My "radiusd -X" output while connecting:
rad_recv: Access-Request packet from host xx.xx.xx.79 port 50925, id=93,
length=138
User-Name = "test"
NAS-Port-Type = Virtual
Service-Type = Framed-User
NAS-Port = 61
NAS-Port-Id = "ios"
NAS-IP-Address = xx.xx.xx.79
Called-Station-Id = "xx.xx.xx.79[4500]"
Calling-Station-Id = "xx.xx.xx.150[29608]"
EAP-Message = 0x02000009016a646f65
NAS-Identifier = "strongSwan"
Message-Authenticator = 0x2e5a4bc6ce78809a66e6cfb5172715f7
# Executing section authorize from file /etc/raddb/sites-enabled/default
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
++[digest] returns noop
[suffix] No '@' in User-Name = "test", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] EAP packet type response id 0 length 9
[eap] No EAP Start, assuming it's an on-going EAP conversation
++[eap] returns updated
++[files] returns noop
[ldap] performing user authorization for test
[ldap] expand: (&(uid=%u)) -> (&(uid=test))
[ldap] expand: ou=People,dc=company,dc=com -> ou=People,dc=company,dc=com
[ldap] ldap_get_conn: Checking Id: 0
[ldap] ldap_get_conn: Got Id: 0
[ldap] attempting LDAP reconnection
[ldap] (re)connect to xx.xx.xx.126:389, authentication 0
[ldap] bind as cn=Manager,dc=company,dc=com/secret to xx.xx.xx.126:389
[ldap] waiting for bind result ...
[ldap] Bind was successful
[ldap] performing search in ou=People,dc=company,dc=com, with filter
(&(uid=test))
[ldap] looking for check items in directory...
[ldap] userPassword -> User-Password == "password"
[ldap] userPassword -> Password-With-Header == "password"
[ldap] sambaNtPassword -> NT-Password ==
0x3842423544393331433146303430343833393537393933353042383233443243
[ldap] looking for reply items in directory...
[ldap] user test authorized to use remote access
[ldap] ldap_release_conn: Release Id: 0
++[ldap] returns ok
++[expiration] returns noop
++[logintime] returns noop
[pap] Config already contains "known good" password. Ignoring
Password-With-Header
[pap] Normalizing NT-Password from hex encoding
[pap] WARNING: Auth-Type already set. Not setting to PAP
++[pap] returns noop
Found Auth-Type = EAP
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!! Replacing User-Password in config items with Cleartext-Password. !!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!! Please update your configuration so that the "known good" !!!
!!! clear text password is in Cleartext-Password, and not in User-Password. !!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
# Executing group from file /etc/raddb/sites-enabled/default
+- entering group authenticate {...}
[eap] EAP Identity
[eap] processing type md5
rlm_eap_md5: Issuing Challenge
++[eap] returns handled
Sending Access-Challenge of id 93 to xx.xx.xx.79 port 50925
EAP-Message = 0x010100160410520b942adc4ff97397fce57a6fcc6a52
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xd8886590d88961e0e9b66439bb75efe5
Finished request 0.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host xx.xx.xx.79 port 50925, id=94,
length=169
User-Name = "test"
NAS-Port-Type = Virtual
Service-Type = Framed-User
NAS-Port = 61
NAS-Port-Id = "ios"
NAS-IP-Address = xx.xx.xx.79
Called-Station-Id = "xx.xx.xx.79[4500]"
Calling-Station-Id = "xx.xx.xx.150[29608]"
EAP-Message = 0x02010016041078bdd69581375d6fba33bd1624ef7b1c
NAS-Identifier = "strongSwan"
State = 0xd8886590d88961e0e9b66439bb75efe5
Message-Authenticator = 0x4fb645215cd481fd17a5ff8af9c0ac8c
# Executing section authorize from file /etc/raddb/sites-enabled/default
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
++[digest] returns noop
[suffix] No '@' in User-Name = "test", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] EAP packet type response id 1 length 22
[eap] No EAP Start, assuming it's an on-going EAP conversation
++[eap] returns updated
++[files] returns noop
[ldap] performing user authorization for test
[ldap] expand: (&(uid=%u)) -> (&(uid=test))
[ldap] expand: ou=People,dc=company,dc=com -> ou=People,dc=company,dc=com
[ldap] ldap_get_conn: Checking Id: 0
[ldap] ldap_get_conn: Got Id: 0
[ldap] performing search in ou=People,dc=company,dc=com, with filter
(&(uid=test))
[ldap] looking for check items in directory...
