dir-300 и freeradius. Как подружить

[Гость]

читайте внимательно лог
реалм(или nt domain) вы не отсекли

rlm_mschap: NT Domain delimeter found, should we have enabled with_ntdomain_hack?

[Хостинг HostFood.ru]

Тарифы на хостинг в России, от 12 рублей: https://www.host-food.ru/tariffs/hosting/
Тарифы на виртуальные сервера (VPS/VDS/KVM) в РФ, от 189 руб.: https://www.host-food.ru/tariffs/virtualny-server-vps/
Выделенные сервера, Россия, Москва, от 2000 рублей (HP Proliant G5, Intel Xeon E5430 (2.66GHz, Quad-Core, 12Mb), 8Gb RAM, 2x300Gb SAS HDD, P400i, 512Mb, BBU):
https://www.host-food.ru/tariffs/vydelennyi-server-ds/
Недорогие домены в популярных зонах: https://www.host-food.ru/domains/

[Ытя]

Снес proxy.conf, отредактировал radiusd.conf (убрал ЛДАП, убрал все что касается доменов, НТ, суффиксов и \\)

Код: Выделить всё

Starting - reading configuration files ...
reread_config:  reading radiusd.conf
Config:   including file: /usr/local/etc/raddb/clients.conf
Config:   including file: /usr/local/etc/raddb/eap.conf
Config:   including file: /usr/local/etc/raddb/sql.conf
 main: prefix = "/usr/local"
 main: localstatedir = "/var"
 main: logdir = "/var/log"
 main: libdir = "/usr/local/lib"
 main: radacctdir = "/var/log/radacct"
 main: hostname_lookups = no
 main: max_request_time = 30
 main: cleanup_delay = 5
 main: max_requests = 1024
 main: delete_blocked_requests = 0
 main: port = 1812
 main: allow_core_dumps = no
 main: log_stripped_names = yes
 main: log_file = "/var/log/radius.log"
 main: log_auth = yes
 main: log_auth_badpass = yes
 main: log_auth_goodpass = yes
 main: pidfile = "/var/run/radiusd/radiusd.pid"
 main: user = "root"
 main: group = "nobody"
 main: usercollide = no
 main: lower_user = "no"
 main: lower_pass = "no"
 main: nospace_user = "no"
 main: nospace_pass = "no"
 main: checkrad = "/usr/local/sbin/checkrad"
 main: proxy_requests = no
 security: max_attributes = 200
 security: reject_delay = 1
 security: status_server = no
 main: debug_level = 0
read_config_files:  reading dictionary
read_config_files:  reading naslist
Using deprecated naslist file.  Support for this will go away soon.
read_config_files:  reading clients
Using deprecated clients file.  Support for this will go away soon.
read_config_files:  reading realms
radiusd:  entering modules setup
Module: Library search path is /usr/local/lib
Module: Loaded exec
 exec: wait = yes
 exec: program = "(null)"
 exec: input_pairs = "request"
 exec: output_pairs = "(null)"
 exec: packet_type = "(null)"
rlm_exec: Wait=yes but no output defined. Did you mean output=none?
Module: Instantiated exec (exec)
Module: Loaded expr
Module: Instantiated expr (expr)
Module: Loaded PAP
 pap: encryption_scheme = "crypt"
 pap: auto_header = yes
Module: Instantiated pap (pap)
Module: Loaded CHAP
Module: Instantiated chap (chap)
Module: Loaded MS-CHAP
 mschap: use_mppe = yes
 mschap: require_encryption = no
 mschap: require_strong = no
 mschap: with_ntdomain_hack = no
 mschap: passwd = "(null)"
 mschap: ntlm_auth = "(null)"
Module: Instantiated mschap (mschap)
Module: Loaded System
 unix: cache = no
 unix: passwd = "(null)"
 unix: shadow = "(null)"
 unix: group = "(null)"
 unix: radwtmp = "/var/log/radwtmp"
 unix: usegroup = no
 unix: cache_reload = 600
Module: Instantiated unix (unix)
Module: Loaded eap
 eap: default_eap_type = "md5"
 eap: timer_expire = 60
 eap: ignore_unknown_eap_types = no
 eap: cisco_accounting_username_bug = no
rlm_eap: Loaded and initialized type md5
rlm_eap: Loaded and initialized type leap
 gtc: challenge = "Password: "
 gtc: auth_type = "PAP"
rlm_eap: Loaded and initialized type gtc
 tls: rsa_key_exchange = no
 tls: dh_key_exchange = yes
 tls: rsa_key_length = 512
 tls: dh_key_length = 512
 tls: verify_depth = 0
 tls: CA_path = "(null)"
 tls: pem_file_type = yes
 tls: private_key_file = "/usr/local/etc/raddb/certs/cert-srv.pem"
 tls: certificate_file = "/usr/local/etc/raddb/certs/cert-srv.pem"
 tls: CA_file = "/usr/local/etc/raddb/certs/demoCA/cacert.pem"
 tls: private_key_password = "whatever"
 tls: dh_file = "/usr/local/etc/raddb/certs/dh"
 tls: random_file = "/usr/local/etc/raddb/certs/random"
 tls: fragment_size = 1024
 tls: include_length = yes
 tls: check_crl = no
 tls: check_cert_cn = "(null)"
 tls: cipher_list = "(null)"
 tls: check_cert_issuer = "(null)"
rlm_eap_tls: Loading the certificate file as a chain
rlm_eap: Loaded and initialized type tls
 ttls: default_eap_type = "md5"
 ttls: copy_request_to_tunnel = no
 ttls: use_tunneled_reply = no
rlm_eap: Loaded and initialized type ttls
 peap: default_eap_type = "mschapv2"
 peap: copy_request_to_tunnel = no
 peap: use_tunneled_reply = no
 peap: proxy_tunneled_request_as_eap = yes
rlm_eap: Loaded and initialized type peap
 mschapv2: with_ntdomain_hack = no
rlm_eap: Loaded and initialized type mschapv2
Module: Instantiated eap (eap)
Module: Loaded SQL
 sql: driver = "rlm_sql_mysql"
 sql: server = "localhost"
 sql: port = ""
 sql: login = "root"
 sql: password = ""
 sql: radius_db = "wifi"
 sql: nas_table = "nas"
 sql: sqltrace = no
 sql: sqltracefile = "/var/log/sqltrace.sql"
 sql: readclients = no
 sql: deletestalesessions = yes
 sql: num_sql_socks = 5
 sql: sql_user_name = "%{User-Name}"
 sql: default_user_profile = ""
 sql: query_on_not_found = no
 sql: authorize_check_query = "SELECT id, wpa, 'Cleartext-Password', passwd, ':=' FROM wifi WHERE wpa = '%{SQL-User-Name}' ORDER BY id"
 sql: authorize_reply_query = ""
 sql: authorize_group_check_query = ""
 sql: authorize_group_reply_query = ""
 sql: accounting_onoff_query = ""
 sql: accounting_update_query = ""
 sql: accounting_update_query_alt = ""
 sql: accounting_start_query = ""
 sql: accounting_start_query_alt = ""
 sql: accounting_stop_query = ""
 sql: accounting_stop_query_alt = ""
 sql: group_membership_query = ""
 sql: connect_failure_retry_delay = 60
 sql: simul_count_query = ""
 sql: simul_verify_query = ""
 sql: postauth_query = ""
 sql: safe-characters = "@abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789.-_: /"
rlm_sql (sql): Driver rlm_sql_mysql (module rlm_sql_mysql) loaded and linked
rlm_sql (sql): Attempting to connect to root@localhost:/wifi
rlm_sql (sql): starting 0
rlm_sql (sql): Attempting to connect rlm_sql_mysql #0
rlm_sql_mysql: Starting connect to MySQL server for #0
rlm_sql (sql): Connected new DB handle, #0
rlm_sql (sql): starting 1
rlm_sql (sql): Attempting to connect rlm_sql_mysql #1
rlm_sql_mysql: Starting connect to MySQL server for #1
rlm_sql (sql): Connected new DB handle, #1
rlm_sql (sql): starting 2
rlm_sql (sql): Attempting to connect rlm_sql_mysql #2
rlm_sql_mysql: Starting connect to MySQL server for #2
rlm_sql (sql): Connected new DB handle, #2
rlm_sql (sql): starting 3
rlm_sql (sql): Attempting to connect rlm_sql_mysql #3
rlm_sql_mysql: Starting connect to MySQL server for #3
rlm_sql (sql): Connected new DB handle, #3
rlm_sql (sql): starting 4
rlm_sql (sql): Attempting to connect rlm_sql_mysql #4
rlm_sql_mysql: Starting connect to MySQL server for #4
rlm_sql (sql): Connected new DB handle, #4
Module: Instantiated sql (sql)
Module: Loaded Acct-Unique-Session-Id
 acct_unique: key = "User-Name, Acct-Session-Id, NAS-IP-Address, Client-IP-Address, NAS-Port"
Module: Instantiated acct_unique (acct_unique)
Module: Loaded detail
 detail: detailfile = "/var/log/radacct/%{Client-IP-Address}/detail-%Y%m%d"
 detail: detailperm = 384
 detail: dirperm = 493
 detail: locking = no
Module: Instantiated detail (detail)
Module: Loaded radutmp
 radutmp: filename = "/var/log/radutmp"
 radutmp: username = "%{User-Name}"
 radutmp: case_sensitive = yes
 radutmp: check_with_nas = yes
 radutmp: perm = 384
 radutmp: callerid = yes
Module: Instantiated radutmp (radutmp)
Listening on authentication *:1812
Listening on accounting *:1813
Ready to process requests.

