '192.168.240.131', '50019', 'Ethernet', '2007-09-21 15:31:25', '0', '0', 'RADIUS', '', '', '0', '0', '00-08-A3-72-C9-13', '00-30-13-C5-96-6D', '', '', '', '', '0', '0')' Fri Sep 21 15:31:25 2007 : Debug: radius_xlat: '/var/log/freeradius/sqltrace.sql' Fri Sep 21 15:31:25 2007 : Debug: rlm_sql (sql): Reserving sql socket id: 4 Fri Sep 21 15:31:25 2007 : Debug: rlm_sql_mysql: query: INSERT into radacct (AcctSessionId, AcctUniqueId, UserName, Realm, NASIPAddress, NASPortId, NASPortType, AcctStartTime, AcctStopTime, AcctSessionTime, AcctAuthentic, ConnectInfo_start, ConnectInfo_stop, AcctInputOctets, AcctOutputOctets, CalledStationId, CallingStationId, AcctTerminateCause, ServiceType, FramedProtocol, FramedIPAddress, AcctStartDelay, AcctStopDelay) values('192.168.240.131 richard.heral@nano 09/21/07 13:31:25 00000032', '001b583f347825ec', 'richard.heral@nano', 'nano', '192.168.240.131', '50019', 'Ethernet', '2007-09-21 15:31:25', '0', '0', 'RADIUS', '', '', '0', '0', '00-08-A3-72-C9-13', '00-30-13-C5-96-6D', '', '', '', '', '0', '0') Fri Sep 21 15:31:25 2007 : Debug: rlm_sql (sql): Released sql socket id: 4 Fri Sep 21 15:31:25 2007 : Debug: modsingle[accounting]: returned from sql (rlm_sql) for request 6 Fri Sep 21 15:31:25 2007 : Debug: modcall[accounting]: module "sql" returns ok for request 6 Fri Sep 21 15:31:25 2007 : Debug: modsingle[accounting]: calling attr_filter.accounting_response (rlm_attr_filter) for request 6 Fri Sep 21 15:31:25 2007 : Debug: attr_filter: Matched entry DEFAULT at line 12 Fri Sep 21 15:31:25 2007 : Debug: modsingle[accounting]: returned from attr_filter.accounting_response (rlm_attr_filter) for request 6 Fri Sep 21 15:31:25 2007 : Debug: modcall[accounting]: module "attr_filter.accounting_response" returns updated for request 6 Fri Sep 21 15:31:25 2007 : Debug: modcall: leaving group accounting (returns updated) for request 6 Sending Accounting-Response of id 187 to 192.168.240.131 port 1813 Fri Sep 21 15:31:25 2007 : Debug: Finished request 6 Fri Sep 21 15:31:25 2007 : Debug: Going to the next request Fri Sep 21 15:31:25 2007 : Debug: Waking up in 6 seconds... Fri Sep 21 15:31:31 2007 : Debug: --- Walking the entire request list --- Fri Sep 21 15:31:31 2007 : Debug: Cleaning up request 0 ID 182 with timestamp 46f3c7ad Fri Sep 21 15:31:31 2007 : Debug: Cleaning up request 1 ID 183 with timestamp 46f3c7ad Fri Sep 21 15:31:31 2007 : Debug: Cleaning up request 2 ID 184 with timestamp 46f3c7ad Fri Sep 21 15:31:31 2007 : Debug: Cleaning up request 3 ID 185 with timestamp 46f3c7ad Fri Sep 21 15:31:31 2007 : Debug: Cleaning up request 4 ID 186 with timestamp 46f3c7ad Fri Sep 21 15:31:31 2007 : Debug: Cleaning up request 5 ID 187 with timestamp 46f3c7ad Fri Sep 21 15:31:31 2007 : Debug: Cleaning up request 6 ID 187 with timestamp 46f3c7ad Fri Sep 21 15:31:31 2007 : Debug: Nothing to do. Sleeping until we see a request.
Fri Sep 21 15:29:46 2007 : Info: Starting - reading configuration files ... Fri Sep 21 15:29:46 2007 : Debug: reread_config: reading radiusd.conf Fri Sep 21 15:29:46 2007 : Debug: Config: including file: /etc/freeradius/proxy.conf Fri Sep 21 15:29:46 2007 : Debug: Config: including file: /etc/freeradius/clients.conf Fri Sep 21 15:29:46 2007 : Debug: Config: including file: /etc/freeradius/snmp.conf Fri Sep 21 15:29:46 2007 : Debug: Config: including file: /etc/freeradius/eap.conf Fri Sep 21 15:29:46 2007 : Debug: Config: including file: /etc/freeradius/sql.conf Fri Sep 21 15:29:46 2007 : Debug: main: prefix = "/usr" Fri Sep 21 15:29:46 2007 : Debug: main: localstatedir = "/var" Fri Sep 21 15:29:46 2007 : Debug: main: logdir = "/var/log/freeradius" Fri Sep 21 15:29:46 2007 : Debug: main: libdir = "/usr/lib/freeradius" Fri Sep 21 15:29:46 2007 : Debug: main: radacctdir = "/var/log/freeradius/radacct" Fri Sep 21 15:29:46 2007 : Debug: main: hostname_lookups = no Fri Sep 21 15:29:46 2007 : Debug: main: snmp = no Fri Sep 21 15:29:46 2007 : Debug: main: max_request_time = 30 Fri Sep 21 15:29:46 2007 : Debug: main: cleanup_delay = 5 Fri Sep 21 15:29:46 2007 : Debug: main: max_requests = 1024 Fri Sep 21 15:29:46 2007 : Debug: main: delete_blocked_requests = 0 Fri Sep 21 15:29:46 2007 : Debug: main: port = 1812 Fri Sep 21 15:29:46 2007 : Debug: main: allow_core_dumps = no Fri Sep 21 15:29:46 2007 : Debug: main: log_stripped_names = no Fri Sep 21 15:29:46 2007 : Debug: main: log_file = "/var/log/freeradius/radius.log" Fri Sep 21 15:29:46 2007 : Debug: main: log_auth = yes Fri Sep 21 15:29:46 2007 : Debug: main: log_auth_badpass = no Fri Sep 21 15:29:46 2007 : Debug: main: log_auth_goodpass = no Fri Sep 21 15:29:46 2007 : Debug: main: pidfile = "/var/run/freeradius/freeradius.pid" Fri Sep 21 15:29:46 2007 : Debug: main: user = "freerad" Fri Sep 21 15:29:46 2007 : Debug: main: group = "freerad" Fri Sep 21 15:29:46 2007 : Debug: main: usercollide = no Fri Sep 21 15:29:46 2007 : Debug: main: lower_user = "no" Fri Sep 21 15:29:46 2007 : Debug: main: lower_pass = "no" Fri Sep 21 15:29:46 2007 : Debug: main: nospace_user = "no" Fri Sep 21 15:29:46 2007 : Debug: main: nospace_pass = "no" Fri Sep 21 15:29:46 2007 : Debug: main: checkrad = "/usr/sbin/checkrad" Fri Sep 21 15:29:46 2007 : Debug: main: proxy_requests = yes Fri Sep 21 15:29:46 2007 : Debug: proxy: retry_delay = 5 Fri Sep 21 15:29:46 2007 : Debug: proxy: retry_count = 3 Fri Sep 21 15:29:46 2007 : Debug: proxy: synchronous = no Fri Sep 21 15:29:46 2007 : Debug: proxy: default_fallback = yes Fri Sep 21 15:29:46 2007 : Debug: proxy: dead_time = 120 Fri Sep 21 15:29:46 2007 : Debug: proxy: post_proxy_authorize = yes Fri Sep 21 15:29:46 2007 : Debug: proxy: wake_all_if_all_dead = no Fri Sep 21 15:29:46 2007 : Debug: security: max_attributes = 200 Fri Sep 21 15:29:46 2007 : Debug: security: reject_delay = 1 Fri Sep 21 15:29:46 2007 : Debug: security: status_server = yes Fri Sep 21 15:29:46 2007 : Debug: main: debug_level = 0 Fri Sep 21 15:29:46 2007 : Debug: read_config_files: reading dictionary Fri Sep 21 15:29:46 2007 : Debug: read_config_files: reading naslist Fri Sep 21 15:29:46 2007 : Debug: read_config_files: reading clients Fri Sep 21 15:29:46 2007 : Debug: read_config_files: reading realms Fri Sep 21 15:29:46 2007 : Debug: listen: port = 0 Fri Sep 21 15:29:46 2007 : Debug: listen: type = "auth" Fri Sep 21 15:29:46 2007 : Debug: listen: port = 0 Fri Sep 21 15:29:46 2007 : Debug: listen: type = "acct" Fri Sep 21 15:29:46 2007 : Debug: radiusd: entering modules setup Fri Sep 21 15:29:46 2007 : Debug: Module: Library search path is /usr/lib/freeradius Fri Sep 21 15:29:46 2007 : Debug: Module: Loaded exec Fri Sep 21 15:29:46 2007 : Debug: exec: wait = no Fri Sep 21 15:29:46 2007 : Debug: exec: program = "(null)" Fri Sep 21 15:29:46 2007 : Debug: exec: input_pairs = "request" Fri Sep 21 15:29:46 2007 : Debug: exec: output_pairs = "(null)" Fri Sep 21 15:29:46 2007 : Debug: exec: packet_type = "(null)" Fri Sep 21 15:29:46 2007 : Debug: Module: Instantiated exec (exec) Fri Sep 21 15:29:46 2007 : Debug: Module: Loaded expr Fri Sep 21 15:29:46 2007 : Debug: Module: Instantiated expr (expr) Fri Sep 21 15:29:46 2007 : Debug: Module: Loaded LDAP Fri Sep 21 15:29:46 2007 : Debug: ldap: server = "ldaps://ldap.grenoble.cnrs.fr" Fri Sep 21 15:29:46 2007 : Debug: ldap: port = 389 Fri Sep 21 15:29:46 2007 : Debug: ldap: net_timeout = 1 Fri Sep 21 15:29:46 2007 : Debug: ldap: timeout = 4 Fri Sep 21 15:29:46 2007 : Debug: ldap: timelimit = 3 Fri Sep 21 15:29:46 2007 : Debug: ldap: identity = "cn=rad,dc=grenoble,dc=cnrs,dc=fr" Fri Sep 21 15:29:46 2007 : Debug: ldap: tls_mode = no Fri Sep 21 15:29:46 2007 : Debug: ldap: start_tls = no Fri Sep 21 15:29:46 2007 : Debug: ldap: tls_cacertfile = "(null)" Fri Sep 21 15:29:46 2007 : Debug: ldap: tls_cacertdir = "(null)" Fri Sep 21 15:29:46 2007 : Debug: ldap: tls_certfile = "(null)" Fri Sep 21 15:29:46 2007 : Debug: ldap: tls_keyfile = "(null)" Fri Sep 21 15:29:46 2007 : Debug: ldap: tls_randfile = "(null)" Fri Sep 21 15:29:46 2007 : Debug: ldap: tls_require_cert = "allow" Fri Sep 21 15:29:46 2007 : Debug: ldap: password = "XXXXXXX" Fri Sep 21 15:29:46 2007 : Debug: ldap: basedn = "ou=users,dc=grenoble,dc=cnrs,dc=fr" Fri Sep 21 15:29:46 2007 : Debug: ldap: filter = "(|(|(uid=%{Stripped-User-Name:-%{User-Name}})(mail=%{Stripped-User-Name:-%{User-Name}}))(mail=%{Stripped-User-Name:-%{User-Name}}@grenoble.cnrs.fr))" Fri Sep 21 15:29:46 2007 : Debug: ldap: base_filter = "(objectclass=radiusprofile)" Fri Sep 21 15:29:46 2007 : Debug: ldap: default_profile = "(null)" Fri Sep 21 15:29:46 2007 : Debug: ldap: profile_attribute = "(null)" Fri Sep 21 15:29:46 2007 : Debug: ldap: password_header = "(null)" Fri Sep 21 15:29:46 2007 : Debug: ldap: password_attribute = "(null)" Fri Sep 21 15:29:46 2007 : Debug: ldap: access_attr = "(null)" Fri Sep 21 15:29:46 2007 : Debug: ldap: groupname_attribute = "radiusGroupName" Fri Sep 21 15:29:46 2007 : Debug: ldap: groupmembership_filter = "(|(|(uid=%{Stripped-User-Name:-%{User-Name}})(mail=%{Stripped-User-Name:-%{User-Name}}))(mail=%{Stripped-User-Name:-%{User-Name}}@grenoble.cnrs.fr))" Fri Sep 21 15:29:46 2007 : Debug: ldap: groupmembership_attribute = "radiusGroupName" Fri Sep 21 15:29:46 2007 : Debug: ldap: dictionary_mapping = "/etc/freeradius/ldap.attrmap" Fri Sep 21 15:29:46 2007 : Debug: ldap: ldap_debug = 0 Fri Sep 21 15:29:46 2007 : Debug: ldap: ldap_connections_number = 5 Fri Sep 21 15:29:46 2007 : Debug: ldap: compare_check_items = no Fri Sep 21 15:29:46 2007 : Debug: ldap: access_attr_used_for_allow = yes Fri Sep 21 15:29:46 2007 : Debug: ldap: do_xlat = yes Fri Sep 21 15:29:46 2007 : Debug: ldap: edir_account_policy_check = no Fri Sep 21 15:29:46 2007 : Debug: ldap: set_auth_type = yes Fri Sep 21 15:29:46 2007 : Debug: rlm_ldap: Registering ldap_groupcmp for Ldap-Group Fri Sep 21 15:29:46 2007 : Debug: rlm_ldap: Registering ldap_xlat with xlat_name ldap Fri Sep 21 15:29:46 2007 : Debug: rlm_ldap: reading ldap<->radius mappings from file /etc/freeradius/ldap.attrmap Fri Sep 21 15:29:46 2007 : Debug: rlm_ldap: LDAP radiusCheckItem mapped to RADIUS $GENERIC$ Fri Sep 21 15:29:46 2007 : Debug: rlm_ldap: LDAP radiusReplyItem mapped to RADIUS $GENERIC$ Fri Sep 21 15:29:46 2007 : Debug: rlm_ldap: LDAP radiusAuthType mapped to RADIUS Auth-Type Fri Sep 21 15:29:46 2007 : Debug: rlm_ldap: LDAP radiusSimultaneousUse mapped to RADIUS Simultaneous-Use Fri Sep 21 15:29:46 2007 : Debug: rlm_ldap: LDAP radiusCalledStationId mapped to RADIUS Called-Station-Id Fri Sep 21 15:29:46 2007 : Debug: rlm_ldap: LDAP radiusCallingStationId mapped to RADIUS Calling-Station-Id Fri Sep 21 15:29:46 2007 : Debug: rlm_ldap: LDAP lmPassword mapped to RADIUS LM-Password Fri Sep 21 15:29:46 2007 : Debug: rlm_ldap: LDAP ntPassword mapped to RADIUS NT-Password Fri Sep 21 15:29:46 2007 : Debug: rlm_ldap: LDAP acctFlags mapped to RADIUS SMB-Account-CTRL-TEXT Fri Sep 21 15:29:46 2007 : Debug: rlm_ldap: LDAP radiusExpiration mapped to RADIUS Expiration Fri Sep 21 15:29:46 2007 : Debug: rlm_ldap: LDAP radiusNASIpAddress mapped to RADIUS NAS-IP-Address Fri Sep 21 15:29:46 2007 : Debug: rlm_ldap: LDAP radiusServiceType mapped to RADIUS Service-Type Fri Sep 21 15:29:46 2007 : Debug: rlm_ldap: LDAP radiusFramedProtocol mapped to RADIUS Framed-Protocol Fri Sep 21 15:29:46 2007 : Debug: rlm_ldap: LDAP radiusFramedIPAddress mapped to RADIUS Framed-IP-Address Fri Sep 21 15:29:46 2007 : Debug: rlm_ldap: LDAP radiusFramedIPNetmask mapped to RADIUS Framed-IP-Netmask Fri Sep 21 15:29:46 2007 : Debug: rlm_ldap: LDAP radiusFramedRoute mapped to RADIUS Framed-Route Fri Sep 21 15:29:46 2007 : Debug: rlm_ldap: LDAP radiusFramedRouting mapped to RADIUS Framed-Routing Fri Sep 21 15:29:46 2007 : Debug: rlm_ldap: LDAP radiusFilterId mapped to RADIUS Filter-Id Fri Sep 21 15:29:46 2007 : Debug: rlm_ldap: LDAP radiusFramedMTU mapped to RADIUS Framed-MTU Fri Sep 21 15:29:46 2007 : Debug: rlm_ldap: LDAP radiusFramedCompression mapped to RADIUS Framed-Compression Fri Sep 21 15:29:46 2007 : Debug: rlm_ldap: LDAP radiusLoginIPHost mapped to RADIUS Login-IP-Host Fri Sep 21 15:29:46 2007 : Debug: rlm_ldap: LDAP radiusLoginService mapped to RADIUS Login-Service Fri Sep 21 15:29:46 2007 : Debug: rlm_ldap: LDAP radiusLoginTCPPort mapped to RADIUS Login-TCP-Port Fri Sep 21 15:29:46 2007 : Debug: rlm_ldap: LDAP radiusCallbackNumber mapped to RADIUS Callback-Number Fri Sep 21 15:29:46 2007 : Debug: rlm_ldap: LDAP radiusCallbackId mapped to RADIUS Callback-Id Fri Sep 21 15:29:46 2007 : Debug: rlm_ldap: LDAP radiusFramedIPXNetwork mapped to RADIUS Framed-IPX-Network Fri Sep 21 15:29:46 2007 : Debug: rlm_ldap: LDAP radiusClass mapped to RADIUS Class Fri Sep 21 15:29:46 2007 : Debug: rlm_ldap: LDAP radiusSessionTimeout mapped to RADIUS Session-Timeout Fri Sep 21 15:29:46 2007 : Debug: rlm_ldap: LDAP radiusIdleTimeout mapped to RADIUS Idle-Timeout Fri Sep 21 15:29:46 2007 : Debug: rlm_ldap: LDAP radiusTerminationAction mapped to RADIUS Termination-Action Fri Sep 21 15:29:46 2007 : Debug: rlm_ldap: LDAP radiusLoginLATService mapped to RADIUS Login-LAT-Service Fri Sep 21 15:29:46 2007 : Debug: rlm_ldap: LDAP radiusLoginLATNode mapped to RADIUS Login-LAT-Node Fri Sep 21 15:29:46 2007 : Debug: rlm_ldap: LDAP radiusLoginLATGroup mapped to RADIUS Login-LAT-Group Fri Sep 21 15:29:46 2007 : Debug: rlm_ldap: LDAP radiusFramedAppleTalkLink mapped to RADIUS Framed-AppleTalk-Link Fri Sep 21 15:29:46 2007 : Debug: rlm_ldap: LDAP radiusFramedAppleTalkNetwork mapped to RADIUS Framed-AppleTalk-Network Fri Sep 21 15:29:46 2007 : Debug: rlm_ldap: LDAP radiusFramedAppleTalkZone mapped to RADIUS Framed-AppleTalk-Zone Fri Sep 21 15:29:46 2007 : Debug: rlm_ldap: LDAP radiusPortLimit mapped to RADIUS Port-Limit Fri Sep 21 15:29:46 2007 : Debug: rlm_ldap: LDAP radiusLoginLATPort mapped to RADIUS Login-LAT-Port Fri Sep 21 15:29:46 2007 : Debug: rlm_ldap: LDAP radiusReplyMessage mapped to RADIUS Reply-Message Fri Sep 21 15:29:46 2007 : Debug: conns: 0x5555557bc4c0 Fri Sep 21 15:29:46 2007 : Debug: Module: Instantiated ldap (ldap) Fri Sep 21 15:29:46 2007 : Debug: Module: Loaded eap Fri Sep 21 15:29:46 2007 : Debug: eap: default_eap_type = "ttls" Fri Sep 21 15:29:46 2007 : Debug: eap: timer_expire = 60 Fri Sep 21 15:29:46 2007 : Debug: eap: ignore_unknown_eap_types = yes Fri Sep 21 15:29:46 2007 : Debug: eap: cisco_accounting_username_bug = no Fri Sep 21 15:29:46 2007 : Debug: tls: rsa_key_exchange = no Fri Sep 21 15:29:46 2007 : Debug: tls: dh_key_exchange = yes Fri Sep 21 15:29:46 2007 : Debug: tls: rsa_key_length = 512 Fri Sep 21 15:29:46 2007 : Debug: tls: dh_key_length = 512 Fri Sep 21 15:29:46 2007 : Debug: tls: verify_depth = 0 Fri Sep 21 15:29:46 2007 : Debug: tls: CA_path = "(null)" Fri Sep 21 15:29:46 2007 : Debug: tls: pem_file_type = yes Fri Sep 21 15:29:46 2007 : Debug: tls: private_key_file = "/etc/freeradius/certs/radius.grenoble.cnrs.fr.key" Fri Sep 21 15:29:46 2007 : Debug: tls: certificate_file = "/etc/freeradius/certs/radius.grenoble.cnrs.fr.crt" Fri Sep 21 15:29:46 2007 : Debug: tls: CA_file = "/etc/freeradius/certs/CACNRS.pem" Fri Sep 21 15:29:46 2007 : Debug: tls: private_key_password = "(null)" Fri Sep 21 15:29:46 2007 : Debug: tls: dh_file = "/etc/freeradius/certs/dh" Fri Sep 21 15:29:46 2007 : Debug: tls: random_file = "/etc/freeradius/certs/random" Fri Sep 21 15:29:46 2007 : Debug: tls: fragment_size = 1024 Fri Sep 21 15:29:46 2007 : Debug: tls: include_length = yes Fri Sep 21 15:29:46 2007 : Debug: tls: check_crl = no Fri Sep 21 15:29:46 2007 : Debug: tls: check_cert_cn = "(null)" Fri Sep 21 15:29:46 2007 : Debug: tls: cipher_list = "DEFAULT" Fri Sep 21 15:29:46 2007 : Debug: tls: check_cert_issuer = "(null)" Fri Sep 21 15:29:46 2007 : Info: rlm_eap_tls: Loading the certificate file as a chain Fri Sep 21 15:29:46 2007 : Debug: rlm_eap: Loaded and initialized type tls Fri Sep 21 15:29:46 2007 : Debug: ttls: default_eap_type = "md5" Fri Sep 21 15:29:46 2007 : Debug: ttls: copy_request_to_tunnel = yes Fri Sep 21 15:29:46 2007 : Debug: ttls: use_tunneled_reply = yes Fri Sep 21 15:29:46 2007 : Debug: rlm_eap: Loaded and initialized type ttls Fri Sep 21 15:29:46 2007 : Debug: Module: Instantiated eap (eap) Fri Sep 21 15:29:46 2007 : Debug: Module: Loaded preprocess Fri Sep 21 15:29:46 2007 : Debug: preprocess: huntgroups = "/etc/freeradius/huntgroups" Fri Sep 21 15:29:46 2007 : Debug: preprocess: hints = "/etc/freeradius/hints" Fri Sep 21 15:29:46 2007 : Debug: preprocess: with_ascend_hack = no Fri Sep 21 15:29:46 2007 : Debug: preprocess: ascend_channels_per_line = 23 Fri Sep 21 15:29:46 2007 : Debug: preprocess: with_ntdomain_hack = no Fri Sep 21 15:29:46 2007 : Debug: preprocess: with_specialix_jetstream_hack = no Fri Sep 21 15:29:46 2007 : Debug: preprocess: with_cisco_vsa_hack = no Fri Sep 21 15:29:46 2007 : Debug: preprocess: with_alvarion_vsa_hack = no Fri Sep 21 15:29:46 2007 : Debug: Module: Instantiated preprocess (preprocess) Fri Sep 21 15:29:46 2007 : Debug: Module: Loaded realm Fri Sep 21 15:29:46 2007 : Debug: realm: format = "suffix" Fri Sep 21 15:29:46 2007 : Debug: realm: delimiter = "@" Fri Sep 21 15:29:46 2007 : Debug: realm: ignore_default = no Fri Sep 21 15:29:46 2007 : Debug: realm: ignore_null = no Fri Sep 21 15:29:46 2007 : Debug: Module: Instantiated realm (suffix) Fri Sep 21 15:29:46 2007 : Debug: Module: Loaded files Fri Sep 21 15:29:46 2007 : Debug: files: usersfile = "/etc/freeradius/users" Fri Sep 21 15:29:46 2007 : Debug: files: acctusersfile = "/etc/freeradius/acct_users" Fri Sep 21 15:29:46 2007 : Debug: files: preproxy_usersfile = "/etc/freeradius/preproxy_users" Fri Sep 21 15:29:46 2007 : Debug: files: compat = "no" Fri Sep 21 15:29:46 2007 : Debug: Module: Instantiated files (files) Fri Sep 21 15:29:46 2007 : Debug: Module: Loaded PAP Fri Sep 21 15:29:46 2007 : Debug: pap: encryption_scheme = "crypt" Fri Sep 21 15:29:46 2007 : Debug: pap: auto_header = no Fri Sep 21 15:29:46 2007 : Debug: Module: Instantiated pap (pap) Fri Sep 21 15:29:46 2007 : Debug: Module: Loaded Acct-Unique-Session-Id Fri Sep 21 15:29:46 2007 : Debug: acct_unique: key = "User-Name, Acct-Session-Id, NAS-IP-Address, Client-IP-Address, NAS-Port" Fri Sep 21 15:29:46 2007 : Debug: Module: Instantiated acct_unique (acct_unique) Fri Sep 21 15:29:46 2007 : Debug: Module: Loaded detail Fri Sep 21 15:29:46 2007 : Debug: detail: detailfile = "/var/log/freeradius/radacct/%{Client-IP-Address}/detail-%Y%m%d" Fri Sep 21 15:29:46 2007 : Debug: detail: detailperm = 384 Fri Sep 21 15:29:46 2007 : Debug: detail: dirperm = 493 Fri Sep 21 15:29:46 2007 : Debug: detail: locking = no Fri Sep 21 15:29:46 2007 : Debug: Module: Instantiated detail (detail) Fri Sep 21 15:29:46 2007 : Debug: Module: Loaded System Fri Sep 21 15:29:46 2007 : Debug: unix: cache = no Fri Sep 21 15:29:46 2007 : Debug: unix: passwd = "(null)" Fri Sep 21 15:29:46 2007 : Debug: unix: shadow = "(null)" Fri Sep 21 15:29:46 2007 : Debug: unix: group = "(null)" Fri Sep 21 15:29:46 2007 : Debug: unix: radwtmp = "/var/log/freeradius/radwtmp" Fri Sep 21 15:29:46 2007 : Debug: unix: usegroup = no Fri Sep 21 15:29:46 2007 : Debug: unix: cache_reload = 600 Fri Sep 21 15:29:46 2007 : Debug: Module: Instantiated unix (unix) Fri Sep 21 15:29:46 2007 : Debug: Module: Loaded radutmp Fri Sep 21 15:29:46 2007 : Debug: radutmp: filename = "/var/log/freeradius/radutmp" Fri Sep 21 15:29:46 2007 : Debug: radutmp: username = "%{User-Name}" Fri Sep 21 15:29:46 2007 : Debug: radutmp: case_sensitive = yes Fri Sep 21 15:29:46 2007 : Debug: radutmp: check_with_nas = yes Fri Sep 21 15:29:46 2007 : Debug: radutmp: perm = 384 Fri Sep 21 15:29:46 2007 : Debug: radutmp: callerid = yes Fri Sep 21 15:29:46 2007 : Debug: Module: Instantiated radutmp (radutmp) Fri Sep 21 15:29:46 2007 : Debug: Module: Loaded SQL Fri Sep 21 15:29:46 2007 : Debug: sql: driver = "rlm_sql_mysql" Fri Sep 21 15:29:46 2007 : Debug: sql: server = "localhost" Fri Sep 21 15:29:46 2007 : Debug: sql: port = "" Fri Sep 21 15:29:46 2007 : Debug: sql: login = "AcctRadius" Fri Sep 21 15:29:46 2007 : Debug: sql: password = "AcctRadius" Fri Sep 21 15:29:46 2007 : Debug: sql: radius_db = "accounting" Fri Sep 21 15:29:46 2007 : Debug: sql: nas_table = "nas" Fri Sep 21 15:29:46 2007 : Debug: sql: sqltrace = yes Fri Sep 21 15:29:46 2007 : Debug: sql: sqltracefile = "/var/log/freeradius/sqltrace.sql" Fri Sep 21 15:29:46 2007 : Debug: sql: readclients = no Fri Sep 21 15:29:46 2007 : Debug: sql: deletestalesessions = yes Fri Sep 21 15:29:46 2007 : Debug: sql: num_sql_socks = 5 Fri Sep 21 15:29:46 2007 : Debug: sql: sql_user_name = "%{User-Name}" Fri Sep 21 15:29:46 2007 : Debug: sql: default_user_profile = "" Fri Sep 21 15:29:46 2007 : Debug: sql: query_on_not_found = no Fri Sep 21 15:29:46 2007 : Debug: sql: authorize_check_query = "SELECT id, UserName, Attribute, Value, op FROM radcheck WHERE Username = '%{SQL-User-Name}' ORDER BY id" Fri Sep 21 15:29:46 2007 : Debug: sql: authorize_reply_query = "SELECT id, UserName, Attribute, Value, op FROM radreply WHERE Username = '%{SQL-User-Name}' ORDER BY id" Fri Sep 21 15:29:46 2007 : Debug: sql: authorize_group_check_query = "SELECT id, GroupName, Attribute, Value, op FROM radgroupcheck WHERE GroupName = '%{Sql-Group}' ORDER BY id" Fri Sep 21 15:29:46 2007 : Debug: sql: authorize_group_reply_query = "SELECT id, GroupName, Attribute, Value, op FROM radgroupreply WHERE GroupName = '%{Sql-Group}' ORDER BY id" Fri Sep 21 15:29:46 2007 : Debug: sql: accounting_onoff_query = "UPDATE radacct SET AcctStopTime='%S', AcctSessionTime=unix_timestamp('%S') - unix_timestamp(AcctStartTime), AcctTerminateCause='%{Acct-Terminate-Cause}', AcctStopDelay = %{Acct-Delay-Time:-0} WHERE AcctSessionTime=0 AND AcctStopTime=0 AND NASIPAddress= '%{NAS-IP-Address}' AND AcctStartTime <= '%S'" Fri Sep 21 15:29:46 2007 : Debug: sql: accounting_update_query = "UPDATE radacct SET FramedIPAddress = '%{Framed-IP-Address}', AcctSessionTime = '%{Acct-Session-Time}', AcctInputOctets = '%{Acct-Input-Octets}', AcctOutputOctets = '%{Acct-Output-Octets}' WHERE AcctSessionId = '%{Acct-Session-Id}' AND UserName = '%{SQL-User-Name}' AND NASIPAddress= '%{NAS-IP-Address}'" Fri Sep 21 15:29:46 2007 : Debug: sql: accounting_update_query_alt = "INSERT into radacct (AcctSessionId, AcctUniqueId, UserName, Realm, NASIPAddress, NASPortId, NASPortType, AcctStartTime, AcctSessionTime, AcctAuthentic, ConnectInfo_start, AcctInputOctets, AcctOutputOctets, CalledStationId, CallingStationId, ServiceType, FramedProtocol, FramedIPAddress, AcctStartDelay) values('%{Acct-Session-Id}', '%{Acct-Unique-Session-Id}', '%{SQL-User-Name}', '%{Realm}', '%{NAS-IP-Address}', '%{NAS-Port}', '%{NAS-Port-Type}', DATE_SUB('%S',INTERVAL (%{Acct-Session-Time:-0} + %{Acct-Delay-Time:-0}) SECOND), '%{Acct-Session-Time}', '%{Acct-Authentic}', '', '%{Acct-Input-Octets}', '%{Acct-Output-Octets}', '%{Called-Station-Id}', '%{Calling-Station-Id}', '%{Service-Type}', '%{Framed-Protocol}', '%{Framed-IP-Address}', '0')" Fri Sep 21 15:29:46 2007 : Debug: sql: accounting_start_query = "INSERT into radacct (AcctSessionId, AcctUniqueId, UserName, Realm, NASIPAddress, NASPortId, NASPortType, AcctStartTime, AcctStopTime, AcctSessionTime, AcctAuthentic, ConnectInfo_start, ConnectInfo_stop, AcctInputOctets, AcctOutputOctets, CalledStationId, CallingStationId, AcctTerminateCause, ServiceType, FramedProtocol, FramedIPAddress, AcctStartDelay, AcctStopDelay) values('%{Acct-Session-Id}', '%{Acct-Unique-Session-Id}', '%{SQL-User-Name}', '%{Realm}', '%{NAS-IP-Address}', '%{NAS-Port}', '%{NAS-Port-Type}', '%S', '0', '0', '%{Acct-Authentic}', '%{Connect-Info}', '', '0', '0', '%{Called-Station-Id}', '%{Calling-Station-Id}', '', '%{Service-Type}', '%{Framed-Protocol}', '%{Framed-IP-Address}', '%{Acct-Delay-Time:-0}', '0')" Fri Sep 21 15:29:46 2007 : Debug: sql: accounting_start_query_alt = "UPDATE radacct SET AcctStartTime = '%S', AcctStartDelay = '%{Acct-Delay-Time:-0}', ConnectInfo_start = '%{Connect-Info}' WHERE AcctSessionId = '%{Acct-Session-Id}' AND UserName = '%{SQL-User-Name}' AND NASIPAddress = '%{NAS-IP-Address}'" Fri Sep 21 15:29:46 2007 : Debug: sql: accounting_stop_query = "UPDATE radacct SET AcctStopTime = '%S', AcctSessionTime = '%{Acct-Session-Time}', AcctInputOctets = '%{Acct-Input-Octets}', AcctOutputOctets = '%{Acct-Output-Octets}', AcctTerminateCause = '%{Acct-Terminate-Cause}', AcctStopDelay = '%{Acct-Delay-Time:-0}', ConnectInfo_stop = '%{Connect-Info}' WHERE AcctSessionId = '%{Acct-Session-Id}' AND UserName = '%{SQL-User-Name}' AND NASIPAddress = '%{NAS-IP-Address}'" Fri Sep 21 15:29:46 2007 : Debug: sql: accounting_stop_query_alt = "INSERT into radacct (AcctSessionId, AcctUniqueId, UserName, Realm, NASIPAddress, NASPortId, NASPortType, AcctStartTime, AcctStopTime, AcctSessionTime, AcctAuthentic, ConnectInfo_start, ConnectInfo_stop, AcctInputOctets, AcctOutputOctets, CalledStationId, CallingStationId, AcctTerminateCause, ServiceType, FramedProtocol, FramedIPAddress, AcctStartDelay, AcctStopDelay) values('%{Acct-Session-Id}', '%{Acct-Unique-Session-Id}', '%{SQL-User-Name}', '%{Realm}', '%{NAS-IP-Address}', '%{NAS-Port}', '%{NAS-Port-Type}', DATE_SUB('%S', INTERVAL (%{Acct-Session-Time:-0} + %{Acct-Delay-Time:-0}) SECOND), '%S', '%{Acct-Session-Time}', '%{Acct-Authentic}', '', '%{Connect-Info}', '%{Acct-Input-Octets}', '%{Acct-Output-Octets}', '%{Called-Station-Id}', '%{Calling-Station-Id}', '%{Acct-Terminate-Cause}', '%{Service-Type}', '%{Framed-Protocol}', '%{Framed-IP-Address}', '0', '%{Acct-Delay-Time:-0}')" Fri Sep 21 15:29:46 2007 : Debug: sql: group_membership_query = "SELECT GroupName FROM radusergroup WHERE UserName = '%{SQL-User-Name}' ORDER BY priority" Fri Sep 21 15:29:46 2007 : Debug: sql: connect_failure_retry_delay = 60 Fri Sep 21 15:29:46 2007 : Debug: sql: simul_count_query = "" Fri Sep 21 15:29:46 2007 : Debug: sql: simul_verify_query = "SELECT RadAcctId, AcctSessionId, UserName, NASIPAddress, NASPortId, FramedIPAddress, CallingStationId, FramedProtocol FROM radacct WHERE UserName='%{SQL-User-Name}' AND AcctStopTime = 0" Fri Sep 21 15:29:46 2007 : Debug: sql: postauth_query = "INSERT into radpostauth (id, user, pass, reply, date) values ('', '%{User-Name}', '%{User-Password:-Chap-Password}', '%{reply:Packet-Type}', '%S')" Fri Sep 21 15:29:46 2007 : Debug: sql: safe-characters = "@abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789.-_: /" Fri Sep 21 15:29:46 2007 : Info: rlm_sql (sql): Driver rlm_sql_mysql (module rlm_sql_mysql) loaded and linked Fri Sep 21 15:29:46 2007 : Info: rlm_sql (sql): Attempting to connect to AcctRadius@localhost:/accounting Fri Sep 21 15:29:46 2007 : Debug: rlm_sql (sql): starting 0 Fri Sep 21 15:29:46 2007 : Debug: rlm_sql (sql): Attempting to connect rlm_sql_mysql #0 Fri Sep 21 15:29:46 2007 : Info: rlm_sql_mysql: Starting connect to MySQL server for #0 Fri Sep 21 15:29:46 2007 : Debug: rlm_sql (sql): Connected new DB handle, #0 Fri Sep 21 15:29:46 2007 : Debug: rlm_sql (sql): starting 1 Fri Sep 21 15:29:46 2007 : Debug: rlm_sql (sql): Attempting to connect rlm_sql_mysql #1 Fri Sep 21 15:29:46 2007 : Info: rlm_sql_mysql: Starting connect to MySQL server for #1 Fri Sep 21 15:29:46 2007 : Debug: rlm_sql (sql): Connected new DB handle, #1 Fri Sep 21 15:29:46 2007 : Debug: rlm_sql (sql): starting 2 Fri Sep 21 15:29:46 2007 : Debug: rlm_sql (sql): Attempting to connect rlm_sql_mysql #2 Fri Sep 21 15:29:46 2007 : Info: rlm_sql_mysql: Starting connect to MySQL server for #2 Fri Sep 21 15:29:46 2007 : Debug: rlm_sql (sql): Connected new DB handle, #2 Fri Sep 21 15:29:46 2007 : Debug: rlm_sql (sql): starting 3 Fri Sep 21 15:29:46 2007 : Debug: rlm_sql (sql): Attempting to connect rlm_sql_mysql #3 Fri Sep 21 15:29:46 2007 : Info: rlm_sql_mysql: Starting connect to MySQL server for #3 Fri Sep 21 15:29:46 2007 : Debug: rlm_sql (sql): Connected new DB handle, #3 Fri Sep 21 15:29:46 2007 : Debug: rlm_sql (sql): starting 4 Fri Sep 21 15:29:46 2007 : Debug: rlm_sql (sql): Attempting to connect rlm_sql_mysql #4 Fri Sep 21 15:29:46 2007 : Info: rlm_sql_mysql: Starting connect to MySQL server for #4 Fri Sep 21 15:29:46 2007 : Debug: rlm_sql (sql): Connected new DB handle, #4 Fri Sep 21 15:29:46 2007 : Debug: Module: Instantiated sql (sql) Fri Sep 21 15:29:46 2007 : Debug: Module: Loaded attr_filter Fri Sep 21 15:29:46 2007 : Debug: attr_filter: attrsfile = "/etc/freeradius/attrs.accounting_response" Fri Sep 21 15:29:46 2007 : Error: rlm_attr_filter: Authorize method will be deprecated. Fri Sep 21 15:29:46 2007 : Debug: Module: Instantiated attr_filter (attr_filter.accounting_response) Fri Sep 21 15:29:46 2007 : Debug: detail: detailfile = "/var/log/freeradius/radacct/%{Client-IP-Address}/pre-proxy-detail-%Y%m%d" Fri Sep 21 15:29:46 2007 : Debug: detail: detailperm = 384 Fri Sep 21 15:29:46 2007 : Debug: detail: dirperm = 493 Fri Sep 21 15:29:46 2007 : Debug: detail: locking = no Fri Sep 21 15:29:46 2007 : Debug: Module: Instantiated detail (pre_proxy_log) Fri Sep 21 15:29:46 2007 : Debug: detail: detailfile = "/var/log/freeradius/radacct/%{Client-IP-Address}/post-proxy-detail-%Y%m%d" Fri Sep 21 15:29:46 2007 : Debug: detail: detailperm = 384 Fri Sep 21 15:29:46 2007 : Debug: detail: dirperm = 493 Fri Sep 21 15:29:46 2007 : Debug: detail: locking = no Fri Sep 21 15:29:46 2007 : Debug: Module: Instantiated detail (post_proxy_log) Fri Sep 21 15:29:46 2007 : Debug: attr_filter: attrsfile = "/etc/freeradius/attrs" Fri Sep 21 15:29:46 2007 : Error: rlm_attr_filter: Authorize method will be deprecated. Fri Sep 21 15:29:46 2007 : Debug: Module: Instantiated attr_filter (attr_filter.post-proxy) Fri Sep 21 15:29:46 2007 : Debug: detail: detailfile = "/var/log/freeradius/radacct/%{Client-IP-Address}/post-proxy-detail-%Y%m%d-filtre" Fri Sep 21 15:29:46 2007 : Debug: detail: detailperm = 384 Fri Sep 21 15:29:46 2007 : Debug: detail: dirperm = 493 Fri Sep 21 15:29:46 2007 : Debug: detail: locking = no Fri Sep 21 15:29:46 2007 : Debug: Module: Instantiated detail (post_proxy_log_filtre) Fri Sep 21 15:29:46 2007 : Debug: Listening on authentication *:1812 Fri Sep 21 15:29:46 2007 : Debug: Listening on accounting *:1813 Fri Sep 21 15:29:46 2007 : Debug: Listening on proxy *:1814 Fri Sep 21 15:29:46 2007 : Info: Ready to process requests. rad_recv: Accounting-Request packet from host 192.168.240.131:1813, id=169, length=195 NAS-IP-Address = 192.168.240.131 NAS-Port = 50019 NAS-Port-Type = Ethernet User-Name = "cric@domtest.fr" Called-Station-Id = "00-08-A3-72-C9-13" Calling-Station-Id = "00-30-13-C5-96-6D" Acct-Status-Type = Stop Acct-Authentic = RADIUS Acct-Session-Id = "192.168.240.131 cric@domtest.fr 09/21/07 13:28:44 00000030" Acct-Terminate-Cause = Port-Error Acct-Input-Octets = 17623 Acct-Output-Octets = 83065 Acct-Session-Time = 66 Acct-Delay-Time = 0 Fri Sep 21 15:29:50 2007 : Debug: Processing the preacct section of radiusd.conf Fri Sep 21 15:29:50 2007 : Debug: modcall: entering group preacct for request 0 Fri Sep 21 15:29:50 2007 : Debug: modsingle[preacct]: calling preprocess (rlm_preprocess) for request 0 Fri Sep 21 15:29:50 2007 : Debug: modsingle[preacct]: returned from preprocess (rlm_preprocess) for request 0 Fri Sep 21 15:29:50 2007 : Debug: modcall[preacct]: module "preprocess" returns noop for request 0 Fri Sep 21 15:29:50 2007 : Debug: modsingle[preacct]: calling acct_unique (rlm_acct_unique) for request 0 Fri Sep 21 15:29:50 2007 : Debug: rlm_acct_unique: Hashing 'NAS-Port = 50019,Client-IP-Address = 192.168.240.131,NAS-IP-Address = 192.168.240.131,Acct-Session-Id = "192.168.240.131 cric@domtest.fr 09/21/07 13:28:44 00000030",User-Name = "cric@domtest.fr"' Fri Sep 21 15:29:50 2007 : Debug: rlm_acct_unique: Acct-Unique-Session-ID = "a437489d1e29a23a". Fri Sep 21 15:29:50 2007 : Debug: modsingle[preacct]: returned from acct_unique (rlm_acct_unique) for request 0 Fri Sep 21 15:29:50 2007 : Debug: modcall[preacct]: module "acct_unique" returns ok for request 0 Fri Sep 21 15:29:50 2007 : Debug: modsingle[preacct]: calling suffix (rlm_realm) for request 0 Fri Sep 21 15:29:50 2007 : Debug: rlm_realm: Looking up realm "domtest.fr" for User-Name = "cric@domtest.fr" Fri Sep 21 15:29:50 2007 : Debug: rlm_realm: Found realm "DEFAULT" Fri Sep 21 15:29:50 2007 : Debug: rlm_realm: Proxying request from user cric to realm DEFAULT Fri Sep 21 15:29:50 2007 : Debug: rlm_realm: Adding Realm = "DEFAULT" Fri Sep 21 15:29:50 2007 : Debug: rlm_realm: Preparing to proxy accounting request to realm "DEFAULT" Fri Sep 21 15:29:50 2007 : Debug: modsingle[preacct]: returned from suffix (rlm_realm) for request 0 Fri Sep 21 15:29:50 2007 : Debug: modcall[preacct]: module "suffix" returns updated for request 0 Fri Sep 21 15:29:50 2007 : Debug: modsingle[preacct]: calling files (rlm_files) for request 0 Fri Sep 21 15:29:50 2007 : Debug: modsingle[preacct]: returned from files (rlm_files) for request 0 Fri Sep 21 15:29:50 2007 : Debug: modcall[preacct]: module "files" returns noop for request 0 Fri Sep 21 15:29:50 2007 : Debug: modcall: leaving group preacct (returns updated) for request 0 Fri Sep 21 15:29:50 2007 : Debug: Processing the accounting section of radiusd.conf Fri Sep 21 15:29:50 2007 : Debug: modcall: entering group accounting for request 0 Fri Sep 21 15:29:50 2007 : Debug: modsingle[accounting]: calling detail (rlm_detail) for request 0 Fri Sep 21 15:29:50 2007 : Debug: radius_xlat: '/var/log/freeradius/radacct/192.168.240.131/detail-20070921' Fri Sep 21 15:29:50 2007 : Debug: rlm_detail: /var/log/freeradius/radacct/%{Client-IP-Address}/detail-%Y%m%d expands to /var/log/freeradius/radacct/192.168.240.131/detail-20070921 Fri Sep 21 15:29:50 2007 : Debug: rlm_detail: Freeradius-Proxied-To set to 147.173.1.16 Fri Sep 21 15:29:50 2007 : Debug: modsingle[accounting]: returned from detail (rlm_detail) for request 0 Fri Sep 21 15:29:50 2007 : Debug: modcall[accounting]: module "detail" returns ok for request 0 Fri Sep 21 15:29:50 2007 : Debug: modsingle[accounting]: calling unix (rlm_unix) for request 0 Fri Sep 21 15:29:50 2007 : Debug: modsingle[accounting]: returned from unix (rlm_unix) for request 0 Fri Sep 21 15:29:50 2007 : Debug: modcall[accounting]: module "unix" returns ok for request 0 Fri Sep 21 15:29:50 2007 : Debug: modsingle[accounting]: calling radutmp (rlm_radutmp) for request 0 Fri Sep 21 15:29:50 2007 : Debug: radius_xlat: '/var/log/freeradius/radutmp' Fri Sep 21 15:29:50 2007 : Debug: radius_xlat: 'cric@domtest.fr' Fri Sep 21 15:29:50 2007 : Debug: modsingle[accounting]: returned from radutmp (rlm_radutmp) for request 0 Fri Sep 21 15:29:50 2007 : Debug: modcall[accounting]: module "radutmp" returns ok for request 0 Fri Sep 21 15:29:50 2007 : Debug: modsingle[accounting]: calling sql (rlm_sql) for request 0 Fri Sep 21 15:29:50 2007 : Debug: radius_xlat: 'cric@domtest.fr' Fri Sep 21 15:29:50 2007 : Debug: rlm_sql (sql): sql_set_user escaped user --> 'cric@domtest.fr' Fri Sep 21 15:29:50 2007 : Debug: radius_xlat: 'UPDATE radacct SET AcctStopTime = '2007-09-21 15:29:50', AcctSessionTime = '66', AcctInputOctets = '17623', AcctOutputOctets = '83065', AcctTerminateCause = 'Port-Error', AcctStopDelay = '0', ConnectInfo_stop = '' WHERE AcctSessionId = '192.168.240.131 cric@domtest.fr 09/21/07 13:28:44 00000030' AND UserName = 'cric@domtest.fr' AND NASIPAddress = '192.168.240.131'' Fri Sep 21 15:29:50 2007 : Debug: radius_xlat: '/var/log/freeradius/sqltrace.sql' Fri Sep 21 15:29:50 2007 : Debug: rlm_sql (sql): Reserving sql socket id: 4 Fri Sep 21 15:29:50 2007 : Debug: rlm_sql_mysql: query: UPDATE radacct SET AcctStopTime = '2007-09-21 15:29:50', AcctSessionTime = '66', AcctInputOctets = '17623', AcctOutputOctets = '83065', AcctTerminateCause = 'Port-Error', AcctStopDelay = '0', ConnectInfo_stop = '' WHERE AcctSessionId = '192.168.240.131 cric@domtest.fr 09/21/07 13:28:44 00000030' AND UserName = 'cric@domtest.fr' AND NASIPAddress = '192.168.240.131' Fri Sep 21 15:29:50 2007 : Debug: rlm_sql (sql): Released sql socket id: 4 Fri Sep 21 15:29:50 2007 : Debug: modsingle[accounting]: returned from sql (rlm_sql) for request 0 Fri Sep 21 15:29:50 2007 : Debug: modcall[accounting]: module "sql" returns ok for request 0 Fri Sep 21 15:29:50 2007 : Debug: modsingle[accounting]: calling attr_filter.accounting_response (rlm_attr_filter) for request 0 Fri Sep 21 15:29:50 2007 : Debug: attr_filter: Matched entry DEFAULT at line 12 Fri Sep 21 15:29:50 2007 : Debug: modsingle[accounting]: returned from attr_filter.accounting_response (rlm_attr_filter) for request 0 Fri Sep 21 15:29:50 2007 : Debug: modcall[accounting]: module "attr_filter.accounting_response" returns updated for request 0 Fri Sep 21 15:29:50 2007 : Debug: modcall: leaving group accounting (returns updated) for request 0 Fri Sep 21 15:29:50 2007 : Debug: Processing the pre-proxy section of radiusd.conf Fri Sep 21 15:29:50 2007 : Debug: modcall: entering group pre-proxy for request 0 Fri Sep 21 15:29:50 2007 : Debug: modsingle[pre-proxy]: calling files (rlm_files) for request 0 Fri Sep 21 15:29:50 2007 : Debug: preproxy_users: Matched entry DEFAULT at line 34 Fri Sep 21 15:29:50 2007 : Debug: modsingle[pre-proxy]: returned from files (rlm_files) for request 0 Fri Sep 21 15:29:50 2007 : Debug: modcall[pre-proxy]: module "files" returns ok for request 0 Fri Sep 21 15:29:50 2007 : Debug: modsingle[pre-proxy]: calling pre_proxy_log (rlm_detail) for request 0 Fri Sep 21 15:29:50 2007 : Debug: radius_xlat: '/var/log/freeradius/radacct//pre-proxy-detail-20070921' Fri Sep 21 15:29:50 2007 : Debug: rlm_detail: /var/log/freeradius/radacct/%{Client-IP-Address}/pre-proxy-detail-%Y%m%d expands to /var/log/freeradius/radacct//pre-proxy-detail-20070921 Fri Sep 21 15:29:50 2007 : Debug: modsingle[pre-proxy]: returned from pre_proxy_log (rlm_detail) for request 0 Fri Sep 21 15:29:50 2007 : Debug: modcall[pre-proxy]: module "pre_proxy_log" returns ok for request 0 Fri Sep 21 15:29:50 2007 : Debug: modcall: leaving group pre-proxy (returns ok) for request 0 Fri Sep 21 15:29:50 2007 : Debug: proxy: creating 1001ad93:1813 Fri Sep 21 15:29:50 2007 : Debug: proxy: allocating 1001ad93:1813 0 Sending Accounting-Request of id 0 to 147.173.1.16 port 1813 Proxy-State = 0x313639 NAS-IP-Address := 147.173.1.27 Fri Sep 21 15:29:50 2007 : Debug: --- Walking the entire request list --- Fri Sep 21 15:29:50 2007 : Debug: Waking up in 6 seconds... rad_recv: Accounting-Response packet from host 147.173.1.16:1813, id=0, length=25 Fri Sep 21 15:29:50 2007 : Debug: proxy: de-allocating 1001ad93:1813 0 Proxy-State = 0x313639 Fri Sep 21 15:29:50 2007 : Debug: Processing the post-proxy section of radiusd.conf Fri Sep 21 15:29:50 2007 : Debug: modcall: entering group post-proxy for request 0 Fri Sep 21 15:29:50 2007 : Debug: modsingle[post-proxy]: calling post_proxy_log (rlm_detail) for request 0 Fri Sep 21 15:29:50 2007 : Debug: radius_xlat: '/var/log/freeradius/radacct//post-proxy-detail-20070921' Fri Sep 21 15:29:50 2007 : Debug: rlm_detail: /var/log/freeradius/radacct/%{Client-IP-Address}/post-proxy-detail-%Y%m%d expands to /var/log/freeradius/radacct//post-proxy-detail-20070921 Fri Sep 21 15:29:50 2007 : Debug: modsingle[post-proxy]: returned from post_proxy_log (rlm_detail) for request 0 Fri Sep 21 15:29:50 2007 : Debug: modcall[post-proxy]: module "post_proxy_log" returns ok for request 0 Fri Sep 21 15:29:50 2007 : Debug: modsingle[post-proxy]: calling attr_filter.post-proxy (rlm_attr_filter) for request 0 Fri Sep 21 15:29:50 2007 : Debug: attr_filter: Matched entry DEFAULT at line 106 Fri Sep 21 15:29:50 2007 : Debug: modsingle[post-proxy]: returned from attr_filter.post-proxy (rlm_attr_filter) for request 0 Fri Sep 21 15:29:50 2007 : Debug: modcall[post-proxy]: module "attr_filter.post-proxy" returns updated for request 0 Fri Sep 21 15:29:50 2007 : Debug: modsingle[post-proxy]: calling post_proxy_log_filtre (rlm_detail) for request 0 Fri Sep 21 15:29:50 2007 : Debug: radius_xlat: '/var/log/freeradius/radacct//post-proxy-detail-20070921-filtre' Fri Sep 21 15:29:50 2007 : Debug: rlm_detail: /var/log/freeradius/radacct/%{Client-IP-Address}/post-proxy-detail-%Y%m%d-filtre expands to /var/log/freeradius/radacct//post-proxy-detail-20070921-filtre Fri Sep 21 15:29:50 2007 : Debug: modsingle[post-proxy]: returned from post_proxy_log_filtre (rlm_detail) for request 0 Fri Sep 21 15:29:50 2007 : Debug: modcall[post-proxy]: module "post_proxy_log_filtre" returns ok for request 0 Fri Sep 21 15:29:50 2007 : Debug: modsingle[post-proxy]: calling eap (rlm_eap) for request 0 Fri Sep 21 15:29:50 2007 : Debug: modsingle[post-proxy]: returned from eap (rlm_eap) for request 0 Fri Sep 21 15:29:50 2007 : Debug: modcall[post-proxy]: module "eap" returns noop for request 0 Fri Sep 21 15:29:50 2007 : Debug: modcall: leaving group post-proxy (returns updated) for request 0 Sending Accounting-Response of id 169 to 192.168.240.131 port 1813 Fri Sep 21 15:29:50 2007 : Debug: Finished request 0 Fri Sep 21 15:29:50 2007 : Debug: Going to the next request Fri Sep 21 15:29:50 2007 : Debug: rl_next: returning NULL Fri Sep 21 15:29:50 2007 : Debug: Waking up in 6 seconds... Fri Sep 21 15:29:56 2007 : Debug: --- Walking the entire request list --- Fri Sep 21 15:29:56 2007 : Debug: Cleaning up request 0 ID 169 with timestamp 46f3c74e Fri Sep 21 15:29:56 2007 : Debug: Nothing to do. Sleeping until we see a request. rad_recv: Access-Request packet from host 192.168.240.131:1812, id=171, length=141 NAS-IP-Address = 192.168.240.131 NAS-Port = 50019 NAS-Port-Type = Ethernet User-Name = "richard.heral" Called-Station-Id = "00-08-A3-72-C9-13" Calling-Station-Id = "00-30-13-C5-96-6D" Service-Type = Framed-User Framed-MTU = 1500 EAP-Message = 0x0200001201726963686172642e686572616c Message-Authenticator = 0xe23a90ad50a10463b06a4ff802d52a68 Fri Sep 21 15:30:01 2007 : Debug: Processing the authorize section of radiusd.conf Fri Sep 21 15:30:01 2007 : Debug: modcall: entering group authorize for request 1 Fri Sep 21 15:30:01 2007 : Debug: modsingle[authorize]: calling preprocess (rlm_preprocess) for request 1 Fri Sep 21 15:30:01 2007 : Debug: modsingle[authorize]: returned from preprocess (rlm_preprocess) for request 1 Fri Sep 21 15:30:01 2007 : Debug: modcall[authorize]: module "preprocess" returns ok for request 1 Fri Sep 21 15:30:01 2007 : Debug: modsingle[authorize]: calling suffix (rlm_realm) for request 1 Fri Sep 21 15:30:01 2007 : Debug: rlm_realm: No '@' in User-Name = "richard.heral", looking up realm NULL Fri Sep 21 15:30:01 2007 : Debug: rlm_realm: Found realm "NULL" Fri Sep 21 15:30:01 2007 : Debug: rlm_realm: Adding Stripped-User-Name = "richard.heral" Fri Sep 21 15:30:01 2007 : Debug: rlm_realm: Proxying request from user richard.heral to realm NULL Fri Sep 21 15:30:01 2007 : Debug: rlm_realm: Adding Realm = "NULL" Fri Sep 21 15:30:01 2007 : Debug: rlm_realm: Authentication realm is LOCAL. Fri Sep 21 15:30:01 2007 : Debug: modsingle[authorize]: returned from suffix (rlm_realm) for request 1 Fri Sep 21 15:30:01 2007 : Debug: modcall[authorize]: module "suffix" returns noop for request 1 Fri Sep 21 15:30:01 2007 : Debug: modsingle[authorize]: calling eap (rlm_eap) for request 1 Fri Sep 21 15:30:01 2007 : Debug: rlm_eap: EAP packet type response id 0 length 18 Fri Sep 21 15:30:01 2007 : Debug: rlm_eap: No EAP Start, assuming it's an on-going EAP conversation Fri Sep 21 15:30:01 2007 : Debug: modsingle[authorize]: returned from eap (rlm_eap) for request 1 Fri Sep 21 15:30:01 2007 : Debug: modcall[authorize]: module "eap" returns updated for request 1 Fri Sep 21 15:30:01 2007 : Debug: modsingle[authorize]: calling files (rlm_files) for request 1 Fri Sep 21 15:30:01 2007 : Debug: rlm_ldap: Entering ldap_groupcmp() Fri Sep 21 15:30:01 2007 : Debug: radius_xlat: 'ou=users,dc=grenoble,dc=cnrs,dc=fr' Fri Sep 21 15:30:01 2007 : Debug: radius_xlat: '(|(|(uid=richard.heral)(mail=richard.heral))(mail=richard.heral@grenoble.cnrs.fr))' Fri Sep 21 15:30:01 2007 : Debug: rlm_ldap: ldap_get_conn: Checking Id: 0 Fri Sep 21 15:30:01 2007 : Debug: rlm_ldap: ldap_get_conn: Got Id: 0 Fri Sep 21 15:30:01 2007 : Debug: rlm_ldap: attempting LDAP reconnection Fri Sep 21 15:30:01 2007 : Debug: rlm_ldap: (re)connect to ldaps://ldap.grenoble.cnrs.fr, authentication 0 Fri Sep 21 15:30:01 2007 : Debug: rlm_ldap: bind as cn=rad,dc=grenoble,dc=cnrs,dc=fr/XXXXXXX to ldaps://ldap.grenoble.cnrs.fr Fri Sep 21 15:30:01 2007 : Debug: rlm_ldap: waiting for bind result ... Fri Sep 21 15:30:01 2007 : Debug: rlm_ldap: Bind was successful Fri Sep 21 15:30:01 2007 : Debug: rlm_ldap: performing search in ou=users,dc=grenoble,dc=cnrs,dc=fr, with filter (|(|(uid=richard.heral)(mail=richard.heral))(mail=richard.heral@grenoble.cnrs.fr)) Fri Sep 21 15:30:01 2007 : Debug: rlm_ldap: ldap_release_conn: Release Id: 0 Fri Sep 21 15:30:01 2007 : Debug: radius_xlat: '(|(|(uid=richard.heral)(mail=richard.heral))(mail=richard.heral@grenoble.cnrs.fr))' Fri Sep 21 15:30:01 2007 : Debug: rlm_ldap: ldap_get_conn: Checking Id: 0 Fri Sep 21 15:30:01 2007 : Debug: rlm_ldap: ldap_get_conn: Got Id: 0 Fri Sep 21 15:30:01 2007 : Debug: rlm_ldap: performing search in ou=users,dc=grenoble,dc=cnrs,dc=fr, with filter (&(radiusGroupName=interneTEST)(|(|(uid=richard.heral)(mail=richard.heral))(mail=richard.heral@grenoble.cnrs.fr))) Fri Sep 21 15:30:01 2007 : Debug: rlm_ldap::ldap_groupcmp: User found in group interneTEST Fri Sep 21 15:30:01 2007 : Debug: rlm_ldap: ldap_release_conn: Release Id: 0 Fri Sep 21 15:30:01 2007 : Debug: users: Matched entry DEFAULT at line 317 Fri Sep 21 15:30:01 2007 : Debug: modsingle[authorize]: returned from files (rlm_files) for request 1 Fri Sep 21 15:30:01 2007 : Debug: modcall[authorize]: module "files" returns ok for request 1 Fri Sep 21 15:30:01 2007 : Debug: modsingle[authorize]: calling pap (rlm_pap) for request 1 Fri Sep 21 15:30:01 2007 : Debug: rlm_pap: WARNING! No "known good" password found for the user. Authentication may fail because of this. Fri Sep 21 15:30:01 2007 : Debug: modsingle[authorize]: returned from pap (rlm_pap) for request 1 Fri Sep 21 15:30:01 2007 : Debug: modcall[authorize]: module "pap" returns noop for request 1 Fri Sep 21 15:30:01 2007 : Debug: modcall: leaving group authorize (returns updated) for request 1 Fri Sep 21 15:30:01 2007 : Debug: Found Autz-Type ldap Fri Sep 21 15:30:01 2007 : Debug: Processing the authorize section of radiusd.conf Fri Sep 21 15:30:01 2007 : Debug: modcall: entering group LDAP for request 1 Fri Sep 21 15:30:01 2007 : Debug: modsingle[authorize]: calling ldap (rlm_ldap) for request 1 Fri Sep 21 15:30:01 2007 : Debug: rlm_ldap: - authorize Fri Sep 21 15:30:01 2007 : Debug: rlm_ldap: performing user authorization for richard.heral Fri Sep 21 15:30:01 2007 : Debug: radius_xlat: '(|(|(uid=richard.heral)(mail=richard.heral))(mail=richard.heral@grenoble.cnrs.fr))' Fri Sep 21 15:30:01 2007 : Debug: radius_xlat: 'ou=users,dc=grenoble,dc=cnrs,dc=fr' Fri Sep 21 15:30:01 2007 : Debug: rlm_ldap: ldap_get_conn: Checking Id: 0 Fri Sep 21 15:30:01 2007 : Debug: rlm_ldap: ldap_get_conn: Got Id: 0 Fri Sep 21 15:30:01 2007 : Debug: rlm_ldap: performing search in ou=users,dc=grenoble,dc=cnrs,dc=fr, with filter (|(|(uid=richard.heral)(mail=richard.heral))(mail=richard.heral@grenoble.cnrs.fr)) Fri Sep 21 15:30:01 2007 : Debug: rlm_ldap: No default NMAS login sequence Fri Sep 21 15:30:01 2007 : Debug: rlm_ldap: looking for check items in directory... Fri Sep 21 15:30:01 2007 : Debug: rlm_ldap: looking for reply items in directory... Fri Sep 21 15:30:01 2007 : Debug: rlm_ldap: user richard.heral authorized to use remote access Fri Sep 21 15:30:01 2007 : Debug: rlm_ldap: ldap_release_conn: Release Id: 0 Fri Sep 21 15:30:01 2007 : Debug: modsingle[authorize]: returned from ldap (rlm_ldap) for request 1 Fri Sep 21 15:30:01 2007 : Debug: modcall[authorize]: module "ldap" returns ok for request 1 Fri Sep 21 15:30:01 2007 : Debug: modcall: leaving group LDAP (returns ok) for request 1 Fri Sep 21 15:30:01 2007 : Debug: rad_check_password: Found Auth-Type EAP Fri Sep 21 15:30:01 2007 : Debug: auth: type "EAP" Fri Sep 21 15:30:01 2007 : Debug: Processing the authenticate section of radiusd.conf Fri Sep 21 15:30:01 2007 : Debug: modcall: entering group authenticate for request 1 Fri Sep 21 15:30:01 2007 : Debug: modsingle[authenticate]: calling eap (rlm_eap) for request 1 Fri Sep 21 15:30:01 2007 : Debug: rlm_eap: EAP Identity Fri Sep 21 15:30:01 2007 : Debug: rlm_eap: processing type tls Fri Sep 21 15:30:01 2007 : Debug: rlm_eap_tls: Initiate Fri Sep 21 15:30:01 2007 : Debug: rlm_eap_tls: Start returned 1 Fri Sep 21 15:30:01 2007 : Debug: modsingle[authenticate]: returned from eap (rlm_eap) for request 1 Fri Sep 21 15:30:01 2007 : Debug: modcall[authenticate]: module "eap" returns handled for request 1 Fri Sep 21 15:30:01 2007 : Debug: modcall: leaving group authenticate (returns handled) for request 1 Sending Access-Challenge of id 171 to 192.168.240.131 port 1812 Tunnel-Type:0 = VLAN Tunnel-Medium-Type:0 = IEEE-802 Tunnel-Private-Group-Id:0 = "240" EAP-Message = 0x010100061520 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x672cc1f632b493e6995f655b59c65501 Fri Sep 21 15:30:01 2007 : Debug: Finished request 1 Fri Sep 21 15:30:01 2007 : Debug: Going to the next request Fri Sep 21 15:30:01 2007 : Debug: --- Walking the entire request list --- Fri Sep 21 15:30:01 2007 : Debug: Waking up in 6 seconds... rad_recv: Access-Request packet from host 192.168.240.131:1812, id=172, length=201 NAS-IP-Address = 192.168.240.131 NAS-Port = 50019 NAS-Port-Type = Ethernet User-Name = "richard.heral" Called-Station-Id = "00-08-A3-72-C9-13" Calling-Station-Id = "00-30-13-C5-96-6D" Service-Type = Framed-User Framed-MTU = 1500 State = 0x672cc1f632b493e6995f655b59c65501 EAP-Message = 0x0201003c158000000032160301002d0100002903015a1beb409fe07e70bd26facd3bb08d8b6fbc3456a168775a9df4fb517d5780a4000002000a0100 Message-Authenticator = 0x4316de8f5c00e266cce2dd5410a44056 Fri Sep 21 15:30:01 2007 : Debug: Processing the authorize section of radiusd.conf Fri Sep 21 15:30:01 2007 : Debug: modcall: entering group authorize for request 2 Fri Sep 21 15:30:01 2007 : Debug: modsingle[authorize]: calling preprocess (rlm_preprocess) for request 2 Fri Sep 21 15:30:01 2007 : Debug: modsingle[authorize]: returned from preprocess (rlm_preprocess) for request 2 Fri Sep 21 15:30:01 2007 : Debug: modcall[authorize]: module "preprocess" returns ok for request 2 Fri Sep 21 15:30:01 2007 : Debug: modsingle[authorize]: calling suffix (rlm_realm) for request 2 Fri Sep 21 15:30:01 2007 : Debug: rlm_realm: No '@' in User-Name = "richard.heral", looking up realm NULL Fri Sep 21 15:30:01 2007 : Debug: rlm_realm: Found realm "NULL" Fri Sep 21 15:30:01 2007 : Debug: rlm_realm: Adding Stripped-User-Name = "richard.heral" Fri Sep 21 15:30:01 2007 : Debug: rlm_realm: Proxying request from user richard.heral to realm NULL Fri Sep 21 15:30:01 2007 : Debug: rlm_realm: Adding Realm = "NULL" Fri Sep 21 15:30:01 2007 : Debug: rlm_realm: Authentication realm is LOCAL. Fri Sep 21 15:30:01 2007 : Debug: modsingle[authorize]: returned from suffix (rlm_realm) for request 2 Fri Sep 21 15:30:01 2007 : Debug: modcall[authorize]: module "suffix" returns noop for request 2 Fri Sep 21 15:30:01 2007 : Debug: modsingle[authorize]: calling eap (rlm_eap) for request 2 Fri Sep 21 15:30:01 2007 : Debug: rlm_eap: EAP packet type response id 1 length 60 Fri Sep 21 15:30:01 2007 : Debug: rlm_eap: No EAP Start, assuming it's an on-going EAP conversation Fri Sep 21 15:30:01 2007 : Debug: modsingle[authorize]: returned from eap (rlm_eap) for request 2 Fri Sep 21 15:30:01 2007 : Debug: modcall[authorize]: module "eap" returns updated for request 2 Fri Sep 21 15:30:01 2007 : Debug: modsingle[authorize]: calling files (rlm_files) for request 2 Fri Sep 21 15:30:01 2007 : Debug: rlm_ldap: Entering ldap_groupcmp() Fri Sep 21 15:30:01 2007 : Debug: radius_xlat: 'ou=users,dc=grenoble,dc=cnrs,dc=fr' Fri Sep 21 15:30:01 2007 : Debug: radius_xlat: '(|(|(uid=richard.heral)(mail=richard.heral))(mail=richard.heral@grenoble.cnrs.fr))' Fri Sep 21 15:30:01 2007 : Debug: rlm_ldap: ldap_get_conn: Checking Id: 0 Fri Sep 21 15:30:01 2007 : Debug: rlm_ldap: ldap_get_conn: Got Id: 0 Fri Sep 21 15:30:01 2007 : Debug: rlm_ldap: performing search in ou=users,dc=grenoble,dc=cnrs,dc=fr, with filter (|(|(uid=richard.heral)(mail=richard.heral))(mail=richard.heral@grenoble.cnrs.fr)) Fri Sep 21 15:30:01 2007 : Debug: rlm_ldap: ldap_release_conn: Release Id: 0 Fri Sep 21 15:30:01 2007 : Debug: radius_xlat: '(|(|(uid=richard.heral)(mail=richard.heral))(mail=richard.heral@grenoble.cnrs.fr))' Fri Sep 21 15:30:01 2007 : Debug: rlm_ldap: ldap_get_conn: Checking Id: 0 Fri Sep 21 15:30:01 2007 : Debug: rlm_ldap: ldap_get_conn: Got Id: 0 Fri Sep 21 15:30:01 2007 : Debug: rlm_ldap: performing search in ou=users,dc=grenoble,dc=cnrs,dc=fr, with filter (&(radiusGroupName=interneTEST)(|(|(uid=richard.heral)(mail=richard.heral))(mail=richard.heral@grenoble.cnrs.fr))) Fri Sep 21 15:30:01 2007 : Debug: rlm_ldap::ldap_groupcmp: User found in group interneTEST Fri Sep 21 15:30:01 2007 : Debug: rlm_ldap: ldap_release_conn: Release Id: 0 Fri Sep 21 15:30:01 2007 : Debug: users: Matched entry DEFAULT at line 317 Fri Sep 21 15:30:01 2007 : Debug: modsingle[authorize]: returned from files (rlm_files) for request 2 Fri Sep 21 15:30:01 2007 : Debug: modcall[authorize]: module "files" returns ok for request 2 Fri Sep 21 15:30:01 2007 : Debug: modsingle[authorize]: calling pap (rlm_pap) for request 2 Fri Sep 21 15:30:01 2007 : Debug: rlm_pap: WARNING! No "known good" password found for the user. Authentication may fail because of this. Fri Sep 21 15:30:01 2007 : Debug: modsingle[authorize]: returned from pap (rlm_pap) for request 2 Fri Sep 21 15:30:01 2007 : Debug: modcall[authorize]: module "pap" returns noop for request 2 Fri Sep 21 15:30:01 2007 : Debug: modcall: leaving group authorize (returns updated) for request 2 Fri Sep 21 15:30:01 2007 : Debug: Found Autz-Type ldap Fri Sep 21 15:30:01 2007 : Debug: Processing the authorize section of radiusd.conf Fri Sep 21 15:30:01 2007 : Debug: modcall: entering group LDAP for request 2 Fri Sep 21 15:30:01 2007 : Debug: modsingle[authorize]: calling ldap (rlm_ldap) for request 2 Fri Sep 21 15:30:01 2007 : Debug: rlm_ldap: - authorize Fri Sep 21 15:30:01 2007 : Debug: rlm_ldap: performing user authorization for richard.heral Fri Sep 21 15:30:01 2007 : Debug: radius_xlat: '(|(|(uid=richard.heral)(mail=richard.heral))(mail=richard.heral@grenoble.cnrs.fr))' Fri Sep 21 15:30:01 2007 : Debug: radius_xlat: 'ou=users,dc=grenoble,dc=cnrs,dc=fr' Fri Sep 21 15:30:01 2007 : Debug: rlm_ldap: ldap_get_conn: Checking Id: 0 Fri Sep 21 15:30:01 2007 : Debug: rlm_ldap: ldap_get_conn: Got Id: 0 Fri Sep 21 15:30:01 2007 : Debug: rlm_ldap: performing search in ou=users,dc=grenoble,dc=cnrs,dc=fr, with filter (|(|(uid=richard.heral)(mail=richard.heral))(mail=richard.heral@grenoble.cnrs.fr)) Fri Sep 21 15:30:01 2007 : Debug: rlm_ldap: No default NMAS login sequence Fri Sep 21 15:30:01 2007 : Debug: rlm_ldap: looking for check items in directory... Fri Sep 21 15:30:01 2007 : Debug: rlm_ldap: looking for reply items in directory... Fri Sep 21 15:30:01 2007 : Debug: rlm_ldap: user richard.heral authorized to use remote access Fri Sep 21 15:30:01 2007 : Debug: rlm_ldap: ldap_release_conn: Release Id: 0 Fri Sep 21 15:30:01 2007 : Debug: modsingle[authorize]: returned from ldap (rlm_ldap) for request 2 Fri Sep 21 15:30:01 2007 : Debug: modcall[authorize]: module "ldap" returns ok for request 2 Fri Sep 21 15:30:01 2007 : Debug: modcall: leaving group LDAP (returns ok) for request 2 Fri Sep 21 15:30:01 2007 : Debug: rad_check_password: Found Auth-Type EAP Fri Sep 21 15:30:01 2007 : Debug: auth: type "EAP" Fri Sep 21 15:30:01 2007 : Debug: Processing the authenticate section of radiusd.conf Fri Sep 21 15:30:01 2007 : Debug: modcall: entering group authenticate for request 2 Fri Sep 21 15:30:01 2007 : Debug: modsingle[authenticate]: calling eap (rlm_eap) for request 2 Fri Sep 21 15:30:01 2007 : Debug: rlm_eap: Request found, released from the list Fri Sep 21 15:30:01 2007 : Debug: rlm_eap: EAP/ttls Fri Sep 21 15:30:01 2007 : Debug: rlm_eap: processing type ttls Fri Sep 21 15:30:01 2007 : Debug: rlm_eap_ttls: Authenticate Fri Sep 21 15:30:01 2007 : Debug: rlm_eap_tls: processing TLS Fri Sep 21 15:30:01 2007 : Debug: rlm_eap_tls: Length Included Fri Sep 21 15:30:01 2007 : Debug: eaptls_verify returned 11 Fri Sep 21 15:30:01 2007 : Debug: (other): before/accept initialization Fri Sep 21 15:30:01 2007 : Debug: TLS_accept: before/accept initialization Fri Sep 21 15:30:01 2007 : Debug: rlm_eap_tls: <<< TLS 1.0 Handshake [length 002d], ClientHello Fri Sep 21 15:30:01 2007 : Debug: TLS_accept: SSLv3 read client hello A Fri Sep 21 15:30:01 2007 : Debug: rlm_eap_tls: >>> TLS 1.0 Handshake [length 004a], ServerHello Fri Sep 21 15:30:01 2007 : Debug: TLS_accept: SSLv3 write server hello A Fri Sep 21 15:30:01 2007 : Debug: rlm_eap_tls: >>> TLS 1.0 Handshake [length 0af4], Certificate Fri Sep 21 15:30:01 2007 : Debug: TLS_accept: SSLv3 write certificate A Fri Sep 21 15:30:01 2007 : Debug: rlm_eap_tls: >>> TLS 1.0 Handshake [length 0004], ServerHelloDone Fri Sep 21 15:30:01 2007 : Debug: TLS_accept: SSLv3 write server done A Fri Sep 21 15:30:01 2007 : Debug: TLS_accept: SSLv3 flush data Fri Sep 21 15:30:01 2007 : Debug: TLS_accept: Need to read more data: SSLv3 read client certificate A Fri Sep 21 15:30:01 2007 : Debug: In SSL Handshake Phase Fri Sep 21 15:30:01 2007 : Debug: In SSL Accept mode Fri Sep 21 15:30:01 2007 : Debug: eaptls_process returned 13 Fri Sep 21 15:30:01 2007 : Debug: modsingle[authenticate]: returned from eap (rlm_eap) for request 2 Fri Sep 21 15:30:01 2007 : Debug: modcall[authenticate]: module "eap" returns handled for request 2 Fri Sep 21 15:30:01 2007 : Debug: modcall: leaving group authenticate (returns handled) for request 2 Sending Access-Challenge of id 172 to 192.168.240.131 port 1812 Tunnel-Type:0 = VLAN Tunnel-Medium-Type:0 = IEEE-802 Tunnel-Private-Group-Id:0 = "240" EAP-Message = 0x0102040a15c000000b51160301004a02000046030146f3c759a5b23732ba19bb7c56b542912201be8c12f2808ff23029e8cf88b25c20cf1b04771038318c0e4dbd94dc18df483cf74269e84d0bd28b6d1b7b8c16196d000a001603010af40b000af0000aed00040b30820407308202efa00302010202022aa9300d06092a864886f70d01010505003034310b3009060355040613024652310d300b060355040a1304434e5253311630140603550403130d434e52532d5374616e64617264301e170d3035313133303130323130305a170d3037313133303130323130305a3074310b3009060355040613024652310d300b060355040a1304434e525331 EAP-Message = 0x0e300c060355040b130555505231313120301e060355040313177261646975732e6772656e6f626c652e636e72732e66723124302206092a864886f70d010901161563726963406772656e6f626c652e636e72732e667230819f300d06092a864886f70d010101050003818d0030818902818100df35c7c5f7a9736b6ef45af154865888cb1feb2db74bee23a5d120e00d78f8776297efd28914c82b5e6253cf51b3b30b400dcadf9f96cf661554915043065443c6e22931cfb82ac8fd6af4a31083a57df1b5ac8a604d05e6bc3a02dd1f2b2570cc757346d93c1e8ddcb9f3f24042bcea5f731598f278f8715d1ea042580c3a930203010001a3820165 EAP-Message = 0x30820161300c0603551d130101ff04023000301106096086480186f84201010404030206c0300e0603551d0f0101ff0404030205e0301d0603551d250416301406082b0601050507030106082b06010505070302302f06096086480186f842010d0422162043657274696669636174207365727665757220434e52532d5374616e64617264301d0603551d0e04160414b201d9549927db5f2e5410d6b2b65ead9d77670c30530603551d23044c304a80146759a5e507744903ef05cfcc2ea418d510c89e3ca12fa42d302b310b3009060355040613024652310d300b060355040a1304434e5253310d300b06035504031304434e525382010230220603 EAP-Message = 0x551d11041b301982177261646975732e6772656e6f626c652e636e72732e667230460603551d1f043f303d303ba039a0378635687474703a2f2f63726c732e73657276696365732e636e72732e66722f434e52532d5374616e646172642f6765746465722e63726c300d06092a864886f70d010105050003820101000e12aad10f16c2e9e9dbc19673908f0168a4223139663ab18dadeecdd7106cdedd0f232c94b8e29cfe170ed0c2635518ac66b75bfff4e4cafb094c50eaef77d7990c9a75eda36f4cfb378188fe77368baab090f41d03742ca7c33eae07d8cd96d7268429385a1be32ee728175463a20e171d756011031039315a4b6a0c8923e9aa EAP-Message = 0x4f960ff197f0e929a194b0af6b8d41ce78620d7ef1d0 Message-Authenticator = 0x00000000000000000000000000000000 State = 0xb87efa5e172c2174afd9a4c0d328c285 Fri Sep 21 15:30:01 2007 : Debug: Finished request 2 Fri Sep 21 15:30:01 2007 : Debug: Going to the next request Fri Sep 21 15:30:01 2007 : Debug: Waking up in 6 seconds... rad_recv: Access-Request packet from host 192.168.240.131:1812, id=173, length=147 NAS-IP-Address = 192.168.240.131 NAS-Port = 50019 NAS-Port-Type = Ethernet User-Name = "richard.heral" Called-Station-Id = "00-08-A3-72-C9-13" Calling-Station-Id = "00-30-13-C5-96-6D" Service-Type = Framed-User Framed-MTU = 1500 State = 0xb87efa5e172c2174afd9a4c0d328c285 EAP-Message = 0x020200061500 Message-Authenticator = 0x4e7f8ed31f8897f3fd019d8596a7188c Fri Sep 21 15:30:01 2007 : Debug: Processing the authorize section of radiusd.conf Fri Sep 21 15:30:01 2007 : Debug: modcall: entering group authorize for request 3 Fri Sep 21 15:30:01 2007 : Debug: modsingle[authorize]: calling preprocess (rlm_preprocess) for request 3 Fri Sep 21 15:30:01 2007 : Debug: modsingle[authorize]: returned from preprocess (rlm_preprocess) for request 3 Fri Sep 21 15:30:01 2007 : Debug: modcall[authorize]: module "preprocess" returns ok for request 3 Fri Sep 21 15:30:01 2007 : Debug: modsingle[authorize]: calling suffix (rlm_realm) for request 3 Fri Sep 21 15:30:01 2007 : Debug: rlm_realm: No '@' in User-Name = "richard.heral", looking up realm NULL Fri Sep 21 15:30:01 2007 : Debug: rlm_realm: Found realm "NULL" Fri Sep 21 15:30:01 2007 : Debug: rlm_realm: Adding Stripped-User-Name = "richard.heral" Fri Sep 21 15:30:01 2007 : Debug: rlm_realm: Proxying request from user richard.heral to realm NULL Fri Sep 21 15:30:01 2007 : Debug: rlm_realm: Adding Realm = "NULL" Fri Sep 21 15:30:01 2007 : Debug: rlm_realm: Authentication realm is LOCAL. Fri Sep 21 15:30:01 2007 : Debug: modsingle[authorize]: returned from suffix (rlm_realm) for request 3 Fri Sep 21 15:30:01 2007 : Debug: modcall[authorize]: module "suffix" returns noop for request 3 Fri Sep 21 15:30:01 2007 : Debug: modsingle[authorize]: calling eap (rlm_eap) for request 3 Fri Sep 21 15:30:01 2007 : Debug: rlm_eap: EAP packet type response id 2 length 6 Fri Sep 21 15:30:01 2007 : Debug: rlm_eap: No EAP Start, assuming it's an on-going EAP conversation Fri Sep 21 15:30:01 2007 : Debug: modsingle[authorize]: returned from eap (rlm_eap) for request 3 Fri Sep 21 15:30:01 2007 : Debug: modcall[authorize]: module "eap" returns updated for request 3 Fri Sep 21 15:30:01 2007 : Debug: modsingle[authorize]: calling files (rlm_files) for request 3 Fri Sep 21 15:30:01 2007 : Debug: rlm_ldap: Entering ldap_groupcmp() Fri Sep 21 15:30:01 2007 : Debug: radius_xlat: 'ou=users,dc=grenoble,dc=cnrs,dc=fr' Fri Sep 21 15:30:01 2007 : Debug: radius_xlat: '(|(|(uid=richard.heral)(mail=richard.heral))(mail=richard.heral@grenoble.cnrs.fr))' Fri Sep 21 15:30:01 2007 : Debug: rlm_ldap: ldap_get_conn: Checking Id: 0 Fri Sep 21 15:30:01 2007 : Debug: rlm_ldap: ldap_get_conn: Got Id: 0 Fri Sep 21 15:30:01 2007 : Debug: rlm_ldap: performing search in ou=users,dc=grenoble,dc=cnrs,dc=fr, with filter (|(|(uid=richard.heral)(mail=richard.heral))(mail=richard.heral@grenoble.cnrs.fr)) Fri Sep 21 15:30:01 2007 : Debug: rlm_ldap: ldap_release_conn: Release Id: 0 Fri Sep 21 15:30:01 2007 : Debug: radius_xlat: '(|(|(uid=richard.heral)(mail=richard.heral))(mail=richard.heral@grenoble.cnrs.fr))' Fri Sep 21 15:30:01 2007 : Debug: rlm_ldap: ldap_get_conn: Checking Id: 0 Fri Sep 21 15:30:01 2007 : Debug: rlm_ldap: ldap_get_conn: Got Id: 0 Fri Sep 21 15:30:01 2007 : Debug: rlm_ldap: performing search in ou=users,dc=grenoble,dc=cnrs,dc=fr, with filter (&(radiusGroupName=interneTEST)(|(|(uid=richard.heral)(mail=richard.heral))(mail=richard.heral@grenoble.cnrs.fr))) Fri Sep 21 15:30:01 2007 : Debug: rlm_ldap::ldap_groupcmp: User found in group interneTEST Fri Sep 21 15:30:01 2007 : Debug: rlm_ldap: ldap_release_conn: Release Id: 0 Fri Sep 21 15:30:01 2007 : Debug: users: Matched entry DEFAULT at line 317 Fri Sep 21 15:30:01 2007 : Debug: modsingle[authorize]: returned from files (rlm_files) for request 3 Fri Sep 21 15:30:01 2007 : Debug: modcall[authorize]: module "files" returns ok for request 3 Fri Sep 21 15:30:01 2007 : Debug: modsingle[authorize]: calling pap (rlm_pap) for request 3 Fri Sep 21 15:30:01 2007 : Debug: rlm_pap: WARNING! No "known good" password found for the user. Authentication may fail because of this. Fri Sep 21 15:30:01 2007 : Debug: modsingle[authorize]: returned from pap (rlm_pap) for request 3 Fri Sep 21 15:30:01 2007 : Debug: modcall[authorize]: module "pap" returns noop for request 3 Fri Sep 21 15:30:01 2007 : Debug: modcall: leaving group authorize (returns updated) for request 3 Fri Sep 21 15:30:01 2007 : Debug: Found Autz-Type ldap Fri Sep 21 15:30:01 2007 : Debug: Processing the authorize section of radiusd.conf Fri Sep 21 15:30:01 2007 : Debug: modcall: entering group LDAP for request 3 Fri Sep 21 15:30:01 2007 : Debug: modsingle[authorize]: calling ldap (rlm_ldap) for request 3 Fri Sep 21 15:30:01 2007 : Debug: rlm_ldap: - authorize Fri Sep 21 15:30:01 2007 : Debug: rlm_ldap: performing user authorization for richard.heral Fri Sep 21 15:30:01 2007 : Debug: radius_xlat: '(|(|(uid=richard.heral)(mail=richard.heral))(mail=richard.heral@grenoble.cnrs.fr))' Fri Sep 21 15:30:01 2007 : Debug: radius_xlat: 'ou=users,dc=grenoble,dc=cnrs,dc=fr' Fri Sep 21 15:30:01 2007 : Debug: rlm_ldap: ldap_get_conn: Checking Id: 0 Fri Sep 21 15:30:01 2007 : Debug: rlm_ldap: ldap_get_conn: Got Id: 0 Fri Sep 21 15:30:01 2007 : Debug: rlm_ldap: performing search in ou=users,dc=grenoble,dc=cnrs,dc=fr, with filter (|(|(uid=richard.heral)(mail=richard.heral))(mail=richard.heral@grenoble.cnrs.fr)) Fri Sep 21 15:30:01 2007 : Debug: rlm_ldap: No default NMAS login sequence Fri Sep 21 15:30:01 2007 : Debug: rlm_ldap: looking for check items in directory... Fri Sep 21 15:30:01 2007 : Debug: rlm_ldap: looking for reply items in directory... Fri Sep 21 15:30:01 2007 : Debug: rlm_ldap: user richard.heral authorized to use remote access Fri Sep 21 15:30:01 2007 : Debug: rlm_ldap: ldap_release_conn: Release Id: 0 Fri Sep 21 15:30:01 2007 : Debug: modsingle[authorize]: returned from ldap (rlm_ldap) for request 3 Fri Sep 21 15:30:01 2007 : Debug: modcall[authorize]: module "ldap" returns ok for request 3 Fri Sep 21 15:30:01 2007 : Debug: modcall: leaving group LDAP (returns ok) for request 3 Fri Sep 21 15:30:01 2007 : Debug: rad_check_password: Found Auth-Type EAP Fri Sep 21 15:30:01 2007 : Debug: auth: type "EAP" Fri Sep 21 15:30:01 2007 : Debug: Processing the authenticate section of radiusd.conf Fri Sep 21 15:30:01 2007 : Debug: modcall: entering group authenticate for request 3 Fri Sep 21 15:30:01 2007 : Debug: modsingle[authenticate]: calling eap (rlm_eap) for request 3 Fri Sep 21 15:30:01 2007 : Debug: rlm_eap: Request found, released from the list Fri Sep 21 15:30:01 2007 : Debug: rlm_eap: EAP/ttls Fri Sep 21 15:30:01 2007 : Debug: rlm_eap: processing type ttls Fri Sep 21 15:30:01 2007 : Debug: rlm_eap_ttls: Authenticate Fri Sep 21 15:30:01 2007 : Debug: rlm_eap_tls: processing TLS Fri Sep 21 15:30:01 2007 : Debug: rlm_eap_tls: Received EAP-TLS ACK message Fri Sep 21 15:30:01 2007 : Debug: rlm_eap_tls: ack handshake fragment handler Fri Sep 21 15:30:01 2007 : Debug: eaptls_verify returned 1 Fri Sep 21 15:30:01 2007 : Debug: eaptls_process returned 13 Fri Sep 21 15:30:01 2007 : Debug: modsingle[authenticate]: returned from eap (rlm_eap) for request 3 Fri Sep 21 15:30:01 2007 : Debug: modcall[authenticate]: module "eap" returns handled for request 3 Fri Sep 21 15:30:01 2007 : Debug: modcall: leaving group authenticate (returns handled) for request 3 Sending Access-Challenge of id 173 to 192.168.240.131 port 1812 Tunnel-Type:0 = VLAN Tunnel-Medium-Type:0 = IEEE-802 Tunnel-Private-Group-Id:0 = "240" EAP-Message = 0x0103040a15c000000b51aef2010152718af34680242d09db9cfb824a49fb9fa25efb658d57bbf5f56d38a151404c9c6d6e5c14f1d82b180210568b32f2c8543ef9c3ae4ea1d535f7a1fc050ee430fa5d23db9663fa14e907f1f7fd32049d94f09fc1b959718cd615361b16db16dc7122bb17d80003713082036d30820255a003020102020102300d06092a864886f70d0101040500302b310b3009060355040613024652310d300b060355040a1304434e5253310d300b06035504031304434e5253301e170d3031303432373035343634395a170d3131303432353035343634395a3034310b3009060355040613024652310d300b060355040a130443 EAP-Message = 0x4e5253311630140603550403130d434e52532d5374616e6461726430820122300d06092a864886f70d01010105000382010f003082010a0282010100dce11e213d068beabd5eb488db0f9397b46d073d8662002dcaffb54a8ee756a48f612cf1a02aabf62add7c2cbfef75550bac094ee74e61c0e70cf09015451202c28cebc31264e26310182ecb0731d981e5dc29829b3156e2811e8a6fa7e8a958114456835db34e78702ddfb6fd728145d5f1ee4dceefbed53d0c9020459a0980af0f4cda200e80bf3ab3eb2780c0b90fc0a14e40dc3afd6a2abf40d52c7180f9f8ba6be4ea2a00ab2fbe9af0a7766d98299c0f2ff042f218975bc9f6cc195fbac2 EAP-Message = 0xbe12d25cb09094c0b7cb0604ef8f30ed322d7a4af793bba009a4b4ee33cbd0839bb5b5b390de8e901e599c20d54b1eedd74c4f86fa1c3a2aa1e9ac05a09dbf0203010001a3819230818f300c0603551d13040530030101ff301d0603551d0e041604146759a5e507744903ef05cfcc2ea418d510c89e3c30530603551d23044c304a801456eb68b9d25c7e98b5a553c3916f6358c4f96bb7a12fa42d302b310b3009060355040613024652310d300b060355040a1304434e5253310d300b06035504031304434e5253820100300b0603551d0f040403020106300d06092a864886f70d0101040500038201010006034783724590c24ee121d7ab17a901 EAP-Message = 0x5506ca406d55a21d5eebe2142359e409e290f63c8d36060f4ba7262365c2ea069a72bbb88ccb8a5fef7936257e00d7f30694fb8344292637c7eee987ce6c86801b713dd262aff6cd626c530fe67a93008c7b2e33e0411daabe659876f1950774b3e63f5375d54b06364b29c4f6dc8e138040107382ad157b047150b53733f2c864bba1107e36c6adaf6f7052a6d1aeccccbab0e859128f620dad03dd4b2ae8893988512fed61e8b73087db27556d6687a351098061715105be131dd94130fc755f0a969b18ffbe9081b413c0721108fd6a9a6a07bdf4832cb460366407fa3d6aa7b090047683dd33cb34e21798040ba1000368308203643082024ca003 EAP-Message = 0x020102020100300d06092a864886f70d010104050030 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x3d4b85beff6fc099e91e34aa011f701c Fri Sep 21 15:30:01 2007 : Debug: Finished request 3 Fri Sep 21 15:30:01 2007 : Debug: Going to the next request Fri Sep 21 15:30:01 2007 : Debug: Waking up in 6 seconds... rad_recv: Access-Request packet from host 192.168.240.131:1812, id=174, length=147 NAS-IP-Address = 192.168.240.131 NAS-Port = 50019 NAS-Port-Type = Ethernet User-Name = "richard.heral" Called-Station-Id = "00-08-A3-72-C9-13" Calling-Station-Id = "00-30-13-C5-96-6D" Service-Type = Framed-User Framed-MTU = 1500 State = 0x3d4b85beff6fc099e91e34aa011f701c EAP-Message = 0x020300061500 Message-Authenticator = 0x07b2ccf904a529e6b1d3c434eed50558 Fri Sep 21 15:30:01 2007 : Debug: Processing the authorize section of radiusd.conf Fri Sep 21 15:30:01 2007 : Debug: modcall: entering group authorize for request 4 Fri Sep 21 15:30:01 2007 : Debug: modsingle[authorize]: calling preprocess (rlm_preprocess) for request 4 Fri Sep 21 15:30:01 2007 : Debug: modsingle[authorize]: returned from preprocess (rlm_preprocess) for request 4 Fri Sep 21 15:30:01 2007 : Debug: modcall[authorize]: module "preprocess" returns ok for request 4 Fri Sep 21 15:30:01 2007 : Debug: modsingle[authorize]: calling suffix (rlm_realm) for request 4 Fri Sep 21 15:30:01 2007 : Debug: rlm_realm: No '@' in User-Name = "richard.heral", looking up realm NULL Fri Sep 21 15:30:01 2007 : Debug: rlm_realm: Found realm "NULL" Fri Sep 21 15:30:01 2007 : Debug: rlm_realm: Adding Stripped-User-Name = "richard.heral" Fri Sep 21 15:30:01 2007 : Debug: rlm_realm: Proxying request from user richard.heral to realm NULL Fri Sep 21 15:30:01 2007 : Debug: rlm_realm: Adding Realm = "NULL" Fri Sep 21 15:30:01 2007 : Debug: rlm_realm: Authentication realm is LOCAL. Fri Sep 21 15:30:01 2007 : Debug: modsingle[authorize]: returned from suffix (rlm_realm) for request 4 Fri Sep 21 15:30:01 2007 : Debug: modcall[authorize]: module "suffix" returns noop for request 4 Fri Sep 21 15:30:01 2007 : Debug: modsingle[authorize]: calling eap (rlm_eap) for request 4 Fri Sep 21 15:30:01 2007 : Debug: rlm_eap: EAP packet type response id 3 length 6 Fri Sep 21 15:30:01 2007 : Debug: rlm_eap: No EAP Start, assuming it's an on-going EAP conversation Fri Sep 21 15:30:01 2007 : Debug: modsingle[authorize]: returned from eap (rlm_eap) for request 4 Fri Sep 21 15:30:01 2007 : Debug: modcall[authorize]: module "eap" returns updated for request 4 Fri Sep 21 15:30:01 2007 : Debug: modsingle[authorize]: calling files (rlm_files) for request 4 Fri Sep 21 15:30:01 2007 : Debug: rlm_ldap: Entering ldap_groupcmp() Fri Sep 21 15:30:01 2007 : Debug: radius_xlat: 'ou=users,dc=grenoble,dc=cnrs,dc=fr' Fri Sep 21 15:30:01 2007 : Debug: radius_xlat: '(|(|(uid=richard.heral)(mail=richard.heral))(mail=richard.heral@grenoble.cnrs.fr))' Fri Sep 21 15:30:01 2007 : Debug: rlm_ldap: ldap_get_conn: Checking Id: 0 Fri Sep 21 15:30:01 2007 : Debug: rlm_ldap: ldap_get_conn: Got Id: 0 Fri Sep 21 15:30:01 2007 : Debug: rlm_ldap: performing search in ou=users,dc=grenoble,dc=cnrs,dc=fr, with filter (|(|(uid=richard.heral)(mail=richard.heral))(mail=richard.heral@grenoble.cnrs.fr)) Fri Sep 21 15:30:01 2007 : Debug: rlm_ldap: ldap_release_conn: Release Id: 0 Fri Sep 21 15:30:01 2007 : Debug: radius_xlat: '(|(|(uid=richard.heral)(mail=richard.heral))(mail=richard.heral@grenoble.cnrs.fr))' Fri Sep 21 15:30:01 2007 : Debug: rlm_ldap: ldap_get_conn: Checking Id: 0 Fri Sep 21 15:30:01 2007 : Debug: rlm_ldap: ldap_get_conn: Got Id: 0 Fri Sep 21 15:30:01 2007 : Debug: rlm_ldap: performing search in ou=users,dc=grenoble,dc=cnrs,dc=fr, with filter (&(radiusGroupName=interneTEST)(|(|(uid=richard.heral)(mail=richard.heral))(mail=richard.heral@grenoble.cnrs.fr))) Fri Sep 21 