[ldap] userPassword -> User-Password == "password"
[ldap] userPassword -> Password-With-Header == "password"
[ldap] sambaNtPassword -> NT-Password ==
0x3842423544393331433146303430343833393537393933353042383233443243
[ldap] looking for reply items in directory...
[ldap] user test authorized to use remote access
[ldap] ldap_release_conn: Release Id: 0
++[ldap] returns ok
++[expiration] returns noop
++[logintime] returns noop
[pap] Config already contains "known good" password. Ignoring
Password-With-Header
[pap] Normalizing NT-Password from hex encoding
[pap] WARNING: Auth-Type already set. Not setting to PAP
++[pap] returns noop
Found Auth-Type = EAP
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!! Replacing User-Password in config items with Cleartext-Password. !!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!! Please update your configuration so that the "known good" !!!
!!! clear text password is in Cleartext-Password, and not in User-Password. !!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
# Executing group from file /etc/raddb/sites-enabled/default
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/md5
[eap] processing type md5
[eap] Freeing handler
++[eap] returns ok
Login OK: [test] (from client localhost port 61 cli xx.xx.xx.150[29608])
# Executing section post-auth from file /etc/raddb/sites-enabled/default
+- entering group post-auth {...}
++[exec] returns noop
Sending Access-Accept of id 94 to xx.xx.xx.79 port 50925
EAP-Message = 0x03010004
Message-Authenticator = 0x00000000000000000000000000000000
User-Name = "test"
Finished request 1.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Accounting-Request packet from host xx.xx.xx.79 port 48595, id=95,
length=136
Acct-Status-Type = Start
Acct-Session-Id = "1380824273-61"
NAS-Port-Type = Virtual
Service-Type = Framed-User
NAS-Port = 61
NAS-Port-Id = "ios"
NAS-IP-Address = xx.xx.xx.79
Called-Station-Id = "xx.xx.xx.79[4500]"
Calling-Station-Id = "xx.xx.xx.150[29608]"
User-Name = "test"
Framed-IP-Address = xx.xx.xx.1
NAS-Identifier = "strongSwan"
# Executing section preacct from file /etc/raddb/sites-enabled/default
+- entering group preacct {...}
++[preprocess] returns ok
[acct_unique] Hashing 'NAS-Port = 61,Client-IP-Address =
xx.xx.xx.79,NAS-IP-Address = xx.xx.xx.79,Acct-Session-Id =
"1380824273-61",User-Name = "test"'
[acct_unique] Acct-Unique-Session-ID = "145df3492fbbdbec".
++[acct_unique] returns ok
[suffix] No '@' in User-Name = "test", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
++[files] returns noop
# Executing section accounting from file /etc/raddb/sites-enabled/default
+- entering group accounting {...}
[detail] expand: %{Packet-Src-IP-Address} -> xx.xx.xx.79
[detail] expand:
/var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/detail-%Y%m%d
-> /var/log/radius/radacct/xx.xx.xx.79/detail-20131003
[detail]
/var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/detail-%Y%m%d
expands to /var/log/radius/radacct/xx.xx.xx.79/detail-20131003
[detail] expand: %t -> Thu Oct 3 21:45:27 2013
++[detail] returns ok
++[unix] returns ok
[radutmp] expand: /var/log/radius/radutmp -> /var/log/radius/radutmp
[radutmp] expand: %{User-Name} -> test
++[radutmp] returns ok
++[exec] returns noop
[attr_filter.accounting_response] expand: %{User-Name} -> test
attr_filter: Matched entry DEFAULT at line 12
++[attr_filter.accounting_response] returns updated
Sending Accounting-Response of id 95 to xx.xx.xx.79 port 48595
Finished request 2.
Cleaning up request 2 ID 95 with timestamp +9
Going to the next request
Waking up in 4.8 seconds.
Cleaning up request 0 ID 93 with timestamp +9
Cleaning up request 1 ID 94 with timestamp +9
Ready to process requests.
-----Original Message-----
From: freeradius-users-bounces+cpetty=company....@lists.freeradius.org
[mailto:freeradius-users-bounces+cpetty=company....@lists.freeradius.org] On
Behalf Of a.l.m.bu...@lboro.ac.uk
Sent: Thursday, October 03, 2013 2:17 PM
To: FreeRadius users mailing list
Subject: Re: radwho not working
Hi,
> I am not blaming, I am just wanting to get the radwho command to work. I
> have now turned on accounting info to be sent from the StrongSwan server to
> the FreeRadius server. For I can see the accounting info in
> /var/log/radius/radacct/<IP_Address>/detail-20131003 file. However I am
> still getting the same results with the radwho command, showing just the
> titles, with no connections?
same reponse - output of "radiusd -X" please
alan
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
