Dear Fajar,
here is the debug:
=
rad_recv: Access-Request packet from host 10.169.33.11 port 1645, id=242,
length=168
User-Name = user
Framed-MTU = 1400
Called-Station-Id = 0013.1a08.9340
Calling-Station-Id = 001b.7770.9159
Service-Type = Login-User
Message-Authenticator = 0x1b9f8a18ab599eb355a6b95009ad3876
EAP-Message =
0x020c00261900170301001bb38d66eaaca02000d41d031c3b819c732c2073d8ae808cdf61d43a
NAS-Port-Type = Wireless-802.11
NAS-Port = 13495
State = 0xc9003ff4c00c263b902065cf0bcf43fd
NAS-IP-Address = 10.169.33.11
NAS-Identifier = ap
(49) # Executing section authorize from file
/usr/local/etc/raddb/sites-enabled/default
(49) group authorize {
(49) - entering group authorize {...}
(49) [preprocess] = ok
(49) [chap] = noop
(49) [mschap] = noop
(49) [digest] = noop
(49) suffix : No '@' in User-Name = user, looking up realm NULL
(49) suffix : No such realm NULL
(49) [suffix] = noop
(49) eap : EAP packet type response id 12 length 38
(49) eap : Continuing tunnel setup.
(49) [eap] = ok
(49) Found Auth-Type = ?
(49) # Executing group from file /usr/local/etc/raddb/sites-enabled/default
(49) group authenticate {
(49) - entering group authenticate {...}
(49) eap : Request found, released from the list
(49) eap : EAP/peap
(49) eap : processing type peap
(49) peap : processing EAP-TLS
(49) peap : eaptls_verify returned 7
(49) peap : Done initial handshake
(49) peap : eaptls_process returned 7
(49) peap : FR_TLS_OK
(49) peap : Session established. Decoding tunneled attributes.
(49) peap : Peap state send tlv success
(49) peap : Received EAP-TLV response.
(49) peap : Success
(49) peap : Using saved attributes from the original Access-Accept
User-Name = user
(49) eap : Freeing handler
(49) [eap] = ok
(49) Login OK: [user/via Auth-Type = ?] (from client 10.169.33.11/24 port
13495 cli 001b.7770.9159)
(49) # Executing section post-auth from file
/usr/local/etc/raddb/sites-enabled/default
(49) group post-auth {
(49) - entering group post-auth {...}
(49) sql : expand: %{User-Name} - user
(49) sql : sql_set_user escaped user -- 'user'
(49) sql : expand: %{User-Password} -
(49) sql : ... expanding second conditional
(49) sql : expand: %{Chap-Password} -
(49) sql : expand: INSERT INTO radpostauth (username,
pass, reply, authdate) VALUES ( '%{SQL-User-Name}',
'%{%{User-Password}:-%{Chap-Password}}','%{reply:Packet-Type}', '%S')
-INSERT INTO radpostauth (username, pass, reply, authdate)
VALUES ('user', '', 'Access-Accept', '2011-12-14 10:59:49')
rlm_sql (sql) in sql_postauth: query is INSERT INTO radpostauth
(username, pass, reply, authdate) VALUES ('user', '',
'Access-Accept', '2011-12-14 10:59:49')
rlm_sql (sql): Reserved connection (12)
rlm_sql (sql): Released connection (12)
(49) [sql] = ok
(49) sql_log : Processing sql_log_postauth
(49) sql_log : expand: %{User-Name} - user
(49) sql_log : expand: %{%{User-Name}:-DEFAULT} - user
(49) sql_log : sql_set_user escaped user -- 'user'
(49) sql_log : WARNING: Deprecated conditional expansion :-. See man
unlang for details
(49) sql_log : ... expanding second conditional
(49) sql_log : expand: Chap-Password - Chap-Password
(49) sql_log : expand: INSERT INTO radpostauth
(username, pass, reply, authdate) VALUES
('%{User-Name}', '%{User-Password:-Chap-Password}',
'%{reply:Packet-Type}', '%S'); - INSERT INTO radpostauth
(username, pass, reply, authdate) VALUES('user',
'Chap-Password', 'Access-Accept', '2011-12-14 10:59:49');
(49) sql_log : expand: /usr/local/var/log/radius/radacct/sql-relay -
/usr/local/var/log/radius/radacct/sql-relay
(49) [sql_log] = ok
(49) [exec] = noop
(49)policy remove_reply_message_if_eap {
(49) - entering policy remove_reply_message_if_eap {...}
(49)? if (reply:EAP-Message reply:Reply-Message)
(49) ? Evaluating (reply:EAP-Message ) - TRUE
(49) ? Evaluating (reply:Reply-Message) - FALSE
(49)? if (reply:EAP-Message reply:Reply-Message) - FALSE
(49) else else {
(49)- entering else else {...}
(49) [noop] = noop
(49)- else else returns noop
(49) - policy remove_reply_message_if_eap returns noop
Sending Access-Accept of id 242 to 10.169.33.11 port 1645
User-Name = user
MS-MPPE-Recv-Key =
0xffb3f4f01af8ea5b71cfe309205a5436aad8c57caf0cf40d6b37fbd193df34f6
MS-MPPE-Send-Key =
0x500ebf88f7a74a9095d357c31ac48010e62b655ebd53573d2d418a1e1332c732
EAP-Message = 0x030c0004
Message-Authenticator = 0x
(49) Finished request 49.
Waking up in 0.1 seconds.
rad_recv: Accounting-Request packet from host 10.169.33.11 port 1646, id=204,