15:30:01 2007 : Debug: rlm_ldap::ldap_groupcmp: User found in group interneTEST Fri Sep 21 15:30:01 2007 : Debug: rlm_ldap: ldap_release_conn: Release Id: 0 Fri Sep 21 15:30:01 2007 : Debug: users: Matched entry DEFAULT at line 317 Fri Sep 21 15:30:01 2007 : Debug: modsingle[authorize]: returned from files (rlm_files) for request 4 Fri Sep 21 15:30:01 2007 : Debug: modcall[authorize]: module "files" returns ok for request 4 Fri Sep 21 15:30:01 2007 : Debug: modsingle[authorize]: calling pap (rlm_pap) for request 4 Fri Sep 21 15:30:01 2007 : Debug: rlm_pap: WARNING! No "known good" password found for the user. Authentication may fail because of this. Fri Sep 21 15:30:01 2007 : Debug: modsingle[authorize]: returned from pap (rlm_pap) for request 4 Fri Sep 21 15:30:01 2007 : Debug: modcall[authorize]: module "pap" returns noop for request 4 Fri Sep 21 15:30:01 2007 : Debug: modcall: leaving group authorize (returns updated) for request 4 Fri Sep 21 15:30:01 2007 : Debug: Found Autz-Type ldap Fri Sep 21 15:30:01 2007 : Debug: Processing the authorize section of radiusd.conf Fri Sep 21 15:30:01 2007 : Debug: modcall: entering group LDAP for request 4 Fri Sep 21 15:30:01 2007 : Debug: modsingle[authorize]: calling ldap (rlm_ldap) for request 4 Fri Sep 21 15:30:01 2007 : Debug: rlm_ldap: - authorize Fri Sep 21 15:30:01 2007 : Debug: rlm_ldap: performing user authorization for richard.heral Fri Sep 21 15:30:01 2007 : Debug: radius_xlat: '(|(|(uid=richard.heral)(mail=richard.heral))(mail=richard.heral@grenoble.cnrs.fr))' Fri Sep 21 15:30:01 2007 : Debug: radius_xlat: 'ou=users,dc=grenoble,dc=cnrs,dc=fr' Fri Sep 21 15:30:01 2007 : Debug: rlm_ldap: ldap_get_conn: Checking Id: 0 Fri Sep 21 15:30:01 2007 : Debug: rlm_ldap: ldap_get_conn: Got Id: 0 Fri Sep 21 15:30:01 2007 : Debug: rlm_ldap: performing search in ou=users,dc=grenoble,dc=cnrs,dc=fr, with filter (|(|(uid=richard.heral)(mail=richard.heral))(mail=richard.heral@grenoble.cnrs.fr)) Fri Sep 21 15:30:01 2007 : Debug: rlm_ldap: No default NMAS login sequence Fri Sep 21 15:30:01 2007 : Debug: rlm_ldap: looking for check items in directory... Fri Sep 21 15:30:01 2007 : Debug: rlm_ldap: looking for reply items in directory... Fri Sep 21 15:30:01 2007 : Debug: rlm_ldap: user richard.heral authorized to use remote access Fri Sep 21 15:30:01 2007 : Debug: rlm_ldap: ldap_release_conn: Release Id: 0 Fri Sep 21 15:30:01 2007 : Debug: modsingle[authorize]: returned from ldap (rlm_ldap) for request 4 Fri Sep 21 15:30:01 2007 : Debug: modcall[authorize]: module "ldap" returns ok for request 4 Fri Sep 21 15:30:01 2007 : Debug: modcall: leaving group LDAP (returns ok) for request 4 Fri Sep 21 15:30:01 2007 : Debug: rad_check_password: Found Auth-Type EAP Fri Sep 21 15:30:01 2007 : Debug: auth: type "EAP" Fri Sep 21 15:30:01 2007 : Debug: Processing the authenticate section of radiusd.conf Fri Sep 21 15:30:01 2007 : Debug: modcall: entering group authenticate for request 4 Fri Sep 21 15:30:01 2007 : Debug: modsingle[authenticate]: calling eap (rlm_eap) for request 4 Fri Sep 21 15:30:01 2007 : Debug: rlm_eap: Request found, released from the list Fri Sep 21 15:30:01 2007 : Debug: rlm_eap: EAP/ttls Fri Sep 21 15:30:01 2007 : Debug: rlm_eap: processing type ttls Fri Sep 21 15:30:01 2007 : Debug: rlm_eap_ttls: Authenticate Fri Sep 21 15:30:01 2007 : Debug: rlm_eap_tls: processing TLS Fri Sep 21 15:30:01 2007 : Debug: rlm_eap_tls: Received EAP-TLS ACK message Fri Sep 21 15:30:01 2007 : Debug: rlm_eap_tls: ack handshake fragment handler Fri Sep 21 15:30:01 2007 : Debug: eaptls_verify returned 1 Fri Sep 21 15:30:01 2007 : Debug: eaptls_process returned 13 Fri Sep 21 15:30:01 2007 : Debug: modsingle[authenticate]: returned from eap (rlm_eap) for request 4 Fri Sep 21 15:30:01 2007 : Debug: modcall[authenticate]: module "eap" returns handled for request 4 Fri Sep 21 15:30:01 2007 : Debug: modcall: leaving group authenticate (returns handled) for request 4 Sending Access-Challenge of id 174 to 192.168.240.131 port 1812 Tunnel-Type:0 = VLAN Tunnel-Medium-Type:0 = IEEE-802 Tunnel-Private-Group-Id:0 = "240" EAP-Message = 0x0104035b158000000b512b310b3009060355040613024652310d300b060355040a1304434e5253310d300b06035504031304434e5253301e170d3031303432373035343433365a170d3231303432323035343433365a302b310b3009060355040613024652310d300b060355040a1304434e5253310d300b06035504031304434e525330820122300d06092a864886f70d01010105000382010f003082010a0282010100dd77abf1eafc78b514a1dc776256978c2fb754c24c54a6d47d22477b74a9f7e3ad7c55b214f0485d988f02bd9211b6884fc415f56f585bf789b527eaafa0fca08e88868f9f24b6904e24dc67d04f8f7e562d1b280772b11767 EAP-Message = 0xa00edb424ec37cb425a2f88c04b1a9825d8c8fd4837beeaa9fd7d2dbf65b6ec28110d69aab5d881c36ca0564684b8b9ec0509423fdb628b5af5da4dda6c5d3d8572b3ef8b5bac4d8ff12225f24690762e4344a0877ca30bbecd3ed759068a28c717227de15262c2521842a9e5718817223bd661f0fe3b7bd17da12ba1954f41c2d8f715233b1b628b67a68cb9a4d5238fa488cc14b89968fc6175bcbb90e0e815c1ac7343957bd0203010001a3819230818f300c0603551d13040530030101ff301d0603551d0e0416041456eb68b9d25c7e98b5a553c3916f6358c4f96bb730530603551d23044c304a801456eb68b9d25c7e98b5a553c3916f6358c4 EAP-Message = 0xf96bb7a12fa42d302b310b3009060355040613024652310d300b060355040a1304434e5253310d300b06035504031304434e5253820100300b0603551d0f040403020106300d06092a864886f70d0101040500038201010038d7c329bc7a77a25e164749865ed019386ade810802b9a7a002a688b80de24935cee6aaa234d2f9a384379a15e9592bb7bdcc11ae29218f8f9139fa9d77e2e839eaec2ed6ca4847224c65b1d3b66f581b342e8a109d128474a4795257005314c898de816ec50b75a75ae7d335084588f5845098f0073ec5863e2e095aa2dcb6a06b7b37ab9f03706eddf59cc00e05ecb5845b23b489211088adfb2d08e400131c55b38f77 EAP-Message = 0xbe20acdc011c797c670c5a5f4fb99489beab9a2c12b1a863c6628003fd4c7095bdc6e805dacbbe09a61fe96dd2852e43d31f1a5c76fe13766160f964d45878bf7fefe573a343da2a7f77db347972d98ee5a5ed52d0c4464c5f1baa16030100040e000000 Message-Authenticator = 0x00000000000000000000000000000000 State = 0xbf647407dfbe1276f15330c29598035e Fri Sep 21 15:30:01 2007 : Debug: Finished request 4 Fri Sep 21 15:30:01 2007 : Debug: Going to the next request Fri Sep 21 15:30:01 2007 : Debug: Waking up in 6 seconds... rad_recv: Access-Request packet from host 192.168.240.131:1812, id=175, length=341 NAS-IP-Address = 192.168.240.131 NAS-Port = 50019 NAS-Port-Type = Ethernet User-Name = "richard.heral" Called-Station-Id = "00-08-A3-72-C9-13" Calling-Station-Id = "00-30-13-C5-96-6D" Service-Type = Framed-User Framed-MTU = 1500 State = 0xbf647407dfbe1276f15330c29598035e EAP-Message = 0x020400c81580000000be16030100861000008200805c02b8236bb2bd188cf7f0ece9c86829a0eeb98ac45a4a0c39b0280360cdfec4e7639f2720fdf760721f08253659e3c22a42e10ae1e9600ba8666a95108a805d89a09a455c8fe74c8a0bcb25f7d3cfa6fd7eef0291cb023a5a1ba7f729c839d355502794d02184bb7106c3434f02400cc5193dd508c737655b2a8d1b294af0101403010001011603010028ea87d3baef7f97c9dc9bee33d925840d3ac6ad8bcbf79e952d67a1f4e73df1d3f9766d5e41499a4f Message-Authenticator = 0x505d8b802941828cca6ce75ace464f8d Fri Sep 21 15:30:02 2007 : Debug: Processing the authorize section of radiusd.conf Fri Sep 21 15:30:02 2007 : Debug: modcall: entering group authorize for request 5 Fri Sep 21 15:30:02 2007 : Debug: modsingle[authorize]: calling preprocess (rlm_preprocess) for request 5 Fri Sep 21 15:30:02 2007 : Debug: modsingle[authorize]: returned from preprocess (rlm_preprocess) for request 5 Fri Sep 21 15:30:02 2007 : Debug: modcall[authorize]: module "preprocess" returns ok for request 5 Fri Sep 21 15:30:02 2007 : Debug: modsingle[authorize]: calling suffix (rlm_realm) for request 5 Fri Sep 21 15:30:02 2007 : Debug: rlm_realm: No '@' in User-Name = "richard.heral", looking up realm NULL Fri Sep 21 15:30:02 2007 : Debug: rlm_realm: Found realm "NULL" Fri Sep 21 15:30:02 2007 : Debug: rlm_realm: Adding Stripped-User-Name = "richard.heral" Fri Sep 21 15:30:02 2007 : Debug: rlm_realm: Proxying request from user richard.heral to realm NULL Fri Sep 21 15:30:02 2007 : Debug: rlm_realm: Adding Realm = "NULL" Fri Sep 21 15:30:02 2007 : Debug: rlm_realm: Authentication realm is LOCAL. Fri Sep 21 15:30:02 2007 : Debug: modsingle[authorize]: returned from suffix (rlm_realm) for request 5 Fri Sep 21 15:30:02 2007 : Debug: modcall[authorize]: module "suffix" returns noop for request 5 Fri Sep 21 15:30:02 2007 : Debug: modsingle[authorize]: calling eap (rlm_eap) for request 5 Fri Sep 21 15:30:02 2007 : Debug: rlm_eap: EAP packet type response id 4 length 200 Fri Sep 21 15:30:02 2007 : Debug: rlm_eap: No EAP Start, assuming it's an on-going EAP conversation Fri Sep 21 15:30:02 2007 : Debug: modsingle[authorize]: returned from eap (rlm_eap) for request 5 Fri Sep 21 15:30:02 2007 : Debug: modcall[authorize]: module "eap" returns updated for request 5 Fri Sep 21 15:30:02 2007 : Debug: modsingle[authorize]: calling files (rlm_files) for request 5 Fri Sep 21 15:30:02 2007 : Debug: rlm_ldap: Entering ldap_groupcmp() Fri Sep 21 15:30:02 2007 : Debug: radius_xlat: 'ou=users,dc=grenoble,dc=cnrs,dc=fr' Fri Sep 21 15:30:02 2007 : Debug: radius_xlat: '(|(|(uid=richard.heral)(mail=richard.heral))(mail=richard.heral@grenoble.cnrs.fr))' Fri Sep 21 15:30:02 2007 : Debug: rlm_ldap: ldap_get_conn: Checking Id: 0 Fri Sep 21 15:30:02 2007 : Debug: rlm_ldap: ldap_get_conn: Got Id: 0 Fri Sep 21 15:30:02 2007 : Debug: rlm_ldap: performing search in ou=users,dc=grenoble,dc=cnrs,dc=fr, with filter (|(|(uid=richard.heral)(mail=richard.heral))(mail=richard.heral@grenoble.cnrs.fr)) Fri Sep 21 15:30:02 2007 : Debug: rlm_ldap: ldap_release_conn: Release Id: 0 Fri Sep 21 15:30:02 2007 : Debug: radius_xlat: '(|(|(uid=richard.heral)(mail=richard.heral))(mail=richard.heral@grenoble.cnrs.fr))' Fri Sep 21 15:30:02 2007 : Debug: rlm_ldap: ldap_get_conn: Checking Id: 0 Fri Sep 21 15:30:02 2007 : Debug: rlm_ldap: ldap_get_conn: Got Id: 0 Fri Sep 21 15:30:02 2007 : Debug: rlm_ldap: performing search in ou=users,dc=grenoble,dc=cnrs,dc=fr, with filter (&(radiusGroupName=interneTEST)(|(|(uid=richard.heral)(mail=richard.heral))(mail=richard.heral@grenoble.cnrs.fr))) Fri Sep 21 15:30:02 2007 : Debug: rlm_ldap::ldap_groupcmp: User found in group interneTEST Fri Sep 21 15:30:02 2007 : Debug: rlm_ldap: ldap_release_conn: Release Id: 0 Fri Sep 21 15:30:02 2007 : Debug: users: Matched entry DEFAULT at line 317 Fri Sep 21 15:30:02 2007 : Debug: modsingle[authorize]: returned from files (rlm_files) for request 5 Fri Sep 21 15:30:02 2007 : Debug: modcall[authorize]: module "files" returns ok for request 5 Fri Sep 21 15:30:02 2007 : Debug: modsingle[authorize]: calling pap (rlm_pap) for request 5 Fri Sep 21 15:30:02 2007 : Debug: rlm_pap: WARNING! No "known good" password found for the user. Authentication may fail because of this. Fri Sep 21 15:30:02 2007 : Debug: modsingle[authorize]: returned from pap (rlm_pap) for request 5 Fri Sep 21 15:30:02 2007 : Debug: modcall[authorize]: module "pap" returns noop for request 5 Fri Sep 21 15:30:02 2007 : Debug: modcall: leaving group authorize (returns updated) for request 5 Fri Sep 21 15:30:02 2007 : Debug: Found Autz-Type ldap Fri Sep 21 15:30:02 2007 : Debug: Processing the authorize section of radiusd.conf Fri Sep 21 15:30:02 2007 : Debug: modcall: entering group LDAP for request 5 Fri Sep 21 15:30:02 2007 : Debug: modsingle[authorize]: calling ldap (rlm_ldap) for request 5 Fri Sep 21 15:30:02 2007 : Debug: rlm_ldap: - authorize Fri Sep 21 15:30:02 2007 : Debug: rlm_ldap: performing user authorization for richard.heral Fri Sep 21 15:30:02 2007 : Debug: radius_xlat: '(|(|(uid=richard.heral)(mail=richard.heral))(mail=richard.heral@grenoble.cnrs.fr))' Fri Sep 21 15:30:02 2007 : Debug: radius_xlat: 'ou=users,dc=grenoble,dc=cnrs,dc=fr' Fri Sep 21 15:30:02 2007 : Debug: rlm_ldap: ldap_get_conn: Checking Id: 0 Fri Sep 21 15:30:02 2007 : Debug: rlm_ldap: ldap_get_conn: Got Id: 0 Fri Sep 21 15:30:02 2007 : Debug: rlm_ldap: performing search in ou=users,dc=grenoble,dc=cnrs,dc=fr, with filter (|(|(uid=richard.heral)(mail=richard.heral))(mail=richard.heral@grenoble.cnrs.fr)) Fri Sep 21 15:30:02 2007 : Debug: rlm_ldap: No default NMAS login sequence Fri Sep 21 15:30:02 2007 : Debug: rlm_ldap: looking for check items in directory... Fri Sep 21 15:30:02 2007 : Debug: rlm_ldap: looking for reply items in directory... Fri Sep 21 15:30:02 2007 : Debug: rlm_ldap: user richard.heral authorized to use remote access Fri Sep 21 15:30:02 2007 : Debug: rlm_ldap: ldap_release_conn: Release Id: 0 Fri Sep 21 15:30:02 2007 : Debug: modsingle[authorize]: returned from ldap (rlm_ldap) for request 5 Fri Sep 21 15:30:02 2007 : Debug: modcall[authorize]: module "ldap" returns ok for request 5 Fri Sep 21 15:30:02 2007 : Debug: modcall: leaving group LDAP (returns ok) for request 5 Fri Sep 21 15:30:02 2007 : Debug: rad_check_password: Found Auth-Type EAP Fri Sep 21 15:30:02 2007 : Debug: auth: type "EAP" Fri Sep 21 15:30:02 2007 : Debug: Processing the authenticate section of radiusd.conf Fri Sep 21 15:30:02 2007 : Debug: modcall: entering group authenticate for request 5 Fri Sep 21 15:30:02 2007 : Debug: modsingle[authenticate]: calling eap (rlm_eap) for request 5 Fri Sep 21 15:30:02 2007 : Debug: rlm_eap: Request found, released from the list Fri Sep 21 15:30:02 2007 : Debug: rlm_eap: EAP/ttls Fri Sep 21 15:30:02 2007 : Debug: rlm_eap: processing type ttls Fri Sep 21 15:30:02 2007 : Debug: rlm_eap_ttls: Authenticate Fri Sep 21 15:30:02 2007 : Debug: rlm_eap_tls: processing TLS Fri Sep 21 15:30:02 2007 : Debug: rlm_eap_tls: Length Included Fri Sep 21 15:30:02 2007 : Debug: eaptls_verify returned 11 Fri Sep 21 15:30:02 2007 : Debug: rlm_eap_tls: <<< TLS 1.0 Handshake [length 0086], ClientKeyExchange Fri Sep 21 15:30:02 2007 : Debug: TLS_accept: SSLv3 read client key exchange A Fri Sep 21 15:30:02 2007 : Debug: rlm_eap_tls: <<< TLS 1.0 ChangeCipherSpec [length 0001] Fri Sep 21 15:30:02 2007 : Debug: rlm_eap_tls: <<< TLS 1.0 Handshake [length 0010], Finished Fri Sep 21 15:30:02 2007 : Debug: TLS_accept: SSLv3 read finished A Fri Sep 21 15:30:02 2007 : Debug: rlm_eap_tls: >>> TLS 1.0 ChangeCipherSpec [length 0001] Fri Sep 21 15:30:02 2007 : Debug: TLS_accept: SSLv3 write change cipher spec A Fri Sep 21 15:30:02 2007 : Debug: rlm_eap_tls: >>> TLS 1.0 Handshake [length 0010], Finished Fri Sep 21 15:30:02 2007 : Debug: TLS_accept: SSLv3 write finished A Fri Sep 21 15:30:02 2007 : Debug: TLS_accept: SSLv3 flush data Fri Sep 21 15:30:02 2007 : Debug: (other): SSL negotiation finished successfully Fri Sep 21 15:30:02 2007 : Debug: SSL Connection Established Fri Sep 21 15:30:02 2007 : Debug: eaptls_process returned 13 Fri Sep 21 15:30:02 2007 : Debug: modsingle[authenticate]: returned from eap (rlm_eap) for request 5 Fri Sep 21 15:30:02 2007 : Debug: modcall[authenticate]: module "eap" returns handled for request 5 Fri Sep 21 15:30:02 2007 : Debug: modcall: leaving group authenticate (returns handled) for request 5 Sending Access-Challenge of id 175 to 192.168.240.131 port 1812 Tunnel-Type:0 = VLAN Tunnel-Medium-Type:0 = IEEE-802 Tunnel-Private-Group-Id:0 = "240" EAP-Message = 0x0105003d158000000033140301000101160301002847c16c755643473b8ea623f19d1b6099f1c995156b8def6d20ba52194fbc83345787ea26cfcd5275 Message-Authenticator = 0x00000000000000000000000000000000 State = 0xfc00155c3b25f868b0dde563e631e788 Fri Sep 21 15:30:02 2007 : Debug: Finished request 5 Fri Sep 21 15:30:02 2007 : Debug: Going to the next request Fri Sep 21 15:30:02 2007 : Debug: --- Walking the entire request list --- Fri Sep 21 15:30:02 2007 : Debug: Waking up in 5 seconds... rad_recv: Access-Request packet from host 192.168.240.131:1812, id=176, length=220 NAS-IP-Address = 192.168.240.131 NAS-Port = 50019 NAS-Port-Type = Ethernet User-Name = "richard.heral" Called-Station-Id = "00-08-A3-72-C9-13" Calling-Station-Id = "00-30-13-C5-96-6D" Service-Type = Framed-User Framed-MTU = 1500 State = 0xfc00155c3b25f868b0dde563e631e788 EAP-Message = 0x0205004f15800000004517030100404ff32e5f193ba2fb8b494b3ddf02c25ff61d5c3c826b7523340cec54a94594737a3eec791f2ef63026bade2f6e8cff129914a83f124fe6a669ccb8976907769e Message-Authenticator = 0x6594fd58d70fff474114684f2ecbb7b3 Fri Sep 21 15:30:02 2007 : Debug: Processing the authorize section of radiusd.conf Fri Sep 21 15:30:02 2007 : Debug: modcall: entering group authorize for request 6 Fri Sep 21 15:30:02 2007 : Debug: modsingle[authorize]: calling preprocess (rlm_preprocess) for request 6 Fri Sep 21 15:30:02 2007 : Debug: modsingle[authorize]: returned from preprocess (rlm_preprocess) for request 6 Fri Sep 21 15:30:02 2007 : Debug: modcall[authorize]: module "preprocess" returns ok for request 6 Fri Sep 21 15:30:02 2007 : Debug: modsingle[authorize]: calling suffix (rlm_realm) for request 6 Fri Sep 21 15:30:02 2007 : Debug: rlm_realm: No '@' in User-Name = "richard.heral", looking up realm NULL Fri Sep 21 15:30:02 2007 : Debug: rlm_realm: Found realm "NULL" Fri Sep 21 15:30:02 2007 : Debug: rlm_realm: Adding Stripped-User-Name = "richard.heral" Fri Sep 21 15:30:02 2007 : Debug: rlm_realm: Proxying request from user richard.heral to realm NULL Fri Sep 21 15:30:02 2007 : Debug: rlm_realm: Adding Realm = "NULL" Fri Sep 21 15:30:02 2007 : Debug: rlm_realm: Authentication realm is LOCAL. Fri Sep 21 15:30:02 2007 : Debug: modsingle[authorize]: returned from suffix (rlm_realm) for request 6 Fri Sep 21 15:30:02 2007 : Debug: modcall[authorize]: module "suffix" returns noop for request 6 Fri Sep 21 15:30:02 2007 : Debug: modsingle[authorize]: calling eap (rlm_eap) for request 6 Fri Sep 21 15:30:02 2007 : Debug: rlm_eap: EAP packet type response id 5 length 79 Fri Sep 21 15:30:02 2007 : Debug: rlm_eap: No EAP Start, assuming it's an on-going EAP conversation Fri Sep 21 15:30:02 2007 : Debug: modsingle[authorize]: returned from eap (rlm_eap) for request 6 Fri Sep 21 15:30:02 2007 : Debug: modcall[authorize]: module "eap" returns updated for request 6 Fri Sep 21 15:30:02 2007 : Debug: modsingle[authorize]: calling files (rlm_files) for request 6 Fri Sep 21 15:30:02 2007 : Debug: rlm_ldap: Entering ldap_groupcmp() Fri Sep 21 15:30:02 2007 : Debug: radius_xlat: 'ou=users,dc=grenoble,dc=cnrs,dc=fr' Fri Sep 21 15:30:02 2007 : Debug: radius_xlat: '(|(|(uid=richard.heral)(mail=richard.heral))(mail=richard.heral@grenoble.cnrs.fr))' Fri Sep 21 15:30:02 2007 : Debug: rlm_ldap: ldap_get_conn: Checking Id: 0 Fri Sep 21 15:30:02 2007 : Debug: rlm_ldap: ldap_get_conn: Got Id: 0 Fri Sep 21 15:30:02 2007 : Debug: rlm_ldap: performing search in ou=users,dc=grenoble,dc=cnrs,dc=fr, with filter (|(|(uid=richard.heral)(mail=richard.heral))(mail=richard.heral@grenoble.cnrs.fr)) Fri Sep 21 15:30:02 2007 : Debug: rlm_ldap: ldap_release_conn: Release Id: 0 Fri Sep 21 15:30:02 2007 : Debug: radius_xlat: '(|(|(uid=richard.heral)(mail=richard.heral))(mail=richard.heral@grenoble.cnrs.fr))' Fri Sep 21 15:30:02 2007 : Debug: rlm_ldap: ldap_get_conn: Checking Id: 0 Fri Sep 21 15:30:02 2007 : Debug: rlm_ldap: ldap_get_conn: Got Id: 0 Fri Sep 21 15:30:02 2007 : Debug: rlm_ldap: performing search in ou=users,dc=grenoble,dc=cnrs,dc=fr, with filter (&(radiusGroupName=interneTEST)(|(|(uid=richard.heral)(mail=richard.heral))(mail=richard.heral@grenoble.cnrs.fr))) Fri Sep 21 15:30:02 2007 : Debug: rlm_ldap::ldap_groupcmp: User found in group interneTEST Fri Sep 21 15:30:02 2007 : Debug: rlm_ldap: ldap_release_conn: Release Id: 0 Fri Sep 21 15:30:02 2007 : Debug: users: Matched entry DEFAULT at line 317 Fri Sep 21 15:30:02 2007 : Debug: modsingle[authorize]: returned from files (rlm_files) for request 6 Fri Sep 21 15:30:02 2007 : Debug: modcall[authorize]: module "files" returns ok for request 6 Fri Sep 21 15:30:02 2007 : Debug: modsingle[authorize]: calling pap (rlm_pap) for request 6 Fri Sep 21 15:30:02 2007 : Debug: rlm_pap: WARNING! No "known good" password found for the user. Authentication may fail because of this. Fri Sep 21 15:30:02 2007 : Debug: modsingle[authorize]: returned from pap (rlm_pap) for request 6 Fri Sep 21 15:30:02 2007 : Debug: modcall[authorize]: module "pap" returns noop for request 6 Fri Sep 21 15:30:02 2007 : Debug: modcall: leaving group authorize (returns updated) for request 6 Fri Sep 21 15:30:02 2007 : Debug: Found Autz-Type ldap Fri Sep 21 15:30:02 2007 : Debug: Processing the authorize section of radiusd.conf Fri Sep 21 15:30:02 2007 : Debug: modcall: entering group LDAP for request 6 Fri Sep 21 15:30:02 2007 : Debug: modsingle[authorize]: calling ldap (rlm_ldap) for request 6 Fri Sep 21 15:30:02 2007 : Debug: rlm_ldap: - authorize Fri Sep 21 15:30:02 2007 : Debug: rlm_ldap: performing user authorization for richard.heral Fri Sep 21 15:30:02 2007 : Debug: radius_xlat: '(|(|(uid=richard.heral)(mail=richard.heral))(mail=richard.heral@grenoble.cnrs.fr))' Fri Sep 21 15:30:02 2007 : Debug: radius_xlat: 'ou=users,dc=grenoble,dc=cnrs,dc=fr' Fri Sep 21 15:30:02 2007 : Debug: rlm_ldap: ldap_get_conn: Checking Id: 0 Fri Sep 21 15:30:02 2007 : Debug: rlm_ldap: ldap_get_conn: Got Id: 0 Fri Sep 21 15:30:02 2007 : Debug: rlm_ldap: performing search in ou=users,dc=grenoble,dc=cnrs,dc=fr, with filter (|(|(uid=richard.heral)(mail=richard.heral))(mail=richard.heral@grenoble.cnrs.fr)) Fri Sep 21 15:30:02 2007 : Debug: rlm_ldap: No default NMAS login sequence Fri Sep 21 15:30:02 2007 : Debug: rlm_ldap: looking for check items in directory... Fri Sep 21 15:30:02 2007 : Debug: rlm_ldap: looking for reply items in directory... Fri Sep 21 15:30:02 2007 : Debug: rlm_ldap: user richard.heral authorized to use remote access Fri Sep 21 15:30:02 2007 : Debug: rlm_ldap: ldap_release_conn: Release Id: 0 Fri Sep 21 15:30:02 2007 : Debug: modsingle[authorize]: returned from ldap (rlm_ldap) for request 6 Fri Sep 21 15:30:02 2007 : Debug: modcall[authorize]: module "ldap" returns ok for request 6 Fri Sep 21 15:30:02 2007 : Debug: modcall: leaving group LDAP (returns ok) for request 6 Fri Sep 21 15:30:02 2007 : Debug: rad_check_password: Found Auth-Type EAP Fri Sep 21 15:30:02 2007 : Debug: auth: type "EAP" Fri Sep 21 15:30:02 2007 : Debug: Processing the authenticate section of radiusd.conf Fri Sep 21 15:30:02 2007 : Debug: modcall: entering group authenticate for request 6 Fri Sep 21 15:30:02 2007 : Debug: modsingle[authenticate]: calling eap (rlm_eap) for request 6 Fri Sep 21 15:30:02 2007 : Debug: rlm_eap: Request found, released from the list Fri Sep 21 15:30:02 2007 : Debug: rlm_eap: EAP/ttls Fri Sep 21 15:30:02 2007 : Debug: rlm_eap: processing type ttls Fri Sep 21 15:30:02 2007 : Debug: rlm_eap_ttls: Authenticate Fri Sep 21 15:30:02 2007 : Debug: rlm_eap_tls: processing TLS Fri Sep 21 15:30:02 2007 : Debug: rlm_eap_tls: Length Included Fri Sep 21 15:30:02 2007 : Debug: eaptls_verify returned 11 Fri Sep 21 15:30:02 2007 : Debug: eaptls_process returned 7 Fri Sep 21 15:30:02 2007 : Debug: rlm_eap_ttls: Session established. Proceeding to decode tunneled attributes. TTLS tunnel data in 0000: 00 00 00 01 40 00 00 15 72 69 63 68 61 72 64 2e TTLS tunnel data in 0010: 68 65 72 61 6c 00 00 00 00 00 00 02 40 00 00 10 TTLS tunnel data in 0020: 6c 61 76 63 68 64 6e 37 TTLS: Got tunneled request User-Name = "richard.heral" User-Password = "XXXXXXX" FreeRADIUS-Proxied-To = 127.0.0.1 TTLS: Sending tunneled request User-Name = "richard.heral" User-Password = "XXXXXXX" FreeRADIUS-Proxied-To = 127.0.0.1 NAS-IP-Address = 192.168.240.131 NAS-Port = 50019 NAS-Port-Type = Ethernet Called-Station-Id = "00-08-A3-72-C9-13" Calling-Station-Id = "00-30-13-C5-96-6D" Service-Type = Framed-User Framed-MTU = 1500 Fri Sep 21 15:30:02 2007 : Debug: Processing the authorize section of radiusd.conf Fri Sep 21 15:30:02 2007 : Debug: modcall: entering group authorize for request 6 Fri Sep 21 15:30:02 2007 : Debug: modsingle[authorize]: calling preprocess (rlm_preprocess) for request 6 Fri Sep 21 15:30:02 2007 : Debug: modsingle[authorize]: returned from preprocess (rlm_preprocess) for request 6 Fri Sep 21 15:30:02 2007 : Debug: modcall[authorize]: module "preprocess" returns ok for request 6 Fri Sep 21 15:30:02 2007 : Debug: modsingle[authorize]: calling suffix (rlm_realm) for request 6 Fri Sep 21 15:30:02 2007 : Debug: rlm_realm: No '@' in User-Name = "richard.heral", looking up realm NULL Fri Sep 21 15:30:02 2007 : Debug: rlm_realm: Found realm "NULL" Fri Sep 21 15:30:02 2007 : Debug: rlm_realm: Adding Stripped-User-Name = "richard.heral" Fri Sep 21 15:30:02 2007 : Debug: rlm_realm: Proxying request from user richard.heral to realm NULL Fri Sep 21 15:30:02 2007 : Debug: rlm_realm: Adding Realm = "NULL" Fri Sep 21 15:30:02 2007 : Debug: rlm_realm: Authentication realm is LOCAL. Fri Sep 21 15:30:02 2007 : Debug: modsingle[authorize]: returned from suffix (rlm_realm) for request 6 Fri Sep 21 15:30:02 2007 : Debug: modcall[authorize]: module "suffix" returns noop for request 6 Fri Sep 21 15:30:02 2007 : Debug: modsingle[authorize]: calling eap (rlm_eap) for request 6 Fri Sep 21 15:30:02 2007 : Debug: rlm_eap: No EAP-Message, not doing EAP Fri Sep 21 15:30:02 2007 : Debug: modsingle[authorize]: returned from eap (rlm_eap) for request 6 Fri Sep 21 15:30:02 2007 : Debug: modcall[authorize]: module "eap" returns noop for request 6 Fri Sep 21 15:30:02 2007 : Debug: modsingle[authorize]: calling files (rlm_files) for request 6 Fri Sep 21 15:30:02 2007 : Debug: rlm_ldap: Entering ldap_groupcmp() Fri Sep 21 15:30:02 2007 : Debug: radius_xlat: 'ou=users,dc=grenoble,dc=cnrs,dc=fr' Fri Sep 21 15:30:02 2007 : Debug: radius_xlat: '(|(|(uid=richard.heral)(mail=richard.heral))(mail=richard.heral@grenoble.cnrs.fr))' Fri Sep 21 15:30:02 2007 : Debug: rlm_ldap: ldap_get_conn: Checking Id: 0 Fri Sep 21 15:30:02 2007 : Debug: rlm_ldap: ldap_get_conn: Got Id: 0 Fri Sep 21 15:30:02 2007 : Debug: rlm_ldap: performing search in ou=users,dc=grenoble,dc=cnrs,dc=fr, with filter (|(|(uid=richard.heral)(mail=richard.heral))(mail=richard.heral@grenoble.cnrs.fr)) Fri Sep 21 15:30:02 2007 : Debug: rlm_ldap: ldap_release_conn: Release Id: 0 Fri Sep 21 15:30:02 2007 : Debug: radius_xlat: '(|(|(uid=richard.heral)(mail=richard.heral))(mail=richard.heral@grenoble.cnrs.fr))' Fri Sep 21 15:30:02 2007 : Debug: rlm_ldap: ldap_get_conn: Checking Id: 0 Fri Sep 21 15:30:02 2007 : Debug: rlm_ldap: ldap_get_conn: Got Id: 0 Fri Sep 21 15:30:02 2007 : Debug: rlm_ldap: performing search in ou=users,dc=grenoble,dc=cnrs,dc=fr, with filter (&(radiusGroupName=interneTEST)(|(|(uid=richard.heral)(mail=richard.heral))(mail=richard.heral@grenoble.cnrs.fr))) Fri Sep 21 15:30:02 2007 : Debug: rlm_ldap::ldap_groupcmp: User found in group interneTEST Fri Sep 21 15:30:02 2007 : Debug: rlm_ldap: ldap_release_conn: Release Id: 0 Fri Sep 21 15:30:02 2007 : Debug: users: Matched entry DEFAULT at line 317 Fri Sep 21 15:30:02 2007 : Debug: modsingle[authorize]: returned from files (rlm_files) for request 6 Fri Sep 21 15:30:02 2007 : Debug: modcall[authorize]: module "files" returns ok for request 6 Fri Sep 21 15:30:02 2007 : Debug: modsingle[authorize]: calling pap (rlm_pap) for request 6 Fri Sep 21 15:30:02 2007 : Debug: rlm_pap: WARNING! No "known good" password found for the user. Authentication may fail because of this. Fri Sep 21 15:30:02 2007 : Debug: modsingle[authorize]: returned from pap (rlm_pap) for request 6 Fri Sep 21 15:30:02 2007 : Debug: modcall[authorize]: module "pap" returns noop for request 6 Fri Sep 21 15:30:02 2007 : Debug: modcall: leaving group authorize (returns ok) for request 6 Fri Sep 21 15:30:02 2007 : Debug: Found Autz-Type ldap Fri Sep 21 15:30:02 2007 : Debug: Processing the authorize section of radiusd.conf Fri Sep 21 15:30:02 2007 : Debug: modcall: entering group LDAP for request 6 Fri Sep 21 15:30:02 2007 : Debug: modsingle[authorize]: calling ldap (rlm_ldap) for request 6 Fri Sep 21 15:30:02 2007 : Debug: rlm_ldap: - authorize Fri Sep 21 15:30:02 2007 : Debug: rlm_ldap: performing user authorization for richard.heral Fri Sep 21 15:30:02 2007 : Debug: radius_xlat: '(|(|(uid=richard.heral)(mail=richard.heral))(mail=richard.heral@grenoble.cnrs.fr))' Fri Sep 21 15:30:02 2007 : Debug: radius_xlat: 'ou=users,dc=grenoble,dc=cnrs,dc=fr' Fri Sep 21 15:30:02 2007 : Debug: rlm_ldap: ldap_get_conn: Checking Id: 0 Fri Sep 21 15:30:02 2007 : Debug: rlm_ldap: ldap_get_conn: Got Id: 0 Fri Sep 21 15:30:02 2007 : Debug: rlm_ldap: performing search in ou=users,dc=grenoble,dc=cnrs,dc=fr, with filter (|(|(uid=richard.heral)(mail=richard.heral))(mail=richard.heral@grenoble.cnrs.fr)) Fri Sep 21 15:30:02 2007 : Debug: rlm_ldap: No default NMAS login sequence Fri Sep 21 15:30:02 2007 : Debug: rlm_ldap: looking for check items in directory... Fri Sep 21 15:30:02 2007 : Debug: rlm_ldap: looking for reply items in directory... Fri Sep 21 15:30:02 2007 : Debug: rlm_ldap: Setting Auth-Type = ldap Fri Sep 21 15:30:02 2007 : Debug: rlm_ldap: user richard.heral authorized to use remote access Fri Sep 21 15:30:02 2007 : Debug: rlm_ldap: ldap_release_conn: Release Id: 0 Fri Sep 21 15:30:02 2007 : Debug: modsingle[authorize]: returned from ldap (rlm_ldap) for request 6 Fri Sep 21 15:30:02 2007 : Debug: modcall[authorize]: module "ldap" returns ok for request 6 Fri Sep 21 15:30:02 2007 : Debug: modcall: leaving group LDAP (returns ok) for request 6 Fri Sep 21 15:30:02 2007 : Debug: rad_check_password: Found Auth-Type ldap Fri Sep 21 15:30:02 2007 : Debug: auth: type "LDAP" Fri Sep 21 15:30:02 2007 : Debug: Processing the authenticate section of radiusd.conf Fri Sep 21 15:30:02 2007 : Debug: modcall: entering group LDAP for request 6 Fri Sep 21 15:30:02 2007 : Debug: modsingle[authenticate]: calling ldap (rlm_ldap) for request 6 Fri Sep 21 15:30:02 2007 : Debug: rlm_ldap: - authenticate Fri Sep 21 15:30:02 2007 : Debug: rlm_ldap: login attempt by "richard.heral" with password "XXXXXXX" Fri Sep 21 15:30:02 2007 : Debug: rlm_ldap: user DN: uid=richard.heral,ou=invites,ou=users,dc=grenoble,dc=cnrs,dc=fr Fri Sep 21 15:30:02 2007 : Debug: rlm_ldap: (re)connect to ldaps://ldap.grenoble.cnrs.fr, authentication 1 Fri Sep 21 15:30:02 2007 : Debug: rlm_ldap: bind as uid=richard.heral,ou=invites,ou=users,dc=grenoble,dc=cnrs,dc=fr/XXXXXXX to ldaps://ldap.grenoble.cnrs.fr Fri Sep 21 15:30:02 2007 : Debug: rlm_ldap: waiting for bind result ... Fri Sep 21 15:30:02 2007 : Debug: rlm_ldap: Bind was successful Fri Sep 21 15:30:02 2007 : Debug: rlm_ldap: user richard.heral authenticated succesfully Fri Sep 21 15:30:02 2007 : Debug: modsingle[authenticate]: returned from ldap (rlm_ldap) for request 6 Fri Sep 21 15:30:02 2007 : Debug: modcall[authenticate]: module "ldap" returns ok for request 6 Fri Sep 21 15:30:02 2007 : Debug: modcall: leaving group LDAP (returns ok) for request 6 Fri Sep 21 15:30:02 2007 : Auth: Login OK: [richard.heral] (from client localhost port 50019 cli 00-30-13-C5-96-6D) TTLS: Got tunneled reply RADIUS code 2 Tunnel-Type:0 = VLAN Tunnel-Medium-Type:0 = IEEE-802 Tunnel-Private-Group-Id:0 = "240" Fri Sep 21 15:30:02 2007 : Debug: TTLS: Got tunneled Access-Accept Fri Sep 21 15:30:02 2007 : Debug: rlm_eap: Freeing handler Fri Sep 21 15:30:02 2007 : Debug: modsingle[authenticate]: returned from eap (rlm_eap) for request 6 Fri Sep 21 15:30:02 2007 : Debug: modcall[authenticate]: module "eap" returns ok for request 6 Fri Sep 21 15:30:02 2007 : Debug: modcall: leaving group authenticate (returns ok) for request 6 Fri Sep 21 15:30:02 2007 : Auth: Login OK: [richard.heral] (from client switch port 50019 cli 00-30-13-C5-96-6D) Sending Access-Accept of id 176 to 192.168.240.131 port 1812 Tunnel-Type:0 = VLAN Tunnel-Medium-Type:0 = IEEE-802 Tunnel-Private-Group-Id:0 = "240" Tunnel-Type:0 = VLAN Tunnel-Medium-Type:0 = IEEE-802 Tunnel-Private-Group-Id:0 = "240" MS-MPPE-Recv-Key = 0xc17e77742c93fec74d66f3874b665de1105ce4436dc49fa7bff5b3ec4aff9a72 MS-MPPE-Send-Key = 0x2d7d8f52d5e7c4a77322c15c734daac550883850fd3f2231e8aecb78313bb16f EAP-Message = 0x03050004 Message-Authenticator = 0x00000000000000000000000000000000 User-Name = "richard.heral" Fri Sep 21 15:30:02 2007 : Debug: Finished request 6 Fri Sep 21 15:30:02 2007 : Debug: Going to the next request Fri Sep 21 15:30:02 2007 : Debug: Waking up in 5 seconds... rad_recv: Accounting-Request packet from host 192.168.240.131:1813, id=176, length=167 NAS-IP-Address = 192.168.240.131 NAS-Port = 50019 NAS-Port-Type = Ethernet User-Name = "richard.heral" Called-Station-Id = "00-08-A3-72-C9-13" Calling-Station-Id = "00-30-13-C5-96-6D" Acct-Status-Type = Start Acct-Authentic = RADIUS Acct-Session-Id = "192.168.240.131 richard.heral 09/21/07 13:30:02 00000031" Acct-Delay-Time = 0 Fri Sep 21 15:30:02 2007 : Debug: Processing the preacct section of radiusd.conf Fri Sep 21 15:30:02 2007 : Debug: modcall: entering group preacct for request 7 Fri Sep 21 15:30:02 2007 : Debug: modsingle[preacct]: calling preprocess (rlm_preprocess) for request 7 Fri Sep 21 15:30:02 2007 : Debug: modsingle[preacct]: returned from preprocess (rlm_preprocess) for request 7 Fri Sep 21 15:30:02 2007 : Debug: modcall[preacct]: module "preprocess" returns noop for request 7 Fri Sep 21 15:30:02 2007 : Debug: modsingle[preacct]: calling acct_unique (rlm_acct_unique) for request 7 Fri Sep 21 15:30:02 2007 : Debug: rlm_acct_unique: Hashing 'NAS-Port = 50019,Client-IP-Address = 192.168.240.131,NAS-IP-Address = 192.168.240.131,Acct-Session-Id = "192.168.240.131 richard.heral 09/21/07 13:30:02 00000031",User-Name = "richard.heral"' Fri Sep 21 15:30:02 2007 : Debug: rlm_acct_unique: Acct-Unique-Session-ID = "32cae3d7a58dc6ba". Fri Sep 21 15:30:02 2007 : Debug: modsingle[preacct]: returned from acct_unique (rlm_acct_unique) for request 7 Fri Sep 21 15:30:02 2007 : Debug: modcall[preacct]: module "acct_unique" returns ok for request 7 Fri Sep 21 15:30:02 2007 : Debug: modsingle[preacct]: calling suffix (rlm_realm) for request 7 Fri Sep 21 15:30:02 2007 : Debug: rlm_realm: No '@' in User-Name = "richard.heral", looking up realm NULL Fri Sep 21 15:30:02 2007 : Debug: rlm_realm: Found realm "NULL" Fri Sep 21 15:30:02 2007 : Debug: rlm_realm: Adding Stripped-User-Name = "richard.heral" Fri Sep 21 15:30:02 2007 : Debug: rlm_realm: Proxying request from user richard.heral to realm NULL Fri Sep 21 15:30:02 2007 : Debug: rlm_realm: Adding Realm = "NULL" Fri Sep 21 15:30:02 2007 : Debug: rlm_realm: Accounting realm is LOCAL. Fri Sep 21 15:30:02 2007 : Debug: modsingle[preacct]: returned from suffix (rlm_realm) for request 7 Fri Sep 21 15:30:02 2007 : Debug: modcall[preacct]: module "suffix" returns noop for request 7 Fri Sep 21 15:30:02 2007 : Debug: modsingle[preacct]: calling files (rlm_files) for request 7 Fri Sep 21 15:30:02 2007 : Debug: modsingle[preacct]: returned from files (rlm_files) for request 7 Fri Sep 21 15:30:02 2007 : Debug: modcall[preacct]: module "files" returns noop for request 7 Fri Sep 21 15:30:02 2007 : Debug: modcall: leaving group preacct (returns ok) for request 7 Fri Sep 21 15:30:02 2007 : Debug: Processing the accounting section of radiusd.conf Fri Sep 21 15:30:02 2007 : Debug: modcall: entering group accounting for request 7 Fri Sep 21 15:30:02 2007 : Debug: modsingle[accounting]: calling detail (rlm_detail) for request 7 Fri Sep 21 15:30:02 2007 : Debug: radius_xlat: '/var/log/freeradius/radacct/192.168.240.131/detail-20070921' Fri Sep 21 15:30:02 2007 : Debug: rlm_detail: /var/log/freeradius/radacct/%{Client-IP-Address}/detail-%Y%m%d expands to /var/log/freeradius/radacct/192.168.240.131/detail-20070921 Fri Sep 21 15:30:02 2007 : Debug: modsingle[accounting]: returned from detail (rlm_detail) for request 7 Fri Sep 21 15:30:02 2007 : Debug: modcall[accounting]: module "detail" returns ok for request 7 Fri Sep 21 15:30:02 2007 : Debug: modsingle[accounting]: calling unix (rlm_unix) for request 7 Fri Sep 21 15:30:02 2007 : Debug: modsingle[accounting]: returned from unix (rlm_unix) for request 7 Fri Sep 21 15:30:02 2007 : Debug: modcall[accounting]: module "unix" returns ok for request 7 Fri Sep 21 15:30:02 2007 : Debug: modsingle[accounting]: calling radutmp (rlm_radutmp) for request 7 Fri Sep 21 15:30:02 2007 : Debug: radius_xlat: '/var/log/freeradius/radutmp' Fri Sep 21 15:30:02 2007 : Debug: radius_xlat: 'richard.heral' Fri Sep 21 15:30:02 2007 : Debug: modsingle[accounting]: returned from radutmp (rlm_radutmp) for request 7 Fri Sep 21 15:30:02 2007 : Debug: modcall[accounting]: module "radutmp" returns ok for request 7 Fri Sep 21 15:30:02 2007 : Debug: modsingle[accounting]: calling sql (rlm_sql) for request 7 Fri Sep 21 15:30:02 2007 : Debug: radius_xlat: 'richard.heral' Fri Sep 21 15:30:02 2007 : Debug: rlm_sql (sql): sql_set_user escaped user --> 'richard.heral' Fri Sep 21 15:30:02 2007 : Debug: radius_xlat: 'INSERT into radacct (AcctSessionId, AcctUniqueId, UserName, Realm, NASIPAddress, NASPortId, NASPortType, AcctStartTime, AcctStopTime, AcctSessionTime, AcctAuthentic, ConnectInfo_start, ConnectInfo_stop, AcctInputOctets, AcctOutputOctets, CalledStationId, CallingStationId, AcctTerminateCause, ServiceType, FramedProtocol, FramedIPAddress, AcctStartDelay, AcctStopDelay) values('192.168.240.131 richard.heral 09/21/07 13:30:02 00000031', '32cae3d7a58dc6ba', 'richard.heral', 'NULL', '192.168.240.131', '50019', 'Ethernet', '2007-09-21 15:30:02', '0', '0', 'RADIUS', '', '', '0', '0', '00-08-A3-72-C9-13', '00-30-13-C5-96-6D', '', '', '', '', '0', '0')' Fri Sep 21 15:30:02 2007 : Debug: radius_xlat: '/var/log/freeradius/sqltrace.sql' Fri Sep 21 15:30:02 2007 : Debug: rlm_sql (sql): Reserving sql socket id: 3 Fri Sep 21 15:30:02 2007 : Debug: rlm_sql_mysql: query: INSERT into radacct (AcctSessionId, AcctUniqueId, UserName, Realm, NASIPAddress, NASPortId, NASPortType, AcctStartTime, AcctStopTime, AcctSessionTime, AcctAuthentic, ConnectInfo_start, ConnectInfo_stop, AcctInputOctets, AcctOutputOctets, CalledStationId, CallingStationId, AcctTerminateCause, ServiceType, FramedProtocol, FramedIPAddress, AcctStartDelay, AcctStopDelay) values('192.168.240.131 richard.heral 09/21/07 13:30:02 00000031', '32cae3d7a58dc6ba', 'richard.heral', 'NULL', '192.168.240.131', '50019', 'Ethernet', '2007-09-21 15:30:02', '0', '0', 'RADIUS', '', '', '0', '0', '00-08-A3-72-C9-13', '00-30-13-C5-96-6D', '', '', '', '', '0', '0') Fri Sep 21 15:30:02 2007 : Debug: rlm_sql (sql): Released sql socket id: 3 Fri Sep 21 15:30:02 2007 : Debug: modsingle[accounting]: returned from sql (rlm_sql) for request 7 Fri Sep 21 15:30:02 2007 : Debug: modcall[accounting]: module "sql" returns ok for request 7 Fri Sep 21 15:30:02 2007 : Debug: modsingle[accounting]: calling attr_filter.accounting_response (rlm_attr_filter) for request 7 Fri Sep 21 15:30:02 2007 : Debug: attr_filter: Matched entry DEFAULT at line 12 Fri Sep 21 15:30:02 2007 : Debug: modsingle[accounting]: returned from attr_filter.accounting_response (rlm_attr_filter) for request 7 Fri Sep 21 15:30:02 2007 : Debug: modcall[accounting]: module "attr_filter.accounting_response" returns updated for request 7 Fri Sep 21 15:30:02 2007 : Debug: modcall: leaving group accounting (returns updated) for request 7 Sending Accounting-Response of id 176 to 192.168.240.131 port 1813 Fri Sep 21 15:30:02 2007 : Debug: Finished request 7 Fri Sep 21 15:30:02 2007 : Debug: Going to the next request Fri Sep 21 15:30:02 2007 : Debug: Waking up in 5 seconds... Fri Sep 21 15:30:07 2007 : Debug: --- Walking the entire request list --- Fri Sep 21 15:30:07 2007 : Debug: Cleaning up request 1 ID 171 with timestamp 46f3c759 Fri Sep 21 15:30:07 2007 : Debug: Cleaning up request 2 ID 172 with timestamp 46f3c759 Fri Sep 21 15:30:07 2007 : Debug: Cleaning up request 3 ID 173 with timestamp 46f3c759 Fri Sep 21 15:30:07 2007 : Debug: Cleaning up request 4 ID 174 with timestamp 46f3c759 Fri Sep 21 15:30:07 2007 : Debug: Waking up in 1 seconds... Fri Sep 21 15:30:08 2007 : Debug: --- Walking the entire request list --- Fri Sep 21 15:30:08 2007 : Debug: Cleaning up request 5 ID 175 with timestamp 46f3c75a Fri Sep 21 15:30:08 2007 : Debug: Cleaning up request 6 ID 176 with timestamp 46f3c75a Fri Sep 21 15:30:08 2007 : Debug: Cleaning up request 7 ID 176 with timestamp 46f3c75a Fri Sep 21 15:30:08 2007 : Debug: Nothing to do. Sleeping until we see a request.
Fri Sep 21 15:35:28 2007 : Info: Starting - reading configuration files ... Fri Sep 21 15:35:28 2007 : Debug: reread_config: reading radiusd.conf Fri Sep 21 15:35:28 2007 : Debug: Config: including file: /etc/freeradius/proxy.conf Fri Sep 21 15:35:28 2007 : Debug: Config: including file: /etc/freeradius/clients.conf Fri Sep 21 15:35:28 2007 : Debug: Config: including file: /etc/freeradius/snmp.conf Fri Sep 21 15:35:28 2007 : Debug: Config: including file: /etc/freeradius/eap.conf Fri Sep 21 15:35:28 2007 : Debug: Config: including file: /etc/freeradius/sql.conf Fri Sep 21 15:35:28 2007 : Debug: main: prefix = "/usr" Fri Sep 21 15:35:28 2007 : Debug: main: localstatedir = "/var" Fri Sep 21 15:35:28 2007 : Debug: main: logdir = "/var/log/freeradius" Fri Sep 21 15:35:28 2007 : Debug: main: libdir = "/usr/lib/freeradius" Fri Sep 21 15:35:28 2007 : Debug: main: radacctdir = "/var/log/freeradius/radacct" Fri Sep 21 15:35:28 2007 : Debug: main: hostname_lookups = no Fri Sep 21 15:35:28 2007 : Debug: main: snmp = no Fri Sep 21 15:35:28 2007 : Debug: main: max_request_time = 30 Fri Sep 21 15:35:28 2007 : Debug: main: cleanup_delay = 5 Fri Sep 21 15:35:28 2007 : Debug: main: max_requests = 1024 Fri Sep 21 15:35:28 2007 : Debug: main: delete_blocked_requests = 0 Fri Sep 21 15:35:28 2007 : Debug: main: port = 1812 Fri Sep 21 15:35:28 2007 : Debug: main: allow_core_dumps = no Fri Sep 21 15:35:28 2007 : Debug: main: log_stripped_names = no Fri Sep 21 15:35:28 2007 : Debug: main: log_file = "/var/log/freeradius/radius.log" Fri Sep 21 15:35:28 2007 : Debug: main: log_auth = yes Fri Sep 21 15:35:28 2007 : Debug: main: log_auth_badpass = no Fri Sep 21 15:35:28 2007 : Debug: main: log_auth_goodpass = no Fri Sep 21 15:35:28 2007 : Debug: main: pidfile = "/var/run/freeradius/freeradius.pid" Fri Sep 21 15:35:28 2007 : Debug: main: user = "freerad" Fri Sep 21 15:35:28 2007 : Debug: main: group = "freerad" Fri Sep 21 15:35:28 2007 : Debug: main: usercollide = no Fri Sep 21 15:35:28 2007 : Debug: main: lower_user = "no" Fri Sep 21 15:35:28 2007 : Debug: main: lower_pass = "no" Fri Sep 21 15:35:28 2007 : Debug: main: nospace_user = "no" Fri Sep 21 15:35:28 2007 : Debug: main: nospace_pass = "no" Fri Sep 21 15:35:28 2007 : Debug: main: checkrad = "/usr/sbin/checkrad" Fri Sep 21 15:35:28 2007 : Debug: main: proxy_requests = yes Fri Sep 21 15:35:28 2007 : Debug: proxy: retry_delay = 5 Fri Sep 21 15:35:28 2007 : Debug: proxy: retry_count = 3 Fri Sep 21 15:35:28 2007 : Debug: proxy: synchronous = no Fri Sep 21 15:35:28 2007 : Debug: proxy: default_fallback = yes Fri Sep 21 15:35:28 2007 : Debug: proxy: dead_time = 120 Fri Sep 21 15:35:28 2007 : Debug: proxy: post_proxy_authorize = yes Fri Sep 21 15:35:28 2007 : Debug: proxy: wake_all_if_all_dead = no Fri Sep 21 15:35:28 2007 : Debug: security: max_attributes = 200 Fri Sep 21 15:35:28 2007 : Debug: security: reject_delay = 1 Fri Sep 21 15:35:28 2007 : Debug: security: status_server = yes Fri Sep 21 15:35:28 2007 : Debug: main: debug_level = 0 Fri Sep 21 15:35:28 2007 : Debug: read_config_files: reading dictionary Fri Sep 21 15:35:29 2007 : Debug: read_config_files: reading naslist Fri Sep 21 15:35:29 2007 : Debug: read_config_files: reading clients Fri Sep 21 15:35:29 2007 : Debug: read_config_files: reading realms Fri Sep 21 15:35:29 2007 : Debug: listen: port = 0 Fri Sep 21 15:35:29 2007 : Debug: listen: type = "auth" Fri Sep 21 15:35:29 2007 : Debug: listen: port = 0 Fri Sep 21 15:35:29 2007 : Debug: listen: type = "acct" Fri Sep 21 15:35:29 2007 : Debug: radiusd: entering modules setup Fri Sep 21 15:35:29 2007 : Debug: Module: Library search path is /usr/lib/freeradius Fri Sep 21 15:35:29 2007 : Debug: Module: Loaded exec Fri Sep 21 15:35:29 2007 : Debug: exec: wait = no Fri Sep 21 15:35:29 2007 : Debug: exec: program = "(null)" Fri Sep 21 15:35:29 2007 : Debug: exec: input_pairs = "request" Fri Sep 21 15:35:29 2007 : Debug: exec: output_pairs = "(null)" Fri Sep 21 15:35:29 2007 : Debug: exec: packet_type = "(null)" Fri Sep 21 15:35:29 2007 : Debug: Module: Instantiated exec (exec) Fri Sep 21 15:35:29 2007 : Debug: Module: Loaded expr Fri Sep 21 15:35:29 2007 : Debug: Module: Instantiated expr (expr) Fri Sep 21 15:35:29 2007 : Debug: Module: Loaded LDAP Fri Sep 21 15:35:29 2007 : Debug: ldap: server = "ldaps://ldap.grenoble.cnrs.fr" Fri Sep 21 15:35:29 2007 : Debug: ldap: port = 389 Fri Sep 21 15:35:29 2007 : Debug: ldap: net_timeout = 1 Fri Sep 21 15:35:29 2007 : Debug: ldap: timeout = 4 Fri Sep 21 15:35:29 2007 : Debug: ldap: timelimit = 3 Fri Sep 21 15:35:29 2007 : Debug: ldap: identity = "cn=rad,dc=grenoble,dc=cnrs,dc=fr" Fri Sep 21 15:35:29 2007 : Debug: ldap: tls_mode = no Fri Sep 21 15:35:29 2007 : Debug: ldap: start_tls = no Fri Sep 21 15:35:29 2007 : Debug: ldap: tls_cacertfile = "(null)" Fri Sep 21 15:35:29 2007 : Debug: ldap: tls_cacertdir = "(null)" Fri Sep 21 15:35:29 2007 : Debug: ldap: tls_certfile = "(null)" Fri Sep 21 15:35:29 2007 : Debug: ldap: tls_keyfile = "(null)" Fri Sep 21 15:35:29 2007 : Debug: ldap: tls_randfile = "(null)" Fri Sep 21 15:35:29 2007 : Debug: ldap: tls_require_cert = "allow" Fri Sep 21 15:35:29 2007 : Debug: ldap: password = "XXXXXXX" Fri Sep 21 15:35:29 2007 : Debug: ldap: basedn = "ou=users,dc=grenoble,dc=cnrs,dc=fr" Fri Sep 21 15:35:29 2007 : Debug: ldap: filter = "(|(|(uid=%{Stripped-User-Name:-%{User-Name}})(mail=%{Stripped-User-Name:-%{User-Name}}))(mail=%{Stripped-User-Name:-%{User-Name}}@grenoble.cnrs.fr))" Fri Sep 21 15:35:29 2007 : Debug: ldap: base_filter = "(objectclass=radiusprofile)" Fri Sep 21 15:35:29 2007 : Debug: ldap: default_profile = "(null)" Fri Sep 21 15:35:29 2007 : Debug: ldap: profile_attribute = "(null)" Fri Sep 21 15:35:29 2007 : Debug: ldap: password_header = "(null)" Fri Sep 21 15:35:29 2007 : Debug: ldap: password_attribute = "(null)" Fri Sep 21 15:35:29 2007 : Debug: ldap: access_attr = "(null)" Fri Sep 21 15:35:29 2007 : Debug: ldap: groupname_attribute = "radiusGroupName" Fri Sep 21 15:35:29 2007 : Debug: ldap: groupmembership_filter = "(|(|(uid=%{Stripped-User-Name:-%{User-Name}})(mail=%{Stripped-User-Name:-%{User-Name}}))(mail=%{Stripped-User-Name:-%{User-Name}}@grenoble.cnrs.fr))" Fri Sep 21 15:35:29 2007 : Debug: ldap: groupmembership_attribute = "radiusGroupName" Fri Sep 21 15:35:29 2007 : Debug: ldap: dictionary_mapping = "/etc/freeradius/ldap.attrmap" Fri Sep 21 15:35:29 2007 : Debug: ldap: ldap_debug = 0 Fri Sep 21 15:35:29 2007 : Debug: ldap: ldap_connections_number = 5 Fri Sep 21 15:35:29 2007 : Debug: ldap: compare_check_items = no Fri Sep 21 15:35:29 2007 : Debug: ldap: access_attr_used_for_allow = yes Fri Sep 21 15:35:29 2007 : Debug: ldap: do_xlat = yes Fri Sep 21 15:35:29 2007 : Debug: ldap: edir_account_policy_check = no Fri Sep 21 15:35:29 2007 : Debug: ldap: set_auth_type = yes Fri Sep 21 15:35:29 2007 : Debug: rlm_ldap: Registering ldap_groupcmp for Ldap-Group Fri Sep 21 15:35:29 2007 : Debug: rlm_ldap: Registering ldap_xlat with xlat_name ldap Fri Sep 21 15:35:29 2007 : Debug: rlm_ldap: reading ldap<->radius mappings from file /etc/freeradius/ldap.attrmap Fri Sep 21 15:35:29 2007 : Debug: rlm_ldap: LDAP radiusCheckItem mapped to RADIUS $GENERIC$ Fri Sep 21 15:35:29 2007 : Debug: rlm_ldap: LDAP radiusReplyItem mapped to RADIUS $GENERIC$ Fri Sep 21 15:35:29 2007 : Debug: rlm_ldap: LDAP radiusAuthType mapped to RADIUS Auth-Type Fri Sep 21 15:35:29 2007 : Debug: rlm_ldap: LDAP radiusSimultaneousUse mapped to RADIUS Simultaneous-Use Fri Sep 21 15:35:29 2007 : Debug: rlm_ldap: LDAP radiusCalledStationId mapped to RADIUS Called-Station-Id Fri Sep 21 15:35:29 2007 : Debug: rlm_ldap: LDAP radiusCallingStationId mapped to RADIUS Calling-Station-Id Fri Sep 21 15:35:29 2007 : Debug: rlm_ldap: LDAP lmPassword mapped to RADIUS LM-Password Fri Sep 21 15:35:29 2007 : Debug: rlm_ldap: LDAP ntPassword mapped to RADIUS NT-Password Fri Sep 21 15:35:29 2007 : Debug: rlm_ldap: LDAP acctFlags mapped to RADIUS SMB-Account-CTRL-TEXT Fri Sep 21 15:35:29 2007 : Debug: rlm_ldap: LDAP radiusExpiration mapped to RADIUS Expiration Fri Sep 21 15:35:29 2007 : Debug: rlm_ldap: LDAP radiusNASIpAddress mapped to RADIUS NAS-IP-Address Fri Sep 21 15:35:29 2007 : Debug: rlm_ldap: LDAP radiusServiceType mapped to RADIUS Service-Type Fri Sep 21 15:35:29 2007 : Debug: rlm_ldap: LDAP radiusFramedProtocol mapped to RADIUS Framed-Protocol Fri Sep 21 15:35:29 2007 : Debug: rlm_ldap: LDAP radiusFramedIPAddress mapped to RADIUS Framed-IP-Address Fri Sep 21 15:35:29 2007 : Debug: rlm_ldap: LDAP radiusFramedIPNetmask mapped to RADIUS Framed-IP-Netmask Fri Sep 21 15:35:29 2007 : Debug: rlm_ldap: LDAP radiusFramedRoute mapped to RADIUS Framed-Route Fri Sep 21 15:35:29 2007 : Debug: rlm_ldap: LDAP radiusFramedRouting mapped to RADIUS Framed-Routing Fri Sep 21 15:35:29 2007 : Debug: rlm_ldap: LDAP radiusFilterId mapped to RADIUS Filter-Id Fri Sep 21 15:35:29 2007 : Debug: rlm_ldap: LDAP radiusFramedMTU mapped to RADIUS Framed-MTU Fri Sep 21 15:35:29 2007 : Debug: rlm_ldap: LDAP radiusFramedCompression mapped to RADIUS Framed-Compression Fri Sep 21 15:35:29 2007 : Debug: rlm_ldap: LDAP radiusLoginIPHost mapped to RADIUS Login-IP-Host Fri Sep 21 15:35:29 2007 : Debug: rlm_ldap: LDAP radiusLoginService mapped to RADIUS Login-Service Fri Sep 21 15:35:29 2007 : Debug: rlm_ldap: LDAP radiusLoginTCPPort mapped to RADIUS Login-TCP-Port Fri Sep 21 15:35:29 2007 : Debug: rlm_ldap: LDAP radiusCallbackNumber mapped to RADIUS Callback-Number Fri Sep 21 15:35:29 2007 : Debug: rlm_ldap: LDAP radiusCallbackId mapped to RADIUS Callback-Id Fri Sep 21 15:35:29 2007 : Debug: rlm_ldap: LDAP radiusFramedIPXNetwork mapped to RADIUS Framed-IPX-Network Fri Sep 21 15:35:29 2007 : Debug: rlm_ldap: LDAP radiusClass mapped to RADIUS Class Fri Sep 21 15:35:29 2007 : Debug: rlm_ldap: LDAP radiusSessionTimeout mapped to RADIUS Session-Timeout Fri Sep 21 15:35:29 2007 : Debug: rlm_ldap: LDAP radiusIdleTimeout mapped to RADIUS Idle-Timeout Fri Sep 21 15:35:29 2007 : Debug: rlm_ldap: LDAP radiusTerminationAction mapped to RADIUS Termination-Action Fri Sep 21 15:35:29 2007 : Debug: rlm_ldap: LDAP radiusLoginLATService mapped to RADIUS Login-LAT-Service Fri Sep 21 15:35:29 2007 : Debug: rlm_ldap: LDAP radiusLoginLATNode mapped to RADIUS Login-LAT-Node Fri Sep 21 15:35:29 2007 : Debug: rlm_ldap: LDAP radiusLoginLATGroup mapped to RADIUS Login-LAT-Group Fri Sep 21 15:35:29 2007 : Debug: rlm_ldap: LDAP radiusFramedAppleTalkLink mapped to RADIUS Framed-AppleTalk-Link Fri Sep 21 15:35:29 2007 : Debug: rlm_ldap: LDAP radiusFramedAppleTalkNetwork mapped to RADIUS Framed-AppleTalk-Network Fri Sep 21 15:35:29 2007 : Debug: rlm_ldap: LDAP radiusFramedAppleTalkZone mapped to RADIUS Framed-AppleTalk-Zone Fri Sep 21 15:35:29 2007 : Debug: rlm_ldap: LDAP radiusPortLimit mapped to RADIUS Port-Limit Fri Sep 21 15:35:29 2007 : Debug: rlm_ldap: LDAP radiusLoginLATPort mapped to RADIUS Login-LAT-Port Fri Sep 21 15:35:29 2007 : Debug: rlm_ldap: LDAP radiusReplyMessage mapped to RADIUS Reply-Message Fri Sep 21 15:35:29 2007 : Debug: conns: 0x5555557bc4c0 Fri Sep 21 15:35:29 2007 : Debug: Module: Instantiated ldap (ldap) Fri Sep 21 15:35:29 2007 : Debug: Module: Loaded eap Fri Sep 21 15:35:29 2007 : Debug: eap: default_eap_type = "ttls" Fri Sep 21 15:35:29 2007 : Debug: eap: timer_expire = 60 Fri Sep 21 15:35:29 2007 : Debug: eap: ignore_unknown_eap_types = yes Fri Sep 21 15:35:29 2007 : Debug: eap: cisco_accounting_username_bug = no Fri Sep 21 15:35:29 2007 : Debug: tls: rsa_key_exchange = no Fri Sep 21 15:35:29 2007 : Debug: tls: dh_key_exchange = yes Fri Sep 21 15:35:29 2007 : Debug: tls: rsa_key_length = 512 Fri Sep 21 15:35:29 2007 : Debug: tls: dh_key_length = 512 Fri Sep 21 15:35:29 2007 : Debug: tls: verify_depth = 0 Fri Sep 21 15:35:29 2007 : Debug: tls: CA_path = "(null)" Fri Sep 21 15:35:29 2007 : Debug: tls: pem_file_type = yes Fri Sep 21 15:35:29 2007 : Debug: tls: private_key_file = "/etc/freeradius/certs/radius.grenoble.cnrs.fr.key" Fri Sep 21 15:35:29 2007 : Debug: tls: certificate_file = "/etc/freeradius/certs/radius.grenoble.cnrs.fr.crt" Fri Sep 21 15:35:29 2007 : Debug: tls: CA_file = "/etc/freeradius/certs/CACNRS.pem" Fri Sep 21 15:35:29 2007 : Debug: tls: private_key_password = "(null)" Fri Sep 21 15:35:29 2007 : Debug: tls: dh_file = "/etc/freeradius/certs/dh" Fri Sep 21 15:35:29 2007 : Debug: tls: random_file = "/etc/freeradius/certs/random" Fri Sep 21 15:35:29 2007 : Debug: tls: fragment_size = 1024 Fri Sep 21 15:35:29 2007 : Debug: tls: include_length = yes Fri Sep 21 15:35:29 2007 : Debug: tls: check_crl = no Fri Sep 21 15:35:29 2007 : Debug: tls: check_cert_cn = "(null)" Fri Sep 21 15:35:29 2007 : Debug: tls: cipher_list = "DEFAULT" Fri Sep 21 15:35:29 2007 : Debug: tls: check_cert_issuer = "(null)" Fri Sep 21 15:35:29 2007 : Info: rlm_eap_tls: Loading the certificate file as a chain Fri Sep 21 15:35:29 2007 : Debug: rlm_eap: Loaded and initialized type tls Fri Sep 21 15:35:29 2007 : Debug: ttls: default_eap_type = "md5" Fri Sep 21 15:35:29 2007 : Debug: ttls: copy_request_to_tunnel = yes Fri Sep 21 15:35:29 2007 : Debug: ttls: use_tunneled_reply = yes Fri Sep 21 15:35:29 2007 : Debug: rlm_eap: Loaded and initialized type ttls Fri Sep 21 15:35:29 2007 : Debug: Module: Instantiated eap (eap) Fri Sep 21 15:35:29 2007 : Debug: Module: Loaded preprocess Fri Sep 21 15:35:29 2007 : Debug: preprocess: huntgroups = "/etc/freeradius/huntgroups" Fri Sep 21 15:35:29 2007 : Debug: preprocess: hints = "/etc/freeradius/hints" Fri Sep 21 15:35:29 2007 : Debug: preprocess: with_ascend_hack = no Fri Sep 21 15:35:29 2007 : Debug: preprocess: ascend_channels_per_line = 23 Fri Sep 21 15:35:29 2007 : Debug: preprocess: with_ntdomain_hack = no Fri Sep 21 15:35:29 2007 : Debug: preprocess: with_specialix_jetstream_hack = no Fri Sep 21 15:35:29 2007 : Debug: preprocess: with_cisco_vsa_hack = no Fri Sep 21 15:35:29 2007 : Debug: preprocess: with_alvarion_vsa_hack = no Fri Sep 21 15:35:29 2007 : Debug: Module: Instantiated preprocess (preprocess) Fri Sep 21 15:35:29 2007 : Debug: Module: Loaded realm Fri Sep 21 15:35:29 2007 : Debug: realm: format = "suffix" Fri Sep 21 15:35:29 2007 : Debug: realm: delimiter = "@" Fri Sep 21 15:35:29 2007 : Debug: realm: ignore_default = no Fri Sep 21 15:35:29 2007 : Debug: realm: ignore_null = no Fri Sep 21 15:35:29 2007 : Debug: Module: Instantiated realm (suffix) Fri Sep 21 15:35:29 2007 : Debug: Module: Loaded files Fri Sep 21 15:35:29 2007 : Debug: files: usersfile = "/etc/freeradius/users" Fri Sep 21 15:35:29 2007 : Debug: files: acctusersfile = "/etc/freeradius/acct_users" Fri Sep 21 15:35:29 2007 : Debug: files: preproxy_usersfile = "/etc/freeradius/preproxy_users" Fri Sep 21 15:35:29 2007 : Debug: files: compat = "no" Fri Sep 21 15:35:29 2007 : Debug: Module: Instantiated files (files) Fri Sep 21 15:35:29 2007 : Debug: Module: Loaded PAP Fri Sep 21 15:35:29 2007 : Debug: pap: encryption_scheme = "crypt" Fri Sep 21 15:35:29 2007 : Debug: pap: auto_header = no Fri Sep 21 15:35:29 2007 : Debug: Module: Instantiated pap (pap) Fri Sep 21 15:35:29 2007 : Debug: Module: Loaded Acct-Unique-Session-Id Fri Sep 21 15:35:29 2007 : Debug: acct_unique: key = "User-Name, Acct-Session-Id, NAS-IP-Address, Client-IP-Address, NAS-Port" Fri Sep 21 15:35:29 2007 : Debug: Module: Instantiated acct_unique (acct_unique) Fri Sep 21 15:35:29 2007 : Debug: Module: Loaded detail Fri Sep 21 15:35:29 2007 : Debug: detail: detailfile = "/var/log/freeradius/radacct/%{Client-IP-Address}/detail-%Y%m%d" Fri Sep 21 15:35:29 2007 : Debug: detail: detailperm = 384 Fri Sep 21 15:35:29 2007 : Debug: detail: dirperm = 493 Fri Sep 21 15:35:29 2007 : Debug: detail: locking = no Fri Sep 21 15:35:29 2007 : Debug: Module: Instantiated detail (detail) Fri Sep 21 15:35:29 2007 : Debug: Module: Loaded System Fri Sep 21 15:35:29 2007 : Debug: unix: cache = no Fri Sep 21 15:35:29 2007 : Debug: unix: passwd = "(null)" Fri Sep 21 15:35:29 2007 : Debug: unix: shadow = "(null)" Fri Sep 21 15:35:29 2007 : Debug: unix: group = "(null)" Fri Sep 21 15:35:29 2007 : Debug: unix: radwtmp = "/var/log/freeradius/radwtmp" Fri Sep 21 15:35:29 2007 : Debug: unix: usegroup = no Fri Sep 21 15:35:29 2007 : Debug: unix: cache_reload = 600 Fri Sep 21 15:35:29 2007 : Debug: Module: Instantiated unix (unix) Fri Sep 21 15:35:29 2007 : Debug: Module: Loaded radutmp Fri Sep 21 15:35:29 2007 : Debug: radutmp: filename = "/var/log/freeradius/radutmp" Fri Sep 21 15:35:29 2007 : Debug: radutmp: username = "%{User-Name}" Fri Sep 21 15:35:29 2007 : Debug: radutmp: case_sensitive = yes Fri Sep 21 15:35:29 2007 : Debug: radutmp: check_with_nas = yes Fri Sep 21 15:35:29 2007 : Debug: radutmp: perm = 384 Fri Sep 21 15:35:29 2007 : Debug: radutmp: callerid = yes Fri Sep 21 15:35:29 2007 : Debug: Module: Instantiated radutmp (radutmp) Fri Sep 21 15:35:29 2007 : Debug: Module: Loaded SQL Fri Sep 21 15:35:29 2007 : Debug: sql: driver = "rlm_sql_mysql" Fri Sep 21 15:35:29 2007 : Debug: sql: server = "localhost" Fri Sep 21 15:35:29 2007 : Debug: sql: port = "" Fri Sep 21 15:35:29 2007 : Debug: sql: login = "AcctRadius" Fri Sep 21 15:35:29 2007 : Debug: sql: password = "AcctRadius" Fri Sep 21 15:35:29 2007 : Debug: sql: radius_db = "accounting" Fri Sep 21 15:35:29 2007 : Debug: sql: nas_table = "nas" Fri Sep 21 15:35:29 2007 : Debug: sql: sqltrace = yes Fri Sep 21 15:35:29 2007 : Debug: sql: sqltracefile = "/var/log/freeradius/sqltrace.sql" Fri Sep 21 15:35:29 2007 : Debug: sql: readclients = no Fri Sep 21 15:35:29 2007 : Debug: sql: deletestalesessions = yes Fri Sep 21 15:35:29 2007 : Debug: sql: num_sql_socks = 5 Fri Sep 21 15:35:29 2007 : Debug: sql: sql_user_name = "%{User-Name}" Fri Sep 21 15:35:29 2007 : Debug: sql: default_user_profile = "" Fri Sep 21 15:35:29 2007 : Debug: sql: query_on_not_found = no Fri Sep 21 15:35:29 2007 : Debug: sql: authorize_check_query = "SELECT id, UserName, Attribute, Value, op FROM radcheck WHERE Username = '%{SQL-User-Name}' ORDER BY id" Fri Sep 21 15:35:29 2007 : Debug: sql: authorize_reply_query = "SELECT id, UserName, Attribute, Value, op FROM radreply WHERE Username = '%{SQL-User-Name}' ORDER BY id" Fri Sep 21 15:35:29 2007 : Debug: sql: authorize_group_check_query = "SELECT id, GroupName, Attribute, Value, op FROM radgroupcheck WHERE GroupName = '%{Sql-Group}' ORDER BY id" Fri Sep 21 15:35:29 2007 : Debug: sql: authorize_group_reply_query = "SELECT id, GroupName, Attribute, Value, op FROM radgroupreply WHERE GroupName = '%{Sql-Group}' ORDER BY id" Fri Sep 21 15:35:29 2007 : Debug: sql: accounting_onoff_query = "UPDATE radacct SET AcctStopTime='%S', AcctSessionTime=unix_timestamp('%S') - unix_timestamp(AcctStartTime), AcctTerminateCause='%{Acct-Terminate-Cause}', AcctStopDelay = %{Acct-Delay-Time:-0} WHERE AcctSessionTime=0 AND AcctStopTime=0 AND NASIPAddress= '%{NAS-IP-Address}' AND AcctStartTime <= '%S'" Fri Sep 21 15:35:29 2007 : Debug: sql: accounting_update_query = "UPDATE radacct SET FramedIPAddress = '%{Framed-IP-Address}', AcctSessionTime = '%{Acct-Session-Time}', AcctInputOctets = '%{Acct-Input-Octets}', AcctOutputOctets = '%{Acct-Output-Octets}' WHERE AcctSessionId = '%{Acct-Session-Id}' AND UserName = '%{SQL-User-Name}' AND NASIPAddress= '%{NAS-IP-Address}'" Fri Sep 21 15:35:29 2007 : Debug: sql: accounting_update_query_alt = "INSERT into radacct (AcctSessionId, AcctUniqueId, UserName, Realm, NASIPAddress, NASPortId, NASPortType, AcctStartTime, AcctSessionTime, AcctAuthentic, ConnectInfo_start, AcctInputOctets, AcctOutputOctets, CalledStationId, CallingStationId, ServiceType, FramedProtocol, FramedIPAddress, AcctStartDelay) values('%{Acct-Session-Id}', '%{Acct-Unique-Session-Id}', '%{SQL-User-Name}', '%{Realm}', '%{NAS-IP-Address}', '%{NAS-Port}', '%{NAS-Port-Type}', DATE_SUB('%S',INTERVAL (%{Acct-Session-Time:-0} + %{Acct-Delay-Time:-0}) SECOND), '%{Acct-Session-Time}', '%{Acct-Authentic}', '', '%{Acct-Input-Octets}', '%{Acct-Output-Octets}', '%{Called-Station-Id}', '%{Calling-Station-Id}', '%{Service-Type}', '%{Framed-Protocol}', '%{Framed-IP-Address}', '0')" Fri Sep 21 15:35:29 2007 : Debug: sql: accounting_start_query = "INSERT into radacct (AcctSessionId, AcctUniqueId, UserName, Realm, NASIPAddress, NASPortId, NASPortType, AcctStartTime, AcctStopTime, AcctSessionTime, AcctAuthentic, ConnectInfo_start, ConnectInfo_stop, AcctInputOctets, AcctOutputOctets, CalledStationId, CallingStationId, AcctTerminateCause, ServiceType, FramedProtocol, FramedIPAddress, AcctStartDelay, AcctStopDelay) values('%{Acct-Session-Id}', '%{Acct-Unique-Session-Id}', '%{SQL-User-Name}', '%{Realm}', '%{NAS-IP-Address}', '%{NAS-Port}', '%{NAS-Port-Type}', '%S', '0', '0', '%{Acct-Authentic}', '%{Connect-Info}', '', '0', '0', '%{Called-Station-Id}', '%{Calling-Station-Id}', '', '%{Service-Type}', '%{Framed-Protocol}', '%{Framed-IP-Address}', '%{Acct-Delay-Time:-0}', '0')" Fri Sep 21 15:35:29 2007 : Debug: sql: accounting_start_query_alt = "UPDATE radacct SET AcctStartTime = '%S', AcctStartDelay = '%{Acct-Delay-Time:-0}', ConnectInfo_start = '%{Connect-Info}' WHERE AcctSessionId = '%{Acct-Session-Id}' AND UserName = '%{SQL-User-Name}' AND NASIPAddress = '%{NAS-IP-Address}'" Fri Sep 21 15:35:29 2007 : Debug: sql: accounting_stop_query = "UPDATE radacct SET AcctStopTime = '%S', AcctSessionTime = '%{Acct-Session-Time}', AcctInputOctets = '%{Acct-Input-Octets}', AcctOutputOctets = '%{Acct-Output-Octets}', AcctTerminateCause = '%{Acct-Terminate-Cause}', AcctStopDelay = '%{Acct-Delay-Time:-0}', ConnectInfo_stop = '%{Connect-Info}' WHERE AcctSessionId = '%{Acct-Session-Id}' AND UserName = '%{SQL-User-Name}' AND NASIPAddress = '%{NAS-IP-Address}'" Fri Sep 21 15:35:29 2007 : Debug: sql: accounting_stop_query_alt = "INSERT into radacct (AcctSessionId, AcctUniqueId, UserName, Realm, NASIPAddress, NASPortId, NASPortType, AcctStartTime, AcctStopTime, AcctSessionTime, AcctAuthentic, ConnectInfo_start, ConnectInfo_stop, AcctInputOctets, AcctOutputOctets, CalledStationId, CallingStationId, AcctTerminateCause, ServiceType, FramedProtocol, FramedIPAddress, AcctStartDelay, AcctStopDelay) values('%{Acct-Session-Id}', '%{Acct-Unique-Session-Id}', '%{SQL-User-Name}', '%{Realm}', '%{NAS-IP-Address}', '%{NAS-Port}', '%{NAS-Port-Type}', DATE_SUB('%S', INTERVAL (%{Acct-Session-Time:-0} + %{Acct-Delay-Time:-0}) SECOND), '%S', '%{Acct-Session-Time}', '%{Acct-Authentic}', '', '%{Connect-Info}', '%{Acct-Input-Octets}', '%{Acct-Output-Octets}', '%{Called-Station-Id}', '%{Calling-Station-Id}', '%{Acct-Terminate-Cause}', '%{Service-Type}', '%{Framed-Protocol}', '%{Framed-IP-Address}', '0', '%{Acct-Delay-Time:-0}')" Fri Sep 21 15:35:29 2007 : Debug: sql: group_membership_query = "SELECT GroupName FROM radusergroup WHERE UserName = '%{SQL-User-Name}' ORDER BY priority" Fri Sep 21 15:35:29 2007 : Debug: sql: connect_failure_retry_delay = 60 Fri Sep 21 15:35:29 2007 : Debug: sql: simul_count_query = "" Fri Sep 21 15:35:29 2007 : Debug: sql: simul_verify_query = "SELECT RadAcctId, AcctSessionId, UserName, NASIPAddress, NASPortId, FramedIPAddress, CallingStationId, FramedProtocol FROM radacct WHERE UserName='%{SQL-User-Name}' AND AcctStopTime = 0" Fri Sep 21 15:35:29 2007 : Debug: sql: postauth_query = "INSERT into radpostauth (id, user, pass, reply, date) values ('', '%{User-Name}', '%{User-Password:-Chap-Password}', '%{reply:Packet-Type}', '%S')" Fri Sep 21 15:35:29 2007 : Debug: sql: safe-characters = "@abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789.