при авторизации тоже самое.

доктор, скажите, это не лечится?

[vadim64]

он у вас загрузился и всё, произведите попытку авторизации на нём

[Гость]

это звиздец, а звиздец не излечим

mschapv2: with_ntdomain_hack = no

по логу два раза фигурирует как NO
а должно быть YES

переведите фразу выше что я вам сказал
и в гугл параметр вбить

[Ытя]

Хорошо. Я - больной. Сделал я хак НТ домена = Уес
Вот теперь я вообще ничего не понимаю:

Код: Выделить всё

rad_recv: Access-Request packet from host 10.10.10.95:3073, id=122, length=152
        User-Name = "ADMIN\\abcd"
        NAS-Port = 0
        Called-Station-Id = "F0-7D-68-8A-93-22:test"
        Calling-Station-Id = "00-1F-C6-ED-69-0A"
        Framed-MTU = 1400
        NAS-Port-Type = Wireless-802.11
        Connect-Info = "CONNECT 11Mbps 802.11b"
        EAP-Message = 0x0201000f0141444d494e5c61626364
        Message-Authenticator = 0x86ff167721c0e821561d9c91dd46db1d
  Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 0
  modcall[authorize]: module "chap" returns noop for request 0
  modcall[authorize]: module "mschap" returns noop for request 0
  rlm_eap: EAP packet type response id 1 length 15
  rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
  modcall[authorize]: module "eap" returns updated for request 0
radius_xlat:  'ADMIN\\abcd'
rlm_sql (sql): sql_set_user escaped user --> 'ADMIN\\abcd'
radius_xlat:  'SELECT id, wpa, 'Cleartext-Password', passwd, ':=' FROM wifi WHERE wpa = 'ADMIN=5C=5C=5C=5Cabcd' ORDER BY id'
rlm_sql (sql): Reserving sql socket id: 4
radius_xlat:  ''
radius_xlat:  ''
radius_xlat:  ''
rlm_sql (sql): Released sql socket id: 4
  modcall[authorize]: module "sql" returns ok for request 0
rlm_pap: Found existing Auth-Type, not changing it.
  modcall[authorize]: module "pap" returns noop for request 0
modcall: leaving group authorize (returns updated) for request 0
  rad_check_password:  Found Auth-Type EAP
auth: type "EAP"
  Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 0
  rlm_eap: EAP Identity
  rlm_eap: processing type md5
rlm_eap_md5: Issuing Challenge
  modcall[authenticate]: module "eap" returns handled for request 0
modcall: leaving group authenticate (returns handled) for request 0
Sending Access-Challenge of id 122 to 10.10.10.95 port 3073
        EAP-Message = 0x01020016041027f1ac88f5753ada292cdc3ce9784445
        Message-Authenticator = 0x00000000000000000000000000000000
        State = 0x975a06f5bc3366bfb7d7cab1bc58e175
Finished request 0
Going to the next request
--- Walking the entire request list ---
Waking up in 6 seconds...
rad_recv: Access-Request packet from host 10.10.10.95:3073, id=123, length=161
        User-Name = "ADMIN\\abcd"
        NAS-Port = 0
        Called-Station-Id = "F0-7D-68-8A-93-22:test"
        Calling-Station-Id = "00-1F-C6-ED-69-0A"
        Framed-MTU = 1400
        NAS-Port-Type = Wireless-802.11
        Connect-Info = "CONNECT 11Mbps 802.11b"
        EAP-Message = 0x020200060319
        State = 0x975a06f5bc3366bfb7d7cab1bc58e175
        Message-Authenticator = 0xc3f924d4dc30f4798f394bc40566326b
  Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 1
  modcall[authorize]: module "chap" returns noop for request 1
  modcall[authorize]: module "mschap" returns noop for request 1
  rlm_eap: EAP packet type response id 2 length 6
  rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
  modcall[authorize]: module "eap" returns updated for request 1
radius_xlat:  'ADMIN\\abcd'
rlm_sql (sql): sql_set_user escaped user --> 'ADMIN\\abcd'
radius_xlat:  'SELECT id, wpa, 'Cleartext-Password', passwd, ':=' FROM wifi WHERE wpa = 'ADMIN=5C=5C=5C=5Cabcd' ORDER BY id'
rlm_sql (sql): Reserving sql socket id: 3
radius_xlat:  ''
radius_xlat:  ''
radius_xlat:  ''
rlm_sql (sql): Released sql socket id: 3
  modcall[authorize]: module "sql" returns ok for request 1
rlm_pap: Found existing Auth-Type, not changing it.
  modcall[authorize]: module "pap" returns noop for request 1
modcall: leaving group authorize (returns updated) for request 1
  rad_check_password:  Found Auth-Type EAP
auth: type "EAP"
  Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 1
  rlm_eap: Request found, released from the list
  rlm_eap: EAP NAK
 rlm_eap: EAP-NAK asked for EAP-Type/peap
  rlm_eap: processing type tls
  rlm_eap_tls: Initiate
  rlm_eap_tls: Start returned 1
  modcall[authenticate]: module "eap" returns handled for request 1
modcall: leaving group authenticate (returns handled) for request 1
Sending Access-Challenge of id 123 to 10.10.10.95 port 3073
        EAP-Message = 0x010300061920
        Message-Authenticator = 0x00000000000000000000000000000000
        State = 0xa13447975735b07e9e068d68d5087d5b
Finished request 1
Going to the next request
Waking up in 6 seconds...
rad_recv: Access-Request packet from host 10.10.10.95:3073, id=124, length=274
        User-Name = "ADMIN\\abcd"
        NAS-Port = 0
        Called-Station-Id = "F0-7D-68-8A-93-22:test"
        Calling-Station-Id = "00-1F-C6-ED-69-0A"
        Framed-MTU = 1400
        NAS-Port-Type = Wireless-802.11
        Connect-Info = "CONNECT 11Mbps 802.11b"
        EAP-Message = 0x0203007719800000006d16030100680100006403014da884e73daf7183c0276f86af1d984b8a409c73bf1a41a554fd3ea9db9e4b33000018002f00350005000ac013c014c009c00a0032003800130004010000230000000f000d00000a61646d696e5c61626364000a0006000400170018000b00020100
        State = 0xa13447975735b07e9e068d68d5087d5b
        Message-Authenticator = 0x8eaa6be8d6be8160413053aea89970c6
  Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 2
  modcall[authorize]: module "chap" returns noop for request 2
  modcall[authorize]: module "mschap" returns noop for request 2
  rlm_eap: EAP packet type response id 3 length 119
  rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
  modcall[authorize]: module "eap" returns updated for request 2
radius_xlat:  'ADMIN\\abcd'
rlm_sql (sql): sql_set_user escaped user --> 'ADMIN\\abcd'
radius_xlat:  'SELECT id, wpa, 'Cleartext-Password', passwd, ':=' FROM wifi WHERE wpa = 'ADMIN=5C=5C=5C=5Cabcd' ORDER BY id'
rlm_sql (sql): Reserving sql socket id: 2
radius_xlat:  ''