-_: /" Fri Sep 21 15:35:29 2007 : Info: rlm_sql (sql): Driver rlm_sql_mysql (module rlm_sql_mysql) loaded and linked Fri Sep 21 15:35:29 2007 : Info: rlm_sql (sql): Attempting to connect to AcctRadius@localhost:/accounting Fri Sep 21 15:35:29 2007 : Debug: rlm_sql (sql): starting 0 Fri Sep 21 15:35:29 2007 : Debug: rlm_sql (sql): Attempting to connect rlm_sql_mysql #0 Fri Sep 21 15:35:29 2007 : Info: rlm_sql_mysql: Starting connect to MySQL server for #0 Fri Sep 21 15:35:29 2007 : Debug: rlm_sql (sql): Connected new DB handle, #0 Fri Sep 21 15:35:29 2007 : Debug: rlm_sql (sql): starting 1 Fri Sep 21 15:35:29 2007 : Debug: rlm_sql (sql): Attempting to connect rlm_sql_mysql #1 Fri Sep 21 15:35:29 2007 : Info: rlm_sql_mysql: Starting connect to MySQL server for #1 Fri Sep 21 15:35:29 2007 : Debug: rlm_sql (sql): Connected new DB handle, #1 Fri Sep 21 15:35:29 2007 : Debug: rlm_sql (sql): starting 2 Fri Sep 21 15:35:29 2007 : Debug: rlm_sql (sql): Attempting to connect rlm_sql_mysql #2 Fri Sep 21 15:35:29 2007 : Info: rlm_sql_mysql: Starting connect to MySQL server for #2 Fri Sep 21 15:35:29 2007 : Debug: rlm_sql (sql): Connected new DB handle, #2 Fri Sep 21 15:35:29 2007 : Debug: rlm_sql (sql): starting 3 Fri Sep 21 15:35:29 2007 : Debug: rlm_sql (sql): Attempting to connect rlm_sql_mysql #3 Fri Sep 21 15:35:29 2007 : Info: rlm_sql_mysql: Starting connect to MySQL server for #3 Fri Sep 21 15:35:29 2007 : Debug: rlm_sql (sql): Connected new DB handle, #3 Fri Sep 21 15:35:29 2007 : Debug: rlm_sql (sql): starting 4 Fri Sep 21 15:35:29 2007 : Debug: rlm_sql (sql): Attempting to connect rlm_sql_mysql #4 Fri Sep 21 15:35:29 2007 : Info: rlm_sql_mysql: Starting connect to MySQL server for #4 Fri Sep 21 15:35:29 2007 : Debug: rlm_sql (sql): Connected new DB handle, #4 Fri Sep 21 15:35:29 2007 : Debug: Module: Instantiated sql (sql) Fri Sep 21 15:35:29 2007 : Debug: Module: Loaded attr_filter Fri Sep 21 15:35:29 2007 : Debug: attr_filter: attrsfile = "/etc/freeradius/attrs.accounting_response" Fri Sep 21 15:35:29 2007 : Error: rlm_attr_filter: Authorize method will be deprecated. Fri Sep 21 15:35:29 2007 : Debug: Module: Instantiated attr_filter (attr_filter.accounting_response) Fri Sep 21 15:35:29 2007 : Debug: detail: detailfile = "/var/log/freeradius/radacct/%{Client-IP-Address}/pre-proxy-detail-%Y%m%d" Fri Sep 21 15:35:29 2007 : Debug: detail: detailperm = 384 Fri Sep 21 15:35:29 2007 : Debug: detail: dirperm = 493 Fri Sep 21 15:35:29 2007 : Debug: detail: locking = no Fri Sep 21 15:35:29 2007 : Debug: Module: Instantiated detail (pre_proxy_log) Fri Sep 21 15:35:29 2007 : Debug: detail: detailfile = "/var/log/freeradius/radacct/%{Client-IP-Address}/post-proxy-detail-%Y%m%d" Fri Sep 21 15:35:29 2007 : Debug: detail: detailperm = 384 Fri Sep 21 15:35:29 2007 : Debug: detail: dirperm = 493 Fri Sep 21 15:35:29 2007 : Debug: detail: locking = no Fri Sep 21 15:35:29 2007 : Debug: Module: Instantiated detail (post_proxy_log) Fri Sep 21 15:35:29 2007 : Debug: attr_filter: attrsfile = "/etc/freeradius/attrs" Fri Sep 21 15:35:29 2007 : Error: rlm_attr_filter: Authorize method will be deprecated. Fri Sep 21 15:35:29 2007 : Debug: Module: Instantiated attr_filter (attr_filter.post-proxy) Fri Sep 21 15:35:29 2007 : Debug: detail: detailfile = "/var/log/freeradius/radacct/%{Client-IP-Address}/post-proxy-detail-%Y%m%d-filtre" Fri Sep 21 15:35:29 2007 : Debug: detail: detailperm = 384 Fri Sep 21 15:35:29 2007 : Debug: detail: dirperm = 493 Fri Sep 21 15:35:29 2007 : Debug: detail: locking = no Fri Sep 21 15:35:29 2007 : Debug: Module: Instantiated detail (post_proxy_log_filtre) Fri Sep 21 15:35:29 2007 : Debug: Listening on authentication *:1812 Fri Sep 21 15:35:29 2007 : Debug: Listening on accounting *:1813 Fri Sep 21 15:35:29 2007 : Debug: Listening on proxy *:1814 Fri Sep 21 15:35:29 2007 : Info: Ready to process requests. rad_recv: Access-Request packet from host 192.168.240.131:1812, id=190, length=131 NAS-IP-Address = 192.168.240.131 NAS-Port = 50019 NAS-Port-Type = Ethernet User-Name = "dom.test" Called-Station-Id = "00-08-A3-72-C9-13" Calling-Station-Id = "00-30-13-C5-96-6D" Service-Type = Framed-User Framed-MTU = 1500 EAP-Message = 0x0200000d01646f6d2e74657374 Message-Authenticator = 0xd826e9898c0509c051e20cc8eb60f540 Fri Sep 21 15:35:38 2007 : Debug: Processing the authorize section of radiusd.conf Fri Sep 21 15:35:38 2007 : Debug: modcall: entering group authorize for request 0 Fri Sep 21 15:35:38 2007 : Debug: modsingle[authorize]: calling preprocess (rlm_preprocess) for request 0 Fri Sep 21 15:35:38 2007 : Debug: modsingle[authorize]: returned from preprocess (rlm_preprocess) for request 0 Fri Sep 21 15:35:38 2007 : Debug: modcall[authorize]: module "preprocess" returns ok for request 0 Fri Sep 21 15:35:38 2007 : Debug: modsingle[authorize]: calling suffix (rlm_realm) for request 0 Fri Sep 21 15:35:38 2007 : Debug: rlm_realm: No '@' in User-Name = "dom.test", looking up realm NULL Fri Sep 21 15:35:38 2007 : Debug: rlm_realm: Found realm "NULL" Fri Sep 21 15:35:38 2007 : Debug: rlm_realm: Adding Stripped-User-Name = "dom.test" Fri Sep 21 15:35:38 2007 : Debug: rlm_realm: Proxying request from user dom.test to realm NULL Fri Sep 21 15:35:38 2007 : Debug: rlm_realm: Adding Realm = "NULL" Fri Sep 21 15:35:38 2007 : Debug: rlm_realm: Authentication realm is LOCAL. Fri Sep 21 15:35:38 2007 : Debug: modsingle[authorize]: returned from suffix (rlm_realm) for request 0 Fri Sep 21 15:35:38 2007 : Debug: modcall[authorize]: module "suffix" returns noop for request 0 Fri Sep 21 15:35:38 2007 : Debug: modsingle[authorize]: calling eap (rlm_eap) for request 0 Fri Sep 21 15:35:38 2007 : Debug: rlm_eap: EAP packet type response id 0 length 13 Fri Sep 21 15:35:38 2007 : Debug: rlm_eap: No EAP Start, assuming it's an on-going EAP conversation Fri Sep 21 15:35:38 2007 : Debug: modsingle[authorize]: returned from eap (rlm_eap) for request 0 Fri Sep 21 15:35:38 2007 : Debug: modcall[authorize]: module "eap" returns updated for request 0 Fri Sep 21 15:35:38 2007 : Debug: modsingle[authorize]: calling files (rlm_files) for request 0 Fri Sep 21 15:35:38 2007 : Debug: rlm_ldap: Entering ldap_groupcmp() Fri Sep 21 15:35:38 2007 : Debug: radius_xlat: 'ou=users,dc=grenoble,dc=cnrs,dc=fr' Fri Sep 21 15:35:38 2007 : Debug: radius_xlat: '(|(|(uid=dom.test)(mail=dom.test))(mail=dom.test@grenoble.cnrs.fr))' Fri Sep 21 15:35:38 2007 : Debug: rlm_ldap: ldap_get_conn: Checking Id: 0 Fri Sep 21 15:35:38 2007 : Debug: rlm_ldap: ldap_get_conn: Got Id: 0 Fri Sep 21 15:35:38 2007 : Debug: rlm_ldap: attempting LDAP reconnection Fri Sep 21 15:35:38 2007 : Debug: rlm_ldap: (re)connect to ldaps://ldap.grenoble.cnrs.fr, authentication 0 Fri Sep 21 15:35:38 2007 : Debug: rlm_ldap: bind as cn=rad,dc=grenoble,dc=cnrs,dc=fr/XXXXXXX to ldaps://ldap.grenoble.cnrs.fr Fri Sep 21 15:35:38 2007 : Debug: rlm_ldap: waiting for bind result ... Fri Sep 21 15:35:38 2007 : Debug: rlm_ldap: Bind was successful Fri Sep 21 15:35:38 2007 : Debug: rlm_ldap: performing search in ou=users,dc=grenoble,dc=cnrs,dc=fr, with filter (|(|(uid=dom.test)(mail=dom.test))(mail=dom.test@grenoble.cnrs.fr)) Fri Sep 21 15:35:38 2007 : Debug: rlm_ldap: ldap_release_conn: Release Id: 0 Fri Sep 21 15:35:38 2007 : Debug: radius_xlat: '(|(|(uid=dom.test)(mail=dom.test))(mail=dom.test@grenoble.cnrs.fr))' Fri Sep 21 15:35:38 2007 : Debug: rlm_ldap: ldap_get_conn: Checking Id: 0 Fri Sep 21 15:35:38 2007 : Debug: rlm_ldap: ldap_get_conn: Got Id: 0 Fri Sep 21 15:35:38 2007 : Debug: rlm_ldap: performing search in ou=users,dc=grenoble,dc=cnrs,dc=fr, with filter (&(radiusGroupName=interneTEST)(|(|(uid=dom.test)(mail=dom.test))(mail=dom.test@grenoble.cnrs.fr))) Fri Sep 21 15:35:38 2007 : Debug: rlm_ldap: object not found or got ambiguous search result Fri Sep 21 15:35:38 2007 : Debug: rlm_ldap: ldap_release_conn: Release Id: 0 Fri Sep 21 15:35:38 2007 : Debug: rlm_ldap: ldap_get_conn: Checking Id: 0 Fri Sep 21 15:35:38 2007 : Debug: rlm_ldap: ldap_get_conn: Got Id: 0 Fri Sep 21 15:35:38 2007 : Debug: rlm_ldap: performing search in uid=dom.test,ou=creta,ou=users,dc=grenoble,dc=cnrs,dc=fr, with filter (objectclass=*) Fri Sep 21 15:35:38 2007 : Debug: rlm_ldap::groupcmp: Group interneTEST not found ????or user not a member Fri Sep 21 15:35:38 2007 : Debug: rlm_ldap: ldap_release_conn: Release Id: 0 Fri Sep 21 15:35:38 2007 : Debug: rlm_ldap: Entering ldap_groupcmp() Fri Sep 21 15:35:38 2007 : Debug: radius_xlat: 'ou=users,dc=grenoble,dc=cnrs,dc=fr' Fri Sep 21 15:35:38 2007 : Debug: radius_xlat: '(|(|(uid=dom.test)(mail=dom.test))(mail=dom.test@grenoble.cnrs.fr))' Fri Sep 21 15:35:38 2007 : Debug: rlm_ldap: ldap_get_conn: Checking Id: 0 Fri Sep 21 15:35:38 2007 : Debug: rlm_ldap: ldap_get_conn: Got Id: 0 Fri Sep 21 15:35:38 2007 : Debug: rlm_ldap: performing search in ou=users,dc=grenoble,dc=cnrs,dc=fr, with filter (&(radiusGroupName=inviteTEST)(|(|(uid=dom.test)(mail=dom.test))(mail=dom.test@grenoble.cnrs.fr))) Fri Sep 21 15:35:38 2007 : Debug: rlm_ldap::ldap_groupcmp: User found in group inviteTEST Fri Sep 21 15:35:38 2007 : Debug: rlm_ldap: ldap_release_conn: Release Id: 0 Fri Sep 21 15:35:38 2007 : Debug: users: Matched entry DEFAULT at line 325 Fri Sep 21 15:35:38 2007 : Debug: modsingle[authorize]: returned from files (rlm_files) for request 0 Fri Sep 21 15:35:38 2007 : Debug: modcall[authorize]: module "files" returns ok for request 0 Fri Sep 21 15:35:38 2007 : Debug: modsingle[authorize]: calling pap (rlm_pap) for request 0 Fri Sep 21 15:35:38 2007 : Debug: rlm_pap: WARNING! No "known good" password found for the user. Authentication may fail because of this. Fri Sep 21 15:35:38 2007 : Debug: modsingle[authorize]: returned from pap (rlm_pap) for request 0 Fri Sep 21 15:35:38 2007 : Debug: modcall[authorize]: module "pap" returns noop for request 0 Fri Sep 21 15:35:38 2007 : Debug: modcall: leaving group authorize (returns updated) for request 0 Fri Sep 21 15:35:38 2007 : Debug: Found Autz-Type ldap Fri Sep 21 15:35:38 2007 : Debug: Processing the authorize section of radiusd.conf Fri Sep 21 15:35:38 2007 : Debug: modcall: entering group LDAP for request 0 Fri Sep 21 15:35:38 2007 : Debug: modsingle[authorize]: calling ldap (rlm_ldap) for request 0 Fri Sep 21 15:35:38 2007 : Debug: rlm_ldap: - authorize Fri Sep 21 15:35:38 2007 : Debug: rlm_ldap: performing user authorization for dom.test Fri Sep 21 15:35:38 2007 : Debug: radius_xlat: '(|(|(uid=dom.test)(mail=dom.test))(mail=dom.test@grenoble.cnrs.fr))' Fri Sep 21 15:35:38 2007 : Debug: radius_xlat: 'ou=users,dc=grenoble,dc=cnrs,dc=fr' Fri Sep 21 15:35:38 2007 : Debug: rlm_ldap: ldap_get_conn: Checking Id: 0 Fri Sep 21 15:35:38 2007 : Debug: rlm_ldap: ldap_get_conn: Got Id: 0 Fri Sep 21 15:35:38 2007 : Debug: rlm_ldap: performing search in ou=users,dc=grenoble,dc=cnrs,dc=fr, with filter (|(|(uid=dom.test)(mail=dom.test))(mail=dom.test@grenoble.cnrs.fr)) Fri Sep 21 15:35:38 2007 : Debug: rlm_ldap: No default NMAS login sequence Fri Sep 21 15:35:38 2007 : Debug: rlm_ldap: looking for check items in directory... Fri Sep 21 15:35:38 2007 : Debug: rlm_ldap: looking for reply items in directory... Fri Sep 21 15:35:38 2007 : Debug: rlm_ldap: user dom.test authorized to use remote access Fri Sep 21 15:35:38 2007 : Debug: rlm_ldap: ldap_release_conn: Release Id: 0 Fri Sep 21 15:35:38 2007 : Debug: modsingle[authorize]: returned from ldap (rlm_ldap) for request 0 Fri Sep 21 15:35:38 2007 : Debug: modcall[authorize]: module "ldap" returns ok for request 0 Fri Sep 21 15:35:38 2007 : Debug: modcall: leaving group LDAP (returns ok) for request 0 Fri Sep 21 15:35:38 2007 : Debug: rad_check_password: Found Auth-Type EAP Fri Sep 21 15:35:38 2007 : Debug: auth: type "EAP" Fri Sep 21 15:35:38 2007 : Debug: Processing the authenticate section of radiusd.conf Fri Sep 21 15:35:38 2007 : Debug: modcall: entering group authenticate for request 0 Fri Sep 21 15:35:38 2007 : Debug: modsingle[authenticate]: calling eap (rlm_eap) for request 0 Fri Sep 21 15:35:38 2007 : Debug: rlm_eap: EAP Identity Fri Sep 21 15:35:38 2007 : Debug: rlm_eap: processing type tls Fri Sep 21 15:35:38 2007 : Debug: rlm_eap_tls: Initiate Fri Sep 21 15:35:38 2007 : Debug: rlm_eap_tls: Start returned 1 Fri Sep 21 15:35:38 2007 : Debug: modsingle[authenticate]: returned from eap (rlm_eap) for request 0 Fri Sep 21 15:35:38 2007 : Debug: modcall[authenticate]: module "eap" returns handled for request 0 Fri Sep 21 15:35:38 2007 : Debug: modcall: leaving group authenticate (returns handled) for request 0 Sending Access-Challenge of id 190 to 192.168.240.131 port 1812 Tunnel-Type:0 = VLAN Tunnel-Medium-Type:0 = IEEE-802 Tunnel-Private-Group-Id:0 = "245" EAP-Message = 0x010100061520 Message-Authenticator = 0x00000000000000000000000000000000 State = 0xe16c37091e6ab254790b19902839287b Fri Sep 21 15:35:38 2007 : Debug: Finished request 0 Fri Sep 21 15:35:38 2007 : Debug: Going to the next request Fri Sep 21 15:35:38 2007 : Debug: --- Walking the entire request list --- Fri Sep 21 15:35:38 2007 : Debug: Waking up in 6 seconds... rad_recv: Access-Request packet from host 192.168.240.131:1812, id=191, length=196 NAS-IP-Address = 192.168.240.131 NAS-Port = 50019 NAS-Port-Type = Ethernet User-Name = "dom.test" Called-Station-Id = "00-08-A3-72-C9-13" Calling-Station-Id = "00-30-13-C5-96-6D" Service-Type = Framed-User Framed-MTU = 1500 State = 0xe16c37091e6ab254790b19902839287b EAP-Message = 0x0201003c158000000032160301002d010000290301cd6f08ad375f3abcb877fce4ff119554aa63e6d6fc83f383e59de6007d42e749000002000a0100 Message-Authenticator = 0x3583065dadc3750f341973ee4d444d21 Fri Sep 21 15:35:39 2007 : Debug: Processing the authorize section of radiusd.conf Fri Sep 21 15:35:39 2007 : Debug: modcall: entering group authorize for request 1 Fri Sep 21 15:35:39 2007 : Debug: modsingle[authorize]: calling preprocess (rlm_preprocess) for request 1 Fri Sep 21 15:35:39 2007 : Debug: modsingle[authorize]: returned from preprocess (rlm_preprocess) for request 1 Fri Sep 21 15:35:39 2007 : Debug: modcall[authorize]: module "preprocess" returns ok for request 1 Fri Sep 21 15:35:39 2007 : Debug: modsingle[authorize]: calling suffix (rlm_realm) for request 1 Fri Sep 21 15:35:39 2007 : Debug: rlm_realm: No '@' in User-Name = "dom.test", looking up realm NULL Fri Sep 21 15:35:39 2007 : Debug: rlm_realm: Found realm "NULL" Fri Sep 21 15:35:39 2007 : Debug: rlm_realm: Adding Stripped-User-Name = "dom.test" Fri Sep 21 15:35:39 2007 : Debug: rlm_realm: Proxying request from user dom.test to realm NULL Fri Sep 21 15:35:39 2007 : Debug: rlm_realm: Adding Realm = "NULL" Fri Sep 21 15:35:39 2007 : Debug: rlm_realm: Authentication realm is LOCAL. Fri Sep 21 15:35:39 2007 : Debug: modsingle[authorize]: returned from suffix (rlm_realm) for request 1 Fri Sep 21 15:35:39 2007 : Debug: modcall[authorize]: module "suffix" returns noop for request 1 Fri Sep 21 15:35:39 2007 : Debug: modsingle[authorize]: calling eap (rlm_eap) for request 1 Fri Sep 21 15:35:39 2007 : Debug: rlm_eap: EAP packet type response id 1 length 60 Fri Sep 21 15:35:39 2007 : Debug: rlm_eap: No EAP Start, assuming it's an on-going EAP conversation Fri Sep 21 15:35:39 2007 : Debug: modsingle[authorize]: returned from eap (rlm_eap) for request 1 Fri Sep 21 15:35:39 2007 : Debug: modcall[authorize]: module "eap" returns updated for request 1 Fri Sep 21 15:35:39 2007 : Debug: modsingle[authorize]: calling files (rlm_files) for request 1 Fri Sep 21 15:35:39 2007 : Debug: rlm_ldap: Entering ldap_groupcmp() Fri Sep 21 15:35:39 2007 : Debug: radius_xlat: 'ou=users,dc=grenoble,dc=cnrs,dc=fr' Fri Sep 21 15:35:39 2007 : Debug: radius_xlat: '(|(|(uid=dom.test)(mail=dom.test))(mail=dom.test@grenoble.cnrs.fr))' Fri Sep 21 15:35:39 2007 : Debug: rlm_ldap: ldap_get_conn: Checking Id: 0 Fri Sep 21 15:35:39 2007 : Debug: rlm_ldap: ldap_get_conn: Got Id: 0 Fri Sep 21 15:35:39 2007 : Debug: rlm_ldap: performing search in ou=users,dc=grenoble,dc=cnrs,dc=fr, with filter (|(|(uid=dom.test)(mail=dom.test))(mail=dom.test@grenoble.cnrs.fr)) Fri Sep 21 15:35:39 2007 : Debug: rlm_ldap: ldap_release_conn: Release Id: 0 Fri Sep 21 15:35:39 2007 : Debug: radius_xlat: '(|(|(uid=dom.test)(mail=dom.test))(mail=dom.test@grenoble.cnrs.fr))' Fri Sep 21 15:35:39 2007 : Debug: rlm_ldap: ldap_get_conn: Checking Id: 0 Fri Sep 21 15:35:39 2007 : Debug: rlm_ldap: ldap_get_conn: Got Id: 0 Fri Sep 21 15:35:39 2007 : Debug: rlm_ldap: performing search in ou=users,dc=grenoble,dc=cnrs,dc=fr, with filter (&(radiusGroupName=interneTEST)(|(|(uid=dom.test)(mail=dom.test))(mail=dom.test@grenoble.cnrs.fr))) Fri Sep 21 15:35:39 2007 : Debug: rlm_ldap: object not found or got ambiguous search result Fri Sep 21 15:35:39 2007 : Debug: rlm_ldap: ldap_release_conn: Release Id: 0 Fri Sep 21 15:35:39 2007 : Debug: rlm_ldap: ldap_get_conn: Checking Id: 0 Fri Sep 21 15:35:39 2007 : Debug: rlm_ldap: ldap_get_conn: Got Id: 0 Fri Sep 21 15:35:39 2007 : Debug: rlm_ldap: performing search in uid=dom.test,ou=creta,ou=users,dc=grenoble,dc=cnrs,dc=fr, with filter (objectclass=*) Fri Sep 21 15:35:39 2007 : Debug: rlm_ldap::groupcmp: Group interneTEST not found ????or user not a member Fri Sep 21 15:35:39 2007 : Debug: rlm_ldap: ldap_release_conn: Release Id: 0 Fri Sep 21 15:35:39 2007 : Debug: rlm_ldap: Entering ldap_groupcmp() Fri Sep 21 15:35:39 2007 : Debug: radius_xlat: 'ou=users,dc=grenoble,dc=cnrs,dc=fr' Fri Sep 21 15:35:39 2007 : Debug: radius_xlat: '(|(|(uid=dom.test)(mail=dom.test))(mail=dom.test@grenoble.cnrs.fr))' Fri Sep 21 15:35:39 2007 : Debug: rlm_ldap: ldap_get_conn: Checking Id: 0 Fri Sep 21 15:35:39 2007 : Debug: rlm_ldap: ldap_get_conn: Got Id: 0 Fri Sep 21 15:35:39 2007 : Debug: rlm_ldap: performing search in ou=users,dc=grenoble,dc=cnrs,dc=fr, with filter (&(radiusGroupName=inviteTEST)(|(|(uid=dom.test)(mail=dom.test))(mail=dom.test@grenoble.cnrs.fr))) Fri Sep 21 15:35:39 2007 : Debug: rlm_ldap::ldap_groupcmp: User found in group inviteTEST Fri Sep 21 15:35:39 2007 : Debug: rlm_ldap: ldap_release_conn: Release Id: 0 Fri Sep 21 15:35:39 2007 : Debug: users: Matched entry DEFAULT at line 325 Fri Sep 21 15:35:39 2007 : Debug: modsingle[authorize]: returned from files (rlm_files) for request 1 Fri Sep 21 15:35:39 2007 : Debug: modcall[authorize]: module "files" returns ok for request 1 Fri Sep 21 15:35:39 2007 : Debug: modsingle[authorize]: calling pap (rlm_pap) for request 1 Fri Sep 21 15:35:39 2007 : Debug: rlm_pap: WARNING! No "known good" password found for the user. Authentication may fail because of this. Fri Sep 21 15:35:39 2007 : Debug: modsingle[authorize]: returned from pap (rlm_pap) for request 1 Fri Sep 21 15:35:39 2007 : Debug: modcall[authorize]: module "pap" returns noop for request 1 Fri Sep 21 15:35:39 2007 : Debug: modcall: leaving group authorize (returns updated) for request 1 Fri Sep 21 15:35:39 2007 : Debug: Found Autz-Type ldap Fri Sep 21 15:35:39 2007 : Debug: Processing the authorize section of radiusd.conf Fri Sep 21 15:35:39 2007 : Debug: modcall: entering group LDAP for request 1 Fri Sep 21 15:35:39 2007 : Debug: modsingle[authorize]: calling ldap (rlm_ldap) for request 1 Fri Sep 21 15:35:39 2007 : Debug: rlm_ldap: - authorize Fri Sep 21 15:35:39 2007 : Debug: rlm_ldap: performing user authorization for dom.test Fri Sep 21 15:35:39 2007 : Debug: radius_xlat: '(|(|(uid=dom.test)(mail=dom.test))(mail=dom.test@grenoble.cnrs.fr))' Fri Sep 21 15:35:39 2007 : Debug: radius_xlat: 'ou=users,dc=grenoble,dc=cnrs,dc=fr' Fri Sep 21 15:35:39 2007 : Debug: rlm_ldap: ldap_get_conn: Checking Id: 0 Fri Sep 21 15:35:39 2007 : Debug: rlm_ldap: ldap_get_conn: Got Id: 0 Fri Sep 21 15:35:39 2007 : Debug: rlm_ldap: performing search in ou=users,dc=grenoble,dc=cnrs,dc=fr, with filter (|(|(uid=dom.test)(mail=dom.test))(mail=dom.test@grenoble.cnrs.fr)) Fri Sep 21 15:35:39 2007 : Debug: rlm_ldap: No default NMAS login sequence Fri Sep 21 15:35:39 2007 : Debug: rlm_ldap: looking for check items in directory... Fri Sep 21 15:35:39 2007 : Debug: rlm_ldap: looking for reply items in directory... Fri Sep 21 15:35:39 2007 : Debug: rlm_ldap: user dom.test authorized to use remote access Fri Sep 21 15:35:39 2007 : Debug: rlm_ldap: ldap_release_conn: Release Id: 0 Fri Sep 21 15:35:39 2007 : Debug: modsingle[authorize]: returned from ldap (rlm_ldap) for request 1 Fri Sep 21 15:35:39 2007 : Debug: modcall[authorize]: module "ldap" returns ok for request 1 Fri Sep 21 15:35:39 2007 : Debug: modcall: leaving group LDAP (returns ok) for request 1 Fri Sep 21 15:35:39 2007 : Debug: rad_check_password: Found Auth-Type EAP Fri Sep 21 15:35:39 2007 : Debug: auth: type "EAP" Fri Sep 21 15:35:39 2007 : Debug: Processing the authenticate section of radiusd.conf Fri Sep 21 15:35:39 2007 : Debug: modcall: entering group authenticate for request 1 Fri Sep 21 15:35:39 2007 : Debug: modsingle[authenticate]: calling eap (rlm_eap) for request 1 Fri Sep 21 15:35:39 2007 : Debug: rlm_eap: Request found, released from the list Fri Sep 21 15:35:39 2007 : Debug: rlm_eap: EAP/ttls Fri Sep 21 15:35:39 2007 : Debug: rlm_eap: processing type ttls Fri Sep 21 15:35:39 2007 : Debug: rlm_eap_ttls: Authenticate Fri Sep 21 15:35:39 2007 : Debug: rlm_eap_tls: processing TLS Fri Sep 21 15:35:39 2007 : Debug: rlm_eap_tls: Length Included Fri Sep 21 15:35:39 2007 : Debug: eaptls_verify returned 11 Fri Sep 21 15:35:39 2007 : Debug: (other): before/accept initialization Fri Sep 21 15:35:39 2007 : Debug: TLS_accept: before/accept initialization Fri Sep 21 15:35:39 2007 : Debug: rlm_eap_tls: <<< TLS 1.0 Handshake [length 002d], ClientHello Fri Sep 21 15:35:39 2007 : Debug: TLS_accept: SSLv3 read client hello A Fri Sep 21 15:35:39 2007 : Debug: rlm_eap_tls: >>> TLS 1.0 Handshake [length 004a], ServerHello Fri Sep 21 15:35:39 2007 : Debug: TLS_accept: SSLv3 write server hello A Fri Sep 21 15:35:39 2007 : Debug: rlm_eap_tls: >>> TLS 1.0 Handshake [length 0af4], Certificate Fri Sep 21 15:35:39 2007 : Debug: TLS_accept: SSLv3 write certificate A Fri Sep 21 15:35:39 2007 : Debug: rlm_eap_tls: >>> TLS 1.0 Handshake [length 0004], ServerHelloDone Fri Sep 21 15:35:39 2007 : Debug: TLS_accept: SSLv3 write server done A Fri Sep 21 15:35:39 2007 : Debug: TLS_accept: SSLv3 flush data Fri Sep 21 15:35:39 2007 : Debug: TLS_accept: Need to read more data: SSLv3 read client certificate A Fri Sep 21 15:35:39 2007 : Debug: In SSL Handshake Phase Fri Sep 21 15:35:39 2007 : Debug: In SSL Accept mode Fri Sep 21 15:35:39 2007 : Debug: eaptls_process returned 13 Fri Sep 21 15:35:39 2007 : Debug: modsingle[authenticate]: returned from eap (rlm_eap) for request 1 Fri Sep 21 15:35:39 2007 : Debug: modcall[authenticate]: module "eap" returns handled for request 1 Fri Sep 21 15:35:39 2007 : Debug: modcall: leaving group authenticate (returns handled) for request 1 Sending Access-Challenge of id 191 to 192.168.240.131 port 1812 Tunnel-Type:0 = VLAN Tunnel-Medium-Type:0 = IEEE-802 Tunnel-Private-Group-Id:0 = "245" EAP-Message = 0x0102040a15c000000b51160301004a02000046030146f3c8ab1e8488352607a7977c3119efb6f1062f8981dda87844fc663f581d20209575a17827003018a17053487e67d46ffeef8268e1c6a024f76cea4e020c3750000a001603010af40b000af0000aed00040b30820407308202efa00302010202022aa9300d06092a864886f70d01010505003034310b3009060355040613024652310d300b060355040a1304434e5253311630140603550403130d434e52532d5374616e64617264301e170d3035313133303130323130305a170d3037313133303130323130305a3074310b3009060355040613024652310d300b060355040a1304434e525331 EAP-Message = 0x0e300c060355040b130555505231313120301e060355040313177261646975732e6772656e6f626c652e636e72732e66723124302206092a864886f70d010901161563726963406772656e6f626c652e636e72732e667230819f300d06092a864886f70d010101050003818d0030818902818100df35c7c5f7a9736b6ef45af154865888cb1feb2db74bee23a5d120e00d78f8776297efd28914c82b5e6253cf51b3b30b400dcadf9f96cf661554915043065443c6e22931cfb82ac8fd6af4a31083a57df1b5ac8a604d05e6bc3a02dd1f2b2570cc757346d93c1e8ddcb9f3f24042bcea5f731598f278f8715d1ea042580c3a930203010001a3820165 EAP-Message = 0x30820161300c0603551d130101ff04023000301106096086480186f84201010404030206c0300e0603551d0f0101ff0404030205e0301d0603551d250416301406082b0601050507030106082b06010505070302302f06096086480186f842010d0422162043657274696669636174207365727665757220434e52532d5374616e64617264301d0603551d0e04160414b201d9549927db5f2e5410d6b2b65ead9d77670c30530603551d23044c304a80146759a5e507744903ef05cfcc2ea418d510c89e3ca12fa42d302b310b3009060355040613024652310d300b060355040a1304434e5253310d300b06035504031304434e525382010230220603 EAP-Message = 0x551d11041b301982177261646975732e6772656e6f626c652e636e72732e667230460603551d1f043f303d303ba039a0378635687474703a2f2f63726c732e73657276696365732e636e72732e66722f434e52532d5374616e646172642f6765746465722e63726c300d06092a864886f70d010105050003820101000e12aad10f16c2e9e9dbc19673908f0168a4223139663ab18dadeecdd7106cdedd0f232c94b8e29cfe170ed0c2635518ac66b75bfff4e4cafb094c50eaef77d7990c9a75eda36f4cfb378188fe77368baab090f41d03742ca7c33eae07d8cd96d7268429385a1be32ee728175463a20e171d756011031039315a4b6a0c8923e9aa EAP-Message = 0x4f960ff197f0e929a194b0af6b8d41ce78620d7ef1d0 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x8009cde6dfb1850b04cf37415ede99fd Fri Sep 21 15:35:39 2007 : Debug: Finished request 1 Fri Sep 21 15:35:39 2007 : Debug: Going to the next request Fri Sep 21 15:35:39 2007 : Debug: --- Walking the entire request list --- Fri Sep 21 15:35:39 2007 : Debug: Waking up in 5 seconds... rad_recv: Access-Request packet from host 192.168.240.131:1812, id=192, length=142 NAS-IP-Address = 192.168.240.131 NAS-Port = 50019 NAS-Port-Type = Ethernet User-Name = "dom.test" Called-Station-Id = "00-08-A3-72-C9-13" Calling-Station-Id = "00-30-13-C5-96-6D" Service-Type = Framed-User Framed-MTU = 1500 State = 0x8009cde6dfb1850b04cf37415ede99fd EAP-Message = 0x020200061500 Message-Authenticator = 0x096d9f5e96fa51c6f13e37bd49266ac6 Fri Sep 21 15:35:39 2007 : Debug: Processing the authorize section of radiusd.conf Fri Sep 21 15:35:39 2007 : Debug: modcall: entering group authorize for request 2 Fri Sep 21 15:35:39 2007 : Debug: modsingle[authorize]: calling preprocess (rlm_preprocess) for request 2 Fri Sep 21 15:35:39 2007 : Debug: modsingle[authorize]: returned from preprocess (rlm_preprocess) for request 2 Fri Sep 21 15:35:39 2007 : Debug: modcall[authorize]: module "preprocess" returns ok for request 2 Fri Sep 21 15:35:39 2007 : Debug: modsingle[authorize]: calling suffix (rlm_realm) for request 2 Fri Sep 21 15:35:39 2007 : Debug: rlm_realm: No '@' in User-Name = "dom.test", looking up realm NULL Fri Sep 21 15:35:39 2007 : Debug: rlm_realm: Found realm "NULL" Fri Sep 21 15:35:39 2007 : Debug: rlm_realm: Adding Stripped-User-Name = "dom.test" Fri Sep 21 15:35:39 2007 : Debug: rlm_realm: Proxying request from user dom.test to realm NULL Fri Sep 21 15:35:39 2007 : Debug: rlm_realm: Adding Realm = "NULL" Fri Sep 21 15:35:39 2007 : Debug: rlm_realm: Authentication realm is LOCAL. Fri Sep 21 15:35:39 2007 : Debug: modsingle[authorize]: returned from suffix (rlm_realm) for request 2 Fri Sep 21 15:35:39 2007 : Debug: modcall[authorize]: module "suffix" returns noop for request 2 Fri Sep 21 15:35:39 2007 : Debug: modsingle[authorize]: calling eap (rlm_eap) for request 2 Fri Sep 21 15:35:39 2007 : Debug: rlm_eap: EAP packet type response id 2 length 6 Fri Sep 21 15:35:39 2007 : Debug: rlm_eap: No EAP Start, assuming it's an on-going EAP conversation Fri Sep 21 15:35:39 2007 : Debug: modsingle[authorize]: returned from eap (rlm_eap) for request 2 Fri Sep 21 15:35:39 2007 : Debug: modcall[authorize]: module "eap" returns updated for request 2 Fri Sep 21 15:35:39 2007 : Debug: modsingle[authorize]: calling files (rlm_files) for request 2 Fri Sep 21 15:35:39 2007 : Debug: rlm_ldap: Entering ldap_groupcmp() Fri Sep 21 15:35:39 2007 : Debug: radius_xlat: 'ou=users,dc=grenoble,dc=cnrs,dc=fr' Fri Sep 21 15:35:39 2007 : Debug: radius_xlat: '(|(|(uid=dom.test)(mail=dom.test))(mail=dom.test@grenoble.cnrs.fr))' Fri Sep 21 15:35:39 2007 : Debug: rlm_ldap: ldap_get_conn: Checking Id: 0 Fri Sep 21 15:35:39 2007 : Debug: rlm_ldap: ldap_get_conn: Got Id: 0 Fri Sep 21 15:35:39 2007 : Debug: rlm_ldap: performing search in ou=users,dc=grenoble,dc=cnrs,dc=fr, with filter (|(|(uid=dom.test)(mail=dom.test))(mail=dom.test@grenoble.cnrs.fr)) Fri Sep 21 15:35:39 2007 : Debug: rlm_ldap: ldap_release_conn: Release Id: 0 Fri Sep 21 15:35:39 2007 : Debug: radius_xlat: '(|(|(uid=dom.test)(mail=dom.test))(mail=dom.test@grenoble.cnrs.fr))' Fri Sep 21 15:35:39 2007 : Debug: rlm_ldap: ldap_get_conn: Checking Id: 0 Fri Sep 21 15:35:39 2007 : Debug: rlm_ldap: ldap_get_conn: Got Id: 0 Fri Sep 21 15:35:39 2007 : Debug: rlm_ldap: performing search in ou=users,dc=grenoble,dc=cnrs,dc=fr, with filter (&(radiusGroupName=interneTEST)(|(|(uid=dom.test)(mail=dom.test))(mail=dom.test@grenoble.cnrs.fr))) Fri Sep 21 15:35:39 2007 : Debug: rlm_ldap: object not found or got ambiguous search result Fri Sep 21 15:35:39 2007 : Debug: rlm_ldap: ldap_release_conn: Release Id: 0 Fri Sep 21 15:35:39 2007 : Debug: rlm_ldap: ldap_get_conn: Checking Id: 0 Fri Sep 21 15:35:39 2007 : Debug: rlm_ldap: ldap_get_conn: Got Id: 0 Fri Sep 21 15:35:39 2007 : Debug: rlm_ldap: performing search in uid=dom.test,ou=creta,ou=users,dc=grenoble,dc=cnrs,dc=fr, with filter (objectclass=*) Fri Sep 21 15:35:39 2007 : Debug: rlm_ldap::groupcmp: Group interneTEST not found ????or user not a member Fri Sep 21 15:35:39 2007 : Debug: rlm_ldap: ldap_release_conn: Release Id: 0 Fri Sep 21 15:35:39 2007 : Debug: rlm_ldap: Entering ldap_groupcmp() Fri Sep 21 15:35:39 2007 : Debug: radius_xlat: 'ou=users,dc=grenoble,dc=cnrs,dc=fr' Fri Sep 21 15:35:39 2007 : Debug: radius_xlat: '(|(|(uid=dom.test)(mail=dom.test))(mail=dom.test@grenoble.cnrs.fr))' Fri Sep 21 15:35:39 2007 : Debug: rlm_ldap: ldap_get_conn: Checking Id: 0 Fri Sep 21 15:35:39 2007 : Debug: rlm_ldap: ldap_get_conn: Got Id: 0 Fri Sep 21 15:35:39 2007 : Debug: rlm_ldap: performing search in ou=users,dc=grenoble,dc=cnrs,dc=fr, with filter (&(radiusGroupName=inviteTEST)(|(|(uid=dom.test)(mail=dom.test))(mail=dom.test@grenoble.cnrs.fr))) Fri Sep 21 15:35:39 2007 : Debug: rlm_ldap::ldap_groupcmp: User found in group inviteTEST Fri Sep 21 15:35:39 2007 : Debug: rlm_ldap: ldap_release_conn: Release Id: 0 Fri Sep 21 15:35:39 2007 : Debug: users: Matched entry DEFAULT at line 325 Fri Sep 21 15:35:39 2007 : Debug: modsingle[authorize]: returned from files (rlm_files) for request 2 Fri Sep 21 15:35:39 2007 : Debug: modcall[authorize]: module "files" returns ok for request 2 Fri Sep 21 15:35:39 2007 : Debug: modsingle[authorize]: calling pap (rlm_pap) for request 2 Fri Sep 21 15:35:39 2007 : Debug: rlm_pap: WARNING! No "known good" password found for the user. Authentication may fail because of this. Fri Sep 21 15:35:39 2007 : Debug: modsingle[authorize]: returned from pap (rlm_pap) for request 2 Fri Sep 21 15:35:39 2007 : Debug: modcall[authorize]: module "pap" returns noop for request 2 Fri Sep 21 15:35:39 2007 : Debug: modcall: leaving group authorize (returns updated) for request 2 Fri Sep 21 15:35:39 2007 : Debug: Found Autz-Type ldap Fri Sep 21 15:35:39 2007 : Debug: Processing the authorize section of radiusd.conf Fri Sep 21 15:35:39 2007 : Debug: modcall: entering group LDAP for request 2 Fri Sep 21 15:35:39 2007 : Debug: modsingle[authorize]: calling ldap (rlm_ldap) for request 2 Fri Sep 21 15:35:39 2007 : Debug: rlm_ldap: - authorize Fri Sep 21 15:35:39 2007 : Debug: rlm_ldap: performing user authorization for dom.test Fri Sep 21 15:35:39 2007 : Debug: radius_xlat: '(|(|(uid=dom.test)(mail=dom.test))(mail=dom.test@grenoble.cnrs.fr))' Fri Sep 21 15:35:39 2007 : Debug: radius_xlat: 'ou=users,dc=grenoble,dc=cnrs,dc=fr' Fri Sep 21 15:35:39 2007 : Debug: rlm_ldap: ldap_get_conn: Checking Id: 0 Fri Sep 21 15:35:39 2007 : Debug: rlm_ldap: ldap_get_conn: Got Id: 0 Fri Sep 21 15:35:39 2007 : Debug: rlm_ldap: performing search in ou=users,dc=grenoble,dc=cnrs,dc=fr, with filter (|(|(uid=dom.test)(mail=dom.test))(mail=dom.test@grenoble.cnrs.fr)) Fri Sep 21 15:35:39 2007 : Debug: rlm_ldap: No default NMAS login sequence Fri Sep 21 15:35:39 2007 : Debug: rlm_ldap: looking for check items in directory... Fri Sep 21 15:35:39 2007 : Debug: rlm_ldap: looking for reply items in directory... Fri Sep 21 15:35:39 2007 : Debug: rlm_ldap: user dom.test authorized to use remote access Fri Sep 21 15:35:39 2007 : Debug: rlm_ldap: ldap_release_conn: Release Id: 0 Fri Sep 21 15:35:39 2007 : Debug: modsingle[authorize]: returned from ldap (rlm_ldap) for request 2 Fri Sep 21 15:35:39 2007 : Debug: modcall[authorize]: module "ldap" returns ok for request 2 Fri Sep 21 15:35:39 2007 : Debug: modcall: leaving group LDAP (returns ok) for request 2 Fri Sep 21 15:35:39 2007 : Debug: rad_check_password: Found Auth-Type EAP Fri Sep 21 15:35:39 2007 : Debug: auth: type "EAP" Fri Sep 21 15:35:39 2007 : Debug: Processing the authenticate section of radiusd.conf Fri Sep 21 15:35:39 2007 : Debug: modcall: entering group authenticate for request 2 Fri Sep 21 15:35:39 2007 : Debug: modsingle[authenticate]: calling eap (rlm_eap) for request 2 Fri Sep 21 15:35:39 2007 : Debug: rlm_eap: Request found, released from the list Fri Sep 21 15:35:39 2007 : Debug: rlm_eap: EAP/ttls Fri Sep 21 15:35:39 2007 : Debug: rlm_eap: processing type ttls Fri Sep 21 15:35:39 2007 : Debug: rlm_eap_ttls: Authenticate Fri Sep 21 15:35:39 2007 : Debug: rlm_eap_tls: processing TLS Fri Sep 21 15:35:39 2007 : Debug: rlm_eap_tls: Received EAP-TLS ACK message Fri Sep 21 15:35:39 2007 : Debug: rlm_eap_tls: ack handshake fragment handler Fri Sep 21 15:35:39 2007 : Debug: eaptls_verify returned 1 Fri Sep 21 15:35:39 2007 : Debug: eaptls_process returned 13 Fri Sep 21 15:35:39 2007 : Debug: modsingle[authenticate]: returned from eap (rlm_eap) for request 2 Fri Sep 21 15:35:39 2007 : Debug: modcall[authenticate]: module "eap" returns handled for request 2 Fri Sep 21 15:35:39 2007 : Debug: modcall: leaving group authenticate (returns handled) for request 2 Sending Access-Challenge of id 192 to 192.168.240.131 port 1812 Tunnel-Type:0 = VLAN Tunnel-Medium-Type:0 = IEEE-802 Tunnel-Private-Group-Id:0 = "245" EAP-Message = 0x0103040a15c000000b51aef2010152718af34680242d09db9cfb824a49fb9fa25efb658d57bbf5f56d38a151404c9c6d6e5c14f1d82b180210568b32f2c8543ef9c3ae4ea1d535f7a1fc050ee430fa5d23db9663fa14e907f1f7fd32049d94f09fc1b959718cd615361b16db16dc7122bb17d80003713082036d30820255a003020102020102300d06092a864886f70d0101040500302b310b3009060355040613024652310d300b060355040a1304434e5253310d300b06035504031304434e5253301e170d3031303432373035343634395a170d3131303432353035343634395a3034310b3009060355040613024652310d300b060355040a130443 EAP-Message = 0x4e5253311630140603550403130d434e52532d5374616e6461726430820122300d06092a864886f70d01010105000382010f003082010a0282010100dce11e213d068beabd5eb488db0f9397b46d073d8662002dcaffb54a8ee756a48f612cf1a02aabf62add7c2cbfef75550bac094ee74e61c0e70cf09015451202c28cebc31264e26310182ecb0731d981e5dc29829b3156e2811e8a6fa7e8a958114456835db34e78702ddfb6fd728145d5f1ee4dceefbed53d0c9020459a0980af0f4cda200e80bf3ab3eb2780c0b90fc0a14e40dc3afd6a2abf40d52c7180f9f8ba6be4ea2a00ab2fbe9af0a7766d98299c0f2ff042f218975bc9f6cc195fbac2 EAP-Message = 0xbe12d25cb09094c0b7cb0604ef8f30ed322d7a4af793bba009a4b4ee33cbd0839bb5b5b390de8e901e599c20d54b1eedd74c4f86fa1c3a2aa1e9ac05a09dbf0203010001a3819230818f300c0603551d13040530030101ff301d0603551d0e041604146759a5e507744903ef05cfcc2ea418d510c89e3c30530603551d23044c304a801456eb68b9d25c7e98b5a553c3916f6358c4f96bb7a12fa42d302b310b3009060355040613024652310d300b060355040a1304434e5253310d300b06035504031304434e5253820100300b0603551d0f040403020106300d06092a864886f70d0101040500038201010006034783724590c24ee121d7ab17a901 EAP-Message = 0x5506ca406d55a21d5eebe2142359e409e290f63c8d36060f4ba7262365c2ea069a72bbb88ccb8a5fef7936257e00d7f30694fb8344292637c7eee987ce6c86801b713dd262aff6cd626c530fe67a93008c7b2e33e0411daabe659876f1950774b3e63f5375d54b06364b29c4f6dc8e138040107382ad157b047150b53733f2c864bba1107e36c6adaf6f7052a6d1aeccccbab0e859128f620dad03dd4b2ae8893988512fed61e8b73087db27556d6687a351098061715105be131dd94130fc755f0a969b18ffbe9081b413c0721108fd6a9a6a07bdf4832cb460366407fa3d6aa7b090047683dd33cb34e21798040ba1000368308203643082024ca003 EAP-Message = 0x020102020100300d06092a864886f70d010104050030 Message-Authenticator = 0x00000000000000000000000000000000 State = 0xbe744e17478db608583c31cbdd78feb6 Fri Sep 21 15:35:39 2007 : Debug: Finished request 2 Fri Sep 21 15:35:39 2007 : Debug: Going to the next request Fri Sep 21 15:35:39 2007 : Debug: Waking up in 5 seconds... rad_recv: Access-Request packet from host 192.168.240.131:1812, id=193, length=142 NAS-IP-Address = 192.168.240.131 NAS-Port = 50019 NAS-Port-Type = Ethernet User-Name = "dom.test" Called-Station-Id = "00-08-A3-72-C9-13" Calling-Station-Id = "00-30-13-C5-96-6D" Service-Type = Framed-User Framed-MTU = 1500 State = 0xbe744e17478db608583c31cbdd78feb6 EAP-Message = 0x020300061500 Message-Authenticator = 0xbfac97e35f8577507a74713aba564ddc Fri Sep 21 15:35:39 2007 : Debug: Processing the authorize section of radiusd.conf Fri Sep 21 15:35:39 2007 : Debug: modcall: entering group authorize for request 3 Fri Sep 21 15:35:39 2007 : Debug: modsingle[authorize]: calling preprocess (rlm_preprocess) for request 3 Fri Sep 21 15:35:39 2007 : Debug: modsingle[authorize]: returned from preprocess (rlm_preprocess) for request 3 Fri Sep 21 15:35:39 2007 : Debug: modcall[authorize]: module "preprocess" returns ok for request 3 Fri Sep 21 15:35:39 2007 : Debug: modsingle[authorize]: calling suffix (rlm_realm) for request 3 Fri Sep 21 15:35:39 2007 : Debug: rlm_realm: No '@' in User-Name = "dom.test", looking up realm NULL Fri Sep 21 15:35:39 2007 : Debug: rlm_realm: Found realm "NULL" Fri Sep 21 15:35:39 2007 : Debug: rlm_realm: Adding Stripped-User-Name = "dom.test" Fri Sep 21 15:35:39 2007 : Debug: rlm_realm: Proxying request from user dom.test to realm NULL Fri Sep 21 15:35:39 2007 : Debug: rlm_realm: Adding Realm = "NULL" Fri Sep 21 15:35:39 2007 : Debug: rlm_realm: Authentication realm is LOCAL. Fri Sep 21 15:35:39 2007 : Debug: modsingle[authorize]: returned from suffix (rlm_realm) for request 3 Fri Sep 21 15:35:39 2007 : Debug: modcall[authorize]: module "suffix" returns noop for request 3 Fri Sep 21 15:35:39 2007 : Debug: modsingle[authorize]: calling eap (rlm_eap) for request 3 Fri Sep 21 15:35:39 2007 : Debug: rlm_eap: EAP packet type response id 3 length 6 Fri Sep 21 15:35:39 2007 : Debug: rlm_eap: No EAP Start, assuming it's an on-going EAP conversation Fri Sep 21 15:35:39 2007 : Debug: modsingle[authorize]: returned from eap (rlm_eap) for request 3 Fri Sep 21 15:35:39 2007 : Debug: modcall[authorize]: module "eap" returns updated for request 3 Fri Sep 21 15:35:39 2007 : Debug: modsingle[authorize]: calling files (rlm_files) for request 3 Fri Sep 21 15:35:39 2007 : Debug: rlm_ldap: Entering ldap_groupcmp() Fri Sep 21 15:35:39 2007 : Debug: radius_xlat: 'ou=users,dc=grenoble,dc=cnrs,dc=fr' Fri Sep 21 15:35:39 2007 : Debug: radius_xlat: '(|(|(uid=dom.test)(mail=dom.test))(mail=dom.test@grenoble.cnrs.fr))' Fri Sep 21 15:35:39 2007 : Debug: rlm_ldap: ldap_get_conn: Checking Id: 0 Fri Sep 21 15:35:39 2007 : Debug: rlm_ldap: ldap_get_conn: Got Id: 0 Fri Sep 21 15:35:39 2007 : Debug: rlm_ldap: performing search in ou=users,dc=grenoble,dc=cnrs,dc=fr, with filter (|(|(uid=dom.test)(mail=dom.test))(mail=dom.test@grenoble.cnrs.fr)) Fri Sep 21 15:35:39 2007 : Debug: rlm_ldap: ldap_release_conn: Release Id: 0 Fri Sep 21 15:35:39 2007 : Debug: radius_xlat: '(|(|(uid=dom.test)(mail=dom.test))(mail=dom.test@grenoble.cnrs.fr))' Fri Sep 21 15:35:39 2007 : Debug: rlm_ldap: ldap_get_conn: Checking Id: 0 Fri Sep 21 15:35:39 2007 : Debug: rlm_ldap: ldap_get_conn: Got Id: 0 Fri Sep 21 15:35:39 2007 : Debug: rlm_ldap: performing search in ou=users,dc=grenoble,dc=cnrs,dc=fr, with filter (&(radiusGroupName=interneTEST)(|(|(uid=dom.test)(mail=dom.test))(mail=dom.test@grenoble.cnrs.fr))) Fri Sep 21 15:35:39 2007 : Debug: rlm_ldap: object not found or got ambiguous search result Fri Sep 21 15:35:39 2007 : Debug: rlm_ldap: ldap_release_conn: Release Id: 0 Fri Sep 21 15:35:39 2007 : Debug: rlm_ldap: ldap_get_conn: Checking Id: 0 Fri Sep 21 15:35:39 2007 : Debug: rlm_ldap: ldap_get_conn: Got Id: 0 Fri Sep 21 15:35:39 2007 : Debug: rlm_ldap: performing search in uid=dom.test,ou=creta,ou=users,dc=grenoble,dc=cnrs,dc=fr, with filter (objectclass=*) Fri Sep 21 15:35:39 2007 : Debug: rlm_ldap::groupcmp: Group interneTEST not found ????or user not a member Fri Sep 21 15:35:39 2007 : Debug: rlm_ldap: ldap_release_conn: Release Id: 0 Fri Sep 21 15:35:39 2007 : Debug: rlm_ldap: Entering ldap_groupcmp() Fri Sep 21 15:35:39 2007 : Debug: radius_xlat: 'ou=users,dc=grenoble,dc=cnrs,dc=fr' Fri Sep 21 15:35:39 2007 : Debug: radius_xlat: '(|(|(uid=dom.test)(mail=dom.test))(mail=dom.test@grenoble.cnrs.fr))' Fri Sep 21 15:35:39 2007 : Debug: rlm_ldap: ldap_get_conn: Checking Id: 0 Fri Sep 21 15:35:39 2007 : Debug: rlm_ldap: ldap_get_conn: Got Id: 0 Fri Sep 21 15:35:39 2007 : Debug: rlm_ldap: performing search in ou=users,dc=grenoble,dc=cnrs,dc=fr, with filter (&(radiusGroupName=inviteTEST)(|(|(uid=dom.test)(mail=dom.test))(mail=dom.test@grenoble.cnrs.fr))) Fri Sep 21 15:35:39 2007 : Debug: rlm_ldap::ldap_groupcmp: User found in group inviteTEST Fri Sep 21 15:35:39 2007 : Debug: rlm_ldap: ldap_release_conn: Release Id: 0 Fri Sep 21 15:35:39 2007 : Debug: users: Matched entry DEFAULT at line 325 Fri Sep 21 15:35:39 2007 : Debug: modsingle[authorize]: returned from files (rlm_files) for request 3 Fri Sep 21 15:35:39 2007 : Debug: modcall[authorize]: module "files" returns ok for request 3 Fri Sep 21 15:35:39 2007 : Debug: modsingle[authorize]: calling pap (rlm_pap) for request 3 Fri Sep 21 15:35:39 2007 : Debug: rlm_pap: WARNING! No "known good" password found for the user. Authentication may fail because of this. Fri Sep 21 15:35:39 2007 : Debug: modsingle[authorize]: returned from pap (rlm_pap) for request 3 Fri Sep 21 15:35:39 2007 : Debug: modcall[authorize]: module "pap" returns noop for request 3 Fri Sep 21 15:35:39 2007 : Debug: modcall: leaving group authorize (returns updated) for request 3 Fri Sep 21 15:35:39 2007 : Debug: Found Autz-Type ldap Fri Sep 21 15:35:39 2007 : Debug: Processing the authorize section of radiusd.conf Fri Sep 21 15:35:39 2007 : Debug: modcall: entering group LDAP for request 3 Fri Sep 21 15:35:39 2007 : Debug: modsingle[authorize]: calling ldap (rlm_ldap) for request 3 Fri Sep 21 15:35:39 2007 : Debug: rlm_ldap: - authorize Fri Sep 21 15:35:39 2007 : Debug: rlm_ldap: performing user authorization for dom.test Fri Sep 21 15:35:39 2007 : Debug: radius_xlat: '(|(|(uid=dom.test)(mail=dom.test))(mail=dom.test@grenoble.cnrs.fr))' Fri Sep 21 15:35:39 2007 : Debug: radius_xlat: 'ou=users,dc=grenoble,dc=cnrs,dc=fr' Fri Sep 21 15:35:39 2007 : Debug: rlm_ldap: ldap_get_conn: Checking Id: 0 Fri Sep 21 15:35:39 2007 : Debug: rlm_ldap: ldap_get_conn: Got Id: 0 Fri Sep 21 15:35:39 2007 : Debug: rlm_ldap: performing search in ou=users,dc=grenoble,dc=cnrs,dc=fr, with filter (|(|(uid=dom.test)(mail=dom.test))(mail=dom.test@grenoble.cnrs.fr)) Fri Sep 21 15:35:39 2007 : Debug: rlm_ldap: No default NMAS login sequence Fri Sep 21 15:35:39 2007 : Debug: rlm_ldap: looking for check items in directory... Fri Sep 21 15:35:39 2007 : Debug: rlm_ldap: looking for reply items in directory... Fri Sep 21 15:35:39 2007 : Debug: rlm_ldap: user dom.test authorized to use remote access Fri Sep 21 15:35:39 2007 : Debug: rlm_ldap: ldap_release_conn: Release Id: 0 Fri Sep 21 15:35:39 2007 : Debug: modsingle[authorize]: returned from ldap (rlm_ldap) for request 3 Fri Sep 21 15:35:39 2007 : Debug: modcall[authorize]: module "ldap" returns ok for request 3 Fri Sep 21 15:35:39 2007 : Debug: modcall: leaving group LDAP (returns ok) for request 3 Fri Sep 21 15:35:39 2007 : Debug: rad_check_password: Found Auth-Type EAP Fri Sep 21 15:35:39 2007 : Debug: auth: type "EAP" Fri Sep 21 15:35:39 2007 : Debug: Processing the authenticate section of radiusd.conf Fri Sep 21 15:35:39 2007 : Debug: modcall: entering group authenticate for request 3 Fri Sep 21 15:35:39 2007 : Debug: modsingle[authenticate]: calling eap (rlm_eap) for request 3 Fri Sep 21 15:35:39 2007 : Debug: rlm_eap: Request found, released from the list Fri Sep 21 15:35:39 2007 : Debug: rlm_eap: EAP/ttls Fri Sep 21 15:35:39 2007 : Debug: rlm_eap: processing type ttls Fri Sep 21 15:35:39 2007 : Debug: rlm_eap_ttls: Authenticate Fri Sep 21 15:35:39 2007 : Debug: rlm_eap_tls: processing TLS Fri Sep 21 15:35:39 2007 : Debug: rlm_eap_tls: Received EAP-TLS ACK message Fri Sep 21 15:35:39 2007 : Debug: rlm_eap_tls: ack handshake fragment handler Fri Sep 21 15:35:39 2007 : Debug: eaptls_verify returned 1 Fri Sep 21 15:35:39 2007 : Debug: eaptls_process returned 13 Fri Sep 21 15:35:39 2007 : Debug: modsingle[authenticate]: returned from eap (rlm_eap) for request 3 Fri Sep 21 15:35:39 2007 : Debug: modcall[authenticate]: module "eap" returns handled for request 3 Fri Sep 21 15:35:39 2007 : Debug: modcall: leaving group authenticate (returns handled) for request 3 Sending Access-Challenge of id 193 to 192.168.240.131 port 1812 Tunnel-Type:0 = VLAN Tunnel-Medium-Type:0 = IEEE-802 Tunnel-Private-Group-Id:0 = "245" EAP-Message = 0x0104035b158000000b512b310b3009060355040613024652310d300b060355040a1304434e5253310d300b06035504031304434e5253301e170d3031303432373035343433365a170d3231303432323035343433365a302b310b3009060355040613024652310d300b060355040a1304434e5253310d300b06035504031304434e525330820122300d06092a864886f70d01010105000382010f003082010a0282010100dd77abf1eafc78b514a1dc776256978c2fb754c24c54a6d47d22477b74a9f7e3ad7c55b214f0485d988f02bd9211b6884fc415f56f585bf789b527eaafa0fca08e88868f9f24b6904e24dc67d04f8f7e562d1b280772b11767 EAP-Message = 0xa00edb424ec37cb425a2f88c04b1a9825d8c8fd4837beeaa9fd7d2dbf65b6ec28110d69aab5d881c36ca0564684b8b9ec0509423fdb628b5af5da4dda6c5d3d8572b3ef8b5bac4d8ff12225f24690762e4344a0877ca30bbecd3ed759068a28c717227de15262c2521842a9e5718817223bd661f0fe3b7bd17da12ba1954f41c2d8f715233b1b628b67a68cb9a4d5238fa488cc14b89968fc6175bcbb90e0e815c1ac7343957bd0203010001a3819230818f300c0603551d13040530030101ff301d0603551d0e0416041456eb68b9d25c7e98b5a553c3916f6358c4f96bb730530603551d23044c304a801456eb68b9d25c7e98b5a553c3916f6358c4 EAP-Message = 0xf96bb7a12fa42d302b310b3009060355040613024652310d300b060355040a1304434e5253310d300b06035504031304434e5253820100300b0603551d0f040403020106300d06092a864886f70d0101040500038201010038d7c329bc7a77a25e164749865ed019386ade810802b9a7a002a688b80de24935cee6aaa234d2f9a384379a15e9592bb7bdcc11ae29218f8f9139fa9d77e2e839eaec2ed6ca4847224c65b1d3b66f581b342e8a109d128474a4795257005314c898de816ec50b75a75ae7d335084588f5845098f0073ec5863e2e095aa2dcb6a06b7b37ab9f03706eddf59cc00e05ecb5845b23b489211088adfb2d08e400131c55b38f77 EAP-Message = 0xbe20acdc011c797c670c5a5f4fb99489beab9a2c12b1a863c6628003fd4c7095bdc6e805dacbbe09a61fe96dd2852e43d31f1a5c76fe13766160f964d45878bf7fefe573a343da2a7f77db347972d98ee5a5ed52d0c4464c5f1baa16030100040e000000 Message-Authenticator = 0x00000000000000000000000000000000 State = 0xda73493db338057143062d7ef2af654c Fri Sep 21 15:35:39 2007 : Debug: Finished request 3 Fri Sep 21 15:35:39 2007 : Debug: Going to the next request Fri Sep 21 15:35:39 2007 : Debug: Waking up in 5 seconds... rad_recv: Access-Request packet from host 192.168.240.131:1812, id=194, length=336 NAS-IP-Address = 192.168.240.131 NAS-Port = 50019 NAS-Port-Type = Ethernet User-Name = "dom.test" Called-Station-Id = "00-08-A3-72-C9-13" Calling-Station-Id = "00-30-13-C5-96-6D" Service-Type = Framed-User Framed-MTU = 1500 State = 0xda73493db338057143062d7ef2af654c EAP-Message = 0x020400c81580000000be16030100861000008200806cf2007de62eb6e0e865045e25bccc035eab934ada5b4854a0fb7dec53637726386cef2139dcbb37b0f3cada13be1e623c3a9d40ee7e4ce100a834520b0d5c075a858ec38d93e83d043e161ad895ab2f751a4d54b27350dc6bdd0ed7d0a2463b881bb0f8caa2b766787425daa8710c36f9948cd0a4a4f232a265cea88fcdfd0a14030100010116030100289a1051348dcd192410eedd4c6d6b3d13f77e1384d5de71be282593160535c183aff11af45f699c99 Message-Authenticator = 0x86bfa37efe36fb66d2ed483b57e478e9 Fri Sep 21 15:35:39 2007 : Debug: Processing the authorize section of radiusd.conf Fri Sep 21 15:35:39 2007 : Debug: modcall: entering group authorize for request 4 Fri Sep 21 15:35:39 2007 : Debug: modsingle[authorize]: calling preprocess (rlm_preprocess) for request 4 Fri Sep 21 15:35:39 2007 : Debug: modsingle[authorize]: returned from preprocess (rlm_preprocess) for request 4 Fri Sep 21 15:35:39 2007 : Debug: modcall[authorize]: module "preprocess" returns ok for request 4 Fri Sep 21 15:35:39 2007 : Debug: modsingle[authorize]: calling suffix (rlm_realm) for request 4 Fri Sep 21 15:35:39 2007 : Debug: rlm_realm: No '@' in User-Name = "dom.test", looking up realm NULL Fri Sep 21 15:35:39 2007 : Debug: rlm_realm: Found realm "NULL" Fri Sep 21 15:35:39 2007 : Debug: rlm_realm: Adding Stripped-User-Name = "dom.test" Fri Sep 21 15:35:39 2007 : Debug: rlm_realm: Proxying request from user dom.test to realm NULL Fri Sep 21 15:35:39 2007 : Debug: rlm_realm: Adding Realm = "NULL" Fri Sep 21 15:35:39 2007 : Debug: rlm_realm: Authentication realm is LOCAL. Fri Sep 21 15:35:39 2007 : Debug: modsingle[authorize]: returned from suffix (rlm_realm) for request 4 Fri Sep 21 15:35:39 2007 : Debug: modcall[authorize]: module "suffix" returns noop for request 4 Fri Sep 21 15:35:39 2007 : Debug: modsingle[authorize]: calling eap (rlm_eap) for request 4 Fri Sep 21 15:35:39 2007 : Debug: rlm_eap: EAP packet type response id 4 length 200 Fri Sep 21 15:35:39 2007 : Debug: rlm_eap: No EAP Start, assuming it's an on-going EAP conversation Fri Sep 21 15:35:39 2007 : Debug: modsingle[authorize]: returned from eap (rlm_eap) for request 4 Fri Sep 21 15:35:39 2007 : Debug: modcall[authorize]: module "eap" returns updated for request 4 Fri Sep 21 15:35:39 2007 : Debug: modsingle[authorize]: calling files (rlm_files) for request 4 Fri Sep 21 15:35:39 2007 : Debug: rlm_ldap: Entering ldap_groupcmp() Fri Sep 21 15:35:39 2007 : Debug: radius_xlat: 'ou=users,dc=grenoble,dc=cnrs,dc=fr' Fri Sep 21 15:35:39 2007 : Debug: radius_xlat: '(|(|(uid=dom.test)(mail=dom.test))(mail=dom.test@grenoble.cnrs.fr))' Fri Sep 21 15:35:39 2007 : Debug: rlm_ldap: ldap_get_conn: Checking Id: 0 Fri Sep 21 15:35:39 2007 : Debug: rlm_ldap: ldap_get_conn: Got Id: 0 Fri Sep 21 15:35:39 2007 : Debug: rlm_ldap: performing search in ou=users,dc=grenoble,dc=cnrs,dc=fr, with filter (|(|(uid=dom.test)(mail=dom.test))(mail=dom.test@grenoble.cnrs.fr)) Fri Sep 21 15:35:39 2007 : Debug: rlm_ldap: ldap_release_conn: Release Id: 0 Fri Sep 21 15:35:39 2007 : Debug: radius_xlat: '(|(|(uid=dom.test)(mail=dom.test))(mail=dom.test@grenoble.cnrs.fr))' Fri Sep 21 15:35:39 2007 : Debug: rlm_ldap: ldap_get_conn: Checking Id: 0 Fri Sep 21 15:35:39 2007 : Debug: rlm_ldap: ldap_get_conn: Got Id: 0 Fri Sep 21 15:35:39 2007 : Debug: rlm_ldap: performing search in ou=users,dc=grenoble,dc=cnrs,dc=fr, with filter (&(radiusGroupName=interneTEST)(|(|(uid=dom.test)(mail=dom.test))(mail=dom.test@grenoble.cnrs.fr))) Fri Sep 21 15:35:39 2007 : Debug: rlm_ldap: object not found or got ambiguous search result Fri Sep 21 15:35:39 2007 : Debug: rlm_ldap: ldap_release_conn: Release Id: 0 Fri Sep 21 15:35:39 2007 : Debug: rlm_ldap: ldap_get_conn: Checking Id: 0 Fri Sep 21 15:35:39 2007 : Debug: rlm_ldap: ldap_get_conn: Got Id: 0 Fri Sep 21 15:35:39 2007 : Debug: rlm_ldap: performing search in uid=dom.test,ou=creta,ou=users,dc=grenoble,dc=cnrs,dc=fr, with filter (objectclass=*) Fri Sep 21 15:35:39 2007 : Debug: rlm_ldap::groupcmp: Group interneTEST not found ????or user not a member Fri Sep 21 15:35:39 2007 : Debug: rlm_ldap: ldap_release_conn: Release Id: 0 Fri Sep 21 15:35:39 2007 : Debug: rlm_ldap: Entering ldap_groupcmp() Fri Sep 21 15:35:39 2007 : Debug: radius_xlat: 'ou=users,dc=grenoble,dc=cnrs,dc=fr' Fri Sep 21 15:35:39 2007 : Debug: radius_xlat: '(|(|(uid=dom.test)(mail=dom.test))(mail=dom.test@grenoble.cnrs.fr))' Fri Sep 21 15:35:39 2007 : Debug: rlm_ldap: ldap_get_conn: Checking Id: 0 Fri Sep 21 15:35:39 2007 : Debug: rlm_ldap: ldap_get_conn: Got Id: 0 Fri Sep 21 15:35:39 2007 : Debug: rlm_ldap: performing search in ou=users,dc=grenoble,dc=cnrs,dc=fr, with filter (&(radiusGroupName=inviteTEST)(|(|(uid=dom.test)(mail=dom.test))(mail=dom.test@grenoble.cnrs.fr))) Fri Sep 21 15:35:39 2007 : Debug: rlm_ldap::ldap_groupcmp: User found in group inviteTEST Fri Sep 21 15:35:39 2007 : Debug: rlm_ldap: ldap_release_conn: Release Id: 0 Fri Sep 21 15:35:39 2007 : Debug: users: Matched entry DEFAULT at line 325 Fri Sep 21 15:35:39 2007 : Debug: modsingle[authorize]: returned from files (rlm_files) for request 4 Fri Sep 21 15:35:39 2007 : Debug: modcall[authorize]: module "files" returns ok for request 4 Fri Sep 21 15:35:39 2007 : Debug: modsingle[authorize]: calling pap (rlm_pap) for request 4 Fri Sep 21 15:35:39 2007 : Debug: rlm_pap: WARNING! No "known good" password found for the user. Authentication may fail because of this. Fri Sep 21 15:35:39 2007 : Debug: modsingle[authorize]: returned from pap (rlm_pap) for request 4 Fri Sep 21 15:35:39 2007 : Debug: modcall[authorize]: module "pap" returns noop for request 4 Fri Sep 21 15:35:39 2007 : Debug: modcall: leaving group authorize (returns updated) for request 4 Fri Sep 21 15:35:39 2007 : Debug: Found Autz-Type ldap Fri Sep 21 15:35:39 2007 : Debug: Processing the authorize section of radiusd.conf Fri Sep 21 15:35:39 2007 : Debug: modcall: entering group LDAP for request 4 Fri Sep 21 15:35:39 2007 : Debug: modsingle[authorize]: calling ldap (rlm_ldap) for request 4 Fri Sep 21 15:35:39 2007 : Debug: rlm_ldap: - authorize Fri Sep 21 15:35:39 2007 : Debug: rlm_ldap: performing user authorization for dom.test Fri Sep 21 15:35:39 2007 : Debug: radius_xlat: '(|(|(uid=dom.test)(mail=dom.test))(mail=dom.test@grenoble.cnrs.fr))' Fri Sep 21 15:35:39 2007 : Debug: radius_xlat: 'ou=users,dc=grenoble,dc=cnrs,dc=fr' Fri Sep 21 15:35:39 2007 : Debug: rlm_ldap: ldap_get_conn: Checking Id: 0 Fri Sep 21 15:35:39 2007 : Debug: rlm_ldap: ldap_get_conn: Got Id: 0 Fri Sep 21 15:35:39 2007 : Debug: rlm_ldap: performing search in ou=users,dc=grenoble,dc=cnrs,dc=fr, with filter (|(|(uid=dom.test)(mail=dom.test))(mail=dom.test@grenoble.cnrs.fr)) Fri Sep 21 15:35:39 2007 : Debug: rlm_ldap: No default NMAS login sequence Fri Sep 21 15:35:39 2007 : Debug: rlm_ldap: looking for check items in directory... Fri Sep 21 15:35:39 2007 : Debug: rlm_ldap: looking for reply items in directory... Fri Sep 21 15:35:39 2007 : Debug: rlm_ldap: user dom.test authorized to use remote access Fri Sep 21 15:35:39 2007 : Debug: rlm_ldap: ldap_release_conn: Release Id: 0 Fri Sep 21 15:35:39 2007 : Debug: modsingle[authorize]: returned from ldap (rlm_ldap) for request 4 Fri Sep 21 15:35:39 2007 : Debug: modcall[authorize]: module "ldap" returns ok for request 4 Fri Sep 21 15:35:39 2007 : Debug: modcall: leaving group LDAP (returns ok) for request 4 Fri Sep 21 15:35:39 2007 : Debug: rad_check_password: Found Auth-Type EAP Fri Sep 21 15:35:39 2007 : Debug: auth: type "EAP" Fri Sep 21 15:35:39 2007 : Debug: Processing the authenticate section of radiusd.conf Fri Sep 21 15:35:39 2007 : Debug: modcall: entering group authenticate for request 4 Fri Sep 21 15:35:39 2007 : Debug: modsingle[authenticate]: calling eap (rlm_eap) for request 4 Fri Sep 21 15:35:39 2007 : Debug: rlm_eap: Request found, released from the list Fri Sep 21 15:35:39 2007 : Debug: rlm_eap: EAP/ttls Fri Sep 21 15:35:39 2007 : Debug: rlm_eap: processing type ttls Fri Sep 21 15:35:39 2007 : Debug: rlm_eap_ttls: Authenticate Fri Sep 21 15:35:39 2007 : Debug: rlm_eap_tls: processing TLS Fri Sep 21 15:35:39 2007 : Debug: rlm_eap_tls: Length Included Fri Sep 21 15:35:39 2007 : Debug: eaptls_verify returned 11 Fri Sep 21 15:35:39 2007 : Debug: rlm_eap_tls: <<< TLS 1.0 Handshake [length 0086], ClientKeyExchange Fri Sep 21 15:35:39 2007 : Debug: TLS_accept: SSLv3 read client key exchange A Fri Sep 21 15:35:39 2007 : Debug: rlm_eap_tls: <<< TLS 1.0 ChangeCipherSpec [length 0001] Fri Sep 21 15:35:39 2007 : Debug: rlm_eap_tls: <<< TLS 1.0 Handshake [length 0010], Finished Fri Sep 21 15:35:39 2007 : Debug: TLS_accept: SSLv3 read finished A Fri Sep 21 15:35:39 2007 : Debug: rlm_eap_tls: >>> TLS 1.0 ChangeCipherSpec [length 0001] Fri Sep 21 15:35:39 2007 : Debug: TLS_accept: SSLv3 write change cipher spec A Fri Sep 21 15:35:39 2007 : Debug: rlm_eap_tls: >>> TLS 1.0 Handshake [length 0010], Finished Fri Sep 21 15:35:39 2007 : Debug: TLS_accept: SSLv3 write finished A Fri Sep 21 15:35:39 2007 : Debug: TLS_accept: SSLv3 flush data Fri Sep 21 15:35:39 2007 : Debug: (other): SSL negotiation finished successfully Fri Sep 21 15:35:39 2007 : Debug: SSL Connection Established Fri Sep 21 15:35:39 2007 : Debug: eaptls_process returned 13 Fri Sep 21 15:35:39 2007 : Debug: modsingle[authenticate]: returned from eap (rlm_eap) for request 4 Fri Sep 21 15:35:39 2007 : Debug: modcall[authenticate]: module "eap" returns handled for request 4 Fri Sep 21 15:35:39 2007 : Debug: modcall: leaving group authenticate (returns handled) for request 4 Sending Access-Challenge of id 194 to 192.168.240.131 port 1812 Tunnel-Type:0 = VLAN Tunnel-Medium-Type:0 = IEEE-802 Tunnel-Private-Group-Id:0 = "245" EAP-Message = 0x0105003d1580000000331403010001011603010028c714fc6efa51c0fc7cfa275cd02b0f23bafef0f285b9b9708afb78a49d3ed10fa4d8f6920794c3b8 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x5cb7f91773ea37845f19c661d48fcc1b Fri Sep 21 15:35:39 2007 : Debug: Finished request 4 Fri Sep 21 15:35:39 2007 : Debug: Going to the next request Fri Sep 21 15:35:39 2007 : Debug: Waking up in 5 seconds... rad_recv: Access-Request packet from host 192.168.240.131:1812, id=195, length=207 NAS-IP-Address = 192.168.240.131 NAS-Port = 50019 NAS-Port-Type = Ethernet User-Name = "dom.test" Called-Station-Id = "00-08-A3-72-C9-13" Calling-Station-Id = "00-30-13-C5-96-6D" Service-Type = Framed-User Framed-MTU = 1500 State = 0x5cb7f91773ea37845f19c661d48fcc1b EAP-Message = 0x0205004715800000003d1703010038e2071ff4e30ec8367e24f615d20c3e8970a597a63df2e68814ef115bb3911a6ccdf77e1ab37cc87038362a43ba54ff6bd93d6b0b505417b7 Message-Authenticator = 0x933f300f3dbf9c8ccf6b21f3452388f0 Fri Sep 21 15:35:39 2007 : Debug: Processing the authorize section of radiusd.conf Fri Sep 21 15:35:39 2007 : Debug: modcall: entering group authorize for request 5 Fri Sep 21 15:35:39 2007 : Debug: modsingle[authorize]: calling preprocess (rlm_preprocess) for request 5 Fri Sep 21 15:35:39 2007 : Debug: modsingle[authorize]: returned from preprocess (rlm_preprocess) for request 5 Fri Sep 21 15:35:39 2007 : Debug: modcall[authorize]: module "preprocess" returns ok for request 5 Fri Sep 21 15:35:39 2007 : Debug: modsingle[authorize]: calling suffix (rlm_realm) for request 5 Fri Sep 21 15:35:39 2007 : Debug: rlm_realm: No '@' in User-Name = "dom.test", looking up realm NULL Fri Sep 21 15:35:39 2007 : Debug: rlm_realm: Found realm "NULL" Fri Sep 21 15:35:39 2007 : Debug: rlm_realm: Adding Stripped-User-Name = "dom.test" Fri Sep 21 15:35:39 2007 : Debug: rlm_realm: Proxying request from user dom.test to realm NULL Fri Sep 21 15:35:39 2007 : Debug: rlm_realm: Adding Realm = "NULL" Fri Sep 21 15:35:39 2007 : Debug: rlm_realm: Authentication realm is LOCAL. Fri Sep 21 15:35:39 2007 : Debug: modsingle[authorize]: returned from suffix (rlm_realm) for request 5 Fri Sep 21 15:35:39 2007 : Debug: modcall[authorize]: module "suffix" returns noop for request 5 Fri Sep 21 15:35:39 2007 : Debug: modsingle[authorize]: calling eap (rlm_eap) for request 5 Fri Sep 21 15:35:39 2007 : Debug: rlm_eap: EAP packet type response id 5 length 71 Fri Sep 21 15:35:39 2007 : Debug: rlm_eap: No EAP Start, assuming it's an on-going EAP conversation Fri Sep 21 15:35:39 2007 : Debug: modsingle[authorize]: returned from eap (rlm_eap) for request 5 Fri Sep 21 15:35:39 2007 : Debug: modcall[authorize]: module "eap" returns updated for request 5 Fri Sep 21 15:35:39 2007 : Debug: modsingle[authorize]: calling files (rlm_files) for request 5 Fri Sep 21 15:35:39 2007 : Debug: rlm_ldap: Entering ldap_groupcmp() Fri Sep 21 15:35:39 2007 : Debug: radius_xlat: 'ou=users,dc=grenoble,dc=cnrs,dc=fr' Fri Sep 21 15:35:39 2007 : Debug: radius_xlat: '(|(|(uid=dom.test)(mail=dom.test))(mail=dom.test@grenoble.cnrs.fr))' Fri Sep 21 15:35:39 2007 : Debug: rlm_ldap: ldap_get_conn: Checking Id: 0 Fri Sep 21 15:35:39 2007 : Debug: rlm_ldap: ldap_get_conn: Got Id: 0 Fri Sep 21 15:35:39 2007 : Debug: rlm_ldap: performing search in ou=users,dc=grenoble,dc=cnrs,dc=fr, with filter (|(|(uid=dom.test)(mail=dom.test))(mail=dom.test@grenoble.cnrs.fr)) Fri Sep 21 15:35:39 2007 : Debug: rlm_ldap: ldap_release_conn: Release Id: 0 Fri Sep 21 15:35:39 2007 : Debug: radius_xlat: '(|(|(uid=dom.test)(mail=dom.test))(mail=dom.test@grenoble.cnrs.fr))' Fri Sep 21 15:35:39 2007 : Debug: rlm_ldap: ldap_get_conn: Checking Id: 0 Fri Sep 21 15:35:39 2007 : Debug: rlm_ldap: ldap_get_conn: Got Id: 0 Fri Sep 21 15:35:39 2007 : Debug: rlm_ldap: performing search in ou=users,dc=grenoble,dc=cnrs,dc=fr, with filter (&(radiusGroupName=interneTEST)(|(|(uid=dom.test)(mail=dom.test))(mail=dom.test@grenoble.cnrs.fr))) Fri Sep 21 15:35:39 2007 : Debug: rlm_ldap: object not found or got ambiguous search result Fri Sep 21 15:35:39 2007 : Debug: rlm_ldap: ldap_release_conn: Release Id: 0 Fri Sep 21 15:35:39 2007 : Debug: rlm_ldap: ldap_get_conn: Checking Id: 0 Fri Sep 21 15:35:39 2007 : Debug: rlm_ldap: ldap_get_conn: Got Id: 0 Fri Sep 21 15:35:39 2007 : Debug: rlm_ldap: performing search in uid=dom.test,ou=creta,ou=users,dc=grenoble,dc=cnrs,dc=fr, with filter (objectclass=*) Fri Sep 21 15:35:39 2007 : Debug: rlm_ldap::groupcmp: Group interneTEST not found ????or user not a member Fri Sep 21 15:35:39 2007 : Debug: rlm_ldap: ldap_release_conn: Release Id: 0 Fri Sep 21 15:35:39 2007 : Debug: rlm_ldap: Entering ldap_groupcmp() Fri Sep 21 15:35:39 2007 : Debug: radius_xlat: 'ou=users,dc=grenoble,dc=cnrs,dc=fr' Fri Sep 21 15:35:39 2007 : Debug: radius_xlat: '(|(|(uid=dom.test)(mail=dom.test))(mail=dom.test@grenoble.cnrs.fr))' Fri Sep 21 15:35:39 2007 : Debug: rlm_ldap: ldap_get_conn: Checking Id: 0 Fri Sep 21 15:35:39 2007 : Debug: rlm_ldap: ldap_get_conn: Got Id: 0 Fri Sep 21 15:35:39 2007 : Debug: rlm_ldap: performing search in ou=users,dc=grenoble,dc=cnrs,dc=fr, with filter (&(radiusGroupName=inviteTEST)(|(|(uid=dom.test)(mail=dom.test))(mail=dom.test@grenoble.cnrs.fr))) Fri Sep 21 15:35:39 2007 : Debug: rlm_ldap::ldap_groupcmp: User found in group inviteTEST Fri Sep 21 15:35:39 2007 : Debug: rlm_ldap: ldap_release_conn: Release Id: 0 Fri Sep 21 15:35:39 2007 : Debug: users: Matched entry DEFAULT at line 325 Fri Sep 21 15:35:39 2007 : Debug: modsingle[authorize]: returned from files (rlm_files) for request 5 Fri Sep 21 15:35:39 2007 : Debug: modcall[authorize]: module "files" returns ok for request 5 Fri Sep 21 15:35:39 2007 : Debug: modsingle[authorize]: calling pap (rlm_pap) for request 5 Fri Sep 21 15:35:39 2007 : Debug: rlm_pap: WARNING! No "known good" password found for the user. Authentication may fail because of this. Fri Sep 21 15:35:39 2007 : Debug: modsingle[authorize]: returned from pap (rlm_pap) for request 5 Fri Sep 21 15:35:39 2007 : Debug: modcall[authorize]: module "pap" returns noop for request 5 Fri Sep 21 15:35:39 2007 : Debug: modcall: leaving group authorize (returns updated) for request 5 Fri Sep 21 15:35:39 2007 : Debug: Found Autz-Type ldap Fri Sep 21 15:35:39 2007 : Debug: Processing the authorize section of radiusd.conf Fri Sep 21 15:35:39 2007 : Debug: modcall: entering group LDAP for request 5 Fri Sep 21 15:35:39 2007 : Debug: modsingle[authorize]: calling ldap (rlm_ldap) for request 5 Fri Sep 21 15:35:39 2007 : Debug: rlm_ldap: - authorize Fri Sep 21 15:35:39 2007 : Debug: rlm_ldap: performing user authorization for dom.test Fri Sep 21 15:35:39 2007 : Debug: radius_xlat: '(|(|(uid=dom.test)(mail=dom.test))(mail=dom.test@grenoble.cnrs.fr))' Fri Sep 21 15:35:39 2007 : Debug: radius_xlat: 'ou=users,dc=grenoble,dc=cnrs,dc=fr' Fri Sep 21 15:35:39 2007 : Debug: rlm_ldap: ldap_get_conn: Checking Id: 0 Fri Sep 21 15:35:39 2007 : Debug: rlm_ldap: ldap_get_conn: Got Id: 0 Fri Sep 21 15:35:39 2007 : Debug: rlm_ldap: performing search in ou=users,dc=grenoble,dc=cnrs,dc=fr, with filter (|(|(uid=dom.test)(mail=dom.test))(mail=dom.test@grenoble.cnrs.fr)) Fri Sep 21 15:35:39 2007 : Debug: rlm_ldap: No default NMAS login sequence Fri Sep 21 15:35:39 2007 : Debug: rlm_ldap: looking for check items in directory... Fri Sep 21 15:35:39 2007 : Debug: rlm_ldap: looking for reply items in directory... Fri Sep 21 15:35:39 2007 : Debug: rlm_ldap: user dom.test authorized to use remote access Fri Sep 21 15:35:39 2007 : Debug: rlm_ldap: ldap_release_conn: Release Id: 0 Fri Sep 21 15:35:39 2007 : Debug: modsingle[authorize]: returned from ldap (rlm_ldap) for request 5 Fri Sep 21 15:35:39 2007 : Debug: modcall[authorize]: module "ldap" returns ok for request 5 Fri Sep 21 15:35:39 2007 : Debug: modcall: leaving group LDAP (returns ok) for request 5 Fri Sep 21 15:35:39 2007 : Debug: rad_check_password: Found Auth-Type EAP Fri Sep 21 15:35:39 2007 : Debug: auth: type "EAP" Fri Sep 21 15:35:39 2007 : Debug: Processing the authenticate section of radiusd.conf Fri Sep 21 15:35:39 2007 : Debug: modcall: entering group authenticate for request 5 Fri Sep 21 15:35:39 2007 : Debug: modsingle[authenticate]: calling eap (rlm_eap) for request 5 Fri Sep 21 15:35:39 2007 : Debug: rlm_eap: Request found, released from the list Fri Sep 21 15:35:39 2007 : Debug: rlm_eap: EAP/ttls Fri Sep 21 15:35:39 2007 : Debug: rlm_eap: processing type ttls Fri Sep 21 15:35:39 2007 : Debug: rlm_eap_ttls: Authenticate Fri Sep 21 15:35:39 2007 : Debug: rlm_eap_tls: processing TLS Fri Sep 21 15:35:39 2007 : Debug: rlm_eap_tls: Length Included Fri Sep 21 15:35:39 2007 : Debug: eaptls_verify returned 11 Fri Sep 21 15:35:39 2007 : Debug: eaptls_process returned 7 Fri Sep 21 15:35:39 2007 : Debug: rlm_eap_ttls: Session established. Proceeding to decode tunneled attributes. TTLS tunnel data in 0000: 00 00 00 01 40 00 00 10 64 6f 6d 2e 74 65 73 74 TTLS tunnel data in 0010: 00 00 00 02 40 00 00 10 6c 61 76 63 68 64 6e 37 TTLS: Got tunneled request User-Name = "dom.test" User-Password = "XXXXXXX" FreeRADIUS-Proxied-To = 127.0.0.1 TTLS: Sending tunneled request User-Name = "dom.test" User-Password = "XXXXXXX" FreeRADIUS-Proxied-To = 127.0.0.1 NAS-IP-Address = 192.168.240.131 NAS-Port = 50019 NAS-Port-Type = Ethernet Called-Station-Id = "00-08-A3-72-C9-13" Calling-Station-Id = "00-30-13-C5-96-6D" Service-Type = Framed-User Framed-MTU = 1500 Fri Sep 21 15:35:39 2007 : Debug: Processing the authorize section of radiusd.conf Fri Sep 21 15:35:39 2007 : Debug: modcall: entering group authorize for request 5 Fri Sep 21 15:35:39 2007 : Debug: modsingle[authorize]: calling preprocess (rlm_preprocess) for request 5 Fri Sep 21 15:35:39 2007 : Debug: modsingle[authorize]: returned from preprocess (rlm_preprocess) for request 5 Fri Sep 21 15:35:39 2007 : Debug: modcall[authorize]: module "preprocess" returns ok for request 5 Fri Sep 21 15:35:39 2007 : Debug: modsingle[authorize]: calling suffix (rlm_realm) for request 5 Fri Sep 21 15:35:39 2007 : Debug: rlm_realm: No '@' in User-Name = "dom.test", looking up realm NULL Fri Sep 21 15:35:39 2007 : Debug: rlm_realm: Found realm "NULL" Fri Sep 21 15:35:39 2007 : Debug: rlm_realm: Adding Stripped-User-Name = "dom.test" Fri Sep 21 15:35:39 2007 : Debug: rlm_realm: Proxying request from user dom.test to realm NULL Fri Sep 21 15:35:39 2007 : Debug: rlm_realm: Adding Realm = "NULL" Fri Sep 21 15:35:39 2007 : Debug: rlm_realm: Authentication realm is LOCAL. Fri Sep 21 15:35:39 2007 : Debug: modsingle[authorize]: returned from suffix (rlm_realm) for request 5 Fri Sep 21 15:35:39 2007 : Debug: modcall[authorize]: module "suffix" returns noop for request 5 Fri Sep 21 15:35:39 2007 : Debug: modsingle[authorize]: calling eap (rlm_eap) for request 5 Fri Sep 21 15:35:39 2007 : Debug: rlm_eap: No EAP-Message, not doing EAP Fri Sep 21 15:35:39 2007 : Debug: modsingle[authorize]: returned from eap (rlm_eap) for request 5 Fri Sep 21 15:35:39 2007 : Debug: modcall[authorize]: module "eap" returns noop for request 5 Fri Sep 21 15:35:39 2007 : Debug: modsingle[authorize]: calling files (rlm_files) for request 5 Fri Sep 21 15:35:39 2007 : Debug: rlm_ldap: Entering ldap_groupcmp() Fri Sep 21 15:35:39 2007 : Debug: radius_xlat: 'ou=users,dc=grenoble,dc=cnrs,dc=fr' Fri Sep 21 15:35:39 2007 : Debug: radius_xlat: '(|(|(uid=dom.test)(mail=dom.test))(mail=dom.test@grenoble.cnrs.fr))' Fri Sep 21 15:35:39 2007 : Debug: rlm_ldap: ldap_get_conn: Checking Id: 0 Fri Sep 21 15:35:39 2007 : Debug: rlm_ldap: ldap_get_conn: Got Id: 0 Fri Sep 21 15:35:39 2007 : Debug: rlm_ldap: performing search in ou=users,dc=grenoble,dc=cnrs,dc=fr, with filter (|(|(uid=dom.test)(mail=dom.test))(mail=dom.test@grenoble.cnrs.fr)) Fri Sep 21 15:35:39 2007 : Debug: rlm_ldap: ldap_release_conn: Release Id: 0 Fri Sep 21 15:35:39 2007 : Debug: radius_xlat: '(|(|(uid=dom.test)(mail=dom.test))(mail=dom.test@grenoble.cnrs.fr))' Fri Sep 21 15:35:39 2007 : Debug: rlm_ldap: ldap_get_conn: Checking Id: 0 Fri Sep 21 15:35:39 2007 : Debug: rlm_ldap: ldap_get_conn: Got Id: 0 Fri Sep 21 15:35:39 2007 : Debug: rlm_ldap: performing search in ou=users,dc=grenoble,dc=cnrs,dc=fr, with filter (&(radiusGroupName=interneTEST)(|(|(uid=dom.test)(mail=dom.test))(mail=dom.test@grenoble.cnrs.fr))) Fri Sep 21 15:35:39 2007 : Debug: rlm_ldap: object not found or got ambiguous search result Fri Sep 21 15:35:39 2007 : Debug: rlm_ldap: ldap_release_conn: Release Id: 0 Fri Sep 21 15:35:39 2007 : Debug: rlm_ldap: ldap_get_conn: Checking Id: 0 Fri Sep 21 15:35:39 2007 : Debug: rlm_ldap: ldap_get_conn: Got Id: 0 Fri Sep 21 15:35:39 2007 : Debug: rlm_ldap: performing search in uid=dom.test,ou=creta,ou=users,dc=grenoble,dc=cnrs,dc=fr, with filter (objectclass=*) Fri Sep 21 15:35:39 2007 : Debug: rlm_ldap::groupcmp: Group interneTEST not found ????or user not a member Fri Sep 21 15:35:39 2007 : Debug: rlm_ldap: ldap_release_conn: Release Id: 0 Fri Sep 21 15:35:39 2007 : Debug: rlm_ldap: Entering ldap_groupcmp() Fri Sep 21 15:35:39 2007 : Debug: radius_xlat: 'ou=users,dc=grenoble,dc=cnrs,dc=fr' Fri Sep 21 15:35:39 2007 : Debug: radius_xlat: '(|(|(uid=dom.test)(mail=dom.test))(mail=dom.test@grenoble.cnrs.fr))' Fri Sep 21 15:35:39 2007 : Debug: rlm_ldap: ldap_get_conn: Checking Id: 0 Fri Sep 21 15:35:39 2007 : Debug: rlm_ldap: ldap_get_conn: Got Id: 0 Fri Sep 21 15:35:39 2007 : Debug: rlm_ldap: performing search in ou=users,dc=grenoble,dc=cnrs,dc=fr, with filter (&(radiusGroupName=inviteTEST)(|(|(uid=dom.test)(mail=dom.test))(mail=dom.test@grenoble.cnrs.fr))) Fri Sep 21 15:35:39 2007 : Debug: rlm_ldap::ldap_groupcmp: User found in group inviteTEST Fri Sep 21 15:35:39 2007 : Debug: rlm_ldap: ldap_release_conn: Release Id: 0 Fri Sep 21 15:35:39 2007 : Debug: users: Matched entry DEFAULT at line 325 Fri Sep 21 15:35:39 2007 : Debug: modsingle[authorize]: returned from files (rlm_files) for request 5 Fri Sep 21 15:35:39 2007 : Debug: modcall[authorize]: module "files" returns ok for request 5 Fri Sep 21 15:35:39 2007 : Debug: modsingle[authorize]: calling pap (rlm_pap) for request 5 Fri Sep 21 15:35:39 2007 : Debug: rlm_pap: WARNING! No "known good" password found for the user. Authentication may fail because of this. Fri Sep 21 15:35:39 2007 : Debug: modsingle[authorize]: returned from pap (rlm_pap) for request 5 Fri Sep 21 15:35:39 2007 : Debug: modcall[authorize]: module "pap" returns noop for request 5 Fri Sep 21 15:35:39 2007 : Debug: modcall: leaving group authorize (returns ok) for request 5 Fri Sep 21 15:35:39 2007 : Debug: Found Autz-Type ldap Fri Sep 21 15:35:39 2007 : Debug: Processing the authorize section of radiusd.conf Fri Sep 21 15:35:39 2007 : Debug: modcall: entering group LDAP for request 5 Fri Sep 21 15:35:39 2007 : Debug: modsingle[authorize]: calling ldap (rlm_ldap) for request 5 Fri Sep 21 15:35:39 2007 : Debug: rlm_ldap: - authorize Fri Sep 21 15:35:39 2007 : Debug: rlm_ldap: performing user authorization for dom.test Fri Sep 21 15:35:39 2007 : Debug: radius_xlat: '(|(|(uid=dom.test)(mail=dom.test))(mail=dom.test@grenoble.cnrs.fr))' Fri Sep 21 15:35:39 2007 : Debug: radius_xlat: 'ou=users,dc=grenoble,dc=cnrs,dc=fr' Fri Sep 21 15:35:39 2007 : Debug: rlm_ldap: ldap_get_conn: Checking Id: 0 Fri Sep 21 15:35:39 2007 : Debug: rlm_ldap: ldap_get_conn: Got Id: 0 Fri Sep 21 15:35:39 2007 : Debug: rlm_ldap: performing search in ou=users,dc=grenoble,dc=cnrs,dc=fr, with filter (|(|(uid=dom.test)(mail=dom.test))(mail=dom.test@grenoble.cnrs.fr)) Fri Sep 21 15:35:39 2007 : Debug: rlm_ldap: No default NMAS login sequence Fri Sep 21 15:35:39 2007 : Debug: rlm_ldap: looking for check items in directory... Fri Sep 21 15:35:39 2007 : Debug: rlm_ldap: looking for reply items in directory... Fri Sep 21 15:35:39 2007 : Debug: rlm_ldap: Setting Auth-Type = ldap Fri Sep 21 15:35:39 2007 : Debug: rlm_ldap: user dom.test authorized to use remote access Fri Sep 21 15:35:39 2007 : Debug: rlm_ldap: ldap_release_conn: Release Id: 0 Fri Sep 21 15:35:39 2007 : Debug: modsingle[authorize]: returned from ldap (rlm_ldap) for request 5 Fri Sep 21 15:35:39 2007 : Debug: modcall[authorize]: module "ldap" returns ok for request 5 Fri Sep 21 15:35:39 2007 : Debug: modcall: leaving group LDAP (returns ok) for request 5 Fri Sep 21 15:35:39 2007 : Debug: rad_check_password: Found Auth-Type ldap Fri Sep 21 15:35:39 2007 : Debug: auth: type "LDAP" Fri Sep 21 15:35:39 2007 : Debug: Processing the authenticate section of radiusd.conf Fri Sep 21 15:35:39 2007 : Debug: modcall: entering group LDAP for request 5 Fri Sep 21 15:35:39 2007 : Debug: modsingle[authenticate]: calling ldap (rlm_ldap) for request 5 Fri Sep 21 15:35:39 2007 : Debug: rlm_ldap: - authenticate Fri Sep 21 15:35:39 2007 : Debug: rlm_ldap: login attempt by "dom.test" with password "XXXXXXX" Fri Sep 21 15:35:39 2007 : Debug: rlm_ldap: user DN: uid=dom.test,ou=creta,ou=users,dc=grenoble,dc=cnrs,dc=fr Fri Sep 21 15:35:39 2007 : Debug: rlm_ldap: (re)connect to ldaps://ldap.grenoble.cnrs.fr, authentication 1 Fri Sep 21 15:35:39 2007 : Debug: rlm_ldap: bind as uid=dom.test,ou=creta,ou=users,dc=grenoble,dc=cnrs,dc=fr/XXXXXXX to ldaps://ldap.grenoble.cnrs.fr Fri Sep 21 15:35:39 2007 : Debug: rlm_ldap: waiting for bind result ... Fri Sep 21 15:35:39 2007 : Debug: rlm_ldap: Bind was successful Fri Sep 21 15:35:39 2007 : Debug: rlm_ldap: user dom.test authenticated succesfully Fri Sep 21 15:35:39 2007 : Debug: modsingle[authenticate]: returned from ldap (rlm_ldap) for request 5 Fri Sep 21 15:35:39 2007 : Debug: modcall[authenticate]: module "ldap" returns ok for request 5 Fri Sep 21 15:35:39 2007 : Debug: modcall: leaving group LDAP (returns ok) for request 5 Fri Sep 21 15:35:39 2007 : Auth: Login OK: [dom.test] (from client localhost port 50019 cli 00-30-13-C5-96-6D) TTLS: Got tunneled reply RADIUS code 2 Tunnel-Type:0 = VLAN Tunnel-Medium-Type:0 = IEEE-802 Tunnel-Private-Group-Id:0 = "245" Fri Sep 21 15:35:39 2007 : Debug: TTLS: Got tunneled Access-Accept Fri Sep 21 15:35:39 2007 : Debug: rlm_eap: Freeing handler Fri Sep 21 15:35:39 2007 : Debug: modsingle[authenticate]: returned from eap (rlm_eap) for request 5 Fri Sep 21 15:35:39 2007 : Debug: modcall[authenticate]: module "eap" returns ok for request 5 Fri Sep 21 15:35:39 2007 : Debug: modcall: leaving group authenticate (returns ok) for request 5 Fri Sep 21 15:35:39 2007 : Auth: Login OK: [dom.test] (from client switch port 50019 cli 00-30-13-C5-96-6D) Sending Access-Accept of id 195 to 192.168.240.131 port 1812 Tunnel-Type:0 = VLAN Tunnel-Medium-Type:0 = IEEE-802 Tunnel-Private-Group-Id:0 = "245" Tunnel-Type:0 = VLAN Tunnel-Medium-Type:0 = IEEE-802 Tunnel-Private-Group-Id:0 = "245" MS-MPPE-Recv-Key = 0x72995ac2237490b3d14588adacbd8fe22b84c63459081635aba2de4da709f4b8 MS-MPPE-Send-Key = 0xe41bb646662f9555ae8d5974a0a9383f70d79bca6774772d02f028098b14606e EAP-Message = 0x03050004 Message-Authenticator = 0x00000000000000000000000000000000 User-Name = "dom.test" Fri Sep 21 15:35:39 2007 : Debug: Finished request 5 Fri Sep 21 15:35:39 2007 : Debug: Going to the next request Fri Sep 21 15:35:39 2007 : Debug: Waking up in 5 seconds... rad_recv: Accounting-Request packet from host 192.168.240.131:1813, id=195, length=157 NAS-IP-Address = 192.168.240.131 NAS-Port = 50019 NAS-Port-Type = Ethernet User-Name = "dom.test" Called-Station-Id = "00-08-A3-72-C9-13" Calling-Station-Id = "00-30-13-C5-96-6D" Acct-Status-Type = Start Acct-Authentic = RADIUS Acct-Session-Id = "192.168.240.131 dom.test 09/21/07 13:35:39 00000033" Acct-Delay-Time = 0 Fri Sep 21 15:35:39 2007 : Debug: Processing the preacct section of radiusd.conf Fri Sep 21 15:35:39 2007 : Debug: modcall: entering group preacct for request 6 Fri Sep 21 15:35:39 2007 : Debug: modsingle[preacct]: calling preprocess (rlm_preprocess) for request 6 Fri Sep 21 15:35:39 2007 : Debug: modsingle[preacct]: returned from preprocess (rlm_preprocess) for request 6 Fri Sep 21 15:35:39 2007 : Debug: modcall[preacct]: module "preprocess" returns noop for request 6 Fri Sep 21 15:35:39 2007 : Debug: modsingle[preacct]: calling acct_unique (rlm_acct_unique) for request 6 Fri Sep 21 15:35:39 2007 : Debug: rlm_acct_unique: Hashing 'NAS-Port = 50019,Client-IP-Address = 192.168.240.131,NAS-IP-Address = 192.168.240.131,Acct-Session-Id = "192.168.240.131 dom.test 09/21/07 13:35:39 00000033",User-Name = "dom.test"' Fri Sep 21 15:35:39 2007 : Debug: rlm_acct_unique: Acct-Unique-Session-ID = "2870974af3ed7f2f". Fri Sep 21 15:35:39 2007 : Debug: modsingle[preacct]: returned from acct_unique (rlm_acct_unique) for request 6 Fri Sep 21 15:35:39 2007 : Debug: modcall[preacct]: module "acct_unique" returns ok for request 6 Fri Sep 21 15:35:39 2007 : Debug: modsingle[preacct]: calling suffix (rlm_realm) for request 6 Fri Sep 21 15:35:39 2007 : Debug: rlm_realm: No '@' in User-Name = "dom.test", looking up realm NULL Fri Sep 21 15:35:39 2007 : Debug: rlm_realm: Found realm "NULL" Fri Sep 21 15:35:39 2007 : Debug: rlm_realm: Adding Stripped-User-Name = "dom.test" Fri Sep 21 15:35:39 2007 : Debug: rlm_realm: Proxying request from user dom.test to realm NULL Fri Sep 21 15:35:39 2007 : Debug: rlm_realm: Adding Realm = "NULL" Fri Sep 21 15:35:39 2007 : Debug: rlm_realm: Accounting realm is LOCAL. Fri Sep 21 15:35:39 2007 : Debug: modsingle[preacct]: returned from suffix (rlm_realm) for request 6 Fri Sep 21 15:35:39 2007 : Debug: modcall[preacct]: module "suffix" returns noop for request 6 Fri Sep 21 15:35:39 2007 : Debug: modsingle[preacct]: calling files (rlm_files) for request 6 Fri Sep 21 15:35:39 2007 : Debug: modsingle[preacct]: returned from files (rlm_files) for request 6 Fri Sep 21 15:35:39 2007 : Debug: modcall[preacct]: module "files" returns noop for request 6 Fri Sep 21 15:35:39 2007 : Debug: modcall: leaving group preacct (returns ok) for request 6 Fri Sep 21 15:35:39 2007 : Debug: Processing the accounting section of radiusd.conf Fri Sep 21 15:35:39 2007 : Debug: modcall: entering group accounting for request 6 Fri Sep 21 15:35:39 2007 : Debug: modsingle[accounting]: calling detail (rlm_detail) for request 6 Fri Sep 21 15:35:39 2007 : Debug: radius_xlat: '/var/log/freeradius/radacct/192.168.240.131/detail-20070921' Fri Sep 21 15:35:39 2007 : Debug: rlm_detail: /var/log/freeradius/radacct/%{Client-IP-Address}/detail-%Y%m%d expands to /var/log/freeradius/radacct/192.168.240.131/detail-20070921 Fri Sep 21 15:35:39 2007 : Debug: modsingle[accounting]: returned from detail (rlm_detail) for request 6 Fri Sep 21 15:35:39 2007 : Debug: modcall[accounting]: module "detail" returns ok for request 6 Fri Sep 21 15:35:39 2007 : Debug: modsingle[accounting]: calling unix (rlm_unix) for request 6 Fri Sep 21 15:35:39 2007 : Debug: modsingle[accounting]: returned from unix (rlm_unix) for request 6 Fri Sep 21 15:35:39 2007 : Debug: modcall[accounting]: module "unix" returns ok for request 6 Fri Sep 21 15:35:39 2007 : Debug: modsingle[accounting]: calling radutmp (rlm_radutmp) for request 6 Fri Sep 21 15:35:39 2007 : Debug: radius_xlat: '/var/log/freeradius/radutmp' Fri Sep 21 15:35:39 2007 : Debug: radius_xlat: 'dom.test' Fri Sep 21 15:35:39 2007 : Debug: modsingle[accounting]: returned from radutmp (rlm_radutmp) for request 6 Fri Sep 21 15:35:39 2007 : Debug: modcall[accounting]: module "radutmp" returns ok for request 6 Fri Sep 21 15:35:39 2007 : Debug: modsingle[accounting]: calling sql (rlm_sql) for request 6 Fri Sep 21 15:35:39 2007 : Debug: radius_xlat: 'dom.test' Fri Sep 21 15:35:39 2007 : Debug: rlm_sql (sql): sql_set_user escaped user --> 'dom.test' Fri Sep 21 15:35:39 2007 : Debug: radius_xlat: 'INSERT into radacct (AcctSessionId, AcctUniqueId, UserName, Realm, NASIPAddress, NASPortId, NASPortType, AcctStartTime, AcctStopTime, AcctSessionTime, AcctAuthentic, ConnectInfo_start, ConnectInfo_stop, AcctInputOctets, AcctOutputOctets, CalledStationId, CallingStationId, AcctTerminateCause, ServiceType, FramedProtocol, FramedIPAddress, AcctStartDelay, AcctStopDelay) values('192.168.240.131 dom.test 09/21/07 13:35:39 00000033', '2870974af3ed7f2f', 'dom.test', 'NULL', '192.168.240.131', '50019', 'Ethernet', '2007-09-21 15:35:39', '0', '0', 'RADIUS', '', '', '0', '0', '00-08-A3-72-C9-13', '00-30-13-C5-96-6D', '', '', '', '', '0', '0')' Fri Sep 21 15:35:39 2007 : Debug: radius_xlat: '/var/log/freeradius/sqltrace.sql' Fri Sep 21 15:35:39 2007 : Debug: rlm_sql (sql): Reserving sql socket id: 4 Fri Sep 21 15:35:39 2007 : Debug: rlm_sql_mysql: query: INSERT into radacct (AcctSessionId, AcctUniqueId, UserName, Realm, NASIPAddress, NASPortId, NASPortType, AcctStartTime, AcctStopTime, AcctSessionTime, AcctAuthentic, ConnectInfo_start, ConnectInfo_stop, AcctInputOctets, AcctOutputOctets, CalledStationId, CallingStationId, AcctTerminateCause, ServiceType, FramedProtocol, FramedIPAddress, AcctStartDelay, AcctStopDelay) values('192.168.240.131 dom.test 09/21/07 13:35:39 00000033', '2870974af3ed7f2f', 'dom.test', 'NULL', '192.168.240.131', '50019', 'Ethernet', '2007-09-21 15:35:39', '0', '0', 'RADIUS', '', '', '0', '0', '00-08-A3-72-C9-13', '00-30-13-C5-96-6D', '', '', '', '', '0', '0') Fri Sep 21 15:35:39 2007 : Debug: rlm_sql (sql): Released sql socket id: 4 Fri Sep 21 15:35:39 2007 : Debug: modsingle[accounting]: returned from sql (rlm_sql) for request 6 Fri Sep 21 15:35:39 2007 : Debug: modcall[accounting]: module "sql" returns ok for request 6 Fri Sep 21 15:35:39 2007 : Debug: modsingle[accounting]: calling attr_filter.accounting_response (rlm_attr_filter) for request 6 Fri Sep 21 15:35:39 2007 : Debug: attr_filter: Matched entry DEFAULT at line 12 Fri Sep 21 15:35:39 2007 : Debug: modsingle[accounting]: returned from attr_filter.accounting_response (rlm_attr_filter) for request 6 Fri Sep 21 15:35:39 2007 : Debug: modcall[accounting]: module "attr_filter.accounting_response" returns updated for request 6 Fri Sep 21 15:35:39 2007 : Debug: modcall: leaving group accounting (returns updated) for request 6 Sending Accounting-Response of id 195 to 192.168.240.131 port 1813 Fri Sep 21 15:35:39 2007 : Debug: Finished request 6 Fri Sep 21 15:35:39 2007 : Debug: Going to the next request Fri Sep 21 15:35:39 2007 : Debug: Waking up in 5 seconds... Fri Sep 21 15:35:44 2007 : Debug: --- Walking the entire request list --- Fri Sep 21 15:35:44 2007 : Debug: Cleaning up request 0 ID 190 with timestamp 46f3c8aa Fri Sep 21 15:35:44 2007 : Debug: Waking up in 1 seconds... Fri Sep 21 15:35:45 2007 : Debug: --- Walking the entire request list --- Fri Sep 21 15:35:45 2007 : Debug: Cleaning up request 1 ID 191 with timestamp 46f3c8ab Fri Sep 21 15:35:45 2007 : Debug: Cleaning up request 2 ID 192 with timestamp 46f3c8ab Fri Sep 21 15:35:45 2007 : Debug: Cleaning up request 3 ID 193 with timestamp 46f3c8ab Fri Sep 21 15:35:45 2007 : Debug: Cleaning up request 4 ID 194 with timestamp 46f3c8ab Fri Sep 21 15:35:45 2007 : Debug: Cleaning up request 5 ID 195 with timestamp 46f3c8ab Fri Sep 21 15:35:45 2007 : Debug: Cleaning up request 6 ID 195 with timestamp 46f3c8ab Fri Sep 21 15:35:45 2007 : Debug: Nothing to do. Sleeping until we see a request.
Fri Sep 21 15:38:06 2007 : Info: Starting - reading configuration files ... Fri Sep 21 15:38:06 2007 : Debug: reread_config: reading radiusd.conf Fri Sep 21 15:38:06 2007 : Debug: Config: including file: /etc/freeradius/proxy.conf Fri Sep 21 15:38:06 2007 : Debug: Config: including file: /etc/freeradius/clients.conf Fri Sep 21 15:38:06 2007 : Debug: Config: including file: /etc/freeradius/snmp.conf Fri Sep 21 15:38:06 2007 : Debug: Config: including file: /etc/freeradius/eap.conf Fri Sep 21 15:38:06 2007 : Debug: Config: including file: /etc/freeradius/sql.conf Fri Sep 21 15:38:06 2007 : Debug: main: prefix = "/usr" Fri Sep 21 15:38:06 2007 : Debug: main: localstatedir = "/var" Fri Sep 21 15:38:06 2007 : Debug: main: logdir = "/var/log/freeradius" Fri Sep 21 15:38:06 2007 : Debug: main: libdir = "/usr/lib/freeradius" Fri Sep 21 15:38:06 2007 : Debug: main: radacctdir = "/var/log/freeradius/radacct" Fri Sep 21 15:38:06 2007 : Debug: main: hostname_lookups = no Fri Sep 21 15:38:06 2007 : Debug: main: snmp = no Fri Sep 21 15:38:06 2007 : Debug: main: max_request_time = 30 Fri Sep 21 15:38:06 2007 : Debug: main: cleanup_delay = 5 Fri Sep 21 15:38:06 2007 : Debug: main: max_requests = 1024 Fri Sep 21 15:38:06 2007 : Debug: main: delete_blocked_requests = 0 Fri Sep 21 15:38:06 2007 : Debug: main: port = 1812 Fri Sep 21 15:38:06 2007 : Debug: main: allow_core_dumps = no Fri Sep 21 15:38:06 2007 : Debug: main: log_stripped_names = no Fri Sep 21 15:38:06 2007 : Debug: main: log_file = "/var/log/freeradius/radius.log" Fri Sep 21 15:38:06 2007 : Debug: main: log_auth = yes Fri Sep 21 15:38:06 2007 : Debug: main: log_auth_badpass = no Fri Sep 21 15:38:06 2007 : Debug: main: log_auth_goodpass = no Fri Sep 21 15:38:06 2007 : Debug: main: pidfile = "/var/run/freeradius/freeradius.pid" Fri Sep 21 15:38:06 2007 : Debug: main: user = "freerad" Fri Sep 21 15:38:06 2007 : Debug: main: group = "freerad" Fri Sep 21 15:38:06 2007 : Debug: main: usercollide = no Fri Sep 21 15:38:06 2007 : Debug: main: lower_user = "no" Fri Sep 21 15:38:06 2007 : Debug: main: lower_pass = "no" Fri Sep 21 15:38:06 2007 : Debug: main: nospace_user = "no" Fri Sep 21 15:38:06 2007 : Debug: main: nospace_pass = "no" Fri Sep 21 15:38:06 2007 : Debug: main: checkrad = "/usr/sbin/checkrad" Fri Sep 21 15:38:06 2007 : Debug: main: proxy_requests = yes Fri Sep 21 15:38:06 2007 : Debug: proxy: retry_delay = 5 Fri Sep 21 15:38:06 2007 : Debug: proxy: retry_count = 3 Fri Sep 21 15:38:06 2007 : Debug: proxy: synchronous = no Fri Sep 21 15:38:06 2007 : Debug: proxy: default_fallback = yes Fri Sep 21 15:38:06 2007 : Debug: proxy: dead_time = 120 Fri Sep 21 15:38:06 2007 : Debug: proxy: post_proxy_authorize = yes Fri Sep 21 15:38:06 2007 : Debug: proxy: wake_all_if_all_dead = no Fri Sep 21 15:38:06 2007 : Debug: security: max_attributes = 200 Fri Sep 21 15:38:06 2007 : Debug: security: reject_delay = 1 Fri Sep 21 15:38:06 2007 : Debug: security: status_server = yes Fri Sep 21 15:38:06 2007 : Debug: main: debug_level = 0 Fri Sep 21 15:38:06 2007 : Debug: read_config_files: reading dictionary Fri Sep 21 15:38:06 2007 : Debug: read_config_files: reading naslist Fri Sep 21 15:38:06 2007 : Debug: read_config_files: reading clients Fri Sep 21 15:38:06 2007 : Debug: read_config_files: reading realms Fri Sep 21 15:38:06 2007 : Debug: listen: port = 0 Fri Sep 21 15:38:06 2007 : Debug: listen: type = "auth" Fri Sep 21 15:38:06 2007 : Debug: listen: port = 0 Fri Sep 21 15:38:06 2007 : Debug: listen: type = "acct" Fri Sep 21 15:38:06 2007 : Debug: radiusd: entering modules setup Fri Sep 21 15:38:06 2007 : Debug: Module: Library search path is /usr/lib/freeradius Fri Sep 21 15:38:06 2007 : Debug: Module: Loaded exec Fri Sep 21 15:38:06 2007 : Debug: exec: wait = no Fri Sep 21 15:38:06 2007 : Debug: exec: program = "(null)" Fri Sep 21 15:38:06 2007 : Debug: exec: input_pairs = "request" Fri Sep 21 15:38:06 2007 : Debug: exec: output_pairs = "(null)" Fri Sep 21 15:38:06 2007 : Debug: exec: packet_type = "(null)" Fri Sep 21 15:38:06 2007 : Debug: Module: Instantiated exec (exec) Fri Sep 21 15:38:06 2007 : Debug: Module: Loaded expr Fri Sep 21 15:38:06 2007 : Debug: Module: Instantiated expr (expr) Fri Sep 21 15:38:06 2007 : Debug: Module: Loaded LDAP Fri Sep 21 15:38:06 2007 : Debug: ldap: server = "ldaps://ldap.grenoble.cnrs.fr" Fri Sep 21 15:38:06 2007 : Debug: ldap: port = 389 Fri Sep 21 15:38:06 2007 : Debug: ldap: net_timeout = 1 Fri Sep 21 15:38:06 2007 : Debug: ldap: timeout = 4 Fri Sep 21 15:38:06 2007 : Debug: ldap: timelimit = 3 Fri Sep 21 15:38:06 2007 : Debug: ldap: identity = "cn=rad,dc=grenoble,dc=cnrs,dc=fr" Fri Sep 21 15:38:06 2007 : Debug: ldap: tls_mode = no Fri Sep 21 15:38:06 2007 : Debug: ldap: start_tls = no Fri Sep 21 15:38:06 2007 : Debug: ldap: tls_cacertfile = "(null)" Fri Sep 21 15:38:06 2007 : Debug: ldap: tls_cacertdir = "(null)" Fri Sep 21 15:38:06 2007 : Debug: ldap: tls_certfile = "(null)" Fri Sep 21 15:38:06 2007 : Debug: ldap: tls_keyfile = "(null)" Fri Sep 21 15:38:06 2007 : Debug: ldap: tls_randfile = "(null)" Fri Sep 21 15:38:06 2007 : Debug: ldap: tls_require_cert = "allow" Fri Sep 21 15:38:06 2007 : Debug: ldap: password = "XXXXXXX" Fri Sep 21 15:38:06 2007 : Debug: ldap: basedn = "ou=users,dc=grenoble,dc=cnrs,dc=fr" Fri Sep 21 15:38:06 2007 : Debug: ldap: filter = "(|(|(uid=%{Stripped-User-Name:-%{User-Name}})(mail=%{Stripped-User-Name:-%{User-Name}}))(mail=%{Stripped-User-Name:-%{User-Name}}@grenoble.cnrs.fr))" Fri Sep 21 15:38:06 2007 : Debug: ldap: base_filter = "(objectclass=radiusprofile)" Fri Sep 21 15:38:06 2007 : Debug: ldap: default_profile = "(null)" Fri Sep 21 15:38:06 2007 : Debug: ldap: profile_attribute = "(null)" Fri Sep 21 15:38:06 2007 : Debug: ldap: password_header = "(null)" Fri Sep 21 15:38:06 2007 : Debug: ldap: password_attribute = "(null)" Fri Sep 21 15:38:06 2007 : Debug: ldap: access_attr = "(null)" Fri Sep 21 15:38:06 2007 : Debug: ldap: groupname_attribute = "radiusGroupName" Fri Sep 21 15:38:06 2007 : Debug: ldap: groupmembership_filter = "(|(|(uid=%{Stripped-User-Name:-%{User-Name}})(mail=%{Stripped-User-Name:-%{User-Name}}))(mail=%{Stripped-User-Name:-%{User-Name}}@grenoble.cnrs.fr))" Fri Sep 21 15:38:06 2007 : Debug: ldap: groupmembership_attribute = "radiusGroupName" Fri Sep 21 15:38:06 2007 : Debug: ldap: dictionary_mapping = "/etc/freeradius/ldap.attrmap" Fri Sep 21 15:38:06 2007 : Debug: ldap: ldap_debug = 0 Fri Sep 21 15:38:06 2007 : Debug: ldap: ldap_connections_number = 5 Fri Sep 21 15:38:06 2007 : Debug: ldap: compare_check_items = no Fri Sep 21 15:38:06 2007 : Debug: ldap: access_attr_used_for_allow = yes Fri Sep 21 15:38:06 2007 : Debug: ldap: do_xlat = yes Fri Sep 21 15:38:06 2007 : Debug: ldap: edir_account_policy_check = no Fri Sep 21 15:38:06 2007 : Debug: ldap: set_auth_type = yes Fri Sep 21 15:38:06 2007 : Debug: rlm_ldap: Registering ldap_groupcmp for Ldap-Group Fri Sep 21 15:38:06 2007 : Debug: rlm_ldap: Registering ldap_xlat with xlat_name ldap Fri Sep 21 15:38:06 2007 : Debug: rlm_ldap: reading ldap<->radius mappings from file /etc/freeradius/ldap.attrmap Fri Sep 21 15:38:06 2007 : Debug: rlm_ldap: LDAP radiusCheckItem mapped to RADIUS $GENERIC$ Fri Sep 21 15:38:06 2007 : Debug: rlm_ldap: LDAP radiusReplyItem mapped to RADIUS $GENERIC$ Fri Sep 21 15:38:06 2007 : Debug: rlm_ldap: LDAP radiusAuthType mapped to RADIUS Auth-Type Fri Sep 21 15:38:06 2007 : Debug: rlm_ldap: LDAP radiusSimultaneousUse mapped to RADIUS Simultaneous-Use Fri Sep 21 15:38:06 2007 : Debug: rlm_ldap: LDAP radiusCalledStationId mapped to RADIUS Called-Station-Id Fri Sep 21 15:38:06 2007 : Debug: rlm_ldap: LDAP radiusCallingStationId mapped to RADIUS Calling-Station-Id Fri Sep 21 15:38:06 2007 : Debug: rlm_ldap: LDAP lmPassword mapped to RADIUS LM-Password Fri Sep 21 15:38:06 2007 : Debug: rlm_ldap: LDAP ntPassword mapped to RADIUS NT-Password Fri Sep 21 15:38:06 2007 : Debug: rlm_ldap: LDAP acctFlags mapped to RADIUS SMB-Account-CTRL-TEXT Fri Sep 21 15:38:06 2007 : Debug: rlm_ldap: LDAP radiusExpiration mapped to RADIUS Expiration Fri Sep 21 15:38:06 2007 : Debug: rlm_ldap: LDAP radiusNASIpAddress mapped to RADIUS NAS-IP-Address Fri Sep 21 15:38:06 2007 : Debug: rlm_ldap: LDAP radiusServiceType mapped to RADIUS Service-Type Fri Sep 21 15:38:06 2007 : Debug: rlm_ldap: LDAP radiusFramedProtocol mapped to RADIUS Framed-Protocol Fri Sep 21 15:38:06 2007 : Debug: rlm_ldap: LDAP radiusFramedIPAddress mapped to RADIUS Framed-IP-Address Fri Sep 21 15:38:06 2007 : Debug: rlm_ldap: LDAP radiusFramedIPNetmask mapped to RADIUS Framed-IP-Netmask Fri Sep 21 15:38:06 2007 : Debug: rlm_ldap: LDAP radiusFramedRoute mapped to RADIUS Framed-Route Fri Sep 21 15:38:06 2007 : Debug: rlm_ldap: LDAP radiusFramedRouting mapped to RADIUS Framed-Routing Fri Sep 21 15:38:06 2007 : Debug: rlm_ldap: LDAP radiusFilterId mapped to RADIUS Filter-Id Fri Sep 21 15:38:06 2007 : Debug: rlm_ldap: LDAP radiusFramedMTU mapped to RADIUS Framed-MTU Fri Sep 21 15:38:06 2007 : Debug: rlm_ldap: LDAP radiusFramedCompression mapped to RADIUS Framed-Compression Fri Sep 21 15:38:06 2007 : Debug: rlm_ldap: LDAP radiusLoginIPHost mapped to RADIUS Login-IP-Host Fri Sep 21 15:38:06 2007 : Debug: rlm_ldap: LDAP radiusLoginService mapped to RADIUS Login-Service Fri Sep 21 15:38:06 2007 : Debug: rlm_ldap: LDAP radiusLoginTCPPort mapped to RADIUS Login-TCP-Port Fri Sep 21 15:38:06 2007 : Debug: rlm_ldap: LDAP radiusCallbackNumber mapped to RADIUS Callback-Number Fri Sep 21 15:38:06 2007 : Debug: rlm_ldap: LDAP radiusCallbackId mapped to RADIUS Callback-Id Fri Sep 21 15:38:06 2007 : Debug: rlm_ldap: LDAP radiusFramedIPXNetwork mapped to RADIUS Framed-IPX-Network Fri Sep 21 15:38:06 2007 : Debug: rlm_ldap: LDAP radiusClass mapped to RADIUS Class Fri Sep 21 15:38:06 2007 : Debug: rlm_ldap: LDAP radiusSessionTimeout mapped to RADIUS Session-Timeout Fri Sep 21 15:38:06 2007 : Debug: rlm_ldap: LDAP radiusIdleTimeout mapped to RADIUS Idle-Timeout Fri Sep 21 15:38:06 2007 : Debug: rlm_ldap: LDAP radiusTerminationAction mapped to RADIUS Termination-Action Fri Sep 21 15:38:06 2007 : Debug: rlm_ldap: LDAP radiusLoginLATService mapped to RADIUS Login-LAT-Service Fri Sep 21 15:38:06 2007 : Debug: rlm_ldap: LDAP radiusLoginLATNode mapped to RADIUS Login-LAT-Node Fri Sep 21 15:38:06 2007 : Debug: rlm_ldap: LDAP radiusLoginLATGroup mapped to RADIUS Login-LAT-Group Fri Sep 21 15:38:06 2007 : Debug: rlm_ldap: LDAP radiusFramedAppleTalkLink mapped to RADIUS Framed-AppleTalk-Link Fri Sep 21 15:38:06 2007 : Debug: rlm_ldap: LDAP radiusFramedAppleTalkNetwork mapped to RADIUS Framed-AppleTalk-Network Fri Sep 21 15:38:06 2007 : Debug: rlm_ldap: LDAP radiusFramedAppleTalkZone mapped to RADIUS Framed-AppleTalk-Zone Fri Sep 21 15:38:06 2007 : Debug: rlm_ldap: LDAP radiusPortLimit mapped to RADIUS Port-Limit Fri Sep 21 15:38:06 2007 : Debug: rlm_ldap: LDAP radiusLoginLATPort mapped to RADIUS Login-LAT-Port Fri Sep 21 15:38:06 2007 : Debug: rlm_ldap: LDAP radiusReplyMessage mapped to RADIUS Reply-Message Fri Sep 21 15:38:06 2007 : Debug: conns: 0x5555557bc4c0 Fri Sep 21 15:38:06 2007 : Debug: Module: Instantiated ldap (ldap) Fri Sep 21 15:38:06 2007 : Debug: Module: Loaded eap Fri Sep 21 15:38:06 2007 : Debug: eap: default_eap_type = "ttls" Fri Sep 21 15:38:06 2007 : Debug: eap: timer_expire = 60 Fri Sep 21 15:38:06 2007 : Debug: eap: ignore_unknown_eap_types = yes Fri Sep 21 15:38:06 2007 : Debug: eap: cisco_accounting_username_bug = no Fri Sep 21 15:38:06 2007 : Debug: tls: rsa_key_exchange = no Fri Sep 21 15:38:06 2007 : Debug: tls: dh_key_exchange = yes Fri Sep 21 15:38:06 2007 : Debug: tls: rsa_key_length = 512 Fri Sep 21 15:38:06 2007 : Debug: tls: dh_key_length = 512 Fri Sep 21 15:38:06 2007 : Debug: tls: verify_depth = 0 Fri Sep 21 15:38:06 2007 : Debug: tls: CA_path = "(null)" Fri Sep 21 15:38:06 2007 : Debug: tls: pem_file_type = yes Fri Sep 21 15:38:06 2007 : Debug: tls: private_key_file = "/etc/freeradius/certs/radius.grenoble.cnrs.fr.key" Fri Sep 21 15:38:06 2007 : Debug: tls: certificate_file = "/etc/freeradius/certs/radius.grenoble.cnrs.fr.crt" Fri Sep 21 15:38:06 2007 : Debug: tls: CA_file = "/etc/freeradius/certs/CACNRS.pem" Fri Sep 21 15:38:06 2007 : Debug: tls: private_key_password = "(null)" Fri Sep 21 15:38:06 2007 : Debug: tls: dh_file = "/etc/freeradius/certs/dh" Fri Sep 21 15:38:06 2007 : Debug: tls: random_file = "/etc/freeradius/certs/random" Fri Sep 21 15:38:06 2007 : Debug: tls: fragment_size = 1024 Fri Sep 21 15:38:06 2007 : Debug: tls: include_length = yes Fri Sep 21 15:38:06 2007 : Debug: tls: check_crl = no Fri Sep 21 15:38:06 2007 : Debug: tls: check_cert_cn = "(null)" Fri Sep 21 15:38:06 2007 : Debug: tls: cipher_list = "DEFAULT" Fri Sep 21 15:38:06 2007 : Debug: tls: check_cert_issuer = "(null)" Fri Sep 21 15:38:06 2007 : Info: rlm_eap_tls: Loading the certificate file as a chain Fri Sep 21 15:38:06 2007 : Debug: rlm_eap: Loaded and initialized type tls Fri Sep 21 15:38:06 2007 : Debug: ttls: default_eap_type = "md5" Fri Sep 21 15:38:06 2007 : Debug: ttls: copy_request_to_tunnel = yes Fri Sep 21 15:38:06 2007 : Debug: ttls: use_tunneled_reply = yes Fri Sep 21 15:38:06 2007 : Debug: rlm_eap: Loaded and initialized type ttls Fri Sep 21 15:38:06 2007 : Debug: Module: Instantiated eap (eap) Fri Sep 21 15:38:06 2007 : Debug: Module: Loaded preprocess Fri Sep 21 15:38:06 2007 : Debug: preprocess: huntgroups = "/etc/freeradius/huntgroups" Fri Sep 21 15:38:06 2007 : Debug: preprocess: hints = "/etc/freeradius/hints" Fri Sep 21 15:38:06 2007 : Debug: preprocess: with_ascend_hack = no Fri Sep 21 15:38:06 2007 : Debug: preprocess: ascend_channels_per_line = 23 Fri Sep 21 15:38:06 2007 : Debug: preprocess: with_ntdomain_hack = no Fri Sep 21 15:38:06 2007 : Debug: preprocess: with_specialix_jetstream_hack = no Fri Sep 21 15:38:06 2007 : Debug: preprocess: with_cisco_vsa_hack = no Fri Sep 21 15:38:06 2007 : Debug: preprocess: with_alvarion_vsa_hack = no Fri Sep 21 15:38:06 2007 : Debug: Module: Instantiated preprocess (preprocess) Fri Sep 21 15:38:06 2007 : Debug: Module: Loaded realm Fri Sep 21 15:38:06 2007 : Debug: realm: format = "suffix" Fri Sep 21 15:38:06 2007 : Debug: realm: delimiter = "@" Fri Sep 21 15:38:06 2007 : Debug: realm: ignore_default = no Fri Sep 21 15:38:06 2007 : Debug: realm: ignore_null = no Fri Sep 21 15:38:06 2007 : Debug: Module: Instantiated realm (suffix) Fri Sep 21 15:38:06 2007 : Debug: Module: Loaded files Fri Sep 21 15:38:06 2007 : Debug: files: usersfile = "/etc/freeradius/users" Fri Sep 21 15:38:06 2007 : Debug: files: acctusersfile = "/etc/freeradius/acct_users" Fri Sep 21 15:38:06 2007 : Debug: files: preproxy_usersfile = "/etc/freeradius/preproxy_users" Fri Sep 21 15:38:06 2007 : Debug: files: compat = "no" Fri Sep 21 15:38:06 2007 : Debug: Module: Instantiated files (files) Fri Sep 21 15:38:06 2007 : Debug: Module: Loaded PAP Fri Sep 21 15:38:06 2007 : Debug: pap: encryption_scheme = "crypt" Fri Sep 21 15:38:06 2007 : Debug: pap: auto_header = no Fri Sep 21 15:38:06 2007 : Debug: Module: Instantiated pap (pap) Fri Sep 21 15:38:06 2007 : Debug: Module: Loaded Acct-Unique-Session-Id Fri Sep 21 15:38:06 2007 : Debug: acct_unique: key = "User-Name, Acct-Session-Id, NAS-IP-Address, Client-IP-Address, NAS-Port" Fri Sep 21 15:38:06 2007 : Debug: Module: Instantiated acct_unique (acct_unique) Fri Sep 21 15:38:06 2007 : Debug: Module: Loaded detail Fri Sep 21 15:38:06 2007 : Debug: detail: detailfile = "/var/log/freeradius/radacct/%{Client-IP-Address}/detail-%Y%m%d" Fri Sep 21 15:38:06 2007 : Debug: detail: detailperm = 384 Fri Sep 21 15:38:06 2007 : Debug: detail: dirperm = 493 Fri Sep 21 15:38:06 2007 : Debug: detail: locking = no Fri Sep 21 15:38:06 2007 : Debug: Module: Instantiated detail (detail) Fri Sep 21 15:38:06 2007 : Debug: Module: Loaded System Fri Sep 21 15:38:06 2007 : Debug: unix: cache = no Fri Sep 21 15:38:06 2007 : Debug: unix: passwd = "(null)" Fri Sep 21 15:38:06 2007 : Debug: unix: shadow = "(null)" Fri Sep 21 15:38:06 2007 : Debug: unix: group = "(null)" Fri Sep 21 15:38:06 2007 : Debug: unix: radwtmp = "/var/log/freeradius/radwtmp" Fri Sep 21 15:38:06 2007 : Debug: unix: usegroup = no Fri Sep 21 15:38:06 2007 : Debug: unix: cache_reload = 600 Fri Sep 21 15:38:06 2007 : Debug: Module: Instantiated unix (unix) Fri Sep 21 15:38:06 2007 : Debug: Module: Loaded radutmp Fri Sep 21 15:38:06 2007 : Debug: radutmp: filename = "/var/log/freeradius/radutmp" Fri Sep 21 15:38:06 2007 : Debug: radutmp: username = "%{User-Name}" Fri Sep 21 15:38:06 2007 : Debug: radutmp: case_sensitive = yes Fri Sep 21 15:38:06 2007 : Debug: radutmp: check_with_nas = yes Fri Sep 21 15:38:06 2007 : Debug: radutmp: perm = 384 Fri Sep 21 15:38:06 2007 : Debug: radutmp: callerid = yes Fri Sep 21 15:38:06 2007 : Debug: Module: Instantiated radutmp (radutmp) Fri Sep 21 15:38:06 2007 : Debug: Module: Loaded SQL Fri Sep 21 15:38:06 2007 : Debug: sql: driver = "rlm_sql_mysql" Fri Sep 21 15:38:06 2007 : Debug: sql: server = "localhost" Fri Sep 21 15:38:06 2007 : Debug: sql: port = "" Fri Sep 21 15:38:06 2007 : Debug: sql: login = "AcctRadius" Fri Sep 21 15:38:06 2007 : Debug: sql: password = "AcctRadius" Fri Sep 21 15:38:06 2007 : Debug: sql: radius_db = "accounting" Fri Sep 21 15:38:06 2007 : Debug: sql: nas_table = "nas" Fri Sep 21 15:38:06 2007 : Debug: sql: sqltrace = yes Fri Sep 21 15:38:06 2007 : Debug: sql: sqltracefile = "/var/log/freeradius/sqltrace.sql" Fri Sep 21 15:38:06 2007 : Debug: sql: readclients = no Fri Sep 21 15:38:06 2007 : Debug: sql: deletestalesessions = yes Fri Sep 21 15:38:06 2007 : Debug: sql: num_sql_socks = 5 Fri Sep 21 15:38:06 2007 : Debug: sql: sql_user_name = "%{User-Name}" Fri Sep 21 15:38:06 2007 : Debug: sql: default_user_profile = "" Fri Sep 21 15:38:06 2007 : Debug: sql: query_on_not_found = no Fri Sep 21 15:38:06 2007 : Debug: sql: authorize_check_query = "SELECT id, UserName, Attribute, Value, op FROM radcheck WHERE Username = '%{SQL-User-Name}' ORDER BY id" Fri Sep 21 15:38:06 2007 : Debug: sql: authorize_reply_query = "SELECT id, UserName, Attribute, Value, op FROM radreply WHERE Username = '%{SQL-User-Name}' ORDER BY id" Fri Sep 21 15:38:06 2007 : Debug: sql: authorize_group_check_query = "SELECT id, GroupName, Attribute, Value, op FROM radgroupcheck WHERE GroupName = '%{Sql-Group}' ORDER BY id" Fri Sep 21 15:38:06 2007 : Debug: sql: authorize_group_reply_query = "SELECT id, GroupName, Attribute, Value, op FROM radgroupreply WHERE GroupName = '%{Sql-Group}' ORDER BY id" Fri Sep 21 15:38:06 2007 : Debug: sql: accounting_onoff_query = "UPDATE radacct SET AcctStopTime='%S', AcctSessionTime=unix_timestamp('%S') - unix_timestamp(AcctStartTime), AcctTerminateCause='%{Acct-Terminate-Cause}', AcctStopDelay = %{Acct-Delay-Time:-0} WHERE AcctSessionTime=0 AND AcctStopTime=0 AND NASIPAddress= '%{NAS-IP-Address}' AND AcctStartTime <= '%S'" Fri Sep 21 15:38:06 2007 : Debug: sql: accounting_update_query = "UPDATE radacct SET FramedIPAddress = '%{Framed-IP-Address}', AcctSessionTime = '%{Acct-Session-Time}', AcctInputOctets = '%{Acct-Input-Octets}', AcctOutputOctets = '%{Acct-Output-Octets}' WHERE AcctSessionId = '%{Acct-Session-Id}' AND UserName = '%{SQL-User-Name}' AND NASIPAddress= '%{NAS-IP-Address}'" Fri Sep 21 15:38:06 2007 : Debug: sql: accounting_update_query_alt = "INSERT into radacct (AcctSessionId, AcctUniqueId, UserName, Realm, NASIPAddress, NASPortId, NASPortType, AcctStartTime, AcctSessionTime, AcctAuthentic, ConnectInfo_start, AcctInputOctets, AcctOutputOctets, CalledStationId, CallingStationId, ServiceType, FramedProtocol, FramedIPAddress, AcctStartDelay) values('%{Acct-Session-Id}', '%{Acct-Unique-Session-Id}', '%{SQL-User-Name}', '%{Realm}', '%{NAS-IP-Address}', '%{NAS-Port}', '%{NAS-Port-Type}', DATE_SUB('%S',INTERVAL (%{Acct-Session-Time:-0} + %{Acct-Delay-Time:-0}) SECOND), '%{Acct-Session-Time}', '%{Acct-Authentic}', '', '%{Acct-Input-Octets}', '%{Acct-Output-Octets}', '%{Called-Station-Id}', '%{Calling-Station-Id}', '%{Service-Type}', '%{Framed-Protocol}', '%{Framed-IP-Address}', '0')" Fri Sep 21 15:38:06 2007 : Debug: sql: accounting_start_query = "INSERT into radacct (AcctSessionId, AcctUniqueId, UserName, Realm, NASIPAddress, NASPortId, NASPortType, AcctStartTime, AcctStopTime, AcctSessionTime, AcctAuthentic, ConnectInfo_start, ConnectInfo_stop, AcctInputOctets, AcctOutputOctets, CalledStationId, CallingStationId, AcctTerminateCause, ServiceType, FramedProtocol, FramedIPAddress, AcctStartDelay, AcctStopDelay) values('%{Acct-Session-Id}', '%{Acct-Unique-Session-Id}', '%{SQL-User-Name}', '%{Realm}', '%{NAS-IP-Address}', '%{NAS-Port}', '%{NAS-Port-Type}', '%S', '0', '0', '%{Acct-Authentic}', '%{Connect-Info}', '', '0', '0', '%{Called-Station-Id}', '%{Calling-Station-Id}', '', '%{Service-Type}', '%{Framed-Protocol}', '%{Framed-IP-Address}', '%{Acct-Delay-Time:-0}', '0')" Fri Sep 21 15:38:06 2007 : Debug: sql: accounting_start_query_alt = "UPDATE radacct SET AcctStartTime = '%S', AcctStartDelay = '%{Acct-Delay-Time:-0}', ConnectInfo_start = '%{Connect-Info}' WHERE AcctSessionId = '%{Acct-Session-Id}' AND UserName = '%{SQL-User-Name}' AND NASIPAddress = '%{NAS-IP-Address}'" Fri Sep 21 15:38:06 2007 : Debug: sql: accounting_stop_query = "UPDATE radacct SET AcctStopTime = '%S', AcctSessionTime = '%{Acct-Session-Time}', AcctInputOctets = '%{Acct-Input-Octets}', AcctOutputOctets = '%{Acct-Output-Octets}', AcctTerminateCause = '%{Acct-Terminate-Cause}', AcctStopDelay = '%{Acct-Delay-Time:-0}', ConnectInfo_stop = '%{Connect-Info}' WHERE AcctSessionId = '%{Acct-Session-Id}' AND UserName = '%{SQL-User-Name}' AND NASIPAddress = '%{NAS-IP-Address}'" Fri Sep 21 15:38:06 2007 : Debug: sql: accounting_stop_query_alt = "INSERT into radacct (AcctSessionId, AcctUniqueId, UserName, Realm, NASIPAddress, NASPortId, NASPortType, AcctStartTime, AcctStopTime, AcctSessionTime, AcctAuthentic, ConnectInfo_start, ConnectInfo_stop, AcctInputOctets, AcctOutputOctets, CalledStationId, CallingStationId, AcctTerminateCause, ServiceType, FramedProtocol, FramedIPAddress, AcctStartDelay, AcctStopDelay) values('%{Acct-Session-Id}', '%{Acct-Unique-Session-Id}', '%{SQL-User-Name}', '%{Realm}', '%{NAS-IP-Address}', '%{NAS-Port}', '%{NAS-Port-Type}', DATE_SUB('%S', INTERVAL (%{Acct-Session-Time:-0} + %{Acct-Delay-Time:-0}) SECOND), '%S', '%{Acct-Session-Time}', '%{Acct-Authentic}', '', '%{Connect-Info}', '%{Acct-Input-Octets}', '%{Acct-Output-Octets}', '%{Called-Station-Id}', '%{Calling-Station-Id}', '%{Acct-Terminate-Cause}', '%{Service-Type}', '%{Framed-Protocol}', '%{Framed-IP-Address}', '0', '%{Acct-Delay-Time:-0}')" Fri Sep 21 15:38:06 2007 : Debug: sql: group_membership_query = "SELECT GroupName FROM radusergroup WHERE UserName = '%{SQL-User-Name}' ORDER BY priority" Fri Sep 21 15:38:06 2007 : Debug: sql: connect_failure_retry_delay = 60 Fri Sep 21 15:38:06 2007 : Debug: sql: simul_count_query = "" Fri Sep 21 15:38:06 2007 : Debug: sql: simul_verify_query = "SELECT RadAcctId, AcctSessionId, UserName, NASIPAddress, NASPortId, FramedIPAddress, CallingStationId, FramedProtocol FROM radacct WHERE UserName='%{SQL-User-Name}' AND AcctStopTime = 0" Fri Sep 21 15:38:06 2007 : Debug: sql: postauth_query = "INSERT into radpostauth (id, user, pass, reply, date) values ('', '%{User-Name}', '%{User-Password:-Chap-Password}', '%{reply:Packet-Type}', '%S')" Fri Sep 21 15:38:06 2007 : Debug: sql: safe-characters = "@abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789.-_: /" Fri Sep 21 15:38:06 2007 : Info: rlm_sql (sql): Driver rlm_sql_mysql (module rlm_sql_mysql) loaded and linked Fri Sep 21 15:38:06 2007 : Info: rlm_sql (sql): Attempting to connect to AcctRadius@localhost:/accounting Fri Sep 21 15:38:06 2007 : Debug: rlm_sql (sql): starting 0 Fri Sep 21 15:38:06 2007 : Debug: rlm_sql (sql): Attempting to connect rlm_sql_mysql #0 Fri Sep 21 15:38:06 2007 : Info: rlm_sql_mysql: Starting connect to MySQL server for #0 Fri Sep 21 15:38:06 2007 : Debug: rlm_sql (sql): Connected new DB handle, #0 Fri Sep 21 15:38:06 2007 : Debug: rlm_sql (sql): starting 1 Fri Sep 21 15:38:06 2007 : Debug: rlm_sql (sql): Attempting to connect rlm_sql_mysql #1 Fri Sep 21 15:38:06 2007 : Info: rlm_sql_mysql: Starting connect to MySQL server for #1 Fri Sep 21 15:38:06 2007 : Debug: rlm_sql (sql): Connected new DB handle, #1 Fri Sep 21 15:38:06 2007 : Debug: rlm_sql (sql): starting 2 Fri Sep 21 15:38:06 2007 : Debug: rlm_sql (sql): Attempting to connect rlm_sql_mysql #2 Fri Sep 21 15:38:06 2007 : Info: rlm_sql_mysql: Starting connect to MySQL server for #2 Fri Sep 21 15:38:06 2007 : Debug: rlm_sql (sql): Connected new DB handle, #2 Fri Sep 21 15:38:06 2007 : Debug: rlm_sql (sql): starting 3 Fri Sep 21 15:38:06 2007 : Debug: rlm_sql (sql): Attempting to connect rlm_sql_mysql #3 Fri Sep 21 15:38:06 2007 : Info: rlm_sql_mysql: Starting connect to MySQL server for #3 Fri Sep 21 15:38:06 2007 : Debug: rlm_sql (sql): Connected new DB handle, #3 Fri Sep 21 15:38:06 2007 : Debug: rlm_sql (sql): starting 4 Fri Sep 21 15:38:06 2007 : Debug: rlm_sql (sql): Attempting to connect rlm_sql_mysql #4 Fri Sep 21 15:38:06 2007 : Info: rlm_sql_mysql: Starting connect to MySQL server for #4 Fri Sep 21 15:38:06 2007 : Debug: rlm_sql (sql): Connected new DB handle, #4 Fri Sep 21 15:38:06 2007 : Debug: Module: Instantiated sql (sql) Fri Sep 21 15:38:06 2007 : Debug: Module: Loaded attr_filter Fri Sep 21 15:38:06 2007 : Debug: attr_filter: attrsfile = "/etc/freeradius/attrs.accounting_response" Fri Sep 21 15:38:06 2007 : Error: rlm_attr_filter: Authorize method will be deprecated. Fri Sep 21 15:38:06 2007 : Debug: Module: Instantiated attr_filter (attr_filter.accounting_response) Fri Sep 21 15:38:06 2007 : Debug: detail: detailfile = "/var/log/freeradius/radacct/%{Client-IP-Address}/pre-proxy-detail-%Y%m%d" Fri Sep 21 15:38:06 2007 : Debug: detail: detailperm = 384 Fri Sep 21 15:38:06 2007 : Debug: detail: dirperm = 493 Fri Sep 21 15:38:06 2007 : Debug: detail: locking = no Fri Sep 21 15:38:06 2007 : Debug: Module: Instantiated detail (pre_proxy_log) Fri Sep 21 15:38:06 2007 : Debug: detail: detailfile = "/var/log/freeradius/radacct/%{Client-IP-Address}/post-proxy-detail-%Y%m%d" Fri Sep 21 15:38:06 2007 : Debug: detail: detailperm = 384 Fri Sep 21 15:38:06 2007 : Debug: detail: dirperm = 493 Fri Sep 21 15:38:06 2007 : Debug: detail: locking = no Fri Sep 21 15:38:06 2007 : Debug: Module: Instantiated detail (post_proxy_log) Fri Sep 21 15:38:06 2007 : Debug: attr_filter: attrsfile = "/etc/freeradius/attrs" Fri Sep 21 15:38:06 2007 : Error: rlm_attr_filter: Authorize method will be deprecated. Fri Sep 21 15:38:06 2007 : Debug: Module: Instantiated attr_filter (attr_filter.post-proxy) Fri Sep 21 15:38:06 2007 : Debug: detail: detailfile = "/var/log/freeradius/radacct/%{Client-IP-Address}/post-proxy-detail-%Y%m%d-filtre" Fri Sep 21 15:38:06 2007 : Debug: detail: detailperm = 384 Fri Sep 21 15:38:06 2007 : Debug: detail: dirperm = 493 Fri Sep 21 15:38:06 2007 : Debug: detail: locking = no Fri Sep 21 15:38:06 2007 : Debug: Module: Instantiated detail (post_proxy_log_filtre) Fri Sep 21 15:38:06 2007 : Debug: Listening on authentication *:1812 Fri Sep 21 15:38:06 2007 : Debug: Listening on accounting *:1813 Fri Sep 21 15:38:06 2007 : Debug: Listening on proxy *:1814 Fri Sep 21 15:38:06 2007 : Info: Ready to process requests. rad_recv: Accounting-Request packet from host 192.168.240.131:1813, id=196, length=181 NAS-IP-Address = 192.168.240.131 NAS-Port = 50019 NAS-Port-Type = Ethernet User-Name = "dom.test" Called-Station-Id = "00-08-A3-72-C9-13" Calling-Station-Id = "00-30-13-C5-96-6D" Acct-Status-Type = Stop Acct-Authentic = RADIUS Acct-Session-Id = "192.168.240.131 dom.test 09/21/07 13:35:39 00000033" Acct-Terminate-Cause = Port-Error Acct-Input-Octets = 4893 Acct-Output-Octets = 9457 Acct-Session-Time = 150 Acct-Delay-Time = 0 Fri Sep 21 15:38:09 2007 : Debug: Processing the preacct section of radiusd.conf Fri Sep 21 15:38:09 2007 : Debug: modcall: entering group preacct for request 0 Fri Sep 21 15:38:09 2007 : Debug: modsingle[preacct]: calling preprocess (rlm_preprocess) for request 0 Fri Sep 21 15:38:09 2007 : Debug: modsingle[preacct]: returned from preprocess (rlm_preprocess) for request 0 Fri Sep 21 15:38:09 2007 : Debug: modcall[preacct]: module "preprocess" returns noop for request 0 Fri Sep 21 15:38:09 2007 : Debug: modsingle[preacct]: calling acct_unique (rlm_acct_unique) for request 0 Fri Sep 21 15:38:09 2007 : Debug: rlm_acct_unique: Hashing 'NAS-Port = 50019,Client-IP-Address = 192.168.240.131,NAS-IP-Address = 192.168.240.131,Acct-Session-Id = "192.168.240.131 dom.test 09/21/07 13:35:39 00000033",User-Name = "dom.test"' Fri Sep 21 15:38:09 2007 : Debug: rlm_acct_unique: Acct-Unique-Session-ID = "2870974af3ed7f2f". Fri Sep 21 15:38:09 2007 : Debug: modsingle[preacct]: returned from acct_unique (rlm_acct_unique) for request 0 Fri Sep 21 15:38:09 2007 : Debug: modcall[preacct]: module "acct_unique" returns ok for request 0 Fri Sep 21 15:38:09 2007 : Debug: modsingle[preacct]: calling suffix (rlm_realm) for request 0 Fri Sep 21 15:38:09 2007 : Debug: rlm_realm: No '@' in User-Name = "dom.test", looking up realm NULL Fri Sep 21 15:38:09 2007 : Debug: rlm_realm: Found realm "NULL" Fri Sep 21 15:38:09 2007 : Debug: rlm_realm: Adding Stripped-User-Name = "dom.test" Fri Sep 21 15:38:09 2007 : Debug: rlm_realm: Proxying request from user dom.test to realm NULL Fri Sep 21 15:38:09 2007 : Debug: rlm_realm: Adding Realm = "NULL" Fri Sep 21 15:38:09 2007 : Debug: rlm_realm: Accounting realm is LOCAL. Fri Sep 21 15:38:09 2007 : Debug: modsingle[preacct]: returned from suffix (rlm_realm) for request 0 Fri Sep 21 15:38:09 2007 : Debug: modcall[preacct]: module "suffix" returns noop for request 0 Fri Sep 21 15:38:09 2007 : Debug: modsingle[preacct]: calling files (rlm_files) for request 0 Fri Sep 21 15:38:09 2007 : Debug: modsingle[preacct]: returned from files (rlm_files) for request 0 Fri Sep 21 15:38:09 2007 : Debug: modcall[preacct]: module "files" returns noop for request 0 Fri Sep 21 15:38:09 2007 : Debug: modcall: leaving group preacct (returns ok) for request 0 Fri Sep 21 15:38:09 2007 : Debug: Processing the accounting section of radiusd.conf Fri Sep 21 15:38:09 2007 : Debug: modcall: entering group accounting for request 0 Fri Sep 21 15:38:09 2007 : Debug: modsingle[accounting]: calling detail (rlm_detail) for request 0 Fri Sep 21 15:38:09 2007 : Debug: radius_xlat: '/var/log/freeradius/radacct/192.168.240.131/detail-20070921' Fri Sep 21 15:38:09 2007 : Debug: rlm_detail: /var/log/freeradius/radacct/%{Client-IP-Address}/detail-%Y%m%d expands to /var/log/freeradius/radacct/192.168.240.131/detail-20070921 Fri Sep 21 15:38:09 2007 : Debug: modsingle[accounting]: returned from detail (rlm_detail) for request 0 Fri Sep 21 15:38:09 2007 : Debug: modcall[accounting]: module "detail" returns ok for request 0 Fri Sep 21 15:38:09 2007 : Debug: modsingle[accounting]: calling unix (rlm_unix) for request 0 Fri Sep 21 15:38:09 2007 : Debug: modsingle[accounting]: returned from unix (rlm_unix) for request 0 Fri Sep 21 15:38:09 2007 : Debug: modcall[accounting]: module "unix" returns ok for request 0 Fri Sep 21 15:38:09 2007 : Debug: modsingle[accounting]: calling radutmp (rlm_radutmp) for request 0 Fri Sep 21 15:38:09 2007 : Debug: radius_xlat: '/var/log/freeradius/radutmp' Fri Sep 21 15:38:09 2007 : Debug: radius_xlat: 'dom.test' Fri Sep 21 15:38:09 2007 : Debug: modsingle[accounting]: returned from radutmp (rlm_radutmp) for request 0 Fri Sep 21 15:38:09 2007 : Debug: modcall[accounting]: module "radutmp" returns ok for request 0 Fri Sep 21 15:38:09 2007 : Debug: modsingle[accounting]: calling sql (rlm_sql) for request 0 Fri Sep 21 15:38:09 2007 : Debug: radius_xlat: 'dom.test' Fri Sep 21 15:38:09 2007 : Debug: rlm_sql (sql): sql_set_user escaped user --> 'dom.test' Fri Sep 21 15:38:09 2007 : Debug: radius_xlat: 'UPDATE radacct SET AcctStopTime = '2007-09-21 15:38:09', AcctSessionTime = '150', AcctInputOctets = '4893', AcctOutputOctets = '9457', AcctTerminateCause = 'Port-Error', AcctStopDelay = '0', ConnectInfo_stop = '' WHERE AcctSessionId = '192.168.240.131 dom.test 09/21/07 13:35:39 00000033' AND UserName = 'dom.test' AND NASIPAddress = '192.168.240.131'' Fri Sep 21 15:38:09 2007 : Debug: radius_xlat: '/var/log/freeradius/sqltrace.sql' Fri Sep 21 15:38:09 2007 : Debug: rlm_sql (sql): Reserving sql socket id: 4 Fri Sep 21 15:38:09 2007 : Debug: rlm_sql_mysql: query: UPDATE radacct SET AcctStopTime = '2007-09-21 15:38:09', AcctSessionTime = '150', AcctInputOctets = '4893', AcctOutputOctets = '9457', AcctTerminateCause = 'Port-Error', AcctStopDelay = '0', ConnectInfo_stop = '' WHERE AcctSessionId = '192.168.240.131 dom.test 09/21/07 13:35:39 00000033' AND UserName = 'dom.test' AND NASIPAddress = '192.168.240.131' Fri Sep 21 15:38:09 2007 : Debug: rlm_sql (sql): Released sql socket id: 4 Fri Sep 21 15:38:09 2007 : Debug: modsingle[accounting]: returned from sql (rlm_sql) for request 0 Fri Sep 21 15:38:09 2007 : Debug: modcall[accounting]: module "sql" returns ok for request 0 Fri Sep 21 15:38:09 2007 : Debug: modsingle[accounting]: calling attr_filter.accounting_response (rlm_attr_filter) for request 0 Fri Sep 21 15:38:09 2007 : Debug: attr_filter: Matched entry DEFAULT at line 12 Fri Sep 21 15:38:09 2007 : Debug: modsingle[accounting]: returned from attr_filter.accounting_response (rlm_attr_filter) for request 0 Fri Sep 21 15:38:09 2007 : Debug: modcall[accounting]: module "attr_filter.accounting_response" returns updated for request 0 Fri Sep 21 15:38:09 2007 : Debug: modcall: leaving group accounting (returns updated) for request 0 Sending Accounting-Response of id 196 to 192.168.240.131 port 1813 Fri Sep 21 15:38:09 2007 : Debug: Finished request 0 Fri Sep 21 15:38:09 2007 : Debug: Going to the next request Fri Sep 21 15:38:09 2007 : Debug: --- Walking the entire request list --- Fri Sep 21 15:38:09 2007 : Debug: Waking up in 6 seconds... Fri Sep 21 15:38:15 2007 : Debug: --- Walking the entire request list --- Fri Sep 21 15:38:15 2007 : Debug: Cleaning up request 0 ID 196 with timestamp 46f3c941 Fri Sep 21 15:38:15 2007 : Debug: Nothing to do. Sleeping until we see a request. rad_recv: Access-Request packet from host 192.168.240.131:1812, id=198, length=151 NAS-IP-Address = 192.168.240.131 NAS-Port = 50019 NAS-Port-Type = Ethernet User-Name = "dominique.fournier" Called-Station-Id = "00-08-A3-72-C9-13" Calling-Station-Id = "00-30-13-C5-96-6D" Service-Type = Framed-User Framed-MTU = 1500 EAP-Message = 0x0200001701646f6d696e697175652e666f75726e696572 Message-Authenticator = 0xe7bdc6755c38b5c37f2962085b06c59c Fri Sep 21 15:38:20 2007 : Debug: Processing the authorize section of radiusd.conf Fri Sep 21 15:38:20 2007 : Debug: modcall: entering group authorize for request 1 Fri Sep 21 15:38:20 2007 : Debug: modsingle[authorize]: calling preprocess (rlm_preprocess) for request 1 Fri Sep 21 15:38:20 2007 : Debug: modsingle[authorize]: returned from preprocess (rlm_preprocess) for request 1 Fri Sep 21 15:38:20 2007 : Debug: modcall[authorize]: module "preprocess" returns ok for request 1 Fri Sep 21 15:38:20 2007 : Debug: modsingle[authorize]: calling suffix (rlm_realm) for request 1 Fri Sep 21 15:38:20 2007 : Debug: rlm_realm: No '@' in User-Name = "dominique.fournier", looking up realm NULL Fri Sep 21 15:38:20 2007 : Debug: rlm_realm: Found realm "NULL" Fri Sep 21 15:38:20 2007 : Debug: rlm_realm: Adding Stripped-User-Name = "dominique.fournier" Fri Sep 21 15:38:20 2007 : Debug: rlm_realm: Proxying request from user dominique.fournier to realm NULL Fri Sep 21 15:38:20 2007 : Debug: rlm_realm: Adding Realm = "NULL" Fri Sep 21 15:38:20 2007 : Debug: rlm_realm: Authentication realm is LOCAL. Fri Sep 21 15:38:20 2007 : Debug: modsingle[authorize]: returned from suffix (rlm_realm) for request 1 Fri Sep 21 15:38:20 2007 : Debug: modcall[authorize]: module "suffix" returns noop for request 1 Fri Sep 21 15:38:20 2007 : Debug: modsingle[authorize]: calling eap (rlm_eap) for request 1 Fri Sep 21 15:38:20 2007 : Debug: rlm_eap: EAP packet type response id 0 length 23 Fri Sep 21 15:38:20 2007 : Debug: rlm_eap: No EAP Start, assuming it's an on-going EAP conversation Fri Sep 21 15:38:20 2007 : Debug: modsingle[authorize]: returned from eap (rlm_eap) for request 1 Fri Sep 21 15:38:20 2007 : Debug: modcall[authorize]: module "eap" returns updated for request 1 Fri Sep 21 15:38:20 2007 : Debug: modsingle[authorize]: calling files (rlm_files) for request 1 Fri Sep 21 15:38:20 2007 : Debug: rlm_ldap: Entering ldap_groupcmp() Fri Sep 21 15:38:20 2007 : Debug: radius_xlat: 'ou=users,dc=grenoble,dc=cnrs,dc=fr' Fri Sep 21 15:38:20 2007 : Debug: radius_xlat: '(|(|(uid=dominique.fournier)(mail=dominique.fournier))(mail=dominique.fournier@grenoble.cnrs.fr))' Fri Sep 21 15:38:20 2007 : Debug: rlm_ldap: ldap_get_conn: Checking Id: 0 Fri Sep 21 15:38:20 2007 : Debug: rlm_ldap: ldap_get_conn: Got Id: 0 Fri Sep 21 15:38:20 2007 : Debug: rlm_ldap: attempting LDAP reconnection Fri Sep 21 15:38:20 2007 : Debug: rlm_ldap: (re)connect to ldaps://ldap.grenoble.cnrs.fr, authentication 0 Fri Sep 21 15:38:20 2007 : Debug: rlm_ldap: bind as cn=rad,dc=grenoble,dc=cnrs,dc=fr/XXXXXXX to ldaps://ldap.grenoble.cnrs.fr Fri Sep 21 15:38:20 2007 : Debug: rlm_ldap: waiting for bind result ... Fri Sep 21 15:38:20 2007 : Debug: rlm_ldap: Bind was successful Fri Sep 21 15:38:20 2007 : Debug: rlm_ldap: performing search in ou=users,dc=grenoble,dc=cnrs,dc=fr, with filter (|(|(uid=dominique.fournier)(mail=dominique.fournier))(mail=dominique.fournier@grenoble.cnrs.fr)) Fri Sep 21 15:38:20 2007 : Debug: rlm_ldap: ldap_release_conn: Release Id: 0 Fri Sep 21 15:38:20 2007 : Debug: radius_xlat: '(|(|(uid=dominique.fournier)(mail=dominique.fournier))(mail=dominique.fournier@grenoble.cnrs.fr))' Fri Sep 21 15:38:20 2007 : Debug: rlm_ldap: ldap_get_conn: Checking Id: 0 Fri Sep 21 15:38:20 2007 : Debug: rlm_ldap: ldap_get_conn: Got Id: 0 Fri Sep 21 15:38:20 2007 : Debug: rlm_ldap: performing search in ou=users,dc=grenoble,dc=cnrs,dc=fr, with filter (&(radiusGroupName=interneTEST)(|(|(uid=dominique.fournier)(mail=dominique.fournier))(mail=dominique.fournier@grenoble.cnrs.fr))) Fri Sep 21 15:38:20 2007 : Debug: rlm_ldap: object not found or got ambiguous search result Fri Sep 21 15:38:20 2007 : Debug: rlm_ldap: ldap_release_conn: Release Id: 0 Fri Sep 21 15:38:20 2007 : Debug: rlm_ldap: ldap_get_conn: Checking Id: 0 Fri Sep 21 15:38:20 2007 : Debug: rlm_ldap: ldap_get_conn: Got Id: 0 Fri Sep 21 15:38:20 2007 : Debug: rlm_ldap: performing search in uid=dominique.fournier,ou=neel,ou=users,dc=grenoble,dc=cnrs,dc=fr, with filter (objectclass=*) Fri Sep 21 15:38:20 2007 : Debug: rlm_ldap::groupcmp: Group interneTEST not found ????or user not a member Fri Sep 21 15:38:20 2007 : Debug: rlm_ldap: ldap_release_conn: Release Id: 0 Fri Sep 21 15:38:20 2007 : Debug: rlm_ldap: Entering ldap_groupcmp() Fri Sep 21 15:38:20 2007 : Debug: radius_xlat: 'ou=users,dc=grenoble,dc=cnrs,dc=fr' Fri Sep 21 15:38:20 2007 : Debug: radius_xlat: '(|(|(uid=dominique.fournier)(mail=dominique.fournier))(mail=dominique.fournier@grenoble.cnrs.fr))' Fri Sep 21 15:38:20 2007 : Debug: rlm_ldap: ldap_get_conn: Checking Id: 0 Fri Sep 21 15:38:20 2007 : Debug: rlm_ldap: ldap_get_conn: Got Id: 0 Fri Sep 21 15:38:20 2007 : Debug: rlm_ldap: performing search in ou=users,dc=grenoble,dc=cnrs,dc=fr, with filter (&(radiusGroupName=inviteTEST)(|(|(uid=dominique.fournier)(mail=dominique.fournier))(mail=dominique.fournier@grenoble.cnrs.fr))) Fri Sep 21 15:38:20 2007 : Debug: rlm_ldap: object not found or got ambiguous search result Fri Sep 21 15:38:20 2007 : Debug: rlm_ldap: ldap_release_conn: Release Id: 0 Fri Sep 21 15:38:20 2007 : Debug: rlm_ldap: ldap_get_conn: Checking Id: 0 Fri Sep 21 15:38:20 2007 : Debug: rlm_ldap: ldap_get_conn: Got Id: 0 Fri Sep 21 15:38:20 2007 : Debug: rlm_ldap: performing search in uid=dominique.fournier,ou=neel,ou=users,dc=grenoble,dc=cnrs,dc=fr, with filter (objectclass=*) Fri Sep 21 15:38:20 2007 : Debug: rlm_ldap::groupcmp: Group inviteTEST not found ????or user not a member Fri Sep 21 15:38:20 2007 : Debug: rlm_ldap: ldap_release_conn: Release Id: 0 Fri Sep 21 15:38:20 2007 : Debug: rlm_ldap: Entering ldap_groupcmp() Fri Sep 21 15:38:20 2007 : Debug: radius_xlat: 'ou=users,dc=grenoble,dc=cnrs,dc=fr' Fri Sep 21 15:38:20 2007 : Debug: radius_xlat: '(|(|(uid=dominique.fournier)(mail=dominique.fournier))(mail=dominique.fournier@grenoble.cnrs.fr))' Fri Sep 21 15:38:20 2007 : Debug: rlm_ldap: ldap_get_conn: Checking Id: 0 Fri Sep 21 15:38:20 2007 : Debug: rlm_ldap: ldap_get_conn: Got Id: 0 Fri Sep 21 15:38:20 2007 : Debug: rlm_ldap: performing search in ou=users,dc=grenoble,dc=cnrs,dc=fr, with filter (&(radiusGroupName=interne*)(|(|(uid=dominique.fournier)(mail=dominique.fournier))(mail=dominique.fournier@grenoble.cnrs.fr))) Fri Sep 21 15:38:20 2007 : Debug: rlm_ldap::ldap_groupcmp: User found in group interne* Fri Sep 21 15:38:20 2007 : Debug: rlm_ldap: ldap_release_conn: Release Id: 0 Fri Sep 21 15:38:20 2007 : Debug: users: Matched entry DEFAULT at line 335 Fri Sep 21 15:38:20 2007 : Debug: modsingle[authorize]: returned from files (rlm_files) for request 1 Fri Sep 21 15:38:20 2007 : Debug: modcall[authorize]: module "files" returns ok for request 1 Fri Sep 21 15:38:20 2007 : Debug: modsingle[authorize]: calling pap (rlm_pap) for request 1 Fri Sep 21 15:38:20 2007 : Debug: rlm_pap: WARNING! No "known good" password found for the user. Authentication may fail because of this. Fri Sep 21 15:38:20 2007 : Debug: modsingle[authorize]: returned from pap (rlm_pap) for request 1 Fri Sep 21 15:38:20 2007 : Debug: modcall[authorize]: module "pap" returns noop for request 1 Fri Sep 21 15:38:20 2007 : Debug: modcall: leaving group authorize (returns updated) for request 1 Fri Sep 21 15:38:20 2007 : Debug: Found Autz-Type ldap Fri Sep 21 15:38:20 2007 : Debug: Processing the authorize section of radiusd.conf Fri Sep 21 15:38:20 2007 : Debug: modcall: entering group LDAP for request 1 Fri Sep 21 15:38:20 2007 : Debug: modsingle[authorize]: calling ldap (rlm_ldap) for request 1 Fri Sep 21 15:38:20 2007 : Debug: rlm_ldap: - authorize Fri Sep 21 15:38:20 2007 : Debug: rlm_ldap: performing user authorization for dominique.fournier Fri Sep 21 15:38:20 2007 : Debug: radius_xlat: '(|(|(uid=dominique.fournier)(mail=dominique.fournier))(mail=dominique.fournier@grenoble.cnrs.fr))' Fri Sep 21 15:38:20 2007 : Debug: radius_xlat: 'ou=users,dc=grenoble,dc=cnrs,dc=fr' Fri Sep 21 15:38:20 2007 : Debug: rlm_ldap: ldap_get_conn: Checking Id: 0 Fri Sep 21 15:38:20 2007 : Debug: rlm_ldap: ldap_get_conn: Got Id: 0 Fri Sep 21 15:38:20 2007 : Debug: rlm_ldap: performing search in ou=users,dc=grenoble,dc=cnrs,dc=fr, with filter (|(|(uid=dominique.fournier)(mail=dominique.fournier))(mail=dominique.fournier@grenoble.cnrs.fr)) Fri Sep 21 15:38:20 2007 : Debug: rlm_ldap: No default NMAS login sequence Fri Sep 21 15:38:20 2007 : Debug: rlm_ldap: looking for check items in directory... Fri Sep 21 15:38:20 2007 : Debug: rlm_ldap: looking for reply items in directory... Fri Sep 21 15:38:20 2007 : Debug: rlm_ldap: user dominique.fournier authorized to use remote access Fri Sep 21 15:38:20 2007 : Debug: rlm_ldap: ldap_release_conn: Release Id: 0 Fri Sep 21 15:38:20 2007 : Debug: modsingle[authorize]: returned from ldap (rlm_ldap) for request 1 Fri Sep 21 15:38:20 2007 : Debug: modcall[authorize]: module "ldap" returns ok for request 1 Fri Sep 21 15:38:20 2007 : Debug: modcall: leaving group LDAP (returns ok) for request 1 Fri Sep 21 15:38:20 2007 : Debug: rad_check_password: Found Auth-Type EAP Fri Sep 21 15:38:20 2007 : Debug: auth: type "EAP" Fri Sep 21 15:38:20 2007 : Debug: Processing the authenticate section of radiusd.conf Fri Sep 21 15:38:20 2007 : Debug: modcall: entering group authenticate for request 1 Fri Sep 21 15:38:20 2007 : Debug: modsingle[authenticate]: calling eap (rlm_eap) for request 1 Fri Sep 21 15:38:20 2007 : Debug: rlm_eap: EAP Identity Fri Sep 21 15:38:20 2007 : Debug: rlm_eap: processing type tls Fri Sep 21 15:38:20 2007 : Debug: rlm_eap_tls: Initiate Fri Sep 21 15:38:20 2007 : Debug: rlm_eap_tls: Start returned 1 Fri Sep 21 15:38:20 2007 : Debug: modsingle[authenticate]: returned from eap (rlm_eap) for request 1 Fri Sep 21 15:38:20 2007 : Debug: modcall[authenticate]: module "eap" returns handled for request 1 Fri Sep 21 15:38:20 2007 : Debug: modcall: leaving group authenticate (returns handled) for request 1 Sending Access-Challenge of id 198 to 192.168.240.131 port 1812 Tunnel-Type:0 = VLAN Tunnel-Medium-Type:0 = IEEE-802 Tunnel-Private-Group-Id:0 = "245" EAP-Message = 0x010100061520 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x9b22ec27d9ffc41efa536b2430271e92 Fri Sep 21 15:38:20 2007 : Debug: Finished request 1 Fri Sep 21 15:38:20 2007 : Debug: Going to the next request Fri Sep 21 15:38:20 2007 : Debug: --- Walking the entire request list --- Fri Sep 21 15:38:20 2007 : Debug: Waking up in 6 seconds... rad_recv: Access-Request packet from host 192.168.240.131:1812, id=199, length=206 NAS-IP-Address = 192.168.240.131 NAS-Port = 50019 NAS-Port-Type = Ethernet User-Name = "dominique.fournier" Called-Station-Id = "00-08-A3-72-C9-13" Calling-Station-Id = "00-30-13-C5-96-6D" Service-Type = Framed-User Framed-MTU = 1500 State = 0x9b22ec27d9ffc41efa536b2430271e92 EAP-Message = 0x0201003c158000000032160301002d0100002903010e2d2d85bc26a1d4e5636593c1716dbcd307cb8fd260c3f940a9b3b24bb06b18000002000a0100 Message-Authenticator = 0xac23f2736a64b975da1ddd52de8a00ef Fri Sep 21 15:38:20 2007 : Debug: Processing the authorize section of radiusd.conf Fri Sep 21 15:38:20 2007 : Debug: modcall: entering group authorize for request 2 Fri Sep 21 15:38:20 2007 : Debug: modsingle[authorize]: calling preprocess (rlm_preprocess) for request 2 Fri Sep 21 15:38:20 2007 : Debug: modsingle[authorize]: returned from preprocess (rlm_preprocess) for request 2 Fri Sep 21 15:38:20 2007 : Debug: modcall[authorize]: module "preprocess" returns ok for request 2 Fri Sep 21 15:38:20 2007 : Debug: modsingle[authorize]: calling suffix (rlm_realm) for request 2 Fri Sep 21 15:38:20 2007 : Debug: rlm_realm: No '@' in User-Name = "dominique.fournier", looking up realm NULL Fri Sep 21 15:38:20 2007 : Debug: rlm_realm: Found realm "NULL" Fri Sep 21 15:38:20 2007 : Debug: rlm_realm: Adding Stripped-User-Name = "dominique.fournier" Fri Sep 21 15:38:20 2007 : Debug: rlm_realm: Proxying request from user dominique.fournier to realm NULL Fri Sep 21 15:38:20 2007 : Debug: rlm_realm: Adding Realm = "NULL" Fri Sep 21 15:38:20 2007 : Debug: rlm_realm: Authentication realm is LOCAL. Fri Sep 21 15:38:20 2007 : Debug: modsingle[authorize]: returned from suffix (rlm_realm) for request 2 Fri Sep 21 15:38:20 2007 : Debug: modcall[authorize]: module "suffix" returns noop for request 2 Fri Sep 21 15:38:20 2007 : Debug: modsingle[authorize]: calling eap (rlm_eap) for request 2 Fri Sep 21 15:38:20 2007 : Debug: rlm_eap: EAP packet type response id 1 length 60 Fri Sep 21 15:38:20 2007 : Debug: rlm_eap: No EAP Start, assuming it's an on-going EAP conversation Fri Sep 21 15:38:20 2007 : Debug: modsingle[authorize]: returned from eap (rlm_eap) for request 2 Fri Sep 21 15:38:20 2007 : Debug: modcall[authorize]: module "eap" returns updated for request 2 Fri Sep 21 15:38:20 2007 : Debug: modsingle[authorize]: calling files (rlm_files) for request 2 Fri Sep 21 15:38:20 2007 : Debug: rlm_ldap: Entering ldap_groupcmp() Fri Sep 21 15:38:20 2007 : Debug: radius_xlat: 'ou=users,dc=grenoble,dc=cnrs,dc=fr' Fri Sep 21 15:38:20 2007 : Debug: radius_xlat: '(|(|(uid=dominique.fournier)(mail=dominique.fournier))(mail=dominique.fournier@grenoble.cnrs.fr))' Fri Sep 21 15:38:20 2007 : Debug: rlm_ldap: ldap_get_conn: Checking Id: 0 Fri Sep 21 15:38:20 2007 : Debug: rlm_ldap: ldap_get_conn: Got Id: 0 Fri Sep 21 15:38:20 2007 : Debug: rlm_ldap: performing search in ou=users,dc=grenoble,dc=cnrs,dc=fr, with filter (|(|(uid=dominique.fournier)(mail=dominique.fournier))(mail=dominique.fournier@grenoble.cnrs.fr)) Fri Sep 21 15:38:20 2007 : Debug: rlm_ldap: ldap_release_conn: Release Id: 0 Fri Sep 21 15:38:20 2007 : Debug: radius_xlat: '(|(|(uid=dominique.fournier)(mail=dominique.fournier))(mail=dominique.fournier@grenoble.cnrs.fr))' Fri Sep 21 15:38:20 2007 : Debug: rlm_ldap: ldap_get_conn: Checking Id: 0 Fri Sep 21 15:38:20 2007 : Debug: rlm_ldap: ldap_get_conn: Got Id: 0 Fri Sep 21 15:38:20 2007 : Debug: rlm_ldap: performing search in ou=users,dc=grenoble,dc=cnrs,dc=fr, with filter (&(radiusGroupName=interneTEST)(|(|(uid=dominique.fournier)(mail=dominique.fournier))(mail=dominique.fournier@grenoble.cnrs.fr))) Fri Sep 21 15:38:20 2007 : Debug: rlm_ldap: object not found or got ambiguous search result Fri Sep 21 15:38:20 2007 : Debug: rlm_ldap: ldap_release_conn: Release Id: 0 Fri Sep 21 15:38:20 2007 : Debug: rlm_ldap: ldap_get_conn: Checking Id: 0 Fri Sep 21 15:38:20 2007 : Debug: rlm_ldap: ldap_get_conn: Got Id: 0 Fri Sep 21 15:38:20 2007 : Debug: rlm_ldap: performing search in uid=dominique.fournier,ou=neel,ou=users,dc=grenoble,dc=cnrs,dc=fr, with filter (objectclass=*) Fri Sep 21 15:38:20 2007 : Debug: rlm_ldap::groupcmp: Group interneTEST not found ????or user not a member Fri Sep 21 15:38:20 2007 : Debug: rlm_ldap: ldap_release_conn: Release Id: 0 Fri Sep 21 15:38:20 2007 : Debug: rlm_ldap: Entering ldap_groupcmp() Fri Sep 21 15:38:20 2007 : Debug: radius_xlat: 'ou=users,dc=grenoble,dc=cnrs,dc=fr' Fri Sep 21 15:38:20 2007 : Debug: radius_xlat: '(|(|(uid=dominique.fournier)(mail=dominique.fournier))(mail=dominique.fournier@grenoble.cnrs.fr))' Fri Sep 21 15:38:20 2007 : Debug: rlm_ldap: ldap_get_conn: Checking Id: 0 Fri Sep 21 15:38:20 2007 : Debug: rlm_ldap: ldap_get_conn: Got Id: 0 Fri Sep 21 15:38:20 2007 : Debug: rlm_ldap: performing search in ou=users,dc=grenoble,dc=cnrs,dc=fr, with filter (&(radiusGroupName=inviteTEST)(|(|(uid=dominique.fournier)(mail=dominique.fournier))(mail=dominique.fournier@grenoble.cnrs.fr))) Fri Sep 21 15:38:20 2007 : Debug: rlm_ldap: object not found or got ambiguous search result Fri Sep 21 15:38:20 2007 : Debug: rlm_ldap: ldap_release_conn: Release Id: 0 Fri Sep 21 15:38:20 2007 : Debug: rlm_ldap: ldap_get_conn: Checking Id: 0 Fri Sep 21 15:38:20 2007 : Debug: rlm_ldap: ldap_get_conn: Got Id: 0 Fri Sep 21 15:38:20 2007 : Debug: rlm_ldap: performing search in uid=dominique.fournier,ou=neel,ou=users,dc=grenoble,dc=cnrs,dc=fr, with filter (objectclass=*) Fri Sep 21 15:38:20 2007 : Debug: rlm_ldap::groupcmp: Group inviteTEST not found ????or user not a member Fri Sep 21 15:38:20 2007 : Debug: rlm_ldap: ldap_release_conn: Release Id: 0 Fri Sep 21 15:38:20 2007 : Debug: rlm_ldap: Entering ldap_groupcmp() Fri Sep 21 15:38:20 2007 : Debug: radius_xlat: 'ou=users,dc=grenoble,dc=cnrs,dc=fr' Fri Sep 21 15:38:20 2007 : Debug: radius_xlat: '(|(|(uid=dominique.fournier)(mail=dominique.fournier))(mail=dominique.fournier@grenoble.cnrs.fr))' Fri Sep 21 15:38:20 2007 : Debug: rlm_ldap: ldap_get_conn: Checking Id: 0 Fri Sep 21 15:38:20 2007 : Debug: rlm_ldap: ldap_get_conn: Got Id: 0 Fri Sep 21 15:38:20 2007 : Debug: rlm_ldap: performing search in ou=users,dc=grenoble,dc=cnrs,dc=fr, with filter (&(radiusGroupName=interne*)(|(|(uid=dominique.fournier)(mail=dominique.fournier))(mail=dominique.fournier@grenoble.cnrs.fr))) Fri Sep 21 15:38:20 2007 : Debug: rlm_ldap::ldap_groupcmp: User found in group interne* Fri Sep 21 15:38:20 2007 : Debug: rlm_ldap: ldap_release_conn: Release Id: 0 Fri Sep 21 15:38:20 2007 : Debug: users: Matched entry DEFAULT at line 335 Fri Sep 21 15:38:20 2007 : Debug: modsingle[authorize]: returned from files (rlm_files) for request 2 Fri Sep 21 15:38:20 2007 : Debug: modcall[authorize]: module "files" returns ok for request 2 Fri Sep 21 15:38:20 2007 : Debug: modsingle[authorize]: calling pap (rlm_pap) for request 2 Fri Sep 21 15:38:20 2007 : Debug: rlm_pap: WARNING! No "known good" password found for the user. Authentication may fail because of this. Fri Sep 21 15:38:20 2007 : Debug: modsingle[authorize]: returned from pap (rlm_pap) for request 2 Fri Sep 21 15:38:20 2007 : Debug: modcall[authorize]: module "pap" returns noop for request 2 Fri Sep 21 15:38:20 2007 : Debug: modcall: leaving group authorize (returns updated) for request 2 Fri Sep 21 15:38:20 2007 : Debug: Found Autz-Type ldap Fri Sep 21 15:38:20 2007 : Debug: Processing the authorize section of radiusd.conf Fri Sep 21 15:38:20 2007 : Debug: modcall: entering group LDAP for request 2 Fri Sep 21 15:38:20 2007 : Debug: modsingle[authorize]: calling ldap (rlm_ldap) for request 2 Fri Sep 21 15:38:20 2007 : Debug: rlm_ldap: - authorize Fri Sep 21 15:38:20 2007 : Debug: rlm_ldap: performing user authorization for dominique.fournier Fri Sep 21 15:38:20 2007 : Debug: radius_xlat: '(|(|(uid=dominique.fournier)(mail=dominique.fournier))(mail=dominique.fournier@grenoble.cnrs.fr))' Fri Sep 21 15:38:20 2007 : Debug: radius_xlat: 'ou=users,dc=grenoble,dc=cnrs,dc=fr' Fri Sep 21 15:38:20 2007 : Debug: rlm_ldap: ldap_get_conn: Checking Id: 0 Fri Sep 21 15:38:20 2007 : Debug: rlm_ldap: ldap_get_conn: Got Id: 0 Fri Sep 21 15:38:20 2007 : Debug: rlm_ldap: performing search in ou=users,dc=grenoble,dc=cnrs,dc=fr, with filter (|(|(uid=dominique.fournier)(mail=dominique.fournier))(mail=dominique.fournier@grenoble.cnrs.fr)) Fri Sep 21 15:38:20 2007 : Debug: rlm_ldap: No default NMAS login sequence Fri Sep 21 15:38:20 2007 : Debug: rlm_ldap: looking for check items in directory... Fri Sep 21 15:38:20 2007 : Debug: rlm_ldap: looking for reply items in directory... Fri Sep 21 15:38:20 2007 : Debug: rlm_ldap: user dominique.fournier authorized to use remote access Fri Sep 21 15:38:20 2007 : Debug: rlm_ldap: ldap_release_conn: Release Id: 0 Fri Sep 21 15:38:20 2007 : Debug: modsingle[authorize]: returned from ldap (rlm_ldap) for request 2 Fri Sep 21 15:38:20 2007 : Debug: modcall[authorize]: module "ldap" returns ok for request 2 Fri Sep 21 15:38:20 2007 : Debug: modcall: leaving group LDAP (returns ok) for request 2 Fri Sep 21 15:38:20 2007 : Debug: rad_check_password: Found Auth-Type EAP Fri Sep 21 15:38:20 2007 : Debug: auth: type "EAP" Fri Sep 21 15:38:20 2007 : Debug: Processing the authenticate section of radiusd.conf Fri Sep 21 15:38:20 2007 : Debug: modcall: entering group authenticate for request 2 Fri Sep 21 15:38:20 2007 : Debug: modsingle[authenticate]: calling eap (rlm_eap) for request 2 Fri Sep 21 15:38:20 2007 : Debug: rlm_eap: Request found, released from the list Fri Sep 21 15:38:20 2007 : Debug: rlm_eap: EAP/ttls Fri Sep 21 15:38:20 2007 : Debug: rlm_eap: processing type ttls Fri Sep 21 15:38:20 2007 : Debug: rlm_eap_ttls: Authenticate Fri Sep 21 15:38:20 2007 : Debug: rlm_eap_tls: processing TLS Fri Sep 21 15:38:20 2007 : Debug: rlm_eap_tls: Length Included Fri Sep 21 15:38:20 2007 : Debug: eaptls_verify returned 11 Fri Sep 21 15:38:20 2007 : Debug: (other): before/accept initialization Fri Sep 21 15:38:20 2007 : Debug: TLS_accept: before/accept initialization Fri Sep 21 15:38:20 2007 : Debug: rlm_eap_tls: <<< TLS 1.0 Handshake [length 002d], ClientHello Fri Sep 21 15:38:20 2007 : Debug: TLS_accept: SSLv3 read client hello A Fri Sep 21 15:38:20 2007 : Debug: rlm_eap_tls: >>> TLS 1.0 Handshake [length 004a], ServerHello Fri Sep 21 15:38:20 2007 : Debug: TLS_accept: SSLv3 write server hello A Fri Sep 21 15:38:20 2007 : Debug: rlm_eap_tls: >>> TLS 1.0 Handshake [length 0af4], Certificate Fri Sep 21 15:38:20 2007 : Debug: TLS_accept: SSLv3 write certificate A Fri Sep 21 15:38:20 2007 : Debug: rlm_eap_tls: >>> TLS 1.0 Handshake [length 0004], ServerHelloDone Fri Sep 21 15:38:20 2007 : Debug: TLS_accept: SSLv3 write server done A Fri Sep 21 15:38:20 2007 : Debug: TLS_accept: SSLv3 flush data Fri Sep 21 15:38:20 2007 : Debug: TLS_accept: Need to read more data: SSLv3 read client certificate A Fri Sep 21 15:38:20 2007 : Debug: In SSL Handshake Phase Fri Sep 21 15:38:20 2007 : Debug: In SSL Accept mode Fri Sep 21 15:38:20 2007 : Debug: eaptls_process returned 13 Fri Sep 21 15:38:20 2007 : Debug: modsingle[authenticate]: returned from eap (rlm_eap) for request 2 Fri Sep 21 15:38:20 2007 : Debug: modcall[authenticate]: module "eap" returns handled for request 2 Fri Sep 21 15:38:20 2007 : Debug: modcall: leaving group authenticate (returns handled) for request 2 Sending Access-Challenge of id 199 to 192.168.240.131 port 1812 Tunnel-Type:0 = VLAN Tunnel-Medium-Type:0 = IEEE-802 Tunnel-Private-Group-Id:0 = "245" EAP-Message = 0x0102040a15c000000b51160301004a02000046030146f3c94caed01fec0449a238d23b7224fcc8de65a023203cfe9dcffe8c66f8a820eb7ff5283968257ba4126b8ba1baf7d9b71d86ec33f960e57138d7603d9c77c5000a001603010af40b000af0000aed00040b30820407308202efa00302010202022aa9300d06092a864886f70d01010505003034310b3009060355040613024652310d300b060355040a1304434e5253311630140603550403130d434e52532d5374616e64617264301e170d3035313133303130323130305a170d3037313133303130323130305a3074310b3009060355040613024652310d300b060355040a1304434e525331 EAP-Message = 0x0e300c060355040b130555505231313120301e060355040313177261646975732e6772656e6f626c652e636e72732e66723124302206092a864886f70d010901161563726963406772656e6f626c652e636e72732e667230819f300d06092a864886f70d010101050003818d0030818902818100df35c7c5f7a9736b6ef45af154865888cb1feb2db74bee23a5d120e00d78f8776297efd28914c82b5e6253cf51b3b30b400dcadf9f96cf661554915043065443c6e22931cfb82ac8fd6af4a31083a57df1b5ac8a604d05e6bc3a02dd1f2b2570cc757346d93c1e8ddcb9f3f24042bcea5f731598f278f8715d1ea042580c3a930203010001a3820165 EAP-Message = 0x30820161300c0603551d130101ff04023000301106096086480186f84201010404030206c0300e0603551d0f0101ff0404030205e0301d0603551d250416301406082b0601050507030106082b06010505070302302f06096086480186f842010d0422162043657274696669636174207365727665757220434e52532d5374616e64617264301d0603551d0e04160414b201d9549927db5f2e5410d6b2b65ead9d77670c30530603551d23044c304a80146759a5e507744903ef05cfcc2ea418d510c89e3ca12fa42d302b310b3009060355040613024652310d300b060355040a1304434e5253310d300b06035504031304434e525382010230220603 EAP-Message = 0x551d11041b301982177261646975732e6772656e6f626c652e636e72732e667230460603551d1f043f303d303ba039a0378635687474703a2f2f63726c732e73657276696365732e636e72732e66722f434e52532d5374616e646172642f6765746465722e63726c300d06092a864886f70d010105050003820101000e12aad10f16c2e9e9dbc19673908f0168a4223139663ab18dadeecdd7106cdedd0f232c94b8e29cfe170ed0c2635518ac66b75bfff4e4cafb094c50eaef77d7990c9a75eda36f4cfb378188fe77368baab090f41d03742ca7c33eae07d8cd96d7268429385a1be32ee728175463a20e171d756011031039315a4b6a0c8923e9aa EAP-Message = 0x4f960ff197f0e929a194b0af6b8d41ce78620d7ef1d0 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x771be40c272b93e1350584e782de430b Fri Sep 21 15:38:20 2007 : Debug: Finished request 2 Fri Sep 21 15:38:20 2007 : Debug: Going to the next request Fri Sep 21 15:38:20 2007 : Debug: Waking up in 6 seconds... rad_recv: Access-Request packet from host 192.168.240.131:1812, id=200, length=152 NAS-IP-Address = 192.168.240.131 NAS-Port = 50019 NAS-Port-Type = Ethernet User-Name = "dominique.fournier" Called-Station-Id = "00-08-A3-72-C9-13" Calling-Station-Id = "00-30-13-C5-96-6D" Service-Type = Framed-User Framed-MTU = 1500 State = 0x771be40c272b93e1350584e782de430b EAP-Message = 0x020200061500 Message-Authenticator = 0xdf8b6510c972bb4d07bf1f92235d3ee7 Fri Sep 21 15:38:20 2007 : Debug: Processing the authorize section of radiusd.conf Fri Sep 21 15:38:20 2007 : Debug: modcall: entering group authorize for request 3 Fri Sep 21 15:38:20 2007 : Debug: modsingle[authorize]: calling preprocess (rlm_preprocess) for request 3 Fri Sep 21 15:38:20 2007 : Debug: modsingle[authorize]: returned from preprocess (rlm_preprocess) for request 3 Fri Sep 21 15:38:20 2007 : Debug: modcall[authorize]: module "preprocess" returns ok for request 3 Fri Sep 21 15:38:20 2007 : Debug: modsingle[authorize]: calling suffix (rlm_realm) for request 3 Fri Sep 21 15:38:20 2007 : Debug: rlm_realm: No '@' in User-Name = "dominique.fournier", looking up realm NULL Fri Sep 21 15:38:20 2007 : Debug: rlm_realm: Found realm "NULL" Fri Sep 21 15:38:20 2007 : Debug: rlm_realm: Adding Stripped-User-Name = "dominique.fournier" Fri Sep 21 15:38:20 2007 : Debug: rlm_realm: Proxying request from user dominique.fournier to realm NULL Fri Sep 21 15:38:20 2007 : Debug: rlm_realm: Adding Realm = "NULL" Fri Sep 21 15:38:20 2007 : Debug: rlm_realm: Authentication realm is LOCAL. Fri Sep 21 15:38:20 2007 : Debug: modsingle[authorize]: returned from suffix (rlm_realm) for request 3 Fri Sep 21 15:38:20 2007 : Debug: modcall[authorize]: module "suffix" returns noop for request 3 Fri Sep 21 15:38:20 2007 : Debug: modsingle[authorize]: calling eap (rlm_eap) for request 3 Fri Sep 21 15:38:20 2007 : Debug: rlm_eap: EAP packet type response id 2 length 6 Fri Sep 21 15:38:20 2007 : Debug: rlm_eap: No EAP Start, assuming it's an on-going EAP conversation Fri Sep 21 15:38:20 2007 : Debug: modsingle[authorize]: returned from eap (rlm_eap) for request 3 Fri Sep 21 15:38:20 2007 : Debug: modcall[authorize]: module "eap" returns updated for request 3 Fri Sep 21 15:38:20 2007 : Debug: modsingle[authorize]: calling files (rlm_files) for request 3 Fri Sep 21 15:38:20 2007 : Debug: rlm_ldap: Entering ldap_groupcmp() Fri Sep 21 15:38:20 2007 : Debug: radius_xlat: 'ou=users,dc=grenoble,dc=cnrs,dc=fr' Fri Sep 21 15:38:20 2007 : Debug: radius_xlat: '(|(|(uid=dominique.fournier)(mail=dominique.fournier))(mail=dominique.fournier@grenoble.cnrs.fr))' Fri Sep 21 15:38:20 2007 : Debug: rlm_ldap: ldap_get_conn: Checking Id: 0 Fri Sep 21 15:38:20 2007 : Debug: rlm_ldap: ldap_get_conn: Got Id: 0 Fri Sep 21 15:38:20 2007 : Debug: rlm_ldap: performing search in ou=users,dc=grenoble,dc=cnrs,dc=fr, with filter (|(|(uid=dominique.fournier)(mail=dominique.fournier))(mail=dominique.fournier@grenoble.cnrs.fr)) Fri Sep 21 15:38:20 2007 : Debug: rlm_ldap: ldap_release_conn: Release Id: 0 Fri Sep 21 15:38:20 2007 : Debug: radius_xlat: '(|(|(uid=dominique.fournier)(mail=dominique.fournier))(mail=dominique.fournier@grenoble.cnrs.fr))' Fri Sep 21 15:38:20 2007 : Debug: rlm_ldap: ldap_get_conn: Checking Id: 0 Fri Sep 21 15:38:20 2007 : Debug: rlm_ldap: ldap_get_conn: Got Id: 0 Fri Sep 21 15:38:20 2007 : Debug: rlm_ldap: performing search in ou=users,dc=grenoble,dc=cnrs,dc=fr, with filter (&(radiusGroupName=interneTEST)(|(|(uid=dominique.fournier)(mail=dominique.fournier))(mail=dominique.fournier@grenoble.cnrs.fr))) Fri Sep 21 15:38:20 2007 : Debug: rlm_ldap: object not found or got ambiguous search result Fri Sep 21 15:38:20 2007 : Debug: rlm_ldap: ldap_release_conn: Release Id: 0 Fri Sep 21 15:38:20 2007 : Debug: rlm_ldap: ldap_get_conn: Checking Id: 0 Fri Sep 21 15:38:20 2007 : Debug: rlm_ldap: ldap_get_conn: Got Id: 0 Fri Sep 21 15:38:20 2007 : Debug: rlm_ldap: performing search in uid=dominique.fournier,ou=neel,ou=users,dc=grenoble,dc=cnrs,dc=fr, with filter (objectclass=*) Fri Sep 21 15:38:20 2007 : Debug: rlm_ldap::groupcmp: Group interneTEST not found ????or user not a member Fri Sep 21 15:38:20 2007 : Debug: rlm_ldap: ldap_release_conn: Release Id: 0 Fri Sep 21 15:38:20 2007 : Debug: rlm_ldap: Entering ldap_groupcmp() Fri Sep 21 15:38:20 2007 : Debug: radius_xlat: 'ou=users,dc=grenoble,dc=cnrs,dc=fr' Fri Sep 21 15:38:20 2007 : Debug: radius_xlat: '(|(|(uid=dominique.fournier)(mail=dominique.fournier))(mail=dominique.fournier@grenoble.cnrs.fr))' Fri Sep 21 15:38:20 2007 : Debug: rlm_ldap: ldap_get_conn: Checking Id: 0 Fri Sep 21 15:38:20 2007 : Debug: rlm_ldap: ldap_get_conn: Got Id: 0 Fri Sep 21 15:38:20 2007 : Debug: rlm_ldap: performing search in ou=users,dc=grenoble,dc=cnrs,dc=fr, with filter (&(radiusGroupName=inviteTEST)(|(|(uid=dominique.fournier)(mail=dominique.fournier))(mail=dominique.fournier@grenoble.cnrs.fr))) Fri Sep 21 15:38:20 2007 : Debug: rlm_ldap: object not found or got ambiguous search result Fri Sep 21 15:38:20 2007 : Debug: rlm_ldap: ldap_release_conn: Release Id: 0 Fri Sep 21 15:38:20 2007 : Debug: rlm_ldap: ldap_get_conn: Checking Id: 0 Fri Sep 21 15:38:20 2007 : Debug: rlm_ldap: ldap_get_conn: Got Id: 0 Fri Sep 21 15:38:20 2007 : Debug: rlm_ldap: performing search in uid=dominique.fournier,ou=neel,ou=users,dc=grenoble,dc=cnrs,dc=fr, with filter (objectclass=*) Fri Sep 21 15:38:20 2007 : Debug: rlm_ldap::groupcmp: Group inviteTEST not found ????or user not a member Fri Sep 21 15:38:20 2007 : Debug: rlm_ldap: ldap_release_conn: Release Id: 0 Fri Sep 21 15:38:20 2007 : Debug: rlm_ldap: Entering ldap_groupcmp() Fri Sep 21 15:38:20 2007 : Debug: radius_xlat: 'ou=users,dc=grenoble,dc=cnrs,dc=fr' Fri Sep 21 15:38:20 2007 : Debug: radius_xlat: '(|(|(uid=dominique.fournier)(mail=dominique.fournier))(mail=dominique.fournier@grenoble.cnrs.fr))' Fri Sep 21 15:38:20 2007 : Debug: rlm_ldap: ldap_get_conn: Checking Id: 0 Fri Sep 21 15:38:20 2007 : Debug: rlm_ldap: ldap_get_conn: Got Id: 0 Fri Sep 21 15:38:20 2007 : Debug: rlm_ldap: performing search in ou=users,dc=grenoble,dc=cnrs,dc=fr, with filter (&(radiusGroupName=interne*)(|(|(uid=dominique.fournier)(mail=dominique.fournier))(mail=dominique.fournier@grenoble.cnrs.fr))) Fri Sep 21 15:38:20 2007 : Debug: rlm_ldap::ldap_groupcmp: User found in group interne* Fri Sep 21 15:38:20 2007 : Debug: rlm_ldap: ldap_release_conn: Release Id: 0 Fri Sep 21 15:38:20 2007 : Debug: users: Matched entry DEFAULT at line 335 Fri Sep 21 15:38:20 2007 : Debug: modsingle[authorize]: returned from files (rlm_files) for request 3 Fri Sep 21 15:38:20 2007 : Debug: modcall[authorize]: module "files" returns ok for request 3 Fri Sep 21 15:38:20 2007 : Debug: modsingle[authorize]: calling pap (rlm_pap) for request 3 Fri Sep 21 15:38:20 2007 : Debug: rlm_pap: WARNING! No "known good" password found for the user. Authentication may fail because of this. Fri Sep 21 15:38:20 2007 : Debug: modsingle[authorize]: returned from pap (rlm_pap) for request 3 Fri Sep 21 15:38:20 2007 : Debug: modcall[authorize]: module "pap" returns noop for request 3 Fri Sep 21 15:38:20 2007 : Debug: modcall: leaving group authorize (returns updated) for request 3 Fri Sep 21 15:38:20 2007 : Debug: Found Autz-Type ldap Fri Sep 21 15:38:20 2007 : Debug: Processing the authorize section of radiusd.conf Fri Sep 21 15:38:20 2007 : Debug: modcall: entering group LDAP for request 3 Fri Sep 21 15:38:20 2007 : Debug: modsingle[authorize]: calling ldap (rlm_ldap) for request 3 Fri Sep 21 15:38:20 2007 : Debug: rlm_ldap: - authorize Fri Sep 21 15:38:20 2007 : Debug: rlm_ldap: performing user authorization for dominique.fournier Fri Sep 21 15:38:20 2007 : Debug: radius_xlat: '(|(|(uid=dominique.fournier)(mail=dominique.fournier))(mail=dominique.fournier@grenoble.cnrs.fr))' Fri Sep 21 15:38:20 2007 : Debug: radius_xlat: 'ou=users,dc=grenoble,dc=cnrs,dc=fr' Fri Sep 21 15:38:20 2007 : Debug: rlm_ldap: ldap_get_conn: Checking Id: 0 Fri Sep 21 15:38:20 2007 : Debug: rlm_ldap: ldap_get_conn: Got Id: 0 Fri Sep 21 15:38:20 2007 : Debug: rlm_ldap: performing search in ou=users,dc=grenoble,dc=cnrs,dc=fr, with filter (|(|(uid=dominique.fournier)(mail=dominique.fournier))(mail=dominique.fournier@grenoble.cnrs.fr)) Fri Sep 21 15:38:20 2007 : Debug: rlm_ldap: No default NMAS login sequence Fri Sep 21 15:38:20 2007 : Debug: rlm_ldap: looking for check items in directory... Fri Sep 21 15:38:20 2007 : Debug: rlm_ldap: looking for reply items in directory... Fri Sep 21 15:38:20 2007 : Debug: rlm_ldap: user dominique.fournier authorized to use remote access Fri Sep 21 15:38:20 2007 : Debug: rlm_ldap: ldap_release_conn: Release Id: 0 Fri Sep 21 15:38:20 2007 : Debug: modsingle[authorize]: returned from ldap (rlm_ldap) for request 3 Fri Sep 21 15:38:20 2007 : Debug: modcall[authorize]: module "ldap" returns ok for request 3 Fri Sep 21 15:38:20 2007 : Debug: modcall: leaving group LDAP (returns ok) for request 3 Fri Sep 21 15:38:20 2007 : Debug: rad_check_password: Found Auth-Type EAP Fri Sep 21 15:38:20 2007 : Debug: auth: type "EAP" Fri Sep 21 15:38:20 2007 : Debug: Processing the authenticate section of radiusd.conf Fri Sep 21 15:38:20 2007 : Debug: modcall: entering group authenticate for request 3 Fri Sep 21 15:38:20 2007 : Debug: modsingle[authenticate]: calling eap (rlm_eap) for request 3 Fri Sep 21 15:38:20 2007 : Debug: rlm_eap: Request found, released from the list Fri Sep 21 15:38:20 2007 : Debug: rlm_eap: EAP/ttls Fri Sep 21 15:38:20 2007 : Debug: rlm_eap: processing type ttls Fri Sep 21 15:38:20 2007 : Debug: rlm_eap_ttls: Authenticate Fri Sep 21 15:38:20 2007 : Debug: rlm_eap_tls: processing TLS Fri Sep 21 15:38:20 2007 : Debug: rlm_eap_tls: Received EAP-TLS ACK message Fri Sep 21 15:38:20 2007 : Debug: rlm_eap_tls: ack handshake fragment handler Fri Sep 21 15:38:20 2007 : Debug: eaptls_verify returned 1 Fri Sep 21 15:38:20 2007 : Debug: eaptls_process returned 13 Fri Sep 21 15:38:20 2007 : Debug: modsingle[authenticate]: returned from eap (rlm_eap) for request 3 Fri Sep 21 15:38:20 2007 : Debug: modcall[authenticate]: module "eap" returns handled for request 3 Fri Sep 21 15:38:20 2007 : Debug: modcall: leaving group authenticate (returns handled) for request 3 Sending Access-Challenge of id 200 to 192.168.240.131 port 1812 Tunnel-Type:0 = VLAN Tunnel-Medium-Type:0 = IEEE-802 Tunnel-Private-Group-Id:0 = "245" EAP-Message = 0x0103040a15c000000b51aef2010152718af34680242d09db9cfb824a49fb9fa25efb658d57bbf5f56d38a151404c9c6d6e5c14f1d82b180210568b32f2c8543ef9c3ae4ea1d535f7a1fc050ee430fa5d23db9663fa14e907f1f7fd32049d94f09fc1b959718cd615361b16db16dc7122bb17d80003713082036d30820255a003020102020102300d06092a864886f70d0101040500302b310b3009060355040613024652310d300b060355040a1304434e5253310d300b06035504031304434e5253301e170d3031303432373035343634395a170d3131303432353035343634395a3034310b3009060355040613024652310d300b060355040a130443 EAP-Message = 0x4e5253311630140603550403130d434e52532d5374616e6461726430820122300d06092a864886f70d01010105000382010f003082010a0282010100dce11e213d068beabd5eb488db0f9397b46d073d8662002dcaffb54a8ee756a48f612cf1a02aabf62add7c2cbfef75550bac094ee74e61c0e70cf09015451202c28cebc31264e26310182ecb0731d981e5dc29829b3156e2811e8a6fa7e8a958114456835db34e78702ddfb6fd728145d5f1ee4dceefbed53d0c9020459a0980af0f4cda200e80bf3ab3eb2780c0b90fc0a14e40dc3afd6a2abf40d52c7180f9f8ba6be4ea2a00ab2fbe9af0a7766d98299c0f2ff042f218975bc9f6cc195fbac2 EAP-Message = 0xbe12d25cb09094c0b7cb0604ef8f30ed322d7a4af793bba009a4b4ee33cbd0839bb5b5b390de8e901e599c20d54b1eedd74c4f86fa1c3a2aa1e9ac05a09dbf0203010001a3819230818f300c0603551d13040530030101ff301d0603551d0e041604146759a5e507744903ef05cfcc2ea418d510c89e3c30530603551d23044c304a801456eb68b9d25c7e98b5a553c3916f6358c4f96bb7a12fa42d302b310b3009060355040613024652310d300b060355040a1304434e5253310d300b06035504031304434e5253820100300b0603551d0f040403020106300d06092a864886f70d0101040500038201010006034783724590c24ee121d7ab17a901 EAP-Message = 0x5506ca406d55a21d5eebe2142359e409e290f63c8d36060f4ba7262365c2ea069a72bbb88ccb8a5fef7936257e00d7f30694fb8344292637c7eee987ce6c86801b713dd262aff6cd626c530fe67a93008c7b2e33e0411daabe659876f1950774b3e63f5375d54b06364b29c4f6dc8e138040107382ad157b047150b53733f2c864bba1107e36c6adaf6f7052a6d1aeccccbab0e859128f620dad03dd4b2ae8893988512fed61e8b73087db27556d6687a351098061715105be131dd94130fc755f0a969b18ffbe9081b413c0721108fd6a9a6a07bdf4832cb460366407fa3d6aa7b090047683dd33cb34e21798040ba1000368308203643082024ca003 EAP-Message = 0x020102020100300d06092a864886f70d010104050030 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x85b7174e8bfe4939154589e21dcadeb9 Fri Sep 21 15:38:20 2007 : Debug: Finished request 3 Fri Sep 21 15:38:20 2007 : Debug: Going to the next request Fri Sep 21 15:38:20 2007 : Debug: Waking up in 6 seconds... rad_recv: Access-Request packet from host 192.168.240.131:1812, id=201, length=152 NAS-IP-Address = 192.168.240.131 NAS-Port = 50019 NAS-Port-Type = Ethernet User-Name = "dominique.fournier" Called-Station-Id = "00-08-A3-72-C9-13" Calling-Station-Id = "00-30-13-C5-96-6D" Service-Type = Framed-User Framed-MTU = 1500 State = 0x85b7174e8bfe4939154589e21dcadeb9 EAP-Message = 0x020300061500 Message-Authenticator = 0xa7c6aec2367408b63a9ff7cb489c2a20 Fri Sep 21 15:38:20 2007 : Debug: Processing the authorize section of radiusd.conf Fri Sep 21 15:38:20 2007 : Debug: modcall: entering group authorize for request 4 Fri Sep 21 15:38:20 2007 : Debug: modsingle[authorize]: calling preprocess (rlm_preprocess) for request 4 Fri Sep 21 15:38:20 2007 : Debug: modsingle[authorize]: returned from preprocess (rlm_preprocess) for request 4 Fri Sep 21 15:38:20 2007 : Debug: modcall[authorize]: module "preprocess" returns ok for request 4 Fri Sep 21 15:38:20 2007 : Debug: modsingle[authorize]: calling suffix (rlm_realm) for request 4 Fri Sep 21 15:38:20 2007 : Debug: rlm_realm: No '@' in User-Name = "dominique.fournier", looking up realm NULL Fri Sep 21 15:38:20 2007 : Debug: rlm_realm: Found realm "NULL" Fri Sep 21 15:38:20 2007 : Debug: rlm_realm: Adding Stripped-User-Name = "dominique.fournier" Fri Sep 21 15:38:20 2007 : Debug: rlm_realm: Proxying request from user dominique.fournier to realm NULL Fri Sep 21 15:38:20 2007 : Debug: rlm_realm: Adding Realm = "NULL" Fri Sep 21 15:38:20 2007 : Debug: rlm_realm: Authentication realm is LOCAL. Fri Sep 21 15:38:20 2007 : Debug: modsingle[authorize]: returned from suffix (rlm_realm) for request 4 Fri Sep 21 15:38:20 2007 : Debug: modcall[authorize]: module "suffix" returns noop for request 4 Fri Sep 21 15:38:20 2007 : Debug: modsingle[authorize]: calling eap (rlm_eap) for request 4 Fri Sep 21 15:38:20 2007 : Debug: rlm_eap: EAP packet type response id 3 length 6 Fri Sep 21 15:38:20 2007 : Debug: rlm_eap: No EAP Start, assuming it's an on-going EAP conversation Fri Sep 21 15:38:20 2007 : Debug: modsingle[authorize]: returned from eap (rlm_eap) for request 4 Fri Sep 21 15:38:20 2007 : Debug: modcall[authorize]: module "eap" returns updated for request 4 Fri Sep 21 15:38:20 2007 : Debug: modsingle[authorize]: calling files (rlm_files) for request 4 Fri Sep 21 15:38:20 2007 : Debug: rlm_ldap: Entering ldap_groupcmp() Fri Sep 21 15:38:20 2007 : Debug: radius_xlat: 'ou=users,dc=grenoble,dc=cnrs,dc=fr' Fri Sep 21 15:38:20 2007 : Debug: radius_xlat: '(|(|(uid=dominique.fournier)(mail=dominique.fournier))(mail=dominique.fournier@grenoble.cnrs.fr))' Fri Sep 21 15:38:20 2007 : Debug: rlm_ldap: ldap_get_conn: Checking Id: 0 Fri Sep 21 15:38:20 2007 : Debug: rlm_ldap: ldap_get_conn: Got Id: 0 Fri Sep 21 15:38:20 2007 : Debug: rlm_ldap: performing search in ou=users,dc=grenoble,dc=cnrs,dc=fr, with filter (|(|(uid=dominique.fournier)(mail=dominique.fournier))(mail=dominique.fournier@grenoble.cnrs.fr)) Fri Sep 21 15:38:20 2007 : Debug: rlm_ldap: ldap_release_conn: Release Id: 0 Fri Sep 21 15:38:20 2007 : Debug: radius_xlat: '(|(|(uid=dominique.fournier)(mail=dominique.fournier))(mail=dominique.fournier@grenoble.cnrs.fr))' Fri Sep 21 15:38:20 2007 : Debug: rlm_ldap: ldap_get_conn: Checking Id: 0 Fri Sep 21 15:38:20 2007 : Debug: rlm_ldap: ldap_get_conn: Got Id: 0 Fri Sep 21 15:38:20 2007 : Debug: rlm_ldap: performing search in ou=users,dc=grenoble,dc=cnrs,dc=fr, with filter (&(radiusGroupName=interneTEST)(|(|(uid=dominique.fournier)(mail=dominique.fournier))(mail=dominique.fournier@grenoble.cnrs.fr))) Fri Sep 21 15:38:20 2007 : Debug: rlm_ldap: object not found or got ambiguous search result Fri Sep 21 15:38:20 2007 : Debug: rlm_ldap: ldap_release_conn: Release Id: 0 Fri Sep 21 15:38:20 2007 : Debug: rlm_ldap: ldap_get_conn: Checking Id: 0 Fri Sep 21 15:38:20 2007 : Debug: rlm_ldap: ldap_get_conn: Got Id: 0 Fri Sep 21 15:38:20 2007 : Debug: rlm_ldap: performing search in uid=dominique.fournier,ou=neel,ou=users,dc=grenoble,dc=cnrs,dc=fr, with filter (objectclass=*) Fri Sep 21 15:38:20 2007 : Debug: rlm_ldap::groupcmp: Group interneTEST not found ????or user not a member Fri Sep 21 15:38:20 2007 : Debug: rlm_ldap: ldap_release_conn: Release Id: 0 Fri Sep 21 15:38:20 2007 : Debug: rlm_ldap: Entering ldap_groupcmp() Fri Sep 21 15:38:20 2007 : Debug: radius_xlat: 'ou=users,dc=grenoble,dc=cnrs,dc=fr' Fri Sep 21 15:38:20 2007 : Debug: radius_xlat: '(|(|(uid=dominique.fournier)(mail=dominique.fournier))(mail=dominique.fournier@grenoble.cnrs.fr))' Fri Sep 21 15:38:20 2007 : Debug: rlm_ldap: ldap_get_conn: Checking Id: 0 Fri Sep 21 15:38:20 2007 : Debug: rlm_ldap: ldap_get_conn: Got Id: 0 Fri Sep 21 15:38:20 2007 : Debug: rlm_ldap: performing search in ou=users,dc=grenoble,dc=cnrs,dc=fr, with filter (&(radiusGroupName=inviteTEST)(|(|(uid=dominique.fournier)(mail=dominique.fournier))(mail=dominique.fournier@grenoble.cnrs.fr))) Fri Sep 21 15:38:20 2007 : Debug: rlm_ldap: object not found or got ambiguous search result Fri Sep 21 15:38:20 2007 : Debug: rlm_ldap: ldap_release_conn: Release Id: 0 Fri Sep 21 15:38:20 2007 : Debug: rlm_ldap: ldap_get_conn: Checking Id: 0 Fri Sep 21 15:38:20 2007 : Debug: rlm_ldap: ldap_get_conn: Got Id: 0 Fri Sep 21 15:38:20 2007 : Debug: rlm_ldap: performing search in uid=dominique.fournier,ou=neel,ou=users,dc=grenoble,dc=cnrs,dc=fr, with filter (objectclass=*) Fri Sep 21 15:38:20 2007 : Debug: rlm_ldap::groupcmp: Group inviteTEST not found ????or user not a member Fri Sep 21 15:38:20 2007 : Debug: rlm_ldap: ldap_release_conn: Release Id: 0 Fri Sep 21 15:38:20 2007 : Debug: rlm_ldap: Entering ldap_groupcmp() Fri Sep 21 15:38:20 2007 : Debug: radius_xlat: 'ou=users,dc=grenoble,dc=cnrs,dc=fr' Fri Sep 21 15:38:20 2007 : Debug: radius_xlat: '(|(|(uid=dominique.fournier)(mail=dominique.fournier))(mail=dominique.fournier@grenoble.cnrs.fr))' Fri Sep 21 15:38:20 2007 : Debug: rlm_ldap: ldap_get_conn: Checking Id: 0 Fri Sep 21 15:38:20 2007 : Debug: rlm_ldap: ldap_get_conn: Got Id: 0 Fri Sep 21 15:38:20 2007 : Debug: rlm_ldap: performing search in ou=users,dc=grenoble,dc=cnrs,dc=fr, with filter (&(radiusGroupName=interne*)(|(|(uid=dominique.fournier)(mail=dominique.fournier))(mail=dominique.fournier@grenoble.cnrs.fr))) Fri Sep 21 15:38:20 2007 : Debug: rlm_ldap::ldap_groupcmp: User found in group interne* Fri Sep 21 15:38:20 2007 : Debug: rlm_ldap: ldap_release_conn: Release Id: 0 Fri Sep 21 15:38:20 2007 : Debug: users: Matched entry DEFAULT at line 335 Fri Sep 21 15:38:20 2007 : Debug: modsingle[authorize]: returned from files (rlm_files) for request 4 Fri Sep 21 15:38:20 2007 : Debug: modcall[authorize]: module "files" returns ok for request 4 Fri Sep 21 15:38:20 2007 : Debug: modsingle[authorize]: calling pap (rlm_pap) for request 4 Fri Sep 21 15:38:20 2007 : Debug: rlm_pap: WARNING! No "known good" password found for the user. Authentication may fail because of this. Fri Sep 21 15:38:20 2007 : Debug: modsingle[authorize]: returned from pap (rlm_pap) for request 4 Fri Sep 21 15:38:20 2007 : Debug: modcall[authorize]: module "pap" returns noop for request 4 Fri Sep 21 15:38:20 2007 : Debug: modcall: leaving group authorize (returns updated) for request 4 Fri Sep 21 15:38:20 2007 : Debug: Found Autz-Type ldap Fri Sep 21 15:38:20 2007 : Debug: Processing the authorize section of radiusd.conf Fri Sep 21 15:38:20 2007 : Debug: modcall: entering group LDAP for request 4 Fri Sep 21 15:38:20 2007 : Debug: modsingle[authorize]: calling ldap (rlm_ldap) for request 4 Fri Sep 21 15:38:20 2007 : Debug: rlm_ldap: - authorize Fri Sep 21 15:38:20 2007 : Debug: rlm_ldap: performing user authorization for dominique.fournier Fri Sep 21 15:38:20 2007 : Debug: radius_xlat: '(|(|(uid=dominique.fournier)(mail=dominique.fournier))(mail=dominique.fournier@grenoble.cnrs.fr))' Fri Sep 21 15:38:20 2007 : Debug: radius_xlat: 'ou=users,dc=grenoble,dc=cnrs,dc=fr' Fri Sep 21 15:38:20 2007 : Debug: rlm_ldap: ldap_get_conn: Checking Id: 0 Fri Sep 21 15:38:20 2007 : Debug: rlm_ldap: ldap_get_conn: Got Id: 0 Fri Sep 21 15:38:20 2007 : Debug: rlm_ldap: performing search in ou=users,dc=grenoble,dc=cnrs,dc=fr, with filter (|(|(uid=dominique.fournier)(mail=dominique.fournier))(mail=dominique.fournier@grenoble.cnrs.fr)) Fri Sep 21 15:38:20 2007 : Debug: rlm_ldap: No default NMAS login sequence Fri Sep 21 15:38:20 2007 : Debug: rlm_ldap: looking for check items in directory... Fri Sep 21 15:38:20 2007 : Debug: rlm_ldap: looking for reply items in directory... Fri Sep 21 15:38:20 2007 : Debug: rlm_ldap: user dominique.fournier authorized to use remote access Fri Sep 21 15:38:20 2007 : Debug: rlm_ldap: ldap_release_conn: Release Id: 0 Fri Sep 21 15:38:20 2007 : Debug: modsingle[authorize]: returned from ldap (rlm_ldap) for request 4 Fri Sep 21 15:38:20 2007 : Debug: modcall[authorize]: module "ldap" returns ok for request 4 Fri Sep 21 15:38:20 2007 : Debug: modcall: leaving group LDAP (returns ok) for request 4 Fri Sep 21 15:38:20 2007 : Debug: rad_check_password: Found Auth-Type EAP Fri Sep 21 15:38:20 2007 : Debug: auth: type "EAP" Fri Sep 21 15:38:20 2007 : Debug: Processing the authenticate section of radiusd.conf Fri Sep 21 15:38:20 2007 : Debug: modcall: entering group authenticate for request 4 Fri Sep 21 15:38:20 2007 : Debug: modsingle[authenticate]: calling eap (rlm_eap) for request 4 Fri Sep 21 15:38:20 2007 : Debug: rlm_eap: Request found, released from the list Fri Sep 21 15:38:20 2007 : Debug: rlm_eap: EAP/ttls Fri Sep 21 15:38:20 2007 : Debug: rlm_eap: processing type ttls Fri Sep 21 15:38:20 2007 : Debug: rlm_eap_ttls: Authenticate Fri Sep 21 15:38:20 2007 : Debug: rlm_eap_tls: processing TLS Fri Sep 21 15:38:20 2007 : Debug: rlm_eap_tls: Received EAP-TLS ACK message Fri Sep 21 15:38:20 2007 : Debug: rlm_eap_tls: ack handshake fragment handler Fri Sep 21 15:38:20 2007 : Debug: eaptls_verify returned 1 Fri Sep 21 15:38:20 2007 : Debug: eaptls_process returned 13 Fri Sep 21 15:38:20 2007 : Debug: modsingle[authenticate]: returned from eap (rlm_eap) for request 4 Fri Sep 21 15:38:20 2007 : Debug: modcall[authenticate]: module "eap" returns handled for request 4 Fri Sep 21 15:38:20 2007 : Debug: modcall: leaving group authenticate (returns handled) for request 4 Sending Access-Challenge of id 201 to 192.168.240.131 port 1812 Tunnel-Type:0 = VLAN Tunnel-Medium-Type:0 = IEEE-802 Tunnel-Private-Group-Id:0 = "245" EAP-Message = 0x0104035b158000000b512b310b3009060355040613024652310d300b060355040a1304434e5253310d300b06035504031304434e5253301e170d3031303432373035343433365a170d3231303432323035343433365a302b310b3009060355040613024652310d300b060355040a1304434e5253310d300b06035504031304434e525330820122300d06092a864886f70d01010105000382010f003082010a0282010100dd77abf1eafc78b514a1dc776256978c2fb754c24c54a6d47d22477b74a9f7e3ad7c55b214f0485d988f02bd9211b6884fc415f56f585bf789b527eaafa0fca08e88868f9f24b6904e24dc67d04f8f7e562d1b280772b11767 EAP-Message = 0xa00edb424ec37cb425a2f88c04b1a9825d8c8fd4837beeaa9fd7d2dbf65b6ec28110d69aab5d881c36ca0564684b8b9ec0509423fdb628b5af5da4dda6c5d3d8572b3ef8b5bac4d8ff12225f24690762e4344a0877ca30bbecd3ed759068a28c717227de15262c2521842a9e5718817223bd661f0fe3b7bd17da12ba1954f41c2d8f715233b1b628b67a68cb9a4d5238fa488cc14b89968fc6175bcbb90e0e815c1ac7343957bd0203010001a3819230818f300c0603551d13040530030101ff301d0603551d0e0416041456eb68b9d25c7e98b5a553c3916f6358c4f96bb730530603551d23044c304a801456eb68b9d25c7e98b5a553c3916f6358c4 EAP-Message = 0xf96bb7a12fa42d302b310b3009060355040613024652310d300b060355040a1304434e5253310d300b06035504031304434e5253820100300b0603551d0f040403020106300d06092a864886f70d0101040500038201010038d7c329bc7a77a25e164749865ed019386ade810802b9a7a002a688b80de24935cee6aaa234d2f9a384379a15e9592bb7bdcc11ae29218f8f9139fa9d77e2e839eaec2ed6ca4847224c65b1d3b66f581b342e8a109d128474a4795257005314c898de816ec50b75a75ae7d335084588f5845098f0073ec5863e2e095aa2dcb6a06b7b37ab9f03706eddf59cc00e05ecb5845b23b489211088adfb2d08e400131c55b38f77 EAP-Message = 0xbe20acdc011c797c670c5a5f4fb99489beab9a2c12b1a863c6628003fd4c7095bdc6e805dacbbe09a61fe96dd2852e43d31f1a5c76fe13766160f964d45878bf7fefe573a343da2a7f77db347972d98ee5a5ed52d0c4464c5f1baa16030100040e000000 Message-Authenticator = 0x00000000000000000000000000000000 State = 0xd0203343978478048aea347ef0b18563 Fri Sep 21 15:38:20 2007 : Debug: Finished request 4 Fri Sep 21 15:38:20 2007 : Debug: Going to the next request Fri Sep 21 15:38:20 2007 : Debug: Waking up in 6 seconds... rad_recv: Access-Request packet from host 192.168.240.131:1812, id=202, length=346 NAS-IP-Address = 192.168.240.131 NAS-Port = 50019 NAS-Port-Type = Ethernet User-Name = "dominique.fournier" Called-Station-Id = "00-08-A3-72-C9-13" Calling-Station-Id = "00-30-13-C5-96-6D" Service-Type = Framed-User Framed-MTU = 1500 State = 0xd0203343978478048aea347ef0b18563 EAP-Message = 0x020400c81580000000be1603010086100000820080b3082267683c4c8b2ed037409f865c1a26f2c5354868c757bdfb78128f5a0b3de9925e727b4921d6cb73120f461d809e34a45a36aa8ef01d234f5e1aaafd00638ab5305a66e502b8a392f3978d33442c0159a924a2d9af24ff55fc9d0af9749aa937b2906629624600f2720c4915f4a6ebe9b80298f5e49ed18241c14859ac101403010001011603010028326d4878c0e56767a1e9a97f11d3e11797321acaa48a2709cf7557f1df86a77f34c93aea42e50487 Message-Authenticator = 0x8e3862f2bdbe980880c41a653e90513d Fri Sep 21 15:38:21 2007 : Debug: Processing the authorize section of radiusd.conf Fri Sep 21 15:38:21 2007 : Debug: modcall: entering group authorize for request 5 Fri Sep 21 15:38:21 2007 : Debug: modsingle[authorize]: calling preprocess (rlm_preprocess) for request 5 Fri Sep 21 15:38:21 2007 : Debug: modsingle[authorize]: returned from preprocess (rlm_preprocess) for request 5 Fri Sep 21 15:38:21 2007 : Debug: modcall[authorize]: module "preprocess" returns ok for request 5 Fri Sep 21 15:38:21 2007 : Debug: modsingle[authorize]: calling suffix (rlm_realm) for request 5 Fri Sep 21 15:38:21 2007 : Debug: rlm_realm: No '@' in User-Name = "dominique.fournier", looking up realm NULL Fri Sep 21 15:38:21 2007 : Debug: rlm_realm: Found realm "NULL" Fri Sep 21 15:38:21 2007 : Debug: rlm_realm: Adding Stripped-User-Name = "dominique.fournier" Fri Sep 21 15:38:21 2007 : Debug: rlm_realm: Proxying request from user dominique.fournier to realm NULL Fri Sep 21 15:38:21 2007 : Debug: rlm_realm: Adding Realm = "NULL" Fri Sep 21 15:38:21 2007 : Debug: rlm_realm: Authentication realm is LOCAL. Fri Sep 21 15:38:21 2007 : Debug: modsingle[authorize]: returned from suffix (rlm_realm) for request 5 Fri Sep 21 15:38:21 2007 : Debug: modcall[authorize]: module "suffix" returns noop for request 5 Fri Sep 21 15:38:21 2007 : Debug: modsingle[authorize]: calling eap (rlm_eap) for request 5 Fri Sep 21 15:38:21 2007 : Debug: rlm_eap: EAP packet type response id 4 length 200 Fri Sep 21 15:38:21 2007 : Debug: rlm_eap: No EAP Start, assuming it's an on-going EAP conversation Fri Sep 21 15:38:21 2007 : Debug: modsingle[authorize]: returned from eap (rlm_eap) for request 5 Fri Sep 21 15:38:21 2007 : Debug: modcall[authorize]: module "eap" returns updated for request 5 Fri Sep 21 15:38:21 2007 : Debug: modsingle[authorize]: calling files (rlm_files) for request 5 Fri Sep 21 15:38:21 2007 : Debug: rlm_ldap: Entering ldap_groupcmp() Fri Sep 21 15:38:21 2007 : Debug: radius_xlat: 'ou=users,dc=grenoble,dc=cnrs,dc=fr' Fri Sep 21 15:38:21 2007 : Debug: radius_xlat: '(|(|(uid=dominique.fournier)(mail=dominique.fournier))(mail=dominique.fournier@grenoble.cnrs.fr))' Fri Sep 21 15:38:21 2007 : Debug: rlm_ldap: ldap_get_conn: Checking Id: 0 Fri Sep 21 15:38:21 2007 : Debug: rlm_ldap: ldap_get_conn: Got Id: 0 Fri Sep 21 15:38:21 2007 : Debug: rlm_ldap: performing search in ou=users,dc=grenoble,dc=cnrs,dc=fr, with filter (|(|(uid=dominique.fournier)(mail=dominique.fournier))(mail=dominique.fournier@grenoble.cnrs.fr)) Fri Sep 21 15:38:21 2007 : Debug: rlm_ldap: ldap_release_conn: Release Id: 0 Fri Sep 21 15:38:21 2007 : Debug: radius_xlat: '(|(|(uid=dominique.fournier)(mail=dominique.fournier))(mail=dominique.fournier@grenoble.cnrs.fr))' Fri Sep 21 15:38:21 2007 : Debug: rlm_ldap: ldap_get_conn: Checking Id: 0 Fri Sep 21 15:38:21 2007 : Debug: rlm_ldap: ldap_get_conn: Got Id: 0 Fri Sep 21 15:38:21 2007 : Debug: rlm_ldap: performing search in ou=users,dc=grenoble,dc=cnrs,dc=fr, with filter (&(radiusGroupName=interneTEST)(|(|(uid=dominique.fournier)(mail=dominique.fournier))(mail=dominique.fournier@grenoble.cnrs.fr))) Fri Sep 21 15:38:21 2007 : Debug: rlm_ldap: object not found or got ambiguous search result Fri Sep 21 15:38:21 2007 : Debug: rlm_ldap: ldap_release_conn: Release Id: 0 Fri Sep 21 15:38:21 2007 : Debug: rlm_ldap: ldap_get_conn: Checking Id: 0 Fri Sep 21 15:38:21 2007 : Debug: rlm_ldap: ldap_get_conn: Got Id: 0 Fri Sep 21 15:38:21 2007 : Debug: rlm_ldap: performing search in uid=dominique.fournier,ou=neel,ou=users,dc=grenoble,dc=cnrs,dc=fr, with filter (objectclass=*) Fri Sep 21 15:38:21 2007 : Debug: rlm_ldap::groupcmp: Group interneTEST not found ????or user not a member Fri Sep 21 15:38:21 2007 : Debug: rlm_ldap: ldap_release_conn: Release Id: 0 Fri Sep 21 15:38:21 2007 : Debug: rlm_ldap: Entering ldap_groupcmp() Fri Sep 21 15:38:21 2007 : Debug: radius_xlat: 'ou=users,dc=grenoble,dc=cnrs,dc=fr' Fri Sep 21 15:38:21 2007 : Debug: radius_xlat: '(|(|(uid=dominique.fournier)(mail=dominique.fournier))(mail=dominique.fournier@grenoble.cnrs.fr))' Fri Sep 21 15:38:21 2007 : Debug: rlm_ldap: ldap_get_conn: Checking Id: 0 Fri Sep 21 15:38:21 2007 : Debug: rlm_ldap: ldap_get_conn: Got Id: 0 Fri Sep 21 15:38:21 2007 : Debug: rlm_ldap: performing search in ou=users,dc=grenoble,dc=cnrs,dc=fr, with filter (&(radiusGroupName=inviteTEST)(|(|(uid=dominique.fournier)(mail=dominique.fournier))(mail=dominique.fournier@grenoble.cnrs.fr))) Fri Sep 21 15:38:21 2007 : Debug: rlm_ldap: object not found or got ambiguous search result Fri Sep 21 15:38:21 2007 : Debug: rlm_ldap: ldap_release_conn: Release Id: 0 Fri Sep 21 15:38:21 2007 : Debug: rlm_ldap: ldap_get_conn: Checking Id: 0 Fri Sep 21 15:38:21 2007 : Debug: rlm_ldap: ldap_get_conn: Got Id: 0 Fri Sep 21 15:38:21 2007 : Debug: rlm_ldap: performing search in uid=dominique.fournier,ou=neel,ou=users,dc=grenoble,dc=cnrs,dc=fr, with filter (objectclass=*) Fri Sep 21 15:38:21 2007 : Debug: rlm_ldap::groupcmp: Group inviteTEST not found ????or user not a member Fri Sep 21 15:38:21 2007 : Debug: rlm_ldap: ldap_release_conn: Release Id: 0 Fri Sep 21 15:38:21 2007 : Debug: rlm_ldap: Entering ldap_groupcmp() Fri Sep 21 15:38:21 2007 : Debug: radius_xlat: 'ou=users,dc=grenoble,dc=cnrs,dc=fr' Fri Sep 21 15:38:21 2007 : Debug: radius_xlat: '(|(|(uid=dominique.fournier)(mail=dominique.fournier))(mail=dominique.fournier@grenoble.cnrs.fr))' Fri Sep 21 15:38:21 2007 : Debug: rlm_ldap: ldap_get_conn: Checking Id: 0 Fri Sep 21 15:38:21 2007 : Debug: rlm_ldap: ldap_get_conn: Got Id: 0 Fri Sep 21 15:38:21 2007 : Debug: rlm_ldap: performing search in ou=users,dc=grenoble,dc=cnrs,dc=fr, with filter (&(radiusGroupName=interne*)(|(|(uid=dominique.fournier)(mail=dominique.fournier))(mail=dominique.fournier@grenoble.cnrs.fr))) Fri Sep 21 15:38:21 2007 : Debug: rlm_ldap::ldap_groupcmp: User found in group interne* Fri Sep 21 15:38:21 2007 : Debug: rlm_ldap: ldap_release_conn: Release Id: 0 Fri Sep 21 15:38:21 2007 : Debug: users: Matched entry DEFAULT at line 335 Fri Sep 21 15:38:21 2007 : Debug: modsingle[authorize]: returned from files (rlm_files) for request 5 Fri Sep 21 15:38:21 2007 : Debug: modcall[authorize]: module "files" returns ok for request 5 Fri Sep 21 15:38:21 2007 : Debug: modsingle[authorize]: calling pap (rlm_pap) for request 5 Fri Sep 21 15:38:21 2007 : Debug: rlm_pap: WARNING! No "known good" password found for the user. Authentication may fail because of this. Fri Sep 21 15:38:21 2007 : Debug: modsingle[authorize]: returned from pap (rlm_pap) for request 5 Fri Sep 21 15:38:21 2007 : Debug: modcall[authorize]: module "pap" returns noop for request 5 Fri Sep 21 15:38:21 2007 : Debug: modcall: leaving group authorize (returns updated) for request 5 Fri Sep 21 15:38:21 2007 : Debug: Found Autz-Type ldap Fri Sep 21 15:38:21 2007 : Debug: Processing the authorize section of radiusd.conf Fri Sep 21 15:38:21 2007 : Debug: modcall: entering group LDAP for request 5 Fri Sep 21 15:38:21 2007 : Debug: modsingle[authorize]: calling ldap (rlm_ldap) for request 5 Fri Sep 21 15:38:21 2007 : Debug: rlm_ldap: - authorize Fri Sep 21 15:38:21 2007 : Debug: rlm_ldap: performing user authorization for dominique.fournier Fri Sep 21 15:38:21 2007 : Debug: radius_xlat: '(|(|(uid=dominique.fournier)(mail=dominique.fournier))(mail=dominique.fournier@grenoble.cnrs.fr))' Fri Sep 21 15:38:21 2007 : Debug: radius_xlat: 'ou=users,dc=grenoble,dc=cnrs,dc=fr' Fri Sep 21 15:38:21 2007 : Debug: rlm_ldap: ldap_get_conn: Checking Id: 0 Fri Sep 21 15:38:21 2007 : Debug: rlm_ldap: ldap_get_conn: Got Id: 0 Fri Sep 21 15:38:21 2007 : Debug: rlm_ldap: performing search in ou=users,dc=grenoble,dc=cnrs,dc=fr, with filter (|(|(uid=dominique.fournier)(mail=dominique.fournier))(mail=dominique.fournier@grenoble.cnrs.fr)) Fri Sep 21 15:38:21 2007 : Debug: rlm_ldap: No default NMAS login sequence Fri Sep 21 15:38:21 2007 : Debug: rlm_ldap: looking for check items in directory... Fri Sep 21 15:38:21 2007 : Debug: rlm_ldap: looking for reply items in directory... Fri Sep 21 15:38:21 2007 : Debug: rlm_ldap: user dominique.fournier authorized to use remote access Fri Sep 21 15:38:21 2007 : Debug: rlm_ldap: ldap_release_conn: Release Id: 0 Fri Sep 21 15:38:21 2007 : Debug: modsingle[authorize]: returned from ldap (rlm_ldap) for request 5 Fri Sep 21 15:38:21 2007 : Debug: modcall[authorize]: module "ldap" returns ok for request 5 Fri Sep 21 15:38:21 2007 : Debug: modcall: leaving group LDAP (returns ok) for request 5 Fri Sep 21 15:38:21 2007 : Debug: rad_check_password: Found Auth-Type EAP Fri Sep 21 15:38:21 2007 : Debug: auth: type "EAP" Fri Sep 21 15:38:21 2007 : Debug: Processing the authenticate section of radiusd.conf Fri Sep 21 15:38:21 2007 : Debug: modcall: entering group authenticate for request 5 Fri Sep 21 15:38:21 2007 : Debug: modsingle[authenticate]: calling eap (rlm_eap) for request 5 Fri Sep 21 15:38:21 2007 : Debug: rlm_eap: Request found, released from the list Fri Sep 21 15:38:21 2007 : Debug: rlm_eap: EAP/ttls Fri Sep 21 15:38:21 2007 : Debug: rlm_eap: processing type ttls Fri Sep 21 15:38:21 2007 : Debug: rlm_eap_ttls: Authenticate Fri Sep 21 15:38:21 2007 : Debug: rlm_eap_tls: processing TLS Fri Sep 21 15:38:21 2007 : Debug: rlm_eap_tls: Length Included Fri Sep 21 15:38:21 2007 : Debug: eaptls_verify returned 11 Fri Sep 21 15:38:21 2007 : Debug: rlm_eap_tls: <<< TLS 1.0 Handshake [length 0086], ClientKeyExchange Fri Sep 21 15:38:21 2007 : Debug: TLS_accept: SSLv3 read client key exchange A Fri Sep 21 15:38:21 2007 : Debug: rlm_eap_tls: <<< TLS 1.0 ChangeCipherSpec [length 0001] Fri Sep 21 15:38:21 2007 : Debug: rlm_eap_tls: <<< TLS 1.0 Handshake [length 0010], Finished Fri Sep 21 15:38:21 2007 : Debug: TLS_accept: SSLv3 read finished A Fri Sep 21 15:38:21 2007 : Debug: rlm_eap_tls: >>> TLS 1.0 ChangeCipherSpec [length 0001] Fri Sep 21 15:38:21 2007 : Debug: TLS_accept: SSLv3 write change cipher spec A Fri Sep 21 15:38:21 2007 : Debug: rlm_eap_tls: >>> TLS 1.0 Handshake [length 0010], Finished Fri Sep 21 15:38:21 2007 : Debug: TLS_accept: SSLv3 write finished A Fri Sep 21 15:38:21 2007 : Debug: TLS_accept: SSLv3 flush data Fri Sep 21 15:38:21 2007 : Debug: (other): SSL negotiation finished successfully Fri Sep 21 15:38:21 2007 : Debug: SSL Connection Established Fri Sep 21 15:38:21 2007 : Debug: eaptls_process returned 13 Fri Sep 21 15:38:21 2007 : Debug: modsingle[authenticate]: returned from eap (rlm_eap) for request 5 Fri Sep 21 15:38:21 2007 : Debug: modcall[authenticate]: module "eap" returns handled for request 5 Fri Sep 21 15:38:21 2007 : Debug: modcall: leaving group authenticate (returns handled) for request 5 Sending Access-Challenge of id 202 to 192.168.240.131 port 1812 Tunnel-Type:0 = VLAN Tunnel-Medium-Type:0 = IEEE-802 Tunnel-Private-Group-Id:0 = "245" EAP-Message = 0x0105003d158000000033140301000101160301002872158cdf35da090c73fba44f82db086bec258674d6405d6b5a16c89c97426112038323d4e81bb180 Message-Authenticator = 0x00000000000000000000000000000000 State = 0xae25902d3c4eea85ab74d4314325c5d5 Fri Sep 21 15:38:21 2007 : Debug: Finished request 5 Fri Sep 21 15:38:21 2007 : Debug: Going to the next request Fri Sep 21 15:38:21 2007 : Debug: --- Walking the entire request list --- Fri Sep 21 15:38:21 2007 : Debug: Waking up in 5 seconds... rad_recv: Access-Request packet from host 192.168.240.131:1812, id=203, length=233 NAS-IP-Address = 192.168.240.131 NAS-Port = 50019 NAS-Port-Type = Ethernet User-Name = "dominique.fournier" Called-Station-Id = "00-08-A3-72-C9-13" Calling-Station-Id = "00-30-13-C5-96-6D" Service-Type = Framed-User Framed-MTU = 1500 State = 0xae25902d3c4eea85ab74d4314325c5d5 EAP-Message = 0x0205005715800000004d170301004800d498bbbc2df0dd02d1cc32b5e88c3e6b6d36c1f31ccbd5381b77e1dfade768e9e62c3b1b03a2ae959ad120701d14c18f8c6f5f2843af549c3a8e82d1fda2a76f0a6dc93c400571 Message-Authenticator = 0x057e1c9985736e417ecca70643d40769 Fri Sep 21 15:38:21 2007 : Debug: Processing the authorize section of radiusd.conf Fri Sep 21 15:38:21 2007 : Debug: modcall: entering group authorize for request 6 Fri Sep 21 15:38:21 2007 : Debug: modsingle[authorize]: calling preprocess (rlm_preprocess) for request 6 Fri Sep 21 15:38:21 2007 : Debug: modsingle[authorize]: returned from preprocess (rlm_preprocess) for request 6 Fri Sep 21 15:38:21 2007 : Debug: modcall[authorize]: module "preprocess" returns ok for request 6 Fri Sep 21 15:38:21 2007 : Debug: modsingle[authorize]: calling suffix (rlm_realm) for request 6 Fri Sep 21 15:38:21 2007 : Debug: rlm_realm: No '@' in User-Name = "dominique.fournier", looking up realm NULL Fri Sep 21 15:38:21 2007 : Debug: rlm_realm: Found realm "NULL" Fri Sep 21 15:38:21 2007 : Debug: rlm_realm: Adding Stripped-User-Name = "dominique.fournier" Fri Sep 21 15:38:21 2007 : Debug: rlm_realm: Proxying request from user dominique.fournier to realm NULL Fri Sep 21 15:38:21 2007 : Debug: rlm_realm: Adding Realm = "NULL" Fri Sep 21 15:38:21 2007 : Debug: rlm_realm: Authentication realm is LOCAL. Fri Sep 21 15:38:21 2007 : Debug: modsingle[authorize]: returned from suffix (rlm_realm) for request 6 Fri Sep 21 15:38:21 2007 : Debug: modcall[authorize]: module "suffix" returns noop for request 6 Fri Sep 21 15:38:21 2007 : Debug: modsingle[authorize]: calling eap (rlm_eap) for request 6 Fri Sep 21 15:38:21 2007 : Debug: rlm_eap: EAP packet type response id 5 length 87 Fri Sep 21 15:38:21 2007 : Debug: rlm_eap: No EAP Start, assuming it's an on-going EAP conversation Fri Sep 21 15:38:21 2007 : Debug: modsingle[authorize]: returned from eap (rlm_eap) for request 6 Fri Sep 21 15:38:21 2007 : Debug: modcall[authorize]: module "eap" returns updated for request 6 Fri Sep 21 15:38:21 2007 : Debug: modsingle[authorize]: calling files (rlm_files) for request 6 Fri Sep 21 15:38:21 2007 : Debug: rlm_ldap: Entering ldap_groupcmp() Fri Sep 21 15:38:21 2007 : Debug: radius_xlat: 'ou=users,dc=grenoble,dc=cnrs,dc=fr' Fri Sep 21 15:38:21 2007 : Debug: radius_xlat: '(|(|(uid=dominique.fournier)(mail=dominique.fournier))(mail=dominique.fournier@grenoble.cnrs.fr))' Fri Sep 21 15:38:21 2007 : Debug: rlm_ldap: ldap_get_conn: Checking Id: 0 Fri Sep 21 15:38:21 2007 : Debug: rlm_ldap: ldap_get_conn: Got Id: 0 Fri Sep 21 15:38:21 2007 : Debug: rlm_ldap: performing search in ou=users,dc=grenoble,dc=cnrs,dc=fr, with filter (|(|(uid=dominique.fournier)(mail=dominique.fournier))(mail=dominique.fournier@grenoble.cnrs.fr)) Fri Sep 21 15:38:21 2007 : Debug: rlm_ldap: ldap_release_conn: Release Id: 0 Fri Sep 21 15:38:21 2007 : Debug: radius_xlat: '(|(|(uid=dominique.fournier)(mail=dominique.fournier))(mail=dominique.fournier@grenoble.cnrs.fr))' Fri Sep 21 15:38:21 2007 : Debug: rlm_ldap: ldap_get_conn: Checking Id: 0 Fri Sep 21 15:38:21 2007 : Debug: rlm_ldap: ldap_get_conn: Got Id: 0 Fri Sep 21 15:38:21 2007 : Debug: rlm_ldap: performing search in ou=users,dc=grenoble,dc=cnrs,dc=fr, with filter (&(radiusGroupName=interneTEST)(|(|(uid=dominique.fournier)(mail=dominique.fournier))(mail=dominique.fournier@grenoble.cnrs.fr))) Fri Sep 21 15:38:21 2007 : Debug: rlm_ldap: object not found or got ambiguous search result Fri Sep 21 15:38:21 2007 : Debug: rlm_ldap: ldap_release_conn: Release Id: 0 Fri Sep 21 15:38:21 2007 : Debug: rlm_ldap: ldap_get_conn: Checking Id: 0 Fri Sep 21 15:38:21 2007 : Debug: rlm_ldap: ldap_get_conn: Got Id: 0 Fri Sep 21 15:38:21 2007 : Debug: rlm_ldap: performing search in uid=dominique.fournier,ou=neel,ou=users,dc=grenoble,dc=cnrs,dc=fr, with filter (objectclass=*) Fri Sep 21 15:38:21 2007 : Debug: rlm_ldap::groupcmp: Group interneTEST not found ????or user not a member Fri Sep 21 15:38:21 2007 : Debug: rlm_ldap: ldap_release_conn: Release Id: 0 Fri Sep 21 15:38:21 2007 : Debug: rlm_ldap: Entering ldap_groupcmp() Fri Sep 21 15:38:21 2007 : Debug: radius_xlat: 'ou=users,dc=grenoble,dc=cnrs,dc=fr' Fri Sep 21 15:38:21 2007 : Debug: radius_xlat: '(|(|(uid=dominique.fournier)(mail=dominique.fournier))(mail=dominique.fournier@grenoble.cnrs.fr))' Fri Sep 21 15:38:21 2007 : Debug: rlm_ldap: ldap_get_conn: Checking Id: 0 Fri Sep 21 15:38:21 2007 : Debug: rlm_ldap: ldap_get_conn: Got Id: 0 Fri Sep 21 15:38:21 2007 : Debug: rlm_ldap: performing search in ou=users,dc=grenoble,dc=cnrs,dc=fr, with filter (&(radiusGroupName=inviteTEST)(|(|(uid=dominique.fournier)(mail=dominique.fournier))(mail=dominique.fournier@grenoble.cnrs.fr))) Fri Sep 21 15:38:21 2007 : Debug: rlm_ldap: object not found or got ambiguous search result Fri Sep 21 15:38:21 2007 : Debug: rlm_ldap: ldap_release_conn: Release Id: 0 Fri Sep 21 15:38:21 2007 : Debug: rlm_ldap: ldap_get_conn: Checking Id: 0 Fri Sep 21 15:38:21 2007 : Debug: rlm_ldap: ldap_get_conn: Got Id: 0 Fri Sep 21 15:38:21 2007 : Debug: rlm_ldap: performing search in uid=dominique.fournier,ou=neel,ou=users,dc=grenoble,dc=cnrs,dc=fr, with filter (objectclass=*) Fri Sep 21 15:38:21 2007 : Debug: rlm_ldap::groupcmp: Group inviteTEST not found ????or user not a member Fri Sep 21 15:38:21 2007 : Debug: rlm_ldap: ldap_release_conn: Release Id: 0 Fri Sep 21 15:38:21 2007 : Debug: rlm_ldap: Entering ldap_groupcmp() Fri Sep 21 15:38:21 2007 : Debug: radius_xlat: 'ou=users,dc=grenoble,dc=cnrs,dc=fr' Fri Sep 21 15:38:21 2007 : Debug: radius_xlat: '(|(|(uid=dominique.fournier)(mail=dominique.fournier))(mail=dominique.fournier@grenoble.cnrs.fr))' Fri Sep 21 15:38:21 2007 : Debug: rlm_ldap: ldap_get_conn: Checking Id: 0 Fri Sep 21 15:38:21 2007 : Debug: rlm_ldap: ldap_get_conn: Got Id: 0 Fri Sep 21 15:38:21 2007 : Debug: rlm_ldap: performing search in ou=users,dc=grenoble,dc=cnrs,dc=fr, with filter (&(radiusGroupName=interne*)(|(|(uid=dominique.fournier)(mail=dominique.fournier))(mail=dominique.fournier@grenoble.cnrs.fr))) Fri Sep 21 15:38:21 2007 : Debug: rlm_ldap::ldap_groupcmp: User found in group interne* Fri Sep 21 15:38:21 2007 : Debug: rlm_ldap: ldap_release_conn: Release Id: 0 Fri Sep 21 15:38:21 2007 : Debug: users: Matched entry DEFAULT at line 335 Fri Sep 21 15:38:21 2007 : Debug: modsingle[authorize]: returned from files (rlm_files) for request 6 Fri Sep 21 15:38:21 2007 : Debug: modcall[authorize]: module "files" returns ok for request 6 Fri Sep 21 15:38:21 2007 : Debug: modsingle[authorize]: calling pap (rlm_pap) for request 6 Fri Sep 21 15:38:21 2007 : Debug: rlm_pap: WARNING! No "known good" password found for the user. Authentication may fail because of this. Fri Sep 21 15:38:21 2007 : Debug: modsingle[authorize]: returned from pap (rlm_pap) for request 6 Fri Sep 21 15:38:21 2007 : Debug: modcall[authorize]: module "pap" returns noop for request 6 Fri Sep 21 15:38:21 2007 : Debug: modcall: leaving group authorize (returns updated) for request 6 Fri Sep 21 15:38:21 2007 : Debug: Found Autz-Type ldap Fri Sep 21 15:38:21 2007 : Debug: Processing the authorize section of radiusd.conf Fri Sep 21 15:38:21 2007 : Debug: modcall: entering group LDAP for request 6 Fri Sep 21 15:38:21 2007 : Debug: modsingle[authorize]: calling ldap (rlm_ldap) for request 6 Fri Sep 21 15:38:21 2007 : Debug: rlm_ldap: - authorize Fri Sep 21 15:38:21 2007 : Debug: rlm_ldap: performing user authorization for dominique.fournier Fri Sep 21 15:38:21 2007 : Debug: radius_xlat: '(|(|(uid=dominique.fournier)(mail=dominique.fournier))(mail=dominique.fournier@grenoble.cnrs.fr))' Fri Sep 21 15:38:21 2007 : Debug: radius_xlat: 'ou=users,dc=grenoble,dc=cnrs,dc=fr' Fri Sep 21 15:38:21 2007 : Debug: rlm_ldap: ldap_get_conn: Checking Id: 0 Fri Sep 21 15:38:21 2007 : Debug: rlm_ldap: ldap_get_conn: Got Id: 0 Fri Sep 21 15:38:21 2007 : Debug: rlm_ldap: performing search in ou=users,dc=grenoble,dc=cnrs,dc=fr, with filter (|(|(uid=dominique.fournier)(mail=dominique.fournier))(mail=dominique.fournier@grenoble.cnrs.fr)) Fri Sep 21 15:38:21 2007 : Debug: rlm_ldap: No default NMAS login sequence Fri Sep 21 15:38:21 2007 : Debug: rlm_ldap: looking for check items in directory... Fri Sep 21 15:38:21 2007 : Debug: rlm_ldap: looking for reply items in directory... Fri Sep 21 15:38:21 2007 : Debug: rlm_ldap: user dominique.fournier authorized to use remote access Fri Sep 21 15:38:21 2007 : Debug: rlm_ldap: ldap_release_conn: Release Id: 0 Fri Sep 21 15:38:21 2007 : Debug: modsingle[authorize]: returned from ldap (rlm_ldap) for request 6 Fri Sep 21 15:38:21 2007 : Debug: modcall[authorize]: module "ldap" returns ok for request 6 Fri Sep 21 15:38:21 2007 : Debug: modcall: leaving group LDAP (returns ok) for request 6 Fri Sep 21 15:38:21 2007 : Debug: rad_check_password: Found Auth-Type EAP Fri Sep 21 15:38:21 2007 : Debug: auth: type "EAP" Fri Sep 21 15:38:21 2007 : Debug: Processing the authenticate section of radiusd.conf Fri Sep 21 15:38:21 2007 : Debug: modcall: entering group authenticate for request 6 Fri Sep 21 15:38:21 2007 : Debug: modsingle[authenticate]: calling eap (rlm_eap) for request 6 Fri Sep 21 15:38:21 2007 : Debug: rlm_eap: Request found, released from the list Fri Sep 21 15:38:21 2007 : Debug: rlm_eap: EAP/ttls Fri Sep 21 15:38:21 2007 : Debug: rlm_eap: processing type ttls Fri Sep 21 15:38:21 2007 : Debug: rlm_eap_ttls: Authenticate Fri Sep 21 15:38:21 2007 : Debug: rlm_eap_tls: processing TLS Fri Sep 21 15:38:21 2007 : Debug: rlm_eap_tls: Length Included Fri Sep 21 15:38:21 2007 : Debug: eaptls_verify returned 11 Fri Sep 21 15:38:21 2007 : Debug: eaptls_process returned 7 Fri Sep 21 15:38:21 2007 : Debug: rlm_eap_ttls: Session established. Proceeding to decode tunneled attributes. TTLS tunnel data in 0000: 00 00 00 01 40 00 00 1a 64 6f 6d 69 6e 69 71 75 TTLS tunnel data in 0010: 65 2e 66 6f 75 72 6e 69 65 72 00 00 00 00 00 02 TTLS tunnel data in 0020: 40 00 00 10 37 36 66 6f 75 72 6e 69 TTLS: Got tunneled request User-Name = "dominique.fournier" User-Password = "76fourni" FreeRADIUS-Proxied-To = 127.0.0.1 TTLS: Sending tunneled request User-Name = "dominique.fournier" User-Password = "76fourni" FreeRADIUS-Proxied-To = 127.0.0.1 NAS-IP-Address = 192.168.240.131 NAS-Port = 50019 NAS-Port-Type = Ethernet Called-Station-Id = "00-08-A3-72-C9-13" Calling-Station-Id = "00-30-13-C5-96-6D" Service-Type = Framed-User Framed-MTU = 1500 Fri Sep 21 15:38:21 2007 : Debug: Processing the authorize section of radiusd.conf Fri Sep 21 15:38:21 2007 : Debug: modcall: entering group authorize for request 6 Fri Sep 21 15:38:21 2007 : Debug: modsingle[authorize]: calling preprocess (rlm_preprocess) for request 6 Fri Sep 21 15:38:21 2007 : Debug: modsingle[authorize]: returned from preprocess (rlm_preprocess) for request 6 Fri Sep 21 15:38:21 2007 : Debug: modcall[authorize]: module "preprocess" returns ok for request 6 Fri Sep 21 15:38:21 2007 : Debug: modsingle[authorize]: calling suffix (rlm_realm) for request 6 Fri Sep 21 15:38:21 2007 : Debug: rlm_realm: No '@' in User-Name = "dominique.fournier", looking up realm NULL Fri Sep 21 15:38:21 2007 : Debug: rlm_realm: Found realm "NULL" Fri Sep 21 15:38:21 2007 : Debug: rlm_realm: Adding Stripped-User-Name = "dominique.fournier" Fri Sep 21 15:38:21 2007 : Debug: rlm_realm: Proxying request from user dominique.fournier to realm NULL Fri Sep 21 15:38:21 2007 : Debug: rlm_realm: Adding Realm = "NULL" Fri Sep 21 15:38:21 2007 : Debug: rlm_realm: Authentication realm is LOCAL. Fri Sep 21 15:38:21 2007 : Debug: modsingle[authorize]: returned from suffix (rlm_realm) for request 6 Fri Sep 21 15:38:21 2007 : Debug: modcall[authorize]: module "suffix" returns noop for request 6 Fri Sep 21 15:38:21 2007 : Debug: modsingle[authorize]: calling eap (rlm_eap) for request 6 Fri Sep 21 15:38:21 2007 : Debug: rlm_eap: No EAP-Message, not doing EAP Fri Sep 21 15:38:21 2007 : Debug: modsingle[authorize]: returned from eap (rlm_eap) for request 6 Fri Sep 21 15:38:21 2007 : Debug: modcall[authorize]: module "eap" returns noop for request 6 Fri Sep 21 15:38:21 2007 : Debug: modsingle[authorize]: calling files (rlm_files) for request 6 Fri Sep 21 15:38:21 2007 : Debug: rlm_ldap: Entering ldap_groupcmp() Fri Sep 21 15:38:21 2007 : Debug: radius_xlat: 'ou=users,dc=grenoble,dc=cnrs,dc=fr' Fri Sep 21 15:38:21 2007 : Debug: radius_xlat: '(|(|(uid=dominique.fournier)(mail=dominique.fournier))(mail=dominique.fournier@grenoble.cnrs.fr))' Fri Sep 21 15:38:21 2007 : Debug: rlm_ldap: ldap_get_conn: Checking Id: 0 Fri Sep 21 15:38:21 2007 : Debug: rlm_ldap: ldap_get_conn: Got Id: 0 Fri Sep 21 15:38:21 2007 : Debug: rlm_ldap: performing search in ou=users,dc=grenoble,dc=cnrs,dc=fr, with filter (|(|(uid=dominique.fournier)(mail=dominique.fournier))(mail=dominique.fournier@grenoble.cnrs.fr)) Fri Sep 21 15:38:21 2007 : Debug: rlm_ldap: ldap_release_conn: Release Id: 0 Fri Sep 21 15:38:21 2007 : Debug: radius_xlat: '(|(|(uid=dominique.fournier)(mail=dominique.fournier))(mail=dominique.fournier@grenoble.cnrs.fr))' Fri Sep 21 15:38:21 2007 : Debug: rlm_ldap: ldap_get_conn: Checking Id: 0 Fri Sep 21 15:38:21 2007 : Debug: rlm_ldap: ldap_get_conn: Got Id: 0 Fri Sep 21 15:38:21 2007 : Debug: rlm_ldap: performing search in ou=users,dc=grenoble,dc=cnrs,dc=fr, with filter (&(radiusGroupName=interneTEST)(|(|(uid=dominique.fournier)(mail=dominique.fournier))(mail=dominique.fournier@grenoble.cnrs.fr))) Fri Sep 21 15:38:21 2007 : Debug: rlm_ldap: object not found or got ambiguous search result Fri Sep 21 15:38:21 2007 : Debug: rlm_ldap: ldap_release_conn: Release Id: 0 Fri Sep 21 15:38:21 2007 : Debug: rlm_ldap: ldap_get_conn: Checking Id: 0 Fri Sep 21 15:38:21 2007 : Debug: rlm_ldap: ldap_get_conn: Got Id: 0 Fri Sep 21 15:38:21 2007 : Debug: rlm_ldap: performing search in uid=dominique.fournier,ou=neel,ou=users,dc=grenoble,dc=cnrs,dc=fr, with filter (objectclass=*) Fri Sep 21 15:38:21 2007 : Debug: rlm_ldap::groupcmp: Group interneTEST not found ????or user not a member Fri Sep 21 15:38:21 2007 : Debug: rlm_ldap: ldap_release_conn: Release Id: 0 Fri Sep 21 15:38:21 2007 : Debug: rlm_ldap: Entering ldap_groupcmp() Fri Sep 21 15:38:21 2007 : Debug: radius_xlat: 'ou=users,dc=grenoble,dc=cnrs,dc=fr' Fri Sep 21 15:38:21 2007 : Debug: radius_xlat: '(|(|(uid=dominique.fournier)(mail=dominique.fournier))(mail=dominique.fournier@grenoble.cnrs.fr))' Fri Sep 21 15:38:21 2007 : Debug: rlm_ldap: ldap_get_conn: Checking Id: 0 Fri Sep 21 15:38:21 2007 : Debug: rlm_ldap: ldap_get_conn: Got Id: 0 Fri Sep 21 15:38:21 2007 : Debug: rlm_ldap: performing search in ou=users,dc=grenoble,dc=cnrs,dc=fr, with filter (&(radiusGroupName=inviteTEST)(|(|(uid=dominique.fournier)(mail=dominique.fournier))(mail=dominique.fournier@grenoble.cnrs.fr))) Fri Sep 21 15:38:21 2007 : Debug: rlm_ldap: object not found or got ambiguous search result Fri Sep 21 15:38:21 2007 : Debug: rlm_ldap: ldap_release_conn: Release Id: 0 Fri Sep 21 15:38:21 2007 : Debug: rlm_ldap: ldap_get_conn: Checking Id: 0 Fri Sep 21 15:38:21 2007 : Debug: rlm_ldap: ldap_get_conn: Got Id: 0 Fri Sep 21 15:38:21 2007 : Debug: rlm_ldap: performing search in uid=dominique.fournier,ou=neel,ou=users,dc=grenoble,dc=cnrs,dc=fr, with filter (objectclass=*) Fri Sep 21 15:38:21 2007 : Debug: rlm_ldap::groupcmp: Group inviteTEST not found ????or user not a member Fri Sep 21 15:38:21 2007 : Debug: rlm_ldap: ldap_release_conn: Release Id: 0 Fri Sep 21 15:38:21 2007 : Debug: rlm_ldap: Entering ldap_groupcmp() Fri Sep 21 15:38:21 2007 : Debug: radius_xlat: 'ou=users,dc=grenoble,dc=cnrs,dc=fr' Fri Sep 21 15:38:21 2007 : Debug: radius_xlat: '(|(|(uid=dominique.fournier)(mail=dominique.fournier))(mail=dominique.fournier@grenoble.cnrs.fr))' Fri Sep 21 15:38:21 2007 : Debug: rlm_ldap: ldap_get_conn: Checking Id: 0 Fri Sep 21 15:38:21 2007 : Debug: rlm_ldap: ldap_get_conn: Got Id: 0 Fri Sep 21 15:38:21 2007 : Debug: rlm_ldap: performing search in ou=users,dc=grenoble,dc=cnrs,dc=fr, with filter (&(radiusGroupName=interne*)(|(|(uid=dominique.fournier)(mail=dominique.fournier))(mail=dominique.fournier@grenoble.cnrs.fr))) Fri Sep 21 15:38:21 2007 : Debug: rlm_ldap::ldap_groupcmp: User found in group interne* Fri Sep 21 15:38:21 2007 : Debug: rlm_ldap: ldap_release_conn: Release Id: 0 Fri Sep 21 15:38:21 2007 : Debug: users: Matched entry DEFAULT at line 335 Fri Sep 21 15:38:21 2007 : Debug: modsingle[authorize]: returned from files (rlm_files) for request 6 Fri Sep 21 15:38:21 2007 : Debug: modcall[authorize]: module "files" returns ok for request 6 Fri Sep 21 15:38:21 2007 : Debug: modsingle[authorize]: calling pap (rlm_pap) for request 6 Fri Sep 21 15:38:21 2007 : Debug: rlm_pap: WARNING! No "known good" password found for the user. Authentication may fail because of this. Fri Sep 21 15:38:21 2007 : Debug: modsingle[authorize]: returned from pap (rlm_pap) for request 6 Fri Sep 21 15:38:21 2007 : Debug: modcall[authorize]: module "pap" returns noop for request 6 Fri Sep 21 15:38:21 2007 : Debug: modcall: leaving group authorize (returns ok) for request 6 Fri Sep 21 15:38:21 2007 : Debug: Found Autz-Type ldap Fri Sep 21 15:38:21 2007 : Debug: Processing the authorize section of radiusd.conf Fri Sep 21 15:38:21 2007 : Debug: modcall: entering group LDAP for request 6 Fri Sep 21 15:38:21 2007 : Debug: modsingle[authorize]: calling ldap (rlm_ldap) for request 6 Fri Sep 21 15:38:21 2007 : Debug: rlm_ldap: - authorize Fri Sep 21 15:38:21 2007 : Debug: rlm_ldap: performing user authorization for dominique.fournier Fri Sep 21 15:38:21 2007 : Debug: radius_xlat: '(|(|(uid=dominique.fournier)(mail=dominique.fournier))(mail=dominique.fournier@grenoble.cnrs.fr))' Fri Sep 21 15:38:21 2007 : Debug: radius_xlat: 'ou=users,dc=grenoble,dc=cnrs,dc=fr' Fri Sep 21 15:38:21 2007 : Debug: rlm_ldap: ldap_get_conn: Checking Id: 0 Fri Sep 21 15:38:21 2007 : Debug: rlm_ldap: ldap_get_conn: Got Id: 0 Fri Sep 21 15:38:21 2007 : Debug: rlm_ldap: performing search in ou=users,dc=grenoble,dc=cnrs,dc=fr, with filter (|(|(uid=dominique.fournier)(mail=dominique.fournier))(mail=dominique.fournier@grenoble.cnrs.fr)) Fri Sep 21 15:38:21 2007 : Debug: rlm_ldap: No default NMAS login sequence Fri Sep 21 15:38:21 2007 : Debug: rlm_ldap: looking for check items in directory... Fri Sep 21 15:38:21 2007 : Debug: rlm_ldap: looking for reply items in directory... Fri Sep 21 15:38:21 2007 : Debug: rlm_ldap: Setting Auth-Type = ldap Fri Sep 21 15:38:21 2007 : Debug: rlm_ldap: user dominique.fournier authorized to use remote access Fri Sep 21 15:38:21 2007 : Debug: rlm_ldap: ldap_release_conn: Release Id: 0 Fri Sep 21 15:38:21 2007 : Debug: modsingle[authorize]: returned from ldap (rlm_ldap) for request 6 Fri Sep 21 15:38:21 2007 : Debug: modcall[authorize]: module "ldap" returns ok for request 6 Fri Sep 21 15:38:21 2007 : Debug: modcall: leaving group LDAP (returns ok) for request 6 Fri Sep 21 15:38:21 2007 : Debug: rad_check_password: Found Auth-Type ldap Fri Sep 21 15:38:21 2007 : Debug: auth: type "LDAP" Fri Sep 21 15:38:21 2007 : Debug: Processing the authenticate section of radiusd.conf Fri Sep 21 15:38:21 2007 : Debug: modcall: entering group LDAP for request 6 Fri Sep 21 15:38:21 2007 : Debug: modsingle[authenticate]: calling ldap (rlm_ldap) for request 6 Fri Sep 21 15:38:21 2007 : Debug: rlm_ldap: - authenticate Fri Sep 21 15:38:21 2007 : Debug: rlm_ldap: login attempt by "dominique.fournier" with password "76fourni" Fri Sep 21 15:38:21 2007 : Debug: rlm_ldap: user DN: uid=dominique.fournier,ou=neel,ou=users,dc=grenoble,dc=cnrs,dc=fr Fri Sep 21 15:38:21 2007 : Debug: rlm_ldap: (re)connect to ldaps://ldap.grenoble.cnrs.fr, authentication 1 Fri Sep 21 15:38:21 2007 : Debug: rlm_ldap: bind as uid=dominique.fournier,ou=neel,ou=users,dc=grenoble,dc=cnrs,dc=fr/76fourni to ldaps://ldap.grenoble.cnrs.fr Fri Sep 21 15:38:21 2007 : Debug: rlm_ldap: waiting for bind result ... Fri Sep 21 15:38:21 2007 : Debug: rlm_ldap: Bind was successful Fri Sep 21 15:38:21 2007 : Debug: rlm_ldap: user dominique.fournier authenticated succesfully Fri Sep 21 15:38:21 2007 : Debug: modsingle[authenticate]: returned from ldap (rlm_ldap) for request 6 Fri Sep 21 15:38:21 2007 : Debug: modcall[authenticate]: module "ldap" returns ok for request 6 Fri Sep 21 15:38:21 2007 : Debug: modcall: leaving group LDAP (returns ok) for request 6 Fri Sep 21 15:38:21 2007 : Auth: Login OK: [dominique.fournier] (from client localhost port 50019 cli 00-30-13-C5-96-6D) TTLS: Got tunneled reply RADIUS code 2 Tunnel-Type:0 = VLAN Tunnel-Medium-Type:0 = IEEE-802 Tunnel-Private-Group-Id:0 = "245" Fri Sep 21 15:38:21 2007 : Debug: TTLS: Got tunneled Access-Accept Fri Sep 21 15:38:21 2007 : Debug: rlm_eap: Freeing handler Fri Sep 21 15:38:21 2007 : Debug: modsingle[authenticate]: returned from eap (rlm_eap) for request 6 Fri Sep 21 15:38:21 2007 : Debug: modcall[authenticate]: module "eap" returns ok for request 6 Fri Sep 21 15:38:21 2007 : Debug: modcall: leaving group authenticate (returns ok) for request 6 Fri Sep 21 15:38:21 2007 : Auth: Login OK: [dominique.fournier] (from client switch port 50019 cli 00-30-13-C5-96-6D) Sending Access-Accept of id 203 to 192.168.240.131 port 1812 Tunnel-Type:0 = VLAN Tunnel-Medium-Type:0 = IEEE-802 Tunnel-Private-Group-Id:0 = "245" Tunnel-Type:0 = VLAN Tunnel-Medium-Type:0 = IEEE-802 Tunnel-Private-Group-Id:0 = "245" MS-MPPE-Recv-Key = 0x769f8be09ccdabb80e07d0b12c3db65619de49170ce338c96526e298099173a4 MS-MPPE-Send-Key = 0x4405f8e2de54b8828b66343ecce89d5c69dc2ed58058effd576382ddae518259 EAP-Message = 0x03050004 Message-Authenticator = 0x00000000000000000000000000000000 User-Name = "dominique.fournier" Fri Sep 21 15:38:21 2007 : Debug: Finished request 6 Fri Sep 21 15:38:21 2007 : Debug: Going to the next request Fri Sep 21 15:38:21 2007 : Debug: Waking up in 5 seconds... rad_recv: Accounting-Request packet from host 192.168.240.131:1813, id=203, length=177 NAS-IP-Address = 192.168.240.131 NAS-Port = 50019 NAS-Port-Type = Ethernet User-Name = "dominique.fournier" Called-Station-Id = "00-08-A3-72-C9-13" Calling-Station-Id = "00-30-13-C5-96-6D" Acct-Status-Type = Start Acct-Authentic = RADIUS Acct-Session-Id = "192.168.240.131 dominique.fournier 09/21/07 13:38:21 00000034" Acct-Delay-Time = 0 Fri Sep 21 15:38:21 2007 : Debug: Processing the preacct section of radiusd.conf Fri Sep 21 15:38:21 2007 : Debug: modcall: entering group preacct for request 7 Fri Sep 21 15:38:21 2007 : Debug: modsingle[preacct]: calling preprocess (rlm_preprocess) for request 7 Fri Sep 21 15:38:21 2007 : Debug: modsingle[preacct]: returned from preprocess (rlm_preprocess) for request 7 Fri Sep 21 15:38:21 2007 : Debug: modcall[preacct]: module "preprocess" returns noop for request 7 Fri Sep 21 15:38:21 2007 : Debug: modsingle[preacct]: calling acct_unique (rlm_acct_unique) for request 7 Fri Sep 21 15:38:21 2007 : Debug: rlm_acct_unique: Hashing 'NAS-Port = 50019,Client-IP-Address = 192.168.240.131,NAS-IP-Address = 192.168.240.131,Acct-Session-Id = "192.168.240.131 dominique.fournier 09/21/07 13:38:21 00000034",User-Name = "dominique.fournier"' Fri Sep 21 15:38:21 2007 : Debug: rlm_acct_unique: Acct-Unique-Session-ID = "60cb91e0bc137347". Fri Sep 21 15:38:21 2007 : Debug: modsingle[preacct]: returned from acct_unique (rlm_acct_unique) for request 7 Fri Sep 21 15:38:21 2007 : Debug: modcall[preacct]: module "acct_unique" returns ok for request 7 Fri Sep 21 15:38:21 2007 : Debug: modsingle[preacct]: calling suffix (rlm_realm) for request 7 Fri Sep 21 15:38:21 2007 : Debug: rlm_realm: No '@' in User-Name = "dominique.fournier", looking up realm NULL Fri Sep 21 15:38:21 2007 : Debug: rlm_realm: Found realm "NULL" Fri Sep 21 15:38:21 2007 : Debug: rlm_realm: Adding Stripped-User-Name = "dominique.fournier" Fri Sep 21 15:38:21 2007 : Debug: rlm_realm: Proxying request from user dominique.fournier to realm NULL Fri Sep 21 15:38:21 2007 : Debug: rlm_realm: Adding Realm = "NULL" Fri Sep 21 15:38:21 2007 : Debug: rlm_realm: Accounting realm is LOCAL. Fri Sep 21 15:38:21 2007 : Debug: modsingle[preacct]: returned from suffix (rlm_realm) for request 7 Fri Sep 21 15:38:21 2007 : Debug: modcall[preacct]: module "suffix" returns noop for request 7 Fri Sep 21 15:38:21 2007 : Debug: modsingle[preacct]: calling files (rlm_files) for request 7 Fri Sep 21 15:38:21 2007 : Debug: modsingle[preacct]: returned from files (rlm_files) for request 7 Fri Sep 21 15:38:21 2007 : Debug: modcall[preacct]: module "files" returns noop for request 7 Fri Sep 21 15:38:21 2007 : Debug: modcall: leaving group preacct (returns ok) for request 7 Fri Sep 21 15:38:21 2007 : Debug: Processing the accounting section of radiusd.conf Fri Sep 21 15:38:21 2007 : Debug: modcall: entering group accounting for request 7 Fri Sep 21 15:38:21 2007 : Debug: modsingle[accounting]: calling detail (rlm_detail) for request 7 Fri Sep 21 15:38:21 2007 : Debug: radius_xlat: '/var/log/freeradius/radacct/192.168.240.131/detail-20070921' Fri Sep 21 15:38:21 2007 : Debug: rlm_detail: /var/log/freeradius/radacct/%{Client-IP-Address}/detail-%Y%m%d expands to /var/log/freeradius/radacct/192.168.240.131/detail-20070921 Fri Sep 21 15:38:21 2007 : Debug: modsingle[accounting]: returned from detail (rlm_detail) for request 7 Fri Sep 21 15:38:21 2007 : Debug: modcall[accounting]: module "detail" returns ok for request 7 Fri Sep 21 15:38:21 2007 : Debug: modsingle[accounting]: calling unix (rlm_unix) for request 7 Fri Sep 21 15:38:21 2007 : Debug: modsingle[accounting]: returned from unix (rlm_unix) for request 7 Fri Sep 21 15:38:21 2007 : Debug: modcall[accounting]: module "unix" returns ok for request 7 Fri Sep 21 15:38:21 2007 : Debug: modsingle[accounting]: calling radutmp (rlm_radutmp) for request 7 Fri Sep 21 15:38:21 2007 : Debug: radius_xlat: '/var/log/freeradius/radutmp' Fri Sep 21 15:38:21 2007 : Debug: radius_xlat: 'dominique.fournier' Fri Sep 21 15:38:21 2007 : Debug: modsingle[accounting]: returned from radutmp (rlm_radutmp) for request 7 Fri Sep 21 15:38:21 2007 : Debug: modcall[accounting]: module "radutmp" returns ok for request 7 Fri Sep 21 15:38:21 2007 : Debug: modsingle[accounting]: calling sql (rlm_sql) for request 7 Fri Sep 21 15:38:21 2007 : Debug: radius_xlat: 'dominique.fournier' Fri Sep 21 15:38:21 2007 : Debug: rlm_sql (sql): sql_set_user escaped user --> 'dominique.fournier' Fri Sep 21 15:38:21 2007 : Debug: radius_xlat: 'INSERT into radacct (AcctSessionId, AcctUniqueId, UserName, Realm, NASIPAddress, NASPortId, NASPortType, AcctStartTime, AcctStopTime, AcctSessionTime, AcctAuthentic, ConnectInfo_start, ConnectInfo_stop, AcctInputOctets, AcctOutputOctets, CalledStationId, CallingStationId, AcctTerminateCause, ServiceType, FramedProtocol, FramedIPAddress, AcctStartDelay, AcctStopDelay) values('192.168.240.131 dominique.fournier 09/21/07 13:38:21 00000034', '60cb91e0bc137347', 'dominique.fournier', 'NULL', '192.168.240.131', '50019', 'Ethernet', '2007-09-21 15:38:21', '0', '0', 'RADIUS', '', '', '0', '0', '00-08-A3-72-C9-13', '00-30-13-C5-96-6D', '', '', '', '', '0', '0')' Fri Sep 21 15:38:21 2007 : Debug: radius_xlat: '/var/log/freeradius/sqltrace.sql' Fri Sep 21 15:38:21 2007 : Debug: rlm_sql (sql): Reserving sql socket id: 3 Fri Sep 21 15:38:21 2007 : Debug: rlm_sql_mysql: query: INSERT into radacct (AcctSessionId, AcctUniqueId, UserName, Realm, NASIPAddress, NASPortId, NASPortType, AcctStartTime, AcctStopTime, AcctSessionTime, AcctAuthentic, ConnectInfo_start, ConnectInfo_stop, AcctInputOctets, AcctOutputOctets, CalledStationId, CallingStationId, AcctTerminateCause, ServiceType, FramedProtocol, FramedIPAddress, AcctStartDelay, AcctStopDelay) values('192.168.240.131 dominique.fournier 09/21/07 13:38:21 00000034', '60cb91e0bc137347', 'dominique.fournier', 'NULL', '192.168.240.131', '50019', 'Ethernet', '2007-09-21 15:38:21', '0', '0', 'RADIUS', '', '', '0', '0', '00-08-A3-72-C9-13', '00-30-13-C5-96-6D', '', '', '', '', '0', '0') Fri Sep 21 15:38:21 2007 : Debug: rlm_sql (sql): Released sql socket id: 3 Fri Sep 21 15:38:21 2007 : Debug: modsingle[accounting]: returned from sql (rlm_sql) for request 7 Fri Sep 21 15:38:21 2007 : Debug: modcall[accounting]: module "sql" returns ok for request 7 Fri Sep 21 15:38:21 2007 : Debug: modsingle[accounting]: calling attr_filter.accounting_response (rlm_attr_filter) for request 7 Fri Sep 21 15:38:21 2007 : Debug: attr_filter: Matched entry DEFAULT at line 12 Fri Sep 21 15:38:21 2007 : Debug: modsingle[accounting]: returned from attr_filter.accounting_response (rlm_attr_filter) for request 7 Fri Sep 21 15:38:21 2007 : Debug: modcall[accounting]: module "attr_filter.accounting_response" returns updated for request 7 Fri Sep 21 15:38:21 2007 : Debug: modcall: leaving group accounting (returns updated) for request 7 Sending Accounting-Response of id 203 to 192.168.240.131 port 1813 Fri Sep 21 15:38:21 2007 : Debug: Finished request 7 Fri Sep 21 15:38:21 2007 : Debug: Going to the next request Fri Sep 21 15:38:21 2007 : Debug: Waking up in 5 seconds... Fri Sep 21 15:38:26 2007 : Debug: --- Walking the entire request list --- Fri Sep 21 15:38:26 2007 : Debug: Cleaning up request 1 ID 198 with timestamp 46f3c94c Fri Sep 21 15:38:26 2007 : Debug: Cleaning up request 2 ID 199 with timestamp 46f3c94c Fri Sep 21 15:38:26 2007 : Debug: Cleaning up request 3 ID 200 with timestamp 46f3c94c Fri Sep 21 15:38:26 2007 : Debug: Cleaning up request 4 ID 201 with timestamp 46f3c94c Fri Sep 21 15:38:26 2007 : Debug: Waking up in 1 seconds... Fri Sep 21 15:38:27 2007 : Debug: --- Walking the entire request list --- Fri Sep 21 15:38:27 2007 : Debug: Cleaning up request 5 ID 202 with timestamp 46f3c94d Fri Sep 21 15:38:27 2007 : Debug: Cleaning up request 6 ID 203 with timestamp 46f3c94d Fri Sep 21 15:38:27 2007 : Debug: Cleaning up request 7 ID 203 with timestamp 46f3c94d Fri Sep 21 15:38:27 2007 : Debug: Nothing to do. Sleeping until we see a request.