radius_xlat:  ''
radius_xlat:  ''
rlm_sql (sql): Released sql socket id: 2
  modcall[authorize]: module "sql" returns ok for request 2
rlm_pap: Found existing Auth-Type, not changing it.
  modcall[authorize]: module "pap" returns noop for request 2
modcall: leaving group authorize (returns updated) for request 2
  rad_check_password:  Found Auth-Type EAP
auth: type "EAP"
  Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 2
  rlm_eap: Request found, released from the list
  rlm_eap: EAP/peap
  rlm_eap: processing type peap
  rlm_eap_peap: Authenticate
  rlm_eap_tls: processing TLS
rlm_eap_tls:  Length Included
  eaptls_verify returned 11
    (other): before/accept initialization
    TLS_accept: before/accept initialization
  rlm_eap_tls: <<< TLS 1.0 Handshake [length 0068], ClientHello
    TLS_accept: SSLv3 read client hello A
  rlm_eap_tls: >>> TLS 1.0 Handshake [length 004a], ServerHello
    TLS_accept: SSLv3 write server hello A
  rlm_eap_tls: >>> TLS 1.0 Handshake [length 0694], Certificate
    TLS_accept: SSLv3 write certificate A
  rlm_eap_tls: >>> TLS 1.0 Handshake [length 0004], ServerHelloDone
    TLS_accept: SSLv3 write server done A
    TLS_accept: SSLv3 flush data
    TLS_accept: Need to read more data: SSLv3 read client certificate A
In SSL Handshake Phase
In SSL Accept mode
  eaptls_process returned 13
  rlm_eap_peap: EAPTLS_HANDLED
  modcall[authenticate]: module "eap" returns handled for request 2
modcall: leaving group authenticate (returns handled) for request 2
Sending Access-Challenge of id 124 to 10.10.10.95 port 3073
        EAP-Message = 0x0104040a19c0000006f1160301004a0200004603014da8d945ee628dd68d63c983e97f8b97f83b907fbc453a6267daaff51b519c0220fbab7f073285d7465cacbc0c5e4c726f7f89e576013bc016f3a31ffe4c6c2a0c002f0016030106940b00069000068d0002cd308202c930820232a003020102020102300d06092a864886f70d010104050030819f310b30090603550406130243413111300f0603550408130850726f76696e63653112301006035504071309536f6d65204369747931153013060355040a130c4f7267616e697a6174696f6e31123010060355040b13096c6f63616c686f7374311b301906035504031312436c69656e74206365
        EAP-Message = 0x7274696669636174653121301f06092a864886f70d0109011612636c69656e74406578616d706c652e636f6d301e170d3034303132353133323631305a170d3035303132343133323631305a30819b310b30090603550406130243413111300f0603550408130850726f76696e63653112301006035504071309536f6d65204369747931153013060355040a130c4f7267616e697a6174696f6e31123010060355040b13096c6f63616c686f73743119301706035504031310526f6f74206365727469666963617465311f301d06092a864886f70d0109011610726f6f74406578616d706c652e636f6d30819f300d06092a864886f70d010101050003
        EAP-Message = 0x818d0030818902818100dac525422bfedb082629a2cba44b3449c90d0ab462fb72c8434a782098863d7eb7d7e70028c2b7ad555a51cc756cf4fa1d7091615ab450d5289553ae6616aff014a55085d6b8fb4aee98638e426175cdd36c665c63cda177d34920eb30585edc8773999c2980f81ad4638bbbea1c82d054023db7ef24a3ec1c3f6241a903d7f30203010001a317301530130603551d25040c300a06082b06010505070301300d06092a864886f70d0101040500038181007a2d921b1cf13bf2982a9178ec9ede6d88edc178a2e8bd40a0a06fb6f0769957884cd7084537083496fd184165293f583c8e8240eb68e042c94b15752e4c07e80d09
        EAP-Message = 0x779afa3dd55c24fa54ac292d77205d1c2477ed30d59f57caf9bd21ff2a8d16cc0911c50e4f295763fcb60efa3c3d2d0e43850f6e6fbe284902f6e83503650003ba308203b63082031fa003020102020100300d06092a864886f70d010104050030819f310b30090603550406130243413111300f0603550408130850726f76696e63653112301006035504071309536f6d65204369747931153013060355040a130c4f7267616e697a6174696f6e31123010060355040b13096c6f63616c686f7374311b301906035504031312436c69656e742063657274696669636174653121301f06092a864886f70d0109011612636c69656e74406578616d706c
        EAP-Message = 0x652e636f6d301e170d3034303132353133323630375a
        Message-Authenticator = 0x00000000000000000000000000000000
        State = 0x5aad5611def20bfa66a54fa50b0dd0f9
Finished request 2
Going to the next request
Waking up in 6 seconds...
rad_recv: Access-Request packet from host 10.10.10.95:3073, id=125, length=161
        User-Name = "ADMIN\\abcd"
        NAS-Port = 0
        Called-Station-Id = "F0-7D-68-8A-93-22:test"
        Calling-Station-Id = "00-1F-C6-ED-69-0A"
        Framed-MTU = 1400
        NAS-Port-Type = Wireless-802.11
        Connect-Info = "CONNECT 11Mbps 802.11b"
        EAP-Message = 0x020400061900
        State = 0x5aad5611def20bfa66a54fa50b0dd0f9
        Message-Authenticator = 0xa099e2b28e78f63bde71de00eb4cff82
  Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 3
  modcall[authorize]: module "chap" returns noop for request 3
  modcall[authorize]: module "mschap" returns noop for request 3
  rlm_eap: EAP packet type response id 4 length 6
  rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
  modcall[authorize]: module "eap" returns updated for request 3
radius_xlat:  'ADMIN\\abcd'
rlm_sql (sql): sql_set_user escaped user --> 'ADMIN\\abcd'
radius_xlat:  'SELECT id, wpa, 'Cleartext-Password', passwd, ':=' FROM wifi WHERE wpa = 'ADMIN=5C=5C=5C=5Cabcd' ORDER BY id'
rlm_sql (sql): Reserving sql socket id: 1
radius_xlat:  ''
radius_xlat:  ''
radius_xlat:  ''
rlm_sql (sql): Released sql socket id: 1
  modcall[authorize]: module "sql" returns ok for request 3
rlm_pap: Found existing Auth-Type, not changing it.
  modcall[authorize]: module "pap" returns noop for request 3
modcall: leaving group authorize (returns updated) for request 3
  rad_check_password:  Found Auth-Type EAP
auth: type "EAP"
  Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 3
  rlm_eap: Request found, released from the list
  rlm_eap: EAP/peap
  rlm_eap: processing type peap
  rlm_eap_peap: Authenticate
  rlm_eap_tls: processing TLS
rlm_eap_tls: Received EAP-TLS ACK message
  rlm_eap_tls: ack handshake fragment handler
  eaptls_verify returned 1
  eaptls_process returned 13
  rlm_eap_peap: EAPTLS_HANDLED
  modcall[authenticate]: module "eap" returns handled for request 3
modcall: leaving group authenticate (returns handled) for request 3
Sending Access-Challenge of id 125 to 10.10.10.95 port 3073