Fri Sep 21 15:28:28 2007 : Info: Starting - reading configuration files ... Fri Sep 21 15:28:28 2007 : Debug: reread_config: reading radiusd.conf Fri Sep 21 15:28:28 2007 : Debug: Config: including file: /etc/freeradius/proxy.conf Fri Sep 21 15:28:28 2007 : Debug: Config: including file: /etc/freeradius/clients.conf Fri Sep 21 15:28:28 2007 : Debug: Config: including file: /etc/freeradius/snmp.conf Fri Sep 21 15:28:28 2007 : Debug: Config: including file: /etc/freeradius/eap.conf Fri Sep 21 15:28:28 2007 : Debug: Config: including file: /etc/freeradius/sql.conf Fri Sep 21 15:28:28 2007 : Debug: main: prefix = "/usr" Fri Sep 21 15:28:28 2007 : Debug: main: localstatedir = "/var" Fri Sep 21 15:28:28 2007 : Debug: main: logdir = "/var/log/freeradius" Fri Sep 21 15:28:28 2007 : Debug: main: libdir = "/usr/lib/freeradius" Fri Sep 21 15:28:28 2007 : Debug: main: radacctdir = "/var/log/freeradius/radacct" Fri Sep 21 15:28:28 2007 : Debug: main: hostname_lookups = no Fri Sep 21 15:28:28 2007 : Debug: main: snmp = no Fri Sep 21 15:28:28 2007 : Debug: main: max_request_time = 30 Fri Sep 21 15:28:28 2007 : Debug: main: cleanup_delay = 5 Fri Sep 21 15:28:28 2007 : Debug: main: max_requests = 1024 Fri Sep 21 15:28:28 2007 : Debug: main: delete_blocked_requests = 0 Fri Sep 21 15:28:28 2007 : Debug: main: port = 1812 Fri Sep 21 15:28:28 2007 : Debug: main: allow_core_dumps = no Fri Sep 21 15:28:28 2007 : Debug: main: log_stripped_names = no Fri Sep 21 15:28:28 2007 : Debug: main: log_file = "/var/log/freeradius/radius.log" Fri Sep 21 15:28:28 2007 : Debug: main: log_auth = yes Fri Sep 21 15:28:28 2007 : Debug: main: log_auth_badpass = no Fri Sep 21 15:28:28 2007 : Debug: main: log_auth_goodpass = no Fri Sep 21 15:28:28 2007 : Debug: main: pidfile = "/var/run/freeradius/freeradius.pid" Fri Sep 21 15:28:28 2007 : Debug: main: user = "freerad" Fri Sep 21 15:28:28 2007 : Debug: main: group = "freerad" Fri Sep 21 15:28:28 2007 : Debug: main: usercollide = no Fri Sep 21 15:28:28 2007 : Debug: main: lower_user = "no" Fri Sep 21 15:28:28 2007 : Debug: main: lower_pass = "no" Fri Sep 21 15:28:28 2007 : Debug: main: nospace_user = "no" Fri Sep 21 15:28:28 2007 : Debug: main: nospace_pass = "no" Fri Sep 21 15:28:28 2007 : Debug: main: checkrad = "/usr/sbin/checkrad" Fri Sep 21 15:28:28 2007 : Debug: main: proxy_requests = yes Fri Sep 21 15:28:28 2007 : Debug: proxy: retry_delay = 5 Fri Sep 21 15:28:28 2007 : Debug: proxy: retry_count = 3 Fri Sep 21 15:28:28 2007 : Debug: proxy: synchronous = no Fri Sep 21 15:28:28 2007 : Debug: proxy: default_fallback = yes Fri Sep 21 15:28:28 2007 : Debug: proxy: dead_time = 120 Fri Sep 21 15:28:28 2007 : Debug: proxy: post_proxy_authorize = yes Fri Sep 21 15:28:28 2007 : Debug: proxy: wake_all_if_all_dead = no Fri Sep 21 15:28:28 2007 : Debug: security: max_attributes = 200 Fri Sep 21 15:28:28 2007 : Debug: security: reject_delay = 1 Fri Sep 21 15:28:28 2007 : Debug: security: status_server = yes Fri Sep 21 15:28:28 2007 : Debug: main: debug_level = 0 Fri Sep 21 15:28:28 2007 : Debug: read_config_files: reading dictionary Fri Sep 21 15:28:28 2007 : Debug: read_config_files: reading naslist Fri Sep 21 15:28:28 2007 : Debug: read_config_files: reading clients Fri Sep 21 15:28:28 2007 : Debug: read_config_files: reading realms Fri Sep 21 15:28:28 2007 : Debug: listen: port = 0 Fri Sep 21 15:28:28 2007 : Debug: listen: type = "auth" Fri Sep 21 15:28:28 2007 : Debug: listen: port = 0 Fri Sep 21 15:28:28 2007 : Debug: listen: type = "acct" Fri Sep 21 15:28:28 2007 : Debug: radiusd: entering modules setup Fri Sep 21 15:28:28 2007 : Debug: Module: Library search path is /usr/lib/freeradius Fri Sep 21 15:28:28 2007 : Debug: Module: Loaded exec Fri Sep 21 15:28:28 2007 : Debug: exec: wait = no Fri Sep 21 15:28:28 2007 : Debug: exec: program = "(null)" Fri Sep 21 15:28:28 2007 : Debug: exec: input_pairs = "request" Fri Sep 21 15:28:28 2007 : Debug: exec: output_pairs = "(null)" Fri Sep 21 15:28:28 2007 : Debug: exec: packet_type = "(null)" Fri Sep 21 15:28:28 2007 : Debug: Module: Instantiated exec (exec) Fri Sep 21 15:28:28 2007 : Debug: Module: Loaded expr Fri Sep 21 15:28:28 2007 : Debug: Module: Instantiated expr (expr) Fri Sep 21 15:28:28 2007 : Debug: Module: Loaded LDAP Fri Sep 21 15:28:28 2007 : Debug: ldap: server = "ldaps://ldap.grenoble.cnrs.fr" Fri Sep 21 15:28:28 2007 : Debug: ldap: port = 389 Fri Sep 21 15:28:28 2007 : Debug: ldap: net_timeout = 1 Fri Sep 21 15:28:28 2007 : Debug: ldap: timeout = 4 Fri Sep 21 15:28:28 2007 : Debug: ldap: timelimit = 3 Fri Sep 21 15:28:28 2007 : Debug: ldap: identity = "cn=rad,dc=grenoble,dc=cnrs,dc=fr" Fri Sep 21 15:28:28 2007 : Debug: ldap: tls_mode = no Fri Sep 21 15:28:28 2007 : Debug: ldap: start_tls = no Fri Sep 21 15:28:28 2007 : Debug: ldap: tls_cacertfile = "(null)" Fri Sep 21 15:28:28 2007 : Debug: ldap: tls_cacertdir = "(null)" Fri Sep 21 15:28:28 2007 : Debug: ldap: tls_certfile = "(null)" Fri Sep 21 15:28:28 2007 : Debug: ldap: tls_keyfile = "(null)" Fri Sep 21 15:28:28 2007 : Debug: ldap: tls_randfile = "(null)" Fri Sep 21 15:28:28 2007 : Debug: ldap: tls_require_cert = "allow" Fri Sep 21 15:28:28 2007 : Debug: ldap: password = "XXXXXXX" Fri Sep 21 15:28:28 2007 : Debug: ldap: basedn = "ou=users,dc=grenoble,dc=cnrs,dc=fr" Fri Sep 21 15:28:28 2007 : Debug: ldap: filter = "(|(|(uid=%{Stripped-User-Name:-%{User-Name}})(mail=%{Stripped-User-Name:-%{User-Name}}))(mail=%{Stripped-User-Name:-%{User-Name}}@grenoble.cnrs.fr))" Fri Sep 21 15:28:28 2007 : Debug: ldap: base_filter = "(objectclass=radiusprofile)" Fri Sep 21 15:28:28 2007 : Debug: ldap: default_profile = "(null)" Fri Sep 21 15:28:28 2007 : Debug: ldap: profile_attribute = "(null)" Fri Sep 21 15:28:28 2007 : Debug: ldap: password_header = "(null)" Fri Sep 21 15:28:28 2007 : Debug: ldap: password_attribute = "(null)" Fri Sep 21 15:28:28 2007 : Debug: ldap: access_attr = "(null)" Fri Sep 21 15:28:28 2007 : Debug: ldap: groupname_attribute = "radiusGroupName" Fri Sep 21 15:28:28 2007 : Debug: ldap: groupmembership_filter = "(|(|(uid=%{Stripped-User-Name:-%{User-Name}})(mail=%{Stripped-User-Name:-%{User-Name}}))(mail=%{Stripped-User-Name:-%{User-Name}}@grenoble.cnrs.fr))" Fri Sep 21 15:28:28 2007 : Debug: ldap: groupmembership_attribute = "radiusGroupName" Fri Sep 21 15:28:28 2007 : Debug: ldap: dictionary_mapping = "/etc/freeradius/ldap.attrmap" Fri Sep 21 15:28:28 2007 : Debug: ldap: ldap_debug = 0 Fri Sep 21 15:28:28 2007 : Debug: ldap: ldap_connections_number = 5 Fri Sep 21 15:28:28 2007 : Debug: ldap: compare_check_items = no Fri Sep 21 15:28:28 2007 : Debug: ldap: access_attr_used_for_allow = yes Fri Sep 21 15:28:28 2007 : Debug: ldap: do_xlat = yes Fri Sep 21 15:28:28 2007 : Debug: ldap: edir_account_policy_check = no Fri Sep 21 15:28:28 2007 : Debug: ldap: set_auth_type = yes Fri Sep 21 15:28:28 2007 : Debug: rlm_ldap: Registering ldap_groupcmp for Ldap-Group Fri Sep 21 15:28:28 2007 : Debug: rlm_ldap: Registering ldap_xlat with xlat_name ldap Fri Sep 21 15:28:28 2007 : Debug: rlm_ldap: reading ldap<->radius mappings from file /etc/freeradius/ldap.attrmap Fri Sep 21 15:28:28 2007 : Debug: rlm_ldap: LDAP radiusCheckItem mapped to RADIUS $GENERIC$ Fri Sep 21 15:28:28 2007 : Debug: rlm_ldap: LDAP radiusReplyItem mapped to RADIUS $GENERIC$ Fri Sep 21 15:28:28 2007 : Debug: rlm_ldap: LDAP radiusAuthType mapped to RADIUS Auth-Type Fri Sep 21 15:28:28 2007 : Debug: rlm_ldap: LDAP radiusSimultaneousUse mapped to RADIUS Simultaneous-Use Fri Sep 21 15:28:28 2007 : Debug: rlm_ldap: LDAP radiusCalledStationId mapped to RADIUS Called-Station-Id Fri Sep 21 15:28:28 2007 : Debug: rlm_ldap: LDAP radiusCallingStationId mapped to RADIUS Calling-Station-Id Fri Sep 21 15:28:28 2007 : Debug: rlm_ldap: LDAP lmPassword mapped to RADIUS LM-Password Fri Sep 21 15:28:28 2007 : Debug: rlm_ldap: LDAP ntPassword mapped to RADIUS NT-Password Fri Sep 21 15:28:28 2007 : Debug: rlm_ldap: LDAP acctFlags mapped to RADIUS SMB-Account-CTRL-TEXT Fri Sep 21 15:28:28 2007 : Debug: rlm_ldap: LDAP radiusExpiration mapped to RADIUS Expiration Fri Sep 21 15:28:28 2007 : Debug: rlm_ldap: LDAP radiusNASIpAddress mapped to RADIUS NAS-IP-Address Fri Sep 21 15:28:28 2007 : Debug: rlm_ldap: LDAP radiusServiceType mapped to RADIUS Service-Type Fri Sep 21 15:28:28 2007 : Debug: rlm_ldap: LDAP radiusFramedProtocol mapped to RADIUS Framed-Protocol Fri Sep 21 15:28:28 2007 : Debug: rlm_ldap: LDAP radiusFramedIPAddress mapped to RADIUS Framed-IP-Address Fri Sep 21 15:28:28 2007 : Debug: rlm_ldap: LDAP radiusFramedIPNetmask mapped to RADIUS Framed-IP-Netmask Fri Sep 21 15:28:28 2007 : Debug: rlm_ldap: LDAP radiusFramedRoute mapped to RADIUS Framed-Route Fri Sep 21 15:28:28 2007 : Debug: rlm_ldap: LDAP radiusFramedRouting mapped to RADIUS Framed-Routing Fri Sep 21 15:28:28 2007 : Debug: rlm_ldap: LDAP radiusFilterId mapped to RADIUS Filter-Id Fri Sep 21 15:28:28 2007 : Debug: rlm_ldap: LDAP radiusFramedMTU mapped to RADIUS Framed-MTU Fri Sep 21 15:28:28 2007 : Debug: rlm_ldap: LDAP radiusFramedCompression mapped to RADIUS Framed-Compression Fri Sep 21 15:28:28 2007 : Debug: rlm_ldap: LDAP radiusLoginIPHost mapped to RADIUS Login-IP-Host Fri Sep 21 15:28:28 2007 : Debug: rlm_ldap: LDAP radiusLoginService mapped to RADIUS Login-Service Fri Sep 21 15:28:28 2007 : Debug: rlm_ldap: LDAP radiusLoginTCPPort mapped to RADIUS Login-TCP-Port Fri Sep 21 15:28:28 2007 : Debug: rlm_ldap: LDAP radiusCallbackNumber mapped to RADIUS Callback-Number Fri Sep 21 15:28:28 2007 : Debug: rlm_ldap: LDAP radiusCallbackId mapped to RADIUS Callback-Id Fri Sep 21 15:28:28 2007 : Debug: rlm_ldap: LDAP radiusFramedIPXNetwork mapped to RADIUS Framed-IPX-Network Fri Sep 21 15:28:28 2007 : Debug: rlm_ldap: LDAP radiusClass mapped to RADIUS Class Fri Sep 21 15:28:28 2007 : Debug: rlm_ldap: LDAP radiusSessionTimeout mapped to RADIUS Session-Timeout Fri Sep 21 15:28:28 2007 : Debug: rlm_ldap: LDAP radiusIdleTimeout mapped to RADIUS Idle-Timeout Fri Sep 21 15:28:28 2007 : Debug: rlm_ldap: LDAP radiusTerminationAction mapped to RADIUS Termination-Action Fri Sep 21 15:28:28 2007 : Debug: rlm_ldap: LDAP radiusLoginLATService mapped to RADIUS Login-LAT-Service Fri Sep 21 15:28:28 2007 : Debug: rlm_ldap: LDAP radiusLoginLATNode mapped to RADIUS Login-LAT-Node Fri Sep 21 15:28:28 2007 : Debug: rlm_ldap: LDAP radiusLoginLATGroup mapped to RADIUS Login-LAT-Group Fri Sep 21 15:28:28 2007 : Debug: rlm_ldap: LDAP radiusFramedAppleTalkLink mapped to RADIUS Framed-AppleTalk-Link Fri Sep 21 15:28:28 2007 : Debug: rlm_ldap: LDAP radiusFramedAppleTalkNetwork mapped to RADIUS Framed-AppleTalk-Network Fri Sep 21 15:28:28 2007 : Debug: rlm_ldap: LDAP radiusFramedAppleTalkZone mapped to RADIUS Framed-AppleTalk-Zone Fri Sep 21 15:28:28 2007 : Debug: rlm_ldap: LDAP radiusPortLimit mapped to RADIUS Port-Limit Fri Sep 21 15:28:28 2007 : Debug: rlm_ldap: LDAP radiusLoginLATPort mapped to RADIUS Login-LAT-Port Fri Sep 21 15:28:28 2007 : Debug: rlm_ldap: LDAP radiusReplyMessage mapped to RADIUS Reply-Message Fri Sep 21 15:28:28 2007 : Debug: conns: 0x5555557bc4c0 Fri Sep 21 15:28:28 2007 : Debug: Module: Instantiated ldap (ldap) Fri Sep 21 15:28:28 2007 : Debug: Module: Loaded eap Fri Sep 21 15:28:28 2007 : Debug: eap: default_eap_type = "ttls" Fri Sep 21 15:28:28 2007 : Debug: eap: timer_expire = 60 Fri Sep 21 15:28:28 2007 : Debug: eap: ignore_unknown_eap_types = yes Fri Sep 21 15:28:28 2007 : Debug: eap: cisco_accounting_username_bug = no Fri Sep 21 15:28:28 2007 : Debug: tls: rsa_key_exchange = no Fri Sep 21 15:28:28 2007 : Debug: tls: dh_key_exchange = yes Fri Sep 21 15:28:28 2007 : Debug: tls: rsa_key_length = 512 Fri Sep 21 15:28:28 2007 : Debug: tls: dh_key_length = 512 Fri Sep 21 15:28:28 2007 : Debug: tls: verify_depth = 0 Fri Sep 21 15:28:28 2007 : Debug: tls: CA_path = "(null)" Fri Sep 21 15:28:28 2007 : Debug: tls: pem_file_type = yes Fri Sep 21 15:28:28 2007 : Debug: tls: private_key_file = "/etc/freeradius/certs/radius.grenoble.cnrs.fr.key" Fri Sep 21 15:28:28 2007 : Debug: tls: certificate_file = "/etc/freeradius/certs/radius.grenoble.cnrs.fr.crt" Fri Sep 21 15:28:28 2007 : Debug: tls: CA_file = "/etc/freeradius/certs/CACNRS.pem" Fri Sep 21 15:28:28 2007 : Debug: tls: private_key_password = "(null)" Fri Sep 21 15:28:28 2007 : Debug: tls: dh_file = "/etc/freeradius/certs/dh" Fri Sep 21 15:28:28 2007 : Debug: tls: random_file = "/etc/freeradius/certs/random" Fri Sep 21 15:28:28 2007 : Debug: tls: fragment_size = 1024 Fri Sep 21 15:28:28 2007 : Debug: tls: include_length = yes Fri Sep 21 15:28:28 2007 : Debug: tls: check_crl = no Fri Sep 21 15:28:28 2007 : Debug: tls: check_cert_cn = "(null)" Fri Sep 21 15:28:28 2007 : Debug: tls: cipher_list = "DEFAULT" Fri Sep 21 15:28:28 2007 : Debug: tls: check_cert_issuer = "(null)" Fri Sep 21 15:28:28 2007 : Info: rlm_eap_tls: Loading the certificate file as a chain Fri Sep 21 15:28:28 2007 : Debug: rlm_eap: Loaded and initialized type tls Fri Sep 21 15:28:28 2007 : Debug: ttls: default_eap_type = "md5" Fri Sep 21 15:28:28 2007 : Debug: ttls: copy_request_to_tunnel = yes Fri Sep 21 15:28:28 2007 : Debug: ttls: use_tunneled_reply = yes Fri Sep 21 15:28:28 2007 : Debug: rlm_eap: Loaded and initialized type ttls Fri Sep 21 15:28:28 2007 : Debug: Module: Instantiated eap (eap) Fri Sep 21 15:28:28 2007 : Debug: Module: Loaded preprocess Fri Sep 21 15:28:28 2007 : Debug: preprocess: huntgroups = "/etc/freeradius/huntgroups" Fri Sep 21 15:28:28 2007 : Debug: preprocess: hints = "/etc/freeradius/hints" Fri Sep 21 15:28:28 2007 : Debug: preprocess: with_ascend_hack = no Fri Sep 21 15:28:28 2007 : Debug: preprocess: ascend_channels_per_line = 23 Fri Sep 21 15:28:28 2007 : Debug: preprocess: with_ntdomain_hack = no Fri Sep 21 15:28:28 2007 : Debug: preprocess: with_specialix_jetstream_hack = no Fri Sep 21 15:28:28 2007 : Debug: preprocess: with_cisco_vsa_hack = no Fri Sep 21 15:28:28 2007 : Debug: preprocess: with_alvarion_vsa_hack = no Fri Sep 21 15:28:28 2007 : Debug: Module: Instantiated preprocess (preprocess) Fri Sep 21 15:28:28 2007 : Debug: Module: Loaded realm Fri Sep 21 15:28:28 2007 : Debug: realm: format = "suffix" Fri Sep 21 15:28:28 2007 : Debug: realm: delimiter = "@" Fri Sep 21 15:28:28 2007 : Debug: realm: ignore_default = no Fri Sep 21 15:28:28 2007 : Debug: realm: ignore_null = no Fri Sep 21 15:28:28 2007 : Debug: Module: Instantiated realm (suffix) Fri Sep 21 15:28:28 2007 : Debug: Module: Loaded files Fri Sep 21 15:28:28 2007 : Debug: files: usersfile = "/etc/freeradius/users" Fri Sep 21 15:28:28 2007 : Debug: files: acctusersfile = "/etc/freeradius/acct_users" Fri Sep 21 15:28:28 2007 : Debug: files: preproxy_usersfile = "/etc/freeradius/preproxy_users" Fri Sep 21 15:28:28 2007 : Debug: files: compat = "no" Fri Sep 21 15:28:28 2007 : Debug: Module: Instantiated files (files) Fri Sep 21 15:28:28 2007 : Debug: Module: Loaded PAP Fri Sep 21 15:28:28 2007 : Debug: pap: encryption_scheme = "crypt" Fri Sep 21 15:28:28 2007 : Debug: pap: auto_header = no Fri Sep 21 15:28:28 2007 : Debug: Module: Instantiated pap (pap) Fri Sep 21 15:28:28 2007 : Debug: Module: Loaded Acct-Unique-Session-Id Fri Sep 21 15:28:28 2007 : Debug: acct_unique: key = "User-Name, Acct-Session-Id, NAS-IP-Address, Client-IP-Address, NAS-Port" Fri Sep 21 15:28:28 2007 : Debug: Module: Instantiated acct_unique (acct_unique) Fri Sep 21 15:28:28 2007 : Debug: Module: Loaded detail Fri Sep 21 15:28:28 2007 : Debug: detail: detailfile = "/var/log/freeradius/radacct/%{Client-IP-Address}/detail-%Y%m%d" Fri Sep 21 15:28:28 2007 : Debug: detail: detailperm = 384 Fri Sep 21 15:28:28 2007 : Debug: detail: dirperm = 493 Fri Sep 21 15:28:28 2007 : Debug: detail: locking = no Fri Sep 21 15:28:28 2007 : Debug: Module: Instantiated detail (detail) Fri Sep 21 15:28:28 2007 : Debug: Module: Loaded System Fri Sep 21 15:28:28 2007 : Debug: unix: cache = no Fri Sep 21 15:28:28 2007 : Debug: unix: passwd = "(null)" Fri Sep 21 15:28:28 2007 : Debug: unix: shadow = "(null)" Fri Sep 21 15:28:28 2007 : Debug: unix: group = "(null)" Fri Sep 21 15:28:28 2007 : Debug: unix: radwtmp = "/var/log/freeradius/radwtmp" Fri Sep 21 15:28:28 2007 : Debug: unix: usegroup = no Fri Sep 21 15:28:28 2007 : Debug: unix: cache_reload = 600 Fri Sep 21 15:28:28 2007 : Debug: Module: Instantiated unix (unix) Fri Sep 21 15:28:28 2007 : Debug: Module: Loaded radutmp Fri Sep 21 15:28:28 2007 : Debug: radutmp: filename = "/var/log/freeradius/radutmp" Fri Sep 21 15:28:28 2007 : Debug: radutmp: username = "%{User-Name}" Fri Sep 21 15:28:28 2007 : Debug: radutmp: case_sensitive = yes Fri Sep 21 15:28:28 2007 : Debug: radutmp: check_with_nas = yes Fri Sep 21 15:28:28 2007 : Debug: radutmp: perm = 384 Fri Sep 21 15:28:28 2007 : Debug: radutmp: callerid = yes Fri Sep 21 15:28:28 2007 : Debug: Module: Instantiated radutmp (radutmp) Fri Sep 21 15:28:28 2007 : Debug: Module: Loaded SQL Fri Sep 21 15:28:28 2007 : Debug: sql: driver = "rlm_sql_mysql" Fri Sep 21 15:28:28 2007 : Debug: sql: server = "localhost" Fri Sep 21 15:28:28 2007 : Debug: sql: port = "" Fri Sep 21 15:28:28 2007 : Debug: sql: login = "AcctRadius" Fri Sep 21 15:28:28 2007 : Debug: sql: password = "AcctRadius" Fri Sep 21 15:28:28 2007 : Debug: sql: radius_db = "accounting" Fri Sep 21 15:28:28 2007 : Debug: sql: nas_table = "nas" Fri Sep 21 15:28:28 2007 : Debug: sql: sqltrace = yes Fri Sep 21 15:28:28 2007 : Debug: sql: sqltracefile = "/var/log/freeradius/sqltrace.sql" Fri Sep 21 15:28:28 2007 : Debug: sql: readclients = no Fri Sep 21 15:28:28 2007 : Debug: sql: deletestalesessions = yes Fri Sep 21 15:28:28 2007 : Debug: sql: num_sql_socks = 5 Fri Sep 21 15:28:28 2007 : Debug: sql: sql_user_name = "%{User-Name}" Fri Sep 21 15:28:28 2007 : Debug: sql: default_user_profile = "" Fri Sep 21 15:28:28 2007 : Debug: sql: query_on_not_found = no Fri Sep 21 15:28:28 2007 : Debug: sql: authorize_check_query = "SELECT id, UserName, Attribute, Value, op FROM radcheck WHERE Username = '%{SQL-User-Name}' ORDER BY id" Fri Sep 21 15:28:28 2007 : Debug: sql: authorize_reply_query = "SELECT id, UserName, Attribute, Value, op FROM radreply WHERE Username = '%{SQL-User-Name}' ORDER BY id" Fri Sep 21 15:28:28 2007 : Debug: sql: authorize_group_check_query = "SELECT id, GroupName, Attribute, Value, op FROM radgroupcheck WHERE GroupName = '%{Sql-Group}' ORDER BY id" Fri Sep 21 15:28:28 2007 : Debug: sql: authorize_group_reply_query = "SELECT id, GroupName, Attribute, Value, op FROM radgroupreply WHERE GroupName = '%{Sql-Group}' ORDER BY id" Fri Sep 21 15:28:28 2007 : Debug: sql: accounting_onoff_query = "UPDATE radacct SET AcctStopTime='%S', AcctSessionTime=unix_timestamp('%S') - unix_timestamp(AcctStartTime), AcctTerminateCause='%{Acct-Terminate-Cause}', AcctStopDelay = %{Acct-Delay-Time:-0} WHERE AcctSessionTime=0 AND AcctStopTime=0 AND NASIPAddress= '%{NAS-IP-Address}' AND AcctStartTime <= '%S'" Fri Sep 21 15:28:28 2007 : Debug: sql: accounting_update_query = "UPDATE radacct SET FramedIPAddress = '%{Framed-IP-Address}', AcctSessionTime = '%{Acct-Session-Time}', AcctInputOctets = '%{Acct-Input-Octets}', AcctOutputOctets = '%{Acct-Output-Octets}' WHERE AcctSessionId = '%{Acct-Session-Id}' AND UserName = '%{SQL-User-Name}' AND NASIPAddress= '%{NAS-IP-Address}'" Fri Sep 21 15:28:28 2007 : Debug: sql: accounting_update_query_alt = "INSERT into radacct (AcctSessionId, AcctUniqueId, UserName, Realm, NASIPAddress, NASPortId, NASPortType, AcctStartTime, AcctSessionTime, AcctAuthentic, ConnectInfo_start, AcctInputOctets, AcctOutputOctets, CalledStationId, CallingStationId, ServiceType, FramedProtocol, FramedIPAddress, AcctStartDelay) values('%{Acct-Session-Id}', '%{Acct-Unique-Session-Id}', '%{SQL-User-Name}', '%{Realm}', '%{NAS-IP-Address}', '%{NAS-Port}', '%{NAS-Port-Type}', DATE_SUB('%S',INTERVAL (%{Acct-Session-Time:-0} + %{Acct-Delay-Time:-0}) SECOND), '%{Acct-Session-Time}', '%{Acct-Authentic}', '', '%{Acct-Input-Octets}', '%{Acct-Output-Octets}', '%{Called-Station-Id}', '%{Calling-Station-Id}', '%{Service-Type}', '%{Framed-Protocol}', '%{Framed-IP-Address}', '0')" Fri Sep 21 15:28:28 2007 : Debug: sql: accounting_start_query = "INSERT into radacct (AcctSessionId, AcctUniqueId, UserName, Realm, NASIPAddress, NASPortId, NASPortType, AcctStartTime, AcctStopTime, AcctSessionTime, AcctAuthentic, ConnectInfo_start, ConnectInfo_stop, AcctInputOctets, AcctOutputOctets, CalledStationId, CallingStationId, AcctTerminateCause, ServiceType, FramedProtocol, FramedIPAddress, AcctStartDelay, AcctStopDelay) values('%{Acct-Session-Id}', '%{Acct-Unique-Session-Id}', '%{SQL-User-Name}', '%{Realm}', '%{NAS-IP-Address}', '%{NAS-Port}', '%{NAS-Port-Type}', '%S', '0', '0', '%{Acct-Authentic}', '%{Connect-Info}', '', '0', '0', '%{Called-Station-Id}', '%{Calling-Station-Id}', '', '%{Service-Type}', '%{Framed-Protocol}', '%{Framed-IP-Address}', '%{Acct-Delay-Time:-0}', '0')" Fri Sep 21 15:28:28 2007 : Debug: sql: accounting_start_query_alt = "UPDATE radacct SET AcctStartTime = '%S', AcctStartDelay = '%{Acct-Delay-Time:-0}', ConnectInfo_start = '%{Connect-Info}' WHERE AcctSessionId = '%{Acct-Session-Id}' AND UserName = '%{SQL-User-Name}' AND NASIPAddress = '%{NAS-IP-Address}'" Fri Sep 21 15:28:28 2007 : Debug: sql: accounting_stop_query = "UPDATE radacct SET AcctStopTime = '%S', AcctSessionTime = '%{Acct-Session-Time}', AcctInputOctets = '%{Acct-Input-Octets}', AcctOutputOctets = '%{Acct-Output-Octets}', AcctTerminateCause = '%{Acct-Terminate-Cause}', AcctStopDelay = '%{Acct-Delay-Time:-0}', ConnectInfo_stop = '%{Connect-Info}' WHERE AcctSessionId = '%{Acct-Session-Id}' AND UserName = '%{SQL-User-Name}' AND NASIPAddress = '%{NAS-IP-Address}'" Fri Sep 21 15:28:28 2007 : Debug: sql: accounting_stop_query_alt = "INSERT into radacct (AcctSessionId, AcctUniqueId, UserName, Realm, NASIPAddress, NASPortId, NASPortType, AcctStartTime, AcctStopTime, AcctSessionTime, AcctAuthentic, ConnectInfo_start, ConnectInfo_stop, AcctInputOctets, AcctOutputOctets, CalledStationId, CallingStationId, AcctTerminateCause, ServiceType, FramedProtocol, FramedIPAddress, AcctStartDelay, AcctStopDelay) values('%{Acct-Session-Id}', '%{Acct-Unique-Session-Id}', '%{SQL-User-Name}', '%{Realm}', '%{NAS-IP-Address}', '%{NAS-Port}', '%{NAS-Port-Type}', DATE_SUB('%S', INTERVAL (%{Acct-Session-Time:-0} + %{Acct-Delay-Time:-0}) SECOND), '%S', '%{Acct-Session-Time}', '%{Acct-Authentic}', '', '%{Connect-Info}', '%{Acct-Input-Octets}', '%{Acct-Output-Octets}', '%{Called-Station-Id}', '%{Calling-Station-Id}', '%{Acct-Terminate-Cause}', '%{Service-Type}', '%{Framed-Protocol}', '%{Framed-IP-Address}', '0', '%{Acct-Delay-Time:-0}')" Fri Sep 21 15:28:28 2007 : Debug: sql: group_membership_query = "SELECT GroupName FROM radusergroup WHERE UserName = '%{SQL-User-Name}' ORDER BY priority" Fri Sep 21 15:28:28 2007 : Debug: sql: connect_failure_retry_delay = 60 Fri Sep 21 15:28:28 2007 : Debug: sql: simul_count_query = "" Fri Sep 21 15:28:28 2007 : Debug: sql: simul_verify_query = "SELECT RadAcctId, AcctSessionId, UserName, NASIPAddress, NASPortId, FramedIPAddress, CallingStationId, FramedProtocol FROM radacct WHERE UserName='%{SQL-User-Name}' AND AcctStopTime = 0" Fri Sep 21 15:28:28 2007 : Debug: sql: postauth_query = "INSERT into radpostauth (id, user, pass, reply, date) values ('', '%{User-Name}', '%{User-Password:-Chap-Password}', '%{reply:Packet-Type}', '%S')" Fri Sep 21 15:28:28 2007 : Debug: sql: safe-characters = "@abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789.-_: /" Fri Sep 21 15:28:28 2007 : Info: rlm_sql (sql): Driver rlm_sql_mysql (module rlm_sql_mysql) loaded and linked Fri Sep 21 15:28:28 2007 : Info: rlm_sql (sql): Attempting to connect to AcctRadius@localhost:/accounting Fri Sep 21 15:28:28 2007 : Debug: rlm_sql (sql): starting 0 Fri Sep 21 15:28:28 2007 : Debug: rlm_sql (sql): Attempting to connect rlm_sql_mysql #0 Fri Sep 21 15:28:28 2007 : Info: rlm_sql_mysql: Starting connect to MySQL server for #0 Fri Sep 21 15:28:28 2007 : Debug: rlm_sql (sql): Connected new DB handle, #0 Fri Sep 21 15:28:28 2007 : Debug: rlm_sql (sql): starting 1 Fri Sep 21 15:28:28 2007 : Debug: rlm_sql (sql): Attempting to connect rlm_sql_mysql #1 Fri Sep 21 15:28:28 2007 : Info: rlm_sql_mysql: Starting connect to MySQL server for #1 Fri Sep 21 15:28:28 2007 : Debug: rlm_sql (sql): Connected new DB handle, #1 Fri Sep 21 15:28:28 2007 : Debug: rlm_sql (sql): starting 2 Fri Sep 21 15:28:28 2007 : Debug: rlm_sql (sql): Attempting to connect rlm_sql_mysql #2 Fri Sep 21 15:28:28 2007 : Info: rlm_sql_mysql: Starting connect to MySQL server for #2 Fri Sep 21 15:28:28 2007 : Debug: rlm_sql (sql): Connected new DB handle, #2 Fri Sep 21 15:28:28 2007 : Debug: rlm_sql (sql): starting 3 Fri Sep 21 15:28:28 2007 : Debug: rlm_sql (sql): Attempting to connect rlm_sql_mysql #3 Fri Sep 21 15:28:28 2007 : Info: rlm_sql_mysql: Starting connect to MySQL server for #3 Fri Sep 21 15:28:28 2007 : Debug: rlm_sql (sql): Connected new DB handle, #3 Fri Sep 21 15:28:28 2007 : Debug: rlm_sql (sql): starting 4 Fri Sep 21 15:28:28 2007 : Debug: rlm_sql (sql): Attempting to connect rlm_sql_mysql #4 Fri Sep 21 15:28:28 2007 : Info: rlm_sql_mysql: Starting connect to MySQL server for #4 Fri Sep 21 15:28:28 2007 : Debug: rlm_sql (sql): Connected new DB handle, #4 Fri Sep 21 15:28:28 2007 : Debug: Module: Instantiated sql (sql) Fri Sep 21 15:28:28 2007 : Debug: Module: Loaded attr_filter Fri Sep 21 15:28:28 2007 : Debug: attr_filter: attrsfile = "/etc/freeradius/attrs.accounting_response" Fri Sep 21 15:28:28 2007 : Error: rlm_attr_filter: Authorize method will be deprecated. Fri Sep 21 15:28:28 2007 : Debug: Module: Instantiated attr_filter (attr_filter.accounting_response) Fri Sep 21 15:28:28 2007 : Debug: detail: detailfile = "/var/log/freeradius/radacct/%{Client-IP-Address}/pre-proxy-detail-%Y%m%d" Fri Sep 21 15:28:28 2007 : Debug: detail: detailperm = 384 Fri Sep 21 15:28:28 2007 : Debug: detail: dirperm = 493 Fri Sep 21 15:28:28 2007 : Debug: detail: locking = no Fri Sep 21 15:28:28 2007 : Debug: Module: Instantiated detail (pre_proxy_log) Fri Sep 21 15:28:28 2007 : Debug: detail: detailfile = "/var/log/freeradius/radacct/%{Client-IP-Address}/post-proxy-detail-%Y%m%d" Fri Sep 21 15:28:28 2007 : Debug: detail: detailperm = 384 Fri Sep 21 15:28:28 2007 : Debug: detail: dirperm = 493 Fri Sep 21 15:28:28 2007 : Debug: detail: locking = no Fri Sep 21 15:28:28 2007 : Debug: Module: Instantiated detail (post_proxy_log) Fri Sep 21 15:28:28 2007 : Debug: attr_filter: attrsfile = "/etc/freeradius/attrs" Fri Sep 21 15:28:28 2007 : Error: rlm_attr_filter: Authorize method will be deprecated. Fri Sep 21 15:28:28 2007 : Debug: Module: Instantiated attr_filter (attr_filter.post-proxy) Fri Sep 21 15:28:28 2007 : Debug: detail: detailfile = "/var/log/freeradius/radacct/%{Client-IP-Address}/post-proxy-detail-%Y%m%d-filtre" Fri Sep 21 15:28:28 2007 : Debug: detail: detailperm = 384 Fri Sep 21 15:28:28 2007 : Debug: detail: dirperm = 493 Fri Sep 21 15:28:28 2007 : Debug: detail: locking = no Fri Sep 21 15:28:28 2007 : Debug: Module: Instantiated detail (post_proxy_log_filtre) Fri Sep 21 15:28:28 2007 : Debug: Listening on authentication *:1812 Fri Sep 21 15:28:28 2007 : Debug: Listening on accounting *:1813 Fri Sep 21 15:28:28 2007 : Debug: Listening on proxy *:1814 Fri Sep 21 15:28:28 2007 : Info: Ready to process requests. rad_recv: Access-Request packet from host 192.168.240.131:1812, id=163, length=145 NAS-IP-Address = 192.168.240.131 NAS-Port = 50019 NAS-Port-Type = Ethernet User-Name = "cric@domtest.fr" Called-Station-Id = "00-08-A3-72-C9-13" Calling-Station-Id = "00-30-13-C5-96-6D" Service-Type = Framed-User Framed-MTU = 1500 EAP-Message = 0x02000014016372696340646f6d746573742e6672 Message-Authenticator = 0xaffa096ac9d2b52f0add6ba1fa51b315 Fri Sep 21 15:28:44 2007 : Debug: Processing the authorize section of radiusd.conf Fri Sep 21 15:28:44 2007 : Debug: modcall: entering group authorize for request 0 Fri Sep 21 15:28:44 2007 : Debug: modsingle[authorize]: calling preprocess (rlm_preprocess) for request 0 Fri Sep 21 15:28:44 2007 : Debug: modsingle[authorize]: returned from preprocess (rlm_preprocess) for request 0 Fri Sep 21 15:28:44 2007 : Debug: modcall[authorize]: module "preprocess" returns ok for request 0 Fri Sep 21 15:28:44 2007 : Debug: modsingle[authorize]: calling suffix (rlm_realm) for request 0 Fri Sep 21 15:28:44 2007 : Debug: rlm_realm: Looking up realm "domtest.fr" for User-Name = "cric@domtest.fr" Fri Sep 21 15:28:44 2007 : Debug: rlm_realm: Found realm "DEFAULT" Fri Sep 21 15:28:44 2007 : Debug: rlm_realm: Proxying request from user cric to realm DEFAULT Fri Sep 21 15:28:44 2007 : Debug: rlm_realm: Adding Realm = "DEFAULT" Fri Sep 21 15:28:44 2007 : Debug: rlm_realm: Preparing to proxy authentication request to realm "DEFAULT" Fri Sep 21 15:28:44 2007 : Debug: modsingle[authorize]: returned from suffix (rlm_realm) for request 0 Fri Sep 21 15:28:44 2007 : Debug: modcall[authorize]: module "suffix" returns updated for request 0 Fri Sep 21 15:28:44 2007 : Debug: modsingle[authorize]: calling eap (rlm_eap) for request 0 Fri Sep 21 15:28:44 2007 : Debug: rlm_eap: Request is supposed to be proxied to Realm DEFAULT. Not doing EAP. Fri Sep 21 15:28:44 2007 : Debug: modsingle[authorize]: returned from eap (rlm_eap) for request 0 Fri Sep 21 15:28:44 2007 : Debug: modcall[authorize]: module "eap" returns noop for request 0 Fri Sep 21 15:28:44 2007 : Debug: modsingle[authorize]: calling files (rlm_files) for request 0 Fri Sep 21 15:28:44 2007 : Debug: users: Matched entry DEFAULT at line 347 Fri Sep 21 15:28:44 2007 : Debug: modsingle[authorize]: returned from files (rlm_files) for request 0 Fri Sep 21 15:28:44 2007 : Debug: modcall[authorize]: module "files" returns ok for request 0 Fri Sep 21 15:28:44 2007 : Debug: modsingle[authorize]: calling pap (rlm_pap) for request 0 Fri Sep 21 15:28:44 2007 : Debug: modsingle[authorize]: returned from pap (rlm_pap) for request 0 Fri Sep 21 15:28:44 2007 : Debug: modcall[authorize]: module "pap" returns noop for request 0 Fri Sep 21 15:28:44 2007 : Debug: modcall: leaving group authorize (returns updated) for request 0 Fri Sep 21 15:28:44 2007 : Debug: Processing the pre-proxy section of radiusd.conf Fri Sep 21 15:28:44 2007 : Debug: modcall: entering group pre-proxy for request 0 Fri Sep 21 15:28:44 2007 : Debug: modsingle[pre-proxy]: calling files (rlm_files) for request 0 Fri Sep 21 15:28:44 2007 : Debug: preproxy_users: Matched entry DEFAULT at line 34 Fri Sep 21 15:28:44 2007 : Debug: modsingle[pre-proxy]: returned from files (rlm_files) for request 0 Fri Sep 21 15:28:44 2007 : Debug: modcall[pre-proxy]: module "files" returns ok for request 0 Fri Sep 21 15:28:44 2007 : Debug: modsingle[pre-proxy]: calling pre_proxy_log (rlm_detail) for request 0 Fri Sep 21 15:28:44 2007 : Debug: radius_xlat: '/var/log/freeradius/radacct/192.168.240.131/pre-proxy-detail-20070921' Fri Sep 21 15:28:44 2007 : Debug: rlm_detail: /var/log/freeradius/radacct/%{Client-IP-Address}/pre-proxy-detail-%Y%m%d expands to /var/log/freeradius/radacct/192.168.240.131/pre-proxy-detail-20070921 Fri Sep 21 15:28:44 2007 : Debug: modsingle[pre-proxy]: returned from pre_proxy_log (rlm_detail) for request 0 Fri Sep 21 15:28:44 2007 : Debug: modcall[pre-proxy]: module "pre_proxy_log" returns ok for request 0 Fri Sep 21 15:28:44 2007 : Debug: modcall: leaving group pre-proxy (returns ok) for request 0 Fri Sep 21 15:28:44 2007 : Debug: proxy: creating 1001ad93:1812 Fri Sep 21 15:28:44 2007 : Debug: proxy: allocating 1001ad93:1812 0 Sending Access-Request of id 0 to 147.173.1.16 port 1812 NAS-IP-Address := 147.173.1.27 NAS-Port = 50019 NAS-Port-Type = Ethernet User-Name = "cric@domtest.fr" Called-Station-Id = "00-08-A3-72-C9-13" Calling-Station-Id = "00-30-13-C5-96-6D" Service-Type = Framed-User Framed-MTU = 1500 EAP-Message = 0x02000014016372696340646f6d746573742e6672 Message-Authenticator = 0x00000000000000000000000000000000 Proxy-State = 0x313633 Fri Sep 21 15:28:44 2007 : Debug: --- Walking the entire request list --- Fri Sep 21 15:28:44 2007 : Debug: Waking up in 6 seconds... rad_recv: Access-Challenge packet from host 147.173.1.16:1812, id=0, length=86 Fri Sep 21 15:28:44 2007 : Debug: proxy: de-allocating 1001ad93:1812 0 Tunnel-Type:0 = VLAN Tunnel-Medium-Type:0 = IEEE-802 Tunnel-Private-Group-Id:0 = "240" EAP-Message = 0x010100061520 Message-Authenticator = 0x4c065eeb6f32de034040221977db8d09 State = 0xb12ee7007a9b0dc2b96c31b5606f486b Proxy-State = 0x313633 Fri Sep 21 15:28:44 2007 : Debug: Processing the post-proxy section of radiusd.conf Fri Sep 21 15:28:44 2007 : Debug: modcall: entering group post-proxy for request 0 Fri Sep 21 15:28:44 2007 : Debug: modsingle[post-proxy]: calling post_proxy_log (rlm_detail) for request 0 Fri Sep 21 15:28:44 2007 : Debug: radius_xlat: '/var/log/freeradius/radacct/192.168.240.131/post-proxy-detail-20070921' Fri Sep 21 15:28:44 2007 : Debug: rlm_detail: /var/log/freeradius/radacct/%{Client-IP-Address}/post-proxy-detail-%Y%m%d expands to /var/log/freeradius/radacct/192.168.240.131/post-proxy-detail-20070921 Fri Sep 21 15:28:44 2007 : Debug: modsingle[post-proxy]: returned from post_proxy_log (rlm_detail) for request 0 Fri Sep 21 15:28:44 2007 : Debug: modcall[post-proxy]: module "post_proxy_log" returns ok for request 0 Fri Sep 21 15:28:44 2007 : Debug: modsingle[post-proxy]: calling attr_filter.post-proxy (rlm_attr_filter) for request 0 Fri Sep 21 15:28:44 2007 : Debug: attr_filter: Matched entry DEFAULT at line 106 Fri Sep 21 15:28:44 2007 : Debug: modsingle[post-proxy]: returned from attr_filter.post-proxy (rlm_attr_filter) for request 0 Fri Sep 21 15:28:44 2007 : Debug: modcall[post-proxy]: module "attr_filter.post-proxy" returns updated for request 0 Fri Sep 21 15:28:44 2007 : Debug: modsingle[post-proxy]: calling post_proxy_log_filtre (rlm_detail) for request 0 Fri Sep 21 15:28:44 2007 : Debug: radius_xlat: '/var/log/freeradius/radacct/192.168.240.131/post-proxy-detail-20070921-filtre' Fri Sep 21 15:28:44 2007 : Debug: rlm_detail: /var/log/freeradius/radacct/%{Client-IP-Address}/post-proxy-detail-%Y%m%d-filtre expands to /var/log/freeradius/radacct/192.168.240.131/post-proxy-detail-20070921-filtre Fri Sep 21 15:28:44 2007 : Debug: modsingle[post-proxy]: returned from post_proxy_log_filtre (rlm_detail) for request 0 Fri Sep 21 15:28:44 2007 : Debug: modcall[post-proxy]: module "post_proxy_log_filtre" returns ok for request 0 Fri Sep 21 15:28:44 2007 : Debug: modsingle[post-proxy]: calling eap (rlm_eap) for request 0 Fri Sep 21 15:28:44 2007 : Debug: modsingle[post-proxy]: returned from eap (rlm_eap) for request 0 Fri Sep 21 15:28:44 2007 : Debug: modcall[post-proxy]: module "eap" returns noop for request 0 Fri Sep 21 15:28:44 2007 : Debug: modcall: leaving group post-proxy (returns updated) for request 0 Sending Access-Challenge of id 163 to 192.168.240.131 port 1812 EAP-Message = 0x010100061520 Message-Authenticator = 0x00000000000000000000000000000000 State = 0xb12ee7007a9b0dc2b96c31b5606f486b Fri Sep 21 15:28:44 2007 : Debug: Finished request 0 Fri Sep 21 15:28:44 2007 : Debug: Going to the next request Fri Sep 21 15:28:44 2007 : Debug: rl_next: returning NULL Fri Sep 21 15:28:44 2007 : Debug: Waking up in 6 seconds... rad_recv: Access-Request packet from host 192.168.240.131:1812, id=164, length=203 NAS-IP-Address = 192.168.240.131 NAS-Port = 50019 NAS-Port-Type = Ethernet User-Name = "cric@domtest.fr" Called-Station-Id = "00-08-A3-72-C9-13" Calling-Station-Id = "00-30-13-C5-96-6D" Service-Type = Framed-User Framed-MTU = 1500 State = 0xb12ee7007a9b0dc2b96c31b5606f486b EAP-Message = 0x0201003c158000000032160301002d010000290301245a540a4e2e0ca897b8482764c40b5548ac23bdf1fec887bbe9ff23746b3395000002000a0100 Message-Authenticator = 0x29625b00af95ce7efb199ce523b60afb Fri Sep 21 15:28:44 2007 : Debug: Processing the authorize section of radiusd.conf Fri Sep 21 15:28:44 2007 : Debug: modcall: entering group authorize for request 1 Fri Sep 21 15:28:44 2007 : Debug: modsingle[authorize]: calling preprocess (rlm_preprocess) for request 1 Fri Sep 21 15:28:44 2007 : Debug: modsingle[authorize]: returned from preprocess (rlm_preprocess) for request 1 Fri Sep 21 15:28:44 2007 : Debug: modcall[authorize]: module "preprocess" returns ok for request 1 Fri Sep 21 15:28:44 2007 : Debug: modsingle[authorize]: calling suffix (rlm_realm) for request 1 Fri Sep 21 15:28:44 2007 : Debug: rlm_realm: Looking up realm "domtest.fr" for User-Name = "cric@domtest.fr" Fri Sep 21 15:28:44 2007 : Debug: rlm_realm: Found realm "DEFAULT" Fri Sep 21 15:28:44 2007 : Debug: rlm_realm: Proxying request from user cric to realm DEFAULT Fri Sep 21 15:28:44 2007 : Debug: rlm_realm: Adding Realm = "DEFAULT" Fri Sep 21 15:28:44 2007 : Debug: rlm_realm: Preparing to proxy authentication request to realm "DEFAULT" Fri Sep 21 15:28:44 2007 : Debug: modsingle[authorize]: returned from suffix (rlm_realm) for request 1 Fri Sep 21 15:28:44 2007 : Debug: modcall[authorize]: module "suffix" returns updated for request 1 Fri Sep 21 15:28:44 2007 : Debug: modsingle[authorize]: calling eap (rlm_eap) for request 1 Fri Sep 21 15:28:44 2007 : Debug: rlm_eap: Request is supposed to be proxied to Realm DEFAULT. Not doing EAP. Fri Sep 21 15:28:44 2007 : Debug: modsingle[authorize]: returned from eap (rlm_eap) for request 1 Fri Sep 21 15:28:44 2007 : Debug: modcall[authorize]: module "eap" returns noop for request 1 Fri Sep 21 15:28:44 2007 : Debug: modsingle[authorize]: calling files (rlm_files) for request 1 Fri Sep 21 15:28:44 2007 : Debug: users: Matched entry DEFAULT at line 347 Fri Sep 21 15:28:44 2007 : Debug: modsingle[authorize]: returned from files (rlm_files) for request 1 Fri Sep 21 15:28:44 2007 : Debug: modcall[authorize]: module "files" returns ok for request 1 Fri Sep 21 15:28:44 2007 : Debug: modsingle[authorize]: calling pap (rlm_pap) for request 1 Fri Sep 21 15:28:44 2007 : Debug: modsingle[authorize]: returned from pap (rlm_pap) for request 1 Fri Sep 21 15:28:44 2007 : Debug: modcall[authorize]: module "pap" returns noop for request 1 Fri Sep 21 15:28:44 2007 : Debug: modcall: leaving group authorize (returns updated) for request 1 Fri Sep 21 15:28:44 2007 : Debug: Processing the pre-proxy section of radiusd.conf Fri Sep 21 15:28:44 2007 : Debug: modcall: entering group pre-proxy for request 1 Fri Sep 21 15:28:44 2007 : Debug: modsingle[pre-proxy]: calling files (rlm_files) for request 1 Fri Sep 21 15:28:44 2007 : Debug: preproxy_users: Matched entry DEFAULT at line 34 Fri Sep 21 15:28:44 2007 : Debug: modsingle[pre-proxy]: returned from files (rlm_files) for request 1 Fri Sep 21 15:28:44 2007 : Debug: modcall[pre-proxy]: module "files" returns ok for request 1 Fri Sep 21 15:28:44 2007 : Debug: modsingle[pre-proxy]: calling pre_proxy_log (rlm_detail) for request 1 Fri Sep 21 15:28:44 2007 : Debug: radius_xlat: '/var/log/freeradius/radacct/192.168.240.131/pre-proxy-detail-20070921' Fri Sep 21 15:28:44 2007 : Debug: rlm_detail: /var/log/freeradius/radacct/%{Client-IP-Address}/pre-proxy-detail-%Y%m%d expands to /var/log/freeradius/radacct/192.168.240.131/pre-proxy-detail-20070921 Fri Sep 21 15:28:44 2007 : Debug: modsingle[pre-proxy]: returned from pre_proxy_log (rlm_detail) for request 1 Fri Sep 21 15:28:44 2007 : Debug: modcall[pre-proxy]: module "pre_proxy_log" returns ok for request 1 Fri Sep 21 15:28:44 2007 : Debug: modcall: leaving group pre-proxy (returns ok) for request 1 Fri Sep 21 15:28:44 2007 : Debug: proxy: allocating 1001ad93:1812 1 Sending Access-Request of id 1 to 147.173.1.16 port 1812 NAS-IP-Address := 147.173.1.27 NAS-Port = 50019 NAS-Port-Type = Ethernet User-Name = "cric@domtest.fr" Called-Station-Id = "00-08-A3-72-C9-13" Calling-Station-Id = "00-30-13-C5-96-6D" Service-Type = Framed-User Framed-MTU = 1500 State = 0xb12ee7007a9b0dc2b96c31b5606f486b EAP-Message = 0x0201003c158000000032160301002d010000290301245a540a4e2e0ca897b8482764c40b5548ac23bdf1fec887bbe9ff23746b3395000002000a0100 Message-Authenticator = 0x00000000000000000000000000000000 Proxy-State = 0x313634 Fri Sep 21 15:28:44 2007 : Debug: Waking up in 6 seconds... rad_recv: Access-Challenge packet from host 147.173.1.16:1812, id=1, length=1122 Fri Sep 21 15:28:44 2007 : Debug: proxy: de-allocating 1001ad93:1812 1 Tunnel-Type:0 = VLAN Tunnel-Medium-Type:0 = IEEE-802 Tunnel-Private-Group-Id:0 = "240" EAP-Message = 0x0102040a15c000000b51160301004a02000046030146f3c70c469ba7c582c24ce3c5367b25be794e5d4898329db8d0805bd8a4fbdb201a30ac2009fc4a362cb92449952cb916dc47317157d34f2f2fed37dc12f29e0e000a001603010af40b000af0000aed00040b30820407308202efa00302010202022aa9300d06092a864886f70d01010505003034310b3009060355040613024652310d300b060355040a1304434e5253311630140603550403130d434e52532d5374616e64617264301e170d3035313133303130323130305a170d3037313133303130323130305a3074310b3009060355040613024652310d300b060355040a1304434e525331 EAP-Message = 0x0e300c060355040b130555505231313120301e060355040313177261646975732e6772656e6f626c652e636e72732e66723124302206092a864886f70d010901161563726963406772656e6f626c652e636e72732e667230819f300d06092a864886f70d010101050003818d0030818902818100df35c7c5f7a9736b6ef45af154865888cb1feb2db74bee23a5d120e00d78f8776297efd28914c82b5e6253cf51b3b30b400dcadf9f96cf661554915043065443c6e22931cfb82ac8fd6af4a31083a57df1b5ac8a604d05e6bc3a02dd1f2b2570cc757346d93c1e8ddcb9f3f24042bcea5f731598f278f8715d1ea042580c3a930203010001a3820165 EAP-Message = 0x30820161300c0603551d130101ff04023000301106096086480186f84201010404030206c0300e0603551d0f0101ff0404030205e0301d0603551d250416301406082b0601050507030106082b06010505070302302f06096086480186f842010d0422162043657274696669636174207365727665757220434e52532d5374616e64617264301d0603551d0e04160414b201d9549927db5f2e5410d6b2b65ead9d77670c30530603551d23044c304a80146759a5e507744903ef05cfcc2ea418d510c89e3ca12fa42d302b310b3009060355040613024652310d300b060355040a1304434e5253310d300b06035504031304434e525382010230220603 EAP-Message = 0x551d11041b301982177261646975732e6772656e6f626c652e636e72732e667230460603551d1f043f303d303ba039a0378635687474703a2f2f63726c732e73657276696365732e636e72732e66722f434e52532d5374616e646172642f6765746465722e63726c300d06092a864886f70d010105050003820101000e12aad10f16c2e9e9dbc19673908f0168a4223139663ab18dadeecdd7106cdedd0f232c94b8e29cfe170ed0c2635518ac66b75bfff4e4cafb094c50eaef77d7990c9a75eda36f4cfb378188fe77368baab090f41d03742ca7c33eae07d8cd96d7268429385a1be32ee728175463a20e171d756011031039315a4b6a0c8923e9aa EAP-Message = 0x4f960ff197f0e929a194b0af6b8d41ce78620d7ef1d0 Message-Authenticator = 0xedbad2a5bd7e0c255296b55b70b196ac State = 0x3d0eeb485e82366a4c1c813c8953f7f1 Proxy-State = 0x313634 Fri Sep 21 15:28:44 2007 : Debug: Processing the post-proxy section of radiusd.conf Fri Sep 21 15:28:44 2007 : Debug: modcall: entering group post-proxy for request 1 Fri Sep 21 15:28:44 2007 : Debug: modsingle[post-proxy]: calling post_proxy_log (rlm_detail) for request 1 Fri Sep 21 15:28:44 2007 : Debug: radius_xlat: '/var/log/freeradius/radacct/192.168.240.131/post-proxy-detail-20070921' Fri Sep 21 15:28:44 2007 : Debug: rlm_detail: /var/log/freeradius/radacct/%{Client-IP-Address}/post-proxy-detail-%Y%m%d expands to /var/log/freeradius/radacct/192.168.240.131/post-proxy-detail-20070921 Fri Sep 21 15:28:44 2007 : Debug: modsingle[post-proxy]: returned from post_proxy_log (rlm_detail) for request 1 Fri Sep 21 15:28:44 2007 : Debug: modcall[post-proxy]: module "post_proxy_log" returns ok for request 1 Fri Sep 21 15:28:44 2007 : Debug: modsingle[post-proxy]: calling attr_filter.post-proxy (rlm_attr_filter) for request 1 Fri Sep 21 15:28:44 2007 : Debug: attr_filter: Matched entry DEFAULT at line 106 Fri Sep 21 15:28:44 2007 : Debug: modsingle[post-proxy]: returned from attr_filter.post-proxy (rlm_attr_filter) for request 1 Fri Sep 21 15:28:44 2007 : Debug: modcall[post-proxy]: module "attr_filter.post-proxy" returns updated for request 1 Fri Sep 21 15:28:44 2007 : Debug: modsingle[post-proxy]: calling post_proxy_log_filtre (rlm_detail) for request 1 Fri Sep 21 15:28:44 2007 : Debug: radius_xlat: '/var/log/freeradius/radacct/192.168.240.131/post-proxy-detail-20070921-filtre' Fri Sep 21 15:28:44 2007 : Debug: rlm_detail: /var/log/freeradius/radacct/%{Client-IP-Address}/post-proxy-detail-%Y%m%d-filtre expands to /var/log/freeradius/radacct/192.168.240.131/post-proxy-detail-20070921-filtre Fri Sep 21 15:28:44 2007 : Debug: modsingle[post-proxy]: returned from post_proxy_log_filtre (rlm_detail) for request 1 Fri Sep 21 15:28:44 2007 : Debug: modcall[post-proxy]: module "post_proxy_log_filtre" returns ok for request 1 Fri Sep 21 15:28:44 2007 : Debug: modsingle[post-proxy]: calling eap (rlm_eap) for request 1 Fri Sep 21 15:28:44 2007 : Debug: modsingle[post-proxy]: returned from eap (rlm_eap) for request 1 Fri Sep 21 15:28:44 2007 : Debug: modcall[post-proxy]: module "eap" returns noop for request 1 Fri Sep 21 15:28:44 2007 : Debug: modcall: leaving group post-proxy (returns updated) for request 1 Sending Access-Challenge of id 164 to 192.168.240.131 port 1812 EAP-Message = 0x0102040a15c000000b51160301004a02000046030146f3c70c469ba7c582c24ce3c5367b25be794e5d4898329db8d0805bd8a4fbdb201a30ac2009fc4a362cb92449952cb916dc47317157d34f2f2fed37dc12f29e0e000a001603010af40b000af0000aed00040b30820407308202efa00302010202022aa9300d06092a864886f70d01010505003034310b3009060355040613024652310d300b060355040a1304434e5253311630140603550403130d434e52532d5374616e64617264301e170d3035313133303130323130305a170d3037313133303130323130305a3074310b3009060355040613024652310d300b060355040a1304434e525331 EAP-Message = 0x0e300c060355040b130555505231313120301e060355040313177261646975732e6772656e6f626c652e636e72732e66723124302206092a864886f70d010901161563726963406772656e6f626c652e636e72732e667230819f300d06092a864886f70d010101050003818d0030818902818100df35c7c5f7a9736b6ef45af154865888cb1feb2db74bee23a5d120e00d78f8776297efd28914c82b5e6253cf51b3b30b400dcadf9f96cf661554915043065443c6e22931cfb82ac8fd6af4a31083a57df1b5ac8a604d05e6bc3a02dd1f2b2570cc757346d93c1e8ddcb9f3f24042bcea5f731598f278f8715d1ea042580c3a930203010001a3820165 EAP-Message = 0x30820161300c0603551d130101ff04023000301106096086480186f84201010404030206c0300e0603551d0f0101ff0404030205e0301d0603551d250416301406082b0601050507030106082b06010505070302302f06096086480186f842010d0422162043657274696669636174207365727665757220434e52532d5374616e64617264301d0603551d0e04160414b201d9549927db5f2e5410d6b2b65ead9d77670c30530603551d23044c304a80146759a5e507744903ef05cfcc2ea418d510c89e3ca12fa42d302b310b3009060355040613024652310d300b060355040a1304434e5253310d300b06035504031304434e525382010230220603 EAP-Message = 0x551d11041b301982177261646975732e6772656e6f626c652e636e72732e667230460603551d1f043f303d303ba039a0378635687474703a2f2f63726c732e73657276696365732e636e72732e66722f434e52532d5374616e646172642f6765746465722e63726c300d06092a864886f70d010105050003820101000e12aad10f16c2e9e9dbc19673908f0168a4223139663ab18dadeecdd7106cdedd0f232c94b8e29cfe170ed0c2635518ac66b75bfff4e4cafb094c50eaef77d7990c9a75eda36f4cfb378188fe77368baab090f41d03742ca7c33eae07d8cd96d7268429385a1be32ee728175463a20e171d756011031039315a4b6a0c8923e9aa EAP-Message = 0x4f960ff197f0e929a194b0af6b8d41ce78620d7ef1d0 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x3d0eeb485e82366a4c1c813c8953f7f1 Fri Sep 21 15:28:44 2007 : Debug: Finished request 1 Fri Sep 21 15:28:44 2007 : Debug: Going to the next request Fri Sep 21 15:28:44 2007 : Debug: Waking up in 6 seconds... rad_recv: Access-Request packet from host 192.168.240.131:1812, id=165, length=149 NAS-IP-Address = 192.168.240.131 NAS-Port = 50019 NAS-Port-Type = Ethernet User-Name = "cric@domtest.fr" Called-Station-Id = "00-08-A3-72-C9-13" Calling-Station-Id = "00-30-13-C5-96-6D" Service-Type = Framed-User Framed-MTU = 1500 State = 0x3d0eeb485e82366a4c1c813c8953f7f1 EAP-Message = 0x020200061500 Message-Authenticator = 0xd027a0ea20e75c3c8ed106d5beea84b7 Fri Sep 21 15:28:44 2007 : Debug: Processing the authorize section of radiusd.conf Fri Sep 21 15:28:44 2007 : Debug: modcall: entering group authorize for request 2 Fri Sep 21 15:28:44 2007 : Debug: modsingle[authorize]: calling preprocess (rlm_preprocess) for request 2 Fri Sep 21 15:28:44 2007 : Debug: modsingle[authorize]: returned from preprocess (rlm_preprocess) for request 2 Fri Sep 21 15:28:44 2007 : Debug: modcall[authorize]: module "preprocess" returns ok for request 2 Fri Sep 21 15:28:44 2007 : Debug: modsingle[authorize]: calling suffix (rlm_realm) for request 2 Fri Sep 21 15:28:44 2007 : Debug: rlm_realm: Looking up realm "domtest.fr" for User-Name = "cric@domtest.fr" Fri Sep 21 15:28:44 2007 : Debug: rlm_realm: Found realm "DEFAULT" Fri Sep 21 15:28:44 2007 : Debug: rlm_realm: Proxying request from user cric to realm DEFAULT Fri Sep 21 15:28:44 2007 : Debug: rlm_realm: Adding Realm = "DEFAULT" Fri Sep 21 15:28:44 2007 : Debug: rlm_realm: Preparing to proxy authentication request to realm "DEFAULT" Fri Sep 21 15:28:44 2007 : Debug: modsingle[authorize]: returned from suffix (rlm_realm) for request 2 Fri Sep 21 15:28:44 2007 : Debug: modcall[authorize]: module "suffix" returns updated for request 2 Fri Sep 21 15:28:44 2007 : Debug: modsingle[authorize]: calling eap (rlm_eap) for request 2 Fri Sep 21 15:28:44 2007 : Debug: rlm_eap: Request is supposed to be proxied to Realm DEFAULT. Not doing EAP. Fri Sep 21 15:28:44 2007 : Debug: modsingle[authorize]: returned from eap (rlm_eap) for request 2 Fri Sep 21 15:28:44 2007 : Debug: modcall[authorize]: module "eap" returns noop for request 2 Fri Sep 21 15:28:44 2007 : Debug: modsingle[authorize]: calling files (rlm_files) for request 2 Fri Sep 21 15:28:44 2007 : Debug: users: Matched entry DEFAULT at line 347 Fri Sep 21 15:28:44 2007 : Debug: modsingle[authorize]: returned from files (rlm_files) for request 2 Fri Sep 21 15:28:44 2007 : Debug: modcall[authorize]: module "files" returns ok for request 2 Fri Sep 21 15:28:44 2007 : Debug: modsingle[authorize]: calling pap (rlm_pap) for request 2 Fri Sep 21 15:28:44 2007 : Debug: modsingle[authorize]: returned from pap (rlm_pap) for request 2 Fri Sep 21 15:28:44 2007 : Debug: modcall[authorize]: module "pap" returns noop for request 2 Fri Sep 21 15:28:44 2007 : Debug: modcall: leaving group authorize (returns updated) for request 2 Fri Sep 21 15:28:44 2007 : Debug: Processing the pre-proxy section of radiusd.conf Fri Sep 21 15:28:44 2007 : Debug: modcall: entering group pre-proxy for request 2 Fri Sep 21 15:28:44 2007 : Debug: modsingle[pre-proxy]: calling files (rlm_files) for request 2 Fri Sep 21 15:28:44 2007 : Debug: preproxy_users: Matched entry DEFAULT at line 34 Fri Sep 21 15:28:44 2007 : Debug: modsingle[pre-proxy]: returned from files (rlm_files) for request 2 Fri Sep 21 15:28:44 2007 : Debug: modcall[pre-proxy]: module "files" returns ok for request 2 Fri Sep 21 15:28:44 2007 : Debug: modsingle[pre-proxy]: calling pre_proxy_log (rlm_detail) for request 2 Fri Sep 21 15:28:44 2007 : Debug: radius_xlat: '/var/log/freeradius/radacct/192.168.240.131/pre-proxy-detail-20070921' Fri Sep 21 15:28:44 2007 : Debug: rlm_detail: /var/log/freeradius/radacct/%{Client-IP-Address}/pre-proxy-detail-%Y%m%d expands to /var/log/freeradius/radacct/192.168.240.131/pre-proxy-detail-20070921 Fri Sep 21 15:28:44 2007 : Debug: modsingle[pre-proxy]: returned from pre_proxy_log (rlm_detail) for request 2 Fri Sep 21 15:28:44 2007 : Debug: modcall[pre-proxy]: module "pre_proxy_log" returns ok for request 2 Fri Sep 21 15:28:44 2007 : Debug: modcall: leaving group pre-proxy (returns ok) for request 2 Fri Sep 21 15:28:44 2007 : Debug: proxy: allocating 1001ad93:1812 2 Sending Access-Request of id 2 to 147.173.1.16 port 1812 NAS-IP-Address := 147.173.1.27 NAS-Port = 50019 NAS-Port-Type = Ethernet User-Name = "cric@domtest.fr" Called-Station-Id = "00-08-A3-72-C9-13" Calling-Station-Id = "00-30-13-C5-96-6D" Service-Type = Framed-User Framed-MTU = 1500 State = 0x3d0eeb485e82366a4c1c813c8953f7f1 EAP-Message = 0x020200061500 Message-Authenticator = 0x00000000000000000000000000000000 Proxy-State = 0x313635 Fri Sep 21 15:28:44 2007 : Debug: Waking up in 6 seconds... rad_recv: Access-Challenge packet from host 147.173.1.16:1812, id=2, length=1122 Fri Sep 21 15:28:44 2007 : Debug: proxy: de-allocating 1001ad93:1812 2 Tunnel-Type:0 = VLAN Tunnel-Medium-Type:0 = IEEE-802 Tunnel-Private-Group-Id:0 = "240" EAP-Message = 0x0103040a15c000000b51aef2010152718af34680242d09db9cfb824a49fb9fa25efb658d57bbf5f56d38a151404c9c6d6e5c14f1d82b180210568b32f2c8543ef9c3ae4ea1d535f7a1fc050ee430fa5d23db9663fa14e907f1f7fd32049d94f09fc1b959718cd615361b16db16dc7122bb17d80003713082036d30820255a003020102020102300d06092a864886f70d0101040500302b310b3009060355040613024652310d300b060355040a1304434e5253310d300b06035504031304434e5253301e170d3031303432373035343634395a170d3131303432353035343634395a3034310b3009060355040613024652310d300b060355040a130443 EAP-Message = 0x4e5253311630140603550403130d434e52532d5374616e6461726430820122300d06092a864886f70d01010105000382010f003082010a0282010100dce11e213d068beabd5eb488db0f9397b46d073d8662002dcaffb54a8ee756a48f612cf1a02aabf62add7c2cbfef75550bac094ee74e61c0e70cf09015451202c28cebc31264e26310182ecb0731d981e5dc29829b3156e2811e8a6fa7e8a958114456835db34e78702ddfb6fd728145d5f1ee4dceefbed53d0c9020459a0980af0f4cda200e80bf3ab3eb2780c0b90fc0a14e40dc3afd6a2abf40d52c7180f9f8ba6be4ea2a00ab2fbe9af0a7766d98299c0f2ff042f218975bc9f6cc195fbac2 EAP-Message = 0xbe12d25cb09094c0b7cb0604ef8f30ed322d7a4af793bba009a4b4ee33cbd0839bb5b5b390de8e901e599c20d54b1eedd74c4f86fa1c3a2aa1e9ac05a09dbf0203010001a3819230818f300c0603551d13040530030101ff301d0603551d0e041604146759a5e507744903ef05cfcc2ea418d510c89e3c30530603551d23044c304a801456eb68b9d25c7e98b5a553c3916f6358c4f96bb7a12fa42d302b310b3009060355040613024652310d300b060355040a1304434e5253310d300b06035504031304434e5253820100300b0603551d0f040403020106300d06092a864886f70d0101040500038201010006034783724590c24ee121d7ab17a901 EAP-Message = 0x5506ca406d55a21d5eebe2142359e409e290f63c8d36060f4ba7262365c2ea069a72bbb88ccb8a5fef7936257e00d7f30694fb8344292637c7eee987ce6c86801b713dd262aff6cd626c530fe67a93008c7b2e33e0411daabe659876f1950774b3e63f5375d54b06364b29c4f6dc8e138040107382ad157b047150b53733f2c864bba1107e36c6adaf6f7052a6d1aeccccbab0e859128f620dad03dd4b2ae8893988512fed61e8b73087db27556d6687a351098061715105be131dd94130fc755f0a969b18ffbe9081b413c0721108fd6a9a6a07bdf4832cb460366407fa3d6aa7b090047683dd33cb34e21798040ba1000368308203643082024ca003 EAP-Message = 0x020102020100300d06092a864886f70d010104050030 Message-Authenticator = 0xdb274e65c61fe03e51caee2a9f7bdd35 State = 0x7c105a0d72fd6059e842280d66b122d5 Proxy-State = 0x313635 Fri Sep 21 15:28:44 2007 : Debug: Processing the post-proxy section of radiusd.conf Fri Sep 21 15:28:44 2007 : Debug: modcall: entering group post-proxy for request 2 Fri Sep 21 15:28:44 2007 : Debug: modsingle[post-proxy]: calling post_proxy_log (rlm_detail) for request 2 Fri Sep 21 15:28:44 2007 : Debug: radius_xlat: '/var/log/freeradius/radacct/192.168.240.131/post-proxy-detail-20070921' Fri Sep 21 15:28:44 2007 : Debug: rlm_detail: /var/log/freeradius/radacct/%{Client-IP-Address}/post-proxy-detail-%Y%m%d expands to /var/log/freeradius/radacct/192.168.240.131/post-proxy-detail-20070921 Fri Sep 21 15:28:44 2007 : Debug: modsingle[post-proxy]: returned from post_proxy_log (rlm_detail) for request 2 Fri Sep 21 15:28:44 2007 : Debug: modcall[post-proxy]: module "post_proxy_log" returns ok for request 2 Fri Sep 21 15:28:44 2007 : Debug: modsingle[post-proxy]: calling attr_filter.post-proxy (rlm_attr_filter) for request 2 Fri Sep 21 15:28:44 2007 : Debug: attr_filter: Matched entry DEFAULT at line 106 Fri Sep 21 15:28:44 2007 : Debug: modsingle[post-proxy]: returned from attr_filter.post-proxy (rlm_attr_filter) for request 2 Fri Sep 21 15:28:44 2007 : Debug: modcall[post-proxy]: module "attr_filter.post-proxy" returns updated for request 2 Fri Sep 21 15:28:44 2007 : Debug: modsingle[post-proxy]: calling post_proxy_log_filtre (rlm_detail) for request 2 Fri Sep 21 15:28:44 2007 : Debug: radius_xlat: '/var/log/freeradius/radacct/192.168.240.131/post-proxy-detail-20070921-filtre' Fri Sep 21 15:28:44 2007 : Debug: rlm_detail: /var/log/freeradius/radacct/%{Client-IP-Address}/post-proxy-detail-%Y%m%d-filtre expands to /var/log/freeradius/radacct/192.168.240.131/post-proxy-detail-20070921-filtre Fri Sep 21 15:28:44 2007 : Debug: modsingle[post-proxy]: returned from post_proxy_log_filtre (rlm_detail) for request 2 Fri Sep 21 15:28:44 2007 : Debug: modcall[post-proxy]: module "post_proxy_log_filtre" returns ok for request 2 Fri Sep 21 15:28:44 2007 : Debug: modsingle[post-proxy]: calling eap (rlm_eap) for request 2 Fri Sep 21 15:28:44 2007 : Debug: modsingle[post-proxy]: returned from eap (rlm_eap) for request 2 Fri Sep 21 15:28:44 2007 : Debug: modcall[post-proxy]: module "eap" returns noop for request 2 Fri Sep 21 15:28:44 2007 : Debug: modcall: leaving group post-proxy (returns updated) for request 2 Sending Access-Challenge of id 165 to 192.168.240.131 port 1812 EAP-Message = 0x0103040a15c000000b51aef2010152718af34680242d09db9cfb824a49fb9fa25efb658d57bbf5f56d38a151404c9c6d6e5c14f1d82b180210568b32f2c8543ef9c3ae4ea1d535f7a1fc050ee430fa5d23db9663fa14e907f1f7fd32049d94f09fc1b959718cd615361b16db16dc7122bb17d80003713082036d30820255a003020102020102300d06092a864886f70d0101040500302b310b3009060355040613024652310d300b060355040a1304434e5253310d300b06035504031304434e5253301e170d3031303432373035343634395a170d3131303432353035343634395a3034310b3009060355040613024652310d300b060355040a130443 EAP-Message = 0x4e5253311630140603550403130d434e52532d5374616e6461726430820122300d06092a864886f70d01010105000382010f003082010a0282010100dce11e213d068beabd5eb488db0f9397b46d073d8662002dcaffb54a8ee756a48f612cf1a02aabf62add7c2cbfef75550bac094ee74e61c0e70cf09015451202c28cebc31264e26310182ecb0731d981e5dc29829b3156e2811e8a6fa7e8a958114456835db34e78702ddfb6fd728145d5f1ee4dceefbed53d0c9020459a0980af0f4cda200e80bf3ab3eb2780c0b90fc0a14e40dc3afd6a2abf40d52c7180f9f8ba6be4ea2a00ab2fbe9af0a7766d98299c0f2ff042f218975bc9f6cc195fbac2 EAP-Message = 0xbe12d25cb09094c0b7cb0604ef8f30ed322d7a4af793bba009a4b4ee33cbd0839bb5b5b390de8e901e599c20d54b1eedd74c4f86fa1c3a2aa1e9ac05a09dbf0203010001a3819230818f300c0603551d13040530030101ff301d0603551d0e041604146759a5e507744903ef05cfcc2ea418d510c89e3c30530603551d23044c304a801456eb68b9d25c7e98b5a553c3916f6358c4f96bb7a12fa42d302b310b3009060355040613024652310d300b060355040a1304434e5253310d300b06035504031304434e5253820100300b0603551d0f040403020106300d06092a864886f70d0101040500038201010006034783724590c24ee121d7ab17a901 EAP-Message = 0x5506ca406d55a21d5eebe2142359e409e290f63c8d36060f4ba7262365c2ea069a72bbb88ccb8a5fef7936257e00d7f30694fb8344292637c7eee987ce6c86801b713dd262aff6cd626c530fe67a93008c7b2e33e0411daabe659876f1950774b3e63f5375d54b06364b29c4f6dc8e138040107382ad157b047150b53733f2c864bba1107e36c6adaf6f7052a6d1aeccccbab0e859128f620dad03dd4b2ae8893988512fed61e8b73087db27556d6687a351098061715105be131dd94130fc755f0a969b18ffbe9081b413c0721108fd6a9a6a07bdf4832cb460366407fa3d6aa7b090047683dd33cb34e21798040ba1000368308203643082024ca003 EAP-Message = 0x020102020100300d06092a864886f70d010104050030 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x7c105a0d72fd6059e842280d66b122d5 Fri Sep 21 15:28:44 2007 : Debug: Finished request 2 Fri Sep 21 15:28:44 2007 : Debug: Going to the next request Fri Sep 21 15:28:44 2007 : Debug: Waking up in 6 seconds... rad_recv: Access-Request packet from host 192.168.240.131:1812, id=166, length=149 NAS-IP-Address = 192.168.240.131 NAS-Port = 50019 NAS-Port-Type = Ethernet User-Name = "cric@domtest.fr" Called-Station-Id = "00-08-A3-72-C9-13" Calling-Station-Id = "00-30-13-C5-96-6D" Service-Type = Framed-User Framed-MTU = 1500 State = 0x7c105a0d72fd6059e842280d66b122d5 EAP-Message = 0x020300061500 Message-Authenticator = 0x2fd8125685990ac070250772b371701b Fri Sep 21 15:28:44 2007 : Debug: Processing the authorize section of radiusd.conf Fri Sep 21 15:28:44 2007 : Debug: modcall: entering group authorize for request 3 Fri Sep 21 15:28:44 2007 : Debug: modsingle[authorize]: calling preprocess (rlm_preprocess) for request 3 Fri Sep 21 15:28:44 2007 : Debug: modsingle[authorize]: returned from preprocess (rlm_preprocess) for request 3 Fri Sep 21 15:28:44 2007 : Debug: modcall[authorize]: module "preprocess" returns ok for request 3 Fri Sep 21 15:28:44 2007 : Debug: modsingle[authorize]: calling suffix (rlm_realm) for request 3 Fri Sep 21 15:28:44 2007 : Debug: rlm_realm: Looking up realm "domtest.fr" for User-Name = "cric@domtest.fr" Fri Sep 21 15:28:44 2007 : Debug: rlm_realm: Found realm "DEFAULT" Fri Sep 21 15:28:44 2007 : Debug: rlm_realm: Proxying request from user cric to realm DEFAULT Fri Sep 21 15:28:44 2007 : Debug: rlm_realm: Adding Realm = "DEFAULT" Fri Sep 21 15:28:44 2007 : Debug: rlm_realm: Preparing to proxy authentication request to realm "DEFAULT" Fri Sep 21 15:28:44 2007 : Debug: modsingle[authorize]: returned from suffix (rlm_realm) for request 3 Fri Sep 21 15:28:44 2007 : Debug: modcall[authorize]: module "suffix" returns updated for request 3 Fri Sep 21 15:28:44 2007 : Debug: modsingle[authorize]: calling eap (rlm_eap) for request 3 Fri Sep 21 15:28:44 2007 : Debug: rlm_eap: Request is supposed to be proxied to Realm DEFAULT. Not doing EAP. Fri Sep 21 15:28:44 2007 : Debug: modsingle[authorize]: returned from eap (rlm_eap) for request 3 Fri Sep 21 15:28:44 2007 : Debug: modcall[authorize]: module "eap" returns noop for request 3 Fri Sep 21 15:28:44 2007 : Debug: modsingle[authorize]: calling files (rlm_files) for request 3 Fri Sep 21 15:28:44 2007 : Debug: users: Matched entry DEFAULT at line 347 Fri Sep 21 15:28:44 2007 : Debug: modsingle[authorize]: returned from files (rlm_files) for request 3 Fri Sep 21 15:28:44 2007 : Debug: modcall[authorize]: module "files" returns ok for request 3 Fri Sep 21 15:28:44 2007 : Debug: modsingle[authorize]: calling pap (rlm_pap) for request 3 Fri Sep 21 15:28:44 2007 : Debug: modsingle[authorize]: returned from pap (rlm_pap) for request 3 Fri Sep 21 15:28:44 2007 : Debug: modcall[authorize]: module "pap" returns noop for request 3 Fri Sep 21 15:28:44 2007 : Debug: modcall: leaving group authorize (returns updated) for request 3 Fri Sep 21 15:28:44 2007 : Debug: Processing the pre-proxy section of radiusd.conf Fri Sep 21 15:28:44 2007 : Debug: modcall: entering group pre-proxy for request 3 Fri Sep 21 15:28:44 2007 : Debug: modsingle[pre-proxy]: calling files (rlm_files) for request 3 Fri Sep 21 15:28:44 2007 : Debug: preproxy_users: Matched entry DEFAULT at line 34 Fri Sep 21 15:28:44 2007 : Debug: modsingle[pre-proxy]: returned from files (rlm_files) for request 3 Fri Sep 21 15:28:44 2007 : Debug: modcall[pre-proxy]: module "files" returns ok for request 3 Fri Sep 21 15:28:44 2007 : Debug: modsingle[pre-proxy]: calling pre_proxy_log (rlm_detail) for request 3 Fri Sep 21 15:28:44 2007 : Debug: radius_xlat: '/var/log/freeradius/radacct/192.168.240.131/pre-proxy-detail-20070921' Fri Sep 21 15:28:44 2007 : Debug: rlm_detail: /var/log/freeradius/radacct/%{Client-IP-Address}/pre-proxy-detail-%Y%m%d expands to /var/log/freeradius/radacct/192.168.240.131/pre-proxy-detail-20070921 Fri Sep 21 15:28:44 2007 : Debug: modsingle[pre-proxy]: returned from pre_proxy_log (rlm_detail) for request 3 Fri Sep 21 15:28:44 2007 : Debug: modcall[pre-proxy]: module "pre_proxy_log" returns ok for request 3 Fri Sep 21 15:28:44 2007 : Debug: modcall: leaving group pre-proxy (returns ok) for request 3 Fri Sep 21 15:28:44 2007 : Debug: proxy: allocating 1001ad93:1812 3 Sending Access-Request of id 3 to 147.173.1.16 port 1812 NAS-IP-Address := 147.173.1.27 NAS-Port = 50019 NAS-Port-Type = Ethernet User-Name = "cric@domtest.fr" Called-Station-Id = "00-08-A3-72-C9-13" Calling-Station-Id = "00-30-13-C5-96-6D" Service-Type = Framed-User Framed-MTU = 1500 State = 0x7c105a0d72fd6059e842280d66b122d5 EAP-Message = 0x020300061500 Message-Authenticator = 0x00000000000000000000000000000000 Proxy-State = 0x313636 Fri Sep 21 15:28:44 2007 : Debug: Waking up in 6 seconds... rad_recv: Access-Challenge packet from host 147.173.1.16:1812, id=3, length=945 Fri Sep 21 15:28:44 2007 : Debug: proxy: de-allocating 1001ad93:1812 3 Tunnel-Type:0 = VLAN Tunnel-Medium-Type:0 = IEEE-802 Tunnel-Private-Group-Id:0 = "240" EAP-Message = 0x0104035b158000000b512b310b3009060355040613024652310d300b060355040a1304434e5253310d300b06035504031304434e5253301e170d3031303432373035343433365a170d3231303432323035343433365a302b310b3009060355040613024652310d300b060355040a1304434e5253310d300b06035504031304434e525330820122300d06092a864886f70d01010105000382010f003082010a0282010100dd77abf1eafc78b514a1dc776256978c2fb754c24c54a6d47d22477b74a9f7e3ad7c55b214f0485d988f02bd9211b6884fc415f56f585bf789b527eaafa0fca08e88868f9f24b6904e24dc67d04f8f7e562d1b280772b11767 EAP-Message = 0xa00edb424ec37cb425a2f88c04b1a9825d8c8fd4837beeaa9fd7d2dbf65b6ec28110d69aab5d881c36ca0564684b8b9ec0509423fdb628b5af5da4dda6c5d3d8572b3ef8b5bac4d8ff12225f24690762e4344a0877ca30bbecd3ed759068a28c717227de15262c2521842a9e5718817223bd661f0fe3b7bd17da12ba1954f41c2d8f715233b1b628b67a68cb9a4d5238fa488cc14b89968fc6175bcbb90e0e815c1ac7343957bd0203010001a3819230818f300c0603551d13040530030101ff301d0603551d0e0416041456eb68b9d25c7e98b5a553c3916f6358c4f96bb730530603551d23044c304a801456eb68b9d25c7e98b5a553c3916f6358c4 EAP-Message = 0xf96bb7a12fa42d302b310b3009060355040613024652310d300b060355040a1304434e5253310d300b06035504031304434e5253820100300b0603551d0f040403020106300d06092a864886f70d0101040500038201010038d7c329bc7a77a25e164749865ed019386ade810802b9a7a002a688b80de24935cee6aaa234d2f9a384379a15e9592bb7bdcc11ae29218f8f9139fa9d77e2e839eaec2ed6ca4847224c65b1d3b66f581b342e8a109d128474a4795257005314c898de816ec50b75a75ae7d335084588f5845098f0073ec5863e2e095aa2dcb6a06b7b37ab9f03706eddf59cc00e05ecb5845b23b489211088adfb2d08e400131c55b38f77 EAP-Message = 0xbe20acdc011c797c670c5a5f4fb99489beab9a2c12b1a863c6628003fd4c7095bdc6e805dacbbe09a61fe96dd2852e43d31f1a5c76fe13766160f964d45878bf7fefe573a343da2a7f77db347972d98ee5a5ed52d0c4464c5f1baa16030100040e000000 Message-Authenticator = 0x98864ce4522124c06b931b1683c85bc6 State = 0x17608d1b6e525ff757f71cdac81ca0b3 Proxy-State = 0x313636 Fri Sep 21 15:28:44 2007 : Debug: Processing the post-proxy section of radiusd.conf Fri Sep 21 15:28:44 2007 : Debug: modcall: entering group post-proxy for request 3 Fri Sep 21 15:28:44 2007 : Debug: modsingle[post-proxy]: calling post_proxy_log (rlm_detail) for request 3 Fri Sep 21 15:28:44 2007 : Debug: radius_xlat: '/var/log/freeradius/radacct/192.168.240.131/post-proxy-detail-20070921' Fri Sep 21 15:28:44 2007 : Debug: rlm_detail: /var/log/freeradius/radacct/%{Client-IP-Address}/post-proxy-detail-%Y%m%d expands to /var/log/freeradius/radacct/192.168.240.131/post-proxy-detail-20070921 Fri Sep 21 15:28:44 2007 : Debug: modsingle[post-proxy]: returned from post_proxy_log (rlm_detail) for request 3 Fri Sep 21 15:28:44 2007 : Debug: modcall[post-proxy]: module "post_proxy_log" returns ok for request 3 Fri Sep 21 15:28:44 2007 : Debug: modsingle[post-proxy]: calling attr_filter.post-proxy (rlm_attr_filter) for request 3 Fri Sep 21 15:28:44 2007 : Debug: attr_filter: Matched entry DEFAULT at line 106 Fri Sep 21 15:28:44 2007 : Debug: modsingle[post-proxy]: returned from attr_filter.post-proxy (rlm_attr_filter) for request 3 Fri Sep 21 15:28:44 2007 : Debug: modcall[post-proxy]: module "attr_filter.post-proxy" returns updated for request 3 Fri Sep 21 15:28:44 2007 : Debug: modsingle[post-proxy]: calling post_proxy_log_filtre (rlm_detail) for request 3 Fri Sep 21 15:28:44 2007 : Debug: radius_xlat: '/var/log/freeradius/radacct/192.168.240.131/post-proxy-detail-20070921-filtre' Fri Sep 21 15:28:44 2007 : Debug: rlm_detail: /var/log/freeradius/radacct/%{Client-IP-Address}/post-proxy-detail-%Y%m%d-filtre expands to /var/log/freeradius/radacct/192.168.240.131/post-proxy-detail-20070921-filtre Fri Sep 21 15:28:44 2007 : Debug: modsingle[post-proxy]: returned from post_proxy_log_filtre (rlm_detail) for request 3 Fri Sep 21 15:28:44 2007 : Debug: modcall[post-proxy]: module "post_proxy_log_filtre" returns ok for request 3 Fri Sep 21 15:28:44 2007 : Debug: modsingle[post-proxy]: calling eap (rlm_eap) for request 3 Fri Sep 21 15:28:44 2007 : Debug: modsingle[post-proxy]: returned from eap (rlm_eap) for request 3 Fri Sep 21 15:28:44 2007 : Debug: modcall[post-proxy]: module "eap" returns noop for request 3 Fri Sep 21 15:28:44 2007 : Debug: modcall: leaving group post-proxy (returns updated) for request 3 Sending Access-Challenge of id 166 to 192.168.240.131 port 1812 EAP-Message = 0x0104035b158000000b512b310b3009060355040613024652310d300b060355040a1304434e5253310d300b06035504031304434e5253301e170d3031303432373035343433365a170d3231303432323035343433365a302b310b3009060355040613024652310d300b060355040a1304434e5253310d300b06035504031304434e525330820122300d06092a864886f70d01010105000382010f003082010a0282010100dd77abf1eafc78b514a1dc776256978c2fb754c24c54a6d47d22477b74a9f7e3ad7c55b214f0485d988f02bd9211b6884fc415f56f585bf789b527eaafa0fca08e88868f9f24b6904e24dc67d04f8f7e562d1b280772b11767 EAP-Message = 0xa00edb424ec37cb425a2f88c04b1a9825d8c8fd4837beeaa9fd7d2dbf65b6ec28110d69aab5d881c36ca0564684b8b9ec0509423fdb628b5af5da4dda6c5d3d8572b3ef8b5bac4d8ff12225f24690762e4344a0877ca30bbecd3ed759068a28c717227de15262c2521842a9e5718817223bd661f0fe3b7bd17da12ba1954f41c2d8f715233b1b628b67a68cb9a4d5238fa488cc14b89968fc6175bcbb90e0e815c1ac7343957bd0203010001a3819230818f300c0603551d13040530030101ff301d0603551d0e0416041456eb68b9d25c7e98b5a553c3916f6358c4f96bb730530603551d23044c304a801456eb68b9d25c7e98b5a553c3916f6358c4 EAP-Message = 0xf96bb7a12fa42d302b310b3009060355040613024652310d300b060355040a1304434e5253310d300b06035504031304434e5253820100300b0603551d0f040403020106300d06092a864886f70d0101040500038201010038d7c329bc7a77a25e164749865ed019386ade810802b9a7a002a688b80de24935cee6aaa234d2f9a384379a15e9592bb7bdcc11ae29218f8f9139fa9d77e2e839eaec2ed6ca4847224c65b1d3b66f581b342e8a109d128474a4795257005314c898de816ec50b75a75ae7d335084588f5845098f0073ec5863e2e095aa2dcb6a06b7b37ab9f03706eddf59cc00e05ecb5845b23b489211088adfb2d08e400131c55b38f77 EAP-Message = 0xbe20acdc011c797c670c5a5f4fb99489beab9a2c12b1a863c6628003fd4c7095bdc6e805dacbbe09a61fe96dd2852e43d31f1a5c76fe13766160f964d45878bf7fefe573a343da2a7f77db347972d98ee5a5ed52d0c4464c5f1baa16030100040e000000 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x17608d1b6e525ff757f71cdac81ca0b3 Fri Sep 21 15:28:44 2007 : Debug: Finished request 3 Fri Sep 21 15:28:44 2007 : Debug: Going to the next request Fri Sep 21 15:28:44 2007 : Debug: Waking up in 6 seconds... rad_recv: Access-Request packet from host 192.168.240.131:1812, id=167, length=343 NAS-IP-Address = 192.168.240.131 NAS-Port = 50019 NAS-Port-Type = Ethernet User-Name = "cric@domtest.fr" Called-Station-Id = "00-08-A3-72-C9-13" Calling-Station-Id = "00-30-13-C5-96-6D" Service-Type = Framed-User Framed-MTU = 1500 State = 0x17608d1b6e525ff757f71cdac81ca0b3 EAP-Message = 0x020400c81580000000be16030100861000008200808eb257c9e623f89ac49b1db6aff85a76bab4f3a0abbebd0afceffaec893f044bb5fac2d4a8fa6cbb0f322dbdd5b0861bd0cf006a3d5c7ce861a83a9f6c774a033b9880e010a244649f4c32092ce50e65033f0b7bc9da5d86f5610192279cc7748a9b5c68f8aeecaf6047c80d75e90dfb0b045ae0369c7cca908bfcba31dca9d51403010001011603010028a10ab51cf62a079f6309c99cc912090450b8c51c8a4c60aac0ea0384b4f3bafd33e57b4392a76c0a Message-Authenticator = 0xf99b62dac93532f5060f206c1852aa48 Fri Sep 21 15:28:44 2007 : Debug: Processing the authorize section of radiusd.conf Fri Sep 21 15:28:44 2007 : Debug: modcall: entering group authorize for request 4 Fri Sep 21 15:28:44 2007 : Debug: modsingle[authorize]: calling preprocess (rlm_preprocess) for request 4 Fri Sep 21 15:28:44 2007 : Debug: modsingle[authorize]: returned from preprocess (rlm_preprocess) for request 4 Fri Sep 21 15:28:44 2007 : Debug: modcall[authorize]: module "preprocess" returns ok for request 4 Fri Sep 21 15:28:44 2007 : Debug: modsingle[authorize]: calling suffix (rlm_realm) for request 4 Fri Sep 21 15:28:44 2007 : Debug: rlm_realm: Looking up realm "domtest.fr" for User-Name = "cric@domtest.fr" Fri Sep 21 15:28:44 2007 : Debug: rlm_realm: Found realm "DEFAULT" Fri Sep 21 15:28:44 2007 : Debug: rlm_realm: Proxying request from user cric to realm DEFAULT Fri Sep 21 15:28:44 2007 : Debug: rlm_realm: Adding Realm = "DEFAULT" Fri Sep 21 15:28:44 2007 : Debug: rlm_realm: Preparing to proxy authentication request to realm "DEFAULT" Fri Sep 21 15:28:44 2007 : Debug: modsingle[authorize]: returned from suffix (rlm_realm) for request 4 Fri Sep 21 15:28:44 2007 : Debug: modcall[authorize]: module "suffix" returns updated for request 4 Fri Sep 21 15:28:44 2007 : Debug: modsingle[authorize]: calling eap (rlm_eap) for request 4 Fri Sep 21 15:28:44 2007 : Debug: rlm_eap: Request is supposed to be proxied to Realm DEFAULT. Not doing EAP. Fri Sep 21 15:28:44 2007 : Debug: modsingle[authorize]: returned from eap (rlm_eap) for request 4 Fri Sep 21 15:28:44 2007 : Debug: modcall[authorize]: module "eap" returns noop for request 4 Fri Sep 21 15:28:44 2007 : Debug: modsingle[authorize]: calling files (rlm_files) for request 4 Fri Sep 21 15:28:44 2007 : Debug: users: Matched entry DEFAULT at line 347 Fri Sep 21 15:28:44 2007 : Debug: modsingle[authorize]: returned from files (rlm_files) for request 4 Fri Sep 21 15:28:44 2007 : Debug: modcall[authorize]: module "files" returns ok for request 4 Fri Sep 21 15:28:44 2007 : Debug: modsingle[authorize]: calling pap (rlm_pap) for request 4 Fri Sep 21 15:28:44 2007 : Debug: modsingle[authorize]: returned from pap (rlm_pap) for request 4 Fri Sep 21 15:28:44 2007 : Debug: modcall[authorize]: module "pap" returns noop for request 4 Fri Sep 21 15:28:44 2007 : Debug: modcall: leaving group authorize (returns updated) for request 4 Fri Sep 21 15:28:44 2007 : Debug: Processing the pre-proxy section of radiusd.conf Fri Sep 21 15:28:44 2007 : Debug: modcall: entering group pre-proxy for request 4 Fri Sep 21 15:28:44 2007 : Debug: modsingle[pre-proxy]: calling files (rlm_files) for request 4 Fri Sep 21 15:28:44 2007 : Debug: preproxy_users: Matched entry DEFAULT at line 34 Fri Sep 21 15:28:44 2007 : Debug: modsingle[pre-proxy]: returned from files (rlm_files) for request 4 Fri Sep 21 15:28:44 2007 : Debug: modcall[pre-proxy]: module "files" returns ok for request 4 Fri Sep 21 15:28:44 2007 : Debug: modsingle[pre-proxy]: calling pre_proxy_log (rlm_detail) for request 4 Fri Sep 21 15:28:44 2007 : Debug: radius_xlat: '/var/log/freeradius/radacct/192.168.240.131/pre-proxy-detail-20070921' Fri Sep 21 15:28:44 2007 : Debug: rlm_detail: /var/log/freeradius/radacct/%{Client-IP-Address}/pre-proxy-detail-%Y%m%d expands to /var/log/freeradius/radacct/192.168.240.131/pre-proxy-detail-20070921 Fri Sep 21 15:28:44 2007 : Debug: modsingle[pre-proxy]: returned from pre_proxy_log (rlm_detail) for request 4 Fri Sep 21 15:28:44 2007 : Debug: modcall[pre-proxy]: module "pre_proxy_log" returns ok for request 4 Fri Sep 21 15:28:44 2007 : Debug: modcall: leaving group pre-proxy (returns ok) for request 4 Fri Sep 21 15:28:44 2007 : Debug: proxy: allocating 1001ad93:1812 4 Sending Access-Request of id 4 to 147.173.1.16 port 1812 NAS-IP-Address := 147.173.1.27 NAS-Port = 50019 NAS-Port-Type = Ethernet User-Name = "cric@domtest.fr" Called-Station-Id = "00-08-A3-72-C9-13" Calling-Station-Id = "00-30-13-C5-96-6D" Service-Type = Framed-User Framed-MTU = 1500 State = 0x17608d1b6e525ff757f71cdac81ca0b3 EAP-Message = 0x020400c81580000000be16030100861000008200808eb257c9e623f89ac49b1db6aff85a76bab4f3a0abbebd0afceffaec893f044bb5fac2d4a8fa6cbb0f322dbdd5b0861bd0cf006a3d5c7ce861a83a9f6c774a033b9880e010a244649f4c32092ce50e65033f0b7bc9da5d86f5610192279cc7748a9b5c68f8aeecaf6047c80d75e90dfb0b045ae0369c7cca908bfcba31dca9d51403010001011603010028a10ab51cf62a079f6309c99cc912090450b8c51c8a4c60aac0ea0384b4f3bafd33e57b4392a76c0a Message-Authenticator = 0x00000000000000000000000000000000 Proxy-State = 0x313637 Fri Sep 21 15:28:44 2007 : Debug: Waking up in 6 seconds... rad_recv: Access-Challenge packet from host 147.173.1.16:1812, id=4, length=141 Fri Sep 21 15:28:44 2007 : Debug: proxy: de-allocating 1001ad93:1812 4 Tunnel-Type:0 = VLAN Tunnel-Medium-Type:0 = IEEE-802 Tunnel-Private-Group-Id:0 = "240" EAP-Message = 0x0105003d15800000003314030100010116030100280a14c422626da1f96444e9926f72447f17ffa43c438146e21d523591f479f33b728ec5376178d311 Message-Authenticator = 0x3050ddc0fd6004ed4566084cfc2b8287 State = 0x612ef8d05f89f064c5a084bc9b2b7555 Proxy-State = 0x313637 Fri Sep 21 15:28:44 2007 : Debug: Processing the post-proxy section of radiusd.conf Fri Sep 21 15:28:44 2007 : Debug: modcall: entering group post-proxy for request 4 Fri Sep 21 15:28:44 2007 : Debug: modsingle[post-proxy]: calling post_proxy_log (rlm_detail) for request 4 Fri Sep 21 15:28:44 2007 : Debug: radius_xlat: '/var/log/freeradius/radacct/192.168.240.131/post-proxy-detail-20070921' Fri Sep 21 15:28:44 2007 : Debug: rlm_detail: /var/log/freeradius/radacct/%{Client-IP-Address}/post-proxy-detail-%Y%m%d expands to /var/log/freeradius/radacct/192.168.240.131/post-proxy-detail-20070921 Fri Sep 21 15:28:44 2007 : Debug: modsingle[post-proxy]: returned from post_proxy_log (rlm_detail) for request 4 Fri Sep 21 15:28:44 2007 : Debug: modcall[post-proxy]: module "post_proxy_log" returns ok for request 4 Fri Sep 21 15:28:44 2007 : Debug: modsingle[post-proxy]: calling attr_filter.post-proxy (rlm_attr_filter) for request 4 Fri Sep 21 15:28:44 2007 : Debug: attr_filter: Matched entry DEFAULT at line 106 Fri Sep 21 15:28:44 2007 : Debug: modsingle[post-proxy]: returned from attr_filter.post-proxy (rlm_attr_filter) for request 4 Fri Sep 21 15:28:44 2007 : Debug: modcall[post-proxy]: module "attr_filter.post-proxy" returns updated for request 4 Fri Sep 21 15:28:44 2007 : Debug: modsingle[post-proxy]: calling post_proxy_log_filtre (rlm_detail) for request 4 Fri Sep 21 15:28:44 2007 : Debug: radius_xlat: '/var/log/freeradius/radacct/192.168.240.131/post-proxy-detail-20070921-filtre' Fri Sep 21 15:28:44 2007 : Debug: rlm_detail: /var/log/freeradius/radacct/%{Client-IP-Address}/post-proxy-detail-%Y%m%d-filtre expands to /var/log/freeradius/radacct/192.168.240.131/post-proxy-detail-20070921-filtre Fri Sep 21 15:28:44 2007 : Debug: modsingle[post-proxy]: returned from post_proxy_log_filtre (rlm_detail) for request 4 Fri Sep 21 15:28:44 2007 : Debug: modcall[post-proxy]: module "post_proxy_log_filtre" returns ok for request 4 Fri Sep 21 15:28:44 2007 : Debug: modsingle[post-proxy]: calling eap (rlm_eap) for request 4 Fri Sep 21 15:28:44 2007 : Debug: modsingle[post-proxy]: returned from eap (rlm_eap) for request 4 Fri Sep 21 15:28:44 2007 : Debug: modcall[post-proxy]: module "eap" returns noop for request 4 Fri Sep 21 15:28:44 2007 : Debug: modcall: leaving group post-proxy (returns updated) for request 4 Sending Access-Challenge of id 167 to 192.168.240.131 port 1812 EAP-Message = 0x0105003d15800000003314030100010116030100280a14c422626da1f96444e9926f72447f17ffa43c438146e21d523591f479f33b728ec5376178d311 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x612ef8d05f89f064c5a084bc9b2b7555 Fri Sep 21 15:28:44 2007 : Debug: Finished request 4 Fri Sep 21 15:28:44 2007 : Debug: Going to the next request Fri Sep 21 15:28:44 2007 : Debug: Waking up in 6 seconds... rad_recv: Access-Request packet from host 192.168.240.131:1812, id=168, length=222 NAS-IP-Address = 192.168.240.131 NAS-Port = 50019 NAS-Port-Type = Ethernet User-Name = "cric@domtest.fr" Called-Station-Id = "00-08-A3-72-C9-13" Calling-Station-Id = "00-30-13-C5-96-6D" Service-Type = Framed-User Framed-MTU = 1500 State = 0x612ef8d05f89f064c5a084bc9b2b7555 EAP-Message = 0x0205004f15800000004517030100405499a7cc67aeca0d68bf13c03a06b05786bd92a0b64eab76817f1c9f564bbb375b3f8d274c318941f87e4dff4c3078f791f47f122ce4d70968cc6492933542fc Message-Authenticator = 0xe43cac24799790c228add73bb739ec5e Fri Sep 21 15:28:44 2007 : Debug: Processing the authorize section of radiusd.conf Fri Sep 21 15:28:44 2007 : Debug: modcall: entering group authorize for request 5 Fri Sep 21 15:28:44 2007 : Debug: modsingle[authorize]: calling preprocess (rlm_preprocess) for request 5 Fri Sep 21 15:28:44 2007 : Debug: modsingle[authorize]: returned from preprocess (rlm_preprocess) for request 5 Fri Sep 21 15:28:44 2007 : Debug: modcall[authorize]: module "preprocess" returns ok for request 5 Fri Sep 21 15:28:44 2007 : Debug: modsingle[authorize]: calling suffix (rlm_realm) for request 5 Fri Sep 21 15:28:44 2007 : Debug: rlm_realm: Looking up realm "domtest.fr" for User-Name = "cric@domtest.fr" Fri Sep 21 15:28:44 2007 : Debug: rlm_realm: Found realm "DEFAULT" Fri Sep 21 15:28:44 2007 : Debug: rlm_realm: Proxying request from user cric to realm DEFAULT Fri Sep 21 15:28:44 2007 : Debug: rlm_realm: Adding Realm = "DEFAULT" Fri Sep 21 15:28:44 2007 : Debug: rlm_realm: Preparing to proxy authentication request to realm "DEFAULT" Fri Sep 21 15:28:44 2007 : Debug: modsingle[authorize]: returned from suffix (rlm_realm) for request 5 Fri Sep 21 15:28:44 2007 : Debug: modcall[authorize]: module "suffix" returns updated for request 5 Fri Sep 21 15:28:44 2007 : Debug: modsingle[authorize]: calling eap (rlm_eap) for request 5 Fri Sep 21 15:28:44 2007 : Debug: rlm_eap: Request is supposed to be proxied to Realm DEFAULT. Not doing EAP. Fri Sep 21 15:28:44 2007 : Debug: modsingle[authorize]: returned from eap (rlm_eap) for request 5 Fri Sep 21 15:28:44 2007 : Debug: modcall[authorize]: module "eap" returns noop for request 5 Fri Sep 21 15:28:44 2007 : Debug: modsingle[authorize]: calling files (rlm_files) for request 5 Fri Sep 21 15:28:44 2007 : Debug: users: Matched entry DEFAULT at line 347 Fri Sep 21 15:28:44 2007 : Debug: modsingle[authorize]: returned from files (rlm_files) for request 5 Fri Sep 21 15:28:44 2007 : Debug: modcall[authorize]: module "files" returns ok for request 5 Fri Sep 21 15:28:44 2007 : Debug: modsingle[authorize]: calling pap (rlm_pap) for request 5 Fri Sep 21 15:28:44 2007 : Debug: modsingle[authorize]: returned from pap (rlm_pap) for request 5 Fri Sep 21 15:28:44 2007 : Debug: modcall[authorize]: module "pap" returns noop for request 5 Fri Sep 21 15:28:44 2007 : Debug: modcall: leaving group authorize (returns updated) for request 5 Fri Sep 21 15:28:44 2007 : Debug: Processing the pre-proxy section of radiusd.conf Fri Sep 21 15:28:44 2007 : Debug: modcall: entering group pre-proxy for request 5 Fri Sep 21 15:28:44 2007 : Debug: modsingle[pre-proxy]: calling files (rlm_files) for request 5 Fri Sep 21 15:28:44 2007 : Debug: preproxy_users: Matched entry DEFAULT at line 34 Fri Sep 21 15:28:44 2007 : Debug: modsingle[pre-proxy]: returned from files (rlm_files) for request 5 Fri Sep 21 15:28:44 2007 : Debug: modcall[pre-proxy]: module "files" returns ok for request 5 Fri Sep 21 15:28:44 2007 : Debug: modsingle[pre-proxy]: calling pre_proxy_log (rlm_detail) for request 5 Fri Sep 21 15:28:44 2007 : Debug: radius_xlat: '/var/log/freeradius/radacct/192.168.240.131/pre-proxy-detail-20070921' Fri Sep 21 15:28:44 2007 : Debug: rlm_detail: /var/log/freeradius/radacct/%{Client-IP-Address}/pre-proxy-detail-%Y%m%d expands to /var/log/freeradius/radacct/192.168.240.131/pre-proxy-detail-20070921 Fri Sep 21 15:28:44 2007 : Debug: modsingle[pre-proxy]: returned from pre_proxy_log (rlm_detail) for request 5 Fri Sep 21 15:28:44 2007 : Debug: modcall[pre-proxy]: module "pre_proxy_log" returns ok for request 5 Fri Sep 21 15:28:44 2007 : Debug: modcall: leaving group pre-proxy (returns ok) for request 5 Fri Sep 21 15:28:44 2007 : Debug: proxy: allocating 1001ad93:1812 5 Sending Access-Request of id 5 to 147.173.1.16 port 1812 NAS-IP-Address := 147.173.1.27 NAS-Port = 50019 NAS-Port-Type = Ethernet User-Name = "cric@domtest.fr" Called-Station-Id = "00-08-A3-72-C9-13" Calling-Station-Id = "00-30-13-C5-96-6D" Service-Type = Framed-User Framed-MTU = 1500 State = 0x612ef8d05f89f064c5a084bc9b2b7555 EAP-Message = 0x0205004f15800000004517030100405499a7cc67aeca0d68bf13c03a06b05786bd92a0b64eab76817f1c9f564bbb375b3f8d274c318941f87e4dff4c3078f791f47f122ce4d70968cc6492933542fc Message-Authenticator = 0x00000000000000000000000000000000 Proxy-State = 0x313638 Fri Sep 21 15:28:44 2007 : Debug: Waking up in 6 seconds... rad_recv: Access-Accept packet from host 147.173.1.16:1812, id=5, length=223 Fri Sep 21 15:28:44 2007 : Debug: proxy: de-allocating 1001ad93:1812 5 Tunnel-Type:0 = VLAN Tunnel-Medium-Type:0 = IEEE-802 Tunnel-Private-Group-Id:0 = "240" Tunnel-Type:0 = VLAN Tunnel-Medium-Type:0 = IEEE-802 Tunnel-Private-Group-Id:0 = "240" MS-MPPE-Recv-Key = 0xbc0d79532d4d8f0c216d01b6dbdad4323566112f97ee885733f5f94c5aed1606 MS-MPPE-Send-Key = 0x6488759225263c157f93daa636d1c5893d0338e45d814e22022f8c6ea837e70f EAP-Message = 0x03050004 Message-Authenticator = 0xde5714f935c59cf8cedef79bc2f20c91 User-Name = "cric" Framed-IP-Address = 255.255.255.254 Framed-MTU = 576 Service-Type = Framed-User Proxy-State = 0x313638 Fri Sep 21 15:28:44 2007 : Debug: Processing the post-proxy section of radiusd.conf Fri Sep 21 15:28:44 2007 : Debug: modcall: entering group post-proxy for request 5 Fri Sep 21 15:28:44 2007 : Debug: modsingle[post-proxy]: calling post_proxy_log (rlm_detail) for request 5 Fri Sep 21 15:28:44 2007 : Debug: radius_xlat: '/var/log/freeradius/radacct/192.168.240.131/post-proxy-detail-20070921' Fri Sep 21 15:28:44 2007 : Debug: rlm_detail: /var/log/freeradius/radacct/%{Client-IP-Address}/post-proxy-detail-%Y%m%d expands to /var/log/freeradius/radacct/192.168.240.131/post-proxy-detail-20070921 Fri Sep 21 15:28:44 2007 : Debug: modsingle[post-proxy]: returned from post_proxy_log (rlm_detail) for request 5 Fri Sep 21 15:28:44 2007 : Debug: modcall[post-proxy]: module "post_proxy_log" returns ok for request 5 Fri Sep 21 15:28:44 2007 : Debug: modsingle[post-proxy]: calling attr_filter.post-proxy (rlm_attr_filter) for request 5 Fri Sep 21 15:28:44 2007 : Debug: attr_filter: Matched entry DEFAULT at line 106 Fri Sep 21 15:28:44 2007 : Debug: modsingle[post-proxy]: returned from attr_filter.post-proxy (rlm_attr_filter) for request 5 Fri Sep 21 15:28:44 2007 : Debug: modcall[post-proxy]: module "attr_filter.post-proxy" returns updated for request 5 Fri Sep 21 15:28:44 2007 : Debug: modsingle[post-proxy]: calling post_proxy_log_filtre (rlm_detail) for request 5 Fri Sep 21 15:28:44 2007 : Debug: radius_xlat: '/var/log/freeradius/radacct/192.168.240.131/post-proxy-detail-20070921-filtre' Fri Sep 21 15:28:44 2007 : Debug: rlm_detail: /var/log/freeradius/radacct/%{Client-IP-Address}/post-proxy-detail-%Y%m%d-filtre expands to /var/log/freeradius/radacct/192.168.240.131/post-proxy-detail-20070921-filtre Fri Sep 21 15:28:44 2007 : Debug: modsingle[post-proxy]: returned from post_proxy_log_filtre (rlm_detail) for request 5 Fri Sep 21 15:28:44 2007 : Debug: modcall[post-proxy]: module "post_proxy_log_filtre" returns ok for request 5 Fri Sep 21 15:28:44 2007 : Debug: modsingle[post-proxy]: calling eap (rlm_eap) for request 5 Fri Sep 21 15:28:44 2007 : Debug: modsingle[post-proxy]: returned from eap (rlm_eap) for request 5 Fri Sep 21 15:28:44 2007 : Debug: modcall[post-proxy]: module "eap" returns noop for request 5 Fri Sep 21 15:28:44 2007 : Debug: modcall: leaving group post-proxy (returns updated) for request 5 Fri Sep 21 15:28:44 2007 : Debug: Processing the authorize section of radiusd.conf Fri Sep 21 15:28:44 2007 : Debug: modcall: entering group authorize for request 5 Fri Sep 21 15:28:44 2007 : Debug: modsingle[authorize]: calling preprocess (rlm_preprocess) for request 5 Fri Sep 21 15:28:44 2007 : Debug: modsingle[authorize]: returned from preprocess (rlm_preprocess) for request 5 Fri Sep 21 15:28:44 2007 : Debug: modcall[authorize]: module "preprocess" returns ok for request 5 Fri Sep 21 15:28:44 2007 : Debug: modsingle[authorize]: calling suffix (rlm_realm) for request 5 Fri Sep 21 15:28:44 2007 : Debug: rlm_realm: Proxy reply, or no User-Name. Ignoring. Fri Sep 21 15:28:44 2007 : Debug: modsingle[authorize]: returned from suffix (rlm_realm) for request 5 Fri Sep 21 15:28:44 2007 : Debug: modcall[authorize]: module "suffix" returns noop for request 5 Fri Sep 21 15:28:44 2007 : Debug: modsingle[authorize]: calling eap (rlm_eap) for request 5 Fri Sep 21 15:28:44 2007 : Debug: modsingle[authorize]: returned from eap (rlm_eap) for request 5 Fri Sep 21 15:28:44 2007 : Debug: modcall[authorize]: module "eap" returns noop for request 5 Fri Sep 21 15:28:44 2007 : Debug: modsingle[authorize]: calling files (rlm_files) for request 5 Fri Sep 21 15:28:44 2007 : Debug: users: Matched entry DEFAULT at line 347 Fri Sep 21 15:28:44 2007 : Debug: modsingle[authorize]: returned from files (rlm_files) for request 5 Fri Sep 21 15:28:44 2007 : Debug: modcall[authorize]: module "files" returns ok for request 5 Fri Sep 21 15:28:44 2007 : Debug: modsingle[authorize]: calling pap (rlm_pap) for request 5 Fri Sep 21 15:28:44 2007 : Debug: modsingle[authorize]: returned from pap (rlm_pap) for request 5 Fri Sep 21 15:28:44 2007 : Debug: modcall[authorize]: module "pap" returns noop for request 5 Fri Sep 21 15:28:44 2007 : Debug: modcall: leaving group authorize (returns ok) for request 5 Fri Sep 21 15:28:44 2007 : Debug: rad_check_password: Found Auth-Type Fri Sep 21 15:28:44 2007 : Debug: rad_check_password: Auth-Type = Accept, accepting the user Fri Sep 21 15:28:44 2007 : Auth: Login OK: [cric@domtest.fr] (from client switch port 50019 cli 00-30-13-C5-96-6D) Sending Access-Accept of id 168 to 192.168.240.131 port 1812 EAP-Message = 0x03050004 Message-Authenticator = 0x00000000000000000000000000000000 Framed-IP-Address = 255.255.255.254 Framed-MTU = 576 Service-Type = Framed-User Tunnel-Type:0 = VLAN Tunnel-Medium-Type:0 = IEEE-802 Tunnel-Private-Group-Id:0 = "245" Fri Sep 21 15:28:44 2007 : Debug: Finished request 5 Fri Sep 21 15:28:44 2007 : Debug: Going to the next request Fri Sep 21 15:28:44 2007 : Debug: Waking up in 6 seconds... rad_recv: Accounting-Request packet from host 192.168.240.131:1813, id=168, length=171 NAS-IP-Address = 192.168.240.131 NAS-Port = 50019 NAS-Port-Type = Ethernet User-Name = "cric@domtest.fr" Called-Station-Id = "00-08-A3-72-C9-13" Calling-Station-Id = "00-30-13-C5-96-6D" Acct-Status-Type = Start Acct-Authentic = RADIUS Acct-Session-Id = "192.168.240.131 cric@domtest.fr 09/21/07 13:28:44 00000030" Acct-Delay-Time = 0 Fri Sep 21 15:28:44 2007 : Debug: Processing the preacct section of radiusd.conf Fri Sep 21 15:28:44 2007 : Debug: modcall: entering group preacct for request 6 Fri Sep 21 15:28:44 2007 : Debug: modsingle[preacct]: calling preprocess (rlm_preprocess) for request 6 Fri Sep 21 15:28:44 2007 : Debug: modsingle[preacct]: returned from preprocess (rlm_preprocess) for request 6 Fri Sep 21 15:28:44 2007 : Debug: modcall[preacct]: module "preprocess" returns noop for request 6 Fri Sep 21 15:28:44 2007 : Debug: modsingle[preacct]: calling acct_unique (rlm_acct_unique) for request 6 Fri Sep 21 15:28:44 2007 : Debug: rlm_acct_unique: Hashing 'NAS-Port = 50019,Client-IP-Address = 192.168.240.131,NAS-IP-Address = 192.168.240.131,Acct-Session-Id = "192.168.240.131 cric@domtest.fr 09/21/07 13:28:44 00000030",User-Name = "cric@domtest.fr"' Fri Sep 21 15:28:44 2007 : Debug: rlm_acct_unique: Acct-Unique-Session-ID = "a437489d1e29a23a". Fri Sep 21 15:28:44 2007 : Debug: modsingle[preacct]: returned from acct_unique (rlm_acct_unique) for request 6 Fri Sep 21 15:28:44 2007 : Debug: modcall[preacct]: module "acct_unique" returns ok for request 6 Fri Sep 21 15:28:44 2007 : Debug: modsingle[preacct]: calling suffix (rlm_realm) for request 6 Fri Sep 21 15:28:44 2007 : Debug: rlm_realm: Looking up realm "domtest.fr" for User-Name = "cric@domtest.fr" Fri Sep 21 15:28:44 2007 : Debug: rlm_realm: Found realm "DEFAULT" Fri Sep 21 15:28:44 2007 : Debug: rlm_realm: Proxying request from user cric to realm DEFAULT Fri Sep 21 15:28:44 2007 : Debug: rlm_realm: Adding Realm = "DEFAULT" Fri Sep 21 15:28:44 2007 : Debug: rlm_realm: Preparing to proxy accounting request to realm "DEFAULT" Fri Sep 21 15:28:44 2007 : Debug: modsingle[preacct]: returned from suffix (rlm_realm) for request 6 Fri Sep 21 15:28:44 2007 : Debug: modcall[preacct]: module "suffix" returns updated for request 6 Fri Sep 21 15:28:44 2007 : Debug: modsingle[preacct]: calling files (rlm_files) for request 6 Fri Sep 21 15:28:44 2007 : Debug: modsingle[preacct]: returned from files (rlm_files) for request 6 Fri Sep 21 15:28:44 2007 : Debug: modcall[preacct]: module "files" returns noop for request 6 Fri Sep 21 15:28:44 2007 : Debug: modcall: leaving group preacct (returns updated) for request 6 Fri Sep 21 15:28:44 2007 : Debug: Processing the accounting section of radiusd.conf Fri Sep 21 15:28:44 2007 : Debug: modcall: entering group accounting for request 6 Fri Sep 21 15:28:44 2007 : Debug: modsingle[accounting]: calling detail (rlm_detail) for request 6 Fri Sep 21 15:28:44 2007 : Debug: radius_xlat: '/var/log/freeradius/radacct/192.168.240.131/detail-20070921' Fri Sep 21 15:28:44 2007 : Debug: rlm_detail: /var/log/freeradius/radacct/%{Client-IP-Address}/detail-%Y%m%d expands to /var/log/freeradius/radacct/192.168.240.131/detail-20070921 Fri Sep 21 15:28:44 2007 : Debug: rlm_detail: Freeradius-Proxied-To set to 147.173.1.16 Fri Sep 21 15:28:44 2007 : Debug: modsingle[accounting]: returned from detail (rlm_detail) for request 6 Fri Sep 21 15:28:44 2007 : Debug: modcall[accounting]: module "detail" returns ok for request 6 Fri Sep 21 15:28:44 2007 : Debug: modsingle[accounting]: calling unix (rlm_unix) for request 6 Fri Sep 21 15:28:44 2007 : Debug: modsingle[accounting]: returned from unix (rlm_unix) for request 6 Fri Sep 21 15:28:44 2007 : Debug: modcall[accounting]: module "unix" returns ok for request 6 Fri Sep 21 15:28:44 2007 : Debug: modsingle[accounting]: calling radutmp (rlm_radutmp) for request 6 Fri Sep 21 15:28:44 2007 : Debug: radius_xlat: '/var/log/freeradius/radutmp' Fri Sep 21 15:28:44 2007 : Debug: radius_xlat: 'cric@domtest.fr' Fri Sep 21 15:28:44 2007 : Debug: modsingle[accounting]: returned from radutmp (rlm_radutmp) for request 6 Fri Sep 21 15:28:44 2007 : Debug: modcall[accounting]: module "radutmp" returns ok for request 6 Fri Sep 21 15:28:44 2007 : Debug: modsingle[accounting]: calling sql (rlm_sql) for request 6 Fri Sep 21 15:28:44 2007 : Debug: radius_xlat: 'cric@domtest.fr' Fri Sep 21 15:28:44 2007 : Debug: rlm_sql (sql): sql_set_user escaped user --> 'cric@domtest.fr' Fri Sep 21 15:28:44 2007 : Debug: radius_xlat: 'INSERT into radacct (AcctSessionId, AcctUniqueId, UserName, Realm, NASIPAddress, NASPortId, NASPortType, AcctStartTime, AcctStopTime, AcctSessionTime, AcctAuthentic, ConnectInfo_start, ConnectInfo_stop, AcctInputOctets, AcctOutputOctets, CalledStationId, CallingStationId, AcctTerminateCause, ServiceType, FramedProtocol, FramedIPAddress, AcctStartDelay, AcctStopDelay) values('192.168.240.131 cric@domtest.fr 09/21/07 13:28:44 00000030', 'a437489d1e29a23a', 'cric@domtest.fr', 'DEFAULT', '192.168.240.131', '50019', 'Ethernet', '2007-09-21 15:28:44', '0', '0', 'RADIUS', '', '', '0', '0', '00-08-A3-72-C9-13', '00-30-13-C5-96-6D', '', '', '', '', '0', '0')' Fri Sep 21 15:28:44 2007 : Debug: radius_xlat: '/var/log/freeradius/sqltrace.sql' Fri Sep 21 15:28:44 2007 : Debug: rlm_sql (sql): Reserving sql socket id: 4 Fri Sep 21 15:28:44 2007 : Debug: rlm_sql_mysql: query: INSERT into radacct (AcctSessionId, AcctUniqueId, UserName, Realm, NASIPAddress, NASPortId, NASPortType, AcctStartTime, AcctStopTime, AcctSessionTime, AcctAuthentic, ConnectInfo_start, ConnectInfo_stop, AcctInputOctets, AcctOutputOctets, CalledStationId, CallingStationId, AcctTerminateCause, ServiceType, FramedProtocol, FramedIPAddress, AcctStartDelay, AcctStopDelay) values('192.168.240.131 cric@domtest.fr 09/21/07 13:28:44 00000030', 'a437489d1e29a23a', 'cric@domtest.fr', 'DEFAULT', '192.168.240.131', '50019', 'Ethernet', '2007-09-21 15:28:44', '0', '0', 'RADIUS', '', '', '0', '0', '00-08-A3-72-C9-13', '00-30-13-C5-96-6D', '', '', '', '', '0', '0') Fri Sep 21 15:28:44 2007 : Debug: rlm_sql (sql): Released sql socket id: 4 Fri Sep 21 15:28:44 2007 : Debug: modsingle[accounting]: returned from sql (rlm_sql) for request 6 Fri Sep 21 15:28:44 2007 : Debug: modcall[accounting]: module "sql" returns ok for request 6 Fri Sep 21 15:28:44 2007 : Debug: modsingle[accounting]: calling attr_filter.accounting_response (rlm_attr_filter) for request 6 Fri Sep 21 15:28:44 2007 : Debug: attr_filter: Matched entry DEFAULT at line 12 Fri Sep 21 15:28:44 2007 : Debug: modsingle[accounting]: returned from attr_filter.accounting_response (rlm_attr_filter) for request 6 Fri Sep 21 15:28:44 2007 : Debug: modcall[accounting]: module "attr_filter.accounting_response" returns updated for request 6 Fri Sep 21 15:28:44 2007 : Debug: modcall: leaving group accounting (returns updated) for request 6 Fri Sep 21 15:28:44 2007 : Debug: Processing the pre-proxy section of radiusd.conf Fri Sep 21 15:28:44 2007 : Debug: modcall: entering group pre-proxy for request 6 Fri Sep 21 15:28:44 2007 : Debug: modsingle[pre-proxy]: calling files (rlm_files) for request 6 Fri Sep 21 15:28:44 2007 : Debug: preproxy_users: Matched entry DEFAULT at line 34 Fri Sep 21 15:28:44 2007 : Debug: modsingle[pre-proxy]: returned from files (rlm_files) for request 6 Fri Sep 21 15:28:44 2007 : Debug: modcall[pre-proxy]: module "files" returns ok for request 6 Fri Sep 21 15:28:44 2007 : Debug: modsingle[pre-proxy]: calling pre_proxy_log (rlm_detail) for request 6 Fri Sep 21 15:28:44 2007 : Debug: radius_xlat: '/var/log/freeradius/radacct//pre-proxy-detail-20070921' Fri Sep 21 15:28:44 2007 : Debug: rlm_detail: /var/log/freeradius/radacct/%{Client-IP-Address}/pre-proxy-detail-%Y%m%d expands to /var/log/freeradius/radacct//pre-proxy-detail-20070921 Fri Sep 21 15:28:44 2007 : Debug: modsingle[pre-proxy]: returned from pre_proxy_log (rlm_detail) for request 6 Fri Sep 21 15:28:44 2007 : Debug: modcall[pre-proxy]: module "pre_proxy_log" returns ok for request 6 Fri Sep 21 15:28:44 2007 : Debug: modcall: leaving group pre-proxy (returns ok) for request 6 Fri Sep 21 15:28:44 2007 : Debug: proxy: creating 1001ad93:1813 Fri Sep 21 15:28:44 2007 : Debug: proxy: allocating 1001ad93:1813 0 Sending Accounting-Request of id 0 to 147.173.1.16 port 1813 Proxy-State = 0x313638 NAS-IP-Address := 147.173.1.27 Fri Sep 21 15:28:44 2007 : Debug: Waking up in 6 seconds... rad_recv: Accounting-Response packet from host 147.173.1.16:1813, id=0, length=25 Fri Sep 21 15:28:44 2007 : Debug: proxy: de-allocating 1001ad93:1813 0 Proxy-State = 0x313638 Fri Sep 21 15:28:44 2007 : Debug: Processing the post-proxy section of radiusd.conf Fri Sep 21 15:28:44 2007 : Debug: modcall: entering group post-proxy for request 6 Fri Sep 21 15:28:44 2007 : Debug: modsingle[post-proxy]: calling post_proxy_log (rlm_detail) for request 6 Fri Sep 21 15:28:44 2007 : Debug: radius_xlat: '/var/log/freeradius/radacct//post-proxy-detail-20070921' Fri Sep 21 15:28:44 2007 : Debug: rlm_detail: /var/log/freeradius/radacct/%{Client-IP-Address}/post-proxy-detail-%Y%m%d expands to /var/log/freeradius/radacct//post-proxy-detail-20070921 Fri Sep 21 15:28:44 2007 : Debug: modsingle[post-proxy]: returned from post_proxy_log (rlm_detail) for request 6 Fri Sep 21 15:28:44 2007 : Debug: modcall[post-proxy]: module "post_proxy_log" returns ok for request 6 Fri Sep 21 15:28:44 2007 : Debug: modsingle[post-proxy]: calling attr_filter.post-proxy (rlm_attr_filter) for request 6 Fri Sep 21 15:28:44 2007 : Debug: attr_filter: Matched entry DEFAULT at line 106 Fri Sep 21 15:28:44 2007 : Debug: modsingle[post-proxy]: returned from attr_filter.post-proxy (rlm_attr_filter) for request 6 Fri Sep 21 15:28:44 2007 : Debug: modcall[post-proxy]: module "attr_filter.post-proxy" returns updated for request 6 Fri Sep 21 15:28:44 2007 : Debug: modsingle[post-proxy]: calling post_proxy_log_filtre (rlm_detail) for request 6 Fri Sep 21 15:28:44 2007 : Debug: radius_xlat: '/var/log/freeradius/radacct//post-proxy-detail-20070921-filtre' Fri Sep 21 15:28:44 2007 : Debug: rlm_detail: /var/log/freeradius/radacct/%{Client-IP-Address}/post-proxy-detail-%Y%m%d-filtre expands to /var/log/freeradius/radacct//post-proxy-detail-20070921-filtre Fri Sep 21 15:28:44 2007 : Debug: modsingle[post-proxy]: returned from post_proxy_log_filtre (rlm_detail) for request 6 Fri Sep 21 15:28:44 2007 : Debug: modcall[post-proxy]: module "post_proxy_log_filtre" returns ok for request 6 Fri Sep 21 15:28:44 2007 : Debug: modsingle[post-proxy]: calling eap (rlm_eap) for request 6 Fri Sep 21 15:28:44 2007 : Debug: modsingle[post-proxy]: returned from eap (rlm_eap) for request 6 Fri Sep 21 15:28:44 2007 : Debug: modcall[post-proxy]: module "eap" returns noop for request 6 Fri Sep 21 15:28:44 2007 : Debug: modcall: leaving group post-proxy (returns updated) for request 6 Sending Accounting-Response of id 168 to 192.168.240.131 port 1813 Fri Sep 21 15:28:44 2007 : Debug: Finished request 6 Fri Sep 21 15:28:44 2007 : Debug: Going to the next request Fri Sep 21 15:28:44 2007 : Debug: Waking up in 6 seconds... Fri Sep 21 15:28:50 2007 : Debug: --- Walking the entire request list --- Fri Sep 21 15:28:50 2007 : Debug: Cleaning up request 0 ID 163 with timestamp 46f3c70c Fri Sep 21 15:28:50 2007 : Debug: Cleaning up request 1 ID 164 with timestamp 46f3c70c Fri Sep 21 15:28:50 2007 : Debug: Cleaning up request 2 ID 165 with timestamp 46f3c70c Fri Sep 21 15:28:50 2007 : Debug: Cleaning up request 3 ID 166 with timestamp 46f3c70c Fri Sep 21 15:28:50 2007 : Debug: Cleaning up request 4 ID 167 with timestamp 46f3c70c Fri Sep 21 15:28:50 2007 : Debug: Cleaning up request 5 ID 168 with timestamp 46f3c70c Fri Sep 21 15:28:50 2007 : Debug: Cleaning up request 6 ID 168 with timestamp 46f3c70c Fri Sep 21 15:28:50 2007 : Debug: Nothing to do. Sleeping until we see a request.
Fri Sep 21 15:39:35 2007 : Info: Starting - reading configuration files ... Fri Sep 21 15:39:35 2007 : Debug: reread_config: reading radiusd.conf Fri Sep 21 15:39:35 2007 : Debug: Config: including file: /etc/freeradius/proxy.conf Fri Sep 21 15:39:35 2007 : Debug: Config: including file: /etc/freeradius/clients.conf Fri Sep 21 15:39:35 2007 : Debug: Config: including file: /etc/freeradius/snmp.conf Fri Sep 21 15:39:35 2007 : Debug: Config: including file: /etc/freeradius/eap.conf Fri Sep 21 15:39:35 2007 : Debug: Config: including file: /etc/freeradius/sql.conf Fri Sep 21 15:39:35 2007 : Debug: main: prefix = "/usr" Fri Sep 21 15:39:35 2007 : Debug: main: localstatedir = "/var" Fri Sep 21 15:39:35 2007 : Debug: main: logdir = "/var/log/freeradius" Fri Sep 21 15:39:35 2007 : Debug: main: libdir = "/usr/lib/freeradius" Fri Sep 21 15:39:35 2007 : Debug: main: radacctdir = "/var/log/freeradius/radacct" Fri Sep 21 15:39:35 2007 : Debug: main: hostname_lookups = no Fri Sep 21 15:39:35 2007 : Debug: main: snmp = no Fri Sep 21 15:39:35 2007 : Debug: main: max_request_time = 30 Fri Sep 21 15:39:35 2007 : Debug: main: cleanup_delay = 5 Fri Sep 21 15:39:35 2007 : Debug: main: max_requests = 1024 Fri Sep 21 15:39:35 2007 : Debug: main: delete_blocked_requests = 0 Fri Sep 21 15:39:35 2007 : Debug: main: port = 1812 Fri Sep 21 15:39:35 2007 : Debug: main: allow_core_dumps = no Fri Sep 21 15:39:35 2007 : Debug: main: log_stripped_names = no Fri Sep 21 15:39:35 2007 : Debug: main: log_file = "/var/log/freeradius/radius.log" Fri Sep 21 15:39:35 2007 : Debug: main: log_auth = yes Fri Sep 21 15:39:35 2007 : Debug: main: log_auth_badpass = no Fri Sep 21 15:39:35 2007 : Debug: main: log_auth_goodpass = no Fri Sep 21 15:39:35 2007 : Debug: main: pidfile = "/var/run/freeradius/freeradius.pid" Fri Sep 21 15:39:35 2007 : Debug: main: user = "freerad" Fri Sep 21 15:39:35 2007 : Debug: main: group = "freerad" Fri Sep 21 15:39:35 2007 : Debug: main: usercollide = no Fri Sep 21 15:39:35 2007 : Debug: main: lower_user = "no" Fri Sep 21 15:39:35 2007 : Debug: main: lower_pass = "no" Fri Sep 21 15:39:35 2007 : Debug: main: nospace_user = "no" Fri Sep 21 15:39:35 2007 : Debug: main: nospace_pass = "no" Fri Sep 21 15:39:35 2007 : Debug: main: checkrad = "/usr/sbin/checkrad" Fri Sep 21 15:39:35 2007 : Debug: main: proxy_requests = yes Fri Sep 21 15:39:35 2007 : Debug: proxy: retry_delay = 5 Fri Sep 21 15:39:35 2007 : Debug: proxy: retry_count = 3 Fri Sep 21 15:39:35 2007 : Debug: proxy: synchronous = no Fri Sep 21 15:39:35 2007 : Debug: proxy: default_fallback = yes Fri Sep 21 15:39:35 2007 : Debug: proxy: dead_time = 120 Fri Sep 21 15:39:35 2007 : Debug: proxy: post_proxy_authorize = yes Fri Sep 21 15:39:35 2007 : Debug: proxy: wake_all_if_all_dead = no Fri Sep 21 15:39:35 2007 : Debug: security: max_attributes = 200 Fri Sep 21 15:39:35 2007 : Debug: security: reject_delay = 1 Fri Sep 21 15:39:35 2007 : Debug: security: status_server = yes Fri Sep 21 15:39:35 2007 : Debug: main: debug_level = 0 Fri Sep 21 15:39:35 2007 : Debug: read_config_files: reading dictionary Fri Sep 21 15:39:35 2007 : Debug: read_config_files: reading naslist Fri Sep 21 15:39:35 2007 : Debug: read_config_files: reading clients Fri Sep 21 15:39:35 2007 : Debug: read_config_files: reading realms Fri Sep 21 15:39:35 2007 : Debug: listen: port = 0 Fri Sep 21 15:39:35 2007 : Debug: listen: type = "auth" Fri Sep 21 15:39:35 2007 : Debug: listen: port = 0 Fri Sep 21 15:39:35 2007 : Debug: listen: type = "acct" Fri Sep 21 15:39:35 2007 : Debug: radiusd: entering modules setup Fri Sep 21 15:39:35 2007 : Debug: Module: Library search path is /usr/lib/freeradius Fri Sep 21 15:39:35 2007 : Debug: Module: Loaded exec Fri Sep 21 15:39:35 2007 : Debug: exec: wait = no Fri Sep 21 15:39:35 2007 : Debug: exec: program = "(null)" Fri Sep 21 15:39:35 2007 : Debug: exec: input_pairs = "request" Fri Sep 21 15:39:35 2007 : Debug: exec: output_pairs = "(null)" Fri Sep 21 15:39:35 2007 : Debug: exec: packet_type = "(null)" Fri Sep 21 15:39:35 2007 : Debug: Module: Instantiated exec (exec) Fri Sep 21 15:39:35 2007 : Debug: Module: Loaded expr Fri Sep 21 15:39:35 2007 : Debug: Module: Instantiated expr (expr) Fri Sep 21 15:39:35 2007 : Debug: Module: Loaded LDAP Fri Sep 21 15:39:35 2007 : Debug: ldap: server = "ldaps://ldap.grenoble.cnrs.fr" Fri Sep 21 15:39:35 2007 : Debug: ldap: port = 389 Fri Sep 21 15:39:35 2007 : Debug: ldap: net_timeout = 1 Fri Sep 21 15:39:35 2007 : Debug: ldap: timeout = 4 Fri Sep 21 15:39:35 2007 : Debug: ldap: timelimit = 3 Fri Sep 21 15:39:35 2007 : Debug: ldap: identity = "cn=rad,dc=grenoble,dc=cnrs,dc=fr" Fri Sep 21 15:39:35 2007 : Debug: ldap: tls_mode = no Fri Sep 21 15:39:35 2007 : Debug: ldap: start_tls = no Fri Sep 21 15:39:35 2007 : Debug: ldap: tls_cacertfile = "(null)" Fri Sep 21 15:39:35 2007 : Debug: ldap: tls_cacertdir = "(null)" Fri Sep 21 15:39:35 2007 : Debug: ldap: tls_certfile = "(null)" Fri Sep 21 15:39:35 2007 : Debug: ldap: tls_keyfile = "(null)" Fri Sep 21 15:39:35 2007 : Debug: ldap: tls_randfile = "(null)" Fri Sep 21 15:39:35 2007 : Debug: ldap: tls_require_cert = "allow" Fri Sep 21 15:39:35 2007 : Debug: ldap: password = "XXXXXXX" Fri Sep 21 15:39:35 2007 : Debug: ldap: basedn = "ou=users,dc=grenoble,dc=cnrs,dc=fr" Fri Sep 21 15:39:35 2007 : Debug: ldap: filter = "(|(|(uid=%{Stripped-User-Name:-%{User-Name}})(mail=%{Stripped-User-Name:-%{User-Name}}))(mail=%{Stripped-User-Name:-%{User-Name}}@grenoble.cnrs.fr))" Fri Sep 21 15:39:35 2007 : Debug: ldap: base_filter = "(objectclass=radiusprofile)" Fri Sep 21 15:39:35 2007 : Debug: ldap: default_profile = "(null)" Fri Sep 21 15:39:35 2007 : Debug: ldap: profile_attribute = "(null)" Fri Sep 21 15:39:35 2007 : Debug: ldap: password_header = "(null)" Fri Sep 21 15:39:35 2007 : Debug: ldap: password_attribute = "(null)" Fri Sep 21 15:39:35 2007 : Debug: ldap: access_attr = "(null)" Fri Sep 21 15:39:35 2007 : Debug: ldap: groupname_attribute = "radiusGroupName" Fri Sep 21 15:39:35 2007 : Debug: ldap: groupmembership_filter = "(|(|(uid=%{Stripped-User-Name:-%{User-Name}})(mail=%{Stripped-User-Name:-%{User-Name}}))(mail=%{Stripped-User-Name:-%{User-Name}}@grenoble.cnrs.fr))" Fri Sep 21 15:39:35 2007 : Debug: ldap: groupmembership_attribute = "radiusGroupName" Fri Sep 21 15:39:35 2007 : Debug: ldap: dictionary_mapping = "/etc/freeradius/ldap.attrmap" Fri Sep 21 15:39:35 2007 : Debug: ldap: ldap_debug = 0 Fri Sep 21 15:39:35 2007 : Debug: ldap: ldap_connections_number = 5 Fri Sep 21 15:39:35 2007 : Debug: ldap: compare_check_items = no Fri Sep 21 15:39:35 2007 : Debug: ldap: access_attr_used_for_allow = yes Fri Sep 21 15:39:35 2007 : Debug: ldap: do_xlat = yes Fri Sep 21 15:39:35 2007 : Debug: ldap: edir_account_policy_check = no Fri Sep 21 15:39:35 2007 : Debug: ldap: set_auth_type = yes Fri Sep 21 15:39:35 2007 : Debug: rlm_ldap: Registering ldap_groupcmp for Ldap-Group Fri Sep 21 15:39:35 2007 : Debug: rlm_ldap: Registering ldap_xlat with xlat_name ldap Fri Sep 21 15:39:35 2007 : Debug: rlm_ldap: reading ldap<->radius mappings from file /etc/freeradius/ldap.attrmap Fri Sep 21 15:39:35 2007 : Debug: rlm_ldap: LDAP radiusCheckItem mapped to RADIUS $GENERIC$ Fri Sep 21 15:39:35 2007 : Debug: rlm_ldap: LDAP radiusReplyItem mapped to RADIUS $GENERIC$ Fri Sep 21 15:39:35 2007 : Debug: rlm_ldap: LDAP radiusAuthType mapped to RADIUS Auth-Type Fri Sep 21 15:39:35 2007 : Debug: rlm_ldap: LDAP radiusSimultaneousUse mapped to RADIUS Simultaneous-Use Fri Sep 21 15:39:35 2007 : Debug: rlm_ldap: LDAP radiusCalledStationId mapped to RADIUS Called-Station-Id Fri Sep 21 15:39:35 2007 : Debug: rlm_ldap: LDAP radiusCallingStationId mapped to RADIUS Calling-Station-Id Fri Sep 21 15:39:35 2007 : Debug: rlm_ldap: LDAP lmPassword mapped to RADIUS LM-Password Fri Sep 21 15:39:35 2007 : Debug: rlm_ldap: LDAP ntPassword mapped to RADIUS NT-Password Fri Sep 21 15:39:35 2007 : Debug: rlm_ldap: LDAP acctFlags mapped to RADIUS SMB-Account-CTRL-TEXT Fri Sep 21 15:39:35 2007 : Debug: rlm_ldap: LDAP radiusExpiration mapped to RADIUS Expiration Fri Sep 21 15:39:35 2007 : Debug: rlm_ldap: LDAP radiusNASIpAddress mapped to RADIUS NAS-IP-Address Fri Sep 21 15:39:35 2007 : Debug: rlm_ldap: LDAP radiusServiceType mapped to RADIUS Service-Type Fri Sep 21 15:39:35 2007 : Debug: rlm_ldap: LDAP radiusFramedProtocol mapped to RADIUS Framed-Protocol Fri Sep 21 15:39:35 2007 : Debug: rlm_ldap: LDAP radiusFramedIPAddress mapped to RADIUS Framed-IP-Address Fri Sep 21 15:39:35 2007 : Debug: rlm_ldap: LDAP radiusFramedIPNetmask mapped to RADIUS Framed-IP-Netmask Fri Sep 21 15:39:35 2007 : Debug: rlm_ldap: LDAP radiusFramedRoute mapped to RADIUS Framed-Route Fri Sep 21 15:39:35 2007 : Debug: rlm_ldap: LDAP radiusFramedRouting mapped to RADIUS Framed-Routing Fri Sep 21 15:39:35 2007 : Debug: rlm_ldap: LDAP radiusFilterId mapped to RADIUS Filter-Id Fri Sep 21 15:39:35 2007 : Debug: rlm_ldap: LDAP radiusFramedMTU mapped to RADIUS Framed-MTU Fri Sep 21 15:39:35 2007 : Debug: rlm_ldap: LDAP radiusFramedCompression mapped to RADIUS Framed-Compression Fri Sep 21 15:39:35 2007 : Debug: rlm_ldap: LDAP radiusLoginIPHost mapped to RADIUS Login-IP-Host Fri Sep 21 15:39:35 2007 : Debug: rlm_ldap: LDAP radiusLoginService mapped to RADIUS Login-Service Fri Sep 21 15:39:35 2007 : Debug: rlm_ldap: LDAP radiusLoginTCPPort mapped to RADIUS Login-TCP-Port Fri Sep 21 15:39:35 2007 : Debug: rlm_ldap: LDAP radiusCallbackNumber mapped to RADIUS Callback-Number Fri Sep 21 15:39:35 2007 : Debug: rlm_ldap: LDAP radiusCallbackId mapped to RADIUS Callback-Id Fri Sep 21 15:39:35 2007 : Debug: rlm_ldap: LDAP radiusFramedIPXNetwork mapped to RADIUS Framed-IPX-Network Fri Sep 21 15:39:35 2007 : Debug: rlm_ldap: LDAP radiusClass mapped to RADIUS Class Fri Sep 21 15:39:35 2007 : Debug: rlm_ldap: LDAP radiusSessionTimeout mapped to RADIUS Session-Timeout Fri Sep 21 15:39:35 2007 : Debug: rlm_ldap: LDAP radiusIdleTimeout mapped to RADIUS Idle-Timeout Fri Sep 21 15:39:35 2007 : Debug: rlm_ldap: LDAP radiusTerminationAction mapped to RADIUS Termination-Action Fri Sep 21 15:39:35 2007 : Debug: rlm_ldap: LDAP radiusLoginLATService mapped to RADIUS Login-LAT-Service Fri Sep 21 15:39:35 2007 : Debug: rlm_ldap: LDAP radiusLoginLATNode mapped to RADIUS Login-LAT-Node Fri Sep 21 15:39:35 2007 : Debug: rlm_ldap: LDAP radiusLoginLATGroup mapped to RADIUS Login-LAT-Group Fri Sep 21 15:39:35 2007 : Debug: rlm_ldap: LDAP radiusFramedAppleTalkLink mapped to RADIUS Framed-AppleTalk-Link Fri Sep 21 15:39:35 2007 : Debug: rlm_ldap: LDAP radiusFramedAppleTalkNetwork mapped to RADIUS Framed-AppleTalk-Network Fri Sep 21 15:39:35 2007 : Debug: rlm_ldap: LDAP radiusFramedAppleTalkZone mapped to RADIUS Framed-AppleTalk-Zone Fri Sep 21 15:39:35 2007 : Debug: rlm_ldap: LDAP radiusPortLimit mapped to RADIUS Port-Limit Fri Sep 21 15:39:35 2007 : Debug: rlm_ldap: LDAP radiusLoginLATPort mapped to RADIUS Login-LAT-Port Fri Sep 21 15:39:35 2007 : Debug: rlm_ldap: LDAP radiusReplyMessage mapped to RADIUS Reply-Message Fri Sep 21 15:39:35 2007 : Debug: conns: 0x5555557bc4c0 Fri Sep 21 15:39:35 2007 : Debug: Module: Instantiated ldap (ldap) Fri Sep 21 15:39:35 2007 : Debug: Module: Loaded eap Fri Sep 21 15:39:35 2007 : Debug: eap: default_eap_type = "ttls" Fri Sep 21 15:39:35 2007 : Debug: eap: timer_expire = 60 Fri Sep 21 15:39:35 2007 : Debug: eap: ignore_unknown_eap_types = yes Fri Sep 21 15:39:35 2007 : Debug: eap: cisco_accounting_username_bug = no Fri Sep 21 15:39:35 2007 : Debug: tls: rsa_key_exchange = no Fri Sep 21 15:39:35 2007 : Debug: tls: dh_key_exchange = yes Fri Sep 21 15:39:35 2007 : Debug: tls: rsa_key_length = 512 Fri Sep 21 15:39:35 2007 : Debug: tls: dh_key_length = 512 Fri Sep 21 15:39:35 2007 : Debug: tls: verify_depth = 0 Fri Sep 21 15:39:35 2007 : Debug: tls: CA_path = "(null)" Fri Sep 21 15:39:35 2007 : Debug: tls: pem_file_type = yes Fri Sep 21 15:39:35 2007 : Debug: tls: private_key_file = "/etc/freeradius/certs/radius.grenoble.cnrs.fr.key" Fri Sep 21 15:39:35 2007 : Debug: tls: certificate_file = "/etc/freeradius/certs/radius.grenoble.cnrs.fr.crt" Fri Sep 21 15:39:35 2007 : Debug: tls: CA_file = "/etc/freeradius/certs/CACNRS.pem" Fri Sep 21 15:39:35 2007 : Debug: tls: private_key_password = "(null)" Fri Sep 21 15:39:35 2007 : Debug: tls: dh_file = "/etc/freeradius/certs/dh" Fri Sep 21 15:39:35 2007 : Debug: tls: random_file = "/etc/freeradius/certs/random" Fri Sep 21 15:39:35 2007 : Debug: tls: fragment_size = 1024 Fri Sep 21 15:39:35 2007 : Debug: tls: include_length = yes Fri Sep 21 15:39:35 2007 : Debug: tls: check_crl = no Fri Sep 21 15:39:35 2007 : Debug: tls: check_cert_cn = "(null)" Fri Sep 21 15:39:35 2007 : Debug: tls: cipher_list = "DEFAULT" Fri Sep 21 15:39:35 2007 : Debug: tls: check_cert_issuer = "(null)" Fri Sep 21 15:39:35 2007 : Info: rlm_eap_tls: Loading the certificate file as a chain Fri Sep 21 15:39:35 2007 : Debug: rlm_eap: Loaded and initialized type tls Fri Sep 21 15:39:35 2007 : Debug: ttls: default_eap_type = "md5" Fri Sep 21 15:39:35 2007 : Debug: ttls: copy_request_to_tunnel = yes Fri Sep 21 15:39:35 2007 : Debug: ttls: use_tunneled_reply = yes Fri Sep 21 15:39:35 2007 : Debug: rlm_eap: Loaded and initialized type ttls Fri Sep 21 15:39:35 2007 : Debug: Module: Instantiated eap (eap) Fri Sep 21 15:39:35 2007 : Debug: Module: Loaded preprocess Fri Sep 21 15:39:35 2007 : Debug: preprocess: huntgroups = "/etc/freeradius/huntgroups" Fri Sep 21 15:39:35 2007 : Debug: preprocess: hints = "/etc/freeradius/hints" Fri Sep 21 15:39:35 2007 : Debug: preprocess: with_ascend_hack = no Fri Sep 21 15:39:35 2007 : Debug: preprocess: ascend_channels_per_line = 23 Fri Sep 21 15:39:35 2007 : Debug: preprocess: with_ntdomain_hack = no Fri Sep 21 15:39:35 2007 : Debug: preprocess: with_specialix_jetstream_hack = no Fri Sep 21 15:39:35 2007 : Debug: preprocess: with_cisco_vsa_hack = no Fri Sep 21 15:39:35 2007 : Debug: preprocess: with_alvarion_vsa_hack = no Fri Sep 21 15:39:35 2007 : Debug: Module: Instantiated preprocess (preprocess) Fri Sep 21 15:39:35 2007 : Debug: Module: Loaded realm Fri Sep 21 15:39:35 2007 : Debug: realm: format = "suffix" Fri Sep 21 15:39:35 2007 : Debug: realm: delimiter = "@" Fri Sep 21 15:39:35 2007 : Debug: realm: ignore_default = no Fri Sep 21 15:39:35 2007 : Debug: realm: ignore_null = no Fri Sep 21 15:39:35 2007 : Debug: Module: Instantiated realm (suffix) Fri Sep 21 15:39:35 2007 : Debug: Module: Loaded files Fri Sep 21 15:39:35 2007 : Debug: files: usersfile = "/etc/freeradius/users" Fri Sep 21 15:39:35 2007 : Debug: files: acctusersfile = "/etc/freeradius/acct_users" Fri Sep 21 15:39:35 2007 : Debug: files: preproxy_usersfile = "/etc/freeradius/preproxy_users" Fri Sep 21 15:39:35 2007 : Debug: files: compat = "no" Fri Sep 21 15:39:35 2007 : Debug: Module: Instantiated files (files) Fri Sep 21 15:39:35 2007 : Debug: Module: Loaded PAP Fri Sep 21 15:39:35 2007 : Debug: pap: encryption_scheme = "crypt" Fri Sep 21 15:39:35 2007 : Debug: pap: auto_header = no Fri Sep 21 15:39:35 2007 : Debug: Module: Instantiated pap (pap) Fri Sep 21 15:39:35 2007 : Debug: Module: Loaded Acct-Unique-Session-Id Fri Sep 21 15:39:35 2007 : Debug: acct_unique: key = "User-Name, Acct-Session-Id, NAS-IP-Address, Client-IP-Address, NAS-Port" Fri Sep 21 15:39:35 2007 : Debug: Module: Instantiated acct_unique (acct_unique) Fri Sep 21 15:39:35 2007 : Debug: Module: Loaded detail Fri Sep 21 15:39:35 2007 : Debug: detail: detailfile = "/var/log/freeradius/radacct/%{Client-IP-Address}/detail-%Y%m%d" Fri Sep 21 15:39:35 2007 : Debug: detail: detailperm = 384 Fri Sep 21 15:39:35 2007 : Debug: detail: dirperm = 493 Fri Sep 21 15:39:35 2007 : Debug: detail: locking = no Fri Sep 21 15:39:35 2007 : Debug: Module: Instantiated detail (detail) Fri Sep 21 15:39:35 2007 : Debug: Module: Loaded System Fri Sep 21 15:39:35 2007 : Debug: unix: cache = no Fri Sep 21 15:39:35 2007 : Debug: unix: passwd = "(null)" Fri Sep 21 15:39:35 2007 : Debug: unix: shadow = "(null)" Fri Sep 21 15:39:35 2007 : Debug: unix: group = "(null)" Fri Sep 21 15:39:35 2007 : Debug: unix: radwtmp = "/var/log/freeradius/radwtmp" Fri Sep 21 15:39:35 2007 : Debug: unix: usegroup = no Fri Sep 21 15:39:35 2007 : Debug: unix: cache_reload = 600 Fri Sep 21 15:39:35 2007 : Debug: Module: Instantiated unix (unix) Fri Sep 21 15:39:35 2007 : Debug: Module: Loaded radutmp Fri Sep 21 15:39:35 2007 : Debug: radutmp: filename = "/var/log/freeradius/radutmp" Fri Sep 21 15:39:35 2007 : Debug: radutmp: username = "%{User-Name}" Fri Sep 21 15:39:35 2007 : Debug: radutmp: case_sensitive = yes Fri Sep 21 15:39:35 2007 : Debug: radutmp: check_with_nas = yes Fri Sep 21 15:39:35 2007 : Debug: radutmp: perm = 384 Fri Sep 21 15:39:35 2007 : Debug: radutmp: callerid = yes Fri Sep 21 15:39:35 2007 : Debug: Module: Instantiated radutmp (radutmp) Fri Sep 21 15:39:35 2007 : Debug: Module: Loaded SQL Fri Sep 21 15:39:35 2007 : Debug: sql: driver = "rlm_sql_mysql" Fri Sep 21 15:39:35 2007 : Debug: sql: server = "localhost" Fri Sep 21 15:39:35 2007 : Debug: sql: port = "" Fri Sep 21 15:39:35 2007 : Debug: sql: login = "AcctRadius" Fri Sep 21 15:39:35 2007 : Debug: sql: password = "AcctRadius" Fri Sep 21 15:39:35 2007 : Debug: sql: radius_db = "accounting" Fri Sep 21 15:39:35 2007 : Debug: sql: nas_table = "nas" Fri Sep 21 15:39:35 2007 : Debug: sql: sqltrace = yes Fri Sep 21 15:39:35 2007 : Debug: sql: sqltracefile = "/var/log/freeradius/sqltrace.sql" Fri Sep 21 15:39:35 2007 : Debug: sql: readclients = no Fri Sep 21 15:39:35 2007 : Debug: sql: deletestalesessions = yes Fri Sep 21 15:39:35 2007 : Debug: sql: num_sql_socks = 5 Fri Sep 21 15:39:35 2007 : Debug: sql: sql_user_name = "%{User-Name}" Fri Sep 21 15:39:35 2007 : Debug: sql: default_user_profile = "" Fri Sep 21 15:39:35 2007 : Debug: sql: query_on_not_found = no Fri Sep 21 15:39:35 2007 : Debug: sql: authorize_check_query = "SELECT id, UserName, Attribute, Value, op FROM radcheck WHERE Username = '%{SQL-User-Name}' ORDER BY id" Fri Sep 21 15:39:35 2007 : Debug: sql: authorize_reply_query = "SELECT id, UserName, Attribute, Value, op FROM radreply WHERE Username = '%{SQL-User-Name}' ORDER BY id" Fri Sep 21 15:39:35 2007 : Debug: sql: authorize_group_check_query = "SELECT id, GroupName, Attribute, Value, op FROM radgroupcheck WHERE GroupName = '%{Sql-Group}' ORDER BY id" Fri Sep 21 15:39:35 2007 : Debug: sql: authorize_group_reply_query = "SELECT id, GroupName, Attribute, Value, op FROM radgroupreply WHERE GroupName = '%{Sql-Group}' ORDER BY id" Fri Sep 21 15:39:35 2007 : Debug: sql: accounting_onoff_query = "UPDATE radacct SET AcctStopTime='%S', AcctSessionTime=unix_timestamp('%S') - unix_timestamp(AcctStartTime), AcctTerminateCause='%{Acct-Terminate-Cause}', AcctStopDelay = %{Acct-Delay-Time:-0} WHERE AcctSessionTime=0 AND AcctStopTime=0 AND NASIPAddress= '%{NAS-IP-Address}' AND AcctStartTime <= '%S'" Fri Sep 21 15:39:35 2007 : Debug: sql: accounting_update_query = "UPDATE radacct SET FramedIPAddress = '%{Framed-IP-Address}', AcctSessionTime = '%{Acct-Session-Time}', AcctInputOctets = '%{Acct-Input-Octets}', AcctOutputOctets = '%{Acct-Output-Octets}' WHERE AcctSessionId = '%{Acct-Session-Id}' AND UserName = '%{SQL-User-Name}' AND NASIPAddress= '%{NAS-IP-Address}'" Fri Sep 21 15:39:35 2007 : Debug: sql: accounting_update_query_alt = "INSERT into radacct (AcctSessionId, AcctUniqueId, UserName, Realm, NASIPAddress, NASPortId, NASPortType, AcctStartTime, AcctSessionTime, AcctAuthentic, ConnectInfo_start, AcctInputOctets, AcctOutputOctets, CalledStationId, CallingStationId, ServiceType, FramedProtocol, FramedIPAddress, AcctStartDelay) values('%{Acct-Session-Id}', '%{Acct-Unique-Session-Id}', '%{SQL-User-Name}', '%{Realm}', '%{NAS-IP-Address}', '%{NAS-Port}', '%{NAS-Port-Type}', DATE_SUB('%S',INTERVAL (%{Acct-Session-Time:-0} + %{Acct-Delay-Time:-0}) SECOND), '%{Acct-Session-Time}', '%{Acct-Authentic}', '', '%{Acct-Input-Octets}', '%{Acct-Output-Octets}', '%{Called-Station-Id}', '%{Calling-Station-Id}', '%{Service-Type}', '%{Framed-Protocol}', '%{Framed-IP-Address}', '0')" Fri Sep 21 15:39:35 2007 : Debug: sql: accounting_start_query = "INSERT into radacct (AcctSessionId, AcctUniqueId, UserName, Realm, NASIPAddress, NASPortId, NASPortType, AcctStartTime, AcctStopTime, AcctSessionTime, AcctAuthentic, ConnectInfo_start, ConnectInfo_stop, AcctInputOctets, AcctOutputOctets, CalledStationId, CallingStationId, AcctTerminateCause, ServiceType, FramedProtocol, FramedIPAddress, AcctStartDelay, AcctStopDelay) values('%{Acct-Session-Id}', '%{Acct-Unique-Session-Id}', '%{SQL-User-Name}', '%{Realm}', '%{NAS-IP-Address}', '%{NAS-Port}', '%{NAS-Port-Type}', '%S', '0', '0', '%{Acct-Authentic}', '%{Connect-Info}', '', '0', '0', '%{Called-Station-Id}', '%{Calling-Station-Id}', '', '%{Service-Type}', '%{Framed-Protocol}', '%{Framed-IP-Address}', '%{Acct-Delay-Time:-0}', '0')" Fri Sep 21 15:39:35 2007 : Debug: sql: accounting_start_query_alt = "UPDATE radacct SET AcctStartTime = '%S', AcctStartDelay = '%{Acct-Delay-Time:-0}', ConnectInfo_start = '%{Connect-Info}' WHERE AcctSessionId = '%{Acct-Session-Id}' AND UserName = '%{SQL-User-Name}' AND NASIPAddress = '%{NAS-IP-Address}'" Fri Sep 21 15:39:35 2007 : Debug: sql: accounting_stop_query = "UPDATE radacct SET AcctStopTime = '%S', AcctSessionTime = '%{Acct-Session-Time}', AcctInputOctets = '%{Acct-Input-Octets}', AcctOutputOctets = '%{Acct-Output-Octets}', AcctTerminateCause = '%{Acct-Terminate-Cause}', AcctStopDelay = '%{Acct-Delay-Time:-0}', ConnectInfo_stop = '%{Connect-Info}' WHERE AcctSessionId = '%{Acct-Session-Id}' AND UserName = '%{SQL-User-Name}' AND NASIPAddress = '%{NAS-IP-Address}'" Fri Sep 21 15:39:35 2007 : Debug: sql: accounting_stop_query_alt = "INSERT into radacct (AcctSessionId, AcctUniqueId, UserName, Realm, NASIPAddress, NASPortId, NASPortType, AcctStartTime, AcctStopTime, AcctSessionTime, AcctAuthentic, ConnectInfo_start, ConnectInfo_stop, AcctInputOctets, AcctOutputOctets, CalledStationId, CallingStationId, AcctTerminateCause, ServiceType, FramedProtocol, FramedIPAddress, AcctStartDelay, AcctStopDelay) values('%{Acct-Session-Id}', '%{Acct-Unique-Session-Id}', '%{SQL-User-Name}', '%{Realm}', '%{NAS-IP-Address}', '%{NAS-Port}', '%{NAS-Port-Type}', DATE_SUB('%S', INTERVAL (%{Acct-Session-Time:-0} + %{Acct-Delay-Time:-0}) SECOND), '%S', '%{Acct-Session-Time}', '%{Acct-Authentic}', '', '%{Connect-Info}', '%{Acct-Input-Octets}', '%{Acct-Output-Octets}', '%{Called-Station-Id}', '%{Calling-Station-Id}', '%{Acct-Terminate-Cause}', '%{Service-Type}', '%{Framed-Protocol}', '%{Framed-IP-Address}', '0', '%{Acct-Delay-Time:-0}')" Fri Sep 21 15:39:35 2007 : Debug: sql: group_membership_query = "SELECT GroupName FROM radusergroup WHERE UserName = '%{SQL-User-Name}' ORDER BY priority" Fri Sep 21 15:39:35 2007 : Debug: sql: connect_failure_retry_delay = 60 Fri Sep 21 15:39:35 2007 : Debug: sql: simul_count_query = "" Fri Sep 21 15:39:35 2007 : Debug: sql: simul_verify_query = "SELECT RadAcctId, AcctSessionId, UserName, NASIPAddress, NASPortId, FramedIPAddress, CallingStationId, FramedProtocol FROM radacct WHERE UserName='%{SQL-User-Name}' AND AcctStopTime = 0" Fri Sep 21 15:39:35 2007 : Debug: sql: postauth_query = "INSERT into radpostauth (id, user, pass, reply, date) values ('', '%{User-Name}', '%{User-Password:-Chap-Password}', '%{reply:Packet-Type}', '%S')" Fri Sep 21 15:39:35 2007 : Debug: sql: safe-characters = "@abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789.-_: /" Fri Sep 21 15:39:35 2007 : Info: rlm_sql (sql): Driver rlm_sql_mysql (module rlm_sql_mysql) loaded and linked Fri Sep 21 15:39:35 2007 : Info: rlm_sql (sql): Attempting to connect to AcctRadius@localhost:/accounting Fri Sep 21 15:39:35 2007 : Debug: rlm_sql (sql): starting 0 Fri Sep 21 15:39:35 2007 : Debug: rlm_sql (sql): Attempting to connect rlm_sql_mysql #0 Fri Sep 21 15:39:35 2007 : Info: rlm_sql_mysql: Starting connect to MySQL server for #0 Fri Sep 21 15:39:35 2007 : Debug: rlm_sql (sql): Connected new DB handle, #0 Fri Sep 21 15:39:35 2007 : Debug: rlm_sql (sql): starting 1 Fri Sep 21 15:39:35 2007 : Debug: rlm_sql (sql): Attempting to connect rlm_sql_mysql #1 Fri Sep 21 15:39:35 2007 : Info: rlm_sql_mysql: Starting connect to MySQL server for #1 Fri Sep 21 15:39:35 2007 : Debug: rlm_sql (sql): Connected new DB handle, #1 Fri Sep 21 15:39:35 2007 : Debug: rlm_sql (sql): starting 2 Fri Sep 21 15:39:35 2007 : Debug: rlm_sql (sql): Attempting to connect rlm_sql_mysql #2 Fri Sep 21 15:39:35 2007 : Info: rlm_sql_mysql: Starting connect to MySQL server for #2 Fri Sep 21 15:39:35 2007 : Debug: rlm_sql (sql): Connected new DB handle, #2 Fri Sep 21 15:39:35 2007 : Debug: rlm_sql (sql): starting 3 Fri Sep 21 15:39:35 2007 : Debug: rlm_sql (sql): Attempting to connect rlm_sql_mysql #3 Fri Sep 21 15:39:35 2007 : Info: rlm_sql_mysql: Starting connect to MySQL server for #3 Fri Sep 21 15:39:35 2007 : Debug: rlm_sql (sql): Connected new DB handle, #3 Fri Sep 21 15:39:35 2007 : Debug: rlm_sql (sql): starting 4 Fri Sep 21 15:39:35 2007 : Debug: rlm_sql (sql): Attempting to connect rlm_sql_mysql #4 Fri Sep 21 15:39:35 2007 : Info: rlm_sql_mysql: Starting connect to MySQL server for #4 Fri Sep 21 15:39:35 2007 : Debug: rlm_sql (sql): Connected new DB handle, #4 Fri Sep 21 15:39:35 2007 : Debug: Module: Instantiated sql (sql) Fri Sep 21 15:39:35 2007 : Debug: Module: Loaded attr_filter Fri Sep 21 15:39:35 2007 : Debug: attr_filter: attrsfile = "/etc/freeradius/attrs.accounting_response" Fri Sep 21 15:39:35 2007 : Error: rlm_attr_filter: Authorize method will be deprecated. Fri Sep 21 15:39:35 2007 : Debug: Module: Instantiated attr_filter (attr_filter.accounting_response) Fri Sep 21 15:39:35 2007 : Debug: detail: detailfile = "/var/log/freeradius/radacct/%{Client-IP-Address}/pre-proxy-detail-%Y%m%d" Fri Sep 21 15:39:35 2007 : Debug: detail: detailperm = 384 Fri Sep 21 15:39:35 2007 : Debug: detail: dirperm = 493 Fri Sep 21 15:39:35 2007 : Debug: detail: locking = no Fri Sep 21 15:39:35 2007 : Debug: Module: Instantiated detail (pre_proxy_log) Fri Sep 21 15:39:35 2007 : Debug: detail: detailfile = "/var/log/freeradius/radacct/%{Client-IP-Address}/post-proxy-detail-%Y%m%d" Fri Sep 21 15:39:35 2007 : Debug: detail: detailperm = 384 Fri Sep 21 15:39:35 2007 : Debug: detail: dirperm = 493 Fri Sep 21 15:39:35 2007 : Debug: detail: locking = no Fri Sep 21 15:39:35 2007 : Debug: Module: Instantiated detail (post_proxy_log) Fri Sep 21 15:39:35 2007 : Debug: attr_filter: attrsfile = "/etc/freeradius/attrs" Fri Sep 21 15:39:35 2007 : Error: rlm_attr_filter: Authorize method will be deprecated. Fri Sep 21 15:39:35 2007 : Debug: Module: Instantiated attr_filter (attr_filter.post-proxy) Fri Sep 21 15:39:35 2007 : Debug: detail: detailfile = "/var/log/freeradius/radacct/%{Client-IP-Address}/post-proxy-detail-%Y%m%d-filtre" Fri Sep 21 15:39:35 2007 : Debug: detail: detailperm = 384 Fri Sep 21 15:39:35 2007 : Debug: detail: dirperm = 493 Fri Sep 21 15:39:35 2007 : Debug: detail: locking = no Fri Sep 21 15:39:35 2007 : Debug: Module: Instantiated detail (post_proxy_log_filtre) Fri Sep 21 15:39:35 2007 : Debug: Listening on authentication *:1812 Fri Sep 21 15:39:35 2007 : Debug: Listening on accounting *:1813 Fri Sep 21 15:39:35 2007 : Debug: Listening on proxy *:1814 Fri Sep 21 15:39:35 2007 : Info: Ready to process requests. rad_recv: Access-Request packet from host 147.173.1.16:1814, id=236, length=182 NAS-IP-Address = 147.173.3.58 NAS-Port = 50014 NAS-Port-Type = Ethernet User-Name = "richard.heral@grenoble.cnrs.fr" Called-Station-Id = "00-09-7C-76-5D-8E" Calling-Station-Id = "00-30-13-C5-96-6D" Service-Type = Framed-User Framed-MTU = 1500 EAP-Message = 0x0200002301726963686172642e686572616c406772656e6f626c652e636e72732e6672 Message-Authenticator = 0xda50f0d56b1fc091bbe7e8c6e7b64549 Proxy-State = 0x3130 Proxy-State = 0x30 Fri Sep 21 15:39:59 2007 : Debug: Processing the authorize section of radiusd.conf Fri Sep 21 15:39:59 2007 : Debug: modcall: entering group authorize for request 0 Fri Sep 21 15:39:59 2007 : Debug: modsingle[authorize]: calling preprocess (rlm_preprocess) for request 0 Fri Sep 21 15:39:59 2007 : Debug: modsingle[authorize]: returned from preprocess (rlm_preprocess) for request 0 Fri Sep 21 15:39:59 2007 : Debug: modcall[authorize]: module "preprocess" returns ok for request 0 Fri Sep 21 15:39:59 2007 : Debug: modsingle[authorize]: calling suffix (rlm_realm) for request 0 Fri Sep 21 15:39:59 2007 : Debug: rlm_realm: Looking up realm "grenoble.cnrs.fr" for User-Name = "richard.heral@grenoble.cnrs.fr" Fri Sep 21 15:39:59 2007 : Debug: rlm_realm: Found realm "grenoble.cnrs.fr" Fri Sep 21 15:39:59 2007 : Debug: rlm_realm: Proxying request from user richard.heral to realm grenoble.cnrs.fr Fri Sep 21 15:39:59 2007 : Debug: rlm_realm: Adding Realm = "grenoble.cnrs.fr" Fri Sep 21 15:39:59 2007 : Debug: rlm_realm: Authentication realm is LOCAL. Fri Sep 21 15:39:59 2007 : Debug: modsingle[authorize]: returned from suffix (rlm_realm) for request 0 Fri Sep 21 15:39:59 2007 : Debug: modcall[authorize]: module "suffix" returns noop for request 0 Fri Sep 21 15:39:59 2007 : Debug: modsingle[authorize]: calling eap (rlm_eap) for request 0 Fri Sep 21 15:39:59 2007 : Debug: rlm_eap: EAP packet type response id 0 length 35 Fri Sep 21 15:39:59 2007 : Debug: rlm_eap: No EAP Start, assuming it's an on-going EAP conversation Fri Sep 21 15:39:59 2007 : Debug: modsingle[authorize]: returned from eap (rlm_eap) for request 0 Fri Sep 21 15:39:59 2007 : Debug: modcall[authorize]: module "eap" returns updated for request 0 Fri Sep 21 15:39:59 2007 : Debug: modsingle[authorize]: calling files (rlm_files) for request 0 Fri Sep 21 15:39:59 2007 : Debug: users: Matched entry DEFAULT at line 257 Fri Sep 21 15:39:59 2007 : Debug: modsingle[authorize]: returned from files (rlm_files) for request 0 Fri Sep 21 15:39:59 2007 : Debug: modcall[authorize]: module "files" returns ok for request 0 Fri Sep 21 15:39:59 2007 : Debug: modsingle[authorize]: calling pap (rlm_pap) for request 0 Fri Sep 21 15:39:59 2007 : Debug: rlm_pap: WARNING! No "known good" password found for the user. Authentication may fail because of this. Fri Sep 21 15:39:59 2007 : Debug: modsingle[authorize]: returned from pap (rlm_pap) for request 0 Fri Sep 21 15:39:59 2007 : Debug: modcall[authorize]: module "pap" returns noop for request 0 Fri Sep 21 15:39:59 2007 : Debug: modcall: leaving group authorize (returns updated) for request 0 Fri Sep 21 15:39:59 2007 : Debug: rad_check_password: Found Auth-Type EAP Fri Sep 21 15:39:59 2007 : Debug: auth: type "EAP" Fri Sep 21 15:39:59 2007 : Debug: Processing the authenticate section of radiusd.conf Fri Sep 21 15:39:59 2007 : Debug: modcall: entering group authenticate for request 0 Fri Sep 21 15:39:59 2007 : Debug: modsingle[authenticate]: calling eap (rlm_eap) for request 0 Fri Sep 21 15:39:59 2007 : Debug: rlm_eap: EAP Identity Fri Sep 21 15:39:59 2007 : Debug: rlm_eap: processing type tls Fri Sep 21 15:39:59 2007 : Debug: rlm_eap_tls: Initiate Fri Sep 21 15:39:59 2007 : Debug: rlm_eap_tls: Start returned 1 Fri Sep 21 15:39:59 2007 : Debug: modsingle[authenticate]: returned from eap (rlm_eap) for request 0 Fri Sep 21 15:39:59 2007 : Debug: modcall[authenticate]: module "eap" returns handled for request 0 Fri Sep 21 15:39:59 2007 : Debug: modcall: leaving group authenticate (returns handled) for request 0 Sending Access-Challenge of id 236 to 147.173.1.16 port 1814 EAP-Message = 0x010100061520 Message-Authenticator = 0x00000000000000000000000000000000 State = 0xa323155d8c6d89a1d4a2d973fbd634fd Proxy-State = 0x3130 Proxy-State = 0x30 Fri Sep 21 15:39:59 2007 : Debug: Finished request 0 Fri Sep 21 15:39:59 2007 : Debug: Going to the next request Fri Sep 21 15:39:59 2007 : Debug: --- Walking the entire request list --- Fri Sep 21 15:39:59 2007 : Debug: Waking up in 6 seconds... rad_recv: Access-Request packet from host 147.173.1.16:1814, id=237, length=225 NAS-IP-Address = 147.173.3.58 NAS-Port = 50014 NAS-Port-Type = Ethernet User-Name = "richard.heral@grenoble.cnrs.fr" Called-Station-Id = "00-09-7C-76-5D-8E" Calling-Station-Id = "00-30-13-C5-96-6D" Service-Type = Framed-User Framed-MTU = 1500 State = 0xa323155d8c6d89a1d4a2d973fbd634fd EAP-Message = 0x0201003c158000000032160301002d0100002903014f204e81d725c85ef9de7179af10d4ddd349e2d96bb97d61b0e2ec973ce84237000002000a0100 Message-Authenticator = 0x79ea7a435455f1dda6005371340d2687 Proxy-State = 0x3131 Proxy-State = 0x31 Fri Sep 21 15:39:59 2007 : Debug: Processing the authorize section of radiusd.conf Fri Sep 21 15:39:59 2007 : Debug: modcall: entering group authorize for request 1 Fri Sep 21 15:39:59 2007 : Debug: modsingle[authorize]: calling preprocess (rlm_preprocess) for request 1 Fri Sep 21 15:39:59 2007 : Debug: modsingle[authorize]: returned from preprocess (rlm_preprocess) for request 1 Fri Sep 21 15:39:59 2007 : Debug: modcall[authorize]: module "preprocess" returns ok for request 1 Fri Sep 21 15:39:59 2007 : Debug: modsingle[authorize]: calling suffix (rlm_realm) for request 1 Fri Sep 21 15:39:59 2007 : Debug: rlm_realm: Looking up realm "grenoble.cnrs.fr" for User-Name = "richard.heral@grenoble.cnrs.fr" Fri Sep 21 15:39:59 2007 : Debug: rlm_realm: Found realm "grenoble.cnrs.fr" Fri Sep 21 15:39:59 2007 : Debug: rlm_realm: Proxying request from user richard.heral to realm grenoble.cnrs.fr Fri Sep 21 15:39:59 2007 : Debug: rlm_realm: Adding Realm = "grenoble.cnrs.fr" Fri Sep 21 15:39:59 2007 : Debug: rlm_realm: Authentication realm is LOCAL. Fri Sep 21 15:39:59 2007 : Debug: modsingle[authorize]: returned from suffix (rlm_realm) for request 1 Fri Sep 21 15:39:59 2007 : Debug: modcall[authorize]: module "suffix" returns noop for request 1 Fri Sep 21 15:39:59 2007 : Debug: modsingle[authorize]: calling eap (rlm_eap) for request 1 Fri Sep 21 15:39:59 2007 : Debug: rlm_eap: EAP packet type response id 1 length 60 Fri Sep 21 15:39:59 2007 : Debug: rlm_eap: No EAP Start, assuming it's an on-going EAP conversation Fri Sep 21 15:39:59 2007 : Debug: modsingle[authorize]: returned from eap (rlm_eap) for request 1 Fri Sep 21 15:39:59 2007 : Debug: modcall[authorize]: module "eap" returns updated for request 1 Fri Sep 21 15:39:59 2007 : Debug: modsingle[authorize]: calling files (rlm_files) for request 1 Fri Sep 21 15:39:59 2007 : Debug: users: Matched entry DEFAULT at line 257 Fri Sep 21 15:39:59 2007 : Debug: modsingle[authorize]: returned from files (rlm_files) for request 1 Fri Sep 21 15:39:59 2007 : Debug: modcall[authorize]: module "files" returns ok for request 1 Fri Sep 21 15:39:59 2007 : Debug: modsingle[authorize]: calling pap (rlm_pap) for request 1 Fri Sep 21 15:39:59 2007 : Debug: rlm_pap: WARNING! No "known good" password found for the user. Authentication may fail because of this. Fri Sep 21 15:39:59 2007 : Debug: modsingle[authorize]: returned from pap (rlm_pap) for request 1 Fri Sep 21 15:39:59 2007 : Debug: modcall[authorize]: module "pap" returns noop for request 1 Fri Sep 21 15:39:59 2007 : Debug: modcall: leaving group authorize (returns updated) for request 1 Fri Sep 21 15:39:59 2007 : Debug: rad_check_password: Found Auth-Type EAP Fri Sep 21 15:39:59 2007 : Debug: auth: type "EAP" Fri Sep 21 15:39:59 2007 : Debug: Processing the authenticate section of radiusd.conf Fri Sep 21 15:39:59 2007 : Debug: modcall: entering group authenticate for request 1 Fri Sep 21 15:39:59 2007 : Debug: modsingle[authenticate]: calling eap (rlm_eap) for request 1 Fri Sep 21 15:39:59 2007 : Debug: rlm_eap: Request found, released from the list Fri Sep 21 15:39:59 2007 : Debug: rlm_eap: EAP/ttls Fri Sep 21 15:39:59 2007 : Debug: rlm_eap: processing type ttls Fri Sep 21 15:39:59 2007 : Debug: rlm_eap_ttls: Authenticate Fri Sep 21 15:39:59 2007 : Debug: rlm_eap_tls: processing TLS Fri Sep 21 15:39:59 2007 : Debug: rlm_eap_tls: Length Included Fri Sep 21 15:39:59 2007 : Debug: eaptls_verify returned 11 Fri Sep 21 15:39:59 2007 : Debug: (other): before/accept initialization Fri Sep 21 15:39:59 2007 : Debug: TLS_accept: before/accept initialization Fri Sep 21 15:39:59 2007 : Debug: rlm_eap_tls: <<< TLS 1.0 Handshake [length 002d], ClientHello Fri Sep 21 15:39:59 2007 : Debug: TLS_accept: SSLv3 read client hello A Fri Sep 21 15:39:59 2007 : Debug: rlm_eap_tls: >>> TLS 1.0 Handshake [length 004a], ServerHello Fri Sep 21 15:39:59 2007 : Debug: TLS_accept: SSLv3 write server hello A Fri Sep 21 15:39:59 2007 : Debug: rlm_eap_tls: >>> TLS 1.0 Handshake [length 0af4], Certificate Fri Sep 21 15:39:59 2007 : Debug: TLS_accept: SSLv3 write certificate A Fri Sep 21 15:39:59 2007 : Debug: rlm_eap_tls: >>> TLS 1.0 Handshake [length 0004], ServerHelloDone Fri Sep 21 15:39:59 2007 : Debug: TLS_accept: SSLv3 write server done A Fri Sep 21 15:39:59 2007 : Debug: TLS_accept: SSLv3 flush data Fri Sep 21 15:39:59 2007 : Debug: TLS_accept: Need to read more data: SSLv3 read client certificate A Fri Sep 21 15:39:59 2007 : Debug: In SSL Handshake Phase Fri Sep 21 15:39:59 2007 : Debug: In SSL Accept mode Fri Sep 21 15:39:59 2007 : Debug: eaptls_process returned 13 Fri Sep 21 15:39:59 2007 : Debug: modsingle[authenticate]: returned from eap (rlm_eap) for request 1 Fri Sep 21 15:39:59 2007 : Debug: modcall[authenticate]: module "eap" returns handled for request 1 Fri Sep 21 15:39:59 2007 : Debug: modcall: leaving group authenticate (returns handled) for request 1 Sending Access-Challenge of id 237 to 147.173.1.16 port 1814 EAP-Message = 0x0102040a15c000000b51160301004a02000046030146f3c9afdd3a05f5653f4baa18e82e6736f5eee5b6775d95b404798fd12680c220b5f5ccd1b217a38c53a02e2696fe72a1eba5411d2b8f6127e4624d113c1131b1000a001603010af40b000af0000aed00040b30820407308202efa00302010202022aa9300d06092a864886f70d01010505003034310b3009060355040613024652310d300b060355040a1304434e5253311630140603550403130d434e52532d5374616e64617264301e170d3035313133303130323130305a170d3037313133303130323130305a3074310b3009060355040613024652310d300b060355040a1304434e525331 EAP-Message = 0x0e300c060355040b130555505231313120301e060355040313177261646975732e6772656e6f626c652e636e72732e66723124302206092a864886f70d010901161563726963406772656e6f626c652e636e72732e667230819f300d06092a864886f70d010101050003818d0030818902818100df35c7c5f7a9736b6ef45af154865888cb1feb2db74bee23a5d120e00d78f8776297efd28914c82b5e6253cf51b3b30b400dcadf9f96cf661554915043065443c6e22931cfb82ac8fd6af4a31083a57df1b5ac8a604d05e6bc3a02dd1f2b2570cc757346d93c1e8ddcb9f3f24042bcea5f731598f278f8715d1ea042580c3a930203010001a3820165 EAP-Message = 0x30820161300c0603551d130101ff04023000301106096086480186f84201010404030206c0300e0603551d0f0101ff0404030205e0301d0603551d250416301406082b0601050507030106082b06010505070302302f06096086480186f842010d0422162043657274696669636174207365727665757220434e52532d5374616e64617264301d0603551d0e04160414b201d9549927db5f2e5410d6b2b65ead9d77670c30530603551d23044c304a80146759a5e507744903ef05cfcc2ea418d510c89e3ca12fa42d302b310b3009060355040613024652310d300b060355040a1304434e5253310d300b06035504031304434e525382010230220603 EAP-Message = 0x551d11041b301982177261646975732e6772656e6f626c652e636e72732e667230460603551d1f043f303d303ba039a0378635687474703a2f2f63726c732e73657276696365732e636e72732e66722f434e52532d5374616e646172642f6765746465722e63726c300d06092a864886f70d010105050003820101000e12aad10f16c2e9e9dbc19673908f0168a4223139663ab18dadeecdd7106cdedd0f232c94b8e29cfe170ed0c2635518ac66b75bfff4e4cafb094c50eaef77d7990c9a75eda36f4cfb378188fe77368baab090f41d03742ca7c33eae07d8cd96d7268429385a1be32ee728175463a20e171d756011031039315a4b6a0c8923e9aa EAP-Message = 0x4f960ff197f0e929a194b0af6b8d41ce78620d7ef1d0 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x3352bf7b9cf2677a2339d7fcb2a9ceed Proxy-State = 0x3131 Proxy-State = 0x31 Fri Sep 21 15:39:59 2007 : Debug: Finished request 1 Fri Sep 21 15:39:59 2007 : Debug: Going to the next request Fri Sep 21 15:39:59 2007 : Debug: Waking up in 6 seconds... rad_recv: Access-Request packet from host 147.173.1.16:1814, id=238, length=171 NAS-IP-Address = 147.173.3.58 NAS-Port = 50014 NAS-Port-Type = Ethernet User-Name = "richard.heral@grenoble.cnrs.fr" Called-Station-Id = "00-09-7C-76-5D-8E" Calling-Station-Id = "00-30-13-C5-96-6D" Service-Type = Framed-User Framed-MTU = 1500 State = 0x3352bf7b9cf2677a2339d7fcb2a9ceed EAP-Message = 0x020200061500 Message-Authenticator = 0xa3c6218fb1a29b354f04de7c48fb9fff Proxy-State = 0x3132 Proxy-State = 0x32 Fri Sep 21 15:39:59 2007 : Debug: Processing the authorize section of radiusd.conf Fri Sep 21 15:39:59 2007 : Debug: modcall: entering group authorize for request 2 Fri Sep 21 15:39:59 2007 : Debug: modsingle[authorize]: calling preprocess (rlm_preprocess) for request 2 Fri Sep 21 15:39:59 2007 : Debug: modsingle[authorize]: returned from preprocess (rlm_preprocess) for request 2 Fri Sep 21 15:39:59 2007 : Debug: modcall[authorize]: module "preprocess" returns ok for request 2 Fri Sep 21 15:39:59 2007 : Debug: modsingle[authorize]: calling suffix (rlm_realm) for request 2 Fri Sep 21 15:39:59 2007 : Debug: rlm_realm: Looking up realm "grenoble.cnrs.fr" for User-Name = "richard.heral@grenoble.cnrs.fr" Fri Sep 21 15:39:59 2007 : Debug: rlm_realm: Found realm "grenoble.cnrs.fr" Fri Sep 21 15:39:59 2007 : Debug: rlm_realm: Proxying request from user richard.heral to realm grenoble.cnrs.fr Fri Sep 21 15:39:59 2007 : Debug: rlm_realm: Adding Realm = "grenoble.cnrs.fr" Fri Sep 21 15:39:59 2007 : Debug: rlm_realm: Authentication realm is LOCAL. Fri Sep 21 15:39:59 2007 : Debug: modsingle[authorize]: returned from suffix (rlm_realm) for request 2 Fri Sep 21 15:39:59 2007 : Debug: modcall[authorize]: module "suffix" returns noop for request 2 Fri Sep 21 15:39:59 2007 : Debug: modsingle[authorize]: calling eap (rlm_eap) for request 2 Fri Sep 21 15:39:59 2007 : Debug: rlm_eap: EAP packet type response id 2 length 6 Fri Sep 21 15:39:59 2007 : Debug: rlm_eap: No EAP Start, assuming it's an on-going EAP conversation Fri Sep 21 15:39:59 2007 : Debug: modsingle[authorize]: returned from eap (rlm_eap) for request 2 Fri Sep 21 15:39:59 2007 : Debug: modcall[authorize]: module "eap" returns updated for request 2 Fri Sep 21 15:39:59 2007 : Debug: modsingle[authorize]: calling files (rlm_files) for request 2 Fri Sep 21 15:39:59 2007 : Debug: users: Matched entry DEFAULT at line 257 Fri Sep 21 15:39:59 2007 : Debug: modsingle[authorize]: returned from files (rlm_files) for request 2 Fri Sep 21 15:39:59 2007 : Debug: modcall[authorize]: module "files" returns ok for request 2 Fri Sep 21 15:39:59 2007 : Debug: modsingle[authorize]: calling pap (rlm_pap) for request 2 Fri Sep 21 15:39:59 2007 : Debug: rlm_pap: WARNING! No "known good" password found for the user. Authentication may fail because of this. Fri Sep 21 15:39:59 2007 : Debug: modsingle[authorize]: returned from pap (rlm_pap) for request 2 Fri Sep 21 15:39:59 2007 : Debug: modcall[authorize]: module "pap" returns noop for request 2 Fri Sep 21 15:39:59 2007 : Debug: modcall: leaving group authorize (returns updated) for request 2 Fri Sep 21 15:39:59 2007 : Debug: rad_check_password: Found Auth-Type EAP Fri Sep 21 15:39:59 2007 : Debug: auth: type "EAP" Fri Sep 21 15:39:59 2007 : Debug: Processing the authenticate section of radiusd.conf Fri Sep 21 15:39:59 2007 : Debug: modcall: entering group authenticate for request 2 Fri Sep 21 15:39:59 2007 : Debug: modsingle[authenticate]: calling eap (rlm_eap) for request 2 Fri Sep 21 15:39:59 2007 : Debug: rlm_eap: Request found, released from the list Fri Sep 21 15:39:59 2007 : Debug: rlm_eap: EAP/ttls Fri Sep 21 15:39:59 2007 : Debug: rlm_eap: processing type ttls Fri Sep 21 15:39:59 2007 : Debug: rlm_eap_ttls: Authenticate Fri Sep 21 15:39:59 2007 : Debug: rlm_eap_tls: processing TLS Fri Sep 21 15:39:59 2007 : Debug: rlm_eap_tls: Received EAP-TLS ACK message Fri Sep 21 15:39:59 2007 : Debug: rlm_eap_tls: ack handshake fragment handler Fri Sep 21 15:39:59 2007 : Debug: eaptls_verify returned 1 Fri Sep 21 15:39:59 2007 : Debug: eaptls_process returned 13 Fri Sep 21 15:39:59 2007 : Debug: modsingle[authenticate]: returned from eap (rlm_eap) for request 2 Fri Sep 21 15:39:59 2007 : Debug: modcall[authenticate]: module "eap" returns handled for request 2 Fri Sep 21 15:39:59 2007 : Debug: modcall: leaving group authenticate (returns handled) for request 2 Sending Access-Challenge of id 238 to 147.173.1.16 port 1814 EAP-Message = 0x0103040a15c000000b51aef2010152718af34680242d09db9cfb824a49fb9fa25efb658d57bbf5f56d38a151404c9c6d6e5c14f1d82b180210568b32f2c8543ef9c3ae4ea1d535f7a1fc050ee430fa5d23db9663fa14e907f1f7fd32049d94f09fc1b959718cd615361b16db16dc7122bb17d80003713082036d30820255a003020102020102300d06092a864886f70d0101040500302b310b3009060355040613024652310d300b060355040a1304434e5253310d300b06035504031304434e5253301e170d3031303432373035343634395a170d3131303432353035343634395a3034310b3009060355040613024652310d300b060355040a130443 EAP-Message = 0x4e5253311630140603550403130d434e52532d5374616e6461726430820122300d06092a864886f70d01010105000382010f003082010a0282010100dce11e213d068beabd5eb488db0f9397b46d073d8662002dcaffb54a8ee756a48f612cf1a02aabf62add7c2cbfef75550bac094ee74e61c0e70cf09015451202c28cebc31264e26310182ecb0731d981e5dc29829b3156e2811e8a6fa7e8a958114456835db34e78702ddfb6fd728145d5f1ee4dceefbed53d0c9020459a0980af0f4cda200e80bf3ab3eb2780c0b90fc0a14e40dc3afd6a2abf40d52c7180f9f8ba6be4ea2a00ab2fbe9af0a7766d98299c0f2ff042f218975bc9f6cc195fbac2 EAP-Message = 0xbe12d25cb09094c0b7cb0604ef8f30ed322d7a4af793bba009a4b4ee33cbd0839bb5b5b390de8e901e599c20d54b1eedd74c4f86fa1c3a2aa1e9ac05a09dbf0203010001a3819230818f300c0603551d13040530030101ff301d0603551d0e041604146759a5e507744903ef05cfcc2ea418d510c89e3c30530603551d23044c304a801456eb68b9d25c7e98b5a553c3916f6358c4f96bb7a12fa42d302b310b3009060355040613024652310d300b060355040a1304434e5253310d300b06035504031304434e5253820100300b0603551d0f040403020106300d06092a864886f70d0101040500038201010006034783724590c24ee121d7ab17a901 EAP-Message = 0x5506ca406d55a21d5eebe2142359e409e290f63c8d36060f4ba7262365c2ea069a72bbb88ccb8a5fef7936257e00d7f30694fb8344292637c7eee987ce6c86801b713dd262aff6cd626c530fe67a93008c7b2e33e0411daabe659876f1950774b3e63f5375d54b06364b29c4f6dc8e138040107382ad157b047150b53733f2c864bba1107e36c6adaf6f7052a6d1aeccccbab0e859128f620dad03dd4b2ae8893988512fed61e8b73087db27556d6687a351098061715105be131dd94130fc755f0a969b18ffbe9081b413c0721108fd6a9a6a07bdf4832cb460366407fa3d6aa7b090047683dd33cb34e21798040ba1000368308203643082024ca003 EAP-Message = 0x020102020100300d06092a864886f70d010104050030 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x3bbe6924be6eea6ab19d0ad2bb45b8ea Proxy-State = 0x3132 Proxy-State = 0x32 Fri Sep 21 15:39:59 2007 : Debug: Finished request 2 Fri Sep 21 15:39:59 2007 : Debug: Going to the next request Fri Sep 21 15:39:59 2007 : Debug: Waking up in 6 seconds... rad_recv: Access-Request packet from host 147.173.1.16:1814, id=239, length=171 NAS-IP-Address = 147.173.3.58 NAS-Port = 50014 NAS-Port-Type = Ethernet User-Name = "richard.heral@grenoble.cnrs.fr" Called-Station-Id = "00-09-7C-76-5D-8E" Calling-Station-Id = "00-30-13-C5-96-6D" Service-Type = Framed-User Framed-MTU = 1500 State = 0x3bbe6924be6eea6ab19d0ad2bb45b8ea EAP-Message = 0x020300061500 Message-Authenticator = 0x40bb24a39297f3ec707879dbcf2f5663 Proxy-State = 0x3133 Proxy-State = 0x33 Fri Sep 21 15:39:59 2007 : Debug: Processing the authorize section of radiusd.conf Fri Sep 21 15:39:59 2007 : Debug: modcall: entering group authorize for request 3 Fri Sep 21 15:39:59 2007 : Debug: modsingle[authorize]: calling preprocess (rlm_preprocess) for request 3 Fri Sep 21 15:39:59 2007 : Debug: modsingle[authorize]: returned from preprocess (rlm_preprocess) for request 3 Fri Sep 21 15:39:59 2007 : Debug: modcall[authorize]: module "preprocess" returns ok for request 3 Fri Sep 21 15:39:59 2007 : Debug: modsingle[authorize]: calling suffix (rlm_realm) for request 3 Fri Sep 21 15:39:59 2007 : Debug: rlm_realm: Looking up realm "grenoble.cnrs.fr" for User-Name = "richard.heral@grenoble.cnrs.fr" Fri Sep 21 15:39:59 2007 : Debug: rlm_realm: Found realm "grenoble.cnrs.fr" Fri Sep 21 15:39:59 2007 : Debug: rlm_realm: Proxying request from user richard.heral to realm grenoble.cnrs.fr Fri Sep 21 15:39:59 2007 : Debug: rlm_realm: Adding Realm = "grenoble.cnrs.fr" Fri Sep 21 15:39:59 2007 : Debug: rlm_realm: Authentication realm is LOCAL. Fri Sep 21 15:39:59 2007 : Debug: modsingle[authorize]: returned from suffix (rlm_realm) for request 3 Fri Sep 21 15:39:59 2007 : Debug: modcall[authorize]: module "suffix" returns noop for request 3 Fri Sep 21 15:39:59 2007 : Debug: modsingle[authorize]: calling eap (rlm_eap) for request 3 Fri Sep 21 15:39:59 2007 : Debug: rlm_eap: EAP packet type response id 3 length 6 Fri Sep 21 15:39:59 2007 : Debug: rlm_eap: No EAP Start, assuming it's an on-going EAP conversation Fri Sep 21 15:39:59 2007 : Debug: modsingle[authorize]: returned from eap (rlm_eap) for request 3 Fri Sep 21 15:39:59 2007 : Debug: modcall[authorize]: module "eap" returns updated for request 3 Fri Sep 21 15:39:59 2007 : Debug: modsingle[authorize]: calling files (rlm_files) for request 3 Fri Sep 21 15:39:59 2007 : Debug: users: Matched entry DEFAULT at line 257 Fri Sep 21 15:39:59 2007 : Debug: modsingle[authorize]: returned from files (rlm_files) for request 3 Fri Sep 21 15:39:59 2007 : Debug: modcall[authorize]: module "files" returns ok for request 3 Fri Sep 21 15:39:59 2007 : Debug: modsingle[authorize]: calling pap (rlm_pap) for request 3 Fri Sep 21 15:39:59 2007 : Debug: rlm_pap: WARNING! No "known good" password found for the user. Authentication may fail because of this. Fri Sep 21 15:39:59 2007 : Debug: modsingle[authorize]: returned from pap (rlm_pap) for request 3 Fri Sep 21 15:39:59 2007 : Debug: modcall[authorize]: module "pap" returns noop for request 3 Fri Sep 21 15:39:59 2007 : Debug: modcall: leaving group authorize (returns updated) for request 3 Fri Sep 21 15:39:59 2007 : Debug: rad_check_password: Found Auth-Type EAP Fri Sep 21 15:39:59 2007 : Debug: auth: type "EAP" Fri Sep 21 15:39:59 2007 : Debug: Processing the authenticate section of radiusd.conf Fri Sep 21 15:39:59 2007 : Debug: modcall: entering group authenticate for request 3 Fri Sep 21 15:39:59 2007 : Debug: modsingle[authenticate]: calling eap (rlm_eap) for request 3 Fri Sep 21 15:39:59 2007 : Debug: rlm_eap: Request found, released from the list Fri Sep 21 15:39:59 2007 : Debug: rlm_eap: EAP/ttls Fri Sep 21 15:39:59 2007 : Debug: rlm_eap: processing type ttls Fri Sep 21 15:39:59 2007 : Debug: rlm_eap_ttls: Authenticate Fri Sep 21 15:39:59 2007 : Debug: rlm_eap_tls: processing TLS Fri Sep 21 15:39:59 2007 : Debug: rlm_eap_tls: Received EAP-TLS ACK message Fri Sep 21 15:39:59 2007 : Debug: rlm_eap_tls: ack handshake fragment handler Fri Sep 21 15:39:59 2007 : Debug: eaptls_verify returned 1 Fri Sep 21 15:39:59 2007 : Debug: eaptls_process returned 13 Fri Sep 21 15:39:59 2007 : Debug: modsingle[authenticate]: returned from eap (rlm_eap) for request 3 Fri Sep 21 15:39:59 2007 : Debug: modcall[authenticate]: module "eap" returns handled for request 3 Fri Sep 21 15:39:59 2007 : Debug: modcall: leaving group authenticate (returns handled) for request 3 Sending Access-Challenge of id 239 to 147.173.1.16 port 1814 EAP-Message = 0x0104035b158000000b512b310b3009060355040613024652310d300b060355040a1304434e5253310d300b06035504031304434e5253301e170d3031303432373035343433365a170d3231303432323035343433365a302b310b3009060355040613024652310d300b060355040a1304434e5253310d300b06035504031304434e525330820122300d06092a864886f70d01010105000382010f003082010a0282010100dd77abf1eafc78b514a1dc776256978c2fb754c24c54a6d47d22477b74a9f7e3ad7c55b214f0485d988f02bd9211b6884fc415f56f585bf789b527eaafa0fca08e88868f9f24b6904e24dc67d04f8f7e562d1b280772b11767 EAP-Message = 0xa00edb424ec37cb425a2f88c04b1a9825d8c8fd4837beeaa9fd7d2dbf65b6ec28110d69aab5d881c36ca0564684b8b9ec0509423fdb628b5af5da4dda6c5d3d8572b3ef8b5bac4d8ff12225f24690762e4344a0877ca30bbecd3ed759068a28c717227de15262c2521842a9e5718817223bd661f0fe3b7bd17da12ba1954f41c2d8f715233b1b628b67a68cb9a4d5238fa488cc14b89968fc6175bcbb90e0e815c1ac7343957bd0203010001a3819230818f300c0603551d13040530030101ff301d0603551d0e0416041456eb68b9d25c7e98b5a553c3916f6358c4f96bb730530603551d23044c304a801456eb68b9d25c7e98b5a553c3916f6358c4 