        EAP-Message = 0x010502f71900170d3036303132343133323630375a30819f310b30090603550406130243413111300f0603550408130850726f76696e63653112301006035504071309536f6d65204369747931153013060355040a130c4f7267616e697a6174696f6e31123010060355040b13096c6f63616c686f7374311b301906035504031312436c69656e742063657274696669636174653121301f06092a864886f70d0109011612636c69656e74406578616d706c652e636f6d30819f300d06092a864886f70d010101050003818d0030818902818100d4c5b19724f164acf1ffb189db1c8fbff4f14396ea7cb1e90f78d69451725377895dfe52ccb99b41e8
        EAP-Message = 0x0ddeb58b127a943f4f58cbc562878192fbdc6fece9f871e7c130d35cf5188817e9b133249edd2a1c75d31043ae87553cec7a77ef26aa7d74281db9b77e17c6446c5dd9b188b43250ca0229963722a123a726b00b4027fd0203010001a381ff3081fc301d0603551d0e0416041468d36d3e1ee7bc9d5a057021c363da1365d1ade33081cc0603551d230481c43081c1801468d36d3e1ee7bc9d5a057021c363da1365d1ade3a181a5a481a230819f310b30090603550406130243413111300f0603550408130850726f76696e63653112301006035504071309536f6d65204369747931153013060355040a130c4f7267616e697a6174696f6e31123010
        EAP-Message = 0x060355040b13096c6f63616c686f7374311b301906035504031312436c69656e742063657274696669636174653121301f06092a864886f70d0109011612636c69656e74406578616d706c652e636f6d820100300c0603551d13040530030101ff300d06092a864886f70d01010405000381810033c00b66b1e579ef73a06798252dab8d5e5511fc00fd276d80d12f834777c6743fdc2743fca1507704e4bc0979e4f60ac3ad9ee83e6f347369229d1f77229ba2e982359da563024a00163dba6d6c986c0bad28af85132ff8f0d76501bf1b7c2dff658ce1e62c01997b6e64e3e8d4373354ce9912847651539063b85bbc5485c516030100040e000000
        Message-Authenticator = 0x00000000000000000000000000000000
        State = 0xd161ab60c0fa85ae941afe521a379386
Finished request 3
Going to the next request
--- Walking the entire request list ---
Waking up in 5 seconds...
rad_recv: Access-Request packet from host 10.10.10.95:3073, id=126, length=363
        User-Name = "ADMIN\\abcd"
        NAS-Port = 0
        Called-Station-Id = "F0-7D-68-8A-93-22:test"
        Calling-Station-Id = "00-1F-C6-ED-69-0A"
        Framed-MTU = 1400
        NAS-Port-Type = Wireless-802.11
        Connect-Info = "CONNECT 11Mbps 802.11b"
        EAP-Message = 0x020500d01980000000c61603010086100000820080954d9bca05be95660fc44f8ca70fa5fc23a33b6d1bb010510c2720112f8c7ec91e334db70a0ce074f8c05560eed6e9406a925505af706c100112d7cbcc1d0ae117724f336479b05dd67d4b4d0c58478d29701d243f637f3a8cb235d5fe8f5324ace3cd81bce16c3b421e777a305bb34d30d627ec3cbcdf7d05402cccda1f030a1403010001011603010030c3463e4cbabaeb4dc3ef72db8c47d3e402622b499a8b4da54506a0121c03428357d02380b9afcb56e2ebc4d6f877498a
        State = 0xd161ab60c0fa85ae941afe521a379386
        Message-Authenticator = 0xbda00722b6505334e3ae125692a01f64
  Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 4
  modcall[authorize]: module "chap" returns noop for request 4
  modcall[authorize]: module "mschap" returns noop for request 4
  rlm_eap: EAP packet type response id 5 length 208
  rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
  modcall[authorize]: module "eap" returns updated for request 4
radius_xlat:  'ADMIN\\abcd'
rlm_sql (sql): sql_set_user escaped user --> 'ADMIN\\abcd'
radius_xlat:  'SELECT id, wpa, 'Cleartext-Password', passwd, ':=' FROM wifi WHERE wpa = 'ADMIN=5C=5C=5C=5Cabcd' ORDER BY id'
rlm_sql (sql): Reserving sql socket id: 0
radius_xlat:  ''
radius_xlat:  ''
radius_xlat:  ''
rlm_sql (sql): Released sql socket id: 0
  modcall[authorize]: module "sql" returns ok for request 4
rlm_pap: Found existing Auth-Type, not changing it.
  modcall[authorize]: module "pap" returns noop for request 4
modcall: leaving group authorize (returns updated) for request 4
  rad_check_password:  Found Auth-Type EAP
auth: type "EAP"
  Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 4
  rlm_eap: Request found, released from the list
  rlm_eap: EAP/peap
  rlm_eap: processing type peap
  rlm_eap_peap: Authenticate
  rlm_eap_tls: processing TLS
rlm_eap_tls:  Length Included
  eaptls_verify returned 11
  rlm_eap_tls: <<< TLS 1.0 Handshake [length 0086], ClientKeyExchange
    TLS_accept: SSLv3 read client key exchange A
  rlm_eap_tls: <<< TLS 1.0 ChangeCipherSpec [length 0001]
  rlm_eap_tls: <<< TLS 1.0 Handshake [length 0010], Finished
    TLS_accept: SSLv3 read finished A
  rlm_eap_tls: >>> TLS 1.0 ChangeCipherSpec [length 0001]
    TLS_accept: SSLv3 write change cipher spec A
  rlm_eap_tls: >>> TLS 1.0 Handshake [length 0010], Finished
    TLS_accept: SSLv3 write finished A
    TLS_accept: SSLv3 flush data
    (other): SSL negotiation finished successfully
SSL Connection Established
  eaptls_process returned 13
  rlm_eap_peap: EAPTLS_HANDLED
  modcall[authenticate]: module "eap" returns handled for request 4
modcall: leaving group authenticate (returns handled) for request 4
Sending Access-Challenge of id 126 to 10.10.10.95 port 3073
        EAP-Message = 0x01060041190014030100010116030100301d1ff2c94a6e7768bf34b3feadfc436b56b653e0c4d4fba79b3554e41eff84a7d50908ba5b28bbacc26dbba642dda877
        Message-Authenticator = 0x00000000000000000000000000000000
        State = 0x4802b2bf9ece903ccc1c72e02aec3b21
Finished request 4
Going to the next request
Waking up in 5 seconds...
rad_recv: Access-Request packet from host 10.10.10.95:3073, id=127, length=161
        User-Name = "ADMIN\\abcd"
        NAS-Port = 0
        Called-Station-Id = "F0-7D-68-8A-93-22:test"
        Calling-Station-Id = "00-1F-C6-ED-69-0A"
        Framed-MTU = 1400
        NAS-Port-Type = Wireless-802.11
        Connect-Info = "CONNECT 11Mbps 802.11b"
        EAP-Message = 0x020600061900
        State = 0x4802b2bf9ece903ccc1c72e02aec3b21
        Message-Authenticator = 0xb686ddb72f54cdc3c4a6a4af708d3fbc
  Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 5
  modcall[authorize]: module "chap" returns noop for request 5
  modcall[authorize]: module "mschap" returns noop for request 5
  rlm_eap: EAP packet type response id 6 length 6
  rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
  modcall[authorize]: module "eap" returns updated for request 5
radius_xlat:  'ADMIN\\abcd'
rlm_sql (sql): sql_set_user escaped user --> 'ADMIN\\abcd'