EAP-Message = 0xf96bb7a12fa42d302b310b3009060355040613024652310d300b060355040a1304434e5253310d300b06035504031304434e5253820100300b0603551d0f040403020106300d06092a864886f70d0101040500038201010038d7c329bc7a77a25e164749865ed019386ade810802b9a7a002a688b80de24935cee6aaa234d2f9a384379a15e9592bb7bdcc11ae29218f8f9139fa9d77e2e839eaec2ed6ca4847224c65b1d3b66f581b342e8a109d128474a4795257005314c898de816ec50b75a75ae7d335084588f5845098f0073ec5863e2e095aa2dcb6a06b7b37ab9f03706eddf59cc00e05ecb5845b23b489211088adfb2d08e400131c55b38f77 EAP-Message = 0xbe20acdc011c797c670c5a5f4fb99489beab9a2c12b1a863c6628003fd4c7095bdc6e805dacbbe09a61fe96dd2852e43d31f1a5c76fe13766160f964d45878bf7fefe573a343da2a7f77db347972d98ee5a5ed52d0c4464c5f1baa16030100040e000000 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x185a66541b44ac9baf18cfe999be7c50 Proxy-State = 0x3133 Proxy-State = 0x33 Fri Sep 21 15:39:59 2007 : Debug: Finished request 3 Fri Sep 21 15:39:59 2007 : Debug: Going to the next request Fri Sep 21 15:39:59 2007 : Debug: Waking up in 6 seconds... rad_recv: Access-Request packet from host 147.173.1.16:1814, id=240, length=365 NAS-IP-Address = 147.173.3.58 NAS-Port = 50014 NAS-Port-Type = Ethernet User-Name = "richard.heral@grenoble.cnrs.fr" Called-Station-Id = "00-09-7C-76-5D-8E" Calling-Station-Id = "00-30-13-C5-96-6D" Service-Type = Framed-User Framed-MTU = 1500 State = 0x185a66541b44ac9baf18cfe999be7c50 EAP-Message = 0x020400c81580000000be160301008610000082008002a0ce644f558c29306df4da3b1ec68ddbb8f5c57874d6646216f1d696302399edace02759924acdc941c472dc846eb22eb3343a950dcea88bbd9aea126b47cbf9a136742b987cee163908d23d1eeec23c09b2fa47d25399b5e366e205fd4140df4632a8c5a29350cb0fdb93dfc8c54e5db17befa1f1af9fb79cb7e817e4a03e140301000101160301002801255d0695a298421dbdc9792b03299f48db7479d2cb47ff7fd8b5e04c6afc5afa64bbc75313fc0c Message-Authenticator = 0x55da3d033dc104b702329bdccc358558 Proxy-State = 0x3134 Proxy-State = 0x34 Fri Sep 21 15:39:59 2007 : Debug: Processing the authorize section of radiusd.conf Fri Sep 21 15:39:59 2007 : Debug: modcall: entering group authorize for request 4 Fri Sep 21 15:39:59 2007 : Debug: modsingle[authorize]: calling preprocess (rlm_preprocess) for request 4 Fri Sep 21 15:39:59 2007 : Debug: modsingle[authorize]: returned from preprocess (rlm_preprocess) for request 4 Fri Sep 21 15:39:59 2007 : Debug: modcall[authorize]: module "preprocess" returns ok for request 4 Fri Sep 21 15:39:59 2007 : Debug: modsingle[authorize]: calling suffix (rlm_realm) for request 4 Fri Sep 21 15:39:59 2007 : Debug: rlm_realm: Looking up realm "grenoble.cnrs.fr" for User-Name = "richard.heral@grenoble.cnrs.fr" Fri Sep 21 15:39:59 2007 : Debug: rlm_realm: Found realm "grenoble.cnrs.fr" Fri Sep 21 15:39:59 2007 : Debug: rlm_realm: Proxying request from user richard.heral to realm grenoble.cnrs.fr Fri Sep 21 15:39:59 2007 : Debug: rlm_realm: Adding Realm = "grenoble.cnrs.fr" Fri Sep 21 15:39:59 2007 : Debug: rlm_realm: Authentication realm is LOCAL. Fri Sep 21 15:39:59 2007 : Debug: modsingle[authorize]: returned from suffix (rlm_realm) for request 4 Fri Sep 21 15:39:59 2007 : Debug: modcall[authorize]: module "suffix" returns noop for request 4 Fri Sep 21 15:39:59 2007 : Debug: modsingle[authorize]: calling eap (rlm_eap) for request 4 Fri Sep 21 15:39:59 2007 : Debug: rlm_eap: EAP packet type response id 4 length 200 Fri Sep 21 15:39:59 2007 : Debug: rlm_eap: No EAP Start, assuming it's an on-going EAP conversation Fri Sep 21 15:39:59 2007 : Debug: modsingle[authorize]: returned from eap (rlm_eap) for request 4 Fri Sep 21 15:39:59 2007 : Debug: modcall[authorize]: module "eap" returns updated for request 4 Fri Sep 21 15:39:59 2007 : Debug: modsingle[authorize]: calling files (rlm_files) for request 4 Fri Sep 21 15:39:59 2007 : Debug: users: Matched entry DEFAULT at line 257 Fri Sep 21 15:39:59 2007 : Debug: modsingle[authorize]: returned from files (rlm_files) for request 4 Fri Sep 21 15:39:59 2007 : Debug: modcall[authorize]: module "files" returns ok for request 4 Fri Sep 21 15:39:59 2007 : Debug: modsingle[authorize]: calling pap (rlm_pap) for request 4 Fri Sep 21 15:39:59 2007 : Debug: rlm_pap: WARNING! No "known good" password found for the user. Authentication may fail because of this. Fri Sep 21 15:39:59 2007 : Debug: modsingle[authorize]: returned from pap (rlm_pap) for request 4 Fri Sep 21 15:39:59 2007 : Debug: modcall[authorize]: module "pap" returns noop for request 4 Fri Sep 21 15:39:59 2007 : Debug: modcall: leaving group authorize (returns updated) for request 4 Fri Sep 21 15:39:59 2007 : Debug: rad_check_password: Found Auth-Type EAP Fri Sep 21 15:39:59 2007 : Debug: auth: type "EAP" Fri Sep 21 15:39:59 2007 : Debug: Processing the authenticate section of radiusd.conf Fri Sep 21 15:39:59 2007 : Debug: modcall: entering group authenticate for request 4 Fri Sep 21 15:39:59 2007 : Debug: modsingle[authenticate]: calling eap (rlm_eap) for request 4 Fri Sep 21 15:39:59 2007 : Debug: rlm_eap: Request found, released from the list Fri Sep 21 15:39:59 2007 : Debug: rlm_eap: EAP/ttls Fri Sep 21 15:39:59 2007 : Debug: rlm_eap: processing type ttls Fri Sep 21 15:39:59 2007 : Debug: rlm_eap_ttls: Authenticate Fri Sep 21 15:39:59 2007 : Debug: rlm_eap_tls: processing TLS Fri Sep 21 15:39:59 2007 : Debug: rlm_eap_tls: Length Included Fri Sep 21 15:39:59 2007 : Debug: eaptls_verify returned 11 Fri Sep 21 15:39:59 2007 : Debug: rlm_eap_tls: <<< TLS 1.0 Handshake [length 0086], ClientKeyExchange Fri Sep 21 15:39:59 2007 : Debug: TLS_accept: SSLv3 read client key exchange A Fri Sep 21 15:39:59 2007 : Debug: rlm_eap_tls: <<< TLS 1.0 ChangeCipherSpec [length 0001] Fri Sep 21 15:39:59 2007 : Debug: rlm_eap_tls: <<< TLS 1.0 Handshake [length 0010], Finished Fri Sep 21 15:39:59 2007 : Debug: TLS_accept: SSLv3 read finished A Fri Sep 21 15:39:59 2007 : Debug: rlm_eap_tls: >>> TLS 1.0 ChangeCipherSpec [length 0001] Fri Sep 21 15:39:59 2007 : Debug: TLS_accept: SSLv3 write change cipher spec A Fri Sep 21 15:39:59 2007 : Debug: rlm_eap_tls: >>> TLS 1.0 Handshake [length 0010], Finished Fri Sep 21 15:39:59 2007 : Debug: TLS_accept: SSLv3 write finished A Fri Sep 21 15:39:59 2007 : Debug: TLS_accept: SSLv3 flush data Fri Sep 21 15:39:59 2007 : Debug: (other): SSL negotiation finished successfully Fri Sep 21 15:39:59 2007 : Debug: SSL Connection Established Fri Sep 21 15:39:59 2007 : Debug: eaptls_process returned 13 Fri Sep 21 15:39:59 2007 : Debug: modsingle[authenticate]: returned from eap (rlm_eap) for request 4 Fri Sep 21 15:39:59 2007 : Debug: modcall[authenticate]: module "eap" returns handled for request 4 Fri Sep 21 15:39:59 2007 : Debug: modcall: leaving group authenticate (returns handled) for request 4 Sending Access-Challenge of id 240 to 147.173.1.16 port 1814 EAP-Message = 0x0105003d15800000003314030100010116030100286ead35b1d7f87b272b3039d0f5101c3240f9888fe6d2c0acd7323e513fda06a7ef93573bf6f7fd6a Message-Authenticator = 0x00000000000000000000000000000000 State = 0xf48fb482c367d842c68ff5e619c4fd79 Proxy-State = 0x3134 Proxy-State = 0x34 Fri Sep 21 15:39:59 2007 : Debug: Finished request 4 Fri Sep 21 15:39:59 2007 : Debug: Going to the next request Fri Sep 21 15:39:59 2007 : Debug: Waking up in 6 seconds... rad_recv: Access-Request packet from host 147.173.1.16:1814, id=241, length=260 NAS-IP-Address = 147.173.3.58 NAS-Port = 50014 NAS-Port-Type = Ethernet User-Name = "richard.heral@grenoble.cnrs.fr" Called-Station-Id = "00-09-7C-76-5D-8E" Calling-Station-Id = "00-30-13-C5-96-6D" Service-Type = Framed-User Framed-MTU = 1500 State = 0xf48fb482c367d842c68ff5e619c4fd79 EAP-Message = 0x0205005f15800000005517030100509428a68f2756ffe426aebcd7bdb4b89581b44cbc5e534a2818686be264aef57ea8cf60a236ae88cf0e57bb6318a2c32cd779984e60995cbb82129c48015db10641e50ad2dd8c41934d1952d9a3264cb9 Message-Authenticator = 0xc989abc6142b6762e9e516c1112bcc3e Proxy-State = 0x3135 Proxy-State = 0x35 Fri Sep 21 15:39:59 2007 : Debug: Processing the authorize section of radiusd.conf Fri Sep 21 15:39:59 2007 : Debug: modcall: entering group authorize for request 5 Fri Sep 21 15:39:59 2007 : Debug: modsingle[authorize]: calling preprocess (rlm_preprocess) for request 5 Fri Sep 21 15:39:59 2007 : Debug: modsingle[authorize]: returned from preprocess (rlm_preprocess) for request 5 Fri Sep 21 15:39:59 2007 : Debug: modcall[authorize]: module "preprocess" returns ok for request 5 Fri Sep 21 15:39:59 2007 : Debug: modsingle[authorize]: calling suffix (rlm_realm) for request 5 Fri Sep 21 15:39:59 2007 : Debug: rlm_realm: Looking up realm "grenoble.cnrs.fr" for User-Name = "richard.heral@grenoble.cnrs.fr" Fri Sep 21 15:39:59 2007 : Debug: rlm_realm: Found realm "grenoble.cnrs.fr" Fri Sep 21 15:39:59 2007 : Debug: rlm_realm: Proxying request from user richard.heral to realm grenoble.cnrs.fr Fri Sep 21 15:39:59 2007 : Debug: rlm_realm: Adding Realm = "grenoble.cnrs.fr" Fri Sep 21 15:39:59 2007 : Debug: rlm_realm: Authentication realm is LOCAL. Fri Sep 21 15:39:59 2007 : Debug: modsingle[authorize]: returned from suffix (rlm_realm) for request 5 Fri Sep 21 15:39:59 2007 : Debug: modcall[authorize]: module "suffix" returns noop for request 5 Fri Sep 21 15:39:59 2007 : Debug: modsingle[authorize]: calling eap (rlm_eap) for request 5 Fri Sep 21 15:39:59 2007 : Debug: rlm_eap: EAP packet type response id 5 length 95 Fri Sep 21 15:39:59 2007 : Debug: rlm_eap: No EAP Start, assuming it's an on-going EAP conversation Fri Sep 21 15:39:59 2007 : Debug: modsingle[authorize]: returned from eap (rlm_eap) for request 5 Fri Sep 21 15:39:59 2007 : Debug: modcall[authorize]: module "eap" returns updated for request 5 Fri Sep 21 15:39:59 2007 : Debug: modsingle[authorize]: calling files (rlm_files) for request 5 Fri Sep 21 15:39:59 2007 : Debug: users: Matched entry DEFAULT at line 257 Fri Sep 21 15:39:59 2007 : Debug: modsingle[authorize]: returned from files (rlm_files) for request 5 Fri Sep 21 15:39:59 2007 : Debug: modcall[authorize]: module "files" returns ok for request 5 Fri Sep 21 15:39:59 2007 : Debug: modsingle[authorize]: calling pap (rlm_pap) for request 5 Fri Sep 21 15:39:59 2007 : Debug: rlm_pap: WARNING! No "known good" password found for the user. Authentication may fail because of this. Fri Sep 21 15:39:59 2007 : Debug: modsingle[authorize]: returned from pap (rlm_pap) for request 5 Fri Sep 21 15:39:59 2007 : Debug: modcall[authorize]: module "pap" returns noop for request 5 Fri Sep 21 15:39:59 2007 : Debug: modcall: leaving group authorize (returns updated) for request 5 Fri Sep 21 15:39:59 2007 : Debug: rad_check_password: Found Auth-Type EAP Fri Sep 21 15:39:59 2007 : Debug: auth: type "EAP" Fri Sep 21 15:39:59 2007 : Debug: Processing the authenticate section of radiusd.conf Fri Sep 21 15:39:59 2007 : Debug: modcall: entering group authenticate for request 5 Fri Sep 21 15:39:59 2007 : Debug: modsingle[authenticate]: calling eap (rlm_eap) for request 5 Fri Sep 21 15:39:59 2007 : Debug: rlm_eap: Request found, released from the list Fri Sep 21 15:39:59 2007 : Debug: rlm_eap: EAP/ttls Fri Sep 21 15:39:59 2007 : Debug: rlm_eap: processing type ttls Fri Sep 21 15:39:59 2007 : Debug: rlm_eap_ttls: Authenticate Fri Sep 21 15:39:59 2007 : Debug: rlm_eap_tls: processing TLS Fri Sep 21 15:39:59 2007 : Debug: rlm_eap_tls: Length Included Fri Sep 21 15:39:59 2007 : Debug: eaptls_verify returned 11 Fri Sep 21 15:39:59 2007 : Debug: eaptls_process returned 7 Fri Sep 21 15:39:59 2007 : Debug: rlm_eap_ttls: Session established. Proceeding to decode tunneled attributes. TTLS tunnel data in 0000: 00 00 00 01 40 00 00 26 72 69 63 68 61 72 64 2e TTLS tunnel data in 0010: 68 65 72 61 6c 40 67 72 65 6e 6f 62 6c 65 2e 63 TTLS tunnel data in 0020: 6e 72 73 2e 66 72 00 00 00 00 00 02 40 00 00 10 TTLS tunnel data in 0030: 6c 61 76 63 68 64 6e 37 TTLS: Got tunneled request User-Name = "richard.heral@grenoble.cnrs.fr" User-Password = "XXXXXXX" FreeRADIUS-Proxied-To = 127.0.0.1 TTLS: Sending tunneled request User-Name = "richard.heral@grenoble.cnrs.fr" User-Password = "XXXXXXX" FreeRADIUS-Proxied-To = 127.0.0.1 NAS-IP-Address = 147.173.3.58 NAS-Port = 50014 NAS-Port-Type = Ethernet Called-Station-Id = "00-09-7C-76-5D-8E" Calling-Station-Id = "00-30-13-C5-96-6D" Service-Type = Framed-User Framed-MTU = 1500 Fri Sep 21 15:39:59 2007 : Debug: Processing the authorize section of radiusd.conf Fri Sep 21 15:39:59 2007 : Debug: modcall: entering group authorize for request 5 Fri Sep 21 15:39:59 2007 : Debug: modsingle[authorize]: calling preprocess (rlm_preprocess) for request 5 Fri Sep 21 15:39:59 2007 : Debug: modsingle[authorize]: returned from preprocess (rlm_preprocess) for request 5 Fri Sep 21 15:39:59 2007 : Debug: modcall[authorize]: module "preprocess" returns ok for request 5 Fri Sep 21 15:39:59 2007 : Debug: modsingle[authorize]: calling suffix (rlm_realm) for request 5 Fri Sep 21 15:39:59 2007 : Debug: rlm_realm: Looking up realm "grenoble.cnrs.fr" for User-Name = "richard.heral@grenoble.cnrs.fr" Fri Sep 21 15:39:59 2007 : Debug: rlm_realm: Found realm "grenoble.cnrs.fr" Fri Sep 21 15:39:59 2007 : Debug: rlm_realm: Proxying request from user richard.heral to realm grenoble.cnrs.fr Fri Sep 21 15:39:59 2007 : Debug: rlm_realm: Adding Realm = "grenoble.cnrs.fr" Fri Sep 21 15:39:59 2007 : Debug: rlm_realm: Authentication realm is LOCAL. Fri Sep 21 15:39:59 2007 : Debug: modsingle[authorize]: returned from suffix (rlm_realm) for request 5 Fri Sep 21 15:39:59 2007 : Debug: modcall[authorize]: module "suffix" returns noop for request 5 Fri Sep 21 15:39:59 2007 : Debug: modsingle[authorize]: calling eap (rlm_eap) for request 5 Fri Sep 21 15:39:59 2007 : Debug: rlm_eap: No EAP-Message, not doing EAP Fri Sep 21 15:39:59 2007 : Debug: modsingle[authorize]: returned from eap (rlm_eap) for request 5 Fri Sep 21 15:39:59 2007 : Debug: modcall[authorize]: module "eap" returns noop for request 5 Fri Sep 21 15:39:59 2007 : Debug: modsingle[authorize]: calling files (rlm_files) for request 5 Fri Sep 21 15:39:59 2007 : Debug: users: Matched entry DEFAULT at line 260 Fri Sep 21 15:39:59 2007 : Debug: modsingle[authorize]: returned from files (rlm_files) for request 5 Fri Sep 21 15:39:59 2007 : Debug: modcall[authorize]: module "files" returns ok for request 5 Fri Sep 21 15:39:59 2007 : Debug: modsingle[authorize]: calling pap (rlm_pap) for request 5 Fri Sep 21 15:39:59 2007 : Debug: rlm_pap: WARNING! No "known good" password found for the user. Authentication may fail because of this. Fri Sep 21 15:39:59 2007 : Debug: modsingle[authorize]: returned from pap (rlm_pap) for request 5 Fri Sep 21 15:39:59 2007 : Debug: modcall[authorize]: module "pap" returns noop for request 5 Fri Sep 21 15:39:59 2007 : Debug: modcall: leaving group authorize (returns ok) for request 5 Fri Sep 21 15:39:59 2007 : Debug: Found Autz-Type ldap Fri Sep 21 15:39:59 2007 : Debug: Processing the authorize section of radiusd.conf Fri Sep 21 15:39:59 2007 : Debug: modcall: entering group LDAP for request 5 Fri Sep 21 15:39:59 2007 : Debug: modsingle[authorize]: calling ldap (rlm_ldap) for request 5 Fri Sep 21 15:39:59 2007 : Debug: rlm_ldap: - authorize Fri Sep 21 15:39:59 2007 : Debug: rlm_ldap: performing user authorization for richard.heral@grenoble.cnrs.fr Fri Sep 21 15:39:59 2007 : Debug: radius_xlat: '(|(|(uid=richard.heral@grenoble.cnrs.fr)(mail=richard.heral@grenoble.cnrs.fr))(mail=richard.heral@grenoble.cnrs.fr@grenoble.cnrs.fr))' Fri Sep 21 15:39:59 2007 : Debug: radius_xlat: 'ou=users,dc=grenoble,dc=cnrs,dc=fr' Fri Sep 21 15:39:59 2007 : Debug: rlm_ldap: ldap_get_conn: Checking Id: 0 Fri Sep 21 15:39:59 2007 : Debug: rlm_ldap: ldap_get_conn: Got Id: 0 Fri Sep 21 15:39:59 2007 : Debug: rlm_ldap: attempting LDAP reconnection Fri Sep 21 15:39:59 2007 : Debug: rlm_ldap: (re)connect to ldaps://ldap.grenoble.cnrs.fr, authentication 0 Fri Sep 21 15:39:59 2007 : Debug: rlm_ldap: bind as cn=rad,dc=grenoble,dc=cnrs,dc=fr/XXXXXXX to ldaps://ldap.grenoble.cnrs.fr Fri Sep 21 15:39:59 2007 : Debug: rlm_ldap: waiting for bind result ... Fri Sep 21 15:39:59 2007 : Debug: rlm_ldap: Bind was successful Fri Sep 21 15:39:59 2007 : Debug: rlm_ldap: performing search in ou=users,dc=grenoble,dc=cnrs,dc=fr, with filter (|(|(uid=richard.heral@grenoble.cnrs.fr)(mail=richard.heral@grenoble.cnrs.fr))(mail=richard.heral@grenoble.cnrs.fr@grenoble.cnrs.fr)) Fri Sep 21 15:39:59 2007 : Debug: rlm_ldap: No default NMAS login sequence Fri Sep 21 15:39:59 2007 : Debug: rlm_ldap: looking for check items in directory... Fri Sep 21 15:39:59 2007 : Debug: rlm_ldap: looking for reply items in directory... Fri Sep 21 15:39:59 2007 : Debug: rlm_ldap: Setting Auth-Type = ldap Fri Sep 21 15:39:59 2007 : Debug: rlm_ldap: user richard.heral@grenoble.cnrs.fr authorized to use remote access Fri Sep 21 15:39:59 2007 : Debug: rlm_ldap: ldap_release_conn: Release Id: 0 Fri Sep 21 15:39:59 2007 : Debug: modsingle[authorize]: returned from ldap (rlm_ldap) for request 5 Fri Sep 21 15:39:59 2007 : Debug: modcall[authorize]: module "ldap" returns ok for request 5 Fri Sep 21 15:39:59 2007 : Debug: modcall: leaving group LDAP (returns ok) for request 5 Fri Sep 21 15:39:59 2007 : Debug: rad_check_password: Found Auth-Type ldap Fri Sep 21 15:39:59 2007 : Debug: auth: type "LDAP" Fri Sep 21 15:39:59 2007 : Debug: Processing the authenticate section of radiusd.conf Fri Sep 21 15:39:59 2007 : Debug: modcall: entering group LDAP for request 5 Fri Sep 21 15:39:59 2007 : Debug: modsingle[authenticate]: calling ldap (rlm_ldap) for request 5 Fri Sep 21 15:39:59 2007 : Debug: rlm_ldap: - authenticate Fri Sep 21 15:39:59 2007 : Debug: rlm_ldap: login attempt by "richard.heral@grenoble.cnrs.fr" with password "XXXXXXX" Fri Sep 21 15:39:59 2007 : Debug: rlm_ldap: user DN: uid=richard.heral,ou=invites,ou=users,dc=grenoble,dc=cnrs,dc=fr Fri Sep 21 15:39:59 2007 : Debug: rlm_ldap: (re)connect to ldaps://ldap.grenoble.cnrs.fr, authentication 1 Fri Sep 21 15:39:59 2007 : Debug: rlm_ldap: bind as uid=richard.heral,ou=invites,ou=users,dc=grenoble,dc=cnrs,dc=fr/XXXXXXX to ldaps://ldap.grenoble.cnrs.fr Fri Sep 21 15:39:59 2007 : Debug: rlm_ldap: waiting for bind result ... Fri Sep 21 15:39:59 2007 : Debug: rlm_ldap: Bind was successful Fri Sep 21 15:39:59 2007 : Debug: rlm_ldap: user richard.heral@grenoble.cnrs.fr authenticated succesfully Fri Sep 21 15:39:59 2007 : Debug: modsingle[authenticate]: returned from ldap (rlm_ldap) for request 5 Fri Sep 21 15:39:59 2007 : Debug: modcall[authenticate]: module "ldap" returns ok for request 5 Fri Sep 21 15:39:59 2007 : Debug: modcall: leaving group LDAP (returns ok) for request 5 Fri Sep 21 15:39:59 2007 : Auth: Login OK: [richard.heral@grenoble.cnrs.fr] (from client localhost port 50014 cli 00-30-13-C5-96-6D) TTLS: Got tunneled reply RADIUS code 2 Fri Sep 21 15:39:59 2007 : Debug: TTLS: Got tunneled Access-Accept Fri Sep 21 15:39:59 2007 : Debug: rlm_eap: Freeing handler Fri Sep 21 15:39:59 2007 : Debug: modsingle[authenticate]: returned from eap (rlm_eap) for request 5 Fri Sep 21 15:39:59 2007 : Debug: modcall[authenticate]: module "eap" returns ok for request 5 Fri Sep 21 15:39:59 2007 : Debug: modcall: leaving group authenticate (returns ok) for request 5 Fri Sep 21 15:39:59 2007 : Auth: Login OK: [richard.heral@grenoble.cnrs.fr] (from client LISTES port 50014 cli 00-30-13-C5-96-6D) Sending Access-Accept of id 241 to 147.173.1.16 port 1814 MS-MPPE-Recv-Key = 0x8f77ddaf5f06630f26265d650d9cf16c3c964ea76c923f68b32fac060611f89a MS-MPPE-Send-Key = 0x5b5d2749c2793034c144f059d6758b060e5a7549f185874991fd0a0008b02956 EAP-Message = 0x03050004 Message-Authenticator = 0x00000000000000000000000000000000 User-Name = "richard.heral@grenoble.cnrs.fr" Proxy-State = 0x3135 Proxy-State = 0x35 Fri Sep 21 15:39:59 2007 : Debug: Finished request 5 Fri Sep 21 15:39:59 2007 : Debug: Going to the next request Fri Sep 21 15:39:59 2007 : Debug: Waking up in 6 seconds... rad_recv: Accounting-Request packet from host 147.173.1.16:1814, id=22, length=205 NAS-IP-Address = 147.173.3.58 NAS-Port = 50014 NAS-Port-Type = Ethernet User-Name = "richard.heral@grenoble.cnrs.fr" Called-Station-Id = "00-09-7C-76-5D-8E" Calling-Station-Id = "00-30-13-C5-96-6D" Acct-Status-Type = Start Acct-Authentic = RADIUS Acct-Session-Id = "147.173.3.58 richard.heral@grenoble.cnrs.fr 03/01/93 22:26:21 0000000A" Acct-Delay-Time = 0 Proxy-State = 0x3135 Proxy-State = 0x30 Fri Sep 21 15:39:59 2007 : Debug: Processing the preacct section of radiusd.conf Fri Sep 21 15:39:59 2007 : Debug: modcall: entering group preacct for request 6 Fri Sep 21 15:39:59 2007 : Debug: modsingle[preacct]: calling preprocess (rlm_preprocess) for request 6 Fri Sep 21 15:39:59 2007 : Debug: modsingle[preacct]: returned from preprocess (rlm_preprocess) for request 6 Fri Sep 21 15:39:59 2007 : Debug: modcall[preacct]: module "preprocess" returns noop for request 6 Fri Sep 21 15:39:59 2007 : Debug: modsingle[preacct]: calling acct_unique (rlm_acct_unique) for request 6 Fri Sep 21 15:39:59 2007 : Debug: rlm_acct_unique: Hashing 'NAS-Port = 50014,Client-IP-Address = 147.173.1.16,NAS-IP-Address = 147.173.3.58,Acct-Session-Id = "147.173.3.58 richard.heral@grenoble.cnrs.fr 03/01/93 22:26:21 0000000A",User-Name = "richard.heral@grenoble.cnrs.fr"' Fri Sep 21 15:39:59 2007 : Debug: rlm_acct_unique: Acct-Unique-Session-ID = "ce177903f575bfa0". Fri Sep 21 15:39:59 2007 : Debug: modsingle[preacct]: returned from acct_unique (rlm_acct_unique) for request 6 Fri Sep 21 15:39:59 2007 : Debug: modcall[preacct]: module "acct_unique" returns ok for request 6 Fri Sep 21 15:39:59 2007 : Debug: modsingle[preacct]: calling suffix (rlm_realm) for request 6 Fri Sep 21 15:39:59 2007 : Debug: rlm_realm: Looking up realm "grenoble.cnrs.fr" for User-Name = "richard.heral@grenoble.cnrs.fr" Fri Sep 21 15:39:59 2007 : Debug: rlm_realm: Found realm "grenoble.cnrs.fr" Fri Sep 21 15:39:59 2007 : Debug: rlm_realm: Proxying request from user richard.heral to realm grenoble.cnrs.fr Fri Sep 21 15:39:59 2007 : Debug: rlm_realm: Adding Realm = "grenoble.cnrs.fr" Fri Sep 21 15:39:59 2007 : Debug: rlm_realm: Accounting realm is LOCAL. Fri Sep 21 15:39:59 2007 : Debug: modsingle[preacct]: returned from suffix (rlm_realm) for request 6 Fri Sep 21 15:39:59 2007 : Debug: modcall[preacct]: module "suffix" returns noop for request 6 Fri Sep 21 15:39:59 2007 : Debug: modsingle[preacct]: calling files (rlm_files) for request 6 Fri Sep 21 15:39:59 2007 : Debug: modsingle[preacct]: returned from files (rlm_files) for request 6 Fri Sep 21 15:39:59 2007 : Debug: modcall[preacct]: module "files" returns noop for request 6 Fri Sep 21 15:39:59 2007 : Debug: modcall: leaving group preacct (returns ok) for request 6 Fri Sep 21 15:39:59 2007 : Debug: Processing the accounting section of radiusd.conf Fri Sep 21 15:39:59 2007 : Debug: modcall: entering group accounting for request 6 Fri Sep 21 15:39:59 2007 : Debug: modsingle[accounting]: calling detail (rlm_detail) for request 6 Fri Sep 21 15:39:59 2007 : Debug: radius_xlat: '/var/log/freeradius/radacct/147.173.1.16/detail-20070921' Fri Sep 21 15:39:59 2007 : Debug: rlm_detail: /var/log/freeradius/radacct/%{Client-IP-Address}/detail-%Y%m%d expands to /var/log/freeradius/radacct/147.173.1.16/detail-20070921 Fri Sep 21 15:39:59 2007 : Debug: modsingle[accounting]: returned from detail (rlm_detail) for request 6 Fri Sep 21 15:39:59 2007 : Debug: modcall[accounting]: module "detail" returns ok for request 6 Fri Sep 21 15:39:59 2007 : Debug: modsingle[accounting]: calling unix (rlm_unix) for request 6 Fri Sep 21 15:39:59 2007 : Debug: modsingle[accounting]: returned from unix (rlm_unix) for request 6 Fri Sep 21 15:39:59 2007 : Debug: modcall[accounting]: module "unix" returns ok for request 6 Fri Sep 21 15:39:59 2007 : Debug: modsingle[accounting]: calling radutmp (rlm_radutmp) for request 6 Fri Sep 21 15:39:59 2007 : Debug: radius_xlat: '/var/log/freeradius/radutmp' Fri Sep 21 15:39:59 2007 : Debug: radius_xlat: 'richard.heral@grenoble.cnrs.fr' Fri Sep 21 15:39:59 2007 : Debug: modsingle[accounting]: returned from radutmp (rlm_radutmp) for request 6 Fri Sep 21 15:39:59 2007 : Debug: modcall[accounting]: module "radutmp" returns ok for request 6 Fri Sep 21 15:39:59 2007 : Debug: modsingle[accounting]: calling sql (rlm_sql) for request 6 Fri Sep 21 15:39:59 2007 : Debug: radius_xlat: 'richard.heral@grenoble.cnrs.fr' Fri Sep 21 15:39:59 2007 : Debug: rlm_sql (sql): sql_set_user escaped user --> 'richard.heral@grenoble.cnrs.fr' Fri Sep 21 15:39:59 2007 : Debug: radius_xlat: 'INSERT into radacct (AcctSessionId, AcctUniqueId, UserName, Realm, NASIPAddress, NASPortId, NASPortType, AcctStartTime, AcctStopTime, AcctSessionTime, AcctAuthentic, ConnectInfo_start, ConnectInfo_stop, AcctInputOctets, AcctOutputOctets, CalledStationId, CallingStationId, AcctTerminateCause, ServiceType, FramedProtocol, FramedIPAddress, AcctStartDelay, AcctStopDelay) values('147.173.3.58 richard.heral@grenoble.cnrs.fr 03/01/93 22:26:21 0000000A', 'ce177903f575bfa0', 'richard.heral@grenoble.cnrs.fr', 'grenoble.cnrs.fr', '147.173.3.58', '50014', 'Ethernet', '2007-09-21 15:39:59', '0', '0', 'RADIUS', '', '', '0', '0', '00-09-7C-76-5D-8E', '00-30-13-C5-96-6D', '', '', '', '', '0', '0')' Fri Sep 21 15:39:59 2007 : Debug: radius_xlat: '/var/log/freeradius/sqltrace.sql' Fri Sep 21 15:39:59 2007 : Debug: rlm_sql (sql): Reserving sql socket id: 4 Fri Sep 21 15:39:59 2007 : Debug: rlm_sql_mysql: query: INSERT into radacct (AcctSessionId, AcctUniqueId, UserName, Realm, NASIPAddress, NASPortId, NASPortType, AcctStartTime, AcctStopTime, AcctSessionTime, AcctAuthentic, ConnectInfo_start, ConnectInfo_stop, AcctInputOctets, AcctOutputOctets, CalledStationId, CallingStationId, AcctTerminateCause, ServiceType, FramedProtocol, FramedIPAddress, AcctStartDelay, AcctStopDelay) values('147.173.3.58 richard.heral@grenoble.cnrs.fr 03/01/93 22:26:21 0000000A', 'ce177903f575bfa0', 'richard.heral@grenoble.cnrs.fr', 'grenoble.cnrs.fr', '147.173.3.58', '50014', 'Ethernet', '2007-09-21 15:39:59', '0', '0', 'RADIUS', '', '', '0', '0', '00-09-7C-76-5D-8E', '00-30-13-C5-96-6D', '', '', '', '', '0', '0') Fri Sep 21 15:39:59 2007 : Debug: rlm_sql (sql): Released sql socket id: 4 Fri Sep 21 15:39:59 2007 : Debug: modsingle[accounting]: returned from sql (rlm_sql) for request 6 Fri Sep 21 15:39:59 2007 : Debug: modcall[accounting]: module "sql" returns ok for request 6 Fri Sep 21 15:39:59 2007 : Debug: modsingle[accounting]: calling attr_filter.accounting_response (rlm_attr_filter) for request 6 Fri Sep 21 15:39:59 2007 : Debug: attr_filter: Matched entry DEFAULT at line 12 Fri Sep 21 15:39:59 2007 : Debug: modsingle[accounting]: returned from attr_filter.accounting_response (rlm_attr_filter) for request 6 Fri Sep 21 15:39:59 2007 : Debug: modcall[accounting]: module "attr_filter.accounting_response" returns updated for request 6 Fri Sep 21 15:39:59 2007 : Debug: modcall: leaving group accounting (returns updated) for request 6 Sending Accounting-Response of id 22 to 147.173.1.16 port 1814 Proxy-State = 0x3135 Proxy-State = 0x30 Fri Sep 21 15:39:59 2007 : Debug: Finished request 6 Fri Sep 21 15:39:59 2007 : Debug: Going to the next request Fri Sep 21 15:39:59 2007 : Debug: Waking up in 6 seconds... Fri Sep 21 15:40:05 2007 : Debug: --- Walking the entire request list --- Fri Sep 21 15:40:05 2007 : Debug: Cleaning up request 6 ID 22 with timestamp 46f3c9af Fri Sep 21 15:40:05 2007 : Debug: Cleaning up request 0 ID 236 with timestamp 46f3c9af Fri Sep 21 15:40:05 2007 : Debug: Cleaning up request 1 ID 237 with timestamp 46f3c9af Fri Sep 21 15:40:05 2007 : Debug: Cleaning up request 2 ID 238 with timestamp 46f3c9af Fri Sep 21 15:40:05 2007 : Debug: Cleaning up request 3 ID 239 with timestamp 46f3c9af Fri Sep 21 15:40:05 2007 : Debug: Cleaning up request 4 ID 240 with timestamp 46f3c9af Fri Sep 21 15:40:05 2007 : Debug: Cleaning up request 5 ID 241 with timestamp 46f3c9af Fri Sep 21 15:40:05 2007 : Debug: Nothing to do. Sleeping until we see a request.
Fri Sep 21 15:40:27 2007 : Info: Starting - reading configuration files ... Fri Sep 21 15:40:27 2007 : Debug: reread_config: reading radiusd.conf Fri Sep 21 15:40:27 2007 : Debug: Config: including file: /etc/freeradius/proxy.conf Fri Sep 21 15:40:27 2007 : Debug: Config: including file: /etc/freeradius/clients.conf Fri Sep 21 15:40:27 2007 : Debug: Config: including file: /etc/freeradius/snmp.conf Fri Sep 21 15:40:27 2007 : Debug: Config: including file: /etc/freeradius/eap.conf Fri Sep 21 15:40:27 2007 : Debug: Config: including file: /etc/freeradius/sql.conf Fri Sep 21 15:40:27 2007 : Debug: main: prefix = "/usr" Fri Sep 21 15:40:27 2007 : Debug: main: localstatedir = "/var" Fri Sep 21 15:40:27 2007 : Debug: main: logdir = "/var/log/freeradius" Fri Sep 21 15:40:27 2007 : Debug: main: libdir = "/usr/lib/freeradius" Fri Sep 21 15:40:27 2007 : Debug: main: radacctdir = "/var/log/freeradius/radacct" Fri Sep 21 15:40:27 2007 : Debug: main: hostname_lookups = no Fri Sep 21 15:40:27 2007 : Debug: main: snmp = no Fri Sep 21 15:40:27 2007 : Debug: main: max_request_time = 30 Fri Sep 21 15:40:27 2007 : Debug: main: cleanup_delay = 5 Fri Sep 21 15:40:27 2007 : Debug: main: max_requests = 1024 Fri Sep 21 15:40:27 2007 : Debug: main: delete_blocked_requests = 0 Fri Sep 21 15:40:27 2007 : Debug: main: port = 1812 Fri Sep 21 15:40:27 2007 : Debug: main: allow_core_dumps = no Fri Sep 21 15:40:27 2007 : Debug: main: log_stripped_names = no Fri Sep 21 15:40:27 2007 : Debug: main: log_file = "/var/log/freeradius/radius.log" Fri Sep 21 15:40:27 2007 : Debug: main: log_auth = yes Fri Sep 21 15:40:27 2007 : Debug: main: log_auth_badpass = no Fri Sep 21 15:40:27 2007 : Debug: main: log_auth_goodpass = no Fri Sep 21 15:40:27 2007 : Debug: main: pidfile = "/var/run/freeradius/freeradius.pid" Fri Sep 21 15:40:27 2007 : Debug: main: user = "freerad" Fri Sep 21 15:40:27 2007 : Debug: main: group = "freerad" Fri Sep 21 15:40:27 2007 : Debug: main: usercollide = no Fri Sep 21 15:40:27 2007 : Debug: main: lower_user = "no" Fri Sep 21 15:40:27 2007 : Debug: main: lower_pass = "no" Fri Sep 21 15:40:27 2007 : Debug: main: nospace_user = "no" Fri Sep 21 15:40:27 2007 : Debug: main: nospace_pass = "no" Fri Sep 21 15:40:27 2007 : Debug: main: checkrad = "/usr/sbin/checkrad" Fri Sep 21 15:40:27 2007 : Debug: main: proxy_requests = yes Fri Sep 21 15:40:27 2007 : Debug: proxy: retry_delay = 5 Fri Sep 21 15:40:27 2007 : Debug: proxy: retry_count = 3 Fri Sep 21 15:40:27 2007 : Debug: proxy: synchronous = no Fri Sep 21 15:40:27 2007 : Debug: proxy: default_fallback = yes Fri Sep 21 15:40:27 2007 : Debug: proxy: dead_time = 120 Fri Sep 21 15:40:27 2007 : Debug: proxy: post_proxy_authorize = yes Fri Sep 21 15:40:27 2007 : Debug: proxy: wake_all_if_all_dead = no Fri Sep 21 15:40:27 2007 : Debug: security: max_attributes = 200 Fri Sep 21 15:40:27 2007 : Debug: security: reject_delay = 1 Fri Sep 21 15:40:27 2007 : Debug: security: status_server = yes Fri Sep 21 15:40:27 2007 : Debug: main: debug_level = 0 Fri Sep 21 15:40:27 2007 : Debug: read_config_files: reading dictionary Fri Sep 21 15:40:27 2007 : Debug: read_config_files: reading naslist Fri Sep 21 15:40:27 2007 : Debug: read_config_files: reading clients Fri Sep 21 15:40:27 2007 : Debug: read_config_files: reading realms Fri Sep 21 15:40:27 2007 : Debug: listen: port = 0 Fri Sep 21 15:40:27 2007 : Debug: listen: type = "auth" Fri Sep 21 15:40:27 2007 : Debug: listen: port = 0 Fri Sep 21 15:40:27 2007 : Debug: listen: type = "acct" Fri Sep 21 15:40:27 2007 : Debug: radiusd: entering modules setup Fri Sep 21 15:40:27 2007 : Debug: Module: Library search path is /usr/lib/freeradius Fri Sep 21 15:40:27 2007 : Debug: Module: Loaded exec Fri Sep 21 15:40:27 2007 : Debug: exec: wait = no Fri Sep 21 15:40:27 2007 : Debug: exec: program = "(null)" Fri Sep 21 15:40:27 2007 : Debug: exec: input_pairs = "request" Fri Sep 21 15:40:27 2007 : Debug: exec: output_pairs = "(null)" Fri Sep 21 15:40:27 2007 : Debug: exec: packet_type = "(null)" Fri Sep 21 15:40:27 2007 : Debug: Module: Instantiated exec (exec) Fri Sep 21 15:40:27 2007 : Debug: Module: Loaded expr Fri Sep 21 15:40:27 2007 : Debug: Module: Instantiated expr (expr) Fri Sep 21 15:40:27 2007 : Debug: Module: Loaded LDAP Fri Sep 21 15:40:27 2007 : Debug: ldap: server = "ldaps://ldap.grenoble.cnrs.fr" Fri Sep 21 15:40:27 2007 : Debug: ldap: port = 389 Fri Sep 21 15:40:27 2007 : Debug: ldap: net_timeout = 1 Fri Sep 21 15:40:27 2007 : Debug: ldap: timeout = 4 Fri Sep 21 15:40:27 2007 : Debug: ldap: timelimit = 3 Fri Sep 21 15:40:27 2007 : Debug: ldap: identity = "cn=rad,dc=grenoble,dc=cnrs,dc=fr" Fri Sep 21 15:40:27 2007 : Debug: ldap: tls_mode = no Fri Sep 21 15:40:27 2007 : Debug: ldap: start_tls = no Fri Sep 21 15:40:27 2007 : Debug: ldap: tls_cacertfile = "(null)" Fri Sep 21 15:40:27 2007 : Debug: ldap: tls_cacertdir = "(null)" Fri Sep 21 15:40:27 2007 : Debug: ldap: tls_certfile = "(null)" Fri Sep 21 15:40:27 2007 : Debug: ldap: tls_keyfile = "(null)" Fri Sep 21 15:40:27 2007 : Debug: ldap: tls_randfile = "(null)" Fri Sep 21 15:40:27 2007 : Debug: ldap: tls_require_cert = "allow" Fri Sep 21 15:40:27 2007 : Debug: ldap: password = "XXXXXXX" Fri Sep 21 15:40:27 2007 : Debug: ldap: basedn = "ou=users,dc=grenoble,dc=cnrs,dc=fr" Fri Sep 21 15:40:27 2007 : Debug: ldap: filter = "(|(|(uid=%{Stripped-User-Name:-%{User-Name}})(mail=%{Stripped-User-Name:-%{User-Name}}))(mail=%{Stripped-User-Name:-%{User-Name}}@grenoble.cnrs.fr))" Fri Sep 21 15:40:27 2007 : Debug: ldap: base_filter = "(objectclass=radiusprofile)" Fri Sep 21 15:40:27 2007 : Debug: ldap: default_profile = "(null)" Fri Sep 21 15:40:27 2007 : Debug: ldap: profile_attribute = "(null)" Fri Sep 21 15:40:27 2007 : Debug: ldap: password_header = "(null)" Fri Sep 21 15:40:27 2007 : Debug: ldap: password_attribute = "(null)" Fri Sep 21 15:40:27 2007 : Debug: ldap: access_attr = "(null)" Fri Sep 21 15:40:27 2007 : Debug: ldap: groupname_attribute = "radiusGroupName" Fri Sep 21 15:40:27 2007 : Debug: ldap: groupmembership_filter = "(|(|(uid=%{Stripped-User-Name:-%{User-Name}})(mail=%{Stripped-User-Name:-%{User-Name}}))(mail=%{Stripped-User-Name:-%{User-Name}}@grenoble.cnrs.fr))" Fri Sep 21 15:40:27 2007 : Debug: ldap: groupmembership_attribute = "radiusGroupName" Fri Sep 21 15:40:27 2007 : Debug: ldap: dictionary_mapping = "/etc/freeradius/ldap.attrmap" Fri Sep 21 15:40:27 2007 : Debug: ldap: ldap_debug = 0 Fri Sep 21 15:40:27 2007 : Debug: ldap: ldap_connections_number = 5 Fri Sep 21 15:40:27 2007 : Debug: ldap: compare_check_items = no Fri Sep 21 15:40:27 2007 : Debug: ldap: access_attr_used_for_allow = yes Fri Sep 21 15:40:27 2007 : Debug: ldap: do_xlat = yes Fri Sep 21 15:40:27 2007 : Debug: ldap: edir_account_policy_check = no Fri Sep 21 15:40:27 2007 : Debug: ldap: set_auth_type = yes Fri Sep 21 15:40:27 2007 : Debug: rlm_ldap: Registering ldap_groupcmp for Ldap-Group Fri Sep 21 15:40:27 2007 : Debug: rlm_ldap: Registering ldap_xlat with xlat_name ldap Fri Sep 21 15:40:27 2007 : Debug: rlm_ldap: reading ldap<->radius mappings from file /etc/freeradius/ldap.attrmap Fri Sep 21 15:40:27 2007 : Debug: rlm_ldap: LDAP radiusCheckItem mapped to RADIUS $GENERIC$ Fri Sep 21 15:40:27 2007 : Debug: rlm_ldap: LDAP radiusReplyItem mapped to RADIUS $GENERIC$ Fri Sep 21 15:40:27 2007 : Debug: rlm_ldap: LDAP radiusAuthType mapped to RADIUS Auth-Type Fri Sep 21 15:40:27 2007 : Debug: rlm_ldap: LDAP radiusSimultaneousUse mapped to RADIUS Simultaneous-Use Fri Sep 21 15:40:27 2007 : Debug: rlm_ldap: LDAP radiusCalledStationId mapped to RADIUS Called-Station-Id Fri Sep 21 15:40:27 2007 : Debug: rlm_ldap: LDAP radiusCallingStationId mapped to RADIUS Calling-Station-Id Fri Sep 21 15:40:27 2007 : Debug: rlm_ldap: LDAP lmPassword mapped to RADIUS LM-Password Fri Sep 21 15:40:27 2007 : Debug: rlm_ldap: LDAP ntPassword mapped to RADIUS NT-Password Fri Sep 21 15:40:27 2007 : Debug: rlm_ldap: LDAP acctFlags mapped to RADIUS SMB-Account-CTRL-TEXT Fri Sep 21 15:40:27 2007 : Debug: rlm_ldap: LDAP radiusExpiration mapped to RADIUS Expiration Fri Sep 21 15:40:27 2007 : Debug: rlm_ldap: LDAP radiusNASIpAddress mapped to RADIUS NAS-IP-Address Fri Sep 21 15:40:27 2007 : Debug: rlm_ldap: LDAP radiusServiceType mapped to RADIUS Service-Type Fri Sep 21 15:40:27 2007 : Debug: rlm_ldap: LDAP radiusFramedProtocol mapped to RADIUS Framed-Protocol Fri Sep 21 15:40:27 2007 : Debug: rlm_ldap: LDAP radiusFramedIPAddress mapped to RADIUS Framed-IP-Address Fri Sep 21 15:40:27 2007 : Debug: rlm_ldap: LDAP radiusFramedIPNetmask mapped to RADIUS Framed-IP-Netmask Fri Sep 21 15:40:27 2007 : Debug: rlm_ldap: LDAP radiusFramedRoute mapped to RADIUS Framed-Route Fri Sep 21 15:40:27 2007 : Debug: rlm_ldap: LDAP radiusFramedRouting mapped to RADIUS Framed-Routing Fri Sep 21 15:40:27 2007 : Debug: rlm_ldap: LDAP radiusFilterId mapped to RADIUS Filter-Id Fri Sep 21 15:40:27 2007 : Debug: rlm_ldap: LDAP radiusFramedMTU mapped to RADIUS Framed-MTU Fri Sep 21 15:40:27 2007 : Debug: rlm_ldap: LDAP radiusFramedCompression mapped to RADIUS Framed-Compression Fri Sep 21 15:40:27 2007 : Debug: rlm_ldap: LDAP radiusLoginIPHost mapped to RADIUS Login-IP-Host Fri Sep 21 15:40:27 2007 : Debug: rlm_ldap: LDAP radiusLoginService mapped to RADIUS Login-Service Fri Sep 21 15:40:27 2007 : Debug: rlm_ldap: LDAP radiusLoginTCPPort mapped to RADIUS Login-TCP-Port Fri Sep 21 15:40:27 2007 : Debug: rlm_ldap: LDAP radiusCallbackNumber mapped to RADIUS Callback-Number Fri Sep 21 15:40:27 2007 : Debug: rlm_ldap: LDAP radiusCallbackId mapped to RADIUS Callback-Id Fri Sep 21 15:40:27 2007 : Debug: rlm_ldap: LDAP radiusFramedIPXNetwork mapped to RADIUS Framed-IPX-Network Fri Sep 21 15:40:27 2007 : Debug: rlm_ldap: LDAP radiusClass mapped to RADIUS Class Fri Sep 21 15:40:27 2007 : Debug: rlm_ldap: LDAP radiusSessionTimeout mapped to RADIUS Session-Timeout Fri Sep 21 15:40:27 2007 : Debug: rlm_ldap: LDAP radiusIdleTimeout mapped to RADIUS Idle-Timeout Fri Sep 21 15:40:27 2007 : Debug: rlm_ldap: LDAP radiusTerminationAction mapped to RADIUS Termination-Action Fri Sep 21 15:40:27 2007 : Debug: rlm_ldap: LDAP radiusLoginLATService mapped to RADIUS Login-LAT-Service Fri Sep 21 15:40:27 2007 : Debug: rlm_ldap: LDAP radiusLoginLATNode mapped to RADIUS Login-LAT-Node Fri Sep 21 15:40:27 2007 : Debug: rlm_ldap: LDAP radiusLoginLATGroup mapped to RADIUS Login-LAT-Group Fri Sep 21 15:40:27 2007 : Debug: rlm_ldap: LDAP radiusFramedAppleTalkLink mapped to RADIUS Framed-AppleTalk-Link Fri Sep 21 15:40:27 2007 : Debug: rlm_ldap: LDAP radiusFramedAppleTalkNetwork mapped to RADIUS Framed-AppleTalk-Network Fri Sep 21 15:40:27 2007 : Debug: rlm_ldap: LDAP radiusFramedAppleTalkZone mapped to RADIUS Framed-AppleTalk-Zone Fri Sep 21 15:40:27 2007 : Debug: rlm_ldap: LDAP radiusPortLimit mapped to RADIUS Port-Limit Fri Sep 21 15:40:27 2007 : Debug: rlm_ldap: LDAP radiusLoginLATPort mapped to RADIUS Login-LAT-Port Fri Sep 21 15:40:27 2007 : Debug: rlm_ldap: LDAP radiusReplyMessage mapped to RADIUS Reply-Message Fri Sep 21 15:40:27 2007 : Debug: conns: 0x5555557bc4c0 Fri Sep 21 15:40:27 2007 : Debug: Module: Instantiated ldap (ldap) Fri Sep 21 15:40:27 2007 : Debug: Module: Loaded eap Fri Sep 21 15:40:27 2007 : Debug: eap: default_eap_type = "ttls" Fri Sep 21 15:40:27 2007 : Debug: eap: timer_expire = 60 Fri Sep 21 15:40:27 2007 : Debug: eap: ignore_unknown_eap_types = yes Fri Sep 21 15:40:27 2007 : Debug: eap: cisco_accounting_username_bug = no Fri Sep 21 15:40:27 2007 : Debug: tls: rsa_key_exchange = no Fri Sep 21 15:40:27 2007 : Debug: tls: dh_key_exchange = yes Fri Sep 21 15:40:27 2007 : Debug: tls: rsa_key_length = 512 Fri Sep 21 15:40:27 2007 : Debug: tls: dh_key_length = 512 Fri Sep 21 15:40:27 2007 : Debug: tls: verify_depth = 0 Fri Sep 21 15:40:27 2007 : Debug: tls: CA_path = "(null)" Fri Sep 21 15:40:27 2007 : Debug: tls: pem_file_type = yes Fri Sep 21 15:40:27 2007 : Debug: tls: private_key_file = "/etc/freeradius/certs/radius.grenoble.cnrs.fr.key" Fri Sep 21 15:40:27 2007 : Debug: tls: certificate_file = "/etc/freeradius/certs/radius.grenoble.cnrs.fr.crt" Fri Sep 21 15:40:27 2007 : Debug: tls: CA_file = "/etc/freeradius/certs/CACNRS.pem" Fri Sep 21 15:40:27 2007 : Debug: tls: private_key_password = "(null)" Fri Sep 21 15:40:27 2007 : Debug: tls: dh_file = "/etc/freeradius/certs/dh" Fri Sep 21 15:40:27 2007 : Debug: tls: random_file = "/etc/freeradius/certs/random" Fri Sep 21 15:40:27 2007 : Debug: tls: fragment_size = 1024 Fri Sep 21 15:40:27 2007 : Debug: tls: include_length = yes Fri Sep 21 15:40:27 2007 : Debug: tls: check_crl = no Fri Sep 21 15:40:27 2007 : Debug: tls: check_cert_cn = "(null)" Fri Sep 21 15:40:27 2007 : Debug: tls: cipher_list = "DEFAULT" Fri Sep 21 15:40:27 2007 : Debug: tls: check_cert_issuer = "(null)" Fri Sep 21 15:40:27 2007 : Info: rlm_eap_tls: Loading the certificate file as a chain Fri Sep 21 15:40:27 2007 : Debug: rlm_eap: Loaded and initialized type tls Fri Sep 21 15:40:27 2007 : Debug: ttls: default_eap_type = "md5" Fri Sep 21 15:40:27 2007 : Debug: ttls: copy_request_to_tunnel = yes Fri Sep 21 15:40:27 2007 : Debug: ttls: use_tunneled_reply = yes Fri Sep 21 15:40:27 2007 : Debug: rlm_eap: Loaded and initialized type ttls Fri Sep 21 15:40:27 2007 : Debug: Module: Instantiated eap (eap) Fri Sep 21 15:40:27 2007 : Debug: Module: Loaded preprocess Fri Sep 21 15:40:27 2007 : Debug: preprocess: huntgroups = "/etc/freeradius/huntgroups" Fri Sep 21 15:40:27 2007 : Debug: preprocess: hints = "/etc/freeradius/hints" Fri Sep 21 15:40:27 2007 : Debug: preprocess: with_ascend_hack = no Fri Sep 21 15:40:27 2007 : Debug: preprocess: ascend_channels_per_line = 23 Fri Sep 21 15:40:27 2007 : Debug: preprocess: with_ntdomain_hack = no Fri Sep 21 15:40:27 2007 : Debug: preprocess: with_specialix_jetstream_hack = no Fri Sep 21 15:40:27 2007 : Debug: preprocess: with_cisco_vsa_hack = no Fri Sep 21 15:40:27 2007 : Debug: preprocess: with_alvarion_vsa_hack = no Fri Sep 21 15:40:27 2007 : Debug: Module: Instantiated preprocess (preprocess) Fri Sep 21 15:40:27 2007 : Debug: Module: Loaded realm Fri Sep 21 15:40:27 2007 : Debug: realm: format = "suffix" Fri Sep 21 15:40:27 2007 : Debug: realm: delimiter = "@" Fri Sep 21 15:40:27 2007 : Debug: realm: ignore_default = no Fri Sep 21 15:40:27 2007 : Debug: realm: ignore_null = no Fri Sep 21 15:40:27 2007 : Debug: Module: Instantiated realm (suffix) Fri Sep 21 15:40:27 2007 : Debug: Module: Loaded files Fri Sep 21 15:40:27 2007 : Debug: files: usersfile = "/etc/freeradius/users" Fri Sep 21 15:40:27 2007 : Debug: files: acctusersfile = "/etc/freeradius/acct_users" Fri Sep 21 15:40:27 2007 : Debug: files: preproxy_usersfile = "/etc/freeradius/preproxy_users" Fri Sep 21 15:40:27 2007 : Debug: files: compat = "no" Fri Sep 21 15:40:27 2007 : Debug: Module: Instantiated files (files) Fri Sep 21 15:40:27 2007 : Debug: Module: Loaded PAP Fri Sep 21 15:40:27 2007 : Debug: pap: encryption_scheme = "crypt" Fri Sep 21 15:40:27 2007 : Debug: pap: auto_header = no Fri Sep 21 15:40:27 2007 : Debug: Module: Instantiated pap (pap) Fri Sep 21 15:40:27 2007 : Debug: Module: Loaded Acct-Unique-Session-Id Fri Sep 21 15:40:27 2007 : Debug: acct_unique: key = "User-Name, Acct-Session-Id, NAS-IP-Address, Client-IP-Address, NAS-Port" Fri Sep 21 15:40:27 2007 : Debug: Module: Instantiated acct_unique (acct_unique) Fri Sep 21 15:40:27 2007 : Debug: Module: Loaded detail Fri Sep 21 15:40:27 2007 : Debug: detail: detailfile = "/var/log/freeradius/radacct/%{Client-IP-Address}/detail-%Y%m%d" Fri Sep 21 15:40:27 2007 : Debug: detail: detailperm = 384 Fri Sep 21 15:40:27 2007 : Debug: detail: dirperm = 493 Fri Sep 21 15:40:27 2007 : Debug: detail: locking = no Fri Sep 21 15:40:27 2007 : Debug: Module: Instantiated detail (detail) Fri Sep 21 15:40:27 2007 : Debug: Module: Loaded System Fri Sep 21 15:40:27 2007 : Debug: unix: cache = no Fri Sep 21 15:40:27 2007 : Debug: unix: passwd = "(null)" Fri Sep 21 15:40:27 2007 : Debug: unix: shadow = "(null)" Fri Sep 21 15:40:27 2007 : Debug: unix: group = "(null)" Fri Sep 21 15:40:27 2007 : Debug: unix: radwtmp = "/var/log/freeradius/radwtmp" Fri Sep 21 15:40:27 2007 : Debug: unix: usegroup = no Fri Sep 21 15:40:27 2007 : Debug: unix: cache_reload = 600 Fri Sep 21 15:40:27 2007 : Debug: Module: Instantiated unix (unix) Fri Sep 21 15:40:27 2007 : Debug: Module: Loaded radutmp Fri Sep 21 15:40:27 2007 : Debug: radutmp: filename = "/var/log/freeradius/radutmp" Fri Sep 21 15:40:27 2007 : Debug: radutmp: username = "%{User-Name}" Fri Sep 21 15:40:27 2007 : Debug: radutmp: case_sensitive = yes Fri Sep 21 15:40:27 2007 : Debug: radutmp: check_with_nas = yes Fri Sep 21 15:40:27 2007 : Debug: radutmp: perm = 384 Fri Sep 21 15:40:27 2007 : Debug: radutmp: callerid = yes Fri Sep 21 15:40:27 2007 : Debug: Module: Instantiated radutmp (radutmp) Fri Sep 21 15:40:27 2007 : Debug: Module: Loaded SQL Fri Sep 21 15:40:27 2007 : Debug: sql: driver = "rlm_sql_mysql" Fri Sep 21 15:40:27 2007 : Debug: sql: server = "localhost" Fri Sep 21 15:40:27 2007 : Debug: sql: port = "" Fri Sep 21 15:40:27 2007 : Debug: sql: login = "AcctRadius" Fri Sep 21 15:40:27 2007 : Debug: sql: password = "AcctRadius" Fri Sep 21 15:40:27 2007 : Debug: sql: radius_db = "accounting" Fri Sep 21 15:40:27 2007 : Debug: sql: nas_table = "nas" Fri Sep 21 15:40:27 2007 : Debug: sql: sqltrace = yes Fri Sep 21 15:40:27 2007 : Debug: sql: sqltracefile = "/var/log/freeradius/sqltrace.sql" Fri Sep 21 15:40:27 2007 : Debug: sql: readclients = no Fri Sep 21 15:40:27 2007 : Debug: sql: deletestalesessions = yes Fri Sep 21 15:40:27 2007 : Debug: sql: num_sql_socks = 5 Fri Sep 21 15:40:27 2007 : Debug: sql: sql_user_name = "%{User-Name}" Fri Sep 21 15:40:27 2007 : Debug: sql: default_user_profile = "" Fri Sep 21 15:40:27 2007 : Debug: sql: query_on_not_found = no Fri Sep 21 15:40:27 2007 : Debug: sql: authorize_check_query = "SELECT id, UserName, Attribute, Value, op FROM radcheck WHERE Username = '%{SQL-User-Name}' ORDER BY id" Fri Sep 21 15:40:27 2007 : Debug: sql: authorize_reply_query = "SELECT id, UserName, Attribute, Value, op FROM radreply WHERE Username = '%{SQL-User-Name}' ORDER BY id" Fri Sep 21 15:40:27 2007 : Debug: sql: authorize_group_check_query = "SELECT id, GroupName, Attribute, Value, op FROM radgroupcheck WHERE GroupName = '%{Sql-Group}' ORDER BY id" Fri Sep 21 15:40:27 2007 : Debug: sql: authorize_group_reply_query = "SELECT id, GroupName, Attribute, Value, op FROM radgroupreply WHERE GroupName = '%{Sql-Group}' ORDER BY id" Fri Sep 21 15:40:27 2007 : Debug: sql: accounting_onoff_query = "UPDATE radacct SET AcctStopTime='%S', AcctSessionTime=unix_timestamp('%S') - unix_timestamp(AcctStartTime), AcctTerminateCause='%{Acct-Terminate-Cause}', AcctStopDelay = %{Acct-Delay-Time:-0} WHERE AcctSessionTime=0 AND AcctStopTime=0 AND NASIPAddress= '%{NAS-IP-Address}' AND AcctStartTime <= '%S'" Fri Sep 21 15:40:27 2007 : Debug: sql: accounting_update_query = "UPDATE radacct SET FramedIPAddress = '%{Framed-IP-Address}', AcctSessionTime = '%{Acct-Session-Time}', AcctInputOctets = '%{Acct-Input-Octets}', AcctOutputOctets = '%{Acct-Output-Octets}' WHERE AcctSessionId = '%{Acct-Session-Id}' AND UserName = '%{SQL-User-Name}' AND NASIPAddress= '%{NAS-IP-Address}'" Fri Sep 21 15:40:27 2007 : Debug: sql: accounting_update_query_alt = "INSERT into radacct (AcctSessionId, AcctUniqueId, UserName, Realm, NASIPAddress, NASPortId, NASPortType, AcctStartTime, AcctSessionTime, AcctAuthentic, ConnectInfo_start, AcctInputOctets, AcctOutputOctets, CalledStationId, CallingStationId, ServiceType, FramedProtocol, FramedIPAddress, AcctStartDelay) values('%{Acct-Session-Id}', '%{Acct-Unique-Session-Id}', '%{SQL-User-Name}', '%{Realm}', '%{NAS-IP-Address}', '%{NAS-Port}', '%{NAS-Port-Type}', DATE_SUB('%S',INTERVAL (%{Acct-Session-Time:-0} + %{Acct-Delay-Time:-0}) SECOND), '%{Acct-Session-Time}', '%{Acct-Authentic}', '', '%{Acct-Input-Octets}', '%{Acct-Output-Octets}', '%{Called-Station-Id}', '%{Calling-Station-Id}', '%{Service-Type}', '%{Framed-Protocol}', '%{Framed-IP-Address}', '0')" Fri Sep 21 15:40:27 2007 : Debug: sql: accounting_start_query = "INSERT into radacct (AcctSessionId, AcctUniqueId, UserName, Realm, NASIPAddress, NASPortId, NASPortType, AcctStartTime, AcctStopTime, AcctSessionTime, AcctAuthentic, ConnectInfo_start, ConnectInfo_stop, AcctInputOctets, AcctOutputOctets, CalledStationId, CallingStationId, AcctTerminateCause, ServiceType, FramedProtocol, FramedIPAddress, AcctStartDelay, AcctStopDelay) values('%{Acct-Session-Id}', '%{Acct-Unique-Session-Id}', '%{SQL-User-Name}', '%{Realm}', '%{NAS-IP-Address}', '%{NAS-Port}', '%{NAS-Port-Type}', '%S', '0', '0', '%{Acct-Authentic}', '%{Connect-Info}', '', '0', '0', '%{Called-Station-Id}', '%{Calling-Station-Id}', '', '%{Service-Type}', '%{Framed-Protocol}', '%{Framed-IP-Address}', '%{Acct-Delay-Time:-0}', '0')" Fri Sep 21 15:40:27 2007 : Debug: sql: accounting_start_query_alt = "UPDATE radacct SET AcctStartTime = '%S', AcctStartDelay = '%{Acct-Delay-Time:-0}', ConnectInfo_start = '%{Connect-Info}' WHERE AcctSessionId = '%{Acct-Session-Id}' AND UserName = '%{SQL-User-Name}' AND NASIPAddress = '%{NAS-IP-Address}'" Fri Sep 21 15:40:27 2007 : Debug: sql: accounting_stop_query = "UPDATE radacct SET AcctStopTime = '%S', AcctSessionTime = '%{Acct-Session-Time}', AcctInputOctets = '%{Acct-Input-Octets}', AcctOutputOctets = '%{Acct-Output-Octets}', AcctTerminateCause = '%{Acct-Terminate-Cause}', AcctStopDelay = '%{Acct-Delay-Time:-0}', ConnectInfo_stop = '%{Connect-Info}' WHERE AcctSessionId = '%{Acct-Session-Id}' AND UserName = '%{SQL-User-Name}' AND NASIPAddress = '%{NAS-IP-Address}'" Fri Sep 21 15:40:27 2007 : Debug: sql: accounting_stop_query_alt = "INSERT into radacct (AcctSessionId, AcctUniqueId, UserName, Realm, NASIPAddress, NASPortId, NASPortType, AcctStartTime, AcctStopTime, AcctSessionTime, AcctAuthentic, ConnectInfo_start, ConnectInfo_stop, AcctInputOctets, AcctOutputOctets, CalledStationId, CallingStationId, AcctTerminateCause, ServiceType, FramedProtocol, FramedIPAddress, AcctStartDelay, AcctStopDelay) values('%{Acct-Session-Id}', '%{Acct-Unique-Session-Id}', '%{SQL-User-Name}', '%{Realm}', '%{NAS-IP-Address}', '%{NAS-Port}', '%{NAS-Port-Type}', DATE_SUB('%S', INTERVAL (%{Acct-Session-Time:-0} + %{Acct-Delay-Time:-0}) SECOND), '%S', '%{Acct-Session-Time}', '%{Acct-Authentic}', '', '%{Connect-Info}', '%{Acct-Input-Octets}', '%{Acct-Output-Octets}', '%{Called-Station-Id}', '%{Calling-Station-Id}', '%{Acct-Terminate-Cause}', '%{Service-Type}', '%{Framed-Protocol}', '%{Framed-IP-Address}', '0', '%{Acct-Delay-Time:-0}')" Fri Sep 21 15:40:27 2007 : Debug: sql: group_membership_query = "SELECT GroupName FROM radusergroup WHERE UserName = '%{SQL-User-Name}' ORDER BY priority" Fri Sep 21 15:40:27 2007 : Debug: sql: connect_failure_retry_delay = 60 Fri Sep 21 15:40:27 2007 : Debug: sql: simul_count_query = "" Fri Sep 21 15:40:27 2007 : Debug: sql: simul_verify_query = "SELECT RadAcctId, AcctSessionId, UserName, NASIPAddress, NASPortId, FramedIPAddress, CallingStationId, FramedProtocol FROM radacct WHERE UserName='%{SQL-User-Name}' AND AcctStopTime = 0" Fri Sep 21 15:40:27 2007 : Debug: sql: postauth_query = "INSERT into radpostauth (id, user, pass, reply, date) values ('', '%{User-Name}', '%{User-Password:-Chap-Password}', '%{reply:Packet-Type}', '%S')" Fri Sep 21 15:40:27 2007 : Debug: sql: safe-characters = "@abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789.-_: /" Fri Sep 21 15:40:27 2007 : Info: rlm_sql (sql): Driver rlm_sql_mysql (module rlm_sql_mysql) loaded and linked Fri Sep 21 15:40:27 2007 : Info: rlm_sql (sql): Attempting to connect to AcctRadius@localhost:/accounting Fri Sep 21 15:40:27 2007 : Debug: rlm_sql (sql): starting 0 Fri Sep 21 15:40:27 2007 : Debug: rlm_sql (sql): Attempting to connect rlm_sql_mysql #0 Fri Sep 21 15:40:27 2007 : Info: rlm_sql_mysql: Starting connect to MySQL server for #0 Fri Sep 21 15:40:27 2007 : Debug: rlm_sql (sql): Connected new DB handle, #0 Fri Sep 21 15:40:27 2007 : Debug: rlm_sql (sql): starting 1 Fri Sep 21 15:40:27 2007 : Debug: rlm_sql (sql): Attempting to connect rlm_sql_mysql #1 Fri Sep 21 15:40:27 2007 : Info: rlm_sql_mysql: Starting connect to MySQL server for #1 Fri Sep 21 15:40:27 2007 : Debug: rlm_sql (sql): Connected new DB handle, #1 Fri Sep 21 15:40:27 2007 : Debug: rlm_sql (sql): starting 2 Fri Sep 21 15:40:27 2007 : Debug: rlm_sql (sql): Attempting to connect rlm_sql_mysql #2 Fri Sep 21 15:40:27 2007 : Info: rlm_sql_mysql: Starting connect to MySQL server for #2 Fri Sep 21 15:40:27 2007 : Debug: rlm_sql (sql): Connected new DB handle, #2 Fri Sep 21 15:40:27 2007 : Debug: rlm_sql (sql): starting 3 Fri Sep 21 15:40:27 2007 : Debug: rlm_sql (sql): Attempting to connect rlm_sql_mysql #3 Fri Sep 21 15:40:27 2007 : Info: rlm_sql_mysql: Starting connect to MySQL server for #3 Fri Sep 21 15:40:27 2007 : Debug: rlm_sql (sql): Connected new DB handle, #3 Fri Sep 21 15:40:27 2007 : Debug: rlm_sql (sql): starting 4 Fri Sep 21 15:40:27 2007 : Debug: rlm_sql (sql): Attempting to connect rlm_sql_mysql #4 Fri Sep 21 15:40:27 2007 : Info: rlm_sql_mysql: Starting connect to MySQL server for #4 Fri Sep 21 15:40:27 2007 : Debug: rlm_sql (sql): Connected new DB handle, #4 Fri Sep 21 15:40:27 2007 : Debug: Module: Instantiated sql (sql) Fri Sep 21 15:40:27 2007 : Debug: Module: Loaded attr_filter Fri Sep 21 15:40:27 2007 : Debug: attr_filter: attrsfile = "/etc/freeradius/attrs.accounting_response" Fri Sep 21 15:40:27 2007 : Error: rlm_attr_filter: Authorize method will be deprecated. Fri Sep 21 15:40:27 2007 : Debug: Module: Instantiated attr_filter (attr_filter.accounting_response) Fri Sep 21 15:40:27 2007 : Debug: detail: detailfile = "/var/log/freeradius/radacct/%{Client-IP-Address}/pre-proxy-detail-%Y%m%d" Fri Sep 21 15:40:27 2007 : Debug: detail: detailperm = 384 Fri Sep 21 15:40:27 2007 : Debug: detail: dirperm = 493 Fri Sep 21 15:40:27 2007 : Debug: detail: locking = no Fri Sep 21 15:40:27 2007 : Debug: Module: Instantiated detail (pre_proxy_log) Fri Sep 21 15:40:27 2007 : Debug: detail: detailfile = "/var/log/freeradius/radacct/%{Client-IP-Address}/post-proxy-detail-%Y%m%d" Fri Sep 21 15:40:27 2007 : Debug: detail: detailperm = 384 Fri Sep 21 15:40:27 2007 : Debug: detail: dirperm = 493 Fri Sep 21 15:40:27 2007 : Debug: detail: locking = no Fri Sep 21 15:40:27 2007 : Debug: Module: Instantiated detail (post_proxy_log) Fri Sep 21 15:40:27 2007 : Debug: attr_filter: attrsfile = "/etc/freeradius/attrs" Fri Sep 21 15:40:27 2007 : Error: rlm_attr_filter: Authorize method will be deprecated. Fri Sep 21 15:40:27 2007 : Debug: Module: Instantiated attr_filter (attr_filter.post-proxy) Fri Sep 21 15:40:27 2007 : Debug: detail: detailfile = "/var/log/freeradius/radacct/%{Client-IP-Address}/post-proxy-detail-%Y%m%d-filtre" Fri Sep 21 15:40:27 2007 : Debug: detail: detailperm = 384 Fri Sep 21 15:40:27 2007 : Debug: detail: dirperm = 493 Fri Sep 21 15:40:27 2007 : Debug: detail: locking = no Fri Sep 21 15:40:27 2007 : Debug: Module: Instantiated detail (post_proxy_log_filtre) Fri Sep 21 15:40:27 2007 : Debug: Listening on authentication *:1812 Fri Sep 21 15:40:27 2007 : Debug: Listening on accounting *:1813 Fri Sep 21 15:40:27 2007 : Debug: Listening on proxy *:1814 Fri Sep 21 15:40:27 2007 : Info: Ready to process requests. rad_recv: Accounting-Request packet from host 147.173.1.16:1814, id=23, length=229 NAS-IP-Address = 147.173.3.58 NAS-Port = 50014 NAS-Port-Type = Ethernet User-Name = "richard.heral@grenoble.cnrs.fr" Called-Station-Id = "00-09-7C-76-5D-8E" Calling-Station-Id = "00-30-13-C5-96-6D" Acct-Status-Type = Stop Acct-Authentic = RADIUS Acct-Session-Id = "147.173.3.58 richard.heral@grenoble.cnrs.fr 03/01/93 22:26:21 0000000A" Acct-Terminate-Cause = Port-Error Acct-Input-Octets = 6361 Acct-Output-Octets = 8891 Acct-Session-Time = 31 Acct-Delay-Time = 0 Proxy-State = 0x3136 Proxy-State = 0x31 Fri Sep 21 15:40:30 2007 : Debug: Processing the preacct section of radiusd.conf Fri Sep 21 15:40:30 2007 : Debug: modcall: entering group preacct for request 0 Fri Sep 21 15:40:30 2007 : Debug: modsingle[preacct]: calling preprocess (rlm_preprocess) for request 0 Fri Sep 21 15:40:30 2007 : Debug: modsingle[preacct]: returned from preprocess (rlm_preprocess) for request 0 Fri Sep 21 15:40:30 2007 : Debug: modcall[preacct]: module "preprocess" returns noop for request 0 Fri Sep 21 15:40:30 2007 : Debug: modsingle[preacct]: calling acct_unique (rlm_acct_unique) for request 0 Fri Sep 21 15:40:30 2007 : Debug: rlm_acct_unique: Hashing 'NAS-Port = 50014,Client-IP-Address = 147.173.1.16,NAS-IP-Address = 147.173.3.58,Acct-Session-Id = "147.173.3.58 richard.heral@grenoble.cnrs.fr 03/01/93 22:26:21 0000000A",User-Name = "richard.heral@grenoble.cnrs.fr"' Fri Sep 21 15:40:30 2007 : Debug: rlm_acct_unique: Acct-Unique-Session-ID = "ce177903f575bfa0". Fri Sep 21 15:40:30 2007 : Debug: modsingle[preacct]: returned from acct_unique (rlm_acct_unique) for request 0 Fri Sep 21 15:40:30 2007 : Debug: modcall[preacct]: module "acct_unique" returns ok for request 0 Fri Sep 21 15:40:30 2007 : Debug: modsingle[preacct]: calling suffix (rlm_realm) for request 0 Fri Sep 21 15:40:30 2007 : Debug: rlm_realm: Looking up realm "grenoble.cnrs.fr" for User-Name = "richard.heral@grenoble.cnrs.fr" Fri Sep 21 15:40:30 2007 : Debug: rlm_realm: Found realm "grenoble.cnrs.fr" Fri Sep 21 15:40:30 2007 : Debug: rlm_realm: Proxying request from user richard.heral to realm grenoble.cnrs.fr Fri Sep 21 15:40:30 2007 : Debug: rlm_realm: Adding Realm = "grenoble.cnrs.fr" Fri Sep 21 15:40:30 2007 : Debug: rlm_realm: Accounting realm is LOCAL. Fri Sep 21 15:40:30 2007 : Debug: modsingle[preacct]: returned from suffix (rlm_realm) for request 0 Fri Sep 21 15:40:30 2007 : Debug: modcall[preacct]: module "suffix" returns noop for request 0 Fri Sep 21 15:40:30 2007 : Debug: modsingle[preacct]: calling files (rlm_files) for request 0 Fri Sep 21 15:40:30 2007 : Debug: modsingle[preacct]: returned from files (rlm_files) for request 0 Fri Sep 21 15:40:30 2007 : Debug: modcall[preacct]: module "files" returns noop for request 0 Fri Sep 21 15:40:30 2007 : Debug: modcall: leaving group preacct (returns ok) for request 0 Fri Sep 21 15:40:30 2007 : Debug: Processing the accounting section of radiusd.conf Fri Sep 21 15:40:30 2007 : Debug: modcall: entering group accounting for request 0 Fri Sep 21 15:40:30 2007 : Debug: modsingle[accounting]: calling detail (rlm_detail) for request 0 Fri Sep 21 15:40:30 2007 : Debug: radius_xlat: '/var/log/freeradius/radacct/147.173.1.16/detail-20070921' Fri Sep 21 15:40:30 2007 : Debug: rlm_detail: /var/log/freeradius/radacct/%{Client-IP-Address}/detail-%Y%m%d expands to /var/log/freeradius/radacct/147.173.1.16/detail-20070921 Fri Sep 21 15:40:30 2007 : Debug: modsingle[accounting]: returned from detail (rlm_detail) for request 0 Fri Sep 21 15:40:30 2007 : Debug: modcall[accounting]: module "detail" returns ok for request 0 Fri Sep 21 15:40:30 2007 : Debug: modsingle[accounting]: calling unix (rlm_unix) for request 0 Fri Sep 21 15:40:30 2007 : Debug: modsingle[accounting]: returned from unix (rlm_unix) for request 0 Fri Sep 21 15:40:30 2007 : Debug: modcall[accounting]: module "unix" returns ok for request 0 Fri Sep 21 15:40:30 2007 : Debug: modsingle[accounting]: calling radutmp (rlm_radutmp) for request 0 Fri Sep 21 15:40:30 2007 : Debug: radius_xlat: '/var/log/freeradius/radutmp' Fri Sep 21 15:40:30 2007 : Debug: radius_xlat: 'richard.heral@grenoble.cnrs.fr' Fri Sep 21 15:40:30 2007 : Debug: modsingle[accounting]: returned from radutmp (rlm_radutmp) for request 0 Fri Sep 21 15:40:30 2007 : Debug: modcall[accounting]: module "radutmp" returns ok for request 0 Fri Sep 21 15:40:30 2007 : Debug: modsingle[accounting]: calling sql (rlm_sql) for request 0 Fri Sep 21 15:40:30 2007 : Debug: radius_xlat: 'richard.heral@grenoble.cnrs.fr' Fri Sep 21 15:40:30 2007 : Debug: rlm_sql (sql): sql_set_user escaped user --> 'richard.heral@grenoble.cnrs.fr' Fri Sep 21 15:40:30 2007 : Debug: radius_xlat: 'UPDATE radacct SET AcctStopTime = '2007-09-21 15:40:30', AcctSessionTime = '31', AcctInputOctets = '6361', AcctOutputOctets = '8891', AcctTerminateCause = 'Port-Error', AcctStopDelay = '0', ConnectInfo_stop = '' WHERE AcctSessionId = '147.173.3.58 richard.heral@grenoble.cnrs.fr 03/01/93 22:26:21 0000000A' AND UserName = 'richard.heral@grenoble.cnrs.fr' AND NASIPAddress = '147.173.3.58'' Fri Sep 21 15:40:30 2007 : Debug: radius_xlat: '/var/log/freeradius/sqltrace.sql' Fri Sep 21 15:40:30 2007 : Debug: rlm_sql (sql): Reserving sql socket id: 4 Fri Sep 21 15:40:30 2007 : Debug: rlm_sql_mysql: query: UPDATE radacct SET AcctStopTime = '2007-09-21 15:40:30', AcctSessionTime = '31', AcctInputOctets = '6361', AcctOutputOctets = '8891', AcctTerminateCause = 'Port-Error', AcctStopDelay = '0', ConnectInfo_stop = '' WHERE AcctSessionId = '147.173.3.58 richard.heral@grenoble.cnrs.fr 03/01/93 22:26:21 0000000A' AND UserName = 'richard.heral@grenoble.cnrs.fr' AND NASIPAddress = '147.173.3.58' Fri Sep 21 15:40:30 2007 : Debug: rlm_sql (sql): Released sql socket id: 4 Fri Sep 21 15:40:30 2007 : Debug: modsingle[accounting]: returned from sql (rlm_sql) for request 0 Fri Sep 21 15:40:30 2007 : Debug: modcall[accounting]: module "sql" returns ok for request 0 Fri Sep 21 15:40:30 2007 : Debug: modsingle[accounting]: calling attr_filter.accounting_response (rlm_attr_filter) for request 0 Fri Sep 21 15:40:30 2007 : Debug: attr_filter: Matched entry DEFAULT at line 12 Fri Sep 21 15:40:30 2007 : Debug: modsingle[accounting]: returned from attr_filter.accounting_response (rlm_attr_filter) for request 0 Fri Sep 21 15:40:30 2007 : Debug: modcall[accounting]: module "attr_filter.accounting_response" returns updated for request 0 Fri Sep 21 15:40:30 2007 : Debug: modcall: leaving group accounting (returns updated) for request 0 Sending Accounting-Response of id 23 to 147.173.1.16 port 1814 Proxy-State = 0x3136 Proxy-State = 0x31 Fri Sep 21 15:40:30 2007 : Debug: Finished request 0 Fri Sep 21 15:40:30 2007 : Debug: Going to the next request Fri Sep 21 15:40:30 2007 : Debug: --- Walking the entire request list --- Fri Sep 21 15:40:30 2007 : Debug: Waking up in 6 seconds... Fri Sep 21 15:40:36 2007 : Debug: --- Walking the entire request list --- Fri Sep 21 15:40:36 2007 : Debug: Cleaning up request 0 ID 23 with timestamp 46f3c9ce Fri Sep 21 15:40:36 2007 : Debug: Nothing to do. Sleeping until we see a request. rad_recv: Access-Request packet from host 147.173.1.16:1814, id=242, length=172 NAS-IP-Address = 147.173.3.58 NAS-Port = 50014 NAS-Port-Type = Ethernet User-Name = "dom.test@grenoble.cnrs.fr" Called-Station-Id = "00-09-7C-76-5D-8E" Calling-Station-Id = "00-30-13-C5-96-6D" Service-Type = Framed-User Framed-MTU = 1500 EAP-Message = 0x0200001e01646f6d2e74657374406772656e6f626c652e636e72732e6672 Message-Authenticator = 0x2750442c42bbf509712befa5599f0439 Proxy-State = 0x3138 Proxy-State = 0x36 Fri Sep 21 15:40:45 2007 : Debug: Processing the authorize section of radiusd.conf Fri Sep 21 15:40:45 2007 : Debug: modcall: entering group authorize for request 1 Fri Sep 21 15:40:45 2007 : Debug: modsingle[authorize]: calling preprocess (rlm_preprocess) for request 1 Fri Sep 21 15:40:45 2007 : Debug: modsingle[authorize]: returned from preprocess (rlm_preprocess) for request 1 Fri Sep 21 15:40:45 2007 : Debug: modcall[authorize]: module "preprocess" returns ok for request 1 Fri Sep 21 15:40:45 2007 : Debug: modsingle[authorize]: calling suffix (rlm_realm) for request 1 Fri Sep 21 15:40:45 2007 : Debug: rlm_realm: Looking up realm "grenoble.cnrs.fr" for User-Name = "dom.test@grenoble.cnrs.fr" Fri Sep 21 15:40:45 2007 : Debug: rlm_realm: Found realm "grenoble.cnrs.fr" Fri Sep 21 15:40:45 2007 : Debug: rlm_realm: Proxying request from user dom.test to realm grenoble.cnrs.fr Fri Sep 21 15:40:45 2007 : Debug: rlm_realm: Adding Realm = "grenoble.cnrs.fr" Fri Sep 21 15:40:45 2007 : Debug: rlm_realm: Authentication realm is LOCAL. Fri Sep 21 15:40:45 2007 : Debug: modsingle[authorize]: returned from suffix (rlm_realm) for request 1 Fri Sep 21 15:40:45 2007 : Debug: modcall[authorize]: module "suffix" returns noop for request 1 Fri Sep 21 15:40:45 2007 : Debug: modsingle[authorize]: calling eap (rlm_eap) for request 1 Fri Sep 21 15:40:45 2007 : Debug: rlm_eap: EAP packet type response id 0 length 30 Fri Sep 21 15:40:45 2007 : Debug: rlm_eap: No EAP Start, assuming it's an on-going EAP conversation Fri Sep 21 15:40:45 2007 : Debug: modsingle[authorize]: returned from eap (rlm_eap) for request 1 Fri Sep 21 15:40:45 2007 : Debug: modcall[authorize]: module "eap" returns updated for request 1 Fri Sep 21 15:40:45 2007 : Debug: modsingle[authorize]: calling files (rlm_files) for request 1 Fri Sep 21 15:40:45 2007 : Debug: users: Matched entry DEFAULT at line 257 Fri Sep 21 15:40:45 2007 : Debug: modsingle[authorize]: returned from files (rlm_files) for request 1 Fri Sep 21 15:40:45 2007 : Debug: modcall[authorize]: module "files" returns ok for request 1 Fri Sep 21 15:40:45 2007 : Debug: modsingle[authorize]: calling pap (rlm_pap) for request 1 Fri Sep 21 15:40:45 2007 : Debug: rlm_pap: WARNING! No "known good" password found for the user. Authentication may fail because of this. Fri Sep 21 15:40:45 2007 : Debug: modsingle[authorize]: returned from pap (rlm_pap) for request 1 Fri Sep 21 15:40:45 2007 : Debug: modcall[authorize]: module "pap" returns noop for request 1 Fri Sep 21 15:40:45 2007 : Debug: modcall: leaving group authorize (returns updated) for request 1 Fri Sep 21 15:40:45 2007 : Debug: rad_check_password: Found Auth-Type EAP Fri Sep 21 15:40:45 2007 : Debug: auth: type "EAP" Fri Sep 21 15:40:45 2007 : Debug: Processing the authenticate section of radiusd.conf Fri Sep 21 15:40:45 2007 : Debug: modcall: entering group authenticate for request 1 Fri Sep 21 15:40:45 2007 : Debug: modsingle[authenticate]: calling eap (rlm_eap) for request 1 Fri Sep 21 15:40:45 2007 : Debug: rlm_eap: EAP Identity Fri Sep 21 15:40:45 2007 : Debug: rlm_eap: processing type tls Fri Sep 21 15:40:45 2007 : Debug: rlm_eap_tls: Initiate Fri Sep 21 15:40:45 2007 : Debug: rlm_eap_tls: Start returned 1 Fri Sep 21 15:40:45 2007 : Debug: modsingle[authenticate]: returned from eap (rlm_eap) for request 1 Fri Sep 21 15:40:45 2007 : Debug: modcall[authenticate]: module "eap" returns handled for request 1 Fri Sep 21 15:40:45 2007 : Debug: modcall: leaving group authenticate (returns handled) for request 1 Sending Access-Challenge of id 242 to 147.173.1.16 port 1814 EAP-Message = 0x010100061520 Message-Authenticator = 0x00000000000000000000000000000000 State = 0xc1bf523deec9a4aa2174f433f325efc4 Proxy-State = 0x3138 Proxy-State = 0x36 Fri Sep 21 15:40:45 2007 : Debug: Finished request 1 Fri Sep 21 15:40:45 2007 : Debug: Going to the next request Fri Sep 21 15:40:45 2007 : Debug: --- Walking the entire request list --- Fri Sep 21 15:40:45 2007 : Debug: Waking up in 6 seconds... rad_recv: Access-Request packet from host 147.173.1.16:1814, id=243, length=220 NAS-IP-Address = 147.173.3.58 NAS-Port = 50014 NAS-Port-Type = Ethernet User-Name = "dom.test@grenoble.cnrs.fr" Called-Station-Id = "00-09-7C-76-5D-8E" Calling-Station-Id = "00-30-13-C5-96-6D" Service-Type = Framed-User Framed-MTU = 1500 State = 0xc1bf523deec9a4aa2174f433f325efc4 EAP-Message = 0x0201003c158000000032160301002d010000290301644599ad88d04f64c3ac2e44970f9154e94f5a15fac13b61445e82a90496abc8000002000a0100 Message-Authenticator = 0x1d803f3c840e6c52b1da45579028001d Proxy-State = 0x3139 Proxy-State = 0x37 Fri Sep 21 15:40:45 2007 : Debug: Processing the authorize section of radiusd.conf Fri Sep 21 15:40:45 2007 : Debug: modcall: entering group authorize for request 2 Fri Sep 21 15:40:45 2007 : Debug: modsingle[authorize]: calling preprocess (rlm_preprocess) for request 2 Fri Sep 21 15:40:45 2007 : Debug: modsingle[authorize]: returned from preprocess (rlm_preprocess) for request 2 Fri Sep 21 15:40:45 2007 : Debug: modcall[authorize]: module "preprocess" returns ok for request 2 Fri Sep 21 15:40:45 2007 : Debug: modsingle[authorize]: calling suffix (rlm_realm) for request 2 Fri Sep 21 15:40:45 2007 : Debug: rlm_realm: Looking up realm "grenoble.cnrs.fr" for User-Name = "dom.test@grenoble.cnrs.fr" Fri Sep 21 15:40:45 2007 : Debug: rlm_realm: Found realm "grenoble.cnrs.fr" Fri Sep 21 15:40:45 2007 : Debug: rlm_realm: Proxying request from user dom.test to realm grenoble.cnrs.fr Fri Sep 21 15:40:45 2007 : Debug: rlm_realm: Adding Realm = "grenoble.cnrs.fr" Fri Sep 21 15:40:45 2007 : Debug: rlm_realm: Authentication realm is LOCAL. Fri Sep 21 15:40:45 2007 : Debug: modsingle[authorize]: returned from suffix (rlm_realm) for request 2 Fri Sep 21 15:40:45 2007 : Debug: modcall[authorize]: module "suffix" returns noop for request 2 Fri Sep 21 15:40:45 2007 : Debug: modsingle[authorize]: calling eap (rlm_eap) for request 2 Fri Sep 21 15:40:45 2007 : Debug: rlm_eap: EAP packet type response id 1 length 60 Fri Sep 21 15:40:45 2007 : Debug: rlm_eap: No EAP Start, assuming it's an on-going EAP conversation Fri Sep 21 15:40:45 2007 : Debug: modsingle[authorize]: returned from eap (rlm_eap) for request 2 Fri Sep 21 15:40:45 2007 : Debug: modcall[authorize]: module "eap" returns updated for request 2 Fri Sep 21 15:40:45 2007 : Debug: modsingle[authorize]: calling files (rlm_files) for request 2 Fri Sep 21 15:40:45 2007 : Debug: users: Matched entry DEFAULT at line 257 Fri Sep 21 15:40:45 2007 : Debug: modsingle[authorize]: returned from files (rlm_files) for request 2 Fri Sep 21 15:40:45 2007 : Debug: modcall[authorize]: module "files" returns ok for request 2 Fri Sep 21 15:40:45 2007 : Debug: modsingle[authorize]: calling pap (rlm_pap) for request 2 Fri Sep 21 15:40:45 2007 : Debug: rlm_pap: WARNING! No "known good" password found for the user. Authentication may fail because of this. Fri Sep 21 15:40:45 2007 : Debug: modsingle[authorize]: returned from pap (rlm_pap) for request 2 Fri Sep 21 15:40:45 2007 : Debug: modcall[authorize]: module "pap" returns noop for request 2 Fri Sep 21 15:40:45 2007 : Debug: modcall: leaving group authorize (returns updated) for request 2 Fri Sep 21 15:40:45 2007 : Debug: rad_check_password: Found Auth-Type EAP Fri Sep 21 15:40:45 2007 : Debug: auth: type "EAP" Fri Sep 21 15:40:45 2007 : Debug: Processing the authenticate section of radiusd.conf Fri Sep 21 15:40:45 2007 : Debug: modcall: entering group authenticate for request 2 Fri Sep 21 15:40:45 2007 : Debug: modsingle[authenticate]: calling eap (rlm_eap) for request 2 Fri Sep 21 15:40:45 2007 : Debug: rlm_eap: Request found, released from the list Fri Sep 21 15:40:45 2007 : Debug: rlm_eap: EAP/ttls Fri Sep 21 15:40:45 2007 : Debug: rlm_eap: processing type ttls Fri Sep 21 15:40:45 2007 : Debug: rlm_eap_ttls: Authenticate Fri Sep 21 15:40:45 2007 : Debug: rlm_eap_tls: processing TLS Fri Sep 21 15:40:45 2007 : Debug: rlm_eap_tls: Length Included Fri Sep 21 15:40:45 2007 : Debug: eaptls_verify returned 11 Fri Sep 21 15:40:45 2007 : Debug: (other): before/accept initialization Fri Sep 21 15:40:45 2007 : Debug: TLS_accept: before/accept initialization Fri Sep 21 15:40:45 2007 : Debug: rlm_eap_tls: <<< TLS 1.0 Handshake [length 002d], ClientHello Fri Sep 21 15:40:45 2007 : Debug: TLS_accept: SSLv3 read client hello A Fri Sep 21 15:40:45 2007 : Debug: rlm_eap_tls: >>> TLS 1.0 Handshake [length 004a], ServerHello Fri Sep 21 15:40:45 2007 : Debug: TLS_accept: SSLv3 write server hello A Fri Sep 21 15:40:45 2007 : Debug: rlm_eap_tls: >>> TLS 1.0 Handshake [length 0af4], Certificate Fri Sep 21 15:40:45 2007 : Debug: TLS_accept: SSLv3 write certificate A Fri Sep 21 15:40:45 2007 : Debug: rlm_eap_tls: >>> TLS 1.0 Handshake [length 0004], ServerHelloDone Fri Sep 21 15:40:45 2007 : Debug: TLS_accept: SSLv3 write server done A Fri Sep 21 15:40:45 2007 : Debug: TLS_accept: SSLv3 flush data Fri Sep 21 15:40:45 2007 : Debug: TLS_accept: Need to read more data: SSLv3 read client certificate A Fri Sep 21 15:40:45 2007 : Debug: In SSL Handshake Phase Fri Sep 21 15:40:45 2007 : Debug: In SSL Accept mode Fri Sep 21 15:40:45 2007 : Debug: eaptls_process returned 13 Fri Sep 21 15:40:45 2007 : Debug: modsingle[authenticate]: returned from eap (rlm_eap) for request 2 Fri Sep 21 15:40:45 2007 : Debug: modcall[authenticate]: module "eap" returns handled for request 2 Fri Sep 21 15:40:45 2007 : Debug: modcall: leaving group authenticate (returns handled) for request 2 Sending Access-Challenge of id 243 to 147.173.1.16 port 1814 EAP-Message = 0x0102040a15c000000b51160301004a02000046030146f3c9dde72f24fd746213499e55773bc781cbc2266b192c4ee22c044728fbf320381180fc221c97561a1fe96bd3deda5a30827a99c445790aa6029a40c75dbb0a000a001603010af40b000af0000aed00040b30820407308202efa00302010202022aa9300d06092a864886f70d01010505003034310b3009060355040613024652310d300b060355040a1304434e5253311630140603550403130d434e52532d5374616e64617264301e170d3035313133303130323130305a170d3037313133303130323130305a3074310b3009060355040613024652310d300b060355040a1304434e525331 EAP-Message = 0x0e300c060355040b130555505231313120301e060355040313177261646975732e6772656e6f626c652e636e72732e66723124302206092a864886f70d010901161563726963406772656e6f626c652e636e72732e667230819f300d06092a864886f70d010101050003818d0030818902818100df35c7c5f7a9736b6ef45af154865888cb1feb2db74bee23a5d120e00d78f8776297efd28914c82b5e6253cf51b3b30b400dcadf9f96cf661554915043065443c6e22931cfb82ac8fd6af4a31083a57df1b5ac8a604d05e6bc3a02dd1f2b2570cc757346d93c1e8ddcb9f3f24042bcea5f731598f278f8715d1ea042580c3a930203010001a3820165 EAP-Message = 0x30820161300c0603551d130101ff04023000301106096086480186f84201010404030206c0300e0603551d0f0101ff0404030205e0301d0603551d250416301406082b0601050507030106082b06010505070302302f06096086480186f842010d0422162043657274696669636174207365727665757220434e52532d5374616e64617264301d0603551d0e04160414b201d9549927db5f2e5410d6b2b65ead9d77670c30530603551d23044c304a80146759a5e507744903ef05cfcc2ea418d510c89e3ca12fa42d302b310b3009060355040613024652310d300b060355040a1304434e5253310d300b06035504031304434e525382010230220603 EAP-Message = 0x551d11041b301982177261646975732e6772656e6f626c652e636e72732e667230460603551d1f043f303d303ba039a0378635687474703a2f2f63726c732e73657276696365732e636e72732e66722f434e52532d5374616e646172642f6765746465722e63726c300d06092a864886f70d010105050003820101000e12aad10f16c2e9e9dbc19673908f0168a4223139663ab18dadeecdd7106cdedd0f232c94b8e29cfe170ed0c2635518ac66b75bfff4e4cafb094c50eaef77d7990c9a75eda36f4cfb378188fe77368baab090f41d03742ca7c33eae07d8cd96d7268429385a1be32ee728175463a20e171d756011031039315a4b6a0c8923e9aa EAP-Message = 0x4f960ff197f0e929a194b0af6b8d41ce78620d7ef1d0 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x0f18305408ded7e1486fb84dd3904311 Proxy-State = 0x3139 Proxy-State = 0x37 Fri Sep 21 15:40:45 2007 : Debug: Finished request 2 Fri Sep 21 15:40:45 2007 : Debug: Going to the next request Fri Sep 21 15:40:45 2007 : Debug: Waking up in 6 seconds... rad_recv: Access-Request packet from host 147.173.1.16:1814, id=244, length=166 NAS-IP-Address = 147.173.3.58 NAS-Port = 50014 NAS-Port-Type = Ethernet User-Name = "dom.test@grenoble.cnrs.fr" Called-Station-Id = "00-09-7C-76-5D-8E" Calling-Station-Id = "00-30-13-C5-96-6D" Service-Type = Framed-User Framed-MTU = 1500 State = 0x0f18305408ded7e1486fb84dd3904311 EAP-Message = 0x020200061500 Message-Authenticator = 0x8120c2b87f108152aeed5d6139595cb8 Proxy-State = 0x3230 Proxy-State = 0x38 Fri Sep 21 15:40:45 2007 : Debug: Processing the authorize section of radiusd.conf Fri Sep 21 15:40:45 2007 : Debug: modcall: entering group authorize for request 3 Fri Sep 21 15:40:45 2007 : Debug: modsingle[authorize]: calling preprocess (rlm_preprocess) for request 3 Fri Sep 21 15:40:45 2007 : Debug: modsingle[authorize]: returned from preprocess (rlm_preprocess) for request 3 Fri Sep 21 15:40:45 2007 : Debug: modcall[authorize]: module "preprocess" returns ok for request 3 Fri Sep 21 15:40:45 2007 : Debug: modsingle[authorize]: calling suffix (rlm_realm) for request 3 Fri Sep 21 15:40:45 2007 : Debug: rlm_realm: Looking up realm "grenoble.cnrs.fr" for User-Name = "dom.test@grenoble.cnrs.fr" Fri Sep 21 15:40:45 2007 : Debug: rlm_realm: Found realm "grenoble.cnrs.fr" Fri Sep 21 15:40:45 2007 : Debug: rlm_realm: Proxying request from user dom.test to realm grenoble.cnrs.fr Fri Sep 21 15:40:45 2007 : Debug: rlm_realm: Adding Realm = "grenoble.cnrs.fr" Fri Sep 21 15:40:45 2007 : Debug: rlm_realm: Authentication realm is LOCAL. Fri Sep 21 15:40:45 2007 : Debug: modsingle[authorize]: returned from suffix (rlm_realm) for request 3 Fri Sep 21 15:40:45 2007 : Debug: modcall[authorize]: module "suffix" returns noop for request 3 Fri Sep 21 15:40:45 2007 : Debug: modsingle[authorize]: calling eap (rlm_eap) for request 3 Fri Sep 21 15:40:45 2007 : Debug: rlm_eap: EAP packet type response id 2 length 6 Fri Sep 21 15:40:45 2007 : Debug: rlm_eap: No EAP Start, assuming it's an on-going EAP conversation Fri Sep 21 15:40:45 2007 : Debug: modsingle[authorize]: returned from eap (rlm_eap) for request 3 Fri Sep 21 15:40:45 2007 : Debug: modcall[authorize]: module "eap" returns updated for request 3 Fri Sep 21 15:40:45 2007 : Debug: modsingle[authorize]: calling files (rlm_files) for request 3 Fri Sep 21 15:40:45 2007 : Debug: users: Matched entry DEFAULT at line 257 Fri Sep 21 15:40:45 2007 : Debug: modsingle[authorize]: returned from files (rlm_files) for request 3 Fri Sep 21 15:40:45 2007 : Debug: modcall[authorize]: module "files" returns ok for request 3 Fri Sep 21 15:40:45 2007 : Debug: modsingle[authorize]: calling pap (rlm_pap) for request 3 Fri Sep 21 15:40:45 2007 : Debug: rlm_pap: WARNING! No "known good" password found for the user. Authentication may fail because of this. Fri Sep 21 15:40:45 2007 : Debug: modsingle[authorize]: returned from pap (rlm_pap) for request 3 Fri Sep 21 15:40:45 2007 : Debug: modcall[authorize]: module "pap" returns noop for request 3 Fri Sep 21 15:40:45 2007 : Debug: modcall: leaving group authorize (returns updated) for request 3 Fri Sep 21 15:40:45 2007 : Debug: rad_check_password: Found Auth-Type EAP Fri Sep 21 15:40:45 2007 : Debug: auth: type "EAP" Fri Sep 21 15:40:45 2007 : Debug: Processing the authenticate section of radiusd.conf Fri Sep 21 15:40:45 2007 : Debug: modcall: entering group authenticate for request 3 Fri Sep 21 15:40:45 2007 : Debug: modsingle[authenticate]: calling eap (rlm_eap) for request 3 Fri Sep 21 15:40:45 2007 : Debug: rlm_eap: Request found, released from the list Fri Sep 21 15:40:45 2007 : Debug: rlm_eap: EAP/ttls Fri Sep 21 15:40:45 2007 : Debug: rlm_eap: processing type ttls Fri Sep 21 15:40:45 2007 : Debug: rlm_eap_ttls: Authenticate Fri Sep 21 15:40:45 2007 : Debug: rlm_eap_tls: processing TLS Fri Sep 21 15:40:45 2007 : Debug: rlm_eap_tls: Received EAP-TLS ACK message Fri Sep 21 15:40:45 2007 : Debug: rlm_eap_tls: ack handshake fragment handler Fri Sep 21 15:40:45 2007 : Debug: eaptls_verify returned 1 Fri Sep 21 15:40:45 2007 : Debug: eaptls_process returned 13 Fri Sep 21 15:40:45 2007 : Debug: modsingle[authenticate]: returned from eap (rlm_eap) for request 3 Fri Sep 21 15:40:45 2007 : Debug: modcall[authenticate]: module "eap" returns handled for request 3 Fri Sep 21 15:40:45 2007 : Debug: modcall: leaving group authenticate (returns handled) for request 3 Sending Access-Challenge of id 244 to 147.173.1.16 port 1814 EAP-Message = 0x0103040a15c000000b51aef2010152718af34680242d09db9cfb824a49fb9fa25efb658d57bbf5f56d38a151404c9c6d6e5c14f1d82b180210568b32f2c8543ef9c3ae4ea1d535f7a1fc050ee430fa5d23db9663fa14e907f1f7fd32049d94f09fc1b959718cd615361b16db16dc7122bb17d80003713082036d30820255a003020102020102300d06092a864886f70d0101040500302b310b3009060355040613024652310d300b060355040a1304434e5253310d300b06035504031304434e5253301e170d3031303432373035343634395a170d3131303432353035343634395a3034310b3009060355040613024652310d300b060355040a130443 EAP-Message = 0x4e5253311630140603550403130d434e52532d5374616e6461726430820122300d06092a864886f70d01010105000382010f003082010a0282010100dce11e213d068beabd5eb488db0f9397b46d073d8662002dcaffb54a8ee756a48f612cf1a02aabf62add7c2cbfef75550bac094ee74e61c0e70cf09015451202c28cebc31264e26310182ecb0731d981e5dc29829b3156e2811e8a6fa7e8a958114456835db34e78702ddfb6fd728145d5f1ee4dceefbed53d0c9020459a0980af0f4cda200e80bf3ab3eb2780c0b90fc0a14e40dc3afd6a2abf40d52c7180f9f8ba6be4ea2a00ab2fbe9af0a7766d98299c0f2ff042f218975bc9f6cc195fbac2 EAP-Message = 0xbe12d25cb09094c0b7cb0604ef8f30ed322d7a4af793bba009a4b4ee33cbd0839bb5b5b390de8e901e599c20d54b1eedd74c4f86fa1c3a2aa1e9ac05a09dbf0203010001a3819230818f300c0603551d13040530030101ff301d0603551d0e041604146759a5e507744903ef05cfcc2ea418d510c89e3c30530603551d23044c304a801456eb68b9d25c7e98b5a553c3916f6358c4f96bb7a12fa42d302b310b3009060355040613024652310d300b060355040a1304434e5253310d300b06035504031304434e5253820100300b0603551d0f040403020106300d06092a864886f70d0101040500038201010006034783724590c24ee121d7ab17a901 EAP-Message = 0x5506ca406d55a21d5eebe2142359e409e290f63c8d36060f4ba7262365c2ea069a72bbb88ccb8a5fef7936257e00d7f30694fb8344292637c7eee987ce6c86801b713dd262aff6cd626c530fe67a93008c7b2e33e0411daabe659876f1950774b3e63f5375d54b06364b29c4f6dc8e138040107382ad157b047150b53733f2c864bba1107e36c6adaf6f7052a6d1aeccccbab0e859128f620dad03dd4b2ae8893988512fed61e8b73087db27556d6687a351098061715105be131dd94130fc755f0a969b18ffbe9081b413c0721108fd6a9a6a07bdf4832cb460366407fa3d6aa7b090047683dd33cb34e21798040ba1000368308203643082024ca003 EAP-Message = 0x020102020100300d06092a864886f70d010104050030 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x3ec084d1be6f515f489b0868e8dfb9e0 Proxy-State = 0x3230 Proxy-State = 0x38 Fri Sep 21 15:40:45 2007 : Debug: Finished request 3 Fri Sep 21 15:40:45 2007 : Debug: Going to the next request Fri Sep 21 15:40:45 2007 : Debug: Waking up in 6 seconds... rad_recv: Access-Request packet from host 147.173.1.16:1814, id=245, length=166 NAS-IP-Address = 147.173.3.58 NAS-Port = 50014 NAS-Port-Type = Ethernet User-Name = "dom.test@grenoble.cnrs.fr" Called-Station-Id = "00-09-7C-76-5D-8E" Calling-Station-Id = "00-30-13-C5-96-6D" Service-Type = Framed-User Framed-MTU = 1500 State = 0x3ec084d1be6f515f489b0868e8dfb9e0 EAP-Message = 0x020300061500 Message-Authenticator = 0xa524c273e4a881c4ecdfcebd5259bd8c Proxy-State = 0x3231 Proxy-State = 0x39 Fri Sep 21 15:40:45 2007 : Debug: Processing the authorize section of radiusd.conf Fri Sep 21 15:40:45 2007 : Debug: modcall: entering group authorize for request 4 Fri Sep 21 15:40:45 2007 : Debug: modsingle[authorize]: calling preprocess (rlm_preprocess) for request 4 Fri Sep 21 15:40:45 2007 : Debug: modsingle[authorize]: returned from preprocess (rlm_preprocess) for request 4 Fri Sep 21 15:40:45 2007 : Debug: modcall[authorize]: module "preprocess" returns ok for request 4 Fri Sep 21 15:40:45 2007 : Debug: modsingle[authorize]: calling suffix (rlm_realm) for request 4 Fri Sep 21 15:40:45 2007 : Debug: rlm_realm: Looking up realm "grenoble.cnrs.fr" for User-Name = "dom.test@grenoble.cnrs.fr" Fri Sep 21 15:40:45 2007 : Debug: rlm_realm: Found realm "grenoble.cnrs.fr" Fri Sep 21 15:40:45 2007 : Debug: rlm_realm: Proxying request from user dom.test to realm grenoble.cnrs.fr Fri Sep 21 15:40:45 2007 : Debug: rlm_realm: Adding Realm = "grenoble.cnrs.fr" Fri Sep 21 15:40:45 2007 : Debug: rlm_realm: Authentication realm is LOCAL. Fri Sep 21 15:40:45 2007 : Debug: modsingle[authorize]: returned from suffix (rlm_realm) for request 4 Fri Sep 21 15:40:45 2007 : Debug: modcall[authorize]: module "suffix" returns noop for request 4 Fri Sep 21 15:40:45 2007 : Debug: modsingle[authorize]: calling eap (rlm_eap) for request 4 Fri Sep 21 15:40:45 2007 : Debug: rlm_eap: EAP packet type response id 3 length 6 Fri Sep 21 15:40:45 2007 : Debug: rlm_eap: No EAP Start, assuming it's an on-going EAP conversation Fri Sep 21 15:40:45 2007 : Debug: modsingle[authorize]: returned from eap (rlm_eap) for request 4 Fri Sep 21 15:40:45 2007 : Debug: modcall[authorize]: module "eap" returns updated for request 4 Fri Sep 21 15:40:45 2007 : Debug: modsingle[authorize]: calling files (rlm_files) for request 4 Fri Sep 21 15:40:45 2007 : Debug: users: Matched entry DEFAULT at line 257 Fri Sep 21 15:40:45 2007 : Debug: modsingle[authorize]: returned from files (rlm_files) for request 4 Fri Sep 21 15:40:45 2007 : Debug: modcall[authorize]: module "files" returns ok for request 4 Fri Sep 21 15:40:45 2007 : Debug: modsingle[authorize]: calling pap (rlm_pap) for request 4 Fri Sep 21 15:40:45 2007 : Debug: rlm_pap: WARNING! No "known good" password found for the user. Authentication may fail because of this. Fri Sep 21 15:40:45 2007 : Debug: modsingle[authorize]: returned from pap (rlm_pap) for request 4 Fri Sep 21 15:40:45 2007 : Debug: modcall[authorize]: module "pap" returns noop for request 4 Fri Sep 21 15:40:45 2007 : Debug: modcall: leaving group authorize (returns updated) for request 4 Fri Sep 21 15:40:45 2007 : Debug: rad_check_password: Found Auth-Type EAP Fri Sep 21 15:40:45 2007 : Debug: auth: type "EAP" Fri Sep 21 15:40:45 2007 : Debug: Processing the authenticate section of radiusd.conf Fri Sep 21 15:40:45 2007 : Debug: modcall: entering group authenticate for request 4 Fri Sep 21 15:40:45 2007 : Debug: modsingle[authenticate]: calling eap (rlm_eap) for request 4 Fri Sep 21 15:40:45 2007 : Debug: rlm_eap: Request found, released from the list Fri Sep 21 15:40:45 2007 : Debug: rlm_eap: EAP/ttls Fri Sep 21 15:40:45 2007 : Debug: rlm_eap: processing type ttls Fri Sep 21 15:40:45 2007 : Debug: rlm_eap_ttls: Authenticate Fri Sep 21 15:40:45 2007 : Debug: rlm_eap_tls: processing TLS Fri Sep 21 15:40:45 2007 : Debug: rlm_eap_tls: Received EAP-TLS ACK message Fri Sep 21 15:40:45 2007 : Debug: rlm_eap_tls: ack handshake fragment handler Fri Sep 21 15:40:45 2007 : Debug: eaptls_verify returned 1 Fri Sep 21 15:40:45 2007 : Debug: eaptls_process returned 13 Fri Sep 21 15:40:45 2007 : Debug: modsingle[authenticate]: returned from eap (rlm_eap) for request 4 Fri Sep 21 15:40:45 2007 : Debug: modcall[authenticate]: module "eap" returns handled for request 4 Fri Sep 21 15:40:45 2007 : Debug: modcall: leaving group authenticate (returns handled) for request 4 Sending Access-Challenge of id 245 to 147.173.1.16 port 1814 EAP-Message = 0x0104035b158000000b512b310b3009060355040613024652310d300b060355040a1304434e5253310d300b06035504031304434e5253301e170d3031303432373035343433365a170d3231303432323035343433365a302b310b3009060355040613024652310d300b060355040a1304434e5253310d300b06035504031304434e525330820122300d06092a864886f70d01010105000382010f003082010a0282010100dd77abf1eafc78b514a1dc776256978c2fb754c24c54a6d47d22477b74a9f7e3ad7c55b214f0485d988f02bd9211b6884fc415f56f585bf789b527eaafa0fca08e88868f9f24b6904e24dc67d04f8f7e562d1b280772b11767 EAP-Message = 0xa00edb424ec37cb425a2f88c04b1a9825d8c8fd4837beeaa9fd7d2dbf65b6ec28110d69aab5d881c36ca0564684b8b9ec0509423fdb628b5af5da4dda6c5d3d8572b3ef8b5bac4d8ff12225f24690762e4344a0877ca30bbecd3ed759068a28c717227de15262c2521842a9e5718817223bd661f0fe3b7bd17da12ba1954f41c2d8f715233b1b628b67a68cb9a4d5238fa488cc14b89968fc6175bcbb90e0e815c1ac7343957bd0203010001a3819230818f300c0603551d13040530030101ff301d0603551d0e0416041456eb68b9d25c7e98b5a553c3916f6358c4f96bb730530603551d23044c304a801456eb68b9d25c7e98b5a553c3916f6358c4 EAP-Message = 0xf96bb7a12fa42d302b310b3009060355040613024652310d300b060355040a1304434e5253310d300b06035504031304434e5253820100300b0603551d0f040403020106300d06092a864886f70d0101040500038201010038d7c329bc7a77a25e164749865ed019386ade810802b9a7a002a688b80de24935cee6aaa234d2f9a384379a15e9592bb7bdcc11ae29218f8f9139fa9d77e2e839eaec2ed6ca4847224c65b1d3b66f581b342e8a109d128474a4795257005314c898de816ec50b75a75ae7d335084588f5845098f0073ec5863e2e095aa2dcb6a06b7b37ab9f03706eddf59cc00e05ecb5845b23b489211088adfb2d08e400131c55b38f77 EAP-Message = 0xbe20acdc011c797c670c5a5f4fb99489beab9a2c12b1a863c6628003fd4c7095bdc6e805dacbbe09a61fe96dd2852e43d31f1a5c76fe13766160f964d45878bf7fefe573a343da2a7f77db347972d98ee5a5ed52d0c4464c5f1baa16030100040e000000 Message-Authenticator = 0x00000000000000000000000000000000 State = 0xa116e42a17e0ddc0643019a9d9fb6c0d Proxy-State = 0x3231 Proxy-State = 0x39 Fri Sep 21 15:40:45 2007 : Debug: Finished request 4 Fri Sep 21 15:40:45 2007 : Debug: Going to the next request Fri Sep 21 15:40:45 2007 : Debug: Waking up in 6 seconds... rad_recv: Access-Request packet from host 147.173.1.16:1814, id=246, length=361 NAS-IP-Address = 147.173.3.58 NAS-Port = 50014 NAS-Port-Type = Ethernet User-Name = "dom.test@grenoble.cnrs.fr" Called-Station-Id = "00-09-7C-76-5D-8E" Calling-Station-Id = "00-30-13-C5-96-6D" Service-Type = Framed-User Framed-MTU = 1500 State = 0xa116e42a17e0ddc0643019a9d9fb6c0d EAP-Message = 0x020400c81580000000be1603010086100000820080cbfeca37de86478587bd9f0cf524ca4328bae8c53dd2159255be8dd798c2208979cba3317eac76d7b45b039c1c646c27f5b6a33a7b11ff3a5f89e017497b473d44161ec30755816337ca0903bb875a5e1159192c502ef1b4de28ce6abe38f25e1bf6aaa2cf8fe6db82731ba38a47865d42a23dde5a74970d6e6d456a61bde6a2140301000101160301002824793e2c6fed3c79730993a5a50e21e697c743ca63f95a28bcb3e82fa78611fd580f231650023fec Message-Authenticator = 0x929cc6bbd2d748196540935b00266725 Proxy-State = 0x3232 Proxy-State = 0x3130 Fri Sep 21 15:40:45 2007 : Debug: Processing the authorize section of radiusd.conf Fri Sep 21 15:40:45 2007 : Debug: modcall: entering group authorize for request 5 Fri Sep 21 15:40:45 2007 : Debug: modsingle[authorize]: calling preprocess (rlm_preprocess) for request 5 Fri Sep 21 15:40:45 2007 : Debug: modsingle[authorize]: returned from preprocess (rlm_preprocess) for request 5 Fri Sep 21 15:40:45 2007 : Debug: modcall[authorize]: module "preprocess" returns ok for request 5 Fri Sep 21 15:40:45 2007 : Debug: modsingle[authorize]: calling suffix (rlm_realm) for request 5 Fri Sep 21 15:40:45 2007 : Debug: rlm_realm: Looking up realm "grenoble.cnrs.fr" for User-Name = "dom.test@grenoble.cnrs.fr" Fri Sep 21 15:40:45 2007 : Debug: rlm_realm: Found realm "grenoble.cnrs.fr" Fri Sep 21 15:40:45 2007 : Debug: rlm_realm: Proxying request from user dom.test to realm grenoble.cnrs.fr Fri Sep 21 15:40:45 2007 : Debug: rlm_realm: Adding Realm = "grenoble.cnrs.fr" Fri Sep 21 15:40:45 2007 : Debug: rlm_realm: Authentication realm is LOCAL. Fri Sep 21 15:40:45 2007 : Debug: modsingle[authorize]: returned from suffix (rlm_realm) for request 5 Fri Sep 21 15:40:45 2007 : Debug: modcall[authorize]: module "suffix" returns noop for request 5 Fri Sep 21 15:40:45 2007 : Debug: modsingle[authorize]: calling eap (rlm_eap) for request 5 Fri Sep 21 15:40:45 2007 : Debug: rlm_eap: EAP packet type response id 4 length 200 Fri Sep 21 15:40:45 2007 : Debug: rlm_eap: No EAP Start, assuming it's an on-going EAP conversation Fri Sep 21 15:40:45 2007 : Debug: modsingle[authorize]: returned from eap (rlm_eap) for request 5 Fri Sep 21 15:40:45 2007 : Debug: modcall[authorize]: module "eap" returns updated for request 5 Fri Sep 21 15:40:45 2007 : Debug: modsingle[authorize]: calling files (rlm_files) for request 5 Fri Sep 21 15:40:45 2007 : Debug: users: Matched entry DEFAULT at line 257 Fri Sep 21 15:40:45 2007 : Debug: modsingle[authorize]: returned from files (rlm_files) for request 5 Fri Sep 21 15:40:45 2007 : Debug: modcall[authorize]: module "files" returns ok for request 5 Fri Sep 21 15:40:45 2007 : Debug: modsingle[authorize]: calling pap (rlm_pap) for request 5 Fri Sep 21 15:40:45 2007 : Debug: rlm_pap: WARNING! No "known good" password found for the user. Authentication may fail because of this. Fri Sep 21 15:40:45 2007 : Debug: modsingle[authorize]: returned from pap (rlm_pap) for request 5 Fri Sep 21 15:40:45 2007 : Debug: modcall[authorize]: module "pap" returns noop for request 5 Fri Sep 21 15:40:45 2007 : Debug: modcall: leaving group authorize (returns updated) for request 5 Fri Sep 21 15:40:45 2007 : Debug: rad_check_password: Found Auth-Type EAP Fri Sep 21 15:40:45 2007 : Debug: auth: type "EAP" Fri Sep 21 15:40:45 2007 : Debug: Processing the authenticate section of radiusd.conf Fri Sep 21 15:40:45 2007 : Debug: modcall: entering group authenticate for request 5 Fri Sep 21 15:40:45 2007 : Debug: modsingle[authenticate]: calling eap (rlm_eap) for request 5 Fri Sep 21 15:40:45 2007 : Debug: rlm_eap: Request found, released from the list Fri Sep 21 15:40:45 2007 : Debug: rlm_eap: EAP/ttls Fri Sep 21 15:40:45 2007 : Debug: rlm_eap: processing type ttls Fri Sep 21 15:40:45 2007 : Debug: rlm_eap_ttls: Authenticate Fri Sep 21 15:40:45 2007 : Debug: rlm_eap_tls: processing TLS Fri Sep 21 15:40:45 2007 : Debug: rlm_eap_tls: Length Included Fri Sep 21 15:40:45 2007 : Debug: eaptls_verify returned 11 Fri Sep 21 15:40:45 2007 : Debug: rlm_eap_tls: <<< TLS 1.0 Handshake [length 0086], ClientKeyExchange Fri Sep 21 15:40:45 2007 : Debug: TLS_accept: SSLv3 read client key exchange A Fri Sep 21 15:40:45 2007 : Debug: rlm_eap_tls: <<< TLS 1.0 ChangeCipherSpec [length 0001] Fri Sep 21 15:40:45 2007 : Debug: rlm_eap_tls: <<< TLS 1.0 Handshake [length 0010], Finished Fri Sep 21 15:40:45 2007 : Debug: TLS_accept: SSLv3 read finished A Fri Sep 21 15:40:45 2007 : Debug: rlm_eap_tls: >>> TLS 1.0 ChangeCipherSpec [length 0001] Fri Sep 21 15:40:45 2007 : Debug: TLS_accept: SSLv3 write change cipher spec A Fri Sep 21 15:40:45 2007 : Debug: rlm_eap_tls: >>> TLS 1.0 Handshake [length 0010], Finished Fri Sep 21 15:40:45 2007 : Debug: TLS_accept: SSLv3 write finished A Fri Sep 21 15:40:45 2007 : Debug: TLS_accept: SSLv3 flush data Fri Sep 21 15:40:45 2007 : Debug: (other): SSL negotiation finished successfully Fri Sep 21 15:40:45 2007 : Debug: SSL Connection Established Fri Sep 21 15:40:45 2007 : Debug: eaptls_process returned 13 Fri Sep 21 15:40:45 2007 : Debug: modsingle[authenticate]: returned from eap (rlm_eap) for request 5 Fri Sep 21 15:40:45 2007 : Debug: modcall[authenticate]: module "eap" returns handled for request 5 Fri Sep 21 15:40:45 2007 : Debug: modcall: leaving group authenticate (returns handled) for request 5 Sending Access-Challenge of id 246 to 147.173.1.16 port 1814 EAP-Message = 0x0105003d15800000003314030100010116030100288e78245fba02390b5cf12d0b12765b10b2b794216d67a742bb77b59b39462645d2d42ac475f5b71d Message-Authenticator = 0x00000000000000000000000000000000 State = 0x9602240e8009724b732472a5269b8801 Proxy-State = 0x3232 Proxy-State = 0x3130 Fri Sep 21 15:40:45 2007 : Debug: Finished request 5 Fri Sep 21 15:40:45 2007 : Debug: Going to the next request Fri Sep 21 15:40:45 2007 : Debug: Waking up in 6 seconds... rad_recv: Access-Request packet from host 147.173.1.16:1814, id=247, length=256 NAS-IP-Address = 147.173.3.58 NAS-Port = 50014 NAS-Port-Type = Ethernet User-Name = "dom.test@grenoble.cnrs.fr" Called-Station-Id = "00-09-7C-76-5D-8E" Calling-Station-Id = "00-30-13-C5-96-6D" Service-Type = Framed-User Framed-MTU = 1500 State = 0x9602240e8009724b732472a5269b8801 EAP-Message = 0x0205005f1580000000551703010050d6d4d57f3e66fdee14f2a99c8b0596e0b0a1f8d1e32353a63d072c64e360f9ec4d929d1e756f7c2e21ba03cf9ab9ae5a2c1d1dd9c8a5caefc1d8a649b696ae12ed07e432f5f27a72e74a12fd74916958 Message-Authenticator = 0xb1b6d5c74b9361196c42a3599f22105f Proxy-State = 0x3233 Proxy-State = 0x3131 Fri Sep 21 15:40:45 2007 : Debug: Processing the authorize section of radiusd.conf Fri Sep 21 15:40:45 2007 : Debug: modcall: entering group authorize for request 6 Fri Sep 21 15:40:45 2007 : Debug: modsingle[authorize]: calling preprocess (rlm_preprocess) for request 6 Fri Sep 21 15:40:45 2007 : Debug: modsingle[authorize]: returned from preprocess (rlm_preprocess) for request 6 Fri Sep 21 15:40:45 2007 : Debug: modcall[authorize]: module "preprocess" returns ok for request 6 Fri Sep 21 15:40:45 2007 : Debug: modsingle[authorize]: calling suffix (rlm_realm) for request 6 Fri Sep 21 15:40:45 2007 : Debug: rlm_realm: Looking up realm "grenoble.cnrs.fr" for User-Name = "dom.test@grenoble.cnrs.fr" Fri Sep 21 15:40:45 2007 : Debug: rlm_realm: Found realm "grenoble.cnrs.fr" Fri Sep 21 15:40:45 2007 : Debug: rlm_realm: Proxying request from user dom.test to realm grenoble.cnrs.fr Fri Sep 21 15:40:45 2007 : Debug: rlm_realm: Adding Realm = "grenoble.cnrs.fr" Fri Sep 21 15:40:45 2007 : Debug: rlm_realm: Authentication realm is LOCAL. Fri Sep 21 15:40:45 2007 : Debug: modsingle[authorize]: returned from suffix (rlm_realm) for request 6 Fri Sep 21 15:40:45 2007 : Debug: modcall[authorize]: module "suffix" returns noop for request 6 Fri Sep 21 15:40:45 2007 : Debug: modsingle[authorize]: calling eap (rlm_eap) for request 6 Fri Sep 21 15:40:45 2007 : Debug: rlm_eap: EAP packet type response id 5 length 95 Fri Sep 21 15:40:45 2007 : Debug: rlm_eap: No EAP Start, assuming it's an on-going EAP conversation Fri Sep 21 15:40:45 2007 : Debug: modsingle[authorize]: returned from eap (rlm_eap) for request 6 Fri Sep 21 15:40:45 2007 : Debug: modcall[authorize]: module "eap" returns updated for request 6 Fri Sep 21 15:40:45 2007 : Debug: modsingle[authorize]: calling files (rlm_files) for request 6 Fri Sep 21 15:40:45 2007 : Debug: users: Matched entry DEFAULT at line 257 Fri Sep 21 15:40:45 2007 : Debug: modsingle[authorize]: returned from files (rlm_files) for request 6 Fri Sep 21 15:40:45 2007 : Debug: modcall[authorize]: module "files" returns ok for request 6 Fri Sep 21 15:40:45 2007 : Debug: modsingle[authorize]: calling pap (rlm_pap) for request 6 Fri Sep 21 15:40:45 2007 : Debug: rlm_pap: WARNING! No "known good" password found for the user. Authentication may fail because of this. Fri Sep 21 15:40:45 2007 : Debug: modsingle[authorize]: returned from pap (rlm_pap) for request 6 Fri Sep 21 15:40:45 2007 : Debug: modcall[authorize]: module "pap" returns noop for request 6 Fri Sep 21 15:40:45 2007 : Debug: modcall: leaving group authorize (returns updated) for request 6 Fri Sep 21 15:40:45 2007 : Debug: rad_check_password: Found Auth-Type EAP Fri Sep 21 15:40:45 2007 : Debug: auth: type "EAP" Fri Sep 21 15:40:45 2007 : Debug: Processing the authenticate section of radiusd.conf Fri Sep 21 15:40:45 2007 : Debug: modcall: entering group authenticate for request 6 Fri Sep 21 15:40:45 2007 : Debug: modsingle[authenticate]: calling eap (rlm_eap) for request 6 Fri Sep 21 15:40:45 2007 : Debug: rlm_eap: Request found, released from the list Fri Sep 21 15:40:45 2007 : Debug: rlm_eap: EAP/ttls Fri Sep 21 15:40:45 2007 : Debug: rlm_eap: processing type ttls Fri Sep 21 15:40:45 2007 : Debug: rlm_eap_ttls: Authenticate Fri Sep 21 15:40:45 2007 : Debug: rlm_eap_tls: processing TLS Fri Sep 21 15:40:45 2007 : Debug: rlm_eap_tls: Length Included Fri Sep 21 15:40:45 2007 : Debug: eaptls_verify returned 11 Fri Sep 21 15:40:45 2007 : Debug: eaptls_process returned 7 Fri Sep 21 15:40:45 2007 : Debug: rlm_eap_ttls: Session established. Proceeding to decode tunneled attributes. TTLS tunnel data in 0000: 00 00 00 01 40 00 00 21 64 6f 6d 2e 74 65 73 74 TTLS tunnel data in 0010: 40 67 72 65 6e 6f 62 6c 65 2e 63 6e 72 73 2e 66 TTLS tunnel data in 0020: 72 00 00 00 00 00 00 02 40 00 00 10 6c 61 76 63 TTLS tunnel data in 0030: 68 64 6e 37 TTLS: Got tunneled request User-Name = "dom.test@grenoble.cnrs.fr" User-Password = "XXXXXXX" FreeRADIUS-Proxied-To = 127.0.0.1 TTLS: Sending tunneled request User-Name = "dom.test@grenoble.cnrs.fr" User-Password = "XXXXXXX" FreeRADIUS-Proxied-To = 127.0.0.1 NAS-IP-Address = 147.173.3.58 NAS-Port = 50014 NAS-Port-Type = Ethernet Called-Station-Id = "00-09-7C-76-5D-8E" Calling-Station-Id = "00-30-13-C5-96-6D" Service-Type = Framed-User Framed-MTU = 1500 Fri Sep 21 15:40:45 2007 : Debug: Processing the authorize section of radiusd.conf Fri Sep 21 15:40:45 2007 : Debug: modcall: entering group authorize for request 6 Fri Sep 21 15:40:45 2007 : Debug: modsingle[authorize]: calling preprocess (rlm_preprocess) for request 6 Fri Sep 21 15:40:45 2007 : Debug: modsingle[authorize]: returned from preprocess (rlm_preprocess) for request 6 Fri Sep 21 15:40:45 2007 : Debug: modcall[authorize]: module "preprocess" returns ok for request 6 Fri Sep 21 15:40:45 2007 : Debug: modsingle[authorize]: calling suffix (rlm_realm) for request 6 Fri Sep 21 15:40:45 2007 : Debug: rlm_realm: Looking up realm "grenoble.cnrs.fr" for User-Name = "dom.test@grenoble.cnrs.fr" Fri Sep 21 15:40:45 2007 : Debug: rlm_realm: Found realm "grenoble.cnrs.fr" Fri Sep 21 15:40:45 2007 : Debug: rlm_realm: Proxying request from user dom.test to realm grenoble.cnrs.fr Fri Sep 21 15:40:45 2007 : Debug: rlm_realm: Adding Realm = "grenoble.cnrs.fr" Fri Sep 21 15:40:45 2007 : Debug: rlm_realm: Authentication realm is LOCAL. Fri Sep 21 15:40:45 2007 : Debug: modsingle[authorize]: returned from suffix (rlm_realm) for request 6 Fri Sep 21 15:40:45 2007 : Debug: modcall[authorize]: module "suffix" returns noop for request 6 Fri Sep 21 15:40:45 2007 : Debug: modsingle[authorize]: calling eap (rlm_eap) for request 6 Fri Sep 21 15:40:45 2007 : Debug: rlm_eap: No EAP-Message, not doing EAP Fri Sep 21 15:40:45 2007 : Debug: modsingle[authorize]: returned from eap (rlm_eap) for request 6 Fri Sep 21 15:40:45 2007 : Debug: modcall[authorize]: module "eap" returns noop for request 6 Fri Sep 21 15:40:45 2007 : Debug: modsingle[authorize]: calling files (rlm_files) for request 6 Fri Sep 21 15:40:45 2007 : Debug: users: Matched entry DEFAULT at line 260 Fri Sep 21 15:40:45 2007 : Debug: modsingle[authorize]: returned from files (rlm_files) for request 6 Fri Sep 21 15:40:45 2007 : Debug: modcall[authorize]: module "files" returns ok for request 6 Fri Sep 21 15:40:45 2007 : Debug: modsingle[authorize]: calling pap (rlm_pap) for request 6 Fri Sep 21 15:40:45 2007 : Debug: rlm_pap: WARNING! No "known good" password found for the user. Authentication may fail because of this. Fri Sep 21 15:40:45 2007 : Debug: modsingle[authorize]: returned from pap (rlm_pap) for request 6 Fri Sep 21 15:40:45 2007 : Debug: modcall[authorize]: module "pap" returns noop for request 6 Fri Sep 21 15:40:45 2007 : Debug: modcall: leaving group authorize (returns ok) for request 6 Fri Sep 21 15:40:45 2007 : Debug: Found Autz-Type ldap Fri Sep 21 15:40:45 2007 : Debug: Processing the authorize section of radiusd.conf Fri Sep 21 15:40:45 2007 : Debug: modcall: entering group LDAP for request 6 Fri Sep 21 15:40:45 2007 : Debug: modsingle[authorize]: calling ldap (rlm_ldap) for request 6 Fri Sep 21 15:40:45 2007 : Debug: rlm_ldap: - authorize Fri Sep 21 15:40:45 2007 : Debug: rlm_ldap: performing user authorization for dom.test@grenoble.cnrs.fr Fri Sep 21 15:40:45 2007 : Debug: radius_xlat: '(|(|(uid=dom.test@grenoble.cnrs.fr)(mail=dom.test@grenoble.cnrs.fr))(mail=dom.test@grenoble.cnrs.fr@grenoble.cnrs.fr))' Fri Sep 21 15:40:45 2007 : Debug: radius_xlat: 'ou=users,dc=grenoble,dc=cnrs,dc=fr' Fri Sep 21 15:40:45 2007 : Debug: rlm_ldap: ldap_get_conn: Checking Id: 0 Fri Sep 21 15:40:45 2007 : Debug: rlm_ldap: ldap_get_conn: Got Id: 0 Fri Sep 21 15:40:45 2007 : Debug: rlm_ldap: attempting LDAP reconnection Fri Sep 21 15:40:45 2007 : Debug: rlm_ldap: (re)connect to ldaps://ldap.grenoble.cnrs.fr, authentication 0 Fri Sep 21 15:40:45 2007 : Debug: rlm_ldap: bind as cn=rad,dc=grenoble,dc=cnrs,dc=fr/XXXXXXX to ldaps://ldap.grenoble.cnrs.fr Fri Sep 21 15:40:45 2007 : Debug: rlm_ldap: waiting for bind result ... Fri Sep 21 15:40:45 2007 : Debug: rlm_ldap: Bind was successful Fri Sep 21 15:40:45 2007 : Debug: rlm_ldap: performing search in ou=users,dc=grenoble,dc=cnrs,dc=fr, with filter (|(|(uid=dom.test@grenoble.cnrs.fr)(mail=dom.test@grenoble.cnrs.fr))(mail=dom.test@grenoble.cnrs.fr@grenoble.cnrs.fr)) Fri Sep 21 15:40:45 2007 : Debug: rlm_ldap: No default NMAS login sequence Fri Sep 21 15:40:45 2007 : Debug: rlm_ldap: looking for check items in directory... Fri Sep 21 15:40:45 2007 : Debug: rlm_ldap: looking for reply items in directory... Fri Sep 21 15:40:45 2007 : Debug: rlm_ldap: Setting Auth-Type = ldap Fri Sep 21 15:40:45 2007 : Debug: rlm_ldap: user dom.test@grenoble.cnrs.fr authorized to use remote access Fri Sep 21 15:40:45 2007 : Debug: rlm_ldap: ldap_release_conn: Release Id: 0 Fri Sep 21 15:40:45 2007 : Debug: modsingle[authorize]: returned from ldap (rlm_ldap) for request 6 Fri Sep 21 15:40:45 2007 : Debug: modcall[authorize]: module "ldap" returns ok for request 6 Fri Sep 21 15:40:45 2007 : Debug: modcall: leaving group LDAP (returns ok) for request 6 Fri Sep 21 15:40:45 2007 : Debug: rad_check_password: Found Auth-Type ldap Fri Sep 21 15:40:45 2007 : Debug: auth: type "LDAP" Fri Sep 21 15:40:45 2007 : Debug: Processing the authenticate section of radiusd.conf Fri Sep 21 15:40:45 2007 : Debug: modcall: entering group LDAP for request 6 Fri Sep 21 15:40:45 2007 : Debug: modsingle[authenticate]: calling ldap (rlm_ldap) for request 6 Fri Sep 21 15:40:45 2007 : Debug: rlm_ldap: - authenticate Fri Sep 21 15:40:45 2007 : Debug: rlm_ldap: login attempt by "dom.test@grenoble.cnrs.fr" with password "XXXXXXX" Fri Sep 21 15:40:45 2007 : Debug: rlm_ldap: user DN: uid=dom.test,ou=creta,ou=users,dc=grenoble,dc=cnrs,dc=fr Fri Sep 21 15:40:45 2007 : Debug: rlm_ldap: (re)connect to ldaps://ldap.grenoble.cnrs.fr, authentication 1 Fri Sep 21 15:40:45 2007 : Debug: rlm_ldap: bind as uid=dom.test,ou=creta,ou=users,dc=grenoble,dc=cnrs,dc=fr/XXXXXXX to ldaps://ldap.grenoble.cnrs.fr Fri Sep 21 15:40:45 2007 : Debug: rlm_ldap: waiting for bind result ... Fri Sep 21 15:40:45 2007 : Debug: rlm_ldap: Bind was successful Fri Sep 21 15:40:45 2007 : Debug: rlm_ldap: user dom.test@grenoble.cnrs.fr authenticated succesfully Fri Sep 21 15:40:45 2007 : Debug: modsingle[authenticate]: returned from ldap (rlm_ldap) for request 6 Fri Sep 21 15:40:45 2007 : Debug: modcall[authenticate]: module "ldap" returns ok for request 6 Fri Sep 21 15:40:45 2007 : Debug: modcall: leaving group LDAP (returns ok) for request 6 Fri Sep 21 15:40:45 2007 : Auth: Login OK: [dom.test@grenoble.cnrs.fr] (from client localhost port 50014 cli 00-30-13-C5-96-6D) TTLS: Got tunneled reply RADIUS code 2 Fri Sep 21 15:40:45 2007 : Debug: TTLS: Got tunneled Access-Accept Fri Sep 21 15:40:45 2007 : Debug: rlm_eap: Freeing handler Fri Sep 21 15:40:45 2007 : Debug: modsingle[authenticate]: returned from eap (rlm_eap) for request 6 Fri Sep 21 15:40:45 2007 : Debug: modcall[authenticate]: module "eap" returns ok for request 6 Fri Sep 21 15:40:45 2007 : Debug: modcall: leaving group authenticate (returns ok) for request 6 Fri Sep 21 15:40:45 2007 : Auth: Login OK: [dom.test@grenoble.cnrs.fr] (from client LISTES port 50014 cli 00-30-13-C5-96-6D) Sending Access-Accept of id 247 to 147.173.1.16 port 1814 MS-MPPE-Recv-Key = 0x2df7f2023769675ff463e7d226ff806359d02d240474a0b5cea232dec97e9354 MS-MPPE-Send-Key = 0x4b1c29e8d867c0baad0ad99519f20d7d2f236501a2332e7a6af2f5c06e165356 EAP-Message = 0x03050004 Message-Authenticator = 0x00000000000000000000000000000000 User-Name = "dom.test@grenoble.cnrs.fr" Proxy-State = 0x3233 Proxy-State = 0x3131 Fri Sep 21 15:40:45 2007 : Debug: Finished request 6 Fri Sep 21 15:40:45 2007 : Debug: Going to the next request Fri Sep 21 15:40:45 2007 : Debug: Waking up in 6 seconds... rad_recv: Accounting-Request packet from host 147.173.1.16:1814, id=24, length=195 NAS-IP-Address = 147.173.3.58 NAS-Port = 50014 NAS-Port-Type = Ethernet User-Name = "dom.test@grenoble.cnrs.fr" Called-Station-Id = "00-09-7C-76-5D-8E" Calling-Station-Id = "00-30-13-C5-96-6D" Acct-Status-Type = Start Acct-Authentic = RADIUS Acct-Session-Id = "147.173.3.58 dom.test@grenoble.cnrs.fr 03/01/93 22:27:07 0000000B" Acct-Delay-Time = 0 Proxy-State = 0x3233 Proxy-State = 0x32 Fri Sep 21 15:40:45 2007 : Debug: Processing the preacct section of radiusd.conf Fri Sep 21 15:40:45 2007 : Debug: modcall: entering group preacct for request 7 Fri Sep 21 15:40:45 2007 : Debug: modsingle[preacct]: calling preprocess (rlm_preprocess) for request 7 Fri Sep 21 15:40:45 2007 : Debug: modsingle[preacct]: returned from preprocess (rlm_preprocess) for request 7 Fri Sep 21 15:40:45 2007 : Debug: modcall[preacct]: module "preprocess" returns noop for request 7 Fri Sep 21 15:40:45 2007 : Debug: modsingle[preacct]: calling acct_unique (rlm_acct_unique) for request 7 Fri Sep 21 15:40:45 2007 : Debug: rlm_acct_unique: Hashing 'NAS-Port = 50014,Client-IP-Address = 147.173.1.16,NAS-IP-Address = 147.173.3.58,Acct-Session-Id = "147.173.3.58 dom.test@grenoble.cnrs.fr 03/01/93 22:27:07 0000000B",User-Name = "dom.test@grenoble.cnrs.fr"' Fri Sep 21 15:40:45 2007 : Debug: rlm_acct_unique: Acct-Unique-Session-ID = "f1c9a3ec17a71ebe". Fri Sep 21 15:40:45 2007 : Debug: modsingle[preacct]: returned from acct_unique (rlm_acct_unique) for request 7 Fri Sep 21 15:40:45 2007 : Debug: modcall[preacct]: module "acct_unique" returns ok for request 7 Fri Sep 21 15:40:45 2007 : Debug: modsingle[preacct]: calling suffix (rlm_realm) for request 7 Fri Sep 21 15:40:45 2007 : Debug: rlm_realm: Looking up realm "grenoble.cnrs.fr" for User-Name = "dom.test@grenoble.cnrs.fr" Fri Sep 21 15:40:45 2007 : Debug: rlm_realm: Found realm "grenoble.cnrs.fr" Fri Sep 21 15:40:45 2007 : Debug: rlm_realm: Proxying request from user dom.test to realm grenoble.cnrs.fr Fri Sep 21 15:40:45 2007 : Debug: rlm_realm: Adding Realm = "grenoble.cnrs.fr" Fri Sep 21 15:40:45 2007 : Debug: rlm_realm: Accounting realm is LOCAL. Fri Sep 21 15:40:45 2007 : Debug: modsingle[preacct]: returned from suffix (rlm_realm) for request 7 Fri Sep 21 15:40:45 2007 : Debug: modcall[preacct]: module "suffix" returns noop for request 7 Fri Sep 21 15:40:45 2007 : Debug: modsingle[preacct]: calling files (rlm_files) for request 7 Fri Sep 21 15:40:45 2007 : Debug: modsingle[preacct]: returned from files (rlm_files) for request 7 Fri Sep 21 15:40:45 2007 : Debug: modcall[preacct]: module "files" returns noop for request 7 Fri Sep 21 15:40:45 2007 : Debug: modcall: leaving group preacct (returns ok) for request 7 Fri Sep 21 15:40:45 2007 : Debug: Processing the accounting section of radiusd.conf Fri Sep 21 15:40:45 2007 : Debug: modcall: entering group accounting for request 7 Fri Sep 21 15:40:45 2007 : Debug: modsingle[accounting]: calling detail (rlm_detail) for request 7 Fri Sep 21 15:40:45 2007 : Debug: radius_xlat: '/var/log/freeradius/radacct/147.173.1.16/detail-20070921' Fri Sep 21 15:40:45 2007 : Debug: rlm_detail: /var/log/freeradius/radacct/%{Client-IP-Address}/detail-%Y%m%d expands to /var/log/freeradius/radacct/147.173.1.16/detail-20070921 Fri Sep 21 15:40:45 2007 : Debug: modsingle[accounting]: returned from detail (rlm_detail) for request 7 Fri Sep 21 15:40:45 2007 : Debug: modcall[accounting]: module "detail" returns ok for request 7 Fri Sep 21 15:40:45 2007 : Debug: modsingle[accounting]: calling unix (rlm_unix) for request 7 Fri Sep 21 15:40:45 2007 : Debug: modsingle[accounting]: returned from unix (rlm_unix) for request 7 Fri Sep 21 15:40:45 2007 : Debug: modcall[accounting]: module "unix" returns ok for request 7 Fri Sep 21 15:40:45 2007 : Debug: modsingle[accounting]: calling radutmp (rlm_radutmp) for request 7 Fri Sep 21 15:40:45 2007 : Debug: radius_xlat: '/var/log/freeradius/radutmp' Fri Sep 21 15:40:45 2007 : Debug: radius_xlat: 'dom.test@grenoble.cnrs.fr' Fri Sep 21 15:40:45 2007 : Debug: modsingle[accounting]: returned from radutmp (rlm_radutmp) for request 7 Fri Sep 21 15:40:45 2007 : Debug: modcall[accounting]: module "radutmp" returns ok for request 7 Fri Sep 21 15:40:45 2007 : Debug: modsingle[accounting]: calling sql (rlm_sql) for request 7 Fri Sep 21 15:40:45 2007 : Debug: radius_xlat: 'dom.test@grenoble.cnrs.fr' Fri Sep 21 15:40:45 2007 : Debug: rlm_sql (sql): sql_set_user escaped user --> 'dom.test@grenoble.cnrs.fr' Fri Sep 21 15:40:45 2007 : Debug: radius_xlat: 'INSERT into radacct (AcctSessionId, AcctUniqueId, UserName, Realm, NASIPAddress, NASPortId, NASPortType, AcctStartTime, AcctStopTime, AcctSessionTime, AcctAuthentic, ConnectInfo_start, ConnectInfo_stop, AcctInputOctets, AcctOutputOctets, CalledStationId, CallingStationId, AcctTerminateCause, ServiceType, FramedProtocol, FramedIPAddress, AcctStartDelay, AcctStopDelay) values('147.173.3.58 dom.test@grenoble.cnrs.fr 03/01/93 22:27:07 0000000B', 'f1c9a3ec17a71ebe', 'dom.test@grenoble.cnrs.fr', 'grenoble.cnrs.fr', '147.173.3.58', '50014', 'Ethernet', '2007-09-21 15:40:45', '0', '0', 'RADIUS', '', '', '0', '0', '00-09-7C-76-5D-8E', '00-30-13-C5-96-6D', '', '', '', '', '0', '0')' Fri Sep 21 15:40:45 2007 : Debug: radius_xlat: '/var/log/freeradius/sqltrace.sql' Fri Sep 21 15:40:45 2007 : Debug: rlm_sql (sql): Reserving sql socket id: 3 Fri Sep 21 15:40:45 2007 : Debug: rlm_sql_mysql: query: INSERT into radacct (AcctSessionId, AcctUniqueId, UserName, Realm, NASIPAddress, NASPortId, NASPortType, AcctStartTime, AcctStopTime, AcctSessionTime, AcctAuthentic, ConnectInfo_start, ConnectInfo_stop, AcctInputOctets, AcctOutputOctets, CalledStationId, CallingStationId, AcctTerminateCause, ServiceType, FramedProtocol, FramedIPAddress, AcctStartDelay, AcctStopDelay) values('147.173.3.58 dom.test@grenoble.cnrs.fr 03/01/93 22:27:07 0000000B', 'f1c9a3ec17a71ebe', 'dom.test@grenoble.cnrs.fr', 'grenoble.cnrs.fr', '147.173.3.58', '50014', 'Ethernet', '2007-09-21 15:40:45', '0', '0', 'RADIUS', '', '', '0', '0', '00-09-7C-76-5D-8E', '00-30-13-C5-96-6D', '', '', '', '', '0', '0') Fri Sep 21 15:40:45 2007 : Debug: rlm_sql (sql): Released sql socket id: 3 Fri Sep 21 15:40:45 2007 : Debug: modsingle[accounting]: returned from sql (rlm_sql) for request 7 Fri Sep 21 15:40:45 2007 : Debug: modcall[accounting]: module "sql" returns ok for request 7 Fri Sep 21 15:40:45 2007 : Debug: modsingle[accounting]: calling attr_filter.accounting_response (rlm_attr_filter) for request 7 Fri Sep 21 15:40:45 2007 : Debug: attr_filter: Matched entry DEFAULT at line 12 Fri Sep 21 15:40:45 2007 : Debug: modsingle[accounting]: returned from attr_filter.accounting_response (rlm_attr_filter) for request 7 Fri Sep 21 15:40:45 2007 : Debug: modcall[accounting]: module "attr_filter.accounting_response" returns updated for request 7 Fri Sep 21 15:40:45 2007 : Debug: modcall: leaving group accounting (returns updated) for request 7 Sending Accounting-Response of id 24 to 147.173.1.16 port 1814 Proxy-State = 0x3233 Proxy-State = 0x32 Fri Sep 21 15:40:45 2007 : Debug: Finished request 7 Fri Sep 21 15:40:45 2007 : Debug: Going to the next request Fri Sep 21 15:40:45 2007 : Debug: Waking up in 6 seconds... Fri Sep 21 15:40:51 2007 : Debug: --- Walking the entire request list --- Fri Sep 21 15:40:51 2007 : Debug: Cleaning up request 7 ID 24 with timestamp 46f3c9dd Fri Sep 21 15:40:51 2007 : Debug: Cleaning up request 1 ID 242 with timestamp 46f3c9dd Fri Sep 21 15:40:51 2007 : Debug: Cleaning up request 2 ID 243 with timestamp 46f3c9dd Fri Sep 21 15:40:51 2007 : Debug: Cleaning up request 3 ID 244 with timestamp 46f3c9dd Fri Sep 21 15:40:51 2007 : Debug: Cleaning up request 4 ID 245 with timestamp 46f3c9dd Fri Sep 21 15:40:51 2007 : Debug: Cleaning up request 5 ID 246 with timestamp 46f3c9dd Fri Sep 21 15:40:51 2007 : Debug: Cleaning up request 6 ID 247 with timestamp 46f3c9dd Fri Sep 21 15:40:51 2007 : Debug: Nothing to do. Sleeping until we see a request.
Fri Sep 21 15:41:11 2007 : Info: Starting - reading configuration files ... Fri Sep 21 15:41:11 2007 : Debug: reread_config: reading radiusd.conf Fri Sep 21 15:41:11 2007 : Debug: Config: including file: /etc/freeradius/proxy.conf Fri Sep 21 15:41:11 2007 : Debug: Config: including file: /etc/freeradius/clients.conf Fri Sep 21 15:41:11 2007 : Debug: Config: including file: /etc/freeradius/snmp.conf Fri Sep 21 15:41:11 2007 : Debug: Config: including file: /etc/freeradius/eap.conf Fri Sep 21 15:41:11 2007 : Debug: Config: including file: /etc/freeradius/sql.conf Fri Sep 21 15:41:11 2007 : Debug: main: prefix = "/usr" Fri Sep 21 15:41:11 2007 : Debug: main: localstatedir = "/var" Fri Sep 21 15:41:11 2007 : Debug: main: logdir = "/var/log/freeradius" Fri Sep 21 15:41:11 2007 : Debug: main: libdir = "/usr/lib/freeradius" Fri Sep 21 15:41:11 2007 : Debug: main: radacctdir = "/var/log/freeradius/radacct" Fri Sep 21 15:41:11 2007 : Debug: main: hostname_lookups = no Fri Sep 21 15:41:11 2007 : Debug: main: snmp = no Fri Sep 21 15:41:11 2007 : Debug: main: max_request_time = 30 Fri Sep 21 15:41:11 2007 : Debug: main: cleanup_delay = 5 Fri Sep 21 15:41:11 2007 : Debug: main: max_requests = 1024 Fri Sep 21 15:41:11 2007 : Debug: main: delete_blocked_requests = 0 Fri Sep 21 15:41:11 2007 : Debug: main: port = 1812 Fri Sep 21 15:41:11 2007 : Debug: main: allow_core_dumps = no Fri Sep 21 15:41:11 2007 : Debug: main: log_stripped_names = no Fri Sep 21 15:41:11 2007 : Debug: main: log_file = "/var/log/freeradius/radius.log" Fri Sep 21 15:41:11 2007 : Debug: main: log_auth = yes Fri Sep 21 15:41:11 2007 : Debug: main: log_auth_badpass = no Fri Sep 21 15:41:11 2007 : Debug: main: log_auth_goodpass = no Fri Sep 21 15:41:11 2007 : Debug: main: pidfile = "/var/run/freeradius/freeradius.pid" Fri Sep 21 15:41:11 2007 : Debug: main: user = "freerad" Fri Sep 21 15:41:11 2007 : Debug: main: group = "freerad" Fri Sep 21 15:41:11 2007 : Debug: main: usercollide = no Fri Sep 21 15:41:11 2007 : Debug: main: lower_user = "no" Fri Sep 21 15:41:11 2007 : Debug: main: lower_pass = "no" Fri Sep 21 15:41:11 2007 : Debug: main: nospace_user = "no" Fri Sep 21 15:41:11 2007 : Debug: main: nospace_pass = "no" Fri Sep 21 15:41:11 2007 : Debug: main: checkrad = "/usr/sbin/checkrad" Fri Sep 21 15:41:11 2007 : Debug: main: proxy_requests = yes Fri Sep 21 15:41:11 2007 : Debug: proxy: retry_delay = 5 Fri Sep 21 15:41:11 2007 : Debug: proxy: retry_count = 3 Fri Sep 21 15:41:11 2007 : Debug: proxy: synchronous = no Fri Sep 21 15:41:11 2007 : Debug: proxy: default_fallback = yes Fri Sep 21 15:41:11 2007 : Debug: proxy: dead_time = 120 Fri Sep 21 15:41:11 2007 : Debug: proxy: post_proxy_authorize = yes Fri Sep 21 15:41:11 2007 : Debug: proxy: wake_all_if_all_dead = no Fri Sep 21 15:41:11 2007 : Debug: security: max_attributes = 200 Fri Sep 21 15:41:11 2007 : Debug: security: reject_delay = 1 Fri Sep 21 15:41:11 2007 : Debug: security: status_server = yes Fri Sep 21 15:41:11 2007 : Debug: main: debug_level = 0 Fri Sep 21 15:41:11 2007 : Debug: read_config_files: reading dictionary Fri Sep 21 15:41:11 2007 : Debug: read_config_files: reading naslist Fri Sep 21 15:41:11 2007 : Debug: read_config_files: reading clients Fri Sep 21 15:41:11 2007 : Debug: read_config_files: reading realms Fri Sep 21 15:41:11 2007 : Debug: listen: port = 0 Fri Sep 21 15:41:11 2007 : Debug: listen: type = "auth" Fri Sep 21 15:41:11 2007 : Debug: listen: port = 0 Fri Sep 21 15:41:11 2007 : Debug: listen: type = "acct" Fri Sep 21 15:41:11 2007 : Debug: radiusd: entering modules setup Fri Sep 21 15:41:11 2007 : Debug: Module: Library search path is /usr/lib/freeradius Fri Sep 21 15:41:11 2007 : Debug: Module: Loaded exec Fri Sep 21 15:41:11 2007 : Debug: exec: wait = no Fri Sep 21 15:41:11 2007 : Debug: exec: program = "(null)" Fri Sep 21 15:41:11 2007 : Debug: exec: input_pairs = "request" Fri Sep 21 15:41:11 2007 : Debug: exec: output_pairs = "(null)" Fri Sep 21 15:41:11 2007 : Debug: exec: packet_type = "(null)" Fri Sep 21 15:41:11 2007 : Debug: Module: Instantiated exec (exec) Fri Sep 21 15:41:11 2007 : Debug: Module: Loaded expr Fri Sep 21 15:41:11 2007 : Debug: Module: Instantiated expr (expr) Fri Sep 21 15:41:11 2007 : Debug: Module: Loaded LDAP Fri Sep 21 15:41:11 2007 : Debug: ldap: server = "ldaps://ldap.grenoble.cnrs.fr" Fri Sep 21 15:41:11 2007 : Debug: ldap: port = 389 Fri Sep 21 15:41:11 2007 : Debug: ldap: net_timeout = 1 Fri Sep 21 15:41:11 2007 : Debug: ldap: timeout = 4 Fri Sep 21 15:41:11 2007 : Debug: ldap: timelimit = 3 Fri Sep 21 15:41:11 2007 : Debug: ldap: identity = "cn=rad,dc=grenoble,dc=cnrs,dc=fr" Fri Sep 21 15:41:11 2007 : Debug: ldap: tls_mode = no Fri Sep 21 15:41:11 2007 : Debug: ldap: start_tls = no Fri Sep 21 15:41:11 2007 : Debug: ldap: tls_cacertfile = "(null)" Fri Sep 21 15:41:11 2007 : Debug: ldap: tls_cacertdir = "(null)" Fri Sep 21 15:41:11 2007 : Debug: ldap: tls_certfile = "(null)" Fri Sep 21 15:41:11 2007 : Debug: ldap: tls_keyfile = "(null)" Fri Sep 21 15:41:11 2007 : Debug: ldap: tls_randfile = "(null)" Fri Sep 21 15:41:11 2007 : Debug: ldap: tls_require_cert = "allow" Fri Sep 21 15:41:11 2007 : Debug: ldap: password = "XXXXXXX" Fri Sep 21 15:41:11 2007 : Debug: ldap: basedn = "ou=users,dc=grenoble,dc=cnrs,dc=fr" Fri Sep 21 15:41:11 2007 : Debug: ldap: filter = "(|(|(uid=%{Stripped-User-Name:-%{User-Name}})(mail=%{Stripped-User-Name:-%{User-Name}}))(mail=%{Stripped-User-Name:-%{User-Name}}@grenoble.cnrs.fr))" Fri Sep 21 15:41:11 2007 : Debug: ldap: base_filter = "(objectclass=radiusprofile)" Fri Sep 21 15:41:11 2007 : Debug: ldap: default_profile = "(null)" Fri Sep 21 15:41:11 2007 : Debug: ldap: profile_attribute = "(null)" Fri Sep 21 15:41:11 2007 : Debug: ldap: password_header = "(null)" Fri Sep 21 15:41:11 2007 : Debug: ldap: password_attribute = "(null)" Fri Sep 21 15:41:11 2007 : Debug: ldap: access_attr = "(null)" Fri Sep 21 15:41:11 2007 : Debug: ldap: groupname_attribute = "radiusGroupName" Fri Sep 21 15:41:11 2007 : Debug: ldap: groupmembership_filter = "(|(|(uid=%{Stripped-User-Name:-%{User-Name}})(mail=%{Stripped-User-Name:-%{User-Name}}))(mail=%{Stripped-User-Name:-%{User-Name}}@grenoble.cnrs.fr))" Fri Sep 21 15:41:11 2007 : Debug: ldap: groupmembership_attribute = "radiusGroupName" Fri Sep 21 15:41:11 2007 : Debug: ldap: dictionary_mapping = "/etc/freeradius/ldap.attrmap" Fri Sep 21 15:41:11 2007 : Debug: ldap: ldap_debug = 0 Fri Sep 21 15:41:11 2007 : Debug: ldap: ldap_connections_number = 5 Fri Sep 21 15:41:11 2007 : Debug: ldap: compare_check_items = no Fri Sep 21 15:41:11 2007 : Debug: ldap: access_attr_used_for_allow = yes Fri Sep 21 15:41:11 2007 : Debug: ldap: do_xlat = yes Fri Sep 21 15:41:11 2007 : Debug: ldap: edir_account_policy_check = no Fri Sep 21 15:41:11 2007 : Debug: ldap: set_auth_type = yes Fri Sep 21 15:41:11 2007 : Debug: rlm_ldap: Registering ldap_groupcmp for Ldap-Group Fri Sep 21 15:41:11 2007 : Debug: rlm_ldap: Registering ldap_xlat with xlat_name ldap Fri Sep 21 15:41:11 2007 : Debug: rlm_ldap: reading ldap<->radius mappings from file /etc/freeradius/ldap.attrmap Fri Sep 21 15:41:11 2007 : Debug: rlm_ldap: LDAP radiusCheckItem mapped to RADIUS $GENERIC$ Fri Sep 21 15:41:11 2007 : Debug: rlm_ldap: LDAP radiusReplyItem mapped to RADIUS $GENERIC$ Fri Sep 21 15:41:11 2007 : Debug: rlm_ldap: LDAP radiusAuthType mapped to RADIUS Auth-Type Fri Sep 21 15:41:11 2007 : Debug: rlm_ldap: LDAP radiusSimultaneousUse mapped to RADIUS Simultaneous-Use Fri Sep 21 15:41:11 2007 : Debug: rlm_ldap: LDAP radiusCalledStationId mapped to RADIUS Called-Station-Id Fri Sep 21 15:41:11 2007 : Debug: rlm_ldap: LDAP radiusCallingStationId mapped to RADIUS Calling-Station-Id Fri Sep 21 15:41:11 2007 : Debug: rlm_ldap: LDAP lmPassword mapped to RADIUS LM-Password Fri Sep 21 15:41:11 2007 : Debug: rlm_ldap: LDAP ntPassword mapped to RADIUS NT-Password Fri Sep 21 15:41:11 2007 : Debug: rlm_ldap: LDAP acctFlags mapped to RADIUS SMB-Account-CTRL-TEXT Fri Sep 21 15:41:11 2007 : Debug: rlm_ldap: LDAP radiusExpiration mapped to RADIUS Expiration Fri Sep 21 15:41:11 2007 : Debug: rlm_ldap: LDAP radiusNASIpAddress mapped to RADIUS NAS-IP-Address Fri Sep 21 15:41:11 2007 : Debug: rlm_ldap: LDAP radiusServiceType mapped to RADIUS Service-Type Fri Sep 21 15:41:11 2007 : Debug: rlm_ldap: LDAP radiusFramedProtocol mapped to RADIUS Framed-Protocol Fri Sep 21 15:41:11 2007 : Debug: rlm_ldap: LDAP radiusFramedIPAddress mapped to RADIUS Framed-IP-Address Fri Sep 21 15:41:11 2007 : Debug: rlm_ldap: LDAP radiusFramedIPNetmask mapped to RADIUS Framed-IP-Netmask Fri Sep 21 15:41:11 2007 : Debug: rlm_ldap: LDAP radiusFramedRoute mapped to RADIUS Framed-Route Fri Sep 21 15:41:11 2007 : Debug: rlm_ldap: LDAP radiusFramedRouting mapped to RADIUS Framed-Routing Fri Sep 21 15:41:11 2007 : Debug: rlm_ldap: LDAP radiusFilterId mapped to RADIUS Filter-Id Fri Sep 21 15:41:11 2007 : Debug: rlm_ldap: LDAP radiusFramedMTU mapped to RADIUS Framed-MTU Fri Sep 21 15:41:11 2007 : Debug: rlm_ldap: LDAP radiusFramedCompression mapped to RADIUS Framed-Compression Fri Sep 21 15:41:11 2007 : Debug: rlm_ldap: LDAP radiusLoginIPHost mapped to RADIUS Login-IP-Host Fri Sep 21 15:41:11 2007 : Debug: rlm_ldap: LDAP radiusLoginService mapped to RADIUS Login-Service Fri Sep 21 15:41:11 2007 : Debug: rlm_ldap: LDAP radiusLoginTCPPort mapped to RADIUS Login-TCP-Port Fri Sep 21 15:41:11 2007 : Debug: rlm_ldap: LDAP radiusCallbackNumber mapped to RADIUS Callback-Number Fri Sep 21 15:41:11 2007 : Debug: rlm_ldap: LDAP radiusCallbackId mapped to RADIUS Callback-Id Fri Sep 21 15:41:11 2007 : Debug: rlm_ldap: LDAP radiusFramedIPXNetwork mapped to RADIUS Framed-IPX-Network Fri Sep 21 15:41:11 2007 : Debug: rlm_ldap: LDAP radiusClass mapped to RADIUS Class Fri Sep 21 15:41:11 2007 : Debug: rlm_ldap: LDAP radiusSessionTimeout mapped to RADIUS Session-Timeout Fri Sep 21 15:41:11 2007 : Debug: rlm_ldap: LDAP radiusIdleTimeout mapped to RADIUS Idle-Timeout Fri Sep 21 15:41:11 2007 : Debug: rlm_ldap: LDAP radiusTerminationAction mapped to RADIUS Termination-Action Fri Sep 21 15:41:11 2007 : Debug: rlm_ldap: LDAP radiusLoginLATService mapped to RADIUS Login-LAT-Service Fri Sep 21 15:41:11 2007 : Debug: rlm_ldap: LDAP radiusLoginLATNode mapped to RADIUS Login-LAT-Node Fri Sep 21 15:41:11 2007 : Debug: rlm_ldap: LDAP radiusLoginLATGroup mapped to RADIUS Login-LAT-Group Fri Sep 21 15:41:11 2007 : Debug: rlm_ldap: LDAP radiusFramedAppleTalkLink mapped to RADIUS Framed-AppleTalk-Link Fri Sep 21 15:41:11 2007 : Debug: rlm_ldap: LDAP radiusFramedAppleTalkNetwork mapped to RADIUS Framed-AppleTalk-Network Fri Sep 21 15:41:11 2007 : Debug: rlm_ldap: LDAP radiusFramedAppleTalkZone mapped to RADIUS Framed-AppleTalk-Zone Fri Sep 21 15:41:11 2007 : Debug: rlm_ldap: LDAP radiusPortLimit mapped to RADIUS Port-Limit Fri Sep 21 15:41:11 2007 : Debug: rlm_ldap: LDAP radiusLoginLATPort mapped to RADIUS Login-LAT-Port Fri Sep 21 15:41:11 2007 : Debug: rlm_ldap: LDAP radiusReplyMessage mapped to RADIUS Reply-Message Fri Sep 21 15:41:11 2007 : Debug: conns: 0x5555557bc4c0 Fri Sep 21 15:41:11 2007 : Debug: Module: Instantiated ldap (ldap) Fri Sep 21 15:41:11 2007 : Debug: Module: Loaded eap Fri Sep 21 15:41:11 2007 : Debug: eap: default_eap_type = "ttls" Fri Sep 21 15:41:11 2007 : Debug: eap: timer_expire = 60 Fri Sep 21 15:41:11 2007 : Debug: eap: ignore_unknown_eap_types = yes Fri Sep 21 15:41:11 2007 : Debug: eap: cisco_accounting_username_bug = no Fri Sep 21 15:41:11 2007 : Debug: tls: rsa_key_exchange = no Fri Sep 21 15:41:11 2007 : Debug: tls: dh_key_exchange = yes Fri Sep 21 15:41:11 2007 : Debug: tls: rsa_key_length = 512 Fri Sep 21 15:41:11 2007 : Debug: tls: dh_key_length = 512 Fri Sep 21 15:41:11 2007 : Debug: tls: verify_depth = 0 Fri Sep 21 15:41:11 2007 : Debug: tls: CA_path = "(null)" Fri Sep 21 15:41:11 2007 : Debug: tls: pem_file_type = yes Fri Sep 21 15:41:11 2007 : Debug: tls: private_key_file = "/etc/freeradius/certs/radius.grenoble.cnrs.fr.key" Fri Sep 21 15:41:11 2007 : Debug: tls: certificate_file = "/etc/freeradius/certs/radius.grenoble.cnrs.fr.crt" Fri Sep 21 15:41:11 2007 : Debug: tls: CA_file = "/etc/freeradius/certs/CACNRS.pem" Fri Sep 21 15:41:11 2007 : Debug: tls: private_key_password = "(null)" Fri Sep 21 15:41:11 2007 : Debug: tls: dh_file = "/etc/freeradius/certs/dh" Fri Sep 21 15:41:11 2007 : Debug: tls: random_file = "/etc/freeradius/certs/random" Fri Sep 21 15:41:11 2007 : Debug: tls: fragment_size = 1024 Fri Sep 21 15:41:11 2007 : Debug: tls: include_length = yes Fri Sep 21 15:41:11 2007 : Debug: tls: check_crl = no Fri Sep 21 15:41:11 2007 : Debug: tls: check_cert_cn = "(null)" Fri Sep 21 15:41:11 2007 : Debug: tls: cipher_list = "DEFAULT" Fri Sep 21 15:41:11 2007 : Debug: tls: check_cert_issuer = "(null)" Fri Sep 21 15:41:11 2007 : Info: rlm_eap_tls: Loading the certificate file as a chain Fri Sep 21 15:41:11 2007 : Debug: rlm_eap: Loaded and initialized type tls Fri Sep 21 15:41:11 2007 : Debug: ttls: default_eap_type = "md5" Fri Sep 21 15:41:11 2007 : Debug: ttls: copy_request_to_tunnel = yes Fri Sep 21 15:41:11 2007 : Debug: ttls: use_tunneled_reply = yes Fri Sep 21 15:41:11 2007 : Debug: rlm_eap: Loaded and initialized type ttls Fri Sep 21 15:41:11 2007 : Debug: Module: Instantiated eap (eap) Fri Sep 21 15:41:11 2007 : Debug: Module: Loaded preprocess Fri Sep 21 15:41:11 2007 : Debug: preprocess: huntgroups = "/etc/freeradius/huntgroups" Fri Sep 21 15:41:11 2007 : Debug: preprocess: hints = "/etc/freeradius/hints" Fri Sep 21 15:41:11 2007 : Debug: preprocess: with_ascend_hack = no Fri Sep 21 15:41:11 2007 : Debug: preprocess: ascend_channels_per_line = 23 Fri Sep 21 15:41:11 2007 : Debug: preprocess: with_ntdomain_hack = no Fri Sep 21 15:41:11 2007 : Debug: preprocess: with_specialix_jetstream_hack = no Fri Sep 21 15:41:11 2007 : Debug: preprocess: with_cisco_vsa_hack = no Fri Sep 21 15:41:11 2007 : Debug: preprocess: with_alvarion_vsa_hack = no Fri Sep 21 15:41:11 2007 : Debug: Module: Instantiated preprocess (preprocess) Fri Sep 21 15:41:11 2007 : Debug: Module: Loaded realm Fri Sep 21 15:41:11 2007 : Debug: realm: format = "suffix" Fri Sep 21 15:41:11 2007 : Debug: realm: delimiter = "@" Fri Sep 21 15:41:11 2007 : Debug: realm: ignore_default = no Fri Sep 21 15:41:11 2007 : Debug: realm: ignore_null = no Fri Sep 21 15:41:11 2007 : Debug: Module: Instantiated realm (suffix) Fri Sep 21 15:41:11 2007 : Debug: Module: Loaded files Fri Sep 21 15:41:11 2007 : Debug: files: usersfile = "/etc/freeradius/users" Fri Sep 21 15:41:11 2007 : Debug: files: acctusersfile = "/etc/freeradius/acct_users" Fri Sep 21 15:41:11 2007 : Debug: files: preproxy_usersfile = "/etc/freeradius/preproxy_users" Fri Sep 21 15:41:11 2007 : Debug: files: compat = "no" Fri Sep 21 15:41:11 2007 : Debug: Module: Instantiated files (files) Fri Sep 21 15:41:11 2007 : Debug: Module: Loaded PAP Fri Sep 21 15:41:11 2007 : Debug: pap: encryption_scheme = "crypt" Fri Sep 21 15:41:11 2007 : Debug: pap: auto_header = no Fri Sep 21 15:41:11 2007 : Debug: Module: Instantiated pap (pap) Fri Sep 21 15:41:11 2007 : Debug: Module: Loaded Acct-Unique-Session-Id Fri Sep 21 15:41:11 2007 : Debug: acct_unique: key = "User-Name, Acct-Session-Id, NAS-IP-Address, Client-IP-Address, NAS-Port" Fri Sep 21 15:41:11 2007 : Debug: Module: Instantiated acct_unique (acct_unique) Fri Sep 21 15:41:11 2007 : Debug: Module: Loaded detail Fri Sep 21 15:41:11 2007 : Debug: detail: detailfile = "/var/log/freeradius/radacct/%{Client-IP-Address}/detail-%Y%m%d" Fri Sep 21 15:41:11 2007 : Debug: detail: detailperm = 384 Fri Sep 21 15:41:11 2007 : Debug: detail: dirperm = 493 Fri Sep 21 15:41:11 2007 : Debug: detail: locking = no Fri Sep 21 15:41:11 2007 : Debug: Module: Instantiated detail (detail) Fri Sep 21 15:41:11 2007 : Debug: Module: Loaded System Fri Sep 21 15:41:11 2007 : Debug: unix: cache = no Fri Sep 21 15:41:11 2007 : Debug: unix: passwd = "(null)" Fri Sep 21 15:41:11 2007 : Debug: unix: shadow = "(null)" Fri Sep 21 15:41:11 2007 : Debug: unix: group = "(null)" Fri Sep 21 15:41:11 2007 : Debug: unix: radwtmp = "/var/log/freeradius/radwtmp" Fri Sep 21 15:41:11 2007 : Debug: unix: usegroup = no Fri Sep 21 15:41:11 2007 : Debug: unix: cache_reload = 600 Fri Sep 21 15:41:11 2007 : Debug: Module: Instantiated unix (unix) Fri Sep 21 15:41:11 2007 : Debug: Module: Loaded radutmp Fri Sep 21 15:41:11 2007 : Debug: radutmp: filename = "/var/log/freeradius/radutmp" Fri Sep 21 15:41:11 2007 : Debug: radutmp: username = "%{User-Name}" Fri Sep 21 15:41:11 2007 : Debug: radutmp: case_sensitive = yes Fri Sep 21 15:41:11 2007 : Debug: radutmp: check_with_nas = yes Fri Sep 21 15:41:11 2007 : Debug: radutmp: perm = 384 Fri Sep 21 15:41:11 2007 : Debug: radutmp: callerid = yes Fri Sep 21 15:41:11 2007 : Debug: Module: Instantiated radutmp (radutmp) Fri Sep 21 15:41:11 2007 : Debug: Module: Loaded SQL Fri Sep 21 15:41:11 2007 : Debug: sql: driver = "rlm_sql_mysql" Fri Sep 21 15:41:11 2007 : Debug: sql: server = "localhost" Fri Sep 21 15:41:11 2007 : Debug: sql: port = "" Fri Sep 21 15:41:11 2007 : Debug: sql: login = "AcctRadius" Fri Sep 21 15:41:11 2007 : Debug: sql: password = "AcctRadius" Fri Sep 21 15:41:11 2007 : Debug: sql: radius_db = "accounting" Fri Sep 21 15:41:11 2007 : Debug: sql: nas_table = "nas" Fri Sep 21 15:41:11 2007 : Debug: sql: sqltrace = yes Fri Sep 21 15:41:11 2007 : Debug: sql: sqltracefile = "/var/log/freeradius/sqltrace.sql" Fri Sep 21 15:41:11 2007 : Debug: sql: readclients = no Fri Sep 21 15:41:11 2007 : Debug: sql: deletestalesessions = yes Fri Sep 21 15:41:11 2007 : Debug: sql: num_sql_socks = 5 Fri Sep 21 15:41:11 2007 : Debug: sql: sql_user_name = "%{User-Name}" Fri Sep 21 15:41:11 2007 : Debug: sql: default_user_profile = "" Fri Sep 21 15:41:11 2007 : Debug: sql: query_on_not_found = no Fri Sep 21 15:41:11 2007 : Debug: sql: authorize_check_query = "SELECT id, UserName, Attribute, Value, op FROM radcheck WHERE Username = '%{SQL-User-Name}' ORDER BY id" Fri Sep 21 15:41:11 2007 : Debug: sql: authorize_reply_query = "SELECT id, UserName, Attribute, Value, op FROM radreply WHERE Username = '%{SQL-User-Name}' ORDER BY id" Fri Sep 21 15:41:11 2007 : Debug: sql: authorize_group_check_query = "SELECT id, GroupName, Attribute, Value, op FROM radgroupcheck WHERE GroupName = '%{Sql-Group}' ORDER BY id" Fri Sep 21 15:41:11 2007 : Debug: sql: authorize_group_reply_query = "SELECT id, GroupName, Attribute, Value, op FROM radgroupreply WHERE GroupName = '%{Sql-Group}' ORDER BY id" Fri Sep 21 15:41:11 2007 : Debug: sql: accounting_onoff_query = "UPDATE radacct SET AcctStopTime='%S', AcctSessionTime=unix_timestamp('%S') - unix_timestamp(AcctStartTime), AcctTerminateCause='%{Acct-Terminate-Cause}', AcctStopDelay = %{Acct-Delay-Time:-0} WHERE AcctSessionTime=0 AND AcctStopTime=0 AND NASIPAddress= '%{NAS-IP-Address}' AND AcctStartTime <= '%S'" Fri Sep 21 15:41:11 2007 : Debug: sql: accounting_update_query = "UPDATE radacct SET FramedIPAddress = '%{Framed-IP-Address}', AcctSessionTime = '%{Acct-Session-Time}', AcctInputOctets = '%{Acct-Input-Octets}', AcctOutputOctets = '%{Acct-Output-Octets}' WHERE AcctSessionId = '%{Acct-Session-Id}' AND UserName = '%{SQL-User-Name}' AND NASIPAddress= '%{NAS-IP-Address}'" Fri Sep 21 15:41:11 2007 : Debug: sql: accounting_update_query_alt = "INSERT into radacct (AcctSessionId, AcctUniqueId, UserName, Realm, NASIPAddress, NASPortId, NASPortType, AcctStartTime, AcctSessionTime, AcctAuthentic, ConnectInfo_start, AcctInputOctets, AcctOutputOctets, CalledStationId, CallingStationId, ServiceType, FramedProtocol, FramedIPAddress, AcctStartDelay) values('%{Acct-Session-Id}', '%{Acct-Unique-Session-Id}', '%{SQL-User-Name}', '%{Realm}', '%{NAS-IP-Address}', '%{NAS-Port}', '%{NAS-Port-Type}', DATE_SUB('%S',INTERVAL (%{Acct-Session-Time:-0} + %{Acct-Delay-Time:-0}) SECOND), '%{Acct-Session-Time}', '%{Acct-Authentic}', '', '%{Acct-Input-Octets}', '%{Acct-Output-Octets}', '%{Called-Station-Id}', '%{Calling-Station-Id}', '%{Service-Type}', '%{Framed-Protocol}', '%{Framed-IP-Address}', '0')" Fri Sep 21 15:41:11 2007 : Debug: sql: accounting_start_query = "INSERT into radacct (AcctSessionId, AcctUniqueId, UserName, Realm, NASIPAddress, NASPortId, NASPortType, AcctStartTime, AcctStopTime, AcctSessionTime, AcctAuthentic, ConnectInfo_start, ConnectInfo_stop, AcctInputOctets, AcctOutputOctets, CalledStationId, CallingStationId, AcctTerminateCause, ServiceType, FramedProtocol, FramedIPAddress, AcctStartDelay, AcctStopDelay) values('%{Acct-Session-Id}', '%{Acct-Unique-Session-Id}', '%{SQL-User-Name}', '%{Realm}', '%{NAS-IP-Address}', '%{NAS-Port}', '%{NAS-Port-Type}', '%S', '0', '0', '%{Acct-Authentic}', '%{Connect-Info}', '', '0', '0', '%{Called-Station-Id}', '%{Calling-Station-Id}', '', '%{Service-Type}', '%{Framed-Protocol}', '%{Framed-IP-Address}', '%{Acct-Delay-Time:-0}', '0')" Fri Sep 21 15:41:11 2007 : Debug: sql: accounting_start_query_alt = "UPDATE radacct SET AcctStartTime = '%S', AcctStartDelay = '%{Acct-Delay-Time:-0}', ConnectInfo_start = '%{Connect-Info}' WHERE AcctSessionId = '%{Acct-Session-Id}' AND UserName = '%{SQL-User-Name}' AND NASIPAddress = '%{NAS-IP-Address}'" Fri Sep 21 15:41:11 2007 : Debug: sql: accounting_stop_query = "UPDATE radacct SET AcctStopTime = '%S', AcctSessionTime = '%{Acct-Session-Time}', AcctInputOctets = '%{Acct-Input-Octets}', AcctOutputOctets = '%{Acct-Output-Octets}', AcctTerminateCause = '%{Acct-Terminate-Cause}', AcctStopDelay = '%{Acct-Delay-Time:-0}', ConnectInfo_stop = '%{Connect-Info}' WHERE AcctSessionId = '%{Acct-Session-Id}' AND UserName = '%{SQL-User-Name}' AND NASIPAddress = '%{NAS-IP-Address}'" Fri Sep 21 15:41:11 2007 : Debug: sql: accounting_stop_query_alt = "INSERT into radacct (AcctSessionId, AcctUniqueId, UserName, Realm, NASIPAddress, NASPortId, NASPortType, AcctStartTime, AcctStopTime, AcctSessionTime, AcctAuthentic, ConnectInfo_start, ConnectInfo_stop, AcctInputOctets, AcctOutputOctets, CalledStationId, CallingStationId, AcctTerminateCause, ServiceType, FramedProtocol, FramedIPAddress, AcctStartDelay, AcctStopDelay) values('%{Acct-Session-Id}', '%{Acct-Unique-Session-Id}', '%{SQL-User-Name}', '%{Realm}', '%{NAS-IP-Address}', '%{NAS-Port}', '%{NAS-Port-Type}', DATE_SUB('%S', INTERVAL (%{Acct-Session-Time:-0} + %{Acct-Delay-Time:-0}) SECOND), '%S', '%{Acct-Session-Time}', '%{Acct-Authentic}', '', '%{Connect-Info}', '%{Acct-Input-Octets}', '%{Acct-Output-Octets}', '%{Called-Station-Id}', '%{Calling-Station-Id}', '%{Acct-Terminate-Cause}', '%{Service-Type}', '%{Framed-Protocol}', '%{Framed-IP-Address}', '0', '%{Acct-Delay-Time:-0}')" Fri Sep 21 15:41:11 2007 : Debug: sql: group_membership_query = "SELECT GroupName FROM radusergroup WHERE UserName = '%{SQL-User-Name}' ORDER BY priority" Fri Sep 21 15:41:11 2007 : Debug: sql: connect_failure_retry_delay = 60 Fri Sep 21 15:41:11 2007 : Debug: sql: simul_count_query = "" Fri Sep 21 15:41:11 2007 : Debug: sql: simul_verify_query = "SELECT RadAcctId, AcctSessionId, UserName, NASIPAddress, NASPortId, FramedIPAddress, CallingStationId, FramedProtocol FROM radacct WHERE UserName='%{SQL-User-Name}' AND AcctStopTime = 0" Fri Sep 21 15:41:11 2007 : Debug: sql: postauth_query = "INSERT into radpostauth (id, user, pass, reply, date) values ('', '%{User-Name}', '%{User-Password:-Chap-Password}', '%{reply:Packet-Type}', '%S')" Fri Sep 21 15:41:11 2007 : Debug: sql: safe-characters = "@abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789.-_: /" Fri Sep 21 15:41:11 2007 : Info: rlm_sql (sql): Driver rlm_sql_mysql (module rlm_sql_mysql) loaded and linked Fri Sep 21 15:41:11 2007 : Info: rlm_sql (sql): Attempting to connect to AcctRadius@localhost:/accounting Fri Sep 21 15:41:11 2007 : Debug: rlm_sql (sql): starting 0 Fri Sep 21 15:41:11 2007 : Debug: rlm_sql (sql): Attempting to connect rlm_sql_mysql #0 Fri Sep 21 15:41:11 2007 : Info: rlm_sql_mysql: Starting connect to MySQL server for #0 Fri Sep 21 15:41:11 2007 : Debug: rlm_sql (sql): Connected new DB handle, #0 Fri Sep 21 15:41:11 2007 : Debug: rlm_sql (sql): starting 1 Fri Sep 21 15:41:11 2007 : Debug: rlm_sql (sql): Attempting to connect rlm_sql_mysql #1 Fri Sep 21 15:41:11 2007 : Info: rlm_sql_mysql: Starting connect to MySQL server for #1 Fri Sep 21 15:41:11 2007 : Debug: rlm_sql (sql): Connected new DB handle, #1 Fri Sep 21 15:41:11 2007 : Debug: rlm_sql (sql): starting 2 Fri Sep 21 15:41:11 2007 : Debug: rlm_sql (sql): Attempting to connect rlm_sql_mysql #2 Fri Sep 21 15:41:11 2007 : Info: rlm_sql_mysql: Starting connect to MySQL server for #2 Fri Sep 21 15:41:11 2007 : Debug: rlm_sql (sql): Connected new DB handle, #2 Fri Sep 21 15:41:11 2007 : Debug: rlm_sql (sql): starting 3 Fri Sep 21 15:41:11 2007 : Debug: rlm_sql (sql): Attempting to connect rlm_sql_mysql #3 Fri Sep 21 15:41:11 2007 : Info: rlm_sql_mysql: Starting connect to MySQL server for #3 Fri Sep 21 15:41:11 2007 : Debug: rlm_sql (sql): Connected new DB handle, #3 Fri Sep 21 15:41:11 2007 : Debug: rlm_sql (sql): starting 4 Fri Sep 21 15:41:11 2007 : Debug: rlm_sql (sql): Attempting to connect rlm_sql_mysql #4 Fri Sep 21 15:41:11 2007 : Info: rlm_sql_mysql: Starting connect to MySQL server for #4 Fri Sep 21 15:41:11 2007 : Debug: rlm_sql (sql): Connected new DB handle, #4 Fri Sep 21 15:41:11 2007 : Debug: Module: Instantiated sql (sql) Fri Sep 21 15:41:11 2007 : Debug: Module: Loaded attr_filter Fri Sep 21 15:41:11 2007 : Debug: attr_filter: attrsfile = "/etc/freeradius/attrs.accounting_response" Fri Sep 21 15:41:11 2007 : Error: rlm_attr_filter: Authorize method will be deprecated. Fri Sep 21 15:41:11 2007 : Debug: Module: Instantiated attr_filter (attr_filter.accounting_response) Fri Sep 21 15:41:11 2007 : Debug: detail: detailfile = "/var/log/freeradius/radacct/%{Client-IP-Address}/pre-proxy-detail-%Y%m%d" Fri Sep 21 15:41:11 2007 : Debug: detail: detailperm = 384 Fri Sep 21 15:41:11 2007 : Debug: detail: dirperm = 493 Fri Sep 21 15:41:11 2007 : Debug: detail: locking = no Fri Sep 21 15:41:11 2007 : Debug: Module: Instantiated detail (pre_proxy_log) Fri Sep 21 15:41:11 2007 : Debug: detail: detailfile = "/var/log/freeradius/radacct/%{Client-IP-Address}/post-proxy-detail-%Y%m%d" Fri Sep 21 15:41:11 2007 : Debug: detail: detailperm = 384 Fri Sep 21 15:41:11 2007 : Debug: detail: dirperm = 493 Fri Sep 21 15:41:11 2007 : Debug: detail: locking = no Fri Sep 21 15:41:11 2007 : Debug: Module: Instantiated detail (post_proxy_log) Fri Sep 21 15:41:11 2007 : Debug: attr_filter: attrsfile = "/etc/freeradius/attrs" Fri Sep 21 15:41:11 2007 : Error: rlm_attr_filter: Authorize method will be deprecated. Fri Sep 21 15:41:11 2007 : Debug: Module: Instantiated attr_filter (attr_filter.post-proxy) Fri Sep 21 15:41:11 2007 : Debug: detail: detailfile = "/var/log/freeradius/radacct/%{Client-IP-Address}/post-proxy-detail-%Y%m%d-filtre" Fri Sep 21 15:41:11 2007 : Debug: detail: detailperm = 384 Fri Sep 21 15:41:11 2007 : Debug: detail: dirperm = 493 Fri Sep 21 15:41:11 2007 : Debug: detail: locking = no Fri Sep 21 15:41:11 2007 : Debug: Module: Instantiated detail (post_proxy_log_filtre) Fri Sep 21 15:41:11 2007 : Debug: Listening on authentication *:1812 Fri Sep 21 15:41:11 2007 : Debug: Listening on accounting *:1813 Fri Sep 21 15:41:11 2007 : Debug: Listening on proxy *:1814 Fri Sep 21 15:41:11 2007 : Info: Ready to process requests. rad_recv: Accounting-Request packet from host 147.173.1.16:1814, id=25, length=219 NAS-IP-Address = 147.173.3.58 NAS-Port = 50014 NAS-Port-Type = Ethernet User-Name = "dom.test@grenoble.cnrs.fr" Called-Station-Id = "00-09-7C-76-5D-8E" Calling-Station-Id = "00-30-13-C5-96-6D" Acct-Status-Type = Stop Acct-Authentic = RADIUS Acct-Session-Id = "147.173.3.58 dom.test@grenoble.cnrs.fr 03/01/93 22:27:07 0000000B" Acct-Terminate-Cause = Port-Error Acct-Input-Octets = 3050 Acct-Output-Octets = 3783 Acct-Session-Time = 29 Acct-Delay-Time = 0 Proxy-State = 0x3234 Proxy-State = 0x33 Fri Sep 21 15:41:15 2007 : Debug: Processing the preacct section of radiusd.conf Fri Sep 21 15:41:15 2007 : Debug: modcall: entering group preacct for request 0 Fri Sep 21 15:41:15 2007 : Debug: modsingle[preacct]: calling preprocess (rlm_preprocess) for request 0 Fri Sep 21 15:41:15 2007 : Debug: modsingle[preacct]: returned from preprocess (rlm_preprocess) for request 0 Fri Sep 21 15:41:15 2007 : Debug: modcall[preacct]: module "preprocess" returns noop for request 0 Fri Sep 21 15:41:15 2007 : Debug: modsingle[preacct]: calling acct_unique (rlm_acct_unique) for request 0 Fri Sep 21 15:41:15 2007 : Debug: rlm_acct_unique: Hashing 'NAS-Port = 50014,Client-IP-Address = 147.173.1.16,NAS-IP-Address = 147.173.3.58,Acct-Session-Id = "147.173.3.58 dom.test@grenoble.cnrs.fr 03/01/93 22:27:07 0000000B",User-Name = "dom.test@grenoble.cnrs.fr"' Fri Sep 21 15:41:15 2007 : Debug: rlm_acct_unique: Acct-Unique-Session-ID = "f1c9a3ec17a71ebe". Fri Sep 21 15:41:15 2007 : Debug: modsingle[preacct]: returned from acct_unique (rlm_acct_unique) for request 0 Fri Sep 21 15:41:15 2007 : Debug: modcall[preacct]: module "acct_unique" returns ok for request 0 Fri Sep 21 15:41:15 2007 : Debug: modsingle[preacct]: calling suffix (rlm_realm) for request 0 Fri Sep 21 15:41:15 2007 : Debug: rlm_realm: Looking up realm "grenoble.cnrs.fr" for User-Name = "dom.test@grenoble.cnrs.fr" Fri Sep 21 15:41:15 2007 : Debug: rlm_realm: Found realm "grenoble.cnrs.fr" Fri Sep 21 15:41:15 2007 : Debug: rlm_realm: Proxying request from user dom.test to realm grenoble.cnrs.fr Fri Sep 21 15:41:15 2007 : Debug: rlm_realm: Adding Realm = "grenoble.cnrs.fr" Fri Sep 21 15:41:15 2007 : Debug: rlm_realm: Accounting realm is LOCAL. Fri Sep 21 15:41:15 2007 : Debug: modsingle[preacct]: returned from suffix (rlm_realm) for request 0 Fri Sep 21 15:41:15 2007 : Debug: modcall[preacct]: module "suffix" returns noop for request 0 Fri Sep 21 15:41:15 2007 : Debug: modsingle[preacct]: calling files (rlm_files) for request 0 Fri Sep 21 15:41:15 2007 : Debug: modsingle[preacct]: returned from files (rlm_files) for request 0 Fri Sep 21 15:41:15 2007 : Debug: modcall[preacct]: module "files" returns noop for request 0 Fri Sep 21 15:41:15 2007 : Debug: modcall: leaving group preacct (returns ok) for request 0 Fri Sep 21 15:41:15 2007 : Debug: Processing the accounting section of radiusd.conf Fri Sep 21 15:41:15 2007 : Debug: modcall: entering group accounting for request 0 Fri Sep 21 15:41:15 2007 : Debug: modsingle[accounting]: calling detail (rlm_detail) for request 0 Fri Sep 21 15:41:15 2007 : Debug: radius_xlat: '/var/log/freeradius/radacct/147.173.1.16/detail-20070921' Fri Sep 21 15:41:15 2007 : Debug: rlm_detail: /var/log/freeradius/radacct/%{Client-IP-Address}/detail-%Y%m%d expands to /var/log/freeradius/radacct/147.173.1.16/detail-20070921 Fri Sep 21 15:41:15 2007 : Debug: modsingle[accounting]: returned from detail (rlm_detail) for request 0 Fri Sep 21 15:41:15 2007 : Debug: modcall[accounting]: module "detail" returns ok for request 0 Fri Sep 21 15:41:15 2007 : Debug: modsingle[accounting]: calling unix (rlm_unix) for request 0 Fri Sep 21 15:41:15 2007 : Debug: modsingle[accounting]: returned from unix (rlm_unix) for request 0 Fri Sep 21 15:41:15 2007 : Debug: modcall[accounting]: module "unix" returns ok for request 0 Fri Sep 21 15:41:15 2007 : Debug: modsingle[accounting]: calling radutmp (rlm_radutmp) for request 0 Fri Sep 21 15:41:15 2007 : Debug: radius_xlat: '/var/log/freeradius/radutmp' Fri Sep 21 15:41:15 2007 : Debug: radius_xlat: 'dom.test@grenoble.cnrs.fr' Fri Sep 21 15:41:15 2007 : Debug: modsingle[accounting]: returned from radutmp (rlm_radutmp) for request 0 Fri Sep 21 15:41:15 2007 : Debug: modcall[accounting]: module "radutmp" returns ok for request 0 Fri Sep 21 15:41:15 2007 : Debug: modsingle[accounting]: calling sql (rlm_sql) for request 0 Fri Sep 21 15:41:15 2007 : Debug: radius_xlat: 'dom.test@grenoble.cnrs.fr' Fri Sep 21 15:41:15 2007 : Debug: rlm_sql (sql): sql_set_user escaped user --> 'dom.test@grenoble.cnrs.fr' Fri Sep 21 15:41:15 2007 : Debug: radius_xlat: 'UPDATE radacct SET AcctStopTime = '2007-09-21 15:41:15', AcctSessionTime = '29', AcctInputOctets = '3050', AcctOutputOctets = '3783', AcctTerminateCause = 'Port-Error', AcctStopDelay = '0', ConnectInfo_stop = '' WHERE AcctSessionId = '147.173.3.58 dom.test@grenoble.cnrs.fr 03/01/93 22:27:07 0000000B' AND UserName = 'dom.test@grenoble.cnrs.fr' AND NASIPAddress = '147.173.3.58'' Fri Sep 21 15:41:15 2007 : Debug: radius_xlat: '/var/log/freeradius/sqltrace.sql' Fri Sep 21 15:41:15 2007 : Debug: rlm_sql (sql): Reserving sql socket id: 4 Fri Sep 21 15:41:15 2007 : Debug: rlm_sql_mysql: query: UPDATE radacct SET AcctStopTime = '2007-09-21 15:41:15', AcctSessionTime = '29', AcctInputOctets = '3050', AcctOutputOctets = '3783', AcctTerminateCause = 'Port-Error', AcctStopDelay = '0', ConnectInfo_stop = '' WHERE AcctSessionId = '147.173.3.58 dom.test@grenoble.cnrs.fr 03/01/93 22:27:07 0000000B' AND UserName = 'dom.test@grenoble.cnrs.fr' AND NASIPAddress = '147.173.3.58' Fri Sep 21 15:41:15 2007 : Debug: rlm_sql (sql): Released sql socket id: 4 Fri Sep 21 15:41:15 2007 : Debug: modsingle[accounting]: returned from sql (rlm_sql) for request 0 Fri Sep 21 15:41:15 2007 : Debug: modcall[accounting]: module "sql" returns ok for request 0 Fri Sep 21 15:41:15 2007 : Debug: modsingle[accounting]: calling attr_filter.accounting_response (rlm_attr_filter) for request 0 Fri Sep 21 15:41:15 2007 : Debug: attr_filter: Matched entry DEFAULT at line 12 Fri Sep 21 15:41:15 2007 : Debug: modsingle[accounting]: returned from attr_filter.accounting_response (rlm_attr_filter) for request 0 Fri Sep 21 15:41:15 2007 : Debug: modcall[accounting]: module "attr_filter.accounting_response" returns updated for request 0 Fri Sep 21 15:41:15 2007 : Debug: modcall: leaving group accounting (returns updated) for request 0 Sending Accounting-Response of id 25 to 147.173.1.16 port 1814 Proxy-State = 0x3234 Proxy-State = 0x33 Fri Sep 21 15:41:15 2007 : Debug: Finished request 0 Fri Sep 21 15:41:15 2007 : Debug: Going to the next request Fri Sep 21 15:41:15 2007 : Debug: --- Walking the entire request list --- Fri Sep 21 15:41:15 2007 : Debug: Waking up in 6 seconds... Fri Sep 21 15:41:21 2007 : Debug: --- Walking the entire request list --- Fri Sep 21 15:41:21 2007 : Debug: Cleaning up request 0 ID 25 with timestamp 46f3c9fb Fri Sep 21 15:41:21 2007 : Debug: Nothing to do. Sleeping until we see a request. rad_recv: Access-Request packet from host 147.173.1.16:1814, id=248, length=175 NAS-IP-Address = 147.173.3.58 NAS-Port = 50014 NAS-Port-Type = Ethernet User-Name = "visiteur3@grenoble.cnrs.fr" Called-Station-Id = "00-09-7C-76-5D-8E" Calling-Station-Id = "00-30-13-C5-96-6D" Service-Type = Framed-User Framed-MTU = 1500 EAP-Message = 0x0200001f01766973697465757233406772656e6f626c652e636e72732e6672 Message-Authenticator = 0xd4727b65398b1935b1debe147e8aeaaf Proxy-State = 0x3236 Proxy-State = 0x3132 Fri Sep 21 15:41:30 2007 : Debug: Processing the authorize section of radiusd.conf Fri Sep 21 15:41:30 2007 : Debug: modcall: entering group authorize for request 1 Fri Sep 21 15:41:30 2007 : Debug: modsingle[authorize]: calling preprocess (rlm_preprocess) for request 1 Fri Sep 21 15:41:30 2007 : Debug: modsingle[authorize]: returned from preprocess (rlm_preprocess) for request 1 Fri Sep 21 15:41:30 2007 : Debug: modcall[authorize]: module "preprocess" returns ok for request 1 Fri Sep 21 15:41:30 2007 : Debug: modsingle[authorize]: calling suffix (rlm_realm) for request 1 Fri Sep 21 15:41:30 2007 : Debug: rlm_realm: Looking up realm "grenoble.cnrs.fr" for User-Name = "visiteur3@grenoble.cnrs.fr" Fri Sep 21 15:41:30 2007 : Debug: rlm_realm: Found realm "grenoble.cnrs.fr" Fri Sep 21 15:41:30 2007 : Debug: rlm_realm: Proxying request from user visiteur3 to realm grenoble.cnrs.fr Fri Sep 21 15:41:30 2007 : Debug: rlm_realm: Adding Realm = "grenoble.cnrs.fr" Fri Sep 21 15:41:30 2007 : Debug: rlm_realm: Authentication realm is LOCAL. Fri Sep 21 15:41:30 2007 : Debug: modsingle[authorize]: returned from suffix (rlm_realm) for request 1 Fri Sep 21 15:41:30 2007 : Debug: modcall[authorize]: module "suffix" returns noop for request 1 Fri Sep 21 15:41:30 2007 : Debug: modsingle[authorize]: calling eap (rlm_eap) for request 1 Fri Sep 21 15:41:30 2007 : Debug: rlm_eap: EAP packet type response id 0 length 31 Fri Sep 21 15:41:30 2007 : Debug: rlm_eap: No EAP Start, assuming it's an on-going EAP conversation Fri Sep 21 15:41:30 2007 : Debug: modsingle[authorize]: returned from eap (rlm_eap) for request 1 Fri Sep 21 15:41:30 2007 : Debug: modcall[authorize]: module "eap" returns updated for request 1 Fri Sep 21 15:41:30 2007 : Debug: modsingle[authorize]: calling files (rlm_files) for request 1 Fri Sep 21 15:41:30 2007 : Debug: users: Matched entry DEFAULT at line 254 Fri Sep 21 15:41:30 2007 : Debug: modsingle[authorize]: returned from files (rlm_files) for request 1 Fri Sep 21 15:41:30 2007 : Debug: modcall[authorize]: module "files" returns ok for request 1 Fri Sep 21 15:41:30 2007 : Debug: modsingle[authorize]: calling pap (rlm_pap) for request 1 Fri Sep 21 15:41:30 2007 : Debug: rlm_pap: Found existing Auth-Type, not changing it. Fri Sep 21 15:41:30 2007 : Debug: modsingle[authorize]: returned from pap (rlm_pap) for request 1 Fri Sep 21 15:41:30 2007 : Debug: modcall[authorize]: module "pap" returns noop for request 1 Fri Sep 21 15:41:30 2007 : Debug: modcall: leaving group authorize (returns updated) for request 1 Fri Sep 21 15:41:30 2007 : Debug: rad_check_password: Found Auth-Type Reject Fri Sep 21 15:41:30 2007 : Debug: rad_check_password: Auth-Type = Reject, rejecting user Fri Sep 21 15:41:30 2007 : Debug: auth: Failed to validate the user. Fri Sep 21 15:41:30 2007 : Auth: Login incorrect: [visiteur3@grenoble.cnrs.fr] (from client LISTES port 50014 cli 00-30-13-C5-96-6D) Fri Sep 21 15:41:30 2007 : Debug: Delaying request 1 for 1 seconds Fri Sep 21 15:41:30 2007 : Debug: Finished request 1 Fri Sep 21 15:41:30 2007 : Debug: Going to the next request Fri Sep 21 15:41:30 2007 : Debug: --- Walking the entire request list --- Fri Sep 21 15:41:30 2007 : Debug: Waking up in 1 seconds... Fri Sep 21 15:41:31 2007 : Debug: --- Walking the entire request list --- Fri Sep 21 15:41:31 2007 : Debug: Waking up in 1 seconds... Fri Sep 21 15:41:32 2007 : Debug: --- Walking the entire request list --- Sending Access-Reject of id 248 to 147.173.1.16 port 1814 Proxy-State = 0x3236 Proxy-State = 0x3132 Fri Sep 21 15:41:32 2007 : Debug: Waking up in 4 seconds... Fri Sep 21 15:41:36 2007 : Debug: --- Walking the entire request list --- Fri Sep 21 15:41:36 2007 : Debug: Cleaning up request 1 ID 248 with timestamp 46f3ca0a Fri Sep 21 15:41:36 2007 : Debug: Nothing to do. Sleeping until we see a request.