radius_xlat:  'SELECT id, wpa, 'Cleartext-Password', passwd, ':=' FROM wifi WHERE wpa = 'ADMIN=5C=5C=5C=5Cabcd' ORDER BY id'
rlm_sql (sql): Reserving sql socket id: 4
radius_xlat:  ''
radius_xlat:  ''
radius_xlat:  ''
rlm_sql (sql): Released sql socket id: 4
  modcall[authorize]: module "sql" returns ok for request 5
rlm_pap: Found existing Auth-Type, not changing it.
  modcall[authorize]: module "pap" returns noop for request 5
modcall: leaving group authorize (returns updated) for request 5
  rad_check_password:  Found Auth-Type EAP
auth: type "EAP"
  Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 5
  rlm_eap: Request found, released from the list
  rlm_eap: EAP/peap
  rlm_eap: processing type peap
  rlm_eap_peap: Authenticate
  rlm_eap_tls: processing TLS
rlm_eap_tls: Received EAP-TLS ACK message
  rlm_eap_tls: ack handshake is finished
  eaptls_verify returned 3
  eaptls_process returned 3
  rlm_eap_peap: EAPTLS_SUCCESS
  modcall[authenticate]: module "eap" returns handled for request 5
modcall: leaving group authenticate (returns handled) for request 5
Sending Access-Challenge of id 127 to 10.10.10.95 port 3073
        EAP-Message = 0x0107002b19001703010020b10ea400eac6eb0232a6acfd406b543d1619ec3ab3b28cf6096830d96ebbe242
        Message-Authenticator = 0x00000000000000000000000000000000
        State = 0x7096d92f32ce7c2b128be2ee1041ca64
Finished request 5
Going to the next request
Waking up in 5 seconds...
rad_recv: Access-Request packet from host 10.10.10.95:3073, id=128, length=198
        User-Name = "ADMIN\\abcd"
        NAS-Port = 0
        Called-Station-Id = "F0-7D-68-8A-93-22:test"
        Calling-Station-Id = "00-1F-C6-ED-69-0A"
        Framed-MTU = 1400
        NAS-Port-Type = Wireless-802.11
        Connect-Info = "CONNECT 11Mbps 802.11b"
        EAP-Message = 0x0207002b190017030100203abdf733415ae30b1f5bd428e3d4fbd3410ac6adb08ea1d58ab1fd9803ad537a
        State = 0x7096d92f32ce7c2b128be2ee1041ca64
        Message-Authenticator = 0xa120c3454831e4ed02ab77c648849ce8
  Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 6
  modcall[authorize]: module "chap" returns noop for request 6
  modcall[authorize]: module "mschap" returns noop for request 6
  rlm_eap: EAP packet type response id 7 length 43
  rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
  modcall[authorize]: module "eap" returns updated for request 6
radius_xlat:  'ADMIN\\abcd'
rlm_sql (sql): sql_set_user escaped user --> 'ADMIN\\abcd'
radius_xlat:  'SELECT id, wpa, 'Cleartext-Password', passwd, ':=' FROM wifi WHERE wpa = 'ADMIN=5C=5C=5C=5Cabcd' ORDER BY id'
rlm_sql (sql): Reserving sql socket id: 3
radius_xlat:  ''
radius_xlat:  ''
radius_xlat:  ''
rlm_sql (sql): Released sql socket id: 3
  modcall[authorize]: module "sql" returns ok for request 6
rlm_pap: Found existing Auth-Type, not changing it.
  modcall[authorize]: module "pap" returns noop for request 6
modcall: leaving group authorize (returns updated) for request 6
  rad_check_password:  Found Auth-Type EAP
auth: type "EAP"
  Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 6
  rlm_eap: Request found, released from the list
  rlm_eap: EAP/peap
  rlm_eap: processing type peap
  rlm_eap_peap: Authenticate
  rlm_eap_tls: processing TLS
  eaptls_verify returned 7
  rlm_eap_tls: Done initial handshake
  eaptls_process returned 7
  rlm_eap_peap: EAPTLS_OK
  rlm_eap_peap: Session established.  Decoding tunneled attributes.
  rlm_eap_peap: Identity - ADMIN\abcd
  rlm_eap_peap: Tunneled data is valid.
  PEAP: Got tunneled identity of ADMIN\abcd
  PEAP: Setting default EAP type for tunneled EAP session.
  PEAP: Setting User-Name to ADMIN\abcd
  Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 6
  modcall[authorize]: module "chap" returns noop for request 6
  modcall[authorize]: module "mschap" returns noop for request 6
  rlm_eap: EAP packet type response id 7 length 15
  rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
  modcall[authorize]: module "eap" returns updated for request 6
radius_xlat:  'ADMIN\\abcd'
rlm_sql (sql): sql_set_user escaped user --> 'ADMIN\\abcd'
radius_xlat:  'SELECT id, wpa, 'Cleartext-Password', passwd, ':=' FROM wifi WHERE wpa = 'ADMIN=5C=5C=5C=5Cabcd' ORDER BY id'
rlm_sql (sql): Reserving sql socket id: 2
radius_xlat:  ''
radius_xlat:  ''
radius_xlat:  ''
rlm_sql (sql): Released sql socket id: 2
  modcall[authorize]: module "sql" returns ok for request 6
rlm_pap: Found existing Auth-Type, not changing it.
  modcall[authorize]: module "pap" returns noop for request 6
modcall: leaving group authorize (returns updated) for request 6
  rad_check_password:  Found Auth-Type EAP
auth: type "EAP"
  Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 6
  rlm_eap: EAP Identity
  rlm_eap: processing type mschapv2
rlm_eap_mschapv2: Issuing Challenge
  modcall[authenticate]: module "eap" returns handled for request 6
modcall: leaving group authenticate (returns handled) for request 6
  PEAP: Got tunneled Access-Challenge
  modcall[authenticate]: module "eap" returns handled for request 6
modcall: leaving group authenticate (returns handled) for request 6
Sending Access-Challenge of id 128 to 10.10.10.95 port 3073
        EAP-Message = 0x0108004b19001703010040df074fa249148da11e3fe1e6b41a540e94534091a5a2abf209c5efe52180233f502591dee4c544cbeab1d7276056c9827892f7f02ee5beaf80f4be114ab422eb
        Message-Authenticator = 0x00000000000000000000000000000000
        State = 0x4960095e3f209ca9176876e05faa384f
Finished request 6
Going to the next request
Waking up in 5 seconds...
rad_recv: Access-Request packet from host 10.10.10.95:3073, id=129, length=262
        User-Name = "ADMIN\\abcd"
        NAS-Port = 0
        Called-Station-Id = "F0-7D-68-8A-93-22:test"
        Calling-Station-Id = "00-1F-C6-ED-69-0A"
        Framed-MTU = 1400
        NAS-Port-Type = Wireless-802.11
        Connect-Info = "CONNECT 11Mbps 802.11b"
        EAP-Message = 0x0208006b190017030100603a1f342ca9aa63e678551f7536846e209ee9e34e536449ab17cc680ba2527943e83d508cdbe66cdfcde7fe7969246694a9eaa26fc7222015c17173a2cda6a8188c2f87349128111589fc497102d4529b43699dcf482c475a03403a8d52b4d14e
        State = 0x4960095e3f209ca9176876e05faa384f
        Message-Authenticator = 0x34ae1246808f581940ed9b846387804d
  Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 7
  modcall[authorize]: module "chap" returns noop for request 7
  modcall[authorize]: module "mschap" returns noop for request 7
  rlm_eap: EAP packet type response id 8 length 107
  rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
  modcall[authorize]: module "eap" returns updated for request 7
radius_xlat:  'ADMIN\\abcd'
rlm_sql (sql): sql_set_user escaped user --> 'ADMIN\\abcd'
radius_xlat:  'SELECT id, wpa, 'Cleartext-Password', passwd, ':=' FROM wifi WHERE wpa = 'ADMIN=5C=5C=5C=5Cabcd' ORDER BY id'
rlm_sql (sql): Reserving sql socket id: 1
radius_xlat:  ''
radius_xlat:  ''
radius_xlat:  ''
rlm_sql (sql): Released sql socket id: 1
  modcall[authorize]: module "sql" returns ok for request 7
rlm_pap: Found existing Auth-Type, not changing it.
  modcall[authorize]: module "pap" returns noop for request 7
modcall: leaving group authorize (returns updated) for request 7
  rad_check_password:  Found Auth-Type EAP
auth: type "EAP"
  Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 7
  rlm_eap: Request found, released from the list
  rlm_eap: EAP/peap
  rlm_eap: processing type peap
  rlm_eap_peap: Authenticate
  rlm_eap_tls: processing TLS
  eaptls_verify returned 7
  rlm_eap_tls: Done initial handshake
  eaptls_process returned 7
  rlm_eap_peap: EAPTLS_OK
  rlm_eap_peap: Session established.  Decoding tunneled attributes.
  rlm_eap_peap: EAP type mschapv2
  rlm_eap_peap: Tunneled data is valid.
  PEAP: Setting User-Name to ADMIN\abcd
  PEAP: Adding old state with f6 e8
  Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 7
  modcall[authorize]: module "chap" returns noop for request 7
  modcall[authorize]: module "mschap" returns noop for request 7
  rlm_eap: EAP packet type response id 8 length 69
  rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
  modcall[authorize]: module "eap" returns updated for request 7
radius_xlat:  'ADMIN\\abcd'
rlm_sql (sql): sql_set_user escaped user --> 'ADMIN\\abcd'
radius_xlat:  'SELECT id, wpa, 'Cleartext-Password', passwd, ':=' FROM wifi WHERE wpa = 'ADMIN=5C=5C=5C=5Cabcd' ORDER BY id'
rlm_sql (sql): Reserving sql socket id: 0
radius_xlat:  ''
radius_xlat:  ''
radius_xlat:  ''
rlm_sql (sql): Released sql socket id: 0
  modcall[authorize]: module "sql" returns ok for request 7
rlm_pap: Found existing Auth-Type, not changing it.
  modcall[authorize]: module "pap" returns noop for request 7
modcall: leaving group authorize (returns updated) for request 7
  rad_check_password:  Found Auth-Type EAP
auth: type "EAP"
  Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 7
  rlm_eap: Request found, released from the list
  rlm_eap: EAP/mschapv2
  rlm_eap: processing type mschapv2
  Processing the authenticate section of radiusd.conf
modcall: entering group MS-CHAP for request 7
  rlm_mschap: Told to do MS-CHAPv2 for abcd with NT-Password
rlm_mschap: adding MS-CHAPv2 MPPE keys
  modcall[authenticate]: module "mschap" returns ok for request 7
modcall: leaving group MS-CHAP (returns ok) for request 7
MSCHAP Success
  modcall[authenticate]: module "eap" returns handled for request 7
modcall: leaving group authenticate (returns handled) for request 7
  PEAP: Got tunneled Access-Challenge
  modcall[authenticate]: module "eap" returns handled for request 7
modcall: leaving group authenticate (returns handled) for request 7
Sending Access-Challenge of id 129 to 10.10.10.95 port 3073
        EAP-Message = 0x0109005b190017030100503eaafa5c1c8f8442e07470f1dd7b6e7c65cd0cdd0962cc6c9d99c63cb70a5fcf2af30b6a39c2f1aba97d8d574737bb9005df11f399fd6e70287d45fc5b6af6ab6545c50dad4efeebd63ebfc1d11af588
        Message-Authenticator = 0x00000000000000000000000000000000
        State = 0x163d15caafcb5db50c84984fc9fcf85c
Finished request 7
Going to the next request
Waking up in 5 seconds...
rad_recv: Access-Request packet from host 10.10.10.95:3073, id=130, length=198
        User-Name = "ADMIN\\abcd"
        NAS-Port = 0
        Called-Station-Id = "F0-7D-68-8A-93-22:test"
        Calling-Station-Id = "00-1F-C6-ED-69-0A"
        Framed-MTU = 1400
        NAS-Port-Type = Wireless-802.11
        Connect-Info = "CONNECT 11Mbps 802.11b"
        EAP-Message = 0x0209002b1900170301002064af0d9dde32e39ec331a10b21a31cac8dbc150876ae3ee9ca32ef73e1a3842c
        State = 0x163d15caafcb5db50c84984fc9fcf85c
        Message-Authenticator = 0x9092a5dda8776d9d1231c95a6cbcf61c
  Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 8
  modcall[authorize]: module "chap" returns noop for request 8
  modcall[authorize]: module "mschap" returns noop for request 8
  rlm_eap: EAP packet type response id 9 length 43
  rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
  modcall[authorize]: module "eap" returns updated for request 8
radius_xlat:  'ADMIN\\abcd'
rlm_sql (sql): sql_set_user escaped user --> 'ADMIN\\abcd'
radius_xlat:  'SELECT id, wpa, 'Cleartext-Password', passwd, ':=' FROM wifi WHERE wpa = 'ADMIN=5C=5C=5C=5Cabcd' ORDER BY id'
rlm_sql (sql): Reserving sql socket id: 4
radius_xlat:  ''
radius_xlat:  ''
radius_xlat:  ''
rlm_sql (sql): Released sql socket id: 4
  modcall[authorize]: module "sql" returns ok for request 8
rlm_pap: Found existing Auth-Type, not changing it.
  modcall[authorize]: module "pap" returns noop for request 8
modcall: leaving group authorize (returns updated) for request 8
  rad_check_password:  Found Auth-Type EAP
auth: type "EAP"
  Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 8
  rlm_eap: Request found, released from the list
  rlm_eap: EAP/peap
  rlm_eap: processing type peap
  rlm_eap_peap: Authenticate
  rlm_eap_tls: processing TLS
  eaptls_verify returned 7
  rlm_eap_tls: Done initial handshake
  eaptls_process returned 7
  rlm_eap_peap: EAPTLS_OK
  rlm_eap_peap: Session established.  Decoding tunneled attributes.
  rlm_eap_peap: EAP type mschapv2
  rlm_eap_peap: Tunneled data is valid.
  PEAP: Setting User-Name to ADMIN\abcd
  PEAP: Adding old state with d6 20
  Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 8
  modcall[authorize]: module "chap" returns noop for request 8
  modcall[authorize]: module "mschap" returns noop for request 8
  rlm_eap: EAP packet type response id 9 length 6
  rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
  modcall[authorize]: module "eap" returns updated for request 8
radius_xlat:  'ADMIN\\abcd'
rlm_sql (sql): sql_set_user escaped user --> 'ADMIN\\abcd'
radius_xlat:  'SELECT id, wpa, 'Cleartext-Password', passwd, ':=' FROM wifi WHERE wpa = 'ADMIN=5C=5C=5C=5Cabcd' ORDER BY id'
rlm_sql (sql): Reserving sql socket id: 3
radius_xlat:  ''
radius_xlat:  ''
radius_xlat:  ''
rlm_sql (sql): Released sql socket id: 3
  modcall[authorize]: module "sql" returns ok for request 8
rlm_pap: Found existing Auth-Type, not changing it.
  modcall[authorize]: module "pap" returns noop for request 8
modcall: leaving group authorize (returns updated) for request 8
  rad_check_password:  Found Auth-Type EAP
auth: type "EAP"
  Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 8
  rlm_eap: Request found, released from the list
  rlm_eap: EAP/mschapv2
  rlm_eap: processing type mschapv2
  rlm_eap: Freeing handler
  modcall[authenticate]: module "eap" returns ok for request 8
modcall: leaving group authenticate (returns ok) for request 8
Login OK: [ADMIN\\abcd/<no User-Password attribute>] (from client localhost port 0)
  Processing the post-auth section of radiusd.conf
modcall: entering group post-auth for request 8
rlm_sql (sql): Processing sql_postauth
radius_xlat:  'ADMIN\\abcd'
rlm_sql (sql): sql_set_user escaped user --> 'ADMIN\\abcd'
  modcall[post-auth]: module "sql" returns noop for request 8
modcall: leaving group post-auth (returns noop) for request 8
  PEAP: Tunneled authentication was successful.
  rlm_eap_peap: SUCCESS
  modcall[authenticate]: module "eap" returns handled for request 8
modcall: leaving group authenticate (returns handled) for request 8
Sending Access-Challenge of id 130 to 10.10.10.95 port 3073
        EAP-Message = 0x010a002b1900170301002087b595330c8026fc4df49e87d7a7ab3ceecbc45959669bc534290c17927b0590
        Message-Authenticator = 0x00000000000000000000000000000000
        State = 0x532ffefcfd63750102b45d34998187a4
Finished request 8
Going to the next request
Waking up in 5 seconds...
rad_recv: Access-Request packet from host 10.10.10.95:3073, id=131, length=198
        User-Name = "ADMIN\\abcd"
        NAS-Port = 0
        Called-Station-Id = "F0-7D-68-8A-93-22:test"
        Calling-Station-Id = "00-1F-C6-ED-69-0A"
        Framed-MTU = 1400
        NAS-Port-Type = Wireless-802.11
        Connect-Info = "CONNECT 11Mbps 802.11b"
        EAP-Message = 0x020a002b19001703010020f534d320387e424cbe5b7534b9b61d3d9725d0d6522bbf36fd0e020c7f7ba04a
        State = 0x532ffefcfd63750102b45d34998187a4
        Message-Authenticator = 0xa648790739e06200fde17f765b373643
  Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 9
  modcall[authorize]: module "chap" returns noop for request 9
  modcall[authorize]: module "mschap" returns noop for request 9
  rlm_eap: EAP packet type response id 10 length 43
  rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
  modcall[authorize]: module "eap" returns updated for request 9
radius_xlat:  'ADMIN\\abcd'
rlm_sql (sql): sql_set_user escaped user --> 'ADMIN\\abcd'
radius_xlat:  'SELECT id, wpa, 'Cleartext-Password', passwd, ':=' FROM wifi WHERE wpa = 'ADMIN=5C=5C=5C=5Cabcd' ORDER BY id'
rlm_sql (sql): Reserving sql socket id: 2
radius_xlat:  ''
radius_xlat:  ''
radius_xlat:  ''
rlm_sql (sql): Released sql socket id: 2
  modcall[authorize]: module "sql" returns ok for request 9
rlm_pap: Found existing Auth-Type, not changing it.
  modcall[authorize]: module "pap" returns noop for request 9
modcall: leaving group authorize (returns updated) for request 9
  rad_check_password:  Found Auth-Type EAP
auth: type "EAP"
  Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 9
  rlm_eap: Request found, released from the list
  rlm_eap: EAP/peap
  rlm_eap: processing type peap
  rlm_eap_peap: Authenticate
  rlm_eap_tls: processing TLS
  eaptls_verify returned 7
  rlm_eap_tls: Done initial handshake
  eaptls_process returned 7
  rlm_eap_peap: EAPTLS_OK
  rlm_eap_peap: Session established.  Decoding tunneled attributes.
  rlm_eap_peap: Received EAP-TLV response.
  rlm_eap_peap: Tunneled data is valid.
  rlm_eap_peap: Success
  rlm_eap: Freeing handler
  modcall[authenticate]: module "eap" returns ok for request 9
modcall: leaving group authenticate (returns ok) for request 9
Login OK: [ADMIN\\abcd/<no User-Password attribute>] (from client d300 port 0 cli 00-1F-C6-ED-69-0A)
  Processing the post-auth section of radiusd.conf
modcall: entering group post-auth for request 9
rlm_sql (sql): Processing sql_postauth
radius_xlat:  'ADMIN\\abcd'
rlm_sql (sql): sql_set_user escaped user --> 'ADMIN\\abcd'
  modcall[post-auth]: module "sql" returns noop for request 9
modcall: leaving group post-auth (returns noop) for request 9
Sending Access-Accept of id 131 to 10.10.10.95 port 3073
        MS-MPPE-Recv-Key = 0x55914e939fd029bf3add8eea72da153bbb39284706f4f2dbb343609a81a19cbd
        MS-MPPE-Send-Key = 0x0d92548dc63b2a8f965c649b0ebd5b88fcca3f12dd47a713f7adc8d8091ba66e
        EAP-Message = 0x030a0004
        Message-Authenticator = 0x00000000000000000000000000000000
        User-Name = "ADMIN\\abcd"
Finished request 9
Going to the next request
Waking up in 5 seconds...
--- Walking the entire request list ---
Cleaning up request 0 ID 122 with timestamp 4da8d945
Cleaning up request 1 ID 123 with timestamp 4da8d945
Cleaning up request 2 ID 124 with timestamp 4da8d945
Waking up in 1 seconds...
--- Walking the entire request list ---
Cleaning up request 3 ID 125 with timestamp 4da8d946
Cleaning up request 4 ID 126 with timestamp 4da8d946
Cleaning up request 5 ID 127 with timestamp 4da8d946
Cleaning up request 6 ID 128 with timestamp 4da8d946
Cleaning up request 7 ID 129 with timestamp 4da8d946
Cleaning up request 8 ID 130 with timestamp 4da8d946
Cleaning up request 9 ID 131 with timestamp 4da8d946
Nothing to do.  Sleeping until we see a request.

указываю заведомо ложные данные - не подключает. Указываю верные данные - все нормально. Как так?

[vadim64]

у вас есть

Код: Выделить всё

Sending Access-Accept of id 131 to 10.10.10.95 port 3073

всё равно не работает?

[Гость]

указываю заведомо ложные данные - не подключает. Указываю верные данные - все нормально. Как так?

вроде все правильно, не?
или должна быть какая то другая логика ?

[vadim64]

Гость, ты ему так раскорячил мазги, что он уже забыл что хорошо и что плохо

[Ыть]

так-то оно так, но настораживает это:

Код: Выделить всё

radius_xlat:  'SELECT id, wpa, 'Cleartext-Password', passwd, ':=' FROM wifi WHERE wpa = 'ADMIN=5C=5C=5C=5Cabcd' ORDER BY id'

не может она выбрать такой логин из БД. Если на то пошло - проще было бы sql-регуляркой отсеивасть все включая двойной бэкслеш.
А по части безопасности я вообще сейчас не уверен.

[Гость]

отсеивания именно реалма \\, нужно дальше читать конфиги фрирадиуса и конфигурять, мне лень гуглить

а опция с nt domain hack не отсекает реалм при выборка
она его

не учитывает при создании ответа и проверке хешей md4 итд... там свой алго

тоесть опция с nt domain hack влияет на внутренний алго в фрирадиусе


ну вот как то так..

[Ыть]

Тогда ясно. спасибо за помощь. дальше буду думать сам. Надеюсь сертификацию настрою.
Кстати, прошлый раз эта опция была включени, а реалмов не было. Ну да ладно. Работает и фиг с ней.
Еще раз спасибо.